./PaxHeaders.13173/sssd-1.11.50000644000000000000000000000013212320753521013626 xustar000000000000000030 mtime=1396954961.796874846 30 atime=1396955003.533843848 30 ctime=1396954961.796874846 sssd-1.11.5/0000775002412700241270000000000012320753521013775 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/PaxHeaders.13173/config.h.in0000644000000000000000000000007412320753506015601 xustar000000000000000030 atime=1396954960.487875812 30 ctime=1396954961.355875171 sssd-1.11.5/config.h.in0000664002412700241270000004150612320753506016031 0ustar00jhrozekjhrozek00000000000000/* config.h.in. Generated from configure.ac by autoheader. */ /* Absolute path to the build directory */ #undef ABS_BUILD_DIR /* Path to the 3rd party modules */ #undef APP_MODULES_PATH /* whether to build with AUTOFS support */ #undef BUILD_AUTOFS /* whether to build with SSH support */ #undef BUILD_SSH /* whether to build with SUDO support */ #undef BUILD_SUDO /* Path to the SSSD data provider plugins */ #undef DATA_PROVIDER_PLUGINS_PATH /* Path to the SSSD databases */ #undef DB_PATH /* The default value of krb5_ccachedir */ #undef DEFAULT_CCACHE_DIR /* The default value of krb5_ccname_template */ #undef DEFAULT_CCNAME_TEMPLATE /* Distro version number */ #undef DISTRO_VERSION /* Define to 1 if translation of program messages to the user's native language is requested. */ #undef ENABLE_NLS /* Does c-ares have ares_free_data()? */ #undef HAVE_ARES_DATA /* Define to 1 if you have the header file. */ #undef HAVE_ARES_H /* Define to 1 if you have the header file. */ #undef HAVE_BYTESWAP_H /* Define to 1 if you have the header file. */ #undef HAVE_CHECK_H /* Define if dbus_watch_get_unix_fd exists */ #undef HAVE_DBUS_WATCH_GET_UNIX_FD /* Define if the GNU dcgettext() function is already present or preinstalled. */ #undef HAVE_DCGETTEXT /* Define to 1 if you have the declaration of `cygwin_conv_path', and to 0 if you don't. */ #undef HAVE_DECL_CYGWIN_CONV_PATH /* Define to 1 if you have the declaration of `PyModule_AddIntMacro', and to 0 if you don't. */ #undef HAVE_DECL_PYMODULE_ADDINTMACRO /* Define to 1 if you have the declaration of `PySet_Check', and to 0 if you don't. */ #undef HAVE_DECL_PYSET_CHECK /* Define to 1 if you have the declaration of `PyUnicode_FromString', and to 0 if you don't. */ #undef HAVE_DECL_PYUNICODE_FROMSTRING /* Define if you have the GNU dld library. */ #undef HAVE_DLD /* Define to 1 if you have the `dlerror' function. */ #undef HAVE_DLERROR /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H /* Define if you have the _dyld_func_lookup function. */ #undef HAVE_DYLD /* Define to 1 if you have the header file. */ #undef HAVE_ENDIAN_H /* Define to 1 if the system has the type `errno_t'. */ #undef HAVE_ERRNO_T /* whether compiler supports __attribute__((destructor)) */ #undef HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR /* whether compiler supports __attribute__((format)) */ #undef HAVE_FUNCTION_ATTRIBUTE_FORMAT /* Define to 1 if you have the `futimens' function. */ #undef HAVE_FUTIMENS /* Define to 1 if you have the `getpgrp' function. */ #undef HAVE_GETPGRP /* Define if the GNU gettext() function is already present or preinstalled. */ #undef HAVE_GETTEXT /* Using glib2 for unicode */ #undef HAVE_GLIB2 /* Define if g_utf8_validate exists */ #undef HAVE_G_UTF8_VALIDATE /* Define if you have the iconv() function. */ #undef HAVE_ICONV /* Inotify works */ #undef HAVE_INOTIFY /* Define to 1 if the system has the type `intptr_t'. */ #undef HAVE_INTPTR_T /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_KEYUTILS_H /* Define to 1 if you have the `krb5_cc_cache_match' function. */ #undef HAVE_KRB5_CC_CACHE_MATCH /* Define to 1 if you have the `krb5_cc_get_full_name' function. */ #undef HAVE_KRB5_CC_GET_FULL_NAME /* Define to 1 if you have the `krb5_find_authdata' function. */ #undef HAVE_KRB5_FIND_AUTHDATA /* Define to 1 if you have the `krb5_free_keytab_entry_contents' function. */ #undef HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS /* Define to 1 if you have the `krb5_free_unparsed_name' function. */ #undef HAVE_KRB5_FREE_UNPARSED_NAME /* Define to 1 if you have the `krb5_get_error_message' function. */ #undef HAVE_KRB5_GET_ERROR_MESSAGE /* Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function. */ #undef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC /* Define to 1 if you have the `krb5_get_init_creds_opt_set_canonicalize' function. */ #undef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE /* Define to 1 if you have the `krb5_get_init_creds_opt_set_change_password_prompt' function. */ #undef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT /* Define to 1 if you have the `krb5_get_init_creds_opt_set_expire_callback' function. */ #undef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_EXPIRE_CALLBACK /* Define to 1 if you have the `krb5_get_init_creds_opt_set_fast_ccache_name' function. */ #undef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_CCACHE_NAME /* Define to 1 if you have the `krb5_get_init_creds_opt_set_fast_flags' function. */ #undef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_FLAGS /* Define to 1 if you have the `krb5_get_init_creds_opt_set_responder' function. */ #undef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_RESPONDER /* Define to 1 if you have the `krb5_get_time_offsets' function. */ #undef HAVE_KRB5_GET_TIME_OFFSETS /* Define to 1 if you have the header file. */ #undef HAVE_KRB5_H /* Define to 1 if you have the header file. */ #undef HAVE_KRB5_KRB5_H /* Define to 1 if you have the `krb5_kt_free_entry' function. */ #undef HAVE_KRB5_KT_FREE_ENTRY /* Build with krb5 locator plugin */ #undef HAVE_KRB5_LOCATOR_PLUGIN /* Define to 1 if you have the `krb5_parse_name_flags' function. */ #undef HAVE_KRB5_PARSE_NAME_FLAGS /* Define to 1 if you have the `krb5_principal_get_realm' function. */ #undef HAVE_KRB5_PRINCIPAL_GET_REALM /* Define to 1 if you have the `krb5_princ_realm' function. */ #undef HAVE_KRB5_PRINC_REALM /* Define to 1 if you have the `krb5_set_trace_callback' function. */ #undef HAVE_KRB5_SET_TRACE_CALLBACK /* Define to 1 if the system has the type `krb5_ticket_times'. */ #undef HAVE_KRB5_TICKET_TIMES /* Define to 1 if the system has the type `krb5_times'. */ #undef HAVE_KRB5_TIMES /* Define to 1 if you have the `krb5_timestamp_to_sfstring' function. */ #undef HAVE_KRB5_TIMESTAMP_TO_SFSTRING /* Define to 1 if the system has the type `krb5_trace_info'. */ #undef HAVE_KRB5_TRACE_INFO /* Define to 1 if you have the `krb5_unparse_name_flags' function. */ #undef HAVE_KRB5_UNPARSE_NAME_FLAGS /* Define if LDAP connection callbacks are available */ #undef HAVE_LDAP_CONNCB /* Define to 1 if you have the `ldap_control_create' function. */ #undef HAVE_LDAP_CONTROL_CREATE /* Define to 1 if you have the `ldap_create_deref_control_value' function. */ #undef HAVE_LDAP_CREATE_DEREF_CONTROL_VALUE /* Define to 1 if you have the `ldap_derefresponse_free' function. */ #undef HAVE_LDAP_DEREFRESPONSE_FREE /* Define to 1 if you have the `ldap_init_fd' function. */ #undef HAVE_LDAP_INIT_FD /* Define to 1 if you have the `ldap_parse_derefresponse_control' function. */ #undef HAVE_LDAP_PARSE_DEREFRESPONSE_CONTROL /* Define to 1 if you have the header file. */ #undef HAVE_LDB_H /* Define to 1 if you have the header file. */ #undef HAVE_LDB_MODULE_H /* Build with libcrypt crypto back end */ #undef HAVE_LIBCRYPTO /* Define if you have the libdl library or equivalent. */ #undef HAVE_LIBDL /* Define if libdlloader will be built on this platform */ #undef HAVE_LIBDLLOADER /* libini_config version lesser than 1.0.0 */ #undef HAVE_LIBINI_CONFIG_V0 /* libini_config version greater than 1.0.0 */ #undef HAVE_LIBINI_CONFIG_V1 /* Build with libnetlink support */ #undef HAVE_LIBNL /* Libnetlink version = 1 */ #undef HAVE_LIBNL1 /* Libnetlink version = 3 */ #undef HAVE_LIBNL3 /* Define if libpcre version is less than 7 */ #undef HAVE_LIBPCRE_LESSER_THAN_7 /* Using libunistring for unicode */ #undef HAVE_LIBUNISTRING /* Define to 1 if the system has the type `long long'. */ #undef HAVE_LONG_LONG /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H /* Define to 1 if you have the header file. */ #undef HAVE_NETLINK_H /* Does libnl have nl_set_passcred? */ #undef HAVE_NL_SET_PASSCRED /* Does libnl have nl_socket_add_membership? */ #undef HAVE_NL_SOCKET_ADD_MEMBERSHIP /* Does libnl have nl_socket_modify_cb? */ #undef HAVE_NL_SOCKET_MODIFY_CB /* Does libnl have nl_socket_set_passcred? */ #undef HAVE_NL_SOCKET_SET_PASSCRED /* flush nscd cache after local domain operations */ #undef HAVE_NSCD /* Build with NSS crypto back end */ #undef HAVE_NSS /* Whether to use the 'realm' directive with nsupdate */ #undef HAVE_NSUPDATE_REALM /* Build with the PAC responder */ #undef HAVE_PAC_RESPONDER /* Define to 1 if you have the header file. */ #undef HAVE_PCRE_H /* Define to 1 if you have the header file. */ #undef HAVE_POPT_H /* Define to 1 if you have the `prctl' function. */ #undef HAVE_PRCTL /* Pthread mutexes available. */ #undef HAVE_PTHREAD /* Define to 1 if you have the `pthread_mutexattr_setrobust' function. */ #undef HAVE_PTHREAD_MUTEXATTR_SETROBUST /* Define to 1 if you have the `pthread_mutexattr_setrobust_np' function. */ #undef HAVE_PTHREAD_MUTEXATTR_SETROBUST_NP /* Define to 1 if you have the `pthread_mutex_consistent' function. */ #undef HAVE_PTHREAD_MUTEX_CONSISTENT /* Define to 1 if you have the `pthread_mutex_consistent_np' function. */ #undef HAVE_PTHREAD_MUTEX_CONSISTENT_NP /* Define to 1 if you have the `PyErr_NewExceptionWithDoc' function. */ #undef HAVE_PYERR_NEWEXCEPTIONWITHDOC /* Define to 1 if you have the `PySet_Add' function. */ #undef HAVE_PYSET_ADD /* Define to 1 if you have the `PySet_New' function. */ #undef HAVE_PYSET_NEW /* Build with python bindings */ #undef HAVE_PYTHON_BINDINGS /* Native Py_ssize_t type */ #undef HAVE_PY_SSIZE_T /* Does libnl have rtnl_route_get_oif? */ #undef HAVE_RTNL_ROUTE_GET_OIF /* Define to 1 if you have the header file. */ #undef HAVE_SASL_SASL_H /* Define to 1 if you have the header file. */ #undef HAVE_SECURITY_PAM_APPL_H /* Define to 1 if you have the header file. */ #undef HAVE_SECURITY_PAM_MISC_H /* Define to 1 if you have the header file. */ #undef HAVE_SECURITY_PAM_MODULES_H /* Build with SELinux support */ #undef HAVE_SELINUX /* The directory to store SELinux user login is available */ #undef HAVE_SELINUX_LOGIN_DIR /* Define to 1 if you have the header file. */ #undef HAVE_SELINUX_SELINUX_H /* Build with SELinux support */ #undef HAVE_SEMANAGE /* Define to 1 if you have the header file. */ #undef HAVE_SEMANAGE_SEMANAGE_H /* Define to 1 if you have the header file. */ #undef HAVE_SETJMP_H /* Define if you have the shl_load function. */ #undef HAVE_SHL_LOAD /* Define to 1 if you have the `sigaction' function. */ #undef HAVE_SIGACTION /* Define to 1 if you have the `sigblock' function. */ #undef HAVE_SIGBLOCK /* Define to 1 if you have the `sigprocmask' function. */ #undef HAVE_SIGPROCMASK /* Define to 1 if you have the header file. */ #undef HAVE_STDARG_H /* Define to 1 if you have the header file. */ #undef HAVE_STDDEF_H /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H /* Define to 1 if the system has the type `struct ares_addr6ttl'. */ #undef HAVE_STRUCT_ARES_ADDR6TTL /* Define to 1 if the system has the type `struct ares_addrttl'. */ #undef HAVE_STRUCT_ARES_ADDRTTL /* Define to 1 if `lc_arg' is a member of `struct ldap_conncb'. */ #undef HAVE_STRUCT_LDAP_CONNCB_LC_ARG /* Define to 1 if `gid' is a member of `struct ucred'. */ #undef HAVE_STRUCT_UCRED_GID /* Define to 1 if `pid' is a member of `struct ucred'. */ #undef HAVE_STRUCT_UCRED_PID /* Define to 1 if `uid' is a member of `struct ucred'. */ #undef HAVE_STRUCT_UCRED_UID /* Define to 1 if you have the header file. */ #undef HAVE_SYS_ENDIAN_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_INOTIFY_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_TDB_H /* Define if struct ucred is available */ #undef HAVE_UCRED /* Define to 1 if you have the header file. */ #undef HAVE_UNICASE_H /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* Define to 1 if you have the header file. */ #undef HAVE_UNISTR_H /* Define to 1 if you have the `utimensat' function. */ #undef HAVE_UTIMENSAT /* KRB5 configuration file */ #undef KRB5_CONF_PATH /* Directory used for storing Kerberos replay caches */ #undef KRB5_RCACHE_DIR /* Where to store log files for the SSSD */ #undef LOG_PATH /* Define to the sub-directory in which libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Where to store mmap cache files for the SSSD interconnects */ #undef MCACHE_PATH /* The shell used to deny access to users */ #undef NOLOGIN_SHELL /* Define to 1 if your C compiler doesn't accept -c and -o together. */ #undef NO_MINUS_C_MINUS_O /* NSCD configuration file */ #undef NSCD_CONF_PATH /* The path to nscd, if available */ #undef NSCD_PATH /* The path to nsupdate */ #undef NSUPDATE_PATH /* Name of package */ #undef PACKAGE /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the home page for this package. */ #undef PACKAGE_URL /* Define to the version of this package. */ #undef PACKAGE_VERSION /* Where to store pid files for the SSSD */ #undef PID_PATH /* Where to store pipe files for the SSSD interconnects */ #undef PIPE_PATH /* Prerelease version number of package */ #undef PRERELEASE_VERSION /* Where to store pubconf files for the SSSD */ #undef PUBCONF_PATH /* The size of `char', as computed by sizeof. */ #undef SIZEOF_CHAR /* The size of `gid_t', as computed by sizeof. */ #undef SIZEOF_GID_T /* The size of `id_t', as computed by sizeof. */ #undef SIZEOF_ID_T /* The size of `int', as computed by sizeof. */ #undef SIZEOF_INT /* The size of `long', as computed by sizeof. */ #undef SIZEOF_LONG /* The size of `long long', as computed by sizeof. */ #undef SIZEOF_LONG_LONG /* The size of `off_t', as computed by sizeof. */ #undef SIZEOF_OFF_T /* The size of `short', as computed by sizeof. */ #undef SIZEOF_SHORT /* The size of `size_t', as computed by sizeof. */ #undef SIZEOF_SIZE_T /* The size of `ssize_t', as computed by sizeof. */ #undef SIZEOF_SSIZE_T /* The size of `uid_t', as computed by sizeof. */ #undef SIZEOF_UID_T /* Define to 1 if you want ldb version check. */ #undef SSS_LDB_VERSION_CHECK /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Directory used for 'make check' temporary files */ #undef TEST_DIR /* Define if the keyring should be used */ #undef USE_KEYRING /* Enable extensions on AIX 3, Interix. */ #ifndef _ALL_SOURCE # undef _ALL_SOURCE #endif /* Enable GNU extensions on systems that have them. */ #ifndef _GNU_SOURCE # undef _GNU_SOURCE #endif /* Enable threading extensions on Solaris. */ #ifndef _POSIX_PTHREAD_SEMANTICS # undef _POSIX_PTHREAD_SEMANTICS #endif /* Enable extensions on HP NonStop. */ #ifndef _TANDEM_SOURCE # undef _TANDEM_SOURCE #endif /* Enable general extensions on Solaris. */ #ifndef __EXTENSIONS__ # undef __EXTENSIONS__ #endif /* Version number of package */ #undef VERSION /* Define to 1 if on MINIX. */ #undef _MINIX /* Define to 2 if the system does not provide POSIX.1 features except with this defined. */ #undef _POSIX_1_SOURCE /* Define to 1 if you need to in order for `stat' and other things to work. */ #undef _POSIX_SOURCE /* Define to `short' if does not define. */ #undef int16_t /* Define to `long' if does not define. */ #undef int32_t /* Define to `long long' if does not define. */ #undef int64_t /* Define to `char' if does not define. */ #undef int8_t /* Define to `long long' if does not define. */ #undef intptr_t /* Define to `unsigned long long' if does not define. */ #undef ptrdiff_t /* Define to `unsigned int' if does not define. */ #undef size_t /* Define to `int' if does not define. */ #undef ssize_t /* Define to `unsigned short' if does not define. */ #undef uint16_t /* Define to `unsigned long' if does not define. */ #undef uint32_t /* Define to `unsigned long long' if does not define. */ #undef uint64_t /* Define to `unsigned char' if does not define. */ #undef uint8_t /* Define to `unsigned int' if does not define. */ #undef uint_t /* Define to `unsigned long long' if does not define. */ #undef uintptr_t sssd-1.11.5/PaxHeaders.13173/build0000644000000000000000000000013012320753521014566 xustar000000000000000029 mtime=1396954961.52087505 30 atime=1396955003.533843848 29 ctime=1396954961.52087505 sssd-1.11.5/build/0000775002412700241270000000000012320753521015074 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/build/PaxHeaders.13173/missing0000644000000000000000000000013112320753507016244 xustar000000000000000030 mtime=1396954951.071882754 30 atime=1396954953.201881185 29 ctime=1396954961.51987505 sssd-1.11.5/build/missing0000755002412700241270000001533112320753507016500 0ustar00jhrozekjhrozek00000000000000#! /bin/sh # Common wrapper for a few potentially missing GNU programs. scriptversion=2012-06-26.16; # UTC # Copyright (C) 1996-2013 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then echo 1>&2 "Try '$0 --help' for more information" exit 1 fi case $1 in --is-lightweight) # Used by our autoconf macros to check whether the available missing # script is modern enough. exit 0 ;; --run) # Back-compat with the calling convention used by older automake. shift ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due to PROGRAM being missing or too old. Options: -h, --help display this help and exit -v, --version output version information and exit Supported PROGRAM values: aclocal autoconf autoheader autom4te automake makeinfo bison yacc flex lex help2man Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and 'g' are ignored when checking the name. Send bug reports to ." exit $? ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) echo "missing $scriptversion (GNU Automake)" exit $? ;; -*) echo 1>&2 "$0: unknown '$1' option" echo 1>&2 "Try '$0 --help' for more information" exit 1 ;; esac # Run the given program, remember its exit status. "$@"; st=$? # If it succeeded, we are done. test $st -eq 0 && exit 0 # Also exit now if we it failed (or wasn't found), and '--version' was # passed; such an option is passed most likely to detect whether the # program is present and works. case $2 in --version|--help) exit $st;; esac # Exit code 63 means version mismatch. This often happens when the user # tries to use an ancient version of a tool on a file that requires a # minimum version. if test $st -eq 63; then msg="probably too old" elif test $st -eq 127; then # Program was missing. msg="missing on your system" else # Program was found and executed, but failed. Give up. exit $st fi perl_URL=http://www.perl.org/ flex_URL=http://flex.sourceforge.net/ gnu_software_URL=http://www.gnu.org/software program_details () { case $1 in aclocal|automake) echo "The '$1' program is part of the GNU Automake package:" echo "<$gnu_software_URL/automake>" echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" echo "<$gnu_software_URL/autoconf>" echo "<$gnu_software_URL/m4/>" echo "<$perl_URL>" ;; autoconf|autom4te|autoheader) echo "The '$1' program is part of the GNU Autoconf package:" echo "<$gnu_software_URL/autoconf/>" echo "It also requires GNU m4 and Perl in order to run:" echo "<$gnu_software_URL/m4/>" echo "<$perl_URL>" ;; esac } give_advice () { # Normalize program name to check for. normalized_program=`echo "$1" | sed ' s/^gnu-//; t s/^gnu//; t s/^g//; t'` printf '%s\n' "'$1' is $msg." configure_deps="'configure.ac' or m4 files included by 'configure.ac'" case $normalized_program in autoconf*) echo "You should only need it if you modified 'configure.ac'," echo "or m4 files included by it." program_details 'autoconf' ;; autoheader*) echo "You should only need it if you modified 'acconfig.h' or" echo "$configure_deps." program_details 'autoheader' ;; automake*) echo "You should only need it if you modified 'Makefile.am' or" echo "$configure_deps." program_details 'automake' ;; aclocal*) echo "You should only need it if you modified 'acinclude.m4' or" echo "$configure_deps." program_details 'aclocal' ;; autom4te*) echo "You might have modified some maintainer files that require" echo "the 'automa4te' program to be rebuilt." program_details 'autom4te' ;; bison*|yacc*) echo "You should only need it if you modified a '.y' file." echo "You may want to install the GNU Bison package:" echo "<$gnu_software_URL/bison/>" ;; lex*|flex*) echo "You should only need it if you modified a '.l' file." echo "You may want to install the Fast Lexical Analyzer package:" echo "<$flex_URL>" ;; help2man*) echo "You should only need it if you modified a dependency" \ "of a man page." echo "You may want to install the GNU Help2man package:" echo "<$gnu_software_URL/help2man/>" ;; makeinfo*) echo "You should only need it if you modified a '.texi' file, or" echo "any other file indirectly affecting the aspect of the manual." echo "You might want to install the Texinfo package:" echo "<$gnu_software_URL/texinfo/>" echo "The spurious makeinfo call might also be the consequence of" echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" echo "want to install GNU make:" echo "<$gnu_software_URL/make/>" ;; *) echo "You might have modified some files without having the proper" echo "tools for further handling them. Check the 'README' file, it" echo "often tells you about the needed prerequisites for installing" echo "this package. You may also peek at any GNU archive site, in" echo "case some other package contains this missing '$1' program." ;; esac } give_advice "$1" | sed -e '1s/^/WARNING: /' \ -e '2,$s/^/ /' >&2 # Propagate the correct exit status (expected to be 127 for a program # not found, 63 for a program that failed due to version mismatch). exit $st # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: sssd-1.11.5/build/PaxHeaders.13173/compile0000644000000000000000000000013212320753507016224 xustar000000000000000030 mtime=1396954951.066882757 30 atime=1396954951.066882757 30 ctime=1396954961.515875053 sssd-1.11.5/build/compile0000755002412700241270000001624512320753507016464 0ustar00jhrozekjhrozek00000000000000#! /bin/sh # Wrapper for compilers which do not understand '-c -o'. scriptversion=2012-10-14.11; # UTC # Copyright (C) 1999-2013 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # This file is maintained in Automake, please report # bugs to or send patches to # . nl=' ' # We need space, tab and new line, in precisely that order. Quoting is # there to prevent tools from complaining about whitespace usage. IFS=" "" $nl" file_conv= # func_file_conv build_file lazy # Convert a $build file to $host form and store it in $file # Currently only supports Windows hosts. If the determined conversion # type is listed in (the comma separated) LAZY, no conversion will # take place. func_file_conv () { file=$1 case $file in / | /[!/]*) # absolute file, and not a UNC file if test -z "$file_conv"; then # lazily determine how to convert abs files case `uname -s` in MINGW*) file_conv=mingw ;; CYGWIN*) file_conv=cygwin ;; *) file_conv=wine ;; esac fi case $file_conv/,$2, in *,$file_conv,*) ;; mingw/*) file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` ;; cygwin/*) file=`cygpath -m "$file" || echo "$file"` ;; wine/*) file=`winepath -w "$file" || echo "$file"` ;; esac ;; esac } # func_cl_dashL linkdir # Make cl look for libraries in LINKDIR func_cl_dashL () { func_file_conv "$1" if test -z "$lib_path"; then lib_path=$file else lib_path="$lib_path;$file" fi linker_opts="$linker_opts -LIBPATH:$file" } # func_cl_dashl library # Do a library search-path lookup for cl func_cl_dashl () { lib=$1 found=no save_IFS=$IFS IFS=';' for dir in $lib_path $LIB do IFS=$save_IFS if $shared && test -f "$dir/$lib.dll.lib"; then found=yes lib=$dir/$lib.dll.lib break fi if test -f "$dir/$lib.lib"; then found=yes lib=$dir/$lib.lib break fi if test -f "$dir/lib$lib.a"; then found=yes lib=$dir/lib$lib.a break fi done IFS=$save_IFS if test "$found" != yes; then lib=$lib.lib fi } # func_cl_wrapper cl arg... # Adjust compile command to suit cl func_cl_wrapper () { # Assume a capable shell lib_path= shared=: linker_opts= for arg do if test -n "$eat"; then eat= else case $1 in -o) # configure might choose to run compile as 'compile cc -o foo foo.c'. eat=1 case $2 in *.o | *.[oO][bB][jJ]) func_file_conv "$2" set x "$@" -Fo"$file" shift ;; *) func_file_conv "$2" set x "$@" -Fe"$file" shift ;; esac ;; -I) eat=1 func_file_conv "$2" mingw set x "$@" -I"$file" shift ;; -I*) func_file_conv "${1#-I}" mingw set x "$@" -I"$file" shift ;; -l) eat=1 func_cl_dashl "$2" set x "$@" "$lib" shift ;; -l*) func_cl_dashl "${1#-l}" set x "$@" "$lib" shift ;; -L) eat=1 func_cl_dashL "$2" ;; -L*) func_cl_dashL "${1#-L}" ;; -static) shared=false ;; -Wl,*) arg=${1#-Wl,} save_ifs="$IFS"; IFS=',' for flag in $arg; do IFS="$save_ifs" linker_opts="$linker_opts $flag" done IFS="$save_ifs" ;; -Xlinker) eat=1 linker_opts="$linker_opts $2" ;; -*) set x "$@" "$1" shift ;; *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) func_file_conv "$1" set x "$@" -Tp"$file" shift ;; *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) func_file_conv "$1" mingw set x "$@" "$file" shift ;; *) set x "$@" "$1" shift ;; esac fi shift done if test -n "$linker_opts"; then linker_opts="-link$linker_opts" fi exec "$@" $linker_opts exit 1 } eat= case $1 in '') echo "$0: No command. Try '$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: compile [--help] [--version] PROGRAM [ARGS] Wrapper for compilers which do not understand '-c -o'. Remove '-o dest.o' from ARGS, run PROGRAM with the remaining arguments, and rename the output as expected. If you are trying to build a whole package this is not the right script to run: please start by reading the file 'INSTALL'. Report bugs to . EOF exit $? ;; -v | --v*) echo "compile $scriptversion" exit $? ;; cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) func_cl_wrapper "$@" # Doesn't return... ;; esac ofile= cfile= for arg do if test -n "$eat"; then eat= else case $1 in -o) # configure might choose to run compile as 'compile cc -o foo foo.c'. # So we strip '-o arg' only if arg is an object. eat=1 case $2 in *.o | *.obj) ofile=$2 ;; *) set x "$@" -o "$2" shift ;; esac ;; *.c) cfile=$1 set x "$@" "$1" shift ;; *) set x "$@" "$1" shift ;; esac fi shift done if test -z "$ofile" || test -z "$cfile"; then # If no '-o' option was seen then we might have been invoked from a # pattern rule where we don't need one. That is ok -- this is a # normal compilation that the losing compiler can handle. If no # '.c' file was seen then we are probably linking. That is also # ok. exec "$@" fi # Name of file we expect compiler to create. cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` # Create the lock directory. # Note: use '[/\\:.-]' here to ensure that we don't use the same name # that we are using for the .o file. Also, base the name on the expected # object file name, since that is what matters with a parallel build. lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d while true; do if mkdir "$lockdir" >/dev/null 2>&1; then break fi sleep 1 done # FIXME: race condition here if user kills between mkdir and trap. trap "rmdir '$lockdir'; exit 1" 1 2 15 # Run the compile. "$@" ret=$? if test -f "$cofile"; then test "$cofile" = "$ofile" || mv "$cofile" "$ofile" elif test -f "${cofile}bj"; then test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" fi rmdir "$lockdir" exit $ret # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: sssd-1.11.5/build/PaxHeaders.13173/depcomp0000644000000000000000000000013112320753507016222 xustar000000000000000030 mtime=1396954951.486882448 29 atime=1396954953.23588116 30 ctime=1396954961.381875152 sssd-1.11.5/build/depcomp0000755002412700241270000005601612320753507016463 0ustar00jhrozekjhrozek00000000000000#! /bin/sh # depcomp - compile a program generating dependencies as side-effects scriptversion=2013-05-30.07; # UTC # Copyright (C) 1999-2013 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Alexandre Oliva . case $1 in '') echo "$0: No command. Try '$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: depcomp [--help] [--version] PROGRAM [ARGS] Run PROGRAMS ARGS to compile a file, generating dependencies as side-effects. Environment variables: depmode Dependency tracking mode. source Source file read by 'PROGRAMS ARGS'. object Object file output by 'PROGRAMS ARGS'. DEPDIR directory where to store dependencies. depfile Dependency file to output. tmpdepfile Temporary file to use when outputting dependencies. libtool Whether libtool is used (yes/no). Report bugs to . EOF exit $? ;; -v | --v*) echo "depcomp $scriptversion" exit $? ;; esac # Get the directory component of the given path, and save it in the # global variables '$dir'. Note that this directory component will # be either empty or ending with a '/' character. This is deliberate. set_dir_from () { case $1 in */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;; *) dir=;; esac } # Get the suffix-stripped basename of the given path, and save it the # global variable '$base'. set_base_from () { base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'` } # If no dependency file was actually created by the compiler invocation, # we still have to create a dummy depfile, to avoid errors with the # Makefile "include basename.Plo" scheme. make_dummy_depfile () { echo "#dummy" > "$depfile" } # Factor out some common post-processing of the generated depfile. # Requires the auxiliary global variable '$tmpdepfile' to be set. aix_post_process_depfile () { # If the compiler actually managed to produce a dependency file, # post-process it. if test -f "$tmpdepfile"; then # Each line is of the form 'foo.o: dependency.h'. # Do two passes, one to just change these to # $object: dependency.h # and one to simply output # dependency.h: # which is needed to avoid the deleted-header problem. { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile" sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile" } > "$depfile" rm -f "$tmpdepfile" else make_dummy_depfile fi } # A tabulation character. tab=' ' # A newline character. nl=' ' # Character ranges might be problematic outside the C locale. # These definitions help. upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ lower=abcdefghijklmnopqrstuvwxyz digits=0123456789 alpha=${upper}${lower} if test -z "$depmode" || test -z "$source" || test -z "$object"; then echo "depcomp: Variables source, object and depmode must be set" 1>&2 exit 1 fi # Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. depfile=${depfile-`echo "$object" | sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} rm -f "$tmpdepfile" # Avoid interferences from the environment. gccflag= dashmflag= # Some modes work just like other modes, but use different flags. We # parameterize here, but still list the modes in the big case below, # to make depend.m4 easier to write. Note that we *cannot* use a case # here, because this file can only contain one case statement. if test "$depmode" = hp; then # HP compiler uses -M and no extra arg. gccflag=-M depmode=gcc fi if test "$depmode" = dashXmstdout; then # This is just like dashmstdout with a different argument. dashmflag=-xM depmode=dashmstdout fi cygpath_u="cygpath -u -f -" if test "$depmode" = msvcmsys; then # This is just like msvisualcpp but w/o cygpath translation. # Just convert the backslash-escaped backslashes to single forward # slashes to satisfy depend.m4 cygpath_u='sed s,\\\\,/,g' depmode=msvisualcpp fi if test "$depmode" = msvc7msys; then # This is just like msvc7 but w/o cygpath translation. # Just convert the backslash-escaped backslashes to single forward # slashes to satisfy depend.m4 cygpath_u='sed s,\\\\,/,g' depmode=msvc7 fi if test "$depmode" = xlc; then # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information. gccflag=-qmakedep=gcc,-MF depmode=gcc fi case "$depmode" in gcc3) ## gcc 3 implements dependency tracking that does exactly what ## we want. Yay! Note: for some reason libtool 1.4 doesn't like ## it if -MD -MP comes after the -MF stuff. Hmm. ## Unfortunately, FreeBSD c89 acceptance of flags depends upon ## the command line argument order; so add the flags where they ## appear in depend2.am. Note that the slowdown incurred here ## affects only configure: in makefiles, %FASTDEP% shortcuts this. for arg do case $arg in -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; *) set fnord "$@" "$arg" ;; esac shift # fnord shift # $arg done "$@" stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi mv "$tmpdepfile" "$depfile" ;; gcc) ## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. ## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. ## (see the conditional assignment to $gccflag above). ## There are various ways to get dependency output from gcc. Here's ## why we pick this rather obscure method: ## - Don't want to use -MD because we'd like the dependencies to end ## up in a subdir. Having to rename by hand is ugly. ## (We might end up doing this anyway to support other compilers.) ## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like ## -MM, not -M (despite what the docs say). Also, it might not be ## supported by the other compilers which use the 'gcc' depmode. ## - Using -M directly means running the compiler twice (even worse ## than renaming). if test -z "$gccflag"; then gccflag=-MD, fi "$@" -Wp,"$gccflag$tmpdepfile" stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" echo "$object : \\" > "$depfile" # The second -e expression handles DOS-style file names with drive # letters. sed -e 's/^[^:]*: / /' \ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" ## This next piece of magic avoids the "deleted header file" problem. ## The problem is that when a header file which appears in a .P file ## is deleted, the dependency causes make to die (because there is ## typically no way to rebuild the header). We avoid this by adding ## dummy dependencies for each header file. Too bad gcc doesn't do ## this for us directly. ## Some versions of gcc put a space before the ':'. On the theory ## that the space means something, we add a space to the output as ## well. hp depmode also adds that space, but also prefixes the VPATH ## to the object. Take care to not repeat it in the output. ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. tr ' ' "$nl" < "$tmpdepfile" \ | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; hp) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; sgi) if test "$libtool" = yes; then "$@" "-Wp,-MDupdate,$tmpdepfile" else "$@" -MDupdate "$tmpdepfile" fi stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files echo "$object : \\" > "$depfile" # Clip off the initial element (the dependent). Don't try to be # clever and replace this with sed code, as IRIX sed won't handle # lines with more than a fixed number of characters (4096 in # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; # the IRIX cc adds comments like '#:fec' to the end of the # dependency line. tr ' ' "$nl" < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \ | tr "$nl" ' ' >> "$depfile" echo >> "$depfile" # The second pass generates a dummy entry for each header file. tr ' ' "$nl" < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ >> "$depfile" else make_dummy_depfile fi rm -f "$tmpdepfile" ;; xlc) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; aix) # The C for AIX Compiler uses -M and outputs the dependencies # in a .u file. In older versions, this file always lives in the # current directory. Also, the AIX compiler puts '$object:' at the # start of each line; $object doesn't have directory information. # Version 6 uses the directory in both cases. set_dir_from "$object" set_base_from "$object" if test "$libtool" = yes; then tmpdepfile1=$dir$base.u tmpdepfile2=$base.u tmpdepfile3=$dir.libs/$base.u "$@" -Wc,-M else tmpdepfile1=$dir$base.u tmpdepfile2=$dir$base.u tmpdepfile3=$dir$base.u "$@" -M fi stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" do test -f "$tmpdepfile" && break done aix_post_process_depfile ;; tcc) # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26 # FIXME: That version still under development at the moment of writing. # Make that this statement remains true also for stable, released # versions. # It will wrap lines (doesn't matter whether long or short) with a # trailing '\', as in: # # foo.o : \ # foo.c \ # foo.h \ # # It will put a trailing '\' even on the last line, and will use leading # spaces rather than leading tabs (at least since its commit 0394caf7 # "Emit spaces for -MD"). "$@" -MD -MF "$tmpdepfile" stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'. # We have to change lines of the first kind to '$object: \'. sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile" # And for each line of the second kind, we have to emit a 'dep.h:' # dummy dependency, to avoid the deleted-header problem. sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile" rm -f "$tmpdepfile" ;; ## The order of this option in the case statement is important, since the ## shell code in configure will try each of these formats in the order ## listed in this file. A plain '-MD' option would be understood by many ## compilers, so we must ensure this comes after the gcc and icc options. pgcc) # Portland's C compiler understands '-MD'. # Will always output deps to 'file.d' where file is the root name of the # source file under compilation, even if file resides in a subdirectory. # The object file name does not affect the name of the '.d' file. # pgcc 10.2 will output # foo.o: sub/foo.c sub/foo.h # and will wrap long lines using '\' : # foo.o: sub/foo.c ... \ # sub/foo.h ... \ # ... set_dir_from "$object" # Use the source, not the object, to determine the base name, since # that's sadly what pgcc will do too. set_base_from "$source" tmpdepfile=$base.d # For projects that build the same source file twice into different object # files, the pgcc approach of using the *source* file root name can cause # problems in parallel builds. Use a locking strategy to avoid stomping on # the same $tmpdepfile. lockdir=$base.d-lock trap " echo '$0: caught signal, cleaning up...' >&2 rmdir '$lockdir' exit 1 " 1 2 13 15 numtries=100 i=$numtries while test $i -gt 0; do # mkdir is a portable test-and-set. if mkdir "$lockdir" 2>/dev/null; then # This process acquired the lock. "$@" -MD stat=$? # Release the lock. rmdir "$lockdir" break else # If the lock is being held by a different process, wait # until the winning process is done or we timeout. while test -d "$lockdir" && test $i -gt 0; do sleep 1 i=`expr $i - 1` done fi i=`expr $i - 1` done trap - 1 2 13 15 if test $i -le 0; then echo "$0: failed to acquire lock after $numtries attempts" >&2 echo "$0: check lockdir '$lockdir'" >&2 exit 1 fi if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" # Each line is of the form `foo.o: dependent.h', # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. # Do two passes, one to just change these to # `$object: dependent.h' and one to simply `dependent.h:'. sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" # Some versions of the HPUX 10.20 sed can't process this invocation # correctly. Breaking it into two sed invocations is a workaround. sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \ | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; hp2) # The "hp" stanza above does not work with aCC (C++) and HP's ia64 # compilers, which have integrated preprocessors. The correct option # to use with these is +Maked; it writes dependencies to a file named # 'foo.d', which lands next to the object file, wherever that # happens to be. # Much of this is similar to the tru64 case; see comments there. set_dir_from "$object" set_base_from "$object" if test "$libtool" = yes; then tmpdepfile1=$dir$base.d tmpdepfile2=$dir.libs/$base.d "$@" -Wc,+Maked else tmpdepfile1=$dir$base.d tmpdepfile2=$dir$base.d "$@" +Maked fi stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile1" "$tmpdepfile2" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" do test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile" # Add 'dependent.h:' lines. sed -ne '2,${ s/^ *// s/ \\*$// s/$/:/ p }' "$tmpdepfile" >> "$depfile" else make_dummy_depfile fi rm -f "$tmpdepfile" "$tmpdepfile2" ;; tru64) # The Tru64 compiler uses -MD to generate dependencies as a side # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put # dependencies in 'foo.d' instead, so we check for that too. # Subdirectories are respected. set_dir_from "$object" set_base_from "$object" if test "$libtool" = yes; then # Libtool generates 2 separate objects for the 2 libraries. These # two compilations output dependencies in $dir.libs/$base.o.d and # in $dir$base.o.d. We have to check for both files, because # one of the two compilations can be disabled. We should prefer # $dir$base.o.d over $dir.libs/$base.o.d because the latter is # automatically cleaned when .libs/ is deleted, while ignoring # the former would cause a distcleancheck panic. tmpdepfile1=$dir$base.o.d # libtool 1.5 tmpdepfile2=$dir.libs/$base.o.d # Likewise. tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504 "$@" -Wc,-MD else tmpdepfile1=$dir$base.d tmpdepfile2=$dir$base.d tmpdepfile3=$dir$base.d "$@" -MD fi stat=$? if test $stat -ne 0; then rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" do test -f "$tmpdepfile" && break done # Same post-processing that is required for AIX mode. aix_post_process_depfile ;; msvc7) if test "$libtool" = yes; then showIncludes=-Wc,-showIncludes else showIncludes=-showIncludes fi "$@" $showIncludes > "$tmpdepfile" stat=$? grep -v '^Note: including file: ' "$tmpdepfile" if test $stat -ne 0; then rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" echo "$object : \\" > "$depfile" # The first sed program below extracts the file names and escapes # backslashes for cygpath. The second sed program outputs the file # name when reading, but also accumulates all include files in the # hold buffer in order to output them again at the end. This only # works with sed implementations that can handle large buffers. sed < "$tmpdepfile" -n ' /^Note: including file: *\(.*\)/ { s//\1/ s/\\/\\\\/g p }' | $cygpath_u | sort -u | sed -n ' s/ /\\ /g s/\(.*\)/'"$tab"'\1 \\/p s/.\(.*\) \\/\1:/ H $ { s/.*/'"$tab"'/ G p }' >> "$depfile" echo >> "$depfile" # make sure the fragment doesn't end with a backslash rm -f "$tmpdepfile" ;; msvc7msys) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; #nosideeffect) # This comment above is used by automake to tell side-effect # dependency tracking mechanisms from slower ones. dashmstdout) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout, regardless of -o. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi # Remove '-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done test -z "$dashmflag" && dashmflag=-M # Require at least two characters before searching for ':' # in the target name. This is to cope with DOS-style filenames: # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. "$@" $dashmflag | sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" # Some versions of the HPUX 10.20 sed can't process this sed invocation # correctly. Breaking it into two sed invocations is a workaround. tr ' ' "$nl" < "$tmpdepfile" \ | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; dashXmstdout) # This case only exists to satisfy depend.m4. It is never actually # run, as this mode is specially recognized in the preamble. exit 1 ;; makedepend) "$@" || exit $? # Remove any Libtool call if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi # X makedepend shift cleared=no eat=no for arg do case $cleared in no) set ""; shift cleared=yes ;; esac if test $eat = yes; then eat=no continue fi case "$arg" in -D*|-I*) set fnord "$@" "$arg"; shift ;; # Strip any option that makedepend may not understand. Remove # the object too, otherwise makedepend will parse it as a source file. -arch) eat=yes ;; -*|$object) ;; *) set fnord "$@" "$arg"; shift ;; esac done obj_suffix=`echo "$object" | sed 's/^.*\././'` touch "$tmpdepfile" ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" rm -f "$depfile" # makedepend may prepend the VPATH from the source file name to the object. # No need to regex-escape $object, excess matching of '.' is harmless. sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" # Some versions of the HPUX 10.20 sed can't process the last invocation # correctly. Breaking it into two sed invocations is a workaround. sed '1,2d' "$tmpdepfile" \ | tr ' ' "$nl" \ | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" "$tmpdepfile".bak ;; cpp) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi # Remove '-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done "$@" -E \ | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ | sed '$ s: \\$::' > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" cat < "$tmpdepfile" >> "$depfile" sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; msvisualcpp) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi IFS=" " for arg do case "$arg" in -o) shift ;; $object) shift ;; "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") set fnord "$@" shift shift ;; *) set fnord "$@" "$arg" shift shift ;; esac done "$@" -E 2>/dev/null | sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" echo "$tab" >> "$depfile" sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; msvcmsys) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; none) exec "$@" ;; *) echo "Unknown depmode $depmode" 1>&2 exit 1 ;; esac exit 0 # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: sssd-1.11.5/build/PaxHeaders.13173/config.rpath0000644000000000000000000000013212320753475017162 xustar000000000000000030 mtime=1396954941.698889646 30 atime=1396954953.979880612 30 ctime=1396954961.516875052 sssd-1.11.5/build/config.rpath0000755002412700241270000003521312320753475017416 0ustar00jhrozekjhrozek00000000000000#! /bin/sh # Output a system dependent set of variables, describing how to set the # run time search path of shared libraries in an executable. # # Copyright 1996-2003 Free Software Foundation, Inc. # Taken from GNU libtool, 2001 # Originally by Gordon Matzigkeit , 1996 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # # The first argument passed to this file is the canonical host specification, # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld # should be set by the caller. # # The set of defined variables is at the end of this script. # Known limitations: # - On IRIX 6.5 with CC="cc", the run time search patch must not be longer # than 256 bytes, otherwise the compiler driver will dump core. The only # known workaround is to choose shorter directory names for the build # directory and/or the installation directory. # All known linkers require a `.a' archive for static linking (except M$VC, # which needs '.lib'). libext=a shrext=.so host="$1" host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` # Code taken from libtool.m4's AC_LIBTOOL_PROG_COMPILER_PIC. wl= if test "$GCC" = yes; then wl='-Wl,' else case "$host_os" in aix*) wl='-Wl,' ;; mingw* | pw32* | os2*) ;; hpux9* | hpux10* | hpux11*) wl='-Wl,' ;; irix5* | irix6* | nonstopux*) wl='-Wl,' ;; newsos6) ;; linux*) case $CC in icc|ecc) wl='-Wl,' ;; ccc) wl='-Wl,' ;; esac ;; osf3* | osf4* | osf5*) wl='-Wl,' ;; sco3.2v5*) ;; solaris*) wl='-Wl,' ;; sunos4*) wl='-Qoption ld ' ;; sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) wl='-Wl,' ;; sysv4*MP*) ;; uts4*) ;; esac fi # Code taken from libtool.m4's AC_LIBTOOL_PROG_LD_SHLIBS. hardcode_libdir_flag_spec= hardcode_libdir_separator= hardcode_direct=no hardcode_minus_L=no case "$host_os" in cygwin* | mingw* | pw32*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; openbsd*) with_gnu_ld=no ;; esac ld_shlibs=yes if test "$with_gnu_ld" = yes; then case "$host_os" in aix3* | aix4* | aix5*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then ld_shlibs=no fi ;; amigaos*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes # Samuel A. Falvo II reports # that the semantics of dynamic libraries on AmigaOS, at least up # to version 4, is to share data among multiple programs linked # with the same dynamic library. Since this doesn't match the # behavior of shared libraries on other platforms, we can use # them. ld_shlibs=no ;; beos*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then : else ld_shlibs=no fi ;; cygwin* | mingw* | pw32*) # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then : else ld_shlibs=no fi ;; netbsd*) ;; solaris* | sysv5*) if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then ld_shlibs=no elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then : else ld_shlibs=no fi ;; sunos4*) hardcode_direct=yes ;; *) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then : else ld_shlibs=no fi ;; esac if test "$ld_shlibs" = yes; then # Unlike libtool, we use -rpath here, not --rpath, since the documented # option of GNU ld is called -rpath, not --rpath. hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' fi else case "$host_os" in aix3*) # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L=yes if test "$GCC" = yes; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct=unsupported fi ;; aix4* | aix5*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no else aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[23]|aix4.[23].*|aix5*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done esac fi hardcode_direct=yes hardcode_libdir_separator=':' if test "$GCC" = yes; then case $host_os in aix4.[012]|aix4.[012].*) collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && \ strings "$collect2name" | grep resolve_lib_name >/dev/null then # We have reworked collect2 hardcode_direct=yes else # We have old collect2 hardcode_direct=unsupported hardcode_minus_L=yes hardcode_libdir_flag_spec='-L$libdir' hardcode_libdir_separator= fi esac fi # Begin _LT_AC_SYS_LIBPATH_AIX. echo 'int main () { return 0; }' > conftest.c ${CC} ${LDFLAGS} conftest.c -o conftest aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } }'` if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } }'` fi if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib" fi rm -f conftest.c conftest # End _LT_AC_SYS_LIBPATH_AIX. if test "$aix_use_runtimelinking" = yes; then hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" else if test "$host_cpu" = ia64; then hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' else hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" fi fi ;; amigaos*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes # see comment about different semantics on the GNU ld section ld_shlibs=no ;; bsdi4*) ;; cygwin* | mingw* | pw32*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. hardcode_libdir_flag_spec=' ' libext=lib ;; darwin* | rhapsody*) if $CC -v 2>&1 | grep 'Apple' >/dev/null ; then hardcode_direct=no fi ;; dgux*) hardcode_libdir_flag_spec='-L$libdir' ;; freebsd1*) ld_shlibs=no ;; freebsd2.2*) hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes ;; freebsd2*) hardcode_direct=yes hardcode_minus_L=yes ;; freebsd*) hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes ;; hpux9*) hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes ;; hpux10* | hpux11*) if test "$with_gnu_ld" = no; then case "$host_cpu" in hppa*64*) hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=no ;; ia64*) hardcode_libdir_flag_spec='-L$libdir' hardcode_direct=no # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes ;; *) hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; netbsd*) hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes ;; newsos6) hardcode_direct=yes hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; openbsd*) hardcode_direct=yes if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then hardcode_libdir_flag_spec='${wl}-rpath,$libdir' else case "$host_os" in openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) hardcode_libdir_flag_spec='-R$libdir' ;; *) hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ;; esac fi ;; os2*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes ;; osf3*) hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; osf4* | osf5*) if test "$GCC" = yes; then hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' else # Both cc and cxx compiler support -rpath directly hardcode_libdir_flag_spec='-rpath $libdir' fi hardcode_libdir_separator=: ;; sco3.2v5*) ;; solaris*) hardcode_libdir_flag_spec='-R$libdir' ;; sunos4*) hardcode_libdir_flag_spec='-L$libdir' hardcode_direct=yes hardcode_minus_L=yes ;; sysv4) case $host_vendor in sni) hardcode_direct=yes # is this really true??? ;; siemens) hardcode_direct=no ;; motorola) hardcode_direct=no #Motorola manual says yes, but my tests say they lie ;; esac ;; sysv4.3*) ;; sysv4*MP*) if test -d /usr/nec; then ld_shlibs=yes fi ;; sysv4.2uw2*) hardcode_direct=yes hardcode_minus_L=no ;; sysv5OpenUNIX8* | sysv5UnixWare7* | sysv5uw[78]* | unixware7*) ;; sysv5*) hardcode_libdir_flag_spec= ;; uts4*) hardcode_libdir_flag_spec='-L$libdir' ;; *) ld_shlibs=no ;; esac fi # Check dynamic linker characteristics # Code taken from libtool.m4's AC_LIBTOOL_SYS_DYNAMIC_LINKER. libname_spec='lib$name' case "$host_os" in aix3*) ;; aix4* | aix5*) ;; amigaos*) ;; beos*) ;; bsdi4*) ;; cygwin* | mingw* | pw32*) shrext=.dll ;; darwin* | rhapsody*) shrext=.dylib ;; dgux*) ;; freebsd1*) ;; freebsd*) ;; gnu*) ;; hpux9* | hpux10* | hpux11*) case "$host_cpu" in ia64*) shrext=.so ;; hppa*64*) shrext=.sl ;; *) shrext=.sl ;; esac ;; irix5* | irix6* | nonstopux*) case "$host_os" in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;; *) libsuff= shlibsuff= ;; esac ;; esac ;; linux*oldld* | linux*aout* | linux*coff*) ;; linux*) ;; netbsd*) ;; newsos6) ;; nto-qnx) ;; openbsd*) ;; os2*) libname_spec='$name' shrext=.dll ;; osf3* | osf4* | osf5*) ;; sco3.2v5*) ;; solaris*) ;; sunos4*) ;; sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) ;; sysv4*MP*) ;; uts4*) ;; esac sed_quote_subst='s/\(["`$\\]\)/\\\1/g' escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"` shlibext=`echo "$shrext" | sed -e 's,^\.,,'` escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <&2 exit 1;; esac shift;; -o) chowncmd="$chownprog $2" shift;; -s) stripcmd=$stripprog;; -t) dst_arg=$2 # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac shift;; -T) no_target_directory=true;; --version) echo "$0 $scriptversion"; exit $?;; --) shift break;; -*) echo "$0: invalid option: $1" >&2 exit 1;; *) break;; esac shift done if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. set fnord "$@" "$dst_arg" shift # fnord fi shift # arg dst_arg=$arg # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac done fi if test $# -eq 0; then if test -z "$dir_arg"; then echo "$0: no input file specified." >&2 exit 1 fi # It's OK to call 'install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then do_exit='(exit $ret); exit $ret' trap "ret=129; $do_exit" 1 trap "ret=130; $do_exit" 2 trap "ret=141; $do_exit" 13 trap "ret=143; $do_exit" 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. case $mode in # Optimize common cases. *644) cp_umask=133;; *755) cp_umask=22;; *[0-7]) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac fi for src do # Protect names problematic for 'test' and other utilities. case $src in -* | [=\(\)!]) src=./$src;; esac if test -n "$dir_arg"; then dst=$src dstdir=$dst test -d "$dstdir" dstdir_status=$? else # Waiting for this to be detected by the "$cpprog $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if test ! -f "$src" && test ! -d "$src"; then echo "$0: $src does not exist." >&2 exit 1 fi if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi dst=$dst_arg # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then if test -n "$no_target_directory"; then echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst dst=$dstdir/`basename "$src"` dstdir_status=0 else # Prefer dirname, but fall back on a substitute if dirname fails. dstdir=` (dirname "$dst") 2>/dev/null || expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$dst" : 'X\(//\)[^/]' \| \ X"$dst" : 'X\(//\)$' \| \ X"$dst" : 'X\(/\)' \| . 2>/dev/null || echo X"$dst" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q' ` test -d "$dstdir" dstdir_status=$? fi fi obsolete_mkdir_used=false if test $dstdir_status != 0; then case $posix_mkdir in '') # Create intermediate dirs using mode 755 as modified by the umask. # This is like FreeBSD 'install' as of 1997-10-28. umask=`umask` case $stripcmd.$umask in # Optimize common cases. *[2367][2367]) mkdir_umask=$umask;; .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; *[0-7]) mkdir_umask=`expr $umask + 22 \ - $umask % 100 % 40 + $umask % 20 \ - $umask % 10 % 4 + $umask % 2 `;; *) mkdir_umask=$umask,go-w;; esac # With -d, create the new directory with the user-specified mode. # Otherwise, rely on $mkdir_umask. if test -n "$dir_arg"; then mkdir_mode=-m$mode else mkdir_mode= fi posix_mkdir=false case $umask in *[123567][0-7][0-7]) # POSIX mkdir -p sets u+wx bits regardless of umask, which # is incompatible with FreeBSD 'install' when (umask & 300) != 0. ;; *) tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 if (umask $mkdir_umask && exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 then if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or # other-writable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in d????-?r-*) different_mode=700;; d????-?--*) different_mode=755;; *) false;; esac && $mkdirprog -m$different_mode -p -- "$tmpdir" && { ls_ld_tmpdir_1=`ls -ld "$tmpdir"` test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" } } then posix_mkdir=: fi rmdir "$tmpdir/d" "$tmpdir" else # Remove any dirs left behind by ancient mkdir implementations. rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null fi trap '' 0;; esac;; esac if $posix_mkdir && ( umask $mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else # The umask is ridiculous, or mkdir does not conform to POSIX, # or it failed possibly due to a race condition. Create the # directory the slow way, step by step, checking for races as we go. case $dstdir in /*) prefix='/';; [-=\(\)!]*) prefix='./';; *) prefix='';; esac eval "$initialize_posix_glob" oIFS=$IFS IFS=/ $posix_glob set -f set fnord $dstdir shift $posix_glob set +f IFS=$oIFS prefixes= for d do test X"$d" = X && continue prefix=$prefix$d if test -d "$prefix"; then prefixes= else if $posix_mkdir; then (umask=$mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break # Don't fail if two instances are running concurrently. test -d "$prefix" || exit 1 else case $prefix in *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; *) qprefix=$prefix;; esac prefixes="$prefixes '$qprefix'" fi fi prefix=$prefix/ done if test -n "$prefixes"; then # Don't fail if two instances are running concurrently. (umask $mkdir_umask && eval "\$doit_exec \$mkdirprog $prefixes") || test -d "$dstdir" || exit 1 obsolete_mkdir_used=true fi fi fi if test -n "$dir_arg"; then { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 else # Make a couple of temp file names in the proper directory. dsttmp=$dstdir/_inst.$$_ rmtmp=$dstdir/_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && eval "$initialize_posix_glob" && $posix_glob set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && $posix_glob set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then rm -f "$dsttmp" else # Rename the file to the real destination. $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || # The rename failed, perhaps because mv can't rename something else # to itself, or perhaps because mv is so ancient that it does not # support -f. { # Now remove or move aside any old file at destination location. # We try this two ways since rm can't unlink itself on some # systems and the destination file might be busy for other # reasons. In this case, the final cleanup might fail but the new # file should still install successfully. { test ! -f "$dst" || $doit $rmcmd -f "$dst" 2>/dev/null || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } } || { echo "$0: cannot unlink or rename $dst" >&2 (exit 1); exit 1 } } && # Now rename the file to the real destination. $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 trap '' 0 fi done # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: sssd-1.11.5/build/PaxHeaders.13173/config.guess0000644000000000000000000000013212320753507017166 xustar000000000000000030 mtime=1396954951.067882757 30 atime=1396954953.343881081 30 ctime=1396954961.515875053 sssd-1.11.5/build/config.guess0000755002412700241270000012746312320753507017433 0ustar00jhrozekjhrozek00000000000000#! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, # 2011, 2012, 2013 Free Software Foundation, Inc. timestamp='2012-12-29' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # # Originally written by Per Bothner. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD # # Please send patches with a ChangeLog entry to config-patches@gnu.org. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; *:SolidBSD:*:*) echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE="alpha" ;; "EV4.5 (21064)") UNAME_MACHINE="alpha" ;; "LCA4 (21066/21068)") UNAME_MACHINE="alpha" ;; "EV5 (21164)") UNAME_MACHINE="alphaev5" ;; "EV5.6 (21164A)") UNAME_MACHINE="alphaev56" ;; "EV5.6 (21164PC)") UNAME_MACHINE="alphapca56" ;; "EV5.7 (21164PC)") UNAME_MACHINE="alphapca57" ;; "EV6 (21264)") UNAME_MACHINE="alphaev6" ;; "EV6.7 (21264A)") UNAME_MACHINE="alphaev67" ;; "EV6.8CB (21264C)") UNAME_MACHINE="alphaev68" ;; "EV6.8AL (21264B)") UNAME_MACHINE="alphaev68" ;; "EV6.8CX (21264D)") UNAME_MACHINE="alphaev68" ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE="alphaev69" ;; "EV7 (21364)") UNAME_MACHINE="alphaev7" ;; "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 exit $exitcode ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition exit ;; *:z/VM:*:*) echo s390-ibm-zvmoe exit ;; *:OS400:*:*) echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) echo i386-pc-auroraux${UNAME_RELEASE} exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH="i386" # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH="x86_64" fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`$dummy $dummyarg` && { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` then echo "$SYSTEM_NAME" else echo rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = "hppa2.0w" ] then eval $set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler # generating 64-bit code. GNU and HP use different nomenclature: # # $ CC_FOR_BUILD=cc ./config.guess # => hppa2.0w-hp-hpux11.23 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then HP_ARCH="hppa2.0w" else HP_ARCH="hppa64" fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` case ${UNAME_PROCESSOR} in amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; *:MINGW64*:*) echo ${UNAME_MACHINE}-pc-mingw64 exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) echo ia64-unknown-interix${UNAME_RELEASE} exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; 8664:Windows_NT:*) echo x86_64-pc-mks exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; *:GNU:*:*) # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then echo ${UNAME_MACHINE}-unknown-linux-gnu else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then echo ${UNAME_MACHINE}-unknown-linux-gnueabi else echo ${UNAME_MACHINE}-unknown-linux-gnueabihf fi fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; cris:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-gnu exit ;; crisv32:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-gnu exit ;; frv:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; hexagon:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:Linux:*:*) LIBC=gnu eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __dietlibc__ LIBC=dietlibc #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` echo "${UNAME_MACHINE}-pc-linux-${LIBC}" exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; or32:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; padre:Linux:*:*) echo sparc-unknown-linux-gnu exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-gnu ;; PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-gnu exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; tile*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; x86_64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit ;; i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configury will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; paragon:*:*:*) echo i860-intel-osf1 exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. echo ${UNAME_MACHINE}-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; x86_64:Haiku:*:*) echo x86_64-unknown-haiku exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; SX-7:SUPER-UX:*:*) echo sx7-nec-superux${UNAME_RELEASE} exit ;; SX-8:SUPER-UX:*:*) echo sx8-nec-superux${UNAME_RELEASE} exit ;; SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in i386) eval $set_cc_for_build if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then UNAME_PROCESSOR="x86_64" fi fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NEO-?:NONSTOP_KERNEL:*:*) echo neo-tandem-nsk${UNAME_RELEASE} exit ;; NSE-*:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit ;; *:ITS:*:*) echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; esac ;; *:XENIX:*:SysV) echo i386-pc-xenix exit ;; i*86:skyos:*:*) echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; x86_64:VMkernel:*:*) echo ${UNAME_MACHINE}-unknown-esx exit ;; esac eval $set_cc_for_build cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) # if !defined (ultrix) # include # if defined (BSD) # if BSD == 43 printf ("vax-dec-bsd4.3\n"); exit (0); # else # if BSD == 199006 printf ("vax-dec-bsd4.3reno\n"); exit (0); # else printf ("vax-dec-bsd\n"); exit (0); # endif # endif # else printf ("vax-dec-bsd\n"); exit (0); # endif # else printf ("vax-dec-ultrix\n"); exit (0); # endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; c34*) echo c34-convex-bsd exit ;; c38*) echo c38-convex-bsd exit ;; c4*) echo c4-convex-bsd exit ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: sssd-1.11.5/build/PaxHeaders.13173/mkinstalldirs0000644000000000000000000000013212320753510017446 xustar000000000000000030 mtime=1396954952.435881749 30 atime=1396954952.435881749 30 ctime=1396954961.356875171 sssd-1.11.5/build/mkinstalldirs0000755002412700241270000000672212320753510017705 0ustar00jhrozekjhrozek00000000000000#! /bin/sh # mkinstalldirs --- make directory hierarchy scriptversion=2009-04-28.21; # UTC # Original author: Noah Friedman # Created: 1993-05-16 # Public domain. # # This file is maintained in Automake, please report # bugs to or send patches to # . nl=' ' IFS=" "" $nl" errstatus=0 dirmode= usage="\ Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ... Create each directory DIR (with mode MODE, if specified), including all leading file name components. Report bugs to ." # process command line arguments while test $# -gt 0 ; do case $1 in -h | --help | --h*) # -h for help echo "$usage" exit $? ;; -m) # -m PERM arg shift test $# -eq 0 && { echo "$usage" 1>&2; exit 1; } dirmode=$1 shift ;; --version) echo "$0 $scriptversion" exit $? ;; --) # stop option processing shift break ;; -*) # unknown option echo "$usage" 1>&2 exit 1 ;; *) # first non-opt arg break ;; esac done for file do if test -d "$file"; then shift else break fi done case $# in 0) exit 0 ;; esac # Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and # mkdir -p a/c at the same time, both will detect that a is missing, # one will create a, then the other will try to create a and die with # a "File exists" error. This is a problem when calling mkinstalldirs # from a parallel make. We use --version in the probe to restrict # ourselves to GNU mkdir, which is thread-safe. case $dirmode in '') if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then echo "mkdir -p -- $*" exec mkdir -p -- "$@" else # On NextStep and OpenStep, the 'mkdir' command does not # recognize any option. It will interpret all options as # directories to create, and then abort because '.' already # exists. test -d ./-p && rmdir ./-p test -d ./--version && rmdir ./--version fi ;; *) if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 && test ! -d ./--version; then echo "mkdir -m $dirmode -p -- $*" exec mkdir -m "$dirmode" -p -- "$@" else # Clean up after NextStep and OpenStep mkdir. for d in ./-m ./-p ./--version "./$dirmode"; do test -d $d && rmdir $d done fi ;; esac for file do case $file in /*) pathcomp=/ ;; *) pathcomp= ;; esac oIFS=$IFS IFS=/ set fnord $file shift IFS=$oIFS for d do test "x$d" = x && continue pathcomp=$pathcomp$d case $pathcomp in -*) pathcomp=./$pathcomp ;; esac if test ! -d "$pathcomp"; then echo "mkdir $pathcomp" mkdir "$pathcomp" || lasterr=$? if test ! -d "$pathcomp"; then errstatus=$lasterr else if test ! -z "$dirmode"; then echo "chmod $dirmode $pathcomp" lasterr= chmod "$dirmode" "$pathcomp" || lasterr=$? if test ! -z "$lasterr"; then errstatus=$lasterr fi fi fi fi pathcomp=$pathcomp/ done done exit $errstatus # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: sssd-1.11.5/build/PaxHeaders.13173/test-driver0000644000000000000000000000013212320753510017036 xustar000000000000000030 mtime=1396954952.337881821 30 atime=1396954952.337881821 30 ctime=1396954961.511875056 sssd-1.11.5/build/test-driver0000755002412700241270000000761112320753510017273 0ustar00jhrozekjhrozek00000000000000#! /bin/sh # test-driver - basic testsuite driver script. scriptversion=2012-06-27.10; # UTC # Copyright (C) 2011-2013 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # This file is maintained in Automake, please report # bugs to or send patches to # . # Make unconditional expansion of undefined variables an error. This # helps a lot in preventing typo-related bugs. set -u usage_error () { echo "$0: $*" >&2 print_usage >&2 exit 2 } print_usage () { cat <$log_file 2>&1 estatus=$? if test $enable_hard_errors = no && test $estatus -eq 99; then estatus=1 fi case $estatus:$expect_failure in 0:yes) col=$red res=XPASS recheck=yes gcopy=yes;; 0:*) col=$grn res=PASS recheck=no gcopy=no;; 77:*) col=$blu res=SKIP recheck=no gcopy=yes;; 99:*) col=$mgn res=ERROR recheck=yes gcopy=yes;; *:yes) col=$lgn res=XFAIL recheck=no gcopy=yes;; *:*) col=$red res=FAIL recheck=yes gcopy=yes;; esac # Report outcome to console. echo "${col}${res}${std}: $test_name" # Register the test result, and other relevant metadata. echo ":test-result: $res" > $trs_file echo ":global-test-result: $res" >> $trs_file echo ":recheck: $recheck" >> $trs_file echo ":copy-in-global-log: $gcopy" >> $trs_file # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: sssd-1.11.5/build/PaxHeaders.13173/config.sub0000644000000000000000000000013212320753507016631 xustar000000000000000030 mtime=1396954951.068882756 30 atime=1396954953.335881086 30 ctime=1396954961.517875052 sssd-1.11.5/build/config.sub0000755002412700241270000010550312320753507017065 0ustar00jhrozekjhrozek00000000000000#! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, # 2011, 2012, 2013 Free Software Foundation, Inc. timestamp='2012-12-29' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # Please send patches with a ChangeLog entry to config-patches@gnu.org. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS $0 [OPTION] ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit ;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; android-linux) os=-linux-android basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis | -knuth | -cray | -microblaze*) os= basic_machine=$1 ;; -bluegene*) os=-cnk ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -chorusos*) os=-chorusos basic_machine=$1 ;; -chorusrdb) os=-chorusrdb basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco6) os=-sco5v6 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*178) os=-lynxos178 ;; -lynx*5) os=-lynxos5 ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ | aarch64 | aarch64_be \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ | be32 | be64 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ | mips64octeon | mips64octeonel \ | mips64orion | mips64orionel \ | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ | nios | nios2 \ | ns16k | ns32k \ | open8 \ | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu \ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; c54x) basic_machine=tic54x-unknown ;; c55x) basic_machine=tic55x-unknown ;; c6x) basic_machine=tic6x-unknown ;; m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; ms1) basic_machine=mt-unknown ;; strongarm | thumb | xscale) basic_machine=arm-unknown ;; xgate) basic_machine=$basic_machine-unknown os=-none ;; xscaleeb) basic_machine=armeb-unknown ;; xscaleel) basic_machine=armel-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ | microblaze-* | microblazeel-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ | mips64octeon-* | mips64octeonel-* \ | mips64orion-* | mips64orionel-* \ | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ | tron-* \ | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; abacus) basic_machine=abacus-unknown ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amd64) basic_machine=x86_64-pc ;; amd64-*) basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aros) basic_machine=i386-pc os=-aros ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; blackfin) basic_machine=bfin-unknown os=-linux ;; blackfin-*) basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; bluegene*) basic_machine=powerpc-ibm os=-cnk ;; c54x-*) basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c55x-*) basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c6x-*) basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c90) basic_machine=c90-cray os=-unicos ;; cegcc) basic_machine=arm-unknown os=-cegcc ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | j90) basic_machine=j90-cray os=-unicos ;; craynv) basic_machine=craynv-cray os=-unicosmp ;; cr16 | cr16-*) basic_machine=cr16-unknown os=-elf ;; crds | unos) basic_machine=m68k-crds ;; crisv32 | crisv32-* | etraxfs*) basic_machine=crisv32-axis ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; crx) basic_machine=crx-unknown os=-elf ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; decsystem10* | dec10*) basic_machine=pdp10-dec os=-tops10 ;; decsystem20* | dec20*) basic_machine=pdp10-dec os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dicos) basic_machine=i686-pc os=-dicos ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; go32) basic_machine=i386-pc os=-go32 ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; microblaze*) basic_machine=microblaze-xilinx ;; mingw64) basic_machine=x86_64-pc os=-mingw64 ;; mingw32) basic_machine=i386-pc os=-mingw32 ;; mingw32ce) basic_machine=arm-unknown os=-mingw32ce ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k os=-coff ;; morphos) basic_machine=powerpc-unknown os=-morphos ;; msdos) basic_machine=i386-pc os=-msdos ;; ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) basic_machine=i386-pc os=-msys ;; mvs) basic_machine=i370-ibm os=-mvs ;; nacl) basic_machine=le32-unknown os=-nacl ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; neo-tandem) basic_machine=neo-tandem ;; nse-tandem) basic_machine=nse-tandem ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; openrisc | openrisc-*) basic_machine=or32-unknown ;; os400) basic_machine=powerpc-ibm os=-os400 ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; parisc) basic_machine=hppa-unknown os=-linux ;; parisc-*) basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pc98) basic_machine=i386-pc ;; pc98-*) basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; pentiumii | pentium2 | pentiumiii | pentium3) basic_machine=i686-pc ;; pentium4) basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium4-*) basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc | ppcbe) basic_machine=powerpc-unknown ;; ppc-* | ppcbe-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; ppc64-* | ppc64p7-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; pw32) basic_machine=i586-unknown os=-pw32 ;; rdos | rdos64) basic_machine=x86_64-pc os=-rdos ;; rdos32) basic_machine=i386-pc os=-rdos ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; s390 | s390-*) basic_machine=s390-ibm ;; s390x | s390x-*) basic_machine=s390x-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sb1) basic_machine=mipsisa64sb1-unknown ;; sb1el) basic_machine=mipsisa64sb1el-unknown ;; sde) basic_machine=mipsisa32-sde os=-elf ;; sei) basic_machine=mips-sei os=-seiux ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sh5el) basic_machine=sh5le-unknown ;; sh64) basic_machine=sh64-unknown ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; strongarm-* | thumb-*) basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3e) basic_machine=alphaev5-cray os=-unicos ;; t90) basic_machine=t90-cray os=-unicos ;; tile*) basic_machine=$basic_machine-unknown os=-linux-gnu ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; toad1) basic_machine=pdp10-xkl os=-tops20 ;; tower | tower-32) basic_machine=m68k-ncr ;; tpf) basic_machine=s390x-ibm os=-tpf ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xbox) basic_machine=i686-pc os=-mingw32 ;; xps | xps100) basic_machine=xps100-honeywell ;; xscale-* | xscalee[bl]-*) basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` ;; ymp) basic_machine=ymp-cray os=-unicos ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; z80-*-coff) basic_machine=z80-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm ;; mmix) basic_machine=mmix-knuth ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp10) # there are many clones, so DEC is not a safe bet basic_machine=pdp10-unknown ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -auroraux) os=-auroraux ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | -bitrig* | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i*86-*) ;; *) os=-nto$os ;; esac ;; -nto-qnx*) ;; -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -os400*) os=-os400 ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -atheos*) os=-atheos ;; -syllable*) os=-syllable ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -nova*) os=-rtmk-nova ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -tpf*) os=-tpf ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; -aros*) os=-aros ;; -kaos*) os=-kaos ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; -nacl*) ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in score-*) os=-elf ;; spu-*) os=-elf ;; *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; c4x-* | tic4x-*) os=-coff ;; hexagon-*) os=-elf ;; tic54x-*) os=-coff ;; tic55x-*) os=-coff ;; tic6x-*) os=-coff ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 ;; m68*-cisco) os=-aout ;; mep-*) os=-elf ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; or32-*) os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-haiku) os=-haiku ;; *-ibm) os=-aix ;; *-knuth) os=-mmixware ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -cnk*|-aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -os400*) vendor=ibm ;; -ptx*) vendor=sequent ;; -tpf*) vendor=ibm ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; -vos*) vendor=stratus ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: sssd-1.11.5/build/PaxHeaders.13173/ltmain.sh0000644000000000000000000000013012320753502016462 xustar000000000000000030 mtime=1396954946.037886457 29 atime=1396954961.05987539 29 ctime=1396954961.52087505 sssd-1.11.5/build/ltmain.sh0000644002412700241270000105152212320753502016717 0ustar00jhrozekjhrozek00000000000000 # libtool (GNU libtool) 2.4.2 # Written by Gordon Matzigkeit , 1996 # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, # 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # GNU Libtool is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, # or obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Usage: $progname [OPTION]... [MODE-ARG]... # # Provide generalized library-building support services. # # --config show all configuration variables # --debug enable verbose shell tracing # -n, --dry-run display commands without modifying any files # --features display basic configuration information and exit # --mode=MODE use operation mode MODE # --preserve-dup-deps don't remove duplicate dependency libraries # --quiet, --silent don't print informational messages # --no-quiet, --no-silent # print informational messages (default) # --no-warn don't display warning messages # --tag=TAG use configuration variables from tag TAG # -v, --verbose print more informational messages than default # --no-verbose don't print the extra informational messages # --version print version information # -h, --help, --help-all print short, long, or detailed help message # # MODE must be one of the following: # # clean remove files from the build directory # compile compile a source file into a libtool object # execute automatically set library path, then run a program # finish complete the installation of libtool libraries # install install libraries or executables # link create a library or an executable # uninstall remove libraries from an installed directory # # MODE-ARGS vary depending on the MODE. When passed as first option, # `--mode=MODE' may be abbreviated as `MODE' or a unique abbreviation of that. # Try `$progname --help --mode=MODE' for a more detailed description of MODE. # # When reporting a bug, please describe a test case to reproduce it and # include the following information: # # host-triplet: $host # shell: $SHELL # compiler: $LTCC # compiler flags: $LTCFLAGS # linker: $LD (gnu? $with_gnu_ld) # $progname: (GNU libtool) 2.4.2 # automake: $automake_version # autoconf: $autoconf_version # # Report bugs to . # GNU libtool home page: . # General help using GNU software: . PROGRAM=libtool PACKAGE=libtool VERSION=2.4.2 TIMESTAMP="" package_revision=1.3337 # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac fi BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF $1 _LTECHO_EOF' } # NLS nuisances: We save the old values to restore during execute mode. lt_user_locale= lt_safe_locale= for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do eval "if test \"\${$lt_var+set}\" = set; then save_$lt_var=\$$lt_var $lt_var=C export $lt_var lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\" lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" fi" done LC_ALL=C LANGUAGE=C export LANGUAGE LC_ALL $lt_unset CDPATH # Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh # is ksh but when the shell is invoked as "sh" and the current value of # the _XPG environment variable is not equal to 1 (one), the special # positional parameter $0, within a function call, is the name of the # function. progpath="$0" : ${CP="cp -f"} test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} : ${Xsed="$SED -e 1s/^X//"} # Global variables: EXIT_SUCCESS=0 EXIT_FAILURE=1 EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. exit_status=$EXIT_SUCCESS # Make sure IFS has a sensible default lt_nl=' ' IFS=" $lt_nl" dirname="s,/[^/]*$,," basename="s,^.*/,," # func_dirname file append nondir_replacement # Compute the dirname of FILE. If nonempty, add APPEND to the result, # otherwise set result to NONDIR_REPLACEMENT. func_dirname () { func_dirname_result=`$ECHO "${1}" | $SED "$dirname"` if test "X$func_dirname_result" = "X${1}"; then func_dirname_result="${3}" else func_dirname_result="$func_dirname_result${2}" fi } # func_dirname may be replaced by extended shell implementation # func_basename file func_basename () { func_basename_result=`$ECHO "${1}" | $SED "$basename"` } # func_basename may be replaced by extended shell implementation # func_dirname_and_basename file append nondir_replacement # perform func_basename and func_dirname in a single function # call: # dirname: Compute the dirname of FILE. If nonempty, # add APPEND to the result, otherwise set result # to NONDIR_REPLACEMENT. # value returned in "$func_dirname_result" # basename: Compute filename of FILE. # value retuned in "$func_basename_result" # Implementation must be kept synchronized with func_dirname # and func_basename. For efficiency, we do not delegate to # those functions but instead duplicate the functionality here. func_dirname_and_basename () { # Extract subdirectory from the argument. func_dirname_result=`$ECHO "${1}" | $SED -e "$dirname"` if test "X$func_dirname_result" = "X${1}"; then func_dirname_result="${3}" else func_dirname_result="$func_dirname_result${2}" fi func_basename_result=`$ECHO "${1}" | $SED -e "$basename"` } # func_dirname_and_basename may be replaced by extended shell implementation # func_stripname prefix suffix name # strip PREFIX and SUFFIX off of NAME. # PREFIX and SUFFIX must not contain globbing or regex special # characters, hashes, percent signs, but SUFFIX may contain a leading # dot (in which case that matches only a dot). # func_strip_suffix prefix name func_stripname () { case ${2} in .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; esac } # func_stripname may be replaced by extended shell implementation # These SED scripts presuppose an absolute path with a trailing slash. pathcar='s,^/\([^/]*\).*$,\1,' pathcdr='s,^/[^/]*,,' removedotparts=':dotsl s@/\./@/@g t dotsl s,/\.$,/,' collapseslashes='s@/\{1,\}@/@g' finalslash='s,/*$,/,' # func_normal_abspath PATH # Remove doubled-up and trailing slashes, "." path components, # and cancel out any ".." path components in PATH after making # it an absolute path. # value returned in "$func_normal_abspath_result" func_normal_abspath () { # Start from root dir and reassemble the path. func_normal_abspath_result= func_normal_abspath_tpath=$1 func_normal_abspath_altnamespace= case $func_normal_abspath_tpath in "") # Empty path, that just means $cwd. func_stripname '' '/' "`pwd`" func_normal_abspath_result=$func_stripname_result return ;; # The next three entries are used to spot a run of precisely # two leading slashes without using negated character classes; # we take advantage of case's first-match behaviour. ///*) # Unusual form of absolute path, do nothing. ;; //*) # Not necessarily an ordinary path; POSIX reserves leading '//' # and for example Cygwin uses it to access remote file shares # over CIFS/SMB, so we conserve a leading double slash if found. func_normal_abspath_altnamespace=/ ;; /*) # Absolute path, do nothing. ;; *) # Relative path, prepend $cwd. func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath ;; esac # Cancel out all the simple stuff to save iterations. We also want # the path to end with a slash for ease of parsing, so make sure # there is one (and only one) here. func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ -e "$removedotparts" -e "$collapseslashes" -e "$finalslash"` while :; do # Processed it all yet? if test "$func_normal_abspath_tpath" = / ; then # If we ascended to the root using ".." the result may be empty now. if test -z "$func_normal_abspath_result" ; then func_normal_abspath_result=/ fi break fi func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ -e "$pathcar"` func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ -e "$pathcdr"` # Figure out what to do with it case $func_normal_abspath_tcomponent in "") # Trailing empty path component, ignore it. ;; ..) # Parent dir; strip last assembled component from result. func_dirname "$func_normal_abspath_result" func_normal_abspath_result=$func_dirname_result ;; *) # Actual path component, append it. func_normal_abspath_result=$func_normal_abspath_result/$func_normal_abspath_tcomponent ;; esac done # Restore leading double-slash if one was found on entry. func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result } # func_relative_path SRCDIR DSTDIR # generates a relative path from SRCDIR to DSTDIR, with a trailing # slash if non-empty, suitable for immediately appending a filename # without needing to append a separator. # value returned in "$func_relative_path_result" func_relative_path () { func_relative_path_result= func_normal_abspath "$1" func_relative_path_tlibdir=$func_normal_abspath_result func_normal_abspath "$2" func_relative_path_tbindir=$func_normal_abspath_result # Ascend the tree starting from libdir while :; do # check if we have found a prefix of bindir case $func_relative_path_tbindir in $func_relative_path_tlibdir) # found an exact match func_relative_path_tcancelled= break ;; $func_relative_path_tlibdir*) # found a matching prefix func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" func_relative_path_tcancelled=$func_stripname_result if test -z "$func_relative_path_result"; then func_relative_path_result=. fi break ;; *) func_dirname $func_relative_path_tlibdir func_relative_path_tlibdir=${func_dirname_result} if test "x$func_relative_path_tlibdir" = x ; then # Have to descend all the way to the root! func_relative_path_result=../$func_relative_path_result func_relative_path_tcancelled=$func_relative_path_tbindir break fi func_relative_path_result=../$func_relative_path_result ;; esac done # Now calculate path; take care to avoid doubling-up slashes. func_stripname '' '/' "$func_relative_path_result" func_relative_path_result=$func_stripname_result func_stripname '/' '/' "$func_relative_path_tcancelled" if test "x$func_stripname_result" != x ; then func_relative_path_result=${func_relative_path_result}/${func_stripname_result} fi # Normalisation. If bindir is libdir, return empty string, # else relative path ending with a slash; either way, target # file name can be directly appended. if test ! -z "$func_relative_path_result"; then func_stripname './' '' "$func_relative_path_result/" func_relative_path_result=$func_stripname_result fi } # The name of this program: func_dirname_and_basename "$progpath" progname=$func_basename_result # Make sure we have an absolute path for reexecution: case $progpath in [\\/]*|[A-Za-z]:\\*) ;; *[\\/]*) progdir=$func_dirname_result progdir=`cd "$progdir" && pwd` progpath="$progdir/$progname" ;; *) save_IFS="$IFS" IFS=${PATH_SEPARATOR-:} for progdir in $PATH; do IFS="$save_IFS" test -x "$progdir/$progname" && break done IFS="$save_IFS" test -n "$progdir" || progdir=`pwd` progpath="$progdir/$progname" ;; esac # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. Xsed="${SED}"' -e 1s/^X//' sed_quote_subst='s/\([`"$\\]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\(["`\\]\)/\\\1/g' # Sed substitution that turns a string into a regex matching for the # string literally. sed_make_literal_regex='s,[].[^$\\*\/],\\&,g' # Sed substitution that converts a w32 file name or path # which contains forward slashes, into one that contains # (escaped) backslashes. A very naive implementation. lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' # Re-`\' parameter expansions in output of double_quote_subst that were # `\'-ed in input to the same. If an odd number of `\' preceded a '$' # in input to double_quote_subst, that '$' was protected from expansion. # Since each input `\' is now two `\'s, look for any number of runs of # four `\'s followed by two `\'s and then a '$'. `\' that '$'. bs='\\' bs2='\\\\' bs4='\\\\\\\\' dollar='\$' sed_double_backslash="\ s/$bs4/&\\ /g s/^$bs2$dollar/$bs&/ s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g s/\n//g" # Standard options: opt_dry_run=false opt_help=false opt_quiet=false opt_verbose=false opt_warning=: # func_echo arg... # Echo program name prefixed message, along with the current mode # name if it has been set yet. func_echo () { $ECHO "$progname: ${opt_mode+$opt_mode: }$*" } # func_verbose arg... # Echo program name prefixed message in verbose mode only. func_verbose () { $opt_verbose && func_echo ${1+"$@"} # A bug in bash halts the script if the last line of a function # fails when set -e is in force, so we need another command to # work around that: : } # func_echo_all arg... # Invoke $ECHO with all args, space-separated. func_echo_all () { $ECHO "$*" } # func_error arg... # Echo program name prefixed message to standard error. func_error () { $ECHO "$progname: ${opt_mode+$opt_mode: }"${1+"$@"} 1>&2 } # func_warning arg... # Echo program name prefixed warning message to standard error. func_warning () { $opt_warning && $ECHO "$progname: ${opt_mode+$opt_mode: }warning: "${1+"$@"} 1>&2 # bash bug again: : } # func_fatal_error arg... # Echo program name prefixed message to standard error, and exit. func_fatal_error () { func_error ${1+"$@"} exit $EXIT_FAILURE } # func_fatal_help arg... # Echo program name prefixed message to standard error, followed by # a help hint, and exit. func_fatal_help () { func_error ${1+"$@"} func_fatal_error "$help" } help="Try \`$progname --help' for more information." ## default # func_grep expression filename # Check whether EXPRESSION matches any line of FILENAME, without output. func_grep () { $GREP "$1" "$2" >/dev/null 2>&1 } # func_mkdir_p directory-path # Make sure the entire path to DIRECTORY-PATH is available. func_mkdir_p () { my_directory_path="$1" my_dir_list= if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then # Protect directory names starting with `-' case $my_directory_path in -*) my_directory_path="./$my_directory_path" ;; esac # While some portion of DIR does not yet exist... while test ! -d "$my_directory_path"; do # ...make a list in topmost first order. Use a colon delimited # list incase some portion of path contains whitespace. my_dir_list="$my_directory_path:$my_dir_list" # If the last portion added has no slash in it, the list is done case $my_directory_path in */*) ;; *) break ;; esac # ...otherwise throw away the child directory and loop my_directory_path=`$ECHO "$my_directory_path" | $SED -e "$dirname"` done my_dir_list=`$ECHO "$my_dir_list" | $SED 's,:*$,,'` save_mkdir_p_IFS="$IFS"; IFS=':' for my_dir in $my_dir_list; do IFS="$save_mkdir_p_IFS" # mkdir can fail with a `File exist' error if two processes # try to create one of the directories concurrently. Don't # stop in that case! $MKDIR "$my_dir" 2>/dev/null || : done IFS="$save_mkdir_p_IFS" # Bail out if we (or some other process) failed to create a directory. test -d "$my_directory_path" || \ func_fatal_error "Failed to create \`$1'" fi } # func_mktempdir [string] # Make a temporary directory that won't clash with other running # libtool processes, and avoids race conditions if possible. If # given, STRING is the basename for that directory. func_mktempdir () { my_template="${TMPDIR-/tmp}/${1-$progname}" if test "$opt_dry_run" = ":"; then # Return a directory name, but don't create it in dry-run mode my_tmpdir="${my_template}-$$" else # If mktemp works, use that first and foremost my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` if test ! -d "$my_tmpdir"; then # Failing that, at least try and use $RANDOM to avoid a race my_tmpdir="${my_template}-${RANDOM-0}$$" save_mktempdir_umask=`umask` umask 0077 $MKDIR "$my_tmpdir" umask $save_mktempdir_umask fi # If we're not in dry-run mode, bomb out on failure test -d "$my_tmpdir" || \ func_fatal_error "cannot create temporary directory \`$my_tmpdir'" fi $ECHO "$my_tmpdir" } # func_quote_for_eval arg # Aesthetically quote ARG to be evaled later. # This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT # is double-quoted, suitable for a subsequent eval, whereas # FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters # which are still active within double quotes backslashified. func_quote_for_eval () { case $1 in *[\\\`\"\$]*) func_quote_for_eval_unquoted_result=`$ECHO "$1" | $SED "$sed_quote_subst"` ;; *) func_quote_for_eval_unquoted_result="$1" ;; esac case $func_quote_for_eval_unquoted_result in # Double-quote args containing shell metacharacters to delay # word splitting, command substitution and and variable # expansion for a subsequent eval. # Many Bourne shells cannot handle close brackets correctly # in scan sets, so we specify it separately. *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\"" ;; *) func_quote_for_eval_result="$func_quote_for_eval_unquoted_result" esac } # func_quote_for_expand arg # Aesthetically quote ARG to be evaled later; same as above, # but do not quote variable references. func_quote_for_expand () { case $1 in *[\\\`\"]*) my_arg=`$ECHO "$1" | $SED \ -e "$double_quote_subst" -e "$sed_double_backslash"` ;; *) my_arg="$1" ;; esac case $my_arg in # Double-quote args containing shell metacharacters to delay # word splitting and command substitution for a subsequent eval. # Many Bourne shells cannot handle close brackets correctly # in scan sets, so we specify it separately. *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") my_arg="\"$my_arg\"" ;; esac func_quote_for_expand_result="$my_arg" } # func_show_eval cmd [fail_exp] # Unless opt_silent is true, then output CMD. Then, if opt_dryrun is # not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP # is given, then evaluate it. func_show_eval () { my_cmd="$1" my_fail_exp="${2-:}" ${opt_silent-false} || { func_quote_for_expand "$my_cmd" eval "func_echo $func_quote_for_expand_result" } if ${opt_dry_run-false}; then :; else eval "$my_cmd" my_status=$? if test "$my_status" -eq 0; then :; else eval "(exit $my_status); $my_fail_exp" fi fi } # func_show_eval_locale cmd [fail_exp] # Unless opt_silent is true, then output CMD. Then, if opt_dryrun is # not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP # is given, then evaluate it. Use the saved locale for evaluation. func_show_eval_locale () { my_cmd="$1" my_fail_exp="${2-:}" ${opt_silent-false} || { func_quote_for_expand "$my_cmd" eval "func_echo $func_quote_for_expand_result" } if ${opt_dry_run-false}; then :; else eval "$lt_user_locale $my_cmd" my_status=$? eval "$lt_safe_locale" if test "$my_status" -eq 0; then :; else eval "(exit $my_status); $my_fail_exp" fi fi } # func_tr_sh # Turn $1 into a string suitable for a shell variable name. # Result is stored in $func_tr_sh_result. All characters # not in the set a-zA-Z0-9_ are replaced with '_'. Further, # if $1 begins with a digit, a '_' is prepended as well. func_tr_sh () { case $1 in [0-9]* | *[!a-zA-Z0-9_]*) func_tr_sh_result=`$ECHO "$1" | $SED 's/^\([0-9]\)/_\1/; s/[^a-zA-Z0-9_]/_/g'` ;; * ) func_tr_sh_result=$1 ;; esac } # func_version # Echo version message to standard output and exit. func_version () { $opt_debug $SED -n '/(C)/!b go :more /\./!{ N s/\n# / / b more } :go /^# '$PROGRAM' (GNU /,/# warranty; / { s/^# // s/^# *$// s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/ p }' < "$progpath" exit $? } # func_usage # Echo short help message to standard output and exit. func_usage () { $opt_debug $SED -n '/^# Usage:/,/^# *.*--help/ { s/^# // s/^# *$// s/\$progname/'$progname'/ p }' < "$progpath" echo $ECHO "run \`$progname --help | more' for full usage" exit $? } # func_help [NOEXIT] # Echo long help message to standard output and exit, # unless 'noexit' is passed as argument. func_help () { $opt_debug $SED -n '/^# Usage:/,/# Report bugs to/ { :print s/^# // s/^# *$// s*\$progname*'$progname'* s*\$host*'"$host"'* s*\$SHELL*'"$SHELL"'* s*\$LTCC*'"$LTCC"'* s*\$LTCFLAGS*'"$LTCFLAGS"'* s*\$LD*'"$LD"'* s/\$with_gnu_ld/'"$with_gnu_ld"'/ s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/ s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/ p d } /^# .* home page:/b print /^# General help using/b print ' < "$progpath" ret=$? if test -z "$1"; then exit $ret fi } # func_missing_arg argname # Echo program name prefixed message to standard error and set global # exit_cmd. func_missing_arg () { $opt_debug func_error "missing argument for $1." exit_cmd=exit } # func_split_short_opt shortopt # Set func_split_short_opt_name and func_split_short_opt_arg shell # variables after splitting SHORTOPT after the 2nd character. func_split_short_opt () { my_sed_short_opt='1s/^\(..\).*$/\1/;q' my_sed_short_rest='1s/^..\(.*\)$/\1/;q' func_split_short_opt_name=`$ECHO "$1" | $SED "$my_sed_short_opt"` func_split_short_opt_arg=`$ECHO "$1" | $SED "$my_sed_short_rest"` } # func_split_short_opt may be replaced by extended shell implementation # func_split_long_opt longopt # Set func_split_long_opt_name and func_split_long_opt_arg shell # variables after splitting LONGOPT at the `=' sign. func_split_long_opt () { my_sed_long_opt='1s/^\(--[^=]*\)=.*/\1/;q' my_sed_long_arg='1s/^--[^=]*=//' func_split_long_opt_name=`$ECHO "$1" | $SED "$my_sed_long_opt"` func_split_long_opt_arg=`$ECHO "$1" | $SED "$my_sed_long_arg"` } # func_split_long_opt may be replaced by extended shell implementation exit_cmd=: magic="%%%MAGIC variable%%%" magic_exe="%%%MAGIC EXE variable%%%" # Global variables. nonopt= preserve_args= lo2o="s/\\.lo\$/.${objext}/" o2lo="s/\\.${objext}\$/.lo/" extracted_archives= extracted_serial=0 # If this variable is set in any of the actions, the command in it # will be execed at the end. This prevents here-documents from being # left over by shells. exec_cmd= # func_append var value # Append VALUE to the end of shell variable VAR. func_append () { eval "${1}=\$${1}\${2}" } # func_append may be replaced by extended shell implementation # func_append_quoted var value # Quote VALUE and append to the end of shell variable VAR, separated # by a space. func_append_quoted () { func_quote_for_eval "${2}" eval "${1}=\$${1}\\ \$func_quote_for_eval_result" } # func_append_quoted may be replaced by extended shell implementation # func_arith arithmetic-term... func_arith () { func_arith_result=`expr "${@}"` } # func_arith may be replaced by extended shell implementation # func_len string # STRING may not start with a hyphen. func_len () { func_len_result=`expr "${1}" : ".*" 2>/dev/null || echo $max_cmd_len` } # func_len may be replaced by extended shell implementation # func_lo2o object func_lo2o () { func_lo2o_result=`$ECHO "${1}" | $SED "$lo2o"` } # func_lo2o may be replaced by extended shell implementation # func_xform libobj-or-source func_xform () { func_xform_result=`$ECHO "${1}" | $SED 's/\.[^.]*$/.lo/'` } # func_xform may be replaced by extended shell implementation # func_fatal_configuration arg... # Echo program name prefixed message to standard error, followed by # a configuration failure hint, and exit. func_fatal_configuration () { func_error ${1+"$@"} func_error "See the $PACKAGE documentation for more information." func_fatal_error "Fatal configuration error." } # func_config # Display the configuration for all the tags in this script. func_config () { re_begincf='^# ### BEGIN LIBTOOL' re_endcf='^# ### END LIBTOOL' # Default configuration. $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" # Now print the configurations for the tags. for tagname in $taglist; do $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" done exit $? } # func_features # Display the features supported by this script. func_features () { echo "host: $host" if test "$build_libtool_libs" = yes; then echo "enable shared libraries" else echo "disable shared libraries" fi if test "$build_old_libs" = yes; then echo "enable static libraries" else echo "disable static libraries" fi exit $? } # func_enable_tag tagname # Verify that TAGNAME is valid, and either flag an error and exit, or # enable the TAGNAME tag. We also add TAGNAME to the global $taglist # variable here. func_enable_tag () { # Global variable: tagname="$1" re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" sed_extractcf="/$re_begincf/,/$re_endcf/p" # Validate tagname. case $tagname in *[!-_A-Za-z0-9,/]*) func_fatal_error "invalid tag name: $tagname" ;; esac # Don't test for the "default" C tag, as we know it's # there but not specially marked. case $tagname in CC) ;; *) if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then taglist="$taglist $tagname" # Evaluate the configuration. Be careful to quote the path # and the sed script, to avoid splitting on whitespace, but # also don't use non-portable quotes within backquotes within # quotes we have to do it in 2 steps: extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` eval "$extractedcf" else func_error "ignoring unknown tag $tagname" fi ;; esac } # func_check_version_match # Ensure that we are using m4 macros, and libtool script from the same # release of libtool. func_check_version_match () { if test "$package_revision" != "$macro_revision"; then if test "$VERSION" != "$macro_version"; then if test -z "$macro_version"; then cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from an older release. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF else cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from $PACKAGE $macro_version. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF fi else cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, $progname: but the definition of this LT_INIT comes from revision $macro_revision. $progname: You should recreate aclocal.m4 with macros from revision $package_revision $progname: of $PACKAGE $VERSION and run autoconf again. _LT_EOF fi exit $EXIT_MISMATCH fi } # Shorthand for --mode=foo, only valid as the first argument case $1 in clean|clea|cle|cl) shift; set dummy --mode clean ${1+"$@"}; shift ;; compile|compil|compi|comp|com|co|c) shift; set dummy --mode compile ${1+"$@"}; shift ;; execute|execut|execu|exec|exe|ex|e) shift; set dummy --mode execute ${1+"$@"}; shift ;; finish|finis|fini|fin|fi|f) shift; set dummy --mode finish ${1+"$@"}; shift ;; install|instal|insta|inst|ins|in|i) shift; set dummy --mode install ${1+"$@"}; shift ;; link|lin|li|l) shift; set dummy --mode link ${1+"$@"}; shift ;; uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) shift; set dummy --mode uninstall ${1+"$@"}; shift ;; esac # Option defaults: opt_debug=: opt_dry_run=false opt_config=false opt_preserve_dup_deps=false opt_features=false opt_finish=false opt_help=false opt_help_all=false opt_silent=: opt_warning=: opt_verbose=: opt_silent=false opt_verbose=false # Parse options once, thoroughly. This comes as soon as possible in the # script to make things like `--version' happen as quickly as we can. { # this just eases exit handling while test $# -gt 0; do opt="$1" shift case $opt in --debug|-x) opt_debug='set -x' func_echo "enabling shell trace mode" $opt_debug ;; --dry-run|--dryrun|-n) opt_dry_run=: ;; --config) opt_config=: func_config ;; --dlopen|-dlopen) optarg="$1" opt_dlopen="${opt_dlopen+$opt_dlopen }$optarg" shift ;; --preserve-dup-deps) opt_preserve_dup_deps=: ;; --features) opt_features=: func_features ;; --finish) opt_finish=: set dummy --mode finish ${1+"$@"}; shift ;; --help) opt_help=: ;; --help-all) opt_help_all=: opt_help=': help-all' ;; --mode) test $# = 0 && func_missing_arg $opt && break optarg="$1" opt_mode="$optarg" case $optarg in # Valid mode arguments: clean|compile|execute|finish|install|link|relink|uninstall) ;; # Catch anything else as an error *) func_error "invalid argument for $opt" exit_cmd=exit break ;; esac shift ;; --no-silent|--no-quiet) opt_silent=false func_append preserve_args " $opt" ;; --no-warning|--no-warn) opt_warning=false func_append preserve_args " $opt" ;; --no-verbose) opt_verbose=false func_append preserve_args " $opt" ;; --silent|--quiet) opt_silent=: func_append preserve_args " $opt" opt_verbose=false ;; --verbose|-v) opt_verbose=: func_append preserve_args " $opt" opt_silent=false ;; --tag) test $# = 0 && func_missing_arg $opt && break optarg="$1" opt_tag="$optarg" func_append preserve_args " $opt $optarg" func_enable_tag "$optarg" shift ;; -\?|-h) func_usage ;; --help) func_help ;; --version) func_version ;; # Separate optargs to long options: --*=*) func_split_long_opt "$opt" set dummy "$func_split_long_opt_name" "$func_split_long_opt_arg" ${1+"$@"} shift ;; # Separate non-argument short options: -\?*|-h*|-n*|-v*) func_split_short_opt "$opt" set dummy "$func_split_short_opt_name" "-$func_split_short_opt_arg" ${1+"$@"} shift ;; --) break ;; -*) func_fatal_help "unrecognized option \`$opt'" ;; *) set dummy "$opt" ${1+"$@"}; shift; break ;; esac done # Validate options: # save first non-option argument if test "$#" -gt 0; then nonopt="$opt" shift fi # preserve --debug test "$opt_debug" = : || func_append preserve_args " --debug" case $host in *cygwin* | *mingw* | *pw32* | *cegcc*) # don't eliminate duplications in $postdeps and $predeps opt_duplicate_compiler_generated_deps=: ;; *) opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps ;; esac $opt_help || { # Sanity checks first: func_check_version_match if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then func_fatal_configuration "not configured to build any kind of library" fi # Darwin sucks eval std_shrext=\"$shrext_cmds\" # Only execute mode is allowed to have -dlopen flags. if test -n "$opt_dlopen" && test "$opt_mode" != execute; then func_error "unrecognized option \`-dlopen'" $ECHO "$help" 1>&2 exit $EXIT_FAILURE fi # Change the help message to a mode-specific one. generic_help="$help" help="Try \`$progname --help --mode=$opt_mode' for more information." } # Bail if the options were screwed $exit_cmd $EXIT_FAILURE } ## ----------- ## ## Main. ## ## ----------- ## # func_lalib_p file # True iff FILE is a libtool `.la' library or `.lo' object file. # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_lalib_p () { test -f "$1" && $SED -e 4q "$1" 2>/dev/null \ | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 } # func_lalib_unsafe_p file # True iff FILE is a libtool `.la' library or `.lo' object file. # This function implements the same check as func_lalib_p without # resorting to external programs. To this end, it redirects stdin and # closes it afterwards, without saving the original file descriptor. # As a safety measure, use it only where a negative result would be # fatal anyway. Works if `file' does not exist. func_lalib_unsafe_p () { lalib_p=no if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then for lalib_p_l in 1 2 3 4 do read lalib_p_line case "$lalib_p_line" in \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; esac done exec 0<&5 5<&- fi test "$lalib_p" = yes } # func_ltwrapper_script_p file # True iff FILE is a libtool wrapper script # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_script_p () { func_lalib_p "$1" } # func_ltwrapper_executable_p file # True iff FILE is a libtool wrapper executable # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_executable_p () { func_ltwrapper_exec_suffix= case $1 in *.exe) ;; *) func_ltwrapper_exec_suffix=.exe ;; esac $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 } # func_ltwrapper_scriptname file # Assumes file is an ltwrapper_executable # uses $file to determine the appropriate filename for a # temporary ltwrapper_script. func_ltwrapper_scriptname () { func_dirname_and_basename "$1" "" "." func_stripname '' '.exe' "$func_basename_result" func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper" } # func_ltwrapper_p file # True iff FILE is a libtool wrapper script or wrapper executable # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_p () { func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" } # func_execute_cmds commands fail_cmd # Execute tilde-delimited COMMANDS. # If FAIL_CMD is given, eval that upon failure. # FAIL_CMD may read-access the current command in variable CMD! func_execute_cmds () { $opt_debug save_ifs=$IFS; IFS='~' for cmd in $1; do IFS=$save_ifs eval cmd=\"$cmd\" func_show_eval "$cmd" "${2-:}" done IFS=$save_ifs } # func_source file # Source FILE, adding directory component if necessary. # Note that it is not necessary on cygwin/mingw to append a dot to # FILE even if both FILE and FILE.exe exist: automatic-append-.exe # behavior happens only for exec(3), not for open(2)! Also, sourcing # `FILE.' does not work on cygwin managed mounts. func_source () { $opt_debug case $1 in */* | *\\*) . "$1" ;; *) . "./$1" ;; esac } # func_resolve_sysroot PATH # Replace a leading = in PATH with a sysroot. Store the result into # func_resolve_sysroot_result func_resolve_sysroot () { func_resolve_sysroot_result=$1 case $func_resolve_sysroot_result in =*) func_stripname '=' '' "$func_resolve_sysroot_result" func_resolve_sysroot_result=$lt_sysroot$func_stripname_result ;; esac } # func_replace_sysroot PATH # If PATH begins with the sysroot, replace it with = and # store the result into func_replace_sysroot_result. func_replace_sysroot () { case "$lt_sysroot:$1" in ?*:"$lt_sysroot"*) func_stripname "$lt_sysroot" '' "$1" func_replace_sysroot_result="=$func_stripname_result" ;; *) # Including no sysroot. func_replace_sysroot_result=$1 ;; esac } # func_infer_tag arg # Infer tagged configuration to use if any are available and # if one wasn't chosen via the "--tag" command line option. # Only attempt this if the compiler in the base compile # command doesn't match the default compiler. # arg is usually of the form 'gcc ...' func_infer_tag () { $opt_debug if test -n "$available_tags" && test -z "$tagname"; then CC_quoted= for arg in $CC; do func_append_quoted CC_quoted "$arg" done CC_expanded=`func_echo_all $CC` CC_quoted_expanded=`func_echo_all $CC_quoted` case $@ in # Blanks in the command may have been stripped by the calling shell, # but not from the CC environment variable when configure was run. " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; # Blanks at the start of $base_compile will cause this to fail # if we don't check for them as well. *) for z in $available_tags; do if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then # Evaluate the configuration. eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" CC_quoted= for arg in $CC; do # Double-quote args containing other shell metacharacters. func_append_quoted CC_quoted "$arg" done CC_expanded=`func_echo_all $CC` CC_quoted_expanded=`func_echo_all $CC_quoted` case "$@ " in " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) # The compiler in the base compile command matches # the one in the tagged configuration. # Assume this is the tagged configuration we want. tagname=$z break ;; esac fi done # If $tagname still isn't set, then no tagged configuration # was found and let the user know that the "--tag" command # line option must be used. if test -z "$tagname"; then func_echo "unable to infer tagged configuration" func_fatal_error "specify a tag with \`--tag'" # else # func_verbose "using $tagname tagged configuration" fi ;; esac fi } # func_write_libtool_object output_name pic_name nonpic_name # Create a libtool object file (analogous to a ".la" file), # but don't create it if we're doing a dry run. func_write_libtool_object () { write_libobj=${1} if test "$build_libtool_libs" = yes; then write_lobj=\'${2}\' else write_lobj=none fi if test "$build_old_libs" = yes; then write_oldobj=\'${3}\' else write_oldobj=none fi $opt_dry_run || { cat >${write_libobj}T </dev/null` if test "$?" -eq 0 && test -n "${func_convert_core_file_wine_to_w32_tmp}"; then func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | $SED -e "$lt_sed_naive_backslashify"` else func_convert_core_file_wine_to_w32_result= fi fi } # end: func_convert_core_file_wine_to_w32 # func_convert_core_path_wine_to_w32 ARG # Helper function used by path conversion functions when $build is *nix, and # $host is mingw, cygwin, or some other w32 environment. Relies on a correctly # configured wine environment available, with the winepath program in $build's # $PATH. Assumes ARG has no leading or trailing path separator characters. # # ARG is path to be converted from $build format to win32. # Result is available in $func_convert_core_path_wine_to_w32_result. # Unconvertible file (directory) names in ARG are skipped; if no directory names # are convertible, then the result may be empty. func_convert_core_path_wine_to_w32 () { $opt_debug # unfortunately, winepath doesn't convert paths, only file names func_convert_core_path_wine_to_w32_result="" if test -n "$1"; then oldIFS=$IFS IFS=: for func_convert_core_path_wine_to_w32_f in $1; do IFS=$oldIFS func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" if test -n "$func_convert_core_file_wine_to_w32_result" ; then if test -z "$func_convert_core_path_wine_to_w32_result"; then func_convert_core_path_wine_to_w32_result="$func_convert_core_file_wine_to_w32_result" else func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" fi fi done IFS=$oldIFS fi } # end: func_convert_core_path_wine_to_w32 # func_cygpath ARGS... # Wrapper around calling the cygpath program via LT_CYGPATH. This is used when # when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) # $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or # (2), returns the Cygwin file name or path in func_cygpath_result (input # file name or path is assumed to be in w32 format, as previously converted # from $build's *nix or MSYS format). In case (3), returns the w32 file name # or path in func_cygpath_result (input file name or path is assumed to be in # Cygwin format). Returns an empty string on error. # # ARGS are passed to cygpath, with the last one being the file name or path to # be converted. # # Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH # environment variable; do not put it in $PATH. func_cygpath () { $opt_debug if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` if test "$?" -ne 0; then # on failure, ensure result is empty func_cygpath_result= fi else func_cygpath_result= func_error "LT_CYGPATH is empty or specifies non-existent file: \`$LT_CYGPATH'" fi } #end: func_cygpath # func_convert_core_msys_to_w32 ARG # Convert file name or path ARG from MSYS format to w32 format. Return # result in func_convert_core_msys_to_w32_result. func_convert_core_msys_to_w32 () { $opt_debug # awkward: cmd appends spaces to result func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"` } #end: func_convert_core_msys_to_w32 # func_convert_file_check ARG1 ARG2 # Verify that ARG1 (a file name in $build format) was converted to $host # format in ARG2. Otherwise, emit an error message, but continue (resetting # func_to_host_file_result to ARG1). func_convert_file_check () { $opt_debug if test -z "$2" && test -n "$1" ; then func_error "Could not determine host file name corresponding to" func_error " \`$1'" func_error "Continuing, but uninstalled executables may not work." # Fallback: func_to_host_file_result="$1" fi } # end func_convert_file_check # func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH # Verify that FROM_PATH (a path in $build format) was converted to $host # format in TO_PATH. Otherwise, emit an error message, but continue, resetting # func_to_host_file_result to a simplistic fallback value (see below). func_convert_path_check () { $opt_debug if test -z "$4" && test -n "$3"; then func_error "Could not determine the host path corresponding to" func_error " \`$3'" func_error "Continuing, but uninstalled executables may not work." # Fallback. This is a deliberately simplistic "conversion" and # should not be "improved". See libtool.info. if test "x$1" != "x$2"; then lt_replace_pathsep_chars="s|$1|$2|g" func_to_host_path_result=`echo "$3" | $SED -e "$lt_replace_pathsep_chars"` else func_to_host_path_result="$3" fi fi } # end func_convert_path_check # func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG # Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT # and appending REPL if ORIG matches BACKPAT. func_convert_path_front_back_pathsep () { $opt_debug case $4 in $1 ) func_to_host_path_result="$3$func_to_host_path_result" ;; esac case $4 in $2 ) func_append func_to_host_path_result "$3" ;; esac } # end func_convert_path_front_back_pathsep ################################################## # $build to $host FILE NAME CONVERSION FUNCTIONS # ################################################## # invoked via `$to_host_file_cmd ARG' # # In each case, ARG is the path to be converted from $build to $host format. # Result will be available in $func_to_host_file_result. # func_to_host_file ARG # Converts the file name ARG from $build format to $host format. Return result # in func_to_host_file_result. func_to_host_file () { $opt_debug $to_host_file_cmd "$1" } # end func_to_host_file # func_to_tool_file ARG LAZY # converts the file name ARG from $build format to toolchain format. Return # result in func_to_tool_file_result. If the conversion in use is listed # in (the comma separated) LAZY, no conversion takes place. func_to_tool_file () { $opt_debug case ,$2, in *,"$to_tool_file_cmd",*) func_to_tool_file_result=$1 ;; *) $to_tool_file_cmd "$1" func_to_tool_file_result=$func_to_host_file_result ;; esac } # end func_to_tool_file # func_convert_file_noop ARG # Copy ARG to func_to_host_file_result. func_convert_file_noop () { func_to_host_file_result="$1" } # end func_convert_file_noop # func_convert_file_msys_to_w32 ARG # Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic # conversion to w32 is not available inside the cwrapper. Returns result in # func_to_host_file_result. func_convert_file_msys_to_w32 () { $opt_debug func_to_host_file_result="$1" if test -n "$1"; then func_convert_core_msys_to_w32 "$1" func_to_host_file_result="$func_convert_core_msys_to_w32_result" fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_msys_to_w32 # func_convert_file_cygwin_to_w32 ARG # Convert file name ARG from Cygwin to w32 format. Returns result in # func_to_host_file_result. func_convert_file_cygwin_to_w32 () { $opt_debug func_to_host_file_result="$1" if test -n "$1"; then # because $build is cygwin, we call "the" cygpath in $PATH; no need to use # LT_CYGPATH in this case. func_to_host_file_result=`cygpath -m "$1"` fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_cygwin_to_w32 # func_convert_file_nix_to_w32 ARG # Convert file name ARG from *nix to w32 format. Requires a wine environment # and a working winepath. Returns result in func_to_host_file_result. func_convert_file_nix_to_w32 () { $opt_debug func_to_host_file_result="$1" if test -n "$1"; then func_convert_core_file_wine_to_w32 "$1" func_to_host_file_result="$func_convert_core_file_wine_to_w32_result" fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_nix_to_w32 # func_convert_file_msys_to_cygwin ARG # Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. # Returns result in func_to_host_file_result. func_convert_file_msys_to_cygwin () { $opt_debug func_to_host_file_result="$1" if test -n "$1"; then func_convert_core_msys_to_w32 "$1" func_cygpath -u "$func_convert_core_msys_to_w32_result" func_to_host_file_result="$func_cygpath_result" fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_msys_to_cygwin # func_convert_file_nix_to_cygwin ARG # Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed # in a wine environment, working winepath, and LT_CYGPATH set. Returns result # in func_to_host_file_result. func_convert_file_nix_to_cygwin () { $opt_debug func_to_host_file_result="$1" if test -n "$1"; then # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. func_convert_core_file_wine_to_w32 "$1" func_cygpath -u "$func_convert_core_file_wine_to_w32_result" func_to_host_file_result="$func_cygpath_result" fi func_convert_file_check "$1" "$func_to_host_file_result" } # end func_convert_file_nix_to_cygwin ############################################# # $build to $host PATH CONVERSION FUNCTIONS # ############################################# # invoked via `$to_host_path_cmd ARG' # # In each case, ARG is the path to be converted from $build to $host format. # The result will be available in $func_to_host_path_result. # # Path separators are also converted from $build format to $host format. If # ARG begins or ends with a path separator character, it is preserved (but # converted to $host format) on output. # # All path conversion functions are named using the following convention: # file name conversion function : func_convert_file_X_to_Y () # path conversion function : func_convert_path_X_to_Y () # where, for any given $build/$host combination the 'X_to_Y' value is the # same. If conversion functions are added for new $build/$host combinations, # the two new functions must follow this pattern, or func_init_to_host_path_cmd # will break. # func_init_to_host_path_cmd # Ensures that function "pointer" variable $to_host_path_cmd is set to the # appropriate value, based on the value of $to_host_file_cmd. to_host_path_cmd= func_init_to_host_path_cmd () { $opt_debug if test -z "$to_host_path_cmd"; then func_stripname 'func_convert_file_' '' "$to_host_file_cmd" to_host_path_cmd="func_convert_path_${func_stripname_result}" fi } # func_to_host_path ARG # Converts the path ARG from $build format to $host format. Return result # in func_to_host_path_result. func_to_host_path () { $opt_debug func_init_to_host_path_cmd $to_host_path_cmd "$1" } # end func_to_host_path # func_convert_path_noop ARG # Copy ARG to func_to_host_path_result. func_convert_path_noop () { func_to_host_path_result="$1" } # end func_convert_path_noop # func_convert_path_msys_to_w32 ARG # Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic # conversion to w32 is not available inside the cwrapper. Returns result in # func_to_host_path_result. func_convert_path_msys_to_w32 () { $opt_debug func_to_host_path_result="$1" if test -n "$1"; then # Remove leading and trailing path separator characters from ARG. MSYS # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; # and winepath ignores them completely. func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" func_to_host_path_result="$func_convert_core_msys_to_w32_result" func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" fi } # end func_convert_path_msys_to_w32 # func_convert_path_cygwin_to_w32 ARG # Convert path ARG from Cygwin to w32 format. Returns result in # func_to_host_file_result. func_convert_path_cygwin_to_w32 () { $opt_debug func_to_host_path_result="$1" if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" fi } # end func_convert_path_cygwin_to_w32 # func_convert_path_nix_to_w32 ARG # Convert path ARG from *nix to w32 format. Requires a wine environment and # a working winepath. Returns result in func_to_host_file_result. func_convert_path_nix_to_w32 () { $opt_debug func_to_host_path_result="$1" if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" func_to_host_path_result="$func_convert_core_path_wine_to_w32_result" func_convert_path_check : ";" \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" fi } # end func_convert_path_nix_to_w32 # func_convert_path_msys_to_cygwin ARG # Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. # Returns result in func_to_host_file_result. func_convert_path_msys_to_cygwin () { $opt_debug func_to_host_path_result="$1" if test -n "$1"; then # See func_convert_path_msys_to_w32: func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" func_cygpath -u -p "$func_convert_core_msys_to_w32_result" func_to_host_path_result="$func_cygpath_result" func_convert_path_check : : \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" : "$1" fi } # end func_convert_path_msys_to_cygwin # func_convert_path_nix_to_cygwin ARG # Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a # a wine environment, working winepath, and LT_CYGPATH set. Returns result in # func_to_host_file_result. func_convert_path_nix_to_cygwin () { $opt_debug func_to_host_path_result="$1" if test -n "$1"; then # Remove leading and trailing path separator characters from # ARG. msys behavior is inconsistent here, cygpath turns them # into '.;' and ';.', and winepath ignores them completely. func_stripname : : "$1" func_to_host_path_tmp1=$func_stripname_result func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" func_to_host_path_result="$func_cygpath_result" func_convert_path_check : : \ "$func_to_host_path_tmp1" "$func_to_host_path_result" func_convert_path_front_back_pathsep ":*" "*:" : "$1" fi } # end func_convert_path_nix_to_cygwin # func_mode_compile arg... func_mode_compile () { $opt_debug # Get the compilation command and the source file. base_compile= srcfile="$nonopt" # always keep a non-empty value in "srcfile" suppress_opt=yes suppress_output= arg_mode=normal libobj= later= pie_flag= for arg do case $arg_mode in arg ) # do not "continue". Instead, add this to base_compile lastarg="$arg" arg_mode=normal ;; target ) libobj="$arg" arg_mode=normal continue ;; normal ) # Accept any command-line options. case $arg in -o) test -n "$libobj" && \ func_fatal_error "you cannot specify \`-o' more than once" arg_mode=target continue ;; -pie | -fpie | -fPIE) func_append pie_flag " $arg" continue ;; -shared | -static | -prefer-pic | -prefer-non-pic) func_append later " $arg" continue ;; -no-suppress) suppress_opt=no continue ;; -Xcompiler) arg_mode=arg # the next one goes into the "base_compile" arg list continue # The current "srcfile" will either be retained or ;; # replaced later. I would guess that would be a bug. -Wc,*) func_stripname '-Wc,' '' "$arg" args=$func_stripname_result lastarg= save_ifs="$IFS"; IFS=',' for arg in $args; do IFS="$save_ifs" func_append_quoted lastarg "$arg" done IFS="$save_ifs" func_stripname ' ' '' "$lastarg" lastarg=$func_stripname_result # Add the arguments to base_compile. func_append base_compile " $lastarg" continue ;; *) # Accept the current argument as the source file. # The previous "srcfile" becomes the current argument. # lastarg="$srcfile" srcfile="$arg" ;; esac # case $arg ;; esac # case $arg_mode # Aesthetically quote the previous argument. func_append_quoted base_compile "$lastarg" done # for arg case $arg_mode in arg) func_fatal_error "you must specify an argument for -Xcompile" ;; target) func_fatal_error "you must specify a target with \`-o'" ;; *) # Get the name of the library object. test -z "$libobj" && { func_basename "$srcfile" libobj="$func_basename_result" } ;; esac # Recognize several different file suffixes. # If the user specifies -o file.o, it is replaced with file.lo case $libobj in *.[cCFSifmso] | \ *.ada | *.adb | *.ads | *.asm | \ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) func_xform "$libobj" libobj=$func_xform_result ;; esac case $libobj in *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; *) func_fatal_error "cannot determine name of library object from \`$libobj'" ;; esac func_infer_tag $base_compile for arg in $later; do case $arg in -shared) test "$build_libtool_libs" != yes && \ func_fatal_configuration "can not build a shared library" build_old_libs=no continue ;; -static) build_libtool_libs=no build_old_libs=yes continue ;; -prefer-pic) pic_mode=yes continue ;; -prefer-non-pic) pic_mode=no continue ;; esac done func_quote_for_eval "$libobj" test "X$libobj" != "X$func_quote_for_eval_result" \ && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ && func_warning "libobj name \`$libobj' may not contain shell special characters." func_dirname_and_basename "$obj" "/" "" objname="$func_basename_result" xdir="$func_dirname_result" lobj=${xdir}$objdir/$objname test -z "$base_compile" && \ func_fatal_help "you must specify a compilation command" # Delete any leftover library objects. if test "$build_old_libs" = yes; then removelist="$obj $lobj $libobj ${libobj}T" else removelist="$lobj $libobj ${libobj}T" fi # On Cygwin there's no "real" PIC flag so we must build both object types case $host_os in cygwin* | mingw* | pw32* | os2* | cegcc*) pic_mode=default ;; esac if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then # non-PIC code in shared libraries is not supported pic_mode=default fi # Calculate the filename of the output object if compiler does # not support -o with -c if test "$compiler_c_o" = no; then output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.${objext} lockfile="$output_obj.lock" else output_obj= need_locks=no lockfile= fi # Lock this critical section if it is needed # We use this script file to make the link, it avoids creating a new file if test "$need_locks" = yes; then until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" sleep 2 done elif test "$need_locks" = warn; then if test -f "$lockfile"; then $ECHO "\ *** ERROR, $lockfile exists and contains: `cat $lockfile 2>/dev/null` This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi func_append removelist " $output_obj" $ECHO "$srcfile" > "$lockfile" fi $opt_dry_run || $RM $removelist func_append removelist " $lockfile" trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 srcfile=$func_to_tool_file_result func_quote_for_eval "$srcfile" qsrcfile=$func_quote_for_eval_result # Only build a PIC object if we are building libtool libraries. if test "$build_libtool_libs" = yes; then # Without this assignment, base_compile gets emptied. fbsd_hideous_sh_bug=$base_compile if test "$pic_mode" != no; then command="$base_compile $qsrcfile $pic_flag" else # Don't build PIC code command="$base_compile $qsrcfile" fi func_mkdir_p "$xdir$objdir" if test -z "$output_obj"; then # Place PIC objects in $objdir func_append command " -o $lobj" fi func_show_eval_locale "$command" \ 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' if test "$need_locks" = warn && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi # Just move the object if needed, then go on to compile the next one if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then func_show_eval '$MV "$output_obj" "$lobj"' \ 'error=$?; $opt_dry_run || $RM $removelist; exit $error' fi # Allow error messages only from the first compilation. if test "$suppress_opt" = yes; then suppress_output=' >/dev/null 2>&1' fi fi # Only build a position-dependent object if we build old libraries. if test "$build_old_libs" = yes; then if test "$pic_mode" != yes; then # Don't build PIC code command="$base_compile $qsrcfile$pie_flag" else command="$base_compile $qsrcfile $pic_flag" fi if test "$compiler_c_o" = yes; then func_append command " -o $obj" fi # Suppress compiler output if we already did a PIC compilation. func_append command "$suppress_output" func_show_eval_locale "$command" \ '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' if test "$need_locks" = warn && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi # Just move the object if needed if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then func_show_eval '$MV "$output_obj" "$obj"' \ 'error=$?; $opt_dry_run || $RM $removelist; exit $error' fi fi $opt_dry_run || { func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" # Unlock the critical section if it was locked if test "$need_locks" != no; then removelist=$lockfile $RM "$lockfile" fi } exit $EXIT_SUCCESS } $opt_help || { test "$opt_mode" = compile && func_mode_compile ${1+"$@"} } func_mode_help () { # We need to display help for each of the modes. case $opt_mode in "") # Generic help is extracted from the usage comments # at the start of this file. func_help ;; clean) $ECHO \ "Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... Remove files from the build directory. RM is the name of the program to use to delete files associated with each FILE (typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed to RM. If FILE is a libtool library, object or program, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; compile) $ECHO \ "Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE Compile a source file into a libtool library object. This mode accepts the following additional options: -o OUTPUT-FILE set the output file name to OUTPUT-FILE -no-suppress do not suppress compiler output for multiple passes -prefer-pic try to build PIC objects only -prefer-non-pic try to build non-PIC objects only -shared do not build a \`.o' file suitable for static linking -static only build a \`.o' file suitable for static linking -Wc,FLAG pass FLAG directly to the compiler COMPILE-COMMAND is a command to be used in creating a \`standard' object file from the given SOURCEFILE. The output file name is determined by removing the directory component from SOURCEFILE, then substituting the C source code suffix \`.c' with the library object suffix, \`.lo'." ;; execute) $ECHO \ "Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... Automatically set library path, then run a program. This mode accepts the following additional options: -dlopen FILE add the directory containing FILE to the library path This mode sets the library path environment variable according to \`-dlopen' flags. If any of the ARGS are libtool executable wrappers, then they are translated into their corresponding uninstalled binary, and any of their required library directories are added to the library path. Then, COMMAND is executed, with ARGS as arguments." ;; finish) $ECHO \ "Usage: $progname [OPTION]... --mode=finish [LIBDIR]... Complete the installation of libtool libraries. Each LIBDIR is a directory that contains libtool libraries. The commands that this mode executes may require superuser privileges. Use the \`--dry-run' option if you just want to see what would be executed." ;; install) $ECHO \ "Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... Install executables or libraries. INSTALL-COMMAND is the installation command. The first component should be either the \`install' or \`cp' program. The following components of INSTALL-COMMAND are treated specially: -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation The rest of the components are interpreted as arguments to that command (only BSD-compatible install options are recognized)." ;; link) $ECHO \ "Usage: $progname [OPTION]... --mode=link LINK-COMMAND... Link object files or libraries together to form another library, or to create an executable program. LINK-COMMAND is a command using the C compiler that you would use to create a program from several object files. The following components of LINK-COMMAND are treated specially: -all-static do not do any dynamic linking at all -avoid-version do not add a version suffix if possible -bindir BINDIR specify path to binaries directory (for systems where libraries must be found in the PATH setting at runtime) -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE try to export only the symbols listed in SYMFILE -export-symbols-regex REGEX try to export only the symbols matching REGEX -LLIBDIR search LIBDIR for required installed libraries -lNAME OUTPUT-FILE requires the installed library libNAME -module build a library that can dlopened -no-fast-install disable the fast-install mode -no-install link a not-installable executable -no-undefined declare that a library does not refer to external symbols -o OUTPUT-FILE create OUTPUT-FILE from the specified objects -objectlist FILE Use a list of object files found in FILE to specify objects -precious-files-regex REGEX don't remove output files matching REGEX -release RELEASE specify package release information -rpath LIBDIR the created library will eventually be installed in LIBDIR -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries -shared only do dynamic linking of libtool libraries -shrext SUFFIX override the standard shared library file extension -static do not do any dynamic linking of uninstalled libtool libraries -static-libtool-libs do not do any dynamic linking of libtool libraries -version-info CURRENT[:REVISION[:AGE]] specify library version info [each variable defaults to 0] -weak LIBNAME declare that the target provides the LIBNAME interface -Wc,FLAG -Xcompiler FLAG pass linker-specific FLAG directly to the compiler -Wl,FLAG -Xlinker FLAG pass linker-specific FLAG directly to the linker -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) All other options (arguments beginning with \`-') are ignored. Every other argument is treated as a filename. Files ending in \`.la' are treated as uninstalled libtool libraries, other files are standard or library object files. If the OUTPUT-FILE ends in \`.la', then a libtool library is created, only library objects (\`.lo' files) may be specified, and \`-rpath' is required, except when creating a convenience library. If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created using \`ar' and \`ranlib', or on Windows using \`lib'. If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file is created, otherwise an executable program is created." ;; uninstall) $ECHO \ "Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... Remove libraries from an installation directory. RM is the name of the program to use to delete files associated with each FILE (typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed to RM. If FILE is a libtool library, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; *) func_fatal_help "invalid operation mode \`$opt_mode'" ;; esac echo $ECHO "Try \`$progname --help' for more information about other modes." } # Now that we've collected a possible --mode arg, show help if necessary if $opt_help; then if test "$opt_help" = :; then func_mode_help else { func_help noexit for opt_mode in compile link execute install finish uninstall clean; do func_mode_help done } | sed -n '1p; 2,$s/^Usage:/ or: /p' { func_help noexit for opt_mode in compile link execute install finish uninstall clean; do echo func_mode_help done } | sed '1d /^When reporting/,/^Report/{ H d } $x /information about other modes/d /more detailed .*MODE/d s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' fi exit $? fi # func_mode_execute arg... func_mode_execute () { $opt_debug # The first argument is the command name. cmd="$nonopt" test -z "$cmd" && \ func_fatal_help "you must specify a COMMAND" # Handle -dlopen flags immediately. for file in $opt_dlopen; do test -f "$file" \ || func_fatal_help "\`$file' is not a file" dir= case $file in *.la) func_resolve_sysroot "$file" file=$func_resolve_sysroot_result # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ || func_fatal_help "\`$lib' is not a valid libtool archive" # Read the libtool library. dlname= library_names= func_source "$file" # Skip this library if it cannot be dlopened. if test -z "$dlname"; then # Warn if it was a shared library. test -n "$library_names" && \ func_warning "\`$file' was not linked with \`-export-dynamic'" continue fi func_dirname "$file" "" "." dir="$func_dirname_result" if test -f "$dir/$objdir/$dlname"; then func_append dir "/$objdir" else if test ! -f "$dir/$dlname"; then func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" fi fi ;; *.lo) # Just add the directory containing the .lo file. func_dirname "$file" "" "." dir="$func_dirname_result" ;; *) func_warning "\`-dlopen' is ignored for non-libtool libraries and objects" continue ;; esac # Get the absolute pathname. absdir=`cd "$dir" && pwd` test -n "$absdir" && dir="$absdir" # Now add the directory to shlibpath_var. if eval "test -z \"\$$shlibpath_var\""; then eval "$shlibpath_var=\"\$dir\"" else eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" fi done # This variable tells wrapper scripts just to set shlibpath_var # rather than running their programs. libtool_execute_magic="$magic" # Check if any of the arguments is a wrapper script. args= for file do case $file in -* | *.la | *.lo ) ;; *) # Do a test to see if this is really a libtool program. if func_ltwrapper_script_p "$file"; then func_source "$file" # Transform arg to wrapped name. file="$progdir/$program" elif func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" func_source "$func_ltwrapper_scriptname_result" # Transform arg to wrapped name. file="$progdir/$program" fi ;; esac # Quote arguments (to preserve shell metacharacters). func_append_quoted args "$file" done if test "X$opt_dry_run" = Xfalse; then if test -n "$shlibpath_var"; then # Export the shlibpath_var. eval "export $shlibpath_var" fi # Restore saved environment variables for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do eval "if test \"\${save_$lt_var+set}\" = set; then $lt_var=\$save_$lt_var; export $lt_var else $lt_unset $lt_var fi" done # Now prepare to actually exec the command. exec_cmd="\$cmd$args" else # Display what would be done. if test -n "$shlibpath_var"; then eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" echo "export $shlibpath_var" fi $ECHO "$cmd$args" exit $EXIT_SUCCESS fi } test "$opt_mode" = execute && func_mode_execute ${1+"$@"} # func_mode_finish arg... func_mode_finish () { $opt_debug libs= libdirs= admincmds= for opt in "$nonopt" ${1+"$@"} do if test -d "$opt"; then func_append libdirs " $opt" elif test -f "$opt"; then if func_lalib_unsafe_p "$opt"; then func_append libs " $opt" else func_warning "\`$opt' is not a valid libtool archive" fi else func_fatal_error "invalid argument \`$opt'" fi done if test -n "$libs"; then if test -n "$lt_sysroot"; then sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" else sysroot_cmd= fi # Remove sysroot references if $opt_dry_run; then for lib in $libs; do echo "removing references to $lt_sysroot and \`=' prefixes from $lib" done else tmpdir=`func_mktempdir` for lib in $libs; do sed -e "${sysroot_cmd} s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ > $tmpdir/tmp-la mv -f $tmpdir/tmp-la $lib done ${RM}r "$tmpdir" fi fi if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then for libdir in $libdirs; do if test -n "$finish_cmds"; then # Do each command in the finish commands. func_execute_cmds "$finish_cmds" 'admincmds="$admincmds '"$cmd"'"' fi if test -n "$finish_eval"; then # Do the single finish_eval. eval cmds=\"$finish_eval\" $opt_dry_run || eval "$cmds" || func_append admincmds " $cmds" fi done fi # Exit here if they wanted silent mode. $opt_silent && exit $EXIT_SUCCESS if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then echo "----------------------------------------------------------------------" echo "Libraries have been installed in:" for libdir in $libdirs; do $ECHO " $libdir" done echo echo "If you ever happen to want to link against installed libraries" echo "in a given directory, LIBDIR, you must either use libtool, and" echo "specify the full pathname of the library, or use the \`-LLIBDIR'" echo "flag during linking and do at least one of the following:" if test -n "$shlibpath_var"; then echo " - add LIBDIR to the \`$shlibpath_var' environment variable" echo " during execution" fi if test -n "$runpath_var"; then echo " - add LIBDIR to the \`$runpath_var' environment variable" echo " during linking" fi if test -n "$hardcode_libdir_flag_spec"; then libdir=LIBDIR eval flag=\"$hardcode_libdir_flag_spec\" $ECHO " - use the \`$flag' linker flag" fi if test -n "$admincmds"; then $ECHO " - have your system administrator run these commands:$admincmds" fi if test -f /etc/ld.so.conf; then echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" fi echo echo "See any operating system documentation about shared libraries for" case $host in solaris2.[6789]|solaris2.1[0-9]) echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" echo "pages." ;; *) echo "more information, such as the ld(1) and ld.so(8) manual pages." ;; esac echo "----------------------------------------------------------------------" fi exit $EXIT_SUCCESS } test "$opt_mode" = finish && func_mode_finish ${1+"$@"} # func_mode_install arg... func_mode_install () { $opt_debug # There may be an optional sh(1) argument at the beginning of # install_prog (especially on Windows NT). if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || # Allow the use of GNU shtool's install command. case $nonopt in *shtool*) :;; *) false;; esac; then # Aesthetically quote it. func_quote_for_eval "$nonopt" install_prog="$func_quote_for_eval_result " arg=$1 shift else install_prog= arg=$nonopt fi # The real first argument should be the name of the installation program. # Aesthetically quote it. func_quote_for_eval "$arg" func_append install_prog "$func_quote_for_eval_result" install_shared_prog=$install_prog case " $install_prog " in *[\\\ /]cp\ *) install_cp=: ;; *) install_cp=false ;; esac # We need to accept at least all the BSD install flags. dest= files= opts= prev= install_type= isdir=no stripme= no_mode=: for arg do arg2= if test -n "$dest"; then func_append files " $dest" dest=$arg continue fi case $arg in -d) isdir=yes ;; -f) if $install_cp; then :; else prev=$arg fi ;; -g | -m | -o) prev=$arg ;; -s) stripme=" -s" continue ;; -*) ;; *) # If the previous option needed an argument, then skip it. if test -n "$prev"; then if test "x$prev" = x-m && test -n "$install_override_mode"; then arg2=$install_override_mode no_mode=false fi prev= else dest=$arg continue fi ;; esac # Aesthetically quote the argument. func_quote_for_eval "$arg" func_append install_prog " $func_quote_for_eval_result" if test -n "$arg2"; then func_quote_for_eval "$arg2" fi func_append install_shared_prog " $func_quote_for_eval_result" done test -z "$install_prog" && \ func_fatal_help "you must specify an install program" test -n "$prev" && \ func_fatal_help "the \`$prev' option requires an argument" if test -n "$install_override_mode" && $no_mode; then if $install_cp; then :; else func_quote_for_eval "$install_override_mode" func_append install_shared_prog " -m $func_quote_for_eval_result" fi fi if test -z "$files"; then if test -z "$dest"; then func_fatal_help "no file or destination specified" else func_fatal_help "you must specify a destination" fi fi # Strip any trailing slash from the destination. func_stripname '' '/' "$dest" dest=$func_stripname_result # Check to see that the destination is a directory. test -d "$dest" && isdir=yes if test "$isdir" = yes; then destdir="$dest" destname= else func_dirname_and_basename "$dest" "" "." destdir="$func_dirname_result" destname="$func_basename_result" # Not a directory, so check to see that there is only one file specified. set dummy $files; shift test "$#" -gt 1 && \ func_fatal_help "\`$dest' is not a directory" fi case $destdir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) for file in $files; do case $file in *.lo) ;; *) func_fatal_help "\`$destdir' must be an absolute directory name" ;; esac done ;; esac # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic="$magic" staticlibs= future_libdirs= current_libdirs= for file in $files; do # Do each installation. case $file in *.$libext) # Do the static libraries later. func_append staticlibs " $file" ;; *.la) func_resolve_sysroot "$file" file=$func_resolve_sysroot_result # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ || func_fatal_help "\`$file' is not a valid libtool archive" library_names= old_library= relink_command= func_source "$file" # Add the libdir to current_libdirs if it is the destination. if test "X$destdir" = "X$libdir"; then case "$current_libdirs " in *" $libdir "*) ;; *) func_append current_libdirs " $libdir" ;; esac else # Note the libdir as a future libdir. case "$future_libdirs " in *" $libdir "*) ;; *) func_append future_libdirs " $libdir" ;; esac fi func_dirname "$file" "/" "" dir="$func_dirname_result" func_append dir "$objdir" if test -n "$relink_command"; then # Determine the prefix the user has applied to our future dir. inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` # Don't allow the user to place us outside of our expected # location b/c this prevents finding dependent libraries that # are installed to the same prefix. # At present, this check doesn't affect windows .dll's that # are installed into $libdir/../bin (currently, that works fine) # but it's something to keep an eye on. test "$inst_prefix_dir" = "$destdir" && \ func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir" if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` else relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` fi func_warning "relinking \`$file'" func_show_eval "$relink_command" \ 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"' fi # See the names of the shared library. set dummy $library_names; shift if test -n "$1"; then realname="$1" shift srcname="$realname" test -n "$relink_command" && srcname="$realname"T # Install the shared library and build the symlinks. func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ 'exit $?' tstripme="$stripme" case $host_os in cygwin* | mingw* | pw32* | cegcc*) case $realname in *.dll.a) tstripme="" ;; esac ;; esac if test -n "$tstripme" && test -n "$striplib"; then func_show_eval "$striplib $destdir/$realname" 'exit $?' fi if test "$#" -gt 0; then # Delete the old symlinks, and create new ones. # Try `ln -sf' first, because the `ln' binary might depend on # the symlink we replace! Solaris /bin/ln does not understand -f, # so we also need to try rm && ln -s. for linkname do test "$linkname" != "$realname" \ && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" done fi # Do each command in the postinstall commands. lib="$destdir/$realname" func_execute_cmds "$postinstall_cmds" 'exit $?' fi # Install the pseudo-library for information purposes. func_basename "$file" name="$func_basename_result" instname="$dir/$name"i func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' # Maybe install the static library, too. test -n "$old_library" && func_append staticlibs " $dir/$old_library" ;; *.lo) # Install (i.e. copy) a libtool object. # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile="$destdir/$destname" else func_basename "$file" destfile="$func_basename_result" destfile="$destdir/$destfile" fi # Deduce the name of the destination old-style object file. case $destfile in *.lo) func_lo2o "$destfile" staticdest=$func_lo2o_result ;; *.$objext) staticdest="$destfile" destfile= ;; *) func_fatal_help "cannot copy a libtool object to \`$destfile'" ;; esac # Install the libtool object if requested. test -n "$destfile" && \ func_show_eval "$install_prog $file $destfile" 'exit $?' # Install the old object if enabled. if test "$build_old_libs" = yes; then # Deduce the name of the old-style object file. func_lo2o "$file" staticobj=$func_lo2o_result func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' fi exit $EXIT_SUCCESS ;; *) # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile="$destdir/$destname" else func_basename "$file" destfile="$func_basename_result" destfile="$destdir/$destfile" fi # If the file is missing, and there is a .exe on the end, strip it # because it is most likely a libtool script we actually want to # install stripped_ext="" case $file in *.exe) if test ! -f "$file"; then func_stripname '' '.exe' "$file" file=$func_stripname_result stripped_ext=".exe" fi ;; esac # Do a test to see if this is really a libtool program. case $host in *cygwin* | *mingw*) if func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" wrapper=$func_ltwrapper_scriptname_result else func_stripname '' '.exe' "$file" wrapper=$func_stripname_result fi ;; *) wrapper=$file ;; esac if func_ltwrapper_script_p "$wrapper"; then notinst_deplibs= relink_command= func_source "$wrapper" # Check the variables that should have been set. test -z "$generated_by_libtool_version" && \ func_fatal_error "invalid libtool wrapper script \`$wrapper'" finalize=yes for lib in $notinst_deplibs; do # Check to see that each library is installed. libdir= if test -f "$lib"; then func_source "$lib" fi libfile="$libdir/"`$ECHO "$lib" | $SED 's%^.*/%%g'` ### testsuite: skip nested quoting test if test -n "$libdir" && test ! -f "$libfile"; then func_warning "\`$lib' has not been installed in \`$libdir'" finalize=no fi done relink_command= func_source "$wrapper" outputname= if test "$fast_install" = no && test -n "$relink_command"; then $opt_dry_run || { if test "$finalize" = yes; then tmpdir=`func_mktempdir` func_basename "$file$stripped_ext" file="$func_basename_result" outputname="$tmpdir/$file" # Replace the output file specification. relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` $opt_silent || { func_quote_for_expand "$relink_command" eval "func_echo $func_quote_for_expand_result" } if eval "$relink_command"; then : else func_error "error: relink \`$file' with the above command before installing it" $opt_dry_run || ${RM}r "$tmpdir" continue fi file="$outputname" else func_warning "cannot relink \`$file'" fi } else # Install the binary that we compiled earlier. file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` fi fi # remove .exe since cygwin /usr/bin/install will append another # one anyway case $install_prog,$host in */usr/bin/install*,*cygwin*) case $file:$destfile in *.exe:*.exe) # this is ok ;; *.exe:*) destfile=$destfile.exe ;; *:*.exe) func_stripname '' '.exe' "$destfile" destfile=$func_stripname_result ;; esac ;; esac func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' $opt_dry_run || if test -n "$outputname"; then ${RM}r "$tmpdir" fi ;; esac done for file in $staticlibs; do func_basename "$file" name="$func_basename_result" # Set up the ranlib parameters. oldlib="$destdir/$name" func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 tool_oldlib=$func_to_tool_file_result func_show_eval "$install_prog \$file \$oldlib" 'exit $?' if test -n "$stripme" && test -n "$old_striplib"; then func_show_eval "$old_striplib $tool_oldlib" 'exit $?' fi # Do each command in the postinstall commands. func_execute_cmds "$old_postinstall_cmds" 'exit $?' done test -n "$future_libdirs" && \ func_warning "remember to run \`$progname --finish$future_libdirs'" if test -n "$current_libdirs"; then # Maybe just do a dry run. $opt_dry_run && current_libdirs=" -n$current_libdirs" exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs' else exit $EXIT_SUCCESS fi } test "$opt_mode" = install && func_mode_install ${1+"$@"} # func_generate_dlsyms outputname originator pic_p # Extract symbols from dlprefiles and create ${outputname}S.o with # a dlpreopen symbol table. func_generate_dlsyms () { $opt_debug my_outputname="$1" my_originator="$2" my_pic_p="${3-no}" my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'` my_dlsyms= if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then if test -n "$NM" && test -n "$global_symbol_pipe"; then my_dlsyms="${my_outputname}S.c" else func_error "not configured to extract global symbols from dlpreopened files" fi fi if test -n "$my_dlsyms"; then case $my_dlsyms in "") ;; *.c) # Discover the nlist of each of the dlfiles. nlist="$output_objdir/${my_outputname}.nm" func_show_eval "$RM $nlist ${nlist}S ${nlist}T" # Parse the name list into a source file. func_verbose "creating $output_objdir/$my_dlsyms" $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ /* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */ /* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */ #ifdef __cplusplus extern \"C\" { #endif #if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) #pragma GCC diagnostic ignored \"-Wstrict-prototypes\" #endif /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ #if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) /* DATA imports from DLLs on WIN32 con't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST #elif defined(__osf__) /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else # define LT_DLSYM_CONST const #endif /* External symbol declarations for the compiler. */\ " if test "$dlself" = yes; then func_verbose "generating symbol list for \`$output'" $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" # Add our own program objects to the symbol list. progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` for progfile in $progfiles; do func_to_tool_file "$progfile" func_convert_file_msys_to_w32 func_verbose "extracting global C symbols from \`$func_to_tool_file_result'" $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" done if test -n "$exclude_expsyms"; then $opt_dry_run || { eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' } fi if test -n "$export_symbols_regex"; then $opt_dry_run || { eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' } fi # Prepare the list of exported symbols if test -z "$export_symbols"; then export_symbols="$output_objdir/$outputname.exp" $opt_dry_run || { $RM $export_symbols eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' case $host in *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' ;; esac } else $opt_dry_run || { eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' case $host in *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' ;; esac } fi fi for dlprefile in $dlprefiles; do func_verbose "extracting global C symbols from \`$dlprefile'" func_basename "$dlprefile" name="$func_basename_result" case $host in *cygwin* | *mingw* | *cegcc* ) # if an import library, we need to obtain dlname if func_win32_import_lib_p "$dlprefile"; then func_tr_sh "$dlprefile" eval "curr_lafile=\$libfile_$func_tr_sh_result" dlprefile_dlbasename="" if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then # Use subshell, to avoid clobbering current variable values dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` if test -n "$dlprefile_dlname" ; then func_basename "$dlprefile_dlname" dlprefile_dlbasename="$func_basename_result" else # no lafile. user explicitly requested -dlpreopen . $sharedlib_from_linklib_cmd "$dlprefile" dlprefile_dlbasename=$sharedlib_from_linklib_result fi fi $opt_dry_run || { if test -n "$dlprefile_dlbasename" ; then eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' else func_warning "Could not compute DLL name from $name" eval '$ECHO ": $name " >> "$nlist"' fi func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" } else # not an import lib $opt_dry_run || { eval '$ECHO ": $name " >> "$nlist"' func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" } fi ;; *) $opt_dry_run || { eval '$ECHO ": $name " >> "$nlist"' func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" } ;; esac done $opt_dry_run || { # Make sure we have at least an empty file. test -f "$nlist" || : > "$nlist" if test -n "$exclude_expsyms"; then $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T $MV "$nlist"T "$nlist" fi # Try sorting and uniquifying the output. if $GREP -v "^: " < "$nlist" | if sort -k 3 /dev/null 2>&1; then sort -k 3 else sort +2 fi | uniq > "$nlist"S; then : else $GREP -v "^: " < "$nlist" > "$nlist"S fi if test -f "$nlist"S; then eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' else echo '/* NONE */' >> "$output_objdir/$my_dlsyms" fi echo >> "$output_objdir/$my_dlsyms" "\ /* The mapping between symbol names and symbols. */ typedef struct { const char *name; void *address; } lt_dlsymlist; extern LT_DLSYM_CONST lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[]; LT_DLSYM_CONST lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[] = {\ { \"$my_originator\", (void *) 0 }," case $need_lib_prefix in no) eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; *) eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; esac echo >> "$output_objdir/$my_dlsyms" "\ {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt_${my_prefix}_LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif\ " } # !$opt_dry_run pic_flag_for_symtable= case "$compile_command " in *" -static "*) ;; *) case $host in # compiling the symbol table file with pic_flag works around # a FreeBSD bug that causes programs to crash when -lm is # linked before any other PIC object. But we must not use # pic_flag when linking with -static. The problem exists in # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; *-*-hpux*) pic_flag_for_symtable=" $pic_flag" ;; *) if test "X$my_pic_p" != Xno; then pic_flag_for_symtable=" $pic_flag" fi ;; esac ;; esac symtab_cflags= for arg in $LTCFLAGS; do case $arg in -pie | -fpie | -fPIE) ;; *) func_append symtab_cflags " $arg" ;; esac done # Now compile the dynamic symbol file. func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' # Clean up the generated files. func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"' # Transform the symbol file into the correct name. symfileobj="$output_objdir/${my_outputname}S.$objext" case $host in *cygwin* | *mingw* | *cegcc* ) if test -f "$output_objdir/$my_outputname.def"; then compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` else compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` fi ;; *) compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` ;; esac ;; *) func_fatal_error "unknown suffix for \`$my_dlsyms'" ;; esac else # We keep going just in case the user didn't refer to # lt_preloaded_symbols. The linker will fail if global_symbol_pipe # really was required. # Nullify the symbol file. compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` fi } # func_win32_libid arg # return the library type of file 'arg' # # Need a lot of goo to handle *both* DLLs and import libs # Has to be a shell function in order to 'eat' the argument # that is supplied when $file_magic_command is called. # Despite the name, also deal with 64 bit binaries. func_win32_libid () { $opt_debug win32_libid_type="unknown" win32_fileres=`file -L $1 2>/dev/null` case $win32_fileres in *ar\ archive\ import\ library*) # definitely import win32_libid_type="x86 archive import" ;; *ar\ archive*) # could be an import, or static # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then func_to_tool_file "$1" func_convert_file_msys_to_w32 win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | $SED -n -e ' 1,100{ / I /{ s,.*,import, p q } }'` case $win32_nmres in import*) win32_libid_type="x86 archive import";; *) win32_libid_type="x86 archive static";; esac fi ;; *DLL*) win32_libid_type="x86 DLL" ;; *executable*) # but shell scripts are "executable" too... case $win32_fileres in *MS\ Windows\ PE\ Intel*) win32_libid_type="x86 DLL" ;; esac ;; esac $ECHO "$win32_libid_type" } # func_cygming_dll_for_implib ARG # # Platform-specific function to extract the # name of the DLL associated with the specified # import library ARG. # Invoked by eval'ing the libtool variable # $sharedlib_from_linklib_cmd # Result is available in the variable # $sharedlib_from_linklib_result func_cygming_dll_for_implib () { $opt_debug sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` } # func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs # # The is the core of a fallback implementation of a # platform-specific function to extract the name of the # DLL associated with the specified import library LIBNAME. # # SECTION_NAME is either .idata$6 or .idata$7, depending # on the platform and compiler that created the implib. # # Echos the name of the DLL associated with the # specified import library. func_cygming_dll_for_implib_fallback_core () { $opt_debug match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` $OBJDUMP -s --section "$1" "$2" 2>/dev/null | $SED '/^Contents of section '"$match_literal"':/{ # Place marker at beginning of archive member dllname section s/.*/====MARK====/ p d } # These lines can sometimes be longer than 43 characters, but # are always uninteresting /:[ ]*file format pe[i]\{,1\}-/d /^In archive [^:]*:/d # Ensure marker is printed /^====MARK====/p # Remove all lines with less than 43 characters /^.\{43\}/!d # From remaining lines, remove first 43 characters s/^.\{43\}//' | $SED -n ' # Join marker and all lines until next marker into a single line /^====MARK====/ b para H $ b para b :para x s/\n//g # Remove the marker s/^====MARK====// # Remove trailing dots and whitespace s/[\. \t]*$// # Print /./p' | # we now have a list, one entry per line, of the stringified # contents of the appropriate section of all members of the # archive which possess that section. Heuristic: eliminate # all those which have a first or second character that is # a '.' (that is, objdump's representation of an unprintable # character.) This should work for all archives with less than # 0x302f exports -- but will fail for DLLs whose name actually # begins with a literal '.' or a single character followed by # a '.'. # # Of those that remain, print the first one. $SED -e '/^\./d;/^.\./d;q' } # func_cygming_gnu_implib_p ARG # This predicate returns with zero status (TRUE) if # ARG is a GNU/binutils-style import library. Returns # with nonzero status (FALSE) otherwise. func_cygming_gnu_implib_p () { $opt_debug func_to_tool_file "$1" func_convert_file_msys_to_w32 func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` test -n "$func_cygming_gnu_implib_tmp" } # func_cygming_ms_implib_p ARG # This predicate returns with zero status (TRUE) if # ARG is an MS-style import library. Returns # with nonzero status (FALSE) otherwise. func_cygming_ms_implib_p () { $opt_debug func_to_tool_file "$1" func_convert_file_msys_to_w32 func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` test -n "$func_cygming_ms_implib_tmp" } # func_cygming_dll_for_implib_fallback ARG # Platform-specific function to extract the # name of the DLL associated with the specified # import library ARG. # # This fallback implementation is for use when $DLLTOOL # does not support the --identify-strict option. # Invoked by eval'ing the libtool variable # $sharedlib_from_linklib_cmd # Result is available in the variable # $sharedlib_from_linklib_result func_cygming_dll_for_implib_fallback () { $opt_debug if func_cygming_gnu_implib_p "$1" ; then # binutils import library sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` elif func_cygming_ms_implib_p "$1" ; then # ms-generated import library sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` else # unknown sharedlib_from_linklib_result="" fi } # func_extract_an_archive dir oldlib func_extract_an_archive () { $opt_debug f_ex_an_ar_dir="$1"; shift f_ex_an_ar_oldlib="$1" if test "$lock_old_archive_extraction" = yes; then lockfile=$f_ex_an_ar_oldlib.lock until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" sleep 2 done fi func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ 'stat=$?; rm -f "$lockfile"; exit $stat' if test "$lock_old_archive_extraction" = yes; then $opt_dry_run || rm -f "$lockfile" fi if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then : else func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" fi } # func_extract_archives gentop oldlib ... func_extract_archives () { $opt_debug my_gentop="$1"; shift my_oldlibs=${1+"$@"} my_oldobjs="" my_xlib="" my_xabs="" my_xdir="" for my_xlib in $my_oldlibs; do # Extract the objects. case $my_xlib in [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; *) my_xabs=`pwd`"/$my_xlib" ;; esac func_basename "$my_xlib" my_xlib="$func_basename_result" my_xlib_u=$my_xlib while :; do case " $extracted_archives " in *" $my_xlib_u "*) func_arith $extracted_serial + 1 extracted_serial=$func_arith_result my_xlib_u=lt$extracted_serial-$my_xlib ;; *) break ;; esac done extracted_archives="$extracted_archives $my_xlib_u" my_xdir="$my_gentop/$my_xlib_u" func_mkdir_p "$my_xdir" case $host in *-darwin*) func_verbose "Extracting $my_xabs" # Do not bother doing anything if just a dry run $opt_dry_run || { darwin_orig_dir=`pwd` cd $my_xdir || exit $? darwin_archive=$my_xabs darwin_curdir=`pwd` darwin_base_archive=`basename "$darwin_archive"` darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` if test -n "$darwin_arches"; then darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` darwin_arch= func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" for darwin_arch in $darwin_arches ; do func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}" $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" func_extract_an_archive "`pwd`" "${darwin_base_archive}" cd "$darwin_curdir" $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" done # $darwin_arches ## Okay now we've a bunch of thin objects, gotta fatten them up :) darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u` darwin_file= darwin_files= for darwin_file in $darwin_filelist; do darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` $LIPO -create -output "$darwin_file" $darwin_files done # $darwin_filelist $RM -rf unfat-$$ cd "$darwin_orig_dir" else cd $darwin_orig_dir func_extract_an_archive "$my_xdir" "$my_xabs" fi # $darwin_arches } # !$opt_dry_run ;; *) func_extract_an_archive "$my_xdir" "$my_xabs" ;; esac my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` done func_extract_archives_result="$my_oldobjs" } # func_emit_wrapper [arg=no] # # Emit a libtool wrapper script on stdout. # Don't directly open a file because we may want to # incorporate the script contents within a cygwin/mingw # wrapper executable. Must ONLY be called from within # func_mode_link because it depends on a number of variables # set therein. # # ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR # variable will take. If 'yes', then the emitted script # will assume that the directory in which it is stored is # the $objdir directory. This is a cygwin/mingw-specific # behavior. func_emit_wrapper () { func_emit_wrapper_arg1=${1-no} $ECHO "\ #! $SHELL # $output - temporary wrapper script for $objdir/$outputname # Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION # # The $output program cannot be directly executed until all the libtool # libraries that it depends on are installed. # # This wrapper script should never be moved out of the build directory. # If it is, it will not operate correctly. # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. sed_quote_subst='$sed_quote_subst' # Be Bourne compatible if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac fi BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH relink_command=\"$relink_command\" # This environment variable determines our operation mode. if test \"\$libtool_install_magic\" = \"$magic\"; then # install mode needs the following variables: generated_by_libtool_version='$macro_version' notinst_deplibs='$notinst_deplibs' else # When we are sourced in execute mode, \$file and \$ECHO are already set. if test \"\$libtool_execute_magic\" != \"$magic\"; then file=\"\$0\"" qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` $ECHO "\ # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF \$1 _LTECHO_EOF' } ECHO=\"$qECHO\" fi # Very basic option parsing. These options are (a) specific to # the libtool wrapper, (b) are identical between the wrapper # /script/ and the wrapper /executable/ which is used only on # windows platforms, and (c) all begin with the string "--lt-" # (application programs are unlikely to have options which match # this pattern). # # There are only two supported options: --lt-debug and # --lt-dump-script. There is, deliberately, no --lt-help. # # The first argument to this parsing function should be the # script's $0 value, followed by "$@". lt_option_debug= func_parse_lt_options () { lt_script_arg0=\$0 shift for lt_opt do case \"\$lt_opt\" in --lt-debug) lt_option_debug=1 ;; --lt-dump-script) lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` cat \"\$lt_dump_D/\$lt_dump_F\" exit 0 ;; --lt-*) \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 exit 1 ;; esac done # Print the debug banner immediately: if test -n \"\$lt_option_debug\"; then echo \"${outputname}:${output}:\${LINENO}: libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\" 1>&2 fi } # Used when --lt-debug. Prints its arguments to stdout # (redirection is the responsibility of the caller) func_lt_dump_args () { lt_dump_args_N=1; for lt_arg do \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[\$lt_dump_args_N]: \$lt_arg\" lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` done } # Core function for launching the target application func_exec_program_core () { " case $host in # Backslashes separate directories on plain windows *-*-mingw | *-*-os2* | *-cegcc*) $ECHO "\ if test -n \"\$lt_option_debug\"; then \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir\\\\\$program\" 1>&2 func_lt_dump_args \${1+\"\$@\"} 1>&2 fi exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} " ;; *) $ECHO "\ if test -n \"\$lt_option_debug\"; then \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir/\$program\" 1>&2 func_lt_dump_args \${1+\"\$@\"} 1>&2 fi exec \"\$progdir/\$program\" \${1+\"\$@\"} " ;; esac $ECHO "\ \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 exit 1 } # A function to encapsulate launching the target application # Strips options in the --lt-* namespace from \$@ and # launches target application with the remaining arguments. func_exec_program () { case \" \$* \" in *\\ --lt-*) for lt_wr_arg do case \$lt_wr_arg in --lt-*) ;; *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; esac shift done ;; esac func_exec_program_core \${1+\"\$@\"} } # Parse options func_parse_lt_options \"\$0\" \${1+\"\$@\"} # Find the directory that this script lives in. thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` test \"x\$thisdir\" = \"x\$file\" && thisdir=. # Follow symbolic links until we get to the real thisdir. file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` while test -n \"\$file\"; do destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` # If there was a directory component, then change thisdir. if test \"x\$destdir\" != \"x\$file\"; then case \"\$destdir\" in [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; *) thisdir=\"\$thisdir/\$destdir\" ;; esac fi file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` done # Usually 'no', except on cygwin/mingw when embedded into # the cwrapper. WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then # special case for '.' if test \"\$thisdir\" = \".\"; then thisdir=\`pwd\` fi # remove .libs from thisdir case \"\$thisdir\" in *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; $objdir ) thisdir=. ;; esac fi # Try to get the absolute directory name. absdir=\`cd \"\$thisdir\" && pwd\` test -n \"\$absdir\" && thisdir=\"\$absdir\" " if test "$fast_install" = yes; then $ECHO "\ program=lt-'$outputname'$exeext progdir=\"\$thisdir/$objdir\" if test ! -f \"\$progdir/\$program\" || { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\ test \"X\$file\" != \"X\$progdir/\$program\"; }; then file=\"\$\$-\$program\" if test ! -d \"\$progdir\"; then $MKDIR \"\$progdir\" else $RM \"\$progdir/\$file\" fi" $ECHO "\ # relink executable if necessary if test -n \"\$relink_command\"; then if relink_command_output=\`eval \$relink_command 2>&1\`; then : else $ECHO \"\$relink_command_output\" >&2 $RM \"\$progdir/\$file\" exit 1 fi fi $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || { $RM \"\$progdir/\$program\"; $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } $RM \"\$progdir/\$file\" fi" else $ECHO "\ program='$outputname' progdir=\"\$thisdir/$objdir\" " fi $ECHO "\ if test -f \"\$progdir/\$program\"; then" # fixup the dll searchpath if we need to. # # Fix the DLL searchpath if we need to. Do this before prepending # to shlibpath, because on Windows, both are PATH and uninstalled # libraries must come first. if test -n "$dllsearchpath"; then $ECHO "\ # Add the dll search path components to the executable PATH PATH=$dllsearchpath:\$PATH " fi # Export our shlibpath_var if we have one. if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then $ECHO "\ # Add our own library path to $shlibpath_var $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" # Some systems cannot cope with colon-terminated $shlibpath_var # The second colon is a workaround for a bug in BeOS R4 sed $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` export $shlibpath_var " fi $ECHO "\ if test \"\$libtool_execute_magic\" != \"$magic\"; then # Run the actual program with our arguments. func_exec_program \${1+\"\$@\"} fi else # The program doesn't exist. \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 exit 1 fi fi\ " } # func_emit_cwrapperexe_src # emit the source code for a wrapper executable on stdout # Must ONLY be called from within func_mode_link because # it depends on a number of variable set therein. func_emit_cwrapperexe_src () { cat < #include #ifdef _MSC_VER # include # include # include #else # include # include # ifdef __CYGWIN__ # include # endif #endif #include #include #include #include #include #include #include #include /* declarations of non-ANSI functions */ #if defined(__MINGW32__) # ifdef __STRICT_ANSI__ int _putenv (const char *); # endif #elif defined(__CYGWIN__) # ifdef __STRICT_ANSI__ char *realpath (const char *, char *); int putenv (char *); int setenv (const char *, const char *, int); # endif /* #elif defined (other platforms) ... */ #endif /* portability defines, excluding path handling macros */ #if defined(_MSC_VER) # define setmode _setmode # define stat _stat # define chmod _chmod # define getcwd _getcwd # define putenv _putenv # define S_IXUSR _S_IEXEC # ifndef _INTPTR_T_DEFINED # define _INTPTR_T_DEFINED # define intptr_t int # endif #elif defined(__MINGW32__) # define setmode _setmode # define stat _stat # define chmod _chmod # define getcwd _getcwd # define putenv _putenv #elif defined(__CYGWIN__) # define HAVE_SETENV # define FOPEN_WB "wb" /* #elif defined (other platforms) ... */ #endif #if defined(PATH_MAX) # define LT_PATHMAX PATH_MAX #elif defined(MAXPATHLEN) # define LT_PATHMAX MAXPATHLEN #else # define LT_PATHMAX 1024 #endif #ifndef S_IXOTH # define S_IXOTH 0 #endif #ifndef S_IXGRP # define S_IXGRP 0 #endif /* path handling portability macros */ #ifndef DIR_SEPARATOR # define DIR_SEPARATOR '/' # define PATH_SEPARATOR ':' #endif #if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \ defined (__OS2__) # define HAVE_DOS_BASED_FILE_SYSTEM # define FOPEN_WB "wb" # ifndef DIR_SEPARATOR_2 # define DIR_SEPARATOR_2 '\\' # endif # ifndef PATH_SEPARATOR_2 # define PATH_SEPARATOR_2 ';' # endif #endif #ifndef DIR_SEPARATOR_2 # define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) #else /* DIR_SEPARATOR_2 */ # define IS_DIR_SEPARATOR(ch) \ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) #endif /* DIR_SEPARATOR_2 */ #ifndef PATH_SEPARATOR_2 # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) #else /* PATH_SEPARATOR_2 */ # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) #endif /* PATH_SEPARATOR_2 */ #ifndef FOPEN_WB # define FOPEN_WB "w" #endif #ifndef _O_BINARY # define _O_BINARY 0 #endif #define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) #define XFREE(stale) do { \ if (stale) { free ((void *) stale); stale = 0; } \ } while (0) #if defined(LT_DEBUGWRAPPER) static int lt_debug = 1; #else static int lt_debug = 0; #endif const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ void *xmalloc (size_t num); char *xstrdup (const char *string); const char *base_name (const char *name); char *find_executable (const char *wrapper); char *chase_symlinks (const char *pathspec); int make_executable (const char *path); int check_executable (const char *path); char *strendzap (char *str, const char *pat); void lt_debugprintf (const char *file, int line, const char *fmt, ...); void lt_fatal (const char *file, int line, const char *message, ...); static const char *nonnull (const char *s); static const char *nonempty (const char *s); void lt_setenv (const char *name, const char *value); char *lt_extend_str (const char *orig_value, const char *add, int to_end); void lt_update_exe_path (const char *name, const char *value); void lt_update_lib_path (const char *name, const char *value); char **prepare_spawn (char **argv); void lt_dump_script (FILE *f); EOF cat <= 0) && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) return 1; else return 0; } int make_executable (const char *path) { int rval = 0; struct stat st; lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", nonempty (path)); if ((!path) || (!*path)) return 0; if (stat (path, &st) >= 0) { rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); } return rval; } /* Searches for the full path of the wrapper. Returns newly allocated full path name if found, NULL otherwise Does not chase symlinks, even on platforms that support them. */ char * find_executable (const char *wrapper) { int has_slash = 0; const char *p; const char *p_next; /* static buffer for getcwd */ char tmp[LT_PATHMAX + 1]; int tmp_len; char *concat_name; lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", nonempty (wrapper)); if ((wrapper == NULL) || (*wrapper == '\0')) return NULL; /* Absolute path? */ #if defined (HAVE_DOS_BASED_FILE_SYSTEM) if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') { concat_name = xstrdup (wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } else { #endif if (IS_DIR_SEPARATOR (wrapper[0])) { concat_name = xstrdup (wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } #if defined (HAVE_DOS_BASED_FILE_SYSTEM) } #endif for (p = wrapper; *p; p++) if (*p == '/') { has_slash = 1; break; } if (!has_slash) { /* no slashes; search PATH */ const char *path = getenv ("PATH"); if (path != NULL) { for (p = path; *p; p = p_next) { const char *q; size_t p_len; for (q = p; *q; q++) if (IS_PATH_SEPARATOR (*q)) break; p_len = q - p; p_next = (*q == '\0' ? q : q + 1); if (p_len == 0) { /* empty path: current directory */ if (getcwd (tmp, LT_PATHMAX) == NULL) lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", nonnull (strerror (errno))); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, tmp, tmp_len); concat_name[tmp_len] = '/'; strcpy (concat_name + tmp_len + 1, wrapper); } else { concat_name = XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, p, p_len); concat_name[p_len] = '/'; strcpy (concat_name + p_len + 1, wrapper); } if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } } /* not found in PATH; assume curdir */ } /* Relative path | not found in path: prepend cwd */ if (getcwd (tmp, LT_PATHMAX) == NULL) lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", nonnull (strerror (errno))); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, tmp, tmp_len); concat_name[tmp_len] = '/'; strcpy (concat_name + tmp_len + 1, wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); return NULL; } char * chase_symlinks (const char *pathspec) { #ifndef S_ISLNK return xstrdup (pathspec); #else char buf[LT_PATHMAX]; struct stat s; char *tmp_pathspec = xstrdup (pathspec); char *p; int has_symlinks = 0; while (strlen (tmp_pathspec) && !has_symlinks) { lt_debugprintf (__FILE__, __LINE__, "checking path component for symlinks: %s\n", tmp_pathspec); if (lstat (tmp_pathspec, &s) == 0) { if (S_ISLNK (s.st_mode) != 0) { has_symlinks = 1; break; } /* search backwards for last DIR_SEPARATOR */ p = tmp_pathspec + strlen (tmp_pathspec) - 1; while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) p--; if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) { /* no more DIR_SEPARATORS left */ break; } *p = '\0'; } else { lt_fatal (__FILE__, __LINE__, "error accessing file \"%s\": %s", tmp_pathspec, nonnull (strerror (errno))); } } XFREE (tmp_pathspec); if (!has_symlinks) { return xstrdup (pathspec); } tmp_pathspec = realpath (pathspec, buf); if (tmp_pathspec == 0) { lt_fatal (__FILE__, __LINE__, "could not follow symlinks for %s", pathspec); } return xstrdup (tmp_pathspec); #endif } char * strendzap (char *str, const char *pat) { size_t len, patlen; assert (str != NULL); assert (pat != NULL); len = strlen (str); patlen = strlen (pat); if (patlen <= len) { str += len - patlen; if (strcmp (str, pat) == 0) *str = '\0'; } return str; } void lt_debugprintf (const char *file, int line, const char *fmt, ...) { va_list args; if (lt_debug) { (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); va_start (args, fmt); (void) vfprintf (stderr, fmt, args); va_end (args); } } static void lt_error_core (int exit_status, const char *file, int line, const char *mode, const char *message, va_list ap) { fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); vfprintf (stderr, message, ap); fprintf (stderr, ".\n"); if (exit_status >= 0) exit (exit_status); } void lt_fatal (const char *file, int line, const char *message, ...) { va_list ap; va_start (ap, message); lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); va_end (ap); } static const char * nonnull (const char *s) { return s ? s : "(null)"; } static const char * nonempty (const char *s) { return (s && !*s) ? "(empty)" : nonnull (s); } void lt_setenv (const char *name, const char *value) { lt_debugprintf (__FILE__, __LINE__, "(lt_setenv) setting '%s' to '%s'\n", nonnull (name), nonnull (value)); { #ifdef HAVE_SETENV /* always make a copy, for consistency with !HAVE_SETENV */ char *str = xstrdup (value); setenv (name, str, 1); #else int len = strlen (name) + 1 + strlen (value) + 1; char *str = XMALLOC (char, len); sprintf (str, "%s=%s", name, value); if (putenv (str) != EXIT_SUCCESS) { XFREE (str); } #endif } } char * lt_extend_str (const char *orig_value, const char *add, int to_end) { char *new_value; if (orig_value && *orig_value) { int orig_value_len = strlen (orig_value); int add_len = strlen (add); new_value = XMALLOC (char, add_len + orig_value_len + 1); if (to_end) { strcpy (new_value, orig_value); strcpy (new_value + orig_value_len, add); } else { strcpy (new_value, add); strcpy (new_value + add_len, orig_value); } } else { new_value = xstrdup (add); } return new_value; } void lt_update_exe_path (const char *name, const char *value) { lt_debugprintf (__FILE__, __LINE__, "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", nonnull (name), nonnull (value)); if (name && *name && value && *value) { char *new_value = lt_extend_str (getenv (name), value, 0); /* some systems can't cope with a ':'-terminated path #' */ int len = strlen (new_value); while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1])) { new_value[len-1] = '\0'; } lt_setenv (name, new_value); XFREE (new_value); } } void lt_update_lib_path (const char *name, const char *value) { lt_debugprintf (__FILE__, __LINE__, "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", nonnull (name), nonnull (value)); if (name && *name && value && *value) { char *new_value = lt_extend_str (getenv (name), value, 0); lt_setenv (name, new_value); XFREE (new_value); } } EOF case $host_os in mingw*) cat <<"EOF" /* Prepares an argument vector before calling spawn(). Note that spawn() does not by itself call the command interpreter (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); GetVersionEx(&v); v.dwPlatformId == VER_PLATFORM_WIN32_NT; }) ? "cmd.exe" : "command.com"). Instead it simply concatenates the arguments, separated by ' ', and calls CreateProcess(). We must quote the arguments since Win32 CreateProcess() interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a special way: - Space and tab are interpreted as delimiters. They are not treated as delimiters if they are surrounded by double quotes: "...". - Unescaped double quotes are removed from the input. Their only effect is that within double quotes, space and tab are treated like normal characters. - Backslashes not followed by double quotes are not special. - But 2*n+1 backslashes followed by a double quote become n backslashes followed by a double quote (n >= 0): \" -> " \\\" -> \" \\\\\" -> \\" */ #define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" #define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" char ** prepare_spawn (char **argv) { size_t argc; char **new_argv; size_t i; /* Count number of arguments. */ for (argc = 0; argv[argc] != NULL; argc++) ; /* Allocate new argument vector. */ new_argv = XMALLOC (char *, argc + 1); /* Put quoted arguments into the new argument vector. */ for (i = 0; i < argc; i++) { const char *string = argv[i]; if (string[0] == '\0') new_argv[i] = xstrdup ("\"\""); else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) { int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); size_t length; unsigned int backslashes; const char *s; char *quoted_string; char *p; length = 0; backslashes = 0; if (quote_around) length++; for (s = string; *s != '\0'; s++) { char c = *s; if (c == '"') length += backslashes + 1; length++; if (c == '\\') backslashes++; else backslashes = 0; } if (quote_around) length += backslashes + 1; quoted_string = XMALLOC (char, length + 1); p = quoted_string; backslashes = 0; if (quote_around) *p++ = '"'; for (s = string; *s != '\0'; s++) { char c = *s; if (c == '"') { unsigned int j; for (j = backslashes + 1; j > 0; j--) *p++ = '\\'; } *p++ = c; if (c == '\\') backslashes++; else backslashes = 0; } if (quote_around) { unsigned int j; for (j = backslashes; j > 0; j--) *p++ = '\\'; *p++ = '"'; } *p = '\0'; new_argv[i] = quoted_string; } else new_argv[i] = (char *) string; } new_argv[argc] = NULL; return new_argv; } EOF ;; esac cat <<"EOF" void lt_dump_script (FILE* f) { EOF func_emit_wrapper yes | $SED -n -e ' s/^\(.\{79\}\)\(..*\)/\1\ \2/ h s/\([\\"]\)/\\\1/g s/$/\\n/ s/\([^\n]*\).*/ fputs ("\1", f);/p g D' cat <<"EOF" } EOF } # end: func_emit_cwrapperexe_src # func_win32_import_lib_p ARG # True if ARG is an import lib, as indicated by $file_magic_cmd func_win32_import_lib_p () { $opt_debug case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in *import*) : ;; *) false ;; esac } # func_mode_link arg... func_mode_link () { $opt_debug case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) # It is impossible to link a dll without this setting, and # we shouldn't force the makefile maintainer to figure out # which system we are compiling for in order to pass an extra # flag for every libtool invocation. # allow_undefined=no # FIXME: Unfortunately, there are problems with the above when trying # to make a dll which has undefined symbols, in which case not # even a static library is built. For now, we need to specify # -no-undefined on the libtool link line when we can be certain # that all symbols are satisfied, otherwise we get a static library. allow_undefined=yes ;; *) allow_undefined=yes ;; esac libtool_args=$nonopt base_compile="$nonopt $@" compile_command=$nonopt finalize_command=$nonopt compile_rpath= finalize_rpath= compile_shlibpath= finalize_shlibpath= convenience= old_convenience= deplibs= old_deplibs= compiler_flags= linker_flags= dllsearchpath= lib_search_path=`pwd` inst_prefix_dir= new_inherited_linker_flags= avoid_version=no bindir= dlfiles= dlprefiles= dlself=no export_dynamic=no export_symbols= export_symbols_regex= generated= libobjs= ltlibs= module=no no_install=no objs= non_pic_objects= precious_files_regex= prefer_static_libs=no preload=no prev= prevarg= release= rpath= xrpath= perm_rpath= temp_rpath= thread_safe=no vinfo= vinfo_number=no weak_libs= single_module="${wl}-single_module" func_infer_tag $base_compile # We need to know -static, to get the right output filenames. for arg do case $arg in -shared) test "$build_libtool_libs" != yes && \ func_fatal_configuration "can not build a shared library" build_old_libs=no break ;; -all-static | -static | -static-libtool-libs) case $arg in -all-static) if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then func_warning "complete static linking is impossible in this configuration" fi if test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=yes ;; -static) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=built ;; -static-libtool-libs) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=yes ;; esac build_libtool_libs=no build_old_libs=yes break ;; esac done # See if our shared archives depend on static archives. test -n "$old_archive_from_new_cmds" && build_old_libs=yes # Go through the arguments, transforming them on the way. while test "$#" -gt 0; do arg="$1" shift func_quote_for_eval "$arg" qarg=$func_quote_for_eval_unquoted_result func_append libtool_args " $func_quote_for_eval_result" # If the previous option needs an argument, assign it. if test -n "$prev"; then case $prev in output) func_append compile_command " @OUTPUT@" func_append finalize_command " @OUTPUT@" ;; esac case $prev in bindir) bindir="$arg" prev= continue ;; dlfiles|dlprefiles) if test "$preload" = no; then # Add the symbol object into the linking commands. func_append compile_command " @SYMFILE@" func_append finalize_command " @SYMFILE@" preload=yes fi case $arg in *.la | *.lo) ;; # We handle these cases below. force) if test "$dlself" = no; then dlself=needless export_dynamic=yes fi prev= continue ;; self) if test "$prev" = dlprefiles; then dlself=yes elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then dlself=yes else dlself=needless export_dynamic=yes fi prev= continue ;; *) if test "$prev" = dlfiles; then func_append dlfiles " $arg" else func_append dlprefiles " $arg" fi prev= continue ;; esac ;; expsyms) export_symbols="$arg" test -f "$arg" \ || func_fatal_error "symbol file \`$arg' does not exist" prev= continue ;; expsyms_regex) export_symbols_regex="$arg" prev= continue ;; framework) case $host in *-*-darwin*) case "$deplibs " in *" $qarg.ltframework "*) ;; *) func_append deplibs " $qarg.ltframework" # this is fixed later ;; esac ;; esac prev= continue ;; inst_prefix) inst_prefix_dir="$arg" prev= continue ;; objectlist) if test -f "$arg"; then save_arg=$arg moreargs= for fil in `cat "$save_arg"` do # func_append moreargs " $fil" arg=$fil # A libtool-controlled object. # Check to see that this really is a libtool object. if func_lalib_unsafe_p "$arg"; then pic_object= non_pic_object= # Read the .lo file func_source "$arg" if test -z "$pic_object" || test -z "$non_pic_object" || test "$pic_object" = none && test "$non_pic_object" = none; then func_fatal_error "cannot find name of object for \`$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir="$func_dirname_result" if test "$pic_object" != none; then # Prepend the subdirectory the object is found in. pic_object="$xdir$pic_object" if test "$prev" = dlfiles; then if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then func_append dlfiles " $pic_object" prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi # CHECK ME: I think I busted this. -Ossama if test "$prev" = dlprefiles; then # Preload the old-style object. func_append dlprefiles " $pic_object" prev= fi # A PIC object. func_append libobjs " $pic_object" arg="$pic_object" fi # Non-PIC object. if test "$non_pic_object" != none; then # Prepend the subdirectory the object is found in. non_pic_object="$xdir$non_pic_object" # A standard non-PIC object func_append non_pic_objects " $non_pic_object" if test -z "$pic_object" || test "$pic_object" = none ; then arg="$non_pic_object" fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. non_pic_object="$pic_object" func_append non_pic_objects " $non_pic_object" fi else # Only an error if not doing a dry-run. if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir="$func_dirname_result" func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result non_pic_object=$xdir$func_lo2o_result func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else func_fatal_error "\`$arg' is not a valid libtool object" fi fi done else func_fatal_error "link input file \`$arg' does not exist" fi arg=$save_arg prev= continue ;; precious_regex) precious_files_regex="$arg" prev= continue ;; release) release="-$arg" prev= continue ;; rpath | xrpath) # We need an absolute path. case $arg in [\\/]* | [A-Za-z]:[\\/]*) ;; *) func_fatal_error "only absolute run-paths are allowed" ;; esac if test "$prev" = rpath; then case "$rpath " in *" $arg "*) ;; *) func_append rpath " $arg" ;; esac else case "$xrpath " in *" $arg "*) ;; *) func_append xrpath " $arg" ;; esac fi prev= continue ;; shrext) shrext_cmds="$arg" prev= continue ;; weak) func_append weak_libs " $arg" prev= continue ;; xcclinker) func_append linker_flags " $qarg" func_append compiler_flags " $qarg" prev= func_append compile_command " $qarg" func_append finalize_command " $qarg" continue ;; xcompiler) func_append compiler_flags " $qarg" prev= func_append compile_command " $qarg" func_append finalize_command " $qarg" continue ;; xlinker) func_append linker_flags " $qarg" func_append compiler_flags " $wl$qarg" prev= func_append compile_command " $wl$qarg" func_append finalize_command " $wl$qarg" continue ;; *) eval "$prev=\"\$arg\"" prev= continue ;; esac fi # test -n "$prev" prevarg="$arg" case $arg in -all-static) if test -n "$link_static_flag"; then # See comment for -static flag below, for more details. func_append compile_command " $link_static_flag" func_append finalize_command " $link_static_flag" fi continue ;; -allow-undefined) # FIXME: remove this flag sometime in the future. func_fatal_error "\`-allow-undefined' must not be used because it is the default" ;; -avoid-version) avoid_version=yes continue ;; -bindir) prev=bindir continue ;; -dlopen) prev=dlfiles continue ;; -dlpreopen) prev=dlprefiles continue ;; -export-dynamic) export_dynamic=yes continue ;; -export-symbols | -export-symbols-regex) if test -n "$export_symbols" || test -n "$export_symbols_regex"; then func_fatal_error "more than one -exported-symbols argument is not allowed" fi if test "X$arg" = "X-export-symbols"; then prev=expsyms else prev=expsyms_regex fi continue ;; -framework) prev=framework continue ;; -inst-prefix-dir) prev=inst_prefix continue ;; # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* # so, if we see these flags be careful not to treat them like -L -L[A-Z][A-Z]*:*) case $with_gcc/$host in no/*-*-irix* | /*-*-irix*) func_append compile_command " $arg" func_append finalize_command " $arg" ;; esac continue ;; -L*) func_stripname "-L" '' "$arg" if test -z "$func_stripname_result"; then if test "$#" -gt 0; then func_fatal_error "require no space between \`-L' and \`$1'" else func_fatal_error "need path for \`-L' option" fi fi func_resolve_sysroot "$func_stripname_result" dir=$func_resolve_sysroot_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) absdir=`cd "$dir" && pwd` test -z "$absdir" && \ func_fatal_error "cannot determine absolute directory name of \`$dir'" dir="$absdir" ;; esac case "$deplibs " in *" -L$dir "* | *" $arg "*) # Will only happen for absolute or sysroot arguments ;; *) # Preserve sysroot, but never include relative directories case $dir in [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; *) func_append deplibs " -L$dir" ;; esac func_append lib_search_path " $dir" ;; esac case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` case :$dllsearchpath: in *":$dir:"*) ;; ::) dllsearchpath=$dir;; *) func_append dllsearchpath ":$dir";; esac case :$dllsearchpath: in *":$testbindir:"*) ;; ::) dllsearchpath=$testbindir;; *) func_append dllsearchpath ":$testbindir";; esac ;; esac continue ;; -l*) if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) # These systems don't actually have a C or math library (as such) continue ;; *-*-os2*) # These systems don't actually have a C library (as such) test "X$arg" = "X-lc" && continue ;; *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc due to us having libc/libc_r. test "X$arg" = "X-lc" && continue ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C and math libraries are in the System framework func_append deplibs " System.ltframework" continue ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype test "X$arg" = "X-lc" && continue ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work test "X$arg" = "X-lc" && continue ;; esac elif test "X$arg" = "X-lc_r"; then case $host in *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc_r directly, use -pthread flag. continue ;; esac fi func_append deplibs " $arg" continue ;; -module) module=yes continue ;; # Tru64 UNIX uses -model [arg] to determine the layout of C++ # classes, name mangling, and exception handling. # Darwin uses the -arch flag to determine output architecture. -model|-arch|-isysroot|--sysroot) func_append compiler_flags " $arg" func_append compile_command " $arg" func_append finalize_command " $arg" prev=xcompiler continue ;; -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) func_append compiler_flags " $arg" func_append compile_command " $arg" func_append finalize_command " $arg" case "$new_inherited_linker_flags " in *" $arg "*) ;; * ) func_append new_inherited_linker_flags " $arg" ;; esac continue ;; -multi_module) single_module="${wl}-multi_module" continue ;; -no-fast-install) fast_install=no continue ;; -no-install) case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) # The PATH hackery in wrapper scripts is required on Windows # and Darwin in order for the loader to find any dlls it needs. func_warning "\`-no-install' is ignored for $host" func_warning "assuming \`-no-fast-install' instead" fast_install=no ;; *) no_install=yes ;; esac continue ;; -no-undefined) allow_undefined=no continue ;; -objectlist) prev=objectlist continue ;; -o) prev=output ;; -precious-files-regex) prev=precious_regex continue ;; -release) prev=release continue ;; -rpath) prev=rpath continue ;; -R) prev=xrpath continue ;; -R*) func_stripname '-R' '' "$arg" dir=$func_stripname_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) ;; =*) func_stripname '=' '' "$dir" dir=$lt_sysroot$func_stripname_result ;; *) func_fatal_error "only absolute run-paths are allowed" ;; esac case "$xrpath " in *" $dir "*) ;; *) func_append xrpath " $dir" ;; esac continue ;; -shared) # The effects of -shared are defined in a previous loop. continue ;; -shrext) prev=shrext continue ;; -static | -static-libtool-libs) # The effects of -static are defined in a previous loop. # We used to do the same as -all-static on platforms that # didn't have a PIC flag, but the assumption that the effects # would be equivalent was wrong. It would break on at least # Digital Unix and AIX. continue ;; -thread-safe) thread_safe=yes continue ;; -version-info) prev=vinfo continue ;; -version-number) prev=vinfo vinfo_number=yes continue ;; -weak) prev=weak continue ;; -Wc,*) func_stripname '-Wc,' '' "$arg" args=$func_stripname_result arg= save_ifs="$IFS"; IFS=',' for flag in $args; do IFS="$save_ifs" func_quote_for_eval "$flag" func_append arg " $func_quote_for_eval_result" func_append compiler_flags " $func_quote_for_eval_result" done IFS="$save_ifs" func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; -Wl,*) func_stripname '-Wl,' '' "$arg" args=$func_stripname_result arg= save_ifs="$IFS"; IFS=',' for flag in $args; do IFS="$save_ifs" func_quote_for_eval "$flag" func_append arg " $wl$func_quote_for_eval_result" func_append compiler_flags " $wl$func_quote_for_eval_result" func_append linker_flags " $func_quote_for_eval_result" done IFS="$save_ifs" func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; -Xcompiler) prev=xcompiler continue ;; -Xlinker) prev=xlinker continue ;; -XCClinker) prev=xcclinker continue ;; # -msg_* for osf cc -msg_*) func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" ;; # Flags to be passed through unchanged, with rationale: # -64, -mips[0-9] enable 64-bit mode for the SGI compiler # -r[0-9][0-9]* specify processor for the SGI compiler # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler # +DA*, +DD* enable 64-bit mode for the HP compiler # -q* compiler args for the IBM compiler # -m*, -t[45]*, -txscale* architecture-specific flags for GCC # -F/path path to uninstalled frameworks, gcc on darwin # -p, -pg, --coverage, -fprofile-* profiling flags for GCC # @file GCC response files # -tp=* Portland pgcc target processor selection # --sysroot=* for sysroot support # -O*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ -O*|-flto*|-fwhopr*|-fuse-linker-plugin) func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" func_append compile_command " $arg" func_append finalize_command " $arg" func_append compiler_flags " $arg" continue ;; # Some other compiler flag. -* | +*) func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" ;; *.$objext) # A standard object. func_append objs " $arg" ;; *.lo) # A libtool-controlled object. # Check to see that this really is a libtool object. if func_lalib_unsafe_p "$arg"; then pic_object= non_pic_object= # Read the .lo file func_source "$arg" if test -z "$pic_object" || test -z "$non_pic_object" || test "$pic_object" = none && test "$non_pic_object" = none; then func_fatal_error "cannot find name of object for \`$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir="$func_dirname_result" if test "$pic_object" != none; then # Prepend the subdirectory the object is found in. pic_object="$xdir$pic_object" if test "$prev" = dlfiles; then if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then func_append dlfiles " $pic_object" prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi # CHECK ME: I think I busted this. -Ossama if test "$prev" = dlprefiles; then # Preload the old-style object. func_append dlprefiles " $pic_object" prev= fi # A PIC object. func_append libobjs " $pic_object" arg="$pic_object" fi # Non-PIC object. if test "$non_pic_object" != none; then # Prepend the subdirectory the object is found in. non_pic_object="$xdir$non_pic_object" # A standard non-PIC object func_append non_pic_objects " $non_pic_object" if test -z "$pic_object" || test "$pic_object" = none ; then arg="$non_pic_object" fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. non_pic_object="$pic_object" func_append non_pic_objects " $non_pic_object" fi else # Only an error if not doing a dry-run. if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir="$func_dirname_result" func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result non_pic_object=$xdir$func_lo2o_result func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else func_fatal_error "\`$arg' is not a valid libtool object" fi fi ;; *.$libext) # An archive. func_append deplibs " $arg" func_append old_deplibs " $arg" continue ;; *.la) # A libtool-controlled library. func_resolve_sysroot "$arg" if test "$prev" = dlfiles; then # This library was specified with -dlopen. func_append dlfiles " $func_resolve_sysroot_result" prev= elif test "$prev" = dlprefiles; then # The library was specified with -dlpreopen. func_append dlprefiles " $func_resolve_sysroot_result" prev= else func_append deplibs " $func_resolve_sysroot_result" fi continue ;; # Some other compiler argument. *) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" ;; esac # arg # Now actually substitute the argument into the commands. if test -n "$arg"; then func_append compile_command " $arg" func_append finalize_command " $arg" fi done # argument parsing loop test -n "$prev" && \ func_fatal_help "the \`$prevarg' option requires an argument" if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then eval arg=\"$export_dynamic_flag_spec\" func_append compile_command " $arg" func_append finalize_command " $arg" fi oldlibs= # calculate the name of the file, without its directory func_basename "$output" outputname="$func_basename_result" libobjs_save="$libobjs" if test -n "$shlibpath_var"; then # get the directories listed in $shlibpath_var eval shlib_search_path=\`\$ECHO \"\${$shlibpath_var}\" \| \$SED \'s/:/ /g\'\` else shlib_search_path= fi eval sys_lib_search_path=\"$sys_lib_search_path_spec\" eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" func_dirname "$output" "/" "" output_objdir="$func_dirname_result$objdir" func_to_tool_file "$output_objdir/" tool_output_objdir=$func_to_tool_file_result # Create the object directory. func_mkdir_p "$output_objdir" # Determine the type of output case $output in "") func_fatal_help "you must specify an output file" ;; *.$libext) linkmode=oldlib ;; *.lo | *.$objext) linkmode=obj ;; *.la) linkmode=lib ;; *) linkmode=prog ;; # Anything else should be a program. esac specialdeplibs= libs= # Find all interdependent deplibs by searching for libraries # that are linked more than once (e.g. -la -lb -la) for deplib in $deplibs; do if $opt_preserve_dup_deps ; then case "$libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append libs " $deplib" done if test "$linkmode" = lib; then libs="$predeps $libs $compiler_lib_search_path $postdeps" # Compute libraries that are listed more than once in $predeps # $postdeps and mark them as special (i.e., whose duplicates are # not to be eliminated). pre_post_deps= if $opt_duplicate_compiler_generated_deps; then for pre_post_dep in $predeps $postdeps; do case "$pre_post_deps " in *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; esac func_append pre_post_deps " $pre_post_dep" done fi pre_post_deps= fi deplibs= newdependency_libs= newlib_search_path= need_relink=no # whether we're linking any uninstalled libtool libraries notinst_deplibs= # not-installed libtool libraries notinst_path= # paths that contain not-installed libtool libraries case $linkmode in lib) passes="conv dlpreopen link" for file in $dlfiles $dlprefiles; do case $file in *.la) ;; *) func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file" ;; esac done ;; prog) compile_deplibs= finalize_deplibs= alldeplibs=no newdlfiles= newdlprefiles= passes="conv scan dlopen dlpreopen link" ;; *) passes="conv" ;; esac for pass in $passes; do # The preopen pass in lib mode reverses $deplibs; put it back here # so that -L comes before libs that need it for instance... if test "$linkmode,$pass" = "lib,link"; then ## FIXME: Find the place where the list is rebuilt in the wrong ## order, and fix it there properly tmp_deplibs= for deplib in $deplibs; do tmp_deplibs="$deplib $tmp_deplibs" done deplibs="$tmp_deplibs" fi if test "$linkmode,$pass" = "lib,link" || test "$linkmode,$pass" = "prog,scan"; then libs="$deplibs" deplibs= fi if test "$linkmode" = prog; then case $pass in dlopen) libs="$dlfiles" ;; dlpreopen) libs="$dlprefiles" ;; link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; esac fi if test "$linkmode,$pass" = "lib,dlpreopen"; then # Collect and forward deplibs of preopened libtool libs for lib in $dlprefiles; do # Ignore non-libtool-libs dependency_libs= func_resolve_sysroot "$lib" case $lib in *.la) func_source "$func_resolve_sysroot_result" ;; esac # Collect preopened libtool deplibs, except any this library # has declared as weak libs for deplib in $dependency_libs; do func_basename "$deplib" deplib_base=$func_basename_result case " $weak_libs " in *" $deplib_base "*) ;; *) func_append deplibs " $deplib" ;; esac done done libs="$dlprefiles" fi if test "$pass" = dlopen; then # Collect dlpreopened libraries save_deplibs="$deplibs" deplibs= fi for deplib in $libs; do lib= found=no case $deplib in -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else func_append compiler_flags " $deplib" if test "$linkmode" = lib ; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) func_append new_inherited_linker_flags " $deplib" ;; esac fi fi continue ;; -l*) if test "$linkmode" != lib && test "$linkmode" != prog; then func_warning "\`-l' is ignored for archives/objects" continue fi func_stripname '-l' '' "$deplib" name=$func_stripname_result if test "$linkmode" = lib; then searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" else searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" fi for searchdir in $searchdirs; do for search_ext in .la $std_shrext .so .a; do # Search the libtool library lib="$searchdir/lib${name}${search_ext}" if test -f "$lib"; then if test "$search_ext" = ".la"; then found=yes else found=no fi break 2 fi done done if test "$found" != yes; then # deplib doesn't seem to be a libtool library if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" fi continue else # deplib is a libtool library # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, # We need to do some special things here, and not later. if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in *" $deplib "*) if func_lalib_p "$lib"; then library_names= old_library= func_source "$lib" for l in $old_library $library_names; do ll="$l" done if test "X$ll" = "X$old_library" ; then # only static version available found=no func_dirname "$lib" "" "." ladir="$func_dirname_result" lib=$ladir/$old_library if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" fi continue fi fi ;; *) ;; esac fi fi ;; # -l *.ltframework) if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" if test "$linkmode" = lib ; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) func_append new_inherited_linker_flags " $deplib" ;; esac fi fi continue ;; -L*) case $linkmode in lib) deplibs="$deplib $deplibs" test "$pass" = conv && continue newdependency_libs="$deplib $newdependency_libs" func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; prog) if test "$pass" = conv; then deplibs="$deplib $deplibs" continue fi if test "$pass" = scan; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" fi func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; *) func_warning "\`-L' is ignored for archives/objects" ;; esac # linkmode continue ;; # -L -R*) if test "$pass" = link; then func_stripname '-R' '' "$deplib" func_resolve_sysroot "$func_stripname_result" dir=$func_resolve_sysroot_result # Make sure the xrpath contains only unique directories. case "$xrpath " in *" $dir "*) ;; *) func_append xrpath " $dir" ;; esac fi deplibs="$deplib $deplibs" continue ;; *.la) func_resolve_sysroot "$deplib" lib=$func_resolve_sysroot_result ;; *.$libext) if test "$pass" = conv; then deplibs="$deplib $deplibs" continue fi case $linkmode in lib) # Linking convenience modules into shared libraries is allowed, # but linking other static libraries is non-portable. case " $dlpreconveniencelibs " in *" $deplib "*) ;; *) valid_a_lib=no case $deplibs_check_method in match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ | $EGREP "$match_pattern_regex" > /dev/null; then valid_a_lib=yes fi ;; pass_all) valid_a_lib=yes ;; esac if test "$valid_a_lib" != yes; then echo $ECHO "*** Warning: Trying to link with static lib archive $deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because the file extensions .$libext of this argument makes me believe" echo "*** that it is just a static archive that I should not use here." else echo $ECHO "*** Warning: Linking the shared library $output against the" $ECHO "*** static library $deplib is not portable!" deplibs="$deplib $deplibs" fi ;; esac continue ;; prog) if test "$pass" != link; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" fi continue ;; esac # linkmode ;; # *.$libext *.lo | *.$objext) if test "$pass" = conv; then deplibs="$deplib $deplibs" elif test "$linkmode" = prog; then if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then # If there is no dlopen support or we're linking statically, # we need to preload. func_append newdlprefiles " $deplib" compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else func_append newdlfiles " $deplib" fi fi continue ;; %DEPLIBS%) alldeplibs=yes continue ;; esac # case $deplib if test "$found" = yes || test -f "$lib"; then : else func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'" fi # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$lib" \ || func_fatal_error "\`$lib' is not a valid libtool archive" func_dirname "$lib" "" "." ladir="$func_dirname_result" dlname= dlopen= dlpreopen= libdir= library_names= old_library= inherited_linker_flags= # If the library was installed with an old release of libtool, # it will not redefine variables installed, or shouldnotlink installed=yes shouldnotlink=no avoidtemprpath= # Read the .la file func_source "$lib" # Convert "-framework foo" to "foo.ltframework" if test -n "$inherited_linker_flags"; then tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do case " $new_inherited_linker_flags " in *" $tmp_inherited_linker_flag "*) ;; *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; esac done fi dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` if test "$linkmode,$pass" = "lib,link" || test "$linkmode,$pass" = "prog,scan" || { test "$linkmode" != prog && test "$linkmode" != lib; }; then test -n "$dlopen" && func_append dlfiles " $dlopen" test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" fi if test "$pass" = conv; then # Only check for convenience libraries deplibs="$lib $deplibs" if test -z "$libdir"; then if test -z "$old_library"; then func_fatal_error "cannot find name of link library for \`$lib'" fi # It is a libtool convenience library, so add in its objects. func_append convenience " $ladir/$objdir/$old_library" func_append old_convenience " $ladir/$objdir/$old_library" elif test "$linkmode" != prog && test "$linkmode" != lib; then func_fatal_error "\`$lib' is not a convenience library" fi tmp_libs= for deplib in $dependency_libs; do deplibs="$deplib $deplibs" if $opt_preserve_dup_deps ; then case "$tmp_libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append tmp_libs " $deplib" done continue fi # $pass = conv # Get the name of the library we link against. linklib= if test -n "$old_library" && { test "$prefer_static_libs" = yes || test "$prefer_static_libs,$installed" = "built,no"; }; then linklib=$old_library else for l in $old_library $library_names; do linklib="$l" done fi if test -z "$linklib"; then func_fatal_error "cannot find name of link library for \`$lib'" fi # This library was specified with -dlopen. if test "$pass" = dlopen; then if test -z "$libdir"; then func_fatal_error "cannot -dlopen a convenience library: \`$lib'" fi if test -z "$dlname" || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then # If there is no dlname, no dlopen support or we're linking # statically, we need to preload. We also need to preload any # dependent libraries so libltdl's deplib preloader doesn't # bomb out in the load deplibs phase. func_append dlprefiles " $lib $dependency_libs" else func_append newdlfiles " $lib" fi continue fi # $pass = dlopen # We need an absolute path. case $ladir in [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;; *) abs_ladir=`cd "$ladir" && pwd` if test -z "$abs_ladir"; then func_warning "cannot determine absolute directory name of \`$ladir'" func_warning "passing it literally to the linker, although it might fail" abs_ladir="$ladir" fi ;; esac func_basename "$lib" laname="$func_basename_result" # Find the relevant object directory and library name. if test "X$installed" = Xyes; then if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then func_warning "library \`$lib' was moved." dir="$ladir" absdir="$abs_ladir" libdir="$abs_ladir" else dir="$lt_sysroot$libdir" absdir="$lt_sysroot$libdir" fi test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes else if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then dir="$ladir" absdir="$abs_ladir" # Remove this search path later func_append notinst_path " $abs_ladir" else dir="$ladir/$objdir" absdir="$abs_ladir/$objdir" # Remove this search path later func_append notinst_path " $abs_ladir" fi fi # $installed = yes func_stripname 'lib' '.la' "$laname" name=$func_stripname_result # This library was specified with -dlpreopen. if test "$pass" = dlpreopen; then if test -z "$libdir" && test "$linkmode" = prog; then func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'" fi case "$host" in # special handling for platforms with PE-DLLs. *cygwin* | *mingw* | *cegcc* ) # Linker will automatically link against shared library if both # static and shared are present. Therefore, ensure we extract # symbols from the import library if a shared library is present # (otherwise, the dlopen module name will be incorrect). We do # this by putting the import library name into $newdlprefiles. # We recover the dlopen module name by 'saving' the la file # name in a special purpose variable, and (later) extracting the # dlname from the la file. if test -n "$dlname"; then func_tr_sh "$dir/$linklib" eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" func_append newdlprefiles " $dir/$linklib" else func_append newdlprefiles " $dir/$old_library" # Keep a list of preopened convenience libraries to check # that they are being used correctly in the link pass. test -z "$libdir" && \ func_append dlpreconveniencelibs " $dir/$old_library" fi ;; * ) # Prefer using a static library (so that no silly _DYNAMIC symbols # are required to link). if test -n "$old_library"; then func_append newdlprefiles " $dir/$old_library" # Keep a list of preopened convenience libraries to check # that they are being used correctly in the link pass. test -z "$libdir" && \ func_append dlpreconveniencelibs " $dir/$old_library" # Otherwise, use the dlname, so that lt_dlopen finds it. elif test -n "$dlname"; then func_append newdlprefiles " $dir/$dlname" else func_append newdlprefiles " $dir/$linklib" fi ;; esac fi # $pass = dlpreopen if test -z "$libdir"; then # Link the convenience library if test "$linkmode" = lib; then deplibs="$dir/$old_library $deplibs" elif test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$dir/$old_library $compile_deplibs" finalize_deplibs="$dir/$old_library $finalize_deplibs" else deplibs="$lib $deplibs" # used for prog,scan pass fi continue fi if test "$linkmode" = prog && test "$pass" != link; then func_append newlib_search_path " $ladir" deplibs="$lib $deplibs" linkalldeplibs=no if test "$link_all_deplibs" != no || test -z "$library_names" || test "$build_libtool_libs" = no; then linkalldeplibs=yes fi tmp_libs= for deplib in $dependency_libs; do case $deplib in -L*) func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result" func_append newlib_search_path " $func_resolve_sysroot_result" ;; esac # Need to link against all dependency_libs? if test "$linkalldeplibs" = yes; then deplibs="$deplib $deplibs" else # Need to hardcode shared library paths # or/and link against static libraries newdependency_libs="$deplib $newdependency_libs" fi if $opt_preserve_dup_deps ; then case "$tmp_libs " in *" $deplib "*) func_append specialdeplibs " $deplib" ;; esac fi func_append tmp_libs " $deplib" done # for deplib continue fi # $linkmode = prog... if test "$linkmode,$pass" = "prog,link"; then if test -n "$library_names" && { { test "$prefer_static_libs" = no || test "$prefer_static_libs,$installed" = "built,yes"; } || test -z "$old_library"; }; then # We need to hardcode the library path if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then # Make sure the rpath contains only unique directories. case "$temp_rpath:" in *"$absdir:"*) ;; *) func_append temp_rpath "$absdir:" ;; esac fi # Hardcode the library path. # Skip directories that are in the system default run-time # search path. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) func_append compile_rpath " $absdir" ;; esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac ;; esac fi # $linkmode,$pass = prog,link... if test "$alldeplibs" = yes && { test "$deplibs_check_method" = pass_all || { test "$build_libtool_libs" = yes && test -n "$library_names"; }; }; then # We only need to search for static libraries continue fi fi link_static=no # Whether the deplib will be linked statically use_static_libs=$prefer_static_libs if test "$use_static_libs" = built && test "$installed" = yes; then use_static_libs=no fi if test -n "$library_names" && { test "$use_static_libs" = no || test -z "$old_library"; }; then case $host in *cygwin* | *mingw* | *cegcc*) # No point in relinking DLLs because paths are not encoded func_append notinst_deplibs " $lib" need_relink=no ;; *) if test "$installed" = no; then func_append notinst_deplibs " $lib" need_relink=yes fi ;; esac # This is a shared library # Warn about portability, can't link against -module's on some # systems (darwin). Don't bleat about dlopened modules though! dlopenmodule="" for dlpremoduletest in $dlprefiles; do if test "X$dlpremoduletest" = "X$lib"; then dlopenmodule="$dlpremoduletest" break fi done if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then echo if test "$linkmode" = prog; then $ECHO "*** Warning: Linking the executable $output against the loadable module" else $ECHO "*** Warning: Linking the shared library $output against the loadable module" fi $ECHO "*** $linklib is not portable!" fi if test "$linkmode" = lib && test "$hardcode_into_libs" = yes; then # Hardcode the library path. # Skip directories that are in the system default run-time # search path. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) func_append compile_rpath " $absdir" ;; esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac ;; esac fi if test -n "$old_archive_from_expsyms_cmds"; then # figure out the soname set dummy $library_names shift realname="$1" shift libname=`eval "\\$ECHO \"$libname_spec\""` # use dlname if we got it. it's perfectly good, no? if test -n "$dlname"; then soname="$dlname" elif test -n "$soname_spec"; then # bleh windows case $host in *cygwin* | mingw* | *cegcc*) func_arith $current - $age major=$func_arith_result versuffix="-$major" ;; esac eval soname=\"$soname_spec\" else soname="$realname" fi # Make a new name for the extract_expsyms_cmds to use soroot="$soname" func_basename "$soroot" soname="$func_basename_result" func_stripname 'lib' '.dll' "$soname" newlib=libimp-$func_stripname_result.a # If the library has no export list, then create one now if test -f "$output_objdir/$soname-def"; then : else func_verbose "extracting exported symbol list from \`$soname'" func_execute_cmds "$extract_expsyms_cmds" 'exit $?' fi # Create $newlib if test -f "$output_objdir/$newlib"; then :; else func_verbose "generating import library for \`$soname'" func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' fi # make sure the library variables are pointing to the new library dir=$output_objdir linklib=$newlib fi # test -n "$old_archive_from_expsyms_cmds" if test "$linkmode" = prog || test "$opt_mode" != relink; then add_shlibpath= add_dir= add= lib_linked=yes case $hardcode_action in immediate | unsupported) if test "$hardcode_direct" = no; then add="$dir/$linklib" case $host in *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;; *-*-sysv4*uw2*) add_dir="-L$dir" ;; *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ *-*-unixware7*) add_dir="-L$dir" ;; *-*-darwin* ) # if the lib is a (non-dlopened) module then we can not # link against it, someone is ignoring the earlier warnings if /usr/bin/file -L $add 2> /dev/null | $GREP ": [^:]* bundle" >/dev/null ; then if test "X$dlopenmodule" != "X$lib"; then $ECHO "*** Warning: lib $linklib is a module, not a shared library" if test -z "$old_library" ; then echo echo "*** And there doesn't seem to be a static archive available" echo "*** The link will probably fail, sorry" else add="$dir/$old_library" fi elif test -n "$old_library"; then add="$dir/$old_library" fi fi esac elif test "$hardcode_minus_L" = no; then case $host in *-*-sunos*) add_shlibpath="$dir" ;; esac add_dir="-L$dir" add="-l$name" elif test "$hardcode_shlibpath_var" = no; then add_shlibpath="$dir" add="-l$name" else lib_linked=no fi ;; relink) if test "$hardcode_direct" = yes && test "$hardcode_direct_absolute" = no; then add="$dir/$linklib" elif test "$hardcode_minus_L" = yes; then add_dir="-L$absdir" # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in [\\/]*) func_append add_dir " -L$inst_prefix_dir$libdir" ;; esac fi add="-l$name" elif test "$hardcode_shlibpath_var" = yes; then add_shlibpath="$dir" add="-l$name" else lib_linked=no fi ;; *) lib_linked=no ;; esac if test "$lib_linked" != yes; then func_fatal_configuration "unsupported hardcode properties" fi if test -n "$add_shlibpath"; then case :$compile_shlibpath: in *":$add_shlibpath:"*) ;; *) func_append compile_shlibpath "$add_shlibpath:" ;; esac fi if test "$linkmode" = prog; then test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" test -n "$add" && compile_deplibs="$add $compile_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" if test "$hardcode_direct" != yes && test "$hardcode_minus_L" != yes && test "$hardcode_shlibpath_var" = yes; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) func_append finalize_shlibpath "$libdir:" ;; esac fi fi fi if test "$linkmode" = prog || test "$opt_mode" = relink; then add_shlibpath= add_dir= add= # Finalize command for both is simple: just hardcode it. if test "$hardcode_direct" = yes && test "$hardcode_direct_absolute" = no; then add="$libdir/$linklib" elif test "$hardcode_minus_L" = yes; then add_dir="-L$libdir" add="-l$name" elif test "$hardcode_shlibpath_var" = yes; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) func_append finalize_shlibpath "$libdir:" ;; esac add="-l$name" elif test "$hardcode_automatic" = yes; then if test -n "$inst_prefix_dir" && test -f "$inst_prefix_dir$libdir/$linklib" ; then add="$inst_prefix_dir$libdir/$linklib" else add="$libdir/$linklib" fi else # We cannot seem to hardcode it, guess we'll fake it. add_dir="-L$libdir" # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in [\\/]*) func_append add_dir " -L$inst_prefix_dir$libdir" ;; esac fi add="-l$name" fi if test "$linkmode" = prog; then test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" test -n "$add" && finalize_deplibs="$add $finalize_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" fi fi elif test "$linkmode" = prog; then # Here we assume that one of hardcode_direct or hardcode_minus_L # is not unsupported. This is valid on all known static and # shared platforms. if test "$hardcode_direct" != unsupported; then test -n "$old_library" && linklib="$old_library" compile_deplibs="$dir/$linklib $compile_deplibs" finalize_deplibs="$dir/$linklib $finalize_deplibs" else compile_deplibs="-l$name -L$dir $compile_deplibs" finalize_deplibs="-l$name -L$dir $finalize_deplibs" fi elif test "$build_libtool_libs" = yes; then # Not a shared library if test "$deplibs_check_method" != pass_all; then # We're trying link a shared library against a static one # but the system doesn't support it. # Just print a warning and add the library to dependency_libs so # that the program can be linked against the static library. echo $ECHO "*** Warning: This system can not link to static lib archive $lib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have." if test "$module" = yes; then echo "*** But as you try to build a module library, libtool will still create " echo "*** a static module, that should work as long as the dlopening application" echo "*** is linked with the -dlopen flag to resolve symbols at runtime." if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" echo "*** lists from a program, using \`nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." echo "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi fi else deplibs="$dir/$old_library $deplibs" link_static=yes fi fi # link shared/static library? if test "$linkmode" = lib; then if test -n "$dependency_libs" && { test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes || test "$link_static" = yes; }; then # Extract -R from dependency_libs temp_deplibs= for libdir in $dependency_libs; do case $libdir in -R*) func_stripname '-R' '' "$libdir" temp_xrpath=$func_stripname_result case " $xrpath " in *" $temp_xrpath "*) ;; *) func_append xrpath " $temp_xrpath";; esac;; *) func_append temp_deplibs " $libdir";; esac done dependency_libs="$temp_deplibs" fi func_append newlib_search_path " $absdir" # Link against this library test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs" # ... and its dependency_libs tmp_libs= for deplib in $dependency_libs; do newdependency_libs="$deplib $newdependency_libs" case $deplib in -L*) func_stripname '-L' '' "$deplib" func_resolve_sysroot "$func_stripname_result";; *) func_resolve_sysroot "$deplib" ;; esac if $opt_preserve_dup_deps ; then case "$tmp_libs " in *" $func_resolve_sysroot_result "*) func_append specialdeplibs " $func_resolve_sysroot_result" ;; esac fi func_append tmp_libs " $func_resolve_sysroot_result" done if test "$link_all_deplibs" != no; then # Add the search paths of all dependency libraries for deplib in $dependency_libs; do path= case $deplib in -L*) path="$deplib" ;; *.la) func_resolve_sysroot "$deplib" deplib=$func_resolve_sysroot_result func_dirname "$deplib" "" "." dir=$func_dirname_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;; *) absdir=`cd "$dir" && pwd` if test -z "$absdir"; then func_warning "cannot determine absolute directory name of \`$dir'" absdir="$dir" fi ;; esac if $GREP "^installed=no" $deplib > /dev/null; then case $host in *-*-darwin*) depdepl= eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` if test -n "$deplibrary_names" ; then for tmp in $deplibrary_names ; do depdepl=$tmp done if test -f "$absdir/$objdir/$depdepl" ; then depdepl="$absdir/$objdir/$depdepl" darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` if test -z "$darwin_install_name"; then darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` fi func_append compiler_flags " ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}" func_append linker_flags " -dylib_file ${darwin_install_name}:${depdepl}" path= fi fi ;; *) path="-L$absdir/$objdir" ;; esac else eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` test -z "$libdir" && \ func_fatal_error "\`$deplib' is not a valid libtool archive" test "$absdir" != "$libdir" && \ func_warning "\`$deplib' seems to be moved" path="-L$absdir" fi ;; esac case " $deplibs " in *" $path "*) ;; *) deplibs="$path $deplibs" ;; esac done fi # link_all_deplibs != no fi # linkmode = lib done # for deplib in $libs if test "$pass" = link; then if test "$linkmode" = "prog"; then compile_deplibs="$new_inherited_linker_flags $compile_deplibs" finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" else compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` fi fi dependency_libs="$newdependency_libs" if test "$pass" = dlpreopen; then # Link the dlpreopened libraries before other libraries for deplib in $save_deplibs; do deplibs="$deplib $deplibs" done fi if test "$pass" != dlopen; then if test "$pass" != conv; then # Make sure lib_search_path contains only unique directories. lib_search_path= for dir in $newlib_search_path; do case "$lib_search_path " in *" $dir "*) ;; *) func_append lib_search_path " $dir" ;; esac done newlib_search_path= fi if test "$linkmode,$pass" != "prog,link"; then vars="deplibs" else vars="compile_deplibs finalize_deplibs" fi for var in $vars dependency_libs; do # Add libraries to $var in reverse order eval tmp_libs=\"\$$var\" new_libs= for deplib in $tmp_libs; do # FIXME: Pedantically, this is the right thing to do, so # that some nasty dependency loop isn't accidentally # broken: #new_libs="$deplib $new_libs" # Pragmatically, this seems to cause very few problems in # practice: case $deplib in -L*) new_libs="$deplib $new_libs" ;; -R*) ;; *) # And here is the reason: when a library appears more # than once as an explicit dependence of a library, or # is implicitly linked in more than once by the # compiler, it is considered special, and multiple # occurrences thereof are not removed. Compare this # with having the same library being listed as a # dependency of multiple other libraries: in this case, # we know (pedantically, we assume) the library does not # need to be listed more than once, so we keep only the # last copy. This is not always right, but it is rare # enough that we require users that really mean to play # such unportable linking tricks to link the library # using -Wl,-lname, so that libtool does not consider it # for duplicate removal. case " $specialdeplibs " in *" $deplib "*) new_libs="$deplib $new_libs" ;; *) case " $new_libs " in *" $deplib "*) ;; *) new_libs="$deplib $new_libs" ;; esac ;; esac ;; esac done tmp_libs= for deplib in $new_libs; do case $deplib in -L*) case " $tmp_libs " in *" $deplib "*) ;; *) func_append tmp_libs " $deplib" ;; esac ;; *) func_append tmp_libs " $deplib" ;; esac done eval $var=\"$tmp_libs\" done # for var fi # Last step: remove runtime libs from dependency_libs # (they stay in deplibs) tmp_libs= for i in $dependency_libs ; do case " $predeps $postdeps $compiler_lib_search_path " in *" $i "*) i="" ;; esac if test -n "$i" ; then func_append tmp_libs " $i" fi done dependency_libs=$tmp_libs done # for pass if test "$linkmode" = prog; then dlfiles="$newdlfiles" fi if test "$linkmode" = prog || test "$linkmode" = lib; then dlprefiles="$newdlprefiles" fi case $linkmode in oldlib) if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then func_warning "\`-dlopen' is ignored for archives" fi case " $deplibs" in *\ -l* | *\ -L*) func_warning "\`-l' and \`-L' are ignored for archives" ;; esac test -n "$rpath" && \ func_warning "\`-rpath' is ignored for archives" test -n "$xrpath" && \ func_warning "\`-R' is ignored for archives" test -n "$vinfo" && \ func_warning "\`-version-info/-version-number' is ignored for archives" test -n "$release" && \ func_warning "\`-release' is ignored for archives" test -n "$export_symbols$export_symbols_regex" && \ func_warning "\`-export-symbols' is ignored for archives" # Now set the variables for building old libraries. build_libtool_libs=no oldlibs="$output" func_append objs "$old_deplibs" ;; lib) # Make sure we only generate libraries of the form `libNAME.la'. case $outputname in lib*) func_stripname 'lib' '.la' "$outputname" name=$func_stripname_result eval shared_ext=\"$shrext_cmds\" eval libname=\"$libname_spec\" ;; *) test "$module" = no && \ func_fatal_help "libtool library \`$output' must begin with \`lib'" if test "$need_lib_prefix" != no; then # Add the "lib" prefix for modules if required func_stripname '' '.la' "$outputname" name=$func_stripname_result eval shared_ext=\"$shrext_cmds\" eval libname=\"$libname_spec\" else func_stripname '' '.la' "$outputname" libname=$func_stripname_result fi ;; esac if test -n "$objs"; then if test "$deplibs_check_method" != pass_all; then func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs" else echo $ECHO "*** Warning: Linking the shared library $output against the non-libtool" $ECHO "*** objects $objs is not portable!" func_append libobjs " $objs" fi fi test "$dlself" != no && \ func_warning "\`-dlopen self' is ignored for libtool libraries" set dummy $rpath shift test "$#" -gt 1 && \ func_warning "ignoring multiple \`-rpath's for a libtool library" install_libdir="$1" oldlibs= if test -z "$rpath"; then if test "$build_libtool_libs" = yes; then # Building a libtool convenience library. # Some compilers have problems with a `.al' extension so # convenience libraries should have the same extension an # archive normally would. oldlibs="$output_objdir/$libname.$libext $oldlibs" build_libtool_libs=convenience build_old_libs=yes fi test -n "$vinfo" && \ func_warning "\`-version-info/-version-number' is ignored for convenience libraries" test -n "$release" && \ func_warning "\`-release' is ignored for convenience libraries" else # Parse the version information argument. save_ifs="$IFS"; IFS=':' set dummy $vinfo 0 0 0 shift IFS="$save_ifs" test -n "$7" && \ func_fatal_help "too many parameters to \`-version-info'" # convert absolute version numbers to libtool ages # this retains compatibility with .la files and attempts # to make the code below a bit more comprehensible case $vinfo_number in yes) number_major="$1" number_minor="$2" number_revision="$3" # # There are really only two kinds -- those that # use the current revision as the major version # and those that subtract age and use age as # a minor version. But, then there is irix # which has an extra 1 added just for fun # case $version_type in # correct linux to gnu/linux during the next big refactor darwin|linux|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result age="$number_minor" revision="$number_revision" ;; freebsd-aout|freebsd-elf|qnx|sunos) current="$number_major" revision="$number_minor" age="0" ;; irix|nonstopux) func_arith $number_major + $number_minor current=$func_arith_result age="$number_minor" revision="$number_minor" lt_irix_increment=no ;; esac ;; no) current="$1" revision="$2" age="$3" ;; esac # Check that each of the things are valid numbers. case $current in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "CURRENT \`$current' must be a nonnegative integer" func_fatal_error "\`$vinfo' is not valid version information" ;; esac case $revision in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "REVISION \`$revision' must be a nonnegative integer" func_fatal_error "\`$vinfo' is not valid version information" ;; esac case $age in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "AGE \`$age' must be a nonnegative integer" func_fatal_error "\`$vinfo' is not valid version information" ;; esac if test "$age" -gt "$current"; then func_error "AGE \`$age' is greater than the current interface number \`$current'" func_fatal_error "\`$vinfo' is not valid version information" fi # Calculate the version variables. major= versuffix= verstring= case $version_type in none) ;; darwin) # Like Linux, but with the current version available in # verstring for coding it into the library header func_arith $current - $age major=.$func_arith_result versuffix="$major.$age.$revision" # Darwin ld doesn't like 0 for these options... func_arith $current + 1 minor_current=$func_arith_result xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision" verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" ;; freebsd-aout) major=".$current" versuffix=".$current.$revision"; ;; freebsd-elf) major=".$current" versuffix=".$current" ;; irix | nonstopux) if test "X$lt_irix_increment" = "Xno"; then func_arith $current - $age else func_arith $current - $age + 1 fi major=$func_arith_result case $version_type in nonstopux) verstring_prefix=nonstopux ;; *) verstring_prefix=sgi ;; esac verstring="$verstring_prefix$major.$revision" # Add in all the interfaces that we are compatible with. loop=$revision while test "$loop" -ne 0; do func_arith $revision - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result verstring="$verstring_prefix$major.$iface:$verstring" done # Before this point, $major must not contain `.'. major=.$major versuffix="$major.$revision" ;; linux) # correct to gnu/linux during the next big refactor func_arith $current - $age major=.$func_arith_result versuffix="$major.$age.$revision" ;; osf) func_arith $current - $age major=.$func_arith_result versuffix=".$current.$age.$revision" verstring="$current.$age.$revision" # Add in all the interfaces that we are compatible with. loop=$age while test "$loop" -ne 0; do func_arith $current - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result verstring="$verstring:${iface}.0" done # Make executables depend on our current version. func_append verstring ":${current}.0" ;; qnx) major=".$current" versuffix=".$current" ;; sunos) major=".$current" versuffix=".$current.$revision" ;; windows) # Use '-' rather than '.', since we only want one # extension on DOS 8.3 filesystems. func_arith $current - $age major=$func_arith_result versuffix="-$major" ;; *) func_fatal_configuration "unknown library version type \`$version_type'" ;; esac # Clear the version info if we defaulted, and they specified a release. if test -z "$vinfo" && test -n "$release"; then major= case $version_type in darwin) # we can't check for "0.0" in archive_cmds due to quoting # problems, so we reset it completely verstring= ;; *) verstring="0.0" ;; esac if test "$need_version" = no; then versuffix= else versuffix=".0.0" fi fi # Remove version info from name if versioning should be avoided if test "$avoid_version" = yes && test "$need_version" = no; then major= versuffix= verstring="" fi # Check to see if the archive will have undefined symbols. if test "$allow_undefined" = yes; then if test "$allow_undefined_flag" = unsupported; then func_warning "undefined symbols not allowed in $host shared libraries" build_libtool_libs=no build_old_libs=yes fi else # Don't allow undefined symbols. allow_undefined_flag="$no_undefined_flag" fi fi func_generate_dlsyms "$libname" "$libname" "yes" func_append libobjs " $symfileobj" test "X$libobjs" = "X " && libobjs= if test "$opt_mode" != relink; then # Remove our outputs, but don't remove object files since they # may have been created when compiling PIC objects. removelist= tempremovelist=`$ECHO "$output_objdir/*"` for p in $tempremovelist; do case $p in *.$objext | *.gcno) ;; $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*) if test "X$precious_files_regex" != "X"; then if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 then continue fi fi func_append removelist " $p" ;; *) ;; esac done test -n "$removelist" && \ func_show_eval "${RM}r \$removelist" fi # Now set the variables for building old libraries. if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then func_append oldlibs " $output_objdir/$libname.$libext" # Transform .lo files to .o files. oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; $lo2o" | $NL2SP` fi # Eliminate all temporary directories. #for path in $notinst_path; do # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` #done if test -n "$xrpath"; then # If the user specified any rpath flags, then add them. temp_xrpath= for libdir in $xrpath; do func_replace_sysroot "$libdir" func_append temp_xrpath " -R$func_replace_sysroot_result" case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac done if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then dependency_libs="$temp_xrpath $dependency_libs" fi fi # Make sure dlfiles contains only unique files that won't be dlpreopened old_dlfiles="$dlfiles" dlfiles= for lib in $old_dlfiles; do case " $dlprefiles $dlfiles " in *" $lib "*) ;; *) func_append dlfiles " $lib" ;; esac done # Make sure dlprefiles contains only unique files old_dlprefiles="$dlprefiles" dlprefiles= for lib in $old_dlprefiles; do case "$dlprefiles " in *" $lib "*) ;; *) func_append dlprefiles " $lib" ;; esac done if test "$build_libtool_libs" = yes; then if test -n "$rpath"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) # these systems don't actually have a c library (as such)! ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C library is in the System framework func_append deplibs " System.ltframework" ;; *-*-netbsd*) # Don't link with libc until the a.out ld.so is fixed. ;; *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc due to us having libc/libc_r. ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work ;; *) # Add libc to deplibs on all other systems if necessary. if test "$build_libtool_need_lc" = "yes"; then func_append deplibs " -lc" fi ;; esac fi # Transform deplibs into only deplibs that can be linked in shared. name_save=$name libname_save=$libname release_save=$release versuffix_save=$versuffix major_save=$major # I'm not sure if I'm treating the release correctly. I think # release should show up in the -l (ie -lgmp5) so we don't want to # add it in twice. Is that correct? release="" versuffix="" major="" newdeplibs= droppeddeps=no case $deplibs_check_method in pass_all) # Don't check for shared/static. Everything works. # This might be a little naive. We might want to check # whether the library exists or not. But this is on # osf3 & osf4 and I'm not really sure... Just # implementing what was already the behavior. newdeplibs=$deplibs ;; test_compile) # This code stresses the "libraries are programs" paradigm to its # limits. Maybe even breaks it. We compile a program, linking it # against the deplibs as a proxy for the library. Then we can check # whether they linked in statically or dynamically with ldd. $opt_dry_run || $RM conftest.c cat > conftest.c </dev/null` $nocaseglob else potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` fi for potent_lib in $potential_libs; do # Follow soft links. if ls -lLd "$potent_lib" 2>/dev/null | $GREP " -> " >/dev/null; then continue fi # The statement above tries to avoid entering an # endless loop below, in case of cyclic links. # We might still enter an endless loop, since a link # loop can be closed while we follow links, # but so what? potlib="$potent_lib" while test -h "$potlib" 2>/dev/null; do potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` case $potliblink in [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; *) potlib=`$ECHO "$potlib" | $SED 's,[^/]*$,,'`"$potliblink";; esac done if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | $SED -e 10q | $EGREP "$file_magic_regex" > /dev/null; then func_append newdeplibs " $a_deplib" a_deplib="" break 2 fi done done fi if test -n "$a_deplib" ; then droppeddeps=yes echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib" ; then $ECHO "*** with $libname but no candidates were found. (...for file magic test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" $ECHO "*** using a file magic. Last file checked: $potlib" fi fi ;; *) # Add a -L argument. func_append newdeplibs " $a_deplib" ;; esac done # Gone through all deplibs. ;; match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` for a_deplib in $deplibs; do case $a_deplib in -l*) func_stripname -l '' "$a_deplib" name=$func_stripname_result if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in *" $a_deplib "*) func_append newdeplibs " $a_deplib" a_deplib="" ;; esac fi if test -n "$a_deplib" ; then libname=`eval "\\$ECHO \"$libname_spec\""` for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do potential_libs=`ls $i/$libname[.-]* 2>/dev/null` for potent_lib in $potential_libs; do potlib="$potent_lib" # see symlink-check above in file_magic test if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ $EGREP "$match_pattern_regex" > /dev/null; then func_append newdeplibs " $a_deplib" a_deplib="" break 2 fi done done fi if test -n "$a_deplib" ; then droppeddeps=yes echo $ECHO "*** Warning: linker path does not have real file for library $a_deplib." echo "*** I have the capability to make that library automatically link in when" echo "*** you link to this library. But I can only do this if you have a" echo "*** shared version of the library, which you do not appear to have" echo "*** because I did check the linker path looking for a file starting" if test -z "$potlib" ; then $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" $ECHO "*** using a regex pattern. Last file checked: $potlib" fi fi ;; *) # Add a -L argument. func_append newdeplibs " $a_deplib" ;; esac done # Gone through all deplibs. ;; none | unknown | *) newdeplibs="" tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then for i in $predeps $postdeps ; do # can't use Xsed below, because $i might contain '/' tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s,$i,,"` done fi case $tmp_deplibs in *[!\ \ ]*) echo if test "X$deplibs_check_method" = "Xnone"; then echo "*** Warning: inter-library dependencies are not supported in this platform." else echo "*** Warning: inter-library dependencies are not known to be supported." fi echo "*** All declared inter-library dependencies are being dropped." droppeddeps=yes ;; esac ;; esac versuffix=$versuffix_save major=$major_save release=$release_save libname=$libname_save name=$name_save case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library with the System framework newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` ;; esac if test "$droppeddeps" = yes; then if test "$module" = yes; then echo echo "*** Warning: libtool could not satisfy all declared inter-library" $ECHO "*** dependencies of module $libname. Therefore, libtool will create" echo "*** a static module, that should work as long as the dlopening" echo "*** application is linked with the -dlopen flag." if test -z "$global_symbol_pipe"; then echo echo "*** However, this would only work if libtool was able to extract symbol" echo "*** lists from a program, using \`nm' or equivalent, but libtool could" echo "*** not find such a program. So, this module is probably useless." echo "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi else echo "*** The inter-library dependencies that have been dropped here will be" echo "*** automatically added whenever a program is linked with this library" echo "*** or is declared to -dlopen it." if test "$allow_undefined" = no; then echo echo "*** Since this library must not contain undefined symbols," echo "*** because either the platform does not support them or" echo "*** it was explicitly requested with -no-undefined," echo "*** libtool will only create a static version of it." if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi fi fi fi # Done checking deplibs! deplibs=$newdeplibs fi # Time to change all our "foo.ltframework" stuff back to "-framework foo" case $host in *-*-darwin*) newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac # move library search paths that coincide with paths to not yet # installed libraries to the beginning of the library search list new_libs= for path in $notinst_path; do case " $new_libs " in *" -L$path/$objdir "*) ;; *) case " $deplibs " in *" -L$path/$objdir "*) func_append new_libs " -L$path/$objdir" ;; esac ;; esac done for deplib in $deplibs; do case $deplib in -L*) case " $new_libs " in *" $deplib "*) ;; *) func_append new_libs " $deplib" ;; esac ;; *) func_append new_libs " $deplib" ;; esac done deplibs="$new_libs" # All the library-specific variables (install_libdir is set above). library_names= old_library= dlname= # Test again, we may have decided not to build it any more if test "$build_libtool_libs" = yes; then # Remove ${wl} instances when linking with ld. # FIXME: should test the right _cmds variable. case $archive_cmds in *\$LD\ *) wl= ;; esac if test "$hardcode_into_libs" = yes; then # Hardcode the library paths hardcode_libdirs= dep_rpath= rpath="$finalize_rpath" test "$opt_mode" != relink && rpath="$compile_rpath$rpath" for libdir in $rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then func_replace_sysroot "$libdir" libdir=$func_replace_sysroot_result if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" func_append dep_rpath " $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) func_append perm_rpath " $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" fi if test -n "$runpath_var" && test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do func_append rpath "$dir:" done eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" fi test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" fi shlibpath="$finalize_shlibpath" test "$opt_mode" != relink && shlibpath="$compile_shlibpath$shlibpath" if test -n "$shlibpath"; then eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" fi # Get the real and link names of the library. eval shared_ext=\"$shrext_cmds\" eval library_names=\"$library_names_spec\" set dummy $library_names shift realname="$1" shift if test -n "$soname_spec"; then eval soname=\"$soname_spec\" else soname="$realname" fi if test -z "$dlname"; then dlname=$soname fi lib="$output_objdir/$realname" linknames= for link do func_append linknames " $link" done # Use standard objects if they are pic test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` test "X$libobjs" = "X " && libobjs= delfiles= if test -n "$export_symbols" && test -n "$include_expsyms"; then $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" export_symbols="$output_objdir/$libname.uexp" func_append delfiles " $export_symbols" fi orig_export_symbols= case $host_os in cygwin* | mingw* | cegcc*) if test -n "$export_symbols" && test -z "$export_symbols_regex"; then # exporting using user supplied symfile if test "x`$SED 1q $export_symbols`" != xEXPORTS; then # and it's NOT already a .def file. Must figure out # which of the given symbols are data symbols and tag # them as such. So, trigger use of export_symbols_cmds. # export_symbols gets reassigned inside the "prepare # the list of exported symbols" if statement, so the # include_expsyms logic still works. orig_export_symbols="$export_symbols" export_symbols= always_export_symbols=yes fi fi ;; esac # Prepare the list of exported symbols if test -z "$export_symbols"; then if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then func_verbose "generating symbol list for \`$libname.la'" export_symbols="$output_objdir/$libname.exp" $opt_dry_run || $RM $export_symbols cmds=$export_symbols_cmds save_ifs="$IFS"; IFS='~' for cmd1 in $cmds; do IFS="$save_ifs" # Take the normal branch if the nm_file_list_spec branch # doesn't work or if tool conversion is not needed. case $nm_file_list_spec~$to_tool_file_cmd in *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) try_normal_branch=yes eval cmd=\"$cmd1\" func_len " $cmd" len=$func_len_result ;; *) try_normal_branch=no ;; esac if test "$try_normal_branch" = yes \ && { test "$len" -lt "$max_cmd_len" \ || test "$max_cmd_len" -le -1; } then func_show_eval "$cmd" 'exit $?' skipped_export=false elif test -n "$nm_file_list_spec"; then func_basename "$output" output_la=$func_basename_result save_libobjs=$libobjs save_output=$output output=${output_objdir}/${output_la}.nm func_to_tool_file "$output" libobjs=$nm_file_list_spec$func_to_tool_file_result func_append delfiles " $output" func_verbose "creating $NM input file list: $output" for obj in $save_libobjs; do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" done > "$output" eval cmd=\"$cmd1\" func_show_eval "$cmd" 'exit $?' output=$save_output libobjs=$save_libobjs skipped_export=false else # The command line is too long to execute in one step. func_verbose "using reloadable object file for export list..." skipped_export=: # Break out early, otherwise skipped_export may be # set to false by a later but shorter cmd. break fi done IFS="$save_ifs" if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi fi fi if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols="$export_symbols" test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of # 's' commands which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter func_append delfiles " $export_symbols $output_objdir/$libname.filter" export_symbols=$output_objdir/$libname.def $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi tmp_deplibs= for test_deplib in $deplibs; do case " $convenience " in *" $test_deplib "*) ;; *) func_append tmp_deplibs " $test_deplib" ;; esac done deplibs="$tmp_deplibs" if test -n "$convenience"; then if test -n "$whole_archive_flag_spec" && test "$compiler_needs_object" = yes && test -z "$libobjs"; then # extract the archives, so we have objects to list. # TODO: could optimize this to just extract one archive. whole_archive_flag_spec= fi if test -n "$whole_archive_flag_spec"; then save_libobjs=$libobjs eval libobjs=\"\$libobjs $whole_archive_flag_spec\" test "X$libobjs" = "X " && libobjs= else gentop="$output_objdir/${outputname}x" func_append generated " $gentop" func_extract_archives $gentop $convenience func_append libobjs " $func_extract_archives_result" test "X$libobjs" = "X " && libobjs= fi fi if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then eval flag=\"$thread_safe_flag_spec\" func_append linker_flags " $flag" fi # Make a backup of the uninstalled library when relinking if test "$opt_mode" = relink; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? fi # Do each of the archive commands. if test "$module" = yes && test -n "$module_cmds" ; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then eval test_cmds=\"$module_expsym_cmds\" cmds=$module_expsym_cmds else eval test_cmds=\"$module_cmds\" cmds=$module_cmds fi else if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then eval test_cmds=\"$archive_expsym_cmds\" cmds=$archive_expsym_cmds else eval test_cmds=\"$archive_cmds\" cmds=$archive_cmds fi fi if test "X$skipped_export" != "X:" && func_len " $test_cmds" && len=$func_len_result && test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then : else # The command line is too long to link in one step, link piecewise # or, if using GNU ld and skipped_export is not :, use a linker # script. # Save the value of $output and $libobjs because we want to # use them later. If we have whole_archive_flag_spec, we # want to use save_libobjs as it was before # whole_archive_flag_spec was expanded, because we can't # assume the linker understands whole_archive_flag_spec. # This may have to be revisited, in case too many # convenience libraries get linked in and end up exceeding # the spec. if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then save_libobjs=$libobjs fi save_output=$output func_basename "$output" output_la=$func_basename_result # Clear the reloadable object creation command queue and # initialize k to one. test_cmds= concat_cmds= objlist= last_robj= k=1 if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then output=${output_objdir}/${output_la}.lnkscript func_verbose "creating GNU ld script: $output" echo 'INPUT (' > $output for obj in $save_libobjs do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" >> $output done echo ')' >> $output func_append delfiles " $output" func_to_tool_file "$output" output=$func_to_tool_file_result elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then output=${output_objdir}/${output_la}.lnk func_verbose "creating linker input file list: $output" : > $output set x $save_libobjs shift firstobj= if test "$compiler_needs_object" = yes; then firstobj="$1 " shift fi for obj do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" >> $output done func_append delfiles " $output" func_to_tool_file "$output" output=$firstobj\"$file_list_spec$func_to_tool_file_result\" else if test -n "$save_libobjs"; then func_verbose "creating reloadable object files..." output=$output_objdir/$output_la-${k}.$objext eval test_cmds=\"$reload_cmds\" func_len " $test_cmds" len0=$func_len_result len=$len0 # Loop over the list of objects to be linked. for obj in $save_libobjs do func_len " $obj" func_arith $len + $func_len_result len=$func_arith_result if test "X$objlist" = X || test "$len" -lt "$max_cmd_len"; then func_append objlist " $obj" else # The command $test_cmds is almost too long, add a # command to the queue. if test "$k" -eq 1 ; then # The first file doesn't have a previous command to add. reload_objs=$objlist eval concat_cmds=\"$reload_cmds\" else # All subsequent reloadable object files will link in # the last one created. reload_objs="$objlist $last_robj" eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" fi last_robj=$output_objdir/$output_la-${k}.$objext func_arith $k + 1 k=$func_arith_result output=$output_objdir/$output_la-${k}.$objext objlist=" $obj" func_len " $last_robj" func_arith $len0 + $func_len_result len=$func_arith_result fi done # Handle the remaining objects by creating one last # reloadable object file. All subsequent reloadable object # files will link in the last one created. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ reload_objs="$objlist $last_robj" eval concat_cmds=\"\${concat_cmds}$reload_cmds\" if test -n "$last_robj"; then eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\" fi func_append delfiles " $output" else output= fi if ${skipped_export-false}; then func_verbose "generating symbol list for \`$libname.la'" export_symbols="$output_objdir/$libname.exp" $opt_dry_run || $RM $export_symbols libobjs=$output # Append the command to create the export file. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" if test -n "$last_robj"; then eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" fi fi test -n "$save_libobjs" && func_verbose "creating a temporary reloadable object file: $output" # Loop through the commands generated above and execute them. save_ifs="$IFS"; IFS='~' for cmd in $concat_cmds; do IFS="$save_ifs" $opt_silent || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? # Restore the uninstalled library and exit if test "$opt_mode" = relink; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) fi exit $lt_exit } done IFS="$save_ifs" if test -n "$export_symbols_regex" && ${skipped_export-false}; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi fi if ${skipped_export-false}; then if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols="$export_symbols" test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' fi if test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of # 's' commands which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter func_append delfiles " $export_symbols $output_objdir/$libname.filter" export_symbols=$output_objdir/$libname.def $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi fi libobjs=$output # Restore the value of output. output=$save_output if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then eval libobjs=\"\$libobjs $whole_archive_flag_spec\" test "X$libobjs" = "X " && libobjs= fi # Expand the library linking commands again to reset the # value of $libobjs for piecewise linking. # Do each of the archive commands. if test "$module" = yes && test -n "$module_cmds" ; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then cmds=$module_expsym_cmds else cmds=$module_cmds fi else if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then cmds=$archive_expsym_cmds else cmds=$archive_cmds fi fi fi if test -n "$delfiles"; then # Append the command to remove temporary files to $cmds. eval cmds=\"\$cmds~\$RM $delfiles\" fi # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then gentop="$output_objdir/${outputname}x" func_append generated " $gentop" func_extract_archives $gentop $dlprefiles func_append libobjs " $func_extract_archives_result" test "X$libobjs" = "X " && libobjs= fi save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $opt_silent || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? # Restore the uninstalled library and exit if test "$opt_mode" = relink; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) fi exit $lt_exit } done IFS="$save_ifs" # Restore the uninstalled library and exit if test "$opt_mode" = relink; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? if test -n "$convenience"; then if test -z "$whole_archive_flag_spec"; then func_show_eval '${RM}r "$gentop"' fi fi exit $EXIT_SUCCESS fi # Create links to the real library. for linkname in $linknames; do if test "$realname" != "$linkname"; then func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' fi done # If -module or -export-dynamic was specified, set the dlname. if test "$module" = yes || test "$export_dynamic" = yes; then # On all known operating systems, these are identical. dlname="$soname" fi fi ;; obj) if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then func_warning "\`-dlopen' is ignored for objects" fi case " $deplibs" in *\ -l* | *\ -L*) func_warning "\`-l' and \`-L' are ignored for objects" ;; esac test -n "$rpath" && \ func_warning "\`-rpath' is ignored for objects" test -n "$xrpath" && \ func_warning "\`-R' is ignored for objects" test -n "$vinfo" && \ func_warning "\`-version-info' is ignored for objects" test -n "$release" && \ func_warning "\`-release' is ignored for objects" case $output in *.lo) test -n "$objs$old_deplibs" && \ func_fatal_error "cannot build library object \`$output' from non-libtool objects" libobj=$output func_lo2o "$libobj" obj=$func_lo2o_result ;; *) libobj= obj="$output" ;; esac # Delete the old objects. $opt_dry_run || $RM $obj $libobj # Objects from convenience libraries. This assumes # single-version convenience libraries. Whenever we create # different ones for PIC/non-PIC, this we'll have to duplicate # the extraction. reload_conv_objs= gentop= # reload_cmds runs $LD directly, so let us get rid of # -Wl from whole_archive_flag_spec and hope we can get by with # turning comma into space.. wl= if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" reload_conv_objs=$reload_objs\ `$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` else gentop="$output_objdir/${obj}x" func_append generated " $gentop" func_extract_archives $gentop $convenience reload_conv_objs="$reload_objs $func_extract_archives_result" fi fi # If we're not building shared, we need to use non_pic_objs test "$build_libtool_libs" != yes && libobjs="$non_pic_objects" # Create the old-style object. reload_objs="$objs$old_deplibs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; /\.lib$/d; $lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test output="$obj" func_execute_cmds "$reload_cmds" 'exit $?' # Exit if we aren't doing a library object file. if test -z "$libobj"; then if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi exit $EXIT_SUCCESS fi if test "$build_libtool_libs" != yes; then if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi # Create an invalid libtool object if no PIC, so that we don't # accidentally link it into a program. # $show "echo timestamp > $libobj" # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? exit $EXIT_SUCCESS fi if test -n "$pic_flag" || test "$pic_mode" != default; then # Only do commands if we really have different PIC objects. reload_objs="$libobjs $reload_conv_objs" output="$libobj" func_execute_cmds "$reload_cmds" 'exit $?' fi if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi exit $EXIT_SUCCESS ;; prog) case $host in *cygwin*) func_stripname '' '.exe' "$output" output=$func_stripname_result.exe;; esac test -n "$vinfo" && \ func_warning "\`-version-info' is ignored for programs" test -n "$release" && \ func_warning "\`-release' is ignored for programs" test "$preload" = yes \ && test "$dlopen_support" = unknown \ && test "$dlopen_self" = unknown \ && test "$dlopen_self_static" = unknown && \ func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support." case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library is the System framework compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` ;; esac case $host in *-*-darwin*) # Don't allow lazy linking, it breaks C++ global constructors # But is supposedly fixed on 10.4 or later (yay!). if test "$tagname" = CXX ; then case ${MACOSX_DEPLOYMENT_TARGET-10.0} in 10.[0123]) func_append compile_command " ${wl}-bind_at_load" func_append finalize_command " ${wl}-bind_at_load" ;; esac fi # Time to change all our "foo.ltframework" stuff back to "-framework foo" compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac # move library search paths that coincide with paths to not yet # installed libraries to the beginning of the library search list new_libs= for path in $notinst_path; do case " $new_libs " in *" -L$path/$objdir "*) ;; *) case " $compile_deplibs " in *" -L$path/$objdir "*) func_append new_libs " -L$path/$objdir" ;; esac ;; esac done for deplib in $compile_deplibs; do case $deplib in -L*) case " $new_libs " in *" $deplib "*) ;; *) func_append new_libs " $deplib" ;; esac ;; *) func_append new_libs " $deplib" ;; esac done compile_deplibs="$new_libs" func_append compile_command " $compile_deplibs" func_append finalize_command " $finalize_deplibs" if test -n "$rpath$xrpath"; then # If the user specified any rpath flags, then add them. for libdir in $rpath $xrpath; do # This is the magic to use -rpath. case "$finalize_rpath " in *" $libdir "*) ;; *) func_append finalize_rpath " $libdir" ;; esac done fi # Now hardcode the library paths rpath= hardcode_libdirs= for libdir in $compile_rpath $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" func_append rpath " $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) func_append perm_rpath " $libdir" ;; esac fi case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'` case :$dllsearchpath: in *":$libdir:"*) ;; ::) dllsearchpath=$libdir;; *) func_append dllsearchpath ":$libdir";; esac case :$dllsearchpath: in *":$testbindir:"*) ;; ::) dllsearchpath=$testbindir;; *) func_append dllsearchpath ":$testbindir";; esac ;; esac done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" eval rpath=\" $hardcode_libdir_flag_spec\" fi compile_rpath="$rpath" rpath= hardcode_libdirs= for libdir in $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" func_append rpath " $flag" fi elif test -n "$runpath_var"; then case "$finalize_perm_rpath " in *" $libdir "*) ;; *) func_append finalize_perm_rpath " $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" eval rpath=\" $hardcode_libdir_flag_spec\" fi finalize_rpath="$rpath" if test -n "$libobjs" && test "$build_old_libs" = yes; then # Transform all the library objects into standard objects. compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` fi func_generate_dlsyms "$outputname" "@PROGRAM@" "no" # template prelinking step if test -n "$prelink_cmds"; then func_execute_cmds "$prelink_cmds" 'exit $?' fi wrappers_required=yes case $host in *cegcc* | *mingw32ce*) # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. wrappers_required=no ;; *cygwin* | *mingw* ) if test "$build_libtool_libs" != yes; then wrappers_required=no fi ;; *) if test "$need_relink" = no || test "$build_libtool_libs" != yes; then wrappers_required=no fi ;; esac if test "$wrappers_required" = no; then # Replace the output file specification. compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` link_command="$compile_command$compile_rpath" # We have no uninstalled library dependencies, so finalize right now. exit_status=0 func_show_eval "$link_command" 'exit_status=$?' if test -n "$postlink_cmds"; then func_to_tool_file "$output" postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` func_execute_cmds "$postlink_cmds" 'exit $?' fi # Delete the generated files. if test -f "$output_objdir/${outputname}S.${objext}"; then func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"' fi exit $exit_status fi if test -n "$compile_shlibpath$finalize_shlibpath"; then compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" fi if test -n "$finalize_shlibpath"; then finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" fi compile_var= finalize_var= if test -n "$runpath_var"; then if test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do func_append rpath "$dir:" done compile_var="$runpath_var=\"$rpath\$$runpath_var\" " fi if test -n "$finalize_perm_rpath"; then # We should set the runpath_var. rpath= for dir in $finalize_perm_rpath; do func_append rpath "$dir:" done finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " fi fi if test "$no_install" = yes; then # We don't need to create a wrapper script. link_command="$compile_var$compile_command$compile_rpath" # Replace the output file specification. link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` # Delete the old output file. $opt_dry_run || $RM $output # Link the executable and exit func_show_eval "$link_command" 'exit $?' if test -n "$postlink_cmds"; then func_to_tool_file "$output" postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` func_execute_cmds "$postlink_cmds" 'exit $?' fi exit $EXIT_SUCCESS fi if test "$hardcode_action" = relink; then # Fast installation is not supported link_command="$compile_var$compile_command$compile_rpath" relink_command="$finalize_var$finalize_command$finalize_rpath" func_warning "this platform does not like uninstalled shared libraries" func_warning "\`$output' will be relinked during installation" else if test "$fast_install" != no; then link_command="$finalize_var$compile_command$finalize_rpath" if test "$fast_install" = yes; then relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` else # fast_install is set to needless relink_command= fi else link_command="$compile_var$compile_command$compile_rpath" relink_command="$finalize_var$finalize_command$finalize_rpath" fi fi # Replace the output file specification. link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` # Delete the old output files. $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname func_show_eval "$link_command" 'exit $?' if test -n "$postlink_cmds"; then func_to_tool_file "$output_objdir/$outputname" postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` func_execute_cmds "$postlink_cmds" 'exit $?' fi # Now create the wrapper script. func_verbose "creating $output" # Quote the relink command for shipping. if test -n "$relink_command"; then # Preserve any variables that may affect compiler behavior for var in $variables_saved_for_relink; do if eval test -z \"\${$var+set}\"; then relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else func_quote_for_eval "$var_value" relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" fi done relink_command="(cd `pwd`; $relink_command)" relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` fi # Only actually do things if not in dry run mode. $opt_dry_run || { # win32 will think the script is a binary if it has # a .exe suffix, so we strip it off here. case $output in *.exe) func_stripname '' '.exe' "$output" output=$func_stripname_result ;; esac # test for cygwin because mv fails w/o .exe extensions case $host in *cygwin*) exeext=.exe func_stripname '' '.exe' "$outputname" outputname=$func_stripname_result ;; *) exeext= ;; esac case $host in *cygwin* | *mingw* ) func_dirname_and_basename "$output" "" "." output_name=$func_basename_result output_path=$func_dirname_result cwrappersource="$output_path/$objdir/lt-$output_name.c" cwrapper="$output_path/$output_name.exe" $RM $cwrappersource $cwrapper trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 func_emit_cwrapperexe_src > $cwrappersource # The wrapper executable is built using the $host compiler, # because it contains $host paths and files. If cross- # compiling, it, like the target executable, must be # executed on the $host or under an emulation environment. $opt_dry_run || { $LTCC $LTCFLAGS -o $cwrapper $cwrappersource $STRIP $cwrapper } # Now, create the wrapper script for func_source use: func_ltwrapper_scriptname $cwrapper $RM $func_ltwrapper_scriptname_result trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 $opt_dry_run || { # note: this script will not be executed, so do not chmod. if test "x$build" = "x$host" ; then $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result else func_emit_wrapper no > $func_ltwrapper_scriptname_result fi } ;; * ) $RM $output trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 func_emit_wrapper no > $output chmod +x $output ;; esac } exit $EXIT_SUCCESS ;; esac # See if we need to build an old-fashioned archive. for oldlib in $oldlibs; do if test "$build_libtool_libs" = convenience; then oldobjs="$libobjs_save $symfileobj" addlibs="$convenience" build_libtool_libs=no else if test "$build_libtool_libs" = module; then oldobjs="$libobjs_save" build_libtool_libs=no else oldobjs="$old_deplibs $non_pic_objects" if test "$preload" = yes && test -f "$symfileobj"; then func_append oldobjs " $symfileobj" fi fi addlibs="$old_convenience" fi if test -n "$addlibs"; then gentop="$output_objdir/${outputname}x" func_append generated " $gentop" func_extract_archives $gentop $addlibs func_append oldobjs " $func_extract_archives_result" fi # Do each command in the archive commands. if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then cmds=$old_archive_from_new_cmds else # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then gentop="$output_objdir/${outputname}x" func_append generated " $gentop" func_extract_archives $gentop $dlprefiles func_append oldobjs " $func_extract_archives_result" fi # POSIX demands no paths to be encoded in archives. We have # to avoid creating archives with duplicate basenames if we # might have to extract them afterwards, e.g., when creating a # static archive out of a convenience library, or when linking # the entirety of a libtool archive into another (currently # not supported by libtool). if (for obj in $oldobjs do func_basename "$obj" $ECHO "$func_basename_result" done | sort | sort -uc >/dev/null 2>&1); then : else echo "copying selected object files to avoid basename conflicts..." gentop="$output_objdir/${outputname}x" func_append generated " $gentop" func_mkdir_p "$gentop" save_oldobjs=$oldobjs oldobjs= counter=1 for obj in $save_oldobjs do func_basename "$obj" objbase="$func_basename_result" case " $oldobjs " in " ") oldobjs=$obj ;; *[\ /]"$objbase "*) while :; do # Make sure we don't pick an alternate name that also # overlaps. newobj=lt$counter-$objbase func_arith $counter + 1 counter=$func_arith_result case " $oldobjs " in *[\ /]"$newobj "*) ;; *) if test ! -f "$gentop/$newobj"; then break; fi ;; esac done func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" func_append oldobjs " $gentop/$newobj" ;; *) func_append oldobjs " $obj" ;; esac done fi func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 tool_oldlib=$func_to_tool_file_result eval cmds=\"$old_archive_cmds\" func_len " $cmds" len=$func_len_result if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then cmds=$old_archive_cmds elif test -n "$archiver_list_spec"; then func_verbose "using command file archive linking..." for obj in $oldobjs do func_to_tool_file "$obj" $ECHO "$func_to_tool_file_result" done > $output_objdir/$libname.libcmd func_to_tool_file "$output_objdir/$libname.libcmd" oldobjs=" $archiver_list_spec$func_to_tool_file_result" cmds=$old_archive_cmds else # the command line is too long to link in one step, link in parts func_verbose "using piecewise archive linking..." save_RANLIB=$RANLIB RANLIB=: objlist= concat_cmds= save_oldobjs=$oldobjs oldobjs= # Is there a better way of finding the last object in the list? for obj in $save_oldobjs do last_oldobj=$obj done eval test_cmds=\"$old_archive_cmds\" func_len " $test_cmds" len0=$func_len_result len=$len0 for obj in $save_oldobjs do func_len " $obj" func_arith $len + $func_len_result len=$func_arith_result func_append objlist " $obj" if test "$len" -lt "$max_cmd_len"; then : else # the above command should be used before it gets too long oldobjs=$objlist if test "$obj" = "$last_oldobj" ; then RANLIB=$save_RANLIB fi test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\" objlist= len=$len0 fi done RANLIB=$save_RANLIB oldobjs=$objlist if test "X$oldobjs" = "X" ; then eval cmds=\"\$concat_cmds\" else eval cmds=\"\$concat_cmds~\$old_archive_cmds\" fi fi fi func_execute_cmds "$cmds" 'exit $?' done test -n "$generated" && \ func_show_eval "${RM}r$generated" # Now create the libtool archive. case $output in *.la) old_library= test "$build_old_libs" = yes && old_library="$libname.$libext" func_verbose "creating $output" # Preserve any variables that may affect compiler behavior for var in $variables_saved_for_relink; do if eval test -z \"\${$var+set}\"; then relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else func_quote_for_eval "$var_value" relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" fi done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` if test "$hardcode_automatic" = yes ; then relink_command= fi # Only create the output if not a dry run. $opt_dry_run || { for installed in no yes; do if test "$installed" = yes; then if test -z "$install_libdir"; then break fi output="$output_objdir/$outputname"i # Replace all uninstalled libtool libraries with the installed ones newdependency_libs= for deplib in $dependency_libs; do case $deplib in *.la) func_basename "$deplib" name="$func_basename_result" func_resolve_sysroot "$deplib" eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` test -z "$libdir" && \ func_fatal_error "\`$deplib' is not a valid libtool archive" func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" ;; -L*) func_stripname -L '' "$deplib" func_replace_sysroot "$func_stripname_result" func_append newdependency_libs " -L$func_replace_sysroot_result" ;; -R*) func_stripname -R '' "$deplib" func_replace_sysroot "$func_stripname_result" func_append newdependency_libs " -R$func_replace_sysroot_result" ;; *) func_append newdependency_libs " $deplib" ;; esac done dependency_libs="$newdependency_libs" newdlfiles= for lib in $dlfiles; do case $lib in *.la) func_basename "$lib" name="$func_basename_result" eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ func_fatal_error "\`$lib' is not a valid libtool archive" func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" ;; *) func_append newdlfiles " $lib" ;; esac done dlfiles="$newdlfiles" newdlprefiles= for lib in $dlprefiles; do case $lib in *.la) # Only pass preopened files to the pseudo-archive (for # eventual linking with the app. that links it) if we # didn't already link the preopened objects directly into # the library: func_basename "$lib" name="$func_basename_result" eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ func_fatal_error "\`$lib' is not a valid libtool archive" func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" ;; esac done dlprefiles="$newdlprefiles" else newdlfiles= for lib in $dlfiles; do case $lib in [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; *) abs=`pwd`"/$lib" ;; esac func_append newdlfiles " $abs" done dlfiles="$newdlfiles" newdlprefiles= for lib in $dlprefiles; do case $lib in [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; *) abs=`pwd`"/$lib" ;; esac func_append newdlprefiles " $abs" done dlprefiles="$newdlprefiles" fi $RM $output # place dlname in correct position for cygwin # In fact, it would be nice if we could use this code for all target # systems that can't hard-code library paths into their executables # and that have no shared library path variable independent of PATH, # but it turns out we can't easily determine that from inspecting # libtool variables, so we have to hard-code the OSs to which it # applies here; at the moment, that means platforms that use the PE # object format with DLL files. See the long comment at the top of # tests/bindir.at for full details. tdlname=$dlname case $host,$output,$installed,$module,$dlname in *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) # If a -bindir argument was supplied, place the dll there. if test "x$bindir" != x ; then func_relative_path "$install_libdir" "$bindir" tdlname=$func_relative_path_result$dlname else # Otherwise fall back on heuristic. tdlname=../bin/$dlname fi ;; esac $ECHO > $output "\ # $outputname - a libtool library file # Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION # # Please DO NOT delete this file! # It is necessary for linking the library. # The name that we can dlopen(3). dlname='$tdlname' # Names of this library. library_names='$library_names' # The name of the static archive. old_library='$old_library' # Linker flags that can not go in dependency_libs. inherited_linker_flags='$new_inherited_linker_flags' # Libraries that this one depends upon. dependency_libs='$dependency_libs' # Names of additional weak libraries provided by this library weak_library_names='$weak_libs' # Version information for $libname. current=$current age=$age revision=$revision # Is this an already installed library? installed=$installed # Should we warn about portability when linking against -modules? shouldnotlink=$module # Files to dlopen/dlpreopen dlopen='$dlfiles' dlpreopen='$dlprefiles' # Directory that this library needs to be installed in: libdir='$install_libdir'" if test "$installed" = no && test "$need_relink" = yes; then $ECHO >> $output "\ relink_command=\"$relink_command\"" fi done } # Do a symbolic link so that the libtool archive can be found in # LD_LIBRARY_PATH before the program is installed. func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' ;; esac exit $EXIT_SUCCESS } { test "$opt_mode" = link || test "$opt_mode" = relink; } && func_mode_link ${1+"$@"} # func_mode_uninstall arg... func_mode_uninstall () { $opt_debug RM="$nonopt" files= rmforce= exit_status=0 # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic="$magic" for arg do case $arg in -f) func_append RM " $arg"; rmforce=yes ;; -*) func_append RM " $arg" ;; *) func_append files " $arg" ;; esac done test -z "$RM" && \ func_fatal_help "you must specify an RM program" rmdirs= for file in $files; do func_dirname "$file" "" "." dir="$func_dirname_result" if test "X$dir" = X.; then odir="$objdir" else odir="$dir/$objdir" fi func_basename "$file" name="$func_basename_result" test "$opt_mode" = uninstall && odir="$dir" # Remember odir for removal later, being careful to avoid duplicates if test "$opt_mode" = clean; then case " $rmdirs " in *" $odir "*) ;; *) func_append rmdirs " $odir" ;; esac fi # Don't error if the file doesn't exist and rm -f was used. if { test -L "$file"; } >/dev/null 2>&1 || { test -h "$file"; } >/dev/null 2>&1 || test -f "$file"; then : elif test -d "$file"; then exit_status=1 continue elif test "$rmforce" = yes; then continue fi rmfiles="$file" case $name in *.la) # Possibly a libtool archive, so verify it. if func_lalib_p "$file"; then func_source $dir/$name # Delete the libtool libraries and symlinks. for n in $library_names; do func_append rmfiles " $odir/$n" done test -n "$old_library" && func_append rmfiles " $odir/$old_library" case "$opt_mode" in clean) case " $library_names " in *" $dlname "*) ;; *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; esac test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" ;; uninstall) if test -n "$library_names"; then # Do each command in the postuninstall commands. func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' fi if test -n "$old_library"; then # Do each command in the old_postuninstall commands. func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' fi # FIXME: should reinstall the best remaining shared library. ;; esac fi ;; *.lo) # Possibly a libtool object, so verify it. if func_lalib_p "$file"; then # Read the .lo file func_source $dir/$name # Add PIC object to the list of files to remove. if test -n "$pic_object" && test "$pic_object" != none; then func_append rmfiles " $dir/$pic_object" fi # Add non-PIC object to the list of files to remove. if test -n "$non_pic_object" && test "$non_pic_object" != none; then func_append rmfiles " $dir/$non_pic_object" fi fi ;; *) if test "$opt_mode" = clean ; then noexename=$name case $file in *.exe) func_stripname '' '.exe' "$file" file=$func_stripname_result func_stripname '' '.exe' "$name" noexename=$func_stripname_result # $file with .exe has already been added to rmfiles, # add $file without .exe func_append rmfiles " $file" ;; esac # Do a test to see if this is a libtool program. if func_ltwrapper_p "$file"; then if func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" relink_command= func_source $func_ltwrapper_scriptname_result func_append rmfiles " $func_ltwrapper_scriptname_result" else relink_command= func_source $dir/$noexename fi # note $name still contains .exe if it was in $file originally # as does the version of $file that was added into $rmfiles func_append rmfiles " $odir/$name $odir/${name}S.${objext}" if test "$fast_install" = yes && test -n "$relink_command"; then func_append rmfiles " $odir/lt-$name" fi if test "X$noexename" != "X$name" ; then func_append rmfiles " $odir/lt-${noexename}.c" fi fi fi ;; esac func_show_eval "$RM $rmfiles" 'exit_status=1' done # Try to remove the ${objdir}s in the directories where we deleted files for dir in $rmdirs; do if test -d "$dir"; then func_show_eval "rmdir $dir >/dev/null 2>&1" fi done exit $exit_status } { test "$opt_mode" = uninstall || test "$opt_mode" = clean; } && func_mode_uninstall ${1+"$@"} test -z "$opt_mode" && { help="$generic_help" func_fatal_help "you must specify a MODE" } test -z "$exec_cmd" && \ func_fatal_help "invalid operation mode \`$opt_mode'" if test -n "$exec_cmd"; then eval exec "$exec_cmd" exit $EXIT_FAILURE fi exit $exit_status # The TAGs below are defined such that we never get into a situation # in which we disable both kinds of libraries. Given conflicting # choices, we go for a static library, that is the most portable, # since we can't tell whether shared libraries were disabled because # the user asked for that or because the platform doesn't support # them. This is particularly important on AIX, because we don't # support having both static and shared libraries enabled at the same # time on that platform, so we default to a shared-only configuration. # If a disable-shared tag is given, we'll fallback to a static-only # configuration. But we'll never go from static-only to shared-only. # ### BEGIN LIBTOOL TAG CONFIG: disable-shared build_libtool_libs=no build_old_libs=yes # ### END LIBTOOL TAG CONFIG: disable-shared # ### BEGIN LIBTOOL TAG CONFIG: disable-static build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` # ### END LIBTOOL TAG CONFIG: disable-static # Local Variables: # mode:shell-script # sh-indentation:2 # End: # vi:sw=2 sssd-1.11.5/build/PaxHeaders.13173/ar-lib0000644000000000000000000000013212320753507015742 xustar000000000000000030 mtime=1396954951.064882759 30 atime=1396954951.064882759 30 ctime=1396954961.514875054 sssd-1.11.5/build/ar-lib0000755002412700241270000001330212320753507016171 0ustar00jhrozekjhrozek00000000000000#! /bin/sh # Wrapper for Microsoft lib.exe me=ar-lib scriptversion=2012-03-01.08; # UTC # Copyright (C) 2010-2013 Free Software Foundation, Inc. # Written by Peter Rosin . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # This file is maintained in Automake, please report # bugs to or send patches to # . # func_error message func_error () { echo "$me: $1" 1>&2 exit 1 } file_conv= # func_file_conv build_file # Convert a $build file to $host form and store it in $file # Currently only supports Windows hosts. func_file_conv () { file=$1 case $file in / | /[!/]*) # absolute file, and not a UNC file if test -z "$file_conv"; then # lazily determine how to convert abs files case `uname -s` in MINGW*) file_conv=mingw ;; CYGWIN*) file_conv=cygwin ;; *) file_conv=wine ;; esac fi case $file_conv in mingw) file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` ;; cygwin) file=`cygpath -m "$file" || echo "$file"` ;; wine) file=`winepath -w "$file" || echo "$file"` ;; esac ;; esac } # func_at_file at_file operation archive # Iterate over all members in AT_FILE performing OPERATION on ARCHIVE # for each of them. # When interpreting the content of the @FILE, do NOT use func_file_conv, # since the user would need to supply preconverted file names to # binutils ar, at least for MinGW. func_at_file () { operation=$2 archive=$3 at_file_contents=`cat "$1"` eval set x "$at_file_contents" shift for member do $AR -NOLOGO $operation:"$member" "$archive" || exit $? done } case $1 in '') func_error "no command. Try '$0 --help' for more information." ;; -h | --h*) cat <])], [with_included_ltdl=yes], [AC_INCLUDES_DEFAULT] ) fi dnl If neither LT_CONFIG_LTDL_DIR, LTDL_CONVENIENCE nor LTDL_INSTALLABLE dnl was called yet, then for old times' sake, we assume libltdl is in an dnl eponymous directory: AC_PROVIDE_IFELSE([LT_CONFIG_LTDL_DIR], [], [_LT_CONFIG_LTDL_DIR([libltdl])]) AC_ARG_WITH([ltdl_include], [AS_HELP_STRING([--with-ltdl-include=DIR], [use the ltdl headers installed in DIR])]) if test -n "$with_ltdl_include"; then if test -f "$with_ltdl_include/ltdl.h"; then : else AC_MSG_ERROR([invalid ltdl include directory: `$with_ltdl_include']) fi else with_ltdl_include=no fi AC_ARG_WITH([ltdl_lib], [AS_HELP_STRING([--with-ltdl-lib=DIR], [use the libltdl.la installed in DIR])]) if test -n "$with_ltdl_lib"; then if test -f "$with_ltdl_lib/libltdl.la"; then : else AC_MSG_ERROR([invalid ltdl library directory: `$with_ltdl_lib']) fi else with_ltdl_lib=no fi case ,$with_included_ltdl,$with_ltdl_include,$with_ltdl_lib, in ,yes,no,no,) m4_case(m4_default(_LTDL_TYPE, [convenience]), [convenience], [_LTDL_CONVENIENCE], [installable], [_LTDL_INSTALLABLE], [m4_fatal([unknown libltdl build type: ]_LTDL_TYPE)]) ;; ,no,no,no,) # If the included ltdl is not to be used, then use the # preinstalled libltdl we found. AC_DEFINE([HAVE_LTDL], [1], [Define this if a modern libltdl is already installed]) LIBLTDL=-lltdl LTDLDEPS= LTDLINCL= ;; ,no*,no,*) AC_MSG_ERROR([`--with-ltdl-include' and `--with-ltdl-lib' options must be used together]) ;; *) with_included_ltdl=no LIBLTDL="-L$with_ltdl_lib -lltdl" LTDLDEPS= LTDLINCL="-I$with_ltdl_include" ;; esac INCLTDL="$LTDLINCL" # Report our decision... AC_MSG_CHECKING([where to find libltdl headers]) AC_MSG_RESULT([$LTDLINCL]) AC_MSG_CHECKING([where to find libltdl library]) AC_MSG_RESULT([$LIBLTDL]) _LTDL_SETUP dnl restore autoconf definition. m4_popdef([AC_LIBOBJ]) m4_popdef([AC_LIBSOURCES]) AC_CONFIG_COMMANDS_PRE([ _ltdl_libobjs= _ltdl_ltlibobjs= if test -n "$_LT_LIBOBJS"; then # Remove the extension. _lt_sed_drop_objext='s/\.o$//;s/\.obj$//' for i in `for i in $_LT_LIBOBJS; do echo "$i"; done | sed "$_lt_sed_drop_objext" | sort -u`; do _ltdl_libobjs="$_ltdl_libobjs $lt_libobj_prefix$i.$ac_objext" _ltdl_ltlibobjs="$_ltdl_ltlibobjs $lt_libobj_prefix$i.lo" done fi AC_SUBST([ltdl_LIBOBJS], [$_ltdl_libobjs]) AC_SUBST([ltdl_LTLIBOBJS], [$_ltdl_ltlibobjs]) ]) # Only expand once: m4_define([LTDL_INIT]) ])# LTDL_INIT # Old names: AU_DEFUN([AC_LIB_LTDL], [LTDL_INIT($@)]) AU_DEFUN([AC_WITH_LTDL], [LTDL_INIT($@)]) AU_DEFUN([LT_WITH_LTDL], [LTDL_INIT($@)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIB_LTDL], []) dnl AC_DEFUN([AC_WITH_LTDL], []) dnl AC_DEFUN([LT_WITH_LTDL], []) # _LTDL_SETUP # ----------- # Perform all the checks necessary for compilation of the ltdl objects # -- including compiler checks and header checks. This is a public # interface mainly for the benefit of libltdl's own configure.ac, most # other users should call LTDL_INIT instead. AC_DEFUN([_LTDL_SETUP], [AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([LT_SYS_MODULE_EXT])dnl AC_REQUIRE([LT_SYS_MODULE_PATH])dnl AC_REQUIRE([LT_SYS_DLSEARCH_PATH])dnl AC_REQUIRE([LT_LIB_DLLOAD])dnl AC_REQUIRE([LT_SYS_SYMBOL_USCORE])dnl AC_REQUIRE([LT_FUNC_DLSYM_USCORE])dnl AC_REQUIRE([LT_SYS_DLOPEN_DEPLIBS])dnl AC_REQUIRE([gl_FUNC_ARGZ])dnl m4_require([_LT_CHECK_OBJDIR])dnl m4_require([_LT_HEADER_DLFCN])dnl m4_require([_LT_CHECK_DLPREOPEN])dnl m4_require([_LT_DECL_SED])dnl dnl Don't require this, or it will be expanded earlier than the code dnl that sets the variables it relies on: _LT_ENABLE_INSTALL dnl _LTDL_MODE specific code must be called at least once: _LTDL_MODE_DISPATCH # In order that ltdl.c can compile, find out the first AC_CONFIG_HEADERS # the user used. This is so that ltdl.h can pick up the parent projects # config.h file, The first file in AC_CONFIG_HEADERS must contain the # definitions required by ltdl.c. # FIXME: Remove use of undocumented AC_LIST_HEADERS (2.59 compatibility). AC_CONFIG_COMMANDS_PRE([dnl m4_pattern_allow([^LT_CONFIG_H$])dnl m4_ifset([AH_HEADER], [LT_CONFIG_H=AH_HEADER], [m4_ifset([AC_LIST_HEADERS], [LT_CONFIG_H=`echo "AC_LIST_HEADERS" | $SED 's,^[[ ]]*,,;s,[[ :]].*$,,'`], [])])]) AC_SUBST([LT_CONFIG_H]) AC_CHECK_HEADERS([unistd.h dl.h sys/dl.h dld.h mach-o/dyld.h dirent.h], [], [], [AC_INCLUDES_DEFAULT]) AC_CHECK_FUNCS([closedir opendir readdir], [], [AC_LIBOBJ([lt__dirent])]) AC_CHECK_FUNCS([strlcat strlcpy], [], [AC_LIBOBJ([lt__strl])]) m4_pattern_allow([LT_LIBEXT])dnl AC_DEFINE_UNQUOTED([LT_LIBEXT],["$libext"],[The archive extension]) name= eval "lt_libprefix=\"$libname_spec\"" m4_pattern_allow([LT_LIBPREFIX])dnl AC_DEFINE_UNQUOTED([LT_LIBPREFIX],["$lt_libprefix"],[The archive prefix]) name=ltdl eval "LTDLOPEN=\"$libname_spec\"" AC_SUBST([LTDLOPEN]) ])# _LTDL_SETUP # _LT_ENABLE_INSTALL # ------------------ m4_define([_LT_ENABLE_INSTALL], [AC_ARG_ENABLE([ltdl-install], [AS_HELP_STRING([--enable-ltdl-install], [install libltdl])]) case ,${enable_ltdl_install},${enable_ltdl_convenience} in *yes*) ;; *) enable_ltdl_convenience=yes ;; esac m4_ifdef([AM_CONDITIONAL], [AM_CONDITIONAL(INSTALL_LTDL, test x"${enable_ltdl_install-no}" != xno) AM_CONDITIONAL(CONVENIENCE_LTDL, test x"${enable_ltdl_convenience-no}" != xno)]) ])# _LT_ENABLE_INSTALL # LT_SYS_DLOPEN_DEPLIBS # --------------------- AC_DEFUN([LT_SYS_DLOPEN_DEPLIBS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_CACHE_CHECK([whether deplibs are loaded by dlopen], [lt_cv_sys_dlopen_deplibs], [# PORTME does your system automatically load deplibs for dlopen? # or its logical equivalent (e.g. shl_load for HP-UX < 11) # For now, we just catch OSes we know something about -- in the # future, we'll try test this programmatically. lt_cv_sys_dlopen_deplibs=unknown case $host_os in aix3*|aix4.1.*|aix4.2.*) # Unknown whether this is true for these versions of AIX, but # we want this `case' here to explicitly catch those versions. lt_cv_sys_dlopen_deplibs=unknown ;; aix[[4-9]]*) lt_cv_sys_dlopen_deplibs=yes ;; amigaos*) case $host_cpu in powerpc) lt_cv_sys_dlopen_deplibs=no ;; esac ;; darwin*) # Assuming the user has installed a libdl from somewhere, this is true # If you are looking for one http://www.opendarwin.org/projects/dlcompat lt_cv_sys_dlopen_deplibs=yes ;; freebsd* | dragonfly*) lt_cv_sys_dlopen_deplibs=yes ;; gnu* | linux* | k*bsd*-gnu | kopensolaris*-gnu) # GNU and its variants, using gnu ld.so (Glibc) lt_cv_sys_dlopen_deplibs=yes ;; hpux10*|hpux11*) lt_cv_sys_dlopen_deplibs=yes ;; interix*) lt_cv_sys_dlopen_deplibs=yes ;; irix[[12345]]*|irix6.[[01]]*) # Catch all versions of IRIX before 6.2, and indicate that we don't # know how it worked for any of those versions. lt_cv_sys_dlopen_deplibs=unknown ;; irix*) # The case above catches anything before 6.2, and it's known that # at 6.2 and later dlopen does load deplibs. lt_cv_sys_dlopen_deplibs=yes ;; netbsd*) lt_cv_sys_dlopen_deplibs=yes ;; openbsd*) lt_cv_sys_dlopen_deplibs=yes ;; osf[[1234]]*) # dlopen did load deplibs (at least at 4.x), but until the 5.x series, # it did *not* use an RPATH in a shared library to find objects the # library depends on, so we explicitly say `no'. lt_cv_sys_dlopen_deplibs=no ;; osf5.0|osf5.0a|osf5.1) # dlopen *does* load deplibs and with the right loader patch applied # it even uses RPATH in a shared library to search for shared objects # that the library depends on, but there's no easy way to know if that # patch is installed. Since this is the case, all we can really # say is unknown -- it depends on the patch being installed. If # it is, this changes to `yes'. Without it, it would be `no'. lt_cv_sys_dlopen_deplibs=unknown ;; osf*) # the two cases above should catch all versions of osf <= 5.1. Read # the comments above for what we know about them. # At > 5.1, deplibs are loaded *and* any RPATH in a shared library # is used to find them so we can finally say `yes'. lt_cv_sys_dlopen_deplibs=yes ;; qnx*) lt_cv_sys_dlopen_deplibs=yes ;; solaris*) lt_cv_sys_dlopen_deplibs=yes ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) libltdl_cv_sys_dlopen_deplibs=yes ;; esac ]) if test "$lt_cv_sys_dlopen_deplibs" != yes; then AC_DEFINE([LTDL_DLOPEN_DEPLIBS], [1], [Define if the OS needs help to load dependent libraries for dlopen().]) fi ])# LT_SYS_DLOPEN_DEPLIBS # Old name: AU_ALIAS([AC_LTDL_SYS_DLOPEN_DEPLIBS], [LT_SYS_DLOPEN_DEPLIBS]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LTDL_SYS_DLOPEN_DEPLIBS], []) # LT_SYS_MODULE_EXT # ----------------- AC_DEFUN([LT_SYS_MODULE_EXT], [m4_require([_LT_SYS_DYNAMIC_LINKER])dnl AC_CACHE_CHECK([which extension is used for runtime loadable modules], [libltdl_cv_shlibext], [ module=yes eval libltdl_cv_shlibext=$shrext_cmds module=no eval libltdl_cv_shrext=$shrext_cmds ]) if test -n "$libltdl_cv_shlibext"; then m4_pattern_allow([LT_MODULE_EXT])dnl AC_DEFINE_UNQUOTED([LT_MODULE_EXT], ["$libltdl_cv_shlibext"], [Define to the extension used for runtime loadable modules, say, ".so".]) fi if test "$libltdl_cv_shrext" != "$libltdl_cv_shlibext"; then m4_pattern_allow([LT_SHARED_EXT])dnl AC_DEFINE_UNQUOTED([LT_SHARED_EXT], ["$libltdl_cv_shrext"], [Define to the shared library suffix, say, ".dylib".]) fi ])# LT_SYS_MODULE_EXT # Old name: AU_ALIAS([AC_LTDL_SHLIBEXT], [LT_SYS_MODULE_EXT]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LTDL_SHLIBEXT], []) # LT_SYS_MODULE_PATH # ------------------ AC_DEFUN([LT_SYS_MODULE_PATH], [m4_require([_LT_SYS_DYNAMIC_LINKER])dnl AC_CACHE_CHECK([which variable specifies run-time module search path], [lt_cv_module_path_var], [lt_cv_module_path_var="$shlibpath_var"]) if test -n "$lt_cv_module_path_var"; then m4_pattern_allow([LT_MODULE_PATH_VAR])dnl AC_DEFINE_UNQUOTED([LT_MODULE_PATH_VAR], ["$lt_cv_module_path_var"], [Define to the name of the environment variable that determines the run-time module search path.]) fi ])# LT_SYS_MODULE_PATH # Old name: AU_ALIAS([AC_LTDL_SHLIBPATH], [LT_SYS_MODULE_PATH]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LTDL_SHLIBPATH], []) # LT_SYS_DLSEARCH_PATH # -------------------- AC_DEFUN([LT_SYS_DLSEARCH_PATH], [m4_require([_LT_SYS_DYNAMIC_LINKER])dnl AC_CACHE_CHECK([for the default library search path], [lt_cv_sys_dlsearch_path], [lt_cv_sys_dlsearch_path="$sys_lib_dlsearch_path_spec"]) if test -n "$lt_cv_sys_dlsearch_path"; then sys_dlsearch_path= for dir in $lt_cv_sys_dlsearch_path; do if test -z "$sys_dlsearch_path"; then sys_dlsearch_path="$dir" else sys_dlsearch_path="$sys_dlsearch_path$PATH_SEPARATOR$dir" fi done m4_pattern_allow([LT_DLSEARCH_PATH])dnl AC_DEFINE_UNQUOTED([LT_DLSEARCH_PATH], ["$sys_dlsearch_path"], [Define to the system default library search path.]) fi ])# LT_SYS_DLSEARCH_PATH # Old name: AU_ALIAS([AC_LTDL_SYSSEARCHPATH], [LT_SYS_DLSEARCH_PATH]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LTDL_SYSSEARCHPATH], []) # _LT_CHECK_DLPREOPEN # ------------------- m4_defun([_LT_CHECK_DLPREOPEN], [m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl AC_CACHE_CHECK([whether libtool supports -dlopen/-dlpreopen], [libltdl_cv_preloaded_symbols], [if test -n "$lt_cv_sys_global_symbol_pipe"; then libltdl_cv_preloaded_symbols=yes else libltdl_cv_preloaded_symbols=no fi ]) if test x"$libltdl_cv_preloaded_symbols" = xyes; then AC_DEFINE([HAVE_PRELOADED_SYMBOLS], [1], [Define if libtool can extract symbol lists from object files.]) fi ])# _LT_CHECK_DLPREOPEN # LT_LIB_DLLOAD # ------------- AC_DEFUN([LT_LIB_DLLOAD], [m4_pattern_allow([^LT_DLLOADERS$]) LT_DLLOADERS= AC_SUBST([LT_DLLOADERS]) AC_LANG_PUSH([C]) LIBADD_DLOPEN= AC_SEARCH_LIBS([dlopen], [dl], [AC_DEFINE([HAVE_LIBDL], [1], [Define if you have the libdl library or equivalent.]) if test "$ac_cv_search_dlopen" != "none required" ; then LIBADD_DLOPEN="-ldl" fi libltdl_cv_lib_dl_dlopen="yes" LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la"], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#if HAVE_DLFCN_H # include #endif ]], [[dlopen(0, 0);]])], [AC_DEFINE([HAVE_LIBDL], [1], [Define if you have the libdl library or equivalent.]) libltdl_cv_func_dlopen="yes" LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la"], [AC_CHECK_LIB([svld], [dlopen], [AC_DEFINE([HAVE_LIBDL], [1], [Define if you have the libdl library or equivalent.]) LIBADD_DLOPEN="-lsvld" libltdl_cv_func_dlopen="yes" LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la"])])]) if test x"$libltdl_cv_func_dlopen" = xyes || test x"$libltdl_cv_lib_dl_dlopen" = xyes then lt_save_LIBS="$LIBS" LIBS="$LIBS $LIBADD_DLOPEN" AC_CHECK_FUNCS([dlerror]) LIBS="$lt_save_LIBS" fi AC_SUBST([LIBADD_DLOPEN]) LIBADD_SHL_LOAD= AC_CHECK_FUNC([shl_load], [AC_DEFINE([HAVE_SHL_LOAD], [1], [Define if you have the shl_load function.]) LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}shl_load.la"], [AC_CHECK_LIB([dld], [shl_load], [AC_DEFINE([HAVE_SHL_LOAD], [1], [Define if you have the shl_load function.]) LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}shl_load.la" LIBADD_SHL_LOAD="-ldld"])]) AC_SUBST([LIBADD_SHL_LOAD]) case $host_os in darwin[[1567]].*) # We only want this for pre-Mac OS X 10.4. AC_CHECK_FUNC([_dyld_func_lookup], [AC_DEFINE([HAVE_DYLD], [1], [Define if you have the _dyld_func_lookup function.]) LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dyld.la"]) ;; beos*) LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}load_add_on.la" ;; cygwin* | mingw* | os2* | pw32*) AC_CHECK_DECLS([cygwin_conv_path], [], [], [[#include ]]) LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}loadlibrary.la" ;; esac AC_CHECK_LIB([dld], [dld_link], [AC_DEFINE([HAVE_DLD], [1], [Define if you have the GNU dld library.]) LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dld_link.la"]) AC_SUBST([LIBADD_DLD_LINK]) m4_pattern_allow([^LT_DLPREOPEN$]) LT_DLPREOPEN= if test -n "$LT_DLLOADERS" then for lt_loader in $LT_DLLOADERS; do LT_DLPREOPEN="$LT_DLPREOPEN-dlpreopen $lt_loader " done AC_DEFINE([HAVE_LIBDLLOADER], [1], [Define if libdlloader will be built on this platform]) fi AC_SUBST([LT_DLPREOPEN]) dnl This isn't used anymore, but set it for backwards compatibility LIBADD_DL="$LIBADD_DLOPEN $LIBADD_SHL_LOAD" AC_SUBST([LIBADD_DL]) AC_LANG_POP ])# LT_LIB_DLLOAD # Old name: AU_ALIAS([AC_LTDL_DLLIB], [LT_LIB_DLLOAD]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LTDL_DLLIB], []) # LT_SYS_SYMBOL_USCORE # -------------------- # does the compiler prefix global symbols with an underscore? AC_DEFUN([LT_SYS_SYMBOL_USCORE], [m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl AC_CACHE_CHECK([for _ prefix in compiled symbols], [lt_cv_sys_symbol_underscore], [lt_cv_sys_symbol_underscore=no cat > conftest.$ac_ext <<_LT_EOF void nm_test_func(){} int main(){nm_test_func;return 0;} _LT_EOF if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. ac_nlist=conftest.nm if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $ac_nlist) && test -s "$ac_nlist"; then # See whether the symbols have a leading underscore. if grep '^. _nm_test_func' "$ac_nlist" >/dev/null; then lt_cv_sys_symbol_underscore=yes else if grep '^. nm_test_func ' "$ac_nlist" >/dev/null; then : else echo "configure: cannot find nm_test_func in $ac_nlist" >&AS_MESSAGE_LOG_FD fi fi else echo "configure: cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD fi else echo "configure: failed program was:" >&AS_MESSAGE_LOG_FD cat conftest.c >&AS_MESSAGE_LOG_FD fi rm -rf conftest* ]) sys_symbol_underscore=$lt_cv_sys_symbol_underscore AC_SUBST([sys_symbol_underscore]) ])# LT_SYS_SYMBOL_USCORE # Old name: AU_ALIAS([AC_LTDL_SYMBOL_USCORE], [LT_SYS_SYMBOL_USCORE]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LTDL_SYMBOL_USCORE], []) # LT_FUNC_DLSYM_USCORE # -------------------- AC_DEFUN([LT_FUNC_DLSYM_USCORE], [AC_REQUIRE([LT_SYS_SYMBOL_USCORE])dnl if test x"$lt_cv_sys_symbol_underscore" = xyes; then if test x"$libltdl_cv_func_dlopen" = xyes || test x"$libltdl_cv_lib_dl_dlopen" = xyes ; then AC_CACHE_CHECK([whether we have to add an underscore for dlsym], [libltdl_cv_need_uscore], [libltdl_cv_need_uscore=unknown save_LIBS="$LIBS" LIBS="$LIBS $LIBADD_DLOPEN" _LT_TRY_DLOPEN_SELF( [libltdl_cv_need_uscore=no], [libltdl_cv_need_uscore=yes], [], [libltdl_cv_need_uscore=cross]) LIBS="$save_LIBS" ]) fi fi if test x"$libltdl_cv_need_uscore" = xyes; then AC_DEFINE([NEED_USCORE], [1], [Define if dlsym() requires a leading underscore in symbol names.]) fi ])# LT_FUNC_DLSYM_USCORE # Old name: AU_ALIAS([AC_LTDL_DLSYM_USCORE], [LT_FUNC_DLSYM_USCORE]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LTDL_DLSYM_USCORE], []) # Copyright (C) 2002-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.13' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. m4_if([$1], [1.13.4], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) # _AM_AUTOCONF_VERSION(VERSION) # ----------------------------- # aclocal traces this macro to find the Autoconf version. # This is a private macro too. Using m4_define simplifies # the logic in aclocal, which can simply ignore this definition. m4_define([_AM_AUTOCONF_VERSION], []) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.13.4])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # Copyright (C) 2011-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_AR([ACT-IF-FAIL]) # ------------------------- # Try to determine the archiver interface, and trigger the ar-lib wrapper # if it is needed. If the detection of archiver interface fails, run # ACT-IF-FAIL (default is to abort configure with a proper error message). AC_DEFUN([AM_PROG_AR], [AC_BEFORE([$0], [LT_INIT])dnl AC_BEFORE([$0], [AC_PROG_LIBTOOL])dnl AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([ar-lib])dnl AC_CHECK_TOOLS([AR], [ar lib "link -lib"], [false]) : ${AR=ar} AC_CACHE_CHECK([the archiver ($AR) interface], [am_cv_ar_interface], [am_cv_ar_interface=ar AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int some_variable = 0;]])], [am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&AS_MESSAGE_LOG_FD' AC_TRY_EVAL([am_ar_try]) if test "$ac_status" -eq 0; then am_cv_ar_interface=ar else am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&AS_MESSAGE_LOG_FD' AC_TRY_EVAL([am_ar_try]) if test "$ac_status" -eq 0; then am_cv_ar_interface=lib else am_cv_ar_interface=unknown fi fi rm -f conftest.lib libconftest.a ]) ]) case $am_cv_ar_interface in ar) ;; lib) # Microsoft lib, so override with the ar-lib wrapper script. # FIXME: It is wrong to rewrite AR. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__AR in this case, # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something # similar. AR="$am_aux_dir/ar-lib $AR" ;; unknown) m4_default([$1], [AC_MSG_ERROR([could not determine $AR interface])]) ;; esac AC_SUBST([AR])dnl ]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets # $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to # '$srcdir', '$srcdir/..', or '$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and # therefore $ac_aux_dir as well) can be either absolute or relative, # depending on how configure is run. This is pretty annoying, since # it makes $ac_aux_dir quite unusable in subdirectories: in the top # source directory, any form will work fine, but in subdirectories a # relative path needs to be adjusted first. # # $ac_aux_dir/missing # fails when called from a subdirectory if $ac_aux_dir is relative # $top_srcdir/$ac_aux_dir/missing # fails if $ac_aux_dir is absolute, # fails when called from a subdirectory in a VPATH build with # a relative $ac_aux_dir # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually # harmless because $srcdir is '.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, # iff we strip the leading $srcdir from $ac_aux_dir. That would be: # am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` # and then we would define $MISSING as # MISSING="\${SHELL} $am_aux_dir/missing" # This will work as long as MISSING is not called from configure, because # unfortunately $(top_srcdir) has no meaning in configure. # However there are other variables, like CC, which are often used in # configure, and could therefore not use this "fixed" $ac_aux_dir. # # Another solution, used here, is to always expand $ac_aux_dir to an # absolute PATH. The drawback is that using absolute paths prevent a # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], [dnl Rely on autoconf to set up CDPATH properly. AC_PREREQ([2.50])dnl # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ([2.52])dnl m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl _AM_SUBST_NOTMAKE([$1_FALSE])dnl m4_define([_AM_COND_VALUE_$1], [$2])dnl if $2; then $1_TRUE= $1_FALSE='#' else $1_TRUE='#' $1_FALSE= fi AC_CONFIG_COMMANDS_PRE( [if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then AC_MSG_ERROR([[conditional "$1" was never defined. Usually this means the macro was only invoked conditionally.]]) fi])]) # Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, # will think it sees a *use*, and therefore will trigger all it's # C support machinery. Also note that it means that autoscan, seeing # CC etc. in the Makefile, will ask for an AC_PROG_CC use... # _AM_DEPENDENCIES(NAME) # ---------------------- # See how the compiler implements dependency checking. # NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC". # We try a few techniques and use that to set a single cache variable. # # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was # modified to invoke _AM_DEPENDENCIES(CC); we would have a circular # dependency, and given that the user is not expected to run this macro, # just rely on AC_PROG_CC. AC_DEFUN([_AM_DEPENDENCIES], [AC_REQUIRE([AM_SET_DEPDIR])dnl AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl AC_REQUIRE([AM_MAKE_INCLUDE])dnl AC_REQUIRE([AM_DEP_TRACK])dnl m4_if([$1], [CC], [depcc="$CC" am_compiler_list=], [$1], [CXX], [depcc="$CXX" am_compiler_list=], [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'], [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'], [$1], [UPC], [depcc="$UPC" am_compiler_list=], [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'], [depcc="$$1" am_compiler_list=]) AC_CACHE_CHECK([dependency style of $depcc], [am_cv_$1_dependencies_compiler_type], [if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named 'D' -- because '-MD' means "put the output # in D". rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_$1_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` fi am__universal=false m4_case([$1], [CC], [case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac], [CXX], [case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac]) for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with # Solaris 10 /bin/sh. echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle '-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # After this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_$1_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_$1_dependencies_compiler_type=none fi ]) AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) AM_CONDITIONAL([am__fastdep$1], [ test "x$enable_dependency_tracking" != xno \ && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) ]) # AM_SET_DEPDIR # ------------- # Choose a directory name for dependency files. # This macro is AC_REQUIREd in _AM_DEPENDENCIES. AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl ]) # AM_DEP_TRACK # ------------ AC_DEFUN([AM_DEP_TRACK], [AC_ARG_ENABLE([dependency-tracking], [dnl AS_HELP_STRING( [--enable-dependency-tracking], [do not reject slow dependency extractors]) AS_HELP_STRING( [--disable-dependency-tracking], [speeds up one-time build])]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' am__nodep='_no' fi AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) AC_SUBST([AMDEPBACKSLASH])dnl _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl AC_SUBST([am__nodep])dnl _AM_SUBST_NOTMAKE([am__nodep])dnl ]) # Generate code to set up dependency tracking. -*- Autoconf -*- # Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [{ # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in *\'*) eval set x "$CONFIG_FILES" ;; *) set x $CONFIG_FILES ;; esac shift for mf do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named 'Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`AS_DIRNAME("$mf")` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running 'make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "$am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`AS_DIRNAME(["$file"])` AS_MKDIR_P([$dirpart/$fdir]) # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done } ])# _AM_OUTPUT_DEPENDENCY_COMMANDS # AM_OUTPUT_DEPENDENCY_COMMANDS # ----------------------------- # This macro should only be invoked once -- use via AC_REQUIRE. # # This code is only required when automatic dependency tracking # is enabled. FIXME. This creates each '.P' file that we will # need in order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) ]) # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) # AM_INIT_AUTOMAKE([OPTIONS]) # ----------------------------------------------- # The call with PACKAGE and VERSION arguments is the old style # call (pre autoconf-2.50), which is being phased out. PACKAGE # and VERSION should now be passed to AC_INIT and removed from # the call to AM_INIT_AUTOMAKE. # We support both call styles for the transition. After # the next Automake release, Autoconf can make the AC_INIT # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.65])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl # test to see if srcdir already configured if test -f $srcdir/config.status; then AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi AC_SUBST([CYGPATH_W]) # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], [AC_DIAGNOSE([obsolete], [$0: two- and three-arguments forms are deprecated.]) m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. m4_if( m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), [ok:ok],, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, [AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package]) AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}]) AM_MISSING_PROG([AUTOCONF], [autoconf]) AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}]) AM_MISSING_PROG([AUTOHEADER], [autoheader]) AM_MISSING_PROG([MAKEINFO], [makeinfo]) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: # # AC_SUBST([mkdir_p], ['$(MKDIR_P)']) # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], [_AM_DEPENDENCIES([CC])], [m4_define([AC_PROG_CC], m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], [_AM_DEPENDENCIES([CXX])], [m4_define([AC_PROG_CXX], m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], [_AM_DEPENDENCIES([OBJC])], [m4_define([AC_PROG_OBJC], m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], [_AM_DEPENDENCIES([OBJCXX])], [m4_define([AC_PROG_OBJCXX], m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl ]) AC_REQUIRE([AM_SILENT_RULES])dnl dnl The testsuite driver may need to know about EXEEXT, so add the dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below. AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl ]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further dnl mangled by Autoconf and run in a shell conditional statement. m4_define([_AC_COMPILER_EXEEXT], m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header # that is generated. The stamp files are numbered to have different names. # Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the # loop where config.status creates the headers, so we can generate # our stamp files there. AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers. _am_arg=$1 _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_SH # ------------------ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi AC_SUBST([install_sh])]) # Copyright (C) 2003-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null AC_SUBST([am__leading_dot])]) # Check to see how 'make' treats includes. -*- Autoconf -*- # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_MAKE_INCLUDE() # ----------------- # Check to see how make treats includes. AC_DEFUN([AM_MAKE_INCLUDE], [am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. AC_MSG_CHECKING([for style of include used by $am_make]) am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # Ignore all kinds of additional output from 'make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include am__quote= _am_result=GNU ;; esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=.include am__quote="\"" _am_result=BSD ;; esac fi AC_SUBST([am__include]) AC_SUBST([am__quote]) AC_MSG_RESULT([$_am_result]) rm -f confinc confmf ]) # Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_CC_C_O # -------------- # Like AC_PROG_CC_C_O, but changed for automake. AC_DEFUN([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC_C_O])dnl AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([compile])dnl # FIXME: we rely on the cache variable name because # there is no other way. set dummy $CC am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']` eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o if test "$am_t" != yes; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__CC in this case, # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" CC="$am_aux_dir/compile $CC" fi dnl Make sure AC_PROG_CC is never called again, or it will override our dnl setting of CC. m4_define([AC_PROG_CC], [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])]) ]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Copyright (C) 1997-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN]) $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) # AM_MISSING_HAS_RUN # ------------------ # Define MISSING if not defined so far and test if it is modern enough. # If it is, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then am_missing_run="$MISSING " else am_missing_run= AC_MSG_WARN(['missing' script is too old or missing]) fi ]) # Helper functions for option handling. -*- Autoconf -*- # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) # _AM_SET_OPTION(NAME) # -------------------- # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), [1])]) # _AM_SET_OPTIONS(OPTIONS) # ------------------------ # OPTIONS is a space-separated list of Automake options. AC_DEFUN([_AM_SET_OPTIONS], [m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) # Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # --------------------------------------------------------------------------- # Adds support for distributing Python modules and packages. To # install modules, copy them to $(pythondir), using the python_PYTHON # automake variable. To install a package with the same name as the # automake package, install to $(pkgpythondir), or use the # pkgpython_PYTHON automake variable. # # The variables $(pyexecdir) and $(pkgpyexecdir) are provided as # locations to install python extension modules (shared libraries). # Another macro is required to find the appropriate flags to compile # extension modules. # # If your package is configured with a different prefix to python, # users will have to add the install directory to the PYTHONPATH # environment variable, or create a .pth file (see the python # documentation for details). # # If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will # cause an error if the version of python installed on the system # doesn't meet the requirement. MINIMUM-VERSION should consist of # numbers and dots only. AC_DEFUN([AM_PATH_PYTHON], [ dnl Find a Python interpreter. Python versions prior to 2.0 are not dnl supported. (2.0 was released on October 16, 2000). m4_define_default([_AM_PYTHON_INTERPRETER_LIST], [python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 dnl python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0]) AC_ARG_VAR([PYTHON], [the Python interpreter]) m4_if([$1],[],[ dnl No version check is needed. # Find any Python interpreter. if test -z "$PYTHON"; then AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :) fi am_display_PYTHON=python ], [ dnl A version check is needed. if test -n "$PYTHON"; then # If the user set $PYTHON, use it and don't search something else. AC_MSG_CHECKING([whether $PYTHON version is >= $1]) AM_PYTHON_CHECK_VERSION([$PYTHON], [$1], [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]) AC_MSG_ERROR([Python interpreter is too old])]) am_display_PYTHON=$PYTHON else # Otherwise, try each interpreter until we find one that satisfies # VERSION. AC_CACHE_CHECK([for a Python interpreter with version >= $1], [am_cv_pathless_PYTHON],[ for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do test "$am_cv_pathless_PYTHON" = none && break AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break]) done]) # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. if test "$am_cv_pathless_PYTHON" = none; then PYTHON=: else AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON]) fi am_display_PYTHON=$am_cv_pathless_PYTHON fi ]) if test "$PYTHON" = :; then dnl Run any user-specified action, or abort. m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])]) else dnl Query Python for its version number. Getting [:3] seems to be dnl the best way to do this; it's what "site.py" does in the standard dnl library. AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version], [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`]) AC_SUBST([PYTHON_VERSION], [$am_cv_python_version]) dnl Use the values of $prefix and $exec_prefix for the corresponding dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made dnl distinct variables so they can be overridden if need be. However, dnl general consensus is that you shouldn't need this ability. AC_SUBST([PYTHON_PREFIX], ['${prefix}']) AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}']) dnl At times (like when building shared libraries) you may want dnl to know which OS platform Python thinks this is. AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform], [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) # Just factor out some code duplication. am_python_setup_sysconfig="\ import sys # Prefer sysconfig over distutils.sysconfig, for better compatibility # with python 3.x. See automake bug#10227. try: import sysconfig except ImportError: can_use_sysconfig = 0 else: can_use_sysconfig = 1 # Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: # try: from platform import python_implementation if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7': can_use_sysconfig = 0 except ImportError: pass" dnl Set up 4 directories: dnl pythondir -- where to install python scripts. This is the dnl site-packages directory, not the python standard library dnl directory like in previous automake betas. This behavior dnl is more consistent with lispdir.m4 for example. dnl Query distutils for this directory. AC_CACHE_CHECK([for $am_display_PYTHON script directory], [am_cv_python_pythondir], [if test "x$prefix" = xNONE then am_py_prefix=$ac_default_prefix else am_py_prefix=$prefix fi am_cv_python_pythondir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') sys.stdout.write(sitedir)"` case $am_cv_python_pythondir in $am_py_prefix*) am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` ;; *) case $am_py_prefix in /usr|/System*) ;; *) am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac ]) AC_SUBST([pythondir], [$am_cv_python_pythondir]) dnl pkgpythondir -- $PACKAGE directory under pythondir. Was dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is dnl more consistent with the rest of automake. AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE]) dnl pyexecdir -- directory for installing python extension modules dnl (shared libraries) dnl Query distutils for this directory. AC_CACHE_CHECK([for $am_display_PYTHON extension module directory], [am_cv_python_pyexecdir], [if test "x$exec_prefix" = xNONE then am_py_exec_prefix=$am_py_prefix else am_py_exec_prefix=$exec_prefix fi am_cv_python_pyexecdir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') sys.stdout.write(sitedir)"` case $am_cv_python_pyexecdir in $am_py_exec_prefix*) am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` ;; *) case $am_py_exec_prefix in /usr|/System*) ;; *) am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac ]) AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir]) dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE) AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE]) dnl Run any user-specified action. $2 fi ]) # AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) # --------------------------------------------------------------------------- # Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION. # Run ACTION-IF-FALSE otherwise. # This test uses sys.hexversion instead of the string equivalent (first # word of sys.version), in order to cope with versions such as 2.2c1. # This supports Python 2.0 or higher. (2.0 was released on October 16, 2000). AC_DEFUN([AM_PYTHON_CHECK_VERSION], [prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. # map returns an iterator in Python 3.0 and a list in 2.x minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]] minverhex = 0 # xrange is not present in Python 3.0 and range returns an iterator for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] sys.exit(sys.hexversion < minverhex)" AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_RUN_LOG(COMMAND) # ------------------- # Run COMMAND, save the exit status in ac_status, and log it. # (This has been adapted from Autoconf's _AC_RUN_LOG macro.) AC_DEFUN([AM_RUN_LOG], [{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD (exit $ac_status); }]) # Check to make sure that the build environment is sane. -*- Autoconf -*- # Copyright (C) 1996-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[[\\\"\#\$\&\'\`$am_lf]]*) AC_MSG_ERROR([unsafe absolute working directory name]);; esac case $srcdir in *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);; esac # Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( am_has_slept=no for am_try in 1 2; do echo "timestamp, slept: $am_has_slept" > conftest.file set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$[*]" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi if test "$[*]" != "X $srcdir/configure conftest.file" \ && test "$[*]" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken alias in your environment]) fi if test "$[2]" = conftest.file || test $am_try -eq 2; then break fi # Just in case. sleep 1 am_has_slept=yes done test "$[2]" = conftest.file ) then # Ok. : else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi AC_MSG_RESULT([yes]) # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= if grep 'slept: no' conftest.file >/dev/null 2>&1; then ( sleep 1 ) & am_sleep_pid=$! fi AC_CONFIG_COMMANDS_PRE( [AC_MSG_CHECKING([that generated files are newer than configure]) if test -n "$am_sleep_pid"; then # Hide warnings about reused PIDs. wait $am_sleep_pid 2>/dev/null fi AC_MSG_RESULT([done])]) rm -f conftest.file ]) # Copyright (C) 2009-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_SILENT_RULES([DEFAULT]) # -------------------------- # Enable less verbose build rules; with the default set to DEFAULT # ("yes" being less verbose, "no" or empty being verbose). AC_DEFUN([AM_SILENT_RULES], [AC_ARG_ENABLE([silent-rules], [dnl AS_HELP_STRING( [--enable-silent-rules], [less verbose build output (undo: "make V=1")]) AS_HELP_STRING( [--disable-silent-rules], [verbose build output (undo: "make V=0")])dnl ]) case $enable_silent_rules in @%:@ ((( yes) AM_DEFAULT_VERBOSITY=0;; no) AM_DEFAULT_VERBOSITY=1;; *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; esac dnl dnl A few 'make' implementations (e.g., NonStop OS and NextStep) dnl do not support nested variable expansions. dnl See automake bug#9928 and bug#10237. am_make=${MAKE-make} AC_CACHE_CHECK([whether $am_make supports nested variables], [am_cv_make_support_nested_variables], [if AS_ECHO([['TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 am__doit: @$(TRUE) .PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then am_cv_make_support_nested_variables=yes else am_cv_make_support_nested_variables=no fi]) if test $am_cv_make_support_nested_variables = yes; then dnl Using '$V' instead of '$(V)' breaks IRIX make. AM_V='$(V)' AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' else AM_V=$AM_DEFAULT_VERBOSITY AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY fi AC_SUBST([AM_V])dnl AM_SUBST_NOTMAKE([AM_V])dnl AC_SUBST([AM_DEFAULT_V])dnl AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl AC_SUBST([AM_DEFAULT_VERBOSITY])dnl AM_BACKSLASH='\' AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_STRIP # --------------------- # One issue with vendor 'install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we # always use install-sh in "make install-strip", and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl # Installed binaries are usually stripped using 'strip' when the user # run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the 'STRIP' environment variable to overrule this program. dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) # Copyright (C) 2006-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) # AM_SUBST_NOTMAKE(VARIABLE) # -------------------------- # Public sister of _AM_SUBST_NOTMAKE. AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. # FORMAT should be one of 'v7', 'ustar', or 'pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory # $tardir. # tardir=directory && $(am__tar) > result.tar # # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar # AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AC_SUBST([AMTAR], ['$${TAR-tar}']) # We'll loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' m4_if([$1], [v7], [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], [m4_case([$1], [ustar], [# The POSIX 1988 'ustar' format is defined with fixed-size fields. # There is notably a 21 bits limit for the UID and the GID. In fact, # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 # and bug#13588). am_max_uid=2097151 # 2^21 - 1 am_max_gid=$am_max_uid # The $UID and $GID variables are not portable, so we need to resort # to the POSIX-mandated id(1) utility. Errors in the 'id' calls # below are definitely unexpected, so allow the users to see them # (that is, avoid stderr redirection). am_uid=`id -u || echo unknown` am_gid=`id -g || echo unknown` AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) if test $am_uid -le $am_max_uid; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) _am_tools=none fi AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) if test $am_gid -le $am_max_gid; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) _am_tools=none fi], [pax], [], [m4_fatal([Unknown tar format])]) AC_MSG_CHECKING([how to create a $1 tar archive]) # Go ahead even if we have the value already cached. We do so because we # need to set the values for the 'am__tar' and 'am__untar' variables. _am_tools=${am_cv_prog_tar_$1-$_am_tools} for _am_tool in $_am_tools; do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do AM_RUN_LOG([$_am_tar --version]) && break done am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x $1 -w "$$tardir"' am__tar_='pax -L -x $1 -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H $1 -L' am__tar_='find "$tardir" -print | cpio -o -H $1 -L' am__untar='cpio -i -H $1 -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_$1}" && break # tar/untar a dummy directory, and stop if the command works. rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) rm -rf conftest.dir if test -s conftest.tar; then AM_RUN_LOG([$am__untar /dev/null 2>&1 && break fi done rm -rf conftest.dir AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) AC_MSG_RESULT([$am_cv_prog_tar_$1])]) AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR m4_include([m4/gettext.m4]) m4_include([m4/iconv.m4]) m4_include([m4/lib-ld.m4]) m4_include([m4/lib-link.m4]) m4_include([m4/lib-prefix.m4]) m4_include([m4/libtool.m4]) m4_include([m4/ltoptions.m4]) m4_include([m4/ltsugar.m4]) m4_include([m4/ltversion.m4]) m4_include([m4/lt~obsolete.m4]) m4_include([m4/nls.m4]) m4_include([m4/po.m4]) m4_include([m4/progtest.m4]) sssd-1.11.5/PaxHeaders.13173/m40000644000000000000000000000013112320753502014007 xustar000000000000000029 mtime=1396954946.29288627 30 atime=1396955003.533843848 30 ctime=1396954961.403875136 sssd-1.11.5/m4/0000775002412700241270000000000012320753502014314 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/m4/PaxHeaders.13173/uintmax_t.m40000644000000000000000000000013112320753475016347 xustar000000000000000030 mtime=1396954941.974889443 29 atime=1396954943.17688856 30 ctime=1396954961.401875137 sssd-1.11.5/m4/uintmax_t.m40000644002412700241270000000235012320753475016575 0ustar00jhrozekjhrozek00000000000000# uintmax_t.m4 serial 7 (gettext-0.12) dnl Copyright (C) 1997-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Paul Eggert. AC_PREREQ(2.13) # Define uintmax_t to 'unsigned long' or 'unsigned long long' # if it is not already defined in or . AC_DEFUN([jm_AC_TYPE_UINTMAX_T], [ AC_REQUIRE([jm_AC_HEADER_INTTYPES_H]) AC_REQUIRE([jm_AC_HEADER_STDINT_H]) if test $jm_ac_cv_header_inttypes_h = no && test $jm_ac_cv_header_stdint_h = no; then AC_REQUIRE([jm_AC_TYPE_UNSIGNED_LONG_LONG]) test $ac_cv_type_unsigned_long_long = yes \ && ac_type='unsigned long long' \ || ac_type='unsigned long' AC_DEFINE_UNQUOTED(uintmax_t, $ac_type, [Define to unsigned long or unsigned long long if and don't define.]) else AC_DEFINE(HAVE_UINTMAX_T, 1, [Define if you have the 'uintmax_t' type in or .]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/wchar_t.m40000644000000000000000000000013112320753475015766 xustar000000000000000030 mtime=1396954941.990889431 29 atime=1396954943.17688856 30 ctime=1396954961.401875137 sssd-1.11.5/m4/wchar_t.m40000644002412700241270000000155312320753475016220 0ustar00jhrozekjhrozek00000000000000# wchar_t.m4 serial 1 (gettext-0.12) dnl Copyright (C) 2002-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. dnl Test whether has the 'wchar_t' type. dnl Prerequisite: AC_PROG_CC AC_DEFUN([gt_TYPE_WCHAR_T], [ AC_CACHE_CHECK([for wchar_t], gt_cv_c_wchar_t, [AC_TRY_COMPILE([#include wchar_t foo = (wchar_t)'\0';], , gt_cv_c_wchar_t=yes, gt_cv_c_wchar_t=no)]) if test $gt_cv_c_wchar_t = yes; then AC_DEFINE(HAVE_WCHAR_T, 1, [Define if you have the 'wchar_t' type.]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/ltsugar.m40000644000000000000000000000013212320753502016010 xustar000000000000000030 mtime=1396954946.185886349 30 atime=1396954946.403886188 30 ctime=1396954961.401875137 sssd-1.11.5/m4/ltsugar.m40000644002412700241270000001042412320753502016236 0ustar00jhrozekjhrozek00000000000000# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- # # Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 6 ltsugar.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) # lt_join(SEP, ARG1, [ARG2...]) # ----------------------------- # Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their # associated separator. # Needed until we can rely on m4_join from Autoconf 2.62, since all earlier # versions in m4sugar had bugs. m4_define([lt_join], [m4_if([$#], [1], [], [$#], [2], [[$2]], [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) m4_define([_lt_join], [m4_if([$#$2], [2], [], [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) # lt_car(LIST) # lt_cdr(LIST) # ------------ # Manipulate m4 lists. # These macros are necessary as long as will still need to support # Autoconf-2.59 which quotes differently. m4_define([lt_car], [[$1]]) m4_define([lt_cdr], [m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], [$#], 1, [], [m4_dquote(m4_shift($@))])]) m4_define([lt_unquote], $1) # lt_append(MACRO-NAME, STRING, [SEPARATOR]) # ------------------------------------------ # Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'. # Note that neither SEPARATOR nor STRING are expanded; they are appended # to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). # No SEPARATOR is output if MACRO-NAME was previously undefined (different # than defined and empty). # # This macro is needed until we can rely on Autoconf 2.62, since earlier # versions of m4sugar mistakenly expanded SEPARATOR but not STRING. m4_define([lt_append], [m4_define([$1], m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) # lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) # ---------------------------------------------------------- # Produce a SEP delimited list of all paired combinations of elements of # PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list # has the form PREFIXmINFIXSUFFIXn. # Needed until we can rely on m4_combine added in Autoconf 2.62. m4_define([lt_combine], [m4_if(m4_eval([$# > 3]), [1], [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl [[m4_foreach([_Lt_prefix], [$2], [m4_foreach([_Lt_suffix], ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) # lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) # ----------------------------------------------------------------------- # Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited # by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. m4_define([lt_if_append_uniq], [m4_ifdef([$1], [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], [lt_append([$1], [$2], [$3])$4], [$5])], [lt_append([$1], [$2], [$3])$4])]) # lt_dict_add(DICT, KEY, VALUE) # ----------------------------- m4_define([lt_dict_add], [m4_define([$1($2)], [$3])]) # lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) # -------------------------------------------- m4_define([lt_dict_add_subkey], [m4_define([$1($2:$3)], [$4])]) # lt_dict_fetch(DICT, KEY, [SUBKEY]) # ---------------------------------- m4_define([lt_dict_fetch], [m4_ifval([$3], m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) # lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) # ----------------------------------------------------------------- m4_define([lt_if_dict_fetch], [m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], [$5], [$6])]) # lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) # -------------------------------------------------------------- m4_define([lt_dict_filter], [m4_if([$5], [], [], [lt_join(m4_quote(m4_default([$4], [[, ]])), lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl ]) sssd-1.11.5/m4/PaxHeaders.13173/ltversion.m40000644000000000000000000000013112320753502016353 xustar000000000000000029 mtime=1396954946.23888631 30 atime=1396954946.403886188 30 ctime=1396954961.401875137 sssd-1.11.5/m4/ltversion.m40000644002412700241270000000126212320753502016602 0ustar00jhrozekjhrozek00000000000000# ltversion.m4 -- version numbers -*- Autoconf -*- # # Copyright (C) 2004 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # @configure_input@ # serial 3337 ltversion.m4 # This file is part of GNU Libtool m4_define([LT_PACKAGE_VERSION], [2.4.2]) m4_define([LT_PACKAGE_REVISION], [1.3337]) AC_DEFUN([LTVERSION_VERSION], [macro_version='2.4.2' macro_revision='1.3337' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) sssd-1.11.5/m4/PaxHeaders.13173/libtool.m40000644000000000000000000000013212320753502015773 xustar000000000000000030 mtime=1396954946.079886426 30 atime=1396954946.406886186 30 ctime=1396954961.401875137 sssd-1.11.5/m4/libtool.m40000644002412700241270000105756412320753502016242 0ustar00jhrozekjhrozek00000000000000# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. m4_define([_LT_COPYING], [dnl # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. # # GNU Libtool is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, or # obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ]) # serial 57 LT_INIT # LT_PREREQ(VERSION) # ------------------ # Complain and exit if this libtool version is less that VERSION. m4_defun([LT_PREREQ], [m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, [m4_default([$3], [m4_fatal([Libtool version $1 or higher is required], 63)])], [$2])]) # _LT_CHECK_BUILDDIR # ------------------ # Complain if the absolute build directory name contains unusual characters m4_defun([_LT_CHECK_BUILDDIR], [case `pwd` in *\ * | *\ *) AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; esac ]) # LT_INIT([OPTIONS]) # ------------------ AC_DEFUN([LT_INIT], [AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl AC_BEFORE([$0], [LT_LANG])dnl AC_BEFORE([$0], [LT_OUTPUT])dnl AC_BEFORE([$0], [LTDL_INIT])dnl m4_require([_LT_CHECK_BUILDDIR])dnl dnl Autoconf doesn't catch unexpanded LT_ macros by default: m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 dnl unless we require an AC_DEFUNed macro: AC_REQUIRE([LTOPTIONS_VERSION])dnl AC_REQUIRE([LTSUGAR_VERSION])dnl AC_REQUIRE([LTVERSION_VERSION])dnl AC_REQUIRE([LTOBSOLETE_VERSION])dnl m4_require([_LT_PROG_LTMAIN])dnl _LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}]) dnl Parse OPTIONS _LT_SET_OPTIONS([$0], [$1]) # This can be used to rebuild libtool when needed LIBTOOL_DEPS="$ltmain" # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' AC_SUBST(LIBTOOL)dnl _LT_SETUP # Only expand once: m4_define([LT_INIT]) ])# LT_INIT # Old names: AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_PROG_LIBTOOL], []) dnl AC_DEFUN([AM_PROG_LIBTOOL], []) # _LT_CC_BASENAME(CC) # ------------------- # Calculate cc_basename. Skip known compiler wrappers and cross-prefix. m4_defun([_LT_CC_BASENAME], [for cc_temp in $1""; do case $cc_temp in compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` ]) # _LT_FILEUTILS_DEFAULTS # ---------------------- # It is okay to use these file commands and assume they have been set # sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'. m4_defun([_LT_FILEUTILS_DEFAULTS], [: ${CP="cp -f"} : ${MV="mv -f"} : ${RM="rm -f"} ])# _LT_FILEUTILS_DEFAULTS # _LT_SETUP # --------- m4_defun([_LT_SETUP], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl _LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl dnl _LT_DECL([], [host_alias], [0], [The host system])dnl _LT_DECL([], [host], [0])dnl _LT_DECL([], [host_os], [0])dnl dnl _LT_DECL([], [build_alias], [0], [The build system])dnl _LT_DECL([], [build], [0])dnl _LT_DECL([], [build_os], [0])dnl dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([LT_PATH_LD])dnl AC_REQUIRE([LT_PATH_NM])dnl dnl AC_REQUIRE([AC_PROG_LN_S])dnl test -z "$LN_S" && LN_S="ln -s" _LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl dnl AC_REQUIRE([LT_CMD_MAX_LEN])dnl _LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl _LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_CHECK_SHELL_FEATURES])dnl m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl m4_require([_LT_CMD_RELOAD])dnl m4_require([_LT_CHECK_MAGIC_METHOD])dnl m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl m4_require([_LT_CMD_OLD_ARCHIVE])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl m4_require([_LT_WITH_SYSROOT])dnl _LT_CONFIG_LIBTOOL_INIT([ # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes INIT. if test -n "\${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi ]) if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi _LT_CHECK_OBJDIR m4_require([_LT_TAG_COMPILER])dnl case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Global variables: ofile=libtool can_build_shared=yes # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a with_gnu_ld="$lt_cv_prog_gnu_ld" old_CC="$CC" old_CFLAGS="$CFLAGS" # Set sane defaults for various variables test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o _LT_CC_BASENAME([$compiler]) # Only perform the check for file, if the check method requires it test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then _LT_PATH_MAGIC fi ;; esac # Use C for the default configuration in the libtool script LT_SUPPORTED_TAG([CC]) _LT_LANG_C_CONFIG _LT_LANG_DEFAULT_CONFIG _LT_CONFIG_COMMANDS ])# _LT_SETUP # _LT_PREPARE_SED_QUOTE_VARS # -------------------------- # Define a few sed substitution that help us do robust quoting. m4_defun([_LT_PREPARE_SED_QUOTE_VARS], [# Backslashify metacharacters that are still active within # double-quoted strings. sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\([["`\\]]\)/\\\1/g' # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # Sed substitution to delay expansion of an escaped single quote. delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' # Sed substitution to avoid accidental globbing in evaled expressions no_glob_subst='s/\*/\\\*/g' ]) # _LT_PROG_LTMAIN # --------------- # Note that this code is called both from `configure', and `config.status' # now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, # `config.status' has no value for ac_aux_dir unless we are using Automake, # so we pass a copy along to make sure it has a sensible value anyway. m4_defun([_LT_PROG_LTMAIN], [m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl _LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) ltmain="$ac_aux_dir/ltmain.sh" ])# _LT_PROG_LTMAIN ## ------------------------------------- ## ## Accumulate code for creating libtool. ## ## ------------------------------------- ## # So that we can recreate a full libtool script including additional # tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS # in macros and then make a single call at the end using the `libtool' # label. # _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) # ---------------------------------------- # Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. m4_define([_LT_CONFIG_LIBTOOL_INIT], [m4_ifval([$1], [m4_append([_LT_OUTPUT_LIBTOOL_INIT], [$1 ])])]) # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_INIT]) # _LT_CONFIG_LIBTOOL([COMMANDS]) # ------------------------------ # Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. m4_define([_LT_CONFIG_LIBTOOL], [m4_ifval([$1], [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], [$1 ])])]) # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) # _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) # ----------------------------------------------------- m4_defun([_LT_CONFIG_SAVE_COMMANDS], [_LT_CONFIG_LIBTOOL([$1]) _LT_CONFIG_LIBTOOL_INIT([$2]) ]) # _LT_FORMAT_COMMENT([COMMENT]) # ----------------------------- # Add leading comment marks to the start of each line, and a trailing # full-stop to the whole comment if one is not present already. m4_define([_LT_FORMAT_COMMENT], [m4_ifval([$1], [ m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) )]) ## ------------------------ ## ## FIXME: Eliminate VARNAME ## ## ------------------------ ## # _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) # ------------------------------------------------------------------- # CONFIGNAME is the name given to the value in the libtool script. # VARNAME is the (base) name used in the configure script. # VALUE may be 0, 1 or 2 for a computed quote escaped value based on # VARNAME. Any other value will be used directly. m4_define([_LT_DECL], [lt_if_append_uniq([lt_decl_varnames], [$2], [, ], [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], [m4_ifval([$1], [$1], [$2])]) lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) m4_ifval([$4], [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) lt_dict_add_subkey([lt_decl_dict], [$2], [tagged?], [m4_ifval([$5], [yes], [no])])]) ]) # _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) # -------------------------------------------------------- m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) # lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) # ------------------------------------------------ m4_define([lt_decl_tag_varnames], [_lt_decl_filter([tagged?], [yes], $@)]) # _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) # --------------------------------------------------------- m4_define([_lt_decl_filter], [m4_case([$#], [0], [m4_fatal([$0: too few arguments: $#])], [1], [m4_fatal([$0: too few arguments: $#: $1])], [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], [lt_dict_filter([lt_decl_dict], $@)])[]dnl ]) # lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) # -------------------------------------------------- m4_define([lt_decl_quote_varnames], [_lt_decl_filter([value], [1], $@)]) # lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) # --------------------------------------------------- m4_define([lt_decl_dquote_varnames], [_lt_decl_filter([value], [2], $@)]) # lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) # --------------------------------------------------- m4_define([lt_decl_varnames_tagged], [m4_assert([$# <= 2])dnl _$0(m4_quote(m4_default([$1], [[, ]])), m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) m4_define([_lt_decl_varnames_tagged], [m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) # lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) # ------------------------------------------------ m4_define([lt_decl_all_varnames], [_$0(m4_quote(m4_default([$1], [[, ]])), m4_if([$2], [], m4_quote(lt_decl_varnames), m4_quote(m4_shift($@))))[]dnl ]) m4_define([_lt_decl_all_varnames], [lt_join($@, lt_decl_varnames_tagged([$1], lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl ]) # _LT_CONFIG_STATUS_DECLARE([VARNAME]) # ------------------------------------ # Quote a variable value, and forward it to `config.status' so that its # declaration there will have the same value as in `configure'. VARNAME # must have a single quote delimited value for this to work. m4_define([_LT_CONFIG_STATUS_DECLARE], [$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) # _LT_CONFIG_STATUS_DECLARATIONS # ------------------------------ # We delimit libtool config variables with single quotes, so when # we write them to config.status, we have to be sure to quote all # embedded single quotes properly. In configure, this macro expands # each variable declared with _LT_DECL (and _LT_TAGDECL) into: # # ='`$ECHO "$" | $SED "$delay_single_quote_subst"`' m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], [m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) # _LT_LIBTOOL_TAGS # ---------------- # Output comment and list of tags supported by the script m4_defun([_LT_LIBTOOL_TAGS], [_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl available_tags="_LT_TAGS"dnl ]) # _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) # ----------------------------------- # Extract the dictionary values for VARNAME (optionally with TAG) and # expand to a commented shell variable setting: # # # Some comment about what VAR is for. # visible_name=$lt_internal_name m4_define([_LT_LIBTOOL_DECLARE], [_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [description])))[]dnl m4_pushdef([_libtool_name], m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), [0], [_libtool_name=[$]$1], [1], [_libtool_name=$lt_[]$1], [2], [_libtool_name=$lt_[]$1], [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl ]) # _LT_LIBTOOL_CONFIG_VARS # ----------------------- # Produce commented declarations of non-tagged libtool config variables # suitable for insertion in the LIBTOOL CONFIG section of the `libtool' # script. Tagged libtool config variables (even for the LIBTOOL CONFIG # section) are produced by _LT_LIBTOOL_TAG_VARS. m4_defun([_LT_LIBTOOL_CONFIG_VARS], [m4_foreach([_lt_var], m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) # _LT_LIBTOOL_TAG_VARS(TAG) # ------------------------- m4_define([_LT_LIBTOOL_TAG_VARS], [m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) # _LT_TAGVAR(VARNAME, [TAGNAME]) # ------------------------------ m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) # _LT_CONFIG_COMMANDS # ------------------- # Send accumulated output to $CONFIG_STATUS. Thanks to the lists of # variables for single and double quote escaping we saved from calls # to _LT_DECL, we can put quote escaped variables declarations # into `config.status', and then the shell code to quote escape them in # for loops in `config.status'. Finally, any additional code accumulated # from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. m4_defun([_LT_CONFIG_COMMANDS], [AC_PROVIDE_IFELSE([LT_OUTPUT], dnl If the libtool generation code has been placed in $CONFIG_LT, dnl instead of duplicating it all over again into config.status, dnl then we will have config.status run $CONFIG_LT later, so it dnl needs to know what name is stored there: [AC_CONFIG_COMMANDS([libtool], [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], dnl If the libtool generation code is destined for config.status, dnl expand the accumulated commands and init code now: [AC_CONFIG_COMMANDS([libtool], [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) ])#_LT_CONFIG_COMMANDS # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], [ # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH sed_quote_subst='$sed_quote_subst' double_quote_subst='$double_quote_subst' delay_variable_subst='$delay_variable_subst' _LT_CONFIG_STATUS_DECLARATIONS LTCC='$LTCC' LTCFLAGS='$LTCFLAGS' compiler='$compiler_DEFAULT' # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF \$[]1 _LTECHO_EOF' } # Quote evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_quote_varnames); do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done # Double-quote double-evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_dquote_varnames); do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[[\\\\\\\`\\"\\\$]]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done _LT_OUTPUT_LIBTOOL_INIT ]) # _LT_GENERATED_FILE_INIT(FILE, [COMMENT]) # ------------------------------------ # Generate a child script FILE with all initialization necessary to # reuse the environment learned by the parent script, and make the # file executable. If COMMENT is supplied, it is inserted after the # `#!' sequence but before initialization text begins. After this # macro, additional text can be appended to FILE to form the body of # the child script. The macro ends with non-zero status if the # file could not be fully written (such as if the disk is full). m4_ifdef([AS_INIT_GENERATED], [m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])], [m4_defun([_LT_GENERATED_FILE_INIT], [m4_require([AS_PREPARE])]dnl [m4_pushdef([AS_MESSAGE_LOG_FD])]dnl [lt_write_fail=0 cat >$1 <<_ASEOF || lt_write_fail=1 #! $SHELL # Generated by $as_me. $2 SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$1 <<\_ASEOF || lt_write_fail=1 AS_SHELL_SANITIZE _AS_PREPARE exec AS_MESSAGE_FD>&1 _ASEOF test $lt_write_fail = 0 && chmod +x $1[]dnl m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT # LT_OUTPUT # --------- # This macro allows early generation of the libtool script (before # AC_OUTPUT is called), incase it is used in configure for compilation # tests. AC_DEFUN([LT_OUTPUT], [: ${CONFIG_LT=./config.lt} AC_MSG_NOTICE([creating $CONFIG_LT]) _LT_GENERATED_FILE_INIT(["$CONFIG_LT"], [# Run this file to recreate a libtool stub with the current configuration.]) cat >>"$CONFIG_LT" <<\_LTEOF lt_cl_silent=false exec AS_MESSAGE_LOG_FD>>config.log { echo AS_BOX([Running $as_me.]) } >&AS_MESSAGE_LOG_FD lt_cl_help="\ \`$as_me' creates a local libtool stub from the current configuration, for use in further configure time tests before the real libtool is generated. Usage: $[0] [[OPTIONS]] -h, --help print this help, then exit -V, --version print version number, then exit -q, --quiet do not print progress messages -d, --debug don't remove temporary files Report bugs to ." lt_cl_version="\ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) configured by $[0], generated by m4_PACKAGE_STRING. Copyright (C) 2011 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." while test $[#] != 0 do case $[1] in --version | --v* | -V ) echo "$lt_cl_version"; exit 0 ;; --help | --h* | -h ) echo "$lt_cl_help"; exit 0 ;; --debug | --d* | -d ) debug=: ;; --quiet | --q* | --silent | --s* | -q ) lt_cl_silent=: ;; -*) AC_MSG_ERROR([unrecognized option: $[1] Try \`$[0] --help' for more information.]) ;; *) AC_MSG_ERROR([unrecognized argument: $[1] Try \`$[0] --help' for more information.]) ;; esac shift done if $lt_cl_silent; then exec AS_MESSAGE_FD>/dev/null fi _LTEOF cat >>"$CONFIG_LT" <<_LTEOF _LT_OUTPUT_LIBTOOL_COMMANDS_INIT _LTEOF cat >>"$CONFIG_LT" <<\_LTEOF AC_MSG_NOTICE([creating $ofile]) _LT_OUTPUT_LIBTOOL_COMMANDS AS_EXIT(0) _LTEOF chmod +x "$CONFIG_LT" # configure is writing to config.log, but config.lt does its own redirection, # appending to config.log, which fails on DOS, as config.log is still kept # open by configure. Here we exec the FD to /dev/null, effectively closing # config.log, so it can be properly (re)opened and appended to by config.lt. lt_cl_success=: test "$silent" = yes && lt_config_lt_args="$lt_config_lt_args --quiet" exec AS_MESSAGE_LOG_FD>/dev/null $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false exec AS_MESSAGE_LOG_FD>>config.log $lt_cl_success || AS_EXIT(1) ])# LT_OUTPUT # _LT_CONFIG(TAG) # --------------- # If TAG is the built-in tag, create an initial libtool script with a # default configuration from the untagged config vars. Otherwise add code # to config.status for appending the configuration named by TAG from the # matching tagged config vars. m4_defun([_LT_CONFIG], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl _LT_CONFIG_SAVE_COMMANDS([ m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl m4_if(_LT_TAG, [C], [ # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi cfgfile="${ofile}T" trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL # `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # _LT_COPYING _LT_LIBTOOL_TAGS # ### BEGIN LIBTOOL CONFIG _LT_LIBTOOL_CONFIG_VARS _LT_LIBTOOL_TAG_VARS # ### END LIBTOOL CONFIG _LT_EOF case $host_os in aix3*) cat <<\_LT_EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi _LT_EOF ;; esac _LT_PROG_LTMAIN # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? sed '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) _LT_PROG_REPLACE_SHELLFNS mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" ], [cat <<_LT_EOF >> "$ofile" dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded dnl in a comment (ie after a #). # ### BEGIN LIBTOOL TAG CONFIG: $1 _LT_LIBTOOL_TAG_VARS(_LT_TAG) # ### END LIBTOOL TAG CONFIG: $1 _LT_EOF ])dnl /m4_if ], [m4_if([$1], [], [ PACKAGE='$PACKAGE' VERSION='$VERSION' TIMESTAMP='$TIMESTAMP' RM='$RM' ofile='$ofile'], []) ])dnl /_LT_CONFIG_SAVE_COMMANDS ])# _LT_CONFIG # LT_SUPPORTED_TAG(TAG) # --------------------- # Trace this macro to discover what tags are supported by the libtool # --tag option, using: # autoconf --trace 'LT_SUPPORTED_TAG:$1' AC_DEFUN([LT_SUPPORTED_TAG], []) # C support is built-in for now m4_define([_LT_LANG_C_enabled], []) m4_define([_LT_TAGS], []) # LT_LANG(LANG) # ------------- # Enable libtool support for the given language if not already enabled. AC_DEFUN([LT_LANG], [AC_BEFORE([$0], [LT_OUTPUT])dnl m4_case([$1], [C], [_LT_LANG(C)], [C++], [_LT_LANG(CXX)], [Go], [_LT_LANG(GO)], [Java], [_LT_LANG(GCJ)], [Fortran 77], [_LT_LANG(F77)], [Fortran], [_LT_LANG(FC)], [Windows Resource], [_LT_LANG(RC)], [m4_ifdef([_LT_LANG_]$1[_CONFIG], [_LT_LANG($1)], [m4_fatal([$0: unsupported language: "$1"])])])dnl ])# LT_LANG # _LT_LANG(LANGNAME) # ------------------ m4_defun([_LT_LANG], [m4_ifdef([_LT_LANG_]$1[_enabled], [], [LT_SUPPORTED_TAG([$1])dnl m4_append([_LT_TAGS], [$1 ])dnl m4_define([_LT_LANG_]$1[_enabled], [])dnl _LT_LANG_$1_CONFIG($1)])dnl ])# _LT_LANG m4_ifndef([AC_PROG_GO], [ ############################################################ # NOTE: This macro has been submitted for inclusion into # # GNU Autoconf as AC_PROG_GO. When it is available in # # a released version of Autoconf we should remove this # # macro and use it instead. # ############################################################ m4_defun([AC_PROG_GO], [AC_LANG_PUSH(Go)dnl AC_ARG_VAR([GOC], [Go compiler command])dnl AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl _AC_ARG_VAR_LDFLAGS()dnl AC_CHECK_TOOL(GOC, gccgo) if test -z "$GOC"; then if test -n "$ac_tool_prefix"; then AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) fi fi if test -z "$GOC"; then AC_CHECK_PROG(GOC, gccgo, gccgo, false) fi ])#m4_defun ])#m4_ifndef # _LT_LANG_DEFAULT_CONFIG # ----------------------- m4_defun([_LT_LANG_DEFAULT_CONFIG], [AC_PROVIDE_IFELSE([AC_PROG_CXX], [LT_LANG(CXX)], [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) AC_PROVIDE_IFELSE([AC_PROG_F77], [LT_LANG(F77)], [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) AC_PROVIDE_IFELSE([AC_PROG_FC], [LT_LANG(FC)], [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal dnl pulling things in needlessly. AC_PROVIDE_IFELSE([AC_PROG_GCJ], [LT_LANG(GCJ)], [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], [LT_LANG(GCJ)], [AC_PROVIDE_IFELSE([LT_PROG_GCJ], [LT_LANG(GCJ)], [m4_ifdef([AC_PROG_GCJ], [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) m4_ifdef([A][M_PROG_GCJ], [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) m4_ifdef([LT_PROG_GCJ], [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) AC_PROVIDE_IFELSE([AC_PROG_GO], [LT_LANG(GO)], [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) AC_PROVIDE_IFELSE([LT_PROG_RC], [LT_LANG(RC)], [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) ])# _LT_LANG_DEFAULT_CONFIG # Obsolete macros: AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_CXX], []) dnl AC_DEFUN([AC_LIBTOOL_F77], []) dnl AC_DEFUN([AC_LIBTOOL_FC], []) dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) dnl AC_DEFUN([AC_LIBTOOL_RC], []) # _LT_TAG_COMPILER # ---------------- m4_defun([_LT_TAG_COMPILER], [AC_REQUIRE([AC_PROG_CC])dnl _LT_DECL([LTCC], [CC], [1], [A C compiler])dnl _LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl _LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl _LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC ])# _LT_TAG_COMPILER # _LT_COMPILER_BOILERPLATE # ------------------------ # Check for compiler boilerplate output or warnings with # the simple compiler test code. m4_defun([_LT_COMPILER_BOILERPLATE], [m4_require([_LT_DECL_SED])dnl ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $RM conftest* ])# _LT_COMPILER_BOILERPLATE # _LT_LINKER_BOILERPLATE # ---------------------- # Check for linker boilerplate output or warnings with # the simple link test code. m4_defun([_LT_LINKER_BOILERPLATE], [m4_require([_LT_DECL_SED])dnl ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $RM -r conftest* ])# _LT_LINKER_BOILERPLATE # _LT_REQUIRED_DARWIN_CHECKS # ------------------------- m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ case $host_os in rhapsody* | darwin*) AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) AC_CHECK_TOOL([LIPO], [lipo], [:]) AC_CHECK_TOOL([OTOOL], [otool], [:]) AC_CHECK_TOOL([OTOOL64], [otool64], [:]) _LT_DECL([], [DSYMUTIL], [1], [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) _LT_DECL([], [NMEDIT], [1], [Tool to change global to local symbols on Mac OS X]) _LT_DECL([], [LIPO], [1], [Tool to manipulate fat objects and archives on Mac OS X]) _LT_DECL([], [OTOOL], [1], [ldd/readelf like tool for Mach-O binaries on Mac OS X]) _LT_DECL([], [OTOOL64], [1], [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], [lt_cv_apple_cc_single_mod=no if test -z "${LT_MULTI_MODULE}"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the # link flags. rm -rf libconftest.dylib* echo "int foo(void){return 1;}" > conftest.c echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? # If there is a non-empty error log, and "single_module" # appears in it, assume the flag caused a linker warning if test -s conftest.err && $GREP single_module conftest.err; then cat conftest.err >&AS_MESSAGE_LOG_FD # Otherwise, if the output was created with a 0 exit code from # the compiler, it worked. elif test -f libconftest.dylib && test $_lt_result -eq 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&AS_MESSAGE_LOG_FD fi rm -rf libconftest.dylib* rm -f conftest.* fi]) AC_CACHE_CHECK([for -exported_symbols_list linker flag], [lt_cv_ld_exported_symbols_list], [lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [lt_cv_ld_exported_symbols_list=yes], [lt_cv_ld_exported_symbols_list=no]) LDFLAGS="$save_LDFLAGS" ]) AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], [lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD cat > conftest.c << _LT_EOF int main() { return 0;} _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? if test -s conftest.err && $GREP force_load conftest.err; then cat conftest.err >&AS_MESSAGE_LOG_FD elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then lt_cv_ld_force_load=yes else cat conftest.err >&AS_MESSAGE_LOG_FD fi rm -f conftest.err libconftest.a conftest conftest.c rm -rf conftest.dSYM ]) case $host_os in rhapsody* | darwin1.[[012]]) _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; 10.[[012]]*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; esac ;; esac if test "$lt_cv_apple_cc_single_mod" = "yes"; then _lt_dar_single_mod='$single_module' fi if test "$lt_cv_ld_exported_symbols_list" = "yes"; then _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' else _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' fi if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= fi ;; esac ]) # _LT_DARWIN_LINKER_FEATURES([TAG]) # --------------------------------- # Checks for linker and compiler features on darwin m4_defun([_LT_DARWIN_LINKER_FEATURES], [ m4_require([_LT_REQUIRED_DARWIN_CHECKS]) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported if test "$lt_cv_ld_force_load" = "yes"; then _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) else _LT_TAGVAR(whole_archive_flag_spec, $1)='' fi _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" case $cc_basename in ifort*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac if test "$_lt_dar_can_shared" = "yes"; then output_verbose_link_cmd=func_echo_all _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" m4_if([$1], [CXX], [ if test "$lt_cv_apple_cc_single_mod" != "yes"; then _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" fi ],[]) else _LT_TAGVAR(ld_shlibs, $1)=no fi ]) # _LT_SYS_MODULE_PATH_AIX([TAGNAME]) # ---------------------------------- # Links a minimal program and checks the executable # for the system default hardcoded library path. In most cases, # this is /usr/lib:/lib, but when the MPI compilers are used # the location of the communication and MPI libs are included too. # If we don't find anything, use the default library path according # to the aix ld manual. # Store the results from the different compilers for each TAGNAME. # Allow to override them for all tags through lt_cv_aix_libpath. m4_defun([_LT_SYS_MODULE_PATH_AIX], [m4_require([_LT_DECL_SED])dnl if test "${lt_cv_aix_libpath+set}" = set; then aix_libpath=$lt_cv_aix_libpath else AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])], [AC_LINK_IFELSE([AC_LANG_PROGRAM],[ lt_aix_libpath_sed='[ /Import File Strings/,/^$/ { /^0/ { s/^0 *\([^ ]*\) *$/\1/ p } }]' _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi],[]) if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then _LT_TAGVAR([lt_cv_aix_libpath_], [$1])="/usr/lib:/lib" fi ]) aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1]) fi ])# _LT_SYS_MODULE_PATH_AIX # _LT_SHELL_INIT(ARG) # ------------------- m4_define([_LT_SHELL_INIT], [m4_divert_text([M4SH-INIT], [$1 ])])# _LT_SHELL_INIT # _LT_PROG_ECHO_BACKSLASH # ----------------------- # Find how we can fake an echo command that does not interpret backslash. # In particular, with Autoconf 2.60 or later we add some code to the start # of the generated configure script which will find a shell with a builtin # printf (which we can use as an echo command). m4_defun([_LT_PROG_ECHO_BACKSLASH], [ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO AC_MSG_CHECKING([how to print strings]) # Test print first, because it will be a builtin if present. if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='print -r --' elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='printf %s\n' else # Use this function as a fallback that always works. func_fallback_echo () { eval 'cat <<_LTECHO_EOF $[]1 _LTECHO_EOF' } ECHO='func_fallback_echo' fi # func_echo_all arg... # Invoke $ECHO with all args, space-separated. func_echo_all () { $ECHO "$*" } case "$ECHO" in printf*) AC_MSG_RESULT([printf]) ;; print*) AC_MSG_RESULT([print -r]) ;; *) AC_MSG_RESULT([cat]) ;; esac m4_ifdef([_AS_DETECT_SUGGESTED], [_AS_DETECT_SUGGESTED([ test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || ( ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO PATH=/empty FPATH=/empty; export PATH FPATH test "X`printf %s $ECHO`" = "X$ECHO" \ || test "X`print -r -- $ECHO`" = "X$ECHO" )])]) _LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) _LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) ])# _LT_PROG_ECHO_BACKSLASH # _LT_WITH_SYSROOT # ---------------- AC_DEFUN([_LT_WITH_SYSROOT], [AC_MSG_CHECKING([for sysroot]) AC_ARG_WITH([sysroot], [ --with-sysroot[=DIR] Search for dependent libraries within DIR (or the compiler's sysroot if not specified).], [], [with_sysroot=no]) dnl lt_sysroot will always be passed unquoted. We quote it here dnl in case the user passed a directory name. lt_sysroot= case ${with_sysroot} in #( yes) if test "$GCC" = yes; then lt_sysroot=`$CC --print-sysroot 2>/dev/null` fi ;; #( /*) lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` ;; #( no|'') ;; #( *) AC_MSG_RESULT([${with_sysroot}]) AC_MSG_ERROR([The sysroot must be an absolute path.]) ;; esac AC_MSG_RESULT([${lt_sysroot:-no}]) _LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl [dependent libraries, and in which our libraries should be installed.])]) # _LT_ENABLE_LOCK # --------------- m4_defun([_LT_ENABLE_LOCK], [AC_ARG_ENABLE([libtool-lock], [AS_HELP_STRING([--disable-libtool-lock], [avoid locking (might break parallel builds)])]) test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE="32" ;; *ELF-64*) HPUX_IA64_MODE="64" ;; esac fi rm -rf conftest* ;; *-*-irix6*) # Find out which ABI we are using. echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; *N32*) LD="${LD-ld} -melf32bmipn32" ;; *64-bit*) LD="${LD-ld} -melf64bmip" ;; esac else case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi fi rm -rf conftest* ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; powerpc64le-*linux*) LD="${LD-ld} -m elf32lppclinux" ;; powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) LD="${LD-ld} -m elf_s390" ;; sparc64-*linux*) LD="${LD-ld} -m elf32_sparc" ;; esac ;; *64-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; powerpcle-*linux*) LD="${LD-ld} -m elf64lppc" ;; powerpc-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) LD="${LD-ld} -m elf64_s390" ;; sparc*-*linux*) LD="${LD-ld} -m elf64_sparc" ;; esac ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, [AC_LANG_PUSH(C) AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) AC_LANG_POP]) if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS="$SAVE_CFLAGS" fi ;; *-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) case $host in i?86-*-solaris*) LD="${LD-ld} -m elf_x86_64" ;; sparc*-*-solaris*) LD="${LD-ld} -m elf64_sparc" ;; esac # GNU ld 2.21 introduced _sol2 emulations. Use them if available. if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then LD="${LD-ld}_sol2" fi ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" fi ;; esac ;; esac fi rm -rf conftest* ;; esac need_locks="$enable_libtool_lock" ])# _LT_ENABLE_LOCK # _LT_PROG_AR # ----------- m4_defun([_LT_PROG_AR], [AC_CHECK_TOOLS(AR, [ar], false) : ${AR=ar} : ${AR_FLAGS=cru} _LT_DECL([], [AR], [1], [The archiver]) _LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], [lt_cv_ar_at_file=no AC_COMPILE_IFELSE([AC_LANG_PROGRAM], [echo conftest.$ac_objext > conftest.lst lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD' AC_TRY_EVAL([lt_ar_try]) if test "$ac_status" -eq 0; then # Ensure the archiver fails upon bogus file names. rm -f conftest.$ac_objext libconftest.a AC_TRY_EVAL([lt_ar_try]) if test "$ac_status" -ne 0; then lt_cv_ar_at_file=@ fi fi rm -f conftest.* libconftest.a ]) ]) if test "x$lt_cv_ar_at_file" = xno; then archiver_list_spec= else archiver_list_spec=$lt_cv_ar_at_file fi _LT_DECL([], [archiver_list_spec], [1], [How to feed a file listing to the archiver]) ])# _LT_PROG_AR # _LT_CMD_OLD_ARCHIVE # ------------------- m4_defun([_LT_CMD_OLD_ARCHIVE], [_LT_PROG_AR AC_CHECK_TOOL(STRIP, strip, :) test -z "$STRIP" && STRIP=: _LT_DECL([], [STRIP], [1], [A symbol stripping program]) AC_CHECK_TOOL(RANLIB, ranlib, :) test -z "$RANLIB" && RANLIB=: _LT_DECL([], [RANLIB], [1], [Commands used to install an old-style archive]) # Determine commands to create old-style static archives. old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in darwin*) lock_old_archive_extraction=yes ;; *) lock_old_archive_extraction=no ;; esac _LT_DECL([], [old_postinstall_cmds], [2]) _LT_DECL([], [old_postuninstall_cmds], [2]) _LT_TAGDECL([], [old_archive_cmds], [2], [Commands used to build an old-style archive]) _LT_DECL([], [lock_old_archive_extraction], [0], [Whether to use a lock for old archive extraction]) ])# _LT_CMD_OLD_ARCHIVE # _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, # [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) # ---------------------------------------------------------------- # Check whether the given compiler option works AC_DEFUN([_LT_COMPILER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$3" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&AS_MESSAGE_LOG_FD echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then $2=yes fi fi $RM conftest* ]) if test x"[$]$2" = xyes; then m4_if([$5], , :, [$5]) else m4_if([$6], , :, [$6]) fi ])# _LT_COMPILER_OPTION # Old name: AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) # _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, # [ACTION-SUCCESS], [ACTION-FAILURE]) # ---------------------------------------------------- # Check whether the given linker option works AC_DEFUN([_LT_LINKER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $3" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&AS_MESSAGE_LOG_FD $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then $2=yes fi else $2=yes fi fi $RM -r conftest* LDFLAGS="$save_LDFLAGS" ]) if test x"[$]$2" = xyes; then m4_if([$4], , :, [$4]) else m4_if([$5], , :, [$5]) fi ])# _LT_LINKER_OPTION # Old name: AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) # LT_CMD_MAX_LEN #--------------- AC_DEFUN([LT_CMD_MAX_LEN], [AC_REQUIRE([AC_CANONICAL_HOST])dnl # find the maximum length of command line arguments AC_MSG_CHECKING([the maximum length of command line arguments]) AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl i=0 teststring="ABCD" case $build_os in msdosdjgpp*) # On DJGPP, this test can blow up pretty badly due to problems in libc # (any single argument exceeding 2000 bytes causes a buffer overrun # during glob expansion). Even if it were fixed, the result of this # check would be larger than it should be. lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; gnu*) # Under GNU Hurd, this test is not required because there is # no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; cygwin* | mingw* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, # you end up with a "frozen" computer, even though with patience # the test eventually succeeds (with a max line length of 256k). # Instead, let's just punt: use the minimum linelength reported by # all of the supported platforms: 8192 (on NT/2K/XP). lt_cv_sys_max_cmd_len=8192; ;; mint*) # On MiNT this can take a long time and run out of memory. lt_cv_sys_max_cmd_len=8192; ;; amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. lt_cv_sys_max_cmd_len=8192; ;; netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` elif test -x /usr/sbin/sysctl; then lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` else lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs fi # And add a safety zone lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ;; interix*) # We know the value 262144 and hardcode it with a safety zone (like BSD) lt_cv_sys_max_cmd_len=196608 ;; os2*) # The test takes a long time on OS/2. lt_cv_sys_max_cmd_len=8192 ;; osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not # nice to cause kernel panics so lets avoid the loop below. # First set a reasonable default. lt_cv_sys_max_cmd_len=16384 # if test -x /sbin/sysconfig; then case `/sbin/sysconfig -q proc exec_disable_arg_limit` in *1*) lt_cv_sys_max_cmd_len=-1 ;; esac fi ;; sco3.2v5*) lt_cv_sys_max_cmd_len=102400 ;; sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. for i in 1 2 3 4 5 6 7 8 ; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring done # Only check the string length outside the loop. lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` teststring= # Add a significant safety factor because C++ compilers can tack on # massive amounts of additional arguments before passing them to the # linker. It appears as though 1/2 is a usable value. lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` fi ;; esac ]) if test -n $lt_cv_sys_max_cmd_len ; then AC_MSG_RESULT($lt_cv_sys_max_cmd_len) else AC_MSG_RESULT(none) fi max_cmd_len=$lt_cv_sys_max_cmd_len _LT_DECL([], [max_cmd_len], [0], [What is the maximum length of a command?]) ])# LT_CMD_MAX_LEN # Old name: AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) # _LT_HEADER_DLFCN # ---------------- m4_defun([_LT_HEADER_DLFCN], [AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl ])# _LT_HEADER_DLFCN # _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, # ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) # ---------------------------------------------------------------- m4_defun([_LT_TRY_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl if test "$cross_compiling" = yes; then : [$4] else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF [#line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif /* When -fvisbility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else { if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; else puts (dlerror ()); } /* dlclose (self); */ } else puts (dlerror ()); return status; }] _LT_EOF if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) $1 ;; x$lt_dlneed_uscore) $2 ;; x$lt_dlunknown|x*) $3 ;; esac else : # compilation failed $3 fi fi rm -fr conftest* ])# _LT_TRY_DLOPEN_SELF # LT_SYS_DLOPEN_SELF # ------------------ AC_DEFUN([LT_SYS_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl if test "x$enable_dlopen" != xyes; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else lt_cv_dlopen=no lt_cv_dlopen_libs= case $host_os in beos*) lt_cv_dlopen="load_add_on" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) lt_cv_dlopen="LoadLibrary" lt_cv_dlopen_libs= ;; cygwin*) lt_cv_dlopen="dlopen" lt_cv_dlopen_libs= ;; darwin*) # if libdl is installed we need to link against it AC_CHECK_LIB([dl], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ lt_cv_dlopen="dyld" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ]) ;; *) AC_CHECK_FUNC([shl_load], [lt_cv_dlopen="shl_load"], [AC_CHECK_LIB([dld], [shl_load], [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"], [AC_CHECK_FUNC([dlopen], [lt_cv_dlopen="dlopen"], [AC_CHECK_LIB([dl], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], [AC_CHECK_LIB([svld], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], [AC_CHECK_LIB([dld], [dld_link], [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"]) ]) ]) ]) ]) ]) ;; esac if test "x$lt_cv_dlopen" != xno; then enable_dlopen=yes else enable_dlopen=no fi case $lt_cv_dlopen in dlopen) save_CPPFLAGS="$CPPFLAGS" test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" save_LDFLAGS="$LDFLAGS" wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" save_LIBS="$LIBS" LIBS="$lt_cv_dlopen_libs $LIBS" AC_CACHE_CHECK([whether a program can dlopen itself], lt_cv_dlopen_self, [dnl _LT_TRY_DLOPEN_SELF( lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) ]) if test "x$lt_cv_dlopen_self" = xyes; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" AC_CACHE_CHECK([whether a statically linked program can dlopen itself], lt_cv_dlopen_self_static, [dnl _LT_TRY_DLOPEN_SELF( lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) ]) fi CPPFLAGS="$save_CPPFLAGS" LDFLAGS="$save_LDFLAGS" LIBS="$save_LIBS" ;; esac case $lt_cv_dlopen_self in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case $lt_cv_dlopen_self_static in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi _LT_DECL([dlopen_support], [enable_dlopen], [0], [Whether dlopen is supported]) _LT_DECL([dlopen_self], [enable_dlopen_self], [0], [Whether dlopen of programs is supported]) _LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], [Whether dlopen of statically linked programs is supported]) ])# LT_SYS_DLOPEN_SELF # Old name: AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) # _LT_COMPILER_C_O([TAGNAME]) # --------------------------- # Check to see if options -c and -o are simultaneously supported by compiler. # This macro does not hard code the compiler like AC_PROG_CC_C_O. m4_defun([_LT_COMPILER_C_O], [m4_require([_LT_DECL_SED])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_TAG_COMPILER])dnl AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&AS_MESSAGE_LOG_FD echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes fi fi chmod u+w . 2>&AS_MESSAGE_LOG_FD $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* ]) _LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], [Does compiler simultaneously support -c and -o options?]) ])# _LT_COMPILER_C_O # _LT_COMPILER_FILE_LOCKS([TAGNAME]) # ---------------------------------- # Check to see if we can do hard links to lock some files if needed m4_defun([_LT_COMPILER_FILE_LOCKS], [m4_require([_LT_ENABLE_LOCK])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl _LT_COMPILER_C_O([$1]) hard_links="nottested" if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user AC_MSG_CHECKING([if we can lock with hard links]) hard_links=yes $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no AC_MSG_RESULT([$hard_links]) if test "$hard_links" = no; then AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) need_locks=warn fi else need_locks=no fi _LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) ])# _LT_COMPILER_FILE_LOCKS # _LT_CHECK_OBJDIR # ---------------- m4_defun([_LT_CHECK_OBJDIR], [AC_CACHE_CHECK([for objdir], [lt_cv_objdir], [rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi rmdir .libs 2>/dev/null]) objdir=$lt_cv_objdir _LT_DECL([], [objdir], [0], [The name of the directory that contains temporary libtool files])dnl m4_pattern_allow([LT_OBJDIR])dnl AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/", [Define to the sub-directory in which libtool stores uninstalled libraries.]) ])# _LT_CHECK_OBJDIR # _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) # -------------------------------------- # Check hardcoding attributes. m4_defun([_LT_LINKER_HARDCODE_LIBPATH], [AC_MSG_CHECKING([how to hardcode library paths into programs]) _LT_TAGVAR(hardcode_action, $1)= if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || test -n "$_LT_TAGVAR(runpath_var, $1)" || test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then # We can hardcode non-existent directories. if test "$_LT_TAGVAR(hardcode_direct, $1)" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no && test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then # Linking always hardcodes the temporary library directory. _LT_TAGVAR(hardcode_action, $1)=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. _LT_TAGVAR(hardcode_action, $1)=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. _LT_TAGVAR(hardcode_action, $1)=unsupported fi AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) if test "$_LT_TAGVAR(hardcode_action, $1)" = relink || test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi _LT_TAGDECL([], [hardcode_action], [0], [How to hardcode a shared library path into an executable]) ])# _LT_LINKER_HARDCODE_LIBPATH # _LT_CMD_STRIPLIB # ---------------- m4_defun([_LT_CMD_STRIPLIB], [m4_require([_LT_DECL_EGREP]) striplib= old_striplib= AC_MSG_CHECKING([whether stripping libraries is possible]) if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" AC_MSG_RESULT([yes]) else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) if test -n "$STRIP" ; then striplib="$STRIP -x" old_striplib="$STRIP -S" AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi ;; *) AC_MSG_RESULT([no]) ;; esac fi _LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) _LT_DECL([], [striplib], [1]) ])# _LT_CMD_STRIPLIB # _LT_SYS_DYNAMIC_LINKER([TAG]) # ----------------------------- # PORTME Fill in your ld.so characteristics m4_defun([_LT_SYS_DYNAMIC_LINKER], [AC_REQUIRE([AC_CANONICAL_HOST])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_OBJDUMP])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_CHECK_SHELL_FEATURES])dnl AC_MSG_CHECKING([dynamic linker characteristics]) m4_if([$1], [], [ if test "$GCC" = yes; then case $host_os in darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; *) lt_awk_arg="/^libraries:/" ;; esac case $host_os in mingw* | cegcc*) lt_sed_strip_eq="s,=\([[A-Za-z]]:\),\1,g" ;; *) lt_sed_strip_eq="s,=/,/,g" ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` case $lt_search_path_spec in *\;*) # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` ;; *) lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` ;; esac # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary. lt_tmp_lt_search_path_spec= lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` for lt_sys_path in $lt_search_path_spec; do if test -d "$lt_sys_path/$lt_multi_os_dir"; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" else test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' BEGIN {RS=" "; FS="/|\n";} { lt_foo=""; lt_count=0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { lt_foo="/" $lt_i lt_foo; } else { lt_count--; } } } } if (lt_foo != "") { lt_freq[[lt_foo]]++; } if (lt_freq[[lt_foo]] == 1) { print lt_foo; } }'` # AWK program above erroneously prepends '/' to C:/dos/paths # for these hosts. case $host_os in mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ $SED 's,/\([[A-Za-z]]:\),\1,g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi]) library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[[4-9]]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[[01]] | aix4.[[01]].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) case $host_cpu in powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[[45]]*) version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32* | cegcc*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$cc_basename in yes,*) # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname~ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; fi' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' ;; esac dynamic_linker='Win32 ld.exe' ;; *,cl*) # Native MSVC libname_spec='$name' soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' library_names_spec='${libname}.dll.lib' case $build_os in mingw*) sys_lib_search_path_spec= lt_save_ifs=$IFS IFS=';' for lt_path in $LIB do IFS=$lt_save_ifs # Let DOS variable expansion print the short 8.3 style file name. lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" done IFS=$lt_save_ifs # Convert to MSYS style. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'` ;; cygwin*) # Convert to unix form, then to dos form, then back to unix form # but this time dos style (no spaces!) so that the unix form looks # like /cygdrive/c/PROGRA~1:/cygdr... sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ;; *) sys_lib_search_path_spec="$LIB" if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then # It is most probably a Windows format PATH. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi # FIXME: find the short name or the path components, as spaces are # common. (e.g. "Program Files" -> "PROGRA~1") ;; esac # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes dynamic_linker='Win32 link.exe' ;; *) # Assume MSVC wrapper library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' dynamic_linker='Win32 ld.exe' ;; esac # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[[23]].*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2.*) shlibpath_overrides_runpath=yes ;; freebsd3.[[01]]* | freebsdelf3.[[01]]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; haiku*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LIBRARY_PATH shlibpath_overrides_runpath=yes sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555, ... postinstall_cmds='chmod 555 $lib' # or fails outright, so override atomically: install_override_mode=555 ;; interix[[3-9]]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # Some binutils ld are patched to set DT_RUNPATH AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath], [lt_cv_shlibpath_overrides_runpath=no save_LDFLAGS=$LDFLAGS save_libdir=$libdir eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], [lt_cv_shlibpath_overrides_runpath=yes])]) LDFLAGS=$save_LDFLAGS libdir=$save_libdir ]) shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Add ABI-specific directories to the system library path. sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; *nto* | *qnx*) version_type=qnx need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[[89]] | openbsd2.[[89]].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; uts4*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac AC_MSG_RESULT([$dynamic_linker]) test "$dynamic_linker" = no && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" fi if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" fi _LT_DECL([], [variables_saved_for_relink], [1], [Variables whose values should be saved in libtool wrapper scripts and restored at link time]) _LT_DECL([], [need_lib_prefix], [0], [Do we need the "lib" prefix for modules?]) _LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) _LT_DECL([], [version_type], [0], [Library versioning type]) _LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) _LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) _LT_DECL([], [shlibpath_overrides_runpath], [0], [Is shlibpath searched before the hard-coded library search path?]) _LT_DECL([], [libname_spec], [1], [Format of library name prefix]) _LT_DECL([], [library_names_spec], [1], [[List of archive names. First name is the real one, the rest are links. The last name is the one that the linker finds with -lNAME]]) _LT_DECL([], [soname_spec], [1], [[The coded name of the library, if different from the real name]]) _LT_DECL([], [install_override_mode], [1], [Permission mode override for installation of shared libraries]) _LT_DECL([], [postinstall_cmds], [2], [Command to use after installation of a shared archive]) _LT_DECL([], [postuninstall_cmds], [2], [Command to use after uninstallation of a shared archive]) _LT_DECL([], [finish_cmds], [2], [Commands used to finish a libtool library installation in a directory]) _LT_DECL([], [finish_eval], [1], [[As "finish_cmds", except a single script fragment to be evaled but not shown]]) _LT_DECL([], [hardcode_into_libs], [0], [Whether we should hardcode library paths into libraries]) _LT_DECL([], [sys_lib_search_path_spec], [2], [Compile-time system search path for libraries]) _LT_DECL([], [sys_lib_dlsearch_path_spec], [2], [Run-time system search path for libraries]) ])# _LT_SYS_DYNAMIC_LINKER # _LT_PATH_TOOL_PREFIX(TOOL) # -------------------------- # find a file program which can recognize shared library AC_DEFUN([_LT_PATH_TOOL_PREFIX], [m4_require([_LT_DECL_EGREP])dnl AC_MSG_CHECKING([for $1]) AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, [case $MAGIC_CMD in [[\\/*] | ?:[\\/]*]) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR dnl $ac_dummy forces splitting on constant user-supplied paths. dnl POSIX.2 word splitting is done only on the output of word expansions, dnl not every word. This closes a longstanding sh security hole. ac_dummy="m4_if([$2], , $PATH, [$2])" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$1; then lt_cv_path_MAGIC_CMD="$ac_dir/$1" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac]) MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then AC_MSG_RESULT($MAGIC_CMD) else AC_MSG_RESULT(no) fi _LT_DECL([], [MAGIC_CMD], [0], [Used to examine libraries when file_magic_cmd begins with "file"])dnl ])# _LT_PATH_TOOL_PREFIX # Old name: AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) # _LT_PATH_MAGIC # -------------- # find a file program which can recognize a shared library m4_defun([_LT_PATH_MAGIC], [_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) else MAGIC_CMD=: fi fi ])# _LT_PATH_MAGIC # LT_PATH_LD # ---------- # find the pathname to the GNU or non-GNU linker AC_DEFUN([LT_PATH_LD], [AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_PROG_ECHO_BACKSLASH])dnl AC_ARG_WITH([gnu-ld], [AS_HELP_STRING([--with-gnu-ld], [assume the C compiler uses GNU ld @<:@default=no@:>@])], [test "$withval" = no || with_gnu_ld=yes], [with_gnu_ld=no])dnl ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. AC_MSG_CHECKING([for ld used by $CC]) case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [[\\/]]* | ?:[[\\/]]*) re_direlt='/[[^/]][[^/]]*/\.\./' # Canonicalize the pathname of ld ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then AC_MSG_CHECKING([for GNU ld]) else AC_MSG_CHECKING([for non-GNU ld]) fi AC_CACHE_VAL(lt_cv_path_LD, [if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else # Keep this pattern in sync with the one in func_win32_libid. lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; cegcc*) # use the weaker test based on 'objdump'. See mingw*. lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' lt_cv_file_magic_cmd='$OBJDUMP -f' ;; darwin* | rhapsody*) lt_cv_deplibs_check_method=pass_all ;; freebsd* | dragonfly*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac else lt_cv_deplibs_check_method=pass_all fi ;; gnu*) lt_cv_deplibs_check_method=pass_all ;; haiku*) lt_cv_deplibs_check_method=pass_all ;; hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'] lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac ;; interix[[3-9]]*) # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' ;; irix5* | irix6* | nonstopux*) case $LD in *-32|*"-32 ") libmagic=32-bit;; *-n32|*"-n32 ") libmagic=N32;; *-64|*"-64 ") libmagic=64-bit;; *) libmagic=never-match;; esac lt_cv_deplibs_check_method=pass_all ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' fi ;; newos6*) lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; *nto* | *qnx*) lt_cv_deplibs_check_method=pass_all ;; openbsd*) if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' fi ;; osf3* | osf4* | osf5*) lt_cv_deplibs_check_method=pass_all ;; rdos*) lt_cv_deplibs_check_method=pass_all ;; solaris*) lt_cv_deplibs_check_method=pass_all ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) lt_cv_deplibs_check_method=pass_all ;; sysv4 | sysv4.3*) case $host_vendor in motorola) lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` ;; ncr) lt_cv_deplibs_check_method=pass_all ;; sequent) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' ;; sni) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" lt_cv_file_magic_test_file=/lib/libc.so ;; siemens) lt_cv_deplibs_check_method=pass_all ;; pc) lt_cv_deplibs_check_method=pass_all ;; esac ;; tpf*) lt_cv_deplibs_check_method=pass_all ;; esac ]) file_magic_glob= want_nocaseglob=no if test "$build" = "$host"; then case $host_os in mingw* | pw32*) if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then want_nocaseglob=yes else file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"` fi ;; esac fi file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method test -z "$deplibs_check_method" && deplibs_check_method=unknown _LT_DECL([], [deplibs_check_method], [1], [Method to check whether dependent libraries are shared objects]) _LT_DECL([], [file_magic_cmd], [1], [Command to use when deplibs_check_method = "file_magic"]) _LT_DECL([], [file_magic_glob], [1], [How to find potential files when deplibs_check_method = "file_magic"]) _LT_DECL([], [want_nocaseglob], [1], [Find potential files using nocaseglob when deplibs_check_method = "file_magic"]) ])# _LT_CHECK_MAGIC_METHOD # LT_PATH_NM # ---------- # find the pathname to a BSD- or MS-compatible name lister AC_DEFUN([LT_PATH_NM], [AC_REQUIRE([AC_PROG_CC])dnl AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, [if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM="$NM" else lt_nm_to_check="${ac_tool_prefix}nm" if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. tmp_nm="$ac_dir/$lt_tmp_nm" if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in */dev/null* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags ;; esac ;; esac fi done IFS="$lt_save_ifs" done : ${lt_cv_path_NM=no} fi]) if test "$lt_cv_path_NM" != "no"; then NM="$lt_cv_path_NM" else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$DUMPBIN"; then : # Let the user override the test. else AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in *COFF*) DUMPBIN="$DUMPBIN -symbols" ;; *) DUMPBIN=: ;; esac fi AC_SUBST([DUMPBIN]) if test "$DUMPBIN" != ":"; then NM="$DUMPBIN" fi fi test -z "$NM" && NM=nm AC_SUBST([NM]) _LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], [lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&AS_MESSAGE_LOG_FD (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&AS_MESSAGE_LOG_FD (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD) cat conftest.out >&AS_MESSAGE_LOG_FD if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi rm -f conftest*]) ])# LT_PATH_NM # Old names: AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_PROG_NM], []) dnl AC_DEFUN([AC_PROG_NM], []) # _LT_CHECK_SHAREDLIB_FROM_LINKLIB # -------------------------------- # how to determine the name of the shared library # associated with a specific link library. # -- PORTME fill in with the dynamic library characteristics m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB], [m4_require([_LT_DECL_EGREP]) m4_require([_LT_DECL_OBJDUMP]) m4_require([_LT_DECL_DLLTOOL]) AC_CACHE_CHECK([how to associate runtime and link libraries], lt_cv_sharedlib_from_linklib_cmd, [lt_cv_sharedlib_from_linklib_cmd='unknown' case $host_os in cygwin* | mingw* | pw32* | cegcc*) # two different shell functions defined in ltmain.sh # decide which to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in *--identify-strict*) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib ;; *) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback ;; esac ;; *) # fallback: assume linklib IS sharedlib lt_cv_sharedlib_from_linklib_cmd="$ECHO" ;; esac ]) sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO _LT_DECL([], [sharedlib_from_linklib_cmd], [1], [Command to associate shared and link libraries]) ])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB # _LT_PATH_MANIFEST_TOOL # ---------------------- # locate the manifest tool m4_defun([_LT_PATH_MANIFEST_TOOL], [AC_CHECK_TOOL(MANIFEST_TOOL, mt, :) test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool], [lt_cv_path_mainfest_tool=no echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out cat conftest.err >&AS_MESSAGE_LOG_FD if $GREP 'Manifest Tool' conftest.out > /dev/null; then lt_cv_path_mainfest_tool=yes fi rm -f conftest*]) if test "x$lt_cv_path_mainfest_tool" != xyes; then MANIFEST_TOOL=: fi _LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl ])# _LT_PATH_MANIFEST_TOOL # LT_LIB_M # -------- # check for math library AC_DEFUN([LT_LIB_M], [AC_REQUIRE([AC_CANONICAL_HOST])dnl LIBM= case $host in *-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*) # These system don't have libm, or don't need it ;; *-ncr-sysv4.3*) AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") ;; *) AC_CHECK_LIB(m, cos, LIBM="-lm") ;; esac AC_SUBST([LIBM]) ])# LT_LIB_M # Old name: AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_CHECK_LIBM], []) # _LT_COMPILER_NO_RTTI([TAGNAME]) # ------------------------------- m4_defun([_LT_COMPILER_NO_RTTI], [m4_require([_LT_TAG_COMPILER])dnl _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= if test "$GCC" = yes; then case $cc_basename in nvcc*) _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; *) _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;; esac _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], lt_cv_prog_compiler_rtti_exceptions, [-fno-rtti -fno-exceptions], [], [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) fi _LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], [Compiler flag to turn off builtin functions]) ])# _LT_COMPILER_NO_RTTI # _LT_CMD_GLOBAL_SYMBOLS # ---------------------- m4_defun([_LT_CMD_GLOBAL_SYMBOLS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([LT_PATH_NM])dnl AC_REQUIRE([LT_PATH_LD])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_TAG_COMPILER])dnl # Check for command to grab the raw symbol name followed by C symbol from nm. AC_MSG_CHECKING([command to parse $NM output from $compiler object]) AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], [ # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[[BCDEGRST]]' # Regexp to match symbols that can be accessed directly from C. sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' # Define system-specific variables. case $host_os in aix*) symcode='[[BCDT]]' ;; cygwin* | mingw* | pw32* | cegcc*) symcode='[[ABCDGISTW]]' ;; hpux*) if test "$host_cpu" = ia64; then symcode='[[ABCDEGRST]]' fi ;; irix* | nonstopux*) symcode='[[BCDEGRST]]' ;; osf*) symcode='[[BCDEGQRST]]' ;; solaris*) symcode='[[BDRT]]' ;; sco3.2v5*) symcode='[[DT]]' ;; sysv4.2uw2*) symcode='[[DT]]' ;; sysv5* | sco5v6* | unixware* | OpenUNIX*) symcode='[[ABDT]]' ;; sysv4) symcode='[[DFNSTU]]' ;; esac # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[[ABCDGIRSTW]]' ;; esac # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'" lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'" # Handle CRLF in mingw tool chain opt_cr= case $build_os in mingw*) opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac # Try without a prefix underscore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function # and D for any global variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK ['"\ " {last_section=section; section=\$ 3};"\ " /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ " {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ " {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ " s[1]~/^[@?]/{print s[1], s[1]; next};"\ " s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx]" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* cat > conftest.$ac_ext <<_LT_EOF #ifdef __cplusplus extern "C" { #endif char nm_test_var; void nm_test_func(void); void nm_test_func(void){} #ifdef __cplusplus } #endif int main(){nm_test_var='a';nm_test_func();return(0);} _LT_EOF if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. nlist=conftest.nm if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if $GREP ' nm_test_var$' "$nlist" >/dev/null; then if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ #if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) /* DATA imports from DLLs on WIN32 con't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT@&t@_DLSYM_CONST #elif defined(__osf__) /* This system does not cope well with relocations in const data. */ # define LT@&t@_DLSYM_CONST #else # define LT@&t@_DLSYM_CONST const #endif #ifdef __cplusplus extern "C" { #endif _LT_EOF # Now generate the symbol file. eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' cat <<_LT_EOF >> conftest.$ac_ext /* The mapping between symbol names and symbols. */ LT@&t@_DLSYM_CONST struct { const char *name; void *address; } lt__PROGRAM__LTX_preloaded_symbols[[]] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt__PROGRAM__LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif _LT_EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext lt_globsym_save_LIBS=$LIBS lt_globsym_save_CFLAGS=$CFLAGS LIBS="conftstm.$ac_objext" CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then pipe_works=yes fi LIBS=$lt_globsym_save_LIBS CFLAGS=$lt_globsym_save_CFLAGS else echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD fi else echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD fi else echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD fi else echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD cat conftest.$ac_ext >&5 fi rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test "$pipe_works" = yes; then break else lt_cv_sys_global_symbol_pipe= fi done ]) if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then AC_MSG_RESULT(failed) else AC_MSG_RESULT(ok) fi # Response file support. if test "$lt_cv_nm_interface" = "MS dumpbin"; then nm_file_list_spec='@' elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then nm_file_list_spec='@' fi _LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], [Take the output of nm and produce a listing of raw symbols and C names]) _LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], [Transform the output of nm in a proper C declaration]) _LT_DECL([global_symbol_to_c_name_address], [lt_cv_sys_global_symbol_to_c_name_address], [1], [Transform the output of nm in a C name address pair]) _LT_DECL([global_symbol_to_c_name_address_lib_prefix], [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], [Transform the output of nm in a C name address pair when lib prefix is needed]) _LT_DECL([], [nm_file_list_spec], [1], [Specify filename containing input files for $NM]) ]) # _LT_CMD_GLOBAL_SYMBOLS # _LT_COMPILER_PIC([TAGNAME]) # --------------------------- m4_defun([_LT_COMPILER_PIC], [m4_require([_LT_TAG_COMPILER])dnl _LT_TAGVAR(lt_prog_compiler_wl, $1)= _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)= m4_if([$1], [CXX], [ # C++ specific cases for pic, static, wl, etc. if test "$GXX" = yes; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | os2* | pw32* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; *djgpp*) # DJGPP does not support shared libraries at all _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; haiku*) # PIC is the default for Haiku. # The "-static" flag exists, but is broken. _LT_TAGVAR(lt_prog_compiler_static, $1)= ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic fi ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac else case $host_os in aix[[4-9]]*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' fi ;; chorus*) case $cc_basename in cxch68*) # Green Hills C++ Compiler # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" ;; esac ;; mingw* | cygwin* | os2* | pw32* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; dgux*) case $cc_basename in ec++*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ;; ghcx*) # Green Hills C++ Compiler _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; *) ;; esac ;; freebsd* | dragonfly*) # FreeBSD uses GNU C++ ;; hpux9* | hpux10* | hpux11*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' if test "$host_cpu" != ia64; then _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' fi ;; aCC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' ;; esac ;; *) ;; esac ;; interix*) # This is c89, which is MS Visual C++ (no shared libs) # Anyone wants to do a port? ;; irix5* | irix6* | nonstopux*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' # CC pic flag -KPIC is the default. ;; *) ;; esac ;; linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in KCC*) # KAI C++ Compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; ecpc* ) # old Intel C++ for x86_64 which still supported -KPIC. _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; icpc* ) # Intel C++, used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; pgCC* | pgcpp*) # Portland Group C++ compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; cxx*) # Compaq C++ # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL 8.0, 9.0 on PPC and BlueGene _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; esac ;; esac ;; lynxos*) ;; m88k*) ;; mvs*) case $cc_basename in cxx*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' ;; *) ;; esac ;; netbsd*) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; osf3* | osf4* | osf5*) case $cc_basename in KCC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' ;; RCC*) # Rational C++ 2.4.1 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; cxx*) # Digital/Compaq C++ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; *) ;; esac ;; psos*) ;; solaris*) case $cc_basename in CC* | sunCC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; gcx*) # Green Hills C++ Compiler _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' ;; *) ;; esac ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; lcc*) # Lucid _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; *) ;; esac ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ;; *) ;; esac ;; vxworks*) ;; *) _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; esac fi ], [ if test "$GCC" = yes; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; haiku*) # PIC is the default for Haiku. # The "-static" flag exists, but is broken. _LT_TAGVAR(lt_prog_compiler_static, $1)= ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no enable_shared=no ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic fi ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" fi ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' fi ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; hpux9* | hpux10* | hpux11*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # PIC (with -KPIC) is the default. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in # old Intel for x86_64 which still supported -KPIC. ecc*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; # Lahey Fortran 8.1. lf95*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' ;; nagfor*) # NAG Fortran compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; ccc*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # All Alpha code is PIC. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; xl* | bgxl* | bgf* | mpixl*) # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='' ;; *Sun\ F* | *Sun*Fortran*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; *Intel*\ [[CF]]*Compiler*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; *Portland\ Group*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; esac ;; esac ;; newsos6) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; osf3* | osf4* | osf5*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # All OSF/1 code is PIC. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; rdos*) _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; solaris*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' case $cc_basename in f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; *) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; esac ;; sunos4*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; unicos*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; uts4*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; *) _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; esac fi ]) case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" ;; esac AC_CACHE_CHECK([for $compiler option to produce PIC], [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)], [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) _LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1) # # Check to make sure the PIC flag actually works. # if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in "" | " "*) ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; esac], [_LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) fi _LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], [Additional compiler flags for building library objects]) _LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], [How to pass a linker flag through the compiler]) # # Check to make sure the static flag actually works. # wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" _LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), $lt_tmp_static_flag, [], [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) _LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], [Compiler flag to prevent dynamic linking]) ])# _LT_COMPILER_PIC # _LT_LINKER_SHLIBS([TAGNAME]) # ---------------------------- # See if the linker supports building shared libraries. m4_defun([_LT_LINKER_SHLIBS], [AC_REQUIRE([LT_PATH_LD])dnl AC_REQUIRE([LT_PATH_NM])dnl m4_require([_LT_PATH_MANIFEST_TOOL])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl m4_require([_LT_TAG_COMPILER])dnl AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) m4_if([$1], [CXX], [ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] case $host_os in aix[[4-9]]*) # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm # Also, AIX nm treats weak defined symbols like other global defined # symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi ;; pw32*) _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" ;; cygwin* | mingw* | cegcc*) case $cc_basename in cl*) _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] ;; esac ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; esac ], [ runpath_var= _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_cmds, $1)= _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(compiler_needs_object, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(old_archive_from_new_cmds, $1)= _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= _LT_TAGVAR(thread_safe_flag_spec, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list _LT_TAGVAR(include_expsyms, $1)= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. dnl Note also adjust exclude_expsyms for C++ above. extract_expsyms_cmds= case $host_os in cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; esac _LT_TAGVAR(ld_shlibs, $1)=yes # On some targets, GNU ld is compatible enough with the native linker # that we're better off using the native interface for both. lt_use_gnu_ld_interface=no if test "$with_gnu_ld" = yes; then case $host_os in aix*) # The AIX port of GNU ld has always aspired to compatibility # with the native linker. However, as the warning in the GNU ld # block says, versions before 2.19.5* couldn't really create working # shared libraries, regardless of the interface used. case `$LD -v 2>&1` in *\ \(GNU\ Binutils\)\ 2.19.5*) ;; *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;; *\ \(GNU\ Binutils\)\ [[3-9]]*) ;; *) lt_use_gnu_ld_interface=yes ;; esac ;; *) lt_use_gnu_ld_interface=yes ;; esac fi if test "$lt_use_gnu_ld_interface" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi supports_anon_versioning=no case `$LD -v 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[[3-9]]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: the GNU linker, at least up to release 2.19, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to install binutils *** 2.20 or above, or modify your PATH so that a non-GNU linker is found. *** You will then need to restart the configuration process. _LT_EOF fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; cygwin* | mingw* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; haiku*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes ;; interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no if test "$host_os" = linux-dietlibc; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ && test "$tmp_diet" = no then tmp_addflag=' $pic_flag' tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group f77 and f90 compilers _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; lf95*) # Lahey Fortran 8.1 _LT_TAGVAR(whole_archive_flag_spec, $1)= tmp_sharedflag='--shared' ;; xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; nvcc*) # Cuda Compiler Driver 2.2 _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi case $cc_basename in xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) # For security reasons, it is highly recommended that you always # use absolute paths for naming shared libraries, and exclude the # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; sunos4*) _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then runpath_var= _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. _LT_TAGVAR(hardcode_minus_L, $1)=yes if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. _LT_TAGVAR(hardcode_direct, $1)=unsupported fi ;; aix[[4-9]]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm # Also, AIX nm treats weak defined symbols like other global # defined symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. _LT_TAGVAR(archive_cmds, $1)='' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' if test "$GCC" = yes; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 _LT_TAGVAR(hardcode_direct, $1)=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. _LT_TAGVAR(always_export_symbols, $1)=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' if test "$with_gnu_ld" = yes; then # We only use this code for GNU lds that support --whole-archive. _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared libraries. _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac ;; bsdi[[45]]*) _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic ;; cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in cl*) # Native MSVC _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(file_list_spec, $1)='@' # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; else sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; fi~ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ lt_tool_outputfile="@TOOL_OUTPUT@"~ case $lt_outputfile in *.exe|*.EXE) ;; *) lt_outputfile="$lt_outputfile.exe" lt_tool_outputfile="$lt_tool_outputfile.exe" ;; esac~ if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; $RM "$lt_outputfile.manifest"; fi' ;; *) # Assume MSVC wrapper _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' # FIXME: Should let the user specify the lib program. _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes ;; esac ;; darwin* | rhapsody*) _LT_DARWIN_LINKER_FEATURES($1) ;; dgux*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2.*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; hpux9*) if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ;; hpux10*) if test "$GCC" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes fi ;; hpux11*) if test "$GCC" = yes && test "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) m4_if($1, [], [ # Older versions of the 11.00 compiler do not understand -b yet # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) _LT_LINKER_OPTION([if $CC understands -b], _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) ;; esac fi if test "$with_gnu_ld" = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. # This should be the same for all languages, so no per-tag cache variable. AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol], [lt_cv_irix_exported_symbol], [save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" AC_LINK_IFELSE( [AC_LANG_SOURCE( [AC_LANG_CASE([C], [[int foo (void) { return 0; }]], [C++], [[int foo (void) { return 0; }]], [Fortran 77], [[ subroutine foo end]], [Fortran], [[ subroutine foo end]])])], [lt_cv_irix_exported_symbol=yes], [lt_cv_irix_exported_symbol=no]) LDFLAGS="$save_LDFLAGS"]) if test "$lt_cv_irix_exported_symbol" = yes; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' fi else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes _LT_TAGVAR(link_all_deplibs, $1)=yes ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; newsos6) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *nto* | *qnx*) ;; openbsd*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' else case $host_os in openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' ;; esac fi else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; os2*) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_separator, $1)=: ;; solaris*) _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' if test "$GCC" = yes; then wlarc='${wl}' _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) wlarc='${wl}' _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. GCC discards it without `$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test "$GCC" = yes; then _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' else _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' fi ;; esac _LT_TAGVAR(link_all_deplibs, $1)=yes ;; sunos4*) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; sysv4) case $host_vendor in sni) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' _LT_TAGVAR(hardcode_direct, $1)=no ;; motorola) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; sysv4.3*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes _LT_TAGVAR(ld_shlibs, $1)=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(ld_shlibs, $1)=no ;; esac if test x$host_vendor = xsni; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym' ;; esac fi fi ]) AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no _LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld _LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl _LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl _LT_DECL([], [extract_expsyms_cmds], [2], [The commands to extract the exported symbol list from a shared archive]) # # Do we need to explicitly link libc? # case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in x|xyes) # Assume -lc should be added _LT_TAGVAR(archive_cmds_need_lc, $1)=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $_LT_TAGVAR(archive_cmds, $1) in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. AC_CACHE_CHECK([whether -lc should be explicitly linked in], [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1), [$RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if AC_TRY_EVAL(ac_compile) 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) _LT_TAGVAR(allow_undefined_flag, $1)= if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) then lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no else lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes fi _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $RM conftest* ]) _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1) ;; esac fi ;; esac _LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], [Whether or not to add -lc for building shared libraries]) _LT_TAGDECL([allow_libtool_libs_with_static_runtimes], [enable_shared_with_static_runtimes], [0], [Whether or not to disallow shared libs when runtime libs are static]) _LT_TAGDECL([], [export_dynamic_flag_spec], [1], [Compiler flag to allow reflexive dlopens]) _LT_TAGDECL([], [whole_archive_flag_spec], [1], [Compiler flag to generate shared objects directly from archives]) _LT_TAGDECL([], [compiler_needs_object], [1], [Whether the compiler copes with passing no objects directly]) _LT_TAGDECL([], [old_archive_from_new_cmds], [2], [Create an old-style archive from a shared archive]) _LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], [Create a temporary old-style archive to link instead of a shared archive]) _LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) _LT_TAGDECL([], [archive_expsym_cmds], [2]) _LT_TAGDECL([], [module_cmds], [2], [Commands used to build a loadable module if different from building a shared archive.]) _LT_TAGDECL([], [module_expsym_cmds], [2]) _LT_TAGDECL([], [with_gnu_ld], [1], [Whether we are building with GNU ld or not]) _LT_TAGDECL([], [allow_undefined_flag], [1], [Flag that allows shared libraries with undefined symbols to be built]) _LT_TAGDECL([], [no_undefined_flag], [1], [Flag that enforces no undefined symbols]) _LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], [Flag to hardcode $libdir into a binary during linking. This must work even if $libdir does not exist]) _LT_TAGDECL([], [hardcode_libdir_separator], [1], [Whether we need a single "-rpath" flag with a separated argument]) _LT_TAGDECL([], [hardcode_direct], [0], [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_direct_absolute], [0], [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the resulting binary and the resulting library dependency is "absolute", i.e impossible to change by setting ${shlibpath_var} if the library is relocated]) _LT_TAGDECL([], [hardcode_minus_L], [0], [Set to "yes" if using the -LDIR flag during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_shlibpath_var], [0], [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_automatic], [0], [Set to "yes" if building a shared library automatically hardcodes DIR into the library and all subsequent libraries and executables linked against it]) _LT_TAGDECL([], [inherit_rpath], [0], [Set to yes if linker adds runtime paths of dependent libraries to runtime path list]) _LT_TAGDECL([], [link_all_deplibs], [0], [Whether libtool must link a program against all its dependency libraries]) _LT_TAGDECL([], [always_export_symbols], [0], [Set to "yes" if exported symbols are required]) _LT_TAGDECL([], [export_symbols_cmds], [2], [The commands to list exported symbols]) _LT_TAGDECL([], [exclude_expsyms], [1], [Symbols that should not be listed in the preloaded symbols]) _LT_TAGDECL([], [include_expsyms], [1], [Symbols that must always be exported]) _LT_TAGDECL([], [prelink_cmds], [2], [Commands necessary for linking programs (against libraries) with templates]) _LT_TAGDECL([], [postlink_cmds], [2], [Commands necessary for finishing linking programs]) _LT_TAGDECL([], [file_list_spec], [1], [Specify filename containing input files]) dnl FIXME: Not yet implemented dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], dnl [Compiler flag to generate thread safe objects]) ])# _LT_LINKER_SHLIBS # _LT_LANG_C_CONFIG([TAG]) # ------------------------ # Ensure that the configuration variables for a C compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write # the compiler configuration to `libtool'. m4_defun([_LT_LANG_C_CONFIG], [m4_require([_LT_DECL_EGREP])dnl lt_save_CC="$CC" AC_LANG_PUSH(C) # Source file extension for C test sources. ac_ext=c # Object file extension for compiled C test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(){return(0);}' _LT_TAG_COMPILER # Save the default compiler, since it gets overwritten when the other # tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. compiler_DEFAULT=$CC # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) LT_SYS_DLOPEN_SELF _LT_CMD_STRIPLIB # Report which library types will actually be built AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_CONFIG($1) fi AC_LANG_POP CC="$lt_save_CC" ])# _LT_LANG_C_CONFIG # _LT_LANG_CXX_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a C++ compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write # the compiler configuration to `libtool'. m4_defun([_LT_LANG_CXX_CONFIG], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_PATH_MANIFEST_TOOL])dnl if test -n "$CXX" && ( test "X$CXX" != "Xno" && ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || (test "X$CXX" != "Xg++"))) ; then AC_PROG_CXXCPP else _lt_caught_CXX_error=yes fi AC_LANG_PUSH(C++) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(compiler_needs_object, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for C++ test sources. ac_ext=cpp # Object file extension for compiled C++ test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the CXX compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test "$_lt_caught_CXX_error" != yes; then # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_LD=$LD lt_save_GCC=$GCC GCC=$GXX lt_save_with_gnu_ld=$with_gnu_ld lt_save_path_LD=$lt_cv_path_LD if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx else $as_unset lt_cv_prog_gnu_ld fi if test -n "${lt_cv_path_LDCXX+set}"; then lt_cv_path_LD=$lt_cv_path_LDCXX else $as_unset lt_cv_path_LD fi test -z "${LDCXX+set}" || LD=$LDCXX CC=${CXX-"c++"} CFLAGS=$CXXFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) if test -n "$compiler"; then # We don't want -fno-exception when compiling C++ code, so set the # no_builtin_flag separately if test "$GXX" = yes; then _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' else _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= fi if test "$GXX" = yes; then # Set up default GNU C++ configuration LT_PATH_LD # Check if GNU C++ uses GNU ld as the underlying linker, since the # archiving commands below assume that GNU ld is being used. if test "$with_gnu_ld" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # If archive_cmds runs LD, not CC, wlarc should be empty # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to # investigate it a little bit more. (MM) wlarc='${wl}' # ancient GNU ld didn't support --whole-archive et. al. if eval "`$CC -print-prog-name=ld` --help 2>&1" | $GREP 'no-whole-archive' > /dev/null; then _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi else with_gnu_ld=no wlarc= # A generic and very simple default shared library creation # command for GNU C++ for the case where it uses the native # linker, instead of GNU ld. If possible, this setting should # overridden to take advantage of the native linker features on # the platform it is being used on. _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' fi # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else GXX=no with_gnu_ld=no wlarc= fi # PORTME: fill in a description of your system's C++ link characteristics AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) _LT_TAGVAR(ld_shlibs, $1)=yes case $host_os in aix3*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aix[[4-9]]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do case $ld_flag in *-brtl*) aix_use_runtimelinking=yes break ;; esac done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. _LT_TAGVAR(archive_cmds, $1)='' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' if test "$GXX" = yes; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 _LT_TAGVAR(hardcode_direct, $1)=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)= fi esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to # export. _LT_TAGVAR(always_export_symbols, $1)=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an empty # executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX([$1]) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' if test "$with_gnu_ld" = yes; then # We only use this code for GNU lds that support --whole-archive. _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' fi _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared # libraries. _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; chorus*) case $cc_basename in *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; cygwin* | mingw* | pw32* | cegcc*) case $GXX,$cc_basename in ,cl* | no,cl*) # Native MSVC # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(file_list_spec, $1)='@' # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then $SED -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; else $SED -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; fi~ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes # Don't use ranlib _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ lt_tool_outputfile="@TOOL_OUTPUT@"~ case $lt_outputfile in *.exe|*.EXE) ;; *) lt_outputfile="$lt_outputfile.exe" lt_tool_outputfile="$lt_tool_outputfile.exe" ;; esac~ func_to_tool_file "$lt_outputfile"~ if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; $RM "$lt_outputfile.manifest"; fi' ;; *) # g++ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; darwin* | rhapsody*) _LT_DARWIN_LINKER_FEATURES($1) ;; dgux*) case $cc_basename in ec++*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; ghcx*) # Green Hills C++ Compiler # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; freebsd2.*) # C++ shared libraries reported to be fairly broken before # switch to ELF _LT_TAGVAR(ld_shlibs, $1)=no ;; freebsd-elf*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; freebsd* | dragonfly*) # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF # conventions _LT_TAGVAR(ld_shlibs, $1)=yes ;; gnu*) ;; haiku*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(link_all_deplibs, $1)=yes ;; hpux9*) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default # location of the library. case $cc_basename in CC*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aCC*) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes; then _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; hpux10*|hpux11*) if test $with_gnu_ld = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) ;; *) _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ;; esac fi case $host_cpu in hppa*64*|ia64*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default # location of the library. ;; esac case $cc_basename in CC*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aCC*) case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes; then if test $with_gnu_ld = no; then case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac fi else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; irix5* | irix6*) case $cc_basename in CC*) # SGI C++ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' # Archives containing C++ object files must be created using # "CC -ar", where "CC" is the IRIX C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' ;; *) if test "$GXX" = yes; then if test "$with_gnu_ld" = no; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` -o $lib' fi fi _LT_TAGVAR(link_all_deplibs, $1)=yes ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes ;; linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # Archives containing C++ object files must be created using # "CC -Bstatic", where "CC" is the KAI C++ compiler. _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; icpc* | ecpc* ) # Intel C++ with_gnu_ld=yes # version 8.0 and above of icpc choke on multiply defined symbols # if we add $predep_objects and $postdep_objects, however 7.1 and # earlier do not add the objects themselves. case `$CC -V 2>&1` in *"Version 7."*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ;; *) # Version 8.0 or newer tmp_idyn= case $host_cpu in ia64*) tmp_idyn=' -i_dynamic';; esac _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ;; esac _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' ;; pgCC* | pgcpp*) # Portland Group C++ compiler case `$CC -V` in *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ $RANLIB $oldlib' _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ;; *) # Version 6 and above use weak symbols _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' ;; cxx*) # Compaq C++ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' runpath_var=LD_RUN_PATH _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' ;; xl* | mpixl* | bgxl*) # IBM XL 8.0 on PPC, with GNU ld _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes # Not sure whether something based on # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 # would be better. output_verbose_link_cmd='func_echo_all' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ;; esac ;; esac ;; lynxos*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; m88k*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; mvs*) case $cc_basename in cxx*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' wlarc= _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no fi # Workaround some broken pre-1.5 toolchains output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' ;; *nto* | *qnx*) _LT_TAGVAR(ld_shlibs, $1)=yes ;; openbsd2*) # C++ shared libraries are fairly broken _LT_TAGVAR(ld_shlibs, $1)=no ;; openbsd*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' fi output_verbose_link_cmd=func_echo_all else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; osf3* | osf4* | osf5*) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Archives containing C++ object files must be created using # the KAI C++ compiler. case $host in osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; esac ;; RCC*) # Rational C++ 2.4.1 # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; cxx*) case $host in osf3*) _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && func_echo_all "${wl}-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' ;; *) _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ echo "-hidden">> $lib.exp~ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~ $RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' ;; esac _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' case $host in osf3*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; psos*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; lcc*) # Lucid # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; solaris*) case $cc_basename in CC* | sunCC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(archive_cmds_need_lc,$1)=yes _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. # Supported since Solaris 2.6 (maybe 2.5.1?) _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;; esac _LT_TAGVAR(link_all_deplibs, $1)=yes output_verbose_link_cmd='func_echo_all' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ;; gcx*) # Green Hills C++ Compiler _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' # The C++ compiler must be used to create the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' ;; *) # GNU C++ compiler with Solaris linker if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' if $CC --version | $GREP -v '^2\.7' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared $pic_flag -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' else # g++ 2.7 appears to require `-G' NOT `-shared' on this # platform. _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' ;; esac fi ;; esac ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' case $cc_basename in CC*) _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' runpath_var='LD_RUN_PATH' case $cc_basename in CC*) _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ '"$_LT_TAGVAR(old_archive_cmds, $1)" _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ '"$_LT_TAGVAR(reload_cmds, $1)" ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; vxworks*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no _LT_TAGVAR(GCC, $1)="$GXX" _LT_TAGVAR(LD, $1)="$LD" ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_SYS_HIDDEN_LIBDEPS($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS LDCXX=$LD LD=$lt_save_LD GCC=$lt_save_GCC with_gnu_ld=$lt_save_with_gnu_ld lt_cv_path_LDCXX=$lt_cv_path_LD lt_cv_path_LD=$lt_save_path_LD lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld fi # test "$_lt_caught_CXX_error" != yes AC_LANG_POP ])# _LT_LANG_CXX_CONFIG # _LT_FUNC_STRIPNAME_CNF # ---------------------- # func_stripname_cnf prefix suffix name # strip PREFIX and SUFFIX off of NAME. # PREFIX and SUFFIX must not contain globbing or regex special # characters, hashes, percent signs, but SUFFIX may contain a leading # dot (in which case that matches only a dot). # # This function is identical to the (non-XSI) version of func_stripname, # except this one can be used by m4 code that may be executed by configure, # rather than the libtool script. m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl AC_REQUIRE([_LT_DECL_SED]) AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH]) func_stripname_cnf () { case ${2} in .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; esac } # func_stripname_cnf ])# _LT_FUNC_STRIPNAME_CNF # _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) # --------------------------------- # Figure out "hidden" library dependencies from verbose # compiler output when linking a shared library. # Parse the compiler output and extract the necessary # objects, libraries and library flags. m4_defun([_LT_SYS_HIDDEN_LIBDEPS], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl # Dependencies to place before and after the object being linked: _LT_TAGVAR(predep_objects, $1)= _LT_TAGVAR(postdep_objects, $1)= _LT_TAGVAR(predeps, $1)= _LT_TAGVAR(postdeps, $1)= _LT_TAGVAR(compiler_lib_search_path, $1)= dnl we can't use the lt_simple_compile_test_code here, dnl because it contains code intended for an executable, dnl not a library. It's possible we should let each dnl tag define a new lt_????_link_test_code variable, dnl but it's only used here... m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF int a; void foo (void) { a = 0; } _LT_EOF ], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF class Foo { public: Foo (void) { a = 0; } private: int a; }; _LT_EOF ], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF subroutine foo implicit none integer*4 a a=0 return end _LT_EOF ], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF subroutine foo implicit none integer a a=0 return end _LT_EOF ], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF public class foo { private int a; public void bar (void) { a = 0; } }; _LT_EOF ], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF package foo func foo() { } _LT_EOF ]) _lt_libdeps_save_CFLAGS=$CFLAGS case "$CC $CFLAGS " in #( *\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; *\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; *\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; esac dnl Parse the compiler output and extract the necessary dnl objects, libraries and library flags. if AC_TRY_EVAL(ac_compile); then # Parse the compiler output and extract the necessary # objects, libraries and library flags. # Sentinel used to keep track of whether or not we are before # the conftest object file. pre_test_object_deps_done=no for p in `eval "$output_verbose_link_cmd"`; do case ${prev}${p} in -L* | -R* | -l*) # Some compilers place space between "-{L,R}" and the path. # Remove the space. if test $p = "-L" || test $p = "-R"; then prev=$p continue fi # Expand the sysroot to ease extracting the directories later. if test -z "$prev"; then case $p in -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;; -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;; -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;; esac fi case $p in =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; esac if test "$pre_test_object_deps_done" = no; then case ${prev} in -L | -R) # Internal compiler library paths should come after those # provided the user. The postdeps already come after the # user supplied libs so there is no need to process them. if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}" else _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}" fi ;; # The "-l" case would never come before the object being # linked, so don't bother handling this case. esac else if test -z "$_LT_TAGVAR(postdeps, $1)"; then _LT_TAGVAR(postdeps, $1)="${prev}${p}" else _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}" fi fi prev= ;; *.lto.$objext) ;; # Ignore GCC LTO objects *.$objext) # This assumes that the test object file only shows up # once in the compiler output. if test "$p" = "conftest.$objext"; then pre_test_object_deps_done=yes continue fi if test "$pre_test_object_deps_done" = no; then if test -z "$_LT_TAGVAR(predep_objects, $1)"; then _LT_TAGVAR(predep_objects, $1)="$p" else _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" fi else if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then _LT_TAGVAR(postdep_objects, $1)="$p" else _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" fi fi ;; *) ;; # Ignore the rest. esac done # Clean up. rm -f a.out a.exe else echo "libtool.m4: error: problem compiling $1 test program" fi $RM -f confest.$objext CFLAGS=$_lt_libdeps_save_CFLAGS # PORTME: override above test on systems where it is broken m4_if([$1], [CXX], [case $host_os in interix[[3-9]]*) # Interix 3.5 installs completely hosed .la files for C++, so rather than # hack all around it, let's just trust "g++" to DTRT. _LT_TAGVAR(predep_objects,$1)= _LT_TAGVAR(postdep_objects,$1)= _LT_TAGVAR(postdeps,$1)= ;; linux*) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac if test "$solaris_use_stlport4" != yes; then _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' fi ;; esac ;; solaris*) case $cc_basename in CC* | sunCC*) # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac # Adding this requires a known-good setup of shared libraries for # Sun compiler versions before 5.6, else PIC objects from an old # archive will be linked into the output, leading to subtle bugs. if test "$solaris_use_stlport4" != yes; then _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' fi ;; esac ;; esac ]) case " $_LT_TAGVAR(postdeps, $1) " in *" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; esac _LT_TAGVAR(compiler_lib_search_dirs, $1)= if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'` fi _LT_TAGDECL([], [compiler_lib_search_dirs], [1], [The directories searched by this compiler when creating a shared library]) _LT_TAGDECL([], [predep_objects], [1], [Dependencies to place before and after the objects being linked to create a shared library]) _LT_TAGDECL([], [postdep_objects], [1]) _LT_TAGDECL([], [predeps], [1]) _LT_TAGDECL([], [postdeps], [1]) _LT_TAGDECL([], [compiler_lib_search_path], [1], [The library search path used internally by the compiler when linking a shared library]) ])# _LT_SYS_HIDDEN_LIBDEPS # _LT_LANG_F77_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a Fortran 77 compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_F77_CONFIG], [AC_LANG_PUSH(Fortran 77) if test -z "$F77" || test "X$F77" = "Xno"; then _lt_disable_F77=yes fi _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for f77 test sources. ac_ext=f # Object file extension for compiled f77 test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the F77 compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test "$_lt_disable_F77" != yes; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t return end " # Code to be used in simple link tests lt_simple_link_test_code="\ program t end " # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_GCC=$GCC lt_save_CFLAGS=$CFLAGS CC=${F77-"f77"} CFLAGS=$FFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) GCC=$G77 if test -n "$compiler"; then AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_TAGVAR(GCC, $1)="$G77" _LT_TAGVAR(LD, $1)="$LD" ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" GCC=$lt_save_GCC CC="$lt_save_CC" CFLAGS="$lt_save_CFLAGS" fi # test "$_lt_disable_F77" != yes AC_LANG_POP ])# _LT_LANG_F77_CONFIG # _LT_LANG_FC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for a Fortran compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_FC_CONFIG], [AC_LANG_PUSH(Fortran) if test -z "$FC" || test "X$FC" = "Xno"; then _lt_disable_FC=yes fi _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for fc test sources. ac_ext=${ac_fc_srcext-f} # Object file extension for compiled fc test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the FC compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test "$_lt_disable_FC" != yes; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t return end " # Code to be used in simple link tests lt_simple_link_test_code="\ program t end " # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_GCC=$GCC lt_save_CFLAGS=$CFLAGS CC=${FC-"f95"} CFLAGS=$FCFLAGS compiler=$CC GCC=$ac_cv_fc_compiler_gnu _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) if test -n "$compiler"; then AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu" _LT_TAGVAR(LD, $1)="$LD" ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_SYS_HIDDEN_LIBDEPS($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS fi # test "$_lt_disable_FC" != yes AC_LANG_POP ])# _LT_LANG_FC_CONFIG # _LT_LANG_GCJ_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for the GNU Java Compiler compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_GCJ_CONFIG], [AC_REQUIRE([LT_PROG_GCJ])dnl AC_LANG_SAVE # Source file extension for Java test sources. ac_ext=java # Object file extension for compiled Java test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="class foo {}" # Code to be used in simple link tests lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC=yes CC=${GCJ-"gcj"} CFLAGS=$GCJFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_TAGVAR(LD, $1)="$LD" _LT_CC_BASENAME([$compiler]) # GCJ did not exist at the time GCC didn't implicitly link libc in. _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi AC_LANG_RESTORE GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_GCJ_CONFIG # _LT_LANG_GO_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for the GNU Go compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_GO_CONFIG], [AC_REQUIRE([LT_PROG_GO])dnl AC_LANG_SAVE # Source file extension for Go test sources. ac_ext=go # Object file extension for compiled Go test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="package main; func main() { }" # Code to be used in simple link tests lt_simple_link_test_code='package main; func main() { }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC=yes CC=${GOC-"gccgo"} CFLAGS=$GOFLAGS compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_TAGVAR(LD, $1)="$LD" _LT_CC_BASENAME([$compiler]) # Go did not exist at the time GCC didn't implicitly link libc in. _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(reload_flag, $1)=$reload_flag _LT_TAGVAR(reload_cmds, $1)=$reload_cmds ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi AC_LANG_RESTORE GCC=$lt_save_GCC CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_GO_CONFIG # _LT_LANG_RC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for the Windows resource compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_RC_CONFIG], [AC_REQUIRE([LT_PROG_RC])dnl AC_LANG_SAVE # Source file extension for RC test sources. ac_ext=rc # Object file extension for compiled RC test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' # Code to be used in simple link tests lt_simple_link_test_code="$lt_simple_compile_test_code" # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_CFLAGS=$CFLAGS lt_save_GCC=$GCC GCC= CC=${RC-"windres"} CFLAGS= compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes if test -n "$compiler"; then : _LT_CONFIG($1) fi GCC=$lt_save_GCC AC_LANG_RESTORE CC=$lt_save_CC CFLAGS=$lt_save_CFLAGS ])# _LT_LANG_RC_CONFIG # LT_PROG_GCJ # ----------- AC_DEFUN([LT_PROG_GCJ], [m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], [AC_CHECK_TOOL(GCJ, gcj,) test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" AC_SUBST(GCJFLAGS)])])[]dnl ]) # Old name: AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_GCJ], []) # LT_PROG_GO # ---------- AC_DEFUN([LT_PROG_GO], [AC_CHECK_TOOL(GOC, gccgo,) ]) # LT_PROG_RC # ---------- AC_DEFUN([LT_PROG_RC], [AC_CHECK_TOOL(RC, windres,) ]) # Old name: AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_RC], []) # _LT_DECL_EGREP # -------------- # If we don't have a new enough Autoconf to choose the best grep # available, choose the one first in the user's PATH. m4_defun([_LT_DECL_EGREP], [AC_REQUIRE([AC_PROG_EGREP])dnl AC_REQUIRE([AC_PROG_FGREP])dnl test -z "$GREP" && GREP=grep _LT_DECL([], [GREP], [1], [A grep program that handles long lines]) _LT_DECL([], [EGREP], [1], [An ERE matcher]) _LT_DECL([], [FGREP], [1], [A literal string matcher]) dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too AC_SUBST([GREP]) ]) # _LT_DECL_OBJDUMP # -------------- # If we don't have a new enough Autoconf to choose the best objdump # available, choose the one first in the user's PATH. m4_defun([_LT_DECL_OBJDUMP], [AC_CHECK_TOOL(OBJDUMP, objdump, false) test -z "$OBJDUMP" && OBJDUMP=objdump _LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) AC_SUBST([OBJDUMP]) ]) # _LT_DECL_DLLTOOL # ---------------- # Ensure DLLTOOL variable is set. m4_defun([_LT_DECL_DLLTOOL], [AC_CHECK_TOOL(DLLTOOL, dlltool, false) test -z "$DLLTOOL" && DLLTOOL=dlltool _LT_DECL([], [DLLTOOL], [1], [DLL creation program]) AC_SUBST([DLLTOOL]) ]) # _LT_DECL_SED # ------------ # Check for a fully-functional sed program, that truncates # as few characters as possible. Prefer GNU sed if found. m4_defun([_LT_DECL_SED], [AC_PROG_SED test -z "$SED" && SED=sed Xsed="$SED -e 1s/^X//" _LT_DECL([], [SED], [1], [A sed program that does not truncate output]) _LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], [Sed that helps us avoid accidentally triggering echo(1) options like -n]) ])# _LT_DECL_SED m4_ifndef([AC_PROG_SED], [ ############################################################ # NOTE: This macro has been submitted for inclusion into # # GNU Autoconf as AC_PROG_SED. When it is available in # # a released version of Autoconf we should remove this # # macro and use it instead. # ############################################################ m4_defun([AC_PROG_SED], [AC_MSG_CHECKING([for a sed that does not truncate output]) AC_CACHE_VAL(lt_cv_path_SED, [# Loop through the user's path and test for sed and gsed. # Then use that list of sed's as ones to test for truncation. as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for lt_ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" fi done done done IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris # along with /bin/sed that truncates output. for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do test ! -f $lt_ac_sed && continue cat /dev/null > conftest.in lt_ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >conftest.in # Check for GNU sed and select it if it is found. if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then lt_cv_path_SED=$lt_ac_sed break fi while true; do cat conftest.in conftest.in >conftest.tmp mv conftest.tmp conftest.in cp conftest.in conftest.nl echo >>conftest.nl $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break cmp -s conftest.out conftest.nl || break # 10000 chars as input seems more than enough test $lt_ac_count -gt 10 && break lt_ac_count=`expr $lt_ac_count + 1` if test $lt_ac_count -gt $lt_ac_max; then lt_ac_max=$lt_ac_count lt_cv_path_SED=$lt_ac_sed fi done done ]) SED=$lt_cv_path_SED AC_SUBST([SED]) AC_MSG_RESULT([$SED]) ])#AC_PROG_SED ])#m4_ifndef # Old name: AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_SED], []) # _LT_CHECK_SHELL_FEATURES # ------------------------ # Find out whether the shell is Bourne or XSI compatible, # or has some other useful features. m4_defun([_LT_CHECK_SHELL_FEATURES], [AC_MSG_CHECKING([whether the shell understands some XSI constructs]) # Try some XSI features xsi_shell=no ( _lt_dummy="a/b/c" test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ = c,a/b,b/c, \ && eval 'test $(( 1 + 1 )) -eq 2 \ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ && xsi_shell=yes AC_MSG_RESULT([$xsi_shell]) _LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell']) AC_MSG_CHECKING([whether the shell understands "+="]) lt_shell_append=no ( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \ >/dev/null 2>&1 \ && lt_shell_append=yes AC_MSG_RESULT([$lt_shell_append]) _LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append']) if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else lt_unset=false fi _LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl # test EBCDIC or ASCII case `echo X|tr X '\101'` in A) # ASCII based system # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr lt_SP2NL='tr \040 \012' lt_NL2SP='tr \015\012 \040\040' ;; *) # EBCDIC based system lt_SP2NL='tr \100 \n' lt_NL2SP='tr \r\n \100\100' ;; esac _LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl _LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl ])# _LT_CHECK_SHELL_FEATURES # _LT_PROG_FUNCTION_REPLACE (FUNCNAME, REPLACEMENT-BODY) # ------------------------------------------------------ # In `$cfgfile', look for function FUNCNAME delimited by `^FUNCNAME ()$' and # '^} FUNCNAME ', and replace its body with REPLACEMENT-BODY. m4_defun([_LT_PROG_FUNCTION_REPLACE], [dnl { sed -e '/^$1 ()$/,/^} # $1 /c\ $1 ()\ {\ m4_bpatsubsts([$2], [$], [\\], [^\([ ]\)], [\\\1]) } # Extended-shell $1 implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: ]) # _LT_PROG_REPLACE_SHELLFNS # ------------------------- # Replace existing portable implementations of several shell functions with # equivalent extended shell implementations where those features are available.. m4_defun([_LT_PROG_REPLACE_SHELLFNS], [if test x"$xsi_shell" = xyes; then _LT_PROG_FUNCTION_REPLACE([func_dirname], [dnl case ${1} in */*) func_dirname_result="${1%/*}${2}" ;; * ) func_dirname_result="${3}" ;; esac]) _LT_PROG_FUNCTION_REPLACE([func_basename], [dnl func_basename_result="${1##*/}"]) _LT_PROG_FUNCTION_REPLACE([func_dirname_and_basename], [dnl case ${1} in */*) func_dirname_result="${1%/*}${2}" ;; * ) func_dirname_result="${3}" ;; esac func_basename_result="${1##*/}"]) _LT_PROG_FUNCTION_REPLACE([func_stripname], [dnl # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are # positional parameters, so assign one to ordinary parameter first. func_stripname_result=${3} func_stripname_result=${func_stripname_result#"${1}"} func_stripname_result=${func_stripname_result%"${2}"}]) _LT_PROG_FUNCTION_REPLACE([func_split_long_opt], [dnl func_split_long_opt_name=${1%%=*} func_split_long_opt_arg=${1#*=}]) _LT_PROG_FUNCTION_REPLACE([func_split_short_opt], [dnl func_split_short_opt_arg=${1#??} func_split_short_opt_name=${1%"$func_split_short_opt_arg"}]) _LT_PROG_FUNCTION_REPLACE([func_lo2o], [dnl case ${1} in *.lo) func_lo2o_result=${1%.lo}.${objext} ;; *) func_lo2o_result=${1} ;; esac]) _LT_PROG_FUNCTION_REPLACE([func_xform], [ func_xform_result=${1%.*}.lo]) _LT_PROG_FUNCTION_REPLACE([func_arith], [ func_arith_result=$(( $[*] ))]) _LT_PROG_FUNCTION_REPLACE([func_len], [ func_len_result=${#1}]) fi if test x"$lt_shell_append" = xyes; then _LT_PROG_FUNCTION_REPLACE([func_append], [ eval "${1}+=\\${2}"]) _LT_PROG_FUNCTION_REPLACE([func_append_quoted], [dnl func_quote_for_eval "${2}" dnl m4 expansion turns \\\\ into \\, and then the shell eval turns that into \ eval "${1}+=\\\\ \\$func_quote_for_eval_result"]) # Save a `func_append' function call where possible by direct use of '+=' sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: else # Save a `func_append' function call even when '+=' is not available sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: fi if test x"$_lt_function_replace_fail" = x":"; then AC_MSG_WARN([Unable to substitute extended shell functions in $ofile]) fi ]) # _LT_PATH_CONVERSION_FUNCTIONS # ----------------------------- # Determine which file name conversion functions should be used by # func_to_host_file (and, implicitly, by func_to_host_path). These are needed # for certain cross-compile configurations and native mingw. m4_defun([_LT_PATH_CONVERSION_FUNCTIONS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl AC_MSG_CHECKING([how to convert $build file names to $host format]) AC_CACHE_VAL(lt_cv_to_host_file_cmd, [case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 ;; esac ;; *-*-cygwin* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_noop ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin ;; esac ;; * ) # unhandled hosts (and "normal" native builds) lt_cv_to_host_file_cmd=func_convert_file_noop ;; esac ]) to_host_file_cmd=$lt_cv_to_host_file_cmd AC_MSG_RESULT([$lt_cv_to_host_file_cmd]) _LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd], [0], [convert $build file names to $host format])dnl AC_MSG_CHECKING([how to convert $build file names to toolchain format]) AC_CACHE_VAL(lt_cv_to_tool_file_cmd, [#assume ordinary cross tools, or native build. lt_cv_to_tool_file_cmd=func_convert_file_noop case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 ;; esac ;; esac ]) to_tool_file_cmd=$lt_cv_to_tool_file_cmd AC_MSG_RESULT([$lt_cv_to_tool_file_cmd]) _LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd], [0], [convert $build files to toolchain format])dnl ])# _LT_PATH_CONVERSION_FUNCTIONS sssd-1.11.5/m4/PaxHeaders.13173/isc-posix.m40000644000000000000000000000013212320753475016256 xustar000000000000000030 mtime=1396954941.854889531 30 atime=1396954943.184888554 30 ctime=1396954961.401875137 sssd-1.11.5/m4/isc-posix.m40000644002412700241270000000213312320753475016502 0ustar00jhrozekjhrozek00000000000000# isc-posix.m4 serial 2 (gettext-0.11.2) dnl Copyright (C) 1995-2002 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. # This file is not needed with autoconf-2.53 and newer. Remove it in 2005. # This test replaces the one in autoconf. # Currently this macro should have the same name as the autoconf macro # because gettext's gettext.m4 (distributed in the automake package) # still uses it. Otherwise, the use in gettext.m4 makes autoheader # give these diagnostics: # configure.in:556: AC_TRY_COMPILE was called before AC_ISC_POSIX # configure.in:556: AC_TRY_RUN was called before AC_ISC_POSIX undefine([AC_ISC_POSIX]) AC_DEFUN([AC_ISC_POSIX], [ dnl This test replaces the obsolescent AC_ISC_POSIX kludge. AC_CHECK_LIB(cposix, strerror, [LIBS="$LIBS -lcposix"]) ] ) sssd-1.11.5/m4/PaxHeaders.13173/stdint_h.m40000644000000000000000000000013012320753475016152 xustar000000000000000029 mtime=1396954941.96488945 29 atime=1396954943.17688856 30 ctime=1396954961.401875137 sssd-1.11.5/m4/stdint_h.m40000644002412700241270000000205312320753475016401 0ustar00jhrozekjhrozek00000000000000# stdint_h.m4 serial 3 (gettext-0.12) dnl Copyright (C) 1997-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Paul Eggert. # Define HAVE_STDINT_H_WITH_UINTMAX if exists, # doesn't clash with , and declares uintmax_t. AC_DEFUN([jm_AC_HEADER_STDINT_H], [ AC_CACHE_CHECK([for stdint.h], jm_ac_cv_header_stdint_h, [AC_TRY_COMPILE( [#include #include ], [uintmax_t i = (uintmax_t) -1;], jm_ac_cv_header_stdint_h=yes, jm_ac_cv_header_stdint_h=no)]) if test $jm_ac_cv_header_stdint_h = yes; then AC_DEFINE_UNQUOTED(HAVE_STDINT_H_WITH_UINTMAX, 1, [Define if exists, doesn't clash with , and declares uintmax_t. ]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/ulonglong.m40000644000000000000000000000013112320753475016343 xustar000000000000000030 mtime=1396954941.983889436 29 atime=1396954943.17688856 30 ctime=1396954961.401875137 sssd-1.11.5/m4/ulonglong.m40000644002412700241270000000204212320753475016567 0ustar00jhrozekjhrozek00000000000000# ulonglong.m4 serial 3 dnl Copyright (C) 1999-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Paul Eggert. # Define HAVE_UNSIGNED_LONG_LONG if 'unsigned long long' works. AC_DEFUN([jm_AC_TYPE_UNSIGNED_LONG_LONG], [ AC_CACHE_CHECK([for unsigned long long], ac_cv_type_unsigned_long_long, [AC_TRY_LINK([unsigned long long ull = 1ULL; int i = 63;], [unsigned long long ullmax = (unsigned long long) -1; return ull << i | ull >> i | ullmax / ull | ullmax % ull;], ac_cv_type_unsigned_long_long=yes, ac_cv_type_unsigned_long_long=no)]) if test $ac_cv_type_unsigned_long_long = yes; then AC_DEFINE(HAVE_UNSIGNED_LONG_LONG, 1, [Define if you have the 'unsigned long long' type.]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/lib-ld.m40000644000000000000000000000013112320753475015502 xustar000000000000000029 mtime=1396954941.86988952 30 atime=1396954943.183888555 30 ctime=1396954961.401875137 sssd-1.11.5/m4/lib-ld.m40000644002412700241270000000675612320753475015746 0ustar00jhrozekjhrozek00000000000000# lib-ld.m4 serial 3 (gettext-0.13) dnl Copyright (C) 1996-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl Subroutines of libtool.m4, dnl with replacements s/AC_/AC_LIB/ and s/lt_cv/acl_cv/ to avoid collision dnl with libtool.m4. dnl From libtool-1.4. Sets the variable with_gnu_ld to yes or no. AC_DEFUN([AC_LIB_PROG_LD_GNU], [AC_CACHE_CHECK([if the linker ($LD) is GNU ld], acl_cv_prog_gnu_ld, [# I'd rather use --version here, but apparently some GNU ld's only accept -v. case `$LD -v 2>&1 conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. AC_MSG_CHECKING([for ld used by GCC]) case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [[\\/]* | [A-Za-z]:[\\/]*)] [re_direlt='/[^/][^/]*/\.\./'] # Canonicalize the path of ld ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then AC_MSG_CHECKING([for GNU ld]) else AC_MSG_CHECKING([for non-GNU ld]) fi AC_CACHE_VAL(acl_cv_path_LD, [if test -z "$LD"; then IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then acl_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some GNU ld's only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in *GNU* | *'with BFD'*) test "$with_gnu_ld" != no && break ;; *) test "$with_gnu_ld" != yes && break ;; esac fi done IFS="$ac_save_ifs" else acl_cv_path_LD="$LD" # Let the user override the test with a path. fi]) LD="$acl_cv_path_LD" if test -n "$LD"; then AC_MSG_RESULT($LD) else AC_MSG_RESULT(no) fi test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH]) AC_LIB_PROG_LD_GNU ]) sssd-1.11.5/m4/PaxHeaders.13173/glibc21.m40000644000000000000000000000013212320753475015563 xustar000000000000000030 mtime=1396954941.792889577 30 atime=1396954943.185888554 30 ctime=1396954961.402875137 sssd-1.11.5/m4/glibc21.m40000644002412700241270000000172712320753475016017 0ustar00jhrozekjhrozek00000000000000# glibc21.m4 serial 2 (fileutils-4.1.3, gettext-0.10.40) dnl Copyright (C) 2000-2002 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. # Test for the GNU C Library, version 2.1 or newer. # From Bruno Haible. AC_DEFUN([jm_GLIBC21], [ AC_CACHE_CHECK(whether we are using the GNU C Library 2.1 or newer, ac_cv_gnu_library_2_1, [AC_EGREP_CPP([Lucky GNU user], [ #include #ifdef __GNU_LIBRARY__ #if (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 1) || (__GLIBC__ > 2) Lucky GNU user #endif #endif ], ac_cv_gnu_library_2_1=yes, ac_cv_gnu_library_2_1=no) ] ) AC_SUBST(GLIBC21) GLIBC21="$ac_cv_gnu_library_2_1" ] ) sssd-1.11.5/m4/PaxHeaders.13173/ltoptions.m40000644000000000000000000000013212320753502016362 xustar000000000000000030 mtime=1396954946.130886389 30 atime=1396954946.404886188 30 ctime=1396954961.402875137 sssd-1.11.5/m4/ltoptions.m40000644002412700241270000003007312320753502016612 0ustar00jhrozekjhrozek00000000000000# Helper functions for option handling. -*- Autoconf -*- # # Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation, # Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 7 ltoptions.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) # _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) # ------------------------------------------ m4_define([_LT_MANGLE_OPTION], [[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) # _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) # --------------------------------------- # Set option OPTION-NAME for macro MACRO-NAME, and if there is a # matching handler defined, dispatch to it. Other OPTION-NAMEs are # saved as a flag. m4_define([_LT_SET_OPTION], [m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), _LT_MANGLE_DEFUN([$1], [$2]), [m4_warning([Unknown $1 option `$2'])])[]dnl ]) # _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) # ------------------------------------------------------------ # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. m4_define([_LT_IF_OPTION], [m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) # _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) # ------------------------------------------------------- # Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME # are set. m4_define([_LT_UNLESS_OPTIONS], [m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), [m4_define([$0_found])])])[]dnl m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 ])[]dnl ]) # _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) # ---------------------------------------- # OPTION-LIST is a space-separated list of Libtool options associated # with MACRO-NAME. If any OPTION has a matching handler declared with # LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about # the unknown option and exit. m4_defun([_LT_SET_OPTIONS], [# Set options m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), [_LT_SET_OPTION([$1], _LT_Option)]) m4_if([$1],[LT_INIT],[ dnl dnl Simply set some default values (i.e off) if boolean options were not dnl specified: _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no ]) _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no ]) dnl dnl If no reference was made to various pairs of opposing options, then dnl we run the default mode handler for the pair. For example, if neither dnl `shared' nor `disable-shared' was passed, we enable building of shared dnl archives by default: _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], [_LT_ENABLE_FAST_INSTALL]) ]) ])# _LT_SET_OPTIONS ## --------------------------------- ## ## Macros to handle LT_INIT options. ## ## --------------------------------- ## # _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) # ----------------------------------------- m4_define([_LT_MANGLE_DEFUN], [[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) # LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) # ----------------------------------------------- m4_define([LT_OPTION_DEFINE], [m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl ])# LT_OPTION_DEFINE # dlopen # ------ LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes ]) AU_DEFUN([AC_LIBTOOL_DLOPEN], [_LT_SET_OPTION([LT_INIT], [dlopen]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `dlopen' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) # win32-dll # --------- # Declare package support for building win32 dll's. LT_OPTION_DEFINE([LT_INIT], [win32-dll], [enable_win32_dll=yes case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) AC_CHECK_TOOL(AS, as, false) AC_CHECK_TOOL(DLLTOOL, dlltool, false) AC_CHECK_TOOL(OBJDUMP, objdump, false) ;; esac test -z "$AS" && AS=as _LT_DECL([], [AS], [1], [Assembler program])dnl test -z "$DLLTOOL" && DLLTOOL=dlltool _LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl test -z "$OBJDUMP" && OBJDUMP=objdump _LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl ])# win32-dll AU_DEFUN([AC_LIBTOOL_WIN32_DLL], [AC_REQUIRE([AC_CANONICAL_HOST])dnl _LT_SET_OPTION([LT_INIT], [win32-dll]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `win32-dll' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) # _LT_ENABLE_SHARED([DEFAULT]) # ---------------------------- # implement the --enable-shared flag, and supports the `shared' and # `disable-shared' LT_INIT options. # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. m4_define([_LT_ENABLE_SHARED], [m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([shared], [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) _LT_DECL([build_libtool_libs], [enable_shared], [0], [Whether or not to build shared libraries]) ])# _LT_ENABLE_SHARED LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) # Old names: AC_DEFUN([AC_ENABLE_SHARED], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) ]) AC_DEFUN([AC_DISABLE_SHARED], [_LT_SET_OPTION([LT_INIT], [disable-shared]) ]) AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_ENABLE_SHARED], []) dnl AC_DEFUN([AM_DISABLE_SHARED], []) # _LT_ENABLE_STATIC([DEFAULT]) # ---------------------------- # implement the --enable-static flag, and support the `static' and # `disable-static' LT_INIT options. # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. m4_define([_LT_ENABLE_STATIC], [m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([static], [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_static=]_LT_ENABLE_STATIC_DEFAULT) _LT_DECL([build_old_libs], [enable_static], [0], [Whether or not to build static libraries]) ])# _LT_ENABLE_STATIC LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) # Old names: AC_DEFUN([AC_ENABLE_STATIC], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) ]) AC_DEFUN([AC_DISABLE_STATIC], [_LT_SET_OPTION([LT_INIT], [disable-static]) ]) AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_ENABLE_STATIC], []) dnl AC_DEFUN([AM_DISABLE_STATIC], []) # _LT_ENABLE_FAST_INSTALL([DEFAULT]) # ---------------------------------- # implement the --enable-fast-install flag, and support the `fast-install' # and `disable-fast-install' LT_INIT options. # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. m4_define([_LT_ENABLE_FAST_INSTALL], [m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([fast-install], [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) _LT_DECL([fast_install], [enable_fast_install], [0], [Whether or not to optimize for fast installation])dnl ])# _LT_ENABLE_FAST_INSTALL LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) # Old names: AU_DEFUN([AC_ENABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `fast-install' option into LT_INIT's first parameter.]) ]) AU_DEFUN([AC_DISABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], [disable-fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `disable-fast-install' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) # _LT_WITH_PIC([MODE]) # -------------------- # implement the --with-pic flag, and support the `pic-only' and `no-pic' # LT_INIT options. # MODE is either `yes' or `no'. If omitted, it defaults to `both'. m4_define([_LT_WITH_PIC], [AC_ARG_WITH([pic], [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], [lt_p=${PACKAGE-default} case $withval in yes|no) pic_mode=$withval ;; *) pic_mode=default # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for lt_pkg in $withval; do IFS="$lt_save_ifs" if test "X$lt_pkg" = "X$lt_p"; then pic_mode=yes fi done IFS="$lt_save_ifs" ;; esac], [pic_mode=default]) test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) _LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl ])# _LT_WITH_PIC LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) # Old name: AU_DEFUN([AC_LIBTOOL_PICMODE], [_LT_SET_OPTION([LT_INIT], [pic-only]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `pic-only' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) ## ----------------- ## ## LTDL_INIT Options ## ## ----------------- ## m4_define([_LTDL_MODE], []) LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], [m4_define([_LTDL_MODE], [nonrecursive])]) LT_OPTION_DEFINE([LTDL_INIT], [recursive], [m4_define([_LTDL_MODE], [recursive])]) LT_OPTION_DEFINE([LTDL_INIT], [subproject], [m4_define([_LTDL_MODE], [subproject])]) m4_define([_LTDL_TYPE], []) LT_OPTION_DEFINE([LTDL_INIT], [installable], [m4_define([_LTDL_TYPE], [installable])]) LT_OPTION_DEFINE([LTDL_INIT], [convenience], [m4_define([_LTDL_TYPE], [convenience])]) sssd-1.11.5/m4/PaxHeaders.13173/lt~obsolete.m40000644000000000000000000000013212320753502016701 xustar000000000000000030 mtime=1396954946.293886269 30 atime=1396954946.402886189 30 ctime=1396954961.402875137 sssd-1.11.5/m4/lt~obsolete.m40000644002412700241270000001375612320753502017142 0ustar00jhrozekjhrozek00000000000000# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- # # Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004. # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 5 lt~obsolete.m4 # These exist entirely to fool aclocal when bootstrapping libtool. # # In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN) # which have later been changed to m4_define as they aren't part of the # exported API, or moved to Autoconf or Automake where they belong. # # The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN # in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us # using a macro with the same name in our local m4/libtool.m4 it'll # pull the old libtool.m4 in (it doesn't see our shiny new m4_define # and doesn't know about Autoconf macros at all.) # # So we provide this file, which has a silly filename so it's always # included after everything else. This provides aclocal with the # AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything # because those macros already exist, or will be overwritten later. # We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. # # Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. # Yes, that means every name once taken will need to remain here until # we give up compatibility with versions before 1.7, at which point # we need to keep only those names which we still refer to. # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])]) m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])]) m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])]) m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])]) m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) sssd-1.11.5/m4/PaxHeaders.13173/lib-link.m40000644000000000000000000000013212320753475016041 xustar000000000000000030 mtime=1396954941.879889513 30 atime=1396954943.181888556 30 ctime=1396954961.402875137 sssd-1.11.5/m4/lib-link.m40000644002412700241270000005534312320753475016300 0ustar00jhrozekjhrozek00000000000000# lib-link.m4 serial 4 (gettext-0.12) dnl Copyright (C) 2001-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. dnl AC_LIB_LINKFLAGS(name [, dependencies]) searches for libname and dnl the libraries corresponding to explicit and implicit dependencies. dnl Sets and AC_SUBSTs the LIB${NAME} and LTLIB${NAME} variables and dnl augments the CPPFLAGS variable. AC_DEFUN([AC_LIB_LINKFLAGS], [ AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) AC_REQUIRE([AC_LIB_RPATH]) define([Name],[translit([$1],[./-], [___])]) define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-], [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])]) AC_CACHE_CHECK([how to link with lib[]$1], [ac_cv_lib[]Name[]_libs], [ AC_LIB_LINKFLAGS_BODY([$1], [$2]) ac_cv_lib[]Name[]_libs="$LIB[]NAME" ac_cv_lib[]Name[]_ltlibs="$LTLIB[]NAME" ac_cv_lib[]Name[]_cppflags="$INC[]NAME" ]) LIB[]NAME="$ac_cv_lib[]Name[]_libs" LTLIB[]NAME="$ac_cv_lib[]Name[]_ltlibs" INC[]NAME="$ac_cv_lib[]Name[]_cppflags" AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME) AC_SUBST([LIB]NAME) AC_SUBST([LTLIB]NAME) dnl Also set HAVE_LIB[]NAME so that AC_LIB_HAVE_LINKFLAGS can reuse the dnl results of this search when this library appears as a dependency. HAVE_LIB[]NAME=yes undefine([Name]) undefine([NAME]) ]) dnl AC_LIB_HAVE_LINKFLAGS(name, dependencies, includes, testcode) dnl searches for libname and the libraries corresponding to explicit and dnl implicit dependencies, together with the specified include files and dnl the ability to compile and link the specified testcode. If found, it dnl sets and AC_SUBSTs HAVE_LIB${NAME}=yes and the LIB${NAME} and dnl LTLIB${NAME} variables and augments the CPPFLAGS variable, and dnl #defines HAVE_LIB${NAME} to 1. Otherwise, it sets and AC_SUBSTs dnl HAVE_LIB${NAME}=no and LIB${NAME} and LTLIB${NAME} to empty. AC_DEFUN([AC_LIB_HAVE_LINKFLAGS], [ AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) AC_REQUIRE([AC_LIB_RPATH]) define([Name],[translit([$1],[./-], [___])]) define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-], [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])]) dnl Search for lib[]Name and define LIB[]NAME, LTLIB[]NAME and INC[]NAME dnl accordingly. AC_LIB_LINKFLAGS_BODY([$1], [$2]) dnl Add $INC[]NAME to CPPFLAGS before performing the following checks, dnl because if the user has installed lib[]Name and not disabled its use dnl via --without-lib[]Name-prefix, he wants to use it. ac_save_CPPFLAGS="$CPPFLAGS" AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME) AC_CACHE_CHECK([for lib[]$1], [ac_cv_lib[]Name], [ ac_save_LIBS="$LIBS" LIBS="$LIBS $LIB[]NAME" AC_TRY_LINK([$3], [$4], [ac_cv_lib[]Name=yes], [ac_cv_lib[]Name=no]) LIBS="$ac_save_LIBS" ]) if test "$ac_cv_lib[]Name" = yes; then HAVE_LIB[]NAME=yes AC_DEFINE([HAVE_LIB]NAME, 1, [Define if you have the $1 library.]) AC_MSG_CHECKING([how to link with lib[]$1]) AC_MSG_RESULT([$LIB[]NAME]) else HAVE_LIB[]NAME=no dnl If $LIB[]NAME didn't lead to a usable library, we don't need dnl $INC[]NAME either. CPPFLAGS="$ac_save_CPPFLAGS" LIB[]NAME= LTLIB[]NAME= fi AC_SUBST([HAVE_LIB]NAME) AC_SUBST([LIB]NAME) AC_SUBST([LTLIB]NAME) undefine([Name]) undefine([NAME]) ]) dnl Determine the platform dependent parameters needed to use rpath: dnl libext, shlibext, hardcode_libdir_flag_spec, hardcode_libdir_separator, dnl hardcode_direct, hardcode_minus_L. AC_DEFUN([AC_LIB_RPATH], [ AC_REQUIRE([AC_PROG_CC]) dnl we use $CC, $GCC, $LDFLAGS AC_REQUIRE([AC_LIB_PROG_LD]) dnl we use $LD, $with_gnu_ld AC_REQUIRE([AC_CANONICAL_HOST]) dnl we use $host AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT]) dnl we use $ac_aux_dir AC_CACHE_CHECK([for shared library run path origin], acl_cv_rpath, [ CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \ ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh . ./conftest.sh rm -f ./conftest.sh acl_cv_rpath=done ]) wl="$acl_cv_wl" libext="$acl_cv_libext" shlibext="$acl_cv_shlibext" hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" hardcode_direct="$acl_cv_hardcode_direct" hardcode_minus_L="$acl_cv_hardcode_minus_L" dnl Determine whether the user wants rpath handling at all. AC_ARG_ENABLE(rpath, [ --disable-rpath do not hardcode runtime library paths], :, enable_rpath=yes) ]) dnl AC_LIB_LINKFLAGS_BODY(name [, dependencies]) searches for libname and dnl the libraries corresponding to explicit and implicit dependencies. dnl Sets the LIB${NAME}, LTLIB${NAME} and INC${NAME} variables. AC_DEFUN([AC_LIB_LINKFLAGS_BODY], [ define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-], [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])]) dnl By default, look in $includedir and $libdir. use_additional=yes AC_LIB_WITH_FINAL_PREFIX([ eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" ]) AC_LIB_ARG_WITH([lib$1-prefix], [ --with-lib$1-prefix[=DIR] search for lib$1 in DIR/include and DIR/lib --without-lib$1-prefix don't search for lib$1 in includedir and libdir], [ if test "X$withval" = "Xno"; then use_additional=no else if test "X$withval" = "X"; then AC_LIB_WITH_FINAL_PREFIX([ eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" ]) else additional_includedir="$withval/include" additional_libdir="$withval/lib" fi fi ]) dnl Search the library and its dependencies in $additional_libdir and dnl $LDFLAGS. Using breadth-first-seach. LIB[]NAME= LTLIB[]NAME= INC[]NAME= rpathdirs= ltrpathdirs= names_already_handled= names_next_round='$1 $2' while test -n "$names_next_round"; do names_this_round="$names_next_round" names_next_round= for name in $names_this_round; do already_handled= for n in $names_already_handled; do if test "$n" = "$name"; then already_handled=yes break fi done if test -z "$already_handled"; then names_already_handled="$names_already_handled $name" dnl See if it was already located by an earlier AC_LIB_LINKFLAGS dnl or AC_LIB_HAVE_LINKFLAGS call. uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` eval value=\"\$HAVE_LIB$uppername\" if test -n "$value"; then if test "$value" = yes; then eval value=\"\$LIB$uppername\" test -z "$value" || LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$value" eval value=\"\$LTLIB$uppername\" test -z "$value" || LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$value" else dnl An earlier call to AC_LIB_HAVE_LINKFLAGS has determined dnl that this library doesn't exist. So just drop it. : fi else dnl Search the library lib$name in $additional_libdir and $LDFLAGS dnl and the already constructed $LIBNAME/$LTLIBNAME. found_dir= found_la= found_so= found_a= if test $use_additional = yes; then if test -n "$shlibext" && test -f "$additional_libdir/lib$name.$shlibext"; then found_dir="$additional_libdir" found_so="$additional_libdir/lib$name.$shlibext" if test -f "$additional_libdir/lib$name.la"; then found_la="$additional_libdir/lib$name.la" fi else if test -f "$additional_libdir/lib$name.$libext"; then found_dir="$additional_libdir" found_a="$additional_libdir/lib$name.$libext" if test -f "$additional_libdir/lib$name.la"; then found_la="$additional_libdir/lib$name.la" fi fi fi fi if test "X$found_dir" = "X"; then for x in $LDFLAGS $LTLIB[]NAME; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) case "$x" in -L*) dir=`echo "X$x" | sed -e 's/^X-L//'` if test -n "$shlibext" && test -f "$dir/lib$name.$shlibext"; then found_dir="$dir" found_so="$dir/lib$name.$shlibext" if test -f "$dir/lib$name.la"; then found_la="$dir/lib$name.la" fi else if test -f "$dir/lib$name.$libext"; then found_dir="$dir" found_a="$dir/lib$name.$libext" if test -f "$dir/lib$name.la"; then found_la="$dir/lib$name.la" fi fi fi ;; esac if test "X$found_dir" != "X"; then break fi done fi if test "X$found_dir" != "X"; then dnl Found the library. LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$found_dir -l$name" if test "X$found_so" != "X"; then dnl Linking with a shared library. We attempt to hardcode its dnl directory into the executable's runpath, unless it's the dnl standard /usr/lib. if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/lib"; then dnl No hardcoding is needed. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" else dnl Use an explicit option to hardcode DIR into the resulting dnl binary. dnl Potentially add DIR to ltrpathdirs. dnl The ltrpathdirs will be appended to $LTLIBNAME at the end. haveit= for x in $ltrpathdirs; do if test "X$x" = "X$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $found_dir" fi dnl The hardcoding into $LIBNAME is system dependent. if test "$hardcode_direct" = yes; then dnl Using DIR/libNAME.so during linking hardcodes DIR into the dnl resulting binary. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" else if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then dnl Use an explicit option to hardcode DIR into the resulting dnl binary. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" dnl Potentially add DIR to rpathdirs. dnl The rpathdirs will be appended to $LIBNAME at the end. haveit= for x in $rpathdirs; do if test "X$x" = "X$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then rpathdirs="$rpathdirs $found_dir" fi else dnl Rely on "-L$found_dir". dnl But don't add it if it's already contained in the LDFLAGS dnl or the already constructed $LIBNAME haveit= for x in $LDFLAGS $LIB[]NAME; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X-L$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir" fi if test "$hardcode_minus_L" != no; then dnl FIXME: Not sure whether we should use dnl "-L$found_dir -l$name" or "-L$found_dir $found_so" dnl here. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" else dnl We cannot use $hardcode_runpath_var and LD_RUN_PATH dnl here, because this doesn't fit in flags passed to the dnl compiler. So give up. No hardcoding. This affects only dnl very old systems. dnl FIXME: Not sure whether we should use dnl "-L$found_dir -l$name" or "-L$found_dir $found_so" dnl here. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name" fi fi fi fi else if test "X$found_a" != "X"; then dnl Linking with a static library. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_a" else dnl We shouldn't come here, but anyway it's good to have a dnl fallback. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir -l$name" fi fi dnl Assume the include files are nearby. additional_includedir= case "$found_dir" in */lib | */lib/) basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e 's,/lib/*$,,'` additional_includedir="$basedir/include" ;; esac if test "X$additional_includedir" != "X"; then dnl Potentially add $additional_includedir to $INCNAME. dnl But don't add it dnl 1. if it's the standard /usr/include, dnl 2. if it's /usr/local/include and we are using GCC on Linux, dnl 3. if it's already present in $CPPFLAGS or the already dnl constructed $INCNAME, dnl 4. if it doesn't exist as a directory. if test "X$additional_includedir" != "X/usr/include"; then haveit= if test "X$additional_includedir" = "X/usr/local/include"; then if test -n "$GCC"; then case $host_os in linux*) haveit=yes;; esac fi fi if test -z "$haveit"; then for x in $CPPFLAGS $INC[]NAME; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X-I$additional_includedir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_includedir"; then dnl Really add $additional_includedir to $INCNAME. INC[]NAME="${INC[]NAME}${INC[]NAME:+ }-I$additional_includedir" fi fi fi fi fi dnl Look for dependencies. if test -n "$found_la"; then dnl Read the .la file. It defines the variables dnl dlname, library_names, old_library, dependency_libs, current, dnl age, revision, installed, dlopen, dlpreopen, libdir. save_libdir="$libdir" case "$found_la" in */* | *\\*) . "$found_la" ;; *) . "./$found_la" ;; esac libdir="$save_libdir" dnl We use only dependency_libs. for dep in $dependency_libs; do case "$dep" in -L*) additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` dnl Potentially add $additional_libdir to $LIBNAME and $LTLIBNAME. dnl But don't add it dnl 1. if it's the standard /usr/lib, dnl 2. if it's /usr/local/lib and we are using GCC on Linux, dnl 3. if it's already present in $LDFLAGS or the already dnl constructed $LIBNAME, dnl 4. if it doesn't exist as a directory. if test "X$additional_libdir" != "X/usr/lib"; then haveit= if test "X$additional_libdir" = "X/usr/local/lib"; then if test -n "$GCC"; then case $host_os in linux*) haveit=yes;; esac fi fi if test -z "$haveit"; then haveit= for x in $LDFLAGS $LIB[]NAME; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then dnl Really add $additional_libdir to $LIBNAME. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$additional_libdir" fi fi haveit= for x in $LDFLAGS $LTLIB[]NAME; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then dnl Really add $additional_libdir to $LTLIBNAME. LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$additional_libdir" fi fi fi fi ;; -R*) dir=`echo "X$dep" | sed -e 's/^X-R//'` if test "$enable_rpath" != no; then dnl Potentially add DIR to rpathdirs. dnl The rpathdirs will be appended to $LIBNAME at the end. haveit= for x in $rpathdirs; do if test "X$x" = "X$dir"; then haveit=yes break fi done if test -z "$haveit"; then rpathdirs="$rpathdirs $dir" fi dnl Potentially add DIR to ltrpathdirs. dnl The ltrpathdirs will be appended to $LTLIBNAME at the end. haveit= for x in $ltrpathdirs; do if test "X$x" = "X$dir"; then haveit=yes break fi done if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $dir" fi fi ;; -l*) dnl Handle this in the next round. names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` ;; *.la) dnl Handle this in the next round. Throw away the .la's dnl directory; it is already contained in a preceding -L dnl option. names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` ;; *) dnl Most likely an immediate library name. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$dep" LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$dep" ;; esac done fi else dnl Didn't find the library; assume it is in the system directories dnl known to the linker and runtime loader. (All the system dnl directories known to the linker should also be known to the dnl runtime loader, otherwise the system is severely misconfigured.) LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name" LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-l$name" fi fi fi done done if test "X$rpathdirs" != "X"; then if test -n "$hardcode_libdir_separator"; then dnl Weird platform: only the last -rpath option counts, the user must dnl pass all path elements in one option. We can arrange that for a dnl single library, but not when more than one $LIBNAMEs are used. alldirs= for found_dir in $rpathdirs; do alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$found_dir" done dnl Note: hardcode_libdir_flag_spec uses $libdir and $wl. acl_save_libdir="$libdir" libdir="$alldirs" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag" else dnl The -rpath options are cumulative. for found_dir in $rpathdirs; do acl_save_libdir="$libdir" libdir="$found_dir" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag" done fi fi if test "X$ltrpathdirs" != "X"; then dnl When using libtool, the option that works for both libraries and dnl executables is -R. The -R options are cumulative. for found_dir in $ltrpathdirs; do LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-R$found_dir" done fi ]) dnl AC_LIB_APPENDTOVAR(VAR, CONTENTS) appends the elements of CONTENTS to VAR, dnl unless already present in VAR. dnl Works only for CPPFLAGS, not for LIB* variables because that sometimes dnl contains two or three consecutive elements that belong together. AC_DEFUN([AC_LIB_APPENDTOVAR], [ for element in [$2]; do haveit= for x in $[$1]; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X$element"; then haveit=yes break fi done if test -z "$haveit"; then [$1]="${[$1]}${[$1]:+ }$element" fi done ]) sssd-1.11.5/m4/PaxHeaders.13173/lib-prefix.m40000644000000000000000000000013212320753475016401 xustar000000000000000030 mtime=1396954941.887889507 30 atime=1396954943.180888557 30 ctime=1396954961.402875137 sssd-1.11.5/m4/lib-prefix.m40000644002412700241270000001250712320753475016633 0ustar00jhrozekjhrozek00000000000000# lib-prefix.m4 serial 3 (gettext-0.13) dnl Copyright (C) 2001-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. dnl AC_LIB_ARG_WITH is synonymous to AC_ARG_WITH in autoconf-2.13, and dnl similar to AC_ARG_WITH in autoconf 2.52...2.57 except that is doesn't dnl require excessive bracketing. ifdef([AC_HELP_STRING], [AC_DEFUN([AC_LIB_ARG_WITH], [AC_ARG_WITH([$1],[[$2]],[$3],[$4])])], [AC_DEFUN([AC_][LIB_ARG_WITH], [AC_ARG_WITH([$1],[$2],[$3],[$4])])]) dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed dnl to access previously installed libraries. The basic assumption is that dnl a user will want packages to use other packages he previously installed dnl with the same --prefix option. dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate dnl libraries, but is otherwise very convenient. AC_DEFUN([AC_LIB_PREFIX], [ AC_BEFORE([$0], [AC_LIB_LINKFLAGS]) AC_REQUIRE([AC_PROG_CC]) AC_REQUIRE([AC_CANONICAL_HOST]) AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) dnl By default, look in $includedir and $libdir. use_additional=yes AC_LIB_WITH_FINAL_PREFIX([ eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" ]) AC_LIB_ARG_WITH([lib-prefix], [ --with-lib-prefix[=DIR] search for libraries in DIR/include and DIR/lib --without-lib-prefix don't search for libraries in includedir and libdir], [ if test "X$withval" = "Xno"; then use_additional=no else if test "X$withval" = "X"; then AC_LIB_WITH_FINAL_PREFIX([ eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" ]) else additional_includedir="$withval/include" additional_libdir="$withval/lib" fi fi ]) if test $use_additional = yes; then dnl Potentially add $additional_includedir to $CPPFLAGS. dnl But don't add it dnl 1. if it's the standard /usr/include, dnl 2. if it's already present in $CPPFLAGS, dnl 3. if it's /usr/local/include and we are using GCC on Linux, dnl 4. if it doesn't exist as a directory. if test "X$additional_includedir" != "X/usr/include"; then haveit= for x in $CPPFLAGS; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X-I$additional_includedir"; then haveit=yes break fi done if test -z "$haveit"; then if test "X$additional_includedir" = "X/usr/local/include"; then if test -n "$GCC"; then case $host_os in linux*) haveit=yes;; esac fi fi if test -z "$haveit"; then if test -d "$additional_includedir"; then dnl Really add $additional_includedir to $CPPFLAGS. CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir" fi fi fi fi dnl Potentially add $additional_libdir to $LDFLAGS. dnl But don't add it dnl 1. if it's the standard /usr/lib, dnl 2. if it's already present in $LDFLAGS, dnl 3. if it's /usr/local/lib and we are using GCC on Linux, dnl 4. if it doesn't exist as a directory. if test "X$additional_libdir" != "X/usr/lib"; then haveit= for x in $LDFLAGS; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test "X$additional_libdir" = "X/usr/local/lib"; then if test -n "$GCC"; then case $host_os in linux*) haveit=yes;; esac fi fi if test -z "$haveit"; then if test -d "$additional_libdir"; then dnl Really add $additional_libdir to $LDFLAGS. LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir" fi fi fi fi fi ]) dnl AC_LIB_PREPARE_PREFIX creates variables acl_final_prefix, dnl acl_final_exec_prefix, containing the values to which $prefix and dnl $exec_prefix will expand at the end of the configure script. AC_DEFUN([AC_LIB_PREPARE_PREFIX], [ dnl Unfortunately, prefix and exec_prefix get only finally determined dnl at the end of configure. if test "X$prefix" = "XNONE"; then acl_final_prefix="$ac_default_prefix" else acl_final_prefix="$prefix" fi if test "X$exec_prefix" = "XNONE"; then acl_final_exec_prefix='${prefix}' else acl_final_exec_prefix="$exec_prefix" fi acl_save_prefix="$prefix" prefix="$acl_final_prefix" eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" prefix="$acl_save_prefix" ]) dnl AC_LIB_WITH_FINAL_PREFIX([statement]) evaluates statement, with the dnl variables prefix and exec_prefix bound to the values they will have dnl at the end of the configure script. AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX], [ acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" $1 exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" ]) sssd-1.11.5/m4/PaxHeaders.13173/codeset.m40000644000000000000000000000013112320753475015765 xustar000000000000000029 mtime=1396954941.77488959 30 atime=1396954943.188888551 30 ctime=1396954961.402875137 sssd-1.11.5/m4/codeset.m40000644002412700241270000000157612320753475016224 0ustar00jhrozekjhrozek00000000000000# codeset.m4 serial AM1 (gettext-0.10.40) dnl Copyright (C) 2000-2002 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. AC_DEFUN([AM_LANGINFO_CODESET], [ AC_CACHE_CHECK([for nl_langinfo and CODESET], am_cv_langinfo_codeset, [AC_TRY_LINK([#include ], [char* cs = nl_langinfo(CODESET);], am_cv_langinfo_codeset=yes, am_cv_langinfo_codeset=no) ]) if test $am_cv_langinfo_codeset = yes; then AC_DEFINE(HAVE_LANGINFO_CODESET, 1, [Define if you have and nl_langinfo(CODESET).]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/intmax.m40000644000000000000000000000013212320753475015640 xustar000000000000000030 mtime=1396954941.821889555 30 atime=1396954943.184888554 30 ctime=1396954961.402875137 sssd-1.11.5/m4/intmax.m40000644002412700241270000000217212320753475016067 0ustar00jhrozekjhrozek00000000000000# intmax.m4 serial 1 (gettext-0.12) dnl Copyright (C) 2002-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. dnl Test whether the system has the 'intmax_t' type, but don't attempt to dnl find a replacement if it is lacking. AC_DEFUN([gt_TYPE_INTMAX_T], [ AC_REQUIRE([jm_AC_HEADER_INTTYPES_H]) AC_REQUIRE([jm_AC_HEADER_STDINT_H]) AC_CACHE_CHECK(for intmax_t, gt_cv_c_intmax_t, [AC_TRY_COMPILE([ #include #include #if HAVE_STDINT_H_WITH_UINTMAX #include #endif #if HAVE_INTTYPES_H_WITH_UINTMAX #include #endif ], [intmax_t x = -1;], gt_cv_c_intmax_t=yes, gt_cv_c_intmax_t=no)]) if test $gt_cv_c_intmax_t = yes; then AC_DEFINE(HAVE_INTMAX_T, 1, [Define if you have the 'intmax_t' type in or .]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/xsize.m40000644000000000000000000000013112320753476015502 xustar000000000000000030 mtime=1396954942.009889417 29 atime=1396954943.17688856 30 ctime=1396954961.402875137 sssd-1.11.5/m4/xsize.m40000644002412700241270000000103112320753476015723 0ustar00jhrozekjhrozek00000000000000# xsize.m4 serial 2 dnl Copyright (C) 2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. AC_DEFUN([gl_XSIZE], [ dnl Prerequisites of lib/xsize.h. AC_REQUIRE([gl_SIZE_MAX]) AC_CHECK_HEADERS(stdint.h) ]) sssd-1.11.5/m4/PaxHeaders.13173/signed.m40000644000000000000000000000013212320753475015611 xustar000000000000000030 mtime=1396954941.946889463 30 atime=1396954943.177888559 30 ctime=1396954961.402875137 sssd-1.11.5/m4/signed.m40000644002412700241270000000140112320753475016032 0ustar00jhrozekjhrozek00000000000000# signed.m4 serial 1 (gettext-0.10.40) dnl Copyright (C) 2001-2002 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. AC_DEFUN([bh_C_SIGNED], [ AC_CACHE_CHECK([for signed], bh_cv_c_signed, [AC_TRY_COMPILE(, [signed char x;], bh_cv_c_signed=yes, bh_cv_c_signed=no)]) if test $bh_cv_c_signed = no; then AC_DEFINE(signed, , [Define to empty if the C compiler doesn't support this keyword.]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/inttypes.m40000644000000000000000000000013212320753475016217 xustar000000000000000030 mtime=1396954941.835889545 30 atime=1396954943.184888554 30 ctime=1396954961.402875137 sssd-1.11.5/m4/inttypes.m40000644002412700241270000000171712320753475016452 0ustar00jhrozekjhrozek00000000000000# inttypes.m4 serial 1 (gettext-0.11.4) dnl Copyright (C) 1997-2002 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Paul Eggert. # Define HAVE_INTTYPES_H if exists and doesn't clash with # . AC_DEFUN([gt_HEADER_INTTYPES_H], [ AC_CACHE_CHECK([for inttypes.h], gt_cv_header_inttypes_h, [ AC_TRY_COMPILE( [#include #include ], [], gt_cv_header_inttypes_h=yes, gt_cv_header_inttypes_h=no) ]) if test $gt_cv_header_inttypes_h = yes; then AC_DEFINE_UNQUOTED(HAVE_INTTYPES_H, 1, [Define if exists and doesn't clash with .]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/intdiv0.m40000644000000000000000000000013212320753475015715 xustar000000000000000030 mtime=1396954941.811889563 30 atime=1396954943.185888554 30 ctime=1396954961.402875137 sssd-1.11.5/m4/intdiv0.m40000644002412700241270000000356512320753475016153 0ustar00jhrozekjhrozek00000000000000# intdiv0.m4 serial 1 (gettext-0.11.3) dnl Copyright (C) 2002 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. AC_DEFUN([gt_INTDIV0], [ AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_CACHE_CHECK([whether integer division by zero raises SIGFPE], gt_cv_int_divbyzero_sigfpe, [ AC_TRY_RUN([ #include #include static void #ifdef __cplusplus sigfpe_handler (int sig) #else sigfpe_handler (sig) int sig; #endif { /* Exit with code 0 if SIGFPE, with code 1 if any other signal. */ exit (sig != SIGFPE); } int x = 1; int y = 0; int z; int nan; int main () { signal (SIGFPE, sigfpe_handler); /* IRIX and AIX (when "xlc -qcheck" is used) yield signal SIGTRAP. */ #if (defined (__sgi) || defined (_AIX)) && defined (SIGTRAP) signal (SIGTRAP, sigfpe_handler); #endif /* Linux/SPARC yields signal SIGILL. */ #if defined (__sparc__) && defined (__linux__) signal (SIGILL, sigfpe_handler); #endif z = x / y; nan = y / y; exit (1); } ], gt_cv_int_divbyzero_sigfpe=yes, gt_cv_int_divbyzero_sigfpe=no, [ # Guess based on the CPU. case "$host_cpu" in alpha* | i[34567]86 | m68k | s390*) gt_cv_int_divbyzero_sigfpe="guessing yes";; *) gt_cv_int_divbyzero_sigfpe="guessing no";; esac ]) ]) case "$gt_cv_int_divbyzero_sigfpe" in *yes) value=1;; *) value=0;; esac AC_DEFINE_UNQUOTED(INTDIV0_RAISES_SIGFPE, $value, [Define if integer division by zero raises signal SIGFPE.]) ]) sssd-1.11.5/m4/PaxHeaders.13173/size_max.m40000644000000000000000000000013212320753475016157 xustar000000000000000030 mtime=1396954941.955889457 30 atime=1396954943.177888559 30 ctime=1396954961.402875137 sssd-1.11.5/m4/size_max.m40000644002412700241270000000407212320753475016407 0ustar00jhrozekjhrozek00000000000000# size_max.m4 serial 2 dnl Copyright (C) 2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. AC_DEFUN([gl_SIZE_MAX], [ AC_CHECK_HEADERS(stdint.h) dnl First test whether the system already has SIZE_MAX. AC_MSG_CHECKING([for SIZE_MAX]) result= AC_EGREP_CPP([Found it], [ #include #if HAVE_STDINT_H #include #endif #ifdef SIZE_MAX Found it #endif ], result=yes) if test -z "$result"; then dnl Define it ourselves. Here we assume that the type 'size_t' is not wider dnl than the type 'unsigned long'. dnl The _AC_COMPUTE_INT macro works up to LONG_MAX, since it uses 'expr', dnl which is guaranteed to work from LONG_MIN to LONG_MAX. _AC_COMPUTE_INT([~(size_t)0 / 10], res_hi, [#include ], result=?) _AC_COMPUTE_INT([~(size_t)0 % 10], res_lo, [#include ], result=?) _AC_COMPUTE_INT([sizeof (size_t) <= sizeof (unsigned int)], fits_in_uint, [#include ], result=?) if test "$fits_in_uint" = 1; then dnl Even though SIZE_MAX fits in an unsigned int, it must be of type dnl 'unsigned long' if the type 'size_t' is the same as 'unsigned long'. AC_TRY_COMPILE([#include extern size_t foo; extern unsigned long foo; ], [], fits_in_uint=0) fi if test -z "$result"; then if test "$fits_in_uint" = 1; then result="$res_hi$res_lo"U else result="$res_hi$res_lo"UL fi else dnl Shouldn't happen, but who knows... result='~(size_t)0' fi fi AC_MSG_RESULT([$result]) if test "$result" != yes; then AC_DEFINE_UNQUOTED([SIZE_MAX], [$result], [Define as the maximum value of type 'size_t', if the system doesn't define it.]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/nls.m40000644000000000000000000000013212320753475015134 xustar000000000000000030 mtime=1396954941.912889488 30 atime=1396954943.179888558 30 ctime=1396954961.402875137 sssd-1.11.5/m4/nls.m40000644002412700241270000000350512320753475015364 0ustar00jhrozekjhrozek00000000000000# nls.m4 serial 1 (gettext-0.12) dnl Copyright (C) 1995-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl dnl This file can can be used in projects which are not available under dnl the GNU General Public License or the GNU Library General Public dnl License but which still want to provide support for the GNU gettext dnl functionality. dnl Please note that the actual code of the GNU gettext library is covered dnl by the GNU Library General Public License, and the rest of the GNU dnl gettext package package is covered by the GNU General Public License. dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1995-2000. dnl Bruno Haible , 2000-2003. AC_DEFUN([AM_NLS], [ AC_MSG_CHECKING([whether NLS is requested]) dnl Default is enabled NLS AC_ARG_ENABLE(nls, [ --disable-nls do not use Native Language Support], USE_NLS=$enableval, USE_NLS=yes) AC_MSG_RESULT($USE_NLS) AC_SUBST(USE_NLS) ]) AC_DEFUN([AM_MKINSTALLDIRS], [ dnl If the AC_CONFIG_AUX_DIR macro for autoconf is used we possibly dnl find the mkinstalldirs script in another subdir but $(top_srcdir). dnl Try to locate it. MKINSTALLDIRS= if test -n "$ac_aux_dir"; then case "$ac_aux_dir" in /*) MKINSTALLDIRS="$ac_aux_dir/mkinstalldirs" ;; *) MKINSTALLDIRS="\$(top_builddir)/$ac_aux_dir/mkinstalldirs" ;; esac fi if test -z "$MKINSTALLDIRS"; then MKINSTALLDIRS="\$(top_srcdir)/mkinstalldirs" fi AC_SUBST(MKINSTALLDIRS) ]) sssd-1.11.5/m4/PaxHeaders.13173/longlong.m40000644000000000000000000000013212320753475016157 xustar000000000000000030 mtime=1396954941.903889495 30 atime=1396954943.180888557 30 ctime=1396954961.402875137 sssd-1.11.5/m4/longlong.m40000644002412700241270000000164312320753475016410 0ustar00jhrozekjhrozek00000000000000# longlong.m4 serial 4 dnl Copyright (C) 1999-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Paul Eggert. # Define HAVE_LONG_LONG if 'long long' works. AC_DEFUN([jm_AC_TYPE_LONG_LONG], [ AC_CACHE_CHECK([for long long], ac_cv_type_long_long, [AC_TRY_LINK([long long ll = 1LL; int i = 63;], [long long llmax = (long long) -1; return ll << i | ll >> i | llmax / ll | llmax % ll;], ac_cv_type_long_long=yes, ac_cv_type_long_long=no)]) if test $ac_cv_type_long_long = yes; then AC_DEFINE(HAVE_LONG_LONG, 1, [Define if you have the 'long long' type.]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/inttypes_h.m40000644000000000000000000000013212320753475016526 xustar000000000000000030 mtime=1396954941.846889537 30 atime=1396954943.184888554 30 ctime=1396954961.402875137 sssd-1.11.5/m4/inttypes_h.m40000644002412700241270000000210312320753475016747 0ustar00jhrozekjhrozek00000000000000# inttypes_h.m4 serial 5 (gettext-0.12) dnl Copyright (C) 1997-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Paul Eggert. # Define HAVE_INTTYPES_H_WITH_UINTMAX if exists, # doesn't clash with , and declares uintmax_t. AC_DEFUN([jm_AC_HEADER_INTTYPES_H], [ AC_CACHE_CHECK([for inttypes.h], jm_ac_cv_header_inttypes_h, [AC_TRY_COMPILE( [#include #include ], [uintmax_t i = (uintmax_t) -1;], jm_ac_cv_header_inttypes_h=yes, jm_ac_cv_header_inttypes_h=no)]) if test $jm_ac_cv_header_inttypes_h = yes; then AC_DEFINE_UNQUOTED(HAVE_INTTYPES_H_WITH_UINTMAX, 1, [Define if exists, doesn't clash with , and declares uintmax_t. ]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/progtest.m40000644000000000000000000000013212320753475016207 xustar000000000000000030 mtime=1396954941.939889469 30 atime=1396954943.177888559 30 ctime=1396954961.402875137 sssd-1.11.5/m4/progtest.m40000644002412700241270000000563412320753475016444 0ustar00jhrozekjhrozek00000000000000# progtest.m4 serial 3 (gettext-0.12) dnl Copyright (C) 1996-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl dnl This file can can be used in projects which are not available under dnl the GNU General Public License or the GNU Library General Public dnl License but which still want to provide support for the GNU gettext dnl functionality. dnl Please note that the actual code of the GNU gettext library is covered dnl by the GNU Library General Public License, and the rest of the GNU dnl gettext package package is covered by the GNU General Public License. dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1996. # Search path for a program which passes the given test. dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR, dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]]) AC_DEFUN([AM_PATH_PROG_WITH_TEST], [ # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "$2", so it can be a program name with args. set dummy $2; ac_word=[$]2 AC_MSG_CHECKING([for $ac_word]) AC_CACHE_VAL(ac_cv_path_$1, [case "[$]$1" in [[\\/]]* | ?:[[\\/]]*) ac_cv_path_$1="[$]$1" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in ifelse([$5], , $PATH, [$5]); do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then if [$3]; then ac_cv_path_$1="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" dnl If no 4th arg is given, leave the cache variable unset, dnl so AC_PATH_PROGS will keep looking. ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4" ])dnl ;; esac])dnl $1="$ac_cv_path_$1" if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then AC_MSG_RESULT([$]$1) else AC_MSG_RESULT(no) fi AC_SUBST($1)dnl ]) sssd-1.11.5/m4/PaxHeaders.13173/.dir0000644000000000000000000000007412320753107014652 xustar000000000000000030 atime=1396954939.250891442 30 ctime=1396954961.402875137 sssd-1.11.5/m4/.dir0000664002412700241270000000000012320753107015062 0ustar00jhrozekjhrozek00000000000000sssd-1.11.5/m4/PaxHeaders.13173/longdouble.m40000644000000000000000000000013212320753475016472 xustar000000000000000030 mtime=1396954941.894889502 30 atime=1396954943.180888557 30 ctime=1396954961.402875137 sssd-1.11.5/m4/longdouble.m40000644002412700241270000000230012320753475016712 0ustar00jhrozekjhrozek00000000000000# longdouble.m4 serial 1 (gettext-0.12) dnl Copyright (C) 2002-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. dnl Test whether the compiler supports the 'long double' type. dnl Prerequisite: AC_PROG_CC AC_DEFUN([gt_TYPE_LONGDOUBLE], [ AC_CACHE_CHECK([for long double], gt_cv_c_long_double, [if test "$GCC" = yes; then gt_cv_c_long_double=yes else AC_TRY_COMPILE([ /* The Stardent Vistra knows sizeof(long double), but does not support it. */ long double foo = 0.0; /* On Ultrix 4.3 cc, long double is 4 and double is 8. */ int array [2*(sizeof(long double) >= sizeof(double)) - 1]; ], , gt_cv_c_long_double=yes, gt_cv_c_long_double=no) fi]) if test $gt_cv_c_long_double = yes; then AC_DEFINE(HAVE_LONG_DOUBLE, 1, [Define if you have the 'long double' type.]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/iconv.m40000644000000000000000000000013212320753475015456 xustar000000000000000030 mtime=1396954941.799889571 30 atime=1396954943.185888554 30 ctime=1396954961.402875137 sssd-1.11.5/m4/iconv.m40000644002412700241270000000665312320753475015715 0ustar00jhrozekjhrozek00000000000000# iconv.m4 serial AM4 (gettext-0.11.3) dnl Copyright (C) 2000-2002 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. AC_DEFUN([AM_ICONV_LINKFLAGS_BODY], [ dnl Prerequisites of AC_LIB_LINKFLAGS_BODY. AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) AC_REQUIRE([AC_LIB_RPATH]) dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV dnl accordingly. AC_LIB_LINKFLAGS_BODY([iconv]) ]) AC_DEFUN([AM_ICONV_LINK], [ dnl Some systems have iconv in libc, some have it in libiconv (OSF/1 and dnl those with the standalone portable GNU libiconv installed). dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV dnl accordingly. AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY]) dnl Add $INCICONV to CPPFLAGS before performing the following checks, dnl because if the user has installed libiconv and not disabled its use dnl via --without-libiconv-prefix, he wants to use it. The first dnl AC_TRY_LINK will then fail, the second AC_TRY_LINK will succeed. am_save_CPPFLAGS="$CPPFLAGS" AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCICONV]) AC_CACHE_CHECK(for iconv, am_cv_func_iconv, [ am_cv_func_iconv="no, consider installing GNU libiconv" am_cv_lib_iconv=no AC_TRY_LINK([#include #include ], [iconv_t cd = iconv_open("",""); iconv(cd,NULL,NULL,NULL,NULL); iconv_close(cd);], am_cv_func_iconv=yes) if test "$am_cv_func_iconv" != yes; then am_save_LIBS="$LIBS" LIBS="$LIBS $LIBICONV" AC_TRY_LINK([#include #include ], [iconv_t cd = iconv_open("",""); iconv(cd,NULL,NULL,NULL,NULL); iconv_close(cd);], am_cv_lib_iconv=yes am_cv_func_iconv=yes) LIBS="$am_save_LIBS" fi ]) if test "$am_cv_func_iconv" = yes; then AC_DEFINE(HAVE_ICONV, 1, [Define if you have the iconv() function.]) fi if test "$am_cv_lib_iconv" = yes; then AC_MSG_CHECKING([how to link with libiconv]) AC_MSG_RESULT([$LIBICONV]) else dnl If $LIBICONV didn't lead to a usable library, we don't need $INCICONV dnl either. CPPFLAGS="$am_save_CPPFLAGS" LIBICONV= LTLIBICONV= fi AC_SUBST(LIBICONV) AC_SUBST(LTLIBICONV) ]) AC_DEFUN([AM_ICONV], [ AM_ICONV_LINK if test "$am_cv_func_iconv" = yes; then AC_MSG_CHECKING([for iconv declaration]) AC_CACHE_VAL(am_cv_proto_iconv, [ AC_TRY_COMPILE([ #include #include extern #ifdef __cplusplus "C" #endif #if defined(__STDC__) || defined(__cplusplus) size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft); #else size_t iconv(); #endif ], [], am_cv_proto_iconv_arg1="", am_cv_proto_iconv_arg1="const") am_cv_proto_iconv="extern size_t iconv (iconv_t cd, $am_cv_proto_iconv_arg1 char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);"]) am_cv_proto_iconv=`echo "[$]am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'` AC_MSG_RESULT([$]{ac_t:- }[$]am_cv_proto_iconv) AC_DEFINE_UNQUOTED(ICONV_CONST, $am_cv_proto_iconv_arg1, [Define as const if the declaration of iconv() needs const.]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/inttypes-pri.m40000644000000000000000000000013112320753475017006 xustar000000000000000029 mtime=1396954941.82888955 30 atime=1396954943.184888554 30 ctime=1396954961.402875137 sssd-1.11.5/m4/inttypes-pri.m40000644002412700241270000000222712320753475017237 0ustar00jhrozekjhrozek00000000000000# inttypes-pri.m4 serial 1 (gettext-0.11.4) dnl Copyright (C) 1997-2002 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. # Define PRI_MACROS_BROKEN if exists and defines the PRI* # macros to non-string values. This is the case on AIX 4.3.3. AC_DEFUN([gt_INTTYPES_PRI], [ AC_REQUIRE([gt_HEADER_INTTYPES_H]) if test $gt_cv_header_inttypes_h = yes; then AC_CACHE_CHECK([whether the inttypes.h PRIxNN macros are broken], gt_cv_inttypes_pri_broken, [ AC_TRY_COMPILE([#include #ifdef PRId32 char *p = PRId32; #endif ], [], gt_cv_inttypes_pri_broken=no, gt_cv_inttypes_pri_broken=yes) ]) fi if test "$gt_cv_inttypes_pri_broken" = yes; then AC_DEFINE_UNQUOTED(PRI_MACROS_BROKEN, 1, [Define if exists and defines unusable PRI* macros.]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/lcmessage.m40000644000000000000000000000013212320753475016303 xustar000000000000000030 mtime=1396954941.862889525 30 atime=1396954943.183888555 30 ctime=1396954961.402875137 sssd-1.11.5/m4/lcmessage.m40000644002412700241270000000261612320753475016535 0ustar00jhrozekjhrozek00000000000000# lcmessage.m4 serial 3 (gettext-0.11.3) dnl Copyright (C) 1995-2002 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl dnl This file can can be used in projects which are not available under dnl the GNU General Public License or the GNU Library General Public dnl License but which still want to provide support for the GNU gettext dnl functionality. dnl Please note that the actual code of the GNU gettext library is covered dnl by the GNU Library General Public License, and the rest of the GNU dnl gettext package package is covered by the GNU General Public License. dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1995. # Check whether LC_MESSAGES is available in . AC_DEFUN([AM_LC_MESSAGES], [ AC_CACHE_CHECK([for LC_MESSAGES], am_cv_val_LC_MESSAGES, [AC_TRY_LINK([#include ], [return LC_MESSAGES], am_cv_val_LC_MESSAGES=yes, am_cv_val_LC_MESSAGES=no)]) if test $am_cv_val_LC_MESSAGES = yes; then AC_DEFINE(HAVE_LC_MESSAGES, 1, [Define if your file defines LC_MESSAGES.]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/printf-posix.m40000644000000000000000000000013212320753475017002 xustar000000000000000030 mtime=1396954941.928889477 30 atime=1396954943.178888559 30 ctime=1396954961.403875136 sssd-1.11.5/m4/printf-posix.m40000644002412700241270000000310612320753475017227 0ustar00jhrozekjhrozek00000000000000# printf-posix.m4 serial 2 (gettext-0.13.1) dnl Copyright (C) 2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. dnl Test whether the printf() function supports POSIX/XSI format strings with dnl positions. AC_DEFUN([gt_PRINTF_POSIX], [ AC_REQUIRE([AC_PROG_CC]) AC_CACHE_CHECK([whether printf() supports POSIX/XSI format strings], gt_cv_func_printf_posix, [ AC_TRY_RUN([ #include #include /* The string "%2$d %1$d", with dollar characters protected from the shell's dollar expansion (possibly an autoconf bug). */ static char format[] = { '%', '2', '$', 'd', ' ', '%', '1', '$', 'd', '\0' }; static char buf[100]; int main () { sprintf (buf, format, 33, 55); return (strcmp (buf, "55 33") != 0); }], gt_cv_func_printf_posix=yes, gt_cv_func_printf_posix=no, [ AC_EGREP_CPP(notposix, [ #if defined __NetBSD__ || defined _MSC_VER || defined __MINGW32__ || defined __CYGWIN__ notposix #endif ], gt_cv_func_printf_posix="guessing no", gt_cv_func_printf_posix="guessing yes") ]) ]) case $gt_cv_func_printf_posix in *yes) AC_DEFINE(HAVE_POSIX_PRINTF, 1, [Define if your printf() function supports format strings with positions.]) ;; esac ]) sssd-1.11.5/m4/PaxHeaders.13173/gettext.m40000644000000000000000000000013212320753475016024 xustar000000000000000030 mtime=1396954941.784889582 30 atime=1396954943.186888553 30 ctime=1396954961.403875136 sssd-1.11.5/m4/gettext.m40000644002412700241270000004513012320753475016254 0ustar00jhrozekjhrozek00000000000000# gettext.m4 serial 28 (gettext-0.13) dnl Copyright (C) 1995-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl dnl This file can can be used in projects which are not available under dnl the GNU General Public License or the GNU Library General Public dnl License but which still want to provide support for the GNU gettext dnl functionality. dnl Please note that the actual code of the GNU gettext library is covered dnl by the GNU Library General Public License, and the rest of the GNU dnl gettext package package is covered by the GNU General Public License. dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1995-2000. dnl Bruno Haible , 2000-2003. dnl Macro to add for using GNU gettext. dnl Usage: AM_GNU_GETTEXT([INTLSYMBOL], [NEEDSYMBOL], [INTLDIR]). dnl INTLSYMBOL can be one of 'external', 'no-libtool', 'use-libtool'. The dnl default (if it is not specified or empty) is 'no-libtool'. dnl INTLSYMBOL should be 'external' for packages with no intl directory, dnl and 'no-libtool' or 'use-libtool' for packages with an intl directory. dnl If INTLSYMBOL is 'use-libtool', then a libtool library dnl $(top_builddir)/intl/libintl.la will be created (shared and/or static, dnl depending on --{enable,disable}-{shared,static} and on the presence of dnl AM-DISABLE-SHARED). If INTLSYMBOL is 'no-libtool', a static library dnl $(top_builddir)/intl/libintl.a will be created. dnl If NEEDSYMBOL is specified and is 'need-ngettext', then GNU gettext dnl implementations (in libc or libintl) without the ngettext() function dnl will be ignored. If NEEDSYMBOL is specified and is dnl 'need-formatstring-macros', then GNU gettext implementations that don't dnl support the ISO C 99 formatstring macros will be ignored. dnl INTLDIR is used to find the intl libraries. If empty, dnl the value `$(top_builddir)/intl/' is used. dnl dnl The result of the configuration is one of three cases: dnl 1) GNU gettext, as included in the intl subdirectory, will be compiled dnl and used. dnl Catalog format: GNU --> install in $(datadir) dnl Catalog extension: .mo after installation, .gmo in source tree dnl 2) GNU gettext has been found in the system's C library. dnl Catalog format: GNU --> install in $(datadir) dnl Catalog extension: .mo after installation, .gmo in source tree dnl 3) No internationalization, always use English msgid. dnl Catalog format: none dnl Catalog extension: none dnl If INTLSYMBOL is 'external', only cases 2 and 3 can occur. dnl The use of .gmo is historical (it was needed to avoid overwriting the dnl GNU format catalogs when building on a platform with an X/Open gettext), dnl but we keep it in order not to force irrelevant filename changes on the dnl maintainers. dnl AC_DEFUN([AM_GNU_GETTEXT], [ dnl Argument checking. ifelse([$1], [], , [ifelse([$1], [external], , [ifelse([$1], [no-libtool], , [ifelse([$1], [use-libtool], , [errprint([ERROR: invalid first argument to AM_GNU_GETTEXT ])])])])]) ifelse([$2], [], , [ifelse([$2], [need-ngettext], , [ifelse([$2], [need-formatstring-macros], , [errprint([ERROR: invalid second argument to AM_GNU_GETTEXT ])])])]) define(gt_included_intl, ifelse([$1], [external], [no], [yes])) define(gt_libtool_suffix_prefix, ifelse([$1], [use-libtool], [l], [])) AC_REQUIRE([AM_PO_SUBDIRS])dnl ifelse(gt_included_intl, yes, [ AC_REQUIRE([AM_INTL_SUBDIR])dnl ]) dnl Prerequisites of AC_LIB_LINKFLAGS_BODY. AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) AC_REQUIRE([AC_LIB_RPATH]) dnl Sometimes libintl requires libiconv, so first search for libiconv. dnl Ideally we would do this search only after the dnl if test "$USE_NLS" = "yes"; then dnl if test "$gt_cv_func_gnugettext_libc" != "yes"; then dnl tests. But if configure.in invokes AM_ICONV after AM_GNU_GETTEXT dnl the configure script would need to contain the same shell code dnl again, outside any 'if'. There are two solutions: dnl - Invoke AM_ICONV_LINKFLAGS_BODY here, outside any 'if'. dnl - Control the expansions in more detail using AC_PROVIDE_IFELSE. dnl Since AC_PROVIDE_IFELSE is only in autoconf >= 2.52 and not dnl documented, we avoid it. ifelse(gt_included_intl, yes, , [ AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY]) ]) dnl Set USE_NLS. AM_NLS ifelse(gt_included_intl, yes, [ BUILD_INCLUDED_LIBINTL=no USE_INCLUDED_LIBINTL=no ]) LIBINTL= LTLIBINTL= POSUB= dnl If we use NLS figure out what method if test "$USE_NLS" = "yes"; then gt_use_preinstalled_gnugettext=no ifelse(gt_included_intl, yes, [ AC_MSG_CHECKING([whether included gettext is requested]) AC_ARG_WITH(included-gettext, [ --with-included-gettext use the GNU gettext library included here], nls_cv_force_use_gnu_gettext=$withval, nls_cv_force_use_gnu_gettext=no) AC_MSG_RESULT($nls_cv_force_use_gnu_gettext) nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext" if test "$nls_cv_force_use_gnu_gettext" != "yes"; then ]) dnl User does not insist on using GNU NLS library. Figure out what dnl to use. If GNU gettext is available we use this. Else we have dnl to fall back to GNU NLS library. dnl Add a version number to the cache macros. define([gt_api_version], ifelse([$2], [need-formatstring-macros], 3, ifelse([$2], [need-ngettext], 2, 1))) define([gt_cv_func_gnugettext_libc], [gt_cv_func_gnugettext]gt_api_version[_libc]) define([gt_cv_func_gnugettext_libintl], [gt_cv_func_gnugettext]gt_api_version[_libintl]) AC_CACHE_CHECK([for GNU gettext in libc], gt_cv_func_gnugettext_libc, [AC_TRY_LINK([#include ]ifelse([$2], [need-formatstring-macros], [#ifndef __GNU_GETTEXT_SUPPORTED_REVISION #define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) #endif changequote(,)dnl typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; changequote([,])dnl ], [])[extern int _nl_msg_cat_cntr; extern int *_nl_domain_bindings;], [bindtextdomain ("", ""); return (int) gettext ("")]ifelse([$2], [need-ngettext], [ + (int) ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_domain_bindings], gt_cv_func_gnugettext_libc=yes, gt_cv_func_gnugettext_libc=no)]) if test "$gt_cv_func_gnugettext_libc" != "yes"; then dnl Sometimes libintl requires libiconv, so first search for libiconv. ifelse(gt_included_intl, yes, , [ AM_ICONV_LINK ]) dnl Search for libintl and define LIBINTL, LTLIBINTL and INCINTL dnl accordingly. Don't use AC_LIB_LINKFLAGS_BODY([intl],[iconv]) dnl because that would add "-liconv" to LIBINTL and LTLIBINTL dnl even if libiconv doesn't exist. AC_LIB_LINKFLAGS_BODY([intl]) AC_CACHE_CHECK([for GNU gettext in libintl], gt_cv_func_gnugettext_libintl, [gt_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $INCINTL" gt_save_LIBS="$LIBS" LIBS="$LIBS $LIBINTL" dnl Now see whether libintl exists and does not depend on libiconv. AC_TRY_LINK([#include ]ifelse([$2], [need-formatstring-macros], [#ifndef __GNU_GETTEXT_SUPPORTED_REVISION #define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) #endif changequote(,)dnl typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; changequote([,])dnl ], [])[extern int _nl_msg_cat_cntr; extern #ifdef __cplusplus "C" #endif const char *_nl_expand_alias ();], [bindtextdomain ("", ""); return (int) gettext ("")]ifelse([$2], [need-ngettext], [ + (int) ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_expand_alias (0)], gt_cv_func_gnugettext_libintl=yes, gt_cv_func_gnugettext_libintl=no) dnl Now see whether libintl exists and depends on libiconv. if test "$gt_cv_func_gnugettext_libintl" != yes && test -n "$LIBICONV"; then LIBS="$LIBS $LIBICONV" AC_TRY_LINK([#include ]ifelse([$2], [need-formatstring-macros], [#ifndef __GNU_GETTEXT_SUPPORTED_REVISION #define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) #endif changequote(,)dnl typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; changequote([,])dnl ], [])[extern int _nl_msg_cat_cntr; extern #ifdef __cplusplus "C" #endif const char *_nl_expand_alias ();], [bindtextdomain ("", ""); return (int) gettext ("")]ifelse([$2], [need-ngettext], [ + (int) ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_expand_alias (0)], [LIBINTL="$LIBINTL $LIBICONV" LTLIBINTL="$LTLIBINTL $LTLIBICONV" gt_cv_func_gnugettext_libintl=yes ]) fi CPPFLAGS="$gt_save_CPPFLAGS" LIBS="$gt_save_LIBS"]) fi dnl If an already present or preinstalled GNU gettext() is found, dnl use it. But if this macro is used in GNU gettext, and GNU dnl gettext is already preinstalled in libintl, we update this dnl libintl. (Cf. the install rule in intl/Makefile.in.) if test "$gt_cv_func_gnugettext_libc" = "yes" \ || { test "$gt_cv_func_gnugettext_libintl" = "yes" \ && test "$PACKAGE" != gettext-runtime \ && test "$PACKAGE" != gettext-tools; }; then gt_use_preinstalled_gnugettext=yes else dnl Reset the values set by searching for libintl. LIBINTL= LTLIBINTL= INCINTL= fi ifelse(gt_included_intl, yes, [ if test "$gt_use_preinstalled_gnugettext" != "yes"; then dnl GNU gettext is not found in the C library. dnl Fall back on included GNU gettext library. nls_cv_use_gnu_gettext=yes fi fi if test "$nls_cv_use_gnu_gettext" = "yes"; then dnl Mark actions used to generate GNU NLS library. BUILD_INCLUDED_LIBINTL=yes USE_INCLUDED_LIBINTL=yes LIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LIBICONV" LTLIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LTLIBICONV" LIBS=`echo " $LIBS " | sed -e 's/ -lintl / /' -e 's/^ //' -e 's/ $//'` fi if test "$gt_use_preinstalled_gnugettext" = "yes" \ || test "$nls_cv_use_gnu_gettext" = "yes"; then dnl Mark actions to use GNU gettext tools. CATOBJEXT=.gmo fi ]) if test "$gt_use_preinstalled_gnugettext" = "yes" \ || test "$nls_cv_use_gnu_gettext" = "yes"; then AC_DEFINE(ENABLE_NLS, 1, [Define to 1 if translation of program messages to the user's native language is requested.]) else USE_NLS=no fi fi AC_MSG_CHECKING([whether to use NLS]) AC_MSG_RESULT([$USE_NLS]) if test "$USE_NLS" = "yes"; then AC_MSG_CHECKING([where the gettext function comes from]) if test "$gt_use_preinstalled_gnugettext" = "yes"; then if test "$gt_cv_func_gnugettext_libintl" = "yes"; then gt_source="external libintl" else gt_source="libc" fi else gt_source="included intl directory" fi AC_MSG_RESULT([$gt_source]) fi if test "$USE_NLS" = "yes"; then if test "$gt_use_preinstalled_gnugettext" = "yes"; then if test "$gt_cv_func_gnugettext_libintl" = "yes"; then AC_MSG_CHECKING([how to link with libintl]) AC_MSG_RESULT([$LIBINTL]) AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCINTL]) fi dnl For backward compatibility. Some packages may be using this. AC_DEFINE(HAVE_GETTEXT, 1, [Define if the GNU gettext() function is already present or preinstalled.]) AC_DEFINE(HAVE_DCGETTEXT, 1, [Define if the GNU dcgettext() function is already present or preinstalled.]) fi dnl We need to process the po/ directory. POSUB=po fi ifelse(gt_included_intl, yes, [ dnl If this is used in GNU gettext we have to set BUILD_INCLUDED_LIBINTL dnl to 'yes' because some of the testsuite requires it. if test "$PACKAGE" = gettext-runtime || test "$PACKAGE" = gettext-tools; then BUILD_INCLUDED_LIBINTL=yes fi dnl Make all variables we use known to autoconf. AC_SUBST(BUILD_INCLUDED_LIBINTL) AC_SUBST(USE_INCLUDED_LIBINTL) AC_SUBST(CATOBJEXT) dnl For backward compatibility. Some configure.ins may be using this. nls_cv_header_intl= nls_cv_header_libgt= dnl For backward compatibility. Some Makefiles may be using this. DATADIRNAME=share AC_SUBST(DATADIRNAME) dnl For backward compatibility. Some Makefiles may be using this. INSTOBJEXT=.mo AC_SUBST(INSTOBJEXT) dnl For backward compatibility. Some Makefiles may be using this. GENCAT=gencat AC_SUBST(GENCAT) dnl For backward compatibility. Some Makefiles may be using this. if test "$USE_INCLUDED_LIBINTL" = yes; then INTLOBJS="\$(GETTOBJS)" fi AC_SUBST(INTLOBJS) dnl Enable libtool support if the surrounding package wishes it. INTL_LIBTOOL_SUFFIX_PREFIX=gt_libtool_suffix_prefix AC_SUBST(INTL_LIBTOOL_SUFFIX_PREFIX) ]) dnl For backward compatibility. Some Makefiles may be using this. INTLLIBS="$LIBINTL" AC_SUBST(INTLLIBS) dnl Make all documented variables known to autoconf. AC_SUBST(LIBINTL) AC_SUBST(LTLIBINTL) AC_SUBST(POSUB) ]) dnl Checks for all prerequisites of the intl subdirectory, dnl except for INTL_LIBTOOL_SUFFIX_PREFIX (and possibly LIBTOOL), INTLOBJS, dnl USE_INCLUDED_LIBINTL, BUILD_INCLUDED_LIBINTL. AC_DEFUN([AM_INTL_SUBDIR], [ AC_REQUIRE([AC_PROG_INSTALL])dnl AC_REQUIRE([AM_MKINSTALLDIRS])dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_PROG_RANLIB])dnl AC_REQUIRE([AC_ISC_POSIX])dnl AC_REQUIRE([AC_HEADER_STDC])dnl AC_REQUIRE([AC_C_CONST])dnl AC_REQUIRE([bh_C_SIGNED])dnl AC_REQUIRE([AC_C_INLINE])dnl AC_REQUIRE([AC_TYPE_OFF_T])dnl AC_REQUIRE([AC_TYPE_SIZE_T])dnl AC_REQUIRE([jm_AC_TYPE_LONG_LONG])dnl AC_REQUIRE([gt_TYPE_LONGDOUBLE])dnl AC_REQUIRE([gt_TYPE_WCHAR_T])dnl AC_REQUIRE([gt_TYPE_WINT_T])dnl AC_REQUIRE([jm_AC_HEADER_INTTYPES_H]) AC_REQUIRE([jm_AC_HEADER_STDINT_H]) AC_REQUIRE([gt_TYPE_INTMAX_T]) AC_REQUIRE([gt_PRINTF_POSIX]) AC_REQUIRE([AC_FUNC_ALLOCA])dnl AC_REQUIRE([AC_FUNC_MMAP])dnl AC_REQUIRE([jm_GLIBC21])dnl AC_REQUIRE([gt_INTDIV0])dnl AC_REQUIRE([jm_AC_TYPE_UINTMAX_T])dnl AC_REQUIRE([gt_HEADER_INTTYPES_H])dnl AC_REQUIRE([gt_INTTYPES_PRI])dnl AC_REQUIRE([gl_XSIZE])dnl AC_CHECK_TYPE([ptrdiff_t], , [AC_DEFINE([ptrdiff_t], [long], [Define as the type of the result of subtracting two pointers, if the system doesn't define it.]) ]) AC_CHECK_HEADERS([argz.h limits.h locale.h nl_types.h malloc.h stddef.h \ stdlib.h string.h unistd.h sys/param.h]) AC_CHECK_FUNCS([asprintf fwprintf getcwd getegid geteuid getgid getuid \ mempcpy munmap putenv setenv setlocale snprintf stpcpy strcasecmp strdup \ strtoul tsearch wcslen __argz_count __argz_stringify __argz_next \ __fsetlocking]) dnl Use the _snprintf function only if it is declared (because on NetBSD it dnl is defined as a weak alias of snprintf; we prefer to use the latter). gt_CHECK_DECL(_snprintf, [#include ]) gt_CHECK_DECL(_snwprintf, [#include ]) dnl Use the *_unlocked functions only if they are declared. dnl (because some of them were defined without being declared in Solaris dnl 2.5.1 but were removed in Solaris 2.6, whereas we want binaries built dnl on Solaris 2.5.1 to run on Solaris 2.6). dnl Don't use AC_CHECK_DECLS because it isn't supported in autoconf-2.13. gt_CHECK_DECL(feof_unlocked, [#include ]) gt_CHECK_DECL(fgets_unlocked, [#include ]) gt_CHECK_DECL(getc_unlocked, [#include ]) case $gt_cv_func_printf_posix in *yes) HAVE_POSIX_PRINTF=1 ;; *) HAVE_POSIX_PRINTF=0 ;; esac AC_SUBST([HAVE_POSIX_PRINTF]) if test "$ac_cv_func_asprintf" = yes; then HAVE_ASPRINTF=1 else HAVE_ASPRINTF=0 fi AC_SUBST([HAVE_ASPRINTF]) if test "$ac_cv_func_snprintf" = yes; then HAVE_SNPRINTF=1 else HAVE_SNPRINTF=0 fi AC_SUBST([HAVE_SNPRINTF]) if test "$ac_cv_func_wprintf" = yes; then HAVE_WPRINTF=1 else HAVE_WPRINTF=0 fi AC_SUBST([HAVE_WPRINTF]) AM_ICONV AM_LANGINFO_CODESET if test $ac_cv_header_locale_h = yes; then AM_LC_MESSAGES fi dnl intl/plural.c is generated from intl/plural.y. It requires bison, dnl because plural.y uses bison specific features. It requires at least dnl bison-1.26 because earlier versions generate a plural.c that doesn't dnl compile. dnl bison is only needed for the maintainer (who touches plural.y). But in dnl order to avoid separate Makefiles or --enable-maintainer-mode, we put dnl the rule in general Makefile. Now, some people carelessly touch the dnl files or have a broken "make" program, hence the plural.c rule will dnl sometimes fire. To avoid an error, defines BISON to ":" if it is not dnl present or too old. AC_CHECK_PROGS([INTLBISON], [bison]) if test -z "$INTLBISON"; then ac_verc_fail=yes else dnl Found it, now check the version. AC_MSG_CHECKING([version of bison]) changequote(<<,>>)dnl ac_prog_version=`$INTLBISON --version 2>&1 | sed -n 's/^.*GNU Bison.* \([0-9]*\.[0-9.]*\).*$/\1/p'` case $ac_prog_version in '') ac_prog_version="v. ?.??, bad"; ac_verc_fail=yes;; 1.2[6-9]* | 1.[3-9][0-9]* | [2-9].*) changequote([,])dnl ac_prog_version="$ac_prog_version, ok"; ac_verc_fail=no;; *) ac_prog_version="$ac_prog_version, bad"; ac_verc_fail=yes;; esac AC_MSG_RESULT([$ac_prog_version]) fi if test $ac_verc_fail = yes; then INTLBISON=: fi ]) dnl gt_CHECK_DECL(FUNC, INCLUDES) dnl Check whether a function is declared. AC_DEFUN([gt_CHECK_DECL], [ AC_CACHE_CHECK([whether $1 is declared], ac_cv_have_decl_$1, [AC_TRY_COMPILE([$2], [ #ifndef $1 char *p = (char *) $1; #endif ], ac_cv_have_decl_$1=yes, ac_cv_have_decl_$1=no)]) if test $ac_cv_have_decl_$1 = yes; then gt_value=1 else gt_value=0 fi AC_DEFINE_UNQUOTED([HAVE_DECL_]translit($1, [a-z], [A-Z]), [$gt_value], [Define to 1 if you have the declaration of `$1', and to 0 if you don't.]) ]) dnl Usage: AM_GNU_GETTEXT_VERSION([gettext-version]) AC_DEFUN([AM_GNU_GETTEXT_VERSION], []) sssd-1.11.5/m4/PaxHeaders.13173/wint_t.m40000644000000000000000000000013112320753476015644 xustar000000000000000030 mtime=1396954942.001889423 29 atime=1396954943.17688856 30 ctime=1396954961.403875136 sssd-1.11.5/m4/wint_t.m40000644002412700241270000000153112320753476016072 0ustar00jhrozekjhrozek00000000000000# wint_t.m4 serial 1 (gettext-0.12) dnl Copyright (C) 2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl From Bruno Haible. dnl Test whether has the 'wint_t' type. dnl Prerequisite: AC_PROG_CC AC_DEFUN([gt_TYPE_WINT_T], [ AC_CACHE_CHECK([for wint_t], gt_cv_c_wint_t, [AC_TRY_COMPILE([#include wint_t foo = (wchar_t)'\0';], , gt_cv_c_wint_t=yes, gt_cv_c_wint_t=no)]) if test $gt_cv_c_wint_t = yes; then AC_DEFINE(HAVE_WINT_T, 1, [Define if you have the 'wint_t' type.]) fi ]) sssd-1.11.5/m4/PaxHeaders.13173/po.m40000644000000000000000000000013212320753475014756 xustar000000000000000030 mtime=1396954941.920889482 30 atime=1396954943.178888559 30 ctime=1396954961.403875136 sssd-1.11.5/m4/po.m40000644002412700241270000004265212320753475015214 0ustar00jhrozekjhrozek00000000000000# po.m4 serial 3 (gettext-0.14) dnl Copyright (C) 1995-2003 Free Software Foundation, Inc. dnl This file is free software, distributed under the terms of the GNU dnl General Public License. As a special exception to the GNU General dnl Public License, this file may be distributed as part of a program dnl that contains a configuration script generated by Autoconf, under dnl the same distribution terms as the rest of that program. dnl dnl This file can can be used in projects which are not available under dnl the GNU General Public License or the GNU Library General Public dnl License but which still want to provide support for the GNU gettext dnl functionality. dnl Please note that the actual code of the GNU gettext library is covered dnl by the GNU Library General Public License, and the rest of the GNU dnl gettext package package is covered by the GNU General Public License. dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1995-2000. dnl Bruno Haible , 2000-2003. dnl Checks for all prerequisites of the po subdirectory. AC_DEFUN([AM_PO_SUBDIRS], [ AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl AC_REQUIRE([AM_MKINSTALLDIRS])dnl AC_REQUIRE([AM_NLS])dnl dnl Perform the following tests also if --disable-nls has been given, dnl because they are needed for "make dist" to work. dnl Search for GNU msgfmt in the PATH. dnl The first test excludes Solaris msgfmt and early GNU msgfmt versions. dnl The second test excludes FreeBSD msgfmt. AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, [$ac_dir/$ac_word --statistics /dev/null >/dev/null 2>&1 && (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], :) AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) dnl Search for GNU xgettext 0.12 or newer in the PATH. dnl The first test excludes Solaris xgettext and early GNU xgettext versions. dnl The second test excludes FreeBSD xgettext. AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, [$ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >/dev/null 2>&1 && (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], :) dnl Remove leftover from FreeBSD xgettext call. rm -f messages.po dnl Search for GNU msgmerge 0.11 or newer in the PATH. AM_PATH_PROG_WITH_TEST(MSGMERGE, msgmerge, [$ac_dir/$ac_word --update -q /dev/null /dev/null >/dev/null 2>&1], :) dnl This could go away some day; the PATH_PROG_WITH_TEST already does it. dnl Test whether we really found GNU msgfmt. if test "$GMSGFMT" != ":"; then dnl If it is no GNU msgfmt we define it as : so that the dnl Makefiles still can work. if $GMSGFMT --statistics /dev/null >/dev/null 2>&1 && (if $GMSGFMT --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then : ; else GMSGFMT=`echo "$GMSGFMT" | sed -e 's,^.*/,,'` AC_MSG_RESULT( [found $GMSGFMT program is not GNU msgfmt; ignore it]) GMSGFMT=":" fi fi dnl This could go away some day; the PATH_PROG_WITH_TEST already does it. dnl Test whether we really found GNU xgettext. if test "$XGETTEXT" != ":"; then dnl If it is no GNU xgettext we define it as : so that the dnl Makefiles still can work. if $XGETTEXT --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >/dev/null 2>&1 && (if $XGETTEXT --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then : ; else AC_MSG_RESULT( [found xgettext program is not GNU xgettext; ignore it]) XGETTEXT=":" fi dnl Remove leftover from FreeBSD xgettext call. rm -f messages.po fi AC_OUTPUT_COMMANDS([ for ac_file in $CONFIG_FILES; do # Support "outfile[:infile[:infile...]]" case "$ac_file" in *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; esac # PO directories have a Makefile.in generated from Makefile.in.in. case "$ac_file" in */Makefile.in) # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`" ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" case "$ac_given_srcdir" in .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; /*) top_srcdir="$ac_given_srcdir" ;; *) top_srcdir="$ac_dots$ac_given_srcdir" ;; esac if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then rm -f "$ac_dir/POTFILES" test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" POMAKEFILEDEPS="POTFILES.in" # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend # on $ac_dir but don't depend on user-specified configuration # parameters. if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then # The LINGUAS file contains the set of available languages. if test -n "$OBSOLETE_ALL_LINGUAS"; then test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" fi ALL_LINGUAS_=`sed -e "/^#/d" "$ac_given_srcdir/$ac_dir/LINGUAS"` # Hide the ALL_LINGUAS assigment from automake. eval 'ALL_LINGUAS''=$ALL_LINGUAS_' POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" else # The set of available languages was given in configure.in. eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS' fi # Compute POFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) # Compute UPDATEPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update) # Compute DUMMYPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop) # Compute GMOFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo) case "$ac_given_srcdir" in .) srcdirpre= ;; *) srcdirpre='$(srcdir)/' ;; esac POFILES= UPDATEPOFILES= DUMMYPOFILES= GMOFILES= for lang in $ALL_LINGUAS; do POFILES="$POFILES $srcdirpre$lang.po" UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" DUMMYPOFILES="$DUMMYPOFILES $lang.nop" GMOFILES="$GMOFILES $srcdirpre$lang.gmo" done # CATALOGS depends on both $ac_dir and the user's LINGUAS # environment variable. INST_LINGUAS= if test -n "$ALL_LINGUAS"; then for presentlang in $ALL_LINGUAS; do useit=no if test "%UNSET%" != "$LINGUAS"; then desiredlanguages="$LINGUAS" else desiredlanguages="$ALL_LINGUAS" fi for desiredlang in $desiredlanguages; do # Use the presentlang catalog if desiredlang is # a. equal to presentlang, or # b. a variant of presentlang (because in this case, # presentlang can be used as a fallback for messages # which are not translated in the desiredlang catalog). case "$desiredlang" in "$presentlang"*) useit=yes;; esac done if test $useit = yes; then INST_LINGUAS="$INST_LINGUAS $presentlang" fi done fi CATALOGS= if test -n "$INST_LINGUAS"; then for lang in $INST_LINGUAS; do CATALOGS="$CATALOGS $lang.gmo" done fi test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do if test -f "$f"; then case "$f" in *.orig | *.bak | *~) ;; *) cat "$f" >> "$ac_dir/Makefile" ;; esac fi done fi ;; esac done], [# Capture the value of obsolete ALL_LINGUAS because we need it to compute # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it # from automake. eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"' # Capture the value of LINGUAS because we need it to compute CATALOGS. LINGUAS="${LINGUAS-%UNSET%}" ]) ]) dnl Postprocesses a Makefile in a directory containing PO files. AC_DEFUN([AM_POSTPROCESS_PO_MAKEFILE], [ # When this code is run, in config.status, two variables have already been # set: # - OBSOLETE_ALL_LINGUAS is the value of LINGUAS set in configure.in, # - LINGUAS is the value of the environment variable LINGUAS at configure # time. changequote(,)dnl # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`" ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" case "$ac_given_srcdir" in .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; /*) top_srcdir="$ac_given_srcdir" ;; *) top_srcdir="$ac_dots$ac_given_srcdir" ;; esac # Find a way to echo strings without interpreting backslash. if test "X`(echo '\t') 2>/dev/null`" = 'X\t'; then gt_echo='echo' else if test "X`(printf '%s\n' '\t') 2>/dev/null`" = 'X\t'; then gt_echo='printf %s\n' else echo_func () { cat < "$ac_file.tmp" if grep -l '@TCLCATALOGS@' "$ac_file" > /dev/null; then # Add dependencies that cannot be formulated as a simple suffix rule. for lang in $ALL_LINGUAS; do frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'` cat >> "$ac_file.tmp" < /dev/null; then # Add dependencies that cannot be formulated as a simple suffix rule. for lang in $ALL_LINGUAS; do frobbedlang=`echo $lang | sed -e 's/_/-/g'` cat >> "$ac_file.tmp" <> "$ac_file.tmp" <&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_DEVSHM_TRUE@am__append_1 = --with-test-dir=/dev/shm @HAVE_MANPAGES_TRUE@am__append_2 = src/man @HAVE_DEBIAN_TRUE@am__append_3 = --install-layout=deb @WANT_AUX_INFO_TRUE@am__append_4 = -aux-info $@.X @HAVE_GCC_TRUE@am__append_5 = -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith \ @HAVE_GCC_TRUE@ -Wcast-qual -Wcast-align -Wwrite-strings \ @HAVE_GCC_TRUE@ -Werror-implicit-function-declaration \ @HAVE_GCC_TRUE@ -fno-strict-aliasing \ @HAVE_GCC_TRUE@ -std=gnu99 @BUILD_SSH_TRUE@bin_PROGRAMS = sss_ssh_authorizedkeys$(EXEEXT) \ @BUILD_SSH_TRUE@ sss_ssh_knownhostsproxy$(EXEEXT) sbin_PROGRAMS = sssd$(EXEEXT) sss_useradd$(EXEEXT) \ sss_userdel$(EXEEXT) sss_groupadd$(EXEEXT) \ sss_groupdel$(EXEEXT) sss_usermod$(EXEEXT) \ sss_groupmod$(EXEEXT) sss_groupshow$(EXEEXT) \ sss_cache$(EXEEXT) sss_debuglevel$(EXEEXT) sss_seed$(EXEEXT) sssdlibexec_PROGRAMS = sssd_nss$(EXEEXT) sssd_pam$(EXEEXT) \ sssd_be$(EXEEXT) krb5_child$(EXEEXT) ldap_child$(EXEEXT) \ proxy_child$(EXEEXT) $(am__EXEEXT_6) $(am__EXEEXT_7) \ $(am__EXEEXT_8) $(am__EXEEXT_9) @BUILD_SUDO_TRUE@am__append_6 = sssd_sudo @BUILD_AUTOFS_TRUE@am__append_7 = sssd_autofs @BUILD_SSH_TRUE@am__append_8 = sssd_ssh @BUILD_PAC_RESPONDER_TRUE@am__append_9 = sssd_pac @BUILD_SSH_TRUE@@HAVE_CHECK_TRUE@am__append_10 = sysdb_ssh-tests check_PROGRAMS = stress-tests$(EXEEXT) krb5-child-test$(EXEEXT) \ $(am__EXEEXT_1) $(am__EXEEXT_3) @BUILD_PYTHON_BINDINGS_TRUE@am__append_11 = src/config/SSSDConfigTest.py \ @BUILD_PYTHON_BINDINGS_TRUE@ src/tests/pyhbac-test.py \ @BUILD_PYTHON_BINDINGS_TRUE@ src/tests/pysss_murmur-test.py TESTS = $(PYTHON_TESTS) $(am__EXEEXT_1) $(am__EXEEXT_3) @BUILD_ARES_DATA_TRUE@am__append_12 = \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/ares_parse_srv_reply.c \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/ares_data.c @BUILD_SELINUX_TRUE@am__append_13 = $(SELINUX_LIBS) @BUILD_SELINUX_TRUE@am__append_14 = $(SELINUX_LIBS) @BUILD_SEMANAGE_TRUE@am__append_15 = $(SEMANAGE_LIBS) @BUILD_SEMANAGE_TRUE@am__append_16 = $(SEMANAGE_LIBS) @HAVE_NSS_TRUE@am__append_17 = src/util/crypto/nss/nss_util.h @BUILD_SUDO_TRUE@am__append_18 = libsss_sudo_doc @HAVE_PTHREAD_TRUE@am__append_19 = -lpthread @BUILD_SUDO_TRUE@am__append_20 = src/db/sysdb_sudo.c @BUILD_SSH_TRUE@am__append_21 = \ @BUILD_SSH_TRUE@ src/db/sysdb_ssh.c \ @BUILD_SSH_TRUE@ src/util/sss_ssh.c @HAVE_CHECK_TRUE@am__append_22 = \ @HAVE_CHECK_TRUE@ src/tests/common_check.c @BUILD_SELINUX_TRUE@@HAVE_CHECK_TRUE@am__append_23 = $(SELINUX_LIBS) @BUILD_SEMANAGE_TRUE@@HAVE_CHECK_TRUE@am__append_24 = $(SEMANAGE_LIBS) @BUILD_ARES_DATA_TRUE@@HAVE_CHECK_TRUE@am__append_25 = \ @BUILD_ARES_DATA_TRUE@@HAVE_CHECK_TRUE@ src/resolv/ares/ares_parse_txt_reply.c noinst_PROGRAMS = pam_test_client$(EXEEXT) $(am__EXEEXT_4) \ $(am__EXEEXT_5) @BUILD_SUDO_TRUE@am__append_26 = sss_sudo_cli @BUILD_AUTOFS_TRUE@am__append_27 = autofs_test_client @BUILD_SUDO_TRUE@am__append_28 = src/sss_client/sss_sudo.exports @BUILD_AUTOFS_TRUE@am__append_29 = src/sss_client/autofs/sss_autofs.exports @BUILD_SUDO_TRUE@am__append_30 = \ @BUILD_SUDO_TRUE@ src/providers/ldap/sdap_sudo_cache.c \ @BUILD_SUDO_TRUE@ src/providers/ldap/sdap_async_sudo.c \ @BUILD_SUDO_TRUE@ src/providers/ldap/sdap_async_sudo_timer.c \ @BUILD_SUDO_TRUE@ src/providers/ldap/sdap_async_sudo_hostinfo.c \ @BUILD_SUDO_TRUE@ src/providers/ldap/sdap_sudo.c @BUILD_AUTOFS_TRUE@am__append_31 = \ @BUILD_AUTOFS_TRUE@ src/providers/ldap/sdap_autofs.c \ @BUILD_AUTOFS_TRUE@ src/providers/ldap/sdap_async_autofs.c @BUILD_AUTOFS_TRUE@am__append_32 = \ @BUILD_AUTOFS_TRUE@ src/providers/ipa/ipa_autofs.c @BUILD_SUDO_TRUE@am__append_33 = \ @BUILD_SUDO_TRUE@ src/providers/ipa/ipa_sudo.c @BUILD_SSH_TRUE@am__append_34 = src/providers/ipa/ipa_hostid.c @BUILD_SUDO_TRUE@am__append_35 = \ @BUILD_SUDO_TRUE@ src/providers/ad/ad_sudo.c @HAVE_SYSTEMD_UNIT_TRUE@am__append_36 = \ @HAVE_SYSTEMD_UNIT_TRUE@ src/sysv/systemd/sssd.service @HAVE_SUSE_TRUE@@HAVE_SYSTEMD_UNIT_FALSE@am__append_37 = \ @HAVE_SUSE_TRUE@@HAVE_SYSTEMD_UNIT_FALSE@ src/sysv/SUSE/sssd @HAVE_GENTOO_TRUE@@HAVE_SUSE_FALSE@@HAVE_SYSTEMD_UNIT_FALSE@am__append_38 = \ @HAVE_GENTOO_TRUE@@HAVE_SUSE_FALSE@@HAVE_SYSTEMD_UNIT_FALSE@ src/sysv/gentoo/sssd @HAVE_GENTOO_FALSE@@HAVE_SUSE_FALSE@@HAVE_SYSTEMD_UNIT_FALSE@am__append_39 = \ @HAVE_GENTOO_FALSE@@HAVE_SUSE_FALSE@@HAVE_SYSTEMD_UNIT_FALSE@ src/sysv/sssd subdir = . DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/configure $(am__configure_deps) \ $(srcdir)/config.h.in $(top_srcdir)/build/mkinstalldirs \ $(top_srcdir)/contrib/sssd.spec.in \ $(top_srcdir)/src/examples/rwtab.in \ $(top_srcdir)/src/doxy.config.in \ $(top_srcdir)/src/sysv/sssd.in \ $(top_srcdir)/src/sysv/gentoo/sssd.in \ $(top_srcdir)/src/sysv/SUSE/sssd.in \ $(top_srcdir)/src/providers/ipa/ipa_hbac.pc.in \ $(top_srcdir)/src/providers/ipa/ipa_hbac.doxy.in \ $(top_srcdir)/src/lib/idmap/sss_idmap.pc.in \ $(top_srcdir)/src/lib/idmap/sss_idmap.doxy.in \ $(top_srcdir)/src/sss_client/sudo/sss_sudo.doxy.in \ $(top_srcdir)/src/sss_client/idmap/sss_nss_idmap.pc.in \ $(top_srcdir)/src/sss_client/idmap/sss_nss_idmap.doxy.in \ $(top_srcdir)/src/config/setup.py.in \ $(top_srcdir)/src/config/SSSDConfig/__init__.py.in \ $(am__dist_init_SCRIPTS_DIST) $(dist_noinst_SCRIPTS) \ $(am__dist_sss_obfuscate_python_SCRIPTS_DIST) \ $(top_srcdir)/build/depcomp $(am__dist_noinst_DATA_DIST) \ $(dist_pkgconfig_DATA) $(dist_sssdapiplugin_DATA) \ $(dist_sssddata_DATA) $(am__dist_systemdunit_DATA_DIST) \ $(am__dist_noinst_HEADERS_DIST) $(include_HEADERS) \ $(top_srcdir)/build/test-driver ABOUT-NLS COPYING README \ build/ar-lib build/compile build/config.guess \ build/config.rpath build/config.sub build/depcomp \ build/install-sh build/missing build/mkinstalldirs \ build/ltmain.sh $(top_srcdir)/build/ar-lib \ $(top_srcdir)/build/compile $(top_srcdir)/build/config.guess \ $(top_srcdir)/build/config.sub $(top_srcdir)/build/install-sh \ $(top_srcdir)/build/ltmain.sh $(top_srcdir)/build/missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ $(top_srcdir)/version.m4 $(top_srcdir)/src/build_macros.m4 \ $(top_srcdir)/src/external/platform.m4 \ $(top_srcdir)/src/conf_macros.m4 \ $(top_srcdir)/src/external/pkg.m4 \ $(top_srcdir)/src/external/libpopt.m4 \ $(top_srcdir)/src/external/libtalloc.m4 \ $(top_srcdir)/src/external/libtdb.m4 \ $(top_srcdir)/src/external/libtevent.m4 \ $(top_srcdir)/src/external/libldb.m4 \ $(top_srcdir)/src/external/libdhash.m4 \ $(top_srcdir)/src/external/libcollection.m4 \ $(top_srcdir)/src/external/libini_config.m4 \ $(top_srcdir)/src/external/pam.m4 \ $(top_srcdir)/src/external/ldap.m4 \ $(top_srcdir)/src/external/libpcre.m4 \ $(top_srcdir)/src/external/krb5.m4 \ $(top_srcdir)/src/external/libcares.m4 \ $(top_srcdir)/src/external/libcmocka.m4 \ $(top_srcdir)/src/external/docbook.m4 \ $(top_srcdir)/src/external/sizes.m4 \ $(top_srcdir)/src/external/python.m4 \ $(top_srcdir)/src/external/selinux.m4 \ $(top_srcdir)/src/external/crypto.m4 \ $(top_srcdir)/src/external/nscd.m4 \ $(top_srcdir)/src/external/nsupdate.m4 \ $(top_srcdir)/src/external/libkeyutils.m4 \ $(top_srcdir)/src/external/libnl.m4 \ $(top_srcdir)/src/external/systemd.m4 \ $(top_srcdir)/src/external/pac_responder.m4 \ $(top_srcdir)/src/external/signal.m4 \ $(top_srcdir)/src/external/inotify.m4 \ $(top_srcdir)/src/external/libndr_nbt.m4 \ $(top_srcdir)/src/external/libunistring.m4 \ $(top_srcdir)/src/external/glib.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = contrib/sssd.spec src/examples/rwtab \ src/doxy.config src/sysv/sssd src/sysv/gentoo/sssd \ src/sysv/SUSE/sssd src/providers/ipa/ipa_hbac.pc \ src/providers/ipa/ipa_hbac.doxy src/lib/idmap/sss_idmap.pc \ src/lib/idmap/sss_idmap.doxy src/sss_client/sudo/sss_sudo.doxy \ src/sss_client/idmap/sss_nss_idmap.pc \ src/sss_client/idmap/sss_nss_idmap.doxy src/config/setup.py \ src/config/SSSDConfig/__init__.py CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(autofslibdir)" \ "$(DESTDIR)$(krb5authdata_plugindir)" \ "$(DESTDIR)$(krb5plugindir)" "$(DESTDIR)$(ldblibdir)" \ "$(DESTDIR)$(libdir)" "$(DESTDIR)$(nsslibdir)" \ "$(DESTDIR)$(pamlibdir)" "$(DESTDIR)$(pkglibdir)" \ "$(DESTDIR)$(pyexecdir)" "$(DESTDIR)$(sssdlibdir)" \ "$(DESTDIR)$(sudolibdir)" "$(DESTDIR)$(bindir)" \ "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(sssdlibexecdir)" \ "$(DESTDIR)$(initdir)" "$(DESTDIR)$(sss_obfuscate_pythondir)" \ "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(sssdapiplugindir)" \ "$(DESTDIR)$(sssddatadir)" "$(DESTDIR)$(systemdunitdir)" \ "$(DESTDIR)$(includedir)" LTLIBRARIES = $(autofslib_LTLIBRARIES) \ $(krb5authdata_plugin_LTLIBRARIES) $(krb5plugin_LTLIBRARIES) \ $(ldblib_LTLIBRARIES) $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) \ $(nsslib_LTLIBRARIES) $(pamlib_LTLIBRARIES) \ $(pkglib_LTLIBRARIES) $(pyexec_LTLIBRARIES) \ $(sssdlib_LTLIBRARIES) $(sudolib_LTLIBRARIES) am__DEPENDENCIES_1 = @HAVE_NSS_FALSE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) @HAVE_NSS_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) am__DEPENDENCIES_3 = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) @HAVE_CHECK_TRUE@libdlopen_test_providers_la_DEPENDENCIES = \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(SSSD_INTERNAL_LTLIBS) am__libdlopen_test_providers_la_SOURCES_DIST = \ src/providers/data_provider_be.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ src/providers/dp_dyndns.c src/providers/dp_ptask.c \ src/providers/dp_refresh.c src/providers/fail_over.c \ src/providers/fail_over_srv.c src/resolv/async_resolv.c \ src/resolv/async_resolv_utils.c \ src/resolv/ares/ares_parse_srv_reply.c \ src/resolv/ares/ares_data.c am__dirstamp = $(am__leading_dot)dirstamp @BUILD_ARES_DATA_TRUE@am__objects_1 = src/resolv/ares/libdlopen_test_providers_la-ares_parse_srv_reply.lo \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/libdlopen_test_providers_la-ares_data.lo am__objects_2 = \ src/resolv/libdlopen_test_providers_la-async_resolv.lo \ src/resolv/libdlopen_test_providers_la-async_resolv_utils.lo \ $(am__objects_1) am__objects_3 = \ src/providers/libdlopen_test_providers_la-fail_over.lo \ src/providers/libdlopen_test_providers_la-fail_over_srv.lo \ $(am__objects_2) am__objects_4 = \ src/providers/libdlopen_test_providers_la-data_provider_be.lo \ src/providers/libdlopen_test_providers_la-data_provider_fo.lo \ src/providers/libdlopen_test_providers_la-data_provider_opts.lo \ src/providers/libdlopen_test_providers_la-data_provider_callbacks.lo \ src/providers/libdlopen_test_providers_la-dp_dyndns.lo \ src/providers/libdlopen_test_providers_la-dp_ptask.lo \ src/providers/libdlopen_test_providers_la-dp_refresh.lo \ $(am__objects_3) @HAVE_CHECK_TRUE@am_libdlopen_test_providers_la_OBJECTS = \ @HAVE_CHECK_TRUE@ $(am__objects_4) libdlopen_test_providers_la_OBJECTS = \ $(am_libdlopen_test_providers_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = libdlopen_test_providers_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) \ $(libdlopen_test_providers_la_LDFLAGS) $(LDFLAGS) -o $@ @HAVE_CHECK_TRUE@am_libdlopen_test_providers_la_rpath = libipa_hbac_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libipa_hbac_la_OBJECTS = src/providers/ipa/hbac_evaluator.lo \ src/util/sss_utf8.lo libipa_hbac_la_OBJECTS = $(am_libipa_hbac_la_OBJECTS) libipa_hbac_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libipa_hbac_la_LDFLAGS) $(LDFLAGS) -o \ $@ am__DEPENDENCIES_4 = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) libnss_sss_la_DEPENDENCIES = $(am__DEPENDENCIES_4) am_libnss_sss_la_OBJECTS = src/sss_client/common.lo \ src/sss_client/nss_passwd.lo src/sss_client/nss_group.lo \ src/sss_client/nss_netgroup.lo src/sss_client/nss_services.lo \ src/sss_client/nss_mc_common.lo src/util/io.lo \ src/util/murmurhash3.lo src/sss_client/nss_mc_passwd.lo \ src/sss_client/nss_mc_group.lo libnss_sss_la_OBJECTS = $(am_libnss_sss_la_OBJECTS) libnss_sss_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libnss_sss_la_LDFLAGS) $(LDFLAGS) -o $@ libsss_ad_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ libsss_ldap_common.la libsss_krb5_common.la libsss_idmap.la am__libsss_ad_la_SOURCES_DIST = src/providers/ad/ad_common.c \ src/providers/ad/ad_common.h src/providers/ad/ad_init.c \ src/providers/ad/ad_dyndns.c src/providers/ad/ad_id.c \ src/providers/ad/ad_id.h src/providers/ad/ad_access.c \ src/providers/ad/ad_access.h src/providers/ad/ad_opts.h \ src/providers/ad/ad_srv.c src/providers/ad/ad_subdomains.c \ src/providers/ad/ad_subdomains.h \ src/providers/ad/ad_domain_info.c \ src/providers/ad/ad_domain_info.h src/util/find_uid.c \ src/util/user_info_msg.c src/util/sss_krb5.c \ src/util/sss_ldap.c src/providers/ad/ad_sudo.c @BUILD_SUDO_TRUE@am__objects_5 = \ @BUILD_SUDO_TRUE@ src/providers/ad/libsss_ad_la-ad_sudo.lo am_libsss_ad_la_OBJECTS = src/providers/ad/libsss_ad_la-ad_common.lo \ src/providers/ad/libsss_ad_la-ad_init.lo \ src/providers/ad/libsss_ad_la-ad_dyndns.lo \ src/providers/ad/libsss_ad_la-ad_id.lo \ src/providers/ad/libsss_ad_la-ad_access.lo \ src/providers/ad/libsss_ad_la-ad_srv.lo \ src/providers/ad/libsss_ad_la-ad_subdomains.lo \ src/providers/ad/libsss_ad_la-ad_domain_info.lo \ src/util/libsss_ad_la-find_uid.lo \ src/util/libsss_ad_la-user_info_msg.lo \ src/util/libsss_ad_la-sss_krb5.lo \ src/util/libsss_ad_la-sss_ldap.lo $(am__objects_5) libsss_ad_la_OBJECTS = $(am_libsss_ad_la_OBJECTS) libsss_ad_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libsss_ad_la_CFLAGS) \ $(CFLAGS) $(libsss_ad_la_LDFLAGS) $(LDFLAGS) -o $@ @BUILD_AUTOFS_TRUE@libsss_autofs_la_DEPENDENCIES = \ @BUILD_AUTOFS_TRUE@ $(am__DEPENDENCIES_4) am__libsss_autofs_la_SOURCES_DIST = src/sss_client/common.c \ src/sss_client/sss_cli.h src/sss_client/autofs/sss_autofs.c \ src/sss_client/autofs/sss_autofs_private.h @BUILD_AUTOFS_TRUE@am_libsss_autofs_la_OBJECTS = \ @BUILD_AUTOFS_TRUE@ src/sss_client/common.lo \ @BUILD_AUTOFS_TRUE@ src/sss_client/autofs/sss_autofs.lo libsss_autofs_la_OBJECTS = $(am_libsss_autofs_la_OBJECTS) libsss_autofs_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libsss_autofs_la_LDFLAGS) $(LDFLAGS) \ -o $@ @BUILD_AUTOFS_TRUE@am_libsss_autofs_la_rpath = -rpath $(autofslibdir) libsss_child_la_LIBADD = am_libsss_child_la_OBJECTS = src/util/child_common.lo libsss_child_la_OBJECTS = $(am_libsss_child_la_OBJECTS) libsss_child_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libsss_child_la_LDFLAGS) $(LDFLAGS) \ -o $@ libsss_crypt_la_DEPENDENCIES = $(am__DEPENDENCIES_2) am__libsss_crypt_la_SOURCES_DIST = \ src/util/crypto/libcrypto/crypto_base64.c \ src/util/crypto/libcrypto/crypto_hmac_sha1.c \ src/util/crypto/libcrypto/crypto_sha512crypt.c \ src/util/crypto/libcrypto/crypto_obfuscate.c \ src/util/crypto/nss/nss_base64.c \ src/util/crypto/nss/nss_hmac_sha1.c \ src/util/crypto/nss/nss_sha512crypt.c \ src/util/crypto/nss/nss_obfuscate.c \ src/util/crypto/nss/nss_util.c @HAVE_NSS_FALSE@am__objects_6 = src/util/crypto/libcrypto/libsss_crypt_la-crypto_base64.lo \ @HAVE_NSS_FALSE@ src/util/crypto/libcrypto/libsss_crypt_la-crypto_hmac_sha1.lo \ @HAVE_NSS_FALSE@ src/util/crypto/libcrypto/libsss_crypt_la-crypto_sha512crypt.lo \ @HAVE_NSS_FALSE@ src/util/crypto/libcrypto/libsss_crypt_la-crypto_obfuscate.lo @HAVE_NSS_TRUE@am__objects_6 = src/util/crypto/nss/libsss_crypt_la-nss_base64.lo \ @HAVE_NSS_TRUE@ src/util/crypto/nss/libsss_crypt_la-nss_hmac_sha1.lo \ @HAVE_NSS_TRUE@ src/util/crypto/nss/libsss_crypt_la-nss_sha512crypt.lo \ @HAVE_NSS_TRUE@ src/util/crypto/nss/libsss_crypt_la-nss_obfuscate.lo \ @HAVE_NSS_TRUE@ src/util/crypto/nss/libsss_crypt_la-nss_util.lo am_libsss_crypt_la_OBJECTS = $(am__objects_6) libsss_crypt_la_OBJECTS = $(am_libsss_crypt_la_OBJECTS) libsss_crypt_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(libsss_crypt_la_CFLAGS) $(CFLAGS) $(libsss_crypt_la_LDFLAGS) \ $(LDFLAGS) -o $@ libsss_debug_la_LIBADD = am_libsss_debug_la_OBJECTS = src/util/debug.lo src/util/sss_log.lo libsss_debug_la_OBJECTS = $(am_libsss_debug_la_OBJECTS) libsss_debug_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libsss_debug_la_LDFLAGS) $(LDFLAGS) \ -o $@ libsss_idmap_la_LIBADD = am_libsss_idmap_la_OBJECTS = src/lib/idmap/sss_idmap.lo \ src/lib/idmap/sss_idmap_conv.lo src/util/murmurhash3.lo libsss_idmap_la_OBJECTS = $(am_libsss_idmap_la_OBJECTS) libsss_idmap_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libsss_idmap_la_LDFLAGS) $(LDFLAGS) \ -o $@ libsss_ipa_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ libsss_ldap_common.la libsss_krb5_common.la libipa_hbac.la \ libsss_idmap.la am__libsss_ipa_la_SOURCES_DIST = src/providers/ipa/ipa_init.c \ src/providers/ipa/ipa_common.c src/providers/ipa/ipa_config.c \ src/providers/ipa/ipa_id.c src/providers/ipa/ipa_netgroups.c \ src/providers/ipa/ipa_auth.c src/providers/ipa/ipa_access.c \ src/providers/ipa/ipa_dyndns.c src/providers/ipa/ipa_hosts.c \ src/providers/ipa/ipa_subdomains.c \ src/providers/ipa/ipa_subdomains_id.c \ src/providers/ipa/ipa_subdomains_ext_groups.c \ src/providers/ipa/ipa_s2n_exop.c \ src/providers/ipa/ipa_hbac_hosts.c \ src/providers/ipa/ipa_hbac_private.h \ src/providers/ipa/ipa_hbac_rules.c \ src/providers/ipa/ipa_hbac_rules.h \ src/providers/ipa/ipa_hbac_services.c \ src/providers/ipa/ipa_hbac_users.c \ src/providers/ipa/ipa_hbac_common.c \ src/providers/ipa/ipa_selinux.c \ src/providers/ipa/ipa_selinux_maps.c \ src/providers/ipa/ipa_selinux_common.c \ src/providers/ipa/ipa_srv.c src/providers/ipa/ipa_idmap.c \ src/providers/ad/ad_common.c src/providers/ad/ad_common.h \ src/providers/ad/ad_dyndns.c src/providers/ad/ad_id.c \ src/providers/ad/ad_srv.c src/providers/ad/ad_domain_info.c \ src/util/user_info_msg.c src/util/find_uid.c \ src/util/sss_ldap.c src/util/sss_krb5.c \ src/providers/ipa/ipa_autofs.c src/providers/ipa/ipa_sudo.c \ src/providers/ipa/ipa_hostid.c @BUILD_AUTOFS_TRUE@am__objects_7 = src/providers/ipa/libsss_ipa_la-ipa_autofs.lo @BUILD_SUDO_TRUE@am__objects_8 = \ @BUILD_SUDO_TRUE@ src/providers/ipa/libsss_ipa_la-ipa_sudo.lo @BUILD_SSH_TRUE@am__objects_9 = \ @BUILD_SSH_TRUE@ src/providers/ipa/libsss_ipa_la-ipa_hostid.lo am_libsss_ipa_la_OBJECTS = \ src/providers/ipa/libsss_ipa_la-ipa_init.lo \ src/providers/ipa/libsss_ipa_la-ipa_common.lo \ src/providers/ipa/libsss_ipa_la-ipa_config.lo \ src/providers/ipa/libsss_ipa_la-ipa_id.lo \ src/providers/ipa/libsss_ipa_la-ipa_netgroups.lo \ src/providers/ipa/libsss_ipa_la-ipa_auth.lo \ src/providers/ipa/libsss_ipa_la-ipa_access.lo \ src/providers/ipa/libsss_ipa_la-ipa_dyndns.lo \ src/providers/ipa/libsss_ipa_la-ipa_hosts.lo \ src/providers/ipa/libsss_ipa_la-ipa_subdomains.lo \ src/providers/ipa/libsss_ipa_la-ipa_subdomains_id.lo \ src/providers/ipa/libsss_ipa_la-ipa_subdomains_ext_groups.lo \ src/providers/ipa/libsss_ipa_la-ipa_s2n_exop.lo \ src/providers/ipa/libsss_ipa_la-ipa_hbac_hosts.lo \ src/providers/ipa/libsss_ipa_la-ipa_hbac_rules.lo \ src/providers/ipa/libsss_ipa_la-ipa_hbac_services.lo \ src/providers/ipa/libsss_ipa_la-ipa_hbac_users.lo \ src/providers/ipa/libsss_ipa_la-ipa_hbac_common.lo \ src/providers/ipa/libsss_ipa_la-ipa_selinux.lo \ src/providers/ipa/libsss_ipa_la-ipa_selinux_maps.lo \ src/providers/ipa/libsss_ipa_la-ipa_selinux_common.lo \ src/providers/ipa/libsss_ipa_la-ipa_srv.lo \ src/providers/ipa/libsss_ipa_la-ipa_idmap.lo \ src/providers/ad/libsss_ipa_la-ad_common.lo \ src/providers/ad/libsss_ipa_la-ad_dyndns.lo \ src/providers/ad/libsss_ipa_la-ad_id.lo \ src/providers/ad/libsss_ipa_la-ad_srv.lo \ src/providers/ad/libsss_ipa_la-ad_domain_info.lo \ src/util/libsss_ipa_la-user_info_msg.lo \ src/util/libsss_ipa_la-find_uid.lo \ src/util/libsss_ipa_la-sss_ldap.lo \ src/util/libsss_ipa_la-sss_krb5.lo $(am__objects_7) \ $(am__objects_8) $(am__objects_9) libsss_ipa_la_OBJECTS = $(am_libsss_ipa_la_OBJECTS) libsss_ipa_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libsss_ipa_la_CFLAGS) \ $(CFLAGS) $(libsss_ipa_la_LDFLAGS) $(LDFLAGS) -o $@ libsss_krb5_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ libsss_krb5_common.la am_libsss_krb5_la_OBJECTS = \ src/providers/krb5/libsss_krb5_la-krb5_init.lo \ src/util/libsss_krb5_la-find_uid.lo \ src/util/libsss_krb5_la-sss_krb5.lo libsss_krb5_la_OBJECTS = $(am_libsss_krb5_la_OBJECTS) libsss_krb5_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(libsss_krb5_la_CFLAGS) $(CFLAGS) $(libsss_krb5_la_LDFLAGS) \ $(LDFLAGS) -o $@ libsss_krb5_common_la_LIBADD = am_libsss_krb5_common_la_OBJECTS = \ src/providers/krb5/libsss_krb5_common_la-krb5_utils.lo \ src/providers/krb5/libsss_krb5_common_la-krb5_become_user.lo \ src/providers/krb5/libsss_krb5_common_la-krb5_delayed_online_authentication.lo \ src/providers/krb5/libsss_krb5_common_la-krb5_renew_tgt.lo \ src/providers/krb5/libsss_krb5_common_la-krb5_wait_queue.lo \ src/providers/krb5/libsss_krb5_common_la-krb5_common.lo \ src/providers/krb5/libsss_krb5_common_la-krb5_auth.lo \ src/providers/krb5/libsss_krb5_common_la-krb5_access.lo \ src/providers/krb5/libsss_krb5_common_la-krb5_child_handler.lo \ src/providers/krb5/libsss_krb5_common_la-krb5_init_shared.lo libsss_krb5_common_la_OBJECTS = $(am_libsss_krb5_common_la_OBJECTS) libsss_krb5_common_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) \ $(libsss_krb5_common_la_LDFLAGS) $(LDFLAGS) -o $@ libsss_ldap_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ libsss_ldap_common.la libsss_idmap.la am_libsss_ldap_la_OBJECTS = src/util/libsss_ldap_la-find_uid.lo \ src/providers/ldap/libsss_ldap_la-ldap_init.lo \ src/providers/ldap/libsss_ldap_la-ldap_access.lo \ src/providers/krb5/libsss_ldap_la-krb5_common.lo \ src/providers/krb5/libsss_ldap_la-krb5_utils.lo \ src/providers/krb5/libsss_ldap_la-krb5_become_user.lo \ src/util/libsss_ldap_la-user_info_msg.lo \ src/util/libsss_ldap_la-sss_ldap.lo \ src/util/libsss_ldap_la-sss_krb5.lo libsss_ldap_la_OBJECTS = $(am_libsss_ldap_la_OBJECTS) libsss_ldap_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(libsss_ldap_la_CFLAGS) $(CFLAGS) $(libsss_ldap_la_LDFLAGS) \ $(LDFLAGS) -o $@ libsss_ldap_common_la_LIBADD = am__libsss_ldap_common_la_SOURCES_DIST = src/providers/ldap/ldap_id.c \ src/providers/ldap/ldap_id_enum.c \ src/providers/ldap/sdap_async_enum.c \ src/providers/ldap/ldap_id_cleanup.c \ src/providers/ldap/ldap_id_netgroup.c \ src/providers/ldap/ldap_id_services.c \ src/providers/ldap/ldap_auth.c \ src/providers/ldap/ldap_common.c \ src/providers/ldap/sdap_access.c \ src/providers/ldap/sdap_async.c \ src/providers/ldap/sdap_async_users.c \ src/providers/ldap/sdap_async_groups.c \ src/providers/ldap/sdap_async_nested_groups.c \ src/providers/ldap/sdap_async_groups_ad.c \ src/providers/ldap/sdap_async_initgroups.c \ src/providers/ldap/sdap_async_initgroups_ad.c \ src/providers/ldap/sdap_async_connection.c \ src/providers/ldap/sdap_async_netgroups.c \ src/providers/ldap/sdap_async_services.c \ src/providers/ldap/sdap_child_helpers.c \ src/providers/ldap/sdap_fd_events.c \ src/providers/ldap/sdap_id_op.c \ src/providers/ldap/sdap_idmap.c \ src/providers/ldap/sdap_idmap.h \ src/providers/ldap/sdap_range.c \ src/providers/ldap/sdap_reinit.c \ src/providers/ldap/sdap_dyndns.c \ src/providers/ldap/sdap_refresh.c src/providers/ldap/sdap.c \ src/providers/ldap/sdap_sudo_cache.c \ src/providers/ldap/sdap_async_sudo.c \ src/providers/ldap/sdap_async_sudo_timer.c \ src/providers/ldap/sdap_async_sudo_hostinfo.c \ src/providers/ldap/sdap_sudo.c \ src/providers/ldap/sdap_autofs.c \ src/providers/ldap/sdap_async_autofs.c @BUILD_SUDO_TRUE@am__objects_10 = src/providers/ldap/libsss_ldap_common_la-sdap_sudo_cache.lo \ @BUILD_SUDO_TRUE@ src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo.lo \ @BUILD_SUDO_TRUE@ src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_timer.lo \ @BUILD_SUDO_TRUE@ src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_hostinfo.lo \ @BUILD_SUDO_TRUE@ src/providers/ldap/libsss_ldap_common_la-sdap_sudo.lo @BUILD_AUTOFS_TRUE@am__objects_11 = src/providers/ldap/libsss_ldap_common_la-sdap_autofs.lo \ @BUILD_AUTOFS_TRUE@ src/providers/ldap/libsss_ldap_common_la-sdap_async_autofs.lo am_libsss_ldap_common_la_OBJECTS = \ src/providers/ldap/libsss_ldap_common_la-ldap_id.lo \ src/providers/ldap/libsss_ldap_common_la-ldap_id_enum.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_async_enum.lo \ src/providers/ldap/libsss_ldap_common_la-ldap_id_cleanup.lo \ src/providers/ldap/libsss_ldap_common_la-ldap_id_netgroup.lo \ src/providers/ldap/libsss_ldap_common_la-ldap_id_services.lo \ src/providers/ldap/libsss_ldap_common_la-ldap_auth.lo \ src/providers/ldap/libsss_ldap_common_la-ldap_common.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_access.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_async.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_async_users.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_async_groups.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_async_nested_groups.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_async_groups_ad.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups_ad.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_async_connection.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_async_netgroups.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_async_services.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_child_helpers.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_fd_events.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_id_op.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_idmap.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_range.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_reinit.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_dyndns.lo \ src/providers/ldap/libsss_ldap_common_la-sdap_refresh.lo \ src/providers/ldap/libsss_ldap_common_la-sdap.lo \ $(am__objects_10) $(am__objects_11) libsss_ldap_common_la_OBJECTS = $(am_libsss_ldap_common_la_OBJECTS) libsss_ldap_common_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) \ $(libsss_ldap_common_la_LDFLAGS) $(LDFLAGS) -o $@ libsss_nss_idmap_la_DEPENDENCIES = $(am__DEPENDENCIES_4) am_libsss_nss_idmap_la_OBJECTS = \ src/sss_client/idmap/sss_nss_idmap.lo src/sss_client/common.lo \ src/util/strtonum.lo libsss_nss_idmap_la_OBJECTS = $(am_libsss_nss_idmap_la_OBJECTS) libsss_nss_idmap_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libsss_nss_idmap_la_LDFLAGS) \ $(LDFLAGS) -o $@ libsss_proxy_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libsss_proxy_la_OBJECTS = \ src/providers/proxy/libsss_proxy_la-proxy_init.lo \ src/providers/proxy/libsss_proxy_la-proxy_id.lo \ src/providers/proxy/libsss_proxy_la-proxy_netgroup.lo \ src/providers/proxy/libsss_proxy_la-proxy_services.lo \ src/providers/proxy/libsss_proxy_la-proxy_auth.lo libsss_proxy_la_OBJECTS = $(am_libsss_proxy_la_OBJECTS) libsss_proxy_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(libsss_proxy_la_CFLAGS) $(CFLAGS) $(libsss_proxy_la_LDFLAGS) \ $(LDFLAGS) -o $@ libsss_simple_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libsss_simple_la_OBJECTS = \ src/providers/simple/libsss_simple_la-simple_access_check.lo \ src/providers/simple/libsss_simple_la-simple_access.lo libsss_simple_la_OBJECTS = $(am_libsss_simple_la_OBJECTS) libsss_simple_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(libsss_simple_la_CFLAGS) $(CFLAGS) \ $(libsss_simple_la_LDFLAGS) $(LDFLAGS) -o $@ @BUILD_SUDO_TRUE@libsss_sudo_la_DEPENDENCIES = $(am__DEPENDENCIES_4) am__libsss_sudo_la_SOURCES_DIST = src/sss_client/common.c \ src/sss_client/sss_cli.h \ src/sss_client/sudo/sss_sudo_response.c \ src/sss_client/sudo/sss_sudo.c src/sss_client/sudo/sss_sudo.h \ src/sss_client/sudo/sss_sudo_private.h @BUILD_SUDO_TRUE@am_libsss_sudo_la_OBJECTS = src/sss_client/common.lo \ @BUILD_SUDO_TRUE@ src/sss_client/sudo/sss_sudo_response.lo \ @BUILD_SUDO_TRUE@ src/sss_client/sudo/sss_sudo.lo libsss_sudo_la_OBJECTS = $(am_libsss_sudo_la_OBJECTS) libsss_sudo_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libsss_sudo_la_LDFLAGS) $(LDFLAGS) -o \ $@ @BUILD_SUDO_TRUE@am_libsss_sudo_la_rpath = -rpath $(sudolibdir) libsss_test_common_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) am__libsss_test_common_la_SOURCES_DIST = src/tests/common_tev.c \ src/tests/common_dom.c src/tests/leak_check.c \ src/tests/common.c src/tests/common_check.c @HAVE_CHECK_TRUE@am__objects_12 = src/tests/common_check.lo am_libsss_test_common_la_OBJECTS = src/tests/common_tev.lo \ src/tests/common_dom.lo src/tests/leak_check.lo \ src/tests/common.lo $(am__objects_12) libsss_test_common_la_OBJECTS = $(am_libsss_test_common_la_OBJECTS) libsss_util_la_DEPENDENCIES = $(am__DEPENDENCIES_3) \ $(am__DEPENDENCIES_1) am__libsss_util_la_SOURCES_DIST = src/confdb/confdb.c src/db/sysdb.c \ src/db/sysdb_ops.c src/db/sysdb_search.c \ src/db/sysdb_selinux.c src/db/sysdb_upgrade.c \ src/db/sysdb_services.c src/db/sysdb_autofs.c \ src/db/sysdb_subdomains.c src/db/sysdb_ranges.c \ src/db/sysdb_idmap.c src/monitor/monitor_sbus.c \ src/providers/dp_auth_util.c src/providers/dp_pam_data_util.c \ src/providers/dp_sbus.c src/sbus/sbus_client.c \ src/sbus/sssd_dbus_common.c src/sbus/sssd_dbus_connection.c \ src/sbus/sssd_dbus_server.c src/util/util.c src/util/memory.c \ src/util/server.c src/util/signal.c src/util/usertools.c \ src/util/backup_file.c src/util/strtonum.c \ src/util/check_and_open.c src/util/refcount.c \ src/util/sss_nss.c src/util/sss_utf8.c src/util/sss_tc_utf8.c \ src/util/murmurhash3.c src/util/atomic_io.c src/util/authtok.c \ src/util/sss_selinux.c src/util/domain_info_utils.c \ src/util/util_lock.c src/util/util_errors.c src/util/sss_ini.c \ src/util/io.c src/util/util_sss_idmap.c src/db/sysdb_sudo.c \ src/db/sysdb_ssh.c src/util/sss_ssh.c @BUILD_SUDO_TRUE@am__objects_13 = src/db/sysdb_sudo.lo @BUILD_SSH_TRUE@am__objects_14 = src/db/sysdb_ssh.lo \ @BUILD_SSH_TRUE@ src/util/sss_ssh.lo am_libsss_util_la_OBJECTS = src/confdb/confdb.lo src/db/sysdb.lo \ src/db/sysdb_ops.lo src/db/sysdb_search.lo \ src/db/sysdb_selinux.lo src/db/sysdb_upgrade.lo \ src/db/sysdb_services.lo src/db/sysdb_autofs.lo \ src/db/sysdb_subdomains.lo src/db/sysdb_ranges.lo \ src/db/sysdb_idmap.lo src/monitor/monitor_sbus.lo \ src/providers/dp_auth_util.lo \ src/providers/dp_pam_data_util.lo src/providers/dp_sbus.lo \ src/sbus/sbus_client.lo src/sbus/sssd_dbus_common.lo \ src/sbus/sssd_dbus_connection.lo src/sbus/sssd_dbus_server.lo \ src/util/util.lo src/util/memory.lo src/util/server.lo \ src/util/signal.lo src/util/usertools.lo \ src/util/backup_file.lo src/util/strtonum.lo \ src/util/check_and_open.lo src/util/refcount.lo \ src/util/sss_nss.lo src/util/sss_utf8.lo \ src/util/sss_tc_utf8.lo src/util/murmurhash3.lo \ src/util/atomic_io.lo src/util/authtok.lo \ src/util/sss_selinux.lo src/util/domain_info_utils.lo \ src/util/util_lock.lo src/util/util_errors.lo \ src/util/sss_ini.lo src/util/io.lo src/util/util_sss_idmap.lo \ $(am__objects_13) $(am__objects_14) libsss_util_la_OBJECTS = $(am_libsss_util_la_OBJECTS) libsss_util_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libsss_util_la_LDFLAGS) $(LDFLAGS) -o \ $@ memberof_la_DEPENDENCIES = libsss_debug.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) am_memberof_la_OBJECTS = src/ldb_modules/memberof_la-memberof.lo \ src/util/memberof_la-util.lo memberof_la_OBJECTS = $(am_memberof_la_OBJECTS) memberof_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(memberof_la_CFLAGS) \ $(CFLAGS) $(memberof_la_LDFLAGS) $(LDFLAGS) -o $@ pam_sss_la_DEPENDENCIES = $(am__DEPENDENCIES_4) am_pam_sss_la_OBJECTS = src/sss_client/pam_sss.lo \ src/sss_client/common.lo src/util/atomic_io.lo pam_sss_la_OBJECTS = $(am_pam_sss_la_OBJECTS) pam_sss_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(pam_sss_la_LDFLAGS) $(LDFLAGS) -o $@ @BUILD_PYTHON_BINDINGS_TRUE@pyhbac_la_DEPENDENCIES = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(am__DEPENDENCIES_1) \ @BUILD_PYTHON_BINDINGS_TRUE@ libipa_hbac.la am__pyhbac_la_SOURCES_DIST = src/python/pyhbac.c src/util/sss_python.c @BUILD_PYTHON_BINDINGS_TRUE@am_pyhbac_la_OBJECTS = \ @BUILD_PYTHON_BINDINGS_TRUE@ src/python/pyhbac_la-pyhbac.lo \ @BUILD_PYTHON_BINDINGS_TRUE@ src/util/pyhbac_la-sss_python.lo pyhbac_la_OBJECTS = $(am_pyhbac_la_OBJECTS) pyhbac_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(pyhbac_la_CFLAGS) \ $(CFLAGS) $(pyhbac_la_LDFLAGS) $(LDFLAGS) -o $@ @BUILD_PYTHON_BINDINGS_TRUE@am_pyhbac_la_rpath = -rpath $(pyexecdir) @BUILD_SELINUX_TRUE@am__DEPENDENCIES_5 = $(am__DEPENDENCIES_1) @BUILD_SEMANAGE_TRUE@am__DEPENDENCIES_6 = $(am__DEPENDENCIES_1) am__DEPENDENCIES_7 = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_5) $(am__DEPENDENCIES_6) @BUILD_PYTHON_BINDINGS_TRUE@pysss_la_DEPENDENCIES = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @BUILD_PYTHON_BINDINGS_TRUE@ $(am__DEPENDENCIES_7) \ @BUILD_PYTHON_BINDINGS_TRUE@ $(am__DEPENDENCIES_1) am__pysss_la_SOURCES_DIST = src/tools/sss_sync_ops.c \ src/tools/tools_util.c src/tools/files.c src/tools/selinux.c \ src/util/nscd.c src/python/pysss.c am__objects_15 = src/tools/pysss_la-sss_sync_ops.lo \ src/tools/pysss_la-tools_util.lo src/tools/pysss_la-files.lo \ src/tools/pysss_la-selinux.lo src/util/pysss_la-nscd.lo @BUILD_PYTHON_BINDINGS_TRUE@am_pysss_la_OBJECTS = $(am__objects_15) \ @BUILD_PYTHON_BINDINGS_TRUE@ src/python/pysss_la-pysss.lo pysss_la_OBJECTS = $(am_pysss_la_OBJECTS) pysss_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(pysss_la_CFLAGS) \ $(CFLAGS) $(pysss_la_LDFLAGS) $(LDFLAGS) -o $@ @BUILD_PYTHON_BINDINGS_TRUE@am_pysss_la_rpath = -rpath $(pyexecdir) @BUILD_PYTHON_BINDINGS_TRUE@pysss_murmur_la_DEPENDENCIES = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(am__DEPENDENCIES_1) am__pysss_murmur_la_SOURCES_DIST = src/python/pysss_murmur.c \ src/util/murmurhash3.c @BUILD_PYTHON_BINDINGS_TRUE@am_pysss_murmur_la_OBJECTS = src/python/pysss_murmur_la-pysss_murmur.lo \ @BUILD_PYTHON_BINDINGS_TRUE@ src/util/pysss_murmur_la-murmurhash3.lo pysss_murmur_la_OBJECTS = $(am_pysss_murmur_la_OBJECTS) pysss_murmur_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(pysss_murmur_la_CFLAGS) $(CFLAGS) $(pysss_murmur_la_LDFLAGS) \ $(LDFLAGS) -o $@ @BUILD_PYTHON_BINDINGS_TRUE@am_pysss_murmur_la_rpath = -rpath \ @BUILD_PYTHON_BINDINGS_TRUE@ $(pyexecdir) @BUILD_PYTHON_BINDINGS_TRUE@pysss_nss_idmap_la_DEPENDENCIES = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(am__DEPENDENCIES_1) \ @BUILD_PYTHON_BINDINGS_TRUE@ libsss_nss_idmap.la am__pysss_nss_idmap_la_SOURCES_DIST = src/python/pysss_nss_idmap.c @BUILD_PYTHON_BINDINGS_TRUE@am_pysss_nss_idmap_la_OBJECTS = src/python/pysss_nss_idmap_la-pysss_nss_idmap.lo pysss_nss_idmap_la_OBJECTS = $(am_pysss_nss_idmap_la_OBJECTS) pysss_nss_idmap_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(pysss_nss_idmap_la_CFLAGS) $(CFLAGS) \ $(pysss_nss_idmap_la_LDFLAGS) $(LDFLAGS) -o $@ @BUILD_PYTHON_BINDINGS_TRUE@am_pysss_nss_idmap_la_rpath = -rpath \ @BUILD_PYTHON_BINDINGS_TRUE@ $(pyexecdir) sssd_krb5_locator_plugin_la_LIBADD = am__sssd_krb5_locator_plugin_la_SOURCES_DIST = \ src/krb5_plugin/sssd_krb5_locator_plugin.c \ src/util/atomic_io.c @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@am_sssd_krb5_locator_plugin_la_OBJECTS = src/krb5_plugin/sssd_krb5_locator_plugin_la-sssd_krb5_locator_plugin.lo \ @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@ src/util/sssd_krb5_locator_plugin_la-atomic_io.lo sssd_krb5_locator_plugin_la_OBJECTS = \ $(am_sssd_krb5_locator_plugin_la_OBJECTS) sssd_krb5_locator_plugin_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(sssd_krb5_locator_plugin_la_CFLAGS) $(CFLAGS) \ $(sssd_krb5_locator_plugin_la_LDFLAGS) $(LDFLAGS) -o $@ @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@am_sssd_krb5_locator_plugin_la_rpath = \ @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@ -rpath $(krb5plugindir) sssd_pac_plugin_la_DEPENDENCIES = $(am__DEPENDENCIES_4) \ $(am__DEPENDENCIES_1) am_sssd_pac_plugin_la_OBJECTS = \ src/sss_client/sssd_pac_plugin_la-sssd_pac.lo \ src/sss_client/sssd_pac_plugin_la-common.lo sssd_pac_plugin_la_OBJECTS = $(am_sssd_pac_plugin_la_OBJECTS) sssd_pac_plugin_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(sssd_pac_plugin_la_CFLAGS) $(CFLAGS) \ $(sssd_pac_plugin_la_LDFLAGS) $(LDFLAGS) -o $@ @BUILD_PAC_RESPONDER_TRUE@am_sssd_pac_plugin_la_rpath = -rpath \ @BUILD_PAC_RESPONDER_TRUE@ $(krb5authdata_plugindir) @HAVE_CMOCKA_TRUE@am__EXEEXT_1 = nss-srv-tests$(EXEEXT) \ @HAVE_CMOCKA_TRUE@ test-find-uid$(EXEEXT) test-io$(EXEEXT) \ @HAVE_CMOCKA_TRUE@ sss_nss_idmap-tests$(EXEEXT) \ @HAVE_CMOCKA_TRUE@ dyndns-tests$(EXEEXT) fqnames-tests$(EXEEXT) \ @HAVE_CMOCKA_TRUE@ test_sss_idmap$(EXEEXT) \ @HAVE_CMOCKA_TRUE@ test_ipa_idmap$(EXEEXT) test_utils$(EXEEXT) \ @HAVE_CMOCKA_TRUE@ ad_access_filter_tests$(EXEEXT) \ @HAVE_CMOCKA_TRUE@ ad_common_tests$(EXEEXT) \ @HAVE_CMOCKA_TRUE@ dp_opt_tests$(EXEEXT) \ @HAVE_CMOCKA_TRUE@ test_search_bases$(EXEEXT) @BUILD_SSH_TRUE@@HAVE_CHECK_TRUE@am__EXEEXT_2 = \ @BUILD_SSH_TRUE@@HAVE_CHECK_TRUE@ sysdb_ssh-tests$(EXEEXT) @HAVE_CHECK_TRUE@am__EXEEXT_3 = dlopen-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ sysdb-tests$(EXEEXT) strtonum-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ resolv-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ krb5-utils-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ check_and_open-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ files-tests$(EXEEXT) refcount-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ fail_over-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ find_uid-tests$(EXEEXT) auth-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ ipa_ldap_opt-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ ad_ldap_opt-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ simple_access-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ crypto-tests$(EXEEXT) util-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ debug-tests$(EXEEXT) ipa_hbac-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ sss_idmap-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ responder_socket_access-tests$(EXEEXT) \ @HAVE_CHECK_TRUE@ $(am__EXEEXT_2) @BUILD_SUDO_TRUE@am__EXEEXT_4 = sss_sudo_cli$(EXEEXT) @BUILD_AUTOFS_TRUE@am__EXEEXT_5 = autofs_test_client$(EXEEXT) @BUILD_SUDO_TRUE@am__EXEEXT_6 = sssd_sudo$(EXEEXT) @BUILD_AUTOFS_TRUE@am__EXEEXT_7 = sssd_autofs$(EXEEXT) @BUILD_SSH_TRUE@am__EXEEXT_8 = sssd_ssh$(EXEEXT) @BUILD_PAC_RESPONDER_TRUE@am__EXEEXT_9 = sssd_pac$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) $(sbin_PROGRAMS) \ $(sssdlibexec_PROGRAMS) am__ad_access_filter_tests_SOURCES_DIST = \ src/providers/data_provider_be.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ src/providers/dp_dyndns.c src/providers/dp_ptask.c \ src/providers/dp_refresh.c src/providers/fail_over.c \ src/providers/fail_over_srv.c src/resolv/async_resolv.c \ src/resolv/async_resolv_utils.c \ src/resolv/ares/ares_parse_srv_reply.c \ src/resolv/ares/ares_data.c src/util/sss_ldap.c \ src/util/sss_krb5.c src/util/find_uid.c \ src/util/user_info_msg.c src/providers/ad/ad_common.c \ src/tests/cmocka/test_ad_access_filter.c @BUILD_ARES_DATA_TRUE@am__objects_16 = src/resolv/ares/ad_access_filter_tests-ares_parse_srv_reply.$(OBJEXT) \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/ad_access_filter_tests-ares_data.$(OBJEXT) am__objects_17 = \ src/resolv/ad_access_filter_tests-async_resolv.$(OBJEXT) \ src/resolv/ad_access_filter_tests-async_resolv_utils.$(OBJEXT) \ $(am__objects_16) am__objects_18 = \ src/providers/ad_access_filter_tests-fail_over.$(OBJEXT) \ src/providers/ad_access_filter_tests-fail_over_srv.$(OBJEXT) \ $(am__objects_17) am__objects_19 = src/providers/ad_access_filter_tests-data_provider_be.$(OBJEXT) \ src/providers/ad_access_filter_tests-data_provider_fo.$(OBJEXT) \ src/providers/ad_access_filter_tests-data_provider_opts.$(OBJEXT) \ src/providers/ad_access_filter_tests-data_provider_callbacks.$(OBJEXT) \ src/providers/ad_access_filter_tests-dp_dyndns.$(OBJEXT) \ src/providers/ad_access_filter_tests-dp_ptask.$(OBJEXT) \ src/providers/ad_access_filter_tests-dp_refresh.$(OBJEXT) \ $(am__objects_18) @HAVE_CMOCKA_TRUE@am_ad_access_filter_tests_OBJECTS = \ @HAVE_CMOCKA_TRUE@ $(am__objects_19) \ @HAVE_CMOCKA_TRUE@ src/util/ad_access_filter_tests-sss_ldap.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/ad_access_filter_tests-sss_krb5.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/ad_access_filter_tests-find_uid.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/ad_access_filter_tests-user_info_msg.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/providers/ad/ad_access_filter_tests-ad_common.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.$(OBJEXT) ad_access_filter_tests_OBJECTS = $(am_ad_access_filter_tests_OBJECTS) @HAVE_CMOCKA_TRUE@ad_access_filter_tests_DEPENDENCIES = \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_3) $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_ldap_common.la libsss_idmap.la \ @HAVE_CMOCKA_TRUE@ libsss_krb5_common.la libsss_test_common.la ad_access_filter_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(ad_access_filter_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ am__ad_common_tests_SOURCES_DIST = src/providers/data_provider_be.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ src/providers/dp_dyndns.c src/providers/dp_ptask.c \ src/providers/dp_refresh.c src/providers/fail_over.c \ src/providers/fail_over_srv.c src/resolv/async_resolv.c \ src/resolv/async_resolv_utils.c \ src/resolv/ares/ares_parse_srv_reply.c \ src/resolv/ares/ares_data.c src/util/sss_ldap.c \ src/util/sss_krb5.c src/util/find_uid.c \ src/util/user_info_msg.c src/tests/cmocka/test_ad_common.c @BUILD_ARES_DATA_TRUE@am__objects_20 = src/resolv/ares/ad_common_tests-ares_parse_srv_reply.$(OBJEXT) \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/ad_common_tests-ares_data.$(OBJEXT) am__objects_21 = src/resolv/ad_common_tests-async_resolv.$(OBJEXT) \ src/resolv/ad_common_tests-async_resolv_utils.$(OBJEXT) \ $(am__objects_20) am__objects_22 = src/providers/ad_common_tests-fail_over.$(OBJEXT) \ src/providers/ad_common_tests-fail_over_srv.$(OBJEXT) \ $(am__objects_21) am__objects_23 = \ src/providers/ad_common_tests-data_provider_be.$(OBJEXT) \ src/providers/ad_common_tests-data_provider_fo.$(OBJEXT) \ src/providers/ad_common_tests-data_provider_opts.$(OBJEXT) \ src/providers/ad_common_tests-data_provider_callbacks.$(OBJEXT) \ src/providers/ad_common_tests-dp_dyndns.$(OBJEXT) \ src/providers/ad_common_tests-dp_ptask.$(OBJEXT) \ src/providers/ad_common_tests-dp_refresh.$(OBJEXT) \ $(am__objects_22) @HAVE_CMOCKA_TRUE@am_ad_common_tests_OBJECTS = $(am__objects_23) \ @HAVE_CMOCKA_TRUE@ src/util/ad_common_tests-sss_ldap.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/ad_common_tests-sss_krb5.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/ad_common_tests-find_uid.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/ad_common_tests-user_info_msg.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/ad_common_tests-test_ad_common.$(OBJEXT) ad_common_tests_OBJECTS = $(am_ad_common_tests_OBJECTS) @HAVE_CMOCKA_TRUE@ad_common_tests_DEPENDENCIES = \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_3) $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_ldap_common.la libsss_idmap.la \ @HAVE_CMOCKA_TRUE@ libsss_krb5_common.la libsss_test_common.la ad_common_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(ad_common_tests_CFLAGS) $(CFLAGS) $(ad_common_tests_LDFLAGS) \ $(LDFLAGS) -o $@ am__ad_ldap_opt_tests_SOURCES_DIST = src/tests/ad_ldap_opt-tests.c @HAVE_CHECK_TRUE@am_ad_ldap_opt_tests_OBJECTS = src/tests/ad_ldap_opt_tests-ad_ldap_opt-tests.$(OBJEXT) ad_ldap_opt_tests_OBJECTS = $(am_ad_ldap_opt_tests_OBJECTS) @HAVE_CHECK_TRUE@ad_ldap_opt_tests_DEPENDENCIES = \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CHECK_TRUE@ libsss_test_common.la ad_ldap_opt_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(ad_ldap_opt_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ -o $@ am__auth_tests_SOURCES_DIST = src/tests/auth-tests.c @HAVE_CHECK_TRUE@am_auth_tests_OBJECTS = \ @HAVE_CHECK_TRUE@ src/tests/auth_tests-auth-tests.$(OBJEXT) auth_tests_OBJECTS = $(am_auth_tests_OBJECTS) @HAVE_CHECK_TRUE@auth_tests_DEPENDENCIES = $(am__DEPENDENCIES_3) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la auth_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(auth_tests_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__autofs_test_client_SOURCES_DIST = \ src/sss_client/autofs/autofs_test_client.c \ src/sss_client/autofs/sss_autofs.c src/sss_client/common.c @BUILD_AUTOFS_TRUE@am_autofs_test_client_OBJECTS = src/sss_client/autofs/autofs_test_client-autofs_test_client.$(OBJEXT) \ @BUILD_AUTOFS_TRUE@ src/sss_client/autofs/autofs_test_client-sss_autofs.$(OBJEXT) \ @BUILD_AUTOFS_TRUE@ src/sss_client/autofs_test_client-common.$(OBJEXT) autofs_test_client_OBJECTS = $(am_autofs_test_client_OBJECTS) @BUILD_AUTOFS_TRUE@autofs_test_client_DEPENDENCIES = \ @BUILD_AUTOFS_TRUE@ $(am__DEPENDENCIES_4) autofs_test_client_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(autofs_test_client_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ am__check_and_open_tests_SOURCES_DIST = \ src/tests/check_and_open-tests.c src/util/check_and_open.c @HAVE_CHECK_TRUE@am_check_and_open_tests_OBJECTS = src/tests/check_and_open_tests-check_and_open-tests.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/util/check_and_open_tests-check_and_open.$(OBJEXT) check_and_open_tests_OBJECTS = $(am_check_and_open_tests_OBJECTS) @HAVE_CHECK_TRUE@check_and_open_tests_DEPENDENCIES = libsss_debug.la \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) libsss_test_common.la check_and_open_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(check_and_open_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ am__crypto_tests_SOURCES_DIST = \ src/util/crypto/libcrypto/crypto_base64.c \ src/util/crypto/libcrypto/crypto_hmac_sha1.c \ src/util/crypto/libcrypto/crypto_sha512crypt.c \ src/util/crypto/libcrypto/crypto_obfuscate.c \ src/util/crypto/nss/nss_base64.c \ src/util/crypto/nss/nss_hmac_sha1.c \ src/util/crypto/nss/nss_sha512crypt.c \ src/util/crypto/nss/nss_obfuscate.c \ src/util/crypto/nss/nss_util.c src/tests/crypto-tests.c @HAVE_NSS_FALSE@am__objects_24 = src/util/crypto/libcrypto/crypto_tests-crypto_base64.$(OBJEXT) \ @HAVE_NSS_FALSE@ src/util/crypto/libcrypto/crypto_tests-crypto_hmac_sha1.$(OBJEXT) \ @HAVE_NSS_FALSE@ src/util/crypto/libcrypto/crypto_tests-crypto_sha512crypt.$(OBJEXT) \ @HAVE_NSS_FALSE@ src/util/crypto/libcrypto/crypto_tests-crypto_obfuscate.$(OBJEXT) @HAVE_NSS_TRUE@am__objects_24 = src/util/crypto/nss/crypto_tests-nss_base64.$(OBJEXT) \ @HAVE_NSS_TRUE@ src/util/crypto/nss/crypto_tests-nss_hmac_sha1.$(OBJEXT) \ @HAVE_NSS_TRUE@ src/util/crypto/nss/crypto_tests-nss_sha512crypt.$(OBJEXT) \ @HAVE_NSS_TRUE@ src/util/crypto/nss/crypto_tests-nss_obfuscate.$(OBJEXT) \ @HAVE_NSS_TRUE@ src/util/crypto/nss/crypto_tests-nss_util.$(OBJEXT) @HAVE_CHECK_TRUE@am_crypto_tests_OBJECTS = $(am__objects_24) \ @HAVE_CHECK_TRUE@ src/tests/crypto_tests-crypto-tests.$(OBJEXT) crypto_tests_OBJECTS = $(am_crypto_tests_OBJECTS) @HAVE_CHECK_TRUE@crypto_tests_DEPENDENCIES = libsss_debug.la \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) libsss_test_common.la crypto_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(crypto_tests_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__debug_tests_SOURCES_DIST = src/tests/debug-tests.c \ src/tests/common.c @HAVE_CHECK_TRUE@am_debug_tests_OBJECTS = \ @HAVE_CHECK_TRUE@ src/tests/debug_tests-debug-tests.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/tests/debug_tests-common.$(OBJEXT) debug_tests_OBJECTS = $(am_debug_tests_OBJECTS) @HAVE_CHECK_TRUE@debug_tests_DEPENDENCIES = $(am__DEPENDENCIES_3) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) libsss_debug.la debug_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(debug_tests_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__dlopen_tests_SOURCES_DIST = src/tests/dlopen-tests.c @HAVE_CHECK_TRUE@am_dlopen_tests_OBJECTS = src/tests/dlopen_tests-dlopen-tests.$(OBJEXT) dlopen_tests_OBJECTS = $(am_dlopen_tests_OBJECTS) @HAVE_CHECK_TRUE@dlopen_tests_DEPENDENCIES = $(am__DEPENDENCIES_1) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) dlopen_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(dlopen_tests_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__dp_opt_tests_SOURCES_DIST = src/providers/data_provider_opts.c \ src/tests/cmocka/test_dp_opts.c @HAVE_CMOCKA_TRUE@am_dp_opt_tests_OBJECTS = src/providers/dp_opt_tests-data_provider_opts.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/dp_opt_tests-test_dp_opts.$(OBJEXT) dp_opt_tests_OBJECTS = $(am_dp_opt_tests_OBJECTS) @HAVE_CMOCKA_TRUE@dp_opt_tests_DEPENDENCIES = $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la dp_opt_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(dp_opt_tests_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__dyndns_tests_SOURCES_DIST = src/resolv/async_resolv.c \ src/resolv/async_resolv_utils.c \ src/resolv/ares/ares_parse_srv_reply.c \ src/resolv/ares/ares_data.c src/tests/cmocka/test_dyndns.c \ src/providers/data_provider_opts.c @BUILD_ARES_DATA_TRUE@am__objects_25 = src/resolv/ares/dyndns_tests-ares_parse_srv_reply.$(OBJEXT) \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/dyndns_tests-ares_data.$(OBJEXT) am__objects_26 = src/resolv/dyndns_tests-async_resolv.$(OBJEXT) \ src/resolv/dyndns_tests-async_resolv_utils.$(OBJEXT) \ $(am__objects_25) @HAVE_CMOCKA_TRUE@am_dyndns_tests_OBJECTS = $(am__objects_26) \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/dyndns_tests-test_dyndns.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/providers/dyndns_tests-data_provider_opts.$(OBJEXT) dyndns_tests_OBJECTS = $(am_dyndns_tests_OBJECTS) dyndns_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(dyndns_tests_CFLAGS) \ $(CFLAGS) $(dyndns_tests_LDFLAGS) $(LDFLAGS) -o $@ am__fail_over_tests_SOURCES_DIST = src/tests/fail_over-tests.c \ src/providers/fail_over.c src/providers/fail_over_srv.c \ src/resolv/async_resolv.c src/resolv/async_resolv_utils.c \ src/resolv/ares/ares_parse_srv_reply.c \ src/resolv/ares/ares_data.c @BUILD_ARES_DATA_TRUE@am__objects_27 = src/resolv/ares/fail_over_tests-ares_parse_srv_reply.$(OBJEXT) \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/fail_over_tests-ares_data.$(OBJEXT) am__objects_28 = src/resolv/fail_over_tests-async_resolv.$(OBJEXT) \ src/resolv/fail_over_tests-async_resolv_utils.$(OBJEXT) \ $(am__objects_27) am__objects_29 = src/providers/fail_over_tests-fail_over.$(OBJEXT) \ src/providers/fail_over_tests-fail_over_srv.$(OBJEXT) \ $(am__objects_28) @HAVE_CHECK_TRUE@am_fail_over_tests_OBJECTS = src/tests/fail_over_tests-fail_over-tests.$(OBJEXT) \ @HAVE_CHECK_TRUE@ $(am__objects_29) fail_over_tests_OBJECTS = $(am_fail_over_tests_OBJECTS) @HAVE_CHECK_TRUE@fail_over_tests_DEPENDENCIES = $(am__DEPENDENCIES_3) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) libsss_test_common.la fail_over_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(fail_over_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ -o $@ am__files_tests_SOURCES_DIST = src/tests/files-tests.c \ src/util/check_and_open.c src/util/atomic_io.c \ src/tools/selinux.c src/tools/files.c @HAVE_CHECK_TRUE@am_files_tests_OBJECTS = \ @HAVE_CHECK_TRUE@ src/tests/files_tests-files-tests.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/util/files_tests-check_and_open.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/util/files_tests-atomic_io.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/tools/files_tests-selinux.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/tools/files_tests-files.$(OBJEXT) files_tests_OBJECTS = $(am_files_tests_OBJECTS) @BUILD_SELINUX_TRUE@@HAVE_CHECK_TRUE@am__DEPENDENCIES_8 = \ @BUILD_SELINUX_TRUE@@HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) @BUILD_SEMANAGE_TRUE@@HAVE_CHECK_TRUE@am__DEPENDENCIES_9 = \ @BUILD_SEMANAGE_TRUE@@HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) @HAVE_CHECK_TRUE@am__DEPENDENCIES_10 = $(am__DEPENDENCIES_1) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CHECK_TRUE@ libsss_test_common.la $(am__DEPENDENCIES_8) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_9) @HAVE_CHECK_TRUE@files_tests_DEPENDENCIES = $(am__DEPENDENCIES_10) \ @HAVE_CHECK_TRUE@ libsss_test_common.la $(SSSD_INTERNAL_LTLIBS) files_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(files_tests_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__find_uid_tests_SOURCES_DIST = src/tests/find_uid-tests.c \ src/util/find_uid.c src/util/atomic_io.c src/util/strtonum.c @HAVE_CHECK_TRUE@am_find_uid_tests_OBJECTS = src/tests/find_uid_tests-find_uid-tests.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/util/find_uid_tests-find_uid.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/util/find_uid_tests-atomic_io.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/util/find_uid_tests-strtonum.$(OBJEXT) find_uid_tests_OBJECTS = $(am_find_uid_tests_OBJECTS) @HAVE_CHECK_TRUE@find_uid_tests_DEPENDENCIES = libsss_debug.la \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) libsss_test_common.la find_uid_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(find_uid_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o \ $@ am__fqnames_tests_SOURCES_DIST = src/tests/cmocka/test_fqnames.c @HAVE_CMOCKA_TRUE@am_fqnames_tests_OBJECTS = src/tests/cmocka/fqnames_tests-test_fqnames.$(OBJEXT) fqnames_tests_OBJECTS = $(am_fqnames_tests_OBJECTS) @HAVE_CMOCKA_TRUE@fqnames_tests_DEPENDENCIES = $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_3) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la fqnames_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(fqnames_tests_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__ipa_hbac_tests_SOURCES_DIST = src/tests/ipa_hbac-tests.c @HAVE_CHECK_TRUE@am_ipa_hbac_tests_OBJECTS = src/tests/ipa_hbac_tests-ipa_hbac-tests.$(OBJEXT) ipa_hbac_tests_OBJECTS = $(am_ipa_hbac_tests_OBJECTS) @HAVE_CHECK_TRUE@ipa_hbac_tests_DEPENDENCIES = $(am__DEPENDENCIES_3) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) libsss_test_common.la \ @HAVE_CHECK_TRUE@ libipa_hbac.la ipa_hbac_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(ipa_hbac_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o \ $@ am__ipa_ldap_opt_tests_SOURCES_DIST = \ src/providers/data_provider_opts.c \ src/tests/ipa_ldap_opt-tests.c @HAVE_CHECK_TRUE@am_ipa_ldap_opt_tests_OBJECTS = src/providers/ipa_ldap_opt_tests-data_provider_opts.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/tests/ipa_ldap_opt_tests-ipa_ldap_opt-tests.$(OBJEXT) ipa_ldap_opt_tests_OBJECTS = $(am_ipa_ldap_opt_tests_OBJECTS) @HAVE_CHECK_TRUE@ipa_ldap_opt_tests_DEPENDENCIES = \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) libsss_test_common.la ipa_ldap_opt_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(ipa_ldap_opt_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ am__krb5_child_test_SOURCES_DIST = src/tests/krb5_child-test.c \ src/providers/krb5/krb5_utils.c \ src/providers/krb5/krb5_child_handler.c \ src/providers/krb5/krb5_become_user.c \ src/providers/krb5/krb5_common.c src/util/sss_krb5.c \ src/util/find_uid.c src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ src/providers/fail_over.c src/providers/fail_over_srv.c \ src/resolv/async_resolv.c src/resolv/async_resolv_utils.c \ src/resolv/ares/ares_parse_srv_reply.c \ src/resolv/ares/ares_data.c @BUILD_ARES_DATA_TRUE@am__objects_30 = src/resolv/ares/krb5_child_test-ares_parse_srv_reply.$(OBJEXT) \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/krb5_child_test-ares_data.$(OBJEXT) am__objects_31 = src/resolv/krb5_child_test-async_resolv.$(OBJEXT) \ src/resolv/krb5_child_test-async_resolv_utils.$(OBJEXT) \ $(am__objects_30) am__objects_32 = src/providers/krb5_child_test-fail_over.$(OBJEXT) \ src/providers/krb5_child_test-fail_over_srv.$(OBJEXT) \ $(am__objects_31) am_krb5_child_test_OBJECTS = \ src/tests/krb5_child_test-krb5_child-test.$(OBJEXT) \ src/providers/krb5/krb5_child_test-krb5_utils.$(OBJEXT) \ src/providers/krb5/krb5_child_test-krb5_child_handler.$(OBJEXT) \ src/providers/krb5/krb5_child_test-krb5_become_user.$(OBJEXT) \ src/providers/krb5/krb5_child_test-krb5_common.$(OBJEXT) \ src/util/krb5_child_test-sss_krb5.$(OBJEXT) \ src/util/krb5_child_test-find_uid.$(OBJEXT) \ src/providers/krb5_child_test-data_provider_fo.$(OBJEXT) \ src/providers/krb5_child_test-data_provider_opts.$(OBJEXT) \ src/providers/krb5_child_test-data_provider_callbacks.$(OBJEXT) \ $(am__objects_32) krb5_child_test_OBJECTS = $(am_krb5_child_test_OBJECTS) krb5_child_test_DEPENDENCIES = $(am__DEPENDENCIES_3) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la krb5_child_test_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(krb5_child_test_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ -o $@ am__krb5_utils_tests_SOURCES_DIST = src/tests/krb5_utils-tests.c \ src/providers/krb5/krb5_utils.c \ src/providers/krb5/krb5_become_user.c \ src/providers/krb5/krb5_common.c src/util/sss_krb5.c \ src/util/find_uid.c src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ src/providers/fail_over.c src/providers/fail_over_srv.c \ src/resolv/async_resolv.c src/resolv/async_resolv_utils.c \ src/resolv/ares/ares_parse_srv_reply.c \ src/resolv/ares/ares_data.c @BUILD_ARES_DATA_TRUE@am__objects_33 = src/resolv/ares/krb5_utils_tests-ares_parse_srv_reply.$(OBJEXT) \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/krb5_utils_tests-ares_data.$(OBJEXT) am__objects_34 = src/resolv/krb5_utils_tests-async_resolv.$(OBJEXT) \ src/resolv/krb5_utils_tests-async_resolv_utils.$(OBJEXT) \ $(am__objects_33) am__objects_35 = src/providers/krb5_utils_tests-fail_over.$(OBJEXT) \ src/providers/krb5_utils_tests-fail_over_srv.$(OBJEXT) \ $(am__objects_34) @HAVE_CHECK_TRUE@am_krb5_utils_tests_OBJECTS = src/tests/krb5_utils_tests-krb5_utils-tests.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/krb5/krb5_utils_tests-krb5_utils.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/krb5/krb5_utils_tests-krb5_become_user.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/krb5/krb5_utils_tests-krb5_common.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/util/krb5_utils_tests-sss_krb5.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/util/krb5_utils_tests-find_uid.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/krb5_utils_tests-data_provider_fo.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/krb5_utils_tests-data_provider_opts.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/krb5_utils_tests-data_provider_callbacks.$(OBJEXT) \ @HAVE_CHECK_TRUE@ $(am__objects_35) krb5_utils_tests_OBJECTS = $(am_krb5_utils_tests_OBJECTS) @HAVE_CHECK_TRUE@krb5_utils_tests_DEPENDENCIES = \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_3) $(am__DEPENDENCIES_1) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) libsss_test_common.la krb5_utils_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(krb5_utils_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ -o $@ am_krb5_child_OBJECTS = \ src/providers/krb5/krb5_child-krb5_become_user.$(OBJEXT) \ src/providers/krb5/krb5_child-krb5_child.$(OBJEXT) \ src/providers/krb5_child-dp_pam_data_util.$(OBJEXT) \ src/util/krb5_child-user_info_msg.$(OBJEXT) \ src/util/krb5_child-sss_krb5.$(OBJEXT) \ src/util/krb5_child-atomic_io.$(OBJEXT) \ src/util/krb5_child-authtok.$(OBJEXT) \ src/util/krb5_child-util.$(OBJEXT) \ src/util/krb5_child-signal.$(OBJEXT) \ src/sss_client/krb5_child-common.$(OBJEXT) krb5_child_OBJECTS = $(am_krb5_child_OBJECTS) krb5_child_DEPENDENCIES = libsss_debug.la libsss_child.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_4) krb5_child_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(krb5_child_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am_ldap_child_OBJECTS = \ src/providers/ldap/ldap_child-ldap_child.$(OBJEXT) \ src/util/ldap_child-sss_krb5.$(OBJEXT) \ src/util/ldap_child-atomic_io.$(OBJEXT) \ src/util/ldap_child-authtok.$(OBJEXT) \ src/util/ldap_child-util.$(OBJEXT) \ src/util/ldap_child-signal.$(OBJEXT) ldap_child_OBJECTS = $(am_ldap_child_OBJECTS) ldap_child_DEPENDENCIES = libsss_debug.la libsss_child.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) ldap_child_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(ldap_child_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__nss_srv_tests_SOURCES_DIST = src/tests/cmocka/common_mock_resp.c \ src/responder/common/responder_packet.c \ src/responder/common/responder_cmd.c \ src/responder/common/negcache.c \ src/responder/common/responder_common.c \ src/tests/cmocka/test_nss_srv.c src/responder/nss/nsssrv_cmd.c \ src/responder/nss/nsssrv_netgroup.c \ src/responder/nss/nsssrv_services.c \ src/responder/nss/nsssrv_mmap_cache.c @HAVE_CMOCKA_TRUE@am__objects_36 = src/tests/cmocka/nss_srv_tests-common_mock_resp.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/responder/common/nss_srv_tests-responder_packet.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/responder/common/nss_srv_tests-responder_cmd.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/responder/common/nss_srv_tests-negcache.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/responder/common/nss_srv_tests-responder_common.$(OBJEXT) @HAVE_CMOCKA_TRUE@am_nss_srv_tests_OBJECTS = $(am__objects_36) \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/nss_srv_tests-test_nss_srv.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/responder/nss/nss_srv_tests-nsssrv_cmd.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/responder/nss/nss_srv_tests-nsssrv_netgroup.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/responder/nss/nss_srv_tests-nsssrv_services.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/responder/nss/nss_srv_tests-nsssrv_mmap_cache.$(OBJEXT) nss_srv_tests_OBJECTS = $(am_nss_srv_tests_OBJECTS) nss_srv_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(nss_srv_tests_CFLAGS) \ $(CFLAGS) $(nss_srv_tests_LDFLAGS) $(LDFLAGS) -o $@ am_pam_test_client_OBJECTS = src/sss_client/pam_test_client.$(OBJEXT) pam_test_client_OBJECTS = $(am_pam_test_client_OBJECTS) pam_test_client_DEPENDENCIES = am_proxy_child_OBJECTS = \ src/providers/proxy/proxy_child-proxy_child.$(OBJEXT) proxy_child_OBJECTS = $(am_proxy_child_OBJECTS) proxy_child_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3) \ $(SSSD_INTERNAL_LTLIBS) proxy_child_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(proxy_child_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__refcount_tests_SOURCES_DIST = src/tests/refcount-tests.c @HAVE_CHECK_TRUE@am_refcount_tests_OBJECTS = src/tests/refcount_tests-refcount-tests.$(OBJEXT) refcount_tests_OBJECTS = $(am_refcount_tests_OBJECTS) @HAVE_CHECK_TRUE@refcount_tests_DEPENDENCIES = $(am__DEPENDENCIES_3) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la refcount_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(refcount_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o \ $@ am__resolv_tests_SOURCES_DIST = src/tests/resolv-tests.c \ src/tests/common.c src/resolv/async_resolv.c \ src/resolv/async_resolv_utils.c \ src/resolv/ares/ares_parse_srv_reply.c \ src/resolv/ares/ares_data.c \ src/resolv/ares/ares_parse_txt_reply.c @BUILD_ARES_DATA_TRUE@am__objects_37 = src/resolv/ares/resolv_tests-ares_parse_srv_reply.$(OBJEXT) \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/resolv_tests-ares_data.$(OBJEXT) am__objects_38 = src/resolv/resolv_tests-async_resolv.$(OBJEXT) \ src/resolv/resolv_tests-async_resolv_utils.$(OBJEXT) \ $(am__objects_37) @BUILD_ARES_DATA_TRUE@@HAVE_CHECK_TRUE@am__objects_39 = src/resolv/ares/resolv_tests-ares_parse_txt_reply.$(OBJEXT) @HAVE_CHECK_TRUE@am__objects_40 = $(am__objects_38) $(am__objects_39) @HAVE_CHECK_TRUE@am_resolv_tests_OBJECTS = src/tests/resolv_tests-resolv-tests.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/tests/resolv_tests-common.$(OBJEXT) \ @HAVE_CHECK_TRUE@ $(am__objects_40) resolv_tests_OBJECTS = $(am_resolv_tests_OBJECTS) @HAVE_CHECK_TRUE@resolv_tests_DEPENDENCIES = $(am__DEPENDENCIES_3) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CHECK_TRUE@ libsss_debug.la libsss_test_common.la resolv_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(resolv_tests_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__responder_socket_access_tests_SOURCES_DIST = \ src/tests/responder_socket_access-tests.c \ src/responder/common/responder_common.c \ src/responder/common/responder_packet.c \ src/responder/common/responder_cmd.c @HAVE_CHECK_TRUE@am_responder_socket_access_tests_OBJECTS = src/tests/responder_socket_access_tests-responder_socket_access-tests.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/responder/common/responder_socket_access_tests-responder_common.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/responder/common/responder_socket_access_tests-responder_packet.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/responder/common/responder_socket_access_tests-responder_cmd.$(OBJEXT) responder_socket_access_tests_OBJECTS = \ $(am_responder_socket_access_tests_OBJECTS) @HAVE_CHECK_TRUE@responder_socket_access_tests_DEPENDENCIES = \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) libsss_test_common.la responder_socket_access_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(responder_socket_access_tests_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__simple_access_tests_SOURCES_DIST = \ src/tests/simple_access-tests.c \ src/providers/simple/simple_access.c \ src/providers/simple/simple_access_check.c \ src/providers/data_provider_be.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ src/providers/dp_ptask.c src/providers/dp_refresh.c \ src/providers/fail_over.c src/providers/fail_over_srv.c \ src/resolv/async_resolv.c src/resolv/async_resolv_utils.c \ src/resolv/ares/ares_parse_srv_reply.c \ src/resolv/ares/ares_data.c @BUILD_ARES_DATA_TRUE@am__objects_41 = src/resolv/ares/simple_access_tests-ares_parse_srv_reply.$(OBJEXT) \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/simple_access_tests-ares_data.$(OBJEXT) am__objects_42 = \ src/resolv/simple_access_tests-async_resolv.$(OBJEXT) \ src/resolv/simple_access_tests-async_resolv_utils.$(OBJEXT) \ $(am__objects_41) am__objects_43 = \ src/providers/simple_access_tests-fail_over.$(OBJEXT) \ src/providers/simple_access_tests-fail_over_srv.$(OBJEXT) \ $(am__objects_42) @HAVE_CHECK_TRUE@am_simple_access_tests_OBJECTS = src/tests/simple_access_tests-simple_access-tests.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/simple/simple_access_tests-simple_access.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/simple/simple_access_tests-simple_access_check.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/simple_access_tests-data_provider_be.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/simple_access_tests-data_provider_fo.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/simple_access_tests-data_provider_opts.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/simple_access_tests-data_provider_callbacks.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/simple_access_tests-dp_ptask.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/providers/simple_access_tests-dp_refresh.$(OBJEXT) \ @HAVE_CHECK_TRUE@ $(am__objects_43) simple_access_tests_OBJECTS = $(am_simple_access_tests_OBJECTS) @HAVE_CHECK_TRUE@simple_access_tests_DEPENDENCIES = \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la simple_access_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(simple_access_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ am__objects_44 = src/tools/sss_cache-sss_sync_ops.$(OBJEXT) \ src/tools/sss_cache-tools_util.$(OBJEXT) \ src/tools/sss_cache-files.$(OBJEXT) \ src/tools/sss_cache-selinux.$(OBJEXT) \ src/util/sss_cache-nscd.$(OBJEXT) am__objects_45 = src/sss_client/sss_cache-common.$(OBJEXT) \ src/tools/sss_cache-tools_mc_util.$(OBJEXT) $(am__objects_44) am_sss_cache_OBJECTS = src/tools/sss_cache-sss_cache.$(OBJEXT) \ $(am__objects_45) sss_cache_OBJECTS = $(am_sss_cache_OBJECTS) am__DEPENDENCIES_11 = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_5) $(am__DEPENDENCIES_6) sss_cache_DEPENDENCIES = $(am__DEPENDENCIES_11) \ $(SSSD_INTERNAL_LTLIBS) $(am__DEPENDENCIES_4) sss_cache_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(sss_cache_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__objects_46 = src/tools/sss_sync_ops.$(OBJEXT) \ src/tools/tools_util.$(OBJEXT) src/tools/files.$(OBJEXT) \ src/tools/selinux.$(OBJEXT) src/util/nscd.$(OBJEXT) am_sss_debuglevel_OBJECTS = src/tools/sss_debuglevel.$(OBJEXT) \ $(am__objects_46) sss_debuglevel_OBJECTS = $(am_sss_debuglevel_OBJECTS) sss_debuglevel_DEPENDENCIES = $(am__DEPENDENCIES_11) \ $(SSSD_INTERNAL_LTLIBS) am_sss_groupadd_OBJECTS = src/tools/sss_groupadd.$(OBJEXT) \ $(am__objects_46) sss_groupadd_OBJECTS = $(am_sss_groupadd_OBJECTS) sss_groupadd_DEPENDENCIES = $(am__DEPENDENCIES_11) \ $(SSSD_INTERNAL_LTLIBS) am__objects_47 = src/tools/sss_groupdel-sss_sync_ops.$(OBJEXT) \ src/tools/sss_groupdel-tools_util.$(OBJEXT) \ src/tools/sss_groupdel-files.$(OBJEXT) \ src/tools/sss_groupdel-selinux.$(OBJEXT) \ src/util/sss_groupdel-nscd.$(OBJEXT) am__objects_48 = src/sss_client/sss_groupdel-common.$(OBJEXT) \ src/tools/sss_groupdel-tools_mc_util.$(OBJEXT) \ $(am__objects_47) am_sss_groupdel_OBJECTS = \ src/tools/sss_groupdel-sss_groupdel.$(OBJEXT) \ $(am__objects_48) sss_groupdel_OBJECTS = $(am_sss_groupdel_OBJECTS) sss_groupdel_DEPENDENCIES = $(am__DEPENDENCIES_11) \ $(SSSD_INTERNAL_LTLIBS) $(am__DEPENDENCIES_4) sss_groupdel_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(sss_groupdel_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__objects_49 = src/tools/sss_groupmod-sss_sync_ops.$(OBJEXT) \ src/tools/sss_groupmod-tools_util.$(OBJEXT) \ src/tools/sss_groupmod-files.$(OBJEXT) \ src/tools/sss_groupmod-selinux.$(OBJEXT) \ src/util/sss_groupmod-nscd.$(OBJEXT) am__objects_50 = src/sss_client/sss_groupmod-common.$(OBJEXT) \ src/tools/sss_groupmod-tools_mc_util.$(OBJEXT) \ $(am__objects_49) am_sss_groupmod_OBJECTS = \ src/tools/sss_groupmod-sss_groupmod.$(OBJEXT) \ $(am__objects_50) sss_groupmod_OBJECTS = $(am_sss_groupmod_OBJECTS) sss_groupmod_DEPENDENCIES = $(am__DEPENDENCIES_11) \ $(SSSD_INTERNAL_LTLIBS) $(am__DEPENDENCIES_4) sss_groupmod_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(sss_groupmod_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am_sss_groupshow_OBJECTS = src/tools/sss_groupshow.$(OBJEXT) \ $(am__objects_46) sss_groupshow_OBJECTS = $(am_sss_groupshow_OBJECTS) sss_groupshow_DEPENDENCIES = $(am__DEPENDENCIES_11) \ $(SSSD_INTERNAL_LTLIBS) am__sss_idmap_tests_SOURCES_DIST = src/tests/sss_idmap-tests.c @HAVE_CHECK_TRUE@am_sss_idmap_tests_OBJECTS = src/tests/sss_idmap_tests-sss_idmap-tests.$(OBJEXT) sss_idmap_tests_OBJECTS = $(am_sss_idmap_tests_OBJECTS) @HAVE_CHECK_TRUE@sss_idmap_tests_DEPENDENCIES = $(am__DEPENDENCIES_1) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) libsss_test_common.la \ @HAVE_CHECK_TRUE@ libsss_idmap.la sss_idmap_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(sss_idmap_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ -o $@ am__sss_nss_idmap_tests_SOURCES_DIST = \ src/tests/cmocka/sss_nss_idmap-tests.c @HAVE_CMOCKA_TRUE@am_sss_nss_idmap_tests_OBJECTS = src/tests/cmocka/sss_nss_idmap_tests-sss_nss_idmap-tests.$(OBJEXT) sss_nss_idmap_tests_OBJECTS = $(am_sss_nss_idmap_tests_OBJECTS) @HAVE_CMOCKA_TRUE@sss_nss_idmap_tests_DEPENDENCIES = \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) libsss_nss_idmap.la sss_nss_idmap_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(sss_nss_idmap_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ am_sss_seed_OBJECTS = src/tools/sss_seed.$(OBJEXT) $(am__objects_46) sss_seed_OBJECTS = $(am_sss_seed_OBJECTS) sss_seed_DEPENDENCIES = $(am__DEPENDENCIES_11) $(SSSD_INTERNAL_LTLIBS) am__sss_ssh_authorizedkeys_SOURCES_DIST = src/sss_client/common.c \ src/sss_client/ssh/sss_ssh_client.c \ src/sss_client/ssh/sss_ssh_authorizedkeys.c @BUILD_SSH_TRUE@am_sss_ssh_authorizedkeys_OBJECTS = src/sss_client/sss_ssh_authorizedkeys-common.$(OBJEXT) \ @BUILD_SSH_TRUE@ src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.$(OBJEXT) \ @BUILD_SSH_TRUE@ src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.$(OBJEXT) sss_ssh_authorizedkeys_OBJECTS = $(am_sss_ssh_authorizedkeys_OBJECTS) @BUILD_SSH_TRUE@sss_ssh_authorizedkeys_DEPENDENCIES = \ @BUILD_SSH_TRUE@ $(SSSD_INTERNAL_LTLIBS) $(am__DEPENDENCIES_4) \ @BUILD_SSH_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) sss_ssh_authorizedkeys_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ am__sss_ssh_knownhostsproxy_SOURCES_DIST = src/sss_client/common.c \ src/sss_client/ssh/sss_ssh_client.c \ src/sss_client/ssh/sss_ssh_knownhostsproxy.c @BUILD_SSH_TRUE@am_sss_ssh_knownhostsproxy_OBJECTS = src/sss_client/sss_ssh_knownhostsproxy-common.$(OBJEXT) \ @BUILD_SSH_TRUE@ src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.$(OBJEXT) \ @BUILD_SSH_TRUE@ src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.$(OBJEXT) sss_ssh_knownhostsproxy_OBJECTS = \ $(am_sss_ssh_knownhostsproxy_OBJECTS) @BUILD_SSH_TRUE@sss_ssh_knownhostsproxy_DEPENDENCIES = \ @BUILD_SSH_TRUE@ $(SSSD_INTERNAL_LTLIBS) $(am__DEPENDENCIES_4) \ @BUILD_SSH_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) sss_ssh_knownhostsproxy_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ am__sss_sudo_cli_SOURCES_DIST = src/sss_client/common.c \ src/sss_client/sudo/sss_sudo.c \ src/sss_client/sudo/sss_sudo_response.c \ src/sss_client/sudo_testcli/sudo_testcli.c @BUILD_SUDO_TRUE@am_sss_sudo_cli_OBJECTS = \ @BUILD_SUDO_TRUE@ src/sss_client/sss_sudo_cli-common.$(OBJEXT) \ @BUILD_SUDO_TRUE@ src/sss_client/sudo/sss_sudo_cli-sss_sudo.$(OBJEXT) \ @BUILD_SUDO_TRUE@ src/sss_client/sudo/sss_sudo_cli-sss_sudo_response.$(OBJEXT) \ @BUILD_SUDO_TRUE@ src/sss_client/sudo_testcli/sss_sudo_cli-sudo_testcli.$(OBJEXT) sss_sudo_cli_OBJECTS = $(am_sss_sudo_cli_OBJECTS) @BUILD_SUDO_TRUE@sss_sudo_cli_DEPENDENCIES = $(am__DEPENDENCIES_4) sss_sudo_cli_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(sss_sudo_cli_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am_sss_useradd_OBJECTS = src/tools/sss_useradd.$(OBJEXT) \ $(am__objects_46) sss_useradd_OBJECTS = $(am_sss_useradd_OBJECTS) sss_useradd_DEPENDENCIES = $(am__DEPENDENCIES_11) \ $(SSSD_INTERNAL_LTLIBS) am__objects_51 = src/tools/sss_userdel-sss_sync_ops.$(OBJEXT) \ src/tools/sss_userdel-tools_util.$(OBJEXT) \ src/tools/sss_userdel-files.$(OBJEXT) \ src/tools/sss_userdel-selinux.$(OBJEXT) \ src/util/sss_userdel-nscd.$(OBJEXT) am__objects_52 = src/sss_client/sss_userdel-common.$(OBJEXT) \ src/tools/sss_userdel-tools_mc_util.$(OBJEXT) \ $(am__objects_51) am_sss_userdel_OBJECTS = src/tools/sss_userdel-sss_userdel.$(OBJEXT) \ src/util/sss_userdel-find_uid.$(OBJEXT) $(am__objects_52) sss_userdel_OBJECTS = $(am_sss_userdel_OBJECTS) sss_userdel_DEPENDENCIES = $(am__DEPENDENCIES_11) \ $(SSSD_INTERNAL_LTLIBS) $(am__DEPENDENCIES_4) sss_userdel_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(sss_userdel_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__objects_53 = src/tools/sss_usermod-sss_sync_ops.$(OBJEXT) \ src/tools/sss_usermod-tools_util.$(OBJEXT) \ src/tools/sss_usermod-files.$(OBJEXT) \ src/tools/sss_usermod-selinux.$(OBJEXT) \ src/util/sss_usermod-nscd.$(OBJEXT) am__objects_54 = src/sss_client/sss_usermod-common.$(OBJEXT) \ src/tools/sss_usermod-tools_mc_util.$(OBJEXT) \ $(am__objects_53) am_sss_usermod_OBJECTS = src/tools/sss_usermod-sss_usermod.$(OBJEXT) \ $(am__objects_54) sss_usermod_OBJECTS = $(am_sss_usermod_OBJECTS) sss_usermod_DEPENDENCIES = $(am__DEPENDENCIES_11) \ $(SSSD_INTERNAL_LTLIBS) $(am__DEPENDENCIES_4) sss_usermod_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(sss_usermod_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am_sssd_OBJECTS = src/monitor/monitor.$(OBJEXT) \ src/monitor/monitor_netlink.$(OBJEXT) \ src/confdb/confdb_setup.$(OBJEXT) src/util/nscd.$(OBJEXT) sssd_OBJECTS = $(am_sssd_OBJECTS) sssd_DEPENDENCIES = $(am__DEPENDENCIES_3) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(SSSD_INTERNAL_LTLIBS) am__sssd_autofs_SOURCES_DIST = src/responder/autofs/autofssrv.c \ src/responder/autofs/autofssrv_cmd.c \ src/responder/autofs/autofssrv_dp.c \ src/responder/common/negcache.c \ src/responder/common/responder_cmd.c \ src/responder/common/responder_common.c \ src/responder/common/responder_dp.c \ src/responder/common/responder_packet.c \ src/responder/common/responder_get_domains.c am__objects_55 = src/responder/common/negcache.$(OBJEXT) \ src/responder/common/responder_cmd.$(OBJEXT) \ src/responder/common/responder_common.$(OBJEXT) \ src/responder/common/responder_dp.$(OBJEXT) \ src/responder/common/responder_packet.$(OBJEXT) \ src/responder/common/responder_get_domains.$(OBJEXT) @BUILD_AUTOFS_TRUE@am_sssd_autofs_OBJECTS = \ @BUILD_AUTOFS_TRUE@ src/responder/autofs/autofssrv.$(OBJEXT) \ @BUILD_AUTOFS_TRUE@ src/responder/autofs/autofssrv_cmd.$(OBJEXT) \ @BUILD_AUTOFS_TRUE@ src/responder/autofs/autofssrv_dp.$(OBJEXT) \ @BUILD_AUTOFS_TRUE@ $(am__objects_55) sssd_autofs_OBJECTS = $(am_sssd_autofs_OBJECTS) @BUILD_AUTOFS_TRUE@sssd_autofs_DEPENDENCIES = $(am__DEPENDENCIES_3) \ @BUILD_AUTOFS_TRUE@ $(SSSD_INTERNAL_LTLIBS) am__sssd_be_SOURCES_DIST = src/providers/data_provider_be.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ src/providers/dp_dyndns.c src/providers/dp_ptask.c \ src/providers/dp_refresh.c src/providers/fail_over.c \ src/providers/fail_over_srv.c src/resolv/async_resolv.c \ src/resolv/async_resolv_utils.c \ src/resolv/ares/ares_parse_srv_reply.c \ src/resolv/ares/ares_data.c @BUILD_ARES_DATA_TRUE@am__objects_56 = src/resolv/ares/ares_parse_srv_reply.$(OBJEXT) \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/ares_data.$(OBJEXT) am__objects_57 = src/resolv/async_resolv.$(OBJEXT) \ src/resolv/async_resolv_utils.$(OBJEXT) $(am__objects_56) am__objects_58 = src/providers/fail_over.$(OBJEXT) \ src/providers/fail_over_srv.$(OBJEXT) $(am__objects_57) am_sssd_be_OBJECTS = src/providers/data_provider_be.$(OBJEXT) \ src/providers/data_provider_fo.$(OBJEXT) \ src/providers/data_provider_opts.$(OBJEXT) \ src/providers/data_provider_callbacks.$(OBJEXT) \ src/providers/dp_dyndns.$(OBJEXT) \ src/providers/dp_ptask.$(OBJEXT) \ src/providers/dp_refresh.$(OBJEXT) $(am__objects_58) sssd_be_OBJECTS = $(am_sssd_be_OBJECTS) sssd_be_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(SSSD_INTERNAL_LTLIBS) sssd_be_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(sssd_be_LDFLAGS) $(LDFLAGS) -o $@ am_sssd_nss_OBJECTS = src/responder/nss/nsssrv.$(OBJEXT) \ src/responder/nss/nsssrv_cmd.$(OBJEXT) \ src/responder/nss/nsssrv_netgroup.$(OBJEXT) \ src/responder/nss/nsssrv_services.$(OBJEXT) \ src/responder/nss/nsssrv_mmap_cache.$(OBJEXT) \ $(am__objects_55) sssd_nss_OBJECTS = $(am_sssd_nss_OBJECTS) sssd_nss_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3) \ libsss_idmap.la $(SSSD_INTERNAL_LTLIBS) am__objects_59 = src/responder/common/sssd_pac-negcache.$(OBJEXT) \ src/responder/common/sssd_pac-responder_cmd.$(OBJEXT) \ src/responder/common/sssd_pac-responder_common.$(OBJEXT) \ src/responder/common/sssd_pac-responder_dp.$(OBJEXT) \ src/responder/common/sssd_pac-responder_packet.$(OBJEXT) \ src/responder/common/sssd_pac-responder_get_domains.$(OBJEXT) am_sssd_pac_OBJECTS = src/responder/pac/sssd_pac-pacsrv.$(OBJEXT) \ src/responder/pac/sssd_pac-pacsrv_cmd.$(OBJEXT) \ src/responder/pac/sssd_pac-pacsrv_utils.$(OBJEXT) \ $(am__objects_59) sssd_pac_OBJECTS = $(am_sssd_pac_OBJECTS) sssd_pac_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_3) libsss_idmap.la $(SSSD_INTERNAL_LTLIBS) sssd_pac_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(sssd_pac_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am_sssd_pam_OBJECTS = src/responder/pam/pam_LOCAL_domain.$(OBJEXT) \ src/responder/pam/pamsrv.$(OBJEXT) \ src/responder/pam/pamsrv_cmd.$(OBJEXT) \ src/responder/pam/pamsrv_dp.$(OBJEXT) \ src/responder/pam/pam_helpers.$(OBJEXT) $(am__objects_55) sssd_pam_OBJECTS = $(am_sssd_pam_OBJECTS) sssd_pam_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3) \ $(am__DEPENDENCIES_1) $(SSSD_INTERNAL_LTLIBS) am__sssd_ssh_SOURCES_DIST = src/responder/ssh/sshsrv.c \ src/responder/ssh/sshsrv_dp.c src/responder/ssh/sshsrv_cmd.c \ src/responder/common/negcache.c \ src/responder/common/responder_cmd.c \ src/responder/common/responder_common.c \ src/responder/common/responder_dp.c \ src/responder/common/responder_packet.c \ src/responder/common/responder_get_domains.c @BUILD_SSH_TRUE@am_sssd_ssh_OBJECTS = \ @BUILD_SSH_TRUE@ src/responder/ssh/sshsrv.$(OBJEXT) \ @BUILD_SSH_TRUE@ src/responder/ssh/sshsrv_dp.$(OBJEXT) \ @BUILD_SSH_TRUE@ src/responder/ssh/sshsrv_cmd.$(OBJEXT) \ @BUILD_SSH_TRUE@ $(am__objects_55) sssd_ssh_OBJECTS = $(am_sssd_ssh_OBJECTS) @BUILD_SSH_TRUE@sssd_ssh_DEPENDENCIES = $(am__DEPENDENCIES_3) \ @BUILD_SSH_TRUE@ $(SSSD_INTERNAL_LTLIBS) am__sssd_sudo_SOURCES_DIST = src/responder/sudo/sudosrv.c \ src/responder/sudo/sudosrv_cmd.c \ src/responder/sudo/sudosrv_get_sudorules.c \ src/responder/sudo/sudosrv_query.c \ src/responder/sudo/sudosrv_dp.c \ src/responder/common/negcache.c \ src/responder/common/responder_cmd.c \ src/responder/common/responder_common.c \ src/responder/common/responder_dp.c \ src/responder/common/responder_packet.c \ src/responder/common/responder_get_domains.c @BUILD_SUDO_TRUE@am_sssd_sudo_OBJECTS = \ @BUILD_SUDO_TRUE@ src/responder/sudo/sudosrv.$(OBJEXT) \ @BUILD_SUDO_TRUE@ src/responder/sudo/sudosrv_cmd.$(OBJEXT) \ @BUILD_SUDO_TRUE@ src/responder/sudo/sudosrv_get_sudorules.$(OBJEXT) \ @BUILD_SUDO_TRUE@ src/responder/sudo/sudosrv_query.$(OBJEXT) \ @BUILD_SUDO_TRUE@ src/responder/sudo/sudosrv_dp.$(OBJEXT) \ @BUILD_SUDO_TRUE@ $(am__objects_55) sssd_sudo_OBJECTS = $(am_sssd_sudo_OBJECTS) @BUILD_SUDO_TRUE@sssd_sudo_DEPENDENCIES = $(am__DEPENDENCIES_3) \ @BUILD_SUDO_TRUE@ $(SSSD_INTERNAL_LTLIBS) am_stress_tests_OBJECTS = src/tests/stress-tests.$(OBJEXT) stress_tests_OBJECTS = $(am_stress_tests_OBJECTS) stress_tests_DEPENDENCIES = $(am__DEPENDENCIES_3) \ libsss_test_common.la am__strtonum_tests_SOURCES_DIST = src/tests/strtonum-tests.c \ src/util/strtonum.c @HAVE_CHECK_TRUE@am_strtonum_tests_OBJECTS = src/tests/strtonum_tests-strtonum-tests.$(OBJEXT) \ @HAVE_CHECK_TRUE@ src/util/strtonum_tests-strtonum.$(OBJEXT) strtonum_tests_OBJECTS = $(am_strtonum_tests_OBJECTS) @HAVE_CHECK_TRUE@strtonum_tests_DEPENDENCIES = $(am__DEPENDENCIES_3) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) libsss_debug.la \ @HAVE_CHECK_TRUE@ libsss_test_common.la strtonum_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(strtonum_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o \ $@ am__sysdb_tests_SOURCES_DIST = src/tests/sysdb-tests.c @HAVE_CHECK_TRUE@am_sysdb_tests_OBJECTS = \ @HAVE_CHECK_TRUE@ src/tests/sysdb_tests-sysdb-tests.$(OBJEXT) sysdb_tests_OBJECTS = $(am_sysdb_tests_OBJECTS) sysdb_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(sysdb_tests_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__sysdb_ssh_tests_SOURCES_DIST = src/tests/sysdb_ssh-tests.c @HAVE_CHECK_TRUE@am_sysdb_ssh_tests_OBJECTS = src/tests/sysdb_ssh_tests-sysdb_ssh-tests.$(OBJEXT) sysdb_ssh_tests_OBJECTS = $(am_sysdb_ssh_tests_OBJECTS) sysdb_ssh_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(sysdb_ssh_tests_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ -o $@ am__test_find_uid_SOURCES_DIST = src/tests/cmocka/test_find_uid.c \ src/util/find_uid.c src/util/atomic_io.c src/util/strtonum.c @HAVE_CMOCKA_TRUE@am_test_find_uid_OBJECTS = src/tests/cmocka/test_find_uid-test_find_uid.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/test_find_uid-find_uid.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/test_find_uid-atomic_io.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/test_find_uid-strtonum.$(OBJEXT) test_find_uid_OBJECTS = $(am_test_find_uid_OBJECTS) test_find_uid_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_find_uid_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__test_io_SOURCES_DIST = src/tests/cmocka/test_io.c src/util/io.c \ src/tests/common.c @HAVE_CMOCKA_TRUE@am_test_io_OBJECTS = \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_io-test_io.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/test_io-io.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/tests/test_io-common.$(OBJEXT) test_io_OBJECTS = $(am_test_io_OBJECTS) @HAVE_CMOCKA_TRUE@test_io_DEPENDENCIES = $(am__DEPENDENCIES_1) test_io_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_io_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__test_ipa_idmap_SOURCES_DIST = src/tests/cmocka/test_ipa_idmap.c \ src/providers/ipa/ipa_idmap.c @HAVE_CMOCKA_TRUE@am_test_ipa_idmap_OBJECTS = src/tests/cmocka/test_ipa_idmap-test_ipa_idmap.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/providers/ipa/test_ipa_idmap-ipa_idmap.$(OBJEXT) test_ipa_idmap_OBJECTS = $(am_test_ipa_idmap_OBJECTS) @HAVE_CMOCKA_TRUE@test_ipa_idmap_DEPENDENCIES = $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) libsss_idmap.la \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la test_ipa_idmap_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(test_ipa_idmap_CFLAGS) $(CFLAGS) $(test_ipa_idmap_LDFLAGS) \ $(LDFLAGS) -o $@ am__test_search_bases_SOURCES_DIST = src/providers/data_provider_be.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ src/providers/dp_dyndns.c src/providers/dp_ptask.c \ src/providers/dp_refresh.c src/providers/fail_over.c \ src/providers/fail_over_srv.c src/resolv/async_resolv.c \ src/resolv/async_resolv_utils.c \ src/resolv/ares/ares_parse_srv_reply.c \ src/resolv/ares/ares_data.c src/util/sss_ldap.c \ src/util/sss_krb5.c src/util/find_uid.c \ src/util/user_info_msg.c src/tests/cmocka/test_search_bases.c @BUILD_ARES_DATA_TRUE@am__objects_60 = src/resolv/ares/test_search_bases-ares_parse_srv_reply.$(OBJEXT) \ @BUILD_ARES_DATA_TRUE@ src/resolv/ares/test_search_bases-ares_data.$(OBJEXT) am__objects_61 = src/resolv/test_search_bases-async_resolv.$(OBJEXT) \ src/resolv/test_search_bases-async_resolv_utils.$(OBJEXT) \ $(am__objects_60) am__objects_62 = src/providers/test_search_bases-fail_over.$(OBJEXT) \ src/providers/test_search_bases-fail_over_srv.$(OBJEXT) \ $(am__objects_61) am__objects_63 = \ src/providers/test_search_bases-data_provider_be.$(OBJEXT) \ src/providers/test_search_bases-data_provider_fo.$(OBJEXT) \ src/providers/test_search_bases-data_provider_opts.$(OBJEXT) \ src/providers/test_search_bases-data_provider_callbacks.$(OBJEXT) \ src/providers/test_search_bases-dp_dyndns.$(OBJEXT) \ src/providers/test_search_bases-dp_ptask.$(OBJEXT) \ src/providers/test_search_bases-dp_refresh.$(OBJEXT) \ $(am__objects_62) @HAVE_CMOCKA_TRUE@am_test_search_bases_OBJECTS = $(am__objects_63) \ @HAVE_CMOCKA_TRUE@ src/util/test_search_bases-sss_ldap.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/test_search_bases-sss_krb5.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/test_search_bases-find_uid.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/util/test_search_bases-user_info_msg.$(OBJEXT) \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_search_bases-test_search_bases.$(OBJEXT) test_search_bases_OBJECTS = $(am_test_search_bases_OBJECTS) @HAVE_CMOCKA_TRUE@test_search_bases_DEPENDENCIES = \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_3) \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_ldap_common.la libsss_idmap.la \ @HAVE_CMOCKA_TRUE@ libsss_krb5_common.la libsss_test_common.la test_search_bases_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(test_search_bases_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ -o $@ am__test_sss_idmap_SOURCES_DIST = src/tests/cmocka/test_sss_idmap.c @HAVE_CMOCKA_TRUE@am_test_sss_idmap_OBJECTS = src/tests/cmocka/test_sss_idmap-test_sss_idmap.$(OBJEXT) test_sss_idmap_OBJECTS = $(am_test_sss_idmap_OBJECTS) @HAVE_CMOCKA_TRUE@test_sss_idmap_DEPENDENCIES = $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) libsss_idmap.la \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la test_sss_idmap_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(test_sss_idmap_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o \ $@ am__test_utils_SOURCES_DIST = src/tests/cmocka/test_utils.c @HAVE_CMOCKA_TRUE@am_test_utils_OBJECTS = src/tests/cmocka/test_utils-test_utils.$(OBJEXT) test_utils_OBJECTS = $(am_test_utils_OBJECTS) @HAVE_CMOCKA_TRUE@test_utils_DEPENDENCIES = $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la test_utils_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_utils_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__util_tests_SOURCES_DIST = src/tests/util-tests.c @HAVE_CHECK_TRUE@am_util_tests_OBJECTS = \ @HAVE_CHECK_TRUE@ src/tests/util_tests-util-tests.$(OBJEXT) util_tests_OBJECTS = $(am_util_tests_OBJECTS) @HAVE_CHECK_TRUE@util_tests_DEPENDENCIES = $(am__DEPENDENCIES_3) \ @HAVE_CHECK_TRUE@ $(am__DEPENDENCIES_1) $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la util_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(util_tests_CFLAGS) \ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ am__dist_init_SCRIPTS_DIST = src/sysv/SUSE/sssd src/sysv/gentoo/sssd \ src/sysv/sssd am__dist_sss_obfuscate_python_SCRIPTS_DIST = src/tools/sss_obfuscate SCRIPTS = $(dist_init_SCRIPTS) $(dist_noinst_SCRIPTS) \ $(dist_sss_obfuscate_python_SCRIPTS) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/build/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = $(libdlopen_test_providers_la_SOURCES) \ $(libipa_hbac_la_SOURCES) $(libnss_sss_la_SOURCES) \ $(libsss_ad_la_SOURCES) $(libsss_autofs_la_SOURCES) \ $(libsss_child_la_SOURCES) $(libsss_crypt_la_SOURCES) \ $(libsss_debug_la_SOURCES) $(libsss_idmap_la_SOURCES) \ $(libsss_ipa_la_SOURCES) $(libsss_krb5_la_SOURCES) \ $(libsss_krb5_common_la_SOURCES) $(libsss_ldap_la_SOURCES) \ $(libsss_ldap_common_la_SOURCES) \ $(libsss_nss_idmap_la_SOURCES) $(libsss_proxy_la_SOURCES) \ $(libsss_simple_la_SOURCES) $(libsss_sudo_la_SOURCES) \ $(libsss_test_common_la_SOURCES) $(libsss_util_la_SOURCES) \ $(memberof_la_SOURCES) $(pam_sss_la_SOURCES) \ $(pyhbac_la_SOURCES) $(pysss_la_SOURCES) \ $(pysss_murmur_la_SOURCES) $(pysss_nss_idmap_la_SOURCES) \ $(sssd_krb5_locator_plugin_la_SOURCES) \ $(sssd_pac_plugin_la_SOURCES) \ $(ad_access_filter_tests_SOURCES) $(ad_common_tests_SOURCES) \ $(ad_ldap_opt_tests_SOURCES) $(auth_tests_SOURCES) \ $(autofs_test_client_SOURCES) $(check_and_open_tests_SOURCES) \ $(crypto_tests_SOURCES) $(debug_tests_SOURCES) \ $(dlopen_tests_SOURCES) $(dp_opt_tests_SOURCES) \ $(dyndns_tests_SOURCES) $(fail_over_tests_SOURCES) \ $(files_tests_SOURCES) $(find_uid_tests_SOURCES) \ $(fqnames_tests_SOURCES) $(ipa_hbac_tests_SOURCES) \ $(ipa_ldap_opt_tests_SOURCES) $(krb5_child_test_SOURCES) \ $(krb5_utils_tests_SOURCES) $(krb5_child_SOURCES) \ $(ldap_child_SOURCES) $(nss_srv_tests_SOURCES) \ $(pam_test_client_SOURCES) $(proxy_child_SOURCES) \ $(refcount_tests_SOURCES) $(resolv_tests_SOURCES) \ $(responder_socket_access_tests_SOURCES) \ $(simple_access_tests_SOURCES) $(sss_cache_SOURCES) \ $(sss_debuglevel_SOURCES) $(sss_groupadd_SOURCES) \ $(sss_groupdel_SOURCES) $(sss_groupmod_SOURCES) \ $(sss_groupshow_SOURCES) $(sss_idmap_tests_SOURCES) \ $(sss_nss_idmap_tests_SOURCES) $(sss_seed_SOURCES) \ $(sss_ssh_authorizedkeys_SOURCES) \ $(sss_ssh_knownhostsproxy_SOURCES) $(sss_sudo_cli_SOURCES) \ $(sss_useradd_SOURCES) $(sss_userdel_SOURCES) \ $(sss_usermod_SOURCES) $(sssd_SOURCES) $(sssd_autofs_SOURCES) \ $(sssd_be_SOURCES) $(sssd_nss_SOURCES) $(sssd_pac_SOURCES) \ $(sssd_pam_SOURCES) $(sssd_ssh_SOURCES) $(sssd_sudo_SOURCES) \ $(stress_tests_SOURCES) $(strtonum_tests_SOURCES) \ $(sysdb_tests_SOURCES) $(sysdb_ssh_tests_SOURCES) \ $(test_find_uid_SOURCES) $(test_io_SOURCES) \ $(test_ipa_idmap_SOURCES) $(test_search_bases_SOURCES) \ $(test_sss_idmap_SOURCES) $(test_utils_SOURCES) \ $(util_tests_SOURCES) DIST_SOURCES = $(am__libdlopen_test_providers_la_SOURCES_DIST) \ $(libipa_hbac_la_SOURCES) $(libnss_sss_la_SOURCES) \ $(am__libsss_ad_la_SOURCES_DIST) \ $(am__libsss_autofs_la_SOURCES_DIST) \ $(libsss_child_la_SOURCES) $(am__libsss_crypt_la_SOURCES_DIST) \ $(libsss_debug_la_SOURCES) $(libsss_idmap_la_SOURCES) \ $(am__libsss_ipa_la_SOURCES_DIST) $(libsss_krb5_la_SOURCES) \ $(libsss_krb5_common_la_SOURCES) $(libsss_ldap_la_SOURCES) \ $(am__libsss_ldap_common_la_SOURCES_DIST) \ $(libsss_nss_idmap_la_SOURCES) $(libsss_proxy_la_SOURCES) \ $(libsss_simple_la_SOURCES) $(am__libsss_sudo_la_SOURCES_DIST) \ $(am__libsss_test_common_la_SOURCES_DIST) \ $(am__libsss_util_la_SOURCES_DIST) $(memberof_la_SOURCES) \ $(pam_sss_la_SOURCES) $(am__pyhbac_la_SOURCES_DIST) \ $(am__pysss_la_SOURCES_DIST) \ $(am__pysss_murmur_la_SOURCES_DIST) \ $(am__pysss_nss_idmap_la_SOURCES_DIST) \ $(am__sssd_krb5_locator_plugin_la_SOURCES_DIST) \ $(sssd_pac_plugin_la_SOURCES) \ $(am__ad_access_filter_tests_SOURCES_DIST) \ $(am__ad_common_tests_SOURCES_DIST) \ $(am__ad_ldap_opt_tests_SOURCES_DIST) \ $(am__auth_tests_SOURCES_DIST) \ $(am__autofs_test_client_SOURCES_DIST) \ $(am__check_and_open_tests_SOURCES_DIST) \ $(am__crypto_tests_SOURCES_DIST) \ $(am__debug_tests_SOURCES_DIST) \ $(am__dlopen_tests_SOURCES_DIST) \ $(am__dp_opt_tests_SOURCES_DIST) \ $(am__dyndns_tests_SOURCES_DIST) \ $(am__fail_over_tests_SOURCES_DIST) \ $(am__files_tests_SOURCES_DIST) \ $(am__find_uid_tests_SOURCES_DIST) \ $(am__fqnames_tests_SOURCES_DIST) \ $(am__ipa_hbac_tests_SOURCES_DIST) \ $(am__ipa_ldap_opt_tests_SOURCES_DIST) \ $(am__krb5_child_test_SOURCES_DIST) \ $(am__krb5_utils_tests_SOURCES_DIST) $(krb5_child_SOURCES) \ $(ldap_child_SOURCES) $(am__nss_srv_tests_SOURCES_DIST) \ $(pam_test_client_SOURCES) $(proxy_child_SOURCES) \ $(am__refcount_tests_SOURCES_DIST) \ $(am__resolv_tests_SOURCES_DIST) \ $(am__responder_socket_access_tests_SOURCES_DIST) \ $(am__simple_access_tests_SOURCES_DIST) $(sss_cache_SOURCES) \ $(sss_debuglevel_SOURCES) $(sss_groupadd_SOURCES) \ $(sss_groupdel_SOURCES) $(sss_groupmod_SOURCES) \ $(sss_groupshow_SOURCES) $(am__sss_idmap_tests_SOURCES_DIST) \ $(am__sss_nss_idmap_tests_SOURCES_DIST) $(sss_seed_SOURCES) \ $(am__sss_ssh_authorizedkeys_SOURCES_DIST) \ $(am__sss_ssh_knownhostsproxy_SOURCES_DIST) \ $(am__sss_sudo_cli_SOURCES_DIST) $(sss_useradd_SOURCES) \ $(sss_userdel_SOURCES) $(sss_usermod_SOURCES) $(sssd_SOURCES) \ $(am__sssd_autofs_SOURCES_DIST) $(am__sssd_be_SOURCES_DIST) \ $(sssd_nss_SOURCES) $(sssd_pac_SOURCES) $(sssd_pam_SOURCES) \ $(am__sssd_ssh_SOURCES_DIST) $(am__sssd_sudo_SOURCES_DIST) \ $(stress_tests_SOURCES) $(am__strtonum_tests_SOURCES_DIST) \ $(am__sysdb_tests_SOURCES_DIST) \ $(am__sysdb_ssh_tests_SOURCES_DIST) \ $(am__test_find_uid_SOURCES_DIST) $(am__test_io_SOURCES_DIST) \ $(am__test_ipa_idmap_SOURCES_DIST) \ $(am__test_search_bases_SOURCES_DIST) \ $(am__test_sss_idmap_SOURCES_DIST) \ $(am__test_utils_SOURCES_DIST) $(am__util_tests_SOURCES_DIST) RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__dist_noinst_DATA_DIST = src/config/testconfigs/sssd-valid.conf \ src/config/testconfigs/noparse.api.conf \ src/config/testconfigs/sssd-noversion.conf \ src/config/testconfigs/sssd-badversion.conf \ src/config/testconfigs/sssd-invalid.conf \ src/config/testconfigs/sssd-invalid-badbool.conf \ src/examples/sssd-example.conf src/examples/sssdproxytest \ src/examples/sudo src/examples/logrotate \ src/providers/sssd_be.exports src/sss_client/COPYING \ src/sss_client/COPYING.LESSER src/m4 \ src/sss_client/sss_nss.exports src/sss_client/sss_pam.exports \ src/sss_client/sss_sudo.exports \ src/sss_client/autofs/sss_autofs.exports m4 \ contrib/sssd.spec.in BUILD.txt COPYING am__dist_systemdunit_DATA_DIST = src/sysv/systemd/sssd.service DATA = $(dist_noinst_DATA) $(dist_pkgconfig_DATA) \ $(dist_sssdapiplugin_DATA) $(dist_sssddata_DATA) \ $(dist_systemdunit_DATA) am__dist_noinst_HEADERS_DIST = src/monitor/monitor.h \ src/util/crypto/sss_crypto.h src/util/dlinklist.h \ src/util/util.h src/util/io.h src/util/util_errors.h \ src/util/strtonum.h src/util/sss_endian.h src/util/sss_nss.h \ src/util/sss_ldap.h src/util/sss_python.h src/util/sss_krb5.h \ src/util/sss_selinux.h src/util/sss_utf8.h src/util/sss_ssh.h \ src/util/sss_ini.h src/util/sss_format.h src/util/refcount.h \ src/util/find_uid.h src/util/user_info_msg.h \ src/util/murmurhash3.h src/util/mmap_cache.h \ src/util/atomic_io.h src/util/auth_utils.h src/util/authtok.h \ src/util/util_safealign.h src/util/util_sss_idmap.h \ src/monitor/monitor_interfaces.h \ src/responder/common/responder.h \ src/responder/common/responder_packet.h \ src/responder/common/responder_sbus.h \ src/responder/pam/pamsrv.h src/responder/pam/pam_helpers.h \ src/responder/nss/nsssrv.h src/responder/nss/nsssrv_private.h \ src/responder/nss/nsssrv_netgroup.h \ src/responder/nss/nsssrv_services.h \ src/responder/nss/nsssrv_mmap_cache.h \ src/responder/pac/pacsrv.h src/responder/common/negcache.h \ src/responder/sudo/sudosrv_private.h \ src/responder/autofs/autofs_private.h \ src/responder/ssh/sshsrv_private.h src/sbus/sbus_client.h \ src/sbus/sssd_dbus.h src/sbus/sssd_dbus_private.h \ src/db/sysdb.h src/db/sysdb_sudo.h src/db/sysdb_autofs.h \ src/db/sysdb_selinux.h src/db/sysdb_private.h \ src/db/sysdb_services.h src/db/sysdb_ssh.h src/confdb/confdb.h \ src/confdb/confdb_private.h src/confdb/confdb_setup.h \ src/providers/data_provider.h src/providers/dp_backend.h \ src/providers/dp_dyndns.h src/providers/dp_ptask.h \ src/providers/dp_refresh.h src/providers/fail_over.h \ src/providers/fail_over_srv.h src/util/child_common.h \ src/providers/simple/simple_access.h \ src/providers/krb5/krb5_auth.h \ src/providers/krb5/krb5_common.h \ src/providers/krb5/krb5_utils.h \ src/providers/krb5/krb5_init_shared.h \ src/providers/krb5/krb5_opts.h \ src/providers/ldap/ldap_common.h src/providers/ldap/sdap.h \ src/providers/ldap/sdap_access.h \ src/providers/ldap/sdap_async.h \ src/providers/ldap/sdap_async_private.h \ src/providers/ldap/sdap_sudo_cache.h \ src/providers/ldap/sdap_sudo.h \ src/providers/ldap/sdap_autofs.h \ src/providers/ldap/sdap_id_op.h src/providers/ldap/ldap_opts.h \ src/providers/ldap/sdap_range.h \ src/providers/ldap/sdap_users.h \ src/providers/ldap/sdap_dyndns.h \ src/providers/ldap/sdap_async_enum.h \ src/providers/ipa/ipa_common.h src/providers/ipa/ipa_config.h \ src/providers/ipa/ipa_access.h src/providers/ipa/ipa_selinux.h \ src/providers/ipa/ipa_hosts.h \ src/providers/ipa/ipa_selinux_common.h \ src/providers/ipa/ipa_selinux_maps.h \ src/providers/ipa/ipa_auth.h src/providers/ipa/ipa_dyndns.h \ src/providers/ipa/ipa_subdomains.h src/providers/ipa/ipa_id.h \ src/providers/ipa/ipa_hostid.h src/providers/ipa/ipa_opts.h \ src/providers/ipa/ipa_srv.h src/providers/ad/ad_srv.h \ src/providers/proxy/proxy.h src/tools/tools_util.h \ src/tools/sss_sync_ops.h src/resolv/async_resolv.h \ src/resolv/ares/ares_parse_srv_reply.h \ src/resolv/ares/ares_parse_txt_reply.h \ src/resolv/ares/ares_data.h src/tests/common.h \ src/tests/common_check.h src/tests/cmocka/common_mock.h \ src/tests/cmocka/common_mock_resp.h \ src/sss_client/ssh/sss_ssh_client.h \ src/sss_client/sudo/sss_sudo.h \ src/lib/idmap/sss_idmap_private.h \ src/util/crypto/nss/nss_util.h HEADERS = $(dist_noinst_HEADERS) $(include_HEADERS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ cscope check recheck distdir dist dist-all distcheck am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ $(LISP)config.h.in # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags CSCOPE = cscope am__tty_colors_dummy = \ mgn= red= grn= lgn= blu= brg= std=; \ am__color_tests=no am__tty_colors = { \ $(am__tty_colors_dummy); \ if test "X$(AM_COLOR_TESTS)" = Xno; then \ am__color_tests=no; \ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ am__color_tests=yes; \ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ am__color_tests=yes; \ fi; \ if test $$am__color_tests = yes; then \ red=''; \ grn=''; \ lgn=''; \ blu=''; \ mgn=''; \ brg=''; \ std=''; \ fi; \ } am__recheck_rx = ^[ ]*:recheck:[ ]* am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* # A command that, given a newline-separated list of test names on the # standard input, print the name of the tests that are to be re-run # upon "make recheck". am__list_recheck_tests = $(AWK) '{ \ recheck = 1; \ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ { \ if (rc < 0) \ { \ if ((getline line2 < ($$0 ".log")) < 0) \ recheck = 0; \ break; \ } \ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ { \ recheck = 0; \ break; \ } \ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ { \ break; \ } \ }; \ if (recheck) \ print $$0; \ close ($$0 ".trs"); \ close ($$0 ".log"); \ }' # A command that, given a newline-separated list of test names on the # standard input, create the global log from their .trs and .log files. am__create_global_log = $(AWK) ' \ function fatal(msg) \ { \ print "fatal: making $@: " msg | "cat >&2"; \ exit 1; \ } \ function rst_section(header) \ { \ print header; \ len = length(header); \ for (i = 1; i <= len; i = i + 1) \ printf "="; \ printf "\n\n"; \ } \ { \ copy_in_global_log = 1; \ global_test_result = "RUN"; \ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ { \ if (rc < 0) \ fatal("failed to read from " $$0 ".trs"); \ if (line ~ /$(am__global_test_result_rx)/) \ { \ sub("$(am__global_test_result_rx)", "", line); \ sub("[ ]*$$", "", line); \ global_test_result = line; \ } \ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ copy_in_global_log = 0; \ }; \ if (copy_in_global_log) \ { \ rst_section(global_test_result ": " $$0); \ while ((rc = (getline line < ($$0 ".log"))) != 0) \ { \ if (rc < 0) \ fatal("failed to read from " $$0 ".log"); \ print line; \ }; \ printf "\n"; \ }; \ close ($$0 ".trs"); \ close ($$0 ".log"); \ }' # Restructured Text title. am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } # Solaris 10 'make', and several other traditional 'make' implementations, # pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it # by disabling -e (using the XSI extension "set +e") if it's set. am__sh_e_setup = case $$- in *e*) set +e;; esac # Default flags passed to test drivers. am__common_driver_flags = \ --color-tests "$$am__color_tests" \ --enable-hard-errors "$$am__enable_hard_errors" \ --expect-failure "$$am__expect_failure" # To be inserted before the command running the test. Creates the # directory for the log if needed. Stores in $dir the directory # containing $f, in $tst the test, in $log the log. Executes the # developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and # passes TESTS_ENVIRONMENT. Set up options for the wrapper that # will run the test scripts (or their associated LOG_COMPILER, if # thy have one). am__check_pre = \ $(am__sh_e_setup); \ $(am__vpath_adj_setup) $(am__vpath_adj) \ $(am__tty_colors); \ srcdir=$(srcdir); export srcdir; \ case "$@" in \ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ *) am__odir=.;; \ esac; \ test "x$$am__odir" = x"." || test -d "$$am__odir" \ || $(MKDIR_P) "$$am__odir" || exit $$?; \ if test -f "./$$f"; then dir=./; \ elif test -f "$$f"; then dir=; \ else dir="$(srcdir)/"; fi; \ tst=$$dir$$f; log='$@'; \ if test -n '$(DISABLE_HARD_ERRORS)'; then \ am__enable_hard_errors=no; \ else \ am__enable_hard_errors=yes; \ fi; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ am__expect_failure=yes;; \ *) \ am__expect_failure=no;; \ esac; \ $(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) # A shell command to get the names of the tests scripts with any registered # extension removed (i.e., equivalently, the names of the test logs, with # the '.log' extension removed). The result is saved in the shell variable # '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, # we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", # since that might cause problem with VPATH rewrites for suffix-less tests. # See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. am__set_TESTS_bases = \ bases='$(TEST_LOGS)'; \ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ bases=`echo $$bases` RECHECK_LOGS = $(TEST_LOGS) TEST_SUITE_LOG = test-suite.log TEST_EXTENSIONS = @EXEEXT@ .test LOG_DRIVER = $(SHELL) $(top_srcdir)/build/test-driver LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) am__set_b = \ case '$@' in \ */*) \ case '$*' in \ */*) b='$*';; \ *) b=`echo '$@' | sed 's/\.log$$//'`; \ esac;; \ *) \ b='$*';; \ esac am__test_logs1 = $(TESTS:=.log) am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) TEST_LOGS = $(am__test_logs2:.test.log=.log) TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build/test-driver TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ $(TEST_LOG_FLAGS) DIST_SUBDIRS = po src/man DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ if test -d "$(distdir)"; then \ find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ && rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi am__post_remove_distdir = $(am__remove_distdir) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best DIST_TARGETS = dist-gzip distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CARES_CFLAGS = @CARES_CFLAGS@ CARES_LIBS = @CARES_LIBS@ CARES_OBJ = @CARES_OBJ@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CHECK_CFLAGS = @CHECK_CFLAGS@ CHECK_LIBS = @CHECK_LIBS@ CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ CMOCKA_LIBS = @CMOCKA_LIBS@ COLLECTION_CFLAGS = @COLLECTION_CFLAGS@ COLLECTION_LIBS = @COLLECTION_LIBS@ COLLECTION_OBJ = @COLLECTION_OBJ@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CYGPATH_W = @CYGPATH_W@ DBUS_CFLAGS = @DBUS_CFLAGS@ DBUS_LIBS = @DBUS_LIBS@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DHASH_CFLAGS = @DHASH_CFLAGS@ DHASH_LIBS = @DHASH_LIBS@ DHASH_OBJ = @DHASH_OBJ@ DLLTOOL = @DLLTOOL@ DOCBOOK_XSLT = @DOCBOOK_XSLT@ DOXYGEN = @DOXYGEN@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GLIB2_CFLAGS = @GLIB2_CFLAGS@ GLIB2_LIBS = @GLIB2_LIBS@ GMSGFMT = @GMSGFMT@ GREP = @GREP@ HAVE_MANPAGES = @HAVE_MANPAGES@ HAVE_PYTHON_BINDINGS = @HAVE_PYTHON_BINDINGS@ HAVE_SELINUX = @HAVE_SELINUX@ HAVE_SEMANAGE = @HAVE_SEMANAGE@ HAVE_SYSTEMD = @HAVE_SYSTEMD@ INI_CONFIG_CFLAGS = @INI_CONFIG_CFLAGS@ INI_CONFIG_LIBS = @INI_CONFIG_LIBS@ INI_CONFIG_OBJ = @INI_CONFIG_OBJ@ INOTIFY_LIBS = @INOTIFY_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ KEYUTILS_LIBS = @KEYUTILS_LIBS@ KRB5_CFLAGS = @KRB5_CFLAGS@ KRB5_CONFIG = @KRB5_CONFIG@ KRB5_LIBS = @KRB5_LIBS@ LD = @LD@ LDB_CFLAGS = @LDB_CFLAGS@ LDB_LIBS = @LDB_LIBS@ LDB_OBJ = @LDB_OBJ@ LDFLAGS = @LDFLAGS@ LIBADD_DL = @LIBADD_DL@ LIBADD_DLD_LINK = @LIBADD_DLD_LINK@ LIBADD_DLOPEN = @LIBADD_DLOPEN@ LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBNL_CFLAGS = @LIBNL_CFLAGS@ LIBNL_LIBS = @LIBNL_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ LT_DLLOADERS = @LT_DLLOADERS@ LT_DLPREOPEN = @LT_DLPREOPEN@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MKINSTALLDIRS = @MKINSTALLDIRS@ MSGFMT = @MSGFMT@ MSGMERGE = @MSGMERGE@ NDR_KRB5PAC_CFLAGS = @NDR_KRB5PAC_CFLAGS@ NDR_KRB5PAC_LIBS = @NDR_KRB5PAC_LIBS@ NDR_NBT_CFLAGS = @NDR_NBT_CFLAGS@ NDR_NBT_LIBS = @NDR_NBT_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ NSCD = @NSCD@ NSCD_PATH = @NSCD_PATH@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ NSUPDATE = @NSUPDATE@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENLDAP_CFLAGS = @OPENLDAP_CFLAGS@ OPENLDAP_LIBS = @OPENLDAP_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_LIBS = @PAM_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRE_CFLAGS = @PCRE_CFLAGS@ PCRE_LIBS = @PCRE_LIBS@ PCRE_OBJ = @PCRE_OBJ@ PKG_CONFIG = @PKG_CONFIG@ PO4A = @PO4A@ POPT_CFLAGS = @POPT_CFLAGS@ POPT_LIBS = @POPT_LIBS@ POPT_OBJ = @POPT_OBJ@ POSUB = @POSUB@ PRERELEASE_VERSION = @PRERELEASE_VERSION@ PYTHON = @PYTHON@ PYTHON_CFLAGS = @PYTHON_CFLAGS@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_INCLUDES = @PYTHON_INCLUDES@ PYTHON_LIBS = @PYTHON_LIBS@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ SED = @SED@ SELINUX_LIBS = @SELINUX_LIBS@ SEMANAGE_LIBS = @SEMANAGE_LIBS@ SET_MAKE = @SET_MAKE@ SGML_CATALOG_FILES = @SGML_CATALOG_FILES@ SHELL = @SHELL@ STRIP = @STRIP@ TALLOC_CFLAGS = @TALLOC_CFLAGS@ TALLOC_LIBS = @TALLOC_LIBS@ TALLOC_OBJ = @TALLOC_OBJ@ TDB_CFLAGS = @TDB_CFLAGS@ TDB_LIBS = @TDB_LIBS@ TDB_OBJ = @TDB_OBJ@ TEST_DIR = @TEST_DIR@ TEVENT_CFLAGS = @TEVENT_CFLAGS@ TEVENT_LIBS = @TEVENT_LIBS@ TEVENT_OBJ = @TEVENT_OBJ@ UNICODE_LIBS = @UNICODE_LIBS@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XMLLINT = @XMLLINT@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ appmodpath = @appmodpath@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ config_def_ccache_dir = @config_def_ccache_dir@ config_def_ccname_template = @config_def_ccname_template@ datadir = @datadir@ datarootdir = @datarootdir@ dbpath = @dbpath@ docdir = @docdir@ dvidir = @dvidir@ environment_file = @environment_file@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ initdir = @initdir@ install_sh = @install_sh@ krb5authdatapluginpath = @krb5authdatapluginpath@ krb5pluginpath = @krb5pluginpath@ krb5rcachedir = @krb5rcachedir@ ldblibdir = @ldblibdir@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ logpath = @logpath@ mandir = @mandir@ mcpath = @mcpath@ mkdir_p = @mkdir_p@ nsslibdir = @nsslibdir@ oldincludedir = @oldincludedir@ pammoddir = @pammoddir@ pdfdir = @pdfdir@ pidpath = @pidpath@ pipepath = @pipepath@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ pluginpath = @pluginpath@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pubconfpath = @pubconfpath@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedbuilddir = @sharedbuilddir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sudolibpath = @sudolibpath@ sysconfdir = @sysconfdir@ systemdunitdir = @systemdunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ extra_distcheck_flags = $(am__append_1) DISTCHECK_CONFIGURE_FLAGS = --with-ldb-lib-dir="$$dc_install_base"/lib/ldb \ --enable-all-experimental-features \ $(extra_distcheck_flags) SUBDIRS = po $(am__append_2) DISTSETUPOPTS = $(am__append_3) sssdlibexecdir = $(libexecdir)/sssd sssdlibdir = $(libdir)/sssd @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@krb5plugindir = @krb5pluginpath@ @BUILD_PAC_RESPONDER_TRUE@krb5authdata_plugindir = @krb5authdatapluginpath@ sssdconfdir = $(sysconfdir)/sssd sssddatadir = $(datadir)/sssd sssdapiplugindir = $(sssddatadir)/sssd.api.d dbusintrospectdir = $(datarootdir)/sssd/introspect pamlibdir = @pammoddir@ autofslibdir = @appmodpath@ pkgconfigdir = $(libdir)/pkgconfig sudolibdir = @sudolibpath@ AM_CFLAGS = $(am__append_4) $(am__append_5) dist_pkgconfig_DATA = src/providers/ipa/ipa_hbac.pc \ src/lib/idmap/sss_idmap.pc \ src/sss_client/idmap/sss_nss_idmap.pc ACLOCAL_AMFLAGS = -I m4 -I . @HAVE_CHECK_TRUE@non_interactive_check_based_tests = dlopen-tests \ @HAVE_CHECK_TRUE@ sysdb-tests strtonum-tests resolv-tests \ @HAVE_CHECK_TRUE@ krb5-utils-tests check_and_open-tests \ @HAVE_CHECK_TRUE@ files-tests refcount-tests fail_over-tests \ @HAVE_CHECK_TRUE@ find_uid-tests auth-tests ipa_ldap_opt-tests \ @HAVE_CHECK_TRUE@ ad_ldap_opt-tests simple_access-tests \ @HAVE_CHECK_TRUE@ crypto-tests util-tests debug-tests \ @HAVE_CHECK_TRUE@ ipa_hbac-tests sss_idmap-tests \ @HAVE_CHECK_TRUE@ responder_socket_access-tests \ @HAVE_CHECK_TRUE@ $(am__append_10) @HAVE_CMOCKA_TRUE@non_interactive_cmocka_based_tests = \ @HAVE_CMOCKA_TRUE@ nss-srv-tests \ @HAVE_CMOCKA_TRUE@ test-find-uid \ @HAVE_CMOCKA_TRUE@ test-io \ @HAVE_CMOCKA_TRUE@ sss_nss_idmap-tests \ @HAVE_CMOCKA_TRUE@ dyndns-tests \ @HAVE_CMOCKA_TRUE@ fqnames-tests \ @HAVE_CMOCKA_TRUE@ test_sss_idmap \ @HAVE_CMOCKA_TRUE@ test_ipa_idmap \ @HAVE_CMOCKA_TRUE@ test_utils \ @HAVE_CMOCKA_TRUE@ ad_access_filter_tests \ @HAVE_CMOCKA_TRUE@ ad_common_tests \ @HAVE_CMOCKA_TRUE@ dp_opt_tests \ @HAVE_CMOCKA_TRUE@ test_search_bases PYTHON_TESTS = $(am__append_11) sssdlib_LTLIBRARIES = \ libsss_ldap.la \ libsss_krb5.la \ libsss_proxy.la \ libsss_ipa.la \ libsss_ad.la \ libsss_simple.la ldblib_LTLIBRARIES = \ memberof.la @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@krb5plugin_LTLIBRARIES = \ @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@ sssd_krb5_locator_plugin.la @BUILD_PAC_RESPONDER_TRUE@krb5authdata_plugin_LTLIBRARIES = \ @BUILD_PAC_RESPONDER_TRUE@ sssd_pac_plugin.la noinst_LTLIBRARIES = libsss_test_common.la ##################### # Utility libraries # ##################### #################### # Plugin Libraries # #################### pkglib_LTLIBRARIES = libsss_crypt.la libsss_debug.la libsss_child.la \ libsss_util.la libsss_ldap_common.la libsss_krb5_common.la @HAVE_NSS_FALSE@SSS_CRYPT_SOURCES = src/util/crypto/libcrypto/crypto_base64.c \ @HAVE_NSS_FALSE@ src/util/crypto/libcrypto/crypto_hmac_sha1.c \ @HAVE_NSS_FALSE@ src/util/crypto/libcrypto/crypto_sha512crypt.c \ @HAVE_NSS_FALSE@ src/util/crypto/libcrypto/crypto_obfuscate.c @HAVE_NSS_TRUE@SSS_CRYPT_SOURCES = src/util/crypto/nss/nss_base64.c \ @HAVE_NSS_TRUE@ src/util/crypto/nss/nss_hmac_sha1.c \ @HAVE_NSS_TRUE@ src/util/crypto/nss/nss_sha512crypt.c \ @HAVE_NSS_TRUE@ src/util/crypto/nss/nss_obfuscate.c \ @HAVE_NSS_TRUE@ src/util/crypto/nss/nss_util.c @HAVE_NSS_FALSE@SSS_CRYPT_CFLAGS = $(CRYPTO_CFLAGS) @HAVE_NSS_TRUE@SSS_CRYPT_CFLAGS = $(NSS_CFLAGS) @HAVE_NSS_FALSE@SSS_CRYPT_LIBS = $(CRYPTO_LIBS) @HAVE_NSS_TRUE@SSS_CRYPT_LIBS = $(NSS_LIBS) libsss_crypt_la_SOURCES = \ $(SSS_CRYPT_SOURCES) libsss_crypt_la_CFLAGS = \ $(SSS_CRYPT_CFLAGS) \ $(DHASH_CFLAGS) libsss_crypt_la_LIBADD = \ $(SSS_CRYPT_LIBS) libsss_crypt_la_LDFLAGS = \ -avoid-version @BUILD_PYTHON_BINDINGS_TRUE@pyexec_LTLIBRARIES = \ @BUILD_PYTHON_BINDINGS_TRUE@ pysss.la \ @BUILD_PYTHON_BINDINGS_TRUE@ pyhbac.la \ @BUILD_PYTHON_BINDINGS_TRUE@ pysss_murmur.la \ @BUILD_PYTHON_BINDINGS_TRUE@ pysss_nss_idmap.la dist_noinst_SCRIPTS = \ $(EXTRA_SCRIPTS) \ src/config/setup.py \ src/config/SSSDConfig/ipachangeconf.py \ src/config/SSSDConfig/__init__.py \ src/config/SSSDConfigTest.py \ src/config/SSSDConfig/sssd_upgrade_config.py \ contrib/rhel/update_debug_levels.py \ contrib/fedora/bashrc_sssd \ contrib/fedora/make_srpm.sh \ src/tests/pyhbac-test.py \ src/tests/pysss_murmur-test.py dist_noinst_DATA = src/config/testconfigs/sssd-valid.conf \ src/config/testconfigs/noparse.api.conf \ src/config/testconfigs/sssd-noversion.conf \ src/config/testconfigs/sssd-badversion.conf \ src/config/testconfigs/sssd-invalid.conf \ src/config/testconfigs/sssd-invalid-badbool.conf \ src/examples/sssd-example.conf src/examples/sssdproxytest \ src/examples/sudo src/examples/logrotate \ src/providers/sssd_be.exports src/sss_client/COPYING \ src/sss_client/COPYING.LESSER src/m4 \ src/sss_client/sss_nss.exports src/sss_client/sss_pam.exports \ $(am__append_28) $(am__append_29) m4 contrib/sssd.spec.in \ BUILD.txt COPYING ############################### # Global compilation settings # ############################### AM_CPPFLAGS = \ -Wall \ -Iinclude \ -I.. \ -I$(srcdir)/include \ -I$(srcdir)/src/sss_client \ -I$(srcdir)/src \ -Iinclude \ -I. \ $(POPT_CFLAGS) \ $(TALLOC_CFLAGS) \ $(TDB_CFLAGS) \ $(TEVENT_CFLAGS) \ $(LDB_CFLAGS) \ $(DBUS_CFLAGS) \ $(PCRE_CFLAGS) \ $(COLLECTION_CFLAGS) \ $(INI_CONFIG_CFLAGS) \ $(DHASH_CFLAGS) \ $(LIBNL_CFLAGS) \ $(OPENLDAP_CFLAGS) \ $(GLIB2_CFLAGS) \ -DLIBDIR=\"$(libdir)\" \ -DVARDIR=\"$(localstatedir)\" \ -DSHLIBEXT=\"$(SHLIBEXT)\" \ -DSSSD_LIBEXEC_PATH=\"$(sssdlibexecdir)\" \ -DSSSD_INTROSPECT_PATH=\"$(dbusinstropectdir)\" \ -DSSSD_CONF_DIR=\"$(sssdconfdir)\" \ -DSSS_NSS_MCACHE_DIR=\"$(mcpath)\" \ -DSSS_NSS_SOCKET_NAME=\"$(pipepath)/nss\" \ -DSSS_PAM_SOCKET_NAME=\"$(pipepath)/pam\" \ -DSSS_PAC_SOCKET_NAME=\"$(pipepath)/pac\" \ -DSSS_PAM_PRIV_SOCKET_NAME=\"$(pipepath)/private/pam\" \ -DSSS_SUDO_SOCKET_NAME=\"$(pipepath)/sudo\" \ -DSSS_AUTOFS_SOCKET_NAME=\"$(pipepath)/autofs\" \ -DSSS_SSH_SOCKET_NAME=\"$(pipepath)/ssh\" \ -DLOCALEDIR=\"$(localedir)\" EXTRA_DIST = build/config.rpath src/sysv/systemd/sssd.service.in SSSD_RESPONDER_OBJ = \ src/responder/common/negcache.c \ src/responder/common/responder_cmd.c \ src/responder/common/responder_common.c \ src/responder/common/responder_dp.c \ src/responder/common/responder_packet.c \ src/responder/common/responder_get_domains.c SSSD_TOOLS_OBJ = \ src/tools/sss_sync_ops.c \ src/tools/tools_util.c \ src/tools/files.c \ src/tools/selinux.c \ src/util/nscd.c SSSD_LCL_TOOLS_OBJ = \ src/sss_client/common.c \ src/tools/tools_mc_util.c \ $(SSSD_TOOLS_OBJ) SSSD_RESOLV_OBJ = src/resolv/async_resolv.c \ src/resolv/async_resolv_utils.c $(am__append_12) SSSD_FAILOVER_OBJ = \ src/providers/fail_over.c \ src/providers/fail_over_srv.c \ $(SSSD_RESOLV_OBJ) SSSD_LIBS = \ $(TALLOC_LIBS) \ $(TEVENT_LIBS) \ $(POPT_LIBS) \ $(LDB_LIBS) \ $(DBUS_LIBS) \ $(PCRE_LIBS) \ $(INI_CONFIG_LIBS) \ $(COLLECTION_LIBS) \ $(DHASH_LIBS) \ $(SSS_CRYPT_LIBS) \ $(OPENLDAP_LIBS) \ $(TDB_LIBS) PYTHON_BINDINGS_LIBS = $(TALLOC_LIBS) $(TEVENT_LIBS) $(POPT_LIBS) \ $(LDB_LIBS) $(DBUS_LIBS) $(PCRE_LIBS) $(DHASH_LIBS) \ $(SSS_CRYPT_LIBS) $(OPENLDAP_LIBS) $(TDB_LIBS) \ $(am__append_13) $(am__append_15) TOOLS_LIBS = $(LTLIBINTL) $(TALLOC_LIBS) $(TEVENT_LIBS) $(POPT_LIBS) \ $(LDB_LIBS) $(DBUS_LIBS) $(PCRE_LIBS) $(INI_CONFIG_LIBS) \ $(COLLECTION_LIBS) $(DHASH_LIBS) $(OPENLDAP_LIBS) $(TDB_LIBS) \ $(am__append_14) $(am__append_16) dist_noinst_HEADERS = src/monitor/monitor.h \ src/util/crypto/sss_crypto.h src/util/dlinklist.h \ src/util/util.h src/util/io.h src/util/util_errors.h \ src/util/strtonum.h src/util/sss_endian.h src/util/sss_nss.h \ src/util/sss_ldap.h src/util/sss_python.h src/util/sss_krb5.h \ src/util/sss_selinux.h src/util/sss_utf8.h src/util/sss_ssh.h \ src/util/sss_ini.h src/util/sss_format.h src/util/refcount.h \ src/util/find_uid.h src/util/user_info_msg.h \ src/util/murmurhash3.h src/util/mmap_cache.h \ src/util/atomic_io.h src/util/auth_utils.h src/util/authtok.h \ src/util/util_safealign.h src/util/util_sss_idmap.h \ src/monitor/monitor.h src/monitor/monitor_interfaces.h \ src/responder/common/responder.h \ src/responder/common/responder_packet.h \ src/responder/common/responder_sbus.h \ src/responder/pam/pamsrv.h src/responder/pam/pam_helpers.h \ src/responder/nss/nsssrv.h src/responder/nss/nsssrv_private.h \ src/responder/nss/nsssrv_netgroup.h \ src/responder/nss/nsssrv_services.h \ src/responder/nss/nsssrv_mmap_cache.h \ src/responder/pac/pacsrv.h src/responder/common/negcache.h \ src/responder/sudo/sudosrv_private.h \ src/responder/autofs/autofs_private.h \ src/responder/ssh/sshsrv_private.h src/sbus/sbus_client.h \ src/sbus/sssd_dbus.h src/sbus/sssd_dbus_private.h \ src/db/sysdb.h src/db/sysdb_sudo.h src/db/sysdb_autofs.h \ src/db/sysdb_selinux.h src/db/sysdb_private.h \ src/db/sysdb_services.h src/db/sysdb_ssh.h src/confdb/confdb.h \ src/confdb/confdb_private.h src/confdb/confdb_setup.h \ src/providers/data_provider.h src/providers/dp_backend.h \ src/providers/dp_dyndns.h src/providers/dp_ptask.h \ src/providers/dp_refresh.h src/providers/fail_over.h \ src/providers/fail_over_srv.h src/util/child_common.h \ src/providers/simple/simple_access.h \ src/providers/krb5/krb5_auth.h \ src/providers/krb5/krb5_common.h \ src/providers/krb5/krb5_utils.h \ src/providers/krb5/krb5_init_shared.h \ src/providers/krb5/krb5_opts.h \ src/providers/ldap/ldap_common.h src/providers/ldap/sdap.h \ src/providers/ldap/sdap_access.h \ src/providers/ldap/sdap_async.h \ src/providers/ldap/sdap_async_private.h \ src/providers/ldap/sdap_sudo_cache.h \ src/providers/ldap/sdap_sudo.h \ src/providers/ldap/sdap_autofs.h \ src/providers/ldap/sdap_id_op.h src/providers/ldap/ldap_opts.h \ src/providers/ldap/sdap_range.h \ src/providers/ldap/sdap_users.h \ src/providers/ldap/sdap_dyndns.h \ src/providers/ldap/sdap_async_enum.h \ src/providers/ipa/ipa_common.h src/providers/ipa/ipa_config.h \ src/providers/ipa/ipa_access.h src/providers/ipa/ipa_selinux.h \ src/providers/ipa/ipa_hosts.h \ src/providers/ipa/ipa_selinux_common.h \ src/providers/ipa/ipa_selinux_maps.h \ src/providers/ipa/ipa_auth.h src/providers/ipa/ipa_dyndns.h \ src/providers/ipa/ipa_subdomains.h src/providers/ipa/ipa_id.h \ src/providers/ipa/ipa_hostid.h src/providers/ipa/ipa_opts.h \ src/providers/ipa/ipa_srv.h src/providers/ad/ad_srv.h \ src/providers/proxy/proxy.h src/tools/tools_util.h \ src/tools/sss_sync_ops.h src/resolv/async_resolv.h \ src/resolv/ares/ares_parse_srv_reply.h \ src/resolv/ares/ares_parse_txt_reply.h \ src/resolv/ares/ares_data.h src/tests/common.h \ src/tests/common_check.h src/tests/cmocka/common_mock.h \ src/tests/cmocka/common_mock_resp.h \ src/sss_client/ssh/sss_ssh_client.h \ src/sss_client/sudo/sss_sudo.h \ src/lib/idmap/sss_idmap_private.h $(am__append_17) SSSD_DOCS = doc hbac_doc idmap_doc nss_idmap_doc $(am__append_18) CLIENT_LIBS = $(LTLIBINTL) $(am__append_19) libsss_debug_la_SOURCES = \ src/util/debug.c \ src/util/sss_log.c libsss_debug_la_LDFLAGS = \ -avoid-version libsss_child_la_SOURCES = src/util/child_common.c libsss_child_la_LDFLAGS = -avoid-version libsss_util_la_SOURCES = src/confdb/confdb.c src/db/sysdb.c \ src/db/sysdb_ops.c src/db/sysdb_search.c \ src/db/sysdb_selinux.c src/db/sysdb_upgrade.c \ src/db/sysdb_services.c src/db/sysdb_autofs.c \ src/db/sysdb_subdomains.c src/db/sysdb_ranges.c \ src/db/sysdb_idmap.c src/monitor/monitor_sbus.c \ src/providers/dp_auth_util.c src/providers/dp_pam_data_util.c \ src/providers/dp_sbus.c src/sbus/sbus_client.c \ src/sbus/sssd_dbus_common.c src/sbus/sssd_dbus_connection.c \ src/sbus/sssd_dbus_server.c src/util/util.c src/util/memory.c \ src/util/server.c src/util/signal.c src/util/usertools.c \ src/util/backup_file.c src/util/strtonum.c \ src/util/check_and_open.c src/util/refcount.c \ src/util/sss_nss.c src/util/sss_utf8.c src/util/sss_tc_utf8.c \ src/util/murmurhash3.c src/util/atomic_io.c src/util/authtok.c \ src/util/sss_selinux.c src/util/domain_info_utils.c \ src/util/util_lock.c src/util/util_errors.c src/util/sss_ini.c \ src/util/io.c src/util/util_sss_idmap.c $(am__append_20) \ $(am__append_21) libsss_util_la_LIBADD = \ $(SSSD_LIBS) \ $(UNICODE_LIBS) libsss_util_la_LDFLAGS = -avoid-version SSSD_INTERNAL_LTLIBS = \ libsss_util.la \ libsss_crypt.la \ libsss_debug.la \ libsss_child.la lib_LTLIBRARIES = libipa_hbac.la libsss_idmap.la libsss_nss_idmap.la libipa_hbac_la_SOURCES = \ src/providers/ipa/hbac_evaluator.c \ src/util/sss_utf8.c libipa_hbac_la_LIBADD = \ $(UNICODE_LIBS) libipa_hbac_la_LDFLAGS = \ -version-info 0:1:0 libsss_idmap_la_SOURCES = \ src/lib/idmap/sss_idmap.c \ src/lib/idmap/sss_idmap_conv.c \ src/util/murmurhash3.c libsss_idmap_la_LDFLAGS = \ -version-info 4:0:4 libsss_nss_idmap_la_SOURCES = \ src/sss_client/idmap/sss_nss_idmap.c \ src/sss_client/common.c \ src/util/strtonum.c libsss_nss_idmap_la_LIBADD = \ $(CLIENT_LIBS) libsss_nss_idmap_la_LDFLAGS = \ -version-info 0:1:0 include_HEADERS = \ src/providers/ipa/ipa_hbac.h \ src/lib/idmap/sss_idmap.h \ src/sss_client/idmap/sss_nss_idmap.h #################### # Program Binaries # #################### sssd_SOURCES = \ src/monitor/monitor.c \ src/monitor/monitor_netlink.c \ src/confdb/confdb_setup.c \ src/util/nscd.c sssd_LDADD = \ $(SSSD_LIBS) \ $(INOTIFY_LIBS) \ $(LIBNL_LIBS) \ $(KEYUTILS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) sssd_nss_SOURCES = \ src/responder/nss/nsssrv.c \ src/responder/nss/nsssrv_cmd.c \ src/responder/nss/nsssrv_netgroup.c \ src/responder/nss/nsssrv_services.c \ src/responder/nss/nsssrv_mmap_cache.c \ $(SSSD_RESPONDER_OBJ) sssd_nss_LDADD = \ $(TDB_LIBS) \ $(SSSD_LIBS) \ libsss_idmap.la \ $(SSSD_INTERNAL_LTLIBS) sssd_pam_SOURCES = \ src/responder/pam/pam_LOCAL_domain.c \ src/responder/pam/pamsrv.c \ src/responder/pam/pamsrv_cmd.c \ src/responder/pam/pamsrv_dp.c \ src/responder/pam/pam_helpers.c \ $(SSSD_RESPONDER_OBJ) sssd_pam_LDADD = \ $(TDB_LIBS) \ $(SSSD_LIBS) \ $(SELINUX_LIBS) \ $(SSSD_INTERNAL_LTLIBS) @BUILD_SUDO_TRUE@sssd_sudo_SOURCES = \ @BUILD_SUDO_TRUE@ src/responder/sudo/sudosrv.c \ @BUILD_SUDO_TRUE@ src/responder/sudo/sudosrv_cmd.c \ @BUILD_SUDO_TRUE@ src/responder/sudo/sudosrv_get_sudorules.c \ @BUILD_SUDO_TRUE@ src/responder/sudo/sudosrv_query.c \ @BUILD_SUDO_TRUE@ src/responder/sudo/sudosrv_dp.c \ @BUILD_SUDO_TRUE@ $(SSSD_RESPONDER_OBJ) @BUILD_SUDO_TRUE@sssd_sudo_LDADD = \ @BUILD_SUDO_TRUE@ $(SSSD_LIBS) \ @BUILD_SUDO_TRUE@ $(SSSD_INTERNAL_LTLIBS) @BUILD_AUTOFS_TRUE@sssd_autofs_SOURCES = \ @BUILD_AUTOFS_TRUE@ src/responder/autofs/autofssrv.c \ @BUILD_AUTOFS_TRUE@ src/responder/autofs/autofssrv_cmd.c \ @BUILD_AUTOFS_TRUE@ src/responder/autofs/autofssrv_dp.c \ @BUILD_AUTOFS_TRUE@ $(SSSD_RESPONDER_OBJ) @BUILD_AUTOFS_TRUE@sssd_autofs_LDADD = \ @BUILD_AUTOFS_TRUE@ $(SSSD_LIBS) \ @BUILD_AUTOFS_TRUE@ $(SSSD_INTERNAL_LTLIBS) @BUILD_SSH_TRUE@sssd_ssh_SOURCES = \ @BUILD_SSH_TRUE@ src/responder/ssh/sshsrv.c \ @BUILD_SSH_TRUE@ src/responder/ssh/sshsrv_dp.c \ @BUILD_SSH_TRUE@ src/responder/ssh/sshsrv_cmd.c \ @BUILD_SSH_TRUE@ $(SSSD_RESPONDER_OBJ) @BUILD_SSH_TRUE@sssd_ssh_LDADD = \ @BUILD_SSH_TRUE@ $(SSSD_LIBS) \ @BUILD_SSH_TRUE@ $(SSSD_INTERNAL_LTLIBS) sssd_pac_SOURCES = \ src/responder/pac/pacsrv.c \ src/responder/pac/pacsrv_cmd.c \ src/responder/pac/pacsrv_utils.c \ $(SSSD_UTIL_OBJ) \ $(SSSD_RESPONDER_OBJ) sssd_pac_CFLAGS = \ $(AM_CFLAGS) \ $(NDR_KRB5PAC_CFLAGS) sssd_pac_LDADD = \ $(NDR_KRB5PAC_LIBS) \ $(TDB_LIBS) \ $(SSSD_LIBS) \ libsss_idmap.la \ $(SSSD_INTERNAL_LTLIBS) sssd_be_SOURCES = \ src/providers/data_provider_be.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ src/providers/dp_dyndns.c \ src/providers/dp_ptask.c \ src/providers/dp_refresh.c \ $(SSSD_FAILOVER_OBJ) sssd_be_LDADD = \ $(LIBADD_DL) \ $(SSSD_LIBS) \ $(CARES_LIBS) \ $(PAM_LIBS) \ $(SSSD_INTERNAL_LTLIBS) sssd_be_LDFLAGS = \ -Wl,--version-script,$(srcdir)/src/providers/sssd_be.exports \ -export-dynamic @BUILD_PYTHON_BINDINGS_TRUE@sss_obfuscate_pythondir = $(sbindir) @BUILD_PYTHON_BINDINGS_TRUE@dist_sss_obfuscate_python_SCRIPTS = \ @BUILD_PYTHON_BINDINGS_TRUE@ src/tools/sss_obfuscate ###################### # Command-line Tools # ###################### sss_useradd_SOURCES = \ src/tools/sss_useradd.c \ $(SSSD_TOOLS_OBJ) sss_useradd_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) sss_userdel_SOURCES = \ src/tools/sss_userdel.c \ src/util/find_uid.c \ $(SSSD_LCL_TOOLS_OBJ) sss_userdel_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(CLIENT_LIBS) sss_userdel_CFLAGS = $(AM_CFLAGS) sss_groupadd_SOURCES = \ src/tools/sss_groupadd.c \ $(SSSD_TOOLS_OBJ) sss_groupadd_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) sss_groupdel_SOURCES = \ src/tools/sss_groupdel.c \ $(SSSD_LCL_TOOLS_OBJ) sss_groupdel_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(CLIENT_LIBS) sss_groupdel_CFLAGS = $(AM_CFLAGS) sss_usermod_SOURCES = \ src/tools/sss_usermod.c \ $(SSSD_LCL_TOOLS_OBJ) sss_usermod_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(CLIENT_LIBS) sss_usermod_CFLAGS = $(AM_CFLAGS) sss_groupmod_SOURCES = \ src/tools/sss_groupmod.c \ $(SSSD_LCL_TOOLS_OBJ) sss_groupmod_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(CLIENT_LIBS) sss_groupmod_CFLAGS = $(AM_CFLAGS) sss_groupshow_SOURCES = \ src/tools/sss_groupshow.c \ $(SSSD_TOOLS_OBJ) sss_groupshow_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) sss_cache_SOURCES = \ src/tools/sss_cache.c \ $(SSSD_LCL_TOOLS_OBJ) sss_cache_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(CLIENT_LIBS) sss_cache_CFLAGS = $(AM_CFLAGS) sss_debuglevel_SOURCES = \ src/tools/sss_debuglevel.c \ $(SSSD_TOOLS_OBJ) sss_debuglevel_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) sss_seed_SOURCES = \ src/tools/sss_seed.c \ $(SSSD_TOOLS_OBJ) sss_seed_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) @BUILD_SUDO_TRUE@sss_sudo_cli_SOURCES = \ @BUILD_SUDO_TRUE@ src/sss_client/common.c \ @BUILD_SUDO_TRUE@ src/sss_client/sudo/sss_sudo.c \ @BUILD_SUDO_TRUE@ src/sss_client/sudo/sss_sudo_response.c \ @BUILD_SUDO_TRUE@ src/sss_client/sudo_testcli/sudo_testcli.c @BUILD_SUDO_TRUE@sss_sudo_cli_CFLAGS = $(AM_CFLAGS) @BUILD_SUDO_TRUE@sss_sudo_cli_LDADD = $(CLIENT_LIBS) @BUILD_SSH_TRUE@sss_ssh_authorizedkeys_SOURCES = \ @BUILD_SSH_TRUE@ src/sss_client/common.c \ @BUILD_SSH_TRUE@ src/sss_client/ssh/sss_ssh_client.c \ @BUILD_SSH_TRUE@ src/sss_client/ssh/sss_ssh_authorizedkeys.c @BUILD_SSH_TRUE@sss_ssh_authorizedkeys_CFLAGS = $(AM_CFLAGS) @BUILD_SSH_TRUE@sss_ssh_authorizedkeys_LDADD = \ @BUILD_SSH_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @BUILD_SSH_TRUE@ $(CLIENT_LIBS) $(TALLOC_LIBS) $(POPT_LIBS) @BUILD_SSH_TRUE@sss_ssh_knownhostsproxy_SOURCES = \ @BUILD_SSH_TRUE@ src/sss_client/common.c \ @BUILD_SSH_TRUE@ src/sss_client/ssh/sss_ssh_client.c \ @BUILD_SSH_TRUE@ src/sss_client/ssh/sss_ssh_knownhostsproxy.c @BUILD_SSH_TRUE@sss_ssh_knownhostsproxy_CFLAGS = $(AM_CFLAGS) @BUILD_SSH_TRUE@sss_ssh_knownhostsproxy_LDADD = \ @BUILD_SSH_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @BUILD_SSH_TRUE@ $(CLIENT_LIBS) $(TALLOC_LIBS) $(POPT_LIBS) ################# # Feature Tests # ################# TESTS_ENVIRONMENT = LDB_MODULES_PATH=$(abs_top_builddir)/ldb_mod_test_dir libsss_test_common_la_SOURCES = src/tests/common_tev.c \ src/tests/common_dom.c src/tests/leak_check.c \ src/tests/common.c $(am__append_22) libsss_test_common_la_LIBADD = \ $(TALLOC_LIBS) \ $(TEVENT_LIBS) @HAVE_CHECK_TRUE@check_LTLIBRARIES = \ @HAVE_CHECK_TRUE@ libdlopen_test_providers.la @HAVE_CHECK_TRUE@libdlopen_test_providers_la_SOURCES = \ @HAVE_CHECK_TRUE@ $(sssd_be_SOURCES) @HAVE_CHECK_TRUE@libdlopen_test_providers_la_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) \ @HAVE_CHECK_TRUE@ -DUNIT_TESTING @HAVE_CHECK_TRUE@libdlopen_test_providers_la_LIBADD = \ @HAVE_CHECK_TRUE@ $(PAM_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CARES_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) @HAVE_CHECK_TRUE@libdlopen_test_providers_la_LDFLAGS = \ @HAVE_CHECK_TRUE@ -module \ @HAVE_CHECK_TRUE@ -avoid-version \ @HAVE_CHECK_TRUE@ -Wl,--version-script,$(srcdir)/src/providers/sssd_be.exports \ @HAVE_CHECK_TRUE@ -rpath $(abs_top_builddir) \ @HAVE_CHECK_TRUE@ -export-dynamic @HAVE_CHECK_TRUE@dlopen_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/dlopen-tests.c @HAVE_CHECK_TRUE@dlopen_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@dlopen_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(LIBADD_DL) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) @HAVE_CHECK_TRUE@sysdb_tests_DEPENDENCIES = \ @HAVE_CHECK_TRUE@ $(ldblib_LTLIBRARIES) @HAVE_CHECK_TRUE@sysdb_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/sysdb-tests.c @HAVE_CHECK_TRUE@sysdb_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@sysdb_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@sysdb_ssh_tests_DEPENDENCIES = \ @HAVE_CHECK_TRUE@ $(ldblib_LTLIBRARIES) @HAVE_CHECK_TRUE@sysdb_ssh_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/sysdb_ssh-tests.c @HAVE_CHECK_TRUE@sysdb_ssh_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS)\ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@sysdb_ssh_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@strtonum_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/strtonum-tests.c \ @HAVE_CHECK_TRUE@ src/util/strtonum.c @HAVE_CHECK_TRUE@strtonum_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@strtonum_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ libsss_debug.la \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@krb5_utils_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/krb5_utils-tests.c \ @HAVE_CHECK_TRUE@ src/providers/krb5/krb5_utils.c \ @HAVE_CHECK_TRUE@ src/providers/krb5/krb5_become_user.c \ @HAVE_CHECK_TRUE@ src/providers/krb5/krb5_common.c \ @HAVE_CHECK_TRUE@ src/util/sss_krb5.c \ @HAVE_CHECK_TRUE@ src/util/find_uid.c \ @HAVE_CHECK_TRUE@ src/providers/data_provider_fo.c \ @HAVE_CHECK_TRUE@ src/providers/data_provider_opts.c \ @HAVE_CHECK_TRUE@ src/providers/data_provider_callbacks.c \ @HAVE_CHECK_TRUE@ $(SSSD_FAILOVER_OBJ) @HAVE_CHECK_TRUE@krb5_utils_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(KRB5_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@krb5_utils_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS)\ @HAVE_CHECK_TRUE@ $(CARES_LIBS) \ @HAVE_CHECK_TRUE@ $(KRB5_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@check_and_open_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/check_and_open-tests.c \ @HAVE_CHECK_TRUE@ src/util/check_and_open.c @HAVE_CHECK_TRUE@check_and_open_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@check_and_open_tests_LDADD = \ @HAVE_CHECK_TRUE@ libsss_debug.la \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@FILES_TESTS_LIBS = $(CHECK_LIBS) $(POPT_LIBS) \ @HAVE_CHECK_TRUE@ $(TALLOC_LIBS) libsss_test_common.la \ @HAVE_CHECK_TRUE@ $(am__append_23) $(am__append_24) @HAVE_CHECK_TRUE@files_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/files-tests.c \ @HAVE_CHECK_TRUE@ src/util/check_and_open.c \ @HAVE_CHECK_TRUE@ src/util/atomic_io.c \ @HAVE_CHECK_TRUE@ src/tools/selinux.c \ @HAVE_CHECK_TRUE@ src/tools/files.c @HAVE_CHECK_TRUE@files_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@files_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(FILES_TESTS_LIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) @HAVE_CHECK_TRUE@SSSD_RESOLV_TESTS_OBJ = $(SSSD_RESOLV_OBJ) \ @HAVE_CHECK_TRUE@ $(am__append_25) @HAVE_CHECK_TRUE@resolv_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/resolv-tests.c \ @HAVE_CHECK_TRUE@ src/tests/common.c \ @HAVE_CHECK_TRUE@ $(SSSD_RESOLV_TESTS_OBJ) @HAVE_CHECK_TRUE@resolv_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) \ @HAVE_CHECK_TRUE@ -DBUILD_TXT @HAVE_CHECK_TRUE@resolv_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(CARES_LIBS) \ @HAVE_CHECK_TRUE@ libsss_debug.la \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@refcount_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/refcount-tests.c \ @HAVE_CHECK_TRUE@ $(CHECK_OBJ) @HAVE_CHECK_TRUE@refcount_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@refcount_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@fail_over_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/fail_over-tests.c \ @HAVE_CHECK_TRUE@ $(SSSD_FAILOVER_OBJ) \ @HAVE_CHECK_TRUE@ $(CHECK_OBJ) @HAVE_CHECK_TRUE@fail_over_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@fail_over_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(CARES_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@find_uid_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/find_uid-tests.c \ @HAVE_CHECK_TRUE@ src/util/find_uid.c \ @HAVE_CHECK_TRUE@ src/util/atomic_io.c \ @HAVE_CHECK_TRUE@ src/util/strtonum.c @HAVE_CHECK_TRUE@find_uid_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(TALLOC_CFLAGS) \ @HAVE_CHECK_TRUE@ $(DHASH_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@find_uid_tests_LDADD = \ @HAVE_CHECK_TRUE@ libsss_debug.la \ @HAVE_CHECK_TRUE@ $(TALLOC_LIBS) \ @HAVE_CHECK_TRUE@ $(DHASH_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@auth_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/auth-tests.c @HAVE_CHECK_TRUE@auth_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@auth_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@ipa_ldap_opt_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/providers/data_provider_opts.c \ @HAVE_CHECK_TRUE@ src/tests/ipa_ldap_opt-tests.c @HAVE_CHECK_TRUE@ipa_ldap_opt_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@ipa_ldap_opt_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(TALLOC_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@ad_ldap_opt_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/ad_ldap_opt-tests.c @HAVE_CHECK_TRUE@ad_ldap_opt_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@ad_ldap_opt_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(TALLOC_LIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@simple_access_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/simple_access-tests.c \ @HAVE_CHECK_TRUE@ src/providers/simple/simple_access.c \ @HAVE_CHECK_TRUE@ src/providers/simple/simple_access_check.c \ @HAVE_CHECK_TRUE@ src/providers/data_provider_be.c \ @HAVE_CHECK_TRUE@ src/providers/data_provider_fo.c \ @HAVE_CHECK_TRUE@ src/providers/data_provider_opts.c \ @HAVE_CHECK_TRUE@ src/providers/data_provider_callbacks.c \ @HAVE_CHECK_TRUE@ src/providers/dp_ptask.c \ @HAVE_CHECK_TRUE@ src/providers/dp_refresh.c \ @HAVE_CHECK_TRUE@ $(SSSD_FAILOVER_OBJ) @HAVE_CHECK_TRUE@simple_access_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) \ @HAVE_CHECK_TRUE@ -DUNIT_TESTING @HAVE_CHECK_TRUE@simple_access_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(LIBADD_DL) \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CARES_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(PAM_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@util_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/util-tests.c @HAVE_CHECK_TRUE@util_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@util_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@debug_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/debug-tests.c \ @HAVE_CHECK_TRUE@ src/tests/common.c @HAVE_CHECK_TRUE@debug_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@debug_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ libsss_debug.la @HAVE_CHECK_TRUE@crypto_tests_SOURCES = \ @HAVE_CHECK_TRUE@ $(SSS_CRYPT_SOURCES) \ @HAVE_CHECK_TRUE@ src/tests/crypto-tests.c @HAVE_CHECK_TRUE@crypto_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(SSS_CRYPT_CFLAGS) \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@crypto_tests_LDADD = \ @HAVE_CHECK_TRUE@ libsss_debug.la \ @HAVE_CHECK_TRUE@ $(SSS_CRYPT_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la @HAVE_CHECK_TRUE@ipa_hbac_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/ipa_hbac-tests.c @HAVE_CHECK_TRUE@ipa_hbac_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@ipa_hbac_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la \ @HAVE_CHECK_TRUE@ libipa_hbac.la @HAVE_CHECK_TRUE@sss_idmap_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/sss_idmap-tests.c @HAVE_CHECK_TRUE@sss_idmap_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@sss_idmap_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(TALLOC_LIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la \ @HAVE_CHECK_TRUE@ libsss_idmap.la @HAVE_CHECK_TRUE@responder_socket_access_tests_SOURCES = \ @HAVE_CHECK_TRUE@ src/tests/responder_socket_access-tests.c \ @HAVE_CHECK_TRUE@ src/responder/common/responder_common.c \ @HAVE_CHECK_TRUE@ src/responder/common/responder_packet.c \ @HAVE_CHECK_TRUE@ src/responder/common/responder_cmd.c @HAVE_CHECK_TRUE@responder_socket_access_tests_CFLAGS = \ @HAVE_CHECK_TRUE@ $(AM_CFLAGS) \ @HAVE_CHECK_TRUE@ $(CHECK_CFLAGS) @HAVE_CHECK_TRUE@responder_socket_access_tests_LDADD = \ @HAVE_CHECK_TRUE@ $(CHECK_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_LIBS) \ @HAVE_CHECK_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CHECK_TRUE@ libsss_test_common.la stress_tests_SOURCES = \ src/tests/stress-tests.c stress_tests_LDADD = \ $(SSSD_LIBS) \ libsss_test_common.la krb5_child_test_SOURCES = \ src/tests/krb5_child-test.c \ src/providers/krb5/krb5_utils.c \ src/providers/krb5/krb5_child_handler.c \ src/providers/krb5/krb5_become_user.c \ src/providers/krb5/krb5_common.c \ src/util/sss_krb5.c \ src/util/find_uid.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ $(SSSD_FAILOVER_OBJ) krb5_child_test_CFLAGS = \ $(AM_CFLAGS) \ -DKRB5_CHILD_DIR=\"$(builddir)\" \ $(KRB5_CFLAGS) \ $(CHECK_CFLAGS) krb5_child_test_LDADD = \ $(SSSD_LIBS) \ $(CARES_LIBS) \ $(KRB5_LIBS) \ $(CHECK_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la @HAVE_CMOCKA_TRUE@TEST_MOCK_RESP_OBJ = \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/common_mock_resp.c \ @HAVE_CMOCKA_TRUE@ src/responder/common/responder_packet.c \ @HAVE_CMOCKA_TRUE@ src/responder/common/responder_cmd.c \ @HAVE_CMOCKA_TRUE@ src/responder/common/negcache.c \ @HAVE_CMOCKA_TRUE@ src/responder/common/responder_common.c @HAVE_CMOCKA_TRUE@nss_srv_tests_DEPENDENCIES = \ @HAVE_CMOCKA_TRUE@ $(ldblib_LTLIBRARIES) @HAVE_CMOCKA_TRUE@nss_srv_tests_SOURCES = \ @HAVE_CMOCKA_TRUE@ $(TEST_MOCK_RESP_OBJ) \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_nss_srv.c \ @HAVE_CMOCKA_TRUE@ src/responder/nss/nsssrv_cmd.c \ @HAVE_CMOCKA_TRUE@ src/responder/nss/nsssrv_netgroup.c \ @HAVE_CMOCKA_TRUE@ src/responder/nss/nsssrv_services.c \ @HAVE_CMOCKA_TRUE@ src/responder/nss/nsssrv_mmap_cache.c @HAVE_CMOCKA_TRUE@nss_srv_tests_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) @HAVE_CMOCKA_TRUE@nss_srv_tests_LDFLAGS = \ @HAVE_CMOCKA_TRUE@ -Wl,-wrap,sss_ncache_check_user \ @HAVE_CMOCKA_TRUE@ -Wl,-wrap,sss_packet_get_body \ @HAVE_CMOCKA_TRUE@ -Wl,-wrap,sss_packet_get_cmd \ @HAVE_CMOCKA_TRUE@ -Wl,-wrap,sss_cmd_send_empty \ @HAVE_CMOCKA_TRUE@ -Wl,-wrap,sss_cmd_done @HAVE_CMOCKA_TRUE@nss_srv_tests_LDADD = \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la \ @HAVE_CMOCKA_TRUE@ libsss_idmap.la @HAVE_CMOCKA_TRUE@test_find_uid_DEPENDENCIES = \ @HAVE_CMOCKA_TRUE@ $(ldblib_LTLIBRARIES) @HAVE_CMOCKA_TRUE@test_find_uid_SOURCES = \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_find_uid.c \ @HAVE_CMOCKA_TRUE@ src/util/find_uid.c \ @HAVE_CMOCKA_TRUE@ src/util/atomic_io.c \ @HAVE_CMOCKA_TRUE@ src/util/strtonum.c @HAVE_CMOCKA_TRUE@test_find_uid_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) \ @HAVE_CMOCKA_TRUE@ $(TALLOC_CFLAGS) \ @HAVE_CMOCKA_TRUE@ $(DHASH_CFLAGS) @HAVE_CMOCKA_TRUE@test_find_uid_LDADD = \ @HAVE_CMOCKA_TRUE@ $(TALLOC_LIBS) \ @HAVE_CMOCKA_TRUE@ $(DHASH_LIBS) \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) \ @HAVE_CMOCKA_TRUE@ libsss_debug.la @HAVE_CMOCKA_TRUE@test_io_SOURCES = \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_io.c \ @HAVE_CMOCKA_TRUE@ src/util/io.c \ @HAVE_CMOCKA_TRUE@ src/tests/common.c @HAVE_CMOCKA_TRUE@test_io_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) @HAVE_CMOCKA_TRUE@test_io_LDADD = \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) @HAVE_CMOCKA_TRUE@sss_nss_idmap_tests_SOURCES = \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/sss_nss_idmap-tests.c @HAVE_CMOCKA_TRUE@sss_nss_idmap_tests_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) @HAVE_CMOCKA_TRUE@sss_nss_idmap_tests_LDADD = \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) \ @HAVE_CMOCKA_TRUE@ libsss_nss_idmap.la @HAVE_CMOCKA_TRUE@dyndns_tests_DEPENDENCIES = \ @HAVE_CMOCKA_TRUE@ $(ldblib_LTLIBRARIES) @HAVE_CMOCKA_TRUE@dyndns_tests_SOURCES = \ @HAVE_CMOCKA_TRUE@ $(SSSD_RESOLV_OBJ) \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_dyndns.c \ @HAVE_CMOCKA_TRUE@ src/providers/data_provider_opts.c @HAVE_CMOCKA_TRUE@dyndns_tests_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) \ @HAVE_CMOCKA_TRUE@ -DDYNDNS_TIMEOUT=2 @HAVE_CMOCKA_TRUE@dyndns_tests_LDFLAGS = \ @HAVE_CMOCKA_TRUE@ -Wl,-wrap,execv \ @HAVE_CMOCKA_TRUE@ -Wl,-wrap,getifaddrs \ @HAVE_CMOCKA_TRUE@ -Wl,-wrap,freeifaddrs @HAVE_CMOCKA_TRUE@dyndns_tests_LDADD = \ @HAVE_CMOCKA_TRUE@ $(CARES_LIBS) \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la @HAVE_CMOCKA_TRUE@fqnames_tests_SOURCES = \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_fqnames.c @HAVE_CMOCKA_TRUE@fqnames_tests_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) @HAVE_CMOCKA_TRUE@fqnames_tests_LDADD = \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la @HAVE_CMOCKA_TRUE@test_sss_idmap_SOURCES = \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_sss_idmap.c @HAVE_CMOCKA_TRUE@test_sss_idmap_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) @HAVE_CMOCKA_TRUE@test_sss_idmap_LDADD = \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) \ @HAVE_CMOCKA_TRUE@ $(POPT_LIBS) \ @HAVE_CMOCKA_TRUE@ libsss_idmap.la \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la @HAVE_CMOCKA_TRUE@test_ipa_idmap_SOURCES = \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_ipa_idmap.c \ @HAVE_CMOCKA_TRUE@ src/providers/ipa/ipa_idmap.c @HAVE_CMOCKA_TRUE@test_ipa_idmap_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) @HAVE_CMOCKA_TRUE@test_ipa_idmap_LDFLAGS = \ @HAVE_CMOCKA_TRUE@ -Wl,-wrap,sysdb_get_ranges @HAVE_CMOCKA_TRUE@test_ipa_idmap_LDADD = \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) \ @HAVE_CMOCKA_TRUE@ $(POPT_LIBS) \ @HAVE_CMOCKA_TRUE@ libsss_idmap.la \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la @HAVE_CMOCKA_TRUE@test_utils_SOURCES = \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_utils.c @HAVE_CMOCKA_TRUE@test_utils_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) @HAVE_CMOCKA_TRUE@test_utils_LDADD = \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) \ @HAVE_CMOCKA_TRUE@ $(POPT_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la @HAVE_CMOCKA_TRUE@test_search_bases_SOURCES = \ @HAVE_CMOCKA_TRUE@ $(sssd_be_SOURCES) \ @HAVE_CMOCKA_TRUE@ src/util/sss_ldap.c \ @HAVE_CMOCKA_TRUE@ src/util/sss_krb5.c \ @HAVE_CMOCKA_TRUE@ src/util/find_uid.c \ @HAVE_CMOCKA_TRUE@ src/util/user_info_msg.c \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_search_bases.c @HAVE_CMOCKA_TRUE@test_search_bases_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) \ @HAVE_CMOCKA_TRUE@ -DUNIT_TESTING @HAVE_CMOCKA_TRUE@test_search_bases_LDADD = \ @HAVE_CMOCKA_TRUE@ $(PAM_LIBS) \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) \ @HAVE_CMOCKA_TRUE@ $(POPT_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_LIBS) \ @HAVE_CMOCKA_TRUE@ $(CARES_LIBS) \ @HAVE_CMOCKA_TRUE@ $(KRB5_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ $(SYSTEMD_LOGIN_LIBS) \ @HAVE_CMOCKA_TRUE@ libsss_ldap_common.la \ @HAVE_CMOCKA_TRUE@ libsss_idmap.la \ @HAVE_CMOCKA_TRUE@ libsss_krb5_common.la \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la @HAVE_CMOCKA_TRUE@ad_access_filter_tests_SOURCES = \ @HAVE_CMOCKA_TRUE@ $(sssd_be_SOURCES) \ @HAVE_CMOCKA_TRUE@ src/util/sss_ldap.c \ @HAVE_CMOCKA_TRUE@ src/util/sss_krb5.c \ @HAVE_CMOCKA_TRUE@ src/util/find_uid.c \ @HAVE_CMOCKA_TRUE@ src/util/user_info_msg.c \ @HAVE_CMOCKA_TRUE@ src/providers/ad/ad_common.c \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_ad_access_filter.c @HAVE_CMOCKA_TRUE@ad_access_filter_tests_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) \ @HAVE_CMOCKA_TRUE@ $(SYSTEMD_LOGIN_CFLAGS) \ @HAVE_CMOCKA_TRUE@ -DUNIT_TESTING @HAVE_CMOCKA_TRUE@ad_access_filter_tests_LDADD = \ @HAVE_CMOCKA_TRUE@ $(PAM_LIBS) \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_LIBS) \ @HAVE_CMOCKA_TRUE@ $(CARES_LIBS) \ @HAVE_CMOCKA_TRUE@ $(KRB5_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ $(SYSTEMD_LOGIN_LIBS) \ @HAVE_CMOCKA_TRUE@ libsss_ldap_common.la \ @HAVE_CMOCKA_TRUE@ libsss_idmap.la \ @HAVE_CMOCKA_TRUE@ libsss_krb5_common.la \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la @HAVE_CMOCKA_TRUE@ad_common_tests_SOURCES = \ @HAVE_CMOCKA_TRUE@ $(sssd_be_SOURCES) \ @HAVE_CMOCKA_TRUE@ src/util/sss_ldap.c \ @HAVE_CMOCKA_TRUE@ src/util/sss_krb5.c \ @HAVE_CMOCKA_TRUE@ src/util/find_uid.c \ @HAVE_CMOCKA_TRUE@ src/util/user_info_msg.c \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_ad_common.c @HAVE_CMOCKA_TRUE@ad_common_tests_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) \ @HAVE_CMOCKA_TRUE@ $(SYSTEMD_LOGIN_CFLAGS) \ @HAVE_CMOCKA_TRUE@ -DUNIT_TESTING @HAVE_CMOCKA_TRUE@ad_common_tests_LDFLAGS = \ @HAVE_CMOCKA_TRUE@ -Wl,-wrap,sdap_set_sasl_options @HAVE_CMOCKA_TRUE@ad_common_tests_LDADD = \ @HAVE_CMOCKA_TRUE@ $(PAM_LIBS) \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_LIBS) \ @HAVE_CMOCKA_TRUE@ $(CARES_LIBS) \ @HAVE_CMOCKA_TRUE@ $(KRB5_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ $(SYSTEMD_LOGIN_LIBS) \ @HAVE_CMOCKA_TRUE@ libsss_ldap_common.la \ @HAVE_CMOCKA_TRUE@ libsss_idmap.la \ @HAVE_CMOCKA_TRUE@ libsss_krb5_common.la \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la @HAVE_CMOCKA_TRUE@dp_opt_tests_SOURCES = \ @HAVE_CMOCKA_TRUE@ src/providers/data_provider_opts.c \ @HAVE_CMOCKA_TRUE@ src/tests/cmocka/test_dp_opts.c @HAVE_CMOCKA_TRUE@dp_opt_tests_CFLAGS = \ @HAVE_CMOCKA_TRUE@ $(AM_CFLAGS) @HAVE_CMOCKA_TRUE@dp_opt_tests_LDADD = \ @HAVE_CMOCKA_TRUE@ $(CMOCKA_LIBS) \ @HAVE_CMOCKA_TRUE@ $(TALLOC_LIBS) \ @HAVE_CMOCKA_TRUE@ $(POPT_LIBS) \ @HAVE_CMOCKA_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @HAVE_CMOCKA_TRUE@ libsss_test_common.la pam_test_client_SOURCES = src/sss_client/pam_test_client.c pam_test_client_LDADD = -lpam -lpam_misc @BUILD_AUTOFS_TRUE@autofs_test_client_SOURCES = \ @BUILD_AUTOFS_TRUE@ src/sss_client/autofs/autofs_test_client.c \ @BUILD_AUTOFS_TRUE@ src/sss_client/autofs/sss_autofs.c \ @BUILD_AUTOFS_TRUE@ src/sss_client/common.c @BUILD_AUTOFS_TRUE@autofs_test_client_CFLAGS = $(AM_CFLAGS) @BUILD_AUTOFS_TRUE@autofs_test_client_LDADD = -lpopt $(CLIENT_LIBS) #################### # Client Libraries # #################### nsslib_LTLIBRARIES = libnss_sss.la libnss_sss_la_SOURCES = \ src/sss_client/common.c \ src/sss_client/nss_passwd.c \ src/sss_client/nss_group.c \ src/sss_client/nss_netgroup.c \ src/sss_client/nss_services.c \ src/sss_client/sss_cli.h \ src/sss_client/nss_compat.h \ src/sss_client/nss_mc_common.c \ src/util/io.c \ src/util/murmurhash3.c \ src/sss_client/nss_mc_passwd.c \ src/sss_client/nss_mc_group.c \ src/sss_client/nss_mc.h libnss_sss_la_LIBADD = \ $(CLIENT_LIBS) libnss_sss_la_LDFLAGS = \ -module \ -version-info 2:0:0 \ -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports pamlib_LTLIBRARIES = pam_sss.la pam_sss_la_SOURCES = \ src/sss_client/pam_sss.c \ src/sss_client/common.c \ src/sss_client/sss_cli.h \ src/util/atomic_io.c \ src/sss_client/sss_pam_macros.h pam_sss_la_LIBADD = \ $(CLIENT_LIBS) \ -lpam pam_sss_la_LDFLAGS = \ -module \ -avoid-version \ -Wl,--version-script,$(srcdir)/src/sss_client/sss_pam.exports @BUILD_SUDO_TRUE@libsss_sudo_la_SOURCES = \ @BUILD_SUDO_TRUE@ src/sss_client/common.c \ @BUILD_SUDO_TRUE@ src/sss_client/sss_cli.h \ @BUILD_SUDO_TRUE@ src/sss_client/sudo/sss_sudo_response.c \ @BUILD_SUDO_TRUE@ src/sss_client/sudo/sss_sudo.c \ @BUILD_SUDO_TRUE@ src/sss_client/sudo/sss_sudo.h \ @BUILD_SUDO_TRUE@ src/sss_client/sudo/sss_sudo_private.h @BUILD_SUDO_TRUE@libsss_sudo_la_LIBADD = \ @BUILD_SUDO_TRUE@ $(CLIENT_LIBS) @BUILD_SUDO_TRUE@libsss_sudo_la_LDFLAGS = \ @BUILD_SUDO_TRUE@ -Wl,--version-script,$(srcdir)/src/sss_client/sss_sudo.exports \ @BUILD_SUDO_TRUE@ -module \ @BUILD_SUDO_TRUE@ -avoid-version @BUILD_SUDO_TRUE@sudolib_LTLIBRARIES = libsss_sudo.la @BUILD_AUTOFS_TRUE@autofslib_LTLIBRARIES = libsss_autofs.la @BUILD_AUTOFS_TRUE@libsss_autofs_la_SOURCES = \ @BUILD_AUTOFS_TRUE@ src/sss_client/common.c \ @BUILD_AUTOFS_TRUE@ src/sss_client/sss_cli.h \ @BUILD_AUTOFS_TRUE@ src/sss_client/autofs/sss_autofs.c \ @BUILD_AUTOFS_TRUE@ src/sss_client/autofs/sss_autofs_private.h @BUILD_AUTOFS_TRUE@libsss_autofs_la_LIBADD = \ @BUILD_AUTOFS_TRUE@ $(CLIENT_LIBS) @BUILD_AUTOFS_TRUE@libsss_autofs_la_LDFLAGS = \ @BUILD_AUTOFS_TRUE@ -module \ @BUILD_AUTOFS_TRUE@ -avoid-version \ @BUILD_AUTOFS_TRUE@ -Wl,--version-script,$(srcdir)/src/sss_client/autofs/sss_autofs.exports libsss_ldap_common_la_SOURCES = src/providers/ldap/ldap_id.c \ src/providers/ldap/ldap_id_enum.c \ src/providers/ldap/sdap_async_enum.c \ src/providers/ldap/ldap_id_cleanup.c \ src/providers/ldap/ldap_id_netgroup.c \ src/providers/ldap/ldap_id_services.c \ src/providers/ldap/ldap_auth.c \ src/providers/ldap/ldap_common.c \ src/providers/ldap/sdap_access.c \ src/providers/ldap/sdap_async.c \ src/providers/ldap/sdap_async_users.c \ src/providers/ldap/sdap_async_groups.c \ src/providers/ldap/sdap_async_nested_groups.c \ src/providers/ldap/sdap_async_groups_ad.c \ src/providers/ldap/sdap_async_initgroups.c \ src/providers/ldap/sdap_async_initgroups_ad.c \ src/providers/ldap/sdap_async_connection.c \ src/providers/ldap/sdap_async_netgroups.c \ src/providers/ldap/sdap_async_services.c \ src/providers/ldap/sdap_child_helpers.c \ src/providers/ldap/sdap_fd_events.c \ src/providers/ldap/sdap_id_op.c \ src/providers/ldap/sdap_idmap.c \ src/providers/ldap/sdap_idmap.h \ src/providers/ldap/sdap_range.c \ src/providers/ldap/sdap_reinit.c \ src/providers/ldap/sdap_dyndns.c \ src/providers/ldap/sdap_refresh.c src/providers/ldap/sdap.c \ $(am__append_30) $(am__append_31) libsss_ldap_common_la_LDFLAGS = \ -avoid-version libsss_ldap_common_la_CFLAGS = \ $(KRB5_CFLAGS) libsss_krb5_common_la_SOURCES = \ src/providers/krb5/krb5_utils.c \ src/providers/krb5/krb5_become_user.c \ src/providers/krb5/krb5_delayed_online_authentication.c \ src/providers/krb5/krb5_renew_tgt.c \ src/providers/krb5/krb5_wait_queue.c \ src/providers/krb5/krb5_common.c \ src/providers/krb5/krb5_auth.c \ src/providers/krb5/krb5_access.c \ src/providers/krb5/krb5_child_handler.c \ src/providers/krb5/krb5_init_shared.c libsss_krb5_common_la_LDFLAGS = \ -avoid-version libsss_krb5_common_la_CFLAGS = \ $(KRB5_CFLAGS) libsss_ldap_la_SOURCES = \ src/util/find_uid.c \ src/providers/ldap/ldap_init.c \ src/providers/ldap/ldap_access.c \ src/providers/krb5/krb5_common.c \ src/providers/krb5/krb5_utils.c \ src/providers/krb5/krb5_become_user.c \ src/util/user_info_msg.c \ src/util/sss_ldap.c \ src/util/sss_krb5.c libsss_ldap_la_CFLAGS = \ $(AM_CFLAGS) \ $(LDAP_CFLAGS) \ $(KRB5_CFLAGS) libsss_ldap_la_LIBADD = \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KRB5_LIBS) \ libsss_ldap_common.la \ libsss_idmap.la libsss_ldap_la_LDFLAGS = \ -avoid-version \ -module libsss_proxy_la_SOURCES = \ src/providers/proxy/proxy_init.c \ src/providers/proxy/proxy_id.c \ src/providers/proxy/proxy_netgroup.c \ src/providers/proxy/proxy_services.c \ src/providers/proxy/proxy_auth.c libsss_proxy_la_CFLAGS = \ $(AM_CFLAGS) libsss_proxy_la_LIBADD = \ $(PAM_LIBS) libsss_proxy_la_LDFLAGS = \ -avoid-version \ -module libsss_simple_la_SOURCES = \ src/providers/simple/simple_access_check.c \ src/providers/simple/simple_access.c libsss_simple_la_CFLAGS = \ $(AM_CFLAGS) libsss_simple_la_LIBADD = \ $(PAM_LIBS) libsss_simple_la_LDFLAGS = \ -avoid-version \ -module libsss_krb5_la_SOURCES = \ src/providers/krb5/krb5_init.c \ src/util/find_uid.c \ src/util/sss_krb5.c libsss_krb5_la_CFLAGS = \ $(AM_CFLAGS) \ $(DHASH_CFLAGS) \ $(KRB5_CFLAGS) libsss_krb5_la_LIBADD = \ $(DHASH_LIBS) \ $(KEYUTILS_LIBS) \ $(KRB5_LIBS) \ libsss_krb5_common.la libsss_krb5_la_LDFLAGS = \ -avoid-version \ -module libsss_ipa_la_SOURCES = src/providers/ipa/ipa_init.c \ src/providers/ipa/ipa_common.c src/providers/ipa/ipa_config.c \ src/providers/ipa/ipa_id.c src/providers/ipa/ipa_netgroups.c \ src/providers/ipa/ipa_auth.c src/providers/ipa/ipa_access.c \ src/providers/ipa/ipa_dyndns.c src/providers/ipa/ipa_hosts.c \ src/providers/ipa/ipa_subdomains.c \ src/providers/ipa/ipa_subdomains_id.c \ src/providers/ipa/ipa_subdomains_ext_groups.c \ src/providers/ipa/ipa_s2n_exop.c \ src/providers/ipa/ipa_hbac_hosts.c \ src/providers/ipa/ipa_hbac_private.h \ src/providers/ipa/ipa_hbac_rules.c \ src/providers/ipa/ipa_hbac_rules.h \ src/providers/ipa/ipa_hbac_services.c \ src/providers/ipa/ipa_hbac_users.c \ src/providers/ipa/ipa_hbac_common.c \ src/providers/ipa/ipa_selinux.c \ src/providers/ipa/ipa_selinux_maps.c \ src/providers/ipa/ipa_selinux_common.c \ src/providers/ipa/ipa_srv.c src/providers/ipa/ipa_idmap.c \ src/providers/ad/ad_common.c src/providers/ad/ad_common.h \ src/providers/ad/ad_dyndns.c src/providers/ad/ad_id.c \ src/providers/ad/ad_srv.c src/providers/ad/ad_domain_info.c \ src/util/user_info_msg.c src/util/find_uid.c \ src/util/sss_ldap.c src/util/sss_krb5.c $(am__append_32) \ $(am__append_33) $(am__append_34) libsss_ipa_la_CFLAGS = \ $(AM_CFLAGS) \ $(LDAP_CFLAGS) \ $(DHASH_CFLAGS) \ $(NDR_NBT_CFLAGS) \ $(KRB5_CFLAGS) libsss_ipa_la_LIBADD = \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(NDR_NBT_LIBS) \ $(KEYUTILS_LIBS) \ $(KRB5_LIBS) \ libsss_ldap_common.la \ libsss_krb5_common.la \ libipa_hbac.la \ libsss_idmap.la libsss_ipa_la_LDFLAGS = \ -avoid-version \ -module libsss_ad_la_SOURCES = src/providers/ad/ad_common.c \ src/providers/ad/ad_common.h src/providers/ad/ad_init.c \ src/providers/ad/ad_dyndns.c src/providers/ad/ad_id.c \ src/providers/ad/ad_id.h src/providers/ad/ad_access.c \ src/providers/ad/ad_access.h src/providers/ad/ad_opts.h \ src/providers/ad/ad_srv.c src/providers/ad/ad_subdomains.c \ src/providers/ad/ad_subdomains.h \ src/providers/ad/ad_domain_info.c \ src/providers/ad/ad_domain_info.h src/util/find_uid.c \ src/util/user_info_msg.c src/util/sss_krb5.c \ src/util/sss_ldap.c $(am__append_35) libsss_ad_la_CFLAGS = \ $(AM_CFLAGS) \ $(LDAP_CFLAGS) \ $(DHASH_CFLAGS) \ $(KRB5_CFLAGS) \ $(NDR_NBT_CFLAGS) libsss_ad_la_LIBADD = \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KEYUTILS_LIBS) \ $(KRB5_LIBS) \ $(NDR_NBT_LIBS) \ libsss_ldap_common.la \ libsss_krb5_common.la \ libsss_idmap.la libsss_ad_la_LDFLAGS = \ -avoid-version \ -module krb5_child_SOURCES = \ src/providers/krb5/krb5_become_user.c \ src/providers/krb5/krb5_child.c \ src/providers/dp_pam_data_util.c \ src/util/user_info_msg.c \ src/util/sss_krb5.c \ src/util/atomic_io.c \ src/util/authtok.c \ src/util/util.c \ src/util/signal.c \ src/sss_client/common.c krb5_child_CFLAGS = \ $(AM_CFLAGS) \ $(POPT_CFLAGS) \ $(KRB5_CFLAGS) krb5_child_LDADD = \ libsss_debug.la \ libsss_child.la \ $(TALLOC_LIBS) \ $(TEVENT_LIBS) \ $(POPT_LIBS) \ $(DHASH_LIBS) \ $(KRB5_LIBS) \ $(CLIENT_LIBS) ldap_child_SOURCES = \ src/providers/ldap/ldap_child.c \ src/util/sss_krb5.c \ src/util/atomic_io.c \ src/util/authtok.c \ src/util/util.c \ src/util/signal.c ldap_child_CFLAGS = \ $(AM_CFLAGS) \ $(POPT_CFLAGS) \ $(KRB5_CFLAGS) ldap_child_LDADD = \ libsss_debug.la \ libsss_child.la \ $(TALLOC_LIBS) \ $(TEVENT_LIBS) \ $(POPT_LIBS) \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KRB5_LIBS) proxy_child_SOURCES = \ src/providers/proxy/proxy_child.c proxy_child_CFLAGS = \ $(AM_CFLAGS) \ $(POPT_CFLAGS) proxy_child_LDADD = \ $(PAM_LIBS) \ $(SSSD_LIBS) \ $(SSSD_INTERNAL_LTLIBS) memberof_la_SOURCES = \ src/ldb_modules/memberof.c \ src/util/util.c memberof_la_CFLAGS = \ $(AM_CFLAGS) memberof_la_LIBADD = \ libsss_debug.la \ $(LDB_LIBS) \ $(DHASH_LIBS) memberof_la_LDFLAGS = \ -avoid-version \ -module @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@sssd_krb5_locator_plugin_la_SOURCES = \ @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@ src/krb5_plugin/sssd_krb5_locator_plugin.c \ @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@ src/util/atomic_io.c @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@sssd_krb5_locator_plugin_la_CFLAGS = \ @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@ $(AM_CFLAGS) \ @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@ $(KRB5_CFLAGS) @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@sssd_krb5_locator_plugin_la_LDFLAGS = \ @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@ -avoid-version \ @BUILD_KRB5_LOCATOR_PLUGIN_TRUE@ -module sssd_pac_plugin_la_SOURCES = \ src/sss_client/sssd_pac.c \ src/sss_client/common.c \ src/sss_client/sss_cli.h \ src/sss_client/krb5_authdata_int.h sssd_pac_plugin_la_CFLAGS = \ $(AM_CFLAGS) \ $(KRB5_CFLAGS) sssd_pac_plugin_la_LIBADD = \ $(CLIENT_LIBS) \ $(KRB5_LIBS) sssd_pac_plugin_la_LDFLAGS = \ -avoid-version \ -module @BUILD_PYTHON_BINDINGS_TRUE@pysss_la_SOURCES = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(SSSD_TOOLS_OBJ) \ @BUILD_PYTHON_BINDINGS_TRUE@ src/python/pysss.c @BUILD_PYTHON_BINDINGS_TRUE@pysss_la_CFLAGS = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(AM_CFLAGS) \ @BUILD_PYTHON_BINDINGS_TRUE@ $(PYTHON_CFLAGS) @BUILD_PYTHON_BINDINGS_TRUE@pysss_la_LIBADD = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(SSSD_INTERNAL_LTLIBS) \ @BUILD_PYTHON_BINDINGS_TRUE@ $(PYTHON_BINDINGS_LIBS) \ @BUILD_PYTHON_BINDINGS_TRUE@ $(PYTHON_LIBS) @BUILD_PYTHON_BINDINGS_TRUE@pysss_la_LDFLAGS = \ @BUILD_PYTHON_BINDINGS_TRUE@ -avoid-version \ @BUILD_PYTHON_BINDINGS_TRUE@ -module @BUILD_PYTHON_BINDINGS_TRUE@pyhbac_la_SOURCES = \ @BUILD_PYTHON_BINDINGS_TRUE@ src/python/pyhbac.c \ @BUILD_PYTHON_BINDINGS_TRUE@ src/util/sss_python.c @BUILD_PYTHON_BINDINGS_TRUE@pyhbac_la_CFLAGS = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(AM_CFLAGS) \ @BUILD_PYTHON_BINDINGS_TRUE@ $(PYTHON_CFLAGS) @BUILD_PYTHON_BINDINGS_TRUE@pyhbac_la_LIBADD = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(PYTHON_LIBS) \ @BUILD_PYTHON_BINDINGS_TRUE@ libipa_hbac.la @BUILD_PYTHON_BINDINGS_TRUE@pyhbac_la_LDFLAGS = \ @BUILD_PYTHON_BINDINGS_TRUE@ -avoid-version \ @BUILD_PYTHON_BINDINGS_TRUE@ -module @BUILD_PYTHON_BINDINGS_TRUE@pysss_murmur_la_SOURCES = \ @BUILD_PYTHON_BINDINGS_TRUE@ src/python/pysss_murmur.c \ @BUILD_PYTHON_BINDINGS_TRUE@ src/util/murmurhash3.c @BUILD_PYTHON_BINDINGS_TRUE@pysss_murmur_la_CFLAGS = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(AM_CFLAGS) \ @BUILD_PYTHON_BINDINGS_TRUE@ $(PYTHON_CFLAGS) @BUILD_PYTHON_BINDINGS_TRUE@pysss_murmur_la_LIBADD = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(PYTHON_LIBS) @BUILD_PYTHON_BINDINGS_TRUE@pysss_murmur_la_LDFLAGS = \ @BUILD_PYTHON_BINDINGS_TRUE@ -avoid-version \ @BUILD_PYTHON_BINDINGS_TRUE@ -module @BUILD_PYTHON_BINDINGS_TRUE@pysss_nss_idmap_la_SOURCES = \ @BUILD_PYTHON_BINDINGS_TRUE@ src/python/pysss_nss_idmap.c @BUILD_PYTHON_BINDINGS_TRUE@pysss_nss_idmap_la_CFLAGS = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(AM_CFLAGS) \ @BUILD_PYTHON_BINDINGS_TRUE@ $(PYTHON_CFLAGS) @BUILD_PYTHON_BINDINGS_TRUE@pysss_nss_idmap_la_LIBADD = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(PYTHON_LIBS) \ @BUILD_PYTHON_BINDINGS_TRUE@ libsss_nss_idmap.la @BUILD_PYTHON_BINDINGS_TRUE@pysss_nss_idmap_la_LDFLAGS = \ @BUILD_PYTHON_BINDINGS_TRUE@ -avoid-version \ @BUILD_PYTHON_BINDINGS_TRUE@ -module ####################### # Installation Extras # ####################### dist_init_SCRIPTS = $(am__append_37) $(am__append_38) $(am__append_39) dist_systemdunit_DATA = $(am__append_36) dist_sssddata_DATA = \ src/config/etc/sssd.api.conf dist_sssdapiplugin_DATA = \ src/config/etc/sssd.api.d/sssd-ipa.conf \ src/config/etc/sssd.api.d/sssd-ad.conf \ src/config/etc/sssd.api.d/sssd-krb5.conf \ src/config/etc/sssd.api.d/sssd-ldap.conf \ src/config/etc/sssd.api.d/sssd-local.conf \ src/config/etc/sssd.api.d/sssd-proxy.conf \ src/config/etc/sssd.api.d/sssd-simple.conf edit_cmd = $(SED) \ -e 's|@sbindir[@]|$(sbindir)|g' \ -e 's|@environment_file[@]|$(environment_file)|g' \ -e 's|@localstatedir[@]|$(localstatedir)|g' \ -e 's|@prefix[@]|$(prefix)|g' replace_script = \ @rm -f $@ $@.tmp; \ srcdir=''; \ test -f ./$@.in || srcdir=$(srcdir)/; \ $(edit_cmd) $${srcdir}$@.in >$@.tmp; \ mv $@.tmp $@ @BUILD_PYTHON_BINDINGS_TRUE@SSSDCONFIG_MODULES = \ @BUILD_PYTHON_BINDINGS_TRUE@ $(abs_builddir)/src/config/SSSDConfig/ipachangeconf.py \ @BUILD_PYTHON_BINDINGS_TRUE@ $(abs_builddir)/src/config/SSSDConfig/sssd_upgrade_config.py @BUILD_PYTHON_BINDINGS_FALSE@SSSSCONFIG_MODULES = CLEANFILES = *.X */*.X */*/*.X all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: .SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs am--refresh: Makefile @: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(top_srcdir)/configure: $(am__configure_deps) $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): $(am__aclocal_m4_deps) $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) $(am__aclocal_m4_deps): config.h: stamp-h1 @if test ! -f $@; then rm -f stamp-h1; else :; fi @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h1; else :; fi stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status config.h $(srcdir)/config.h.in: $(am__configure_deps) ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) rm -f stamp-h1 touch $@ distclean-hdr: -rm -f config.h stamp-h1 contrib/sssd.spec: $(top_builddir)/config.status $(top_srcdir)/contrib/sssd.spec.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/examples/rwtab: $(top_builddir)/config.status $(top_srcdir)/src/examples/rwtab.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/doxy.config: $(top_builddir)/config.status $(top_srcdir)/src/doxy.config.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/sysv/sssd: $(top_builddir)/config.status $(top_srcdir)/src/sysv/sssd.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/sysv/gentoo/sssd: $(top_builddir)/config.status $(top_srcdir)/src/sysv/gentoo/sssd.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/sysv/SUSE/sssd: $(top_builddir)/config.status $(top_srcdir)/src/sysv/SUSE/sssd.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/providers/ipa/ipa_hbac.pc: $(top_builddir)/config.status $(top_srcdir)/src/providers/ipa/ipa_hbac.pc.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/providers/ipa/ipa_hbac.doxy: $(top_builddir)/config.status $(top_srcdir)/src/providers/ipa/ipa_hbac.doxy.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/lib/idmap/sss_idmap.pc: $(top_builddir)/config.status $(top_srcdir)/src/lib/idmap/sss_idmap.pc.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/lib/idmap/sss_idmap.doxy: $(top_builddir)/config.status $(top_srcdir)/src/lib/idmap/sss_idmap.doxy.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/sss_client/sudo/sss_sudo.doxy: $(top_builddir)/config.status $(top_srcdir)/src/sss_client/sudo/sss_sudo.doxy.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/sss_client/idmap/sss_nss_idmap.pc: $(top_builddir)/config.status $(top_srcdir)/src/sss_client/idmap/sss_nss_idmap.pc.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/sss_client/idmap/sss_nss_idmap.doxy: $(top_builddir)/config.status $(top_srcdir)/src/sss_client/idmap/sss_nss_idmap.doxy.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/config/setup.py: $(top_builddir)/config.status $(top_srcdir)/src/config/setup.py.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/config/SSSDConfig/__init__.py: $(top_builddir)/config.status $(top_srcdir)/src/config/SSSDConfig/__init__.py.in cd $(top_builddir) && $(SHELL) ./config.status $@ install-autofslibLTLIBRARIES: $(autofslib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(autofslib_LTLIBRARIES)'; test -n "$(autofslibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(autofslibdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(autofslibdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(autofslibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(autofslibdir)"; \ } uninstall-autofslibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(autofslib_LTLIBRARIES)'; test -n "$(autofslibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(autofslibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(autofslibdir)/$$f"; \ done clean-autofslibLTLIBRARIES: -test -z "$(autofslib_LTLIBRARIES)" || rm -f $(autofslib_LTLIBRARIES) @list='$(autofslib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } clean-checkLTLIBRARIES: -test -z "$(check_LTLIBRARIES)" || rm -f $(check_LTLIBRARIES) @list='$(check_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } install-krb5authdata_pluginLTLIBRARIES: $(krb5authdata_plugin_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(krb5authdata_plugin_LTLIBRARIES)'; test -n "$(krb5authdata_plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(krb5authdata_plugindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(krb5authdata_plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(krb5authdata_plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(krb5authdata_plugindir)"; \ } uninstall-krb5authdata_pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(krb5authdata_plugin_LTLIBRARIES)'; test -n "$(krb5authdata_plugindir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(krb5authdata_plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(krb5authdata_plugindir)/$$f"; \ done clean-krb5authdata_pluginLTLIBRARIES: -test -z "$(krb5authdata_plugin_LTLIBRARIES)" || rm -f $(krb5authdata_plugin_LTLIBRARIES) @list='$(krb5authdata_plugin_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } install-krb5pluginLTLIBRARIES: $(krb5plugin_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(krb5plugin_LTLIBRARIES)'; test -n "$(krb5plugindir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(krb5plugindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(krb5plugindir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(krb5plugindir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(krb5plugindir)"; \ } uninstall-krb5pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(krb5plugin_LTLIBRARIES)'; test -n "$(krb5plugindir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(krb5plugindir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(krb5plugindir)/$$f"; \ done clean-krb5pluginLTLIBRARIES: -test -z "$(krb5plugin_LTLIBRARIES)" || rm -f $(krb5plugin_LTLIBRARIES) @list='$(krb5plugin_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } install-ldblibLTLIBRARIES: $(ldblib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(ldblib_LTLIBRARIES)'; test -n "$(ldblibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(ldblibdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(ldblibdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ldblibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ldblibdir)"; \ } uninstall-ldblibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(ldblib_LTLIBRARIES)'; test -n "$(ldblibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ldblibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ldblibdir)/$$f"; \ done clean-ldblibLTLIBRARIES: -test -z "$(ldblib_LTLIBRARIES)" || rm -f $(ldblib_LTLIBRARIES) @list='$(ldblib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } clean-noinstLTLIBRARIES: -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) @list='$(noinst_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } install-nsslibLTLIBRARIES: $(nsslib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(nsslib_LTLIBRARIES)'; test -n "$(nsslibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(nsslibdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(nsslibdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(nsslibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(nsslibdir)"; \ } uninstall-nsslibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(nsslib_LTLIBRARIES)'; test -n "$(nsslibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(nsslibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(nsslibdir)/$$f"; \ done clean-nsslibLTLIBRARIES: -test -z "$(nsslib_LTLIBRARIES)" || rm -f $(nsslib_LTLIBRARIES) @list='$(nsslib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } install-pamlibLTLIBRARIES: $(pamlib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(pamlib_LTLIBRARIES)'; test -n "$(pamlibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(pamlibdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pamlibdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pamlibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pamlibdir)"; \ } uninstall-pamlibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(pamlib_LTLIBRARIES)'; test -n "$(pamlibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pamlibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pamlibdir)/$$f"; \ done clean-pamlibLTLIBRARIES: -test -z "$(pamlib_LTLIBRARIES)" || rm -f $(pamlib_LTLIBRARIES) @list='$(pamlib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } install-pkglibLTLIBRARIES: $(pkglib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(pkglibdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pkglibdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pkglibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pkglibdir)"; \ } uninstall-pkglibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(pkglib_LTLIBRARIES)'; test -n "$(pkglibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pkglibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$f"; \ done clean-pkglibLTLIBRARIES: -test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES) @list='$(pkglib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } install-pyexecLTLIBRARIES: $(pyexec_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(pyexec_LTLIBRARIES)'; test -n "$(pyexecdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(pyexecdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pyexecdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(pyexecdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(pyexecdir)"; \ } uninstall-pyexecLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(pyexec_LTLIBRARIES)'; test -n "$(pyexecdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(pyexecdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(pyexecdir)/$$f"; \ done clean-pyexecLTLIBRARIES: -test -z "$(pyexec_LTLIBRARIES)" || rm -f $(pyexec_LTLIBRARIES) @list='$(pyexec_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } install-sssdlibLTLIBRARIES: $(sssdlib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(sssdlib_LTLIBRARIES)'; test -n "$(sssdlibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(sssdlibdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sssdlibdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(sssdlibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(sssdlibdir)"; \ } uninstall-sssdlibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(sssdlib_LTLIBRARIES)'; test -n "$(sssdlibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(sssdlibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(sssdlibdir)/$$f"; \ done clean-sssdlibLTLIBRARIES: -test -z "$(sssdlib_LTLIBRARIES)" || rm -f $(sssdlib_LTLIBRARIES) @list='$(sssdlib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } install-sudolibLTLIBRARIES: $(sudolib_LTLIBRARIES) @$(NORMAL_INSTALL) @list='$(sudolib_LTLIBRARIES)'; test -n "$(sudolibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(MKDIR_P) '$(DESTDIR)$(sudolibdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sudolibdir)" || exit 1; \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(sudolibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(sudolibdir)"; \ } uninstall-sudolibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(sudolib_LTLIBRARIES)'; test -n "$(sudolibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(sudolibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(sudolibdir)/$$f"; \ done clean-sudolibLTLIBRARIES: -test -z "$(sudolib_LTLIBRARIES)" || rm -f $(sudolib_LTLIBRARIES) @list='$(sudolib_LTLIBRARIES)'; \ locs=`for p in $$list; do echo $$p; done | \ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ sort -u`; \ test -z "$$locs" || { \ echo rm -f $${locs}; \ rm -f $${locs}; \ } src/providers/$(am__dirstamp): @$(MKDIR_P) src/providers @: > src/providers/$(am__dirstamp) src/providers/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/providers/$(DEPDIR) @: > src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/libdlopen_test_providers_la-data_provider_be.lo: \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/libdlopen_test_providers_la-data_provider_fo.lo: \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/libdlopen_test_providers_la-data_provider_opts.lo: \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/libdlopen_test_providers_la-data_provider_callbacks.lo: \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/libdlopen_test_providers_la-dp_dyndns.lo: \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/libdlopen_test_providers_la-dp_ptask.lo: \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/libdlopen_test_providers_la-dp_refresh.lo: \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/libdlopen_test_providers_la-fail_over.lo: \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/libdlopen_test_providers_la-fail_over_srv.lo: \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/resolv/$(am__dirstamp): @$(MKDIR_P) src/resolv @: > src/resolv/$(am__dirstamp) src/resolv/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/resolv/$(DEPDIR) @: > src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/libdlopen_test_providers_la-async_resolv.lo: \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/libdlopen_test_providers_la-async_resolv_utils.lo: \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/$(am__dirstamp): @$(MKDIR_P) src/resolv/ares @: > src/resolv/ares/$(am__dirstamp) src/resolv/ares/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/resolv/ares/$(DEPDIR) @: > src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/libdlopen_test_providers_la-ares_parse_srv_reply.lo: \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/libdlopen_test_providers_la-ares_data.lo: \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) libdlopen_test_providers.la: $(libdlopen_test_providers_la_OBJECTS) $(libdlopen_test_providers_la_DEPENDENCIES) $(EXTRA_libdlopen_test_providers_la_DEPENDENCIES) $(AM_V_CCLD)$(libdlopen_test_providers_la_LINK) $(am_libdlopen_test_providers_la_rpath) $(libdlopen_test_providers_la_OBJECTS) $(libdlopen_test_providers_la_LIBADD) $(LIBS) src/providers/ipa/$(am__dirstamp): @$(MKDIR_P) src/providers/ipa @: > src/providers/ipa/$(am__dirstamp) src/providers/ipa/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/providers/ipa/$(DEPDIR) @: > src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/hbac_evaluator.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/util/$(am__dirstamp): @$(MKDIR_P) src/util @: > src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/util/$(DEPDIR) @: > src/util/$(DEPDIR)/$(am__dirstamp) src/util/sss_utf8.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) libipa_hbac.la: $(libipa_hbac_la_OBJECTS) $(libipa_hbac_la_DEPENDENCIES) $(EXTRA_libipa_hbac_la_DEPENDENCIES) $(AM_V_CCLD)$(libipa_hbac_la_LINK) -rpath $(libdir) $(libipa_hbac_la_OBJECTS) $(libipa_hbac_la_LIBADD) $(LIBS) src/sss_client/$(am__dirstamp): @$(MKDIR_P) src/sss_client @: > src/sss_client/$(am__dirstamp) src/sss_client/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/sss_client/$(DEPDIR) @: > src/sss_client/$(DEPDIR)/$(am__dirstamp) src/sss_client/common.lo: src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/sss_client/nss_passwd.lo: src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/sss_client/nss_group.lo: src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/sss_client/nss_netgroup.lo: src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/sss_client/nss_services.lo: src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/sss_client/nss_mc_common.lo: src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/util/io.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/murmurhash3.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/sss_client/nss_mc_passwd.lo: src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/sss_client/nss_mc_group.lo: src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) libnss_sss.la: $(libnss_sss_la_OBJECTS) $(libnss_sss_la_DEPENDENCIES) $(EXTRA_libnss_sss_la_DEPENDENCIES) $(AM_V_CCLD)$(libnss_sss_la_LINK) -rpath $(nsslibdir) $(libnss_sss_la_OBJECTS) $(libnss_sss_la_LIBADD) $(LIBS) src/providers/ad/$(am__dirstamp): @$(MKDIR_P) src/providers/ad @: > src/providers/ad/$(am__dirstamp) src/providers/ad/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/providers/ad/$(DEPDIR) @: > src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ad_la-ad_common.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ad_la-ad_init.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ad_la-ad_dyndns.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ad_la-ad_id.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ad_la-ad_access.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ad_la-ad_srv.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ad_la-ad_subdomains.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ad_la-ad_domain_info.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/util/libsss_ad_la-find_uid.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/libsss_ad_la-user_info_msg.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/libsss_ad_la-sss_krb5.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/libsss_ad_la-sss_ldap.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ad_la-ad_sudo.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) libsss_ad.la: $(libsss_ad_la_OBJECTS) $(libsss_ad_la_DEPENDENCIES) $(EXTRA_libsss_ad_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_ad_la_LINK) -rpath $(sssdlibdir) $(libsss_ad_la_OBJECTS) $(libsss_ad_la_LIBADD) $(LIBS) src/sss_client/autofs/$(am__dirstamp): @$(MKDIR_P) src/sss_client/autofs @: > src/sss_client/autofs/$(am__dirstamp) src/sss_client/autofs/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/sss_client/autofs/$(DEPDIR) @: > src/sss_client/autofs/$(DEPDIR)/$(am__dirstamp) src/sss_client/autofs/sss_autofs.lo: \ src/sss_client/autofs/$(am__dirstamp) \ src/sss_client/autofs/$(DEPDIR)/$(am__dirstamp) libsss_autofs.la: $(libsss_autofs_la_OBJECTS) $(libsss_autofs_la_DEPENDENCIES) $(EXTRA_libsss_autofs_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_autofs_la_LINK) $(am_libsss_autofs_la_rpath) $(libsss_autofs_la_OBJECTS) $(libsss_autofs_la_LIBADD) $(LIBS) src/util/child_common.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) libsss_child.la: $(libsss_child_la_OBJECTS) $(libsss_child_la_DEPENDENCIES) $(EXTRA_libsss_child_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_child_la_LINK) -rpath $(pkglibdir) $(libsss_child_la_OBJECTS) $(libsss_child_la_LIBADD) $(LIBS) src/util/crypto/libcrypto/$(am__dirstamp): @$(MKDIR_P) src/util/crypto/libcrypto @: > src/util/crypto/libcrypto/$(am__dirstamp) src/util/crypto/libcrypto/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/util/crypto/libcrypto/$(DEPDIR) @: > src/util/crypto/libcrypto/$(DEPDIR)/$(am__dirstamp) src/util/crypto/libcrypto/libsss_crypt_la-crypto_base64.lo: \ src/util/crypto/libcrypto/$(am__dirstamp) \ src/util/crypto/libcrypto/$(DEPDIR)/$(am__dirstamp) src/util/crypto/libcrypto/libsss_crypt_la-crypto_hmac_sha1.lo: \ src/util/crypto/libcrypto/$(am__dirstamp) \ src/util/crypto/libcrypto/$(DEPDIR)/$(am__dirstamp) src/util/crypto/libcrypto/libsss_crypt_la-crypto_sha512crypt.lo: \ src/util/crypto/libcrypto/$(am__dirstamp) \ src/util/crypto/libcrypto/$(DEPDIR)/$(am__dirstamp) src/util/crypto/libcrypto/libsss_crypt_la-crypto_obfuscate.lo: \ src/util/crypto/libcrypto/$(am__dirstamp) \ src/util/crypto/libcrypto/$(DEPDIR)/$(am__dirstamp) src/util/crypto/nss/$(am__dirstamp): @$(MKDIR_P) src/util/crypto/nss @: > src/util/crypto/nss/$(am__dirstamp) src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/util/crypto/nss/$(DEPDIR) @: > src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp) src/util/crypto/nss/libsss_crypt_la-nss_base64.lo: \ src/util/crypto/nss/$(am__dirstamp) \ src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp) src/util/crypto/nss/libsss_crypt_la-nss_hmac_sha1.lo: \ src/util/crypto/nss/$(am__dirstamp) \ src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp) src/util/crypto/nss/libsss_crypt_la-nss_sha512crypt.lo: \ src/util/crypto/nss/$(am__dirstamp) \ src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp) src/util/crypto/nss/libsss_crypt_la-nss_obfuscate.lo: \ src/util/crypto/nss/$(am__dirstamp) \ src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp) src/util/crypto/nss/libsss_crypt_la-nss_util.lo: \ src/util/crypto/nss/$(am__dirstamp) \ src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp) libsss_crypt.la: $(libsss_crypt_la_OBJECTS) $(libsss_crypt_la_DEPENDENCIES) $(EXTRA_libsss_crypt_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_crypt_la_LINK) -rpath $(pkglibdir) $(libsss_crypt_la_OBJECTS) $(libsss_crypt_la_LIBADD) $(LIBS) src/util/debug.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/sss_log.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) libsss_debug.la: $(libsss_debug_la_OBJECTS) $(libsss_debug_la_DEPENDENCIES) $(EXTRA_libsss_debug_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_debug_la_LINK) -rpath $(pkglibdir) $(libsss_debug_la_OBJECTS) $(libsss_debug_la_LIBADD) $(LIBS) src/lib/idmap/$(am__dirstamp): @$(MKDIR_P) src/lib/idmap @: > src/lib/idmap/$(am__dirstamp) src/lib/idmap/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/lib/idmap/$(DEPDIR) @: > src/lib/idmap/$(DEPDIR)/$(am__dirstamp) src/lib/idmap/sss_idmap.lo: src/lib/idmap/$(am__dirstamp) \ src/lib/idmap/$(DEPDIR)/$(am__dirstamp) src/lib/idmap/sss_idmap_conv.lo: src/lib/idmap/$(am__dirstamp) \ src/lib/idmap/$(DEPDIR)/$(am__dirstamp) libsss_idmap.la: $(libsss_idmap_la_OBJECTS) $(libsss_idmap_la_DEPENDENCIES) $(EXTRA_libsss_idmap_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_idmap_la_LINK) -rpath $(libdir) $(libsss_idmap_la_OBJECTS) $(libsss_idmap_la_LIBADD) $(LIBS) src/providers/ipa/libsss_ipa_la-ipa_init.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_common.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_config.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_id.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_netgroups.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_auth.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_access.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_dyndns.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_hosts.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_subdomains.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_subdomains_id.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_subdomains_ext_groups.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_s2n_exop.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_hbac_hosts.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_hbac_rules.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_hbac_services.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_hbac_users.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_hbac_common.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_selinux.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_selinux_maps.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_selinux_common.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_srv.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_idmap.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ipa_la-ad_common.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ipa_la-ad_dyndns.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ipa_la-ad_id.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ipa_la-ad_srv.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/providers/ad/libsss_ipa_la-ad_domain_info.lo: \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/util/libsss_ipa_la-user_info_msg.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/libsss_ipa_la-find_uid.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/libsss_ipa_la-sss_ldap.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/libsss_ipa_la-sss_krb5.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_autofs.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_sudo.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/libsss_ipa_la-ipa_hostid.lo: \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) libsss_ipa.la: $(libsss_ipa_la_OBJECTS) $(libsss_ipa_la_DEPENDENCIES) $(EXTRA_libsss_ipa_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_ipa_la_LINK) -rpath $(sssdlibdir) $(libsss_ipa_la_OBJECTS) $(libsss_ipa_la_LIBADD) $(LIBS) src/providers/krb5/$(am__dirstamp): @$(MKDIR_P) src/providers/krb5 @: > src/providers/krb5/$(am__dirstamp) src/providers/krb5/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/providers/krb5/$(DEPDIR) @: > src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_krb5_la-krb5_init.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/util/libsss_krb5_la-find_uid.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/libsss_krb5_la-sss_krb5.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) libsss_krb5.la: $(libsss_krb5_la_OBJECTS) $(libsss_krb5_la_DEPENDENCIES) $(EXTRA_libsss_krb5_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_krb5_la_LINK) -rpath $(sssdlibdir) $(libsss_krb5_la_OBJECTS) $(libsss_krb5_la_LIBADD) $(LIBS) src/providers/krb5/libsss_krb5_common_la-krb5_utils.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_krb5_common_la-krb5_become_user.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_krb5_common_la-krb5_delayed_online_authentication.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_krb5_common_la-krb5_renew_tgt.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_krb5_common_la-krb5_wait_queue.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_krb5_common_la-krb5_common.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_krb5_common_la-krb5_auth.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_krb5_common_la-krb5_access.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_krb5_common_la-krb5_child_handler.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_krb5_common_la-krb5_init_shared.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) libsss_krb5_common.la: $(libsss_krb5_common_la_OBJECTS) $(libsss_krb5_common_la_DEPENDENCIES) $(EXTRA_libsss_krb5_common_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_krb5_common_la_LINK) -rpath $(pkglibdir) $(libsss_krb5_common_la_OBJECTS) $(libsss_krb5_common_la_LIBADD) $(LIBS) src/util/libsss_ldap_la-find_uid.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/$(am__dirstamp): @$(MKDIR_P) src/providers/ldap @: > src/providers/ldap/$(am__dirstamp) src/providers/ldap/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/providers/ldap/$(DEPDIR) @: > src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_la-ldap_init.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_la-ldap_access.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_ldap_la-krb5_common.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_ldap_la-krb5_utils.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/libsss_ldap_la-krb5_become_user.lo: \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/util/libsss_ldap_la-user_info_msg.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/libsss_ldap_la-sss_ldap.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/libsss_ldap_la-sss_krb5.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) libsss_ldap.la: $(libsss_ldap_la_OBJECTS) $(libsss_ldap_la_DEPENDENCIES) $(EXTRA_libsss_ldap_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_ldap_la_LINK) -rpath $(sssdlibdir) $(libsss_ldap_la_OBJECTS) $(libsss_ldap_la_LIBADD) $(LIBS) src/providers/ldap/libsss_ldap_common_la-ldap_id.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-ldap_id_enum.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_enum.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-ldap_id_cleanup.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-ldap_id_netgroup.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-ldap_id_services.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-ldap_auth.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-ldap_common.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_access.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_users.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_groups.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_nested_groups.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_groups_ad.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups_ad.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_connection.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_netgroups.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_services.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_child_helpers.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_fd_events.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_id_op.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_idmap.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_range.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_reinit.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_dyndns.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_refresh.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_sudo_cache.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_timer.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_hostinfo.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_sudo.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_autofs.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/providers/ldap/libsss_ldap_common_la-sdap_async_autofs.lo: \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) libsss_ldap_common.la: $(libsss_ldap_common_la_OBJECTS) $(libsss_ldap_common_la_DEPENDENCIES) $(EXTRA_libsss_ldap_common_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_ldap_common_la_LINK) -rpath $(pkglibdir) $(libsss_ldap_common_la_OBJECTS) $(libsss_ldap_common_la_LIBADD) $(LIBS) src/sss_client/idmap/$(am__dirstamp): @$(MKDIR_P) src/sss_client/idmap @: > src/sss_client/idmap/$(am__dirstamp) src/sss_client/idmap/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/sss_client/idmap/$(DEPDIR) @: > src/sss_client/idmap/$(DEPDIR)/$(am__dirstamp) src/sss_client/idmap/sss_nss_idmap.lo: \ src/sss_client/idmap/$(am__dirstamp) \ src/sss_client/idmap/$(DEPDIR)/$(am__dirstamp) src/util/strtonum.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) libsss_nss_idmap.la: $(libsss_nss_idmap_la_OBJECTS) $(libsss_nss_idmap_la_DEPENDENCIES) $(EXTRA_libsss_nss_idmap_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_nss_idmap_la_LINK) -rpath $(libdir) $(libsss_nss_idmap_la_OBJECTS) $(libsss_nss_idmap_la_LIBADD) $(LIBS) src/providers/proxy/$(am__dirstamp): @$(MKDIR_P) src/providers/proxy @: > src/providers/proxy/$(am__dirstamp) src/providers/proxy/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/providers/proxy/$(DEPDIR) @: > src/providers/proxy/$(DEPDIR)/$(am__dirstamp) src/providers/proxy/libsss_proxy_la-proxy_init.lo: \ src/providers/proxy/$(am__dirstamp) \ src/providers/proxy/$(DEPDIR)/$(am__dirstamp) src/providers/proxy/libsss_proxy_la-proxy_id.lo: \ src/providers/proxy/$(am__dirstamp) \ src/providers/proxy/$(DEPDIR)/$(am__dirstamp) src/providers/proxy/libsss_proxy_la-proxy_netgroup.lo: \ src/providers/proxy/$(am__dirstamp) \ src/providers/proxy/$(DEPDIR)/$(am__dirstamp) src/providers/proxy/libsss_proxy_la-proxy_services.lo: \ src/providers/proxy/$(am__dirstamp) \ src/providers/proxy/$(DEPDIR)/$(am__dirstamp) src/providers/proxy/libsss_proxy_la-proxy_auth.lo: \ src/providers/proxy/$(am__dirstamp) \ src/providers/proxy/$(DEPDIR)/$(am__dirstamp) libsss_proxy.la: $(libsss_proxy_la_OBJECTS) $(libsss_proxy_la_DEPENDENCIES) $(EXTRA_libsss_proxy_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_proxy_la_LINK) -rpath $(sssdlibdir) $(libsss_proxy_la_OBJECTS) $(libsss_proxy_la_LIBADD) $(LIBS) src/providers/simple/$(am__dirstamp): @$(MKDIR_P) src/providers/simple @: > src/providers/simple/$(am__dirstamp) src/providers/simple/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/providers/simple/$(DEPDIR) @: > src/providers/simple/$(DEPDIR)/$(am__dirstamp) src/providers/simple/libsss_simple_la-simple_access_check.lo: \ src/providers/simple/$(am__dirstamp) \ src/providers/simple/$(DEPDIR)/$(am__dirstamp) src/providers/simple/libsss_simple_la-simple_access.lo: \ src/providers/simple/$(am__dirstamp) \ src/providers/simple/$(DEPDIR)/$(am__dirstamp) libsss_simple.la: $(libsss_simple_la_OBJECTS) $(libsss_simple_la_DEPENDENCIES) $(EXTRA_libsss_simple_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_simple_la_LINK) -rpath $(sssdlibdir) $(libsss_simple_la_OBJECTS) $(libsss_simple_la_LIBADD) $(LIBS) src/sss_client/sudo/$(am__dirstamp): @$(MKDIR_P) src/sss_client/sudo @: > src/sss_client/sudo/$(am__dirstamp) src/sss_client/sudo/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/sss_client/sudo/$(DEPDIR) @: > src/sss_client/sudo/$(DEPDIR)/$(am__dirstamp) src/sss_client/sudo/sss_sudo_response.lo: \ src/sss_client/sudo/$(am__dirstamp) \ src/sss_client/sudo/$(DEPDIR)/$(am__dirstamp) src/sss_client/sudo/sss_sudo.lo: src/sss_client/sudo/$(am__dirstamp) \ src/sss_client/sudo/$(DEPDIR)/$(am__dirstamp) libsss_sudo.la: $(libsss_sudo_la_OBJECTS) $(libsss_sudo_la_DEPENDENCIES) $(EXTRA_libsss_sudo_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_sudo_la_LINK) $(am_libsss_sudo_la_rpath) $(libsss_sudo_la_OBJECTS) $(libsss_sudo_la_LIBADD) $(LIBS) src/tests/$(am__dirstamp): @$(MKDIR_P) src/tests @: > src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/tests/$(DEPDIR) @: > src/tests/$(DEPDIR)/$(am__dirstamp) src/tests/common_tev.lo: src/tests/$(am__dirstamp) \ src/tests/$(DEPDIR)/$(am__dirstamp) src/tests/common_dom.lo: src/tests/$(am__dirstamp) \ src/tests/$(DEPDIR)/$(am__dirstamp) src/tests/leak_check.lo: src/tests/$(am__dirstamp) \ src/tests/$(DEPDIR)/$(am__dirstamp) src/tests/common.lo: src/tests/$(am__dirstamp) \ src/tests/$(DEPDIR)/$(am__dirstamp) src/tests/common_check.lo: src/tests/$(am__dirstamp) \ src/tests/$(DEPDIR)/$(am__dirstamp) libsss_test_common.la: $(libsss_test_common_la_OBJECTS) $(libsss_test_common_la_DEPENDENCIES) $(EXTRA_libsss_test_common_la_DEPENDENCIES) $(AM_V_CCLD)$(LINK) $(libsss_test_common_la_OBJECTS) $(libsss_test_common_la_LIBADD) $(LIBS) src/confdb/$(am__dirstamp): @$(MKDIR_P) src/confdb @: > src/confdb/$(am__dirstamp) src/confdb/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/confdb/$(DEPDIR) @: > src/confdb/$(DEPDIR)/$(am__dirstamp) src/confdb/confdb.lo: src/confdb/$(am__dirstamp) \ src/confdb/$(DEPDIR)/$(am__dirstamp) src/db/$(am__dirstamp): @$(MKDIR_P) src/db @: > src/db/$(am__dirstamp) src/db/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/db/$(DEPDIR) @: > src/db/$(DEPDIR)/$(am__dirstamp) src/db/sysdb.lo: src/db/$(am__dirstamp) \ src/db/$(DEPDIR)/$(am__dirstamp) src/db/sysdb_ops.lo: src/db/$(am__dirstamp) \ src/db/$(DEPDIR)/$(am__dirstamp) src/db/sysdb_search.lo: src/db/$(am__dirstamp) \ src/db/$(DEPDIR)/$(am__dirstamp) src/db/sysdb_selinux.lo: src/db/$(am__dirstamp) \ src/db/$(DEPDIR)/$(am__dirstamp) src/db/sysdb_upgrade.lo: src/db/$(am__dirstamp) \ src/db/$(DEPDIR)/$(am__dirstamp) src/db/sysdb_services.lo: src/db/$(am__dirstamp) \ src/db/$(DEPDIR)/$(am__dirstamp) src/db/sysdb_autofs.lo: src/db/$(am__dirstamp) \ src/db/$(DEPDIR)/$(am__dirstamp) src/db/sysdb_subdomains.lo: src/db/$(am__dirstamp) \ src/db/$(DEPDIR)/$(am__dirstamp) src/db/sysdb_ranges.lo: src/db/$(am__dirstamp) \ src/db/$(DEPDIR)/$(am__dirstamp) src/db/sysdb_idmap.lo: src/db/$(am__dirstamp) \ src/db/$(DEPDIR)/$(am__dirstamp) src/monitor/$(am__dirstamp): @$(MKDIR_P) src/monitor @: > src/monitor/$(am__dirstamp) src/monitor/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/monitor/$(DEPDIR) @: > src/monitor/$(DEPDIR)/$(am__dirstamp) src/monitor/monitor_sbus.lo: src/monitor/$(am__dirstamp) \ src/monitor/$(DEPDIR)/$(am__dirstamp) src/providers/dp_auth_util.lo: src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/dp_pam_data_util.lo: src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/dp_sbus.lo: src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/sbus/$(am__dirstamp): @$(MKDIR_P) src/sbus @: > src/sbus/$(am__dirstamp) src/sbus/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/sbus/$(DEPDIR) @: > src/sbus/$(DEPDIR)/$(am__dirstamp) src/sbus/sbus_client.lo: src/sbus/$(am__dirstamp) \ src/sbus/$(DEPDIR)/$(am__dirstamp) src/sbus/sssd_dbus_common.lo: src/sbus/$(am__dirstamp) \ src/sbus/$(DEPDIR)/$(am__dirstamp) src/sbus/sssd_dbus_connection.lo: src/sbus/$(am__dirstamp) \ src/sbus/$(DEPDIR)/$(am__dirstamp) src/sbus/sssd_dbus_server.lo: src/sbus/$(am__dirstamp) \ src/sbus/$(DEPDIR)/$(am__dirstamp) src/util/util.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/memory.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/server.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/signal.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/usertools.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/backup_file.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/check_and_open.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/refcount.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/sss_nss.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/sss_tc_utf8.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/atomic_io.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/authtok.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/sss_selinux.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/domain_info_utils.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/util_lock.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/util_errors.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/sss_ini.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/util_sss_idmap.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/db/sysdb_sudo.lo: src/db/$(am__dirstamp) \ src/db/$(DEPDIR)/$(am__dirstamp) src/db/sysdb_ssh.lo: src/db/$(am__dirstamp) \ src/db/$(DEPDIR)/$(am__dirstamp) src/util/sss_ssh.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) libsss_util.la: $(libsss_util_la_OBJECTS) $(libsss_util_la_DEPENDENCIES) $(EXTRA_libsss_util_la_DEPENDENCIES) $(AM_V_CCLD)$(libsss_util_la_LINK) -rpath $(pkglibdir) $(libsss_util_la_OBJECTS) $(libsss_util_la_LIBADD) $(LIBS) src/ldb_modules/$(am__dirstamp): @$(MKDIR_P) src/ldb_modules @: > src/ldb_modules/$(am__dirstamp) src/ldb_modules/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/ldb_modules/$(DEPDIR) @: > src/ldb_modules/$(DEPDIR)/$(am__dirstamp) src/ldb_modules/memberof_la-memberof.lo: \ src/ldb_modules/$(am__dirstamp) \ src/ldb_modules/$(DEPDIR)/$(am__dirstamp) src/util/memberof_la-util.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) memberof.la: $(memberof_la_OBJECTS) $(memberof_la_DEPENDENCIES) $(EXTRA_memberof_la_DEPENDENCIES) $(AM_V_CCLD)$(memberof_la_LINK) -rpath $(ldblibdir) $(memberof_la_OBJECTS) $(memberof_la_LIBADD) $(LIBS) src/sss_client/pam_sss.lo: src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) pam_sss.la: $(pam_sss_la_OBJECTS) $(pam_sss_la_DEPENDENCIES) $(EXTRA_pam_sss_la_DEPENDENCIES) $(AM_V_CCLD)$(pam_sss_la_LINK) -rpath $(pamlibdir) $(pam_sss_la_OBJECTS) $(pam_sss_la_LIBADD) $(LIBS) src/python/$(am__dirstamp): @$(MKDIR_P) src/python @: > src/python/$(am__dirstamp) src/python/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/python/$(DEPDIR) @: > src/python/$(DEPDIR)/$(am__dirstamp) src/python/pyhbac_la-pyhbac.lo: src/python/$(am__dirstamp) \ src/python/$(DEPDIR)/$(am__dirstamp) src/util/pyhbac_la-sss_python.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) pyhbac.la: $(pyhbac_la_OBJECTS) $(pyhbac_la_DEPENDENCIES) $(EXTRA_pyhbac_la_DEPENDENCIES) $(AM_V_CCLD)$(pyhbac_la_LINK) $(am_pyhbac_la_rpath) $(pyhbac_la_OBJECTS) $(pyhbac_la_LIBADD) $(LIBS) src/tools/$(am__dirstamp): @$(MKDIR_P) src/tools @: > src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/tools/$(DEPDIR) @: > src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/pysss_la-sss_sync_ops.lo: src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/pysss_la-tools_util.lo: src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/pysss_la-files.lo: src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/pysss_la-selinux.lo: src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/util/pysss_la-nscd.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/python/pysss_la-pysss.lo: src/python/$(am__dirstamp) \ src/python/$(DEPDIR)/$(am__dirstamp) pysss.la: $(pysss_la_OBJECTS) $(pysss_la_DEPENDENCIES) $(EXTRA_pysss_la_DEPENDENCIES) $(AM_V_CCLD)$(pysss_la_LINK) $(am_pysss_la_rpath) $(pysss_la_OBJECTS) $(pysss_la_LIBADD) $(LIBS) src/python/pysss_murmur_la-pysss_murmur.lo: \ src/python/$(am__dirstamp) \ src/python/$(DEPDIR)/$(am__dirstamp) src/util/pysss_murmur_la-murmurhash3.lo: src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) pysss_murmur.la: $(pysss_murmur_la_OBJECTS) $(pysss_murmur_la_DEPENDENCIES) $(EXTRA_pysss_murmur_la_DEPENDENCIES) $(AM_V_CCLD)$(pysss_murmur_la_LINK) $(am_pysss_murmur_la_rpath) $(pysss_murmur_la_OBJECTS) $(pysss_murmur_la_LIBADD) $(LIBS) src/python/pysss_nss_idmap_la-pysss_nss_idmap.lo: \ src/python/$(am__dirstamp) \ src/python/$(DEPDIR)/$(am__dirstamp) pysss_nss_idmap.la: $(pysss_nss_idmap_la_OBJECTS) $(pysss_nss_idmap_la_DEPENDENCIES) $(EXTRA_pysss_nss_idmap_la_DEPENDENCIES) $(AM_V_CCLD)$(pysss_nss_idmap_la_LINK) $(am_pysss_nss_idmap_la_rpath) $(pysss_nss_idmap_la_OBJECTS) $(pysss_nss_idmap_la_LIBADD) $(LIBS) src/krb5_plugin/$(am__dirstamp): @$(MKDIR_P) src/krb5_plugin @: > src/krb5_plugin/$(am__dirstamp) src/krb5_plugin/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/krb5_plugin/$(DEPDIR) @: > src/krb5_plugin/$(DEPDIR)/$(am__dirstamp) src/krb5_plugin/sssd_krb5_locator_plugin_la-sssd_krb5_locator_plugin.lo: \ src/krb5_plugin/$(am__dirstamp) \ src/krb5_plugin/$(DEPDIR)/$(am__dirstamp) src/util/sssd_krb5_locator_plugin_la-atomic_io.lo: \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) sssd_krb5_locator_plugin.la: $(sssd_krb5_locator_plugin_la_OBJECTS) $(sssd_krb5_locator_plugin_la_DEPENDENCIES) $(EXTRA_sssd_krb5_locator_plugin_la_DEPENDENCIES) $(AM_V_CCLD)$(sssd_krb5_locator_plugin_la_LINK) $(am_sssd_krb5_locator_plugin_la_rpath) $(sssd_krb5_locator_plugin_la_OBJECTS) $(sssd_krb5_locator_plugin_la_LIBADD) $(LIBS) src/sss_client/sssd_pac_plugin_la-sssd_pac.lo: \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/sss_client/sssd_pac_plugin_la-common.lo: \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) sssd_pac_plugin.la: $(sssd_pac_plugin_la_OBJECTS) $(sssd_pac_plugin_la_DEPENDENCIES) $(EXTRA_sssd_pac_plugin_la_DEPENDENCIES) $(AM_V_CCLD)$(sssd_pac_plugin_la_LINK) $(am_sssd_pac_plugin_la_rpath) $(sssd_pac_plugin_la_OBJECTS) $(sssd_pac_plugin_la_LIBADD) $(LIBS) install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p \ || test -f $$p1 \ ; then echo "$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n;h' \ -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) files[d] = files[d] " " $$1; \ else { print "f", $$3 "/" $$4, $$1; } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ } \ ; done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' \ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(bindir)" && rm -f $$files clean-binPROGRAMS: @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list clean-checkPROGRAMS: @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list clean-noinstPROGRAMS: @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p \ || test -f $$p1 \ ; then echo "$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n;h' \ -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) files[d] = files[d] " " $$1; \ else { print "f", $$3 "/" $$4, $$1; } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ } \ ; done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' \ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(sbindir)" && rm -f $$files clean-sbinPROGRAMS: @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list install-sssdlibexecPROGRAMS: $(sssdlibexec_PROGRAMS) @$(NORMAL_INSTALL) @list='$(sssdlibexec_PROGRAMS)'; test -n "$(sssdlibexecdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sssdlibexecdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sssdlibexecdir)" || exit 1; \ fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p \ || test -f $$p1 \ ; then echo "$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n;h' \ -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) files[d] = files[d] " " $$1; \ else { print "f", $$3 "/" $$4, $$1; } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sssdlibexecdir)$$dir'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sssdlibexecdir)$$dir" || exit $$?; \ } \ ; done uninstall-sssdlibexecPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(sssdlibexec_PROGRAMS)'; test -n "$(sssdlibexecdir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' \ `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(sssdlibexecdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(sssdlibexecdir)" && rm -f $$files clean-sssdlibexecPROGRAMS: @list='$(sssdlibexec_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list src/providers/ad_access_filter_tests-data_provider_be.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_access_filter_tests-data_provider_fo.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_access_filter_tests-data_provider_opts.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_access_filter_tests-data_provider_callbacks.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_access_filter_tests-dp_dyndns.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_access_filter_tests-dp_ptask.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_access_filter_tests-dp_refresh.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_access_filter_tests-fail_over.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_access_filter_tests-fail_over_srv.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/resolv/ad_access_filter_tests-async_resolv.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ad_access_filter_tests-async_resolv_utils.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/ad_access_filter_tests-ares_parse_srv_reply.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/ad_access_filter_tests-ares_data.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/util/ad_access_filter_tests-sss_ldap.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) src/util/ad_access_filter_tests-sss_krb5.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) src/util/ad_access_filter_tests-find_uid.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) src/util/ad_access_filter_tests-user_info_msg.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) src/providers/ad/ad_access_filter_tests-ad_common.$(OBJEXT): \ src/providers/ad/$(am__dirstamp) \ src/providers/ad/$(DEPDIR)/$(am__dirstamp) src/tests/cmocka/$(am__dirstamp): @$(MKDIR_P) src/tests/cmocka @: > src/tests/cmocka/$(am__dirstamp) src/tests/cmocka/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/tests/cmocka/$(DEPDIR) @: > src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) ad_access_filter_tests$(EXEEXT): $(ad_access_filter_tests_OBJECTS) $(ad_access_filter_tests_DEPENDENCIES) $(EXTRA_ad_access_filter_tests_DEPENDENCIES) @rm -f ad_access_filter_tests$(EXEEXT) $(AM_V_CCLD)$(ad_access_filter_tests_LINK) $(ad_access_filter_tests_OBJECTS) $(ad_access_filter_tests_LDADD) $(LIBS) src/providers/ad_common_tests-data_provider_be.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_common_tests-data_provider_fo.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_common_tests-data_provider_opts.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_common_tests-data_provider_callbacks.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_common_tests-dp_dyndns.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_common_tests-dp_ptask.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_common_tests-dp_refresh.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_common_tests-fail_over.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/ad_common_tests-fail_over_srv.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/resolv/ad_common_tests-async_resolv.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ad_common_tests-async_resolv_utils.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/ad_common_tests-ares_parse_srv_reply.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/ad_common_tests-ares_data.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/util/ad_common_tests-sss_ldap.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/ad_common_tests-sss_krb5.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/ad_common_tests-find_uid.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/ad_common_tests-user_info_msg.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) src/tests/cmocka/ad_common_tests-test_ad_common.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) ad_common_tests$(EXEEXT): $(ad_common_tests_OBJECTS) $(ad_common_tests_DEPENDENCIES) $(EXTRA_ad_common_tests_DEPENDENCIES) @rm -f ad_common_tests$(EXEEXT) $(AM_V_CCLD)$(ad_common_tests_LINK) $(ad_common_tests_OBJECTS) $(ad_common_tests_LDADD) $(LIBS) src/tests/ad_ldap_opt_tests-ad_ldap_opt-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) ad_ldap_opt-tests$(EXEEXT): $(ad_ldap_opt_tests_OBJECTS) $(ad_ldap_opt_tests_DEPENDENCIES) $(EXTRA_ad_ldap_opt_tests_DEPENDENCIES) @rm -f ad_ldap_opt-tests$(EXEEXT) $(AM_V_CCLD)$(ad_ldap_opt_tests_LINK) $(ad_ldap_opt_tests_OBJECTS) $(ad_ldap_opt_tests_LDADD) $(LIBS) src/tests/auth_tests-auth-tests.$(OBJEXT): src/tests/$(am__dirstamp) \ src/tests/$(DEPDIR)/$(am__dirstamp) auth-tests$(EXEEXT): $(auth_tests_OBJECTS) $(auth_tests_DEPENDENCIES) $(EXTRA_auth_tests_DEPENDENCIES) @rm -f auth-tests$(EXEEXT) $(AM_V_CCLD)$(auth_tests_LINK) $(auth_tests_OBJECTS) $(auth_tests_LDADD) $(LIBS) src/sss_client/autofs/autofs_test_client-autofs_test_client.$(OBJEXT): \ src/sss_client/autofs/$(am__dirstamp) \ src/sss_client/autofs/$(DEPDIR)/$(am__dirstamp) src/sss_client/autofs/autofs_test_client-sss_autofs.$(OBJEXT): \ src/sss_client/autofs/$(am__dirstamp) \ src/sss_client/autofs/$(DEPDIR)/$(am__dirstamp) src/sss_client/autofs_test_client-common.$(OBJEXT): \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) autofs_test_client$(EXEEXT): $(autofs_test_client_OBJECTS) $(autofs_test_client_DEPENDENCIES) $(EXTRA_autofs_test_client_DEPENDENCIES) @rm -f autofs_test_client$(EXEEXT) $(AM_V_CCLD)$(autofs_test_client_LINK) $(autofs_test_client_OBJECTS) $(autofs_test_client_LDADD) $(LIBS) src/tests/check_and_open_tests-check_and_open-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) src/util/check_and_open_tests-check_and_open.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) check_and_open-tests$(EXEEXT): $(check_and_open_tests_OBJECTS) $(check_and_open_tests_DEPENDENCIES) $(EXTRA_check_and_open_tests_DEPENDENCIES) @rm -f check_and_open-tests$(EXEEXT) $(AM_V_CCLD)$(check_and_open_tests_LINK) $(check_and_open_tests_OBJECTS) $(check_and_open_tests_LDADD) $(LIBS) src/util/crypto/libcrypto/crypto_tests-crypto_base64.$(OBJEXT): \ src/util/crypto/libcrypto/$(am__dirstamp) \ src/util/crypto/libcrypto/$(DEPDIR)/$(am__dirstamp) src/util/crypto/libcrypto/crypto_tests-crypto_hmac_sha1.$(OBJEXT): \ src/util/crypto/libcrypto/$(am__dirstamp) \ src/util/crypto/libcrypto/$(DEPDIR)/$(am__dirstamp) src/util/crypto/libcrypto/crypto_tests-crypto_sha512crypt.$(OBJEXT): \ src/util/crypto/libcrypto/$(am__dirstamp) \ src/util/crypto/libcrypto/$(DEPDIR)/$(am__dirstamp) src/util/crypto/libcrypto/crypto_tests-crypto_obfuscate.$(OBJEXT): \ src/util/crypto/libcrypto/$(am__dirstamp) \ src/util/crypto/libcrypto/$(DEPDIR)/$(am__dirstamp) src/util/crypto/nss/crypto_tests-nss_base64.$(OBJEXT): \ src/util/crypto/nss/$(am__dirstamp) \ src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp) src/util/crypto/nss/crypto_tests-nss_hmac_sha1.$(OBJEXT): \ src/util/crypto/nss/$(am__dirstamp) \ src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp) src/util/crypto/nss/crypto_tests-nss_sha512crypt.$(OBJEXT): \ src/util/crypto/nss/$(am__dirstamp) \ src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp) src/util/crypto/nss/crypto_tests-nss_obfuscate.$(OBJEXT): \ src/util/crypto/nss/$(am__dirstamp) \ src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp) src/util/crypto/nss/crypto_tests-nss_util.$(OBJEXT): \ src/util/crypto/nss/$(am__dirstamp) \ src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp) src/tests/crypto_tests-crypto-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) crypto-tests$(EXEEXT): $(crypto_tests_OBJECTS) $(crypto_tests_DEPENDENCIES) $(EXTRA_crypto_tests_DEPENDENCIES) @rm -f crypto-tests$(EXEEXT) $(AM_V_CCLD)$(crypto_tests_LINK) $(crypto_tests_OBJECTS) $(crypto_tests_LDADD) $(LIBS) src/tests/debug_tests-debug-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) src/tests/debug_tests-common.$(OBJEXT): src/tests/$(am__dirstamp) \ src/tests/$(DEPDIR)/$(am__dirstamp) debug-tests$(EXEEXT): $(debug_tests_OBJECTS) $(debug_tests_DEPENDENCIES) $(EXTRA_debug_tests_DEPENDENCIES) @rm -f debug-tests$(EXEEXT) $(AM_V_CCLD)$(debug_tests_LINK) $(debug_tests_OBJECTS) $(debug_tests_LDADD) $(LIBS) src/tests/dlopen_tests-dlopen-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) dlopen-tests$(EXEEXT): $(dlopen_tests_OBJECTS) $(dlopen_tests_DEPENDENCIES) $(EXTRA_dlopen_tests_DEPENDENCIES) @rm -f dlopen-tests$(EXEEXT) $(AM_V_CCLD)$(dlopen_tests_LINK) $(dlopen_tests_OBJECTS) $(dlopen_tests_LDADD) $(LIBS) src/providers/dp_opt_tests-data_provider_opts.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/tests/cmocka/dp_opt_tests-test_dp_opts.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) dp_opt_tests$(EXEEXT): $(dp_opt_tests_OBJECTS) $(dp_opt_tests_DEPENDENCIES) $(EXTRA_dp_opt_tests_DEPENDENCIES) @rm -f dp_opt_tests$(EXEEXT) $(AM_V_CCLD)$(dp_opt_tests_LINK) $(dp_opt_tests_OBJECTS) $(dp_opt_tests_LDADD) $(LIBS) src/resolv/dyndns_tests-async_resolv.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/dyndns_tests-async_resolv_utils.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/dyndns_tests-ares_parse_srv_reply.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/dyndns_tests-ares_data.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/tests/cmocka/dyndns_tests-test_dyndns.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) src/providers/dyndns_tests-data_provider_opts.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) dyndns-tests$(EXEEXT): $(dyndns_tests_OBJECTS) $(dyndns_tests_DEPENDENCIES) $(EXTRA_dyndns_tests_DEPENDENCIES) @rm -f dyndns-tests$(EXEEXT) $(AM_V_CCLD)$(dyndns_tests_LINK) $(dyndns_tests_OBJECTS) $(dyndns_tests_LDADD) $(LIBS) src/tests/fail_over_tests-fail_over-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) src/providers/fail_over_tests-fail_over.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/fail_over_tests-fail_over_srv.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/resolv/fail_over_tests-async_resolv.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/fail_over_tests-async_resolv_utils.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/fail_over_tests-ares_parse_srv_reply.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/fail_over_tests-ares_data.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) fail_over-tests$(EXEEXT): $(fail_over_tests_OBJECTS) $(fail_over_tests_DEPENDENCIES) $(EXTRA_fail_over_tests_DEPENDENCIES) @rm -f fail_over-tests$(EXEEXT) $(AM_V_CCLD)$(fail_over_tests_LINK) $(fail_over_tests_OBJECTS) $(fail_over_tests_LDADD) $(LIBS) src/tests/files_tests-files-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) src/util/files_tests-check_and_open.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) src/util/files_tests-atomic_io.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/tools/files_tests-selinux.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/files_tests-files.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) files-tests$(EXEEXT): $(files_tests_OBJECTS) $(files_tests_DEPENDENCIES) $(EXTRA_files_tests_DEPENDENCIES) @rm -f files-tests$(EXEEXT) $(AM_V_CCLD)$(files_tests_LINK) $(files_tests_OBJECTS) $(files_tests_LDADD) $(LIBS) src/tests/find_uid_tests-find_uid-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) src/util/find_uid_tests-find_uid.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/find_uid_tests-atomic_io.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/find_uid_tests-strtonum.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) find_uid-tests$(EXEEXT): $(find_uid_tests_OBJECTS) $(find_uid_tests_DEPENDENCIES) $(EXTRA_find_uid_tests_DEPENDENCIES) @rm -f find_uid-tests$(EXEEXT) $(AM_V_CCLD)$(find_uid_tests_LINK) $(find_uid_tests_OBJECTS) $(find_uid_tests_LDADD) $(LIBS) src/tests/cmocka/fqnames_tests-test_fqnames.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) fqnames-tests$(EXEEXT): $(fqnames_tests_OBJECTS) $(fqnames_tests_DEPENDENCIES) $(EXTRA_fqnames_tests_DEPENDENCIES) @rm -f fqnames-tests$(EXEEXT) $(AM_V_CCLD)$(fqnames_tests_LINK) $(fqnames_tests_OBJECTS) $(fqnames_tests_LDADD) $(LIBS) src/tests/ipa_hbac_tests-ipa_hbac-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) ipa_hbac-tests$(EXEEXT): $(ipa_hbac_tests_OBJECTS) $(ipa_hbac_tests_DEPENDENCIES) $(EXTRA_ipa_hbac_tests_DEPENDENCIES) @rm -f ipa_hbac-tests$(EXEEXT) $(AM_V_CCLD)$(ipa_hbac_tests_LINK) $(ipa_hbac_tests_OBJECTS) $(ipa_hbac_tests_LDADD) $(LIBS) src/providers/ipa_ldap_opt_tests-data_provider_opts.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/tests/ipa_ldap_opt_tests-ipa_ldap_opt-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) ipa_ldap_opt-tests$(EXEEXT): $(ipa_ldap_opt_tests_OBJECTS) $(ipa_ldap_opt_tests_DEPENDENCIES) $(EXTRA_ipa_ldap_opt_tests_DEPENDENCIES) @rm -f ipa_ldap_opt-tests$(EXEEXT) $(AM_V_CCLD)$(ipa_ldap_opt_tests_LINK) $(ipa_ldap_opt_tests_OBJECTS) $(ipa_ldap_opt_tests_LDADD) $(LIBS) src/tests/krb5_child_test-krb5_child-test.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/krb5_child_test-krb5_utils.$(OBJEXT): \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/krb5_child_test-krb5_child_handler.$(OBJEXT): \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/krb5_child_test-krb5_become_user.$(OBJEXT): \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/krb5_child_test-krb5_common.$(OBJEXT): \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/util/krb5_child_test-sss_krb5.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/krb5_child_test-find_uid.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/providers/krb5_child_test-data_provider_fo.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/krb5_child_test-data_provider_opts.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/krb5_child_test-data_provider_callbacks.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/krb5_child_test-fail_over.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/krb5_child_test-fail_over_srv.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/resolv/krb5_child_test-async_resolv.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/krb5_child_test-async_resolv_utils.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/krb5_child_test-ares_parse_srv_reply.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/krb5_child_test-ares_data.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) krb5-child-test$(EXEEXT): $(krb5_child_test_OBJECTS) $(krb5_child_test_DEPENDENCIES) $(EXTRA_krb5_child_test_DEPENDENCIES) @rm -f krb5-child-test$(EXEEXT) $(AM_V_CCLD)$(krb5_child_test_LINK) $(krb5_child_test_OBJECTS) $(krb5_child_test_LDADD) $(LIBS) src/tests/krb5_utils_tests-krb5_utils-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/krb5_utils_tests-krb5_utils.$(OBJEXT): \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/krb5_utils_tests-krb5_become_user.$(OBJEXT): \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/krb5_utils_tests-krb5_common.$(OBJEXT): \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/util/krb5_utils_tests-sss_krb5.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) src/util/krb5_utils_tests-find_uid.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) src/providers/krb5_utils_tests-data_provider_fo.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/krb5_utils_tests-data_provider_opts.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/krb5_utils_tests-data_provider_callbacks.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/krb5_utils_tests-fail_over.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/krb5_utils_tests-fail_over_srv.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/resolv/krb5_utils_tests-async_resolv.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/krb5_utils_tests-async_resolv_utils.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/krb5_utils_tests-ares_parse_srv_reply.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/krb5_utils_tests-ares_data.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) krb5-utils-tests$(EXEEXT): $(krb5_utils_tests_OBJECTS) $(krb5_utils_tests_DEPENDENCIES) $(EXTRA_krb5_utils_tests_DEPENDENCIES) @rm -f krb5-utils-tests$(EXEEXT) $(AM_V_CCLD)$(krb5_utils_tests_LINK) $(krb5_utils_tests_OBJECTS) $(krb5_utils_tests_LDADD) $(LIBS) src/providers/krb5/krb5_child-krb5_become_user.$(OBJEXT): \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5/krb5_child-krb5_child.$(OBJEXT): \ src/providers/krb5/$(am__dirstamp) \ src/providers/krb5/$(DEPDIR)/$(am__dirstamp) src/providers/krb5_child-dp_pam_data_util.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/util/krb5_child-user_info_msg.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/krb5_child-sss_krb5.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/krb5_child-atomic_io.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/krb5_child-authtok.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/krb5_child-util.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/krb5_child-signal.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/sss_client/krb5_child-common.$(OBJEXT): \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) krb5_child$(EXEEXT): $(krb5_child_OBJECTS) $(krb5_child_DEPENDENCIES) $(EXTRA_krb5_child_DEPENDENCIES) @rm -f krb5_child$(EXEEXT) $(AM_V_CCLD)$(krb5_child_LINK) $(krb5_child_OBJECTS) $(krb5_child_LDADD) $(LIBS) src/providers/ldap/ldap_child-ldap_child.$(OBJEXT): \ src/providers/ldap/$(am__dirstamp) \ src/providers/ldap/$(DEPDIR)/$(am__dirstamp) src/util/ldap_child-sss_krb5.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/ldap_child-atomic_io.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/ldap_child-authtok.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/ldap_child-util.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/ldap_child-signal.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) ldap_child$(EXEEXT): $(ldap_child_OBJECTS) $(ldap_child_DEPENDENCIES) $(EXTRA_ldap_child_DEPENDENCIES) @rm -f ldap_child$(EXEEXT) $(AM_V_CCLD)$(ldap_child_LINK) $(ldap_child_OBJECTS) $(ldap_child_LDADD) $(LIBS) src/tests/cmocka/nss_srv_tests-common_mock_resp.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) src/responder/common/$(am__dirstamp): @$(MKDIR_P) src/responder/common @: > src/responder/common/$(am__dirstamp) src/responder/common/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/responder/common/$(DEPDIR) @: > src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/nss_srv_tests-responder_packet.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/nss_srv_tests-responder_cmd.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/nss_srv_tests-negcache.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/nss_srv_tests-responder_common.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/tests/cmocka/nss_srv_tests-test_nss_srv.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) src/responder/nss/$(am__dirstamp): @$(MKDIR_P) src/responder/nss @: > src/responder/nss/$(am__dirstamp) src/responder/nss/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/responder/nss/$(DEPDIR) @: > src/responder/nss/$(DEPDIR)/$(am__dirstamp) src/responder/nss/nss_srv_tests-nsssrv_cmd.$(OBJEXT): \ src/responder/nss/$(am__dirstamp) \ src/responder/nss/$(DEPDIR)/$(am__dirstamp) src/responder/nss/nss_srv_tests-nsssrv_netgroup.$(OBJEXT): \ src/responder/nss/$(am__dirstamp) \ src/responder/nss/$(DEPDIR)/$(am__dirstamp) src/responder/nss/nss_srv_tests-nsssrv_services.$(OBJEXT): \ src/responder/nss/$(am__dirstamp) \ src/responder/nss/$(DEPDIR)/$(am__dirstamp) src/responder/nss/nss_srv_tests-nsssrv_mmap_cache.$(OBJEXT): \ src/responder/nss/$(am__dirstamp) \ src/responder/nss/$(DEPDIR)/$(am__dirstamp) nss-srv-tests$(EXEEXT): $(nss_srv_tests_OBJECTS) $(nss_srv_tests_DEPENDENCIES) $(EXTRA_nss_srv_tests_DEPENDENCIES) @rm -f nss-srv-tests$(EXEEXT) $(AM_V_CCLD)$(nss_srv_tests_LINK) $(nss_srv_tests_OBJECTS) $(nss_srv_tests_LDADD) $(LIBS) src/sss_client/pam_test_client.$(OBJEXT): \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) pam_test_client$(EXEEXT): $(pam_test_client_OBJECTS) $(pam_test_client_DEPENDENCIES) $(EXTRA_pam_test_client_DEPENDENCIES) @rm -f pam_test_client$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pam_test_client_OBJECTS) $(pam_test_client_LDADD) $(LIBS) src/providers/proxy/proxy_child-proxy_child.$(OBJEXT): \ src/providers/proxy/$(am__dirstamp) \ src/providers/proxy/$(DEPDIR)/$(am__dirstamp) proxy_child$(EXEEXT): $(proxy_child_OBJECTS) $(proxy_child_DEPENDENCIES) $(EXTRA_proxy_child_DEPENDENCIES) @rm -f proxy_child$(EXEEXT) $(AM_V_CCLD)$(proxy_child_LINK) $(proxy_child_OBJECTS) $(proxy_child_LDADD) $(LIBS) src/tests/refcount_tests-refcount-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) refcount-tests$(EXEEXT): $(refcount_tests_OBJECTS) $(refcount_tests_DEPENDENCIES) $(EXTRA_refcount_tests_DEPENDENCIES) @rm -f refcount-tests$(EXEEXT) $(AM_V_CCLD)$(refcount_tests_LINK) $(refcount_tests_OBJECTS) $(refcount_tests_LDADD) $(LIBS) src/tests/resolv_tests-resolv-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) src/tests/resolv_tests-common.$(OBJEXT): src/tests/$(am__dirstamp) \ src/tests/$(DEPDIR)/$(am__dirstamp) src/resolv/resolv_tests-async_resolv.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/resolv_tests-async_resolv_utils.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/resolv_tests-ares_parse_srv_reply.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/resolv_tests-ares_data.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/resolv_tests-ares_parse_txt_reply.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) resolv-tests$(EXEEXT): $(resolv_tests_OBJECTS) $(resolv_tests_DEPENDENCIES) $(EXTRA_resolv_tests_DEPENDENCIES) @rm -f resolv-tests$(EXEEXT) $(AM_V_CCLD)$(resolv_tests_LINK) $(resolv_tests_OBJECTS) $(resolv_tests_LDADD) $(LIBS) src/tests/responder_socket_access_tests-responder_socket_access-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) src/responder/common/responder_socket_access_tests-responder_common.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/responder_socket_access_tests-responder_packet.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/responder_socket_access_tests-responder_cmd.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) responder_socket_access-tests$(EXEEXT): $(responder_socket_access_tests_OBJECTS) $(responder_socket_access_tests_DEPENDENCIES) $(EXTRA_responder_socket_access_tests_DEPENDENCIES) @rm -f responder_socket_access-tests$(EXEEXT) $(AM_V_CCLD)$(responder_socket_access_tests_LINK) $(responder_socket_access_tests_OBJECTS) $(responder_socket_access_tests_LDADD) $(LIBS) src/tests/simple_access_tests-simple_access-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) src/providers/simple/simple_access_tests-simple_access.$(OBJEXT): \ src/providers/simple/$(am__dirstamp) \ src/providers/simple/$(DEPDIR)/$(am__dirstamp) src/providers/simple/simple_access_tests-simple_access_check.$(OBJEXT): \ src/providers/simple/$(am__dirstamp) \ src/providers/simple/$(DEPDIR)/$(am__dirstamp) src/providers/simple_access_tests-data_provider_be.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/simple_access_tests-data_provider_fo.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/simple_access_tests-data_provider_opts.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/simple_access_tests-data_provider_callbacks.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/simple_access_tests-dp_ptask.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/simple_access_tests-dp_refresh.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/simple_access_tests-fail_over.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/simple_access_tests-fail_over_srv.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/resolv/simple_access_tests-async_resolv.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/simple_access_tests-async_resolv_utils.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/simple_access_tests-ares_parse_srv_reply.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/simple_access_tests-ares_data.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) simple_access-tests$(EXEEXT): $(simple_access_tests_OBJECTS) $(simple_access_tests_DEPENDENCIES) $(EXTRA_simple_access_tests_DEPENDENCIES) @rm -f simple_access-tests$(EXEEXT) $(AM_V_CCLD)$(simple_access_tests_LINK) $(simple_access_tests_OBJECTS) $(simple_access_tests_LDADD) $(LIBS) src/tools/sss_cache-sss_cache.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/sss_client/sss_cache-common.$(OBJEXT): \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/tools/sss_cache-tools_mc_util.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_cache-sss_sync_ops.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_cache-tools_util.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_cache-files.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_cache-selinux.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/util/sss_cache-nscd.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) sss_cache$(EXEEXT): $(sss_cache_OBJECTS) $(sss_cache_DEPENDENCIES) $(EXTRA_sss_cache_DEPENDENCIES) @rm -f sss_cache$(EXEEXT) $(AM_V_CCLD)$(sss_cache_LINK) $(sss_cache_OBJECTS) $(sss_cache_LDADD) $(LIBS) src/tools/sss_debuglevel.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_sync_ops.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/tools_util.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/files.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/selinux.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/util/nscd.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) sss_debuglevel$(EXEEXT): $(sss_debuglevel_OBJECTS) $(sss_debuglevel_DEPENDENCIES) $(EXTRA_sss_debuglevel_DEPENDENCIES) @rm -f sss_debuglevel$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sss_debuglevel_OBJECTS) $(sss_debuglevel_LDADD) $(LIBS) src/tools/sss_groupadd.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) sss_groupadd$(EXEEXT): $(sss_groupadd_OBJECTS) $(sss_groupadd_DEPENDENCIES) $(EXTRA_sss_groupadd_DEPENDENCIES) @rm -f sss_groupadd$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sss_groupadd_OBJECTS) $(sss_groupadd_LDADD) $(LIBS) src/tools/sss_groupdel-sss_groupdel.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/sss_client/sss_groupdel-common.$(OBJEXT): \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/tools/sss_groupdel-tools_mc_util.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_groupdel-sss_sync_ops.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_groupdel-tools_util.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_groupdel-files.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_groupdel-selinux.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/util/sss_groupdel-nscd.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) sss_groupdel$(EXEEXT): $(sss_groupdel_OBJECTS) $(sss_groupdel_DEPENDENCIES) $(EXTRA_sss_groupdel_DEPENDENCIES) @rm -f sss_groupdel$(EXEEXT) $(AM_V_CCLD)$(sss_groupdel_LINK) $(sss_groupdel_OBJECTS) $(sss_groupdel_LDADD) $(LIBS) src/tools/sss_groupmod-sss_groupmod.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/sss_client/sss_groupmod-common.$(OBJEXT): \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/tools/sss_groupmod-tools_mc_util.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_groupmod-sss_sync_ops.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_groupmod-tools_util.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_groupmod-files.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_groupmod-selinux.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/util/sss_groupmod-nscd.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) sss_groupmod$(EXEEXT): $(sss_groupmod_OBJECTS) $(sss_groupmod_DEPENDENCIES) $(EXTRA_sss_groupmod_DEPENDENCIES) @rm -f sss_groupmod$(EXEEXT) $(AM_V_CCLD)$(sss_groupmod_LINK) $(sss_groupmod_OBJECTS) $(sss_groupmod_LDADD) $(LIBS) src/tools/sss_groupshow.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) sss_groupshow$(EXEEXT): $(sss_groupshow_OBJECTS) $(sss_groupshow_DEPENDENCIES) $(EXTRA_sss_groupshow_DEPENDENCIES) @rm -f sss_groupshow$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sss_groupshow_OBJECTS) $(sss_groupshow_LDADD) $(LIBS) src/tests/sss_idmap_tests-sss_idmap-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) sss_idmap-tests$(EXEEXT): $(sss_idmap_tests_OBJECTS) $(sss_idmap_tests_DEPENDENCIES) $(EXTRA_sss_idmap_tests_DEPENDENCIES) @rm -f sss_idmap-tests$(EXEEXT) $(AM_V_CCLD)$(sss_idmap_tests_LINK) $(sss_idmap_tests_OBJECTS) $(sss_idmap_tests_LDADD) $(LIBS) src/tests/cmocka/sss_nss_idmap_tests-sss_nss_idmap-tests.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) sss_nss_idmap-tests$(EXEEXT): $(sss_nss_idmap_tests_OBJECTS) $(sss_nss_idmap_tests_DEPENDENCIES) $(EXTRA_sss_nss_idmap_tests_DEPENDENCIES) @rm -f sss_nss_idmap-tests$(EXEEXT) $(AM_V_CCLD)$(sss_nss_idmap_tests_LINK) $(sss_nss_idmap_tests_OBJECTS) $(sss_nss_idmap_tests_LDADD) $(LIBS) src/tools/sss_seed.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) sss_seed$(EXEEXT): $(sss_seed_OBJECTS) $(sss_seed_DEPENDENCIES) $(EXTRA_sss_seed_DEPENDENCIES) @rm -f sss_seed$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sss_seed_OBJECTS) $(sss_seed_LDADD) $(LIBS) src/sss_client/sss_ssh_authorizedkeys-common.$(OBJEXT): \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/sss_client/ssh/$(am__dirstamp): @$(MKDIR_P) src/sss_client/ssh @: > src/sss_client/ssh/$(am__dirstamp) src/sss_client/ssh/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/sss_client/ssh/$(DEPDIR) @: > src/sss_client/ssh/$(DEPDIR)/$(am__dirstamp) src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.$(OBJEXT): \ src/sss_client/ssh/$(am__dirstamp) \ src/sss_client/ssh/$(DEPDIR)/$(am__dirstamp) src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.$(OBJEXT): \ src/sss_client/ssh/$(am__dirstamp) \ src/sss_client/ssh/$(DEPDIR)/$(am__dirstamp) sss_ssh_authorizedkeys$(EXEEXT): $(sss_ssh_authorizedkeys_OBJECTS) $(sss_ssh_authorizedkeys_DEPENDENCIES) $(EXTRA_sss_ssh_authorizedkeys_DEPENDENCIES) @rm -f sss_ssh_authorizedkeys$(EXEEXT) $(AM_V_CCLD)$(sss_ssh_authorizedkeys_LINK) $(sss_ssh_authorizedkeys_OBJECTS) $(sss_ssh_authorizedkeys_LDADD) $(LIBS) src/sss_client/sss_ssh_knownhostsproxy-common.$(OBJEXT): \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.$(OBJEXT): \ src/sss_client/ssh/$(am__dirstamp) \ src/sss_client/ssh/$(DEPDIR)/$(am__dirstamp) src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.$(OBJEXT): \ src/sss_client/ssh/$(am__dirstamp) \ src/sss_client/ssh/$(DEPDIR)/$(am__dirstamp) sss_ssh_knownhostsproxy$(EXEEXT): $(sss_ssh_knownhostsproxy_OBJECTS) $(sss_ssh_knownhostsproxy_DEPENDENCIES) $(EXTRA_sss_ssh_knownhostsproxy_DEPENDENCIES) @rm -f sss_ssh_knownhostsproxy$(EXEEXT) $(AM_V_CCLD)$(sss_ssh_knownhostsproxy_LINK) $(sss_ssh_knownhostsproxy_OBJECTS) $(sss_ssh_knownhostsproxy_LDADD) $(LIBS) src/sss_client/sss_sudo_cli-common.$(OBJEXT): \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/sss_client/sudo/sss_sudo_cli-sss_sudo.$(OBJEXT): \ src/sss_client/sudo/$(am__dirstamp) \ src/sss_client/sudo/$(DEPDIR)/$(am__dirstamp) src/sss_client/sudo/sss_sudo_cli-sss_sudo_response.$(OBJEXT): \ src/sss_client/sudo/$(am__dirstamp) \ src/sss_client/sudo/$(DEPDIR)/$(am__dirstamp) src/sss_client/sudo_testcli/$(am__dirstamp): @$(MKDIR_P) src/sss_client/sudo_testcli @: > src/sss_client/sudo_testcli/$(am__dirstamp) src/sss_client/sudo_testcli/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/sss_client/sudo_testcli/$(DEPDIR) @: > src/sss_client/sudo_testcli/$(DEPDIR)/$(am__dirstamp) src/sss_client/sudo_testcli/sss_sudo_cli-sudo_testcli.$(OBJEXT): \ src/sss_client/sudo_testcli/$(am__dirstamp) \ src/sss_client/sudo_testcli/$(DEPDIR)/$(am__dirstamp) sss_sudo_cli$(EXEEXT): $(sss_sudo_cli_OBJECTS) $(sss_sudo_cli_DEPENDENCIES) $(EXTRA_sss_sudo_cli_DEPENDENCIES) @rm -f sss_sudo_cli$(EXEEXT) $(AM_V_CCLD)$(sss_sudo_cli_LINK) $(sss_sudo_cli_OBJECTS) $(sss_sudo_cli_LDADD) $(LIBS) src/tools/sss_useradd.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) sss_useradd$(EXEEXT): $(sss_useradd_OBJECTS) $(sss_useradd_DEPENDENCIES) $(EXTRA_sss_useradd_DEPENDENCIES) @rm -f sss_useradd$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sss_useradd_OBJECTS) $(sss_useradd_LDADD) $(LIBS) src/tools/sss_userdel-sss_userdel.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/util/sss_userdel-find_uid.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/sss_client/sss_userdel-common.$(OBJEXT): \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/tools/sss_userdel-tools_mc_util.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_userdel-sss_sync_ops.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_userdel-tools_util.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_userdel-files.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_userdel-selinux.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/util/sss_userdel-nscd.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) sss_userdel$(EXEEXT): $(sss_userdel_OBJECTS) $(sss_userdel_DEPENDENCIES) $(EXTRA_sss_userdel_DEPENDENCIES) @rm -f sss_userdel$(EXEEXT) $(AM_V_CCLD)$(sss_userdel_LINK) $(sss_userdel_OBJECTS) $(sss_userdel_LDADD) $(LIBS) src/tools/sss_usermod-sss_usermod.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/sss_client/sss_usermod-common.$(OBJEXT): \ src/sss_client/$(am__dirstamp) \ src/sss_client/$(DEPDIR)/$(am__dirstamp) src/tools/sss_usermod-tools_mc_util.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_usermod-sss_sync_ops.$(OBJEXT): \ src/tools/$(am__dirstamp) src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_usermod-tools_util.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_usermod-files.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/tools/sss_usermod-selinux.$(OBJEXT): src/tools/$(am__dirstamp) \ src/tools/$(DEPDIR)/$(am__dirstamp) src/util/sss_usermod-nscd.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) sss_usermod$(EXEEXT): $(sss_usermod_OBJECTS) $(sss_usermod_DEPENDENCIES) $(EXTRA_sss_usermod_DEPENDENCIES) @rm -f sss_usermod$(EXEEXT) $(AM_V_CCLD)$(sss_usermod_LINK) $(sss_usermod_OBJECTS) $(sss_usermod_LDADD) $(LIBS) src/monitor/monitor.$(OBJEXT): src/monitor/$(am__dirstamp) \ src/monitor/$(DEPDIR)/$(am__dirstamp) src/monitor/monitor_netlink.$(OBJEXT): src/monitor/$(am__dirstamp) \ src/monitor/$(DEPDIR)/$(am__dirstamp) src/confdb/confdb_setup.$(OBJEXT): src/confdb/$(am__dirstamp) \ src/confdb/$(DEPDIR)/$(am__dirstamp) sssd$(EXEEXT): $(sssd_OBJECTS) $(sssd_DEPENDENCIES) $(EXTRA_sssd_DEPENDENCIES) @rm -f sssd$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sssd_OBJECTS) $(sssd_LDADD) $(LIBS) src/responder/autofs/$(am__dirstamp): @$(MKDIR_P) src/responder/autofs @: > src/responder/autofs/$(am__dirstamp) src/responder/autofs/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/responder/autofs/$(DEPDIR) @: > src/responder/autofs/$(DEPDIR)/$(am__dirstamp) src/responder/autofs/autofssrv.$(OBJEXT): \ src/responder/autofs/$(am__dirstamp) \ src/responder/autofs/$(DEPDIR)/$(am__dirstamp) src/responder/autofs/autofssrv_cmd.$(OBJEXT): \ src/responder/autofs/$(am__dirstamp) \ src/responder/autofs/$(DEPDIR)/$(am__dirstamp) src/responder/autofs/autofssrv_dp.$(OBJEXT): \ src/responder/autofs/$(am__dirstamp) \ src/responder/autofs/$(DEPDIR)/$(am__dirstamp) src/responder/common/negcache.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/responder_cmd.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/responder_common.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/responder_dp.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/responder_packet.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/responder_get_domains.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) sssd_autofs$(EXEEXT): $(sssd_autofs_OBJECTS) $(sssd_autofs_DEPENDENCIES) $(EXTRA_sssd_autofs_DEPENDENCIES) @rm -f sssd_autofs$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sssd_autofs_OBJECTS) $(sssd_autofs_LDADD) $(LIBS) src/providers/data_provider_be.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/data_provider_fo.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/data_provider_opts.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/data_provider_callbacks.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/dp_dyndns.$(OBJEXT): src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/dp_ptask.$(OBJEXT): src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/dp_refresh.$(OBJEXT): src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/fail_over.$(OBJEXT): src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/fail_over_srv.$(OBJEXT): src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/resolv/async_resolv.$(OBJEXT): src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/async_resolv_utils.$(OBJEXT): src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/ares_parse_srv_reply.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/ares_data.$(OBJEXT): src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) sssd_be$(EXEEXT): $(sssd_be_OBJECTS) $(sssd_be_DEPENDENCIES) $(EXTRA_sssd_be_DEPENDENCIES) @rm -f sssd_be$(EXEEXT) $(AM_V_CCLD)$(sssd_be_LINK) $(sssd_be_OBJECTS) $(sssd_be_LDADD) $(LIBS) src/responder/nss/nsssrv.$(OBJEXT): src/responder/nss/$(am__dirstamp) \ src/responder/nss/$(DEPDIR)/$(am__dirstamp) src/responder/nss/nsssrv_cmd.$(OBJEXT): \ src/responder/nss/$(am__dirstamp) \ src/responder/nss/$(DEPDIR)/$(am__dirstamp) src/responder/nss/nsssrv_netgroup.$(OBJEXT): \ src/responder/nss/$(am__dirstamp) \ src/responder/nss/$(DEPDIR)/$(am__dirstamp) src/responder/nss/nsssrv_services.$(OBJEXT): \ src/responder/nss/$(am__dirstamp) \ src/responder/nss/$(DEPDIR)/$(am__dirstamp) src/responder/nss/nsssrv_mmap_cache.$(OBJEXT): \ src/responder/nss/$(am__dirstamp) \ src/responder/nss/$(DEPDIR)/$(am__dirstamp) sssd_nss$(EXEEXT): $(sssd_nss_OBJECTS) $(sssd_nss_DEPENDENCIES) $(EXTRA_sssd_nss_DEPENDENCIES) @rm -f sssd_nss$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sssd_nss_OBJECTS) $(sssd_nss_LDADD) $(LIBS) src/responder/pac/$(am__dirstamp): @$(MKDIR_P) src/responder/pac @: > src/responder/pac/$(am__dirstamp) src/responder/pac/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/responder/pac/$(DEPDIR) @: > src/responder/pac/$(DEPDIR)/$(am__dirstamp) src/responder/pac/sssd_pac-pacsrv.$(OBJEXT): \ src/responder/pac/$(am__dirstamp) \ src/responder/pac/$(DEPDIR)/$(am__dirstamp) src/responder/pac/sssd_pac-pacsrv_cmd.$(OBJEXT): \ src/responder/pac/$(am__dirstamp) \ src/responder/pac/$(DEPDIR)/$(am__dirstamp) src/responder/pac/sssd_pac-pacsrv_utils.$(OBJEXT): \ src/responder/pac/$(am__dirstamp) \ src/responder/pac/$(DEPDIR)/$(am__dirstamp) src/responder/common/sssd_pac-negcache.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/sssd_pac-responder_cmd.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/sssd_pac-responder_common.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/sssd_pac-responder_dp.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/sssd_pac-responder_packet.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) src/responder/common/sssd_pac-responder_get_domains.$(OBJEXT): \ src/responder/common/$(am__dirstamp) \ src/responder/common/$(DEPDIR)/$(am__dirstamp) sssd_pac$(EXEEXT): $(sssd_pac_OBJECTS) $(sssd_pac_DEPENDENCIES) $(EXTRA_sssd_pac_DEPENDENCIES) @rm -f sssd_pac$(EXEEXT) $(AM_V_CCLD)$(sssd_pac_LINK) $(sssd_pac_OBJECTS) $(sssd_pac_LDADD) $(LIBS) src/responder/pam/$(am__dirstamp): @$(MKDIR_P) src/responder/pam @: > src/responder/pam/$(am__dirstamp) src/responder/pam/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/responder/pam/$(DEPDIR) @: > src/responder/pam/$(DEPDIR)/$(am__dirstamp) src/responder/pam/pam_LOCAL_domain.$(OBJEXT): \ src/responder/pam/$(am__dirstamp) \ src/responder/pam/$(DEPDIR)/$(am__dirstamp) src/responder/pam/pamsrv.$(OBJEXT): src/responder/pam/$(am__dirstamp) \ src/responder/pam/$(DEPDIR)/$(am__dirstamp) src/responder/pam/pamsrv_cmd.$(OBJEXT): \ src/responder/pam/$(am__dirstamp) \ src/responder/pam/$(DEPDIR)/$(am__dirstamp) src/responder/pam/pamsrv_dp.$(OBJEXT): \ src/responder/pam/$(am__dirstamp) \ src/responder/pam/$(DEPDIR)/$(am__dirstamp) src/responder/pam/pam_helpers.$(OBJEXT): \ src/responder/pam/$(am__dirstamp) \ src/responder/pam/$(DEPDIR)/$(am__dirstamp) sssd_pam$(EXEEXT): $(sssd_pam_OBJECTS) $(sssd_pam_DEPENDENCIES) $(EXTRA_sssd_pam_DEPENDENCIES) @rm -f sssd_pam$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sssd_pam_OBJECTS) $(sssd_pam_LDADD) $(LIBS) src/responder/ssh/$(am__dirstamp): @$(MKDIR_P) src/responder/ssh @: > src/responder/ssh/$(am__dirstamp) src/responder/ssh/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/responder/ssh/$(DEPDIR) @: > src/responder/ssh/$(DEPDIR)/$(am__dirstamp) src/responder/ssh/sshsrv.$(OBJEXT): src/responder/ssh/$(am__dirstamp) \ src/responder/ssh/$(DEPDIR)/$(am__dirstamp) src/responder/ssh/sshsrv_dp.$(OBJEXT): \ src/responder/ssh/$(am__dirstamp) \ src/responder/ssh/$(DEPDIR)/$(am__dirstamp) src/responder/ssh/sshsrv_cmd.$(OBJEXT): \ src/responder/ssh/$(am__dirstamp) \ src/responder/ssh/$(DEPDIR)/$(am__dirstamp) sssd_ssh$(EXEEXT): $(sssd_ssh_OBJECTS) $(sssd_ssh_DEPENDENCIES) $(EXTRA_sssd_ssh_DEPENDENCIES) @rm -f sssd_ssh$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sssd_ssh_OBJECTS) $(sssd_ssh_LDADD) $(LIBS) src/responder/sudo/$(am__dirstamp): @$(MKDIR_P) src/responder/sudo @: > src/responder/sudo/$(am__dirstamp) src/responder/sudo/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) src/responder/sudo/$(DEPDIR) @: > src/responder/sudo/$(DEPDIR)/$(am__dirstamp) src/responder/sudo/sudosrv.$(OBJEXT): \ src/responder/sudo/$(am__dirstamp) \ src/responder/sudo/$(DEPDIR)/$(am__dirstamp) src/responder/sudo/sudosrv_cmd.$(OBJEXT): \ src/responder/sudo/$(am__dirstamp) \ src/responder/sudo/$(DEPDIR)/$(am__dirstamp) src/responder/sudo/sudosrv_get_sudorules.$(OBJEXT): \ src/responder/sudo/$(am__dirstamp) \ src/responder/sudo/$(DEPDIR)/$(am__dirstamp) src/responder/sudo/sudosrv_query.$(OBJEXT): \ src/responder/sudo/$(am__dirstamp) \ src/responder/sudo/$(DEPDIR)/$(am__dirstamp) src/responder/sudo/sudosrv_dp.$(OBJEXT): \ src/responder/sudo/$(am__dirstamp) \ src/responder/sudo/$(DEPDIR)/$(am__dirstamp) sssd_sudo$(EXEEXT): $(sssd_sudo_OBJECTS) $(sssd_sudo_DEPENDENCIES) $(EXTRA_sssd_sudo_DEPENDENCIES) @rm -f sssd_sudo$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sssd_sudo_OBJECTS) $(sssd_sudo_LDADD) $(LIBS) src/tests/stress-tests.$(OBJEXT): src/tests/$(am__dirstamp) \ src/tests/$(DEPDIR)/$(am__dirstamp) stress-tests$(EXEEXT): $(stress_tests_OBJECTS) $(stress_tests_DEPENDENCIES) $(EXTRA_stress_tests_DEPENDENCIES) @rm -f stress-tests$(EXEEXT) $(AM_V_CCLD)$(LINK) $(stress_tests_OBJECTS) $(stress_tests_LDADD) $(LIBS) src/tests/strtonum_tests-strtonum-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) src/util/strtonum_tests-strtonum.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) strtonum-tests$(EXEEXT): $(strtonum_tests_OBJECTS) $(strtonum_tests_DEPENDENCIES) $(EXTRA_strtonum_tests_DEPENDENCIES) @rm -f strtonum-tests$(EXEEXT) $(AM_V_CCLD)$(strtonum_tests_LINK) $(strtonum_tests_OBJECTS) $(strtonum_tests_LDADD) $(LIBS) src/tests/sysdb_tests-sysdb-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) sysdb-tests$(EXEEXT): $(sysdb_tests_OBJECTS) $(sysdb_tests_DEPENDENCIES) $(EXTRA_sysdb_tests_DEPENDENCIES) @rm -f sysdb-tests$(EXEEXT) $(AM_V_CCLD)$(sysdb_tests_LINK) $(sysdb_tests_OBJECTS) $(sysdb_tests_LDADD) $(LIBS) src/tests/sysdb_ssh_tests-sysdb_ssh-tests.$(OBJEXT): \ src/tests/$(am__dirstamp) src/tests/$(DEPDIR)/$(am__dirstamp) sysdb_ssh-tests$(EXEEXT): $(sysdb_ssh_tests_OBJECTS) $(sysdb_ssh_tests_DEPENDENCIES) $(EXTRA_sysdb_ssh_tests_DEPENDENCIES) @rm -f sysdb_ssh-tests$(EXEEXT) $(AM_V_CCLD)$(sysdb_ssh_tests_LINK) $(sysdb_ssh_tests_OBJECTS) $(sysdb_ssh_tests_LDADD) $(LIBS) src/tests/cmocka/test_find_uid-test_find_uid.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) src/util/test_find_uid-find_uid.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/test_find_uid-atomic_io.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/util/test_find_uid-strtonum.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) test-find-uid$(EXEEXT): $(test_find_uid_OBJECTS) $(test_find_uid_DEPENDENCIES) $(EXTRA_test_find_uid_DEPENDENCIES) @rm -f test-find-uid$(EXEEXT) $(AM_V_CCLD)$(test_find_uid_LINK) $(test_find_uid_OBJECTS) $(test_find_uid_LDADD) $(LIBS) src/tests/cmocka/test_io-test_io.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) src/util/test_io-io.$(OBJEXT): src/util/$(am__dirstamp) \ src/util/$(DEPDIR)/$(am__dirstamp) src/tests/test_io-common.$(OBJEXT): src/tests/$(am__dirstamp) \ src/tests/$(DEPDIR)/$(am__dirstamp) test-io$(EXEEXT): $(test_io_OBJECTS) $(test_io_DEPENDENCIES) $(EXTRA_test_io_DEPENDENCIES) @rm -f test-io$(EXEEXT) $(AM_V_CCLD)$(test_io_LINK) $(test_io_OBJECTS) $(test_io_LDADD) $(LIBS) src/tests/cmocka/test_ipa_idmap-test_ipa_idmap.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) src/providers/ipa/test_ipa_idmap-ipa_idmap.$(OBJEXT): \ src/providers/ipa/$(am__dirstamp) \ src/providers/ipa/$(DEPDIR)/$(am__dirstamp) test_ipa_idmap$(EXEEXT): $(test_ipa_idmap_OBJECTS) $(test_ipa_idmap_DEPENDENCIES) $(EXTRA_test_ipa_idmap_DEPENDENCIES) @rm -f test_ipa_idmap$(EXEEXT) $(AM_V_CCLD)$(test_ipa_idmap_LINK) $(test_ipa_idmap_OBJECTS) $(test_ipa_idmap_LDADD) $(LIBS) src/providers/test_search_bases-data_provider_be.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/test_search_bases-data_provider_fo.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/test_search_bases-data_provider_opts.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/test_search_bases-data_provider_callbacks.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/test_search_bases-dp_dyndns.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/test_search_bases-dp_ptask.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/test_search_bases-dp_refresh.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/test_search_bases-fail_over.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/providers/test_search_bases-fail_over_srv.$(OBJEXT): \ src/providers/$(am__dirstamp) \ src/providers/$(DEPDIR)/$(am__dirstamp) src/resolv/test_search_bases-async_resolv.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/test_search_bases-async_resolv_utils.$(OBJEXT): \ src/resolv/$(am__dirstamp) \ src/resolv/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/test_search_bases-ares_parse_srv_reply.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/resolv/ares/test_search_bases-ares_data.$(OBJEXT): \ src/resolv/ares/$(am__dirstamp) \ src/resolv/ares/$(DEPDIR)/$(am__dirstamp) src/util/test_search_bases-sss_ldap.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) src/util/test_search_bases-sss_krb5.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) src/util/test_search_bases-find_uid.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) src/util/test_search_bases-user_info_msg.$(OBJEXT): \ src/util/$(am__dirstamp) src/util/$(DEPDIR)/$(am__dirstamp) src/tests/cmocka/test_search_bases-test_search_bases.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) test_search_bases$(EXEEXT): $(test_search_bases_OBJECTS) $(test_search_bases_DEPENDENCIES) $(EXTRA_test_search_bases_DEPENDENCIES) @rm -f test_search_bases$(EXEEXT) $(AM_V_CCLD)$(test_search_bases_LINK) $(test_search_bases_OBJECTS) $(test_search_bases_LDADD) $(LIBS) src/tests/cmocka/test_sss_idmap-test_sss_idmap.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) test_sss_idmap$(EXEEXT): $(test_sss_idmap_OBJECTS) $(test_sss_idmap_DEPENDENCIES) $(EXTRA_test_sss_idmap_DEPENDENCIES) @rm -f test_sss_idmap$(EXEEXT) $(AM_V_CCLD)$(test_sss_idmap_LINK) $(test_sss_idmap_OBJECTS) $(test_sss_idmap_LDADD) $(LIBS) src/tests/cmocka/test_utils-test_utils.$(OBJEXT): \ src/tests/cmocka/$(am__dirstamp) \ src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) test_utils$(EXEEXT): $(test_utils_OBJECTS) $(test_utils_DEPENDENCIES) $(EXTRA_test_utils_DEPENDENCIES) @rm -f test_utils$(EXEEXT) $(AM_V_CCLD)$(test_utils_LINK) $(test_utils_OBJECTS) $(test_utils_LDADD) $(LIBS) src/tests/util_tests-util-tests.$(OBJEXT): src/tests/$(am__dirstamp) \ src/tests/$(DEPDIR)/$(am__dirstamp) util-tests$(EXEEXT): $(util_tests_OBJECTS) $(util_tests_DEPENDENCIES) $(EXTRA_util_tests_DEPENDENCIES) @rm -f util-tests$(EXEEXT) $(AM_V_CCLD)$(util_tests_LINK) $(util_tests_OBJECTS) $(util_tests_LDADD) $(LIBS) install-dist_initSCRIPTS: $(dist_init_SCRIPTS) @$(NORMAL_INSTALL) @list='$(dist_init_SCRIPTS)'; test -n "$(initdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(initdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(initdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n' \ -e 'h;s|.*|.|' \ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) { files[d] = files[d] " " $$1; \ if (++n[d] == $(am__install_max)) { \ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ else { print "f", d "/" $$4, $$1 } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(initdir)$$dir'"; \ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(initdir)$$dir" || exit $$?; \ } \ ; done uninstall-dist_initSCRIPTS: @$(NORMAL_UNINSTALL) @list='$(dist_init_SCRIPTS)'; test -n "$(initdir)" || exit 0; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 's,.*/,,;$(transform)'`; \ dir='$(DESTDIR)$(initdir)'; $(am__uninstall_files_from_dir) install-dist_sss_obfuscate_pythonSCRIPTS: $(dist_sss_obfuscate_python_SCRIPTS) @$(NORMAL_INSTALL) @list='$(dist_sss_obfuscate_python_SCRIPTS)'; test -n "$(sss_obfuscate_pythondir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sss_obfuscate_pythondir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sss_obfuscate_pythondir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n' \ -e 'h;s|.*|.|' \ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) { files[d] = files[d] " " $$1; \ if (++n[d] == $(am__install_max)) { \ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ else { print "f", d "/" $$4, $$1 } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(sss_obfuscate_pythondir)$$dir'"; \ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(sss_obfuscate_pythondir)$$dir" || exit $$?; \ } \ ; done uninstall-dist_sss_obfuscate_pythonSCRIPTS: @$(NORMAL_UNINSTALL) @list='$(dist_sss_obfuscate_python_SCRIPTS)'; test -n "$(sss_obfuscate_pythondir)" || exit 0; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 's,.*/,,;$(transform)'`; \ dir='$(DESTDIR)$(sss_obfuscate_pythondir)'; $(am__uninstall_files_from_dir) mostlyclean-compile: -rm -f *.$(OBJEXT) -rm -f src/confdb/*.$(OBJEXT) -rm -f src/confdb/*.lo -rm -f src/db/*.$(OBJEXT) -rm -f src/db/*.lo -rm -f src/krb5_plugin/*.$(OBJEXT) -rm -f src/krb5_plugin/*.lo -rm -f src/ldb_modules/*.$(OBJEXT) -rm -f src/ldb_modules/*.lo -rm -f src/lib/idmap/*.$(OBJEXT) -rm -f src/lib/idmap/*.lo -rm -f src/monitor/*.$(OBJEXT) -rm -f src/monitor/*.lo -rm -f src/providers/*.$(OBJEXT) -rm -f src/providers/*.lo -rm -f src/providers/ad/*.$(OBJEXT) -rm -f src/providers/ad/*.lo -rm -f src/providers/ipa/*.$(OBJEXT) -rm -f src/providers/ipa/*.lo -rm -f src/providers/krb5/*.$(OBJEXT) -rm -f src/providers/krb5/*.lo -rm -f src/providers/ldap/*.$(OBJEXT) -rm -f src/providers/ldap/*.lo -rm -f src/providers/proxy/*.$(OBJEXT) -rm -f src/providers/proxy/*.lo -rm -f src/providers/simple/*.$(OBJEXT) -rm -f src/providers/simple/*.lo -rm -f src/python/*.$(OBJEXT) -rm -f src/python/*.lo -rm -f src/resolv/*.$(OBJEXT) -rm -f src/resolv/*.lo -rm -f src/resolv/ares/*.$(OBJEXT) -rm -f src/resolv/ares/*.lo -rm -f src/responder/autofs/*.$(OBJEXT) -rm -f src/responder/common/*.$(OBJEXT) -rm -f src/responder/nss/*.$(OBJEXT) -rm -f src/responder/pac/*.$(OBJEXT) -rm -f src/responder/pam/*.$(OBJEXT) -rm -f src/responder/ssh/*.$(OBJEXT) -rm -f src/responder/sudo/*.$(OBJEXT) -rm -f src/sbus/*.$(OBJEXT) -rm -f src/sbus/*.lo -rm -f src/sss_client/*.$(OBJEXT) -rm -f src/sss_client/*.lo -rm -f src/sss_client/autofs/*.$(OBJEXT) -rm -f src/sss_client/autofs/*.lo -rm -f src/sss_client/idmap/*.$(OBJEXT) -rm -f src/sss_client/idmap/*.lo -rm -f src/sss_client/ssh/*.$(OBJEXT) -rm -f src/sss_client/sudo/*.$(OBJEXT) -rm -f src/sss_client/sudo/*.lo -rm -f src/sss_client/sudo_testcli/*.$(OBJEXT) -rm -f src/tests/*.$(OBJEXT) -rm -f src/tests/*.lo -rm -f src/tests/cmocka/*.$(OBJEXT) -rm -f src/tools/*.$(OBJEXT) -rm -f src/tools/*.lo -rm -f src/util/*.$(OBJEXT) -rm -f src/util/*.lo -rm -f src/util/crypto/libcrypto/*.$(OBJEXT) -rm -f src/util/crypto/libcrypto/*.lo -rm -f src/util/crypto/nss/*.$(OBJEXT) -rm -f src/util/crypto/nss/*.lo distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@src/confdb/$(DEPDIR)/confdb.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/confdb/$(DEPDIR)/confdb_setup.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/db/$(DEPDIR)/sysdb.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/db/$(DEPDIR)/sysdb_autofs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/db/$(DEPDIR)/sysdb_idmap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/db/$(DEPDIR)/sysdb_ops.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/db/$(DEPDIR)/sysdb_ranges.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/db/$(DEPDIR)/sysdb_search.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/db/$(DEPDIR)/sysdb_selinux.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/db/$(DEPDIR)/sysdb_services.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/db/$(DEPDIR)/sysdb_ssh.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/db/$(DEPDIR)/sysdb_subdomains.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/db/$(DEPDIR)/sysdb_sudo.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/db/$(DEPDIR)/sysdb_upgrade.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/krb5_plugin/$(DEPDIR)/sssd_krb5_locator_plugin_la-sssd_krb5_locator_plugin.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/ldb_modules/$(DEPDIR)/memberof_la-memberof.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/lib/idmap/$(DEPDIR)/sss_idmap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/lib/idmap/$(DEPDIR)/sss_idmap_conv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/monitor/$(DEPDIR)/monitor.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/monitor/$(DEPDIR)/monitor_netlink.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/monitor/$(DEPDIR)/monitor_sbus.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_be.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_callbacks.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_fo.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_opts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_access_filter_tests-dp_dyndns.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_access_filter_tests-dp_ptask.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_access_filter_tests-dp_refresh.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over_srv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_common_tests-data_provider_be.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_common_tests-data_provider_callbacks.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_common_tests-data_provider_fo.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_common_tests-data_provider_opts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_common_tests-dp_dyndns.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_common_tests-dp_ptask.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_common_tests-dp_refresh.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_common_tests-fail_over.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ad_common_tests-fail_over_srv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/data_provider_be.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/data_provider_callbacks.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/data_provider_fo.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/data_provider_opts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/dp_auth_util.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/dp_dyndns.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/dp_opt_tests-data_provider_opts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/dp_pam_data_util.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/dp_ptask.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/dp_refresh.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/dp_sbus.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/dyndns_tests-data_provider_opts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/fail_over.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/fail_over_srv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/fail_over_tests-fail_over.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/fail_over_tests-fail_over_srv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/ipa_ldap_opt_tests-data_provider_opts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/krb5_child-dp_pam_data_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/krb5_child_test-data_provider_callbacks.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/krb5_child_test-data_provider_fo.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/krb5_child_test-data_provider_opts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/krb5_child_test-fail_over.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/krb5_child_test-fail_over_srv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_callbacks.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_fo.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_opts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/krb5_utils_tests-fail_over.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/krb5_utils_tests-fail_over_srv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_be.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_callbacks.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_fo.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_opts.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/libdlopen_test_providers_la-dp_dyndns.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/libdlopen_test_providers_la-dp_ptask.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/libdlopen_test_providers_la-dp_refresh.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/libdlopen_test_providers_la-fail_over.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/libdlopen_test_providers_la-fail_over_srv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/simple_access_tests-data_provider_be.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/simple_access_tests-data_provider_callbacks.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/simple_access_tests-data_provider_fo.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/simple_access_tests-data_provider_opts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/simple_access_tests-dp_ptask.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/simple_access_tests-dp_refresh.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/simple_access_tests-fail_over.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/simple_access_tests-fail_over_srv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/test_search_bases-data_provider_be.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/test_search_bases-data_provider_callbacks.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/test_search_bases-data_provider_fo.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/test_search_bases-data_provider_opts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/test_search_bases-dp_dyndns.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/test_search_bases-dp_ptask.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/test_search_bases-dp_refresh.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/test_search_bases-fail_over.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/$(DEPDIR)/test_search_bases-fail_over_srv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/ad_access_filter_tests-ad_common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_access.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_domain_info.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_dyndns.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_id.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_srv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_subdomains.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_sudo.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_domain_info.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_dyndns.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_id.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_srv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/hbac_evaluator.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_access.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_auth.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_autofs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_config.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_dyndns.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_hosts.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_rules.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_services.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_users.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hostid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hosts.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_id.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_idmap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_netgroups.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_s2n_exop.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_selinux.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_selinux_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_selinux_maps.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_srv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_subdomains.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_subdomains_ext_groups.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_subdomains_id.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_sudo.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ipa/$(DEPDIR)/test_ipa_idmap-ipa_idmap.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/krb5_child-krb5_become_user.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/krb5_child-krb5_child.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_become_user.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_child_handler.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_become_user.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_access.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_auth.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_become_user.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_child_handler.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_delayed_online_authentication.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_init_shared.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_renew_tgt.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_utils.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_wait_queue.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_krb5_la-krb5_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_ldap_la-krb5_become_user.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_ldap_la-krb5_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/krb5/$(DEPDIR)/libsss_ldap_la-krb5_utils.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/ldap_child-ldap_child.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_auth.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_cleanup.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_enum.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_netgroup.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_services.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_access.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_autofs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_connection.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_enum.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_groups.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_groups_ad.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_initgroups.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_initgroups_ad.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_nested_groups.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_netgroups.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_services.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_sudo.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_sudo_hostinfo.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_sudo_timer.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_users.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_autofs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_child_helpers.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_dyndns.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_fd_events.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_id_op.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_idmap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_range.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_refresh.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_reinit.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_sudo.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_sudo_cache.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_la-ldap_access.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/ldap/$(DEPDIR)/libsss_ldap_la-ldap_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_auth.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_id.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_init.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_netgroup.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_services.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/proxy/$(DEPDIR)/proxy_child-proxy_child.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/simple/$(DEPDIR)/libsss_simple_la-simple_access.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/simple/$(DEPDIR)/libsss_simple_la-simple_access_check.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access_check.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/python/$(DEPDIR)/pyhbac_la-pyhbac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/python/$(DEPDIR)/pysss_la-pysss.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/python/$(DEPDIR)/pysss_murmur_la-pysss_murmur.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/python/$(DEPDIR)/pysss_nss_idmap_la-pysss_nss_idmap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/ad_common_tests-async_resolv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/ad_common_tests-async_resolv_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/async_resolv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/async_resolv_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/dyndns_tests-async_resolv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/dyndns_tests-async_resolv_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/fail_over_tests-async_resolv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/fail_over_tests-async_resolv_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/krb5_child_test-async_resolv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/krb5_child_test-async_resolv_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/libdlopen_test_providers_la-async_resolv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/libdlopen_test_providers_la-async_resolv_utils.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/resolv_tests-async_resolv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/resolv_tests-async_resolv_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/simple_access_tests-async_resolv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/simple_access_tests-async_resolv_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/test_search_bases-async_resolv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/$(DEPDIR)/test_search_bases-async_resolv_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_data.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_parse_srv_reply.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_data.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_parse_srv_reply.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/ares_data.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/ares_parse_srv_reply.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_data.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_parse_srv_reply.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_data.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_parse_srv_reply.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_data.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_parse_srv_reply.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_data.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_parse_srv_reply.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/libdlopen_test_providers_la-ares_data.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/libdlopen_test_providers_la-ares_parse_srv_reply.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/resolv_tests-ares_data.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_srv_reply.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_txt_reply.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_data.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_parse_srv_reply.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/test_search_bases-ares_data.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/resolv/ares/$(DEPDIR)/test_search_bases-ares_parse_srv_reply.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/autofs/$(DEPDIR)/autofssrv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/autofs/$(DEPDIR)/autofssrv_cmd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/autofs/$(DEPDIR)/autofssrv_dp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/negcache.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/nss_srv_tests-negcache.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/nss_srv_tests-responder_cmd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/nss_srv_tests-responder_common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/nss_srv_tests-responder_packet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/responder_cmd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/responder_common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/responder_dp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/responder_get_domains.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/responder_packet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_cmd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_packet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/sssd_pac-negcache.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/sssd_pac-responder_cmd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/sssd_pac-responder_common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/sssd_pac-responder_dp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/sssd_pac-responder_get_domains.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/common/$(DEPDIR)/sssd_pac-responder_packet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_cmd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_mmap_cache.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_netgroup.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_services.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/nss/$(DEPDIR)/nsssrv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/nss/$(DEPDIR)/nsssrv_cmd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/nss/$(DEPDIR)/nsssrv_mmap_cache.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/nss/$(DEPDIR)/nsssrv_netgroup.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/nss/$(DEPDIR)/nsssrv_services.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_cmd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/pam/$(DEPDIR)/pam_LOCAL_domain.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/pam/$(DEPDIR)/pam_helpers.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/pam/$(DEPDIR)/pamsrv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/pam/$(DEPDIR)/pamsrv_cmd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/pam/$(DEPDIR)/pamsrv_dp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/ssh/$(DEPDIR)/sshsrv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/ssh/$(DEPDIR)/sshsrv_cmd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/ssh/$(DEPDIR)/sshsrv_dp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/sudo/$(DEPDIR)/sudosrv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/sudo/$(DEPDIR)/sudosrv_cmd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/sudo/$(DEPDIR)/sudosrv_dp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/sudo/$(DEPDIR)/sudosrv_get_sudorules.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/responder/sudo/$(DEPDIR)/sudosrv_query.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sbus/$(DEPDIR)/sbus_client.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sbus/$(DEPDIR)/sssd_dbus_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sbus/$(DEPDIR)/sssd_dbus_connection.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sbus/$(DEPDIR)/sssd_dbus_server.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/autofs_test_client-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/krb5_child-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/nss_group.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/nss_mc_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/nss_mc_group.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/nss_mc_passwd.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/nss_netgroup.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/nss_passwd.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/nss_services.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/pam_sss.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/pam_test_client.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/sss_cache-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/sss_groupdel-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/sss_groupmod-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/sss_ssh_authorizedkeys-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/sss_ssh_knownhostsproxy-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/sss_sudo_cli-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/sss_userdel-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/sss_usermod-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/sssd_pac_plugin_la-common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/$(DEPDIR)/sssd_pac_plugin_la-sssd_pac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/autofs/$(DEPDIR)/autofs_test_client-autofs_test_client.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/autofs/$(DEPDIR)/autofs_test_client-sss_autofs.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/autofs/$(DEPDIR)/sss_autofs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/idmap/$(DEPDIR)/sss_nss_idmap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_client.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_client.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/sudo/$(DEPDIR)/sss_sudo.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo_response.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/sudo/$(DEPDIR)/sss_sudo_response.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/sss_client/sudo_testcli/$(DEPDIR)/sss_sudo_cli-sudo_testcli.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/ad_ldap_opt_tests-ad_ldap_opt-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/auth_tests-auth-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/check_and_open_tests-check_and_open-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/common_check.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/common_dom.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/common_tev.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/crypto_tests-crypto-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/debug_tests-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/debug_tests-debug-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/dlopen_tests-dlopen-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/fail_over_tests-fail_over-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/files_tests-files-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/find_uid_tests-find_uid-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/ipa_hbac_tests-ipa_hbac-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/ipa_ldap_opt_tests-ipa_ldap_opt-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/krb5_child_test-krb5_child-test.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/krb5_utils_tests-krb5_utils-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/leak_check.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/refcount_tests-refcount-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/resolv_tests-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/resolv_tests-resolv-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/responder_socket_access_tests-responder_socket_access-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/simple_access_tests-simple_access-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/sss_idmap_tests-sss_idmap-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/stress-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/strtonum_tests-strtonum-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/sysdb_ssh_tests-sysdb_ssh-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/sysdb_tests-sysdb-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/test_io-common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/$(DEPDIR)/util_tests-util-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/ad_access_filter_tests-test_ad_access_filter.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/ad_common_tests-test_ad_common.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/dp_opt_tests-test_dp_opts.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/dyndns_tests-test_dyndns.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/fqnames_tests-test_fqnames.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/nss_srv_tests-common_mock_resp.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/nss_srv_tests-test_nss_srv.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/sss_nss_idmap_tests-sss_nss_idmap-tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/test_find_uid-test_find_uid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/test_io-test_io.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/test_ipa_idmap-test_ipa_idmap.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/test_search_bases-test_search_bases.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/test_sss_idmap-test_sss_idmap.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tests/cmocka/$(DEPDIR)/test_utils-test_utils.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/files.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/files_tests-files.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/files_tests-selinux.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/pysss_la-files.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/pysss_la-selinux.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/pysss_la-sss_sync_ops.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/pysss_la-tools_util.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/selinux.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_cache-files.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_cache-selinux.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_cache-sss_cache.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_cache-sss_sync_ops.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_cache-tools_mc_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_cache-tools_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_debuglevel.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupadd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupdel-files.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupdel-selinux.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupdel-sss_groupdel.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupdel-sss_sync_ops.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupdel-tools_mc_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupdel-tools_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupmod-files.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupmod-selinux.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupmod-sss_groupmod.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupmod-sss_sync_ops.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupmod-tools_mc_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupmod-tools_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_groupshow.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_seed.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_sync_ops.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_useradd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_userdel-files.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_userdel-selinux.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_userdel-sss_sync_ops.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_userdel-sss_userdel.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_userdel-tools_mc_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_userdel-tools_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_usermod-files.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_usermod-selinux.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_usermod-sss_sync_ops.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_usermod-sss_usermod.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_usermod-tools_mc_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/sss_usermod-tools_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/tools/$(DEPDIR)/tools_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ad_access_filter_tests-find_uid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ad_access_filter_tests-sss_krb5.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ad_access_filter_tests-sss_ldap.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ad_access_filter_tests-user_info_msg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ad_common_tests-find_uid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ad_common_tests-sss_krb5.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ad_common_tests-sss_ldap.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ad_common_tests-user_info_msg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/atomic_io.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/authtok.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/backup_file.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/check_and_open.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/check_and_open_tests-check_and_open.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/child_common.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/debug.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/domain_info_utils.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/files_tests-atomic_io.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/files_tests-check_and_open.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/find_uid_tests-atomic_io.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/find_uid_tests-find_uid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/find_uid_tests-strtonum.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/io.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/krb5_child-atomic_io.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/krb5_child-authtok.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/krb5_child-signal.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/krb5_child-sss_krb5.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/krb5_child-user_info_msg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/krb5_child-util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/krb5_child_test-find_uid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/krb5_child_test-sss_krb5.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/krb5_utils_tests-find_uid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/krb5_utils_tests-sss_krb5.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ldap_child-atomic_io.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ldap_child-authtok.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ldap_child-signal.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ldap_child-sss_krb5.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/ldap_child-util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_ad_la-find_uid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_ad_la-sss_krb5.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_ad_la-sss_ldap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_ad_la-user_info_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_ipa_la-find_uid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_ipa_la-sss_krb5.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_ipa_la-sss_ldap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_ipa_la-user_info_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_krb5_la-find_uid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_krb5_la-sss_krb5.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_ldap_la-find_uid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_ldap_la-sss_krb5.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_ldap_la-sss_ldap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/libsss_ldap_la-user_info_msg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/memberof_la-util.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/memory.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/murmurhash3.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/nscd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/pyhbac_la-sss_python.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/pysss_la-nscd.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/pysss_murmur_la-murmurhash3.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/refcount.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/server.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/signal.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_cache-nscd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_groupdel-nscd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_groupmod-nscd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_ini.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_log.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_nss.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_selinux.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_ssh.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_tc_utf8.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_userdel-find_uid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_userdel-nscd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_usermod-nscd.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sss_utf8.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/sssd_krb5_locator_plugin_la-atomic_io.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/strtonum.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/strtonum_tests-strtonum.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/test_find_uid-atomic_io.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/test_find_uid-find_uid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/test_find_uid-strtonum.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/test_io-io.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/test_search_bases-find_uid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/test_search_bases-sss_krb5.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/test_search_bases-sss_ldap.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/test_search_bases-user_info_msg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/usertools.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/util.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/util_errors.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/util_lock.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/$(DEPDIR)/util_sss_idmap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_base64.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_hmac_sha1.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_obfuscate.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_sha512crypt.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_base64.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_hmac_sha1.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_obfuscate.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_sha512crypt.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_base64.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_hmac_sha1.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_obfuscate.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_sha512crypt.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_util.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_base64.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_hmac_sha1.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_obfuscate.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_sha512crypt.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_util.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ @am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ @am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ @am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< src/providers/libdlopen_test_providers_la-data_provider_be.lo: src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/providers/libdlopen_test_providers_la-data_provider_be.lo -MD -MP -MF src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_be.Tpo -c -o src/providers/libdlopen_test_providers_la-data_provider_be.lo `test -f 'src/providers/data_provider_be.c' || echo '$(srcdir)/'`src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_be.Tpo src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_be.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_be.c' object='src/providers/libdlopen_test_providers_la-data_provider_be.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/providers/libdlopen_test_providers_la-data_provider_be.lo `test -f 'src/providers/data_provider_be.c' || echo '$(srcdir)/'`src/providers/data_provider_be.c src/providers/libdlopen_test_providers_la-data_provider_fo.lo: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/providers/libdlopen_test_providers_la-data_provider_fo.lo -MD -MP -MF src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_fo.Tpo -c -o src/providers/libdlopen_test_providers_la-data_provider_fo.lo `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_fo.Tpo src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_fo.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/libdlopen_test_providers_la-data_provider_fo.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/providers/libdlopen_test_providers_la-data_provider_fo.lo `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c src/providers/libdlopen_test_providers_la-data_provider_opts.lo: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/providers/libdlopen_test_providers_la-data_provider_opts.lo -MD -MP -MF src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_opts.Tpo -c -o src/providers/libdlopen_test_providers_la-data_provider_opts.lo `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_opts.Tpo src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_opts.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/libdlopen_test_providers_la-data_provider_opts.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/providers/libdlopen_test_providers_la-data_provider_opts.lo `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c src/providers/libdlopen_test_providers_la-data_provider_callbacks.lo: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/providers/libdlopen_test_providers_la-data_provider_callbacks.lo -MD -MP -MF src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_callbacks.Tpo -c -o src/providers/libdlopen_test_providers_la-data_provider_callbacks.lo `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/libdlopen_test_providers_la-data_provider_callbacks.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/libdlopen_test_providers_la-data_provider_callbacks.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/providers/libdlopen_test_providers_la-data_provider_callbacks.lo `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c src/providers/libdlopen_test_providers_la-dp_dyndns.lo: src/providers/dp_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/providers/libdlopen_test_providers_la-dp_dyndns.lo -MD -MP -MF src/providers/$(DEPDIR)/libdlopen_test_providers_la-dp_dyndns.Tpo -c -o src/providers/libdlopen_test_providers_la-dp_dyndns.lo `test -f 'src/providers/dp_dyndns.c' || echo '$(srcdir)/'`src/providers/dp_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/libdlopen_test_providers_la-dp_dyndns.Tpo src/providers/$(DEPDIR)/libdlopen_test_providers_la-dp_dyndns.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_dyndns.c' object='src/providers/libdlopen_test_providers_la-dp_dyndns.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/providers/libdlopen_test_providers_la-dp_dyndns.lo `test -f 'src/providers/dp_dyndns.c' || echo '$(srcdir)/'`src/providers/dp_dyndns.c src/providers/libdlopen_test_providers_la-dp_ptask.lo: src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/providers/libdlopen_test_providers_la-dp_ptask.lo -MD -MP -MF src/providers/$(DEPDIR)/libdlopen_test_providers_la-dp_ptask.Tpo -c -o src/providers/libdlopen_test_providers_la-dp_ptask.lo `test -f 'src/providers/dp_ptask.c' || echo '$(srcdir)/'`src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/libdlopen_test_providers_la-dp_ptask.Tpo src/providers/$(DEPDIR)/libdlopen_test_providers_la-dp_ptask.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_ptask.c' object='src/providers/libdlopen_test_providers_la-dp_ptask.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/providers/libdlopen_test_providers_la-dp_ptask.lo `test -f 'src/providers/dp_ptask.c' || echo '$(srcdir)/'`src/providers/dp_ptask.c src/providers/libdlopen_test_providers_la-dp_refresh.lo: src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/providers/libdlopen_test_providers_la-dp_refresh.lo -MD -MP -MF src/providers/$(DEPDIR)/libdlopen_test_providers_la-dp_refresh.Tpo -c -o src/providers/libdlopen_test_providers_la-dp_refresh.lo `test -f 'src/providers/dp_refresh.c' || echo '$(srcdir)/'`src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/libdlopen_test_providers_la-dp_refresh.Tpo src/providers/$(DEPDIR)/libdlopen_test_providers_la-dp_refresh.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_refresh.c' object='src/providers/libdlopen_test_providers_la-dp_refresh.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/providers/libdlopen_test_providers_la-dp_refresh.lo `test -f 'src/providers/dp_refresh.c' || echo '$(srcdir)/'`src/providers/dp_refresh.c src/providers/libdlopen_test_providers_la-fail_over.lo: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/providers/libdlopen_test_providers_la-fail_over.lo -MD -MP -MF src/providers/$(DEPDIR)/libdlopen_test_providers_la-fail_over.Tpo -c -o src/providers/libdlopen_test_providers_la-fail_over.lo `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/libdlopen_test_providers_la-fail_over.Tpo src/providers/$(DEPDIR)/libdlopen_test_providers_la-fail_over.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/libdlopen_test_providers_la-fail_over.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/providers/libdlopen_test_providers_la-fail_over.lo `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c src/providers/libdlopen_test_providers_la-fail_over_srv.lo: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/providers/libdlopen_test_providers_la-fail_over_srv.lo -MD -MP -MF src/providers/$(DEPDIR)/libdlopen_test_providers_la-fail_over_srv.Tpo -c -o src/providers/libdlopen_test_providers_la-fail_over_srv.lo `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/libdlopen_test_providers_la-fail_over_srv.Tpo src/providers/$(DEPDIR)/libdlopen_test_providers_la-fail_over_srv.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/libdlopen_test_providers_la-fail_over_srv.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/providers/libdlopen_test_providers_la-fail_over_srv.lo `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c src/resolv/libdlopen_test_providers_la-async_resolv.lo: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/resolv/libdlopen_test_providers_la-async_resolv.lo -MD -MP -MF src/resolv/$(DEPDIR)/libdlopen_test_providers_la-async_resolv.Tpo -c -o src/resolv/libdlopen_test_providers_la-async_resolv.lo `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/libdlopen_test_providers_la-async_resolv.Tpo src/resolv/$(DEPDIR)/libdlopen_test_providers_la-async_resolv.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/libdlopen_test_providers_la-async_resolv.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/resolv/libdlopen_test_providers_la-async_resolv.lo `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c src/resolv/libdlopen_test_providers_la-async_resolv_utils.lo: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/resolv/libdlopen_test_providers_la-async_resolv_utils.lo -MD -MP -MF src/resolv/$(DEPDIR)/libdlopen_test_providers_la-async_resolv_utils.Tpo -c -o src/resolv/libdlopen_test_providers_la-async_resolv_utils.lo `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/libdlopen_test_providers_la-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/libdlopen_test_providers_la-async_resolv_utils.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/libdlopen_test_providers_la-async_resolv_utils.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/resolv/libdlopen_test_providers_la-async_resolv_utils.lo `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c src/resolv/ares/libdlopen_test_providers_la-ares_parse_srv_reply.lo: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/resolv/ares/libdlopen_test_providers_la-ares_parse_srv_reply.lo -MD -MP -MF src/resolv/ares/$(DEPDIR)/libdlopen_test_providers_la-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/libdlopen_test_providers_la-ares_parse_srv_reply.lo `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/libdlopen_test_providers_la-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/libdlopen_test_providers_la-ares_parse_srv_reply.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/libdlopen_test_providers_la-ares_parse_srv_reply.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/libdlopen_test_providers_la-ares_parse_srv_reply.lo `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c src/resolv/ares/libdlopen_test_providers_la-ares_data.lo: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -MT src/resolv/ares/libdlopen_test_providers_la-ares_data.lo -MD -MP -MF src/resolv/ares/$(DEPDIR)/libdlopen_test_providers_la-ares_data.Tpo -c -o src/resolv/ares/libdlopen_test_providers_la-ares_data.lo `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/libdlopen_test_providers_la-ares_data.Tpo src/resolv/ares/$(DEPDIR)/libdlopen_test_providers_la-ares_data.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/libdlopen_test_providers_la-ares_data.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libdlopen_test_providers_la_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/libdlopen_test_providers_la-ares_data.lo `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c src/providers/ad/libsss_ad_la-ad_common.lo: src/providers/ad/ad_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ad_la-ad_common.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_common.Tpo -c -o src/providers/ad/libsss_ad_la-ad_common.lo `test -f 'src/providers/ad/ad_common.c' || echo '$(srcdir)/'`src/providers/ad/ad_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_common.Tpo src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_common.c' object='src/providers/ad/libsss_ad_la-ad_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ad_la-ad_common.lo `test -f 'src/providers/ad/ad_common.c' || echo '$(srcdir)/'`src/providers/ad/ad_common.c src/providers/ad/libsss_ad_la-ad_init.lo: src/providers/ad/ad_init.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ad_la-ad_init.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_init.Tpo -c -o src/providers/ad/libsss_ad_la-ad_init.lo `test -f 'src/providers/ad/ad_init.c' || echo '$(srcdir)/'`src/providers/ad/ad_init.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_init.Tpo src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_init.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_init.c' object='src/providers/ad/libsss_ad_la-ad_init.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ad_la-ad_init.lo `test -f 'src/providers/ad/ad_init.c' || echo '$(srcdir)/'`src/providers/ad/ad_init.c src/providers/ad/libsss_ad_la-ad_dyndns.lo: src/providers/ad/ad_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ad_la-ad_dyndns.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_dyndns.Tpo -c -o src/providers/ad/libsss_ad_la-ad_dyndns.lo `test -f 'src/providers/ad/ad_dyndns.c' || echo '$(srcdir)/'`src/providers/ad/ad_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_dyndns.Tpo src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_dyndns.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_dyndns.c' object='src/providers/ad/libsss_ad_la-ad_dyndns.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ad_la-ad_dyndns.lo `test -f 'src/providers/ad/ad_dyndns.c' || echo '$(srcdir)/'`src/providers/ad/ad_dyndns.c src/providers/ad/libsss_ad_la-ad_id.lo: src/providers/ad/ad_id.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ad_la-ad_id.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_id.Tpo -c -o src/providers/ad/libsss_ad_la-ad_id.lo `test -f 'src/providers/ad/ad_id.c' || echo '$(srcdir)/'`src/providers/ad/ad_id.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_id.Tpo src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_id.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_id.c' object='src/providers/ad/libsss_ad_la-ad_id.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ad_la-ad_id.lo `test -f 'src/providers/ad/ad_id.c' || echo '$(srcdir)/'`src/providers/ad/ad_id.c src/providers/ad/libsss_ad_la-ad_access.lo: src/providers/ad/ad_access.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ad_la-ad_access.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_access.Tpo -c -o src/providers/ad/libsss_ad_la-ad_access.lo `test -f 'src/providers/ad/ad_access.c' || echo '$(srcdir)/'`src/providers/ad/ad_access.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_access.Tpo src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_access.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_access.c' object='src/providers/ad/libsss_ad_la-ad_access.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ad_la-ad_access.lo `test -f 'src/providers/ad/ad_access.c' || echo '$(srcdir)/'`src/providers/ad/ad_access.c src/providers/ad/libsss_ad_la-ad_srv.lo: src/providers/ad/ad_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ad_la-ad_srv.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_srv.Tpo -c -o src/providers/ad/libsss_ad_la-ad_srv.lo `test -f 'src/providers/ad/ad_srv.c' || echo '$(srcdir)/'`src/providers/ad/ad_srv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_srv.Tpo src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_srv.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_srv.c' object='src/providers/ad/libsss_ad_la-ad_srv.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ad_la-ad_srv.lo `test -f 'src/providers/ad/ad_srv.c' || echo '$(srcdir)/'`src/providers/ad/ad_srv.c src/providers/ad/libsss_ad_la-ad_subdomains.lo: src/providers/ad/ad_subdomains.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ad_la-ad_subdomains.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_subdomains.Tpo -c -o src/providers/ad/libsss_ad_la-ad_subdomains.lo `test -f 'src/providers/ad/ad_subdomains.c' || echo '$(srcdir)/'`src/providers/ad/ad_subdomains.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_subdomains.Tpo src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_subdomains.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_subdomains.c' object='src/providers/ad/libsss_ad_la-ad_subdomains.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ad_la-ad_subdomains.lo `test -f 'src/providers/ad/ad_subdomains.c' || echo '$(srcdir)/'`src/providers/ad/ad_subdomains.c src/providers/ad/libsss_ad_la-ad_domain_info.lo: src/providers/ad/ad_domain_info.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ad_la-ad_domain_info.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_domain_info.Tpo -c -o src/providers/ad/libsss_ad_la-ad_domain_info.lo `test -f 'src/providers/ad/ad_domain_info.c' || echo '$(srcdir)/'`src/providers/ad/ad_domain_info.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_domain_info.Tpo src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_domain_info.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_domain_info.c' object='src/providers/ad/libsss_ad_la-ad_domain_info.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ad_la-ad_domain_info.lo `test -f 'src/providers/ad/ad_domain_info.c' || echo '$(srcdir)/'`src/providers/ad/ad_domain_info.c src/util/libsss_ad_la-find_uid.lo: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_ad_la-find_uid.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_ad_la-find_uid.Tpo -c -o src/util/libsss_ad_la-find_uid.lo `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_ad_la-find_uid.Tpo src/util/$(DEPDIR)/libsss_ad_la-find_uid.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/libsss_ad_la-find_uid.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_ad_la-find_uid.lo `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c src/util/libsss_ad_la-user_info_msg.lo: src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_ad_la-user_info_msg.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_ad_la-user_info_msg.Tpo -c -o src/util/libsss_ad_la-user_info_msg.lo `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_ad_la-user_info_msg.Tpo src/util/$(DEPDIR)/libsss_ad_la-user_info_msg.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/user_info_msg.c' object='src/util/libsss_ad_la-user_info_msg.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_ad_la-user_info_msg.lo `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c src/util/libsss_ad_la-sss_krb5.lo: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_ad_la-sss_krb5.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_ad_la-sss_krb5.Tpo -c -o src/util/libsss_ad_la-sss_krb5.lo `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_ad_la-sss_krb5.Tpo src/util/$(DEPDIR)/libsss_ad_la-sss_krb5.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/libsss_ad_la-sss_krb5.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_ad_la-sss_krb5.lo `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c src/util/libsss_ad_la-sss_ldap.lo: src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_ad_la-sss_ldap.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_ad_la-sss_ldap.Tpo -c -o src/util/libsss_ad_la-sss_ldap.lo `test -f 'src/util/sss_ldap.c' || echo '$(srcdir)/'`src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_ad_la-sss_ldap.Tpo src/util/$(DEPDIR)/libsss_ad_la-sss_ldap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_ldap.c' object='src/util/libsss_ad_la-sss_ldap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_ad_la-sss_ldap.lo `test -f 'src/util/sss_ldap.c' || echo '$(srcdir)/'`src/util/sss_ldap.c src/providers/ad/libsss_ad_la-ad_sudo.lo: src/providers/ad/ad_sudo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ad_la-ad_sudo.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_sudo.Tpo -c -o src/providers/ad/libsss_ad_la-ad_sudo.lo `test -f 'src/providers/ad/ad_sudo.c' || echo '$(srcdir)/'`src/providers/ad/ad_sudo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_sudo.Tpo src/providers/ad/$(DEPDIR)/libsss_ad_la-ad_sudo.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_sudo.c' object='src/providers/ad/libsss_ad_la-ad_sudo.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ad_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ad_la-ad_sudo.lo `test -f 'src/providers/ad/ad_sudo.c' || echo '$(srcdir)/'`src/providers/ad/ad_sudo.c src/util/crypto/libcrypto/libsss_crypt_la-crypto_base64.lo: src/util/crypto/libcrypto/crypto_base64.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -MT src/util/crypto/libcrypto/libsss_crypt_la-crypto_base64.lo -MD -MP -MF src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_base64.Tpo -c -o src/util/crypto/libcrypto/libsss_crypt_la-crypto_base64.lo `test -f 'src/util/crypto/libcrypto/crypto_base64.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_base64.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_base64.Tpo src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_base64.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/libcrypto/crypto_base64.c' object='src/util/crypto/libcrypto/libsss_crypt_la-crypto_base64.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -c -o src/util/crypto/libcrypto/libsss_crypt_la-crypto_base64.lo `test -f 'src/util/crypto/libcrypto/crypto_base64.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_base64.c src/util/crypto/libcrypto/libsss_crypt_la-crypto_hmac_sha1.lo: src/util/crypto/libcrypto/crypto_hmac_sha1.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -MT src/util/crypto/libcrypto/libsss_crypt_la-crypto_hmac_sha1.lo -MD -MP -MF src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_hmac_sha1.Tpo -c -o src/util/crypto/libcrypto/libsss_crypt_la-crypto_hmac_sha1.lo `test -f 'src/util/crypto/libcrypto/crypto_hmac_sha1.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_hmac_sha1.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_hmac_sha1.Tpo src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_hmac_sha1.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/libcrypto/crypto_hmac_sha1.c' object='src/util/crypto/libcrypto/libsss_crypt_la-crypto_hmac_sha1.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -c -o src/util/crypto/libcrypto/libsss_crypt_la-crypto_hmac_sha1.lo `test -f 'src/util/crypto/libcrypto/crypto_hmac_sha1.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_hmac_sha1.c src/util/crypto/libcrypto/libsss_crypt_la-crypto_sha512crypt.lo: src/util/crypto/libcrypto/crypto_sha512crypt.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -MT src/util/crypto/libcrypto/libsss_crypt_la-crypto_sha512crypt.lo -MD -MP -MF src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_sha512crypt.Tpo -c -o src/util/crypto/libcrypto/libsss_crypt_la-crypto_sha512crypt.lo `test -f 'src/util/crypto/libcrypto/crypto_sha512crypt.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_sha512crypt.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_sha512crypt.Tpo src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_sha512crypt.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/libcrypto/crypto_sha512crypt.c' object='src/util/crypto/libcrypto/libsss_crypt_la-crypto_sha512crypt.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -c -o src/util/crypto/libcrypto/libsss_crypt_la-crypto_sha512crypt.lo `test -f 'src/util/crypto/libcrypto/crypto_sha512crypt.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/libsss_crypt_la-crypto_obfuscate.lo: src/util/crypto/libcrypto/crypto_obfuscate.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -MT src/util/crypto/libcrypto/libsss_crypt_la-crypto_obfuscate.lo -MD -MP -MF src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_obfuscate.Tpo -c -o src/util/crypto/libcrypto/libsss_crypt_la-crypto_obfuscate.lo `test -f 'src/util/crypto/libcrypto/crypto_obfuscate.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_obfuscate.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_obfuscate.Tpo src/util/crypto/libcrypto/$(DEPDIR)/libsss_crypt_la-crypto_obfuscate.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/libcrypto/crypto_obfuscate.c' object='src/util/crypto/libcrypto/libsss_crypt_la-crypto_obfuscate.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -c -o src/util/crypto/libcrypto/libsss_crypt_la-crypto_obfuscate.lo `test -f 'src/util/crypto/libcrypto/crypto_obfuscate.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_obfuscate.c src/util/crypto/nss/libsss_crypt_la-nss_base64.lo: src/util/crypto/nss/nss_base64.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/libsss_crypt_la-nss_base64.lo -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_base64.Tpo -c -o src/util/crypto/nss/libsss_crypt_la-nss_base64.lo `test -f 'src/util/crypto/nss/nss_base64.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_base64.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_base64.Tpo src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_base64.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_base64.c' object='src/util/crypto/nss/libsss_crypt_la-nss_base64.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/libsss_crypt_la-nss_base64.lo `test -f 'src/util/crypto/nss/nss_base64.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_base64.c src/util/crypto/nss/libsss_crypt_la-nss_hmac_sha1.lo: src/util/crypto/nss/nss_hmac_sha1.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/libsss_crypt_la-nss_hmac_sha1.lo -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_hmac_sha1.Tpo -c -o src/util/crypto/nss/libsss_crypt_la-nss_hmac_sha1.lo `test -f 'src/util/crypto/nss/nss_hmac_sha1.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_hmac_sha1.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_hmac_sha1.Tpo src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_hmac_sha1.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_hmac_sha1.c' object='src/util/crypto/nss/libsss_crypt_la-nss_hmac_sha1.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/libsss_crypt_la-nss_hmac_sha1.lo `test -f 'src/util/crypto/nss/nss_hmac_sha1.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_hmac_sha1.c src/util/crypto/nss/libsss_crypt_la-nss_sha512crypt.lo: src/util/crypto/nss/nss_sha512crypt.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/libsss_crypt_la-nss_sha512crypt.lo -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_sha512crypt.Tpo -c -o src/util/crypto/nss/libsss_crypt_la-nss_sha512crypt.lo `test -f 'src/util/crypto/nss/nss_sha512crypt.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_sha512crypt.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_sha512crypt.Tpo src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_sha512crypt.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_sha512crypt.c' object='src/util/crypto/nss/libsss_crypt_la-nss_sha512crypt.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/libsss_crypt_la-nss_sha512crypt.lo `test -f 'src/util/crypto/nss/nss_sha512crypt.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/libsss_crypt_la-nss_obfuscate.lo: src/util/crypto/nss/nss_obfuscate.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/libsss_crypt_la-nss_obfuscate.lo -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_obfuscate.Tpo -c -o src/util/crypto/nss/libsss_crypt_la-nss_obfuscate.lo `test -f 'src/util/crypto/nss/nss_obfuscate.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_obfuscate.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_obfuscate.Tpo src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_obfuscate.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_obfuscate.c' object='src/util/crypto/nss/libsss_crypt_la-nss_obfuscate.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/libsss_crypt_la-nss_obfuscate.lo `test -f 'src/util/crypto/nss/nss_obfuscate.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_obfuscate.c src/util/crypto/nss/libsss_crypt_la-nss_util.lo: src/util/crypto/nss/nss_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/libsss_crypt_la-nss_util.lo -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_util.Tpo -c -o src/util/crypto/nss/libsss_crypt_la-nss_util.lo `test -f 'src/util/crypto/nss/nss_util.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_util.Tpo src/util/crypto/nss/$(DEPDIR)/libsss_crypt_la-nss_util.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_util.c' object='src/util/crypto/nss/libsss_crypt_la-nss_util.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_crypt_la_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/libsss_crypt_la-nss_util.lo `test -f 'src/util/crypto/nss/nss_util.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_util.c src/providers/ipa/libsss_ipa_la-ipa_init.lo: src/providers/ipa/ipa_init.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_init.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_init.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_init.lo `test -f 'src/providers/ipa/ipa_init.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_init.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_init.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_init.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_init.c' object='src/providers/ipa/libsss_ipa_la-ipa_init.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_init.lo `test -f 'src/providers/ipa/ipa_init.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_init.c src/providers/ipa/libsss_ipa_la-ipa_common.lo: src/providers/ipa/ipa_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_common.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_common.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_common.lo `test -f 'src/providers/ipa/ipa_common.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_common.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_common.c' object='src/providers/ipa/libsss_ipa_la-ipa_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_common.lo `test -f 'src/providers/ipa/ipa_common.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_common.c src/providers/ipa/libsss_ipa_la-ipa_config.lo: src/providers/ipa/ipa_config.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_config.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_config.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_config.lo `test -f 'src/providers/ipa/ipa_config.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_config.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_config.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_config.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_config.c' object='src/providers/ipa/libsss_ipa_la-ipa_config.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_config.lo `test -f 'src/providers/ipa/ipa_config.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_config.c src/providers/ipa/libsss_ipa_la-ipa_id.lo: src/providers/ipa/ipa_id.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_id.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_id.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_id.lo `test -f 'src/providers/ipa/ipa_id.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_id.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_id.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_id.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_id.c' object='src/providers/ipa/libsss_ipa_la-ipa_id.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_id.lo `test -f 'src/providers/ipa/ipa_id.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_id.c src/providers/ipa/libsss_ipa_la-ipa_netgroups.lo: src/providers/ipa/ipa_netgroups.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_netgroups.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_netgroups.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_netgroups.lo `test -f 'src/providers/ipa/ipa_netgroups.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_netgroups.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_netgroups.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_netgroups.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_netgroups.c' object='src/providers/ipa/libsss_ipa_la-ipa_netgroups.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_netgroups.lo `test -f 'src/providers/ipa/ipa_netgroups.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_netgroups.c src/providers/ipa/libsss_ipa_la-ipa_auth.lo: src/providers/ipa/ipa_auth.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_auth.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_auth.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_auth.lo `test -f 'src/providers/ipa/ipa_auth.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_auth.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_auth.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_auth.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_auth.c' object='src/providers/ipa/libsss_ipa_la-ipa_auth.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_auth.lo `test -f 'src/providers/ipa/ipa_auth.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_auth.c src/providers/ipa/libsss_ipa_la-ipa_access.lo: src/providers/ipa/ipa_access.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_access.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_access.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_access.lo `test -f 'src/providers/ipa/ipa_access.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_access.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_access.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_access.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_access.c' object='src/providers/ipa/libsss_ipa_la-ipa_access.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_access.lo `test -f 'src/providers/ipa/ipa_access.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_access.c src/providers/ipa/libsss_ipa_la-ipa_dyndns.lo: src/providers/ipa/ipa_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_dyndns.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_dyndns.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_dyndns.lo `test -f 'src/providers/ipa/ipa_dyndns.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_dyndns.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_dyndns.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_dyndns.c' object='src/providers/ipa/libsss_ipa_la-ipa_dyndns.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_dyndns.lo `test -f 'src/providers/ipa/ipa_dyndns.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_dyndns.c src/providers/ipa/libsss_ipa_la-ipa_hosts.lo: src/providers/ipa/ipa_hosts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_hosts.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hosts.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_hosts.lo `test -f 'src/providers/ipa/ipa_hosts.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hosts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hosts.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hosts.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_hosts.c' object='src/providers/ipa/libsss_ipa_la-ipa_hosts.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_hosts.lo `test -f 'src/providers/ipa/ipa_hosts.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hosts.c src/providers/ipa/libsss_ipa_la-ipa_subdomains.lo: src/providers/ipa/ipa_subdomains.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_subdomains.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_subdomains.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_subdomains.lo `test -f 'src/providers/ipa/ipa_subdomains.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_subdomains.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_subdomains.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_subdomains.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_subdomains.c' object='src/providers/ipa/libsss_ipa_la-ipa_subdomains.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_subdomains.lo `test -f 'src/providers/ipa/ipa_subdomains.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_subdomains.c src/providers/ipa/libsss_ipa_la-ipa_subdomains_id.lo: src/providers/ipa/ipa_subdomains_id.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_subdomains_id.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_subdomains_id.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_subdomains_id.lo `test -f 'src/providers/ipa/ipa_subdomains_id.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_subdomains_id.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_subdomains_id.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_subdomains_id.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_subdomains_id.c' object='src/providers/ipa/libsss_ipa_la-ipa_subdomains_id.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_subdomains_id.lo `test -f 'src/providers/ipa/ipa_subdomains_id.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_subdomains_id.c src/providers/ipa/libsss_ipa_la-ipa_subdomains_ext_groups.lo: src/providers/ipa/ipa_subdomains_ext_groups.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_subdomains_ext_groups.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_subdomains_ext_groups.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_subdomains_ext_groups.lo `test -f 'src/providers/ipa/ipa_subdomains_ext_groups.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_subdomains_ext_groups.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_subdomains_ext_groups.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_subdomains_ext_groups.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_subdomains_ext_groups.c' object='src/providers/ipa/libsss_ipa_la-ipa_subdomains_ext_groups.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_subdomains_ext_groups.lo `test -f 'src/providers/ipa/ipa_subdomains_ext_groups.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_subdomains_ext_groups.c src/providers/ipa/libsss_ipa_la-ipa_s2n_exop.lo: src/providers/ipa/ipa_s2n_exop.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_s2n_exop.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_s2n_exop.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_s2n_exop.lo `test -f 'src/providers/ipa/ipa_s2n_exop.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_s2n_exop.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_s2n_exop.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_s2n_exop.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_s2n_exop.c' object='src/providers/ipa/libsss_ipa_la-ipa_s2n_exop.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_s2n_exop.lo `test -f 'src/providers/ipa/ipa_s2n_exop.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_s2n_exop.c src/providers/ipa/libsss_ipa_la-ipa_hbac_hosts.lo: src/providers/ipa/ipa_hbac_hosts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_hbac_hosts.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_hosts.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_hbac_hosts.lo `test -f 'src/providers/ipa/ipa_hbac_hosts.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hbac_hosts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_hosts.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_hosts.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_hbac_hosts.c' object='src/providers/ipa/libsss_ipa_la-ipa_hbac_hosts.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_hbac_hosts.lo `test -f 'src/providers/ipa/ipa_hbac_hosts.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hbac_hosts.c src/providers/ipa/libsss_ipa_la-ipa_hbac_rules.lo: src/providers/ipa/ipa_hbac_rules.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_hbac_rules.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_rules.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_hbac_rules.lo `test -f 'src/providers/ipa/ipa_hbac_rules.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hbac_rules.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_rules.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_rules.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_hbac_rules.c' object='src/providers/ipa/libsss_ipa_la-ipa_hbac_rules.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_hbac_rules.lo `test -f 'src/providers/ipa/ipa_hbac_rules.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hbac_rules.c src/providers/ipa/libsss_ipa_la-ipa_hbac_services.lo: src/providers/ipa/ipa_hbac_services.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_hbac_services.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_services.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_hbac_services.lo `test -f 'src/providers/ipa/ipa_hbac_services.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hbac_services.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_services.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_services.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_hbac_services.c' object='src/providers/ipa/libsss_ipa_la-ipa_hbac_services.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_hbac_services.lo `test -f 'src/providers/ipa/ipa_hbac_services.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hbac_services.c src/providers/ipa/libsss_ipa_la-ipa_hbac_users.lo: src/providers/ipa/ipa_hbac_users.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_hbac_users.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_users.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_hbac_users.lo `test -f 'src/providers/ipa/ipa_hbac_users.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hbac_users.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_users.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_users.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_hbac_users.c' object='src/providers/ipa/libsss_ipa_la-ipa_hbac_users.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_hbac_users.lo `test -f 'src/providers/ipa/ipa_hbac_users.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hbac_users.c src/providers/ipa/libsss_ipa_la-ipa_hbac_common.lo: src/providers/ipa/ipa_hbac_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_hbac_common.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_common.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_hbac_common.lo `test -f 'src/providers/ipa/ipa_hbac_common.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hbac_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_common.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hbac_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_hbac_common.c' object='src/providers/ipa/libsss_ipa_la-ipa_hbac_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_hbac_common.lo `test -f 'src/providers/ipa/ipa_hbac_common.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hbac_common.c src/providers/ipa/libsss_ipa_la-ipa_selinux.lo: src/providers/ipa/ipa_selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_selinux.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_selinux.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_selinux.lo `test -f 'src/providers/ipa/ipa_selinux.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_selinux.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_selinux.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_selinux.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_selinux.c' object='src/providers/ipa/libsss_ipa_la-ipa_selinux.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_selinux.lo `test -f 'src/providers/ipa/ipa_selinux.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_selinux.c src/providers/ipa/libsss_ipa_la-ipa_selinux_maps.lo: src/providers/ipa/ipa_selinux_maps.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_selinux_maps.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_selinux_maps.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_selinux_maps.lo `test -f 'src/providers/ipa/ipa_selinux_maps.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_selinux_maps.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_selinux_maps.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_selinux_maps.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_selinux_maps.c' object='src/providers/ipa/libsss_ipa_la-ipa_selinux_maps.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_selinux_maps.lo `test -f 'src/providers/ipa/ipa_selinux_maps.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_selinux_maps.c src/providers/ipa/libsss_ipa_la-ipa_selinux_common.lo: src/providers/ipa/ipa_selinux_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_selinux_common.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_selinux_common.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_selinux_common.lo `test -f 'src/providers/ipa/ipa_selinux_common.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_selinux_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_selinux_common.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_selinux_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_selinux_common.c' object='src/providers/ipa/libsss_ipa_la-ipa_selinux_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_selinux_common.lo `test -f 'src/providers/ipa/ipa_selinux_common.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_selinux_common.c src/providers/ipa/libsss_ipa_la-ipa_srv.lo: src/providers/ipa/ipa_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_srv.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_srv.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_srv.lo `test -f 'src/providers/ipa/ipa_srv.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_srv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_srv.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_srv.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_srv.c' object='src/providers/ipa/libsss_ipa_la-ipa_srv.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_srv.lo `test -f 'src/providers/ipa/ipa_srv.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_srv.c src/providers/ipa/libsss_ipa_la-ipa_idmap.lo: src/providers/ipa/ipa_idmap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_idmap.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_idmap.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_idmap.lo `test -f 'src/providers/ipa/ipa_idmap.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_idmap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_idmap.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_idmap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_idmap.c' object='src/providers/ipa/libsss_ipa_la-ipa_idmap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_idmap.lo `test -f 'src/providers/ipa/ipa_idmap.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_idmap.c src/providers/ad/libsss_ipa_la-ad_common.lo: src/providers/ad/ad_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ipa_la-ad_common.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_common.Tpo -c -o src/providers/ad/libsss_ipa_la-ad_common.lo `test -f 'src/providers/ad/ad_common.c' || echo '$(srcdir)/'`src/providers/ad/ad_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_common.Tpo src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_common.c' object='src/providers/ad/libsss_ipa_la-ad_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ipa_la-ad_common.lo `test -f 'src/providers/ad/ad_common.c' || echo '$(srcdir)/'`src/providers/ad/ad_common.c src/providers/ad/libsss_ipa_la-ad_dyndns.lo: src/providers/ad/ad_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ipa_la-ad_dyndns.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_dyndns.Tpo -c -o src/providers/ad/libsss_ipa_la-ad_dyndns.lo `test -f 'src/providers/ad/ad_dyndns.c' || echo '$(srcdir)/'`src/providers/ad/ad_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_dyndns.Tpo src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_dyndns.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_dyndns.c' object='src/providers/ad/libsss_ipa_la-ad_dyndns.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ipa_la-ad_dyndns.lo `test -f 'src/providers/ad/ad_dyndns.c' || echo '$(srcdir)/'`src/providers/ad/ad_dyndns.c src/providers/ad/libsss_ipa_la-ad_id.lo: src/providers/ad/ad_id.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ipa_la-ad_id.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_id.Tpo -c -o src/providers/ad/libsss_ipa_la-ad_id.lo `test -f 'src/providers/ad/ad_id.c' || echo '$(srcdir)/'`src/providers/ad/ad_id.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_id.Tpo src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_id.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_id.c' object='src/providers/ad/libsss_ipa_la-ad_id.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ipa_la-ad_id.lo `test -f 'src/providers/ad/ad_id.c' || echo '$(srcdir)/'`src/providers/ad/ad_id.c src/providers/ad/libsss_ipa_la-ad_srv.lo: src/providers/ad/ad_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ipa_la-ad_srv.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_srv.Tpo -c -o src/providers/ad/libsss_ipa_la-ad_srv.lo `test -f 'src/providers/ad/ad_srv.c' || echo '$(srcdir)/'`src/providers/ad/ad_srv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_srv.Tpo src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_srv.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_srv.c' object='src/providers/ad/libsss_ipa_la-ad_srv.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ipa_la-ad_srv.lo `test -f 'src/providers/ad/ad_srv.c' || echo '$(srcdir)/'`src/providers/ad/ad_srv.c src/providers/ad/libsss_ipa_la-ad_domain_info.lo: src/providers/ad/ad_domain_info.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ad/libsss_ipa_la-ad_domain_info.lo -MD -MP -MF src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_domain_info.Tpo -c -o src/providers/ad/libsss_ipa_la-ad_domain_info.lo `test -f 'src/providers/ad/ad_domain_info.c' || echo '$(srcdir)/'`src/providers/ad/ad_domain_info.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_domain_info.Tpo src/providers/ad/$(DEPDIR)/libsss_ipa_la-ad_domain_info.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_domain_info.c' object='src/providers/ad/libsss_ipa_la-ad_domain_info.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ad/libsss_ipa_la-ad_domain_info.lo `test -f 'src/providers/ad/ad_domain_info.c' || echo '$(srcdir)/'`src/providers/ad/ad_domain_info.c src/util/libsss_ipa_la-user_info_msg.lo: src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_ipa_la-user_info_msg.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_ipa_la-user_info_msg.Tpo -c -o src/util/libsss_ipa_la-user_info_msg.lo `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_ipa_la-user_info_msg.Tpo src/util/$(DEPDIR)/libsss_ipa_la-user_info_msg.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/user_info_msg.c' object='src/util/libsss_ipa_la-user_info_msg.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_ipa_la-user_info_msg.lo `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c src/util/libsss_ipa_la-find_uid.lo: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_ipa_la-find_uid.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_ipa_la-find_uid.Tpo -c -o src/util/libsss_ipa_la-find_uid.lo `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_ipa_la-find_uid.Tpo src/util/$(DEPDIR)/libsss_ipa_la-find_uid.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/libsss_ipa_la-find_uid.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_ipa_la-find_uid.lo `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c src/util/libsss_ipa_la-sss_ldap.lo: src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_ipa_la-sss_ldap.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_ipa_la-sss_ldap.Tpo -c -o src/util/libsss_ipa_la-sss_ldap.lo `test -f 'src/util/sss_ldap.c' || echo '$(srcdir)/'`src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_ipa_la-sss_ldap.Tpo src/util/$(DEPDIR)/libsss_ipa_la-sss_ldap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_ldap.c' object='src/util/libsss_ipa_la-sss_ldap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_ipa_la-sss_ldap.lo `test -f 'src/util/sss_ldap.c' || echo '$(srcdir)/'`src/util/sss_ldap.c src/util/libsss_ipa_la-sss_krb5.lo: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_ipa_la-sss_krb5.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_ipa_la-sss_krb5.Tpo -c -o src/util/libsss_ipa_la-sss_krb5.lo `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_ipa_la-sss_krb5.Tpo src/util/$(DEPDIR)/libsss_ipa_la-sss_krb5.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/libsss_ipa_la-sss_krb5.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_ipa_la-sss_krb5.lo `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c src/providers/ipa/libsss_ipa_la-ipa_autofs.lo: src/providers/ipa/ipa_autofs.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_autofs.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_autofs.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_autofs.lo `test -f 'src/providers/ipa/ipa_autofs.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_autofs.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_autofs.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_autofs.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_autofs.c' object='src/providers/ipa/libsss_ipa_la-ipa_autofs.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_autofs.lo `test -f 'src/providers/ipa/ipa_autofs.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_autofs.c src/providers/ipa/libsss_ipa_la-ipa_sudo.lo: src/providers/ipa/ipa_sudo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_sudo.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_sudo.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_sudo.lo `test -f 'src/providers/ipa/ipa_sudo.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_sudo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_sudo.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_sudo.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_sudo.c' object='src/providers/ipa/libsss_ipa_la-ipa_sudo.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_sudo.lo `test -f 'src/providers/ipa/ipa_sudo.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_sudo.c src/providers/ipa/libsss_ipa_la-ipa_hostid.lo: src/providers/ipa/ipa_hostid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -MT src/providers/ipa/libsss_ipa_la-ipa_hostid.lo -MD -MP -MF src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hostid.Tpo -c -o src/providers/ipa/libsss_ipa_la-ipa_hostid.lo `test -f 'src/providers/ipa/ipa_hostid.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hostid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hostid.Tpo src/providers/ipa/$(DEPDIR)/libsss_ipa_la-ipa_hostid.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_hostid.c' object='src/providers/ipa/libsss_ipa_la-ipa_hostid.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ipa_la_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/libsss_ipa_la-ipa_hostid.lo `test -f 'src/providers/ipa/ipa_hostid.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_hostid.c src/providers/krb5/libsss_krb5_la-krb5_init.lo: src/providers/krb5/krb5_init.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_krb5_la-krb5_init.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_krb5_la-krb5_init.Tpo -c -o src/providers/krb5/libsss_krb5_la-krb5_init.lo `test -f 'src/providers/krb5/krb5_init.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_init.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_krb5_la-krb5_init.Tpo src/providers/krb5/$(DEPDIR)/libsss_krb5_la-krb5_init.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_init.c' object='src/providers/krb5/libsss_krb5_la-krb5_init.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_krb5_la-krb5_init.lo `test -f 'src/providers/krb5/krb5_init.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_init.c src/util/libsss_krb5_la-find_uid.lo: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_krb5_la-find_uid.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_krb5_la-find_uid.Tpo -c -o src/util/libsss_krb5_la-find_uid.lo `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_krb5_la-find_uid.Tpo src/util/$(DEPDIR)/libsss_krb5_la-find_uid.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/libsss_krb5_la-find_uid.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_krb5_la-find_uid.lo `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c src/util/libsss_krb5_la-sss_krb5.lo: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_krb5_la-sss_krb5.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_krb5_la-sss_krb5.Tpo -c -o src/util/libsss_krb5_la-sss_krb5.lo `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_krb5_la-sss_krb5.Tpo src/util/$(DEPDIR)/libsss_krb5_la-sss_krb5.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/libsss_krb5_la-sss_krb5.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_krb5_la-sss_krb5.lo `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c src/providers/krb5/libsss_krb5_common_la-krb5_utils.lo: src/providers/krb5/krb5_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_krb5_common_la-krb5_utils.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_utils.Tpo -c -o src/providers/krb5/libsss_krb5_common_la-krb5_utils.lo `test -f 'src/providers/krb5/krb5_utils.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_utils.Tpo src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_utils.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_utils.c' object='src/providers/krb5/libsss_krb5_common_la-krb5_utils.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_krb5_common_la-krb5_utils.lo `test -f 'src/providers/krb5/krb5_utils.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_utils.c src/providers/krb5/libsss_krb5_common_la-krb5_become_user.lo: src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_krb5_common_la-krb5_become_user.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_become_user.Tpo -c -o src/providers/krb5/libsss_krb5_common_la-krb5_become_user.lo `test -f 'src/providers/krb5/krb5_become_user.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_become_user.Tpo src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_become_user.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_become_user.c' object='src/providers/krb5/libsss_krb5_common_la-krb5_become_user.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_krb5_common_la-krb5_become_user.lo `test -f 'src/providers/krb5/krb5_become_user.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_become_user.c src/providers/krb5/libsss_krb5_common_la-krb5_delayed_online_authentication.lo: src/providers/krb5/krb5_delayed_online_authentication.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_krb5_common_la-krb5_delayed_online_authentication.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_delayed_online_authentication.Tpo -c -o src/providers/krb5/libsss_krb5_common_la-krb5_delayed_online_authentication.lo `test -f 'src/providers/krb5/krb5_delayed_online_authentication.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_delayed_online_authentication.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_delayed_online_authentication.Tpo src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_delayed_online_authentication.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_delayed_online_authentication.c' object='src/providers/krb5/libsss_krb5_common_la-krb5_delayed_online_authentication.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_krb5_common_la-krb5_delayed_online_authentication.lo `test -f 'src/providers/krb5/krb5_delayed_online_authentication.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/libsss_krb5_common_la-krb5_renew_tgt.lo: src/providers/krb5/krb5_renew_tgt.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_krb5_common_la-krb5_renew_tgt.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_renew_tgt.Tpo -c -o src/providers/krb5/libsss_krb5_common_la-krb5_renew_tgt.lo `test -f 'src/providers/krb5/krb5_renew_tgt.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_renew_tgt.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_renew_tgt.Tpo src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_renew_tgt.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_renew_tgt.c' object='src/providers/krb5/libsss_krb5_common_la-krb5_renew_tgt.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_krb5_common_la-krb5_renew_tgt.lo `test -f 'src/providers/krb5/krb5_renew_tgt.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_renew_tgt.c src/providers/krb5/libsss_krb5_common_la-krb5_wait_queue.lo: src/providers/krb5/krb5_wait_queue.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_krb5_common_la-krb5_wait_queue.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_wait_queue.Tpo -c -o src/providers/krb5/libsss_krb5_common_la-krb5_wait_queue.lo `test -f 'src/providers/krb5/krb5_wait_queue.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_wait_queue.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_wait_queue.Tpo src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_wait_queue.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_wait_queue.c' object='src/providers/krb5/libsss_krb5_common_la-krb5_wait_queue.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_krb5_common_la-krb5_wait_queue.lo `test -f 'src/providers/krb5/krb5_wait_queue.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_wait_queue.c src/providers/krb5/libsss_krb5_common_la-krb5_common.lo: src/providers/krb5/krb5_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_krb5_common_la-krb5_common.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_common.Tpo -c -o src/providers/krb5/libsss_krb5_common_la-krb5_common.lo `test -f 'src/providers/krb5/krb5_common.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_common.Tpo src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_common.c' object='src/providers/krb5/libsss_krb5_common_la-krb5_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_krb5_common_la-krb5_common.lo `test -f 'src/providers/krb5/krb5_common.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_common.c src/providers/krb5/libsss_krb5_common_la-krb5_auth.lo: src/providers/krb5/krb5_auth.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_krb5_common_la-krb5_auth.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_auth.Tpo -c -o src/providers/krb5/libsss_krb5_common_la-krb5_auth.lo `test -f 'src/providers/krb5/krb5_auth.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_auth.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_auth.Tpo src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_auth.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_auth.c' object='src/providers/krb5/libsss_krb5_common_la-krb5_auth.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_krb5_common_la-krb5_auth.lo `test -f 'src/providers/krb5/krb5_auth.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_auth.c src/providers/krb5/libsss_krb5_common_la-krb5_access.lo: src/providers/krb5/krb5_access.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_krb5_common_la-krb5_access.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_access.Tpo -c -o src/providers/krb5/libsss_krb5_common_la-krb5_access.lo `test -f 'src/providers/krb5/krb5_access.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_access.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_access.Tpo src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_access.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_access.c' object='src/providers/krb5/libsss_krb5_common_la-krb5_access.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_krb5_common_la-krb5_access.lo `test -f 'src/providers/krb5/krb5_access.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_access.c src/providers/krb5/libsss_krb5_common_la-krb5_child_handler.lo: src/providers/krb5/krb5_child_handler.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_krb5_common_la-krb5_child_handler.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_child_handler.Tpo -c -o src/providers/krb5/libsss_krb5_common_la-krb5_child_handler.lo `test -f 'src/providers/krb5/krb5_child_handler.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_child_handler.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_child_handler.Tpo src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_child_handler.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_child_handler.c' object='src/providers/krb5/libsss_krb5_common_la-krb5_child_handler.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_krb5_common_la-krb5_child_handler.lo `test -f 'src/providers/krb5/krb5_child_handler.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_child_handler.c src/providers/krb5/libsss_krb5_common_la-krb5_init_shared.lo: src/providers/krb5/krb5_init_shared.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_krb5_common_la-krb5_init_shared.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_init_shared.Tpo -c -o src/providers/krb5/libsss_krb5_common_la-krb5_init_shared.lo `test -f 'src/providers/krb5/krb5_init_shared.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_init_shared.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_init_shared.Tpo src/providers/krb5/$(DEPDIR)/libsss_krb5_common_la-krb5_init_shared.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_init_shared.c' object='src/providers/krb5/libsss_krb5_common_la-krb5_init_shared.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_krb5_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_krb5_common_la-krb5_init_shared.lo `test -f 'src/providers/krb5/krb5_init_shared.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_init_shared.c src/util/libsss_ldap_la-find_uid.lo: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_ldap_la-find_uid.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_ldap_la-find_uid.Tpo -c -o src/util/libsss_ldap_la-find_uid.lo `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_ldap_la-find_uid.Tpo src/util/$(DEPDIR)/libsss_ldap_la-find_uid.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/libsss_ldap_la-find_uid.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_ldap_la-find_uid.lo `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c src/providers/ldap/libsss_ldap_la-ldap_init.lo: src/providers/ldap/ldap_init.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_la-ldap_init.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_la-ldap_init.Tpo -c -o src/providers/ldap/libsss_ldap_la-ldap_init.lo `test -f 'src/providers/ldap/ldap_init.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_init.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_la-ldap_init.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_la-ldap_init.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/ldap_init.c' object='src/providers/ldap/libsss_ldap_la-ldap_init.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_la-ldap_init.lo `test -f 'src/providers/ldap/ldap_init.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_init.c src/providers/ldap/libsss_ldap_la-ldap_access.lo: src/providers/ldap/ldap_access.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_la-ldap_access.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_la-ldap_access.Tpo -c -o src/providers/ldap/libsss_ldap_la-ldap_access.lo `test -f 'src/providers/ldap/ldap_access.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_access.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_la-ldap_access.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_la-ldap_access.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/ldap_access.c' object='src/providers/ldap/libsss_ldap_la-ldap_access.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_la-ldap_access.lo `test -f 'src/providers/ldap/ldap_access.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_access.c src/providers/krb5/libsss_ldap_la-krb5_common.lo: src/providers/krb5/krb5_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_ldap_la-krb5_common.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_ldap_la-krb5_common.Tpo -c -o src/providers/krb5/libsss_ldap_la-krb5_common.lo `test -f 'src/providers/krb5/krb5_common.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_ldap_la-krb5_common.Tpo src/providers/krb5/$(DEPDIR)/libsss_ldap_la-krb5_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_common.c' object='src/providers/krb5/libsss_ldap_la-krb5_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_ldap_la-krb5_common.lo `test -f 'src/providers/krb5/krb5_common.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_common.c src/providers/krb5/libsss_ldap_la-krb5_utils.lo: src/providers/krb5/krb5_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_ldap_la-krb5_utils.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_ldap_la-krb5_utils.Tpo -c -o src/providers/krb5/libsss_ldap_la-krb5_utils.lo `test -f 'src/providers/krb5/krb5_utils.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_ldap_la-krb5_utils.Tpo src/providers/krb5/$(DEPDIR)/libsss_ldap_la-krb5_utils.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_utils.c' object='src/providers/krb5/libsss_ldap_la-krb5_utils.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_ldap_la-krb5_utils.lo `test -f 'src/providers/krb5/krb5_utils.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_utils.c src/providers/krb5/libsss_ldap_la-krb5_become_user.lo: src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -MT src/providers/krb5/libsss_ldap_la-krb5_become_user.lo -MD -MP -MF src/providers/krb5/$(DEPDIR)/libsss_ldap_la-krb5_become_user.Tpo -c -o src/providers/krb5/libsss_ldap_la-krb5_become_user.lo `test -f 'src/providers/krb5/krb5_become_user.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/libsss_ldap_la-krb5_become_user.Tpo src/providers/krb5/$(DEPDIR)/libsss_ldap_la-krb5_become_user.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_become_user.c' object='src/providers/krb5/libsss_ldap_la-krb5_become_user.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/libsss_ldap_la-krb5_become_user.lo `test -f 'src/providers/krb5/krb5_become_user.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_become_user.c src/util/libsss_ldap_la-user_info_msg.lo: src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_ldap_la-user_info_msg.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_ldap_la-user_info_msg.Tpo -c -o src/util/libsss_ldap_la-user_info_msg.lo `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_ldap_la-user_info_msg.Tpo src/util/$(DEPDIR)/libsss_ldap_la-user_info_msg.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/user_info_msg.c' object='src/util/libsss_ldap_la-user_info_msg.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_ldap_la-user_info_msg.lo `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c src/util/libsss_ldap_la-sss_ldap.lo: src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_ldap_la-sss_ldap.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_ldap_la-sss_ldap.Tpo -c -o src/util/libsss_ldap_la-sss_ldap.lo `test -f 'src/util/sss_ldap.c' || echo '$(srcdir)/'`src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_ldap_la-sss_ldap.Tpo src/util/$(DEPDIR)/libsss_ldap_la-sss_ldap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_ldap.c' object='src/util/libsss_ldap_la-sss_ldap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_ldap_la-sss_ldap.lo `test -f 'src/util/sss_ldap.c' || echo '$(srcdir)/'`src/util/sss_ldap.c src/util/libsss_ldap_la-sss_krb5.lo: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -MT src/util/libsss_ldap_la-sss_krb5.lo -MD -MP -MF src/util/$(DEPDIR)/libsss_ldap_la-sss_krb5.Tpo -c -o src/util/libsss_ldap_la-sss_krb5.lo `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/libsss_ldap_la-sss_krb5.Tpo src/util/$(DEPDIR)/libsss_ldap_la-sss_krb5.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/libsss_ldap_la-sss_krb5.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_la_CFLAGS) $(CFLAGS) -c -o src/util/libsss_ldap_la-sss_krb5.lo `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c src/providers/ldap/libsss_ldap_common_la-ldap_id.lo: src/providers/ldap/ldap_id.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-ldap_id.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-ldap_id.lo `test -f 'src/providers/ldap/ldap_id.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_id.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/ldap_id.c' object='src/providers/ldap/libsss_ldap_common_la-ldap_id.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-ldap_id.lo `test -f 'src/providers/ldap/ldap_id.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_id.c src/providers/ldap/libsss_ldap_common_la-ldap_id_enum.lo: src/providers/ldap/ldap_id_enum.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-ldap_id_enum.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_enum.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-ldap_id_enum.lo `test -f 'src/providers/ldap/ldap_id_enum.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_id_enum.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_enum.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_enum.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/ldap_id_enum.c' object='src/providers/ldap/libsss_ldap_common_la-ldap_id_enum.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-ldap_id_enum.lo `test -f 'src/providers/ldap/ldap_id_enum.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_id_enum.c src/providers/ldap/libsss_ldap_common_la-sdap_async_enum.lo: src/providers/ldap/sdap_async_enum.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_enum.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_enum.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_enum.lo `test -f 'src/providers/ldap/sdap_async_enum.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_enum.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_enum.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_enum.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_enum.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_enum.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_enum.lo `test -f 'src/providers/ldap/sdap_async_enum.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_enum.c src/providers/ldap/libsss_ldap_common_la-ldap_id_cleanup.lo: src/providers/ldap/ldap_id_cleanup.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-ldap_id_cleanup.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_cleanup.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-ldap_id_cleanup.lo `test -f 'src/providers/ldap/ldap_id_cleanup.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_id_cleanup.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_cleanup.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_cleanup.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/ldap_id_cleanup.c' object='src/providers/ldap/libsss_ldap_common_la-ldap_id_cleanup.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-ldap_id_cleanup.lo `test -f 'src/providers/ldap/ldap_id_cleanup.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_id_cleanup.c src/providers/ldap/libsss_ldap_common_la-ldap_id_netgroup.lo: src/providers/ldap/ldap_id_netgroup.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-ldap_id_netgroup.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_netgroup.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-ldap_id_netgroup.lo `test -f 'src/providers/ldap/ldap_id_netgroup.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_id_netgroup.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_netgroup.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_netgroup.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/ldap_id_netgroup.c' object='src/providers/ldap/libsss_ldap_common_la-ldap_id_netgroup.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-ldap_id_netgroup.lo `test -f 'src/providers/ldap/ldap_id_netgroup.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_id_netgroup.c src/providers/ldap/libsss_ldap_common_la-ldap_id_services.lo: src/providers/ldap/ldap_id_services.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-ldap_id_services.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_services.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-ldap_id_services.lo `test -f 'src/providers/ldap/ldap_id_services.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_id_services.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_services.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_id_services.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/ldap_id_services.c' object='src/providers/ldap/libsss_ldap_common_la-ldap_id_services.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-ldap_id_services.lo `test -f 'src/providers/ldap/ldap_id_services.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_id_services.c src/providers/ldap/libsss_ldap_common_la-ldap_auth.lo: src/providers/ldap/ldap_auth.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-ldap_auth.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_auth.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-ldap_auth.lo `test -f 'src/providers/ldap/ldap_auth.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_auth.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_auth.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_auth.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/ldap_auth.c' object='src/providers/ldap/libsss_ldap_common_la-ldap_auth.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-ldap_auth.lo `test -f 'src/providers/ldap/ldap_auth.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_auth.c src/providers/ldap/libsss_ldap_common_la-ldap_common.lo: src/providers/ldap/ldap_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-ldap_common.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_common.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-ldap_common.lo `test -f 'src/providers/ldap/ldap_common.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_common.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-ldap_common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/ldap_common.c' object='src/providers/ldap/libsss_ldap_common_la-ldap_common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-ldap_common.lo `test -f 'src/providers/ldap/ldap_common.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_common.c src/providers/ldap/libsss_ldap_common_la-sdap_access.lo: src/providers/ldap/sdap_access.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_access.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_access.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_access.lo `test -f 'src/providers/ldap/sdap_access.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_access.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_access.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_access.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_access.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_access.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_access.lo `test -f 'src/providers/ldap/sdap_access.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_access.c src/providers/ldap/libsss_ldap_common_la-sdap_async.lo: src/providers/ldap/sdap_async.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async.lo `test -f 'src/providers/ldap/sdap_async.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async.lo `test -f 'src/providers/ldap/sdap_async.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async.c src/providers/ldap/libsss_ldap_common_la-sdap_async_users.lo: src/providers/ldap/sdap_async_users.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_users.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_users.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_users.lo `test -f 'src/providers/ldap/sdap_async_users.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_users.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_users.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_users.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_users.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_users.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_users.lo `test -f 'src/providers/ldap/sdap_async_users.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_users.c src/providers/ldap/libsss_ldap_common_la-sdap_async_groups.lo: src/providers/ldap/sdap_async_groups.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_groups.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_groups.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_groups.lo `test -f 'src/providers/ldap/sdap_async_groups.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_groups.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_groups.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_groups.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_groups.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_groups.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_groups.lo `test -f 'src/providers/ldap/sdap_async_groups.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_groups.c src/providers/ldap/libsss_ldap_common_la-sdap_async_nested_groups.lo: src/providers/ldap/sdap_async_nested_groups.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_nested_groups.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_nested_groups.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_nested_groups.lo `test -f 'src/providers/ldap/sdap_async_nested_groups.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_nested_groups.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_nested_groups.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_nested_groups.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_nested_groups.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_nested_groups.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_nested_groups.lo `test -f 'src/providers/ldap/sdap_async_nested_groups.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_nested_groups.c src/providers/ldap/libsss_ldap_common_la-sdap_async_groups_ad.lo: src/providers/ldap/sdap_async_groups_ad.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_groups_ad.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_groups_ad.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_groups_ad.lo `test -f 'src/providers/ldap/sdap_async_groups_ad.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_groups_ad.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_groups_ad.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_groups_ad.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_groups_ad.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_groups_ad.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_groups_ad.lo `test -f 'src/providers/ldap/sdap_async_groups_ad.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_groups_ad.c src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups.lo: src/providers/ldap/sdap_async_initgroups.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_initgroups.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups.lo `test -f 'src/providers/ldap/sdap_async_initgroups.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_initgroups.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_initgroups.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_initgroups.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_initgroups.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups.lo `test -f 'src/providers/ldap/sdap_async_initgroups.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_initgroups.c src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups_ad.lo: src/providers/ldap/sdap_async_initgroups_ad.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups_ad.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_initgroups_ad.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups_ad.lo `test -f 'src/providers/ldap/sdap_async_initgroups_ad.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_initgroups_ad.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_initgroups_ad.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_initgroups_ad.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_initgroups_ad.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups_ad.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_initgroups_ad.lo `test -f 'src/providers/ldap/sdap_async_initgroups_ad.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_initgroups_ad.c src/providers/ldap/libsss_ldap_common_la-sdap_async_connection.lo: src/providers/ldap/sdap_async_connection.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_connection.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_connection.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_connection.lo `test -f 'src/providers/ldap/sdap_async_connection.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_connection.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_connection.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_connection.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_connection.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_connection.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_connection.lo `test -f 'src/providers/ldap/sdap_async_connection.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_connection.c src/providers/ldap/libsss_ldap_common_la-sdap_async_netgroups.lo: src/providers/ldap/sdap_async_netgroups.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_netgroups.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_netgroups.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_netgroups.lo `test -f 'src/providers/ldap/sdap_async_netgroups.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_netgroups.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_netgroups.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_netgroups.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_netgroups.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_netgroups.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_netgroups.lo `test -f 'src/providers/ldap/sdap_async_netgroups.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_netgroups.c src/providers/ldap/libsss_ldap_common_la-sdap_async_services.lo: src/providers/ldap/sdap_async_services.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_services.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_services.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_services.lo `test -f 'src/providers/ldap/sdap_async_services.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_services.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_services.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_services.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_services.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_services.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_services.lo `test -f 'src/providers/ldap/sdap_async_services.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_services.c src/providers/ldap/libsss_ldap_common_la-sdap_child_helpers.lo: src/providers/ldap/sdap_child_helpers.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_child_helpers.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_child_helpers.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_child_helpers.lo `test -f 'src/providers/ldap/sdap_child_helpers.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_child_helpers.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_child_helpers.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_child_helpers.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_child_helpers.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_child_helpers.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_child_helpers.lo `test -f 'src/providers/ldap/sdap_child_helpers.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_child_helpers.c src/providers/ldap/libsss_ldap_common_la-sdap_fd_events.lo: src/providers/ldap/sdap_fd_events.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_fd_events.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_fd_events.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_fd_events.lo `test -f 'src/providers/ldap/sdap_fd_events.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_fd_events.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_fd_events.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_fd_events.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_fd_events.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_fd_events.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_fd_events.lo `test -f 'src/providers/ldap/sdap_fd_events.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_fd_events.c src/providers/ldap/libsss_ldap_common_la-sdap_id_op.lo: src/providers/ldap/sdap_id_op.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_id_op.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_id_op.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_id_op.lo `test -f 'src/providers/ldap/sdap_id_op.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_id_op.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_id_op.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_id_op.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_id_op.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_id_op.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_id_op.lo `test -f 'src/providers/ldap/sdap_id_op.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_id_op.c src/providers/ldap/libsss_ldap_common_la-sdap_idmap.lo: src/providers/ldap/sdap_idmap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_idmap.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_idmap.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_idmap.lo `test -f 'src/providers/ldap/sdap_idmap.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_idmap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_idmap.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_idmap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_idmap.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_idmap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_idmap.lo `test -f 'src/providers/ldap/sdap_idmap.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_idmap.c src/providers/ldap/libsss_ldap_common_la-sdap_range.lo: src/providers/ldap/sdap_range.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_range.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_range.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_range.lo `test -f 'src/providers/ldap/sdap_range.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_range.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_range.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_range.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_range.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_range.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_range.lo `test -f 'src/providers/ldap/sdap_range.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_range.c src/providers/ldap/libsss_ldap_common_la-sdap_reinit.lo: src/providers/ldap/sdap_reinit.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_reinit.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_reinit.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_reinit.lo `test -f 'src/providers/ldap/sdap_reinit.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_reinit.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_reinit.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_reinit.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_reinit.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_reinit.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_reinit.lo `test -f 'src/providers/ldap/sdap_reinit.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_reinit.c src/providers/ldap/libsss_ldap_common_la-sdap_dyndns.lo: src/providers/ldap/sdap_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_dyndns.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_dyndns.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_dyndns.lo `test -f 'src/providers/ldap/sdap_dyndns.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_dyndns.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_dyndns.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_dyndns.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_dyndns.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_dyndns.lo `test -f 'src/providers/ldap/sdap_dyndns.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_dyndns.c src/providers/ldap/libsss_ldap_common_la-sdap_refresh.lo: src/providers/ldap/sdap_refresh.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_refresh.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_refresh.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_refresh.lo `test -f 'src/providers/ldap/sdap_refresh.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_refresh.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_refresh.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_refresh.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_refresh.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_refresh.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_refresh.lo `test -f 'src/providers/ldap/sdap_refresh.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_refresh.c src/providers/ldap/libsss_ldap_common_la-sdap.lo: src/providers/ldap/sdap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap.lo `test -f 'src/providers/ldap/sdap.c' || echo '$(srcdir)/'`src/providers/ldap/sdap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap.c' object='src/providers/ldap/libsss_ldap_common_la-sdap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap.lo `test -f 'src/providers/ldap/sdap.c' || echo '$(srcdir)/'`src/providers/ldap/sdap.c src/providers/ldap/libsss_ldap_common_la-sdap_sudo_cache.lo: src/providers/ldap/sdap_sudo_cache.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_sudo_cache.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_sudo_cache.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_sudo_cache.lo `test -f 'src/providers/ldap/sdap_sudo_cache.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_sudo_cache.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_sudo_cache.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_sudo_cache.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_sudo_cache.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_sudo_cache.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_sudo_cache.lo `test -f 'src/providers/ldap/sdap_sudo_cache.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_sudo_cache.c src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo.lo: src/providers/ldap/sdap_async_sudo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_sudo.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo.lo `test -f 'src/providers/ldap/sdap_async_sudo.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_sudo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_sudo.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_sudo.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_sudo.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo.lo `test -f 'src/providers/ldap/sdap_async_sudo.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_sudo.c src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_timer.lo: src/providers/ldap/sdap_async_sudo_timer.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_timer.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_sudo_timer.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_timer.lo `test -f 'src/providers/ldap/sdap_async_sudo_timer.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_sudo_timer.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_sudo_timer.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_sudo_timer.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_sudo_timer.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_timer.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_timer.lo `test -f 'src/providers/ldap/sdap_async_sudo_timer.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_sudo_timer.c src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_hostinfo.lo: src/providers/ldap/sdap_async_sudo_hostinfo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_hostinfo.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_sudo_hostinfo.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_hostinfo.lo `test -f 'src/providers/ldap/sdap_async_sudo_hostinfo.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_sudo_hostinfo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_sudo_hostinfo.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_sudo_hostinfo.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_sudo_hostinfo.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_hostinfo.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_sudo_hostinfo.lo `test -f 'src/providers/ldap/sdap_async_sudo_hostinfo.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/libsss_ldap_common_la-sdap_sudo.lo: src/providers/ldap/sdap_sudo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_sudo.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_sudo.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_sudo.lo `test -f 'src/providers/ldap/sdap_sudo.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_sudo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_sudo.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_sudo.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_sudo.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_sudo.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_sudo.lo `test -f 'src/providers/ldap/sdap_sudo.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_sudo.c src/providers/ldap/libsss_ldap_common_la-sdap_autofs.lo: src/providers/ldap/sdap_autofs.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_autofs.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_autofs.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_autofs.lo `test -f 'src/providers/ldap/sdap_autofs.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_autofs.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_autofs.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_autofs.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_autofs.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_autofs.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_autofs.lo `test -f 'src/providers/ldap/sdap_autofs.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_autofs.c src/providers/ldap/libsss_ldap_common_la-sdap_async_autofs.lo: src/providers/ldap/sdap_async_autofs.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -MT src/providers/ldap/libsss_ldap_common_la-sdap_async_autofs.lo -MD -MP -MF src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_autofs.Tpo -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_autofs.lo `test -f 'src/providers/ldap/sdap_async_autofs.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_autofs.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_autofs.Tpo src/providers/ldap/$(DEPDIR)/libsss_ldap_common_la-sdap_async_autofs.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/sdap_async_autofs.c' object='src/providers/ldap/libsss_ldap_common_la-sdap_async_autofs.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_ldap_common_la_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/libsss_ldap_common_la-sdap_async_autofs.lo `test -f 'src/providers/ldap/sdap_async_autofs.c' || echo '$(srcdir)/'`src/providers/ldap/sdap_async_autofs.c src/providers/proxy/libsss_proxy_la-proxy_init.lo: src/providers/proxy/proxy_init.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_proxy_la_CFLAGS) $(CFLAGS) -MT src/providers/proxy/libsss_proxy_la-proxy_init.lo -MD -MP -MF src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_init.Tpo -c -o src/providers/proxy/libsss_proxy_la-proxy_init.lo `test -f 'src/providers/proxy/proxy_init.c' || echo '$(srcdir)/'`src/providers/proxy/proxy_init.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_init.Tpo src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_init.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/proxy/proxy_init.c' object='src/providers/proxy/libsss_proxy_la-proxy_init.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_proxy_la_CFLAGS) $(CFLAGS) -c -o src/providers/proxy/libsss_proxy_la-proxy_init.lo `test -f 'src/providers/proxy/proxy_init.c' || echo '$(srcdir)/'`src/providers/proxy/proxy_init.c src/providers/proxy/libsss_proxy_la-proxy_id.lo: src/providers/proxy/proxy_id.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_proxy_la_CFLAGS) $(CFLAGS) -MT src/providers/proxy/libsss_proxy_la-proxy_id.lo -MD -MP -MF src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_id.Tpo -c -o src/providers/proxy/libsss_proxy_la-proxy_id.lo `test -f 'src/providers/proxy/proxy_id.c' || echo '$(srcdir)/'`src/providers/proxy/proxy_id.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_id.Tpo src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_id.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/proxy/proxy_id.c' object='src/providers/proxy/libsss_proxy_la-proxy_id.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_proxy_la_CFLAGS) $(CFLAGS) -c -o src/providers/proxy/libsss_proxy_la-proxy_id.lo `test -f 'src/providers/proxy/proxy_id.c' || echo '$(srcdir)/'`src/providers/proxy/proxy_id.c src/providers/proxy/libsss_proxy_la-proxy_netgroup.lo: src/providers/proxy/proxy_netgroup.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_proxy_la_CFLAGS) $(CFLAGS) -MT src/providers/proxy/libsss_proxy_la-proxy_netgroup.lo -MD -MP -MF src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_netgroup.Tpo -c -o src/providers/proxy/libsss_proxy_la-proxy_netgroup.lo `test -f 'src/providers/proxy/proxy_netgroup.c' || echo '$(srcdir)/'`src/providers/proxy/proxy_netgroup.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_netgroup.Tpo src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_netgroup.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/proxy/proxy_netgroup.c' object='src/providers/proxy/libsss_proxy_la-proxy_netgroup.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_proxy_la_CFLAGS) $(CFLAGS) -c -o src/providers/proxy/libsss_proxy_la-proxy_netgroup.lo `test -f 'src/providers/proxy/proxy_netgroup.c' || echo '$(srcdir)/'`src/providers/proxy/proxy_netgroup.c src/providers/proxy/libsss_proxy_la-proxy_services.lo: src/providers/proxy/proxy_services.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_proxy_la_CFLAGS) $(CFLAGS) -MT src/providers/proxy/libsss_proxy_la-proxy_services.lo -MD -MP -MF src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_services.Tpo -c -o src/providers/proxy/libsss_proxy_la-proxy_services.lo `test -f 'src/providers/proxy/proxy_services.c' || echo '$(srcdir)/'`src/providers/proxy/proxy_services.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_services.Tpo src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_services.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/proxy/proxy_services.c' object='src/providers/proxy/libsss_proxy_la-proxy_services.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_proxy_la_CFLAGS) $(CFLAGS) -c -o src/providers/proxy/libsss_proxy_la-proxy_services.lo `test -f 'src/providers/proxy/proxy_services.c' || echo '$(srcdir)/'`src/providers/proxy/proxy_services.c src/providers/proxy/libsss_proxy_la-proxy_auth.lo: src/providers/proxy/proxy_auth.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_proxy_la_CFLAGS) $(CFLAGS) -MT src/providers/proxy/libsss_proxy_la-proxy_auth.lo -MD -MP -MF src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_auth.Tpo -c -o src/providers/proxy/libsss_proxy_la-proxy_auth.lo `test -f 'src/providers/proxy/proxy_auth.c' || echo '$(srcdir)/'`src/providers/proxy/proxy_auth.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_auth.Tpo src/providers/proxy/$(DEPDIR)/libsss_proxy_la-proxy_auth.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/proxy/proxy_auth.c' object='src/providers/proxy/libsss_proxy_la-proxy_auth.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_proxy_la_CFLAGS) $(CFLAGS) -c -o src/providers/proxy/libsss_proxy_la-proxy_auth.lo `test -f 'src/providers/proxy/proxy_auth.c' || echo '$(srcdir)/'`src/providers/proxy/proxy_auth.c src/providers/simple/libsss_simple_la-simple_access_check.lo: src/providers/simple/simple_access_check.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_simple_la_CFLAGS) $(CFLAGS) -MT src/providers/simple/libsss_simple_la-simple_access_check.lo -MD -MP -MF src/providers/simple/$(DEPDIR)/libsss_simple_la-simple_access_check.Tpo -c -o src/providers/simple/libsss_simple_la-simple_access_check.lo `test -f 'src/providers/simple/simple_access_check.c' || echo '$(srcdir)/'`src/providers/simple/simple_access_check.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/simple/$(DEPDIR)/libsss_simple_la-simple_access_check.Tpo src/providers/simple/$(DEPDIR)/libsss_simple_la-simple_access_check.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/simple/simple_access_check.c' object='src/providers/simple/libsss_simple_la-simple_access_check.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_simple_la_CFLAGS) $(CFLAGS) -c -o src/providers/simple/libsss_simple_la-simple_access_check.lo `test -f 'src/providers/simple/simple_access_check.c' || echo '$(srcdir)/'`src/providers/simple/simple_access_check.c src/providers/simple/libsss_simple_la-simple_access.lo: src/providers/simple/simple_access.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_simple_la_CFLAGS) $(CFLAGS) -MT src/providers/simple/libsss_simple_la-simple_access.lo -MD -MP -MF src/providers/simple/$(DEPDIR)/libsss_simple_la-simple_access.Tpo -c -o src/providers/simple/libsss_simple_la-simple_access.lo `test -f 'src/providers/simple/simple_access.c' || echo '$(srcdir)/'`src/providers/simple/simple_access.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/simple/$(DEPDIR)/libsss_simple_la-simple_access.Tpo src/providers/simple/$(DEPDIR)/libsss_simple_la-simple_access.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/simple/simple_access.c' object='src/providers/simple/libsss_simple_la-simple_access.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libsss_simple_la_CFLAGS) $(CFLAGS) -c -o src/providers/simple/libsss_simple_la-simple_access.lo `test -f 'src/providers/simple/simple_access.c' || echo '$(srcdir)/'`src/providers/simple/simple_access.c src/ldb_modules/memberof_la-memberof.lo: src/ldb_modules/memberof.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(memberof_la_CFLAGS) $(CFLAGS) -MT src/ldb_modules/memberof_la-memberof.lo -MD -MP -MF src/ldb_modules/$(DEPDIR)/memberof_la-memberof.Tpo -c -o src/ldb_modules/memberof_la-memberof.lo `test -f 'src/ldb_modules/memberof.c' || echo '$(srcdir)/'`src/ldb_modules/memberof.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/ldb_modules/$(DEPDIR)/memberof_la-memberof.Tpo src/ldb_modules/$(DEPDIR)/memberof_la-memberof.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/ldb_modules/memberof.c' object='src/ldb_modules/memberof_la-memberof.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(memberof_la_CFLAGS) $(CFLAGS) -c -o src/ldb_modules/memberof_la-memberof.lo `test -f 'src/ldb_modules/memberof.c' || echo '$(srcdir)/'`src/ldb_modules/memberof.c src/util/memberof_la-util.lo: src/util/util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(memberof_la_CFLAGS) $(CFLAGS) -MT src/util/memberof_la-util.lo -MD -MP -MF src/util/$(DEPDIR)/memberof_la-util.Tpo -c -o src/util/memberof_la-util.lo `test -f 'src/util/util.c' || echo '$(srcdir)/'`src/util/util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/memberof_la-util.Tpo src/util/$(DEPDIR)/memberof_la-util.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/util.c' object='src/util/memberof_la-util.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(memberof_la_CFLAGS) $(CFLAGS) -c -o src/util/memberof_la-util.lo `test -f 'src/util/util.c' || echo '$(srcdir)/'`src/util/util.c src/python/pyhbac_la-pyhbac.lo: src/python/pyhbac.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pyhbac_la_CFLAGS) $(CFLAGS) -MT src/python/pyhbac_la-pyhbac.lo -MD -MP -MF src/python/$(DEPDIR)/pyhbac_la-pyhbac.Tpo -c -o src/python/pyhbac_la-pyhbac.lo `test -f 'src/python/pyhbac.c' || echo '$(srcdir)/'`src/python/pyhbac.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/python/$(DEPDIR)/pyhbac_la-pyhbac.Tpo src/python/$(DEPDIR)/pyhbac_la-pyhbac.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/python/pyhbac.c' object='src/python/pyhbac_la-pyhbac.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pyhbac_la_CFLAGS) $(CFLAGS) -c -o src/python/pyhbac_la-pyhbac.lo `test -f 'src/python/pyhbac.c' || echo '$(srcdir)/'`src/python/pyhbac.c src/util/pyhbac_la-sss_python.lo: src/util/sss_python.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pyhbac_la_CFLAGS) $(CFLAGS) -MT src/util/pyhbac_la-sss_python.lo -MD -MP -MF src/util/$(DEPDIR)/pyhbac_la-sss_python.Tpo -c -o src/util/pyhbac_la-sss_python.lo `test -f 'src/util/sss_python.c' || echo '$(srcdir)/'`src/util/sss_python.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/pyhbac_la-sss_python.Tpo src/util/$(DEPDIR)/pyhbac_la-sss_python.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_python.c' object='src/util/pyhbac_la-sss_python.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pyhbac_la_CFLAGS) $(CFLAGS) -c -o src/util/pyhbac_la-sss_python.lo `test -f 'src/util/sss_python.c' || echo '$(srcdir)/'`src/util/sss_python.c src/tools/pysss_la-sss_sync_ops.lo: src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_la_CFLAGS) $(CFLAGS) -MT src/tools/pysss_la-sss_sync_ops.lo -MD -MP -MF src/tools/$(DEPDIR)/pysss_la-sss_sync_ops.Tpo -c -o src/tools/pysss_la-sss_sync_ops.lo `test -f 'src/tools/sss_sync_ops.c' || echo '$(srcdir)/'`src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/pysss_la-sss_sync_ops.Tpo src/tools/$(DEPDIR)/pysss_la-sss_sync_ops.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_sync_ops.c' object='src/tools/pysss_la-sss_sync_ops.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_la_CFLAGS) $(CFLAGS) -c -o src/tools/pysss_la-sss_sync_ops.lo `test -f 'src/tools/sss_sync_ops.c' || echo '$(srcdir)/'`src/tools/sss_sync_ops.c src/tools/pysss_la-tools_util.lo: src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_la_CFLAGS) $(CFLAGS) -MT src/tools/pysss_la-tools_util.lo -MD -MP -MF src/tools/$(DEPDIR)/pysss_la-tools_util.Tpo -c -o src/tools/pysss_la-tools_util.lo `test -f 'src/tools/tools_util.c' || echo '$(srcdir)/'`src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/pysss_la-tools_util.Tpo src/tools/$(DEPDIR)/pysss_la-tools_util.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_util.c' object='src/tools/pysss_la-tools_util.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_la_CFLAGS) $(CFLAGS) -c -o src/tools/pysss_la-tools_util.lo `test -f 'src/tools/tools_util.c' || echo '$(srcdir)/'`src/tools/tools_util.c src/tools/pysss_la-files.lo: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_la_CFLAGS) $(CFLAGS) -MT src/tools/pysss_la-files.lo -MD -MP -MF src/tools/$(DEPDIR)/pysss_la-files.Tpo -c -o src/tools/pysss_la-files.lo `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/pysss_la-files.Tpo src/tools/$(DEPDIR)/pysss_la-files.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/pysss_la-files.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_la_CFLAGS) $(CFLAGS) -c -o src/tools/pysss_la-files.lo `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c src/tools/pysss_la-selinux.lo: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_la_CFLAGS) $(CFLAGS) -MT src/tools/pysss_la-selinux.lo -MD -MP -MF src/tools/$(DEPDIR)/pysss_la-selinux.Tpo -c -o src/tools/pysss_la-selinux.lo `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/pysss_la-selinux.Tpo src/tools/$(DEPDIR)/pysss_la-selinux.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/pysss_la-selinux.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_la_CFLAGS) $(CFLAGS) -c -o src/tools/pysss_la-selinux.lo `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c src/util/pysss_la-nscd.lo: src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_la_CFLAGS) $(CFLAGS) -MT src/util/pysss_la-nscd.lo -MD -MP -MF src/util/$(DEPDIR)/pysss_la-nscd.Tpo -c -o src/util/pysss_la-nscd.lo `test -f 'src/util/nscd.c' || echo '$(srcdir)/'`src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/pysss_la-nscd.Tpo src/util/$(DEPDIR)/pysss_la-nscd.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/nscd.c' object='src/util/pysss_la-nscd.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_la_CFLAGS) $(CFLAGS) -c -o src/util/pysss_la-nscd.lo `test -f 'src/util/nscd.c' || echo '$(srcdir)/'`src/util/nscd.c src/python/pysss_la-pysss.lo: src/python/pysss.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_la_CFLAGS) $(CFLAGS) -MT src/python/pysss_la-pysss.lo -MD -MP -MF src/python/$(DEPDIR)/pysss_la-pysss.Tpo -c -o src/python/pysss_la-pysss.lo `test -f 'src/python/pysss.c' || echo '$(srcdir)/'`src/python/pysss.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/python/$(DEPDIR)/pysss_la-pysss.Tpo src/python/$(DEPDIR)/pysss_la-pysss.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/python/pysss.c' object='src/python/pysss_la-pysss.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_la_CFLAGS) $(CFLAGS) -c -o src/python/pysss_la-pysss.lo `test -f 'src/python/pysss.c' || echo '$(srcdir)/'`src/python/pysss.c src/python/pysss_murmur_la-pysss_murmur.lo: src/python/pysss_murmur.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_murmur_la_CFLAGS) $(CFLAGS) -MT src/python/pysss_murmur_la-pysss_murmur.lo -MD -MP -MF src/python/$(DEPDIR)/pysss_murmur_la-pysss_murmur.Tpo -c -o src/python/pysss_murmur_la-pysss_murmur.lo `test -f 'src/python/pysss_murmur.c' || echo '$(srcdir)/'`src/python/pysss_murmur.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/python/$(DEPDIR)/pysss_murmur_la-pysss_murmur.Tpo src/python/$(DEPDIR)/pysss_murmur_la-pysss_murmur.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/python/pysss_murmur.c' object='src/python/pysss_murmur_la-pysss_murmur.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_murmur_la_CFLAGS) $(CFLAGS) -c -o src/python/pysss_murmur_la-pysss_murmur.lo `test -f 'src/python/pysss_murmur.c' || echo '$(srcdir)/'`src/python/pysss_murmur.c src/util/pysss_murmur_la-murmurhash3.lo: src/util/murmurhash3.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_murmur_la_CFLAGS) $(CFLAGS) -MT src/util/pysss_murmur_la-murmurhash3.lo -MD -MP -MF src/util/$(DEPDIR)/pysss_murmur_la-murmurhash3.Tpo -c -o src/util/pysss_murmur_la-murmurhash3.lo `test -f 'src/util/murmurhash3.c' || echo '$(srcdir)/'`src/util/murmurhash3.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/pysss_murmur_la-murmurhash3.Tpo src/util/$(DEPDIR)/pysss_murmur_la-murmurhash3.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/murmurhash3.c' object='src/util/pysss_murmur_la-murmurhash3.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_murmur_la_CFLAGS) $(CFLAGS) -c -o src/util/pysss_murmur_la-murmurhash3.lo `test -f 'src/util/murmurhash3.c' || echo '$(srcdir)/'`src/util/murmurhash3.c src/python/pysss_nss_idmap_la-pysss_nss_idmap.lo: src/python/pysss_nss_idmap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_nss_idmap_la_CFLAGS) $(CFLAGS) -MT src/python/pysss_nss_idmap_la-pysss_nss_idmap.lo -MD -MP -MF src/python/$(DEPDIR)/pysss_nss_idmap_la-pysss_nss_idmap.Tpo -c -o src/python/pysss_nss_idmap_la-pysss_nss_idmap.lo `test -f 'src/python/pysss_nss_idmap.c' || echo '$(srcdir)/'`src/python/pysss_nss_idmap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/python/$(DEPDIR)/pysss_nss_idmap_la-pysss_nss_idmap.Tpo src/python/$(DEPDIR)/pysss_nss_idmap_la-pysss_nss_idmap.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/python/pysss_nss_idmap.c' object='src/python/pysss_nss_idmap_la-pysss_nss_idmap.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pysss_nss_idmap_la_CFLAGS) $(CFLAGS) -c -o src/python/pysss_nss_idmap_la-pysss_nss_idmap.lo `test -f 'src/python/pysss_nss_idmap.c' || echo '$(srcdir)/'`src/python/pysss_nss_idmap.c src/krb5_plugin/sssd_krb5_locator_plugin_la-sssd_krb5_locator_plugin.lo: src/krb5_plugin/sssd_krb5_locator_plugin.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_krb5_locator_plugin_la_CFLAGS) $(CFLAGS) -MT src/krb5_plugin/sssd_krb5_locator_plugin_la-sssd_krb5_locator_plugin.lo -MD -MP -MF src/krb5_plugin/$(DEPDIR)/sssd_krb5_locator_plugin_la-sssd_krb5_locator_plugin.Tpo -c -o src/krb5_plugin/sssd_krb5_locator_plugin_la-sssd_krb5_locator_plugin.lo `test -f 'src/krb5_plugin/sssd_krb5_locator_plugin.c' || echo '$(srcdir)/'`src/krb5_plugin/sssd_krb5_locator_plugin.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/krb5_plugin/$(DEPDIR)/sssd_krb5_locator_plugin_la-sssd_krb5_locator_plugin.Tpo src/krb5_plugin/$(DEPDIR)/sssd_krb5_locator_plugin_la-sssd_krb5_locator_plugin.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/krb5_plugin/sssd_krb5_locator_plugin.c' object='src/krb5_plugin/sssd_krb5_locator_plugin_la-sssd_krb5_locator_plugin.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_krb5_locator_plugin_la_CFLAGS) $(CFLAGS) -c -o src/krb5_plugin/sssd_krb5_locator_plugin_la-sssd_krb5_locator_plugin.lo `test -f 'src/krb5_plugin/sssd_krb5_locator_plugin.c' || echo '$(srcdir)/'`src/krb5_plugin/sssd_krb5_locator_plugin.c src/util/sssd_krb5_locator_plugin_la-atomic_io.lo: src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_krb5_locator_plugin_la_CFLAGS) $(CFLAGS) -MT src/util/sssd_krb5_locator_plugin_la-atomic_io.lo -MD -MP -MF src/util/$(DEPDIR)/sssd_krb5_locator_plugin_la-atomic_io.Tpo -c -o src/util/sssd_krb5_locator_plugin_la-atomic_io.lo `test -f 'src/util/atomic_io.c' || echo '$(srcdir)/'`src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sssd_krb5_locator_plugin_la-atomic_io.Tpo src/util/$(DEPDIR)/sssd_krb5_locator_plugin_la-atomic_io.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/atomic_io.c' object='src/util/sssd_krb5_locator_plugin_la-atomic_io.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_krb5_locator_plugin_la_CFLAGS) $(CFLAGS) -c -o src/util/sssd_krb5_locator_plugin_la-atomic_io.lo `test -f 'src/util/atomic_io.c' || echo '$(srcdir)/'`src/util/atomic_io.c src/sss_client/sssd_pac_plugin_la-sssd_pac.lo: src/sss_client/sssd_pac.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_plugin_la_CFLAGS) $(CFLAGS) -MT src/sss_client/sssd_pac_plugin_la-sssd_pac.lo -MD -MP -MF src/sss_client/$(DEPDIR)/sssd_pac_plugin_la-sssd_pac.Tpo -c -o src/sss_client/sssd_pac_plugin_la-sssd_pac.lo `test -f 'src/sss_client/sssd_pac.c' || echo '$(srcdir)/'`src/sss_client/sssd_pac.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sssd_pac_plugin_la-sssd_pac.Tpo src/sss_client/$(DEPDIR)/sssd_pac_plugin_la-sssd_pac.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/sssd_pac.c' object='src/sss_client/sssd_pac_plugin_la-sssd_pac.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_plugin_la_CFLAGS) $(CFLAGS) -c -o src/sss_client/sssd_pac_plugin_la-sssd_pac.lo `test -f 'src/sss_client/sssd_pac.c' || echo '$(srcdir)/'`src/sss_client/sssd_pac.c src/sss_client/sssd_pac_plugin_la-common.lo: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_plugin_la_CFLAGS) $(CFLAGS) -MT src/sss_client/sssd_pac_plugin_la-common.lo -MD -MP -MF src/sss_client/$(DEPDIR)/sssd_pac_plugin_la-common.Tpo -c -o src/sss_client/sssd_pac_plugin_la-common.lo `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sssd_pac_plugin_la-common.Tpo src/sss_client/$(DEPDIR)/sssd_pac_plugin_la-common.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sssd_pac_plugin_la-common.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_plugin_la_CFLAGS) $(CFLAGS) -c -o src/sss_client/sssd_pac_plugin_la-common.lo `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c src/providers/ad_access_filter_tests-data_provider_be.o: src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-data_provider_be.o -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_be.Tpo -c -o src/providers/ad_access_filter_tests-data_provider_be.o `test -f 'src/providers/data_provider_be.c' || echo '$(srcdir)/'`src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_be.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_be.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_be.c' object='src/providers/ad_access_filter_tests-data_provider_be.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-data_provider_be.o `test -f 'src/providers/data_provider_be.c' || echo '$(srcdir)/'`src/providers/data_provider_be.c src/providers/ad_access_filter_tests-data_provider_be.obj: src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-data_provider_be.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_be.Tpo -c -o src/providers/ad_access_filter_tests-data_provider_be.obj `if test -f 'src/providers/data_provider_be.c'; then $(CYGPATH_W) 'src/providers/data_provider_be.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_be.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_be.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_be.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_be.c' object='src/providers/ad_access_filter_tests-data_provider_be.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-data_provider_be.obj `if test -f 'src/providers/data_provider_be.c'; then $(CYGPATH_W) 'src/providers/data_provider_be.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_be.c'; fi` src/providers/ad_access_filter_tests-data_provider_fo.o: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-data_provider_fo.o -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_fo.Tpo -c -o src/providers/ad_access_filter_tests-data_provider_fo.o `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_fo.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_fo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/ad_access_filter_tests-data_provider_fo.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-data_provider_fo.o `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c src/providers/ad_access_filter_tests-data_provider_fo.obj: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-data_provider_fo.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_fo.Tpo -c -o src/providers/ad_access_filter_tests-data_provider_fo.obj `if test -f 'src/providers/data_provider_fo.c'; then $(CYGPATH_W) 'src/providers/data_provider_fo.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_fo.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_fo.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_fo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/ad_access_filter_tests-data_provider_fo.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-data_provider_fo.obj `if test -f 'src/providers/data_provider_fo.c'; then $(CYGPATH_W) 'src/providers/data_provider_fo.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_fo.c'; fi` src/providers/ad_access_filter_tests-data_provider_opts.o: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-data_provider_opts.o -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_opts.Tpo -c -o src/providers/ad_access_filter_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/ad_access_filter_tests-data_provider_opts.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c src/providers/ad_access_filter_tests-data_provider_opts.obj: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-data_provider_opts.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_opts.Tpo -c -o src/providers/ad_access_filter_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/ad_access_filter_tests-data_provider_opts.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` src/providers/ad_access_filter_tests-data_provider_callbacks.o: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-data_provider_callbacks.o -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_callbacks.Tpo -c -o src/providers/ad_access_filter_tests-data_provider_callbacks.o `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_callbacks.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/ad_access_filter_tests-data_provider_callbacks.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-data_provider_callbacks.o `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c src/providers/ad_access_filter_tests-data_provider_callbacks.obj: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-data_provider_callbacks.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_callbacks.Tpo -c -o src/providers/ad_access_filter_tests-data_provider_callbacks.obj `if test -f 'src/providers/data_provider_callbacks.c'; then $(CYGPATH_W) 'src/providers/data_provider_callbacks.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_callbacks.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-data_provider_callbacks.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/ad_access_filter_tests-data_provider_callbacks.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-data_provider_callbacks.obj `if test -f 'src/providers/data_provider_callbacks.c'; then $(CYGPATH_W) 'src/providers/data_provider_callbacks.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_callbacks.c'; fi` src/providers/ad_access_filter_tests-dp_dyndns.o: src/providers/dp_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-dp_dyndns.o -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-dp_dyndns.Tpo -c -o src/providers/ad_access_filter_tests-dp_dyndns.o `test -f 'src/providers/dp_dyndns.c' || echo '$(srcdir)/'`src/providers/dp_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-dp_dyndns.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-dp_dyndns.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_dyndns.c' object='src/providers/ad_access_filter_tests-dp_dyndns.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-dp_dyndns.o `test -f 'src/providers/dp_dyndns.c' || echo '$(srcdir)/'`src/providers/dp_dyndns.c src/providers/ad_access_filter_tests-dp_dyndns.obj: src/providers/dp_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-dp_dyndns.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-dp_dyndns.Tpo -c -o src/providers/ad_access_filter_tests-dp_dyndns.obj `if test -f 'src/providers/dp_dyndns.c'; then $(CYGPATH_W) 'src/providers/dp_dyndns.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_dyndns.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-dp_dyndns.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-dp_dyndns.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_dyndns.c' object='src/providers/ad_access_filter_tests-dp_dyndns.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-dp_dyndns.obj `if test -f 'src/providers/dp_dyndns.c'; then $(CYGPATH_W) 'src/providers/dp_dyndns.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_dyndns.c'; fi` src/providers/ad_access_filter_tests-dp_ptask.o: src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-dp_ptask.o -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-dp_ptask.Tpo -c -o src/providers/ad_access_filter_tests-dp_ptask.o `test -f 'src/providers/dp_ptask.c' || echo '$(srcdir)/'`src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-dp_ptask.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-dp_ptask.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_ptask.c' object='src/providers/ad_access_filter_tests-dp_ptask.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-dp_ptask.o `test -f 'src/providers/dp_ptask.c' || echo '$(srcdir)/'`src/providers/dp_ptask.c src/providers/ad_access_filter_tests-dp_ptask.obj: src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-dp_ptask.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-dp_ptask.Tpo -c -o src/providers/ad_access_filter_tests-dp_ptask.obj `if test -f 'src/providers/dp_ptask.c'; then $(CYGPATH_W) 'src/providers/dp_ptask.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_ptask.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-dp_ptask.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-dp_ptask.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_ptask.c' object='src/providers/ad_access_filter_tests-dp_ptask.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-dp_ptask.obj `if test -f 'src/providers/dp_ptask.c'; then $(CYGPATH_W) 'src/providers/dp_ptask.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_ptask.c'; fi` src/providers/ad_access_filter_tests-dp_refresh.o: src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-dp_refresh.o -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-dp_refresh.Tpo -c -o src/providers/ad_access_filter_tests-dp_refresh.o `test -f 'src/providers/dp_refresh.c' || echo '$(srcdir)/'`src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-dp_refresh.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-dp_refresh.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_refresh.c' object='src/providers/ad_access_filter_tests-dp_refresh.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-dp_refresh.o `test -f 'src/providers/dp_refresh.c' || echo '$(srcdir)/'`src/providers/dp_refresh.c src/providers/ad_access_filter_tests-dp_refresh.obj: src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-dp_refresh.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-dp_refresh.Tpo -c -o src/providers/ad_access_filter_tests-dp_refresh.obj `if test -f 'src/providers/dp_refresh.c'; then $(CYGPATH_W) 'src/providers/dp_refresh.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_refresh.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-dp_refresh.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-dp_refresh.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_refresh.c' object='src/providers/ad_access_filter_tests-dp_refresh.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-dp_refresh.obj `if test -f 'src/providers/dp_refresh.c'; then $(CYGPATH_W) 'src/providers/dp_refresh.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_refresh.c'; fi` src/providers/ad_access_filter_tests-fail_over.o: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-fail_over.o -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over.Tpo -c -o src/providers/ad_access_filter_tests-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/ad_access_filter_tests-fail_over.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c src/providers/ad_access_filter_tests-fail_over.obj: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-fail_over.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over.Tpo -c -o src/providers/ad_access_filter_tests-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/ad_access_filter_tests-fail_over.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` src/providers/ad_access_filter_tests-fail_over_srv.o: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-fail_over_srv.o -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over_srv.Tpo -c -o src/providers/ad_access_filter_tests-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over_srv.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/ad_access_filter_tests-fail_over_srv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c src/providers/ad_access_filter_tests-fail_over_srv.obj: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_access_filter_tests-fail_over_srv.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over_srv.Tpo -c -o src/providers/ad_access_filter_tests-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over_srv.Tpo src/providers/$(DEPDIR)/ad_access_filter_tests-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/ad_access_filter_tests-fail_over_srv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_access_filter_tests-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` src/resolv/ad_access_filter_tests-async_resolv.o: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ad_access_filter_tests-async_resolv.o -MD -MP -MF src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv.Tpo -c -o src/resolv/ad_access_filter_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/ad_access_filter_tests-async_resolv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ad_access_filter_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c src/resolv/ad_access_filter_tests-async_resolv.obj: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ad_access_filter_tests-async_resolv.obj -MD -MP -MF src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv.Tpo -c -o src/resolv/ad_access_filter_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/ad_access_filter_tests-async_resolv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ad_access_filter_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` src/resolv/ad_access_filter_tests-async_resolv_utils.o: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ad_access_filter_tests-async_resolv_utils.o -MD -MP -MF src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv_utils.Tpo -c -o src/resolv/ad_access_filter_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/ad_access_filter_tests-async_resolv_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ad_access_filter_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c src/resolv/ad_access_filter_tests-async_resolv_utils.obj: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ad_access_filter_tests-async_resolv_utils.obj -MD -MP -MF src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv_utils.Tpo -c -o src/resolv/ad_access_filter_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/ad_access_filter_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/ad_access_filter_tests-async_resolv_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ad_access_filter_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` src/resolv/ares/ad_access_filter_tests-ares_parse_srv_reply.o: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/ad_access_filter_tests-ares_parse_srv_reply.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/ad_access_filter_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/ad_access_filter_tests-ares_parse_srv_reply.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/ad_access_filter_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c src/resolv/ares/ad_access_filter_tests-ares_parse_srv_reply.obj: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/ad_access_filter_tests-ares_parse_srv_reply.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/ad_access_filter_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/ad_access_filter_tests-ares_parse_srv_reply.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/ad_access_filter_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` src/resolv/ares/ad_access_filter_tests-ares_data.o: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/ad_access_filter_tests-ares_data.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_data.Tpo -c -o src/resolv/ares/ad_access_filter_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/ad_access_filter_tests-ares_data.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/ad_access_filter_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c src/resolv/ares/ad_access_filter_tests-ares_data.obj: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/ad_access_filter_tests-ares_data.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_data.Tpo -c -o src/resolv/ares/ad_access_filter_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/ad_access_filter_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/ad_access_filter_tests-ares_data.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/ad_access_filter_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` src/util/ad_access_filter_tests-sss_ldap.o: src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_access_filter_tests-sss_ldap.o -MD -MP -MF src/util/$(DEPDIR)/ad_access_filter_tests-sss_ldap.Tpo -c -o src/util/ad_access_filter_tests-sss_ldap.o `test -f 'src/util/sss_ldap.c' || echo '$(srcdir)/'`src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_access_filter_tests-sss_ldap.Tpo src/util/$(DEPDIR)/ad_access_filter_tests-sss_ldap.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_ldap.c' object='src/util/ad_access_filter_tests-sss_ldap.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_access_filter_tests-sss_ldap.o `test -f 'src/util/sss_ldap.c' || echo '$(srcdir)/'`src/util/sss_ldap.c src/util/ad_access_filter_tests-sss_ldap.obj: src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_access_filter_tests-sss_ldap.obj -MD -MP -MF src/util/$(DEPDIR)/ad_access_filter_tests-sss_ldap.Tpo -c -o src/util/ad_access_filter_tests-sss_ldap.obj `if test -f 'src/util/sss_ldap.c'; then $(CYGPATH_W) 'src/util/sss_ldap.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_ldap.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_access_filter_tests-sss_ldap.Tpo src/util/$(DEPDIR)/ad_access_filter_tests-sss_ldap.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_ldap.c' object='src/util/ad_access_filter_tests-sss_ldap.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_access_filter_tests-sss_ldap.obj `if test -f 'src/util/sss_ldap.c'; then $(CYGPATH_W) 'src/util/sss_ldap.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_ldap.c'; fi` src/util/ad_access_filter_tests-sss_krb5.o: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_access_filter_tests-sss_krb5.o -MD -MP -MF src/util/$(DEPDIR)/ad_access_filter_tests-sss_krb5.Tpo -c -o src/util/ad_access_filter_tests-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_access_filter_tests-sss_krb5.Tpo src/util/$(DEPDIR)/ad_access_filter_tests-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/ad_access_filter_tests-sss_krb5.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_access_filter_tests-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c src/util/ad_access_filter_tests-sss_krb5.obj: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_access_filter_tests-sss_krb5.obj -MD -MP -MF src/util/$(DEPDIR)/ad_access_filter_tests-sss_krb5.Tpo -c -o src/util/ad_access_filter_tests-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_access_filter_tests-sss_krb5.Tpo src/util/$(DEPDIR)/ad_access_filter_tests-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/ad_access_filter_tests-sss_krb5.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_access_filter_tests-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` src/util/ad_access_filter_tests-find_uid.o: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_access_filter_tests-find_uid.o -MD -MP -MF src/util/$(DEPDIR)/ad_access_filter_tests-find_uid.Tpo -c -o src/util/ad_access_filter_tests-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_access_filter_tests-find_uid.Tpo src/util/$(DEPDIR)/ad_access_filter_tests-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/ad_access_filter_tests-find_uid.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_access_filter_tests-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c src/util/ad_access_filter_tests-find_uid.obj: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_access_filter_tests-find_uid.obj -MD -MP -MF src/util/$(DEPDIR)/ad_access_filter_tests-find_uid.Tpo -c -o src/util/ad_access_filter_tests-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_access_filter_tests-find_uid.Tpo src/util/$(DEPDIR)/ad_access_filter_tests-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/ad_access_filter_tests-find_uid.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_access_filter_tests-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` src/util/ad_access_filter_tests-user_info_msg.o: src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_access_filter_tests-user_info_msg.o -MD -MP -MF src/util/$(DEPDIR)/ad_access_filter_tests-user_info_msg.Tpo -c -o src/util/ad_access_filter_tests-user_info_msg.o `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_access_filter_tests-user_info_msg.Tpo src/util/$(DEPDIR)/ad_access_filter_tests-user_info_msg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/user_info_msg.c' object='src/util/ad_access_filter_tests-user_info_msg.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_access_filter_tests-user_info_msg.o `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c src/util/ad_access_filter_tests-user_info_msg.obj: src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_access_filter_tests-user_info_msg.obj -MD -MP -MF src/util/$(DEPDIR)/ad_access_filter_tests-user_info_msg.Tpo -c -o src/util/ad_access_filter_tests-user_info_msg.obj `if test -f 'src/util/user_info_msg.c'; then $(CYGPATH_W) 'src/util/user_info_msg.c'; else $(CYGPATH_W) '$(srcdir)/src/util/user_info_msg.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_access_filter_tests-user_info_msg.Tpo src/util/$(DEPDIR)/ad_access_filter_tests-user_info_msg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/user_info_msg.c' object='src/util/ad_access_filter_tests-user_info_msg.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_access_filter_tests-user_info_msg.obj `if test -f 'src/util/user_info_msg.c'; then $(CYGPATH_W) 'src/util/user_info_msg.c'; else $(CYGPATH_W) '$(srcdir)/src/util/user_info_msg.c'; fi` src/providers/ad/ad_access_filter_tests-ad_common.o: src/providers/ad/ad_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad/ad_access_filter_tests-ad_common.o -MD -MP -MF src/providers/ad/$(DEPDIR)/ad_access_filter_tests-ad_common.Tpo -c -o src/providers/ad/ad_access_filter_tests-ad_common.o `test -f 'src/providers/ad/ad_common.c' || echo '$(srcdir)/'`src/providers/ad/ad_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/ad_access_filter_tests-ad_common.Tpo src/providers/ad/$(DEPDIR)/ad_access_filter_tests-ad_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_common.c' object='src/providers/ad/ad_access_filter_tests-ad_common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad/ad_access_filter_tests-ad_common.o `test -f 'src/providers/ad/ad_common.c' || echo '$(srcdir)/'`src/providers/ad/ad_common.c src/providers/ad/ad_access_filter_tests-ad_common.obj: src/providers/ad/ad_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad/ad_access_filter_tests-ad_common.obj -MD -MP -MF src/providers/ad/$(DEPDIR)/ad_access_filter_tests-ad_common.Tpo -c -o src/providers/ad/ad_access_filter_tests-ad_common.obj `if test -f 'src/providers/ad/ad_common.c'; then $(CYGPATH_W) 'src/providers/ad/ad_common.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/ad/ad_common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ad/$(DEPDIR)/ad_access_filter_tests-ad_common.Tpo src/providers/ad/$(DEPDIR)/ad_access_filter_tests-ad_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ad/ad_common.c' object='src/providers/ad/ad_access_filter_tests-ad_common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad/ad_access_filter_tests-ad_common.obj `if test -f 'src/providers/ad/ad_common.c'; then $(CYGPATH_W) 'src/providers/ad/ad_common.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/ad/ad_common.c'; fi` src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.o: src/tests/cmocka/test_ad_access_filter.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/ad_access_filter_tests-test_ad_access_filter.Tpo -c -o src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.o `test -f 'src/tests/cmocka/test_ad_access_filter.c' || echo '$(srcdir)/'`src/tests/cmocka/test_ad_access_filter.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/ad_access_filter_tests-test_ad_access_filter.Tpo src/tests/cmocka/$(DEPDIR)/ad_access_filter_tests-test_ad_access_filter.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_ad_access_filter.c' object='src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.o `test -f 'src/tests/cmocka/test_ad_access_filter.c' || echo '$(srcdir)/'`src/tests/cmocka/test_ad_access_filter.c src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.obj: src/tests/cmocka/test_ad_access_filter.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/ad_access_filter_tests-test_ad_access_filter.Tpo -c -o src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.obj `if test -f 'src/tests/cmocka/test_ad_access_filter.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_ad_access_filter.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_ad_access_filter.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/ad_access_filter_tests-test_ad_access_filter.Tpo src/tests/cmocka/$(DEPDIR)/ad_access_filter_tests-test_ad_access_filter.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_ad_access_filter.c' object='src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_access_filter_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/ad_access_filter_tests-test_ad_access_filter.obj `if test -f 'src/tests/cmocka/test_ad_access_filter.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_ad_access_filter.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_ad_access_filter.c'; fi` src/providers/ad_common_tests-data_provider_be.o: src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-data_provider_be.o -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-data_provider_be.Tpo -c -o src/providers/ad_common_tests-data_provider_be.o `test -f 'src/providers/data_provider_be.c' || echo '$(srcdir)/'`src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-data_provider_be.Tpo src/providers/$(DEPDIR)/ad_common_tests-data_provider_be.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_be.c' object='src/providers/ad_common_tests-data_provider_be.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-data_provider_be.o `test -f 'src/providers/data_provider_be.c' || echo '$(srcdir)/'`src/providers/data_provider_be.c src/providers/ad_common_tests-data_provider_be.obj: src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-data_provider_be.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-data_provider_be.Tpo -c -o src/providers/ad_common_tests-data_provider_be.obj `if test -f 'src/providers/data_provider_be.c'; then $(CYGPATH_W) 'src/providers/data_provider_be.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_be.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-data_provider_be.Tpo src/providers/$(DEPDIR)/ad_common_tests-data_provider_be.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_be.c' object='src/providers/ad_common_tests-data_provider_be.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-data_provider_be.obj `if test -f 'src/providers/data_provider_be.c'; then $(CYGPATH_W) 'src/providers/data_provider_be.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_be.c'; fi` src/providers/ad_common_tests-data_provider_fo.o: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-data_provider_fo.o -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-data_provider_fo.Tpo -c -o src/providers/ad_common_tests-data_provider_fo.o `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-data_provider_fo.Tpo src/providers/$(DEPDIR)/ad_common_tests-data_provider_fo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/ad_common_tests-data_provider_fo.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-data_provider_fo.o `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c src/providers/ad_common_tests-data_provider_fo.obj: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-data_provider_fo.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-data_provider_fo.Tpo -c -o src/providers/ad_common_tests-data_provider_fo.obj `if test -f 'src/providers/data_provider_fo.c'; then $(CYGPATH_W) 'src/providers/data_provider_fo.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_fo.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-data_provider_fo.Tpo src/providers/$(DEPDIR)/ad_common_tests-data_provider_fo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/ad_common_tests-data_provider_fo.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-data_provider_fo.obj `if test -f 'src/providers/data_provider_fo.c'; then $(CYGPATH_W) 'src/providers/data_provider_fo.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_fo.c'; fi` src/providers/ad_common_tests-data_provider_opts.o: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-data_provider_opts.o -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-data_provider_opts.Tpo -c -o src/providers/ad_common_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/ad_common_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/ad_common_tests-data_provider_opts.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c src/providers/ad_common_tests-data_provider_opts.obj: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-data_provider_opts.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-data_provider_opts.Tpo -c -o src/providers/ad_common_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/ad_common_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/ad_common_tests-data_provider_opts.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` src/providers/ad_common_tests-data_provider_callbacks.o: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-data_provider_callbacks.o -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-data_provider_callbacks.Tpo -c -o src/providers/ad_common_tests-data_provider_callbacks.o `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/ad_common_tests-data_provider_callbacks.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/ad_common_tests-data_provider_callbacks.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-data_provider_callbacks.o `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c src/providers/ad_common_tests-data_provider_callbacks.obj: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-data_provider_callbacks.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-data_provider_callbacks.Tpo -c -o src/providers/ad_common_tests-data_provider_callbacks.obj `if test -f 'src/providers/data_provider_callbacks.c'; then $(CYGPATH_W) 'src/providers/data_provider_callbacks.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_callbacks.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/ad_common_tests-data_provider_callbacks.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/ad_common_tests-data_provider_callbacks.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-data_provider_callbacks.obj `if test -f 'src/providers/data_provider_callbacks.c'; then $(CYGPATH_W) 'src/providers/data_provider_callbacks.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_callbacks.c'; fi` src/providers/ad_common_tests-dp_dyndns.o: src/providers/dp_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-dp_dyndns.o -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-dp_dyndns.Tpo -c -o src/providers/ad_common_tests-dp_dyndns.o `test -f 'src/providers/dp_dyndns.c' || echo '$(srcdir)/'`src/providers/dp_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-dp_dyndns.Tpo src/providers/$(DEPDIR)/ad_common_tests-dp_dyndns.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_dyndns.c' object='src/providers/ad_common_tests-dp_dyndns.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-dp_dyndns.o `test -f 'src/providers/dp_dyndns.c' || echo '$(srcdir)/'`src/providers/dp_dyndns.c src/providers/ad_common_tests-dp_dyndns.obj: src/providers/dp_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-dp_dyndns.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-dp_dyndns.Tpo -c -o src/providers/ad_common_tests-dp_dyndns.obj `if test -f 'src/providers/dp_dyndns.c'; then $(CYGPATH_W) 'src/providers/dp_dyndns.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_dyndns.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-dp_dyndns.Tpo src/providers/$(DEPDIR)/ad_common_tests-dp_dyndns.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_dyndns.c' object='src/providers/ad_common_tests-dp_dyndns.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-dp_dyndns.obj `if test -f 'src/providers/dp_dyndns.c'; then $(CYGPATH_W) 'src/providers/dp_dyndns.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_dyndns.c'; fi` src/providers/ad_common_tests-dp_ptask.o: src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-dp_ptask.o -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-dp_ptask.Tpo -c -o src/providers/ad_common_tests-dp_ptask.o `test -f 'src/providers/dp_ptask.c' || echo '$(srcdir)/'`src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-dp_ptask.Tpo src/providers/$(DEPDIR)/ad_common_tests-dp_ptask.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_ptask.c' object='src/providers/ad_common_tests-dp_ptask.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-dp_ptask.o `test -f 'src/providers/dp_ptask.c' || echo '$(srcdir)/'`src/providers/dp_ptask.c src/providers/ad_common_tests-dp_ptask.obj: src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-dp_ptask.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-dp_ptask.Tpo -c -o src/providers/ad_common_tests-dp_ptask.obj `if test -f 'src/providers/dp_ptask.c'; then $(CYGPATH_W) 'src/providers/dp_ptask.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_ptask.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-dp_ptask.Tpo src/providers/$(DEPDIR)/ad_common_tests-dp_ptask.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_ptask.c' object='src/providers/ad_common_tests-dp_ptask.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-dp_ptask.obj `if test -f 'src/providers/dp_ptask.c'; then $(CYGPATH_W) 'src/providers/dp_ptask.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_ptask.c'; fi` src/providers/ad_common_tests-dp_refresh.o: src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-dp_refresh.o -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-dp_refresh.Tpo -c -o src/providers/ad_common_tests-dp_refresh.o `test -f 'src/providers/dp_refresh.c' || echo '$(srcdir)/'`src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-dp_refresh.Tpo src/providers/$(DEPDIR)/ad_common_tests-dp_refresh.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_refresh.c' object='src/providers/ad_common_tests-dp_refresh.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-dp_refresh.o `test -f 'src/providers/dp_refresh.c' || echo '$(srcdir)/'`src/providers/dp_refresh.c src/providers/ad_common_tests-dp_refresh.obj: src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-dp_refresh.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-dp_refresh.Tpo -c -o src/providers/ad_common_tests-dp_refresh.obj `if test -f 'src/providers/dp_refresh.c'; then $(CYGPATH_W) 'src/providers/dp_refresh.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_refresh.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-dp_refresh.Tpo src/providers/$(DEPDIR)/ad_common_tests-dp_refresh.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_refresh.c' object='src/providers/ad_common_tests-dp_refresh.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-dp_refresh.obj `if test -f 'src/providers/dp_refresh.c'; then $(CYGPATH_W) 'src/providers/dp_refresh.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_refresh.c'; fi` src/providers/ad_common_tests-fail_over.o: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-fail_over.o -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-fail_over.Tpo -c -o src/providers/ad_common_tests-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-fail_over.Tpo src/providers/$(DEPDIR)/ad_common_tests-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/ad_common_tests-fail_over.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c src/providers/ad_common_tests-fail_over.obj: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-fail_over.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-fail_over.Tpo -c -o src/providers/ad_common_tests-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-fail_over.Tpo src/providers/$(DEPDIR)/ad_common_tests-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/ad_common_tests-fail_over.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` src/providers/ad_common_tests-fail_over_srv.o: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-fail_over_srv.o -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-fail_over_srv.Tpo -c -o src/providers/ad_common_tests-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-fail_over_srv.Tpo src/providers/$(DEPDIR)/ad_common_tests-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/ad_common_tests-fail_over_srv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c src/providers/ad_common_tests-fail_over_srv.obj: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/providers/ad_common_tests-fail_over_srv.obj -MD -MP -MF src/providers/$(DEPDIR)/ad_common_tests-fail_over_srv.Tpo -c -o src/providers/ad_common_tests-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ad_common_tests-fail_over_srv.Tpo src/providers/$(DEPDIR)/ad_common_tests-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/ad_common_tests-fail_over_srv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ad_common_tests-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` src/resolv/ad_common_tests-async_resolv.o: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ad_common_tests-async_resolv.o -MD -MP -MF src/resolv/$(DEPDIR)/ad_common_tests-async_resolv.Tpo -c -o src/resolv/ad_common_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/ad_common_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/ad_common_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/ad_common_tests-async_resolv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ad_common_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c src/resolv/ad_common_tests-async_resolv.obj: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ad_common_tests-async_resolv.obj -MD -MP -MF src/resolv/$(DEPDIR)/ad_common_tests-async_resolv.Tpo -c -o src/resolv/ad_common_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/ad_common_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/ad_common_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/ad_common_tests-async_resolv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ad_common_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` src/resolv/ad_common_tests-async_resolv_utils.o: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ad_common_tests-async_resolv_utils.o -MD -MP -MF src/resolv/$(DEPDIR)/ad_common_tests-async_resolv_utils.Tpo -c -o src/resolv/ad_common_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/ad_common_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/ad_common_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/ad_common_tests-async_resolv_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ad_common_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c src/resolv/ad_common_tests-async_resolv_utils.obj: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ad_common_tests-async_resolv_utils.obj -MD -MP -MF src/resolv/$(DEPDIR)/ad_common_tests-async_resolv_utils.Tpo -c -o src/resolv/ad_common_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/ad_common_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/ad_common_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/ad_common_tests-async_resolv_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ad_common_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` src/resolv/ares/ad_common_tests-ares_parse_srv_reply.o: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/ad_common_tests-ares_parse_srv_reply.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/ad_common_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/ad_common_tests-ares_parse_srv_reply.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/ad_common_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c src/resolv/ares/ad_common_tests-ares_parse_srv_reply.obj: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/ad_common_tests-ares_parse_srv_reply.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/ad_common_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/ad_common_tests-ares_parse_srv_reply.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/ad_common_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` src/resolv/ares/ad_common_tests-ares_data.o: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/ad_common_tests-ares_data.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_data.Tpo -c -o src/resolv/ares/ad_common_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/ad_common_tests-ares_data.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/ad_common_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c src/resolv/ares/ad_common_tests-ares_data.obj: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/ad_common_tests-ares_data.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_data.Tpo -c -o src/resolv/ares/ad_common_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/ad_common_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/ad_common_tests-ares_data.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/ad_common_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` src/util/ad_common_tests-sss_ldap.o: src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_common_tests-sss_ldap.o -MD -MP -MF src/util/$(DEPDIR)/ad_common_tests-sss_ldap.Tpo -c -o src/util/ad_common_tests-sss_ldap.o `test -f 'src/util/sss_ldap.c' || echo '$(srcdir)/'`src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_common_tests-sss_ldap.Tpo src/util/$(DEPDIR)/ad_common_tests-sss_ldap.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_ldap.c' object='src/util/ad_common_tests-sss_ldap.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_common_tests-sss_ldap.o `test -f 'src/util/sss_ldap.c' || echo '$(srcdir)/'`src/util/sss_ldap.c src/util/ad_common_tests-sss_ldap.obj: src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_common_tests-sss_ldap.obj -MD -MP -MF src/util/$(DEPDIR)/ad_common_tests-sss_ldap.Tpo -c -o src/util/ad_common_tests-sss_ldap.obj `if test -f 'src/util/sss_ldap.c'; then $(CYGPATH_W) 'src/util/sss_ldap.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_ldap.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_common_tests-sss_ldap.Tpo src/util/$(DEPDIR)/ad_common_tests-sss_ldap.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_ldap.c' object='src/util/ad_common_tests-sss_ldap.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_common_tests-sss_ldap.obj `if test -f 'src/util/sss_ldap.c'; then $(CYGPATH_W) 'src/util/sss_ldap.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_ldap.c'; fi` src/util/ad_common_tests-sss_krb5.o: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_common_tests-sss_krb5.o -MD -MP -MF src/util/$(DEPDIR)/ad_common_tests-sss_krb5.Tpo -c -o src/util/ad_common_tests-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_common_tests-sss_krb5.Tpo src/util/$(DEPDIR)/ad_common_tests-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/ad_common_tests-sss_krb5.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_common_tests-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c src/util/ad_common_tests-sss_krb5.obj: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_common_tests-sss_krb5.obj -MD -MP -MF src/util/$(DEPDIR)/ad_common_tests-sss_krb5.Tpo -c -o src/util/ad_common_tests-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_common_tests-sss_krb5.Tpo src/util/$(DEPDIR)/ad_common_tests-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/ad_common_tests-sss_krb5.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_common_tests-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` src/util/ad_common_tests-find_uid.o: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_common_tests-find_uid.o -MD -MP -MF src/util/$(DEPDIR)/ad_common_tests-find_uid.Tpo -c -o src/util/ad_common_tests-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_common_tests-find_uid.Tpo src/util/$(DEPDIR)/ad_common_tests-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/ad_common_tests-find_uid.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_common_tests-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c src/util/ad_common_tests-find_uid.obj: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_common_tests-find_uid.obj -MD -MP -MF src/util/$(DEPDIR)/ad_common_tests-find_uid.Tpo -c -o src/util/ad_common_tests-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_common_tests-find_uid.Tpo src/util/$(DEPDIR)/ad_common_tests-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/ad_common_tests-find_uid.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_common_tests-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` src/util/ad_common_tests-user_info_msg.o: src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_common_tests-user_info_msg.o -MD -MP -MF src/util/$(DEPDIR)/ad_common_tests-user_info_msg.Tpo -c -o src/util/ad_common_tests-user_info_msg.o `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_common_tests-user_info_msg.Tpo src/util/$(DEPDIR)/ad_common_tests-user_info_msg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/user_info_msg.c' object='src/util/ad_common_tests-user_info_msg.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_common_tests-user_info_msg.o `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c src/util/ad_common_tests-user_info_msg.obj: src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/util/ad_common_tests-user_info_msg.obj -MD -MP -MF src/util/$(DEPDIR)/ad_common_tests-user_info_msg.Tpo -c -o src/util/ad_common_tests-user_info_msg.obj `if test -f 'src/util/user_info_msg.c'; then $(CYGPATH_W) 'src/util/user_info_msg.c'; else $(CYGPATH_W) '$(srcdir)/src/util/user_info_msg.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ad_common_tests-user_info_msg.Tpo src/util/$(DEPDIR)/ad_common_tests-user_info_msg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/user_info_msg.c' object='src/util/ad_common_tests-user_info_msg.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/util/ad_common_tests-user_info_msg.obj `if test -f 'src/util/user_info_msg.c'; then $(CYGPATH_W) 'src/util/user_info_msg.c'; else $(CYGPATH_W) '$(srcdir)/src/util/user_info_msg.c'; fi` src/tests/cmocka/ad_common_tests-test_ad_common.o: src/tests/cmocka/test_ad_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/ad_common_tests-test_ad_common.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/ad_common_tests-test_ad_common.Tpo -c -o src/tests/cmocka/ad_common_tests-test_ad_common.o `test -f 'src/tests/cmocka/test_ad_common.c' || echo '$(srcdir)/'`src/tests/cmocka/test_ad_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/ad_common_tests-test_ad_common.Tpo src/tests/cmocka/$(DEPDIR)/ad_common_tests-test_ad_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_ad_common.c' object='src/tests/cmocka/ad_common_tests-test_ad_common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/ad_common_tests-test_ad_common.o `test -f 'src/tests/cmocka/test_ad_common.c' || echo '$(srcdir)/'`src/tests/cmocka/test_ad_common.c src/tests/cmocka/ad_common_tests-test_ad_common.obj: src/tests/cmocka/test_ad_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/ad_common_tests-test_ad_common.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/ad_common_tests-test_ad_common.Tpo -c -o src/tests/cmocka/ad_common_tests-test_ad_common.obj `if test -f 'src/tests/cmocka/test_ad_common.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_ad_common.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_ad_common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/ad_common_tests-test_ad_common.Tpo src/tests/cmocka/$(DEPDIR)/ad_common_tests-test_ad_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_ad_common.c' object='src/tests/cmocka/ad_common_tests-test_ad_common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_common_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/ad_common_tests-test_ad_common.obj `if test -f 'src/tests/cmocka/test_ad_common.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_ad_common.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_ad_common.c'; fi` src/tests/ad_ldap_opt_tests-ad_ldap_opt-tests.o: src/tests/ad_ldap_opt-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_ldap_opt_tests_CFLAGS) $(CFLAGS) -MT src/tests/ad_ldap_opt_tests-ad_ldap_opt-tests.o -MD -MP -MF src/tests/$(DEPDIR)/ad_ldap_opt_tests-ad_ldap_opt-tests.Tpo -c -o src/tests/ad_ldap_opt_tests-ad_ldap_opt-tests.o `test -f 'src/tests/ad_ldap_opt-tests.c' || echo '$(srcdir)/'`src/tests/ad_ldap_opt-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/ad_ldap_opt_tests-ad_ldap_opt-tests.Tpo src/tests/$(DEPDIR)/ad_ldap_opt_tests-ad_ldap_opt-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/ad_ldap_opt-tests.c' object='src/tests/ad_ldap_opt_tests-ad_ldap_opt-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_ldap_opt_tests_CFLAGS) $(CFLAGS) -c -o src/tests/ad_ldap_opt_tests-ad_ldap_opt-tests.o `test -f 'src/tests/ad_ldap_opt-tests.c' || echo '$(srcdir)/'`src/tests/ad_ldap_opt-tests.c src/tests/ad_ldap_opt_tests-ad_ldap_opt-tests.obj: src/tests/ad_ldap_opt-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_ldap_opt_tests_CFLAGS) $(CFLAGS) -MT src/tests/ad_ldap_opt_tests-ad_ldap_opt-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/ad_ldap_opt_tests-ad_ldap_opt-tests.Tpo -c -o src/tests/ad_ldap_opt_tests-ad_ldap_opt-tests.obj `if test -f 'src/tests/ad_ldap_opt-tests.c'; then $(CYGPATH_W) 'src/tests/ad_ldap_opt-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/ad_ldap_opt-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/ad_ldap_opt_tests-ad_ldap_opt-tests.Tpo src/tests/$(DEPDIR)/ad_ldap_opt_tests-ad_ldap_opt-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/ad_ldap_opt-tests.c' object='src/tests/ad_ldap_opt_tests-ad_ldap_opt-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ad_ldap_opt_tests_CFLAGS) $(CFLAGS) -c -o src/tests/ad_ldap_opt_tests-ad_ldap_opt-tests.obj `if test -f 'src/tests/ad_ldap_opt-tests.c'; then $(CYGPATH_W) 'src/tests/ad_ldap_opt-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/ad_ldap_opt-tests.c'; fi` src/tests/auth_tests-auth-tests.o: src/tests/auth-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(auth_tests_CFLAGS) $(CFLAGS) -MT src/tests/auth_tests-auth-tests.o -MD -MP -MF src/tests/$(DEPDIR)/auth_tests-auth-tests.Tpo -c -o src/tests/auth_tests-auth-tests.o `test -f 'src/tests/auth-tests.c' || echo '$(srcdir)/'`src/tests/auth-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/auth_tests-auth-tests.Tpo src/tests/$(DEPDIR)/auth_tests-auth-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/auth-tests.c' object='src/tests/auth_tests-auth-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(auth_tests_CFLAGS) $(CFLAGS) -c -o src/tests/auth_tests-auth-tests.o `test -f 'src/tests/auth-tests.c' || echo '$(srcdir)/'`src/tests/auth-tests.c src/tests/auth_tests-auth-tests.obj: src/tests/auth-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(auth_tests_CFLAGS) $(CFLAGS) -MT src/tests/auth_tests-auth-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/auth_tests-auth-tests.Tpo -c -o src/tests/auth_tests-auth-tests.obj `if test -f 'src/tests/auth-tests.c'; then $(CYGPATH_W) 'src/tests/auth-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/auth-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/auth_tests-auth-tests.Tpo src/tests/$(DEPDIR)/auth_tests-auth-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/auth-tests.c' object='src/tests/auth_tests-auth-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(auth_tests_CFLAGS) $(CFLAGS) -c -o src/tests/auth_tests-auth-tests.obj `if test -f 'src/tests/auth-tests.c'; then $(CYGPATH_W) 'src/tests/auth-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/auth-tests.c'; fi` src/sss_client/autofs/autofs_test_client-autofs_test_client.o: src/sss_client/autofs/autofs_test_client.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(autofs_test_client_CFLAGS) $(CFLAGS) -MT src/sss_client/autofs/autofs_test_client-autofs_test_client.o -MD -MP -MF src/sss_client/autofs/$(DEPDIR)/autofs_test_client-autofs_test_client.Tpo -c -o src/sss_client/autofs/autofs_test_client-autofs_test_client.o `test -f 'src/sss_client/autofs/autofs_test_client.c' || echo '$(srcdir)/'`src/sss_client/autofs/autofs_test_client.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/autofs/$(DEPDIR)/autofs_test_client-autofs_test_client.Tpo src/sss_client/autofs/$(DEPDIR)/autofs_test_client-autofs_test_client.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/autofs/autofs_test_client.c' object='src/sss_client/autofs/autofs_test_client-autofs_test_client.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(autofs_test_client_CFLAGS) $(CFLAGS) -c -o src/sss_client/autofs/autofs_test_client-autofs_test_client.o `test -f 'src/sss_client/autofs/autofs_test_client.c' || echo '$(srcdir)/'`src/sss_client/autofs/autofs_test_client.c src/sss_client/autofs/autofs_test_client-autofs_test_client.obj: src/sss_client/autofs/autofs_test_client.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(autofs_test_client_CFLAGS) $(CFLAGS) -MT src/sss_client/autofs/autofs_test_client-autofs_test_client.obj -MD -MP -MF src/sss_client/autofs/$(DEPDIR)/autofs_test_client-autofs_test_client.Tpo -c -o src/sss_client/autofs/autofs_test_client-autofs_test_client.obj `if test -f 'src/sss_client/autofs/autofs_test_client.c'; then $(CYGPATH_W) 'src/sss_client/autofs/autofs_test_client.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/autofs/autofs_test_client.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/autofs/$(DEPDIR)/autofs_test_client-autofs_test_client.Tpo src/sss_client/autofs/$(DEPDIR)/autofs_test_client-autofs_test_client.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/autofs/autofs_test_client.c' object='src/sss_client/autofs/autofs_test_client-autofs_test_client.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(autofs_test_client_CFLAGS) $(CFLAGS) -c -o src/sss_client/autofs/autofs_test_client-autofs_test_client.obj `if test -f 'src/sss_client/autofs/autofs_test_client.c'; then $(CYGPATH_W) 'src/sss_client/autofs/autofs_test_client.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/autofs/autofs_test_client.c'; fi` src/sss_client/autofs/autofs_test_client-sss_autofs.o: src/sss_client/autofs/sss_autofs.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(autofs_test_client_CFLAGS) $(CFLAGS) -MT src/sss_client/autofs/autofs_test_client-sss_autofs.o -MD -MP -MF src/sss_client/autofs/$(DEPDIR)/autofs_test_client-sss_autofs.Tpo -c -o src/sss_client/autofs/autofs_test_client-sss_autofs.o `test -f 'src/sss_client/autofs/sss_autofs.c' || echo '$(srcdir)/'`src/sss_client/autofs/sss_autofs.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/autofs/$(DEPDIR)/autofs_test_client-sss_autofs.Tpo src/sss_client/autofs/$(DEPDIR)/autofs_test_client-sss_autofs.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/autofs/sss_autofs.c' object='src/sss_client/autofs/autofs_test_client-sss_autofs.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(autofs_test_client_CFLAGS) $(CFLAGS) -c -o src/sss_client/autofs/autofs_test_client-sss_autofs.o `test -f 'src/sss_client/autofs/sss_autofs.c' || echo '$(srcdir)/'`src/sss_client/autofs/sss_autofs.c src/sss_client/autofs/autofs_test_client-sss_autofs.obj: src/sss_client/autofs/sss_autofs.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(autofs_test_client_CFLAGS) $(CFLAGS) -MT src/sss_client/autofs/autofs_test_client-sss_autofs.obj -MD -MP -MF src/sss_client/autofs/$(DEPDIR)/autofs_test_client-sss_autofs.Tpo -c -o src/sss_client/autofs/autofs_test_client-sss_autofs.obj `if test -f 'src/sss_client/autofs/sss_autofs.c'; then $(CYGPATH_W) 'src/sss_client/autofs/sss_autofs.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/autofs/sss_autofs.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/autofs/$(DEPDIR)/autofs_test_client-sss_autofs.Tpo src/sss_client/autofs/$(DEPDIR)/autofs_test_client-sss_autofs.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/autofs/sss_autofs.c' object='src/sss_client/autofs/autofs_test_client-sss_autofs.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(autofs_test_client_CFLAGS) $(CFLAGS) -c -o src/sss_client/autofs/autofs_test_client-sss_autofs.obj `if test -f 'src/sss_client/autofs/sss_autofs.c'; then $(CYGPATH_W) 'src/sss_client/autofs/sss_autofs.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/autofs/sss_autofs.c'; fi` src/sss_client/autofs_test_client-common.o: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(autofs_test_client_CFLAGS) $(CFLAGS) -MT src/sss_client/autofs_test_client-common.o -MD -MP -MF src/sss_client/$(DEPDIR)/autofs_test_client-common.Tpo -c -o src/sss_client/autofs_test_client-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/autofs_test_client-common.Tpo src/sss_client/$(DEPDIR)/autofs_test_client-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/autofs_test_client-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(autofs_test_client_CFLAGS) $(CFLAGS) -c -o src/sss_client/autofs_test_client-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c src/sss_client/autofs_test_client-common.obj: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(autofs_test_client_CFLAGS) $(CFLAGS) -MT src/sss_client/autofs_test_client-common.obj -MD -MP -MF src/sss_client/$(DEPDIR)/autofs_test_client-common.Tpo -c -o src/sss_client/autofs_test_client-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/autofs_test_client-common.Tpo src/sss_client/$(DEPDIR)/autofs_test_client-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/autofs_test_client-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(autofs_test_client_CFLAGS) $(CFLAGS) -c -o src/sss_client/autofs_test_client-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` src/tests/check_and_open_tests-check_and_open-tests.o: src/tests/check_and_open-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(check_and_open_tests_CFLAGS) $(CFLAGS) -MT src/tests/check_and_open_tests-check_and_open-tests.o -MD -MP -MF src/tests/$(DEPDIR)/check_and_open_tests-check_and_open-tests.Tpo -c -o src/tests/check_and_open_tests-check_and_open-tests.o `test -f 'src/tests/check_and_open-tests.c' || echo '$(srcdir)/'`src/tests/check_and_open-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/check_and_open_tests-check_and_open-tests.Tpo src/tests/$(DEPDIR)/check_and_open_tests-check_and_open-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/check_and_open-tests.c' object='src/tests/check_and_open_tests-check_and_open-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(check_and_open_tests_CFLAGS) $(CFLAGS) -c -o src/tests/check_and_open_tests-check_and_open-tests.o `test -f 'src/tests/check_and_open-tests.c' || echo '$(srcdir)/'`src/tests/check_and_open-tests.c src/tests/check_and_open_tests-check_and_open-tests.obj: src/tests/check_and_open-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(check_and_open_tests_CFLAGS) $(CFLAGS) -MT src/tests/check_and_open_tests-check_and_open-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/check_and_open_tests-check_and_open-tests.Tpo -c -o src/tests/check_and_open_tests-check_and_open-tests.obj `if test -f 'src/tests/check_and_open-tests.c'; then $(CYGPATH_W) 'src/tests/check_and_open-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/check_and_open-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/check_and_open_tests-check_and_open-tests.Tpo src/tests/$(DEPDIR)/check_and_open_tests-check_and_open-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/check_and_open-tests.c' object='src/tests/check_and_open_tests-check_and_open-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(check_and_open_tests_CFLAGS) $(CFLAGS) -c -o src/tests/check_and_open_tests-check_and_open-tests.obj `if test -f 'src/tests/check_and_open-tests.c'; then $(CYGPATH_W) 'src/tests/check_and_open-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/check_and_open-tests.c'; fi` src/util/check_and_open_tests-check_and_open.o: src/util/check_and_open.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(check_and_open_tests_CFLAGS) $(CFLAGS) -MT src/util/check_and_open_tests-check_and_open.o -MD -MP -MF src/util/$(DEPDIR)/check_and_open_tests-check_and_open.Tpo -c -o src/util/check_and_open_tests-check_and_open.o `test -f 'src/util/check_and_open.c' || echo '$(srcdir)/'`src/util/check_and_open.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/check_and_open_tests-check_and_open.Tpo src/util/$(DEPDIR)/check_and_open_tests-check_and_open.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/check_and_open.c' object='src/util/check_and_open_tests-check_and_open.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(check_and_open_tests_CFLAGS) $(CFLAGS) -c -o src/util/check_and_open_tests-check_and_open.o `test -f 'src/util/check_and_open.c' || echo '$(srcdir)/'`src/util/check_and_open.c src/util/check_and_open_tests-check_and_open.obj: src/util/check_and_open.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(check_and_open_tests_CFLAGS) $(CFLAGS) -MT src/util/check_and_open_tests-check_and_open.obj -MD -MP -MF src/util/$(DEPDIR)/check_and_open_tests-check_and_open.Tpo -c -o src/util/check_and_open_tests-check_and_open.obj `if test -f 'src/util/check_and_open.c'; then $(CYGPATH_W) 'src/util/check_and_open.c'; else $(CYGPATH_W) '$(srcdir)/src/util/check_and_open.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/check_and_open_tests-check_and_open.Tpo src/util/$(DEPDIR)/check_and_open_tests-check_and_open.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/check_and_open.c' object='src/util/check_and_open_tests-check_and_open.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(check_and_open_tests_CFLAGS) $(CFLAGS) -c -o src/util/check_and_open_tests-check_and_open.obj `if test -f 'src/util/check_and_open.c'; then $(CYGPATH_W) 'src/util/check_and_open.c'; else $(CYGPATH_W) '$(srcdir)/src/util/check_and_open.c'; fi` src/util/crypto/libcrypto/crypto_tests-crypto_base64.o: src/util/crypto/libcrypto/crypto_base64.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/libcrypto/crypto_tests-crypto_base64.o -MD -MP -MF src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_base64.Tpo -c -o src/util/crypto/libcrypto/crypto_tests-crypto_base64.o `test -f 'src/util/crypto/libcrypto/crypto_base64.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_base64.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_base64.Tpo src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_base64.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/libcrypto/crypto_base64.c' object='src/util/crypto/libcrypto/crypto_tests-crypto_base64.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/libcrypto/crypto_tests-crypto_base64.o `test -f 'src/util/crypto/libcrypto/crypto_base64.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_base64.c src/util/crypto/libcrypto/crypto_tests-crypto_base64.obj: src/util/crypto/libcrypto/crypto_base64.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/libcrypto/crypto_tests-crypto_base64.obj -MD -MP -MF src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_base64.Tpo -c -o src/util/crypto/libcrypto/crypto_tests-crypto_base64.obj `if test -f 'src/util/crypto/libcrypto/crypto_base64.c'; then $(CYGPATH_W) 'src/util/crypto/libcrypto/crypto_base64.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/libcrypto/crypto_base64.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_base64.Tpo src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_base64.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/libcrypto/crypto_base64.c' object='src/util/crypto/libcrypto/crypto_tests-crypto_base64.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/libcrypto/crypto_tests-crypto_base64.obj `if test -f 'src/util/crypto/libcrypto/crypto_base64.c'; then $(CYGPATH_W) 'src/util/crypto/libcrypto/crypto_base64.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/libcrypto/crypto_base64.c'; fi` src/util/crypto/libcrypto/crypto_tests-crypto_hmac_sha1.o: src/util/crypto/libcrypto/crypto_hmac_sha1.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/libcrypto/crypto_tests-crypto_hmac_sha1.o -MD -MP -MF src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_hmac_sha1.Tpo -c -o src/util/crypto/libcrypto/crypto_tests-crypto_hmac_sha1.o `test -f 'src/util/crypto/libcrypto/crypto_hmac_sha1.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_hmac_sha1.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_hmac_sha1.Tpo src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_hmac_sha1.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/libcrypto/crypto_hmac_sha1.c' object='src/util/crypto/libcrypto/crypto_tests-crypto_hmac_sha1.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/libcrypto/crypto_tests-crypto_hmac_sha1.o `test -f 'src/util/crypto/libcrypto/crypto_hmac_sha1.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_hmac_sha1.c src/util/crypto/libcrypto/crypto_tests-crypto_hmac_sha1.obj: src/util/crypto/libcrypto/crypto_hmac_sha1.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/libcrypto/crypto_tests-crypto_hmac_sha1.obj -MD -MP -MF src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_hmac_sha1.Tpo -c -o src/util/crypto/libcrypto/crypto_tests-crypto_hmac_sha1.obj `if test -f 'src/util/crypto/libcrypto/crypto_hmac_sha1.c'; then $(CYGPATH_W) 'src/util/crypto/libcrypto/crypto_hmac_sha1.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/libcrypto/crypto_hmac_sha1.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_hmac_sha1.Tpo src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_hmac_sha1.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/libcrypto/crypto_hmac_sha1.c' object='src/util/crypto/libcrypto/crypto_tests-crypto_hmac_sha1.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/libcrypto/crypto_tests-crypto_hmac_sha1.obj `if test -f 'src/util/crypto/libcrypto/crypto_hmac_sha1.c'; then $(CYGPATH_W) 'src/util/crypto/libcrypto/crypto_hmac_sha1.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/libcrypto/crypto_hmac_sha1.c'; fi` src/util/crypto/libcrypto/crypto_tests-crypto_sha512crypt.o: src/util/crypto/libcrypto/crypto_sha512crypt.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/libcrypto/crypto_tests-crypto_sha512crypt.o -MD -MP -MF src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_sha512crypt.Tpo -c -o src/util/crypto/libcrypto/crypto_tests-crypto_sha512crypt.o `test -f 'src/util/crypto/libcrypto/crypto_sha512crypt.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_sha512crypt.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_sha512crypt.Tpo src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_sha512crypt.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/libcrypto/crypto_sha512crypt.c' object='src/util/crypto/libcrypto/crypto_tests-crypto_sha512crypt.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/libcrypto/crypto_tests-crypto_sha512crypt.o `test -f 'src/util/crypto/libcrypto/crypto_sha512crypt.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_tests-crypto_sha512crypt.obj: src/util/crypto/libcrypto/crypto_sha512crypt.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/libcrypto/crypto_tests-crypto_sha512crypt.obj -MD -MP -MF src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_sha512crypt.Tpo -c -o src/util/crypto/libcrypto/crypto_tests-crypto_sha512crypt.obj `if test -f 'src/util/crypto/libcrypto/crypto_sha512crypt.c'; then $(CYGPATH_W) 'src/util/crypto/libcrypto/crypto_sha512crypt.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/libcrypto/crypto_sha512crypt.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_sha512crypt.Tpo src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_sha512crypt.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/libcrypto/crypto_sha512crypt.c' object='src/util/crypto/libcrypto/crypto_tests-crypto_sha512crypt.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/libcrypto/crypto_tests-crypto_sha512crypt.obj `if test -f 'src/util/crypto/libcrypto/crypto_sha512crypt.c'; then $(CYGPATH_W) 'src/util/crypto/libcrypto/crypto_sha512crypt.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/libcrypto/crypto_sha512crypt.c'; fi` src/util/crypto/libcrypto/crypto_tests-crypto_obfuscate.o: src/util/crypto/libcrypto/crypto_obfuscate.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/libcrypto/crypto_tests-crypto_obfuscate.o -MD -MP -MF src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_obfuscate.Tpo -c -o src/util/crypto/libcrypto/crypto_tests-crypto_obfuscate.o `test -f 'src/util/crypto/libcrypto/crypto_obfuscate.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_obfuscate.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_obfuscate.Tpo src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_obfuscate.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/libcrypto/crypto_obfuscate.c' object='src/util/crypto/libcrypto/crypto_tests-crypto_obfuscate.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/libcrypto/crypto_tests-crypto_obfuscate.o `test -f 'src/util/crypto/libcrypto/crypto_obfuscate.c' || echo '$(srcdir)/'`src/util/crypto/libcrypto/crypto_obfuscate.c src/util/crypto/libcrypto/crypto_tests-crypto_obfuscate.obj: src/util/crypto/libcrypto/crypto_obfuscate.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/libcrypto/crypto_tests-crypto_obfuscate.obj -MD -MP -MF src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_obfuscate.Tpo -c -o src/util/crypto/libcrypto/crypto_tests-crypto_obfuscate.obj `if test -f 'src/util/crypto/libcrypto/crypto_obfuscate.c'; then $(CYGPATH_W) 'src/util/crypto/libcrypto/crypto_obfuscate.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/libcrypto/crypto_obfuscate.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_obfuscate.Tpo src/util/crypto/libcrypto/$(DEPDIR)/crypto_tests-crypto_obfuscate.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/libcrypto/crypto_obfuscate.c' object='src/util/crypto/libcrypto/crypto_tests-crypto_obfuscate.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/libcrypto/crypto_tests-crypto_obfuscate.obj `if test -f 'src/util/crypto/libcrypto/crypto_obfuscate.c'; then $(CYGPATH_W) 'src/util/crypto/libcrypto/crypto_obfuscate.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/libcrypto/crypto_obfuscate.c'; fi` src/util/crypto/nss/crypto_tests-nss_base64.o: src/util/crypto/nss/nss_base64.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/crypto_tests-nss_base64.o -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_base64.Tpo -c -o src/util/crypto/nss/crypto_tests-nss_base64.o `test -f 'src/util/crypto/nss/nss_base64.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_base64.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_base64.Tpo src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_base64.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_base64.c' object='src/util/crypto/nss/crypto_tests-nss_base64.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/crypto_tests-nss_base64.o `test -f 'src/util/crypto/nss/nss_base64.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_base64.c src/util/crypto/nss/crypto_tests-nss_base64.obj: src/util/crypto/nss/nss_base64.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/crypto_tests-nss_base64.obj -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_base64.Tpo -c -o src/util/crypto/nss/crypto_tests-nss_base64.obj `if test -f 'src/util/crypto/nss/nss_base64.c'; then $(CYGPATH_W) 'src/util/crypto/nss/nss_base64.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/nss/nss_base64.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_base64.Tpo src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_base64.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_base64.c' object='src/util/crypto/nss/crypto_tests-nss_base64.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/crypto_tests-nss_base64.obj `if test -f 'src/util/crypto/nss/nss_base64.c'; then $(CYGPATH_W) 'src/util/crypto/nss/nss_base64.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/nss/nss_base64.c'; fi` src/util/crypto/nss/crypto_tests-nss_hmac_sha1.o: src/util/crypto/nss/nss_hmac_sha1.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/crypto_tests-nss_hmac_sha1.o -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_hmac_sha1.Tpo -c -o src/util/crypto/nss/crypto_tests-nss_hmac_sha1.o `test -f 'src/util/crypto/nss/nss_hmac_sha1.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_hmac_sha1.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_hmac_sha1.Tpo src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_hmac_sha1.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_hmac_sha1.c' object='src/util/crypto/nss/crypto_tests-nss_hmac_sha1.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/crypto_tests-nss_hmac_sha1.o `test -f 'src/util/crypto/nss/nss_hmac_sha1.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_hmac_sha1.c src/util/crypto/nss/crypto_tests-nss_hmac_sha1.obj: src/util/crypto/nss/nss_hmac_sha1.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/crypto_tests-nss_hmac_sha1.obj -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_hmac_sha1.Tpo -c -o src/util/crypto/nss/crypto_tests-nss_hmac_sha1.obj `if test -f 'src/util/crypto/nss/nss_hmac_sha1.c'; then $(CYGPATH_W) 'src/util/crypto/nss/nss_hmac_sha1.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/nss/nss_hmac_sha1.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_hmac_sha1.Tpo src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_hmac_sha1.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_hmac_sha1.c' object='src/util/crypto/nss/crypto_tests-nss_hmac_sha1.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/crypto_tests-nss_hmac_sha1.obj `if test -f 'src/util/crypto/nss/nss_hmac_sha1.c'; then $(CYGPATH_W) 'src/util/crypto/nss/nss_hmac_sha1.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/nss/nss_hmac_sha1.c'; fi` src/util/crypto/nss/crypto_tests-nss_sha512crypt.o: src/util/crypto/nss/nss_sha512crypt.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/crypto_tests-nss_sha512crypt.o -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_sha512crypt.Tpo -c -o src/util/crypto/nss/crypto_tests-nss_sha512crypt.o `test -f 'src/util/crypto/nss/nss_sha512crypt.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_sha512crypt.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_sha512crypt.Tpo src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_sha512crypt.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_sha512crypt.c' object='src/util/crypto/nss/crypto_tests-nss_sha512crypt.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/crypto_tests-nss_sha512crypt.o `test -f 'src/util/crypto/nss/nss_sha512crypt.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/crypto_tests-nss_sha512crypt.obj: src/util/crypto/nss/nss_sha512crypt.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/crypto_tests-nss_sha512crypt.obj -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_sha512crypt.Tpo -c -o src/util/crypto/nss/crypto_tests-nss_sha512crypt.obj `if test -f 'src/util/crypto/nss/nss_sha512crypt.c'; then $(CYGPATH_W) 'src/util/crypto/nss/nss_sha512crypt.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/nss/nss_sha512crypt.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_sha512crypt.Tpo src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_sha512crypt.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_sha512crypt.c' object='src/util/crypto/nss/crypto_tests-nss_sha512crypt.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/crypto_tests-nss_sha512crypt.obj `if test -f 'src/util/crypto/nss/nss_sha512crypt.c'; then $(CYGPATH_W) 'src/util/crypto/nss/nss_sha512crypt.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/nss/nss_sha512crypt.c'; fi` src/util/crypto/nss/crypto_tests-nss_obfuscate.o: src/util/crypto/nss/nss_obfuscate.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/crypto_tests-nss_obfuscate.o -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_obfuscate.Tpo -c -o src/util/crypto/nss/crypto_tests-nss_obfuscate.o `test -f 'src/util/crypto/nss/nss_obfuscate.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_obfuscate.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_obfuscate.Tpo src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_obfuscate.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_obfuscate.c' object='src/util/crypto/nss/crypto_tests-nss_obfuscate.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/crypto_tests-nss_obfuscate.o `test -f 'src/util/crypto/nss/nss_obfuscate.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_obfuscate.c src/util/crypto/nss/crypto_tests-nss_obfuscate.obj: src/util/crypto/nss/nss_obfuscate.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/crypto_tests-nss_obfuscate.obj -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_obfuscate.Tpo -c -o src/util/crypto/nss/crypto_tests-nss_obfuscate.obj `if test -f 'src/util/crypto/nss/nss_obfuscate.c'; then $(CYGPATH_W) 'src/util/crypto/nss/nss_obfuscate.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/nss/nss_obfuscate.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_obfuscate.Tpo src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_obfuscate.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_obfuscate.c' object='src/util/crypto/nss/crypto_tests-nss_obfuscate.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/crypto_tests-nss_obfuscate.obj `if test -f 'src/util/crypto/nss/nss_obfuscate.c'; then $(CYGPATH_W) 'src/util/crypto/nss/nss_obfuscate.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/nss/nss_obfuscate.c'; fi` src/util/crypto/nss/crypto_tests-nss_util.o: src/util/crypto/nss/nss_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/crypto_tests-nss_util.o -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_util.Tpo -c -o src/util/crypto/nss/crypto_tests-nss_util.o `test -f 'src/util/crypto/nss/nss_util.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_util.Tpo src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_util.c' object='src/util/crypto/nss/crypto_tests-nss_util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/crypto_tests-nss_util.o `test -f 'src/util/crypto/nss/nss_util.c' || echo '$(srcdir)/'`src/util/crypto/nss/nss_util.c src/util/crypto/nss/crypto_tests-nss_util.obj: src/util/crypto/nss/nss_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/util/crypto/nss/crypto_tests-nss_util.obj -MD -MP -MF src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_util.Tpo -c -o src/util/crypto/nss/crypto_tests-nss_util.obj `if test -f 'src/util/crypto/nss/nss_util.c'; then $(CYGPATH_W) 'src/util/crypto/nss/nss_util.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/nss/nss_util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_util.Tpo src/util/crypto/nss/$(DEPDIR)/crypto_tests-nss_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/crypto/nss/nss_util.c' object='src/util/crypto/nss/crypto_tests-nss_util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/util/crypto/nss/crypto_tests-nss_util.obj `if test -f 'src/util/crypto/nss/nss_util.c'; then $(CYGPATH_W) 'src/util/crypto/nss/nss_util.c'; else $(CYGPATH_W) '$(srcdir)/src/util/crypto/nss/nss_util.c'; fi` src/tests/crypto_tests-crypto-tests.o: src/tests/crypto-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/tests/crypto_tests-crypto-tests.o -MD -MP -MF src/tests/$(DEPDIR)/crypto_tests-crypto-tests.Tpo -c -o src/tests/crypto_tests-crypto-tests.o `test -f 'src/tests/crypto-tests.c' || echo '$(srcdir)/'`src/tests/crypto-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/crypto_tests-crypto-tests.Tpo src/tests/$(DEPDIR)/crypto_tests-crypto-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/crypto-tests.c' object='src/tests/crypto_tests-crypto-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/tests/crypto_tests-crypto-tests.o `test -f 'src/tests/crypto-tests.c' || echo '$(srcdir)/'`src/tests/crypto-tests.c src/tests/crypto_tests-crypto-tests.obj: src/tests/crypto-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -MT src/tests/crypto_tests-crypto-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/crypto_tests-crypto-tests.Tpo -c -o src/tests/crypto_tests-crypto-tests.obj `if test -f 'src/tests/crypto-tests.c'; then $(CYGPATH_W) 'src/tests/crypto-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/crypto-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/crypto_tests-crypto-tests.Tpo src/tests/$(DEPDIR)/crypto_tests-crypto-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/crypto-tests.c' object='src/tests/crypto_tests-crypto-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(crypto_tests_CFLAGS) $(CFLAGS) -c -o src/tests/crypto_tests-crypto-tests.obj `if test -f 'src/tests/crypto-tests.c'; then $(CYGPATH_W) 'src/tests/crypto-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/crypto-tests.c'; fi` src/tests/debug_tests-debug-tests.o: src/tests/debug-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(debug_tests_CFLAGS) $(CFLAGS) -MT src/tests/debug_tests-debug-tests.o -MD -MP -MF src/tests/$(DEPDIR)/debug_tests-debug-tests.Tpo -c -o src/tests/debug_tests-debug-tests.o `test -f 'src/tests/debug-tests.c' || echo '$(srcdir)/'`src/tests/debug-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/debug_tests-debug-tests.Tpo src/tests/$(DEPDIR)/debug_tests-debug-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/debug-tests.c' object='src/tests/debug_tests-debug-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(debug_tests_CFLAGS) $(CFLAGS) -c -o src/tests/debug_tests-debug-tests.o `test -f 'src/tests/debug-tests.c' || echo '$(srcdir)/'`src/tests/debug-tests.c src/tests/debug_tests-debug-tests.obj: src/tests/debug-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(debug_tests_CFLAGS) $(CFLAGS) -MT src/tests/debug_tests-debug-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/debug_tests-debug-tests.Tpo -c -o src/tests/debug_tests-debug-tests.obj `if test -f 'src/tests/debug-tests.c'; then $(CYGPATH_W) 'src/tests/debug-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/debug-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/debug_tests-debug-tests.Tpo src/tests/$(DEPDIR)/debug_tests-debug-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/debug-tests.c' object='src/tests/debug_tests-debug-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(debug_tests_CFLAGS) $(CFLAGS) -c -o src/tests/debug_tests-debug-tests.obj `if test -f 'src/tests/debug-tests.c'; then $(CYGPATH_W) 'src/tests/debug-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/debug-tests.c'; fi` src/tests/debug_tests-common.o: src/tests/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(debug_tests_CFLAGS) $(CFLAGS) -MT src/tests/debug_tests-common.o -MD -MP -MF src/tests/$(DEPDIR)/debug_tests-common.Tpo -c -o src/tests/debug_tests-common.o `test -f 'src/tests/common.c' || echo '$(srcdir)/'`src/tests/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/debug_tests-common.Tpo src/tests/$(DEPDIR)/debug_tests-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/common.c' object='src/tests/debug_tests-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(debug_tests_CFLAGS) $(CFLAGS) -c -o src/tests/debug_tests-common.o `test -f 'src/tests/common.c' || echo '$(srcdir)/'`src/tests/common.c src/tests/debug_tests-common.obj: src/tests/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(debug_tests_CFLAGS) $(CFLAGS) -MT src/tests/debug_tests-common.obj -MD -MP -MF src/tests/$(DEPDIR)/debug_tests-common.Tpo -c -o src/tests/debug_tests-common.obj `if test -f 'src/tests/common.c'; then $(CYGPATH_W) 'src/tests/common.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/debug_tests-common.Tpo src/tests/$(DEPDIR)/debug_tests-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/common.c' object='src/tests/debug_tests-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(debug_tests_CFLAGS) $(CFLAGS) -c -o src/tests/debug_tests-common.obj `if test -f 'src/tests/common.c'; then $(CYGPATH_W) 'src/tests/common.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/common.c'; fi` src/tests/dlopen_tests-dlopen-tests.o: src/tests/dlopen-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dlopen_tests_CFLAGS) $(CFLAGS) -MT src/tests/dlopen_tests-dlopen-tests.o -MD -MP -MF src/tests/$(DEPDIR)/dlopen_tests-dlopen-tests.Tpo -c -o src/tests/dlopen_tests-dlopen-tests.o `test -f 'src/tests/dlopen-tests.c' || echo '$(srcdir)/'`src/tests/dlopen-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/dlopen_tests-dlopen-tests.Tpo src/tests/$(DEPDIR)/dlopen_tests-dlopen-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/dlopen-tests.c' object='src/tests/dlopen_tests-dlopen-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dlopen_tests_CFLAGS) $(CFLAGS) -c -o src/tests/dlopen_tests-dlopen-tests.o `test -f 'src/tests/dlopen-tests.c' || echo '$(srcdir)/'`src/tests/dlopen-tests.c src/tests/dlopen_tests-dlopen-tests.obj: src/tests/dlopen-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dlopen_tests_CFLAGS) $(CFLAGS) -MT src/tests/dlopen_tests-dlopen-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/dlopen_tests-dlopen-tests.Tpo -c -o src/tests/dlopen_tests-dlopen-tests.obj `if test -f 'src/tests/dlopen-tests.c'; then $(CYGPATH_W) 'src/tests/dlopen-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/dlopen-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/dlopen_tests-dlopen-tests.Tpo src/tests/$(DEPDIR)/dlopen_tests-dlopen-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/dlopen-tests.c' object='src/tests/dlopen_tests-dlopen-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dlopen_tests_CFLAGS) $(CFLAGS) -c -o src/tests/dlopen_tests-dlopen-tests.obj `if test -f 'src/tests/dlopen-tests.c'; then $(CYGPATH_W) 'src/tests/dlopen-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/dlopen-tests.c'; fi` src/providers/dp_opt_tests-data_provider_opts.o: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dp_opt_tests_CFLAGS) $(CFLAGS) -MT src/providers/dp_opt_tests-data_provider_opts.o -MD -MP -MF src/providers/$(DEPDIR)/dp_opt_tests-data_provider_opts.Tpo -c -o src/providers/dp_opt_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/dp_opt_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/dp_opt_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/dp_opt_tests-data_provider_opts.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dp_opt_tests_CFLAGS) $(CFLAGS) -c -o src/providers/dp_opt_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c src/providers/dp_opt_tests-data_provider_opts.obj: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dp_opt_tests_CFLAGS) $(CFLAGS) -MT src/providers/dp_opt_tests-data_provider_opts.obj -MD -MP -MF src/providers/$(DEPDIR)/dp_opt_tests-data_provider_opts.Tpo -c -o src/providers/dp_opt_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/dp_opt_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/dp_opt_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/dp_opt_tests-data_provider_opts.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dp_opt_tests_CFLAGS) $(CFLAGS) -c -o src/providers/dp_opt_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` src/tests/cmocka/dp_opt_tests-test_dp_opts.o: src/tests/cmocka/test_dp_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dp_opt_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/dp_opt_tests-test_dp_opts.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/dp_opt_tests-test_dp_opts.Tpo -c -o src/tests/cmocka/dp_opt_tests-test_dp_opts.o `test -f 'src/tests/cmocka/test_dp_opts.c' || echo '$(srcdir)/'`src/tests/cmocka/test_dp_opts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/dp_opt_tests-test_dp_opts.Tpo src/tests/cmocka/$(DEPDIR)/dp_opt_tests-test_dp_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_dp_opts.c' object='src/tests/cmocka/dp_opt_tests-test_dp_opts.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dp_opt_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/dp_opt_tests-test_dp_opts.o `test -f 'src/tests/cmocka/test_dp_opts.c' || echo '$(srcdir)/'`src/tests/cmocka/test_dp_opts.c src/tests/cmocka/dp_opt_tests-test_dp_opts.obj: src/tests/cmocka/test_dp_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dp_opt_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/dp_opt_tests-test_dp_opts.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/dp_opt_tests-test_dp_opts.Tpo -c -o src/tests/cmocka/dp_opt_tests-test_dp_opts.obj `if test -f 'src/tests/cmocka/test_dp_opts.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_dp_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_dp_opts.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/dp_opt_tests-test_dp_opts.Tpo src/tests/cmocka/$(DEPDIR)/dp_opt_tests-test_dp_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_dp_opts.c' object='src/tests/cmocka/dp_opt_tests-test_dp_opts.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dp_opt_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/dp_opt_tests-test_dp_opts.obj `if test -f 'src/tests/cmocka/test_dp_opts.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_dp_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_dp_opts.c'; fi` src/resolv/dyndns_tests-async_resolv.o: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -MT src/resolv/dyndns_tests-async_resolv.o -MD -MP -MF src/resolv/$(DEPDIR)/dyndns_tests-async_resolv.Tpo -c -o src/resolv/dyndns_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/dyndns_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/dyndns_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/dyndns_tests-async_resolv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/dyndns_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c src/resolv/dyndns_tests-async_resolv.obj: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -MT src/resolv/dyndns_tests-async_resolv.obj -MD -MP -MF src/resolv/$(DEPDIR)/dyndns_tests-async_resolv.Tpo -c -o src/resolv/dyndns_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/dyndns_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/dyndns_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/dyndns_tests-async_resolv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/dyndns_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` src/resolv/dyndns_tests-async_resolv_utils.o: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -MT src/resolv/dyndns_tests-async_resolv_utils.o -MD -MP -MF src/resolv/$(DEPDIR)/dyndns_tests-async_resolv_utils.Tpo -c -o src/resolv/dyndns_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/dyndns_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/dyndns_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/dyndns_tests-async_resolv_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/dyndns_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c src/resolv/dyndns_tests-async_resolv_utils.obj: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -MT src/resolv/dyndns_tests-async_resolv_utils.obj -MD -MP -MF src/resolv/$(DEPDIR)/dyndns_tests-async_resolv_utils.Tpo -c -o src/resolv/dyndns_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/dyndns_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/dyndns_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/dyndns_tests-async_resolv_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/dyndns_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` src/resolv/ares/dyndns_tests-ares_parse_srv_reply.o: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/dyndns_tests-ares_parse_srv_reply.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/dyndns_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/dyndns_tests-ares_parse_srv_reply.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/dyndns_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c src/resolv/ares/dyndns_tests-ares_parse_srv_reply.obj: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/dyndns_tests-ares_parse_srv_reply.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/dyndns_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/dyndns_tests-ares_parse_srv_reply.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/dyndns_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` src/resolv/ares/dyndns_tests-ares_data.o: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/dyndns_tests-ares_data.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_data.Tpo -c -o src/resolv/ares/dyndns_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/dyndns_tests-ares_data.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/dyndns_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c src/resolv/ares/dyndns_tests-ares_data.obj: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/dyndns_tests-ares_data.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_data.Tpo -c -o src/resolv/ares/dyndns_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/dyndns_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/dyndns_tests-ares_data.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/dyndns_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` src/tests/cmocka/dyndns_tests-test_dyndns.o: src/tests/cmocka/test_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/dyndns_tests-test_dyndns.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/dyndns_tests-test_dyndns.Tpo -c -o src/tests/cmocka/dyndns_tests-test_dyndns.o `test -f 'src/tests/cmocka/test_dyndns.c' || echo '$(srcdir)/'`src/tests/cmocka/test_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/dyndns_tests-test_dyndns.Tpo src/tests/cmocka/$(DEPDIR)/dyndns_tests-test_dyndns.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_dyndns.c' object='src/tests/cmocka/dyndns_tests-test_dyndns.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/dyndns_tests-test_dyndns.o `test -f 'src/tests/cmocka/test_dyndns.c' || echo '$(srcdir)/'`src/tests/cmocka/test_dyndns.c src/tests/cmocka/dyndns_tests-test_dyndns.obj: src/tests/cmocka/test_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/dyndns_tests-test_dyndns.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/dyndns_tests-test_dyndns.Tpo -c -o src/tests/cmocka/dyndns_tests-test_dyndns.obj `if test -f 'src/tests/cmocka/test_dyndns.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_dyndns.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_dyndns.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/dyndns_tests-test_dyndns.Tpo src/tests/cmocka/$(DEPDIR)/dyndns_tests-test_dyndns.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_dyndns.c' object='src/tests/cmocka/dyndns_tests-test_dyndns.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/dyndns_tests-test_dyndns.obj `if test -f 'src/tests/cmocka/test_dyndns.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_dyndns.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_dyndns.c'; fi` src/providers/dyndns_tests-data_provider_opts.o: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -MT src/providers/dyndns_tests-data_provider_opts.o -MD -MP -MF src/providers/$(DEPDIR)/dyndns_tests-data_provider_opts.Tpo -c -o src/providers/dyndns_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/dyndns_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/dyndns_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/dyndns_tests-data_provider_opts.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -c -o src/providers/dyndns_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c src/providers/dyndns_tests-data_provider_opts.obj: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -MT src/providers/dyndns_tests-data_provider_opts.obj -MD -MP -MF src/providers/$(DEPDIR)/dyndns_tests-data_provider_opts.Tpo -c -o src/providers/dyndns_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/dyndns_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/dyndns_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/dyndns_tests-data_provider_opts.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dyndns_tests_CFLAGS) $(CFLAGS) -c -o src/providers/dyndns_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` src/tests/fail_over_tests-fail_over-tests.o: src/tests/fail_over-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/tests/fail_over_tests-fail_over-tests.o -MD -MP -MF src/tests/$(DEPDIR)/fail_over_tests-fail_over-tests.Tpo -c -o src/tests/fail_over_tests-fail_over-tests.o `test -f 'src/tests/fail_over-tests.c' || echo '$(srcdir)/'`src/tests/fail_over-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/fail_over_tests-fail_over-tests.Tpo src/tests/$(DEPDIR)/fail_over_tests-fail_over-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/fail_over-tests.c' object='src/tests/fail_over_tests-fail_over-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/tests/fail_over_tests-fail_over-tests.o `test -f 'src/tests/fail_over-tests.c' || echo '$(srcdir)/'`src/tests/fail_over-tests.c src/tests/fail_over_tests-fail_over-tests.obj: src/tests/fail_over-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/tests/fail_over_tests-fail_over-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/fail_over_tests-fail_over-tests.Tpo -c -o src/tests/fail_over_tests-fail_over-tests.obj `if test -f 'src/tests/fail_over-tests.c'; then $(CYGPATH_W) 'src/tests/fail_over-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/fail_over-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/fail_over_tests-fail_over-tests.Tpo src/tests/$(DEPDIR)/fail_over_tests-fail_over-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/fail_over-tests.c' object='src/tests/fail_over_tests-fail_over-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/tests/fail_over_tests-fail_over-tests.obj `if test -f 'src/tests/fail_over-tests.c'; then $(CYGPATH_W) 'src/tests/fail_over-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/fail_over-tests.c'; fi` src/providers/fail_over_tests-fail_over.o: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/providers/fail_over_tests-fail_over.o -MD -MP -MF src/providers/$(DEPDIR)/fail_over_tests-fail_over.Tpo -c -o src/providers/fail_over_tests-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/fail_over_tests-fail_over.Tpo src/providers/$(DEPDIR)/fail_over_tests-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/fail_over_tests-fail_over.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/providers/fail_over_tests-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c src/providers/fail_over_tests-fail_over.obj: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/providers/fail_over_tests-fail_over.obj -MD -MP -MF src/providers/$(DEPDIR)/fail_over_tests-fail_over.Tpo -c -o src/providers/fail_over_tests-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/fail_over_tests-fail_over.Tpo src/providers/$(DEPDIR)/fail_over_tests-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/fail_over_tests-fail_over.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/providers/fail_over_tests-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` src/providers/fail_over_tests-fail_over_srv.o: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/providers/fail_over_tests-fail_over_srv.o -MD -MP -MF src/providers/$(DEPDIR)/fail_over_tests-fail_over_srv.Tpo -c -o src/providers/fail_over_tests-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/fail_over_tests-fail_over_srv.Tpo src/providers/$(DEPDIR)/fail_over_tests-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/fail_over_tests-fail_over_srv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/providers/fail_over_tests-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c src/providers/fail_over_tests-fail_over_srv.obj: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/providers/fail_over_tests-fail_over_srv.obj -MD -MP -MF src/providers/$(DEPDIR)/fail_over_tests-fail_over_srv.Tpo -c -o src/providers/fail_over_tests-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/fail_over_tests-fail_over_srv.Tpo src/providers/$(DEPDIR)/fail_over_tests-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/fail_over_tests-fail_over_srv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/providers/fail_over_tests-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` src/resolv/fail_over_tests-async_resolv.o: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/resolv/fail_over_tests-async_resolv.o -MD -MP -MF src/resolv/$(DEPDIR)/fail_over_tests-async_resolv.Tpo -c -o src/resolv/fail_over_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/fail_over_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/fail_over_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/fail_over_tests-async_resolv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/fail_over_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c src/resolv/fail_over_tests-async_resolv.obj: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/resolv/fail_over_tests-async_resolv.obj -MD -MP -MF src/resolv/$(DEPDIR)/fail_over_tests-async_resolv.Tpo -c -o src/resolv/fail_over_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/fail_over_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/fail_over_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/fail_over_tests-async_resolv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/fail_over_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` src/resolv/fail_over_tests-async_resolv_utils.o: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/resolv/fail_over_tests-async_resolv_utils.o -MD -MP -MF src/resolv/$(DEPDIR)/fail_over_tests-async_resolv_utils.Tpo -c -o src/resolv/fail_over_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/fail_over_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/fail_over_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/fail_over_tests-async_resolv_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/fail_over_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c src/resolv/fail_over_tests-async_resolv_utils.obj: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/resolv/fail_over_tests-async_resolv_utils.obj -MD -MP -MF src/resolv/$(DEPDIR)/fail_over_tests-async_resolv_utils.Tpo -c -o src/resolv/fail_over_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/fail_over_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/fail_over_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/fail_over_tests-async_resolv_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/fail_over_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` src/resolv/ares/fail_over_tests-ares_parse_srv_reply.o: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/fail_over_tests-ares_parse_srv_reply.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/fail_over_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/fail_over_tests-ares_parse_srv_reply.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/fail_over_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c src/resolv/ares/fail_over_tests-ares_parse_srv_reply.obj: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/fail_over_tests-ares_parse_srv_reply.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/fail_over_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/fail_over_tests-ares_parse_srv_reply.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/fail_over_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` src/resolv/ares/fail_over_tests-ares_data.o: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/fail_over_tests-ares_data.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_data.Tpo -c -o src/resolv/ares/fail_over_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/fail_over_tests-ares_data.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/fail_over_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c src/resolv/ares/fail_over_tests-ares_data.obj: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/fail_over_tests-ares_data.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_data.Tpo -c -o src/resolv/ares/fail_over_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/fail_over_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/fail_over_tests-ares_data.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fail_over_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/fail_over_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` src/tests/files_tests-files-tests.o: src/tests/files-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -MT src/tests/files_tests-files-tests.o -MD -MP -MF src/tests/$(DEPDIR)/files_tests-files-tests.Tpo -c -o src/tests/files_tests-files-tests.o `test -f 'src/tests/files-tests.c' || echo '$(srcdir)/'`src/tests/files-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/files_tests-files-tests.Tpo src/tests/$(DEPDIR)/files_tests-files-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/files-tests.c' object='src/tests/files_tests-files-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -c -o src/tests/files_tests-files-tests.o `test -f 'src/tests/files-tests.c' || echo '$(srcdir)/'`src/tests/files-tests.c src/tests/files_tests-files-tests.obj: src/tests/files-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -MT src/tests/files_tests-files-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/files_tests-files-tests.Tpo -c -o src/tests/files_tests-files-tests.obj `if test -f 'src/tests/files-tests.c'; then $(CYGPATH_W) 'src/tests/files-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/files-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/files_tests-files-tests.Tpo src/tests/$(DEPDIR)/files_tests-files-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/files-tests.c' object='src/tests/files_tests-files-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -c -o src/tests/files_tests-files-tests.obj `if test -f 'src/tests/files-tests.c'; then $(CYGPATH_W) 'src/tests/files-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/files-tests.c'; fi` src/util/files_tests-check_and_open.o: src/util/check_and_open.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -MT src/util/files_tests-check_and_open.o -MD -MP -MF src/util/$(DEPDIR)/files_tests-check_and_open.Tpo -c -o src/util/files_tests-check_and_open.o `test -f 'src/util/check_and_open.c' || echo '$(srcdir)/'`src/util/check_and_open.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/files_tests-check_and_open.Tpo src/util/$(DEPDIR)/files_tests-check_and_open.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/check_and_open.c' object='src/util/files_tests-check_and_open.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -c -o src/util/files_tests-check_and_open.o `test -f 'src/util/check_and_open.c' || echo '$(srcdir)/'`src/util/check_and_open.c src/util/files_tests-check_and_open.obj: src/util/check_and_open.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -MT src/util/files_tests-check_and_open.obj -MD -MP -MF src/util/$(DEPDIR)/files_tests-check_and_open.Tpo -c -o src/util/files_tests-check_and_open.obj `if test -f 'src/util/check_and_open.c'; then $(CYGPATH_W) 'src/util/check_and_open.c'; else $(CYGPATH_W) '$(srcdir)/src/util/check_and_open.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/files_tests-check_and_open.Tpo src/util/$(DEPDIR)/files_tests-check_and_open.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/check_and_open.c' object='src/util/files_tests-check_and_open.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -c -o src/util/files_tests-check_and_open.obj `if test -f 'src/util/check_and_open.c'; then $(CYGPATH_W) 'src/util/check_and_open.c'; else $(CYGPATH_W) '$(srcdir)/src/util/check_and_open.c'; fi` src/util/files_tests-atomic_io.o: src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -MT src/util/files_tests-atomic_io.o -MD -MP -MF src/util/$(DEPDIR)/files_tests-atomic_io.Tpo -c -o src/util/files_tests-atomic_io.o `test -f 'src/util/atomic_io.c' || echo '$(srcdir)/'`src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/files_tests-atomic_io.Tpo src/util/$(DEPDIR)/files_tests-atomic_io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/atomic_io.c' object='src/util/files_tests-atomic_io.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -c -o src/util/files_tests-atomic_io.o `test -f 'src/util/atomic_io.c' || echo '$(srcdir)/'`src/util/atomic_io.c src/util/files_tests-atomic_io.obj: src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -MT src/util/files_tests-atomic_io.obj -MD -MP -MF src/util/$(DEPDIR)/files_tests-atomic_io.Tpo -c -o src/util/files_tests-atomic_io.obj `if test -f 'src/util/atomic_io.c'; then $(CYGPATH_W) 'src/util/atomic_io.c'; else $(CYGPATH_W) '$(srcdir)/src/util/atomic_io.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/files_tests-atomic_io.Tpo src/util/$(DEPDIR)/files_tests-atomic_io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/atomic_io.c' object='src/util/files_tests-atomic_io.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -c -o src/util/files_tests-atomic_io.obj `if test -f 'src/util/atomic_io.c'; then $(CYGPATH_W) 'src/util/atomic_io.c'; else $(CYGPATH_W) '$(srcdir)/src/util/atomic_io.c'; fi` src/tools/files_tests-selinux.o: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -MT src/tools/files_tests-selinux.o -MD -MP -MF src/tools/$(DEPDIR)/files_tests-selinux.Tpo -c -o src/tools/files_tests-selinux.o `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/files_tests-selinux.Tpo src/tools/$(DEPDIR)/files_tests-selinux.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/files_tests-selinux.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -c -o src/tools/files_tests-selinux.o `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c src/tools/files_tests-selinux.obj: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -MT src/tools/files_tests-selinux.obj -MD -MP -MF src/tools/$(DEPDIR)/files_tests-selinux.Tpo -c -o src/tools/files_tests-selinux.obj `if test -f 'src/tools/selinux.c'; then $(CYGPATH_W) 'src/tools/selinux.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/selinux.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/files_tests-selinux.Tpo src/tools/$(DEPDIR)/files_tests-selinux.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/files_tests-selinux.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -c -o src/tools/files_tests-selinux.obj `if test -f 'src/tools/selinux.c'; then $(CYGPATH_W) 'src/tools/selinux.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/selinux.c'; fi` src/tools/files_tests-files.o: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -MT src/tools/files_tests-files.o -MD -MP -MF src/tools/$(DEPDIR)/files_tests-files.Tpo -c -o src/tools/files_tests-files.o `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/files_tests-files.Tpo src/tools/$(DEPDIR)/files_tests-files.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/files_tests-files.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -c -o src/tools/files_tests-files.o `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c src/tools/files_tests-files.obj: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -MT src/tools/files_tests-files.obj -MD -MP -MF src/tools/$(DEPDIR)/files_tests-files.Tpo -c -o src/tools/files_tests-files.obj `if test -f 'src/tools/files.c'; then $(CYGPATH_W) 'src/tools/files.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/files.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/files_tests-files.Tpo src/tools/$(DEPDIR)/files_tests-files.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/files_tests-files.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(files_tests_CFLAGS) $(CFLAGS) -c -o src/tools/files_tests-files.obj `if test -f 'src/tools/files.c'; then $(CYGPATH_W) 'src/tools/files.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/files.c'; fi` src/tests/find_uid_tests-find_uid-tests.o: src/tests/find_uid-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -MT src/tests/find_uid_tests-find_uid-tests.o -MD -MP -MF src/tests/$(DEPDIR)/find_uid_tests-find_uid-tests.Tpo -c -o src/tests/find_uid_tests-find_uid-tests.o `test -f 'src/tests/find_uid-tests.c' || echo '$(srcdir)/'`src/tests/find_uid-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/find_uid_tests-find_uid-tests.Tpo src/tests/$(DEPDIR)/find_uid_tests-find_uid-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/find_uid-tests.c' object='src/tests/find_uid_tests-find_uid-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -c -o src/tests/find_uid_tests-find_uid-tests.o `test -f 'src/tests/find_uid-tests.c' || echo '$(srcdir)/'`src/tests/find_uid-tests.c src/tests/find_uid_tests-find_uid-tests.obj: src/tests/find_uid-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -MT src/tests/find_uid_tests-find_uid-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/find_uid_tests-find_uid-tests.Tpo -c -o src/tests/find_uid_tests-find_uid-tests.obj `if test -f 'src/tests/find_uid-tests.c'; then $(CYGPATH_W) 'src/tests/find_uid-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/find_uid-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/find_uid_tests-find_uid-tests.Tpo src/tests/$(DEPDIR)/find_uid_tests-find_uid-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/find_uid-tests.c' object='src/tests/find_uid_tests-find_uid-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -c -o src/tests/find_uid_tests-find_uid-tests.obj `if test -f 'src/tests/find_uid-tests.c'; then $(CYGPATH_W) 'src/tests/find_uid-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/find_uid-tests.c'; fi` src/util/find_uid_tests-find_uid.o: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -MT src/util/find_uid_tests-find_uid.o -MD -MP -MF src/util/$(DEPDIR)/find_uid_tests-find_uid.Tpo -c -o src/util/find_uid_tests-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/find_uid_tests-find_uid.Tpo src/util/$(DEPDIR)/find_uid_tests-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/find_uid_tests-find_uid.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -c -o src/util/find_uid_tests-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c src/util/find_uid_tests-find_uid.obj: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -MT src/util/find_uid_tests-find_uid.obj -MD -MP -MF src/util/$(DEPDIR)/find_uid_tests-find_uid.Tpo -c -o src/util/find_uid_tests-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/find_uid_tests-find_uid.Tpo src/util/$(DEPDIR)/find_uid_tests-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/find_uid_tests-find_uid.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -c -o src/util/find_uid_tests-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` src/util/find_uid_tests-atomic_io.o: src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -MT src/util/find_uid_tests-atomic_io.o -MD -MP -MF src/util/$(DEPDIR)/find_uid_tests-atomic_io.Tpo -c -o src/util/find_uid_tests-atomic_io.o `test -f 'src/util/atomic_io.c' || echo '$(srcdir)/'`src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/find_uid_tests-atomic_io.Tpo src/util/$(DEPDIR)/find_uid_tests-atomic_io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/atomic_io.c' object='src/util/find_uid_tests-atomic_io.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -c -o src/util/find_uid_tests-atomic_io.o `test -f 'src/util/atomic_io.c' || echo '$(srcdir)/'`src/util/atomic_io.c src/util/find_uid_tests-atomic_io.obj: src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -MT src/util/find_uid_tests-atomic_io.obj -MD -MP -MF src/util/$(DEPDIR)/find_uid_tests-atomic_io.Tpo -c -o src/util/find_uid_tests-atomic_io.obj `if test -f 'src/util/atomic_io.c'; then $(CYGPATH_W) 'src/util/atomic_io.c'; else $(CYGPATH_W) '$(srcdir)/src/util/atomic_io.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/find_uid_tests-atomic_io.Tpo src/util/$(DEPDIR)/find_uid_tests-atomic_io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/atomic_io.c' object='src/util/find_uid_tests-atomic_io.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -c -o src/util/find_uid_tests-atomic_io.obj `if test -f 'src/util/atomic_io.c'; then $(CYGPATH_W) 'src/util/atomic_io.c'; else $(CYGPATH_W) '$(srcdir)/src/util/atomic_io.c'; fi` src/util/find_uid_tests-strtonum.o: src/util/strtonum.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -MT src/util/find_uid_tests-strtonum.o -MD -MP -MF src/util/$(DEPDIR)/find_uid_tests-strtonum.Tpo -c -o src/util/find_uid_tests-strtonum.o `test -f 'src/util/strtonum.c' || echo '$(srcdir)/'`src/util/strtonum.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/find_uid_tests-strtonum.Tpo src/util/$(DEPDIR)/find_uid_tests-strtonum.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/strtonum.c' object='src/util/find_uid_tests-strtonum.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -c -o src/util/find_uid_tests-strtonum.o `test -f 'src/util/strtonum.c' || echo '$(srcdir)/'`src/util/strtonum.c src/util/find_uid_tests-strtonum.obj: src/util/strtonum.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -MT src/util/find_uid_tests-strtonum.obj -MD -MP -MF src/util/$(DEPDIR)/find_uid_tests-strtonum.Tpo -c -o src/util/find_uid_tests-strtonum.obj `if test -f 'src/util/strtonum.c'; then $(CYGPATH_W) 'src/util/strtonum.c'; else $(CYGPATH_W) '$(srcdir)/src/util/strtonum.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/find_uid_tests-strtonum.Tpo src/util/$(DEPDIR)/find_uid_tests-strtonum.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/strtonum.c' object='src/util/find_uid_tests-strtonum.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(find_uid_tests_CFLAGS) $(CFLAGS) -c -o src/util/find_uid_tests-strtonum.obj `if test -f 'src/util/strtonum.c'; then $(CYGPATH_W) 'src/util/strtonum.c'; else $(CYGPATH_W) '$(srcdir)/src/util/strtonum.c'; fi` src/tests/cmocka/fqnames_tests-test_fqnames.o: src/tests/cmocka/test_fqnames.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fqnames_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/fqnames_tests-test_fqnames.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/fqnames_tests-test_fqnames.Tpo -c -o src/tests/cmocka/fqnames_tests-test_fqnames.o `test -f 'src/tests/cmocka/test_fqnames.c' || echo '$(srcdir)/'`src/tests/cmocka/test_fqnames.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/fqnames_tests-test_fqnames.Tpo src/tests/cmocka/$(DEPDIR)/fqnames_tests-test_fqnames.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_fqnames.c' object='src/tests/cmocka/fqnames_tests-test_fqnames.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fqnames_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/fqnames_tests-test_fqnames.o `test -f 'src/tests/cmocka/test_fqnames.c' || echo '$(srcdir)/'`src/tests/cmocka/test_fqnames.c src/tests/cmocka/fqnames_tests-test_fqnames.obj: src/tests/cmocka/test_fqnames.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fqnames_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/fqnames_tests-test_fqnames.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/fqnames_tests-test_fqnames.Tpo -c -o src/tests/cmocka/fqnames_tests-test_fqnames.obj `if test -f 'src/tests/cmocka/test_fqnames.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_fqnames.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_fqnames.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/fqnames_tests-test_fqnames.Tpo src/tests/cmocka/$(DEPDIR)/fqnames_tests-test_fqnames.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_fqnames.c' object='src/tests/cmocka/fqnames_tests-test_fqnames.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(fqnames_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/fqnames_tests-test_fqnames.obj `if test -f 'src/tests/cmocka/test_fqnames.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_fqnames.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_fqnames.c'; fi` src/tests/ipa_hbac_tests-ipa_hbac-tests.o: src/tests/ipa_hbac-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ipa_hbac_tests_CFLAGS) $(CFLAGS) -MT src/tests/ipa_hbac_tests-ipa_hbac-tests.o -MD -MP -MF src/tests/$(DEPDIR)/ipa_hbac_tests-ipa_hbac-tests.Tpo -c -o src/tests/ipa_hbac_tests-ipa_hbac-tests.o `test -f 'src/tests/ipa_hbac-tests.c' || echo '$(srcdir)/'`src/tests/ipa_hbac-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/ipa_hbac_tests-ipa_hbac-tests.Tpo src/tests/$(DEPDIR)/ipa_hbac_tests-ipa_hbac-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/ipa_hbac-tests.c' object='src/tests/ipa_hbac_tests-ipa_hbac-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ipa_hbac_tests_CFLAGS) $(CFLAGS) -c -o src/tests/ipa_hbac_tests-ipa_hbac-tests.o `test -f 'src/tests/ipa_hbac-tests.c' || echo '$(srcdir)/'`src/tests/ipa_hbac-tests.c src/tests/ipa_hbac_tests-ipa_hbac-tests.obj: src/tests/ipa_hbac-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ipa_hbac_tests_CFLAGS) $(CFLAGS) -MT src/tests/ipa_hbac_tests-ipa_hbac-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/ipa_hbac_tests-ipa_hbac-tests.Tpo -c -o src/tests/ipa_hbac_tests-ipa_hbac-tests.obj `if test -f 'src/tests/ipa_hbac-tests.c'; then $(CYGPATH_W) 'src/tests/ipa_hbac-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/ipa_hbac-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/ipa_hbac_tests-ipa_hbac-tests.Tpo src/tests/$(DEPDIR)/ipa_hbac_tests-ipa_hbac-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/ipa_hbac-tests.c' object='src/tests/ipa_hbac_tests-ipa_hbac-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ipa_hbac_tests_CFLAGS) $(CFLAGS) -c -o src/tests/ipa_hbac_tests-ipa_hbac-tests.obj `if test -f 'src/tests/ipa_hbac-tests.c'; then $(CYGPATH_W) 'src/tests/ipa_hbac-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/ipa_hbac-tests.c'; fi` src/providers/ipa_ldap_opt_tests-data_provider_opts.o: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ipa_ldap_opt_tests_CFLAGS) $(CFLAGS) -MT src/providers/ipa_ldap_opt_tests-data_provider_opts.o -MD -MP -MF src/providers/$(DEPDIR)/ipa_ldap_opt_tests-data_provider_opts.Tpo -c -o src/providers/ipa_ldap_opt_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ipa_ldap_opt_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/ipa_ldap_opt_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/ipa_ldap_opt_tests-data_provider_opts.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ipa_ldap_opt_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ipa_ldap_opt_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c src/providers/ipa_ldap_opt_tests-data_provider_opts.obj: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ipa_ldap_opt_tests_CFLAGS) $(CFLAGS) -MT src/providers/ipa_ldap_opt_tests-data_provider_opts.obj -MD -MP -MF src/providers/$(DEPDIR)/ipa_ldap_opt_tests-data_provider_opts.Tpo -c -o src/providers/ipa_ldap_opt_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/ipa_ldap_opt_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/ipa_ldap_opt_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/ipa_ldap_opt_tests-data_provider_opts.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ipa_ldap_opt_tests_CFLAGS) $(CFLAGS) -c -o src/providers/ipa_ldap_opt_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` src/tests/ipa_ldap_opt_tests-ipa_ldap_opt-tests.o: src/tests/ipa_ldap_opt-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ipa_ldap_opt_tests_CFLAGS) $(CFLAGS) -MT src/tests/ipa_ldap_opt_tests-ipa_ldap_opt-tests.o -MD -MP -MF src/tests/$(DEPDIR)/ipa_ldap_opt_tests-ipa_ldap_opt-tests.Tpo -c -o src/tests/ipa_ldap_opt_tests-ipa_ldap_opt-tests.o `test -f 'src/tests/ipa_ldap_opt-tests.c' || echo '$(srcdir)/'`src/tests/ipa_ldap_opt-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/ipa_ldap_opt_tests-ipa_ldap_opt-tests.Tpo src/tests/$(DEPDIR)/ipa_ldap_opt_tests-ipa_ldap_opt-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/ipa_ldap_opt-tests.c' object='src/tests/ipa_ldap_opt_tests-ipa_ldap_opt-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ipa_ldap_opt_tests_CFLAGS) $(CFLAGS) -c -o src/tests/ipa_ldap_opt_tests-ipa_ldap_opt-tests.o `test -f 'src/tests/ipa_ldap_opt-tests.c' || echo '$(srcdir)/'`src/tests/ipa_ldap_opt-tests.c src/tests/ipa_ldap_opt_tests-ipa_ldap_opt-tests.obj: src/tests/ipa_ldap_opt-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ipa_ldap_opt_tests_CFLAGS) $(CFLAGS) -MT src/tests/ipa_ldap_opt_tests-ipa_ldap_opt-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/ipa_ldap_opt_tests-ipa_ldap_opt-tests.Tpo -c -o src/tests/ipa_ldap_opt_tests-ipa_ldap_opt-tests.obj `if test -f 'src/tests/ipa_ldap_opt-tests.c'; then $(CYGPATH_W) 'src/tests/ipa_ldap_opt-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/ipa_ldap_opt-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/ipa_ldap_opt_tests-ipa_ldap_opt-tests.Tpo src/tests/$(DEPDIR)/ipa_ldap_opt_tests-ipa_ldap_opt-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/ipa_ldap_opt-tests.c' object='src/tests/ipa_ldap_opt_tests-ipa_ldap_opt-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ipa_ldap_opt_tests_CFLAGS) $(CFLAGS) -c -o src/tests/ipa_ldap_opt_tests-ipa_ldap_opt-tests.obj `if test -f 'src/tests/ipa_ldap_opt-tests.c'; then $(CYGPATH_W) 'src/tests/ipa_ldap_opt-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/ipa_ldap_opt-tests.c'; fi` src/tests/krb5_child_test-krb5_child-test.o: src/tests/krb5_child-test.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/tests/krb5_child_test-krb5_child-test.o -MD -MP -MF src/tests/$(DEPDIR)/krb5_child_test-krb5_child-test.Tpo -c -o src/tests/krb5_child_test-krb5_child-test.o `test -f 'src/tests/krb5_child-test.c' || echo '$(srcdir)/'`src/tests/krb5_child-test.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/krb5_child_test-krb5_child-test.Tpo src/tests/$(DEPDIR)/krb5_child_test-krb5_child-test.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/krb5_child-test.c' object='src/tests/krb5_child_test-krb5_child-test.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/tests/krb5_child_test-krb5_child-test.o `test -f 'src/tests/krb5_child-test.c' || echo '$(srcdir)/'`src/tests/krb5_child-test.c src/tests/krb5_child_test-krb5_child-test.obj: src/tests/krb5_child-test.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/tests/krb5_child_test-krb5_child-test.obj -MD -MP -MF src/tests/$(DEPDIR)/krb5_child_test-krb5_child-test.Tpo -c -o src/tests/krb5_child_test-krb5_child-test.obj `if test -f 'src/tests/krb5_child-test.c'; then $(CYGPATH_W) 'src/tests/krb5_child-test.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/krb5_child-test.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/krb5_child_test-krb5_child-test.Tpo src/tests/$(DEPDIR)/krb5_child_test-krb5_child-test.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/krb5_child-test.c' object='src/tests/krb5_child_test-krb5_child-test.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/tests/krb5_child_test-krb5_child-test.obj `if test -f 'src/tests/krb5_child-test.c'; then $(CYGPATH_W) 'src/tests/krb5_child-test.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/krb5_child-test.c'; fi` src/providers/krb5/krb5_child_test-krb5_utils.o: src/providers/krb5/krb5_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_child_test-krb5_utils.o -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_utils.Tpo -c -o src/providers/krb5/krb5_child_test-krb5_utils.o `test -f 'src/providers/krb5/krb5_utils.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_utils.Tpo src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_utils.c' object='src/providers/krb5/krb5_child_test-krb5_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_child_test-krb5_utils.o `test -f 'src/providers/krb5/krb5_utils.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_utils.c src/providers/krb5/krb5_child_test-krb5_utils.obj: src/providers/krb5/krb5_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_child_test-krb5_utils.obj -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_utils.Tpo -c -o src/providers/krb5/krb5_child_test-krb5_utils.obj `if test -f 'src/providers/krb5/krb5_utils.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_utils.Tpo src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_utils.c' object='src/providers/krb5/krb5_child_test-krb5_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_child_test-krb5_utils.obj `if test -f 'src/providers/krb5/krb5_utils.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_utils.c'; fi` src/providers/krb5/krb5_child_test-krb5_child_handler.o: src/providers/krb5/krb5_child_handler.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_child_test-krb5_child_handler.o -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_child_handler.Tpo -c -o src/providers/krb5/krb5_child_test-krb5_child_handler.o `test -f 'src/providers/krb5/krb5_child_handler.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_child_handler.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_child_handler.Tpo src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_child_handler.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_child_handler.c' object='src/providers/krb5/krb5_child_test-krb5_child_handler.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_child_test-krb5_child_handler.o `test -f 'src/providers/krb5/krb5_child_handler.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_child_handler.c src/providers/krb5/krb5_child_test-krb5_child_handler.obj: src/providers/krb5/krb5_child_handler.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_child_test-krb5_child_handler.obj -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_child_handler.Tpo -c -o src/providers/krb5/krb5_child_test-krb5_child_handler.obj `if test -f 'src/providers/krb5/krb5_child_handler.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_child_handler.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_child_handler.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_child_handler.Tpo src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_child_handler.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_child_handler.c' object='src/providers/krb5/krb5_child_test-krb5_child_handler.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_child_test-krb5_child_handler.obj `if test -f 'src/providers/krb5/krb5_child_handler.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_child_handler.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_child_handler.c'; fi` src/providers/krb5/krb5_child_test-krb5_become_user.o: src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_child_test-krb5_become_user.o -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_become_user.Tpo -c -o src/providers/krb5/krb5_child_test-krb5_become_user.o `test -f 'src/providers/krb5/krb5_become_user.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_become_user.Tpo src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_become_user.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_become_user.c' object='src/providers/krb5/krb5_child_test-krb5_become_user.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_child_test-krb5_become_user.o `test -f 'src/providers/krb5/krb5_become_user.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_become_user.c src/providers/krb5/krb5_child_test-krb5_become_user.obj: src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_child_test-krb5_become_user.obj -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_become_user.Tpo -c -o src/providers/krb5/krb5_child_test-krb5_become_user.obj `if test -f 'src/providers/krb5/krb5_become_user.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_become_user.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_become_user.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_become_user.Tpo src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_become_user.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_become_user.c' object='src/providers/krb5/krb5_child_test-krb5_become_user.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_child_test-krb5_become_user.obj `if test -f 'src/providers/krb5/krb5_become_user.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_become_user.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_become_user.c'; fi` src/providers/krb5/krb5_child_test-krb5_common.o: src/providers/krb5/krb5_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_child_test-krb5_common.o -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_common.Tpo -c -o src/providers/krb5/krb5_child_test-krb5_common.o `test -f 'src/providers/krb5/krb5_common.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_common.Tpo src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_common.c' object='src/providers/krb5/krb5_child_test-krb5_common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_child_test-krb5_common.o `test -f 'src/providers/krb5/krb5_common.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_common.c src/providers/krb5/krb5_child_test-krb5_common.obj: src/providers/krb5/krb5_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_child_test-krb5_common.obj -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_common.Tpo -c -o src/providers/krb5/krb5_child_test-krb5_common.obj `if test -f 'src/providers/krb5/krb5_common.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_common.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_common.Tpo src/providers/krb5/$(DEPDIR)/krb5_child_test-krb5_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_common.c' object='src/providers/krb5/krb5_child_test-krb5_common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_child_test-krb5_common.obj `if test -f 'src/providers/krb5/krb5_common.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_common.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_common.c'; fi` src/util/krb5_child_test-sss_krb5.o: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/util/krb5_child_test-sss_krb5.o -MD -MP -MF src/util/$(DEPDIR)/krb5_child_test-sss_krb5.Tpo -c -o src/util/krb5_child_test-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child_test-sss_krb5.Tpo src/util/$(DEPDIR)/krb5_child_test-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/krb5_child_test-sss_krb5.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child_test-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c src/util/krb5_child_test-sss_krb5.obj: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/util/krb5_child_test-sss_krb5.obj -MD -MP -MF src/util/$(DEPDIR)/krb5_child_test-sss_krb5.Tpo -c -o src/util/krb5_child_test-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child_test-sss_krb5.Tpo src/util/$(DEPDIR)/krb5_child_test-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/krb5_child_test-sss_krb5.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child_test-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` src/util/krb5_child_test-find_uid.o: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/util/krb5_child_test-find_uid.o -MD -MP -MF src/util/$(DEPDIR)/krb5_child_test-find_uid.Tpo -c -o src/util/krb5_child_test-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child_test-find_uid.Tpo src/util/$(DEPDIR)/krb5_child_test-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/krb5_child_test-find_uid.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child_test-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c src/util/krb5_child_test-find_uid.obj: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/util/krb5_child_test-find_uid.obj -MD -MP -MF src/util/$(DEPDIR)/krb5_child_test-find_uid.Tpo -c -o src/util/krb5_child_test-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child_test-find_uid.Tpo src/util/$(DEPDIR)/krb5_child_test-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/krb5_child_test-find_uid.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child_test-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` src/providers/krb5_child_test-data_provider_fo.o: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5_child_test-data_provider_fo.o -MD -MP -MF src/providers/$(DEPDIR)/krb5_child_test-data_provider_fo.Tpo -c -o src/providers/krb5_child_test-data_provider_fo.o `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_child_test-data_provider_fo.Tpo src/providers/$(DEPDIR)/krb5_child_test-data_provider_fo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/krb5_child_test-data_provider_fo.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_child_test-data_provider_fo.o `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c src/providers/krb5_child_test-data_provider_fo.obj: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5_child_test-data_provider_fo.obj -MD -MP -MF src/providers/$(DEPDIR)/krb5_child_test-data_provider_fo.Tpo -c -o src/providers/krb5_child_test-data_provider_fo.obj `if test -f 'src/providers/data_provider_fo.c'; then $(CYGPATH_W) 'src/providers/data_provider_fo.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_fo.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_child_test-data_provider_fo.Tpo src/providers/$(DEPDIR)/krb5_child_test-data_provider_fo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/krb5_child_test-data_provider_fo.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_child_test-data_provider_fo.obj `if test -f 'src/providers/data_provider_fo.c'; then $(CYGPATH_W) 'src/providers/data_provider_fo.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_fo.c'; fi` src/providers/krb5_child_test-data_provider_opts.o: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5_child_test-data_provider_opts.o -MD -MP -MF src/providers/$(DEPDIR)/krb5_child_test-data_provider_opts.Tpo -c -o src/providers/krb5_child_test-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_child_test-data_provider_opts.Tpo src/providers/$(DEPDIR)/krb5_child_test-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/krb5_child_test-data_provider_opts.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_child_test-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c src/providers/krb5_child_test-data_provider_opts.obj: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5_child_test-data_provider_opts.obj -MD -MP -MF src/providers/$(DEPDIR)/krb5_child_test-data_provider_opts.Tpo -c -o src/providers/krb5_child_test-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_child_test-data_provider_opts.Tpo src/providers/$(DEPDIR)/krb5_child_test-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/krb5_child_test-data_provider_opts.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_child_test-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` src/providers/krb5_child_test-data_provider_callbacks.o: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5_child_test-data_provider_callbacks.o -MD -MP -MF src/providers/$(DEPDIR)/krb5_child_test-data_provider_callbacks.Tpo -c -o src/providers/krb5_child_test-data_provider_callbacks.o `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_child_test-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/krb5_child_test-data_provider_callbacks.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/krb5_child_test-data_provider_callbacks.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_child_test-data_provider_callbacks.o `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c src/providers/krb5_child_test-data_provider_callbacks.obj: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5_child_test-data_provider_callbacks.obj -MD -MP -MF src/providers/$(DEPDIR)/krb5_child_test-data_provider_callbacks.Tpo -c -o src/providers/krb5_child_test-data_provider_callbacks.obj `if test -f 'src/providers/data_provider_callbacks.c'; then $(CYGPATH_W) 'src/providers/data_provider_callbacks.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_callbacks.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_child_test-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/krb5_child_test-data_provider_callbacks.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/krb5_child_test-data_provider_callbacks.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_child_test-data_provider_callbacks.obj `if test -f 'src/providers/data_provider_callbacks.c'; then $(CYGPATH_W) 'src/providers/data_provider_callbacks.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_callbacks.c'; fi` src/providers/krb5_child_test-fail_over.o: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5_child_test-fail_over.o -MD -MP -MF src/providers/$(DEPDIR)/krb5_child_test-fail_over.Tpo -c -o src/providers/krb5_child_test-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_child_test-fail_over.Tpo src/providers/$(DEPDIR)/krb5_child_test-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/krb5_child_test-fail_over.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_child_test-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c src/providers/krb5_child_test-fail_over.obj: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5_child_test-fail_over.obj -MD -MP -MF src/providers/$(DEPDIR)/krb5_child_test-fail_over.Tpo -c -o src/providers/krb5_child_test-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_child_test-fail_over.Tpo src/providers/$(DEPDIR)/krb5_child_test-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/krb5_child_test-fail_over.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_child_test-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` src/providers/krb5_child_test-fail_over_srv.o: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5_child_test-fail_over_srv.o -MD -MP -MF src/providers/$(DEPDIR)/krb5_child_test-fail_over_srv.Tpo -c -o src/providers/krb5_child_test-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_child_test-fail_over_srv.Tpo src/providers/$(DEPDIR)/krb5_child_test-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/krb5_child_test-fail_over_srv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_child_test-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c src/providers/krb5_child_test-fail_over_srv.obj: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/providers/krb5_child_test-fail_over_srv.obj -MD -MP -MF src/providers/$(DEPDIR)/krb5_child_test-fail_over_srv.Tpo -c -o src/providers/krb5_child_test-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_child_test-fail_over_srv.Tpo src/providers/$(DEPDIR)/krb5_child_test-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/krb5_child_test-fail_over_srv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_child_test-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` src/resolv/krb5_child_test-async_resolv.o: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/resolv/krb5_child_test-async_resolv.o -MD -MP -MF src/resolv/$(DEPDIR)/krb5_child_test-async_resolv.Tpo -c -o src/resolv/krb5_child_test-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/krb5_child_test-async_resolv.Tpo src/resolv/$(DEPDIR)/krb5_child_test-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/krb5_child_test-async_resolv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/resolv/krb5_child_test-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c src/resolv/krb5_child_test-async_resolv.obj: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/resolv/krb5_child_test-async_resolv.obj -MD -MP -MF src/resolv/$(DEPDIR)/krb5_child_test-async_resolv.Tpo -c -o src/resolv/krb5_child_test-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/krb5_child_test-async_resolv.Tpo src/resolv/$(DEPDIR)/krb5_child_test-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/krb5_child_test-async_resolv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/resolv/krb5_child_test-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` src/resolv/krb5_child_test-async_resolv_utils.o: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/resolv/krb5_child_test-async_resolv_utils.o -MD -MP -MF src/resolv/$(DEPDIR)/krb5_child_test-async_resolv_utils.Tpo -c -o src/resolv/krb5_child_test-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/krb5_child_test-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/krb5_child_test-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/krb5_child_test-async_resolv_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/resolv/krb5_child_test-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c src/resolv/krb5_child_test-async_resolv_utils.obj: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/resolv/krb5_child_test-async_resolv_utils.obj -MD -MP -MF src/resolv/$(DEPDIR)/krb5_child_test-async_resolv_utils.Tpo -c -o src/resolv/krb5_child_test-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/krb5_child_test-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/krb5_child_test-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/krb5_child_test-async_resolv_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/resolv/krb5_child_test-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` src/resolv/ares/krb5_child_test-ares_parse_srv_reply.o: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/resolv/ares/krb5_child_test-ares_parse_srv_reply.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/krb5_child_test-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/krb5_child_test-ares_parse_srv_reply.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/krb5_child_test-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c src/resolv/ares/krb5_child_test-ares_parse_srv_reply.obj: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/resolv/ares/krb5_child_test-ares_parse_srv_reply.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/krb5_child_test-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/krb5_child_test-ares_parse_srv_reply.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/krb5_child_test-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` src/resolv/ares/krb5_child_test-ares_data.o: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/resolv/ares/krb5_child_test-ares_data.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_data.Tpo -c -o src/resolv/ares/krb5_child_test-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_data.Tpo src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/krb5_child_test-ares_data.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/krb5_child_test-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c src/resolv/ares/krb5_child_test-ares_data.obj: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -MT src/resolv/ares/krb5_child_test-ares_data.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_data.Tpo -c -o src/resolv/ares/krb5_child_test-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_data.Tpo src/resolv/ares/$(DEPDIR)/krb5_child_test-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/krb5_child_test-ares_data.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_test_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/krb5_child_test-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` src/tests/krb5_utils_tests-krb5_utils-tests.o: src/tests/krb5_utils-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/tests/krb5_utils_tests-krb5_utils-tests.o -MD -MP -MF src/tests/$(DEPDIR)/krb5_utils_tests-krb5_utils-tests.Tpo -c -o src/tests/krb5_utils_tests-krb5_utils-tests.o `test -f 'src/tests/krb5_utils-tests.c' || echo '$(srcdir)/'`src/tests/krb5_utils-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/krb5_utils_tests-krb5_utils-tests.Tpo src/tests/$(DEPDIR)/krb5_utils_tests-krb5_utils-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/krb5_utils-tests.c' object='src/tests/krb5_utils_tests-krb5_utils-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/tests/krb5_utils_tests-krb5_utils-tests.o `test -f 'src/tests/krb5_utils-tests.c' || echo '$(srcdir)/'`src/tests/krb5_utils-tests.c src/tests/krb5_utils_tests-krb5_utils-tests.obj: src/tests/krb5_utils-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/tests/krb5_utils_tests-krb5_utils-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/krb5_utils_tests-krb5_utils-tests.Tpo -c -o src/tests/krb5_utils_tests-krb5_utils-tests.obj `if test -f 'src/tests/krb5_utils-tests.c'; then $(CYGPATH_W) 'src/tests/krb5_utils-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/krb5_utils-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/krb5_utils_tests-krb5_utils-tests.Tpo src/tests/$(DEPDIR)/krb5_utils_tests-krb5_utils-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/krb5_utils-tests.c' object='src/tests/krb5_utils_tests-krb5_utils-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/tests/krb5_utils_tests-krb5_utils-tests.obj `if test -f 'src/tests/krb5_utils-tests.c'; then $(CYGPATH_W) 'src/tests/krb5_utils-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/krb5_utils-tests.c'; fi` src/providers/krb5/krb5_utils_tests-krb5_utils.o: src/providers/krb5/krb5_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_utils_tests-krb5_utils.o -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_utils.Tpo -c -o src/providers/krb5/krb5_utils_tests-krb5_utils.o `test -f 'src/providers/krb5/krb5_utils.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_utils.Tpo src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_utils.c' object='src/providers/krb5/krb5_utils_tests-krb5_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_utils_tests-krb5_utils.o `test -f 'src/providers/krb5/krb5_utils.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_utils.c src/providers/krb5/krb5_utils_tests-krb5_utils.obj: src/providers/krb5/krb5_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_utils_tests-krb5_utils.obj -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_utils.Tpo -c -o src/providers/krb5/krb5_utils_tests-krb5_utils.obj `if test -f 'src/providers/krb5/krb5_utils.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_utils.Tpo src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_utils.c' object='src/providers/krb5/krb5_utils_tests-krb5_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_utils_tests-krb5_utils.obj `if test -f 'src/providers/krb5/krb5_utils.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_utils.c'; fi` src/providers/krb5/krb5_utils_tests-krb5_become_user.o: src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_utils_tests-krb5_become_user.o -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_become_user.Tpo -c -o src/providers/krb5/krb5_utils_tests-krb5_become_user.o `test -f 'src/providers/krb5/krb5_become_user.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_become_user.Tpo src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_become_user.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_become_user.c' object='src/providers/krb5/krb5_utils_tests-krb5_become_user.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_utils_tests-krb5_become_user.o `test -f 'src/providers/krb5/krb5_become_user.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_become_user.c src/providers/krb5/krb5_utils_tests-krb5_become_user.obj: src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_utils_tests-krb5_become_user.obj -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_become_user.Tpo -c -o src/providers/krb5/krb5_utils_tests-krb5_become_user.obj `if test -f 'src/providers/krb5/krb5_become_user.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_become_user.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_become_user.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_become_user.Tpo src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_become_user.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_become_user.c' object='src/providers/krb5/krb5_utils_tests-krb5_become_user.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_utils_tests-krb5_become_user.obj `if test -f 'src/providers/krb5/krb5_become_user.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_become_user.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_become_user.c'; fi` src/providers/krb5/krb5_utils_tests-krb5_common.o: src/providers/krb5/krb5_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_utils_tests-krb5_common.o -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_common.Tpo -c -o src/providers/krb5/krb5_utils_tests-krb5_common.o `test -f 'src/providers/krb5/krb5_common.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_common.Tpo src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_common.c' object='src/providers/krb5/krb5_utils_tests-krb5_common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_utils_tests-krb5_common.o `test -f 'src/providers/krb5/krb5_common.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_common.c src/providers/krb5/krb5_utils_tests-krb5_common.obj: src/providers/krb5/krb5_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_utils_tests-krb5_common.obj -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_common.Tpo -c -o src/providers/krb5/krb5_utils_tests-krb5_common.obj `if test -f 'src/providers/krb5/krb5_common.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_common.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_common.Tpo src/providers/krb5/$(DEPDIR)/krb5_utils_tests-krb5_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_common.c' object='src/providers/krb5/krb5_utils_tests-krb5_common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_utils_tests-krb5_common.obj `if test -f 'src/providers/krb5/krb5_common.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_common.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_common.c'; fi` src/util/krb5_utils_tests-sss_krb5.o: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/util/krb5_utils_tests-sss_krb5.o -MD -MP -MF src/util/$(DEPDIR)/krb5_utils_tests-sss_krb5.Tpo -c -o src/util/krb5_utils_tests-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_utils_tests-sss_krb5.Tpo src/util/$(DEPDIR)/krb5_utils_tests-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/krb5_utils_tests-sss_krb5.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/util/krb5_utils_tests-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c src/util/krb5_utils_tests-sss_krb5.obj: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/util/krb5_utils_tests-sss_krb5.obj -MD -MP -MF src/util/$(DEPDIR)/krb5_utils_tests-sss_krb5.Tpo -c -o src/util/krb5_utils_tests-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_utils_tests-sss_krb5.Tpo src/util/$(DEPDIR)/krb5_utils_tests-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/krb5_utils_tests-sss_krb5.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/util/krb5_utils_tests-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` src/util/krb5_utils_tests-find_uid.o: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/util/krb5_utils_tests-find_uid.o -MD -MP -MF src/util/$(DEPDIR)/krb5_utils_tests-find_uid.Tpo -c -o src/util/krb5_utils_tests-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_utils_tests-find_uid.Tpo src/util/$(DEPDIR)/krb5_utils_tests-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/krb5_utils_tests-find_uid.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/util/krb5_utils_tests-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c src/util/krb5_utils_tests-find_uid.obj: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/util/krb5_utils_tests-find_uid.obj -MD -MP -MF src/util/$(DEPDIR)/krb5_utils_tests-find_uid.Tpo -c -o src/util/krb5_utils_tests-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_utils_tests-find_uid.Tpo src/util/$(DEPDIR)/krb5_utils_tests-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/krb5_utils_tests-find_uid.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/util/krb5_utils_tests-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` src/providers/krb5_utils_tests-data_provider_fo.o: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5_utils_tests-data_provider_fo.o -MD -MP -MF src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_fo.Tpo -c -o src/providers/krb5_utils_tests-data_provider_fo.o `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_fo.Tpo src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_fo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/krb5_utils_tests-data_provider_fo.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_utils_tests-data_provider_fo.o `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c src/providers/krb5_utils_tests-data_provider_fo.obj: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5_utils_tests-data_provider_fo.obj -MD -MP -MF src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_fo.Tpo -c -o src/providers/krb5_utils_tests-data_provider_fo.obj `if test -f 'src/providers/data_provider_fo.c'; then $(CYGPATH_W) 'src/providers/data_provider_fo.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_fo.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_fo.Tpo src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_fo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/krb5_utils_tests-data_provider_fo.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_utils_tests-data_provider_fo.obj `if test -f 'src/providers/data_provider_fo.c'; then $(CYGPATH_W) 'src/providers/data_provider_fo.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_fo.c'; fi` src/providers/krb5_utils_tests-data_provider_opts.o: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5_utils_tests-data_provider_opts.o -MD -MP -MF src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_opts.Tpo -c -o src/providers/krb5_utils_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/krb5_utils_tests-data_provider_opts.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_utils_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c src/providers/krb5_utils_tests-data_provider_opts.obj: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5_utils_tests-data_provider_opts.obj -MD -MP -MF src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_opts.Tpo -c -o src/providers/krb5_utils_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/krb5_utils_tests-data_provider_opts.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_utils_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` src/providers/krb5_utils_tests-data_provider_callbacks.o: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5_utils_tests-data_provider_callbacks.o -MD -MP -MF src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_callbacks.Tpo -c -o src/providers/krb5_utils_tests-data_provider_callbacks.o `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_callbacks.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/krb5_utils_tests-data_provider_callbacks.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_utils_tests-data_provider_callbacks.o `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c src/providers/krb5_utils_tests-data_provider_callbacks.obj: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5_utils_tests-data_provider_callbacks.obj -MD -MP -MF src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_callbacks.Tpo -c -o src/providers/krb5_utils_tests-data_provider_callbacks.obj `if test -f 'src/providers/data_provider_callbacks.c'; then $(CYGPATH_W) 'src/providers/data_provider_callbacks.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_callbacks.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/krb5_utils_tests-data_provider_callbacks.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/krb5_utils_tests-data_provider_callbacks.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_utils_tests-data_provider_callbacks.obj `if test -f 'src/providers/data_provider_callbacks.c'; then $(CYGPATH_W) 'src/providers/data_provider_callbacks.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_callbacks.c'; fi` src/providers/krb5_utils_tests-fail_over.o: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5_utils_tests-fail_over.o -MD -MP -MF src/providers/$(DEPDIR)/krb5_utils_tests-fail_over.Tpo -c -o src/providers/krb5_utils_tests-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_utils_tests-fail_over.Tpo src/providers/$(DEPDIR)/krb5_utils_tests-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/krb5_utils_tests-fail_over.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_utils_tests-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c src/providers/krb5_utils_tests-fail_over.obj: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5_utils_tests-fail_over.obj -MD -MP -MF src/providers/$(DEPDIR)/krb5_utils_tests-fail_over.Tpo -c -o src/providers/krb5_utils_tests-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_utils_tests-fail_over.Tpo src/providers/$(DEPDIR)/krb5_utils_tests-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/krb5_utils_tests-fail_over.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_utils_tests-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` src/providers/krb5_utils_tests-fail_over_srv.o: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5_utils_tests-fail_over_srv.o -MD -MP -MF src/providers/$(DEPDIR)/krb5_utils_tests-fail_over_srv.Tpo -c -o src/providers/krb5_utils_tests-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_utils_tests-fail_over_srv.Tpo src/providers/$(DEPDIR)/krb5_utils_tests-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/krb5_utils_tests-fail_over_srv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_utils_tests-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c src/providers/krb5_utils_tests-fail_over_srv.obj: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/providers/krb5_utils_tests-fail_over_srv.obj -MD -MP -MF src/providers/$(DEPDIR)/krb5_utils_tests-fail_over_srv.Tpo -c -o src/providers/krb5_utils_tests-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_utils_tests-fail_over_srv.Tpo src/providers/$(DEPDIR)/krb5_utils_tests-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/krb5_utils_tests-fail_over_srv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_utils_tests-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` src/resolv/krb5_utils_tests-async_resolv.o: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/resolv/krb5_utils_tests-async_resolv.o -MD -MP -MF src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv.Tpo -c -o src/resolv/krb5_utils_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/krb5_utils_tests-async_resolv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/krb5_utils_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c src/resolv/krb5_utils_tests-async_resolv.obj: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/resolv/krb5_utils_tests-async_resolv.obj -MD -MP -MF src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv.Tpo -c -o src/resolv/krb5_utils_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/krb5_utils_tests-async_resolv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/krb5_utils_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` src/resolv/krb5_utils_tests-async_resolv_utils.o: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/resolv/krb5_utils_tests-async_resolv_utils.o -MD -MP -MF src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv_utils.Tpo -c -o src/resolv/krb5_utils_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/krb5_utils_tests-async_resolv_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/krb5_utils_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c src/resolv/krb5_utils_tests-async_resolv_utils.obj: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/resolv/krb5_utils_tests-async_resolv_utils.obj -MD -MP -MF src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv_utils.Tpo -c -o src/resolv/krb5_utils_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/krb5_utils_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/krb5_utils_tests-async_resolv_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/krb5_utils_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` src/resolv/ares/krb5_utils_tests-ares_parse_srv_reply.o: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/krb5_utils_tests-ares_parse_srv_reply.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/krb5_utils_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/krb5_utils_tests-ares_parse_srv_reply.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/krb5_utils_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c src/resolv/ares/krb5_utils_tests-ares_parse_srv_reply.obj: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/krb5_utils_tests-ares_parse_srv_reply.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/krb5_utils_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/krb5_utils_tests-ares_parse_srv_reply.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/krb5_utils_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` src/resolv/ares/krb5_utils_tests-ares_data.o: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/krb5_utils_tests-ares_data.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_data.Tpo -c -o src/resolv/ares/krb5_utils_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/krb5_utils_tests-ares_data.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/krb5_utils_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c src/resolv/ares/krb5_utils_tests-ares_data.obj: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/krb5_utils_tests-ares_data.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_data.Tpo -c -o src/resolv/ares/krb5_utils_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/krb5_utils_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/krb5_utils_tests-ares_data.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_utils_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/krb5_utils_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` src/providers/krb5/krb5_child-krb5_become_user.o: src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_child-krb5_become_user.o -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_child-krb5_become_user.Tpo -c -o src/providers/krb5/krb5_child-krb5_become_user.o `test -f 'src/providers/krb5/krb5_become_user.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_child-krb5_become_user.Tpo src/providers/krb5/$(DEPDIR)/krb5_child-krb5_become_user.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_become_user.c' object='src/providers/krb5/krb5_child-krb5_become_user.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_child-krb5_become_user.o `test -f 'src/providers/krb5/krb5_become_user.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_become_user.c src/providers/krb5/krb5_child-krb5_become_user.obj: src/providers/krb5/krb5_become_user.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_child-krb5_become_user.obj -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_child-krb5_become_user.Tpo -c -o src/providers/krb5/krb5_child-krb5_become_user.obj `if test -f 'src/providers/krb5/krb5_become_user.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_become_user.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_become_user.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_child-krb5_become_user.Tpo src/providers/krb5/$(DEPDIR)/krb5_child-krb5_become_user.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_become_user.c' object='src/providers/krb5/krb5_child-krb5_become_user.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_child-krb5_become_user.obj `if test -f 'src/providers/krb5/krb5_become_user.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_become_user.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_become_user.c'; fi` src/providers/krb5/krb5_child-krb5_child.o: src/providers/krb5/krb5_child.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_child-krb5_child.o -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_child-krb5_child.Tpo -c -o src/providers/krb5/krb5_child-krb5_child.o `test -f 'src/providers/krb5/krb5_child.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_child.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_child-krb5_child.Tpo src/providers/krb5/$(DEPDIR)/krb5_child-krb5_child.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_child.c' object='src/providers/krb5/krb5_child-krb5_child.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_child-krb5_child.o `test -f 'src/providers/krb5/krb5_child.c' || echo '$(srcdir)/'`src/providers/krb5/krb5_child.c src/providers/krb5/krb5_child-krb5_child.obj: src/providers/krb5/krb5_child.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/providers/krb5/krb5_child-krb5_child.obj -MD -MP -MF src/providers/krb5/$(DEPDIR)/krb5_child-krb5_child.Tpo -c -o src/providers/krb5/krb5_child-krb5_child.obj `if test -f 'src/providers/krb5/krb5_child.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_child.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_child.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/krb5/$(DEPDIR)/krb5_child-krb5_child.Tpo src/providers/krb5/$(DEPDIR)/krb5_child-krb5_child.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/krb5/krb5_child.c' object='src/providers/krb5/krb5_child-krb5_child.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/providers/krb5/krb5_child-krb5_child.obj `if test -f 'src/providers/krb5/krb5_child.c'; then $(CYGPATH_W) 'src/providers/krb5/krb5_child.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/krb5/krb5_child.c'; fi` src/providers/krb5_child-dp_pam_data_util.o: src/providers/dp_pam_data_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/providers/krb5_child-dp_pam_data_util.o -MD -MP -MF src/providers/$(DEPDIR)/krb5_child-dp_pam_data_util.Tpo -c -o src/providers/krb5_child-dp_pam_data_util.o `test -f 'src/providers/dp_pam_data_util.c' || echo '$(srcdir)/'`src/providers/dp_pam_data_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_child-dp_pam_data_util.Tpo src/providers/$(DEPDIR)/krb5_child-dp_pam_data_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_pam_data_util.c' object='src/providers/krb5_child-dp_pam_data_util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_child-dp_pam_data_util.o `test -f 'src/providers/dp_pam_data_util.c' || echo '$(srcdir)/'`src/providers/dp_pam_data_util.c src/providers/krb5_child-dp_pam_data_util.obj: src/providers/dp_pam_data_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/providers/krb5_child-dp_pam_data_util.obj -MD -MP -MF src/providers/$(DEPDIR)/krb5_child-dp_pam_data_util.Tpo -c -o src/providers/krb5_child-dp_pam_data_util.obj `if test -f 'src/providers/dp_pam_data_util.c'; then $(CYGPATH_W) 'src/providers/dp_pam_data_util.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_pam_data_util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/krb5_child-dp_pam_data_util.Tpo src/providers/$(DEPDIR)/krb5_child-dp_pam_data_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_pam_data_util.c' object='src/providers/krb5_child-dp_pam_data_util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/providers/krb5_child-dp_pam_data_util.obj `if test -f 'src/providers/dp_pam_data_util.c'; then $(CYGPATH_W) 'src/providers/dp_pam_data_util.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_pam_data_util.c'; fi` src/util/krb5_child-user_info_msg.o: src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/util/krb5_child-user_info_msg.o -MD -MP -MF src/util/$(DEPDIR)/krb5_child-user_info_msg.Tpo -c -o src/util/krb5_child-user_info_msg.o `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child-user_info_msg.Tpo src/util/$(DEPDIR)/krb5_child-user_info_msg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/user_info_msg.c' object='src/util/krb5_child-user_info_msg.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child-user_info_msg.o `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c src/util/krb5_child-user_info_msg.obj: src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/util/krb5_child-user_info_msg.obj -MD -MP -MF src/util/$(DEPDIR)/krb5_child-user_info_msg.Tpo -c -o src/util/krb5_child-user_info_msg.obj `if test -f 'src/util/user_info_msg.c'; then $(CYGPATH_W) 'src/util/user_info_msg.c'; else $(CYGPATH_W) '$(srcdir)/src/util/user_info_msg.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child-user_info_msg.Tpo src/util/$(DEPDIR)/krb5_child-user_info_msg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/user_info_msg.c' object='src/util/krb5_child-user_info_msg.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child-user_info_msg.obj `if test -f 'src/util/user_info_msg.c'; then $(CYGPATH_W) 'src/util/user_info_msg.c'; else $(CYGPATH_W) '$(srcdir)/src/util/user_info_msg.c'; fi` src/util/krb5_child-sss_krb5.o: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/util/krb5_child-sss_krb5.o -MD -MP -MF src/util/$(DEPDIR)/krb5_child-sss_krb5.Tpo -c -o src/util/krb5_child-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child-sss_krb5.Tpo src/util/$(DEPDIR)/krb5_child-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/krb5_child-sss_krb5.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c src/util/krb5_child-sss_krb5.obj: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/util/krb5_child-sss_krb5.obj -MD -MP -MF src/util/$(DEPDIR)/krb5_child-sss_krb5.Tpo -c -o src/util/krb5_child-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child-sss_krb5.Tpo src/util/$(DEPDIR)/krb5_child-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/krb5_child-sss_krb5.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` src/util/krb5_child-atomic_io.o: src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/util/krb5_child-atomic_io.o -MD -MP -MF src/util/$(DEPDIR)/krb5_child-atomic_io.Tpo -c -o src/util/krb5_child-atomic_io.o `test -f 'src/util/atomic_io.c' || echo '$(srcdir)/'`src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child-atomic_io.Tpo src/util/$(DEPDIR)/krb5_child-atomic_io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/atomic_io.c' object='src/util/krb5_child-atomic_io.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child-atomic_io.o `test -f 'src/util/atomic_io.c' || echo '$(srcdir)/'`src/util/atomic_io.c src/util/krb5_child-atomic_io.obj: src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/util/krb5_child-atomic_io.obj -MD -MP -MF src/util/$(DEPDIR)/krb5_child-atomic_io.Tpo -c -o src/util/krb5_child-atomic_io.obj `if test -f 'src/util/atomic_io.c'; then $(CYGPATH_W) 'src/util/atomic_io.c'; else $(CYGPATH_W) '$(srcdir)/src/util/atomic_io.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child-atomic_io.Tpo src/util/$(DEPDIR)/krb5_child-atomic_io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/atomic_io.c' object='src/util/krb5_child-atomic_io.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child-atomic_io.obj `if test -f 'src/util/atomic_io.c'; then $(CYGPATH_W) 'src/util/atomic_io.c'; else $(CYGPATH_W) '$(srcdir)/src/util/atomic_io.c'; fi` src/util/krb5_child-authtok.o: src/util/authtok.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/util/krb5_child-authtok.o -MD -MP -MF src/util/$(DEPDIR)/krb5_child-authtok.Tpo -c -o src/util/krb5_child-authtok.o `test -f 'src/util/authtok.c' || echo '$(srcdir)/'`src/util/authtok.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child-authtok.Tpo src/util/$(DEPDIR)/krb5_child-authtok.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/authtok.c' object='src/util/krb5_child-authtok.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child-authtok.o `test -f 'src/util/authtok.c' || echo '$(srcdir)/'`src/util/authtok.c src/util/krb5_child-authtok.obj: src/util/authtok.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/util/krb5_child-authtok.obj -MD -MP -MF src/util/$(DEPDIR)/krb5_child-authtok.Tpo -c -o src/util/krb5_child-authtok.obj `if test -f 'src/util/authtok.c'; then $(CYGPATH_W) 'src/util/authtok.c'; else $(CYGPATH_W) '$(srcdir)/src/util/authtok.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child-authtok.Tpo src/util/$(DEPDIR)/krb5_child-authtok.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/authtok.c' object='src/util/krb5_child-authtok.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child-authtok.obj `if test -f 'src/util/authtok.c'; then $(CYGPATH_W) 'src/util/authtok.c'; else $(CYGPATH_W) '$(srcdir)/src/util/authtok.c'; fi` src/util/krb5_child-util.o: src/util/util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/util/krb5_child-util.o -MD -MP -MF src/util/$(DEPDIR)/krb5_child-util.Tpo -c -o src/util/krb5_child-util.o `test -f 'src/util/util.c' || echo '$(srcdir)/'`src/util/util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child-util.Tpo src/util/$(DEPDIR)/krb5_child-util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/util.c' object='src/util/krb5_child-util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child-util.o `test -f 'src/util/util.c' || echo '$(srcdir)/'`src/util/util.c src/util/krb5_child-util.obj: src/util/util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/util/krb5_child-util.obj -MD -MP -MF src/util/$(DEPDIR)/krb5_child-util.Tpo -c -o src/util/krb5_child-util.obj `if test -f 'src/util/util.c'; then $(CYGPATH_W) 'src/util/util.c'; else $(CYGPATH_W) '$(srcdir)/src/util/util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child-util.Tpo src/util/$(DEPDIR)/krb5_child-util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/util.c' object='src/util/krb5_child-util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child-util.obj `if test -f 'src/util/util.c'; then $(CYGPATH_W) 'src/util/util.c'; else $(CYGPATH_W) '$(srcdir)/src/util/util.c'; fi` src/util/krb5_child-signal.o: src/util/signal.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/util/krb5_child-signal.o -MD -MP -MF src/util/$(DEPDIR)/krb5_child-signal.Tpo -c -o src/util/krb5_child-signal.o `test -f 'src/util/signal.c' || echo '$(srcdir)/'`src/util/signal.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child-signal.Tpo src/util/$(DEPDIR)/krb5_child-signal.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/signal.c' object='src/util/krb5_child-signal.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child-signal.o `test -f 'src/util/signal.c' || echo '$(srcdir)/'`src/util/signal.c src/util/krb5_child-signal.obj: src/util/signal.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/util/krb5_child-signal.obj -MD -MP -MF src/util/$(DEPDIR)/krb5_child-signal.Tpo -c -o src/util/krb5_child-signal.obj `if test -f 'src/util/signal.c'; then $(CYGPATH_W) 'src/util/signal.c'; else $(CYGPATH_W) '$(srcdir)/src/util/signal.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/krb5_child-signal.Tpo src/util/$(DEPDIR)/krb5_child-signal.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/signal.c' object='src/util/krb5_child-signal.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/util/krb5_child-signal.obj `if test -f 'src/util/signal.c'; then $(CYGPATH_W) 'src/util/signal.c'; else $(CYGPATH_W) '$(srcdir)/src/util/signal.c'; fi` src/sss_client/krb5_child-common.o: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/sss_client/krb5_child-common.o -MD -MP -MF src/sss_client/$(DEPDIR)/krb5_child-common.Tpo -c -o src/sss_client/krb5_child-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/krb5_child-common.Tpo src/sss_client/$(DEPDIR)/krb5_child-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/krb5_child-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/sss_client/krb5_child-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c src/sss_client/krb5_child-common.obj: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -MT src/sss_client/krb5_child-common.obj -MD -MP -MF src/sss_client/$(DEPDIR)/krb5_child-common.Tpo -c -o src/sss_client/krb5_child-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/krb5_child-common.Tpo src/sss_client/$(DEPDIR)/krb5_child-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/krb5_child-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(krb5_child_CFLAGS) $(CFLAGS) -c -o src/sss_client/krb5_child-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` src/providers/ldap/ldap_child-ldap_child.o: src/providers/ldap/ldap_child.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -MT src/providers/ldap/ldap_child-ldap_child.o -MD -MP -MF src/providers/ldap/$(DEPDIR)/ldap_child-ldap_child.Tpo -c -o src/providers/ldap/ldap_child-ldap_child.o `test -f 'src/providers/ldap/ldap_child.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_child.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/ldap_child-ldap_child.Tpo src/providers/ldap/$(DEPDIR)/ldap_child-ldap_child.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/ldap_child.c' object='src/providers/ldap/ldap_child-ldap_child.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/ldap_child-ldap_child.o `test -f 'src/providers/ldap/ldap_child.c' || echo '$(srcdir)/'`src/providers/ldap/ldap_child.c src/providers/ldap/ldap_child-ldap_child.obj: src/providers/ldap/ldap_child.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -MT src/providers/ldap/ldap_child-ldap_child.obj -MD -MP -MF src/providers/ldap/$(DEPDIR)/ldap_child-ldap_child.Tpo -c -o src/providers/ldap/ldap_child-ldap_child.obj `if test -f 'src/providers/ldap/ldap_child.c'; then $(CYGPATH_W) 'src/providers/ldap/ldap_child.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/ldap/ldap_child.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ldap/$(DEPDIR)/ldap_child-ldap_child.Tpo src/providers/ldap/$(DEPDIR)/ldap_child-ldap_child.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ldap/ldap_child.c' object='src/providers/ldap/ldap_child-ldap_child.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -c -o src/providers/ldap/ldap_child-ldap_child.obj `if test -f 'src/providers/ldap/ldap_child.c'; then $(CYGPATH_W) 'src/providers/ldap/ldap_child.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/ldap/ldap_child.c'; fi` src/util/ldap_child-sss_krb5.o: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -MT src/util/ldap_child-sss_krb5.o -MD -MP -MF src/util/$(DEPDIR)/ldap_child-sss_krb5.Tpo -c -o src/util/ldap_child-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ldap_child-sss_krb5.Tpo src/util/$(DEPDIR)/ldap_child-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/ldap_child-sss_krb5.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -c -o src/util/ldap_child-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c src/util/ldap_child-sss_krb5.obj: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -MT src/util/ldap_child-sss_krb5.obj -MD -MP -MF src/util/$(DEPDIR)/ldap_child-sss_krb5.Tpo -c -o src/util/ldap_child-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ldap_child-sss_krb5.Tpo src/util/$(DEPDIR)/ldap_child-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/ldap_child-sss_krb5.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -c -o src/util/ldap_child-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` src/util/ldap_child-atomic_io.o: src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -MT src/util/ldap_child-atomic_io.o -MD -MP -MF src/util/$(DEPDIR)/ldap_child-atomic_io.Tpo -c -o src/util/ldap_child-atomic_io.o `test -f 'src/util/atomic_io.c' || echo '$(srcdir)/'`src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ldap_child-atomic_io.Tpo src/util/$(DEPDIR)/ldap_child-atomic_io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/atomic_io.c' object='src/util/ldap_child-atomic_io.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -c -o src/util/ldap_child-atomic_io.o `test -f 'src/util/atomic_io.c' || echo '$(srcdir)/'`src/util/atomic_io.c src/util/ldap_child-atomic_io.obj: src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -MT src/util/ldap_child-atomic_io.obj -MD -MP -MF src/util/$(DEPDIR)/ldap_child-atomic_io.Tpo -c -o src/util/ldap_child-atomic_io.obj `if test -f 'src/util/atomic_io.c'; then $(CYGPATH_W) 'src/util/atomic_io.c'; else $(CYGPATH_W) '$(srcdir)/src/util/atomic_io.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ldap_child-atomic_io.Tpo src/util/$(DEPDIR)/ldap_child-atomic_io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/atomic_io.c' object='src/util/ldap_child-atomic_io.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -c -o src/util/ldap_child-atomic_io.obj `if test -f 'src/util/atomic_io.c'; then $(CYGPATH_W) 'src/util/atomic_io.c'; else $(CYGPATH_W) '$(srcdir)/src/util/atomic_io.c'; fi` src/util/ldap_child-authtok.o: src/util/authtok.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -MT src/util/ldap_child-authtok.o -MD -MP -MF src/util/$(DEPDIR)/ldap_child-authtok.Tpo -c -o src/util/ldap_child-authtok.o `test -f 'src/util/authtok.c' || echo '$(srcdir)/'`src/util/authtok.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ldap_child-authtok.Tpo src/util/$(DEPDIR)/ldap_child-authtok.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/authtok.c' object='src/util/ldap_child-authtok.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -c -o src/util/ldap_child-authtok.o `test -f 'src/util/authtok.c' || echo '$(srcdir)/'`src/util/authtok.c src/util/ldap_child-authtok.obj: src/util/authtok.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -MT src/util/ldap_child-authtok.obj -MD -MP -MF src/util/$(DEPDIR)/ldap_child-authtok.Tpo -c -o src/util/ldap_child-authtok.obj `if test -f 'src/util/authtok.c'; then $(CYGPATH_W) 'src/util/authtok.c'; else $(CYGPATH_W) '$(srcdir)/src/util/authtok.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ldap_child-authtok.Tpo src/util/$(DEPDIR)/ldap_child-authtok.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/authtok.c' object='src/util/ldap_child-authtok.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -c -o src/util/ldap_child-authtok.obj `if test -f 'src/util/authtok.c'; then $(CYGPATH_W) 'src/util/authtok.c'; else $(CYGPATH_W) '$(srcdir)/src/util/authtok.c'; fi` src/util/ldap_child-util.o: src/util/util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -MT src/util/ldap_child-util.o -MD -MP -MF src/util/$(DEPDIR)/ldap_child-util.Tpo -c -o src/util/ldap_child-util.o `test -f 'src/util/util.c' || echo '$(srcdir)/'`src/util/util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ldap_child-util.Tpo src/util/$(DEPDIR)/ldap_child-util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/util.c' object='src/util/ldap_child-util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -c -o src/util/ldap_child-util.o `test -f 'src/util/util.c' || echo '$(srcdir)/'`src/util/util.c src/util/ldap_child-util.obj: src/util/util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -MT src/util/ldap_child-util.obj -MD -MP -MF src/util/$(DEPDIR)/ldap_child-util.Tpo -c -o src/util/ldap_child-util.obj `if test -f 'src/util/util.c'; then $(CYGPATH_W) 'src/util/util.c'; else $(CYGPATH_W) '$(srcdir)/src/util/util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ldap_child-util.Tpo src/util/$(DEPDIR)/ldap_child-util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/util.c' object='src/util/ldap_child-util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -c -o src/util/ldap_child-util.obj `if test -f 'src/util/util.c'; then $(CYGPATH_W) 'src/util/util.c'; else $(CYGPATH_W) '$(srcdir)/src/util/util.c'; fi` src/util/ldap_child-signal.o: src/util/signal.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -MT src/util/ldap_child-signal.o -MD -MP -MF src/util/$(DEPDIR)/ldap_child-signal.Tpo -c -o src/util/ldap_child-signal.o `test -f 'src/util/signal.c' || echo '$(srcdir)/'`src/util/signal.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ldap_child-signal.Tpo src/util/$(DEPDIR)/ldap_child-signal.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/signal.c' object='src/util/ldap_child-signal.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -c -o src/util/ldap_child-signal.o `test -f 'src/util/signal.c' || echo '$(srcdir)/'`src/util/signal.c src/util/ldap_child-signal.obj: src/util/signal.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -MT src/util/ldap_child-signal.obj -MD -MP -MF src/util/$(DEPDIR)/ldap_child-signal.Tpo -c -o src/util/ldap_child-signal.obj `if test -f 'src/util/signal.c'; then $(CYGPATH_W) 'src/util/signal.c'; else $(CYGPATH_W) '$(srcdir)/src/util/signal.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/ldap_child-signal.Tpo src/util/$(DEPDIR)/ldap_child-signal.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/signal.c' object='src/util/ldap_child-signal.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ldap_child_CFLAGS) $(CFLAGS) -c -o src/util/ldap_child-signal.obj `if test -f 'src/util/signal.c'; then $(CYGPATH_W) 'src/util/signal.c'; else $(CYGPATH_W) '$(srcdir)/src/util/signal.c'; fi` src/tests/cmocka/nss_srv_tests-common_mock_resp.o: src/tests/cmocka/common_mock_resp.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/nss_srv_tests-common_mock_resp.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/nss_srv_tests-common_mock_resp.Tpo -c -o src/tests/cmocka/nss_srv_tests-common_mock_resp.o `test -f 'src/tests/cmocka/common_mock_resp.c' || echo '$(srcdir)/'`src/tests/cmocka/common_mock_resp.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/nss_srv_tests-common_mock_resp.Tpo src/tests/cmocka/$(DEPDIR)/nss_srv_tests-common_mock_resp.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/common_mock_resp.c' object='src/tests/cmocka/nss_srv_tests-common_mock_resp.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/nss_srv_tests-common_mock_resp.o `test -f 'src/tests/cmocka/common_mock_resp.c' || echo '$(srcdir)/'`src/tests/cmocka/common_mock_resp.c src/tests/cmocka/nss_srv_tests-common_mock_resp.obj: src/tests/cmocka/common_mock_resp.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/nss_srv_tests-common_mock_resp.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/nss_srv_tests-common_mock_resp.Tpo -c -o src/tests/cmocka/nss_srv_tests-common_mock_resp.obj `if test -f 'src/tests/cmocka/common_mock_resp.c'; then $(CYGPATH_W) 'src/tests/cmocka/common_mock_resp.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/common_mock_resp.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/nss_srv_tests-common_mock_resp.Tpo src/tests/cmocka/$(DEPDIR)/nss_srv_tests-common_mock_resp.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/common_mock_resp.c' object='src/tests/cmocka/nss_srv_tests-common_mock_resp.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/nss_srv_tests-common_mock_resp.obj `if test -f 'src/tests/cmocka/common_mock_resp.c'; then $(CYGPATH_W) 'src/tests/cmocka/common_mock_resp.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/common_mock_resp.c'; fi` src/responder/common/nss_srv_tests-responder_packet.o: src/responder/common/responder_packet.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/nss_srv_tests-responder_packet.o -MD -MP -MF src/responder/common/$(DEPDIR)/nss_srv_tests-responder_packet.Tpo -c -o src/responder/common/nss_srv_tests-responder_packet.o `test -f 'src/responder/common/responder_packet.c' || echo '$(srcdir)/'`src/responder/common/responder_packet.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/nss_srv_tests-responder_packet.Tpo src/responder/common/$(DEPDIR)/nss_srv_tests-responder_packet.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_packet.c' object='src/responder/common/nss_srv_tests-responder_packet.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/nss_srv_tests-responder_packet.o `test -f 'src/responder/common/responder_packet.c' || echo '$(srcdir)/'`src/responder/common/responder_packet.c src/responder/common/nss_srv_tests-responder_packet.obj: src/responder/common/responder_packet.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/nss_srv_tests-responder_packet.obj -MD -MP -MF src/responder/common/$(DEPDIR)/nss_srv_tests-responder_packet.Tpo -c -o src/responder/common/nss_srv_tests-responder_packet.obj `if test -f 'src/responder/common/responder_packet.c'; then $(CYGPATH_W) 'src/responder/common/responder_packet.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_packet.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/nss_srv_tests-responder_packet.Tpo src/responder/common/$(DEPDIR)/nss_srv_tests-responder_packet.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_packet.c' object='src/responder/common/nss_srv_tests-responder_packet.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/nss_srv_tests-responder_packet.obj `if test -f 'src/responder/common/responder_packet.c'; then $(CYGPATH_W) 'src/responder/common/responder_packet.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_packet.c'; fi` src/responder/common/nss_srv_tests-responder_cmd.o: src/responder/common/responder_cmd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/nss_srv_tests-responder_cmd.o -MD -MP -MF src/responder/common/$(DEPDIR)/nss_srv_tests-responder_cmd.Tpo -c -o src/responder/common/nss_srv_tests-responder_cmd.o `test -f 'src/responder/common/responder_cmd.c' || echo '$(srcdir)/'`src/responder/common/responder_cmd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/nss_srv_tests-responder_cmd.Tpo src/responder/common/$(DEPDIR)/nss_srv_tests-responder_cmd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_cmd.c' object='src/responder/common/nss_srv_tests-responder_cmd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/nss_srv_tests-responder_cmd.o `test -f 'src/responder/common/responder_cmd.c' || echo '$(srcdir)/'`src/responder/common/responder_cmd.c src/responder/common/nss_srv_tests-responder_cmd.obj: src/responder/common/responder_cmd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/nss_srv_tests-responder_cmd.obj -MD -MP -MF src/responder/common/$(DEPDIR)/nss_srv_tests-responder_cmd.Tpo -c -o src/responder/common/nss_srv_tests-responder_cmd.obj `if test -f 'src/responder/common/responder_cmd.c'; then $(CYGPATH_W) 'src/responder/common/responder_cmd.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_cmd.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/nss_srv_tests-responder_cmd.Tpo src/responder/common/$(DEPDIR)/nss_srv_tests-responder_cmd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_cmd.c' object='src/responder/common/nss_srv_tests-responder_cmd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/nss_srv_tests-responder_cmd.obj `if test -f 'src/responder/common/responder_cmd.c'; then $(CYGPATH_W) 'src/responder/common/responder_cmd.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_cmd.c'; fi` src/responder/common/nss_srv_tests-negcache.o: src/responder/common/negcache.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/nss_srv_tests-negcache.o -MD -MP -MF src/responder/common/$(DEPDIR)/nss_srv_tests-negcache.Tpo -c -o src/responder/common/nss_srv_tests-negcache.o `test -f 'src/responder/common/negcache.c' || echo '$(srcdir)/'`src/responder/common/negcache.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/nss_srv_tests-negcache.Tpo src/responder/common/$(DEPDIR)/nss_srv_tests-negcache.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/negcache.c' object='src/responder/common/nss_srv_tests-negcache.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/nss_srv_tests-negcache.o `test -f 'src/responder/common/negcache.c' || echo '$(srcdir)/'`src/responder/common/negcache.c src/responder/common/nss_srv_tests-negcache.obj: src/responder/common/negcache.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/nss_srv_tests-negcache.obj -MD -MP -MF src/responder/common/$(DEPDIR)/nss_srv_tests-negcache.Tpo -c -o src/responder/common/nss_srv_tests-negcache.obj `if test -f 'src/responder/common/negcache.c'; then $(CYGPATH_W) 'src/responder/common/negcache.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/negcache.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/nss_srv_tests-negcache.Tpo src/responder/common/$(DEPDIR)/nss_srv_tests-negcache.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/negcache.c' object='src/responder/common/nss_srv_tests-negcache.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/nss_srv_tests-negcache.obj `if test -f 'src/responder/common/negcache.c'; then $(CYGPATH_W) 'src/responder/common/negcache.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/negcache.c'; fi` src/responder/common/nss_srv_tests-responder_common.o: src/responder/common/responder_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/nss_srv_tests-responder_common.o -MD -MP -MF src/responder/common/$(DEPDIR)/nss_srv_tests-responder_common.Tpo -c -o src/responder/common/nss_srv_tests-responder_common.o `test -f 'src/responder/common/responder_common.c' || echo '$(srcdir)/'`src/responder/common/responder_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/nss_srv_tests-responder_common.Tpo src/responder/common/$(DEPDIR)/nss_srv_tests-responder_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_common.c' object='src/responder/common/nss_srv_tests-responder_common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/nss_srv_tests-responder_common.o `test -f 'src/responder/common/responder_common.c' || echo '$(srcdir)/'`src/responder/common/responder_common.c src/responder/common/nss_srv_tests-responder_common.obj: src/responder/common/responder_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/nss_srv_tests-responder_common.obj -MD -MP -MF src/responder/common/$(DEPDIR)/nss_srv_tests-responder_common.Tpo -c -o src/responder/common/nss_srv_tests-responder_common.obj `if test -f 'src/responder/common/responder_common.c'; then $(CYGPATH_W) 'src/responder/common/responder_common.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/nss_srv_tests-responder_common.Tpo src/responder/common/$(DEPDIR)/nss_srv_tests-responder_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_common.c' object='src/responder/common/nss_srv_tests-responder_common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/nss_srv_tests-responder_common.obj `if test -f 'src/responder/common/responder_common.c'; then $(CYGPATH_W) 'src/responder/common/responder_common.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_common.c'; fi` src/tests/cmocka/nss_srv_tests-test_nss_srv.o: src/tests/cmocka/test_nss_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/nss_srv_tests-test_nss_srv.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/nss_srv_tests-test_nss_srv.Tpo -c -o src/tests/cmocka/nss_srv_tests-test_nss_srv.o `test -f 'src/tests/cmocka/test_nss_srv.c' || echo '$(srcdir)/'`src/tests/cmocka/test_nss_srv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/nss_srv_tests-test_nss_srv.Tpo src/tests/cmocka/$(DEPDIR)/nss_srv_tests-test_nss_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_nss_srv.c' object='src/tests/cmocka/nss_srv_tests-test_nss_srv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/nss_srv_tests-test_nss_srv.o `test -f 'src/tests/cmocka/test_nss_srv.c' || echo '$(srcdir)/'`src/tests/cmocka/test_nss_srv.c src/tests/cmocka/nss_srv_tests-test_nss_srv.obj: src/tests/cmocka/test_nss_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/nss_srv_tests-test_nss_srv.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/nss_srv_tests-test_nss_srv.Tpo -c -o src/tests/cmocka/nss_srv_tests-test_nss_srv.obj `if test -f 'src/tests/cmocka/test_nss_srv.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_nss_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_nss_srv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/nss_srv_tests-test_nss_srv.Tpo src/tests/cmocka/$(DEPDIR)/nss_srv_tests-test_nss_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_nss_srv.c' object='src/tests/cmocka/nss_srv_tests-test_nss_srv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/nss_srv_tests-test_nss_srv.obj `if test -f 'src/tests/cmocka/test_nss_srv.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_nss_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_nss_srv.c'; fi` src/responder/nss/nss_srv_tests-nsssrv_cmd.o: src/responder/nss/nsssrv_cmd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/nss/nss_srv_tests-nsssrv_cmd.o -MD -MP -MF src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_cmd.Tpo -c -o src/responder/nss/nss_srv_tests-nsssrv_cmd.o `test -f 'src/responder/nss/nsssrv_cmd.c' || echo '$(srcdir)/'`src/responder/nss/nsssrv_cmd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_cmd.Tpo src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_cmd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/nss/nsssrv_cmd.c' object='src/responder/nss/nss_srv_tests-nsssrv_cmd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/nss/nss_srv_tests-nsssrv_cmd.o `test -f 'src/responder/nss/nsssrv_cmd.c' || echo '$(srcdir)/'`src/responder/nss/nsssrv_cmd.c src/responder/nss/nss_srv_tests-nsssrv_cmd.obj: src/responder/nss/nsssrv_cmd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/nss/nss_srv_tests-nsssrv_cmd.obj -MD -MP -MF src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_cmd.Tpo -c -o src/responder/nss/nss_srv_tests-nsssrv_cmd.obj `if test -f 'src/responder/nss/nsssrv_cmd.c'; then $(CYGPATH_W) 'src/responder/nss/nsssrv_cmd.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/nss/nsssrv_cmd.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_cmd.Tpo src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_cmd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/nss/nsssrv_cmd.c' object='src/responder/nss/nss_srv_tests-nsssrv_cmd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/nss/nss_srv_tests-nsssrv_cmd.obj `if test -f 'src/responder/nss/nsssrv_cmd.c'; then $(CYGPATH_W) 'src/responder/nss/nsssrv_cmd.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/nss/nsssrv_cmd.c'; fi` src/responder/nss/nss_srv_tests-nsssrv_netgroup.o: src/responder/nss/nsssrv_netgroup.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/nss/nss_srv_tests-nsssrv_netgroup.o -MD -MP -MF src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_netgroup.Tpo -c -o src/responder/nss/nss_srv_tests-nsssrv_netgroup.o `test -f 'src/responder/nss/nsssrv_netgroup.c' || echo '$(srcdir)/'`src/responder/nss/nsssrv_netgroup.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_netgroup.Tpo src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_netgroup.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/nss/nsssrv_netgroup.c' object='src/responder/nss/nss_srv_tests-nsssrv_netgroup.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/nss/nss_srv_tests-nsssrv_netgroup.o `test -f 'src/responder/nss/nsssrv_netgroup.c' || echo '$(srcdir)/'`src/responder/nss/nsssrv_netgroup.c src/responder/nss/nss_srv_tests-nsssrv_netgroup.obj: src/responder/nss/nsssrv_netgroup.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/nss/nss_srv_tests-nsssrv_netgroup.obj -MD -MP -MF src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_netgroup.Tpo -c -o src/responder/nss/nss_srv_tests-nsssrv_netgroup.obj `if test -f 'src/responder/nss/nsssrv_netgroup.c'; then $(CYGPATH_W) 'src/responder/nss/nsssrv_netgroup.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/nss/nsssrv_netgroup.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_netgroup.Tpo src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_netgroup.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/nss/nsssrv_netgroup.c' object='src/responder/nss/nss_srv_tests-nsssrv_netgroup.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/nss/nss_srv_tests-nsssrv_netgroup.obj `if test -f 'src/responder/nss/nsssrv_netgroup.c'; then $(CYGPATH_W) 'src/responder/nss/nsssrv_netgroup.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/nss/nsssrv_netgroup.c'; fi` src/responder/nss/nss_srv_tests-nsssrv_services.o: src/responder/nss/nsssrv_services.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/nss/nss_srv_tests-nsssrv_services.o -MD -MP -MF src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_services.Tpo -c -o src/responder/nss/nss_srv_tests-nsssrv_services.o `test -f 'src/responder/nss/nsssrv_services.c' || echo '$(srcdir)/'`src/responder/nss/nsssrv_services.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_services.Tpo src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_services.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/nss/nsssrv_services.c' object='src/responder/nss/nss_srv_tests-nsssrv_services.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/nss/nss_srv_tests-nsssrv_services.o `test -f 'src/responder/nss/nsssrv_services.c' || echo '$(srcdir)/'`src/responder/nss/nsssrv_services.c src/responder/nss/nss_srv_tests-nsssrv_services.obj: src/responder/nss/nsssrv_services.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/nss/nss_srv_tests-nsssrv_services.obj -MD -MP -MF src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_services.Tpo -c -o src/responder/nss/nss_srv_tests-nsssrv_services.obj `if test -f 'src/responder/nss/nsssrv_services.c'; then $(CYGPATH_W) 'src/responder/nss/nsssrv_services.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/nss/nsssrv_services.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_services.Tpo src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_services.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/nss/nsssrv_services.c' object='src/responder/nss/nss_srv_tests-nsssrv_services.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/nss/nss_srv_tests-nsssrv_services.obj `if test -f 'src/responder/nss/nsssrv_services.c'; then $(CYGPATH_W) 'src/responder/nss/nsssrv_services.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/nss/nsssrv_services.c'; fi` src/responder/nss/nss_srv_tests-nsssrv_mmap_cache.o: src/responder/nss/nsssrv_mmap_cache.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/nss/nss_srv_tests-nsssrv_mmap_cache.o -MD -MP -MF src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_mmap_cache.Tpo -c -o src/responder/nss/nss_srv_tests-nsssrv_mmap_cache.o `test -f 'src/responder/nss/nsssrv_mmap_cache.c' || echo '$(srcdir)/'`src/responder/nss/nsssrv_mmap_cache.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_mmap_cache.Tpo src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_mmap_cache.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/nss/nsssrv_mmap_cache.c' object='src/responder/nss/nss_srv_tests-nsssrv_mmap_cache.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/nss/nss_srv_tests-nsssrv_mmap_cache.o `test -f 'src/responder/nss/nsssrv_mmap_cache.c' || echo '$(srcdir)/'`src/responder/nss/nsssrv_mmap_cache.c src/responder/nss/nss_srv_tests-nsssrv_mmap_cache.obj: src/responder/nss/nsssrv_mmap_cache.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -MT src/responder/nss/nss_srv_tests-nsssrv_mmap_cache.obj -MD -MP -MF src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_mmap_cache.Tpo -c -o src/responder/nss/nss_srv_tests-nsssrv_mmap_cache.obj `if test -f 'src/responder/nss/nsssrv_mmap_cache.c'; then $(CYGPATH_W) 'src/responder/nss/nsssrv_mmap_cache.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/nss/nsssrv_mmap_cache.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_mmap_cache.Tpo src/responder/nss/$(DEPDIR)/nss_srv_tests-nsssrv_mmap_cache.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/nss/nsssrv_mmap_cache.c' object='src/responder/nss/nss_srv_tests-nsssrv_mmap_cache.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(nss_srv_tests_CFLAGS) $(CFLAGS) -c -o src/responder/nss/nss_srv_tests-nsssrv_mmap_cache.obj `if test -f 'src/responder/nss/nsssrv_mmap_cache.c'; then $(CYGPATH_W) 'src/responder/nss/nsssrv_mmap_cache.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/nss/nsssrv_mmap_cache.c'; fi` src/providers/proxy/proxy_child-proxy_child.o: src/providers/proxy/proxy_child.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(proxy_child_CFLAGS) $(CFLAGS) -MT src/providers/proxy/proxy_child-proxy_child.o -MD -MP -MF src/providers/proxy/$(DEPDIR)/proxy_child-proxy_child.Tpo -c -o src/providers/proxy/proxy_child-proxy_child.o `test -f 'src/providers/proxy/proxy_child.c' || echo '$(srcdir)/'`src/providers/proxy/proxy_child.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/proxy/$(DEPDIR)/proxy_child-proxy_child.Tpo src/providers/proxy/$(DEPDIR)/proxy_child-proxy_child.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/proxy/proxy_child.c' object='src/providers/proxy/proxy_child-proxy_child.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(proxy_child_CFLAGS) $(CFLAGS) -c -o src/providers/proxy/proxy_child-proxy_child.o `test -f 'src/providers/proxy/proxy_child.c' || echo '$(srcdir)/'`src/providers/proxy/proxy_child.c src/providers/proxy/proxy_child-proxy_child.obj: src/providers/proxy/proxy_child.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(proxy_child_CFLAGS) $(CFLAGS) -MT src/providers/proxy/proxy_child-proxy_child.obj -MD -MP -MF src/providers/proxy/$(DEPDIR)/proxy_child-proxy_child.Tpo -c -o src/providers/proxy/proxy_child-proxy_child.obj `if test -f 'src/providers/proxy/proxy_child.c'; then $(CYGPATH_W) 'src/providers/proxy/proxy_child.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/proxy/proxy_child.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/proxy/$(DEPDIR)/proxy_child-proxy_child.Tpo src/providers/proxy/$(DEPDIR)/proxy_child-proxy_child.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/proxy/proxy_child.c' object='src/providers/proxy/proxy_child-proxy_child.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(proxy_child_CFLAGS) $(CFLAGS) -c -o src/providers/proxy/proxy_child-proxy_child.obj `if test -f 'src/providers/proxy/proxy_child.c'; then $(CYGPATH_W) 'src/providers/proxy/proxy_child.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/proxy/proxy_child.c'; fi` src/tests/refcount_tests-refcount-tests.o: src/tests/refcount-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(refcount_tests_CFLAGS) $(CFLAGS) -MT src/tests/refcount_tests-refcount-tests.o -MD -MP -MF src/tests/$(DEPDIR)/refcount_tests-refcount-tests.Tpo -c -o src/tests/refcount_tests-refcount-tests.o `test -f 'src/tests/refcount-tests.c' || echo '$(srcdir)/'`src/tests/refcount-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/refcount_tests-refcount-tests.Tpo src/tests/$(DEPDIR)/refcount_tests-refcount-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/refcount-tests.c' object='src/tests/refcount_tests-refcount-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(refcount_tests_CFLAGS) $(CFLAGS) -c -o src/tests/refcount_tests-refcount-tests.o `test -f 'src/tests/refcount-tests.c' || echo '$(srcdir)/'`src/tests/refcount-tests.c src/tests/refcount_tests-refcount-tests.obj: src/tests/refcount-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(refcount_tests_CFLAGS) $(CFLAGS) -MT src/tests/refcount_tests-refcount-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/refcount_tests-refcount-tests.Tpo -c -o src/tests/refcount_tests-refcount-tests.obj `if test -f 'src/tests/refcount-tests.c'; then $(CYGPATH_W) 'src/tests/refcount-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/refcount-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/refcount_tests-refcount-tests.Tpo src/tests/$(DEPDIR)/refcount_tests-refcount-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/refcount-tests.c' object='src/tests/refcount_tests-refcount-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(refcount_tests_CFLAGS) $(CFLAGS) -c -o src/tests/refcount_tests-refcount-tests.obj `if test -f 'src/tests/refcount-tests.c'; then $(CYGPATH_W) 'src/tests/refcount-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/refcount-tests.c'; fi` src/tests/resolv_tests-resolv-tests.o: src/tests/resolv-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/tests/resolv_tests-resolv-tests.o -MD -MP -MF src/tests/$(DEPDIR)/resolv_tests-resolv-tests.Tpo -c -o src/tests/resolv_tests-resolv-tests.o `test -f 'src/tests/resolv-tests.c' || echo '$(srcdir)/'`src/tests/resolv-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/resolv_tests-resolv-tests.Tpo src/tests/$(DEPDIR)/resolv_tests-resolv-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/resolv-tests.c' object='src/tests/resolv_tests-resolv-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/tests/resolv_tests-resolv-tests.o `test -f 'src/tests/resolv-tests.c' || echo '$(srcdir)/'`src/tests/resolv-tests.c src/tests/resolv_tests-resolv-tests.obj: src/tests/resolv-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/tests/resolv_tests-resolv-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/resolv_tests-resolv-tests.Tpo -c -o src/tests/resolv_tests-resolv-tests.obj `if test -f 'src/tests/resolv-tests.c'; then $(CYGPATH_W) 'src/tests/resolv-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/resolv-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/resolv_tests-resolv-tests.Tpo src/tests/$(DEPDIR)/resolv_tests-resolv-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/resolv-tests.c' object='src/tests/resolv_tests-resolv-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/tests/resolv_tests-resolv-tests.obj `if test -f 'src/tests/resolv-tests.c'; then $(CYGPATH_W) 'src/tests/resolv-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/resolv-tests.c'; fi` src/tests/resolv_tests-common.o: src/tests/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/tests/resolv_tests-common.o -MD -MP -MF src/tests/$(DEPDIR)/resolv_tests-common.Tpo -c -o src/tests/resolv_tests-common.o `test -f 'src/tests/common.c' || echo '$(srcdir)/'`src/tests/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/resolv_tests-common.Tpo src/tests/$(DEPDIR)/resolv_tests-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/common.c' object='src/tests/resolv_tests-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/tests/resolv_tests-common.o `test -f 'src/tests/common.c' || echo '$(srcdir)/'`src/tests/common.c src/tests/resolv_tests-common.obj: src/tests/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/tests/resolv_tests-common.obj -MD -MP -MF src/tests/$(DEPDIR)/resolv_tests-common.Tpo -c -o src/tests/resolv_tests-common.obj `if test -f 'src/tests/common.c'; then $(CYGPATH_W) 'src/tests/common.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/resolv_tests-common.Tpo src/tests/$(DEPDIR)/resolv_tests-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/common.c' object='src/tests/resolv_tests-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/tests/resolv_tests-common.obj `if test -f 'src/tests/common.c'; then $(CYGPATH_W) 'src/tests/common.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/common.c'; fi` src/resolv/resolv_tests-async_resolv.o: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/resolv/resolv_tests-async_resolv.o -MD -MP -MF src/resolv/$(DEPDIR)/resolv_tests-async_resolv.Tpo -c -o src/resolv/resolv_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/resolv_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/resolv_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/resolv_tests-async_resolv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/resolv_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c src/resolv/resolv_tests-async_resolv.obj: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/resolv/resolv_tests-async_resolv.obj -MD -MP -MF src/resolv/$(DEPDIR)/resolv_tests-async_resolv.Tpo -c -o src/resolv/resolv_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/resolv_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/resolv_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/resolv_tests-async_resolv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/resolv_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` src/resolv/resolv_tests-async_resolv_utils.o: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/resolv/resolv_tests-async_resolv_utils.o -MD -MP -MF src/resolv/$(DEPDIR)/resolv_tests-async_resolv_utils.Tpo -c -o src/resolv/resolv_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/resolv_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/resolv_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/resolv_tests-async_resolv_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/resolv_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c src/resolv/resolv_tests-async_resolv_utils.obj: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/resolv/resolv_tests-async_resolv_utils.obj -MD -MP -MF src/resolv/$(DEPDIR)/resolv_tests-async_resolv_utils.Tpo -c -o src/resolv/resolv_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/resolv_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/resolv_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/resolv_tests-async_resolv_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/resolv_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` src/resolv/ares/resolv_tests-ares_parse_srv_reply.o: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/resolv_tests-ares_parse_srv_reply.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/resolv_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/resolv_tests-ares_parse_srv_reply.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/resolv_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c src/resolv/ares/resolv_tests-ares_parse_srv_reply.obj: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/resolv_tests-ares_parse_srv_reply.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/resolv_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/resolv_tests-ares_parse_srv_reply.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/resolv_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` src/resolv/ares/resolv_tests-ares_data.o: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/resolv_tests-ares_data.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/resolv_tests-ares_data.Tpo -c -o src/resolv/ares/resolv_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/resolv_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/resolv_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/resolv_tests-ares_data.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/resolv_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c src/resolv/ares/resolv_tests-ares_data.obj: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/resolv_tests-ares_data.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/resolv_tests-ares_data.Tpo -c -o src/resolv/ares/resolv_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/resolv_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/resolv_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/resolv_tests-ares_data.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/resolv_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` src/resolv/ares/resolv_tests-ares_parse_txt_reply.o: src/resolv/ares/ares_parse_txt_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/resolv_tests-ares_parse_txt_reply.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_txt_reply.Tpo -c -o src/resolv/ares/resolv_tests-ares_parse_txt_reply.o `test -f 'src/resolv/ares/ares_parse_txt_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_txt_reply.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_txt_reply.Tpo src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_txt_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_txt_reply.c' object='src/resolv/ares/resolv_tests-ares_parse_txt_reply.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/resolv_tests-ares_parse_txt_reply.o `test -f 'src/resolv/ares/ares_parse_txt_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_txt_reply.c src/resolv/ares/resolv_tests-ares_parse_txt_reply.obj: src/resolv/ares/ares_parse_txt_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/resolv_tests-ares_parse_txt_reply.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_txt_reply.Tpo -c -o src/resolv/ares/resolv_tests-ares_parse_txt_reply.obj `if test -f 'src/resolv/ares/ares_parse_txt_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_txt_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_txt_reply.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_txt_reply.Tpo src/resolv/ares/$(DEPDIR)/resolv_tests-ares_parse_txt_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_txt_reply.c' object='src/resolv/ares/resolv_tests-ares_parse_txt_reply.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(resolv_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/resolv_tests-ares_parse_txt_reply.obj `if test -f 'src/resolv/ares/ares_parse_txt_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_txt_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_txt_reply.c'; fi` src/tests/responder_socket_access_tests-responder_socket_access-tests.o: src/tests/responder_socket_access-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -MT src/tests/responder_socket_access_tests-responder_socket_access-tests.o -MD -MP -MF src/tests/$(DEPDIR)/responder_socket_access_tests-responder_socket_access-tests.Tpo -c -o src/tests/responder_socket_access_tests-responder_socket_access-tests.o `test -f 'src/tests/responder_socket_access-tests.c' || echo '$(srcdir)/'`src/tests/responder_socket_access-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/responder_socket_access_tests-responder_socket_access-tests.Tpo src/tests/$(DEPDIR)/responder_socket_access_tests-responder_socket_access-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/responder_socket_access-tests.c' object='src/tests/responder_socket_access_tests-responder_socket_access-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -c -o src/tests/responder_socket_access_tests-responder_socket_access-tests.o `test -f 'src/tests/responder_socket_access-tests.c' || echo '$(srcdir)/'`src/tests/responder_socket_access-tests.c src/tests/responder_socket_access_tests-responder_socket_access-tests.obj: src/tests/responder_socket_access-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -MT src/tests/responder_socket_access_tests-responder_socket_access-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/responder_socket_access_tests-responder_socket_access-tests.Tpo -c -o src/tests/responder_socket_access_tests-responder_socket_access-tests.obj `if test -f 'src/tests/responder_socket_access-tests.c'; then $(CYGPATH_W) 'src/tests/responder_socket_access-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/responder_socket_access-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/responder_socket_access_tests-responder_socket_access-tests.Tpo src/tests/$(DEPDIR)/responder_socket_access_tests-responder_socket_access-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/responder_socket_access-tests.c' object='src/tests/responder_socket_access_tests-responder_socket_access-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -c -o src/tests/responder_socket_access_tests-responder_socket_access-tests.obj `if test -f 'src/tests/responder_socket_access-tests.c'; then $(CYGPATH_W) 'src/tests/responder_socket_access-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/responder_socket_access-tests.c'; fi` src/responder/common/responder_socket_access_tests-responder_common.o: src/responder/common/responder_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/responder_socket_access_tests-responder_common.o -MD -MP -MF src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_common.Tpo -c -o src/responder/common/responder_socket_access_tests-responder_common.o `test -f 'src/responder/common/responder_common.c' || echo '$(srcdir)/'`src/responder/common/responder_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_common.Tpo src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_common.c' object='src/responder/common/responder_socket_access_tests-responder_common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/responder_socket_access_tests-responder_common.o `test -f 'src/responder/common/responder_common.c' || echo '$(srcdir)/'`src/responder/common/responder_common.c src/responder/common/responder_socket_access_tests-responder_common.obj: src/responder/common/responder_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/responder_socket_access_tests-responder_common.obj -MD -MP -MF src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_common.Tpo -c -o src/responder/common/responder_socket_access_tests-responder_common.obj `if test -f 'src/responder/common/responder_common.c'; then $(CYGPATH_W) 'src/responder/common/responder_common.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_common.Tpo src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_common.c' object='src/responder/common/responder_socket_access_tests-responder_common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/responder_socket_access_tests-responder_common.obj `if test -f 'src/responder/common/responder_common.c'; then $(CYGPATH_W) 'src/responder/common/responder_common.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_common.c'; fi` src/responder/common/responder_socket_access_tests-responder_packet.o: src/responder/common/responder_packet.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/responder_socket_access_tests-responder_packet.o -MD -MP -MF src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_packet.Tpo -c -o src/responder/common/responder_socket_access_tests-responder_packet.o `test -f 'src/responder/common/responder_packet.c' || echo '$(srcdir)/'`src/responder/common/responder_packet.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_packet.Tpo src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_packet.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_packet.c' object='src/responder/common/responder_socket_access_tests-responder_packet.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/responder_socket_access_tests-responder_packet.o `test -f 'src/responder/common/responder_packet.c' || echo '$(srcdir)/'`src/responder/common/responder_packet.c src/responder/common/responder_socket_access_tests-responder_packet.obj: src/responder/common/responder_packet.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/responder_socket_access_tests-responder_packet.obj -MD -MP -MF src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_packet.Tpo -c -o src/responder/common/responder_socket_access_tests-responder_packet.obj `if test -f 'src/responder/common/responder_packet.c'; then $(CYGPATH_W) 'src/responder/common/responder_packet.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_packet.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_packet.Tpo src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_packet.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_packet.c' object='src/responder/common/responder_socket_access_tests-responder_packet.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/responder_socket_access_tests-responder_packet.obj `if test -f 'src/responder/common/responder_packet.c'; then $(CYGPATH_W) 'src/responder/common/responder_packet.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_packet.c'; fi` src/responder/common/responder_socket_access_tests-responder_cmd.o: src/responder/common/responder_cmd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/responder_socket_access_tests-responder_cmd.o -MD -MP -MF src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_cmd.Tpo -c -o src/responder/common/responder_socket_access_tests-responder_cmd.o `test -f 'src/responder/common/responder_cmd.c' || echo '$(srcdir)/'`src/responder/common/responder_cmd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_cmd.Tpo src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_cmd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_cmd.c' object='src/responder/common/responder_socket_access_tests-responder_cmd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/responder_socket_access_tests-responder_cmd.o `test -f 'src/responder/common/responder_cmd.c' || echo '$(srcdir)/'`src/responder/common/responder_cmd.c src/responder/common/responder_socket_access_tests-responder_cmd.obj: src/responder/common/responder_cmd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -MT src/responder/common/responder_socket_access_tests-responder_cmd.obj -MD -MP -MF src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_cmd.Tpo -c -o src/responder/common/responder_socket_access_tests-responder_cmd.obj `if test -f 'src/responder/common/responder_cmd.c'; then $(CYGPATH_W) 'src/responder/common/responder_cmd.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_cmd.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_cmd.Tpo src/responder/common/$(DEPDIR)/responder_socket_access_tests-responder_cmd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_cmd.c' object='src/responder/common/responder_socket_access_tests-responder_cmd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(responder_socket_access_tests_CFLAGS) $(CFLAGS) -c -o src/responder/common/responder_socket_access_tests-responder_cmd.obj `if test -f 'src/responder/common/responder_cmd.c'; then $(CYGPATH_W) 'src/responder/common/responder_cmd.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_cmd.c'; fi` src/tests/simple_access_tests-simple_access-tests.o: src/tests/simple_access-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/tests/simple_access_tests-simple_access-tests.o -MD -MP -MF src/tests/$(DEPDIR)/simple_access_tests-simple_access-tests.Tpo -c -o src/tests/simple_access_tests-simple_access-tests.o `test -f 'src/tests/simple_access-tests.c' || echo '$(srcdir)/'`src/tests/simple_access-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/simple_access_tests-simple_access-tests.Tpo src/tests/$(DEPDIR)/simple_access_tests-simple_access-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/simple_access-tests.c' object='src/tests/simple_access_tests-simple_access-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/tests/simple_access_tests-simple_access-tests.o `test -f 'src/tests/simple_access-tests.c' || echo '$(srcdir)/'`src/tests/simple_access-tests.c src/tests/simple_access_tests-simple_access-tests.obj: src/tests/simple_access-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/tests/simple_access_tests-simple_access-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/simple_access_tests-simple_access-tests.Tpo -c -o src/tests/simple_access_tests-simple_access-tests.obj `if test -f 'src/tests/simple_access-tests.c'; then $(CYGPATH_W) 'src/tests/simple_access-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/simple_access-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/simple_access_tests-simple_access-tests.Tpo src/tests/$(DEPDIR)/simple_access_tests-simple_access-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/simple_access-tests.c' object='src/tests/simple_access_tests-simple_access-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/tests/simple_access_tests-simple_access-tests.obj `if test -f 'src/tests/simple_access-tests.c'; then $(CYGPATH_W) 'src/tests/simple_access-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/simple_access-tests.c'; fi` src/providers/simple/simple_access_tests-simple_access.o: src/providers/simple/simple_access.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple/simple_access_tests-simple_access.o -MD -MP -MF src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access.Tpo -c -o src/providers/simple/simple_access_tests-simple_access.o `test -f 'src/providers/simple/simple_access.c' || echo '$(srcdir)/'`src/providers/simple/simple_access.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access.Tpo src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/simple/simple_access.c' object='src/providers/simple/simple_access_tests-simple_access.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple/simple_access_tests-simple_access.o `test -f 'src/providers/simple/simple_access.c' || echo '$(srcdir)/'`src/providers/simple/simple_access.c src/providers/simple/simple_access_tests-simple_access.obj: src/providers/simple/simple_access.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple/simple_access_tests-simple_access.obj -MD -MP -MF src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access.Tpo -c -o src/providers/simple/simple_access_tests-simple_access.obj `if test -f 'src/providers/simple/simple_access.c'; then $(CYGPATH_W) 'src/providers/simple/simple_access.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/simple/simple_access.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access.Tpo src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/simple/simple_access.c' object='src/providers/simple/simple_access_tests-simple_access.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple/simple_access_tests-simple_access.obj `if test -f 'src/providers/simple/simple_access.c'; then $(CYGPATH_W) 'src/providers/simple/simple_access.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/simple/simple_access.c'; fi` src/providers/simple/simple_access_tests-simple_access_check.o: src/providers/simple/simple_access_check.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple/simple_access_tests-simple_access_check.o -MD -MP -MF src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access_check.Tpo -c -o src/providers/simple/simple_access_tests-simple_access_check.o `test -f 'src/providers/simple/simple_access_check.c' || echo '$(srcdir)/'`src/providers/simple/simple_access_check.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access_check.Tpo src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access_check.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/simple/simple_access_check.c' object='src/providers/simple/simple_access_tests-simple_access_check.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple/simple_access_tests-simple_access_check.o `test -f 'src/providers/simple/simple_access_check.c' || echo '$(srcdir)/'`src/providers/simple/simple_access_check.c src/providers/simple/simple_access_tests-simple_access_check.obj: src/providers/simple/simple_access_check.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple/simple_access_tests-simple_access_check.obj -MD -MP -MF src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access_check.Tpo -c -o src/providers/simple/simple_access_tests-simple_access_check.obj `if test -f 'src/providers/simple/simple_access_check.c'; then $(CYGPATH_W) 'src/providers/simple/simple_access_check.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/simple/simple_access_check.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access_check.Tpo src/providers/simple/$(DEPDIR)/simple_access_tests-simple_access_check.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/simple/simple_access_check.c' object='src/providers/simple/simple_access_tests-simple_access_check.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple/simple_access_tests-simple_access_check.obj `if test -f 'src/providers/simple/simple_access_check.c'; then $(CYGPATH_W) 'src/providers/simple/simple_access_check.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/simple/simple_access_check.c'; fi` src/providers/simple_access_tests-data_provider_be.o: src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-data_provider_be.o -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-data_provider_be.Tpo -c -o src/providers/simple_access_tests-data_provider_be.o `test -f 'src/providers/data_provider_be.c' || echo '$(srcdir)/'`src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-data_provider_be.Tpo src/providers/$(DEPDIR)/simple_access_tests-data_provider_be.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_be.c' object='src/providers/simple_access_tests-data_provider_be.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-data_provider_be.o `test -f 'src/providers/data_provider_be.c' || echo '$(srcdir)/'`src/providers/data_provider_be.c src/providers/simple_access_tests-data_provider_be.obj: src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-data_provider_be.obj -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-data_provider_be.Tpo -c -o src/providers/simple_access_tests-data_provider_be.obj `if test -f 'src/providers/data_provider_be.c'; then $(CYGPATH_W) 'src/providers/data_provider_be.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_be.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-data_provider_be.Tpo src/providers/$(DEPDIR)/simple_access_tests-data_provider_be.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_be.c' object='src/providers/simple_access_tests-data_provider_be.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-data_provider_be.obj `if test -f 'src/providers/data_provider_be.c'; then $(CYGPATH_W) 'src/providers/data_provider_be.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_be.c'; fi` src/providers/simple_access_tests-data_provider_fo.o: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-data_provider_fo.o -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-data_provider_fo.Tpo -c -o src/providers/simple_access_tests-data_provider_fo.o `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-data_provider_fo.Tpo src/providers/$(DEPDIR)/simple_access_tests-data_provider_fo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/simple_access_tests-data_provider_fo.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-data_provider_fo.o `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c src/providers/simple_access_tests-data_provider_fo.obj: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-data_provider_fo.obj -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-data_provider_fo.Tpo -c -o src/providers/simple_access_tests-data_provider_fo.obj `if test -f 'src/providers/data_provider_fo.c'; then $(CYGPATH_W) 'src/providers/data_provider_fo.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_fo.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-data_provider_fo.Tpo src/providers/$(DEPDIR)/simple_access_tests-data_provider_fo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/simple_access_tests-data_provider_fo.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-data_provider_fo.obj `if test -f 'src/providers/data_provider_fo.c'; then $(CYGPATH_W) 'src/providers/data_provider_fo.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_fo.c'; fi` src/providers/simple_access_tests-data_provider_opts.o: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-data_provider_opts.o -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-data_provider_opts.Tpo -c -o src/providers/simple_access_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/simple_access_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/simple_access_tests-data_provider_opts.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c src/providers/simple_access_tests-data_provider_opts.obj: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-data_provider_opts.obj -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-data_provider_opts.Tpo -c -o src/providers/simple_access_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-data_provider_opts.Tpo src/providers/$(DEPDIR)/simple_access_tests-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/simple_access_tests-data_provider_opts.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` src/providers/simple_access_tests-data_provider_callbacks.o: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-data_provider_callbacks.o -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-data_provider_callbacks.Tpo -c -o src/providers/simple_access_tests-data_provider_callbacks.o `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/simple_access_tests-data_provider_callbacks.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/simple_access_tests-data_provider_callbacks.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-data_provider_callbacks.o `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c src/providers/simple_access_tests-data_provider_callbacks.obj: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-data_provider_callbacks.obj -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-data_provider_callbacks.Tpo -c -o src/providers/simple_access_tests-data_provider_callbacks.obj `if test -f 'src/providers/data_provider_callbacks.c'; then $(CYGPATH_W) 'src/providers/data_provider_callbacks.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_callbacks.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/simple_access_tests-data_provider_callbacks.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/simple_access_tests-data_provider_callbacks.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-data_provider_callbacks.obj `if test -f 'src/providers/data_provider_callbacks.c'; then $(CYGPATH_W) 'src/providers/data_provider_callbacks.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_callbacks.c'; fi` src/providers/simple_access_tests-dp_ptask.o: src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-dp_ptask.o -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-dp_ptask.Tpo -c -o src/providers/simple_access_tests-dp_ptask.o `test -f 'src/providers/dp_ptask.c' || echo '$(srcdir)/'`src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-dp_ptask.Tpo src/providers/$(DEPDIR)/simple_access_tests-dp_ptask.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_ptask.c' object='src/providers/simple_access_tests-dp_ptask.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-dp_ptask.o `test -f 'src/providers/dp_ptask.c' || echo '$(srcdir)/'`src/providers/dp_ptask.c src/providers/simple_access_tests-dp_ptask.obj: src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-dp_ptask.obj -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-dp_ptask.Tpo -c -o src/providers/simple_access_tests-dp_ptask.obj `if test -f 'src/providers/dp_ptask.c'; then $(CYGPATH_W) 'src/providers/dp_ptask.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_ptask.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-dp_ptask.Tpo src/providers/$(DEPDIR)/simple_access_tests-dp_ptask.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_ptask.c' object='src/providers/simple_access_tests-dp_ptask.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-dp_ptask.obj `if test -f 'src/providers/dp_ptask.c'; then $(CYGPATH_W) 'src/providers/dp_ptask.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_ptask.c'; fi` src/providers/simple_access_tests-dp_refresh.o: src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-dp_refresh.o -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-dp_refresh.Tpo -c -o src/providers/simple_access_tests-dp_refresh.o `test -f 'src/providers/dp_refresh.c' || echo '$(srcdir)/'`src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-dp_refresh.Tpo src/providers/$(DEPDIR)/simple_access_tests-dp_refresh.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_refresh.c' object='src/providers/simple_access_tests-dp_refresh.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-dp_refresh.o `test -f 'src/providers/dp_refresh.c' || echo '$(srcdir)/'`src/providers/dp_refresh.c src/providers/simple_access_tests-dp_refresh.obj: src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-dp_refresh.obj -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-dp_refresh.Tpo -c -o src/providers/simple_access_tests-dp_refresh.obj `if test -f 'src/providers/dp_refresh.c'; then $(CYGPATH_W) 'src/providers/dp_refresh.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_refresh.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-dp_refresh.Tpo src/providers/$(DEPDIR)/simple_access_tests-dp_refresh.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_refresh.c' object='src/providers/simple_access_tests-dp_refresh.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-dp_refresh.obj `if test -f 'src/providers/dp_refresh.c'; then $(CYGPATH_W) 'src/providers/dp_refresh.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_refresh.c'; fi` src/providers/simple_access_tests-fail_over.o: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-fail_over.o -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-fail_over.Tpo -c -o src/providers/simple_access_tests-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-fail_over.Tpo src/providers/$(DEPDIR)/simple_access_tests-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/simple_access_tests-fail_over.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c src/providers/simple_access_tests-fail_over.obj: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-fail_over.obj -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-fail_over.Tpo -c -o src/providers/simple_access_tests-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-fail_over.Tpo src/providers/$(DEPDIR)/simple_access_tests-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/simple_access_tests-fail_over.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` src/providers/simple_access_tests-fail_over_srv.o: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-fail_over_srv.o -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-fail_over_srv.Tpo -c -o src/providers/simple_access_tests-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-fail_over_srv.Tpo src/providers/$(DEPDIR)/simple_access_tests-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/simple_access_tests-fail_over_srv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c src/providers/simple_access_tests-fail_over_srv.obj: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/providers/simple_access_tests-fail_over_srv.obj -MD -MP -MF src/providers/$(DEPDIR)/simple_access_tests-fail_over_srv.Tpo -c -o src/providers/simple_access_tests-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/simple_access_tests-fail_over_srv.Tpo src/providers/$(DEPDIR)/simple_access_tests-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/simple_access_tests-fail_over_srv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/providers/simple_access_tests-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` src/resolv/simple_access_tests-async_resolv.o: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/resolv/simple_access_tests-async_resolv.o -MD -MP -MF src/resolv/$(DEPDIR)/simple_access_tests-async_resolv.Tpo -c -o src/resolv/simple_access_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/simple_access_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/simple_access_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/simple_access_tests-async_resolv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/simple_access_tests-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c src/resolv/simple_access_tests-async_resolv.obj: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/resolv/simple_access_tests-async_resolv.obj -MD -MP -MF src/resolv/$(DEPDIR)/simple_access_tests-async_resolv.Tpo -c -o src/resolv/simple_access_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/simple_access_tests-async_resolv.Tpo src/resolv/$(DEPDIR)/simple_access_tests-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/simple_access_tests-async_resolv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/simple_access_tests-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` src/resolv/simple_access_tests-async_resolv_utils.o: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/resolv/simple_access_tests-async_resolv_utils.o -MD -MP -MF src/resolv/$(DEPDIR)/simple_access_tests-async_resolv_utils.Tpo -c -o src/resolv/simple_access_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/simple_access_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/simple_access_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/simple_access_tests-async_resolv_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/simple_access_tests-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c src/resolv/simple_access_tests-async_resolv_utils.obj: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/resolv/simple_access_tests-async_resolv_utils.obj -MD -MP -MF src/resolv/$(DEPDIR)/simple_access_tests-async_resolv_utils.Tpo -c -o src/resolv/simple_access_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/simple_access_tests-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/simple_access_tests-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/simple_access_tests-async_resolv_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/simple_access_tests-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` src/resolv/ares/simple_access_tests-ares_parse_srv_reply.o: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/simple_access_tests-ares_parse_srv_reply.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/simple_access_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/simple_access_tests-ares_parse_srv_reply.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/simple_access_tests-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c src/resolv/ares/simple_access_tests-ares_parse_srv_reply.obj: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/simple_access_tests-ares_parse_srv_reply.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/simple_access_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/simple_access_tests-ares_parse_srv_reply.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/simple_access_tests-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` src/resolv/ares/simple_access_tests-ares_data.o: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/simple_access_tests-ares_data.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_data.Tpo -c -o src/resolv/ares/simple_access_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/simple_access_tests-ares_data.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/simple_access_tests-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c src/resolv/ares/simple_access_tests-ares_data.obj: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -MT src/resolv/ares/simple_access_tests-ares_data.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_data.Tpo -c -o src/resolv/ares/simple_access_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_data.Tpo src/resolv/ares/$(DEPDIR)/simple_access_tests-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/simple_access_tests-ares_data.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(simple_access_tests_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/simple_access_tests-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` src/tools/sss_cache-sss_cache.o: src/tools/sss_cache.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/tools/sss_cache-sss_cache.o -MD -MP -MF src/tools/$(DEPDIR)/sss_cache-sss_cache.Tpo -c -o src/tools/sss_cache-sss_cache.o `test -f 'src/tools/sss_cache.c' || echo '$(srcdir)/'`src/tools/sss_cache.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_cache-sss_cache.Tpo src/tools/$(DEPDIR)/sss_cache-sss_cache.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_cache.c' object='src/tools/sss_cache-sss_cache.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/tools/sss_cache-sss_cache.o `test -f 'src/tools/sss_cache.c' || echo '$(srcdir)/'`src/tools/sss_cache.c src/tools/sss_cache-sss_cache.obj: src/tools/sss_cache.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/tools/sss_cache-sss_cache.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_cache-sss_cache.Tpo -c -o src/tools/sss_cache-sss_cache.obj `if test -f 'src/tools/sss_cache.c'; then $(CYGPATH_W) 'src/tools/sss_cache.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_cache.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_cache-sss_cache.Tpo src/tools/$(DEPDIR)/sss_cache-sss_cache.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_cache.c' object='src/tools/sss_cache-sss_cache.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/tools/sss_cache-sss_cache.obj `if test -f 'src/tools/sss_cache.c'; then $(CYGPATH_W) 'src/tools/sss_cache.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_cache.c'; fi` src/sss_client/sss_cache-common.o: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_cache-common.o -MD -MP -MF src/sss_client/$(DEPDIR)/sss_cache-common.Tpo -c -o src/sss_client/sss_cache-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_cache-common.Tpo src/sss_client/$(DEPDIR)/sss_cache-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_cache-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_cache-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c src/sss_client/sss_cache-common.obj: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_cache-common.obj -MD -MP -MF src/sss_client/$(DEPDIR)/sss_cache-common.Tpo -c -o src/sss_client/sss_cache-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_cache-common.Tpo src/sss_client/$(DEPDIR)/sss_cache-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_cache-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_cache-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` src/tools/sss_cache-tools_mc_util.o: src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/tools/sss_cache-tools_mc_util.o -MD -MP -MF src/tools/$(DEPDIR)/sss_cache-tools_mc_util.Tpo -c -o src/tools/sss_cache-tools_mc_util.o `test -f 'src/tools/tools_mc_util.c' || echo '$(srcdir)/'`src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_cache-tools_mc_util.Tpo src/tools/$(DEPDIR)/sss_cache-tools_mc_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_mc_util.c' object='src/tools/sss_cache-tools_mc_util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/tools/sss_cache-tools_mc_util.o `test -f 'src/tools/tools_mc_util.c' || echo '$(srcdir)/'`src/tools/tools_mc_util.c src/tools/sss_cache-tools_mc_util.obj: src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/tools/sss_cache-tools_mc_util.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_cache-tools_mc_util.Tpo -c -o src/tools/sss_cache-tools_mc_util.obj `if test -f 'src/tools/tools_mc_util.c'; then $(CYGPATH_W) 'src/tools/tools_mc_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_mc_util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_cache-tools_mc_util.Tpo src/tools/$(DEPDIR)/sss_cache-tools_mc_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_mc_util.c' object='src/tools/sss_cache-tools_mc_util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/tools/sss_cache-tools_mc_util.obj `if test -f 'src/tools/tools_mc_util.c'; then $(CYGPATH_W) 'src/tools/tools_mc_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_mc_util.c'; fi` src/tools/sss_cache-sss_sync_ops.o: src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/tools/sss_cache-sss_sync_ops.o -MD -MP -MF src/tools/$(DEPDIR)/sss_cache-sss_sync_ops.Tpo -c -o src/tools/sss_cache-sss_sync_ops.o `test -f 'src/tools/sss_sync_ops.c' || echo '$(srcdir)/'`src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_cache-sss_sync_ops.Tpo src/tools/$(DEPDIR)/sss_cache-sss_sync_ops.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_sync_ops.c' object='src/tools/sss_cache-sss_sync_ops.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/tools/sss_cache-sss_sync_ops.o `test -f 'src/tools/sss_sync_ops.c' || echo '$(srcdir)/'`src/tools/sss_sync_ops.c src/tools/sss_cache-sss_sync_ops.obj: src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/tools/sss_cache-sss_sync_ops.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_cache-sss_sync_ops.Tpo -c -o src/tools/sss_cache-sss_sync_ops.obj `if test -f 'src/tools/sss_sync_ops.c'; then $(CYGPATH_W) 'src/tools/sss_sync_ops.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_sync_ops.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_cache-sss_sync_ops.Tpo src/tools/$(DEPDIR)/sss_cache-sss_sync_ops.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_sync_ops.c' object='src/tools/sss_cache-sss_sync_ops.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/tools/sss_cache-sss_sync_ops.obj `if test -f 'src/tools/sss_sync_ops.c'; then $(CYGPATH_W) 'src/tools/sss_sync_ops.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_sync_ops.c'; fi` src/tools/sss_cache-tools_util.o: src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/tools/sss_cache-tools_util.o -MD -MP -MF src/tools/$(DEPDIR)/sss_cache-tools_util.Tpo -c -o src/tools/sss_cache-tools_util.o `test -f 'src/tools/tools_util.c' || echo '$(srcdir)/'`src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_cache-tools_util.Tpo src/tools/$(DEPDIR)/sss_cache-tools_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_util.c' object='src/tools/sss_cache-tools_util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/tools/sss_cache-tools_util.o `test -f 'src/tools/tools_util.c' || echo '$(srcdir)/'`src/tools/tools_util.c src/tools/sss_cache-tools_util.obj: src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/tools/sss_cache-tools_util.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_cache-tools_util.Tpo -c -o src/tools/sss_cache-tools_util.obj `if test -f 'src/tools/tools_util.c'; then $(CYGPATH_W) 'src/tools/tools_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_cache-tools_util.Tpo src/tools/$(DEPDIR)/sss_cache-tools_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_util.c' object='src/tools/sss_cache-tools_util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/tools/sss_cache-tools_util.obj `if test -f 'src/tools/tools_util.c'; then $(CYGPATH_W) 'src/tools/tools_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_util.c'; fi` src/tools/sss_cache-files.o: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/tools/sss_cache-files.o -MD -MP -MF src/tools/$(DEPDIR)/sss_cache-files.Tpo -c -o src/tools/sss_cache-files.o `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_cache-files.Tpo src/tools/$(DEPDIR)/sss_cache-files.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/sss_cache-files.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/tools/sss_cache-files.o `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c src/tools/sss_cache-files.obj: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/tools/sss_cache-files.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_cache-files.Tpo -c -o src/tools/sss_cache-files.obj `if test -f 'src/tools/files.c'; then $(CYGPATH_W) 'src/tools/files.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/files.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_cache-files.Tpo src/tools/$(DEPDIR)/sss_cache-files.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/sss_cache-files.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/tools/sss_cache-files.obj `if test -f 'src/tools/files.c'; then $(CYGPATH_W) 'src/tools/files.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/files.c'; fi` src/tools/sss_cache-selinux.o: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/tools/sss_cache-selinux.o -MD -MP -MF src/tools/$(DEPDIR)/sss_cache-selinux.Tpo -c -o src/tools/sss_cache-selinux.o `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_cache-selinux.Tpo src/tools/$(DEPDIR)/sss_cache-selinux.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/sss_cache-selinux.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/tools/sss_cache-selinux.o `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c src/tools/sss_cache-selinux.obj: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/tools/sss_cache-selinux.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_cache-selinux.Tpo -c -o src/tools/sss_cache-selinux.obj `if test -f 'src/tools/selinux.c'; then $(CYGPATH_W) 'src/tools/selinux.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/selinux.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_cache-selinux.Tpo src/tools/$(DEPDIR)/sss_cache-selinux.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/sss_cache-selinux.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/tools/sss_cache-selinux.obj `if test -f 'src/tools/selinux.c'; then $(CYGPATH_W) 'src/tools/selinux.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/selinux.c'; fi` src/util/sss_cache-nscd.o: src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/util/sss_cache-nscd.o -MD -MP -MF src/util/$(DEPDIR)/sss_cache-nscd.Tpo -c -o src/util/sss_cache-nscd.o `test -f 'src/util/nscd.c' || echo '$(srcdir)/'`src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sss_cache-nscd.Tpo src/util/$(DEPDIR)/sss_cache-nscd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/nscd.c' object='src/util/sss_cache-nscd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/util/sss_cache-nscd.o `test -f 'src/util/nscd.c' || echo '$(srcdir)/'`src/util/nscd.c src/util/sss_cache-nscd.obj: src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -MT src/util/sss_cache-nscd.obj -MD -MP -MF src/util/$(DEPDIR)/sss_cache-nscd.Tpo -c -o src/util/sss_cache-nscd.obj `if test -f 'src/util/nscd.c'; then $(CYGPATH_W) 'src/util/nscd.c'; else $(CYGPATH_W) '$(srcdir)/src/util/nscd.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sss_cache-nscd.Tpo src/util/$(DEPDIR)/sss_cache-nscd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/nscd.c' object='src/util/sss_cache-nscd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_cache_CFLAGS) $(CFLAGS) -c -o src/util/sss_cache-nscd.obj `if test -f 'src/util/nscd.c'; then $(CYGPATH_W) 'src/util/nscd.c'; else $(CYGPATH_W) '$(srcdir)/src/util/nscd.c'; fi` src/tools/sss_groupdel-sss_groupdel.o: src/tools/sss_groupdel.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupdel-sss_groupdel.o -MD -MP -MF src/tools/$(DEPDIR)/sss_groupdel-sss_groupdel.Tpo -c -o src/tools/sss_groupdel-sss_groupdel.o `test -f 'src/tools/sss_groupdel.c' || echo '$(srcdir)/'`src/tools/sss_groupdel.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupdel-sss_groupdel.Tpo src/tools/$(DEPDIR)/sss_groupdel-sss_groupdel.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_groupdel.c' object='src/tools/sss_groupdel-sss_groupdel.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupdel-sss_groupdel.o `test -f 'src/tools/sss_groupdel.c' || echo '$(srcdir)/'`src/tools/sss_groupdel.c src/tools/sss_groupdel-sss_groupdel.obj: src/tools/sss_groupdel.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupdel-sss_groupdel.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_groupdel-sss_groupdel.Tpo -c -o src/tools/sss_groupdel-sss_groupdel.obj `if test -f 'src/tools/sss_groupdel.c'; then $(CYGPATH_W) 'src/tools/sss_groupdel.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_groupdel.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupdel-sss_groupdel.Tpo src/tools/$(DEPDIR)/sss_groupdel-sss_groupdel.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_groupdel.c' object='src/tools/sss_groupdel-sss_groupdel.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupdel-sss_groupdel.obj `if test -f 'src/tools/sss_groupdel.c'; then $(CYGPATH_W) 'src/tools/sss_groupdel.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_groupdel.c'; fi` src/sss_client/sss_groupdel-common.o: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_groupdel-common.o -MD -MP -MF src/sss_client/$(DEPDIR)/sss_groupdel-common.Tpo -c -o src/sss_client/sss_groupdel-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_groupdel-common.Tpo src/sss_client/$(DEPDIR)/sss_groupdel-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_groupdel-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_groupdel-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c src/sss_client/sss_groupdel-common.obj: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_groupdel-common.obj -MD -MP -MF src/sss_client/$(DEPDIR)/sss_groupdel-common.Tpo -c -o src/sss_client/sss_groupdel-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_groupdel-common.Tpo src/sss_client/$(DEPDIR)/sss_groupdel-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_groupdel-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_groupdel-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` src/tools/sss_groupdel-tools_mc_util.o: src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupdel-tools_mc_util.o -MD -MP -MF src/tools/$(DEPDIR)/sss_groupdel-tools_mc_util.Tpo -c -o src/tools/sss_groupdel-tools_mc_util.o `test -f 'src/tools/tools_mc_util.c' || echo '$(srcdir)/'`src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupdel-tools_mc_util.Tpo src/tools/$(DEPDIR)/sss_groupdel-tools_mc_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_mc_util.c' object='src/tools/sss_groupdel-tools_mc_util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupdel-tools_mc_util.o `test -f 'src/tools/tools_mc_util.c' || echo '$(srcdir)/'`src/tools/tools_mc_util.c src/tools/sss_groupdel-tools_mc_util.obj: src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupdel-tools_mc_util.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_groupdel-tools_mc_util.Tpo -c -o src/tools/sss_groupdel-tools_mc_util.obj `if test -f 'src/tools/tools_mc_util.c'; then $(CYGPATH_W) 'src/tools/tools_mc_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_mc_util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupdel-tools_mc_util.Tpo src/tools/$(DEPDIR)/sss_groupdel-tools_mc_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_mc_util.c' object='src/tools/sss_groupdel-tools_mc_util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupdel-tools_mc_util.obj `if test -f 'src/tools/tools_mc_util.c'; then $(CYGPATH_W) 'src/tools/tools_mc_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_mc_util.c'; fi` src/tools/sss_groupdel-sss_sync_ops.o: src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupdel-sss_sync_ops.o -MD -MP -MF src/tools/$(DEPDIR)/sss_groupdel-sss_sync_ops.Tpo -c -o src/tools/sss_groupdel-sss_sync_ops.o `test -f 'src/tools/sss_sync_ops.c' || echo '$(srcdir)/'`src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupdel-sss_sync_ops.Tpo src/tools/$(DEPDIR)/sss_groupdel-sss_sync_ops.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_sync_ops.c' object='src/tools/sss_groupdel-sss_sync_ops.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupdel-sss_sync_ops.o `test -f 'src/tools/sss_sync_ops.c' || echo '$(srcdir)/'`src/tools/sss_sync_ops.c src/tools/sss_groupdel-sss_sync_ops.obj: src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupdel-sss_sync_ops.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_groupdel-sss_sync_ops.Tpo -c -o src/tools/sss_groupdel-sss_sync_ops.obj `if test -f 'src/tools/sss_sync_ops.c'; then $(CYGPATH_W) 'src/tools/sss_sync_ops.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_sync_ops.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupdel-sss_sync_ops.Tpo src/tools/$(DEPDIR)/sss_groupdel-sss_sync_ops.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_sync_ops.c' object='src/tools/sss_groupdel-sss_sync_ops.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupdel-sss_sync_ops.obj `if test -f 'src/tools/sss_sync_ops.c'; then $(CYGPATH_W) 'src/tools/sss_sync_ops.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_sync_ops.c'; fi` src/tools/sss_groupdel-tools_util.o: src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupdel-tools_util.o -MD -MP -MF src/tools/$(DEPDIR)/sss_groupdel-tools_util.Tpo -c -o src/tools/sss_groupdel-tools_util.o `test -f 'src/tools/tools_util.c' || echo '$(srcdir)/'`src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupdel-tools_util.Tpo src/tools/$(DEPDIR)/sss_groupdel-tools_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_util.c' object='src/tools/sss_groupdel-tools_util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupdel-tools_util.o `test -f 'src/tools/tools_util.c' || echo '$(srcdir)/'`src/tools/tools_util.c src/tools/sss_groupdel-tools_util.obj: src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupdel-tools_util.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_groupdel-tools_util.Tpo -c -o src/tools/sss_groupdel-tools_util.obj `if test -f 'src/tools/tools_util.c'; then $(CYGPATH_W) 'src/tools/tools_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupdel-tools_util.Tpo src/tools/$(DEPDIR)/sss_groupdel-tools_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_util.c' object='src/tools/sss_groupdel-tools_util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupdel-tools_util.obj `if test -f 'src/tools/tools_util.c'; then $(CYGPATH_W) 'src/tools/tools_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_util.c'; fi` src/tools/sss_groupdel-files.o: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupdel-files.o -MD -MP -MF src/tools/$(DEPDIR)/sss_groupdel-files.Tpo -c -o src/tools/sss_groupdel-files.o `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupdel-files.Tpo src/tools/$(DEPDIR)/sss_groupdel-files.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/sss_groupdel-files.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupdel-files.o `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c src/tools/sss_groupdel-files.obj: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupdel-files.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_groupdel-files.Tpo -c -o src/tools/sss_groupdel-files.obj `if test -f 'src/tools/files.c'; then $(CYGPATH_W) 'src/tools/files.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/files.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupdel-files.Tpo src/tools/$(DEPDIR)/sss_groupdel-files.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/sss_groupdel-files.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupdel-files.obj `if test -f 'src/tools/files.c'; then $(CYGPATH_W) 'src/tools/files.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/files.c'; fi` src/tools/sss_groupdel-selinux.o: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupdel-selinux.o -MD -MP -MF src/tools/$(DEPDIR)/sss_groupdel-selinux.Tpo -c -o src/tools/sss_groupdel-selinux.o `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupdel-selinux.Tpo src/tools/$(DEPDIR)/sss_groupdel-selinux.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/sss_groupdel-selinux.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupdel-selinux.o `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c src/tools/sss_groupdel-selinux.obj: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupdel-selinux.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_groupdel-selinux.Tpo -c -o src/tools/sss_groupdel-selinux.obj `if test -f 'src/tools/selinux.c'; then $(CYGPATH_W) 'src/tools/selinux.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/selinux.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupdel-selinux.Tpo src/tools/$(DEPDIR)/sss_groupdel-selinux.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/sss_groupdel-selinux.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupdel-selinux.obj `if test -f 'src/tools/selinux.c'; then $(CYGPATH_W) 'src/tools/selinux.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/selinux.c'; fi` src/util/sss_groupdel-nscd.o: src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/util/sss_groupdel-nscd.o -MD -MP -MF src/util/$(DEPDIR)/sss_groupdel-nscd.Tpo -c -o src/util/sss_groupdel-nscd.o `test -f 'src/util/nscd.c' || echo '$(srcdir)/'`src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sss_groupdel-nscd.Tpo src/util/$(DEPDIR)/sss_groupdel-nscd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/nscd.c' object='src/util/sss_groupdel-nscd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/util/sss_groupdel-nscd.o `test -f 'src/util/nscd.c' || echo '$(srcdir)/'`src/util/nscd.c src/util/sss_groupdel-nscd.obj: src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -MT src/util/sss_groupdel-nscd.obj -MD -MP -MF src/util/$(DEPDIR)/sss_groupdel-nscd.Tpo -c -o src/util/sss_groupdel-nscd.obj `if test -f 'src/util/nscd.c'; then $(CYGPATH_W) 'src/util/nscd.c'; else $(CYGPATH_W) '$(srcdir)/src/util/nscd.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sss_groupdel-nscd.Tpo src/util/$(DEPDIR)/sss_groupdel-nscd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/nscd.c' object='src/util/sss_groupdel-nscd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupdel_CFLAGS) $(CFLAGS) -c -o src/util/sss_groupdel-nscd.obj `if test -f 'src/util/nscd.c'; then $(CYGPATH_W) 'src/util/nscd.c'; else $(CYGPATH_W) '$(srcdir)/src/util/nscd.c'; fi` src/tools/sss_groupmod-sss_groupmod.o: src/tools/sss_groupmod.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupmod-sss_groupmod.o -MD -MP -MF src/tools/$(DEPDIR)/sss_groupmod-sss_groupmod.Tpo -c -o src/tools/sss_groupmod-sss_groupmod.o `test -f 'src/tools/sss_groupmod.c' || echo '$(srcdir)/'`src/tools/sss_groupmod.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupmod-sss_groupmod.Tpo src/tools/$(DEPDIR)/sss_groupmod-sss_groupmod.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_groupmod.c' object='src/tools/sss_groupmod-sss_groupmod.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupmod-sss_groupmod.o `test -f 'src/tools/sss_groupmod.c' || echo '$(srcdir)/'`src/tools/sss_groupmod.c src/tools/sss_groupmod-sss_groupmod.obj: src/tools/sss_groupmod.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupmod-sss_groupmod.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_groupmod-sss_groupmod.Tpo -c -o src/tools/sss_groupmod-sss_groupmod.obj `if test -f 'src/tools/sss_groupmod.c'; then $(CYGPATH_W) 'src/tools/sss_groupmod.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_groupmod.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupmod-sss_groupmod.Tpo src/tools/$(DEPDIR)/sss_groupmod-sss_groupmod.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_groupmod.c' object='src/tools/sss_groupmod-sss_groupmod.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupmod-sss_groupmod.obj `if test -f 'src/tools/sss_groupmod.c'; then $(CYGPATH_W) 'src/tools/sss_groupmod.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_groupmod.c'; fi` src/sss_client/sss_groupmod-common.o: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_groupmod-common.o -MD -MP -MF src/sss_client/$(DEPDIR)/sss_groupmod-common.Tpo -c -o src/sss_client/sss_groupmod-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_groupmod-common.Tpo src/sss_client/$(DEPDIR)/sss_groupmod-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_groupmod-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_groupmod-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c src/sss_client/sss_groupmod-common.obj: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_groupmod-common.obj -MD -MP -MF src/sss_client/$(DEPDIR)/sss_groupmod-common.Tpo -c -o src/sss_client/sss_groupmod-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_groupmod-common.Tpo src/sss_client/$(DEPDIR)/sss_groupmod-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_groupmod-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_groupmod-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` src/tools/sss_groupmod-tools_mc_util.o: src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupmod-tools_mc_util.o -MD -MP -MF src/tools/$(DEPDIR)/sss_groupmod-tools_mc_util.Tpo -c -o src/tools/sss_groupmod-tools_mc_util.o `test -f 'src/tools/tools_mc_util.c' || echo '$(srcdir)/'`src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupmod-tools_mc_util.Tpo src/tools/$(DEPDIR)/sss_groupmod-tools_mc_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_mc_util.c' object='src/tools/sss_groupmod-tools_mc_util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupmod-tools_mc_util.o `test -f 'src/tools/tools_mc_util.c' || echo '$(srcdir)/'`src/tools/tools_mc_util.c src/tools/sss_groupmod-tools_mc_util.obj: src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupmod-tools_mc_util.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_groupmod-tools_mc_util.Tpo -c -o src/tools/sss_groupmod-tools_mc_util.obj `if test -f 'src/tools/tools_mc_util.c'; then $(CYGPATH_W) 'src/tools/tools_mc_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_mc_util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupmod-tools_mc_util.Tpo src/tools/$(DEPDIR)/sss_groupmod-tools_mc_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_mc_util.c' object='src/tools/sss_groupmod-tools_mc_util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupmod-tools_mc_util.obj `if test -f 'src/tools/tools_mc_util.c'; then $(CYGPATH_W) 'src/tools/tools_mc_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_mc_util.c'; fi` src/tools/sss_groupmod-sss_sync_ops.o: src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupmod-sss_sync_ops.o -MD -MP -MF src/tools/$(DEPDIR)/sss_groupmod-sss_sync_ops.Tpo -c -o src/tools/sss_groupmod-sss_sync_ops.o `test -f 'src/tools/sss_sync_ops.c' || echo '$(srcdir)/'`src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupmod-sss_sync_ops.Tpo src/tools/$(DEPDIR)/sss_groupmod-sss_sync_ops.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_sync_ops.c' object='src/tools/sss_groupmod-sss_sync_ops.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupmod-sss_sync_ops.o `test -f 'src/tools/sss_sync_ops.c' || echo '$(srcdir)/'`src/tools/sss_sync_ops.c src/tools/sss_groupmod-sss_sync_ops.obj: src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupmod-sss_sync_ops.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_groupmod-sss_sync_ops.Tpo -c -o src/tools/sss_groupmod-sss_sync_ops.obj `if test -f 'src/tools/sss_sync_ops.c'; then $(CYGPATH_W) 'src/tools/sss_sync_ops.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_sync_ops.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupmod-sss_sync_ops.Tpo src/tools/$(DEPDIR)/sss_groupmod-sss_sync_ops.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_sync_ops.c' object='src/tools/sss_groupmod-sss_sync_ops.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupmod-sss_sync_ops.obj `if test -f 'src/tools/sss_sync_ops.c'; then $(CYGPATH_W) 'src/tools/sss_sync_ops.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_sync_ops.c'; fi` src/tools/sss_groupmod-tools_util.o: src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupmod-tools_util.o -MD -MP -MF src/tools/$(DEPDIR)/sss_groupmod-tools_util.Tpo -c -o src/tools/sss_groupmod-tools_util.o `test -f 'src/tools/tools_util.c' || echo '$(srcdir)/'`src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupmod-tools_util.Tpo src/tools/$(DEPDIR)/sss_groupmod-tools_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_util.c' object='src/tools/sss_groupmod-tools_util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupmod-tools_util.o `test -f 'src/tools/tools_util.c' || echo '$(srcdir)/'`src/tools/tools_util.c src/tools/sss_groupmod-tools_util.obj: src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupmod-tools_util.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_groupmod-tools_util.Tpo -c -o src/tools/sss_groupmod-tools_util.obj `if test -f 'src/tools/tools_util.c'; then $(CYGPATH_W) 'src/tools/tools_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupmod-tools_util.Tpo src/tools/$(DEPDIR)/sss_groupmod-tools_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_util.c' object='src/tools/sss_groupmod-tools_util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupmod-tools_util.obj `if test -f 'src/tools/tools_util.c'; then $(CYGPATH_W) 'src/tools/tools_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_util.c'; fi` src/tools/sss_groupmod-files.o: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupmod-files.o -MD -MP -MF src/tools/$(DEPDIR)/sss_groupmod-files.Tpo -c -o src/tools/sss_groupmod-files.o `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupmod-files.Tpo src/tools/$(DEPDIR)/sss_groupmod-files.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/sss_groupmod-files.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupmod-files.o `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c src/tools/sss_groupmod-files.obj: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupmod-files.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_groupmod-files.Tpo -c -o src/tools/sss_groupmod-files.obj `if test -f 'src/tools/files.c'; then $(CYGPATH_W) 'src/tools/files.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/files.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupmod-files.Tpo src/tools/$(DEPDIR)/sss_groupmod-files.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/sss_groupmod-files.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupmod-files.obj `if test -f 'src/tools/files.c'; then $(CYGPATH_W) 'src/tools/files.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/files.c'; fi` src/tools/sss_groupmod-selinux.o: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupmod-selinux.o -MD -MP -MF src/tools/$(DEPDIR)/sss_groupmod-selinux.Tpo -c -o src/tools/sss_groupmod-selinux.o `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupmod-selinux.Tpo src/tools/$(DEPDIR)/sss_groupmod-selinux.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/sss_groupmod-selinux.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupmod-selinux.o `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c src/tools/sss_groupmod-selinux.obj: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/tools/sss_groupmod-selinux.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_groupmod-selinux.Tpo -c -o src/tools/sss_groupmod-selinux.obj `if test -f 'src/tools/selinux.c'; then $(CYGPATH_W) 'src/tools/selinux.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/selinux.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_groupmod-selinux.Tpo src/tools/$(DEPDIR)/sss_groupmod-selinux.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/sss_groupmod-selinux.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_groupmod-selinux.obj `if test -f 'src/tools/selinux.c'; then $(CYGPATH_W) 'src/tools/selinux.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/selinux.c'; fi` src/util/sss_groupmod-nscd.o: src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/util/sss_groupmod-nscd.o -MD -MP -MF src/util/$(DEPDIR)/sss_groupmod-nscd.Tpo -c -o src/util/sss_groupmod-nscd.o `test -f 'src/util/nscd.c' || echo '$(srcdir)/'`src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sss_groupmod-nscd.Tpo src/util/$(DEPDIR)/sss_groupmod-nscd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/nscd.c' object='src/util/sss_groupmod-nscd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/util/sss_groupmod-nscd.o `test -f 'src/util/nscd.c' || echo '$(srcdir)/'`src/util/nscd.c src/util/sss_groupmod-nscd.obj: src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -MT src/util/sss_groupmod-nscd.obj -MD -MP -MF src/util/$(DEPDIR)/sss_groupmod-nscd.Tpo -c -o src/util/sss_groupmod-nscd.obj `if test -f 'src/util/nscd.c'; then $(CYGPATH_W) 'src/util/nscd.c'; else $(CYGPATH_W) '$(srcdir)/src/util/nscd.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sss_groupmod-nscd.Tpo src/util/$(DEPDIR)/sss_groupmod-nscd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/nscd.c' object='src/util/sss_groupmod-nscd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_groupmod_CFLAGS) $(CFLAGS) -c -o src/util/sss_groupmod-nscd.obj `if test -f 'src/util/nscd.c'; then $(CYGPATH_W) 'src/util/nscd.c'; else $(CYGPATH_W) '$(srcdir)/src/util/nscd.c'; fi` src/tests/sss_idmap_tests-sss_idmap-tests.o: src/tests/sss_idmap-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_idmap_tests_CFLAGS) $(CFLAGS) -MT src/tests/sss_idmap_tests-sss_idmap-tests.o -MD -MP -MF src/tests/$(DEPDIR)/sss_idmap_tests-sss_idmap-tests.Tpo -c -o src/tests/sss_idmap_tests-sss_idmap-tests.o `test -f 'src/tests/sss_idmap-tests.c' || echo '$(srcdir)/'`src/tests/sss_idmap-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/sss_idmap_tests-sss_idmap-tests.Tpo src/tests/$(DEPDIR)/sss_idmap_tests-sss_idmap-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/sss_idmap-tests.c' object='src/tests/sss_idmap_tests-sss_idmap-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_idmap_tests_CFLAGS) $(CFLAGS) -c -o src/tests/sss_idmap_tests-sss_idmap-tests.o `test -f 'src/tests/sss_idmap-tests.c' || echo '$(srcdir)/'`src/tests/sss_idmap-tests.c src/tests/sss_idmap_tests-sss_idmap-tests.obj: src/tests/sss_idmap-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_idmap_tests_CFLAGS) $(CFLAGS) -MT src/tests/sss_idmap_tests-sss_idmap-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/sss_idmap_tests-sss_idmap-tests.Tpo -c -o src/tests/sss_idmap_tests-sss_idmap-tests.obj `if test -f 'src/tests/sss_idmap-tests.c'; then $(CYGPATH_W) 'src/tests/sss_idmap-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/sss_idmap-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/sss_idmap_tests-sss_idmap-tests.Tpo src/tests/$(DEPDIR)/sss_idmap_tests-sss_idmap-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/sss_idmap-tests.c' object='src/tests/sss_idmap_tests-sss_idmap-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_idmap_tests_CFLAGS) $(CFLAGS) -c -o src/tests/sss_idmap_tests-sss_idmap-tests.obj `if test -f 'src/tests/sss_idmap-tests.c'; then $(CYGPATH_W) 'src/tests/sss_idmap-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/sss_idmap-tests.c'; fi` src/tests/cmocka/sss_nss_idmap_tests-sss_nss_idmap-tests.o: src/tests/cmocka/sss_nss_idmap-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_nss_idmap_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/sss_nss_idmap_tests-sss_nss_idmap-tests.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/sss_nss_idmap_tests-sss_nss_idmap-tests.Tpo -c -o src/tests/cmocka/sss_nss_idmap_tests-sss_nss_idmap-tests.o `test -f 'src/tests/cmocka/sss_nss_idmap-tests.c' || echo '$(srcdir)/'`src/tests/cmocka/sss_nss_idmap-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/sss_nss_idmap_tests-sss_nss_idmap-tests.Tpo src/tests/cmocka/$(DEPDIR)/sss_nss_idmap_tests-sss_nss_idmap-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/sss_nss_idmap-tests.c' object='src/tests/cmocka/sss_nss_idmap_tests-sss_nss_idmap-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_nss_idmap_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/sss_nss_idmap_tests-sss_nss_idmap-tests.o `test -f 'src/tests/cmocka/sss_nss_idmap-tests.c' || echo '$(srcdir)/'`src/tests/cmocka/sss_nss_idmap-tests.c src/tests/cmocka/sss_nss_idmap_tests-sss_nss_idmap-tests.obj: src/tests/cmocka/sss_nss_idmap-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_nss_idmap_tests_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/sss_nss_idmap_tests-sss_nss_idmap-tests.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/sss_nss_idmap_tests-sss_nss_idmap-tests.Tpo -c -o src/tests/cmocka/sss_nss_idmap_tests-sss_nss_idmap-tests.obj `if test -f 'src/tests/cmocka/sss_nss_idmap-tests.c'; then $(CYGPATH_W) 'src/tests/cmocka/sss_nss_idmap-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/sss_nss_idmap-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/sss_nss_idmap_tests-sss_nss_idmap-tests.Tpo src/tests/cmocka/$(DEPDIR)/sss_nss_idmap_tests-sss_nss_idmap-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/sss_nss_idmap-tests.c' object='src/tests/cmocka/sss_nss_idmap_tests-sss_nss_idmap-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_nss_idmap_tests_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/sss_nss_idmap_tests-sss_nss_idmap-tests.obj `if test -f 'src/tests/cmocka/sss_nss_idmap-tests.c'; then $(CYGPATH_W) 'src/tests/cmocka/sss_nss_idmap-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/sss_nss_idmap-tests.c'; fi` src/sss_client/sss_ssh_authorizedkeys-common.o: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_ssh_authorizedkeys-common.o -MD -MP -MF src/sss_client/$(DEPDIR)/sss_ssh_authorizedkeys-common.Tpo -c -o src/sss_client/sss_ssh_authorizedkeys-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_ssh_authorizedkeys-common.Tpo src/sss_client/$(DEPDIR)/sss_ssh_authorizedkeys-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_ssh_authorizedkeys-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_ssh_authorizedkeys-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c src/sss_client/sss_ssh_authorizedkeys-common.obj: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_ssh_authorizedkeys-common.obj -MD -MP -MF src/sss_client/$(DEPDIR)/sss_ssh_authorizedkeys-common.Tpo -c -o src/sss_client/sss_ssh_authorizedkeys-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_ssh_authorizedkeys-common.Tpo src/sss_client/$(DEPDIR)/sss_ssh_authorizedkeys-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_ssh_authorizedkeys-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_ssh_authorizedkeys-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.o: src/sss_client/ssh/sss_ssh_client.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) -MT src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.o -MD -MP -MF src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_client.Tpo -c -o src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.o `test -f 'src/sss_client/ssh/sss_ssh_client.c' || echo '$(srcdir)/'`src/sss_client/ssh/sss_ssh_client.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_client.Tpo src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_client.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/ssh/sss_ssh_client.c' object='src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) -c -o src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.o `test -f 'src/sss_client/ssh/sss_ssh_client.c' || echo '$(srcdir)/'`src/sss_client/ssh/sss_ssh_client.c src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.obj: src/sss_client/ssh/sss_ssh_client.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) -MT src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.obj -MD -MP -MF src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_client.Tpo -c -o src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.obj `if test -f 'src/sss_client/ssh/sss_ssh_client.c'; then $(CYGPATH_W) 'src/sss_client/ssh/sss_ssh_client.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/ssh/sss_ssh_client.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_client.Tpo src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_client.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/ssh/sss_ssh_client.c' object='src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) -c -o src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_client.obj `if test -f 'src/sss_client/ssh/sss_ssh_client.c'; then $(CYGPATH_W) 'src/sss_client/ssh/sss_ssh_client.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/ssh/sss_ssh_client.c'; fi` src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.o: src/sss_client/ssh/sss_ssh_authorizedkeys.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) -MT src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.o -MD -MP -MF src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.Tpo -c -o src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.o `test -f 'src/sss_client/ssh/sss_ssh_authorizedkeys.c' || echo '$(srcdir)/'`src/sss_client/ssh/sss_ssh_authorizedkeys.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.Tpo src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/ssh/sss_ssh_authorizedkeys.c' object='src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) -c -o src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.o `test -f 'src/sss_client/ssh/sss_ssh_authorizedkeys.c' || echo '$(srcdir)/'`src/sss_client/ssh/sss_ssh_authorizedkeys.c src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.obj: src/sss_client/ssh/sss_ssh_authorizedkeys.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) -MT src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.obj -MD -MP -MF src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.Tpo -c -o src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.obj `if test -f 'src/sss_client/ssh/sss_ssh_authorizedkeys.c'; then $(CYGPATH_W) 'src/sss_client/ssh/sss_ssh_authorizedkeys.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/ssh/sss_ssh_authorizedkeys.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.Tpo src/sss_client/ssh/$(DEPDIR)/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/ssh/sss_ssh_authorizedkeys.c' object='src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_authorizedkeys_CFLAGS) $(CFLAGS) -c -o src/sss_client/ssh/sss_ssh_authorizedkeys-sss_ssh_authorizedkeys.obj `if test -f 'src/sss_client/ssh/sss_ssh_authorizedkeys.c'; then $(CYGPATH_W) 'src/sss_client/ssh/sss_ssh_authorizedkeys.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/ssh/sss_ssh_authorizedkeys.c'; fi` src/sss_client/sss_ssh_knownhostsproxy-common.o: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_ssh_knownhostsproxy-common.o -MD -MP -MF src/sss_client/$(DEPDIR)/sss_ssh_knownhostsproxy-common.Tpo -c -o src/sss_client/sss_ssh_knownhostsproxy-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_ssh_knownhostsproxy-common.Tpo src/sss_client/$(DEPDIR)/sss_ssh_knownhostsproxy-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_ssh_knownhostsproxy-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_ssh_knownhostsproxy-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c src/sss_client/sss_ssh_knownhostsproxy-common.obj: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_ssh_knownhostsproxy-common.obj -MD -MP -MF src/sss_client/$(DEPDIR)/sss_ssh_knownhostsproxy-common.Tpo -c -o src/sss_client/sss_ssh_knownhostsproxy-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_ssh_knownhostsproxy-common.Tpo src/sss_client/$(DEPDIR)/sss_ssh_knownhostsproxy-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_ssh_knownhostsproxy-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_ssh_knownhostsproxy-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.o: src/sss_client/ssh/sss_ssh_client.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) -MT src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.o -MD -MP -MF src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_client.Tpo -c -o src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.o `test -f 'src/sss_client/ssh/sss_ssh_client.c' || echo '$(srcdir)/'`src/sss_client/ssh/sss_ssh_client.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_client.Tpo src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_client.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/ssh/sss_ssh_client.c' object='src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) -c -o src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.o `test -f 'src/sss_client/ssh/sss_ssh_client.c' || echo '$(srcdir)/'`src/sss_client/ssh/sss_ssh_client.c src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.obj: src/sss_client/ssh/sss_ssh_client.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) -MT src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.obj -MD -MP -MF src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_client.Tpo -c -o src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.obj `if test -f 'src/sss_client/ssh/sss_ssh_client.c'; then $(CYGPATH_W) 'src/sss_client/ssh/sss_ssh_client.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/ssh/sss_ssh_client.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_client.Tpo src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_client.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/ssh/sss_ssh_client.c' object='src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) -c -o src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_client.obj `if test -f 'src/sss_client/ssh/sss_ssh_client.c'; then $(CYGPATH_W) 'src/sss_client/ssh/sss_ssh_client.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/ssh/sss_ssh_client.c'; fi` src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.o: src/sss_client/ssh/sss_ssh_knownhostsproxy.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) -MT src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.o -MD -MP -MF src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.Tpo -c -o src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.o `test -f 'src/sss_client/ssh/sss_ssh_knownhostsproxy.c' || echo '$(srcdir)/'`src/sss_client/ssh/sss_ssh_knownhostsproxy.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.Tpo src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/ssh/sss_ssh_knownhostsproxy.c' object='src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) -c -o src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.o `test -f 'src/sss_client/ssh/sss_ssh_knownhostsproxy.c' || echo '$(srcdir)/'`src/sss_client/ssh/sss_ssh_knownhostsproxy.c src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.obj: src/sss_client/ssh/sss_ssh_knownhostsproxy.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) -MT src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.obj -MD -MP -MF src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.Tpo -c -o src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.obj `if test -f 'src/sss_client/ssh/sss_ssh_knownhostsproxy.c'; then $(CYGPATH_W) 'src/sss_client/ssh/sss_ssh_knownhostsproxy.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/ssh/sss_ssh_knownhostsproxy.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.Tpo src/sss_client/ssh/$(DEPDIR)/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/ssh/sss_ssh_knownhostsproxy.c' object='src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_ssh_knownhostsproxy_CFLAGS) $(CFLAGS) -c -o src/sss_client/ssh/sss_ssh_knownhostsproxy-sss_ssh_knownhostsproxy.obj `if test -f 'src/sss_client/ssh/sss_ssh_knownhostsproxy.c'; then $(CYGPATH_W) 'src/sss_client/ssh/sss_ssh_knownhostsproxy.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/ssh/sss_ssh_knownhostsproxy.c'; fi` src/sss_client/sss_sudo_cli-common.o: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_sudo_cli-common.o -MD -MP -MF src/sss_client/$(DEPDIR)/sss_sudo_cli-common.Tpo -c -o src/sss_client/sss_sudo_cli-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_sudo_cli-common.Tpo src/sss_client/$(DEPDIR)/sss_sudo_cli-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_sudo_cli-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_sudo_cli-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c src/sss_client/sss_sudo_cli-common.obj: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_sudo_cli-common.obj -MD -MP -MF src/sss_client/$(DEPDIR)/sss_sudo_cli-common.Tpo -c -o src/sss_client/sss_sudo_cli-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_sudo_cli-common.Tpo src/sss_client/$(DEPDIR)/sss_sudo_cli-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_sudo_cli-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_sudo_cli-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` src/sss_client/sudo/sss_sudo_cli-sss_sudo.o: src/sss_client/sudo/sss_sudo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -MT src/sss_client/sudo/sss_sudo_cli-sss_sudo.o -MD -MP -MF src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo.Tpo -c -o src/sss_client/sudo/sss_sudo_cli-sss_sudo.o `test -f 'src/sss_client/sudo/sss_sudo.c' || echo '$(srcdir)/'`src/sss_client/sudo/sss_sudo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo.Tpo src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/sudo/sss_sudo.c' object='src/sss_client/sudo/sss_sudo_cli-sss_sudo.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -c -o src/sss_client/sudo/sss_sudo_cli-sss_sudo.o `test -f 'src/sss_client/sudo/sss_sudo.c' || echo '$(srcdir)/'`src/sss_client/sudo/sss_sudo.c src/sss_client/sudo/sss_sudo_cli-sss_sudo.obj: src/sss_client/sudo/sss_sudo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -MT src/sss_client/sudo/sss_sudo_cli-sss_sudo.obj -MD -MP -MF src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo.Tpo -c -o src/sss_client/sudo/sss_sudo_cli-sss_sudo.obj `if test -f 'src/sss_client/sudo/sss_sudo.c'; then $(CYGPATH_W) 'src/sss_client/sudo/sss_sudo.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/sudo/sss_sudo.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo.Tpo src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/sudo/sss_sudo.c' object='src/sss_client/sudo/sss_sudo_cli-sss_sudo.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -c -o src/sss_client/sudo/sss_sudo_cli-sss_sudo.obj `if test -f 'src/sss_client/sudo/sss_sudo.c'; then $(CYGPATH_W) 'src/sss_client/sudo/sss_sudo.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/sudo/sss_sudo.c'; fi` src/sss_client/sudo/sss_sudo_cli-sss_sudo_response.o: src/sss_client/sudo/sss_sudo_response.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -MT src/sss_client/sudo/sss_sudo_cli-sss_sudo_response.o -MD -MP -MF src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo_response.Tpo -c -o src/sss_client/sudo/sss_sudo_cli-sss_sudo_response.o `test -f 'src/sss_client/sudo/sss_sudo_response.c' || echo '$(srcdir)/'`src/sss_client/sudo/sss_sudo_response.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo_response.Tpo src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo_response.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/sudo/sss_sudo_response.c' object='src/sss_client/sudo/sss_sudo_cli-sss_sudo_response.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -c -o src/sss_client/sudo/sss_sudo_cli-sss_sudo_response.o `test -f 'src/sss_client/sudo/sss_sudo_response.c' || echo '$(srcdir)/'`src/sss_client/sudo/sss_sudo_response.c src/sss_client/sudo/sss_sudo_cli-sss_sudo_response.obj: src/sss_client/sudo/sss_sudo_response.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -MT src/sss_client/sudo/sss_sudo_cli-sss_sudo_response.obj -MD -MP -MF src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo_response.Tpo -c -o src/sss_client/sudo/sss_sudo_cli-sss_sudo_response.obj `if test -f 'src/sss_client/sudo/sss_sudo_response.c'; then $(CYGPATH_W) 'src/sss_client/sudo/sss_sudo_response.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/sudo/sss_sudo_response.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo_response.Tpo src/sss_client/sudo/$(DEPDIR)/sss_sudo_cli-sss_sudo_response.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/sudo/sss_sudo_response.c' object='src/sss_client/sudo/sss_sudo_cli-sss_sudo_response.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -c -o src/sss_client/sudo/sss_sudo_cli-sss_sudo_response.obj `if test -f 'src/sss_client/sudo/sss_sudo_response.c'; then $(CYGPATH_W) 'src/sss_client/sudo/sss_sudo_response.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/sudo/sss_sudo_response.c'; fi` src/sss_client/sudo_testcli/sss_sudo_cli-sudo_testcli.o: src/sss_client/sudo_testcli/sudo_testcli.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -MT src/sss_client/sudo_testcli/sss_sudo_cli-sudo_testcli.o -MD -MP -MF src/sss_client/sudo_testcli/$(DEPDIR)/sss_sudo_cli-sudo_testcli.Tpo -c -o src/sss_client/sudo_testcli/sss_sudo_cli-sudo_testcli.o `test -f 'src/sss_client/sudo_testcli/sudo_testcli.c' || echo '$(srcdir)/'`src/sss_client/sudo_testcli/sudo_testcli.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/sudo_testcli/$(DEPDIR)/sss_sudo_cli-sudo_testcli.Tpo src/sss_client/sudo_testcli/$(DEPDIR)/sss_sudo_cli-sudo_testcli.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/sudo_testcli/sudo_testcli.c' object='src/sss_client/sudo_testcli/sss_sudo_cli-sudo_testcli.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -c -o src/sss_client/sudo_testcli/sss_sudo_cli-sudo_testcli.o `test -f 'src/sss_client/sudo_testcli/sudo_testcli.c' || echo '$(srcdir)/'`src/sss_client/sudo_testcli/sudo_testcli.c src/sss_client/sudo_testcli/sss_sudo_cli-sudo_testcli.obj: src/sss_client/sudo_testcli/sudo_testcli.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -MT src/sss_client/sudo_testcli/sss_sudo_cli-sudo_testcli.obj -MD -MP -MF src/sss_client/sudo_testcli/$(DEPDIR)/sss_sudo_cli-sudo_testcli.Tpo -c -o src/sss_client/sudo_testcli/sss_sudo_cli-sudo_testcli.obj `if test -f 'src/sss_client/sudo_testcli/sudo_testcli.c'; then $(CYGPATH_W) 'src/sss_client/sudo_testcli/sudo_testcli.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/sudo_testcli/sudo_testcli.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/sudo_testcli/$(DEPDIR)/sss_sudo_cli-sudo_testcli.Tpo src/sss_client/sudo_testcli/$(DEPDIR)/sss_sudo_cli-sudo_testcli.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/sudo_testcli/sudo_testcli.c' object='src/sss_client/sudo_testcli/sss_sudo_cli-sudo_testcli.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_sudo_cli_CFLAGS) $(CFLAGS) -c -o src/sss_client/sudo_testcli/sss_sudo_cli-sudo_testcli.obj `if test -f 'src/sss_client/sudo_testcli/sudo_testcli.c'; then $(CYGPATH_W) 'src/sss_client/sudo_testcli/sudo_testcli.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/sudo_testcli/sudo_testcli.c'; fi` src/tools/sss_userdel-sss_userdel.o: src/tools/sss_userdel.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_userdel-sss_userdel.o -MD -MP -MF src/tools/$(DEPDIR)/sss_userdel-sss_userdel.Tpo -c -o src/tools/sss_userdel-sss_userdel.o `test -f 'src/tools/sss_userdel.c' || echo '$(srcdir)/'`src/tools/sss_userdel.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_userdel-sss_userdel.Tpo src/tools/$(DEPDIR)/sss_userdel-sss_userdel.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_userdel.c' object='src/tools/sss_userdel-sss_userdel.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_userdel-sss_userdel.o `test -f 'src/tools/sss_userdel.c' || echo '$(srcdir)/'`src/tools/sss_userdel.c src/tools/sss_userdel-sss_userdel.obj: src/tools/sss_userdel.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_userdel-sss_userdel.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_userdel-sss_userdel.Tpo -c -o src/tools/sss_userdel-sss_userdel.obj `if test -f 'src/tools/sss_userdel.c'; then $(CYGPATH_W) 'src/tools/sss_userdel.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_userdel.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_userdel-sss_userdel.Tpo src/tools/$(DEPDIR)/sss_userdel-sss_userdel.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_userdel.c' object='src/tools/sss_userdel-sss_userdel.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_userdel-sss_userdel.obj `if test -f 'src/tools/sss_userdel.c'; then $(CYGPATH_W) 'src/tools/sss_userdel.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_userdel.c'; fi` src/util/sss_userdel-find_uid.o: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/util/sss_userdel-find_uid.o -MD -MP -MF src/util/$(DEPDIR)/sss_userdel-find_uid.Tpo -c -o src/util/sss_userdel-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sss_userdel-find_uid.Tpo src/util/$(DEPDIR)/sss_userdel-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/sss_userdel-find_uid.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/util/sss_userdel-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c src/util/sss_userdel-find_uid.obj: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/util/sss_userdel-find_uid.obj -MD -MP -MF src/util/$(DEPDIR)/sss_userdel-find_uid.Tpo -c -o src/util/sss_userdel-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sss_userdel-find_uid.Tpo src/util/$(DEPDIR)/sss_userdel-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/sss_userdel-find_uid.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/util/sss_userdel-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` src/sss_client/sss_userdel-common.o: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_userdel-common.o -MD -MP -MF src/sss_client/$(DEPDIR)/sss_userdel-common.Tpo -c -o src/sss_client/sss_userdel-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_userdel-common.Tpo src/sss_client/$(DEPDIR)/sss_userdel-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_userdel-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_userdel-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c src/sss_client/sss_userdel-common.obj: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_userdel-common.obj -MD -MP -MF src/sss_client/$(DEPDIR)/sss_userdel-common.Tpo -c -o src/sss_client/sss_userdel-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_userdel-common.Tpo src/sss_client/$(DEPDIR)/sss_userdel-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_userdel-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_userdel-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` src/tools/sss_userdel-tools_mc_util.o: src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_userdel-tools_mc_util.o -MD -MP -MF src/tools/$(DEPDIR)/sss_userdel-tools_mc_util.Tpo -c -o src/tools/sss_userdel-tools_mc_util.o `test -f 'src/tools/tools_mc_util.c' || echo '$(srcdir)/'`src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_userdel-tools_mc_util.Tpo src/tools/$(DEPDIR)/sss_userdel-tools_mc_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_mc_util.c' object='src/tools/sss_userdel-tools_mc_util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_userdel-tools_mc_util.o `test -f 'src/tools/tools_mc_util.c' || echo '$(srcdir)/'`src/tools/tools_mc_util.c src/tools/sss_userdel-tools_mc_util.obj: src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_userdel-tools_mc_util.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_userdel-tools_mc_util.Tpo -c -o src/tools/sss_userdel-tools_mc_util.obj `if test -f 'src/tools/tools_mc_util.c'; then $(CYGPATH_W) 'src/tools/tools_mc_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_mc_util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_userdel-tools_mc_util.Tpo src/tools/$(DEPDIR)/sss_userdel-tools_mc_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_mc_util.c' object='src/tools/sss_userdel-tools_mc_util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_userdel-tools_mc_util.obj `if test -f 'src/tools/tools_mc_util.c'; then $(CYGPATH_W) 'src/tools/tools_mc_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_mc_util.c'; fi` src/tools/sss_userdel-sss_sync_ops.o: src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_userdel-sss_sync_ops.o -MD -MP -MF src/tools/$(DEPDIR)/sss_userdel-sss_sync_ops.Tpo -c -o src/tools/sss_userdel-sss_sync_ops.o `test -f 'src/tools/sss_sync_ops.c' || echo '$(srcdir)/'`src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_userdel-sss_sync_ops.Tpo src/tools/$(DEPDIR)/sss_userdel-sss_sync_ops.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_sync_ops.c' object='src/tools/sss_userdel-sss_sync_ops.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_userdel-sss_sync_ops.o `test -f 'src/tools/sss_sync_ops.c' || echo '$(srcdir)/'`src/tools/sss_sync_ops.c src/tools/sss_userdel-sss_sync_ops.obj: src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_userdel-sss_sync_ops.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_userdel-sss_sync_ops.Tpo -c -o src/tools/sss_userdel-sss_sync_ops.obj `if test -f 'src/tools/sss_sync_ops.c'; then $(CYGPATH_W) 'src/tools/sss_sync_ops.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_sync_ops.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_userdel-sss_sync_ops.Tpo src/tools/$(DEPDIR)/sss_userdel-sss_sync_ops.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_sync_ops.c' object='src/tools/sss_userdel-sss_sync_ops.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_userdel-sss_sync_ops.obj `if test -f 'src/tools/sss_sync_ops.c'; then $(CYGPATH_W) 'src/tools/sss_sync_ops.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_sync_ops.c'; fi` src/tools/sss_userdel-tools_util.o: src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_userdel-tools_util.o -MD -MP -MF src/tools/$(DEPDIR)/sss_userdel-tools_util.Tpo -c -o src/tools/sss_userdel-tools_util.o `test -f 'src/tools/tools_util.c' || echo '$(srcdir)/'`src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_userdel-tools_util.Tpo src/tools/$(DEPDIR)/sss_userdel-tools_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_util.c' object='src/tools/sss_userdel-tools_util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_userdel-tools_util.o `test -f 'src/tools/tools_util.c' || echo '$(srcdir)/'`src/tools/tools_util.c src/tools/sss_userdel-tools_util.obj: src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_userdel-tools_util.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_userdel-tools_util.Tpo -c -o src/tools/sss_userdel-tools_util.obj `if test -f 'src/tools/tools_util.c'; then $(CYGPATH_W) 'src/tools/tools_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_userdel-tools_util.Tpo src/tools/$(DEPDIR)/sss_userdel-tools_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_util.c' object='src/tools/sss_userdel-tools_util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_userdel-tools_util.obj `if test -f 'src/tools/tools_util.c'; then $(CYGPATH_W) 'src/tools/tools_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_util.c'; fi` src/tools/sss_userdel-files.o: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_userdel-files.o -MD -MP -MF src/tools/$(DEPDIR)/sss_userdel-files.Tpo -c -o src/tools/sss_userdel-files.o `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_userdel-files.Tpo src/tools/$(DEPDIR)/sss_userdel-files.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/sss_userdel-files.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_userdel-files.o `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c src/tools/sss_userdel-files.obj: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_userdel-files.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_userdel-files.Tpo -c -o src/tools/sss_userdel-files.obj `if test -f 'src/tools/files.c'; then $(CYGPATH_W) 'src/tools/files.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/files.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_userdel-files.Tpo src/tools/$(DEPDIR)/sss_userdel-files.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/sss_userdel-files.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_userdel-files.obj `if test -f 'src/tools/files.c'; then $(CYGPATH_W) 'src/tools/files.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/files.c'; fi` src/tools/sss_userdel-selinux.o: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_userdel-selinux.o -MD -MP -MF src/tools/$(DEPDIR)/sss_userdel-selinux.Tpo -c -o src/tools/sss_userdel-selinux.o `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_userdel-selinux.Tpo src/tools/$(DEPDIR)/sss_userdel-selinux.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/sss_userdel-selinux.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_userdel-selinux.o `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c src/tools/sss_userdel-selinux.obj: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/tools/sss_userdel-selinux.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_userdel-selinux.Tpo -c -o src/tools/sss_userdel-selinux.obj `if test -f 'src/tools/selinux.c'; then $(CYGPATH_W) 'src/tools/selinux.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/selinux.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_userdel-selinux.Tpo src/tools/$(DEPDIR)/sss_userdel-selinux.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/sss_userdel-selinux.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/tools/sss_userdel-selinux.obj `if test -f 'src/tools/selinux.c'; then $(CYGPATH_W) 'src/tools/selinux.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/selinux.c'; fi` src/util/sss_userdel-nscd.o: src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/util/sss_userdel-nscd.o -MD -MP -MF src/util/$(DEPDIR)/sss_userdel-nscd.Tpo -c -o src/util/sss_userdel-nscd.o `test -f 'src/util/nscd.c' || echo '$(srcdir)/'`src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sss_userdel-nscd.Tpo src/util/$(DEPDIR)/sss_userdel-nscd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/nscd.c' object='src/util/sss_userdel-nscd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/util/sss_userdel-nscd.o `test -f 'src/util/nscd.c' || echo '$(srcdir)/'`src/util/nscd.c src/util/sss_userdel-nscd.obj: src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -MT src/util/sss_userdel-nscd.obj -MD -MP -MF src/util/$(DEPDIR)/sss_userdel-nscd.Tpo -c -o src/util/sss_userdel-nscd.obj `if test -f 'src/util/nscd.c'; then $(CYGPATH_W) 'src/util/nscd.c'; else $(CYGPATH_W) '$(srcdir)/src/util/nscd.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sss_userdel-nscd.Tpo src/util/$(DEPDIR)/sss_userdel-nscd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/nscd.c' object='src/util/sss_userdel-nscd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_userdel_CFLAGS) $(CFLAGS) -c -o src/util/sss_userdel-nscd.obj `if test -f 'src/util/nscd.c'; then $(CYGPATH_W) 'src/util/nscd.c'; else $(CYGPATH_W) '$(srcdir)/src/util/nscd.c'; fi` src/tools/sss_usermod-sss_usermod.o: src/tools/sss_usermod.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/tools/sss_usermod-sss_usermod.o -MD -MP -MF src/tools/$(DEPDIR)/sss_usermod-sss_usermod.Tpo -c -o src/tools/sss_usermod-sss_usermod.o `test -f 'src/tools/sss_usermod.c' || echo '$(srcdir)/'`src/tools/sss_usermod.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_usermod-sss_usermod.Tpo src/tools/$(DEPDIR)/sss_usermod-sss_usermod.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_usermod.c' object='src/tools/sss_usermod-sss_usermod.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_usermod-sss_usermod.o `test -f 'src/tools/sss_usermod.c' || echo '$(srcdir)/'`src/tools/sss_usermod.c src/tools/sss_usermod-sss_usermod.obj: src/tools/sss_usermod.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/tools/sss_usermod-sss_usermod.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_usermod-sss_usermod.Tpo -c -o src/tools/sss_usermod-sss_usermod.obj `if test -f 'src/tools/sss_usermod.c'; then $(CYGPATH_W) 'src/tools/sss_usermod.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_usermod.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_usermod-sss_usermod.Tpo src/tools/$(DEPDIR)/sss_usermod-sss_usermod.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_usermod.c' object='src/tools/sss_usermod-sss_usermod.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_usermod-sss_usermod.obj `if test -f 'src/tools/sss_usermod.c'; then $(CYGPATH_W) 'src/tools/sss_usermod.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_usermod.c'; fi` src/sss_client/sss_usermod-common.o: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_usermod-common.o -MD -MP -MF src/sss_client/$(DEPDIR)/sss_usermod-common.Tpo -c -o src/sss_client/sss_usermod-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_usermod-common.Tpo src/sss_client/$(DEPDIR)/sss_usermod-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_usermod-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_usermod-common.o `test -f 'src/sss_client/common.c' || echo '$(srcdir)/'`src/sss_client/common.c src/sss_client/sss_usermod-common.obj: src/sss_client/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/sss_client/sss_usermod-common.obj -MD -MP -MF src/sss_client/$(DEPDIR)/sss_usermod-common.Tpo -c -o src/sss_client/sss_usermod-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/sss_client/$(DEPDIR)/sss_usermod-common.Tpo src/sss_client/$(DEPDIR)/sss_usermod-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/sss_client/common.c' object='src/sss_client/sss_usermod-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/sss_client/sss_usermod-common.obj `if test -f 'src/sss_client/common.c'; then $(CYGPATH_W) 'src/sss_client/common.c'; else $(CYGPATH_W) '$(srcdir)/src/sss_client/common.c'; fi` src/tools/sss_usermod-tools_mc_util.o: src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/tools/sss_usermod-tools_mc_util.o -MD -MP -MF src/tools/$(DEPDIR)/sss_usermod-tools_mc_util.Tpo -c -o src/tools/sss_usermod-tools_mc_util.o `test -f 'src/tools/tools_mc_util.c' || echo '$(srcdir)/'`src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_usermod-tools_mc_util.Tpo src/tools/$(DEPDIR)/sss_usermod-tools_mc_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_mc_util.c' object='src/tools/sss_usermod-tools_mc_util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_usermod-tools_mc_util.o `test -f 'src/tools/tools_mc_util.c' || echo '$(srcdir)/'`src/tools/tools_mc_util.c src/tools/sss_usermod-tools_mc_util.obj: src/tools/tools_mc_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/tools/sss_usermod-tools_mc_util.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_usermod-tools_mc_util.Tpo -c -o src/tools/sss_usermod-tools_mc_util.obj `if test -f 'src/tools/tools_mc_util.c'; then $(CYGPATH_W) 'src/tools/tools_mc_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_mc_util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_usermod-tools_mc_util.Tpo src/tools/$(DEPDIR)/sss_usermod-tools_mc_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_mc_util.c' object='src/tools/sss_usermod-tools_mc_util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_usermod-tools_mc_util.obj `if test -f 'src/tools/tools_mc_util.c'; then $(CYGPATH_W) 'src/tools/tools_mc_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_mc_util.c'; fi` src/tools/sss_usermod-sss_sync_ops.o: src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/tools/sss_usermod-sss_sync_ops.o -MD -MP -MF src/tools/$(DEPDIR)/sss_usermod-sss_sync_ops.Tpo -c -o src/tools/sss_usermod-sss_sync_ops.o `test -f 'src/tools/sss_sync_ops.c' || echo '$(srcdir)/'`src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_usermod-sss_sync_ops.Tpo src/tools/$(DEPDIR)/sss_usermod-sss_sync_ops.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_sync_ops.c' object='src/tools/sss_usermod-sss_sync_ops.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_usermod-sss_sync_ops.o `test -f 'src/tools/sss_sync_ops.c' || echo '$(srcdir)/'`src/tools/sss_sync_ops.c src/tools/sss_usermod-sss_sync_ops.obj: src/tools/sss_sync_ops.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/tools/sss_usermod-sss_sync_ops.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_usermod-sss_sync_ops.Tpo -c -o src/tools/sss_usermod-sss_sync_ops.obj `if test -f 'src/tools/sss_sync_ops.c'; then $(CYGPATH_W) 'src/tools/sss_sync_ops.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_sync_ops.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_usermod-sss_sync_ops.Tpo src/tools/$(DEPDIR)/sss_usermod-sss_sync_ops.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/sss_sync_ops.c' object='src/tools/sss_usermod-sss_sync_ops.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_usermod-sss_sync_ops.obj `if test -f 'src/tools/sss_sync_ops.c'; then $(CYGPATH_W) 'src/tools/sss_sync_ops.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/sss_sync_ops.c'; fi` src/tools/sss_usermod-tools_util.o: src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/tools/sss_usermod-tools_util.o -MD -MP -MF src/tools/$(DEPDIR)/sss_usermod-tools_util.Tpo -c -o src/tools/sss_usermod-tools_util.o `test -f 'src/tools/tools_util.c' || echo '$(srcdir)/'`src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_usermod-tools_util.Tpo src/tools/$(DEPDIR)/sss_usermod-tools_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_util.c' object='src/tools/sss_usermod-tools_util.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_usermod-tools_util.o `test -f 'src/tools/tools_util.c' || echo '$(srcdir)/'`src/tools/tools_util.c src/tools/sss_usermod-tools_util.obj: src/tools/tools_util.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/tools/sss_usermod-tools_util.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_usermod-tools_util.Tpo -c -o src/tools/sss_usermod-tools_util.obj `if test -f 'src/tools/tools_util.c'; then $(CYGPATH_W) 'src/tools/tools_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_util.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_usermod-tools_util.Tpo src/tools/$(DEPDIR)/sss_usermod-tools_util.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/tools_util.c' object='src/tools/sss_usermod-tools_util.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_usermod-tools_util.obj `if test -f 'src/tools/tools_util.c'; then $(CYGPATH_W) 'src/tools/tools_util.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/tools_util.c'; fi` src/tools/sss_usermod-files.o: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/tools/sss_usermod-files.o -MD -MP -MF src/tools/$(DEPDIR)/sss_usermod-files.Tpo -c -o src/tools/sss_usermod-files.o `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_usermod-files.Tpo src/tools/$(DEPDIR)/sss_usermod-files.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/sss_usermod-files.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_usermod-files.o `test -f 'src/tools/files.c' || echo '$(srcdir)/'`src/tools/files.c src/tools/sss_usermod-files.obj: src/tools/files.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/tools/sss_usermod-files.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_usermod-files.Tpo -c -o src/tools/sss_usermod-files.obj `if test -f 'src/tools/files.c'; then $(CYGPATH_W) 'src/tools/files.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/files.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_usermod-files.Tpo src/tools/$(DEPDIR)/sss_usermod-files.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/files.c' object='src/tools/sss_usermod-files.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_usermod-files.obj `if test -f 'src/tools/files.c'; then $(CYGPATH_W) 'src/tools/files.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/files.c'; fi` src/tools/sss_usermod-selinux.o: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/tools/sss_usermod-selinux.o -MD -MP -MF src/tools/$(DEPDIR)/sss_usermod-selinux.Tpo -c -o src/tools/sss_usermod-selinux.o `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_usermod-selinux.Tpo src/tools/$(DEPDIR)/sss_usermod-selinux.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/sss_usermod-selinux.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_usermod-selinux.o `test -f 'src/tools/selinux.c' || echo '$(srcdir)/'`src/tools/selinux.c src/tools/sss_usermod-selinux.obj: src/tools/selinux.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/tools/sss_usermod-selinux.obj -MD -MP -MF src/tools/$(DEPDIR)/sss_usermod-selinux.Tpo -c -o src/tools/sss_usermod-selinux.obj `if test -f 'src/tools/selinux.c'; then $(CYGPATH_W) 'src/tools/selinux.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/selinux.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tools/$(DEPDIR)/sss_usermod-selinux.Tpo src/tools/$(DEPDIR)/sss_usermod-selinux.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tools/selinux.c' object='src/tools/sss_usermod-selinux.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/tools/sss_usermod-selinux.obj `if test -f 'src/tools/selinux.c'; then $(CYGPATH_W) 'src/tools/selinux.c'; else $(CYGPATH_W) '$(srcdir)/src/tools/selinux.c'; fi` src/util/sss_usermod-nscd.o: src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/util/sss_usermod-nscd.o -MD -MP -MF src/util/$(DEPDIR)/sss_usermod-nscd.Tpo -c -o src/util/sss_usermod-nscd.o `test -f 'src/util/nscd.c' || echo '$(srcdir)/'`src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sss_usermod-nscd.Tpo src/util/$(DEPDIR)/sss_usermod-nscd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/nscd.c' object='src/util/sss_usermod-nscd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/util/sss_usermod-nscd.o `test -f 'src/util/nscd.c' || echo '$(srcdir)/'`src/util/nscd.c src/util/sss_usermod-nscd.obj: src/util/nscd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -MT src/util/sss_usermod-nscd.obj -MD -MP -MF src/util/$(DEPDIR)/sss_usermod-nscd.Tpo -c -o src/util/sss_usermod-nscd.obj `if test -f 'src/util/nscd.c'; then $(CYGPATH_W) 'src/util/nscd.c'; else $(CYGPATH_W) '$(srcdir)/src/util/nscd.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/sss_usermod-nscd.Tpo src/util/$(DEPDIR)/sss_usermod-nscd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/nscd.c' object='src/util/sss_usermod-nscd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sss_usermod_CFLAGS) $(CFLAGS) -c -o src/util/sss_usermod-nscd.obj `if test -f 'src/util/nscd.c'; then $(CYGPATH_W) 'src/util/nscd.c'; else $(CYGPATH_W) '$(srcdir)/src/util/nscd.c'; fi` src/responder/pac/sssd_pac-pacsrv.o: src/responder/pac/pacsrv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/pac/sssd_pac-pacsrv.o -MD -MP -MF src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv.Tpo -c -o src/responder/pac/sssd_pac-pacsrv.o `test -f 'src/responder/pac/pacsrv.c' || echo '$(srcdir)/'`src/responder/pac/pacsrv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv.Tpo src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/pac/pacsrv.c' object='src/responder/pac/sssd_pac-pacsrv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/pac/sssd_pac-pacsrv.o `test -f 'src/responder/pac/pacsrv.c' || echo '$(srcdir)/'`src/responder/pac/pacsrv.c src/responder/pac/sssd_pac-pacsrv.obj: src/responder/pac/pacsrv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/pac/sssd_pac-pacsrv.obj -MD -MP -MF src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv.Tpo -c -o src/responder/pac/sssd_pac-pacsrv.obj `if test -f 'src/responder/pac/pacsrv.c'; then $(CYGPATH_W) 'src/responder/pac/pacsrv.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/pac/pacsrv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv.Tpo src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/pac/pacsrv.c' object='src/responder/pac/sssd_pac-pacsrv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/pac/sssd_pac-pacsrv.obj `if test -f 'src/responder/pac/pacsrv.c'; then $(CYGPATH_W) 'src/responder/pac/pacsrv.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/pac/pacsrv.c'; fi` src/responder/pac/sssd_pac-pacsrv_cmd.o: src/responder/pac/pacsrv_cmd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/pac/sssd_pac-pacsrv_cmd.o -MD -MP -MF src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_cmd.Tpo -c -o src/responder/pac/sssd_pac-pacsrv_cmd.o `test -f 'src/responder/pac/pacsrv_cmd.c' || echo '$(srcdir)/'`src/responder/pac/pacsrv_cmd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_cmd.Tpo src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_cmd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/pac/pacsrv_cmd.c' object='src/responder/pac/sssd_pac-pacsrv_cmd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/pac/sssd_pac-pacsrv_cmd.o `test -f 'src/responder/pac/pacsrv_cmd.c' || echo '$(srcdir)/'`src/responder/pac/pacsrv_cmd.c src/responder/pac/sssd_pac-pacsrv_cmd.obj: src/responder/pac/pacsrv_cmd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/pac/sssd_pac-pacsrv_cmd.obj -MD -MP -MF src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_cmd.Tpo -c -o src/responder/pac/sssd_pac-pacsrv_cmd.obj `if test -f 'src/responder/pac/pacsrv_cmd.c'; then $(CYGPATH_W) 'src/responder/pac/pacsrv_cmd.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/pac/pacsrv_cmd.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_cmd.Tpo src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_cmd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/pac/pacsrv_cmd.c' object='src/responder/pac/sssd_pac-pacsrv_cmd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/pac/sssd_pac-pacsrv_cmd.obj `if test -f 'src/responder/pac/pacsrv_cmd.c'; then $(CYGPATH_W) 'src/responder/pac/pacsrv_cmd.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/pac/pacsrv_cmd.c'; fi` src/responder/pac/sssd_pac-pacsrv_utils.o: src/responder/pac/pacsrv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/pac/sssd_pac-pacsrv_utils.o -MD -MP -MF src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_utils.Tpo -c -o src/responder/pac/sssd_pac-pacsrv_utils.o `test -f 'src/responder/pac/pacsrv_utils.c' || echo '$(srcdir)/'`src/responder/pac/pacsrv_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_utils.Tpo src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/pac/pacsrv_utils.c' object='src/responder/pac/sssd_pac-pacsrv_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/pac/sssd_pac-pacsrv_utils.o `test -f 'src/responder/pac/pacsrv_utils.c' || echo '$(srcdir)/'`src/responder/pac/pacsrv_utils.c src/responder/pac/sssd_pac-pacsrv_utils.obj: src/responder/pac/pacsrv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/pac/sssd_pac-pacsrv_utils.obj -MD -MP -MF src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_utils.Tpo -c -o src/responder/pac/sssd_pac-pacsrv_utils.obj `if test -f 'src/responder/pac/pacsrv_utils.c'; then $(CYGPATH_W) 'src/responder/pac/pacsrv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/pac/pacsrv_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_utils.Tpo src/responder/pac/$(DEPDIR)/sssd_pac-pacsrv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/pac/pacsrv_utils.c' object='src/responder/pac/sssd_pac-pacsrv_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/pac/sssd_pac-pacsrv_utils.obj `if test -f 'src/responder/pac/pacsrv_utils.c'; then $(CYGPATH_W) 'src/responder/pac/pacsrv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/pac/pacsrv_utils.c'; fi` src/responder/common/sssd_pac-negcache.o: src/responder/common/negcache.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/common/sssd_pac-negcache.o -MD -MP -MF src/responder/common/$(DEPDIR)/sssd_pac-negcache.Tpo -c -o src/responder/common/sssd_pac-negcache.o `test -f 'src/responder/common/negcache.c' || echo '$(srcdir)/'`src/responder/common/negcache.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/sssd_pac-negcache.Tpo src/responder/common/$(DEPDIR)/sssd_pac-negcache.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/negcache.c' object='src/responder/common/sssd_pac-negcache.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/common/sssd_pac-negcache.o `test -f 'src/responder/common/negcache.c' || echo '$(srcdir)/'`src/responder/common/negcache.c src/responder/common/sssd_pac-negcache.obj: src/responder/common/negcache.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/common/sssd_pac-negcache.obj -MD -MP -MF src/responder/common/$(DEPDIR)/sssd_pac-negcache.Tpo -c -o src/responder/common/sssd_pac-negcache.obj `if test -f 'src/responder/common/negcache.c'; then $(CYGPATH_W) 'src/responder/common/negcache.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/negcache.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/sssd_pac-negcache.Tpo src/responder/common/$(DEPDIR)/sssd_pac-negcache.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/negcache.c' object='src/responder/common/sssd_pac-negcache.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/common/sssd_pac-negcache.obj `if test -f 'src/responder/common/negcache.c'; then $(CYGPATH_W) 'src/responder/common/negcache.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/negcache.c'; fi` src/responder/common/sssd_pac-responder_cmd.o: src/responder/common/responder_cmd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/common/sssd_pac-responder_cmd.o -MD -MP -MF src/responder/common/$(DEPDIR)/sssd_pac-responder_cmd.Tpo -c -o src/responder/common/sssd_pac-responder_cmd.o `test -f 'src/responder/common/responder_cmd.c' || echo '$(srcdir)/'`src/responder/common/responder_cmd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/sssd_pac-responder_cmd.Tpo src/responder/common/$(DEPDIR)/sssd_pac-responder_cmd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_cmd.c' object='src/responder/common/sssd_pac-responder_cmd.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/common/sssd_pac-responder_cmd.o `test -f 'src/responder/common/responder_cmd.c' || echo '$(srcdir)/'`src/responder/common/responder_cmd.c src/responder/common/sssd_pac-responder_cmd.obj: src/responder/common/responder_cmd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/common/sssd_pac-responder_cmd.obj -MD -MP -MF src/responder/common/$(DEPDIR)/sssd_pac-responder_cmd.Tpo -c -o src/responder/common/sssd_pac-responder_cmd.obj `if test -f 'src/responder/common/responder_cmd.c'; then $(CYGPATH_W) 'src/responder/common/responder_cmd.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_cmd.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/sssd_pac-responder_cmd.Tpo src/responder/common/$(DEPDIR)/sssd_pac-responder_cmd.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_cmd.c' object='src/responder/common/sssd_pac-responder_cmd.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/common/sssd_pac-responder_cmd.obj `if test -f 'src/responder/common/responder_cmd.c'; then $(CYGPATH_W) 'src/responder/common/responder_cmd.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_cmd.c'; fi` src/responder/common/sssd_pac-responder_common.o: src/responder/common/responder_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/common/sssd_pac-responder_common.o -MD -MP -MF src/responder/common/$(DEPDIR)/sssd_pac-responder_common.Tpo -c -o src/responder/common/sssd_pac-responder_common.o `test -f 'src/responder/common/responder_common.c' || echo '$(srcdir)/'`src/responder/common/responder_common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/sssd_pac-responder_common.Tpo src/responder/common/$(DEPDIR)/sssd_pac-responder_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_common.c' object='src/responder/common/sssd_pac-responder_common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/common/sssd_pac-responder_common.o `test -f 'src/responder/common/responder_common.c' || echo '$(srcdir)/'`src/responder/common/responder_common.c src/responder/common/sssd_pac-responder_common.obj: src/responder/common/responder_common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/common/sssd_pac-responder_common.obj -MD -MP -MF src/responder/common/$(DEPDIR)/sssd_pac-responder_common.Tpo -c -o src/responder/common/sssd_pac-responder_common.obj `if test -f 'src/responder/common/responder_common.c'; then $(CYGPATH_W) 'src/responder/common/responder_common.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/sssd_pac-responder_common.Tpo src/responder/common/$(DEPDIR)/sssd_pac-responder_common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_common.c' object='src/responder/common/sssd_pac-responder_common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/common/sssd_pac-responder_common.obj `if test -f 'src/responder/common/responder_common.c'; then $(CYGPATH_W) 'src/responder/common/responder_common.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_common.c'; fi` src/responder/common/sssd_pac-responder_dp.o: src/responder/common/responder_dp.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/common/sssd_pac-responder_dp.o -MD -MP -MF src/responder/common/$(DEPDIR)/sssd_pac-responder_dp.Tpo -c -o src/responder/common/sssd_pac-responder_dp.o `test -f 'src/responder/common/responder_dp.c' || echo '$(srcdir)/'`src/responder/common/responder_dp.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/sssd_pac-responder_dp.Tpo src/responder/common/$(DEPDIR)/sssd_pac-responder_dp.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_dp.c' object='src/responder/common/sssd_pac-responder_dp.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/common/sssd_pac-responder_dp.o `test -f 'src/responder/common/responder_dp.c' || echo '$(srcdir)/'`src/responder/common/responder_dp.c src/responder/common/sssd_pac-responder_dp.obj: src/responder/common/responder_dp.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/common/sssd_pac-responder_dp.obj -MD -MP -MF src/responder/common/$(DEPDIR)/sssd_pac-responder_dp.Tpo -c -o src/responder/common/sssd_pac-responder_dp.obj `if test -f 'src/responder/common/responder_dp.c'; then $(CYGPATH_W) 'src/responder/common/responder_dp.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_dp.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/sssd_pac-responder_dp.Tpo src/responder/common/$(DEPDIR)/sssd_pac-responder_dp.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_dp.c' object='src/responder/common/sssd_pac-responder_dp.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/common/sssd_pac-responder_dp.obj `if test -f 'src/responder/common/responder_dp.c'; then $(CYGPATH_W) 'src/responder/common/responder_dp.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_dp.c'; fi` src/responder/common/sssd_pac-responder_packet.o: src/responder/common/responder_packet.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/common/sssd_pac-responder_packet.o -MD -MP -MF src/responder/common/$(DEPDIR)/sssd_pac-responder_packet.Tpo -c -o src/responder/common/sssd_pac-responder_packet.o `test -f 'src/responder/common/responder_packet.c' || echo '$(srcdir)/'`src/responder/common/responder_packet.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/sssd_pac-responder_packet.Tpo src/responder/common/$(DEPDIR)/sssd_pac-responder_packet.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_packet.c' object='src/responder/common/sssd_pac-responder_packet.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/common/sssd_pac-responder_packet.o `test -f 'src/responder/common/responder_packet.c' || echo '$(srcdir)/'`src/responder/common/responder_packet.c src/responder/common/sssd_pac-responder_packet.obj: src/responder/common/responder_packet.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/common/sssd_pac-responder_packet.obj -MD -MP -MF src/responder/common/$(DEPDIR)/sssd_pac-responder_packet.Tpo -c -o src/responder/common/sssd_pac-responder_packet.obj `if test -f 'src/responder/common/responder_packet.c'; then $(CYGPATH_W) 'src/responder/common/responder_packet.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_packet.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/sssd_pac-responder_packet.Tpo src/responder/common/$(DEPDIR)/sssd_pac-responder_packet.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_packet.c' object='src/responder/common/sssd_pac-responder_packet.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/common/sssd_pac-responder_packet.obj `if test -f 'src/responder/common/responder_packet.c'; then $(CYGPATH_W) 'src/responder/common/responder_packet.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_packet.c'; fi` src/responder/common/sssd_pac-responder_get_domains.o: src/responder/common/responder_get_domains.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/common/sssd_pac-responder_get_domains.o -MD -MP -MF src/responder/common/$(DEPDIR)/sssd_pac-responder_get_domains.Tpo -c -o src/responder/common/sssd_pac-responder_get_domains.o `test -f 'src/responder/common/responder_get_domains.c' || echo '$(srcdir)/'`src/responder/common/responder_get_domains.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/sssd_pac-responder_get_domains.Tpo src/responder/common/$(DEPDIR)/sssd_pac-responder_get_domains.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_get_domains.c' object='src/responder/common/sssd_pac-responder_get_domains.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/common/sssd_pac-responder_get_domains.o `test -f 'src/responder/common/responder_get_domains.c' || echo '$(srcdir)/'`src/responder/common/responder_get_domains.c src/responder/common/sssd_pac-responder_get_domains.obj: src/responder/common/responder_get_domains.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -MT src/responder/common/sssd_pac-responder_get_domains.obj -MD -MP -MF src/responder/common/$(DEPDIR)/sssd_pac-responder_get_domains.Tpo -c -o src/responder/common/sssd_pac-responder_get_domains.obj `if test -f 'src/responder/common/responder_get_domains.c'; then $(CYGPATH_W) 'src/responder/common/responder_get_domains.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_get_domains.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/responder/common/$(DEPDIR)/sssd_pac-responder_get_domains.Tpo src/responder/common/$(DEPDIR)/sssd_pac-responder_get_domains.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/responder/common/responder_get_domains.c' object='src/responder/common/sssd_pac-responder_get_domains.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sssd_pac_CFLAGS) $(CFLAGS) -c -o src/responder/common/sssd_pac-responder_get_domains.obj `if test -f 'src/responder/common/responder_get_domains.c'; then $(CYGPATH_W) 'src/responder/common/responder_get_domains.c'; else $(CYGPATH_W) '$(srcdir)/src/responder/common/responder_get_domains.c'; fi` src/tests/strtonum_tests-strtonum-tests.o: src/tests/strtonum-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strtonum_tests_CFLAGS) $(CFLAGS) -MT src/tests/strtonum_tests-strtonum-tests.o -MD -MP -MF src/tests/$(DEPDIR)/strtonum_tests-strtonum-tests.Tpo -c -o src/tests/strtonum_tests-strtonum-tests.o `test -f 'src/tests/strtonum-tests.c' || echo '$(srcdir)/'`src/tests/strtonum-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/strtonum_tests-strtonum-tests.Tpo src/tests/$(DEPDIR)/strtonum_tests-strtonum-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/strtonum-tests.c' object='src/tests/strtonum_tests-strtonum-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strtonum_tests_CFLAGS) $(CFLAGS) -c -o src/tests/strtonum_tests-strtonum-tests.o `test -f 'src/tests/strtonum-tests.c' || echo '$(srcdir)/'`src/tests/strtonum-tests.c src/tests/strtonum_tests-strtonum-tests.obj: src/tests/strtonum-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strtonum_tests_CFLAGS) $(CFLAGS) -MT src/tests/strtonum_tests-strtonum-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/strtonum_tests-strtonum-tests.Tpo -c -o src/tests/strtonum_tests-strtonum-tests.obj `if test -f 'src/tests/strtonum-tests.c'; then $(CYGPATH_W) 'src/tests/strtonum-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/strtonum-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/strtonum_tests-strtonum-tests.Tpo src/tests/$(DEPDIR)/strtonum_tests-strtonum-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/strtonum-tests.c' object='src/tests/strtonum_tests-strtonum-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strtonum_tests_CFLAGS) $(CFLAGS) -c -o src/tests/strtonum_tests-strtonum-tests.obj `if test -f 'src/tests/strtonum-tests.c'; then $(CYGPATH_W) 'src/tests/strtonum-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/strtonum-tests.c'; fi` src/util/strtonum_tests-strtonum.o: src/util/strtonum.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strtonum_tests_CFLAGS) $(CFLAGS) -MT src/util/strtonum_tests-strtonum.o -MD -MP -MF src/util/$(DEPDIR)/strtonum_tests-strtonum.Tpo -c -o src/util/strtonum_tests-strtonum.o `test -f 'src/util/strtonum.c' || echo '$(srcdir)/'`src/util/strtonum.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/strtonum_tests-strtonum.Tpo src/util/$(DEPDIR)/strtonum_tests-strtonum.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/strtonum.c' object='src/util/strtonum_tests-strtonum.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strtonum_tests_CFLAGS) $(CFLAGS) -c -o src/util/strtonum_tests-strtonum.o `test -f 'src/util/strtonum.c' || echo '$(srcdir)/'`src/util/strtonum.c src/util/strtonum_tests-strtonum.obj: src/util/strtonum.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strtonum_tests_CFLAGS) $(CFLAGS) -MT src/util/strtonum_tests-strtonum.obj -MD -MP -MF src/util/$(DEPDIR)/strtonum_tests-strtonum.Tpo -c -o src/util/strtonum_tests-strtonum.obj `if test -f 'src/util/strtonum.c'; then $(CYGPATH_W) 'src/util/strtonum.c'; else $(CYGPATH_W) '$(srcdir)/src/util/strtonum.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/strtonum_tests-strtonum.Tpo src/util/$(DEPDIR)/strtonum_tests-strtonum.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/strtonum.c' object='src/util/strtonum_tests-strtonum.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(strtonum_tests_CFLAGS) $(CFLAGS) -c -o src/util/strtonum_tests-strtonum.obj `if test -f 'src/util/strtonum.c'; then $(CYGPATH_W) 'src/util/strtonum.c'; else $(CYGPATH_W) '$(srcdir)/src/util/strtonum.c'; fi` src/tests/sysdb_tests-sysdb-tests.o: src/tests/sysdb-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sysdb_tests_CFLAGS) $(CFLAGS) -MT src/tests/sysdb_tests-sysdb-tests.o -MD -MP -MF src/tests/$(DEPDIR)/sysdb_tests-sysdb-tests.Tpo -c -o src/tests/sysdb_tests-sysdb-tests.o `test -f 'src/tests/sysdb-tests.c' || echo '$(srcdir)/'`src/tests/sysdb-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/sysdb_tests-sysdb-tests.Tpo src/tests/$(DEPDIR)/sysdb_tests-sysdb-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/sysdb-tests.c' object='src/tests/sysdb_tests-sysdb-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sysdb_tests_CFLAGS) $(CFLAGS) -c -o src/tests/sysdb_tests-sysdb-tests.o `test -f 'src/tests/sysdb-tests.c' || echo '$(srcdir)/'`src/tests/sysdb-tests.c src/tests/sysdb_tests-sysdb-tests.obj: src/tests/sysdb-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sysdb_tests_CFLAGS) $(CFLAGS) -MT src/tests/sysdb_tests-sysdb-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/sysdb_tests-sysdb-tests.Tpo -c -o src/tests/sysdb_tests-sysdb-tests.obj `if test -f 'src/tests/sysdb-tests.c'; then $(CYGPATH_W) 'src/tests/sysdb-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/sysdb-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/sysdb_tests-sysdb-tests.Tpo src/tests/$(DEPDIR)/sysdb_tests-sysdb-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/sysdb-tests.c' object='src/tests/sysdb_tests-sysdb-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sysdb_tests_CFLAGS) $(CFLAGS) -c -o src/tests/sysdb_tests-sysdb-tests.obj `if test -f 'src/tests/sysdb-tests.c'; then $(CYGPATH_W) 'src/tests/sysdb-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/sysdb-tests.c'; fi` src/tests/sysdb_ssh_tests-sysdb_ssh-tests.o: src/tests/sysdb_ssh-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sysdb_ssh_tests_CFLAGS) $(CFLAGS) -MT src/tests/sysdb_ssh_tests-sysdb_ssh-tests.o -MD -MP -MF src/tests/$(DEPDIR)/sysdb_ssh_tests-sysdb_ssh-tests.Tpo -c -o src/tests/sysdb_ssh_tests-sysdb_ssh-tests.o `test -f 'src/tests/sysdb_ssh-tests.c' || echo '$(srcdir)/'`src/tests/sysdb_ssh-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/sysdb_ssh_tests-sysdb_ssh-tests.Tpo src/tests/$(DEPDIR)/sysdb_ssh_tests-sysdb_ssh-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/sysdb_ssh-tests.c' object='src/tests/sysdb_ssh_tests-sysdb_ssh-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sysdb_ssh_tests_CFLAGS) $(CFLAGS) -c -o src/tests/sysdb_ssh_tests-sysdb_ssh-tests.o `test -f 'src/tests/sysdb_ssh-tests.c' || echo '$(srcdir)/'`src/tests/sysdb_ssh-tests.c src/tests/sysdb_ssh_tests-sysdb_ssh-tests.obj: src/tests/sysdb_ssh-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sysdb_ssh_tests_CFLAGS) $(CFLAGS) -MT src/tests/sysdb_ssh_tests-sysdb_ssh-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/sysdb_ssh_tests-sysdb_ssh-tests.Tpo -c -o src/tests/sysdb_ssh_tests-sysdb_ssh-tests.obj `if test -f 'src/tests/sysdb_ssh-tests.c'; then $(CYGPATH_W) 'src/tests/sysdb_ssh-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/sysdb_ssh-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/sysdb_ssh_tests-sysdb_ssh-tests.Tpo src/tests/$(DEPDIR)/sysdb_ssh_tests-sysdb_ssh-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/sysdb_ssh-tests.c' object='src/tests/sysdb_ssh_tests-sysdb_ssh-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sysdb_ssh_tests_CFLAGS) $(CFLAGS) -c -o src/tests/sysdb_ssh_tests-sysdb_ssh-tests.obj `if test -f 'src/tests/sysdb_ssh-tests.c'; then $(CYGPATH_W) 'src/tests/sysdb_ssh-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/sysdb_ssh-tests.c'; fi` src/tests/cmocka/test_find_uid-test_find_uid.o: src/tests/cmocka/test_find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/test_find_uid-test_find_uid.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/test_find_uid-test_find_uid.Tpo -c -o src/tests/cmocka/test_find_uid-test_find_uid.o `test -f 'src/tests/cmocka/test_find_uid.c' || echo '$(srcdir)/'`src/tests/cmocka/test_find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/test_find_uid-test_find_uid.Tpo src/tests/cmocka/$(DEPDIR)/test_find_uid-test_find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_find_uid.c' object='src/tests/cmocka/test_find_uid-test_find_uid.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/test_find_uid-test_find_uid.o `test -f 'src/tests/cmocka/test_find_uid.c' || echo '$(srcdir)/'`src/tests/cmocka/test_find_uid.c src/tests/cmocka/test_find_uid-test_find_uid.obj: src/tests/cmocka/test_find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/test_find_uid-test_find_uid.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/test_find_uid-test_find_uid.Tpo -c -o src/tests/cmocka/test_find_uid-test_find_uid.obj `if test -f 'src/tests/cmocka/test_find_uid.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_find_uid.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/test_find_uid-test_find_uid.Tpo src/tests/cmocka/$(DEPDIR)/test_find_uid-test_find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_find_uid.c' object='src/tests/cmocka/test_find_uid-test_find_uid.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/test_find_uid-test_find_uid.obj `if test -f 'src/tests/cmocka/test_find_uid.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_find_uid.c'; fi` src/util/test_find_uid-find_uid.o: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -MT src/util/test_find_uid-find_uid.o -MD -MP -MF src/util/$(DEPDIR)/test_find_uid-find_uid.Tpo -c -o src/util/test_find_uid-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_find_uid-find_uid.Tpo src/util/$(DEPDIR)/test_find_uid-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/test_find_uid-find_uid.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -c -o src/util/test_find_uid-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c src/util/test_find_uid-find_uid.obj: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -MT src/util/test_find_uid-find_uid.obj -MD -MP -MF src/util/$(DEPDIR)/test_find_uid-find_uid.Tpo -c -o src/util/test_find_uid-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_find_uid-find_uid.Tpo src/util/$(DEPDIR)/test_find_uid-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/test_find_uid-find_uid.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -c -o src/util/test_find_uid-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` src/util/test_find_uid-atomic_io.o: src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -MT src/util/test_find_uid-atomic_io.o -MD -MP -MF src/util/$(DEPDIR)/test_find_uid-atomic_io.Tpo -c -o src/util/test_find_uid-atomic_io.o `test -f 'src/util/atomic_io.c' || echo '$(srcdir)/'`src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_find_uid-atomic_io.Tpo src/util/$(DEPDIR)/test_find_uid-atomic_io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/atomic_io.c' object='src/util/test_find_uid-atomic_io.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -c -o src/util/test_find_uid-atomic_io.o `test -f 'src/util/atomic_io.c' || echo '$(srcdir)/'`src/util/atomic_io.c src/util/test_find_uid-atomic_io.obj: src/util/atomic_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -MT src/util/test_find_uid-atomic_io.obj -MD -MP -MF src/util/$(DEPDIR)/test_find_uid-atomic_io.Tpo -c -o src/util/test_find_uid-atomic_io.obj `if test -f 'src/util/atomic_io.c'; then $(CYGPATH_W) 'src/util/atomic_io.c'; else $(CYGPATH_W) '$(srcdir)/src/util/atomic_io.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_find_uid-atomic_io.Tpo src/util/$(DEPDIR)/test_find_uid-atomic_io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/atomic_io.c' object='src/util/test_find_uid-atomic_io.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -c -o src/util/test_find_uid-atomic_io.obj `if test -f 'src/util/atomic_io.c'; then $(CYGPATH_W) 'src/util/atomic_io.c'; else $(CYGPATH_W) '$(srcdir)/src/util/atomic_io.c'; fi` src/util/test_find_uid-strtonum.o: src/util/strtonum.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -MT src/util/test_find_uid-strtonum.o -MD -MP -MF src/util/$(DEPDIR)/test_find_uid-strtonum.Tpo -c -o src/util/test_find_uid-strtonum.o `test -f 'src/util/strtonum.c' || echo '$(srcdir)/'`src/util/strtonum.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_find_uid-strtonum.Tpo src/util/$(DEPDIR)/test_find_uid-strtonum.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/strtonum.c' object='src/util/test_find_uid-strtonum.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -c -o src/util/test_find_uid-strtonum.o `test -f 'src/util/strtonum.c' || echo '$(srcdir)/'`src/util/strtonum.c src/util/test_find_uid-strtonum.obj: src/util/strtonum.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -MT src/util/test_find_uid-strtonum.obj -MD -MP -MF src/util/$(DEPDIR)/test_find_uid-strtonum.Tpo -c -o src/util/test_find_uid-strtonum.obj `if test -f 'src/util/strtonum.c'; then $(CYGPATH_W) 'src/util/strtonum.c'; else $(CYGPATH_W) '$(srcdir)/src/util/strtonum.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_find_uid-strtonum.Tpo src/util/$(DEPDIR)/test_find_uid-strtonum.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/strtonum.c' object='src/util/test_find_uid-strtonum.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_find_uid_CFLAGS) $(CFLAGS) -c -o src/util/test_find_uid-strtonum.obj `if test -f 'src/util/strtonum.c'; then $(CYGPATH_W) 'src/util/strtonum.c'; else $(CYGPATH_W) '$(srcdir)/src/util/strtonum.c'; fi` src/tests/cmocka/test_io-test_io.o: src/tests/cmocka/test_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_io_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/test_io-test_io.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/test_io-test_io.Tpo -c -o src/tests/cmocka/test_io-test_io.o `test -f 'src/tests/cmocka/test_io.c' || echo '$(srcdir)/'`src/tests/cmocka/test_io.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/test_io-test_io.Tpo src/tests/cmocka/$(DEPDIR)/test_io-test_io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_io.c' object='src/tests/cmocka/test_io-test_io.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_io_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/test_io-test_io.o `test -f 'src/tests/cmocka/test_io.c' || echo '$(srcdir)/'`src/tests/cmocka/test_io.c src/tests/cmocka/test_io-test_io.obj: src/tests/cmocka/test_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_io_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/test_io-test_io.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/test_io-test_io.Tpo -c -o src/tests/cmocka/test_io-test_io.obj `if test -f 'src/tests/cmocka/test_io.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_io.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_io.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/test_io-test_io.Tpo src/tests/cmocka/$(DEPDIR)/test_io-test_io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_io.c' object='src/tests/cmocka/test_io-test_io.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_io_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/test_io-test_io.obj `if test -f 'src/tests/cmocka/test_io.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_io.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_io.c'; fi` src/util/test_io-io.o: src/util/io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_io_CFLAGS) $(CFLAGS) -MT src/util/test_io-io.o -MD -MP -MF src/util/$(DEPDIR)/test_io-io.Tpo -c -o src/util/test_io-io.o `test -f 'src/util/io.c' || echo '$(srcdir)/'`src/util/io.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_io-io.Tpo src/util/$(DEPDIR)/test_io-io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/io.c' object='src/util/test_io-io.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_io_CFLAGS) $(CFLAGS) -c -o src/util/test_io-io.o `test -f 'src/util/io.c' || echo '$(srcdir)/'`src/util/io.c src/util/test_io-io.obj: src/util/io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_io_CFLAGS) $(CFLAGS) -MT src/util/test_io-io.obj -MD -MP -MF src/util/$(DEPDIR)/test_io-io.Tpo -c -o src/util/test_io-io.obj `if test -f 'src/util/io.c'; then $(CYGPATH_W) 'src/util/io.c'; else $(CYGPATH_W) '$(srcdir)/src/util/io.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_io-io.Tpo src/util/$(DEPDIR)/test_io-io.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/io.c' object='src/util/test_io-io.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_io_CFLAGS) $(CFLAGS) -c -o src/util/test_io-io.obj `if test -f 'src/util/io.c'; then $(CYGPATH_W) 'src/util/io.c'; else $(CYGPATH_W) '$(srcdir)/src/util/io.c'; fi` src/tests/test_io-common.o: src/tests/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_io_CFLAGS) $(CFLAGS) -MT src/tests/test_io-common.o -MD -MP -MF src/tests/$(DEPDIR)/test_io-common.Tpo -c -o src/tests/test_io-common.o `test -f 'src/tests/common.c' || echo '$(srcdir)/'`src/tests/common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/test_io-common.Tpo src/tests/$(DEPDIR)/test_io-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/common.c' object='src/tests/test_io-common.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_io_CFLAGS) $(CFLAGS) -c -o src/tests/test_io-common.o `test -f 'src/tests/common.c' || echo '$(srcdir)/'`src/tests/common.c src/tests/test_io-common.obj: src/tests/common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_io_CFLAGS) $(CFLAGS) -MT src/tests/test_io-common.obj -MD -MP -MF src/tests/$(DEPDIR)/test_io-common.Tpo -c -o src/tests/test_io-common.obj `if test -f 'src/tests/common.c'; then $(CYGPATH_W) 'src/tests/common.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/common.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/test_io-common.Tpo src/tests/$(DEPDIR)/test_io-common.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/common.c' object='src/tests/test_io-common.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_io_CFLAGS) $(CFLAGS) -c -o src/tests/test_io-common.obj `if test -f 'src/tests/common.c'; then $(CYGPATH_W) 'src/tests/common.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/common.c'; fi` src/tests/cmocka/test_ipa_idmap-test_ipa_idmap.o: src/tests/cmocka/test_ipa_idmap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_ipa_idmap_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/test_ipa_idmap-test_ipa_idmap.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/test_ipa_idmap-test_ipa_idmap.Tpo -c -o src/tests/cmocka/test_ipa_idmap-test_ipa_idmap.o `test -f 'src/tests/cmocka/test_ipa_idmap.c' || echo '$(srcdir)/'`src/tests/cmocka/test_ipa_idmap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/test_ipa_idmap-test_ipa_idmap.Tpo src/tests/cmocka/$(DEPDIR)/test_ipa_idmap-test_ipa_idmap.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_ipa_idmap.c' object='src/tests/cmocka/test_ipa_idmap-test_ipa_idmap.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_ipa_idmap_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/test_ipa_idmap-test_ipa_idmap.o `test -f 'src/tests/cmocka/test_ipa_idmap.c' || echo '$(srcdir)/'`src/tests/cmocka/test_ipa_idmap.c src/tests/cmocka/test_ipa_idmap-test_ipa_idmap.obj: src/tests/cmocka/test_ipa_idmap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_ipa_idmap_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/test_ipa_idmap-test_ipa_idmap.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/test_ipa_idmap-test_ipa_idmap.Tpo -c -o src/tests/cmocka/test_ipa_idmap-test_ipa_idmap.obj `if test -f 'src/tests/cmocka/test_ipa_idmap.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_ipa_idmap.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_ipa_idmap.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/test_ipa_idmap-test_ipa_idmap.Tpo src/tests/cmocka/$(DEPDIR)/test_ipa_idmap-test_ipa_idmap.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_ipa_idmap.c' object='src/tests/cmocka/test_ipa_idmap-test_ipa_idmap.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_ipa_idmap_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/test_ipa_idmap-test_ipa_idmap.obj `if test -f 'src/tests/cmocka/test_ipa_idmap.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_ipa_idmap.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_ipa_idmap.c'; fi` src/providers/ipa/test_ipa_idmap-ipa_idmap.o: src/providers/ipa/ipa_idmap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_ipa_idmap_CFLAGS) $(CFLAGS) -MT src/providers/ipa/test_ipa_idmap-ipa_idmap.o -MD -MP -MF src/providers/ipa/$(DEPDIR)/test_ipa_idmap-ipa_idmap.Tpo -c -o src/providers/ipa/test_ipa_idmap-ipa_idmap.o `test -f 'src/providers/ipa/ipa_idmap.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_idmap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/test_ipa_idmap-ipa_idmap.Tpo src/providers/ipa/$(DEPDIR)/test_ipa_idmap-ipa_idmap.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_idmap.c' object='src/providers/ipa/test_ipa_idmap-ipa_idmap.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_ipa_idmap_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/test_ipa_idmap-ipa_idmap.o `test -f 'src/providers/ipa/ipa_idmap.c' || echo '$(srcdir)/'`src/providers/ipa/ipa_idmap.c src/providers/ipa/test_ipa_idmap-ipa_idmap.obj: src/providers/ipa/ipa_idmap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_ipa_idmap_CFLAGS) $(CFLAGS) -MT src/providers/ipa/test_ipa_idmap-ipa_idmap.obj -MD -MP -MF src/providers/ipa/$(DEPDIR)/test_ipa_idmap-ipa_idmap.Tpo -c -o src/providers/ipa/test_ipa_idmap-ipa_idmap.obj `if test -f 'src/providers/ipa/ipa_idmap.c'; then $(CYGPATH_W) 'src/providers/ipa/ipa_idmap.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/ipa/ipa_idmap.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/ipa/$(DEPDIR)/test_ipa_idmap-ipa_idmap.Tpo src/providers/ipa/$(DEPDIR)/test_ipa_idmap-ipa_idmap.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/ipa/ipa_idmap.c' object='src/providers/ipa/test_ipa_idmap-ipa_idmap.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_ipa_idmap_CFLAGS) $(CFLAGS) -c -o src/providers/ipa/test_ipa_idmap-ipa_idmap.obj `if test -f 'src/providers/ipa/ipa_idmap.c'; then $(CYGPATH_W) 'src/providers/ipa/ipa_idmap.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/ipa/ipa_idmap.c'; fi` src/providers/test_search_bases-data_provider_be.o: src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-data_provider_be.o -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-data_provider_be.Tpo -c -o src/providers/test_search_bases-data_provider_be.o `test -f 'src/providers/data_provider_be.c' || echo '$(srcdir)/'`src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-data_provider_be.Tpo src/providers/$(DEPDIR)/test_search_bases-data_provider_be.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_be.c' object='src/providers/test_search_bases-data_provider_be.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-data_provider_be.o `test -f 'src/providers/data_provider_be.c' || echo '$(srcdir)/'`src/providers/data_provider_be.c src/providers/test_search_bases-data_provider_be.obj: src/providers/data_provider_be.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-data_provider_be.obj -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-data_provider_be.Tpo -c -o src/providers/test_search_bases-data_provider_be.obj `if test -f 'src/providers/data_provider_be.c'; then $(CYGPATH_W) 'src/providers/data_provider_be.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_be.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-data_provider_be.Tpo src/providers/$(DEPDIR)/test_search_bases-data_provider_be.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_be.c' object='src/providers/test_search_bases-data_provider_be.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-data_provider_be.obj `if test -f 'src/providers/data_provider_be.c'; then $(CYGPATH_W) 'src/providers/data_provider_be.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_be.c'; fi` src/providers/test_search_bases-data_provider_fo.o: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-data_provider_fo.o -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-data_provider_fo.Tpo -c -o src/providers/test_search_bases-data_provider_fo.o `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-data_provider_fo.Tpo src/providers/$(DEPDIR)/test_search_bases-data_provider_fo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/test_search_bases-data_provider_fo.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-data_provider_fo.o `test -f 'src/providers/data_provider_fo.c' || echo '$(srcdir)/'`src/providers/data_provider_fo.c src/providers/test_search_bases-data_provider_fo.obj: src/providers/data_provider_fo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-data_provider_fo.obj -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-data_provider_fo.Tpo -c -o src/providers/test_search_bases-data_provider_fo.obj `if test -f 'src/providers/data_provider_fo.c'; then $(CYGPATH_W) 'src/providers/data_provider_fo.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_fo.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-data_provider_fo.Tpo src/providers/$(DEPDIR)/test_search_bases-data_provider_fo.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_fo.c' object='src/providers/test_search_bases-data_provider_fo.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-data_provider_fo.obj `if test -f 'src/providers/data_provider_fo.c'; then $(CYGPATH_W) 'src/providers/data_provider_fo.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_fo.c'; fi` src/providers/test_search_bases-data_provider_opts.o: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-data_provider_opts.o -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-data_provider_opts.Tpo -c -o src/providers/test_search_bases-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-data_provider_opts.Tpo src/providers/$(DEPDIR)/test_search_bases-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/test_search_bases-data_provider_opts.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-data_provider_opts.o `test -f 'src/providers/data_provider_opts.c' || echo '$(srcdir)/'`src/providers/data_provider_opts.c src/providers/test_search_bases-data_provider_opts.obj: src/providers/data_provider_opts.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-data_provider_opts.obj -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-data_provider_opts.Tpo -c -o src/providers/test_search_bases-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-data_provider_opts.Tpo src/providers/$(DEPDIR)/test_search_bases-data_provider_opts.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_opts.c' object='src/providers/test_search_bases-data_provider_opts.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-data_provider_opts.obj `if test -f 'src/providers/data_provider_opts.c'; then $(CYGPATH_W) 'src/providers/data_provider_opts.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_opts.c'; fi` src/providers/test_search_bases-data_provider_callbacks.o: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-data_provider_callbacks.o -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-data_provider_callbacks.Tpo -c -o src/providers/test_search_bases-data_provider_callbacks.o `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/test_search_bases-data_provider_callbacks.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/test_search_bases-data_provider_callbacks.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-data_provider_callbacks.o `test -f 'src/providers/data_provider_callbacks.c' || echo '$(srcdir)/'`src/providers/data_provider_callbacks.c src/providers/test_search_bases-data_provider_callbacks.obj: src/providers/data_provider_callbacks.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-data_provider_callbacks.obj -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-data_provider_callbacks.Tpo -c -o src/providers/test_search_bases-data_provider_callbacks.obj `if test -f 'src/providers/data_provider_callbacks.c'; then $(CYGPATH_W) 'src/providers/data_provider_callbacks.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_callbacks.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-data_provider_callbacks.Tpo src/providers/$(DEPDIR)/test_search_bases-data_provider_callbacks.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/data_provider_callbacks.c' object='src/providers/test_search_bases-data_provider_callbacks.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-data_provider_callbacks.obj `if test -f 'src/providers/data_provider_callbacks.c'; then $(CYGPATH_W) 'src/providers/data_provider_callbacks.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/data_provider_callbacks.c'; fi` src/providers/test_search_bases-dp_dyndns.o: src/providers/dp_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-dp_dyndns.o -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-dp_dyndns.Tpo -c -o src/providers/test_search_bases-dp_dyndns.o `test -f 'src/providers/dp_dyndns.c' || echo '$(srcdir)/'`src/providers/dp_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-dp_dyndns.Tpo src/providers/$(DEPDIR)/test_search_bases-dp_dyndns.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_dyndns.c' object='src/providers/test_search_bases-dp_dyndns.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-dp_dyndns.o `test -f 'src/providers/dp_dyndns.c' || echo '$(srcdir)/'`src/providers/dp_dyndns.c src/providers/test_search_bases-dp_dyndns.obj: src/providers/dp_dyndns.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-dp_dyndns.obj -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-dp_dyndns.Tpo -c -o src/providers/test_search_bases-dp_dyndns.obj `if test -f 'src/providers/dp_dyndns.c'; then $(CYGPATH_W) 'src/providers/dp_dyndns.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_dyndns.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-dp_dyndns.Tpo src/providers/$(DEPDIR)/test_search_bases-dp_dyndns.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_dyndns.c' object='src/providers/test_search_bases-dp_dyndns.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-dp_dyndns.obj `if test -f 'src/providers/dp_dyndns.c'; then $(CYGPATH_W) 'src/providers/dp_dyndns.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_dyndns.c'; fi` src/providers/test_search_bases-dp_ptask.o: src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-dp_ptask.o -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-dp_ptask.Tpo -c -o src/providers/test_search_bases-dp_ptask.o `test -f 'src/providers/dp_ptask.c' || echo '$(srcdir)/'`src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-dp_ptask.Tpo src/providers/$(DEPDIR)/test_search_bases-dp_ptask.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_ptask.c' object='src/providers/test_search_bases-dp_ptask.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-dp_ptask.o `test -f 'src/providers/dp_ptask.c' || echo '$(srcdir)/'`src/providers/dp_ptask.c src/providers/test_search_bases-dp_ptask.obj: src/providers/dp_ptask.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-dp_ptask.obj -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-dp_ptask.Tpo -c -o src/providers/test_search_bases-dp_ptask.obj `if test -f 'src/providers/dp_ptask.c'; then $(CYGPATH_W) 'src/providers/dp_ptask.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_ptask.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-dp_ptask.Tpo src/providers/$(DEPDIR)/test_search_bases-dp_ptask.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_ptask.c' object='src/providers/test_search_bases-dp_ptask.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-dp_ptask.obj `if test -f 'src/providers/dp_ptask.c'; then $(CYGPATH_W) 'src/providers/dp_ptask.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_ptask.c'; fi` src/providers/test_search_bases-dp_refresh.o: src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-dp_refresh.o -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-dp_refresh.Tpo -c -o src/providers/test_search_bases-dp_refresh.o `test -f 'src/providers/dp_refresh.c' || echo '$(srcdir)/'`src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-dp_refresh.Tpo src/providers/$(DEPDIR)/test_search_bases-dp_refresh.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_refresh.c' object='src/providers/test_search_bases-dp_refresh.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-dp_refresh.o `test -f 'src/providers/dp_refresh.c' || echo '$(srcdir)/'`src/providers/dp_refresh.c src/providers/test_search_bases-dp_refresh.obj: src/providers/dp_refresh.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-dp_refresh.obj -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-dp_refresh.Tpo -c -o src/providers/test_search_bases-dp_refresh.obj `if test -f 'src/providers/dp_refresh.c'; then $(CYGPATH_W) 'src/providers/dp_refresh.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_refresh.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-dp_refresh.Tpo src/providers/$(DEPDIR)/test_search_bases-dp_refresh.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/dp_refresh.c' object='src/providers/test_search_bases-dp_refresh.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-dp_refresh.obj `if test -f 'src/providers/dp_refresh.c'; then $(CYGPATH_W) 'src/providers/dp_refresh.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/dp_refresh.c'; fi` src/providers/test_search_bases-fail_over.o: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-fail_over.o -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-fail_over.Tpo -c -o src/providers/test_search_bases-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-fail_over.Tpo src/providers/$(DEPDIR)/test_search_bases-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/test_search_bases-fail_over.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-fail_over.o `test -f 'src/providers/fail_over.c' || echo '$(srcdir)/'`src/providers/fail_over.c src/providers/test_search_bases-fail_over.obj: src/providers/fail_over.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-fail_over.obj -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-fail_over.Tpo -c -o src/providers/test_search_bases-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-fail_over.Tpo src/providers/$(DEPDIR)/test_search_bases-fail_over.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over.c' object='src/providers/test_search_bases-fail_over.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-fail_over.obj `if test -f 'src/providers/fail_over.c'; then $(CYGPATH_W) 'src/providers/fail_over.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over.c'; fi` src/providers/test_search_bases-fail_over_srv.o: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-fail_over_srv.o -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-fail_over_srv.Tpo -c -o src/providers/test_search_bases-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-fail_over_srv.Tpo src/providers/$(DEPDIR)/test_search_bases-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/test_search_bases-fail_over_srv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-fail_over_srv.o `test -f 'src/providers/fail_over_srv.c' || echo '$(srcdir)/'`src/providers/fail_over_srv.c src/providers/test_search_bases-fail_over_srv.obj: src/providers/fail_over_srv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/providers/test_search_bases-fail_over_srv.obj -MD -MP -MF src/providers/$(DEPDIR)/test_search_bases-fail_over_srv.Tpo -c -o src/providers/test_search_bases-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/providers/$(DEPDIR)/test_search_bases-fail_over_srv.Tpo src/providers/$(DEPDIR)/test_search_bases-fail_over_srv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/providers/fail_over_srv.c' object='src/providers/test_search_bases-fail_over_srv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/providers/test_search_bases-fail_over_srv.obj `if test -f 'src/providers/fail_over_srv.c'; then $(CYGPATH_W) 'src/providers/fail_over_srv.c'; else $(CYGPATH_W) '$(srcdir)/src/providers/fail_over_srv.c'; fi` src/resolv/test_search_bases-async_resolv.o: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/resolv/test_search_bases-async_resolv.o -MD -MP -MF src/resolv/$(DEPDIR)/test_search_bases-async_resolv.Tpo -c -o src/resolv/test_search_bases-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/test_search_bases-async_resolv.Tpo src/resolv/$(DEPDIR)/test_search_bases-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/test_search_bases-async_resolv.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/resolv/test_search_bases-async_resolv.o `test -f 'src/resolv/async_resolv.c' || echo '$(srcdir)/'`src/resolv/async_resolv.c src/resolv/test_search_bases-async_resolv.obj: src/resolv/async_resolv.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/resolv/test_search_bases-async_resolv.obj -MD -MP -MF src/resolv/$(DEPDIR)/test_search_bases-async_resolv.Tpo -c -o src/resolv/test_search_bases-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/test_search_bases-async_resolv.Tpo src/resolv/$(DEPDIR)/test_search_bases-async_resolv.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv.c' object='src/resolv/test_search_bases-async_resolv.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/resolv/test_search_bases-async_resolv.obj `if test -f 'src/resolv/async_resolv.c'; then $(CYGPATH_W) 'src/resolv/async_resolv.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv.c'; fi` src/resolv/test_search_bases-async_resolv_utils.o: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/resolv/test_search_bases-async_resolv_utils.o -MD -MP -MF src/resolv/$(DEPDIR)/test_search_bases-async_resolv_utils.Tpo -c -o src/resolv/test_search_bases-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/test_search_bases-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/test_search_bases-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/test_search_bases-async_resolv_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/resolv/test_search_bases-async_resolv_utils.o `test -f 'src/resolv/async_resolv_utils.c' || echo '$(srcdir)/'`src/resolv/async_resolv_utils.c src/resolv/test_search_bases-async_resolv_utils.obj: src/resolv/async_resolv_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/resolv/test_search_bases-async_resolv_utils.obj -MD -MP -MF src/resolv/$(DEPDIR)/test_search_bases-async_resolv_utils.Tpo -c -o src/resolv/test_search_bases-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/$(DEPDIR)/test_search_bases-async_resolv_utils.Tpo src/resolv/$(DEPDIR)/test_search_bases-async_resolv_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/async_resolv_utils.c' object='src/resolv/test_search_bases-async_resolv_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/resolv/test_search_bases-async_resolv_utils.obj `if test -f 'src/resolv/async_resolv_utils.c'; then $(CYGPATH_W) 'src/resolv/async_resolv_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/async_resolv_utils.c'; fi` src/resolv/ares/test_search_bases-ares_parse_srv_reply.o: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/resolv/ares/test_search_bases-ares_parse_srv_reply.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/test_search_bases-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/test_search_bases-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/test_search_bases-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/test_search_bases-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/test_search_bases-ares_parse_srv_reply.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/test_search_bases-ares_parse_srv_reply.o `test -f 'src/resolv/ares/ares_parse_srv_reply.c' || echo '$(srcdir)/'`src/resolv/ares/ares_parse_srv_reply.c src/resolv/ares/test_search_bases-ares_parse_srv_reply.obj: src/resolv/ares/ares_parse_srv_reply.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/resolv/ares/test_search_bases-ares_parse_srv_reply.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/test_search_bases-ares_parse_srv_reply.Tpo -c -o src/resolv/ares/test_search_bases-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/test_search_bases-ares_parse_srv_reply.Tpo src/resolv/ares/$(DEPDIR)/test_search_bases-ares_parse_srv_reply.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_parse_srv_reply.c' object='src/resolv/ares/test_search_bases-ares_parse_srv_reply.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/test_search_bases-ares_parse_srv_reply.obj `if test -f 'src/resolv/ares/ares_parse_srv_reply.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_parse_srv_reply.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_parse_srv_reply.c'; fi` src/resolv/ares/test_search_bases-ares_data.o: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/resolv/ares/test_search_bases-ares_data.o -MD -MP -MF src/resolv/ares/$(DEPDIR)/test_search_bases-ares_data.Tpo -c -o src/resolv/ares/test_search_bases-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/test_search_bases-ares_data.Tpo src/resolv/ares/$(DEPDIR)/test_search_bases-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/test_search_bases-ares_data.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/test_search_bases-ares_data.o `test -f 'src/resolv/ares/ares_data.c' || echo '$(srcdir)/'`src/resolv/ares/ares_data.c src/resolv/ares/test_search_bases-ares_data.obj: src/resolv/ares/ares_data.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/resolv/ares/test_search_bases-ares_data.obj -MD -MP -MF src/resolv/ares/$(DEPDIR)/test_search_bases-ares_data.Tpo -c -o src/resolv/ares/test_search_bases-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/resolv/ares/$(DEPDIR)/test_search_bases-ares_data.Tpo src/resolv/ares/$(DEPDIR)/test_search_bases-ares_data.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/resolv/ares/ares_data.c' object='src/resolv/ares/test_search_bases-ares_data.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/resolv/ares/test_search_bases-ares_data.obj `if test -f 'src/resolv/ares/ares_data.c'; then $(CYGPATH_W) 'src/resolv/ares/ares_data.c'; else $(CYGPATH_W) '$(srcdir)/src/resolv/ares/ares_data.c'; fi` src/util/test_search_bases-sss_ldap.o: src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/util/test_search_bases-sss_ldap.o -MD -MP -MF src/util/$(DEPDIR)/test_search_bases-sss_ldap.Tpo -c -o src/util/test_search_bases-sss_ldap.o `test -f 'src/util/sss_ldap.c' || echo '$(srcdir)/'`src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_search_bases-sss_ldap.Tpo src/util/$(DEPDIR)/test_search_bases-sss_ldap.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_ldap.c' object='src/util/test_search_bases-sss_ldap.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/util/test_search_bases-sss_ldap.o `test -f 'src/util/sss_ldap.c' || echo '$(srcdir)/'`src/util/sss_ldap.c src/util/test_search_bases-sss_ldap.obj: src/util/sss_ldap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/util/test_search_bases-sss_ldap.obj -MD -MP -MF src/util/$(DEPDIR)/test_search_bases-sss_ldap.Tpo -c -o src/util/test_search_bases-sss_ldap.obj `if test -f 'src/util/sss_ldap.c'; then $(CYGPATH_W) 'src/util/sss_ldap.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_ldap.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_search_bases-sss_ldap.Tpo src/util/$(DEPDIR)/test_search_bases-sss_ldap.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_ldap.c' object='src/util/test_search_bases-sss_ldap.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/util/test_search_bases-sss_ldap.obj `if test -f 'src/util/sss_ldap.c'; then $(CYGPATH_W) 'src/util/sss_ldap.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_ldap.c'; fi` src/util/test_search_bases-sss_krb5.o: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/util/test_search_bases-sss_krb5.o -MD -MP -MF src/util/$(DEPDIR)/test_search_bases-sss_krb5.Tpo -c -o src/util/test_search_bases-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_search_bases-sss_krb5.Tpo src/util/$(DEPDIR)/test_search_bases-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/test_search_bases-sss_krb5.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/util/test_search_bases-sss_krb5.o `test -f 'src/util/sss_krb5.c' || echo '$(srcdir)/'`src/util/sss_krb5.c src/util/test_search_bases-sss_krb5.obj: src/util/sss_krb5.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/util/test_search_bases-sss_krb5.obj -MD -MP -MF src/util/$(DEPDIR)/test_search_bases-sss_krb5.Tpo -c -o src/util/test_search_bases-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_search_bases-sss_krb5.Tpo src/util/$(DEPDIR)/test_search_bases-sss_krb5.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/sss_krb5.c' object='src/util/test_search_bases-sss_krb5.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/util/test_search_bases-sss_krb5.obj `if test -f 'src/util/sss_krb5.c'; then $(CYGPATH_W) 'src/util/sss_krb5.c'; else $(CYGPATH_W) '$(srcdir)/src/util/sss_krb5.c'; fi` src/util/test_search_bases-find_uid.o: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/util/test_search_bases-find_uid.o -MD -MP -MF src/util/$(DEPDIR)/test_search_bases-find_uid.Tpo -c -o src/util/test_search_bases-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_search_bases-find_uid.Tpo src/util/$(DEPDIR)/test_search_bases-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/test_search_bases-find_uid.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/util/test_search_bases-find_uid.o `test -f 'src/util/find_uid.c' || echo '$(srcdir)/'`src/util/find_uid.c src/util/test_search_bases-find_uid.obj: src/util/find_uid.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/util/test_search_bases-find_uid.obj -MD -MP -MF src/util/$(DEPDIR)/test_search_bases-find_uid.Tpo -c -o src/util/test_search_bases-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_search_bases-find_uid.Tpo src/util/$(DEPDIR)/test_search_bases-find_uid.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/find_uid.c' object='src/util/test_search_bases-find_uid.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/util/test_search_bases-find_uid.obj `if test -f 'src/util/find_uid.c'; then $(CYGPATH_W) 'src/util/find_uid.c'; else $(CYGPATH_W) '$(srcdir)/src/util/find_uid.c'; fi` src/util/test_search_bases-user_info_msg.o: src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/util/test_search_bases-user_info_msg.o -MD -MP -MF src/util/$(DEPDIR)/test_search_bases-user_info_msg.Tpo -c -o src/util/test_search_bases-user_info_msg.o `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_search_bases-user_info_msg.Tpo src/util/$(DEPDIR)/test_search_bases-user_info_msg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/user_info_msg.c' object='src/util/test_search_bases-user_info_msg.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/util/test_search_bases-user_info_msg.o `test -f 'src/util/user_info_msg.c' || echo '$(srcdir)/'`src/util/user_info_msg.c src/util/test_search_bases-user_info_msg.obj: src/util/user_info_msg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/util/test_search_bases-user_info_msg.obj -MD -MP -MF src/util/$(DEPDIR)/test_search_bases-user_info_msg.Tpo -c -o src/util/test_search_bases-user_info_msg.obj `if test -f 'src/util/user_info_msg.c'; then $(CYGPATH_W) 'src/util/user_info_msg.c'; else $(CYGPATH_W) '$(srcdir)/src/util/user_info_msg.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/util/$(DEPDIR)/test_search_bases-user_info_msg.Tpo src/util/$(DEPDIR)/test_search_bases-user_info_msg.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/util/user_info_msg.c' object='src/util/test_search_bases-user_info_msg.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/util/test_search_bases-user_info_msg.obj `if test -f 'src/util/user_info_msg.c'; then $(CYGPATH_W) 'src/util/user_info_msg.c'; else $(CYGPATH_W) '$(srcdir)/src/util/user_info_msg.c'; fi` src/tests/cmocka/test_search_bases-test_search_bases.o: src/tests/cmocka/test_search_bases.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/test_search_bases-test_search_bases.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/test_search_bases-test_search_bases.Tpo -c -o src/tests/cmocka/test_search_bases-test_search_bases.o `test -f 'src/tests/cmocka/test_search_bases.c' || echo '$(srcdir)/'`src/tests/cmocka/test_search_bases.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/test_search_bases-test_search_bases.Tpo src/tests/cmocka/$(DEPDIR)/test_search_bases-test_search_bases.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_search_bases.c' object='src/tests/cmocka/test_search_bases-test_search_bases.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/test_search_bases-test_search_bases.o `test -f 'src/tests/cmocka/test_search_bases.c' || echo '$(srcdir)/'`src/tests/cmocka/test_search_bases.c src/tests/cmocka/test_search_bases-test_search_bases.obj: src/tests/cmocka/test_search_bases.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/test_search_bases-test_search_bases.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/test_search_bases-test_search_bases.Tpo -c -o src/tests/cmocka/test_search_bases-test_search_bases.obj `if test -f 'src/tests/cmocka/test_search_bases.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_search_bases.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_search_bases.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/test_search_bases-test_search_bases.Tpo src/tests/cmocka/$(DEPDIR)/test_search_bases-test_search_bases.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_search_bases.c' object='src/tests/cmocka/test_search_bases-test_search_bases.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_search_bases_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/test_search_bases-test_search_bases.obj `if test -f 'src/tests/cmocka/test_search_bases.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_search_bases.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_search_bases.c'; fi` src/tests/cmocka/test_sss_idmap-test_sss_idmap.o: src/tests/cmocka/test_sss_idmap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sss_idmap_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/test_sss_idmap-test_sss_idmap.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/test_sss_idmap-test_sss_idmap.Tpo -c -o src/tests/cmocka/test_sss_idmap-test_sss_idmap.o `test -f 'src/tests/cmocka/test_sss_idmap.c' || echo '$(srcdir)/'`src/tests/cmocka/test_sss_idmap.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/test_sss_idmap-test_sss_idmap.Tpo src/tests/cmocka/$(DEPDIR)/test_sss_idmap-test_sss_idmap.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_sss_idmap.c' object='src/tests/cmocka/test_sss_idmap-test_sss_idmap.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sss_idmap_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/test_sss_idmap-test_sss_idmap.o `test -f 'src/tests/cmocka/test_sss_idmap.c' || echo '$(srcdir)/'`src/tests/cmocka/test_sss_idmap.c src/tests/cmocka/test_sss_idmap-test_sss_idmap.obj: src/tests/cmocka/test_sss_idmap.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sss_idmap_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/test_sss_idmap-test_sss_idmap.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/test_sss_idmap-test_sss_idmap.Tpo -c -o src/tests/cmocka/test_sss_idmap-test_sss_idmap.obj `if test -f 'src/tests/cmocka/test_sss_idmap.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_sss_idmap.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_sss_idmap.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/test_sss_idmap-test_sss_idmap.Tpo src/tests/cmocka/$(DEPDIR)/test_sss_idmap-test_sss_idmap.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_sss_idmap.c' object='src/tests/cmocka/test_sss_idmap-test_sss_idmap.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_sss_idmap_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/test_sss_idmap-test_sss_idmap.obj `if test -f 'src/tests/cmocka/test_sss_idmap.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_sss_idmap.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_sss_idmap.c'; fi` src/tests/cmocka/test_utils-test_utils.o: src/tests/cmocka/test_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_utils_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/test_utils-test_utils.o -MD -MP -MF src/tests/cmocka/$(DEPDIR)/test_utils-test_utils.Tpo -c -o src/tests/cmocka/test_utils-test_utils.o `test -f 'src/tests/cmocka/test_utils.c' || echo '$(srcdir)/'`src/tests/cmocka/test_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/test_utils-test_utils.Tpo src/tests/cmocka/$(DEPDIR)/test_utils-test_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_utils.c' object='src/tests/cmocka/test_utils-test_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_utils_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/test_utils-test_utils.o `test -f 'src/tests/cmocka/test_utils.c' || echo '$(srcdir)/'`src/tests/cmocka/test_utils.c src/tests/cmocka/test_utils-test_utils.obj: src/tests/cmocka/test_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_utils_CFLAGS) $(CFLAGS) -MT src/tests/cmocka/test_utils-test_utils.obj -MD -MP -MF src/tests/cmocka/$(DEPDIR)/test_utils-test_utils.Tpo -c -o src/tests/cmocka/test_utils-test_utils.obj `if test -f 'src/tests/cmocka/test_utils.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_utils.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/cmocka/$(DEPDIR)/test_utils-test_utils.Tpo src/tests/cmocka/$(DEPDIR)/test_utils-test_utils.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/cmocka/test_utils.c' object='src/tests/cmocka/test_utils-test_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_utils_CFLAGS) $(CFLAGS) -c -o src/tests/cmocka/test_utils-test_utils.obj `if test -f 'src/tests/cmocka/test_utils.c'; then $(CYGPATH_W) 'src/tests/cmocka/test_utils.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/cmocka/test_utils.c'; fi` src/tests/util_tests-util-tests.o: src/tests/util-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(util_tests_CFLAGS) $(CFLAGS) -MT src/tests/util_tests-util-tests.o -MD -MP -MF src/tests/$(DEPDIR)/util_tests-util-tests.Tpo -c -o src/tests/util_tests-util-tests.o `test -f 'src/tests/util-tests.c' || echo '$(srcdir)/'`src/tests/util-tests.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/util_tests-util-tests.Tpo src/tests/$(DEPDIR)/util_tests-util-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/util-tests.c' object='src/tests/util_tests-util-tests.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(util_tests_CFLAGS) $(CFLAGS) -c -o src/tests/util_tests-util-tests.o `test -f 'src/tests/util-tests.c' || echo '$(srcdir)/'`src/tests/util-tests.c src/tests/util_tests-util-tests.obj: src/tests/util-tests.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(util_tests_CFLAGS) $(CFLAGS) -MT src/tests/util_tests-util-tests.obj -MD -MP -MF src/tests/$(DEPDIR)/util_tests-util-tests.Tpo -c -o src/tests/util_tests-util-tests.obj `if test -f 'src/tests/util-tests.c'; then $(CYGPATH_W) 'src/tests/util-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/util-tests.c'; fi` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) src/tests/$(DEPDIR)/util_tests-util-tests.Tpo src/tests/$(DEPDIR)/util_tests-util-tests.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='src/tests/util-tests.c' object='src/tests/util_tests-util-tests.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(util_tests_CFLAGS) $(CFLAGS) -c -o src/tests/util_tests-util-tests.obj `if test -f 'src/tests/util-tests.c'; then $(CYGPATH_W) 'src/tests/util-tests.c'; else $(CYGPATH_W) '$(srcdir)/src/tests/util-tests.c'; fi` mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -rm -rf src/confdb/.libs src/confdb/_libs -rm -rf src/db/.libs src/db/_libs -rm -rf src/krb5_plugin/.libs src/krb5_plugin/_libs -rm -rf src/ldb_modules/.libs src/ldb_modules/_libs -rm -rf src/lib/idmap/.libs src/lib/idmap/_libs -rm -rf src/monitor/.libs src/monitor/_libs -rm -rf src/providers/.libs src/providers/_libs -rm -rf src/providers/ad/.libs src/providers/ad/_libs -rm -rf src/providers/ipa/.libs src/providers/ipa/_libs -rm -rf src/providers/krb5/.libs src/providers/krb5/_libs -rm -rf src/providers/ldap/.libs src/providers/ldap/_libs -rm -rf src/providers/proxy/.libs src/providers/proxy/_libs -rm -rf src/providers/simple/.libs src/providers/simple/_libs -rm -rf src/python/.libs src/python/_libs -rm -rf src/resolv/.libs src/resolv/_libs -rm -rf src/resolv/ares/.libs src/resolv/ares/_libs -rm -rf src/sbus/.libs src/sbus/_libs -rm -rf src/sss_client/.libs src/sss_client/_libs -rm -rf src/sss_client/autofs/.libs src/sss_client/autofs/_libs -rm -rf src/sss_client/idmap/.libs src/sss_client/idmap/_libs -rm -rf src/sss_client/sudo/.libs src/sss_client/sudo/_libs -rm -rf src/tests/.libs src/tests/_libs -rm -rf src/tools/.libs src/tools/_libs -rm -rf src/util/.libs src/util/_libs -rm -rf src/util/crypto/libcrypto/.libs src/util/crypto/libcrypto/_libs -rm -rf src/util/crypto/nss/.libs src/util/crypto/nss/_libs distclean-libtool: -rm -f libtool config.lt install-dist_pkgconfigDATA: $(dist_pkgconfig_DATA) @$(NORMAL_INSTALL) @list='$(dist_pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \ done uninstall-dist_pkgconfigDATA: @$(NORMAL_UNINSTALL) @list='$(dist_pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir) install-dist_sssdapipluginDATA: $(dist_sssdapiplugin_DATA) @$(NORMAL_INSTALL) @list='$(dist_sssdapiplugin_DATA)'; test -n "$(sssdapiplugindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sssdapiplugindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sssdapiplugindir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sssdapiplugindir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(sssdapiplugindir)" || exit $$?; \ done uninstall-dist_sssdapipluginDATA: @$(NORMAL_UNINSTALL) @list='$(dist_sssdapiplugin_DATA)'; test -n "$(sssdapiplugindir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(sssdapiplugindir)'; $(am__uninstall_files_from_dir) install-dist_sssddataDATA: $(dist_sssddata_DATA) @$(NORMAL_INSTALL) @list='$(dist_sssddata_DATA)'; test -n "$(sssddatadir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sssddatadir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sssddatadir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sssddatadir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(sssddatadir)" || exit $$?; \ done uninstall-dist_sssddataDATA: @$(NORMAL_UNINSTALL) @list='$(dist_sssddata_DATA)'; test -n "$(sssddatadir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(sssddatadir)'; $(am__uninstall_files_from_dir) install-dist_systemdunitDATA: $(dist_systemdunit_DATA) @$(NORMAL_INSTALL) @list='$(dist_systemdunit_DATA)'; test -n "$(systemdunitdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(systemdunitdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(systemdunitdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(systemdunitdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(systemdunitdir)" || exit $$?; \ done uninstall-dist_systemdunitDATA: @$(NORMAL_UNINSTALL) @list='$(dist_systemdunit_DATA)'; test -n "$(systemdunitdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(systemdunitdir)'; $(am__uninstall_files_from_dir) install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \ $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir) # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscope: cscope.files test ! -s cscope.files \ || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) clean-cscope: -rm -f cscope.files cscope.files: clean-cscope cscopelist cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f cscope.out cscope.in.out cscope.po.out cscope.files # Recover from deleted '.trs' file; this should ensure that # "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create # both 'foo.log' and 'foo.trs'. Break the recipe in two subshells # to avoid problems with "make -n". .log.trs: rm -f $< $@ $(MAKE) $(AM_MAKEFLAGS) $< # Leading 'am--fnord' is there to ensure the list of targets does not # expand to empty, as could happen e.g. with make check TESTS=''. am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) am--force-recheck: @: $(TEST_SUITE_LOG): $(TEST_LOGS) @$(am__set_TESTS_bases); \ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ redo_bases=`for i in $$bases; do \ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ done`; \ if test -n "$$redo_bases"; then \ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ if $(am__make_dryrun); then :; else \ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ fi; \ fi; \ if test -n "$$am__remaking_logs"; then \ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ "recursion detected" >&2; \ else \ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ fi; \ if $(am__make_dryrun); then :; else \ st=0; \ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ for i in $$redo_bases; do \ test -f $$i.trs && test -r $$i.trs \ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ test -f $$i.log && test -r $$i.log \ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ done; \ test $$st -eq 0 || exit 1; \ fi @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ws='[ ]'; \ results=`for b in $$bases; do echo $$b.trs; done`; \ test -n "$$results" || results=/dev/null; \ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ success=true; \ else \ success=false; \ fi; \ br='==================='; br=$$br$$br$$br$$br; \ result_count () \ { \ if test x"$$1" = x"--maybe-color"; then \ maybe_colorize=yes; \ elif test x"$$1" = x"--no-color"; then \ maybe_colorize=no; \ else \ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ fi; \ shift; \ desc=$$1 count=$$2; \ if test $$maybe_colorize = yes && test $$count -gt 0; then \ color_start=$$3 color_end=$$std; \ else \ color_start= color_end=; \ fi; \ echo "$${color_start}# $$desc $$count$${color_end}"; \ }; \ create_testsuite_report () \ { \ result_count $$1 "TOTAL:" $$all "$$brg"; \ result_count $$1 "PASS: " $$pass "$$grn"; \ result_count $$1 "SKIP: " $$skip "$$blu"; \ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ result_count $$1 "FAIL: " $$fail "$$red"; \ result_count $$1 "XPASS:" $$xpass "$$red"; \ result_count $$1 "ERROR:" $$error "$$mgn"; \ }; \ { \ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ $(am__rst_title); \ create_testsuite_report --no-color; \ echo; \ echo ".. contents:: :depth: 2"; \ echo; \ for b in $$bases; do echo $$b; done \ | $(am__create_global_log); \ } >$(TEST_SUITE_LOG).tmp || exit 1; \ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ if $$success; then \ col="$$grn"; \ else \ col="$$red"; \ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ fi; \ echo "$${col}$$br$${std}"; \ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ echo "$${col}$$br$${std}"; \ create_testsuite_report --maybe-color; \ echo "$$col$$br$$std"; \ if $$success; then :; else \ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ if test -n "$(PACKAGE_BUGREPORT)"; then \ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ fi; \ echo "$$col$$br$$std"; \ fi; \ $$success || exit 1 check-TESTS: @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) @set +e; $(am__set_TESTS_bases); \ log_list=`for i in $$bases; do echo $$i.log; done`; \ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ exit $$?; recheck: all $(check_LTLIBRARIES) $(check_PROGRAMS) @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) @set +e; $(am__set_TESTS_bases); \ bases=`for i in $$bases; do echo $$i; done \ | $(am__list_recheck_tests)` || exit 1; \ log_list=`for i in $$bases; do echo $$i.log; done`; \ log_list=`echo $$log_list`; \ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ am__force_recheck=am--force-recheck \ TEST_LOGS="$$log_list"; \ exit $$? src/config/SSSDConfigTest.py.log: src/config/SSSDConfigTest.py @p='src/config/SSSDConfigTest.py'; \ b='src/config/SSSDConfigTest.py'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) src/tests/pyhbac-test.py.log: src/tests/pyhbac-test.py @p='src/tests/pyhbac-test.py'; \ b='src/tests/pyhbac-test.py'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) src/tests/pysss_murmur-test.py.log: src/tests/pysss_murmur-test.py @p='src/tests/pysss_murmur-test.py'; \ b='src/tests/pysss_murmur-test.py'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) nss-srv-tests.log: nss-srv-tests$(EXEEXT) @p='nss-srv-tests$(EXEEXT)'; \ b='nss-srv-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) test-find-uid.log: test-find-uid$(EXEEXT) @p='test-find-uid$(EXEEXT)'; \ b='test-find-uid'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) test-io.log: test-io$(EXEEXT) @p='test-io$(EXEEXT)'; \ b='test-io'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) sss_nss_idmap-tests.log: sss_nss_idmap-tests$(EXEEXT) @p='sss_nss_idmap-tests$(EXEEXT)'; \ b='sss_nss_idmap-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) dyndns-tests.log: dyndns-tests$(EXEEXT) @p='dyndns-tests$(EXEEXT)'; \ b='dyndns-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) fqnames-tests.log: fqnames-tests$(EXEEXT) @p='fqnames-tests$(EXEEXT)'; \ b='fqnames-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) test_sss_idmap.log: test_sss_idmap$(EXEEXT) @p='test_sss_idmap$(EXEEXT)'; \ b='test_sss_idmap'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) test_ipa_idmap.log: test_ipa_idmap$(EXEEXT) @p='test_ipa_idmap$(EXEEXT)'; \ b='test_ipa_idmap'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) test_utils.log: test_utils$(EXEEXT) @p='test_utils$(EXEEXT)'; \ b='test_utils'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) ad_access_filter_tests.log: ad_access_filter_tests$(EXEEXT) @p='ad_access_filter_tests$(EXEEXT)'; \ b='ad_access_filter_tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) ad_common_tests.log: ad_common_tests$(EXEEXT) @p='ad_common_tests$(EXEEXT)'; \ b='ad_common_tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) dp_opt_tests.log: dp_opt_tests$(EXEEXT) @p='dp_opt_tests$(EXEEXT)'; \ b='dp_opt_tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) test_search_bases.log: test_search_bases$(EXEEXT) @p='test_search_bases$(EXEEXT)'; \ b='test_search_bases'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) dlopen-tests.log: dlopen-tests$(EXEEXT) @p='dlopen-tests$(EXEEXT)'; \ b='dlopen-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) sysdb-tests.log: sysdb-tests$(EXEEXT) @p='sysdb-tests$(EXEEXT)'; \ b='sysdb-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) strtonum-tests.log: strtonum-tests$(EXEEXT) @p='strtonum-tests$(EXEEXT)'; \ b='strtonum-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) resolv-tests.log: resolv-tests$(EXEEXT) @p='resolv-tests$(EXEEXT)'; \ b='resolv-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) krb5-utils-tests.log: krb5-utils-tests$(EXEEXT) @p='krb5-utils-tests$(EXEEXT)'; \ b='krb5-utils-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) check_and_open-tests.log: check_and_open-tests$(EXEEXT) @p='check_and_open-tests$(EXEEXT)'; \ b='check_and_open-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) files-tests.log: files-tests$(EXEEXT) @p='files-tests$(EXEEXT)'; \ b='files-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) refcount-tests.log: refcount-tests$(EXEEXT) @p='refcount-tests$(EXEEXT)'; \ b='refcount-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) fail_over-tests.log: fail_over-tests$(EXEEXT) @p='fail_over-tests$(EXEEXT)'; \ b='fail_over-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) find_uid-tests.log: find_uid-tests$(EXEEXT) @p='find_uid-tests$(EXEEXT)'; \ b='find_uid-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) auth-tests.log: auth-tests$(EXEEXT) @p='auth-tests$(EXEEXT)'; \ b='auth-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) ipa_ldap_opt-tests.log: ipa_ldap_opt-tests$(EXEEXT) @p='ipa_ldap_opt-tests$(EXEEXT)'; \ b='ipa_ldap_opt-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) ad_ldap_opt-tests.log: ad_ldap_opt-tests$(EXEEXT) @p='ad_ldap_opt-tests$(EXEEXT)'; \ b='ad_ldap_opt-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) simple_access-tests.log: simple_access-tests$(EXEEXT) @p='simple_access-tests$(EXEEXT)'; \ b='simple_access-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) crypto-tests.log: crypto-tests$(EXEEXT) @p='crypto-tests$(EXEEXT)'; \ b='crypto-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) util-tests.log: util-tests$(EXEEXT) @p='util-tests$(EXEEXT)'; \ b='util-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) debug-tests.log: debug-tests$(EXEEXT) @p='debug-tests$(EXEEXT)'; \ b='debug-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) ipa_hbac-tests.log: ipa_hbac-tests$(EXEEXT) @p='ipa_hbac-tests$(EXEEXT)'; \ b='ipa_hbac-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) sss_idmap-tests.log: sss_idmap-tests$(EXEEXT) @p='sss_idmap-tests$(EXEEXT)'; \ b='sss_idmap-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) responder_socket_access-tests.log: responder_socket_access-tests$(EXEEXT) @p='responder_socket_access-tests$(EXEEXT)'; \ b='responder_socket_access-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) sysdb_ssh-tests.log: sysdb_ssh-tests$(EXEEXT) @p='sysdb_ssh-tests$(EXEEXT)'; \ b='sysdb_ssh-tests'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) .test.log: @p='$<'; \ $(am__set_b); \ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) @am__EXEEXT_TRUE@.test$(EXEEXT).log: @am__EXEEXT_TRUE@ @p='$<'; \ @am__EXEEXT_TRUE@ $(am__set_b); \ @am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ @am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ @am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ @am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) distdir: $(DISTFILES) $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done -test -n "$(am__skip_mode_fix)" \ || find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 $(am__post_remove_distdir) dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz $(am__post_remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__post_remove_distdir) dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) $(am__post_remove_distdir) dist dist-all: $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' $(am__post_remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) mkdir $(distdir)/_build $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ && $(am__cd) $(distdir)/_build \ && ../configure --srcdir=.. --prefix="$$dc_install_base" \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 $(am__post_remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: @test -n '$(distuninstallcheck_dir)' || { \ echo 'ERROR: trying to run $@ with an empty' \ '$$(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ $(am__cd) '$(distuninstallcheck_dir)' || { \ echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ fi ; \ $(distuninstallcheck_listfiles) ; \ exit 1; } >&2 distcleancheck: distclean @if test '$(srcdir)' = . ; then \ echo "ERROR: distcleancheck can only run from a VPATH build" ; \ exit 1 ; \ fi @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left in build directory after distclean:" ; \ $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am $(MAKE) $(AM_MAKEFLAGS) $(check_LTLIBRARIES) $(check_PROGRAMS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-recursive all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(DATA) \ $(HEADERS) config.h all-local install-binPROGRAMS: install-libLTLIBRARIES installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(autofslibdir)" "$(DESTDIR)$(krb5authdata_plugindir)" "$(DESTDIR)$(krb5plugindir)" "$(DESTDIR)$(ldblibdir)" "$(DESTDIR)$(libdir)" "$(DESTDIR)$(nsslibdir)" "$(DESTDIR)$(pamlibdir)" "$(DESTDIR)$(pkglibdir)" "$(DESTDIR)$(pyexecdir)" "$(DESTDIR)$(sssdlibdir)" "$(DESTDIR)$(sudolibdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(sssdlibexecdir)" "$(DESTDIR)$(initdir)" "$(DESTDIR)$(sss_obfuscate_pythondir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(sssdapiplugindir)" "$(DESTDIR)$(sssddatadir)" "$(DESTDIR)$(systemdunitdir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -rm -f src/confdb/$(DEPDIR)/$(am__dirstamp) -rm -f src/confdb/$(am__dirstamp) -rm -f src/db/$(DEPDIR)/$(am__dirstamp) -rm -f src/db/$(am__dirstamp) -rm -f src/krb5_plugin/$(DEPDIR)/$(am__dirstamp) -rm -f src/krb5_plugin/$(am__dirstamp) -rm -f src/ldb_modules/$(DEPDIR)/$(am__dirstamp) -rm -f src/ldb_modules/$(am__dirstamp) -rm -f src/lib/idmap/$(DEPDIR)/$(am__dirstamp) -rm -f src/lib/idmap/$(am__dirstamp) -rm -f src/monitor/$(DEPDIR)/$(am__dirstamp) -rm -f src/monitor/$(am__dirstamp) -rm -f src/providers/$(DEPDIR)/$(am__dirstamp) -rm -f src/providers/$(am__dirstamp) -rm -f src/providers/ad/$(DEPDIR)/$(am__dirstamp) -rm -f src/providers/ad/$(am__dirstamp) -rm -f src/providers/ipa/$(DEPDIR)/$(am__dirstamp) -rm -f src/providers/ipa/$(am__dirstamp) -rm -f src/providers/krb5/$(DEPDIR)/$(am__dirstamp) -rm -f src/providers/krb5/$(am__dirstamp) -rm -f src/providers/ldap/$(DEPDIR)/$(am__dirstamp) -rm -f src/providers/ldap/$(am__dirstamp) -rm -f src/providers/proxy/$(DEPDIR)/$(am__dirstamp) -rm -f src/providers/proxy/$(am__dirstamp) -rm -f src/providers/simple/$(DEPDIR)/$(am__dirstamp) -rm -f src/providers/simple/$(am__dirstamp) -rm -f src/python/$(DEPDIR)/$(am__dirstamp) -rm -f src/python/$(am__dirstamp) -rm -f src/resolv/$(DEPDIR)/$(am__dirstamp) -rm -f src/resolv/$(am__dirstamp) -rm -f src/resolv/ares/$(DEPDIR)/$(am__dirstamp) -rm -f src/resolv/ares/$(am__dirstamp) -rm -f src/responder/autofs/$(DEPDIR)/$(am__dirstamp) -rm -f src/responder/autofs/$(am__dirstamp) -rm -f src/responder/common/$(DEPDIR)/$(am__dirstamp) -rm -f src/responder/common/$(am__dirstamp) -rm -f src/responder/nss/$(DEPDIR)/$(am__dirstamp) -rm -f src/responder/nss/$(am__dirstamp) -rm -f src/responder/pac/$(DEPDIR)/$(am__dirstamp) -rm -f src/responder/pac/$(am__dirstamp) -rm -f src/responder/pam/$(DEPDIR)/$(am__dirstamp) -rm -f src/responder/pam/$(am__dirstamp) -rm -f src/responder/ssh/$(DEPDIR)/$(am__dirstamp) -rm -f src/responder/ssh/$(am__dirstamp) -rm -f src/responder/sudo/$(DEPDIR)/$(am__dirstamp) -rm -f src/responder/sudo/$(am__dirstamp) -rm -f src/sbus/$(DEPDIR)/$(am__dirstamp) -rm -f src/sbus/$(am__dirstamp) -rm -f src/sss_client/$(DEPDIR)/$(am__dirstamp) -rm -f src/sss_client/$(am__dirstamp) -rm -f src/sss_client/autofs/$(DEPDIR)/$(am__dirstamp) -rm -f src/sss_client/autofs/$(am__dirstamp) -rm -f src/sss_client/idmap/$(DEPDIR)/$(am__dirstamp) -rm -f src/sss_client/idmap/$(am__dirstamp) -rm -f src/sss_client/ssh/$(DEPDIR)/$(am__dirstamp) -rm -f src/sss_client/ssh/$(am__dirstamp) -rm -f src/sss_client/sudo/$(DEPDIR)/$(am__dirstamp) -rm -f src/sss_client/sudo/$(am__dirstamp) -rm -f src/sss_client/sudo_testcli/$(DEPDIR)/$(am__dirstamp) -rm -f src/sss_client/sudo_testcli/$(am__dirstamp) -rm -f src/tests/$(DEPDIR)/$(am__dirstamp) -rm -f src/tests/$(am__dirstamp) -rm -f src/tests/cmocka/$(DEPDIR)/$(am__dirstamp) -rm -f src/tests/cmocka/$(am__dirstamp) -rm -f src/tools/$(DEPDIR)/$(am__dirstamp) -rm -f src/tools/$(am__dirstamp) -rm -f src/util/$(DEPDIR)/$(am__dirstamp) -rm -f src/util/$(am__dirstamp) -rm -f src/util/crypto/libcrypto/$(DEPDIR)/$(am__dirstamp) -rm -f src/util/crypto/libcrypto/$(am__dirstamp) -rm -f src/util/crypto/nss/$(DEPDIR)/$(am__dirstamp) -rm -f src/util/crypto/nss/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-autofslibLTLIBRARIES clean-binPROGRAMS \ clean-checkLTLIBRARIES clean-checkPROGRAMS clean-generic \ clean-krb5authdata_pluginLTLIBRARIES \ clean-krb5pluginLTLIBRARIES clean-ldblibLTLIBRARIES \ clean-libLTLIBRARIES clean-libtool clean-local \ clean-noinstLTLIBRARIES clean-noinstPROGRAMS \ clean-nsslibLTLIBRARIES clean-pamlibLTLIBRARIES \ clean-pkglibLTLIBRARIES clean-pyexecLTLIBRARIES \ clean-sbinPROGRAMS clean-sssdlibLTLIBRARIES \ clean-sssdlibexecPROGRAMS clean-sudolibLTLIBRARIES \ mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf src/confdb/$(DEPDIR) src/db/$(DEPDIR) src/krb5_plugin/$(DEPDIR) src/ldb_modules/$(DEPDIR) src/lib/idmap/$(DEPDIR) src/monitor/$(DEPDIR) src/providers/$(DEPDIR) src/providers/ad/$(DEPDIR) src/providers/ipa/$(DEPDIR) src/providers/krb5/$(DEPDIR) src/providers/ldap/$(DEPDIR) src/providers/proxy/$(DEPDIR) src/providers/simple/$(DEPDIR) src/python/$(DEPDIR) src/resolv/$(DEPDIR) src/resolv/ares/$(DEPDIR) src/responder/autofs/$(DEPDIR) src/responder/common/$(DEPDIR) src/responder/nss/$(DEPDIR) src/responder/pac/$(DEPDIR) src/responder/pam/$(DEPDIR) src/responder/ssh/$(DEPDIR) src/responder/sudo/$(DEPDIR) src/sbus/$(DEPDIR) src/sss_client/$(DEPDIR) src/sss_client/autofs/$(DEPDIR) src/sss_client/idmap/$(DEPDIR) src/sss_client/ssh/$(DEPDIR) src/sss_client/sudo/$(DEPDIR) src/sss_client/sudo_testcli/$(DEPDIR) src/tests/$(DEPDIR) src/tests/cmocka/$(DEPDIR) src/tools/$(DEPDIR) src/util/$(DEPDIR) src/util/crypto/libcrypto/$(DEPDIR) src/util/crypto/nss/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-hdr distclean-libtool distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-autofslibLTLIBRARIES install-dist_initSCRIPTS \ install-dist_pkgconfigDATA \ install-dist_sss_obfuscate_pythonSCRIPTS \ install-dist_sssdapipluginDATA install-dist_sssddataDATA \ install-dist_systemdunitDATA install-includeHEADERS \ install-krb5authdata_pluginLTLIBRARIES \ install-krb5pluginLTLIBRARIES install-ldblibLTLIBRARIES \ install-nsslibLTLIBRARIES install-pamlibLTLIBRARIES \ install-sssdlibLTLIBRARIES install-sudolibLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-binPROGRAMS install-libLTLIBRARIES \ install-pkglibLTLIBRARIES install-pyexecLTLIBRARIES \ install-sbinPROGRAMS install-sssdlibexecPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache -rm -rf src/confdb/$(DEPDIR) src/db/$(DEPDIR) src/krb5_plugin/$(DEPDIR) src/ldb_modules/$(DEPDIR) src/lib/idmap/$(DEPDIR) src/monitor/$(DEPDIR) src/providers/$(DEPDIR) src/providers/ad/$(DEPDIR) src/providers/ipa/$(DEPDIR) src/providers/krb5/$(DEPDIR) src/providers/ldap/$(DEPDIR) src/providers/proxy/$(DEPDIR) src/providers/simple/$(DEPDIR) src/python/$(DEPDIR) src/resolv/$(DEPDIR) src/resolv/ares/$(DEPDIR) src/responder/autofs/$(DEPDIR) src/responder/common/$(DEPDIR) src/responder/nss/$(DEPDIR) src/responder/pac/$(DEPDIR) src/responder/pam/$(DEPDIR) src/responder/ssh/$(DEPDIR) src/responder/sudo/$(DEPDIR) src/sbus/$(DEPDIR) src/sss_client/$(DEPDIR) src/sss_client/autofs/$(DEPDIR) src/sss_client/idmap/$(DEPDIR) src/sss_client/ssh/$(DEPDIR) src/sss_client/sudo/$(DEPDIR) src/sss_client/sudo_testcli/$(DEPDIR) src/tests/$(DEPDIR) src/tests/cmocka/$(DEPDIR) src/tools/$(DEPDIR) src/util/$(DEPDIR) src/util/crypto/libcrypto/$(DEPDIR) src/util/crypto/nss/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-autofslibLTLIBRARIES uninstall-binPROGRAMS \ uninstall-dist_initSCRIPTS uninstall-dist_pkgconfigDATA \ uninstall-dist_sss_obfuscate_pythonSCRIPTS \ uninstall-dist_sssdapipluginDATA uninstall-dist_sssddataDATA \ uninstall-dist_systemdunitDATA uninstall-includeHEADERS \ uninstall-krb5authdata_pluginLTLIBRARIES \ uninstall-krb5pluginLTLIBRARIES uninstall-ldblibLTLIBRARIES \ uninstall-libLTLIBRARIES uninstall-nsslibLTLIBRARIES \ uninstall-pamlibLTLIBRARIES uninstall-pkglibLTLIBRARIES \ uninstall-pyexecLTLIBRARIES uninstall-sbinPROGRAMS \ uninstall-sssdlibLTLIBRARIES uninstall-sssdlibexecPROGRAMS \ uninstall-sudolibLTLIBRARIES @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) uninstall-hook .MAKE: $(am__recursive_targets) all check-am install-am \ install-data-am install-exec-am install-strip uninstall-am .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am all-local \ am--refresh check check-TESTS check-am clean \ clean-autofslibLTLIBRARIES clean-binPROGRAMS \ clean-checkLTLIBRARIES clean-checkPROGRAMS clean-cscope \ clean-generic clean-krb5authdata_pluginLTLIBRARIES \ clean-krb5pluginLTLIBRARIES clean-ldblibLTLIBRARIES \ clean-libLTLIBRARIES clean-libtool clean-local \ clean-noinstLTLIBRARIES clean-noinstPROGRAMS \ clean-nsslibLTLIBRARIES clean-pamlibLTLIBRARIES \ clean-pkglibLTLIBRARIES clean-pyexecLTLIBRARIES \ clean-sbinPROGRAMS clean-sssdlibLTLIBRARIES \ clean-sssdlibexecPROGRAMS clean-sudolibLTLIBRARIES cscope \ cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \ dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \ distcheck distclean distclean-compile distclean-generic \ distclean-hdr distclean-libtool distclean-tags distcleancheck \ distdir distuninstallcheck dvi dvi-am html html-am info \ info-am install install-am install-autofslibLTLIBRARIES \ install-binPROGRAMS install-data install-data-am \ install-data-hook install-dist_initSCRIPTS \ install-dist_pkgconfigDATA \ install-dist_sss_obfuscate_pythonSCRIPTS \ install-dist_sssdapipluginDATA install-dist_sssddataDATA \ install-dist_systemdunitDATA install-dvi install-dvi-am \ install-exec install-exec-am install-exec-hook install-html \ install-html-am install-includeHEADERS install-info \ install-info-am install-krb5authdata_pluginLTLIBRARIES \ install-krb5pluginLTLIBRARIES install-ldblibLTLIBRARIES \ install-libLTLIBRARIES install-man install-nsslibLTLIBRARIES \ install-pamlibLTLIBRARIES install-pdf install-pdf-am \ install-pkglibLTLIBRARIES install-ps install-ps-am \ install-pyexecLTLIBRARIES install-sbinPROGRAMS \ install-sssdlibLTLIBRARIES install-sssdlibexecPROGRAMS \ install-strip install-sudolibLTLIBRARIES installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ recheck tags tags-am uninstall uninstall-am \ uninstall-autofslibLTLIBRARIES uninstall-binPROGRAMS \ uninstall-dist_initSCRIPTS uninstall-dist_pkgconfigDATA \ uninstall-dist_sss_obfuscate_pythonSCRIPTS \ uninstall-dist_sssdapipluginDATA uninstall-dist_sssddataDATA \ uninstall-dist_systemdunitDATA uninstall-hook \ uninstall-includeHEADERS \ uninstall-krb5authdata_pluginLTLIBRARIES \ uninstall-krb5pluginLTLIBRARIES uninstall-ldblibLTLIBRARIES \ uninstall-libLTLIBRARIES uninstall-nsslibLTLIBRARIES \ uninstall-pamlibLTLIBRARIES uninstall-pkglibLTLIBRARIES \ uninstall-pyexecLTLIBRARIES uninstall-sbinPROGRAMS \ uninstall-sssdlibLTLIBRARIES uninstall-sssdlibexecPROGRAMS \ uninstall-sudolibLTLIBRARIES # Some old versions of automake don't define builddir builddir ?= . ldb_mod_test_dir: memberof.la mkdir -p $(builddir)/ldb_mod_test_dir cp $(builddir)/.libs/memberof.so $(builddir)/ldb_mod_test_dir ################ # TRANSLATIONS # ################ update-po: @HAVE_MANPAGES_TRUE@ $(MAKE) -C src/man update-po $(MAKE) -C po update-po src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) installsssddirs:: mkdir -p \ $(DESTDIR)$(includedir) \ $(DESTDIR)$(libdir) \ $(DESTDIR)$(bindir) \ $(DESTDIR)$(sbindir) \ $(DESTDIR)$(mandir) \ $(DESTDIR)$(pluginpath) \ $(DESTDIR)$(libdir)/ldb \ $(DESTDIR)$(dbusintrospectdir) \ $(DESTDIR)$(pipepath)/private \ $(DESTDIR)$(sssdlibdir) \ $(DESTDIR)$(pkglibdir) \ $(DESTDIR)$(sssdconfdir) \ $(DESTDIR)$(sssddatadir) \ $(DESTDIR)$(dbpath) \ $(DESTDIR)$(mcpath) \ $(DESTDIR)$(pidpath) \ $(DESTDIR)$(logpath) \ $(DESTDIR)$(pubconfpath) \ $(DESTDIR)$(pubconfpath)/krb5.include.d \ $(DESTDIR)$(sudolibdir) \ $(DESTDIR)$(autofslibdir) @HAVE_DOXYGEN_TRUE@docs: @HAVE_DOXYGEN_TRUE@ $(DOXYGEN) src/doxy.config @HAVE_DOXYGEN_TRUE@ $(DOXYGEN) src/providers/ipa/ipa_hbac.doxy @HAVE_DOXYGEN_TRUE@ $(DOXYGEN) src/lib/idmap/sss_idmap.doxy @HAVE_DOXYGEN_TRUE@ $(DOXYGEN) src/sss_client/idmap/sss_nss_idmap.doxy @HAVE_DOXYGEN_FALSE@docs: @HAVE_DOXYGEN_FALSE@ @echo "Doxygen not installed, cannot generate documentation" @HAVE_DOXYGEN_FALSE@ @exit 1 @BUILD_PYTHON_BINDINGS_TRUE@$(abs_builddir)/src/config/SSSDConfig/ipachangeconf.py: @BUILD_PYTHON_BINDINGS_TRUE@ -cp $(srcdir)/src/config/SSSDConfig/ipachangeconf.py $(builddir)/src/config/SSSDConfig/ @BUILD_PYTHON_BINDINGS_TRUE@$(abs_builddir)/src/config/SSSDConfig/sssd_upgrade_config.py: @BUILD_PYTHON_BINDINGS_TRUE@ -cp $(srcdir)/src/config/SSSDConfig/sssd_upgrade_config.py $(builddir)/src/config/SSSDConfig/ all-local: ldb_mod_test_dir $(SSSDCONFIG_MODULES) @BUILD_PYTHON_BINDINGS_TRUE@ cd $(builddir)/src/config; $(PYTHON) setup.py build --build-base $(abs_builddir)/src/config install-exec-hook: installsssddirs @BUILD_PYTHON_BINDINGS_TRUE@ if [ "$(DESTDIR)" = "" ]; then \ @BUILD_PYTHON_BINDINGS_TRUE@ cd $(builddir)/src/config; $(PYTHON) setup.py build --build-base $(abs_builddir)/src/config install $(DISTSETUPOPTS) --prefix=$(PYTHON_PREFIX) --record=$(abs_builddir)/src/config/.files; \ @BUILD_PYTHON_BINDINGS_TRUE@ else \ @BUILD_PYTHON_BINDINGS_TRUE@ cd $(builddir)/src/config; $(PYTHON) setup.py build --build-base $(abs_builddir)/src/config install $(DISTSETUPOPTS) --prefix=$(PYTHON_PREFIX) --root=$(DESTDIR) --record=$(abs_builddir)/src/config/.files; \ @BUILD_PYTHON_BINDINGS_TRUE@ fi for doc in $(SSSD_DOCS); do \ mkdir -p $$doc $(DESTDIR)/$(docdir); \ cp -a $$doc $(DESTDIR)/$(docdir)/; \ done; @HAVE_SYSTEMD_UNIT_TRUE@ mkdir -p $(DESTDIR)$(systemdunitdir) @HAVE_SYSTEMD_UNIT_FALSE@ mkdir -p $(DESTDIR)$(initdir) install-data-hook: rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ $(DESTDIR)/$(nsslibdir)/libnss_sss.so mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 if [ ! $(krb5rcachedir) = "__LIBKRB5_DEFAULTS__" ]; then \ mkdir -p $(DESTDIR)/$(krb5rcachedir) ; \ fi uninstall-hook: if [ -f $(abs_builddir)/src/config/.files ]; then \ cat $(abs_builddir)/src/config/.files | xargs -iq rm -f $(DESTDIR)/q; \ rm $(abs_builddir)/src/config/.files ; \ fi for doc in $(SSSD_DOCS); do \ rm -Rf $(DESTDIR)/$(docdir)/$$doc; \ done; clean-local: @BUILD_PYTHON_BINDINGS_TRUE@ if [ ! $(srcdir)/src/config/SSSDConfig/ipachangeconf.py -ef $(builddir)/src/config/SSSDConfig/ipachangeconf.py ]; then \ @BUILD_PYTHON_BINDINGS_TRUE@ rm -f $(builddir)/src/config/SSSDConfig/ipachangeconf.py ; \ @BUILD_PYTHON_BINDINGS_TRUE@ fi @BUILD_PYTHON_BINDINGS_TRUE@ if [ ! $(srcdir)/src/config/SSSDConfig/ipachangeconf.py -ef $(builddir)/src/config/SSSDConfig/ipachangeconf.py ]; then \ @BUILD_PYTHON_BINDINGS_TRUE@ rm -f $(builddir)/src/config/SSSDConfig/sssd_upgrade_config.py ; \ @BUILD_PYTHON_BINDINGS_TRUE@ fi @BUILD_PYTHON_BINDINGS_TRUE@ cd $(builddir)/src/config; $(PYTHON) setup.py build --build-base $(abs_builddir)/src/config clean --all for doc in $(SSSD_DOCS); do \ rm -Rf $$doc; \ done; rm -Rf ldb_mod_test_dir rm -f $(builddir)/src/sysv/systemd/sssd.service tests: all $(check_PROGRAMS) # RPM-related tasks RPMBUILD ?= $(PWD)/rpmbuild rpmroot: mkdir -p $(RPMBUILD)/BUILD mkdir -p $(RPMBUILD)/RPMS mkdir -p $(RPMBUILD)/SOURCES mkdir -p $(RPMBUILD)/SPECS mkdir -p $(RPMBUILD)/SRPMS rpmbrprep: dist-gzip rpmroot # When we're building RPMs from a git checkout, # we don't want to be bothered with translation # updates @GIT_CHECKOUT_TRUE@ git checkout $(srcdir)/po $(srcdir)/src/man/po cp $(builddir)/contrib/sssd.spec $(RPMBUILD)/SPECS cp $(distdir).tar.gz $(RPMBUILD)/SOURCES rpms: rpmbrprep cd $(RPMBUILD); \ rpmbuild --define "_topdir $(RPMBUILD)" -ba SPECS/sssd.spec @GIT_CHECKOUT_TRUE@prerelease-rpms: @GIT_CHECKOUT_TRUE@ cp $(srcdir)/version.m4 $(srcdir)/version.m4.orig @GIT_CHECKOUT_TRUE@ sed -e "s/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.*\])/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.`date +%Y%m%d.%H%M`.git`git log -1 --pretty=format:%h`\])/" < $(srcdir)/version.m4.orig > $(srcdir)/version.m4 @GIT_CHECKOUT_TRUE@ $(MAKE) rpms @GIT_CHECKOUT_TRUE@ mv $(srcdir)/version.m4.orig $(srcdir)/version.m4 # make srpms will use the old digest algorithm to be compatible # with RHEL5 srpm: rpmbrprep cd $(RPMBUILD); \ rpmbuild --define "_topdir $(RPMBUILD)" \ -bs SPECS/sssd.spec @GIT_CHECKOUT_TRUE@prerelease-srpm: @GIT_CHECKOUT_TRUE@ cp $(srcdir)/version.m4 $(srcdir)/version.m4.orig @GIT_CHECKOUT_TRUE@ sed -e "s/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.*\])/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.`date +%Y%m%d.%H%M`.git`git log -1 --pretty=format:%h`\])/" < $(srcdir)/version.m4.orig > $(srcdir)/version.m4 @GIT_CHECKOUT_TRUE@ $(MAKE) srpm @GIT_CHECKOUT_TRUE@ mv $(srcdir)/version.m4.orig $(srcdir)/version.m4 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: sssd-1.11.5/PaxHeaders.13173/configure0000644000000000000000000000013012320753505015452 xustar000000000000000029 mtime=1396954949.59688384 29 atime=1396954952.48888171 30 ctime=1396954961.312875203 sssd-1.11.5/configure0000775002412700241270000262215312320753505015721 0ustar00jhrozekjhrozek00000000000000#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for sssd 1.11.5. # # Report bugs to . # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then _as_can_reexec=no; export _as_can_reexec; # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 as_fn_exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1 test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO PATH=/empty FPATH=/empty; export PATH FPATH test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org and $0: sssd-devel@lists.fedorahosted.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" SHELL=${CONFIG_SHELL-/bin/sh} test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sssd' PACKAGE_TARNAME='sssd' PACKAGE_VERSION='1.11.5' PACKAGE_STRING='sssd 1.11.5' PACKAGE_BUGREPORT='sssd-devel@lists.fedorahosted.org' PACKAGE_URL='' # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_unique_file="BUILD.txt" ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS LIBOBJS abs_builddir HAVE_DEVSHM_FALSE HAVE_DEVSHM_TRUE HAVE_CMOCKA_FALSE HAVE_CMOCKA_TRUE CMOCKA_LIBS CMOCKA_CFLAGS HAVE_CHECK_FALSE HAVE_CHECK_TRUE HAVE_DOXYGEN_FALSE HAVE_DOXYGEN_TRUE DOXYGEN CHECK_LIBS CHECK_CFLAGS INOTIFY_LIBS CRYPTO_LIBS CRYPTO_CFLAGS NSS_LIBS NSS_CFLAGS HAVE_SYSTEMD SEMANAGE_LIBS SELINUX_LIBS PYTHON_LIBS PYTHON_CFLAGS PYTHON_INCLUDES pkgpyexecdir pyexecdir pkgpythondir pythondir PYTHON_PLATFORM PYTHON_EXEC_PREFIX PYTHON_PREFIX PYTHON_VERSION PYTHON HAVE_PO4A_FALSE HAVE_PO4A_TRUE HAVE_MANPAGES_FALSE HAVE_MANPAGES_TRUE HAVE_PROFILE_CATALOGS_FALSE HAVE_PROFILE_CATALOGS_TRUE DOCBOOK_XSLT PO4A XMLLINT XSLTPROC DBUS_LIBS DBUS_CFLAGS systemdunitdir HAVE_SYSTEMD_UNIT_FALSE HAVE_SYSTEMD_UNIT_TRUE HAVE_SYSV_FALSE HAVE_SYSV_TRUE LIBNL_LIBS LIBNL_CFLAGS UNICODE_LIBS GLIB2_LIBS GLIB2_CFLAGS WITH_GLIB_FALSE WITH_GLIB_TRUE WITH_LIBUNISTRING_FALSE WITH_LIBUNISTRING_TRUE NDR_NBT_LIBS NDR_NBT_CFLAGS BUILD_PAC_RESPONDER_FALSE BUILD_PAC_RESPONDER_TRUE NDR_KRB5PAC_LIBS NDR_KRB5PAC_CFLAGS KEYUTILS_LIBS NSUPDATE NSCD BUILD_ARES_DATA_FALSE BUILD_ARES_DATA_TRUE CARES_CFLAGS CARES_LIBS CARES_OBJ BUILD_KRB5_LOCATOR_PLUGIN_FALSE BUILD_KRB5_LOCATOR_PLUGIN_TRUE KRB5_CONFIG KRB5_LIBS KRB5_CFLAGS PCRE_CFLAGS PCRE_LIBS PCRE_OBJ OPENLDAP_CFLAGS OPENLDAP_LIBS PAM_LIBS INI_CONFIG_OBJ INI_CONFIG_LIBS INI_CONFIG_CFLAGS COLLECTION_LIBS COLLECTION_CFLAGS COLLECTION_OBJ DHASH_LIBS DHASH_CFLAGS DHASH_OBJ ldblibdir LDB_LIBS LDB_CFLAGS LDB_OBJ TEVENT_LIBS TEVENT_CFLAGS TEVENT_OBJ TDB_LIBS TDB_CFLAGS TDB_OBJ TALLOC_LIBS TALLOC_CFLAGS TALLOC_OBJ PKG_CONFIG POPT_CFLAGS POPT_LIBS POPT_OBJ HAVE_LIBCRYPTO_FALSE HAVE_LIBCRYPTO_TRUE HAVE_NSS_FALSE HAVE_NSS_TRUE BUILD_SSH_FALSE BUILD_SSH_TRUE BUILD_AUTOFS_FALSE BUILD_AUTOFS_TRUE sudolibpath BUILD_SUDO_FALSE BUILD_SUDO_TRUE appmodpath BUILD_SEMANAGE_FALSE BUILD_SEMANAGE_TRUE HAVE_SEMANAGE NSCD_PATH BUILD_SELINUX_FALSE BUILD_SELINUX_TRUE HAVE_SELINUX BUILD_PYTHON_BINDINGS_FALSE BUILD_PYTHON_BINDINGS_TRUE HAVE_PYTHON_BINDINGS krb5authdatapluginpath krb5rcachedir krb5pluginpath SGML_CATALOG_FILES HAVE_MANPAGES TEST_DIR initdir environment_file config_def_ccname_template config_def_ccache_dir mcpath pipepath pubconfpath logpath pidpath pluginpath dbpath BUILD_MANPAGES_FALSE BUILD_MANPAGES_TRUE HAVE_GENTOO_FALSE HAVE_GENTOO_TRUE HAVE_DEBIAN_FALSE HAVE_DEBIAN_TRUE HAVE_SUSE_FALSE HAVE_SUSE_TRUE HAVE_REDHAT_FALSE HAVE_REDHAT_TRUE HAVE_FEDORA_FALSE HAVE_FEDORA_TRUE pammoddir nsslibdir HAVE_PTHREAD_FALSE HAVE_PTHREAD_TRUE sharedbuilddir WANT_AUX_INFO_FALSE WANT_AUX_INFO_TRUE HAVE_GCC_FALSE HAVE_GCC_TRUE GIT_CHECKOUT_FALSE GIT_CHECKOUT_TRUE PRERELEASE_VERSION POSUB LTLIBINTL LIBINTL INTLLIBS LTLIBICONV LIBICONV MSGMERGE XGETTEXT GMSGFMT MSGFMT USE_NLS MKINSTALLDIRS LIBADD_DL LT_DLPREOPEN LIBADD_DLD_LINK LIBADD_SHL_LOAD LIBADD_DLOPEN LT_DLLOADERS OTOOL64 OTOOL LIPO NMEDIT DSYMUTIL MANIFEST_TOOL RANLIB DLLTOOL OBJDUMP LN_S NM ac_ct_DUMPBIN DUMPBIN LD FGREP SED host_os host_vendor host_cpu host build_os build_vendor build_cpu build LIBTOOL ac_ct_AR AR AM_BACKSLASH AM_DEFAULT_VERBOSITY AM_DEFAULT_V AM_V am__fastdepCC_FALSE am__fastdepCC_TRUE CCDEPMODE am__nodep AMDEPBACKSLASH AMDEP_FALSE AMDEP_TRUE am__quote am__include DEPDIR am__untar am__tar AMTAR am__leading_dot SET_MAKE AWK mkdir_p MKDIR_P INSTALL_STRIP_PROGRAM STRIP install_sh MAKEINFO AUTOHEADER AUTOMAKE AUTOCONF ACLOCAL VERSION PACKAGE CYGPATH_W am__isrc INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM EGREP GREP CPP OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_dependency_tracking enable_silent_rules enable_static enable_shared with_pic enable_fast_install with_gnu_ld with_sysroot enable_libtool_lock enable_nls enable_rpath with_libiconv_prefix with_libintl_prefix with_shared_build_dir enable_nsslibdir enable_pammoddir with_os enable_all_experimental_features with_distro_version with_db_path with_plugin_path with_pid_path with_log_path with_pubconf_path with_pipe_path with_mcache_path with_default_ccache_dir with_default_ccname_template with_environment_file with_init_dir with_test_dir with_manpages with_xml_catalog_path with_krb5_plugin_path with_krb5_rcache_dir with_krb5authdata_plugin_path with_krb5_conf with_python_bindings with_selinux with_nscd with_semanage with_nologin_shell with_app_libs with_sudo with_sudo_lib_path with_autofs with_ssh with_crypto with_ldb_lib_dir enable_ldb_version_check enable_krb5_locator_plugin enable_pac_responder with_unicode_lib with_libnl with_nscd_conf with_initscript with_systemdunitdir ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP PKG_CONFIG POPT_CFLAGS POPT_LIBS TALLOC_CFLAGS TALLOC_LIBS TDB_CFLAGS TDB_LIBS TEVENT_CFLAGS TEVENT_LIBS LDB_CFLAGS LDB_LIBS DHASH_CFLAGS DHASH_LIBS COLLECTION_CFLAGS COLLECTION_LIBS INI_CONFIG_CFLAGS INI_CONFIG_LIBS PCRE_CFLAGS PCRE_LIBS KRB5_CFLAGS KRB5_LIBS CARES_CFLAGS CARES_LIBS NDR_KRB5PAC_CFLAGS NDR_KRB5PAC_LIBS NDR_NBT_CFLAGS NDR_NBT_LIBS GLIB2_CFLAGS GLIB2_LIBS LIBNL_CFLAGS LIBNL_LIBS DBUS_CFLAGS DBUS_LIBS PYTHON NSS_CFLAGS NSS_LIBS CRYPTO_CFLAGS CRYPTO_LIBS CHECK_CFLAGS CHECK_LIBS CMOCKA_CFLAGS CMOCKA_LIBS' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *=) ac_optarg= ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error $? "unrecognized option: \`$ac_option' Try \`$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures sssd 1.11.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/sssd] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of sssd 1.11.5:";; esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-dependency-tracking do not reject slow dependency extractors --disable-dependency-tracking speeds up one-time build --enable-silent-rules less verbose build output (undo: "make V=1") --disable-silent-rules verbose build output (undo: "make V=0") --enable-static[=PKGS] build static libraries [default=no] --enable-shared[=PKGS] build shared libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) --disable-nls do not use Native Language Support --disable-rpath do not hardcode runtime library paths --enable-nsslibdir Where to install nss libraries ($libdir) --enable-pammoddir Where to install pam modules ($libdir/security) --enable-all-experimental-features build all experimental features --enable-ldb-version-check compile with ldb runtime version check [default=no] --disable-krb5-locator-plugin do not build Kerberos locator plugin --enable-pac-responder build pac responder Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use both] --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot=DIR Search for dependent libraries within DIR (or the compiler's sysroot if not specified). --with-gnu-ld assume the C compiler uses GNU ld default=no --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib --without-libiconv-prefix don't search for libiconv in includedir and libdir --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib --without-libintl-prefix don't search for libintl in includedir and libdir --with-shared-build-dir=DIR temporary build directory where libraries are installed [$srcdir/sharedbuild] --with-os=OS_TYPE Type of your operation system (fedora|redhat|suse|gentoo) --with-distro-version=VERSION Distro version number [] --with-db-path=PATH Path to the SSSD databases [/var/lib/sss/db] --with-plugin-path=PATH Path to the SSSD data provider plugins [/usr/lib/sssd] --with-pid-path=PATH Where to store pid files for the SSSD [/var/run] --with-log-path=PATH Where to store log files for the SSSD [/var/log/sssd] --with-pubconf-path=PATH Where to store pubconf files for the SSSD [/var/lib/sss/pubconf] --with-pipe-path=PATH Where to store pipe files for the SSSD interconnects [/var/lib/sss/pipes] --with-mcache-path=PATH Where to store mmap cache files for the SSSD interconnects [/var/lib/sss/mc] --with-default-ccache-dir=CCACHEDIR The default value of krb5_ccachedir [/tmp] --with-default-ccname-template=CCACHE The default fallback value of krb5_ccname_template [FILE:%d/krb5cc_%U_XXXXXX] --with-environment-file=PATH Path to environment file [/etc/sysconfig/sssd] --with-init-dir=DIR Where to store init script for sssd [/etc/rc.d/init.d] --with-test-dir=PATH Directory used for make check temporary files [$builddir] --with-manpages Whether to regenerate man pages from DocBook sources [yes] --with-xml-catalog-path=PATH Where to look for XML catalog [/etc/xml/catalog] --with-krb5-plugin-path=PATH Path to kerberos plugin store [/usr/lib/krb5/plugins/libkrb5] --with-krb5-rcache-dir=PATH Path to store Kerberos replay caches [__LIBKRB5_DEFAULTS__] --with-krb5authdata-plugin-path=PATH Path to kerberos authdata plugin store [/usr/lib/krb5/plugins/authdata] --with-krb5-conf=PATH Path to krb5.conf file [/etc/krb5.conf] --with-python-bindings Whether to build python bindings [yes] --with-selinux Whether to build with SELinux support [yes] --with-nscd=PATH Path to nscd binary to attempt to flush nscd cache after local domain operations [/usr/sbin/nscd] --with-semanage Whether to build with SELinux user management support [yes] --with-nologin-shell=PATH The shell used to deny access to users [/sbin/nologin] --with-app-libs= Path to the 3rd party application plugins [/usr/lib/sssd/modules] --with-sudo Whether to build with sudo support [yes] --with-sudo-lib-path= Path to the sudo library [/usr/lib/] --with-autofs Whether to build with autofs support [yes] --with-ssh Whether to build with SSH support [yes] --with-crypto=CRYPTO_LIB The cryptographic library to use (nss|libcrypto). The default is nss. --with-ldb-lib-dir=PATH Path to store ldb modules [${libdir}/ldb] --with-unicode-lib= Which library to use for unicode processing (libunistring, glib2) [glib2] --with-libnl Whether to build with libnetlink support (libnl3, libnl1, no) [auto] --with-nscd-conf=PATH Path to nscd.conf file [/etc/nscd.conf] --with-initscript=INITSCRIPT_TYPE Type of your init script (sysv|systemd). [sysv] --with-systemdunitdir=DIR Directory for systemd service files [Auto], Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor PKG_CONFIG path to pkg-config utility POPT_CFLAGS C compiler flags for POPT, overriding pkg-config POPT_LIBS linker flags for POPT, overriding pkg-config TALLOC_CFLAGS C compiler flags for TALLOC, overriding pkg-config TALLOC_LIBS linker flags for TALLOC, overriding pkg-config TDB_CFLAGS C compiler flags for TDB, overriding pkg-config TDB_LIBS linker flags for TDB, overriding pkg-config TEVENT_CFLAGS C compiler flags for TEVENT, overriding pkg-config TEVENT_LIBS linker flags for TEVENT, overriding pkg-config LDB_CFLAGS C compiler flags for LDB, overriding pkg-config LDB_LIBS linker flags for LDB, overriding pkg-config DHASH_CFLAGS C compiler flags for DHASH, overriding pkg-config DHASH_LIBS linker flags for DHASH, overriding pkg-config COLLECTION_CFLAGS C compiler flags for COLLECTION, overriding pkg-config COLLECTION_LIBS linker flags for COLLECTION, overriding pkg-config INI_CONFIG_CFLAGS C compiler flags for INI_CONFIG, overriding pkg-config INI_CONFIG_LIBS linker flags for INI_CONFIG, overriding pkg-config PCRE_CFLAGS C compiler flags for PCRE, overriding pkg-config PCRE_LIBS linker flags for PCRE, overriding pkg-config KRB5_CFLAGS C compiler flags for kerberos, overriding krb5-config KRB5_LIBS linker flags for kerberos, overriding krb5-config CARES_CFLAGS C compiler flags for CARES, overriding pkg-config CARES_LIBS linker flags for CARES, overriding pkg-config NDR_KRB5PAC_CFLAGS C compiler flags for NDR_KRB5PAC, overriding pkg-config NDR_KRB5PAC_LIBS linker flags for NDR_KRB5PAC, overriding pkg-config NDR_NBT_CFLAGS C compiler flags for NDR_NBT, overriding pkg-config NDR_NBT_LIBS linker flags for NDR_NBT, overriding pkg-config GLIB2_CFLAGS C compiler flags for GLIB2, overriding pkg-config GLIB2_LIBS linker flags for GLIB2, overriding pkg-config LIBNL_CFLAGS C compiler flags for LIBNL, overriding pkg-config LIBNL_LIBS linker flags for LIBNL, overriding pkg-config DBUS_CFLAGS C compiler flags for DBUS, overriding pkg-config DBUS_LIBS linker flags for DBUS, overriding pkg-config PYTHON the Python interpreter NSS_CFLAGS C compiler flags for NSS, overriding pkg-config NSS_LIBS linker flags for NSS, overriding pkg-config CRYPTO_CFLAGS C compiler flags for CRYPTO, overriding pkg-config CRYPTO_LIBS linker flags for CRYPTO, overriding pkg-config CHECK_CFLAGS C compiler flags for CHECK, overriding pkg-config CHECK_LIBS linker flags for CHECK, overriding pkg-config CMOCKA_CFLAGS C compiler flags for CMOCKA, overriding pkg-config CMOCKA_LIBS linker flags for CMOCKA, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF sssd configure 1.11.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## # ac_fn_c_try_compile LINENO # -------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile # ac_fn_c_try_cpp LINENO # ---------------------- # Try to preprocess conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_cpp () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_cpp # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using # the include files in INCLUDES and setting the cache variable VAR # accordingly. ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if eval \${$3+:} false; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 $as_echo_n "checking $2 usability... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_header_compiler=yes else ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 $as_echo_n "checking $2 presence... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <$2> _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : ac_header_preproc=yes else ac_header_preproc=no fi rm -f conftest.err conftest.i conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( yes:no: ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; no:yes:* ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ( $as_echo "## ------------------------------------------------ ## ## Report this to sssd-devel@lists.fedorahosted.org ## ## ------------------------------------------------ ##" ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_mongrel # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes # that executables *can* be run. ac_fn_c_try_run () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then : ac_retval=0 else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=$ac_status fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_run # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in # INCLUDES, setting the cache variable VAR accordingly. ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $2 (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $2 /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $2 (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$2 || defined __stub___$2 choke me #endif int main () { return $2 (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func # ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES # --------------------------------------------- # Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR # accordingly. ac_fn_c_check_decl () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack as_decl_name=`echo $2|sed 's/ *(.*//'` as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 $as_echo_n "checking whether $as_decl_name is declared... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { #ifndef $as_decl_name #ifdef __cplusplus (void) $as_decl_use; #else (void) $as_decl_name; #endif #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_decl # ac_fn_c_check_type LINENO TYPE VAR INCLUDES # ------------------------------------------- # Tests whether TYPE exists after having included INCLUDES, setting cache # variable VAR accordingly. ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof ($2)) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof (($2))) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else eval "$3=yes" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES # ---------------------------------------------------- # Tries to find if the field MEMBER exists in type AGGR, after including # INCLUDES, setting cache variable VAR accordingly. ac_fn_c_check_member () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 $as_echo_n "checking for $2.$3... " >&6; } if eval \${$4+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int main () { static $2 ac_aggr; if (ac_aggr.$3) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$4=yes" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int main () { static $2 ac_aggr; if (sizeof ac_aggr.$3) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$4=yes" else eval "$4=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$4 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_member # ac_fn_c_compute_int LINENO EXPR VAR INCLUDES # -------------------------------------------- # Tries to find the compile-time value of EXPR in a program that includes # INCLUDES, setting VAR accordingly. Returns whether the value could be # computed ac_fn_c_compute_int () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) >= 0)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_lo=0 ac_mid=0 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=$ac_mid; break else as_fn_arith $ac_mid + 1 && ac_lo=$as_val if test $ac_lo -le $ac_mid; then ac_lo= ac_hi= break fi as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) < 0)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=-1 ac_mid=-1 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) >= $ac_mid)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_lo=$ac_mid; break else as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val if test $ac_mid -le $ac_hi; then ac_lo= ac_hi= break fi as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done else ac_lo= ac_hi= fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext # Binary search between lo and hi bounds. while test "x$ac_lo" != "x$ac_hi"; do as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=$ac_mid else as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done case $ac_lo in #(( ?*) eval "$3=\$ac_lo"; ac_retval=0 ;; '') ac_retval=1 ;; esac else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 static long int longval () { return $2; } static unsigned long int ulongval () { return $2; } #include #include int main () { FILE *f = fopen ("conftest.val", "w"); if (! f) return 1; if (($2) < 0) { long int i = longval (); if (i != ($2)) return 1; fprintf (f, "%ld", i); } else { unsigned long int i = ulongval (); if (i != ($2)) return 1; fprintf (f, "%lu", i); } /* Do not output a trailing newline, as this causes \r\n confusion on some platforms. */ return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : echo >>conftest.val; read $3 config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by sssd $as_me 1.11.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo $as_echo "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo $as_echo "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then $as_echo "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then $as_echo "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then # We do not want a PATH search for config.site. case $CONFIG_SITE in #(( -*) ac_site_file1=./$CONFIG_SITE;; */*) ac_site_file1=$CONFIG_SITE;; *) ac_site_file1=./$CONFIG_SITE;; esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi if test -z "$ac_file"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if ${ac_cv_objext+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if ${ac_cv_c_compiler_gnu+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if ${ac_cv_prog_cc_g+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if ${ac_cv_prog_cc_c89+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include struct stat; /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if ${ac_cv_prog_CPP+:} false; then : $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if ${ac_cv_path_EGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default" if test "x$ac_cv_header_minix_config_h" = xyes; then : MINIX=yes else MINIX= fi if test "$MINIX" = yes; then $as_echo "#define _POSIX_SOURCE 1" >>confdefs.h $as_echo "#define _POSIX_1_SOURCE 2" >>confdefs.h $as_echo "#define _MINIX 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5 $as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; } if ${ac_cv_safe_to_define___extensions__+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ # define __EXTENSIONS__ 1 $ac_includes_default int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_safe_to_define___extensions__=yes else ac_cv_safe_to_define___extensions__=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5 $as_echo "$ac_cv_safe_to_define___extensions__" >&6; } test $ac_cv_safe_to_define___extensions__ = yes && $as_echo "#define __EXTENSIONS__ 1" >>confdefs.h $as_echo "#define _ALL_SOURCE 1" >>confdefs.h $as_echo "#define _GNU_SOURCE 1" >>confdefs.h $as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" ac_aux_dir= for ac_dir in build "$srcdir"/build; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then as_fn_error $? "cannot find install-sh, install.sh, or shtool in build \"$srcdir\"/build" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. am__api_version='1.13' # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if ${ac_cv_path_install+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in #(( ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[\\\"\#\$\&\'\`$am_lf]*) as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; esac # Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( am_has_slept=no for am_try in 1 2; do echo "timestamp, slept: $am_has_slept" > conftest.file set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi if test "$*" != "X $srcdir/configure conftest.file" \ && test "$*" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". as_fn_error $? "ls -t appears to fail. Make sure there is not a broken alias in your environment" "$LINENO" 5 fi if test "$2" = conftest.file || test $am_try -eq 2; then break fi # Just in case. sleep 1 am_has_slept=yes done test "$2" = conftest.file ) then # Ok. : else as_fn_error $? "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= if grep 'slept: no' conftest.file >/dev/null 2>&1; then ( sleep 1 ) & am_sleep_pid=$! fi rm -f conftest.file test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" # Double any \ or $. # By default was `s,x,x', remove it if useless. ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then am_missing_run="$MISSING " else am_missing_run= { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi # Installed binaries are usually stripped using 'strip' when the user # run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the 'STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 $as_echo_n "checking for a thread-safe mkdir -p... " >&6; } if test -z "$MKDIR_P"; then if ${ac_cv_path_mkdir+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir (GNU coreutils) '* | \ 'mkdir (coreutils) '* | \ 'mkdir (fileutils) '4.1*) ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext break 3;; esac done done done IFS=$as_save_IFS fi test -d ./--version && rmdir ./--version if test "${ac_cv_path_mkdir+set}" = set; then MKDIR_P="$ac_cv_path_mkdir -p" else # As a last resort, use the slow shell script. Don't cache a # value for MKDIR_P within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. MKDIR_P="$ac_install_sh -d" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 $as_echo "$MKDIR_P" >&6; } for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AWK+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null DEPDIR="${am__leading_dot}deps" ac_config_commands="$ac_config_commands depfiles" am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 $as_echo_n "checking for style of include used by $am_make... " >&6; } am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # Ignore all kinds of additional output from 'make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include am__quote= _am_result=GNU ;; esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=.include am__quote="\"" _am_result=BSD ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 $as_echo "$_am_result" >&6; } rm -f confinc confmf # Check whether --enable-dependency-tracking was given. if test "${enable_dependency_tracking+set}" = set; then : enableval=$enable_dependency_tracking; fi if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' am__nodep='_no' fi if test "x$enable_dependency_tracking" != xno; then AMDEP_TRUE= AMDEP_FALSE='#' else AMDEP_TRUE='#' AMDEP_FALSE= fi # Check whether --enable-silent-rules was given. if test "${enable_silent_rules+set}" = set; then : enableval=$enable_silent_rules; fi case $enable_silent_rules in # ((( yes) AM_DEFAULT_VERBOSITY=0;; no) AM_DEFAULT_VERBOSITY=1;; *) AM_DEFAULT_VERBOSITY=1;; esac am_make=${MAKE-make} { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 $as_echo_n "checking whether $am_make supports nested variables... " >&6; } if ${am_cv_make_support_nested_variables+:} false; then : $as_echo_n "(cached) " >&6 else if $as_echo 'TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 am__doit: @$(TRUE) .PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then am_cv_make_support_nested_variables=yes else am_cv_make_support_nested_variables=no fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 $as_echo "$am_cv_make_support_nested_variables" >&6; } if test $am_cv_make_support_nested_variables = yes; then AM_V='$(V)' AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' else AM_V=$AM_DEFAULT_VERBOSITY AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY fi AM_BACKSLASH='\' if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi # Define the identity of the package. PACKAGE='sssd' VERSION='1.11.5' cat >>confdefs.h <<_ACEOF #define PACKAGE "$PACKAGE" _ACEOF cat >>confdefs.h <<_ACEOF #define VERSION "$VERSION" _ACEOF # Some tools Automake needs. ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: # # mkdir_p='$(MKDIR_P)' # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' # We'll loop over all known methods to create a tar archive until one works. _am_tools='gnutar pax cpio none' { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to create a pax tar archive" >&5 $as_echo_n "checking how to create a pax tar archive... " >&6; } # Go ahead even if we have the value already cached. We do so because we # need to set the values for the 'am__tar' and 'am__untar' variables. _am_tools=${am_cv_prog_tar_pax-$_am_tools} for _am_tool in $_am_tools; do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do { echo "$as_me:$LINENO: $_am_tar --version" >&5 ($_am_tar --version) >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && break done am__tar="$_am_tar --format=posix -chf - "'"$$tardir"' am__tar_="$_am_tar --format=posix -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x pax -w "$$tardir"' am__tar_='pax -L -x pax -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H pax -L' am__tar_='find "$tardir" -print | cpio -o -H pax -L' am__untar='cpio -i -H pax -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_pax}" && break # tar/untar a dummy directory, and stop if the command works. rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file { echo "$as_me:$LINENO: tardir=conftest.dir && eval $am__tar_ >conftest.tar" >&5 (tardir=conftest.dir && eval $am__tar_ >conftest.tar) >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } rm -rf conftest.dir if test -s conftest.tar; then { echo "$as_me:$LINENO: $am__untar &5 ($am__untar &5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { echo "$as_me:$LINENO: cat conftest.dir/file" >&5 (cat conftest.dir/file) >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } grep GrepMe conftest.dir/file >/dev/null 2>&1 && break fi done rm -rf conftest.dir if ${am_cv_prog_tar_pax+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_prog_tar_pax=$_am_tool fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_tar_pax" >&5 $as_echo "$am_cv_prog_tar_pax" >&6; } depcc="$CC" am_compiler_list= { $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 $as_echo_n "checking dependency style of $depcc... " >&6; } if ${am_cv_CC_dependencies_compiler_type+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named 'D' -- because '-MD' means "put the output # in D". rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_CC_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi am__universal=false case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with # Solaris 10 /bin/sh. echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle '-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # After this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_CC_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_CC_dependencies_compiler_type=none fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 $as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type if test "x$enable_dependency_tracking" != xno \ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then am__fastdepCC_TRUE= am__fastdepCC_FALSE='#' else am__fastdepCC_TRUE='#' am__fastdepCC_FALSE= fi if test "x$CC" != xcc; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5 $as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5 $as_echo_n "checking whether cc understands -c and -o together... " >&6; } fi set dummy $CC; ac_cc=`$as_echo "$2" | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` if eval \${ac_cv_prog_cc_${ac_cc}_c_o+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF # Make sure it works both with $CC and with simple cc. # We do the test twice because some compilers refuse to overwrite an # existing .o file with -o, though they will create one. ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5' rm -f conftest2.* if { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -f conftest2.$ac_objext && { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then eval ac_cv_prog_cc_${ac_cc}_c_o=yes if test "x$CC" != xcc; then # Test first that cc exists at all. if { ac_try='cc -c conftest.$ac_ext >&5' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5' rm -f conftest2.* if { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -f conftest2.$ac_objext && { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then # cc works too. : else # cc exists but doesn't like -o. eval ac_cv_prog_cc_${ac_cc}_c_o=no fi fi fi else eval ac_cv_prog_cc_${ac_cc}_c_o=no fi rm -f core conftest* fi if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h fi # FIXME: we rely on the cache variable name because # there is no other way. set dummy $CC am_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o if test "$am_t" != yes; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__CC in this case, # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" CC="$am_aux_dir/compile $CC" fi if test -n "$ac_tool_prefix"; then for ac_prog in ar lib "link -lib" do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AR="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AR=$ac_cv_prog_AR if test -n "$AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 $as_echo "$AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AR" && break done fi if test -z "$AR"; then ac_ct_AR=$AR for ac_prog in ar lib "link -lib" do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AR="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 $as_echo "$ac_ct_AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_AR" && break done if test "x$ac_ct_AR" = x; then AR="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac AR=$ac_ct_AR fi fi : ${AR=ar} { $as_echo "$as_me:${as_lineno-$LINENO}: checking the archiver ($AR) interface" >&5 $as_echo_n "checking the archiver ($AR) interface... " >&6; } if ${am_cv_ar_interface+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_ar_interface=ar cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int some_variable = 0; _ACEOF if ac_fn_c_try_compile "$LINENO"; then : am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&5' { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 (eval $am_ar_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test "$ac_status" -eq 0; then am_cv_ar_interface=ar else am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&5' { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 (eval $am_ar_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test "$ac_status" -eq 0; then am_cv_ar_interface=lib else am_cv_ar_interface=unknown fi fi rm -f conftest.lib libconftest.a fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_ar_interface" >&5 $as_echo "$am_cv_ar_interface" >&6; } case $am_cv_ar_interface in ar) ;; lib) # Microsoft lib, so override with the ar-lib wrapper script. # FIXME: It is wrong to rewrite AR. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__AR in this case, # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something # similar. AR="$am_aux_dir/ar-lib $AR" ;; unknown) as_fn_error $? "could not determine $AR interface" "$LINENO" 5 ;; esac # Check whether --enable-static was given. if test "${enable_static+set}" = set; then : enableval=$enable_static; p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$lt_save_ifs" ;; esac else enable_static=no fi case `pwd` in *\ * | *\ *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 $as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; esac macro_version='2.4.2' macro_revision='1.3337' ltmain="$ac_aux_dir/ltmain.sh" # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } if ${ac_cv_build+:} false; then : $as_echo_n "(cached) " >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' set x $ac_cv_build shift build_cpu=$1 build_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: build_os=$* IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 $as_echo_n "checking host system type... " >&6; } if ${ac_cv_host+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' set x $ac_cv_host shift host_cpu=$1 host_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: host_os=$* IFS=$ac_save_IFS case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac # Backslashify metacharacters that are still active within # double-quoted strings. sed_quote_subst='s/\(["`$\\]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\(["`\\]\)/\\\1/g' # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # Sed substitution to delay expansion of an escaped single quote. delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' # Sed substitution to avoid accidental globbing in evaled expressions no_glob_subst='s/\*/\\\*/g' ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 $as_echo_n "checking how to print strings... " >&6; } # Test print first, because it will be a builtin if present. if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='print -r --' elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then ECHO='printf %s\n' else # Use this function as a fallback that always works. func_fallback_echo () { eval 'cat <<_LTECHO_EOF $1 _LTECHO_EOF' } ECHO='func_fallback_echo' fi # func_echo_all arg... # Invoke $ECHO with all args, space-separated. func_echo_all () { $ECHO "" } case "$ECHO" in printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 $as_echo "printf" >&6; } ;; print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 $as_echo "print -r" >&6; } ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 $as_echo "cat" >&6; } ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 $as_echo_n "checking for a sed that does not truncate output... " >&6; } if ${ac_cv_path_SED+:} false; then : $as_echo_n "(cached) " >&6 else ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" done echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed { ac_script=; unset ac_script;} if test -z "$SED"; then ac_path_SED_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED case `"$ac_path_SED" --version 2>&1` in *GNU*) ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo '' >> "conftest.nl" "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_SED_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_SED="$ac_path_SED" ac_path_SED_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_SED_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 $as_echo "$ac_cv_path_SED" >&6; } SED="$ac_cv_path_SED" rm -f conftest.sed test -z "$SED" && SED=sed Xsed="$SED -e 1s/^X//" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 $as_echo_n "checking for fgrep... " >&6; } if ${ac_cv_path_FGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 then ac_cv_path_FGREP="$GREP -F" else if test -z "$FGREP"; then ac_path_FGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in fgrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_FGREP" || continue # Check for GNU ac_path_FGREP and select it if it is found. # Check for GNU $ac_path_FGREP case `"$ac_path_FGREP" --version 2>&1` in *GNU*) ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'FGREP' >> "conftest.nl" "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_FGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_FGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_FGREP"; then as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_FGREP=$FGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 $as_echo "$ac_cv_path_FGREP" >&6; } FGREP="$ac_cv_path_FGREP" test -z "$GREP" && GREP=grep # Check whether --with-gnu-ld was given. if test "${with_gnu_ld+set}" = set; then : withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes else with_gnu_ld=no fi ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 $as_echo_n "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [\\/]* | ?:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the pathname of ld ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 $as_echo_n "checking for GNU ld... " >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 $as_echo_n "checking for non-GNU ld... " >&6; } fi if ${lt_cv_path_LD+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &5 $as_echo "$LD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if ${lt_cv_prog_gnu_ld+:} false; then : $as_echo_n "(cached) " >&6 else # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &5 $as_echo "$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 $as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } if ${lt_cv_path_NM+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM="$NM" else lt_nm_to_check="${ac_tool_prefix}nm" if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. tmp_nm="$ac_dir/$lt_tmp_nm" if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in */dev/null* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags ;; esac ;; esac fi done IFS="$lt_save_ifs" done : ${lt_cv_path_NM=no} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 $as_echo "$lt_cv_path_NM" >&6; } if test "$lt_cv_path_NM" != "no"; then NM="$lt_cv_path_NM" else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$DUMPBIN"; then : # Let the user override the test. else if test -n "$ac_tool_prefix"; then for ac_prog in dumpbin "link -dump" do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DUMPBIN+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DUMPBIN"; then ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DUMPBIN=$ac_cv_prog_DUMPBIN if test -n "$DUMPBIN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 $as_echo "$DUMPBIN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$DUMPBIN" && break done fi if test -z "$DUMPBIN"; then ac_ct_DUMPBIN=$DUMPBIN for ac_prog in dumpbin "link -dump" do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DUMPBIN"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN if test -n "$ac_ct_DUMPBIN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 $as_echo "$ac_ct_DUMPBIN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_DUMPBIN" && break done if test "x$ac_ct_DUMPBIN" = x; then DUMPBIN=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DUMPBIN=$ac_ct_DUMPBIN fi fi case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in *COFF*) DUMPBIN="$DUMPBIN -symbols" ;; *) DUMPBIN=: ;; esac fi if test "$DUMPBIN" != ":"; then NM="$DUMPBIN" fi fi test -z "$NM" && NM=nm { $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 $as_echo_n "checking the name lister ($NM) interface... " >&6; } if ${lt_cv_nm_interface+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 (eval echo "\"\$as_me:$LINENO: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 $as_echo "$lt_cv_nm_interface" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi # find the maximum length of command line arguments { $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 $as_echo_n "checking the maximum length of command line arguments... " >&6; } if ${lt_cv_sys_max_cmd_len+:} false; then : $as_echo_n "(cached) " >&6 else i=0 teststring="ABCD" case $build_os in msdosdjgpp*) # On DJGPP, this test can blow up pretty badly due to problems in libc # (any single argument exceeding 2000 bytes causes a buffer overrun # during glob expansion). Even if it were fixed, the result of this # check would be larger than it should be. lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; gnu*) # Under GNU Hurd, this test is not required because there is # no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; cygwin* | mingw* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, # you end up with a "frozen" computer, even though with patience # the test eventually succeeds (with a max line length of 256k). # Instead, let's just punt: use the minimum linelength reported by # all of the supported platforms: 8192 (on NT/2K/XP). lt_cv_sys_max_cmd_len=8192; ;; mint*) # On MiNT this can take a long time and run out of memory. lt_cv_sys_max_cmd_len=8192; ;; amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. lt_cv_sys_max_cmd_len=8192; ;; netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` elif test -x /usr/sbin/sysctl; then lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` else lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs fi # And add a safety zone lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ;; interix*) # We know the value 262144 and hardcode it with a safety zone (like BSD) lt_cv_sys_max_cmd_len=196608 ;; os2*) # The test takes a long time on OS/2. lt_cv_sys_max_cmd_len=8192 ;; osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not # nice to cause kernel panics so lets avoid the loop below. # First set a reasonable default. lt_cv_sys_max_cmd_len=16384 # if test -x /sbin/sysconfig; then case `/sbin/sysconfig -q proc exec_disable_arg_limit` in *1*) lt_cv_sys_max_cmd_len=-1 ;; esac fi ;; sco3.2v5*) lt_cv_sys_max_cmd_len=102400 ;; sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. for i in 1 2 3 4 5 6 7 8 ; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ = "X$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring done # Only check the string length outside the loop. lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` teststring= # Add a significant safety factor because C++ compilers can tack on # massive amounts of additional arguments before passing them to the # linker. It appears as though 1/2 is a usable value. lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` fi ;; esac fi if test -n $lt_cv_sys_max_cmd_len ; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 $as_echo "$lt_cv_sys_max_cmd_len" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } fi max_cmd_len=$lt_cv_sys_max_cmd_len : ${CP="cp -f"} : ${MV="mv -f"} : ${RM="rm -f"} { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5 $as_echo_n "checking whether the shell understands some XSI constructs... " >&6; } # Try some XSI features xsi_shell=no ( _lt_dummy="a/b/c" test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ = c,a/b,b/c, \ && eval 'test $(( 1 + 1 )) -eq 2 \ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ && xsi_shell=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5 $as_echo "$xsi_shell" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5 $as_echo_n "checking whether the shell understands \"+=\"... " >&6; } lt_shell_append=no ( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \ >/dev/null 2>&1 \ && lt_shell_append=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5 $as_echo "$lt_shell_append" >&6; } if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else lt_unset=false fi # test EBCDIC or ASCII case `echo X|tr X '\101'` in A) # ASCII based system # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr lt_SP2NL='tr \040 \012' lt_NL2SP='tr \015\012 \040\040' ;; *) # EBCDIC based system lt_SP2NL='tr \100 \n' lt_NL2SP='tr \r\n \100\100' ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 $as_echo_n "checking how to convert $build file names to $host format... " >&6; } if ${lt_cv_to_host_file_cmd+:} false; then : $as_echo_n "(cached) " >&6 else case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 ;; esac ;; *-*-cygwin* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin ;; *-*-cygwin* ) lt_cv_to_host_file_cmd=func_convert_file_noop ;; * ) # otherwise, assume *nix lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin ;; esac ;; * ) # unhandled hosts (and "normal" native builds) lt_cv_to_host_file_cmd=func_convert_file_noop ;; esac fi to_host_file_cmd=$lt_cv_to_host_file_cmd { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 $as_echo "$lt_cv_to_host_file_cmd" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 $as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } if ${lt_cv_to_tool_file_cmd+:} false; then : $as_echo_n "(cached) " >&6 else #assume ordinary cross tools, or native build. lt_cv_to_tool_file_cmd=func_convert_file_noop case $host in *-*-mingw* ) case $build in *-*-mingw* ) # actually msys lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 ;; esac ;; esac fi to_tool_file_cmd=$lt_cv_to_tool_file_cmd { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 $as_echo "$lt_cv_to_tool_file_cmd" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 $as_echo_n "checking for $LD option to reload object files... " >&6; } if ${lt_cv_ld_reload_flag+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_reload_flag='-r' fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 $as_echo "$lt_cv_ld_reload_flag" >&6; } reload_flag=$lt_cv_ld_reload_flag case $reload_flag in "" | " "*) ;; *) reload_flag=" $reload_flag" ;; esac reload_cmds='$LD$reload_flag -o $output$reload_objs' case $host_os in cygwin* | mingw* | pw32* | cegcc*) if test "$GCC" != yes; then reload_cmds=false fi ;; darwin*) if test "$GCC" = yes; then reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' else reload_cmds='$LD$reload_flag -o $output$reload_objs' fi ;; esac if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. set dummy ${ac_tool_prefix}objdump; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OBJDUMP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OBJDUMP"; then ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OBJDUMP=$ac_cv_prog_OBJDUMP if test -n "$OBJDUMP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 $as_echo "$OBJDUMP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OBJDUMP"; then ac_ct_OBJDUMP=$OBJDUMP # Extract the first word of "objdump", so it can be a program name with args. set dummy objdump; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OBJDUMP"; then ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OBJDUMP="objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP if test -n "$ac_ct_OBJDUMP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 $as_echo "$ac_ct_OBJDUMP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OBJDUMP" = x; then OBJDUMP="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OBJDUMP=$ac_ct_OBJDUMP fi else OBJDUMP="$ac_cv_prog_OBJDUMP" fi test -z "$OBJDUMP" && OBJDUMP=objdump { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 $as_echo_n "checking how to recognize dependent libraries... " >&6; } if ${lt_cv_deplibs_check_method+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_file_magic_cmd='$MAGIC_CMD' lt_cv_file_magic_test_file= lt_cv_deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support # interlibrary dependencies. # 'none' -- dependencies not supported. # `unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. # 'test_compile' -- check by making test program. # 'file_magic [[regex]]' -- check by looking for files in library path # which responds to the $file_magic_cmd with a given extended regex. # If you have `file' or equivalent on your system and you're not sure # whether `pass_all' will *always* work, you probably want this one. case $host_os in aix[4-9]*) lt_cv_deplibs_check_method=pass_all ;; beos*) lt_cv_deplibs_check_method=pass_all ;; bsdi[45]*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' lt_cv_file_magic_cmd='/usr/bin/file -L' lt_cv_file_magic_test_file=/shlib/libc.so ;; cygwin*) # func_win32_libid is a shell function defined in ltmain.sh lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' ;; mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else # Keep this pattern in sync with the one in func_win32_libid. lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; cegcc*) # use the weaker test based on 'objdump'. See mingw*. lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' lt_cv_file_magic_cmd='$OBJDUMP -f' ;; darwin* | rhapsody*) lt_cv_deplibs_check_method=pass_all ;; freebsd* | dragonfly*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac else lt_cv_deplibs_check_method=pass_all fi ;; gnu*) lt_cv_deplibs_check_method=pass_all ;; haiku*) lt_cv_deplibs_check_method=pass_all ;; hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]' lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac ;; interix[3-9]*) # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' ;; irix5* | irix6* | nonstopux*) case $LD in *-32|*"-32 ") libmagic=32-bit;; *-n32|*"-n32 ") libmagic=N32;; *-64|*"-64 ") libmagic=64-bit;; *) libmagic=never-match;; esac lt_cv_deplibs_check_method=pass_all ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) lt_cv_deplibs_check_method=pass_all ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' fi ;; newos6*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; *nto* | *qnx*) lt_cv_deplibs_check_method=pass_all ;; openbsd*) if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' fi ;; osf3* | osf4* | osf5*) lt_cv_deplibs_check_method=pass_all ;; rdos*) lt_cv_deplibs_check_method=pass_all ;; solaris*) lt_cv_deplibs_check_method=pass_all ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) lt_cv_deplibs_check_method=pass_all ;; sysv4 | sysv4.3*) case $host_vendor in motorola) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` ;; ncr) lt_cv_deplibs_check_method=pass_all ;; sequent) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' ;; sni) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" lt_cv_file_magic_test_file=/lib/libc.so ;; siemens) lt_cv_deplibs_check_method=pass_all ;; pc) lt_cv_deplibs_check_method=pass_all ;; esac ;; tpf*) lt_cv_deplibs_check_method=pass_all ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 $as_echo "$lt_cv_deplibs_check_method" >&6; } file_magic_glob= want_nocaseglob=no if test "$build" = "$host"; then case $host_os in mingw* | pw32*) if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then want_nocaseglob=yes else file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"` fi ;; esac fi file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method test -z "$deplibs_check_method" && deplibs_check_method=unknown if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. set dummy ${ac_tool_prefix}dlltool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DLLTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DLLTOOL"; then ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DLLTOOL=$ac_cv_prog_DLLTOOL if test -n "$DLLTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 $as_echo "$DLLTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_DLLTOOL"; then ac_ct_DLLTOOL=$DLLTOOL # Extract the first word of "dlltool", so it can be a program name with args. set dummy dlltool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DLLTOOL"; then ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DLLTOOL="dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL if test -n "$ac_ct_DLLTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 $as_echo "$ac_ct_DLLTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_DLLTOOL" = x; then DLLTOOL="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DLLTOOL=$ac_ct_DLLTOOL fi else DLLTOOL="$ac_cv_prog_DLLTOOL" fi test -z "$DLLTOOL" && DLLTOOL=dlltool { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 $as_echo_n "checking how to associate runtime and link libraries... " >&6; } if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_sharedlib_from_linklib_cmd='unknown' case $host_os in cygwin* | mingw* | pw32* | cegcc*) # two different shell functions defined in ltmain.sh # decide which to use based on capabilities of $DLLTOOL case `$DLLTOOL --help 2>&1` in *--identify-strict*) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib ;; *) lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback ;; esac ;; *) # fallback: assume linklib IS sharedlib lt_cv_sharedlib_from_linklib_cmd="$ECHO" ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 $as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO if test -n "$ac_tool_prefix"; then for ac_prog in ar do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AR="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AR=$ac_cv_prog_AR if test -n "$AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 $as_echo "$AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AR" && break done fi if test -z "$AR"; then ac_ct_AR=$AR for ac_prog in ar do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AR="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 $as_echo "$ac_ct_AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_AR" && break done if test "x$ac_ct_AR" = x; then AR="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac AR=$ac_ct_AR fi fi : ${AR=ar} : ${AR_FLAGS=cru} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 $as_echo_n "checking for archiver @FILE support... " >&6; } if ${lt_cv_ar_at_file+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ar_at_file=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : echo conftest.$ac_objext > conftest.lst lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 (eval $lt_ar_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test "$ac_status" -eq 0; then # Ensure the archiver fails upon bogus file names. rm -f conftest.$ac_objext libconftest.a { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 (eval $lt_ar_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test "$ac_status" -ne 0; then lt_cv_ar_at_file=@ fi fi rm -f conftest.* libconftest.a fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 $as_echo "$lt_cv_ar_at_file" >&6; } if test "x$lt_cv_ar_at_file" = xno; then archiver_list_spec= else archiver_list_spec=$lt_cv_ar_at_file fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi test -z "$STRIP" && STRIP=: if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 $as_echo "$RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 $as_echo "$ac_ct_RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then RANLIB=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB fi else RANLIB="$ac_cv_prog_RANLIB" fi test -z "$RANLIB" && RANLIB=: # Determine commands to create old-style static archives. old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" ;; *) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" ;; esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" fi case $host_os in darwin*) lock_old_archive_extraction=yes ;; *) lock_old_archive_extraction=no ;; esac # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # Check for command to grab the raw symbol name followed by C symbol from nm. { $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 $as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } if ${lt_cv_sys_global_symbol_pipe+:} false; then : $as_echo_n "(cached) " >&6 else # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[BCDEGRST]' # Regexp to match symbols that can be accessed directly from C. sympat='\([_A-Za-z][_A-Za-z0-9]*\)' # Define system-specific variables. case $host_os in aix*) symcode='[BCDT]' ;; cygwin* | mingw* | pw32* | cegcc*) symcode='[ABCDGISTW]' ;; hpux*) if test "$host_cpu" = ia64; then symcode='[ABCDEGRST]' fi ;; irix* | nonstopux*) symcode='[BCDEGRST]' ;; osf*) symcode='[BCDEGQRST]' ;; solaris*) symcode='[BDRT]' ;; sco3.2v5*) symcode='[DT]' ;; sysv4.2uw2*) symcode='[DT]' ;; sysv5* | sco5v6* | unixware* | OpenUNIX*) symcode='[ABDT]' ;; sysv4) symcode='[DFNSTU]' ;; esac # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[ABCDGIRSTW]' ;; esac # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'" lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'" # Handle CRLF in mingw tool chain opt_cr= case $build_os in mingw*) opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac # Try without a prefix underscore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function # and D for any global variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK '"\ " {last_section=section; section=\$ 3};"\ " /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ " {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ " {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ " s[1]~/^[@?]/{print s[1], s[1]; next};"\ " s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* cat > conftest.$ac_ext <<_LT_EOF #ifdef __cplusplus extern "C" { #endif char nm_test_var; void nm_test_func(void); void nm_test_func(void){} #ifdef __cplusplus } #endif int main(){nm_test_var='a';nm_test_func();return(0);} _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then # Now try to grab the symbols. nlist=conftest.nm if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if $GREP ' nm_test_var$' "$nlist" >/dev/null; then if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext /* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ #if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) /* DATA imports from DLLs on WIN32 con't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */ # define LT_DLSYM_CONST #elif defined(__osf__) /* This system does not cope well with relocations in const data. */ # define LT_DLSYM_CONST #else # define LT_DLSYM_CONST const #endif #ifdef __cplusplus extern "C" { #endif _LT_EOF # Now generate the symbol file. eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' cat <<_LT_EOF >> conftest.$ac_ext /* The mapping between symbol names and symbols. */ LT_DLSYM_CONST struct { const char *name; void *address; } lt__PROGRAM__LTX_preloaded_symbols[] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt__PROGRAM__LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif _LT_EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext lt_globsym_save_LIBS=$LIBS lt_globsym_save_CFLAGS=$CFLAGS LIBS="conftstm.$ac_objext" CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest${ac_exeext}; then pipe_works=yes fi LIBS=$lt_globsym_save_LIBS CFLAGS=$lt_globsym_save_CFLAGS else echo "cannot find nm_test_func in $nlist" >&5 fi else echo "cannot find nm_test_var in $nlist" >&5 fi else echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 fi else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test "$pipe_works" = yes; then break else lt_cv_sys_global_symbol_pipe= fi done fi if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 $as_echo "failed" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } fi # Response file support. if test "$lt_cv_nm_interface" = "MS dumpbin"; then nm_file_list_spec='@' elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then nm_file_list_spec='@' fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 $as_echo_n "checking for sysroot... " >&6; } # Check whether --with-sysroot was given. if test "${with_sysroot+set}" = set; then : withval=$with_sysroot; else with_sysroot=no fi lt_sysroot= case ${with_sysroot} in #( yes) if test "$GCC" = yes; then lt_sysroot=`$CC --print-sysroot 2>/dev/null` fi ;; #( /*) lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` ;; #( no|'') ;; #( *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${with_sysroot}" >&5 $as_echo "${with_sysroot}" >&6; } as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 $as_echo "${lt_sysroot:-no}" >&6; } # Check whether --enable-libtool-lock was given. if test "${enable_libtool_lock+set}" = set; then : enableval=$enable_libtool_lock; fi test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE="32" ;; *ELF-64*) HPUX_IA64_MODE="64" ;; esac fi rm -rf conftest* ;; *-*-irix6*) # Find out which ABI we are using. echo '#line '$LINENO' "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; *N32*) LD="${LD-ld} -melf32bmipn32" ;; *64-bit*) LD="${LD-ld} -melf64bmip" ;; esac else case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi fi rm -rf conftest* ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; powerpc64le-*linux*) LD="${LD-ld} -m elf32lppclinux" ;; powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) LD="${LD-ld} -m elf_s390" ;; sparc64-*linux*) LD="${LD-ld} -m elf32_sparc" ;; esac ;; *64-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; powerpcle-*linux*) LD="${LD-ld} -m elf64lppc" ;; powerpc-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) LD="${LD-ld} -m elf64_s390" ;; sparc*-*linux*) LD="${LD-ld} -m elf64_sparc" ;; esac ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 $as_echo_n "checking whether the C compiler needs -belf... " >&6; } if ${lt_cv_cc_needs_belf+:} false; then : $as_echo_n "(cached) " >&6 else ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_cc_needs_belf=yes else lt_cv_cc_needs_belf=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 $as_echo "$lt_cv_cc_needs_belf" >&6; } if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS="$SAVE_CFLAGS" fi ;; *-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) case $host in i?86-*-solaris*) LD="${LD-ld} -m elf_x86_64" ;; sparc*-*-solaris*) LD="${LD-ld} -m elf64_sparc" ;; esac # GNU ld 2.21 introduced _sol2 emulations. Use them if available. if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then LD="${LD-ld}_sol2" fi ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" fi ;; esac ;; esac fi rm -rf conftest* ;; esac need_locks="$enable_libtool_lock" if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. set dummy ${ac_tool_prefix}mt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$MANIFEST_TOOL"; then ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL if test -n "$MANIFEST_TOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 $as_echo "$MANIFEST_TOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_MANIFEST_TOOL"; then ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL # Extract the first word of "mt", so it can be a program name with args. set dummy mt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_MANIFEST_TOOL"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL if test -n "$ac_ct_MANIFEST_TOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 $as_echo "$ac_ct_MANIFEST_TOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_MANIFEST_TOOL" = x; then MANIFEST_TOOL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL fi else MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL" fi test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 $as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } if ${lt_cv_path_mainfest_tool+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_path_mainfest_tool=no echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out cat conftest.err >&5 if $GREP 'Manifest Tool' conftest.out > /dev/null; then lt_cv_path_mainfest_tool=yes fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 $as_echo "$lt_cv_path_mainfest_tool" >&6; } if test "x$lt_cv_path_mainfest_tool" != xyes; then MANIFEST_TOOL=: fi case $host_os in rhapsody* | darwin*) if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_DSYMUTIL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$DSYMUTIL"; then ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DSYMUTIL=$ac_cv_prog_DSYMUTIL if test -n "$DSYMUTIL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 $as_echo "$DSYMUTIL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_DSYMUTIL"; then ac_ct_DSYMUTIL=$DSYMUTIL # Extract the first word of "dsymutil", so it can be a program name with args. set dummy dsymutil; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DSYMUTIL"; then ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL if test -n "$ac_ct_DSYMUTIL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 $as_echo "$ac_ct_DSYMUTIL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_DSYMUTIL" = x; then DSYMUTIL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DSYMUTIL=$ac_ct_DSYMUTIL fi else DSYMUTIL="$ac_cv_prog_DSYMUTIL" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. set dummy ${ac_tool_prefix}nmedit; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_NMEDIT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$NMEDIT"; then ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi NMEDIT=$ac_cv_prog_NMEDIT if test -n "$NMEDIT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 $as_echo "$NMEDIT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_NMEDIT"; then ac_ct_NMEDIT=$NMEDIT # Extract the first word of "nmedit", so it can be a program name with args. set dummy nmedit; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_NMEDIT"; then ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_NMEDIT="nmedit" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT if test -n "$ac_ct_NMEDIT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 $as_echo "$ac_ct_NMEDIT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_NMEDIT" = x; then NMEDIT=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac NMEDIT=$ac_ct_NMEDIT fi else NMEDIT="$ac_cv_prog_NMEDIT" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. set dummy ${ac_tool_prefix}lipo; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_LIPO+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$LIPO"; then ac_cv_prog_LIPO="$LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_LIPO="${ac_tool_prefix}lipo" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi LIPO=$ac_cv_prog_LIPO if test -n "$LIPO"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 $as_echo "$LIPO" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_LIPO"; then ac_ct_LIPO=$LIPO # Extract the first word of "lipo", so it can be a program name with args. set dummy lipo; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_LIPO+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_LIPO"; then ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_LIPO="lipo" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO if test -n "$ac_ct_LIPO"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 $as_echo "$ac_ct_LIPO" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_LIPO" = x; then LIPO=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac LIPO=$ac_ct_LIPO fi else LIPO="$ac_cv_prog_LIPO" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. set dummy ${ac_tool_prefix}otool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OTOOL"; then ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL="${ac_tool_prefix}otool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OTOOL=$ac_cv_prog_OTOOL if test -n "$OTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 $as_echo "$OTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OTOOL"; then ac_ct_OTOOL=$OTOOL # Extract the first word of "otool", so it can be a program name with args. set dummy otool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OTOOL"; then ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL="otool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL if test -n "$ac_ct_OTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 $as_echo "$ac_ct_OTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OTOOL" = x; then OTOOL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL=$ac_ct_OTOOL fi else OTOOL="$ac_cv_prog_OTOOL" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. set dummy ${ac_tool_prefix}otool64; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_OTOOL64+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$OTOOL64"; then ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OTOOL64=$ac_cv_prog_OTOOL64 if test -n "$OTOOL64"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 $as_echo "$OTOOL64" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OTOOL64"; then ac_ct_OTOOL64=$OTOOL64 # Extract the first word of "otool64", so it can be a program name with args. set dummy otool64; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OTOOL64"; then ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL64="otool64" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 if test -n "$ac_ct_OTOOL64"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 $as_echo "$ac_ct_OTOOL64" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OTOOL64" = x; then OTOOL64=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL64=$ac_ct_OTOOL64 fi else OTOOL64="$ac_cv_prog_OTOOL64" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 $as_echo_n "checking for -single_module linker flag... " >&6; } if ${lt_cv_apple_cc_single_mod+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_apple_cc_single_mod=no if test -z "${LT_MULTI_MODULE}"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the # link flags. rm -rf libconftest.dylib* echo "int foo(void){return 1;}" > conftest.c echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c" >&5 $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? # If there is a non-empty error log, and "single_module" # appears in it, assume the flag caused a linker warning if test -s conftest.err && $GREP single_module conftest.err; then cat conftest.err >&5 # Otherwise, if the output was created with a 0 exit code from # the compiler, it worked. elif test -f libconftest.dylib && test $_lt_result -eq 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&5 fi rm -rf libconftest.dylib* rm -f conftest.* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 $as_echo "$lt_cv_apple_cc_single_mod" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 $as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } if ${lt_cv_ld_exported_symbols_list+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_ld_exported_symbols_list=yes else lt_cv_ld_exported_symbols_list=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 $as_echo "$lt_cv_ld_exported_symbols_list" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 $as_echo_n "checking for -force_load linker flag... " >&6; } if ${lt_cv_ld_force_load+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 echo "$AR cru libconftest.a conftest.o" >&5 $AR cru libconftest.a conftest.o 2>&5 echo "$RANLIB libconftest.a" >&5 $RANLIB libconftest.a 2>&5 cat > conftest.c << _LT_EOF int main() { return 0;} _LT_EOF echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err _lt_result=$? if test -s conftest.err && $GREP force_load conftest.err; then cat conftest.err >&5 elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then lt_cv_ld_force_load=yes else cat conftest.err >&5 fi rm -f conftest.err libconftest.a conftest conftest.c rm -rf conftest.dSYM fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 $as_echo "$lt_cv_ld_force_load" >&6; } case $host_os in rhapsody* | darwin1.[012]) _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[91]*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; 10.[012]*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; esac ;; esac if test "$lt_cv_apple_cc_single_mod" = "yes"; then _lt_dar_single_mod='$single_module' fi if test "$lt_cv_ld_exported_symbols_list" = "yes"; then _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' else _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' fi if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= fi ;; esac for ac_header in dlfcn.h do : ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default " if test "x$ac_cv_header_dlfcn_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_DLFCN_H 1 _ACEOF fi done # Set options enable_dlopen=no enable_win32_dll=no # Check whether --enable-shared was given. if test "${enable_shared+set}" = set; then : enableval=$enable_shared; p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$lt_save_ifs" ;; esac else enable_shared=yes fi # Check whether --with-pic was given. if test "${with_pic+set}" = set; then : withval=$with_pic; lt_p=${PACKAGE-default} case $withval in yes|no) pic_mode=$withval ;; *) pic_mode=default # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for lt_pkg in $withval; do IFS="$lt_save_ifs" if test "X$lt_pkg" = "X$lt_p"; then pic_mode=yes fi done IFS="$lt_save_ifs" ;; esac else pic_mode=default fi test -z "$pic_mode" && pic_mode=default # Check whether --enable-fast-install was given. if test "${enable_fast_install+set}" = set; then : enableval=$enable_fast_install; p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS="$lt_save_ifs" ;; esac else enable_fast_install=yes fi # This can be used to rebuild libtool when needed LIBTOOL_DEPS="$ltmain" # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' test -z "$LN_S" && LN_S="ln -s" if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 $as_echo_n "checking for objdir... " >&6; } if ${lt_cv_objdir+:} false; then : $as_echo_n "(cached) " >&6 else rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi rmdir .libs 2>/dev/null fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 $as_echo "$lt_cv_objdir" >&6; } objdir=$lt_cv_objdir cat >>confdefs.h <<_ACEOF #define LT_OBJDIR "$lt_cv_objdir/" _ACEOF case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Global variables: ofile=libtool can_build_shared=yes # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a with_gnu_ld="$lt_cv_prog_gnu_ld" old_CC="$CC" old_CFLAGS="$CFLAGS" # Set sane defaults for various variables test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` # Only perform the check for file, if the check method requires it test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 $as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } if ${lt_cv_path_MAGIC_CMD+:} false; then : $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/${ac_tool_prefix}file; then lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 $as_echo_n "checking for file... " >&6; } if ${lt_cv_path_MAGIC_CMD+:} false; then : $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/file; then lt_cv_path_MAGIC_CMD="$ac_dir/file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi else MAGIC_CMD=: fi fi fi ;; esac # Use C for the default configuration in the libtool script lt_save_CC="$CC" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu # Source file extension for C test sources. ac_ext=c # Object file extension for compiled C test sources. objext=o objext=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(){return(0);}' # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # Save the default compiler, since it gets overwritten when the other # tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. compiler_DEFAULT=$CC # save warnings/boilerplate of simple test code ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $RM conftest* ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $RM -r conftest* ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then lt_prog_compiler_no_builtin_flag= if test "$GCC" = yes; then case $cc_basename in nvcc*) lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; *) lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 $as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-fno-rtti -fno-exceptions" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_rtti_exceptions=yes fi fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 $as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" else : fi fi lt_prog_compiler_wl= lt_prog_compiler_pic= lt_prog_compiler_static= if test "$GCC" = yes; then lt_prog_compiler_wl='-Wl,' lt_prog_compiler_static='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support lt_prog_compiler_pic='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries lt_prog_compiler_pic='-DDLL_EXPORT' ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files lt_prog_compiler_pic='-fno-common' ;; haiku*) # PIC is the default for Haiku. # The "-static" flag exists, but is broken. lt_prog_compiler_static= ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) # +Z the default ;; *) lt_prog_compiler_pic='-fPIC' ;; esac ;; interix[3-9]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. lt_prog_compiler_can_build_shared=no enable_shared=no ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. lt_prog_compiler_pic='-fPIC -shared' ;; sysv4*MP*) if test -d /usr/nec; then lt_prog_compiler_pic=-Kconform_pic fi ;; *) lt_prog_compiler_pic='-fPIC' ;; esac case $cc_basename in nvcc*) # Cuda Compiler Driver 2.2 lt_prog_compiler_wl='-Xlinker ' if test -n "$lt_prog_compiler_pic"; then lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" fi ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) lt_prog_compiler_wl='-Wl,' if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' else lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' fi ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' ;; hpux9* | hpux10* | hpux11*) lt_prog_compiler_wl='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) lt_prog_compiler_pic='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? lt_prog_compiler_static='${wl}-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) lt_prog_compiler_wl='-Wl,' # PIC (with -KPIC) is the default. lt_prog_compiler_static='-non_shared' ;; linux* | k*bsd*-gnu | kopensolaris*-gnu) case $cc_basename in # old Intel for x86_64 which still supported -KPIC. ecc*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-static' ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fPIC' lt_prog_compiler_static='-static' ;; # Lahey Fortran 8.1. lf95*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='--shared' lt_prog_compiler_static='--static' ;; nagfor*) # NAG Fortran compiler lt_prog_compiler_wl='-Wl,-Wl,,' lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fpic' lt_prog_compiler_static='-Bstatic' ;; ccc*) lt_prog_compiler_wl='-Wl,' # All Alpha code is PIC. lt_prog_compiler_static='-non_shared' ;; xl* | bgxl* | bgf* | mpixl*) # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-qpic' lt_prog_compiler_static='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) # Sun Fortran 8.3 passes all unrecognized flags to the linker lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='' ;; *Sun\ F* | *Sun*Fortran*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='-Qoption ld ' ;; *Sun\ C*) # Sun C 5.9 lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='-Wl,' ;; *Intel*\ [CF]*Compiler*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fPIC' lt_prog_compiler_static='-static' ;; *Portland\ Group*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fpic' lt_prog_compiler_static='-Bstatic' ;; esac ;; esac ;; newsos6) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. lt_prog_compiler_pic='-fPIC -shared' ;; osf3* | osf4* | osf5*) lt_prog_compiler_wl='-Wl,' # All OSF/1 code is PIC. lt_prog_compiler_static='-non_shared' ;; rdos*) lt_prog_compiler_static='-non_shared' ;; solaris*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' case $cc_basename in f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) lt_prog_compiler_wl='-Qoption ld ';; *) lt_prog_compiler_wl='-Wl,';; esac ;; sunos4*) lt_prog_compiler_wl='-Qoption ld ' lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then lt_prog_compiler_pic='-Kconform_pic' lt_prog_compiler_static='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; unicos*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_can_build_shared=no ;; uts4*) lt_prog_compiler_pic='-pic' lt_prog_compiler_static='-Bstatic' ;; *) lt_prog_compiler_can_build_shared=no ;; esac fi case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) lt_prog_compiler_pic= ;; *) lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 $as_echo_n "checking for $compiler option to produce PIC... " >&6; } if ${lt_cv_prog_compiler_pic+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_pic=$lt_prog_compiler_pic fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 $as_echo "$lt_cv_prog_compiler_pic" >&6; } lt_prog_compiler_pic=$lt_cv_prog_compiler_pic # # Check to make sure the PIC flag actually works. # if test -n "$lt_prog_compiler_pic"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 $as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } if ${lt_cv_prog_compiler_pic_works+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_pic_works=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$lt_prog_compiler_pic -DPIC" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_pic_works=yes fi fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 $as_echo "$lt_cv_prog_compiler_pic_works" >&6; } if test x"$lt_cv_prog_compiler_pic_works" = xyes; then case $lt_prog_compiler_pic in "" | " "*) ;; *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; esac else lt_prog_compiler_pic= lt_prog_compiler_can_build_shared=no fi fi # # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 $as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } if ${lt_cv_prog_compiler_static_works+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_static_works=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_static_works=yes fi else lt_cv_prog_compiler_static_works=yes fi fi $RM -r conftest* LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 $as_echo "$lt_cv_prog_compiler_static_works" >&6; } if test x"$lt_cv_prog_compiler_static_works" = xyes; then : else lt_prog_compiler_static= fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 $as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } if ${lt_cv_prog_compiler_c_o+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o=yes fi fi chmod u+w . 2>&5 $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 $as_echo "$lt_cv_prog_compiler_c_o" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 $as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } if ${lt_cv_prog_compiler_c_o+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o=yes fi fi chmod u+w . 2>&5 $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 $as_echo "$lt_cv_prog_compiler_c_o" >&6; } hard_links="nottested" if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 $as_echo_n "checking if we can lock with hard links... " >&6; } hard_links=yes $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 $as_echo "$hard_links" >&6; } if test "$hard_links" = no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 $as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} need_locks=warn fi else need_locks=no fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 $as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } runpath_var= allow_undefined_flag= always_export_symbols=no archive_cmds= archive_expsym_cmds= compiler_needs_object=no enable_shared_with_static_runtimes=no export_dynamic_flag_spec= export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' hardcode_automatic=no hardcode_direct=no hardcode_direct_absolute=no hardcode_libdir_flag_spec= hardcode_libdir_separator= hardcode_minus_L=no hardcode_shlibpath_var=unsupported inherit_rpath=no link_all_deplibs=unknown module_cmds= module_expsym_cmds= old_archive_from_new_cmds= old_archive_from_expsyms_cmds= thread_safe_flag_spec= whole_archive_flag_spec= # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list include_expsyms= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. extract_expsyms_cmds= case $host_os in cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; esac ld_shlibs=yes # On some targets, GNU ld is compatible enough with the native linker # that we're better off using the native interface for both. lt_use_gnu_ld_interface=no if test "$with_gnu_ld" = yes; then case $host_os in aix*) # The AIX port of GNU ld has always aspired to compatibility # with the native linker. However, as the warning in the GNU ld # block says, versions before 2.19.5* couldn't really create working # shared libraries, regardless of the interface used. case `$LD -v 2>&1` in *\ \(GNU\ Binutils\)\ 2.19.5*) ;; *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;; *\ \(GNU\ Binutils\)\ [3-9]*) ;; *) lt_use_gnu_ld_interface=yes ;; esac ;; *) lt_use_gnu_ld_interface=yes ;; esac fi if test "$lt_use_gnu_ld_interface" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' export_dynamic_flag_spec='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else whole_archive_flag_spec= fi supports_anon_versioning=no case `$LD -v 2>&1` in *GNU\ gold*) supports_anon_versioning=yes ;; *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[3-9]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: the GNU linker, at least up to release 2.19, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to install binutils *** 2.20 or above, or modify your PATH so that a non-GNU linker is found. *** You will then need to restart the configuration process. _LT_EOF fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes ;; esac ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then allow_undefined_flag=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else ld_shlibs=no fi ;; cygwin* | mingw* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' export_dynamic_flag_spec='${wl}--export-all-symbols' allow_undefined_flag=unsupported always_export_symbols=no enable_shared_with_static_runtimes=yes export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else ld_shlibs=no fi ;; haiku*) archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' link_all_deplibs=yes ;; interix[3-9]*) hardcode_direct=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='${wl}-rpath,$libdir' export_dynamic_flag_spec='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) tmp_diet=no if test "$host_os" = linux-dietlibc; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ && test "$tmp_diet" = no then tmp_addflag=' $pic_flag' tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95* | pgfortran*) # Portland Group f77 and f90 compilers whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; lf95*) # Lahey Fortran 8.1 whole_archive_flag_spec= tmp_sharedflag='--shared' ;; xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; nvcc*) # Cuda Compiler Driver 2.2 whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' compiler_needs_object=yes ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' compiler_needs_object=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test "x$supports_anon_versioning" = xyes; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi case $cc_basename in xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac else ld_shlibs=no fi ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) # For security reasons, it is highly recommended that you always # use absolute paths for naming shared libraries, and exclude the # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac ;; sunos4*) archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= hardcode_direct=yes hardcode_shlibpath_var=no ;; *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac if test "$ld_shlibs" = no; then runpath_var= hardcode_libdir_flag_spec= export_dynamic_flag_spec= whole_archive_flag_spec= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) allow_undefined_flag=unsupported always_export_symbols=yes archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L=yes if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct=unsupported fi ;; aix[4-9]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm # Also, AIX nm treats weak defined symbols like other global # defined symbols, whereas GNU nm marks them as "W". if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. archive_cmds='' hardcode_direct=yes hardcode_direct_absolute=yes hardcode_libdir_separator=':' link_all_deplibs=yes file_list_spec='${wl}-f,' if test "$GCC" = yes; then case $host_os in aix4.[012]|aix4.[012].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 hardcode_direct=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking hardcode_minus_L=yes hardcode_libdir_flag_spec='-L$libdir' hardcode_libdir_separator= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi export_dynamic_flag_spec='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag='-berok' # Determine the default libpath from the value encoded in an # empty executable. if test "${lt_cv_aix_libpath+set}" = set; then aix_libpath=$lt_cv_aix_libpath else if ${lt_cv_aix_libpath_+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\([^ ]*\) *$/\1/ p } }' lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_="/usr/lib:/lib" fi fi aix_libpath=$lt_cv_aix_libpath_ fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' allow_undefined_flag="-z nodefs" archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. if test "${lt_cv_aix_libpath+set}" = set; then aix_libpath=$lt_cv_aix_libpath else if ${lt_cv_aix_libpath_+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\([^ ]*\) *$/\1/ p } }' lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_="/usr/lib:/lib" fi fi aix_libpath=$lt_cv_aix_libpath_ fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. no_undefined_flag=' ${wl}-bernotok' allow_undefined_flag=' ${wl}-berok' if test "$with_gnu_ld" = yes; then # We only use this code for GNU lds that support --whole-archive. whole_archive_flag_spec='${wl}--whole-archive$convenience ${wl}--no-whole-archive' else # Exported symbols can be pulled into shared objects from archives whole_archive_flag_spec='$convenience' fi archive_cmds_need_lc=yes # This is similar to how AIX traditionally builds its shared libraries. archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes ;; esac ;; bsdi[45]*) export_dynamic_flag_spec=-rdynamic ;; cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. case $cc_basename in cl*) # Native MSVC hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported always_export_symbols=yes file_list_spec='@' # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; else sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; fi~ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ linknames=' # The linker will not automatically build a static lib if we build a DLL. # _LT_TAGVAR(old_archive_from_new_cmds, )='true' enable_shared_with_static_runtimes=yes exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' # Don't use ranlib old_postinstall_cmds='chmod 644 $oldlib' postlink_cmds='lt_outputfile="@OUTPUT@"~ lt_tool_outputfile="@TOOL_OUTPUT@"~ case $lt_outputfile in *.exe|*.EXE) ;; *) lt_outputfile="$lt_outputfile.exe" lt_tool_outputfile="$lt_tool_outputfile.exe" ;; esac~ if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; $RM "$lt_outputfile.manifest"; fi' ;; *) # Assume MSVC wrapper hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. old_archive_from_new_cmds='true' # FIXME: Should let the user specify the lib program. old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' enable_shared_with_static_runtimes=yes ;; esac ;; darwin* | rhapsody*) archive_cmds_need_lc=no hardcode_direct=no hardcode_automatic=yes hardcode_shlibpath_var=unsupported if test "$lt_cv_ld_force_load" = "yes"; then whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' else whole_archive_flag_spec='' fi link_all_deplibs=yes allow_undefined_flag="$_lt_dar_allow_undefined" case $cc_basename in ifort*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac if test "$_lt_dar_can_shared" = "yes"; then output_verbose_link_cmd=func_echo_all archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" else ld_shlibs=no fi ;; dgux*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2.*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; hpux9*) if test "$GCC" = yes; then archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes export_dynamic_flag_spec='${wl}-E' ;; hpux10*) if test "$GCC" = yes && test "$with_gnu_ld" = no; then archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes hardcode_direct_absolute=yes export_dynamic_flag_spec='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes fi ;; hpux11*) if test "$GCC" = yes && test "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) # Older versions of the 11.00 compiler do not understand -b yet # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 $as_echo_n "checking if $CC understands -b... " >&6; } if ${lt_cv_prog_compiler__b+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler__b=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -b" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler__b=yes fi else lt_cv_prog_compiler__b=yes fi fi $RM -r conftest* LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 $as_echo "$lt_cv_prog_compiler__b" >&6; } if test x"$lt_cv_prog_compiler__b" = xyes; then archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi ;; esac fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: case $host_cpu in hppa*64*|ia64*) hardcode_direct=no hardcode_shlibpath_var=no ;; *) hardcode_direct=yes hardcode_direct_absolute=yes export_dynamic_flag_spec='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. # This should be the same for all languages, so no per-tag cache variable. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 $as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } if ${lt_cv_irix_exported_symbol+:} false; then : $as_echo_n "(cached) " >&6 else save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int foo (void) { return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_irix_exported_symbol=yes else lt_cv_irix_exported_symbol=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 $as_echo "$lt_cv_irix_exported_symbol" >&6; } if test "$lt_cv_irix_exported_symbol" = yes; then archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' fi else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' fi archive_cmds_need_lc='no' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: inherit_rpath=yes link_all_deplibs=yes ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; newsos6) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: hardcode_shlibpath_var=no ;; *nto* | *qnx*) ;; openbsd*) if test -f /usr/libexec/ld.so; then hardcode_direct=yes hardcode_shlibpath_var=no hardcode_direct_absolute=yes if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' hardcode_libdir_flag_spec='${wl}-rpath,$libdir' export_dynamic_flag_spec='${wl}-E' else case $host_os in openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-R$libdir' ;; *) archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ;; esac fi else ld_shlibs=no fi ;; os2*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes allow_undefined_flag=unsupported archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' fi archive_cmds_need_lc='no' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' archive_cmds='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly hardcode_libdir_flag_spec='-rpath $libdir' fi archive_cmds_need_lc='no' hardcode_libdir_separator=: ;; solaris*) no_undefined_flag=' -z defs' if test "$GCC" = yes; then wlarc='${wl}' archive_cmds='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) wlarc='${wl}' archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi hardcode_libdir_flag_spec='-R$libdir' hardcode_shlibpath_var=no case $host_os in solaris2.[0-5] | solaris2.[0-5].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. GCC discards it without `$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test "$GCC" = yes; then whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' else whole_archive_flag_spec='-z allextract$convenience -z defaultextract' fi ;; esac link_all_deplibs=yes ;; sunos4*) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi hardcode_libdir_flag_spec='-L$libdir' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; sysv4) case $host_vendor in sni) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' reload_cmds='$CC -r -o $output$reload_objs' hardcode_direct=no ;; motorola) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' hardcode_shlibpath_var=no ;; sysv4.3*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var=no export_dynamic_flag_spec='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes ld_shlibs=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) no_undefined_flag='${wl}-z,text' archive_cmds_need_lc=no hardcode_shlibpath_var=no runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. no_undefined_flag='${wl}-z,text' allow_undefined_flag='${wl}-z,nodefs' archive_cmds_need_lc=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='${wl}-R,$libdir' hardcode_libdir_separator=':' link_all_deplibs=yes export_dynamic_flag_spec='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; *) ld_shlibs=no ;; esac if test x$host_vendor = xsni; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) export_dynamic_flag_spec='${wl}-Blargedynsym' ;; esac fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 $as_echo "$ld_shlibs" >&6; } test "$ld_shlibs" = no && can_build_shared=no with_gnu_ld=$with_gnu_ld # # Do we need to explicitly link libc? # case "x$archive_cmds_need_lc" in x|xyes) # Assume -lc should be added archive_cmds_need_lc=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $archive_cmds in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 $as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } if ${lt_cv_archive_cmds_need_lc+:} false; then : $as_echo_n "(cached) " >&6 else $RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$lt_prog_compiler_wl pic_flag=$lt_prog_compiler_pic compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$allow_undefined_flag allow_undefined_flag= if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then lt_cv_archive_cmds_need_lc=no else lt_cv_archive_cmds_need_lc=yes fi allow_undefined_flag=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 $as_echo "$lt_cv_archive_cmds_need_lc" >&6; } archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc ;; esac fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 $as_echo_n "checking dynamic linker characteristics... " >&6; } if test "$GCC" = yes; then case $host_os in darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; *) lt_awk_arg="/^libraries:/" ;; esac case $host_os in mingw* | cegcc*) lt_sed_strip_eq="s,=\([A-Za-z]:\),\1,g" ;; *) lt_sed_strip_eq="s,=/,/,g" ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` case $lt_search_path_spec in *\;*) # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` ;; *) lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` ;; esac # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary. lt_tmp_lt_search_path_spec= lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` for lt_sys_path in $lt_search_path_spec; do if test -d "$lt_sys_path/$lt_multi_os_dir"; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" else test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' BEGIN {RS=" "; FS="/|\n";} { lt_foo=""; lt_count=0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { lt_foo="/" $lt_i lt_foo; } else { lt_count--; } } } } if (lt_foo != "") { lt_freq[lt_foo]++; } if (lt_freq[lt_foo] == 1) { print lt_foo; } }'` # AWK program above erroneously prepends '/' to C:/dos/paths # for these hosts. case $host_os in mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ $SED 's,/\([A-Za-z]:\),\1,g'` ;; esac sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[4-9]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[01] | aix4.[01].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) case $host_cpu in powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[45]*) version_type=linux # correct to gnu/linux during the next big refactor need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32* | cegcc*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$cc_basename in yes,*) # gcc library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname~ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; fi' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' ;; esac dynamic_linker='Win32 ld.exe' ;; *,cl*) # Native MSVC libname_spec='$name' soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' library_names_spec='${libname}.dll.lib' case $build_os in mingw*) sys_lib_search_path_spec= lt_save_ifs=$IFS IFS=';' for lt_path in $LIB do IFS=$lt_save_ifs # Let DOS variable expansion print the short 8.3 style file name. lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" done IFS=$lt_save_ifs # Convert to MSYS style. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` ;; cygwin*) # Convert to unix form, then to dos form, then back to unix form # but this time dos style (no spaces!) so that the unix form looks # like /cygdrive/c/PROGRA~1:/cygdr... sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` ;; *) sys_lib_search_path_spec="$LIB" if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then # It is most probably a Windows format PATH. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi # FIXME: find the short name or the path components, as spaces are # common. (e.g. "Program Files" -> "PROGRA~1") ;; esac # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes dynamic_linker='Win32 link.exe' ;; *) # Assume MSVC wrapper library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' dynamic_linker='Win32 ld.exe' ;; esac # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[23].*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2.*) shlibpath_overrides_runpath=yes ;; freebsd3.[01]* | freebsdelf3.[01]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; gnu*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; haiku*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no dynamic_linker="$host_os runtime_loader" library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LIBRARY_PATH shlibpath_overrides_runpath=yes sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555, ... postinstall_cmds='chmod 555 $lib' # or fails outright, so override atomically: install_override_mode=555 ;; interix[3-9]*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux # correct to gnu/linux during the next big refactor else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be glibc/ELF. linux* | k*bsd*-gnu | kopensolaris*-gnu) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # Some binutils ld are patched to set DT_RUNPATH if ${lt_cv_shlibpath_overrides_runpath+:} false; then : $as_echo_n "(cached) " >&6 else lt_cv_shlibpath_overrides_runpath=no save_LDFLAGS=$LDFLAGS save_libdir=$libdir eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : lt_cv_shlibpath_overrides_runpath=yes fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS libdir=$save_libdir fi shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Add ABI-specific directories to the system library path. sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; *nto* | *qnx*) version_type=qnx need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[89] | openbsd2.[89].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; uts4*) version_type=linux # correct to gnu/linux during the next big refactor library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 $as_echo "$dynamic_linker" >&6; } test "$dynamic_linker" = no && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" fi if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 $as_echo_n "checking how to hardcode library paths into programs... " >&6; } hardcode_action= if test -n "$hardcode_libdir_flag_spec" || test -n "$runpath_var" || test "X$hardcode_automatic" = "Xyes" ; then # We can hardcode non-existent directories. if test "$hardcode_direct" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no && test "$hardcode_minus_L" != no; then # Linking always hardcodes the temporary library directory. hardcode_action=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. hardcode_action=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. hardcode_action=unsupported fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 $as_echo "$hardcode_action" >&6; } if test "$hardcode_action" = relink || test "$inherit_rpath" = yes; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi if test "x$enable_dlopen" != xyes; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else lt_cv_dlopen=no lt_cv_dlopen_libs= case $host_os in beos*) lt_cv_dlopen="load_add_on" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) lt_cv_dlopen="LoadLibrary" lt_cv_dlopen_libs= ;; cygwin*) lt_cv_dlopen="dlopen" lt_cv_dlopen_libs= ;; darwin*) # if libdl is installed we need to link against it { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else lt_cv_dlopen="dyld" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes fi ;; *) ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" if test "x$ac_cv_func_shl_load" = xyes; then : lt_cv_dlopen="shl_load" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 $as_echo_n "checking for shl_load in -ldld... " >&6; } if ${ac_cv_lib_dld_shl_load+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char shl_load (); int main () { return shl_load (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_shl_load=yes else ac_cv_lib_dld_shl_load=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 $as_echo "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes; then : lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" else ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" if test "x$ac_cv_func_dlopen" = xyes; then : lt_cv_dlopen="dlopen" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 $as_echo_n "checking for dlopen in -lsvld... " >&6; } if ${ac_cv_lib_svld_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_svld_dlopen=yes else ac_cv_lib_svld_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 $as_echo "$ac_cv_lib_svld_dlopen" >&6; } if test "x$ac_cv_lib_svld_dlopen" = xyes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 $as_echo_n "checking for dld_link in -ldld... " >&6; } if ${ac_cv_lib_dld_dld_link+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dld_link (); int main () { return dld_link (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_dld_link=yes else ac_cv_lib_dld_dld_link=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 $as_echo "$ac_cv_lib_dld_dld_link" >&6; } if test "x$ac_cv_lib_dld_dld_link" = xyes; then : lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" fi fi fi fi fi fi ;; esac if test "x$lt_cv_dlopen" != xno; then enable_dlopen=yes else enable_dlopen=no fi case $lt_cv_dlopen in dlopen) save_CPPFLAGS="$CPPFLAGS" test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" save_LDFLAGS="$LDFLAGS" wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" save_LIBS="$LIBS" LIBS="$lt_cv_dlopen_libs $LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 $as_echo_n "checking whether a program can dlopen itself... " >&6; } if ${lt_cv_dlopen_self+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : lt_cv_dlopen_self=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF #line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif /* When -fvisbility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else { if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; else puts (dlerror ()); } /* dlclose (self); */ } else puts (dlerror ()); return status; } _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; esac else : # compilation failed lt_cv_dlopen_self=no fi fi rm -fr conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 $as_echo "$lt_cv_dlopen_self" >&6; } if test "x$lt_cv_dlopen_self" = xyes; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 $as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } if ${lt_cv_dlopen_self_static+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : lt_cv_dlopen_self_static=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF #line $LINENO "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif /* When -fvisbility=hidden is used, assume the code has been annotated correspondingly for the symbols needed. */ #if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) int fnord () __attribute__((visibility("default"))); #endif int fnord () { return 42; } int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else { if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; else puts (dlerror ()); } /* dlclose (self); */ } else puts (dlerror ()); return status; } _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; esac else : # compilation failed lt_cv_dlopen_self_static=no fi fi rm -fr conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 $as_echo "$lt_cv_dlopen_self_static" >&6; } fi CPPFLAGS="$save_CPPFLAGS" LDFLAGS="$save_LDFLAGS" LIBS="$save_LIBS" ;; esac case $lt_cv_dlopen_self in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case $lt_cv_dlopen_self_static in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi striplib= old_striplib= { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 $as_echo_n "checking whether stripping libraries is possible... " >&6; } if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) if test -n "$STRIP" ; then striplib="$STRIP -x" old_striplib="$STRIP -S" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; esac fi # Report which library types will actually be built { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 $as_echo_n "checking if libtool supports shared libraries... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 $as_echo "$can_build_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 $as_echo_n "checking whether to build shared libraries... " >&6; } test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[4-9]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 $as_echo "$enable_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 $as_echo_n "checking whether to build static libraries... " >&6; } # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 $as_echo "$enable_static" >&6; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CC="$lt_save_CC" ac_config_commands="$ac_config_commands libtool" # Only expand once: LT_DLLOADERS= ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu LIBADD_DLOPEN= { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 $as_echo_n "checking for library containing dlopen... " >&6; } if ${ac_cv_search_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF for ac_lib in '' dl; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_dlopen=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_dlopen+:} false; then : break fi done if ${ac_cv_search_dlopen+:} false; then : else ac_cv_search_dlopen=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 $as_echo "$ac_cv_search_dlopen" >&6; } ac_res=$ac_cv_search_dlopen if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" $as_echo "#define HAVE_LIBDL 1" >>confdefs.h if test "$ac_cv_search_dlopen" != "none required" ; then LIBADD_DLOPEN="-ldl" fi libltdl_cv_lib_dl_dlopen="yes" LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #if HAVE_DLFCN_H # include #endif int main () { dlopen(0, 0); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define HAVE_LIBDL 1" >>confdefs.h libltdl_cv_func_dlopen="yes" LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 $as_echo_n "checking for dlopen in -lsvld... " >&6; } if ${ac_cv_lib_svld_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_svld_dlopen=yes else ac_cv_lib_svld_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 $as_echo "$ac_cv_lib_svld_dlopen" >&6; } if test "x$ac_cv_lib_svld_dlopen" = xyes; then : $as_echo "#define HAVE_LIBDL 1" >>confdefs.h LIBADD_DLOPEN="-lsvld" libltdl_cv_func_dlopen="yes" LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la" fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi if test x"$libltdl_cv_func_dlopen" = xyes || test x"$libltdl_cv_lib_dl_dlopen" = xyes then lt_save_LIBS="$LIBS" LIBS="$LIBS $LIBADD_DLOPEN" for ac_func in dlerror do : ac_fn_c_check_func "$LINENO" "dlerror" "ac_cv_func_dlerror" if test "x$ac_cv_func_dlerror" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_DLERROR 1 _ACEOF fi done LIBS="$lt_save_LIBS" fi LIBADD_SHL_LOAD= ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" if test "x$ac_cv_func_shl_load" = xyes; then : $as_echo "#define HAVE_SHL_LOAD 1" >>confdefs.h LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}shl_load.la" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 $as_echo_n "checking for shl_load in -ldld... " >&6; } if ${ac_cv_lib_dld_shl_load+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char shl_load (); int main () { return shl_load (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_shl_load=yes else ac_cv_lib_dld_shl_load=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 $as_echo "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes; then : $as_echo "#define HAVE_SHL_LOAD 1" >>confdefs.h LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}shl_load.la" LIBADD_SHL_LOAD="-ldld" fi fi case $host_os in darwin[1567].*) # We only want this for pre-Mac OS X 10.4. ac_fn_c_check_func "$LINENO" "_dyld_func_lookup" "ac_cv_func__dyld_func_lookup" if test "x$ac_cv_func__dyld_func_lookup" = xyes; then : $as_echo "#define HAVE_DYLD 1" >>confdefs.h LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dyld.la" fi ;; beos*) LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}load_add_on.la" ;; cygwin* | mingw* | os2* | pw32*) ac_fn_c_check_decl "$LINENO" "cygwin_conv_path" "ac_cv_have_decl_cygwin_conv_path" "#include " if test "x$ac_cv_have_decl_cygwin_conv_path" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_CYGWIN_CONV_PATH $ac_have_decl _ACEOF LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}loadlibrary.la" ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 $as_echo_n "checking for dld_link in -ldld... " >&6; } if ${ac_cv_lib_dld_dld_link+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dld_link (); int main () { return dld_link (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_dld_link=yes else ac_cv_lib_dld_dld_link=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 $as_echo "$ac_cv_lib_dld_dld_link" >&6; } if test "x$ac_cv_lib_dld_dld_link" = xyes; then : $as_echo "#define HAVE_DLD 1" >>confdefs.h LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dld_link.la" fi LT_DLPREOPEN= if test -n "$LT_DLLOADERS" then for lt_loader in $LT_DLLOADERS; do LT_DLPREOPEN="$LT_DLPREOPEN-dlpreopen $lt_loader " done $as_echo "#define HAVE_LIBDLLOADER 1" >>confdefs.h fi LIBADD_DL="$LIBADD_DLOPEN $LIBADD_SHL_LOAD" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu MKINSTALLDIRS= if test -n "$ac_aux_dir"; then case "$ac_aux_dir" in /*) MKINSTALLDIRS="$ac_aux_dir/mkinstalldirs" ;; *) MKINSTALLDIRS="\$(top_builddir)/$ac_aux_dir/mkinstalldirs" ;; esac fi if test -z "$MKINSTALLDIRS"; then MKINSTALLDIRS="\$(top_srcdir)/mkinstalldirs" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5 $as_echo_n "checking whether NLS is requested... " >&6; } # Check whether --enable-nls was given. if test "${enable_nls+set}" = set; then : enableval=$enable_nls; USE_NLS=$enableval else USE_NLS=yes fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 $as_echo "$USE_NLS" >&6; } # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "msgfmt", so it can be a program name with args. set dummy msgfmt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MSGFMT+:} false; then : $as_echo_n "(cached) " >&6 else case "$MSGFMT" in [\\/]* | ?:[\\/]*) ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then if $ac_dir/$ac_word --statistics /dev/null >/dev/null 2>&1 && (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then ac_cv_path_MSGFMT="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" test -z "$ac_cv_path_MSGFMT" && ac_cv_path_MSGFMT=":" ;; esac fi MSGFMT="$ac_cv_path_MSGFMT" if test "$MSGFMT" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 $as_echo "$MSGFMT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "gmsgfmt", so it can be a program name with args. set dummy gmsgfmt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_GMSGFMT+:} false; then : $as_echo_n "(cached) " >&6 else case $GMSGFMT in [\\/]* | ?:[\\/]*) ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT" ;; esac fi GMSGFMT=$ac_cv_path_GMSGFMT if test -n "$GMSGFMT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5 $as_echo "$GMSGFMT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "xgettext", so it can be a program name with args. set dummy xgettext; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_XGETTEXT+:} false; then : $as_echo_n "(cached) " >&6 else case "$XGETTEXT" in [\\/]* | ?:[\\/]*) ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >/dev/null 2>&1 && (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then ac_cv_path_XGETTEXT="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT=":" ;; esac fi XGETTEXT="$ac_cv_path_XGETTEXT" if test "$XGETTEXT" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 $as_echo "$XGETTEXT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f messages.po # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "msgmerge", so it can be a program name with args. set dummy msgmerge; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MSGMERGE+:} false; then : $as_echo_n "(cached) " >&6 else case "$MSGMERGE" in [\\/]* | ?:[\\/]*) ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then if $ac_dir/$ac_word --update -q /dev/null /dev/null >/dev/null 2>&1; then ac_cv_path_MSGMERGE="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" test -z "$ac_cv_path_MSGMERGE" && ac_cv_path_MSGMERGE=":" ;; esac fi MSGMERGE="$ac_cv_path_MSGMERGE" if test "$MSGMERGE" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5 $as_echo "$MSGMERGE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "$GMSGFMT" != ":"; then if $GMSGFMT --statistics /dev/null >/dev/null 2>&1 && (if $GMSGFMT --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then : ; else GMSGFMT=`echo "$GMSGFMT" | sed -e 's,^.*/,,'` { $as_echo "$as_me:${as_lineno-$LINENO}: result: found $GMSGFMT program is not GNU msgfmt; ignore it" >&5 $as_echo "found $GMSGFMT program is not GNU msgfmt; ignore it" >&6; } GMSGFMT=":" fi fi if test "$XGETTEXT" != ":"; then if $XGETTEXT --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >/dev/null 2>&1 && (if $XGETTEXT --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then : ; else { $as_echo "$as_me:${as_lineno-$LINENO}: result: found xgettext program is not GNU xgettext; ignore it" >&5 $as_echo "found xgettext program is not GNU xgettext; ignore it" >&6; } XGETTEXT=":" fi rm -f messages.po fi ac_config_commands="$ac_config_commands default-1" if test "X$prefix" = "XNONE"; then acl_final_prefix="$ac_default_prefix" else acl_final_prefix="$prefix" fi if test "X$exec_prefix" = "XNONE"; then acl_final_exec_prefix='${prefix}' else acl_final_exec_prefix="$exec_prefix" fi acl_save_prefix="$prefix" prefix="$acl_final_prefix" eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" prefix="$acl_save_prefix" # Check whether --with-gnu-ld was given. if test "${with_gnu_ld+set}" = set; then : withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes else with_gnu_ld=no fi # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by GCC" >&5 $as_echo_n "checking for ld used by GCC... " >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [\\/]* | [A-Za-z]:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the path of ld ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 $as_echo_n "checking for GNU ld... " >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 $as_echo_n "checking for non-GNU ld... " >&6; } fi if ${acl_cv_path_LD+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$LD"; then IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then acl_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some GNU ld's only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in *GNU* | *'with BFD'*) test "$with_gnu_ld" != no && break ;; *) test "$with_gnu_ld" != yes && break ;; esac fi done IFS="$ac_save_ifs" else acl_cv_path_LD="$LD" # Let the user override the test with a path. fi fi LD="$acl_cv_path_LD" if test -n "$LD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 $as_echo "$LD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if ${acl_cv_prog_gnu_ld+:} false; then : $as_echo_n "(cached) " >&6 else # I'd rather use --version here, but apparently some GNU ld's only accept -v. case `$LD -v 2>&1 &5 $as_echo "$acl_cv_prog_gnu_ld" >&6; } with_gnu_ld=$acl_cv_prog_gnu_ld { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shared library run path origin" >&5 $as_echo_n "checking for shared library run path origin... " >&6; } if ${acl_cv_rpath+:} false; then : $as_echo_n "(cached) " >&6 else CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \ ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh . ./conftest.sh rm -f ./conftest.sh acl_cv_rpath=done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_rpath" >&5 $as_echo "$acl_cv_rpath" >&6; } wl="$acl_cv_wl" libext="$acl_cv_libext" shlibext="$acl_cv_shlibext" hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" hardcode_direct="$acl_cv_hardcode_direct" hardcode_minus_L="$acl_cv_hardcode_minus_L" # Check whether --enable-rpath was given. if test "${enable_rpath+set}" = set; then : enableval=$enable_rpath; : else enable_rpath=yes fi use_additional=yes acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" # Check whether --with-libiconv-prefix was given. if test "${with_libiconv_prefix+set}" = set; then : withval=$with_libiconv_prefix; if test "X$withval" = "Xno"; then use_additional=no else if test "X$withval" = "X"; then acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" else additional_includedir="$withval/include" additional_libdir="$withval/lib" fi fi fi LIBICONV= LTLIBICONV= INCICONV= rpathdirs= ltrpathdirs= names_already_handled= names_next_round='iconv ' while test -n "$names_next_round"; do names_this_round="$names_next_round" names_next_round= for name in $names_this_round; do already_handled= for n in $names_already_handled; do if test "$n" = "$name"; then already_handled=yes break fi done if test -z "$already_handled"; then names_already_handled="$names_already_handled $name" uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` eval value=\"\$HAVE_LIB$uppername\" if test -n "$value"; then if test "$value" = yes; then eval value=\"\$LIB$uppername\" test -z "$value" || LIBICONV="${LIBICONV}${LIBICONV:+ }$value" eval value=\"\$LTLIB$uppername\" test -z "$value" || LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$value" else : fi else found_dir= found_la= found_so= found_a= if test $use_additional = yes; then if test -n "$shlibext" && test -f "$additional_libdir/lib$name.$shlibext"; then found_dir="$additional_libdir" found_so="$additional_libdir/lib$name.$shlibext" if test -f "$additional_libdir/lib$name.la"; then found_la="$additional_libdir/lib$name.la" fi else if test -f "$additional_libdir/lib$name.$libext"; then found_dir="$additional_libdir" found_a="$additional_libdir/lib$name.$libext" if test -f "$additional_libdir/lib$name.la"; then found_la="$additional_libdir/lib$name.la" fi fi fi fi if test "X$found_dir" = "X"; then for x in $LDFLAGS $LTLIBICONV; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" case "$x" in -L*) dir=`echo "X$x" | sed -e 's/^X-L//'` if test -n "$shlibext" && test -f "$dir/lib$name.$shlibext"; then found_dir="$dir" found_so="$dir/lib$name.$shlibext" if test -f "$dir/lib$name.la"; then found_la="$dir/lib$name.la" fi else if test -f "$dir/lib$name.$libext"; then found_dir="$dir" found_a="$dir/lib$name.$libext" if test -f "$dir/lib$name.la"; then found_la="$dir/lib$name.la" fi fi fi ;; esac if test "X$found_dir" != "X"; then break fi done fi if test "X$found_dir" != "X"; then LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$found_dir -l$name" if test "X$found_so" != "X"; then if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/lib"; then LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" else haveit= for x in $ltrpathdirs; do if test "X$x" = "X$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $found_dir" fi if test "$hardcode_direct" = yes; then LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" else if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" haveit= for x in $rpathdirs; do if test "X$x" = "X$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then rpathdirs="$rpathdirs $found_dir" fi else haveit= for x in $LDFLAGS $LIBICONV; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-L$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir" fi if test "$hardcode_minus_L" != no; then LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" else LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name" fi fi fi fi else if test "X$found_a" != "X"; then LIBICONV="${LIBICONV}${LIBICONV:+ }$found_a" else LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir -l$name" fi fi additional_includedir= case "$found_dir" in */lib | */lib/) basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e 's,/lib/*$,,'` additional_includedir="$basedir/include" ;; esac if test "X$additional_includedir" != "X"; then if test "X$additional_includedir" != "X/usr/include"; then haveit= if test "X$additional_includedir" = "X/usr/local/include"; then if test -n "$GCC"; then case $host_os in linux*) haveit=yes;; esac fi fi if test -z "$haveit"; then for x in $CPPFLAGS $INCICONV; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-I$additional_includedir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_includedir"; then INCICONV="${INCICONV}${INCICONV:+ }-I$additional_includedir" fi fi fi fi fi if test -n "$found_la"; then save_libdir="$libdir" case "$found_la" in */* | *\\*) . "$found_la" ;; *) . "./$found_la" ;; esac libdir="$save_libdir" for dep in $dependency_libs; do case "$dep" in -L*) additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` if test "X$additional_libdir" != "X/usr/lib"; then haveit= if test "X$additional_libdir" = "X/usr/local/lib"; then if test -n "$GCC"; then case $host_os in linux*) haveit=yes;; esac fi fi if test -z "$haveit"; then haveit= for x in $LDFLAGS $LIBICONV; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then LIBICONV="${LIBICONV}${LIBICONV:+ }-L$additional_libdir" fi fi haveit= for x in $LDFLAGS $LTLIBICONV; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$additional_libdir" fi fi fi fi ;; -R*) dir=`echo "X$dep" | sed -e 's/^X-R//'` if test "$enable_rpath" != no; then haveit= for x in $rpathdirs; do if test "X$x" = "X$dir"; then haveit=yes break fi done if test -z "$haveit"; then rpathdirs="$rpathdirs $dir" fi haveit= for x in $ltrpathdirs; do if test "X$x" = "X$dir"; then haveit=yes break fi done if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $dir" fi fi ;; -l*) names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` ;; *.la) names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` ;; *) LIBICONV="${LIBICONV}${LIBICONV:+ }$dep" LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$dep" ;; esac done fi else LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name" LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-l$name" fi fi fi done done if test "X$rpathdirs" != "X"; then if test -n "$hardcode_libdir_separator"; then alldirs= for found_dir in $rpathdirs; do alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$found_dir" done acl_save_libdir="$libdir" libdir="$alldirs" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIBICONV="${LIBICONV}${LIBICONV:+ }$flag" else for found_dir in $rpathdirs; do acl_save_libdir="$libdir" libdir="$found_dir" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIBICONV="${LIBICONV}${LIBICONV:+ }$flag" done fi fi if test "X$ltrpathdirs" != "X"; then for found_dir in $ltrpathdirs; do LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-R$found_dir" done fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5 $as_echo_n "checking whether NLS is requested... " >&6; } # Check whether --enable-nls was given. if test "${enable_nls+set}" = set; then : enableval=$enable_nls; USE_NLS=$enableval else USE_NLS=yes fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 $as_echo "$USE_NLS" >&6; } LIBINTL= LTLIBINTL= POSUB= if test "$USE_NLS" = "yes"; then gt_use_preinstalled_gnugettext=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libc" >&5 $as_echo_n "checking for GNU gettext in libc... " >&6; } if ${gt_cv_func_gnugettext1_libc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include extern int _nl_msg_cat_cntr; extern int *_nl_domain_bindings; int main () { bindtextdomain ("", ""); return (int) gettext ("") + _nl_msg_cat_cntr + *_nl_domain_bindings ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : gt_cv_func_gnugettext1_libc=yes else gt_cv_func_gnugettext1_libc=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_gnugettext1_libc" >&5 $as_echo "$gt_cv_func_gnugettext1_libc" >&6; } if test "$gt_cv_func_gnugettext1_libc" != "yes"; then am_save_CPPFLAGS="$CPPFLAGS" for element in $INCICONV; do haveit= for x in $CPPFLAGS; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X$element"; then haveit=yes break fi done if test -z "$haveit"; then CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv" >&5 $as_echo_n "checking for iconv... " >&6; } if ${am_cv_func_iconv+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_func_iconv="no, consider installing GNU libiconv" am_cv_lib_iconv=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { iconv_t cd = iconv_open("",""); iconv(cd,NULL,NULL,NULL,NULL); iconv_close(cd); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : am_cv_func_iconv=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test "$am_cv_func_iconv" != yes; then am_save_LIBS="$LIBS" LIBS="$LIBS $LIBICONV" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { iconv_t cd = iconv_open("",""); iconv(cd,NULL,NULL,NULL,NULL); iconv_close(cd); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : am_cv_lib_iconv=yes am_cv_func_iconv=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$am_save_LIBS" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv" >&5 $as_echo "$am_cv_func_iconv" >&6; } if test "$am_cv_func_iconv" = yes; then $as_echo "#define HAVE_ICONV 1" >>confdefs.h fi if test "$am_cv_lib_iconv" = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libiconv" >&5 $as_echo_n "checking how to link with libiconv... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBICONV" >&5 $as_echo "$LIBICONV" >&6; } else CPPFLAGS="$am_save_CPPFLAGS" LIBICONV= LTLIBICONV= fi use_additional=yes acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" # Check whether --with-libintl-prefix was given. if test "${with_libintl_prefix+set}" = set; then : withval=$with_libintl_prefix; if test "X$withval" = "Xno"; then use_additional=no else if test "X$withval" = "X"; then acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" else additional_includedir="$withval/include" additional_libdir="$withval/lib" fi fi fi LIBINTL= LTLIBINTL= INCINTL= rpathdirs= ltrpathdirs= names_already_handled= names_next_round='intl ' while test -n "$names_next_round"; do names_this_round="$names_next_round" names_next_round= for name in $names_this_round; do already_handled= for n in $names_already_handled; do if test "$n" = "$name"; then already_handled=yes break fi done if test -z "$already_handled"; then names_already_handled="$names_already_handled $name" uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` eval value=\"\$HAVE_LIB$uppername\" if test -n "$value"; then if test "$value" = yes; then eval value=\"\$LIB$uppername\" test -z "$value" || LIBINTL="${LIBINTL}${LIBINTL:+ }$value" eval value=\"\$LTLIB$uppername\" test -z "$value" || LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$value" else : fi else found_dir= found_la= found_so= found_a= if test $use_additional = yes; then if test -n "$shlibext" && test -f "$additional_libdir/lib$name.$shlibext"; then found_dir="$additional_libdir" found_so="$additional_libdir/lib$name.$shlibext" if test -f "$additional_libdir/lib$name.la"; then found_la="$additional_libdir/lib$name.la" fi else if test -f "$additional_libdir/lib$name.$libext"; then found_dir="$additional_libdir" found_a="$additional_libdir/lib$name.$libext" if test -f "$additional_libdir/lib$name.la"; then found_la="$additional_libdir/lib$name.la" fi fi fi fi if test "X$found_dir" = "X"; then for x in $LDFLAGS $LTLIBINTL; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" case "$x" in -L*) dir=`echo "X$x" | sed -e 's/^X-L//'` if test -n "$shlibext" && test -f "$dir/lib$name.$shlibext"; then found_dir="$dir" found_so="$dir/lib$name.$shlibext" if test -f "$dir/lib$name.la"; then found_la="$dir/lib$name.la" fi else if test -f "$dir/lib$name.$libext"; then found_dir="$dir" found_a="$dir/lib$name.$libext" if test -f "$dir/lib$name.la"; then found_la="$dir/lib$name.la" fi fi fi ;; esac if test "X$found_dir" != "X"; then break fi done fi if test "X$found_dir" != "X"; then LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$found_dir -l$name" if test "X$found_so" != "X"; then if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/lib"; then LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" else haveit= for x in $ltrpathdirs; do if test "X$x" = "X$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $found_dir" fi if test "$hardcode_direct" = yes; then LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" else if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" haveit= for x in $rpathdirs; do if test "X$x" = "X$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then rpathdirs="$rpathdirs $found_dir" fi else haveit= for x in $LDFLAGS $LIBINTL; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-L$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir" fi if test "$hardcode_minus_L" != no; then LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" else LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name" fi fi fi fi else if test "X$found_a" != "X"; then LIBINTL="${LIBINTL}${LIBINTL:+ }$found_a" else LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir -l$name" fi fi additional_includedir= case "$found_dir" in */lib | */lib/) basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e 's,/lib/*$,,'` additional_includedir="$basedir/include" ;; esac if test "X$additional_includedir" != "X"; then if test "X$additional_includedir" != "X/usr/include"; then haveit= if test "X$additional_includedir" = "X/usr/local/include"; then if test -n "$GCC"; then case $host_os in linux*) haveit=yes;; esac fi fi if test -z "$haveit"; then for x in $CPPFLAGS $INCINTL; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-I$additional_includedir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_includedir"; then INCINTL="${INCINTL}${INCINTL:+ }-I$additional_includedir" fi fi fi fi fi if test -n "$found_la"; then save_libdir="$libdir" case "$found_la" in */* | *\\*) . "$found_la" ;; *) . "./$found_la" ;; esac libdir="$save_libdir" for dep in $dependency_libs; do case "$dep" in -L*) additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` if test "X$additional_libdir" != "X/usr/lib"; then haveit= if test "X$additional_libdir" = "X/usr/local/lib"; then if test -n "$GCC"; then case $host_os in linux*) haveit=yes;; esac fi fi if test -z "$haveit"; then haveit= for x in $LDFLAGS $LIBINTL; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then LIBINTL="${LIBINTL}${LIBINTL:+ }-L$additional_libdir" fi fi haveit= for x in $LDFLAGS $LTLIBINTL; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$additional_libdir" fi fi fi fi ;; -R*) dir=`echo "X$dep" | sed -e 's/^X-R//'` if test "$enable_rpath" != no; then haveit= for x in $rpathdirs; do if test "X$x" = "X$dir"; then haveit=yes break fi done if test -z "$haveit"; then rpathdirs="$rpathdirs $dir" fi haveit= for x in $ltrpathdirs; do if test "X$x" = "X$dir"; then haveit=yes break fi done if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $dir" fi fi ;; -l*) names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` ;; *.la) names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` ;; *) LIBINTL="${LIBINTL}${LIBINTL:+ }$dep" LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$dep" ;; esac done fi else LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name" LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-l$name" fi fi fi done done if test "X$rpathdirs" != "X"; then if test -n "$hardcode_libdir_separator"; then alldirs= for found_dir in $rpathdirs; do alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$found_dir" done acl_save_libdir="$libdir" libdir="$alldirs" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIBINTL="${LIBINTL}${LIBINTL:+ }$flag" else for found_dir in $rpathdirs; do acl_save_libdir="$libdir" libdir="$found_dir" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIBINTL="${LIBINTL}${LIBINTL:+ }$flag" done fi fi if test "X$ltrpathdirs" != "X"; then for found_dir in $ltrpathdirs; do LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-R$found_dir" done fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libintl" >&5 $as_echo_n "checking for GNU gettext in libintl... " >&6; } if ${gt_cv_func_gnugettext1_libintl+:} false; then : $as_echo_n "(cached) " >&6 else gt_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $INCINTL" gt_save_LIBS="$LIBS" LIBS="$LIBS $LIBINTL" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include extern int _nl_msg_cat_cntr; extern #ifdef __cplusplus "C" #endif const char *_nl_expand_alias (); int main () { bindtextdomain ("", ""); return (int) gettext ("") + _nl_msg_cat_cntr + *_nl_expand_alias (0) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : gt_cv_func_gnugettext1_libintl=yes else gt_cv_func_gnugettext1_libintl=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test "$gt_cv_func_gnugettext1_libintl" != yes && test -n "$LIBICONV"; then LIBS="$LIBS $LIBICONV" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include extern int _nl_msg_cat_cntr; extern #ifdef __cplusplus "C" #endif const char *_nl_expand_alias (); int main () { bindtextdomain ("", ""); return (int) gettext ("") + _nl_msg_cat_cntr + *_nl_expand_alias (0) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : LIBINTL="$LIBINTL $LIBICONV" LTLIBINTL="$LTLIBINTL $LTLIBICONV" gt_cv_func_gnugettext1_libintl=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi CPPFLAGS="$gt_save_CPPFLAGS" LIBS="$gt_save_LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_gnugettext1_libintl" >&5 $as_echo "$gt_cv_func_gnugettext1_libintl" >&6; } fi if test "$gt_cv_func_gnugettext1_libc" = "yes" \ || { test "$gt_cv_func_gnugettext1_libintl" = "yes" \ && test "$PACKAGE" != gettext-runtime \ && test "$PACKAGE" != gettext-tools; }; then gt_use_preinstalled_gnugettext=yes else LIBINTL= LTLIBINTL= INCINTL= fi if test "$gt_use_preinstalled_gnugettext" = "yes" \ || test "$nls_cv_use_gnu_gettext" = "yes"; then $as_echo "#define ENABLE_NLS 1" >>confdefs.h else USE_NLS=no fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use NLS" >&5 $as_echo_n "checking whether to use NLS... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 $as_echo "$USE_NLS" >&6; } if test "$USE_NLS" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking where the gettext function comes from" >&5 $as_echo_n "checking where the gettext function comes from... " >&6; } if test "$gt_use_preinstalled_gnugettext" = "yes"; then if test "$gt_cv_func_gnugettext1_libintl" = "yes"; then gt_source="external libintl" else gt_source="libc" fi else gt_source="included intl directory" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_source" >&5 $as_echo "$gt_source" >&6; } fi if test "$USE_NLS" = "yes"; then if test "$gt_use_preinstalled_gnugettext" = "yes"; then if test "$gt_cv_func_gnugettext1_libintl" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libintl" >&5 $as_echo_n "checking how to link with libintl... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBINTL" >&5 $as_echo "$LIBINTL" >&6; } for element in $INCINTL; do haveit= for x in $CPPFLAGS; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X$element"; then haveit=yes break fi done if test -z "$haveit"; then CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" fi done fi $as_echo "#define HAVE_GETTEXT 1" >>confdefs.h $as_echo "#define HAVE_DCGETTEXT 1" >>confdefs.h fi POSUB=po fi INTLLIBS="$LIBINTL" $as_echo "#define PRERELEASE_VERSION \"\"" >>confdefs.h if git log -1 >/dev/null 2>&1; then GIT_CHECKOUT_TRUE= GIT_CHECKOUT_FALSE='#' else GIT_CHECKOUT_TRUE='#' GIT_CHECKOUT_FALSE= fi # Check whether --enable-silent-rules was given. if test "${enable_silent_rules+set}" = set; then : enableval=$enable_silent_rules; fi case $enable_silent_rules in # ((( yes) AM_DEFAULT_VERBOSITY=0;; no) AM_DEFAULT_VERBOSITY=1;; *) AM_DEFAULT_VERBOSITY=1;; esac am_make=${MAKE-make} { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 $as_echo_n "checking whether $am_make supports nested variables... " >&6; } if ${am_cv_make_support_nested_variables+:} false; then : $as_echo_n "(cached) " >&6 else if $as_echo 'TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 am__doit: @$(TRUE) .PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then am_cv_make_support_nested_variables=yes else am_cv_make_support_nested_variables=no fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 $as_echo "$am_cv_make_support_nested_variables" >&6; } if test $am_cv_make_support_nested_variables = yes; then AM_V='$(V)' AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' else AM_V=$AM_DEFAULT_VERBOSITY AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY fi AM_BACKSLASH='\' if test "$ac_cv_c_compiler_gnu" = yes; then HAVE_GCC_TRUE= HAVE_GCC_FALSE='#' else HAVE_GCC_TRUE='#' HAVE_GCC_FALSE= fi for ac_header in stdint.h dlfcn.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done ac_config_headers="$ac_config_headers config.h" ac_fn_c_check_type "$LINENO" "errno_t" "ac_cv_type_errno_t" "#include " if test "x$ac_cv_type_errno_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_ERRNO_T 1 _ACEOF fi if test x$with_aux_info = xyes; then WANT_AUX_INFO_TRUE= WANT_AUX_INFO_FALSE='#' else WANT_AUX_INFO_TRUE='#' WANT_AUX_INFO_FALSE= fi # Check whether --with-shared-build-dir was given. if test "${with_shared_build_dir+set}" = set; then : withval=$with_shared_build_dir; fi sharedbuilddir="$srcdir/sharedbuild" if test x"$with_shared_build_dir" != x; then sharedbuilddir=$with_shared_build_dir CFLAGS="$CFLAGS -I$with_shared_build_dir/include" CPPFLAGS="$CPPFLAGS -I$with_shared_build_dir/include" LDFLAGS="$LDFLAGS -L$with_shared_build_dir/lib" fi cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : $as_echo "#define HAVE_PTHREAD 1" >>confdefs.h HAVE_PTHREAD=1 else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Pthread library not found! Clients will not be thread safe..." >&5 $as_echo "$as_me: WARNING: Pthread library not found! Clients will not be thread safe..." >&2;} fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test x"$HAVE_PTHREAD" != "x"; then HAVE_PTHREAD_TRUE= HAVE_PTHREAD_FALSE='#' else HAVE_PTHREAD_TRUE='#' HAVE_PTHREAD_FALSE= fi SAVE_LIBS=$LIBS LIBS="$LIBS -lpthread" for ac_func in pthread_mutexattr_setrobust \ pthread_mutex_consistent \ pthread_mutexattr_setrobust_np \ pthread_mutex_consistent_np do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done LIBS=$SAVE_LIBS # Check for presence of modern functions for setting file timestamps for ac_func in utimensat \ futimens do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done #Check for PAM headers for ac_header in security/pam_appl.h security/pam_misc.h security/pam_modules.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_get_item in -lpam" >&5 $as_echo_n "checking for pam_get_item in -lpam... " >&6; } if ${ac_cv_lib_pam_pam_get_item+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpam $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pam_get_item (); int main () { return pam_get_item (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_pam_pam_get_item=yes else ac_cv_lib_pam_pam_get_item=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_get_item" >&5 $as_echo "$ac_cv_lib_pam_pam_get_item" >&6; } if test "x$ac_cv_lib_pam_pam_get_item" = xyes; then : PAM_LIBS="-lpam" else as_fn_error $? "PAM must support pam_get_item" "$LINENO" 5 fi else as_fn_error $? "PAM development libraries not installed" "$LINENO" 5 fi done #Check for endian headers for ac_header in endian.h sys/endian.h byteswap.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done #Set the NSS library install path # Check whether --enable-nsslibdir was given. if test "${enable_nsslibdir+set}" = set; then : enableval=$enable_nsslibdir; nsslibdir=$enableval else nsslibdir=$libdir fi #Set the PAM module install path # Check whether --enable-pammoddir was given. if test "${enable_pammoddir+set}" = set; then : enableval=$enable_pammoddir; pammoddir=$enableval else pammoddir=$libdir/security fi #Include here cause WITH_INIT_DIR requires $osname set in platform.m4 # Check whether --with-os was given. if test "${with_os+set}" = set; then : withval=$with_os; fi osname="" if test x"$with_os" != x ; then if test x"$with_os" = xfedora || \ test x"$with_os" = xredhat || \ test x"$with_os" = xsuse || \ test x"$with_os" = xgentoo || \ test x"$with_os" = xdebian ; then osname=$with_os else as_fn_error $? "Illegal value -$with_os- for option --with-os" "$LINENO" 5 fi fi if test x"$osname" = x ; then if test -f /etc/fedora-release ; then osname="fedora" elif test -f /etc/redhat-release ; then osname="redhat" elif test -f /etc/SuSE-release ; then osname="suse" elif test -f /etc/debian_version ; then osname="debian" elif test -f /etc/gentoo-release ; then osname="gentoo" fi { $as_echo "$as_me:${as_lineno-$LINENO}: Detected operating system type: $osname" >&5 $as_echo "$as_me: Detected operating system type: $osname" >&6;} fi if test x"$osname" = xfedora; then HAVE_FEDORA_TRUE= HAVE_FEDORA_FALSE='#' else HAVE_FEDORA_TRUE='#' HAVE_FEDORA_FALSE= fi if test x"$osname" = xredhat; then HAVE_REDHAT_TRUE= HAVE_REDHAT_FALSE='#' else HAVE_REDHAT_TRUE='#' HAVE_REDHAT_FALSE= fi if test x"$osname" = xsuse; then HAVE_SUSE_TRUE= HAVE_SUSE_FALSE='#' else HAVE_SUSE_TRUE='#' HAVE_SUSE_FALSE= fi if test x"$osname" = xdebian; then HAVE_DEBIAN_TRUE= HAVE_DEBIAN_FALSE='#' else HAVE_DEBIAN_TRUE='#' HAVE_DEBIAN_FALSE= fi if test x"$osname" = xgentoo; then HAVE_GENTOO_TRUE= HAVE_GENTOO_FALSE='#' else HAVE_GENTOO_TRUE='#' HAVE_GENTOO_FALSE= fi ac_fn_c_check_member "$LINENO" "struct ucred" "pid" "ac_cv_member_struct_ucred_pid" "#include " if test "x$ac_cv_member_struct_ucred_pid" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UCRED_PID 1 _ACEOF fi ac_fn_c_check_member "$LINENO" "struct ucred" "uid" "ac_cv_member_struct_ucred_uid" "#include " if test "x$ac_cv_member_struct_ucred_uid" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UCRED_UID 1 _ACEOF fi ac_fn_c_check_member "$LINENO" "struct ucred" "gid" "ac_cv_member_struct_ucred_gid" "#include " if test "x$ac_cv_member_struct_ucred_gid" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_UCRED_GID 1 _ACEOF fi if test x"$ac_cv_member_struct_ucred_pid" = xyes -a \ x"$ac_cv_member_struct_ucred_uid" = xyes -a \ x"$ac_cv_member_struct_ucred_gid" = xyes ; then $as_echo "#define HAVE_UCRED 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: struct ucred is not available" >&5 $as_echo "$as_me: WARNING: struct ucred is not available" >&2;} fi if test x$with_manpages = xyes; then BUILD_MANPAGES_TRUE= BUILD_MANPAGES_FALSE='#' else BUILD_MANPAGES_TRUE='#' BUILD_MANPAGES_FALSE= fi # Check whether --enable-all-experimental-features was given. if test "${enable_all_experimental_features+set}" = set; then : enableval=$enable_all_experimental_features; build_all_experimental_features=$enableval else build_all_experimental_features=no fi # Check whether --with-distro-version was given. if test "${with_distro_version+set}" = set; then : withval=$with_distro_version; fi cat >>confdefs.h <<_ACEOF #define DISTRO_VERSION "$with_distro_version" _ACEOF # Check whether --with-db-path was given. if test "${with_db_path+set}" = set; then : withval=$with_db_path; fi config_dbpath="\"VARDIR\"/lib/sss/db" dbpath="${localstatedir}/lib/sss/db" if test x"$with_db_path" != x; then config_dbpath=$with_db_path dbpath=$with_db_path fi cat >>confdefs.h <<_ACEOF #define DB_PATH "$config_dbpath" _ACEOF # Check whether --with-plugin-path was given. if test "${with_plugin_path+set}" = set; then : withval=$with_plugin_path; fi pluginpath="${libdir}/sssd" config_pluginpath="\"LIBDIR\"/sssd" if test x"$with_plugin_path" != x; then pluginpath=$with_plugin_path config_pluginpath=$with_plugin_path fi cat >>confdefs.h <<_ACEOF #define DATA_PROVIDER_PLUGINS_PATH "$config_pluginpath" _ACEOF # Check whether --with-pid-path was given. if test "${with_pid_path+set}" = set; then : withval=$with_pid_path; fi config_pidpath="\"VARDIR\"/run" pidpath="${localstatedir}/run" if test x"$with_pid_path" != x; then config_pidpath=$with_pid_path pidpath=$with_pid_path fi cat >>confdefs.h <<_ACEOF #define PID_PATH "$config_pidpath" _ACEOF # Check whether --with-log-path was given. if test "${with_log_path+set}" = set; then : withval=$with_log_path; fi config_logpath="\"VARDIR\"/log/sssd" logpath="${localstatedir}/log/sssd" if test x"$with_log_path" != x; then config_logpath=$with_log_path logpath=$with_log_path fi cat >>confdefs.h <<_ACEOF #define LOG_PATH "$config_logpath" _ACEOF # Check whether --with-pubconf-path was given. if test "${with_pubconf_path+set}" = set; then : withval=$with_pubconf_path; fi config_pubconfpath="\"VARDIR\"/lib/sss/pubconf" pubconfpath="${localstatedir}/lib/sss/pubconf" if test x"$with_pubconf_path" != x; then config_pubconfpath=$with_pubconf_path pubconfpath=$with_pubconf_path fi cat >>confdefs.h <<_ACEOF #define PUBCONF_PATH "$config_pubconfpath" _ACEOF # Check whether --with-pipe-path was given. if test "${with_pipe_path+set}" = set; then : withval=$with_pipe_path; fi config_pipepath="\"VARDIR\"/lib/sss/pipes" pipepath="${localstatedir}/lib/sss/pipes" if test x"$with_pipe_path" != x; then config_pipepath=$with_pipe_path pipepath=$with_pipe_path fi cat >>confdefs.h <<_ACEOF #define PIPE_PATH "$config_pipepath" _ACEOF # Check whether --with-mcache-path was given. if test "${with_mcache_path+set}" = set; then : withval=$with_mcache_path; fi config_mcpath="\"VARDIR\"/lib/sss/mc" mcpath="${localstatedir}/lib/sss/mc" if test x"$with_mcache_path" != x; then config_mcpath=$with_mcache_path mcpath=$with_mcache_path fi cat >>confdefs.h <<_ACEOF #define MCACHE_PATH "$config_mcpath" _ACEOF # Check whether --with-default-ccache-dir was given. if test "${with_default_ccache_dir+set}" = set; then : withval=$with_default_ccache_dir; fi config_def_ccache_dir="/tmp" if test x"$with_default_ccache_dir" != x; then config_def_ccache_dir=$with_default_ccache_dir fi cat >>confdefs.h <<_ACEOF #define DEFAULT_CCACHE_DIR "$config_def_ccache_dir" _ACEOF # Check whether --with-default-ccname-template was given. if test "${with_default_ccname_template+set}" = set; then : withval=$with_default_ccname_template; fi config_def_ccname_template="FILE:%d/krb5cc_%U_XXXXXX" if test x"$with_default_ccname_template" != x; then config_def_ccname_template=$with_default_ccname_template fi cat >>confdefs.h <<_ACEOF #define DEFAULT_CCNAME_TEMPLATE "$config_def_ccname_template" _ACEOF # Check whether --with-environment_file was given. if test "${with_environment_file+set}" = set; then : withval=$with_environment_file; fi ENVIRONMENT_FILE_PATH="${sysconfdir}/sysconfig/sssd" if test x"$with_environment_file" != x; then ENVIRONMENT_FILE_PATH=$with_environment_file fi environment_file=$ENVIRONMENT_FILE_PATH # Check whether --with-init-dir was given. if test "${with_init_dir+set}" = set; then : withval=$with_init_dir; fi initdir="${sysconfdir}/rc.d/init.d" if test x$osname == xgentoo; then initdir="${sysconfdir}/init.d" fi if test x"$with_init_dir" != x; then initdir=$with_init_dir fi # Check whether --with-test-dir was given. if test "${with_test_dir+set}" = set; then : withval=$with_test_dir; TEST_DIR=$withval else TEST_DIR="." fi cat >>confdefs.h <<_ACEOF #define TEST_DIR "$TEST_DIR" _ACEOF # Check whether --with-manpages was given. if test "${with_manpages+set}" = set; then : withval=$with_manpages; else with_manpages=yes fi if test x"$with_manpages" = xyes; then HAVE_MANPAGES=1 fi # Check whether --with-xml-catalog-path was given. if test "${with_xml_catalog_path+set}" = set; then : withval=$with_xml_catalog_path; fi SGML_CATALOG_FILES="/etc/xml/catalog" if test x"$with_xml_catalog_path" != x; then SGML_CATALOG_FILES="$with_xml_catalog_path" fi # Check whether --with-krb5-plugin-path was given. if test "${with_krb5_plugin_path+set}" = set; then : withval=$with_krb5_plugin_path; fi krb5pluginpath="${libdir}/krb5/plugins/libkrb5" if test x"$with_krb5_plugin_path" != x; then krb5pluginpath=$with_krb5_plugin_path fi # Check whether --with-krb5-rcache-dir was given. if test "${with_krb5_rcache_dir+set}" = set; then : withval=$with_krb5_rcache_dir; fi krb5rcachedir="__LIBKRB5_DEFAULTS__" if test x"$with_krb5_rcache_dir" != x; then krb5rcachedir=$with_krb5_rcache_dir fi cat >>confdefs.h <<_ACEOF #define KRB5_RCACHE_DIR "$krb5rcachedir" _ACEOF # Check whether --with-krb5authdata-plugin-path was given. if test "${with_krb5authdata_plugin_path+set}" = set; then : withval=$with_krb5authdata_plugin_path; fi krb5authdatapluginpath="${libdir}/krb5/plugins/authdata" if test x"$with_krb5authdata_plugin_path" != x; then krb5authdatapluginpath=$with_krb5authdata_plugin_path fi # Check whether --with-krb5_conf was given. if test "${with_krb5_conf+set}" = set; then : withval=$with_krb5_conf; fi KRB5_CONF_PATH="${sysconfdir}/krb5.conf" if test x"$with_krb5_conf" != x; then KRB5_CONF_PATH=$with_krb5_conf fi cat >>confdefs.h <<_ACEOF #define KRB5_CONF_PATH "$KRB5_CONF_PATH" _ACEOF # Check whether --with-python-bindings was given. if test "${with_python_bindings+set}" = set; then : withval=$with_python_bindings; else with_python_bindings=yes fi if test x"$with_python_bindings" = xyes; then HAVE_PYTHON_BINDINGS=1 cat >>confdefs.h <<_ACEOF #define HAVE_PYTHON_BINDINGS 1 _ACEOF fi if test x"$with_python_bindings" = xyes; then BUILD_PYTHON_BINDINGS_TRUE= BUILD_PYTHON_BINDINGS_FALSE='#' else BUILD_PYTHON_BINDINGS_TRUE='#' BUILD_PYTHON_BINDINGS_FALSE= fi # Check whether --with-selinux was given. if test "${with_selinux+set}" = set; then : withval=$with_selinux; else with_selinux=yes fi if test x"$with_selinux" = xyes; then HAVE_SELINUX=1 cat >>confdefs.h <<_ACEOF #define HAVE_SELINUX 1 _ACEOF fi if test x"$with_selinux" = xyes; then BUILD_SELINUX_TRUE= BUILD_SELINUX_FALSE='#' else BUILD_SELINUX_TRUE='#' BUILD_SELINUX_FALSE= fi # Check whether --with-nscd was given. if test "${with_nscd+set}" = set; then : withval=$with_nscd; fi NSCD_PATH="/usr/sbin/nscd" if test x"$with_nscd" != x; then NSCD_PATH=$with_nscd fi cat >>confdefs.h <<_ACEOF #define HAVE_NSCD $NSCD_PATH _ACEOF # Check whether --with-semanage was given. if test "${with_semanage+set}" = set; then : withval=$with_semanage; else with_semanage=yes fi if test x"$with_semanage" = xyes; then HAVE_SEMANAGE=1 cat >>confdefs.h <<_ACEOF #define HAVE_SEMANAGE 1 _ACEOF fi if test x"$with_semanage" = xyes; then BUILD_SEMANAGE_TRUE= BUILD_SEMANAGE_FALSE='#' else BUILD_SEMANAGE_TRUE='#' BUILD_SEMANAGE_FALSE= fi # Check whether --with-nologin-shell was given. if test "${with_nologin_shell+set}" = set; then : withval=$with_nologin_shell; fi nologin_shell="/sbin/nologin" if test x"$with_nologin_shell" != x; then nologin_shell=$with_nologin_shell fi cat >>confdefs.h <<_ACEOF #define NOLOGIN_SHELL "$nologin_shell" _ACEOF # Check whether --with-app-libs was given. if test "${with_app_libs+set}" = set; then : withval=$with_app_libs; fi appmodpath="${libdir}/sssd/modules" config_appmodpath="\"LIBDIR\"/sssd/modules" if test x"$with_app_libs" != x; then appmodpath=$with_app_libs config_appmodpath=$with_app_libs fi cat >>confdefs.h <<_ACEOF #define APP_MODULES_PATH "$config_appmodpath" _ACEOF # Check whether --with-sudo was given. if test "${with_sudo+set}" = set; then : withval=$with_sudo; with_sudo=$withval else with_sudo=yes fi if test x"$with_sudo" = xyes; then $as_echo "#define BUILD_SUDO 1" >>confdefs.h fi if test x"$with_sudo" = xyes; then BUILD_SUDO_TRUE= BUILD_SUDO_FALSE='#' else BUILD_SUDO_TRUE='#' BUILD_SUDO_FALSE= fi # Check whether --with-sudo-lib-path was given. if test "${with_sudo_lib_path+set}" = set; then : withval=$with_sudo_lib_path; fi sudolibpath="${libdir}" if test x"$with_sudo_lib_path" != x; then sudolibpath=$with_sudo_lib_path fi # Check whether --with-autofs was given. if test "${with_autofs+set}" = set; then : withval=$with_autofs; with_autofs=$withval else with_autofs=yes fi if test x"$with_autofs" = xyes; then $as_echo "#define BUILD_AUTOFS 1" >>confdefs.h fi if test x"$with_autofs" = xyes; then BUILD_AUTOFS_TRUE= BUILD_AUTOFS_FALSE='#' else BUILD_AUTOFS_TRUE='#' BUILD_AUTOFS_FALSE= fi # Check whether --with-ssh was given. if test "${with_ssh+set}" = set; then : withval=$with_ssh; with_ssh=$withval else with_ssh=yes fi if test x"$with_ssh" = xyes; then $as_echo "#define BUILD_SSH 1" >>confdefs.h fi if test x"$with_ssh" = xyes; then BUILD_SSH_TRUE= BUILD_SSH_FALSE='#' else BUILD_SSH_TRUE='#' BUILD_SSH_FALSE= fi # Check whether --with-crypto was given. if test "${with_crypto+set}" = set; then : withval=$with_crypto; else with_crypto=nss fi cryptolib="" if test x"$with_crypto" != x; then if test x"$with_crypto" = xnss || \ test x"$with_crypto" = xlibcrypto; then cryptolib="$with_crypto"; else as_fn_error $? "Illegal value -$with_crypto- for option --with-crypto" "$LINENO" 5 fi fi if test x"$cryptolib" = xnss; then HAVE_NSS_TRUE= HAVE_NSS_FALSE='#' else HAVE_NSS_TRUE='#' HAVE_NSS_FALSE= fi if test x"$cryptolib" = xlibcrypto; then HAVE_LIBCRYPTO_TRUE= HAVE_LIBCRYPTO_FALSE='#' else HAVE_LIBCRYPTO_TRUE='#' HAVE_LIBCRYPTO_FALSE= fi # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- # # Copyright © 2004 Scott James Remnant . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # PKG_PROG_PKG_CONFIG([MIN-VERSION]) # ---------------------------------- # PKG_PROG_PKG_CONFIG # PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # # Check to see whether a particular set of modules exists. Similar # to PKG_CHECK_MODULES(), but does not set variables or print errors. # # # Similar to PKG_CHECK_MODULES, make sure that the first instance of # this or PKG_CHECK_MODULES is called, or make sure to call # PKG_CHECK_EXISTS manually # -------------------------------------------------------------- # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) # --------------------------------------------- # _PKG_CONFIG # _PKG_SHORT_ERRORS_SUPPORTED # ----------------------------- # _PKG_SHORT_ERRORS_SUPPORTED # PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], # [ACTION-IF-NOT-FOUND]) # # # Note that if there is a possibility the first call to # PKG_CHECK_MODULES might not happen, you should be sure to include an # explicit call to PKG_PROG_PKG_CONFIG in your configure.ac # # # -------------------------------------------------------------- # PKG_CHECK_MODULES POPT_OBJ="" if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PKG_CONFIG=$ac_cv_path_PKG_CONFIG if test -n "$PKG_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 $as_echo "$PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_path_PKG_CONFIG"; then ac_pt_PKG_CONFIG=$PKG_CONFIG # Extract the first word of "pkg-config", so it can be a program name with args. set dummy pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $ac_pt_PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG if test -n "$ac_pt_PKG_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 $as_echo "$ac_pt_PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_pt_PKG_CONFIG" = x; then PKG_CONFIG="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac PKG_CONFIG=$ac_pt_PKG_CONFIG fi else PKG_CONFIG="$ac_cv_path_PKG_CONFIG" fi fi if test -n "$PKG_CONFIG"; then _pkg_min_version=0.9.0 { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 $as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } PKG_CONFIG="" fi fi pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for POPT" >&5 $as_echo_n "checking for POPT... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$POPT_CFLAGS"; then pkg_cv_POPT_CFLAGS="$POPT_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"popt\""; } >&5 ($PKG_CONFIG --exists --print-errors "popt") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_POPT_CFLAGS=`$PKG_CONFIG --cflags "popt" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$POPT_LIBS"; then pkg_cv_POPT_LIBS="$POPT_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"popt\""; } >&5 ($PKG_CONFIG --exists --print-errors "popt") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_POPT_LIBS=`$PKG_CONFIG --libs "popt" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then POPT_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "popt"` else POPT_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "popt"` fi # Put the nasty error message in config.log where it belongs echo "$POPT_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } found_popt=no elif test $pkg_failed = untried; then found_popt=no else POPT_CFLAGS=$pkg_cv_POPT_CFLAGS POPT_LIBS=$pkg_cv_POPT_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } found_popt=yes fi acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" sss_extra_libdir="$additional_libdir" if test x"$found_popt" != xyes; then : for ac_header in popt.h do : ac_fn_c_check_header_mongrel "$LINENO" "popt.h" "ac_cv_header_popt_h" "$ac_includes_default" if test "x$ac_cv_header_popt_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_POPT_H 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for poptGetContext in -lpopt" >&5 $as_echo_n "checking for poptGetContext in -lpopt... " >&6; } if ${ac_cv_lib_popt_poptGetContext+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpopt -L$sss_extra_libdir $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char poptGetContext (); int main () { return poptGetContext (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_popt_poptGetContext=yes else ac_cv_lib_popt_poptGetContext=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_popt_poptGetContext" >&5 $as_echo "$ac_cv_lib_popt_poptGetContext" >&6; } if test "x$ac_cv_lib_popt_poptGetContext" = xyes; then : POPT_LIBS="-L$sss_extra_libdir -lpopt" else as_fn_error $? "POPT library must support poptGetContext" "$LINENO" 5 fi else as_fn_error $? "POPT header files are not installed" "$LINENO" 5 fi done fi pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for TALLOC" >&5 $as_echo_n "checking for TALLOC... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$TALLOC_CFLAGS"; then pkg_cv_TALLOC_CFLAGS="$TALLOC_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"talloc\""; } >&5 ($PKG_CONFIG --exists --print-errors "talloc") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_TALLOC_CFLAGS=`$PKG_CONFIG --cflags "talloc" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$TALLOC_LIBS"; then pkg_cv_TALLOC_LIBS="$TALLOC_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"talloc\""; } >&5 ($PKG_CONFIG --exists --print-errors "talloc") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_TALLOC_LIBS=`$PKG_CONFIG --libs "talloc" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then TALLOC_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "talloc"` else TALLOC_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "talloc"` fi # Put the nasty error message in config.log where it belongs echo "$TALLOC_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } found_talloc=no elif test $pkg_failed = untried; then found_talloc=no else TALLOC_CFLAGS=$pkg_cv_TALLOC_CFLAGS TALLOC_LIBS=$pkg_cv_TALLOC_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } found_talloc=yes fi acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" sss_extra_libdir="$additional_libdir" if test x"$found_talloc" != xyes; then : ac_fn_c_check_header_mongrel "$LINENO" "talloc.h" "ac_cv_header_talloc_h" "$ac_includes_default" if test "x$ac_cv_header_talloc_h" = xyes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for talloc_init in -ltalloc" >&5 $as_echo_n "checking for talloc_init in -ltalloc... " >&6; } if ${ac_cv_lib_talloc_talloc_init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ltalloc -L$sss_extra_libdir $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char talloc_init (); int main () { return talloc_init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_talloc_talloc_init=yes else ac_cv_lib_talloc_talloc_init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_talloc_talloc_init" >&5 $as_echo "$ac_cv_lib_talloc_talloc_init" >&6; } if test "x$ac_cv_lib_talloc_talloc_init" = xyes; then : TALLOC_LIBS="-L$sss_extra_libdir -ltalloc" else as_fn_error $? "libtalloc missing talloc_init" "$LINENO" 5 fi else as_fn_error $? "libtalloc header files are not installed" "$LINENO" 5 fi fi pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for TDB" >&5 $as_echo_n "checking for TDB... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$TDB_CFLAGS"; then pkg_cv_TDB_CFLAGS="$TDB_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tdb >= 1.1.3\""; } >&5 ($PKG_CONFIG --exists --print-errors "tdb >= 1.1.3") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_TDB_CFLAGS=`$PKG_CONFIG --cflags "tdb >= 1.1.3" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$TDB_LIBS"; then pkg_cv_TDB_LIBS="$TDB_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tdb >= 1.1.3\""; } >&5 ($PKG_CONFIG --exists --print-errors "tdb >= 1.1.3") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_TDB_LIBS=`$PKG_CONFIG --libs "tdb >= 1.1.3" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then TDB_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "tdb >= 1.1.3"` else TDB_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "tdb >= 1.1.3"` fi # Put the nasty error message in config.log where it belongs echo "$TDB_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } found_tdb=no elif test $pkg_failed = untried; then found_tdb=no else TDB_CFLAGS=$pkg_cv_TDB_CFLAGS TDB_LIBS=$pkg_cv_TDB_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } found_tdb=yes fi acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" sss_extra_libdir="$additional_libdir" if test x"$found_tdb" != xyes; then : for ac_header in tdb.h do : ac_fn_c_check_header_mongrel "$LINENO" "tdb.h" "ac_cv_header_tdb_h" "$ac_includes_default" if test "x$ac_cv_header_tdb_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_TDB_H 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for tdb_repack in -ltdb" >&5 $as_echo_n "checking for tdb_repack in -ltdb... " >&6; } if ${ac_cv_lib_tdb_tdb_repack+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ltdb -L$sss_extra_libdir $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char tdb_repack (); int main () { return tdb_repack (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_tdb_tdb_repack=yes else ac_cv_lib_tdb_tdb_repack=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tdb_tdb_repack" >&5 $as_echo "$ac_cv_lib_tdb_tdb_repack" >&6; } if test "x$ac_cv_lib_tdb_tdb_repack" = xyes; then : TDB_LIBS="-L$sss_extra_libdir -ltdb" else as_fn_error $? "library TDB must support tdb_repack" "$LINENO" 5 fi else as_fn_error $? "tdb header files are not installed" "$LINENO" 5 fi done fi pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for TEVENT" >&5 $as_echo_n "checking for TEVENT... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$TEVENT_CFLAGS"; then pkg_cv_TEVENT_CFLAGS="$TEVENT_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tevent\""; } >&5 ($PKG_CONFIG --exists --print-errors "tevent") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_TEVENT_CFLAGS=`$PKG_CONFIG --cflags "tevent" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$TEVENT_LIBS"; then pkg_cv_TEVENT_LIBS="$TEVENT_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tevent\""; } >&5 ($PKG_CONFIG --exists --print-errors "tevent") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_TEVENT_LIBS=`$PKG_CONFIG --libs "tevent" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then TEVENT_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "tevent"` else TEVENT_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "tevent"` fi # Put the nasty error message in config.log where it belongs echo "$TEVENT_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } found_tevent=no elif test $pkg_failed = untried; then found_tevent=no else TEVENT_CFLAGS=$pkg_cv_TEVENT_CFLAGS TEVENT_LIBS=$pkg_cv_TEVENT_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } found_tevent=yes fi acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" sss_extra_libdir="$additional_libdir" if test x"$found_tevent" != xyes; then : ac_fn_c_check_header_mongrel "$LINENO" "tevent.h" "ac_cv_header_tevent_h" "$ac_includes_default" if test "x$ac_cv_header_tevent_h" = xyes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for tevent_context_init in -ltevent" >&5 $as_echo_n "checking for tevent_context_init in -ltevent... " >&6; } if ${ac_cv_lib_tevent_tevent_context_init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ltevent -L$sss_extra_libdir -ltalloc $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char tevent_context_init (); int main () { return tevent_context_init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_tevent_tevent_context_init=yes else ac_cv_lib_tevent_tevent_context_init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tevent_tevent_context_init" >&5 $as_echo "$ac_cv_lib_tevent_tevent_context_init" >&6; } if test "x$ac_cv_lib_tevent_tevent_context_init" = xyes; then : TEVENT_LIBS="-L$sss_extra_libdir -ltevent -ltalloc" else as_fn_error $? "libtevent missing tevent_context_init" "$LINENO" 5 fi else as_fn_error $? "tevent header files are not installed" "$LINENO" 5 fi fi pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LDB" >&5 $as_echo_n "checking for LDB... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$LDB_CFLAGS"; then pkg_cv_LDB_CFLAGS="$LDB_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"ldb >= 0.9.2\""; } >&5 ($PKG_CONFIG --exists --print-errors "ldb >= 0.9.2") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_LDB_CFLAGS=`$PKG_CONFIG --cflags "ldb >= 0.9.2" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$LDB_LIBS"; then pkg_cv_LDB_LIBS="$LDB_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"ldb >= 0.9.2\""; } >&5 ($PKG_CONFIG --exists --print-errors "ldb >= 0.9.2") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_LDB_LIBS=`$PKG_CONFIG --libs "ldb >= 0.9.2" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then LDB_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "ldb >= 0.9.2"` else LDB_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "ldb >= 0.9.2"` fi # Put the nasty error message in config.log where it belongs echo "$LDB_PKG_ERRORS" >&5 as_fn_error $? "Package requirements (ldb >= 0.9.2) were not met: $LDB_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables LDB_CFLAGS and LDB_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. " "$LINENO" 5 elif test $pkg_failed = untried; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. Alternatively, you may set the environment variables LDB_CFLAGS and LDB_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . See \`config.log' for more details" "$LINENO" 5; } else LDB_CFLAGS=$pkg_cv_LDB_CFLAGS LDB_LIBS=$pkg_cv_LDB_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : fi for ac_header in ldb.h ldb_module.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldb_init in -lldb" >&5 $as_echo_n "checking for ldb_init in -lldb... " >&6; } if ${ac_cv_lib_ldb_ldb_init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldb -ltevent -ltdb -ldl -lldap $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ldb_init (); int main () { return ldb_init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldb_ldb_init=yes else ac_cv_lib_ldb_ldb_init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldb_ldb_init" >&5 $as_echo "$ac_cv_lib_ldb_ldb_init" >&6; } if test "x$ac_cv_lib_ldb_ldb_init" = xyes; then : LDB_LIBS="-lldb" fi else as_fn_error $? "LDB header files are not installed" "$LINENO" 5 fi done # Check whether --with-ldb-lib-dir was given. if test "${with_ldb_lib_dir+set}" = set; then : withval=$with_ldb_lib_dir; fi if test x"$with_ldb_lib_dir" != x; then ldblibdir=$with_ldb_lib_dir else ldblibdir="`$PKG_CONFIG --variable=modulesdir ldb`" if ! test -d $ldblibdir; then ldblibdir="${libdir}/ldb" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking feature ldb runtime version check" >&5 $as_echo_n "checking feature ldb runtime version check... " >&6; } # Check whether --enable-ldb-version-check was given. if test "${enable_ldb_version_check+set}" = set; then : enableval=$enable_ldb_version_check; enable_ldb_version_check="$enableval" else enable_ldb_version_check="no" fi if test x"$enable_ldb_version_check" = xyes ; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define SSS_LDB_VERSION_CHECK 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: ldb lib directory: $ldblibdir" >&5 $as_echo "$as_me: ldb lib directory: $ldblibdir" >&6;} pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DHASH" >&5 $as_echo_n "checking for DHASH... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$DHASH_CFLAGS"; then pkg_cv_DHASH_CFLAGS="$DHASH_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"dhash >= 0.4.2\""; } >&5 ($PKG_CONFIG --exists --print-errors "dhash >= 0.4.2") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_DHASH_CFLAGS=`$PKG_CONFIG --cflags "dhash >= 0.4.2" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$DHASH_LIBS"; then pkg_cv_DHASH_LIBS="$DHASH_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"dhash >= 0.4.2\""; } >&5 ($PKG_CONFIG --exists --print-errors "dhash >= 0.4.2") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_DHASH_LIBS=`$PKG_CONFIG --libs "dhash >= 0.4.2" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then DHASH_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "dhash >= 0.4.2"` else DHASH_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "dhash >= 0.4.2"` fi # Put the nasty error message in config.log where it belongs echo "$DHASH_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "\"Please install libdhash-devel\"" "$LINENO" 5 elif test $pkg_failed = untried; then as_fn_error $? "\"Please install libdhash-devel\"" "$LINENO" 5 else DHASH_CFLAGS=$pkg_cv_DHASH_CFLAGS DHASH_LIBS=$pkg_cv_DHASH_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : fi pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for COLLECTION" >&5 $as_echo_n "checking for COLLECTION... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$COLLECTION_CFLAGS"; then pkg_cv_COLLECTION_CFLAGS="$COLLECTION_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"collection >= 0.5.1\""; } >&5 ($PKG_CONFIG --exists --print-errors "collection >= 0.5.1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_COLLECTION_CFLAGS=`$PKG_CONFIG --cflags "collection >= 0.5.1" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$COLLECTION_LIBS"; then pkg_cv_COLLECTION_LIBS="$COLLECTION_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"collection >= 0.5.1\""; } >&5 ($PKG_CONFIG --exists --print-errors "collection >= 0.5.1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_COLLECTION_LIBS=`$PKG_CONFIG --libs "collection >= 0.5.1" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then COLLECTION_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "collection >= 0.5.1"` else COLLECTION_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "collection >= 0.5.1"` fi # Put the nasty error message in config.log where it belongs echo "$COLLECTION_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "\"Please install libcollection-devel\"" "$LINENO" 5 elif test $pkg_failed = untried; then as_fn_error $? "\"Please install libcollection-devel\"" "$LINENO" 5 else COLLECTION_CFLAGS=$pkg_cv_COLLECTION_CFLAGS COLLECTION_LIBS=$pkg_cv_COLLECTION_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : fi pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for INI_CONFIG" >&5 $as_echo_n "checking for INI_CONFIG... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$INI_CONFIG_CFLAGS"; then pkg_cv_INI_CONFIG_CFLAGS="$INI_CONFIG_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \" ini_config >= 1.0.0\""; } >&5 ($PKG_CONFIG --exists --print-errors " ini_config >= 1.0.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_INI_CONFIG_CFLAGS=`$PKG_CONFIG --cflags " ini_config >= 1.0.0" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$INI_CONFIG_LIBS"; then pkg_cv_INI_CONFIG_LIBS="$INI_CONFIG_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \" ini_config >= 1.0.0\""; } >&5 ($PKG_CONFIG --exists --print-errors " ini_config >= 1.0.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_INI_CONFIG_LIBS=`$PKG_CONFIG --libs " ini_config >= 1.0.0" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then INI_CONFIG_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors " ini_config >= 1.0.0"` else INI_CONFIG_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors " ini_config >= 1.0.0"` fi # Put the nasty error message in config.log where it belongs echo "$INI_CONFIG_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libini_config-devel >= 1.0.0 not available, trying older version" >&5 $as_echo "$as_me: WARNING: libini_config-devel >= 1.0.0 not available, trying older version" >&2;} pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for INI_CONFIG" >&5 $as_echo_n "checking for INI_CONFIG... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$INI_CONFIG_CFLAGS"; then pkg_cv_INI_CONFIG_CFLAGS="$INI_CONFIG_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \" ini_config >= 0.6.1\""; } >&5 ($PKG_CONFIG --exists --print-errors " ini_config >= 0.6.1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_INI_CONFIG_CFLAGS=`$PKG_CONFIG --cflags " ini_config >= 0.6.1" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$INI_CONFIG_LIBS"; then pkg_cv_INI_CONFIG_LIBS="$INI_CONFIG_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \" ini_config >= 0.6.1\""; } >&5 ($PKG_CONFIG --exists --print-errors " ini_config >= 0.6.1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_INI_CONFIG_LIBS=`$PKG_CONFIG --libs " ini_config >= 0.6.1" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then INI_CONFIG_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors " ini_config >= 0.6.1"` else INI_CONFIG_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors " ini_config >= 0.6.1"` fi # Put the nasty error message in config.log where it belongs echo "$INI_CONFIG_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "Please install libini_config-devel" "$LINENO" 5 elif test $pkg_failed = untried; then as_fn_error $? "Please install libini_config-devel" "$LINENO" 5 else INI_CONFIG_CFLAGS=$pkg_cv_INI_CONFIG_CFLAGS INI_CONFIG_LIBS=$pkg_cv_INI_CONFIG_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } cat >>confdefs.h <<_ACEOF #define HAVE_LIBINI_CONFIG_V0 1 _ACEOF fi elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libini_config-devel >= 1.0.0 not available, trying older version" >&5 $as_echo "$as_me: WARNING: libini_config-devel >= 1.0.0 not available, trying older version" >&2;} pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for INI_CONFIG" >&5 $as_echo_n "checking for INI_CONFIG... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$INI_CONFIG_CFLAGS"; then pkg_cv_INI_CONFIG_CFLAGS="$INI_CONFIG_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \" ini_config >= 0.6.1\""; } >&5 ($PKG_CONFIG --exists --print-errors " ini_config >= 0.6.1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_INI_CONFIG_CFLAGS=`$PKG_CONFIG --cflags " ini_config >= 0.6.1" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$INI_CONFIG_LIBS"; then pkg_cv_INI_CONFIG_LIBS="$INI_CONFIG_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \" ini_config >= 0.6.1\""; } >&5 ($PKG_CONFIG --exists --print-errors " ini_config >= 0.6.1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_INI_CONFIG_LIBS=`$PKG_CONFIG --libs " ini_config >= 0.6.1" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then INI_CONFIG_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors " ini_config >= 0.6.1"` else INI_CONFIG_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors " ini_config >= 0.6.1"` fi # Put the nasty error message in config.log where it belongs echo "$INI_CONFIG_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "Please install libini_config-devel" "$LINENO" 5 elif test $pkg_failed = untried; then as_fn_error $? "Please install libini_config-devel" "$LINENO" 5 else INI_CONFIG_CFLAGS=$pkg_cv_INI_CONFIG_CFLAGS INI_CONFIG_LIBS=$pkg_cv_INI_CONFIG_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } cat >>confdefs.h <<_ACEOF #define HAVE_LIBINI_CONFIG_V0 1 _ACEOF fi else INI_CONFIG_CFLAGS=$pkg_cv_INI_CONFIG_CFLAGS INI_CONFIG_LIBS=$pkg_cv_INI_CONFIG_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } cat >>confdefs.h <<_ACEOF #define HAVE_LIBINI_CONFIG_V1 1 _ACEOF fi for ac_header in security/pam_appl.h security/pam_misc.h security/pam_modules.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_get_item in -lpam" >&5 $as_echo_n "checking for pam_get_item in -lpam... " >&6; } if ${ac_cv_lib_pam_pam_get_item+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpam $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pam_get_item (); int main () { return pam_get_item (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_pam_pam_get_item=yes else ac_cv_lib_pam_pam_get_item=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_get_item" >&5 $as_echo "$ac_cv_lib_pam_pam_get_item" >&6; } if test "x$ac_cv_lib_pam_pam_get_item" = xyes; then : PAM_LIBS="-lpam" else as_fn_error $? "PAM must support pam_get_item" "$LINENO" 5 fi else as_fn_error $? "PAM development libraries not installed" "$LINENO" 5 fi done for p in /usr/include/openldap24 /usr/local/include; do if test -f "${p}/ldap.h"; then OPENLDAP_CFLAGS="${OPENLDAP_CFLAGS} -I${p}" break; fi done for p in /usr/lib64/openldap24 /usr/lib/openldap24 /usr/local/lib ; do if test -f "${p}/libldap.so"; then OPENLDAP_LIBS="${OPENLDAP_LIBS} -L${p}" break; fi done SAVE_CFLAGS=$CFLAGS SAVE_LIBS=$LIBS CFLAGS="$CFLAGS $OPENLDAP_CFLAGS" LIBS="$LIBS $OPENLDAP_LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_search in -lldap" >&5 $as_echo_n "checking for ldap_search in -lldap... " >&6; } if ${ac_cv_lib_ldap_ldap_search+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldap $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ldap_search (); int main () { return ldap_search (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldap_ldap_search=yes else ac_cv_lib_ldap_ldap_search=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap_ldap_search" >&5 $as_echo "$ac_cv_lib_ldap_ldap_search" >&6; } if test "x$ac_cv_lib_ldap_ldap_search" = xyes; then : with_ldap=yes fi test "$with_ldap" != "yes" && { { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_open in -lldap" >&5 $as_echo_n "checking for ldap_open in -lldap... " >&6; } if ${ac_cv_lib_ldap_ldap_open+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldap -llber $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ldap_open (); int main () { return ldap_open (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldap_ldap_open=yes else ac_cv_lib_ldap_ldap_open=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap_ldap_open" >&5 $as_echo "$ac_cv_lib_ldap_ldap_open" >&6; } if test "x$ac_cv_lib_ldap_ldap_open" = xyes; then : with_ldap=yes with_ldap_lber=yes fi } test "$with_ldap" != "yes" && { { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_open in -lldap" >&5 $as_echo_n "checking for ldap_open in -lldap... " >&6; } if ${ac_cv_lib_ldap_ldap_open+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldap -llber -lkrb $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ldap_open (); int main () { return ldap_open (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldap_ldap_open=yes else ac_cv_lib_ldap_ldap_open=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap_ldap_open" >&5 $as_echo "$ac_cv_lib_ldap_ldap_open" >&6; } if test "x$ac_cv_lib_ldap_ldap_open" = xyes; then : with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes fi } test "$with_ldap" != "yes" && { { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_open in -lldap" >&5 $as_echo_n "checking for ldap_open in -lldap... " >&6; } if ${ac_cv_lib_ldap_ldap_open+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lldap -llber -lkrb -ldes $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ldap_open (); int main () { return ldap_open (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ldap_ldap_open=yes else ac_cv_lib_ldap_ldap_open=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap_ldap_open" >&5 $as_echo "$ac_cv_lib_ldap_ldap_open" >&6; } if test "x$ac_cv_lib_ldap_ldap_open" = xyes; then : with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes with_ldap_des=yes fi } CFLAGS=$SAVE_CFLAGS LIBS=$SAVE_LIBS test "$with_ldap_lber" != "yes" && { { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ber_pvt_opt_on in -llber" >&5 $as_echo_n "checking for ber_pvt_opt_on in -llber... " >&6; } if ${ac_cv_lib_lber_ber_pvt_opt_on+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-llber $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ber_pvt_opt_on (); int main () { return ber_pvt_opt_on (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_lber_ber_pvt_opt_on=yes else ac_cv_lib_lber_ber_pvt_opt_on=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lber_ber_pvt_opt_on" >&5 $as_echo "$ac_cv_lib_lber_ber_pvt_opt_on" >&6; } if test "x$ac_cv_lib_lber_ber_pvt_opt_on" = xyes; then : with_ldap_lber=yes fi } if test "$with_ldap" = "yes"; then if test "$with_ldap_des" = "yes" ; then OPENLDAP_LIBS="${OPENLDAP_LIBS} -ldes" fi if test "$with_ldap_krb" = "yes" ; then OPENLDAP_LIBS="${OPENLDAP_LIBS} -lkrb" fi if test "$with_ldap_lber" = "yes" ; then OPENLDAP_LIBS="${OPENLDAP_LIBS} -llber" fi OPENLDAP_LIBS="${OPENLDAP_LIBS} -lldap" else as_fn_error $? "OpenLDAP not found" "$LINENO" 5 fi SAVE_CFLAGS=$CFLAGS SAVE_LIBS=$LIBS CFLAGS="$CFLAGS $OPENLDAP_CFLAGS" LIBS="$LIBS $OPENLDAP_LIBS" for ac_func in ldap_control_create ldap_init_fd \ ldap_create_deref_control_value \ ldap_parse_derefresponse_control \ ldap_derefresponse_free do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_member "$LINENO" "struct ldap_conncb" "lc_arg" "ac_cv_member_struct_ldap_conncb_lc_arg" "#include " if test "x$ac_cv_member_struct_ldap_conncb_lc_arg" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_LDAP_CONNCB_LC_ARG 1 _ACEOF if test "$cross_compiling" = yes; then : { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run test program while cross compiling See \`config.log' for more details" "$LINENO" 5; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { struct ldap_conncb cb; return ldap_set_option(NULL, LDAP_OPT_CONNECT_CB, &cb); ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : $as_echo "#define HAVE_LDAP_CONNCB 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Found broken callback implementation" >&5 $as_echo "$as_me: WARNING: Found broken callback implementation" >&2;} fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi ac_fn_c_check_type "$LINENO" "LDAPDerefRes" "ac_cv_type_LDAPDerefRes" "#include " if test "x$ac_cv_type_LDAPDerefRes" = xyes; then : else as_fn_error $? "The OpenLDAP version found does not contain the required type LDAPDerefRes" "$LINENO" 5 fi CFLAGS=$SAVE_CFLAGS LIBS=$SAVE_LIBS PCRE_OBJ="" pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PCRE" >&5 $as_echo_n "checking for PCRE... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$PCRE_CFLAGS"; then pkg_cv_PCRE_CFLAGS="$PCRE_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libpcre\""; } >&5 ($PKG_CONFIG --exists --print-errors "libpcre") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_PCRE_CFLAGS=`$PKG_CONFIG --cflags "libpcre" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$PCRE_LIBS"; then pkg_cv_PCRE_LIBS="$PCRE_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libpcre\""; } >&5 ($PKG_CONFIG --exists --print-errors "libpcre") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_PCRE_LIBS=`$PKG_CONFIG --libs "libpcre" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then PCRE_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libpcre"` else PCRE_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libpcre"` fi # Put the nasty error message in config.log where it belongs echo "$PCRE_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } found_libpcre=no elif test $pkg_failed = untried; then found_libpcre=no else PCRE_CFLAGS=$pkg_cv_PCRE_CFLAGS PCRE_LIBS=$pkg_cv_PCRE_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } found_libpcre=yes fi if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libpcre >= 7\""; } >&5 ($PKG_CONFIG --exists --print-errors "libpcre >= 7") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then { $as_echo "$as_me:${as_lineno-$LINENO}: PCRE version is 7 or higher" >&5 $as_echo "$as_me: PCRE version is 7 or higher" >&6;} else { $as_echo "$as_me:${as_lineno-$LINENO}: PCRE version is below 7" >&5 $as_echo "$as_me: PCRE version is below 7" >&6;} $as_echo "#define HAVE_LIBPCRE_LESSER_THAN_7 1" >>confdefs.h fi acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" sss_extra_libdir="$additional_libdir" if test x"$found_libpcre" != xyes; then : for ac_header in pcre.h do : ac_fn_c_check_header_mongrel "$LINENO" "pcre.h" "ac_cv_header_pcre_h" "$ac_includes_default" if test "x$ac_cv_header_pcre_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_PCRE_H 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcre_compile in -lpcre" >&5 $as_echo_n "checking for pcre_compile in -lpcre... " >&6; } if ${ac_cv_lib_pcre_pcre_compile+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpcre -L$sss_extra_libdir $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pcre_compile (); int main () { return pcre_compile (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_pcre_pcre_compile=yes else ac_cv_lib_pcre_pcre_compile=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pcre_pcre_compile" >&5 $as_echo "$ac_cv_lib_pcre_pcre_compile" >&6; } if test "x$ac_cv_lib_pcre_pcre_compile" = xyes; then : PCRE_LIBS="-L$sss_extra_libdir -lpcre" else as_fn_error $? "No usable PCRE library found" "$LINENO" 5 fi else as_fn_error $? "pcre header files are not installed" "$LINENO" 5 fi done fi if test x$KRB5_LIBS != x; then KRB5_PASSED_LIBS=$KRB5_LIBS fi if test x$KRB5_CFLAGS != x; then KRB5_PASSED_CFLAGS=$KRB5_CFLAGS fi # Extract the first word of "krb5-config", so it can be a program name with args. set dummy krb5-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_KRB5_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $KRB5_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_KRB5_CONFIG="$KRB5_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_KRB5_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi KRB5_CONFIG=$ac_cv_path_KRB5_CONFIG if test -n "$KRB5_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5_CONFIG" >&5 $as_echo "$KRB5_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working krb5-config" >&5 $as_echo_n "checking for working krb5-config... " >&6; } if test -x "$KRB5_CONFIG"; then KRB5_CFLAGS="`$KRB5_CONFIG --cflags`" KRB5_LIBS="`$KRB5_CONFIG --libs`" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } if test x$KRB5_PASSED_LIBS = x; then as_fn_error $? "Please install MIT kerberos devel package" "$LINENO" 5 fi fi if test x$KRB5_PASSED_LIBS != x; then KRB5_LIBS=$KRB5_PASSED_LIBS fi if test x$KRB5_PASSED_CFLAGS != x; then KRB5_CFLAGS=$KRB5_PASSED_CFLAGS fi SAVE_CFLAGS=$CFLAGS SAVE_LIBS=$LIBS CFLAGS="$CFLAGS $KRB5_CFLAGS" LIBS="$LIBS $KRB5_LIBS" for ac_header in krb5.h krb5/krb5.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_type "$LINENO" "krb5_ticket_times" "ac_cv_type_krb5_ticket_times" " #ifdef HAVE_KRB5_KRB5_H #include #else #include #endif " if test "x$ac_cv_type_krb5_ticket_times" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_KRB5_TICKET_TIMES 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "krb5_times" "ac_cv_type_krb5_times" " #ifdef HAVE_KRB5_KRB5_H #include #else #include #endif " if test "x$ac_cv_type_krb5_times" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_KRB5_TIMES 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "krb5_trace_info" "ac_cv_type_krb5_trace_info" " #ifdef HAVE_KRB5_KRB5_H #include #else #include #endif " if test "x$ac_cv_type_krb5_trace_info" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_KRB5_TRACE_INFO 1 _ACEOF fi for ac_func in krb5_get_init_creds_opt_alloc krb5_get_error_message \ krb5_free_unparsed_name \ krb5_get_init_creds_opt_set_expire_callback \ krb5_get_init_creds_opt_set_fast_ccache_name \ krb5_get_init_creds_opt_set_fast_flags \ krb5_get_init_creds_opt_set_canonicalize \ krb5_get_init_creds_opt_set_responder \ krb5_parse_name_flags \ krb5_unparse_name_flags \ krb5_get_init_creds_opt_set_change_password_prompt \ krb5_free_keytab_entry_contents \ krb5_kt_free_entry \ krb5_princ_realm \ krb5_get_time_offsets \ krb5_principal_get_realm \ krb5_cc_cache_match \ krb5_timestamp_to_sfstring \ krb5_set_trace_callback \ krb5_find_authdata \ krb5_cc_get_full_name do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done CFLAGS=$SAVE_CFLAGS LIBS=$SAVE_LIBS CFLAGS="$CFLAGS $KRB5_CFLAGS" LIBS="$LIBS $KRB5_LIBS" if test x$ac_cv_header_krb5_h != xyes -a x$ac_cv_header_krb5_krb5_h != xyes then as_fn_error $? "you must have Kerberos 5 header files to build sssd" "$LINENO" 5 fi # Check whether --enable-krb5-locator-plugin was given. if test "${enable_krb5_locator_plugin+set}" = set; then : enableval=$enable_krb5_locator_plugin; build_locator=$enableval else build_locator=yes fi ac_fn_c_check_header_compile "$LINENO" "krb5/locate_plugin.h" "ac_cv_header_krb5_locate_plugin_h" " #ifdef HAVE_KRB5_KRB5_H #include #else #include #endif " if test "x$ac_cv_header_krb5_locate_plugin_h" = xyes; then : have_locate_plugin=yes else have_locate_plugin=no { $as_echo "$as_me:${as_lineno-$LINENO}: Kerberos locator plugin cannot be built" >&5 $as_echo "$as_me: Kerberos locator plugin cannot be built" >&6;} fi if test x$have_locate_plugin = xyes -a x$build_locator = xyes; then BUILD_KRB5_LOCATOR_PLUGIN_TRUE= BUILD_KRB5_LOCATOR_PLUGIN_FALSE='#' else BUILD_KRB5_LOCATOR_PLUGIN_TRUE='#' BUILD_KRB5_LOCATOR_PLUGIN_FALSE= fi if test -z "$BUILD_KRB5_LOCATOR_PLUGIN_TRUE"; then : cat >>confdefs.h <<_ACEOF #define HAVE_KRB5_LOCATOR_PLUGIN 1 _ACEOF fi CFLAGS=$SAVE_CFLAGS LIBS=$SAVE_LIBS pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CARES" >&5 $as_echo_n "checking for CARES... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$CARES_CFLAGS"; then pkg_cv_CARES_CFLAGS="$CARES_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcares\""; } >&5 ($PKG_CONFIG --exists --print-errors "libcares") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_CARES_CFLAGS=`$PKG_CONFIG --cflags "libcares" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$CARES_LIBS"; then pkg_cv_CARES_LIBS="$CARES_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcares\""; } >&5 ($PKG_CONFIG --exists --print-errors "libcares") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_CARES_LIBS=`$PKG_CONFIG --libs "libcares" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then CARES_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libcares"` else CARES_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libcares"` fi # Put the nasty error message in config.log where it belongs echo "$CARES_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } found_libcares=no elif test $pkg_failed = untried; then found_libcares=no else CARES_CFLAGS=$pkg_cv_CARES_CFLAGS CARES_LIBS=$pkg_cv_CARES_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } found_libcares=yes fi acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" sss_extra_libdir="$additional_libdir" if test x"$found_libcares" != xyes; then : for ac_header in ares.h do : ac_fn_c_check_header_mongrel "$LINENO" "ares.h" "ac_cv_header_ares_h" "$ac_includes_default" if test "x$ac_cv_header_ares_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_ARES_H 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ares_init in -lcares" >&5 $as_echo_n "checking for ares_init in -lcares... " >&6; } if ${ac_cv_lib_cares_ares_init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcares -L$sss_extra_libdir $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ares_init (); int main () { return ares_init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_cares_ares_init=yes else ac_cv_lib_cares_ares_init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cares_ares_init" >&5 $as_echo "$ac_cv_lib_cares_ares_init" >&6; } if test "x$ac_cv_lib_cares_ares_init" = xyes; then : CARES_LIBS="-L$sss_extra_libdir -lcares" else as_fn_error $? "No usable c-ares library found" "$LINENO" 5 fi else as_fn_error $? "c-ares header files are not installed" "$LINENO" 5 fi done fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ares_free_data in -lcares" >&5 $as_echo_n "checking for ares_free_data in -lcares... " >&6; } if ${ac_cv_lib_cares_ares_free_data+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcares $CARES_LIBS $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char ares_free_data (); int main () { return ares_free_data (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_cares_ares_free_data=yes else ac_cv_lib_cares_ares_free_data=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cares_ares_free_data" >&5 $as_echo "$ac_cv_lib_cares_ares_free_data" >&6; } if test "x$ac_cv_lib_cares_ares_free_data" = xyes; then : $as_echo "#define HAVE_ARES_DATA 1" >>confdefs.h else ares_data=1 fi if test x$ares_data = x1; then BUILD_ARES_DATA_TRUE= BUILD_ARES_DATA_FALSE='#' else BUILD_ARES_DATA_TRUE='#' BUILD_ARES_DATA_FALSE= fi ac_fn_c_check_type "$LINENO" "struct ares_addrttl" "ac_cv_type_struct_ares_addrttl" "#include " if test "x$ac_cv_type_struct_ares_addrttl" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_ARES_ADDRTTL 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "struct ares_addr6ttl" "ac_cv_type_struct_ares_addr6ttl" "#include " if test "x$ac_cv_type_struct_ares_addr6ttl" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_ARES_ADDR6TTL 1 _ACEOF fi # Solaris needs HAVE_LONG_LONG defined ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default" if test "x$ac_cv_type_long_long" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LONG_LONG 1 _ACEOF fi # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5 $as_echo_n "checking size of int... " >&6; } if ${ac_cv_sizeof_int+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then : else if test "$ac_cv_type_int" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (int) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_int=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5 $as_echo "$ac_cv_sizeof_int" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_INT $ac_cv_sizeof_int _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of char" >&5 $as_echo_n "checking size of char... " >&6; } if ${ac_cv_sizeof_char+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (char))" "ac_cv_sizeof_char" "$ac_includes_default"; then : else if test "$ac_cv_type_char" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (char) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_char=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_char" >&5 $as_echo "$ac_cv_sizeof_char" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_CHAR $ac_cv_sizeof_char _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of short" >&5 $as_echo_n "checking size of short... " >&6; } if ${ac_cv_sizeof_short+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short))" "ac_cv_sizeof_short" "$ac_includes_default"; then : else if test "$ac_cv_type_short" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (short) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_short=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short" >&5 $as_echo "$ac_cv_sizeof_short" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_SHORT $ac_cv_sizeof_short _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long" >&5 $as_echo_n "checking size of long... " >&6; } if ${ac_cv_sizeof_long+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long))" "ac_cv_sizeof_long" "$ac_includes_default"; then : else if test "$ac_cv_type_long" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (long) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_long=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long" >&5 $as_echo "$ac_cv_sizeof_long" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_LONG $ac_cv_sizeof_long _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long long" >&5 $as_echo_n "checking size of long long... " >&6; } if ${ac_cv_sizeof_long_long+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long))" "ac_cv_sizeof_long_long" "$ac_includes_default"; then : else if test "$ac_cv_type_long_long" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (long long) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_long_long=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long" >&5 $as_echo "$ac_cv_sizeof_long_long" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_LONG_LONG $ac_cv_sizeof_long_long _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of uid_t" >&5 $as_echo_n "checking size of uid_t... " >&6; } if ${ac_cv_sizeof_uid_t+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (uid_t))" "ac_cv_sizeof_uid_t" "$ac_includes_default"; then : else if test "$ac_cv_type_uid_t" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (uid_t) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_uid_t=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_uid_t" >&5 $as_echo "$ac_cv_sizeof_uid_t" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_UID_T $ac_cv_sizeof_uid_t _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of gid_t" >&5 $as_echo_n "checking size of gid_t... " >&6; } if ${ac_cv_sizeof_gid_t+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (gid_t))" "ac_cv_sizeof_gid_t" "$ac_includes_default"; then : else if test "$ac_cv_type_gid_t" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (gid_t) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_gid_t=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_gid_t" >&5 $as_echo "$ac_cv_sizeof_gid_t" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_GID_T $ac_cv_sizeof_gid_t _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of id_t" >&5 $as_echo_n "checking size of id_t... " >&6; } if ${ac_cv_sizeof_id_t+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (id_t))" "ac_cv_sizeof_id_t" "$ac_includes_default"; then : else if test "$ac_cv_type_id_t" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (id_t) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_id_t=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_id_t" >&5 $as_echo "$ac_cv_sizeof_id_t" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_ID_T $ac_cv_sizeof_id_t _ACEOF if test $ac_cv_sizeof_long_long -lt 8 ; then as_fn_error $? "SSSD requires long long of 64-bits" "$LINENO" 5 fi ac_fn_c_check_type "$LINENO" "uint_t" "ac_cv_type_uint_t" "$ac_includes_default" if test "x$ac_cv_type_uint_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define uint_t unsigned int _ACEOF fi ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default" if test "x$ac_cv_type_int8_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define int8_t char _ACEOF fi ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default" if test "x$ac_cv_type_uint8_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define uint8_t unsigned char _ACEOF fi ac_fn_c_check_type "$LINENO" "int16_t" "ac_cv_type_int16_t" "$ac_includes_default" if test "x$ac_cv_type_int16_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define int16_t short _ACEOF fi ac_fn_c_check_type "$LINENO" "uint16_t" "ac_cv_type_uint16_t" "$ac_includes_default" if test "x$ac_cv_type_uint16_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define uint16_t unsigned short _ACEOF fi if test $ac_cv_sizeof_int -eq 4 ; then ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" "$ac_includes_default" if test "x$ac_cv_type_int32_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define int32_t int _ACEOF fi ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default" if test "x$ac_cv_type_uint32_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define uint32_t unsigned int _ACEOF fi elif test $ac_cv_size_long -eq 4 ; then ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" "$ac_includes_default" if test "x$ac_cv_type_int32_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define int32_t long _ACEOF fi ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default" if test "x$ac_cv_type_uint32_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define uint32_t unsigned long _ACEOF fi else as_fn_error $? "LIBREPLACE no 32-bit type found" "$LINENO" 5 fi ac_fn_c_check_type "$LINENO" "int64_t" "ac_cv_type_int64_t" "$ac_includes_default" if test "x$ac_cv_type_int64_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define int64_t long long _ACEOF fi ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "$ac_includes_default" if test "x$ac_cv_type_uint64_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define uint64_t unsigned long long _ACEOF fi ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" if test "x$ac_cv_type_size_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define size_t unsigned int _ACEOF fi ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default" if test "x$ac_cv_type_ssize_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define ssize_t int _ACEOF fi # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of off_t" >&5 $as_echo_n "checking size of off_t... " >&6; } if ${ac_cv_sizeof_off_t+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (off_t))" "ac_cv_sizeof_off_t" "$ac_includes_default"; then : else if test "$ac_cv_type_off_t" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (off_t) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_off_t=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_off_t" >&5 $as_echo "$ac_cv_sizeof_off_t" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_OFF_T $ac_cv_sizeof_off_t _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5 $as_echo_n "checking size of size_t... " >&6; } if ${ac_cv_sizeof_size_t+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t" "$ac_includes_default"; then : else if test "$ac_cv_type_size_t" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (size_t) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_size_t=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5 $as_echo "$ac_cv_sizeof_size_t" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_SIZE_T $ac_cv_sizeof_size_t _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of ssize_t" >&5 $as_echo_n "checking size of ssize_t... " >&6; } if ${ac_cv_sizeof_ssize_t+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (ssize_t))" "ac_cv_sizeof_ssize_t" "$ac_includes_default"; then : else if test "$ac_cv_type_ssize_t" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (ssize_t) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_ssize_t=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_ssize_t" >&5 $as_echo "$ac_cv_sizeof_ssize_t" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_SSIZE_T $ac_cv_sizeof_ssize_t _ACEOF ac_fn_c_check_type "$LINENO" "intptr_t" "ac_cv_type_intptr_t" "$ac_includes_default" if test "x$ac_cv_type_intptr_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_INTPTR_T 1 _ACEOF else cat >>confdefs.h <<_ACEOF #define intptr_t long long _ACEOF fi ac_fn_c_check_type "$LINENO" "uintptr_t" "ac_cv_type_uintptr_t" "$ac_includes_default" if test "x$ac_cv_type_uintptr_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define uintptr_t unsigned long long _ACEOF fi ac_fn_c_check_type "$LINENO" "ptrdiff_t" "ac_cv_type_ptrdiff_t" "$ac_includes_default" if test "x$ac_cv_type_ptrdiff_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define ptrdiff_t unsigned long long _ACEOF fi # Extract the first word of "nscd", so it can be a program name with args. set dummy nscd; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_NSCD+:} false; then : $as_echo_n "(cached) " >&6 else case $NSCD in [\\/]* | ?:[\\/]*) ac_cv_path_NSCD="$NSCD" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_NSCD="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_NSCD" && ac_cv_path_NSCD="$NSCD_PATH" ;; esac fi NSCD=$ac_cv_path_NSCD if test -n "$NSCD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NSCD" >&5 $as_echo "$NSCD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nscd" >&5 $as_echo_n "checking for nscd... " >&6; } cat >>confdefs.h <<_ACEOF #define NSCD_PATH "$NSCD" _ACEOF if test -x "$NSCD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: not installed, assuming standard location" >&5 $as_echo "not installed, assuming standard location" >&6; } fi # Extract the first word of "nsupdate", so it can be a program name with args. set dummy nsupdate; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_NSUPDATE+:} false; then : $as_echo_n "(cached) " >&6 else case $NSUPDATE in [\\/]* | ?:[\\/]*) ac_cv_path_NSUPDATE="$NSUPDATE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_NSUPDATE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi NSUPDATE=$ac_cv_path_NSUPDATE if test -n "$NSUPDATE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NSUPDATE" >&5 $as_echo "$NSUPDATE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for executable nsupdate" >&5 $as_echo_n "checking for executable nsupdate... " >&6; } if test -x "$NSUPDATE"; then cat >>confdefs.h <<_ACEOF #define NSUPDATE_PATH "$NSUPDATE" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nsupdate 'realm' support'" >&5 $as_echo_n "checking for nsupdate 'realm' support'... " >&6; } if { { $as_echo "$as_me:${as_lineno-$LINENO}: echo realm |\$NSUPDATE >&2"; } >&5 (echo realm |$NSUPDATE >&2) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } cat >>confdefs.h <<_ACEOF #define HAVE_NSUPDATE_REALM 1 _ACEOF else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Will build without the 'realm' directive" >&5 $as_echo "$as_me: WARNING: Will build without the 'realm' directive" >&2;} fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "nsupdate is not available" "$LINENO" 5 fi for ac_header in keyutils.h do : ac_fn_c_check_header_mongrel "$LINENO" "keyutils.h" "ac_cv_header_keyutils_h" "$ac_includes_default" if test "x$ac_cv_header_keyutils_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_KEYUTILS_H 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for add_key in -lkeyutils" >&5 $as_echo_n "checking for add_key in -lkeyutils... " >&6; } if ${ac_cv_lib_keyutils_add_key+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lkeyutils $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char add_key (); int main () { return add_key (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_keyutils_add_key=yes else ac_cv_lib_keyutils_add_key=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_keyutils_add_key" >&5 $as_echo "$ac_cv_lib_keyutils_add_key" >&6; } if test "x$ac_cv_lib_keyutils_add_key" = xyes; then : $as_echo "#define USE_KEYRING 1" >>confdefs.h KEYUTILS_LIBS="-lkeyutils" else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: No usable keyutils library found" >&5 $as_echo "$as_me: WARNING: No usable keyutils library found" >&2;} fi else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: keyutils header files are not available" >&5 $as_echo "$as_me: WARNING: keyutils header files are not available" >&2;} fi done # Check whether --enable-pac-responder was given. if test "${enable_pac_responder+set}" = set; then : enableval=$enable_pac_responder; build_pac_responder=$enableval else build_pac_responder=yes fi ndr_krb5pac_ok=no krb5_version_ok=no if test x$build_pac_responder == xyes then pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for NDR_KRB5PAC" >&5 $as_echo_n "checking for NDR_KRB5PAC... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$NDR_KRB5PAC_CFLAGS"; then pkg_cv_NDR_KRB5PAC_CFLAGS="$NDR_KRB5PAC_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"ndr_krb5pac\""; } >&5 ($PKG_CONFIG --exists --print-errors "ndr_krb5pac") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_NDR_KRB5PAC_CFLAGS=`$PKG_CONFIG --cflags "ndr_krb5pac" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$NDR_KRB5PAC_LIBS"; then pkg_cv_NDR_KRB5PAC_LIBS="$NDR_KRB5PAC_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"ndr_krb5pac\""; } >&5 ($PKG_CONFIG --exists --print-errors "ndr_krb5pac") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_NDR_KRB5PAC_LIBS=`$PKG_CONFIG --libs "ndr_krb5pac" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then NDR_KRB5PAC_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "ndr_krb5pac"` else NDR_KRB5PAC_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "ndr_krb5pac"` fi # Put the nasty error message in config.log where it belongs echo "$NDR_KRB5PAC_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot build pac responder without libndr_krb5pac" >&5 $as_echo "$as_me: WARNING: Cannot build pac responder without libndr_krb5pac" >&2;} elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot build pac responder without libndr_krb5pac" >&5 $as_echo "$as_me: WARNING: Cannot build pac responder without libndr_krb5pac" >&2;} else NDR_KRB5PAC_CFLAGS=$pkg_cv_NDR_KRB5PAC_CFLAGS NDR_KRB5PAC_LIBS=$pkg_cv_NDR_KRB5PAC_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } ndr_krb5pac_ok=yes fi # Extract the first word of "krb5-config", so it can be a program name with args. set dummy krb5-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_KRB5_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $KRB5_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_KRB5_CONFIG="$KRB5_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_KRB5_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi KRB5_CONFIG=$ac_cv_path_KRB5_CONFIG if test -n "$KRB5_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5_CONFIG" >&5 $as_echo "$KRB5_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for supported MIT krb5 version" >&5 $as_echo_n "checking for supported MIT krb5 version... " >&6; } KRB5_VERSION="`$KRB5_CONFIG --version`" case $KRB5_VERSION in Kerberos\ 5\ release\ 1.9* | \ Kerberos\ 5\ release\ 1.10* | \ Kerberos\ 5\ release\ 1.11* | \ Kerberos\ 5\ release\ 1.12*) krb5_version_ok=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot build authdata plugin with this version of MIT Kerberos, please use 1.9.x or later" >&5 $as_echo "$as_me: WARNING: Cannot build authdata plugin with this version of MIT Kerberos, please use 1.9.x or later" >&2;} esac fi if test x$build_pac_responder = xyes -a x$ndr_krb5pac_ok = xyes -a x$krb5_version_ok = xyes ; then BUILD_PAC_RESPONDER_TRUE= BUILD_PAC_RESPONDER_FALSE='#' else BUILD_PAC_RESPONDER_TRUE='#' BUILD_PAC_RESPONDER_FALSE= fi if test -z "$BUILD_PAC_RESPONDER_TRUE"; then : cat >>confdefs.h <<_ACEOF #define HAVE_PAC_RESPONDER 1 _ACEOF fi for ac_func in sigprocmask sigblock sigaction getpgrp prctl do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for NDR_NBT" >&5 $as_echo_n "checking for NDR_NBT... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$NDR_NBT_CFLAGS"; then pkg_cv_NDR_NBT_CFLAGS="$NDR_NBT_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"ndr_nbt\""; } >&5 ($PKG_CONFIG --exists --print-errors "ndr_nbt") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_NDR_NBT_CFLAGS=`$PKG_CONFIG --cflags "ndr_nbt" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$NDR_NBT_LIBS"; then pkg_cv_NDR_NBT_LIBS="$NDR_NBT_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"ndr_nbt\""; } >&5 ($PKG_CONFIG --exists --print-errors "ndr_nbt") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_NDR_NBT_LIBS=`$PKG_CONFIG --libs "ndr_nbt" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then NDR_NBT_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "ndr_nbt"` else NDR_NBT_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "ndr_nbt"` fi # Put the nasty error message in config.log where it belongs echo "$NDR_NBT_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "\"Please install Samba 4 development libraries\"" "$LINENO" 5 elif test $pkg_failed = untried; then as_fn_error $? "\"Please install Samba 4 development libraries\"" "$LINENO" 5 else NDR_NBT_CFLAGS=$pkg_cv_NDR_NBT_CFLAGS NDR_NBT_LIBS=$pkg_cv_NDR_NBT_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : fi # Check whether --with-unicode-lib was given. if test "${with_unicode_lib+set}" = set; then : withval=$with_unicode_lib; fi unicode_lib="glib2" if test x"$with_unicode_lib" != x; then unicode_lib=$with_unicode_lib fi if test x"$unicode_lib" != x"libunistring" -a x"$unicode_lib" != x"glib2"; then as_fn_error $? "Unsupported unicode library" "$LINENO" 5 fi if test x"$unicode_lib" = x"libunistring"; then WITH_LIBUNISTRING_TRUE= WITH_LIBUNISTRING_FALSE='#' else WITH_LIBUNISTRING_TRUE='#' WITH_LIBUNISTRING_FALSE= fi if test x"$unicode_lib" = x"glib2"; then WITH_GLIB_TRUE= WITH_GLIB_FALSE='#' else WITH_GLIB_TRUE='#' WITH_GLIB_FALSE= fi if test x$unicode_lib = xlibunistring; then acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" sss_extra_libdir="$additional_libdir" for ac_header in unistr.h do : ac_fn_c_check_header_mongrel "$LINENO" "unistr.h" "ac_cv_header_unistr_h" "$ac_includes_default" if test "x$ac_cv_header_unistr_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UNISTR_H 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u8_strlen in -lunistring" >&5 $as_echo_n "checking for u8_strlen in -lunistring... " >&6; } if ${ac_cv_lib_unistring_u8_strlen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lunistring -L$sss_extra_libdir $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char u8_strlen (); int main () { return u8_strlen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_unistring_u8_strlen=yes else ac_cv_lib_unistring_u8_strlen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_unistring_u8_strlen" >&5 $as_echo "$ac_cv_lib_unistring_u8_strlen" >&6; } if test "x$ac_cv_lib_unistring_u8_strlen" = xyes; then : UNISTRING_LIBS="-lunistring" else as_fn_error $? "No usable libunistring library found" "$LINENO" 5 fi else as_fn_error $? "libunistring header files are not installed" "$LINENO" 5 fi done for ac_header in unicase.h do : ac_fn_c_check_header_mongrel "$LINENO" "unicase.h" "ac_cv_header_unicase_h" "$ac_includes_default" if test "x$ac_cv_header_unicase_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UNICASE_H 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u8_casecmp in -lunistring" >&5 $as_echo_n "checking for u8_casecmp in -lunistring... " >&6; } if ${ac_cv_lib_unistring_u8_casecmp+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lunistring -L$sss_extra_libdir $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char u8_casecmp (); int main () { return u8_casecmp (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_unistring_u8_casecmp=yes else ac_cv_lib_unistring_u8_casecmp=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_unistring_u8_casecmp" >&5 $as_echo "$ac_cv_lib_unistring_u8_casecmp" >&6; } if test "x$ac_cv_lib_unistring_u8_casecmp" = xyes; then : UNISTRING_LIBS="-lunistring" else as_fn_error $? "No usable libunistring library found" "$LINENO" 5 fi else as_fn_error $? "libunistring header files are not installed" "$LINENO" 5 fi done for ac_header in unistr.h do : ac_fn_c_check_header_mongrel "$LINENO" "unistr.h" "ac_cv_header_unistr_h" "$ac_includes_default" if test "x$ac_cv_header_unistr_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UNISTR_H 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u8_check in -lunistring" >&5 $as_echo_n "checking for u8_check in -lunistring... " >&6; } if ${ac_cv_lib_unistring_u8_check+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lunistring -L$sss_extra_libdir $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char u8_check (); int main () { return u8_check (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_unistring_u8_check=yes else ac_cv_lib_unistring_u8_check=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_unistring_u8_check" >&5 $as_echo "$ac_cv_lib_unistring_u8_check" >&6; } if test "x$ac_cv_lib_unistring_u8_check" = xyes; then : UNISTRING_LIBS="-lunistring" else as_fn_error $? "No usable libunistring library found" "$LINENO" 5 fi else as_fn_error $? "libunistring header files are not installed" "$LINENO" 5 fi done UNISTRING_LIBS="-L$sss_extra_libdir $UNISTRING_LIBS " cat >>confdefs.h <<_ACEOF #define HAVE_LIBUNISTRING 1 _ACEOF UNICODE_LIBS=$UNISTRING_LIBS else pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLIB2" >&5 $as_echo_n "checking for GLIB2... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$GLIB2_CFLAGS"; then pkg_cv_GLIB2_CFLAGS="$GLIB2_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0\""; } >&5 ($PKG_CONFIG --exists --print-errors "glib-2.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_GLIB2_CFLAGS=`$PKG_CONFIG --cflags "glib-2.0" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$GLIB2_LIBS"; then pkg_cv_GLIB2_LIBS="$GLIB2_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0\""; } >&5 ($PKG_CONFIG --exists --print-errors "glib-2.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_GLIB2_LIBS=`$PKG_CONFIG --libs "glib-2.0" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then GLIB2_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "glib-2.0"` else GLIB2_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "glib-2.0"` fi # Put the nasty error message in config.log where it belongs echo "$GLIB2_PKG_ERRORS" >&5 as_fn_error $? "Package requirements (glib-2.0) were not met: $GLIB2_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables GLIB2_CFLAGS and GLIB2_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. " "$LINENO" 5 elif test $pkg_failed = untried; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. Alternatively, you may set the environment variables GLIB2_CFLAGS and GLIB2_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . See \`config.log' for more details" "$LINENO" 5; } else GLIB2_CFLAGS=$pkg_cv_GLIB2_CFLAGS GLIB2_LIBS=$pkg_cv_GLIB2_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : fi if test x$has_glib2 != xno; then SAFE_LIBS="$LIBS" LIBS="$GLIB2_LIBS" ac_fn_c_check_func "$LINENO" "g_utf8_validate" "ac_cv_func_g_utf8_validate" if test "x$ac_cv_func_g_utf8_validate" = xyes; then : $as_echo "#define HAVE_G_UTF8_VALIDATE 1" >>confdefs.h fi LIBS="$SAFE_LIBS" fi cat >>confdefs.h <<_ACEOF #define HAVE_GLIB2 1 _ACEOF UNICODE_LIBS=$GLIB2_LIBS fi # Check whether --with-libnl was given. if test "${with_libnl+set}" = set; then : withval=$with_libnl; else with_libnl=yes fi if test x"$with_libnl" = xyes; then pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBNL" >&5 $as_echo_n "checking for LIBNL... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$LIBNL_CFLAGS"; then pkg_cv_LIBNL_CFLAGS="$LIBNL_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \" libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0\""; } >&5 ($PKG_CONFIG --exists --print-errors " libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_LIBNL_CFLAGS=`$PKG_CONFIG --cflags " libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$LIBNL_LIBS"; then pkg_cv_LIBNL_LIBS="$LIBNL_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \" libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0\""; } >&5 ($PKG_CONFIG --exists --print-errors " libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_LIBNL_LIBS=`$PKG_CONFIG --libs " libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then LIBNL_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors " libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0"` else LIBNL_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors " libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0"` fi # Put the nasty error message in config.log where it belongs echo "$LIBNL_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Netlink v3 support unavailable or too old" >&5 $as_echo "$as_me: WARNING: Netlink v3 support unavailable or too old" >&2;} elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Netlink v3 support unavailable or too old" >&5 $as_echo "$as_me: WARNING: Netlink v3 support unavailable or too old" >&2;} else LIBNL_CFLAGS=$pkg_cv_LIBNL_CFLAGS LIBNL_LIBS=$pkg_cv_LIBNL_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } HAVE_LIBNL=1 HAVE_LIBNL3=1 cat >>confdefs.h <<_ACEOF #define HAVE_LIBNL 1 _ACEOF cat >>confdefs.h <<_ACEOF #define HAVE_LIBNL3 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: Building with libnl3" >&5 $as_echo "$as_me: Building with libnl3" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_add_membership in -lnl-3" >&5 $as_echo_n "checking for nl_socket_add_membership in -lnl-3... " >&6; } if ${ac_cv_lib_nl_3_nl_socket_add_membership+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl-3 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_socket_add_membership (); int main () { return nl_socket_add_membership (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_3_nl_socket_add_membership=yes else ac_cv_lib_nl_3_nl_socket_add_membership=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_3_nl_socket_add_membership" >&5 $as_echo "$ac_cv_lib_nl_3_nl_socket_add_membership" >&6; } if test "x$ac_cv_lib_nl_3_nl_socket_add_membership" = xyes; then : $as_echo "#define HAVE_NL_SOCKET_ADD_MEMBERSHIP 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_modify_cb in -lnl-3" >&5 $as_echo_n "checking for nl_socket_modify_cb in -lnl-3... " >&6; } if ${ac_cv_lib_nl_3_nl_socket_modify_cb+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl-3 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_socket_modify_cb (); int main () { return nl_socket_modify_cb (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_3_nl_socket_modify_cb=yes else ac_cv_lib_nl_3_nl_socket_modify_cb=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_3_nl_socket_modify_cb" >&5 $as_echo "$ac_cv_lib_nl_3_nl_socket_modify_cb" >&6; } if test "x$ac_cv_lib_nl_3_nl_socket_modify_cb" = xyes; then : $as_echo "#define HAVE_NL_SOCKET_MODIFY_CB 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rtnl_route_get_oif in -lnl-3" >&5 $as_echo_n "checking for rtnl_route_get_oif in -lnl-3... " >&6; } if ${ac_cv_lib_nl_3_rtnl_route_get_oif+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl-3 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char rtnl_route_get_oif (); int main () { return rtnl_route_get_oif (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_3_rtnl_route_get_oif=yes else ac_cv_lib_nl_3_rtnl_route_get_oif=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_3_rtnl_route_get_oif" >&5 $as_echo "$ac_cv_lib_nl_3_rtnl_route_get_oif" >&6; } if test "x$ac_cv_lib_nl_3_rtnl_route_get_oif" = xyes; then : $as_echo "#define HAVE_RTNL_ROUTE_GET_OIF 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_set_passcred in -lnl-3" >&5 $as_echo_n "checking for nl_set_passcred in -lnl-3... " >&6; } if ${ac_cv_lib_nl_3_nl_set_passcred+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl-3 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_set_passcred (); int main () { return nl_set_passcred (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_3_nl_set_passcred=yes else ac_cv_lib_nl_3_nl_set_passcred=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_3_nl_set_passcred" >&5 $as_echo "$ac_cv_lib_nl_3_nl_set_passcred" >&6; } if test "x$ac_cv_lib_nl_3_nl_set_passcred" = xyes; then : $as_echo "#define HAVE_NL_SET_PASSCRED 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_set_passcred in -lnl-3" >&5 $as_echo_n "checking for nl_socket_set_passcred in -lnl-3... " >&6; } if ${ac_cv_lib_nl_3_nl_socket_set_passcred+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl-3 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_socket_set_passcred (); int main () { return nl_socket_set_passcred (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_3_nl_socket_set_passcred=yes else ac_cv_lib_nl_3_nl_socket_set_passcred=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_3_nl_socket_set_passcred" >&5 $as_echo "$ac_cv_lib_nl_3_nl_socket_set_passcred" >&6; } if test "x$ac_cv_lib_nl_3_nl_socket_set_passcred" = xyes; then : $as_echo "#define HAVE_NL_SOCKET_SET_PASSCRED 1" >>confdefs.h fi fi if test x"$HAVE_LIBNL" != x1; then pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBNL" >&5 $as_echo_n "checking for LIBNL... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$LIBNL_CFLAGS"; then pkg_cv_LIBNL_CFLAGS="$LIBNL_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnl-1 >= 1.1\""; } >&5 ($PKG_CONFIG --exists --print-errors "libnl-1 >= 1.1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_LIBNL_CFLAGS=`$PKG_CONFIG --cflags "libnl-1 >= 1.1" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$LIBNL_LIBS"; then pkg_cv_LIBNL_LIBS="$LIBNL_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnl-1 >= 1.1\""; } >&5 ($PKG_CONFIG --exists --print-errors "libnl-1 >= 1.1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_LIBNL_LIBS=`$PKG_CONFIG --libs "libnl-1 >= 1.1" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then LIBNL_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libnl-1 >= 1.1"` else LIBNL_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libnl-1 >= 1.1"` fi # Put the nasty error message in config.log where it belongs echo "$LIBNL_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Netlink v1 support unavailable or too old" >&5 $as_echo "$as_me: WARNING: Netlink v1 support unavailable or too old" >&2;} elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Netlink v1 support unavailable or too old" >&5 $as_echo "$as_me: WARNING: Netlink v1 support unavailable or too old" >&2;} else LIBNL_CFLAGS=$pkg_cv_LIBNL_CFLAGS LIBNL_LIBS=$pkg_cv_LIBNL_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } HAVE_LIBNL=1 HAVE_LIBNL1=1 cat >>confdefs.h <<_ACEOF #define HAVE_LIBNL 1 _ACEOF cat >>confdefs.h <<_ACEOF #define HAVE_LIBNL1 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: Building with libnl" >&5 $as_echo "$as_me: Building with libnl" >&6;} for ac_header in netlink.h do : ac_fn_c_check_header_mongrel "$LINENO" "netlink.h" "ac_cv_header_netlink_h" "$ac_includes_default" if test "x$ac_cv_header_netlink_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_NETLINK_H 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_connect in -lnl" >&5 $as_echo_n "checking for nl_connect in -lnl... " >&6; } if ${ac_cv_lib_nl_nl_connect+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_connect (); int main () { return nl_connect (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_nl_connect=yes else ac_cv_lib_nl_nl_connect=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_connect" >&5 $as_echo "$ac_cv_lib_nl_nl_connect" >&6; } if test "x$ac_cv_lib_nl_nl_connect" = xyes; then : LIBNL_LIBS="-lnl" else as_fn_error $? "libnl is required" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_add_membership in -lnl" >&5 $as_echo_n "checking for nl_socket_add_membership in -lnl... " >&6; } if ${ac_cv_lib_nl_nl_socket_add_membership+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_socket_add_membership (); int main () { return nl_socket_add_membership (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_nl_socket_add_membership=yes else ac_cv_lib_nl_nl_socket_add_membership=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_socket_add_membership" >&5 $as_echo "$ac_cv_lib_nl_nl_socket_add_membership" >&6; } if test "x$ac_cv_lib_nl_nl_socket_add_membership" = xyes; then : $as_echo "#define HAVE_NL_SOCKET_ADD_MEMBERSHIP 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_modify_cb in -lnl" >&5 $as_echo_n "checking for nl_socket_modify_cb in -lnl... " >&6; } if ${ac_cv_lib_nl_nl_socket_modify_cb+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_socket_modify_cb (); int main () { return nl_socket_modify_cb (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_nl_socket_modify_cb=yes else ac_cv_lib_nl_nl_socket_modify_cb=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_socket_modify_cb" >&5 $as_echo "$ac_cv_lib_nl_nl_socket_modify_cb" >&6; } if test "x$ac_cv_lib_nl_nl_socket_modify_cb" = xyes; then : $as_echo "#define HAVE_NL_SOCKET_MODIFY_CB 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rtnl_route_get_oif in -lnl" >&5 $as_echo_n "checking for rtnl_route_get_oif in -lnl... " >&6; } if ${ac_cv_lib_nl_rtnl_route_get_oif+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char rtnl_route_get_oif (); int main () { return rtnl_route_get_oif (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_rtnl_route_get_oif=yes else ac_cv_lib_nl_rtnl_route_get_oif=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_rtnl_route_get_oif" >&5 $as_echo "$ac_cv_lib_nl_rtnl_route_get_oif" >&6; } if test "x$ac_cv_lib_nl_rtnl_route_get_oif" = xyes; then : $as_echo "#define HAVE_RTNL_ROUTE_GET_OIF 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_set_passcred in -lnl" >&5 $as_echo_n "checking for nl_set_passcred in -lnl... " >&6; } if ${ac_cv_lib_nl_nl_set_passcred+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_set_passcred (); int main () { return nl_set_passcred (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_nl_set_passcred=yes else ac_cv_lib_nl_nl_set_passcred=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_set_passcred" >&5 $as_echo "$ac_cv_lib_nl_nl_set_passcred" >&6; } if test "x$ac_cv_lib_nl_nl_set_passcred" = xyes; then : $as_echo "#define HAVE_NL_SET_PASSCRED 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_set_passcred in -lnl" >&5 $as_echo_n "checking for nl_socket_set_passcred in -lnl... " >&6; } if ${ac_cv_lib_nl_nl_socket_set_passcred+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_socket_set_passcred (); int main () { return nl_socket_set_passcred (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_nl_socket_set_passcred=yes else ac_cv_lib_nl_nl_socket_set_passcred=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_socket_set_passcred" >&5 $as_echo "$ac_cv_lib_nl_nl_socket_set_passcred" >&6; } if test "x$ac_cv_lib_nl_nl_socket_set_passcred" = xyes; then : $as_echo "#define HAVE_NL_SOCKET_SET_PASSCRED 1" >>confdefs.h fi fi fi if test x"$HAVE_LIBNL" != x1; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Building without netlink" >&5 $as_echo "$as_me: WARNING: Building without netlink" >&2;} fi elif test x"$with_libnl" = xlibnl3; then pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBNL" >&5 $as_echo_n "checking for LIBNL... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$LIBNL_CFLAGS"; then pkg_cv_LIBNL_CFLAGS="$LIBNL_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \" libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0\""; } >&5 ($PKG_CONFIG --exists --print-errors " libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_LIBNL_CFLAGS=`$PKG_CONFIG --cflags " libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$LIBNL_LIBS"; then pkg_cv_LIBNL_LIBS="$LIBNL_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \" libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0\""; } >&5 ($PKG_CONFIG --exists --print-errors " libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_LIBNL_LIBS=`$PKG_CONFIG --libs " libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then LIBNL_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors " libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0"` else LIBNL_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors " libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0"` fi # Put the nasty error message in config.log where it belongs echo "$LIBNL_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Netlink v3 support unavailable or too old" >&5 $as_echo "$as_me: WARNING: Netlink v3 support unavailable or too old" >&2;} elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Netlink v3 support unavailable or too old" >&5 $as_echo "$as_me: WARNING: Netlink v3 support unavailable or too old" >&2;} else LIBNL_CFLAGS=$pkg_cv_LIBNL_CFLAGS LIBNL_LIBS=$pkg_cv_LIBNL_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } HAVE_LIBNL=1 HAVE_LIBNL3=1 cat >>confdefs.h <<_ACEOF #define HAVE_LIBNL 1 _ACEOF cat >>confdefs.h <<_ACEOF #define HAVE_LIBNL3 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: Building with libnl3" >&5 $as_echo "$as_me: Building with libnl3" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_add_membership in -lnl-3" >&5 $as_echo_n "checking for nl_socket_add_membership in -lnl-3... " >&6; } if ${ac_cv_lib_nl_3_nl_socket_add_membership+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl-3 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_socket_add_membership (); int main () { return nl_socket_add_membership (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_3_nl_socket_add_membership=yes else ac_cv_lib_nl_3_nl_socket_add_membership=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_3_nl_socket_add_membership" >&5 $as_echo "$ac_cv_lib_nl_3_nl_socket_add_membership" >&6; } if test "x$ac_cv_lib_nl_3_nl_socket_add_membership" = xyes; then : $as_echo "#define HAVE_NL_SOCKET_ADD_MEMBERSHIP 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_modify_cb in -lnl-3" >&5 $as_echo_n "checking for nl_socket_modify_cb in -lnl-3... " >&6; } if ${ac_cv_lib_nl_3_nl_socket_modify_cb+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl-3 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_socket_modify_cb (); int main () { return nl_socket_modify_cb (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_3_nl_socket_modify_cb=yes else ac_cv_lib_nl_3_nl_socket_modify_cb=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_3_nl_socket_modify_cb" >&5 $as_echo "$ac_cv_lib_nl_3_nl_socket_modify_cb" >&6; } if test "x$ac_cv_lib_nl_3_nl_socket_modify_cb" = xyes; then : $as_echo "#define HAVE_NL_SOCKET_MODIFY_CB 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rtnl_route_get_oif in -lnl-3" >&5 $as_echo_n "checking for rtnl_route_get_oif in -lnl-3... " >&6; } if ${ac_cv_lib_nl_3_rtnl_route_get_oif+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl-3 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char rtnl_route_get_oif (); int main () { return rtnl_route_get_oif (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_3_rtnl_route_get_oif=yes else ac_cv_lib_nl_3_rtnl_route_get_oif=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_3_rtnl_route_get_oif" >&5 $as_echo "$ac_cv_lib_nl_3_rtnl_route_get_oif" >&6; } if test "x$ac_cv_lib_nl_3_rtnl_route_get_oif" = xyes; then : $as_echo "#define HAVE_RTNL_ROUTE_GET_OIF 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_set_passcred in -lnl-3" >&5 $as_echo_n "checking for nl_set_passcred in -lnl-3... " >&6; } if ${ac_cv_lib_nl_3_nl_set_passcred+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl-3 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_set_passcred (); int main () { return nl_set_passcred (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_3_nl_set_passcred=yes else ac_cv_lib_nl_3_nl_set_passcred=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_3_nl_set_passcred" >&5 $as_echo "$ac_cv_lib_nl_3_nl_set_passcred" >&6; } if test "x$ac_cv_lib_nl_3_nl_set_passcred" = xyes; then : $as_echo "#define HAVE_NL_SET_PASSCRED 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_set_passcred in -lnl-3" >&5 $as_echo_n "checking for nl_socket_set_passcred in -lnl-3... " >&6; } if ${ac_cv_lib_nl_3_nl_socket_set_passcred+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl-3 $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_socket_set_passcred (); int main () { return nl_socket_set_passcred (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_3_nl_socket_set_passcred=yes else ac_cv_lib_nl_3_nl_socket_set_passcred=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_3_nl_socket_set_passcred" >&5 $as_echo "$ac_cv_lib_nl_3_nl_socket_set_passcred" >&6; } if test "x$ac_cv_lib_nl_3_nl_socket_set_passcred" = xyes; then : $as_echo "#define HAVE_NL_SOCKET_SET_PASSCRED 1" >>confdefs.h fi fi if test x"$HAVE_LIBNL" != x1; then as_fn_error $? "Libnl3 required, but not available" "$LINENO" 5 fi elif test x"$with_libnl" = xlibnl1; then pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBNL" >&5 $as_echo_n "checking for LIBNL... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$LIBNL_CFLAGS"; then pkg_cv_LIBNL_CFLAGS="$LIBNL_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnl-1 >= 1.1\""; } >&5 ($PKG_CONFIG --exists --print-errors "libnl-1 >= 1.1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_LIBNL_CFLAGS=`$PKG_CONFIG --cflags "libnl-1 >= 1.1" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$LIBNL_LIBS"; then pkg_cv_LIBNL_LIBS="$LIBNL_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnl-1 >= 1.1\""; } >&5 ($PKG_CONFIG --exists --print-errors "libnl-1 >= 1.1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_LIBNL_LIBS=`$PKG_CONFIG --libs "libnl-1 >= 1.1" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then LIBNL_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libnl-1 >= 1.1"` else LIBNL_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libnl-1 >= 1.1"` fi # Put the nasty error message in config.log where it belongs echo "$LIBNL_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Netlink v1 support unavailable or too old" >&5 $as_echo "$as_me: WARNING: Netlink v1 support unavailable or too old" >&2;} elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Netlink v1 support unavailable or too old" >&5 $as_echo "$as_me: WARNING: Netlink v1 support unavailable or too old" >&2;} else LIBNL_CFLAGS=$pkg_cv_LIBNL_CFLAGS LIBNL_LIBS=$pkg_cv_LIBNL_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } HAVE_LIBNL=1 HAVE_LIBNL1=1 cat >>confdefs.h <<_ACEOF #define HAVE_LIBNL 1 _ACEOF cat >>confdefs.h <<_ACEOF #define HAVE_LIBNL1 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: Building with libnl" >&5 $as_echo "$as_me: Building with libnl" >&6;} for ac_header in netlink.h do : ac_fn_c_check_header_mongrel "$LINENO" "netlink.h" "ac_cv_header_netlink_h" "$ac_includes_default" if test "x$ac_cv_header_netlink_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_NETLINK_H 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_connect in -lnl" >&5 $as_echo_n "checking for nl_connect in -lnl... " >&6; } if ${ac_cv_lib_nl_nl_connect+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_connect (); int main () { return nl_connect (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_nl_connect=yes else ac_cv_lib_nl_nl_connect=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_connect" >&5 $as_echo "$ac_cv_lib_nl_nl_connect" >&6; } if test "x$ac_cv_lib_nl_nl_connect" = xyes; then : LIBNL_LIBS="-lnl" else as_fn_error $? "libnl is required" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_add_membership in -lnl" >&5 $as_echo_n "checking for nl_socket_add_membership in -lnl... " >&6; } if ${ac_cv_lib_nl_nl_socket_add_membership+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_socket_add_membership (); int main () { return nl_socket_add_membership (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_nl_socket_add_membership=yes else ac_cv_lib_nl_nl_socket_add_membership=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_socket_add_membership" >&5 $as_echo "$ac_cv_lib_nl_nl_socket_add_membership" >&6; } if test "x$ac_cv_lib_nl_nl_socket_add_membership" = xyes; then : $as_echo "#define HAVE_NL_SOCKET_ADD_MEMBERSHIP 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_modify_cb in -lnl" >&5 $as_echo_n "checking for nl_socket_modify_cb in -lnl... " >&6; } if ${ac_cv_lib_nl_nl_socket_modify_cb+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_socket_modify_cb (); int main () { return nl_socket_modify_cb (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_nl_socket_modify_cb=yes else ac_cv_lib_nl_nl_socket_modify_cb=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_socket_modify_cb" >&5 $as_echo "$ac_cv_lib_nl_nl_socket_modify_cb" >&6; } if test "x$ac_cv_lib_nl_nl_socket_modify_cb" = xyes; then : $as_echo "#define HAVE_NL_SOCKET_MODIFY_CB 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rtnl_route_get_oif in -lnl" >&5 $as_echo_n "checking for rtnl_route_get_oif in -lnl... " >&6; } if ${ac_cv_lib_nl_rtnl_route_get_oif+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char rtnl_route_get_oif (); int main () { return rtnl_route_get_oif (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_rtnl_route_get_oif=yes else ac_cv_lib_nl_rtnl_route_get_oif=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_rtnl_route_get_oif" >&5 $as_echo "$ac_cv_lib_nl_rtnl_route_get_oif" >&6; } if test "x$ac_cv_lib_nl_rtnl_route_get_oif" = xyes; then : $as_echo "#define HAVE_RTNL_ROUTE_GET_OIF 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_set_passcred in -lnl" >&5 $as_echo_n "checking for nl_set_passcred in -lnl... " >&6; } if ${ac_cv_lib_nl_nl_set_passcred+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_set_passcred (); int main () { return nl_set_passcred (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_nl_set_passcred=yes else ac_cv_lib_nl_nl_set_passcred=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_set_passcred" >&5 $as_echo "$ac_cv_lib_nl_nl_set_passcred" >&6; } if test "x$ac_cv_lib_nl_nl_set_passcred" = xyes; then : $as_echo "#define HAVE_NL_SET_PASSCRED 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_socket_set_passcred in -lnl" >&5 $as_echo_n "checking for nl_socket_set_passcred in -lnl... " >&6; } if ${ac_cv_lib_nl_nl_socket_set_passcred+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char nl_socket_set_passcred (); int main () { return nl_socket_set_passcred (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nl_nl_socket_set_passcred=yes else ac_cv_lib_nl_nl_socket_set_passcred=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nl_nl_socket_set_passcred" >&5 $as_echo "$ac_cv_lib_nl_nl_socket_set_passcred" >&6; } if test "x$ac_cv_lib_nl_nl_socket_set_passcred" = xyes; then : $as_echo "#define HAVE_NL_SOCKET_SET_PASSCRED 1" >>confdefs.h fi fi if test x"$HAVE_LIBNL" != x1; then as_fn_error $? "Libnl required, but not available" "$LINENO" 5 fi fi if test x$HAVE_NSCD; then # Check whether --with-nscd_conf was given. if test "${with_nscd_conf+set}" = set; then : withval=$with_nscd_conf; fi NSCD_CONF_PATH="/etc/nscd.conf" if test x"$with_nscd_conf" != x; then NSCD_CONF_PATH=$with_nscd_conf fi cat >>confdefs.h <<_ACEOF #define NSCD_CONF_PATH "$NSCD_CONF_PATH" _ACEOF fi # Check whether --with-initscript was given. if test "${with_initscript+set}" = set; then : withval=$with_initscript; fi default_initscript=sysv if test x"$with_initscript" = x; then with_initscript=$default_initscript fi if test x"$with_initscript" = xsysv || \ test x"$with_initscript" = xsystemd; then initscript=$with_initscript else as_fn_error $? "Illegal value -$with_initscript- for option --with-initscript" "$LINENO" 5 fi if test x"$initscript" = xsysv; then HAVE_SYSV_TRUE= HAVE_SYSV_FALSE='#' else HAVE_SYSV_TRUE='#' HAVE_SYSV_FALSE= fi if test x"$initscript" = xsystemd; then HAVE_SYSTEMD_UNIT_TRUE= HAVE_SYSTEMD_UNIT_FALSE='#' else HAVE_SYSTEMD_UNIT_TRUE='#' HAVE_SYSTEMD_UNIT_FALSE= fi { $as_echo "$as_me:${as_lineno-$LINENO}: Will use init script type: $initscript" >&5 $as_echo "$as_me: Will use init script type: $initscript" >&6;} if test x$initscript = xsystemd; then # Check whether --with-systemdunitdir was given. if test "${with_systemdunitdir+set}" = set; then : withval=$with_systemdunitdir; fi if test x"$with_systemdunitdir" != x; then systemdunitdir=$with_systemdunitdir else systemdunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd) if test x"$systemdunitdir" = x; then as_fn_error $? "Could not detect systemd unit directory" "$LINENO" 5 fi fi fi pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DBUS" >&5 $as_echo_n "checking for DBUS... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$DBUS_CFLAGS"; then pkg_cv_DBUS_CFLAGS="$DBUS_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"dbus-1\""; } >&5 ($PKG_CONFIG --exists --print-errors "dbus-1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_DBUS_CFLAGS=`$PKG_CONFIG --cflags "dbus-1" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$DBUS_LIBS"; then pkg_cv_DBUS_LIBS="$DBUS_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"dbus-1\""; } >&5 ($PKG_CONFIG --exists --print-errors "dbus-1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_DBUS_LIBS=`$PKG_CONFIG --libs "dbus-1" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then DBUS_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "dbus-1"` else DBUS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "dbus-1"` fi # Put the nasty error message in config.log where it belongs echo "$DBUS_PKG_ERRORS" >&5 as_fn_error $? "Package requirements (dbus-1) were not met: $DBUS_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables DBUS_CFLAGS and DBUS_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. " "$LINENO" 5 elif test $pkg_failed = untried; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. Alternatively, you may set the environment variables DBUS_CFLAGS and DBUS_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . See \`config.log' for more details" "$LINENO" 5; } else DBUS_CFLAGS=$pkg_cv_DBUS_CFLAGS DBUS_LIBS=$pkg_cv_DBUS_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : fi if ! $PKG_CONFIG --atleast-version 1.0.0 dbus-1; then DBUS_CFLAGS="$DBUS_CFLAGS -DDBUS_API_SUBJECT_TO_CHANGE" { $as_echo "$as_me:${as_lineno-$LINENO}: result: setting -DDBUS_API_SUBJECT_TO_CHANGE" >&5 $as_echo "setting -DDBUS_API_SUBJECT_TO_CHANGE" >&6; } fi if test x$has_dbus != xno; then SAFE_LIBS="$LIBS" LIBS="$DBUS_LIBS" ac_fn_c_check_func "$LINENO" "dbus_watch_get_unix_fd" "ac_cv_func_dbus_watch_get_unix_fd" if test "x$ac_cv_func_dbus_watch_get_unix_fd" = xyes; then : $as_echo "#define HAVE_DBUS_WATCH_GET_UNIX_FD 1" >>confdefs.h fi LIBS="$SAFE_LIBS" fi # work around a bug in cov-build from Coverity test -n "$XML_CATALOG_FILES" || unset XML_CATALOG_FILES if test x$HAVE_MANPAGES != x; then # Extract the first word of "xsltproc", so it can be a program name with args. set dummy xsltproc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_XSLTPROC+:} false; then : $as_echo_n "(cached) " >&6 else case $XSLTPROC in [\\/]* | ?:[\\/]*) ac_cv_path_XSLTPROC="$XSLTPROC" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_XSLTPROC="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi XSLTPROC=$ac_cv_path_XSLTPROC if test -n "$XSLTPROC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XSLTPROC" >&5 $as_echo "$XSLTPROC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test ! -x "$XSLTPROC"; then as_fn_error $? "Could not find xsltproc" "$LINENO" 5 fi # Extract the first word of "xmllint", so it can be a program name with args. set dummy xmllint; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_XMLLINT+:} false; then : $as_echo_n "(cached) " >&6 else case $XMLLINT in [\\/]* | ?:[\\/]*) ac_cv_path_XMLLINT="$XMLLINT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_XMLLINT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi XMLLINT=$ac_cv_path_XMLLINT if test -n "$XMLLINT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XMLLINT" >&5 $as_echo "$XMLLINT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test ! -x "$XMLLINT"; then as_fn_error $? "Could not find xmllint" "$LINENO" 5 fi DOCBOOK_XSLT=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl as_ac_File=`$as_echo "ac_cv_file_$SGML_CATALOG_FILES" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $SGML_CATALOG_FILES" >&5 $as_echo_n "checking for $SGML_CATALOG_FILES... " >&6; } if eval \${$as_ac_File+:} false; then : $as_echo_n "(cached) " >&6 else test "$cross_compiling" = yes && as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r "$SGML_CATALOG_FILES"; then eval "$as_ac_File=yes" else eval "$as_ac_File=no" fi fi eval ac_res=\$$as_ac_File { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } if eval test \"x\$"$as_ac_File"\" = x"yes"; then : else as_fn_error $? "could not find XML catalog" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Docbook XSL profiling templates in XML catalog" >&5 $as_echo_n "checking for Docbook XSL profiling templates in XML catalog... " >&6; } if { { $as_echo "$as_me:${as_lineno-$LINENO}: \$XSLTPROC --catalogs --nonet --noout \"\$DOCBOOK_XSLT\" >&2"; } >&5 ($XSLTPROC --catalogs --nonet --noout "$DOCBOOK_XSLT" >&2) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } HAVE_PROFILE_CATALOGS=1 else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Man pages might contain documentation for experimental features" >&5 $as_echo "$as_me: WARNING: Man pages might contain documentation for experimental features" >&2;} fi if test x$HAVE_PROFILE_CATALOGS == x; then DOCBOOK_XSLT=http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl as_ac_File=`$as_echo "ac_cv_file_$SGML_CATALOG_FILES" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $SGML_CATALOG_FILES" >&5 $as_echo_n "checking for $SGML_CATALOG_FILES... " >&6; } if eval \${$as_ac_File+:} false; then : $as_echo_n "(cached) " >&6 else test "$cross_compiling" = yes && as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r "$SGML_CATALOG_FILES"; then eval "$as_ac_File=yes" else eval "$as_ac_File=no" fi fi eval ac_res=\$$as_ac_File { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } if eval test \"x\$"$as_ac_File"\" = x"yes"; then : else as_fn_error $? "could not find XML catalog" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Docbook XSL templates in XML catalog" >&5 $as_echo_n "checking for Docbook XSL templates in XML catalog... " >&6; } if { { $as_echo "$as_me:${as_lineno-$LINENO}: \$XSLTPROC --catalogs --nonet --noout \"\$DOCBOOK_XSLT\" >&2"; } >&5 ($XSLTPROC --catalogs --nonet --noout "$DOCBOOK_XSLT" >&2) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "could not find the docbook xsl catalog" "$LINENO" 5 fi fi # Extract the first word of "po4a", so it can be a program name with args. set dummy po4a; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_PO4A+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$PO4A"; then ac_cv_prog_PO4A="$PO4A" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_PO4A="po4a" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_prog_PO4A" && ac_cv_prog_PO4A="no" fi fi PO4A=$ac_cv_prog_PO4A if test -n "$PO4A"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PO4A" >&5 $as_echo "$PO4A" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test "x$HAVE_PROFILE_CATALOGS" != "x"; then HAVE_PROFILE_CATALOGS_TRUE= HAVE_PROFILE_CATALOGS_FALSE='#' else HAVE_PROFILE_CATALOGS_TRUE='#' HAVE_PROFILE_CATALOGS_FALSE= fi if test "x$HAVE_MANPAGES" != "x"; then HAVE_MANPAGES_TRUE= HAVE_MANPAGES_FALSE='#' else HAVE_MANPAGES_TRUE='#' HAVE_MANPAGES_FALSE= fi if test "x$PO4A" != "xno"; then HAVE_PO4A_TRUE= HAVE_PO4A_FALSE='#' else HAVE_PO4A_TRUE='#' HAVE_PO4A_FALSE= fi if test x$HAVE_PYTHON_BINDINGS != x; then if test -n "$PYTHON"; then # If the user set $PYTHON, use it and don't search something else. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 2.4" >&5 $as_echo_n "checking whether $PYTHON version is >= 2.4... " >&6; } prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. # map returns an iterator in Python 3.0 and a list in 2.x minver = list(map(int, '2.4'.split('.'))) + [0, 0, 0] minverhex = 0 # xrange is not present in Python 3.0 and range returns an iterator for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i] sys.exit(sys.hexversion < minverhex)" if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5 ($PYTHON -c "$prog") >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "Python interpreter is too old" "$LINENO" 5 fi am_display_PYTHON=$PYTHON else # Otherwise, try each interpreter until we find one that satisfies # VERSION. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 2.4" >&5 $as_echo_n "checking for a Python interpreter with version >= 2.4... " >&6; } if ${am_cv_pathless_PYTHON+:} false; then : $as_echo_n "(cached) " >&6 else for am_cv_pathless_PYTHON in python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do test "$am_cv_pathless_PYTHON" = none && break prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. # map returns an iterator in Python 3.0 and a list in 2.x minver = list(map(int, '2.4'.split('.'))) + [0, 0, 0] minverhex = 0 # xrange is not present in Python 3.0 and range returns an iterator for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i] sys.exit(sys.hexversion < minverhex)" if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5 ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then : break fi done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5 $as_echo "$am_cv_pathless_PYTHON" >&6; } # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. if test "$am_cv_pathless_PYTHON" = none; then PYTHON=: else # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args. set dummy $am_cv_pathless_PYTHON; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PYTHON+:} false; then : $as_echo_n "(cached) " >&6 else case $PYTHON in [\\/]* | ?:[\\/]*) ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PYTHON=$ac_cv_path_PYTHON if test -n "$PYTHON"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 $as_echo "$PYTHON" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi am_display_PYTHON=$am_cv_pathless_PYTHON fi if test "$PYTHON" = :; then as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5 else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5 $as_echo_n "checking for $am_display_PYTHON version... " >&6; } if ${am_cv_python_version+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"` fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 $as_echo "$am_cv_python_version" >&6; } PYTHON_VERSION=$am_cv_python_version PYTHON_PREFIX='${prefix}' PYTHON_EXEC_PREFIX='${exec_prefix}' { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5 $as_echo_n "checking for $am_display_PYTHON platform... " >&6; } if ${am_cv_python_platform+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 $as_echo "$am_cv_python_platform" >&6; } PYTHON_PLATFORM=$am_cv_python_platform # Just factor out some code duplication. am_python_setup_sysconfig="\ import sys # Prefer sysconfig over distutils.sysconfig, for better compatibility # with python 3.x. See automake bug#10227. try: import sysconfig except ImportError: can_use_sysconfig = 0 else: can_use_sysconfig = 1 # Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: # try: from platform import python_implementation if python_implementation() == 'CPython' and sys.version[:3] == '2.7': can_use_sysconfig = 0 except ImportError: pass" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 $as_echo_n "checking for $am_display_PYTHON script directory... " >&6; } if ${am_cv_python_pythondir+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$prefix" = xNONE then am_py_prefix=$ac_default_prefix else am_py_prefix=$prefix fi am_cv_python_pythondir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') sys.stdout.write(sitedir)"` case $am_cv_python_pythondir in $am_py_prefix*) am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` ;; *) case $am_py_prefix in /usr|/System*) ;; *) am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 $as_echo "$am_cv_python_pythondir" >&6; } pythondir=$am_cv_python_pythondir pkgpythondir=\${pythondir}/$PACKAGE { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5 $as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; } if ${am_cv_python_pyexecdir+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$exec_prefix" = xNONE then am_py_exec_prefix=$am_py_prefix else am_py_exec_prefix=$exec_prefix fi am_cv_python_pyexecdir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') sys.stdout.write(sitedir)"` case $am_cv_python_pyexecdir in $am_py_exec_prefix*) am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` ;; *) case $am_py_exec_prefix in /usr|/System*) ;; *) am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 $as_echo "$am_cv_python_pyexecdir" >&6; } pyexecdir=$am_cv_python_pyexecdir pkgpyexecdir=\${pyexecdir}/$PACKAGE fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for headers required to compile python extensions" >&5 $as_echo_n "checking for headers required to compile python extensions... " >&6; } py_prefix=`$PYTHON -c "import sys; print sys.prefix"` py_exec_prefix=`$PYTHON -c "import sys; print sys.exec_prefix"` PYTHON_INCLUDES="-I${py_prefix}/include/python${PYTHON_VERSION}" if test "$py_prefix" != "$py_exec_prefix"; then PYTHON_INCLUDES="$PYTHON_INCLUDES -I${py_exec_prefix}/include/python${PYTHON_VERSION}" fi save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $PYTHON_INCLUDES" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 $as_echo "found" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } as_fn_error $? "Could not find python headers" "$LINENO" 5 fi rm -f conftest.err conftest.i conftest.$ac_ext CPPFLAGS="$save_CPPFLAGS" # Extract the first word of "python", so it can be a program name with args. set dummy python; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PYTHON+:} false; then : $as_echo_n "(cached) " >&6 else case $PYTHON in [\\/]* | ?:[\\/]*) ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PYTHON=$ac_cv_path_PYTHON if test -n "$PYTHON"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 $as_echo "$PYTHON" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working python" >&5 $as_echo_n "checking for working python... " >&6; } if test -x "$PYTHON"; then PYTHON_CFLAGS="`$PYTHON -c \"from distutils import sysconfig; \ print '-I' + sysconfig.get_python_inc() + \ ' -I' + sysconfig.get_python_inc(plat_specific=True) + ' ' + \ sysconfig.get_config_var('BASECFLAGS')\"`" PYTHON_LIBS="`$PYTHON -c \"from distutils import sysconfig; \ print \\\" \\\".join(sysconfig.get_config_var('LIBS').split() + \ sysconfig.get_config_var('SYSLIBS').split()) + \ ' -lpython' + sysconfig.get_config_var('VERSION') + \ ' -L' + sysconfig.get_config_var('LIBDIR')\"`" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "Please install python devel package" "$LINENO" 5 fi save_CPPFLAGS="$CPPFLAGS" save_LIBS="$LIBS" CPPFLAGS="$CPPFLAGS $PYTHON_INCLUDES" LIBS="$LIBS $PYTHON_LIBS" ac_fn_c_check_type "$LINENO" "Py_ssize_t" "ac_cv_type_Py_ssize_t" "#include " if test "x$ac_cv_type_Py_ssize_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_PY_SSIZE_T 1 _ACEOF fi for ac_func in PySet_New PySet_Add PyErr_NewExceptionWithDoc do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_decl "$LINENO" "PySet_Check" "ac_cv_have_decl_PySet_Check" "#include " if test "x$ac_cv_have_decl_PySet_Check" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_PYSET_CHECK $ac_have_decl _ACEOF ac_fn_c_check_decl "$LINENO" "PyModule_AddIntMacro" "ac_cv_have_decl_PyModule_AddIntMacro" "#include " if test "x$ac_cv_have_decl_PyModule_AddIntMacro" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_PYMODULE_ADDINTMACRO $ac_have_decl _ACEOF ac_fn_c_check_decl "$LINENO" "PyUnicode_FromString" "ac_cv_have_decl_PyUnicode_FromString" "#include " if test "x$ac_cv_have_decl_PyUnicode_FromString" = xyes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_PYUNICODE_FROMSTRING $ac_have_decl _ACEOF CPPFLAGS="$save_CPPFLAGS" LIBS="$save_LIBS" fi if test x$HAVE_SELINUX != x; then for ac_header in selinux/selinux.h do : ac_fn_c_check_header_mongrel "$LINENO" "selinux/selinux.h" "ac_cv_header_selinux_selinux_h" "$ac_includes_default" if test "x$ac_cv_header_selinux_selinux_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SELINUX_SELINUX_H 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for is_selinux_enabled in -lselinux" >&5 $as_echo_n "checking for is_selinux_enabled in -lselinux... " >&6; } if ${ac_cv_lib_selinux_is_selinux_enabled+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lselinux $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char is_selinux_enabled (); int main () { return is_selinux_enabled (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_selinux_is_selinux_enabled=yes else ac_cv_lib_selinux_is_selinux_enabled=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_is_selinux_enabled" >&5 $as_echo "$ac_cv_lib_selinux_is_selinux_enabled" >&6; } if test "x$ac_cv_lib_selinux_is_selinux_enabled" = xyes; then : SELINUX_LIBS="-lselinux" else as_fn_error $? "SELinux library is missing" "$LINENO" 5 fi else as_fn_error $? "SELinux headers are missing" "$LINENO" 5 fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/selinux/targeted/logins/" >&5 $as_echo_n "checking for /etc/selinux/targeted/logins/... " >&6; } if ${ac_cv_file__etc_selinux_targeted_logins_+:} false; then : $as_echo_n "(cached) " >&6 else test "$cross_compiling" = yes && as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r "/etc/selinux/targeted/logins/"; then ac_cv_file__etc_selinux_targeted_logins_=yes else ac_cv_file__etc_selinux_targeted_logins_=no fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__etc_selinux_targeted_logins_" >&5 $as_echo "$ac_cv_file__etc_selinux_targeted_logins_" >&6; } if test "x$ac_cv_file__etc_selinux_targeted_logins_" = xyes; then : $as_echo "#define HAVE_SELINUX_LOGIN_DIR 1" >>confdefs.h else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SELinux login directory is not available" >&5 $as_echo "$as_me: WARNING: SELinux login directory is not available" >&2;} fi fi if test x$HAVE_SEMANAGE != x -a x$HAVE_SELINUX != x; then for ac_header in semanage/semanage.h do : ac_fn_c_check_header_mongrel "$LINENO" "semanage/semanage.h" "ac_cv_header_semanage_semanage_h" "$ac_includes_default" if test "x$ac_cv_header_semanage_semanage_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SEMANAGE_SEMANAGE_H 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for semanage_handle_create in -lsemanage" >&5 $as_echo_n "checking for semanage_handle_create in -lsemanage... " >&6; } if ${ac_cv_lib_semanage_semanage_handle_create+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsemanage $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char semanage_handle_create (); int main () { return semanage_handle_create (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_semanage_semanage_handle_create=yes else ac_cv_lib_semanage_semanage_handle_create=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_semanage_semanage_handle_create" >&5 $as_echo "$ac_cv_lib_semanage_semanage_handle_create" >&6; } if test "x$ac_cv_lib_semanage_semanage_handle_create" = xyes; then : SEMANAGE_LIBS="-lsemanage" else as_fn_error $? "libsemanage is missing" "$LINENO" 5 fi else as_fn_error $? "libsemanage is missing" "$LINENO" 5 fi done fi if test x$HAVE_SYSTEMD_UNIT != x; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"systemd\""; } >&5 ($PKG_CONFIG --exists --print-errors "systemd") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then HAVE_SYSTEMD=1, else as_fn_error $? "Could not detect systemd presence" "$LINENO" 5 fi fi if test x$cryptolib = xnss; then pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS" >&5 $as_echo_n "checking for NSS... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$NSS_CFLAGS"; then pkg_cv_NSS_CFLAGS="$NSS_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5 ($PKG_CONFIG --exists --print-errors "nss") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_NSS_CFLAGS=`$PKG_CONFIG --cflags "nss" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$NSS_LIBS"; then pkg_cv_NSS_LIBS="$NSS_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5 ($PKG_CONFIG --exists --print-errors "nss") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_NSS_LIBS=`$PKG_CONFIG --libs "nss" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then NSS_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "nss"` else NSS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "nss"` fi # Put the nasty error message in config.log where it belongs echo "$NSS_PKG_ERRORS" >&5 as_fn_error $? "Package requirements (nss) were not met: $NSS_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables NSS_CFLAGS and NSS_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. " "$LINENO" 5 elif test $pkg_failed = untried; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. Alternatively, you may set the environment variables NSS_CFLAGS and NSS_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . See \`config.log' for more details" "$LINENO" 5; } else NSS_CFLAGS=$pkg_cv_NSS_CFLAGS NSS_LIBS=$pkg_cv_NSS_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : fi cat >>confdefs.h <<_ACEOF #define HAVE_NSS 1 _ACEOF fi if test x$cryptolib = xlibcrypto; then pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CRYPTO" >&5 $as_echo_n "checking for CRYPTO... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$CRYPTO_CFLAGS"; then pkg_cv_CRYPTO_CFLAGS="$CRYPTO_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto\""; } >&5 ($PKG_CONFIG --exists --print-errors "libcrypto") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_CRYPTO_CFLAGS=`$PKG_CONFIG --cflags "libcrypto" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$CRYPTO_LIBS"; then pkg_cv_CRYPTO_LIBS="$CRYPTO_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto\""; } >&5 ($PKG_CONFIG --exists --print-errors "libcrypto") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_CRYPTO_LIBS=`$PKG_CONFIG --libs "libcrypto" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then CRYPTO_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "libcrypto"` else CRYPTO_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "libcrypto"` fi # Put the nasty error message in config.log where it belongs echo "$CRYPTO_PKG_ERRORS" >&5 as_fn_error $? "Package requirements (libcrypto) were not met: $CRYPTO_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables CRYPTO_CFLAGS and CRYPTO_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. " "$LINENO" 5 elif test $pkg_failed = untried; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. Alternatively, you may set the environment variables CRYPTO_CFLAGS and CRYPTO_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . See \`config.log' for more details" "$LINENO" 5; } else CRYPTO_CFLAGS=$pkg_cv_CRYPTO_CFLAGS CRYPTO_LIBS=$pkg_cv_CRYPTO_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : fi cat >>confdefs.h <<_ACEOF #define HAVE_LIBCRYPTO 1 _ACEOF fi for ac_header in sys/inotify.h do : ac_fn_c_check_header_mongrel "$LINENO" "sys/inotify.h" "ac_cv_header_sys_inotify_h" "$ac_includes_default" if test "x$ac_cv_header_sys_inotify_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SYS_INOTIFY_H 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sys/inotify.h actually works" >&5 $as_echo_n "checking whether sys/inotify.h actually works... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef HAVE_SYS_INOTITY_H #include , #endif int main () { return (-1 == inotify_init()); } _ACEOF if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; }; inotify_works=yes else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" sss_extra_libdir="$additional_libdir" if test x"$inotify_works" != xyes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inotify_init in -linotify" >&5 $as_echo_n "checking for inotify_init in -linotify... " >&6; } if ${ac_cv_lib_inotify_inotify_init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-linotify $sss_extra_libdir $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char inotify_init (); int main () { return inotify_init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_inotify_inotify_init=yes else ac_cv_lib_inotify_inotify_init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_inotify_inotify_init" >&5 $as_echo "$ac_cv_lib_inotify_inotify_init" >&6; } if test "x$ac_cv_lib_inotify_inotify_init" = xyes; then : INOTIFY_LIBS="$sss_extra_libdir -linotify" inotify_works=yes else inotify_works=no fi fi if test x"$inotify_works" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_INOTIFY 1 _ACEOF fi for ac_header in sasl/sasl.h do : ac_fn_c_check_header_mongrel "$LINENO" "sasl/sasl.h" "ac_cv_header_sasl_sasl_h" "$ac_includes_default" if test "x$ac_cv_header_sasl_sasl_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SASL_SASL_H 1 _ACEOF else as_fn_error $? "Could not find SASL headers" "$LINENO" 5 fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compiler supports __attribute__((destructor))" >&5 $as_echo_n "checking whether compiler supports __attribute__((destructor))... " >&6; } if ${sss_client_cv_attribute_destructor+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ __attribute__((destructor)) static void cleanup(void) { } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sss_client_cv_attribute_destructor=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sss_client_cv_attribute_destructor" >&5 $as_echo "$sss_client_cv_attribute_destructor" >&6; } if test x"$sss_client_cv_attribute_destructor" = xyes ; then $as_echo "#define HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compiler supports __attribute__((format))" >&5 $as_echo_n "checking whether compiler supports __attribute__((format))... " >&6; } if ${sss_cv_attribute_format+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ void debug_fn(const char *format, ...) __attribute__ ((format (printf, 1, 2))); _ACEOF if ac_fn_c_try_compile "$LINENO"; then : sss_cv_attribute_format=yes else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: compiler does NOT support __attribute__((format))" >&5 $as_echo "$as_me: WARNING: compiler does NOT support __attribute__((format))" >&2;} fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sss_cv_attribute_format" >&5 $as_echo "$sss_cv_attribute_format" >&6; } if test x"$sss_cv_attribute_format" = xyes ; then $as_echo "#define HAVE_FUNCTION_ATTRIBUTE_FORMAT 1" >>confdefs.h fi pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CHECK" >&5 $as_echo_n "checking for CHECK... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$CHECK_CFLAGS"; then pkg_cv_CHECK_CFLAGS="$CHECK_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"check >= 0.9.5\""; } >&5 ($PKG_CONFIG --exists --print-errors "check >= 0.9.5") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_CHECK_CFLAGS=`$PKG_CONFIG --cflags "check >= 0.9.5" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$CHECK_LIBS"; then pkg_cv_CHECK_LIBS="$CHECK_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"check >= 0.9.5\""; } >&5 ($PKG_CONFIG --exists --print-errors "check >= 0.9.5") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_CHECK_LIBS=`$PKG_CONFIG --libs "check >= 0.9.5" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then CHECK_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "check >= 0.9.5"` else CHECK_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "check >= 0.9.5"` fi # Put the nasty error message in config.log where it belongs echo "$CHECK_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } have_check= elif test $pkg_failed = untried; then have_check= else CHECK_CFLAGS=$pkg_cv_CHECK_CFLAGS CHECK_LIBS=$pkg_cv_CHECK_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } have_check=1 fi if test x$have_check = x; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Without the 'CHECK' libraries, you will be unable to run all tests in the 'make check' suite" >&5 $as_echo "$as_me: WARNING: Without the 'CHECK' libraries, you will be unable to run all tests in the 'make check' suite" >&2;} else for ac_header in check.h do : ac_fn_c_check_header_mongrel "$LINENO" "check.h" "ac_cv_header_check_h" "$ac_includes_default" if test "x$ac_cv_header_check_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_CHECK_H 1 _ACEOF else as_fn_error $? "Could not find CHECK headers" "$LINENO" 5 fi done fi # Extract the first word of "doxygen", so it can be a program name with args. set dummy doxygen; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_DOXYGEN+:} false; then : $as_echo_n "(cached) " >&6 else case $DOXYGEN in [\\/]* | ?:[\\/]*) ac_cv_path_DOXYGEN="$DOXYGEN" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_DOXYGEN="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_DOXYGEN" && ac_cv_path_DOXYGEN="false" ;; esac fi DOXYGEN=$ac_cv_path_DOXYGEN if test -n "$DOXYGEN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DOXYGEN" >&5 $as_echo "$DOXYGEN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test x$DOXYGEN != xfalse ; then HAVE_DOXYGEN_TRUE= HAVE_DOXYGEN_FALSE='#' else HAVE_DOXYGEN_TRUE='#' HAVE_DOXYGEN_FALSE= fi if test x$have_check != x; then HAVE_CHECK_TRUE= HAVE_CHECK_FALSE='#' else HAVE_CHECK_TRUE='#' HAVE_CHECK_FALSE= fi if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka\""; } >&5 ($PKG_CONFIG --exists --print-errors "cmocka") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then for ac_header in stdarg.h stddef.h setjmp.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Header files stdarg.h stddef.h setjmp.h are required by cmocka" >&5 $as_echo "$as_me: WARNING: Header files stdarg.h stddef.h setjmp.h are required by cmocka" >&2;} cmocka_required_headers="no" fi done if test x"$cmocka_required_headers" != x"no"; then : pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CMOCKA" >&5 $as_echo_n "checking for CMOCKA... " >&6; } if test -n "$PKG_CONFIG"; then if test -n "$CMOCKA_CFLAGS"; then pkg_cv_CMOCKA_CFLAGS="$CMOCKA_CFLAGS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka\""; } >&5 ($PKG_CONFIG --exists --print-errors "cmocka") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_CMOCKA_CFLAGS=`$PKG_CONFIG --cflags "cmocka" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test -n "$PKG_CONFIG"; then if test -n "$CMOCKA_LIBS"; then pkg_cv_CMOCKA_LIBS="$CMOCKA_LIBS" else if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka\""; } >&5 ($PKG_CONFIG --exists --print-errors "cmocka") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_CMOCKA_LIBS=`$PKG_CONFIG --libs "cmocka" 2>/dev/null` else pkg_failed=yes fi fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then CMOCKA_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "cmocka"` else CMOCKA_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "cmocka"` fi # Put the nasty error message in config.log where it belongs echo "$CMOCKA_PKG_ERRORS" >&5 as_fn_error $? "Package requirements (cmocka) were not met: $CMOCKA_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables CMOCKA_CFLAGS and CMOCKA_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. " "$LINENO" 5 elif test $pkg_failed = untried; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. Alternatively, you may set the environment variables CMOCKA_CFLAGS and CMOCKA_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . See \`config.log' for more details" "$LINENO" 5; } else CMOCKA_CFLAGS=$pkg_cv_CMOCKA_CFLAGS CMOCKA_LIBS=$pkg_cv_CMOCKA_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } have_cmocka="yes" fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: No libcmocka library found, cmocka tests will not be built" >&5 $as_echo "$as_me: WARNING: No libcmocka library found, cmocka tests will not be built" >&2;} fi if test x$have_cmocka = xyes; then HAVE_CMOCKA_TRUE= HAVE_CMOCKA_FALSE='#' else HAVE_CMOCKA_TRUE='#' HAVE_CMOCKA_FALSE= fi if test -d /dev/shm; then HAVE_DEVSHM_TRUE= HAVE_DEVSHM_FALSE='#' else HAVE_DEVSHM_TRUE='#' HAVE_DEVSHM_FALSE= fi abs_build_dir=`pwd` cat >>confdefs.h <<_ACEOF #define ABS_BUILD_DIR "$abs_build_dir" _ACEOF abs_builddir=$abs_build_dir ac_config_files="$ac_config_files Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config src/sysv/sssd src/sysv/gentoo/sssd src/sysv/SUSE/sssd po/Makefile.in src/man/Makefile src/providers/ipa/ipa_hbac.pc src/providers/ipa/ipa_hbac.doxy src/lib/idmap/sss_idmap.pc src/lib/idmap/sss_idmap.doxy src/sss_client/sudo/sss_sudo.doxy src/sss_client/idmap/sss_nss_idmap.pc src/sss_client/idmap/sss_nss_idmap.doxy src/config/setup.py src/config/SSSDConfig/__init__.py" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs { $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 $as_echo_n "checking that generated files are newer than configure... " >&6; } if test -n "$am_sleep_pid"; then # Hide warnings about reused PIDs. wait $am_sleep_pid 2>/dev/null fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 $as_echo "done" >&6; } if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then as_fn_error $? "conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then as_fn_error $? "conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -n "$EXEEXT"; then am__EXEEXT_TRUE= am__EXEEXT_FALSE='#' else am__EXEEXT_TRUE='#' am__EXEEXT_FALSE= fi if test -z "${GIT_CHECKOUT_TRUE}" && test -z "${GIT_CHECKOUT_FALSE}"; then as_fn_error $? "conditional \"GIT_CHECKOUT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_GCC_TRUE}" && test -z "${HAVE_GCC_FALSE}"; then as_fn_error $? "conditional \"HAVE_GCC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${WANT_AUX_INFO_TRUE}" && test -z "${WANT_AUX_INFO_FALSE}"; then as_fn_error $? "conditional \"WANT_AUX_INFO\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_PTHREAD_TRUE}" && test -z "${HAVE_PTHREAD_FALSE}"; then as_fn_error $? "conditional \"HAVE_PTHREAD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_FEDORA_TRUE}" && test -z "${HAVE_FEDORA_FALSE}"; then as_fn_error $? "conditional \"HAVE_FEDORA\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_REDHAT_TRUE}" && test -z "${HAVE_REDHAT_FALSE}"; then as_fn_error $? "conditional \"HAVE_REDHAT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_SUSE_TRUE}" && test -z "${HAVE_SUSE_FALSE}"; then as_fn_error $? "conditional \"HAVE_SUSE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_DEBIAN_TRUE}" && test -z "${HAVE_DEBIAN_FALSE}"; then as_fn_error $? "conditional \"HAVE_DEBIAN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_GENTOO_TRUE}" && test -z "${HAVE_GENTOO_FALSE}"; then as_fn_error $? "conditional \"HAVE_GENTOO\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${BUILD_MANPAGES_TRUE}" && test -z "${BUILD_MANPAGES_FALSE}"; then as_fn_error $? "conditional \"BUILD_MANPAGES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${BUILD_PYTHON_BINDINGS_TRUE}" && test -z "${BUILD_PYTHON_BINDINGS_FALSE}"; then as_fn_error $? "conditional \"BUILD_PYTHON_BINDINGS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${BUILD_SELINUX_TRUE}" && test -z "${BUILD_SELINUX_FALSE}"; then as_fn_error $? "conditional \"BUILD_SELINUX\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${BUILD_SEMANAGE_TRUE}" && test -z "${BUILD_SEMANAGE_FALSE}"; then as_fn_error $? "conditional \"BUILD_SEMANAGE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${BUILD_SUDO_TRUE}" && test -z "${BUILD_SUDO_FALSE}"; then as_fn_error $? "conditional \"BUILD_SUDO\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${BUILD_AUTOFS_TRUE}" && test -z "${BUILD_AUTOFS_FALSE}"; then as_fn_error $? "conditional \"BUILD_AUTOFS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${BUILD_SSH_TRUE}" && test -z "${BUILD_SSH_FALSE}"; then as_fn_error $? "conditional \"BUILD_SSH\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_NSS_TRUE}" && test -z "${HAVE_NSS_FALSE}"; then as_fn_error $? "conditional \"HAVE_NSS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_LIBCRYPTO_TRUE}" && test -z "${HAVE_LIBCRYPTO_FALSE}"; then as_fn_error $? "conditional \"HAVE_LIBCRYPTO\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${BUILD_KRB5_LOCATOR_PLUGIN_TRUE}" && test -z "${BUILD_KRB5_LOCATOR_PLUGIN_FALSE}"; then as_fn_error $? "conditional \"BUILD_KRB5_LOCATOR_PLUGIN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${BUILD_ARES_DATA_TRUE}" && test -z "${BUILD_ARES_DATA_FALSE}"; then as_fn_error $? "conditional \"BUILD_ARES_DATA\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${BUILD_PAC_RESPONDER_TRUE}" && test -z "${BUILD_PAC_RESPONDER_FALSE}"; then as_fn_error $? "conditional \"BUILD_PAC_RESPONDER\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${WITH_LIBUNISTRING_TRUE}" && test -z "${WITH_LIBUNISTRING_FALSE}"; then as_fn_error $? "conditional \"WITH_LIBUNISTRING\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${WITH_GLIB_TRUE}" && test -z "${WITH_GLIB_FALSE}"; then as_fn_error $? "conditional \"WITH_GLIB\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_SYSV_TRUE}" && test -z "${HAVE_SYSV_FALSE}"; then as_fn_error $? "conditional \"HAVE_SYSV\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_SYSTEMD_UNIT_TRUE}" && test -z "${HAVE_SYSTEMD_UNIT_FALSE}"; then as_fn_error $? "conditional \"HAVE_SYSTEMD_UNIT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_PROFILE_CATALOGS_TRUE}" && test -z "${HAVE_PROFILE_CATALOGS_FALSE}"; then as_fn_error $? "conditional \"HAVE_PROFILE_CATALOGS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_MANPAGES_TRUE}" && test -z "${HAVE_MANPAGES_FALSE}"; then as_fn_error $? "conditional \"HAVE_MANPAGES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_PO4A_TRUE}" && test -z "${HAVE_PO4A_FALSE}"; then as_fn_error $? "conditional \"HAVE_PO4A\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_DOXYGEN_TRUE}" && test -z "${HAVE_DOXYGEN_FALSE}"; then as_fn_error $? "conditional \"HAVE_DOXYGEN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_CHECK_TRUE}" && test -z "${HAVE_CHECK_FALSE}"; then as_fn_error $? "conditional \"HAVE_CHECK\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_CMOCKA_TRUE}" && test -z "${HAVE_CMOCKA_FALSE}"; then as_fn_error $? "conditional \"HAVE_CMOCKA\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_DEVSHM_TRUE}" && test -z "${HAVE_DEVSHM_FALSE}"; then as_fn_error $? "conditional \"HAVE_DEVSHM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by sssd $as_me 1.11.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac case $ac_config_headers in *" "*) set x $ac_config_headers; shift; ac_config_headers=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Configuration commands: $config_commands Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ sssd config.status 1.11.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' MKDIR_P='$MKDIR_P' AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # # INIT-COMMANDS # AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH sed_quote_subst='$sed_quote_subst' double_quote_subst='$double_quote_subst' delay_variable_subst='$delay_variable_subst' enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`' host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`' host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`' build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`' build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`' build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`' SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`' Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`' GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`' EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`' FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`' LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`' NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`' LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`' max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`' ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`' exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`' lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`' lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`' lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`' lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`' lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`' deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`' want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`' DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`' old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`' old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`' old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`' lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`' CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`' CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`' compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`' lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`' lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`' need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`' MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`' DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`' NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`' LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`' OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`' OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`' libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`' shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`' extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`' archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`' enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`' export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`' whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`' compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`' old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`' old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`' archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`' archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`' module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`' module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`' with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`' hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`' hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`' inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`' link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`' always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`' export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`' exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`' include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`' prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`' postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`' file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`' variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`' need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`' need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`' version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`' runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`' shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`' shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`' libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`' library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`' soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`' install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`' postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`' postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`' old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`' striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`' LTCC='$LTCC' LTCFLAGS='$LTCFLAGS' compiler='$compiler_DEFAULT' # A function that is used when there is no print builtin or printf. func_fallback_echo () { eval 'cat <<_LTECHO_EOF \$1 _LTECHO_EOF' } # Quote evaled strings. for var in SHELL \ ECHO \ PATH_SEPARATOR \ SED \ GREP \ EGREP \ FGREP \ LD \ NM \ LN_S \ lt_SP2NL \ lt_NL2SP \ reload_flag \ OBJDUMP \ deplibs_check_method \ file_magic_cmd \ file_magic_glob \ want_nocaseglob \ DLLTOOL \ sharedlib_from_linklib_cmd \ AR \ AR_FLAGS \ archiver_list_spec \ STRIP \ RANLIB \ CC \ CFLAGS \ compiler \ lt_cv_sys_global_symbol_pipe \ lt_cv_sys_global_symbol_to_cdecl \ lt_cv_sys_global_symbol_to_c_name_address \ lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ nm_file_list_spec \ lt_prog_compiler_no_builtin_flag \ lt_prog_compiler_pic \ lt_prog_compiler_wl \ lt_prog_compiler_static \ lt_cv_prog_compiler_c_o \ need_locks \ MANIFEST_TOOL \ DSYMUTIL \ NMEDIT \ LIPO \ OTOOL \ OTOOL64 \ shrext_cmds \ export_dynamic_flag_spec \ whole_archive_flag_spec \ compiler_needs_object \ with_gnu_ld \ allow_undefined_flag \ no_undefined_flag \ hardcode_libdir_flag_spec \ hardcode_libdir_separator \ exclude_expsyms \ include_expsyms \ file_list_spec \ variables_saved_for_relink \ libname_spec \ library_names_spec \ soname_spec \ install_override_mode \ finish_eval \ old_striplib \ striplib; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done # Double-quote double-evaled strings. for var in reload_cmds \ old_postinstall_cmds \ old_postuninstall_cmds \ old_archive_cmds \ extract_expsyms_cmds \ old_archive_from_new_cmds \ old_archive_from_expsyms_cmds \ archive_cmds \ archive_expsym_cmds \ module_cmds \ module_expsym_cmds \ export_symbols_cmds \ prelink_cmds \ postlink_cmds \ postinstall_cmds \ postuninstall_cmds \ finish_cmds \ sys_lib_search_path_spec \ sys_lib_dlsearch_path_spec; do case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in *[\\\\\\\`\\"\\\$]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done ac_aux_dir='$ac_aux_dir' xsi_shell='$xsi_shell' lt_shell_append='$lt_shell_append' # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes INIT. if test -n "\${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi PACKAGE='$PACKAGE' VERSION='$VERSION' TIMESTAMP='$TIMESTAMP' RM='$RM' ofile='$ofile' # Capture the value of obsolete ALL_LINGUAS because we need it to compute # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it # from automake. eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"' # Capture the value of LINGUAS because we need it to compute CATALOGS. LINGUAS="${LINGUAS-%UNSET%}" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "default-1") CONFIG_COMMANDS="$CONFIG_COMMANDS default-1" ;; "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "contrib/sssd.spec") CONFIG_FILES="$CONFIG_FILES contrib/sssd.spec" ;; "src/examples/rwtab") CONFIG_FILES="$CONFIG_FILES src/examples/rwtab" ;; "src/doxy.config") CONFIG_FILES="$CONFIG_FILES src/doxy.config" ;; "src/sysv/sssd") CONFIG_FILES="$CONFIG_FILES src/sysv/sssd" ;; "src/sysv/gentoo/sssd") CONFIG_FILES="$CONFIG_FILES src/sysv/gentoo/sssd" ;; "src/sysv/SUSE/sssd") CONFIG_FILES="$CONFIG_FILES src/sysv/SUSE/sssd" ;; "po/Makefile.in") CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;; "src/man/Makefile") CONFIG_FILES="$CONFIG_FILES src/man/Makefile" ;; "src/providers/ipa/ipa_hbac.pc") CONFIG_FILES="$CONFIG_FILES src/providers/ipa/ipa_hbac.pc" ;; "src/providers/ipa/ipa_hbac.doxy") CONFIG_FILES="$CONFIG_FILES src/providers/ipa/ipa_hbac.doxy" ;; "src/lib/idmap/sss_idmap.pc") CONFIG_FILES="$CONFIG_FILES src/lib/idmap/sss_idmap.pc" ;; "src/lib/idmap/sss_idmap.doxy") CONFIG_FILES="$CONFIG_FILES src/lib/idmap/sss_idmap.doxy" ;; "src/sss_client/sudo/sss_sudo.doxy") CONFIG_FILES="$CONFIG_FILES src/sss_client/sudo/sss_sudo.doxy" ;; "src/sss_client/idmap/sss_nss_idmap.pc") CONFIG_FILES="$CONFIG_FILES src/sss_client/idmap/sss_nss_idmap.pc" ;; "src/sss_client/idmap/sss_nss_idmap.doxy") CONFIG_FILES="$CONFIG_FILES src/sss_client/idmap/sss_nss_idmap.doxy" ;; "src/config/setup.py") CONFIG_FILES="$CONFIG_FILES src/config/setup.py" ;; "src/config/SSSDConfig/__init__.py") CONFIG_FILES="$CONFIG_FILES src/config/SSSDConfig/__init__.py" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. # This happens for instance with `./config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$ac_tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF # Transform confdefs.h into an awk script `defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. # Create a delimiter string that does not exist in confdefs.h, to ease # handling of long lines. ac_delim='%!_!# ' for ac_last_try in false false :; do ac_tt=`sed -n "/$ac_delim/p" confdefs.h` if test -z "$ac_tt"; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done # For the awk script, D is an array of macro values keyed by name, # likewise P contains macro parameters if any. Preserve backslash # newline sequences. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* sed -n ' s/.\{148\}/&'"$ac_delim"'/g t rset :rset s/^[ ]*#[ ]*define[ ][ ]*/ / t def d :def s/\\$// t bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3"/p s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p d :bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3\\\\\\n"\\/p t cont s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p t cont d :cont n s/.\{148\}/&'"$ac_delim"'/g t clear :clear s/\\$// t bsnlc s/["\\]/\\&/g; s/^/"/; s/$/"/p d :bsnlc s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p b cont ' >$CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 for (key in D) D_is_set[key] = 1 FS = "" } /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { line = \$ 0 split(line, arg, " ") if (arg[1] == "#") { defundef = arg[2] mac1 = arg[3] } else { defundef = substr(arg[1], 2) mac1 = arg[2] } split(mac1, mac2, "(") #) macro = mac2[1] prefix = substr(line, 1, index(line, defundef) - 1) if (D_is_set[macro]) { # Preserve the white space surrounding the "#". print prefix "define", macro P[macro] D[macro] next } else { # Replace #undef with comments. This is necessary, for example, # in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. if (defundef == "undef") { print "/*", prefix defundef, macro, "*/" next } } } { print } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 fi # test -n "$CONFIG_HEADERS" eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac ac_MKDIR_P=$MKDIR_P case $MKDIR_P in [\\/$]* | ?:[\\/]* ) ;; */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :H) # # CONFIG_HEADER # if test x"$ac_file" != x-; then { $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" } >"$ac_tmp/config.h" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$ac_tmp/config.h" "$ac_file" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error $? "could not create -" "$LINENO" 5 fi # Compute "$ac_file"'s index in $config_headers. _am_arg="$ac_file" _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || $as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$_am_arg" : 'X\(//\)[^/]' \| \ X"$_am_arg" : 'X\(//\)$' \| \ X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$_am_arg" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'`/stamp-h$_am_stamp_count ;; :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "depfiles":C) test x"$AMDEP_TRUE" != x"" || { # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in *\'*) eval set x "$CONFIG_FILES" ;; *) set x $CONFIG_FILES ;; esac shift for mf do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named 'Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`$as_dirname -- "$mf" || $as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$mf" : 'X\(//\)[^/]' \| \ X"$mf" : 'X\(//\)$' \| \ X"$mf" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$mf" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running 'make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "$am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`$as_dirname -- "$file" || $as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$file" : 'X\(//\)[^/]' \| \ X"$file" : 'X\(//\)$' \| \ X"$file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir=$dirpart/$fdir; as_fn_mkdir_p # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done } ;; "libtool":C) # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi cfgfile="${ofile}T" trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL # `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008, 2009, 2010, 2011 Free Software # Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. # # GNU Libtool is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, or # obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # The names of the tagged configurations supported by this script. available_tags="" # ### BEGIN LIBTOOL CONFIG # Whether or not to build static libraries. build_old_libs=$enable_static # Which release of libtool.m4 was used? macro_version=$macro_version macro_revision=$macro_revision # Whether or not to build shared libraries. build_libtool_libs=$enable_shared # What type of objects to build. pic_mode=$pic_mode # Whether or not to optimize for fast installation. fast_install=$enable_fast_install # Shell to use when invoking shell scripts. SHELL=$lt_SHELL # An echo program that protects backslashes. ECHO=$lt_ECHO # The PATH separator for the build system. PATH_SEPARATOR=$lt_PATH_SEPARATOR # The host system. host_alias=$host_alias host=$host host_os=$host_os # The build system. build_alias=$build_alias build=$build build_os=$build_os # A sed program that does not truncate output. SED=$lt_SED # Sed that helps us avoid accidentally triggering echo(1) options like -n. Xsed="\$SED -e 1s/^X//" # A grep program that handles long lines. GREP=$lt_GREP # An ERE matcher. EGREP=$lt_EGREP # A literal string matcher. FGREP=$lt_FGREP # A BSD- or MS-compatible name lister. NM=$lt_NM # Whether we need soft or hard links. LN_S=$lt_LN_S # What is the maximum length of a command? max_cmd_len=$max_cmd_len # Object file suffix (normally "o"). objext=$ac_objext # Executable file suffix (normally ""). exeext=$exeext # whether the shell understands "unset". lt_unset=$lt_unset # turn spaces into newlines. SP2NL=$lt_lt_SP2NL # turn newlines into spaces. NL2SP=$lt_lt_NL2SP # convert \$build file names to \$host format. to_host_file_cmd=$lt_cv_to_host_file_cmd # convert \$build files to toolchain format. to_tool_file_cmd=$lt_cv_to_tool_file_cmd # An object symbol dumper. OBJDUMP=$lt_OBJDUMP # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method # Command to use when deplibs_check_method = "file_magic". file_magic_cmd=$lt_file_magic_cmd # How to find potential files when deplibs_check_method = "file_magic". file_magic_glob=$lt_file_magic_glob # Find potential files using nocaseglob when deplibs_check_method = "file_magic". want_nocaseglob=$lt_want_nocaseglob # DLL creation program. DLLTOOL=$lt_DLLTOOL # Command to associate shared and link libraries. sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd # The archiver. AR=$lt_AR # Flags to create an archive. AR_FLAGS=$lt_AR_FLAGS # How to feed a file listing to the archiver. archiver_list_spec=$lt_archiver_list_spec # A symbol stripping program. STRIP=$lt_STRIP # Commands used to install an old-style archive. RANLIB=$lt_RANLIB old_postinstall_cmds=$lt_old_postinstall_cmds old_postuninstall_cmds=$lt_old_postuninstall_cmds # Whether to use a lock for old archive extraction. lock_old_archive_extraction=$lock_old_archive_extraction # A C compiler. LTCC=$lt_CC # LTCC compiler flags. LTCFLAGS=$lt_CFLAGS # Take the output of nm and produce a listing of raw symbols and C names. global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration. global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl # Transform the output of nm in a C name address pair. global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # Transform the output of nm in a C name address pair when lib prefix is needed. global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix # Specify filename containing input files for \$NM. nm_file_list_spec=$lt_nm_file_list_spec # The root where to search for dependent libraries,and in which our libraries should be installed. lt_sysroot=$lt_sysroot # The name of the directory that contains temporary libtool files. objdir=$objdir # Used to examine libraries when file_magic_cmd begins with "file". MAGIC_CMD=$MAGIC_CMD # Must we lock files when doing compilation? need_locks=$lt_need_locks # Manifest tool. MANIFEST_TOOL=$lt_MANIFEST_TOOL # Tool to manipulate archived DWARF debug symbol files on Mac OS X. DSYMUTIL=$lt_DSYMUTIL # Tool to change global to local symbols on Mac OS X. NMEDIT=$lt_NMEDIT # Tool to manipulate fat objects and archives on Mac OS X. LIPO=$lt_LIPO # ldd/readelf like tool for Mach-O binaries on Mac OS X. OTOOL=$lt_OTOOL # ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. OTOOL64=$lt_OTOOL64 # Old archive suffix (normally "a"). libext=$libext # Shared library suffix (normally ".so"). shrext_cmds=$lt_shrext_cmds # The commands to extract the exported symbol list from a shared archive. extract_expsyms_cmds=$lt_extract_expsyms_cmds # Variables whose values should be saved in libtool wrapper scripts and # restored at link time. variables_saved_for_relink=$lt_variables_saved_for_relink # Do we need the "lib" prefix for modules? need_lib_prefix=$need_lib_prefix # Do we need a version for libraries? need_version=$need_version # Library versioning type. version_type=$version_type # Shared library runtime path variable. runpath_var=$runpath_var # Shared library path variable. shlibpath_var=$shlibpath_var # Is shlibpath searched before the hard-coded library search path? shlibpath_overrides_runpath=$shlibpath_overrides_runpath # Format of library name prefix. libname_spec=$lt_libname_spec # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME library_names_spec=$lt_library_names_spec # The coded name of the library, if different from the real name. soname_spec=$lt_soname_spec # Permission mode override for installation of shared libraries. install_override_mode=$lt_install_override_mode # Command to use after installation of a shared archive. postinstall_cmds=$lt_postinstall_cmds # Command to use after uninstallation of a shared archive. postuninstall_cmds=$lt_postuninstall_cmds # Commands used to finish a libtool library installation in a directory. finish_cmds=$lt_finish_cmds # As "finish_cmds", except a single script fragment to be evaled but # not shown. finish_eval=$lt_finish_eval # Whether we should hardcode library paths into libraries. hardcode_into_libs=$hardcode_into_libs # Compile-time system search path for libraries. sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries. sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec # Whether dlopen is supported. dlopen_support=$enable_dlopen # Whether dlopen of programs is supported. dlopen_self=$enable_dlopen_self # Whether dlopen of statically linked programs is supported. dlopen_self_static=$enable_dlopen_self_static # Commands to strip libraries. old_striplib=$lt_old_striplib striplib=$lt_striplib # The linker used to build libraries. LD=$lt_LD # How to create reloadable object files. reload_flag=$lt_reload_flag reload_cmds=$lt_reload_cmds # Commands used to build an old-style archive. old_archive_cmds=$lt_old_archive_cmds # A language specific compiler. CC=$lt_compiler # Is the compiler the GNU compiler? with_gcc=$GCC # Compiler flag to turn off builtin functions. no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag # Additional compiler flags for building library objects. pic_flag=$lt_lt_prog_compiler_pic # How to pass a linker flag through the compiler. wl=$lt_lt_prog_compiler_wl # Compiler flag to prevent dynamic linking. link_static_flag=$lt_lt_prog_compiler_static # Does compiler simultaneously support -c and -o options? compiler_c_o=$lt_lt_cv_prog_compiler_c_o # Whether or not to add -lc for building shared libraries. build_libtool_need_lc=$archive_cmds_need_lc # Whether or not to disallow shared libs when runtime libs are static. allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes # Compiler flag to allow reflexive dlopens. export_dynamic_flag_spec=$lt_export_dynamic_flag_spec # Compiler flag to generate shared objects directly from archives. whole_archive_flag_spec=$lt_whole_archive_flag_spec # Whether the compiler copes with passing no objects directly. compiler_needs_object=$lt_compiler_needs_object # Create an old-style archive from a shared archive. old_archive_from_new_cmds=$lt_old_archive_from_new_cmds # Create a temporary old-style archive to link instead of a shared archive. old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds # Commands used to build a shared archive. archive_cmds=$lt_archive_cmds archive_expsym_cmds=$lt_archive_expsym_cmds # Commands used to build a loadable module if different from building # a shared archive. module_cmds=$lt_module_cmds module_expsym_cmds=$lt_module_expsym_cmds # Whether we are building with GNU ld or not. with_gnu_ld=$lt_with_gnu_ld # Flag that allows shared libraries with undefined symbols to be built. allow_undefined_flag=$lt_allow_undefined_flag # Flag that enforces no undefined symbols. no_undefined_flag=$lt_no_undefined_flag # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec # Whether we need a single "-rpath" flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator # Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes # DIR into the resulting binary. hardcode_direct=$hardcode_direct # Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes # DIR into the resulting binary and the resulting library dependency is # "absolute",i.e impossible to change by setting \${shlibpath_var} if the # library is relocated. hardcode_direct_absolute=$hardcode_direct_absolute # Set to "yes" if using the -LDIR flag during linking hardcodes DIR # into the resulting binary. hardcode_minus_L=$hardcode_minus_L # Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR # into the resulting binary. hardcode_shlibpath_var=$hardcode_shlibpath_var # Set to "yes" if building a shared library automatically hardcodes DIR # into the library and all subsequent libraries and executables linked # against it. hardcode_automatic=$hardcode_automatic # Set to yes if linker adds runtime paths of dependent libraries # to runtime path list. inherit_rpath=$inherit_rpath # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=$link_all_deplibs # Set to "yes" if exported symbols are required. always_export_symbols=$always_export_symbols # The commands to list exported symbols. export_symbols_cmds=$lt_export_symbols_cmds # Symbols that should not be listed in the preloaded symbols. exclude_expsyms=$lt_exclude_expsyms # Symbols that must always be exported. include_expsyms=$lt_include_expsyms # Commands necessary for linking programs (against libraries) with templates. prelink_cmds=$lt_prelink_cmds # Commands necessary for finishing linking programs. postlink_cmds=$lt_postlink_cmds # Specify filename containing input files. file_list_spec=$lt_file_list_spec # How to hardcode a shared library path into an executable. hardcode_action=$hardcode_action # ### END LIBTOOL CONFIG _LT_EOF case $host_os in aix3*) cat <<\_LT_EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi _LT_EOF ;; esac ltmain="$ac_aux_dir/ltmain.sh" # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? sed '$q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) if test x"$xsi_shell" = xyes; then sed -e '/^func_dirname ()$/,/^} # func_dirname /c\ func_dirname ()\ {\ \ case ${1} in\ \ */*) func_dirname_result="${1%/*}${2}" ;;\ \ * ) func_dirname_result="${3}" ;;\ \ esac\ } # Extended-shell func_dirname implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_basename ()$/,/^} # func_basename /c\ func_basename ()\ {\ \ func_basename_result="${1##*/}"\ } # Extended-shell func_basename implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_dirname_and_basename ()$/,/^} # func_dirname_and_basename /c\ func_dirname_and_basename ()\ {\ \ case ${1} in\ \ */*) func_dirname_result="${1%/*}${2}" ;;\ \ * ) func_dirname_result="${3}" ;;\ \ esac\ \ func_basename_result="${1##*/}"\ } # Extended-shell func_dirname_and_basename implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_stripname ()$/,/^} # func_stripname /c\ func_stripname ()\ {\ \ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are\ \ # positional parameters, so assign one to ordinary parameter first.\ \ func_stripname_result=${3}\ \ func_stripname_result=${func_stripname_result#"${1}"}\ \ func_stripname_result=${func_stripname_result%"${2}"}\ } # Extended-shell func_stripname implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_split_long_opt ()$/,/^} # func_split_long_opt /c\ func_split_long_opt ()\ {\ \ func_split_long_opt_name=${1%%=*}\ \ func_split_long_opt_arg=${1#*=}\ } # Extended-shell func_split_long_opt implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_split_short_opt ()$/,/^} # func_split_short_opt /c\ func_split_short_opt ()\ {\ \ func_split_short_opt_arg=${1#??}\ \ func_split_short_opt_name=${1%"$func_split_short_opt_arg"}\ } # Extended-shell func_split_short_opt implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_lo2o ()$/,/^} # func_lo2o /c\ func_lo2o ()\ {\ \ case ${1} in\ \ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;\ \ *) func_lo2o_result=${1} ;;\ \ esac\ } # Extended-shell func_lo2o implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_xform ()$/,/^} # func_xform /c\ func_xform ()\ {\ func_xform_result=${1%.*}.lo\ } # Extended-shell func_xform implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_arith ()$/,/^} # func_arith /c\ func_arith ()\ {\ func_arith_result=$(( $* ))\ } # Extended-shell func_arith implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_len ()$/,/^} # func_len /c\ func_len ()\ {\ func_len_result=${#1}\ } # Extended-shell func_len implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: fi if test x"$lt_shell_append" = xyes; then sed -e '/^func_append ()$/,/^} # func_append /c\ func_append ()\ {\ eval "${1}+=\\${2}"\ } # Extended-shell func_append implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: sed -e '/^func_append_quoted ()$/,/^} # func_append_quoted /c\ func_append_quoted ()\ {\ \ func_quote_for_eval "${2}"\ \ eval "${1}+=\\\\ \\$func_quote_for_eval_result"\ } # Extended-shell func_append_quoted implementation' "$cfgfile" > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: # Save a `func_append' function call where possible by direct use of '+=' sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: else # Save a `func_append' function call even when '+=' is not available sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ && mv -f "$cfgfile.tmp" "$cfgfile" \ || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") test 0 -eq $? || _lt_function_replace_fail=: fi if test x"$_lt_function_replace_fail" = x":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to substitute extended shell functions in $ofile" >&5 $as_echo "$as_me: WARNING: Unable to substitute extended shell functions in $ofile" >&2;} fi mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" ;; "default-1":C) for ac_file in $CONFIG_FILES; do # Support "outfile[:infile[:infile...]]" case "$ac_file" in *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; esac # PO directories have a Makefile.in generated from Makefile.in.in. case "$ac_file" in */Makefile.in) # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`" ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" case "$ac_given_srcdir" in .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; /*) top_srcdir="$ac_given_srcdir" ;; *) top_srcdir="$ac_dots$ac_given_srcdir" ;; esac if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then rm -f "$ac_dir/POTFILES" test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" POMAKEFILEDEPS="POTFILES.in" # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend # on $ac_dir but don't depend on user-specified configuration # parameters. if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then # The LINGUAS file contains the set of available languages. if test -n "$OBSOLETE_ALL_LINGUAS"; then test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" fi ALL_LINGUAS_=`sed -e "/^#/d" "$ac_given_srcdir/$ac_dir/LINGUAS"` # Hide the ALL_LINGUAS assigment from automake. eval 'ALL_LINGUAS''=$ALL_LINGUAS_' POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" else # The set of available languages was given in configure.in. eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS' fi # Compute POFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) # Compute UPDATEPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update) # Compute DUMMYPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop) # Compute GMOFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo) case "$ac_given_srcdir" in .) srcdirpre= ;; *) srcdirpre='$(srcdir)/' ;; esac POFILES= UPDATEPOFILES= DUMMYPOFILES= GMOFILES= for lang in $ALL_LINGUAS; do POFILES="$POFILES $srcdirpre$lang.po" UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" DUMMYPOFILES="$DUMMYPOFILES $lang.nop" GMOFILES="$GMOFILES $srcdirpre$lang.gmo" done # CATALOGS depends on both $ac_dir and the user's LINGUAS # environment variable. INST_LINGUAS= if test -n "$ALL_LINGUAS"; then for presentlang in $ALL_LINGUAS; do useit=no if test "%UNSET%" != "$LINGUAS"; then desiredlanguages="$LINGUAS" else desiredlanguages="$ALL_LINGUAS" fi for desiredlang in $desiredlanguages; do # Use the presentlang catalog if desiredlang is # a. equal to presentlang, or # b. a variant of presentlang (because in this case, # presentlang can be used as a fallback for messages # which are not translated in the desiredlang catalog). case "$desiredlang" in "$presentlang"*) useit=yes;; esac done if test $useit = yes; then INST_LINGUAS="$INST_LINGUAS $presentlang" fi done fi CATALOGS= if test -n "$INST_LINGUAS"; then for lang in $INST_LINGUAS; do CATALOGS="$CATALOGS $lang.gmo" done fi test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do if test -f "$f"; then case "$f" in *.orig | *.bak | *~) ;; *) cat "$f" >> "$ac_dir/Makefile" ;; esac fi done fi ;; esac done ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi sssd-1.11.5/PaxHeaders.13173/Makefile.am0000644000000000000000000000007412320753107015607 xustar000000000000000030 atime=1396954942.095889354 30 ctime=1396954961.311875204 sssd-1.11.5/Makefile.am0000664002412700241270000015713612320753107016046 0ustar00jhrozekjhrozek00000000000000extra_distcheck_flags = if HAVE_DEVSHM extra_distcheck_flags += --with-test-dir=/dev/shm endif DISTCHECK_CONFIGURE_FLAGS = --with-ldb-lib-dir="$$dc_install_base"/lib/ldb \ --enable-all-experimental-features \ $(extra_distcheck_flags) SUBDIRS = po if HAVE_MANPAGES SUBDIRS += src/man endif # Some old versions of automake don't define builddir builddir ?= . DOXYGEN = @DOXYGEN@ DISTSETUPOPTS = if HAVE_DEBIAN DISTSETUPOPTS += --install-layout=deb endif sssdlibexecdir = $(libexecdir)/sssd sssdlibdir = $(libdir)/sssd ldblibdir = @ldblibdir@ if BUILD_KRB5_LOCATOR_PLUGIN krb5plugindir = @krb5pluginpath@ endif if BUILD_PAC_RESPONDER krb5authdata_plugindir = @krb5authdatapluginpath@ endif sssdconfdir = $(sysconfdir)/sssd sssddatadir = $(datadir)/sssd sssdapiplugindir = $(sssddatadir)/sssd.api.d dbusintrospectdir = $(datarootdir)/sssd/introspect localedir = @localedir@ nsslibdir = @nsslibdir@ pamlibdir = @pammoddir@ autofslibdir = @appmodpath@ dbpath = @dbpath@ pluginpath = @pluginpath@ pidpath = @pidpath@ pipepath = @pipepath@ mcpath = @mcpath@ initdir = @initdir@ systemdunitdir = @systemdunitdir@ logpath = @logpath@ pubconfpath = @pubconfpath@ pkgconfigdir = $(libdir)/pkgconfig krb5rcachedir = @krb5rcachedir@ sudolibdir = @sudolibpath@ UNICODE_LIBS=@UNICODE_LIBS@ AM_CFLAGS = if WANT_AUX_INFO AM_CFLAGS += -aux-info $@.X endif if HAVE_GCC AM_CFLAGS += -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith \ -Wcast-qual -Wcast-align -Wwrite-strings \ -Werror-implicit-function-declaration \ -fno-strict-aliasing \ -std=gnu99 endif dist_pkgconfig_DATA = ACLOCAL_AMFLAGS = -I m4 -I . if BUILD_SSH bin_PROGRAMS = \ sss_ssh_authorizedkeys \ sss_ssh_knownhostsproxy endif sbin_PROGRAMS = \ sssd \ sss_useradd \ sss_userdel \ sss_groupadd \ sss_groupdel \ sss_usermod \ sss_groupmod \ sss_groupshow \ sss_cache \ sss_debuglevel \ sss_seed sssdlibexec_PROGRAMS = \ sssd_nss \ sssd_pam \ sssd_be \ krb5_child \ ldap_child \ proxy_child if BUILD_SUDO sssdlibexec_PROGRAMS += sssd_sudo endif if BUILD_AUTOFS sssdlibexec_PROGRAMS += sssd_autofs endif if BUILD_SSH sssdlibexec_PROGRAMS += sssd_ssh endif if BUILD_PAC_RESPONDER sssdlibexec_PROGRAMS += sssd_pac endif if HAVE_CHECK non_interactive_check_based_tests = \ dlopen-tests \ sysdb-tests \ strtonum-tests \ resolv-tests \ krb5-utils-tests \ check_and_open-tests \ files-tests \ refcount-tests \ fail_over-tests \ find_uid-tests \ auth-tests \ ipa_ldap_opt-tests \ ad_ldap_opt-tests \ simple_access-tests \ crypto-tests \ util-tests \ debug-tests \ ipa_hbac-tests \ sss_idmap-tests \ responder_socket_access-tests if BUILD_SSH non_interactive_check_based_tests += sysdb_ssh-tests endif endif if HAVE_CMOCKA non_interactive_cmocka_based_tests = \ nss-srv-tests \ test-find-uid \ test-io \ sss_nss_idmap-tests \ dyndns-tests \ fqnames-tests \ test_sss_idmap \ test_ipa_idmap \ test_utils \ ad_access_filter_tests \ ad_common_tests \ dp_opt_tests \ test_search_bases endif check_PROGRAMS = \ stress-tests \ krb5-child-test \ $(non_interactive_cmocka_based_tests) \ $(non_interactive_check_based_tests) PYTHON_TESTS = if BUILD_PYTHON_BINDINGS PYTHON_TESTS += src/config/SSSDConfigTest.py \ src/tests/pyhbac-test.py \ src/tests/pysss_murmur-test.py endif TESTS = \ $(PYTHON_TESTS) \ $(non_interactive_cmocka_based_tests) \ $(non_interactive_check_based_tests) sssdlib_LTLIBRARIES = \ libsss_ldap.la \ libsss_krb5.la \ libsss_proxy.la \ libsss_ipa.la \ libsss_ad.la \ libsss_simple.la ldblib_LTLIBRARIES = \ memberof.la if BUILD_KRB5_LOCATOR_PLUGIN krb5plugin_LTLIBRARIES = \ sssd_krb5_locator_plugin.la endif if BUILD_PAC_RESPONDER krb5authdata_plugin_LTLIBRARIES = \ sssd_pac_plugin.la endif noinst_LTLIBRARIES = pkglib_LTLIBRARIES = \ libsss_crypt.la if HAVE_NSS SSS_CRYPT_SOURCES = src/util/crypto/nss/nss_base64.c \ src/util/crypto/nss/nss_hmac_sha1.c \ src/util/crypto/nss/nss_sha512crypt.c \ src/util/crypto/nss/nss_obfuscate.c \ src/util/crypto/nss/nss_util.c SSS_CRYPT_CFLAGS = $(NSS_CFLAGS) SSS_CRYPT_LIBS = $(NSS_LIBS) else SSS_CRYPT_SOURCES = src/util/crypto/libcrypto/crypto_base64.c \ src/util/crypto/libcrypto/crypto_hmac_sha1.c \ src/util/crypto/libcrypto/crypto_sha512crypt.c \ src/util/crypto/libcrypto/crypto_obfuscate.c SSS_CRYPT_CFLAGS = $(CRYPTO_CFLAGS) SSS_CRYPT_LIBS = $(CRYPTO_LIBS) endif libsss_crypt_la_SOURCES = \ $(SSS_CRYPT_SOURCES) libsss_crypt_la_CFLAGS = \ $(SSS_CRYPT_CFLAGS) \ $(DHASH_CFLAGS) libsss_crypt_la_LIBADD = \ $(SSS_CRYPT_LIBS) libsss_crypt_la_LDFLAGS = \ -avoid-version if BUILD_PYTHON_BINDINGS pyexec_LTLIBRARIES = \ pysss.la \ pyhbac.la \ pysss_murmur.la \ pysss_nss_idmap.la endif dist_noinst_SCRIPTS = \ $(EXTRA_SCRIPTS) \ src/config/setup.py \ src/config/SSSDConfig/ipachangeconf.py \ src/config/SSSDConfig/__init__.py \ src/config/SSSDConfigTest.py \ src/config/SSSDConfig/sssd_upgrade_config.py \ contrib/rhel/update_debug_levels.py \ contrib/fedora/bashrc_sssd \ contrib/fedora/make_srpm.sh \ src/tests/pyhbac-test.py \ src/tests/pysss_murmur-test.py dist_noinst_DATA = \ src/config/testconfigs/sssd-valid.conf \ src/config/testconfigs/noparse.api.conf \ src/config/testconfigs/sssd-noversion.conf \ src/config/testconfigs/sssd-badversion.conf \ src/config/testconfigs/sssd-invalid.conf \ src/config/testconfigs/sssd-invalid-badbool.conf ############################### # Global compilation settings # ############################### AM_CPPFLAGS = \ -Wall \ -Iinclude \ -I.. \ -I$(srcdir)/include \ -I$(srcdir)/src/sss_client \ -I$(srcdir)/src \ -Iinclude \ -I. \ $(POPT_CFLAGS) \ $(TALLOC_CFLAGS) \ $(TDB_CFLAGS) \ $(TEVENT_CFLAGS) \ $(LDB_CFLAGS) \ $(DBUS_CFLAGS) \ $(PCRE_CFLAGS) \ $(COLLECTION_CFLAGS) \ $(INI_CONFIG_CFLAGS) \ $(DHASH_CFLAGS) \ $(LIBNL_CFLAGS) \ $(OPENLDAP_CFLAGS) \ $(GLIB2_CFLAGS) \ -DLIBDIR=\"$(libdir)\" \ -DVARDIR=\"$(localstatedir)\" \ -DSHLIBEXT=\"$(SHLIBEXT)\" \ -DSSSD_LIBEXEC_PATH=\"$(sssdlibexecdir)\" \ -DSSSD_INTROSPECT_PATH=\"$(dbusinstropectdir)\" \ -DSSSD_CONF_DIR=\"$(sssdconfdir)\" \ -DSSS_NSS_MCACHE_DIR=\"$(mcpath)\" \ -DSSS_NSS_SOCKET_NAME=\"$(pipepath)/nss\" \ -DSSS_PAM_SOCKET_NAME=\"$(pipepath)/pam\" \ -DSSS_PAC_SOCKET_NAME=\"$(pipepath)/pac\" \ -DSSS_PAM_PRIV_SOCKET_NAME=\"$(pipepath)/private/pam\" \ -DSSS_SUDO_SOCKET_NAME=\"$(pipepath)/sudo\" \ -DSSS_AUTOFS_SOCKET_NAME=\"$(pipepath)/autofs\" \ -DSSS_SSH_SOCKET_NAME=\"$(pipepath)/ssh\" \ -DLOCALEDIR=\"$(localedir)\" EXTRA_DIST = build/config.rpath SSSD_RESPONDER_OBJ = \ src/responder/common/negcache.c \ src/responder/common/responder_cmd.c \ src/responder/common/responder_common.c \ src/responder/common/responder_dp.c \ src/responder/common/responder_packet.c \ src/responder/common/responder_get_domains.c SSSD_TOOLS_OBJ = \ src/tools/sss_sync_ops.c \ src/tools/tools_util.c \ src/tools/files.c \ src/tools/selinux.c \ src/util/nscd.c SSSD_LCL_TOOLS_OBJ = \ src/sss_client/common.c \ src/tools/tools_mc_util.c \ $(SSSD_TOOLS_OBJ) SSSD_RESOLV_OBJ = \ src/resolv/async_resolv.c \ src/resolv/async_resolv_utils.c if BUILD_ARES_DATA SSSD_RESOLV_OBJ += \ src/resolv/ares/ares_parse_srv_reply.c \ src/resolv/ares/ares_data.c endif SSSD_FAILOVER_OBJ = \ src/providers/fail_over.c \ src/providers/fail_over_srv.c \ $(SSSD_RESOLV_OBJ) SSSD_LIBS = \ $(TALLOC_LIBS) \ $(TEVENT_LIBS) \ $(POPT_LIBS) \ $(LDB_LIBS) \ $(DBUS_LIBS) \ $(PCRE_LIBS) \ $(INI_CONFIG_LIBS) \ $(COLLECTION_LIBS) \ $(DHASH_LIBS) \ $(SSS_CRYPT_LIBS) \ $(OPENLDAP_LIBS) \ $(TDB_LIBS) PYTHON_BINDINGS_LIBS = \ $(TALLOC_LIBS) \ $(TEVENT_LIBS) \ $(POPT_LIBS) \ $(LDB_LIBS) \ $(DBUS_LIBS) \ $(PCRE_LIBS) \ $(DHASH_LIBS) \ $(SSS_CRYPT_LIBS) \ $(OPENLDAP_LIBS) \ $(TDB_LIBS) TOOLS_LIBS = \ $(LTLIBINTL) \ $(TALLOC_LIBS) \ $(TEVENT_LIBS) \ $(POPT_LIBS) \ $(LDB_LIBS) \ $(DBUS_LIBS) \ $(PCRE_LIBS) \ $(INI_CONFIG_LIBS) \ $(COLLECTION_LIBS) \ $(DHASH_LIBS) \ $(OPENLDAP_LIBS) \ $(TDB_LIBS) if BUILD_SELINUX PYTHON_BINDINGS_LIBS += $(SELINUX_LIBS) TOOLS_LIBS += $(SELINUX_LIBS) endif if BUILD_SEMANAGE PYTHON_BINDINGS_LIBS += $(SEMANAGE_LIBS) TOOLS_LIBS += $(SEMANAGE_LIBS) endif dist_noinst_HEADERS = \ src/monitor/monitor.h \ src/util/crypto/sss_crypto.h \ src/util/dlinklist.h \ src/util/util.h \ src/util/io.h \ src/util/util_errors.h \ src/util/strtonum.h \ src/util/sss_endian.h \ src/util/sss_nss.h \ src/util/sss_ldap.h \ src/util/sss_python.h \ src/util/sss_krb5.h \ src/util/sss_selinux.h \ src/util/sss_utf8.h \ src/util/sss_ssh.h \ src/util/sss_ini.h \ src/util/sss_format.h \ src/util/refcount.h \ src/util/find_uid.h \ src/util/user_info_msg.h \ src/util/murmurhash3.h \ src/util/mmap_cache.h \ src/util/atomic_io.h \ src/util/auth_utils.h \ src/util/authtok.h \ src/util/util_safealign.h \ src/util/util_sss_idmap.h \ src/monitor/monitor.h \ src/monitor/monitor_interfaces.h \ src/responder/common/responder.h \ src/responder/common/responder_packet.h \ src/responder/common/responder_sbus.h \ src/responder/pam/pamsrv.h \ src/responder/pam/pam_helpers.h \ src/responder/nss/nsssrv.h \ src/responder/nss/nsssrv_private.h \ src/responder/nss/nsssrv_netgroup.h \ src/responder/nss/nsssrv_services.h \ src/responder/nss/nsssrv_mmap_cache.h \ src/responder/pac/pacsrv.h \ src/responder/common/negcache.h \ src/responder/sudo/sudosrv_private.h \ src/responder/autofs/autofs_private.h \ src/responder/ssh/sshsrv_private.h \ src/sbus/sbus_client.h \ src/sbus/sssd_dbus.h \ src/sbus/sssd_dbus_private.h \ src/db/sysdb.h \ src/db/sysdb_sudo.h \ src/db/sysdb_autofs.h \ src/db/sysdb_selinux.h \ src/db/sysdb_private.h \ src/db/sysdb_services.h \ src/db/sysdb_ssh.h \ src/confdb/confdb.h \ src/confdb/confdb_private.h \ src/confdb/confdb_setup.h \ src/providers/data_provider.h \ src/providers/dp_backend.h \ src/providers/dp_dyndns.h \ src/providers/dp_ptask.h \ src/providers/dp_refresh.h \ src/providers/fail_over.h \ src/providers/fail_over_srv.h \ src/util/child_common.h \ src/providers/simple/simple_access.h \ src/providers/krb5/krb5_auth.h \ src/providers/krb5/krb5_common.h \ src/providers/krb5/krb5_utils.h \ src/providers/krb5/krb5_init_shared.h \ src/providers/krb5/krb5_opts.h \ src/providers/ldap/ldap_common.h \ src/providers/ldap/sdap.h \ src/providers/ldap/sdap_access.h \ src/providers/ldap/sdap_async.h \ src/providers/ldap/sdap_async_private.h \ src/providers/ldap/sdap_sudo_cache.h \ src/providers/ldap/sdap_sudo.h \ src/providers/ldap/sdap_autofs.h \ src/providers/ldap/sdap_id_op.h \ src/providers/ldap/ldap_opts.h \ src/providers/ldap/sdap_range.h \ src/providers/ldap/sdap_users.h \ src/providers/ldap/sdap_dyndns.h \ src/providers/ldap/sdap_async_enum.h \ src/providers/ipa/ipa_common.h \ src/providers/ipa/ipa_config.h \ src/providers/ipa/ipa_access.h \ src/providers/ipa/ipa_selinux.h \ src/providers/ipa/ipa_hosts.h \ src/providers/ipa/ipa_selinux_common.h \ src/providers/ipa/ipa_selinux_maps.h \ src/providers/ipa/ipa_auth.h \ src/providers/ipa/ipa_dyndns.h \ src/providers/ipa/ipa_subdomains.h \ src/providers/ipa/ipa_id.h \ src/providers/ipa/ipa_hostid.h \ src/providers/ipa/ipa_opts.h \ src/providers/ipa/ipa_srv.h \ src/providers/ad/ad_srv.h \ src/providers/proxy/proxy.h \ src/tools/tools_util.h \ src/tools/sss_sync_ops.h \ src/resolv/async_resolv.h \ src/resolv/ares/ares_parse_srv_reply.h \ src/resolv/ares/ares_parse_txt_reply.h \ src/resolv/ares/ares_data.h \ src/tests/common.h \ src/tests/common_check.h \ src/tests/cmocka/common_mock.h \ src/tests/cmocka/common_mock_resp.h \ src/sss_client/ssh/sss_ssh_client.h \ src/sss_client/sudo/sss_sudo.h \ src/lib/idmap/sss_idmap_private.h if HAVE_NSS dist_noinst_HEADERS += src/util/crypto/nss/nss_util.h endif SSSD_DOCS = \ doc \ hbac_doc \ idmap_doc \ nss_idmap_doc if BUILD_SUDO SSSD_DOCS += libsss_sudo_doc endif CLIENT_LIBS = $(LTLIBINTL) if HAVE_PTHREAD CLIENT_LIBS += -lpthread endif ##################### # Utility libraries # ##################### pkglib_LTLIBRARIES += libsss_debug.la libsss_debug_la_SOURCES = \ src/util/debug.c \ src/util/sss_log.c libsss_debug_la_LDFLAGS = \ -avoid-version pkglib_LTLIBRARIES += libsss_child.la libsss_child_la_SOURCES = src/util/child_common.c libsss_child_la_LDFLAGS = -avoid-version pkglib_LTLIBRARIES += libsss_util.la libsss_util_la_SOURCES = \ src/confdb/confdb.c \ src/db/sysdb.c \ src/db/sysdb_ops.c \ src/db/sysdb_search.c \ src/db/sysdb_selinux.c \ src/db/sysdb_upgrade.c \ src/db/sysdb_services.c \ src/db/sysdb_autofs.c \ src/db/sysdb_subdomains.c \ src/db/sysdb_ranges.c \ src/db/sysdb_idmap.c \ src/monitor/monitor_sbus.c \ src/providers/dp_auth_util.c \ src/providers/dp_pam_data_util.c \ src/providers/dp_sbus.c \ src/sbus/sbus_client.c \ src/sbus/sssd_dbus_common.c \ src/sbus/sssd_dbus_connection.c \ src/sbus/sssd_dbus_server.c \ src/util/util.c \ src/util/memory.c \ src/util/server.c \ src/util/signal.c \ src/util/usertools.c \ src/util/backup_file.c \ src/util/strtonum.c \ src/util/check_and_open.c \ src/util/refcount.c \ src/util/sss_nss.c \ src/util/sss_utf8.c \ src/util/sss_tc_utf8.c \ src/util/murmurhash3.c \ src/util/atomic_io.c \ src/util/authtok.c \ src/util/sss_selinux.c \ src/util/domain_info_utils.c \ src/util/util_lock.c \ src/util/util_errors.c \ src/util/sss_ini.c \ src/util/io.c \ src/util/util_sss_idmap.c libsss_util_la_LIBADD = \ $(SSSD_LIBS) \ $(UNICODE_LIBS) if BUILD_SUDO libsss_util_la_SOURCES += src/db/sysdb_sudo.c endif if BUILD_SSH libsss_util_la_SOURCES += \ src/db/sysdb_ssh.c \ src/util/sss_ssh.c endif libsss_util_la_LDFLAGS = -avoid-version SSSD_INTERNAL_LTLIBS = \ libsss_util.la \ libsss_crypt.la \ libsss_debug.la \ libsss_child.la lib_LTLIBRARIES = libipa_hbac.la libsss_idmap.la libsss_nss_idmap.la dist_pkgconfig_DATA += src/providers/ipa/ipa_hbac.pc libipa_hbac_la_SOURCES = \ src/providers/ipa/hbac_evaluator.c \ src/util/sss_utf8.c libipa_hbac_la_LIBADD = \ $(UNICODE_LIBS) libipa_hbac_la_LDFLAGS = \ -version-info 0:1:0 dist_pkgconfig_DATA += src/lib/idmap/sss_idmap.pc libsss_idmap_la_SOURCES = \ src/lib/idmap/sss_idmap.c \ src/lib/idmap/sss_idmap_conv.c \ src/util/murmurhash3.c libsss_idmap_la_LDFLAGS = \ -version-info 4:0:4 dist_pkgconfig_DATA += src/sss_client/idmap/sss_nss_idmap.pc libsss_nss_idmap_la_SOURCES = \ src/sss_client/idmap/sss_nss_idmap.c \ src/sss_client/common.c \ src/util/strtonum.c libsss_nss_idmap_la_LIBADD = \ $(CLIENT_LIBS) libsss_nss_idmap_la_LDFLAGS = \ -version-info 0:1:0 include_HEADERS = \ src/providers/ipa/ipa_hbac.h \ src/lib/idmap/sss_idmap.h \ src/sss_client/idmap/sss_nss_idmap.h #################### # Program Binaries # #################### sssd_SOURCES = \ src/monitor/monitor.c \ src/monitor/monitor_netlink.c \ src/confdb/confdb_setup.c \ src/util/nscd.c sssd_LDADD = \ $(SSSD_LIBS) \ $(INOTIFY_LIBS) \ $(LIBNL_LIBS) \ $(KEYUTILS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) sssd_nss_SOURCES = \ src/responder/nss/nsssrv.c \ src/responder/nss/nsssrv_cmd.c \ src/responder/nss/nsssrv_netgroup.c \ src/responder/nss/nsssrv_services.c \ src/responder/nss/nsssrv_mmap_cache.c \ $(SSSD_RESPONDER_OBJ) sssd_nss_LDADD = \ $(TDB_LIBS) \ $(SSSD_LIBS) \ libsss_idmap.la \ $(SSSD_INTERNAL_LTLIBS) sssd_pam_SOURCES = \ src/responder/pam/pam_LOCAL_domain.c \ src/responder/pam/pamsrv.c \ src/responder/pam/pamsrv_cmd.c \ src/responder/pam/pamsrv_dp.c \ src/responder/pam/pam_helpers.c \ $(SSSD_RESPONDER_OBJ) sssd_pam_LDADD = \ $(TDB_LIBS) \ $(SSSD_LIBS) \ $(SELINUX_LIBS) \ $(SSSD_INTERNAL_LTLIBS) if BUILD_SUDO sssd_sudo_SOURCES = \ src/responder/sudo/sudosrv.c \ src/responder/sudo/sudosrv_cmd.c \ src/responder/sudo/sudosrv_get_sudorules.c \ src/responder/sudo/sudosrv_query.c \ src/responder/sudo/sudosrv_dp.c \ $(SSSD_RESPONDER_OBJ) sssd_sudo_LDADD = \ $(SSSD_LIBS) \ $(SSSD_INTERNAL_LTLIBS) endif if BUILD_AUTOFS sssd_autofs_SOURCES = \ src/responder/autofs/autofssrv.c \ src/responder/autofs/autofssrv_cmd.c \ src/responder/autofs/autofssrv_dp.c \ $(SSSD_RESPONDER_OBJ) sssd_autofs_LDADD = \ $(SSSD_LIBS) \ $(SSSD_INTERNAL_LTLIBS) endif if BUILD_SSH sssd_ssh_SOURCES = \ src/responder/ssh/sshsrv.c \ src/responder/ssh/sshsrv_dp.c \ src/responder/ssh/sshsrv_cmd.c \ $(SSSD_RESPONDER_OBJ) sssd_ssh_LDADD = \ $(SSSD_LIBS) \ $(SSSD_INTERNAL_LTLIBS) endif sssd_pac_SOURCES = \ src/responder/pac/pacsrv.c \ src/responder/pac/pacsrv_cmd.c \ src/responder/pac/pacsrv_utils.c \ $(SSSD_UTIL_OBJ) \ $(SSSD_RESPONDER_OBJ) sssd_pac_CFLAGS = \ $(AM_CFLAGS) \ $(NDR_KRB5PAC_CFLAGS) sssd_pac_LDADD = \ $(NDR_KRB5PAC_LIBS) \ $(TDB_LIBS) \ $(SSSD_LIBS) \ libsss_idmap.la \ $(SSSD_INTERNAL_LTLIBS) sssd_be_SOURCES = \ src/providers/data_provider_be.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ src/providers/dp_dyndns.c \ src/providers/dp_ptask.c \ src/providers/dp_refresh.c \ $(SSSD_FAILOVER_OBJ) sssd_be_LDADD = \ $(LIBADD_DL) \ $(SSSD_LIBS) \ $(CARES_LIBS) \ $(PAM_LIBS) \ $(SSSD_INTERNAL_LTLIBS) sssd_be_LDFLAGS = \ -Wl,--version-script,$(srcdir)/src/providers/sssd_be.exports \ -export-dynamic if BUILD_PYTHON_BINDINGS sss_obfuscate_pythondir = $(sbindir) dist_sss_obfuscate_python_SCRIPTS = \ src/tools/sss_obfuscate endif dist_noinst_DATA += \ src/examples/sssd-example.conf \ src/examples/sssdproxytest \ src/examples/sudo \ src/examples/logrotate \ src/providers/sssd_be.exports \ src/sss_client/COPYING \ src/sss_client/COPYING.LESSER \ src/m4 ###################### # Command-line Tools # ###################### sss_useradd_SOURCES = \ src/tools/sss_useradd.c \ $(SSSD_TOOLS_OBJ) sss_useradd_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) sss_userdel_SOURCES = \ src/tools/sss_userdel.c \ src/util/find_uid.c \ $(SSSD_LCL_TOOLS_OBJ) sss_userdel_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(CLIENT_LIBS) sss_userdel_CFLAGS = $(AM_CFLAGS) sss_groupadd_SOURCES = \ src/tools/sss_groupadd.c \ $(SSSD_TOOLS_OBJ) sss_groupadd_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) sss_groupdel_SOURCES = \ src/tools/sss_groupdel.c \ $(SSSD_LCL_TOOLS_OBJ) sss_groupdel_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(CLIENT_LIBS) sss_groupdel_CFLAGS = $(AM_CFLAGS) sss_usermod_SOURCES = \ src/tools/sss_usermod.c \ $(SSSD_LCL_TOOLS_OBJ) sss_usermod_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(CLIENT_LIBS) sss_usermod_CFLAGS = $(AM_CFLAGS) sss_groupmod_SOURCES = \ src/tools/sss_groupmod.c \ $(SSSD_LCL_TOOLS_OBJ) sss_groupmod_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(CLIENT_LIBS) sss_groupmod_CFLAGS = $(AM_CFLAGS) sss_groupshow_SOURCES = \ src/tools/sss_groupshow.c \ $(SSSD_TOOLS_OBJ) sss_groupshow_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) sss_cache_SOURCES = \ src/tools/sss_cache.c \ $(SSSD_LCL_TOOLS_OBJ) sss_cache_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(CLIENT_LIBS) sss_cache_CFLAGS = $(AM_CFLAGS) sss_debuglevel_SOURCES = \ src/tools/sss_debuglevel.c \ $(SSSD_TOOLS_OBJ) sss_debuglevel_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) sss_seed_SOURCES = \ src/tools/sss_seed.c \ $(SSSD_TOOLS_OBJ) sss_seed_LDADD = \ $(TOOLS_LIBS) \ $(SSSD_INTERNAL_LTLIBS) if BUILD_SUDO sss_sudo_cli_SOURCES = \ src/sss_client/common.c \ src/sss_client/sudo/sss_sudo.c \ src/sss_client/sudo/sss_sudo_response.c \ src/sss_client/sudo_testcli/sudo_testcli.c sss_sudo_cli_CFLAGS = $(AM_CFLAGS) sss_sudo_cli_LDADD = $(CLIENT_LIBS) endif if BUILD_SSH sss_ssh_authorizedkeys_SOURCES = \ src/sss_client/common.c \ src/sss_client/ssh/sss_ssh_client.c \ src/sss_client/ssh/sss_ssh_authorizedkeys.c sss_ssh_authorizedkeys_CFLAGS = $(AM_CFLAGS) sss_ssh_authorizedkeys_LDADD = \ $(SSSD_INTERNAL_LTLIBS) \ $(CLIENT_LIBS) $(TALLOC_LIBS) $(POPT_LIBS) sss_ssh_knownhostsproxy_SOURCES = \ src/sss_client/common.c \ src/sss_client/ssh/sss_ssh_client.c \ src/sss_client/ssh/sss_ssh_knownhostsproxy.c sss_ssh_knownhostsproxy_CFLAGS = $(AM_CFLAGS) sss_ssh_knownhostsproxy_LDADD = \ $(SSSD_INTERNAL_LTLIBS) \ $(CLIENT_LIBS) $(TALLOC_LIBS) $(POPT_LIBS) endif ################# # Feature Tests # ################# TESTS_ENVIRONMENT = LDB_MODULES_PATH=$(abs_top_builddir)/ldb_mod_test_dir ldb_mod_test_dir: memberof.la mkdir -p $(builddir)/ldb_mod_test_dir cp $(builddir)/.libs/memberof.so $(builddir)/ldb_mod_test_dir noinst_LTLIBRARIES += \ libsss_test_common.la libsss_test_common_la_SOURCES = \ src/tests/common_tev.c \ src/tests/common_dom.c \ src/tests/leak_check.c \ src/tests/common.c libsss_test_common_la_LIBADD = \ $(TALLOC_LIBS) \ $(TEVENT_LIBS) if HAVE_CHECK libsss_test_common_la_SOURCES += \ src/tests/common_check.c check_LTLIBRARIES = \ libdlopen_test_providers.la libdlopen_test_providers_la_SOURCES = \ $(sssd_be_SOURCES) libdlopen_test_providers_la_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) \ -DUNIT_TESTING libdlopen_test_providers_la_LIBADD = \ $(PAM_LIBS) \ $(SSSD_LIBS) \ $(CARES_LIBS) \ $(SSSD_INTERNAL_LTLIBS) libdlopen_test_providers_la_LDFLAGS = \ -module \ -avoid-version \ -Wl,--version-script,$(srcdir)/src/providers/sssd_be.exports \ -rpath $(abs_top_builddir) \ -export-dynamic dlopen_tests_SOURCES = \ src/tests/dlopen-tests.c dlopen_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) dlopen_tests_LDADD = \ $(LIBADD_DL) \ $(CHECK_LIBS) sysdb_tests_DEPENDENCIES = \ $(ldblib_LTLIBRARIES) sysdb_tests_SOURCES = \ src/tests/sysdb-tests.c sysdb_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) sysdb_tests_LDADD = \ $(SSSD_LIBS) \ $(CHECK_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la sysdb_ssh_tests_DEPENDENCIES = \ $(ldblib_LTLIBRARIES) sysdb_ssh_tests_SOURCES = \ src/tests/sysdb_ssh-tests.c sysdb_ssh_tests_CFLAGS = \ $(AM_CFLAGS)\ $(CHECK_CFLAGS) sysdb_ssh_tests_LDADD = \ $(SSSD_LIBS) \ $(CHECK_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la strtonum_tests_SOURCES = \ src/tests/strtonum-tests.c \ src/util/strtonum.c strtonum_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) strtonum_tests_LDADD = \ $(SSSD_LIBS) \ $(CHECK_LIBS) \ libsss_debug.la \ libsss_test_common.la krb5_utils_tests_SOURCES = \ src/tests/krb5_utils-tests.c \ src/providers/krb5/krb5_utils.c \ src/providers/krb5/krb5_become_user.c \ src/providers/krb5/krb5_common.c \ src/util/sss_krb5.c \ src/util/find_uid.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ $(SSSD_FAILOVER_OBJ) krb5_utils_tests_CFLAGS = \ $(AM_CFLAGS) \ $(KRB5_CFLAGS) \ $(CHECK_CFLAGS) krb5_utils_tests_LDADD = \ $(SSSD_LIBS)\ $(CARES_LIBS) \ $(KRB5_LIBS) \ $(CHECK_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la check_and_open_tests_SOURCES = \ src/tests/check_and_open-tests.c \ src/util/check_and_open.c check_and_open_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) check_and_open_tests_LDADD = \ libsss_debug.la \ $(CHECK_LIBS) \ libsss_test_common.la FILES_TESTS_LIBS = \ $(CHECK_LIBS) \ $(POPT_LIBS) \ $(TALLOC_LIBS) \ libsss_test_common.la if BUILD_SELINUX FILES_TESTS_LIBS += $(SELINUX_LIBS) endif if BUILD_SEMANAGE FILES_TESTS_LIBS += $(SEMANAGE_LIBS) endif files_tests_SOURCES = \ src/tests/files-tests.c \ src/util/check_and_open.c \ src/util/atomic_io.c \ src/tools/selinux.c \ src/tools/files.c files_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) files_tests_LDADD = \ $(FILES_TESTS_LIBS) \ libsss_test_common.la \ $(SSSD_INTERNAL_LTLIBS) SSSD_RESOLV_TESTS_OBJ = \ $(SSSD_RESOLV_OBJ) if BUILD_ARES_DATA SSSD_RESOLV_TESTS_OBJ += \ src/resolv/ares/ares_parse_txt_reply.c endif resolv_tests_SOURCES = \ src/tests/resolv-tests.c \ src/tests/common.c \ $(SSSD_RESOLV_TESTS_OBJ) resolv_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) \ -DBUILD_TXT resolv_tests_LDADD = \ $(SSSD_LIBS) \ $(CHECK_LIBS) \ $(CARES_LIBS) \ libsss_debug.la \ libsss_test_common.la refcount_tests_SOURCES = \ src/tests/refcount-tests.c \ $(CHECK_OBJ) refcount_tests_CFLAGS = \ $(CHECK_CFLAGS) refcount_tests_LDADD = \ $(SSSD_LIBS) \ $(CHECK_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la fail_over_tests_SOURCES = \ src/tests/fail_over-tests.c \ $(SSSD_FAILOVER_OBJ) \ $(CHECK_OBJ) fail_over_tests_CFLAGS = \ $(CHECK_CFLAGS) fail_over_tests_LDADD = \ $(SSSD_LIBS) \ $(CHECK_LIBS) \ $(CARES_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la find_uid_tests_SOURCES = \ src/tests/find_uid-tests.c \ src/util/find_uid.c \ src/util/atomic_io.c \ src/util/strtonum.c find_uid_tests_CFLAGS = \ $(AM_CFLAGS) \ $(TALLOC_CFLAGS) \ $(DHASH_CFLAGS) \ $(CHECK_CFLAGS) find_uid_tests_LDADD = \ libsss_debug.la \ $(TALLOC_LIBS) \ $(DHASH_LIBS) \ $(CHECK_LIBS) \ libsss_test_common.la auth_tests_SOURCES = \ src/tests/auth-tests.c auth_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) auth_tests_LDADD = \ $(SSSD_LIBS) \ $(CHECK_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la ipa_ldap_opt_tests_SOURCES = \ src/providers/data_provider_opts.c \ src/tests/ipa_ldap_opt-tests.c ipa_ldap_opt_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) ipa_ldap_opt_tests_LDADD = \ $(CHECK_LIBS) \ $(TALLOC_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la ad_ldap_opt_tests_SOURCES = \ src/tests/ad_ldap_opt-tests.c ad_ldap_opt_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) ad_ldap_opt_tests_LDADD = \ $(CHECK_LIBS) \ $(TALLOC_LIBS) \ libsss_test_common.la simple_access_tests_SOURCES = \ src/tests/simple_access-tests.c \ src/providers/simple/simple_access.c \ src/providers/simple/simple_access_check.c \ src/providers/data_provider_be.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ src/providers/dp_ptask.c \ src/providers/dp_refresh.c \ $(SSSD_FAILOVER_OBJ) simple_access_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) \ -DUNIT_TESTING simple_access_tests_LDADD = \ $(LIBADD_DL) \ $(SSSD_LIBS) \ $(CARES_LIBS) \ $(CHECK_LIBS) \ $(PAM_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la util_tests_SOURCES = \ src/tests/util-tests.c util_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) util_tests_LDADD = \ $(SSSD_LIBS) \ $(CHECK_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la debug_tests_SOURCES = \ src/tests/debug-tests.c \ src/tests/common.c debug_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) debug_tests_LDADD = \ $(SSSD_LIBS) \ $(CHECK_LIBS) \ libsss_debug.la crypto_tests_SOURCES = \ $(SSS_CRYPT_SOURCES) \ src/tests/crypto-tests.c crypto_tests_CFLAGS = \ $(SSS_CRYPT_CFLAGS) \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) crypto_tests_LDADD = \ libsss_debug.la \ $(SSS_CRYPT_LIBS) \ $(SSSD_LIBS) \ $(CHECK_LIBS) \ libsss_test_common.la ipa_hbac_tests_SOURCES = \ src/tests/ipa_hbac-tests.c ipa_hbac_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) ipa_hbac_tests_LDADD = \ $(SSSD_LIBS) \ $(CHECK_LIBS) \ libsss_test_common.la \ libipa_hbac.la sss_idmap_tests_SOURCES = \ src/tests/sss_idmap-tests.c sss_idmap_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) sss_idmap_tests_LDADD = \ $(CHECK_LIBS) \ $(TALLOC_LIBS) \ libsss_test_common.la \ libsss_idmap.la responder_socket_access_tests_SOURCES = \ src/tests/responder_socket_access-tests.c \ src/responder/common/responder_common.c \ src/responder/common/responder_packet.c \ src/responder/common/responder_cmd.c responder_socket_access_tests_CFLAGS = \ $(AM_CFLAGS) \ $(CHECK_CFLAGS) responder_socket_access_tests_LDADD = \ $(CHECK_LIBS) \ $(SSSD_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la endif stress_tests_SOURCES = \ src/tests/stress-tests.c stress_tests_LDADD = \ $(SSSD_LIBS) \ libsss_test_common.la krb5_child_test_SOURCES = \ src/tests/krb5_child-test.c \ src/providers/krb5/krb5_utils.c \ src/providers/krb5/krb5_child_handler.c \ src/providers/krb5/krb5_become_user.c \ src/providers/krb5/krb5_common.c \ src/util/sss_krb5.c \ src/util/find_uid.c \ src/providers/data_provider_fo.c \ src/providers/data_provider_opts.c \ src/providers/data_provider_callbacks.c \ $(SSSD_FAILOVER_OBJ) krb5_child_test_CFLAGS = \ $(AM_CFLAGS) \ -DKRB5_CHILD_DIR=\"$(builddir)\" \ $(KRB5_CFLAGS) \ $(CHECK_CFLAGS) krb5_child_test_LDADD = \ $(SSSD_LIBS) \ $(CARES_LIBS) \ $(KRB5_LIBS) \ $(CHECK_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la if HAVE_CMOCKA TEST_MOCK_RESP_OBJ = \ src/tests/cmocka/common_mock_resp.c \ src/responder/common/responder_packet.c \ src/responder/common/responder_cmd.c \ src/responder/common/negcache.c \ src/responder/common/responder_common.c nss_srv_tests_DEPENDENCIES = \ $(ldblib_LTLIBRARIES) nss_srv_tests_SOURCES = \ $(TEST_MOCK_RESP_OBJ) \ src/tests/cmocka/test_nss_srv.c \ src/responder/nss/nsssrv_cmd.c \ src/responder/nss/nsssrv_netgroup.c \ src/responder/nss/nsssrv_services.c \ src/responder/nss/nsssrv_mmap_cache.c nss_srv_tests_CFLAGS = \ $(AM_CFLAGS) nss_srv_tests_LDFLAGS = \ -Wl,-wrap,sss_ncache_check_user \ -Wl,-wrap,sss_packet_get_body \ -Wl,-wrap,sss_packet_get_cmd \ -Wl,-wrap,sss_cmd_send_empty \ -Wl,-wrap,sss_cmd_done nss_srv_tests_LDADD = \ $(CMOCKA_LIBS) \ $(SSSD_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la \ libsss_idmap.la test_find_uid_DEPENDENCIES = \ $(ldblib_LTLIBRARIES) test_find_uid_SOURCES = \ src/tests/cmocka/test_find_uid.c \ src/util/find_uid.c \ src/util/atomic_io.c \ src/util/strtonum.c test_find_uid_CFLAGS = \ $(AM_CFLAGS) \ $(TALLOC_CFLAGS) \ $(DHASH_CFLAGS) test_find_uid_LDADD = \ $(TALLOC_LIBS) \ $(DHASH_LIBS) \ $(CMOCKA_LIBS) \ libsss_debug.la test_io_SOURCES = \ src/tests/cmocka/test_io.c \ src/util/io.c \ src/tests/common.c test_io_CFLAGS = \ $(AM_CFLAGS) test_io_LDADD = \ $(CMOCKA_LIBS) sss_nss_idmap_tests_SOURCES = \ src/tests/cmocka/sss_nss_idmap-tests.c sss_nss_idmap_tests_CFLAGS = \ $(AM_CFLAGS) sss_nss_idmap_tests_LDADD = \ $(CMOCKA_LIBS) \ libsss_nss_idmap.la dyndns_tests_DEPENDENCIES = \ $(ldblib_LTLIBRARIES) dyndns_tests_SOURCES = \ $(SSSD_RESOLV_OBJ) \ src/tests/cmocka/test_dyndns.c \ src/providers/data_provider_opts.c dyndns_tests_CFLAGS = \ $(AM_CFLAGS) \ -DDYNDNS_TIMEOUT=2 dyndns_tests_LDFLAGS = \ -Wl,-wrap,execv \ -Wl,-wrap,getifaddrs \ -Wl,-wrap,freeifaddrs dyndns_tests_LDADD = \ $(CARES_LIBS) \ $(CMOCKA_LIBS) \ $(SSSD_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la fqnames_tests_SOURCES = \ src/tests/cmocka/test_fqnames.c fqnames_tests_CFLAGS = \ $(AM_CFLAGS) fqnames_tests_LDADD = \ $(CMOCKA_LIBS) \ $(SSSD_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la test_sss_idmap_SOURCES = \ src/tests/cmocka/test_sss_idmap.c test_sss_idmap_CFLAGS = \ $(AM_CFLAGS) test_sss_idmap_LDADD = \ $(CMOCKA_LIBS) \ $(POPT_LIBS) \ libsss_idmap.la \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la test_ipa_idmap_SOURCES = \ src/tests/cmocka/test_ipa_idmap.c \ src/providers/ipa/ipa_idmap.c test_ipa_idmap_CFLAGS = \ $(AM_CFLAGS) test_ipa_idmap_LDFLAGS = \ -Wl,-wrap,sysdb_get_ranges test_ipa_idmap_LDADD = \ $(CMOCKA_LIBS) \ $(POPT_LIBS) \ libsss_idmap.la \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la test_utils_SOURCES = \ src/tests/cmocka/test_utils.c test_utils_CFLAGS = \ $(AM_CFLAGS) test_utils_LDADD = \ $(CMOCKA_LIBS) \ $(POPT_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la test_search_bases_SOURCES = \ $(sssd_be_SOURCES) \ src/util/sss_ldap.c \ src/util/sss_krb5.c \ src/util/find_uid.c \ src/util/user_info_msg.c \ src/tests/cmocka/test_search_bases.c test_search_bases_CFLAGS = \ $(AM_CFLAGS) \ -DUNIT_TESTING test_search_bases_LDADD = \ $(PAM_LIBS) \ $(CMOCKA_LIBS) \ $(POPT_LIBS) \ $(SSSD_LIBS) \ $(CARES_LIBS) \ $(KRB5_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(SYSTEMD_LOGIN_LIBS) \ libsss_ldap_common.la \ libsss_idmap.la \ libsss_krb5_common.la \ libsss_test_common.la ad_access_filter_tests_SOURCES = \ $(sssd_be_SOURCES) \ src/util/sss_ldap.c \ src/util/sss_krb5.c \ src/util/find_uid.c \ src/util/user_info_msg.c \ src/providers/ad/ad_common.c \ src/tests/cmocka/test_ad_access_filter.c ad_access_filter_tests_CFLAGS = \ $(AM_CFLAGS) \ $(SYSTEMD_LOGIN_CFLAGS) \ -DUNIT_TESTING ad_access_filter_tests_LDADD = \ $(PAM_LIBS) \ $(CMOCKA_LIBS) \ $(SSSD_LIBS) \ $(CARES_LIBS) \ $(KRB5_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(SYSTEMD_LOGIN_LIBS) \ libsss_ldap_common.la \ libsss_idmap.la \ libsss_krb5_common.la \ libsss_test_common.la ad_common_tests_SOURCES = \ $(sssd_be_SOURCES) \ src/util/sss_ldap.c \ src/util/sss_krb5.c \ src/util/find_uid.c \ src/util/user_info_msg.c \ src/tests/cmocka/test_ad_common.c ad_common_tests_CFLAGS = \ $(AM_CFLAGS) \ $(SYSTEMD_LOGIN_CFLAGS) \ -DUNIT_TESTING ad_common_tests_LDFLAGS = \ -Wl,-wrap,sdap_set_sasl_options ad_common_tests_LDADD = \ $(PAM_LIBS) \ $(CMOCKA_LIBS) \ $(SSSD_LIBS) \ $(CARES_LIBS) \ $(KRB5_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(SYSTEMD_LOGIN_LIBS) \ libsss_ldap_common.la \ libsss_idmap.la \ libsss_krb5_common.la \ libsss_test_common.la dp_opt_tests_SOURCES = \ src/providers/data_provider_opts.c \ src/tests/cmocka/test_dp_opts.c dp_opt_tests_CFLAGS = \ $(AM_CFLAGS) dp_opt_tests_LDADD = \ $(CMOCKA_LIBS) \ $(TALLOC_LIBS) \ $(POPT_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la endif noinst_PROGRAMS = pam_test_client if BUILD_SUDO noinst_PROGRAMS += sss_sudo_cli endif if BUILD_AUTOFS noinst_PROGRAMS += autofs_test_client endif pam_test_client_SOURCES = src/sss_client/pam_test_client.c pam_test_client_LDADD = -lpam -lpam_misc if BUILD_AUTOFS autofs_test_client_SOURCES = \ src/sss_client/autofs/autofs_test_client.c \ src/sss_client/autofs/sss_autofs.c \ src/sss_client/common.c autofs_test_client_CFLAGS = $(AM_CFLAGS) autofs_test_client_LDADD = -lpopt $(CLIENT_LIBS) endif #################### # Client Libraries # #################### nsslib_LTLIBRARIES = libnss_sss.la libnss_sss_la_SOURCES = \ src/sss_client/common.c \ src/sss_client/nss_passwd.c \ src/sss_client/nss_group.c \ src/sss_client/nss_netgroup.c \ src/sss_client/nss_services.c \ src/sss_client/sss_cli.h \ src/sss_client/nss_compat.h \ src/sss_client/nss_mc_common.c \ src/util/io.c \ src/util/murmurhash3.c \ src/sss_client/nss_mc_passwd.c \ src/sss_client/nss_mc_group.c \ src/sss_client/nss_mc.h libnss_sss_la_LIBADD = \ $(CLIENT_LIBS) libnss_sss_la_LDFLAGS = \ -module \ -version-info 2:0:0 \ -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports pamlib_LTLIBRARIES = pam_sss.la pam_sss_la_SOURCES = \ src/sss_client/pam_sss.c \ src/sss_client/common.c \ src/sss_client/sss_cli.h \ src/util/atomic_io.c \ src/sss_client/sss_pam_macros.h pam_sss_la_LIBADD = \ $(CLIENT_LIBS) \ -lpam pam_sss_la_LDFLAGS = \ -module \ -avoid-version \ -Wl,--version-script,$(srcdir)/src/sss_client/sss_pam.exports if BUILD_SUDO libsss_sudo_la_SOURCES = \ src/sss_client/common.c \ src/sss_client/sss_cli.h \ src/sss_client/sudo/sss_sudo_response.c \ src/sss_client/sudo/sss_sudo.c \ src/sss_client/sudo/sss_sudo.h \ src/sss_client/sudo/sss_sudo_private.h libsss_sudo_la_LIBADD = \ $(CLIENT_LIBS) libsss_sudo_la_LDFLAGS = \ -Wl,--version-script,$(srcdir)/src/sss_client/sss_sudo.exports \ -module \ -avoid-version sudolib_LTLIBRARIES = libsss_sudo.la endif if BUILD_AUTOFS autofslib_LTLIBRARIES = libsss_autofs.la libsss_autofs_la_SOURCES = \ src/sss_client/common.c \ src/sss_client/sss_cli.h \ src/sss_client/autofs/sss_autofs.c \ src/sss_client/autofs/sss_autofs_private.h libsss_autofs_la_LIBADD = \ $(CLIENT_LIBS) libsss_autofs_la_LDFLAGS = \ -module \ -avoid-version \ -Wl,--version-script,$(srcdir)/src/sss_client/autofs/sss_autofs.exports endif dist_noinst_DATA += \ src/sss_client/sss_nss.exports \ src/sss_client/sss_pam.exports if BUILD_SUDO dist_noinst_DATA += src/sss_client/sss_sudo.exports endif if BUILD_AUTOFS dist_noinst_DATA += src/sss_client/autofs/sss_autofs.exports endif #################### # Plugin Libraries # #################### pkglib_LTLIBRARIES += libsss_ldap_common.la libsss_ldap_common_la_SOURCES = \ src/providers/ldap/ldap_id.c \ src/providers/ldap/ldap_id_enum.c \ src/providers/ldap/sdap_async_enum.c \ src/providers/ldap/ldap_id_cleanup.c \ src/providers/ldap/ldap_id_netgroup.c \ src/providers/ldap/ldap_id_services.c \ src/providers/ldap/ldap_auth.c \ src/providers/ldap/ldap_common.c \ src/providers/ldap/sdap_access.c \ src/providers/ldap/sdap_async.c \ src/providers/ldap/sdap_async_users.c \ src/providers/ldap/sdap_async_groups.c \ src/providers/ldap/sdap_async_nested_groups.c \ src/providers/ldap/sdap_async_groups_ad.c \ src/providers/ldap/sdap_async_initgroups.c \ src/providers/ldap/sdap_async_initgroups_ad.c \ src/providers/ldap/sdap_async_connection.c \ src/providers/ldap/sdap_async_netgroups.c \ src/providers/ldap/sdap_async_services.c \ src/providers/ldap/sdap_child_helpers.c \ src/providers/ldap/sdap_fd_events.c \ src/providers/ldap/sdap_id_op.c \ src/providers/ldap/sdap_idmap.c \ src/providers/ldap/sdap_idmap.h \ src/providers/ldap/sdap_range.c \ src/providers/ldap/sdap_reinit.c \ src/providers/ldap/sdap_dyndns.c \ src/providers/ldap/sdap_refresh.c \ src/providers/ldap/sdap.c libsss_ldap_common_la_LDFLAGS = \ -avoid-version if BUILD_SUDO libsss_ldap_common_la_SOURCES += \ src/providers/ldap/sdap_sudo_cache.c \ src/providers/ldap/sdap_async_sudo.c \ src/providers/ldap/sdap_async_sudo_timer.c \ src/providers/ldap/sdap_async_sudo_hostinfo.c \ src/providers/ldap/sdap_sudo.c endif if BUILD_AUTOFS libsss_ldap_common_la_SOURCES += \ src/providers/ldap/sdap_autofs.c \ src/providers/ldap/sdap_async_autofs.c endif libsss_ldap_common_la_CFLAGS = \ $(KRB5_CFLAGS) pkglib_LTLIBRARIES += libsss_krb5_common.la libsss_krb5_common_la_SOURCES = \ src/providers/krb5/krb5_utils.c \ src/providers/krb5/krb5_become_user.c \ src/providers/krb5/krb5_delayed_online_authentication.c \ src/providers/krb5/krb5_renew_tgt.c \ src/providers/krb5/krb5_wait_queue.c \ src/providers/krb5/krb5_common.c \ src/providers/krb5/krb5_auth.c \ src/providers/krb5/krb5_access.c \ src/providers/krb5/krb5_child_handler.c \ src/providers/krb5/krb5_init_shared.c libsss_krb5_common_la_LDFLAGS = \ -avoid-version libsss_krb5_common_la_CFLAGS = \ $(KRB5_CFLAGS) libsss_ldap_la_SOURCES = \ src/util/find_uid.c \ src/providers/ldap/ldap_init.c \ src/providers/ldap/ldap_access.c \ src/providers/krb5/krb5_common.c \ src/providers/krb5/krb5_utils.c \ src/providers/krb5/krb5_become_user.c \ src/util/user_info_msg.c \ src/util/sss_ldap.c \ src/util/sss_krb5.c libsss_ldap_la_CFLAGS = \ $(AM_CFLAGS) \ $(LDAP_CFLAGS) \ $(KRB5_CFLAGS) libsss_ldap_la_LIBADD = \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KRB5_LIBS) \ libsss_ldap_common.la \ libsss_idmap.la libsss_ldap_la_LDFLAGS = \ -avoid-version \ -module libsss_proxy_la_SOURCES = \ src/providers/proxy/proxy_init.c \ src/providers/proxy/proxy_id.c \ src/providers/proxy/proxy_netgroup.c \ src/providers/proxy/proxy_services.c \ src/providers/proxy/proxy_auth.c libsss_proxy_la_CFLAGS = \ $(AM_CFLAGS) libsss_proxy_la_LIBADD = \ $(PAM_LIBS) libsss_proxy_la_LDFLAGS = \ -avoid-version \ -module libsss_simple_la_SOURCES = \ src/providers/simple/simple_access_check.c \ src/providers/simple/simple_access.c libsss_simple_la_CFLAGS = \ $(AM_CFLAGS) libsss_simple_la_LIBADD = \ $(PAM_LIBS) libsss_simple_la_LDFLAGS = \ -avoid-version \ -module libsss_krb5_la_SOURCES = \ src/providers/krb5/krb5_init.c \ src/util/find_uid.c \ src/util/sss_krb5.c libsss_krb5_la_CFLAGS = \ $(AM_CFLAGS) \ $(DHASH_CFLAGS) \ $(KRB5_CFLAGS) libsss_krb5_la_LIBADD = \ $(DHASH_LIBS) \ $(KEYUTILS_LIBS) \ $(KRB5_LIBS) \ libsss_krb5_common.la libsss_krb5_la_LDFLAGS = \ -avoid-version \ -module libsss_ipa_la_SOURCES = \ src/providers/ipa/ipa_init.c \ src/providers/ipa/ipa_common.c \ src/providers/ipa/ipa_config.c \ src/providers/ipa/ipa_id.c \ src/providers/ipa/ipa_netgroups.c \ src/providers/ipa/ipa_auth.c \ src/providers/ipa/ipa_access.c \ src/providers/ipa/ipa_dyndns.c \ src/providers/ipa/ipa_hosts.c \ src/providers/ipa/ipa_subdomains.c \ src/providers/ipa/ipa_subdomains_id.c \ src/providers/ipa/ipa_subdomains_ext_groups.c \ src/providers/ipa/ipa_s2n_exop.c \ src/providers/ipa/ipa_hbac_hosts.c \ src/providers/ipa/ipa_hbac_private.h \ src/providers/ipa/ipa_hbac_rules.c \ src/providers/ipa/ipa_hbac_rules.h \ src/providers/ipa/ipa_hbac_services.c \ src/providers/ipa/ipa_hbac_users.c \ src/providers/ipa/ipa_hbac_common.c \ src/providers/ipa/ipa_selinux.c \ src/providers/ipa/ipa_selinux_maps.c \ src/providers/ipa/ipa_selinux_common.c \ src/providers/ipa/ipa_srv.c \ src/providers/ipa/ipa_idmap.c \ src/providers/ad/ad_common.c \ src/providers/ad/ad_common.h \ src/providers/ad/ad_dyndns.c \ src/providers/ad/ad_id.c \ src/providers/ad/ad_srv.c \ src/providers/ad/ad_domain_info.c \ src/util/user_info_msg.c \ src/util/find_uid.c \ src/util/sss_ldap.c \ src/util/sss_krb5.c libsss_ipa_la_CFLAGS = \ $(AM_CFLAGS) \ $(LDAP_CFLAGS) \ $(DHASH_CFLAGS) \ $(NDR_NBT_CFLAGS) \ $(KRB5_CFLAGS) libsss_ipa_la_LIBADD = \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(NDR_NBT_LIBS) \ $(KEYUTILS_LIBS) \ $(KRB5_LIBS) \ libsss_ldap_common.la \ libsss_krb5_common.la \ libipa_hbac.la \ libsss_idmap.la libsss_ipa_la_LDFLAGS = \ -avoid-version \ -module if BUILD_AUTOFS libsss_ipa_la_SOURCES += \ src/providers/ipa/ipa_autofs.c endif if BUILD_SUDO libsss_ipa_la_SOURCES += \ src/providers/ipa/ipa_sudo.c endif if BUILD_SSH libsss_ipa_la_SOURCES += src/providers/ipa/ipa_hostid.c endif libsss_ad_la_SOURCES = \ src/providers/ad/ad_common.c \ src/providers/ad/ad_common.h \ src/providers/ad/ad_init.c \ src/providers/ad/ad_dyndns.c \ src/providers/ad/ad_id.c \ src/providers/ad/ad_id.h \ src/providers/ad/ad_access.c \ src/providers/ad/ad_access.h \ src/providers/ad/ad_opts.h \ src/providers/ad/ad_srv.c \ src/providers/ad/ad_subdomains.c \ src/providers/ad/ad_subdomains.h \ src/providers/ad/ad_domain_info.c \ src/providers/ad/ad_domain_info.h \ src/util/find_uid.c \ src/util/user_info_msg.c \ src/util/sss_krb5.c \ src/util/sss_ldap.c if BUILD_SUDO libsss_ad_la_SOURCES += \ src/providers/ad/ad_sudo.c endif libsss_ad_la_CFLAGS = \ $(AM_CFLAGS) \ $(LDAP_CFLAGS) \ $(DHASH_CFLAGS) \ $(KRB5_CFLAGS) \ $(NDR_NBT_CFLAGS) libsss_ad_la_LIBADD = \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KEYUTILS_LIBS) \ $(KRB5_LIBS) \ $(NDR_NBT_LIBS) \ libsss_ldap_common.la \ libsss_krb5_common.la \ libsss_idmap.la libsss_ad_la_LDFLAGS = \ -avoid-version \ -module krb5_child_SOURCES = \ src/providers/krb5/krb5_become_user.c \ src/providers/krb5/krb5_child.c \ src/providers/dp_pam_data_util.c \ src/util/user_info_msg.c \ src/util/sss_krb5.c \ src/util/atomic_io.c \ src/util/authtok.c \ src/util/util.c \ src/util/signal.c \ src/sss_client/common.c krb5_child_CFLAGS = \ $(AM_CFLAGS) \ $(POPT_CFLAGS) \ $(KRB5_CFLAGS) krb5_child_LDADD = \ libsss_debug.la \ libsss_child.la \ $(TALLOC_LIBS) \ $(TEVENT_LIBS) \ $(POPT_LIBS) \ $(DHASH_LIBS) \ $(KRB5_LIBS) \ $(CLIENT_LIBS) ldap_child_SOURCES = \ src/providers/ldap/ldap_child.c \ src/util/sss_krb5.c \ src/util/atomic_io.c \ src/util/authtok.c \ src/util/util.c \ src/util/signal.c ldap_child_CFLAGS = \ $(AM_CFLAGS) \ $(POPT_CFLAGS) \ $(KRB5_CFLAGS) ldap_child_LDADD = \ libsss_debug.la \ libsss_child.la \ $(TALLOC_LIBS) \ $(TEVENT_LIBS) \ $(POPT_LIBS) \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KRB5_LIBS) proxy_child_SOURCES = \ src/providers/proxy/proxy_child.c proxy_child_CFLAGS = \ $(AM_CFLAGS) \ $(POPT_CFLAGS) proxy_child_LDADD = \ $(PAM_LIBS) \ $(SSSD_LIBS) \ $(SSSD_INTERNAL_LTLIBS) memberof_la_SOURCES = \ src/ldb_modules/memberof.c \ src/util/util.c memberof_la_CFLAGS = \ $(AM_CFLAGS) memberof_la_LIBADD = \ libsss_debug.la \ $(LDB_LIBS) \ $(DHASH_LIBS) memberof_la_LDFLAGS = \ -avoid-version \ -module if BUILD_KRB5_LOCATOR_PLUGIN sssd_krb5_locator_plugin_la_SOURCES = \ src/krb5_plugin/sssd_krb5_locator_plugin.c \ src/util/atomic_io.c sssd_krb5_locator_plugin_la_CFLAGS = \ $(AM_CFLAGS) \ $(KRB5_CFLAGS) sssd_krb5_locator_plugin_la_LDFLAGS = \ -avoid-version \ -module endif sssd_pac_plugin_la_SOURCES = \ src/sss_client/sssd_pac.c \ src/sss_client/common.c \ src/sss_client/sss_cli.h \ src/sss_client/krb5_authdata_int.h sssd_pac_plugin_la_CFLAGS = \ $(AM_CFLAGS) \ $(KRB5_CFLAGS) sssd_pac_plugin_la_LIBADD = \ $(CLIENT_LIBS) \ $(KRB5_LIBS) sssd_pac_plugin_la_LDFLAGS = \ -avoid-version \ -module if BUILD_PYTHON_BINDINGS pysss_la_SOURCES = \ $(SSSD_TOOLS_OBJ) \ src/python/pysss.c pysss_la_CFLAGS = \ $(AM_CFLAGS) \ $(PYTHON_CFLAGS) pysss_la_LIBADD = \ $(SSSD_INTERNAL_LTLIBS) \ $(PYTHON_BINDINGS_LIBS) \ $(PYTHON_LIBS) pysss_la_LDFLAGS = \ -avoid-version \ -module pyhbac_la_SOURCES = \ src/python/pyhbac.c \ src/util/sss_python.c pyhbac_la_CFLAGS = \ $(AM_CFLAGS) \ $(PYTHON_CFLAGS) pyhbac_la_LIBADD = \ $(PYTHON_LIBS) \ libipa_hbac.la pyhbac_la_LDFLAGS = \ -avoid-version \ -module pysss_murmur_la_SOURCES = \ src/python/pysss_murmur.c \ src/util/murmurhash3.c pysss_murmur_la_CFLAGS = \ $(AM_CFLAGS) \ $(PYTHON_CFLAGS) pysss_murmur_la_LIBADD = \ $(PYTHON_LIBS) pysss_murmur_la_LDFLAGS = \ -avoid-version \ -module pysss_nss_idmap_la_SOURCES = \ src/python/pysss_nss_idmap.c pysss_nss_idmap_la_CFLAGS = \ $(AM_CFLAGS) \ $(PYTHON_CFLAGS) pysss_nss_idmap_la_LIBADD = \ $(PYTHON_LIBS) \ libsss_nss_idmap.la pysss_nss_idmap_la_LDFLAGS = \ -avoid-version \ -module endif ################ # TRANSLATIONS # ################ update-po: if HAVE_MANPAGES $(MAKE) -C src/man update-po endif $(MAKE) -C po update-po ####################### # Installation Extras # ####################### dist_init_SCRIPTS = dist_systemdunit_DATA = if HAVE_SYSTEMD_UNIT dist_systemdunit_DATA += \ src/sysv/systemd/sssd.service else if HAVE_SUSE dist_init_SCRIPTS += \ src/sysv/SUSE/sssd else if HAVE_GENTOO dist_init_SCRIPTS += \ src/sysv/gentoo/sssd else dist_init_SCRIPTS += \ src/sysv/sssd endif endif endif dist_sssddata_DATA = \ src/config/etc/sssd.api.conf dist_sssdapiplugin_DATA = \ src/config/etc/sssd.api.d/sssd-ipa.conf \ src/config/etc/sssd.api.d/sssd-ad.conf \ src/config/etc/sssd.api.d/sssd-krb5.conf \ src/config/etc/sssd.api.d/sssd-ldap.conf \ src/config/etc/sssd.api.d/sssd-local.conf \ src/config/etc/sssd.api.d/sssd-proxy.conf \ src/config/etc/sssd.api.d/sssd-simple.conf edit_cmd = $(SED) \ -e 's|@sbindir[@]|$(sbindir)|g' \ -e 's|@environment_file[@]|$(environment_file)|g' \ -e 's|@localstatedir[@]|$(localstatedir)|g' \ -e 's|@prefix[@]|$(prefix)|g' replace_script = \ @rm -f $@ $@.tmp; \ srcdir=''; \ test -f ./$@.in || srcdir=$(srcdir)/; \ $(edit_cmd) $${srcdir}$@.in >$@.tmp; \ mv $@.tmp $@ EXTRA_DIST += \ src/sysv/systemd/sssd.service.in src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile @$(MKDIR_P) src/sysv/systemd/ $(replace_script) installsssddirs:: mkdir -p \ $(DESTDIR)$(includedir) \ $(DESTDIR)$(libdir) \ $(DESTDIR)$(bindir) \ $(DESTDIR)$(sbindir) \ $(DESTDIR)$(mandir) \ $(DESTDIR)$(pluginpath) \ $(DESTDIR)$(libdir)/ldb \ $(DESTDIR)$(dbusintrospectdir) \ $(DESTDIR)$(pipepath)/private \ $(DESTDIR)$(sssdlibdir) \ $(DESTDIR)$(pkglibdir) \ $(DESTDIR)$(sssdconfdir) \ $(DESTDIR)$(sssddatadir) \ $(DESTDIR)$(dbpath) \ $(DESTDIR)$(mcpath) \ $(DESTDIR)$(pidpath) \ $(DESTDIR)$(logpath) \ $(DESTDIR)$(pubconfpath) \ $(DESTDIR)$(pubconfpath)/krb5.include.d \ $(DESTDIR)$(sudolibdir) \ $(DESTDIR)$(autofslibdir) if HAVE_DOXYGEN docs: $(DOXYGEN) src/doxy.config $(DOXYGEN) src/providers/ipa/ipa_hbac.doxy $(DOXYGEN) src/lib/idmap/sss_idmap.doxy $(DOXYGEN) src/sss_client/idmap/sss_nss_idmap.doxy else !HAVE_DOXYGEN docs: @echo "Doxygen not installed, cannot generate documentation" @exit 1 endif !HAVE_DOXYGEN if BUILD_PYTHON_BINDINGS $(abs_builddir)/src/config/SSSDConfig/ipachangeconf.py: -cp $(srcdir)/src/config/SSSDConfig/ipachangeconf.py $(builddir)/src/config/SSSDConfig/ $(abs_builddir)/src/config/SSSDConfig/sssd_upgrade_config.py: -cp $(srcdir)/src/config/SSSDConfig/sssd_upgrade_config.py $(builddir)/src/config/SSSDConfig/ SSSDCONFIG_MODULES = \ $(abs_builddir)/src/config/SSSDConfig/ipachangeconf.py \ $(abs_builddir)/src/config/SSSDConfig/sssd_upgrade_config.py else SSSSCONFIG_MODULES = endif all-local: ldb_mod_test_dir $(SSSDCONFIG_MODULES) if BUILD_PYTHON_BINDINGS cd $(builddir)/src/config; $(PYTHON) setup.py build --build-base $(abs_builddir)/src/config endif install-exec-hook: installsssddirs if BUILD_PYTHON_BINDINGS if [ "$(DESTDIR)" = "" ]; then \ cd $(builddir)/src/config; $(PYTHON) setup.py build --build-base $(abs_builddir)/src/config install $(DISTSETUPOPTS) --prefix=$(PYTHON_PREFIX) --record=$(abs_builddir)/src/config/.files; \ else \ cd $(builddir)/src/config; $(PYTHON) setup.py build --build-base $(abs_builddir)/src/config install $(DISTSETUPOPTS) --prefix=$(PYTHON_PREFIX) --root=$(DESTDIR) --record=$(abs_builddir)/src/config/.files; \ fi endif for doc in $(SSSD_DOCS); do \ mkdir -p $$doc $(DESTDIR)/$(docdir); \ cp -a $$doc $(DESTDIR)/$(docdir)/; \ done; if HAVE_SYSTEMD_UNIT mkdir -p $(DESTDIR)$(systemdunitdir) else mkdir -p $(DESTDIR)$(initdir) endif install-data-hook: rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ $(DESTDIR)/$(nsslibdir)/libnss_sss.so mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 if [ ! $(krb5rcachedir) = "__LIBKRB5_DEFAULTS__" ]; then \ mkdir -p $(DESTDIR)/$(krb5rcachedir) ; \ fi uninstall-hook: if [ -f $(abs_builddir)/src/config/.files ]; then \ cat $(abs_builddir)/src/config/.files | xargs -iq rm -f $(DESTDIR)/q; \ rm $(abs_builddir)/src/config/.files ; \ fi for doc in $(SSSD_DOCS); do \ rm -Rf $(DESTDIR)/$(docdir)/$$doc; \ done; clean-local: if BUILD_PYTHON_BINDINGS if [ ! $(srcdir)/src/config/SSSDConfig/ipachangeconf.py -ef $(builddir)/src/config/SSSDConfig/ipachangeconf.py ]; then \ rm -f $(builddir)/src/config/SSSDConfig/ipachangeconf.py ; \ fi if [ ! $(srcdir)/src/config/SSSDConfig/ipachangeconf.py -ef $(builddir)/src/config/SSSDConfig/ipachangeconf.py ]; then \ rm -f $(builddir)/src/config/SSSDConfig/sssd_upgrade_config.py ; \ fi cd $(builddir)/src/config; $(PYTHON) setup.py build --build-base $(abs_builddir)/src/config clean --all endif for doc in $(SSSD_DOCS); do \ rm -Rf $$doc; \ done; rm -Rf ldb_mod_test_dir rm -f $(builddir)/src/sysv/systemd/sssd.service CLEANFILES = *.X */*.X */*/*.X tests: all $(check_PROGRAMS) # RPM-related tasks RPMBUILD ?= $(PWD)/rpmbuild dist_noinst_DATA += \ m4 \ contrib/sssd.spec.in \ BUILD.txt \ COPYING rpmroot: mkdir -p $(RPMBUILD)/BUILD mkdir -p $(RPMBUILD)/RPMS mkdir -p $(RPMBUILD)/SOURCES mkdir -p $(RPMBUILD)/SPECS mkdir -p $(RPMBUILD)/SRPMS rpmbrprep: dist-gzip rpmroot if GIT_CHECKOUT # When we're building RPMs from a git checkout, # we don't want to be bothered with translation # updates git checkout $(srcdir)/po $(srcdir)/src/man/po endif cp $(builddir)/contrib/sssd.spec $(RPMBUILD)/SPECS cp $(distdir).tar.gz $(RPMBUILD)/SOURCES rpms: rpmbrprep cd $(RPMBUILD); \ rpmbuild --define "_topdir $(RPMBUILD)" -ba SPECS/sssd.spec if GIT_CHECKOUT prerelease-rpms: cp $(srcdir)/version.m4 $(srcdir)/version.m4.orig sed -e "s/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.*\])/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.`date +%Y%m%d.%H%M`.git`git log -1 --pretty=format:%h`\])/" < $(srcdir)/version.m4.orig > $(srcdir)/version.m4 $(MAKE) rpms mv $(srcdir)/version.m4.orig $(srcdir)/version.m4 endif # make srpms will use the old digest algorithm to be compatible # with RHEL5 srpm: rpmbrprep cd $(RPMBUILD); \ rpmbuild --define "_topdir $(RPMBUILD)" \ -bs SPECS/sssd.spec if GIT_CHECKOUT prerelease-srpm: cp $(srcdir)/version.m4 $(srcdir)/version.m4.orig sed -e "s/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.*\])/m4_define(\[PRERELEASE_VERSION_NUMBER\], \[.`date +%Y%m%d.%H%M`.git`git log -1 --pretty=format:%h`\])/" < $(srcdir)/version.m4.orig > $(srcdir)/version.m4 $(MAKE) srpm mv $(srcdir)/version.m4.orig $(srcdir)/version.m4 endif sssd-1.11.5/PaxHeaders.13173/ABOUT-NLS0000644000000000000000000000013212320753475015005 xustar000000000000000030 mtime=1396954941.690889651 30 atime=1396954941.690889651 30 ctime=1396954961.512875055 sssd-1.11.5/ABOUT-NLS0000644002412700241270000015111612320753475015237 0ustar00jhrozekjhrozek00000000000000Notes on the Free Translation Project ************************************* Free software is going international! The Free Translation Project is a way to get maintainers of free software, translators, and users all together, so that will gradually become able to speak many languages. A few packages already provide translations for their messages. If you found this `ABOUT-NLS' file inside a distribution, you may assume that the distributed package does use GNU `gettext' internally, itself available at your nearest GNU archive site. But you do _not_ need to install GNU `gettext' prior to configuring, installing or using this package with messages translated. Installers will find here some useful hints. These notes also explain how users should proceed for getting the programs to use the available translations. They tell how people wanting to contribute and work at translations should contact the appropriate team. When reporting bugs in the `intl/' directory or bugs which may be related to internationalization, you should tell about the version of `gettext' which is used. The information can be found in the `intl/VERSION' file, in internationalized packages. Quick configuration advice ========================== If you want to exploit the full power of internationalization, you should configure it using ./configure --with-included-gettext to force usage of internationalizing routines provided within this package, despite the existence of internationalizing capabilities in the operating system where this package is being installed. So far, only the `gettext' implementation in the GNU C library version 2 provides as many features (such as locale alias, message inheritance, automatic charset conversion or plural form handling) as the implementation here. It is also not possible to offer this additional functionality on top of a `catgets' implementation. Future versions of GNU `gettext' will very likely convey even more functionality. So it might be a good idea to change to GNU `gettext' as soon as possible. So you need _not_ provide this option if you are using GNU libc 2 or you have installed a recent copy of the GNU gettext package with the included `libintl'. INSTALL Matters =============== Some packages are "localizable" when properly installed; the programs they contain can be made to speak your own native language. Most such packages use GNU `gettext'. Other packages have their own ways to internationalization, predating GNU `gettext'. By default, this package will be installed to allow translation of messages. It will automatically detect whether the system already provides the GNU `gettext' functions. If not, the GNU `gettext' own library will be used. This library is wholly contained within this package, usually in the `intl/' subdirectory, so prior installation of the GNU `gettext' package is _not_ required. Installers may use special options at configuration time for changing the default behaviour. The commands: ./configure --with-included-gettext ./configure --disable-nls will respectively bypass any pre-existing `gettext' to use the internationalizing routines provided within this package, or else, _totally_ disable translation of messages. When you already have GNU `gettext' installed on your system and run configure without an option for your new package, `configure' will probably detect the previously built and installed `libintl.a' file and will decide to use this. This might be not what is desirable. You should use the more recent version of the GNU `gettext' library. I.e. if the file `intl/VERSION' shows that the library which comes with this package is more recent, you should use ./configure --with-included-gettext to prevent auto-detection. The configuration process will not test for the `catgets' function and therefore it will not be used. The reason is that even an emulation of `gettext' on top of `catgets' could not provide all the extensions of the GNU `gettext' library. Internationalized packages have usually many `po/LL.po' files, where LL gives an ISO 639 two-letter code identifying the language. Unless translations have been forbidden at `configure' time by using the `--disable-nls' switch, all available translations are installed together with the package. However, the environment variable `LINGUAS' may be set, prior to configuration, to limit the installed set. `LINGUAS' should then contain a space separated list of two-letter codes, stating which languages are allowed. Using This Package ================== As a user, if your language has been installed for this package, you only have to set the `LANG' environment variable to the appropriate `LL_CC' combination. Here `LL' is an ISO 639 two-letter language code, and `CC' is an ISO 3166 two-letter country code. For example, let's suppose that you speak German and live in Germany. At the shell prompt, merely execute `setenv LANG de_DE' (in `csh'), `export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash'). This can be done from your `.login' or `.profile' file, once and for all. You might think that the country code specification is redundant. But in fact, some languages have dialects in different countries. For example, `de_AT' is used for Austria, and `pt_BR' for Brazil. The country code serves to distinguish the dialects. The locale naming convention of `LL_CC', with `LL' denoting the language and `CC' denoting the country, is the one use on systems based on GNU libc. On other systems, some variations of this scheme are used, such as `LL' or `LL_CC.ENCODING'. You can get the list of locales supported by your system for your country by running the command `locale -a | grep '^LL''. Not all programs have translations for all languages. By default, an English message is shown in place of a nonexistent translation. If you understand other languages, you can set up a priority list of languages. This is done through a different environment variable, called `LANGUAGE'. GNU `gettext' gives preference to `LANGUAGE' over `LANG' for the purpose of message handling, but you still need to have `LANG' set to the primary language; this is required by other parts of the system libraries. For example, some Swedish users who would rather read translations in German than English for when Swedish is not available, set `LANGUAGE' to `sv:de' while leaving `LANG' to `sv_SE'. Special advice for Norwegian users: The language code for Norwegian bokma*l changed from `no' to `nb' recently (in 2003). During the transition period, while some message catalogs for this language are installed under `nb' and some older ones under `no', it's recommended for Norwegian users to set `LANGUAGE' to `nb:no' so that both newer and older translations are used. In the `LANGUAGE' environment variable, but not in the `LANG' environment variable, `LL_CC' combinations can be abbreviated as `LL' to denote the language's main dialect. For example, `de' is equivalent to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT' (Portuguese as spoken in Portugal) in this context. Translating Teams ================= For the Free Translation Project to be a success, we need interested people who like their own language and write it well, and who are also able to synergize with other translators speaking the same language. Each translation team has its own mailing list. The up-to-date list of teams can be found at the Free Translation Project's homepage, `http://www.iro.umontreal.ca/contrib/po/HTML/', in the "National teams" area. If you'd like to volunteer to _work_ at translating messages, you should become a member of the translating team for your own language. The subscribing address is _not_ the same as the list itself, it has `-request' appended. For example, speakers of Swedish can send a message to `sv-request@li.org', having this message body: subscribe Keep in mind that team members are expected to participate _actively_ in translations, or at solving translational difficulties, rather than merely lurking around. If your team does not exist yet and you want to start one, or if you are unsure about what to do or how to get started, please write to `translation@iro.umontreal.ca' to reach the coordinator for all translator teams. The English team is special. It works at improving and uniformizing the terminology in use. Proven linguistic skill are praised more than programming skill, here. Available Packages ================== Languages are not equally supported in all packages. The following matrix shows the current state of internationalization, as of January 2004. The matrix shows, in regard of each package, for which languages PO files have been submitted to translation coordination, with a translation percentage of at least 50%. Ready PO files af am ar az be bg bs ca cs da de el en en_GB eo es +----------------------------------------------------+ a2ps | [] [] [] [] | aegis | () | ant-phone | () | anubis | | ap-utils | | aspell | [] | bash | [] [] [] [] | batchelor | | bfd | [] [] | binutils | [] [] | bison | [] [] [] | bluez-pin | [] [] [] | clisp | | clisp | [] [] [] | console-tools | [] [] | coreutils | [] [] [] [] | cpio | [] [] [] | darkstat | [] () [] | diffutils | [] [] [] [] [] [] [] | e2fsprogs | [] [] [] | enscript | [] [] [] [] | error | [] [] [] [] [] | fetchmail | [] () [] [] [] [] | fileutils | [] [] [] | findutils | [] [] [] [] [] [] [] | flex | [] [] [] [] | fslint | | gas | [] | gawk | [] [] [] [] | gbiff | [] | gcal | [] | gcc | [] [] | gettext | [] [] [] [] [] | gettext-examples | [] [] [] [] | gettext-runtime | [] [] [] [] [] | gettext-tools | [] [] [] | gimp-print | [] [] [] [] [] | gliv | | glunarclock | [] [] | gnubiff | [] | gnucash | [] () [] [] | gnucash-glossary | [] () [] | gnupg | [] () [] [] [] [] | gpe-aerial | [] | gpe-beam | [] [] | gpe-calendar | [] [] | gpe-clock | [] [] | gpe-conf | [] [] | gpe-contacts | [] [] | gpe-edit | [] | gpe-go | [] | gpe-login | [] [] | gpe-ownerinfo | [] [] | gpe-sketchbook | [] [] | gpe-su | [] [] | gpe-taskmanager | [] [] | gpe-timesheet | [] | gpe-today | [] [] | gpe-todo | [] [] | gphoto2 | [] [] [] [] | gprof | [] [] [] | gpsdrive | () () () | gramadoir | [] | grep | [] [] [] [] [] [] | gretl | [] | gtick | [] () | hello | [] [] [] [] [] [] | id-utils | [] [] | indent | [] [] [] [] | iso_3166 | [] [] [] [] [] [] [] [] [] [] | iso_3166_1 | [] [] [] [] [] [] | iso_3166_2 | | iso_3166_3 | [] | iso_4217 | [] [] [] [] | iso_639 | | jpilot | [] [] [] | jtag | | jwhois | [] | kbd | [] [] [] [] [] | latrine | () | ld | [] [] | libc | [] [] [] [] [] [] | libgpewidget | [] [] | libiconv | [] [] [] [] [] | lifelines | [] () | lilypond | [] | lingoteach | | lingoteach_lessons | () () | lynx | [] [] [] [] | m4 | [] [] [] [] | mailutils | [] [] | make | [] [] [] | man-db | [] () [] [] () | minicom | [] [] [] | mysecretdiary | [] [] [] | nano | [] () [] [] [] | nano_1_0 | [] () [] [] [] | opcodes | [] | parted | [] [] [] [] [] | ptx | [] [] [] [] [] | python | | radius | [] | recode | [] [] [] [] [] [] [] | rpm | [] [] | screem | | scrollkeeper | [] [] [] [] [] [] | sed | [] [] [] [] [] [] | sh-utils | [] [] [] | shared-mime-info | | sharutils | [] [] [] [] [] [] | silky | () | skencil | [] () [] | sketch | [] () [] | soundtracker | [] [] [] | sp | [] | tar | [] [] [] [] | texinfo | [] [] [] | textutils | [] [] [] [] | tin | () () | tp-robot | | tuxpaint | [] [] [] [] [] [] [] | unicode-han-tra... | | unicode-transla... | | util-linux | [] [] [] [] [] | vorbis-tools | [] [] [] [] | wastesedge | () | wdiff | [] [] [] [] | wget | [] [] [] [] [] [] | xchat | [] [] [] [] | xfree86_xkb_xml | [] [] | xpad | [] | +----------------------------------------------------+ af am ar az be bg bs ca cs da de el en en_GB eo es 4 0 0 1 9 4 1 40 41 60 78 17 1 5 13 68 et eu fa fi fr ga gl he hr hu id is it ja ko lg +-------------------------------------------------+ a2ps | [] [] [] () () | aegis | | ant-phone | [] | anubis | [] | ap-utils | [] | aspell | [] [] | bash | [] [] | batchelor | [] [] | bfd | [] | binutils | [] [] | bison | [] [] [] [] | bluez-pin | [] [] [] [] [] | clisp | | clisp | [] | console-tools | | coreutils | [] [] [] [] [] [] | cpio | [] [] [] [] | darkstat | () [] [] [] | diffutils | [] [] [] [] [] [] [] | e2fsprogs | | enscript | [] [] | error | [] [] [] [] | fetchmail | [] | fileutils | [] [] [] [] [] [] | findutils | [] [] [] [] [] [] [] [] [] [] [] | flex | [] [] [] | fslint | [] | gas | [] | gawk | [] [] [] | gbiff | [] | gcal | [] | gcc | [] | gettext | [] [] [] | gettext-examples | [] [] | gettext-runtime | [] [] [] [] [] | gettext-tools | [] [] [] | gimp-print | [] [] | gliv | () | glunarclock | [] [] [] [] | gnubiff | [] | gnucash | () [] | gnucash-glossary | [] | gnupg | [] [] [] [] [] [] [] | gpe-aerial | [] | gpe-beam | [] | gpe-calendar | [] [] [] | gpe-clock | [] | gpe-conf | [] | gpe-contacts | [] [] | gpe-edit | [] [] | gpe-go | [] | gpe-login | [] [] | gpe-ownerinfo | [] [] [] | gpe-sketchbook | [] | gpe-su | [] | gpe-taskmanager | [] | gpe-timesheet | [] [] [] | gpe-today | [] [] | gpe-todo | [] [] | gphoto2 | [] [] [] | gprof | [] [] | gpsdrive | () () () | gramadoir | [] [] | grep | [] [] [] [] [] [] [] [] [] [] [] | gretl | [] [] | gtick | [] [] [] | hello | [] [] [] [] [] [] [] [] [] [] [] [] [] | id-utils | [] [] [] [] | indent | [] [] [] [] [] [] [] [] [] | iso_3166 | [] [] [] [] [] [] [] | iso_3166_1 | [] [] [] [] [] | iso_3166_2 | | iso_3166_3 | | iso_4217 | [] [] [] [] [] [] | iso_639 | | jpilot | [] () | jtag | [] | jwhois | [] [] [] [] | kbd | [] | latrine | [] | ld | [] | libc | [] [] [] [] [] [] | libgpewidget | [] [] [] [] | libiconv | [] [] [] [] [] [] [] [] [] | lifelines | () | lilypond | [] | lingoteach | [] [] | lingoteach_lessons | | lynx | [] [] [] [] | m4 | [] [] [] [] | mailutils | | make | [] [] [] [] [] [] | man-db | () () | minicom | [] [] [] [] | mysecretdiary | [] [] | nano | [] [] [] [] | nano_1_0 | [] [] [] [] | opcodes | [] | parted | [] [] [] | ptx | [] [] [] [] [] [] [] | python | | radius | [] | recode | [] [] [] [] [] [] | rpm | [] [] | screem | | scrollkeeper | [] | sed | [] [] [] [] [] [] [] [] [] | sh-utils | [] [] [] [] [] [] [] | shared-mime-info | [] [] [] | sharutils | [] [] [] [] [] | silky | () [] () () | skencil | [] | sketch | [] | soundtracker | [] [] | sp | [] () | tar | [] [] [] [] [] [] [] [] [] | texinfo | [] [] [] [] | textutils | [] [] [] [] [] [] | tin | [] () | tp-robot | [] | tuxpaint | [] [] [] [] [] [] [] [] [] | unicode-han-tra... | | unicode-transla... | [] [] | util-linux | [] [] [] [] () [] | vorbis-tools | [] | wastesedge | () | wdiff | [] [] [] [] [] [] | wget | [] [] [] [] [] [] [] | xchat | [] [] [] | xfree86_xkb_xml | [] [] | xpad | [] [] | +-------------------------------------------------+ et eu fa fi fr ga gl he hr hu id is it ja ko lg 22 2 1 26 106 28 24 8 10 41 33 1 26 33 12 0 lt lv mk mn ms mt nb nl nn no nso pl pt pt_BR ro ru +-----------------------------------------------------+ a2ps | [] [] () () [] [] [] | aegis | () () () | ant-phone | [] [] | anubis | [] [] [] [] [] [] | ap-utils | [] () [] | aspell | [] | bash | [] [] [] | batchelor | [] | bfd | [] | binutils | [] | bison | [] [] [] [] [] | bluez-pin | [] [] [] | clisp | | clisp | [] | console-tools | [] | coreutils | [] [] | cpio | [] [] [] [] [] | darkstat | [] [] [] [] | diffutils | [] [] [] [] [] [] | e2fsprogs | [] | enscript | [] [] [] [] | error | [] [] [] | fetchmail | [] [] () [] | fileutils | [] [] [] | findutils | [] [] [] [] [] | flex | [] [] [] [] | fslint | [] [] | gas | | gawk | [] [] [] | gbiff | [] [] | gcal | | gcc | | gettext | [] [] [] | gettext-examples | [] [] [] | gettext-runtime | [] [] [] [] | gettext-tools | [] [] | gimp-print | [] | gliv | [] [] [] | glunarclock | [] [] [] [] | gnubiff | [] | gnucash | [] [] () [] | gnucash-glossary | [] [] | gnupg | [] | gpe-aerial | [] [] [] [] | gpe-beam | [] [] [] [] | gpe-calendar | [] [] [] [] | gpe-clock | [] [] [] [] | gpe-conf | [] [] [] [] | gpe-contacts | [] [] [] [] | gpe-edit | [] [] [] [] | gpe-go | [] [] [] | gpe-login | [] [] [] [] | gpe-ownerinfo | [] [] [] [] | gpe-sketchbook | [] [] [] [] | gpe-su | [] [] [] [] | gpe-taskmanager | [] [] [] [] | gpe-timesheet | [] [] [] [] | gpe-today | [] [] [] [] | gpe-todo | [] [] [] [] | gphoto2 | [] | gprof | [] [] | gpsdrive | () () [] | gramadoir | () [] | grep | [] [] [] [] [] | gretl | | gtick | [] [] [] | hello | [] [] [] [] [] [] [] [] [] [] | id-utils | [] [] [] [] | indent | [] [] [] [] | iso_3166 | [] [] [] | iso_3166_1 | [] [] | iso_3166_2 | | iso_3166_3 | [] | iso_4217 | [] [] [] [] [] [] [] [] | iso_639 | [] | jpilot | () () | jtag | | jwhois | [] [] [] [] () | kbd | [] [] [] | latrine | [] | ld | | libc | [] [] [] [] | libgpewidget | [] [] [] | libiconv | [] [] [] [] [] | lifelines | | lilypond | | lingoteach | | lingoteach_lessons | | lynx | [] [] [] | m4 | [] [] [] [] [] | mailutils | [] [] [] | make | [] [] [] [] | man-db | [] | minicom | [] [] [] [] | mysecretdiary | [] [] [] | nano | [] [] [] [] [] | nano_1_0 | [] [] [] [] [] [] | opcodes | [] [] | parted | [] [] [] [] | ptx | [] [] [] [] [] [] [] [] | python | | radius | [] [] | recode | [] [] [] [] | rpm | [] [] [] | screem | | scrollkeeper | [] [] [] [] [] | sed | [] [] [] | sh-utils | [] [] | shared-mime-info | [] [] | sharutils | [] [] | silky | () | skencil | [] [] | sketch | [] [] | soundtracker | | sp | | tar | [] [] [] [] [] [] | texinfo | [] [] [] [] | textutils | [] [] | tin | | tp-robot | [] | tuxpaint | [] [] [] [] [] [] [] [] | unicode-han-tra... | | unicode-transla... | | util-linux | [] [] [] | vorbis-tools | [] [] [] | wastesedge | | wdiff | [] [] [] [] [] | wget | [] [] [] | xchat | [] [] [] | xfree86_xkb_xml | [] [] | xpad | [] [] | +-----------------------------------------------------+ lt lv mk mn ms mt nb nl nn no nso pl pt pt_BR ro ru 1 2 0 3 12 0 10 69 6 7 1 40 26 36 76 63 sk sl sr sv ta th tr uk ven vi wa xh zh_CN zh_TW zu +-----------------------------------------------------+ a2ps | [] [] [] [] | 16 aegis | | 0 ant-phone | | 3 anubis | [] [] | 9 ap-utils | () | 3 aspell | | 4 bash | | 9 batchelor | | 3 bfd | [] [] | 6 binutils | [] [] [] | 8 bison | [] [] | 14 bluez-pin | [] [] [] | 14 clisp | | 0 clisp | | 5 console-tools | | 3 coreutils | [] [] [] [] | 16 cpio | [] [] | 14 darkstat | [] [] [] () () | 12 diffutils | [] [] [] | 23 e2fsprogs | [] [] | 6 enscript | [] [] | 12 error | [] [] [] | 15 fetchmail | [] [] | 11 fileutils | [] [] [] [] [] | 17 findutils | [] [] [] [] [] [] | 29 flex | [] [] | 13 fslint | | 3 gas | [] | 3 gawk | [] [] | 12 gbiff | | 4 gcal | [] [] | 4 gcc | [] | 4 gettext | [] [] [] [] [] | 16 gettext-examples | [] [] [] [] [] | 14 gettext-runtime | [] [] [] [] [] [] [] [] | 22 gettext-tools | [] [] [] [] [] [] | 14 gimp-print | [] [] | 10 gliv | | 3 glunarclock | [] [] [] | 13 gnubiff | | 3 gnucash | [] [] | 9 gnucash-glossary | [] [] [] | 8 gnupg | [] [] [] [] | 17 gpe-aerial | [] | 7 gpe-beam | [] | 8 gpe-calendar | [] [] [] [] | 13 gpe-clock | [] [] [] | 10 gpe-conf | [] [] | 9 gpe-contacts | [] [] [] | 11 gpe-edit | [] [] [] [] [] | 12 gpe-go | | 5 gpe-login | [] [] [] [] [] | 13 gpe-ownerinfo | [] [] [] [] | 13 gpe-sketchbook | [] [] | 9 gpe-su | [] [] [] | 10 gpe-taskmanager | [] [] [] | 10 gpe-timesheet | [] [] [] [] | 12 gpe-today | [] [] [] [] [] | 13 gpe-todo | [] [] [] [] | 12 gphoto2 | [] [] [] | 11 gprof | [] [] | 9 gpsdrive | [] [] | 3 gramadoir | [] | 5 grep | [] [] [] [] | 26 gretl | | 3 gtick | | 7 hello | [] [] [] [] [] | 34 id-utils | [] [] | 12 indent | [] [] [] [] | 21 iso_3166 | [] [] [] [] [] [] [] | 27 iso_3166_1 | [] [] [] | 16 iso_3166_2 | | 0 iso_3166_3 | | 2 iso_4217 | [] [] [] [] [] [] | 24 iso_639 | | 1 jpilot | [] [] [] [] [] | 9 jtag | [] | 2 jwhois | () [] [] | 11 kbd | [] [] | 11 latrine | | 2 ld | [] [] | 5 libc | [] [] [] [] | 20 libgpewidget | [] [] [] [] | 13 libiconv | [] [] [] [] [] [] [] [] | 27 lifelines | [] | 2 lilypond | [] | 3 lingoteach | | 2 lingoteach_lessons | () | 0 lynx | [] [] [] | 14 m4 | [] [] | 15 mailutils | | 5 make | [] [] [] | 16 man-db | [] | 5 minicom | | 11 mysecretdiary | [] [] | 10 nano | [] [] [] [] | 17 nano_1_0 | [] [] [] | 17 opcodes | [] [] | 6 parted | [] [] [] | 15 ptx | [] [] | 22 python | | 0 radius | | 4 recode | [] [] [] | 20 rpm | [] [] | 9 screem | [] [] | 2 scrollkeeper | [] [] [] | 15 sed | [] [] [] [] [] [] | 24 sh-utils | [] [] | 14 shared-mime-info | [] [] | 7 sharutils | [] [] [] [] | 17 silky | () | 3 skencil | [] | 6 sketch | [] | 6 soundtracker | [] [] | 7 sp | [] | 3 tar | [] [] [] [] [] | 24 texinfo | [] [] [] | 14 textutils | [] [] [] [] | 16 tin | | 1 tp-robot | | 2 tuxpaint | [] [] [] [] [] | 29 unicode-han-tra... | | 0 unicode-transla... | | 2 util-linux | [] [] | 15 vorbis-tools | | 8 wastesedge | | 0 wdiff | [] [] [] | 18 wget | [] [] [] [] [] [] [] [] | 24 xchat | [] [] [] [] [] | 15 xfree86_xkb_xml | [] [] [] [] [] | 11 xpad | | 5 +-----------------------------------------------------+ 63 teams sk sl sr sv ta th tr uk ven vi wa xh zh_CN zh_TW zu 131 domains 47 19 28 83 0 0 59 13 1 1 11 0 22 22 0 1373 Some counters in the preceding matrix are higher than the number of visible blocks let us expect. This is because a few extra PO files are used for implementing regional variants of languages, or language dialects. For a PO file in the matrix above to be effective, the package to which it applies should also have been internationalized and distributed as such by its maintainer. There might be an observable lag between the mere existence a PO file and its wide availability in a distribution. If January 2004 seems to be old, you may fetch a more recent copy of this `ABOUT-NLS' file on most GNU archive sites. The most up-to-date matrix with full percentage details can be found at `http://www.iro.umontreal.ca/contrib/po/HTML/matrix.html'. Using `gettext' in new packages =============================== If you are writing a freely available program and want to internationalize it you are welcome to use GNU `gettext' in your package. Of course you have to respect the GNU Library General Public License which covers the use of the GNU `gettext' library. This means in particular that even non-free programs can use `libintl' as a shared library, whereas only free software can use `libintl' as a static library or use modified versions of `libintl'. Once the sources are changed appropriately and the setup can handle the use of `gettext' the only thing missing are the translations. The Free Translation Project is also available for packages which are not developed inside the GNU project. Therefore the information given above applies also for every other Free Software Project. Contact `translation@iro.umontreal.ca' to make the `.pot' files available to the translation teams. sssd-1.11.5/PaxHeaders.13173/src0000644000000000000000000000013212320753522014261 xustar000000000000000030 mtime=1396954962.568874276 30 atime=1396955003.533843848 30 ctime=1396954962.568874276 sssd-1.11.5/src/0000775002412700241270000000000012320753522014565 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/PaxHeaders.13173/util0000644000000000000000000000013212320753521015235 xustar000000000000000030 mtime=1396954961.698874918 30 atime=1396955003.533843848 30 ctime=1396954961.698874918 sssd-1.11.5/src/util/0000775002412700241270000000000012320753521015541 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/util/PaxHeaders.13173/auth_utils.h0000644000000000000000000000007412320753107017651 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.434875113 sssd-1.11.5/src/util/auth_utils.h0000664002412700241270000000236312320753107020077 0ustar00jhrozekjhrozek00000000000000/* SSSD Authentication utility functions Authors: Jakub Hrozek Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include static inline int cached_login_pam_status(int auth_res) { switch (auth_res) { case EOK: return PAM_SUCCESS; case ERR_ACCOUNT_UNKNOWN: return PAM_AUTHINFO_UNAVAIL; case ERR_NO_CACHED_CREDS: case ERR_CACHED_CREDS_EXPIRED: case ERR_AUTH_DENIED: return PAM_PERM_DENIED; case ERR_AUTH_FAILED: return PAM_AUTH_ERR; default: return PAM_SYSTEM_ERR; } } sssd-1.11.5/src/util/PaxHeaders.13173/strtonum.c0000644000000000000000000000007312320753107017355 xustar000000000000000030 atime=1396954939.278891422 29 ctime=1396954961.64287496 sssd-1.11.5/src/util/strtonum.c0000664002412700241270000000372512320753107017607 0ustar00jhrozekjhrozek00000000000000/* SSSD SSSD Utility functions Copyright (C) Stephen Gallagher 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "config.h" #include "util/util.h" #include "util/strtonum.h" /* strtoint32 */ int32_t strtoint32(const char *nptr, char **endptr, int base) { long long ret = 0; errno = 0; ret = strtoll(nptr, endptr, base); if (ret > INT32_MAX) { errno = ERANGE; return INT32_MAX; } else if (ret < INT32_MIN) { errno = ERANGE; return INT32_MIN; } /* If errno was set by strtoll, we'll pass it back as-is */ return (int32_t)ret; } /* strtouint32 */ uint32_t strtouint32(const char *nptr, char **endptr, int base) { unsigned long long ret = 0; errno = 0; ret = strtoull(nptr, endptr, base); if (ret > UINT32_MAX) { errno = ERANGE; return UINT32_MAX; } /* If errno was set by strtoll, we'll pass it back as-is */ return (uint32_t)ret; } /* strtouint16 */ uint16_t strtouint16(const char *nptr, char **endptr, int base) { unsigned long long ret = 0; errno = 0; ret = strtoull(nptr, endptr, base); if (ret > UINT16_MAX) { errno = ERANGE; return UINT16_MAX; } /* If errno was set by strtoll, we'll pass it back as-is */ return (uint16_t)ret; } sssd-1.11.5/src/util/PaxHeaders.13173/atomic_io.c0000644000000000000000000000007412320753107017426 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.680874931 sssd-1.11.5/src/util/atomic_io.c0000664002412700241270000000324612320753107017655 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/atomic_io.h" /* based on code from libssh */ ssize_t sss_atomic_io_s(int fd, void *buf, size_t n, bool do_read) { char *b = buf; size_t pos = 0; ssize_t res; struct pollfd pfd; pfd.fd = fd; pfd.events = do_read ? POLLIN : POLLOUT; while (n > pos) { if (do_read) { res = read(fd, b + pos, n - pos); } else { res = write(fd, b + pos, n - pos); } switch (res) { case -1: if (errno == EINTR) { continue; } if (errno == EAGAIN || errno == EWOULDBLOCK) { (void) poll(&pfd, 1, -1); continue; } return -1; case 0: /* read returns 0 on end-of-file */ errno = do_read ? 0 : EPIPE; return pos; default: pos += (size_t) res; } } return pos; } sssd-1.11.5/src/util/PaxHeaders.13173/memory.c0000644000000000000000000000007412320753107016773 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.673874937 sssd-1.11.5/src/util/memory.c0000664002412700241270000000336712320753107017226 0ustar00jhrozekjhrozek00000000000000/* Authors: Simo Sorce Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "talloc.h" #include "util/util.h" /* * sssd_mem_attach * This function will take a non-talloc pointer and "attach" it to a talloc * memory context. It will accept a destructor for the original pointer * so that when the parent memory context is freed, the non-talloc * pointer will also be freed properly. */ int password_destructor(void *memctx) { char *password = (char *)memctx; int i; /* zero out password */ for (i = 0; password[i]; i++) password[i] = '\0'; return 0; } static int mem_holder_destructor(void *ptr) { struct mem_holder *h; h = talloc_get_type(ptr, struct mem_holder); return h->fn(h->mem); } void *sss_mem_attach(TALLOC_CTX *mem_ctx, void *ptr, void_destructor_fn_t *fn) { struct mem_holder *h; if (!ptr || !fn) return NULL; h = talloc(mem_ctx, struct mem_holder); if (!h) return NULL; h->mem = ptr; h->fn = fn; talloc_set_destructor((TALLOC_CTX *)h, mem_holder_destructor); return h; } sssd-1.11.5/src/util/PaxHeaders.13173/atomic_io.h0000644000000000000000000000007412320753107017433 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.433875114 sssd-1.11.5/src/util/atomic_io.h0000664002412700241270000000251712320753107017662 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SSSD_ATOMIC_IO_H__ #define __SSSD_ATOMIC_IO_H__ #include #include #include #include /* Performs a read or write operation in an manner that is seemingly atomic * to the caller. * * Please note that the function does not perform any asynchronous operation * so the operation might potentially block */ ssize_t sss_atomic_io_s(int fd, void *buf, size_t n, bool do_read); #define sss_atomic_read_s(fd, buf, n) sss_atomic_io_s(fd, buf, n, true) #define sss_atomic_write_s(fd, buf, n) sss_atomic_io_s(fd, buf, n, false) #endif /* __SSSD_ATOMIC_IO_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/util.c0000644000000000000000000000007412320753107016440 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.672874937 sssd-1.11.5/src/util/util.c0000664002412700241270000004412312320753107016666 0ustar00jhrozekjhrozek00000000000000/* Authors: Simo Sorce Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "talloc.h" #include "util/util.h" #include "util/sss_utf8.h" #include "dhash.h" int split_on_separator(TALLOC_CTX *mem_ctx, const char *str, const char sep, bool trim, bool skip_empty, char ***_list, int *size) { int ret; const char *substr_end = str; const char *substr_begin = str; const char *sep_pos = NULL; size_t substr_len; char **list = NULL; int num_strings = 0; TALLOC_CTX *tmp_ctx = NULL; if (str == NULL || *str == '\0' || _list == NULL) { return EINVAL; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } do { substr_len = 0; /* If this is not the first substring, then move from the separator. */ if (sep_pos != NULL) { substr_end = sep_pos + 1; substr_begin = sep_pos + 1; } /* Find end of the first substring */ while (*substr_end != sep && *substr_end != '\0') { substr_end++; substr_len++; } sep_pos = substr_end; if (trim) { /* Trim leading whitespace */ while (isspace(*substr_begin) && substr_begin < substr_end) { substr_begin++; substr_len--; } /* Trim trailing whitespace */ while (substr_end - 1 > substr_begin && isspace(*(substr_end-1))) { substr_end--; substr_len--; } } /* Copy the substring to the output list of strings */ if (skip_empty == false || substr_len > 0) { list = talloc_realloc(tmp_ctx, list, char*, num_strings + 2); if (list == NULL) { ret = ENOMEM; goto done; } /* empty string is stored for substr_len == 0 */ list[num_strings] = talloc_strndup(list, substr_begin, substr_len); if (list[num_strings] == NULL) { ret = ENOMEM; goto done; } num_strings++; } } while (*sep_pos != '\0'); if (list == NULL) { /* No allocations were done, make space for the NULL */ list = talloc(tmp_ctx, char *); if (list == NULL) { ret = ENOMEM; goto done; } } list[num_strings] = NULL; if (size) { *size = num_strings; } *_list = talloc_steal(mem_ctx, list); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static void free_args(char **args) { int i; if (args) { for (i = 0; args[i]; i++) free(args[i]); free(args); } } /* parse a string into arguments. * arguments are separated by a space * '\' is an escape character and can be used only to escape * itself or the white space. */ char **parse_args(const char *str) { const char *p; char **ret, **r; char *tmp; int num; int i; bool e, w; tmp = malloc(strlen(str) + 1); if (!tmp) return NULL; ret = NULL; num = 0; i = 0; e = false; w = false; p = str; while (*p) { if (*p == '\\') { w = false; if (e) { /* if we were already escaping, add a '\' literal */ tmp[i] = '\\'; i++; e = false; } else { /* otherwise just start escaping */ e = true; } } else if (isspace(*p)) { if (e) { /* Add escaped whitespace literally */ tmp[i] = *p; i++; e = false; } else if (w == false) { /* If previous character was non-whitespace, arg break */ tmp[i] = '\0'; i++; w = true; } /* previous char was whitespace as well, skip it */ } else { w = false; if (e) { /* Prepend escaped chars with a literal \ */ tmp[i] = '\\'; i++; e = false; } /* Copy character from the source string */ tmp[i] = *p; i++; } p++; /* check if this was the last char */ if (*p == '\0') { if (e) { tmp[i] = '\\'; i++; e = false; } tmp[i] = '\0'; i++; } if (tmp[i-1] != '\0' || strlen(tmp) == 0) { /* check next char and skip multiple spaces */ continue; } r = realloc(ret, (num + 2) * sizeof(char *)); if (!r) goto fail; ret = r; ret[num+1] = NULL; ret[num] = strdup(tmp); if (!ret[num]) goto fail; num++; i = 0; } free(tmp); return ret; fail: free(tmp); free_args(ret); return NULL; } char **dup_string_list(TALLOC_CTX *memctx, const char **str_list) { int i = 0; int j = 0; char **dup_list; if (!str_list) { return NULL; } /* Find the size of the list */ while (str_list[i]) i++; dup_list = talloc_array(memctx, char *, i+1); if (!dup_list) { return NULL; } /* Copy the elements */ for (j = 0; j < i; j++) { dup_list[j] = talloc_strdup(dup_list, str_list[j]); if (!dup_list[j]) { talloc_free(dup_list); return NULL; } } /* NULL-terminate the list */ dup_list[i] = NULL; return dup_list; } /* Take two string lists (terminated on a NULL char*) * and return up to three arrays of strings based on * shared ownership. * * Pass NULL to any return type you don't care about */ errno_t diff_string_lists(TALLOC_CTX *memctx, char **_list1, char **_list2, char ***_list1_only, char ***_list2_only, char ***_both_lists) { int error; errno_t ret; int i; int i2 = 0; int i12 = 0; hash_table_t *table; hash_key_t key; hash_value_t value; char **list1 = NULL; char **list2 = NULL; char **list1_only = NULL; char **list2_only = NULL; char **both_lists = NULL; unsigned long count; hash_key_t *keys; TALLOC_CTX *tmp_ctx = talloc_new(memctx); if (!tmp_ctx) { return ENOMEM; } if (!_list1) { list1 = talloc_array(tmp_ctx, char *, 1); if (!list1) { talloc_free(tmp_ctx); return ENOMEM; } list1[0] = NULL; } else { list1 = _list1; } if (!_list2) { list2 = talloc_array(tmp_ctx, char *, 1); if (!list2) { talloc_free(tmp_ctx); return ENOMEM; } list2[0] = NULL; } else { list2 = _list2; } error = hash_create(10, &table, NULL, NULL); if (error != HASH_SUCCESS) { talloc_free(tmp_ctx); return EIO; } key.type = HASH_KEY_STRING; value.type = HASH_VALUE_UNDEF; /* Add all entries from list 1 into a hash table */ i = 0; while (list1[i]) { key.str = talloc_strdup(tmp_ctx, list1[i]); error = hash_enter(table, &key, &value); if (error != HASH_SUCCESS) { ret = EIO; goto done; } i++; } /* Iterate through list 2 and remove matching items */ i = 0; while (list2[i]) { key.str = talloc_strdup(tmp_ctx, list2[i]); error = hash_delete(table, &key); if (error == HASH_SUCCESS) { if (_both_lists) { /* String was present in both lists */ i12++; both_lists = talloc_realloc(tmp_ctx, both_lists, char *, i12+1); if (!both_lists) { ret = ENOMEM; goto done; } both_lists[i12-1] = talloc_strdup(both_lists, list2[i]); if (!both_lists[i12-1]) { ret = ENOMEM; goto done; } both_lists[i12] = NULL; } } else if (error == HASH_ERROR_KEY_NOT_FOUND) { if (_list2_only) { /* String was present only in list2 */ i2++; list2_only = talloc_realloc(tmp_ctx, list2_only, char *, i2+1); if (!list2_only) { ret = ENOMEM; goto done; } list2_only[i2-1] = talloc_strdup(list2_only, list2[i]); if (!list2_only[i2-1]) { ret = ENOMEM; goto done; } list2_only[i2] = NULL; } } else { /* An error occurred */ ret = EIO; goto done; } i++; } /* Get the leftover entries in the hash table */ if (_list1_only) { error = hash_keys(table, &count, &keys); if (error != HASH_SUCCESS) { ret = EIO; goto done; } list1_only = talloc_array(tmp_ctx, char *, count+1); if (!list1_only) { ret = ENOMEM; goto done; } for (i = 0; i < count; i++) { list1_only[i] = talloc_strdup(list1_only, keys[i].str); if (!list1_only[i]) { ret = ENOMEM; goto done; } } list1_only[count] = NULL; free(keys); *_list1_only = talloc_steal(memctx, list1_only); } if (_list2_only) { if (list2_only) { *_list2_only = talloc_steal(memctx, list2_only); } else { *_list2_only = talloc_array(memctx, char *, 1); if (!(*_list2_only)) { ret = ENOMEM; goto done; } *_list2_only[0] = NULL; } } if (_both_lists) { if (both_lists) { *_both_lists = talloc_steal(memctx, both_lists); } else { *_both_lists = talloc_array(memctx, char *, 1); if (!(*_both_lists)) { ret = ENOMEM; goto done; } *_both_lists[0] = NULL; } } ret = EOK; done: hash_destroy(table); talloc_free(tmp_ctx); return ret; } static void *hash_talloc(const size_t size, void *pvt) { return talloc_size(pvt, size); } static void hash_talloc_free(void *ptr, void *pvt) { talloc_free(ptr); } errno_t sss_hash_create_ex(TALLOC_CTX *mem_ctx, unsigned long count, hash_table_t **tbl, unsigned int directory_bits, unsigned int segment_bits, unsigned long min_load_factor, unsigned long max_load_factor, hash_delete_callback *delete_callback, void *delete_private_data) { errno_t ret; hash_table_t *table; int hret; TALLOC_CTX *internal_ctx; internal_ctx = talloc_new(NULL); if (!internal_ctx) { return ENOMEM; } hret = hash_create_ex(count, &table, directory_bits, segment_bits, min_load_factor, max_load_factor, hash_talloc, hash_talloc_free, internal_ctx, delete_callback, delete_private_data); switch (hret) { case HASH_SUCCESS: /* Steal the table pointer onto the mem_ctx, * then make the internal_ctx a child of * table. * * This way, we can clean up the values when * we talloc_free() the table */ *tbl = talloc_steal(mem_ctx, table); talloc_steal(table, internal_ctx); return EOK; case HASH_ERROR_NO_MEMORY: ret = ENOMEM; break; default: ret = EIO; } DEBUG(0, ("Could not create hash table: [%d][%s]\n", hret, hash_error_string(hret))); talloc_free(internal_ctx); return ret; } errno_t sss_hash_create(TALLOC_CTX *mem_ctx, unsigned long count, hash_table_t **tbl) { return sss_hash_create_ex(mem_ctx, count, tbl, 0, 0, 0, 0, NULL, NULL); } errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx, const char *input, char **sanitized) { char *output; size_t i = 0; size_t j = 0; /* Assume the worst-case. We'll resize it later, once */ output = talloc_array(mem_ctx, char, strlen(input) * 3 + 1); if (!output) { return ENOMEM; } while (input[i]) { switch(input[i]) { case '\t': output[j++] = '\\'; output[j++] = '0'; output[j++] = '9'; break; case ' ': output[j++] = '\\'; output[j++] = '2'; output[j++] = '0'; break; case '*': output[j++] = '\\'; output[j++] = '2'; output[j++] = 'a'; break; case '(': output[j++] = '\\'; output[j++] = '2'; output[j++] = '8'; break; case ')': output[j++] = '\\'; output[j++] = '2'; output[j++] = '9'; break; case '\\': output[j++] = '\\'; output[j++] = '5'; output[j++] = 'c'; break; default: output[j++] = input[i]; } i++; } output[j] = '\0'; *sanitized = talloc_realloc(mem_ctx, output, char, j+1); if (!*sanitized) { talloc_free(output); return ENOMEM; } return EOK; } char * sss_escape_ip_address(TALLOC_CTX *mem_ctx, int family, const char *addr) { return family == AF_INET6 ? talloc_asprintf(mem_ctx, "[%s]", addr) : talloc_strdup(mem_ctx, addr); } /* out->len includes terminating '\0' */ void to_sized_string(struct sized_string *out, const char *in) { out->str = in; if (out->str) { out->len = strlen(out->str) + 1; } else { out->len = 0; } } /* This function only removes first and last * character if the first character was '['. * * NOTE: This means, that ipv6addr must NOT be followed * by port number. */ errno_t remove_ipv6_brackets(char *ipv6addr) { size_t len; if (ipv6addr && ipv6addr[0] == '[') { len = strlen(ipv6addr); if (len < 3) { return EINVAL; } memmove(ipv6addr, &ipv6addr[1], len - 2); ipv6addr[len -2] = '\0'; } return EOK; } errno_t add_string_to_list(TALLOC_CTX *mem_ctx, const char *string, char ***list_p) { size_t c; char **old_list = NULL; char **new_list = NULL; if (string == NULL || list_p == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing string or list.\n")); return EINVAL; } old_list = *list_p; if (old_list == NULL) { /* If the input is a NULL list a new one is created with the new * string and the terminating NULL element. */ c = 0; new_list = talloc_array(mem_ctx, char *, 2); } else { for (c = 0; old_list[c] != NULL; c++); /* Allocate one extra space for the new service and one for * the terminating NULL */ new_list = talloc_realloc(mem_ctx, old_list, char *, c + 2); } if (new_list == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_array/talloc_realloc failed.\n")); return ENOMEM; } new_list[c] = talloc_strdup(new_list, string); if (new_list[c] == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); talloc_free(new_list); return ENOMEM; } new_list[c + 1] = NULL; *list_p = new_list; return EOK; } bool string_in_list(const char *string, char **list, bool case_sensitive) { size_t c; int(*compare)(const char *s1, const char *s2); if (string == NULL || list == NULL || *list == NULL) { return false; } compare = case_sensitive ? strcmp : strcasecmp; for (c = 0; list[c] != NULL; c++) { if (compare(string, list[c]) == 0) { return true; } } return false; } void safezero(void *data, size_t size) { volatile uint8_t *p = data; while (size--) { *p++ = 0; } } int domain_to_basedn(TALLOC_CTX *memctx, const char *domain, char **basedn) { const char *s; char *dn; char *p; int l; if (!domain || !basedn) { return EINVAL; } s = domain; dn = talloc_strdup(memctx, "dc="); while ((p = strchr(s, '.'))) { l = p - s; dn = talloc_asprintf_append_buffer(dn, "%.*s,dc=", l, s); if (!dn) { return ENOMEM; } s = p + 1; } dn = talloc_strdup_append_buffer(dn, s); if (!dn) { return ENOMEM; } for (p=dn; *p; ++p) { *p = tolower(*p); } *basedn = dn; return EOK; } bool is_host_in_domain(const char *host, const char *domain) { int diff = strlen(host) - strlen(domain); if (diff == 0 && strcmp(host, domain) == 0) { return true; } if (diff > 0 && strcmp(host + diff, domain) == 0 && host[diff - 1] == '.') { return true; } return false; } sssd-1.11.5/src/util/PaxHeaders.13173/sss_ssh.c0000644000000000000000000000007412320753107017150 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.689874925 sssd-1.11.5/src/util/sss_ssh.c0000664002412700241270000001241312320753107017373 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "db/sysdb.h" #include "util/util.h" #include "util/crypto/sss_crypto.h" #include "util/sss_ssh.h" errno_t sss_ssh_make_ent(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct sss_ssh_ent **result) { TALLOC_CTX *tmp_ctx; struct sss_ssh_ent *res = NULL; errno_t ret; const char *name; struct ldb_message_element *el; unsigned int i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); if (!name) { ret = EINVAL; DEBUG(SSSDBG_CRIT_FAILURE, ("Host is missing name attribute\n")); goto done; } res = talloc_zero(tmp_ctx, struct sss_ssh_ent); if (!res) { ret = ENOMEM; goto done; } res->name = talloc_strdup(res, name); if (!res->name) { ret = ENOMEM; goto done; } el = ldb_msg_find_element(msg, SYSDB_SSH_PUBKEY); if (el) { res->num_pubkeys = el->num_values; res->pubkeys = talloc_array(res, struct sss_ssh_pubkey, res->num_pubkeys); if (!res->pubkeys) { ret = ENOMEM; goto done; } for (i = 0; i < el->num_values; i++) { res->pubkeys[i].data = sss_base64_decode(res->pubkeys, (char *)el->values[i].data, &res->pubkeys[i].data_len); if (!res->pubkeys[i].data) { ret = ENOMEM; goto done; } } } el = ldb_msg_find_element(msg, SYSDB_NAME_ALIAS); if (el) { res->num_aliases = el->num_values; res->aliases = talloc_array(res, char *, res->num_aliases); if (!res->aliases) { ret = ENOMEM; goto done; } for (i = 0; i < el->num_values; i++) { res->aliases[i] = talloc_strdup(res->aliases, (char *)el->values[i].data); if (!res->aliases[i]) { ret = ENOMEM; goto done; } } } *result = talloc_steal(mem_ctx, res); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static errno_t sss_ssh_get_pubkey_algorithm(TALLOC_CTX *mem_ctx, struct sss_ssh_pubkey *pubkey, char **result) { size_t c = 0; uint32_t algo_len; char *algo; if (pubkey->data_len < 5) { return EINVAL; } SAFEALIGN_COPY_UINT32(&algo_len, pubkey->data, &c); algo_len = ntohl(algo_len); if (algo_len < 1 || algo_len > 64 || algo_len > pubkey->data_len - 4) { /* the maximum length of 64 is defined in RFC 4250 */ return EINVAL; } algo = talloc_zero_array(mem_ctx, char, algo_len+1); if (!algo) { return ENOMEM; } memcpy(algo, pubkey->data+c, algo_len); *result = algo; return EOK; } errno_t sss_ssh_format_pubkey(TALLOC_CTX *mem_ctx, struct sss_ssh_pubkey *pubkey, char **result) { TALLOC_CTX *tmp_ctx; errno_t ret; char *blob; char *algo; char *out = NULL; size_t i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (pubkey->data_len > 4 && memcmp(pubkey->data, "\0\0\0", 3) == 0) { /* All valid public key blobs start with 3 null bytes (see RFC 4253 * section 6.6, RFC 4251 section 5 and RFC 4250 section 4.6) */ blob = sss_base64_encode(tmp_ctx, pubkey->data, pubkey->data_len); if (!blob) { ret = ENOMEM; goto done; } ret = sss_ssh_get_pubkey_algorithm(tmp_ctx, pubkey, &algo); if (ret != EOK) { goto done; } out = talloc_asprintf(mem_ctx, "%s %s", algo, blob); if (!out) { ret = ENOMEM; goto done; } } else { /* Not a valid public key blob, so this must be a textual public key */ for (i = 0; i < pubkey->data_len; i++) { if (!pubkey->data[i] || pubkey->data[i] == '\n' || pubkey->data[i] == '\r') { ret = EINVAL; goto done; } } out = talloc_array(mem_ctx, char, pubkey->data_len + 1); if (!out) { ret = ENOMEM; goto done; } memcpy(out, pubkey->data, pubkey->data_len); out[pubkey->data_len] = 0; } *result = out; ret = EOK; done: talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/util/PaxHeaders.13173/child_common.h0000644000000000000000000000007412320753107020123 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.468875088 sssd-1.11.5/src/util/child_common.h0000664002412700241270000000747612320753107020363 0ustar00jhrozekjhrozek00000000000000/* SSSD Common helper functions to be used in child processes Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __CHILD_COMMON_H__ #define __CHILD_COMMON_H__ #include #include #include #include #include "util/util.h" #define IN_BUF_SIZE 512 #define CHILD_MSG_CHUNK 256 struct response { uint8_t *buf; size_t size; }; struct io_buffer { uint8_t *data; size_t size; }; /* COMMON SIGCHLD HANDLING */ typedef void (*sss_child_fn_t)(int pid, int wait_status, void *pvt); struct sss_sigchild_ctx; struct sss_child_ctx; /* Create a new child context to manage callbacks */ errno_t sss_sigchld_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sss_sigchild_ctx **child_ctx); errno_t sss_child_register(TALLOC_CTX *mem_ctx, struct sss_sigchild_ctx *sigchld_ctx, pid_t pid, sss_child_fn_t cb, void *pvt, struct sss_child_ctx **child_ctx); void sss_child_handler(struct tevent_context *ev, struct tevent_signal *se, int signum, int count, void *siginfo, void *private_data); /* Callback to be invoked when a sigchld handler is called. * The tevent_signal * associated with the handler will be * freed automatically when this function returns. */ typedef void (*sss_child_callback_t)(int child_status, struct tevent_signal *sige, void *pvt); struct sss_child_ctx_old; /* Set up child termination signal handler */ int child_handler_setup(struct tevent_context *ev, int pid, sss_child_callback_t cb, void *pvt, struct sss_child_ctx_old **_child_ctx); /* Destroy child termination signal handler */ void child_handler_destroy(struct sss_child_ctx_old *ctx); /* Async communication with the child process via a pipe */ struct tevent_req *write_pipe_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, uint8_t *buf, size_t len, int fd); int write_pipe_recv(struct tevent_req *req); struct tevent_req *read_pipe_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, int fd); int read_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, uint8_t **buf, ssize_t *len); /* The pipes to communicate with the child must be nonblocking */ void fd_nonblocking(int fd); void child_sig_handler(struct tevent_context *ev, struct tevent_signal *sige, int signum, int count, void *__siginfo, void *pvt); /* Never returns EOK, ether returns an error, or doesn't return on success */ errno_t exec_child(TALLOC_CTX *mem_ctx, int *pipefd_to_child, int *pipefd_from_child, const char *binary, int debug_fd); void child_cleanup(int readfd, int writefd); #endif /* __CHILD_COMMON_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/sss_nss.c0000644000000000000000000000007412320753107017156 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.679874932 sssd-1.11.5/src/util/sss_nss.c0000664002412700241270000001264112320753107017404 0ustar00jhrozekjhrozek00000000000000/* SSSD Utility functions related to ID information Copyright (C) Jan Zeleny 2012 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "util/sss_nss.h" char *expand_homedir_template(TALLOC_CTX *mem_ctx, const char *template, const char *username, uint32_t uid, const char *original, const char *domain, const char *flatname) { char *copy; char *p; char *n; char *result = NULL; char *res = NULL; TALLOC_CTX *tmp_ctx = NULL; const char *orig = NULL; if (template == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Missing template.\n")); return NULL; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return NULL; copy = talloc_strdup(tmp_ctx, template); if (copy == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed.\n")); goto done; } result = talloc_strdup(tmp_ctx, ""); if (result == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed.\n")); goto done; } p = copy; while ( (n = strchr(p, '%')) != NULL) { *n = '\0'; n++; if ( *n == '\0' ) { DEBUG(SSSDBG_CRIT_FAILURE, ("format error, single %% at the end of " "the template.\n")); goto done; } switch( *n ) { case 'u': if (username == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot expand user name template " "because user name is empty.\n")); goto done; } result = talloc_asprintf_append(result, "%s%s", p, username); break; case 'U': if (uid == 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot expand uid template " "because uid is invalid.\n")); goto done; } result = talloc_asprintf_append(result, "%s%d", p, uid); break; case 'd': if (domain == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot expand domain name " "template because domain name " "is empty.\n")); goto done; } result = talloc_asprintf_append(result, "%s%s", p, domain); break; case 'f': if (domain == NULL || username == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot expand fully qualified " "name template because domain " "or user name is empty.\n")); goto done; } result = talloc_asprintf_append(result, "%s%s@%s", p, username, domain); break; case 'o': if (original == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Original home directory for %s is not available, " "using empty string\n", username)); orig = ""; } else { orig = original; } result = talloc_asprintf_append(result, "%s%s", p, orig); break; case 'F': if (flatname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot expand domain name " "template because domain flat " "name is empty.\n")); goto done; } result = talloc_asprintf_append(result, "%s%s", p, flatname); break; case '%': result = talloc_asprintf_append(result, "%s%%", p); break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("format error, unknown template " "[%%%c].\n", *n)); goto done; } if (result == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_asprintf_append failed.\n")); goto done; } p = n + 1; } result = talloc_asprintf_append(result, "%s", p); if (result == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_asprintf_append failed.\n")); goto done; } res = talloc_move(mem_ctx, &result); done: talloc_zfree(tmp_ctx); return res; } sssd-1.11.5/src/util/PaxHeaders.13173/server.c0000644000000000000000000000007412320753107016771 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.673874937 sssd-1.11.5/src/util/server.c0000664002412700241270000004075012320753107017221 0ustar00jhrozekjhrozek00000000000000/* SSSD Servers setup routines Copyright (C) Andrew Tridgell 1992-2005 Copyright (C) Martin Pool 2002 Copyright (C) Jelmer Vernooij 2002 Copyright (C) James J Myers 2003 Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "ldb.h" #include "confdb/confdb.h" #include "monitor/monitor_interfaces.h" #ifdef HAVE_PRCTL #include #endif /******************************************************************* Close the low 3 fd's and open dev/null in their place. ********************************************************************/ static void close_low_fds(void) { #ifndef VALGRIND int fd; int i; close(0); close(1); close(2); /* try and use up these file descriptors, so silly library routines writing to stdout etc won't cause havoc */ for (i = 0; i < 3; i++) { fd = open("/dev/null", O_RDWR, 0); if (fd < 0) fd = open("/dev/null", O_WRONLY, 0); if (fd < 0) { DEBUG(SSSDBG_FATAL_FAILURE, ("Can't open /dev/null\n")); return; } if (fd != i) { DEBUG(SSSDBG_FATAL_FAILURE, ("Didn't get file descriptor %d\n",i)); return; } } #endif } static void deamon_parent_sigterm(int sig) { _exit(0); } /** Become a daemon, discarding the controlling terminal. **/ void become_daemon(bool Fork) { pid_t pid, cpid; int status; int ret, error; if (Fork) { pid = fork(); if (pid != 0) { /* Terminate parent process on demand so we can hold systemd * or initd from starting next service until sssd in initialized. * We use signals directly here because we don't have a tevent * context yet. */ CatchSignal(SIGTERM, deamon_parent_sigterm); /* or exit when sssd monitor is terminated */ do { errno = 0; cpid = waitpid(pid, &status, 0); if (cpid == 1) { /* An error occurred while waiting */ error = errno; if (error != EINTR) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error [%d][%s] while waiting for child\n", error, strerror(error))); /* Forcibly kill this child */ kill(pid, SIGKILL); ret = 1; } } error = 0; /* return error if we didn't exited normally */ ret = 1; if (WIFEXITED(status)) { /* but return our exit code otherwise */ ret = WEXITSTATUS(status); } } while (error == EINTR); _exit(ret); } } /* detach from the terminal */ setsid(); /* chdir to / to be sure we're not on a remote filesystem */ errno = 0; if(chdir("/") == -1) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, ("Cannot change directory (%d [%s])\n", ret, strerror(ret))); return; } /* Close fd's 0,1,2. Needed if started by rsh */ close_low_fds(); } int pidfile(const char *path, const char *name) { char pid_str[32]; pid_t pid; char *file; int fd; int ret, err; ssize_t len; size_t size; ssize_t written; ssize_t pidlen = sizeof(pid_str) - 1; file = talloc_asprintf(NULL, "%s/%s.pid", path, name); if (!file) { return ENOMEM; } fd = open(file, O_RDONLY, 0644); err = errno; if (fd != -1) { errno = 0; len = sss_atomic_read_s(fd, pid_str, pidlen); ret = errno; if (len == -1) { DEBUG(SSSDBG_CRIT_FAILURE, ("read failed [%d][%s].\n", ret, strerror(ret))); close(fd); talloc_free(file); return EINVAL; } /* Ensure NULL-termination */ pid_str[len] = '\0'; /* let's check the pid */ pid = (pid_t)atoi(pid_str); if (pid != 0) { errno = 0; ret = kill(pid, 0); /* succeeded in signaling the process -> another sssd process */ if (ret == 0) { close(fd); talloc_free(file); return EEXIST; } if (ret != 0 && errno != ESRCH) { err = errno; close(fd); talloc_free(file); return err; } } /* nothing in the file or no process */ close(fd); unlink(file); } else { if (err != ENOENT) { talloc_free(file); return err; } } fd = open(file, O_CREAT | O_WRONLY | O_EXCL, 0644); err = errno; if (fd == -1) { talloc_free(file); return err; } talloc_free(file); memset(pid_str, 0, sizeof(pid_str)); snprintf(pid_str, sizeof(pid_str) -1, "%u\n", (unsigned int) getpid()); size = strlen(pid_str); errno = 0; written = sss_atomic_write_s(fd, pid_str, size); if (written == -1) { err = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("write failed [%d][%s]\n", err, strerror(err))); close(fd); return err; } if (written != size) { DEBUG(SSSDBG_CRIT_FAILURE, ("Wrote %zd bytes expected %zu\n", written, size)); close(fd); return EIO; } close(fd); return 0; } static void sig_hup(int sig) { /* cycle log/debug files */ return; } void sig_term(int sig) { #if HAVE_GETPGRP static int done_sigterm; if (done_sigterm == 0 && getpgrp() == getpid()) { DEBUG(SSSDBG_FATAL_FAILURE, ("SIGTERM: killing children\n")); done_sigterm = 1; kill(-getpgrp(), SIGTERM); } #endif sss_log(SSS_LOG_INFO, "Shutting down"); exit(0); } static void default_quit(struct tevent_context *ev, struct tevent_signal *se, int signum, int count, void *siginfo, void *private_data) { #if HAVE_GETPGRP static int done_sigterm; if (done_sigterm == 0 && getpgrp() == getpid()) { DEBUG(SSSDBG_FATAL_FAILURE, ("SIGTERM: killing children\n")); done_sigterm = 1; kill(-getpgrp(), SIGTERM); } #endif sss_log(SSS_LOG_INFO, "Shutting down"); exit(0); } #ifndef HAVE_PRCTL static void sig_segv_abrt(int sig) { #if HAVE_GETPGRP static int done; if (done == 0 && getpgrp() == getpid()) { DEBUG(SSSDBG_FATAL_FAILURE, ("%s: killing children\n", strsignal(sig))); done = 1; kill(-getpgrp(), SIGTERM); } #endif /* HAVE_GETPGRP */ exit(1); } #endif /* HAVE_PRCTL */ /* setup signal masks */ static void setup_signals(void) { /* we are never interested in SIGPIPE */ BlockSignals(true, SIGPIPE); #if defined(SIGFPE) /* we are never interested in SIGFPE */ BlockSignals(true, SIGFPE); #endif /* We are no longer interested in USR1 */ BlockSignals(true, SIGUSR1); /* We are no longer interested in SIGINT except for monitor */ BlockSignals(true, SIGINT); #if defined(SIGUSR2) /* We are no longer interested in USR2 */ BlockSignals(true, SIGUSR2); #endif /* POSIX demands that signals are inherited. If the invoking process has * these signals masked, we will have problems, as we won't receive them. */ BlockSignals(false, SIGHUP); BlockSignals(false, SIGTERM); CatchSignal(SIGHUP, sig_hup); #ifndef HAVE_PRCTL /* If prctl is not defined on the system, try to handle * some common termination signals gracefully */ CatchSignal(SIGSEGV, sig_segv_abrt); CatchSignal(SIGABRT, sig_segv_abrt); #endif } /* handle io on stdin */ static void server_stdin_handler(struct tevent_context *event_ctx, struct tevent_fd *fde, uint16_t flags, void *private) { const char *binary_name = (const char *)private; uint8_t c; errno = 0; if (sss_atomic_read_s(0, &c, 1) == 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("%s: EOF on stdin - terminating\n", binary_name)); #if HAVE_GETPGRP if (getpgrp() == getpid()) { kill(-getpgrp(), SIGTERM); } #endif exit(0); } } /* main server helpers. */ int die_if_parent_died(void) { #ifdef HAVE_PRCTL int ret; errno = 0; ret = prctl(PR_SET_PDEATHSIG, SIGTERM, 0, 0, 0); if (ret != 0) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("prctl failed [%d]: %s", ret, strerror(ret))); return ret; } #endif return EOK; } struct logrotate_ctx { struct confdb_ctx *confdb; const char *confdb_path; }; static void te_server_hup(struct tevent_context *ev, struct tevent_signal *se, int signum, int count, void *siginfo, void *private_data) { errno_t ret; struct logrotate_ctx *lctx = talloc_get_type(private_data, struct logrotate_ctx); DEBUG(SSSDBG_CRIT_FAILURE, ("Received SIGHUP. Rotating logfiles.\n")); ret = monitor_common_rotate_logs(lctx->confdb, lctx->confdb_path); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not reopen log file [%s]\n", strerror(ret))); } } int server_setup(const char *name, int flags, const char *conf_entry, struct main_context **main_ctx) { struct tevent_context *event_ctx; struct main_context *ctx; uint16_t stdin_event_flags; char *conf_db; int ret = EOK; bool dt; bool dl; bool dm; struct tevent_signal *tes; struct logrotate_ctx *lctx; debug_prg_name = strdup(name); if (!debug_prg_name) { return ENOMEM; } setenv("_SSS_LOOPS", "NO", 0); setup_signals(); /* we want default permissions on created files to be very strict, so set our umask to 0177 */ umask(0177); if (flags & FLAGS_DAEMON) { DEBUG(SSSDBG_IMPORTANT_INFO, ("Becoming a daemon.\n")); become_daemon(true); } if (flags & FLAGS_PID_FILE) { ret = pidfile(PID_PATH, name); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Error creating pidfile: %s/%s! " "(%d [%s])\n", PID_PATH, name, ret, strerror(ret))); return ret; } } /* Set up locale */ setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); /* the event context is the top level structure. * Everything else should hang off that */ event_ctx = tevent_context_init(talloc_autofree_context()); if (event_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("The event context initialiaziton failed\n")); return 1; } /* Set up an event handler for a SIGINT */ tes = tevent_add_signal(event_ctx, event_ctx, SIGINT, 0, default_quit, NULL); if (tes == NULL) { return EIO; } /* Set up an event handler for a SIGTERM */ tes = tevent_add_signal(event_ctx, event_ctx, SIGTERM, 0, default_quit, NULL); if (tes == NULL) { return EIO; } ctx = talloc(event_ctx, struct main_context); if (ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory, aborting!\n")); return ENOMEM; } ctx->parent_pid = getppid(); ctx->event_ctx = event_ctx; conf_db = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE); if (conf_db == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory, aborting!\n")); return ENOMEM; } ret = confdb_init(ctx, &ctx->confdb_ctx, conf_db); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("The confdb initialization failed\n")); return ret; } if (debug_level == SSSDBG_UNRESOLVED) { /* set debug level if any in conf_entry */ ret = confdb_get_int(ctx->confdb_ctx, conf_entry, CONFDB_SERVICE_DEBUG_LEVEL, SSSDBG_DEFAULT, &debug_level); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) " "[%s]\n", ret, strerror(ret))); return ret; } debug_level = debug_convert_old_level(debug_level); } /* same for debug timestamps */ if (debug_timestamps == SSSDBG_TIMESTAMP_UNRESOLVED) { ret = confdb_get_bool(ctx->confdb_ctx, conf_entry, CONFDB_SERVICE_DEBUG_TIMESTAMPS, SSSDBG_TIMESTAMP_DEFAULT, &dt); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) " "[%s]\n", ret, strerror(ret))); return ret; } if (dt) debug_timestamps = 1; else debug_timestamps = 0; } /* same for debug microseconds */ if (debug_microseconds == SSSDBG_MICROSECONDS_UNRESOLVED) { ret = confdb_get_bool(ctx->confdb_ctx, conf_entry, CONFDB_SERVICE_DEBUG_MICROSECONDS, SSSDBG_MICROSECONDS_DEFAULT, &dm); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) " "[%s]\n", ret, strerror(ret))); return ret; } if (dm) debug_microseconds = 1; else debug_microseconds = 0; } /* same for debug to file */ dl = (debug_to_file != 0); ret = confdb_get_bool(ctx->confdb_ctx, conf_entry, CONFDB_SERVICE_DEBUG_TO_FILES, dl, &dl); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) [%s]\n", ret, strerror(ret))); return ret; } if (dl) debug_to_file = 1; /* before opening the log file set up log rotation */ lctx = talloc_zero(ctx, struct logrotate_ctx); if (!lctx) return ENOMEM; lctx->confdb = ctx->confdb_ctx; lctx->confdb_path = conf_entry; tes = tevent_add_signal(ctx->event_ctx, ctx, SIGHUP, 0, te_server_hup, lctx); if (tes == NULL) { return EIO; } /* open log file if told so */ if (debug_to_file) { ret = open_debug_file(); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Error setting up logging (%d) " "[%s]\n", ret, strerror(ret))); return ret; } } sss_log(SSS_LOG_INFO, "Starting up"); DEBUG(SSSDBG_TRACE_FUNC, ("CONFDB: %s\n", conf_db)); if (flags & FLAGS_INTERACTIVE) { /* terminate when stdin goes away */ stdin_event_flags = TEVENT_FD_READ; } else { /* stay alive forever */ stdin_event_flags = 0; } /* catch EOF on stdin */ #ifdef SIGTTIN signal(SIGTTIN, SIG_IGN); #endif tevent_add_fd(event_ctx, event_ctx, 0, stdin_event_flags, server_stdin_handler, discard_const(name)); *main_ctx = ctx; return EOK; } void server_loop(struct main_context *main_ctx) { /* wait for events - this is where the server sits for most of its life */ tevent_loop_wait(main_ctx->event_ctx); /* as everything hangs off this event context, freeing it should initiate a clean shutdown of all services */ talloc_free(main_ctx->event_ctx); } sssd-1.11.5/src/util/PaxHeaders.13173/nscd.c0000644000000000000000000000007412320753107016412 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.698874918 sssd-1.11.5/src/util/nscd.c0000664002412700241270000001201612320753107016634 0ustar00jhrozekjhrozek00000000000000/* SSSD nscd.c Copyright (C) Jakub Hrozek 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "config.h" #include "util/util.h" #include "tools/tools_util.h" #ifndef NSCD_RELOAD_ARG #define NSCD_RELOAD_ARG "-i" #endif #if defined(NSCD_PATH) && defined(HAVE_NSCD) int flush_nscd_cache(enum nscd_db flush_db) { const char *service; pid_t nscd_pid; int ret, status; switch(flush_db) { case NSCD_DB_PASSWD: service = "passwd"; break; case NSCD_DB_GROUP: service = "group"; break; default: DEBUG(1, ("Unknown nscd database\n")); ret = EINVAL; goto done; } nscd_pid = fork(); switch (nscd_pid) { case 0: execl(NSCD_PATH, "nscd", NSCD_RELOAD_ARG, service, NULL); /* if this returns it is an error */ DEBUG(1, ("execl(3) failed: %d(%s)\n", errno, strerror(errno))); exit(errno); case -1: DEBUG(1, ("fork failed\n")); ret = EFAULT; break; default: do { errno = 0; ret = waitpid(nscd_pid, &status, 0); } while (ret == -1 && errno == EINTR); if (ret > 0) { if (WIFEXITED(status)) { ret = WEXITSTATUS(status); if (ret > 0) { /* The flush fails if nscd is not running, so do not care * about the return code */ DEBUG(8, ("Error flushing cache, is nscd running?\n")); } } } else { DEBUG(5, ("Failed to wait for children %d\n", nscd_pid)); ret = EIO; } } done: return ret; } #else /* defined(NSCD_PATH) && defined(HAVE_NSCD) */ int flush_nscd_cache(enum nscd_db flush_db) { return EOK; } #endif /* NSCD config file parse and check */ static unsigned int sss_nscd_check_service(char* svc_name) { struct sss_nscd_db { const char *svc_type_name; unsigned int nscd_service_flag; }; int i; unsigned int ret = 0; struct sss_nscd_db db[] = { { "passwd", 0x0001 }, { "group", 0x0010 }, { "netgroup", 0x0100 }, { "services", 0x1000 }, { NULL, 0 } }; if (svc_name == NULL) { return ret; } for (i = 0; db[i].svc_type_name != NULL; i++) { if (!strcmp(db[i].svc_type_name, svc_name)) { ret = db[i].nscd_service_flag; break; } } return ret; } errno_t sss_nscd_parse_conf(const char *conf_path) { FILE *fp; int ret = EOK; unsigned int occured = 0; char *line, *entry, *service, *enabled, *pad; size_t linelen = 0; fp = fopen(conf_path, "r"); if (fp == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Couldn't open NSCD configuration " "file [%s]\n", NSCD_CONF_PATH)); return ENOENT; } while (getline(&line, &linelen, fp) != -1) { pad = strchr(line, '#'); if (pad != NULL) { *pad = '\0'; } if (line[0] == '\n' || line[0] == '\0') continue; entry = line; while (isspace(*entry) && *entry != '\0') { entry++; } pad = entry; while (!isspace(*pad) && *pad != '\0') { pad++; } service = pad; while (isspace(*service) && *service != '\0') { service++; } *pad = '\0'; pad = service; while (!isspace(*pad) && *pad != '\0') { pad++; } enabled = pad; while (isspace(*enabled) && *enabled != '\0') { enabled++; } *pad = '\0'; pad = enabled; while (!isspace(*pad) && *pad != '\0') { pad++; } *pad = '\0'; if (!strcmp(entry, "enable-cache") && !strcmp(enabled, "yes")) { occured |= sss_nscd_check_service(service); } }; ret = ferror(fp); if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Reading NSCD configuration file [%s] " "ended with failure [%d]: %s.\n", NSCD_CONF_PATH, ret, strerror(ret))); ret = ENOENT; goto done; } ret = EOK; if (occured != 0) { ret = EEXIST; goto done; } done: free(line); fclose(fp); return ret; } sssd-1.11.5/src/util/PaxHeaders.13173/find_uid.c0000644000000000000000000000007412320753107017244 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.558875022 sssd-1.11.5/src/util/find_uid.c0000664002412700241270000001625112320753107017473 0ustar00jhrozekjhrozek00000000000000/* SSSD Create uid table Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "dhash.h" #include "util/util.h" #include "util/strtonum.h" #define INITIAL_TABLE_SIZE 64 #define PATHLEN (NAME_MAX + 14) #define BUFSIZE 4096 static void *hash_talloc(const size_t size, void *pvt) { return talloc_size(pvt, size); } static void hash_talloc_free(void *ptr, void *pvt) { talloc_free(ptr); } static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) { int ret; char path[PATHLEN]; struct stat stat_buf; int fd; char buf[BUFSIZE]; char *p; char *e; char *endptr; uint32_t num=0; errno_t error; ret = snprintf(path, PATHLEN, "/proc/%d/status", pid); if (ret < 0) { DEBUG(1, ("snprintf failed")); return EINVAL; } else if (ret >= PATHLEN) { DEBUG(1, ("path too long?!?!\n")); return EINVAL; } fd = open(path, O_RDONLY); if (fd == -1) { error = errno; if (error == ENOENT) { DEBUG(7, ("Proc file [%s] is not available anymore, continuing.\n", path)); return EOK; } DEBUG(1, ("open failed [%d][%s].\n", error, strerror(error))); return error; } ret = fstat(fd, &stat_buf); if (ret == -1) { error = errno; if (error == ENOENT) { DEBUG(7, ("Proc file [%s] is not available anymore, continuing.\n", path)); error = EOK; goto fail_fd; } DEBUG(1, ("fstat failed [%d][%s].\n", error, strerror(error))); goto fail_fd; } if (!S_ISREG(stat_buf.st_mode)) { DEBUG(1, ("not a regular file\n")); error = EINVAL; goto fail_fd; } errno = 0; ret = sss_atomic_read_s(fd, buf, BUFSIZE); if (ret == -1) { error = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("read failed [%d][%s].\n", error, strerror(error))); goto fail_fd; } /* Guarantee NULL-termination in case we read the full BUFSIZE somehow */ buf[BUFSIZE-1] = '\0'; ret = close(fd); if (ret == -1) { error = errno; DEBUG(1, ("close failed [%d][%s].\n", error, strerror(error))); } p = strstr(buf, "\nUid:\t"); if (p != NULL) { p += 6; e = strchr(p,'\t'); if (e == NULL) { DEBUG(1, ("missing delimiter.\n")); return EINVAL; } else { *e = '\0'; } num = (uint32_t) strtoint32(p, &endptr, 10); error = errno; if (error != 0) { DEBUG(1, ("strtol failed [%s].\n", strerror(error))); return error; } if (*endptr != '\0') { DEBUG(1, ("uid contains extra characters\n")); return EINVAL; } } else { DEBUG(1, ("format error\n")); return EINVAL; } *uid = num; return EOK; fail_fd: close(fd); return error; } static errno_t name_to_pid(const char *name, pid_t *pid) { long num; char *endptr; errno_t error; errno = 0; num = strtol(name, &endptr, 10); error = errno; if (error == ERANGE) { perror("strtol"); return error; } if (*endptr != '\0') { DEBUG(1, ("pid string contains extra characters.\n")); return EINVAL; } if (num <= 0 || num >= INT_MAX) { DEBUG(1, ("pid out of range.\n")); return ERANGE; } *pid = num; return EOK; } static int only_numbers(char *p) { while(*p!='\0' && isdigit(*p)) ++p; return *p; } static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) { DIR *proc_dir = NULL; struct dirent *dirent; int ret, err; pid_t pid = -1; uid_t uid; hash_key_t key; hash_value_t value; proc_dir = opendir("/proc"); if (proc_dir == NULL) { ret = errno; DEBUG(1, ("Cannot open proc dir.\n")); goto done; }; errno = 0; while ((dirent = readdir(proc_dir)) != NULL) { if (only_numbers(dirent->d_name) != 0) continue; ret = name_to_pid(dirent->d_name, &pid); if (ret != EOK) { DEBUG(1, ("name_to_pid failed.\n")); goto done; } ret = get_uid_from_pid(pid, &uid); if (ret != EOK) { DEBUG(1, ("get_uid_from_pid failed.\n")); goto done; } if (table != NULL) { key.type = HASH_KEY_ULONG; key.ul = (unsigned long) uid; value.type = HASH_VALUE_ULONG; value.ul = (unsigned long) uid; ret = hash_enter(table, &key, &value); if (ret != HASH_SUCCESS) { DEBUG(1, ("cannot add to table [%s]\n", hash_error_string(ret))); ret = ENOMEM; goto done; } } else { if (uid == search_uid) { ret = EOK; goto done; } } errno = 0; } if (errno != 0 && dirent == NULL) { ret = errno; DEBUG(1, ("readdir failed.\n")); goto done; } ret = closedir(proc_dir); proc_dir = NULL; if (ret == -1) { DEBUG(1, ("closedir failed, watch out.\n")); } if (table != NULL) { ret = EOK; } else { ret = ENOENT; } done: if (proc_dir != NULL) { err = closedir(proc_dir); if (err) { DEBUG(1, ("closedir failed, bad dirp?\n")); } } return ret; } errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) { #ifdef __linux__ int ret; ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0, hash_talloc, hash_talloc_free, mem_ctx, NULL, NULL); if (ret != HASH_SUCCESS) { DEBUG(1, ("hash_create_ex failed [%s]\n", hash_error_string(ret))); return ENOMEM; } return get_active_uid_linux(*table, 0); #else return ENOSYS; #endif } errno_t check_if_uid_is_active(uid_t uid, bool *result) { int ret; ret = get_active_uid_linux(NULL, uid); if (ret != EOK && ret != ENOENT) { DEBUG(1, ("get_uid_table failed.\n")); return ret; } if (ret == EOK) { *result = true; } else { *result = false; } return EOK; } sssd-1.11.5/src/util/PaxHeaders.13173/usertools.c0000644000000000000000000000007412320753107017522 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.675874935 sssd-1.11.5/src/util/usertools.c0000664002412700241270000004543412320753107017756 0ustar00jhrozekjhrozek00000000000000/* SSSD User tools Copyright (C) Stephen Gallagher 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "confdb/confdb.h" #include "util/util.h" #ifdef HAVE_LIBPCRE_LESSER_THAN_7 #define NAME_DOMAIN_PATTERN_OPTIONS (PCRE_EXTENDED) #else #define NAME_DOMAIN_PATTERN_OPTIONS (PCRE_DUPNAMES | PCRE_EXTENDED) #endif char *get_username_from_uid(TALLOC_CTX *mem_ctx, uid_t uid) { char *username; struct passwd *pwd; pwd = getpwuid(uid); if (!pwd) return NULL; username = talloc_strdup(mem_ctx, pwd->pw_name); return username; } /* Function returns given realm name as new uppercase string */ char *get_uppercase_realm(TALLOC_CTX *memctx, const char *name) { char *realm; char *c; realm = talloc_strdup(memctx, name); if (!realm) { return NULL; } c = realm; while(*c != '\0') { *c = toupper(*c); c++; } return realm; } static int sss_names_ctx_destructor(struct sss_names_ctx *snctx) { if (snctx->re) { pcre_free(snctx->re); snctx->re = NULL; } return 0; } #define IPA_AD_DEFAULT_RE "(((?P[^\\\\]+)\\\\(?P.+$))|" \ "((?P[^@]+)@(?P.+$))|" \ "(^(?P[^@\\\\]+)$))" static errno_t get_id_provider_default_re(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, char **re_pattern) { #ifdef HAVE_LIBPCRE_LESSER_THAN_7 DEBUG(SSSDBG_MINOR_FAILURE, ("The libpcre version on this system is too old. Only " "the user@DOMAIN name fully qualified name format will " "be supported\n")); *re_pattern = NULL; return EOK; #else int ret; size_t c; char *id_provider = NULL; struct provider_default_re { const char *name; const char *re; } provider_default_re[] = {{"ipa", IPA_AD_DEFAULT_RE}, {"ad", IPA_AD_DEFAULT_RE}, {NULL, NULL}}; ret = confdb_get_string(cdb, mem_ctx, conf_path, CONFDB_DOMAIN_ID_PROVIDER, NULL, &id_provider); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to read ID provider " \ "from conf db.\n")); goto done; } if (id_provider == NULL) { *re_pattern = NULL; } else { for (c = 0; provider_default_re[c].name != NULL; c++) { if (strcmp(id_provider, provider_default_re[c].name) == 0) { *re_pattern = talloc_strdup(mem_ctx, provider_default_re[c].re); if (*re_pattern == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } break; } } } ret = EOK; done: talloc_free(id_provider); return ret; #endif } static errno_t sss_fqnames_init(struct sss_names_ctx *nctx, const char *fq_fmt) { struct pattern_desc { const char *pattern; const char *desc; int flag; }; struct pattern_desc fqname_patterns[] = { { "%1$s", "user name", FQ_FMT_NAME }, { "%2$s", "domain name", FQ_FMT_DOMAIN }, { "%3$s", "domain flat name", FQ_FMT_FLAT_NAME }, { NULL, NULL, 0 } }; nctx->fq_fmt = talloc_strdup(nctx, fq_fmt); if (nctx->fq_fmt == NULL) { return ENOMEM; } DEBUG(SSSDBG_CONF_SETTINGS, ("Using fq format [%s].\n", nctx->fq_fmt)); /* Fail if the name specifier is missing and warn if the domain * specifier is missing */ if (strstr(fq_fmt, fqname_patterns[0].pattern) == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Username pattern not found in [%s]\n", nctx->fq_fmt)); return ENOENT; } nctx->fq_flags = FQ_FMT_NAME; for (int i = 1; fqname_patterns[i].pattern; i++) { char *s; s = strstr(fq_fmt, fqname_patterns[i].pattern); if (s == NULL) { /* Append the format specifier */ nctx->fq_fmt = talloc_strdup_append(nctx->fq_fmt, fqname_patterns[i].pattern); if (nctx->fq_fmt == NULL) { return ENOMEM; } continue; } DEBUG(SSSDBG_CONF_SETTINGS, ("Found the pattern for %s\n", fqname_patterns[i].desc)); nctx->fq_flags |= fqname_patterns[i].flag; } return EOK; } int sss_names_init_from_args(TALLOC_CTX *mem_ctx, const char *re_pattern, const char *fq_fmt, struct sss_names_ctx **out) { struct sss_names_ctx *ctx; const char *errstr; int errval; int errpos; int ret; ctx = talloc_zero(mem_ctx, struct sss_names_ctx); if (!ctx) return ENOMEM; talloc_set_destructor(ctx, sss_names_ctx_destructor); ctx->re_pattern = talloc_strdup(ctx, re_pattern); if (ctx->re_pattern == NULL) { ret = ENOMEM; goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Using re [%s].\n", ctx->re_pattern)); ret = sss_fqnames_init(ctx, fq_fmt); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not check the FQ names format" "[%d]: %s\n", ret, sss_strerror(ret))); goto done; } ctx->re = pcre_compile2(ctx->re_pattern, NAME_DOMAIN_PATTERN_OPTIONS, &errval, &errstr, &errpos, NULL); if (!ctx->re) { DEBUG(1, ("Invalid Regular Expression pattern at position %d." " (Error: %d [%s])\n", errpos, errval, errstr)); ret = EFAULT; goto done; } *out = ctx; ret = EOK; done: if (ret != EOK) { talloc_free(ctx); } return ret; } int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *domain, struct sss_names_ctx **out) { TALLOC_CTX *tmpctx = NULL; char *conf_path; char *re_pattern; char *fq_fmt; int ret; tmpctx = talloc_new(NULL); if (tmpctx == NULL) { ret = ENOMEM; goto done; } conf_path = talloc_asprintf(tmpctx, CONFDB_DOMAIN_PATH_TMPL, domain); if (conf_path == NULL) { ret = ENOMEM; goto done; } ret = confdb_get_string(cdb, tmpctx, conf_path, CONFDB_NAME_REGEX, NULL, &re_pattern); if (ret != EOK) goto done; /* If not found in the domain, look in globals */ if (re_pattern == NULL) { ret = confdb_get_string(cdb, tmpctx, CONFDB_MONITOR_CONF_ENTRY, CONFDB_NAME_REGEX, NULL, &re_pattern); if (ret != EOK) goto done; } if (re_pattern == NULL) { ret = get_id_provider_default_re(tmpctx, cdb, conf_path, &re_pattern); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get provider default regular " \ "expression for domain [%s].\n", domain)); goto done; } } if (!re_pattern) { re_pattern = talloc_strdup(tmpctx, "(?P[^@]+)@?(?P[^@]*$)"); if (!re_pattern) { ret = ENOMEM; goto done; } #ifdef HAVE_LIBPCRE_LESSER_THAN_7 } else { DEBUG(2, ("This binary was build with a version of libpcre that does " "not support non-unique named subpatterns.\n")); DEBUG(2, ("Please make sure that your pattern [%s] only contains " "subpatterns with a unique name and uses " "the Python syntax (?P).\n", re_pattern)); #endif } ret = confdb_get_string(cdb, tmpctx, conf_path, CONFDB_FULL_NAME_FORMAT, NULL, &fq_fmt); if (ret != EOK) goto done; /* If not found in the domain, look in globals */ if (fq_fmt == NULL) { ret = confdb_get_string(cdb, tmpctx, CONFDB_MONITOR_CONF_ENTRY, CONFDB_FULL_NAME_FORMAT, NULL, &fq_fmt); if (ret != EOK) goto done; } if (!fq_fmt) { fq_fmt = talloc_strdup(tmpctx, CONFDB_DEFAULT_FULL_NAME_FORMAT); if (!fq_fmt) { ret = ENOMEM; goto done; } } ret = sss_names_init_from_args(mem_ctx, re_pattern, fq_fmt, out); done: talloc_free(tmpctx); return ret; } int sss_parse_name(TALLOC_CTX *memctx, struct sss_names_ctx *snctx, const char *orig, char **_domain, char **_name) { pcre *re = snctx->re; const char *result; int ovec[30]; int origlen; int ret, strnum; origlen = strlen(orig); ret = pcre_exec(re, NULL, orig, origlen, 0, PCRE_NOTEMPTY, ovec, 30); if (ret == PCRE_ERROR_NOMATCH) { return EINVAL; } else if (ret < 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("PCRE Matching error, %d\n", ret)); return EINVAL; } if (ret == 0) { DEBUG(1, ("Too many matches, the pattern is invalid.\n")); } strnum = ret; if (_name != NULL) { result = NULL; ret = pcre_get_named_substring(re, orig, ovec, strnum, "name", &result); if (ret < 0 || !result) { DEBUG(2, ("Name not found!\n")); return EINVAL; } *_name = talloc_strdup(memctx, result); pcre_free_substring(result); if (!*_name) return ENOMEM; } if (_domain != NULL) { result = NULL; ret = pcre_get_named_substring(re, orig, ovec, strnum, "domain", &result); if (ret < 0 || !result) { DEBUG(4, ("Domain not provided!\n")); *_domain = NULL; } else { /* ignore "" string */ if (*result) { *_domain = talloc_strdup(memctx, result); pcre_free_substring(result); if (!*_domain) return ENOMEM; } else { pcre_free_substring(result); *_domain = NULL; } } } return EOK; } static struct sss_domain_info * match_any_domain_or_subdomain_name( struct sss_domain_info *dom, const char *dmatch) { if (strcasecmp(dom->name, dmatch) == 0 || (dom->flat_name != NULL && strcasecmp(dom->flat_name, dmatch) == 0)) { return dom; } return find_subdomain_by_name(dom, dmatch, true); } int sss_parse_name_for_domains(TALLOC_CTX *memctx, struct sss_domain_info *domains, const char *default_domain, const char *orig, char **domain, char **name) { struct sss_domain_info *dom, *match = NULL; char *rdomain, *rname; char *dmatch, *nmatch; char *candidate_name = NULL; char *candidate_domain = NULL; bool name_mismatch = false; TALLOC_CTX *tmp_ctx; int ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) return ENOMEM; rname = NULL; rdomain = NULL; for (dom = domains; dom != NULL; dom = get_next_domain(dom, false)) { ret = sss_parse_name(tmp_ctx, dom->names, orig, &dmatch, &nmatch); if (ret == EOK) { /* * If the name matched without the domain part, make note of it. * All the other domain expressions must agree on the domain-less * name. */ if (dmatch == NULL) { if (candidate_name == NULL) { candidate_name = nmatch; } else if (strcasecmp(candidate_name, nmatch) != 0) { name_mismatch = true; } /* * If a domain was returned, then it must match the name of the * domain that this expression was found on, or one of the * subdomains. */ } else { match = match_any_domain_or_subdomain_name (dom, dmatch); if (match != NULL) { DEBUG(SSSDBG_FUNC_DATA, ("name '%s' matched expression for " "domain '%s', user is %s\n", orig, match->name, nmatch)); rdomain = talloc_strdup(tmp_ctx, match->name); if (rdomain == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } rname = nmatch; break; } else if (candidate_name == NULL) { candidate_domain = dmatch; } } /* EINVAL is returned when name doesn't match */ } else if (ret != EINVAL) { goto done; } } if (rdomain == NULL && rname == NULL) { if (candidate_name && !name_mismatch) { DEBUG(SSSDBG_FUNC_DATA, ("name '%s' matched without domain, " \ "user is %s\n", orig, nmatch)); rdomain = NULL; if (default_domain != NULL) { rdomain = talloc_strdup(tmp_ctx, default_domain); if (rdomain == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } for (dom = domains; dom != NULL; dom = get_next_domain(dom, false)) { match = match_any_domain_or_subdomain_name(dom, rdomain); if (match != NULL) { break; } } if (match == NULL) { DEBUG(SSSDBG_FUNC_DATA, ("default domain [%s] is currently " \ "not know, trying to look it up.\n", rdomain)); *domain = talloc_steal(memctx, rdomain); ret = EAGAIN; goto done; } } DEBUG(SSSDBG_FUNC_DATA, ("using default domain [%s]\n", rdomain)); rname = candidate_name; } else if (candidate_domain) { *domain = talloc_steal(memctx, candidate_domain); ret = EAGAIN; goto done; } } if (rdomain == NULL && rname == NULL) { DEBUG(SSSDBG_TRACE_FUNC, ("name '%s' did not match any domain's expression\n", orig)); ret = EINVAL; goto done; } if (domain != NULL) { *domain = talloc_steal(memctx, rdomain); } if (name != NULL) { *name = talloc_steal(memctx, rname); } ret = EOK; done: talloc_free(tmp_ctx); return ret; } char * sss_get_cased_name(TALLOC_CTX *mem_ctx, const char *orig_name, bool case_sensitive) { return case_sensitive ? talloc_strdup(mem_ctx, orig_name) : sss_tc_utf8_str_tolower(mem_ctx, orig_name); } errno_t sss_get_cased_name_list(TALLOC_CTX *mem_ctx, const char * const *orig, bool case_sensitive, const char ***_cased) { const char **out; size_t num, i; if (orig == NULL) { *_cased = NULL; return EOK; } for (num=0; orig[num]; num++); /* count the num of strings */ if (num == 0) { *_cased = NULL; return EOK; } out = talloc_array(mem_ctx, const char *, num + 1); if (out == NULL) { return ENOMEM; } for (i = 0; i < num; i++) { out[i] = sss_get_cased_name(out, orig[i], case_sensitive); if (out[i] == NULL) { talloc_free(out); return ENOMEM; } } out[num] = NULL; *_cased = out; return EOK; } static inline const char * safe_fq_str(struct sss_names_ctx *nctx, uint8_t part, const char *str) { return nctx->fq_flags & part ? str : ""; } static inline const char * safe_flat_name(struct sss_names_ctx *nctx, struct sss_domain_info *domain) { const char *s; s = safe_fq_str(nctx, FQ_FMT_FLAT_NAME, domain->flat_name); if (s == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Flat name requested but domain has no" "flat name set, falling back to domain name\n")); s = domain->name; } return s; } static inline size_t fq_part_len(struct sss_names_ctx *nctx, struct sss_domain_info *dom, uint8_t part, const char *str) { const char *s = str; if (part == FQ_FMT_FLAT_NAME) { s = safe_flat_name(nctx, dom); } return nctx->fq_flags & part ? strlen(s) : 0; } char * sss_tc_fqname(TALLOC_CTX *mem_ctx, struct sss_names_ctx *nctx, struct sss_domain_info *domain, const char *name) { if (domain == NULL || nctx == NULL) return NULL; return talloc_asprintf(mem_ctx, nctx->fq_fmt, safe_fq_str(nctx, FQ_FMT_NAME, name), safe_fq_str(nctx, FQ_FMT_DOMAIN, domain->name), safe_flat_name(nctx, domain)); } int sss_fqname(char *str, size_t size, struct sss_names_ctx *nctx, struct sss_domain_info *domain, const char *name) { if (domain == NULL || nctx == NULL) return -EINVAL; return snprintf(str, size, nctx->fq_fmt, safe_fq_str(nctx, FQ_FMT_NAME, name), safe_fq_str(nctx, FQ_FMT_DOMAIN, domain->name), safe_flat_name(nctx, domain)); } size_t sss_fqdom_len(struct sss_names_ctx *nctx, struct sss_domain_info *domain) { size_t len = fq_part_len(nctx, domain, FQ_FMT_DOMAIN, domain->name); len += fq_part_len(nctx, domain, FQ_FMT_FLAT_NAME, domain->flat_name); return len; } char * sss_get_domain_name(TALLOC_CTX *mem_ctx, const char *orig_name, struct sss_domain_info *dom) { char *user_name; if (IS_SUBDOMAIN(dom) && dom->fqnames) { /* we always use the fully qualified name for subdomain users */ user_name = sss_tc_fqname(mem_ctx, dom->names, dom, orig_name); } else { user_name = talloc_strdup(mem_ctx, orig_name); } return user_name; } sssd-1.11.5/src/util/PaxHeaders.13173/io.h0000644000000000000000000000007412320753107016077 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.419875124 sssd-1.11.5/src/util/io.h0000664002412700241270000000212312320753107016317 0ustar00jhrozekjhrozek00000000000000/* SSSD SSSD Utility functions Copyright (C) Lukas Slebodnik 2013 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _UTIL_IO_H_ #define _UTIL_IO_H_ /* CAUTION: * This file is also used in sss_client (pam, nss). Therefore it have to be * minimalist and cannot include DEBUG macros or header file util.h. */ int sss_open_cloexec(const char *pathname, int flags, int *ret); int sss_openat_cloexec(int dir_fd, const char *pathname, int flags, int *ret); #endif /* _UTIL_IO_H_ */ sssd-1.11.5/src/util/PaxHeaders.13173/murmurhash3.h0000644000000000000000000000007412320753107017746 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.432875115 sssd-1.11.5/src/util/murmurhash3.h0000664002412700241270000000127512320753107020175 0ustar00jhrozekjhrozek00000000000000/* This file is based on the public domain MurmurHash3 from Austin Appleby: * http://code.google.com/p/smhasher/source/browse/trunk/MurmurHash3.cpp * * We use only the 32 bit variant because the 2 produce different result while * we need to produce the same result regardless of the architecture as * clients can be both 64 or 32 bit at the same time. */ #ifndef _UTIL_MURMURHASH3_H_ #define _UTIL_MURMURHASH3_H_ #include /* CAUTION: * This file is also used in sss_client (pam, nss). Therefore it have to be * minimalist and cannot include DEBUG macros or header file util.h. */ uint32_t murmurhash3(const char *key, int len, uint32_t seed); #endif /* _UTIL_MURMURHASH3_H_ */ sssd-1.11.5/src/util/PaxHeaders.13173/util_safealign.h0000644000000000000000000000007412320753107020456 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.436875112 sssd-1.11.5/src/util/util_safealign.h0000664002412700241270000001075312320753107020706 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Simo Sorce Copyright (C) Red Hat, Inc 2007 This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see . */ /* CAUTION: * This file is also used in sss_client (pam, nss). Therefore it has to be * minimalist and cannot include DEBUG macros or header file util.h. */ #ifndef _UTIL_SAFEALIGN_H #define _UTIL_SAFEALIGN_H #include #include #define SIZE_T_OVERFLOW(current, add) \ (((size_t)(add)) > (SIZE_MAX - ((size_t)(current)))) static inline void safealign_memcpy(void *dest, const void *src, size_t n, size_t *counter) { memcpy(dest, src, n); if (counter) { *counter += n; } } #define SAFEALIGN_SETMEM_VALUE(dest, value, type, pctr) do { \ type CV_MACRO_val = (type)(value); \ safealign_memcpy(dest, &CV_MACRO_val, sizeof(type), pctr); \ } while(0) /* SAFEALIGN_COPY_INT64(void *dest, void *src, size_t *pctr) * This macro will safely copy sizeof(int64_t) bytes from memory * location pointed by 'src' to memory location pointed by 'dest'. * If the 'pctr' pointer is not NULL, the value it points to will * be incremented by sizeof(int64_t). */ #define SAFEALIGN_COPY_INT64(dest, src, pctr) \ safealign_memcpy(dest, src, sizeof(int64_t), pctr) /* SAFEALIGN_SETMEM_INT64(void *dest, int64_t value, size_t *pctr) * This macro will safely assign an int64_t value to the memory * location pointed by 'dest'. If the 'pctr' pointer is not NULL, * the value it points to will be incremented by sizeof(int64_t). */ #define SAFEALIGN_SETMEM_INT64(dest, value, pctr) \ SAFEALIGN_SETMEM_VALUE(dest, value, int64_t, pctr) /* SAFEALIGN_COPY_UINT32(void *dest, void *src, size_t *pctr) */ #define SAFEALIGN_COPY_UINT32(dest, src, pctr) \ safealign_memcpy(dest, src, sizeof(uint32_t), pctr) /* SAFEALIGN_SETMEM_UINT32(void *dest, uint32_t value, size_t *pctr) */ #define SAFEALIGN_SETMEM_UINT32(dest, value, pctr) \ SAFEALIGN_SETMEM_VALUE(dest, value, uint32_t, pctr) /* SAFEALIGN_COPY_INT32(void *dest, void *src, size_t *pctr) */ #define SAFEALIGN_COPY_INT32(dest, src, pctr) \ safealign_memcpy(dest, src, sizeof(int32_t), pctr) /* SAFEALIGN_SETMEM_INT32(void *dest, int32_t value, size_t *pctr) */ #define SAFEALIGN_SETMEM_INT32(dest, value, pctr) \ SAFEALIGN_SETMEM_VALUE(dest, value, int32_t, pctr) /* SAFEALIGN_COPY_UINT16(void *dest, void *src, size_t *pctr) */ #define SAFEALIGN_COPY_UINT16(dest, src, pctr) \ safealign_memcpy(dest, src, sizeof(uint16_t), pctr) /* SAFEALIGN_SETMEM_UINT16(void *dest, uint16_t value, size_t *pctr) */ #define SAFEALIGN_SETMEM_UINT16(dest, value, pctr) \ SAFEALIGN_SETMEM_VALUE(dest, value, uint16_t, pctr) /* These macros are the same as their equivalents without _CHECK suffix, * but additionally make the caller return EINVAL immediatelly if *pctr * would excceed len. */ #define SAFEALIGN_COPY_UINT32_CHECK(dest, src, len, pctr) do { \ if ((*(pctr) + sizeof(uint32_t)) > (len) || \ SIZE_T_OVERFLOW(*(pctr), sizeof(uint32_t))) return EINVAL; \ safealign_memcpy(dest, src, sizeof(uint32_t), pctr); \ } while(0) #define SAFEALIGN_COPY_INT32_CHECK(dest, src, len, pctr) do { \ if ((*(pctr) + sizeof(int32_t)) > (len) || \ SIZE_T_OVERFLOW(*(pctr), sizeof(int32_t))) return EINVAL; \ safealign_memcpy(dest, src, sizeof(int32_t), pctr); \ } while(0) #define SAFEALIGN_COPY_UINT16_CHECK(dest, src, len, pctr) do { \ if ((*(pctr) + sizeof(uint16_t)) > (len) || \ SIZE_T_OVERFLOW(*(pctr), sizeof(uint16_t))) return EINVAL; \ safealign_memcpy(dest, src, sizeof(uint16_t), pctr); \ } while(0) /* Aliases for backward compatibility. */ #define SAFEALIGN_SET_VALUE SAFEALIGN_SETMEM_VALUE #define SAFEALIGN_SET_INT64 SAFEALIGN_SETMEM_INT64 #define SAFEALIGN_SET_UINT32 SAFEALIGN_SETMEM_UINT32 #define SAFEALIGN_SET_INT32 SAFEALIGN_SETMEM_INT32 #define SAFEALIGN_SET_UINT16 SAFEALIGN_SETMEM_UINT16 #endif /* _UTIL_SAFEALIGN_H */ sssd-1.11.5/src/util/PaxHeaders.13173/sss_ini.h0000644000000000000000000000007412320753107017137 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.428875117 sssd-1.11.5/src/util/sss_ini.h0000664002412700241270000000460012320753107017361 0ustar00jhrozekjhrozek00000000000000/* SSSD sss_ini.c Authors: Ondrej Kos Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SSS_INI_H__ #define __SSS_INI_H__ /* Structure declarations */ /* INI data structure */ struct sss_ini_initdata; /* Function declarations */ /* Initialize data structure */ struct sss_ini_initdata* sss_ini_initdata_init(TALLOC_CTX *tmp_ctx); /* Close file descriptor */ void sss_ini_close_file(struct sss_ini_initdata *init_data); /* Open config file */ int sss_ini_config_file_open(struct sss_ini_initdata *init_data, const char *config_file); /* Check file permissions */ int sss_ini_config_access_check(struct sss_ini_initdata *init_data); /* Cstat */ int sss_ini_get_stat(struct sss_ini_initdata *init_data); /* Get mtime */ int sss_ini_get_mtime(struct sss_ini_initdata *init_data, size_t timestr_len, char *timestr); /* Load configuration */ int sss_ini_get_config(struct sss_ini_initdata *init_data, const char *config_file); /* Get configuration object */ int sss_ini_get_cfgobj(struct sss_ini_initdata *init_data, const char *section, const char *name); /* Check configuration object */ int sss_ini_check_config_obj(struct sss_ini_initdata *init_data); /* Get int value */ int sss_ini_get_int_config_value(struct sss_ini_initdata *init_data, int strict, int def, int *error); /* Destroy ini config */ void sss_ini_config_destroy(struct sss_ini_initdata *init_data); /* Create LDIF */ int sss_confdb_create_ldif(TALLOC_CTX *mem_ctx, struct sss_ini_initdata *init_data, const char **config_ldif); #endif /* __SSS_INI_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/sss_ssh.h0000644000000000000000000000007412320753107017155 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.427875118 sssd-1.11.5/src/util/sss_ssh.h0000664002412700241270000000260012320753107017375 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SSS_SSH_H_ #define _SSS_SSH_H_ #define SSS_SSH_REQ_ALIAS 0x01 #define SSS_SSH_REQ_DOMAIN 0x02 #define SSS_SSH_REQ_MASK 0x03 struct sss_ssh_pubkey { uint8_t *data; size_t data_len; }; struct sss_ssh_ent { char *name; struct sss_ssh_pubkey *pubkeys; size_t num_pubkeys; char **aliases; size_t num_aliases; }; errno_t sss_ssh_make_ent(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct sss_ssh_ent **result); errno_t sss_ssh_format_pubkey(TALLOC_CTX *mem_ctx, struct sss_ssh_pubkey *pubkey, char **result); #endif /* _SSS_SSH_H_ */ sssd-1.11.5/src/util/PaxHeaders.13173/signal.c0000644000000000000000000000007412320753107016740 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.674874936 sssd-1.11.5/src/util/signal.c0000664002412700241270000000677712320753107017203 0ustar00jhrozekjhrozek00000000000000/* Unix SMB/CIFS implementation. signal handling functions Copyright (C) Andrew Tridgell 1998 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include #include /** * @file * @brief Signal handling */ /**************************************************************************** Catch child exits and reap the child zombie status. ****************************************************************************/ static void sig_cld(int signum) { while (waitpid((pid_t)-1,(int *)NULL, WNOHANG) > 0) ; /* * Turns out it's *really* important not to * restore the signal handler here if we have real POSIX * signal handling. If we do, then we get the signal re-delivered * immediately - hey presto - instant loop ! JRA. */ #if !defined(HAVE_SIGACTION) CatchSignal(SIGCLD, sig_cld); #endif } /**************************************************************************** catch child exits - leave status; ****************************************************************************/ static void sig_cld_leave_status(int signum) { /* * Turns out it's *really* important not to * restore the signal handler here if we have real POSIX * signal handling. If we do, then we get the signal re-delivered * immediately - hey presto - instant loop ! JRA. */ #if !defined(HAVE_SIGACTION) CatchSignal(SIGCLD, sig_cld_leave_status); #endif } /** Block sigs. **/ void BlockSignals(bool block, int signum) { #ifdef HAVE_SIGPROCMASK sigset_t set; sigemptyset(&set); sigaddset(&set,signum); sigprocmask(block?SIG_BLOCK:SIG_UNBLOCK,&set,NULL); #elif defined(HAVE_SIGBLOCK) if (block) { sigblock(sigmask(signum)); } else { sigsetmask(siggetmask() & ~sigmask(signum)); } #else /* yikes! This platform can't block signals? */ static int done; if (!done) { DEBUG(0,("WARNING: No signal blocking available\n")); done=1; } #endif } /** Catch a signal. This should implement the following semantics: 1) The handler remains installed after being called. 2) The signal should be blocked during handler execution. **/ void (*CatchSignal(int signum,void (*handler)(int )))(int) { #ifdef HAVE_SIGACTION struct sigaction act; struct sigaction oldact; ZERO_STRUCT(act); act.sa_handler = handler; #ifdef SA_RESTART /* * We *want* SIGALRM to interrupt a system call. */ if(signum != SIGALRM) act.sa_flags = SA_RESTART; #endif sigemptyset(&act.sa_mask); sigaddset(&act.sa_mask,signum); sigaction(signum,&act,&oldact); return oldact.sa_handler; #else /* !HAVE_SIGACTION */ /* FIXME: need to handle sigvec and systems with broken signal() */ return signal(signum, handler); #endif } /** Ignore SIGCLD via whatever means is necessary for this OS. **/ void CatchChild(void) { CatchSignal(SIGCLD, sig_cld); } /** Catch SIGCLD but leave the child around so it's status can be reaped. **/ void CatchChildLeaveStatus(void) { CatchSignal(SIGCLD, sig_cld_leave_status); } sssd-1.11.5/src/util/PaxHeaders.13173/sss_python.h0000644000000000000000000000007412320753107017701 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.423875121 sssd-1.11.5/src/util/sss_python.h0000664002412700241270000000355412320753107020132 0ustar00jhrozekjhrozek00000000000000#ifndef __SSS_PYTHON_H__ #define __SSS_PYTHON_H__ #include #include #include "util/util.h" #if PY_VERSION_HEX < 0x02050000 #define sss_py_const_p(type, value) discard_const_p(type, (value)) #else #define sss_py_const_p(type, value) (value) #endif /* Py_ssize_t compatibility for python < 2.5 as per * http://www.python.org/dev/peps/pep-0353/ */ #ifndef HAVE_PY_SSIZE_T typedef int Py_ssize_t; #endif #ifndef PY_SSIZE_T_MAX #define PY_SSIZE_T_MAX INT_MAX #endif #ifndef PY_SSIZE_T_MIN #define PY_SSIZE_T_MIN INT_MIN #endif /* Wrappers providing the subset of C API for python's set objects we use */ PyObject *sss_python_set_new(void); int sss_python_set_add(PyObject *set, PyObject *key); bool sss_python_set_check(PyObject *set); /* Unicode compatibility */ PyObject *sss_python_unicode_from_string(const char *u); /* Exceptions compatibility */ PyObject * sss_exception_with_doc(char *name, char *doc, PyObject *base, PyObject *dict); /* PyModule_AddIntMacro() compatibility */ #if !HAVE_DECL_PYMODULE_ADDINTMACRO #define PyModule_AddIntMacro(m, c) PyModule_AddIntConstant(m, sss_py_const_p(char, #c), c) #endif /* Convenience macros */ #define TYPE_READY(module, type, name) do { \ if (PyType_Ready(&type) < 0) \ return; \ Py_INCREF(&type); \ PyModule_AddObject(module, \ discard_const_p(char, name), \ (PyObject *) &type); \ } while(0) \ #define SAFE_SET(old, new) do { \ PyObject *__simple_set_tmp = NULL; \ __simple_set_tmp = old; \ Py_INCREF(new); \ old = new; \ Py_XDECREF(__simple_set_tmp); \ } while(0) #endif /* __SSS_PYTHON_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/util_errors.h0000644000000000000000000000007412320753107020041 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.419875124 sssd-1.11.5/src/util/util_errors.h0000664002412700241270000000602612320753107020267 0ustar00jhrozekjhrozek00000000000000/* Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Authors: Simo Sorce */ #ifndef __SSSD_UTIL_ERRORS_H__ #define __SSSD_UTIL_ERRORS_H__ #ifndef HAVE_ERRNO_T #define HAVE_ERRNO_T typedef int errno_t; #endif /* * We define a specific number space so that we do not overlap with other * generic errors returned by various libraries. This will make it easy * to have functions that double check that what was returned was a SSSD * specific error where it matters. For example we may want to ensure some * particularly sensitive paths only return SSSD sepcific errors as that * will insure all error conditions have been explicitly dealt with, * and are not the result of assigning the wrong return result. * * Basic system errno errors can still be used, but when an error condition * does not properly map to a system error we should use a SSSD specific one */ #define ERR_BASE 0x555D0000 #define ERR_MASK 0x0000FFFF /* never use ERR_INVALID, it is used for catching and returning * information on invalid error numbers */ /* never use ERR_LAST, this represent the maximum error value available * and is used to validate error codes */ enum sssd_errors { ERR_INVALID = ERR_BASE + 0, ERR_INTERNAL, ERR_ACCOUNT_UNKNOWN, ERR_INVALID_CRED_TYPE, ERR_NO_CREDS, ERR_CREDS_EXPIRED, ERR_CREDS_INVALID, ERR_NO_CACHED_CREDS, ERR_CACHED_CREDS_EXPIRED, ERR_AUTH_DENIED, ERR_AUTH_FAILED, ERR_CHPASS_DENIED, ERR_CHPASS_FAILED, ERR_NETWORK_IO, ERR_ACCOUNT_EXPIRED, ERR_PASSWORD_EXPIRED, ERR_ACCESS_DENIED, ERR_SRV_NOT_FOUND, ERR_SRV_LOOKUP_ERROR, ERR_SRV_DUPLICATES, ERR_DYNDNS_FAILED, ERR_DYNDNS_TIMEOUT, ERR_DYNDNS_OFFLINE, ERR_NOT_FOUND, ERR_DOMAIN_NOT_FOUND, ERR_MISSING_CONF, ERR_INVALID_FILTER, ERR_NO_POSIX, ERR_LAST /* ALWAYS LAST */ }; #define SSSD_ERR_BASE(err) ((err) & ~ERR_MASK) #define SSSD_ERR_IDX(err) ((err) & ERR_MASK) #define IS_SSSD_ERROR(err) \ ((SSSD_ERR_BASE(err) == ERR_BASE) && ((err) < ERR_LAST)) #define ERR_OK 0 /* Backwards compat */ #ifndef EOK #define EOK ERR_OK #endif /** * @brief return a string descriing the error number like strerror() * * @param error An errno_t number, can be a SSSD error or a system error * * @return A statically allocated string. */ const char *sss_strerror(errno_t error); #endif /* __SSSD_UTIL_ERRORS_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/sss_tc_utf8.c0000644000000000000000000000007412320753107017727 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.680874931 sssd-1.11.5/src/util/sss_tc_utf8.c0000664002412700241270000000473112320753107020156 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/sss_utf8.h" char * sss_tc_utf8_str_tolower(TALLOC_CTX *mem_ctx, const char *s) { size_t nlen; uint8_t *ret; ret = sss_tc_utf8_tolower(mem_ctx, (const uint8_t *) s, strlen(s), &nlen); if (!ret) return NULL; ret = talloc_realloc(mem_ctx, ret, uint8_t, nlen+1); if (!ret) return NULL; ret[nlen] = '\0'; return (char *) ret; } uint8_t * sss_tc_utf8_tolower(TALLOC_CTX *mem_ctx, const uint8_t *s, size_t len, size_t *_nlen) { uint8_t *lower; uint8_t *ret; size_t nlen; lower = sss_utf8_tolower(s, len, &nlen); if (!lower) return NULL; ret = talloc_memdup(mem_ctx, lower, nlen); sss_utf8_free(lower); if (!ret) return NULL; *_nlen = nlen; return ret; } errno_t sss_filter_sanitize_for_dom(TALLOC_CTX *mem_ctx, const char *input, struct sss_domain_info *dom, char **sanitized, char **lc_sanitized) { int ret; ret = sss_filter_sanitize(mem_ctx, input, sanitized); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sss_filter_sanitize failed.\n")); return ret; } if (dom->case_sensitive) { *lc_sanitized = talloc_strdup(mem_ctx, *sanitized); } else { *lc_sanitized = sss_tc_utf8_str_tolower(mem_ctx, *sanitized); } if (*lc_sanitized == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("%s failed.\n", dom->case_sensitive ? "talloc_strdup" : "sss_tc_utf8_str_tolower")); return ENOMEM; } return EOK; } sssd-1.11.5/src/util/PaxHeaders.13173/dlinklist.h0000644000000000000000000000007412320753107017465 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.417875126 sssd-1.11.5/src/util/dlinklist.h0000664002412700241270000000716412320753107017717 0ustar00jhrozekjhrozek00000000000000/* Unix SMB/CIFS implementation. some simple double linked list macros Copyright (C) Andrew Tridgell 1998 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* To use these macros you must have a structure containing a next and prev pointer */ #ifndef _DLINKLIST_H #define _DLINKLIST_H /* hook into the front of the list */ #define DLIST_ADD(list, p) \ do { \ if (!(list)) { \ (list) = (p); \ (p)->next = (p)->prev = NULL; \ } else { \ (list)->prev = (p); \ (p)->next = (list); \ (p)->prev = NULL; \ (list) = (p); \ }\ } while (0) /* remove an element from a list - element doesn't have to be in list. */ #define DLIST_REMOVE(list, p) \ do { \ if ((p) == (list)) { \ (list) = (p)->next; \ if (list) (list)->prev = NULL; \ } else { \ if ((p)->prev) (p)->prev->next = (p)->next; \ if ((p)->next) (p)->next->prev = (p)->prev; \ } \ if ((p) != (list)) (p)->next = (p)->prev = NULL; \ } while (0) /* promote an element to the top of the list */ #define DLIST_PROMOTE(list, p) \ do { \ DLIST_REMOVE(list, p); \ DLIST_ADD(list, p); \ } while (0) /* hook into the end of the list - needs a tmp pointer */ #define DLIST_ADD_END(list, p, type) \ do { \ if (!(list)) { \ (list) = (p); \ (p)->next = (p)->prev = NULL; \ } else { \ type tmp; \ for (tmp = (list); tmp->next; tmp = tmp->next) ; \ tmp->next = (p); \ (p)->next = NULL; \ (p)->prev = tmp; \ } \ } while (0) /* insert 'p' after the given element 'el' in a list. If el is NULL then this is the same as a DLIST_ADD() */ #define DLIST_ADD_AFTER(list, p, el) \ do { \ if (!(list) || !(el)) { \ DLIST_ADD(list, p); \ } else { \ p->prev = el; \ p->next = el->next; \ el->next = p; \ if (p->next) p->next->prev = p; \ }\ } while (0) /* demote an element to the end of the list, needs a tmp pointer */ #define DLIST_DEMOTE(list, p, type) \ do { \ DLIST_REMOVE(list, p); \ DLIST_ADD_END(list, p, type); \ } while (0) /* concatenate two lists - putting all elements of the 2nd list at the end of the first list */ #define DLIST_CONCATENATE(list1, list2, type) \ do { \ if (!(list1)) { \ (list1) = (list2); \ } else { \ type tmp; \ for (tmp = (list1); tmp->next; tmp = tmp->next) ; \ tmp->next = (list2); \ if (list2) { \ (list2)->prev = tmp; \ } \ } \ } while (0) /* insert all elements from list2 after the given element 'el' in the * first list */ #define DLIST_ADD_LIST_AFTER(list1, el, list2, type) \ do { \ if (!(list1) || !(el) || !(list2)) { \ DLIST_CONCATENATE(list1, list2, type); \ } else { \ type tmp; \ for (tmp = (list2); tmp->next; tmp = tmp->next) ; \ (list2)->prev = (el); \ tmp->next = (el)->next; \ (el)->next = (list2); \ if (tmp->next != NULL) tmp->next->prev = tmp; \ } \ } while (0); #define DLIST_FOR_EACH(p, list) \ for ((p) = (list); (p) != NULL; (p) = (p)->next) #endif /* _DLINKLIST_H */ sssd-1.11.5/src/util/PaxHeaders.13173/find_uid.h0000644000000000000000000000007412320753107017251 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.430875116 sssd-1.11.5/src/util/find_uid.h0000664002412700241270000000204412320753107017473 0ustar00jhrozekjhrozek00000000000000/* SSSD Create uid table Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __FIND_UID_H__ #define __FIND_UID_H__ #include #include #include "dhash.h" #include "util/util.h" errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table); errno_t check_if_uid_is_active(uid_t uid, bool *result); #endif /* __FIND_UID_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/util_errors.c0000644000000000000000000000007412320753107020034 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.685874928 sssd-1.11.5/src/util/util_errors.c0000664002412700241270000000517412320753107020265 0ustar00jhrozekjhrozek00000000000000/* Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Authors: Simo Sorce */ #include "util/util.h" struct err_string { const char *msg; }; struct err_string error_to_str[] = { { "Invalid Error" }, /* ERR_INVALID */ { "Internal Error" }, /* ERR_INTERNAL */ { "Account Unknown" }, /* ERR_ACCOUNT_UNKNOWN */ { "Invalid credential type" }, /* ERR_INVALID_CRED_TYPE */ { "No credentials available" }, /* ERR_NO_CREDS */ { "Credentials are expired" }, /* ERR_CREDS_EXPIRED */ { "Failure setting user credentials"}, /* ERR_CREDS_INVALID */ { "No cached credentials available" }, /* ERR_NO_CACHED_CREDS */ { "Cached credentials are expired" }, /* ERR_CACHED_CREDS_EXPIRED */ { "Authentication Denied" }, /* ERR_AUTH_DENIED */ { "Authentication Failed" }, /* ERR_AUTH_FAILED */ { "Password Change Denied" }, /* ERR_CHPASS_DENIED */ { "Password Change Failed" }, /* ERR_CHPASS_FAILED */ { "Network I/O Error" }, /* ERR_NETWORK_IO */ { "Account Expired" }, /* ERR_ACCOUNT_EXPIRED */ { "Password Expired" }, /* ERR_PASSWORD_EXPIRED */ { "Host Access Denied" }, /* ERR_ACCESS_DENIED */ { "SRV record not found" }, /* ERR_SRV_NOT_FOUND */ { "SRV lookup error" }, /* ERR_SRV_LOOKUP_ERROR */ { "SRV lookup did not return any new server "}, /* ERR_SRV_DUPLICATES */ { "Dynamic DNS update failed" }, /* ERR_DYNDNS_FAILED */ { "Dynamic DNS update timed out" }, /* ERR_DYNDNS_TIMEOUT */ { "Dynamic DNS update not possible while offline" }, /* ERR_DYNDNS_OFFLINE */ { "Entry not found" }, /* ERR_NOT_FOUND */ { "Domain not found" }, /* ERR_DOMAIN_NOT_FOUND */ { "Missing configuration file" }, /* ERR_MISSING_CONF */ { "Malformed search filter" }, /* ERR_INVALID_FILTER, */ { "No POSIX attributes detected" }, /* ERR_NO_POSIX */ }; const char *sss_strerror(errno_t error) { if (IS_SSSD_ERROR(error)) { return error_to_str[SSSD_ERR_IDX(error)].msg; } return strerror(error); } sssd-1.11.5/src/util/PaxHeaders.13173/sss_log.c0000644000000000000000000000007312320753107017133 xustar000000000000000030 atime=1396954939.277891423 29 ctime=1396954961.57387501 sssd-1.11.5/src/util/sss_log.c0000664002412700241270000000331312320753107017356 0ustar00jhrozekjhrozek00000000000000/* SSSD sss_log.c Authors: Stephen Gallagher Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include static int sss_to_syslog(int priority) { switch(priority) { case SSS_LOG_EMERG: return LOG_EMERG; case SSS_LOG_ALERT: return LOG_ALERT; case SSS_LOG_CRIT: return LOG_CRIT; case SSS_LOG_ERR: return LOG_ERR; case SSS_LOG_WARNING: return LOG_WARNING; case SSS_LOG_NOTICE: return LOG_NOTICE; case SSS_LOG_INFO: return LOG_INFO; case SSS_LOG_DEBUG: return LOG_DEBUG; default: /* If we've been passed an invalid priority, it's * best to assume it's an emergency. */ return LOG_EMERG; } } void sss_log(int priority, const char *format, ...) { va_list ap; int syslog_priority; syslog_priority = sss_to_syslog(priority); openlog(debug_prg_name, 0, LOG_DAEMON); va_start(ap, format); vsyslog(syslog_priority, format, ap); va_end(ap); closelog(); } sssd-1.11.5/src/util/PaxHeaders.13173/crypto0000644000000000000000000000013212320753521016555 xustar000000000000000030 mtime=1396954961.416875126 30 atime=1396955003.533843848 30 ctime=1396954961.416875126 sssd-1.11.5/src/util/crypto/0000775002412700241270000000000012320753521017061 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/util/crypto/PaxHeaders.13173/nss0000644000000000000000000000013212320753521017360 xustar000000000000000030 mtime=1396954961.571875012 30 atime=1396955003.533843848 30 ctime=1396954961.571875012 sssd-1.11.5/src/util/crypto/nss/0000775002412700241270000000000012320753521017664 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/util/crypto/nss/PaxHeaders.13173/nss_util.h0000644000000000000000000000007412320753107021453 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.508875058 sssd-1.11.5/src/util/crypto/nss/nss_util.h0000664002412700241270000000147312320753107021702 0ustar00jhrozekjhrozek00000000000000/* SSSD NSS crypto wrappers Authors: Jakub Hrozek Copyright (C) Red Hat, Inc 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ int nspr_nss_init(void); int nspr_nss_cleanup(void); sssd-1.11.5/src/util/crypto/nss/PaxHeaders.13173/nss_util.c0000644000000000000000000000007412320753107021446 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.571875012 sssd-1.11.5/src/util/crypto/nss/nss_util.c0000664002412700241270000000334212320753107021672 0ustar00jhrozekjhrozek00000000000000/* SSSD NSS crypto wrappers Authors: Sumit Bose Jakub Hrozek Copyright (C) Red Hat, Inc 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include #include #include #include #include "util/util.h" static int nspr_nss_init_done = 0; int nspr_nss_init(void) { SECStatus sret; /* nothing to do */ if (nspr_nss_init_done == 1) return SECSuccess; PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); sret = NSS_NoDB_Init(NULL); if (sret != SECSuccess) { DEBUG(1, ("Error initializing connection to NSS [%d]\n", PR_GetError())); return EIO; } nspr_nss_init_done = 1; return EOK; } int nspr_nss_cleanup(void) { SECStatus sret; /* nothing to do */ if (nspr_nss_init_done == 0) return SECSuccess; sret = NSS_Shutdown(); if (sret != SECSuccess) { DEBUG(1, ("Error shutting down connection to NSS [%d]\n", PR_GetError())); return EIO; } PR_Cleanup(); nspr_nss_init_done = 0; return EOK; } sssd-1.11.5/src/util/crypto/nss/PaxHeaders.13173/nss_obfuscate.c0000644000000000000000000000007412320753107022444 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.571875012 sssd-1.11.5/src/util/crypto/nss/nss_obfuscate.c0000664002412700241270000003337212320753107022676 0ustar00jhrozekjhrozek00000000000000/* SSSD Password obfuscation logic Author: Jakub Hrozek Copyright (C) Red Hat, Inc 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* * READ ME: * * Please note that password obfuscation does not improve security in any * way. It is just a mechanism to make the password human-unreadable. If you * need to secure passwords in your application, you should probably take a * look at storing passwords in NSS-backed database. */ #include "config.h" #include #include #include #include #include #include "util/util.h" #include "util/crypto/sss_crypto.h" #include "util/crypto/nss/nss_util.h" #define OBF_BUFFER_SENTINEL "\0\1\2\3" #define OBF_BUFFER_SENTINEL_SIZE 4 #define MAKE_SECITEM(sdata, slen, sitem) do { \ (sitem)->type = (siBuffer); \ (sitem)->data = (sdata); \ (sitem)->len = (slen); \ } while(0) struct sss_nss_crypto_ctx { PK11SlotInfo *slot; PK11Context *ectx; PK11SymKey *keyobj; SECItem *sparam; SECItem *iv; SECItem *key; }; struct crypto_mech_data { CK_MECHANISM_TYPE cipher; uint16_t keylen; uint16_t bsize; }; static struct crypto_mech_data cmdata[] = { /* AES with automatic padding, 256b key, 128b block */ { CKM_AES_CBC_PAD, 32, 16 }, /* sentinel */ { 0, 0, 0 } }; static struct crypto_mech_data *get_crypto_mech_data(enum obfmethod meth) { if (meth >= NUM_OBFMETHODS) { DEBUG(1, ("Unsupported cipher type\n")); return NULL; } return &cmdata[meth]; } static int generate_random_key(TALLOC_CTX *mem_ctx, PK11SlotInfo *slot, struct crypto_mech_data *mech_props, SECItem **_key) { SECStatus sret; SECItem *randkeydata; SECItem *key = NULL; PK11SymKey *randkey; int ret; randkey = PK11_KeyGen(slot, mech_props->cipher, NULL, mech_props->keylen, NULL); if (randkey == NULL) { DEBUG(1, ("Failure to generate key (err %d)\n", PR_GetError())); ret = EIO; goto done; } sret = PK11_ExtractKeyValue(randkey); if (sret != SECSuccess) { DEBUG(1, ("Failure to extract key value (err %d)\n", PR_GetError())); ret = EIO; goto done; } randkeydata = PK11_GetKeyData(randkey); if (randkeydata == NULL) { DEBUG(1, ("Failure to get key data (err %d)\n", PR_GetError())); ret = EIO; goto done; } /* randkeydata is valid until randkey is. Copy with talloc to * get a nice memory hierarchy symmetrical in encrypt * and decrypt case */ key = talloc_zero(mem_ctx, SECItem); if (!key) { ret = ENOMEM; goto done; } key->data = talloc_memdup(key, randkeydata->data, randkeydata->len); if (!key->data) { ret = ENOMEM; goto done; } key->len = randkeydata->len; *_key = key; ret = EOK; done: if (ret != EOK) talloc_zfree(key); PK11_FreeSymKey(randkey); return ret; } static int sss_nss_crypto_ctx_destructor(struct sss_nss_crypto_ctx *cctx) { if (cctx->ectx) PK11_DestroyContext(cctx->ectx, PR_TRUE); if (cctx->sparam) SECITEM_FreeItem(cctx->sparam, PR_TRUE); if (cctx->slot) PK11_FreeSlot(cctx->slot); if (cctx->keyobj) PK11_FreeSymKey(cctx->keyobj); return EOK; } static int nss_ctx_init(TALLOC_CTX *mem_ctx, struct crypto_mech_data *mech_props, struct sss_nss_crypto_ctx **_cctx) { struct sss_nss_crypto_ctx *cctx; int ret; cctx = talloc_zero(mem_ctx, struct sss_nss_crypto_ctx); if (!cctx) { return ENOMEM; } talloc_set_destructor(cctx, sss_nss_crypto_ctx_destructor); cctx->slot = PK11_GetBestSlot(mech_props->cipher, NULL); if (cctx->slot == NULL) { DEBUG(1, ("Unable to find security device (err %d)\n", PR_GetError())); ret = EIO; goto done; } ret = EOK; *_cctx = cctx; done: if (ret) talloc_zfree(cctx); return ret; } static int nss_encrypt_decrypt_init(struct crypto_mech_data *mech_props, bool do_encrypt, struct sss_nss_crypto_ctx *cctx) { CK_ATTRIBUTE_TYPE op; int ret; op = do_encrypt ? CKA_ENCRYPT : CKA_DECRYPT; /* turn the raw key into a key object */ cctx->keyobj = PK11_ImportSymKey(cctx->slot, mech_props->cipher, PK11_OriginUnwrap, op, cctx->key, NULL); if (cctx->keyobj == NULL) { DEBUG(1, ("Failure to import key into NSS (err %d)\n", PR_GetError())); ret = EIO; goto done; } /* turn the raw IV into a initialization vector object */ cctx->sparam = PK11_ParamFromIV(mech_props->cipher, cctx->iv); if (cctx->sparam == NULL) { DEBUG(1, ("Failure to set up PKCS11 param (err %d)\n", PR_GetError())); ret = EIO; goto done; } /* Create cipher context */ cctx->ectx = PK11_CreateContextBySymKey(mech_props->cipher, op, cctx->keyobj, cctx->sparam); if (cctx->ectx == NULL) { DEBUG(1, ("Cannot create cipher context (err %d)\n", PORT_GetError())); ret = EIO; goto done; } ret = EOK; done: return ret; } int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, enum obfmethod meth, char **obfpwd) { SECStatus sret; int ret; TALLOC_CTX *tmp_ctx = NULL; struct crypto_mech_data *mech_props; struct sss_nss_crypto_ctx *cctx; unsigned char *plaintext; unsigned char *cryptotext; int ct_maxsize; int ctlen; unsigned int digestlen; int result_len; unsigned char *obfbuf; size_t obufsize = 0; size_t p = 0; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { return ENOMEM; } /* initialize NSS if needed */ ret = nspr_nss_init(); if (ret != EOK) { ret = EIO; goto done; } mech_props = get_crypto_mech_data(meth); if (mech_props == NULL) { ret = EINVAL; goto done; } ret = nss_ctx_init(tmp_ctx, mech_props, &cctx); if (ret) { DEBUG(1, ("Cannot initialize NSS context\n")); goto done; } /* generate random encryption and IV key */ ret = generate_random_key(cctx, cctx->slot, mech_props, &cctx->key); if (ret != EOK) { DEBUG(1, ("Could not generate encryption key\n")); goto done; } ret = generate_random_key(cctx, cctx->slot, mech_props, &cctx->iv); if (ret != EOK) { DEBUG(1, ("Could not generate initialization vector\n")); goto done; } ret = nss_encrypt_decrypt_init(mech_props, true, cctx); if (ret) { DEBUG(1, ("Cannot initialize NSS context properties\n")); goto done; } plaintext = (unsigned char *) talloc_strndup(tmp_ctx, password, plen); if (!plaintext) { ret = ENOMEM; goto done; } /* cryptotext buffer must be at least len(plaintext)+blocksize */ ct_maxsize = plen + (mech_props->bsize); cryptotext = talloc_array(tmp_ctx, unsigned char, ct_maxsize); if (!cryptotext) { ret = ENOMEM; goto done; } /* sample data we'll encrypt and decrypt */ sret = PK11_CipherOp(cctx->ectx, cryptotext, &ctlen, ct_maxsize, plaintext, plen); if (sret != SECSuccess) { DEBUG(1, ("Cannot execute the encryption operation (err %d)\n", PR_GetError())); ret = EIO; goto done; } sret = PK11_DigestFinal(cctx->ectx, cryptotext+ctlen, &digestlen, ct_maxsize-ctlen); if (sret != SECSuccess) { DEBUG(1, ("Cannot execute the digest operation (err %d)\n", PR_GetError())); ret = EIO; goto done; } result_len = ctlen + digestlen; /* Pack the obfuscation buffer */ /* The buffer consists of: * uint16_t the type of the cipher * uint32_t length of the cryptotext in bytes (clen) * uint8_t[klen] key * uint8_t[blen] IV * uint8_t[clen] cryptotext * 4 bytes of "sentinel" denoting end of the buffer */ obufsize = sizeof(uint16_t) + sizeof(uint32_t) + mech_props->keylen + mech_props->bsize + result_len + OBF_BUFFER_SENTINEL_SIZE; obfbuf = talloc_array(tmp_ctx, unsigned char, obufsize); if (!obfbuf) { ret = ENOMEM; goto done; } DEBUG(8, ("Writing method: %d\n", meth)); SAFEALIGN_SET_UINT16(&obfbuf[p], meth, &p); DEBUG(8, ("Writing bufsize: %d\n", result_len)); SAFEALIGN_SET_UINT16(&obfbuf[p], result_len, &p); safealign_memcpy(&obfbuf[p], cctx->key->data, mech_props->keylen, &p); safealign_memcpy(&obfbuf[p], cctx->iv->data, mech_props->bsize, &p); safealign_memcpy(&obfbuf[p], cryptotext, result_len, &p); safealign_memcpy(&obfbuf[p], OBF_BUFFER_SENTINEL, OBF_BUFFER_SENTINEL_SIZE, &p); /* Base64 encode the resulting buffer */ *obfpwd = sss_base64_encode(mem_ctx, obfbuf, obufsize); if (*obfpwd == NULL) { ret = ENOMEM; goto done; } ret = EOK; done: talloc_free(tmp_ctx); nspr_nss_cleanup(); return ret; } int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, char **password) { SECStatus sret; int ret; TALLOC_CTX *tmp_ctx = NULL; struct crypto_mech_data *mech_props; struct sss_nss_crypto_ctx *cctx; int plainlen; unsigned int digestlen; unsigned char *obfbuf = NULL; size_t obflen; char *pwdbuf; /* for unmarshaling data */ uint16_t meth; uint16_t ctsize; size_t p = 0; unsigned char *cryptotext; unsigned char *keybuf; unsigned char *ivbuf; unsigned char sentinel_check[OBF_BUFFER_SENTINEL_SIZE]; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { return ENOMEM; } /* initialize NSS if needed */ ret = nspr_nss_init(); if (ret != EOK) { ret = EIO; goto done; } /* Base64 decode the incoming buffer */ obfbuf = sss_base64_decode(tmp_ctx, b64encoded, &obflen); if (!obfbuf) { ret = ENOMEM; goto done; } /* unpack obfuscation buffer */ SAFEALIGN_COPY_UINT16_CHECK(&meth, obfbuf+p, obflen, &p); DEBUG(8, ("Read method: %d\n", meth)); SAFEALIGN_COPY_UINT16_CHECK(&ctsize, obfbuf+p, obflen, &p); DEBUG(8, ("Read bufsize: %d\n", ctsize)); mech_props = get_crypto_mech_data(meth); if (mech_props == NULL) { ret = EINVAL; goto done; } /* check that we got sane mechanism properties and cryptotext size */ memcpy(sentinel_check, obfbuf + p + mech_props->keylen + mech_props->bsize + ctsize, OBF_BUFFER_SENTINEL_SIZE); if (memcmp(sentinel_check, OBF_BUFFER_SENTINEL, OBF_BUFFER_SENTINEL_SIZE) != 0) { DEBUG(0, ("Obfuscation buffer seems corrupt, aborting\n")); ret = EFAULT; goto done; } /* copy out key, ivbuf and cryptotext */ keybuf = talloc_array(tmp_ctx, unsigned char, mech_props->keylen); if (keybuf == NULL) { ret = ENOMEM; goto done; } safealign_memcpy(keybuf, obfbuf+p, mech_props->keylen, &p); ivbuf = talloc_array(tmp_ctx, unsigned char, mech_props->bsize); if (ivbuf == NULL) { ret = ENOMEM; goto done; } safealign_memcpy(ivbuf, obfbuf+p, mech_props->bsize, &p); cryptotext = talloc_array(tmp_ctx, unsigned char, ctsize); if (cryptotext == NULL) { ret = ENOMEM; goto done; } safealign_memcpy(cryptotext, obfbuf+p, ctsize, &p); ret = nss_ctx_init(tmp_ctx, mech_props, &cctx); if (ret) { DEBUG(1, ("Cannot initialize NSS context\n")); goto done; } cctx->iv = talloc_zero(cctx, SECItem); cctx->key = talloc_zero(cctx, SECItem); if (!cctx->iv || !cctx->key) { ret = ENOMEM; goto done; } MAKE_SECITEM(ivbuf, mech_props->bsize, cctx->iv); MAKE_SECITEM(keybuf, mech_props->keylen, cctx->key); ret = nss_encrypt_decrypt_init(mech_props, false, cctx); if (ret) { goto done; } pwdbuf = talloc_array(tmp_ctx, char, ctsize); if (!pwdbuf) { ret = ENOMEM; goto done; } sret = PK11_CipherOp(cctx->ectx, (unsigned char *) pwdbuf, &plainlen, ctsize, cryptotext, ctsize); if (sret != SECSuccess) { DEBUG(1, ("Cannot execute the encryption operation (err %d)\n", PR_GetError())); ret = EIO; goto done; } sret = PK11_DigestFinal(cctx->ectx, (unsigned char *) pwdbuf+plainlen, &digestlen, ctsize - plainlen); if (sret != SECSuccess) { DEBUG(1, ("Cannot execute the encryption operation (err %d)\n", PR_GetError())); ret = EIO; goto done; } *password = talloc_move(mem_ctx, &pwdbuf); ret = EOK; done: talloc_free(tmp_ctx); nspr_nss_cleanup(); return ret; } sssd-1.11.5/src/util/crypto/nss/PaxHeaders.13173/nss_hmac_sha1.c0000644000000000000000000000007412320753107022315 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.569875013 sssd-1.11.5/src/util/crypto/nss/nss_hmac_sha1.c0000664002412700241270000000516512320753107022546 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* NSS does not provide public API for HMAC, so we implement it ourselves. See RFC 2104 for details on the algorithm. */ #include "util/util.h" #include "util/crypto/sss_crypto.h" #include "util/crypto/nss/nss_util.h" #include #define HMAC_SHA1_BLOCKSIZE 64 int sss_hmac_sha1(const unsigned char *key, size_t key_len, const unsigned char *in, size_t in_len, unsigned char *out) { int ret; unsigned char ikey[HMAC_SHA1_BLOCKSIZE], okey[HMAC_SHA1_BLOCKSIZE]; size_t i; HASHContext *sha1; unsigned char hash[SSS_SHA1_LENGTH]; unsigned int res_len; ret = nspr_nss_init(); if (ret != EOK) { return ret; } sha1 = HASH_Create(HASH_AlgSHA1); if (!sha1) { return ENOMEM; } if (key_len > HMAC_SHA1_BLOCKSIZE) { /* keys longer than blocksize are shortened */ HASH_Begin(sha1); HASH_Update(sha1, key, key_len); HASH_End(sha1, ikey, &res_len, SSS_SHA1_LENGTH); memset(ikey + SSS_SHA1_LENGTH, 0, HMAC_SHA1_BLOCKSIZE - SSS_SHA1_LENGTH); } else { /* keys shorter than blocksize are zero-padded */ memcpy(ikey, key, key_len); if (key_len != HMAC_SHA1_BLOCKSIZE) { memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len); } } /* HMAC(key, msg) = HASH(key XOR opad, HASH(key XOR ipad, msg)) */ for (i = 0; i < HMAC_SHA1_BLOCKSIZE; i++) { okey[i] = ikey[i] ^ 0x5c; ikey[i] ^= 0x36; } HASH_Begin(sha1); HASH_Update(sha1, ikey, HMAC_SHA1_BLOCKSIZE); HASH_Update(sha1, in, in_len); HASH_End(sha1, hash, &res_len, SSS_SHA1_LENGTH); HASH_Begin(sha1); HASH_Update(sha1, okey, HMAC_SHA1_BLOCKSIZE); HASH_Update(sha1, hash, SSS_SHA1_LENGTH); HASH_End(sha1, out, &res_len, SSS_SHA1_LENGTH); HASH_Destroy(sha1); return EOK; } sssd-1.11.5/src/util/crypto/nss/PaxHeaders.13173/nss_sha512crypt.c0000644000000000000000000000007412320753107022556 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.570875013 sssd-1.11.5/src/util/crypto/nss/nss_sha512crypt.c0000664002412700241270000002527212320753107023010 0ustar00jhrozekjhrozek00000000000000/* This file is based on the work of Ulrich Drepper * (http://people.redhat.com/drepper/SHA-crypt.txt). I have replaced the * included SHA512 implementation by calls to NSS * (http://www.mozilla.org/projects/security/pki/nss/). * * Sumit Bose */ /* SHA512-based Unix crypt implementation. Released into the Public Domain by Ulrich Drepper . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include "util/util.h" #include "util/sss_endian.h" #include "util/crypto/nss/nss_util.h" #include #include #include #include /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ const char sha512_salt_prefix[] = "$6$"; #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1) /* Prefix for optional rounds specification. */ const char sha512_rounds_prefix[] = "rounds="; #define ROUNDS_SIZE (sizeof(sha512_rounds_prefix) - 1) #define SALT_LEN_MAX 16 #define ROUNDS_DEFAULT 5000 #define ROUNDS_MIN 1000 #define ROUNDS_MAX 999999999 /* Table with characters for base64 transformation. */ const char b64t[64] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; /* base64 conversion function */ static inline void b64_from_24bit(char **dest, size_t *len, size_t n, uint8_t b2, uint8_t b1, uint8_t b0) { uint32_t w; size_t i; if (*len < n) n = *len; w = (b2 << 16) | (b1 << 8) | b0; for (i = 0; i < n; i++) { (*dest)[i] = b64t[w & 0x3f]; w >>= 6; } *len -= i; *dest += i; } #define PTR_2_INT(x) ((x) - ((__typeof__ (x)) NULL)) #define ALIGN64 __alignof__(uint64_t) static int sha512_crypt_r(const char *key, const char *salt, char *buffer, size_t buflen) { unsigned char temp_result[64] __attribute__((__aligned__(ALIGN64))); unsigned char alt_result[64] __attribute__((__aligned__(ALIGN64))); size_t rounds = ROUNDS_DEFAULT; bool rounds_custom = false; HASHContext *alt_ctx = NULL; HASHContext *ctx = NULL; size_t salt_len; size_t key_len; size_t cnt; char *copied_salt = NULL; char *copied_key = NULL; char *p_bytes = NULL; char *s_bytes = NULL; int p1, p2, p3, pt, n; unsigned int part; char *cp, *tmp; int ret; /* Find beginning of salt string. The prefix should normally always be * present. Just in case it is not. */ if (strncmp(salt, sha512_salt_prefix, SALT_PREF_SIZE) == 0) { /* Skip salt prefix. */ salt += SALT_PREF_SIZE; } if (strncmp(salt, sha512_rounds_prefix, ROUNDS_SIZE) == 0) { unsigned long int srounds; const char *num; char *endp; num = salt + ROUNDS_SIZE; srounds = strtoul(num, &endp, 10); if (*endp == '$') { salt = endp + 1; if (srounds < ROUNDS_MIN) srounds = ROUNDS_MIN; if (srounds > ROUNDS_MAX) srounds = ROUNDS_MAX; rounds = srounds; rounds_custom = true; } } salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX); key_len = strlen(key); if ((PTR_2_INT(key) % ALIGN64) != 0) { tmp = (char *)alloca(key_len + ALIGN64); key = copied_key = memcpy(tmp + ALIGN64 - PTR_2_INT(tmp) % ALIGN64, key, key_len); } if (PTR_2_INT(salt) % ALIGN64 != 0) { tmp = (char *)alloca(salt_len + ALIGN64); salt = copied_salt = memcpy(tmp + ALIGN64 - PTR_2_INT(tmp) % ALIGN64, salt, salt_len); } ret = nspr_nss_init(); if (ret != EOK) { ret = EIO; goto done; } ctx = HASH_Create(HASH_AlgSHA512); if (!ctx) { ret = EIO; goto done; } alt_ctx = HASH_Create(HASH_AlgSHA512); if (!alt_ctx) { ret = EIO; goto done; } /* Prepare for the real work. */ HASH_Begin(ctx); /* Add the key string. */ HASH_Update(ctx, (const unsigned char *)key, key_len); /* The last part is the salt string. This must be at most 16 * characters and it ends at the first `$' character (for * compatibility with existing implementations). */ HASH_Update(ctx, (const unsigned char *)salt, salt_len); /* Compute alternate SHA512 sum with input KEY, SALT, and KEY. * The final result will be added to the first context. */ HASH_Begin(alt_ctx); /* Add key. */ HASH_Update(alt_ctx, (const unsigned char *)key, key_len); /* Add salt. */ HASH_Update(alt_ctx, (const unsigned char *)salt, salt_len); /* Add key again. */ HASH_Update(alt_ctx, (const unsigned char *)key, key_len); /* Now get result of this (64 bytes) and add it to the other context. */ HASH_End(alt_ctx, alt_result, &part, HASH_ResultLenContext(alt_ctx)); /* Add for any character in the key one byte of the alternate sum. */ for (cnt = key_len; cnt > 64; cnt -= 64) { HASH_Update(ctx, alt_result, 64); } HASH_Update(ctx, alt_result, cnt); /* Take the binary representation of the length of the key and for every * 1 add the alternate sum, for every 0 the key. */ for (cnt = key_len; cnt > 0; cnt >>= 1) { if ((cnt & 1) != 0) { HASH_Update(ctx, alt_result, 64); } else { HASH_Update(ctx, (const unsigned char *)key, key_len); } } /* Create intermediate result. */ HASH_End(ctx, alt_result, &part, HASH_ResultLenContext(ctx)); /* Start computation of P byte sequence. */ HASH_Begin(alt_ctx); /* For every character in the password add the entire password. */ for (cnt = 0; cnt < key_len; cnt++) { HASH_Update(alt_ctx, (const unsigned char *)key, key_len); } /* Finish the digest. */ HASH_End(alt_ctx, temp_result, &part, HASH_ResultLenContext(alt_ctx)); /* Create byte sequence P. */ cp = p_bytes = alloca(key_len); for (cnt = key_len; cnt >= 64; cnt -= 64) { cp = mempcpy(cp, temp_result, 64); } memcpy(cp, temp_result, cnt); /* Start computation of S byte sequence. */ HASH_Begin(alt_ctx); /* For every character in the password add the entire salt. */ for (cnt = 0; cnt < 16 + alt_result[0]; cnt++) { HASH_Update(alt_ctx, (const unsigned char *)salt, salt_len); } /* Finish the digest. */ HASH_End(alt_ctx, temp_result, &part, HASH_ResultLenContext(alt_ctx)); /* Create byte sequence S. */ cp = s_bytes = alloca(salt_len); for (cnt = salt_len; cnt >= 64; cnt -= 64) { cp = mempcpy(cp, temp_result, 64); } memcpy(cp, temp_result, cnt); /* Repeatedly run the collected hash value through SHA512 to burn CPU cycles. */ for (cnt = 0; cnt < rounds; cnt++) { HASH_Begin(ctx); /* Add key or last result. */ if ((cnt & 1) != 0) { HASH_Update(ctx, (const unsigned char *)p_bytes, key_len); } else { HASH_Update(ctx, alt_result, 64); } /* Add salt for numbers not divisible by 3. */ if (cnt % 3 != 0) { HASH_Update(ctx, (const unsigned char *)s_bytes, salt_len); } /* Add key for numbers not divisible by 7. */ if (cnt % 7 != 0) { HASH_Update(ctx, (const unsigned char *)p_bytes, key_len); } /* Add key or last result. */ if ((cnt & 1) != 0) { HASH_Update(ctx, alt_result, 64); } else { HASH_Update(ctx, (const unsigned char *)p_bytes, key_len); } /* Create intermediate result. */ HASH_End(ctx, alt_result, &part, HASH_ResultLenContext(ctx)); } /* Now we can construct the result string. * It consists of three parts. */ if (buflen <= SALT_PREF_SIZE) { ret = ERANGE; goto done; } cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); buflen -= SALT_PREF_SIZE; if (rounds_custom) { n = snprintf(cp, buflen, "%s%zu$", sha512_rounds_prefix, rounds); if (n < 0 || n >= buflen) { ret = ERANGE; goto done; } cp += n; buflen -= n; } if (buflen <= salt_len + 1) { ret = ERANGE; goto done; } cp = __stpncpy(cp, salt, salt_len); *cp++ = '$'; buflen -= salt_len + 1; /* fuzzyfill the base 64 string */ p1 = 0; p2 = 21; p3 = 42; for (n = 0; n < 21; n++) { b64_from_24bit(&cp, &buflen, 4, alt_result[p1], alt_result[p2], alt_result[p3]); if (buflen == 0) { ret = ERANGE; goto done; } pt = p1; p1 = p2 + 1; p2 = p3 + 1; p3 = pt + 1; } /* 64th and last byte */ b64_from_24bit(&cp, &buflen, 2, 0, 0, alt_result[p3]); if (buflen == 0) { ret = ERANGE; goto done; } *cp = '\0'; ret = EOK; done: /* Clear the buffer for the intermediate result so that people attaching * to processes or reading core dumps cannot get any information. We do it * in this way to clear correct_words[] inside the SHA512 implementation * as well. */ if (ctx) HASH_Destroy(ctx); if (alt_ctx) HASH_Destroy(alt_ctx); if (p_bytes) memset(p_bytes, '\0', key_len); if (s_bytes) memset(s_bytes, '\0', salt_len); if (copied_key) memset(copied_key, '\0', key_len); if (copied_salt) memset(copied_salt, '\0', salt_len); memset(temp_result, '\0', sizeof(temp_result)); return ret; } int s3crypt_sha512(TALLOC_CTX *memctx, const char *key, const char *salt, char **_hash) { char *hash; int hlen = (sizeof (sha512_salt_prefix) - 1 + sizeof (sha512_rounds_prefix) + 9 + 1 + strlen (salt) + 1 + 86 + 1); int ret; hash = talloc_size(memctx, hlen); if (!hash) return ENOMEM; ret = sha512_crypt_r(key, salt, hash, hlen); if (ret) return ret; *_hash = hash; return ret; } #define SALT_RAND_LEN 12 int s3crypt_gen_salt(TALLOC_CTX *memctx, char **_salt) { uint8_t rb[SALT_RAND_LEN]; char *salt, *cp; size_t slen; int ret; ret = nspr_nss_init(); if (ret != EOK) { return EIO; } salt = talloc_size(memctx, SALT_LEN_MAX + 1); if (!salt) { return ENOMEM; } ret = PK11_GenerateRandom(rb, SALT_RAND_LEN); if (ret != SECSuccess) { return EIO; } slen = SALT_LEN_MAX; cp = salt; b64_from_24bit(&cp, &slen, 4, rb[0], rb[1], rb[2]); b64_from_24bit(&cp, &slen, 4, rb[3], rb[4], rb[5]); b64_from_24bit(&cp, &slen, 4, rb[6], rb[7], rb[8]); b64_from_24bit(&cp, &slen, 4, rb[9], rb[10], rb[11]); *cp = '\0'; *_salt = salt; return EOK; } sssd-1.11.5/src/util/crypto/nss/PaxHeaders.13173/nss_base64.c0000644000000000000000000000007412320753107021555 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.568875014 sssd-1.11.5/src/util/crypto/nss/nss_base64.c0000664002412700241270000000471412320753107022005 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "util/crypto/nss/nss_util.h" #include /* NSS wraps b64 encoded buffers with CRLF automatically after 64 chars. This * function strips the CRLF double-chars. The buffer can be decoded with plain * NSS calls */ char *sss_base64_encode(TALLOC_CTX *mem_ctx, const unsigned char *inbuf, size_t inbufsize) { int ret; char *b64encoded = NULL; int i, j, b64size; char *outbuf; /* initialize NSS if needed */ ret = nspr_nss_init(); if (ret != EOK) { return NULL; } b64encoded = BTOA_DataToAscii(inbuf, inbufsize); if (!b64encoded) return NULL; b64size = strlen(b64encoded) + 1; outbuf = talloc_array(mem_ctx, char, b64size); if (outbuf == NULL) { PORT_Free(b64encoded); return NULL; } for (i=0, j=0; i < b64size; i++) { if (b64encoded[i] == '\n' || b64encoded[i] == '\r') { continue; } outbuf[j++] = b64encoded[i]; /* will also copy the trailing \0 char */ } PORT_Free(b64encoded); return outbuf; } unsigned char *sss_base64_decode(TALLOC_CTX *mem_ctx, const char *inbuf, size_t *outbufsize) { int ret; unsigned char *b64decoded = NULL; unsigned int size; unsigned char *outbuf; /* initialize NSS if needed */ ret = nspr_nss_init(); if (ret != EOK) { return NULL; } b64decoded = ATOB_AsciiToData(inbuf, &size); if (!b64decoded) return NULL; outbuf = talloc_memdup(mem_ctx, b64decoded, size); PORT_Free(b64decoded); if (!outbuf) return NULL; *outbufsize = size; return outbuf; } sssd-1.11.5/src/util/crypto/PaxHeaders.13173/sss_crypto.h0000644000000000000000000000007412320753107021220 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.416875126 sssd-1.11.5/src/util/crypto/sss_crypto.h0000664002412700241270000000200312320753107021435 0ustar00jhrozekjhrozek00000000000000 int s3crypt_sha512(TALLOC_CTX *mmectx, const char *key, const char *salt, char **_hash); int s3crypt_gen_salt(TALLOC_CTX *memctx, char **_salt); /* Methods of obfuscation. */ enum obfmethod { AES_256, NUM_OBFMETHODS }; int test2(void); char *sss_base64_encode(TALLOC_CTX *mem_ctx, const unsigned char *in, size_t insize); unsigned char *sss_base64_decode(TALLOC_CTX *mem_ctx, const char *in, size_t *outsize); #define SSS_SHA1_LENGTH 20 int sss_hmac_sha1(const unsigned char *key, size_t key_len, const unsigned char *in, size_t in_len, unsigned char *out); int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, enum obfmethod meth, char **obfpwd); int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, char **password); sssd-1.11.5/src/util/crypto/PaxHeaders.13173/libcrypto0000644000000000000000000000013212320753521020564 xustar000000000000000030 mtime=1396954961.567875015 30 atime=1396955003.533843848 30 ctime=1396954961.567875015 sssd-1.11.5/src/util/crypto/libcrypto/0000775002412700241270000000000012320753521021070 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/util/crypto/libcrypto/PaxHeaders.13173/crypto_hmac_sha1.c0000644000000000000000000000007412320753107024236 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.566875016 sssd-1.11.5/src/util/crypto/libcrypto/crypto_hmac_sha1.c0000664002412700241270000000531212320753107024461 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta George McCollister Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "util/crypto/sss_crypto.h" #include #define HMAC_SHA1_BLOCKSIZE 64 int sss_hmac_sha1(const unsigned char *key, size_t key_len, const unsigned char *in, size_t in_len, unsigned char *out) { int ret; EVP_MD_CTX ctx; unsigned char ikey[HMAC_SHA1_BLOCKSIZE], okey[HMAC_SHA1_BLOCKSIZE]; size_t i; unsigned char hash[SSS_SHA1_LENGTH]; unsigned int res_len; EVP_MD_CTX_init(&ctx); if (key_len > HMAC_SHA1_BLOCKSIZE) { /* keys longer than blocksize are shortened */ if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) { ret = EIO; goto done; } EVP_DigestUpdate(&ctx, (const unsigned char *)key, key_len); EVP_DigestFinal_ex(&ctx, ikey, &res_len); memset(ikey + SSS_SHA1_LENGTH, 0, HMAC_SHA1_BLOCKSIZE - SSS_SHA1_LENGTH); } else { /* keys shorter than blocksize are zero-padded */ memcpy(ikey, key, key_len); memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len); } /* HMAC(key, msg) = HASH(key XOR opad, HASH(key XOR ipad, msg)) */ for (i = 0; i < HMAC_SHA1_BLOCKSIZE; i++) { okey[i] = ikey[i] ^ 0x5c; ikey[i] ^= 0x36; } if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) { ret = EIO; goto done; } EVP_DigestUpdate(&ctx, (const unsigned char *)ikey, HMAC_SHA1_BLOCKSIZE); EVP_DigestUpdate(&ctx, (const unsigned char *)in, in_len); EVP_DigestFinal_ex(&ctx, hash, &res_len); if (!EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL)) { ret = EIO; goto done; } EVP_DigestUpdate(&ctx, (const unsigned char *)okey, HMAC_SHA1_BLOCKSIZE); EVP_DigestUpdate(&ctx, (const unsigned char *)hash, SSS_SHA1_LENGTH); EVP_DigestFinal_ex(&ctx, out, &res_len); ret = EOK; done: EVP_MD_CTX_cleanup(&ctx); return ret; } sssd-1.11.5/src/util/crypto/libcrypto/PaxHeaders.13173/crypto_sha512crypt.c0000644000000000000000000000007412320753107024477 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.566875016 sssd-1.11.5/src/util/crypto/libcrypto/crypto_sha512crypt.c0000664002412700241270000002537512320753107024735 0ustar00jhrozekjhrozek00000000000000/* This file is based on nss_sha512crypt.c which is based on the work of * Ulrich Drepper (http://people.redhat.com/drepper/SHA-crypt.txt). * * libcrypto is used to provide SHA512 and random number generation. * (http://www.openssl.org/docs/crypto/crypto.html). * * Sumit Bose * George McCollister */ /* SHA512-based Unix crypt implementation. Released into the Public Domain by Ulrich Drepper . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include "util/util.h" #include "util/sss_endian.h" #include #include /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ const char sha512_salt_prefix[] = "$6$"; #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1) /* Prefix for optional rounds specification. */ const char sha512_rounds_prefix[] = "rounds="; #define ROUNDS_SIZE (sizeof(sha512_rounds_prefix) - 1) #define SALT_LEN_MAX 16 #define ROUNDS_DEFAULT 5000 #define ROUNDS_MIN 1000 #define ROUNDS_MAX 999999999 /* Table with characters for base64 transformation. */ const char b64t[64] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; /* base64 conversion function */ static inline void b64_from_24bit(char **dest, size_t *len, size_t n, uint8_t b2, uint8_t b1, uint8_t b0) { uint32_t w; size_t i; if (*len < n) n = *len; w = (b2 << 16) | (b1 << 8) | b0; for (i = 0; i < n; i++) { (*dest)[i] = b64t[w & 0x3f]; w >>= 6; } *len -= i; *dest += i; } #define PTR_2_INT(x) ((x) - ((__typeof__ (x)) NULL)) #define ALIGN64 __alignof__(uint64_t) static int sha512_crypt_r(const char *key, const char *salt, char *buffer, size_t buflen) { unsigned char temp_result[64] __attribute__((__aligned__(ALIGN64))); unsigned char alt_result[64] __attribute__((__aligned__(ALIGN64))); size_t rounds = ROUNDS_DEFAULT; bool rounds_custom = false; EVP_MD_CTX alt_ctx; EVP_MD_CTX ctx; size_t salt_len; size_t key_len; size_t cnt; char *copied_salt = NULL; char *copied_key = NULL; char *p_bytes = NULL; char *s_bytes = NULL; int p1, p2, p3, pt, n; unsigned int part; char *cp, *tmp; int ret; /* Find beginning of salt string. The prefix should normally always be * present. Just in case it is not. */ if (strncmp(salt, sha512_salt_prefix, SALT_PREF_SIZE) == 0) { /* Skip salt prefix. */ salt += SALT_PREF_SIZE; } if (strncmp(salt, sha512_rounds_prefix, ROUNDS_SIZE) == 0) { unsigned long int srounds; const char *num; char *endp; num = salt + ROUNDS_SIZE; srounds = strtoul(num, &endp, 10); if (*endp == '$') { salt = endp + 1; if (srounds < ROUNDS_MIN) srounds = ROUNDS_MIN; if (srounds > ROUNDS_MAX) srounds = ROUNDS_MAX; rounds = srounds; rounds_custom = true; } } salt_len = MIN(strcspn(salt, "$"), SALT_LEN_MAX); key_len = strlen(key); if ((PTR_2_INT(key) % ALIGN64) != 0) { tmp = (char *)alloca(key_len + ALIGN64); key = copied_key = memcpy(tmp + ALIGN64 - PTR_2_INT(tmp) % ALIGN64, key, key_len); } if (PTR_2_INT(salt) % ALIGN64 != 0) { tmp = (char *)alloca(salt_len + ALIGN64); salt = copied_salt = memcpy(tmp + ALIGN64 - PTR_2_INT(tmp) % ALIGN64, salt, salt_len); } EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&alt_ctx); /* Prepare for the real work. */ if (!EVP_DigestInit_ex(&ctx, EVP_sha512(), NULL)) { ret = EIO; goto done; } /* Add the key string. */ EVP_DigestUpdate(&ctx, (const unsigned char *)key, key_len); /* The last part is the salt string. This must be at most 16 * characters and it ends at the first `$' character (for * compatibility with existing implementations). */ EVP_DigestUpdate(&ctx, (const unsigned char *)salt, salt_len); /* Compute alternate SHA512 sum with input KEY, SALT, and KEY. * The final result will be added to the first context. */ if (!EVP_DigestInit_ex(&alt_ctx, EVP_sha512(), NULL)) { ret = EIO; goto done; } /* Add key. */ EVP_DigestUpdate(&alt_ctx, (const unsigned char *)key, key_len); /* Add salt. */ EVP_DigestUpdate(&alt_ctx, (const unsigned char *)salt, salt_len); /* Add key again. */ EVP_DigestUpdate(&alt_ctx, (const unsigned char *)key, key_len); /* Now get result of this (64 bytes) and add it to the other context. */ EVP_DigestFinal_ex(&alt_ctx, alt_result, &part); /* Add for any character in the key one byte of the alternate sum. */ for (cnt = key_len; cnt > 64; cnt -= 64) { EVP_DigestUpdate(&ctx, alt_result, 64); } EVP_DigestUpdate(&ctx, alt_result, cnt); /* Take the binary representation of the length of the key and for every * 1 add the alternate sum, for every 0 the key. */ for (cnt = key_len; cnt > 0; cnt >>= 1) { if ((cnt & 1) != 0) { EVP_DigestUpdate(&ctx, alt_result, 64); } else { EVP_DigestUpdate(&ctx, (const unsigned char *)key, key_len); } } /* Create intermediate result. */ EVP_DigestFinal_ex(&ctx, alt_result, &part); /* Start computation of P byte sequence. */ if (!EVP_DigestInit_ex(&alt_ctx, EVP_sha512(), NULL)) { ret = EIO; goto done; } /* For every character in the password add the entire password. */ for (cnt = 0; cnt < key_len; cnt++) { EVP_DigestUpdate(&alt_ctx, (const unsigned char *)key, key_len); } /* Finish the digest. */ EVP_DigestFinal_ex(&alt_ctx, temp_result, &part); /* Create byte sequence P. */ cp = p_bytes = alloca(key_len); for (cnt = key_len; cnt >= 64; cnt -= 64) { cp = mempcpy(cp, temp_result, 64); } memcpy(cp, temp_result, cnt); /* Start computation of S byte sequence. */ if (!EVP_DigestInit_ex(&alt_ctx, EVP_sha512(), NULL)) { ret = EIO; goto done; } /* For every character in the password add the entire salt. */ for (cnt = 0; cnt < 16 + alt_result[0]; cnt++) { EVP_DigestUpdate(&alt_ctx, (const unsigned char *)salt, salt_len); } /* Finish the digest. */ EVP_DigestFinal_ex(&alt_ctx, temp_result, &part); /* Create byte sequence S. */ cp = s_bytes = alloca(salt_len); for (cnt = salt_len; cnt >= 64; cnt -= 64) { cp = mempcpy(cp, temp_result, 64); } memcpy(cp, temp_result, cnt); /* Repeatedly run the collected hash value through SHA512 to burn CPU cycles. */ for (cnt = 0; cnt < rounds; cnt++) { if (!EVP_DigestInit_ex(&ctx, EVP_sha512(), NULL)) { ret = EIO; goto done; } /* Add key or last result. */ if ((cnt & 1) != 0) { EVP_DigestUpdate(&ctx, (const unsigned char *)p_bytes, key_len); } else { EVP_DigestUpdate(&ctx, alt_result, 64); } /* Add salt for numbers not divisible by 3. */ if (cnt % 3 != 0) { EVP_DigestUpdate(&ctx, (const unsigned char *)s_bytes, salt_len); } /* Add key for numbers not divisible by 7. */ if (cnt % 7 != 0) { EVP_DigestUpdate(&ctx, (const unsigned char *)p_bytes, key_len); } /* Add key or last result. */ if ((cnt & 1) != 0) { EVP_DigestUpdate(&ctx, alt_result, 64); } else { EVP_DigestUpdate(&ctx, (const unsigned char *)p_bytes, key_len); } /* Create intermediate result. */ EVP_DigestFinal_ex(&ctx, alt_result, &part); } /* Now we can construct the result string. * It consists of three parts. */ if (buflen <= SALT_PREF_SIZE) { ret = ERANGE; goto done; } cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); buflen -= SALT_PREF_SIZE; if (rounds_custom) { n = snprintf(cp, buflen, "%s%zu$", sha512_rounds_prefix, rounds); if (n < 0 || n >= buflen) { ret = ERANGE; goto done; } cp += n; buflen -= n; } if (buflen <= salt_len + 1) { ret = ERANGE; goto done; } cp = __stpncpy(cp, salt, salt_len); *cp++ = '$'; buflen -= salt_len + 1; /* fuzzyfill the base 64 string */ p1 = 0; p2 = 21; p3 = 42; for (n = 0; n < 21; n++) { b64_from_24bit(&cp, &buflen, 4, alt_result[p1], alt_result[p2], alt_result[p3]); if (buflen == 0) { ret = ERANGE; goto done; } pt = p1; p1 = p2 + 1; p2 = p3 + 1; p3 = pt + 1; } /* 64th and last byte */ b64_from_24bit(&cp, &buflen, 2, 0, 0, alt_result[p3]); if (buflen == 0) { ret = ERANGE; goto done; } *cp = '\0'; ret = EOK; done: /* Clear the buffer for the intermediate result so that people attaching * to processes or reading core dumps cannot get any information. We do it * in this way to clear correct_words[] inside the SHA512 implementation * as well. */ EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_cleanup(&alt_ctx); if (p_bytes) memset(p_bytes, '\0', key_len); if (s_bytes) memset(s_bytes, '\0', salt_len); if (copied_key) memset(copied_key, '\0', key_len); if (copied_salt) memset(copied_salt, '\0', salt_len); memset(temp_result, '\0', sizeof(temp_result)); return ret; } int s3crypt_sha512(TALLOC_CTX *memctx, const char *key, const char *salt, char **_hash) { char *hash; int hlen = (sizeof (sha512_salt_prefix) - 1 + sizeof (sha512_rounds_prefix) + 9 + 1 + strlen (salt) + 1 + 86 + 1); int ret; hash = talloc_size(memctx, hlen); if (!hash) return ENOMEM; ret = sha512_crypt_r(key, salt, hash, hlen); if (ret) return ret; *_hash = hash; return ret; } #define SALT_RAND_LEN 12 int s3crypt_gen_salt(TALLOC_CTX *memctx, char **_salt) { uint8_t rb[SALT_RAND_LEN]; char *salt, *cp; size_t slen; int ret; salt = talloc_size(memctx, SALT_LEN_MAX + 1); if (!salt) { return ENOMEM; } ret = RAND_bytes(rb, SALT_RAND_LEN); if (ret == 0) { return EIO; } slen = SALT_LEN_MAX; cp = salt; b64_from_24bit(&cp, &slen, 4, rb[0], rb[1], rb[2]); b64_from_24bit(&cp, &slen, 4, rb[3], rb[4], rb[5]); b64_from_24bit(&cp, &slen, 4, rb[6], rb[7], rb[8]); b64_from_24bit(&cp, &slen, 4, rb[9], rb[10], rb[11]); *cp = '\0'; *_salt = salt; return EOK; } sssd-1.11.5/src/util/crypto/libcrypto/PaxHeaders.13173/crypto_base64.c0000644000000000000000000000007412320753107023476 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.565875016 sssd-1.11.5/src/util/crypto/libcrypto/crypto_base64.c0000664002412700241270000000641412320753107023725 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta George McCollister Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include #include char *sss_base64_encode(TALLOC_CTX *mem_ctx, const unsigned char *in, size_t insize) { char *b64encoded = NULL, *outbuf = NULL; int i, j, b64size; BIO *bmem, *b64; b64 = BIO_new(BIO_f_base64()); if (!b64) return NULL; BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bmem = BIO_new(BIO_s_mem()); if (!bmem) goto done; b64 = BIO_push(b64, bmem); BIO_write(b64, in, insize); (void) BIO_flush(b64); b64size = BIO_get_mem_data(bmem, &b64encoded); if (b64encoded) { outbuf = talloc_array(mem_ctx, char, b64size+1); if (outbuf == NULL) goto done; for (i=0, j=0; i < b64size; i++) { if (b64encoded[i] == '\n' || b64encoded[i] == '\r') { continue; } outbuf[j++] = b64encoded[i]; } outbuf[j++] = '\0'; } done: BIO_free_all(b64); return outbuf; } unsigned char *sss_base64_decode(TALLOC_CTX *mem_ctx, const char *in, size_t *outsize) { unsigned char *outbuf = NULL; unsigned char *b64decoded = NULL; unsigned char inbuf[512]; char * in_dup; int size, inlen = strlen(in); BIO *bmem, *b64, *bmem_out; TALLOC_CTX *tmp_ctx = NULL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return NULL; } in_dup = talloc_size(tmp_ctx, inlen+1); if (!in_dup) goto done; memcpy(in_dup, in, inlen+1); b64 = BIO_new(BIO_f_base64()); if (!b64) goto done; BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bmem = BIO_new_mem_buf(in_dup, -1); if (!bmem) { BIO_free(b64); goto done; } b64 = BIO_push(b64, bmem); bmem_out = BIO_new(BIO_s_mem()); if (!bmem_out) { BIO_free_all(b64); goto done; } while((inlen = BIO_read(b64, inbuf, 512)) > 0) BIO_write(bmem_out, inbuf, inlen); (void) BIO_flush(bmem_out); size = BIO_get_mem_data(bmem_out, &b64decoded); if (b64decoded) { outbuf = talloc_memdup(mem_ctx, b64decoded, size); if (!outbuf) { BIO_free_all(b64); BIO_free(bmem_out); goto done; } *outsize = size; } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get decoded data\n")); } BIO_free_all(b64); BIO_free(bmem_out); done: talloc_free(tmp_ctx); return outbuf; } sssd-1.11.5/src/util/crypto/libcrypto/PaxHeaders.13173/crypto_obfuscate.c0000644000000000000000000000007412320753107024365 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.567875015 sssd-1.11.5/src/util/crypto/libcrypto/crypto_obfuscate.c0000664002412700241270000002031312320753107024606 0ustar00jhrozekjhrozek00000000000000/* SSSD Password obfuscation logic Authors: George McCollister Copyright (C) George McCollister 2012 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* * READ ME: * * Please note that password obfuscation does not improve security in any * way. It is just a mechanism to make the password human-unreadable. If you * need to secure passwords in your application, you should probably take a * look at storing passwords in NSS-backed database. */ #include "config.h" #include #include #include "util/util.h" #include "util/crypto/sss_crypto.h" #include #include #define OBF_BUFFER_SENTINEL "\0\1\2\3" #define OBF_BUFFER_SENTINEL_SIZE 4 struct crypto_mech_data { const EVP_CIPHER * (*cipher)(void); uint16_t keylen; uint16_t bsize; }; static struct crypto_mech_data cmdata[] = { /* AES with automatic padding, 256b key, 128b block */ { EVP_aes_256_cbc, 32, 16 }, /* sentinel */ { 0, 0, 0 } }; static struct crypto_mech_data *get_crypto_mech_data(enum obfmethod meth) { if (meth >= NUM_OBFMETHODS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unsupported cipher type\n")); return NULL; } return &cmdata[meth]; } int sss_password_encrypt(TALLOC_CTX *mem_ctx, const char *password, int plen, enum obfmethod meth, char **obfpwd) { int ret; EVP_CIPHER_CTX ctx; struct crypto_mech_data *mech_props; TALLOC_CTX *tmp_ctx = NULL; unsigned char *keybuf; unsigned char *ivbuf; unsigned char *cryptotext; int ct_maxsize; int ctlen = 0; int digestlen = 0; int result_len; unsigned char *obfbuf; size_t obufsize = 0; size_t p = 0; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } EVP_CIPHER_CTX_init(&ctx); mech_props = get_crypto_mech_data(meth); if (mech_props == NULL) { ret = EINVAL; goto done; } keybuf = talloc_array(tmp_ctx, unsigned char, mech_props->keylen); if (keybuf == NULL) { ret = ENOMEM; goto done; } ivbuf = talloc_array(tmp_ctx, unsigned char, mech_props->bsize); if (ivbuf == NULL) { ret = ENOMEM; goto done; } RAND_bytes(keybuf, mech_props->keylen); RAND_bytes(ivbuf, mech_props->bsize); /* cryptotext buffer must be at least len(plaintext)+blocksize */ ct_maxsize = plen + (mech_props->bsize); cryptotext = talloc_array(tmp_ctx, unsigned char, ct_maxsize); if (!cryptotext) { ret = ENOMEM; goto done; } if (!EVP_EncryptInit_ex(&ctx, mech_props->cipher(), 0, keybuf, ivbuf)) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failure to initialize cipher contex\n")); ret = EIO; goto done; } /* sample data we'll encrypt and decrypt */ if (!EVP_EncryptUpdate(&ctx, cryptotext, &ctlen, (const unsigned char*)password, plen)) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot execute the encryption operation\n")); ret = EIO; goto done; } if(!EVP_EncryptFinal_ex(&ctx, cryptotext+ctlen, &digestlen)) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot finialize the encryption operation\n")); ret = EIO; goto done; } result_len = ctlen + digestlen; /* Pack the obfuscation buffer */ /* The buffer consists of: * uint16_t the type of the cipher * uint32_t length of the cryptotext in bytes (clen) * uint8_t[klen] key * uint8_t[blen] IV * uint8_t[clen] cryptotext * 4 bytes of "sentinel" denoting end of the buffer */ obufsize = sizeof(uint16_t) + sizeof(uint32_t) + mech_props->keylen + mech_props->bsize + result_len + OBF_BUFFER_SENTINEL_SIZE; obfbuf = talloc_array(tmp_ctx, unsigned char, obufsize); if (!obfbuf) { ret = ENOMEM; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Writing method: %d\n", meth)); SAFEALIGN_SET_UINT16(&obfbuf[p], meth, &p); DEBUG(SSSDBG_TRACE_FUNC, ("Writing bufsize: %d\n", result_len)); SAFEALIGN_SET_UINT16(&obfbuf[p], result_len, &p); safealign_memcpy(&obfbuf[p], keybuf, mech_props->keylen, &p); safealign_memcpy(&obfbuf[p], ivbuf, mech_props->bsize, &p); safealign_memcpy(&obfbuf[p], cryptotext, result_len, &p); safealign_memcpy(&obfbuf[p], OBF_BUFFER_SENTINEL, OBF_BUFFER_SENTINEL_SIZE, &p); /* Base64 encode the resulting buffer */ *obfpwd = sss_base64_encode(mem_ctx, obfbuf, obufsize); if (*obfpwd == NULL) { ret = ENOMEM; goto done; } ret = EOK; done: talloc_free(tmp_ctx); EVP_CIPHER_CTX_cleanup(&ctx); return ret; } int sss_password_decrypt(TALLOC_CTX *mem_ctx, char *b64encoded, char **password) { int ret; EVP_CIPHER_CTX ctx; TALLOC_CTX *tmp_ctx = NULL; struct crypto_mech_data *mech_props; int plainlen; int digestlen; unsigned char *obfbuf = NULL; size_t obflen; char *pwdbuf; /* for unmarshaling data */ uint16_t meth; uint16_t ctsize; size_t p = 0; unsigned char *cryptotext; unsigned char *keybuf; unsigned char *ivbuf; unsigned char sentinel_check[OBF_BUFFER_SENTINEL_SIZE]; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } EVP_CIPHER_CTX_init(&ctx); /* Base64 decode the incoming buffer */ obfbuf = sss_base64_decode(tmp_ctx, b64encoded, &obflen); if (!obfbuf) { ret = ENOMEM; goto done; } /* unpack obfuscation buffer */ SAFEALIGN_COPY_UINT16_CHECK(&meth, obfbuf+p, obflen, &p); DEBUG(SSSDBG_TRACE_FUNC, ("Read method: %d\n", meth)); SAFEALIGN_COPY_UINT16_CHECK(&ctsize, obfbuf+p, obflen, &p); DEBUG(SSSDBG_TRACE_FUNC, ("Read bufsize: %d\n", ctsize)); mech_props = get_crypto_mech_data(meth); if (mech_props == NULL) { ret = EINVAL; goto done; } /* check that we got sane mechanism properties and cryptotext size */ memcpy(sentinel_check, obfbuf + p + mech_props->keylen + mech_props->bsize + ctsize, OBF_BUFFER_SENTINEL_SIZE); if (memcmp(sentinel_check, OBF_BUFFER_SENTINEL, OBF_BUFFER_SENTINEL_SIZE) != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Obfuscation buffer seems corrupt, aborting\n")); ret = EFAULT; goto done; } /* copy out key, ivbuf and cryptotext */ keybuf = talloc_array(tmp_ctx, unsigned char, mech_props->keylen); if (keybuf == NULL) { ret = ENOMEM; goto done; } safealign_memcpy(keybuf, obfbuf+p, mech_props->keylen, &p); ivbuf = talloc_array(tmp_ctx, unsigned char, mech_props->bsize); if (ivbuf == NULL) { ret = ENOMEM; goto done; } safealign_memcpy(ivbuf, obfbuf+p, mech_props->bsize, &p); cryptotext = talloc_array(tmp_ctx, unsigned char, ctsize); if (cryptotext == NULL) { ret = ENOMEM; goto done; } safealign_memcpy(cryptotext, obfbuf+p, ctsize, &p); pwdbuf = talloc_array(tmp_ctx, char, ctsize); if (!pwdbuf) { ret = ENOMEM; goto done; } if (!EVP_DecryptInit_ex(&ctx, mech_props->cipher(), 0, keybuf, ivbuf)) { ret = EIO; goto done; } /* sample data we'll encrypt and decrypt */ if (!EVP_DecryptUpdate(&ctx, (unsigned char*)pwdbuf, &plainlen, cryptotext, ctsize)) { ret = EIO; goto done; } if(!EVP_DecryptFinal_ex(&ctx, (unsigned char*)pwdbuf+plainlen, &digestlen)) { ret = EIO; goto done; } *password = talloc_move(mem_ctx, &pwdbuf); ret = EOK; done: talloc_free(tmp_ctx); EVP_CIPHER_CTX_cleanup(&ctx); return ret; } sssd-1.11.5/src/util/PaxHeaders.13173/sss_krb5.h0000644000000000000000000000007312320753107017222 xustar000000000000000030 atime=1396954939.277891423 29 ctime=1396954961.42487512 sssd-1.11.5/src/util/sss_krb5.h0000664002412700241270000001672312320753107017456 0ustar00jhrozekjhrozek00000000000000/* Authors: Sumit Bose Copyright (C) 2009-2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SSS_KRB5_H__ #define __SSS_KRB5_H__ #include "config.h" #include #include #ifdef HAVE_KRB5_KRB5_H #include #else #include #endif #include "util/util.h" #define KRB5_CHILD_LOG_FILE "krb5_child" #define LDAP_CHILD_LOG_FILE "ldap_child" /* MIT Kerberos has the same hardcoded warning interval of 7 days. Due to the * fact that using the expiration time of a Kerberos password with LDAP * authentication is presumably a rare case a separate config option is not * necessary. */ #define KERBEROS_PWEXPIRE_WARNING_TIME (7 * 24 * 60 * 60) #define KEYTAB_CLEAN_NAME keytab_name ? keytab_name : "default" #if defined HAVE_KRB5_CC_CACHE_MATCH && defined HAVE_KRB5_CC_GET_FULL_NAME #define HAVE_KRB5_CC_COLLECTION 1 #endif const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context, krb5_error_code); void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context, const char *); #define KRB5_DEBUG(level, errctx, krb5_error) do { \ const char *__krb5_error_msg; \ __krb5_error_msg = sss_krb5_get_error_message(errctx, krb5_error); \ DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \ sss_log(SSS_LOG_ERR, "%s", __krb5_error_msg); \ sss_krb5_free_error_message(errctx, __krb5_error_msg); \ } while(0) krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_alloc( krb5_context context, krb5_get_init_creds_opt **opt); void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context, krb5_get_init_creds_opt *opt); void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name); int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, krb5_context context, krb5_keytab keytab); krb5_error_code find_principal_in_keytab(krb5_context ctx, krb5_keytab keytab, const char *pattern_primary, const char *pattern_realm, krb5_principal *princ); errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, const char *hostname, const char *desired_realm, const char *keytab_name, char **_principal, char **_primary, char **_realm); #ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_EXPIRE_CALLBACK typedef void krb5_expire_callback_func(krb5_context context, void *data, krb5_timestamp password_expiration, krb5_timestamp account_expiration, krb5_boolean is_last_req); #endif krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_expire_callback( krb5_context context, krb5_get_init_creds_opt *opt, krb5_expire_callback_func cb, void *data); errno_t check_fast(const char *str, bool *use_fast); krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_fast_ccache_name( krb5_context context, krb5_get_init_creds_opt *opt, const char *fast_ccache_name); krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_fast_flags( krb5_context context, krb5_get_init_creds_opt *opt, krb5_flags flags); #if HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_FLAGS #define SSS_KRB5_FAST_REQUIRED KRB5_FAST_REQUIRED #else #define SSS_KRB5_FAST_REQUIRED 0 #endif #ifndef HAVE_KRB5_PARSE_NAME_FLAGS #define KRB5_PRINCIPAL_PARSE_NO_REALM 0x1 #define KRB5_PRINCIPAL_PARSE_REQUIRE_REALM 0x2 #define KRB5_PRINCIPAL_PARSE_ENTERPRISE 0x4 #endif krb5_error_code sss_krb5_parse_name_flags(krb5_context context, const char *name, int flags, krb5_principal *principal); #ifndef HAVE_KRB5_UNPARSE_NAME_FLAGS #define KRB5_PRINCIPAL_UNPARSE_SHORT 0x1 #define KRB5_PRINCIPAL_UNPARSE_NO_REALM 0x2 #define KRB5_PRINCIPAL_UNPARSE_DISPLAY 0x4 #endif krb5_error_code sss_krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, int flags, char **name); void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts, int canonicalize); enum sss_krb5_cc_type { SSS_KRB5_TYPE_FILE, #ifdef HAVE_KRB5_CC_COLLECTION SSS_KRB5_TYPE_DIR, SSS_KRB5_TYPE_KEYRING, #endif /* HAVE_KRB5_CC_COLLECTION */ SSS_KRB5_TYPE_UNKNOWN }; /* === Compatibility routines for the Heimdal Kerberos implementation === */ void sss_krb5_princ_realm(krb5_context context, krb5_const_principal princ, const char **realm, int *len); krb5_error_code sss_krb5_free_keytab_entry_contents(krb5_context context, krb5_keytab_entry *entry); #ifdef HAVE_KRB5_TICKET_TIMES typedef krb5_ticket_times sss_krb5_ticket_times; #elif HAVE_KRB5_TIMES typedef krb5_times sss_krb5_ticket_times; #endif /* Redirect libkrb5 tracing towards our DEBUG statements */ errno_t sss_child_set_krb5_tracing(krb5_context ctx); krb5_error_code sss_krb5_find_authdata(krb5_context context, krb5_authdata *const *ticket_authdata, krb5_authdata *const *ap_req_authdata, krb5_authdatatype ad_type, krb5_authdata ***results); krb5_error_code sss_extract_pac(krb5_context ctx, krb5_ccache ccache, krb5_principal server_principal, krb5_principal client_principal, krb5_keytab keytab, krb5_authdata ***_pac_authdata); char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx, krb5_context ctx, krb5_principal principal, const char *location); #endif /* __SSS_KRB5_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/util.h0000644000000000000000000000007412320753107016445 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.418875125 sssd-1.11.5/src/util/util.h0000664002412700241270000005103612320753107016674 0ustar00jhrozekjhrozek00000000000000/* Authors: Simo Sorce Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SSSD_UTIL_H__ #define __SSSD_UTIL_H__ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "confdb/confdb.h" #include "util/atomic_io.h" #include "util/util_errors.h" #include "util/util_safealign.h" #include "util/sss_format.h" #define _(STRING) gettext (STRING) #define ENUM_INDICATOR "*" #define CLEAR_MC_FLAG "clear_mc_flag" #ifdef HAVE_FUNCTION_ATTRIBUTE_FORMAT #define SSS_ATTRIBUTE_PRINTF(a1, a2) __attribute__ ((format (printf, a1, a2))) #else #define SSS_ATTRIBUTE_PRINTF(a1, a2) #endif extern const char *debug_prg_name; extern int debug_level; extern int debug_timestamps; extern int debug_microseconds; extern int debug_to_file; extern const char *debug_log_file; void debug_fn(const char *format, ...) SSS_ATTRIBUTE_PRINTF(1, 2); int debug_get_level(int old_level); int debug_convert_old_level(int old_level); errno_t set_debug_file_from_fd(const int fd); #define SSSDBG_FATAL_FAILURE 0x0010 /* level 0 */ #define SSSDBG_CRIT_FAILURE 0x0020 /* level 1 */ #define SSSDBG_OP_FAILURE 0x0040 /* level 2 */ #define SSSDBG_MINOR_FAILURE 0x0080 /* level 3 */ #define SSSDBG_CONF_SETTINGS 0x0100 /* level 4 */ #define SSSDBG_FUNC_DATA 0x0200 /* level 5 */ #define SSSDBG_TRACE_FUNC 0x0400 /* level 6 */ #define SSSDBG_TRACE_LIBS 0x1000 /* level 7 */ #define SSSDBG_TRACE_INTERNAL 0x2000 /* level 8 */ #define SSSDBG_TRACE_ALL 0x4000 /* level 9 */ #define SSSDBG_IMPORTANT_INFO SSSDBG_OP_FAILURE #define SSSDBG_INVALID -1 #define SSSDBG_UNRESOLVED 0 #define SSSDBG_MASK_ALL 0xFFF0 /* enable all debug levels */ #define SSSDBG_DEFAULT SSSDBG_FATAL_FAILURE #define SSSDBG_TIMESTAMP_UNRESOLVED -1 #define SSSDBG_TIMESTAMP_DEFAULT 1 #define SSSDBG_MICROSECONDS_UNRESOLVED -1 #define SSSDBG_MICROSECONDS_DEFAULT 0 #define SSSD_DEBUG_OPTS \ {"debug-level", 'd', POPT_ARG_INT, &debug_level, 0, \ _("Debug level"), NULL}, \ {"debug-to-files", 'f', POPT_ARG_NONE, &debug_to_file, 0, \ _("Send the debug output to files instead of stderr"), NULL }, \ {"debug-timestamps", 0, POPT_ARG_INT, &debug_timestamps, 0, \ _("Add debug timestamps"), NULL}, \ {"debug-microseconds", 0, POPT_ARG_INT, &debug_microseconds, 0, \ _("Show timestamps with microseconds"), NULL}, /** \def DEBUG(level, body) \brief macro to generate debug messages \param level the debug level, please use one of the SSSDBG_* macros Old format: - 1 is for critical errors users may find it difficult to understand but are still quite clear - 2-4 is for stuff developers are interested in in general, but shouldn't fill the screen with useless low level verbose stuff - 5-6 is for errors you may want to track, but only if you explicitly looking for additional clues - 7-10 is for informational stuff \param body the debug message you want to send, should end with \n */ #define DEBUG(level, body) do { \ int __debug_macro_newlevel = debug_get_level(level); \ if (DEBUG_IS_SET(__debug_macro_newlevel)) { \ if (debug_timestamps) { \ struct timeval __debug_macro_tv; \ struct tm *__debug_macro_tm; \ char __debug_macro_datetime[20]; \ int __debug_macro_year; \ gettimeofday(&__debug_macro_tv, NULL); \ __debug_macro_tm = localtime(&__debug_macro_tv.tv_sec); \ __debug_macro_year = __debug_macro_tm->tm_year + 1900; \ /* get date time without year */ \ memcpy(__debug_macro_datetime, ctime(&__debug_macro_tv.tv_sec), 19); \ __debug_macro_datetime[19] = '\0'; \ if (debug_microseconds) { \ debug_fn("(%s:%.6ld %d) [%s] [%s] (%#.4x): ", \ __debug_macro_datetime, __debug_macro_tv.tv_usec, \ __debug_macro_year, debug_prg_name, \ __FUNCTION__, __debug_macro_newlevel); \ } else { \ debug_fn("(%s %d) [%s] [%s] (%#.4x): ", \ __debug_macro_datetime, __debug_macro_year, \ debug_prg_name, __FUNCTION__, __debug_macro_newlevel); \ } \ } else { \ debug_fn("[%s] [%s] (%#.4x): ", \ debug_prg_name, __FUNCTION__, __debug_macro_newlevel); \ } \ debug_fn body; \ } \ } while(0) /** \def DEBUG_MSG(level, function, message) \brief macro to generate debug messages with message from variable \param level the debug level, please use one of the SSSDBG_* macros \param function name of the function where DEBUG_MSG is called \param message message to be send (should not end with \n) */ #define DEBUG_MSG(level, function, message) do { \ int __debug_macro_newlevel = debug_get_level(level); \ if (DEBUG_IS_SET(__debug_macro_newlevel)) { \ if (debug_timestamps) { \ struct timeval __debug_macro_tv; \ struct tm *__debug_macro_tm; \ char __debug_macro_datetime[20]; \ int __debug_macro_year; \ gettimeofday(&__debug_macro_tv, NULL); \ __debug_macro_tm = localtime(&__debug_macro_tv.tv_sec); \ __debug_macro_year = __debug_macro_tm->tm_year + 1900; \ /* get date time without year */ \ memcpy(__debug_macro_datetime, ctime(&__debug_macro_tv.tv_sec), 19); \ __debug_macro_datetime[19] = '\0'; \ if (debug_microseconds) { \ debug_fn("(%s:%.6ld %d) [%s] [%s] (%#.4x): %s\n", \ __debug_macro_datetime, __debug_macro_tv.tv_usec, \ __debug_macro_year, debug_prg_name, \ function, __debug_macro_newlevel, message); \ } else { \ debug_fn("(%s %d) [%s] [%s] (%#.4x): %s\n", \ __debug_macro_datetime, __debug_macro_year, \ debug_prg_name, function, __debug_macro_newlevel, \ message); \ } \ } else { \ debug_fn("[%s] [%s] (%#.4x): %s\n", \ debug_prg_name, function, __debug_macro_newlevel, message); \ } \ } \ } while(0) /** \def DEBUG_IS_SET(level) \brief checks whether level (must be in new format) is set in debug_level \param level the debug level, please use one of the SSSDBG*_ macros */ #define DEBUG_IS_SET(level) (debug_level & (level) || \ (debug_level == SSSDBG_UNRESOLVED && \ (level & (SSSDBG_FATAL_FAILURE | \ SSSDBG_CRIT_FAILURE)))) #define DEBUG_INIT(dbg_lvl) do { \ if (dbg_lvl != SSSDBG_INVALID) { \ debug_level = debug_convert_old_level(dbg_lvl); \ } else { \ debug_level = SSSDBG_UNRESOLVED; \ } \ \ talloc_set_log_fn(talloc_log_fn); \ } while (0) #define PRINT(fmt, ...) fprintf(stdout, gettext(fmt), ##__VA_ARGS__) #define ERROR(fmt, ...) fprintf(stderr, gettext(fmt), ##__VA_ARGS__) #ifndef discard_const #define discard_const(ptr) ((void *)((uintptr_t)(ptr))) #endif #ifndef NULL #define NULL 0 #endif #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) #define SSSD_MAIN_OPTS SSSD_DEBUG_OPTS #define FLAGS_NONE 0x0000 #define FLAGS_DAEMON 0x0001 #define FLAGS_INTERACTIVE 0x0002 #define FLAGS_PID_FILE 0x0004 #ifndef talloc_zfree #define talloc_zfree(ptr) do { talloc_free(discard_const(ptr)); ptr = NULL; } while(0) #endif #ifndef discard_const_p #if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T) # define discard_const_p(type, ptr) ((type *)((intptr_t)(ptr))) #else # define discard_const_p(type, ptr) ((type *)(ptr)) #endif #endif #define TEVENT_REQ_RETURN_ON_ERROR(req) do { \ enum tevent_req_state TRROEstate; \ uint64_t TRROEerr; \ \ if (tevent_req_is_error(req, &TRROEstate, &TRROEerr)) { \ if (TRROEstate == TEVENT_REQ_USER_ERROR) { \ return TRROEerr; \ } \ return ERR_INTERNAL; \ } \ } while (0) #define OUT_OF_ID_RANGE(id, min, max) \ (id == 0 || (min && (id < min)) || (max && (id > max))) #include "util/dlinklist.h" /* From debug.c */ void ldb_debug_messages(void *context, enum ldb_debug_level level, const char *fmt, va_list ap); int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec); int open_debug_file(void); int rotate_debug_files(void); void talloc_log_fn(const char *msg); /* From sss_log.c */ #define SSS_LOG_EMERG 0 /* system is unusable */ #define SSS_LOG_ALERT 1 /* action must be taken immediately */ #define SSS_LOG_CRIT 2 /* critical conditions */ #define SSS_LOG_ERR 3 /* error conditions */ #define SSS_LOG_WARNING 4 /* warning conditions */ #define SSS_LOG_NOTICE 5 /* normal but significant condition */ #define SSS_LOG_INFO 6 /* informational */ #define SSS_LOG_DEBUG 7 /* debug-level messages */ void sss_log(int priority, const char *format, ...) SSS_ATTRIBUTE_PRINTF(2, 3); /* from server.c */ struct main_context { struct tevent_context *event_ctx; struct confdb_ctx *confdb_ctx; pid_t parent_pid; }; int die_if_parent_died(void); int pidfile(const char *path, const char *name); int server_setup(const char *name, int flags, const char *conf_entry, struct main_context **main_ctx); void server_loop(struct main_context *main_ctx); void sig_term(int sig); /* from signal.c */ #include void BlockSignals(bool block, int signum); void (*CatchSignal(int signum,void (*handler)(int )))(int); void CatchChild(void); void CatchChildLeaveStatus(void); /* from memory.c */ typedef int (void_destructor_fn_t)(void *); struct mem_holder { void *mem; void_destructor_fn_t *fn; }; void *sss_mem_attach(TALLOC_CTX *mem_ctx, void *ptr, void_destructor_fn_t *fn); int password_destructor(void *memctx); /* from usertools.c */ char *get_username_from_uid(TALLOC_CTX *mem_ctx, uid_t uid); char *get_uppercase_realm(TALLOC_CTX *memctx, const char *name); #define FQ_FMT_NAME 0x01 #define FQ_FMT_DOMAIN 0x02 #define FQ_FMT_FLAT_NAME 0x04 struct sss_names_ctx { char *re_pattern; char *fq_fmt; uint8_t fq_flags; pcre *re; }; /* initialize sss_names_ctx directly from arguments */ int sss_names_init_from_args(TALLOC_CTX *mem_ctx, const char *re_pattern, const char *fq_fmt, struct sss_names_ctx **out); /* initialize sss_names_ctx from domain configuration */ int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *domain, struct sss_names_ctx **out); int sss_parse_name(TALLOC_CTX *memctx, struct sss_names_ctx *snctx, const char *orig, char **_domain, char **_name); char * sss_get_cased_name(TALLOC_CTX *mem_ctx, const char *orig_name, bool case_sensitive); errno_t sss_get_cased_name_list(TALLOC_CTX *mem_ctx, const char * const *orig, bool case_sensitive, const char ***_cased); /* Return fully-qualified name according to the fq_fmt. The name is allocated using * talloc on top of mem_ctx */ char * sss_tc_fqname(TALLOC_CTX *mem_ctx, struct sss_names_ctx *nctx, struct sss_domain_info *domain, const char *name); /* Return fully-qualified name formatted according to the fq_fmt. The buffer in "str" is * "size" bytes long. Returns the number of bytes written on success or a negative * value of failure. */ int sss_fqname(char *str, size_t size, struct sss_names_ctx *nctx, struct sss_domain_info *domain, const char *name); size_t sss_fqdom_len(struct sss_names_ctx *nctx, struct sss_domain_info *domain); /* Subdomains use fully qualified names in the cache while primary domains use * just the name. Return either of these for a specified domain or subdomain */ char * sss_get_domain_name(TALLOC_CTX *mem_ctx, const char *orig_name, struct sss_domain_info *dom); /* from backup-file.c */ int backup_file(const char *src, int dbglvl); /* from check_and_open.c */ enum check_file_type { CHECK_DONT_CHECK_FILE_TYPE = -1, CHECK_REG, CHECK_DIR, CHECK_CHR, CHECK_BLK, CHECK_FIFO, CHECK_LNK, CHECK_SOCK }; /* check_file() * Verify that a file has certain permissions and/or is of a certain * file type. This function can be used to determine if a file is a * symlink. * Warning: use of this function implies a potential race condition * Opening a file before or after checking it does NOT guarantee that * it is still the same file. Additional checks should be performed * on the caller_stat_buf to ensure that it has the same device and * inode to minimize impact. Permission changes may have occurred, * however. */ errno_t check_file(const char *filename, const int uid, const int gid, const int mode, enum check_file_type type, struct stat *caller_stat_buf, bool follow_symlink); /* check_fd() * Verify that an open file descriptor has certain permissions and/or * is of a certain file type. This function CANNOT detect symlinks, * as the file is already open and symlinks have been traversed. This * is the safer way to perform file checks and should be preferred * over check_file for nearly all situations. */ errno_t check_fd(int fd, const int uid, const int gid, const int mode, enum check_file_type type, struct stat *caller_stat_buf); /* check_and_open_readonly() * Utility function to open a file and verify that it has certain * permissions and is of a certain file type. This function wraps * check_fd(), and is considered race-condition safe. */ errno_t check_and_open_readonly(const char *filename, int *fd, const uid_t uid, const gid_t gid, const mode_t mode, enum check_file_type type); /* from util.c */ int split_on_separator(TALLOC_CTX *mem_ctx, const char *str, const char sep, bool trim, bool skip_empty, char ***_list, int *size); char **parse_args(const char *str); errno_t sss_hash_create(TALLOC_CTX *mem_ctx, unsigned long count, hash_table_t **tbl); errno_t sss_hash_create_ex(TALLOC_CTX *mem_ctx, unsigned long count, hash_table_t **tbl, unsigned int directory_bits, unsigned int segment_bits, unsigned long min_load_factor, unsigned long max_load_factor, hash_delete_callback *delete_callback, void *delete_private_data); /* Copy a NULL-terminated string list * Returns NULL on out of memory error or invalid input */ char **dup_string_list(TALLOC_CTX *memctx, const char **str_list); /* Take two string lists (terminated on a NULL char*) * and return up to three arrays of strings based on * shared ownership. * * Pass NULL to any return type you don't care about */ errno_t diff_string_lists(TALLOC_CTX *memctx, char **string1, char **string2, char ***string1_only, char ***string2_only, char ***both_strings); /* Sanitize an input string (e.g. a username) for use in * an LDAP/LDB filter * Returns a newly-constructed string attached to mem_ctx * It will fail only on an out of memory condition, where it * will return ENOMEM. */ errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx, const char *input, char **sanitized); errno_t sss_filter_sanitize_for_dom(TALLOC_CTX *mem_ctx, const char *input, struct sss_domain_info *dom, char **sanitized, char **lc_sanitized); char * sss_escape_ip_address(TALLOC_CTX *mem_ctx, int family, const char *addr); /* This function only removes first and last * character if the first character was '['. * * NOTE: This means, that ipv6addr must NOT be followed * by port number. */ errno_t remove_ipv6_brackets(char *ipv6addr); errno_t add_string_to_list(TALLOC_CTX *mem_ctx, const char *string, char ***list_p); bool string_in_list(const char *string, char **list, bool case_sensitive); /** * @brief Safely zero a segment of memory, * prevents the compiler from optimizing out * * @param data The address of buffer to wipe * @param size Size of the buffer */ void safezero(void *data, size_t size); int domain_to_basedn(TALLOC_CTX *memctx, const char *domain, char **basedn); bool is_host_in_domain(const char *host, const char *domain); /* from nscd.c */ enum nscd_db { NSCD_DB_PASSWD, NSCD_DB_GROUP }; int flush_nscd_cache(enum nscd_db flush_db); errno_t sss_nscd_parse_conf(const char *conf_path); /* from sss_tc_utf8.c */ char * sss_tc_utf8_str_tolower(TALLOC_CTX *mem_ctx, const char *s); uint8_t * sss_tc_utf8_tolower(TALLOC_CTX *mem_ctx, const uint8_t *s, size_t len, size_t *_nlen); bool sss_string_equal(bool cs, const char *s1, const char *s2); /* len includes terminating '\0' */ struct sized_string { const char *str; size_t len; }; void to_sized_string(struct sized_string *out, const char *in); /* from domain_info.c */ struct sss_domain_info *get_domains_head(struct sss_domain_info *domain); struct sss_domain_info *get_next_domain(struct sss_domain_info *domain, bool descend); struct sss_domain_info *find_subdomain_by_name(struct sss_domain_info *domain, const char *name, bool match_any); struct sss_domain_info *find_subdomain_by_sid(struct sss_domain_info *domain, const char *sid); struct sss_domain_info * find_subdomain_by_object_name(struct sss_domain_info *domain, const char *object_name); bool subdomain_enumerates(struct sss_domain_info *parent, const char *sd_name); struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, struct sss_domain_info *parent, const char *name, const char *realm, const char *flat_name, const char *id, bool mpg, bool enumerate, const char *forest); errno_t sssd_domain_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *domain_name, const char *db_path, struct sss_domain_info **_domain); #define IS_SUBDOMAIN(dom) ((dom)->parent != NULL) errno_t sss_write_domain_mappings(struct sss_domain_info *domain, bool add_capaths); /* from util_lock.c */ errno_t sss_br_lock_file(int fd, size_t start, size_t len, int num_tries, useconds_t wait); #include "io.h" #ifdef HAVE_PAC_RESPONDER #define BUILD_WITH_PAC_RESPONDER true #else #define BUILD_WITH_PAC_RESPONDER false #endif #endif /* __SSSD_UTIL_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/check_and_open.c0000644000000000000000000000007412320753107020403 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.677874934 sssd-1.11.5/src/util/check_and_open.c0000664002412700241270000001146412320753107020633 0ustar00jhrozekjhrozek00000000000000/* SSSD Check file permissions and open file Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "util/util.h" static errno_t perform_checks(struct stat *stat_buf, const int uid, const int gid, const int mode, enum check_file_type type); errno_t check_file(const char *filename, const int uid, const int gid, const int mode, enum check_file_type type, struct stat *caller_stat_buf, bool follow_symlink) { int ret; struct stat local_stat_buf; struct stat *stat_buf; if (caller_stat_buf == NULL) { stat_buf = &local_stat_buf; } else { stat_buf = caller_stat_buf; } ret = follow_symlink ? stat(filename, stat_buf) : \ lstat(filename, stat_buf); if (ret == -1) { DEBUG(SSSDBG_TRACE_FUNC, ("lstat for [%s] failed: [%d][%s].\n", filename, errno, strerror(errno))); return errno; } return perform_checks(stat_buf, uid, gid, mode, type); } errno_t check_fd(int fd, const int uid, const int gid, const int mode, enum check_file_type type, struct stat *caller_stat_buf) { int ret; struct stat local_stat_buf; struct stat *stat_buf; if (caller_stat_buf == NULL) { stat_buf = &local_stat_buf; } else { stat_buf = caller_stat_buf; } ret = fstat(fd, stat_buf); if (ret == -1) { DEBUG(1, ("fstat for [%d] failed: [%d][%s].\n", fd, errno, strerror(errno))); return errno; } return perform_checks(stat_buf, uid, gid, mode, type); } static errno_t perform_checks(struct stat *stat_buf, const int uid, const int gid, const int mode, enum check_file_type type) { bool type_check; switch (type) { case CHECK_DONT_CHECK_FILE_TYPE: type_check = true; break; case CHECK_REG: type_check = S_ISREG(stat_buf->st_mode); break; case CHECK_DIR: type_check = S_ISDIR(stat_buf->st_mode); break; case CHECK_CHR: type_check = S_ISCHR(stat_buf->st_mode); break; case CHECK_BLK: type_check = S_ISBLK(stat_buf->st_mode); break; case CHECK_FIFO: type_check = S_ISFIFO(stat_buf->st_mode); break; case CHECK_LNK: type_check = S_ISLNK(stat_buf->st_mode); break; case CHECK_SOCK: type_check = S_ISSOCK(stat_buf->st_mode); break; default: DEBUG(1, ("Unsupported file type.\n")); return EINVAL; } if (!type_check) { DEBUG(1, ("File is not the right type.\n")); return EINVAL; } if (mode >= 0 && (stat_buf->st_mode & ~S_IFMT) != mode) { DEBUG(1, ("File has the wrong mode [%.7o], expected [%.7o].\n", (stat_buf->st_mode & ~S_IFMT), mode)); return EINVAL; } if (uid >= 0 && stat_buf->st_uid != uid) { DEBUG(1, ("File must be owned by uid [%d].\n", uid)); return EINVAL; } if (gid >= 0 && stat_buf->st_gid != gid) { DEBUG(1, ("File must be owned by gid [%d].\n", gid)); return EINVAL; } return EOK; } errno_t check_and_open_readonly(const char *filename, int *fd, const uid_t uid, const gid_t gid, const mode_t mode, enum check_file_type type) { int ret; struct stat stat_buf; *fd = open(filename, O_RDONLY); if (*fd == -1) { DEBUG(1, ("open [%s] failed: [%d][%s].\n", filename, errno, strerror(errno))); return errno; } ret = check_fd(*fd, uid, gid, mode, type, &stat_buf); if (ret != EOK) { close(*fd); *fd = -1; DEBUG(1, ("check_fd failed.\n")); return ret; } return EOK; } sssd-1.11.5/src/util/PaxHeaders.13173/sss_ldap.h0000644000000000000000000000007412320753107017300 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.423875121 sssd-1.11.5/src/util/sss_ldap.h0000664002412700241270000000547512320753107017535 0ustar00jhrozekjhrozek00000000000000/* Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SSS_LDAP_H__ #define __SSS_LDAP_H__ #include #include #include #include #include #ifndef LDAP_CONTROL_PWEXPIRED #define LDAP_CONTROL_PWEXPIRED "2.16.840.1.113730.3.4.4" #endif #ifndef LDAP_CONTROL_PWEXPIRING #define LDAP_CONTROL_PWEXPIRING "2.16.840.1.113730.3.4.5" #endif #ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE #define SDAP_DIAGNOSTIC_MESSAGE LDAP_OPT_DIAGNOSTIC_MESSAGE #else #ifdef LDAP_OPT_ERROR_STRING #define SDAP_DIAGNOSTIC_MESSAGE LDAP_OPT_ERROR_STRING #else #error No extended diagnostic message available #endif #endif const char* sss_ldap_err2string(int err); int sss_ldap_get_diagnostic_msg(TALLOC_CTX *mem_ctx, LDAP *ld, char **_errmsg); #ifndef LDAP_SERVER_ASQ_OID #define LDAP_SERVER_ASQ_OID "1.2.840.113556.1.4.1504" #endif /* LDAP_SERVER_ASQ_OID */ int sss_ldap_control_create(const char *oid, int iscritical, struct berval *value, int dupval, LDAPControl **ctrlp); struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *uri, struct sockaddr_storage *addr, int addr_len, int timeout); int sss_ldap_init_recv(struct tevent_req *req, LDAP **ldap, int *sd); struct sdap_options; struct sdap_search_base; bool sss_ldap_dn_in_search_bases(TALLOC_CTX *mem_ctx, const char *dn, struct sdap_search_base **search_bases, char **_filter); bool sss_ldap_dn_in_search_bases_len(TALLOC_CTX *mem_ctx, const char *dn, struct sdap_search_base **search_bases, char **_filter, int *_match_len); char *sss_ldap_encode_ndr_uint32(TALLOC_CTX *mem_ctx, uint32_t flags); #endif /* __SSS_LDAP_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/util_sss_idmap.c0000644000000000000000000000007412320753107020502 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.686874927 sssd-1.11.5/src/util/util_sss_idmap.c0000664002412700241270000000170612320753107020730 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util_sss_idmap.h" void *sss_idmap_talloc(size_t size, void *pvt) { return talloc_size(pvt, size); } void sss_idmap_talloc_free(void *ptr, void *pvt) { talloc_free(ptr); } sssd-1.11.5/src/util/PaxHeaders.13173/backup_file.c0000644000000000000000000000007412320753107017727 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.676874934 sssd-1.11.5/src/util/backup_file.c0000664002412700241270000000630612320753107020156 0ustar00jhrozekjhrozek00000000000000/* SSSD Backup files Copyright (C) Simo Sorce 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include #include #include #define BUFFER_SIZE 65536 int backup_file(const char *src_file, int dbglvl) { TALLOC_CTX *tmp_ctx = NULL; char buf[BUFFER_SIZE]; int src_fd = -1; int dst_fd = -1; char *dst_file; ssize_t numread; ssize_t written; int ret, i; src_fd = open(src_file, O_RDONLY); if (src_fd < 0) { ret = errno; DEBUG(dbglvl, ("Error (%d [%s]) opening source file %s\n", ret, strerror(ret), src_file)); goto done; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } /* try a few times to come up with a new backup file, then give up */ for (i = 0; i < 10; i++) { if (i == 0) { dst_file = talloc_asprintf(tmp_ctx, "%s.bak", src_file); } else { dst_file = talloc_asprintf(tmp_ctx, "%s.bak%d", src_file, i); } if (!dst_file) { ret = ENOMEM; goto done; } errno = 0; dst_fd = open(dst_file, O_CREAT|O_EXCL|O_WRONLY, 0600); ret = errno; if (dst_fd >= 0) break; if (ret != EEXIST) { DEBUG(dbglvl, ("Error (%d [%s]) opening destination file %s\n", ret, strerror(ret), dst_file)); goto done; } } if (ret != 0) { DEBUG(dbglvl, ("Error (%d [%s]) opening destination file %s\n", ret, strerror(ret), dst_file)); goto done; } /* copy file contents */ while (1) { errno = 0; numread = sss_atomic_read_s(src_fd, buf, BUFFER_SIZE); if (numread < 0) { ret = errno; DEBUG(dbglvl, ("Error (%d [%s]) reading from source %s\n", ret, strerror(ret), src_file)); goto done; } if (numread == 0) break; errno = 0; written = sss_atomic_write_s(dst_fd, buf, numread); if (written == -1) { ret = errno; DEBUG(dbglvl, ("Error (%d [%s]) writing to destination %s\n", ret, strerror(ret), dst_file)); goto done; } if (written != numread) { DEBUG(dbglvl, ("Wrote %zd bytes expected %zd bytes\n", written, numread)); ret = EIO; goto done; } } ret = EOK; done: if (src_fd != -1) close(src_fd); if (dst_fd != -1) close(dst_fd); talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/util/PaxHeaders.13173/sss_krb5.c0000644000000000000000000000007312320753107017215 xustar000000000000000030 atime=1396954939.277891423 29 ctime=1396954961.56087502 sssd-1.11.5/src/util/sss_krb5.c0000664002412700241270000007733612320753107017460 0ustar00jhrozekjhrozek00000000000000/* Authors: Sumit Bose Copyright (C) 2009-2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "config.h" #include "util/util.h" #include "util/sss_krb5.h" static char * get_primary(TALLOC_CTX *mem_ctx, const char *pattern, const char *hostname) { char *primary; char *dot; char *c; char *shortname; if (strcmp(pattern, "%S$") == 0) { shortname = talloc_strdup(mem_ctx, hostname); if (!shortname) return NULL; dot = strchr(shortname, '.'); if (dot) { *dot = '\0'; } for (c=shortname; *c != '\0'; ++c) { *c = toupper(*c); } primary = talloc_asprintf(mem_ctx, "%s$", shortname); talloc_free(shortname); return primary; } return talloc_asprintf(mem_ctx, pattern, hostname); } errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, const char *hostname, const char *desired_realm, const char *keytab_name, char **_principal, char **_primary, char **_realm) { krb5_error_code kerr = 0; krb5_context krb_ctx = NULL; krb5_keytab keytab = NULL; krb5_principal client_princ = NULL; TALLOC_CTX *tmp_ctx; char *primary = NULL; char *realm = NULL; int i = 0; errno_t ret; char *principal_string; const char *realm_name; int realm_len; /** * The %s conversion is passed as-is, the %S conversion is translated to * "short host name" * * Priority of lookup: * - our.hostname@REALM or host/our.hostname@REALM depending on the input * - SHORT.HOSTNAME$@REALM (AD domain) * - host/our.hostname@REALM * - foobar$@REALM (AD domain) * - host/foobar@REALM * - host/foo@BAR * - pick the first principal in the keytab */ const char *primary_patterns[] = {"%s", "%S$", "host/%s", "*$", "host/*", "host/*", NULL}; const char *realm_patterns[] = {"%s", "%s", "%s", "%s", "%s", NULL, NULL}; DEBUG(5, ("trying to select the most appropriate principal from keytab\n")); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { DEBUG(1, ("talloc_new failed\n")); return ENOMEM; } kerr = krb5_init_context(&krb_ctx); if (kerr) { DEBUG(2, ("Failed to init kerberos context\n")); ret = EFAULT; goto done; } if (keytab_name != NULL) { kerr = krb5_kt_resolve(krb_ctx, keytab_name, &keytab); } else { kerr = krb5_kt_default(krb_ctx, &keytab); } if (kerr) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to read keytab [%s]: %s\n", KEYTAB_CLEAN_NAME, sss_krb5_get_error_message(krb_ctx, kerr))); ret = EFAULT; goto done; } if (!desired_realm) { desired_realm = "*"; } if (!hostname) { hostname = "*"; } do { if (primary_patterns[i]) { primary = get_primary(tmp_ctx, primary_patterns[i], hostname); if (primary == NULL) { ret = ENOMEM; goto done; } } else { primary = NULL; } if (realm_patterns[i]) { realm = talloc_asprintf(tmp_ctx, realm_patterns[i], desired_realm); if (realm == NULL) { ret = ENOMEM; goto done; } } else { realm = NULL; } kerr = find_principal_in_keytab(krb_ctx, keytab, primary, realm, &client_princ); talloc_zfree(primary); talloc_zfree(realm); if (kerr == 0) { break; } if (client_princ != NULL) { krb5_free_principal(krb_ctx, client_princ); client_princ = NULL; } i++; } while(primary_patterns[i-1] != NULL || realm_patterns[i-1] != NULL); if (kerr == 0) { if (_principal) { kerr = krb5_unparse_name(krb_ctx, client_princ, &principal_string); if (kerr) { DEBUG(1, ("krb5_unparse_name failed")); ret = EFAULT; goto done; } *_principal = talloc_strdup(mem_ctx, principal_string); free(principal_string); if (!*_principal) { DEBUG(1, ("talloc_strdup failed")); ret = ENOMEM; goto done; } DEBUG(5, ("Selected principal: %s\n", *_principal)); } if (_primary) { kerr = sss_krb5_unparse_name_flags(krb_ctx, client_princ, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &principal_string); if (kerr) { DEBUG(1, ("krb5_unparse_name failed")); ret = EFAULT; goto done; } *_primary = talloc_strdup(mem_ctx, principal_string); free(principal_string); if (!*_primary) { DEBUG(1, ("talloc_strdup failed")); if (_principal) talloc_zfree(*_principal); ret = ENOMEM; goto done; } DEBUG(5, ("Selected primary: %s\n", *_primary)); } if (_realm) { sss_krb5_princ_realm(krb_ctx, client_princ, &realm_name, &realm_len); *_realm = talloc_asprintf(mem_ctx, "%.*s", realm_len, realm_name); if (!*_realm) { DEBUG(1, ("talloc_asprintf failed")); if (_principal) talloc_zfree(*_principal); if (_primary) talloc_zfree(*_primary); ret = ENOMEM; goto done; } DEBUG(5, ("Selected realm: %s\n", *_realm)); } ret = EOK; } else { DEBUG(3, ("No suitable principal found in keytab\n")); ret = ENOENT; } done: if (keytab) krb5_kt_close(krb_ctx, keytab); if (krb_ctx) krb5_free_context(krb_ctx); if (client_princ != NULL) { krb5_free_principal(krb_ctx, client_princ); client_princ = NULL; } talloc_free(tmp_ctx); return ret; } int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, krb5_context context, krb5_keytab keytab) { bool found; char *kt_principal; krb5_error_code krberr; krb5_kt_cursor cursor; krb5_keytab_entry entry; krberr = krb5_kt_start_seq_get(context, keytab, &cursor); if (krberr) { DEBUG(SSSDBG_FATAL_FAILURE, ("Cannot read keytab [%s].\n", KEYTAB_CLEAN_NAME)); sss_log(SSS_LOG_ERR, "Error reading keytab file [%s]: [%d][%s]. " "Unable to create GSSAPI-encrypted LDAP " "connection.", KEYTAB_CLEAN_NAME, krberr, sss_krb5_get_error_message(context, krberr)); return EIO; } found = false; while((krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ krberr = krb5_unparse_name(context, entry.principal, &kt_principal); if (krberr) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not parse keytab entry\n")); sss_log(SSS_LOG_ERR, "Could not parse keytab entry\n"); return EIO; } if (strcmp(principal, kt_principal) == 0) { found = true; } free(kt_principal); krberr = sss_krb5_free_keytab_entry_contents(context, &entry); if (krberr) { /* This should never happen. The API docs for this function * specify only success for this function */ DEBUG(1,("Could not free keytab entry contents\n")); /* This is non-fatal, so we'll continue here */ } if (found) { break; } } krberr = krb5_kt_end_seq_get(context, keytab, &cursor); if (krberr) { DEBUG(0, ("Could not close keytab.\n")); sss_log(SSS_LOG_ERR, "Could not close keytab file [%s].", KEYTAB_CLEAN_NAME); return EIO; } if (!found) { DEBUG(SSSDBG_FATAL_FAILURE, ("Principal [%s] not found in keytab [%s]\n", principal, KEYTAB_CLEAN_NAME)); sss_log(SSS_LOG_ERR, "Error processing keytab file [%s]: " "Principal [%s] was not found. " "Unable to create GSSAPI-encrypted LDAP connection.", KEYTAB_CLEAN_NAME, principal); return EFAULT; } return EOK; } enum matching_mode {MODE_NORMAL, MODE_PREFIX, MODE_POSTFIX}; /** * We only have primary and instances stored separately, we need to * join them to one string and compare that string. * * @param ctx kerberos context * @param principal principal we want to match * @param pattern_primary primary part of the principal we want to * perform matching against. It is possible to use * wildcard * at the beginning or at the end of the string. If NULL, it * will act as "*" * @param pattern_realm realm part of the principal we want to perform * the matching against. If NULL, it will act as "*" */ static bool match_principal(krb5_context ctx, krb5_principal principal, const char *pattern_primary, const char *pattern_realm) { char *primary = NULL; char *primary_str = NULL; int primary_str_len = 0; int tmp_len; int len_diff; const char *realm_name; int realm_len; enum matching_mode mode = MODE_NORMAL; TALLOC_CTX *tmp_ctx; bool ret = false; sss_krb5_princ_realm(ctx, principal, &realm_name, &realm_len); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { DEBUG(1, ("talloc_new failed\n")); return false; } if (pattern_primary) { tmp_len = strlen(pattern_primary); if (pattern_primary[tmp_len-1] == '*') { mode = MODE_PREFIX; primary_str = talloc_strdup(tmp_ctx, pattern_primary); primary_str[tmp_len-1] = '\0'; primary_str_len = tmp_len-1; } else if (pattern_primary[0] == '*') { mode = MODE_POSTFIX; primary_str = talloc_strdup(tmp_ctx, pattern_primary+1); primary_str_len = tmp_len-1; } sss_krb5_unparse_name_flags(ctx, principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &primary); len_diff = strlen(primary)-primary_str_len; if ((mode == MODE_NORMAL && strcmp(primary, pattern_primary) != 0) || (mode == MODE_PREFIX && strncmp(primary, primary_str, primary_str_len) != 0) || (mode == MODE_POSTFIX && strcmp(primary+len_diff, primary_str) != 0)) { goto done; } } if (!pattern_realm || (realm_len == strlen(pattern_realm) && strncmp(realm_name, pattern_realm, realm_len) == 0)) { DEBUG(7, ("Principal matched to the sample (%s@%s).\n", pattern_primary, pattern_realm)); ret = true; } done: free(primary); talloc_free(tmp_ctx); return ret; } krb5_error_code find_principal_in_keytab(krb5_context ctx, krb5_keytab keytab, const char *pattern_primary, const char *pattern_realm, krb5_principal *princ) { krb5_error_code kerr; krb5_error_code kt_err; krb5_error_code kerr_d; krb5_kt_cursor cursor; krb5_keytab_entry entry; bool principal_found = false; memset(&cursor, 0, sizeof(cursor)); kerr = krb5_kt_start_seq_get(ctx, keytab, &cursor); if (kerr != 0) { DEBUG(1, ("krb5_kt_start_seq_get failed.\n")); return kerr; } DEBUG(9, ("Trying to find principal %s@%s in keytab.\n", pattern_primary, pattern_realm)); memset(&entry, 0, sizeof(entry)); while ((kt_err = krb5_kt_next_entry(ctx, keytab, &entry, &cursor)) == 0) { principal_found = match_principal(ctx, entry.principal, pattern_primary, pattern_realm); if (principal_found) { break; } kerr = sss_krb5_free_keytab_entry_contents(ctx, &entry); if (kerr != 0) { DEBUG(1, ("Failed to free keytab entry.\n")); } memset(&entry, 0, sizeof(entry)); } /* Close the keytab here. Even though we're using cursors, the file * handle is stored in the krb5_keytab structure, and it gets * overwritten by other keytab calls, creating a leak. */ kerr = krb5_kt_end_seq_get(ctx, keytab, &cursor); if (kerr != 0) { DEBUG(1, ("krb5_kt_end_seq_get failed.\n")); goto done; } if (!principal_found) { kerr = KRB5_KT_NOTFOUND; DEBUG(SSSDBG_TRACE_FUNC, ("No principal matching %s@%s found in keytab.\n", pattern_primary, pattern_realm)); goto done; } /* check if we got any errors from krb5_kt_next_entry */ if (kt_err != 0 && kt_err != KRB5_KT_END) { DEBUG(1, ("Error while reading keytab.\n")); goto done; } kerr = krb5_copy_principal(ctx, entry.principal, princ); if (kerr != 0) { DEBUG(1, ("krb5_copy_principal failed.\n")); goto done; } kerr = 0; done: kerr_d = sss_krb5_free_keytab_entry_contents(ctx, &entry); if (kerr_d != 0) { DEBUG(1, ("Failed to free keytab entry.\n")); } return kerr; } const char *KRB5_CALLCONV sss_krb5_get_error_message(krb5_context ctx, krb5_error_code ec) { #ifdef HAVE_KRB5_GET_ERROR_MESSAGE return krb5_get_error_message(ctx, ec); #else int ret; char *s = NULL; int size = sizeof("Kerberos error [XXXXXXXXXXXX]"); s = malloc(sizeof(char) * (size)); if (s == NULL) { return NULL; } ret = snprintf(s, size, "Kerberos error [%12d]", ec); if (ret < 0 || ret >= size) { free(s); return NULL; } return s; #endif } void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context ctx, const char *s) { #ifdef HAVE_KRB5_GET_ERROR_MESSAGE krb5_free_error_message(ctx, s); #else free(s); #endif return; } krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_alloc( krb5_context context, krb5_get_init_creds_opt **opt) { #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC return krb5_get_init_creds_opt_alloc(context, opt); #else *opt = calloc(1, sizeof(krb5_get_init_creds_opt)); if (*opt == NULL) { return ENOMEM; } krb5_get_init_creds_opt_init(*opt); return 0; #endif } void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context, krb5_get_init_creds_opt *opt) { #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC krb5_get_init_creds_opt_free(context, opt); #else free(opt); #endif return; } void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name) { #ifdef HAVE_KRB5_FREE_UNPARSED_NAME krb5_free_unparsed_name(context, name); #else if (name != NULL) { memset(name, 0, strlen(name)); free(name); } #endif } krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_expire_callback( krb5_context context, krb5_get_init_creds_opt *opt, krb5_expire_callback_func cb, void *data) { #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_EXPIRE_CALLBACK return krb5_get_init_creds_opt_set_expire_callback(context, opt, cb, data); #else DEBUG(5, ("krb5_get_init_creds_opt_set_expire_callback not available.\n")); return 0; #endif } errno_t check_fast(const char *str, bool *use_fast) { #if HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_FLAGS if (strcasecmp(str, "never") == 0 ) { *use_fast = false; } else if (strcasecmp(str, "try") == 0 || strcasecmp(str, "demand") == 0) { *use_fast = true; } else { sss_log(SSS_LOG_ALERT, "Unsupported value [%s] for option krb5_use_fast," "please use never, try, or demand.\n", str); return EINVAL; } return EOK; #else sss_log(SSS_LOG_ALERT, "This build of sssd done not support FAST. " "Please remove option krb5_use_fast.\n"); return EINVAL; #endif } krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_fast_ccache_name( krb5_context context, krb5_get_init_creds_opt *opt, const char *fast_ccache_name) { #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_CCACHE_NAME return krb5_get_init_creds_opt_set_fast_ccache_name(context, opt, fast_ccache_name); #else DEBUG(5, ("krb5_get_init_creds_opt_set_fast_ccache_name not available.\n")); return 0; #endif } krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_fast_flags( krb5_context context, krb5_get_init_creds_opt *opt, krb5_flags flags) { #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_FAST_FLAGS return krb5_get_init_creds_opt_set_fast_flags(context, opt, flags); #else DEBUG(5, ("krb5_get_init_creds_opt_set_fast_flags not available.\n")); return 0; #endif } #ifndef HAVE_KRB5_UNPARSE_NAME_FLAGS #ifndef REALM_SEP #define REALM_SEP '@' #endif #ifndef COMPONENT_SEP #define COMPONENT_SEP '/' #endif static int sss_krb5_copy_component_quoting(char *dest, const krb5_data *src, int flags) { int j; const char *cp = src->data; char *q = dest; int length = src->length; if (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) { memcpy(dest, src->data, src->length); return src->length; } for (j=0; j < length; j++,cp++) { int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) && !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT); switch (*cp) { case REALM_SEP: if (no_realm) { *q++ = *cp; break; } case COMPONENT_SEP: case '\\': *q++ = '\\'; *q++ = *cp; break; case '\t': *q++ = '\\'; *q++ = 't'; break; case '\n': *q++ = '\\'; *q++ = 'n'; break; case '\b': *q++ = '\\'; *q++ = 'b'; break; case '\0': *q++ = '\\'; *q++ = '0'; break; default: *q++ = *cp; } } return q - dest; } static int sss_krb5_component_length_quoted(const krb5_data *src, int flags) { const char *cp = src->data; int length = src->length; int j; int size = length; if ((flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) == 0) { int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) && !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT); for (j = 0; j < length; j++,cp++) if ((!no_realm && *cp == REALM_SEP) || *cp == COMPONENT_SEP || *cp == '\0' || *cp == '\\' || *cp == '\t' || *cp == '\n' || *cp == '\b') size++; } return size; } #endif /* HAVE_KRB5_UNPARSE_NAME_FLAGS */ krb5_error_code sss_krb5_parse_name_flags(krb5_context context, const char *name, int flags, krb5_principal *principal) { #ifdef HAVE_KRB5_PARSE_NAME_FLAGS return krb5_parse_name_flags(context, name, flags, principal); #else if (flags != 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("krb5_parse_name_flags not available on " \ "this plattform, names are parsed " \ "without flags. Some features like " \ "enterprise principals might not work " \ "as expected.\n")); } return krb5_parse_name(context, name, principal); #endif } krb5_error_code sss_krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, int flags, char **name) { #ifdef HAVE_KRB5_UNPARSE_NAME_FLAGS return krb5_unparse_name_flags(context, principal, flags, name); #else char *cp, *q; int i; int length; krb5_int32 nelem; unsigned int totalsize = 0; char *default_realm = NULL; krb5_error_code ret = 0; if (name != NULL) *name = NULL; if (!principal || !name) return KRB5_PARSE_MALFORMED; if (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) { /* omit realm if local realm */ krb5_principal_data p; ret = krb5_get_default_realm(context, &default_realm); if (ret != 0) goto cleanup; krb5_princ_realm(context, &p)->length = strlen(default_realm); krb5_princ_realm(context, &p)->data = default_realm; if (krb5_realm_compare(context, &p, principal)) flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM; } if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) { totalsize += sss_krb5_component_length_quoted(krb5_princ_realm(context, principal), flags); totalsize++; } nelem = krb5_princ_size(context, principal); for (i = 0; i < (int) nelem; i++) { cp = krb5_princ_component(context, principal, i)->data; totalsize += sss_krb5_component_length_quoted(krb5_princ_component(context, principal, i), flags); totalsize++; } if (nelem == 0) totalsize++; *name = malloc(totalsize); if (!*name) { ret = ENOMEM; goto cleanup; } q = *name; for (i = 0; i < (int) nelem; i++) { cp = krb5_princ_component(context, principal, i)->data; length = krb5_princ_component(context, principal, i)->length; q += sss_krb5_copy_component_quoting(q, krb5_princ_component(context, principal, i), flags); *q++ = COMPONENT_SEP; } if (i > 0) q--; if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) { *q++ = REALM_SEP; q += sss_krb5_copy_component_quoting(q, krb5_princ_realm(context, principal), flags); } *q++ = '\0'; cleanup: free(default_realm); return ret; #endif /* HAVE_KRB5_UNPARSE_NAME_FLAGS */ } void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts, int canonicalize) { /* FIXME: The extra check for HAVE_KRB5_TICKET_TIMES is a workaround due to Heimdal * defining krb5_get_init_creds_opt_set_canonicalize() with a different set of * arguments. We should use a better configure check in the future. */ #if defined(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE) && defined(HAVE_KRB5_TICKET_TIMES) krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize); #else DEBUG(SSSDBG_OP_FAILURE, ("Kerberos principal canonicalization is not available!\n")); #endif } #ifdef HAVE_KRB5_PRINCIPAL_GET_REALM void sss_krb5_princ_realm(krb5_context context, krb5_const_principal princ, const char **realm, int *len) { *realm = krb5_principal_get_realm(context, princ); *len = strlen(*realm); } #else void sss_krb5_princ_realm(krb5_context context, krb5_const_principal princ, const char **realm, int *len) { const krb5_data *data; data = krb5_princ_realm(context, princ); if (data) { *realm = data->data; *len = data->length; } else { *realm = NULL; *len = 0; } } #endif #ifdef HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS krb5_error_code sss_krb5_free_keytab_entry_contents(krb5_context context, krb5_keytab_entry *entry) { return krb5_free_keytab_entry_contents(context, entry); } #else krb5_error_code sss_krb5_free_keytab_entry_contents(krb5_context context, krb5_keytab_entry *entry) { return krb5_kt_free_entry(context, entry); } #endif #ifdef HAVE_KRB5_SET_TRACE_CALLBACK #ifndef HAVE_KRB5_TRACE_INFO /* krb5-1.10 had struct krb5_trace_info, 1.11 has type named krb5_trace_info */ typedef struct krb5_trace_info krb5_trace_info; #endif /* HAVE_KRB5_TRACE_INFO */ static void sss_child_krb5_trace_cb(krb5_context context, const krb5_trace_info *info, void *data) { if (info == NULL) { /* Null info means destroy the callback data. */ return; } DEBUG(SSSDBG_TRACE_ALL, ("%s\n", info->message)); } errno_t sss_child_set_krb5_tracing(krb5_context ctx) { return krb5_set_trace_callback(ctx, sss_child_krb5_trace_cb, NULL); } #else /* HAVE_KRB5_SET_TRACE_CALLBACK */ errno_t sss_child_set_krb5_tracing(krb5_context ctx) { DEBUG(SSSDBG_CONF_SETTINGS, ("krb5 tracing is not available\n")); return 0; } #endif /* HAVE_KRB5_SET_TRACE_CALLBACK */ krb5_error_code sss_krb5_find_authdata(krb5_context context, krb5_authdata *const *ticket_authdata, krb5_authdata *const *ap_req_authdata, krb5_authdatatype ad_type, krb5_authdata ***results) { #ifdef HAVE_KRB5_FIND_AUTHDATA return krb5_find_authdata(context, ticket_authdata, ap_req_authdata, ad_type, results); #else return ENOTSUP; #endif } krb5_error_code sss_extract_pac(krb5_context ctx, krb5_ccache ccache, krb5_principal server_principal, krb5_principal client_principal, krb5_keytab keytab, krb5_authdata ***_pac_authdata) { #ifdef HAVE_PAC_RESPONDER krb5_error_code kerr; krb5_creds mcred; krb5_creds cred; krb5_authdata **pac_authdata = NULL; krb5_pac pac = NULL; int ret; krb5_ticket *ticket = NULL; krb5_keytab_entry entry; memset(&entry, 0, sizeof(entry)); memset(&mcred, 0, sizeof(mcred)); memset(&cred, 0, sizeof(mcred)); mcred.server = server_principal; mcred.client = client_principal; kerr = krb5_cc_retrieve_cred(ctx, ccache, 0, &mcred, &cred); if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_cc_retrieve_cred failed.\n")); goto done; } kerr = krb5_decode_ticket(&cred.ticket, &ticket); if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_decode_ticket failed.\n")); goto done; } kerr = krb5_server_decrypt_ticket_keytab(ctx, keytab, ticket); if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_server_decrypt_ticket_keytab failed.\n")); goto done; } kerr = sss_krb5_find_authdata(ctx, ticket->enc_part2->authorization_data, NULL, KRB5_AUTHDATA_WIN2K_PAC, &pac_authdata); if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_find_authdata failed.\n")); goto done; } if (pac_authdata == NULL || pac_authdata[0] == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("No PAC authdata available.\n")); kerr = ENOENT; goto done; } if (pac_authdata[1] != NULL) { DEBUG(SSSDBG_OP_FAILURE, ("More than one PAC autdata found.\n")); kerr = EINVAL; goto done; } kerr = krb5_pac_parse(ctx, pac_authdata[0]->contents, pac_authdata[0]->length, &pac); if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_pac_parse failed.\n")); goto done; } kerr = krb5_kt_get_entry(ctx, keytab, ticket->server, ticket->enc_part.kvno, ticket->enc_part.enctype, &entry); if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_kt_get_entry failed.\n")); goto done; } kerr = krb5_pac_verify(ctx, pac, 0, NULL, &entry.key, NULL); if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_pac_verify failed.\n")); goto done; } ret = unsetenv("_SSS_LOOPS"); if (ret != EOK) { DEBUG(1, ("Failed to unset _SSS_LOOPS, " "sss_pac_make_request will most certainly fail.\n")); } *_pac_authdata = pac_authdata; kerr = 0; done: if (kerr != 0) { krb5_free_authdata(ctx, pac_authdata); } if (entry.magic != 0) { krb5_free_keytab_entry_contents(ctx, &entry); } krb5_pac_free(ctx, pac); if (ticket != NULL) { krb5_free_ticket(ctx, ticket); } krb5_free_cred_contents(ctx, &cred); return kerr; #else return ENOTSUP; #endif } char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx, krb5_context ctx, krb5_principal principal, const char *location) { #ifdef HAVE_KRB5_CC_COLLECTION krb5_error_code kerr; krb5_ccache tmp_cc = NULL; char *tmp_ccname = NULL; char *ret_ccname = NULL; DEBUG(SSSDBG_TRACE_ALL, ("Location: [%s]\n", location)); kerr = krb5_cc_set_default_name(ctx, location); if (kerr != 0) { KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr); return NULL; } kerr = krb5_cc_cache_match(ctx, principal, &tmp_cc); if (kerr != 0) { const char *err_msg = sss_krb5_get_error_message(ctx, kerr); DEBUG(SSSDBG_TRACE_INTERNAL, ("krb5_cc_cache_match failed: [%d][%s]\n", kerr, err_msg)); sss_krb5_free_error_message(ctx, err_msg); return NULL; } kerr = krb5_cc_get_full_name(ctx, tmp_cc, &tmp_ccname); if (kerr != 0) { KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr); goto done; } DEBUG(SSSDBG_TRACE_ALL, ("tmp_ccname: [%s]\n", tmp_ccname)); ret_ccname = talloc_strdup(mem_ctx, tmp_ccname); if (ret_ccname == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed (ENOMEM).\n")); } done: if (tmp_cc != NULL) { kerr = krb5_cc_close(ctx, tmp_cc); if (kerr != 0) { KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr); } } krb5_free_string(ctx, tmp_ccname); return ret_ccname; #else return NULL; #endif /* HAVE_KRB5_CC_COLLECTION */ } sssd-1.11.5/src/util/PaxHeaders.13173/sss_selinux.c0000644000000000000000000000007312320753107020041 xustar000000000000000030 atime=1396954939.277891423 29 ctime=1396954961.68287493 sssd-1.11.5/src/util/sss_selinux.c0000664002412700241270000002014312320753107020264 0ustar00jhrozekjhrozek00000000000000/* SSSD SELinux-related utility functions Authors: Jan Zeleny Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/sss_selinux.h" #include "util/sss_utf8.h" #include "db/sysdb_selinux.h" static bool match_entity(struct ldb_message_element *values, struct ldb_message_element *sought_values) { int i, j; for (i = 0; i < values->num_values; i++) { for (j = 0; j < sought_values->num_values; j++) { if (values->values[i].length != sought_values->values[j].length) { continue; } if (strncasecmp((char *)values->values[i].data, (char *)sought_values->values[j].data, values->values[i].length) == 0) return true; } } return false; } bool sss_selinux_match(struct sysdb_attrs *usermap, struct sysdb_attrs *user, struct sysdb_attrs *host, uint32_t *_priority) { struct ldb_message_element *users_el = NULL; struct ldb_message_element *usercat = NULL; struct ldb_message_element *hosts_el = NULL; struct ldb_message_element *hostcat = NULL; struct ldb_message_element *dn; struct ldb_message_element *memberof; int i; uint32_t priority = 0; bool matched_name; bool matched_group; bool matched_category; errno_t ret; if (usermap == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("NULL given as usermap! Skipping ...\n")); return false; } /* Search for user and host related elements */ for (i = 0; i < usermap->num; i++) { if (!strcasecmp(usermap->a[i].name, SYSDB_ORIG_MEMBER_USER)) { users_el = &usermap->a[i]; } else if (!strcasecmp(usermap->a[i].name, SYSDB_ORIG_MEMBER_HOST)) { hosts_el = &usermap->a[i]; } else if (!strcasecmp(usermap->a[i].name, SYSDB_USER_CATEGORY)) { usercat = &usermap->a[i]; } else if (!strcasecmp(usermap->a[i].name, SYSDB_HOST_CATEGORY)) { hostcat = &usermap->a[i]; } } if (user) { ret = sysdb_attrs_get_el(user, SYSDB_ORIG_DN, &dn); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("User does not have origDN\n")); return false; } ret = sysdb_attrs_get_el(user, SYSDB_ORIG_MEMBEROF, &memberof); if (ret != EOK) { DEBUG(SSSDBG_TRACE_ALL, ("User does not have orig memberof, " "therefore it can't match to any rule\n")); return false; } /** * The rule won't match if user category != "all" and user map doesn't * contain neither user nor any of his groups in memberUser attribute */ matched_category = false; if (usercat != NULL) { for (i = 0; i < usercat->num_values; i++) { if (strcasecmp((char *)usercat->values[i].data, "all") == 0) { matched_category = true; break; } } } if (!matched_category) { if (users_el == NULL) { DEBUG(SSSDBG_TRACE_ALL, ("No users specified in the rule!\n")); return false; } else { matched_name = match_entity(users_el, dn); matched_group = match_entity(users_el, memberof); if (matched_name) { priority |= SELINUX_PRIORITY_USER_NAME; } else if (matched_group) { priority |= SELINUX_PRIORITY_USER_GROUP; } else { DEBUG(SSSDBG_TRACE_ALL, ("User did not match\n")); return false; } } } else { priority |= SELINUX_PRIORITY_USER_CAT; } } if (host) { ret = sysdb_attrs_get_el(host, SYSDB_ORIG_DN, &dn); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Host does not have origDN\n")); return false; } ret = sysdb_attrs_get_el(host, SYSDB_ORIG_MEMBEROF, &memberof); if (ret != EOK) { DEBUG(SSSDBG_TRACE_ALL, ("Host does not have orig memberof, " "therefore it can't match to any rule\n")); return false; } /** * The rule won't match if host category != "all" and user map doesn't * contain neither host nor any of its groups in memberHost attribute */ matched_category = false; if (hostcat != NULL) { for (i = 0; i < hostcat->num_values; i++) { if (strcasecmp((char *)hostcat->values[i].data, "all") == 0) { matched_category = true; break; } } } if (!matched_category) { if (hosts_el == NULL) { DEBUG(SSSDBG_TRACE_ALL, ("No users specified in the rule!\n")); return false; } else { matched_name = match_entity(hosts_el, dn); matched_group = match_entity(hosts_el, memberof); if (matched_name) { priority |= SELINUX_PRIORITY_HOST_NAME; } else if (matched_group) { priority |= SELINUX_PRIORITY_HOST_GROUP; } else { DEBUG(SSSDBG_TRACE_ALL, ("Host did not match\n")); return false; } } } else { priority |= SELINUX_PRIORITY_HOST_CAT; } } if (_priority != NULL) { *_priority = priority; } return true; } errno_t sss_selinux_extract_user(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *username, struct sysdb_attrs **_user_attrs) { TALLOC_CTX *tmp_ctx; const char **attrs; struct sysdb_attrs *user_attrs; struct ldb_message *user_msg; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } attrs = talloc_array(tmp_ctx, const char *, 3); if (attrs == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_array failed.\n")); ret = ENOMEM; goto done; } attrs[0] = SYSDB_ORIG_DN; attrs[1] = SYSDB_ORIG_MEMBEROF; attrs[2] = NULL; ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, username, attrs, &user_msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_user_by_name failed.\n")); goto done; } user_attrs = talloc_zero(tmp_ctx, struct sysdb_attrs); if (user_attrs == NULL) { ret = ENOMEM; goto done; } user_attrs->a = talloc_steal(user_attrs, user_msg->elements); user_attrs->num = user_msg->num_elements; *_user_attrs = talloc_steal(mem_ctx, user_attrs); ret = EOK; done: talloc_free(tmp_ctx); return ret; } const char *sss_selinux_map_get_seuser(struct sysdb_attrs *usermap) { int i; const uint8_t *name; const uint8_t *template = (const uint8_t *)SYSDB_SELINUX_USER; for (i = 0; i < usermap->num; i++) { name = (const uint8_t *)usermap->a[i].name; if (sss_utf8_case_eq(name, template) == 0) { return (const char *)usermap->a[i].values[0].data; } } return NULL; } sssd-1.11.5/src/util/PaxHeaders.13173/refcount.c0000644000000000000000000000007412320753107017310 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.678874933 sssd-1.11.5/src/util/refcount.c0000664002412700241270000000407712320753107017542 0ustar00jhrozekjhrozek00000000000000/* SSSD Simple reference counting wrappers for talloc. Authors: Martin Nagy Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "refcount.h" #include "util/util.h" struct wrapper { int *refcount; void *ptr; }; static int refcount_destructor(struct wrapper *wrapper) { (*wrapper->refcount)--; if (*wrapper->refcount == 0) { talloc_free(wrapper->ptr); }; return 0; } void * _rc_alloc(const void *context, size_t size, size_t refcount_offset, const char *type_name) { struct wrapper *wrapper; wrapper = talloc(context, struct wrapper); if (wrapper == NULL) { return NULL; } wrapper->ptr = talloc_named_const(NULL, size, type_name); if (wrapper->ptr == NULL) { talloc_free(wrapper); return NULL; }; wrapper->refcount = (int *)((char *)wrapper->ptr + refcount_offset); *wrapper->refcount = 1; talloc_set_destructor(wrapper, refcount_destructor); return wrapper->ptr; } void * _rc_reference(const void *context, size_t refcount_offset, void *source) { struct wrapper *wrapper; wrapper = talloc(context, struct wrapper); if (wrapper == NULL) { return NULL; } wrapper->ptr = source; wrapper->refcount = (int *)((char *)wrapper->ptr + refcount_offset); (*wrapper->refcount)++; talloc_set_destructor(wrapper, refcount_destructor); return wrapper->ptr; } sssd-1.11.5/src/util/PaxHeaders.13173/user_info_msg.c0000644000000000000000000000007412320753107020322 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.559875021 sssd-1.11.5/src/util/user_info_msg.c0000664002412700241270000000324512320753107020550 0ustar00jhrozekjhrozek00000000000000/* SSSD Pack user info messages Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "sss_client/sss_cli.h" errno_t pack_user_info_chpass_error(TALLOC_CTX *mem_ctx, const char *user_error_message, size_t *resp_len, uint8_t **_resp) { uint32_t resp_type = SSS_PAM_USER_INFO_CHPASS_ERROR; size_t err_len; uint8_t *resp; size_t p; err_len = strlen(user_error_message); *resp_len = 2 * sizeof(uint32_t) + err_len; resp = talloc_size(mem_ctx, *resp_len); if (resp == NULL) { DEBUG(1, ("talloc_size failed.\n")); return ENOMEM; } p = 0; SAFEALIGN_SET_UINT32(&resp[p], resp_type, &p); SAFEALIGN_SET_UINT32(&resp[p], err_len, &p); safealign_memcpy(&resp[p], user_error_message, err_len, &p); if (p != *resp_len) { DEBUG(0, ("Size mismatch\n")); } *_resp = resp; return EOK; } sssd-1.11.5/src/util/PaxHeaders.13173/debug.c0000644000000000000000000000007412320753107016551 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.572875011 sssd-1.11.5/src/util/debug.c0000664002412700241270000001501312320753107016773 0ustar00jhrozekjhrozek00000000000000/* Authors: Simo Sorce Stephen Gallagher Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include "util/util.h" const char *debug_prg_name = "sssd"; int debug_level = SSSDBG_UNRESOLVED; int debug_timestamps = SSSDBG_TIMESTAMP_UNRESOLVED; int debug_microseconds = SSSDBG_MICROSECONDS_UNRESOLVED; int debug_to_file = 0; const char *debug_log_file = "sssd"; FILE *debug_file = NULL; errno_t set_debug_file_from_fd(const int fd) { FILE *dummy; errno_t ret; errno = 0; dummy = fdopen(fd, "a"); if (dummy == NULL) { ret = errno; DEBUG(1, ("fdopen failed [%d][%s].\n", ret, strerror(ret))); sss_log(SSS_LOG_ERR, "Could not open debug file descriptor [%d]. " "Debug messages will not be written to the file " "for this child process [%s][%s]\n", fd, debug_prg_name, strerror(ret)); return ret; } debug_file = dummy; return EOK; } int debug_convert_old_level(int old_level) { if ((old_level != 0) && !(old_level & 0x000F)) return old_level; int new_level = SSSDBG_FATAL_FAILURE; if (old_level <= 0) return new_level; if (old_level >= 1) new_level |= SSSDBG_CRIT_FAILURE; if (old_level >= 2) new_level |= SSSDBG_OP_FAILURE; if (old_level >= 3) new_level |= SSSDBG_MINOR_FAILURE; if (old_level >= 4) new_level |= SSSDBG_CONF_SETTINGS; if (old_level >= 5) new_level |= SSSDBG_FUNC_DATA; if (old_level >= 6) new_level |= SSSDBG_TRACE_FUNC; if (old_level >= 7) new_level |= SSSDBG_TRACE_LIBS; if (old_level >= 8) new_level |= SSSDBG_TRACE_INTERNAL; if (old_level >= 9) new_level |= SSSDBG_TRACE_ALL; return new_level; } void debug_fn(const char *format, ...) { va_list ap; va_start(ap, format); vfprintf(debug_file ? debug_file : stderr, format, ap); fflush(debug_file ? debug_file : stderr); va_end(ap); } int debug_get_level(int old_level) { if ((old_level != 0) && !(old_level & 0x000F)) return old_level; if ((old_level > 9) || (old_level < 0)) return SSSDBG_FATAL_FAILURE; int levels[] = { SSSDBG_FATAL_FAILURE, /* 0 */ SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL /* 9 */ }; return levels[old_level]; } void ldb_debug_messages(void *context, enum ldb_debug_level level, const char *fmt, va_list ap) { int loglevel = SSSDBG_UNRESOLVED; int ret; char * message = NULL; switch(level) { case LDB_DEBUG_FATAL: loglevel = SSSDBG_FATAL_FAILURE; break; case LDB_DEBUG_ERROR: loglevel = SSSDBG_CRIT_FAILURE; break; case LDB_DEBUG_WARNING: loglevel = SSSDBG_TRACE_FUNC; break; case LDB_DEBUG_TRACE: loglevel = SSSDBG_TRACE_ALL; break; } ret = vasprintf(&message, fmt, ap); if (ret < 0) { /* ENOMEM */ return; } DEBUG_MSG(loglevel, "ldb", message); free(message); } int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec) { FILE *f = NULL; char *logpath; const char *log_file; mode_t old_umask; int ret; int debug_fd; int flags; if (filename == NULL) { log_file = debug_log_file; } else { log_file = filename; } ret = asprintf(&logpath, "%s/%s.log", LOG_PATH, log_file); if (ret == -1) { return ENOMEM; } if (debug_file && !filep) fclose(debug_file); old_umask = umask(0177); errno = 0; f = fopen(logpath, "a"); if (f == NULL) { sss_log(SSS_LOG_EMERG, "Could not open file [%s]. Error: [%d][%s]\n", logpath, errno, strerror(errno)); free(logpath); return EIO; } umask(old_umask); debug_fd = fileno(f); if (debug_fd == -1) { fclose(f); free(logpath); return EIO; } if(want_cloexec) { flags = fcntl(debug_fd, F_GETFD, 0); (void) fcntl(debug_fd, F_SETFD, flags | FD_CLOEXEC); } if (filep == NULL) { debug_file = f; } else { *filep = f; } free(logpath); return EOK; } int open_debug_file(void) { return open_debug_file_ex(NULL, NULL, true); } int rotate_debug_files(void) { int ret; errno_t error; if (!debug_to_file) return EOK; do { error = 0; ret = fclose(debug_file); if (ret != 0) { error = errno; } /* Check for EINTR, which means we should retry * because the system call was interrupted by a * signal */ } while (error == EINTR); if (error != 0) { /* Even if we were unable to close the debug log, we need to make * sure that we open up a new one. Log rotation will remove the * current file, so all debug messages will be disappearing. * * We should write an error to the syslog warning of the resource * leak and then proceed with opening the new file. */ sss_log(SSS_LOG_ALERT, "Could not close debug file [%s]. [%d][%s]\n", debug_log_file, error, strerror(error)); sss_log(SSS_LOG_ALERT, "Attempting to open new file anyway. " "Be aware that this is a resource leak\n"); } debug_file = NULL; return open_debug_file(); } void talloc_log_fn(const char *message) { DEBUG(SSSDBG_FATAL_FAILURE, ("%s", message)); } sssd-1.11.5/src/util/PaxHeaders.13173/sss_ini.c0000644000000000000000000000007412320753107017132 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.685874928 sssd-1.11.5/src/util/sss_ini.c0000664002412700241270000003127312320753107017362 0ustar00jhrozekjhrozek00000000000000/* SSSD sss_ini.c Authors: Ondrej Kos Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "config.h" #include "util/util.h" #include "util/sss_ini.h" #include "confdb/confdb_setup.h" #include "confdb/confdb_private.h" #ifdef HAVE_LIBINI_CONFIG_V1 #include "ini_configobj.h" #elif HAVE_LIBINI_CONFIG_V0 #include "collection.h" #include "collection_tools.h" #else #error "Unsupported libini version" #endif #include "ini_config.h" #ifdef HAVE_LIBINI_CONFIG_V1 struct sss_ini_initdata { char **error_list; struct ini_cfgobj *sssd_config; struct value_obj *obj; const struct stat *cstat; struct ini_cfgfile *file; }; #define sss_ini_get_sec_list ini_get_section_list #define sss_ini_get_attr_list ini_get_attribute_list #define sss_ini_get_const_string_config_value ini_get_const_string_config_value #define sss_ini_get_config_obj ini_get_config_valueobj #elif HAVE_LIBINI_CONFIG_V0 struct sss_ini_initdata { struct collection_item *error_list; struct collection_item *sssd_config; struct collection_item *obj; struct stat cstat; int file; }; #define sss_ini_get_sec_list get_section_list #define sss_ini_get_attr_list get_attribute_list #define sss_ini_get_const_string_config_value get_const_string_config_value #define sss_ini_get_config_obj(secs,attrs,cfg,flag,attr) \ get_config_item(secs,attrs,cfg,attr) #endif /* Initialize data structure */ struct sss_ini_initdata* sss_ini_initdata_init(TALLOC_CTX *mem_ctx) { return talloc_zero(mem_ctx, struct sss_ini_initdata); } /* Close file descriptor */ void sss_ini_close_file(struct sss_ini_initdata *init_data) { if (init_data == NULL) return; #ifdef HAVE_LIBINI_CONFIG_V1 if (init_data->file != NULL) { ini_config_file_destroy(init_data->file); init_data->file = NULL; } #elif HAVE_LIBINI_CONFIG_V0 if (init_data->file != -1) { close(init_data->file); init_data->file = -1; } #endif } /* Open configuration file */ int sss_ini_config_file_open(struct sss_ini_initdata *init_data, const char *config_file) { #ifdef HAVE_LIBINI_CONFIG_V1 return ini_config_file_open(config_file, INI_META_STATS, &init_data->file); #elif HAVE_LIBINI_CONFIG_V0 return check_and_open_readonly(config_file, &init_data->file, 0, 0, (S_IRUSR|S_IWUSR), CHECK_REG); #endif } /* Check configuration file permissions */ int sss_ini_config_access_check(struct sss_ini_initdata *init_data) { #ifdef HAVE_LIBINI_CONFIG_V1 return ini_config_access_check(init_data->file, INI_ACCESS_CHECK_MODE | INI_ACCESS_CHECK_UID | INI_ACCESS_CHECK_GID, 0, /* owned by root */ 0, /* owned by root */ (S_IRUSR|S_IWUSR), /* rw------- */ 0); /* check all there parts */ #elif HAVE_LIBINI_CONFIG_V0 return EOK; #endif } /* Get cstat */ int sss_ini_get_stat(struct sss_ini_initdata *init_data) { #ifdef HAVE_LIBINI_CONFIG_V1 init_data->cstat = ini_config_get_stat(init_data->file); if (!init_data->cstat) return EIO; return EOK; #elif HAVE_LIBINI_CONFIG_V0 return fstat(init_data->file, &init_data->cstat); #endif } /* Get mtime */ int sss_ini_get_mtime(struct sss_ini_initdata *init_data, size_t timestr_len, char *timestr) { #ifdef HAVE_LIBINI_CONFIG_V1 return snprintf(timestr, timestr_len, "%llu", (long long unsigned)init_data->cstat->st_mtime); #elif HAVE_LIBINI_CONFIG_V0 return snprintf(timestr, timestr_len, "%llu", (long long unsigned)init_data->cstat.st_mtime); #endif } /* Print ini_config errors */ void sss_ini_config_print_errors(char **error_list) { #ifdef HAVE_LIBINI_CONFIG_V1 unsigned count = 0; if (!error_list) { return; } while (error_list[count]) { DEBUG(SSSDBG_CRIT_FAILURE, ("%s\n", error_list[count])); count++; } #endif return; } /* Load configuration */ int sss_ini_get_config(struct sss_ini_initdata *init_data, const char *config_file) { int ret; #ifdef HAVE_LIBINI_CONFIG_V1 /* Create config object */ ret = ini_config_create(&(init_data->sssd_config)); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to create config object. Error %d.\n", ret)); return ret; } /* Parse file */ ret = ini_config_parse(init_data->file, INI_STOP_ON_ANY, INI_MV1S_OVERWRITE, INI_PARSE_NOWRAP, init_data->sssd_config); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to parse configuration. Error %d.\n", ret)); if (ini_config_error_count(init_data->sssd_config)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Errors detected while parsing: %s\n", ini_config_get_filename(init_data->file))); ini_config_get_errors(init_data->sssd_config, &init_data->error_list); sss_ini_config_print_errors(init_data->error_list); ini_config_free_errors(init_data->error_list); } ini_config_destroy(init_data->sssd_config); init_data->sssd_config = NULL; return ret; } return ret; #elif HAVE_LIBINI_CONFIG_V0 /* Read the configuration into a collection */ ret = config_from_fd("sssd", init_data->file, config_file, &init_data->sssd_config, INI_STOP_ON_ANY, &init_data->error_list); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Parse error reading configuration file [%s]\n", config_file)); print_file_parsing_errors(stderr, init_data->error_list); free_ini_config_errors(init_data->error_list); free_ini_config(init_data->sssd_config); return ret; } return EOK; #endif } /* Get configuration object */ int sss_ini_get_cfgobj(struct sss_ini_initdata *init_data, const char *section, const char *name) { return sss_ini_get_config_obj(section,name, init_data->sssd_config, INI_GET_FIRST_VALUE, &init_data->obj); } /* Check configuration object */ int sss_ini_check_config_obj(struct sss_ini_initdata *init_data) { if (init_data->obj == NULL) { return ENOENT; } return EOK; } /* Get integer value */ int sss_ini_get_int_config_value(struct sss_ini_initdata *init_data, int strict, int def, int *error) { #ifdef HAVE_LIBINI_CONFIG_V1 return ini_get_int_config_value(init_data->obj, strict, def, error); #elif HAVE_LIBINI_CONFIG_V0 return get_int_config_value(init_data->obj, strict, def, error); #endif } /* Destroy ini config (v1) */ void sss_ini_config_destroy(struct sss_ini_initdata *init_data) { if (init_data == NULL) return; #ifdef HAVE_LIBINI_CONFIG_V1 if (init_data->sssd_config != NULL) { ini_config_destroy(init_data->sssd_config); init_data->sssd_config = NULL; } #elif HAVE_LIBINI_CONFIG_V0 free_ini_config(init_data->sssd_config); #endif } /* Create LDIF */ int sss_confdb_create_ldif(TALLOC_CTX *mem_ctx, struct sss_ini_initdata *init_data, const char **config_ldif) { int ret, i, j; char *ldif; char *tmp_ldif; char **sections; int section_count; char *dn; char *tmp_dn; char *sec_dn; char **attrs; int attr_count; char *ldif_attr; TALLOC_CTX *tmp_ctx; size_t dn_size; size_t ldif_len; size_t attr_len; #ifdef HAVE_LIBINI_CONFIG_V1 struct value_obj *obj = NULL; #elif HAVE_LIBINI_CONFIG_V0 struct collection_item *obj = NULL; #endif ldif_len = strlen(CONFDB_INTERNAL_LDIF); ldif = talloc_array(mem_ctx, char, ldif_len+1); if (!ldif) return ENOMEM; tmp_ctx = talloc_new(ldif); if (!tmp_ctx) { ret = ENOMEM; goto error; } memcpy(ldif, CONFDB_INTERNAL_LDIF, ldif_len); /* Read in the collection and convert it to an LDIF */ /* Get the list of sections */ sections = sss_ini_get_sec_list(init_data->sssd_config, §ion_count, &ret); if (ret != EOK) { goto error; } for (i = 0; i < section_count; i++) { const char *rdn = NULL; DEBUG(SSSDBG_TRACE_FUNC, ("Processing config section [%s]\n", sections[i])); ret = parse_section(tmp_ctx, sections[i], &sec_dn, &rdn); if (ret != EOK) { goto error; } dn = talloc_asprintf(tmp_ctx, "dn: %s,cn=config\n" "cn: %s\n", sec_dn, rdn); if (!dn) { ret = ENOMEM; free_section_list(sections); goto error; } dn_size = strlen(dn); /* Get all of the attributes and their values as LDIF */ attrs = sss_ini_get_attr_list(init_data->sssd_config, sections[i], &attr_count, &ret); if (ret != EOK) { free_section_list(sections); goto error; } for (j = 0; j < attr_count; j++) { DEBUG(SSSDBG_TRACE_FUNC, ("Processing attribute [%s]\n", attrs[j])); ret = sss_ini_get_config_obj(sections[i], attrs[j], init_data->sssd_config, INI_GET_FIRST_VALUE, &obj); if (ret != EOK) goto error; const char *value = sss_ini_get_const_string_config_value(obj, &ret); if (ret != EOK) goto error; if (value && value[0] == '\0') { DEBUG(SSSDBG_CRIT_FAILURE, ("Attribute '%s' has empty value, ignoring\n", attrs[j])); continue; } ldif_attr = talloc_asprintf(tmp_ctx, "%s: %s\n", attrs[j], value); DEBUG(SSSDBG_TRACE_ALL, ("%s", ldif_attr)); attr_len = strlen(ldif_attr); tmp_dn = talloc_realloc(tmp_ctx, dn, char, dn_size+attr_len+1); if (!tmp_dn) { ret = ENOMEM; free_attribute_list(attrs); free_section_list(sections); goto error; } dn = tmp_dn; memcpy(dn+dn_size, ldif_attr, attr_len+1); dn_size += attr_len; } dn_size ++; tmp_dn = talloc_realloc(tmp_ctx, dn, char, dn_size+1); if (!tmp_dn) { ret = ENOMEM; free_attribute_list(attrs); free_section_list(sections); goto error; } dn = tmp_dn; dn[dn_size-1] = '\n'; dn[dn_size] = '\0'; DEBUG(SSSDBG_TRACE_ALL, ("Section dn\n%s", dn)); tmp_ldif = talloc_realloc(mem_ctx, ldif, char, ldif_len+dn_size+1); if (!tmp_ldif) { ret = ENOMEM; free_attribute_list(attrs); free_section_list(sections); goto error; } ldif = tmp_ldif; memcpy(ldif+ldif_len, dn, dn_size); ldif_len += dn_size; free_attribute_list(attrs); talloc_free(dn); } ldif[ldif_len] = '\0'; free_section_list(sections); *config_ldif = (const char *)ldif; talloc_free(tmp_ctx); return EOK; error: talloc_free(ldif); return ret; } sssd-1.11.5/src/util/PaxHeaders.13173/sss_utf8.h0000644000000000000000000000007412320753107017246 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.426875119 sssd-1.11.5/src/util/sss_utf8.h0000664002412700241270000000237612320753107017500 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef SSS_UTF8_H_ #define SSS_UTF8_H_ #ifdef HAVE_LIBUNISTRING #include #include #elif HAVE_GLIB2 #include #endif #include "util/util.h" #ifndef ENOMATCH #define ENOMATCH -1 #endif void sss_utf8_free(void *ptr); /* The result must be freed with sss_utf8_free() */ uint8_t *sss_utf8_tolower(const uint8_t *s, size_t len, size_t *nlen); bool sss_utf8_check(const uint8_t *s, size_t n); errno_t sss_utf8_case_eq(const uint8_t *s1, const uint8_t *s2); #endif /* SSS_UTF8_H_ */ sssd-1.11.5/src/util/PaxHeaders.13173/domain_info_utils.c0000644000000000000000000000007412320753107021165 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.683874929 sssd-1.11.5/src/util/domain_info_utils.c0000664002412700241270000003732212320753107021416 0ustar00jhrozekjhrozek00000000000000/* Authors: Sumit Bose Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "confdb/confdb.h" #include "db/sysdb.h" #include "util/util.h" /* the directory domain - realm mappings are written to */ #define KRB5_MAPPING_DIR PUBCONF_PATH"/krb5.include.d" struct sss_domain_info *get_domains_head(struct sss_domain_info *domain) { struct sss_domain_info *dom = NULL; /* get to the top level domain */ for (dom = domain; dom->parent != NULL; dom = dom->parent); /* proceed to the list head */ for (; dom->prev != NULL; dom = dom->prev); return dom; } struct sss_domain_info *get_next_domain(struct sss_domain_info *domain, bool descend) { struct sss_domain_info *dom; dom = domain; while (dom) { if (descend && dom->subdomains) { dom = dom->subdomains; } else if (dom->next) { dom = dom->next; } else if (descend && IS_SUBDOMAIN(dom) && dom->parent->next) { dom = dom->parent->next; } else { dom = NULL; } if (dom && !dom->disabled) break; } return dom; } bool subdomain_enumerates(struct sss_domain_info *parent, const char *sd_name) { if (parent->sd_enumerate == NULL || parent->sd_enumerate[0] == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Subdomain_enumerate not set\n")); return false; } if (strcasecmp(parent->sd_enumerate[0], "all") == 0) { return true; } else if (strcasecmp(parent->sd_enumerate[0], "none") == 0) { return false; } else { for (int i=0; parent->sd_enumerate[i]; i++) { if (strcasecmp(parent->sd_enumerate[i], sd_name) == 0) { return true; } } } return false; } struct sss_domain_info *find_subdomain_by_name(struct sss_domain_info *domain, const char *name, bool match_any) { struct sss_domain_info *dom = domain; while (dom && dom->disabled) { dom = get_next_domain(dom, true); } while (dom) { if (strcasecmp(dom->name, name) == 0 || ((match_any == true) && (dom->flat_name != NULL) && (strcasecmp(dom->flat_name, name) == 0))) { return dom; } dom = get_next_domain(dom, true); } return NULL; } struct sss_domain_info *find_subdomain_by_sid(struct sss_domain_info *domain, const char *sid) { struct sss_domain_info *dom = domain; size_t sid_len; size_t dom_sid_len; if (sid == NULL) { return NULL; } sid_len = strlen(sid); while (dom && dom->disabled) { dom = get_next_domain(dom, true); } while (dom) { if (dom->domain_id != NULL) { dom_sid_len = strlen(dom->domain_id); if (strncasecmp(dom->domain_id, sid, dom_sid_len) == 0) { if (dom_sid_len == sid_len) { /* sid is domain sid */ return dom; } /* sid is object sid, check if domain sid is align with * sid first subauthority component */ if (sid[dom_sid_len] == '-') { return dom; } } } dom = get_next_domain(dom, true); } return NULL; } struct sss_domain_info * find_subdomain_by_object_name(struct sss_domain_info *domain, const char *object_name) { TALLOC_CTX *tmp_ctx; struct sss_domain_info *dom = NULL; char *domainname = NULL; char *name = NULL; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return NULL; } ret = sss_parse_name(tmp_ctx, domain->names, object_name, &domainname, &name); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to parse name '%s' [%d]: %s\n", object_name, ret, sss_strerror(ret))); goto done; } if (domainname == NULL) { dom = domain; } else { dom = find_subdomain_by_name(domain, domainname, true); } done: talloc_free(tmp_ctx); return dom; } struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, struct sss_domain_info *parent, const char *name, const char *realm, const char *flat_name, const char *id, bool mpg, bool enumerate, const char *forest) { struct sss_domain_info *dom; DEBUG(SSSDBG_TRACE_FUNC, ("Creating [%s] as subdomain of [%s]!\n", name, parent->name)); dom = talloc_zero(mem_ctx, struct sss_domain_info); if (dom == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero failed.\n")); return NULL; } dom->parent = parent; dom->name = talloc_strdup(dom, name); if (dom->name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy domain name.\n")); goto fail; } dom->provider = talloc_strdup(dom, parent->provider); if (dom->provider == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy provider name.\n")); goto fail; } dom->conn_name = talloc_strdup(dom, parent->conn_name); if (dom->conn_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy connection name.\n")); goto fail; } if (realm != NULL) { dom->realm = talloc_strdup(dom, realm); if (dom->realm == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy realm name.\n")); goto fail; } } if (flat_name != NULL) { dom->flat_name = talloc_strdup(dom, flat_name); if (dom->flat_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy flat name.\n")); goto fail; } } if (id != NULL) { dom->domain_id = talloc_strdup(dom, id); if (dom->domain_id == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy id.\n")); goto fail; } } if (forest != NULL) { dom->forest = talloc_strdup(dom, forest); if (dom->forest == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy forest.\n")); goto fail; } } dom->enumerate = enumerate; dom->fqnames = true; dom->mpg = mpg; /* If the parent domain explicitly limits ID ranges, the subdomain * should honour the limits as well. */ dom->id_min = parent->id_min ? parent->id_min : 0; dom->id_max = parent->id_max ? parent->id_max : 0xffffffff; dom->pwd_expiration_warning = parent->pwd_expiration_warning; dom->cache_credentials = parent->cache_credentials; dom->case_sensitive = false; dom->user_timeout = parent->user_timeout; dom->group_timeout = parent->group_timeout; dom->netgroup_timeout = parent->netgroup_timeout; dom->service_timeout = parent->service_timeout; dom->names = parent->names; dom->override_homedir = parent->override_homedir; dom->fallback_homedir = parent->fallback_homedir; dom->subdomain_homedir = parent->subdomain_homedir; dom->override_shell = parent->override_shell; dom->default_shell = parent->default_shell; if (parent->sysdb == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing sysdb context in parent domain.\n")); goto fail; } dom->sysdb = parent->sysdb; return dom; fail: talloc_free(dom); return NULL; } errno_t sssd_domain_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *domain_name, const char *db_path, struct sss_domain_info **_domain) { int ret; struct sss_domain_info *dom; struct sysdb_ctx *sysdb; ret = confdb_get_domain(cdb, domain_name, &dom); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Error retrieving domain configuration.\n")); return ret; } if (dom->sysdb != NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Sysdb context already initialized.\n")); return EEXIST; } ret = sysdb_domain_init(mem_ctx, dom, db_path, &sysdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Error opening cache database.\n")); return ret; } dom->sysdb = talloc_steal(dom, sysdb); *_domain = dom; return EOK; } static errno_t sss_krb5_touch_config(void) { const char *config = NULL; errno_t ret; config = getenv("KRB5_CONFIG"); if (config == NULL) { config = KRB5_CONF_PATH; } ret = utime(config, NULL); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change mtime of \"%s\" " "[%d]: %s\n", config, ret, strerror(ret))); return ret; } return EOK; } errno_t sss_write_domain_mappings(struct sss_domain_info *domain, bool add_capaths) { struct sss_domain_info *dom; struct sss_domain_info *parent_dom; errno_t ret; errno_t err; TALLOC_CTX *tmp_ctx; const char *mapping_file; char *sanitized_domain; char *tmp_file = NULL; int fd = -1; mode_t old_mode; FILE *fstream = NULL; int i; bool capaths_started; char *uc_forest; char *uc_parent; if (domain == NULL || domain->name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n")); return EINVAL; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; sanitized_domain = talloc_strdup(tmp_ctx, domain->name); if (sanitized_domain == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n")); return ENOMEM; } /* only alpha-numeric chars, dashes and underscores are allowed in * krb5 include directory */ for (i = 0; sanitized_domain[i] != '\0'; i++) { if (!isalnum(sanitized_domain[i]) && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') { sanitized_domain[i] = '_'; } } mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s", KRB5_MAPPING_DIR, sanitized_domain); if (!mapping_file) { ret = ENOMEM; goto done; } DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n", domain->name, mapping_file)); tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file); if (tmp_file == NULL) { ret = ENOMEM; goto done; } old_mode = umask(077); fd = mkstemp(tmp_file); umask(old_mode); if (fd < 0) { DEBUG(SSSDBG_OP_FAILURE, ("creating the temp file [%s] for domain-realm " "mappings failed.", tmp_file)); ret = EIO; talloc_zfree(tmp_ctx); goto done; } fstream = fdopen(fd, "a"); if (!fstream) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("fdopen failed [%d]: %s\n", ret, strerror(ret))); ret = close(fd); if (ret != 0) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("fclose failed [%d][%s].\n", ret, strerror(ret))); /* Nothing to do here, just report the failure */ } ret = EIO; goto done; } ret = fprintf(fstream, "[domain_realm]\n"); if (ret < 0) { DEBUG(SSSDBG_OP_FAILURE, ("fprintf failed\n")); ret = EIO; goto done; } for (dom = get_next_domain(domain, true); dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */ dom = get_next_domain(dom, false)) { ret = fprintf(fstream, ".%s = %s\n%s = %s\n", dom->name, dom->realm, dom->name, dom->realm); if (ret < 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("fprintf failed\n")); goto done; } } if (add_capaths) { capaths_started = false; parent_dom = domain; uc_parent = get_uppercase_realm(tmp_ctx, parent_dom->name); if (uc_parent == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n")); ret = ENOMEM; goto done; } for (dom = get_next_domain(domain, true); dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */ dom = get_next_domain(dom, false)) { if (dom->forest == NULL) { continue; } uc_forest = get_uppercase_realm(tmp_ctx, dom->forest); if (uc_forest == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n")); ret = ENOMEM; goto done; } if (!capaths_started) { ret = fprintf(fstream, "[capaths]\n"); if (ret < 0) { DEBUG(SSSDBG_OP_FAILURE, ("fprintf failed\n")); ret = EIO; goto done; } capaths_started = true; } ret = fprintf(fstream, "%s = {\n %s = %s\n}\n%s = {\n %s = %s\n}\n", dom->realm, uc_parent, uc_forest, uc_parent, dom->realm, uc_forest); if (ret < 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("fprintf failed\n")); goto done; } } } ret = fclose(fstream); fstream = NULL; if (ret != 0) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("fclose failed [%d][%s].\n", ret, strerror(ret))); goto done; } ret = rename(tmp_file, mapping_file); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("rename failed [%d][%s].\n", ret, strerror(ret))); goto done; } talloc_zfree(tmp_file); ret = chmod(mapping_file, 0644); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("fchmod failed [%d][%s].\n", ret, strerror(ret))); goto done; } ret = EOK; done: err = sss_krb5_touch_config(); if (err != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change last modification time " "of krb5.conf. Created mappings may not be loaded.\n")); /* Ignore */ } if (fstream) { err = fclose(fstream); if (err != 0) { err = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("fclose failed [%d][%s].\n", err, strerror(err))); /* Nothing to do here, just report the failure */ } } if (tmp_file) { err = unlink(tmp_file); if (err < 0) { err = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("Could not remove file [%s]: [%d]: %s", tmp_file, err, strerror(err))); } } talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/util/PaxHeaders.13173/child_common.c0000644000000000000000000000007412320753107020116 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.564875017 sssd-1.11.5/src/util/child_common.c0000664002412700241270000005140312320753107020343 0ustar00jhrozekjhrozek00000000000000/* SSSD Common helper functions to be used in child processes Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "util/find_uid.h" #include "db/sysdb.h" #include "util/child_common.h" struct sss_sigchild_ctx { struct tevent_context *ev; hash_table_t *children; int options; }; struct sss_child_ctx { pid_t pid; sss_child_fn_t cb; void *pvt; struct sss_sigchild_ctx *sigchld_ctx; }; errno_t sss_sigchld_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sss_sigchild_ctx **child_ctx) { errno_t ret; struct sss_sigchild_ctx *sigchld_ctx; struct tevent_signal *tes; sigchld_ctx = talloc_zero(mem_ctx, struct sss_sigchild_ctx); if (!sigchld_ctx) { DEBUG(0, ("fatal error initializing sss_sigchild_ctx\n")); return ENOMEM; } sigchld_ctx->ev = ev; ret = sss_hash_create(sigchld_ctx, 10, &sigchld_ctx->children); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing children hash table: [%s]\n", strerror(ret))); talloc_free(sigchld_ctx); return ret; } BlockSignals(false, SIGCHLD); tes = tevent_add_signal(ev, sigchld_ctx, SIGCHLD, SA_SIGINFO, sss_child_handler, sigchld_ctx); if (tes == NULL) { talloc_free(sigchld_ctx); return EIO; } *child_ctx = sigchld_ctx; return EOK; } static int sss_child_destructor(void *ptr) { struct sss_child_ctx *child_ctx; hash_key_t key; int error; child_ctx = talloc_get_type(ptr, struct sss_child_ctx); key.type = HASH_KEY_ULONG; key.ul = child_ctx->pid; error = hash_delete(child_ctx->sigchld_ctx->children, &key); if (error != HASH_SUCCESS && error != HASH_ERROR_KEY_NOT_FOUND) { DEBUG(SSSDBG_TRACE_INTERNAL, ("failed to delete child_ctx from hash table [%d]: %s\n", error, hash_error_string(error))); } return 0; } errno_t sss_child_register(TALLOC_CTX *mem_ctx, struct sss_sigchild_ctx *sigchld_ctx, pid_t pid, sss_child_fn_t cb, void *pvt, struct sss_child_ctx **child_ctx) { struct sss_child_ctx *child; hash_key_t key; hash_value_t value; int error; child = talloc_zero(mem_ctx, struct sss_child_ctx); if (child == NULL) { return ENOMEM; } child->pid = pid; child->cb = cb; child->pvt = pvt; child->sigchld_ctx = sigchld_ctx; key.type = HASH_KEY_ULONG; key.ul = pid; value.type = HASH_VALUE_PTR; value.ptr = child; error = hash_enter(sigchld_ctx->children, &key, &value); if (error != HASH_SUCCESS) { talloc_free(child); return ENOMEM; } talloc_set_destructor((TALLOC_CTX *) child, sss_child_destructor); *child_ctx = child; return EOK; } struct sss_child_cb_pvt { struct sss_child_ctx *child_ctx; int wait_status; }; static void sss_child_invoke_cb(struct tevent_context *ev, struct tevent_immediate *imm, void *pvt) { struct sss_child_cb_pvt *cb_pvt; struct sss_child_ctx *child_ctx; hash_key_t key; int error; cb_pvt = talloc_get_type(pvt, struct sss_child_cb_pvt); child_ctx = cb_pvt->child_ctx; key.type = HASH_KEY_ULONG; key.ul = child_ctx->pid; error = hash_delete(child_ctx->sigchld_ctx->children, &key); if (error != HASH_SUCCESS && error != HASH_ERROR_KEY_NOT_FOUND) { DEBUG(SSSDBG_OP_FAILURE, ("failed to delete child_ctx from hash table [%d]: %s\n", error, hash_error_string(error))); } if (child_ctx->cb) { child_ctx->cb(child_ctx->pid, cb_pvt->wait_status, child_ctx->pvt); } talloc_free(imm); } void sss_child_handler(struct tevent_context *ev, struct tevent_signal *se, int signum, int count, void *siginfo, void *private_data) { struct sss_sigchild_ctx *sigchld_ctx; struct tevent_immediate *imm; struct sss_child_cb_pvt *invoke_pvt; struct sss_child_ctx *child_ctx; hash_key_t key; hash_value_t value; int error; int wait_status; pid_t pid; sigchld_ctx = talloc_get_type(private_data, struct sss_sigchild_ctx); key.type = HASH_KEY_ULONG; do { do { errno = 0; pid = waitpid(-1, &wait_status, WNOHANG | sigchld_ctx->options); } while (pid == -1 && errno == EINTR); if (pid == -1) { DEBUG(SSSDBG_TRACE_INTERNAL, ("waitpid failed [%d]: %s\n", errno, strerror(errno))); return; } else if (pid == 0) continue; key.ul = pid; error = hash_lookup(sigchld_ctx->children, &key, &value); if (error == HASH_SUCCESS) { child_ctx = talloc_get_type(value.ptr, struct sss_child_ctx); imm = tevent_create_immediate(child_ctx); if (imm == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory invoking SIGCHLD callback\n")); return; } invoke_pvt = talloc_zero(child_ctx, struct sss_child_cb_pvt); if (invoke_pvt == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("out of memory invoking SIGCHLD callback\n")); return; } invoke_pvt->child_ctx = child_ctx; invoke_pvt->wait_status = wait_status; tevent_schedule_immediate(imm, sigchld_ctx->ev, sss_child_invoke_cb, invoke_pvt); } else if (error == HASH_ERROR_KEY_NOT_FOUND) { DEBUG(SSSDBG_TRACE_LIBS, ("BUG: waitpid() returned [%d] but it was not in the table. " "This could be due to a linked library creating processes " "without registering them with the sigchld handler\n", pid)); /* We will simply ignore this and return to the loop * This will prevent a zombie, but may cause unexpected * behavior in the code that was trying to handle this * pid. */ } else { DEBUG(SSSDBG_OP_FAILURE, ("SIGCHLD hash table error [%d]: %s\n", error, hash_error_string(error))); /* This is bad, but we should try to check for other * children anyway, to avoid potential zombies. */ } } while (pid != 0); } struct sss_child_ctx_old { struct tevent_signal *sige; pid_t pid; int child_status; sss_child_callback_t cb; void *pvt; }; int child_handler_setup(struct tevent_context *ev, int pid, sss_child_callback_t cb, void *pvt, struct sss_child_ctx_old **_child_ctx) { struct sss_child_ctx_old *child_ctx; DEBUG(8, ("Setting up signal handler up for pid [%d]\n", pid)); child_ctx = talloc_zero(ev, struct sss_child_ctx_old); if (child_ctx == NULL) { return ENOMEM; } child_ctx->sige = tevent_add_signal(ev, child_ctx, SIGCHLD, SA_SIGINFO, child_sig_handler, child_ctx); if(!child_ctx->sige) { /* Error setting up signal handler */ talloc_free(child_ctx); return ENOMEM; } child_ctx->pid = pid; child_ctx->cb = cb; child_ctx->pvt = pvt; DEBUG(8, ("Signal handler set up for pid [%d]\n", pid)); if (_child_ctx != NULL) { *_child_ctx = child_ctx; } return EOK; } void child_handler_destroy(struct sss_child_ctx_old *ctx) { errno_t ret; /* We still want to wait for the child to finish, but the caller is not * interested in the result anymore (e.g. timeout was reached). */ ctx->cb = NULL; ctx->pvt = NULL; ret = kill(ctx->pid, SIGKILL); if (ret == -1) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("kill failed [%d][%s].\n", ret, strerror(ret))); } } /* Async communication with the child process via a pipe */ struct write_pipe_state { int fd; uint8_t *buf; size_t len; size_t written; }; static void write_pipe_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *pvt); struct tevent_req *write_pipe_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, uint8_t *buf, size_t len, int fd) { struct tevent_req *req; struct write_pipe_state *state; struct tevent_fd *fde; req = tevent_req_create(mem_ctx, &state, struct write_pipe_state); if (req == NULL) return NULL; state->fd = fd; state->buf = buf; state->len = len; state->written = 0; fde = tevent_add_fd(ev, state, fd, TEVENT_FD_WRITE, write_pipe_handler, req); if (fde == NULL) { DEBUG(1, ("tevent_add_fd failed.\n")); goto fail; } return req; fail: talloc_zfree(req); return NULL; } static void write_pipe_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct write_pipe_state *state = tevent_req_data(req, struct write_pipe_state); errno_t ret; if (flags & TEVENT_FD_READ) { DEBUG(SSSDBG_CRIT_FAILURE, ("write_pipe_done called with TEVENT_FD_READ," " this should not happen.\n")); tevent_req_error(req, EINVAL); return; } errno = 0; state->written = sss_atomic_write_s(state->fd, state->buf, state->len); if (state->written == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("write failed [%d][%s].\n", ret, strerror(ret))); tevent_req_error(req, ret); return; } if (state->len != state->written) { DEBUG(SSSDBG_CRIT_FAILURE, ("Wrote %zu bytes, expected %zu\n", state->written, state->len)); tevent_req_error(req, EIO); return; } DEBUG(SSSDBG_TRACE_FUNC, ("All data has been sent!\n")); tevent_req_done(req); return; } int write_pipe_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } struct read_pipe_state { int fd; uint8_t *buf; size_t len; }; static void read_pipe_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *pvt); struct tevent_req *read_pipe_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, int fd) { struct tevent_req *req; struct read_pipe_state *state; struct tevent_fd *fde; req = tevent_req_create(mem_ctx, &state, struct read_pipe_state); if (req == NULL) return NULL; state->fd = fd; state->buf = NULL; state->len = 0; fde = tevent_add_fd(ev, state, fd, TEVENT_FD_READ, read_pipe_handler, req); if (fde == NULL) { DEBUG(1, ("tevent_add_fd failed.\n")); goto fail; } return req; fail: talloc_zfree(req); return NULL; } static void read_pipe_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct read_pipe_state *state = tevent_req_data(req, struct read_pipe_state); ssize_t size; errno_t err; uint8_t buf[CHILD_MSG_CHUNK]; if (flags & TEVENT_FD_WRITE) { DEBUG(1, ("read_pipe_done called with TEVENT_FD_WRITE," " this should not happen.\n")); tevent_req_error(req, EINVAL); return; } size = sss_atomic_read_s(state->fd, buf, CHILD_MSG_CHUNK); if (size == -1) { err = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("read failed [%d][%s].\n", err, strerror(err))); tevent_req_error(req, err); return; } else if (size > 0) { state->buf = talloc_realloc(state, state->buf, uint8_t, state->len + size); if(!state->buf) { tevent_req_error(req, ENOMEM); return; } safealign_memcpy(&state->buf[state->len], buf, size, &state->len); return; } else if (size == 0) { DEBUG(6, ("EOF received, client finished\n")); tevent_req_done(req); return; } else { DEBUG(SSSDBG_CRIT_FAILURE, ("unexpected return value of read [%zd].\n", size)); tevent_req_error(req, EINVAL); return; } } int read_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, uint8_t **buf, ssize_t *len) { struct read_pipe_state *state; state = tevent_req_data(req, struct read_pipe_state); TEVENT_REQ_RETURN_ON_ERROR(req); *buf = talloc_steal(mem_ctx, state->buf); *len = state->len; return EOK; } /* The pipes to communicate with the child must be nonblocking */ void fd_nonblocking(int fd) { int flags; int ret; flags = fcntl(fd, F_GETFL, 0); if (flags == -1) { ret = errno; DEBUG(1, ("F_GETFL failed [%d][%s].\n", ret, strerror(ret))); return; } if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) { ret = errno; DEBUG(1, ("F_SETFL failed [%d][%s].\n", ret, strerror(ret))); } return; } static void child_invoke_callback(struct tevent_context *ev, struct tevent_immediate *imm, void *pvt); void child_sig_handler(struct tevent_context *ev, struct tevent_signal *sige, int signum, int count, void *__siginfo, void *pvt) { int ret, err; struct sss_child_ctx_old *child_ctx; struct tevent_immediate *imm; if (count <= 0) { DEBUG(0, ("SIGCHLD handler called with invalid child count\n")); return; } child_ctx = talloc_get_type(pvt, struct sss_child_ctx_old); DEBUG(7, ("Waiting for child [%d].\n", child_ctx->pid)); errno = 0; ret = waitpid(child_ctx->pid, &child_ctx->child_status, WNOHANG); if (ret == -1) { err = errno; DEBUG(1, ("waitpid failed [%d][%s].\n", err, strerror(err))); } else if (ret == 0) { DEBUG(1, ("waitpid did not found a child with changed status.\n")); } else { if (WIFEXITED(child_ctx->child_status)) { if (WEXITSTATUS(child_ctx->child_status) != 0) { DEBUG(1, ("child [%d] failed with status [%d].\n", ret, WEXITSTATUS(child_ctx->child_status))); } else { DEBUG(4, ("child [%d] finished successfully.\n", ret)); } } else if (WIFSIGNALED(child_ctx->child_status)) { DEBUG(1, ("child [%d] was terminated by signal [%d].\n", ret, WTERMSIG(child_ctx->child_status))); } else { if (WIFSTOPPED(child_ctx->child_status)) { DEBUG(7, ("child [%d] was stopped by signal [%d].\n", ret, WSTOPSIG(child_ctx->child_status))); } if (WIFCONTINUED(child_ctx->child_status)) { DEBUG(7, ("child [%d] was resumed by delivery of SIGCONT.\n", ret)); } return; } /* Invoke the callback in a tevent_immediate handler * so that it is safe to free the tevent_signal * */ imm = tevent_create_immediate(child_ctx); if (imm == NULL) { DEBUG(0, ("Out of memory invoking sig handler callback\n")); return; } tevent_schedule_immediate(imm, ev, child_invoke_callback, child_ctx); } return; } static void child_invoke_callback(struct tevent_context *ev, struct tevent_immediate *imm, void *pvt) { struct sss_child_ctx_old *child_ctx = talloc_get_type(pvt, struct sss_child_ctx_old); if (child_ctx->cb) { child_ctx->cb(child_ctx->child_status, child_ctx->sige, child_ctx->pvt); } /* Stop monitoring for this child */ talloc_free(child_ctx); } static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx, int child_debug_fd, const char *binary, char ***_argv) { /* * program name, debug_level, debug_timestamps, * debug_microseconds and NULL */ uint_t argc = 5; char ** argv; errno_t ret = EINVAL; /* Save the current state in case an interrupt changes it */ bool child_debug_to_file = debug_to_file; bool child_debug_timestamps = debug_timestamps; bool child_debug_microseconds = debug_microseconds; if (child_debug_to_file) argc++; /* * program name, debug_level, debug_to_file, debug_timestamps, * debug_microseconds and NULL */ argv = talloc_array(mem_ctx, char *, argc); if (argv == NULL) { DEBUG(1, ("talloc_array failed.\n")); return ENOMEM; } argv[--argc] = NULL; argv[--argc] = talloc_asprintf(argv, "--debug-level=%#.4x", debug_level); if (argv[argc] == NULL) { ret = ENOMEM; goto fail; } if (child_debug_to_file) { argv[--argc] = talloc_asprintf(argv, "--debug-fd=%d", child_debug_fd); if (argv[argc] == NULL) { ret = ENOMEM; goto fail; } } argv[--argc] = talloc_asprintf(argv, "--debug-timestamps=%d", child_debug_timestamps); if (argv[argc] == NULL) { ret = ENOMEM; goto fail; } argv[--argc] = talloc_asprintf(argv, "--debug-microseconds=%d", child_debug_microseconds); if (argv[argc] == NULL) { ret = ENOMEM; goto fail; } argv[--argc] = talloc_strdup(argv, binary); if (argv[argc] == NULL) { ret = ENOMEM; goto fail; } if (argc != 0) { ret = EINVAL; goto fail; } *_argv = argv; return EOK; fail: talloc_free(argv); return ret; } errno_t exec_child(TALLOC_CTX *mem_ctx, int *pipefd_to_child, int *pipefd_from_child, const char *binary, int debug_fd) { int ret; errno_t err; char **argv; close(pipefd_to_child[1]); ret = dup2(pipefd_to_child[0], STDIN_FILENO); if (ret == -1) { err = errno; DEBUG(1, ("dup2 failed [%d][%s].\n", err, strerror(err))); return err; } close(pipefd_from_child[0]); ret = dup2(pipefd_from_child[1], STDOUT_FILENO); if (ret == -1) { err = errno; DEBUG(1, ("dup2 failed [%d][%s].\n", err, strerror(err))); return err; } ret = prepare_child_argv(mem_ctx, debug_fd, binary, &argv); if (ret != EOK) { DEBUG(1, ("prepare_child_argv.\n")); return ret; } execv(binary, argv); err = errno; DEBUG(SSSDBG_OP_FAILURE, ("execv failed [%d][%s].\n", err, strerror(err))); return err; } void child_cleanup(int readfd, int writefd) { int ret; if (readfd != -1) { ret = close(readfd); if (ret != EOK) { ret = errno; DEBUG(1, ("close failed [%d][%s].\n", ret, strerror(ret))); } } if (writefd != -1) { ret = close(writefd); if (ret != EOK) { ret = errno; DEBUG(1, ("close failed [%d][%s].\n", ret, strerror(ret))); } } } sssd-1.11.5/src/util/PaxHeaders.13173/sss_endian.h0000644000000000000000000000007412320753107017616 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.421875123 sssd-1.11.5/src/util/sss_endian.h0000664002412700241270000000304612320753107020043 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Lukas Slebodnik Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef SSS_ENDIAN_H_ #define SSS_ENDIAN_H_ #ifdef HAVE_ENDIAN_H # include #elif defined HAVE_SYS_ENDIAN_H # include #endif /* !HAVE_ENDIAN_H && !HAVE_SYS_ENDIAN_H */ /* Endianness-compatibility for systems running older versions of glibc */ #ifndef le32toh #ifndef HAVE_BYTESWAP_H #error missing le32toh and byteswap.h #else /* defined HAVE_BYTESWAP_H */ #include /* support RHEL5 lack of definitions */ /* Copied from endian.h on glibc 2.15 */ #ifdef __USE_BSD /* Conversion interfaces. */ # if __BYTE_ORDER == __LITTLE_ENDIAN # define le32toh(x) (x) # define htole32(x) (x) # else # define le32toh(x) __bswap_32 (x) # define htole32(x) __bswap_32 (x) # endif #endif /* __USE_BSD */ #endif /* HAVE_BYTESWAP_H */ #endif /* le32toh */ #endif /* SSS_ENDIAN_H_ */ sssd-1.11.5/src/util/PaxHeaders.13173/authtok.c0000644000000000000000000000007412320753107017142 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.681874931 sssd-1.11.5/src/util/authtok.c0000664002412700241270000001223112320753107017363 0ustar00jhrozekjhrozek00000000000000/* SSSD - auth utils Copyright (C) Simo Sorce 2012 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "authtok.h" struct sss_auth_token { enum sss_authtok_type type; uint8_t *data; size_t length; }; enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok) { return tok->type; } size_t sss_authtok_get_size(struct sss_auth_token *tok) { switch (tok->type) { case SSS_AUTHTOK_TYPE_PASSWORD: case SSS_AUTHTOK_TYPE_CCFILE: return tok->length; case SSS_AUTHTOK_TYPE_EMPTY: return 0; } return EINVAL; } uint8_t *sss_authtok_get_data(struct sss_auth_token *tok) { return tok->data; } errno_t sss_authtok_get_password(struct sss_auth_token *tok, const char **pwd, size_t *len) { switch (tok->type) { case SSS_AUTHTOK_TYPE_EMPTY: return ENOENT; case SSS_AUTHTOK_TYPE_PASSWORD: *pwd = (const char *)tok->data; if (len) { *len = tok->length - 1; } return EOK; case SSS_AUTHTOK_TYPE_CCFILE: return EACCES; } return EINVAL; } errno_t sss_authtok_get_ccfile(struct sss_auth_token *tok, const char **ccfile, size_t *len) { switch (tok->type) { case SSS_AUTHTOK_TYPE_EMPTY: return ENOENT; case SSS_AUTHTOK_TYPE_CCFILE: *ccfile = (const char *)tok->data; if (len) { *len = tok->length - 1; } return EOK; case SSS_AUTHTOK_TYPE_PASSWORD: return EACCES; } return EINVAL; } static errno_t sss_authtok_set_string(struct sss_auth_token *tok, enum sss_authtok_type type, const char *context_name, const char *str, size_t len) { size_t size; if (len == 0) { len = strlen(str); } else { while (len > 0 && str[len - 1] == '\0') len--; } if (len == 0) { /* we do not allow zero length typed tokens */ return EINVAL; } size = len + 1; tok->data = talloc_named(tok, size, "%s", context_name); if (!tok->data) { return ENOMEM; } memcpy(tok->data, str, len); tok->data[len] = '\0'; tok->type = type; tok->length = size; return EOK; } void sss_authtok_set_empty(struct sss_auth_token *tok) { switch (tok->type) { case SSS_AUTHTOK_TYPE_EMPTY: return; case SSS_AUTHTOK_TYPE_PASSWORD: safezero(tok->data, tok->length); break; case SSS_AUTHTOK_TYPE_CCFILE: break; } tok->type = SSS_AUTHTOK_TYPE_EMPTY; talloc_zfree(tok->data); tok->length = 0; } errno_t sss_authtok_set_password(struct sss_auth_token *tok, const char *password, size_t len) { sss_authtok_set_empty(tok); return sss_authtok_set_string(tok, SSS_AUTHTOK_TYPE_PASSWORD, "password", password, len); } errno_t sss_authtok_set_ccfile(struct sss_auth_token *tok, const char *ccfile, size_t len) { sss_authtok_set_empty(tok); return sss_authtok_set_string(tok, SSS_AUTHTOK_TYPE_CCFILE, "ccfile", ccfile, len); } errno_t sss_authtok_set(struct sss_auth_token *tok, enum sss_authtok_type type, uint8_t *data, size_t len) { switch (type) { case SSS_AUTHTOK_TYPE_PASSWORD: return sss_authtok_set_password(tok, (const char *)data, len); case SSS_AUTHTOK_TYPE_CCFILE: return sss_authtok_set_ccfile(tok, (const char *)data, len); case SSS_AUTHTOK_TYPE_EMPTY: sss_authtok_set_empty(tok); return EOK; } return EINVAL; } errno_t sss_authtok_copy(struct sss_auth_token *src, struct sss_auth_token *dst) { sss_authtok_set_empty(dst); if (src->type == SSS_AUTHTOK_TYPE_EMPTY) { return EOK; } dst->data = talloc_memdup(dst, src->data, src->length); if (!dst->data) { return ENOMEM; } dst->length = src->length; dst->type = src->type; return EOK; } struct sss_auth_token *sss_authtok_new(TALLOC_CTX *mem_ctx) { struct sss_auth_token *token; token = talloc_zero(mem_ctx, struct sss_auth_token); if (token == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); } return token; } void sss_authtok_wipe_password(struct sss_auth_token *tok) { if (tok->type != SSS_AUTHTOK_TYPE_PASSWORD) { return; } safezero(tok->data, tok->length); } sssd-1.11.5/src/util/PaxHeaders.13173/sss_ldap.c0000644000000000000000000000007412320753107017273 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.561875019 sssd-1.11.5/src/util/sss_ldap.c0000664002412700241270000004211612320753107017521 0ustar00jhrozekjhrozek00000000000000/* Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include "config.h" #include "providers/ldap/sdap.h" #include "util/sss_ldap.h" #include "util/util.h" const char* sss_ldap_err2string(int err) { if (IS_SSSD_ERROR(err)) { return sss_strerror(err); } else { return ldap_err2string(err); } } int sss_ldap_get_diagnostic_msg(TALLOC_CTX *mem_ctx, LDAP *ld, char **_errmsg) { char *errmsg = NULL; int optret; optret = ldap_get_option(ld, SDAP_DIAGNOSTIC_MESSAGE, (void*)&errmsg); if (optret != LDAP_SUCCESS) { return EINVAL; } *_errmsg = talloc_strdup(mem_ctx, errmsg ? errmsg : "unknown error"); ldap_memfree(errmsg); if (*_errmsg == NULL) { return ENOMEM; } return EOK; } int sss_ldap_control_create(const char *oid, int iscritical, struct berval *value, int dupval, LDAPControl **ctrlp) { #ifdef HAVE_LDAP_CONTROL_CREATE return ldap_control_create(oid, iscritical, value, dupval, ctrlp); #else LDAPControl *lc = NULL; if (oid == NULL || ctrlp == NULL) { return LDAP_PARAM_ERROR; } lc = calloc(sizeof(LDAPControl), 1); if (lc == NULL) { return LDAP_NO_MEMORY; } lc->ldctl_oid = strdup(oid); if (lc->ldctl_oid == NULL) { free(lc); return LDAP_NO_MEMORY; } if (value != NULL && value->bv_val != NULL) { if (dupval == 0) { lc->ldctl_value = *value; } else { ber_dupbv(&lc->ldctl_value, value); if (lc->ldctl_value.bv_val == NULL) { free(lc->ldctl_oid); free(lc); return LDAP_NO_MEMORY; } } } lc->ldctl_iscritical = iscritical; *ctrlp = lc; return LDAP_SUCCESS; #endif } #ifdef HAVE_LDAP_INIT_FD struct sdap_async_sys_connect_state { long old_flags; struct tevent_fd *fde; int fd; socklen_t addr_len; struct sockaddr_storage addr; }; static void sdap_async_sys_connect_done(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *priv); static struct tevent_req *sdap_async_sys_connect_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, int fd, const struct sockaddr *addr, socklen_t addr_len) { struct tevent_req *req; struct sdap_async_sys_connect_state *state; long flags; int ret; int fret; flags = fcntl(fd, F_GETFL, 0); if (flags == -1) { DEBUG(1, ("fcntl F_GETFL failed.\n")); return NULL; } req = tevent_req_create(mem_ctx, &state, struct sdap_async_sys_connect_state); if (req == NULL) { DEBUG(1, ("tevent_req_create failed.\n")); return NULL; } state->old_flags = flags; state->fd = fd; state->addr_len = addr_len; memcpy(&state->addr, addr, addr_len); ret = fcntl(fd, F_SETFL, flags | O_NONBLOCK); if (ret != EOK) { DEBUG(1, ("fcntl F_SETFL failed.\n")); goto done; } ret = connect(fd, addr, addr_len); if (ret == EOK) { goto done; } ret = errno; switch(ret) { case EINPROGRESS: case EINTR: state->fde = tevent_add_fd(ev, state, fd, TEVENT_FD_READ | TEVENT_FD_WRITE, sdap_async_sys_connect_done, req); if (state->fde == NULL) { DEBUG(1, ("tevent_add_fd failed.\n")); ret = ENOMEM; goto done; } return req; break; default: DEBUG(1, ("connect failed [%d][%s].\n", ret, strerror(ret))); } done: fret = fcntl(fd, F_SETFL, flags); if (fret != EOK) { DEBUG(1, ("fcntl F_SETFL failed.\n")); } if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void sdap_async_sys_connect_done(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *priv) { struct tevent_req *req = talloc_get_type(priv, struct tevent_req); struct sdap_async_sys_connect_state *state = tevent_req_data(req, struct sdap_async_sys_connect_state); int ret; int fret; errno = 0; ret = connect(state->fd, (struct sockaddr *) &state->addr, state->addr_len); if (ret != EOK) { ret = errno; if (ret == EINPROGRESS || ret == EINTR) { return; /* Try again later */ } DEBUG(1, ("connect failed [%d][%s].\n", ret, strerror(ret))); } talloc_zfree(fde); fret = fcntl(state->fd, F_SETFL, state->old_flags); if (fret != EOK) { DEBUG(1, ("fcntl F_SETFL failed.\n")); } if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } return; } static int sdap_async_sys_connect_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static errno_t set_fd_flags_and_opts(int fd) { int ret; long flags; int dummy = 1; flags = fcntl(fd, F_GETFD, 0); if (flags == -1) { ret = errno; DEBUG(1, ("fcntl F_GETFD failed [%d][%s].\n", ret, strerror(ret))); return ret; } flags = fcntl(fd, F_SETFD, flags| FD_CLOEXEC); if (flags == -1) { ret = errno; DEBUG(1, ("fcntl F_SETFD failed [%d][%s].\n", ret, strerror(ret))); return ret; } /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but * failures are ignored.*/ ret = setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &dummy, sizeof(dummy)); if (ret != 0) { ret = errno; DEBUG(5, ("setsockopt SO_KEEPALIVE failed.[%d][%s].\n", ret, strerror(ret))); } ret = setsockopt(fd, SOL_TCP, TCP_NODELAY, &dummy, sizeof(dummy)); if (ret != 0) { ret = errno; DEBUG(5, ("setsockopt TCP_NODELAY failed.[%d][%s].\n", ret, strerror(ret))); } return EOK; } #define LDAP_PROTO_TCP 1 /* ldap:// */ #define LDAP_PROTO_UDP 2 /* reserved */ #define LDAP_PROTO_IPC 3 /* ldapi:// */ #define LDAP_PROTO_EXT 4 /* user-defined socket/sockbuf */ extern int ldap_init_fd(ber_socket_t fd, int proto, const char *url, LDAP **ld); static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq); static void sdap_async_sys_connect_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt); #endif struct sss_ldap_init_state { LDAP *ldap; int sd; const char *uri; #ifdef HAVE_LDAP_INIT_FD struct tevent_timer *connect_timeout; #endif }; struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *uri, struct sockaddr_storage *addr, int addr_len, int timeout) { int ret = EOK; struct tevent_req *req; struct sss_ldap_init_state *state; req = tevent_req_create(mem_ctx, &state, struct sss_ldap_init_state); if (req == NULL) { DEBUG(1, ("tevent_req_create failed.\n")); return NULL; } state->ldap = NULL; state->uri = uri; #ifdef HAVE_LDAP_INIT_FD struct tevent_req *subreq; struct timeval tv; state->sd = socket(addr->ss_family, SOCK_STREAM, 0); if (state->sd == -1) { ret = errno; DEBUG(1, ("socket failed [%d][%s].\n", ret, strerror(ret))); goto fail; } ret = set_fd_flags_and_opts(state->sd); if (ret != EOK) { DEBUG(1, ("set_fd_flags_and_opts failed.\n")); goto fail; } DEBUG(9, ("Using file descriptor [%d] for LDAP connection.\n", state->sd)); subreq = sdap_async_sys_connect_send(state, ev, state->sd, (struct sockaddr *) addr, addr_len); if (subreq == NULL) { ret = ENOMEM; DEBUG(1, ("sdap_async_sys_connect_send failed.\n")); goto fail; } DEBUG(6, ("Setting %d seconds timeout for connecting\n", timeout)); tv = tevent_timeval_current_ofs(timeout, 0); state->connect_timeout = tevent_add_timer(ev, subreq, tv, sdap_async_sys_connect_timeout, subreq); if (state->connect_timeout == NULL) { DEBUG(1, ("tevent_add_timer failed.\n")); ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, sss_ldap_init_sys_connect_done, req); return req; fail: if(state->sd >= 0) { close(state->sd); } tevent_req_error(req, ret); #else DEBUG(3, ("ldap_init_fd not available, " "will use ldap_initialize with uri [%s].\n", uri)); state->sd = -1; ret = ldap_initialize(&state->ldap, uri); if (ret == LDAP_SUCCESS) { tevent_req_done(req); } else { DEBUG(1, ("ldap_initialize failed [%s].\n", sss_ldap_err2string(ret))); if (ret == LDAP_SERVER_DOWN) { tevent_req_error(req, ETIMEDOUT); } else { tevent_req_error(req, EIO); } } #endif tevent_req_post(req, ev); return req; } #ifdef HAVE_LDAP_INIT_FD static void sdap_async_sys_connect_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { struct tevent_req *connection_request; DEBUG(4, ("The LDAP connection timed out\n")); connection_request = talloc_get_type(pvt, struct tevent_req); tevent_req_error(connection_request, ETIMEDOUT); } static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sss_ldap_init_state *state = tevent_req_data(req, struct sss_ldap_init_state); int ret; int lret; talloc_zfree(state->connect_timeout); ret = sdap_async_sys_connect_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("sdap_async_sys_connect request failed.\n")); goto fail; } /* Initialize LDAP handler */ lret = ldap_init_fd(state->sd, LDAP_PROTO_TCP, state->uri, &state->ldap); if (lret != LDAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("ldap_init_fd failed: %s. [%d][%s]\n", sss_ldap_err2string(lret), state->sd, state->uri)); ret = lret == LDAP_SERVER_DOWN ? ETIMEDOUT : EIO; goto fail; } if (ldap_is_ldaps_url(state->uri)) { lret = ldap_install_tls(state->ldap); if (lret != LDAP_SUCCESS) { if (lret == LDAP_LOCAL_ERROR) { DEBUG(5, ("TLS/SSL already in place.\n")); } else { DEBUG(1, ("ldap_install_tls failed: %s\n", sss_ldap_err2string(lret))); ret = EIO; goto fail; } } } tevent_req_done(req); return; fail: if (state->ldap) { ldap_unbind_ext(state->ldap, NULL, NULL); } else { close(state->sd); } tevent_req_error(req, ret); } #endif int sss_ldap_init_recv(struct tevent_req *req, LDAP **ldap, int *sd) { struct sss_ldap_init_state *state = tevent_req_data(req, struct sss_ldap_init_state); TEVENT_REQ_RETURN_ON_ERROR(req); *ldap = state->ldap; *sd = state->sd; return EOK; } /* * _filter will contain combined filters from all possible search bases * or NULL if it should be empty */ bool sss_ldap_dn_in_search_bases_len(TALLOC_CTX *mem_ctx, const char *dn, struct sdap_search_base **search_bases, char **_filter, int *_match_len) { struct sdap_search_base *base; int basedn_len, dn_len; int len_diff; int i, j; bool base_confirmed = false; bool comma_found = false; bool backslash_found = false; char *filter = NULL; bool ret = false; int match_len; if (dn == NULL) { DEBUG(SSSDBG_FUNC_DATA, ("dn is NULL\n")); ret = false; goto done; } if (search_bases == NULL) { DEBUG(SSSDBG_FUNC_DATA, ("search_bases is NULL\n")); ret = false; goto done; } dn_len = strlen(dn); for (i = 0; search_bases[i] != NULL; i++) { base = search_bases[i]; basedn_len = strlen(base->basedn); if (basedn_len > dn_len) { continue; } len_diff = dn_len - basedn_len; base_confirmed = (strncasecmp(&dn[len_diff], base->basedn, basedn_len) == 0); if (!base_confirmed) { continue; } match_len = basedn_len; switch (base->scope) { case LDAP_SCOPE_BASE: /* dn > base? */ if (len_diff != 0) { continue; } break; case LDAP_SCOPE_ONELEVEL: if (len_diff == 0) { /* Base object doesn't belong to scope=one * search */ continue; } comma_found = false; for (j = 0; j < len_diff - 1; j++) { /* ignore comma before base */ if (dn[j] == '\\') { backslash_found = true; } else if (dn[j] == ',' && !backslash_found) { comma_found = true; break; } else { backslash_found = false; } } /* it has at least one more level */ if (comma_found) { continue; } break; case LDAP_SCOPE_SUBTREE: /* dn length >= base dn length && base_confirmed == true */ break; default: DEBUG(SSSDBG_FUNC_DATA, ("Unsupported scope: %d\n", base->scope)); continue; } /* * If we get here, the dn is valid. * If no filter is set, than return true immediately. * Append filter otherwise. */ ret = true; if (_match_len) { *_match_len = match_len; } if (base->filter == NULL || _filter == NULL) { goto done; } else { filter = talloc_strdup_append(filter, base->filter); if (filter == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup_append() failed\n")); ret = false; goto done; } } } if (_filter != NULL) { if (filter != NULL) { *_filter = talloc_asprintf(mem_ctx, "(|%s)", filter); if (*_filter == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_asprintf_append() failed\n")); ret = false; goto done; } } else { *_filter = NULL; } } done: talloc_free(filter); return ret; } bool sss_ldap_dn_in_search_bases(TALLOC_CTX *mem_ctx, const char *dn, struct sdap_search_base **search_bases, char **_filter) { return sss_ldap_dn_in_search_bases_len(mem_ctx, dn, search_bases, _filter, NULL); } char *sss_ldap_encode_ndr_uint32(TALLOC_CTX *mem_ctx, uint32_t flags) { char hex[9]; /* 4 bytes in hex + terminating zero */ errno_t ret; ret = snprintf(hex, 9, "%08x", flags); if (ret != 8) { return NULL; } return talloc_asprintf(mem_ctx, "\\%c%c\\%c%c\\%c%c\\%c%c", hex[6], hex[7], hex[4], hex[5], hex[2], hex[3], hex[0], hex[1]); } sssd-1.11.5/src/util/PaxHeaders.13173/refcount.h0000644000000000000000000000007412320753107017315 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.429875117 sssd-1.11.5/src/util/refcount.h0000664002412700241270000000411412320753107017537 0ustar00jhrozekjhrozek00000000000000/* SSSD Simple reference counting wrappers for talloc. Authors: Martin Nagy Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __REFCOUNT_H__ #define __REFCOUNT_H__ #include #define REFCOUNT_MEMBER_NAME DO_NOT_TOUCH_THIS_MEMBER_refcount /* * Include this member in your structure in order to be able to use it with * the refcount_* functions. */ #define REFCOUNT_COMMON int REFCOUNT_MEMBER_NAME /* * Allocate a new structure that uses reference counting. The resulting pointer * returned. You must not free the returned pointer manually. It will be freed * when 'ctx' is freed with talloc_free() and no other references are left. */ #define rc_alloc(ctx, type) \ (type *)_rc_alloc(ctx, sizeof(type), offsetof(type, REFCOUNT_MEMBER_NAME), \ #type) /* * Increment the reference count of 'src' and return it back if we are * successful. The reference count will be decremented after 'ctx' has been * released by talloc_free(). The function will return NULL in case of failure. */ #define rc_reference(ctx, type, src) \ (type *)_rc_reference(ctx, offsetof(type, REFCOUNT_MEMBER_NAME), src) /* * These functions should not be used directly. Use the above macros instead. */ void *_rc_alloc(const void *context, size_t size, size_t refcount_offset, const char *type_name); void *_rc_reference(const void *context, size_t refcount_offset, void *source); #endif /* !__REFCOUNT_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/strtonum.h0000644000000000000000000000007412320753107017363 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.420875123 sssd-1.11.5/src/util/strtonum.h0000664002412700241270000000204212320753107017603 0ustar00jhrozekjhrozek00000000000000/* SSSD SSSD Utility functions Copyright (C) Stephen Gallagher 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _STRTONUM_H_ #define _STRTONUM_H_ #include #include #include int32_t strtoint32(const char *nptr, char **endptr, int base); uint32_t strtouint32(const char *nptr, char **endptr, int base); uint16_t strtouint16(const char *nptr, char **endptr, int base); #endif /* _STRTONUM_H_ */ sssd-1.11.5/src/util/PaxHeaders.13173/util_lock.c0000644000000000000000000000007412320753107017450 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.684874928 sssd-1.11.5/src/util/util_lock.c0000664002412700241270000000500712320753107017674 0ustar00jhrozekjhrozek00000000000000/* SSSD util_lock.c Authors: Michal Zidek Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "util/util.h" errno_t sss_br_lock_file(int fd, size_t start, size_t len, int num_tries, useconds_t wait) { int ret; struct flock lock; int retries_left; if (num_tries <= 0) { return EINVAL; } lock.l_type = F_WRLCK; lock.l_whence = SEEK_SET; lock.l_start = start; lock.l_len = len; lock.l_pid = 0; for (retries_left = num_tries; retries_left > 0; retries_left--) { ret = fcntl(fd, F_SETLK, &lock); if (ret == -1) { ret = errno; if (ret == EACCES || ret == EAGAIN || ret == EINTR) { DEBUG(SSSDBG_TRACE_FUNC, ("Failed to lock file. Retries left: %d\n", retries_left - 1)); if ((ret == EACCES || ret == EAGAIN) && (retries_left <= 1)) { /* File is locked by someone else. Return EACCESS * if this is the last try. */ return EACCES; } if (retries_left - 1 > 0) { ret = usleep(wait); if (ret == -1) { DEBUG(SSSDBG_MINOR_FAILURE, ("usleep() failed -> ignoring\n")); } } } else { /* Error occurred */ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to lock file.\n")); return ret; } } else if (ret == 0) { /* File successfuly locked */ break; } } if (retries_left == 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to lock file.\n")); return ret; } return EOK; } sssd-1.11.5/src/util/PaxHeaders.13173/sss_nss.h0000644000000000000000000000007412320753107017163 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.422875122 sssd-1.11.5/src/util/sss_nss.h0000664002412700241270000000214112320753107017403 0ustar00jhrozekjhrozek00000000000000/* SSSD Utility functions related to ID information Copyright (C) Jan Zeleny 2012 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SSS_NSS_H__ #define __SSS_NSS_H__ #include #include char *expand_homedir_template(TALLOC_CTX *mem_ctx, const char *template, const char *username, uint32_t uid, const char *original, const char *domain, const char *flatname); #endif sssd-1.11.5/src/util/PaxHeaders.13173/murmurhash3.c0000644000000000000000000000007412320753107017741 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.543875033 sssd-1.11.5/src/util/murmurhash3.c0000664002412700241270000000407212320753107020166 0ustar00jhrozekjhrozek00000000000000/* This file is based on the public domain MurmurHash3 from Austin Appleby: * http://code.google.com/p/smhasher/source/browse/trunk/MurmurHash3.cpp * * We use only the 32 bit variant because the 2 produce different result while * we need to produce the same result regardless of the architecture as * clients can be both 64 or 32 bit at the same time. */ #include #include #include #include "config.h" #include "util/sss_endian.h" static uint32_t rotl(uint32_t x, int8_t r) { return (x << r) | (x >> (32 - r)); } /* slower than original but is endian neutral and handles platforms that * do only aligned reads */ __attribute__((always_inline)) static inline uint32_t getblock(const uint8_t *p, int i) { uint32_t r; size_t size = sizeof(uint32_t); memcpy(&r, &p[i * size], size); return le32toh(r); } /* * Finalization mix - force all bits of a hash block to avalanche */ __attribute__((always_inline)) static inline uint32_t fmix(uint32_t h) { h ^= h >> 16; h *= 0x85ebca6b; h ^= h >> 13; h *= 0xc2b2ae35; h ^= h >> 16; return h; } uint32_t murmurhash3(const char *key, int len, uint32_t seed) { const uint8_t *blocks; const uint8_t *tail; int nblocks; uint32_t h1; uint32_t k1; uint32_t c1; uint32_t c2; int i; blocks = (const uint8_t *)key; nblocks = len / 4; h1 = seed; c1 = 0xcc9e2d51; c2 = 0x1b873593; /* body */ for (i = 0; i < nblocks; i++) { k1 = getblock(blocks, i); k1 *= c1; k1 = rotl(k1, 15); k1 *= c2; h1 ^= k1; h1 = rotl(h1, 13); h1 = h1 * 5 + 0xe6546b64; } /* tail */ tail = (const uint8_t *)key + nblocks * 4; k1 = 0; switch (len & 3) { case 3: k1 ^= tail[2] << 16; case 2: k1 ^= tail[1] << 8; case 1: k1 ^= tail[0]; k1 *= c1; k1 = rotl(k1, 15); k1 *= c2; h1 ^= k1; default: break; } /* finalization */ h1 ^= len; h1 = fmix(h1); return h1; } sssd-1.11.5/src/util/PaxHeaders.13173/authtok.h0000644000000000000000000000007412320753107017147 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.435875112 sssd-1.11.5/src/util/authtok.h0000664002412700241270000001411312320753107017371 0ustar00jhrozekjhrozek00000000000000/* SSSD - auth utils Copyright (C) Simo Sorce 2012 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __AUTHTOK_H__ #define __AUTHTOK_H__ #include "util/util.h" #include "sss_client/sss_cli.h" /* Use sss_authtok_* accesor functions instead of struct sss_auth_token */ struct sss_auth_token; /** * @brief Returns the token type * * @param tok A pointer to an sss_auth_token * * @return A sss_authtok_type (empty, password, ...) */ enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok); /** * @brief Returns the token size * * @param tok A pointer to an sss_auth_token * * @return The current size of the token payload */ size_t sss_authtok_get_size(struct sss_auth_token *tok); /** * @brief Get the data buffer * * @param tok A pointer to an sss_auth_token * * @return A pointer to the token payload */ uint8_t *sss_authtok_get_data(struct sss_auth_token *tok); /** * @brief Returns a const string if the auth token is of type SSS_AUTHTOK_TYPE_PASSWORD, otherwise it returns an error * * @param tok A pointer to an sss_auth_token * @param pwd A pointer to a const char *, that will point to a null * terminated string * @param len The length of the password string * * @return EOK on success * ENOENT if the token is empty * EACCESS if the token is not a password token */ errno_t sss_authtok_get_password(struct sss_auth_token *tok, const char **pwd, size_t *len); /** * @brief Set a password into a an auth token, replacing any previous data * * @param tok A pointer to a sss_auth_token structure to change, also * used as a memory context to allocate the internal data. * @param password A string * @param len The length of the string or, if 0 is passed, * then strlen(password) will be used internally. * * @return EOK on success * ENOMEM on error */ errno_t sss_authtok_set_password(struct sss_auth_token *tok, const char *password, size_t len); /** * @brief Returns a const string if the auth token is of type SSS_AUTHTOK_TYPE_CCFILE, otherwise it returns an error * * @param tok A pointer to an sss_auth_token * @param ccfile A pointer to a const char *, that will point to a null * terminated string, also used as a memory context use to allocate the internal data * @param len The length of the string * * @return EOK on success * ENOENT if the token is empty * EACCESS if the token is not a password token */ errno_t sss_authtok_get_ccfile(struct sss_auth_token *tok, const char **ccfile, size_t *len); /** * @brief Set a cc file name into a an auth token, replacing any previous data * * @param tok A pointer to a sss_auth_token structure to change, also * used as a memory context to allocate the internal data. * @param ccfile A null terminated string * @param len The length of the string * * @return EOK on success * ENOMEM on error */ errno_t sss_authtok_set_ccfile(struct sss_auth_token *tok, const char *ccfile, size_t len); /** * @brief Resets an auth token to the empty status * * @param tok A pointer to a sss_auth_token structure to reset * * NOTE: This function uses safezero() on the payload if the type * is SSS_AUTHTOK_TYPE_PASSWORD */ void sss_authtok_set_empty(struct sss_auth_token *tok); /** * @brief Set an auth token by type, replacing any previous data * * @param tok A pointer to a sss_auth_token structure to change, also * used as a memory context to allocate the internal data. * @param type A valid authtok type * @param ccfile A data pointer * @param len The length of the data * * @return EOK on success * ENOMEM or EINVAL on error */ errno_t sss_authtok_set(struct sss_auth_token *tok, enum sss_authtok_type type, uint8_t *data, size_t len); /** * @brief Copy an auth token from source to destination * * @param src The source auth token * @param dst The destination auth token, also used as a memory context * to allocate dst internal data. * * @return EOK on success * ENOMEM on error */ errno_t sss_authtok_copy(struct sss_auth_token *src, struct sss_auth_token *dst); /** * @brief Uses safezero to wipe the password from memory if the * authtoken contains a password, otherwise does nothing. * * @param tok A pointer to a sss_auth_token structure to change * * NOTE: This function should only be used in destructors or similar * functions where freing the actual string is unsafe and where it can * be guaranteed that the auth token will not be used anymore. * Use sss_authtok_set_empty() in normal circumstances. */ void sss_authtok_wipe_password(struct sss_auth_token *tok); /** * @brief Create new empty struct sss_auth_token. * * @param mem_ctx A memory context use to allocate the internal data * @return A pointer to new empty struct sss_auth_token * NULL in case of failure * * NOTE: This function is the only way, how to create new empty * struct sss_auth_token. */ struct sss_auth_token *sss_authtok_new(TALLOC_CTX *mem_ctx); #endif /* __AUTHTOK_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/io.c0000644000000000000000000000007412320753107016072 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.543875033 sssd-1.11.5/src/util/io.c0000664002412700241270000000406412320753107016320 0ustar00jhrozekjhrozek00000000000000/* SSSD io.c Authors: Lukas Slebodnik Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include #include #include #include "util/io.h" /* CAUTION: * This file have to be minimalist and cannot include DEBUG macros * or header file util.h. */ int sss_open_cloexec(const char *pathname, int flags, int *ret) { int fd; int oflags; oflags = flags; #ifdef O_CLOEXEC oflags |= O_CLOEXEC; #endif errno = 0; fd = open(pathname, oflags); if (fd == -1) { if (ret) { *ret = errno; } return -1; } #ifndef O_CLOEXEC int v; v = fcntl(fd, F_GETFD, 0); /* we ignore an error, it's not fatal and there is nothing we * can do about it anyways */ (void)fcntl(fd, F_SETFD, v | FD_CLOEXEC); #endif return fd; } int sss_openat_cloexec(int dir_fd, const char *pathname, int flags, int *ret) { int fd; int oflags; oflags = flags; #ifdef O_CLOEXEC oflags |= O_CLOEXEC; #endif errno = 0; fd = openat(dir_fd, pathname, oflags); if (fd == -1) { if (ret) { *ret = errno; } return -1; } #ifndef O_CLOEXEC int v; v = fcntl(fd, F_GETFD, 0); /* we ignore an error, it's not fatal and there is nothing we * can do about it anyways */ (void)fcntl(fd, F_SETFD, v | FD_CLOEXEC); #endif return fd; } sssd-1.11.5/src/util/PaxHeaders.13173/sss_selinux.h0000644000000000000000000000007312320753107020046 xustar000000000000000030 atime=1396954939.277891423 29 ctime=1396954961.42587512 sssd-1.11.5/src/util/sss_selinux.h0000664002412700241270000000332712320753107020276 0ustar00jhrozekjhrozek00000000000000/* SSSD SELinux-related utility functions Authors: Jan Zeleny Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef SSS_SELINUX_H_ #define SSS_SELINUX_H_ #include #include #include #define SELINUX_PRIORITY_USER_CAT 1 #define SELINUX_PRIORITY_USER_GROUP 2 #define SELINUX_PRIORITY_USER_NAME 4 /* According to specification, host has higher priority */ #define SELINUX_PRIORITY_HOST_CAT 8 #define SELINUX_PRIORITY_HOST_GROUP 16 #define SELINUX_PRIORITY_HOST_NAME 32 errno_t sss_selinux_extract_user(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *username, struct sysdb_attrs **_user_attrs); bool sss_selinux_match(struct sysdb_attrs *usermap, struct sysdb_attrs *user, struct sysdb_attrs *host, uint32_t *_priority); const char *sss_selinux_map_get_seuser(struct sysdb_attrs *usermap); #endif /* SSS_SELINUX_H_ */ sssd-1.11.5/src/util/PaxHeaders.13173/sss_format.h0000644000000000000000000000007412320753107017650 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.428875117 sssd-1.11.5/src/util/sss_format.h0000664002412700241270000000320512320753107020072 0ustar00jhrozekjhrozek00000000000000/* SSSD sss_format.h Authors: Lukas Slebodnik Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SSS_FORMAT_H__ #define __SSS_FORMAT_H__ #include /* key_serial_t is defined in keyutils.h as typedef int32_t */ #define SPRIkey_ser PRId32 /* rlim_t is defined with conditional build as unsigned type. * It seems that sizeof(rlim_t) is 8. It may be platform dependent, therefore * the same format will be used like with uint64_t. */ #define SPRIrlim PRIu64 #if SIZEOF_ID_T == 8 # define SPRIid PRIu64 #elif SIZEOF_ID_T == 4 # define SPRIid PRIu32 #else # error Unexpected sizeof id_t #endif /* SIZEOF_ID_T */ #if SIZEOF_UID_T == 8 # define SPRIuid PRIu64 #elif SIZEOF_UID_T == 4 # define SPRIuid PRIu32 #else # error Unexpected sizeof uid_t #endif /* SIZEOF_UID_T */ #if SIZEOF_GID_T == 8 # define SPRIgid PRIu64 #elif SIZEOF_GID_T == 4 # define SPRIgid PRIu32 #else # error Unexpected sizeof gid_t #endif /* SIZEOF_GID_T */ #endif /* __SSS_FORMAT_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/util_sss_idmap.h0000644000000000000000000000007412320753107020507 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.437875111 sssd-1.11.5/src/util/util_sss_idmap.h0000664002412700241270000000165712320753107020742 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __UTIL_SSS_IDMAP_H__ #define __UTIL_SSS_IDMAP_H__ void *sss_idmap_talloc(size_t size, void *pvt); void sss_idmap_talloc_free(void *ptr, void *pvt); #endif /* __UTIL_SSS_IDMAP_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/sss_utf8.c0000644000000000000000000000007412320753107017241 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.535875038 sssd-1.11.5/src/util/sss_utf8.c0000664002412700241270000000747612320753107017501 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "sss_utf8.h" #ifdef HAVE_LIBUNISTRING void sss_utf8_free(void *ptr) { return free(ptr); } #elif HAVE_GLIB2 void sss_utf8_free(void *ptr) { return g_free(ptr); } #else #error No unicode library #endif #ifdef HAVE_LIBUNISTRING uint8_t *sss_utf8_tolower(const uint8_t *s, size_t len, size_t *_nlen) { size_t llen; uint8_t *lower; lower = u8_tolower(s, len, NULL, NULL, NULL, &llen); if (!lower) return NULL; if (_nlen) *_nlen = llen; return lower; } #elif HAVE_GLIB2 uint8_t *sss_utf8_tolower(const uint8_t *s, size_t len, size_t *_nlen) { gchar *glower; size_t nlen; uint8_t *lower; glower = g_utf8_strdown((const gchar *) s, len); if (!glower) return NULL; /* strlen() is safe here because g_utf8_strdown() always null-terminates */ nlen = strlen(glower); lower = g_malloc(nlen); if (!lower) { g_free(glower); return NULL; } memcpy(lower, glower, nlen); g_free(glower); if (_nlen) *_nlen = nlen; return (uint8_t *) lower; } #else #error No unicode library #endif #ifdef HAVE_LIBUNISTRING bool sss_utf8_check(const uint8_t *s, size_t n) { if (u8_check(s, n) == NULL) { return true; } return false; } #elif HAVE_GLIB2 bool sss_utf8_check(const uint8_t *s, size_t n) { return g_utf8_validate((const gchar *)s, n, NULL); } #else #error No unicode library #endif /* Returns EOK on match, ENOTUNIQ if comparison succeeds but * does not match. * May return other errno error codes on failure */ #ifdef HAVE_LIBUNISTRING errno_t sss_utf8_case_eq(const uint8_t *s1, const uint8_t *s2) { /* Do a case-insensitive comparison. * The input must be encoded in UTF8. * We have no way of knowing the language, * so we'll pass NULL for the language and * hope for the best. */ int ret; int resultp; size_t n1, n2; errno = 0; n1 = u8_strlen(s1); n2 = u8_strlen(s2); ret = u8_casecmp(s1, n1, s2, n2, NULL, NULL, &resultp); if (ret < 0) { /* An error occurred */ return errno; } if (resultp == 0) { return EOK; } return ENOMATCH; } #elif HAVE_GLIB2 errno_t sss_utf8_case_eq(const uint8_t *s1, const uint8_t *s2) { gchar *gs1; gchar *gs2; gssize n1, n2; gint gret; errno_t ret; n1 = g_utf8_strlen((const gchar *)s1, -1); n2 = g_utf8_strlen((const gchar *)s2, -1); gs1 = g_utf8_casefold((const gchar *)s1, n1); if (gs1 == NULL) { return ENOMEM; } gs2 = g_utf8_casefold((const gchar *)s2, n2); if (gs2 == NULL) { return ENOMEM; } gret = g_utf8_collate(gs1, gs2); if (gret == 0) { ret = EOK; } else { ret = ENOMATCH; } g_free(gs1); g_free(gs2); return ret; } #else #error No unicode library #endif bool sss_string_equal(bool cs, const char *s1, const char *s2) { if (cs) { return strcmp(s1, s2) == 0; } return sss_utf8_case_eq((const uint8_t *)s1, (const uint8_t *)s2) == EOK; } sssd-1.11.5/src/util/PaxHeaders.13173/user_info_msg.h0000644000000000000000000000007412320753107020327 xustar000000000000000030 atime=1396954939.278891422 30 ctime=1396954961.431875115 sssd-1.11.5/src/util/user_info_msg.h0000664002412700241270000000211512320753107020550 0ustar00jhrozekjhrozek00000000000000/* SSSD Pack user info messages Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __USER_INFO_MSG_H__ #define __USER_INFO_MSG_H__ errno_t pack_user_info_chpass_error(TALLOC_CTX *mem_ctx, const char *user_error_message, size_t *len, uint8_t **_resp); #endif /* __USER_INFO_MSG_H__ */ sssd-1.11.5/src/util/PaxHeaders.13173/mmap_cache.h0000644000000000000000000000007412320753107017545 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.432875115 sssd-1.11.5/src/util/mmap_cache.h0000664002412700241270000001254012320753107017771 0ustar00jhrozekjhrozek00000000000000/* SSSD Mmap Cache Common header Copyright (C) Simo Sorce 2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _MMAP_CACHE_H_ #define _MMAP_CACHE_H_ #include "util/murmurhash3.h" /* NOTE: all the code here assumes that writing a uint32_t nto mmapped * memory is an atomic operation and can't be split in multiple * non-atomic operations */ typedef uint32_t rel_ptr_t; /* align macros */ #define MC_8 sizeof(uint8_t) #define MC_32 sizeof(uint32_t) #define MC_64 sizeof(uint64_t) #define MC_ALIGN32(size) ( ((size) + MC_32 -1) & (~(MC_32 -1)) ) #define MC_ALIGN64(size) ( ((size) + MC_64 -1) & (~(MC_64 -1)) ) #define MC_HEADER_SIZE MC_ALIGN64(sizeof(struct sss_mc_header)) #define MC_HT_SIZE(elems) ( (elems) * MC_32 ) #define MC_HT_ELEMS(size) ( (size) / MC_32 ) #define MC_DT_SIZE(elems, payload) ( (elems) * (payload) ) #define MC_FT_SIZE(elems) ( (elems) / 8 ) /* ^^ 8 bits per byte so we need just elems/8 bytes to represent all blocks */ #define MC_PTR_ADD(ptr, bytes) (void *)((uint8_t *)(ptr) + (bytes)) #define MC_PTR_DIFF(ptr, base) ((uint8_t *)(ptr) - (uint8_t *)(base)) #define MC_INVALID_VAL64 ((uint64_t)-1) #define MC_INVALID_VAL32 ((uint32_t)-1) #define MC_INVALID_VAL8 ((uint8_t)-1) #define MC_INVALID_VAL MC_INVALID_VAL32 /* * 32 seem a good compromise for slot size * 4 blocks are enough for the average passwd entry of 42 bytes * passwd records have 84 bytes of overhead, 128 - 82 = 46 bytes * 3 blocks can contain a very minimal entry, 96 - 82 = 14 bytes * * 3 blocks are enough for groups w/o users (private user groups) * group records have 68 bytes of overhead, 96 - 66 = 30 bytes */ #define MC_SLOT_SIZE 32 #define MC_SIZE_TO_SLOTS(len) (((len) + (MC_SLOT_SIZE - 1)) / MC_SLOT_SIZE) #define MC_PTR_TO_SLOT(base, ptr) (MC_PTR_DIFF(ptr, base) / MC_SLOT_SIZE) #define MC_SLOT_TO_PTR(base, slot, type) \ (type *)((base) + ((slot) * MC_SLOT_SIZE)) #define MC_SLOT_WITHIN_BOUNDS(slot, dt_size) \ ((slot) < ((dt_size) / MC_SLOT_SIZE)) #define MC_VALID_BARRIER(val) (((val) & 0xff000000) == 0xf0000000) #define MC_CHECK_RECORD_LENGTH(mc_ctx, rec) \ ((rec)->len >= MC_HEADER_SIZE && (rec)->len != MC_INVALID_VAL32 \ && ((rec)->len <= ((mc_ctx)->dt_size \ - MC_PTR_DIFF(rec, (mc_ctx)->data_table)))) #define SSS_MC_MAJOR_VNO 0 #define SSS_MC_MINOR_VNO 4 #define SSS_MC_HEADER_UNINIT 0 /* after ftruncate or before reset */ #define SSS_MC_HEADER_ALIVE 1 /* current and in use */ #define SSS_MC_HEADER_RECYCLED 2 /* file was recycled, reopen asap */ #pragma pack(1) struct sss_mc_header { uint32_t b1; /* barrier 1 */ uint32_t major_vno; /* major version number */ uint32_t minor_vno; /* minor version number */ uint32_t status; /* database status */ uint32_t seed; /* random seed used to avoid collision attacks */ uint32_t dt_size; /* data table size */ uint32_t ft_size; /* free table size */ uint32_t ht_size; /* hash table size */ rel_ptr_t data_table; /* data table pointer relative to mmap base */ rel_ptr_t free_table; /* free table pointer relative to mmap base */ rel_ptr_t hash_table; /* hash table pointer relative to mmap base */ rel_ptr_t reserved; /* reserved for future changes */ uint32_t b2; /* barrier 2 */ }; struct sss_mc_rec { uint32_t b1; /* barrier 1 */ uint32_t len; /* total record length including record data */ uint64_t expire; /* record expiration time (cast to time_t) */ rel_ptr_t next; /* ptr of next record rel to data_table */ uint32_t hash1; /* val of first hash (usually name of record) */ uint32_t hash2; /* val of second hash (usually id of record) */ uint32_t b2; /* barrier 2 - 32 bytes mark, fits a slot */ char data[0]; }; struct sss_mc_pwd_data { rel_ptr_t name; /* ptr to name string, rel. to struct base addr */ uint32_t uid; uint32_t gid; uint32_t strs_len; /* length of strs */ char strs[0]; /* concatenation of all passwd strings, each * string is zero terminated ordered as follows: * name, passwd, gecos, dir, shell */ }; struct sss_mc_grp_data { rel_ptr_t name; /* ptr to name string, rel. to struct base addr */ uint32_t gid; uint32_t members; /* number of members in strs */ uint32_t strs_len; /* length of strs */ char strs[0]; /* concatenation of all group strings, each * string is zero terminated ordered as follows: * name, passwd, member1, member2, ... */ }; #pragma pack() #endif /* _MMAP_CACHE_H_ */ sssd-1.11.5/src/util/PaxHeaders.13173/sss_python.c0000644000000000000000000000007412320753107017674 xustar000000000000000030 atime=1396954939.277891423 30 ctime=1396954961.694874921 sssd-1.11.5/src/util/sss_python.c0000664002412700241270000000475312320753107020127 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "src/util/sss_python.h" #include "config.h" PyObject * sss_python_set_new(void) { #ifdef HAVE_PYSET_NEW return PySet_New(NULL); #else return PyObject_CallObject((PyObject *) &PySet_Type, NULL); #endif } int sss_python_set_add(PyObject *set, PyObject *key) { #ifdef HAVE_PYSET_ADD return PySet_Add(set, key); #else PyObject *pyret; int ret; pyret = PyObject_CallMethod(set, sss_py_const_p(char, "add"), sss_py_const_p(char, "O"), key); ret = (pyret == NULL) ? -1 : 0; Py_XDECREF(pyret); return ret; #endif } bool sss_python_set_check(PyObject *set) { #if HAVE_DECL_PYSET_CHECK return PySet_Check(set); #else return PyObject_TypeCheck(set, &PySet_Type); #endif } PyObject * sss_python_unicode_from_string(const char *u) { #ifdef HAVE_PYUNICODE_FROMSTRING return PyUnicode_FromString(u); #else return PyUnicode_DecodeUTF8(u, strlen(u), NULL); #endif } PyObject * sss_exception_with_doc(char *name, char *doc, PyObject *base, PyObject *dict) { #ifdef HAVE_PYERR_NEWEXCEPTIONWITHDOC return PyErr_NewExceptionWithDoc(name, doc, base, dict); #else int result; PyObject *ret = NULL; PyObject *mydict = NULL; /* points to the dict only if we create it */ PyObject *docobj; if (dict == NULL) { dict = mydict = PyDict_New(); if (dict == NULL) { return NULL; } } if (doc != NULL) { docobj = PyString_FromString(doc); if (docobj == NULL) goto failure; result = PyDict_SetItemString(dict, "__doc__", docobj); Py_DECREF(docobj); if (result < 0) goto failure; } ret = PyErr_NewException(name, base, dict); failure: Py_XDECREF(mydict); return ret; #endif } sssd-1.11.5/src/PaxHeaders.13173/tools0000644000000000000000000000013212320753521015420 xustar000000000000000030 mtime=1396954961.755874876 30 atime=1396955003.533843848 30 ctime=1396954961.755874876 sssd-1.11.5/src/tools/0000775002412700241270000000000012320753521015724 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/tools/PaxHeaders.13173/tools_mc_util.c0000644000000000000000000000007412320753107020522 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.741874886 sssd-1.11.5/src/tools/tools_mc_util.c0000664002412700241270000002127212320753107020750 0ustar00jhrozekjhrozek00000000000000/* SSSD tools_mc_util - interface to the memcache for userspace tools Copyright (C) Red Hat 2013 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include "db/sysdb.h" #include "util/util.h" #include "tools/tools_util.h" #include "util/mmap_cache.h" #include "sss_client/sss_cli.h" /* This is a copy of sss_mc_set_recycled present in * src/responder/nss/nsssrv_mmap_cache.c. If you modify this function, * you should modify the original function too. */ static errno_t sss_mc_set_recycled(int fd) { uint32_t w = SSS_MC_HEADER_RECYCLED; struct sss_mc_header h; off_t offset; off_t pos; int ret; offset = MC_PTR_DIFF(&h.status, &h); pos = lseek(fd, offset, SEEK_SET); if (pos == -1) { /* What do we do now ? */ return errno; } errno = 0; ret = sss_atomic_write_s(fd, (uint8_t *)&w, sizeof(h.status)); if (ret == -1) { return errno; } if (ret != sizeof(h.status)) { /* Write error */ return EIO; } return EOK; } errno_t sss_memcache_invalidate(const char *mc_filename) { int mc_fd = -1; errno_t ret; errno_t pret; useconds_t t = 50000; int retries = 2; if (!mc_filename) { return EINVAL; } mc_fd = open(mc_filename, O_RDWR); if (mc_fd == -1) { ret = errno; if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC,("Memory cache file %s " "does not exist.\n", mc_filename)); return EOK; } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to open file %s: %s\n", mc_filename, strerror(ret))); return ret; } } ret = sss_br_lock_file(mc_fd, 0, 1, retries, t); if (ret == EACCES) { DEBUG(SSSDBG_TRACE_FUNC, ("File %s already locked by someone else.\n", mc_filename)); goto done; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to lock file %s.\n", mc_filename)); goto done; } /* Mark the mc file as recycled. */ ret = sss_mc_set_recycled(mc_fd); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to mark memory cache file %s " "as recycled.\n", mc_filename)); goto done; } ret = EOK; done: if (mc_fd != -1) { /* Closing the file also releases the lock */ close(mc_fd); /* Only unlink the file if invalidation was successful */ if (ret == EOK) { pret = unlink(mc_filename); if (pret == -1) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to unlink file %s. " "Will be unlinked later by sssd_nss.\n", mc_filename)); } } } return ret; } static int clear_fastcache(bool *sssd_nss_is_off) { int ret; ret = sss_memcache_invalidate(SSS_NSS_MCACHE_DIR"/passwd"); if (ret != EOK) { if (ret == EACCES) { *sssd_nss_is_off = false; return EOK; } else { return ret; } } ret = sss_memcache_invalidate(SSS_NSS_MCACHE_DIR"/group"); if (ret != EOK) { if (ret == EACCES) { *sssd_nss_is_off = false; return EOK; } else { return ret; } } *sssd_nss_is_off = true; return EOK; } errno_t sss_memcache_clear_all(void) { errno_t ret; bool sssd_nss_is_off = false; FILE *clear_mc_flag; ret = clear_fastcache(&sssd_nss_is_off); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to clear caches.\n")); return EIO; } if (!sssd_nss_is_off) { /* sssd_nss is running -> signal monitor to invalidate fastcache */ clear_mc_flag = fopen(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG, "w"); if (clear_mc_flag == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create clear_mc_flag file. " "Memory cache will not be cleared.\n")); return EIO; } ret = fclose(clear_mc_flag); if (ret != 0) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to close file descriptor: %s\n", strerror(ret))); return EIO; } DEBUG(SSSDBG_TRACE_FUNC, ("Sending SIGHUP to monitor.\n")); ret = signal_sssd(SIGHUP); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to send SIGHUP to monitor.\n")); return EIO; } } return EOK; } enum sss_tools_ent { SSS_TOOLS_USER, SSS_TOOLS_GROUP }; static errno_t sss_mc_refresh_ent(const char *name, enum sss_tools_ent ent) { enum sss_cli_command cmd; struct sss_cli_req_data rd; uint8_t *repbuf = NULL; size_t replen; enum nss_status nret; errno_t ret; cmd = SSS_CLI_NULL; switch (ent) { case SSS_TOOLS_USER: cmd = SSS_NSS_GETPWNAM; break; case SSS_TOOLS_GROUP: cmd = SSS_NSS_GETGRNAM; break; } if (cmd == SSS_CLI_NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Unknown object %d to refresh\n", cmd)); return EINVAL; } rd.data = name; rd.len = strlen(name) + 1; sss_nss_lock(); nret = sss_nss_make_request(cmd, &rd, &repbuf, &replen, &ret); sss_nss_unlock(); free(repbuf); if (nret != NSS_STATUS_SUCCESS && nret != NSS_STATUS_NOTFOUND) { return EIO; } return EOK; } errno_t sss_mc_refresh_user(const char *username) { return sss_mc_refresh_ent(username, SSS_TOOLS_USER); } errno_t sss_mc_refresh_group(const char *groupname) { return sss_mc_refresh_ent(groupname, SSS_TOOLS_GROUP); } errno_t sss_mc_refresh_nested_group(struct tools_ctx *tctx, const char *name) { errno_t ret; struct ldb_message *msg; struct ldb_message_element *el; const char *attrs[] = { SYSDB_MEMBEROF, SYSDB_NAME, NULL }; size_t i; char *parent_name; ret = sss_mc_refresh_group(name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot refresh group %s from memory cache\n", name)); /* try to carry on */ } ret = sysdb_search_group_by_name(tctx, tctx->sysdb, tctx->local, name, attrs, &msg); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Search failed: %s (%d)\n", strerror(ret), ret)); return ret; } el = ldb_msg_find_element(msg, SYSDB_MEMBEROF); if (!el || el->num_values == 0) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Group %s has no parents\n", name)); talloc_free(msg); return EOK; } /* This group is nested. We need to invalidate all its parents, too */ for (i=0; i < el->num_values; i++) { ret = sysdb_group_dn_name(tctx->sysdb, tctx, (const char *) el->values[i].data, &parent_name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Malformed DN [%s]? Skipping\n", (const char *) el->values[i].data)); talloc_free(parent_name); continue; } ret = sss_mc_refresh_group(parent_name); talloc_free(parent_name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot refresh group %s from memory cache\n", name)); /* try to carry on */ } } talloc_free(msg); return EOK; } errno_t sss_mc_refresh_grouplist(struct tools_ctx *tctx, char **groupnames) { int i; errno_t ret; bool failed = false; if (!groupnames) return EOK; for (i = 0; groupnames[i]; i++) { ret = sss_mc_refresh_nested_group(tctx, groupnames[i]); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot refresh group %s from memory cache\n", groupnames[i])); failed = true; continue; } } return failed ? EIO : EOK; } sssd-1.11.5/src/tools/PaxHeaders.13173/selinux.c0000644000000000000000000000007412320753107017335 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.698874918 sssd-1.11.5/src/tools/selinux.c0000664002412700241270000002352212320753107017563 0ustar00jhrozekjhrozek00000000000000/* SSSD selinux.c Copyright (C) Jakub Hrozek 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include #ifdef HAVE_SELINUX #include #endif #ifdef HAVE_SEMANAGE #include #endif #include "util/util.h" #ifndef DEFAULT_SERANGE #define DEFAULT_SERANGE "s0" #endif #ifdef HAVE_SELINUX /* * selinux_file_context - Set the security context before any file or * directory creation. * * selinux_file_context () should be called before any creation of file, * symlink, directory, ... * * Callers may have to Reset SELinux to create files with default * contexts: * reset_selinux_file_context(); */ int selinux_file_context(const char *dst_name) { security_context_t scontext = NULL; if (is_selinux_enabled() == 1) { /* Get the default security context for this file */ if (matchpathcon(dst_name, 0, &scontext) < 0) { if (security_getenforce () != 0) { return 1; } } /* Set the security context for the next created file */ if (setfscreatecon(scontext) < 0) { if (security_getenforce() != 0) { return 1; } } freecon(scontext); } return 0; } int reset_selinux_file_context(void) { setfscreatecon(NULL); return EOK; } #else /* HAVE_SELINUX */ int selinux_file_context(const char *dst_name) { return EOK; } int reset_selinux_file_context(void) { return EOK; } #endif /* HAVE_SELINUX */ #ifdef HAVE_SEMANAGE /* turn libselinux messages into SSSD DEBUG() calls */ static void sss_semanage_error_callback(void *varg, semanage_handle_t *handle, const char *fmt, ...) { int level = -1; int ret; char * message = NULL; va_list ap; switch (semanage_msg_get_level(handle)) { case SEMANAGE_MSG_ERR: level = 1; break; case SEMANAGE_MSG_WARN: level = 4; break; case SEMANAGE_MSG_INFO: level = 6; break; } va_start(ap, fmt); ret = vasprintf(&message, fmt, ap); va_end(ap); if (ret < 0) { /* ENOMEM */ return; } DEBUG_MSG(level, "libsemanage", message); free(message); } static semanage_handle_t *sss_semanage_init(void) { int ret; semanage_handle_t *handle = NULL; handle = semanage_handle_create(); if (!handle) { DEBUG(1, ("Cannot create SELinux management handle\n")); return NULL; } semanage_msg_set_callback(handle, sss_semanage_error_callback, NULL); ret = semanage_is_managed(handle); if (ret != 1) { DEBUG(1, ("SELinux policy not managed\n")); goto fail; } ret = semanage_access_check(handle); if (ret < SEMANAGE_CAN_READ) { DEBUG(1, ("Cannot read SELinux policy store\n")); goto fail; } ret = semanage_connect(handle); if (ret != 0) { DEBUG(1, ("Cannot estabilish SELinux management connection\n")); goto fail; } ret = semanage_begin_transaction(handle); if (ret != 0) { DEBUG(1, ("Cannot begin SELinux transaction\n")); goto fail; } return handle; fail: semanage_handle_destroy(handle); return NULL; } static int sss_semanage_user_add(semanage_handle_t *handle, semanage_seuser_key_t *key, const char *login_name, const char *seuser_name) { int ret; semanage_seuser_t *seuser = NULL; ret = semanage_seuser_create(handle, &seuser); if (ret != 0) { DEBUG(1, ("Cannot create SELinux login mapping for %s\n", login_name)); ret = EIO; goto done; } ret = semanage_seuser_set_name(handle, seuser, login_name); if (ret != 0) { DEBUG(1, ("Could not set name for %s\n", login_name)); ret = EIO; goto done; } ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE); if (ret != 0) { DEBUG(1, ("Could not set serange for %s\n", login_name)); ret = EIO; goto done; } ret = semanage_seuser_set_sename(handle, seuser, seuser_name); if (ret != 0) { DEBUG(1, ("Could not set SELinux user for %s\n", login_name)); ret = EIO; goto done; } ret = semanage_seuser_modify_local(handle, key, seuser); if (ret != 0) { DEBUG(1, ("Could not add login mapping for %s\n", login_name)); ret = EIO; goto done; } ret = EOK; done: semanage_seuser_free(seuser); return ret; } static int sss_semanage_user_mod(semanage_handle_t *handle, semanage_seuser_key_t *key, const char *login_name, const char *seuser_name) { int ret; semanage_seuser_t *seuser = NULL; semanage_seuser_query(handle, key, &seuser); if (seuser == NULL) { DEBUG(1, ("Could not query seuser for %s\n", login_name)); ret = EIO; goto done; } ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE); if (ret != 0) { DEBUG(1, ("Could not set serange for %s\n", login_name)); ret = EIO; goto done; } ret = semanage_seuser_set_sename(handle, seuser, seuser_name); if (ret != 0) { DEBUG(1, ("Could not set sename for %s\n", login_name)); ret = EIO; goto done; } ret = semanage_seuser_modify_local(handle, key, seuser); if (ret != 0) { DEBUG(1, (("Could not modify login mapping for %s\n"), login_name)); ret = EIO; goto done; } ret = EOK; done: semanage_seuser_free(seuser); return ret; } int set_seuser(const char *login_name, const char *seuser_name) { semanage_handle_t *handle = NULL; semanage_seuser_key_t *key = NULL; int ret; int seuser_exists = 0; if (seuser_name == NULL) { /* don't care, just let system pick the defaults */ return EOK; } handle = sss_semanage_init(); if (!handle) { DEBUG(1, ("Cannot init SELinux management\n")); ret = EIO; goto done; } ret = semanage_seuser_key_create(handle, login_name, &key); if (ret != 0) { DEBUG(1, ("Cannot create SELinux user key\n")); ret = EIO; goto done; } ret = semanage_seuser_exists(handle, key, &seuser_exists); if (ret < 0) { DEBUG(1, ("Cannot verify the SELinux user\n")); ret = EIO; goto done; } if (seuser_exists) { ret = sss_semanage_user_mod(handle, key, login_name, seuser_name); if (ret != 0) { DEBUG(1, ("Cannot modify SELinux user mapping\n")); ret = EIO; goto done; } } else { ret = sss_semanage_user_add(handle, key, login_name, seuser_name); if (ret != 0) { DEBUG(1, ("Cannot add SELinux user mapping\n")); ret = EIO; goto done; } } ret = semanage_commit(handle); if (ret < 0) { DEBUG(1, ("Cannot commit SELinux transaction\n")); ret = EIO; goto done; } ret = EOK; done: semanage_seuser_key_free(key); semanage_handle_destroy(handle); return ret; } int del_seuser(const char *login_name) { semanage_handle_t *handle = NULL; semanage_seuser_key_t *key = NULL; int ret; int exists = 0; handle = sss_semanage_init(); if (!handle) { DEBUG(1, ("Cannot init SELinux management\n")); ret = EIO; goto done; } ret = semanage_seuser_key_create(handle, login_name, &key); if (ret != 0) { DEBUG(1, ("Cannot create SELinux user key\n")); ret = EIO; goto done; } ret = semanage_seuser_exists(handle, key, &exists); if (ret < 0) { DEBUG(1, ("Cannot verify the SELinux user\n")); ret = EIO; goto done; } if (!exists) { DEBUG(5, ("Login mapping for %s is not defined, OK if default mapping " "was used\n", login_name)); ret = EOK; /* probably default mapping */ goto done; } ret = semanage_seuser_exists_local(handle, key, &exists); if (ret < 0) { DEBUG(1, ("Cannot verify the SELinux user\n")); ret = EIO; goto done; } if (!exists) { DEBUG(1, ("Login mapping for %s is defined in policy, " "cannot be deleted", login_name)); ret = ENOENT; goto done; } ret = semanage_seuser_del_local(handle, key); if (ret != 0) { DEBUG(1, ("Could not delete login mapping for %s", login_name)); ret = EIO; goto done; } ret = semanage_commit(handle); if (ret < 0) { DEBUG(1, ("Cannot commit SELinux transaction\n")); ret = EIO; goto done; } ret = EOK; done: semanage_handle_destroy(handle); return ret; } #else /* HAVE_SEMANAGE */ int set_seuser(const char *login_name, const char *seuser_name) { return EOK; } int del_seuser(const char *login_name) { return EOK; } #endif /* HAVE_SEMANAGE */ sssd-1.11.5/src/tools/PaxHeaders.13173/sss_groupadd.c0000644000000000000000000000007412320753107020343 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.743874885 sssd-1.11.5/src/tools/sss_groupadd.c0000664002412700241270000001102312320753107020562 0ustar00jhrozekjhrozek00000000000000/* SSSD sss_groupadd Copyright (C) Jakub Hrozek 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include "util/util.h" #include "db/sysdb.h" #include "tools/tools_util.h" #include "tools/sss_sync_ops.h" int main(int argc, const char **argv) { gid_t pc_gid = 0; int pc_debug = SSSDBG_DEFAULT; struct poptOption long_options[] = { POPT_AUTOHELP { "debug",'\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, _("The debug level to run with"), NULL }, { "gid", 'g', POPT_ARG_INT, &pc_gid, 0, _("The GID of the group"), NULL }, POPT_TABLEEND }; poptContext pc = NULL; struct tools_ctx *tctx = NULL; int ret = EXIT_SUCCESS; errno_t sret; const char *pc_groupname = NULL; bool in_transaction = false; debug_prg_name = argv[0]; ret = set_locale(); if (ret != EOK) { DEBUG(1, ("set_locale failed (%d): %s\n", ret, strerror(ret))); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; } /* parse params */ pc = poptGetContext(NULL, argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "GROUPNAME"); if ((ret = poptGetNextOpt(pc)) < -1) { BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini); } DEBUG_INIT(pc_debug); /* groupname is an argument, not option */ pc_groupname = poptGetArg(pc); if (pc_groupname == NULL) { BAD_POPT_PARAMS(pc, _("Specify group to add\n"), ret, fini); } CHECK_ROOT(ret, debug_prg_name); ret = init_sss_tools(&tctx); if (ret != EOK) { DEBUG(1, ("init_sss_tools failed (%d): %s\n", ret, strerror(ret))); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { ERROR("Error initializing the tools\n"); } ret = EXIT_FAILURE; goto fini; } /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_groupname); if (ret != EOK) { ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } tctx->octx->gid = pc_gid; /* arguments processed, go on to actual work */ if (id_in_range(tctx->octx->gid, tctx->octx->domain) != EOK) { ERROR("The selected GID is outside the allowed range\n"); ret = EXIT_FAILURE; goto fini; } tctx->error = sysdb_transaction_start(tctx->sysdb); if (tctx->error != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; /* groupadd */ tctx->error = groupadd(tctx->sysdb, tctx->octx); if (tctx->error) { goto done; } tctx->error = sysdb_transaction_commit(tctx->sysdb); if (tctx->error != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; done: if (in_transaction) { sret = sysdb_transaction_cancel(tctx->sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } if (tctx->error) { ret = tctx->error; switch (ret) { case ERANGE: ERROR("Could not allocate ID for the group - domain full?\n"); break; case EEXIST: ERROR("A group with the same name or GID already exists\n"); break; default: DEBUG(1, ("sysdb operation failed (%d)[%s]\n", ret, strerror(ret))); ERROR("Transaction error. Could not add group.\n"); break; } ret = EXIT_FAILURE; goto fini; } ret = EXIT_SUCCESS; fini: talloc_free(tctx); poptFreeContext(pc); exit(ret); } sssd-1.11.5/src/tools/PaxHeaders.13173/sss_sync_ops.h0000644000000000000000000000007412320753107020400 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.498875066 sssd-1.11.5/src/tools/sss_sync_ops.h0000664002412700241270000000571312320753107020630 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SSS_OPS_H__ #define __SSS_OPS_H__ #include "tools/tools_util.h" #include #define DO_LOCK 1 #define DO_UNLOCK 2 /* 0 = not set, pick default */ #define DO_CREATE_HOME 1 #define DO_NOT_CREATE_HOME 2 #define DO_REMOVE_HOME 1 #define DO_NOT_REMOVE_HOME 2 #define DO_FORCE_REMOVAL 1 struct ops_ctx { struct sss_domain_info *domain; char *name; uid_t uid; gid_t gid; char *gecos; char *home; char *shell; int lock; bool create_homedir; bool remove_homedir; mode_t umask; char *skeldir; char *maildir; char **addgroups; char **rmgroups; }; /* default values for add operations */ int useradd_defaults(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, struct ops_ctx *data, const char *gecos, const char *homedir, const char *shell, int create_home, const char *skeldir); /* default values for remove operations */ int userdel_defaults(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, struct ops_ctx *data, int remove_home); /* synchronous operations */ int useradd(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ops_ctx *data); int userdel(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ops_ctx *data); int usermod(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ops_ctx *data); int groupadd(struct sysdb_ctx *sysdb, struct ops_ctx *data); int groupdel(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ops_ctx *data); int groupmod(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ops_ctx *data); int sysdb_getpwnam_sync(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, const char *name, struct ops_ctx *out); int sysdb_getgrnam_sync(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, const char *name, struct ops_ctx *out); #endif /* __SSS_OPS_H__ */ sssd-1.11.5/src/tools/PaxHeaders.13173/tools_util.h0000644000000000000000000000007412320753107020050 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.498875066 sssd-1.11.5/src/tools/tools_util.h0000664002412700241270000000714012320753107020274 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Simo Sorce Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __TOOLS_UTIL_H__ #define __TOOLS_UTIL_H__ #include #include "util/util.h" #define SSSD_PIDFILE ""PID_PATH"/sssd.pid" #define MAX_PID_LENGTH 10 #define BAD_POPT_PARAMS(pc, msg, val, label) do { \ usage(pc, msg); \ val = EXIT_FAILURE; \ goto label; \ } while(0) #define CHECK_ROOT(val, prg_name) do { \ val = getuid(); \ if (val != 0) { \ DEBUG(1, ("Running under %d, must be root\n", val)); \ ERROR("%1$s must be run as root\n", prg_name); \ val = EXIT_FAILURE; \ goto fini; \ } \ } while(0) struct tools_ctx { struct confdb_ctx *confdb; struct sysdb_ctx *sysdb; struct sss_names_ctx *snctx; struct sss_domain_info *local; struct ops_ctx *octx; bool transaction_done; int error; }; int init_sss_tools(struct tools_ctx **_tctx); void usage(poptContext pc, const char *error); int set_locale(void); int parse_name_domain(struct tools_ctx *tctx, const char *fullname); int id_in_range(uint32_t id, struct sss_domain_info *dom); int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out); int parse_group_name_domain(struct tools_ctx *tctx, char **groups); int check_group_names(struct tools_ctx *tctx, char **grouplist, char **badgroup); int create_homedir(const char *skeldir, const char *homedir, uid_t uid, gid_t gid, mode_t default_umask); int create_mail_spool(TALLOC_CTX *mem_ctx, const char *username, const char *maildir, uid_t uid, gid_t gid); int remove_homedir(TALLOC_CTX *mem_ctx, const char *homedir, const char *maildir, const char *username, uid_t uid, bool force); int run_userdel_cmd(struct tools_ctx *tctx); errno_t signal_sssd(int signum); /* tools_mc_util.c */ errno_t sss_memcache_invalidate(const char *mc_filename); errno_t sss_memcache_clear_all(void); errno_t sss_mc_refresh_user(const char *username); errno_t sss_mc_refresh_group(const char *groupname); errno_t sss_mc_refresh_grouplist(struct tools_ctx *tctx, char **groupnames); /* from files.c */ int remove_tree(const char *root); int copy_tree(const char *src_root, const char *dst_root, mode_t mode_root, uid_t uid, gid_t gid); /* from selinux.c */ int selinux_file_context(const char *dst_name); int reset_selinux_file_context(void); int set_seuser(const char *login_name, const char *seuser_name); int del_seuser(const char *login_name); #endif /* __TOOLS_UTIL_H__ */ sssd-1.11.5/src/tools/PaxHeaders.13173/sss_userdel.c0000644000000000000000000000007412320753107020201 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.754874877 sssd-1.11.5/src/tools/sss_userdel.c0000664002412700241270000002165312320753107020432 0ustar00jhrozekjhrozek00000000000000/* SSSD sss_userdel Copyright (C) Jakub Hrozek 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include "db/sysdb.h" #include "util/util.h" #include "util/find_uid.h" #include "tools/tools_util.h" #include "tools/sss_sync_ops.h" #ifndef KILL_CMD #define KILL_CMD "killall" #endif #ifndef KILL_CMD_USER_FLAG #define KILL_CMD_USER_FLAG "-u" #endif #ifndef KILL_CMD_SIGNAL_FLAG #define KILL_CMD_SIGNAL_FLAG "-s" #endif #ifndef KILL_CMD_SIGNAL #define KILL_CMD_SIGNAL "SIGKILL" #endif static int is_logged_in(TALLOC_CTX *mem_ctx, uid_t uid) { int ret; hash_key_t key; hash_value_t value; hash_table_t *uid_table; ret = get_uid_table(mem_ctx, &uid_table); if (ret == ENOSYS) return ret; if (ret != EOK) { DEBUG(1, ("Cannot initialize hash table.\n")); return ret; } key.type = HASH_KEY_ULONG; key.ul = (unsigned long) uid; ret = hash_lookup(uid_table, &key, &value); talloc_zfree(uid_table); return ret == HASH_SUCCESS ? EOK : ENOENT; } static int kick_user(struct tools_ctx *tctx) { int ret; int status; pid_t pid, child_pid; tctx->octx->lock = 1; ret = usermod(tctx, tctx->sysdb, tctx->octx); if (ret != EOK) { return ret; } errno = 0; pid = fork(); if (pid == 0) { /* child */ execlp(KILL_CMD, KILL_CMD, KILL_CMD_USER_FLAG, tctx->octx->name, KILL_CMD_SIGNAL_FLAG, KILL_CMD_SIGNAL, (char *) NULL); exit(errno); } else { /* parent */ if (pid == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("fork failed [%d]: %s\n", ret, strerror(ret))); return ret; } while((child_pid = waitpid(pid, &status, 0)) > 0) { if (WIFEXITED(status)) { break; } } if (child_pid == -1) { DEBUG(SSSDBG_CRIT_FAILURE, ("waitpid failed\n")); return errno; } } return EOK; } int main(int argc, const char **argv) { int ret = EXIT_SUCCESS; struct tools_ctx *tctx = NULL; const char *pc_username = NULL; int pc_debug = SSSDBG_DEFAULT; int pc_remove = 0; int pc_force = 0; int pc_kick = 0; poptContext pc = NULL; struct poptOption long_options[] = { POPT_AUTOHELP { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, _("The debug level to run with"), NULL }, { "remove", 'r', POPT_ARG_NONE, NULL, 'r', _("Remove home directory and mail spool"), NULL }, { "no-remove", 'R', POPT_ARG_NONE, NULL, 'R', _("Do not remove home directory and mail spool"), NULL }, { "force", 'f', POPT_ARG_NONE, NULL, 'f', _("Force removal of files not owned by the user"), NULL }, { "kick", 'k', POPT_ARG_NONE, NULL, 'k', _("Kill users' processes before removing him"), NULL }, POPT_TABLEEND }; debug_prg_name = argv[0]; ret = set_locale(); if (ret != EOK) { DEBUG(1, ("set_locale failed (%d): %s\n", ret, strerror(ret))); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; } /* parse parameters */ pc = poptGetContext(NULL, argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "USERNAME"); while ((ret = poptGetNextOpt(pc)) > 0) { switch (ret) { case 'r': pc_remove = DO_REMOVE_HOME; break; case 'R': pc_remove = DO_NOT_REMOVE_HOME; break; case 'f': pc_force = DO_FORCE_REMOVAL; break; case 'k': pc_kick = 1; break; } } DEBUG_INIT(pc_debug); if (ret != -1) { BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini); } pc_username = poptGetArg(pc); if (pc_username == NULL) { BAD_POPT_PARAMS(pc, _("Specify user to delete\n"), ret, fini); } CHECK_ROOT(ret, debug_prg_name); ret = init_sss_tools(&tctx); if (ret != EOK) { DEBUG(1, ("init_sss_tools failed (%d): %s\n", ret, strerror(ret))); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { ERROR("Error initializing the tools\n"); } ret = EXIT_FAILURE; goto fini; } /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_username); if (ret != EOK) { ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } /* * Fills in defaults for ops_ctx user did not specify. */ ret = userdel_defaults(tctx, tctx->confdb, tctx->octx, pc_remove); if (ret != EOK) { ERROR("Cannot set default values\n"); ret = EXIT_FAILURE; goto fini; } ret = sysdb_getpwnam_sync(tctx, tctx->sysdb, tctx->octx->name, tctx->octx); if (ret != EOK) { /* Error message will be printed in the switch */ goto done; } if ((tctx->octx->uid < tctx->local->id_min) || (tctx->local->id_max && tctx->octx->uid > tctx->local->id_max)) { ERROR("User %1$s is outside the defined ID range for domain\n", tctx->octx->name); ret = EXIT_FAILURE; goto fini; } if (pc_kick) { ret = kick_user(tctx); if (ret != EOK) { tctx->error = ret; goto done; } } /* userdel */ ret = userdel(tctx, tctx->sysdb, tctx->octx); if (ret != EOK) { goto done; } /* Set SELinux login context - must be done after transaction is done * b/c libselinux calls getpwnam */ ret = del_seuser(tctx->octx->name); if (ret != EOK) { ERROR("Cannot reset SELinux login context\n"); ret = EXIT_FAILURE; goto fini; } if (!pc_kick) { ret = is_logged_in(tctx, tctx->octx->uid); switch(ret) { case ENOENT: break; case EOK: ERROR("WARNING: The user (uid %1$lu) was still logged in when " "deleted.\n", (unsigned long) tctx->octx->uid); break; case ENOSYS: ERROR("Cannot determine if the user was logged in on this " "platform"); break; default: ERROR("Error while checking if the user was logged in\n"); break; } } ret = run_userdel_cmd(tctx); if (ret != EOK) { ERROR("The post-delete command failed: %1$s\n", strerror(ret)); goto fini; } /* Delete user from memory cache */ ret = sss_mc_refresh_user(pc_username); if (ret != EOK) { ERROR("NSS request failed (%1$d). Entry might remain in memory " "cache.\n", ret); /* Nothing we can do about it */ } if (tctx->octx->remove_homedir) { ret = remove_homedir(tctx, tctx->octx->home, tctx->octx->maildir, tctx->octx->name, tctx->octx->uid, pc_force); if (ret == EPERM) { ERROR("Not removing home dir - not owned by user\n"); } else if (ret != EOK) { ERROR("Cannot remove homedir: %1$s\n", strerror(ret)); ret = EXIT_FAILURE; goto fini; } } ret = EOK; done: if (ret) { DEBUG(1, ("sysdb operation failed (%d)[%s]\n", ret, strerror(ret))); switch (ret) { case ENOENT: ERROR("No such user in local domain. " "Removing users only allowed in local domain.\n"); break; default: ERROR("Internal error. Could not remove user.\n"); break; } ret = EXIT_FAILURE; goto fini; } ret = EXIT_SUCCESS; fini: talloc_free(tctx); poptFreeContext(pc); exit(ret); } sssd-1.11.5/src/tools/PaxHeaders.13173/sss_groupdel.c0000644000000000000000000000007412320753107020357 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.744874884 sssd-1.11.5/src/tools/sss_groupdel.c0000664002412700241270000001005212320753107020577 0ustar00jhrozekjhrozek00000000000000/* SSSD sss_groupdel Copyright (C) Jakub Hrozek 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "db/sysdb.h" #include "util/util.h" #include "tools/tools_util.h" #include "tools/sss_sync_ops.h" int main(int argc, const char **argv) { int ret = EXIT_SUCCESS; int pc_debug = SSSDBG_DEFAULT; const char *pc_groupname = NULL; struct tools_ctx *tctx = NULL; poptContext pc = NULL; struct poptOption long_options[] = { POPT_AUTOHELP { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, _("The debug level to run with"), NULL }, POPT_TABLEEND }; debug_prg_name = argv[0]; ret = set_locale(); if (ret != EOK) { DEBUG(1, ("set_locale failed (%d): %s\n", ret, strerror(ret))); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; } /* parse ops_ctx */ pc = poptGetContext(NULL, argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "GROUPNAME"); if ((ret = poptGetNextOpt(pc)) < -1) { BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini); } DEBUG_INIT(pc_debug); pc_groupname = poptGetArg(pc); if (pc_groupname == NULL) { BAD_POPT_PARAMS(pc, _("Specify group to delete\n"), ret, fini); } CHECK_ROOT(ret, debug_prg_name); ret = init_sss_tools(&tctx); if (ret != EOK) { DEBUG(1, ("init_sss_tools failed (%d): %s\n", ret, strerror(ret))); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { ERROR("Error initializing the tools\n"); } ret = EXIT_FAILURE; goto fini; } /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_groupname); if (ret != EOK) { ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } ret = sysdb_getgrnam_sync(tctx, tctx->sysdb, tctx->octx->name, tctx->octx); if (ret != EOK) { /* Error message will be printed in the switch */ goto done; } if ((tctx->octx->gid < tctx->local->id_min) || (tctx->local->id_max && tctx->octx->gid > tctx->local->id_max)) { ERROR("Group %1$s is outside the defined ID range for domain\n", tctx->octx->name); ret = EXIT_FAILURE; goto fini; } /* groupdel */ ret = groupdel(tctx, tctx->sysdb, tctx->octx); if (ret != EOK) { goto done; } /* Delete group from memory cache */ ret = sss_mc_refresh_group(pc_groupname); if (ret != EOK) { ERROR("NSS request failed (%1$d). Entry might remain in memory " "cache.\n", ret); /* Nothing we can do about it */ } ret = EOK; done: if (ret) { DEBUG(1, ("sysdb operation failed (%d)[%s]\n", ret, strerror(ret))); switch (ret) { case ENOENT: ERROR("No such group in local domain. " "Removing groups only allowed in local domain.\n"); break; default: ERROR("Internal error. Could not remove group.\n"); break; } ret = EXIT_FAILURE; goto fini; } ret = EXIT_SUCCESS; fini: talloc_free(tctx); poptFreeContext(pc); exit(ret); } sssd-1.11.5/src/tools/PaxHeaders.13173/sss_obfuscate0000644000000000000000000000007412320753107020270 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.381875152 sssd-1.11.5/src/tools/sss_obfuscate0000664002412700241270000000727012320753107020520 0ustar00jhrozekjhrozek00000000000000#!/usr/bin/python import sys from optparse import OptionParser import pysss import SSSDConfig import getpass def parse_options(): parser = OptionParser() parser.set_description("sss_obfuscate converts a given password into \ human-unreadable format and places it into \ appropriate domain section of the SSSD config \ file. The password can be passed in by stdin, \ specified on the command-line or entered \ interactively") parser.add_option("-s", "--stdin", action="store_true", dest="stdin", default=False, help="Read the password from stdin.") parser.add_option("-d", "--domain", dest="domain", default=None, help="The domain to use the password in (mandatory)", metavar="DOMNAME") parser.add_option("-f", "--file", dest="filename", default=None, help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)", metavar="FILE") (options, args) = parser.parse_args() return options, args def main(): options, args = parse_options() if not options: print >> sys.stderr, "Cannot parse options" return 1 if not options.domain: print >> sys.stderr, "No domain specified" return 1 if not options.stdin: try: pprompt = lambda: (getpass.getpass("Enter password: "), getpass.getpass("Re-enter password: ")) p1, p2 = pprompt() #Work around bug in Python 2.6 if '\x03' in p1 or '\x03' in p2: raise KeyboardInterrupt while p1 != p2: print('Passwords do not match. Try again') p1, p2 = pprompt() #Work around bug in Python 2.6 if '\x03' in p1 or '\x03' in p2: raise KeyboardInterrupt password = p1 except EOFError: print >> sys.stderr, '\nUnexpected end-of-file. Password change aborted' return 1 except KeyboardInterrupt: return 1 else: try: password = sys.stdin.read() except KeyboardInterrupt: return 1 # Obfuscate the password obfobj = pysss.password() obfpwd = obfobj.encrypt(password, obfobj.AES_256) # Save the obfuscated password into the domain try: sssdconfig = SSSDConfig.SSSDConfig() except IOError: print "Cannot read internal configuration files." return 1 try: sssdconfig.import_config(options.filename) except IOError: print "Permissions error reading config file" return 1 try: domain = sssdconfig.get_domain(options.domain) except SSSDConfig.NoDomainError: print "No such domain %s" % options.domain return 1 try: domain.set_option('ldap_default_authtok_type', 'obfuscated_password') domain.set_option('ldap_default_authtok', obfpwd) except SSSDConfig.NoOptionError: print "The domain %s does not seem to support the required options" % \ options.domain return 1 sssdconfig.save_domain(domain) try: sssdconfig.write() except IOError: # File could not be written print >> sys.stderr, "Could not write to config file. Check that " \ "you have the appropriate permissions to edit " \ "this file." return 1 return 0 if __name__ == "__main__": ret = main() sys.exit(ret) sssd-1.11.5/src/tools/PaxHeaders.13173/tools_util.c0000644000000000000000000000007312320753107020042 xustar000000000000000030 atime=1396954939.276891423 29 ctime=1396954961.69687492 sssd-1.11.5/src/tools/tools_util.c0000664002412700241270000004017412320753107020273 0ustar00jhrozekjhrozek00000000000000/* SSSD tools_utils.c Copyright (C) Jakub Hrozek 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include "config.h" #include "util/util.h" #include "confdb/confdb.h" #include "db/sysdb.h" #include "tools/tools_util.h" #include "tools/sss_sync_ops.h" static int setup_db(struct tools_ctx *ctx) { char *confdb_path; int ret; confdb_path = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE); if (confdb_path == NULL) { return ENOMEM; } /* Connect to the conf db */ ret = confdb_init(ctx, &ctx->confdb, confdb_path); if (ret != EOK) { DEBUG(1, ("Could not initialize connection to the confdb\n")); return ret; } ret = sssd_domain_init(ctx, ctx->confdb, "local", DB_PATH, &ctx->local); if (ret != EOK) { SYSDB_VERSION_ERROR(ret); DEBUG(1, ("Could not initialize connection to the sysdb\n")); return ret; } ctx->sysdb = ctx->local->sysdb; talloc_free(confdb_path); return EOK; } /* * Print poptUsage as well as our error message */ void usage(poptContext pc, const char *error) { size_t lentmp; char nl[2] = ""; poptPrintUsage(pc, stderr, 0); if (error) { lentmp = strlen(error); if ((lentmp > 0) && (error[lentmp - 1] != '\n')) { nl[0]='\n'; nl[1]='\0'; } fprintf(stderr, "%s%s", error, nl); } } int parse_groups(TALLOC_CTX *mem_ctx, const char *optstr, char ***_out) { char **out; char *orig, *n, *o; char delim = ','; unsigned int tokens = 1; int i; orig = talloc_strdup(mem_ctx, optstr); if (!orig) return ENOMEM; n = orig; tokens = 1; while ((n = strchr(n, delim))) { n++; tokens++; } out = talloc_array(mem_ctx, char *, tokens+1); if (!out) { talloc_free(orig); return ENOMEM; } n = o = orig; for (i = 0; i < tokens; i++) { o = n; n = strchr(n, delim); if (!n) { break; } *n = '\0'; n++; out[i] = talloc_strdup(out, o); } out[tokens-1] = talloc_strdup(out, o); out[tokens] = NULL; talloc_free(orig); *_out = out; return EOK; } int parse_group_name_domain(struct tools_ctx *tctx, char **groups) { int i; int ret; char *name = NULL; char *domain = NULL; if (!groups) { return EOK; } for (i = 0; groups[i]; ++i) { ret = sss_parse_name(tctx, tctx->snctx, groups[i], &domain, &name); if (ret != EOK) { DEBUG(1, ("Invalid name in group list, skipping: [%s] (%d)\n", groups[i], ret)); continue; } /* If FQDN is specified, it must be within the same domain as user */ if (domain) { if (strcmp(domain, tctx->octx->domain->name) != 0) { return EINVAL; } /* Use only groupname */ talloc_zfree(groups[i]); groups[i] = talloc_strdup(tctx, name); if (groups[i] == NULL) { return ENOMEM; } } talloc_zfree(name); talloc_zfree(domain); } talloc_zfree(name); talloc_zfree(domain); return EOK; } int parse_name_domain(struct tools_ctx *tctx, const char *fullname) { int ret; char *domain = NULL; ret = sss_parse_name(tctx, tctx->snctx, fullname, &domain, &tctx->octx->name); if (ret != EOK) { DEBUG(0, ("Cannot parse full name\n")); return ret; } DEBUG(5, ("Parsed username: %s\n", tctx->octx->name)); if (domain) { DEBUG(5, ("Parsed domain: %s\n", domain)); /* only the local domain, whatever named is allowed in tools */ if (strcasecmp(domain, tctx->local->name) != 0) { DEBUG(1, ("Invalid domain %s specified in FQDN\n", domain)); return EINVAL; } } else { if (tctx->local->fqnames) { DEBUG(SSSDBG_CRIT_FAILURE, ("Name '%s' does not seem to be FQDN " "('%s = TRUE' is set)\n", fullname, CONFDB_DOMAIN_FQ)); ERROR("Name '%1$s' does not seem to be FQDN " "('%2$s = TRUE' is set)\n", fullname, CONFDB_DOMAIN_FQ); return EINVAL; } } return EOK; } int check_group_names(struct tools_ctx *tctx, char **grouplist, char **badgroup) { int ret; int i; struct ops_ctx *groupinfo; groupinfo = talloc_zero(tctx, struct ops_ctx); if (!groupinfo) { return ENOMEM; } groupinfo->domain = tctx->local; ret = EOK; for (i=0; grouplist[i]; ++i) { ret = sysdb_getgrnam_sync(tctx, tctx->sysdb, grouplist[i], groupinfo); if (ret) { DEBUG(6, ("Cannot find group %s, ret: %d\n", grouplist[i], ret)); break; } } talloc_zfree(groupinfo); *badgroup = grouplist[i]; return ret; } int id_in_range(uint32_t id, struct sss_domain_info *dom) { if (id && ((id < dom->id_min) || (dom->id_max && id > dom->id_max))) { return ERANGE; } return EOK; } int set_locale(void) { char *c; c = setlocale(LC_ALL, ""); if (c == NULL) { return EIO; } errno = 0; c = bindtextdomain(PACKAGE, LOCALEDIR); if (c == NULL) { return errno; } errno = 0; c = textdomain(PACKAGE); if (c == NULL) { return errno; } return EOK; } int init_sss_tools(struct tools_ctx **_tctx) { int ret; struct tools_ctx *tctx; tctx = talloc_zero(NULL, struct tools_ctx); if (tctx == NULL) { DEBUG(1, ("Could not allocate memory for tools context\n")); return ENOMEM; } /* Connect to the database */ ret = setup_db(tctx); if (ret != EOK) { DEBUG(1, ("Could not set up database\n")); goto fini; } ret = sss_names_init(tctx, tctx->confdb, tctx->local->name, &tctx->snctx); if (ret != EOK) { DEBUG(1, ("Could not set up parsing\n")); goto fini; } tctx->octx = talloc_zero(tctx, struct ops_ctx); if (!tctx->octx) { DEBUG(1, ("Could not allocate memory for data context\n")); ERROR("Out of memory\n"); ret = ENOMEM; goto fini; } tctx->octx->domain = tctx->local; *_tctx = tctx; ret = EOK; fini: if (ret != EOK) talloc_free(tctx); return ret; } /* * Check is path is owned by uid * returns 0 - owns * -1 - does not own * >0 - an error occured, error code */ static int is_owner(uid_t uid, const char *path) { struct stat statres; int ret; ret = stat(path, &statres); if (ret != 0) { ret = errno; DEBUG(1, ("Cannot stat %s: [%d][%s]\n", path, ret, strerror(ret))); return ret; } if (statres.st_uid == uid) { return EOK; } return -1; } static int remove_mail_spool(TALLOC_CTX *mem_ctx, const char *maildir, const char *username, uid_t uid, bool force) { int ret; char *spool_file; spool_file = talloc_asprintf(mem_ctx, "%s/%s", maildir, username); if (spool_file == NULL) { ret = ENOMEM; goto fail; } if (force == false) { /* Check the owner of the mail spool */ ret = is_owner(uid, spool_file); switch (ret) { case 0: break; case -1: DEBUG(SSSDBG_MINOR_FAILURE, ("%s not owned by %"SPRIuid", not removing\n", spool_file, uid)); ret = EACCES; /* FALLTHROUGH */ default: goto fail; } } ret = unlink(spool_file); if (ret != 0) { ret = errno; DEBUG(1, ("Cannot remove() the spool file %s: [%d][%s]\n", spool_file, ret, strerror(ret))); goto fail; } fail: talloc_free(spool_file); return ret; } int remove_homedir(TALLOC_CTX *mem_ctx, const char *homedir, const char *maildir, const char *username, uid_t uid, bool force) { int ret; ret = remove_mail_spool(mem_ctx, maildir, username, uid, force); if (ret != EOK) { DEBUG(1, ("Cannot remove user's mail spool\n")); /* Should this be fatal? I don't think so. Maybe convert to ERROR? */ } if (force == false && is_owner(uid, homedir) == -1) { DEBUG(1, ("Not removing home dir - not owned by user\n")); return EPERM; } /* Remove the tree */ ret = remove_tree(homedir); if (ret != EOK) { DEBUG(1, ("Cannot remove homedir %s: %d\n", homedir, ret)); return ret; } return EOK; } /* The reason for not putting this into create_homedir * is better granularity when it comes to reporting error * messages and tracebacks in pysss */ int create_mail_spool(TALLOC_CTX *mem_ctx, const char *username, const char *maildir, uid_t uid, gid_t gid) { char *spool_file = NULL; int fd = -1; int ret; spool_file = talloc_asprintf(mem_ctx, "%s/%s", maildir, username); if (spool_file == NULL) { ret = ENOMEM; goto fail; } selinux_file_context(spool_file); fd = open(spool_file, O_CREAT | O_WRONLY | O_EXCL, 0); if (fd < 0) { ret = errno; DEBUG(1, ("Cannot open() the spool file: [%d][%s]\n", ret, strerror(ret))); goto fail; } ret = fchmod(fd, 0600); if (ret != 0) { ret = errno; DEBUG(1, ("Cannot fchmod() the spool file: [%d][%s]\n", ret, strerror(ret))); goto fail; } ret = fchown(fd, uid, gid); if (ret != 0) { ret = errno; DEBUG(1, ("Cannot fchown() the spool file: [%d][%s]\n", ret, strerror(ret))); goto fail; } ret = fsync(fd); if (ret != 0) { ret = errno; DEBUG(1, ("Cannot fsync() the spool file: [%d][%s]\n", ret, strerror(ret))); } fail: if (fd >= 0) { ret = close(fd); if (ret != 0) { ret = errno; DEBUG(1, ("Cannot close() the spool file: [%d][%s]\n", ret, strerror(ret))); } } reset_selinux_file_context(); talloc_free(spool_file); return ret; } int create_homedir(const char *skeldir, const char *homedir, uid_t uid, gid_t gid, mode_t default_umask) { int ret; selinux_file_context(homedir); ret = copy_tree(skeldir, homedir, 0777 & ~default_umask, uid, gid); if (ret != EOK) { DEBUG(1, ("Cannot populate user's home directory: [%d][%s].\n", ret, strerror(ret))); goto done; } done: reset_selinux_file_context(); return ret; } int run_userdel_cmd(struct tools_ctx *tctx) { int ret, status; char *userdel_cmd = NULL; char *conf_path = NULL; pid_t pid, child_pid; conf_path = talloc_asprintf(tctx, CONFDB_DOMAIN_PATH_TMPL, tctx->local->name); if (!conf_path) { ret = ENOMEM; goto done; } ret = confdb_get_string(tctx->confdb, tctx, conf_path, CONFDB_LOCAL_USERDEL_CMD, NULL, &userdel_cmd); if (ret != EOK || !userdel_cmd) { goto done; } errno = 0; pid = fork(); if (pid == 0) { /* child */ execl(userdel_cmd, userdel_cmd, tctx->octx->name, (char *) NULL); exit(errno); } else { /* parent */ if (pid == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("fork failed [%d]: %s\n", ret, strerror(ret))); goto done; } while((child_pid = waitpid(pid, &status, 0)) > 0) { if (WIFEXITED(status)) { ret = WEXITSTATUS(status); if (ret != 0) { DEBUG(5, ("command [%s] returned nonzero status %d.\n", userdel_cmd, ret)); ret = EOK; /* Ignore return code of the command */ goto done; } } else if (WIFSIGNALED(status)) { DEBUG(5, ("command [%s] was terminated by signal %d.\n", userdel_cmd, WTERMSIG(status))); ret = EIO; goto done; } else if (WIFSTOPPED(status)) { DEBUG(5, ("command [%s] was stopped by signal %d.\n", userdel_cmd, WSTOPSIG(status))); continue; } else { DEBUG(1, ("Unknown status from WAITPID\n")); ret = EIO; goto done; } } if (child_pid == -1) { DEBUG(SSSDBG_CRIT_FAILURE, ("waitpid failed\n")); ret = errno; goto done; } } ret = EOK; done: talloc_free(userdel_cmd); talloc_free(conf_path); return ret; } static pid_t parse_pid(const char *strpid) { long value; char *endptr; errno = 0; value = strtol(strpid, &endptr, 10); if ((errno != 0) || (endptr == strpid) || ((*endptr != '\0') && (*endptr != '\n'))) { return 0; } return value; } static errno_t get_sssd_pid(pid_t *out_pid) { int ret; size_t fsize; FILE *pid_file = NULL; char pid_str[MAX_PID_LENGTH] = {'\0'}; *out_pid = 0; errno = 0; pid_file = fopen(SSSD_PIDFILE, "r"); if (pid_file == NULL) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to open pid file \"%s\": %s\n", SSSD_PIDFILE, strerror(ret))); goto done; } fsize = fread(pid_str, sizeof(char), MAX_PID_LENGTH * sizeof(char), pid_file); if (!feof(pid_file)) { /* eof not reached */ ret = ferror(pid_file); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to read from file \"%s\": %s\n", SSSD_PIDFILE, strerror(ret))); } else { DEBUG(SSSDBG_CRIT_FAILURE, ("File \"%s\" contains invalid pid.\n", SSSD_PIDFILE)); } goto done; } if (fsize == 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("File \"%s\" contains no pid.\n", SSSD_PIDFILE)); ret = EINVAL; goto done; } pid_str[MAX_PID_LENGTH-1] = '\0'; *out_pid = parse_pid(pid_str); if (*out_pid == 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("File \"%s\" contains invalid pid.\n", SSSD_PIDFILE)); ret = EINVAL; goto done; } ret = EOK; done: if (pid_file != NULL) { fclose(pid_file); } return ret; } errno_t signal_sssd(int signum) { int ret; pid_t pid; ret = get_sssd_pid(&pid); if (ret != EOK) { return ret; } if (kill(pid, signum) != 0) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Could not send signal %d to process %d: %s\n", signum, pid, strerror(errno))); return ret; } return EOK; } sssd-1.11.5/src/tools/PaxHeaders.13173/sss_groupmod.c0000644000000000000000000000007412320753107020372 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.745874883 sssd-1.11.5/src/tools/sss_groupmod.c0000664002412700241270000002063512320753107020622 0ustar00jhrozekjhrozek00000000000000/* SSSD sss_groupmod Copyright (C) Jakub Hrozek 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include "util/util.h" #include "db/sysdb.h" #include "tools/tools_util.h" #include "tools/sss_sync_ops.h" int main(int argc, const char **argv) { gid_t pc_gid = 0; int pc_debug = SSSDBG_DEFAULT; struct poptOption long_options[] = { POPT_AUTOHELP { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, _("The debug level to run with"), NULL }, { "append-group", 'a', POPT_ARG_STRING, NULL, 'a', _("Groups to add this group to"), NULL }, { "remove-group", 'r', POPT_ARG_STRING, NULL, 'r', _("Groups to remove this group from"), NULL }, { "gid", 'g', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_gid, 0, _("The GID of the group"), NULL }, POPT_TABLEEND }; poptContext pc = NULL; struct tools_ctx *tctx = NULL; char *addgroups = NULL, *rmgroups = NULL; int ret; errno_t sret; const char *pc_groupname = NULL; char *badgroup = NULL; bool in_transaction = false; debug_prg_name = argv[0]; ret = set_locale(); if (ret != EOK) { DEBUG(1, ("set_locale failed (%d): %s\n", ret, strerror(ret))); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; } /* parse parameters */ pc = poptGetContext(NULL, argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "GROUPNAME"); while ((ret = poptGetNextOpt(pc)) > 0) { switch (ret) { case 'a': addgroups = poptGetOptArg(pc); if (addgroups == NULL) { BAD_POPT_PARAMS(pc, _("Specify group to add to\n"), ret, fini); } break; case 'r': rmgroups = poptGetOptArg(pc); if (rmgroups == NULL) { BAD_POPT_PARAMS(pc, _("Specify group to remove from\n"), ret, fini); } break; } } if (ret != -1) { BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini); } /* groupname is an argument without --option */ pc_groupname = poptGetArg(pc); if (pc_groupname == NULL) { BAD_POPT_PARAMS(pc, _("Specify group to modify\n"), ret, fini); } DEBUG_INIT(pc_debug); CHECK_ROOT(ret, debug_prg_name); ret = init_sss_tools(&tctx); if (ret != EOK) { DEBUG(1, ("init_sss_tools failed (%d): %s\n", ret, strerror(ret))); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { ERROR("Error initializing the tools\n"); } ret = EXIT_FAILURE; goto fini; } ret = parse_name_domain(tctx, pc_groupname); if (ret != EOK) { ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } /* check the username to be able to give sensible error message */ ret = sysdb_getgrnam_sync(tctx, tctx->sysdb, tctx->octx->name, tctx->octx); if (ret != EOK) { ERROR("Cannot find group in local domain, " "modifying groups is allowed only in local domain\n"); ret = EXIT_FAILURE; goto fini; } tctx->octx->gid = pc_gid; if (addgroups) { ret = parse_groups(tctx, addgroups, &tctx->octx->addgroups); if (ret != EOK) { DEBUG(1, ("Cannot parse groups to add the group to\n")); ERROR("Internal error while parsing parameters\n"); ret = EXIT_FAILURE; goto fini; } ret = parse_group_name_domain(tctx, tctx->octx->addgroups); if (ret != EOK) { DEBUG(1, ("Cannot parse FQDN groups to add the group to\n")); ERROR("Member groups must be in the same domain as parent group\n"); ret = EXIT_FAILURE; goto fini; } /* Check group names in the LOCAL domain */ ret = check_group_names(tctx, tctx->octx->addgroups, &badgroup); if (ret != EOK) { ERROR("Cannot find group %1$s in local domain, " "only groups in local domain are allowed\n", badgroup); ret = EXIT_FAILURE; goto fini; } } if (rmgroups) { ret = parse_groups(tctx, rmgroups, &tctx->octx->rmgroups); if (ret != EOK) { DEBUG(1, ("Cannot parse groups to remove the group from\n")); ERROR("Internal error while parsing parameters\n"); ret = EXIT_FAILURE; goto fini; } ret = parse_group_name_domain(tctx, tctx->octx->rmgroups); if (ret != EOK) { DEBUG(1, ("Cannot parse FQDN groups to remove the group from\n")); ERROR("Member groups must be in the same domain as parent group\n"); ret = EXIT_FAILURE; goto fini; } /* Check group names in the LOCAL domain */ ret = check_group_names(tctx, tctx->octx->rmgroups, &badgroup); if (ret != EOK) { ERROR("Cannot find group %1$s in local domain, " "only groups in local domain are allowed\n", badgroup); ret = EXIT_FAILURE; goto fini; } } if (id_in_range(tctx->octx->gid, tctx->octx->domain) != EOK) { ERROR("The selected GID is outside the allowed range\n"); ret = EXIT_FAILURE; goto fini; } tctx->error = sysdb_transaction_start(tctx->sysdb); if (tctx->error != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; /* groupmod */ tctx->error = groupmod(tctx, tctx->sysdb, tctx->octx); if (tctx->error) { goto done; } tctx->error = sysdb_transaction_commit(tctx->sysdb); if (tctx->error != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; ret = sss_mc_refresh_group(pc_groupname); if (ret != EOK) { ERROR("NSS request failed (%1$d). Entry might remain in memory " "cache.\n", ret); /* Nothing we can do about it */ } ret = sss_mc_refresh_grouplist(tctx, tctx->octx->addgroups); if (ret != EOK) { ERROR("NSS request failed (%1$d). Entry might remain in memory " "cache.\n", ret); /* Nothing we can do about it */ } ret = sss_mc_refresh_grouplist(tctx, tctx->octx->rmgroups); if (ret != EOK) { ERROR("NSS request failed (%1$d). Entry might remain in memory " "cache.\n", ret); /* Nothing we can do about it */ } done: if (in_transaction) { sret = sysdb_transaction_cancel(tctx->sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } if (tctx->error) { ret = tctx->error; DEBUG(1, ("sysdb operation failed (%d)[%s]\n", ret, strerror(ret))); switch (ret) { case ENOENT: ERROR("Could not modify group - check if member group names are correct\n"); break; case EFAULT: ERROR("Could not modify group - check if groupname is correct\n"); break; default: ERROR("Transaction error. Could not modify group.\n"); break; } ret = EXIT_FAILURE; goto fini; } ret = EXIT_SUCCESS; fini: free(addgroups); free(rmgroups); poptFreeContext(pc); talloc_free(tctx); exit(ret); } sssd-1.11.5/src/tools/PaxHeaders.13173/files.c0000644000000000000000000000007412320753107016750 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.697874919 sssd-1.11.5/src/tools/files.c0000664002412700241270000005064612320753107017205 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* * This file incorporates work covered by the following copyright and * permission notice: * * Copyright (c) 1991 - 1994, Julianne Frances Haugh * Copyright (c) 1996 - 2001, Marek Michałkiewicz * Copyright (c) 2003 - 2006, Tomasz Kłoczko * Copyright (c) 2007 - 2008, Nicolas François * * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the copyright holders or contributors may not be used to * endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "config.h" #include #include #include #include #include #include #include #include "util/util.h" #include "tools/tools_util.h" struct copy_ctx { const char *src_orig; const char *dst_orig; dev_t src_dev; uid_t uid; gid_t gid; }; static int sss_timeat_set(int dir_fd, const char *path, const struct stat *statp, int flags) { int ret; #ifdef HAVE_UTIMENSAT struct timespec timebuf[2]; timebuf[0] = statp->st_atim; timebuf[1] = statp->st_mtim; ret = utimensat(dir_fd, path, timebuf, flags); #else struct timeval tv[2]; tv[0].tv_sec = statp->st_atime; tv[0].tv_usec = 0; tv[1].tv_sec = statp->st_mtime; tv[1].tv_usec = 0; ret = futimesat(dir_fd, path, tv); #endif if (ret == -1) { return errno; } return EOK; } static int sss_futime_set(int fd, const struct stat *statp) { int ret; #ifdef HAVE_FUTIMENS struct timespec timebuf[2]; timebuf[0] = statp->st_atim; timebuf[1] = statp->st_mtim; ret = futimens(fd, timebuf); #else struct timeval tv[2]; tv[0].tv_sec = statp->st_atime; tv[0].tv_usec = 0; tv[1].tv_sec = statp->st_mtime; tv[1].tv_usec = 0; ret = futimes(fd, tv); #endif if (ret == -1) { return errno; } return EOK; } /* wrapper in order not to create a temporary context in * every iteration */ static int remove_tree_with_ctx(TALLOC_CTX *mem_ctx, int parent_fd, const char *dir_name, dev_t parent_dev); int remove_tree(const char *root) { TALLOC_CTX *tmp_ctx = NULL; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = remove_tree_with_ctx(tmp_ctx, AT_FDCWD, root, 0); talloc_free(tmp_ctx); return ret; } /* * The context is not freed in case of error * because this is a recursive function, will be freed when we * reach the top level remove_tree() again */ static int remove_tree_with_ctx(TALLOC_CTX *mem_ctx, int parent_fd, const char *dir_name, dev_t parent_dev) { struct dirent *result; struct stat statres; DIR *rootdir = NULL; int ret, err; int dir_fd; dir_fd = sss_openat_cloexec(parent_fd, dir_name, O_RDONLY | O_DIRECTORY | O_NOFOLLOW, &ret); if (dir_fd == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot open %s: [%d]: %s\n", dir_name, ret, strerror(ret))); return ret; } rootdir = fdopendir(dir_fd); if (rootdir == NULL) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot open directory: [%d][%s]\n", ret, strerror(ret))); close(dir_fd); goto fail; } while ((result = readdir(rootdir)) != NULL) { if (strcmp(result->d_name, ".") == 0 || strcmp(result->d_name, "..") == 0) { continue; } ret = fstatat(dir_fd, result->d_name, &statres, AT_SYMLINK_NOFOLLOW); if (ret != 0) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("stat failed: [%d][%s]\n", ret, strerror(ret))); goto fail; } if (S_ISDIR(statres.st_mode)) { /* if directory, recursively descend, but check if on the same FS */ if (parent_dev && parent_dev != statres.st_dev) { DEBUG(SSSDBG_CRIT_FAILURE, ("Directory %s is on different filesystem, " "will not follow\n", result->d_name)); ret = EFAULT; goto fail; } ret = remove_tree_with_ctx(mem_ctx, dir_fd, result->d_name, statres.st_dev); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Removing subdirectory failed: [%d][%s]\n", ret, strerror(ret))); goto fail; } } else { ret = unlinkat(dir_fd, result->d_name, 0); if (ret != 0) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Removing file failed: [%d][%s]\n", ret, strerror(ret))); goto fail; } } } ret = closedir(rootdir); rootdir = NULL; if (ret != 0) { ret = errno; goto fail; } ret = unlinkat(parent_fd, dir_name, AT_REMOVEDIR); if (ret == -1) { ret = errno; } ret = EOK; fail: if (rootdir) { /* clean up on abnormal exit but retain return code */ err = closedir(rootdir); if (err) { DEBUG(SSSDBG_CRIT_FAILURE, ("closedir failed, bad dirp?\n")); } } return ret; } static char *talloc_readlinkat(TALLOC_CTX *mem_ctx, int dir_fd, const char *filename) { size_t size = 1024; ssize_t nchars; char *buffer; char *new_buffer; buffer = talloc_array(mem_ctx, char, size); if (!buffer) { return NULL; } while (1) { nchars = readlinkat(dir_fd, filename, buffer, size); if (nchars < 0) { talloc_free(buffer); return NULL; } if ((size_t) nchars < size) { /* The buffer was large enough */ break; } /* Try again with a bigger buffer */ size *= 2; new_buffer = talloc_realloc(mem_ctx, buffer, char, size); if (!new_buffer) { talloc_free(buffer); return NULL; } buffer = new_buffer; } /* readlink does not nul-terminate */ buffer[nchars] = '\0'; return buffer; } static int copy_symlink(int src_dir_fd, int dst_dir_fd, const char *file_name, const char *full_path, const struct stat *statp, uid_t uid, gid_t gid) { char *buf; errno_t ret; buf = talloc_readlinkat(NULL, src_dir_fd, file_name); if (!buf) { return ENOMEM; } ret = selinux_file_context(full_path); if (ret != 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to set SELinux context for [%s]\n", full_path)); /* Not fatal */ } ret = symlinkat(buf, dst_dir_fd, file_name); talloc_free(buf); if (ret == -1) { ret = errno; if (ret == EEXIST) { DEBUG(SSSDBG_MINOR_FAILURE, ("symlink pointing to already exists at '%s'\n", full_path)); return EOK; } DEBUG(SSSDBG_CRIT_FAILURE, ("symlinkat failed: %s\n", strerror(ret))); return ret; } ret = fchownat(dst_dir_fd, file_name, uid, gid, AT_SYMLINK_NOFOLLOW); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("fchownat failed: %s\n", strerror(ret))); return ret; } ret = sss_timeat_set(dst_dir_fd, file_name, statp, AT_SYMLINK_NOFOLLOW); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("utimensat failed [%d]: %s\n", ret, strerror(ret))); /* Do not fail */ } return EOK; } /* Copy bytes from input file descriptor ifd into file named * dst_named under directory with dest_dir_fd. Own the new file * by uid/gid */ static int copy_file(int ifd, int dest_dir_fd, const char *file_name, const char *full_path, const struct stat *statp, uid_t uid, gid_t gid) { int ofd = -1; errno_t ret; char buf[1024]; ssize_t cnt, written; ret = selinux_file_context(full_path); if (ret != 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to set SELinux context for [%s]\n", full_path)); /* Not fatal */ } /* Start with absolutely restrictive permissions */ ofd = openat(dest_dir_fd, file_name, O_EXCL | O_CREAT | O_WRONLY | O_NOFOLLOW, 0); if (ofd < 0 && errno != EEXIST) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("Cannot open() destination file '%s': [%d][%s].\n", full_path, ret, strerror(ret))); goto done; } while ((cnt = sss_atomic_read_s(ifd, buf, sizeof(buf))) != 0) { if (cnt == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot read() from source file: [%d][%s].\n", ret, strerror(ret))); goto done; } errno = 0; written = sss_atomic_write_s(ofd, buf, cnt); if (written == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot write() to destination file: [%d][%s].\n", ret, strerror(ret))); goto done; } if (written != cnt) { DEBUG(SSSDBG_CRIT_FAILURE, ("Wrote %zd bytes, expected %zd\n", written, cnt)); goto done; } } /* Set the ownership; permissions are still * restrictive. */ ret = fchown(ofd, uid, gid); if (ret == -1 && errno != EPERM) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("Error changing owner of '%s': %s\n", full_path, strerror(ret))); goto done; } /* Set the desired mode. */ ret = fchmod(ofd, statp->st_mode); if (ret == -1) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("Error changing owner of '%s': %s\n", full_path, strerror(ret))); goto done; } ret = sss_futime_set(ofd, statp); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("sss_futime_set failed [%d]: %s\n", ret, strerror(ret))); /* Do not fail */ } close(ofd); ofd = -1; ret = EOK; done: if (ofd != -1) close(ofd); return ret; } static errno_t copy_dir(struct copy_ctx *cctx, int src_dir_fd, const char *src_dir_path, int dest_parent_fd, const char *dest_dir_name, const char *dest_dir_path, mode_t mode, const struct stat *src_dir_stat); static errno_t copy_entry(struct copy_ctx *cctx, int src_dir_fd, const char *src_dir_path, int dest_dir_fd, const char *dest_dir_path, const char *ent_name) { char *src_ent_path = NULL; char *dest_ent_path = NULL; int ifd = -1; errno_t ret; struct stat st; /* Build the path of the source file or directory and its * corresponding member in the new tree. */ src_ent_path = talloc_asprintf(cctx, "%s/%s", src_dir_path, ent_name); dest_ent_path = talloc_asprintf(cctx, "%s/%s", dest_dir_path, ent_name); if (!src_ent_path || !dest_ent_path) { ret = ENOMEM; goto done; } /* Open the input entry first, then we can fstat() it and be * certain that it is still the same file. O_NONBLOCK protects * us against FIFOs and perhaps side-effects of the open() of a * device file if there ever was one here, and doesn't matter * for regular files or directories. */ ifd = sss_openat_cloexec(src_dir_fd, ent_name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK, &ret); if (ifd == -1 && ret != ELOOP) { /* openat error */ DEBUG(SSSDBG_CRIT_FAILURE, ("openat failed on '%s': %s\n", src_ent_path, strerror(ret))); goto done; } else if (ifd == -1 && ret == ELOOP) { /* Should be a symlink.. */ ret = fstatat(src_dir_fd, ent_name, &st, AT_SYMLINK_NOFOLLOW); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("fstatat failed on '%s': %s\n", src_ent_path, strerror(ret))); goto done; } /* Handle symlinks */ ret = copy_symlink(src_dir_fd, dest_dir_fd, ent_name, dest_ent_path, &st, cctx->uid, cctx->gid); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot copy '%s' to '%s'\n", src_ent_path, dest_ent_path)); } goto done; } ret = fstat(ifd, &st); if (ret != 0) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("couldn't stat '%s': %s", src_ent_path, strerror(ret))); goto done; } if (S_ISDIR(st.st_mode)) { /* If it's a directory, descend into it. */ ret = copy_dir(cctx, ifd, src_ent_path, dest_dir_fd, ent_name, dest_ent_path, st.st_mode & 07777, &st); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Couldn't recursively copy '%s' to '%s': %s\n", src_ent_path, dest_ent_path, strerror(ret))); goto done; } } else if (S_ISREG(st.st_mode)) { /* Copy a regular file */ ret = copy_file(ifd, dest_dir_fd, ent_name, dest_ent_path, &st, cctx->uid, cctx->gid); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot copy '%s' to '%s'\n", src_ent_path, dest_ent_path)); goto done; } } else { /* Is a special file */ DEBUG(SSSDBG_FUNC_DATA, ("'%s' is a special file, skipping.\n", src_ent_path)); } ret = EOK; done: talloc_free(src_ent_path); talloc_free(dest_ent_path); if (ifd != -1) close(ifd); return ret; } static errno_t copy_dir(struct copy_ctx *cctx, int src_dir_fd, const char *src_dir_path, int dest_parent_fd, const char *dest_dir_name, const char *dest_dir_path, mode_t mode, const struct stat *src_dir_stat) { errno_t ret; errno_t dret; int dest_dir_fd = -1; DIR *dir = NULL; struct dirent *ent; if (!dest_dir_path) { return EINVAL; } dir = fdopendir(src_dir_fd); if (dir == NULL) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Error reading '%s': %s", src_dir_path, strerror(ret))); goto done; } /* Create the directory. It starts owned by us (presumbaly root), with * fairly restrictive permissions that still allow us to use the * directory. * */ errno = 0; ret = mkdirat(dest_parent_fd, dest_dir_name, S_IRWXU); if (ret == -1 && errno != EEXIST) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Error reading '%s': %s", dest_dir_path, strerror(ret))); goto done; } dest_dir_fd = sss_openat_cloexec(dest_parent_fd, dest_dir_name, O_RDONLY | O_DIRECTORY | O_NOFOLLOW, &ret); if (dest_dir_fd == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Error opening '%s': %s", dest_dir_path, strerror(ret))); goto done; } while ((ent = readdir(dir)) != NULL) { /* Iterate through each item in the directory. */ /* Skip over self and parent hard links. */ if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) { continue; } ret = copy_entry(cctx, src_dir_fd, src_dir_path, dest_dir_fd, dest_dir_path, ent->d_name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not copy [%s] to [%s]\n", src_dir_path, dest_dir_path)); goto done; } } /* Set the ownership on the directory. Permissions are still * fairly restrictive. */ ret = fchown(dest_dir_fd, cctx->uid, cctx->gid); if (ret == -1 && errno != EPERM) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("Error changing owner of '%s': %s", dest_dir_path, strerror(ret))); goto done; } /* Set the desired mode. Do this explicitly to preserve S_ISGID and * other bits. Do this after chown, because chown is permitted to * reset these bits. */ ret = fchmod(dest_dir_fd, mode); if (ret == -1) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("Error setting mode of '%s': %s", dest_dir_path, strerror(ret))); goto done; } sss_futime_set(dest_dir_fd, src_dir_stat); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("sss_futime_set failed [%d]: %s\n", ret, strerror(ret))); /* Do not fail */ } ret = EOK; done: if (dir) { dret = closedir(dir); if (dret != 0) { dret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to close directory: %s.\n", strerror(dret))); } } if (dest_dir_fd != -1) { close(dest_dir_fd); } return ret; } /* NOTE: * For several reasons, including the fact that we copy even special files * (pipes, etc) from the skeleton directory, the skeldir needs to be trusted */ int copy_tree(const char *src_root, const char *dst_root, mode_t mode_root, uid_t uid, gid_t gid) { int ret = EOK; struct copy_ctx *cctx = NULL; int fd = -1; struct stat s_src; fd = sss_open_cloexec(src_root, O_RDONLY | O_DIRECTORY, &ret); if (fd == -1) { goto fail; } ret = fstat(fd, &s_src); if (ret == -1) { ret = errno; goto fail; } cctx = talloc_zero(NULL, struct copy_ctx); if (!cctx) { ret = ENOMEM; goto fail; } cctx->src_orig = src_root; cctx->dst_orig = dst_root; cctx->src_dev = s_src.st_dev; cctx->uid = uid; cctx->gid = gid; ret = copy_dir(cctx, fd, src_root, AT_FDCWD, dst_root, dst_root, mode_root, &s_src); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("copy_dir failed: [%d][%s]\n", ret, strerror(ret))); goto fail; } fail: if (fd != -1) close(fd); reset_selinux_file_context(); talloc_free(cctx); return ret; } sssd-1.11.5/src/tools/PaxHeaders.13173/sss_useradd.c0000644000000000000000000000007412320753107020165 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.753874878 sssd-1.11.5/src/tools/sss_useradd.c0000664002412700241270000002247312320753107020417 0ustar00jhrozekjhrozek00000000000000/* SSSD sss_useradd Copyright (C) Jakub Hrozek 2009 Copyright (C) Simo Sorce 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include "util/util.h" #include "db/sysdb.h" #include "tools/tools_util.h" #include "tools/sss_sync_ops.h" int main(int argc, const char **argv) { uid_t pc_uid = 0; const char *pc_gecos = NULL; const char *pc_home = NULL; char *pc_shell = NULL; int pc_debug = SSSDBG_DEFAULT; int pc_create_home = 0; const char *pc_username = NULL; const char *pc_skeldir = NULL; const char *pc_selinux_user = NULL; struct poptOption long_options[] = { POPT_AUTOHELP { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, _("The debug level to run with"), NULL }, { "uid", 'u', POPT_ARG_INT, &pc_uid, 0, _("The UID of the user"), NULL }, { "gecos", 'c', POPT_ARG_STRING, &pc_gecos, 0, _("The comment string"), NULL }, { "home", 'h', POPT_ARG_STRING, &pc_home, 0, _("Home directory"), NULL }, { "shell", 's', POPT_ARG_STRING, &pc_shell, 0, _("Login shell"), NULL }, { "groups", 'G', POPT_ARG_STRING, NULL, 'G', _("Groups"), NULL }, { "create-home", 'm', POPT_ARG_NONE, NULL, 'm', _("Create user's directory if it does not exist"), NULL }, { "no-create-home", 'M', POPT_ARG_NONE, NULL, 'M', _("Never create user's directory, overrides config"), NULL }, { "skel", 'k', POPT_ARG_STRING, &pc_skeldir, 0, _("Specify an alternative skeleton directory"), NULL }, { "selinux-user", 'Z', POPT_ARG_STRING, &pc_selinux_user, 0, _("The SELinux user for user's login"), NULL }, POPT_TABLEEND }; poptContext pc = NULL; struct tools_ctx *tctx = NULL; char *groups = NULL; char *badgroup = NULL; int ret; errno_t sret; bool in_transaction = false; debug_prg_name = argv[0]; ret = set_locale(); if (ret != EOK) { DEBUG(1, ("set_locale failed (%d): %s\n", ret, strerror(ret))); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; } /* parse parameters */ pc = poptGetContext(NULL, argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "USERNAME"); while ((ret = poptGetNextOpt(pc)) > 0) { switch (ret) { case 'G': groups = poptGetOptArg(pc); if (!groups) { BAD_POPT_PARAMS(pc, _("Specify group to add to\n"), ret, fini); } break; case 'm': pc_create_home = DO_CREATE_HOME; break; case 'M': pc_create_home = DO_NOT_CREATE_HOME; break; } } DEBUG_INIT(pc_debug); if (ret != -1) { BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini); } /* username is an argument without --option */ pc_username = poptGetArg(pc); if (pc_username == NULL) { BAD_POPT_PARAMS(pc, _("Specify user to add\n"), ret, fini); } CHECK_ROOT(ret, debug_prg_name); ret = init_sss_tools(&tctx); if (ret != EOK) { DEBUG(1, ("init_sss_tools failed (%d): %s\n", ret, strerror(ret))); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { ERROR("Error initializing the tools\n"); } ret = EXIT_FAILURE; goto fini; } /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_username); if (ret != EOK) { ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } if (groups) { ret = parse_groups(tctx, groups, &tctx->octx->addgroups); if (ret != EOK) { DEBUG(1, ("Cannot parse groups to add the user to\n")); ERROR("Internal error while parsing parameters\n"); ret = EXIT_FAILURE; goto fini; } ret = parse_group_name_domain(tctx, tctx->octx->addgroups); if (ret != EOK) { DEBUG(1, ("Cannot parse FQDN groups to add the user to\n")); ERROR("Groups must be in the same domain as user\n"); ret = EXIT_FAILURE; goto fini; } /* Check group names in the LOCAL domain */ ret = check_group_names(tctx, tctx->octx->addgroups, &badgroup); if (ret != EOK) { ERROR("Cannot find group %1$s in local domain\n", badgroup); ret = EXIT_FAILURE; goto fini; } } tctx->octx->uid = pc_uid; /* * Fills in defaults for ops_ctx user did not specify. */ ret = useradd_defaults(tctx, tctx->confdb, tctx->octx, pc_gecos, pc_home, pc_shell, pc_create_home, pc_skeldir); if (ret != EOK) { ERROR("Cannot set default values\n"); ret = EXIT_FAILURE; goto fini; } /* arguments processed, go on to actual work */ if (id_in_range(tctx->octx->uid, tctx->octx->domain) != EOK) { ERROR("The selected UID is outside the allowed range\n"); ret = EXIT_FAILURE; goto fini; } tctx->error = sysdb_transaction_start(tctx->sysdb); if (tctx->error != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; /* useradd */ tctx->error = useradd(tctx, tctx->sysdb, tctx->octx); if (tctx->error) { goto done; } tctx->error = sysdb_transaction_commit(tctx->sysdb); if (tctx->error) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; /* Set SELinux login context - must be done after transaction is done * b/c libselinux calls getpwnam */ ret = set_seuser(tctx->octx->name, pc_selinux_user); if (ret != EOK) { ERROR("Cannot set SELinux login context\n"); ret = EXIT_FAILURE; goto fini; } /* Create user's home directory and/or mail spool */ if (tctx->octx->create_homedir) { /* We need to know the UID of the user, if * sysdb did assign it automatically, do a lookup */ if (tctx->octx->uid == 0) { ret = sysdb_getpwnam_sync(tctx, tctx->sysdb, tctx->octx->name, tctx->octx); if (ret != EOK) { ERROR("Cannot get info about the user\n"); ret = EXIT_FAILURE; goto fini; } } ret = create_homedir(tctx->octx->skeldir, tctx->octx->home, tctx->octx->uid, tctx->octx->gid, tctx->octx->umask); if (ret == EEXIST) { ERROR("User's home directory already exists, not copying " "data from skeldir\n"); } else if (ret != EOK) { ERROR("Cannot create user's home directory: %1$s\n", strerror(ret)); ret = EXIT_FAILURE; goto fini; } ret = create_mail_spool(tctx, tctx->octx->name, tctx->octx->maildir, tctx->octx->uid, tctx->octx->gid); if (ret != EOK) { ERROR("Cannot create user's mail spool: %1$s\n", strerror(ret)); DEBUG(1, ("Cannot create user's mail spool: [%d][%s].\n", ret, strerror(ret))); ret = EXIT_FAILURE; goto fini; } } done: if (in_transaction) { sret = sysdb_transaction_cancel(tctx->sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } if (tctx->error) { switch (tctx->error) { case ERANGE: ERROR("Could not allocate ID for the user - domain full?\n"); break; case EEXIST: ERROR("A user or group with the same name or ID already exists\n"); break; default: DEBUG(1, ("sysdb operation failed (%d)[%s]\n", tctx->error, strerror(tctx->error))); ERROR("Transaction error. Could not add user.\n"); break; } ret = EXIT_FAILURE; goto fini; } ret = EXIT_SUCCESS; fini: poptFreeContext(pc); talloc_free(tctx); free(groups); exit(ret); } sssd-1.11.5/src/tools/PaxHeaders.13173/sss_usermod.c0000644000000000000000000000007412320753107020214 xustar000000000000000030 atime=1396954939.276891423 30 ctime=1396954961.755874876 sssd-1.11.5/src/tools/sss_usermod.c0000664002412700241270000002320412320753107020437 0ustar00jhrozekjhrozek00000000000000/* SSSD sss_usermod Copyright (C) Jakub Hrozek 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include "util/util.h" #include "db/sysdb.h" #include "tools/tools_util.h" #include "tools/sss_sync_ops.h" int main(int argc, const char **argv) { int pc_lock = 0; uid_t pc_uid = 0; gid_t pc_gid = 0; char *pc_gecos = NULL; char *pc_home = NULL; char *pc_shell = NULL; int pc_debug = SSSDBG_DEFAULT; const char *pc_selinux_user = NULL; struct poptOption long_options[] = { POPT_AUTOHELP { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, _("The debug level to run with"), NULL }, { "uid", 'u', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_uid, 0, _("The UID of the user"), NULL }, { "gid", 'g', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_gid, 0, _("The GID of the user"), NULL }, { "gecos", 'c', POPT_ARG_STRING, &pc_gecos, 0, _("The comment string"), NULL }, { "home", 'h', POPT_ARG_STRING, &pc_home, 0, _("Home directory"), NULL }, { "shell", 's', POPT_ARG_STRING, &pc_shell, 0, _("Login shell"), NULL }, { "append-group", 'a', POPT_ARG_STRING, NULL, 'a', _("Groups to add this user to"), NULL }, { "remove-group", 'r', POPT_ARG_STRING, NULL, 'r', _("Groups to remove this user from"), NULL }, { "lock", 'L', POPT_ARG_NONE, NULL, 'L', _("Lock the account"), NULL }, { "unlock", 'U', POPT_ARG_NONE, NULL, 'U', _("Unlock the account"), NULL }, { "selinux-user", 'Z', POPT_ARG_STRING, &pc_selinux_user, 0, _("The SELinux user for user's login"), NULL }, POPT_TABLEEND }; poptContext pc = NULL; char *addgroups = NULL, *rmgroups = NULL; int ret; errno_t sret; const char *pc_username = NULL; struct tools_ctx *tctx = NULL; char *badgroup = NULL; bool in_transaction = false; debug_prg_name = argv[0]; ret = set_locale(); if (ret != EOK) { DEBUG(1, ("set_locale failed (%d): %s\n", ret, strerror(ret))); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; } /* parse parameters */ pc = poptGetContext(NULL, argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "USERNAME"); while ((ret = poptGetNextOpt(pc)) > 0) { switch (ret) { case 'a': addgroups = poptGetOptArg(pc); if (addgroups == NULL) { BAD_POPT_PARAMS(pc, _("Specify group to add to\n"), ret, fini); } break; case 'r': rmgroups = poptGetOptArg(pc); if (rmgroups == NULL) { BAD_POPT_PARAMS(pc, _("Specify group to remove from\n"), ret, fini); } break; case 'L': pc_lock = DO_LOCK; break; case 'U': pc_lock = DO_UNLOCK; break; } } if (ret != -1) { BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini); } DEBUG_INIT(pc_debug); /* username is an argument without --option */ pc_username = poptGetArg(pc); if (pc_username == NULL) { BAD_POPT_PARAMS(pc, _("Specify user to modify\n"), ret, fini); } CHECK_ROOT(ret, debug_prg_name); ret = init_sss_tools(&tctx); if (ret != EOK) { DEBUG(1, ("init_sss_tools failed (%d): %s\n", ret, strerror(ret))); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { ERROR("Error initializing the tools\n"); } ret = EXIT_FAILURE; goto fini; } /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_username); if (ret != EOK) { ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } /* check the username to be able to give sensible error message */ ret = sysdb_getpwnam_sync(tctx, tctx->sysdb, tctx->octx->name, tctx->octx); if (ret != EOK) { ERROR("Cannot find user in local domain, " "modifying users is allowed only in local domain\n"); ret = EXIT_FAILURE; goto fini; } if (id_in_range(tctx->octx->uid, tctx->octx->domain) != EOK) { ERROR("The selected UID is outside the allowed range\n"); ret = EXIT_FAILURE; goto fini; } if (addgroups) { ret = parse_groups(tctx, addgroups, &tctx->octx->addgroups); if (ret != EOK) { DEBUG(1, ("Cannot parse groups to add the user to\n")); ERROR("Internal error while parsing parameters\n"); ret = EXIT_FAILURE; goto fini; } ret = parse_group_name_domain(tctx, tctx->octx->addgroups); if (ret != EOK) { DEBUG(1, ("Cannot parse FQDN groups to add the user to\n")); ERROR("Groups must be in the same domain as user\n"); ret = EXIT_FAILURE; goto fini; } /* Check group names in the LOCAL domain */ ret = check_group_names(tctx, tctx->octx->addgroups, &badgroup); if (ret != EOK) { ERROR("Cannot find group %1$s in local domain, " "only groups in local domain are allowed\n", badgroup); ret = EXIT_FAILURE; goto fini; } } if (rmgroups) { ret = parse_groups(tctx, rmgroups, &tctx->octx->rmgroups); if (ret != EOK) { DEBUG(1, ("Cannot parse groups to remove the user from\n")); ERROR("Internal error while parsing parameters\n"); ret = EXIT_FAILURE; goto fini; } ret = parse_group_name_domain(tctx, tctx->octx->rmgroups); if (ret != EOK) { DEBUG(1, ("Cannot parse FQDN groups to remove the user from\n")); ERROR("Groups must be in the same domain as user\n"); ret = EXIT_FAILURE; goto fini; } /* Check group names in the LOCAL domain */ ret = check_group_names(tctx, tctx->octx->rmgroups, &badgroup); if (ret != EOK) { ERROR("Cannot find group %1$s in local domain, " "only groups in local domain are allowed\n", badgroup); ret = EXIT_FAILURE; goto fini; } } tctx->octx->gecos = pc_gecos; tctx->octx->home = pc_home; tctx->octx->shell = pc_shell; tctx->octx->uid = pc_uid; tctx->octx->gid = pc_gid; tctx->octx->lock = pc_lock; tctx->error = sysdb_transaction_start(tctx->sysdb); if (tctx->error != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; /* usermod */ tctx->error = usermod(tctx, tctx->sysdb, tctx->octx); if (tctx->error) { goto done; } tctx->error = sysdb_transaction_commit(tctx->sysdb); if (tctx->error) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; ret = sss_mc_refresh_user(pc_username); if (ret != EOK) { ERROR("NSS request failed (%1$d). Entry might remain in memory " "cache.\n", ret); /* Nothing we can do about it */ } ret = sss_mc_refresh_grouplist(tctx, tctx->octx->addgroups); if (ret != EOK) { ERROR("NSS request failed (%1$d). Entry might remain in memory " "cache.\n", ret); /* Nothing we can do about it */ } ret = sss_mc_refresh_grouplist(tctx, tctx->octx->rmgroups); if (ret != EOK) { ERROR("NSS request failed (%1$d). Entry might remain in memory " "cache.\n", ret); /* Nothing we can do about it */ } /* Set SELinux login context - must be done after transaction is done * b/c libselinux calls getpwnam */ ret = set_seuser(tctx->octx->name, pc_selinux_user); if (ret != EOK) { ERROR("Cannot set SELinux login context\n"); ret = EXIT_FAILURE; goto fini; } done: if (in_transaction) { sret = sysdb_transaction_cancel(tctx->sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } if (tctx->error) { ret = tctx->error; switch (ret) { case ENOENT: ERROR("Could not modify user - check if group names are correct\n"); break; case EFAULT: ERROR("Could not modify user - user already member of groups?\n"); break; default: ERROR("Transaction error. Could not modify user.\n"); break; } ret = EXIT_FAILURE; goto fini; } ret = EXIT_SUCCESS; fini: free(addgroups); free(rmgroups); poptFreeContext(pc); talloc_free(tctx); exit(ret); } sssd-1.11.5/src/tools/PaxHeaders.13173/sss_debuglevel.c0000644000000000000000000000007412320753107020654 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.742874886 sssd-1.11.5/src/tools/sss_debuglevel.c0000664002412700241270000002217512320753107021105 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include #include #include "config.h" #include "ldb.h" #include "util/util.h" #include "tools/tools_util.h" #include "confdb/confdb.h" #define CHECK(expr, done, msg) do { \ if (expr) { \ ERROR(msg "\n"); \ goto done; \ } \ } while(0) struct debuglevel_tool_ctx { struct confdb_ctx *confdb; char **sections; }; static errno_t set_debug_level(struct debuglevel_tool_ctx *tool_ctx, int debug_to_set, const char *config_file); static errno_t connect_to_confdb(TALLOC_CTX *ctx, struct confdb_ctx **cdb_ctx); static errno_t get_confdb_sections(TALLOC_CTX *ctx, struct confdb_ctx *confdb, char ***output_sections); static int parse_debug_level(const char *strlevel); int main(int argc, const char **argv) { int ret; int pc_debug = SSSDBG_DEFAULT; int debug_to_set = SSSDBG_INVALID; const char *debug_as_string = NULL; const char *config_file = NULL; const char *pc_config_file = NULL; struct debuglevel_tool_ctx *ctx = NULL; struct poptOption long_options[] = { POPT_AUTOHELP {"debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, _("The debug level to run with"), NULL }, {"config", 'c', POPT_ARG_STRING, &pc_config_file, 0, _("Specify a non-default config file"), NULL}, POPT_TABLEEND }; poptContext pc = NULL; debug_prg_name = argv[0]; /* parse parameters */ pc = poptGetContext(argv[0], argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "DEBUG_LEVEL_TO_SET"); while((ret = poptGetNextOpt(pc)) != -1) { switch(ret) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(ret)); poptPrintUsage(pc, stderr, 0); ret = EXIT_FAILURE; goto fini; } } DEBUG_INIT(pc_debug); /* get debug level */ debug_as_string = poptGetArg(pc); if (debug_as_string == NULL) { BAD_POPT_PARAMS(pc, _("Specify debug level you want to set\n"), ret, fini); } /* No more arguments expected. If something follows it is an error. */ if (poptGetArg(pc)) { BAD_POPT_PARAMS(pc, _("Only one argument expected\n"), ret, fini); } /* get config file */ if (pc_config_file) { config_file = talloc_strdup(ctx, pc_config_file); } else { config_file = talloc_strdup(ctx, CONFDB_DEFAULT_CONFIG_FILE); } if (config_file == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n")); ret = ENOMEM; goto fini; } CHECK_ROOT(ret, debug_prg_name); /* free pc_config_file? */ /* free debug_as_string? */ debug_to_set = parse_debug_level(debug_as_string); CHECK(debug_to_set == SSSDBG_INVALID, fini, "Invalid debug level."); /* allocate context */ ctx = talloc_zero(NULL, struct debuglevel_tool_ctx); if (ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not allocate memory for tools context\n")); ret = ENOMEM; goto fini; } ret = connect_to_confdb(ctx, &ctx->confdb); CHECK(ret != EOK, fini, "Could not connect to configuration database."); ret = get_confdb_sections(ctx, ctx->confdb, &ctx->sections); CHECK(ret != EOK, fini, "Could not get all configuration sections."); ret = set_debug_level(ctx, debug_to_set, config_file); CHECK(ret != EOK, fini, "Could not set debug level."); ret = signal_sssd(SIGHUP); CHECK(ret != EOK, fini, "Could not force sssd processes to reload configuration. " "Is sssd running?"); fini: poptFreeContext(pc); talloc_free(ctx); return ret; } errno_t set_debug_level(struct debuglevel_tool_ctx *tool_ctx, int debug_to_set, const char *config_file) { int ret; int err; const char *values[2]; char **section = NULL; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } /* convert debug_to_set to string */ values[0] = talloc_asprintf(tmp_ctx, "0x%.4x", debug_to_set); if (values[0] == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not allocate memory for " "debug_to_set to string conversion\n")); ret = ENOMEM; goto done; } values[1] = NULL; /* write to confdb */ for (section = tool_ctx->sections; *section != NULL; section++) { ret = confdb_add_param(tool_ctx->confdb, 1, *section, CONFDB_SERVICE_DEBUG_LEVEL, values); if (ret != EOK) { goto done; } } /* * Change atime and mtime of sssd.conf, * so the configuration can be restored on next start. */ errno = 0; if (utime(config_file, NULL) == -1 ) { err = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to change mtime of \"%s\": %s\n", config_file, strerror(err))); } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t connect_to_confdb(TALLOC_CTX *ctx, struct confdb_ctx **cdb_ctx) { int ret; char* confdb_path = NULL; confdb_path = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE); if (confdb_path == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not allocate memory for confdb path\n")); return ENOMEM; } ret = confdb_init(ctx, cdb_ctx, confdb_path); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not initialize connection to the confdb\n")); } talloc_free(confdb_path); return ret; } errno_t get_confdb_sections(TALLOC_CTX *ctx, struct confdb_ctx *confdb, char ***output_sections) { int ret; int domain_count = 0; int i = 0; struct sss_domain_info *domain = NULL; struct sss_domain_info *domain_list = NULL; char **sections; const char *known_services[] = { CONFDB_MONITOR_CONF_ENTRY, CONFDB_NSS_CONF_ENTRY, CONFDB_PAM_CONF_ENTRY, CONFDB_PAC_CONF_ENTRY, CONFDB_SSH_CONF_ENTRY, CONFDB_SUDO_CONF_ENTRY, CONFDB_AUTOFS_CONF_ENTRY }; static const int known_services_count = sizeof(known_services) / sizeof(*known_services); TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } /* get domains */ ret = confdb_get_domains(confdb, &domain_list); if (ret != EOK) DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to get domain list\n")); for (domain = domain_list; domain; domain = get_next_domain(domain, false)) { domain_count++; } /* allocate output space */ sections = talloc_array(ctx, char*, domain_count + known_services_count + 1); if (sections == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not allocate memory for sections\n")); ret = ENOMEM; goto fail; } for (i = 0; i < known_services_count; i++) { sections[i] = talloc_strdup(tmp_ctx, known_services[i]); if (sections[i] == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n")); ret = ENOMEM; goto fail; } } for (domain = domain_list; domain; domain = get_next_domain(domain, false), i++) { sections[i] = talloc_asprintf(tmp_ctx, CONFDB_DOMAIN_PATH_TMPL, domain->name); if (sections[i] == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_asprintf() failed\n")); ret = ENOMEM; goto fail; } } /* add NULL to the end */ sections[i] = NULL; *output_sections = talloc_steal(ctx, sections); return EOK; fail: talloc_free(tmp_ctx); return ret; } int parse_debug_level(const char *strlevel) { long value; char *endptr; errno = 0; value = strtol(strlevel, &endptr, 0); if ((errno != 0) || (endptr == strlevel) || (*endptr != '\0')) { return SSSDBG_INVALID; } return debug_convert_old_level(value); } sssd-1.11.5/src/tools/PaxHeaders.13173/sss_sync_ops.c0000644000000000000000000000007312320753107020372 xustar000000000000000030 atime=1396954939.275891424 29 ctime=1396954961.69587492 sssd-1.11.5/src/tools/sss_sync_ops.c0000664002412700241270000004322512320753107020623 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "util/util.h" #include "db/sysdb.h" #include "tools/sss_sync_ops.h" /* Default settings for user attributes */ #define DFL_SHELL_VAL "/bin/bash" #define DFL_BASEDIR_VAL "/home" #define DFL_CREATE_HOMEDIR true #define DFL_REMOVE_HOMEDIR true #define DFL_UMASK 077 #define DFL_SKEL_DIR "/etc/skel" #define DFL_MAIL_DIR "/var/spool/mail" #define VAR_CHECK(var, val, attr, msg) do { \ if (var != (val)) { \ DEBUG(1, (msg" attribute: %s", attr)); \ return val; \ } \ } while(0) struct sync_op_res { struct ops_ctx *data; int error; bool done; }; /* * Generic modify groups member */ static int mod_groups_member(struct sysdb_ctx *sysdb, struct sss_domain_info *dom, char **grouplist, struct ldb_dn *member_dn, int optype) { TALLOC_CTX *tmpctx; struct ldb_dn *parent_dn; int ret; int i; tmpctx = talloc_new(NULL); if (!tmpctx) { return ENOMEM; } /* FIXME: add transaction around loop */ for (i = 0; grouplist[i]; i++) { parent_dn = sysdb_group_dn(sysdb, tmpctx, dom, grouplist[i]); if (!parent_dn) { ret = ENOMEM; goto done; } ret = sysdb_mod_group_member(sysdb, member_dn, parent_dn, optype); if (ret) { goto done; } } ret = EOK; done: talloc_zfree(tmpctx); return ret; } #define add_to_groups(sysdb, data, member_dn) \ mod_groups_member(sysdb, data->domain, data->addgroups, member_dn, \ LDB_FLAG_MOD_ADD) #define remove_from_groups(sysdb, data, member_dn) \ mod_groups_member(sysdb, data->domain, data->rmgroups, member_dn, \ LDB_FLAG_MOD_DELETE) /* * Modify a user */ struct user_mod_state { struct sysdb_ctx *sysdb; struct sysdb_attrs *attrs; struct ldb_dn *member_dn; struct ops_ctx *data; }; static int usermod_build_attrs(TALLOC_CTX *mem_ctx, const char *gecos, const char *home, const char *shell, uid_t uid, gid_t gid, int lock, struct sysdb_attrs **_attrs) { int ret; struct sysdb_attrs *attrs; attrs = sysdb_new_attrs(mem_ctx); if (attrs == NULL) { return ENOMEM; } if (shell) { ret = sysdb_attrs_add_string(attrs, SYSDB_SHELL, shell); VAR_CHECK(ret, EOK, SYSDB_SHELL, "Could not add attribute to changeset\n"); } if (home) { ret = sysdb_attrs_add_string(attrs, SYSDB_HOMEDIR, home); VAR_CHECK(ret, EOK, SYSDB_HOMEDIR, "Could not add attribute to changeset\n"); } if (gecos) { ret = sysdb_attrs_add_string(attrs, SYSDB_GECOS, gecos); VAR_CHECK(ret, EOK, SYSDB_GECOS, "Could not add attribute to changeset\n"); } if (uid) { ret = sysdb_attrs_add_long(attrs, SYSDB_UIDNUM, uid); VAR_CHECK(ret, EOK, SYSDB_UIDNUM, "Could not add attribute to changeset\n"); } if (gid) { ret = sysdb_attrs_add_long(attrs, SYSDB_GIDNUM, gid); VAR_CHECK(ret, EOK, SYSDB_GIDNUM, "Could not add attribute to changeset\n"); } if (lock == DO_LOCK) { ret = sysdb_attrs_add_string(attrs, SYSDB_DISABLED, "true"); VAR_CHECK(ret, EOK, SYSDB_DISABLED, "Could not add attribute to changeset\n"); } if (lock == DO_UNLOCK) { /* PAM code checks for 'false' value in SYSDB_DISABLED attribute */ ret = sysdb_attrs_add_string(attrs, SYSDB_DISABLED, "false"); VAR_CHECK(ret, EOK, SYSDB_DISABLED, "Could not add attribute to changeset\n"); } *_attrs = attrs; return EOK; } /* * Public interface for modifying users */ int usermod(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ops_ctx *data) { struct sysdb_attrs *attrs = NULL; struct ldb_dn *member_dn = NULL; int ret; if (data->addgroups || data->rmgroups) { member_dn = sysdb_user_dn(sysdb, mem_ctx, data->domain, data->name); if (!member_dn) { return ENOMEM; } } ret = usermod_build_attrs(mem_ctx, data->gecos, data->home, data->shell, data->uid, data->gid, data->lock, &attrs); if (ret != EOK) { return ret; } if (attrs->num != 0) { ret = sysdb_set_user_attr(sysdb, data->domain, data->name, attrs, SYSDB_MOD_REP); if (ret) { return ret; } } if (data->rmgroups != NULL) { ret = remove_from_groups(sysdb, data, member_dn); if (ret) { return ret; } } if (data->addgroups != NULL) { ret = add_to_groups(sysdb, data, member_dn); if (ret) { return ret; } } flush_nscd_cache(NSCD_DB_PASSWD); flush_nscd_cache(NSCD_DB_GROUP); return EOK; } /* * Public interface for modifying groups */ int groupmod(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ops_ctx *data) { struct sysdb_attrs *attrs = NULL; struct ldb_dn *member_dn = NULL; int ret; if (data->addgroups || data->rmgroups) { member_dn = sysdb_group_dn(sysdb, mem_ctx, data->domain, data->name); if (!member_dn) { return ENOMEM; } } if (data->gid != 0) { attrs = sysdb_new_attrs(mem_ctx); if (!attrs) { return ENOMEM; } ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, data->gid); if (ret) { return ret; } ret = sysdb_set_group_attr(sysdb, data->domain, data->name, attrs, SYSDB_MOD_REP); if (ret) { return ret; } } if (data->rmgroups != NULL) { ret = remove_from_groups(sysdb, data, member_dn); if (ret) { return ret; } } if (data->addgroups != NULL) { ret = add_to_groups(sysdb, data, member_dn); if (ret) { return ret; } } flush_nscd_cache(NSCD_DB_GROUP); return EOK; } int userdel_defaults(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, struct ops_ctx *data, int remove_home) { int ret; char *conf_path; bool dfl_remove_home; conf_path = talloc_asprintf(mem_ctx, CONFDB_DOMAIN_PATH_TMPL, data->domain->name); if (!conf_path) { return ENOMEM; } /* remove homedir on user creation? */ if (!remove_home) { ret = confdb_get_bool(confdb, conf_path, CONFDB_LOCAL_REMOVE_HOMEDIR, DFL_REMOVE_HOMEDIR, &dfl_remove_home); if (ret != EOK) { goto done; } data->remove_homedir = dfl_remove_home; } else { data->remove_homedir = (remove_home == DO_REMOVE_HOME); } /* a directory to remove mail spools from */ ret = confdb_get_string(confdb, mem_ctx, conf_path, CONFDB_LOCAL_MAIL_DIR, DFL_MAIL_DIR, &data->maildir); if (ret != EOK) { goto done; } ret = EOK; done: talloc_free(conf_path); return ret; } /* * Default values for add operations */ int useradd_defaults(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, struct ops_ctx *data, const char *gecos, const char *homedir, const char *shell, int create_home, const char *skeldir) { int ret; char *basedir = NULL; char *conf_path = NULL; conf_path = talloc_asprintf(mem_ctx, CONFDB_DOMAIN_PATH_TMPL, data->domain->name); if (!conf_path) { return ENOMEM; } /* gecos */ data->gecos = talloc_strdup(mem_ctx, gecos ? gecos : data->name); if (!data->gecos) { ret = ENOMEM; goto done; } DEBUG(7, ("Gecos: %s\n", data->gecos)); /* homedir */ if (homedir) { data->home = talloc_strdup(data, homedir); } else { ret = confdb_get_string(confdb, mem_ctx, conf_path, CONFDB_LOCAL_DEFAULT_BASEDIR, DFL_BASEDIR_VAL, &basedir); if (ret != EOK) { goto done; } data->home = talloc_asprintf(mem_ctx, "%s/%s", basedir, data->name); } if (!data->home) { ret = ENOMEM; goto done; } DEBUG(7, ("Homedir: %s\n", data->home)); /* default shell */ if (!shell) { ret = confdb_get_string(confdb, mem_ctx, conf_path, CONFDB_LOCAL_DEFAULT_SHELL, DFL_SHELL_VAL, &data->shell); if (ret != EOK) { goto done; } } else { data->shell = talloc_strdup(mem_ctx, shell); if (!data->shell) { ret = ENOMEM; goto done; } } DEBUG(7, ("Shell: %s\n", data->shell)); /* create homedir on user creation? */ if (!create_home) { ret = confdb_get_bool(confdb, conf_path, CONFDB_LOCAL_CREATE_HOMEDIR, DFL_CREATE_HOMEDIR, &data->create_homedir); if (ret != EOK) { goto done; } } else { data->create_homedir = (create_home == DO_CREATE_HOME); } DEBUG(7, ("Auto create homedir: %s\n", data->create_homedir?"True":"False")); /* umask to create homedirs */ ret = confdb_get_int(confdb, conf_path, CONFDB_LOCAL_UMASK, DFL_UMASK, (int *) &data->umask); if (ret != EOK) { goto done; } DEBUG(7, ("Umask: %o\n", data->umask)); /* a directory to create mail spools in */ ret = confdb_get_string(confdb, mem_ctx, conf_path, CONFDB_LOCAL_MAIL_DIR, DFL_MAIL_DIR, &data->maildir); if (ret != EOK) { goto done; } DEBUG(7, ("Mail dir: %s\n", data->maildir)); /* skeleton dir */ if (!skeldir) { ret = confdb_get_string(confdb, mem_ctx, conf_path, CONFDB_LOCAL_SKEL_DIR, DFL_SKEL_DIR, &data->skeldir); if (ret != EOK) { goto done; } } else { data->skeldir = talloc_strdup(mem_ctx, skeldir); if (!data->skeldir) { ret = ENOMEM; goto done; } } DEBUG(7, ("Skeleton dir: %s\n", data->skeldir)); ret = EOK; done: talloc_free(basedir); talloc_free(conf_path); return ret; } /* * Public interface for adding users */ int useradd(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ops_ctx *data) { int ret; ret = sysdb_add_user(sysdb, data->domain, data->name, data->uid, data->gid, data->gecos, data->home, data->shell, NULL, NULL, 0, 0); if (ret) { goto done; } if (data->addgroups) { struct ldb_dn *member_dn; member_dn = sysdb_user_dn(sysdb, mem_ctx, data->domain, data->name); if (!member_dn) { ret = ENOMEM; goto done; } ret = add_to_groups(sysdb, data, member_dn); if (ret) { goto done; } } flush_nscd_cache(NSCD_DB_PASSWD); flush_nscd_cache(NSCD_DB_GROUP); done: return ret; } /* * Public interface for deleting users */ int userdel(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ops_ctx *data) { struct ldb_dn *user_dn; int ret; user_dn = sysdb_user_dn(sysdb, mem_ctx, data->domain, data->name); if (!user_dn) { DEBUG(1, ("Could not construct a user DN\n")); return ENOMEM; } ret = sysdb_delete_entry(sysdb, user_dn, false); if (ret) { DEBUG(2, ("Removing user failed: %s (%d)\n", strerror(ret), ret)); } flush_nscd_cache(NSCD_DB_PASSWD); flush_nscd_cache(NSCD_DB_GROUP); return ret; } /* * Public interface for adding groups */ int groupadd(struct sysdb_ctx *sysdb, struct ops_ctx *data) { int ret; ret = sysdb_add_group(sysdb, data->domain, data->name, data->gid, NULL, 0, 0); if (ret == EOK) { flush_nscd_cache(NSCD_DB_GROUP); } return ret; } /* * Public interface for deleting groups */ int groupdel(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ops_ctx *data) { struct ldb_dn *group_dn; int ret; group_dn = sysdb_group_dn(sysdb, mem_ctx, data->domain, data->name); if (group_dn == NULL) { DEBUG(1, ("Could not construct a group DN\n")); return ENOMEM; } ret = sysdb_delete_entry(sysdb, group_dn, false); if (ret) { DEBUG(2, ("Removing group failed: %s (%d)\n", strerror(ret), ret)); } flush_nscd_cache(NSCD_DB_GROUP); return ret; } /* * getpwnam, getgrnam and friends */ int sysdb_getpwnam_sync(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, const char *name, struct ops_ctx *out) { struct ldb_result *res; const char *str; int ret; ret = sysdb_getpwnam(mem_ctx, sysdb, out->domain, name, &res); if (ret) { return ret; } switch (res->count) { case 0: DEBUG(1, ("No result for sysdb_getpwnam call\n")); return ENOENT; case 1: /* fill ops_ctx */ out->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); out->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); out->name = talloc_strdup(out, str); if (out->name == NULL) { return ENOMEM; } str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_GECOS, NULL); out->gecos = talloc_strdup(out, str); if (out->gecos == NULL) { return ENOMEM; } str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR, NULL); out->home = talloc_strdup(out, str); if (out->home == NULL) { return ENOMEM; } str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SHELL, NULL); out->shell = talloc_strdup(out, str); if (out->shell == NULL) { return ENOMEM; } str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_DISABLED, NULL); if (str == NULL) { out->lock = DO_UNLOCK; } else { if (strcasecmp(str, "true") == 0) { out->lock = DO_LOCK; } else if (strcasecmp(str, "false") == 0) { out->lock = DO_UNLOCK; } else { /* Invalid value */ DEBUG(2, ("Invalid value for %s attribute: %s\n", SYSDB_DISABLED, str ? str : "NULL")); return EIO; } } break; default: DEBUG(1, ("More than one result for sysdb_getpwnam call\n")); return EIO; } return EOK; } int sysdb_getgrnam_sync(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, const char *name, struct ops_ctx *out) { struct ldb_result *res; const char *str; int ret; ret = sysdb_getgrnam(mem_ctx, sysdb, out->domain, name, &res); if (ret) { return ret; } switch (res->count) { case 0: DEBUG(1, ("No result for sysdb_getgrnam call\n")); return ENOENT; case 1: /* fill ops_ctx */ out->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); out->name = talloc_strdup(out, str); if (out->name == NULL) { return ENOMEM; } break; default: DEBUG(1, ("More than one result for sysdb_getgrnam call\n")); return EIO; } return EOK; } sssd-1.11.5/src/tools/PaxHeaders.13173/sss_groupshow.c0000644000000000000000000000007412320753107020573 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.746874883 sssd-1.11.5/src/tools/sss_groupshow.c0000664002412700241270000005456112320753107021030 0ustar00jhrozekjhrozek00000000000000/* SSSD sss_groupshow Copyright (C) Jakub Hrozek 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "db/sysdb.h" #include "util/util.h" #include "tools/tools_util.h" #include "tools/sss_sync_ops.h" #define PADDING_SPACES 4 #define GROUP_SHOW_ATTRS { SYSDB_MEMBEROF, SYSDB_GIDNUM, \ SYSDB_MEMBER, SYSDB_GHOST, SYSDB_NAME, \ NULL } #define GROUP_SHOW_MPG_ATTRS { SYSDB_MEMBEROF, SYSDB_UIDNUM, \ SYSDB_NAME, NULL } struct group_info { const char *name; gid_t gid; bool mpg; const char **user_members; const char **memberofs; struct group_info **group_members; }; /*==================Helper routines to process results================= */ const char *rdn_as_string(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) { const struct ldb_val *val; val = ldb_dn_get_rdn_val(dn); if (val == NULL) { return NULL; } return ldb_dn_escape_value(mem_ctx, *val);; } static int parse_memberofs(struct ldb_context *ldb, struct ldb_message_element *el, struct group_info *gi) { int i; struct ldb_dn *dn = NULL; gi->memberofs = talloc_array(gi, const char *, el->num_values+1); if (gi->memberofs == NULL) { return ENOMEM; } for (i = 0; i< el->num_values; ++i) { dn = ldb_dn_from_ldb_val(gi, ldb, &(el->values[i])); gi->memberofs[i] = talloc_strdup(gi, rdn_as_string(gi, dn)); talloc_zfree(dn); if (gi->memberofs[i] == NULL) { return ENOMEM; } DEBUG(6, ("memberof value: %s\n", gi->memberofs[i])); } gi->memberofs[el->num_values] = NULL; return EOK; } static int parse_members(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct sss_domain_info *domain, struct ldb_message_element *el, const char *parent_name, const char ***user_members, const char ***group_members, int *num_group_members) { struct ldb_dn *user_basedn = NULL, *group_basedn = NULL; struct ldb_dn *parent_dn = NULL; struct ldb_dn *dn = NULL; const char **um = NULL, **gm = NULL; unsigned int um_index = 0, gm_index = 0; TALLOC_CTX *tmp_ctx = NULL; int ret; int i; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { ret = ENOMEM; goto fail; } user_basedn = ldb_dn_new_fmt(tmp_ctx, ldb, SYSDB_TMPL_USER_BASE, domain->name); group_basedn = ldb_dn_new_fmt(tmp_ctx, ldb, SYSDB_TMPL_GROUP_BASE, domain->name); if (!user_basedn || !group_basedn) { ret = ENOMEM; goto fail; } um = talloc_array(mem_ctx, const char *, el->num_values+1); gm = talloc_array(mem_ctx, const char *, el->num_values+1); if (!um || !gm) { ret = ENOMEM; goto fail; } for (i = 0; i< el->num_values; ++i) { dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &(el->values[i])); /* user member or group member? */ parent_dn = ldb_dn_get_parent(tmp_ctx, dn); if (ldb_dn_compare_base(parent_dn, user_basedn) == 0) { um[um_index] = rdn_as_string(mem_ctx, dn); if (um[um_index] == NULL) { ret = ENOMEM; goto fail; } DEBUG(6, ("User member %s\n", um[um_index])); um_index++; } else if (ldb_dn_compare_base(parent_dn, group_basedn) == 0) { gm[gm_index] = rdn_as_string(mem_ctx, dn); if (gm[gm_index] == NULL) { ret = ENOMEM; goto fail; } if (parent_name && strcmp(gm[gm_index], parent_name) == 0) { DEBUG(6, ("Skipping circular nesting for group %s\n", gm[gm_index])); continue; } DEBUG(6, ("Group member %s\n", gm[gm_index])); gm_index++; } else { DEBUG(2, ("Group member not a user nor group: %s\n", ldb_dn_get_linearized(dn))); ret = EIO; goto fail; } talloc_zfree(dn); talloc_zfree(parent_dn); } um[um_index] = NULL; gm[gm_index] = NULL; if (um_index > 0) { um = talloc_realloc(mem_ctx, um, const char *, um_index+1); if (!um) { ret = ENOMEM; goto fail; } } else { talloc_zfree(um); } if (gm_index > 0) { gm = talloc_realloc(mem_ctx, gm, const char *, gm_index+1); if (!gm) { ret = ENOMEM; goto fail; } } else { talloc_zfree(gm); } *user_members = um; if (group_members) *group_members = gm; if (num_group_members) *num_group_members = gm_index; talloc_zfree(tmp_ctx); return EOK; fail: talloc_zfree(um); talloc_zfree(gm); talloc_zfree(tmp_ctx); return ret; } static int process_group(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldb_message *msg, struct sss_domain_info *domain, const char *parent_name, struct group_info **info, const char ***group_members, int *num_group_members) { struct ldb_message_element *el; int ret, i, j; int count = 0; struct group_info *gi = NULL; const char **user_members; DEBUG(6, ("Found entry %s\n", ldb_dn_get_linearized(msg->dn))); gi = talloc_zero(mem_ctx, struct group_info); if (!gi) { ret = ENOMEM; goto done; } /* mandatory data - name and gid */ gi->name = talloc_strdup(gi, ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL)); gi->gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); if (gi->gid == 0 || gi->name == NULL) { DEBUG(3, ("No name or no GID?\n")); ret = EIO; goto done; } /* list members */ el = ldb_msg_find_element(msg, SYSDB_MEMBER); if (el) { ret = parse_members(gi, ldb, domain, el, parent_name, &gi->user_members, group_members, num_group_members); if (ret != EOK) { goto done; } if (gi->user_members == NULL) { count = 0; } else { for (count = 0; gi->user_members[count]; count++) ; } } el = ldb_msg_find_element(msg, SYSDB_GHOST); if (el) { ret = parse_members(gi, ldb, domain, el, parent_name, &user_members, NULL, NULL); if (ret != EOK) { goto done; } if (user_members != NULL) { i = count; for (count = 0; user_members[count]; count++) ; gi->user_members = talloc_realloc(gi, gi->user_members, const char *, i + count + 1); if (gi->user_members == NULL) { ret = ENOMEM; goto done; } for (j = 0; j < count; j++, i++) { gi->user_members[i] = talloc_steal(gi->user_members, user_members[j]); } gi->user_members[i] = NULL; talloc_zfree(user_members); } } /* list memberofs */ el = ldb_msg_find_element(msg, SYSDB_MEMBEROF); if (el) { ret = parse_memberofs(ldb, el, gi); if (ret != EOK) { goto done; } } *info = gi; return EOK; done: talloc_zfree(gi); return ret; } /*========Find info about a group and recursively about subgroups====== */ int group_show_recurse(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct group_info *root, struct group_info *parent, const char **group_members, const int nmembers, struct group_info ***up_members); static int group_show_trim_memberof(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **memberofs, const char ***_direct); int group_show(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, bool recursive, const char *name, struct group_info **res) { struct group_info *root; static const char *attrs[] = GROUP_SHOW_ATTRS; struct ldb_message *msg = NULL; const char **group_members = NULL; int nmembers = 0; int ret; int i; /* First, search for the root group */ ret = sysdb_search_group_by_name(mem_ctx, sysdb, domain, name, attrs, &msg); if (ret) { DEBUG(2, ("Search failed: %s (%d)\n", strerror(ret), ret)); goto done; } ret = process_group(mem_ctx, sysdb_ctx_get_ldb(sysdb), msg, domain, NULL, &root, &group_members, &nmembers); if (ret != EOK) { DEBUG(2, ("Group processing failed: %s (%d)\n", strerror(ret), ret)); goto done; } if (!recursive) { if (group_members) { root->group_members = talloc_array(root, struct group_info *, nmembers+1); if (!root->group_members) { ret = ENOMEM; goto done; } for (i = 0; i < nmembers; i++) { root->group_members[i] = talloc_zero(root, struct group_info); if (!root->group_members[i]) { ret = ENOMEM; goto done; } root->group_members[i]->name = talloc_strdup(root, group_members[i]); if (!root->group_members[i]->name) { ret = ENOMEM; goto done; } } root->group_members[nmembers] = NULL; } if (root->memberofs == NULL) { ret = EOK; goto done; } /* if not recursive, only show the direct parent */ ret = group_show_trim_memberof(mem_ctx, sysdb, domain, root->name, root->memberofs, &root->memberofs); goto done; } if (group_members == NULL) { ret = EOK; goto done; } ret = group_show_recurse(root, sysdb, domain, root, root, group_members, nmembers, &root->group_members); if (ret) { DEBUG(2, ("Recursive search failed: %s (%d)\n", strerror(ret), ret)); goto done; } ret = EOK; done: if (ret == EOK) { *res = root; } return ret; } /*=========Nonrecursive search should only show direct parent========== */ static int group_show_trim_memberof(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **memberofs, const char ***_direct) { struct ldb_dn *dn; char *filter; struct ldb_message **msgs; size_t count; const char **direct = NULL; int ndirect = 0; int ret; int i; dn = sysdb_group_dn(sysdb, mem_ctx, domain, name); if (!dn) { return ENOMEM; } for (i = 0; memberofs[i]; i++) { filter = talloc_asprintf(mem_ctx, "(&(%s=%s)(%s=%s))", SYSDB_NAME, memberofs[i], SYSDB_MEMBER, ldb_dn_get_linearized(dn)); if (!filter) { return ENOMEM; } ret = sysdb_search_groups(mem_ctx, sysdb, domain, filter, NULL, &count, &msgs); /* ENOENT is OK, the group is just not a direct parent */ if (ret != EOK && ret != ENOENT) { return ret; } if (count > 0) { name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (!name) { DEBUG(2, ("Entry %s has no Name Attribute ?!?\n", ldb_dn_get_linearized(msgs[0]->dn))); return EFAULT; } direct = talloc_realloc(mem_ctx, direct, const char *, ndirect + 2); if (!direct) { return ENOMEM; } direct[ndirect] = talloc_strdup(direct, name); if (!direct[ndirect]) { return ENOMEM; } direct[ndirect + 1] = NULL; ndirect++; } } *_direct = direct; return EOK; } /*==================Recursive search for nested groups================= */ int group_show_recurse(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct group_info *root, struct group_info *parent, const char **group_members, const int nmembers, struct group_info ***up_members) { struct group_info **groups; static const char *attrs[] = GROUP_SHOW_ATTRS; struct ldb_message *msg; const char **new_group_members = NULL; int new_nmembers = 0; int ret; int i; groups = talloc_zero_array(root, struct group_info *, nmembers+1); /* trailing NULL */ if (!group_members || !group_members[0]) { return ENOENT; } for (i = 0; i < nmembers; i++) { /* Skip circular groups */ if (strcmp(group_members[i], parent->name) == 0) { continue; } ret = sysdb_search_group_by_name(mem_ctx, sysdb, domain, group_members[i], attrs, &msg); if (ret) { DEBUG(2, ("Search failed: %s (%d)\n", strerror(ret), ret)); return EIO; } ret = process_group(root, sysdb_ctx_get_ldb(sysdb), msg, domain, parent->name, &groups[i], &new_group_members, &new_nmembers); if (ret != EOK) { DEBUG(2, ("Group processing failed: %s (%d)\n", strerror(ret), ret)); return ret; } /* descend to another level */ if (new_nmembers > 0) { ret = group_show_recurse(mem_ctx, sysdb, domain, root, groups[i], new_group_members, new_nmembers, &parent->group_members); if (ret != EOK) { DEBUG(2, ("Recursive search failed: %s (%d)\n", strerror(ret), ret)); return ret; } talloc_zfree(new_group_members); } } *up_members = groups; return EOK; } /*==================Get info about MPG================================= */ static int group_show_mpg(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct group_info **res) { const char *attrs[] = GROUP_SHOW_MPG_ATTRS; struct ldb_message *msg; struct group_info *info; int ret; info = talloc_zero(mem_ctx, struct group_info); if (!info) { ret = ENOMEM; goto fail; } ret = sysdb_search_user_by_name(info, sysdb, domain, name, attrs, &msg); if (ret) { DEBUG(2, ("Search failed: %s (%d)\n", strerror(ret), ret)); goto fail; } info->name = talloc_strdup(info, ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL)); info->gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); if (info->gid == 0 || info->name == NULL) { DEBUG(3, ("No name or no GID?\n")); ret = EIO; goto fail; } info->mpg = true; *res = info; return EOK; fail: talloc_zfree(info); return ret; } /*==================The main program=================================== */ static void print_group_info(struct group_info *g, int level) { int i; char padding[512]; char fmt[8]; snprintf(fmt, 8, "%%%ds", level*PADDING_SPACES); snprintf(padding, 512, fmt, ""); printf(_("%1$s%2$sGroup: %3$s\n"), padding, g->mpg ? _("Magic Private ") : "", g->name); printf(_("%1$sGID number: %2$d\n"), padding, g->gid); printf(_("%1$sMember users: "), padding); if (g->user_members) { for (i=0; g->user_members[i]; ++i) { printf("%s%s", i>0 ? "," : "", g->user_members[i]); } } printf(_("\n%1$sIs a member of: "), padding); if (g->memberofs) { for (i=0; g->memberofs[i]; ++i) { printf("%s%s", i>0 ? "," : "", g->memberofs[i]); } } printf(_("\n%1$sMember groups: "), padding); } static void print_recursive(struct group_info **group_members, int level) { int i; if (group_members == NULL) { return; } level++; for (i=0; group_members[i]; ++i) { printf("\n"); print_group_info(group_members[i], level); printf("\n"); print_recursive(group_members[i]->group_members, level); } } int main(int argc, const char **argv) { int ret = EXIT_SUCCESS; int pc_debug = SSSDBG_DEFAULT; bool pc_recursive = false; const char *pc_groupname = NULL; struct tools_ctx *tctx = NULL; struct group_info *root = NULL; int i; poptContext pc = NULL; struct poptOption long_options[] = { POPT_AUTOHELP { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, _("The debug level to run with"), NULL }, { "recursive", 'R', POPT_ARG_NONE, NULL, 'r', _("Print indirect group members recursively"), NULL }, POPT_TABLEEND }; debug_prg_name = argv[0]; ret = set_locale(); if (ret != EOK) { DEBUG(1, ("set_locale failed (%d): %s\n", ret, strerror(ret))); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; } /* parse ops_ctx */ pc = poptGetContext(NULL, argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "GROUPNAME"); while ((ret = poptGetNextOpt(pc)) > 0) { switch (ret) { case 'r': pc_recursive = true; break; } } DEBUG_INIT(pc_debug); if (ret != -1) { BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini); } pc_groupname = poptGetArg(pc); if (pc_groupname == NULL) { BAD_POPT_PARAMS(pc, _("Specify group to show\n"), ret, fini); } CHECK_ROOT(ret, debug_prg_name); ret = init_sss_tools(&tctx); if (ret != EOK) { DEBUG(1, ("init_sss_tools failed (%d): %s\n", ret, strerror(ret))); if (ret == ENOENT) { ERROR("Error initializing the tools - no local domain\n"); } else { ERROR("Error initializing the tools\n"); } ret = EXIT_FAILURE; goto fini; } /* if the domain was not given as part of FQDN, default to local domain */ ret = parse_name_domain(tctx, pc_groupname); if (ret != EOK) { ERROR("Invalid domain specified in FQDN\n"); ret = EXIT_FAILURE; goto fini; } /* The search itself */ ret = group_show(tctx, tctx->sysdb, tctx->local, pc_recursive, tctx->octx->name, &root); /* Also show MPGs */ if (ret == ENOENT) { ret = group_show_mpg(tctx, tctx->sysdb, tctx->local, tctx->octx->name, &root); } /* Process result */ if (ret) { DEBUG(1, ("sysdb operation failed (%d)[%s]\n", ret, strerror(ret))); switch (ret) { case ENOENT: ERROR("No such group in local domain. " "Printing groups only allowed in local domain.\n"); break; default: ERROR("Internal error. Could not print group.\n"); break; } ret = EXIT_FAILURE; goto fini; } /* print the results */ print_group_info(root, 0); if (pc_recursive) { printf("\n"); print_recursive(root->group_members, 0); } else { if (root->group_members) { for (i=0; root->group_members[i]; ++i) { printf("%s%s", i>0 ? "," : "", root->group_members[i]->name); } } printf("\n"); } fini: talloc_free(tctx); poptFreeContext(pc); exit(ret); } sssd-1.11.5/src/tools/PaxHeaders.13173/sss_cache.c0000644000000000000000000000007412320753107017601 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.741874886 sssd-1.11.5/src/tools/sss_cache.c0000664002412700241270000005660412320753107020036 0ustar00jhrozekjhrozek00000000000000/* SSSD sss_cache Copyright (C) Jan Zeleny 2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "tools/sss_sync_ops.h" #include "db/sysdb.h" #include "db/sysdb_services.h" #include "db/sysdb_autofs.h" #define INVALIDATE_NONE 0 #define INVALIDATE_USERS 1 #define INVALIDATE_GROUPS 2 #define INVALIDATE_NETGROUPS 4 #define INVALIDATE_SERVICES 8 #define INVALIDATE_AUTOFSMAPS 16 #ifdef BUILD_AUTOFS #define INVALIDATE_EVERYTHING (INVALIDATE_USERS | INVALIDATE_GROUPS | \ INVALIDATE_NETGROUPS | INVALIDATE_SERVICES | \ INVALIDATE_AUTOFSMAPS) #else #define INVALIDATE_EVERYTHING (INVALIDATE_USERS | INVALIDATE_GROUPS | \ INVALIDATE_NETGROUPS | INVALIDATE_SERVICES) #endif enum sss_cache_entry { TYPE_USER=0, TYPE_GROUP, TYPE_NETGROUP, TYPE_SERVICE, TYPE_AUTOFSMAP }; static errno_t search_autofsmaps(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs); struct cache_tool_ctx { struct confdb_ctx *confdb; struct sss_domain_info *domains; char *user_filter; char *group_filter; char *netgroup_filter; char *service_filter; char *autofs_filter; char *user_name; char *group_name; char *netgroup_name; char *service_name; char *autofs_name; bool update_user_filter; bool update_group_filter; bool update_netgroup_filter; bool update_service_filter; bool update_autofs_filter; }; errno_t init_domains(struct cache_tool_ctx *ctx, const char *domain); errno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx); static errno_t invalidate_entry(TALLOC_CTX *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, int entry_type); static bool invalidate_entries(TALLOC_CTX *ctx, struct sss_domain_info *dinfo, struct sysdb_ctx *sysdb, enum sss_cache_entry entry_type, const char *filter, const char *name); static errno_t update_all_filters(struct cache_tool_ctx *tctx, struct sss_domain_info *dinfo); int main(int argc, const char *argv[]) { errno_t ret; struct cache_tool_ctx *tctx = NULL; struct sysdb_ctx *sysdb; bool skipped = true; struct sss_domain_info *dinfo; ret = init_context(argc, argv, &tctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error initializing context for the application\n")); goto done; } for (dinfo = tctx->domains; dinfo; dinfo = get_next_domain(dinfo, true)) { sysdb = dinfo->sysdb; if (!IS_SUBDOMAIN(dinfo)) { /* Update list of subdomains for this domain */ ret = sysdb_update_subdomains(dinfo); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to update subdomains for domain %s.\n", dinfo->name)); } } sysdb = dinfo->sysdb; /* Update filters for each domain */ ret = update_all_filters(tctx, dinfo); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to update filters.\n")); goto done; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not start the transaction!\n")); goto done; } skipped &= !invalidate_entries(tctx, dinfo, sysdb, TYPE_USER, tctx->user_filter, tctx->user_name); skipped &= !invalidate_entries(tctx, dinfo, sysdb, TYPE_GROUP, tctx->group_filter, tctx->group_name); skipped &= !invalidate_entries(tctx, dinfo, sysdb, TYPE_NETGROUP, tctx->netgroup_filter, tctx->netgroup_name); skipped &= !invalidate_entries(tctx, dinfo, sysdb, TYPE_SERVICE, tctx->service_filter, tctx->service_name); skipped &= !invalidate_entries(tctx, dinfo, sysdb, TYPE_AUTOFSMAP, tctx->autofs_filter, tctx->autofs_name); ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not commit the transaction!\n")); ret = sysdb_transaction_cancel(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } } if (skipped == true) { ERROR("No cache object matched the specified search\n"); ret = ENOENT; goto done; } else { ret = sss_memcache_clear_all(); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to clear memory cache.\n")); goto done; } } ret = EOK; done: if (tctx) talloc_free(tctx); return ret; } static errno_t update_filter(struct cache_tool_ctx *tctx, struct sss_domain_info *dinfo, char *name, bool update, const char *fmt, bool force_case_sensitivity, char **_filter) { errno_t ret; char *parsed_domain = NULL; char *parsed_name = NULL; TALLOC_CTX *tmp_ctx = NULL; char *use_name = NULL; char *filter; char *sanitized; char *lc_sanitized; if (!name || !update) { /* Nothing to do */ return EOK; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory.\n")); return ENOMEM; } ret = sss_parse_name(tmp_ctx, dinfo->names, name, &parsed_domain, &parsed_name); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_parse_name failed\n")); goto done; } if (parsed_domain != NULL && strcasecmp(dinfo->name, parsed_domain) != 0) { /* We were able to parse the domain from given fqdn, but it * does not match with currently processed domain. */ filter = NULL; ret = EOK; goto done; } if (!dinfo->case_sensitive && !force_case_sensitivity) { use_name = sss_tc_utf8_str_tolower(tmp_ctx, parsed_name); if (!use_name) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); ret = ENOMEM; goto done; } } else { use_name = parsed_name; } if (parsed_domain) { use_name = sss_get_domain_name(tmp_ctx, use_name, dinfo); if (!use_name) { ret = ENOMEM; goto done; } } ret = sss_filter_sanitize_for_dom(tmp_ctx, use_name, dinfo, &sanitized, &lc_sanitized); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to sanitize the given name.\n")); goto done; } if (fmt) { if (!dinfo->case_sensitive && !force_case_sensitivity) { filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)(%s=%s))", SYSDB_NAME_ALIAS, lc_sanitized, SYSDB_NAME_ALIAS, sanitized); } else { filter = talloc_asprintf(tmp_ctx, fmt, SYSDB_NAME, sanitized); } } else { filter = talloc_strdup(tmp_ctx, sanitized); } if (filter == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); ret = ENOMEM; goto done; } ret = EOK; done: if (ret == EOK) { talloc_free(*_filter); *_filter = talloc_steal(tctx, filter); } talloc_free(tmp_ctx); return ret; } /* This function updates all filters for specified domain using this * domains regex to parse string into domain and name (if exists). */ static errno_t update_all_filters(struct cache_tool_ctx *tctx, struct sss_domain_info *dinfo) { errno_t ret; /* Update user filter */ ret = update_filter(tctx, dinfo, tctx->user_name, tctx->update_user_filter, "(%s=%s)", false, &tctx->user_filter); if (ret != EOK) { return ret; } /* Update group filter */ ret = update_filter(tctx, dinfo, tctx->group_name, tctx->update_group_filter, "(%s=%s)", false, &tctx->group_filter); if (ret != EOK) { return ret; } /* Update netgroup filter */ ret = update_filter(tctx, dinfo, tctx->netgroup_name, tctx->update_netgroup_filter, "(%s=%s)", false, &tctx->netgroup_filter); if (ret != EOK) { return ret; } /* Update service filter */ ret = update_filter(tctx, dinfo, tctx->service_name, tctx->update_service_filter, "(%s=%s)", false, &tctx->service_filter); if (ret != EOK) { return ret; } /* Update autofs filter */ ret = update_filter(tctx, dinfo, tctx->autofs_name, tctx->update_autofs_filter, "(&(objectclass="SYSDB_AUTOFS_MAP_OC")(%s=%s))", true, &tctx->autofs_filter); if (ret != EOK) { return ret; } return EOK; } static bool invalidate_entries(TALLOC_CTX *ctx, struct sss_domain_info *dinfo, struct sysdb_ctx *sysdb, enum sss_cache_entry entry_type, const char *filter, const char *name) { const char *attrs[] = {SYSDB_NAME, NULL}; size_t msg_count; struct ldb_message **msgs; const char *type_string = "unknown"; errno_t ret = EINVAL; int i; const char *c_name; bool iret; if (!filter) return false; switch (entry_type) { case TYPE_USER: type_string = "user"; ret = sysdb_search_users(ctx, sysdb, dinfo, filter, attrs, &msg_count, &msgs); break; case TYPE_GROUP: type_string = "group"; ret = sysdb_search_groups(ctx, sysdb, dinfo, filter, attrs, &msg_count, &msgs); break; case TYPE_NETGROUP: type_string = "netgroup"; ret = sysdb_search_netgroups(ctx, sysdb, dinfo, filter, attrs, &msg_count, &msgs); break; case TYPE_SERVICE: type_string = "service"; ret = sysdb_search_services(ctx, sysdb, dinfo, filter, attrs, &msg_count, &msgs); break; case TYPE_AUTOFSMAP: type_string = "autofs map"; ret = search_autofsmaps(ctx, sysdb, dinfo, filter, attrs, &msg_count, &msgs); break; } if (ret != EOK) { if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("'%s' %s: Not found in domain '%s'\n", type_string, name ? name : "", dinfo->name)); } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Searching for %s in domain %s with filter %s failed\n", type_string, dinfo->name, filter)); } return false; } iret = true; for (i = 0; i < msg_count; i++) { c_name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL); if (c_name == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Something bad happened, can't find attribute %s", SYSDB_NAME)); ERROR("Couldn't invalidate %1$s", type_string); iret = false; } else { ret = invalidate_entry(ctx, sysdb, dinfo, c_name, entry_type); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Couldn't invalidate %s %s", type_string, c_name)); ERROR("Couldn't invalidate %1$s %2$s", type_string, c_name); iret = false; } } } talloc_zfree(msgs); return iret; } static errno_t invalidate_entry(TALLOC_CTX *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, int entry_type) { struct sysdb_attrs *sys_attrs = NULL; errno_t ret; sys_attrs = sysdb_new_attrs(ctx); if (sys_attrs) { ret = sysdb_attrs_add_time_t(sys_attrs, SYSDB_CACHE_EXPIRE, 1); if (ret == EOK) { switch (entry_type) { case TYPE_USER: /* For users, we also need to reset the initgroups * cache expiry */ ret = sysdb_attrs_add_time_t(sys_attrs, SYSDB_INITGR_EXPIRE, 1); if (ret != EOK) return ret; ret = sysdb_set_user_attr(sysdb, domain, name, sys_attrs, SYSDB_MOD_REP); break; case TYPE_GROUP: ret = sysdb_set_group_attr(sysdb, domain, name, sys_attrs, SYSDB_MOD_REP); break; case TYPE_NETGROUP: ret = sysdb_set_netgroup_attr(sysdb, domain, name, sys_attrs, SYSDB_MOD_REP); break; case TYPE_SERVICE: ret = sysdb_set_service_attr(sysdb, domain, name, sys_attrs, SYSDB_MOD_REP); break; case TYPE_AUTOFSMAP: ret = sysdb_set_autofsmap_attr(sysdb, domain, name, sys_attrs, SYSDB_MOD_REP); break; default: return EINVAL; } if (ret != EOK) { DEBUG(3, ("Could not set entry attributes\n")); } } else { DEBUG(3, ("Could not add expiration time to attributes\n")); } talloc_zfree(sys_attrs); } else { DEBUG(3, ("Could not create sysdb attributes\n")); ret = ENOMEM; } return ret; } errno_t init_domains(struct cache_tool_ctx *ctx, const char *domain) { char *confdb_path; int ret; struct sss_domain_info *dinfo; confdb_path = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE); if (confdb_path == NULL) { return ENOMEM; } /* Connect to the conf db */ ret = confdb_init(ctx, &ctx->confdb, confdb_path); talloc_free(confdb_path); if (ret != EOK) { DEBUG(1, ("Could not initialize connection to the confdb\n")); return ret; } if (domain) { ret = sssd_domain_init(ctx, ctx->confdb, domain, DB_PATH, &ctx->domains); if (ret != EOK) { SYSDB_VERSION_ERROR(ret); DEBUG(1, ("Could not initialize connection to the sysdb\n")); return ret; } } else { ret = confdb_get_domains(ctx->confdb, &ctx->domains); if (ret != EOK) { DEBUG(1, ("Could not initialize domains\n")); return ret; } ret = sysdb_init(ctx, ctx->domains, false); SYSDB_VERSION_ERROR(ret); if (ret != EOK) { DEBUG(1, ("Could not initialize connection to the sysdb\n")); return ret; } } for (dinfo = ctx->domains; dinfo; dinfo = get_next_domain(dinfo, false)) { ret = sss_names_init(ctx, ctx->confdb, dinfo->name, &dinfo->names); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_names_init() failed\n")); return ret; } } return EOK; } errno_t init_context(int argc, const char *argv[], struct cache_tool_ctx **tctx) { struct cache_tool_ctx *ctx = NULL; int idb = INVALIDATE_NONE; char *user = NULL; char *group = NULL; char *netgroup = NULL; char *service = NULL; char *map = NULL; char *domain = NULL; int debug = SSSDBG_DEFAULT; errno_t ret = EOK; poptContext pc = NULL; struct poptOption long_options[] = { POPT_AUTOHELP { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &debug, 0, _("The debug level to run with"), NULL }, { "everything", 'E', POPT_ARG_NONE, NULL, 'e', _("Invalidate all cached entries except for sudo rules"), NULL }, { "user", 'u', POPT_ARG_STRING, &user, 0, _("Invalidate particular user"), NULL }, { "users", 'U', POPT_ARG_NONE, NULL, 'u', _("Invalidate all users"), NULL }, { "group", 'g', POPT_ARG_STRING, &group, 0, _("Invalidate particular group"), NULL }, { "groups", 'G', POPT_ARG_NONE, NULL, 'g', _("Invalidate all groups"), NULL }, { "netgroup", 'n', POPT_ARG_STRING, &netgroup, 0, _("Invalidate particular netgroup"), NULL }, { "netgroups", 'N', POPT_ARG_NONE, NULL, 'n', _("Invalidate all netgroups"), NULL }, { "service", 's', POPT_ARG_STRING, &service, 0, _("Invalidate particular service"), NULL }, { "services", 'S', POPT_ARG_NONE, NULL, 's', _("Invalidate all services"), NULL }, #ifdef BUILD_AUTOFS { "autofs-map", 'a', POPT_ARG_STRING, &map, 0, _("Invalidate particular autofs map"), NULL }, { "autofs-maps", 'A', POPT_ARG_NONE, NULL, 'a', _("Invalidate all autofs maps"), NULL }, #endif /* BUILD_AUTOFS */ { "domain", 'd', POPT_ARG_STRING, &domain, 0, _("Only invalidate entries from a particular domain"), NULL }, POPT_TABLEEND }; ret = set_locale(); if (ret != EOK) { DEBUG(1, ("set_locale failed (%d): %s\n", ret, strerror(ret))); ERROR("Error setting the locale\n"); goto fini; } pc = poptGetContext(NULL, argc, argv, long_options, 0); while ((ret = poptGetNextOpt(pc)) > 0) { switch (ret) { case 'u': idb |= INVALIDATE_USERS; break; case 'g': idb |= INVALIDATE_GROUPS; break; case 'n': idb |= INVALIDATE_NETGROUPS; break; case 's': idb |= INVALIDATE_SERVICES; break; case 'a': idb |= INVALIDATE_AUTOFSMAPS; break; case 'e': idb = INVALIDATE_EVERYTHING; break; } } DEBUG_INIT(debug); debug_prg_name = argv[0]; if (ret != -1) { BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini); } if (idb == INVALIDATE_NONE && !user && !group && !netgroup && !service && !map) { BAD_POPT_PARAMS(pc, _("Please select at least one object to invalidate\n"), ret, fini); } CHECK_ROOT(ret, debug_prg_name); ctx = talloc_zero(NULL, struct cache_tool_ctx); if (ctx == NULL) { DEBUG(1, ("Could not allocate memory for tools context\n")); ret = ENOMEM; goto fini; } if (idb & INVALIDATE_USERS) { ctx->user_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME); ctx->update_user_filter = false; } else if (user) { ctx->user_name = talloc_strdup(ctx, user); ctx->update_user_filter = true; } if (idb & INVALIDATE_GROUPS) { ctx->group_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME); ctx->update_group_filter = false; } else if (group) { ctx->group_name = talloc_strdup(ctx, group); ctx->update_group_filter = true; } if (idb & INVALIDATE_NETGROUPS) { ctx->netgroup_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME); ctx->update_netgroup_filter = false; } else if (netgroup) { ctx->netgroup_name = talloc_strdup(ctx, netgroup); ctx->update_netgroup_filter = true; } if (idb & INVALIDATE_SERVICES) { ctx->service_filter = talloc_asprintf(ctx, "(%s=*)", SYSDB_NAME); ctx->update_service_filter = false; } else if (service) { ctx->service_name = talloc_strdup(ctx, service); ctx->update_service_filter = true; } if (idb & INVALIDATE_AUTOFSMAPS) { ctx->autofs_filter = talloc_asprintf(ctx, "(&(objectclass=%s)(%s=*))", SYSDB_AUTOFS_MAP_OC, SYSDB_NAME); ctx->update_autofs_filter = false; } else if (map) { ctx->autofs_name = talloc_strdup(ctx, map); ctx->update_autofs_filter = true; } if (((idb & INVALIDATE_USERS) && !ctx->user_filter) || ((idb & INVALIDATE_GROUPS) && !ctx->group_filter) || ((idb & INVALIDATE_NETGROUPS) && !ctx->netgroup_filter) || ((idb & INVALIDATE_SERVICES) && !ctx->service_filter) || ((idb & INVALIDATE_AUTOFSMAPS) && !ctx->autofs_filter) || (user && !ctx->user_name) || (group && !ctx->group_name) || (netgroup && !ctx->netgroup_name) || (map && !ctx->autofs_name) || (service && !ctx->service_name)) { DEBUG(1, ("Construction of filters failed\n")); ret = ENOMEM; goto fini; } ret = init_domains(ctx, domain); if (ret != EOK) { if (domain) { ERROR("Could not open domain %1$s. If the domain is a subdomain " "(trusted domain), use fully qualified name instead of " "--domain/-d parameter.\n", domain); } else { ERROR("Could not open available domains\n"); } DEBUG(SSSDBG_OP_FAILURE, ("Initialization of sysdb connections failed\n")); goto fini; } ret = EOK; fini: poptFreeContext(pc); free(user); free(group); free(netgroup); free(domain); if (ret != EOK && ctx) { talloc_zfree(ctx); } if (ret == EOK) { *tctx = ctx; } return ret; } static errno_t search_autofsmaps(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs) { #ifdef BUILD_AUTOFS return sysdb_search_custom(mem_ctx, sysdb, domain, sub_filter, AUTOFS_MAP_SUBDIR, attrs, msgs_count, msgs); #else return ENOSYS; #endif /* BUILD_AUTOFS */ } sssd-1.11.5/src/tools/PaxHeaders.13173/sss_seed.c0000644000000000000000000000007312320753107017455 xustar000000000000000030 atime=1396954939.275891424 29 ctime=1396954961.74987488 sssd-1.11.5/src/tools/sss_seed.c0000664002412700241270000005747712320753107017724 0ustar00jhrozekjhrozek00000000000000#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "util/util.h" #include "db/sysdb.h" #include "tools/tools_util.h" #include "tools/sss_sync_ops.h" #include "confdb/confdb.h" #ifndef BUFSIZE #define BUFSIZE 1024 #endif #ifndef PASS_MAX #define PASS_MAX 64 #endif enum seed_pass_method { PASS_PROMPT, PASS_FILE }; struct user_ctx { char *domain_name; char *name; uid_t uid; gid_t gid; char *gecos; char *home; char *shell; char *password; }; struct seed_ctx { struct confdb_ctx *confdb; struct sss_domain_info *domain; struct sysdb_ctx *sysdb; struct user_ctx *uctx; char *password_file; enum seed_pass_method password_method; bool interact; bool user_cached; }; static int seed_prompt(const char *req) { size_t len = 0; size_t i = 0; char *prompt = NULL; int ret = EOK; prompt = talloc_asprintf(NULL, _("Enter %s:"), req); if (prompt == NULL) { ret = ENOMEM; goto done; } while (prompt[i] != '\0') { errno = 0; len = sss_atomic_write_s(STDOUT_FILENO, &prompt[i++], 1); if (len == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("write failed [%d][%s].\n", ret, strerror(ret))); goto done; } } done: talloc_free(prompt); return ret; } static int seed_str_input(TALLOC_CTX *mem_ctx, const char *req, char **_input) { char buf[BUFSIZE+1]; size_t len = 0; size_t bytes_read = 0; int ret = EOK; ret = seed_prompt(req); if (ret != EOK) { return ret; } errno = 0; while ((bytes_read = sss_atomic_read_s(STDIN_FILENO, buf+len, 1)) != 0) { if (bytes_read == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("read failed [%d][%s].\n", ret, strerror(ret))); return ret; } if (buf[len] == '\n' || len == BUFSIZE) { buf[len] = '\0'; break; } len += bytes_read; } *_input = talloc_strdup(mem_ctx, buf); if (*_input == NULL) { ret = ENOMEM; DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to allocate input\n")); } return ret; } static int seed_id_input(const char *req, uid_t *_id_input) { char buf[BUFSIZE+1]; size_t len = 0; size_t bytes_read = 0; char *endptr = NULL; int ret = EOK; ret = seed_prompt(req); if (ret != EOK) { return ret; } errno = 0; while ((bytes_read = sss_atomic_read_s(STDIN_FILENO, buf+len, 1)) != 0) { if (bytes_read == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("read failed [%d][%s].\n", ret, strerror(ret))); return ret; } if (buf[len] == '\n' || len == BUFSIZE) { buf[len] = '\0'; break; } len += bytes_read; } if (isdigit(*buf)) { errno = 0; *_id_input = (uid_t)strtoll(buf, &endptr, 10); if (errno != 0) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("strtoll failed on [%s]: [%d][%s].\n", (char *)buf, ret, strerror(ret))); return ret; } if (*endptr != '\0') { DEBUG(SSSDBG_MINOR_FAILURE, ("extra characters [%s] after ID [%"SPRIuid"]\n", endptr, *_id_input)); } } else { ret = EINVAL; DEBUG(SSSDBG_OP_FAILURE, ("Failed to get %s input.\n", req)); } return ret; } static int seed_password_input_prompt(TALLOC_CTX *mem_ctx, char **_password) { TALLOC_CTX *tmp_ctx = NULL; char *password = NULL; char *temp = NULL; int ret = EOK; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not allocate temp context\n")); ret = ENOMEM; goto done; } temp = getpass("Enter temporary password:"); if (temp == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get prompted password\n")); ret = EINVAL; goto done; } /* Do not allow empty passwords */ if (strlen(temp) == 0) { ERROR("Empty passwords are not allowed.\n"); ret = EINVAL; goto done; } password = talloc_strdup(tmp_ctx, temp); if (password == NULL) { ret = ENOMEM; goto done; } talloc_set_destructor((TALLOC_CTX *)password, password_destructor); temp = getpass("Enter temporary password again:"); if (temp == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get prompted password\n")); ret = EINVAL; goto done; } if (strncmp(temp,password,strlen(password)) != 0) { ERROR("Passwords do not match\n"); DEBUG(SSSDBG_MINOR_FAILURE, ("Provided passwords do not match\n")); ret = EINVAL; goto done; } *_password = talloc_steal(mem_ctx, password); done: talloc_free(tmp_ctx); return ret; } static int seed_password_input_file(TALLOC_CTX *mem_ctx, char *filename, char **_password) { TALLOC_CTX *tmp_ctx = NULL; char *password = NULL; int len = 0; uint8_t buf[PASS_MAX+1]; int fd = -1; int ret = EOK; int valid_i; int i; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not allocate temp context\n")); ret = ENOMEM; goto done; } fd = open(filename, O_RDONLY); if (fd == -1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to open password file " "[%s] [%d][%s]\n", filename, errno, strerror(errno))); ret = EINVAL; goto done; } errno = 0; len = sss_atomic_read_s(fd, buf, PASS_MAX + 1); if (len == -1) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to read password from file " "[%s] [%d][%s]\n", filename, ret, strerror(ret))); close(fd); goto done; } close(fd); if (len > PASS_MAX) { ERROR("Password file too big.\n"); ret = EINVAL; goto done; } buf[len] = '\0'; /* Only the first line is valid (without '\n'). */ for (valid_i = -1; valid_i + 1 < len; valid_i++) { if (buf[valid_i + 1] == '\n') { buf[valid_i + 1] = '\0'; break; } } /* Do not allow empty passwords. */ if (valid_i < 0) { ERROR("Empty passwords are not allowed.\n"); ret = EINVAL; goto done; } /* valid_i is the last valid index of the password followed by \0. * If characters other than \n occur int the rest of the file, it * is an error. */ for (i = valid_i + 2; i < len; i++) { if (buf[i] != '\n') { ERROR("Multi-line passwords are not allowed.\n"); ret = EINVAL; goto done; } } password = talloc_strdup(tmp_ctx, (char *)buf); if (password == NULL) { ret = ENOMEM; goto done; } *_password = talloc_steal(mem_ctx, password); done: talloc_free(tmp_ctx); return ret; } static int seed_interactive_input(TALLOC_CTX *mem_ctx, struct user_ctx *uctx, struct user_ctx **_uctx) { struct user_ctx *input_uctx = NULL; int ret = EOK; input_uctx = talloc_zero(NULL, struct user_ctx); if (input_uctx == NULL) { ret = ENOMEM; goto done; } if (uctx->name == NULL) { ret = seed_str_input(input_uctx, _("username"), &input_uctx->name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Username interactive input failed.\n")); goto done; } } else { input_uctx->name = talloc_strdup(input_uctx, uctx->name); if (input_uctx->name == NULL) { ret = ENOMEM; goto done; } } if (uctx->uid == 0) { ret = seed_id_input(_("UID"), &input_uctx->uid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("UID interactive input failed.\n")); goto done; } } else { input_uctx->uid = uctx->uid; } if (uctx->gid == 0) { ret = seed_id_input(_("GID"), &input_uctx->gid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("GID interactive input failed.\n")); goto done; } } else { input_uctx->gid = uctx->gid; } if (uctx->gecos == NULL) { ret = seed_str_input(input_uctx, _("user comment (gecos)"), &input_uctx->gecos); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Gecos interactive input failed.\n")); goto done; } } else { input_uctx->gecos = talloc_strdup(input_uctx, uctx->gecos); if (input_uctx->gecos == NULL) { ret = ENOMEM; goto done; } } if (uctx->home == NULL) { ret = seed_str_input(input_uctx, _("home directory"), &input_uctx->home); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Home directory interactive input fialed.\n")); goto done; } } else { input_uctx->home = talloc_strdup(input_uctx, uctx->home); if (input_uctx->home == NULL) { ret = ENOMEM; goto done; } } if (uctx->shell == NULL) { ret = seed_str_input(input_uctx, _("user login shell"), &input_uctx->shell); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Shell interactive input failed\n")); goto done; } } else { input_uctx->shell = talloc_strdup(input_uctx, uctx->shell); if (input_uctx->shell == NULL) { ret = ENOMEM; goto done; } } done: if (ret == EOK) { *_uctx = talloc_steal(mem_ctx, input_uctx); } else { ERROR("Interactive input failed.\n"); talloc_zfree(input_uctx); } return ret; } static int seed_init(TALLOC_CTX *mem_ctx, const int argc, const char **argv, struct seed_ctx **_sctx) { TALLOC_CTX *tmp_ctx = NULL; int pc_debug = SSSDBG_DEFAULT; const char *pc_domain = NULL; const char *pc_name = NULL; uid_t pc_uid = 0; gid_t pc_gid = 0; const char *pc_gecos = NULL; const char *pc_home = NULL; const char *pc_shell = NULL; const char *pc_password_file = NULL; struct seed_ctx *sctx = NULL; int ret = EOK; poptContext pc = NULL; struct poptOption options[] = { POPT_AUTOHELP { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, _("The debug level to run with"), NULL }, { "domain", 'D', POPT_ARG_STRING, &pc_domain, 0, _("Domain"), NULL }, { "username", 'n', POPT_ARG_STRING, &pc_name, 0, _("Username"), NULL}, { "uid", 'u', POPT_ARG_INT, &pc_uid, 0, _("User UID"), NULL }, { "gid", 'g', POPT_ARG_INT, &pc_gid, 0, _("User GID"), NULL }, { "gecos", 'c', POPT_ARG_STRING, &pc_gecos, 0, _("Comment string"), NULL}, { "home", 'h', POPT_ARG_STRING, &pc_home, 0, _("Home directory"), NULL }, { "shell", 's', POPT_ARG_STRING, &pc_shell, 0, _("Login Shell"), NULL }, { "interactive", 'i', POPT_ARG_NONE, NULL, 'i', _("Use interactive mode to enter user data"), NULL }, { "password-file", 'p', POPT_ARG_STRING, &pc_password_file, 0, _("File from which user's password is read " "(default is to prompt for password)"),NULL }, POPT_TABLEEND }; /* init contexts */ tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto fini; } sctx = talloc_zero(tmp_ctx, struct seed_ctx); if (sctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not allocate tools context\n")); ret = ENOMEM; goto fini; } sctx->uctx = talloc_zero(sctx, struct user_ctx); if (sctx->uctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not allocate user data context\n")); ret = ENOMEM; goto fini; } debug_prg_name = argv[0]; ret = set_locale(); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("set_locale failed (%d): %s\n", ret, strerror(ret))); ERROR("Error setting the locale\n"); ret = EINVAL; goto fini; } /* parse arguments */ pc = poptGetContext(NULL, argc, argv, options, 0); if (argc < 2) { poptPrintUsage(pc,stderr,0); ret = EINVAL; goto fini; } poptSetOtherOptionHelp(pc, "[OPTIONS] -D -n "); while ((ret = poptGetNextOpt(pc)) > 0) { switch (ret) { case 'i': DEBUG(SSSDBG_TRACE_INTERNAL, ("Interactive mode selected\n")); sctx->interact = true; break; } } if (ret != -1) { BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini); } DEBUG_INIT(pc_debug); CHECK_ROOT(ret, argv[0]); /* check username provided */ if (pc_name == NULL) { BAD_POPT_PARAMS(pc, _("Username must be specified\n"), ret, fini); } sctx->uctx->name = talloc_strdup(sctx->uctx, pc_name); if (sctx->uctx->name == NULL) { ret = ENOMEM; goto fini; } /* check domain is provided */ if (pc_domain == NULL) { BAD_POPT_PARAMS(pc, _("Domain must be specified.\n"), ret, fini); } sctx->uctx->domain_name = talloc_strdup(sctx->uctx, pc_domain); if (sctx->uctx->domain_name == NULL) { ret = ENOMEM; goto fini; } poptFreeContext(pc); ret = EOK; /* copy all information provided from popt */ sctx->uctx->uid = pc_uid; sctx->uctx->gid = pc_gid; if (pc_gecos != NULL) { sctx->uctx->gecos = talloc_strdup(sctx->uctx, pc_gecos); if (sctx->uctx->gecos == NULL) { ret = ENOMEM; goto fini; } } if (pc_home != NULL) { sctx->uctx->home = talloc_strdup(sctx->uctx, pc_home); if (sctx->uctx->home == NULL) { ret = ENOMEM; goto fini; } } if (pc_shell != NULL) { sctx->uctx->shell = talloc_strdup(sctx->uctx, pc_shell); if (sctx->uctx->shell == NULL) { ret = ENOMEM; goto fini; } } /* check if password file provided */ if (pc_password_file != NULL) { sctx->password_file = talloc_strdup(sctx, pc_password_file); if (sctx->password_file == NULL) { ret = ENOMEM; goto fini; } sctx->password_method = PASS_FILE; } else { sctx->password_method = PASS_PROMPT; } *_sctx = talloc_steal(mem_ctx, sctx); fini: talloc_free(tmp_ctx); return ret; } static int seed_init_db(TALLOC_CTX *mem_ctx, const char *domain_name, struct confdb_ctx **_confdb, struct sss_domain_info **_domain, struct sysdb_ctx **_sysdb) { TALLOC_CTX *tmp_ctx = NULL; char *confdb_path = NULL; struct confdb_ctx *confdb = NULL; struct sss_domain_info *domain = NULL; int ret = EOK; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } /* setup confdb */ confdb_path = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, CONFDB_FILE); if (confdb_path == NULL) { ret = ENOMEM; goto done; } ret = confdb_init(tmp_ctx, &confdb, confdb_path); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not initialize connection to the confdb\n")); ERROR("Could not initialize connection to the confdb\n"); goto done; } ret = sssd_domain_init(tmp_ctx, confdb, domain_name, DB_PATH, &domain); if (ret != EOK) { SYSDB_VERSION_ERROR(ret); DEBUG(SSSDBG_CRIT_FAILURE, ("Could not initialize connection to domain '%s' in sysdb.%s\n", domain_name, ret == ENOENT ? " Domain not found." : "")); ERROR("Could not initialize connection to domain '%1$s' in sysdb.%2$s\n", domain_name, ret == ENOENT ? " Domain not found." : ""); goto done; } *_confdb = talloc_steal(mem_ctx, confdb); *_domain = domain; *_sysdb = domain->sysdb; done: talloc_free(tmp_ctx); return ret; } static int seed_domain_user_info(const char *name, const char *domain_name, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, bool *is_cached) { TALLOC_CTX *tmp_ctx = NULL; char *fq_name = NULL; struct passwd *passwd = NULL; struct ldb_result *res = NULL; int ret = EOK; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } fq_name = talloc_asprintf(tmp_ctx, "%s@%s", name, domain_name); if (fq_name == NULL) { ret = ENOMEM; goto done; } errno = 0; passwd = getpwnam(fq_name); if (passwd == NULL) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("getpwnam failed [%d] [%s]\n", ret, strerror(ret))); goto done; } /* look for user in cache */ ret = sysdb_getpwnam(tmp_ctx, sysdb, domain, name, &res); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Couldn't lookup user (%s) in the cache\n", name)); goto done; } if (res->count == 0) { DEBUG(SSSDBG_TRACE_INTERNAL, ("User (%s) wasn't found in the cache\n", name)); *is_cached = false; ret = ENOENT; goto done; } else if (res->count > 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Multiple user (%s) entries were found in the cache\n", name)); ret = EINVAL; goto done; } else { DEBUG(SSSDBG_TRACE_INTERNAL, ("User found in cache\n")); *is_cached = true; errno = 0; ret = initgroups(fq_name, passwd->pw_gid); if (ret != EOK) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("initgroups failed [%d] [%s]\n", ret, strerror(ret))); goto done; } } done: if (ret == ENOMEM) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to allocate user information\n")); } talloc_zfree(tmp_ctx); return ret; } static int seed_cache_user(struct seed_ctx *sctx) { bool in_transaction = false; int ret = EOK; errno_t sret; ret = sysdb_transaction_start(sctx->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb transaction start failure\n")); goto done; } in_transaction = true; if (sctx->user_cached == false) { ret = sysdb_add_user(sctx->sysdb, sctx->domain, sctx->uctx->name, sctx->uctx->uid, sctx->uctx->gid, sctx->uctx->gecos, sctx->uctx->home, sctx->uctx->shell, NULL, NULL, 0, 0); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to add user to the cache. (%d)[%s]\n", ret, strerror(ret))); ERROR("Failed to create user cache entry\n"); goto done; } } ret = sysdb_cache_password(sctx->sysdb, sctx->domain, sctx->uctx->name, sctx->uctx->password); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to cache password. (%d)[%s]\n", ret, strerror(ret))); ERROR("Failed to cache password\n"); goto done; } ret = sysdb_transaction_commit(sctx->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb transaction commit failure\n")); goto done; } in_transaction = false; done: if (in_transaction == true) { sret = sysdb_transaction_cancel(sctx->sysdb); if (sret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to cancel transaction\n")); } } return ret; } int main(int argc, const char **argv) { struct seed_ctx *sctx = NULL; struct user_ctx *input_uctx = NULL; int ret = EOK; /* initialize seed context and parse options */ ret = seed_init(sctx, argc, argv, &sctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE,("Seed init failed [%d][%s]\n", ret, strerror(ret))); goto done; } /* set up confdb,sysdb and domain */ ret = seed_init_db(sctx, sctx->uctx->domain_name, &sctx->confdb, &sctx->domain, &sctx->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to initialize db and domain\n")); goto done; } /* get user info from domain */ ret = seed_domain_user_info(sctx->uctx->name, sctx->uctx->domain_name, sctx->sysdb, sctx->domain, &sctx->user_cached); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed lookup of user [%s] in domain [%s]\n", sctx->uctx->name, sctx->uctx->domain_name)); } /* interactive mode to fill in user information */ if (sctx->interact == true) { if (sctx->user_cached == true) { ERROR(_("User entry already exists in the cache.\n")); ret = EEXIST; goto done; } else { ret = seed_interactive_input(sctx, sctx->uctx, &input_uctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to get seed input.\n")); ret = EINVAL; goto done; } talloc_zfree(sctx->uctx); sctx->uctx = input_uctx; } } if (sctx->user_cached == false) { if (sctx->uctx->uid == 0 || sctx->uctx->gid == 0) { /* require username, UID, and GID to continue */ DEBUG(SSSDBG_MINOR_FAILURE, ("Not enough information provided\n")); ERROR("UID and primary GID not provided.\n"); ret = EINVAL; goto done; } } /* password input */ if (sctx->password_method == PASS_FILE) { ret = seed_password_input_file(sctx->uctx, sctx->password_file, &sctx->uctx->password); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Password input failure\n")); goto done; } } else { ret = seed_password_input_prompt(sctx->uctx, &sctx->uctx->password); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Password input failure\n")); goto done; } } /* Add user info and password to sysdb cache */ ret = seed_cache_user(sctx); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to modify cache.\n")); goto done; } else { if (sctx->user_cached == false) { printf(_("User cache entry created for %1$s\n"), sctx->uctx->name); } printf(_("Temporary password added to cache entry for %1$s\n"), sctx->uctx->name); } done: talloc_zfree(sctx); if (ret != EOK) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Exit error: [%d] [%s]\n", ret, strerror(ret))); ret = EXIT_FAILURE; } else { ret = EXIT_SUCCESS; } exit(ret); } sssd-1.11.5/src/PaxHeaders.13173/krb5_plugin0000644000000000000000000000013212320753521016501 xustar000000000000000030 mtime=1396954961.702874915 30 atime=1396955003.533843848 30 ctime=1396954961.702874915 sssd-1.11.5/src/krb5_plugin/0000775002412700241270000000000012320753521017005 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/krb5_plugin/PaxHeaders.13173/sssd_krb5_locator_plugin.c0000644000000000000000000000007412320753107023727 xustar000000000000000030 atime=1396954939.255891439 30 ctime=1396954961.702874915 sssd-1.11.5/src/krb5_plugin/sssd_krb5_locator_plugin.c0000664002412700241270000002561212320753107024157 0ustar00jhrozekjhrozek00000000000000/* Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include "util/sss_krb5.h" #include #include "providers/krb5/krb5_common.h" #define DEFAULT_KERBEROS_PORT 88 #define DEFAULT_KADMIN_PORT 749 #define DEFAULT_KPASSWD_PORT 464 #define BUFSIZE 512 #define PORT_STR_SIZE 7 #define SSSD_KRB5_LOCATOR_DEBUG "SSSD_KRB5_LOCATOR_DEBUG" #define DEBUG_KEY "[sssd_krb5_locator] " #define PLUGIN_DEBUG(body) do { \ if (ctx->debug) { \ debug_fn body; \ } \ } while(0) struct sssd_ctx { char *sssd_realm; char *kdc_addr; uint16_t kdc_port; char *kpasswd_addr; uint16_t kpasswd_port; bool debug; }; void debug_fn(const char *format, ...) { va_list ap; char *s = NULL; int ret; va_start(ap, format); ret = vasprintf(&s, format, ap); va_end(ap); if (ret < 0) { /* ENOMEM */ return; } fprintf(stderr, DEBUG_KEY "%s", s); free(s); } static int get_krb5info(const char *realm, struct sssd_ctx *ctx, enum locate_service_type svc) { int ret; char *krb5info_name = NULL; size_t len; uint8_t buf[BUFSIZE + 1]; int fd = -1; const char *name_tmpl = NULL; char *port_str; long port; char *endptr; switch (svc) { case locate_service_kdc: name_tmpl = KDCINFO_TMPL; break; case locate_service_kpasswd: name_tmpl = KPASSWDINFO_TMPL; break; default: PLUGIN_DEBUG(("Unsupported service [%d].\n", svc)); return EINVAL; } len = strlen(realm) + strlen(name_tmpl); krb5info_name = calloc(1, len + 1); if (krb5info_name == NULL) { PLUGIN_DEBUG(("malloc failed.\n")); return ENOMEM; } ret = snprintf(krb5info_name, len, name_tmpl, realm); if (ret < 0) { PLUGIN_DEBUG(("snprintf failed.\n")); ret = EINVAL; goto done; } krb5info_name[len] = '\0'; fd = open(krb5info_name, O_RDONLY); if (fd == -1) { PLUGIN_DEBUG(("open failed [%s][%d][%s].\n", krb5info_name, errno, strerror(errno))); ret = errno; goto done; } memset(buf, 0, BUFSIZE+1); errno = 0; len = sss_atomic_read_s(fd, buf, BUFSIZE); if (len == -1) { ret = errno; PLUGIN_DEBUG(("read failed [%d][%s].\n", ret, strerror(ret))); close(fd); goto done; } close(fd); if (len == BUFSIZE) { PLUGIN_DEBUG(("Content of krb5info file [%s] is [%d] or larger.\n", krb5info_name, BUFSIZE)); } PLUGIN_DEBUG(("Found [%s] in [%s].\n", buf, krb5info_name)); port_str = strrchr((char *) buf, ':'); if (port_str == NULL) { port = 0; } else { *port_str = '\0'; ++port_str; if (isdigit(*port_str)) { errno = 0; port = strtol(port_str, &endptr, 10); if (errno != 0) { ret = errno; PLUGIN_DEBUG(("strtol failed on [%s]: [%d][%s], " "assuming default.\n", port_str, ret, strerror(ret))); port = 0; } if (*endptr != '\0') { PLUGIN_DEBUG(("Found additional characters [%s] in port number " "[%s], assuming default.\n", endptr, port_str)); port = 0; } if (port < 0 || port > 65535) { PLUGIN_DEBUG(("Illegal port number [%ld], assuming default.\n", port)); port = 0; } } else { PLUGIN_DEBUG(("Illegal port number [%s], assuming default.\n", port_str)); port = 0; } } switch (svc) { case locate_service_kdc: free(ctx->kdc_addr); ctx->kdc_addr = strdup((char *) buf); if (ctx->kdc_addr == NULL) { PLUGIN_DEBUG(("strdup failed.\n")); ret = ENOMEM; goto done; } ctx->kdc_port = (uint16_t) port; break; case locate_service_kpasswd: free(ctx->kpasswd_addr); ctx->kpasswd_addr = strdup((char *) buf); if (ctx->kpasswd_addr == NULL) { PLUGIN_DEBUG(("strdup failed.\n")); ret = ENOMEM; goto done; } ctx->kpasswd_port = (uint16_t) port; break; default: PLUGIN_DEBUG(("Unsupported service [%d].\n", svc)); ret = EINVAL; goto done; } ret = 0; done: free(krb5info_name); return ret; } krb5_error_code sssd_krb5_locator_init(krb5_context context, void **private_data) { struct sssd_ctx *ctx; const char *dummy; ctx = calloc(1,sizeof(struct sssd_ctx)); if (ctx == NULL) return KRB5_PLUGIN_NO_HANDLE; dummy = getenv(SSSD_KRB5_LOCATOR_DEBUG); if (dummy == NULL) { ctx->debug = false; } else { ctx->debug = true; PLUGIN_DEBUG(("sssd_krb5_locator_init called\n")); } *private_data = ctx; return 0; } void sssd_krb5_locator_close(void *private_data) { struct sssd_ctx *ctx; if (private_data == NULL) return; ctx = (struct sssd_ctx *) private_data; PLUGIN_DEBUG(("sssd_krb5_locator_close called\n")); free(ctx->kdc_addr); free(ctx->kpasswd_addr); free(ctx->sssd_realm); free(ctx); private_data = NULL; return; } krb5_error_code sssd_krb5_locator_lookup(void *private_data, enum locate_service_type svc, const char *realm, int socktype, int family, int (*cbfunc)(void *, int, struct sockaddr *), void *cbdata) { int ret; struct addrinfo *ai; struct sssd_ctx *ctx; struct addrinfo ai_hints; uint16_t port = 0; const char *addr = NULL; char port_str[PORT_STR_SIZE]; if (private_data == NULL) return KRB5_PLUGIN_NO_HANDLE; ctx = (struct sssd_ctx *) private_data; if (ctx->sssd_realm == NULL || strcmp(ctx->sssd_realm, realm) != 0) { free(ctx->sssd_realm); ctx->sssd_realm = strdup(realm); if (ctx->sssd_realm == NULL) { PLUGIN_DEBUG(("strdup failed.\n")); return KRB5_PLUGIN_NO_HANDLE; } ret = get_krb5info(realm, ctx, locate_service_kdc); if (ret != EOK) { PLUGIN_DEBUG(("get_krb5info failed.\n")); return KRB5_PLUGIN_NO_HANDLE; } if (svc == locate_service_kadmin || svc == locate_service_kpasswd || svc == locate_service_master_kdc) { ret = get_krb5info(realm, ctx, locate_service_kpasswd); if (ret != EOK) { PLUGIN_DEBUG(("reading kpasswd address failed, " "using kdc address.\n")); free(ctx->kpasswd_addr); ctx->kpasswd_addr = strdup(ctx->kdc_addr); ctx->kpasswd_port = 0; } } } PLUGIN_DEBUG(("sssd_realm[%s] requested realm[%s] family[%d] socktype[%d] " "locate_service[%d]\n", ctx->sssd_realm, realm, family, socktype, svc)); switch (svc) { case locate_service_kdc: addr = ctx->kdc_addr; port = ctx->kdc_port ? ctx->kdc_port : DEFAULT_KERBEROS_PORT; break; case locate_service_master_kdc: addr = ctx->kpasswd_addr; port = DEFAULT_KERBEROS_PORT; break; case locate_service_kadmin: addr = ctx->kpasswd_addr; port = DEFAULT_KADMIN_PORT; break; case locate_service_kpasswd: addr = ctx->kpasswd_addr; port = ctx->kpasswd_port ? ctx->kpasswd_port : DEFAULT_KPASSWD_PORT; break; case locate_service_krb524: return KRB5_PLUGIN_NO_HANDLE; default: return KRB5_PLUGIN_NO_HANDLE; } switch (family) { case AF_UNSPEC: case AF_INET: case AF_INET6: break; default: return KRB5_PLUGIN_NO_HANDLE; } switch (socktype) { case SOCK_STREAM: case SOCK_DGRAM: break; default: return KRB5_PLUGIN_NO_HANDLE; } if (strcmp(realm, ctx->sssd_realm) != 0) return KRB5_PLUGIN_NO_HANDLE; memset(port_str, 0, PORT_STR_SIZE); ret = snprintf(port_str, PORT_STR_SIZE-1, "%u", port); if (ret < 0 || ret >= (PORT_STR_SIZE-1)) { PLUGIN_DEBUG(("snprintf failed.\n")); return KRB5_PLUGIN_NO_HANDLE; } memset(&ai_hints, 0, sizeof(struct addrinfo)); ai_hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV; ai_hints.ai_socktype = socktype; ret = getaddrinfo(addr, port_str, &ai_hints, &ai); if (ret != 0) { PLUGIN_DEBUG(("getaddrinfo failed [%d][%s].\n", ret, gai_strerror(ret))); if (ret == EAI_SYSTEM) { PLUGIN_DEBUG(("getaddrinfo failed [%d][%s].\n", errno, strerror(errno))); } return KRB5_PLUGIN_NO_HANDLE; } PLUGIN_DEBUG(("addr[%s:%s] family[%d] socktype[%d]\n", addr, port_str, ai->ai_family, ai->ai_socktype)); if ((family == AF_UNSPEC || ai->ai_family == family) && ai->ai_socktype == socktype) { ret = cbfunc(cbdata, socktype, ai->ai_addr); if (ret != 0) { PLUGIN_DEBUG(("cbfunc failed\n")); freeaddrinfo(ai); return ret; } else { PLUGIN_DEBUG(("[%s] used\n", addr)); } } else { PLUGIN_DEBUG(("[%s] NOT used\n", addr)); } freeaddrinfo(ai); return 0; } const krb5plugin_service_locate_ftable service_locator = { 0, /* version */ sssd_krb5_locator_init, sssd_krb5_locator_close, sssd_krb5_locator_lookup, }; sssd-1.11.5/src/PaxHeaders.13173/providers0000644000000000000000000000013212320753521016275 xustar000000000000000030 mtime=1396954961.667874941 30 atime=1396955003.533843848 30 ctime=1396954961.667874941 sssd-1.11.5/src/providers/0000775002412700241270000000000012320753521016601 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/providers/PaxHeaders.13173/ldap0000644000000000000000000000013212320753521017215 xustar000000000000000030 mtime=1396954961.724874899 30 atime=1396955003.533843848 30 ctime=1396954961.724874899 sssd-1.11.5/src/providers/ldap/0000775002412700241270000000000012320753521017521 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_sudo_timer.c0000644000000000000000000000007412320753107024021 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.637874963 sssd-1.11.5/src/providers/ldap/sdap_async_sudo_timer.c0000664002412700241270000001317412320753107024251 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "util/util.h" #include "providers/ldap/sdap.h" #include "providers/ldap/sdap_id_op.h" #include "providers/ldap/sdap_sudo.h" struct sdap_sudo_timer_state { struct tevent_context *ev; struct sdap_sudo_ctx *sudo_ctx; time_t timeout; /* relative time how many seconds wait before canceling fn request */ sdap_sudo_timer_fn_t fn; /* request executed on 'when' */ struct tevent_req *subreq; struct tevent_timer *timer_timeout; }; static void sdap_sudo_timer(struct tevent_context *ev, struct tevent_timer *tt, struct timeval tv, void *pvt); static void sdap_sudo_timer_done(struct tevent_req *subreq); static void sdap_sudo_timer_timeout(struct tevent_context *ev, struct tevent_timer *tt, struct timeval tv, void *pvt); struct tevent_req * sdap_sudo_timer_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_sudo_ctx *sudo_ctx, struct timeval when, time_t timeout, sdap_sudo_timer_fn_t fn) { struct tevent_req *req = NULL; struct tevent_timer *timer = NULL; struct sdap_sudo_timer_state *state = NULL; int ret; /* create request */ req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_timer_state); if (req == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->ev = ev; state->sudo_ctx = sudo_ctx; state->timeout = timeout; state->fn = fn; /* set timer */ timer = tevent_add_timer(ev, req, when, sdap_sudo_timer, req); if (timer == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("tevent_add_timer() failed\n")); ret = ENOMEM; goto immediately; } return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } int sdap_sudo_timer_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct tevent_req **_subreq) { struct sdap_sudo_timer_state *state = NULL; state = tevent_req_data(req, struct sdap_sudo_timer_state); TEVENT_REQ_RETURN_ON_ERROR(req); *_subreq = talloc_steal(mem_ctx, state->subreq); return EOK; } static void sdap_sudo_timer(struct tevent_context *ev, struct tevent_timer *tt, struct timeval tv, void *pvt) { struct tevent_req *req = NULL; struct sdap_sudo_timer_state *state = NULL; req = talloc_get_type(pvt, struct tevent_req); state = tevent_req_data(req, struct sdap_sudo_timer_state); /* issue request */ state->subreq = state->fn(state, state->sudo_ctx); if (state->subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to issue timed request!\n")); tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(state->subreq, sdap_sudo_timer_done, req); /* schedule timeout */ tv = tevent_timeval_current_ofs(state->timeout, 0); state->timer_timeout = tevent_add_timer(state->ev, state->subreq, tv, sdap_sudo_timer_timeout, req); if (state->timer_timeout == NULL) { /* If we can't guarantee a timeout, we * need to cancel the request, to avoid * the possibility of starting another * concurrently */ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to set timeout, " "canceling request!\n")); talloc_zfree(state->subreq); tevent_req_error(req, ENOMEM); } } static void sdap_sudo_timer_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; struct sdap_sudo_timer_state *state = NULL; req = tevent_req_callback_data(subreq, struct tevent_req); /* do not free subreq, it is returned in recv */ /* cancel timeout */ state = tevent_req_data(req, struct sdap_sudo_timer_state); talloc_zfree(state->timer_timeout); tevent_req_done(req); } static void sdap_sudo_timer_timeout(struct tevent_context *ev, struct tevent_timer *tt, struct timeval tv, void *pvt) { struct tevent_req *req = NULL; struct sdap_sudo_timer_state *state = NULL; req = talloc_get_type(pvt, struct tevent_req); state = tevent_req_data(req, struct sdap_sudo_timer_state); DEBUG(SSSDBG_CRIT_FAILURE, ("Request timed out. Is timeout too small?" " (%lds)!\n", state->timeout)); talloc_zfree(state->subreq); tevent_req_error(req, EAGAIN); } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_reinit.c0000644000000000000000000000007412320753107021744 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.632874967 sssd-1.11.5/src/providers/ldap/sdap_reinit.c0000664002412700241270000002265412320753107022177 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "util/util.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async_enum.h" #include "db/sysdb.h" #include "db/sysdb_services.h" struct sdap_reinit_cleanup_state { struct sss_domain_info *domain; struct sysdb_ctx *sysdb; }; static errno_t sdap_reinit_clear_usn(struct sysdb_ctx *sysdb, struct sss_domain_info *domain); static void sdap_reinit_cleanup_done(struct tevent_req *subreq); static errno_t sdap_reinit_delete_records(struct sysdb_ctx *sysdb, struct sss_domain_info *domain); struct tevent_req* sdap_reinit_cleanup_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct sdap_id_ctx *id_ctx) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_reinit_cleanup_state *state; int ret; /* * 1. remove entryUSN attribute from all entries * 2. run enumeration * 3. remove records that doesn't have entryUSN attribute updated * * We don't need to do this for sudo rules, they will be refreshed * automatically during next smart/full refresh, or when an expired rule * is deleted. */ req = tevent_req_create(mem_ctx, &state, struct sdap_reinit_cleanup_state); if (req == NULL) { return NULL; } state->sysdb = be_ctx->domain->sysdb; state->domain = be_ctx->domain; if (!be_ctx->domain->enumerate) { /* enumeration is disabled, this whole process is meaningless */ ret = EOK; goto immediately; } ret = sdap_reinit_clear_usn(state->sysdb, state->domain); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to clear USN attributes [%d]: %s\n", ret, strerror(ret))); goto immediately; } subreq = sdap_dom_enum_send(id_ctx, be_ctx->ev, id_ctx, id_ctx->opts->sdom, id_ctx->conn); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to issue enumeration request\n")); ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_reinit_cleanup_done, req); return req; immediately: if (ret != EOK) { tevent_req_error(req, ret); } else { tevent_req_done(req); } tevent_req_post(req, be_ctx->ev); return req; } static void sdap_delete_msgs_usn(struct sysdb_ctx *sysdb, struct ldb_message **msgs, size_t msgs_num) { struct ldb_message_element el = { 0, SYSDB_USN, 0, NULL }; struct sysdb_attrs usn_el = { 1, &el }; errno_t ret; int i; for (i = 0; i < msgs_num; i++) { ret = sysdb_set_entry_attr(sysdb, msgs[i]->dn, &usn_el, SYSDB_MOD_DEL); if (ret) { DEBUG(SSSDBG_TRACE_FUNC, ("Failed to clean USN on entry: [%s]\n", ldb_dn_get_linearized(msgs[i]->dn))); } } } static errno_t sdap_reinit_clear_usn(struct sysdb_ctx *sysdb, struct sss_domain_info *domain) { TALLOC_CTX *tmp_ctx = NULL; bool in_transaction = false; struct ldb_message **msgs = NULL; size_t msgs_num = 0; const char *attrs[] = { "dn", NULL }; int sret; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { goto done; } in_transaction = true; /* reset users' usn */ ret = sysdb_search_users(tmp_ctx, sysdb, domain, "", attrs, &msgs_num, &msgs); if (ret != EOK) { goto done; } sdap_delete_msgs_usn(sysdb, msgs, msgs_num); talloc_zfree(msgs); msgs_num = 0; /* reset groups' usn */ ret = sysdb_search_groups(tmp_ctx, sysdb, domain, "", attrs, &msgs_num, &msgs); if (ret != EOK) { goto done; } sdap_delete_msgs_usn(sysdb, msgs, msgs_num); talloc_zfree(msgs); msgs_num = 0; /* reset services' usn */ ret = sysdb_search_services(tmp_ctx, sysdb, domain, "", attrs, &msgs_num, &msgs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot search services [%d]: %s\n", ret, strerror(ret))); goto done; } sdap_delete_msgs_usn(sysdb, msgs, msgs_num); talloc_zfree(msgs); msgs_num = 0; ret = sysdb_transaction_commit(sysdb); if (ret == EOK) { in_transaction = false; } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not commit transaction\n")); } done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } static void sdap_reinit_cleanup_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; struct sdap_reinit_cleanup_state *state = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_reinit_cleanup_state); ret = sdap_dom_enum_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Domain enumeration failed [%d]: %s\n", ret, strerror(ret))); goto fail; } /* Ok, we've completed an enumeration. Save this to the * sysdb so we can postpone starting up the enumeration * process on the next SSSD service restart (to avoid * slowing down system boot-up */ ret = sysdb_set_enumerated(state->sysdb, state->domain, true); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not mark domain as having " "enumerated.\n")); /* This error is non-fatal, so continue */ } ret = sdap_reinit_delete_records(state->sysdb, state->domain); if (ret != EOK) { goto fail; } tevent_req_done(req); return; fail: tevent_req_error(req, ret); } static void sdap_delete_msgs_dn(struct sysdb_ctx *sysdb, struct ldb_message **msgs, size_t msgs_num) { errno_t ret; int i; for (i = 0; i < msgs_num; i++) { ret = sysdb_delete_entry(sysdb, msgs[i]->dn, true); if (ret) { DEBUG(SSSDBG_TRACE_FUNC, ("Failed to delete entry: [%s]\n", ldb_dn_get_linearized(msgs[i]->dn))); } } } static errno_t sdap_reinit_delete_records(struct sysdb_ctx *sysdb, struct sss_domain_info *domain) { TALLOC_CTX *tmp_ctx = NULL; bool in_transaction = false; struct ldb_message **msgs = NULL; size_t msgs_num = 0; const char *attrs[] = { "dn", NULL }; int sret; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { goto done; } in_transaction = true; /* purge untouched users */ ret = sysdb_search_users(tmp_ctx, sysdb, domain, "(!("SYSDB_USN"=*))", attrs, &msgs_num, &msgs); if (ret != EOK) { goto done; } sdap_delete_msgs_dn(sysdb, msgs, msgs_num); talloc_zfree(msgs); msgs_num = 0; /* purge untouched groups */ ret = sysdb_search_groups(tmp_ctx, sysdb, domain, "(!("SYSDB_USN"=*))", attrs, &msgs_num, &msgs); if (ret != EOK) { goto done; } sdap_delete_msgs_dn(sysdb, msgs, msgs_num); talloc_zfree(msgs); msgs_num = 0; /* purge untouched services */ ret = sysdb_search_services(tmp_ctx, sysdb, domain, "(!("SYSDB_USN"=*))", attrs, &msgs_num, &msgs); sdap_delete_msgs_dn(sysdb, msgs, msgs_num); talloc_zfree(msgs); msgs_num = 0; ret = sysdb_transaction_commit(sysdb); if (ret == EOK) { in_transaction = false; } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not commit transaction\n")); } done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } errno_t sdap_reinit_cleanup_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_sudo.h0000644000000000000000000000007412320753107021431 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.478875081 sssd-1.11.5/src/providers/ldap/sdap_sudo.h0000664002412700241270000000742012320753107021656 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SDAP_SUDO_H_ #define _SDAP_SUDO_H_ struct sdap_sudo_ctx { struct sdap_id_ctx *id_ctx; char **hostnames; char **ip_addr; bool include_netgroups; bool include_regexp; bool use_host_filter; bool full_refresh_done; bool full_refresh_in_progress; int full_refresh_attempts; struct be_cb *first_refresh_online_cb; struct tevent_req *first_refresh_timer; }; enum sdap_sudo_refresh_type { SDAP_SUDO_REFRESH_FULL, SDAP_SUDO_REFRESH_SMART, SDAP_SUDO_REFRESH_RULES }; /* Common functions from ldap_sudo.c */ void sdap_sudo_handler(struct be_req *breq); int sdap_sudo_init(struct be_ctx *be_ctx, struct sdap_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data); /* sdap async interface */ struct tevent_req *sdap_sudo_refresh_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct sdap_options *opts, struct sdap_id_conn_cache *conn_cache, const char *ldap_filter, const char *sysdb_filter); int sdap_sudo_refresh_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, int *dp_error, int *error, char **usn, size_t *num_rules); /* timer */ typedef struct tevent_req * (*sdap_sudo_timer_fn_t)(TALLOC_CTX *mem_ctx, struct sdap_sudo_ctx *sudo_ctx); struct tevent_req * sdap_sudo_timer_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_sudo_ctx *sudo_ctx, struct timeval when, time_t timeout, sdap_sudo_timer_fn_t fn); int sdap_sudo_timer_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct tevent_req **_subreq); /* host info */ struct tevent_req * sdap_sudo_get_hostinfo_send(TALLOC_CTX *mem_ctx, struct sdap_options *opts, struct be_ctx *be_ctx); int sdap_sudo_get_hostinfo_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char ***hostnames, char ***ip_addr); /* (&(objectClass=sudoRole)(|(cn=defaults)(sudoUser=ALL)%s)) */ #define SDAP_SUDO_FILTER_USER "(&(objectClass=%s)(|(%s=%s)(%s=ALL)%s))" #define SDAP_SUDO_FILTER_CLASS "(objectClass=%s)" #define SDAP_SUDO_FILTER_DEFAULTS "(&(objectClass=%s)(%s=%s))" #define SDAP_SUDO_DEFAULTS "defaults" #define SDAP_SUDO_FILTER_USERNAME "(%s=%s)" #define SDAP_SUDO_FILTER_UID "(%s=#%u)" #define SDAP_SUDO_FILTER_GROUP "(%s=%%%s)" #define SDAP_SUDO_FILTER_NETGROUP "(%s=+%s)" #endif /* _SDAP_SUDO_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_autofs.c0000644000000000000000000000007412320753107021753 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.640874961 sssd-1.11.5/src/providers/ldap/sdap_autofs.c0000664002412700241270000002050012320753107022172 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP handler for autofs Authors: Jakub Hrozek Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_autofs.h" #include "providers/ldap/sdap.h" #include "providers/ldap/sdap_async.h" #include "providers/dp_backend.h" #include "db/sysdb_autofs.h" #include "util/util.h" static void sdap_autofs_shutdown(struct be_req *req) { sdap_handler_done(req, DP_ERR_OK, EOK, NULL); } void sdap_autofs_handler(struct be_req *be_req); /* Autofs Handler */ struct bet_ops sdap_autofs_ops = { .handler = sdap_autofs_handler, .finalize = sdap_autofs_shutdown }; int sdap_autofs_init(struct be_ctx *be_ctx, struct sdap_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data) { int ret; DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing autofs LDAP back end\n")); *ops = &sdap_autofs_ops; *pvt_data = id_ctx; ret = ldap_get_autofs_options(id_ctx, be_ctx->cdb, be_ctx->conf_path, id_ctx->opts); if (ret != EOK) { return ret; } return ret; } static struct tevent_req * sdap_autofs_get_map_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, const char *map_name); static void sdap_autofs_handler_done(struct tevent_req *req); void sdap_autofs_handler(struct be_req *be_req) { struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct sdap_id_ctx *id_ctx; struct be_autofs_req *autofs_req; struct tevent_req *req; int ret = EOK; DEBUG(SSSDBG_TRACE_INTERNAL, ("sdap autofs handler called\n")); id_ctx = talloc_get_type(be_ctx->bet_info[BET_AUTOFS].pvt_bet_data, struct sdap_id_ctx); if (be_is_offline(id_ctx->be)) { return sdap_handler_done(be_req, DP_ERR_OFFLINE, EAGAIN, "Offline"); } autofs_req = talloc_get_type(be_req_get_data(be_req), struct be_autofs_req); DEBUG(SSSDBG_FUNC_DATA, ("Requested refresh for: %s\n", autofs_req->mapname ? autofs_req->mapname : "\n")); if (autofs_req->invalidate) { ret = sysdb_invalidate_autofs_maps(id_ctx->be->domain->sysdb, id_ctx->be->domain); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not invalidate autofs maps, " "backend might return stale entries\n")); } } req = sdap_autofs_get_map_send(be_req, be_ctx->ev, id_ctx, autofs_req->mapname); if (!req) { ret = ENOMEM; goto fail; } tevent_req_set_callback(req, sdap_autofs_handler_done, be_req); return; fail: be_req_terminate(be_req, DP_ERR_FATAL, ret, NULL); } struct autofs_get_map_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; struct sdap_id_op *op; const char *map_name; int dp_error; }; static errno_t sdap_autofs_get_map_retry(struct tevent_req *req); static void sdap_autofs_get_map_connect_done(struct tevent_req *subreq); static void sdap_autofs_get_map_done(struct tevent_req *req); static struct tevent_req * sdap_autofs_get_map_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, const char *map_name) { struct tevent_req *req; struct autofs_get_map_state *state; int ret; req = tevent_req_create(mem_ctx, &state, struct autofs_get_map_state); if (!req) return NULL; state->ev = ev; state->ctx = ctx; state->dp_error = DP_ERR_FATAL; state->map_name = map_name; state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto fail; } ret = sdap_autofs_get_map_retry(req); if (ret != EOK) { goto fail; } return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static errno_t sdap_autofs_get_map_retry(struct tevent_req *req) { struct autofs_get_map_state *state = tevent_req_data(req, struct autofs_get_map_state); struct tevent_req *subreq; int ret = EOK; subreq = sdap_id_op_connect_send(state->op, state, &ret); if (!subreq) { return ret; } tevent_req_set_callback(subreq, sdap_autofs_get_map_connect_done, req); return EOK; } static void sdap_autofs_get_map_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct autofs_get_map_state *state = tevent_req_data(req, struct autofs_get_map_state); int dp_error = DP_ERR_FATAL; int ret; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } subreq = sdap_autofs_setautomntent_send(state, state->ev, state->ctx->be->domain, state->ctx->be->domain->sysdb, sdap_id_op_handle(state->op), state->op, state->ctx->opts, state->map_name); if (!subreq) { DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_autofs_setautomntent_send failed\n")); tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_autofs_get_map_done, req); } static void sdap_autofs_get_map_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct autofs_get_map_state *state = tevent_req_data(req, struct autofs_get_map_state); int dp_error = DP_ERR_FATAL; int ret; ret = sdap_autofs_setautomntent_recv(subreq); talloc_zfree(subreq); ret = sdap_id_op_done(state->op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = sdap_autofs_get_map_retry(req); if (ret != EOK) { tevent_req_error(req, ret); return; } return; } if (ret && ret != ENOENT) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } if (ret == ENOENT) { ret = sysdb_delete_autofsmap(state->ctx->be->domain->sysdb, state->ctx->be->domain, state->map_name); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot delete autofs map %s [%d]: %s\n", state->map_name, ret, strerror(ret))); tevent_req_error(req, ret); return; } } state->dp_error = DP_ERR_OK; tevent_req_done(req); } static errno_t sdap_autofs_get_map_recv(struct tevent_req *req, int *dp_error_out) { struct autofs_get_map_state *state = tevent_req_data(req, struct autofs_get_map_state); if (dp_error_out) { *dp_error_out = state->dp_error; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void sdap_autofs_handler_done(struct tevent_req *req) { struct be_req *be_req = tevent_req_callback_data(req, struct be_req); int dperr; errno_t ret; ret = sdap_autofs_get_map_recv(req, &dperr); sdap_handler_done(be_req, dperr, ret, strerror(ret)); } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_refresh.c0000644000000000000000000000007412320753107022110 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.634874965 sssd-1.11.5/src/providers/ldap/sdap_refresh.c0000664002412700241270000001054012320753107022332 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include "providers/ldap/sdap.h" #include "providers/ldap/ldap_common.h" struct sdap_refresh_netgroups_state { struct tevent_context *ev; struct sdap_id_ctx *id_ctx; char **names; size_t index; }; static errno_t sdap_refresh_netgroups_step(struct tevent_req *req); static void sdap_refresh_netgroups_done(struct tevent_req *subreq); struct tevent_req *sdap_refresh_netgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, char **names, void *pvt) { struct sdap_refresh_netgroups_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_refresh_netgroups_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->ev = ev; state->id_ctx = talloc_get_type(pvt, struct sdap_id_ctx); state->names = names; state->index = 0; if (names == NULL) { ret = EOK; goto immediately; } ret = sdap_refresh_netgroups_step(req); if (ret == EOK) { DEBUG(SSSDBG_TRACE_FUNC, ("Nothing to refresh\n")); goto immediately; } else if (ret != EAGAIN) { DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_refresh_netgroups_step() failed " "[%d]: %s\n", ret, sss_strerror(ret))); goto immediately; } return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t sdap_refresh_netgroups_step(struct tevent_req *req) { struct sdap_refresh_netgroups_state *state = NULL; struct tevent_req *subreq = NULL; const char *name = NULL; errno_t ret; state = tevent_req_data(req, struct sdap_refresh_netgroups_state); if (state->names == NULL) { ret = EOK; goto done; } name = state->names[state->index]; if (name == NULL) { ret = EOK; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Issuing refresh of netgroup %s\n", name)); subreq = ldap_netgroup_get_send(state, state->ev, state->id_ctx, state->id_ctx->opts->sdom, state->id_ctx->conn, name, true); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_refresh_netgroups_done, req); state->index++; ret = EAGAIN; done: return ret; } static void sdap_refresh_netgroups_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; errno_t dp_error; int sdap_ret; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); ret = ldap_netgroup_get_recv(subreq, &dp_error, &sdap_ret); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to refresh netgroup [dp_error: %d, " "sdap_ret: %d, errno: %d]: %s\n", dp_error, sdap_ret, ret, sss_strerror(ret))); goto done; } ret = sdap_refresh_netgroups_step(req); if (ret == EAGAIN) { return; } done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } errno_t sdap_refresh_netgroups_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_access.h0000644000000000000000000000007312320753107021717 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.475875083 sssd-1.11.5/src/providers/ldap/sdap_access.h0000664002412700241270000000405412320753107022145 0ustar00jhrozekjhrozek00000000000000/* SSSD sdap_access.h Authors: Stephen Gallagher Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef SDAP_ACCESS_H_ #define SDAP_ACCESS_H_ #include "providers/dp_backend.h" #include "providers/ldap/ldap_common.h" #define SYSDB_LDAP_ACCESS_FILTER "ldap_access_filter_allow" #define LDAP_ACCESS_FILTER_NAME "filter" #define LDAP_ACCESS_EXPIRE_NAME "expire" #define LDAP_ACCESS_SERVICE_NAME "authorized_service" #define LDAP_ACCESS_HOST_NAME "host" #define LDAP_ACCOUNT_EXPIRE_SHADOW "shadow" #define LDAP_ACCOUNT_EXPIRE_AD "ad" #define LDAP_ACCOUNT_EXPIRE_RHDS "rhds" #define LDAP_ACCOUNT_EXPIRE_IPA "ipa" #define LDAP_ACCOUNT_EXPIRE_389DS "389ds" #define LDAP_ACCOUNT_EXPIRE_NDS "nds" enum ldap_access_rule { LDAP_ACCESS_EMPTY = -1, LDAP_ACCESS_FILTER = 0, LDAP_ACCESS_EXPIRE, LDAP_ACCESS_SERVICE, LDAP_ACCESS_HOST, LDAP_ACCESS_LAST }; struct sdap_access_ctx { struct sdap_id_ctx *id_ctx; const char *filter; int access_rule[LDAP_ACCESS_LAST + 1]; }; struct tevent_req * sdap_access_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct sss_domain_info *domain, struct sdap_access_ctx *access_ctx, struct sdap_id_conn_ctx *conn, struct pam_data *pd); errno_t sdap_access_recv(struct tevent_req *req); #endif /* SDAP_ACCESS_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/ldap_auth.c0000644000000000000000000000007412320753107021404 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.616874979 sssd-1.11.5/src/providers/ldap/ldap_auth.c0000664002412700241270000012111112320753107021623 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Backend Module Authors: Sumit Bose Copyright (C) 2008 Red Hat Copyright (C) 2010, rhafer@suse.de, Novell Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifdef WITH_MOZLDAP #define LDAP_OPT_SUCCESS LDAP_SUCCESS #define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_OLD ((ber_tag_t) 0x81U) #define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U) #endif #define _XOPEN_SOURCE 500 /* for strptime() */ #include #undef _XOPEN_SOURCE #include #include #include #include #include #include "util/util.h" #include "util/user_info_msg.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_async_private.h" #define LDAP_PWEXPIRE_WARNING_TIME 0 enum pwexpire { PWEXPIRE_NONE = 0, PWEXPIRE_LDAP_PASSWORD_POLICY, PWEXPIRE_KERBEROS, PWEXPIRE_SHADOW }; static errno_t add_expired_warning(struct pam_data *pd, long exp_time) { int ret; uint32_t *data; if (exp_time < 0 || exp_time > UINT32_MAX) { DEBUG(1, ("Time to expire out of range.\n")); return EINVAL; } data = talloc_array(pd, uint32_t, 2); if (data == NULL) { DEBUG(1, ("talloc_size failed.\n")); return ENOMEM; } data[0] = SSS_PAM_USER_INFO_EXPIRE_WARN; data[1] = (uint32_t) exp_time; ret = pam_add_response(pd, SSS_PAM_USER_INFO, 2 * sizeof(uint32_t), (uint8_t *) data); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } return EOK; } static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, struct pam_data *pd, int pwd_exp_warning) { char *end; struct tm tm; time_t expire_time; int expiration_warning; int ret = ERR_INTERNAL; memset(&tm, 0, sizeof(tm)); end = strptime(expire_date, "%Y%m%d%H%M%SZ", &tm); if (end == NULL) { DEBUG(1, ("Kerberos expire date [%s] invalid.\n", expire_date)); return EINVAL; } if (*end != '\0') { DEBUG(1, ("Kerberos expire date [%s] contains extra characters.\n", expire_date)); return EINVAL; } expire_time = mktime(&tm); if (expire_time == -1) { DEBUG(1, ("mktime failed to convert [%s].\n", expire_date)); return EINVAL; } tzset(); expire_time -= timezone; DEBUG(SSSDBG_TRACE_ALL, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], tzname[1], timezone, daylight, now, expire_time)); if (difftime(now, expire_time) > 0.0) { DEBUG(4, ("Kerberos password expired.\n")); ret = ERR_PASSWORD_EXPIRED; } else { if (pwd_exp_warning >= 0) { expiration_warning = pwd_exp_warning; } else { expiration_warning = KERBEROS_PWEXPIRE_WARNING_TIME; } if (pd != NULL && (difftime(now + expiration_warning, expire_time) > 0.0 || expiration_warning == 0)) { ret = add_expired_warning(pd, (long) difftime(expire_time, now)); if (ret != EOK) { DEBUG(1, ("add_expired_warning failed.\n")); } } ret = EOK; } return ret; } static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now, struct pam_data *pd) { long today; long password_age; long exp; int ret; if (spwd->sp_lstchg <= 0) { DEBUG(4, ("Last change day is not set, new password needed.\n")); return ERR_PASSWORD_EXPIRED; } today = (long) (now / (60 * 60 *24)); password_age = today - spwd->sp_lstchg; if (password_age < 0) { DEBUG(2, ("The last password change time is in the future!.\n")); return EOK; } if ((spwd->sp_expire != -1 && today > spwd->sp_expire) || (spwd->sp_max != -1 && spwd->sp_inact != -1 && password_age > spwd->sp_max + spwd->sp_inact)) { DEBUG(4, ("Account expired.\n")); return ERR_ACCOUNT_EXPIRED; } if (spwd->sp_max != -1 && password_age > spwd->sp_max) { DEBUG(4, ("Password expired.\n")); return ERR_PASSWORD_EXPIRED; } if (pd != NULL && spwd->sp_max != -1 && spwd->sp_warn != -1 && password_age > spwd->sp_max - spwd->sp_warn ) { /* add_expired_warning() expects time in seconds */ exp = (spwd->sp_max - password_age) * (60 * 60 * 24); if (exp == 0) { /* Seconds until next midnight */ exp = ((today + 1) * (60 * 60 * 24)) - now; } ret = add_expired_warning(pd, exp); if (ret != EOK) { DEBUG(1, ("add_expired_warning failed.\n")); } } return EOK; } static errno_t check_pwexpire_ldap(struct pam_data *pd, struct sdap_ppolicy_data *ppolicy, int pwd_exp_warning) { int ret = EOK; if (ppolicy->grace >= 0 || ppolicy->expire > 0) { uint32_t *data; uint32_t *ptr; if (pwd_exp_warning < 0) { pwd_exp_warning = 0; } data = talloc_size(pd, 2* sizeof(uint32_t)); if (data == NULL) { DEBUG(1, ("talloc_size failed.\n")); return ENOMEM; } ptr = data; if (ppolicy->grace >= 0) { *ptr = SSS_PAM_USER_INFO_GRACE_LOGIN; ptr++; *ptr = ppolicy->grace; } else if (ppolicy->expire > 0) { if (pwd_exp_warning != 0 && ppolicy->expire > pwd_exp_warning) { /* do not warn */ goto done; } /* send warning */ *ptr = SSS_PAM_USER_INFO_EXPIRE_WARN; ptr++; *ptr = ppolicy->expire; } ret = pam_add_response(pd, SSS_PAM_USER_INFO, 2* sizeof(uint32_t), (uint8_t*)data); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } } done: return ret; } static errno_t find_password_expiration_attributes(TALLOC_CTX *mem_ctx, const struct ldb_message *msg, struct dp_option *opts, enum pwexpire *type, void **data) { const char *mark; const char *val; struct spwd *spwd; const char *pwd_policy; int ret; *type = PWEXPIRE_NONE; *data = NULL; pwd_policy = dp_opt_get_string(opts, SDAP_PWD_POLICY); if (pwd_policy == NULL) { DEBUG(1, ("Missing password policy.\n")); return EINVAL; } if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) == 0) { DEBUG(9, ("No password policy requested.\n")); return EOK; } else if (strcasecmp(pwd_policy, PWD_POL_OPT_MIT) == 0) { mark = ldb_msg_find_attr_as_string(msg, SYSDB_KRBPW_LASTCHANGE, NULL); if (mark != NULL) { DEBUG(9, ("Found Kerberos password expiration attributes.\n")); val = ldb_msg_find_attr_as_string(msg, SYSDB_KRBPW_EXPIRATION, NULL); if (val != NULL) { *data = talloc_strdup(mem_ctx, val); if (*data == NULL) { DEBUG(1, ("talloc_strdup failed.\n")); return ENOMEM; } *type = PWEXPIRE_KERBEROS; return EOK; } } else { DEBUG(1, ("No Kerberos password expiration attributes found, " "but MIT Kerberos password policy was requested. " "Access will be denied.\n")); return EACCES; } } else if (strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) == 0) { mark = ldb_msg_find_attr_as_string(msg, SYSDB_SHADOWPW_LASTCHANGE, NULL); if (mark != NULL) { DEBUG(9, ("Found shadow password expiration attributes.\n")); spwd = talloc_zero(mem_ctx, struct spwd); if (spwd == NULL) { DEBUG(1, ("talloc failed.\n")); return ENOMEM; } val = ldb_msg_find_attr_as_string(msg, SYSDB_SHADOWPW_LASTCHANGE, NULL); ret = string_to_shadowpw_days(val, &spwd->sp_lstchg); if (ret != EOK) goto shadow_fail; val = ldb_msg_find_attr_as_string(msg, SYSDB_SHADOWPW_MIN, NULL); ret = string_to_shadowpw_days(val, &spwd->sp_min); if (ret != EOK) goto shadow_fail; val = ldb_msg_find_attr_as_string(msg, SYSDB_SHADOWPW_MAX, NULL); ret = string_to_shadowpw_days(val, &spwd->sp_max); if (ret != EOK) goto shadow_fail; val = ldb_msg_find_attr_as_string(msg, SYSDB_SHADOWPW_WARNING, NULL); ret = string_to_shadowpw_days(val, &spwd->sp_warn); if (ret != EOK) goto shadow_fail; val = ldb_msg_find_attr_as_string(msg, SYSDB_SHADOWPW_INACTIVE, NULL); ret = string_to_shadowpw_days(val, &spwd->sp_inact); if (ret != EOK) goto shadow_fail; val = ldb_msg_find_attr_as_string(msg, SYSDB_SHADOWPW_EXPIRE, NULL); ret = string_to_shadowpw_days(val, &spwd->sp_expire); if (ret != EOK) goto shadow_fail; *data = spwd; *type = PWEXPIRE_SHADOW; return EOK; } else { DEBUG(1, ("No shadow password attributes found, " "but shadow password policy was requested. " "Access will be denied.\n")); return EACCES; } } DEBUG(9, ("No password expiration attributes found.\n")); return EOK; shadow_fail: talloc_free(spwd); return ret; } /* ==Get-User-DN========================================================== */ struct get_user_dn_state { const char *username; char *orig_dn; }; static void get_user_dn_done(struct tevent_req *subreq); static struct tevent_req *get_user_dn_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *domain, struct sdap_handle *sh, struct sdap_options *opts, const char *username) { struct tevent_req *req; struct tevent_req *subreq; struct get_user_dn_state *state; char *clean_name; char *filter; const char **attrs; errno_t ret; req = tevent_req_create(memctx, &state, struct get_user_dn_state); if (!req) return NULL; state->username = username; ret = sss_filter_sanitize(state, username, &clean_name); if (ret != EOK) { goto done; } filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", opts->user_map[SDAP_AT_USER_NAME].name, clean_name, opts->user_map[SDAP_OC_USER].name); talloc_zfree(clean_name); if (filter == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to build the base filter\n")); ret = ENOMEM; goto done; } /* We're mostly interested in the DN anyway */ attrs = talloc_array(state, const char *, 3); if (attrs == NULL) { ret = ENOMEM; goto done; } attrs[0] = "objectclass"; attrs[1] = opts->user_map[SDAP_AT_USER_NAME].name; attrs[2] = NULL; subreq = sdap_search_user_send(state, ev, domain, opts, opts->sdom->user_search_bases, sh, attrs, filter, dp_opt_get_int(opts->basic, SDAP_SEARCH_TIMEOUT), false); if (!subreq) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, get_user_dn_done, req); return req; done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void get_user_dn_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct get_user_dn_state *state = tevent_req_data(req, struct get_user_dn_state); struct ldb_message_element *el; struct sysdb_attrs **users; size_t count; ret = sdap_search_user_recv(state, subreq, NULL, &users, &count); talloc_zfree(subreq); if (ret && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to retrieve users\n")); tevent_req_error(req, ret); return; } if (count == 0) { DEBUG(SSSDBG_OP_FAILURE, ("No such user\n")); tevent_req_error(req, ENOMEM); return; } else if (count > 1) { DEBUG(SSSDBG_OP_FAILURE, ("Multiple users matched\n")); tevent_req_error(req, EIO); return; } /* exactly one user. Get the originalDN */ ret = sysdb_attrs_get_el_ext(users[0], SYSDB_ORIG_DN, false, &el); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("originalDN is not available for [%s].\n", state->username)); tevent_req_error(req, ret); return; } state->orig_dn = talloc_strdup(state, (const char *) el->values[0].data); if (state->orig_dn == NULL) { tevent_req_error(req, ENOMEM); return; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Found originalDN [%s] for [%s]\n", state->orig_dn, state->username)); tevent_req_done(req); } static int get_user_dn_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **orig_dn) { struct get_user_dn_state *state = tevent_req_data(req, struct get_user_dn_state); if (orig_dn) { *orig_dn = talloc_move(mem_ctx, &state->orig_dn); } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static int get_user_dn(TALLOC_CTX *memctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_options *opts, const char *username, char **user_dn, enum pwexpire *user_pw_expire_type, void **user_pw_expire_data) { TALLOC_CTX *tmpctx; enum pwexpire pw_expire_type; void *pw_expire_data; struct ldb_result *res; const char **attrs; const char *dn; int ret; tmpctx = talloc_new(memctx); if (!tmpctx) { return ENOMEM; } attrs = talloc_array(tmpctx, const char *, 11); if (!attrs) { ret = ENOMEM; goto done; } attrs[0] = SYSDB_ORIG_DN; attrs[1] = SYSDB_SHADOWPW_LASTCHANGE; attrs[2] = SYSDB_SHADOWPW_MIN; attrs[3] = SYSDB_SHADOWPW_MAX; attrs[4] = SYSDB_SHADOWPW_WARNING; attrs[5] = SYSDB_SHADOWPW_INACTIVE; attrs[6] = SYSDB_SHADOWPW_EXPIRE; attrs[7] = SYSDB_KRBPW_LASTCHANGE; attrs[8] = SYSDB_KRBPW_EXPIRATION; attrs[9] = SYSDB_PWD_ATTRIBUTE; attrs[10] = NULL; ret = sysdb_get_user_attr(tmpctx, sysdb, domain, username, attrs, &res); if (ret) { goto done; } switch (res->count) { case 0: /* No such user entry? Look it up */ ret = EAGAIN; break; case 1: dn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_ORIG_DN, NULL); if (dn == NULL) { /* The user entry has no original DN. This is the case when the ID * provider is not LDAP-based (proxy perhaps) */ ret = EAGAIN; break; } dn = talloc_strdup(tmpctx, dn); if (!dn) { ret = ENOMEM; break; } ret = find_password_expiration_attributes(tmpctx, res->msgs[0], opts->basic, &pw_expire_type, &pw_expire_data); if (ret != EOK) { DEBUG(1, ("find_password_expiration_attributes failed.\n")); } break; default: DEBUG(1, ("User search by name (%s) returned > 1 results!\n", username)); ret = EFAULT; break; } done: if (ret == EOK) { *user_dn = talloc_strdup(memctx, dn); if (!*user_dn) { ret = ENOMEM; } /* pw_expire_data may be NULL */ *user_pw_expire_data = talloc_steal(memctx, pw_expire_data); *user_pw_expire_type = pw_expire_type; } talloc_zfree(tmpctx); return ret; } /* ==Authenticate-User==================================================== */ struct auth_state { struct tevent_context *ev; struct sdap_auth_ctx *ctx; const char *username; struct sss_auth_token *authtok; struct sdap_service *sdap_service; struct sdap_handle *sh; char *dn; enum pwexpire pw_expire_type; void *pw_expire_data; struct fo_server *srv; }; static struct tevent_req *auth_get_server(struct tevent_req *req); static void auth_get_dn_done(struct tevent_req *subreq); static void auth_do_bind(struct tevent_req *req); static void auth_resolve_done(struct tevent_req *subreq); static void auth_connect_done(struct tevent_req *subreq); static void auth_bind_user_done(struct tevent_req *subreq); static struct tevent_req *auth_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_auth_ctx *ctx, const char *username, struct sss_auth_token *authtok, bool try_chpass_service) { struct tevent_req *req; struct auth_state *state; req = tevent_req_create(memctx, &state, struct auth_state); if (!req) return NULL; /* The token must be a password token */ if (sss_authtok_get_type(authtok) != SSS_AUTHTOK_TYPE_PASSWORD) { tevent_req_error(req, ERR_AUTH_FAILED); return tevent_req_post(req, ev); } state->ev = ev; state->ctx = ctx; state->username = username; state->authtok = authtok; state->srv = NULL; if (try_chpass_service && ctx->chpass_service != NULL && ctx->chpass_service->name != NULL) { state->sdap_service = ctx->chpass_service; } else { state->sdap_service = ctx->service; } if (!auth_get_server(req)) goto fail; return req; fail: talloc_zfree(req); return NULL; } static struct tevent_req *auth_get_server(struct tevent_req *req) { struct tevent_req *next_req; struct auth_state *state = tevent_req_data(req, struct auth_state); /* NOTE: this call may cause service->uri to be refreshed * with a new valid server. Do not use service->uri before */ next_req = be_resolve_server_send(state, state->ev, state->ctx->be, state->sdap_service->name, state->srv == NULL ? true : false); if (!next_req) { DEBUG(1, ("be_resolve_server_send failed.\n")); return NULL; } tevent_req_set_callback(next_req, auth_resolve_done, req); return next_req; } static void auth_resolve_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct auth_state *state = tevent_req_data(req, struct auth_state); int ret; bool use_tls; ret = be_resolve_server_recv(subreq, &state->srv); talloc_zfree(subreq); if (ret) { /* all servers have been tried and none * was found good, go offline */ tevent_req_error(req, ETIMEDOUT); return; } /* Determine whether we need to use TLS */ if (sdap_is_secure_uri(state->ctx->service->uri)) { DEBUG(8, ("[%s] is a secure channel. No need to run START_TLS\n", state->ctx->service->uri)); use_tls = false; } else { /* Check for undocumented debugging feature to disable TLS * for authentication. This should never be used in production * for obvious reasons. */ use_tls = !dp_opt_get_bool(state->ctx->opts->basic, SDAP_DISABLE_AUTH_TLS); if (!use_tls) { sss_log(SSS_LOG_ALERT, "LDAP authentication being performed over " "insecure connection. This should be done " "for debugging purposes only."); } } subreq = sdap_connect_send(state, state->ev, state->ctx->opts, state->sdap_service->uri, state->sdap_service->sockaddr, use_tls); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, auth_connect_done, req); } static void auth_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct auth_state *state = tevent_req_data(req, struct auth_state); int ret; ret = sdap_connect_recv(subreq, state, &state->sh); talloc_zfree(subreq); if (ret) { if (state->srv) { /* mark this server as bad if connection failed */ be_fo_set_port_status(state->ctx->be, state->sdap_service->name, state->srv, PORT_NOT_WORKING); } if (auth_get_server(req) == NULL) { tevent_req_error(req, ENOMEM); } return; } else if (state->srv) { be_fo_set_port_status(state->ctx->be, state->sdap_service->name, state->srv, PORT_WORKING); } ret = get_user_dn(state, state->ctx->be->domain->sysdb, state->ctx->be->domain, state->ctx->opts, state->username, &state->dn, &state->pw_expire_type, &state->pw_expire_data); if (ret == EOK) { /* All required user data was pre-cached during an identity lookup. * We can proceed with the bind */ auth_do_bind(req); return; } else if (ret == EAGAIN) { /* The cached user entry was missing the bind DN. Need to look * it up based on user name in order to perform the bind */ subreq = get_user_dn_send(req, state->ev, state->ctx->be->domain, state->sh, state->ctx->opts, state->username); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, auth_get_dn_done, req); return; } tevent_req_error(req, ret); return; } static void auth_get_dn_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct auth_state *state = tevent_req_data(req, struct auth_state); errno_t ret; ret = get_user_dn_recv(state, subreq, &state->dn); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ERR_ACCOUNT_UNKNOWN); return; } /* The DN was found with an LDAP lookup * We can proceed with the bind */ return auth_do_bind(req); } static void auth_do_bind(struct tevent_req *req) { struct auth_state *state = tevent_req_data(req, struct auth_state); struct tevent_req *subreq; subreq = sdap_auth_send(state, state->ev, state->sh, NULL, NULL, state->dn, state->authtok); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, auth_bind_user_done, req); } static void auth_bind_user_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct auth_state *state = tevent_req_data(req, struct auth_state); int ret; struct sdap_ppolicy_data *ppolicy = NULL; ret = sdap_auth_recv(subreq, state, &ppolicy); talloc_zfree(subreq); if (ppolicy != NULL) { DEBUG(9,("Found ppolicy data, " "assuming LDAP password policies are active.\n")); state->pw_expire_type = PWEXPIRE_LDAP_PASSWORD_POLICY; state->pw_expire_data = ppolicy; } switch (ret) { case EOK: break; case ETIMEDOUT: case ERR_NETWORK_IO: if (auth_get_server(req) == NULL) { tevent_req_error(req, ENOMEM); } return; default: tevent_req_error(req, ret); return; } tevent_req_done(req); } static errno_t auth_recv(struct tevent_req *req, TALLOC_CTX *memctx, struct sdap_handle **sh, char **dn, enum pwexpire *pw_expire_type, void **pw_expire_data) { struct auth_state *state = tevent_req_data(req, struct auth_state); if (sh != NULL) { *sh = talloc_steal(memctx, state->sh); if (*sh == NULL) return ENOMEM; } if (dn != NULL) { *dn = talloc_steal(memctx, state->dn); if (*dn == NULL) return ENOMEM; } if (pw_expire_data != NULL) { *pw_expire_data = talloc_steal(memctx, state->pw_expire_data); } *pw_expire_type = state->pw_expire_type; TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==Perform-Password-Change===================== */ struct sdap_pam_chpass_state { struct be_req *breq; struct pam_data *pd; const char *username; char *dn; struct sdap_handle *sh; struct sdap_auth_ctx *ctx; }; static void sdap_auth4chpass_done(struct tevent_req *req); static void sdap_pam_chpass_done(struct tevent_req *req); void sdap_pam_chpass_handler(struct be_req *breq) { struct be_ctx *be_ctx = be_req_get_be_ctx(breq); struct sdap_pam_chpass_state *state; struct sdap_auth_ctx *ctx; struct tevent_req *subreq; struct pam_data *pd; int dp_err = DP_ERR_FATAL; ctx = talloc_get_type(be_ctx->bet_info[BET_CHPASS].pvt_bet_data, struct sdap_auth_ctx); pd = talloc_get_type(be_req_get_data(breq), struct pam_data); if (be_is_offline(ctx->be)) { DEBUG(4, ("Backend is marked offline, retry later!\n")); pd->pam_status = PAM_AUTHINFO_UNAVAIL; dp_err = DP_ERR_OFFLINE; goto done; } if ((pd->priv == 1) && (pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) && (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD)) { DEBUG(4, ("Password reset by root is not supported.\n")); pd->pam_status = PAM_PERM_DENIED; dp_err = DP_ERR_OK; goto done; } DEBUG(2, ("starting password change request for user [%s].\n", pd->user)); pd->pam_status = PAM_SYSTEM_ERR; if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { DEBUG(2, ("chpass target was called by wrong pam command.\n")); goto done; } state = talloc_zero(breq, struct sdap_pam_chpass_state); if (!state) goto done; state->breq = breq; state->pd = pd; state->username = pd->user; state->ctx = ctx; subreq = auth_send(breq, be_ctx->ev, ctx, state->username, pd->authtok, true); if (!subreq) goto done; tevent_req_set_callback(subreq, sdap_auth4chpass_done, state); return; done: be_req_terminate(breq, dp_err, pd->pam_status, NULL); } static void sdap_lastchange_done(struct tevent_req *req); static void sdap_auth4chpass_done(struct tevent_req *req) { struct sdap_pam_chpass_state *state = tevent_req_callback_data(req, struct sdap_pam_chpass_state); struct be_ctx *be_ctx = be_req_get_be_ctx(state->breq); struct tevent_req *subreq; enum pwexpire pw_expire_type; void *pw_expire_data; int dp_err = DP_ERR_FATAL; int ret; size_t msg_len; uint8_t *msg; ret = auth_recv(req, state, &state->sh, &state->dn, &pw_expire_type, &pw_expire_data); talloc_zfree(req); if ((ret == EOK || ret == ERR_PASSWORD_EXPIRED) && state->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) { DEBUG(9, ("Initial authentication for change password operation " "successful.\n")); state->pd->pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; goto done; } if (ret == EOK) { switch (pw_expire_type) { case PWEXPIRE_SHADOW: ret = check_pwexpire_shadow(pw_expire_data, time(NULL), NULL); break; case PWEXPIRE_KERBEROS: ret = check_pwexpire_kerberos(pw_expire_data, time(NULL), NULL, be_ctx->domain->pwd_expiration_warning); if (ret == ERR_PASSWORD_EXPIRED) { DEBUG(1, ("LDAP provider cannot change kerberos " "passwords.\n")); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } break; case PWEXPIRE_LDAP_PASSWORD_POLICY: case PWEXPIRE_NONE: break; default: DEBUG(1, ("Unknow pasword expiration type.\n")); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } } switch (ret) { case EOK: case ERR_PASSWORD_EXPIRED: DEBUG(7, ("user [%s] successfully authenticated.\n", state->dn)); if (pw_expire_type == PWEXPIRE_SHADOW) { /* TODO: implement async ldap modify request */ DEBUG(1, ("Changing shadow password attributes not implemented.\n")); state->pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } else { const char *password; const char *new_password; ret = sss_authtok_get_password(state->pd->authtok, &password, NULL); if (ret) { state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } ret = sss_authtok_get_password(state->pd->newauthtok, &new_password, NULL); if (ret) { state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } subreq = sdap_exop_modify_passwd_send(state, be_ctx->ev, state->sh, state->dn, password, new_password); if (!subreq) { DEBUG(2, ("Failed to change password for %s\n", state->username)); goto done; } tevent_req_set_callback(subreq, sdap_pam_chpass_done, state); return; } break; case ERR_AUTH_DENIED: case ERR_AUTH_FAILED: state->pd->pam_status = PAM_AUTH_ERR; ret = pack_user_info_chpass_error(state->pd, "Old password not accepted.", &msg_len, &msg); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("pack_user_info_chpass_error failed.\n")); } else { ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, msg); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("pam_add_response failed.\n")); } } break; case ETIMEDOUT: case ERR_NETWORK_IO: state->pd->pam_status = PAM_AUTHINFO_UNAVAIL; be_mark_offline(be_ctx); dp_err = DP_ERR_OFFLINE; break; default: state->pd->pam_status = PAM_SYSTEM_ERR; } done: be_req_terminate(state->breq, dp_err, state->pd->pam_status, NULL); } static void sdap_pam_chpass_done(struct tevent_req *req) { struct sdap_pam_chpass_state *state = tevent_req_callback_data(req, struct sdap_pam_chpass_state); struct be_ctx *be_ctx = be_req_get_be_ctx(state->breq); int dp_err = DP_ERR_FATAL; int ret; char *user_error_message = NULL; char *lastchanged_name; struct tevent_req *subreq; size_t msg_len; uint8_t *msg; ret = sdap_exop_modify_passwd_recv(req, state, &user_error_message); talloc_zfree(req); switch (ret) { case EOK: state->pd->pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; break; case ERR_CHPASS_DENIED: state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; break; case ERR_NETWORK_IO: state->pd->pam_status = PAM_AUTHTOK_ERR; break; default: state->pd->pam_status = PAM_SYSTEM_ERR; break; } if (state->pd->pam_status != PAM_SUCCESS && user_error_message != NULL) { ret = pack_user_info_chpass_error(state->pd, user_error_message, &msg_len, &msg); if (ret != EOK) { DEBUG(1, ("pack_user_info_chpass_error failed.\n")); } else { ret = pam_add_response(state->pd, SSS_PAM_USER_INFO, msg_len, msg); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } } } if (state->pd->pam_status == PAM_SUCCESS && dp_opt_get_bool(state->ctx->opts->basic, SDAP_CHPASS_UPDATE_LAST_CHANGE)) { lastchanged_name = state->ctx->opts->user_map[SDAP_AT_SP_LSTCHG].name; subreq = sdap_modify_shadow_lastchange_send(state, be_ctx->ev, state->sh, state->dn, lastchanged_name); if (subreq == NULL) { state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } tevent_req_set_callback(subreq, sdap_lastchange_done, state); return; } done: be_req_terminate(state->breq, dp_err, state->pd->pam_status, NULL); } static void sdap_lastchange_done(struct tevent_req *req) { struct sdap_pam_chpass_state *state = tevent_req_callback_data(req, struct sdap_pam_chpass_state); int dp_err = DP_ERR_FATAL; errno_t ret; ret = sdap_modify_shadow_lastchange_recv(req); if (ret != EOK) { state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } dp_err = DP_ERR_OK; state->pd->pam_status = PAM_SUCCESS; done: be_req_terminate(state->breq, dp_err, state->pd->pam_status, NULL); } /* ==Perform-User-Authentication-and-Password-Caching===================== */ struct sdap_pam_auth_state { struct be_req *breq; struct pam_data *pd; }; static void sdap_pam_auth_done(struct tevent_req *req); void sdap_pam_auth_handler(struct be_req *breq) { struct be_ctx *be_ctx = be_req_get_be_ctx(breq); struct sdap_pam_auth_state *state; struct sdap_auth_ctx *ctx; struct tevent_req *subreq; struct pam_data *pd; int dp_err = DP_ERR_FATAL; ctx = talloc_get_type(be_ctx->bet_info[BET_AUTH].pvt_bet_data, struct sdap_auth_ctx); pd = talloc_get_type(be_req_get_data(breq), struct pam_data); if (be_is_offline(ctx->be)) { DEBUG(4, ("Backend is marked offline, retry later!\n")); pd->pam_status = PAM_AUTHINFO_UNAVAIL; dp_err = DP_ERR_OFFLINE; goto done; } pd->pam_status = PAM_SYSTEM_ERR; switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: case SSS_PAM_CHAUTHTOK_PRELIM: state = talloc_zero(breq, struct sdap_pam_auth_state); if (!state) goto done; state->breq = breq; state->pd = pd; subreq = auth_send(breq, be_ctx->ev, ctx, pd->user, pd->authtok, pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM ? true : false); if (!subreq) goto done; tevent_req_set_callback(subreq, sdap_pam_auth_done, state); return; case SSS_PAM_CHAUTHTOK: break; case SSS_PAM_ACCT_MGMT: case SSS_PAM_SETCRED: case SSS_PAM_OPEN_SESSION: case SSS_PAM_CLOSE_SESSION: pd->pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; break; default: pd->pam_status = PAM_MODULE_UNKNOWN; dp_err = DP_ERR_OK; } done: be_req_terminate(breq, dp_err, pd->pam_status, NULL); } static void sdap_pam_auth_done(struct tevent_req *req) { struct sdap_pam_auth_state *state = tevent_req_callback_data(req, struct sdap_pam_auth_state); struct be_ctx *be_ctx = be_req_get_be_ctx(state->breq); enum pwexpire pw_expire_type; void *pw_expire_data; const char *password; int dp_err = DP_ERR_OK; int ret; ret = auth_recv(req, state, NULL, NULL, &pw_expire_type, &pw_expire_data); talloc_zfree(req); if (ret == EOK) { switch (pw_expire_type) { case PWEXPIRE_SHADOW: ret = check_pwexpire_shadow(pw_expire_data, time(NULL), state->pd); if (ret != EOK) { DEBUG(1, ("check_pwexpire_shadow failed.\n")); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } break; case PWEXPIRE_KERBEROS: ret = check_pwexpire_kerberos(pw_expire_data, time(NULL), state->pd, be_ctx->domain->pwd_expiration_warning); if (ret != EOK) { DEBUG(1, ("check_pwexpire_kerberos failed.\n")); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } break; case PWEXPIRE_LDAP_PASSWORD_POLICY: ret = check_pwexpire_ldap(state->pd, pw_expire_data, be_ctx->domain->pwd_expiration_warning); if (ret != EOK) { DEBUG(1, ("check_pwexpire_ldap failed.\n")); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } break; case PWEXPIRE_NONE: break; default: DEBUG(1, ("Unknow pasword expiration type.\n")); state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } } switch (ret) { case EOK: state->pd->pam_status = PAM_SUCCESS; break; case ERR_AUTH_DENIED: state->pd->pam_status = PAM_PERM_DENIED; break; case ERR_AUTH_FAILED: state->pd->pam_status = PAM_AUTH_ERR; break; case ETIMEDOUT: case ERR_NETWORK_IO: state->pd->pam_status = PAM_AUTHINFO_UNAVAIL; break; case ERR_ACCOUNT_EXPIRED: state->pd->pam_status = PAM_ACCT_EXPIRED; break; case ERR_PASSWORD_EXPIRED: state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; break; default: state->pd->pam_status = PAM_SYSTEM_ERR; dp_err = DP_ERR_FATAL; } if (ret == ETIMEDOUT || ret == ERR_NETWORK_IO) { be_mark_offline(be_ctx); dp_err = DP_ERR_OFFLINE; goto done; } if (ret == EOK && be_ctx->domain->cache_credentials) { ret = sss_authtok_get_password(state->pd->authtok, &password, NULL); if (ret == EOK) { ret = sysdb_cache_password(be_ctx->domain->sysdb, be_ctx->domain, state->pd->user, password); } /* password caching failures are not fatal errors */ if (ret != EOK) { DEBUG(2, ("Failed to cache password for %s\n", state->pd->user)); } else { DEBUG(4, ("Password successfully cached for %s\n", state->pd->user)); } } done: be_req_terminate(state->breq, dp_err, state->pd->pam_status, NULL); } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_groups.c0000644000000000000000000000007312320753107023165 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.620874976 sssd-1.11.5/src/providers/ldap/sdap_async_groups.c0000664002412700241270000022325512320753107023421 0ustar00jhrozekjhrozek00000000000000/* SSSD Async LDAP Helper routines - retrieving groups Copyright (C) Simo Sorce - 2009 Copyright (C) 2010, Ralf Haferkamp , Novell Inc. Copyright (C) Jan Zeleny - 2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_idmap.h" #include "providers/ad/ad_common.h" /* ==Group-Parsing Routines=============================================== */ static int sdap_find_entry_by_origDN(TALLOC_CTX *memctx, struct sysdb_ctx *ctx, struct sss_domain_info *domain, const char *orig_dn, char **localdn) { TALLOC_CTX *tmpctx; const char *no_attrs[] = { NULL }; struct ldb_dn *base_dn; char *filter; struct ldb_message **msgs; size_t num_msgs; int ret; char *sanitized_dn; tmpctx = talloc_new(NULL); if (!tmpctx) { return ENOMEM; } ret = sss_filter_sanitize(tmpctx, orig_dn, &sanitized_dn); if (ret != EOK) { ret = ENOMEM; goto done; } filter = talloc_asprintf(tmpctx, "%s=%s", SYSDB_ORIG_DN, sanitized_dn); if (!filter) { ret = ENOMEM; goto done; } base_dn = sysdb_domain_dn(ctx, tmpctx, domain); if (!base_dn) { ret = ENOMEM; goto done; } DEBUG(9, ("Searching cache for [%s].\n", sanitized_dn)); ret = sysdb_search_entry(tmpctx, ctx, base_dn, LDB_SCOPE_SUBTREE, filter, no_attrs, &num_msgs, &msgs); if (ret) { goto done; } if (num_msgs != 1) { ret = ENOENT; goto done; } *localdn = talloc_strdup(memctx, ldb_dn_get_linearized(msgs[0]->dn)); if (!*localdn) { ret = ENOENT; goto done; } ret = EOK; done: talloc_zfree(tmpctx); return ret; } static errno_t sdap_get_members_with_primary_gid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, gid_t gid, char ***_localdn, size_t *_ndn) { static const char *search_attrs[] = { SYSDB_NAME, NULL }; char *filter; struct ldb_message **msgs; size_t count; size_t i; errno_t ret; char **localdn; /* Don't search if the group is non-posix */ if (!gid) return EOK; filter = talloc_asprintf(mem_ctx, "(%s=%llu)", SYSDB_GIDNUM, (unsigned long long) gid); if (!filter) { return ENOMEM; } ret = sysdb_search_users(mem_ctx, sysdb, domain, filter, search_attrs, &count, &msgs); talloc_free(filter); if (ret == ENOENT) { *_localdn = NULL; *_ndn = 0; return EOK; } else if (ret != EOK) { return ret; } localdn = talloc_array(mem_ctx, char *, count); if (!localdn) { talloc_free(msgs); return ENOMEM; } for (i=0; i < count; i++) { localdn[i] = talloc_strdup(localdn, ldb_dn_get_linearized(msgs[i]->dn)); if (!localdn[i]) { talloc_free(localdn); talloc_free(msgs); return ENOMEM; } } talloc_free(msgs); *_localdn = localdn; *_ndn = count; return EOK; } static errno_t sdap_dn_by_primary_gid(TALLOC_CTX *mem_ctx, struct sysdb_attrs *ldap_attrs, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_options *opts, char ***_dn_list, size_t *_count) { gid_t gid; errno_t ret; ret = sysdb_attrs_get_uint32_t(ldap_attrs, opts->group_map[SDAP_AT_GROUP_GID].sys_name, &gid); if (ret == ENOENT) { /* Non-posix AD group. Skip. */ *_dn_list = NULL; *_count = 0; return EOK; } else if (ret && ret != ENOENT) { return ret; } ret = sdap_get_members_with_primary_gid(mem_ctx, sysdb, domain, gid, _dn_list, _count); if (ret) return ret; return EOK; } static int sdap_fill_memberships(struct sdap_options *opts, struct sysdb_attrs *group_attrs, struct sysdb_ctx *ctx, struct sss_domain_info *domain, hash_table_t *ghosts, struct ldb_val *values, int num_values, char **userdns, size_t nuserdns) { struct ldb_message_element *el; int i, j; int ret; errno_t hret; hash_key_t key; hash_value_t value; struct sdap_domain *sdom; struct sysdb_ctx *member_sysdb; struct sss_domain_info *member_dom; ret = sysdb_attrs_get_el(group_attrs, SYSDB_MEMBER, &el); if (ret) { goto done; } /* Just allocate both big enough to contain all members for now */ el->values = talloc_realloc(group_attrs, el->values, struct ldb_val, el->num_values + num_values + nuserdns); if (!el->values) { ret = ENOMEM; goto done; } j = el->num_values; for (i = 0; i < num_values; i++) { if (ghosts == NULL) { hret = HASH_ERROR_KEY_NOT_FOUND; } else { key.type = HASH_KEY_STRING; key.str = (char *)values[i].data; hret = hash_lookup(ghosts, &key, &value); } if (hret == HASH_ERROR_KEY_NOT_FOUND) { sdom = sdap_domain_get_by_dn(opts, (char *)values[i].data); if (sdom == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Member [%s] is it out of domain " "scope?\n", (char *)values[i].data)); member_sysdb = ctx; member_dom = domain; } else { member_sysdb = sdom->dom->sysdb; member_dom = sdom->dom; } /* sync search entry with this as origDN */ ret = sdap_find_entry_by_origDN(el->values, member_sysdb, member_dom, (char *)values[i].data, (char **)&el->values[j].data); if (ret == ENOENT) { /* member may be outside of the configured search bases * or out of scope of nesting limit */ DEBUG(SSSDBG_MINOR_FAILURE, ("Member [%s] was not found in " "cache. Is it out of scope?\n", (char *)values[i].data)); continue; } if (ret != EOK) { goto done; } DEBUG(7, (" member #%d (%s): [%s]\n", i, (char *)values[i].data, (char *)el->values[j].data)); el->values[j].length = strlen((char *)el->values[j].data); j++; } else if (hret != HASH_SUCCESS) { ret = EFAULT; goto done; } /* If the member is in ghost table, it has * already been processed - just skip it */ } el->num_values = j; for (i=0; i < nuserdns; i++) { el->values[el->num_values + i].data = (uint8_t *) \ talloc_steal(group_attrs, userdns[i]); el->values[el->num_values + i].length = strlen(userdns[i]); } el->num_values += nuserdns; ret = EOK; done: return ret; } /* ==Save-Group-Entry===================================================== */ /* FIXME: support non legacy */ /* FIXME: support storing additional attributes */ static errno_t sdap_store_group_with_gid(struct sysdb_ctx *ctx, struct sss_domain_info *domain, const char *name, gid_t gid, struct sysdb_attrs *group_attrs, uint64_t cache_timeout, bool posix_group, time_t now) { errno_t ret; /* make sure that non-posix (empty or explicit gid=0) groups have the * gidNumber set to zero even if updating existing group */ if (!posix_group) { ret = sysdb_attrs_add_uint32(group_attrs, SYSDB_GIDNUM, 0); if (ret) { DEBUG(2, ("Could not set explicit GID 0 for %s\n", name)); return ret; } } ret = sysdb_store_group(ctx, domain, name, gid, group_attrs, cache_timeout, now); if (ret) { DEBUG(2, ("Could not store group %s\n", name)); return ret; } return ret; } static errno_t sdap_process_ghost_members(struct sysdb_attrs *attrs, struct sdap_options *opts, hash_table_t *ghosts, bool populate_members, bool store_original_member, struct sysdb_attrs *sysdb_attrs) { errno_t ret; struct ldb_message_element *gh; struct ldb_message_element *memberel; struct ldb_message_element *sysdb_memberel; struct ldb_message_element *ghostel; size_t cnt; int i; int hret; hash_key_t key; hash_value_t value; ret = sysdb_attrs_get_el(attrs, SYSDB_GHOST, &gh); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error reading ghost attributes: [%s]\n", strerror(ret))); return ret; } ret = sysdb_attrs_get_el_ext(attrs, opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, false, &memberel); if (ret == ENOENT) { /* Create a dummy element with no values in order for the loop to just * fall through and make sure the attrs array is not reallocated. */ memberel = talloc(attrs, struct ldb_message_element); if (memberel == NULL) { return ENOMEM; } memberel->num_values = 0; memberel->values = NULL; } else if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error reading members: [%s]\n", strerror(ret))); return ret; } if (store_original_member) { DEBUG(SSSDBG_TRACE_FUNC, ("The group has %d members\n", memberel->num_values)); for (i = 0; i < memberel->num_values; i++) { ret = sysdb_attrs_add_string(sysdb_attrs, SYSDB_ORIG_MEMBER, (const char *) memberel->values[i].data); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add member [%s]\n", (const char *) memberel->values[i].data)); return ret; } } } if (populate_members) { ret = sysdb_attrs_get_el(sysdb_attrs, SYSDB_MEMBER, &sysdb_memberel); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error reading group members from group_attrs: [%s]\n", strerror(ret))); return ret; } sysdb_memberel->values = memberel->values; sysdb_memberel->num_values = memberel->num_values; } ret = sysdb_attrs_get_el(sysdb_attrs, SYSDB_GHOST, &ghostel); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error getting ghost element: [%s]\n", strerror(ret))); return ret; } ghostel->values = gh->values; ghostel->num_values = gh->num_values; cnt = ghostel->num_values + memberel->num_values; DEBUG(SSSDBG_TRACE_FUNC, ("Group has %zu members\n", cnt)); /* Now process RFC2307bis ghost hash table */ if (ghosts && cnt > 0) { ghostel->values = talloc_realloc(sysdb_attrs, ghostel->values, struct ldb_val, cnt); if (ghostel->values == NULL) { return ENOMEM; } for (i = 0; i < memberel->num_values; i++) { key.type = HASH_KEY_STRING; key.str = (char *) memberel->values[i].data; hret = hash_lookup(ghosts, &key, &value); if (hret == HASH_ERROR_KEY_NOT_FOUND) { continue; } else if (hret != HASH_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error checking hash table: [%s]\n", hash_error_string(hret))); return EFAULT; } DEBUG(SSSDBG_TRACE_FUNC, ("Adding ghost member for group [%s]\n", (char *) value.ptr)); ghostel->values[ghostel->num_values].data = \ (uint8_t *) talloc_strdup(ghostel->values, value.ptr); if (ghostel->values[ghostel->num_values].data == NULL) { return ENOMEM; } ghostel->values[ghostel->num_values].length = strlen(value.ptr); ghostel->num_values++; } } return EOK; } static int sdap_save_group(TALLOC_CTX *memctx, struct sysdb_ctx *ctx, struct sdap_options *opts, struct sss_domain_info *dom, struct sysdb_attrs *attrs, bool populate_members, bool store_original_member, hash_table_t *ghosts, char **_usn_value, time_t now) { struct ldb_message_element *el; struct sysdb_attrs *group_attrs; const char *group_name = NULL; gid_t gid; errno_t ret; char *usn_value = NULL; TALLOC_CTX *tmpctx = NULL; bool posix_group; bool use_id_mapping; char *sid_str; struct sss_domain_info *subdomain; int32_t ad_group_type; tmpctx = talloc_new(NULL); if (!tmpctx) { ret = ENOMEM; goto done; } group_attrs = sysdb_new_attrs(tmpctx); if (group_attrs == NULL) { ret = ENOMEM; goto done; } /* Always store SID string if available */ ret = sdap_attrs_get_sid_str(tmpctx, opts->idmap_ctx, attrs, opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, &sid_str); if (ret == EOK) { ret = sysdb_attrs_add_string(group_attrs, SYSDB_SID_STR, sid_str); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not add SID string: [%s]\n", strerror(ret))); goto done; } } else if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_ALL, ("objectSID: not available for group [%s].\n", group_name)); sid_str = NULL; } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not identify objectSID: [%s]\n", strerror(ret))); sid_str = NULL; } /* If this object has a SID available, we will determine the correct * domain by its SID. */ if (sid_str != NULL) { subdomain = find_subdomain_by_sid(get_domains_head(dom), sid_str); if (subdomain) { dom = subdomain; } else { DEBUG(SSSDBG_TRACE_FUNC, ("SID %s does not belong to any known " "domain\n", sid_str)); } } ret = sdap_get_group_primary_name(tmpctx, opts, attrs, dom, &group_name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get group name\n")); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Processing group %s\n", group_name)); posix_group = true; if (opts->schema_type == SDAP_SCHEMA_AD) { ret = sysdb_attrs_get_int32_t(attrs, SYSDB_GROUP_TYPE, &ad_group_type); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_int32_t failed.\n")); goto done; } DEBUG(SSSDBG_TRACE_ALL, ("AD group [%s] has type flags %#x.", group_name, ad_group_type)); /* Only security groups from AD are considered for POSIX groups. * Additionally only global and universal group are taken to account * for trusted domains. */ if (!(ad_group_type & SDAP_AD_GROUP_TYPE_SECURITY) || (IS_SUBDOMAIN(dom) && (!((ad_group_type & SDAP_AD_GROUP_TYPE_GLOBAL) || (ad_group_type & SDAP_AD_GROUP_TYPE_UNIVERSAL))))) { posix_group = false; gid = 0; DEBUG(SSSDBG_TRACE_FUNC, ("Filtering AD group [%s].\n", group_name)); ret = sysdb_attrs_add_uint32(group_attrs, opts->group_map[SDAP_AT_GROUP_GID].sys_name, 0); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to add a GID to non-posix group!\n")); return ret; } ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, false); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Error: Failed to mark group as non-posix!\n")); return ret; } } } if (posix_group) { use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx, dom->name, sid_str); if (use_id_mapping) { posix_group = true; if (sid_str == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("SID not available, cannot map a " \ "unix ID to group [%s].\n", group_name)); ret = ENOENT; goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Mapping group [%s] objectSID [%s] to unix ID\n", group_name, sid_str)); /* Convert the SID into a UNIX group ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &gid); if (ret == ENOTSUP) { /* ENOTSUP is returned if built-in SID was provided * => do not store the group, but return EOK */ DEBUG(SSSDBG_TRACE_FUNC, ("Skipping built-in object.\n")); ret = EOK; goto done; } else if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not convert SID string: [%s]\n", strerror(ret))); goto done; } /* Store the GID in the ldap_attrs so it doesn't get * treated as a missing attribute from LDAP and removed. */ ret = sdap_replace_id(attrs, SYSDB_GIDNUM, gid); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the id-mapped GID\n")); goto done; } } else { ret = sysdb_attrs_get_bool(attrs, SYSDB_POSIX, &posix_group); if (ret == ENOENT) { posix_group = true; } else if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error reading posix attribute: [%s]\n", strerror(ret))); goto done; } DEBUG(8, ("This is%s a posix group\n", (posix_group)?"":" not")); ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, posix_group); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error setting posix attribute: [%s]\n", strerror(ret))); goto done; } ret = sysdb_attrs_get_uint32_t(attrs, opts->group_map[SDAP_AT_GROUP_GID].sys_name, &gid); if (ret != EOK) { DEBUG(1, ("no gid provided for [%s] in domain [%s].\n", group_name, dom->name)); ret = EINVAL; goto done; } } } /* check that the gid is valid for this domain */ if (posix_group) { if (OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) { DEBUG(SSSDBG_MINOR_FAILURE, ("Group [%s] filtered out! (id out of range)\n", group_name)); ret = EINVAL; goto done; } /* Group ID OK */ } ret = sdap_attrs_add_string(attrs, SYSDB_ORIG_DN, "original DN", group_name, group_attrs); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error setting original DN: [%s]\n", strerror(ret))); goto done; } ret = sdap_attrs_add_string(attrs, opts->group_map[SDAP_AT_GROUP_MODSTAMP].sys_name, "original mod-Timestamp", group_name, group_attrs); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error setting mod timestamp: [%s]\n", strerror(ret))); goto done; } ret = sysdb_attrs_get_el(attrs, opts->group_map[SDAP_AT_GROUP_USN].sys_name, &el); if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error looking up group USN: [%s]\n", strerror(ret))); goto done; } if (el->num_values == 0) { DEBUG(SSSDBG_TRACE_FUNC, ("Original USN value is not available for [%s].\n", group_name)); } else { ret = sysdb_attrs_add_string(group_attrs, opts->group_map[SDAP_AT_GROUP_USN].sys_name, (const char*)el->values[0].data); if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error setting group USN: [%s]\n", strerror(ret))); goto done; } usn_value = talloc_strdup(tmpctx, (const char*)el->values[0].data); if (!usn_value) { ret = ENOMEM; goto done; } } ret = sdap_process_ghost_members(attrs, opts, ghosts, populate_members, store_original_member, group_attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to save ghost members\n")); goto done; } ret = sdap_save_all_names(group_name, attrs, dom, group_attrs); if (ret != EOK) { DEBUG(1, ("Failed to save group names\n")); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Storing info for group %s\n", group_name)); ret = sdap_store_group_with_gid(ctx, dom, group_name, gid, group_attrs, dom->group_timeout, posix_group, now); if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not store group with GID: [%s]\n", strerror(ret))); goto done; } if (_usn_value) { *_usn_value = talloc_steal(memctx, usn_value); } talloc_steal(memctx, group_attrs); ret = EOK; done: if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to save group [%s]: [%s]\n", group_name ? group_name : "Unknown", strerror(ret))); } talloc_free(tmpctx); return ret; } /* ==Save-Group-Memebrs=================================================== */ /* FIXME: support non legacy */ /* FIXME: support storing additional attributes */ static int sdap_save_grpmem(TALLOC_CTX *memctx, struct sysdb_ctx *ctx, struct sdap_options *opts, struct sss_domain_info *dom, struct sysdb_attrs *attrs, hash_table_t *ghosts, time_t now) { struct ldb_message_element *el; struct sysdb_attrs *group_attrs = NULL; const char *group_name; char **userdns = NULL; size_t nuserdns = 0; int ret; ret = sdap_get_group_primary_name(memctx, opts, attrs, dom, &group_name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get group name\n")); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, ("Processing group %s\n", group_name)); /* With AD we also want to merge in parent groups of primary GID as they * are reported with tokenGroups, too */ if (opts->schema_type == SDAP_SCHEMA_AD) { ret = sdap_dn_by_primary_gid(memctx, attrs, ctx, dom, opts, &userdns, &nuserdns); if (ret != EOK) { goto fail; } } ret = sysdb_attrs_get_el(attrs, opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, &el); if (ret != EOK) { goto fail; } if (el->num_values == 0 && nuserdns == 0) { DEBUG(SSSDBG_TRACE_FUNC, ("No members for group [%s]\n", group_name)); } else { DEBUG(SSSDBG_TRACE_FUNC, ("Adding member users to group [%s]\n", group_name)); group_attrs = sysdb_new_attrs(memctx); if (!group_attrs) { ret = ENOMEM; goto fail; } ret = sdap_fill_memberships(opts, group_attrs, ctx, dom, ghosts, el->values, el->num_values, userdns, nuserdns); if (ret) { goto fail; } } ret = sysdb_store_group(ctx, dom, group_name, 0, group_attrs, dom->group_timeout, now); if (ret) goto fail; return EOK; fail: DEBUG(SSSDBG_OP_FAILURE, ("Failed to save members of group %s\n", group_name)); return ret; } /* ==Generic-Function-to-save-multiple-groups============================= */ static int sdap_save_groups(TALLOC_CTX *memctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs **groups, int num_groups, bool populate_members, hash_table_t *ghosts, bool save_orig_member, char **_usn_value) { TALLOC_CTX *tmpctx; char *higher_usn = NULL; char *usn_value; bool twopass; bool has_nesting = false; int ret; errno_t sret; int i; struct sysdb_attrs **saved_groups = NULL; int nsaved_groups = 0; time_t now; bool in_transaction = false; switch (opts->schema_type) { case SDAP_SCHEMA_RFC2307: twopass = false; break; case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_IPA_V1: case SDAP_SCHEMA_AD: twopass = true; has_nesting = true; break; default: return EINVAL; } tmpctx = talloc_new(memctx); if (!tmpctx) { return ENOMEM; } ret = sysdb_transaction_start(sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; if (twopass && !populate_members) { saved_groups = talloc_array(tmpctx, struct sysdb_attrs *, num_groups); if (!saved_groups) { ret = ENOMEM; goto done; } } now = time(NULL); for (i = 0; i < num_groups; i++) { usn_value = NULL; /* if 2 pass savemembers = false */ ret = sdap_save_group(tmpctx, sysdb, opts, dom, groups[i], populate_members, has_nesting && save_orig_member, ghosts, &usn_value, now); /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { DEBUG(2, ("Failed to store group %d. Ignoring.\n", i)); } else { DEBUG(9, ("Group %d processed!\n", i)); if (twopass && !populate_members) { saved_groups[nsaved_groups] = groups[i]; nsaved_groups++; } } if (usn_value) { if (higher_usn) { if ((strlen(usn_value) > strlen(higher_usn)) || (strcmp(usn_value, higher_usn) > 0)) { talloc_zfree(higher_usn); higher_usn = usn_value; } else { talloc_zfree(usn_value); } } else { higher_usn = usn_value; } } } if (twopass && !populate_members) { for (i = 0; i < nsaved_groups; i++) { ret = sdap_save_grpmem(tmpctx, sysdb, opts, dom, saved_groups[i], ghosts, now); /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { DEBUG(2, ("Failed to store group %d members.\n", i)); } else { DEBUG(9, ("Group %d members processed!\n", i)); } } } ret = sysdb_transaction_commit(sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction!\n")); goto done; } in_transaction = false; if (_usn_value) { *_usn_value = talloc_steal(memctx, higher_usn); } done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } talloc_zfree(tmpctx); return ret; } /* ==Process-Groups======================================================= */ struct sdap_process_group_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; struct sss_domain_info *dom; struct sysdb_ctx *sysdb; struct sysdb_attrs *group; struct ldb_message_element* sysdb_dns; struct ldb_message_element* ghost_dns; char **queued_members; int queue_len; const char **attrs; const char *filter; size_t queue_idx; size_t count; size_t check_count; bool enumeration; }; #define GROUPMEMBER_REQ_PARALLEL 50 static void sdap_process_group_members(struct tevent_req *subreq); static int sdap_process_group_members_2307bis(struct tevent_req *req, struct sdap_process_group_state *state, struct ldb_message_element *memberel); static int sdap_process_group_members_2307(struct sdap_process_group_state *state, struct ldb_message_element *memberel, struct ldb_message_element *ghostel); static errno_t sdap_process_group_create_dns(TALLOC_CTX *mem_ctx, size_t num_values, struct ldb_message_element **_dns) { struct ldb_message_element *dns; dns = talloc(mem_ctx, struct ldb_message_element); if (dns == NULL) { return ENOMEM; } dns->num_values = 0; dns->values = talloc_array(dns, struct ldb_val, num_values); if (dns->values == NULL) { talloc_zfree(dns); return ENOMEM; } *_dns = dns; return EOK; } struct tevent_req *sdap_process_group_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *dom, struct sysdb_ctx *sysdb, struct sdap_options *opts, struct sdap_handle *sh, struct sysdb_attrs *group, bool enumeration) { struct ldb_message_element *el; struct ldb_message_element *ghostel; struct sdap_process_group_state *grp_state; struct tevent_req *req = NULL; const char **attrs; char* filter; int ret; req = tevent_req_create(memctx, &grp_state, struct sdap_process_group_state); if (!req) return NULL; ret = build_attrs_from_map(grp_state, opts->user_map, SDAP_OPTS_USER, NULL, &attrs, NULL); if (ret) { goto done; } /* FIXME: we ignore nested rfc2307bis groups for now */ filter = talloc_asprintf(grp_state, "(objectclass=%s)", opts->user_map[SDAP_OC_USER].name); if (!filter) { talloc_zfree(req); return NULL; } grp_state->ev = ev; grp_state->opts = opts; grp_state->dom = dom; grp_state->sh = sh; grp_state->sysdb = sysdb; grp_state->group = group; grp_state->check_count = 0; grp_state->queue_idx = 0; grp_state->queued_members = NULL; grp_state->queue_len = 0; grp_state->filter = filter; grp_state->attrs = attrs; grp_state->enumeration = enumeration; ret = sysdb_attrs_get_el(group, opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, &el); if (ret) { goto done; } /* Group without members */ if (el->num_values == 0) { DEBUG(2, ("No Members. Done!\n")); ret = EOK; goto done; } ret = sysdb_attrs_get_el(group, SYSDB_GHOST, &ghostel); if (ret) { goto done; } if (ghostel->num_values == 0) { /* Element was probably newly created, look for "member" again */ ret = sysdb_attrs_get_el(group, opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, &el); if (ret != EOK) { goto done; } } ret = sdap_process_group_create_dns(grp_state, el->num_values, &grp_state->sysdb_dns); if (ret != EOK) { goto done; } ret = sdap_process_group_create_dns(grp_state, el->num_values, &grp_state->ghost_dns); if (ret != EOK) { goto done; } switch (opts->schema_type) { case SDAP_SCHEMA_RFC2307: ret = sdap_process_group_members_2307(grp_state, el, ghostel); break; case SDAP_SCHEMA_IPA_V1: case SDAP_SCHEMA_AD: case SDAP_SCHEMA_RFC2307BIS: /* Note that this code branch will be used only if * ldap_nesting_level = 0 is set in config file */ ret = sdap_process_group_members_2307bis(req, grp_state, el); break; default: DEBUG(1, ("Unknown schema type %d\n", opts->schema_type)); ret = EINVAL; break; } done: /* We managed to process all the entries */ /* EBUSY means we need to wait for entries in LDAP */ if (ret == EOK) { DEBUG(7, ("All group members processed\n")); tevent_req_done(req); tevent_req_post(req, ev); } if (ret != EOK && ret != EBUSY) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static int sdap_process_missing_member_2307bis(struct tevent_req *req, char *user_dn, unsigned num_users) { struct sdap_process_group_state *grp_state = tevent_req_data(req, struct sdap_process_group_state); struct tevent_req *subreq; /* * Issue at most GROUPMEMBER_REQ_PARALLEL LDAP searches at once. * The rest is sent while the results are being processed. * We limit the number as of request here, as the Server might * enforce limits on the number of pending operations per * connection. */ if (grp_state->check_count > GROUPMEMBER_REQ_PARALLEL) { DEBUG(7, (" queueing search for: %s\n", user_dn)); if (!grp_state->queued_members) { DEBUG(SSSDBG_TRACE_LIBS, ("Allocating queue for %zu members\n", num_users - grp_state->check_count)); grp_state->queued_members = talloc_array(grp_state, char *, num_users - grp_state->check_count + 1); if (!grp_state->queued_members) { return ENOMEM; } } grp_state->queued_members[grp_state->queue_len] = user_dn; grp_state->queue_len++; } else { subreq = sdap_get_generic_send(grp_state, grp_state->ev, grp_state->opts, grp_state->sh, user_dn, LDAP_SCOPE_BASE, grp_state->filter, grp_state->attrs, grp_state->opts->user_map, SDAP_OPTS_USER, dp_opt_get_int(grp_state->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (!subreq) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_process_group_members, req); } grp_state->check_count++; return EOK; } static int sdap_process_group_members_2307bis(struct tevent_req *req, struct sdap_process_group_state *state, struct ldb_message_element *memberel) { char *member_dn; char *strdn; int ret; int i; for (i=0; i < memberel->num_values; i++) { member_dn = (char *)memberel->values[i].data; ret = sdap_find_entry_by_origDN(state->sysdb_dns->values, state->sysdb, state->dom, member_dn, &strdn); if (ret == EOK) { /* * User already cached in sysdb. Remember the sysdb DN for later * use by sdap_save_groups() */ DEBUG(7, ("sysdbdn: %s\n", strdn)); state->sysdb_dns->values[state->sysdb_dns->num_values].data = (uint8_t*) strdn; state->sysdb_dns->values[state->sysdb_dns->num_values].length = strlen(strdn); state->sysdb_dns->num_values++; } else if (ret == ENOENT) { if (!state->enumeration) { /* The user is not in sysdb, need to add it * We don't need to do this if we're in an enumeration, * because all real members should all be populated * already by the first pass of the enumeration. * Also, we don't want to be holding the sysdb * transaction while we're performing LDAP lookups. */ DEBUG(7, ("Searching LDAP for missing user entry\n")); ret = sdap_process_missing_member_2307bis(req, member_dn, memberel->num_values); if (ret != EOK) { DEBUG(1, ("Error processing missing member #%d (%s):\n", i, member_dn)); return ret; } } } else { DEBUG(1, ("Error checking cache for member #%d (%s):\n", i, (char *)memberel->values[i].data)); return ret; } } if (state->queue_len > 0) { state->queued_members[state->queue_len]=NULL; } if (state->check_count == 0) { /* * All group members are already cached in sysdb, we are done * with this group. To avoid redundant sysdb lookups, populate the * "member" attribute of the group entry with the sysdb DNs of * the members. */ ret = EOK; memberel->values = talloc_steal(state->group, state->sysdb_dns->values); memberel->num_values = state->sysdb_dns->num_values; } else { state->count = state->check_count; ret = EBUSY; } return ret; } static int sdap_add_group_member_2307(struct ldb_message_element *sysdb_dns, struct sss_domain_info *dom, const char *username) { sysdb_dns->values[sysdb_dns->num_values].data = (uint8_t *) talloc_strdup(sysdb_dns->values, username); if (sysdb_dns->values[sysdb_dns->num_values].data == NULL) { return ENOMEM; } sysdb_dns->values[sysdb_dns->num_values].length = strlen(username); sysdb_dns->num_values++; return EOK; } static int sdap_process_missing_member_2307(struct sdap_process_group_state *state, char *member_name, time_t now) { int ret; TALLOC_CTX *tmp_ctx; const char *filter; const char *username; const char *user_dn; size_t count; struct ldb_message **msgs = NULL; static const char *attrs[] = { SYSDB_NAME, NULL }; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; /* Check for the alias in the sysdb */ filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_NAME_ALIAS, member_name); if (!filter) { ret = ENOMEM; goto done; } ret = sysdb_search_users(tmp_ctx, state->sysdb, state->dom, filter, attrs, &count, &msgs); if (ret == EOK && count > 0) { /* Entry exists but the group references it with an alias. */ if (count != 1) { DEBUG(1, ("More than one entry with this alias?\n")); ret = EIO; goto done; } /* fill username with primary name */ username = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (username == NULL) { ret = EINVAL; DEBUG(SSSDBG_MINOR_FAILURE, ("Inconsistent sysdb: user " "without primary name?\n")); goto done; } user_dn = sysdb_user_strdn(tmp_ctx, state->dom->name, username); if (user_dn == NULL) { return ENOMEM; } ret = sdap_add_group_member_2307(state->sysdb_dns, state->dom, user_dn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add group member %s\n", username)); } } else if (ret == ENOENT || count == 0) { /* The entry really does not exist, add a ghost */ DEBUG(SSSDBG_TRACE_FUNC, ("Adding a ghost entry\n")); ret = sdap_add_group_member_2307(state->ghost_dns, state->dom, member_name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add group member %s\n", member_name)); } } else { ret = EIO; } done: talloc_free(tmp_ctx); return ret; } static int sdap_process_group_members_2307(struct sdap_process_group_state *state, struct ldb_message_element *memberel, struct ldb_message_element *ghostel) { struct ldb_message *msg; char *member_name; char *userdn; int ret; time_t now; int i; now = time(NULL); for (i=0; i < memberel->num_values; i++) { member_name = (char *)memberel->values[i].data; /* We need to skip over zero-length usernames */ if (member_name[0] == '\0') continue; ret = sysdb_search_user_by_name(state, state->sysdb, state->dom, member_name, NULL, &msg); if (ret == EOK) { /* * User already cached in sysdb. Remember the sysdb DN for later * use by sdap_save_groups() */ DEBUG(7, ("Member already cached in sysdb: %s\n", member_name)); userdn = sysdb_user_strdn(state->sysdb_dns, state->dom->name, member_name); if (userdn == NULL) { return ENOMEM; } ret = sdap_add_group_member_2307(state->sysdb_dns, state->dom, userdn); if (ret != EOK) { DEBUG(1, ("Could not add member %s into sysdb\n", member_name)); goto done; } } else if (ret == ENOENT) { /* The user is not in sysdb, need to add it */ DEBUG(7, ("member #%d (%s): not found in sysdb\n", i, member_name)); ret = sdap_process_missing_member_2307(state, member_name, now); if (ret != EOK) { DEBUG(1, ("Error processing missing member #%d (%s):\n", i, member_name)); goto done; } } else { DEBUG(1, ("Error checking cache for member #%d (%s):\n", i, (char *) memberel->values[i].data)); goto done; } } ret = EOK; talloc_free(memberel->values); memberel->values = talloc_steal(state->group, state->sysdb_dns->values); memberel->num_values = state->sysdb_dns->num_values; talloc_free(ghostel->values); ghostel->values = talloc_steal(state->group, state->ghost_dns->values); ghostel->num_values = state->ghost_dns->num_values; done: return ret; } static void sdap_process_group_members(struct tevent_req *subreq) { struct sysdb_attrs **usr_attrs; size_t count; int ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_process_group_state *state = tevent_req_data(req, struct sdap_process_group_state); struct ldb_message_element *el; uint8_t* name_string; state->check_count--; DEBUG(SSSDBG_TRACE_ALL, ("Members remaining: %zu\n", state->check_count)); ret = sdap_get_generic_recv(subreq, state, &count, &usr_attrs); talloc_zfree(subreq); if (ret) { goto next; } if (count != 1) { ret = EINVAL; DEBUG(SSSDBG_TRACE_LIBS, ("Expected one user entry and got %zu\n", count)); goto next; } ret = sysdb_attrs_get_el(usr_attrs[0], state->opts->user_map[SDAP_AT_USER_NAME].sys_name, &el); if (el->num_values == 0) { ret = EINVAL; } if (ret) { DEBUG(2, ("Failed to get the member's name\n")); goto next; } name_string = el[0].values[0].data; state->ghost_dns->values[state->ghost_dns->num_values].data = talloc_steal(state->ghost_dns->values, name_string); state->ghost_dns->values[state->ghost_dns->num_values].length = strlen((char *)name_string); state->ghost_dns->num_values++; next: if (ret) { DEBUG(SSSDBG_TRACE_FUNC, ("Error reading group member[%d]: %s. Skipping\n", ret, strerror(ret))); state->count--; } /* Are there more searches for uncached users to submit ? */ if (state->queued_members && state->queued_members[state->queue_idx]) { subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, state->queued_members[state->queue_idx], LDAP_SCOPE_BASE, state->filter, state->attrs, state->opts->user_map, SDAP_OPTS_USER, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_process_group_members, req); state->queue_idx++; } if (state->check_count == 0) { /* * To avoid redundant sysdb lookups, populate the "member" attribute * of the group entry with the sysdb DNs of the members. */ ret = sysdb_attrs_get_el(state->group, state->opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, &el); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to get the group member attribute [%d]: %s\n", ret, strerror(ret))); tevent_req_error(req, ret); return; } el->values = talloc_steal(state->group, state->sysdb_dns->values); el->num_values = state->sysdb_dns->num_values; ret = sysdb_attrs_get_el(state->group, SYSDB_GHOST, &el); if (ret != EOK) { tevent_req_error(req, ret); return; } el->values = talloc_steal(state->group, state->ghost_dns->values); el->num_values = state->ghost_dns->num_values; DEBUG(9, ("Processed Group - Done\n")); tevent_req_done(req); } } static int sdap_process_group_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==Search-Groups-with-filter============================================ */ struct sdap_get_groups_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; struct sss_domain_info *dom; struct sdap_domain *sdom; struct sysdb_ctx *sysdb; const char **attrs; const char *base_filter; char *filter; int timeout; bool enumeration; char *higher_usn; struct sysdb_attrs **groups; size_t count; size_t check_count; hash_table_t *user_hash; hash_table_t *group_hash; size_t base_iter; struct sdap_search_base **search_bases; struct sdap_handle *ldap_sh; struct sdap_id_op *op; }; static errno_t sdap_get_groups_next_base(struct tevent_req *req); static void sdap_get_groups_ldap_connect_done(struct tevent_req *subreq); static void sdap_get_groups_process(struct tevent_req *subreq); static void sdap_get_groups_done(struct tevent_req *subreq); struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_domain *sdom, struct sdap_options *opts, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout, bool enumeration) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct sdap_get_groups_state *state; struct ad_id_ctx *subdom_id_ctx; req = tevent_req_create(memctx, &state, struct sdap_get_groups_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->sdom = sdom; state->dom = sdom->dom; state->sh = sh; state->sysdb = sdom->dom->sysdb; state->attrs = attrs; state->higher_usn = NULL; state->groups = NULL; state->count = 0; state->timeout = timeout; state->enumeration = enumeration; state->base_filter = filter; state->base_iter = 0; state->search_bases = sdom->group_search_bases; if (!state->search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("Group lookup request without a search base\n")); ret = EINVAL; goto done; } /* With AD by default the Global Catalog is used for lookup. But the GC * group object might not have full group membership data. To make sure we * connect to an LDAP server of the group's domain. */ if (state->opts->schema_type == SDAP_SCHEMA_AD && sdom->pvt != NULL) { subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto done; } subreq = sdap_id_op_connect_send(state->op, state, &ret); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_get_groups_ldap_connect_done, req); return req; } ret = sdap_get_groups_next_base(req); done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static void sdap_get_groups_ldap_connect_done(struct tevent_req *subreq) { struct tevent_req *req; struct sdap_get_groups_state *state; int ret; int dp_error; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_get_groups_state); ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } state->ldap_sh = sdap_id_op_handle(state->op); ret = sdap_get_groups_next_base(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } static errno_t sdap_get_groups_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_get_groups_state *state; state = tevent_req_data(req, struct sdap_get_groups_state); talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter(state, state->base_filter, state->search_bases[state->base_iter]->filter); if (!state->filter) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for groups with base [%s]\n", state->search_bases[state->base_iter]->basedn)); subreq = sdap_get_generic_send( state, state->ev, state->opts, state->ldap_sh != NULL ? state->ldap_sh : state->sh, state->search_bases[state->base_iter]->basedn, state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->group_map, SDAP_OPTS_GROUP, state->timeout, state->enumeration); /* If we're enumerating, we need paging */ if (!subreq) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_get_groups_process, req); return EOK; } static void sdap_nested_done(struct tevent_req *req); static void sdap_ad_match_rule_members_process(struct tevent_req *subreq); static void sdap_get_groups_process(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_groups_state *state = tevent_req_data(req, struct sdap_get_groups_state); int ret; int i; bool next_base = false; size_t count; struct sysdb_attrs **groups; ret = sdap_get_generic_recv(subreq, state, &count, &groups); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_FUNC, ("Search for groups, returned %zu results.\n", count)); if (!state->enumeration && count > 1) { DEBUG(SSSDBG_MINOR_FAILURE, ("Individual group search returned multiple results\n")); tevent_req_error(req, EINVAL); return; } if (state->enumeration || count == 0) { next_base = true; } /* Add this batch of groups to the list */ if (count > 0) { state->groups = talloc_realloc(state, state->groups, struct sysdb_attrs *, state->count + count + 1); if (!state->groups) { tevent_req_error(req, ENOMEM); return; } /* Copy the new groups into the list */ for (i = 0; i < count; i++) { state->groups[state->count + i] = talloc_steal(state->groups, groups[i]); } state->count += count; state->groups[state->count] = NULL; } if (next_base) { state->base_iter++; if (state->search_bases[state->base_iter]) { /* There are more search bases to try */ ret = sdap_get_groups_next_base(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } } /* No more search bases * Return ENOENT if no groups were found */ if (state->count == 0) { tevent_req_error(req, ENOENT); return; } /* Check whether we need to do nested searches * for RFC2307bis/FreeIPA/ActiveDirectory * We don't need to do this for enumeration, * because all groups will be picked up anyway. * * We can also skip this if we're using the * LDAP_MATCHING_RULE_IN_CHAIN available in * AD 2008 and later */ if (!state->enumeration) { if ((state->opts->schema_type != SDAP_SCHEMA_RFC2307) && (dp_opt_get_int(state->opts->basic, SDAP_NESTING_LEVEL) != 0) && !dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_GROUPS)) { subreq = sdap_nested_group_send(state, state->ev, state->sdom, state->opts, state->sh, state->groups[0]); if (!subreq) { tevent_req_error(req, EIO); return; } tevent_req_set_callback(subreq, sdap_nested_done, req); return; } } /* We have all of the groups. Save them to the sysdb */ state->check_count = state->count; /* If we're using LDAP_MATCHING_RULE_IN_CHAIN, start a subreq to * retrieve the members so we can save them in a single step. */ if (!state->enumeration && (state->opts->schema_type != SDAP_SCHEMA_RFC2307) && state->opts->support_matching_rule && dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_GROUPS)) { subreq = sdap_get_ad_match_rule_members_send( state, state->ev, state->opts, state->sh, state->groups[0], state->timeout); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_ad_match_rule_members_process, req); return; } ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(0, ("Failed to start transaction\n")); tevent_req_error(req, ret); return; } if (state->enumeration && state->opts->schema_type != SDAP_SCHEMA_RFC2307 && dp_opt_get_int(state->opts->basic, SDAP_NESTING_LEVEL) != 0) { DEBUG(9, ("Saving groups without members first " "to allow unrolling of nested groups.\n")); ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts, state->groups, state->count, false, NULL, true, NULL); if (ret) { DEBUG(2, ("Failed to store groups.\n")); tevent_req_error(req, ret); return; } } for (i = 0; i < state->count; i++) { subreq = sdap_process_group_send(state, state->ev, state->dom, state->sysdb, state->opts, state->sh, state->groups[i], state->enumeration); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_get_groups_done, req); } } static void sdap_get_groups_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_groups_state *state = tevent_req_data(req, struct sdap_get_groups_state); int ret; errno_t sysret; ret = sdap_process_group_recv(subreq); talloc_zfree(subreq); if (ret) { sysret = sysdb_transaction_cancel(state->sysdb); if (sysret != EOK) { DEBUG(0, ("Could not cancel sysdb transaction\n")); } tevent_req_error(req, ret); return; } state->check_count--; DEBUG(SSSDBG_TRACE_ALL, ("Groups remaining: %zu\n", state->check_count)); if (state->check_count == 0) { DEBUG(9, ("All groups processed\n")); /* If ignore_group_members is set for the domain, don't update * group memberships in the cache. * * If enumeration is on, don't overwrite orig_members as they've been * saved earlier. */ ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts, state->groups, state->count, !state->dom->ignore_group_members, NULL, !state->enumeration, &state->higher_usn); if (ret) { DEBUG(2, ("Failed to store groups.\n")); tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_ALL, ("Saving %zu Groups - Done\n", state->count)); sysret = sysdb_transaction_commit(state->sysdb); if (sysret != EOK) { DEBUG(0, ("Couldn't commit transaction\n")); tevent_req_error(req, sysret); } else { tevent_req_done(req); } } } static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_options *opts, struct sysdb_attrs **users, int num_users, hash_table_t **_ghosts); static void sdap_ad_match_rule_members_process(struct tevent_req *subreq) { errno_t ret; TALLOC_CTX *tmp_ctx = NULL; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_groups_state *state = tevent_req_data(req, struct sdap_get_groups_state); struct sysdb_attrs **users; struct sysdb_attrs *group = state->groups[0]; struct ldb_message_element *member_el; struct ldb_message_element *orig_dn_el; size_t count = 0; size_t i; hash_table_t *ghosts; ret = sdap_get_ad_match_rule_members_recv(subreq, state, &count, &users); talloc_zfree(subreq); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not retrieve members using AD match rule. [%s]\n", strerror(ret))); goto done; } /* Save the group and users to the cache */ /* Truncate the member attribute of the group. * It will be repopulated below, and it may currently * be incomplete anyway, thanks to the range extension. */ ret = sysdb_attrs_get_el(group, SYSDB_MEMBER, &member_el); if (ret != EOK) { goto done; } member_el->num_values = 0; talloc_zfree(member_el->values); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } /* Figure out which users are already cached in the sysdb and * which ones need to be added as ghost users. */ ret = sdap_nested_group_populate_users(tmp_ctx, state->sysdb, state->dom, state->opts, users, count, &ghosts); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not determine which users are ghosts: [%s]\n", strerror(ret))); goto done; } /* Add any entries that aren't in the ghost hash table to the * member element of the group. This will get converted to a * native sysdb representation later in sdap_save_groups(). */ /* Add all of the users as members */ member_el->values = talloc_zero_array(tmp_ctx, struct ldb_val, count); if (!member_el->values) { ret = ENOMEM; goto done; } /* Copy the origDN values of the users into the member element */ for (i = 0; i < count; i++) { ret = sysdb_attrs_get_el(users[i], SYSDB_ORIG_DN, &orig_dn_el); if (ret != EOK) { /* This should never happen. Every entry should have * an originalDN. */ DEBUG(SSSDBG_MINOR_FAILURE, ("BUG: Missing originalDN for user?\n")); goto done; } /* These values will have the same lifespan, so instead * of copying them, just point at the data. */ member_el->values[i].data = orig_dn_el->values[0].data; member_el->values[i].length = orig_dn_el->values[0].length; } member_el->num_values = count; /* Now save the group, users and ghosts to the cache */ ret = sdap_save_groups(tmp_ctx, state->sysdb, state->dom, state->opts, state->groups, 1, false, ghosts, true, NULL); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not save group to the cache: [%s]\n", strerror(ret))); goto done; } ret = EOK; done: talloc_free(tmp_ctx); if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } int sdap_get_groups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **usn_value) { struct sdap_get_groups_state *state = tevent_req_data(req, struct sdap_get_groups_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (usn_value) { *usn_value = talloc_steal(mem_ctx, state->higher_usn); } return EOK; } static void sdap_nested_done(struct tevent_req *subreq) { errno_t ret, tret; unsigned long user_count; unsigned long group_count; bool in_transaction = false; struct sysdb_attrs **users = NULL; struct sysdb_attrs **groups = NULL; hash_table_t *ghosts; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_groups_state *state = tevent_req_data(req, struct sdap_get_groups_state); ret = sdap_nested_group_recv(state, subreq, &user_count, &users, &group_count, &groups); talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Nested group processing failed: [%d][%s]\n", ret, strerror(ret))); goto fail; } /* Save all of the users first so that they are in * place for the groups to add them. */ ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(1, ("Failed to start transaction\n")); goto fail; } in_transaction = true; ret = sdap_nested_group_populate_users(state, state->sysdb, state->dom, state->opts, users, user_count, &ghosts); if (ret != EOK) { goto fail; } ret = sdap_save_groups(state, state->sysdb, state->dom, state->opts, groups, group_count, false, ghosts, true, &state->higher_usn); if (ret != EOK) { goto fail; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { DEBUG(1, ("Failed to commit transaction\n")); goto fail; } in_transaction = false; /* Processing complete */ tevent_req_done(req); return; fail: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { DEBUG(1, ("Failed to cancel transaction\n")); } } tevent_req_error(req, ret); } static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_options *opts, struct sysdb_attrs **users, int num_users, hash_table_t **_ghosts) { int i; errno_t ret, sret; struct ldb_message_element *el; const char *username; char *clean_orig_dn; const char *original_dn; struct sss_domain_info *user_dom; struct sdap_domain *sdap_dom; TALLOC_CTX *tmp_ctx; struct ldb_message **msgs; char *filter; const char *sysdb_name; struct sysdb_attrs *attrs; static const char *search_attrs[] = { SYSDB_NAME, NULL }; hash_table_t *ghosts; hash_key_t key; hash_value_t value; size_t count; bool in_transaction = false; if (_ghosts == NULL) { return EINVAL; } if (num_users == 0) { /* Nothing to do if there are no users */ *_ghosts = NULL; return EOK; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; ret = sss_hash_create(tmp_ctx, num_users, &ghosts); if (ret != HASH_SUCCESS) { ret = ENOMEM; goto done; } ret = sysdb_transaction_start(sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction!\n")); goto done; } in_transaction = true; for (i = 0; i < num_users; i++) { ret = sysdb_attrs_get_el(users[i], SYSDB_ORIG_DN, &el); if (el->num_values == 0) { ret = EINVAL; } if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("User entry %d has no originalDN attribute\n", i)); goto done; } original_dn = (const char *) el->values[0].data; ret = sss_filter_sanitize(tmp_ctx, original_dn, &clean_orig_dn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot sanitize originalDN [%s]\n", original_dn)); goto done; } sdap_dom = sdap_domain_get_by_dn(opts, original_dn); user_dom = sdap_dom == NULL ? domain : sdap_dom->dom; ret = sdap_get_user_primary_name(tmp_ctx, opts, users[i], user_dom, &username); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("User entry %d has no name attribute. Skipping\n", i)); continue; } /* Check for the specified origDN in the sysdb */ filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, clean_orig_dn); if (!filter) { ret = ENOMEM; goto done; } ret = sysdb_search_users(tmp_ctx, user_dom->sysdb, user_dom, filter, search_attrs, &count, &msgs); talloc_zfree(filter); talloc_zfree(clean_orig_dn); if (ret != EOK && ret != ENOENT) { DEBUG(1, ("Error checking cache for user entry\n")); goto done; } else if (ret == EOK) { /* The entry is cached but expired. Update the username * if needed. */ if (count != 1) { DEBUG(1, ("More than one entry with this origDN? Skipping\n")); continue; } sysdb_name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (strcmp(sysdb_name, username) == 0) { /* Username is correct, continue */ continue; } attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, username); if (ret) goto done; ret = sysdb_set_user_attr(user_dom->sysdb, user_dom, sysdb_name, attrs, SYSDB_MOD_REP); if (ret != EOK) goto done; } else { key.type = HASH_KEY_STRING; key.str = talloc_steal(ghosts, discard_const(original_dn)); value.type = HASH_VALUE_PTR; value.ptr = talloc_steal(ghosts, discard_const(username)); ret = hash_enter(ghosts, &key, &value); if (ret != HASH_SUCCESS) { talloc_free(key.str); talloc_free(value.ptr); ret = ENOMEM; goto done; } } } ret = sysdb_transaction_commit(sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction!\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } if (ret != EOK) { *_ghosts = NULL; } else { *_ghosts = talloc_steal(mem_ctx, ghosts); } talloc_zfree(tmp_ctx); return ret; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/ldap_id_services.c0000644000000000000000000000007412320753107022742 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.615874979 sssd-1.11.5/src/providers/ldap/ldap_id_services.c0000664002412700241270000002111612320753107023165 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "util/strtonum.h" #include "db/sysdb.h" #include "db/sysdb_services.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" struct sdap_services_get_state { struct tevent_context *ev; struct sdap_id_ctx *id_ctx; struct sdap_domain *sdom; struct sdap_id_op *op; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; struct sdap_id_conn_ctx *conn; const char *name; const char *protocol; char *filter; const char **attrs; int filter_type; int dp_error; int sdap_ret; bool noexist_delete; }; static errno_t services_get_retry(struct tevent_req *req); static void services_get_connect_done(struct tevent_req *subreq); static void services_get_done(struct tevent_req *subreq); struct tevent_req * services_get_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *id_ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, const char *protocol, int filter_type, bool noexist_delete) { errno_t ret; struct tevent_req *req; struct sdap_services_get_state *state; const char *attr_name; char *clean_name; char *clean_protocol = NULL; req = tevent_req_create(mem_ctx, &state, struct sdap_services_get_state); if (!req) return NULL; state->ev = ev; state->id_ctx = id_ctx; state->sdom = sdom; state->conn = conn; state->dp_error = DP_ERR_FATAL; state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; state->name = name; state->protocol = protocol; state->filter_type = filter_type; state->noexist_delete = noexist_delete; state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_MINOR_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto error; } switch(filter_type) { case BE_FILTER_NAME: attr_name = id_ctx->opts->service_map[SDAP_AT_SERVICE_NAME].name; break; case BE_FILTER_IDNUM: attr_name = id_ctx->opts->service_map[SDAP_AT_SERVICE_PORT].name; break; default: ret = EINVAL; goto error; } ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) goto error; if (protocol) { ret = sss_filter_sanitize(state, protocol, &clean_protocol); if (ret != EOK) goto error; } if (clean_protocol) { state->filter = talloc_asprintf( state, "(&(%s=%s)(%s=%s)(objectclass=%s))", attr_name, clean_name, id_ctx->opts->service_map[SDAP_AT_SERVICE_PROTOCOL].name, clean_protocol, id_ctx->opts->service_map[SDAP_OC_SERVICE].name); } else { state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", attr_name, clean_name, id_ctx->opts->service_map[SDAP_OC_SERVICE].name); } talloc_zfree(clean_name); talloc_zfree(clean_protocol); if (!state->filter) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to build the base filter\n")); ret = ENOMEM; goto error; } DEBUG(SSSDBG_TRACE_LIBS, ("Preparing to search for services with filter [%s]\n", state->filter)); ret = build_attrs_from_map(state, id_ctx->opts->service_map, SDAP_OPTS_SERVICES, NULL, &state->attrs, NULL); if (ret != EOK) goto error; ret = services_get_retry(req); if (ret != EOK) goto error; return req; error: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static errno_t services_get_retry(struct tevent_req *req) { errno_t ret; struct sdap_services_get_state *state = tevent_req_data(req, struct sdap_services_get_state); struct tevent_req *subreq; subreq = sdap_id_op_connect_send(state->op, state, &ret); if (!subreq) { return ret; } tevent_req_set_callback(subreq, services_get_connect_done, req); return EOK; } static void services_get_connect_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_services_get_state *state = tevent_req_data(req, struct sdap_services_get_state); int dp_error = DP_ERR_FATAL; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } subreq = sdap_get_services_send(state, state->ev, state->domain, state->sysdb, state->id_ctx->opts, state->sdom->service_search_bases, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->id_ctx->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, services_get_done, req); } static void services_get_done(struct tevent_req *subreq) { errno_t ret; uint16_t port; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_services_get_state *state = tevent_req_data(req, struct sdap_services_get_state); int dp_error = DP_ERR_FATAL; ret = sdap_get_services_recv(NULL, subreq, NULL); talloc_zfree(subreq); /* Check whether we need to try again with another * failover server. */ ret = sdap_id_op_done(state->op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = services_get_retry(req); if (ret != EOK) { tevent_req_error(req, ret); return; } /* Return to the mainloop to retry */ return; } state->sdap_ret = ret; /* An error occurred. */ if (ret && ret != ENOENT) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } if (ret == ENOENT && state->noexist_delete == true) { /* Ensure that this entry is removed from the sysdb */ switch(state->filter_type) { case BE_FILTER_NAME: ret = sysdb_svc_delete(state->sysdb, state->domain, state->name, 0, state->protocol); if (ret != EOK) { tevent_req_error(req, ret); return; } break; case BE_FILTER_IDNUM: port = strtouint16(state->name, NULL, 10); if (errno) { tevent_req_error(req, errno); return; } ret = sysdb_svc_delete(state->sysdb, state->domain, NULL, port, state->protocol); if (ret != EOK) { tevent_req_error(req, ret); return; } break; default: tevent_req_error(req, EINVAL); return; } } state->dp_error = DP_ERR_OK; tevent_req_done(req); } errno_t services_get_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret) { struct sdap_services_get_state *state = tevent_req_data(req, struct sdap_services_get_state); if (dp_error_out) { *dp_error_out = state->dp_error; } if (sdap_ret) { *sdap_ret = state->sdap_ret; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_private.h0000644000000000000000000000007312320753107023325 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.477875081 sssd-1.11.5/src/providers/ldap/sdap_async_private.h0000664002412700241270000001246512320753107023560 0ustar00jhrozekjhrozek00000000000000/* SSSD Async LDAP Helper routines Copyright (C) Simo Sorce This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SDAP_ASYNC_PRIVATE_H_ #define _SDAP_ASYNC_PRIVATE_H_ #include "config.h" #include "util/sss_krb5.h" #include "providers/ldap/sdap_async.h" struct dn_item { const char *dn; /* Parent netgroup containing this record */ struct sysdb_attrs *netgroup; char *cn; struct dn_item *next; struct dn_item *prev; }; bool is_dn(const char *str); errno_t update_dn_list(struct dn_item *dn_list, const size_t count, struct ldb_message **res, bool *all_resolved); void make_realm_upper_case(const char *upn); struct sdap_handle *sdap_handle_create(TALLOC_CTX *memctx); void sdap_ldap_result(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *pvt); int setup_ldap_connection_callbacks(struct sdap_handle *sh, struct tevent_context *ev); int remove_ldap_connection_callbacks(struct sdap_handle *sh); int get_fd_from_ldap(LDAP *ldap, int *fd); errno_t sdap_set_connected(struct sdap_handle *sh, struct tevent_context *ev); errno_t sdap_call_conn_cb(const char *uri,int fd, struct sdap_handle *sh); int sdap_op_add(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_handle *sh, int msgid, sdap_op_callback_t *callback, void *data, int timeout, struct sdap_op **_op); struct tevent_req *sdap_get_rootdse_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh); int sdap_get_rootdse_recv(struct tevent_req *req, TALLOC_CTX *memctx, struct sysdb_attrs **rootdse); errno_t deref_string_to_val(const char *str, int *val); /* from sdap_child_helpers.c */ struct tevent_req *sdap_get_tgt_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *realm_str, const char *princ_str, const char *keytab_name, int32_t lifetime, int timeout); int sdap_get_tgt_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, int *result, krb5_error_code *kerr, char **ccname, time_t *expire_time_out); int sdap_save_users(TALLOC_CTX *memctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs **users, int num_users, char **_usn_value); int sdap_initgr_common_store(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_options *opts, const char *name, enum sysdb_member_type type, char **sysdb_grouplist, struct sysdb_attrs **ldap_groups, int ldap_groups_count); errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, char ***grouplist); errno_t get_sysdb_grouplist_dn(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, char ***grouplist); /* from sdap_async_nested_groups.c */ struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_domain *sdom, struct sdap_options *opts, struct sdap_handle *sh, struct sysdb_attrs *group); errno_t sdap_nested_group_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, unsigned long *_num_users, struct sysdb_attrs ***_users, unsigned long *_num_groups, struct sysdb_attrs ***_groups); #endif /* _SDAP_ASYNC_PRIVATE_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/ldap_common.h0000644000000000000000000000007412320753107021740 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.473875084 sssd-1.11.5/src/providers/ldap/ldap_common.h0000664002412700241270000003012312320753107022161 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Common utility code Copyright (C) Simo Sorce 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _LDAP_COMMON_H_ #define _LDAP_COMMON_H_ #include "providers/dp_backend.h" #include "providers/ldap/sdap.h" #include "providers/ldap/sdap_id_op.h" #include "providers/fail_over.h" #include "providers/krb5/krb5_common.h" #include "lib/idmap/sss_idmap.h" #define PWD_POL_OPT_NONE "none" #define PWD_POL_OPT_SHADOW "shadow" #define PWD_POL_OPT_MIT "mit_kerberos" #define SSS_LDAP_SRV_NAME "ldap" #define LDAP_STANDARD_URI "ldap://" #define LDAP_SSL_URI "ldaps://" #define LDAP_LDAPI_URI "ldapi://" /* a fd the child process would log into */ extern int ldap_child_debug_fd; struct sdap_id_ctx; struct sdap_id_conn_ctx { struct sdap_id_ctx *id_ctx; struct sdap_service *service; /* LDAP connection cache */ struct sdap_id_conn_cache *conn_cache; /* dlinklist pointers */ struct sdap_id_conn_ctx *prev, *next; /* do not go offline, try another connection */ bool ignore_mark_offline; }; struct sdap_id_ctx { struct be_ctx *be; struct sdap_options *opts; /* If using GSSAPI */ struct krb5_service *krb5_service; /* connection to a server */ struct sdap_id_conn_ctx *conn; struct sdap_server_opts *srv_opts; }; struct sdap_auth_ctx { struct be_ctx *be; struct sdap_options *opts; struct sdap_service *service; struct sdap_service *chpass_service; }; int sssm_ldap_id_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data); void sdap_check_online(struct be_req *breq); void sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx); struct tevent_req* sdap_reinit_cleanup_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct sdap_id_ctx *id_ctx); errno_t sdap_reinit_cleanup_recv(struct tevent_req *req); /* id */ void sdap_account_info_handler(struct be_req *breq); void sdap_handle_account_info(struct be_req *breq, struct sdap_id_ctx *ctx, struct sdap_id_conn_ctx *conn); /* Set up enumeration and/or cleanup */ int ldap_id_setup_tasks(struct sdap_id_ctx *ctx); int sdap_id_setup_tasks(struct be_ctx *be_ctx, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, be_ptask_send_t send_fn, be_ptask_recv_t recv_fn, void *pvt); struct tevent_req * sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, struct be_req *breq, struct be_acct_req *ar, struct sdap_id_ctx *id_ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, bool noexist_delete); errno_t sdap_handle_acct_req_recv(struct tevent_req *req, int *_dp_error, const char **_err, int *sdap_ret); /* auth */ void sdap_pam_auth_handler(struct be_req *breq); /* chpass */ void sdap_pam_chpass_handler(struct be_req *breq); /* access */ void sdap_pam_access_handler(struct be_req *breq); /* autofs */ void sdap_autofs_handler(struct be_req *breq); void sdap_handler_done(struct be_req *req, int dp_err, int error, const char *errstr); int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, const char *service_name, const char *dns_service_name, const char *urls, const char *backup_urls, struct sdap_service **_service); int sdap_gssapi_init(TALLOC_CTX *mem_ctx, struct dp_option *opts, struct be_ctx *bectx, struct sdap_service *sdap_service, struct krb5_service **krb5_service); errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, const char *realm, const char *service_name); errno_t sdap_install_sigterm_handler(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *realm); void sdap_remove_kdcinfo_files_callback(void *pvt); /* options parser */ int ldap_get_options(TALLOC_CTX *memctx, struct sss_domain_info *dom, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options **_opts); int ldap_get_sudo_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options *opts, bool *use_host_filter, bool *include_regexp, bool *include_netgroups); int ldap_get_autofs_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options *opts); /* Calling ldap_setup_enumeration will set up a periodic task * that would periodically call send_fn/recv_fn request. The * send_fn's pvt parameter will be a pointer to ldap_enum_ctx * structure that contains the request data */ struct ldap_enum_ctx { struct sdap_domain *sdom; void *pvt; }; errno_t ldap_setup_enumeration(struct be_ctx *be_ctx, struct sdap_options *opts, struct sdap_domain *sdom, be_ptask_send_t send_fn, be_ptask_recv_t recv_fn, void *pvt); struct tevent_req * ldap_enumeration_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct be_ptask *be_ptask, void *pvt); errno_t ldap_enumeration_recv(struct tevent_req *req); errno_t ldap_setup_cleanup(struct sdap_id_ctx *id_ctx, struct sdap_domain *sdom); errno_t ldap_id_cleanup(struct sdap_options *opts, struct sdap_domain *sdom); void sdap_mark_offline(struct sdap_id_ctx *ctx); struct tevent_req *groups_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, int filter_type, int attrs_type, bool noexist_delete); int groups_get_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret); struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, bool noexist_delete); int ldap_netgroup_get_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret); struct tevent_req * services_get_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *id_ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, const char *protocol, int filter_type, bool noexist_delete); errno_t services_get_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret); /* setup child logging */ int sdap_setup_child(void); errno_t string_to_shadowpw_days(const char *s, long *d); errno_t get_sysdb_attr_name(TALLOC_CTX *mem_ctx, struct sdap_attr_map *map, size_t map_size, const char *ldap_name, char **sysdb_name); errno_t list_missing_attrs(TALLOC_CTX *mem_ctx, struct sdap_attr_map *map, size_t map_size, struct sysdb_attrs *recvd_attrs, char ***missing_attrs); bool sdap_is_secure_uri(const char *uri); char *sdap_get_id_specific_filter(TALLOC_CTX *mem_ctx, const char *base_filter, const char *extra_filter); char *sdap_get_access_filter(TALLOC_CTX *mem_ctx, const char *base_filter); errno_t msgs2attrs_array(TALLOC_CTX *mem_ctx, size_t count, struct ldb_message **msgs, struct sysdb_attrs ***attrs); errno_t sdap_domain_add(struct sdap_options *opts, struct sss_domain_info *dom, struct sdap_domain **_sdom); errno_t sdap_domain_subdom_add(struct sdap_id_ctx *sdap_id_ctx, struct sdap_domain *sdom_list, struct sss_domain_info *parent); void sdap_domain_remove(struct sdap_options *opts, struct sss_domain_info *dom); struct sdap_domain *sdap_domain_get(struct sdap_options *opts, struct sss_domain_info *dom); struct sdap_domain *sdap_domain_get_by_dn(struct sdap_options *opts, const char *dn); errno_t sdap_create_search_base(TALLOC_CTX *mem_ctx, const char *unparsed_base, int scope, const char *filter, struct sdap_search_base **_base); errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx, struct dp_option *opts, int class, struct sdap_search_base ***_search_bases); errno_t common_parse_search_base(TALLOC_CTX *mem_ctx, const char *unparsed_base, const char *class_name, const char *old_filter, struct sdap_search_base ***_search_bases); errno_t sdap_attrs_get_sid_str(TALLOC_CTX *mem_ctx, struct sdap_idmap_ctx *idmap_ctx, struct sysdb_attrs *sysdb_attrs, const char *sid_attr, char **_sid_str); errno_t sdap_set_sasl_options(struct sdap_options *id_opts, char *default_primary, char *default_realm, const char *keytab_path); struct sdap_id_conn_ctx * sdap_id_ctx_conn_add(struct sdap_id_ctx *id_ctx, struct sdap_service *sdap_service); struct sdap_id_ctx * sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, struct sdap_service *sdap_service); struct tevent_req *sdap_refresh_netgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, char **names, void *pvt); errno_t sdap_refresh_netgroups_recv(struct tevent_req *req); #endif /* _LDAP_COMMON_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/ldap_id_cleanup.c0000644000000000000000000000007412320753107022546 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.613874981 sssd-1.11.5/src/providers/ldap/ldap_id_cleanup.c0000664002412700241270000003051412320753107022773 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Identity Cleanup Functions Authors: Simo Sorce Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "util/util.h" #include "util/find_uid.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" /* ==Cleanup-Task========================================================= */ struct ldap_id_cleanup_ctx { struct sdap_id_ctx *ctx; struct sdap_domain *sdom; }; static errno_t ldap_cleanup_task(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct be_ptask *be_ptask, void *pvt) { struct ldap_id_cleanup_ctx *cleanup_ctx = NULL; cleanup_ctx = talloc_get_type(pvt, struct ldap_id_cleanup_ctx); return ldap_id_cleanup(cleanup_ctx->ctx->opts, cleanup_ctx->sdom); } errno_t ldap_setup_cleanup(struct sdap_id_ctx *id_ctx, struct sdap_domain *sdom) { errno_t ret; time_t first_delay; time_t period; struct ldap_id_cleanup_ctx *cleanup_ctx = NULL; char *name = NULL; period = dp_opt_get_int(id_ctx->opts->basic, SDAP_CACHE_PURGE_TIMEOUT); if (period == 0) { /* Cleanup has been explicitly disabled, so we won't * create any cleanup tasks. */ ret = EOK; goto done; } /* Run the first one in a couple of seconds so that we have time to * finish initializations first. */ first_delay = 10; cleanup_ctx = talloc_zero(sdom, struct ldap_id_cleanup_ctx); if (cleanup_ctx == NULL) { ret = ENOMEM; goto done; } cleanup_ctx->ctx = id_ctx; cleanup_ctx->sdom = sdom; name = talloc_asprintf(cleanup_ctx, "Cleanup of %s", sdom->dom->name); if (name == NULL) { return ENOMEM; } ret = be_ptask_create_sync(sdom, id_ctx->be, period, first_delay, 5 /* enabled delay */, period /* timeout */, BE_PTASK_OFFLINE_SKIP, ldap_cleanup_task, cleanup_ctx, name, &sdom->cleanup_task); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to initialize cleanup periodic " "task for %s\n", sdom->dom->name)); goto done; } talloc_steal(sdom->cleanup_task, cleanup_ctx); ret = EOK; done: talloc_free(name); if (ret != EOK) { talloc_free(cleanup_ctx); } return ret; } static int cleanup_users(struct sdap_options *opts, struct sss_domain_info *dom); static int cleanup_groups(TALLOC_CTX *memctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain); errno_t ldap_id_cleanup(struct sdap_options *opts, struct sdap_domain *sdom) { int ret, tret; bool in_transaction = false; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } ret = sysdb_transaction_start(sdom->dom->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; ret = cleanup_users(opts, sdom->dom); if (ret && ret != ENOENT) { goto done; } ret = cleanup_groups(tmp_ctx, sdom->dom->sysdb, sdom->dom); if (ret) { goto done; } ret = sysdb_transaction_commit(sdom->dom->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; sdom->last_purge = tevent_timeval_current(); ret = EOK; done: if (in_transaction) { tret = sysdb_transaction_cancel(sdom->dom->sysdb); if (tret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } /* ==User-Cleanup-Process================================================= */ static int cleanup_users_logged_in(hash_table_t *table, const struct ldb_message *msg); static int cleanup_users(struct sdap_options *opts, struct sss_domain_info *dom) { TALLOC_CTX *tmpctx; struct sysdb_ctx *sysdb = dom->sysdb; const char *attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL }; time_t now = time(NULL); char *subfilter = NULL; int account_cache_expiration; hash_table_t *uid_table; struct ldb_message **msgs; size_t count; const char *name; int ret; int i; tmpctx = talloc_new(NULL); if (!tmpctx) { return ENOMEM; } account_cache_expiration = dp_opt_get_int(opts->basic, SDAP_ACCOUNT_CACHE_EXPIRATION); DEBUG(9, ("Cache expiration is set to %d days\n", account_cache_expiration)); if (account_cache_expiration > 0) { subfilter = talloc_asprintf(tmpctx, "(&(!(%s=0))(%s<=%ld)(|(!(%s=*))(%s<=%ld)))", SYSDB_CACHE_EXPIRE, SYSDB_CACHE_EXPIRE, (long) now, SYSDB_LAST_LOGIN, SYSDB_LAST_LOGIN, (long) (now - (account_cache_expiration * 86400))); } else { subfilter = talloc_asprintf(tmpctx, "(&(!(%s=0))(%s<=%ld)(!(%s=*)))", SYSDB_CACHE_EXPIRE, SYSDB_CACHE_EXPIRE, (long) now, SYSDB_LAST_LOGIN); } if (!subfilter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto done; } ret = sysdb_search_users(tmpctx, sysdb, dom, subfilter, attrs, &count, &msgs); if (ret) { if (ret == ENOENT) { ret = EOK; } goto done; } DEBUG(SSSDBG_FUNC_DATA, ("Found %zu expired user entries!\n", count)); if (count == 0) { ret = EOK; goto done; } ret = get_uid_table(tmpctx, &uid_table); /* get_uid_table returns ENOSYS on non-Linux platforms. We proceed with * the cleanup in that case */ if (ret != EOK && ret != ENOSYS) { goto done; } for (i = 0; i < count; i++) { name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL); if (!name) { DEBUG(2, ("Entry %s has no Name Attribute ?!?\n", ldb_dn_get_linearized(msgs[i]->dn))); ret = EFAULT; goto done; } if (uid_table) { ret = cleanup_users_logged_in(uid_table, msgs[i]); if (ret == EOK) { /* If the user is logged in, proceed to the next one */ DEBUG(5, ("User %s is still logged in or a dummy entry, " "keeping data\n", name)); continue; } else if (ret != ENOENT) { goto done; } } /* If not logged in or cannot check the table, delete him */ DEBUG(9, ("About to delete user %s\n", name)); ret = sysdb_delete_user(sysdb, dom, name, 0); if (ret) { goto done; } } done: talloc_zfree(tmpctx); return ret; } static int cleanup_users_logged_in(hash_table_t *table, const struct ldb_message *msg) { uid_t uid; hash_key_t key; hash_value_t value; int ret; uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); if (!uid) { DEBUG(SSSDBG_OP_FAILURE, ("Entry %s has no UID Attribute!\n", ldb_dn_get_linearized(msg->dn))); return ENOENT; } key.type = HASH_KEY_ULONG; key.ul = (unsigned long) uid; ret = hash_lookup(table, &key, &value); if (ret == HASH_SUCCESS) { return EOK; } else if (ret == HASH_ERROR_KEY_NOT_FOUND) { return ENOENT; } return EIO; } /* ==Group-Cleanup-Process================================================ */ static int cleanup_groups(TALLOC_CTX *memctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain) { TALLOC_CTX *tmpctx; const char *attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL }; time_t now = time(NULL); char *subfilter; const char *dn; gid_t gid; struct ldb_message **msgs; size_t count; struct ldb_message **u_msgs; size_t u_count; int ret; int i; const char *posix; struct ldb_dn *base_dn; tmpctx = talloc_new(memctx); if (!tmpctx) { return ENOMEM; } subfilter = talloc_asprintf(tmpctx, "(&(!(%s=0))(%s<=%ld))", SYSDB_CACHE_EXPIRE, SYSDB_CACHE_EXPIRE, (long)now); if (!subfilter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto done; } ret = sysdb_search_groups(tmpctx, sysdb, domain, subfilter, attrs, &count, &msgs); if (ret) { if (ret == ENOENT) { ret = EOK; } goto done; } DEBUG(SSSDBG_FUNC_DATA, ("Found %zu expired group entries!\n", count)); if (count == 0) { ret = EOK; goto done; } for (i = 0; i < count; i++) { dn = ldb_dn_get_linearized(msgs[i]->dn); if (!dn) { ret = EFAULT; goto done; } posix = ldb_msg_find_attr_as_string(msgs[i], SYSDB_POSIX, NULL); if (!posix || strcmp(posix, "TRUE") == 0) { /* Search for users that are members of this group, or * that have this group as their primary GID. * Include subdomain users as well. */ gid = (gid_t) ldb_msg_find_attr_as_uint(msgs[i], SYSDB_GIDNUM, 0); subfilter = talloc_asprintf(tmpctx, "(&(%s=%s)(|(%s=%s)(%s=%lu)))", SYSDB_OBJECTCLASS, SYSDB_USER_CLASS, SYSDB_MEMBEROF, dn, SYSDB_GIDNUM, (long unsigned) gid); } else { subfilter = talloc_asprintf(tmpctx, "(%s=%s)", SYSDB_MEMBEROF, dn); } if (!subfilter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto done; } base_dn = sysdb_base_dn(sysdb, tmpctx); if (base_dn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to build base dn\n")); ret = ENOMEM; goto done; } ret = sysdb_search_entry(tmpctx, sysdb, base_dn, LDB_SCOPE_SUBTREE, subfilter, NULL, &u_count, &u_msgs); if (ret == ENOENT) { const char *name; name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL); if (!name) { DEBUG(2, ("Entry %s has no Name Attribute ?!?\n", ldb_dn_get_linearized(msgs[i]->dn))); ret = EFAULT; goto done; } DEBUG(8, ("About to delete group %s\n", name)); ret = sysdb_delete_group(sysdb, domain, name, 0); if (ret) { DEBUG(2, ("Group delete returned %d (%s)\n", ret, strerror(ret))); goto done; } } if (ret != EOK) { goto done; } talloc_zfree(u_msgs); } done: talloc_zfree(tmpctx); return ret; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_idmap.h0000644000000000000000000000007412320753107021551 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.630874968 sssd-1.11.5/src/providers/ldap/sdap_idmap.h0000664002412700241270000000412312320753107021773 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef SDAP_IDMAP_H_ #define SDAP_IDMAP_H_ #include "src/providers/ldap/sdap.h" #include "src/providers/ldap/ldap_common.h" typedef errno_t (find_new_domain_fn_t)(struct sdap_idmap_ctx *idmap_ctx, const char *dom_name, const char *dom_sid_str); struct sdap_idmap_ctx { struct sss_idmap_ctx *map; struct sdap_id_ctx *id_ctx; find_new_domain_fn_t *find_new_domain; }; errno_t sdap_idmap_init(TALLOC_CTX *mem_ctx, struct sdap_id_ctx *id_ctx, struct sdap_idmap_ctx **_idmap_ctx); errno_t sdap_idmap_add_domain(struct sdap_idmap_ctx *idmap_ctx, const char *dom_name, const char *dom_sid, id_t slice); errno_t sdap_idmap_get_dom_sid_from_object(TALLOC_CTX *mem_ctx, const char *object_sid, char **dom_sid_str); errno_t sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx, const char *sid_str, id_t *id); bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx, const char *name, const char *dom_sid); #endif /* SDAP_IDMAP_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/ldap_access.c0000644000000000000000000000007412320753107021704 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.610874983 sssd-1.11.5/src/providers/ldap/ldap_access.c0000664002412700241270000000623312320753107022132 0ustar00jhrozekjhrozek00000000000000/* SSSD ldap_access.c Authors: Simo Sorce Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "src/util/util.h" #include "src/providers/data_provider.h" #include "src/providers/dp_backend.h" #include "src/providers/ldap/sdap_access.h" static void sdap_access_reply(struct be_req *be_req, int pam_status) { struct pam_data *pd; pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); pd->pam_status = pam_status; if (pam_status == PAM_SUCCESS || pam_status == PAM_PERM_DENIED || pam_status == PAM_ACCT_EXPIRED) { be_req_terminate(be_req, DP_ERR_OK, pam_status, NULL); } else { be_req_terminate(be_req, DP_ERR_FATAL, pam_status, NULL); } } static void sdap_access_done(struct tevent_req *req); void sdap_pam_access_handler(struct be_req *breq) { struct be_ctx *be_ctx = be_req_get_be_ctx(breq); struct pam_data *pd; struct tevent_req *req; struct sdap_access_ctx *access_ctx; struct sss_domain_info *dom; pd = talloc_get_type(be_req_get_data(breq), struct pam_data); access_ctx = talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data, struct sdap_access_ctx); dom = be_ctx->domain; if (strcasecmp(pd->domain, be_ctx->domain->name) != 0) { /* Subdomain request, verify subdomain */ dom = find_subdomain_by_name(be_ctx->domain, pd->domain, true); } req = sdap_access_send(breq, be_ctx->ev, be_ctx, dom, access_ctx, access_ctx->id_ctx->conn, pd); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to start sdap_access request\n")); sdap_access_reply(breq, PAM_SYSTEM_ERR); return; } tevent_req_set_callback(req, sdap_access_done, breq); } static void sdap_access_done(struct tevent_req *req) { errno_t ret; int pam_status; struct be_req *breq = tevent_req_callback_data(req, struct be_req); ret = sdap_access_recv(req); talloc_zfree(req); switch (ret) { case EOK: pam_status = PAM_SUCCESS; break; case ERR_ACCESS_DENIED: pam_status = PAM_PERM_DENIED; break; case ERR_ACCOUNT_EXPIRED: pam_status = PAM_ACCT_EXPIRED; break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Error retrieving access check result.\n")); pam_status = PAM_SYSTEM_ERR; break; } sdap_access_reply(breq, pam_status); } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/ldap_id_enum.c0000644000000000000000000000007412320753107022063 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.611874982 sssd-1.11.5/src/providers/ldap/ldap_id_enum.c0000664002412700241270000001202012320753107022300 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Identity Enumeration Authors: Simo Sorce Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async_enum.h" errno_t ldap_setup_enumeration(struct be_ctx *be_ctx, struct sdap_options *opts, struct sdap_domain *sdom, be_ptask_send_t send_fn, be_ptask_recv_t recv_fn, void *pvt) { errno_t ret; time_t first_delay; time_t period; bool has_enumerated; struct ldap_enum_ctx *ectx; ret = sysdb_has_enumerated(sdom->dom->sysdb, sdom->dom, &has_enumerated); if (ret != EOK) { return ret; } if (has_enumerated) { /* At least one enumeration has previously run, * so clients will get cached data. We will delay * starting to enumerate by 10s so we don't slow * down the startup process if this is happening * during system boot. */ first_delay = 10; } else { /* This is our first startup. Schedule the * enumeration to start immediately once we * enter the mainloop. */ first_delay = 0; } period = dp_opt_get_int(opts->basic, SDAP_ENUM_REFRESH_TIMEOUT); ectx = talloc(sdom, struct ldap_enum_ctx); if (ectx == NULL) { return ENOMEM; } ectx->sdom = sdom; ectx->pvt = pvt; ret = be_ptask_create(sdom, be_ctx, period, /* period */ first_delay, /* first_delay */ 5, /* enabled delay */ period, /* timeout */ BE_PTASK_OFFLINE_SKIP, send_fn, recv_fn, ectx, "enumeration", &sdom->enum_task); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to initialize enumeration periodic task\n")); talloc_free(ectx); return ret; } talloc_steal(sdom->enum_task, ectx); return EOK; } struct ldap_enumeration_state { struct ldap_enum_ctx *ectx; struct sdap_id_ctx *id_ctx; struct sss_domain_info *dom; }; static void ldap_enumeration_done(struct tevent_req *subreq); struct tevent_req * ldap_enumeration_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct be_ptask *be_ptask, void *pvt) { struct ldap_enumeration_state *state; struct tevent_req *req; struct tevent_req *subreq; struct ldap_enum_ctx *ectx; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct ldap_enumeration_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } ectx = talloc_get_type(pvt, struct ldap_enum_ctx); if (ectx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot retrieve ldap_enum_ctx!\n")); ret = EFAULT; goto fail; } state->ectx = ectx; state->dom = ectx->sdom->dom; state->id_ctx = talloc_get_type_abort(ectx->pvt, struct sdap_id_ctx); subreq = sdap_dom_enum_send(ectx, ev, state->id_ctx, ectx->sdom, state->id_ctx->conn); if (subreq == NULL) { /* The ptask API will reschedule the enumeration on its own on * failure */ DEBUG(SSSDBG_OP_FAILURE, ("Failed to schedule enumeration, retrying later!\n")); ret = EIO; goto fail; } tevent_req_set_callback(subreq, ldap_enumeration_done, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void ldap_enumeration_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); ret = sdap_dom_enum_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } errno_t ldap_enumeration_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_netgroups.c0000644000000000000000000000007312320753107023674 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.625874972 sssd-1.11.5/src/providers/ldap/sdap_async_netgroups.c0000664002412700241270000005675212320753107024136 0ustar00jhrozekjhrozek00000000000000/* SSSD Async LDAP Helper routines for netgroups Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/ldap_common.h" bool is_dn(const char *str) { int ret; LDAPDN dn; ret = ldap_str2dn(str, &dn, LDAP_DN_FORMAT_LDAPV3); ldap_dnfree(dn); return (ret == LDAP_SUCCESS ? true : false); } static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, struct sysdb_ctx *ctx, struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs *attrs, char **_timestamp, time_t now) { struct ldb_message_element *el; struct sysdb_attrs *netgroup_attrs; const char *name = NULL; int ret; char *timestamp = NULL; char **missing = NULL; ret = sdap_get_netgroup_primary_name(memctx, opts, attrs, dom, &name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get netgroup name\n")); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, ("Processing netgroup %s\n", name)); netgroup_attrs = sysdb_new_attrs(memctx); if (!netgroup_attrs) { ret = ENOMEM; goto fail; } ret = sdap_attrs_add_string(attrs, SYSDB_ORIG_DN, "original DN", name, netgroup_attrs); if (ret != EOK) { goto fail; } ret = sysdb_attrs_get_el(attrs, opts->netgroup_map[SDAP_AT_NETGROUP_MODSTAMP].sys_name, &el); if (ret) { goto fail; } if (el->num_values == 0) { DEBUG(7, ("Original mod-Timestamp is not available for [%s].\n", name)); } else { ret = sysdb_attrs_add_string(netgroup_attrs, opts->netgroup_map[SDAP_AT_NETGROUP_MODSTAMP].sys_name, (const char*)el->values[0].data); if (ret) { goto fail; } timestamp = talloc_strdup(memctx, (const char*)el->values[0].data); if (!timestamp) { ret = ENOMEM; goto fail; } } ret = sdap_attrs_add_list(attrs, opts->netgroup_map[SDAP_AT_NETGROUP_TRIPLE].sys_name, "netgroup triple", name, netgroup_attrs); if (ret != EOK) { goto fail; } ret = sdap_attrs_add_list(attrs, opts->netgroup_map[SDAP_AT_NETGROUP_MEMBER].sys_name, "original members", name, netgroup_attrs); if (ret != EOK) { goto fail; } ret = sdap_attrs_add_list(attrs, SYSDB_NETGROUP_MEMBER, "members", name, netgroup_attrs); if (ret != EOK) { goto fail; } DEBUG(6, ("Storing info for netgroup %s\n", name)); ret = sdap_save_all_names(name, attrs, dom, netgroup_attrs); if (ret != EOK) { DEBUG(1, ("Failed to save netgroup names\n")); goto fail; } /* Make sure that any attributes we requested from LDAP that we * did not receive are also removed from the sysdb */ ret = list_missing_attrs(attrs, opts->netgroup_map, SDAP_OPTS_NETGROUP, attrs, &missing); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to list missing attributes\n")); goto fail; } ret = sysdb_add_netgroup(ctx, dom, name, NULL, netgroup_attrs, missing, dom->netgroup_timeout, now); if (ret) goto fail; if (_timestamp) { *_timestamp = timestamp; } return EOK; fail: DEBUG(2, ("Failed to save netgroup %s\n", name)); return ret; } errno_t update_dn_list(struct dn_item *dn_list, const size_t count, struct ldb_message **res, bool *all_resolved) { struct dn_item *dn_item; size_t c; const char *dn; const char *cn; bool not_resolved = false; *all_resolved = false; DLIST_FOR_EACH(dn_item, dn_list) { if (dn_item->cn != NULL) { continue; } for(c = 0; c < count; c++) { dn = ldb_msg_find_attr_as_string(res[c], SYSDB_ORIG_DN, NULL); if (dn == NULL) { DEBUG(1, ("Missing original DN.\n")); return EINVAL; } if (strcmp(dn, dn_item->dn) == 0) { DEBUG(9, ("Found matching entry for [%s].\n", dn_item->dn)); cn = ldb_msg_find_attr_as_string(res[c], SYSDB_NAME, NULL); if (cn == NULL) { DEBUG(1, ("Missing name.\n")); return EINVAL; } dn_item->cn = talloc_strdup(dn_item, cn); break; } } if (dn_item->cn == NULL) { not_resolved = true; } } *all_resolved = !not_resolved; return EOK; } struct netgr_translate_members_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; struct sysdb_ctx *sysdb; struct sysdb_attrs **netgroups; size_t count; struct dn_item *dn_list; struct dn_item *dn_item; struct dn_item *dn_idx; }; static errno_t netgr_translate_members_ldap_step(struct tevent_req *req); static void netgr_translate_members_ldap_done(struct tevent_req *subreq); struct tevent_req *netgr_translate_members_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, struct sss_domain_info *dom, struct sysdb_ctx *sysdb, const size_t count, struct sysdb_attrs **netgroups) { struct tevent_req *req; struct netgr_translate_members_state *state; size_t c; size_t mc; const char **member_list; size_t sysdb_count; int ret; struct ldb_message **sysdb_res; struct dn_item *dn_item; char *dn_filter; char *sysdb_filter; struct ldb_dn *netgr_basedn; bool all_resolved; const char *cn_attr[] = { SYSDB_NAME, SYSDB_ORIG_DN, NULL }; req = tevent_req_create(memctx, &state, struct netgr_translate_members_state); if (req == NULL) { return NULL; } state->ev = ev; state->opts = opts; state->sh = sh; state->sysdb = sysdb; state->netgroups = netgroups; state->count = count; state->dn_list = NULL; state->dn_item = NULL; state->dn_idx = NULL; for (c = 0; c < count; c++) { ret = sysdb_attrs_get_string_array(netgroups[c], SYSDB_ORIG_NETGROUP_MEMBER, state, &member_list); if (ret != EOK) { DEBUG(7, ("Missing netgroup members.\n")); continue; } for (mc = 0; member_list[mc] != NULL; mc++) { if (is_dn(member_list[mc])) { dn_item = talloc_zero(state, struct dn_item); if (dn_item == NULL) { DEBUG(1, ("talloc failed.\n")); ret = ENOMEM; goto fail; } DEBUG(9, ("Adding [%s] to DN list.\n", member_list[mc])); dn_item->netgroup = netgroups[c]; dn_item->dn = member_list[mc]; DLIST_ADD(state->dn_list, dn_item); } else { ret = sysdb_attrs_add_string(netgroups[c], SYSDB_NETGROUP_MEMBER, member_list[mc]); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_add_string failed.\n")); goto fail; } } } } if (state->dn_list == NULL) { DEBUG(9, ("No DNs found among netgroup members.\n")); tevent_req_done(req); tevent_req_post(req, ev); return req; } dn_filter = talloc_strdup(state, "(|"); if (dn_filter == NULL) { DEBUG(1, ("talloc_strdup failed.\n")); ret = ENOMEM;; goto fail; } DLIST_FOR_EACH(dn_item, state->dn_list) { dn_filter = talloc_asprintf_append(dn_filter, "(%s=%s)", SYSDB_ORIG_DN, dn_item->dn); if (dn_filter == NULL) { DEBUG(1, ("talloc_asprintf_append failed.\n")); ret = ENOMEM; goto fail; } } dn_filter = talloc_asprintf_append(dn_filter, ")"); if (dn_filter == NULL) { DEBUG(1, ("talloc_asprintf_append failed.\n")); ret = ENOMEM; goto fail; } sysdb_filter = talloc_asprintf(state, "(&(%s)%s)", SYSDB_NC, dn_filter); if (sysdb_filter == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto fail; } netgr_basedn = sysdb_netgroup_base_dn(sysdb, state, dom); if (netgr_basedn == NULL) { ret = ENOMEM; goto fail; } ret = sysdb_search_entry(state, sysdb, netgr_basedn, LDB_SCOPE_BASE, sysdb_filter, cn_attr, &sysdb_count, &sysdb_res); talloc_zfree(netgr_basedn); talloc_zfree(sysdb_filter); if (ret != EOK && ret != ENOENT) { DEBUG(1, ("sysdb_search_entry failed.\n")); goto fail; } if (ret == EOK) { ret = update_dn_list(state->dn_list, sysdb_count, sysdb_res, &all_resolved); if (ret != EOK) { DEBUG(1, ("update_dn_list failed.\n")); goto fail; } if (all_resolved) { DLIST_FOR_EACH(dn_item, state->dn_list) { ret = sysdb_attrs_add_string(dn_item->netgroup, SYSDB_NETGROUP_MEMBER, dn_item->cn); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_add_string failed.\n")); goto fail; } } tevent_req_done(req); tevent_req_post(req, ev); return req; } } state->dn_idx = state->dn_list; ret = netgr_translate_members_ldap_step(req); if (ret != EOK && ret != EAGAIN) { DEBUG(1, ("netgr_translate_members_ldap_step failed.\n")); goto fail; } if (ret == EOK) { tevent_req_done(req); tevent_req_post(req, ev); } return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } /* netgr_translate_members_ldap_step() returns * EOK: if everthing is translated, the caller can call tevent_req_done * EAGAIN: if there are still members waiting to be translated, the caller * should return to the mainloop * Exyz: every other return code indicates an error and tevent_req_error * should be called */ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req) { struct netgr_translate_members_state *state = tevent_req_data(req, struct netgr_translate_members_state); const char **cn_attr; char *filter = NULL; struct tevent_req *subreq; int ret; DLIST_FOR_EACH(state->dn_item, state->dn_idx) { if (state->dn_item->cn == NULL) { break; } } if (state->dn_item == NULL) { DLIST_FOR_EACH(state->dn_item, state->dn_list) { ret = sysdb_attrs_add_string(state->dn_item->netgroup, SYSDB_NETGROUP_MEMBER, state->dn_item->cn); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_add_string failed.\n")); tevent_req_error(req, ret); return ret; } } return EOK; } if (!sss_ldap_dn_in_search_bases(state, state->dn_item->dn, state->opts->sdom->netgroup_search_bases, &filter)) { /* not in search base, skip it */ state->dn_idx = state->dn_item->next; DLIST_REMOVE(state->dn_list, state->dn_item); return netgr_translate_members_ldap_step(req); } cn_attr = talloc_array(state, const char *, 3); if (cn_attr == NULL) { DEBUG(1, ("talloc_array failed.\n")); return ENOMEM; } cn_attr[0] = state->opts->netgroup_map[SDAP_AT_NETGROUP_NAME].name; cn_attr[1] = "objectclass"; cn_attr[2] = NULL; DEBUG(9, ("LDAP base search for [%s].\n", state->dn_item->dn)); subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, state->dn_item->dn, LDAP_SCOPE_BASE, filter, cn_attr, state->opts->netgroup_map, SDAP_OPTS_NETGROUP, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (!subreq) { DEBUG(1, ("sdap_get_generic_send failed.\n")); return ENOMEM; } talloc_steal(subreq, cn_attr); tevent_req_set_callback(subreq, netgr_translate_members_ldap_done, req); return EAGAIN; } static void netgr_translate_members_ldap_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct netgr_translate_members_state *state = tevent_req_data(req, struct netgr_translate_members_state); int ret; size_t count; struct sysdb_attrs **netgroups; const char *str; ret = sdap_get_generic_recv(subreq, state, &count, &netgroups); talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("sdap_get_generic request failed.\n")); goto fail; } switch (count) { case 0: DEBUG(0, ("sdap_get_generic_recv found no entry for [%s].\n", state->dn_item->dn)); break; case 1: ret = sysdb_attrs_get_string(netgroups[0], SYSDB_NAME, &str); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_add_string failed.\n")); break; } state->dn_item->cn = talloc_strdup(state->dn_item, str); if (state->dn_item->cn == NULL) { DEBUG(1, ("talloc_strdup failed.\n")); } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unexpected number of results [%zu] for base search.\n", count)); } if (state->dn_item->cn == NULL) { DEBUG(1, ("Failed to resolve netgroup name for DN [%s], using DN.\n", state->dn_item->dn)); state->dn_item->cn = talloc_strdup(state->dn_item, state->dn_item->dn); } state->dn_idx = state->dn_item->next; ret = netgr_translate_members_ldap_step(req); if (ret != EOK && ret != EAGAIN) { DEBUG(1, ("netgr_translate_members_ldap_step failed.\n")); goto fail; } if (ret == EOK) { tevent_req_done(req); } return; fail: tevent_req_error(req, ret); return; } static errno_t netgroup_translate_ldap_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *count, struct sysdb_attrs ***netgroups) { struct netgr_translate_members_state *state = tevent_req_data(req, struct netgr_translate_members_state); TEVENT_REQ_RETURN_ON_ERROR(req); *count = state->count; *netgroups = talloc_steal(mem_ctx, state->netgroups); return EOK; } /* ==Search-Netgroups-with-filter============================================ */ struct sdap_get_netgroups_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; struct sss_domain_info *dom; struct sysdb_ctx *sysdb; const char **attrs; const char *base_filter; char *filter; int timeout; char *higher_timestamp; struct sysdb_attrs **netgroups; size_t count; size_t base_iter; struct sdap_search_base **search_bases; }; static errno_t sdap_get_netgroups_next_base(struct tevent_req *req); static void sdap_get_netgroups_process(struct tevent_req *subreq); static void netgr_translate_members_done(struct tevent_req *subreq); struct tevent_req *sdap_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *dom, struct sysdb_ctx *sysdb, struct sdap_options *opts, struct sdap_search_base **search_bases, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout) { errno_t ret; struct tevent_req *req; struct sdap_get_netgroups_state *state; req = tevent_req_create(memctx, &state, struct sdap_get_netgroups_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->dom = dom; state->sh = sh; state->sysdb = sysdb; state->attrs = attrs; state->higher_timestamp = NULL; state->netgroups = NULL; state->count = 0; state->timeout = timeout; state->base_filter = filter; state->base_iter = 0; state->search_bases = search_bases; if (!state->search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("Netgroup lookup request without a netgroup search base\n")); ret = EINVAL; goto done; } ret = sdap_get_netgroups_next_base(req); done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, state->ev); } return req; } static errno_t sdap_get_netgroups_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_get_netgroups_state *state; state = tevent_req_data(req, struct sdap_get_netgroups_state); talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter(state, state->base_filter, state->search_bases[state->base_iter]->filter); if (!state->filter) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for netgroups with base [%s]\n", state->search_bases[state->base_iter]->basedn)); subreq = sdap_get_generic_send( state, state->ev, state->opts, state->sh, state->search_bases[state->base_iter]->basedn, state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->netgroup_map, SDAP_OPTS_NETGROUP, state->timeout, false); if (!subreq) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_get_netgroups_process, req); return EOK; } static void sdap_get_netgroups_process(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_netgroups_state *state = tevent_req_data(req, struct sdap_get_netgroups_state); int ret; ret = sdap_get_generic_recv(subreq, state, &state->count, &state->netgroups); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_FUNC, ("Search for netgroups, returned %zu results.\n", state->count)); if (state->count == 0) { /* No netgroups found in this search */ state->base_iter++; if (state->search_bases[state->base_iter]) { /* There are more search bases to try */ ret = sdap_get_netgroups_next_base(req); if (ret != EOK) { tevent_req_error(req, ENOENT); } return; } tevent_req_error(req, ENOENT); return; } subreq = netgr_translate_members_send(state, state->ev, state->opts, state->sh, state->dom, state->sysdb, state->count, state->netgroups); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, netgr_translate_members_done, req); return; } static void netgr_translate_members_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_netgroups_state *state = tevent_req_data(req, struct sdap_get_netgroups_state); int ret; size_t c; time_t now; ret = netgroup_translate_ldap_members_recv(subreq, state, &state->count, &state->netgroups); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } now = time(NULL); for (c = 0; c < state->count; c++) { ret = sdap_save_netgroup(state, state->sysdb, state->dom, state->opts, state->netgroups[c], &state->higher_timestamp, now); if (ret) { DEBUG(2, ("Failed to store netgroups.\n")); tevent_req_error(req, ret); return; } } DEBUG(SSSDBG_TRACE_ALL, ("Saving %zu Netgroups - Done\n", state->count)); tevent_req_done(req); } int sdap_get_netgroups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **timestamp, size_t *reply_count, struct sysdb_attrs ***reply) { struct sdap_get_netgroups_state *state = tevent_req_data(req, struct sdap_get_netgroups_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (timestamp) { *timestamp = talloc_steal(mem_ctx, state->higher_timestamp); } if (reply_count) { *reply_count = state->count; } if (reply) { *reply = talloc_steal(mem_ctx, state->netgroups); } return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_enum.h0000644000000000000000000000007312320753107022617 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.484875076 sssd-1.11.5/src/providers/ldap/sdap_async_enum.h0000664002412700241270000000316412320753107023046 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Enumeration Module Authors: Simo Sorce Jakub Hrozek Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SDAP_ASYNC_ENUM_H_ #define _SDAP_ASYNC_ENUM_H_ struct tevent_req * sdap_dom_enum_ex_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *user_conn, struct sdap_id_conn_ctx *group_conn, struct sdap_id_conn_ctx *svc_conn); errno_t sdap_dom_enum_ex_recv(struct tevent_req *req); struct tevent_req * sdap_dom_enum_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn); errno_t sdap_dom_enum_recv(struct tevent_req *req); #endif /* _SDAP_ASYNC_ENUM_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_sudo.c0000644000000000000000000000007412320753107021424 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.639874962 sssd-1.11.5/src/providers/ldap/sdap_sudo.c0000664002412700241270000012406712320753107021660 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "providers/dp_backend.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_sudo.h" #include "providers/ldap/sdap_sudo_cache.h" #include "db/sysdb_sudo.h" #define SUDO_MAX_FIRST_REFRESH_DELAY 16 struct sdap_sudo_full_refresh_state { struct sdap_sudo_ctx *sudo_ctx; struct sdap_id_ctx *id_ctx; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; int dp_error; int error; }; static struct tevent_req *sdap_sudo_full_refresh_send(TALLOC_CTX *mem_ctx, struct sdap_sudo_ctx *sudo_ctx); static void sdap_sudo_full_refresh_done(struct tevent_req *subreq); static int sdap_sudo_full_refresh_recv(struct tevent_req *req, int *dp_error, int *error); struct sdap_sudo_rules_refresh_state { struct sdap_id_ctx *id_ctx; size_t num_rules; int dp_error; int error; }; static struct tevent_req *sdap_sudo_rules_refresh_send(TALLOC_CTX *mem_ctx, struct sdap_sudo_ctx *sudo_ctx, struct be_ctx *be_ctx, struct sdap_options *opts, struct sdap_id_conn_cache *conn_cache, char **rules); static void sdap_sudo_rules_refresh_done(struct tevent_req *subreq); static int sdap_sudo_rules_refresh_recv(struct tevent_req *req, int *dp_error, int *error); struct sdap_sudo_smart_refresh_state { struct tevent_req *subreq; struct sdap_id_ctx *id_ctx; struct sysdb_ctx *sysdb; }; static struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, struct sdap_sudo_ctx *sudo_ctx); static void sdap_sudo_smart_refresh_done(struct tevent_req *subreq); static int sdap_sudo_smart_refresh_recv(struct tevent_req *req, int *dp_error, int *error); static void sdap_sudo_periodical_first_refresh_done(struct tevent_req *req); static void sdap_sudo_periodical_full_refresh_done(struct tevent_req *req); static void sdap_sudo_periodical_smart_refresh_done(struct tevent_req *req); static int sdap_sudo_schedule_refresh(TALLOC_CTX *mem_ctx, struct sdap_sudo_ctx *sudo_ctx, enum sdap_sudo_refresh_type refresh, tevent_req_fn callback, time_t delay, time_t timeout, struct tevent_req **_req); static int sdap_sudo_schedule_full_refresh(struct sdap_sudo_ctx *sudo_ctx, time_t delay); static int sdap_sudo_schedule_smart_refresh(struct sdap_sudo_ctx *sudo_ctx, time_t delay); static void sdap_sudo_shutdown(struct be_req *req) { sdap_handler_done(req, DP_ERR_OK, EOK, NULL); } struct bet_ops sdap_sudo_ops = { .handler = sdap_sudo_handler, .finalize = sdap_sudo_shutdown }; static void sdap_sudo_get_hostinfo_done(struct tevent_req *req); static int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx); int sdap_sudo_init(struct be_ctx *be_ctx, struct sdap_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data) { struct sdap_sudo_ctx *sudo_ctx = NULL; struct tevent_req *req = NULL; int ret; DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing sudo LDAP back end\n")); sudo_ctx = talloc_zero(be_ctx, struct sdap_sudo_ctx); if (sudo_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc() failed\n")); return ENOMEM; } sudo_ctx->id_ctx = id_ctx; *ops = &sdap_sudo_ops; *pvt_data = sudo_ctx; /* we didn't do any full refresh now, * so we don't have current usn values available */ sudo_ctx->full_refresh_done = false; ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb, be_ctx->conf_path, id_ctx->opts, &sudo_ctx->use_host_filter, &sudo_ctx->include_regexp, &sudo_ctx->include_netgroups); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot get SUDO options [%d]: %s\n", ret, strerror(ret))); return ret; } req = sdap_sudo_get_hostinfo_send(sudo_ctx, id_ctx->opts, be_ctx); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve host information - " "(host filter will be disabled)\n")); sudo_ctx->use_host_filter = false; ret = sdap_sudo_setup_periodical_refresh(sudo_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to setup periodical refresh" "of sudo rules [%d]: %s\n", ret, strerror(ret))); /* periodical updates will not work, but specific-rule update * is no affected by this, therefore we don't have to fail here */ } } else { tevent_req_set_callback(req, sdap_sudo_get_hostinfo_done, sudo_ctx); } return EOK; } static void sdap_sudo_get_hostinfo_done(struct tevent_req *req) { struct sdap_sudo_ctx *sudo_ctx = NULL; char **hostnames = NULL; char **ip_addr = NULL; int ret; sudo_ctx = tevent_req_callback_data(req, struct sdap_sudo_ctx); ret = sdap_sudo_get_hostinfo_recv(sudo_ctx, req, &hostnames, &ip_addr); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve host information - " "(host filter will be disabled) [%d]: %s\n", ret, strerror(ret))); sudo_ctx->use_host_filter = false; } talloc_zfree(sudo_ctx->hostnames); talloc_zfree(sudo_ctx->ip_addr); sudo_ctx->hostnames = talloc_move(sudo_ctx, &hostnames); sudo_ctx->ip_addr = talloc_move(sudo_ctx, &ip_addr); ret = sdap_sudo_setup_periodical_refresh(sudo_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to setup periodical refresh" "of sudo rules [%d]: %s\n", ret, strerror(ret))); } } static int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx) { struct sdap_id_ctx *id_ctx = sudo_ctx->id_ctx; time_t smart_default; time_t smart_interval; time_t full_interval; time_t last_full; time_t delay; int ret; smart_interval = dp_opt_get_int(id_ctx->opts->basic, SDAP_SUDO_SMART_REFRESH_INTERVAL); full_interval = dp_opt_get_int(id_ctx->opts->basic, SDAP_SUDO_FULL_REFRESH_INTERVAL); if (smart_interval == 0 && full_interval == 0) { smart_default = id_ctx->opts->basic[SDAP_SUDO_SMART_REFRESH_INTERVAL].def_val.number; DEBUG(SSSDBG_MINOR_FAILURE, ("At least one periodical update has to be " "enabled. Setting smart refresh interval to default value (%ld).\n", smart_default)); ret = dp_opt_set_int(id_ctx->opts->basic, SDAP_SUDO_SMART_REFRESH_INTERVAL, smart_default); if (ret != EOK) { return ret; } } if (full_interval <= smart_interval) { DEBUG(SSSDBG_MINOR_FAILURE, ("Full refresh interval has to be greater" "than smart refresh interval. Periodical full refresh will be " "disabled.\n")); ret = dp_opt_set_int(id_ctx->opts->basic, SDAP_SUDO_FULL_REFRESH_INTERVAL, 0); if (ret != EOK) { return ret; } } ret = sysdb_sudo_get_last_full_refresh(id_ctx->be->domain->sysdb, id_ctx->be->domain, &last_full); if (ret != EOK) { return ret; } if (last_full == 0) { /* If this is the first startup, we need to kick off * an refresh immediately, to close a window where * clients requesting sudo information won't get an * immediate reply with no entries */ delay = 0; } else { /* At least one update has previously run, * so clients will get cached data. * We will delay the refresh so we don't slow * down the startup process if this is happening * during system boot. */ /* delay at least by 10s */ delay = 10; } ret = sdap_sudo_schedule_refresh(sudo_ctx, sudo_ctx, SDAP_SUDO_REFRESH_FULL, sdap_sudo_periodical_first_refresh_done, delay, full_interval, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to schedule full refresh of sudo " "rules! Periodical updates will not work!\n")); return ret; } return EOK; } static void sdap_sudo_set_usn(struct sdap_server_opts *srv_opts, char *usn) { unsigned int usn_number; char *endptr = NULL; if (srv_opts != NULL && usn != NULL) { talloc_zfree(srv_opts->max_sudo_value); srv_opts->max_sudo_value = talloc_steal(srv_opts, usn); usn_number = strtoul(usn, &endptr, 10); if ((endptr == NULL || (*endptr == '\0' && endptr != usn)) && (usn_number > srv_opts->last_usn)) { srv_opts->last_usn = usn_number; } DEBUG(SSSDBG_FUNC_DATA, ("SUDO higher USN value: [%s]\n", srv_opts->max_sudo_value)); } else { DEBUG(SSSDBG_TRACE_FUNC, ("srv_opts is NULL\n")); } } static char *sdap_sudo_build_host_filter(TALLOC_CTX *mem_ctx, struct sdap_attr_map *map, char **hostnames, char **ip_addr, bool netgroups, bool regexp) { TALLOC_CTX *tmp_ctx = NULL; char *filter = NULL; int i; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return NULL; } filter = talloc_strdup(tmp_ctx, "(|"); if (filter == NULL) { goto done; } /* sudoHost is not specified */ filter = talloc_asprintf_append_buffer(filter, "(!(%s=*))", map[SDAP_AT_SUDO_HOST].name); if (filter == NULL) { goto done; } /* ALL */ filter = talloc_asprintf_append_buffer(filter, "(%s=ALL)", map[SDAP_AT_SUDO_HOST].name); if (filter == NULL) { goto done; } /* hostnames */ if (hostnames != NULL) { for (i = 0; hostnames[i] != NULL; i++) { filter = talloc_asprintf_append_buffer(filter, "(%s=%s)", map[SDAP_AT_SUDO_HOST].name, hostnames[i]); if (filter == NULL) { goto done; } } } /* ip addresses and networks */ if (ip_addr != NULL) { for (i = 0; ip_addr[i] != NULL; i++) { filter = talloc_asprintf_append_buffer(filter, "(%s=%s)", map[SDAP_AT_SUDO_HOST].name, ip_addr[i]); if (filter == NULL) { goto done; } } } /* sudoHost contains netgroup - will be filtered more by sudo */ if (netgroups) { filter = talloc_asprintf_append_buffer(filter, SDAP_SUDO_FILTER_NETGROUP, map[SDAP_AT_SUDO_HOST].name, "*"); if (filter == NULL) { goto done; } } /* sudoHost contains regexp - will be filtered more by sudo */ /* from sudo match.c : * #define has_meta(s) (strpbrk(s, "\\?*[]") != NULL) */ if (regexp) { filter = talloc_asprintf_append_buffer(filter, "(|(%s=*\\\\*)(%s=*?*)(%s=*\\**)" "(%s=*[*]*))", map[SDAP_AT_SUDO_HOST].name, map[SDAP_AT_SUDO_HOST].name, map[SDAP_AT_SUDO_HOST].name, map[SDAP_AT_SUDO_HOST].name); if (filter == NULL) { goto done; } } filter = talloc_strdup_append_buffer(filter, ")"); if (filter == NULL) { goto done; } talloc_steal(mem_ctx, filter); done: talloc_free(tmp_ctx); return filter; } static char *sdap_sudo_get_filter(TALLOC_CTX *mem_ctx, struct sdap_attr_map *map, struct sdap_sudo_ctx *sudo_ctx, const char *rule_filter) { TALLOC_CTX *tmp_ctx = NULL; char *host_filter = NULL; char *filter = NULL; if (!sudo_ctx->use_host_filter) { return talloc_strdup(mem_ctx, rule_filter); } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return NULL; } host_filter = sdap_sudo_build_host_filter(tmp_ctx, map, sudo_ctx->hostnames, sudo_ctx->ip_addr, sudo_ctx->include_netgroups, sudo_ctx->include_regexp); if (host_filter == NULL) { goto done; } filter = sdap_get_id_specific_filter(tmp_ctx, rule_filter, host_filter); if (filter == NULL) { goto done; } talloc_steal(mem_ctx, filter); done: talloc_free(tmp_ctx); return filter; } static void sdap_sudo_reply(struct tevent_req *req) { struct be_req *be_req = NULL; struct be_sudo_req *sudo_req = NULL; int dp_error = DP_ERR_OK; int error = EOK; int ret; be_req = tevent_req_callback_data(req, struct be_req); sudo_req = talloc_get_type(be_req_get_data(be_req), struct be_sudo_req); switch (sudo_req->type) { case BE_REQ_SUDO_FULL: ret = sdap_sudo_full_refresh_recv(req, &dp_error, &error); break; case BE_REQ_SUDO_RULES: ret = sdap_sudo_rules_refresh_recv(req, &dp_error, &error); break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid request type: %d\n", sudo_req->type)); ret = EINVAL; } talloc_zfree(req); if (ret != EOK) { sdap_handler_done(be_req, DP_ERR_FATAL, ret, strerror(ret)); return; } sdap_handler_done(be_req, dp_error, error, strerror(error)); } void sdap_sudo_handler(struct be_req *be_req) { struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct tevent_req *req = NULL; struct be_sudo_req *sudo_req = NULL; struct sdap_sudo_ctx *sudo_ctx = NULL; struct sdap_id_ctx *id_ctx = NULL; int ret = EOK; sudo_ctx = talloc_get_type(be_ctx->bet_info[BET_SUDO].pvt_bet_data, struct sdap_sudo_ctx); id_ctx = sudo_ctx->id_ctx; sudo_req = talloc_get_type(be_req_get_data(be_req), struct be_sudo_req); switch (sudo_req->type) { case BE_REQ_SUDO_FULL: DEBUG(SSSDBG_TRACE_FUNC, ("Issuing a full refresh of sudo rules\n")); req = sdap_sudo_full_refresh_send(be_req, sudo_ctx); break; case BE_REQ_SUDO_RULES: DEBUG(SSSDBG_TRACE_FUNC, ("Issuing a refresh of specific sudo rules\n")); req = sdap_sudo_rules_refresh_send(be_req, sudo_ctx, id_ctx->be, id_ctx->opts, id_ctx->conn->conn_cache, sudo_req->rules); break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid request type: %d\n", sudo_req->type)); ret = EINVAL; goto fail; } if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to send request: %d\n", sudo_req->type)); ret = ENOMEM; goto fail; } tevent_req_set_callback(req, sdap_sudo_reply, be_req); return; fail: sdap_handler_done(be_req, DP_ERR_FATAL, ret, NULL); } /* issue full refresh of sudo rules */ static struct tevent_req *sdap_sudo_full_refresh_send(TALLOC_CTX *mem_ctx, struct sdap_sudo_ctx *sudo_ctx) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_id_ctx *id_ctx = sudo_ctx->id_ctx; struct sdap_sudo_full_refresh_state *state = NULL; char *ldap_filter = NULL; char *ldap_full_filter = NULL; char *sysdb_filter = NULL; int ret; req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_full_refresh_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } sudo_ctx->full_refresh_in_progress = true; state->sudo_ctx = sudo_ctx; state->id_ctx = id_ctx; state->sysdb = id_ctx->be->domain->sysdb; state->domain = id_ctx->be->domain; /* Download all rules from LDAP */ ldap_filter = talloc_asprintf(state, SDAP_SUDO_FILTER_CLASS, id_ctx->opts->sudorule_map[SDAP_OC_SUDORULE].name); if (ldap_filter == NULL) { ret = ENOMEM; goto immediately; } ldap_full_filter = sdap_sudo_get_filter(state, id_ctx->opts->sudorule_map, sudo_ctx, ldap_filter); if (ldap_full_filter == NULL) { ret = ENOMEM; goto immediately; } /* Remove all rules from cache */ sysdb_filter = talloc_asprintf(state, "(%s=%s)", SYSDB_OBJECTCLASS, SYSDB_SUDO_CACHE_OC); if (sysdb_filter == NULL) { ret = ENOMEM; goto immediately; } DEBUG(SSSDBG_TRACE_FUNC, ("Issuing a full refresh of sudo rules\n")); subreq = sdap_sudo_refresh_send(state, id_ctx->be, id_ctx->opts, id_ctx->conn->conn_cache, ldap_full_filter, sysdb_filter); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_sudo_full_refresh_done, req); /* free filters */ talloc_free(ldap_filter); talloc_free(ldap_full_filter); talloc_free(sysdb_filter); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, id_ctx->be->ev); return req; } static void sdap_sudo_full_refresh_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; struct sdap_sudo_full_refresh_state *state = NULL; char *highest_usn = NULL; int ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_sudo_full_refresh_state); ret = sdap_sudo_refresh_recv(state, subreq, &state->dp_error, &state->error, &highest_usn, NULL); talloc_zfree(subreq); if (ret != EOK || state->dp_error != DP_ERR_OK || state->error != EOK) { goto done; } state->sudo_ctx->full_refresh_done = true; /* save the time in the sysdb */ ret = sysdb_sudo_set_last_full_refresh(state->sysdb, state->domain, time(NULL)); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to save time of " "a successful full refresh\n")); /* this is only a minor error that does not affect the functionality, * therefore there is no need to report it with tevent_req_error() * which would cause problems in the consumers */ } DEBUG(SSSDBG_TRACE_FUNC, ("Successful full refresh of sudo rules\n")); /* set highest usn */ if (highest_usn != NULL) { sdap_sudo_set_usn(state->id_ctx->srv_opts, highest_usn); } done: state->sudo_ctx->full_refresh_in_progress = false; if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static int sdap_sudo_full_refresh_recv(struct tevent_req *req, int *dp_error, int *error) { struct sdap_sudo_full_refresh_state *state = NULL; state = tevent_req_data(req, struct sdap_sudo_full_refresh_state); TEVENT_REQ_RETURN_ON_ERROR(req); *dp_error = state->dp_error; *error = state->error; return EOK; } /* issue refresh of specific sudo rules */ static struct tevent_req *sdap_sudo_rules_refresh_send(TALLOC_CTX *mem_ctx, struct sdap_sudo_ctx *sudo_ctx, struct be_ctx *be_ctx, struct sdap_options *opts, struct sdap_id_conn_cache *conn_cache, char **rules) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_sudo_rules_refresh_state *state = NULL; TALLOC_CTX *tmp_ctx = NULL; char *ldap_filter = NULL; char *ldap_full_filter = NULL; char *sysdb_filter = NULL; char *safe_rule = NULL; int ret; int i; if (rules == NULL) { return NULL; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return NULL; } req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_rules_refresh_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } ldap_filter = talloc_zero(tmp_ctx, char); /* assign to tmp_ctx */ sysdb_filter = talloc_zero(tmp_ctx, char); /* assign to tmp_ctx */ /* Download only selected rules from LDAP */ /* Remove all selected rules from cache */ for (i = 0; rules[i] != NULL; i++) { ret = sss_filter_sanitize(tmp_ctx, rules[i], &safe_rule); if (ret != EOK) { ret = ENOMEM; goto immediately; } ldap_filter = talloc_asprintf_append_buffer(ldap_filter, "(%s=%s)", opts->sudorule_map[SDAP_AT_SUDO_NAME].name, safe_rule); if (ldap_filter == NULL) { ret = ENOMEM; goto immediately; } sysdb_filter = talloc_asprintf_append_buffer(sysdb_filter, "(%s=%s)", SYSDB_SUDO_CACHE_AT_CN, safe_rule); if (sysdb_filter == NULL) { ret = ENOMEM; goto immediately; } } state->id_ctx = sudo_ctx->id_ctx; state->num_rules = i; ldap_filter = talloc_asprintf(tmp_ctx, "(&"SDAP_SUDO_FILTER_CLASS"(|%s))", opts->sudorule_map[SDAP_OC_SUDORULE].name, ldap_filter); if (ldap_filter == NULL) { ret = ENOMEM; goto immediately; } ldap_full_filter = sdap_sudo_get_filter(tmp_ctx, opts->sudorule_map, sudo_ctx, ldap_filter); if (ldap_full_filter == NULL) { ret = ENOMEM; goto immediately; } sysdb_filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)(|%s))", SYSDB_OBJECTCLASS, SYSDB_SUDO_CACHE_OC, sysdb_filter); if (sysdb_filter == NULL) { ret = ENOMEM; goto immediately; } subreq = sdap_sudo_refresh_send(req, be_ctx, opts, conn_cache, ldap_full_filter, sysdb_filter); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_sudo_rules_refresh_done, req); ret = EOK; immediately: talloc_free(tmp_ctx); if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, be_ctx->ev); } return req; } static void sdap_sudo_rules_refresh_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; struct sdap_sudo_rules_refresh_state *state = NULL; char *highest_usn = NULL; size_t downloaded_rules_num; int ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_sudo_rules_refresh_state); ret = sdap_sudo_refresh_recv(state, subreq, &state->dp_error, &state->error, &highest_usn, &downloaded_rules_num); talloc_zfree(subreq); if (ret != EOK || state->dp_error != DP_ERR_OK || state->error != EOK) { goto done; } /* set highest usn */ if (highest_usn != NULL) { sdap_sudo_set_usn(state->id_ctx->srv_opts, highest_usn); } if (downloaded_rules_num != state->num_rules) { state->error = ENOENT; } done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static int sdap_sudo_rules_refresh_recv(struct tevent_req *req, int *dp_error, int *error) { struct sdap_sudo_rules_refresh_state *state = NULL; state = tevent_req_data(req, struct sdap_sudo_rules_refresh_state); TEVENT_REQ_RETURN_ON_ERROR(req); *dp_error = state->dp_error; *error = state->error; return EOK; } /* issue smart refresh of sudo rules */ static struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, struct sdap_sudo_ctx *sudo_ctx) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_id_ctx *id_ctx = sudo_ctx->id_ctx; struct sdap_attr_map *map = id_ctx->opts->sudorule_map; struct sdap_server_opts *srv_opts = id_ctx->srv_opts; struct sdap_sudo_smart_refresh_state *state = NULL; char *ldap_filter = NULL; char *ldap_full_filter = NULL; const char *usn; int ret; req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_smart_refresh_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } if (!sudo_ctx->full_refresh_done && (srv_opts == NULL || srv_opts->max_sudo_value == 0)) { /* Perform full refresh first */ DEBUG(SSSDBG_TRACE_FUNC, ("USN value is unknown, " "waiting for full refresh!\n")); ret = EINVAL; goto immediately; } state->id_ctx = id_ctx; state->sysdb = id_ctx->be->domain->sysdb; /* Download all rules from LDAP that are newer than usn */ usn = srv_opts->max_sudo_value; if (usn != NULL) { ldap_filter = talloc_asprintf(state, "(&(objectclass=%s)(%s>=%s)(!(%s=%s)))", map[SDAP_OC_SUDORULE].name, map[SDAP_AT_SUDO_USN].name, usn, map[SDAP_AT_SUDO_USN].name, usn); } else { /* no valid USN value known */ ldap_filter = talloc_asprintf(state, SDAP_SUDO_FILTER_CLASS, map[SDAP_OC_SUDORULE].name); } if (ldap_filter == NULL) { ret = ENOMEM; goto immediately; } ldap_full_filter = sdap_sudo_get_filter(state, map, sudo_ctx, ldap_filter); if (ldap_full_filter == NULL) { ret = ENOMEM; goto immediately; } /* Do not remove any rules that are already in the sysdb * sysdb_filter = NULL; */ DEBUG(SSSDBG_TRACE_FUNC, ("Issuing a smart refresh of sudo rules " "(USN > %s)\n", (usn == NULL ? "0" : usn))); subreq = sdap_sudo_refresh_send(state, id_ctx->be, id_ctx->opts, id_ctx->conn->conn_cache, ldap_full_filter, NULL); if (subreq == NULL) { ret = ENOMEM; goto immediately; } state->subreq = subreq; tevent_req_set_callback(subreq, sdap_sudo_smart_refresh_done, req); /* free filters */ talloc_free(ldap_filter); talloc_free(ldap_full_filter); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, id_ctx->be->ev); return req; } static void sdap_sudo_smart_refresh_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; struct sdap_sudo_smart_refresh_state *state = NULL; char *highest_usn = NULL; int dp_error; int error; int ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_sudo_smart_refresh_state); ret = sdap_sudo_refresh_recv(state, subreq, &dp_error, &error, &highest_usn, NULL); if (ret != EOK || dp_error != DP_ERR_OK || error != EOK) { goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Successful smart refresh of sudo rules\n")); /* set highest usn */ if (highest_usn != NULL) { sdap_sudo_set_usn(state->id_ctx->srv_opts, highest_usn); } done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static int sdap_sudo_smart_refresh_recv(struct tevent_req *req, int *dp_error, int *error) { struct sdap_sudo_smart_refresh_state *state = NULL; state = tevent_req_data(req, struct sdap_sudo_smart_refresh_state); TEVENT_REQ_RETURN_ON_ERROR(req); return sdap_sudo_refresh_recv(state, state->subreq, dp_error, error, NULL, NULL); } static void sdap_sudo_full_refresh_online_cb(void *pvt) { struct sdap_sudo_ctx *sudo_ctx = NULL; time_t timeout; int ret; sudo_ctx = talloc_get_type(pvt, struct sdap_sudo_ctx); /* remove online callback */ talloc_zfree(sudo_ctx->first_refresh_online_cb); /* schedule new first refresh only if this callback wasn't triggered * by ongoing full refresh */ if (sudo_ctx->full_refresh_in_progress) { return; } /* otherwise cancel the concurrent timer for full refresh */ talloc_zfree(sudo_ctx->first_refresh_timer); /* and fire full refresh immediately */ timeout = dp_opt_get_int(sudo_ctx->id_ctx->opts->basic, SDAP_SUDO_FULL_REFRESH_INTERVAL); if (timeout == 0) { /* runtime configuration change? */ DEBUG(SSSDBG_TRACE_FUNC, ("Periodical full refresh of sudo rules " "is disabled\n")); return; } ret = sdap_sudo_schedule_refresh(sudo_ctx, sudo_ctx, SDAP_SUDO_REFRESH_FULL, sdap_sudo_periodical_first_refresh_done, 0, timeout, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to schedule full refresh of sudo " "rules! Periodical updates will not work!\n")); } } static void sdap_sudo_periodical_first_refresh_done(struct tevent_req *req) { struct tevent_req *subreq = NULL; /* req from sdap_sudo_full_refresh_send() */ struct sdap_sudo_ctx *sudo_ctx = NULL; time_t delay; time_t timeout; int dp_error = DP_ERR_OK; int error = EOK; int ret; ret = sdap_sudo_timer_recv(req, req, &subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Sudo timer failed [%d]: %s\n", ret, strerror(ret))); goto schedule; } ret = sdap_sudo_full_refresh_recv(subreq, &dp_error, &error); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Periodical full refresh of sudo rules " "failed [%d]: %s)\n", ret, strerror(ret))); goto schedule; } if (dp_error != DP_ERR_OK || error != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Periodical full refresh of sudo rules " "failed [dp_error: %d] ([%d]: %s)\n", dp_error, error, strerror(error))); goto schedule; } schedule: sudo_ctx = tevent_req_callback_data(req, struct sdap_sudo_ctx); if (sudo_ctx->first_refresh_timer == req) { sudo_ctx->first_refresh_timer = NULL; } talloc_zfree(req); /* full refresh */ delay = dp_opt_get_int(sudo_ctx->id_ctx->opts->basic, SDAP_SUDO_FULL_REFRESH_INTERVAL); if (delay == 0) { /* runtime configuration change? */ DEBUG(SSSDBG_TRACE_FUNC, ("Periodical full refresh of sudo rules " "is disabled\n")); return; } /* if we are offline, we will try to perform another full refresh */ if (dp_error == DP_ERR_OFFLINE) { sudo_ctx->full_refresh_attempts++; timeout = delay; delay = sudo_ctx->full_refresh_attempts << 1; if (delay > SUDO_MAX_FIRST_REFRESH_DELAY) { delay = SUDO_MAX_FIRST_REFRESH_DELAY; } DEBUG(SSSDBG_TRACE_FUNC, ("Data provider is offline. " "Scheduling another full refresh in %ld minutes.\n", delay)); ret = sdap_sudo_schedule_refresh(sudo_ctx, sudo_ctx, SDAP_SUDO_REFRESH_FULL, sdap_sudo_periodical_first_refresh_done, delay * 60, timeout, &sudo_ctx->first_refresh_timer); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to schedule full refresh of sudo " "rules! Periodical updates will not work!\n")); } /* also setup online callback to make sure the refresh is fired as soon * as possible */ ret = be_add_online_cb(sudo_ctx->id_ctx->be, sudo_ctx->id_ctx->be, sdap_sudo_full_refresh_online_cb, sudo_ctx, &sudo_ctx->first_refresh_online_cb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set up online callback\n")); } return; } ret = sdap_sudo_schedule_full_refresh(sudo_ctx, delay); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Full periodical refresh will not work.\n")); } /* smart refresh */ delay = dp_opt_get_int(sudo_ctx->id_ctx->opts->basic, SDAP_SUDO_SMART_REFRESH_INTERVAL); if (delay == 0) { /* runtime configuration change? */ DEBUG(SSSDBG_TRACE_FUNC, ("Periodical smart refresh of sudo rules " "is disabled\n")); return; } ret = sdap_sudo_schedule_smart_refresh(sudo_ctx, delay); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Smart periodical refresh will not work.\n")); } } static void sdap_sudo_periodical_full_refresh_done(struct tevent_req *req) { struct tevent_req *subreq = NULL; /* req from sdap_sudo_full_refresh_send() */ struct sdap_sudo_ctx *sudo_ctx = NULL; time_t delay; int dp_error = DP_ERR_FATAL; int error = EFAULT; int ret; ret = sdap_sudo_timer_recv(req, req, &subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Sudo timer failed [%d]: %s\n", ret, strerror(ret))); goto schedule; } ret = sdap_sudo_full_refresh_recv(subreq, &dp_error, &error); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Periodical full refresh of sudo rules " "failed [%d]: %s)\n", ret, strerror(ret))); goto schedule; } if (dp_error != DP_ERR_OK || error != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Periodical full refresh of sudo rules " "failed [dp_error: %d] ([%d]: %s)\n", dp_error, error, strerror(error))); goto schedule; } schedule: sudo_ctx = tevent_req_callback_data(req, struct sdap_sudo_ctx); talloc_zfree(req); delay = dp_opt_get_int(sudo_ctx->id_ctx->opts->basic, SDAP_SUDO_FULL_REFRESH_INTERVAL); if (delay == 0) { /* runtime configuration change? */ DEBUG(SSSDBG_TRACE_FUNC, ("Periodical full refresh of sudo rules " "is disabled\n")); return; } ret = sdap_sudo_schedule_full_refresh(sudo_ctx, delay); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Full periodical refresh will not work.\n")); } } static void sdap_sudo_periodical_smart_refresh_done(struct tevent_req *req) { struct tevent_req *subreq = NULL; /* req from sdap_sudo_smart_refresh_send() */ struct sdap_sudo_ctx *sudo_ctx = NULL; time_t delay; int dp_error; int error; int ret; ret = sdap_sudo_timer_recv(req, req, &subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Sudo timer failed [%d]: %s\n", ret, strerror(ret))); goto schedule; } ret = sdap_sudo_smart_refresh_recv(subreq, &dp_error, &error); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Periodical smart refresh of sudo rules " "failed [%d]: %s\n", ret, strerror(ret))); } if (dp_error != DP_ERR_OK || error != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Periodical smart refresh of sudo rules " "failed [dp_error: %d] ([%d]: %s)\n", dp_error, error, strerror(error))); goto schedule; } schedule: sudo_ctx = tevent_req_callback_data(req, struct sdap_sudo_ctx); talloc_zfree(req); delay = dp_opt_get_int(sudo_ctx->id_ctx->opts->basic, SDAP_SUDO_SMART_REFRESH_INTERVAL); if (delay == 0) { /* runtime configuration change? */ DEBUG(SSSDBG_TRACE_FUNC, ("Periodical smart refresh of sudo rules " "is disabled\n")); return; } ret = sdap_sudo_schedule_smart_refresh(sudo_ctx, delay); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Smart periodical refresh will not work.\n")); } } static int sdap_sudo_schedule_refresh(TALLOC_CTX *mem_ctx, struct sdap_sudo_ctx *sudo_ctx, enum sdap_sudo_refresh_type refresh, tevent_req_fn callback, time_t delay, time_t timeout, struct tevent_req **_req) { struct tevent_req *req = NULL; sdap_sudo_timer_fn_t send_fn = NULL; const char *name = NULL; struct timeval when; when = tevent_timeval_current_ofs(delay, 0); switch (refresh) { case SDAP_SUDO_REFRESH_FULL: send_fn = sdap_sudo_full_refresh_send; name = "Full refresh"; break; case SDAP_SUDO_REFRESH_SMART: send_fn = sdap_sudo_smart_refresh_send; name = "Smart refresh"; break; case SDAP_SUDO_REFRESH_RULES: DEBUG(SSSDBG_OP_FAILURE, ("Rules refresh can't be scheduled!\n")); return EINVAL; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown refresh type [%d].\n", refresh)); return EINVAL; } req = sdap_sudo_timer_send(mem_ctx, sudo_ctx->id_ctx->be->ev, sudo_ctx, when, timeout, send_fn); if (req == NULL) { return ENOMEM; } tevent_req_set_callback(req, callback, sudo_ctx); DEBUG(SSSDBG_TRACE_FUNC, ("%s scheduled at: %lld\n", name, (long long)when.tv_sec)); if (_req != NULL) { *_req = req; } return EOK; } static int sdap_sudo_schedule_full_refresh(struct sdap_sudo_ctx *sudo_ctx, time_t delay) { int ret; ret = sdap_sudo_schedule_refresh(sudo_ctx, sudo_ctx, SDAP_SUDO_REFRESH_FULL, sdap_sudo_periodical_full_refresh_done, delay, delay, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to schedule full refresh of sudo " "rules!\n")); return ret; } return EOK; } static int sdap_sudo_schedule_smart_refresh(struct sdap_sudo_ctx *sudo_ctx, time_t delay) { int ret; ret = sdap_sudo_schedule_refresh(sudo_ctx, sudo_ctx, SDAP_SUDO_REFRESH_SMART, sdap_sudo_periodical_smart_refresh_done, delay, delay, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to schedule smart refresh of sudo " "rules!\n")); return ret; } return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async.c0000644000000000000000000000007312320753107021566 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.618874977 sssd-1.11.5/src/providers/ldap/sdap_async.c0000664002412700241270000023227612320753107022025 0ustar00jhrozekjhrozek00000000000000/* SSSD Async LDAP Helper routines Copyright (C) Simo Sorce - 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "util/strtonum.h" #include "providers/ldap/sdap_async_private.h" #define REALM_SEPARATOR '@' #define REPLY_REALLOC_INCREMENT 10 void make_realm_upper_case(const char *upn) { char *c; c = strchr(upn, REALM_SEPARATOR); if (c == NULL) { DEBUG(9, ("No realm delimiter found in upn [%s].\n", upn)); return; } while(*(++c) != '\0') { c[0] = toupper(*c); } return; } /* ==LDAP-Memory-Handling================================================= */ static int lmsg_destructor(void *mem) { ldap_msgfree((LDAPMessage *)mem); return 0; } static int sdap_msg_attach(TALLOC_CTX *memctx, LDAPMessage *msg) { void *h; if (!msg) return EINVAL; h = sss_mem_attach(memctx, msg, lmsg_destructor); if (!h) return ENOMEM; return EOK; } /* ==sdap-hanlde-utility-functions======================================== */ static inline void sdap_handle_release(struct sdap_handle *sh); static int sdap_handle_destructor(void *mem); struct sdap_handle *sdap_handle_create(TALLOC_CTX *memctx) { struct sdap_handle *sh; sh = talloc_zero(memctx, struct sdap_handle); if (!sh) return NULL; talloc_set_destructor((TALLOC_CTX *)sh, sdap_handle_destructor); return sh; } static int sdap_handle_destructor(void *mem) { struct sdap_handle *sh = talloc_get_type(mem, struct sdap_handle); /* if the structure is currently locked, then mark it to be released * and prevent talloc from freeing the memory */ if (sh->destructor_lock) { sh->release_memory = true; return -1; } sdap_handle_release(sh); return 0; } static void sdap_handle_release(struct sdap_handle *sh) { struct sdap_op *op; DEBUG(8, ("Trace: sh[%p], connected[%d], ops[%p], ldap[%p], " "destructor_lock[%d], release_memory[%d]\n", sh, (int)sh->connected, sh->ops, sh->ldap, (int)sh->destructor_lock, (int)sh->release_memory)); if (sh->destructor_lock) return; sh->destructor_lock = true; /* make sure nobody tries to reuse this connection from now on */ sh->connected = false; remove_ldap_connection_callbacks(sh); while (sh->ops) { op = sh->ops; op->callback(op, NULL, EIO, op->data); /* calling the callback may result in freeing the op */ /* check if it is still the same or avoid freeing */ if (op == sh->ops) talloc_free(op); } if (sh->ldap) { ldap_unbind_ext(sh->ldap, NULL, NULL); sh->ldap = NULL; } /* ok, we have done the job, unlock now */ sh->destructor_lock = false; /* finally if a destructor was ever called, free sh before * exiting */ if (sh->release_memory) { /* neutralize the destructor as we already handled * all was needed to be released */ talloc_set_destructor((TALLOC_CTX *)sh, NULL); talloc_free(sh); } } /* ==Parse-Results-And-Handle-Disconnections============================== */ static void sdap_process_message(struct tevent_context *ev, struct sdap_handle *sh, LDAPMessage *msg); static void sdap_process_result(struct tevent_context *ev, void *pvt); static void sdap_process_next_reply(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt); void sdap_ldap_result(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *pvt) { sdap_process_result(ev, pvt); } static void sdap_ldap_next_result(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { sdap_process_result(ev, pvt); } static void sdap_process_result(struct tevent_context *ev, void *pvt) { struct sdap_handle *sh = talloc_get_type(pvt, struct sdap_handle); struct timeval no_timeout = {0, 0}; struct tevent_timer *te; LDAPMessage *msg; int ret; DEBUG(8, ("Trace: sh[%p], connected[%d], ops[%p], ldap[%p]\n", sh, (int)sh->connected, sh->ops, sh->ldap)); if (!sh->connected || !sh->ldap) { DEBUG(2, ("ERROR: LDAP connection is not connected!\n")); sdap_handle_release(sh); return; } ret = ldap_result(sh->ldap, LDAP_RES_ANY, 0, &no_timeout, &msg); if (ret == 0) { /* this almost always means we have reached the end of * the list of received messages */ DEBUG(8, ("Trace: ldap_result found nothing!\n")); return; } if (ret == -1) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &ret); DEBUG(SSSDBG_OP_FAILURE, ("ldap_result error: [%s]\n", ldap_err2string(ret))); sdap_handle_release(sh); return; } /* We don't know if this will be the last result. * * important: we must do this before actually processing the message * because the message processing might even free the sdap_handler * so it must be the last operation. * FIXME: use tevent_immediate/tevent_queues, when avilable */ memset(&no_timeout, 0, sizeof(struct timeval)); te = tevent_add_timer(ev, sh, no_timeout, sdap_ldap_next_result, sh); if (!te) { DEBUG(1, ("Failed to add critical timer to fetch next result!\n")); } /* now process this message */ sdap_process_message(ev, sh, msg); } static const char *sdap_ldap_result_str(int msgtype) { switch (msgtype) { case LDAP_RES_BIND: return "LDAP_RES_BIND"; case LDAP_RES_SEARCH_ENTRY: return "LDAP_RES_SEARCH_ENTRY"; case LDAP_RES_SEARCH_REFERENCE: return "LDAP_RES_SEARCH_REFERENCE"; case LDAP_RES_SEARCH_RESULT: return "LDAP_RES_SEARCH_RESULT"; case LDAP_RES_MODIFY: return "LDAP_RES_MODIFY"; case LDAP_RES_ADD: return "LDAP_RES_ADD"; case LDAP_RES_DELETE: return "LDAP_RES_DELETE"; case LDAP_RES_MODDN: /* These are the same result case LDAP_RES_MODRDN: case LDAP_RES_RENAME: */ return "LDAP_RES_RENAME"; case LDAP_RES_COMPARE: return "LDAP_RES_COMPARE"; case LDAP_RES_EXTENDED: return "LDAP_RES_EXTENDED"; case LDAP_RES_INTERMEDIATE: return "LDAP_RES_INTERMEDIATE"; case LDAP_RES_ANY: return "LDAP_RES_ANY"; case LDAP_RES_UNSOLICITED: return "LDAP_RES_UNSOLICITED"; default: /* Unmatched, fall through */ break; } /* Unknown result type */ return "Unknown result type!"; } /* process a messgae calling the right operation callback. * msg is completely taken care of (including freeeing it) * NOTE: this function may even end up freeing the sdap_handle * so sdap_hanbdle must not be used after this function is called */ static void sdap_process_message(struct tevent_context *ev, struct sdap_handle *sh, LDAPMessage *msg) { struct sdap_msg *reply; struct sdap_op *op; int msgid; int msgtype; int ret; msgid = ldap_msgid(msg); if (msgid == -1) { DEBUG(2, ("can't fire callback, message id invalid!\n")); ldap_msgfree(msg); return; } msgtype = ldap_msgtype(msg); for (op = sh->ops; op; op = op->next) { if (op->msgid == msgid) break; } if (op == NULL) { DEBUG(2, ("Unmatched msgid, discarding message (type: %0x)\n", msgtype)); ldap_msgfree(msg); return; } /* shouldn't happen */ if (op->done) { DEBUG(2, ("Operation [%p] already handled (type: %0x)\n", op, msgtype)); ldap_msgfree(msg); return; } DEBUG(9, ("Message type: [%s]\n", sdap_ldap_result_str(msgtype))); switch (msgtype) { case LDAP_RES_SEARCH_ENTRY: /* go and process entry */ break; case LDAP_RES_SEARCH_REFERENCE: /* more ops to come with this msgid */ /* just ignore */ ldap_msgfree(msg); return; case LDAP_RES_BIND: case LDAP_RES_SEARCH_RESULT: case LDAP_RES_MODIFY: case LDAP_RES_ADD: case LDAP_RES_DELETE: case LDAP_RES_MODDN: case LDAP_RES_COMPARE: case LDAP_RES_EXTENDED: case LDAP_RES_INTERMEDIATE: /* no more results expected with this msgid */ op->done = true; break; default: /* unkwon msg type ?? */ DEBUG(1, ("Couldn't figure out the msg type! [%0x]\n", msgtype)); ldap_msgfree(msg); return; } reply = talloc_zero(op, struct sdap_msg); if (!reply) { ldap_msgfree(msg); ret = ENOMEM; } else { reply->msg = msg; ret = sdap_msg_attach(reply, msg); if (ret != EOK) { ldap_msgfree(msg); talloc_zfree(reply); } } if (op->list) { /* list exist, queue it */ op->last->next = reply; op->last = reply; } else { /* create list, then call callback */ op->list = op->last = reply; /* must be the last operation as it may end up freeing all memory * including all ops handlers */ op->callback(op, reply, ret, op->data); } } static void sdap_unlock_next_reply(struct sdap_op *op) { struct timeval tv; struct tevent_timer *te; struct sdap_msg *next_reply; if (op->list) { next_reply = op->list->next; /* get rid of the previous reply, it has been processed already */ talloc_zfree(op->list); op->list = next_reply; } /* if there are still replies to parse, queue a new operation */ if (op->list) { /* use a very small timeout, so that fd operations have a chance to be * served while processing a long reply */ tv = tevent_timeval_current(); /* wait 5 microsecond */ tv.tv_usec += 5; tv.tv_sec += tv.tv_usec / 1000000; tv.tv_usec = tv.tv_usec % 1000000; te = tevent_add_timer(op->ev, op, tv, sdap_process_next_reply, op); if (!te) { DEBUG(1, ("Failed to add critical timer for next reply!\n")); op->callback(op, NULL, EFAULT, op->data); } } } static void sdap_process_next_reply(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { struct sdap_op *op = talloc_get_type(pvt, struct sdap_op); op->callback(op, op->list, EOK, op->data); } /* ==LDAP-Operations-Helpers============================================== */ static int sdap_op_destructor(void *mem) { struct sdap_op *op = (struct sdap_op *)mem; DLIST_REMOVE(op->sh->ops, op); if (op->done) return 0; /* we don't check the result here, if a message was really abandoned, * hopefully the server will get an abandon. * If the operation was already fully completed, this is going to be * just a noop */ ldap_abandon_ext(op->sh->ldap, op->msgid, NULL, NULL); return 0; } static void sdap_op_timeout(struct tevent_req *req) { struct sdap_op *op = tevent_req_callback_data(req, struct sdap_op); /* should never happen, but just in case */ if (op->done) { DEBUG(2, ("Timeout happened after op was finished !?\n")); return; } /* signal the caller that we have a timeout */ op->callback(op, NULL, ETIMEDOUT, op->data); } int sdap_op_add(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_handle *sh, int msgid, sdap_op_callback_t *callback, void *data, int timeout, struct sdap_op **_op) { struct sdap_op *op; op = talloc_zero(memctx, struct sdap_op); if (!op) return ENOMEM; op->sh = sh; op->msgid = msgid; op->callback = callback; op->data = data; op->ev = ev; /* check if we need to set a timeout */ if (timeout) { struct tevent_req *req; struct timeval tv; tv = tevent_timeval_current(); tv = tevent_timeval_add(&tv, timeout, 0); /* allocate on op, so when it get freed the timeout is removed */ req = tevent_wakeup_send(op, ev, tv); if (!req) { talloc_zfree(op); return ENOMEM; } tevent_req_set_callback(req, sdap_op_timeout, op); } DLIST_ADD(sh->ops, op); talloc_set_destructor((TALLOC_CTX *)op, sdap_op_destructor); *_op = op; return EOK; } /* ==Modify-Password====================================================== */ struct sdap_exop_modify_passwd_state { struct sdap_handle *sh; struct sdap_op *op; char *user_error_message; }; static void sdap_exop_modify_passwd_done(struct sdap_op *op, struct sdap_msg *reply, int error, void *pvt); struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_handle *sh, char *user_dn, const char *password, const char *new_password) { struct tevent_req *req = NULL; struct sdap_exop_modify_passwd_state *state; int ret; BerElement *ber = NULL; struct berval *bv = NULL; int msgid; LDAPControl **request_controls = NULL; LDAPControl *ctrls[2] = { NULL, NULL }; req = tevent_req_create(memctx, &state, struct sdap_exop_modify_passwd_state); if (!req) return NULL; state->sh = sh; state->user_error_message = NULL; ber = ber_alloc_t( LBER_USE_DER ); if (ber == NULL) { DEBUG(7, ("ber_alloc_t failed.\n")); talloc_zfree(req); return NULL; } ret = ber_printf( ber, "{tststs}", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, user_dn, LDAP_TAG_EXOP_MODIFY_PASSWD_OLD, password, LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, new_password); if (ret == -1) { DEBUG(1, ("ber_printf failed.\n")); ber_free(ber, 1); talloc_zfree(req); return NULL; } ret = ber_flatten(ber, &bv); ber_free(ber, 1); if (ret == -1) { DEBUG(1, ("ber_flatten failed.\n")); talloc_zfree(req); return NULL; } ret = sdap_control_create(state->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST, 0, NULL, 0, &ctrls[0]); if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { DEBUG(1, ("sdap_control_create failed to create " "Password Policy control.\n")); ret = ERR_INTERNAL; goto fail; } request_controls = ctrls; DEBUG(4, ("Executing extended operation\n")); ret = ldap_extended_operation(state->sh->ldap, LDAP_EXOP_MODIFY_PASSWD, bv, request_controls, NULL, &msgid); ber_bvfree(bv); if (ctrls[0]) ldap_control_free(ctrls[0]); if (ret == -1 || msgid == -1) { DEBUG(1, ("ldap_extended_operation failed\n")); ret = ERR_NETWORK_IO; goto fail; } DEBUG(8, ("ldap_extended_operation sent, msgid = %d\n", msgid)); /* FIXME: get timeouts from configuration, for now 5 secs. */ ret = sdap_op_add(state, ev, state->sh, msgid, sdap_exop_modify_passwd_done, req, 5, &state->op); if (ret) { DEBUG(1, ("Failed to set up operation!\n")); ret = ERR_INTERNAL; goto fail; } return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void sdap_exop_modify_passwd_done(struct sdap_op *op, struct sdap_msg *reply, int error, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct sdap_exop_modify_passwd_state *state = tevent_req_data(req, struct sdap_exop_modify_passwd_state); char *errmsg = NULL; int ret; LDAPControl **response_controls = NULL; int c; ber_int_t pp_grace; ber_int_t pp_expire; LDAPPasswordPolicyError pp_error; int result; if (error) { tevent_req_error(req, error); return; } ret = ldap_parse_result(state->sh->ldap, reply->msg, &result, NULL, &errmsg, NULL, &response_controls, 0); if (ret != LDAP_SUCCESS) { DEBUG(2, ("ldap_parse_result failed (%d)\n", state->op->msgid)); ret = ERR_INTERNAL; goto done; } if (response_controls == NULL) { DEBUG(5, ("Server returned no controls.\n")); } else { for (c = 0; response_controls[c] != NULL; c++) { DEBUG(9, ("Server returned control [%s].\n", response_controls[c]->ldctl_oid)); if (strcmp(response_controls[c]->ldctl_oid, LDAP_CONTROL_PASSWORDPOLICYRESPONSE) == 0) { ret = ldap_parse_passwordpolicy_control(state->sh->ldap, response_controls[c], &pp_expire, &pp_grace, &pp_error); if (ret != LDAP_SUCCESS) { DEBUG(1, ("ldap_parse_passwordpolicy_control failed.\n")); ret = ERR_NETWORK_IO; goto done; } DEBUG(7, ("Password Policy Response: expire [%d] grace [%d] " "error [%s].\n", pp_expire, pp_grace, ldap_passwordpolicy_err2txt(pp_error))); } } } DEBUG(3, ("ldap_extended_operation result: %s(%d), %s\n", sss_ldap_err2string(result), result, errmsg)); switch (result) { case LDAP_SUCCESS: ret = EOK; break; case LDAP_CONSTRAINT_VIOLATION: state->user_error_message = talloc_strdup(state, "Please make sure the password meets the complexity constraints."); if (state->user_error_message == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed\n")); ret = ENOMEM; goto done; } ret = ERR_CHPASS_DENIED; break; default: if (errmsg) { state->user_error_message = talloc_strdup(state, errmsg); if (state->user_error_message == NULL) { DEBUG(1, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } } ret = ERR_NETWORK_IO; break; } done: ldap_controls_free(response_controls); ldap_memfree(errmsg); if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } errno_t sdap_exop_modify_passwd_recv(struct tevent_req *req, TALLOC_CTX * mem_ctx, char **user_error_message) { struct sdap_exop_modify_passwd_state *state = tevent_req_data(req, struct sdap_exop_modify_passwd_state); *user_error_message = talloc_steal(mem_ctx, state->user_error_message); TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==Update-passwordLastChanged-attribute====================== */ struct update_last_changed_state { struct tevent_context *ev; struct sdap_handle *sh; struct sdap_op *op; const char *dn; LDAPMod **mods; }; static void sdap_modify_shadow_lastchange_done(struct sdap_op *op, struct sdap_msg *reply, int error, void *pvt); struct tevent_req * sdap_modify_shadow_lastchange_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_handle *sh, const char *dn, char *lastchanged_name) { struct tevent_req *req; struct update_last_changed_state *state; char **values; errno_t ret; int msgid; req = tevent_req_create(mem_ctx, &state, struct update_last_changed_state); if (req == NULL) { return NULL; } state->ev = ev; state->sh = sh; state->dn = dn; state->mods = talloc_zero_array(state, LDAPMod *, 2); if (state->mods == NULL) { ret = ENOMEM; goto done; } state->mods[0] = talloc_zero(state->mods, LDAPMod); state->mods[1] = talloc_zero(state->mods, LDAPMod); if (!state->mods[0] || !state->mods[1]) { ret = ENOMEM; goto done; } values = talloc_zero_array(state->mods[0], char *, 2); if (values == NULL) { ret = ENOMEM; goto done; } /* The attribute contains number of days since the epoch */ values[0] = talloc_asprintf(values, "%ld", (long)time(NULL)/86400); if (values[0] == NULL) { ret = ENOMEM; goto done; } state->mods[0]->mod_op = LDAP_MOD_REPLACE; state->mods[0]->mod_type = lastchanged_name; state->mods[0]->mod_vals.modv_strvals = values; state->mods[1] = NULL; ret = ldap_modify_ext(state->sh->ldap, state->dn, state->mods, NULL, NULL, &msgid); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to send operation!\n")); goto done; } ret = sdap_op_add(state, state->ev, state->sh, msgid, sdap_modify_shadow_lastchange_done, req, 5, &state->op); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to set up operation!\n")); goto done; } done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static void sdap_modify_shadow_lastchange_done(struct sdap_op *op, struct sdap_msg *reply, int error, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct update_last_changed_state *state; state = tevent_req_data(req, struct update_last_changed_state); char *errmsg; int result; errno_t ret = EOK; int lret; if (error) { tevent_req_error(req, error); return; } lret = ldap_parse_result(state->sh->ldap, reply->msg, &result, NULL, &errmsg, NULL, NULL, 0); if (lret != LDAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("ldap_parse_result failed (%d)\n", state->op->msgid)); ret = EIO; goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Updating lastPwdChange result: %s(%d), %s\n", sss_ldap_err2string(result), result, errmsg)); done: ldap_memfree(errmsg); if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } errno_t sdap_modify_shadow_lastchange_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==Fetch-RootDSE============================================= */ struct sdap_get_rootdse_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; struct sysdb_attrs *rootdse; }; static void sdap_get_rootdse_done(struct tevent_req *subreq); static void sdap_get_matching_rule_done(struct tevent_req *subreq); struct tevent_req *sdap_get_rootdse_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh) { struct tevent_req *req, *subreq; struct sdap_get_rootdse_state *state; const char *attrs[] = { "*", "altServer", SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS, "supportedControl", "supportedExtension", "supportedFeatures", "supportedLDAPVersion", "supportedSASLMechanisms", SDAP_ROOTDSE_ATTR_AD_VERSION, SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT, SDAP_IPA_LAST_USN, SDAP_AD_LAST_USN, NULL }; DEBUG(9, ("Getting rootdse\n")); req = tevent_req_create(memctx, &state, struct sdap_get_rootdse_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->sh = sh; state->rootdse = NULL; subreq = sdap_get_generic_send(state, ev, opts, sh, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, NULL, 0, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (!subreq) { talloc_zfree(req); return NULL; } tevent_req_set_callback(subreq, sdap_get_rootdse_done, req); return req; } /* This is not a real attribute, it's just there to avoid * actually pulling real data down, to save bandwidth */ #define SDAP_MATCHING_RULE_TEST_ATTR "sssmatchingruletest" static void sdap_get_rootdse_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_rootdse_state *state = tevent_req_data(req, struct sdap_get_rootdse_state); struct sysdb_attrs **results; size_t num_results; int ret; const char *filter; const char *attrs[] = { SDAP_MATCHING_RULE_TEST_ATTR, NULL }; ret = sdap_get_generic_recv(subreq, state, &num_results, &results); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } if (num_results == 0 || !results) { DEBUG(2, ("RootDSE could not be retrieved. " "Please check that anonymous access to RootDSE is allowed\n" )); tevent_req_error(req, ENOENT); return; } if (num_results > 1) { DEBUG(2, ("Multiple replies when searching for RootDSE ??\n")); tevent_req_error(req, EIO); return; } state->rootdse = talloc_steal(state, results[0]); talloc_zfree(results); DEBUG(SSSDBG_TRACE_INTERNAL, ("Got rootdse\n")); /* Auto-detect the ldap matching rule if requested */ if ((!dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_INITGROUPS)) && !dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_GROUPS)) { /* This feature is disabled for both groups * and initgroups. Skip the auto-detection * lookup. */ DEBUG(SSSDBG_TRACE_INTERNAL, ("Skipping auto-detection of match rule\n")); tevent_req_done(req); return; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Auto-detecting support for match rule\n")); /* Create a filter using the matching rule. It need not point * at any valid data. We're only going to be looking for the * error code. */ filter = "("SDAP_MATCHING_RULE_TEST_ATTR":" SDAP_MATCHING_RULE_IN_CHAIN":=)"; /* Perform a trivial query with the matching rule in play. * If it returns success, we know it is available. If it * returns EIO, we know it isn't. */ subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, "", LDAP_SCOPE_BASE, filter, attrs, NULL, 0, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_get_matching_rule_done, req); } static void sdap_get_matching_rule_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_rootdse_state *state = tevent_req_data(req, struct sdap_get_rootdse_state); size_t num_results; struct sysdb_attrs **results; ret = sdap_get_generic_recv(subreq, state, &num_results, &results); talloc_zfree(subreq); if (ret == EOK) { /* The search succeeded */ state->opts->support_matching_rule = true; } else if (ret == EIO) { /* The search failed. Disable support for * matching rule lookups. */ state->opts->support_matching_rule = false; } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Unexpected error while testing for matching rule support\n")); tevent_req_error(req, ret); return; } DEBUG(SSSDBG_CONF_SETTINGS, ("LDAP server %s the matching rule extension\n", state->opts->support_matching_rule ? "supports" : "does not support")); tevent_req_done(req); } int sdap_get_rootdse_recv(struct tevent_req *req, TALLOC_CTX *memctx, struct sysdb_attrs **rootdse) { struct sdap_get_rootdse_state *state = tevent_req_data(req, struct sdap_get_rootdse_state); TEVENT_REQ_RETURN_ON_ERROR(req); *rootdse = talloc_steal(memctx, state->rootdse); return EOK; } /* ==Helpers for parsing replies============================== */ struct sdap_reply { size_t reply_max; size_t reply_count; struct sysdb_attrs **reply; }; static errno_t add_to_reply(TALLOC_CTX *mem_ctx, struct sdap_reply *sreply, struct sysdb_attrs *msg) { if (sreply->reply == NULL || sreply->reply_max == sreply->reply_count) { sreply->reply_max += REPLY_REALLOC_INCREMENT; sreply->reply = talloc_realloc(mem_ctx, sreply->reply, struct sysdb_attrs *, sreply->reply_max); if (sreply->reply == NULL) { DEBUG(1, ("talloc_realloc failed.\n")); return ENOMEM; } } sreply->reply[sreply->reply_count++] = talloc_steal(sreply->reply, msg); return EOK; } struct sdap_deref_reply { size_t reply_max; size_t reply_count; struct sdap_deref_attrs **reply; }; static errno_t add_to_deref_reply(TALLOC_CTX *mem_ctx, int num_maps, struct sdap_deref_reply *dreply, struct sdap_deref_attrs **res) { int i; for (i=0; i < num_maps; i++) { if (res[i]->attrs == NULL) continue; /* Nothing in this map */ if (dreply->reply == NULL || dreply->reply_max == dreply->reply_count) { dreply->reply_max += REPLY_REALLOC_INCREMENT; dreply->reply = talloc_realloc(mem_ctx, dreply->reply, struct sdap_deref_attrs *, dreply->reply_max); if (dreply->reply == NULL) { DEBUG(1, ("talloc_realloc failed.\n")); return ENOMEM; } } dreply->reply[dreply->reply_count++] = talloc_steal(dreply->reply, res[i]); } return EOK; } /* ==Generic Search exposing all options======================= */ typedef errno_t (*sdap_parse_cb)(struct sdap_handle *sh, struct sdap_msg *msg, void *pvt); struct sdap_get_generic_ext_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; const char *search_base; int scope; const char *filter; const char **attrs; int timeout; int attrsonly; int sizelimit; struct sdap_op *op; struct berval cookie; LDAPControl **serverctrls; int nserverctrls; LDAPControl **clientctrls; sdap_parse_cb parse_cb; void *cb_data; bool allow_paging; }; static errno_t sdap_get_generic_ext_step(struct tevent_req *req); static void sdap_get_generic_ext_done(struct sdap_op *op, struct sdap_msg *reply, int error, void *pvt); static struct tevent_req * sdap_get_generic_ext_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, const char *search_base, int scope, const char *filter, const char **attrs, int attrsonly, LDAPControl **serverctrls, LDAPControl **clientctrls, int sizelimit, int timeout, bool allow_paging, sdap_parse_cb parse_cb, void *cb_data) { errno_t ret; struct sdap_get_generic_ext_state *state; struct tevent_req *req; int i; LDAPControl *control; req = tevent_req_create(memctx, &state, struct sdap_get_generic_ext_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->sh = sh; state->search_base = search_base; state->scope = scope; state->filter = filter; state->attrs = attrs; state->attrsonly = attrsonly; state->op = NULL; state->sizelimit = sizelimit; state->timeout = timeout; state->cookie.bv_len = 0; state->cookie.bv_val = NULL; state->parse_cb = parse_cb; state->cb_data = cb_data; state->clientctrls = clientctrls; if (state->sh == NULL || state->sh->ldap == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Trying LDAP search while not connected.\n")); tevent_req_error(req, EIO); tevent_req_post(req, ev); return req; } /* Be extra careful and never allow paging for BASE searches, * even if requested. */ if (scope == LDAP_SCOPE_BASE) { state->allow_paging = false; } else { state->allow_paging = allow_paging; } /* Also check for deref/asq requests and force * paging on for those requests */ /* X-DEREF */ control = ldap_control_find(LDAP_CONTROL_X_DEREF, serverctrls, NULL); if (control) { state->allow_paging = true; } /* ASQ */ control = ldap_control_find(LDAP_SERVER_ASQ_OID, serverctrls, NULL); if (control) { state->allow_paging = true; } for (state->nserverctrls=0; serverctrls && serverctrls[state->nserverctrls]; state->nserverctrls++) ; /* One extra space for NULL, one for page control */ state->serverctrls = talloc_array(state, LDAPControl *, state->nserverctrls+2); if (!state->serverctrls) { tevent_req_error(req, ENOMEM); tevent_req_post(req, ev); return req; } for (i=0; i < state->nserverctrls; i++) { state->serverctrls[i] = serverctrls[i]; } state->serverctrls[i] = NULL; ret = sdap_get_generic_ext_step(req); if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } return req; } static errno_t sdap_get_generic_ext_step(struct tevent_req *req) { struct sdap_get_generic_ext_state *state = tevent_req_data(req, struct sdap_get_generic_ext_state); char *errmsg; int lret; int optret; errno_t ret; int msgid; bool disable_paging; LDAPControl *page_control = NULL; /* Make sure to free any previous operations so * if we are handling a large number of pages we * don't waste memory. */ talloc_zfree(state->op); DEBUG(SSSDBG_TRACE_FUNC, ("calling ldap_search_ext with [%s][%s].\n", state->filter ? state->filter : "no filter", state->search_base)); if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) { int i; if (state->attrs) { for (i = 0; state->attrs[i]; i++) { DEBUG(7, ("Requesting attrs: [%s]\n", state->attrs[i])); } } } disable_paging = dp_opt_get_bool(state->opts->basic, SDAP_DISABLE_PAGING); if (!disable_paging && state->allow_paging && sdap_is_control_supported(state->sh, LDAP_CONTROL_PAGEDRESULTS)) { lret = ldap_create_page_control(state->sh->ldap, state->sh->page_size, state->cookie.bv_val ? &state->cookie : NULL, false, &page_control); if (lret != LDAP_SUCCESS) { ret = EIO; goto done; } state->serverctrls[state->nserverctrls] = page_control; state->serverctrls[state->nserverctrls+1] = NULL; } lret = ldap_search_ext(state->sh->ldap, state->search_base, state->scope, state->filter, discard_const(state->attrs), state->attrsonly, state->serverctrls, state->clientctrls, NULL, state->sizelimit, &msgid); ldap_control_free(page_control); state->serverctrls[state->nserverctrls] = NULL; if (lret != LDAP_SUCCESS) { DEBUG(3, ("ldap_search_ext failed: %s\n", sss_ldap_err2string(lret))); if (lret == LDAP_SERVER_DOWN) { ret = ETIMEDOUT; optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &errmsg); if (optret == LDAP_SUCCESS) { DEBUG(3, ("Connection error: %s\n", errmsg)); sss_log(SSS_LOG_ERR, "LDAP connection error: %s", errmsg); } else { sss_log(SSS_LOG_ERR, "LDAP connection error, %s", sss_ldap_err2string(lret)); } } else if (lret == LDAP_FILTER_ERROR) { ret = ERR_INVALID_FILTER; } else { ret = EIO; } goto done; } DEBUG(8, ("ldap_search_ext called, msgid = %d\n", msgid)); ret = sdap_op_add(state, state->ev, state->sh, msgid, sdap_get_generic_ext_done, req, state->timeout, &state->op); if (ret != EOK) { DEBUG(1, ("Failed to set up operation!\n")); goto done; } done: return ret; } static void sdap_get_generic_ext_done(struct sdap_op *op, struct sdap_msg *reply, int error, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct sdap_get_generic_ext_state *state = tevent_req_data(req, struct sdap_get_generic_ext_state); char *errmsg = NULL; int result; int ret; int lret; ber_int_t total_count; struct berval cookie; LDAPControl **returned_controls = NULL; LDAPControl *page_control; if (error) { tevent_req_error(req, error); return; } switch (ldap_msgtype(reply->msg)) { case LDAP_RES_SEARCH_REFERENCE: /* ignore references for now */ talloc_free(reply); /* unlock the operation so that we can proceed with the next result */ sdap_unlock_next_reply(state->op); break; case LDAP_RES_SEARCH_ENTRY: ret = state->parse_cb(state->sh, reply, state->cb_data); if (ret != EOK) { DEBUG(1, ("reply parsing callback failed.\n")); tevent_req_error(req, ret); return; } sdap_unlock_next_reply(state->op); break; case LDAP_RES_SEARCH_RESULT: ret = ldap_parse_result(state->sh->ldap, reply->msg, &result, NULL, &errmsg, NULL, &returned_controls, 0); if (ret != LDAP_SUCCESS) { DEBUG(2, ("ldap_parse_result failed (%d)\n", state->op->msgid)); tevent_req_error(req, EIO); return; } DEBUG(6, ("Search result: %s(%d), %s\n", sss_ldap_err2string(result), result, errmsg ? errmsg : "no errmsg set")); if (result == LDAP_SIZELIMIT_EXCEEDED) { /* Try to return what we've got */ DEBUG(SSSDBG_MINOR_FAILURE, ("LDAP sizelimit was exceeded, returning incomplete data\n")); } else if (result == LDAP_INAPPROPRIATE_MATCHING) { /* This error should only occur when we're testing for * specialized functionality like the ldap matching rule * filter for Active Directory. Warn at a higher log * level and return EIO. */ DEBUG(SSSDBG_TRACE_INTERNAL, ("LDAP_INAPPROPRIATE_MATCHING: %s\n", errmsg ? errmsg : "no errmsg set")); ldap_memfree(errmsg); tevent_req_error(req, EIO); return; } else if (result == LDAP_UNAVAILABLE_CRITICAL_EXTENSION) { ldap_memfree(errmsg); tevent_req_error(req, ENOTSUP); return; } else if (result != LDAP_SUCCESS && result != LDAP_NO_SUCH_OBJECT) { DEBUG(SSSDBG_OP_FAILURE, ("Unexpected result from ldap: %s(%d), %s\n", sss_ldap_err2string(result), result, errmsg ? errmsg : "no errmsg set")); ldap_memfree(errmsg); tevent_req_error(req, EIO); return; } ldap_memfree(errmsg); /* Determine if there are more pages to retrieve */ page_control = ldap_control_find(LDAP_CONTROL_PAGEDRESULTS, returned_controls, NULL ); if (!page_control) { /* No paging support. We are done */ tevent_req_done(req); return; } lret = ldap_parse_pageresponse_control(state->sh->ldap, page_control, &total_count, &cookie); ldap_controls_free(returned_controls); if (lret != LDAP_SUCCESS) { DEBUG(1, ("Could not determine page control")); tevent_req_error(req, EIO); return; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Total count [%d]\n", total_count)); if (cookie.bv_val != NULL && cookie.bv_len > 0) { /* Cookie contains data, which means there are more requests * to be processed. */ talloc_zfree(state->cookie.bv_val); state->cookie.bv_len = cookie.bv_len; state->cookie.bv_val = talloc_memdup(state, cookie.bv_val, cookie.bv_len); if (!state->cookie.bv_val) { tevent_req_error(req, ENOMEM); return; } ber_memfree(cookie.bv_val); ret = sdap_get_generic_ext_step(req); if (ret != EOK) { tevent_req_error(req, ENOMEM); return; } return; } /* The cookie must be freed even if len == 0 */ ber_memfree(cookie.bv_val); /* This was the last page. We're done */ tevent_req_done(req); return; default: /* what is going on here !? */ tevent_req_error(req, EIO); return; } } static int sdap_get_generic_ext_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==Generic Search============================================ */ struct sdap_get_generic_state { struct sdap_attr_map *map; int map_num_attrs; struct sdap_reply sreply; struct sdap_options *opts; }; static void sdap_get_generic_done(struct tevent_req *subreq); static errno_t sdap_get_generic_parse_entry(struct sdap_handle *sh, struct sdap_msg *msg, void *pvt); struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, const char *search_base, int scope, const char *filter, const char **attrs, struct sdap_attr_map *map, int map_num_attrs, int timeout, bool allow_paging) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_get_generic_state *state = NULL; req = tevent_req_create(memctx, &state, struct sdap_get_generic_state); if (!req) return NULL; state->map = map; state->map_num_attrs = map_num_attrs; state->opts = opts; subreq = sdap_get_generic_ext_send(state, ev, opts, sh, search_base, scope, filter, attrs, false, NULL, NULL, 0, timeout, allow_paging, sdap_get_generic_parse_entry, state); if (!subreq) { talloc_zfree(req); return NULL; } tevent_req_set_callback(subreq, sdap_get_generic_done, req); return req; } static errno_t sdap_get_generic_parse_entry(struct sdap_handle *sh, struct sdap_msg *msg, void *pvt) { errno_t ret; struct sysdb_attrs *attrs; struct sdap_get_generic_state *state = talloc_get_type(pvt, struct sdap_get_generic_state); bool disable_range_rtrvl = dp_opt_get_bool(state->opts->basic, SDAP_DISABLE_RANGE_RETRIEVAL); ret = sdap_parse_entry(state, sh, msg, state->map, state->map_num_attrs, &attrs, NULL, disable_range_rtrvl); if (ret != EOK) { DEBUG(3, ("sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret))); return ret; } ret = add_to_reply(state, &state->sreply, attrs); if (ret != EOK) { talloc_free(attrs); DEBUG(1, ("add_to_reply failed.\n")); return ret; } /* add_to_reply steals attrs, no need to free them here */ return EOK; } static void sdap_get_generic_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); int ret; ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret) { DEBUG(4, ("sdap_get_generic_ext_recv failed [%d]: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); return; } tevent_req_done(req); } int sdap_get_generic_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *reply_count, struct sysdb_attrs ***reply) { struct sdap_get_generic_state *state = tevent_req_data(req, struct sdap_get_generic_state); TEVENT_REQ_RETURN_ON_ERROR(req); *reply_count = state->sreply.reply_count; *reply = talloc_steal(mem_ctx, state->sreply.reply); return EOK; } /* ==OpenLDAP deref search============================================== */ static int sdap_x_deref_create_control(struct sdap_handle *sh, const char *deref_attr, const char **attrs, LDAPControl **ctrl); static void sdap_x_deref_search_done(struct tevent_req *subreq); static int sdap_x_deref_search_ctrls_destructor(void *ptr); static errno_t sdap_x_deref_parse_entry(struct sdap_handle *sh, struct sdap_msg *msg, void *pvt); struct sdap_x_deref_search_state { struct sdap_handle *sh; struct sdap_op *op; struct sdap_attr_map_info *maps; LDAPControl **ctrls; struct sdap_deref_reply dreply; int num_maps; }; static struct tevent_req * sdap_x_deref_search_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, const char *base_dn, const char *deref_attr, const char **attrs, struct sdap_attr_map_info *maps, int num_maps, int timeout) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_x_deref_search_state *state; int ret; req = tevent_req_create(memctx, &state, struct sdap_x_deref_search_state); if (!req) return NULL; state->sh = sh; state->maps = maps; state->op = NULL; state->num_maps = num_maps; state->ctrls = talloc_zero_array(state, LDAPControl *, 2); if (state->ctrls == NULL) { talloc_zfree(req); return NULL; } talloc_set_destructor((TALLOC_CTX *) state->ctrls, sdap_x_deref_search_ctrls_destructor); ret = sdap_x_deref_create_control(sh, deref_attr, attrs, &state->ctrls[0]); if (ret != EOK) { DEBUG(1, ("Could not create OpenLDAP deref control\n")); talloc_zfree(req); return NULL; } DEBUG(6, ("Dereferencing entry [%s] using OpenLDAP deref\n", base_dn)); subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn, LDAP_SCOPE_BASE, NULL, attrs, false, state->ctrls, NULL, 0, timeout, true, sdap_x_deref_parse_entry, state); if (!subreq) { talloc_zfree(req); return NULL; } tevent_req_set_callback(subreq, sdap_x_deref_search_done, req); return req; } static int sdap_x_deref_create_control(struct sdap_handle *sh, const char *deref_attr, const char **attrs, LDAPControl **ctrl) { struct berval derefval; int ret; struct LDAPDerefSpec ds[2]; ds[0].derefAttr = discard_const(deref_attr); ds[0].attributes = discard_const(attrs); ds[1].derefAttr = NULL; /* sentinel */ ret = ldap_create_deref_control_value(sh->ldap, ds, &derefval); if (ret != LDAP_SUCCESS) { DEBUG(1, ("sss_ldap_control_create failed: %s\n", ldap_err2string(ret))); return ret; } ret = sdap_control_create(sh, LDAP_CONTROL_X_DEREF, 1, &derefval, 1, ctrl); ldap_memfree(derefval.bv_val); if (ret != EOK) { DEBUG(1, ("sss_ldap_control_create failed\n")); return ret; } return EOK; } static errno_t sdap_x_deref_parse_entry(struct sdap_handle *sh, struct sdap_msg *msg, void *pvt) { errno_t ret; LDAPControl **ctrls = NULL; LDAPControl *derefctrl = NULL; LDAPDerefRes *deref_res = NULL; LDAPDerefRes *dref; struct sdap_deref_attrs **res; TALLOC_CTX *tmp_ctx; struct sdap_x_deref_search_state *state = talloc_get_type(pvt, struct sdap_x_deref_search_state); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; ret = ldap_get_entry_controls(state->sh->ldap, msg->msg, &ctrls); if (ret != LDAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("ldap_parse_result failed\n")); goto done; } if (!ctrls) { DEBUG(SSSDBG_MINOR_FAILURE, ("No controls found for entry\n")); ret = ENOENT; goto done; } res = NULL; derefctrl = ldap_control_find(LDAP_CONTROL_X_DEREF, ctrls, NULL); if (!derefctrl) { DEBUG(SSSDBG_FUNC_DATA, ("No deref controls found\n")); ret = EOK; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Got deref control\n")); ret = ldap_parse_derefresponse_control(state->sh->ldap, derefctrl, &deref_res); if (ret != LDAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("ldap_parse_derefresponse_control failed: %s\n", ldap_err2string(ret))); goto done; } for (dref = deref_res; dref; dref=dref->next) { ret = sdap_parse_deref(tmp_ctx, state->maps, state->num_maps, dref, &res); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_parse_deref failed [%d]: %s\n", ret, strerror(ret))); goto done; } ret = add_to_deref_reply(state, state->num_maps, &state->dreply, res); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("add_to_deref_reply failed.\n")); goto done; } } DEBUG(SSSDBG_TRACE_FUNC, ("All deref results from a single control parsed\n")); ldap_derefresponse_free(deref_res); deref_res = NULL; ret = EOK; done: talloc_zfree(tmp_ctx); ldap_controls_free(ctrls); ldap_derefresponse_free(deref_res); return ret; } static void sdap_x_deref_search_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); int ret; ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret) { DEBUG(4, ("sdap_get_generic_ext_recv failed [%d]: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); return; } tevent_req_done(req); } static int sdap_x_deref_search_ctrls_destructor(void *ptr) { LDAPControl **ctrls = talloc_get_type(ptr, LDAPControl *);; if (ctrls && ctrls[0]) { ldap_control_free(ctrls[0]); } return 0; } static int sdap_x_deref_search_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *reply_count, struct sdap_deref_attrs ***reply) { struct sdap_x_deref_search_state *state = tevent_req_data(req, struct sdap_x_deref_search_state); TEVENT_REQ_RETURN_ON_ERROR(req); *reply_count = state->dreply.reply_count; *reply = talloc_steal(mem_ctx, state->dreply.reply); return EOK; } /* ==Attribute scoped search============================================ */ struct sdap_asq_search_state { struct sdap_attr_map_info *maps; int num_maps; LDAPControl **ctrls; struct sdap_options *opts; struct sdap_deref_reply dreply; }; static int sdap_asq_search_create_control(struct sdap_handle *sh, const char *attr, LDAPControl **ctrl); static int sdap_asq_search_ctrls_destructor(void *ptr); static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh, struct sdap_msg *msg, void *pvt); static void sdap_asq_search_done(struct tevent_req *subreq); static struct tevent_req * sdap_asq_search_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, const char *base_dn, const char *deref_attr, const char **attrs, struct sdap_attr_map_info *maps, int num_maps, int timeout) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_asq_search_state *state; int ret; req = tevent_req_create(memctx, &state, struct sdap_asq_search_state); if (!req) return NULL; state->maps = maps; state->num_maps = num_maps; state->ctrls = talloc_zero_array(state, LDAPControl *, 2); state->opts = opts; if (state->ctrls == NULL) { talloc_zfree(req); return NULL; } talloc_set_destructor((TALLOC_CTX *) state->ctrls, sdap_asq_search_ctrls_destructor); ret = sdap_asq_search_create_control(sh, deref_attr, &state->ctrls[0]); if (ret != EOK) { talloc_zfree(req); DEBUG(1, ("Could not create ASQ control\n")); return NULL; } DEBUG(6, ("Dereferencing entry [%s] using ASQ\n", base_dn)); subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn, LDAP_SCOPE_BASE, NULL, attrs, false, state->ctrls, NULL, 0, timeout, true, sdap_asq_search_parse_entry, state); if (!subreq) { talloc_zfree(req); return NULL; } tevent_req_set_callback(subreq, sdap_asq_search_done, req); return req; } static int sdap_asq_search_create_control(struct sdap_handle *sh, const char *attr, LDAPControl **ctrl) { struct berval *asqval; int ret; BerElement *ber = NULL; ber = ber_alloc_t(LBER_USE_DER); if (ber == NULL) { DEBUG(2, ("ber_alloc_t failed.\n")); return ENOMEM; } ret = ber_printf(ber, "{s}", attr); if (ret == -1) { DEBUG(2, ("ber_printf failed.\n")); ber_free(ber, 1); return EIO; } ret = ber_flatten(ber, &asqval); ber_free(ber, 1); if (ret == -1) { DEBUG(1, ("ber_flatten failed.\n")); return EIO; } ret = sdap_control_create(sh, LDAP_SERVER_ASQ_OID, 1, asqval, 1, ctrl); ber_bvfree(asqval); if (ret != EOK) { DEBUG(1, ("sdap_control_create failed\n")); return ret; } return EOK; } static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh, struct sdap_msg *msg, void *pvt) { errno_t ret; struct sdap_asq_search_state *state = talloc_get_type(pvt, struct sdap_asq_search_state); struct berval **vals; int i, mi; struct sdap_attr_map *map; int num_attrs; struct sdap_deref_attrs **res; char *tmp; char *dn; TALLOC_CTX *tmp_ctx; bool disable_range_rtrvl; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; res = talloc_array(tmp_ctx, struct sdap_deref_attrs *, state->num_maps); if (!res) { ret = ENOMEM; goto done; } for (mi =0; mi < state->num_maps; mi++) { res[mi] = talloc_zero(res, struct sdap_deref_attrs); if (!res[mi]) { ret = ENOMEM; goto done; } res[mi]->map = state->maps[mi].map; res[mi]->attrs = NULL; } tmp = ldap_get_dn(sh->ldap, msg->msg); if (!tmp) { ret = EINVAL; goto done; } dn = talloc_strdup(tmp_ctx, tmp); ldap_memfree(tmp); if (!dn) { ret = ENOMEM; goto done; } /* Find all suitable maps in the list */ vals = ldap_get_values_len(sh->ldap, msg->msg, "objectClass"); if (!vals) { DEBUG(SSSDBG_OP_FAILURE, ("Unknown entry type, no objectClass found for DN [%s]!\n", dn)); ret = EINVAL; goto done; } for (mi =0; mi < state->num_maps; mi++) { map = NULL; for (i = 0; vals[i]; i++) { /* the objectclass is always the first name in the map */ if (strncasecmp(state->maps[mi].map[0].name, vals[i]->bv_val, vals[i]->bv_len) == 0) { /* it's an entry of the right type */ DEBUG(SSSDBG_TRACE_INTERNAL, ("Matched objectclass [%s] on DN [%s], will use associated map\n", state->maps[mi].map[0].name, dn)); map = state->maps[mi].map; num_attrs = state->maps[mi].num_attrs; break; } } if (!map) { DEBUG(SSSDBG_TRACE_INTERNAL, ("DN [%s] did not match the objectClass [%s]\n", dn, state->maps[mi].map[0].name)); continue; } disable_range_rtrvl = dp_opt_get_bool(state->opts->basic, SDAP_DISABLE_RANGE_RETRIEVAL); ret = sdap_parse_entry(res[mi], sh, msg, map, num_attrs, &res[mi]->attrs, NULL, disable_range_rtrvl); if (ret != EOK) { DEBUG(3, ("sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret))); goto done; } } ldap_value_free_len(vals); ret = add_to_deref_reply(state, state->num_maps, &state->dreply, res); if (ret != EOK) { DEBUG(1, ("add_to_deref_reply failed.\n")); goto done; } ret = EOK; done: talloc_zfree(tmp_ctx); return ret; } static void sdap_asq_search_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); int ret; ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret) { DEBUG(4, ("sdap_get_generic_ext_recv failed [%d]: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); return; } tevent_req_done(req); } static int sdap_asq_search_ctrls_destructor(void *ptr) { LDAPControl **ctrls = talloc_get_type(ptr, LDAPControl *);; if (ctrls && ctrls[0]) { ldap_control_free(ctrls[0]); } return 0; } int sdap_asq_search_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *reply_count, struct sdap_deref_attrs ***reply) { struct sdap_asq_search_state *state = tevent_req_data(req, struct sdap_asq_search_state); TEVENT_REQ_RETURN_ON_ERROR(req); *reply_count = state->dreply.reply_count; *reply = talloc_steal(mem_ctx, state->dreply.reply); return EOK; } /* ==Posix attribute presence test================================= */ static errno_t sdap_posix_check_next(struct tevent_req *req); static void sdap_posix_check_done(struct tevent_req *subreq); static errno_t sdap_posix_check_parse(struct sdap_handle *sh, struct sdap_msg *msg, void *pvt); struct sdap_posix_check_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; struct sdap_search_base **search_bases; int timeout; const char **attrs; const char *filter; size_t base_iter; bool has_posix; }; struct tevent_req * sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, struct sdap_search_base **search_bases, int timeout) { struct tevent_req *req = NULL; struct sdap_posix_check_state *state; errno_t ret; req = tevent_req_create(memctx, &state, struct sdap_posix_check_state); if (req == NULL) { return NULL; } state->ev = ev; state->sh = sh; state->opts = opts; state->search_bases = search_bases; state->timeout = timeout; state->attrs = talloc_array(state, const char *, 4); if (state->attrs == NULL) { ret = ENOMEM; goto fail; } state->attrs[0] = "objectclass"; state->attrs[1] = opts->user_map[SDAP_AT_USER_UID].name; state->attrs[2] = opts->group_map[SDAP_AT_GROUP_GID].name; state->attrs[3] = NULL; state->filter = talloc_asprintf(state, "(|(%s=*)(%s=*))", opts->user_map[SDAP_AT_USER_UID].name, opts->group_map[SDAP_AT_GROUP_GID].name); if (state->filter == NULL) { ret = ENOMEM; goto fail; } ret = sdap_posix_check_next(req); if (ret != EOK) { goto fail; } return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static errno_t sdap_posix_check_next(struct tevent_req *req) { struct tevent_req *subreq = NULL; struct sdap_posix_check_state *state = tevent_req_data(req, struct sdap_posix_check_state); DEBUG(SSSDBG_TRACE_FUNC, ("Searching for POSIX attributes with base [%s]\n", state->search_bases[state->base_iter]->basedn)); subreq = sdap_get_generic_ext_send(state, state->ev, state->opts, state->sh, state->search_bases[state->base_iter]->basedn, LDAP_SCOPE_SUBTREE, state->filter, state->attrs, false, NULL, NULL, 1, state->timeout, false, sdap_posix_check_parse, state); if (subreq == NULL) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_posix_check_done, req); return EOK; } static errno_t sdap_posix_check_parse(struct sdap_handle *sh, struct sdap_msg *msg, void *pvt) { struct berval **vals = NULL; struct sdap_posix_check_state *state = talloc_get_type(pvt, struct sdap_posix_check_state); char *dn; char *endptr; dn = ldap_get_dn(sh->ldap, msg->msg); if (dn == NULL) { DEBUG(SSSDBG_TRACE_LIBS, ("Search did not find any entry with POSIX attributes\n")); goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Found [%s] with POSIX attributes\n", dn)); ldap_memfree(dn); vals = ldap_get_values_len(sh->ldap, msg->msg, state->opts->user_map[SDAP_AT_USER_UID].name); if (vals == NULL) { vals = ldap_get_values_len(sh->ldap, msg->msg, state->opts->group_map[SDAP_AT_GROUP_GID].name); if (vals == NULL) { DEBUG(SSSDBG_TRACE_LIBS, ("Entry does not have POSIX attrs?\n")); goto done; } } if (vals[0] == NULL) { DEBUG(SSSDBG_TRACE_LIBS, ("No value for POSIX attr\n")); goto done; } errno = 0; strtouint32(vals[0]->bv_val, &endptr, 10); if (errno || *endptr || (vals[0]->bv_val == endptr)) { DEBUG(SSSDBG_OP_FAILURE, ("POSIX attribute is not a number: %s\n", vals[0]->bv_val)); goto done; } state->has_posix = true; done: ldap_value_free_len(vals); return EOK; } static void sdap_posix_check_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_posix_check_state *state = tevent_req_data(req, struct sdap_posix_check_state); errno_t ret; ret = sdap_get_generic_ext_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_ext_recv failed [%d]: %s\n", ret, strerror(ret))); tevent_req_error(req, ret); return; } /* Positive hit is definitve, no need to search other bases */ if (state->has_posix == true) { DEBUG(SSSDBG_FUNC_DATA, ("Server has POSIX attributes\n")); tevent_req_done(req); return; } state->base_iter++; if (state->search_bases[state->base_iter]) { /* There are more search bases to try */ ret = sdap_posix_check_next(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } /* All bases done! */ DEBUG(SSSDBG_TRACE_LIBS, ("Cycled through all bases\n")); tevent_req_done(req); } int sdap_posix_check_recv(struct tevent_req *req, bool *_has_posix) { struct sdap_posix_check_state *state = tevent_req_data(req, struct sdap_posix_check_state); TEVENT_REQ_RETURN_ON_ERROR(req); *_has_posix = state->has_posix; return EOK; } /* ==Generic Deref Search============================================ */ enum sdap_deref_type { SDAP_DEREF_OPENLDAP, SDAP_DEREF_ASQ }; struct sdap_deref_search_state { struct sdap_handle *sh; size_t reply_count; struct sdap_deref_attrs **reply; enum sdap_deref_type deref_type; }; static void sdap_deref_search_done(struct tevent_req *subreq); struct tevent_req * sdap_deref_search_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, const char *base_dn, const char *deref_attr, const char **attrs, int num_maps, struct sdap_attr_map_info *maps, int timeout) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_deref_search_state *state; req = tevent_req_create(memctx, &state, struct sdap_deref_search_state); if (!req) return NULL; state->sh = sh; state->reply_count = 0; state->reply = NULL; if (sdap_is_control_supported(sh, LDAP_SERVER_ASQ_OID)) { DEBUG(8, ("Server supports ASQ\n")); state->deref_type = SDAP_DEREF_ASQ; subreq = sdap_asq_search_send(state, ev, opts, sh, base_dn, deref_attr, attrs, maps, num_maps, timeout); if (!subreq) { DEBUG(2, ("Cannot start ASQ search\n")); goto fail; } } else if (sdap_is_control_supported(sh, LDAP_CONTROL_X_DEREF)) { DEBUG(8, ("Server supports OpenLDAP deref\n")); state->deref_type = SDAP_DEREF_OPENLDAP; subreq = sdap_x_deref_search_send(state, ev, opts, sh, base_dn, deref_attr, attrs, maps, num_maps, timeout); if (!subreq) { DEBUG(2, ("Cannot start OpenLDAP deref search\n")); goto fail; } } else { DEBUG(2, ("Server does not support any known deref method!\n")); goto fail; } tevent_req_set_callback(subreq, sdap_deref_search_done, req); return req; fail: talloc_zfree(req); return NULL; } static void sdap_deref_search_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_deref_search_state *state = tevent_req_data(req, struct sdap_deref_search_state); int ret; switch (state->deref_type) { case SDAP_DEREF_OPENLDAP: ret = sdap_x_deref_search_recv(subreq, state, &state->reply_count, &state->reply); break; case SDAP_DEREF_ASQ: ret = sdap_asq_search_recv(subreq, state, &state->reply_count, &state->reply); break; default: DEBUG(1, ("Unknown deref method\n")); tevent_req_error(req, EINVAL); return; } talloc_zfree(subreq); if (ret != EOK) { DEBUG(2, ("dereference processing failed [%d]: %s\n", ret, strerror(ret))); if (ret == ENOTSUP) { sss_log(SSS_LOG_WARNING, "LDAP server claims to support deref, but deref search failed. " "Disabling deref for further requests. You can permanently " "disable deref by setting ldap_deref_threshold to 0 in domain " "configuration."); state->sh->disable_deref = true; } else { sss_log(SSS_LOG_WARNING, "dereference processing failed : %s", strerror(ret)); } tevent_req_error(req, ret); return; } tevent_req_done(req); } int sdap_deref_search_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *reply_count, struct sdap_deref_attrs ***reply) { struct sdap_deref_search_state *state = tevent_req_data(req, struct sdap_deref_search_state); TEVENT_REQ_RETURN_ON_ERROR(req); *reply_count = state->reply_count; *reply = talloc_steal(mem_ctx, state->reply); return EOK; } bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts) { const char *deref_oids[][2] = { { LDAP_SERVER_ASQ_OID, "ASQ" }, { LDAP_CONTROL_X_DEREF, "OpenLDAP" }, { NULL, NULL } }; int i; int deref_threshold; if (sh->disable_deref) { return false; } deref_threshold = dp_opt_get_int(opts->basic, SDAP_DEREF_THRESHOLD); if (deref_threshold == 0) { return false; } for (i=0; deref_oids[i][0]; i++) { if (sdap_is_control_supported(sh, deref_oids[i][0])) { DEBUG(6, ("The server supports deref method %s\n", deref_oids[i][1])); return true; } } return false; } errno_t sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, const char *attr_name, const char *attr_desc, bool multivalued, const char *name, struct sysdb_attrs *attrs) { errno_t ret; struct ldb_message_element *el; const char *objname = name ?: "object"; const char *desc = attr_desc ?: attr_name; unsigned int num_values, i; ret = sysdb_attrs_get_el(ldap_attrs, attr_name, &el); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get %s from the " "list of the LDAP attributes [%d]: %s\n", attr_name, ret, strerror(ret))); return ret; } if (el->num_values == 0) { DEBUG(SSSDBG_TRACE_INTERNAL, ("%s is not available " "for [%s].\n", desc, objname)); } else { num_values = multivalued ? el->num_values : 1; for (i = 0; i < num_values; i++) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding %s [%s] to attributes " "of [%s].\n", desc, el->values[i].data, objname)); ret = sysdb_attrs_add_mem(attrs, attr_name, el->values[i].data, el->values[i].length); if (ret) { return ret; } } } return EOK; } errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, struct sss_domain_info *dom, struct sysdb_attrs *attrs) { const char **aliases = NULL; const char *domname; errno_t ret; TALLOC_CTX *tmp_ctx; int i; bool lowercase = !dom->case_sensitive; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } ret = sysdb_attrs_get_aliases(tmp_ctx, ldap_attrs, name, lowercase, &aliases); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get the alias list")); goto done; } for (i = 0; aliases[i]; i++) { domname = sss_get_domain_name(tmp_ctx, aliases[i], dom); if (domname == NULL) { ret = ENOMEM; goto done; } if (lowercase) { ret = sysdb_attrs_add_lc_name_alias(attrs, domname); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to add lower-cased version " "of alias [%s] into the " "attribute list\n", aliases[i])); goto done; } } else { ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, domname); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to add alias [%s] into the " "attribute list\n", aliases[i])); goto done; } } } ret = EOK; done: talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_access.c0000644000000000000000000000007312320753107021712 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.617874978 sssd-1.11.5/src/providers/ldap/sdap_access.c0000664002412700241270000010342712320753107022144 0ustar00jhrozekjhrozek00000000000000/* SSSD sdap_access.c Authors: Stephen Gallagher Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #define _XOPEN_SOURCE 500 /* for strptime() */ #include #undef _XOPEN_SOURCE #include #include #include #include #include #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap.h" #include "providers/ldap/sdap_access.h" #include "providers/ldap/sdap_async.h" #include "providers/data_provider.h" #include "providers/dp_backend.h" static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct sss_domain_info *domain, struct sdap_access_ctx *access_ctx, struct sdap_id_conn_ctx *conn, const char *username, struct ldb_message *user_entry); static errno_t sdap_access_filter_recv(struct tevent_req *req); static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx, struct pam_data *pd, struct ldb_message *user_entry); static errno_t sdap_access_service(struct pam_data *pd, struct ldb_message *user_entry); static errno_t sdap_access_host(struct ldb_message *user_entry); struct sdap_access_req_ctx { struct pam_data *pd; struct tevent_context *ev; struct sdap_access_ctx *access_ctx; struct sdap_id_conn_ctx *conn; struct be_ctx *be_ctx; struct sss_domain_info *domain; struct ldb_message *user_entry; size_t current_rule; }; static errno_t check_next_rule(struct sdap_access_req_ctx *state, struct tevent_req *req); static void sdap_access_filter_done(struct tevent_req *subreq); struct tevent_req * sdap_access_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct sss_domain_info *domain, struct sdap_access_ctx *access_ctx, struct sdap_id_conn_ctx *conn, struct pam_data *pd) { errno_t ret; struct sdap_access_req_ctx *state; struct tevent_req *req; struct ldb_result *res; const char *attrs[] = { "*", NULL }; req = tevent_req_create(mem_ctx, &state, struct sdap_access_req_ctx); if (req == NULL) { DEBUG(1, ("tevent_req_create failed.\n")); return NULL; } state->be_ctx = be_ctx; state->domain = domain; state->pd = pd; state->ev = ev; state->access_ctx = access_ctx; state->conn = conn; state->current_rule = 0; DEBUG(6, ("Performing access check for user [%s]\n", pd->user)); if (access_ctx->access_rule[0] == LDAP_ACCESS_EMPTY) { DEBUG(3, ("No access rules defined, access denied.\n")); ret = ERR_ACCESS_DENIED; goto done; } /* Get original user DN, domain already points to the right (sub)domain */ ret = sysdb_get_user_attr(state, domain->sysdb, domain, pd->user, attrs, &res); if (ret != EOK) { if (ret == ENOENT) { /* If we can't find the user, return access denied */ ret = ERR_ACCESS_DENIED; goto done; } goto done; } else { if (res->count == 0) { /* If we can't find the user, return access denied */ ret = ERR_ACCESS_DENIED; goto done; } if (res->count != 1) { DEBUG(1, ("Invalid response from sysdb_get_user_attr\n")); ret = EINVAL; goto done; } } state->user_entry = res->msgs[0]; ret = check_next_rule(state, req); if (ret == EAGAIN) { return req; } done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t check_next_rule(struct sdap_access_req_ctx *state, struct tevent_req *req) { struct tevent_req *subreq; int ret = EOK; while (ret == EOK) { switch (state->access_ctx->access_rule[state->current_rule]) { case LDAP_ACCESS_EMPTY: /* we are done with no errors */ return EOK; case LDAP_ACCESS_FILTER: subreq = sdap_access_filter_send(state, state->ev, state->be_ctx, state->domain, state->access_ctx, state->conn, state->pd->user, state->user_entry); if (subreq == NULL) { DEBUG(1, ("sdap_access_filter_send failed.\n")); return ENOMEM; } tevent_req_set_callback(subreq, sdap_access_filter_done, req); return EAGAIN; case LDAP_ACCESS_EXPIRE: ret = sdap_account_expired(state->access_ctx, state->pd, state->user_entry); break; case LDAP_ACCESS_SERVICE: ret = sdap_access_service( state->pd, state->user_entry); break; case LDAP_ACCESS_HOST: ret = sdap_access_host(state->user_entry); break; default: DEBUG(1, ("Unexpected access rule type. Access denied.\n")); ret = ERR_ACCESS_DENIED; } state->current_rule++; } return ret; } static void sdap_access_filter_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_access_req_ctx *state = tevent_req_data(req, struct sdap_access_req_ctx); ret = sdap_access_filter_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error retrieving access check result.\n")); tevent_req_error(req, ret); return; } state->current_rule++; ret = check_next_rule(state, req); switch (ret) { case EAGAIN: return; case EOK: tevent_req_done(req); return; default: tevent_req_error(req, ret); return; } } errno_t sdap_access_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } #define SHADOW_EXPIRE_MSG "Account expired according to shadow attributes" static errno_t sdap_account_expired_shadow(struct pam_data *pd, struct ldb_message *user_entry) { int ret; const char *val; long sp_expire; long today; DEBUG(6, ("Performing access shadow check for user [%s]\n", pd->user)); val = ldb_msg_find_attr_as_string(user_entry, SYSDB_SHADOWPW_EXPIRE, NULL); if (val == NULL) { DEBUG(3, ("Shadow expire attribute not found. " "Access will be granted.\n")); return EOK; } ret = string_to_shadowpw_days(val, &sp_expire); if (ret != EOK) { DEBUG(1, ("Failed to retrieve shadow expire date.\n")); return ret; } today = (long) (time(NULL) / (60 * 60 * 24)); if (sp_expire > 0 && today > sp_expire) { ret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(SHADOW_EXPIRE_MSG), (const uint8_t *) SHADOW_EXPIRE_MSG); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } return ERR_ACCOUNT_EXPIRED; } return EOK; } #define UAC_ACCOUNTDISABLE 0x00000002 #define AD_NEVER_EXP 0x7fffffffffffffffLL #define AD_TO_UNIX_TIME_CONST 11644473600LL #define AD_DISABLE_MESSAGE "The user account is disabled on the AD server" #define AD_EXPIRED_MESSAGE "The user account is expired on the AD server" static bool ad_account_expired(uint64_t expiration_time) { time_t now; int err; uint64_t nt_now; if (expiration_time == 0 || expiration_time == AD_NEVER_EXP) { return false; } now = time(NULL); if (now == ((time_t) -1)) { err = errno; DEBUG(1, ("time failed [%d][%s].\n", err, strerror(err))); return true; } /* NT timestamps start at 1601-01-01 and use a 100ns base */ nt_now = (now + AD_TO_UNIX_TIME_CONST) * 1000 * 1000 * 10; if (nt_now > expiration_time) { return true; } return false; } static errno_t sdap_account_expired_ad(struct pam_data *pd, struct ldb_message *user_entry) { uint32_t uac; uint64_t expiration_time; int ret; DEBUG(6, ("Performing AD access check for user [%s]\n", pd->user)); uac = ldb_msg_find_attr_as_uint(user_entry, SYSDB_AD_USER_ACCOUNT_CONTROL, 0); DEBUG(9, ("User account control for user [%s] is [%X].\n", pd->user, uac)); expiration_time = ldb_msg_find_attr_as_uint64(user_entry, SYSDB_AD_ACCOUNT_EXPIRES, 0); DEBUG(SSSDBG_TRACE_ALL, ("Expiration time for user [%s] is [%"PRIu64"].\n", pd->user, expiration_time)); if (uac & UAC_ACCOUNTDISABLE) { ret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AD_DISABLE_MESSAGE), (const uint8_t *) AD_DISABLE_MESSAGE); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } return ERR_ACCESS_DENIED; } else if (ad_account_expired(expiration_time)) { ret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AD_EXPIRED_MESSAGE), (const uint8_t *) AD_EXPIRED_MESSAGE); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } return ERR_ACCOUNT_EXPIRED; } return EOK; } #define RHDS_LOCK_MSG "The user account is locked on the server" static errno_t sdap_account_expired_rhds(struct pam_data *pd, struct ldb_message *user_entry) { bool locked; int ret; DEBUG(6, ("Performing RHDS access check for user [%s]\n", pd->user)); locked = ldb_msg_find_attr_as_bool(user_entry, SYSDB_NS_ACCOUNT_LOCK, false); DEBUG(9, ("Account for user [%s] is%s locked.\n", pd->user, locked ? "" : " not" )); if (locked) { ret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(RHDS_LOCK_MSG), (const uint8_t *) RHDS_LOCK_MSG); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } return ERR_ACCESS_DENIED; } return EOK; } #define NDS_DISABLE_MSG "The user account is disabled on the server" #define NDS_EXPIRED_MSG "The user account is expired" #define NDS_TIME_MAP_MSG "The user account is not allowed at this time" static bool nds_check_expired(const char *exp_time_str) { char *end; struct tm tm; time_t expire_time; time_t now; if (exp_time_str == NULL) { DEBUG(9, ("ndsLoginExpirationTime is not set, access granted.\n")); return false; } memset(&tm, 0, sizeof(tm)); end = strptime(exp_time_str, "%Y%m%d%H%M%SZ", &tm); if (end == NULL) { DEBUG(1, ("NDS expire date [%s] invalid.\n", exp_time_str)); return true; } if (*end != '\0') { DEBUG(1, ("NDS expire date [%s] contains extra characters.\n", exp_time_str)); return true; } expire_time = mktime(&tm); if (expire_time == -1) { DEBUG(1, ("mktime failed to convert [%s].\n", exp_time_str)); return true; } tzset(); expire_time -= timezone; now = time(NULL); DEBUG(SSSDBG_TRACE_ALL, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], tzname[1], timezone, daylight, now, expire_time)); if (difftime(now, expire_time) > 0.0) { DEBUG(4, ("NDS account expired.\n")); return true; } return false; } /* There is no real documentation of the byte string value of * loginAllowedTimeMap, but some good example code in * http://http://developer.novell.com/documentation/samplecode/extjndi_sample/CheckBind.java.html */ static bool nds_check_time_map(const struct ldb_val *time_map) { time_t now; struct tm *tm_now; size_t map_index; div_t q; uint8_t mask = 0; if (time_map == NULL) { DEBUG(9, ("loginAllowedTimeMap is missing, access granted.\n")); return false; } if (time_map->length != 42) { DEBUG(SSSDBG_FUNC_DATA, ("Allowed time map has the wrong size, " "got [%zu], expected 42.\n", time_map->length)); return true; } now = time(NULL); tm_now = gmtime(&now); map_index = tm_now->tm_wday * 48 + tm_now->tm_hour * 2 + (tm_now->tm_min < 30 ? 0 : 1); if (map_index > 335) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unexpected index value [%zu] for time map.\n", map_index)); return true; } q = div(map_index, 8); if (q.quot > 41 || q.quot < 0 || q.rem > 7 || q.rem < 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unexpected result of div(), [%zu][%d][%d].\n", map_index, q.quot, q.rem)); return true; } if (q.rem > 0) { mask = 1 << q.rem; } if (time_map->data[q.quot] & mask) { DEBUG(4, ("Access allowed by time map.\n")); return false; } return true; } static errno_t sdap_account_expired_nds(struct pam_data *pd, struct ldb_message *user_entry) { bool locked = true; int ret; const char *exp_time_str; const struct ldb_val *time_map; DEBUG(6, ("Performing NDS access check for user [%s]\n", pd->user)); locked = ldb_msg_find_attr_as_bool(user_entry, SYSDB_NDS_LOGIN_DISABLED, false); DEBUG(9, ("Account for user [%s] is%s disabled.\n", pd->user, locked ? "" : " not")); if (locked) { ret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(NDS_DISABLE_MSG), (const uint8_t *) NDS_DISABLE_MSG); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } return ERR_ACCESS_DENIED; } else { exp_time_str = ldb_msg_find_attr_as_string(user_entry, SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL); locked = nds_check_expired(exp_time_str); DEBUG(9, ("Account for user [%s] is%s expired.\n", pd->user, locked ? "" : " not")); if (locked) { ret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(NDS_EXPIRED_MSG), (const uint8_t *) NDS_EXPIRED_MSG); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } return ERR_ACCESS_DENIED; } else { time_map = ldb_msg_find_ldb_val(user_entry, SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP); locked = nds_check_time_map(time_map); DEBUG(9, ("Account for user [%s] is%s locked at this time.\n", pd->user, locked ? "" : " not")); if (locked) { ret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(NDS_TIME_MAP_MSG), (const uint8_t *) NDS_TIME_MAP_MSG); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } return ERR_ACCESS_DENIED; } } } return EOK; } static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx, struct pam_data *pd, struct ldb_message *user_entry) { const char *expire; int ret; expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCOUNT_EXPIRE_POLICY); if (expire == NULL) { DEBUG(1, ("Missing account expire policy. Access denied\n")); return ERR_ACCESS_DENIED; } else { if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_SHADOW) == 0) { ret = sdap_account_expired_shadow(pd, user_entry); if (ret != EOK) { DEBUG(1, ("sdap_account_expired_shadow failed.\n")); } } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_AD) == 0) { ret = sdap_account_expired_ad(pd, user_entry); if (ret != EOK) { DEBUG(1, ("sdap_account_expired_ad failed.\n")); } } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_RHDS) == 0 || strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_IPA) == 0 || strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_389DS) == 0) { ret = sdap_account_expired_rhds(pd, user_entry); if (ret != EOK) { DEBUG(1, ("sdap_account_expired_rhds failed.\n")); } } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_NDS) == 0) { ret = sdap_account_expired_nds(pd, user_entry); if (ret != EOK) { DEBUG(1, ("sdap_account_expired_nds failed.\n")); } } else { DEBUG(1, ("Unsupported LDAP account expire policy [%s]. " "Access denied.\n", expire)); ret = ERR_ACCESS_DENIED; } } return ret; } struct sdap_access_filter_req_ctx { const char *username; const char *filter; struct tevent_context *ev; struct sdap_access_ctx *access_ctx; struct sdap_options *opts; struct sdap_id_conn_ctx *conn; struct sdap_id_op *sdap_op; struct sysdb_handle *handle; struct sss_domain_info *domain; bool cached_access; char *basedn; }; static errno_t sdap_access_filter_decide_offline(struct tevent_req *req); static int sdap_access_filter_retry(struct tevent_req *req); static void sdap_access_filter_connect_done(struct tevent_req *subreq); static void sdap_access_filter_get_access_done(struct tevent_req *req); static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct sss_domain_info *domain, struct sdap_access_ctx *access_ctx, struct sdap_id_conn_ctx *conn, const char *username, struct ldb_message *user_entry) { struct sdap_access_filter_req_ctx *state; struct tevent_req *req; const char *basedn; char *clean_username; errno_t ret = ERR_INTERNAL; char *name; char *domname; req = tevent_req_create(mem_ctx, &state, struct sdap_access_filter_req_ctx); if (req == NULL) { return NULL; } if (access_ctx->filter == NULL || *access_ctx->filter == '\0') { /* If no filter is set, default to restrictive */ DEBUG(6, ("No filter set. Access is denied.\n")); ret = ERR_ACCESS_DENIED; goto done; } state->filter = NULL; state->username = username; state->opts = access_ctx->id_ctx->opts; state->conn = conn; state->ev = ev; state->access_ctx = access_ctx; state->domain = domain; DEBUG(6, ("Performing access filter check for user [%s]\n", username)); state->cached_access = ldb_msg_find_attr_as_bool(user_entry, SYSDB_LDAP_ACCESS_FILTER, false); /* Ok, we have one result, check if we are online or offline */ if (be_is_offline(be_ctx)) { /* Ok, we're offline. Return from the cache */ ret = sdap_access_filter_decide_offline(req); goto done; } /* Perform online operation */ basedn = ldb_msg_find_attr_as_string(user_entry, SYSDB_ORIG_DN, NULL); if (basedn == NULL) { DEBUG(1,("Could not find originalDN for user [%s]\n", state->username)); ret = EINVAL; goto done; } state->basedn = talloc_strdup(state, basedn); if (state->basedn == NULL) { DEBUG(1, ("Could not allocate memory for originalDN\n")); ret = ENOMEM; goto done; } /* Construct the filter */ /* Subdomain users are identified by FQDN. We need to use just the username */ ret = sss_parse_name(state, domain->names, username, &domname, &name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not parse [%s] into name and " "domain components, access might fail\n", username)); name = discard_const(username); } ret = sss_filter_sanitize(state, name, &clean_username); if (ret != EOK) { goto done; } state->filter = talloc_asprintf( state, "(&(%s=%s)(objectclass=%s)%s)", state->opts->user_map[SDAP_AT_USER_NAME].name, clean_username, state->opts->user_map[SDAP_OC_USER].name, state->access_ctx->filter); if (state->filter == NULL) { DEBUG(0, ("Could not construct access filter\n")); ret = ENOMEM; goto done; } talloc_zfree(clean_username); DEBUG(6, ("Checking filter against LDAP\n")); state->sdap_op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->sdap_op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto done; } ret = sdap_access_filter_retry(req); if (ret != EOK) { goto done; } return req; done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t sdap_access_filter_decide_offline(struct tevent_req *req) { struct sdap_access_filter_req_ctx *state = tevent_req_data(req, struct sdap_access_filter_req_ctx); if (state->cached_access) { DEBUG(6, ("Access granted by cached credentials\n")); return EOK; } else { DEBUG(6, ("Access denied by cached credentials\n")); return ERR_ACCESS_DENIED; } } static int sdap_access_filter_retry(struct tevent_req *req) { struct sdap_access_filter_req_ctx *state = tevent_req_data(req, struct sdap_access_filter_req_ctx); struct tevent_req *subreq; int ret; subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret); if (!subreq) { DEBUG(2, ("sdap_id_op_connect_send failed: %d (%s)\n", ret, strerror(ret))); return ret; } tevent_req_set_callback(subreq, sdap_access_filter_connect_done, req); return EOK; } static void sdap_access_filter_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_access_filter_req_ctx *state = tevent_req_data(req, struct sdap_access_filter_req_ctx); int ret, dp_error; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { if (dp_error == DP_ERR_OFFLINE) { ret = sdap_access_filter_decide_offline(req); if (ret == EOK) { tevent_req_done(req); return; } } tevent_req_error(req, ret); return; } /* Connection to LDAP succeeded * Send filter request */ subreq = sdap_get_generic_send(state, state->ev, state->opts, sdap_id_op_handle(state->sdap_op), state->basedn, LDAP_SCOPE_BASE, state->filter, NULL, NULL, 0, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (subreq == NULL) { DEBUG(1, ("Could not start LDAP communication\n")); tevent_req_error(req, EIO); return; } tevent_req_set_callback(subreq, sdap_access_filter_get_access_done, req); } static void sdap_access_filter_get_access_done(struct tevent_req *subreq) { int ret, tret, dp_error; size_t num_results; bool found = false; struct sysdb_attrs *attrs; struct sysdb_attrs **results; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_access_filter_req_ctx *state = tevent_req_data(req, struct sdap_access_filter_req_ctx); ret = sdap_get_generic_recv(subreq, state, &num_results, &results); talloc_zfree(subreq); ret = sdap_id_op_done(state->sdap_op, ret, &dp_error); if (ret != EOK) { if (dp_error == DP_ERR_OK) { /* retry */ tret = sdap_access_filter_retry(req); if (tret == EOK) { return; } } else if (dp_error == DP_ERR_OFFLINE) { ret = sdap_access_filter_decide_offline(req); } else if (ret == ERR_INVALID_FILTER) { sss_log(SSS_LOG_ERR, "Malformed access control filter [%s]\n", state->filter); DEBUG(SSSDBG_CRIT_FAILURE, ("Malformed access control filter [%s]\n", state->filter)); ret = ERR_ACCESS_DENIED; } else { DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n", ret, sss_strerror(ret))); } goto done; } /* Check the number of responses we got * If it's exactly 1, we passed the check * If it's < 1, we failed the check * Anything else is an error */ if (num_results < 1) { DEBUG(4, ("User [%s] was not found with the specified filter. " "Denying access.\n", state->username)); found = false; } else if (results == NULL) { DEBUG(1, ("num_results > 0, but results is NULL\n")); ret = ERR_INTERNAL; goto done; } else if (num_results > 1) { /* It should not be possible to get more than one reply * here, since we're doing a base-scoped search */ DEBUG(1, ("Received multiple replies\n")); ret = ERR_INTERNAL; goto done; } else { /* Ok, we got a single reply */ found = true; } if (found) { /* Save "allow" to the cache for future offline :q* access checks. */ DEBUG(6, ("Access granted by online lookup\n")); ret = EOK; } else { /* Save "disallow" to the cache for future offline * access checks. */ DEBUG(6, ("Access denied by online lookup\n")); ret = ERR_ACCESS_DENIED; } attrs = sysdb_new_attrs(state); if (attrs == NULL) { ret = ENOMEM; DEBUG(1, ("Could not set up attrs\n")); goto done; } tret = sysdb_attrs_add_bool(attrs, SYSDB_LDAP_ACCESS_FILTER, ret == EOK ? true : false); if (tret != EOK) { /* Failing to save to the cache is non-fatal. * Just return the result. */ DEBUG(1, ("Could not set up attrs\n")); goto done; } tret = sysdb_set_user_attr(state->domain->sysdb, state->domain, state->username, attrs, SYSDB_MOD_REP); if (tret != EOK) { /* Failing to save to the cache is non-fatal. * Just return the result. */ DEBUG(1, ("Failed to set user access attribute\n")); goto done; } done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } static errno_t sdap_access_filter_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } #define AUTHR_SRV_MISSING_MSG "Authorized service attribute missing, " \ "access denied" #define AUTHR_SRV_DENY_MSG "Access denied by authorized service attribute" #define AUTHR_SRV_NO_MATCH_MSG "Authorized service attribute has " \ "no matching rule, access denied" static errno_t sdap_access_service(struct pam_data *pd, struct ldb_message *user_entry) { errno_t ret, tret; struct ldb_message_element *el; unsigned int i; char *service; el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_SERVICE); if (!el || el->num_values == 0) { DEBUG(1, ("Missing authorized services. Access denied\n")); tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AUTHR_SRV_MISSING_MSG), (const uint8_t *) AUTHR_SRV_MISSING_MSG); if (tret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } return ERR_ACCESS_DENIED; } ret = ENOENT; for (i = 0; i < el->num_values; i++) { service = (char *)el->values[i].data; if (service[0] == '!' && strcasecmp(pd->service, service+1) == 0) { /* This service is explicitly denied */ DEBUG(4, ("Access denied by [%s]\n", service)); tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AUTHR_SRV_DENY_MSG), (const uint8_t *) AUTHR_SRV_DENY_MSG); if (tret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } /* A denial trumps all. Break here */ return ERR_ACCESS_DENIED; } else if (strcasecmp(pd->service, service) == 0) { /* This service is explicitly allowed */ DEBUG(4, ("Access granted for [%s]\n", service)); /* We still need to loop through to make sure * that it's not also explicitly denied */ ret = EOK; } else if (strcmp("*", service) == 0) { /* This user has access to all services */ DEBUG(4, ("Access granted to all services\n")); /* We still need to loop through to make sure * that it's not also explicitly denied */ ret = EOK; } } if (ret == ENOENT) { DEBUG(4, ("No matching service rule found\n")); tret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(AUTHR_SRV_NO_MATCH_MSG), (const uint8_t *) AUTHR_SRV_NO_MATCH_MSG); if (tret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } ret = ERR_ACCESS_DENIED; } return ret; } static errno_t sdap_access_host(struct ldb_message *user_entry) { errno_t ret; struct ldb_message_element *el; unsigned int i; char *host; char hostname[HOST_NAME_MAX+1]; el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST); if (!el || el->num_values == 0) { DEBUG(1, ("Missing hosts. Access denied\n")); return ERR_ACCESS_DENIED; } if (gethostname(hostname, sizeof(hostname)) == -1) { DEBUG(1, ("Unable to get system hostname. Access denied\n")); return ERR_ACCESS_DENIED; } /* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname * in some attempt to get aliases and/or FQDN for the machine. * Not sure this is a good idea, but we might want to add it in * order to be compatible... */ ret = ENOENT; for (i = 0; i < el->num_values; i++) { host = (char *)el->values[i].data; if (host[0] == '!' && strcasecmp(hostname, host+1) == 0) { /* This host is explicitly denied */ DEBUG(4, ("Access denied by [%s]\n", host)); /* A denial trumps all. Break here */ return ERR_ACCESS_DENIED; } else if (strcasecmp(hostname, host) == 0) { /* This host is explicitly allowed */ DEBUG(4, ("Access granted for [%s]\n", host)); /* We still need to loop through to make sure * that it's not also explicitly denied */ ret = EOK; } else if (strcmp("*", host) == 0) { /* This user has access to all hosts */ DEBUG(4, ("Access granted to all hosts\n")); /* We still need to loop through to make sure * that it's not also explicitly denied */ ret = EOK; } } if (ret == ENOENT) { DEBUG(4, ("No matching host rule found\n")); ret = ERR_ACCESS_DENIED; } return ret; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_users.c0000644000000000000000000000007412320753107023010 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.619874976 sssd-1.11.5/src/providers/ldap/sdap_async_users.c0000664002412700241270000007230612320753107023242 0ustar00jhrozekjhrozek00000000000000/* SSSD Async LDAP Helper routines - retrieving users Copyright (C) Simo Sorce - 2009 Copyright (C) 2010, Ralf Haferkamp , Novell Inc. Copyright (C) Jan Zeleny - 2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_idmap.h" #include "providers/ldap/sdap_users.h" /* ==Save-User-Entry====================================================== */ static errno_t sdap_get_idmap_primary_gid(struct sdap_options *opts, struct sysdb_attrs *attrs, char *sid_str, char *dom_sid_str, gid_t *_gid) { errno_t ret; TALLOC_CTX *tmpctx = NULL; gid_t gid, primary_gid; char *group_sid_str; tmpctx = talloc_new(NULL); if (!tmpctx) { ret = ENOMEM; goto done; } ret = sysdb_attrs_get_uint32_t(attrs, opts->user_map[SDAP_AT_USER_PRIMARY_GROUP].sys_name, &primary_gid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("no primary group ID provided\n")); ret = EINVAL; goto done; } /* The primary group ID is just the RID part of the objectSID * of the group. Generate the GID by adding this to the domain * SID value. */ /* First, get the domain SID if we didn't do so above */ if (!dom_sid_str) { ret = sdap_idmap_get_dom_sid_from_object(tmpctx, sid_str, &dom_sid_str); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not parse domain SID from [%s]\n", sid_str)); goto done; } } /* Add the RID to the end */ group_sid_str = talloc_asprintf(tmpctx, "%s-%lu", dom_sid_str, (unsigned long) primary_gid); if (!group_sid_str) { ret = ENOMEM; goto done; } /* Convert the SID into a UNIX group ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, group_sid_str, &gid); if (ret != EOK) goto done; ret = EOK; *_gid = gid; done: talloc_free(tmpctx); return ret; } /* FIXME: support storing additional attributes */ int sdap_save_user(TALLOC_CTX *memctx, struct sysdb_ctx *ctx, struct sdap_options *opts, struct sss_domain_info *dom, struct sysdb_attrs *attrs, bool is_initgr, char **_usn_value, time_t now) { struct ldb_message_element *el; int ret; const char *user_name = NULL; const char *fullname = NULL; const char *pwd; const char *gecos; const char *homedir; const char *shell; const char *orig_dn = NULL; uid_t uid; gid_t gid; struct sysdb_attrs *user_attrs; char *upn = NULL; size_t i; int cache_timeout; char *usn_value = NULL; char **missing = NULL; TALLOC_CTX *tmpctx = NULL; bool use_id_mapping; char *sid_str; char *dom_sid_str = NULL; struct sss_domain_info *subdomain; DEBUG(SSSDBG_TRACE_FUNC, ("Save user\n")); tmpctx = talloc_new(NULL); if (!tmpctx) { ret = ENOMEM; goto done; } user_attrs = sysdb_new_attrs(tmpctx); if (user_attrs == NULL) { ret = ENOMEM; goto done; } /* Always store SID string if available */ ret = sdap_attrs_get_sid_str(tmpctx, opts->idmap_ctx, attrs, opts->user_map[SDAP_AT_USER_OBJECTSID].sys_name, &sid_str); if (ret == EOK) { ret = sysdb_attrs_add_string(user_attrs, SYSDB_SID_STR, sid_str); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not add SID string: [%s]\n", strerror(ret))); goto done; } } else if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_ALL, ("objectSID: not available for group [%s].\n", user_name)); sid_str = NULL; } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not identify objectSID: [%s]\n", strerror(ret))); sid_str = NULL; } /* If this object has a SID available, we will determine the correct * domain by its SID. */ if (sid_str != NULL) { subdomain = find_subdomain_by_sid(get_domains_head(dom), sid_str); if (subdomain) { dom = subdomain; } else { DEBUG(SSSDBG_TRACE_FUNC, ("SID %s does not belong to any known " "domain\n", sid_str)); } } ret = sdap_get_user_primary_name(memctx, opts, attrs, dom, &user_name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get user name\n")); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Processing user %s\n", user_name)); if (opts->schema_type == SDAP_SCHEMA_AD) { ret = sysdb_attrs_get_string(attrs, opts->user_map[SDAP_AT_USER_FULLNAME].sys_name, &fullname); if (ret == EOK) { ret = sysdb_attrs_add_string(user_attrs, SYSDB_FULLNAME, fullname); if (ret != EOK) { goto done; } } else if (ret != ENOENT) { goto done; } } ret = sysdb_attrs_get_el(attrs, opts->user_map[SDAP_AT_USER_PWD].sys_name, &el); if (ret) goto done; if (el->num_values == 0) pwd = NULL; else pwd = (const char *)el->values[0].data; ret = sysdb_attrs_get_el(attrs, opts->user_map[SDAP_AT_USER_GECOS].sys_name, &el); if (ret) goto done; if (el->num_values == 0) gecos = NULL; else gecos = (const char *)el->values[0].data; if (!gecos) { /* Fall back to the user's full name */ ret = sysdb_attrs_get_el( attrs, opts->user_map[SDAP_AT_USER_FULLNAME].sys_name, &el); if (ret) goto done; if (el->num_values > 0) gecos = (const char *)el->values[0].data; } ret = sysdb_attrs_get_el(attrs, opts->user_map[SDAP_AT_USER_HOME].sys_name, &el); if (ret) goto done; if (el->num_values == 0) homedir = NULL; else homedir = (const char *)el->values[0].data; ret = sysdb_attrs_get_el(attrs, opts->user_map[SDAP_AT_USER_SHELL].sys_name, &el); if (ret) goto done; if (el->num_values == 0) shell = NULL; else shell = (const char *)el->values[0].data; use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx, dom->name, sid_str); /* Retrieve or map the UID as appropriate */ if (use_id_mapping) { if (sid_str == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("SID not available, cannot map a " \ "unix ID to user [%s].\n", user_name)); ret = ENOENT; goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Mapping user [%s] objectSID [%s] to unix ID\n", user_name, sid_str)); /* Convert the SID into a UNIX user ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid); if (ret == ENOTSUP) { DEBUG(SSSDBG_TRACE_FUNC, ("Skipping built-in object.\n")); ret = EOK; goto done; } else if (ret != EOK) { goto done; } /* Store the UID in the ldap_attrs so it doesn't get * treated as a missing attribute from LDAP and removed. */ ret = sdap_replace_id(attrs, SYSDB_UIDNUM, uid); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the id-mapped UID\n")); goto done; } } else { ret = sysdb_attrs_get_uint32_t(attrs, opts->user_map[SDAP_AT_USER_UID].sys_name, &uid); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("no uid provided for [%s] in domain [%s].\n", user_name, dom->name)); ret = EINVAL; goto done; } } /* check that the uid is valid for this domain */ if (OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) { DEBUG(2, ("User [%s] filtered out! (uid out of range)\n", user_name)); ret = EINVAL; goto done; } if (use_id_mapping) { ret = sdap_get_idmap_primary_gid(opts, attrs, sid_str, dom_sid_str, &gid); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get the GID for [%s] in domain [%s].\n", user_name, dom->name)); goto done; } if (IS_SUBDOMAIN(dom)) { /* For subdomain users, only create the private group as * the subdomain is an MPG domain. * But we have to save the GID of the original primary group * becasuse otherwise this information might be lost because * typically (Unix and AD) the user is not listed in his primary * group as a member. */ ret = sysdb_attrs_add_uint32(user_attrs, SYSDB_PRIMARY_GROUP_GIDNUM, (uint32_t) gid); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_uint32 failed.\n")); goto done; } gid = 0; } /* Store the GID in the ldap_attrs so it doesn't get * treated as a missing attribute from LDAP and removed. */ ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid); if (ret != EOK) goto done; } else { ret = sysdb_attrs_get_uint32_t(attrs, opts->user_map[SDAP_AT_USER_GID].sys_name, &gid); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("no gid provided for [%s] in domain [%s].\n", user_name, dom->name)); ret = EINVAL; goto done; } } /* check that the gid is valid for this domain */ if (IS_SUBDOMAIN(dom) == false && OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) { DEBUG(SSSDBG_CRIT_FAILURE, ("User [%s] filtered out! (primary gid out of range)\n", user_name)); ret = EINVAL; goto done; } ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &el); if (ret) { goto done; } if (!el || el->num_values == 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("originalDN is not available for [%s].\n", user_name)); } else { orig_dn = (const char *) el->values[0].data; DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding originalDN [%s] to attributes " "of [%s].\n", orig_dn, user_name)); ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_DN, orig_dn); if (ret) { goto done; } } ret = sysdb_attrs_get_el(attrs, SYSDB_MEMBEROF, &el); if (ret) { goto done; } if (el->num_values == 0) { DEBUG(SSSDBG_TRACE_FUNC, ("Original memberOf is not available for [%s].\n", user_name)); } else { DEBUG(SSSDBG_TRACE_FUNC, ("Adding original memberOf attributes to [%s].\n", user_name)); for (i = 0; i < el->num_values; i++) { ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_MEMBEROF, (const char *) el->values[i].data); if (ret) { goto done; } } } ret = sdap_attrs_add_string(attrs, opts->user_map[SDAP_AT_USER_MODSTAMP].sys_name, "original mod-Timestamp", user_name, user_attrs); if (ret != EOK) { goto done; } ret = sysdb_attrs_get_el(attrs, opts->user_map[SDAP_AT_USER_USN].sys_name, &el); if (ret) { goto done; } if (el->num_values == 0) { DEBUG(SSSDBG_TRACE_FUNC, ("Original USN value is not available for [%s].\n", user_name)); } else { ret = sysdb_attrs_add_string(user_attrs, opts->user_map[SDAP_AT_USER_USN].sys_name, (const char*)el->values[0].data); if (ret) { goto done; } usn_value = talloc_strdup(tmpctx, (const char*)el->values[0].data); if (!usn_value) { ret = ENOMEM; goto done; } } ret = sysdb_attrs_get_el(attrs, opts->user_map[SDAP_AT_USER_PRINC].sys_name, &el); if (ret) { goto done; } if (el->num_values == 0) { DEBUG(SSSDBG_TRACE_FUNC, ("User principal is not available for [%s].\n", user_name)); } else { upn = talloc_strdup(user_attrs, (const char*) el->values[0].data); if (!upn) { ret = ENOMEM; goto done; } if (dp_opt_get_bool(opts->basic, SDAP_FORCE_UPPER_CASE_REALM)) { make_realm_upper_case(upn); } DEBUG(SSSDBG_TRACE_FUNC, ("Adding user principal [%s] to attributes of [%s].\n", upn, user_name)); ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, upn); if (ret) { goto done; } } for (i = SDAP_FIRST_EXTRA_USER_AT; i < SDAP_OPTS_USER; i++) { ret = sdap_attrs_add_list(attrs, opts->user_map[i].sys_name, NULL, user_name, user_attrs); if (ret) { goto done; } } cache_timeout = dom->user_timeout; if (is_initgr) { ret = sysdb_attrs_add_time_t(user_attrs, SYSDB_INITGR_EXPIRE, (cache_timeout ? (time(NULL) + cache_timeout) : 0)); if (ret) { goto done; } } ret = sdap_save_all_names(user_name, attrs, dom, user_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to save user names\n")); goto done; } /* Make sure that any attributes we requested from LDAP that we * did not receive are also removed from the sysdb */ ret = list_missing_attrs(user_attrs, opts->user_map, SDAP_OPTS_USER, attrs, &missing); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Storing info for user %s\n", user_name)); ret = sysdb_store_user(ctx, dom, user_name, pwd, uid, gid, gecos, homedir, shell, orig_dn, user_attrs, missing, cache_timeout, now); if (ret) goto done; if (_usn_value) { *_usn_value = talloc_steal(memctx, usn_value); } talloc_steal(memctx, user_attrs); ret = EOK; done: if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to save user [%s]\n", user_name ? user_name : "Unknown")); } talloc_free(tmpctx); return ret; } /* ==Generic-Function-to-save-multiple-users============================= */ int sdap_save_users(TALLOC_CTX *memctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs **users, int num_users, char **_usn_value) { TALLOC_CTX *tmpctx; char *higher_usn = NULL; char *usn_value; int ret; errno_t sret; int i; time_t now; bool in_transaction = false; if (num_users == 0) { /* Nothing to do if there are no users */ return EOK; } tmpctx = talloc_new(memctx); if (!tmpctx) { return ENOMEM; } ret = sysdb_transaction_start(sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; now = time(NULL); for (i = 0; i < num_users; i++) { usn_value = NULL; ret = sdap_save_user(tmpctx, sysdb, opts, dom, users[i], false, &usn_value, now); /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { DEBUG(2, ("Failed to store user %d. Ignoring.\n", i)); } else { DEBUG(9, ("User %d processed!\n", i)); } if (usn_value) { if (higher_usn) { if ((strlen(usn_value) > strlen(higher_usn)) || (strcmp(usn_value, higher_usn) > 0)) { talloc_zfree(higher_usn); higher_usn = usn_value; } else { talloc_zfree(usn_value); } } else { higher_usn = usn_value; } } } ret = sysdb_transaction_commit(sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction!\n")); goto done; } in_transaction = false; if (_usn_value) { *_usn_value = talloc_steal(memctx, higher_usn); } done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } talloc_zfree(tmpctx); return ret; } /* ==Search-Users-with-filter============================================= */ struct sdap_search_user_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; struct sss_domain_info *dom; const char **attrs; const char *base_filter; const char *filter; int timeout; bool enumeration; char *higher_usn; struct sysdb_attrs **users; size_t count; size_t base_iter; struct sdap_search_base **search_bases; }; static errno_t sdap_search_user_next_base(struct tevent_req *req); static void sdap_search_user_process(struct tevent_req *subreq); struct tevent_req *sdap_search_user_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *dom, struct sdap_options *opts, struct sdap_search_base **search_bases, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout, bool enumeration) { errno_t ret; struct tevent_req *req; struct sdap_search_user_state *state; req = tevent_req_create(memctx, &state, struct sdap_search_user_state); if (req == NULL) return NULL; state->ev = ev; state->opts = opts; state->dom = dom; state->sh = sh; state->attrs = attrs; state->higher_usn = NULL; state->users = NULL; state->count = 0; state->timeout = timeout; state->base_filter = filter; state->base_iter = 0; state->search_bases = search_bases; state->enumeration = enumeration; if (!state->search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("User lookup request without a search base\n")); ret = EINVAL; goto done; } ret = sdap_search_user_next_base(req); done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, state->ev); } return req; } static errno_t sdap_search_user_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_search_user_state *state; state = tevent_req_data(req, struct sdap_search_user_state); talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter(state, state->base_filter, state->search_bases[state->base_iter]->filter); if (state->filter == NULL) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for users with base [%s]\n", state->search_bases[state->base_iter]->basedn)); subreq = sdap_get_generic_send( state, state->ev, state->opts, state->sh, state->search_bases[state->base_iter]->basedn, state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->user_map, SDAP_OPTS_USER, state->timeout, state->enumeration); /* If we're enumerating, we need paging */ if (subreq == NULL) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_search_user_process, req); return EOK; } static void sdap_search_user_process(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_search_user_state *state = tevent_req_data(req, struct sdap_search_user_state); int ret; size_t count, i; struct sysdb_attrs **users; bool next_base = false; ret = sdap_get_generic_recv(subreq, state, &count, &users); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_FUNC, ("Search for users, returned %zu results.\n", count)); if (state->enumeration || count == 0) { /* No users found in this search or enumerating */ next_base = true; } /* Add this batch of users to the list */ if (count > 0) { state->users = talloc_realloc(state, state->users, struct sysdb_attrs *, state->count + count + 1); if (!state->users) { tevent_req_error(req, ENOMEM); return; } /* Copy the new users into the list * They're already allocated on 'state' */ for (i = 0; i < count; i++) { state->users[state->count + i] = talloc_steal(state->users, users[i]); } state->count += count; state->users[state->count] = NULL; } if (next_base) { state->base_iter++; if (state->search_bases[state->base_iter]) { /* There are more search bases to try */ ret = sdap_search_user_next_base(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } } /* No more search bases * Return ENOENT if no users were found */ if (state->count == 0) { tevent_req_error(req, ENOENT); return; } DEBUG(SSSDBG_TRACE_ALL, ("Retrieved total %zu users\n", state->count)); tevent_req_done(req); } int sdap_search_user_recv(TALLOC_CTX *memctx, struct tevent_req *req, char **higher_usn, struct sysdb_attrs ***users, size_t *count) { struct sdap_search_user_state *state = tevent_req_data(req, struct sdap_search_user_state); if (higher_usn) { *higher_usn = talloc_steal(memctx, state->higher_usn); } if (users) { *users = talloc_steal(memctx, state->users); } if (count) { *count = state->count; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==Search-And-Save-Users-with-filter============================================= */ struct sdap_get_users_state { struct sysdb_ctx *sysdb; struct sdap_options *opts; struct sss_domain_info *dom; char *higher_usn; struct sysdb_attrs **users; size_t count; }; static void sdap_get_users_done(struct tevent_req *subreq); struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *dom, struct sysdb_ctx *sysdb, struct sdap_options *opts, struct sdap_search_base **search_bases, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout, bool enumeration) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct sdap_get_users_state *state; req = tevent_req_create(memctx, &state, struct sdap_get_users_state); if (!req) return NULL; state->sysdb = sysdb; state->opts = opts; state->dom = dom; subreq = sdap_search_user_send(state, ev, dom, opts, search_bases, sh, attrs, filter, timeout, enumeration); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_get_users_done, req); ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static void sdap_get_users_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_users_state *state = tevent_req_data(req, struct sdap_get_users_state); int ret; ret = sdap_search_user_recv(state, subreq, &state->higher_usn, &state->users, &state->count); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to retrieve users\n")); tevent_req_error(req, ret); return; } ret = sdap_save_users(state, state->sysdb, state->dom, state->opts, state->users, state->count, &state->higher_usn); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to store users.\n")); tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_ALL, ("Saving %zu Users - Done\n", state->count)); tevent_req_done(req); } int sdap_get_users_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **usn_value) { struct sdap_get_users_state *state = tevent_req_data(req, struct sdap_get_users_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (usn_value) { *usn_value = talloc_steal(mem_ctx, state->higher_usn); } return EOK; } /* ==Fetch-Fallback-local-user============================================ */ errno_t sdap_fallback_local_user(TALLOC_CTX *memctx, struct sdap_options *opts, const char *name, uid_t uid, struct sysdb_attrs ***reply) { struct sysdb_attrs **ua; struct sysdb_attrs *user; struct passwd *pwd; int ret; if (name) { pwd = getpwnam(name); } else { pwd = getpwuid(uid); } if (!pwd) { return errno ? errno : ENOENT; } ua = talloc_array(memctx, struct sysdb_attrs *, 2); if (!ua) { ret = ENOMEM; goto done; } ua[1] = NULL; user = sysdb_new_attrs(ua); if (!user) { ret = ENOMEM; goto done; } ua[0] = user; ret = sysdb_attrs_add_string(user, SYSDB_NAME, pwd->pw_name); if (ret != EOK) { goto done; } if (pwd->pw_passwd) { ret = sysdb_attrs_add_string(user, SYSDB_PWD, pwd->pw_passwd); if (ret != EOK) { goto done; } } ret = sysdb_attrs_add_long(user, SYSDB_UIDNUM, (long)pwd->pw_uid); if (ret != EOK) { goto done; } ret = sysdb_attrs_add_long(user, SYSDB_GIDNUM, (long)pwd->pw_gid); if (ret != EOK) { goto done; } if (pwd->pw_gecos) { ret = sysdb_attrs_add_string(user, SYSDB_GECOS, pwd->pw_gecos); if (ret != EOK) { goto done; } } if (pwd->pw_dir) { ret = sysdb_attrs_add_string(user, SYSDB_HOMEDIR, pwd->pw_dir); if (ret != EOK) { goto done; } } if (pwd->pw_shell) { ret = sysdb_attrs_add_string(user, SYSDB_SHELL, pwd->pw_shell); if (ret != EOK) { goto done; } } done: if (ret != EOK) { talloc_free(ua); } else { *reply = ua; } return ret; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_dyndns.c0000644000000000000000000000007412320753107021751 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.633874966 sssd-1.11.5/src/providers/ldap/sdap_dyndns.c0000664002412700241270000005510312320753107022177 0ustar00jhrozekjhrozek00000000000000/* SSSD sdap_dyndns.c: LDAP specific dynamic DNS update Authors: Jakub Hrozek Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "resolv/async_resolv.h" #include "providers/dp_backend.h" #include "providers/dp_dyndns.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/sdap_id_op.h" #include "providers/ldap/ldap_common.h" static struct tevent_req * sdap_dyndns_get_addrs_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *sdap_ctx, const char *iface); static errno_t sdap_dyndns_get_addrs_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct sss_iface_addr **_addresses); struct sdap_dyndns_update_state { struct tevent_context *ev; struct be_resolv_ctx *be_res; struct dp_option *opts; const char *hostname; const char *dns_zone; const char *realm; const char *servername; int ttl; struct sss_iface_addr *addresses; struct sss_iface_addr *dns_addrlist; uint8_t remove_af; bool update_ptr; bool check_diff; enum be_nsupdate_auth auth_type; bool use_server_with_nsupdate; char *update_msg; }; static void sdap_dyndns_update_addrs_done(struct tevent_req *subreq); static void sdap_dyndns_dns_addrs_done(struct tevent_req *subreq); static errno_t sdap_dyndns_addrs_diff(struct sdap_dyndns_update_state *state, bool *_do_update); static errno_t sdap_dyndns_update_step(struct tevent_req *req); static errno_t sdap_dyndns_update_ptr_step(struct tevent_req *req); static void sdap_dyndns_update_done(struct tevent_req *subreq); static void sdap_dyndns_update_ptr_done(struct tevent_req *subreq); struct tevent_req * sdap_dyndns_update_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct dp_option *opts, struct sdap_id_ctx *sdap_ctx, enum be_nsupdate_auth auth_type, const char *ifname, const char *hostname, const char *dns_zone, const char *realm, const char *servername, const int ttl, bool check_diff) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct sdap_dyndns_update_state *state; req = tevent_req_create(mem_ctx, &state, struct sdap_dyndns_update_state); if (req == NULL) { return NULL; } state->check_diff = check_diff; state->update_ptr = dp_opt_get_bool(opts, DP_OPT_DYNDNS_UPDATE_PTR); state->hostname = hostname; state->dns_zone = dns_zone; state->realm = realm; state->servername = servername; state->use_server_with_nsupdate = false; state->ttl = ttl; state->be_res = be_ctx->be_res; state->ev = ev; state->opts = opts; state->auth_type = auth_type; if (ifname) { /* Unless one family is restricted, just replace all * address families during the update */ switch (state->be_res->family_order) { case IPV4_ONLY: state->remove_af |= DYNDNS_REMOVE_A; break; case IPV6_ONLY: state->remove_af |= DYNDNS_REMOVE_AAAA; break; case IPV4_FIRST: case IPV6_FIRST: state->remove_af |= (DYNDNS_REMOVE_A | DYNDNS_REMOVE_AAAA); break; } } else { /* If the interface isn't specified, we ONLY want to have the address * that's connected to the LDAP server stored, so we need to check * (and later remove) both address families. */ state->remove_af = (DYNDNS_REMOVE_A | DYNDNS_REMOVE_AAAA); } subreq = sdap_dyndns_get_addrs_send(state, state->ev, sdap_ctx, ifname); if (!subreq) { ret = EIO; DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: [%d](%s)\n", ret, sss_strerror(ret))); goto done; } tevent_req_set_callback(subreq, sdap_dyndns_update_addrs_done, req); ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static void sdap_dyndns_update_addrs_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req; struct sdap_dyndns_update_state *state; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_dyndns_update_state); ret = sdap_dyndns_get_addrs_recv(subreq, state, &state->addresses); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Can't get addresses for DNS update\n")); tevent_req_error(req, ret); return; } if (state->check_diff || state->update_ptr) { /* Check if we need the update at all. In case we are updating the PTR * records as well, we need to know the old addresses to be able to * reliably delete the PTR records */ subreq = nsupdate_get_addrs_send(state, state->ev, state->be_res, state->hostname); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Can't initiate address check\n")); tevent_req_error(req, ret); return; } tevent_req_set_callback(subreq, sdap_dyndns_dns_addrs_done, req); return; } /* Perform update */ ret = sdap_dyndns_update_step(req); if (ret != EOK) { tevent_req_error(req, ret); return; } /* Execution will resume in sdap_dyndns_update_done */ } static void sdap_dyndns_dns_addrs_done(struct tevent_req *subreq) { struct tevent_req *req; struct sdap_dyndns_update_state *state; errno_t ret; bool do_update; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_dyndns_update_state); ret = nsupdate_get_addrs_recv(subreq, state, &state->dns_addrlist, NULL); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not receive list of current addresses [%d]: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); return; } if (state->check_diff) { ret = sdap_dyndns_addrs_diff(state, &do_update); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not check the diff between DNS " "and current addresses [%d]: %s\n", ret, strerror(ret))); tevent_req_error(req, ret); return; } if (do_update == false) { DEBUG(SSSDBG_TRACE_FUNC, ("No DNS update needed, addresses did not change\n")); tevent_req_done(req); return; } DEBUG(SSSDBG_TRACE_FUNC, ("Detected IP addresses change, will perform an update\n")); } /* Either we needed the addresses for updating PTR records only or * the addresses have changed (or both) */ ret = sdap_dyndns_update_step(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not start the update [%d]: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); } return; } static errno_t sdap_dyndns_addrs_diff(struct sdap_dyndns_update_state *state, bool *_do_update) { errno_t ret; int i; char **str_dnslist = NULL, **str_local_list = NULL; char **dns_only = NULL, **local_only = NULL; bool do_update = false; ret = sss_iface_addr_list_as_str_list(state, state->dns_addrlist, &str_dnslist); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Converting DNS IP addresses to strings failed: [%d]: %s\n", ret, sss_strerror(ret))); return ret; } ret = sss_iface_addr_list_as_str_list(state, state->addresses, &str_local_list); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Converting local IP addresses to strings failed: [%d]: %s\n", ret, sss_strerror(ret))); return ret; } /* Compare the lists */ ret = diff_string_lists(state, str_dnslist, str_local_list, &dns_only, &local_only, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("diff_string_lists failed: [%d]: %s\n", ret, sss_strerror(ret))); return ret; } if (dns_only) { for (i=0; dns_only[i]; i++) { DEBUG(SSSDBG_TRACE_LIBS, ("Address in DNS only: %s\n", dns_only[i])); do_update = true; } } if (local_only) { for (i=0; local_only[i]; i++) { DEBUG(SSSDBG_TRACE_LIBS, ("Address on localhost only: %s\n", local_only[i])); do_update = true; } } *_do_update = do_update; return EOK; } static errno_t sdap_dyndns_update_step(struct tevent_req *req) { errno_t ret; struct sdap_dyndns_update_state *state; const char *servername; struct tevent_req *subreq; state = tevent_req_data(req, struct sdap_dyndns_update_state); servername = NULL; if (state->use_server_with_nsupdate == true && state->servername) { servername = state->servername; } ret = be_nsupdate_create_fwd_msg(state, state->realm, state->dns_zone, servername, state->hostname, state->ttl, state->remove_af, state->addresses, state->dns_addrlist, &state->update_msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Can't get addresses for DNS update\n")); return ret; } /* Fork a child process to perform the DNS update */ subreq = be_nsupdate_send(state, state->ev, state->auth_type, state->update_msg, dp_opt_get_bool(state->opts, DP_OPT_DYNDNS_FORCE_TCP)); if (subreq == NULL) { return EIO; } tevent_req_set_callback(subreq, sdap_dyndns_update_done, req); return EOK; } static void sdap_dyndns_update_done(struct tevent_req *subreq) { errno_t ret; int child_status; struct tevent_req *req; struct sdap_dyndns_update_state *state; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_dyndns_update_state); ret = be_nsupdate_recv(subreq, &child_status); talloc_zfree(subreq); if (ret != EOK) { /* If the update didn't succeed, we can retry using the server name */ if (state->use_server_with_nsupdate == false && state->servername && WIFEXITED(child_status) && WEXITSTATUS(child_status) != 0) { state->use_server_with_nsupdate = true; DEBUG(SSSDBG_MINOR_FAILURE, ("nsupdate failed, retrying with server name\n")); ret = sdap_dyndns_update_step(req); if (ret == EOK) { return; } } tevent_req_error(req, ret); return; } if (state->update_ptr == false) { DEBUG(SSSDBG_TRACE_FUNC, ("No PTR update requested, done\n")); tevent_req_done(req); return; } talloc_free(state->update_msg); ret = sdap_dyndns_update_ptr_step(req); if (ret != EOK) { tevent_req_error(req, ret); return; } /* Execution will resume in sdap_dyndns_update_ptr_done */ } static errno_t sdap_dyndns_update_ptr_step(struct tevent_req *req) { errno_t ret; struct sdap_dyndns_update_state *state; const char *servername; struct tevent_req *subreq; state = tevent_req_data(req, struct sdap_dyndns_update_state); servername = NULL; if (state->use_server_with_nsupdate == true && state->servername) { servername = state->servername; } ret = be_nsupdate_create_ptr_msg(state, state->realm, servername, state->hostname, state->ttl, state->remove_af, state->addresses, state->dns_addrlist, &state->update_msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Can't get addresses for DNS update\n")); return ret; } /* Fork a child process to perform the DNS update */ subreq = be_nsupdate_send(state, state->ev, state->auth_type, state->update_msg, dp_opt_get_bool(state->opts, DP_OPT_DYNDNS_FORCE_TCP)); if (subreq == NULL) { return EIO; } tevent_req_set_callback(subreq, sdap_dyndns_update_ptr_done, req); return EOK; } static void sdap_dyndns_update_ptr_done(struct tevent_req *subreq) { errno_t ret; int child_status; struct tevent_req *req; struct sdap_dyndns_update_state *state; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_dyndns_update_state); ret = be_nsupdate_recv(subreq, &child_status); talloc_zfree(subreq); if (ret != EOK) { /* If the update didn't succeed, we can retry using the server name */ if (state->use_server_with_nsupdate == false && state->servername && WIFEXITED(child_status) && WEXITSTATUS(child_status) != 0) { state->use_server_with_nsupdate = true; DEBUG(SSSDBG_MINOR_FAILURE, ("nsupdate failed, retrying with server name\n")); ret = sdap_dyndns_update_ptr_step(req); if (ret == EOK) { return; } } tevent_req_error(req, ret); return; } tevent_req_done(req); } errno_t sdap_dyndns_update_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* A request to get addresses to update with */ struct sdap_dyndns_get_addrs_state { struct sdap_id_op* sdap_op; struct sss_iface_addr *addresses; }; static void sdap_dyndns_get_addrs_done(struct tevent_req *subreq); static errno_t sdap_dyndns_add_ldap_conn(struct sdap_dyndns_get_addrs_state *state, struct sdap_handle *sh); static struct tevent_req * sdap_dyndns_get_addrs_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *sdap_ctx, const char *iface) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct sdap_dyndns_get_addrs_state *state; req = tevent_req_create(mem_ctx, &state, struct sdap_dyndns_get_addrs_state); if (req == NULL) { return NULL; } if (iface) { ret = sss_iface_addr_list_get(state, iface, &state->addresses); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot get list of addresses from interface %s\n", iface)); } /* We're done. Just fake an async request completion */ goto done; } /* Detect DYNDNS address from LDAP connection */ state->sdap_op = sdap_id_op_create(state, sdap_ctx->conn->conn_cache); if (!state->sdap_op) { ret = ENOMEM; DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); goto done; } subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret); if (!subreq) { ret = EIO; DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: [%d](%s)\n", ret, sss_strerror(ret))); goto done; } tevent_req_set_callback(subreq, sdap_dyndns_get_addrs_done, req); ret = EAGAIN; done: if (ret == EOK) { tevent_req_done(req); tevent_req_post(req, ev); } else if (ret != EAGAIN) { tevent_req_error(req, ret); tevent_req_post(req, ev); } /* EAGAIN - resolution in progress */ return req; } static void sdap_dyndns_get_addrs_done(struct tevent_req *subreq) { errno_t ret; int dp_error; struct tevent_req *req; struct sdap_dyndns_get_addrs_state *state; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_dyndns_get_addrs_state); ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_MINOR_FAILURE, ("No LDAP server is available, " "dynamic DNS update is skipped in offline mode.\n")); ret = ERR_DYNDNS_OFFLINE; } else { DEBUG(SSSDBG_OP_FAILURE, ("Failed to connect to LDAP server: [%d](%s)\n", ret, sss_strerror(ret))); } tevent_req_error(req, ret); return; } ret = sdap_dyndns_add_ldap_conn(state, sdap_id_op_handle(state->sdap_op)); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Can't get addresses from LDAP connection\n")); tevent_req_error(req, ret); return; } /* Got the address! Done! */ tevent_req_done(req); } static errno_t sdap_dyndns_add_ldap_conn(struct sdap_dyndns_get_addrs_state *state, struct sdap_handle *sh) { int ret; int fd; struct sss_iface_addr *address; struct sockaddr_storage ss; socklen_t ss_len = sizeof(ss); if (sh == NULL) { return EINVAL; } /* Get the file descriptor for the primary LDAP connection */ ret = get_fd_from_ldap(sh->ldap, &fd); if (ret != EOK) { return ret; } errno = 0; ret = getsockname(fd, (struct sockaddr *) &ss, &ss_len); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to get socket name\n")); return ret; } switch(ss.ss_family) { case AF_INET: case AF_INET6: address = sss_iface_addr_add(state, &state->addresses, &ss); if (address == NULL) { return ENOMEM; } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Connection to LDAP is neither IPv4 nor IPv6\n")); return EIO; } return EOK; } static errno_t sdap_dyndns_get_addrs_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct sss_iface_addr **_addresses) { struct sdap_dyndns_get_addrs_state *state; state = tevent_req_data(req, struct sdap_dyndns_get_addrs_state); TEVENT_REQ_RETURN_ON_ERROR(req); *_addresses = talloc_steal(mem_ctx, state->addresses); return EOK; } struct sdap_dyndns_timer_state { struct tevent_context *ev; struct sdap_id_ctx *sdap_ctx; struct be_nsupdate_ctx *dyndns_ctx; struct sdap_id_op *sdap_op; }; static void sdap_dyndns_timer_conn_done(struct tevent_req *req); struct tevent_req * sdap_dyndns_timer_conn_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *sdap_ctx, struct be_nsupdate_ctx *dyndns_ctx) { struct sdap_dyndns_timer_state *state; struct tevent_req *req; struct tevent_req *subreq; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_dyndns_timer_state); if (req == NULL) { return NULL; } state->ev = ev; state->sdap_ctx = sdap_ctx; state->dyndns_ctx = dyndns_ctx; /* In order to prevent the connection triggering an * online callback which would in turn trigger a concurrent DNS * update */ state->dyndns_ctx->timer_in_progress = true; /* Make sure to have a valid LDAP connection */ state->sdap_op = sdap_id_op_create(state, state->sdap_ctx->conn->conn_cache); if (state->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto fail; } subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: [%d](%s)\n", ret, sss_strerror(ret))); ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, sdap_dyndns_timer_conn_done, req); return req; fail: dyndns_ctx->timer_in_progress = false; be_nsupdate_timer_schedule(ev, dyndns_ctx); tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void sdap_dyndns_timer_conn_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_dyndns_timer_state *state = tevent_req_data(req, struct sdap_dyndns_timer_state); errno_t ret; int dp_error; state->dyndns_ctx->timer_in_progress = false; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_MINOR_FAILURE, ("No server is available, " "dynamic DNS update is skipped in offline mode.\n")); /* Another timer will be scheduled when provider goes online */ tevent_req_error(req, ERR_DYNDNS_OFFLINE); } else { DEBUG(SSSDBG_OP_FAILURE, ("Failed to connect to LDAP server: [%d](%s)\n", ret, sss_strerror(ret))); /* Just schedule another dyndns retry */ be_nsupdate_timer_schedule(state->ev, state->dyndns_ctx); tevent_req_error(req, ERR_NETWORK_IO); } return; } /* All OK, schedule another refresh and let the user call its * provider-specific update */ be_nsupdate_timer_schedule(state->ev, state->dyndns_ctx); tevent_req_done(req); } errno_t sdap_dyndns_timer_conn_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_groups_ad.c0000644000000000000000000000007312320753107023631 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.622874974 sssd-1.11.5/src/providers/ldap/sdap_async_groups_ad.c0000664002412700241270000001713712320753107024065 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/ldap_common.h" struct sdap_ad_match_rule_state { struct tevent_context *ev; struct sdap_handle *sh; const char **attrs; struct sdap_options *opts; const char *base_filter; char *filter; int timeout; size_t base_iter; struct sdap_search_base **search_bases; size_t count; struct sysdb_attrs **users; }; static errno_t sdap_get_ad_match_rule_members_next_base(struct tevent_req *req); static void sdap_get_ad_match_rule_members_step(struct tevent_req *subreq); struct tevent_req * sdap_get_ad_match_rule_members_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, struct sysdb_attrs *group, int timeout) { errno_t ret; struct tevent_req *req; struct sdap_ad_match_rule_state *state; const char *group_dn; char *sanitized_group_dn; req = tevent_req_create(mem_ctx, &state, struct sdap_ad_match_rule_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->sh = sh; state->timeout = timeout; state->count = 0; state->base_iter = 0; state->search_bases = opts->sdom->user_search_bases; /* Request all of the user attributes that we know about. */ ret = build_attrs_from_map(state, opts->user_map, SDAP_OPTS_USER, NULL, &state->attrs, NULL); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not build attribute map: [%s]\n", strerror(ret))); goto immediate; } /* Get the DN of the group */ ret = sysdb_attrs_get_string(group, SYSDB_ORIG_DN, &group_dn); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not retrieve originalDN for group: %s\n", strerror(ret))); goto immediate; } /* Sanitize it in case we have special characters in DN */ ret = sss_filter_sanitize(state, group_dn, &sanitized_group_dn); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not sanitize group DN: %s\n", strerror(ret))); goto immediate; } /* Craft a special filter according to * http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx */ state->base_filter = talloc_asprintf(state, "(&(%s:%s:=%s)(objectClass=%s))", state->opts->user_map[SDAP_AT_USER_MEMBEROF].name, SDAP_MATCHING_RULE_IN_CHAIN, sanitized_group_dn, state->opts->user_map[SDAP_OC_USER].name); talloc_zfree(sanitized_group_dn); if (!state->base_filter) { ret = ENOMEM; goto immediate; } /* Start the loop through the search bases to get all of the users */ ret = sdap_get_ad_match_rule_members_next_base(req); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("sdap_get_ad_match_rule_members_next_base failed: [%s]\n", strerror(ret))); goto immediate; } return req; immediate: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static errno_t sdap_get_ad_match_rule_members_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_ad_match_rule_state *state; state = tevent_req_data(req, struct sdap_ad_match_rule_state); talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter(state, state->base_filter, state->search_bases[state->base_iter]->filter); if (!state->filter) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for users with base [%s]\n", state->search_bases[state->base_iter]->basedn)); subreq = sdap_get_generic_send( state, state->ev, state->opts, state->sh, state->search_bases[state->base_iter]->basedn, state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->user_map, SDAP_OPTS_USER, state->timeout, true); if (!subreq) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_get_ad_match_rule_members_step, req); return EOK; } static void sdap_get_ad_match_rule_members_step(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_ad_match_rule_state *state = tevent_req_data(req, struct sdap_ad_match_rule_state); size_t count, i; struct sysdb_attrs **users; ret = sdap_get_generic_recv(subreq, state, &count, &users); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("LDAP search failed: [%s]\n", sss_strerror(ret))); tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_LIBS, ("Search for users returned %zu results\n", count)); /* Add this batch of users to the list */ if (count > 0) { state->users = talloc_realloc(state, state->users, struct sysdb_attrs *, state->count + count + 1); if (!state->users) { tevent_req_error(req, ENOMEM); return; } /* Copy the new users into the list */ for (i = 0; i < count; i++) { state->users[state->count + i] = talloc_steal(state->users, users[i]); } state->count += count; state->users[state->count] = NULL; } /* Continue checking other search bases */ state->base_iter++; if (state->search_bases[state->base_iter]) { /* There are more search bases to try */ ret = sdap_get_ad_match_rule_members_next_base(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } /* No more search bases. We're done here. */ if (state->count == 0) { DEBUG(SSSDBG_TRACE_LIBS, ("No users matched in any search base\n")); tevent_req_error(req, ENOENT); return; } tevent_req_done(req); } errno_t sdap_get_ad_match_rule_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *num_users, struct sysdb_attrs ***users) { struct sdap_ad_match_rule_state *state = tevent_req_data(req, struct sdap_ad_match_rule_state); TEVENT_REQ_RETURN_ON_ERROR(req); *num_users = state->count; *users = talloc_steal(mem_ctx, state->users); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_enum.c0000644000000000000000000000007312320753107022612 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.612874982 sssd-1.11.5/src/providers/ldap/sdap_async_enum.c0000664002412700241270000007203212320753107023041 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Enumeration Module Authors: Simo Sorce Jakub Hrozek Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_idmap.h" static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_op *op, bool purge); static errno_t enum_users_recv(struct tevent_req *req); static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_op *op, bool purge); static errno_t enum_groups_recv(struct tevent_req *req); /* ==Enumeration-Request-with-connections=================================== */ struct sdap_dom_enum_ex_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; struct sdap_domain *sdom; struct sdap_id_conn_ctx *user_conn; struct sdap_id_conn_ctx *group_conn; struct sdap_id_conn_ctx *svc_conn; struct sdap_id_op *user_op; struct sdap_id_op *group_op; struct sdap_id_op *svc_op; bool purge; }; static errno_t sdap_dom_enum_ex_retry(struct tevent_req *req, struct sdap_id_op *op, tevent_req_fn tcb); static bool sdap_dom_enum_ex_connected(struct tevent_req *subreq); static void sdap_dom_enum_ex_get_users(struct tevent_req *subreq); static void sdap_dom_enum_ex_posix_check_done(struct tevent_req *subreq); static errno_t sdap_dom_enum_search_users(struct tevent_req *req); static void sdap_dom_enum_ex_users_done(struct tevent_req *subreq); static void sdap_dom_enum_ex_get_groups(struct tevent_req *subreq); static void sdap_dom_enum_ex_groups_done(struct tevent_req *subreq); static void sdap_dom_enum_ex_get_svcs(struct tevent_req *subreq); static void sdap_dom_enum_ex_svcs_done(struct tevent_req *subreq); struct tevent_req * sdap_dom_enum_ex_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *user_conn, struct sdap_id_conn_ctx *group_conn, struct sdap_id_conn_ctx *svc_conn) { struct tevent_req *req; struct sdap_dom_enum_ex_state *state; int t; errno_t ret; req = tevent_req_create(ctx, &state, struct sdap_dom_enum_ex_state); if (req == NULL) return NULL; state->ev = ev; state->ctx = ctx; state->sdom = sdom; state->user_conn = user_conn; state->group_conn = group_conn; state->svc_conn = svc_conn; sdom->last_enum = tevent_timeval_current(); t = dp_opt_get_int(ctx->opts->basic, SDAP_CACHE_PURGE_TIMEOUT); if ((sdom->last_purge.tv_sec + t) < sdom->last_enum.tv_sec) { state->purge = true; } state->user_op = sdap_id_op_create(state, user_conn->conn_cache); if (state->user_op == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_id_op_create failed for users\n")); ret = EIO; goto fail; } ret = sdap_dom_enum_ex_retry(req, state->user_op, sdap_dom_enum_ex_get_users); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_dom_enum_ex_retry failed\n")); goto fail; } return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static errno_t sdap_dom_enum_ex_retry(struct tevent_req *req, struct sdap_id_op *op, tevent_req_fn tcb) { struct sdap_dom_enum_ex_state *state = tevent_req_data(req, struct sdap_dom_enum_ex_state); struct tevent_req *subreq; errno_t ret; subreq = sdap_id_op_connect_send(op, state, &ret); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: %d\n", ret)); return ret; } tevent_req_set_callback(subreq, tcb, req); return EOK; } static bool sdap_dom_enum_ex_connected(struct tevent_req *subreq) { errno_t ret; int dp_error; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_TRACE_FUNC, ("Backend is marked offline, retry later!\n")); tevent_req_done(req); } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Domain enumeration failed to connect to " \ "LDAP server: (%d)[%s]\n", ret, strerror(ret))); tevent_req_error(req, ret); } return false; } return true; } static void sdap_dom_enum_ex_get_users(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_dom_enum_ex_state *state = tevent_req_data(req, struct sdap_dom_enum_ex_state); bool use_id_mapping; errno_t ret; if (sdap_dom_enum_ex_connected(subreq) == false) { return; } use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( state->ctx->opts->idmap_ctx, state->sdom->dom->name, state->sdom->dom->domain_id); /* If POSIX attributes have been requested with an AD server and we * have no idea about POSIX attributes support, run a one-time check */ if (use_id_mapping == false && state->ctx->opts->schema_type == SDAP_SCHEMA_AD && state->ctx->srv_opts && state->ctx->srv_opts->posix_checked == false) { subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts, sdap_id_op_handle(state->user_op), state->sdom->user_search_bases, dp_opt_get_int(state->ctx->opts->basic, SDAP_SEARCH_TIMEOUT)); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_dom_enum_ex_posix_check_done, req); return; } ret = sdap_dom_enum_search_users(req); if (ret != EOK) { tevent_req_error(req, ret); return; } /* Execution resumes in sdap_dom_enum_ex_users_done */ } static void sdap_dom_enum_ex_posix_check_done(struct tevent_req *subreq) { errno_t ret; bool has_posix; int dp_error; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_dom_enum_ex_state *state = tevent_req_data(req, struct sdap_dom_enum_ex_state); ret = sdap_posix_check_recv(subreq, &has_posix); talloc_zfree(subreq); if (ret != EOK && ret != ERR_NO_POSIX) { /* We can only finish the id_op on error as the connection * is re-used by the user search */ ret = sdap_id_op_done(state->user_op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = sdap_dom_enum_ex_retry(req, state->user_op, sdap_dom_enum_ex_get_users); if (ret != EOK) { tevent_req_error(req, ret); } return; } else if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_TRACE_FUNC, ("Backend is offline, retrying later\n")); tevent_req_done(req); return; } else { /* Non-recoverable error */ DEBUG(SSSDBG_OP_FAILURE, ("POSIX check failed: %d: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); return; } } state->ctx->srv_opts->posix_checked = true; /* If the check ran to completion, we know for certain about the attributes */ if (has_posix == false) { tevent_req_error(req, ERR_NO_POSIX); return; } ret = sdap_dom_enum_search_users(req); if (ret != EOK) { tevent_req_error(req, ret); return; } /* Execution resumes in sdap_dom_enum_ex_users_done */ } static errno_t sdap_dom_enum_search_users(struct tevent_req *req) { struct sdap_dom_enum_ex_state *state = tevent_req_data(req, struct sdap_dom_enum_ex_state); struct tevent_req *subreq; subreq = enum_users_send(state, state->ev, state->ctx, state->sdom, state->user_op, state->purge); if (subreq == NULL) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_dom_enum_ex_users_done, req); return EOK; } static void sdap_dom_enum_ex_users_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_dom_enum_ex_state *state = tevent_req_data(req, struct sdap_dom_enum_ex_state); errno_t ret; int dp_error; ret = enum_users_recv(subreq); talloc_zfree(subreq); ret = sdap_id_op_done(state->user_op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = sdap_dom_enum_ex_retry(req, state->user_op, sdap_dom_enum_ex_get_users); if (ret != EOK) { tevent_req_error(req, ret); return; } return; } else if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_TRACE_FUNC, ("Backend is offline, retrying later\n")); tevent_req_done(req); return; } else if (ret != EOK && ret != ENOENT) { /* Non-recoverable error */ DEBUG(SSSDBG_OP_FAILURE, ("User enumeration failed: %d: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); return; } state->group_op = sdap_id_op_create(state, state->group_conn->conn_cache); if (state->group_op == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_id_op_create failed for groups\n")); tevent_req_error(req, EIO); return; } ret = sdap_dom_enum_ex_retry(req, state->group_op, sdap_dom_enum_ex_get_groups); if (ret != EOK) { tevent_req_error(req, ret); return; } /* Continues to sdap_dom_enum_ex_get_groups */ } static void sdap_dom_enum_ex_get_groups(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_dom_enum_ex_state *state = tevent_req_data(req, struct sdap_dom_enum_ex_state); if (sdap_dom_enum_ex_connected(subreq) == false) { return; } subreq = enum_groups_send(state, state->ev, state->ctx, state->sdom, state->group_op, state->purge); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_dom_enum_ex_groups_done, req); } static void sdap_dom_enum_ex_groups_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_dom_enum_ex_state *state = tevent_req_data(req, struct sdap_dom_enum_ex_state); int ret; int dp_error; ret = enum_groups_recv(subreq); talloc_zfree(subreq); ret = sdap_id_op_done(state->group_op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = sdap_dom_enum_ex_retry(req, state->group_op, sdap_dom_enum_ex_get_groups); if (ret != EOK) { tevent_req_error(req, ret); return; } return; } else if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_TRACE_FUNC, ("Backend is offline, retrying later\n")); tevent_req_done(req); return; } else if (ret != EOK && ret != ENOENT) { /* Non-recoverable error */ DEBUG(SSSDBG_OP_FAILURE, ("Group enumeration failed: %d: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); return; } state->svc_op = sdap_id_op_create(state, state->svc_conn->conn_cache); if (state->svc_op == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_id_op_create failed for svcs\n")); tevent_req_error(req, EIO); return; } ret = sdap_dom_enum_ex_retry(req, state->svc_op, sdap_dom_enum_ex_get_svcs); if (ret != EOK) { tevent_req_error(req, ret); return; } } static void sdap_dom_enum_ex_get_svcs(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_dom_enum_ex_state *state = tevent_req_data(req, struct sdap_dom_enum_ex_state); if (sdap_dom_enum_ex_connected(subreq) == false) { return; } subreq = enum_services_send(state, state->ev, state->ctx, state->svc_op, state->purge); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_dom_enum_ex_svcs_done, req); } static void sdap_dom_enum_ex_svcs_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_dom_enum_ex_state *state = tevent_req_data(req, struct sdap_dom_enum_ex_state); int ret; int dp_error; ret = enum_services_recv(subreq); talloc_zfree(subreq); ret = sdap_id_op_done(state->svc_op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = sdap_dom_enum_ex_retry(req, state->user_op, sdap_dom_enum_ex_get_svcs); if (ret != EOK) { tevent_req_error(req, ret); return; } return; } else if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_TRACE_FUNC, ("Backend is offline, retrying later\n")); tevent_req_done(req); return; } else if (ret != EOK && ret != ENOENT) { /* Non-recoverable error */ DEBUG(SSSDBG_OP_FAILURE, ("Service enumeration failed: %d: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); return; } /* Ok, we've completed an enumeration. Save this to the * sysdb so we can postpone starting up the enumeration * process on the next SSSD service restart (to avoid * slowing down system boot-up */ ret = sysdb_set_enumerated(state->sdom->dom->sysdb, state->sdom->dom, true); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not mark domain as having enumerated.\n")); /* This error is non-fatal, so continue */ } if (state->purge) { ret = ldap_id_cleanup(state->ctx->opts, state->sdom); if (ret != EOK) { /* Not fatal, worst case we'll have stale entries that would be * removed on a subsequent online lookup */ DEBUG(SSSDBG_MINOR_FAILURE, ("Cleanup failed: %d\n", ret)); } } tevent_req_done(req); } errno_t sdap_dom_enum_ex_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==Enumeration-Request==================================================== */ struct tevent_req * sdap_dom_enum_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn) { return sdap_dom_enum_ex_send(memctx, ev, ctx, sdom, conn, conn, conn); } errno_t sdap_dom_enum_recv(struct tevent_req *req) { return sdap_dom_enum_ex_recv(req); } /* ==User-Enumeration===================================================== */ struct enum_users_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; struct sdap_domain *sdom; struct sdap_id_op *op; char *filter; const char **attrs; }; static void enum_users_done(struct tevent_req *subreq); static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_op *op, bool purge) { struct tevent_req *req, *subreq; struct enum_users_state *state; int ret; bool use_mapping; req = tevent_req_create(memctx, &state, struct enum_users_state); if (!req) return NULL; state->ev = ev; state->sdom = sdom; state->ctx = ctx; state->op = op; use_mapping = sdap_idmap_domain_has_algorithmic_mapping( ctx->opts->idmap_ctx, sdom->dom->name, sdom->dom->domain_id); /* We always want to filter on objectclass and an available name */ state->filter = talloc_asprintf(state, "(&(objectclass=%s)(%s=*)", ctx->opts->user_map[SDAP_OC_USER].name, ctx->opts->user_map[SDAP_AT_USER_NAME].name); if (!state->filter) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to build base filter\n")); ret = ENOMEM; goto fail; } if (use_mapping) { /* If we're ID-mapping, check for the objectSID as well */ state->filter = talloc_asprintf_append_buffer( state->filter, "(%s=*)", ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name); } else { /* We're not ID-mapping, so make sure to only get entries * that have UID and GID */ state->filter = talloc_asprintf_append_buffer( state->filter, "(%s=*)(%s=*)", ctx->opts->user_map[SDAP_AT_USER_UID].name, ctx->opts->user_map[SDAP_AT_USER_GID].name); } if (!state->filter) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to build base filter\n")); ret = ENOMEM; goto fail; } if (ctx->srv_opts && ctx->srv_opts->max_user_value && !purge) { /* If we have lastUSN available and we're not doing a full * refresh, limit to changes with a higher entryUSN value. */ state->filter = talloc_asprintf_append_buffer( state->filter, "(%s>=%s)(!(%s=%s))", ctx->opts->user_map[SDAP_AT_USER_USN].name, ctx->srv_opts->max_user_value, ctx->opts->user_map[SDAP_AT_USER_USN].name, ctx->srv_opts->max_user_value); if (!state->filter) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to build base filter\n")); ret = ENOMEM; goto fail; } } /* Terminate the search filter */ state->filter = talloc_asprintf_append_buffer(state->filter, ")"); if (!state->filter) { DEBUG(2, ("Failed to build base filter\n")); ret = ENOMEM; goto fail; } /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->user_map, SDAP_OPTS_USER, NULL, &state->attrs, NULL); if (ret != EOK) goto fail; /* TODO: restrict the enumerations to using a single * search base at a time. */ subreq = sdap_get_users_send(state, state->ev, state->sdom->dom, state->sdom->dom->sysdb, state->ctx->opts, state->sdom->user_search_bases, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), true); if (!subreq) { ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, enum_users_done, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void enum_users_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct enum_users_state *state = tevent_req_data(req, struct enum_users_state); char *usn_value; char *endptr = NULL; unsigned usn_number; int ret; ret = sdap_get_users_recv(subreq, state, &usn_value); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } if (usn_value) { talloc_zfree(state->ctx->srv_opts->max_user_value); state->ctx->srv_opts->max_user_value = talloc_steal(state->ctx, usn_value); usn_number = strtoul(usn_value, &endptr, 10); if ((endptr == NULL || (*endptr == '\0' && endptr != usn_value)) && (usn_number > state->ctx->srv_opts->last_usn)) { state->ctx->srv_opts->last_usn = usn_number; } } DEBUG(4, ("Users higher USN value: [%s]\n", state->ctx->srv_opts->max_user_value)); tevent_req_done(req); } static errno_t enum_users_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* =Group-Enumeration===================================================== */ struct enum_groups_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; struct sdap_domain *sdom; struct sdap_id_op *op; char *filter; const char **attrs; }; static void enum_groups_done(struct tevent_req *subreq); static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_op *op, bool purge) { struct tevent_req *req, *subreq; struct enum_groups_state *state; int ret; bool use_mapping; req = tevent_req_create(memctx, &state, struct enum_groups_state); if (!req) return NULL; state->ev = ev; state->sdom = sdom; state->ctx = ctx; state->op = op; use_mapping = sdap_idmap_domain_has_algorithmic_mapping( ctx->opts->idmap_ctx, sdom->dom->name, sdom->dom->domain_id); /* We always want to filter on objectclass and an available name */ state->filter = talloc_asprintf(state, "(&(objectclass=%s)(%s=*)", ctx->opts->group_map[SDAP_OC_GROUP].name, ctx->opts->group_map[SDAP_AT_GROUP_NAME].name); if (!state->filter) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to build base filter\n")); ret = ENOMEM; goto fail; } if (use_mapping) { /* If we're ID-mapping, check for the objectSID as well */ state->filter = talloc_asprintf_append_buffer( state->filter, "(%s=*)", ctx->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name); } else { /* We're not ID-mapping, so make sure to only get entries * that have a non-zero GID. */ state->filter = talloc_asprintf_append_buffer( state->filter, "(&(%s=*)(!(%s=0)))", ctx->opts->group_map[SDAP_AT_GROUP_GID].name, ctx->opts->group_map[SDAP_AT_GROUP_GID].name); } if (!state->filter) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to build base filter\n")); ret = ENOMEM; goto fail; } if (ctx->srv_opts && ctx->srv_opts->max_group_value && !purge) { state->filter = talloc_asprintf_append_buffer( state->filter, "(%s>=%s)(!(%s=%s))", ctx->opts->group_map[SDAP_AT_GROUP_USN].name, ctx->srv_opts->max_group_value, ctx->opts->group_map[SDAP_AT_GROUP_USN].name, ctx->srv_opts->max_group_value); if (!state->filter) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to build base filter\n")); ret = ENOMEM; goto fail; } } /* Terminate the search filter */ state->filter = talloc_asprintf_append_buffer(state->filter, ")"); if (!state->filter) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to build base filter\n")); ret = ENOMEM; goto fail; } /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP, NULL, &state->attrs, NULL); if (ret != EOK) goto fail; /* TODO: restrict the enumerations to using a single * search base at a time. */ subreq = sdap_get_groups_send(state, state->ev, state->sdom, state->ctx->opts, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), true); if (!subreq) { ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, enum_groups_done, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void enum_groups_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct enum_groups_state *state = tevent_req_data(req, struct enum_groups_state); char *usn_value; char *endptr = NULL; unsigned usn_number; int ret; ret = sdap_get_groups_recv(subreq, state, &usn_value); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } if (usn_value) { talloc_zfree(state->ctx->srv_opts->max_group_value); state->ctx->srv_opts->max_group_value = talloc_steal(state->ctx, usn_value); usn_number = strtoul(usn_value, &endptr, 10); if ((endptr == NULL || (*endptr == '\0' && endptr != usn_value)) && (usn_number > state->ctx->srv_opts->last_usn)) { state->ctx->srv_opts->last_usn = usn_number; } } DEBUG(4, ("Groups higher USN value: [%s]\n", state->ctx->srv_opts->max_group_value)); tevent_req_done(req); } static errno_t enum_groups_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_initgroups_ad.c0000644000000000000000000000007312320753107024515 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.623874973 sssd-1.11.5/src/providers/ldap/sdap_async_initgroups_ad.c0000664002412700241270000012377612320753107024760 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/sdap_idmap.h" #include "providers/ad/ad_common.h" #include "lib/idmap/sss_idmap.h" struct sdap_ad_match_rule_initgr_state { struct tevent_context *ev; struct sdap_options *opts; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; struct sdap_handle *sh; const char *name; const char *orig_dn; const char **attrs; int timeout; const char *base_filter; char *filter; size_t count; struct sysdb_attrs **groups; size_t base_iter; struct sdap_search_base **search_bases; }; static errno_t sdap_get_ad_match_rule_initgroups_next_base(struct tevent_req *req); static void sdap_get_ad_match_rule_initgroups_step(struct tevent_req *subreq); struct tevent_req * sdap_get_ad_match_rule_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, int timeout) { errno_t ret; struct tevent_req *req; struct sdap_ad_match_rule_initgr_state *state; const char **filter_members; char *sanitized_user_dn; req = tevent_req_create(mem_ctx, &state, struct sdap_ad_match_rule_initgr_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->sysdb = sysdb; state->domain = domain; state->sh = sh; state->name = name; state->orig_dn = orig_dn; state->base_iter = 0; state->search_bases = opts->sdom->group_search_bases; /* Request all of the group attributes that we know * about, except for 'member' because that wastes a * lot of bandwidth here and we only really * care about a single member (the one we already * have). */ filter_members = talloc_array(state, const char *, 2); if (!filter_members) { ret = ENOMEM; goto immediate; } filter_members[0] = opts->group_map[SDAP_AT_GROUP_MEMBER].name; filter_members[1] = NULL; ret = build_attrs_from_map(state, opts->group_map, SDAP_OPTS_GROUP, filter_members, &state->attrs, NULL); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not build attribute map: [%s]\n", strerror(ret))); goto immediate; } /* Sanitize the user DN in case we have special characters in DN */ ret = sss_filter_sanitize(state, state->orig_dn, &sanitized_user_dn); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not sanitize user DN: %s\n", strerror(ret))); goto immediate; } /* Craft a special filter according to * http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx */ state->base_filter = talloc_asprintf(state, "(&(%s:%s:=%s)(objectClass=%s))", state->opts->group_map[SDAP_AT_GROUP_MEMBER].name, SDAP_MATCHING_RULE_IN_CHAIN, sanitized_user_dn, state->opts->group_map[SDAP_OC_GROUP].name); talloc_zfree(sanitized_user_dn); if (!state->base_filter) { ret = ENOMEM; goto immediate; } /* Start the loop through the search bases to get all of the * groups to which this user belongs. */ ret = sdap_get_ad_match_rule_initgroups_next_base(req); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("sdap_get_ad_match_rule_members_next_base failed: [%s]\n", strerror(ret))); goto immediate; } return req; immediate: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static errno_t sdap_get_ad_match_rule_initgroups_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_ad_match_rule_initgr_state *state; state = tevent_req_data(req, struct sdap_ad_match_rule_initgr_state); talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter(state, state->base_filter, state->search_bases[state->base_iter]->filter); if (!state->filter) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for groups with base [%s]\n", state->search_bases[state->base_iter]->basedn)); subreq = sdap_get_generic_send( state, state->ev, state->opts, state->sh, state->search_bases[state->base_iter]->basedn, state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->group_map, SDAP_OPTS_GROUP, state->timeout, true); if (!subreq) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_get_ad_match_rule_initgroups_step, req); return EOK; } static void sdap_get_ad_match_rule_initgroups_step(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_ad_match_rule_initgr_state *state = tevent_req_data(req, struct sdap_ad_match_rule_initgr_state); size_t count, i; struct sysdb_attrs **groups; char **sysdb_grouplist; ret = sdap_get_generic_recv(subreq, state, &count, &groups); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("LDAP search failed: [%s]\n", sss_strerror(ret))); goto error; } DEBUG(SSSDBG_TRACE_LIBS, ("Search for users returned %zu results\n", count)); /* Add this batch of groups to the list */ if (count > 0) { state->groups = talloc_realloc(state, state->groups, struct sysdb_attrs *, state->count + count + 1); if (!state->groups) { tevent_req_error(req, ENOMEM); return; } /* Copy the new groups into the list */ for (i = 0; i < count; i++) { state->groups[state->count + i] = talloc_steal(state->groups, groups[i]); } state->count += count; state->groups[state->count] = NULL; } /* Continue checking other search bases */ state->base_iter++; if (state->search_bases[state->base_iter]) { /* There are more search bases to try */ ret = sdap_get_ad_match_rule_initgroups_next_base(req); if (ret != EOK) { goto error; } return; } /* No more search bases. Save the groups. */ if (state->count == 0) { DEBUG(SSSDBG_TRACE_LIBS, ("User is not a member of any group in the search bases\n")); } /* Get the current sysdb group list for this user * so we can update it. */ ret = get_sysdb_grouplist(state, state->sysdb, state->domain, state->name, &sysdb_grouplist); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not get the list of groups for [%s] in the sysdb: " "[%s]\n", state->name, strerror(ret))); goto error; } /* The extensibleMatch search rule eliminates the need for * nested group searches, so we can just update the * memberships now. */ ret = sdap_initgr_common_store(state->sysdb, state->domain, state->opts, state->name, SYSDB_MEMBER_USER, sysdb_grouplist, state->groups, state->count); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not store groups for user [%s]: [%s]\n", state->name, strerror(ret))); goto error; } tevent_req_done(req); return; error: tevent_req_error(req, ret); } errno_t sdap_get_ad_match_rule_initgroups_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } struct sdap_get_ad_tokengroups_state { struct tevent_context *ev; struct sss_idmap_ctx *idmap_ctx; const char *username; char **sids; size_t num_sids; }; static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq); static struct tevent_req * sdap_get_ad_tokengroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, const char *name, const char *orig_dn, int timeout) { struct sdap_get_ad_tokengroups_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; const char *attrs[] = {AD_TOKENGROUPS_ATTR, NULL}; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_get_ad_tokengroups_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->idmap_ctx = opts->idmap_ctx->map; state->ev = ev; state->username = talloc_strdup(state, name); if (state->username == NULL) { ret = ENOMEM; goto immediately; } subreq = sdap_get_generic_send(state, state->ev, opts, sh, orig_dn, LDAP_SCOPE_BASE, NULL, attrs, NULL, 0, timeout, false); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_get_ad_tokengroups_done, req); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq) { TALLOC_CTX *tmp_ctx = NULL; struct sdap_get_ad_tokengroups_state *state = NULL; struct tevent_req *req = NULL; struct sysdb_attrs **users = NULL; struct ldb_message_element *el = NULL; enum idmap_error_code err; char *sid_str = NULL; size_t num_users; size_t i; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_get_ad_tokengroups_state); ret = sdap_get_generic_recv(subreq, tmp_ctx, &num_users, &users); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("LDAP search failed: [%s]\n", sss_strerror(ret))); goto done; } if (num_users != 1) { DEBUG(SSSDBG_MINOR_FAILURE, ("More than one result on a base search!\n")); ret = EINVAL; goto done; } /* get the list of sids from tokengroups */ ret = sysdb_attrs_get_el_ext(users[0], AD_TOKENGROUPS_ATTR, false, &el); if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_LIBS, ("No tokenGroups entries for [%s]\n", state->username)); state->sids = NULL; state->num_sids = 0; ret = EOK; goto done; } else if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not read tokenGroups attribute: " "[%s]\n", strerror(ret))); goto done; } state->num_sids = 0; state->sids = talloc_zero_array(state, char*, el->num_values); if (state->sids == NULL) { ret = ENOMEM; goto done; } /* convert binary sid to string */ for (i = 0; i < el->num_values; i++) { err = sss_idmap_bin_sid_to_sid(state->idmap_ctx, el->values[i].data, el->values[i].length, &sid_str); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not convert binary SID to string: [%s]. Skipping\n", idmap_error_string(err))); continue; } state->sids[i] = talloc_move(state->sids, &sid_str); state->num_sids++; } /* shrink array to final number of elements */ state->sids = talloc_realloc(state, state->sids, char*, state->num_sids); if (state->sids == NULL) { ret = ENOMEM; goto done; } ret = EOK; done: talloc_free(tmp_ctx); if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static errno_t sdap_get_ad_tokengroups_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, size_t *_num_sids, char ***_sids) { struct sdap_get_ad_tokengroups_state *state = NULL; state = tevent_req_data(req, struct sdap_get_ad_tokengroups_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_num_sids != NULL) { *_num_sids = state->num_sids; } if (_sids != NULL) { *_sids = talloc_steal(mem_ctx, state->sids); } return EOK; } static errno_t sdap_ad_tokengroups_update_members(TALLOC_CTX *mem_ctx, const char *username, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, char **ldap_groups) { TALLOC_CTX *tmp_ctx = NULL; char **sysdb_groups = NULL; char **add_groups = NULL; char **del_groups = NULL; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } /* Get the current sysdb group list for this user so we can update it. */ ret = get_sysdb_grouplist_dn(tmp_ctx, sysdb, domain, username, &sysdb_groups); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not get the list of groups for " "[%s] in the sysdb: [%s]\n", username, strerror(ret))); goto done; } /* Find the differences between the sysdb and LDAP lists. * Groups in the sysdb only must be removed. */ ret = diff_string_lists(tmp_ctx, ldap_groups, sysdb_groups, &add_groups, &del_groups, NULL); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Updating memberships for [%s]\n", username)); ret = sysdb_update_members_dn(domain->sysdb, domain, username, SYSDB_MEMBER_USER, (const char *const *) add_groups, (const char *const *) del_groups); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Membership update failed [%d]: %s\n", ret, strerror(ret))); goto done; } done: talloc_free(tmp_ctx); return ret; } struct sdap_ad_resolve_sids_state { struct tevent_context *ev; struct sdap_id_ctx *id_ctx; struct sdap_id_conn_ctx *conn; struct sdap_options *opts; struct sss_domain_info *domain; char **sids; const char *current_sid; int index; }; static errno_t sdap_ad_resolve_sids_step(struct tevent_req *req); static void sdap_ad_resolve_sids_done(struct tevent_req *subreq); static struct tevent_req * sdap_ad_resolve_sids_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, struct sdap_options *opts, struct sss_domain_info *domain, char **sids) { struct sdap_ad_resolve_sids_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_ad_resolve_sids_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->ev = ev; state->id_ctx = id_ctx; state->conn = conn; state->opts = opts; state->domain = get_domains_head(domain); state->sids = sids; state->index = 0; if (state->sids == NULL) { ret = EOK; goto immediately; } ret = sdap_ad_resolve_sids_step(req); if (ret != EAGAIN) { goto immediately; } return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t sdap_ad_resolve_sids_step(struct tevent_req *req) { struct sdap_ad_resolve_sids_state *state = NULL; struct tevent_req *subreq = NULL; struct sdap_domain *sdap_domain = NULL; struct sss_domain_info *domain = NULL; state = tevent_req_data(req, struct sdap_ad_resolve_sids_state); do { state->current_sid = state->sids[state->index]; if (state->current_sid == NULL) { return EOK; } state->index++; domain = find_subdomain_by_sid(state->domain, state->current_sid); if (domain == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("SID %s does not belong to any known " "domain\n", state->current_sid)); } } while (domain == NULL); sdap_domain = sdap_domain_get(state->opts, domain); if (sdap_domain == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("SDAP domain does not exist?\n")); return ERR_INTERNAL; } subreq = groups_get_send(state, state->ev, state->id_ctx, sdap_domain, state->conn, state->current_sid, BE_FILTER_SECID, BE_ATTR_CORE, false); if (subreq == NULL) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_ad_resolve_sids_done, req); return EAGAIN; } static void sdap_ad_resolve_sids_done(struct tevent_req *subreq) { struct sdap_ad_resolve_sids_state *state = NULL; struct tevent_req *req = NULL; int dp_error; int sdap_error; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_ad_resolve_sids_state); ret = groups_get_recv(subreq, &dp_error, &sdap_error); talloc_zfree(subreq); if (ret != EOK || sdap_error != EOK || dp_error != DP_ERR_OK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to resolve SID %s [dp_error: %d, " "sdap_error: %d, ret: %d]: %s\n", state->current_sid, dp_error, sdap_error, ret, strerror(ret))); goto done; } ret = sdap_ad_resolve_sids_step(req); if (ret == EAGAIN) { /* continue with next SID */ return; } done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static errno_t sdap_ad_resolve_sids_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } struct sdap_ad_tokengroups_initgr_mapping_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; struct sdap_idmap_ctx *idmap_ctx; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; const char *orig_dn; int timeout; const char *username; struct sdap_id_op *op; }; static void sdap_ad_tokengroups_initgr_mapping_connect_done(struct tevent_req *subreq); static void sdap_ad_tokengroups_initgr_mapping_done(struct tevent_req *subreq); static struct tevent_req * sdap_ad_tokengroups_initgr_mapping_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, int timeout) { struct sdap_ad_tokengroups_initgr_mapping_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_domain *sdom; struct ad_id_ctx *subdom_id_ctx; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_ad_tokengroups_initgr_mapping_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->ev = ev; state->opts = opts; state->sh = sh; state->idmap_ctx = opts->idmap_ctx; state->sysdb = sysdb; state->domain = domain; state->timeout = timeout; state->orig_dn = orig_dn; state->username = talloc_strdup(state, name); if (state->username == NULL) { ret = ENOMEM; goto immediately; } sdom = sdap_domain_get(opts, domain); if (sdom == NULL || sdom->pvt == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No ID ctx available for [%s].\n", domain->name)); ret = EINVAL; goto immediately; } subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto immediately; } subreq = sdap_id_op_connect_send(state->op, state, &ret); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_ad_tokengroups_initgr_mapping_connect_done, req); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void sdap_ad_tokengroups_initgr_mapping_connect_done(struct tevent_req *subreq) { struct sdap_ad_tokengroups_initgr_mapping_state *state = NULL; struct tevent_req *req = NULL; int ret; int dp_error = DP_ERR_FATAL; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_ad_tokengroups_initgr_mapping_state); ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } subreq = sdap_get_ad_tokengroups_send(state, state->ev, state->opts, sdap_id_op_handle(state->op), state->username, state->orig_dn, state->timeout); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_ad_tokengroups_initgr_mapping_done, req); return; } static void sdap_ad_tokengroups_initgr_mapping_done(struct tevent_req *subreq) { TALLOC_CTX *tmp_ctx = NULL; struct sdap_ad_tokengroups_initgr_mapping_state *state = NULL; struct tevent_req *req = NULL; struct sss_domain_info *domain = NULL; struct ldb_message *msg = NULL; const char *attrs[] = {SYSDB_NAME, NULL}; const char *name = NULL; const char *sid = NULL; char **sids = NULL; size_t num_sids = 0; size_t i; time_t now; gid_t gid; char **groups = NULL; size_t num_groups; errno_t ret, sret; bool in_transaction = false; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); ret = ENOMEM; goto done; } req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_ad_tokengroups_initgr_mapping_state); ret = sdap_get_ad_tokengroups_recv(state, subreq, &num_sids, &sids); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to acquire tokengroups [%d]: %s\n", ret, strerror(ret))); goto done; } num_groups = 0; groups = talloc_zero_array(tmp_ctx, char*, num_sids + 1); if (groups == NULL) { ret = ENOMEM; goto done; } now = time(NULL); ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { goto done; } in_transaction = true; for (i = 0; i < num_sids; i++) { sid = sids[i]; DEBUG(SSSDBG_TRACE_LIBS, ("Processing membership SID [%s]\n", sid)); ret = sdap_idmap_sid_to_unix(state->idmap_ctx, sid, &gid); if (ret == ENOTSUP) { DEBUG(SSSDBG_TRACE_FUNC, ("Skipping built-in object.\n")); ret = EOK; continue; } else if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not convert SID to GID: [%s]. " "Skipping\n", strerror(ret))); continue; } domain = find_subdomain_by_sid(get_domains_head(state->domain), sid); if (domain == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Domain not found for SID %s\n", sid)); continue; } DEBUG(SSSDBG_TRACE_LIBS, ("SID [%s] maps to GID [%"SPRIgid"]\n", sid, gid)); /* Check whether this GID already exists in the sysdb */ ret = sysdb_search_group_by_gid(tmp_ctx, domain->sysdb, domain, gid, attrs, &msg); if (ret == EOK) { name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); if (name == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not retrieve group name from sysdb\n")); ret = EINVAL; goto done; } } else if (ret == ENOENT) { /* This is a new group. For now, we will store it under the name * of its SID. When a direct lookup of the group or its GID occurs, * it will replace this temporary entry. */ name = sid; ret = sysdb_add_incomplete_group(domain->sysdb, domain, name, gid, NULL, sid, false, now); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not create incomplete " "group: [%s]\n", strerror(ret))); goto done; } } else { /* Unexpected error */ DEBUG(SSSDBG_MINOR_FAILURE, ("Could not look up group in sysdb: " "[%s]\n", strerror(ret))); goto done; } groups[num_groups] = sysdb_group_strdn(tmp_ctx, domain->name, name); if (groups[num_groups] == NULL) { ret = ENOMEM; goto done; } num_groups++; } groups[num_groups] = NULL; ret = sdap_ad_tokengroups_update_members(state, state->username, state->sysdb, state->domain, groups); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Membership update failed [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not commit transaction! [%s]\n", strerror(ret))); goto done; } in_transaction = false; done: talloc_free(tmp_ctx); if (in_transaction) { sret = sysdb_transaction_cancel(state->sysdb); DEBUG(SSSDBG_FATAL_FAILURE, ("Could not cancel transaction! [%s]\n", strerror(sret))); } if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static int sdap_ad_tokengroups_initgr_mapping_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } struct sdap_ad_tokengroups_initgr_posix_state { struct tevent_context *ev; struct sdap_id_ctx *id_ctx; struct sdap_id_conn_ctx *conn; struct sdap_options *opts; struct sdap_handle *sh; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; const char *orig_dn; int timeout; const char *username; struct sdap_id_op *op; }; static void sdap_ad_tokengroups_initgr_posix_tg_done(struct tevent_req *subreq); static void sdap_ad_tokengroups_initgr_posix_sids_connect_done(struct tevent_req *subreq); static void sdap_ad_tokengroups_initgr_posix_sids_done(struct tevent_req *subreq); static struct tevent_req * sdap_ad_tokengroups_initgr_posix_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, struct sdap_options *opts, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, int timeout) { struct sdap_ad_tokengroups_initgr_posix_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_domain *sdom; struct ad_id_ctx *subdom_id_ctx; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_ad_tokengroups_initgr_posix_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->ev = ev; state->id_ctx = id_ctx; state->conn = conn; state->opts = opts; state->sh = sh; state->sysdb = sysdb; state->domain = domain; state->orig_dn = orig_dn; state->timeout = timeout; state->username = talloc_strdup(state, name); if (state->username == NULL) { ret = ENOMEM; goto immediately; } sdom = sdap_domain_get(opts, domain); if (sdom == NULL || sdom->pvt == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No ID ctx available for [%s].\n", domain->name)); ret = EINVAL; goto immediately; } subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); state->op = sdap_id_op_create(state, subdom_id_ctx->ldap_ctx->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto immediately; } subreq = sdap_id_op_connect_send(state->op, state, &ret); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_ad_tokengroups_initgr_posix_sids_connect_done, req); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void sdap_ad_tokengroups_initgr_posix_sids_connect_done(struct tevent_req *subreq) { struct sdap_ad_tokengroups_initgr_posix_state *state = NULL; struct tevent_req *req = NULL; int ret; int dp_error = DP_ERR_FATAL; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_ad_tokengroups_initgr_posix_state); ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } subreq = sdap_get_ad_tokengroups_send(state, state->ev, state->opts, sdap_id_op_handle(state->op), state->username, state->orig_dn, state->timeout); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_ad_tokengroups_initgr_posix_tg_done, req); return; } static void sdap_ad_tokengroups_initgr_posix_tg_done(struct tevent_req *subreq) { TALLOC_CTX *tmp_ctx = NULL; struct sdap_ad_tokengroups_initgr_posix_state *state = NULL; struct tevent_req *req = NULL; struct sss_domain_info *domain = NULL; struct ldb_message *msg = NULL; const char *attrs[] = {SYSDB_NAME, SYSDB_POSIX, NULL}; const char *is_posix = NULL; const char *name = NULL; char *sid = NULL; char **sids = NULL; size_t num_sids = 0; char **valid_groups = NULL; size_t num_valid_groups; char **missing_sids = NULL; size_t num_missing_sids; size_t i; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); ret = ENOMEM; goto done; } req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_ad_tokengroups_initgr_posix_state); ret = sdap_get_ad_tokengroups_recv(state, subreq, &num_sids, &sids); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to acquire tokengroups [%d]: %s\n", ret, strerror(ret))); goto done; } num_valid_groups = 0; valid_groups = talloc_zero_array(tmp_ctx, char*, num_sids + 1); if (valid_groups == NULL) { ret = ENOMEM; goto done; } num_missing_sids = 0; missing_sids = talloc_zero_array(tmp_ctx, char*, num_sids + 1); if (missing_sids == NULL) { ret = ENOMEM; goto done; } /* For each SID check if it is already present in the cache. If yes, we * will get name of the group and update the membership. Otherwise we need * to remember the SID and download missing groups one by one. */ for (i = 0; i < num_sids; i++) { sid = sids[i]; DEBUG(SSSDBG_TRACE_LIBS, ("Processing membership SID [%s]\n", sid)); domain = find_subdomain_by_sid(get_domains_head(state->domain), sid); if (domain == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Domain not found for SID %s\n", sid)); continue; } ret = sysdb_search_group_by_sid_str(tmp_ctx, domain->sysdb, domain, sid, attrs, &msg); if (ret == EOK) { is_posix = ldb_msg_find_attr_as_string(msg, SYSDB_POSIX, NULL); if (is_posix != NULL && strcmp(is_posix, "FALSE") == 0) { /* skip non-posix group */ continue; } /* we will update membership of this group */ name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); if (name == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not retrieve group name from sysdb\n")); ret = EINVAL; goto done; } valid_groups[num_valid_groups] = sysdb_group_strdn(tmp_ctx, domain->name, name); if (valid_groups[num_valid_groups] == NULL) { ret = ENOMEM; goto done; } num_valid_groups++; } else if (ret == ENOENT) { /* we need to download this group */ missing_sids[num_missing_sids] = talloc_steal(missing_sids, sid); num_missing_sids++; DEBUG(SSSDBG_TRACE_FUNC, ("Missing SID %s will be downloaded\n", sid)); } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not look up group in sysdb: " "[%s]\n", strerror(ret))); goto done; } } valid_groups[num_valid_groups] = NULL; missing_sids[num_missing_sids] = NULL; /* update membership of existing groups */ ret = sdap_ad_tokengroups_update_members(state, state->username, state->sysdb, state->domain, valid_groups); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Membership update failed [%d]: %s\n", ret, strerror(ret))); goto done; } /* download missing SIDs */ missing_sids = talloc_steal(state, missing_sids); subreq = sdap_ad_resolve_sids_send(state, state->ev, state->id_ctx, state->conn, state->opts, state->domain, missing_sids); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_ad_tokengroups_initgr_posix_sids_done, req); return; done: talloc_free(tmp_ctx); if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static void sdap_ad_tokengroups_initgr_posix_sids_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); ret = sdap_ad_resolve_sids_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to resolve missing SIDs " "[%d]: %s\n", ret, strerror(ret))); goto done; } done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static errno_t sdap_ad_tokengroups_initgr_posix_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } struct sdap_ad_tokengroups_initgroups_state { bool use_id_mapping; struct sss_domain_info *domain; }; static void sdap_ad_tokengroups_initgroups_done(struct tevent_req *subreq); struct tevent_req * sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, struct sdap_options *opts, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, int timeout, bool use_id_mapping) { struct sdap_ad_tokengroups_initgroups_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_ad_tokengroups_initgroups_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->use_id_mapping = use_id_mapping; state->domain = domain; if (state->use_id_mapping && !IS_SUBDOMAIN(state->domain)) { subreq = sdap_ad_tokengroups_initgr_mapping_send(state, ev, opts, sysdb, domain, sh, name, orig_dn, timeout); } else { subreq = sdap_ad_tokengroups_initgr_posix_send(state, ev, id_ctx, conn, opts, sysdb, domain, sh, name, orig_dn, timeout); } if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_ad_tokengroups_initgroups_done, req); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void sdap_ad_tokengroups_initgroups_done(struct tevent_req *subreq) { struct sdap_ad_tokengroups_initgroups_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_ad_tokengroups_initgroups_state); if (state->use_id_mapping && !IS_SUBDOMAIN(state->domain)) { ret = sdap_ad_tokengroups_initgr_mapping_recv(subreq); } else { ret = sdap_ad_tokengroups_initgr_posix_recv(subreq); } talloc_zfree(subreq); if (ret != EOK) { goto done; } done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } errno_t sdap_ad_tokengroups_initgroups_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/ldap_common.c0000644000000000000000000000007412320753107021733 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.617874978 sssd-1.11.5/src/providers/ldap/ldap_common.c0000664002412700241270000016321312320753107022163 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Provider Common Functions Authors: Simo Sorce Copyright (C) 2008-2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/ldap/ldap_common.h" #include "providers/fail_over.h" #include "providers/ldap/sdap_async_private.h" #include "providers/krb5/krb5_common.h" #include "db/sysdb_sudo.h" #include "db/sysdb_services.h" #include "db/sysdb_autofs.h" #include "util/sss_krb5.h" #include "util/crypto/sss_crypto.h" #include "providers/ldap/ldap_opts.h" #include "providers/ldap/sdap_idmap.h" /* a fd the child process would log into */ int ldap_child_debug_fd = -1; int sdap_domain_destructor(void *mem) { struct sdap_domain *dom = talloc_get_type(mem, struct sdap_domain); DLIST_REMOVE(*(dom->head), dom); return 0; } struct sdap_domain * sdap_domain_get(struct sdap_options *opts, struct sss_domain_info *dom) { struct sdap_domain *sditer = NULL; DLIST_FOR_EACH(sditer, opts->sdom) { if (sditer->dom == dom) { break; } } return sditer; } struct sdap_domain * sdap_domain_get_by_dn(struct sdap_options *opts, const char *dn) { struct sdap_domain *sditer = NULL; struct sdap_domain *sdmatch = NULL; TALLOC_CTX *tmp_ctx = NULL; int match_len; int best_match_len = 0; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return NULL; } DLIST_FOR_EACH(sditer, opts->sdom) { if (sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, sditer->search_bases, NULL, &match_len) || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, sditer->user_search_bases, NULL, &match_len) || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, sditer->group_search_bases, NULL, &match_len) || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, sditer->netgroup_search_bases, NULL, &match_len) || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, sditer->sudo_search_bases, NULL, &match_len) || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, sditer->service_search_bases, NULL, &match_len) || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, sditer->autofs_search_bases, NULL, &match_len)) { if (best_match_len < match_len) { /*this is a longer match*/ best_match_len = match_len; sdmatch = sditer; } } } talloc_free(tmp_ctx); return sdmatch; } errno_t sdap_domain_add(struct sdap_options *opts, struct sss_domain_info *dom, struct sdap_domain **_sdom) { struct sdap_domain *sdom; errno_t ret; sdom = talloc_zero(opts, struct sdap_domain); if (sdom == NULL) { return ENOMEM; } sdom->dom = dom; sdom->head = &opts->sdom; /* Convert the domain name into search base */ ret = domain_to_basedn(sdom, sdom->dom->name, &sdom->basedn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot convert domain name [%s] to base DN [%d]: %s\n", dom->name, ret, strerror(ret))); goto done; } talloc_set_destructor((TALLOC_CTX *)sdom, sdap_domain_destructor); DLIST_ADD_END(opts->sdom, sdom, struct sdap_domain *); if (_sdom) *_sdom = sdom; ret = EOK; done: if (ret != EOK) { talloc_free(sdom); } return ret; } errno_t sdap_domain_subdom_add(struct sdap_id_ctx *sdap_id_ctx, struct sdap_domain *sdom_list, struct sss_domain_info *parent) { struct sss_domain_info *dom; struct sdap_domain *sdom, *sditer; errno_t ret; for (dom = get_next_domain(parent, true); dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */ dom = get_next_domain(dom, false)) { DLIST_FOR_EACH(sditer, sdom_list) { if (sditer->dom == dom) { break; } } if (sditer == NULL) { /* New sdap domain */ DEBUG(SSSDBG_TRACE_FUNC, ("subdomain %s is a new one, will " "create a new sdap domain object\n", dom->name)); ret = sdap_domain_add(sdap_id_ctx->opts, dom, &sdom); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot add new sdap domain for domain %s [%d]: %s\n", parent->name, ret, strerror(ret))); return ret; } } else { sdom = sditer; } /* Update search bases */ talloc_zfree(sdom->search_bases); sdom->search_bases = talloc_array(sdom, struct sdap_search_base *, 2); if (sdom->search_bases == NULL) { return ENOMEM; } sdom->search_bases[1] = NULL; ret = sdap_create_search_base(sdom, sdom->basedn, LDAP_SCOPE_SUBTREE, NULL, &sdom->search_bases[0]); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot create new sdap search base\n")); return ret; } sdom->user_search_bases = sdom->search_bases; sdom->group_search_bases = sdom->search_bases; sdom->netgroup_search_bases = sdom->search_bases; sdom->sudo_search_bases = sdom->search_bases; sdom->service_search_bases = sdom->search_bases; sdom->autofs_search_bases = sdom->search_bases; } return EOK; } void sdap_domain_remove(struct sdap_options *opts, struct sss_domain_info *dom) { struct sdap_domain *sdom; sdom = sdap_domain_get(opts, dom); if (sdom == NULL) return; DLIST_REMOVE(*(sdom->head), sdom); } int ldap_get_options(TALLOC_CTX *memctx, struct sss_domain_info *dom, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options **_opts) { struct sdap_attr_map *default_attr_map; struct sdap_attr_map *default_user_map; struct sdap_attr_map *default_group_map; struct sdap_attr_map *default_netgroup_map; struct sdap_attr_map *default_service_map; struct sdap_options *opts; char *schema; const char *search_base; const char *pwd_policy; int ret; int account_cache_expiration; int offline_credentials_expiration; const char *ldap_deref; int ldap_deref_val; int o; const char *authtok_type; struct dp_opt_blob authtok_blob; char *cleartext; const int search_base_options[] = { SDAP_USER_SEARCH_BASE, SDAP_GROUP_SEARCH_BASE, SDAP_NETGROUP_SEARCH_BASE, SDAP_SERVICE_SEARCH_BASE, -1 }; opts = talloc_zero(memctx, struct sdap_options); if (!opts) return ENOMEM; ret = sdap_domain_add(opts, dom, NULL); if (ret != EOK) { goto done; } ret = dp_get_options(opts, cdb, conf_path, default_basic_opts, SDAP_OPTS_BASIC, &opts->basic); if (ret != EOK) { goto done; } /* Handle search bases */ search_base = dp_opt_get_string(opts->basic, SDAP_SEARCH_BASE); if (search_base != NULL) { /* set user/group/netgroup search bases if they are not */ for (o = 0; search_base_options[o] != -1; o++) { if (NULL == dp_opt_get_string(opts->basic, search_base_options[o])) { ret = dp_opt_set_string(opts->basic, search_base_options[o], search_base); if (ret != EOK) { goto done; } DEBUG(6, ("Option %s set to %s\n", opts->basic[search_base_options[o]].opt_name, dp_opt_get_string(opts->basic, search_base_options[o]))); } } } else { DEBUG(5, ("Search base not set, trying to discover it later when " "connecting to the LDAP server.\n")); } /* Default search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_SEARCH_BASE, &opts->sdom->search_bases); if (ret != EOK && ret != ENOENT) goto done; /* User search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_USER_SEARCH_BASE, &opts->sdom->user_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Group search base */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_GROUP_SEARCH_BASE, &opts->sdom->group_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Netgroup search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_NETGROUP_SEARCH_BASE, &opts->sdom->netgroup_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Service search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_SERVICE_SEARCH_BASE, &opts->sdom->service_search_bases); if (ret != EOK && ret != ENOENT) goto done; pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY); if (pwd_policy == NULL) { DEBUG(1, ("Missing password policy, this may not happen.\n")); ret = EINVAL; goto done; } if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) != 0 && strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) != 0 && strcasecmp(pwd_policy, PWD_POL_OPT_MIT) != 0) { DEBUG(1, ("Unsupported password policy [%s].\n", pwd_policy)); ret = EINVAL; goto done; } /* account_cache_expiration must be >= than offline_credentials_expiration */ ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_CRED_TIMEOUT, 0, &offline_credentials_expiration); if (ret != EOK) { DEBUG(1, ("Cannot get value of %s from confdb \n", CONFDB_PAM_CRED_TIMEOUT)); goto done; } account_cache_expiration = dp_opt_get_int(opts->basic, SDAP_ACCOUNT_CACHE_EXPIRATION); /* account cache_expiration must not be smaller than * offline_credentials_expiration to prevent deleting entries that * still contain credentials valid for offline login. * * offline_credentials_expiration == 0 is a special case that says * that the cached credentials are valid forever. Therefore, the cached * entries must not be purged from cache. */ if (!offline_credentials_expiration && account_cache_expiration) { DEBUG(1, ("Conflicting values for options %s (unlimited) " "and %s (%d)\n", opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name, CONFDB_PAM_CRED_TIMEOUT, offline_credentials_expiration)); ret = EINVAL; goto done; } if (offline_credentials_expiration && account_cache_expiration && offline_credentials_expiration > account_cache_expiration) { DEBUG(1, ("Value of %s (now %d) must be larger " "than value of %s (now %d)\n", opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name, account_cache_expiration, CONFDB_PAM_CRED_TIMEOUT, offline_credentials_expiration)); ret = EINVAL; goto done; } ldap_deref = dp_opt_get_string(opts->basic, SDAP_DEREF); if (ldap_deref != NULL) { ret = deref_string_to_val(ldap_deref, &ldap_deref_val); if (ret != EOK) { DEBUG(1, ("Failed to verify ldap_deref option.\n")); goto done; } } #ifndef HAVE_LDAP_CONNCB bool ldap_referrals; ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS); if (ldap_referrals) { DEBUG(1, ("LDAP referrals are not supported, because the LDAP library " "is too old, see sssd-ldap(5) for details.\n")); ret = dp_opt_set_bool(opts->basic, SDAP_REFERRALS, false); } #endif /* schema type */ schema = dp_opt_get_string(opts->basic, SDAP_SCHEMA); if (strcasecmp(schema, "rfc2307") == 0) { opts->schema_type = SDAP_SCHEMA_RFC2307; default_attr_map = generic_attr_map; default_user_map = rfc2307_user_map; default_group_map = rfc2307_group_map; default_netgroup_map = netgroup_map; default_service_map = service_map; } else if (strcasecmp(schema, "rfc2307bis") == 0) { opts->schema_type = SDAP_SCHEMA_RFC2307BIS; default_attr_map = generic_attr_map; default_user_map = rfc2307bis_user_map; default_group_map = rfc2307bis_group_map; default_netgroup_map = netgroup_map; default_service_map = service_map; } else if (strcasecmp(schema, "IPA") == 0) { opts->schema_type = SDAP_SCHEMA_IPA_V1; default_attr_map = gen_ipa_attr_map; default_user_map = rfc2307bis_user_map; default_group_map = rfc2307bis_group_map; default_netgroup_map = netgroup_map; default_service_map = service_map; } else if (strcasecmp(schema, "AD") == 0) { opts->schema_type = SDAP_SCHEMA_AD; default_attr_map = gen_ad_attr_map; default_user_map = gen_ad2008r2_user_map; default_group_map = gen_ad2008r2_group_map; default_netgroup_map = netgroup_map; default_service_map = service_map; } else { DEBUG(0, ("Unrecognized schema type: %s\n", schema)); ret = EINVAL; goto done; } ret = sdap_get_map(opts, cdb, conf_path, default_attr_map, SDAP_AT_GENERAL, &opts->gen_map); if (ret != EOK) { goto done; } ret = sdap_get_map(opts, cdb, conf_path, default_user_map, SDAP_OPTS_USER, &opts->user_map); if (ret != EOK) { goto done; } ret = sdap_get_map(opts, cdb, conf_path, default_group_map, SDAP_OPTS_GROUP, &opts->group_map); if (ret != EOK) { goto done; } ret = sdap_get_map(opts, cdb, conf_path, default_netgroup_map, SDAP_OPTS_NETGROUP, &opts->netgroup_map); if (ret != EOK) { goto done; } ret = sdap_get_map(opts, cdb, conf_path, default_service_map, SDAP_OPTS_SERVICES, &opts->service_map); if (ret != EOK) { goto done; } /* If there is no KDC, try the deprecated krb5_kdcip option, too */ /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, opts->basic, SDAP_KRB5_KDC); if (ret != EOK) { DEBUG(1, ("sss_krb5_try_kdcip failed.\n")); goto done; } authtok_type = dp_opt_get_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE); if (authtok_type != NULL && strcasecmp(authtok_type,"obfuscated_password") == 0) { DEBUG(9, ("Found obfuscated password, " "trying to convert to cleartext.\n")); authtok_blob = dp_opt_get_blob(opts->basic, SDAP_DEFAULT_AUTHTOK); if (authtok_blob.data == NULL || authtok_blob.length == 0) { DEBUG(1, ("Missing obfuscated password string.\n")); return EINVAL; } ret = sss_password_decrypt(memctx, (char *) authtok_blob.data, &cleartext); if (ret != EOK) { DEBUG(1, ("Cannot convert the obfuscated " "password back to cleartext\n")); return ret; } authtok_blob.data = (uint8_t *) cleartext; authtok_blob.length = strlen(cleartext); ret = dp_opt_set_blob(opts->basic, SDAP_DEFAULT_AUTHTOK, authtok_blob); talloc_free(cleartext); if (ret != EOK) { DEBUG(1, ("dp_opt_set_string failed.\n")); return ret; } ret = dp_opt_set_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE, "password"); if (ret != EOK) { DEBUG(1, ("dp_opt_set_string failed.\n")); return ret; } } ret = EOK; *_opts = opts; done: if (ret != EOK) { talloc_zfree(opts); } return ret; } int ldap_get_sudo_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options *opts, bool *use_host_filter, bool *include_regexp, bool *include_netgroups) { const char *search_base; int ret; /* search base */ search_base = dp_opt_get_string(opts->basic, SDAP_SEARCH_BASE); if (search_base != NULL) { /* set sudo search bases if they are not */ if (dp_opt_get_string(opts->basic, SDAP_SUDO_SEARCH_BASE) == NULL) { ret = dp_opt_set_string(opts->basic, SDAP_SUDO_SEARCH_BASE, search_base); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set SUDO search base" "to default value\n")); return ret; } DEBUG(SSSDBG_FUNC_DATA, ("Option %s set to %s\n", opts->basic[SDAP_SUDO_SEARCH_BASE].opt_name, dp_opt_get_string(opts->basic, SDAP_SUDO_SEARCH_BASE))); } } else { DEBUG(SSSDBG_TRACE_FUNC, ("Search base not set, trying to discover it later " "connecting to the LDAP server.\n")); } ret = sdap_parse_search_base(opts, opts->basic, SDAP_SUDO_SEARCH_BASE, &opts->sdom->sudo_search_bases); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("Could not parse SUDO search base\n")); return ret; } /* attrs map */ ret = sdap_get_map(opts, cdb, conf_path, native_sudorule_map, SDAP_OPTS_SUDO, &opts->sudorule_map); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get SUDO attribute map\n")); return ret; } /* host filter */ *use_host_filter = dp_opt_get_bool(opts->basic, SDAP_SUDO_USE_HOST_FILTER); *include_netgroups = dp_opt_get_bool(opts->basic, SDAP_SUDO_INCLUDE_NETGROUPS); *include_regexp = dp_opt_get_bool(opts->basic, SDAP_SUDO_INCLUDE_REGEXP); return EOK; } int ldap_get_autofs_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options *opts) { const char *search_base; struct sdap_attr_map *default_entry_map; struct sdap_attr_map *default_mobject_map; int ret; /* search base */ search_base = dp_opt_get_string(opts->basic, SDAP_SEARCH_BASE); if (search_base != NULL) { /* set autofs search bases if they are not */ if (dp_opt_get_string(opts->basic, SDAP_AUTOFS_SEARCH_BASE) == NULL) { ret = dp_opt_set_string(opts->basic, SDAP_AUTOFS_SEARCH_BASE, search_base); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set autofs search base" "to default value\n")); return ret; } DEBUG(SSSDBG_FUNC_DATA, ("Option %s set to %s\n", opts->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name, dp_opt_get_string(opts->basic, SDAP_AUTOFS_SEARCH_BASE))); } } else { DEBUG(SSSDBG_TRACE_FUNC, ("Search base not set, trying to discover it later " "connecting to the LDAP server.\n")); } ret = sdap_parse_search_base(opts, opts->basic, SDAP_AUTOFS_SEARCH_BASE, &opts->sdom->autofs_search_bases); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("Could not parse autofs search base\n")); return ret; } /* attribute maps */ switch (opts->schema_type) { case SDAP_SCHEMA_RFC2307: default_mobject_map = rfc2307_autofs_mobject_map; default_entry_map = rfc2307_autofs_entry_map; break; case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_IPA_V1: case SDAP_SCHEMA_AD: default_mobject_map = rfc2307bis_autofs_mobject_map; default_entry_map = rfc2307bis_autofs_entry_map; break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown LDAP schema!\n")); return EINVAL; } ret = sdap_get_map(opts, cdb, conf_path, default_mobject_map, SDAP_OPTS_AUTOFS_MAP, &opts->autofs_mobject_map); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get autofs map object attribute map\n")); return ret; } ret = sdap_get_map(opts, cdb, conf_path, default_entry_map, SDAP_OPTS_AUTOFS_ENTRY, &opts->autofs_entry_map); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get autofs entry object attribute map\n")); return ret; } return EOK; } errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx, struct dp_option *opts, int class, struct sdap_search_base ***_search_bases) { const char *class_name; char *unparsed_base; const char *old_filter = NULL; *_search_bases = NULL; switch (class) { case SDAP_SEARCH_BASE: class_name = "DEFAULT"; break; case SDAP_USER_SEARCH_BASE: class_name = "USER"; old_filter = dp_opt_get_string(opts, SDAP_USER_SEARCH_FILTER); break; case SDAP_GROUP_SEARCH_BASE: class_name = "GROUP"; old_filter = dp_opt_get_string(opts, SDAP_GROUP_SEARCH_FILTER); break; case SDAP_NETGROUP_SEARCH_BASE: class_name = "NETGROUP"; break; case SDAP_SUDO_SEARCH_BASE: class_name = "SUDO"; break; case SDAP_SERVICE_SEARCH_BASE: class_name = "SERVICE"; break; case SDAP_AUTOFS_SEARCH_BASE: class_name = "AUTOFS"; break; default: DEBUG(SSSDBG_CONF_SETTINGS, ("Unknown search base type: [%d]\n", class)); class_name = "UNKNOWN"; /* Non-fatal */ break; } unparsed_base = dp_opt_get_string(opts, class); if (!unparsed_base || unparsed_base[0] == '\0') return ENOENT; return common_parse_search_base(mem_ctx, unparsed_base, class_name, old_filter, _search_bases); } errno_t sdap_create_search_base(TALLOC_CTX *mem_ctx, const char *unparsed_base, int scope, const char *filter, struct sdap_search_base **_base) { struct sdap_search_base *base; TALLOC_CTX *tmp_ctx; errno_t ret; struct ldb_dn *ldn; struct ldb_context *ldb; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } /* Create a throwaway LDB context for validating the DN */ ldb = ldb_init(tmp_ctx, NULL); if (!ldb) { ret = ENOMEM; goto done; } base = talloc_zero(tmp_ctx, struct sdap_search_base); if (base == NULL) { ret = ENOMEM; goto done; } base->basedn = talloc_strdup(base, unparsed_base); if (base->basedn == NULL) { ret = ENOMEM; goto done; } /* Validate the basedn */ ldn = ldb_dn_new(tmp_ctx, ldb, unparsed_base); if (!ldn) { ret = ENOMEM; goto done; } if (!ldb_dn_validate(ldn)) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid base DN [%s]\n", unparsed_base)); ret = EINVAL; goto done; } base->scope = scope; base->filter = filter; *_base = talloc_steal(mem_ctx, base); ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t common_parse_search_base(TALLOC_CTX *mem_ctx, const char *unparsed_base, const char *class_name, const char *old_filter, struct sdap_search_base ***_search_bases) { errno_t ret; struct sdap_search_base **search_bases; TALLOC_CTX *tmp_ctx; struct ldb_context *ldb; struct ldb_dn *ldn; struct ldb_parse_tree *tree; char **split_bases; char *filter; int count; int i, c; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } /* Create a throwaway LDB context for validating the DN */ ldb = ldb_init(tmp_ctx, NULL); if (!ldb) { ret = ENOMEM; goto done; } ret = split_on_separator(tmp_ctx, unparsed_base, '?', false, false, &split_bases, &count); if (ret != EOK) goto done; /* The split must be either exactly one value or a multiple of * three in order to be valid. * One value: just a base, backwards-compatible with pre-1.7.0 versions * Multiple: search_base?scope?filter[?search_base?scope?filter]* */ if (count > 1 && (count % 3)) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unparseable search base: [%s][%d]\n", unparsed_base, count)); ret = EINVAL; goto done; } if (count == 1) { search_bases = talloc_array(tmp_ctx, struct sdap_search_base *, 2); if (!search_bases) { ret = ENOMEM; goto done; } ret = sdap_create_search_base(search_bases, unparsed_base, LDAP_SCOPE_SUBTREE, old_filter, &search_bases[0]); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot create new sdap search base\n")); goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Search base added: [%s][%s][%s][%s]\n", class_name, search_bases[0]->basedn, "SUBTREE", search_bases[0]->filter ? search_bases[0]->filter : "")); search_bases[1] = NULL; } else { search_bases = talloc_array(tmp_ctx, struct sdap_search_base *, (count / 3) + 1); if (!search_bases) { ret = ENOMEM; goto done; } i = 0; for (c = 0; c < count; c += 3) { search_bases[i] = talloc_zero(search_bases, struct sdap_search_base); if (!search_bases[i]) { ret = ENOMEM; goto done; } if (split_bases[c][0] == '\0') { DEBUG(SSSDBG_CRIT_FAILURE, ("Zero-length search base: [%s]\n", unparsed_base)); ret = EINVAL; goto done; } /* Validate the basedn */ ldn = ldb_dn_new(tmp_ctx, ldb, split_bases[c]); if (!ldn) { ret = ENOMEM; goto done; } if (!ldb_dn_validate(ldn)) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid base DN [%s]\n", split_bases[c])); ret = EINVAL; goto done; } talloc_zfree(ldn); /* Set the search base DN */ search_bases[i]->basedn = talloc_strdup(search_bases[i], split_bases[c]); if (!search_bases[i]->basedn) { ret = ENOMEM; goto done; } /* Set the search scope for this base DN */ if ((split_bases[c+1][0] == '\0') || strcasecmp(split_bases[c+1], "sub") == 0 || strcasecmp(split_bases[c+1], "subtree") == 0) { /* If unspecified, default to subtree */ search_bases[i]->scope = LDAP_SCOPE_SUBTREE; } else if (strcasecmp(split_bases[c+1], "one") == 0 || strcasecmp(split_bases[c+1], "onelevel") == 0) { search_bases[i]->scope = LDAP_SCOPE_ONELEVEL; } else if (strcasecmp(split_bases[c+1], "base") == 0) { search_bases[i]->scope = LDAP_SCOPE_BASE; } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown search scope: [%s]\n", split_bases[c+1])); ret = EINVAL; goto done; } /* Get a specialized filter if provided */ if (split_bases[c+2][0] == '\0') { search_bases[i]->filter = NULL; } else { if (split_bases[c+2][0] != '(') { /* Filters need to be enclosed in parentheses * to be validated properly by ldb_parse_tree() */ filter = talloc_asprintf(tmp_ctx, "(%s)", split_bases[c+2]); } else { filter = talloc_strdup(tmp_ctx, split_bases[c+2]); } if (!filter) { ret = ENOMEM; goto done; } tree = ldb_parse_tree(tmp_ctx, filter); if(!tree) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid search filter: [%s]\n", filter)); ret = EINVAL; goto done; } talloc_zfree(tree); search_bases[i]->filter = talloc_steal(search_bases[i], filter); } DEBUG(SSSDBG_CONF_SETTINGS, ("Search base added: [%s][%s][%s][%s]\n", class_name, search_bases[i]->basedn, split_bases[c+1][0] ? split_bases[c+1] : "SUBTREE", search_bases[i]->filter ? search_bases[i]->filter : "")); i++; } search_bases[i] = NULL; } *_search_bases = talloc_steal(mem_ctx, search_bases); ret = EOK; done: talloc_free(tmp_ctx); return ret; } void sdap_handler_done(struct be_req *req, int dp_err, int error, const char *errstr) { return be_req_terminate(req, dp_err, error, errstr); } void sdap_mark_offline(struct sdap_id_ctx *ctx) { be_mark_offline(ctx->be); } int ldap_id_setup_tasks(struct sdap_id_ctx *ctx) { return sdap_id_setup_tasks(ctx->be, ctx, ctx->opts->sdom, ldap_enumeration_send, ldap_enumeration_recv, ctx); } int sdap_id_setup_tasks(struct be_ctx *be_ctx, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, be_ptask_send_t send_fn, be_ptask_recv_t recv_fn, void *pvt) { int ret; /* set up enumeration task */ if (sdom->dom->enumerate) { DEBUG(SSSDBG_TRACE_FUNC, ("Setting up enumeration for %s\n", sdom->dom->name)); ret = ldap_setup_enumeration(be_ctx, ctx->opts, sdom, send_fn, recv_fn, pvt); } else { /* the enumeration task, runs the cleanup process by itself, * but if enumeration is not running we need to schedule it */ DEBUG(SSSDBG_TRACE_FUNC, ("Setting up cleanup task for %s\n", sdom->dom->name)); ret = ldap_setup_cleanup(ctx, sdom); } return ret; } static void sdap_uri_callback(void *private_data, struct fo_server *server) { TALLOC_CTX *tmp_ctx = NULL; struct sdap_service *service; struct resolv_hostent *srvaddr; struct sockaddr_storage *sockaddr; const char *tmp; const char *srv_name; char *new_uri; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(1, ("talloc_new failed\n")); return; } service = talloc_get_type(private_data, struct sdap_service); if (!service) { talloc_free(tmp_ctx); return; } tmp = (const char *)fo_get_server_user_data(server); srvaddr = fo_get_server_hostent(server); if (!srvaddr) { DEBUG(1, ("FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server))); talloc_free(tmp_ctx); return; } sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, fo_get_server_port(server)); if (sockaddr == NULL) { DEBUG(1, ("resolv_get_sockaddr_address failed.\n")); talloc_free(tmp_ctx); return; } if (fo_is_srv_lookup(server)) { if (!tmp) { DEBUG(1, ("Unknown service, using ldap\n")); tmp = SSS_LDAP_SRV_NAME; } srv_name = fo_get_server_name(server); if (srv_name == NULL) { DEBUG(1, ("Could not get server host name\n")); talloc_free(tmp_ctx); return; } new_uri = talloc_asprintf(service, "%s://%s:%d", tmp, srv_name, fo_get_server_port(server)); } else { new_uri = talloc_strdup(service, tmp); } if (!new_uri) { DEBUG(2, ("Failed to copy URI ...\n")); talloc_free(tmp_ctx); return; } DEBUG(6, ("Constructed uri '%s'\n", new_uri)); /* free old one and replace with new one */ talloc_zfree(service->uri); service->uri = new_uri; talloc_zfree(service->sockaddr); service->sockaddr = talloc_steal(service, sockaddr); talloc_free(tmp_ctx); } static void sdap_finalize(struct tevent_context *ev, struct tevent_signal *se, int signum, int count, void *siginfo, void *private_data) { char *realm = (char *) private_data; int ret; ret = remove_krb5_info_files(se, realm); if (ret != EOK) { DEBUG(1, ("remove_krb5_info_files failed.\n")); } sig_term(signum); } errno_t sdap_install_sigterm_handler(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *realm) { char *sig_realm; struct tevent_signal *sige; BlockSignals(false, SIGTERM); sig_realm = talloc_strdup(mem_ctx, realm); if (sig_realm == NULL) { DEBUG(1, ("talloc_strdup failed!\n")); return ENOMEM; } sige = tevent_add_signal(ev, mem_ctx, SIGTERM, SA_SIGINFO, sdap_finalize, sig_realm); if (sige == NULL) { DEBUG(1, ("tevent_add_signal failed.\n")); talloc_free(sig_realm); return ENOMEM; } talloc_steal(sige, sig_realm); return EOK; } void sdap_remove_kdcinfo_files_callback(void *pvt) { int ret; TALLOC_CTX *tmp_ctx = NULL; struct remove_info_files_ctx *ctx = talloc_get_type(pvt, struct remove_info_files_ctx); ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kdc_service_name); if (ret != EOK) { DEBUG(1, ("be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n")); return; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(1, ("talloc_new failed, cannot remove krb5 info files.\n")); return; } ret = remove_krb5_info_files(tmp_ctx, ctx->realm); if (ret != EOK) { DEBUG(1, ("remove_krb5_info_files failed.\n")); } talloc_zfree(tmp_ctx); } errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, const char *realm, const char *service_name) { int ret; struct remove_info_files_ctx *ctx; ctx = talloc_zero(mem_ctx, struct remove_info_files_ctx); if (ctx == NULL) { DEBUG(1, ("talloc_zfree failed.\n")); return ENOMEM; } ctx->be_ctx = be_ctx; ctx->realm = talloc_strdup(ctx, realm); ctx->kdc_service_name = talloc_strdup(ctx, service_name); if (ctx->realm == NULL || ctx->kdc_service_name == NULL) { DEBUG(1, ("talloc_strdup failed!\n")); ret = ENOMEM; goto done; } ret = be_add_offline_cb(ctx, be_ctx, sdap_remove_kdcinfo_files_callback, ctx, NULL); if (ret != EOK) { DEBUG(1, ("be_add_offline_cb failed.\n")); goto done; } ret = EOK; done: if (ret != EOK) { talloc_zfree(ctx); } return ret; } errno_t sdap_set_sasl_options(struct sdap_options *id_opts, char *default_primary, char *default_realm, const char *keytab_path) { errno_t ret; TALLOC_CTX *tmp_ctx; char *sasl_primary; char *desired_primary; char *primary_realm; char *sasl_realm; char *desired_realm; bool primary_requested = true; bool realm_requested = true; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; /* Configuration of SASL auth ID and realm */ desired_primary = dp_opt_get_string(id_opts->basic, SDAP_SASL_AUTHID); if (!desired_primary) { primary_requested = false; desired_primary = default_primary; } if ((primary_realm = strchr(desired_primary, '@'))) { *primary_realm = '\0'; desired_realm = primary_realm+1; DEBUG(SSSDBG_TRACE_INTERNAL, ("authid contains realm [%s]\n", desired_realm)); } else { desired_realm = dp_opt_get_string(id_opts->basic, SDAP_SASL_REALM); if (!desired_realm) { realm_requested = false; desired_realm = default_realm; } } DEBUG(SSSDBG_CONF_SETTINGS, ("Will look for %s@%s in %s\n", desired_primary, desired_realm, keytab_path ? keytab_path : "default keytab")); ret = select_principal_from_keytab(tmp_ctx, desired_primary, desired_realm, keytab_path, NULL, &sasl_primary, &sasl_realm); if (ret != EOK) { goto done; } if (primary_requested && strcmp(desired_primary, sasl_primary) != 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("Configured SASL auth ID not found in keytab. " "Requested %s, found %s\n", desired_primary, sasl_primary)); } if (realm_requested && strcmp(desired_realm, sasl_realm) != 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("Configured SASL realm not found in keytab. " "Requested %s, found %s\n", desired_realm, sasl_realm)); } ret = dp_opt_set_string(id_opts->basic, SDAP_SASL_AUTHID, sasl_primary); if (ret != EOK) { goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", id_opts->basic[SDAP_SASL_AUTHID].opt_name, dp_opt_get_string(id_opts->basic, SDAP_SASL_AUTHID))); ret = dp_opt_set_string(id_opts->basic, SDAP_SASL_REALM, sasl_realm); if (ret != EOK) { goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", id_opts->basic[SDAP_SASL_REALM].opt_name, dp_opt_get_string(id_opts->basic, SDAP_SASL_REALM))); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static const char * sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) { char *krb5_realm = NULL; const char *realm = NULL; krb5_error_code krberr; krb5_context context = NULL; krberr = krb5_init_context(&context); if (krberr) { DEBUG(2, ("Failed to init kerberos context\n")); goto done; } krberr = krb5_get_default_realm(context, &krb5_realm); if (krberr) { DEBUG(2, ("Failed to get default realm name: %s\n", sss_krb5_get_error_message(context, krberr))); goto done; } realm = talloc_strdup(mem_ctx, krb5_realm); krb5_free_default_realm(context, krb5_realm); if (!realm) { DEBUG(0, ("Out of memory\n")); goto done; } DEBUG(7, ("Will use default realm %s\n", realm)); done: if (context) krb5_free_context(context); return realm; } int sdap_gssapi_init(TALLOC_CTX *mem_ctx, struct dp_option *opts, struct be_ctx *bectx, struct sdap_service *sdap_service, struct krb5_service **krb5_service) { int ret; const char *krb5_servers; const char *krb5_backup_servers; const char *krb5_realm; const char *krb5_opt_realm; struct krb5_service *service = NULL; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) return ENOMEM; krb5_servers = dp_opt_get_string(opts, SDAP_KRB5_KDC); krb5_backup_servers = dp_opt_get_string(opts, SDAP_KRB5_BACKUP_KDC); krb5_opt_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM); if (krb5_opt_realm == NULL) { DEBUG(2, ("Missing krb5_realm option, will use libkrb default\n")); krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx); if (krb5_realm == NULL) { DEBUG(0, ("Cannot determine the Kerberos realm, aborting\n")); ret = EIO; goto done; } } else { krb5_realm = talloc_strdup(tmp_ctx, krb5_opt_realm); if (krb5_realm == NULL) { ret = ENOMEM; goto done; } } ret = krb5_service_init(mem_ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers, krb5_backup_servers, krb5_realm, dp_opt_get_bool(opts, SDAP_KRB5_USE_KDCINFO), &service); if (ret != EOK) { DEBUG(0, ("Failed to init KRB5 failover service!\n")); goto done; } ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm); if (ret != EOK) { DEBUG(0, ("Failed to install sigterm handler\n")); goto done; } ret = sdap_install_offline_callback(mem_ctx, bectx, krb5_realm, SSS_KRB5KDC_FO_SRV); if (ret != EOK) { DEBUG(0, ("Failed to install sigterm handler\n")); goto done; } sdap_service->kinit_service_name = talloc_strdup(sdap_service, service->name); if (sdap_service->kinit_service_name == NULL) { ret = ENOMEM; goto done; } ret = EOK; *krb5_service = service; done: talloc_free(tmp_ctx); if (ret != EOK) talloc_free(service); return ret; } static errno_t _sdap_urls_init(struct be_ctx *ctx, struct sdap_service *service, const char *service_name, const char *dns_service_name, const char *urls, bool primary) { TALLOC_CTX *tmp_ctx; char *srv_user_data; char **list = NULL; LDAPURLDesc *lud; errno_t ret = 0; int i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } /* split server parm into a list */ ret = split_on_separator(tmp_ctx, urls, ',', true, true, &list, NULL); if (ret != EOK) { DEBUG(1, ("Failed to parse server list!\n")); goto done; } /* now for each URI add a new server to the failover service */ for (i = 0; list[i]; i++) { if (be_fo_is_srv_identifier(list[i])) { if (!primary) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add server [%s] to failover service: " "SRV resolution only allowed for primary servers!\n", list[i])); continue; } if (!dns_service_name) { DEBUG(0, ("Missing DNS service name for service [%s].\n", service_name)); ret = EINVAL; goto done; } srv_user_data = talloc_strdup(service, dns_service_name); if (!srv_user_data) { ret = ENOMEM; goto done; } ret = be_fo_add_srv_server(ctx, service_name, dns_service_name, NULL, BE_FO_PROTO_TCP, false, srv_user_data); if (ret) { DEBUG(0, ("Failed to add server\n")); goto done; } DEBUG(6, ("Added service lookup\n")); continue; } ret = ldap_url_parse(list[i], &lud); if (ret != LDAP_SUCCESS) { DEBUG(0, ("Failed to parse ldap URI (%s)!\n", list[i])); ret = EINVAL; goto done; } if (lud->lud_host == NULL) { DEBUG(2, ("The LDAP URI (%s) did not contain a host name\n", list[i])); ldap_free_urldesc(lud); continue; } DEBUG(6, ("Added URI %s\n", list[i])); talloc_steal(service, list[i]); /* It could be ipv6 address in square brackets. Remove * the brackets if needed. */ ret = remove_ipv6_brackets(lud->lud_host); if (ret != EOK) { goto done; } ret = be_fo_add_server(ctx, service->name, lud->lud_host, lud->lud_port, list[i], primary); ldap_free_urldesc(lud); if (ret) { goto done; } } done: talloc_free(tmp_ctx); return ret; } static inline errno_t sdap_primary_urls_init(struct be_ctx *ctx, struct sdap_service *service, const char *service_name, const char *dns_service_name, const char *urls) { return _sdap_urls_init(ctx, service, service_name, dns_service_name, urls, true); } static inline errno_t sdap_backup_urls_init(struct be_ctx *ctx, struct sdap_service *service, const char *service_name, const char *dns_service_name, const char *urls) { return _sdap_urls_init(ctx, service, service_name, dns_service_name, urls, false); } static int ldap_user_data_cmp(void *ud1, void *ud2) { return strcasecmp((char*) ud1, (char*) ud2); } int sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, const char *service_name, const char *dns_service_name, const char *urls, const char *backup_urls, struct sdap_service **_service) { TALLOC_CTX *tmp_ctx; struct sdap_service *service; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } service = talloc_zero(tmp_ctx, struct sdap_service); if (!service) { ret = ENOMEM; goto done; } ret = be_fo_add_service(ctx, service_name, ldap_user_data_cmp); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create failover service!\n")); goto done; } service->name = talloc_strdup(service, service_name); if (!service->name) { ret = ENOMEM; goto done; } if (!urls) { DEBUG(SSSDBG_CONF_SETTINGS, ("No primary servers defined, using service discovery\n")); urls = BE_SRV_IDENTIFIER; } ret = sdap_primary_urls_init(ctx, service, service_name, dns_service_name, urls); if (ret != EOK) { goto done; } if (backup_urls) { ret = sdap_backup_urls_init(ctx, service, service_name, dns_service_name, backup_urls); if (ret != EOK) { goto done; } } ret = be_fo_service_add_callback(memctx, ctx, service->name, sdap_uri_callback, service); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to add failover callback!\n")); goto done; } ret = EOK; done: if (ret == EOK) { *_service = talloc_steal(memctx, service); } talloc_zfree(tmp_ctx); return ret; } errno_t string_to_shadowpw_days(const char *s, long *d) { long l; char *endptr; if (s == NULL || *s == '\0') { *d = -1; return EOK; } errno = 0; l = strtol(s, &endptr, 10); if (errno != 0) { DEBUG(1, ("strtol failed [%d][%s].\n", errno, strerror(errno))); return errno; } if (*endptr != '\0') { DEBUG(1, ("Input string [%s] is invalid.\n", s)); return EINVAL; } if (l < -1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Input string contains not allowed negative value [%ld].\n", l)); return EINVAL; } *d = l; return EOK; } errno_t get_sysdb_attr_name(TALLOC_CTX *mem_ctx, struct sdap_attr_map *map, size_t map_size, const char *ldap_name, char **sysdb_name) { size_t i; for (i = 0; i < map_size; i++) { /* Skip map entries with no name (may depend on * schema selected) */ if (!map[i].name) continue; /* Check if it is a mapped attribute */ if(strcasecmp(ldap_name, map[i].name) == 0) break; } if (i < map_size) { /* We found a mapped name, return that */ *sysdb_name = talloc_strdup(mem_ctx, map[i].sys_name); } else { /* Not mapped, use the same name */ *sysdb_name = talloc_strdup(mem_ctx, ldap_name); } if (!*sysdb_name) { return ENOMEM; } return EOK; } errno_t list_missing_attrs(TALLOC_CTX *mem_ctx, struct sdap_attr_map *map, size_t map_size, struct sysdb_attrs *recvd_attrs, char ***missing_attrs) { errno_t ret; size_t attr_count = 0; size_t i, j, k; char **missing = NULL; const char **expected_attrs; char *sysdb_name; TALLOC_CTX *tmp_ctx; if (!recvd_attrs || !missing_attrs) { return EINVAL; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = build_attrs_from_map(tmp_ctx, map, map_size, NULL, &expected_attrs, &attr_count); if (ret != EOK) { goto done; } /* Allocate the maximum possible values for missing_attrs, to * be on the safe side */ missing = talloc_array(tmp_ctx, char *, attr_count); if (!missing) { ret = ENOMEM; goto done; } k = 0; /* Check for each expected attribute */ for (i = 0; i < attr_count; i++) { ret = get_sysdb_attr_name(tmp_ctx, map, map_size, expected_attrs[i], &sysdb_name); if (ret != EOK) { goto done; } /* objectClass is a special-case and we need to * check for it explicitly. */ if (strcasecmp(sysdb_name, "objectClass") == 0) { talloc_free(sysdb_name); continue; } /* GECOS is another special case. Its value can come * either from the 'gecos' attribute or the 'cn' * attribute. It's best if we just never remove it. */ if (strcasecmp(sysdb_name, SYSDB_GECOS) == 0) { talloc_free(sysdb_name); continue; } for (j = 0; j < recvd_attrs->num; j++) { /* Check whether this expected attribute appeared in the * received attributes and had a non-zero number of * values. */ if ((strcasecmp(recvd_attrs->a[j].name, sysdb_name) == 0) && (recvd_attrs->a[j].num_values > 0)) { break; } } if (j < recvd_attrs->num) { /* Attribute was found, therefore not missing */ talloc_free(sysdb_name); } else { /* Attribute could not be found. Add to the missing list */ missing[k] = talloc_steal(missing, sysdb_name); k++; } } if (k == 0) { *missing_attrs = NULL; } else { /* Terminate the list */ missing[k] = NULL; *missing_attrs = talloc_steal(mem_ctx, missing); } ret = EOK; done: talloc_free(tmp_ctx); return ret; } bool sdap_is_secure_uri(const char *uri) { /* LDAPS URI's are secure channels */ if (strncasecmp(uri, LDAP_SSL_URI, strlen(LDAP_SSL_URI)) == 0) { return true; } return false; } char *sdap_get_id_specific_filter(TALLOC_CTX *mem_ctx, const char *base_filter, const char *extra_filter) { char *filter = NULL; if (!extra_filter) { return talloc_strdup(mem_ctx, base_filter); } if (extra_filter[0] == '(') { filter = talloc_asprintf(mem_ctx, "(&%s%s)", base_filter, extra_filter); } else { filter = talloc_asprintf(mem_ctx, "(&%s(%s))", base_filter, extra_filter); } return filter; /* NULL or not */ } char *sdap_get_access_filter(TALLOC_CTX *mem_ctx, const char *base_filter) { char *filter = NULL; if (base_filter == NULL) return NULL; if (base_filter[0] == '(') { /* This filter is wrapped in parentheses. * Pass it as-is to the openldap libraries. */ filter = talloc_strdup(mem_ctx, base_filter); } else { filter = talloc_asprintf(mem_ctx, "(%s)", base_filter); } return filter; } errno_t sdap_attrs_get_sid_str(TALLOC_CTX *mem_ctx, struct sdap_idmap_ctx *idmap_ctx, struct sysdb_attrs *sysdb_attrs, const char *sid_attr, char **_sid_str) { errno_t ret; enum idmap_error_code err; struct ldb_message_element *el; char *sid_str; ret = sysdb_attrs_get_el(sysdb_attrs, sid_attr, &el); if (ret != EOK || el->num_values != 1) { DEBUG(SSSDBG_MINOR_FAILURE, ("No [%s] attribute while id-mapping. [%d][%s]\n", sid_attr, el->num_values, strerror(ret))); return ENOENT; } if (el->values[0].length > 2 && el->values[0].data[0] == 'S' && el->values[0].data[1] == '-') { sid_str = talloc_strndup(mem_ctx, (char *) el->values[0].data, el->values[0].length); if (sid_str == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strndup failed.\n")); return ENOMEM; } } else { err = sss_idmap_bin_sid_to_sid(idmap_ctx->map, el->values[0].data, el->values[0].length, &sid_str); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not convert SID: [%s]\n", idmap_error_string(err))); return EIO; } } *_sid_str = talloc_steal(mem_ctx, sid_str); return EOK; } struct sdap_id_conn_ctx * sdap_id_ctx_conn_add(struct sdap_id_ctx *id_ctx, struct sdap_service *sdap_service) { struct sdap_id_conn_ctx *conn; errno_t ret; conn = talloc_zero(id_ctx, struct sdap_id_conn_ctx); if (conn == NULL) { return NULL; } conn->service = talloc_steal(conn, sdap_service); conn->id_ctx = id_ctx; /* Create a connection cache */ ret = sdap_id_conn_cache_create(conn, id_ctx, conn, &conn->conn_cache); if (ret != EOK) { talloc_free(conn); return NULL; } DLIST_ADD_END(id_ctx->conn, conn, struct sdap_id_conn_ctx *); return conn; } struct sdap_id_ctx * sdap_id_ctx_new(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, struct sdap_service *sdap_service) { struct sdap_id_ctx *sdap_ctx; sdap_ctx = talloc_zero(mem_ctx, struct sdap_id_ctx); if (sdap_ctx == NULL) { return NULL; } sdap_ctx->be = bectx; /* There should be at least one connection context */ sdap_ctx->conn = sdap_id_ctx_conn_add(sdap_ctx, sdap_service); if (sdap_ctx->conn == NULL) { talloc_free(sdap_ctx); return NULL; } return sdap_ctx; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_initgroups.c0000644000000000000000000000007312320753107024051 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.623874973 sssd-1.11.5/src/providers/ldap/sdap_async_initgroups.c0000664002412700241270000031105312320753107024277 0ustar00jhrozekjhrozek00000000000000/* SSSD Async LDAP Helper routines - initgroups operation Copyright (C) Simo Sorce - 2009 Copyright (C) 2010, Ralf Haferkamp , Novell Inc. Copyright (C) Jan Zeleny - 2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_idmap.h" #include "providers/ldap/sdap_users.h" /* ==Save-fake-group-list=====================================*/ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_options *opts, char **groupnames, struct sysdb_attrs **ldap_groups, int ldap_groups_count) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; int i, mi, ai; const char *groupname; const char *original_dn; char **missing; gid_t gid; int ret; errno_t sret; bool in_transaction = false; bool posix; time_t now; char *sid_str = NULL; bool use_id_mapping; char *tmp_name; /* There are no groups in LDAP but we should add user to groups ?? */ if (ldap_groups_count == 0) return EOK; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; missing = talloc_array(tmp_ctx, char *, ldap_groups_count+1); if (!missing) { ret = ENOMEM; goto done; } mi = 0; for (i=0; groupnames[i]; i++) { tmp_name = sss_get_domain_name(tmp_ctx, groupnames[i], domain); if (tmp_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to format original name [%s]\n", groupnames[i])); ret = ENOMEM; goto done; } ret = sysdb_search_group_by_name(tmp_ctx, sysdb, domain, tmp_name, NULL, &msg); if (ret == EOK) { continue; } else if (ret == ENOENT) { missing[mi] = talloc_steal(missing, tmp_name); DEBUG(7, ("Group #%d [%s][%s] is not cached, " \ "need to add a fake entry\n", i, groupnames[i], missing[mi])); mi++; continue; } else if (ret != ENOENT) { DEBUG(1, ("search for group failed [%d]: %s\n", ret, strerror(ret))); goto done; } } missing[mi] = NULL; /* All groups are cached, nothing to do */ if (mi == 0) { ret = EOK; goto done; } use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx, domain->name, domain->domain_id); ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot start sysdb transaction [%d]: %s\n", ret, strerror(ret))); goto done; } in_transaction = true; now = time(NULL); for (i=0; missing[i]; i++) { /* The group is not in sysdb, need to add a fake entry */ for (ai=0; ai < ldap_groups_count; ai++) { ret = sdap_get_group_primary_name(tmp_ctx, opts, ldap_groups[ai], domain, &groupname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("The group has no name attribute\n")); goto done; } if (strcmp(groupname, missing[i]) == 0) { posix = true; ret = sdap_attrs_get_sid_str( tmp_ctx, opts->idmap_ctx, ldap_groups[ai], opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, &sid_str); if (ret != EOK && ret != ENOENT) goto done; if (use_id_mapping) { if (sid_str == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("No SID for group [%s] " \ "while id-mapping.\n", groupname)); ret = EINVAL; goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Mapping group [%s] objectSID to unix ID\n", groupname)); DEBUG(SSSDBG_TRACE_INTERNAL, ("Group [%s] has objectSID [%s]\n", groupname, sid_str)); /* Convert the SID into a UNIX group ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &gid); if (ret == EOK) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Group [%s] has mapped gid [%lu]\n", groupname, (unsigned long)gid)); } else { posix = false; gid = 0; DEBUG(SSSDBG_TRACE_INTERNAL, ("Group [%s] cannot be mapped. " "Treating as a non-POSIX group\n", groupname)); } } else { ret = sysdb_attrs_get_uint32_t(ldap_groups[ai], SYSDB_GIDNUM, &gid); if (ret == ENOENT || (ret == EOK && gid == 0)) { DEBUG(SSSDBG_TRACE_LIBS, ("The group %s gid was %s\n", groupname, ret == ENOENT ? "missing" : "zero")); DEBUG(SSSDBG_TRACE_FUNC, ("Marking group %s as non-posix and setting GID=0!\n", groupname)); gid = 0; posix = false; } else if (ret) { DEBUG(1, ("The GID attribute is malformed\n")); goto done; } } ret = sysdb_attrs_get_string(ldap_groups[ai], SYSDB_ORIG_DN, &original_dn); if (ret) { DEBUG(5, ("The group has no name original DN\n")); original_dn = NULL; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding fake group %s to sysdb\n", groupname)); ret = sysdb_add_incomplete_group(sysdb, domain, groupname, gid, original_dn, sid_str, posix, now); if (ret != EOK) { goto done; } break; } } if (ai == ldap_groups_count) { DEBUG(2, ("Group %s not present in LDAP\n", missing[i])); ret = EINVAL; goto done; } } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_transaction_commit failed.\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } int sdap_initgr_common_store(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_options *opts, const char *name, enum sysdb_member_type type, char **sysdb_grouplist, struct sysdb_attrs **ldap_groups, int ldap_groups_count) { TALLOC_CTX *tmp_ctx; char **ldap_grouplist = NULL; char **add_groups; char **del_groups; int ret, tret; bool in_transaction = false; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; if (ldap_groups_count == 0) { /* No groups for this user in LDAP. * We need to ensure that there are no groups * in the sysdb either. */ ldap_grouplist = NULL; } else { ret = sysdb_attrs_primary_name_list( sysdb, tmp_ctx, ldap_groups, ldap_groups_count, opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_grouplist); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret))); goto done; } } /* Find the differences between the sysdb and LDAP lists * Groups in the sysdb only must be removed. */ ret = diff_string_lists(tmp_ctx, ldap_grouplist, sysdb_grouplist, &add_groups, &del_groups, NULL); if (ret != EOK) goto done; ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(1, ("Failed to start transaction\n")); goto done; } in_transaction = true; /* Add fake entries for any groups the user should be added as * member of but that are not cached in sysdb */ if (add_groups && add_groups[0]) { ret = sdap_add_incomplete_groups(sysdb, domain, opts, add_groups, ldap_groups, ldap_groups_count); if (ret != EOK) { DEBUG(1, ("Adding incomplete users failed\n")); goto done; } } DEBUG(8, ("Updating memberships for %s\n", name)); ret = sysdb_update_members(sysdb, domain, name, type, (const char *const *) add_groups, (const char *const *) del_groups); if (ret != EOK) { DEBUG(1, ("Membership update failed [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(1, ("Failed to commit transaction\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { tret = sysdb_transaction_cancel(sysdb); if (tret != EOK) { DEBUG(1, ("Failed to cancel transaction\n")); } } talloc_zfree(tmp_ctx); return ret; } /* ==Initgr-call-(groups-a-user-is-member-of)-RFC2307===================== */ struct sdap_initgr_rfc2307_state { struct tevent_context *ev; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; struct sdap_options *opts; struct sdap_handle *sh; const char **attrs; const char *name; const char *base_filter; const char *orig_dn; char *filter; int timeout; struct sdap_op *op; struct sysdb_attrs **ldap_groups; size_t ldap_groups_count; size_t base_iter; struct sdap_search_base **search_bases; }; static errno_t sdap_initgr_rfc2307_next_base(struct tevent_req *req); static void sdap_initgr_rfc2307_process(struct tevent_req *subreq); struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_handle *sh, const char *name) { struct tevent_req *req; struct sdap_initgr_rfc2307_state *state; const char **attr_filter; char *clean_name; errno_t ret; req = tevent_req_create(memctx, &state, struct sdap_initgr_rfc2307_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->sysdb = sysdb; state->domain = domain; state->sh = sh; state->op = NULL; state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); state->ldap_groups = NULL; state->ldap_groups_count = 0; state->base_iter = 0; state->search_bases = opts->sdom->group_search_bases; if (!state->search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("Initgroups lookup request without a group search base\n")); ret = EINVAL; goto done; } state->name = talloc_strdup(state, name); if (!state->name) { talloc_zfree(req); return NULL; } attr_filter = talloc_array(state, const char *, 2); if (!attr_filter) { talloc_free(req); return NULL; } attr_filter[0] = opts->group_map[SDAP_AT_GROUP_MEMBER].name; attr_filter[1] = NULL; ret = build_attrs_from_map(state, opts->group_map, SDAP_OPTS_GROUP, attr_filter, &state->attrs, NULL); if (ret != EOK) { talloc_free(req); return NULL; } ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) { talloc_free(req); return NULL; } state->base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", opts->group_map[SDAP_AT_GROUP_MEMBER].name, clean_name, opts->group_map[SDAP_OC_GROUP].name, opts->group_map[SDAP_AT_GROUP_NAME].name, opts->group_map[SDAP_AT_GROUP_GID].name, opts->group_map[SDAP_AT_GROUP_GID].name); if (!state->base_filter) { talloc_zfree(req); return NULL; } talloc_zfree(clean_name); ret = sdap_initgr_rfc2307_next_base(req); done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static errno_t sdap_initgr_rfc2307_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_initgr_rfc2307_state *state; state = tevent_req_data(req, struct sdap_initgr_rfc2307_state); talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter( state, state->base_filter, state->search_bases[state->base_iter]->filter); if (!state->filter) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for groups with base [%s]\n", state->search_bases[state->base_iter]->basedn)); subreq = sdap_get_generic_send( state, state->ev, state->opts, state->sh, state->search_bases[state->base_iter]->basedn, state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->group_map, SDAP_OPTS_GROUP, state->timeout, true); if (!subreq) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_initgr_rfc2307_process, req); return EOK; } static void sdap_initgr_rfc2307_process(struct tevent_req *subreq) { struct tevent_req *req; struct sdap_initgr_rfc2307_state *state; struct sysdb_attrs **ldap_groups; char **sysdb_grouplist = NULL; size_t count; int ret; int i; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_initgr_rfc2307_state); ret = sdap_get_generic_recv(subreq, state, &count, &ldap_groups); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } /* Add this batch of groups to the list */ if (count > 0) { state->ldap_groups = talloc_realloc(state, state->ldap_groups, struct sysdb_attrs *, state->ldap_groups_count + count + 1); if (!state->ldap_groups) { tevent_req_error(req, ENOMEM); return; } /* Copy the new groups into the list. */ for (i = 0; i < count; i++) { state->ldap_groups[state->ldap_groups_count + i] = talloc_steal(state->ldap_groups, ldap_groups[i]); } state->ldap_groups_count += count; state->ldap_groups[state->ldap_groups_count] = NULL; } state->base_iter++; /* Check for additional search bases, and iterate * through again. */ if (state->search_bases[state->base_iter] != NULL) { ret = sdap_initgr_rfc2307_next_base(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } /* Search for all groups for which this user is a member */ ret = get_sysdb_grouplist(state, state->sysdb, state->domain, state->name, &sysdb_grouplist); if (ret != EOK) { tevent_req_error(req, ret); return; } /* There are no nested groups here so we can just update the * memberships */ ret = sdap_initgr_common_store(state->sysdb, state->domain, state->opts, state->name, SYSDB_MEMBER_USER, sysdb_grouplist, state->ldap_groups, state->ldap_groups_count); if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static int sdap_initgr_rfc2307_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==Common code for pure RFC2307bis and IPA/AD========================= */ static errno_t sdap_nested_groups_store(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_options *opts, struct sysdb_attrs **groups, unsigned long count) { errno_t ret, tret; TALLOC_CTX *tmp_ctx; char **groupnamelist = NULL; bool in_transaction = false; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; if (count > 0) { ret = sysdb_attrs_primary_name_list(sysdb, tmp_ctx, groups, count, opts->group_map[SDAP_AT_GROUP_NAME].name, &groupnamelist); if (ret != EOK) { DEBUG(3, ("sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret))); goto done; } } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(1, ("Failed to start transaction\n")); goto done; } in_transaction = true; ret = sdap_add_incomplete_groups(sysdb, domain, opts, groupnamelist, groups, count); if (ret != EOK) { DEBUG(6, ("Could not add incomplete groups [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(1, ("Failed to commit transaction\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { tret = sysdb_transaction_cancel(sysdb); if (tret != EOK) { DEBUG(1, ("Failed to cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } struct membership_diff { struct membership_diff *prev; struct membership_diff *next; const char *name; char **add; char **del; }; static errno_t build_membership_diff(TALLOC_CTX *mem_ctx, const char *name, char **ldap_parent_names, char **sysdb_parent_names, struct membership_diff **_mdiff) { TALLOC_CTX *tmp_ctx; struct membership_diff *mdiff; errno_t ret; char **add_groups; char **del_groups; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } mdiff = talloc_zero(tmp_ctx, struct membership_diff); if (!mdiff) { ret = ENOMEM; goto done; } mdiff->name = talloc_strdup(mdiff, name); if (!mdiff->name) { ret = ENOMEM; goto done; } /* Find the differences between the sysdb and ldap lists * Groups in ldap only must be added to the sysdb; * groups in the sysdb only must be removed. */ ret = diff_string_lists(tmp_ctx, ldap_parent_names, sysdb_parent_names, &add_groups, &del_groups, NULL); if (ret != EOK) { goto done; } mdiff->add = talloc_steal(mdiff, add_groups); mdiff->del = talloc_steal(mdiff, del_groups); ret = EOK; *_mdiff = talloc_steal(mem_ctx, mdiff); done: talloc_free(tmp_ctx); return ret; } /* ==Initgr-call-(groups-a-user-is-member-of)-nested-groups=============== */ struct sdap_initgr_nested_state { struct tevent_context *ev; struct sysdb_ctx *sysdb; struct sdap_options *opts; struct sss_domain_info *dom; struct sdap_handle *sh; struct sysdb_attrs *user; const char *username; const char *orig_dn; const char **grp_attrs; struct ldb_message_element *memberof; char *filter; char **group_dns; int cur; struct sdap_op *op; struct sysdb_attrs **groups; int groups_cur; }; static errno_t sdap_initgr_nested_deref_search(struct tevent_req *req); static errno_t sdap_initgr_nested_noderef_search(struct tevent_req *req); static void sdap_initgr_nested_search(struct tevent_req *subreq); static void sdap_initgr_nested_store(struct tevent_req *req); static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct sdap_handle *sh, struct sysdb_attrs *user, const char **grp_attrs) { struct tevent_req *req; struct sdap_initgr_nested_state *state; errno_t ret; int deref_threshold; req = tevent_req_create(memctx, &state, struct sdap_initgr_nested_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->sysdb = sysdb; state->dom = dom; state->sh = sh; state->grp_attrs = grp_attrs; state->user = user; state->op = NULL; ret = sdap_get_user_primary_name(memctx, opts, user, dom, &state->username); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("User entry had no username\n")); goto immediate; } ret = sysdb_attrs_get_el(state->user, SYSDB_MEMBEROF, &state->memberof); if (ret || !state->memberof || state->memberof->num_values == 0) { DEBUG(4, ("User entry lacks original memberof ?\n")); /* We can't find any groups for this user, so we'll * have to assume there aren't any. Just return * success here. */ ret = EOK; goto immediate; } state->groups = talloc_zero_array(state, struct sysdb_attrs *, state->memberof->num_values + 1);; if (!state->groups) { ret = ENOMEM; goto immediate; } state->groups_cur = 0; deref_threshold = dp_opt_get_int(state->opts->basic, SDAP_DEREF_THRESHOLD); if (sdap_has_deref_support(state->sh, state->opts) && deref_threshold < state->memberof->num_values) { ret = sysdb_attrs_get_string(user, SYSDB_ORIG_DN, &state->orig_dn); if (ret != EOK) goto immediate; ret = sdap_initgr_nested_deref_search(req); if (ret != EAGAIN) goto immediate; } else { ret = sdap_initgr_nested_noderef_search(req); if (ret != EAGAIN) goto immediate; } return req; immediate: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t sdap_initgr_nested_noderef_search(struct tevent_req *req) { int i; struct tevent_req *subreq; struct sdap_initgr_nested_state *state; state = tevent_req_data(req, struct sdap_initgr_nested_state); state->group_dns = talloc_array(state, char *, state->memberof->num_values + 1); if (!state->group_dns) { return ENOMEM; } for (i = 0; i < state->memberof->num_values; i++) { state->group_dns[i] = talloc_strdup(state->group_dns, (char *)state->memberof->values[i].data); if (!state->group_dns[i]) { return ENOMEM; } } state->group_dns[i] = NULL; /* terminate */ state->cur = 0; state->filter = talloc_asprintf(state, "(&(objectclass=%s)(%s=*))", state->opts->group_map[SDAP_OC_GROUP].name, state->opts->group_map[SDAP_AT_GROUP_NAME].name); if (!state->filter) { return ENOMEM; } subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, state->group_dns[state->cur], LDAP_SCOPE_BASE, state->filter, state->grp_attrs, state->opts->group_map, SDAP_OPTS_GROUP, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (!subreq) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_initgr_nested_search, req); return EAGAIN; } static void sdap_initgr_nested_deref_done(struct tevent_req *subreq); static errno_t sdap_initgr_nested_deref_search(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_attr_map_info *maps; const int num_maps = 1; const char **sdap_attrs; errno_t ret; int timeout; struct sdap_initgr_nested_state *state; state = tevent_req_data(req, struct sdap_initgr_nested_state); maps = talloc_array(state, struct sdap_attr_map_info, num_maps+1); if (!maps) return ENOMEM; maps[0].map = state->opts->group_map; maps[0].num_attrs = SDAP_OPTS_GROUP; maps[1].map = NULL; ret = build_attrs_from_map(state, state->opts->group_map, SDAP_OPTS_GROUP, NULL, &sdap_attrs, NULL); if (ret != EOK) goto fail; timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); subreq = sdap_deref_search_send(state, state->ev, state->opts, state->sh, state->orig_dn, state->opts->user_map[SDAP_AT_USER_MEMBEROF].name, sdap_attrs, num_maps, maps, timeout); if (!subreq) { ret = EIO; goto fail; } talloc_steal(subreq, sdap_attrs); talloc_steal(subreq, maps); tevent_req_set_callback(subreq, sdap_initgr_nested_deref_done, req); return EAGAIN; fail: talloc_free(sdap_attrs); talloc_free(maps); return ret; } static void sdap_initgr_nested_deref_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req; struct sdap_initgr_nested_state *state; size_t num_results; size_t i; struct sdap_deref_attrs **deref_result; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_initgr_nested_state); ret = sdap_deref_search_recv(subreq, state, &num_results, &deref_result); talloc_zfree(subreq); if (ret == ENOTSUP) { ret = sdap_initgr_nested_noderef_search(req); if (ret != EAGAIN) { if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } return; } else if (ret != EOK && ret != ENOENT) { tevent_req_error(req, ret); return; } else if (ret == ENOENT || deref_result == NULL) { /* Nothing could be dereferenced. Done. */ tevent_req_done(req); return; } for (i=0; i < num_results; i++) { state->groups[i] = talloc_steal(state->groups, deref_result[i]->attrs); } state->groups_cur = num_results; sdap_initgr_nested_store(req); } static void sdap_initgr_nested_search(struct tevent_req *subreq) { struct tevent_req *req; struct sdap_initgr_nested_state *state; struct sysdb_attrs **groups; size_t count; int ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_initgr_nested_state); ret = sdap_get_generic_recv(subreq, state, &count, &groups); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } if (count == 1) { state->groups[state->groups_cur] = talloc_steal(state->groups, groups[0]); state->groups_cur++; } else { DEBUG(SSSDBG_OP_FAILURE, ("Search for group %s, returned %zu results. Skipping\n", state->group_dns[state->cur], count)); } state->cur++; /* note that state->memberof->num_values is the count of original * memberOf which might not be only groups, but permissions, etc. * Use state->groups_cur for group index cap */ if (state->cur < state->memberof->num_values) { subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, state->group_dns[state->cur], LDAP_SCOPE_BASE, state->filter, state->grp_attrs, state->opts->group_map, SDAP_OPTS_GROUP, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_initgr_nested_search, req); } else { sdap_initgr_nested_store(req); } } static errno_t sdap_initgr_store_groups(struct sdap_initgr_nested_state *state); static errno_t sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state); static errno_t sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state); static void sdap_initgr_nested_store(struct tevent_req *req) { errno_t ret; struct sdap_initgr_nested_state *state; bool in_transaction = false; errno_t tret; state = tevent_req_data(req, struct sdap_initgr_nested_state); ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(1, ("Failed to start transaction\n")); goto fail; } in_transaction = true; /* save the groups if they are not already */ ret = sdap_initgr_store_groups(state); if (ret != EOK) { DEBUG(3, ("Could not save groups [%d]: %s\n", ret, strerror(ret))); goto fail; } /* save the group memberships */ ret = sdap_initgr_store_group_memberships(state); if (ret != EOK) { DEBUG(3, ("Could not save group memberships [%d]: %s\n", ret, strerror(ret))); goto fail; } /* save the user memberships */ ret = sdap_initgr_store_user_memberships(state); if (ret != EOK) { DEBUG(3, ("Could not save user memberships [%d]: %s\n", ret, strerror(ret))); goto fail; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { DEBUG(1, ("Failed to commit transaction\n")); goto fail; } in_transaction = false; tevent_req_done(req); return; fail: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { DEBUG(1, ("Failed to cancel transaction\n")); } } tevent_req_error(req, ret); return; } static errno_t sdap_initgr_store_groups(struct sdap_initgr_nested_state *state) { return sdap_nested_groups_store(state->sysdb, state->dom, state->opts, state->groups, state->groups_cur); } static errno_t sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sdap_options *opts, struct sss_domain_info *dom, struct sysdb_attrs *group, struct sysdb_attrs **all_groups, int groups_count, struct membership_diff **mdiff); static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx, struct sysdb_attrs *attrs, struct sysdb_attrs **groups, int ngroups, struct sysdb_attrs ***_direct_parents, int *_ndirect); static errno_t sdap_initgr_store_group_memberships(struct sdap_initgr_nested_state *state) { errno_t ret; int i, tret; TALLOC_CTX *tmp_ctx; struct membership_diff *miter = NULL; struct membership_diff *memberships = NULL; bool in_transaction = false; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; /* Compute the diffs first in order to keep the transaction as small * as possible */ for (i=0; i < state->groups_cur; i++) { ret = sdap_initgr_nested_get_membership_diff(tmp_ctx, state->sysdb, state->opts, state->dom, state->groups[i], state->groups, state->groups_cur, &miter); if (ret) { DEBUG(3, ("Could not compute memberships for group %d [%d]: %s\n", i, ret, strerror(ret))); goto done; } DLIST_ADD(memberships, miter); } ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(1, ("Failed to start transaction\n")); goto done; } in_transaction = true; DLIST_FOR_EACH(miter, memberships) { ret = sysdb_update_members(state->sysdb, state->dom, miter->name, SYSDB_MEMBER_GROUP, (const char *const *) miter->add, (const char *const *) miter->del); if (ret != EOK) { DEBUG(3, ("Failed to update memberships\n")); goto done; } } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { DEBUG(1, ("Failed to commit transaction\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { DEBUG(1, ("Failed to cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } static errno_t sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) { errno_t ret; int tret; const char *orig_dn; char **sysdb_parent_name_list = NULL; char **ldap_parent_name_list = NULL; int nparents; struct sysdb_attrs **ldap_parentlist; struct ldb_message_element *el; int i, mi; char **add_groups; char **del_groups; TALLOC_CTX *tmp_ctx; bool in_transaction = false; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } /* Get direct LDAP parents */ ret = sysdb_attrs_get_string(state->user, SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { DEBUG(2, ("The user has no original DN\n")); goto done; } ldap_parentlist = talloc_zero_array(tmp_ctx, struct sysdb_attrs *, state->groups_cur + 1); if (!ldap_parentlist) { ret = ENOMEM; goto done; } nparents = 0; for (i=0; i < state->groups_cur ; i++) { ret = sysdb_attrs_get_el(state->groups[i], SYSDB_MEMBER, &el); if (ret) { DEBUG(3, ("A group with no members during initgroups?\n")); goto done; } for (mi = 0; mi < el->num_values; mi++) { if (strcasecmp((const char *) el->values[mi].data, orig_dn) != 0) { continue; } ldap_parentlist[nparents] = state->groups[i]; nparents++; } } DEBUG(7, ("The user %s is a direct member of %d LDAP groups\n", state->username, nparents)); if (nparents == 0) { ldap_parent_name_list = NULL; } else { ret = sysdb_attrs_primary_name_list(state->sysdb, tmp_ctx, ldap_parentlist, nparents, state->opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_parent_name_list); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret))); goto done; } } ret = sysdb_get_direct_parents(tmp_ctx, state->sysdb, state->dom, SYSDB_MEMBER_USER, state->username, &sysdb_parent_name_list); if (ret) { DEBUG(1, ("Could not get direct sysdb parents for %s: %d [%s]\n", state->username, ret, strerror(ret))); goto done; } ret = diff_string_lists(tmp_ctx, ldap_parent_name_list, sysdb_parent_name_list, &add_groups, &del_groups, NULL); if (ret != EOK) { goto done; } ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(1, ("Failed to start transaction\n")); goto done; } in_transaction = true; DEBUG(8, ("Updating memberships for %s\n", state->username)); ret = sysdb_update_members(state->sysdb, state->dom, state->username, SYSDB_MEMBER_USER, (const char *const *) add_groups, (const char *const *) del_groups); if (ret != EOK) { DEBUG(1, ("Could not update sysdb memberships for %s: %d [%s]\n", state->username, ret, strerror(ret))); goto done; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { DEBUG(1, ("Failed to cancel transaction\n")); } } talloc_zfree(tmp_ctx); return ret; } static errno_t sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sdap_options *opts, struct sss_domain_info *dom, struct sysdb_attrs *group, struct sysdb_attrs **all_groups, int groups_count, struct membership_diff **_mdiff) { errno_t ret; struct membership_diff *mdiff; const char *group_name; struct sysdb_attrs **ldap_parentlist; int parents_count; char **ldap_parent_names_list = NULL; char **sysdb_parents_names_list = NULL; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } /* Get direct sysdb parents */ ret = sdap_get_group_primary_name(tmp_ctx, opts, group, dom, &group_name); if (ret != EOK) { goto done; } ret = sysdb_get_direct_parents(tmp_ctx, sysdb, dom, SYSDB_MEMBER_GROUP, group_name, &sysdb_parents_names_list); if (ret) { DEBUG(1, ("Could not get direct sysdb parents for %s: %d [%s]\n", group_name, ret, strerror(ret))); goto done; } /* For each group, filter only parents from full set */ ret = sdap_initgr_nested_get_direct_parents(tmp_ctx, group, all_groups, groups_count, &ldap_parentlist, &parents_count); if (ret != EOK) { DEBUG(1, ("Cannot get parent groups for %s [%d]: %s\n", group_name, ret, strerror(ret))); goto done; } DEBUG(7, ("The group %s is a direct member of %d LDAP groups\n", group_name, parents_count)); if (parents_count > 0) { ret = sysdb_attrs_primary_name_list(sysdb, tmp_ctx, ldap_parentlist, parents_count, opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_parent_names_list); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_primary_name_list failed [%d]: %s\n", ret, strerror(ret))); goto done; } } ret = build_membership_diff(tmp_ctx, group_name, ldap_parent_names_list, sysdb_parents_names_list, &mdiff); if (ret != EOK) { DEBUG(3, ("Could not build membership diff for %s [%d]: %s\n", group_name, ret, strerror(ret))); goto done; } ret = EOK; *_mdiff = talloc_steal(mem_ctx, mdiff); done: talloc_free(tmp_ctx); return ret; } static int sdap_initgr_nested_get_direct_parents(TALLOC_CTX *mem_ctx, struct sysdb_attrs *attrs, struct sysdb_attrs **groups, int ngroups, struct sysdb_attrs ***_direct_parents, int *_ndirect) { TALLOC_CTX *tmp_ctx; struct ldb_message_element *member; int i, mi; int ret; const char *orig_dn; int ndirect; struct sysdb_attrs **direct_groups; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; direct_groups = talloc_zero_array(tmp_ctx, struct sysdb_attrs *, ngroups + 1); if (!direct_groups) { ret = ENOMEM; goto done; } ndirect = 0; ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { DEBUG(3, ("Missing originalDN\n")); goto done; } DEBUG(9, ("Looking up direct parents for group [%s]\n", orig_dn)); /* FIXME - Filter only parents from full set to avoid searching * through all members of huge groups. That requires asking for memberOf * with the group LDAP search */ /* Filter only direct parents from the list of all groups */ for (i=0; i < ngroups; i++) { ret = sysdb_attrs_get_el(groups[i], SYSDB_MEMBER, &member); if (ret) { DEBUG(7, ("A group with no members during initgroups?\n")); continue; } for (mi = 0; mi < member->num_values; mi++) { if (strcasecmp((const char *) member->values[mi].data, orig_dn) != 0) { continue; } direct_groups[ndirect] = groups[i]; ndirect++; } } direct_groups[ndirect] = NULL; DEBUG(9, ("The group [%s] has %d direct parents\n", orig_dn, ndirect)); *_direct_parents = talloc_steal(mem_ctx, direct_groups); *_ndirect = ndirect; ret = EOK; done: talloc_zfree(tmp_ctx); return ret; } static int sdap_initgr_nested_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==Initgr-call-(groups-a-user-is-member-of)-RFC2307-BIS================= */ struct sdap_initgr_rfc2307bis_state { struct tevent_context *ev; struct sysdb_ctx *sysdb; struct sdap_options *opts; struct sss_domain_info *dom; struct sdap_handle *sh; const char *name; char *base_filter; char *filter; const char **attrs; const char *orig_dn; int timeout; size_t base_iter; struct sdap_search_base **search_bases; struct sdap_op *op; hash_table_t *group_hash; size_t num_direct_parents; struct sysdb_attrs **direct_groups; }; struct sdap_nested_group { struct sysdb_attrs *group; struct sysdb_attrs **ldap_parents; size_t parents_count; }; static errno_t sdap_initgr_rfc2307bis_next_base(struct tevent_req *req); static void sdap_initgr_rfc2307bis_process(struct tevent_req *subreq); static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq); errno_t save_rfc2307bis_user_memberships( struct sdap_initgr_rfc2307bis_state *state); struct tevent_req *rfc2307bis_nested_groups_send( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct sdap_handle *sh, struct sysdb_attrs **groups, size_t num_groups, hash_table_t *group_hash, size_t nesting); static errno_t rfc2307bis_nested_groups_recv(struct tevent_req *req); static struct tevent_req *sdap_initgr_rfc2307bis_send( TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_domain *sdom, struct sdap_handle *sh, const char *name, const char *orig_dn) { errno_t ret; struct tevent_req *req; struct sdap_initgr_rfc2307bis_state *state; const char **attr_filter; char *clean_orig_dn; bool use_id_mapping; req = tevent_req_create(memctx, &state, struct sdap_initgr_rfc2307bis_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->sysdb = sdom->dom->sysdb; state->dom = sdom->dom; state->sh = sh; state->op = NULL; state->name = name; state->direct_groups = NULL; state->num_direct_parents = 0; state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); state->base_iter = 0; state->search_bases = sdom->group_search_bases; state->orig_dn = orig_dn; if (!state->search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("Initgroups lookup request without a group search base\n")); ret = EINVAL; goto done; } ret = sss_hash_create(state, 32, &state->group_hash); if (ret != EOK) { talloc_free(req); return NULL; } attr_filter = talloc_array(state, const char *, 2); if (!attr_filter) { ret = ENOMEM; goto done; } attr_filter[0] = opts->group_map[SDAP_AT_GROUP_MEMBER].name; attr_filter[1] = NULL; ret = build_attrs_from_map(state, opts->group_map, SDAP_OPTS_GROUP, attr_filter, &state->attrs, NULL); if (ret != EOK) goto done; ret = sss_filter_sanitize(state, orig_dn, &clean_orig_dn); if (ret != EOK) goto done; use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( opts->idmap_ctx, sdom->dom->name, sdom->dom->domain_id); state->base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)", opts->group_map[SDAP_AT_GROUP_MEMBER].name, clean_orig_dn, opts->group_map[SDAP_OC_GROUP].name, opts->group_map[SDAP_AT_GROUP_NAME].name); if (!state->base_filter) { ret = ENOMEM; goto done; } if (use_id_mapping) { /* When mapping IDs or looking for SIDs, we don't want to limit * ourselves to groups with a GID value. But there must be a SID to map * from. */ state->base_filter = talloc_asprintf_append(state->base_filter, "(%s=*))", opts->group_map[SDAP_AT_GROUP_OBJECTSID].name); } else { /* When not ID-mapping, make sure there is a non-NULL UID */ state->base_filter = talloc_asprintf_append(state->base_filter, "(&(%s=*)(!(%s=0))))", opts->group_map[SDAP_AT_GROUP_GID].name, opts->group_map[SDAP_AT_GROUP_GID].name); } if (!state->base_filter) { talloc_zfree(req); return NULL; } talloc_zfree(clean_orig_dn); ret = sdap_initgr_rfc2307bis_next_base(req); done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static errno_t sdap_initgr_rfc2307bis_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_initgr_rfc2307bis_state *state; state = tevent_req_data(req, struct sdap_initgr_rfc2307bis_state); talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter( state, state->base_filter, state->search_bases[state->base_iter]->filter); if (!state->filter) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for parent groups for user [%s] with base [%s]\n", state->orig_dn, state->search_bases[state->base_iter]->basedn)); subreq = sdap_get_generic_send( state, state->ev, state->opts, state->sh, state->search_bases[state->base_iter]->basedn, state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->group_map, SDAP_OPTS_GROUP, state->timeout, true); if (!subreq) { talloc_zfree(req); return ENOMEM; } tevent_req_set_callback(subreq, sdap_initgr_rfc2307bis_process, req); return EOK; } static void sdap_initgr_rfc2307bis_process(struct tevent_req *subreq) { struct tevent_req *req; struct sdap_initgr_rfc2307bis_state *state; struct sysdb_attrs **ldap_groups; size_t count; size_t i; int ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_initgr_rfc2307bis_state); ret = sdap_get_generic_recv(subreq, state, &count, &ldap_groups); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_LIBS, ("Found %zu parent groups for user [%s]\n", count, state->name)); /* Add this batch of groups to the list */ if (count > 0) { state->direct_groups = talloc_realloc(state, state->direct_groups, struct sysdb_attrs *, state->num_direct_parents + count + 1); if (!state->direct_groups) { tevent_req_error(req, ENOMEM); return; } /* Copy the new groups into the list. */ for (i = 0; i < count; i++) { state->direct_groups[state->num_direct_parents + i] = talloc_steal(state->direct_groups, ldap_groups[i]); } state->num_direct_parents += count; state->direct_groups[state->num_direct_parents] = NULL; } state->base_iter++; /* Check for additional search bases, and iterate * through again. */ if (state->search_bases[state->base_iter] != NULL) { ret = sdap_initgr_rfc2307bis_next_base(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } if (state->num_direct_parents == 0) { /* Start a transaction to look up the groups in the sysdb * and update them with LDAP data */ ret = save_rfc2307bis_user_memberships(state); if (ret != EOK) { tevent_req_error(req, ret); } else { tevent_req_done(req); } return; } subreq = rfc2307bis_nested_groups_send(state, state->ev, state->opts, state->sysdb, state->dom, state->sh, state->direct_groups, state->num_direct_parents, state->group_hash, 0); if (!subreq) { tevent_req_error(req, EIO); return; } tevent_req_set_callback(subreq, sdap_initgr_rfc2307bis_done, req); } static errno_t save_rfc2307bis_groups(struct sdap_initgr_rfc2307bis_state *state); static errno_t save_rfc2307bis_group_memberships(struct sdap_initgr_rfc2307bis_state *state); static void sdap_initgr_rfc2307bis_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_initgr_rfc2307bis_state *state = tevent_req_data(req, struct sdap_initgr_rfc2307bis_state); bool in_transaction = false; errno_t tret; ret = rfc2307bis_nested_groups_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(1, ("Failed to start transaction\n")); goto fail; } in_transaction = true; /* save the groups if they are not cached */ ret = save_rfc2307bis_groups(state); if (ret != EOK) { DEBUG(3, ("Could not save groups memberships [%d]", ret)); goto fail; } /* save the group membership */ ret = save_rfc2307bis_group_memberships(state); if (ret != EOK) { DEBUG(3, ("Could not save group memberships [%d]", ret)); goto fail; } /* save the user memberships */ ret = save_rfc2307bis_user_memberships(state); if (ret != EOK) { DEBUG(3, ("Could not save user memberships [%d]", ret)); goto fail; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { DEBUG(1, ("Failed to commit transaction\n")); goto fail; } in_transaction = false; tevent_req_done(req); return; fail: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { DEBUG(1, ("Failed to cancel transaction\n")); } } tevent_req_error(req, ret); return; } static int sdap_initgr_rfc2307bis_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } struct rfc2307bis_group_memberships_state { struct sysdb_ctx *sysdb; struct sdap_options *opts; struct sss_domain_info *dom; hash_table_t *group_hash; struct membership_diff *memberships; int ret; }; static errno_t save_rfc2307bis_groups(struct sdap_initgr_rfc2307bis_state *state) { struct sysdb_attrs **groups = NULL; unsigned long count; hash_value_t *values; int hret, i; errno_t ret; TALLOC_CTX *tmp_ctx; struct sdap_nested_group *gr; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; hret = hash_values(state->group_hash, &count, &values); if (hret != HASH_SUCCESS) { ret = EIO; goto done; } groups = talloc_array(tmp_ctx, struct sysdb_attrs *, count); if (!groups) { ret = ENOMEM; goto done; } for (i = 0; i < count; i++) { gr = talloc_get_type(values[i].ptr, struct sdap_nested_group); groups[i] = gr->group; } talloc_zfree(values); ret = sdap_nested_groups_store(state->sysdb, state->dom, state->opts, groups, count); if (ret != EOK) { DEBUG(3, ("Could not save groups [%d]: %s\n", ret, strerror(ret))); goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } static bool rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data); static errno_t save_rfc2307bis_group_memberships(struct sdap_initgr_rfc2307bis_state *state) { errno_t ret, tret; int hret; TALLOC_CTX *tmp_ctx; struct rfc2307bis_group_memberships_state *membership_state; struct membership_diff *iter; struct membership_diff *iter_start; struct membership_diff *iter_tmp; bool in_transaction = false; int num_added; int i; int grp_count; char **add = NULL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; membership_state = talloc_zero(tmp_ctx, struct rfc2307bis_group_memberships_state); if (!membership_state) { ret = ENOMEM; goto done; } membership_state->sysdb = state->sysdb; membership_state->dom = state->dom; membership_state->opts = state->opts; membership_state->group_hash = state->group_hash; hret = hash_iterate(state->group_hash, rfc2307bis_group_memberships_build, membership_state); if (hret != HASH_SUCCESS) { ret = membership_state->ret; goto done; } ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(1, ("Failed to start transaction\n")); goto done; } in_transaction = true; iter_start = membership_state->memberships; DLIST_FOR_EACH(iter, membership_state->memberships) { /* Create a copy of iter->add array but do not include groups outside * nesting limit. This array must be NULL terminated. */ for (grp_count = 0; iter->add[grp_count]; grp_count++); add = talloc_zero_array(tmp_ctx, char *, grp_count + 1); if (add == NULL) { ret = ENOMEM; goto done; } num_added = 0; for (i = 0; i < grp_count; i++) { DLIST_FOR_EACH(iter_tmp, iter_start) { if (!strcmp(iter_tmp->name,iter->add[i])) { add[num_added] = iter->add[i]; num_added++; break; } } } if (num_added == 0) { add = NULL; } else { add[num_added] = NULL; } ret = sysdb_update_members(state->sysdb, state->dom, iter->name, SYSDB_MEMBER_GROUP, (const char *const *) add, (const char *const *) iter->del); if (ret != EOK) { DEBUG(3, ("Failed to update memberships\n")); goto done; } } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { DEBUG(1, ("Failed to commit transaction\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { DEBUG(1, ("Failed to cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } static bool rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data) { struct rfc2307bis_group_memberships_state *mstate = talloc_get_type( user_data, struct rfc2307bis_group_memberships_state); struct sdap_nested_group *group; char *group_name; TALLOC_CTX *tmp_ctx; errno_t ret; char **sysdb_parents_names_list; char **ldap_parents_names_list = NULL; struct membership_diff *mdiff; group_name = (char *) item->key.str; group = (struct sdap_nested_group *) item->value.ptr; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } ret = sysdb_get_direct_parents(tmp_ctx, mstate->sysdb, mstate->dom, SYSDB_MEMBER_GROUP, group_name, &sysdb_parents_names_list); if (ret) { DEBUG(1, ("Could not get direct sysdb parents for %s: %d [%s]\n", group_name, ret, strerror(ret))); goto done; } if (group->parents_count > 0) { ret = sysdb_attrs_primary_name_list(mstate->sysdb, tmp_ctx, group->ldap_parents, group->parents_count, mstate->opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_parents_names_list); if (ret != EOK) { goto done; } } ret = build_membership_diff(tmp_ctx, group_name, ldap_parents_names_list, sysdb_parents_names_list, &mdiff); if (ret != EOK) { DEBUG(3, ("Could not build membership diff for %s [%d]: %s\n", group_name, ret, strerror(ret))); goto done; } talloc_steal(mstate, mdiff); DLIST_ADD(mstate->memberships, mdiff); ret = EOK; done: talloc_free(tmp_ctx); mstate->ret = ret; return ret == EOK ? true : false; } errno_t save_rfc2307bis_user_memberships( struct sdap_initgr_rfc2307bis_state *state) { errno_t ret, tret; char **ldap_grouplist; char **sysdb_parent_name_list; char **add_groups; char **del_groups; bool in_transaction = false; size_t c; char *tmp_str; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if(!tmp_ctx) { return ENOMEM; } DEBUG(7, ("Save parent groups to sysdb\n")); ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto error; } in_transaction = true; ret = sysdb_get_direct_parents(tmp_ctx, state->sysdb, state->dom, SYSDB_MEMBER_USER, state->name, &sysdb_parent_name_list); if (ret) { DEBUG(1, ("Could not get direct sysdb parents for %s: %d [%s]\n", state->name, ret, strerror(ret))); goto error; } if (state->num_direct_parents == 0) { ldap_grouplist = NULL; } else { ret = sysdb_attrs_primary_name_list( state->sysdb, tmp_ctx, state->direct_groups, state->num_direct_parents, state->opts->group_map[SDAP_AT_GROUP_NAME].name, &ldap_grouplist); if (ret != EOK) { goto error; } if (IS_SUBDOMAIN(state->dom)) { for (c = 0; ldap_grouplist[c] != NULL; c++) { tmp_str = sss_tc_fqname(ldap_grouplist, state->dom->names, state->dom, ldap_grouplist[c]); if (tmp_str == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sss_tc_fqname failed.\n")); ret = ENOMEM; goto error; } talloc_free(ldap_grouplist[c]); ldap_grouplist[c] = tmp_str; } } } /* Find the differences between the sysdb and ldap lists * Groups in ldap only must be added to the sysdb; * groups in the sysdb only must be removed. */ ret = diff_string_lists(tmp_ctx, ldap_grouplist, sysdb_parent_name_list, &add_groups, &del_groups, NULL); if (ret != EOK) { goto error; } DEBUG(8, ("Updating memberships for %s\n", state->name)); ret = sysdb_update_members(state->sysdb, state->dom, state->name, SYSDB_MEMBER_USER, (const char *const *)add_groups, (const char *const *)del_groups); if (ret != EOK) { goto error; } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto error; } in_transaction = false; talloc_free(tmp_ctx); return EOK; error: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { DEBUG(1, ("Failed to cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } struct sdap_rfc2307bis_nested_ctx { struct tevent_context *ev; struct sdap_options *opts; struct sysdb_ctx *sysdb; struct sss_domain_info *dom; struct sdap_handle *sh; int timeout; const char *base_filter; char *filter; const char *orig_dn; const char **attrs; struct sysdb_attrs **groups; size_t num_groups; size_t nesting_level; size_t group_iter; struct sdap_nested_group **processed_groups; hash_table_t *group_hash; const char *primary_name; struct sysdb_handle *handle; size_t base_iter; struct sdap_search_base **search_bases; }; static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req); struct tevent_req *rfc2307bis_nested_groups_send( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct sdap_handle *sh, struct sysdb_attrs **groups, size_t num_groups, hash_table_t *group_hash, size_t nesting) { errno_t ret; struct tevent_req *req; struct sdap_rfc2307bis_nested_ctx *state; DEBUG(SSSDBG_TRACE_INTERNAL, ("About to process %zu groups in nesting level %zu\n", num_groups, nesting)); req = tevent_req_create(mem_ctx, &state, struct sdap_rfc2307bis_nested_ctx); if (!req) return NULL; if ((num_groups == 0) || (nesting > dp_opt_get_int(opts->basic, SDAP_NESTING_LEVEL))) { /* No parent groups to process or too deep*/ ret = EOK; goto done; } state->ev = ev; state->opts = opts; state->sysdb = sysdb; state->dom = dom; state->sh = sh; state->groups = groups; state->num_groups = num_groups; state->group_iter = 0; state->nesting_level = nesting; state->group_hash = group_hash; state->filter = NULL; state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); state->base_iter = 0; state->search_bases = opts->sdom->group_search_bases; if (!state->search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("Initgroups nested lookup request " "without a group search base\n")); ret = EINVAL; goto done; } state->processed_groups = talloc_array(state, struct sdap_nested_group *, state->num_groups); if (state->processed_groups == NULL) { ret = ENOMEM; goto done; } while (state->group_iter < state->num_groups) { ret = rfc2307bis_nested_groups_step(req); if (ret == EOK) { /* This group had already been looked up. Continue to * another group in the same level */ state->group_iter++; continue; } else { goto done; } } ret = EOK; done: if (ret == EOK) { /* All parent groups were already processed */ tevent_req_done(req); tevent_req_post(req, ev); } else if (ret != EAGAIN) { tevent_req_error(req, ret); tevent_req_post(req, ev); } /* EAGAIN means a lookup is in progress */ return req; } static errno_t rfc2307bis_nested_groups_next_base(struct tevent_req *req); static void rfc2307bis_nested_groups_process(struct tevent_req *subreq); static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req) { errno_t ret; TALLOC_CTX *tmp_ctx = NULL; const char **attr_filter; char *clean_orig_dn; hash_key_t key; hash_value_t value; struct sdap_rfc2307bis_nested_ctx *state = tevent_req_data(req, struct sdap_rfc2307bis_nested_ctx); tmp_ctx = talloc_new(state); if (!tmp_ctx) { ret = ENOMEM; goto done; } ret = sdap_get_group_primary_name(state, state->opts, state->groups[state->group_iter], state->dom, &state->primary_name); if (ret != EOK) { goto done; } key.type = HASH_KEY_STRING; key.str = talloc_strdup(state, state->primary_name); if (!key.str) { ret = ENOMEM; goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Processing group [%s]\n", state->primary_name)); ret = hash_lookup(state->group_hash, &key, &value); if (ret == HASH_SUCCESS) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Group [%s] was already processed, " "taking a shortcut\n", state->primary_name)); state->processed_groups[state->group_iter] = talloc_get_type(value.ptr, struct sdap_nested_group); talloc_free(key.str); ret = EOK; goto done; } /* Need to try to find parent groups for this group. */ state->processed_groups[state->group_iter] = talloc_zero(state->processed_groups, struct sdap_nested_group); if (!state->processed_groups[state->group_iter]) { ret = ENOMEM; goto done; } /* this steal doesn't change much now, but will be helpful later on * if we steal the whole processed_group on the hash table */ state->processed_groups[state->group_iter]->group = talloc_steal(state->processed_groups[state->group_iter], state->groups[state->group_iter]); /* Get any parent groups for this group */ ret = sysdb_attrs_get_string(state->groups[state->group_iter], SYSDB_ORIG_DN, &state->orig_dn); if (ret != EOK) { goto done; } attr_filter = talloc_array(state, const char *, 2); if (!attr_filter) { ret = ENOMEM; goto done; } attr_filter[0] = state->opts->group_map[SDAP_AT_GROUP_MEMBER].name; attr_filter[1] = NULL; ret = build_attrs_from_map(state, state->opts->group_map, SDAP_OPTS_GROUP, attr_filter, &state->attrs, NULL); if (ret != EOK) { goto done; } ret = sss_filter_sanitize(tmp_ctx, state->orig_dn, &clean_orig_dn); if (ret != EOK) { goto done; } state->base_filter = talloc_asprintf( state, "(&(%s=%s)(objectclass=%s)(%s=*))", state->opts->group_map[SDAP_AT_GROUP_MEMBER].name, clean_orig_dn, state->opts->group_map[SDAP_OC_GROUP].name, state->opts->group_map[SDAP_AT_GROUP_NAME].name); if (!state->base_filter) { ret = ENOMEM; goto done; } ret = rfc2307bis_nested_groups_next_base(req); if (ret != EOK) goto done; /* Still processing parent groups */ ret = EAGAIN; done: talloc_free(tmp_ctx); return ret; } static errno_t rfc2307bis_nested_groups_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_rfc2307bis_nested_ctx *state; state = tevent_req_data(req, struct sdap_rfc2307bis_nested_ctx); talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter( state, state->base_filter, state->search_bases[state->base_iter]->filter); if (!state->filter) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for parent groups of group [%s] with base [%s]\n", state->orig_dn, state->search_bases[state->base_iter]->basedn)); subreq = sdap_get_generic_send( state, state->ev, state->opts, state->sh, state->search_bases[state->base_iter]->basedn, state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->group_map, SDAP_OPTS_GROUP, state->timeout, true); if (!subreq) { return ENOMEM; } tevent_req_set_callback(subreq, rfc2307bis_nested_groups_process, req); return EOK; } static void rfc2307bis_nested_groups_done(struct tevent_req *subreq); static void rfc2307bis_nested_groups_process(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_rfc2307bis_nested_ctx *state = tevent_req_data(req, struct sdap_rfc2307bis_nested_ctx); size_t count; size_t i; struct sysdb_attrs **ldap_groups; struct sdap_nested_group *ngr; hash_value_t value; hash_key_t key; int hret; ret = sdap_get_generic_recv(subreq, state, &count, &ldap_groups); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_LIBS, ("Found %zu parent groups of [%s]\n", count, state->orig_dn)); ngr = state->processed_groups[state->group_iter]; /* Add this batch of groups to the list */ if (count > 0) { ngr->ldap_parents = talloc_realloc(ngr, ngr->ldap_parents, struct sysdb_attrs *, ngr->parents_count + count + 1); if (!ngr->ldap_parents) { tevent_req_error(req, ENOMEM); return; } /* Copy the new groups into the list. * They're allocated on 'state' so we need to move them * onto ldap_parents so that the data won't disappear when * we finish this nesting level. */ for (i = 0; i < count; i++) { ngr->ldap_parents[ngr->parents_count + i] = talloc_steal(ngr->ldap_parents, ldap_groups[i]); } ngr->parents_count += count; ngr->ldap_parents[ngr->parents_count] = NULL; DEBUG(SSSDBG_TRACE_INTERNAL, ("Total of %zu direct parents after this iteration\n", ngr->parents_count)); } state->base_iter++; /* Check for additional search bases, and iterate * through again. */ if (state->search_bases[state->base_iter] != NULL) { ret = rfc2307bis_nested_groups_next_base(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } /* Reset the base iterator for future lookups */ state->base_iter = 0; /* Save the group into the hash table */ key.type = HASH_KEY_STRING; key.str = talloc_strdup(state, state->primary_name); if (!key.str) { tevent_req_error(req, ENOMEM); return; } /* Steal the nested group entry on the group_hash context so it can * outlive this request */ talloc_steal(state->group_hash, ngr); value.type = HASH_VALUE_PTR; value.ptr = ngr; hret = hash_enter(state->group_hash, &key, &value); if (hret != HASH_SUCCESS) { talloc_free(key.str); tevent_req_error(req, EIO); return; } talloc_free(key.str); if (ngr->parents_count == 0) { /* No parent groups for this group in LDAP * Move on to the next group */ state->group_iter++; while (state->group_iter < state->num_groups) { ret = rfc2307bis_nested_groups_step(req); if (ret == EAGAIN) { /* Looking up parent groups.. */ return; } else if (ret != EOK) { tevent_req_error(req, ret); return; } /* EOK means this group has already been processed * in another nesting level */ state->group_iter++; } if (state->group_iter == state->num_groups) { /* All groups processed. Done. */ tevent_req_done(req); } return; } /* Otherwise, recurse into the groups */ subreq = rfc2307bis_nested_groups_send( state, state->ev, state->opts, state->sysdb, state->dom, state->sh, ngr->ldap_parents, ngr->parents_count, state->group_hash, state->nesting_level+1); if (!subreq) { tevent_req_error(req, EIO); return; } tevent_req_set_callback(subreq, rfc2307bis_nested_groups_done, req); } static errno_t rfc2307bis_nested_groups_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void rfc2307bis_nested_groups_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_rfc2307bis_nested_ctx *state = tevent_req_data(req, struct sdap_rfc2307bis_nested_ctx); ret = rfc2307bis_nested_groups_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(6, ("rfc2307bis_nested failed [%d][%s]\n", ret, strerror(ret))); tevent_req_error(req, ret); return; } state->group_iter++; while (state->group_iter < state->num_groups) { ret = rfc2307bis_nested_groups_step(req); if (ret == EAGAIN) { /* Looking up parent groups.. */ return; } else if (ret != EOK) { tevent_req_error(req, ret); return; } /* EOK means this group has already been processed * in another nesting level */ state->group_iter++; } if (state->group_iter == state->num_groups) { /* All groups processed. Done. */ tevent_req_done(req); return; } } /* ==Initgr-call-(groups-a-user-is-member-of)============================= */ struct sdap_get_initgr_state { struct tevent_context *ev; struct sysdb_ctx *sysdb; struct sdap_options *opts; struct sss_domain_info *dom; struct sdap_domain *sdom; struct sdap_handle *sh; struct sdap_id_ctx *id_ctx; struct sdap_id_conn_ctx *conn; const char *name; const char **grp_attrs; const char **user_attrs; char *user_base_filter; char *filter; int timeout; struct sysdb_attrs *orig_user; size_t user_base_iter; struct sdap_search_base **user_search_bases; bool use_id_mapping; }; static errno_t sdap_get_initgr_next_base(struct tevent_req *req); static void sdap_get_initgr_user(struct tevent_req *subreq); static void sdap_get_initgr_done(struct tevent_req *subreq); struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_domain *sdom, struct sdap_handle *sh, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, const char **grp_attrs) { struct tevent_req *req; struct sdap_get_initgr_state *state; int ret; char *clean_name; bool use_id_mapping; DEBUG(9, ("Retrieving info for initgroups call\n")); req = tevent_req_create(memctx, &state, struct sdap_get_initgr_state); if (!req) return NULL; state->ev = ev; state->opts = id_ctx->opts; state->dom = sdom->dom; state->sysdb = sdom->dom->sysdb; state->sdom = sdom; state->sh = sh; state->id_ctx = id_ctx; state->conn = conn; state->name = name; state->grp_attrs = grp_attrs; state->orig_user = NULL; state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); state->user_base_iter = 0; state->user_search_bases = sdom->user_search_bases; if (!state->user_search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("Initgroups lookup request without a user search base\n")); ret = EINVAL; goto done; } use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( id_ctx->opts->idmap_ctx, sdom->dom->name, sdom->dom->domain_id); ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) { talloc_zfree(req); return NULL; } state->user_base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)", state->opts->user_map[SDAP_AT_USER_NAME].name, clean_name, state->opts->user_map[SDAP_OC_USER].name); if (!state->user_base_filter) { talloc_zfree(req); return NULL; } if (use_id_mapping) { /* When mapping IDs or looking for SIDs, we don't want to limit * ourselves to users with a UID value. But there must be a SID to map * from. */ state->user_base_filter = talloc_asprintf_append(state->user_base_filter, "(%s=*))", id_ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name); } else { /* When not ID-mapping, make sure there is a non-NULL UID */ state->user_base_filter = talloc_asprintf_append(state->user_base_filter, "(&(%s=*)(!(%s=0))))", id_ctx->opts->user_map[SDAP_AT_USER_UID].name, id_ctx->opts->user_map[SDAP_AT_USER_UID].name); } if (!state->user_base_filter) { talloc_zfree(req); return NULL; } ret = build_attrs_from_map(state, state->opts->user_map, SDAP_OPTS_USER, NULL, &state->user_attrs, NULL); if (ret) { talloc_zfree(req); return NULL; } state->use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( state->opts->idmap_ctx, state->dom->name, state->dom->domain_id); ret = sdap_get_initgr_next_base(req); done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static errno_t sdap_get_initgr_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_get_initgr_state *state; state = tevent_req_data(req, struct sdap_get_initgr_state); talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter( state, state->user_base_filter, state->user_search_bases[state->user_base_iter]->filter); if (!state->filter) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for users with base [%s]\n", state->user_search_bases[state->user_base_iter]->basedn)); subreq = sdap_get_generic_send( state, state->ev, state->opts, state->sh, state->user_search_bases[state->user_base_iter]->basedn, state->user_search_bases[state->user_base_iter]->scope, state->filter, state->user_attrs, state->opts->user_map, SDAP_OPTS_USER, state->timeout, false); if (!subreq) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_get_initgr_user, req); return EOK; } static void sdap_get_initgr_user(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_initgr_state *state = tevent_req_data(req, struct sdap_get_initgr_state); struct sysdb_attrs **usr_attrs; size_t count; int ret; errno_t sret; const char *orig_dn; const char *cname; bool in_transaction = false; char *expected_basedn; size_t expected_basedn_len; size_t dn_len; size_t c = 0; DEBUG(9, ("Receiving info for the user\n")); ret = sdap_get_generic_recv(subreq, state, &count, &usr_attrs); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } if (count == 0) { /* No users found in this search */ state->user_base_iter++; if (state->user_search_bases[state->user_base_iter]) { /* There are more search bases to try */ ret = sdap_get_initgr_next_base(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } /* fallback to fetch a local user if required */ if ((state->opts->schema_type == SDAP_SCHEMA_RFC2307) && (dp_opt_get_bool(state->opts->basic, SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS) == true)) { ret = sdap_fallback_local_user(state, state->opts, state->name, -1, &usr_attrs); } else { ret = ENOENT; } if (ret != EOK) { tevent_req_error(req, ret); return; } } else if (count != 1) { DEBUG(SSSDBG_OP_FAILURE, ("Expected one user entry and got %zu\n", count)); ret = domain_to_basedn(state, state->dom->name, &expected_basedn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("domain_to_basedn failed.\n")); tevent_req_error(req, ret); return; } expected_basedn = talloc_asprintf(state, "%s%s", "cn=users,", expected_basedn); if (expected_basedn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_append failed.\n")); tevent_req_error(req, ENOMEM); return; } DEBUG(SSSDBG_TRACE_ALL, ("Expected BaseDN is [%s].\n", expected_basedn)); expected_basedn_len = strlen(expected_basedn); for (c = 0; c < count; c++) { ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); tevent_req_error(req, ret); return; } dn_len = strlen(orig_dn); if (dn_len > expected_basedn_len && strcasecmp(orig_dn + (dn_len - expected_basedn_len), expected_basedn) == 0) { DEBUG(SSSDBG_TRACE_ALL, ("Found matching dn [%s].\n", orig_dn)); break; } } if (c == count) { DEBUG(SSSDBG_OP_FAILURE, ("No matching DN found.\n")); tevent_req_error(req, EINVAL); return; } } state->orig_user = usr_attrs[c]; ret = sysdb_transaction_start(state->sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto fail; } in_transaction = true; DEBUG(9, ("Storing the user\n")); ret = sdap_save_user(state, state->sysdb, state->opts, state->dom, state->orig_user, true, NULL, 0); if (ret) { goto fail; } DEBUG(9, ("Commit change\n")); ret = sysdb_transaction_commit(state->sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto fail; } in_transaction = false; ret = sysdb_get_real_name(state, state->sysdb, state->dom, state->name, &cname); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot canonicalize username\n")); tevent_req_error(req, ret); return; } DEBUG(9, ("Process user's groups\n")); switch (state->opts->schema_type) { case SDAP_SCHEMA_RFC2307: subreq = sdap_initgr_rfc2307_send(state, state->ev, state->opts, state->sysdb, state->dom, state->sh, cname); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_get_initgr_done, req); break; case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_AD: ret = sysdb_attrs_get_string(state->orig_user, SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { tevent_req_error(req, ret); return; } if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { /* Take advantage of AD's tokenGroups mechanism to look up all * parent groups in a single request. */ subreq = sdap_ad_tokengroups_initgroups_send(state, state->ev, state->id_ctx, state->conn, state->opts, state->sysdb, state->dom, state->sh, cname, orig_dn, state->timeout, state->use_id_mapping); } else if (state->opts->support_matching_rule && dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_INITGROUPS)) { /* Take advantage of AD's extensibleMatch filter to look up * all parent groups in a single request. */ subreq = sdap_get_ad_match_rule_initgroups_send(state, state->ev, state->opts, state->sysdb, state->dom, state->sh, cname, orig_dn, state->timeout); } else { subreq = sdap_initgr_rfc2307bis_send( state, state->ev, state->opts, state->sdom, state->sh, cname, orig_dn); } if (!subreq) { tevent_req_error(req, ENOMEM); return; } talloc_steal(subreq, orig_dn); tevent_req_set_callback(subreq, sdap_get_initgr_done, req); break; case SDAP_SCHEMA_IPA_V1: subreq = sdap_initgr_nested_send(state, state->ev, state->opts, state->sysdb, state->dom, state->sh, state->orig_user, state->grp_attrs); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_get_initgr_done, req); return; default: tevent_req_error(req, EINVAL); return; } return; fail: if (in_transaction) { sret = sysdb_transaction_cancel(state->sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } tevent_req_error(req, ret); } static void sdap_get_initgr_pgid(struct tevent_req *req); static void sdap_get_initgr_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_initgr_state *state = tevent_req_data(req, struct sdap_get_initgr_state); int ret; TALLOC_CTX *tmp_ctx; gid_t primary_gid; char *gid; char *sid_str; char *dom_sid_str; char *group_sid_str; struct sdap_options *opts = state->opts; DEBUG(9, ("Initgroups done\n")); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { tevent_req_error(req, ENOMEM); return; } switch (state->opts->schema_type) { case SDAP_SCHEMA_RFC2307: ret = sdap_initgr_rfc2307_recv(subreq); break; case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_AD: if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { ret = sdap_ad_tokengroups_initgroups_recv(subreq); } else if (state->opts->support_matching_rule && dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_INITGROUPS)) { ret = sdap_get_ad_match_rule_initgroups_recv(subreq); } else { ret = sdap_initgr_rfc2307bis_recv(subreq); } break; case SDAP_SCHEMA_IPA_V1: ret = sdap_initgr_nested_recv(subreq); break; default: ret = EINVAL; break; } talloc_zfree(subreq); if (ret) { DEBUG(9, ("Error in initgroups: [%d][%s]\n", ret, strerror(ret))); goto fail; } /* We also need to update the user's primary group, since * the user may not be an explicit member of that group */ if (state->use_id_mapping) { DEBUG(SSSDBG_TRACE_LIBS, ("Mapping primary group to unix ID\n")); /* The primary group ID is just the RID part of the objectSID * of the group. Generate the GID by adding this to the domain * SID value. */ /* Get the user SID so we can extract the domain SID * from it. */ ret = sdap_attrs_get_sid_str( tmp_ctx, opts->idmap_ctx, state->orig_user, opts->user_map[SDAP_AT_USER_OBJECTSID].sys_name, &sid_str); if (ret != EOK) goto fail; /* Get the domain SID from the user SID */ ret = sdap_idmap_get_dom_sid_from_object(tmp_ctx, sid_str, &dom_sid_str); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not parse domain SID from [%s]\n", sid_str)); goto fail; } ret = sysdb_attrs_get_uint32_t( state->orig_user, opts->user_map[SDAP_AT_USER_PRIMARY_GROUP].sys_name, &primary_gid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("no primary group ID provided\n")); ret = EINVAL; goto fail; } /* Add the RID to the end */ group_sid_str = talloc_asprintf(tmp_ctx, "%s-%lu", dom_sid_str, (unsigned long)primary_gid); if (!group_sid_str) { ret = ENOMEM; goto fail; } /* Convert the SID into a UNIX group ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, group_sid_str, &primary_gid); if (ret != EOK) goto fail; } else { ret = sysdb_attrs_get_uint32_t(state->orig_user, SYSDB_GIDNUM, &primary_gid); if (ret != EOK) { DEBUG(6, ("Could not find user's primary GID\n")); goto fail; } } gid = talloc_asprintf(state, "%lu", (unsigned long)primary_gid); if (gid == NULL) { ret = ENOMEM; goto fail; } subreq = groups_get_send(req, state->ev, state->id_ctx, state->id_ctx->opts->sdom, state->conn, gid, BE_FILTER_IDNUM, BE_ATTR_ALL, NULL); if (!subreq) { ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, sdap_get_initgr_pgid, req); talloc_free(tmp_ctx); tevent_req_done(req); return; fail: talloc_free(tmp_ctx); tevent_req_error(req, ret); return; } static void sdap_get_initgr_pgid(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); errno_t ret; ret = groups_get_recv(subreq, NULL, NULL); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } int sdap_get_initgr_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static errno_t get_sysdb_grouplist_ex(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, char ***grouplist, bool get_dn) { errno_t ret; const char *attrs[2]; struct ldb_message *msg; TALLOC_CTX *tmp_ctx; struct ldb_message_element *groups; char **sysdb_grouplist = NULL; unsigned int i; attrs[0] = SYSDB_MEMBEROF; attrs[1] = NULL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, name, attrs, &msg); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error searching user [%s] by name: [%s]\n", name, strerror(ret))); goto done; } groups = ldb_msg_find_element(msg, SYSDB_MEMBEROF); if (!groups || groups->num_values == 0) { /* No groups for this user in sysdb currently */ sysdb_grouplist = NULL; } else { sysdb_grouplist = talloc_array(tmp_ctx, char *, groups->num_values+1); if (!sysdb_grouplist) { ret = ENOMEM; goto done; } if (get_dn) { /* Get distinguish name */ for (i=0; i < groups->num_values; i++) { sysdb_grouplist[i] = talloc_strdup(sysdb_grouplist, (const char *)groups->values[i].data); if (sysdb_grouplist[i] == NULL) { ret = ENOMEM; goto done; } } } else { /* Get a list of the groups by groupname only */ for (i=0; i < groups->num_values; i++) { ret = sysdb_group_dn_name(sysdb, sysdb_grouplist, (const char *)groups->values[i].data, &sysdb_grouplist[i]); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not determine group name from [%s]: [%s]\n", (const char *)groups->values[i].data, strerror(ret))); goto done; } } } sysdb_grouplist[groups->num_values] = NULL; } *grouplist = talloc_steal(mem_ctx, sysdb_grouplist); done: talloc_free(tmp_ctx); return ret; } errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, char ***grouplist) { return get_sysdb_grouplist_ex(mem_ctx, sysdb, domain, name, grouplist, false); } errno_t get_sysdb_grouplist_dn(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, char ***grouplist) { return get_sysdb_grouplist_ex(mem_ctx, sysdb, domain, name, grouplist, true); } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_autofs.h0000644000000000000000000000007312320753107021757 xustar000000000000000030 atime=1396954939.268891429 29 ctime=1396954961.47987508 sssd-1.11.5/src/providers/ldap/sdap_autofs.h0000664002412700241270000000304412320753107022203 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP handler for autofs Authors: Jakub Hrozek Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SDAP_AUTOFS_H_ #define _SDAP_AUTOFS_H_ int sdap_autofs_init(struct be_ctx *be_ctx, struct sdap_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data); struct tevent_req * sdap_autofs_setautomntent_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *dom, struct sysdb_ctx *sysdb, struct sdap_handle *sh, struct sdap_id_op *op, struct sdap_options *opts, const char *mapname); errno_t sdap_autofs_setautomntent_recv(struct tevent_req *req); #endif /* _SDAP_AUTOFS_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_sudo_cache.c0000644000000000000000000000007412320753107022547 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.635874965 sssd-1.11.5/src/providers/ldap/sdap_sudo_cache.c0000664002412700241270000001330512320753107022773 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "db/sysdb.h" #include "db/sysdb_sudo.h" #include "providers/ldap/sdap_sudo_cache.h" /* ========== Functions specific for the native sudo LDAP schema ========== */ static errno_t sdap_sudo_get_usn(TALLOC_CTX *mem_ctx, struct sysdb_attrs *attrs, struct sdap_attr_map *map, const char *name, char **_usn) { const char *usn; errno_t ret; if (_usn == NULL) { return EINVAL; } ret = sysdb_attrs_get_string(attrs, map[SDAP_AT_SUDO_USN].sys_name, &usn); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to retrieve USN value: [%s]\n", strerror(ret))); return ret; } *_usn = talloc_strdup(mem_ctx, usn); if (*_usn == NULL) { return ENOMEM; } return EOK; } static errno_t sdap_save_native_sudorule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *domain, struct sdap_attr_map *map, struct sysdb_attrs *attrs, int cache_timeout, time_t now, char **_usn) { errno_t ret; const char *rule_name; ret = sysdb_attrs_get_string(attrs, map[SDAP_AT_SUDO_NAME].sys_name, &rule_name); if (ret == ERANGE) { DEBUG(SSSDBG_OP_FAILURE, ("Warning: found rule that contains none " "or multiple CN values. It will be skipped.\n")); return ret; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get rule name [%d]: %s\n", ret, strerror(ret))); return ret; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, (cache_timeout ? (now + cache_timeout) : 0)); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set sysdb cache expire [%d]: %s\n", ret, strerror(ret))); return ret; } ret = sdap_sudo_get_usn(mem_ctx, attrs, map, rule_name, _usn); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not read USN from %s\n", rule_name)); *_usn = NULL; /* but we will store the rule anyway */ } ret = sysdb_save_sudorule(sysdb_ctx, domain, rule_name, attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not save sudorule %s\n", rule_name)); return ret; } return ret; } errno_t sdap_save_native_sudorule_list(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *domain, struct sdap_attr_map *map, struct sysdb_attrs **replies, size_t replies_count, int cache_timeout, time_t now, char **_usn) { TALLOC_CTX *tmp_ctx = NULL; char *higher_usn = NULL; char *usn_value = NULL; errno_t ret, tret; bool in_transaction = false; size_t i; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } ret = sysdb_transaction_start(sysdb_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not start transaction\n")); goto fail; } in_transaction = true; for (i=0; i strlen(higher_usn)) || (strcmp(usn_value, higher_usn) > 0)) { talloc_zfree(higher_usn); higher_usn = usn_value; } else { talloc_zfree(usn_value); } } else { higher_usn = usn_value; } } } ret = sysdb_transaction_commit(sysdb_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto fail; } in_transaction = false; if (higher_usn != NULL) { *_usn = talloc_steal(mem_ctx, higher_usn); } ret = EOK; fail: if (in_transaction) { tret = sysdb_transaction_cancel(sysdb_ctx); if (tret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_users.h0000644000000000000000000000007412320753107021620 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.482875078 sssd-1.11.5/src/providers/ldap/sdap_users.h0000664002412700241270000000264012320753107022044 0ustar00jhrozekjhrozek00000000000000/* SSSD Async LDAP Helper routines Copyright (C) Simo Sorce This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SDAP_USERS_H_ #define _SDAP_USERS_H_ #include "config.h" /* shared non-async user functions */ errno_t sdap_fallback_local_user(TALLOC_CTX *memctx, struct sdap_options *opts, const char *name, uid_t uid, struct sysdb_attrs ***reply); int sdap_save_user(TALLOC_CTX *memctx, struct sysdb_ctx *ctx, struct sdap_options *opts, struct sss_domain_info *dom, struct sysdb_attrs *attrs, bool is_initgr, char **_usn_value, time_t now); #endif /* _SDAP_USERS_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/ldap_id_netgroup.c0000644000000000000000000000007312320753107022761 xustar000000000000000030 atime=1396954939.266891431 29 ctime=1396954961.61487498 sssd-1.11.5/src/providers/ldap/ldap_id_netgroup.c0000664002412700241270000001622712320753107023214 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Identity Backend Module - Netgroup support Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" struct ldap_netgroup_get_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; struct sdap_domain *sdom; struct sdap_id_op *op; struct sdap_id_conn_ctx *conn; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; const char *name; int timeout; char *filter; const char **attrs; size_t count; struct sysdb_attrs **netgroups; int dp_error; int sdap_ret; bool noexist_delete; }; static int ldap_netgroup_get_retry(struct tevent_req *req); static void ldap_netgroup_get_connect_done(struct tevent_req *subreq); static void ldap_netgroup_get_done(struct tevent_req *subreq); struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, bool noexist_delete) { struct tevent_req *req; struct ldap_netgroup_get_state *state; char *clean_name; int ret; req = tevent_req_create(memctx, &state, struct ldap_netgroup_get_state); if (!req) return NULL; state->ev = ev; state->ctx = ctx; state->sdom = sdom; state->conn = conn; state->dp_error = DP_ERR_FATAL; state->noexist_delete = noexist_delete; state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto fail; } state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; state->name = name; state->timeout = dp_opt_get_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT); ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) { goto fail; } state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", ctx->opts->netgroup_map[SDAP_AT_NETGROUP_NAME].name, clean_name, ctx->opts->netgroup_map[SDAP_OC_NETGROUP].name); if (!state->filter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto fail; } talloc_zfree(clean_name); ret = build_attrs_from_map(state, ctx->opts->netgroup_map, SDAP_OPTS_NETGROUP, NULL, &state->attrs, NULL); if (ret != EOK) goto fail; ret = ldap_netgroup_get_retry(req); if (ret != EOK) { goto fail; } return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static int ldap_netgroup_get_retry(struct tevent_req *req) { struct ldap_netgroup_get_state *state = tevent_req_data(req, struct ldap_netgroup_get_state); struct tevent_req *subreq; int ret = EOK; subreq = sdap_id_op_connect_send(state->op, state, &ret); if (!subreq) { return ret; } tevent_req_set_callback(subreq, ldap_netgroup_get_connect_done, req); return EOK; } static void ldap_netgroup_get_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ldap_netgroup_get_state *state = tevent_req_data(req, struct ldap_netgroup_get_state); int dp_error = DP_ERR_FATAL; int ret; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } subreq = sdap_get_netgroups_send(state, state->ev, state->domain, state->sysdb, state->ctx->opts, state->sdom->netgroup_search_bases, sdap_id_op_handle(state->op), state->attrs, state->filter, state->timeout); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, ldap_netgroup_get_done, req); return; } static void ldap_netgroup_get_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ldap_netgroup_get_state *state = tevent_req_data(req, struct ldap_netgroup_get_state); int dp_error = DP_ERR_FATAL; int ret; ret = sdap_get_netgroups_recv(subreq, state, NULL, &state->count, &state->netgroups); talloc_zfree(subreq); ret = sdap_id_op_done(state->op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = ldap_netgroup_get_retry(req); if (ret != EOK) { tevent_req_error(req, ret); return; } return; } state->sdap_ret = ret; if (ret && ret != ENOENT) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } if (ret == EOK && state->count > 1) { DEBUG(1, ("Found more than one netgroup with the name [%s].\n", state->name)); tevent_req_error(req, EINVAL); return; } if (ret == ENOENT && state->noexist_delete == true) { ret = sysdb_delete_netgroup(state->sysdb, state->domain, state->name); if (ret != EOK && ret != ENOENT) { tevent_req_error(req, ret); return; } } state->dp_error = DP_ERR_OK; tevent_req_done(req); return; } int ldap_netgroup_get_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret) { struct ldap_netgroup_get_state *state = tevent_req_data(req, struct ldap_netgroup_get_state); if (dp_error_out) { *dp_error_out = state->dp_error; } if (sdap_ret) { *sdap_ret = state->sdap_ret; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/ldap_init.c0000644000000000000000000000007412320753107021406 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.609874984 sssd-1.11.5/src/providers/ldap/ldap_init.c0000664002412700241270000003625512320753107021643 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Provider Initialization functions Authors: Simo Sorce Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/child_common.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/sdap_access.h" #include "providers/ldap/sdap_sudo.h" #include "providers/ldap/sdap_autofs.h" #include "providers/ldap/sdap_idmap.h" #include "providers/fail_over_srv.h" #include "providers/dp_refresh.h" static void sdap_shutdown(struct be_req *req); /* Id Handler */ struct bet_ops sdap_id_ops = { .handler = sdap_account_info_handler, .finalize = sdap_shutdown, .check_online = sdap_check_online }; /* Auth Handler */ struct bet_ops sdap_auth_ops = { .handler = sdap_pam_auth_handler, .finalize = sdap_shutdown }; /* Chpass Handler */ struct bet_ops sdap_chpass_ops = { .handler = sdap_pam_chpass_handler, .finalize = sdap_shutdown }; /* Access Handler */ struct bet_ops sdap_access_ops = { .handler = sdap_pam_access_handler, .finalize = sdap_shutdown }; /* Please use this only for short lists */ errno_t check_order_list_for_duplicates(char **list, bool case_sensitive) { size_t c; size_t d; int cmp; for (c = 0; list[c] != NULL; c++) { for (d = c + 1; list[d] != NULL; d++) { if (case_sensitive) { cmp = strcmp(list[c], list[d]); } else { cmp = strcasecmp(list[c], list[d]); } if (cmp == 0) { DEBUG(1, ("Duplicate string [%s] found.\n", list[c])); return EINVAL; } } } return EOK; } static int ldap_id_init_internal(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { struct sdap_id_ctx *ctx = NULL; const char *urls; const char *backup_urls; const char *dns_service_name; const char *sasl_mech; struct sdap_service *sdap_service; struct sdap_options *opts = NULL; int ret; /* If we're already set up, just return that */ if(bectx->bet_info[BET_ID].mod_name && strcmp("ldap", bectx->bet_info[BET_ID].mod_name) == 0) { DEBUG(8, ("Re-using sdap_id_ctx for this provider\n")); *ops = bectx->bet_info[BET_ID].bet_ops; *pvt_data = bectx->bet_info[BET_ID].pvt_bet_data; return EOK; } ret = ldap_get_options(bectx, bectx->domain, bectx->cdb, bectx->conf_path, &opts); if (ret != EOK) { goto done; } dns_service_name = dp_opt_get_string(opts->basic, SDAP_DNS_SERVICE_NAME); DEBUG(SSSDBG_CONF_SETTINGS, ("Service name for discovery set to %s\n", dns_service_name)); urls = dp_opt_get_string(opts->basic, SDAP_URI); backup_urls = dp_opt_get_string(opts->basic, SDAP_BACKUP_URI); ret = sdap_service_init(bectx, bectx, "LDAP", dns_service_name, urls, backup_urls, &sdap_service); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to initialize failover service!\n")); goto done; } ctx = sdap_id_ctx_new(bectx, bectx, sdap_service); if (!ctx) { ret = ENOMEM; goto done; } ctx->opts = talloc_steal(ctx, opts); sasl_mech = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_MECH); if (sasl_mech && strcasecmp(sasl_mech, "GSSAPI") == 0) { if (dp_opt_get_bool(ctx->opts->basic, SDAP_KRB5_KINIT)) { ret = sdap_gssapi_init(ctx, ctx->opts->basic, ctx->be, ctx->conn->service, &ctx->krb5_service); if (ret != EOK) { DEBUG(1, ("sdap_gssapi_init failed [%d][%s].\n", ret, strerror(ret))); goto done; } } } ret = setup_tls_config(ctx->opts->basic); if (ret != EOK) { DEBUG(1, ("setup_tls_config failed [%d][%s].\n", ret, strerror(ret))); goto done; } /* Set up the ID mapping object */ ret = sdap_idmap_init(ctx, ctx, &ctx->opts->idmap_ctx); if (ret != EOK) goto done; ret = sdap_setup_child(); if (ret != EOK) { DEBUG(1, ("setup_child failed [%d][%s].\n", ret, strerror(ret))); goto done; } /* setup SRV lookup plugin */ ret = be_fo_set_dns_srv_lookup_plugin(bectx, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set SRV lookup plugin " "[%d]: %s\n", ret, strerror(ret))); goto done; } /* setup periodical refresh of expired records */ ret = be_refresh_add_cb(bectx->refresh_ctx, BE_REFRESH_TYPE_NETGROUPS, sdap_refresh_netgroups_send, sdap_refresh_netgroups_recv, ctx); if (ret != EOK && ret != EEXIST) { DEBUG(SSSDBG_MINOR_FAILURE, ("Periodical refresh of netgroups " "will not work [%d]: %s\n", ret, strerror(ret))); } *ops = &sdap_id_ops; *pvt_data = ctx; ret = EOK; done: if (ret != EOK) { talloc_free(opts); talloc_free(ctx); } return ret; } int sssm_ldap_id_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret; struct sdap_id_ctx *ctx = NULL; ret = ldap_id_init_internal(bectx, ops, (void **) &ctx); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("ldap_id_init_internal failed [%d][%s].\n", ret, strerror(ret))); goto done; } ret = ldap_id_setup_tasks(ctx); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("sdap_id_setup_tasks failed [%d][%s].\n", ret, strerror(ret))); goto done; } *pvt_data = ctx; ret = EOK; done: if (ret != EOK) { talloc_free(ctx); } return ret; } int sssm_ldap_auth_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { void *data; struct sdap_id_ctx *id_ctx; struct sdap_auth_ctx *ctx; int ret; ret = ldap_id_init_internal(bectx, ops, &data); if (ret == EOK) { id_ctx = talloc_get_type(data, struct sdap_id_ctx); ctx = talloc(bectx, struct sdap_auth_ctx); if (!ctx) return ENOMEM; ctx->be = bectx; ctx->opts = id_ctx->opts; ctx->service = id_ctx->conn->service; ctx->chpass_service = NULL; *ops = &sdap_auth_ops; *pvt_data = ctx; } return ret; } int sssm_ldap_chpass_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret; void *data; struct sdap_auth_ctx *ctx = NULL; const char *urls; const char *backup_urls; const char *dns_service_name; ret = sssm_ldap_auth_init(bectx, ops, &data); if (ret != EOK) { DEBUG(1, ("sssm_ldap_auth_init failed.\n")); goto done; } ctx = talloc_get_type(data, struct sdap_auth_ctx); dns_service_name = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_DNS_SERVICE_NAME); if (dns_service_name) { DEBUG(7, ("Service name for chpass discovery set to %s\n", dns_service_name)); } urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_URI); backup_urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_BACKUP_URI); if (!urls && !backup_urls && !dns_service_name) { DEBUG(9, ("ldap_chpass_uri and ldap_chpass_dns_service_name not set, " "using ldap_uri.\n")); ctx->chpass_service = NULL; } else { ret = sdap_service_init(ctx, ctx->be, "LDAP_CHPASS", dns_service_name, urls, backup_urls, &ctx->chpass_service); if (ret != EOK) { DEBUG(1, ("Failed to initialize failover service!\n")); goto done; } } *ops = &sdap_chpass_ops; *pvt_data = ctx; ret = EOK; done: if (ret != EOK) { talloc_free(ctx); } return ret; } int sssm_ldap_access_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret; struct sdap_access_ctx *access_ctx; const char *filter; const char *order; char **order_list; int order_list_len; size_t c; const char *dummy; access_ctx = talloc_zero(bectx, struct sdap_access_ctx); if(access_ctx == NULL) { ret = ENOMEM; goto done; } ret = ldap_id_init_internal(bectx, ops, (void **)&access_ctx->id_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("ldap_id_init_internal failed.\n")); goto done; } order = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCESS_ORDER); if (order == NULL) { DEBUG(1, ("ldap_access_order not given, using 'filter'.\n")); order = "filter"; } ret = split_on_separator(access_ctx, order, ',', true, true, &order_list, &order_list_len); if (ret != EOK) { DEBUG(1, ("split_on_separator failed.\n")); goto done; } ret = check_order_list_for_duplicates(order_list, false); if (ret != EOK) { DEBUG(1, ("check_order_list_for_duplicates failed.\n")); goto done; } if (order_list_len > LDAP_ACCESS_LAST) { DEBUG(SSSDBG_CRIT_FAILURE, ("Currently only [%d] different access rules are supported.\n", LDAP_ACCESS_LAST)); ret = EINVAL; goto done; } for (c = 0; order_list[c] != NULL; c++) { if (strcasecmp(order_list[c], LDAP_ACCESS_FILTER_NAME) == 0) { access_ctx->access_rule[c] = LDAP_ACCESS_FILTER; filter = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCESS_FILTER); if (filter == NULL) { /* It's okay if this is NULL. In that case we will simply act * like the 'deny' provider. */ DEBUG(0, ("Warning: LDAP access rule 'filter' is set, " "but no ldap_access_filter configured. " "All domain users will be denied access.\n")); } else { access_ctx->filter = sdap_get_access_filter(access_ctx, filter); if (access_ctx->filter == NULL) { ret = ENOMEM; goto done; } } } else if (strcasecmp(order_list[c], LDAP_ACCESS_EXPIRE_NAME) == 0) { access_ctx->access_rule[c] = LDAP_ACCESS_EXPIRE; dummy = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCOUNT_EXPIRE_POLICY); if (dummy == NULL) { DEBUG(0, ("Warning: LDAP access rule 'expire' is set, " "but no ldap_account_expire_policy configured. " "All domain users will be denied access.\n")); } else { if (strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_SHADOW) != 0 && strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_AD) != 0 && strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_NDS) != 0 && strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_RHDS) != 0 && strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_IPA) != 0 && strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_389DS) != 0) { DEBUG(1, ("Unsupported LDAP account expire policy [%s].\n", dummy)); ret = EINVAL; goto done; } } } else if (strcasecmp(order_list[c], LDAP_ACCESS_SERVICE_NAME) == 0) { access_ctx->access_rule[c] = LDAP_ACCESS_SERVICE; } else if (strcasecmp(order_list[c], LDAP_ACCESS_HOST_NAME) == 0) { access_ctx->access_rule[c] = LDAP_ACCESS_HOST; } else { DEBUG(1, ("Unexpected access rule name [%s].\n", order_list[c])); ret = EINVAL; goto done; } } access_ctx->access_rule[c] = LDAP_ACCESS_EMPTY; if (c == 0) { DEBUG(0, ("Warning: access_provider=ldap set, " "but ldap_access_order is empty. " "All domain users will be denied access.\n")); } *ops = &sdap_access_ops; *pvt_data = access_ctx; ret = EOK; done: if (ret != EOK) { talloc_free(access_ctx); } return ret; } int sssm_ldap_sudo_init(struct be_ctx *be_ctx, struct bet_ops **ops, void **pvt_data) { #ifdef BUILD_SUDO struct sdap_id_ctx *id_ctx; void *data; int ret; ret = ldap_id_init_internal(be_ctx, ops, &data); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot init LDAP ID provider [%d]: %s\n", ret, strerror(ret))); return ret; } id_ctx = talloc_get_type(data, struct sdap_id_ctx); if (!id_ctx) { DEBUG(SSSDBG_CRIT_FAILURE, ("No ID provider?\n")); return EIO; } return sdap_sudo_init(be_ctx, id_ctx, ops, pvt_data); #else DEBUG(SSSDBG_MINOR_FAILURE, ("Sudo init handler called but SSSD is " "built without sudo support, ignoring\n")); return EOK; #endif } int sssm_ldap_autofs_init(struct be_ctx *be_ctx, struct bet_ops **ops, void **pvt_data) { #ifdef BUILD_AUTOFS struct sdap_id_ctx *id_ctx; void *data; int ret; ret = ldap_id_init_internal(be_ctx, ops, &data); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot init LDAP ID provider [%d]: %s\n", ret, strerror(ret))); return ret; } id_ctx = talloc_get_type(data, struct sdap_id_ctx); if (!id_ctx) { DEBUG(SSSDBG_CRIT_FAILURE, ("No ID provider?\n")); return EIO; } return sdap_autofs_init(be_ctx, id_ctx, ops, pvt_data); #else DEBUG(SSSDBG_MINOR_FAILURE, ("Autofs init handler called but SSSD is " "built without autofs support, ignoring\n")); return EOK; #endif } static void sdap_shutdown(struct be_req *req) { /* TODO: Clean up any internal data */ sdap_handler_done(req, DP_ERR_OK, EOK, NULL); } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_id_op.c0000644000000000000000000000007312320753107021543 xustar000000000000000030 atime=1396954939.268891429 29 ctime=1396954961.62887497 sssd-1.11.5/src/providers/ldap/sdap_id_op.c0000664002412700241270000006610112320753107021772 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP ID backend operation retry logic and connection cache Authors: Eugene Indenbom Copyright (C) 2008-2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_id_op.h" /* LDAP async connection cache */ struct sdap_id_conn_cache { struct sdap_id_conn_ctx *id_conn; /* list of all open connections */ struct sdap_id_conn_data *connections; /* cached (current) connection */ struct sdap_id_conn_data *cached_connection; }; /* LDAP async operation tracker: * - keeps track of connection usage * - keeps track of operation retries */ struct sdap_id_op { /* ID backend context */ struct sdap_id_conn_cache *conn_cache; /* double linked list pointers */ struct sdap_id_op *prev, *next; /* current connection */ struct sdap_id_conn_data *conn_data; /* number of reconnects for this operation */ int reconnect_retry_count; /* connection request * It is required as we need to know which requests to notify * when shared connection request to sdap_handle completes. * This member is cleared when sdap_id_op_connect_state * associated with request is destroyed */ struct tevent_req *connect_req; }; /* LDAP connection cache connection attempt/established connection data */ struct sdap_id_conn_data { /* LDAP connection cache */ struct sdap_id_conn_cache *conn_cache; /* double linked list pointers */ struct sdap_id_conn_data *prev, *next; /* sdap handle */ struct sdap_handle *sh; /* connection request */ struct tevent_req *connect_req; /* timer for connection expiration */ struct tevent_timer *expire_timer; /* number of running connection notifies */ int notify_lock; /* list of operations using connect */ struct sdap_id_op *ops; /* A flag which is signalizing that this * connection will be disconnected and should * not be used any more */ bool disconnecting; }; static void sdap_id_conn_cache_be_offline_cb(void *pvt); static void sdap_id_conn_cache_fo_reconnect_cb(void *pvt); static void sdap_id_release_conn_data(struct sdap_id_conn_data *conn_data); static int sdap_id_conn_data_destroy(struct sdap_id_conn_data *conn_data); static bool sdap_is_connection_expired(struct sdap_id_conn_data *conn_data, int timeout); static bool sdap_can_reuse_connection(struct sdap_id_conn_data *conn_data); static void sdap_id_conn_data_expire_handler(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt); static int sdap_id_conn_data_set_expire_timer(struct sdap_id_conn_data *conn_data); static void sdap_id_op_hook_conn_data(struct sdap_id_op *op, struct sdap_id_conn_data *conn_data); static int sdap_id_op_destroy(void *pvt); static bool sdap_id_op_can_reconnect(struct sdap_id_op *op); static void sdap_id_op_connect_req_complete(struct sdap_id_op *op, int dp_error, int ret); static int sdap_id_op_connect_state_destroy(void *pvt); static int sdap_id_op_connect_step(struct tevent_req *req); static void sdap_id_op_connect_done(struct tevent_req *subreq); /* Create a connection cache */ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *id_conn, struct sdap_id_conn_cache** conn_cache_out) { int ret; struct sdap_id_conn_cache *conn_cache = talloc_zero(memctx, struct sdap_id_conn_cache); if (!conn_cache) { DEBUG(1, ("talloc_zero(struct sdap_id_conn_cache) failed.\n")); ret = ENOMEM; goto fail; } conn_cache->id_conn = id_conn; ret = be_add_offline_cb(conn_cache, id_conn->id_ctx->be, sdap_id_conn_cache_be_offline_cb, conn_cache, NULL); if (ret != EOK) { DEBUG(1, ("be_add_offline_cb failed.\n")); goto fail; } ret = be_add_reconnect_cb(conn_cache, id_conn->id_ctx->be, sdap_id_conn_cache_fo_reconnect_cb, conn_cache, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("be_add_reconnect_cb failed.\n")); goto fail; } *conn_cache_out = conn_cache; return EOK; fail: talloc_zfree(conn_cache); return ret; } /* Callback on BE going offline */ static void sdap_id_conn_cache_be_offline_cb(void *pvt) { struct sdap_id_conn_cache *conn_cache = talloc_get_type(pvt, struct sdap_id_conn_cache); struct sdap_id_conn_data *cached_connection = conn_cache->cached_connection; /* Release any cached connection on going offline */ if (cached_connection != NULL) { conn_cache->cached_connection = NULL; sdap_id_release_conn_data(cached_connection); } } /* Callback for attempt to reconnect to primary server */ static void sdap_id_conn_cache_fo_reconnect_cb(void *pvt) { struct sdap_id_conn_cache *conn_cache = talloc_get_type(pvt, struct sdap_id_conn_cache); struct sdap_id_conn_data *cached_connection = conn_cache->cached_connection; /* Release any cached connection on going offline */ if (cached_connection != NULL) { cached_connection->disconnecting = true; } } /* Release sdap_id_conn_data and destroy it if no longer needed */ static void sdap_id_release_conn_data(struct sdap_id_conn_data *conn_data) { struct sdap_id_conn_cache *conn_cache; if (!conn_data || conn_data->ops || conn_data->notify_lock) { /* connection is in use */ return; } conn_cache = conn_data->conn_cache; if (conn_data == conn_cache->cached_connection) { return; } DEBUG(9, ("releasing unused connection\n")); DLIST_REMOVE(conn_cache->connections, conn_data); talloc_zfree(conn_data); } /* Destructor for struct sdap_id_conn_data */ static int sdap_id_conn_data_destroy(struct sdap_id_conn_data *conn_data) { struct sdap_id_op *op; /* we clean out list of ops to make sure that order of destruction does not matter */ while ((op = conn_data->ops) != NULL) { op->conn_data = NULL; DLIST_REMOVE(conn_data->ops, op); } return 0; } /* Check whether connection will expire after timeout seconds */ static bool sdap_is_connection_expired(struct sdap_id_conn_data *conn_data, int timeout) { time_t expire_time; if (!conn_data || !conn_data->sh || !conn_data->sh->connected) { return true; } expire_time = conn_data->sh->expire_time; if ((expire_time != 0) && (expire_time < time( NULL ) + timeout) ) { return true; } return false; } /* Check whether connection can be reused for next LDAP ID operation */ static bool sdap_can_reuse_connection(struct sdap_id_conn_data *conn_data) { int timeout; if (!conn_data || !conn_data->sh || !conn_data->sh->connected || conn_data->disconnecting) { return false; } timeout = dp_opt_get_int(conn_data->conn_cache->id_conn->id_ctx->opts->basic, SDAP_OPT_TIMEOUT); return !sdap_is_connection_expired(conn_data, timeout); } /* Set expiration timer for connection if needed */ static int sdap_id_conn_data_set_expire_timer(struct sdap_id_conn_data *conn_data) { int timeout; struct timeval tv; memset(&tv, 0, sizeof(tv)); tv.tv_sec = conn_data->sh->expire_time; if (tv.tv_sec <= 0) { return EOK; } timeout = dp_opt_get_int(conn_data->conn_cache->id_conn->id_ctx->opts->basic, SDAP_OPT_TIMEOUT); if (timeout > 0) { tv.tv_sec -= timeout; } if (tv.tv_sec <= time(NULL)) { return EOK; } talloc_zfree(conn_data->expire_timer); conn_data->expire_timer = tevent_add_timer(conn_data->conn_cache->id_conn->id_ctx->be->ev, conn_data, tv, sdap_id_conn_data_expire_handler, conn_data); if (!conn_data->expire_timer) { return ENOMEM; } return EOK; } /* Handler for connection expiration timer */ static void sdap_id_conn_data_expire_handler(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt) { struct sdap_id_conn_data *conn_data = talloc_get_type(pvt, struct sdap_id_conn_data); struct sdap_id_conn_cache *conn_cache = conn_data->conn_cache; DEBUG(3, ("connection is about to expire, releasing it\n")); if (conn_cache->cached_connection == conn_data) { conn_cache->cached_connection = NULL; sdap_id_release_conn_data(conn_data); } } /* Create an operation object */ struct sdap_id_op *sdap_id_op_create(TALLOC_CTX *memctx, struct sdap_id_conn_cache *conn_cache) { struct sdap_id_op *op = talloc_zero(memctx, struct sdap_id_op); if (!op) { return NULL; } op->conn_cache = conn_cache; talloc_set_destructor((void*)op, sdap_id_op_destroy); return op; } /* Attach/detach connection to sdap_id_op */ static void sdap_id_op_hook_conn_data(struct sdap_id_op *op, struct sdap_id_conn_data *conn_data) { if (!op) { DEBUG(0, ("NULL op passed!!!\n")); return; } struct sdap_id_conn_data *current = op->conn_data; if (conn_data == current) { return; } if (current) { DLIST_REMOVE(current->ops, op); } op->conn_data = conn_data; if (conn_data) { DLIST_ADD_END(conn_data->ops, op, struct sdap_id_op*); } if (current) { sdap_id_release_conn_data(current); } } /* Destructor for sdap_id_op */ static int sdap_id_op_destroy(void *pvt) { struct sdap_id_op *op = talloc_get_type(pvt, struct sdap_id_op); if (op->conn_data) { DEBUG(9, ("releasing operation connection\n")); sdap_id_op_hook_conn_data(op, NULL); } return 0; } /* Check whether retry with reconnect can be performed for the operation */ static bool sdap_id_op_can_reconnect(struct sdap_id_op *op) { /* we allow 2 retries for failover server configured: * - one for connection broken during request execution * - one for the following (probably failed) reconnect attempt */ int max_retries; int count; count = be_fo_get_server_count(op->conn_cache->id_conn->id_ctx->be, op->conn_cache->id_conn->service->name); max_retries = 2 * count -1; if (max_retries < 1) { max_retries = 1; } return op->reconnect_retry_count < max_retries; } /* state of connect request */ struct sdap_id_op_connect_state { struct sdap_id_conn_ctx *id_conn; struct tevent_context *ev; struct sdap_id_op *op; int dp_error; int result; }; /* Destructor for operation connection request */ static int sdap_id_op_connect_state_destroy(void *pvt) { struct sdap_id_op_connect_state *state = talloc_get_type(pvt, struct sdap_id_op_connect_state); if (state->op != NULL) { /* clear destroyed connection request */ state->op->connect_req = NULL; } return 0; } /* Begin to connect to LDAP server */ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op, TALLOC_CTX *memctx, int *ret_out) { struct tevent_req *req = NULL; struct sdap_id_op_connect_state *state; int ret = EOK; if (!memctx) { DEBUG(1, ("Bug: no memory context passed.\n")); ret = EINVAL; goto done; } if (op->connect_req) { /* Connection already in progress, invalid operation */ DEBUG(1, ("Bug: connection request is already running or completed and leaked.\n")); ret = EINVAL; goto done; } req = tevent_req_create(memctx, &state, struct sdap_id_op_connect_state); if (!req) { ret = ENOMEM; goto done; } talloc_set_destructor((void*)state, sdap_id_op_connect_state_destroy); state->id_conn = op->conn_cache->id_conn; state->ev = state->id_conn->id_ctx->be->ev; state->op = op; op->connect_req = req; if (op->conn_data) { /* If the operation is already connected, * reuse existing connection regardless of its status */ DEBUG(9, ("reusing operation connection\n")); ret = EOK; goto done; } ret = sdap_id_op_connect_step(req); if (ret != EOK) { goto done; } done: if (ret != EOK) { talloc_zfree(req); } else if (op->conn_data && !op->conn_data->connect_req) { /* Connection is already established */ tevent_req_done(req); tevent_req_post(req, state->ev); } if (ret_out) { *ret_out = ret; } return req; } /* Begin a connection retry to LDAP server */ static int sdap_id_op_connect_step(struct tevent_req *req) { struct sdap_id_op_connect_state *state = tevent_req_data(req, struct sdap_id_op_connect_state); struct sdap_id_op *op = state->op; struct sdap_id_conn_cache *conn_cache = op->conn_cache; int ret = EOK; struct sdap_id_conn_data *conn_data; struct tevent_req *subreq = NULL; /* Try to reuse context cached connection */ conn_data = conn_cache->cached_connection; if (conn_data) { if (conn_data->connect_req) { DEBUG(9, ("waiting for connection to complete\n")); sdap_id_op_hook_conn_data(op, conn_data); goto done; } if (sdap_can_reuse_connection(conn_data)) { DEBUG(9, ("reusing cached connection\n")); sdap_id_op_hook_conn_data(op, conn_data); goto done; } DEBUG(9, ("releasing expired cached connection\n")); conn_cache->cached_connection = NULL; sdap_id_release_conn_data(conn_data); } DEBUG(9, ("beginning to connect\n")); conn_data = talloc_zero(conn_cache, struct sdap_id_conn_data); if (!conn_data) { ret = ENOMEM; goto done; } talloc_set_destructor(conn_data, sdap_id_conn_data_destroy); conn_data->conn_cache = conn_cache; subreq = sdap_cli_connect_send(conn_data, state->ev, state->id_conn->id_ctx->opts, state->id_conn->id_ctx->be, state->id_conn->service, false, CON_TLS_DFL, false); if (!subreq) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_id_op_connect_done, conn_data); conn_data->connect_req = subreq; DLIST_ADD(conn_cache->connections, conn_data); conn_cache->cached_connection = conn_data; sdap_id_op_hook_conn_data(op, conn_data); done: if (ret != EOK && conn_data) { sdap_id_release_conn_data(conn_data); } if (ret != EOK) { talloc_zfree(subreq); } return ret; } static void sdap_id_op_connect_reinit_done(struct tevent_req *req); /* Subrequest callback for connection completion */ static void sdap_id_op_connect_done(struct tevent_req *subreq) { struct sdap_id_conn_data *conn_data = tevent_req_callback_data(subreq, struct sdap_id_conn_data); struct sdap_id_conn_cache *conn_cache = conn_data->conn_cache; struct sdap_server_opts *srv_opts = NULL; struct sdap_server_opts *current_srv_opts = NULL; bool can_retry = false; bool is_offline = false; struct tevent_req *reinit_req = NULL; bool reinit = false; int ret; ret = sdap_cli_connect_recv(subreq, conn_data, &can_retry, &conn_data->sh, &srv_opts); conn_data->connect_req = NULL; talloc_zfree(subreq); conn_data->notify_lock++; if (ret == ENOTSUP) { DEBUG(0, ("Authentication mechanism not Supported by server\n")); } if (ret == EOK && (!conn_data->sh || !conn_data->sh->connected)) { DEBUG(0, ("sdap_cli_connect_recv returned bogus connection\n")); ret = EFAULT; } if (ret != EOK && !can_retry) { if (conn_cache->id_conn->ignore_mark_offline) { DEBUG(SSSDBG_TRACE_FUNC, ("Failed to connect to server, but ignore mark offline " "is enabled.\n")); } else { /* be is going offline as there is no more servers to try */ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to connect, going offline (%d [%s])\n", ret, strerror(ret))); be_mark_offline(conn_cache->id_conn->id_ctx->be); } is_offline = true; } if (ret == EOK) { current_srv_opts = conn_cache->id_conn->id_ctx->srv_opts; if (current_srv_opts) { DEBUG(8, ("Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn)); if (strcmp(srv_opts->server_id, current_srv_opts->server_id) == 0 && srv_opts->supports_usn && current_srv_opts->last_usn > srv_opts->last_usn) { DEBUG(5, ("Server was probably re-initialized\n")); current_srv_opts->max_user_value = 0; current_srv_opts->max_group_value = 0; current_srv_opts->max_service_value = 0; current_srv_opts->max_sudo_value = 0; current_srv_opts->last_usn = srv_opts->last_usn; reinit = true; } } ret = sdap_id_conn_data_set_expire_timer(conn_data); sdap_steal_server_opts(conn_cache->id_conn->id_ctx, &srv_opts); } if (can_retry) { switch (ret) { case EOK: case ENOTSUP: case EACCES: case EIO: case EFAULT: case ETIMEDOUT: break; default: /* do not attempt to retry on errors like ENOMEM */ can_retry = false; is_offline = true; be_mark_offline(conn_cache->id_conn->id_ctx->be); break; } } int notify_count = 0; /* Notify about connection */ for(;;) { struct sdap_id_op *op; if (ret == EOK && !conn_data->sh->connected) { DEBUG(9, ("connection was broken after %d notifies\n", notify_count)); } DLIST_FOR_EACH(op, conn_data->ops) { if (op->connect_req) { break; } } if (!op) { break; } /* another operation to notify */ notify_count++; if (ret != EOK || !conn_data->sh->connected) { /* failed to connect or connection got broken during notify */ bool retry = false; /* drop connection from cache now */ if (conn_cache->cached_connection == conn_data) { conn_cache->cached_connection = NULL; } if (can_retry) { /* determining whether retry is possible */ if (be_is_offline(conn_cache->id_conn->id_ctx->be)) { /* be is offline, no retry possible */ if (ret == EOK) { DEBUG(9, ("skipping automatic retry on op #%d as be is offline\n", notify_count)); ret = EIO; } can_retry = false; is_offline = true; } else { if (ret == EOK) { DEBUG(9, ("attempting automatic retry on op #%d\n", notify_count)); retry = true; } else if (sdap_id_op_can_reconnect(op)) { DEBUG(9, ("attempting failover retry on op #%d\n", notify_count)); op->reconnect_retry_count++; retry = true; } } } if (retry && op->connect_req) { int retry_ret = sdap_id_op_connect_step(op->connect_req); if (retry_ret != EOK) { can_retry = false; sdap_id_op_connect_req_complete(op, DP_ERR_FATAL, retry_ret); } continue; } } if (ret == EOK) { DEBUG(9, ("notify connected to op #%d\n", notify_count)); sdap_id_op_connect_req_complete(op, DP_ERR_OK, ret); } else if (is_offline) { DEBUG(9, ("notify offline to op #%d\n", notify_count)); sdap_id_op_connect_req_complete(op, DP_ERR_OFFLINE, EAGAIN); } else { DEBUG(9, ("notify error to op #%d: %d [%s]\n", notify_count, ret, strerror(ret))); sdap_id_op_connect_req_complete(op, DP_ERR_FATAL, ret); } } /* all operations notified */ if (conn_data->notify_lock > 0) { conn_data->notify_lock--; } if ((ret == EOK) && conn_data->sh->connected && !be_is_offline(conn_cache->id_conn->id_ctx->be)) { DEBUG(9, ("caching successful connection after %d notifies\n", notify_count)); conn_cache->cached_connection = conn_data; /* Run any post-connection routines */ be_run_unconditional_online_cb(conn_cache->id_conn->id_ctx->be); be_run_online_cb(conn_cache->id_conn->id_ctx->be); } else { if (conn_cache->cached_connection == conn_data) { conn_cache->cached_connection = NULL; } sdap_id_release_conn_data(conn_data); } if (reinit) { DEBUG(SSSDBG_TRACE_FUNC, ("Server reinitialization detected. " "Cleaning cache.\n")); reinit_req = sdap_reinit_cleanup_send(conn_cache->id_conn->id_ctx->be, conn_cache->id_conn->id_ctx->be, conn_cache->id_conn->id_ctx); if (reinit_req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to perform reinitialization " "clean up.\n")); return; } tevent_req_set_callback(reinit_req, sdap_id_op_connect_reinit_done, NULL); } } static void sdap_id_op_connect_reinit_done(struct tevent_req *req) { errno_t ret; ret = sdap_reinit_cleanup_recv(req); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to perform reinitialization " "clean up [%d]: %s\n", ret, strerror(ret))); /* not fatal */ return; } DEBUG(SSSDBG_TRACE_FUNC, ("Reinitialization clean up completed\n")); } /* Mark operation connection request as complete */ static void sdap_id_op_connect_req_complete(struct sdap_id_op *op, int dp_error, int ret) { struct tevent_req *req = op->connect_req; struct sdap_id_op_connect_state *state; if (!req) { return; } op->connect_req = NULL; state = tevent_req_data(req, struct sdap_id_op_connect_state); state->dp_error = dp_error; state->result = ret; if (ret == EOK) { tevent_req_done(req); } else { sdap_id_op_hook_conn_data(op, NULL); tevent_req_error(req, ret); } } /* Get the result of an asynchronous connect operation on sdap_id_op * * In dp_error data provider error code is returned: * DP_ERR_OK - connection established * DP_ERR_OFFLINE - backend is offline, operation result is set EAGAIN * DP_ERR_FATAL - operation failed */ int sdap_id_op_connect_recv(struct tevent_req *req, int *dp_error) { struct sdap_id_op_connect_state *state = tevent_req_data(req, struct sdap_id_op_connect_state); *dp_error = state->dp_error; return state->result; } /* Report completion of LDAP operation and release associated connection. * Returns operation result (possible updated) passed in ret parameter. * * In dp_error data provider error code is returned: * DP_ERR_OK (operation result = EOK) - operation completed * DP_ERR_OK (operation result != EOK) - operation can be retried * DP_ERR_OFFLINE - backend is offline, operation result is set EAGAIN * DP_ERR_FATAL - operation failed */ int sdap_id_op_done(struct sdap_id_op *op, int retval, int *dp_err_out) { bool communication_error; struct sdap_id_conn_data *current_conn = op->conn_data; switch (retval) { case EIO: case ETIMEDOUT: /* this currently the only possible communication error after connection is established */ communication_error = true; break; default: communication_error = false; break; } if (communication_error && current_conn != 0 && current_conn == op->conn_cache->cached_connection) { /* do not reuse failed connection */ op->conn_cache->cached_connection = NULL; DEBUG(5, ("communication error on cached connection, moving to next server\n")); be_fo_try_next_server(op->conn_cache->id_conn->id_ctx->be, op->conn_cache->id_conn->service->name); } int dp_err; if (retval == EOK) { dp_err = DP_ERR_OK; } else if (be_is_offline(op->conn_cache->id_conn->id_ctx->be)) { /* if backend is already offline, just report offline, do not duplicate errors */ dp_err = DP_ERR_OFFLINE; retval = EAGAIN; DEBUG(9, ("falling back to offline data...\n")); } else if (communication_error) { /* communication error, can try to reconnect */ if (!sdap_id_op_can_reconnect(op)) { dp_err = DP_ERR_FATAL; DEBUG(9, ("too many communication failures, giving up...\n")); } else { dp_err = DP_ERR_OK; retval = EAGAIN; } } else { dp_err = DP_ERR_FATAL; } if (dp_err == DP_ERR_OK && retval != EOK) { /* reconnect retry */ op->reconnect_retry_count++; DEBUG(9, ("advising for connection retry #%i\n", op->reconnect_retry_count)); } else { /* end of request */ op->reconnect_retry_count = 0; } if (current_conn) { DEBUG(9, ("releasing operation connection\n")); sdap_id_op_hook_conn_data(op, NULL); } *dp_err_out = dp_err; return retval; } /* Get SDAP handle associated with operation by sdap_id_op_connect */ struct sdap_handle *sdap_id_op_handle(struct sdap_id_op *op) { return op && op->conn_data ? op->conn_data->sh : NULL; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/ldap_id.c0000644000000000000000000000007412320753107021037 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.611874982 sssd-1.11.5/src/providers/ldap/ldap_id.c0000664002412700241270000015652612320753107021300 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Identity Backend Module Authors: Simo Sorce Copyright (C) 2008 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "util/util.h" #include "util/strtonum.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_idmap.h" #include "providers/ldap/sdap_users.h" /* =Users-Related-Functions-(by-name,by-uid)============================== */ struct users_get_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; struct sdap_domain *sdom; struct sdap_id_conn_ctx *conn; struct sdap_id_op *op; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; const char *name; int filter_type; char *filter; const char **attrs; bool use_id_mapping; int dp_error; int sdap_ret; bool noexist_delete; }; static int users_get_retry(struct tevent_req *req); static void users_get_connect_done(struct tevent_req *subreq); static void users_get_posix_check_done(struct tevent_req *subreq); static void users_get_search(struct tevent_req *req); static void users_get_done(struct tevent_req *subreq); struct tevent_req *users_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, int filter_type, int attrs_type, bool noexist_delete) { struct tevent_req *req; struct users_get_state *state; const char *attr_name = NULL; char *clean_name; char *endptr; int ret; uid_t uid; enum idmap_error_code err; char *sid; req = tevent_req_create(memctx, &state, struct users_get_state); if (!req) return NULL; state->ev = ev; state->ctx = ctx; state->sdom = sdom; state->conn = conn; state->dp_error = DP_ERR_FATAL; state->noexist_delete = noexist_delete; state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto fail; } state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; state->name = name; state->filter_type = filter_type; state->use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( ctx->opts->idmap_ctx, sdom->dom->name, sdom->dom->domain_id); switch (filter_type) { case BE_FILTER_NAME: attr_name = ctx->opts->user_map[SDAP_AT_USER_NAME].name; ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) { goto fail; } break; case BE_FILTER_IDNUM: if (state->use_id_mapping) { /* If we're ID-mapping, we need to use the objectSID * in the search filter. */ uid = strtouint32(name, &endptr, 10); if (errno != EOK) { ret = EINVAL; goto fail; } /* Convert the UID to its objectSID */ err = sss_idmap_unix_to_sid(ctx->opts->idmap_ctx->map, uid, &sid); if (err == IDMAP_NO_DOMAIN) { DEBUG(SSSDBG_MINOR_FAILURE, ("[%s] did not match any configured ID mapping domain\n", name)); ret = sysdb_delete_user(state->sysdb, state->domain, NULL, uid); if (ret == ENOENT) { /* Ignore errors to remove users that were not cached previously */ ret = EOK; } goto fail; } else if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Mapping ID [%s] to SID failed: [%s]\n", name, idmap_error_string(err))); ret = EIO; goto fail; } attr_name = ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name; ret = sss_filter_sanitize(state, sid, &clean_name); sss_idmap_free_sid(ctx->opts->idmap_ctx->map, sid); if (ret != EOK) { goto fail; } } else { attr_name = ctx->opts->user_map[SDAP_AT_USER_UID].name; ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) { goto fail; } } break; case BE_FILTER_SECID: attr_name = ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name; ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) { goto fail; } break; default: ret = EINVAL; goto fail; } if (attr_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing search attribute name.\n")); ret = EINVAL; goto fail; } if (state->use_id_mapping || filter_type == BE_FILTER_SECID) { /* When mapping IDs or looking for SIDs, we don't want to limit * ourselves to users with a UID value. But there must be a SID to map * from. */ state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))", attr_name, clean_name, ctx->opts->user_map[SDAP_OC_USER].name, ctx->opts->user_map[SDAP_AT_USER_NAME].name, ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name); } else { /* When not ID-mapping, make sure there is a non-NULL UID */ state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", attr_name, clean_name, ctx->opts->user_map[SDAP_OC_USER].name, ctx->opts->user_map[SDAP_AT_USER_NAME].name, ctx->opts->user_map[SDAP_AT_USER_UID].name, ctx->opts->user_map[SDAP_AT_USER_UID].name); } talloc_zfree(clean_name); if (!state->filter) { DEBUG(2, ("Failed to build the base filter\n")); ret = ENOMEM; goto fail; } /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->user_map, SDAP_OPTS_USER, NULL, &state->attrs, NULL); if (ret != EOK) goto fail; ret = users_get_retry(req); if (ret != EOK) { goto fail; } return req; fail: if (ret != EOK) { tevent_req_error(req, ret); } else { tevent_req_done(req); } tevent_req_post(req, ev); return req; } static int users_get_retry(struct tevent_req *req) { struct users_get_state *state = tevent_req_data(req, struct users_get_state); struct tevent_req *subreq; int ret = EOK; subreq = sdap_id_op_connect_send(state->op, state, &ret); if (!subreq) { return ret; } tevent_req_set_callback(subreq, users_get_connect_done, req); return EOK; } static void users_get_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct users_get_state *state = tevent_req_data(req, struct users_get_state); int dp_error = DP_ERR_FATAL; int ret; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } /* If POSIX attributes have been requested with an AD server and we * have no idea about POSIX attributes support, run a one-time check */ if (state->use_id_mapping == false && state->ctx->opts->schema_type == SDAP_SCHEMA_AD && state->ctx->srv_opts && state->ctx->srv_opts->posix_checked == false) { subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts, sdap_id_op_handle(state->op), state->sdom->user_search_bases, dp_opt_get_int(state->ctx->opts->basic, SDAP_SEARCH_TIMEOUT)); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, users_get_posix_check_done, req); return; } users_get_search(req); } static void users_get_posix_check_done(struct tevent_req *subreq) { errno_t ret; bool has_posix; int dp_error; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct users_get_state *state = tevent_req_data(req, struct users_get_state); ret = sdap_posix_check_recv(subreq, &has_posix); talloc_zfree(subreq); if (ret != EOK) { /* We can only finish the id_op on error as the connection * is re-used by the user search */ ret = sdap_id_op_done(state->op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = users_get_retry(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } } state->ctx->srv_opts->posix_checked = true; /* If the check ran to completion, we know for certain about the attributes */ if (has_posix == false) { state->sdap_ret = ERR_NO_POSIX; tevent_req_done(req); return; } users_get_search(req); } static void users_get_search(struct tevent_req *req) { struct users_get_state *state = tevent_req_data(req, struct users_get_state); struct tevent_req *subreq; subreq = sdap_get_users_send(state, state->ev, state->domain, state->sysdb, state->ctx->opts, state->sdom->user_search_bases, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, users_get_done, req); } static void users_get_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct users_get_state *state = tevent_req_data(req, struct users_get_state); char *endptr; uid_t uid; int dp_error = DP_ERR_FATAL; int ret; ret = sdap_get_users_recv(subreq, NULL, NULL); talloc_zfree(subreq); ret = sdap_id_op_done(state->op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = users_get_retry(req); if (ret != EOK) { tevent_req_error(req, ret); return; } return; } if ((ret == ENOENT) && (state->ctx->opts->schema_type == SDAP_SCHEMA_RFC2307) && (dp_opt_get_bool(state->ctx->opts->basic, SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS) == true)) { struct sysdb_attrs **usr_attrs; const char *name = NULL; bool fallback; switch (state->filter_type) { case BE_FILTER_NAME: name = state->name; uid = -1; fallback = true; break; case BE_FILTER_IDNUM: uid = (uid_t) strtouint32(state->name, &endptr, 10); if (errno || *endptr || (state->name == endptr)) { tevent_req_error(req, errno ? errno : EINVAL); return; } fallback = true; break; default: fallback = false; break; } if (fallback) { ret = sdap_fallback_local_user(state, state->ctx->opts, name, uid, &usr_attrs); if (ret == EOK) { ret = sdap_save_user(state, state->sysdb, state->ctx->opts, state->domain, usr_attrs[0], false, NULL, 0); } } } state->sdap_ret = ret; if (ret && ret != ENOENT) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } if (ret == ENOENT && state->noexist_delete == true) { switch (state->filter_type) { case BE_FILTER_ENUM: tevent_req_error(req, ret); return; case BE_FILTER_NAME: ret = sysdb_delete_user(state->sysdb, state->domain, state->name, 0); if (ret != EOK && ret != ENOENT) { tevent_req_error(req, ret); return; } break; case BE_FILTER_IDNUM: uid = (uid_t) strtouint32(state->name, &endptr, 10); if (errno || *endptr || (state->name == endptr)) { tevent_req_error(req, errno ? errno : EINVAL); return; } ret = sysdb_delete_user(state->sysdb, state->domain, NULL, uid); if (ret != EOK && ret != ENOENT) { tevent_req_error(req, ret); return; } break; case BE_FILTER_SECID: /* Since it is not clear if the SID belongs to a user or a group * we have nothing to do here. */ break; default: tevent_req_error(req, EINVAL); return; } } state->dp_error = DP_ERR_OK; /* FIXME - return sdap error so that we know the user was not found */ tevent_req_done(req); } int users_get_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret) { struct users_get_state *state = tevent_req_data(req, struct users_get_state); if (dp_error_out) { *dp_error_out = state->dp_error; } if (sdap_ret) { *sdap_ret = state->sdap_ret; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* =Groups-Related-Functions-(by-name,by-uid)============================= */ struct groups_get_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; struct sdap_domain *sdom; struct sdap_id_conn_ctx *conn; struct sdap_id_op *op; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; const char *name; int filter_type; char *filter; const char **attrs; bool use_id_mapping; int dp_error; int sdap_ret; bool noexist_delete; }; static int groups_get_retry(struct tevent_req *req); static void groups_get_connect_done(struct tevent_req *subreq); static void groups_get_posix_check_done(struct tevent_req *subreq); static void groups_get_search(struct tevent_req *req); static void groups_get_done(struct tevent_req *subreq); struct tevent_req *groups_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, int filter_type, int attrs_type, bool noexist_delete) { struct tevent_req *req; struct groups_get_state *state; const char *attr_name = NULL; char *clean_name; char *endptr; int ret; gid_t gid; enum idmap_error_code err; char *sid; const char *member_filter[2]; req = tevent_req_create(memctx, &state, struct groups_get_state); if (!req) return NULL; state->ev = ev; state->ctx = ctx; state->sdom = sdom; state->conn = conn; state->dp_error = DP_ERR_FATAL; state->noexist_delete = noexist_delete; state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto fail; } state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; state->name = name; state->filter_type = filter_type; state->use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( ctx->opts->idmap_ctx, sdom->dom->name, sdom->dom->domain_id); switch(filter_type) { case BE_FILTER_NAME: attr_name = ctx->opts->group_map[SDAP_AT_GROUP_NAME].name; ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) { goto fail; } break; case BE_FILTER_IDNUM: if (state->use_id_mapping) { /* If we're ID-mapping, we need to use the objectSID * in the search filter. */ gid = strtouint32(name, &endptr, 10); if (errno != EOK) { ret = EINVAL; goto fail; } /* Convert the GID to its objectSID */ err = sss_idmap_unix_to_sid(ctx->opts->idmap_ctx->map, gid, &sid); if (err == IDMAP_NO_DOMAIN) { DEBUG(SSSDBG_MINOR_FAILURE, ("[%s] did not match any configured ID mapping domain\n", name)); ret = sysdb_delete_group(state->sysdb, state->domain, NULL, gid); if (ret == ENOENT) { /* Ignore errors to remove users that were not cached previously */ ret = EOK; } goto fail; } else if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Mapping ID [%s] to SID failed: [%s]\n", name, idmap_error_string(err))); ret = EIO; goto fail; } attr_name = ctx->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name; ret = sss_filter_sanitize(state, sid, &clean_name); sss_idmap_free_sid(ctx->opts->idmap_ctx->map, sid); if (ret != EOK) { goto fail; } } else { attr_name = ctx->opts->group_map[SDAP_AT_GROUP_GID].name; ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) { goto fail; } } break; case BE_FILTER_SECID: attr_name = ctx->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name; ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) { goto fail; } break; default: ret = EINVAL; goto fail; } if (attr_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing search attribute name.\n")); ret = EINVAL; goto fail; } if (state->use_id_mapping || filter_type == BE_FILTER_SECID) { /* When mapping IDs or looking for SIDs, we don't want to limit * ourselves to groups with a GID value */ state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*))", attr_name, clean_name, ctx->opts->group_map[SDAP_OC_GROUP].name, ctx->opts->group_map[SDAP_AT_GROUP_NAME].name); } else { state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", attr_name, clean_name, ctx->opts->group_map[SDAP_OC_GROUP].name, ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, ctx->opts->group_map[SDAP_AT_GROUP_GID].name, ctx->opts->group_map[SDAP_AT_GROUP_GID].name); } talloc_zfree(clean_name); if (!state->filter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto fail; } member_filter[0] = (const char *)ctx->opts->group_map[SDAP_AT_GROUP_MEMBER].name; member_filter[1] = NULL; /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP, state->domain->ignore_group_members ? (const char **)member_filter : NULL, &state->attrs, NULL); if (ret != EOK) goto fail; ret = groups_get_retry(req); if (ret != EOK) { goto fail; } return req; fail: if (ret != EOK) { tevent_req_error(req, ret); } else { tevent_req_done(req); } tevent_req_post(req, ev); return req; } static int groups_get_retry(struct tevent_req *req) { struct groups_get_state *state = tevent_req_data(req, struct groups_get_state); struct tevent_req *subreq; int ret = EOK; subreq = sdap_id_op_connect_send(state->op, state, &ret); if (!subreq) { return ret; } tevent_req_set_callback(subreq, groups_get_connect_done, req); return EOK; } static void groups_get_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct groups_get_state *state = tevent_req_data(req, struct groups_get_state); int dp_error = DP_ERR_FATAL; int ret; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } /* If POSIX attributes have been requested with an AD server and we * have no idea about POSIX attributes support, run a one-time check */ if (state->use_id_mapping == false && state->ctx->opts->schema_type == SDAP_SCHEMA_AD && state->ctx->srv_opts && state->ctx->srv_opts->posix_checked == false) { subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts, sdap_id_op_handle(state->op), state->sdom->user_search_bases, dp_opt_get_int(state->ctx->opts->basic, SDAP_SEARCH_TIMEOUT)); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, groups_get_posix_check_done, req); return; } groups_get_search(req); } static void groups_get_posix_check_done(struct tevent_req *subreq) { errno_t ret; bool has_posix; int dp_error; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct groups_get_state *state = tevent_req_data(req, struct groups_get_state); ret = sdap_posix_check_recv(subreq, &has_posix); talloc_zfree(subreq); if (ret != EOK) { /* We can only finish the id_op on error as the connection * is re-used by the group search */ ret = sdap_id_op_done(state->op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = groups_get_retry(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } } state->ctx->srv_opts->posix_checked = true; /* If the check ran to completion, we know for certain about the attributes */ if (has_posix == false) { state->sdap_ret = ERR_NO_POSIX; tevent_req_done(req); return; } groups_get_search(req); } static void groups_get_search(struct tevent_req *req) { struct groups_get_state *state = tevent_req_data(req, struct groups_get_state); struct tevent_req *subreq; subreq = sdap_get_groups_send(state, state->ev, state->sdom, state->ctx->opts, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, groups_get_done, req); } static void groups_get_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct groups_get_state *state = tevent_req_data(req, struct groups_get_state); char *endptr; gid_t gid; int dp_error = DP_ERR_FATAL; int ret; ret = sdap_get_groups_recv(subreq, NULL, NULL); talloc_zfree(subreq); ret = sdap_id_op_done(state->op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = groups_get_retry(req); if (ret != EOK) { tevent_req_error(req, ret); return; } return; } state->sdap_ret = ret; if (ret && ret != ENOENT) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } if (ret == ENOENT && state->noexist_delete == true) { switch (state->filter_type) { case BE_FILTER_ENUM: tevent_req_error(req, ret); return; case BE_FILTER_NAME: ret = sysdb_delete_group(state->sysdb, state->domain, state->name, 0); if (ret != EOK && ret != ENOENT) { tevent_req_error(req, ret); return; } break; case BE_FILTER_IDNUM: gid = (gid_t) strtouint32(state->name, &endptr, 10); if (errno || *endptr || (state->name == endptr)) { tevent_req_error(req, errno ? errno : EINVAL); return; } ret = sysdb_delete_group(state->sysdb, state->domain, NULL, gid); if (ret != EOK && ret != ENOENT) { tevent_req_error(req, ret); return; } break; case BE_FILTER_SECID: /* Since it is not clear if the SID belongs to a user or a group * we have nothing to do here. */ break; default: tevent_req_error(req, EINVAL); return; } } state->dp_error = DP_ERR_OK; tevent_req_done(req); } int groups_get_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret) { struct groups_get_state *state = tevent_req_data(req, struct groups_get_state); if (dp_error_out) { *dp_error_out = state->dp_error; } if (sdap_ret) { *sdap_ret = state->sdap_ret; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* =Get-Groups-for-User================================================== */ struct groups_by_user_state { struct tevent_context *ev; struct sdap_id_ctx *ctx; struct sdap_domain *sdom; struct sdap_id_conn_ctx *conn; struct sdap_id_op *op; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; const char *name; const char **attrs; int dp_error; int sdap_ret; bool noexist_delete; }; static int groups_by_user_retry(struct tevent_req *req); static void groups_by_user_connect_done(struct tevent_req *subreq); static void groups_by_user_done(struct tevent_req *subreq); static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, bool noexist_delete) { struct tevent_req *req; struct groups_by_user_state *state; int ret; req = tevent_req_create(memctx, &state, struct groups_by_user_state); if (!req) return NULL; state->ev = ev; state->ctx = ctx; state->dp_error = DP_ERR_FATAL; state->conn = conn; state->sdom = sdom; state->noexist_delete = noexist_delete; state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto fail; } state->name = name; state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP, NULL, &state->attrs, NULL); if (ret != EOK) goto fail; ret = groups_by_user_retry(req); if (ret != EOK) { goto fail; } return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static int groups_by_user_retry(struct tevent_req *req) { struct groups_by_user_state *state = tevent_req_data(req, struct groups_by_user_state); struct tevent_req *subreq; int ret = EOK; subreq = sdap_id_op_connect_send(state->op, state, &ret); if (!subreq) { return ret; } tevent_req_set_callback(subreq, groups_by_user_connect_done, req); return EOK; } static void groups_by_user_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct groups_by_user_state *state = tevent_req_data(req, struct groups_by_user_state); int dp_error = DP_ERR_FATAL; int ret; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } subreq = sdap_get_initgr_send(state, state->ev, state->sdom, sdap_id_op_handle(state->op), state->ctx, state->conn, state->name, state->attrs); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, groups_by_user_done, req); } static void groups_by_user_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct groups_by_user_state *state = tevent_req_data(req, struct groups_by_user_state); int dp_error = DP_ERR_FATAL; int ret; ret = sdap_get_initgr_recv(subreq); talloc_zfree(subreq); ret = sdap_id_op_done(state->op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = groups_by_user_retry(req); if (ret != EOK) { tevent_req_error(req, ret); return; } return; } state->sdap_ret = ret; if (ret && ret != ENOENT) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } if (ret == ENOENT && state->noexist_delete == true) { ret = sysdb_delete_user(state->ctx->be->domain->sysdb, state->ctx->be->domain, state->name, 0); if (ret != EOK && ret != ENOENT) { tevent_req_error(req, ret); return; } } state->dp_error = DP_ERR_OK; tevent_req_done(req); } int groups_by_user_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret) { struct groups_by_user_state *state = tevent_req_data(req, struct groups_by_user_state); if (dp_error_out) { *dp_error_out = state->dp_error; } if (sdap_ret) { *sdap_ret = state->sdap_ret; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void sdap_check_online_done(struct tevent_req *req); void sdap_check_online(struct be_req *be_req) { struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct sdap_id_ctx *ctx; ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data, struct sdap_id_ctx); return sdap_do_online_check(be_req, ctx); } struct sdap_online_check_ctx { struct be_req *be_req; struct sdap_id_ctx *id_ctx; }; void sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx) { struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct tevent_req *req; struct sdap_online_check_ctx *check_ctx; errno_t ret; check_ctx = talloc_zero(be_req, struct sdap_online_check_ctx); if (!check_ctx) { ret = ENOMEM; DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed\n")); goto fail; } check_ctx->id_ctx = ctx; check_ctx->be_req = be_req; req = sdap_cli_connect_send(be_req, be_ctx->ev, ctx->opts, be_ctx, ctx->conn->service, false, CON_TLS_DFL, false); if (req == NULL) { DEBUG(1, ("sdap_cli_connect_send failed.\n")); ret = EIO; goto fail; } tevent_req_set_callback(req, sdap_check_online_done, check_ctx); return; fail: sdap_handler_done(be_req, DP_ERR_FATAL, ret, NULL); } static void sdap_check_online_reinit_done(struct tevent_req *req); static void sdap_check_online_done(struct tevent_req *req) { struct sdap_online_check_ctx *check_ctx = tevent_req_callback_data(req, struct sdap_online_check_ctx); int ret; int dp_err = DP_ERR_FATAL; bool can_retry; struct sdap_server_opts *srv_opts; struct be_req *be_req; struct sdap_id_ctx *id_ctx; struct tevent_req *reinit_req = NULL; bool reinit = false; struct be_ctx *be_ctx; ret = sdap_cli_connect_recv(req, NULL, &can_retry, NULL, &srv_opts); talloc_zfree(req); if (ret != EOK) { if (!can_retry) { dp_err = DP_ERR_OFFLINE; } } else { dp_err = DP_ERR_OK; if (!check_ctx->id_ctx->srv_opts) { srv_opts->max_user_value = 0; srv_opts->max_group_value = 0; srv_opts->max_service_value = 0; srv_opts->max_sudo_value = 0; } else if (strcmp(srv_opts->server_id, check_ctx->id_ctx->srv_opts->server_id) == 0 && srv_opts->supports_usn && check_ctx->id_ctx->srv_opts->last_usn > srv_opts->last_usn) { check_ctx->id_ctx->srv_opts->max_user_value = 0; check_ctx->id_ctx->srv_opts->max_group_value = 0; check_ctx->id_ctx->srv_opts->max_service_value = 0; check_ctx->id_ctx->srv_opts->max_sudo_value = 0; check_ctx->id_ctx->srv_opts->last_usn = srv_opts->last_usn; reinit = true; } sdap_steal_server_opts(check_ctx->id_ctx, &srv_opts); } be_req = check_ctx->be_req; be_ctx = be_req_get_be_ctx(be_req); id_ctx = check_ctx->id_ctx; talloc_free(check_ctx); if (reinit) { DEBUG(SSSDBG_TRACE_FUNC, ("Server reinitialization detected. " "Cleaning cache.\n")); reinit_req = sdap_reinit_cleanup_send(be_req, be_ctx, id_ctx); if (reinit_req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to perform reinitialization " "clean up.\n")); /* not fatal */ goto done; } tevent_req_set_callback(reinit_req, sdap_check_online_reinit_done, be_req); return; } done: sdap_handler_done(be_req, dp_err, 0, NULL); } static void sdap_check_online_reinit_done(struct tevent_req *req) { struct be_req *be_req = NULL; errno_t ret; be_req = tevent_req_callback_data(req, struct be_req); ret = sdap_reinit_cleanup_recv(req); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to perform reinitialization " "clean up [%d]: %s\n", ret, strerror(ret))); /* not fatal */ } else { DEBUG(SSSDBG_TRACE_FUNC, ("Reinitialization clean up completed\n")); } sdap_handler_done(be_req, DP_ERR_OK, 0, NULL); } /* =Get-Account-Info-Call================================================= */ /* FIXME: embed this function in sssd_be and only call out * specific functions from modules ? */ void sdap_handle_account_info(struct be_req *breq, struct sdap_id_ctx *ctx, struct sdap_id_conn_ctx *conn); static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, int filter_type, int attrs_type, bool noexist_delete); errno_t sdap_get_user_and_group_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret); void sdap_account_info_handler(struct be_req *breq) { struct be_ctx *be_ctx = be_req_get_be_ctx(breq); struct sdap_id_ctx *ctx; ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data, struct sdap_id_ctx); if (!ctx) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not get sdap ctx\n")); return sdap_handler_done(breq, DP_ERR_FATAL, EINVAL, "Invalid request data\n"); } return sdap_handle_account_info(breq, ctx, ctx->conn); } /* A generic LDAP account info handler */ struct sdap_handle_acct_req_state { struct be_req *breq; struct be_acct_req *ar; const char *err; int dp_error; int sdap_ret; }; static void sdap_handle_acct_req_done(struct tevent_req *subreq); struct tevent_req * sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, struct be_req *breq, struct be_acct_req *ar, struct sdap_id_ctx *id_ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, bool noexist_delete) { struct tevent_req *req; struct tevent_req *subreq; struct be_ctx *be_ctx; struct sdap_handle_acct_req_state *state; errno_t ret; be_ctx = be_req_get_be_ctx(breq); req = tevent_req_create(mem_ctx, &state, struct sdap_handle_acct_req_state); if (!req) { ret = ENOMEM; goto done; } state->breq = breq; state->ar = ar; if (ar == NULL) { ret = EINVAL; goto done; } switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ /* skip enumerations on demand */ if (ar->filter_type == BE_FILTER_ENUM) { DEBUG(SSSDBG_TRACE_LIBS, ("Skipping user enumeration on demand\n")); state->err = "Success"; ret = EOK; goto done; } subreq = users_get_send(breq, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, ar->filter_type, ar->attr_type, noexist_delete); break; case BE_REQ_GROUP: /* group */ /* skip enumerations on demand */ if (ar->filter_type == BE_FILTER_ENUM) { DEBUG(SSSDBG_TRACE_LIBS, ("Skipping group enumeration on demand\n")); state->err = "Success"; ret = EOK; goto done; } subreq = groups_get_send(breq, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, ar->filter_type, ar->attr_type, noexist_delete); break; case BE_REQ_INITGROUPS: /* init groups for user */ if (ar->filter_type != BE_FILTER_NAME) { ret = EINVAL; state->err = "Invalid filter type"; goto done; } if (ar->attr_type != BE_ATTR_CORE) { ret = EINVAL; state->err = "Invalid attr type"; goto done; } subreq = groups_by_user_send(breq, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, noexist_delete); break; case BE_REQ_NETGROUP: if (ar->filter_type != BE_FILTER_NAME) { ret = EINVAL; state->err = "Invalid filter type"; goto done; } subreq = ldap_netgroup_get_send(breq, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, noexist_delete); break; case BE_REQ_SERVICES: /* skip enumerations on demand */ if (ar->filter_type == BE_FILTER_ENUM) { DEBUG(SSSDBG_TRACE_LIBS, ("Skipping service enumeration on demand\n")); state->err = "Success"; ret = EOK; goto done; } if (ar->filter_type == BE_FILTER_SECID) { ret = EINVAL; state->err = "Invalid filter type"; goto done; } subreq = services_get_send(breq, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, ar->extra_value, ar->filter_type, noexist_delete); break; case BE_REQ_BY_SECID: if (ar->filter_type != BE_FILTER_SECID) { ret = EINVAL; state->err = "Invalid filter type"; goto done; } subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, ar->filter_type, ar->attr_type, noexist_delete); break; case BE_REQ_USER_AND_GROUP: if (!(ar->filter_type == BE_FILTER_NAME || ar->filter_type == BE_FILTER_IDNUM)) { ret = EINVAL; state->err = "Invalid filter type"; goto done; } subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, ar->filter_type, ar->attr_type, noexist_delete); break; default: /*fail*/ ret = EINVAL; state->err = "Invalid request type"; goto done; } if (!subreq) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_handle_acct_req_done, req); return req; done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, be_ctx->ev); return req; } static void sdap_handle_acct_req_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_handle_acct_req_state *state; errno_t ret; const char *err = "Invalid request type"; state = tevent_req_data(req, struct sdap_handle_acct_req_state); switch (state->ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ err = "User lookup failed"; ret = users_get_recv(subreq, &state->dp_error, &state->sdap_ret); break; case BE_REQ_GROUP: /* group */ err = "Group lookup failed"; ret = groups_get_recv(subreq, &state->dp_error, &state->sdap_ret); break; case BE_REQ_INITGROUPS: /* init groups for user */ err = "Init group lookup failed"; ret = groups_by_user_recv(subreq, &state->dp_error, &state->sdap_ret); break; case BE_REQ_NETGROUP: err = "Netgroup lookup failed"; ret = ldap_netgroup_get_recv(subreq, &state->dp_error, &state->sdap_ret); break; case BE_REQ_SERVICES: err = "Service lookup failed"; ret = services_get_recv(subreq, &state->dp_error, &state->sdap_ret); break; case BE_REQ_BY_SECID: /* Fallthrough */ case BE_REQ_USER_AND_GROUP: err = "Lookup by SID failed"; ret = sdap_get_user_and_group_recv(subreq, &state->dp_error, &state->sdap_ret); break; default: /*fail*/ ret = EINVAL; break; } talloc_zfree(subreq); if (ret != EOK) { state->err = err; tevent_req_error(req, ret); return; } state->err = "Success"; tevent_req_done(req); } errno_t sdap_handle_acct_req_recv(struct tevent_req *req, int *_dp_error, const char **_err, int *sdap_ret) { struct sdap_handle_acct_req_state *state; state = tevent_req_data(req, struct sdap_handle_acct_req_state); if (_dp_error) { *_dp_error = state->dp_error; } if (_err) { *_err = state->err; } if (sdap_ret) { *sdap_ret = state->sdap_ret; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void sdap_account_info_complete(struct tevent_req *req); void sdap_handle_account_info(struct be_req *breq, struct sdap_id_ctx *ctx, struct sdap_id_conn_ctx *conn) { struct be_acct_req *ar; struct tevent_req *req; if (be_is_offline(ctx->be)) { return sdap_handler_done(breq, DP_ERR_OFFLINE, EAGAIN, "Offline"); } ar = talloc_get_type(be_req_get_data(breq), struct be_acct_req); if (ar == NULL) { return sdap_handler_done(breq, DP_ERR_FATAL, EINVAL, "Invalid private data"); } req = sdap_handle_acct_req_send(breq, breq, ar, ctx, ctx->opts->sdom, conn, true); if (req == NULL) { return sdap_handler_done(breq, DP_ERR_FATAL, ENOMEM, "Out of memory"); } tevent_req_set_callback(req, sdap_account_info_complete, breq); } static void sdap_account_info_complete(struct tevent_req *req) { const char *error_text; const char *req_error_text; struct be_req *breq = tevent_req_callback_data(req, struct be_req); int ret, dp_error; ret = sdap_handle_acct_req_recv(req, &dp_error, &req_error_text, NULL); talloc_zfree(req); if (dp_error == DP_ERR_OK) { if (ret == EOK) { error_text = NULL; } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Bug: dp_error is OK on failed request")); dp_error = DP_ERR_FATAL; error_text = req_error_text; } } else if (dp_error == DP_ERR_OFFLINE) { error_text = "Offline"; } else if (dp_error == DP_ERR_FATAL && ret == ENOMEM) { error_text = "Out of memory"; } else { error_text = req_error_text; } sdap_handler_done(breq, dp_error, ret, error_text); } struct get_user_and_group_state { struct tevent_context *ev; struct sdap_id_ctx *id_ctx; struct sdap_domain *sdom; struct sdap_id_conn_ctx *conn; struct sdap_id_op *op; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; const char *filter_val; int filter_type; int attrs_type; char *filter; const char **attrs; int dp_error; int sdap_ret; bool noexist_delete; }; static void get_user_and_group_users_done(struct tevent_req *subreq); static void get_user_and_group_groups_done(struct tevent_req *subreq); static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *id_ctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *filter_val, int filter_type, int attrs_type, bool noexist_delete) { struct tevent_req *req; struct tevent_req *subreq; struct get_user_and_group_state *state; int ret; req = tevent_req_create(memctx, &state, struct get_user_and_group_state); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("tevent_req_create failed.\n")); return NULL; } state->ev = ev; state->id_ctx = id_ctx; state->sdom = sdom; state->conn = conn; state->dp_error = DP_ERR_FATAL; state->noexist_delete = noexist_delete; state->op = sdap_id_op_create(state, state->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto fail; } state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; state->filter_val = filter_val; state->filter_type = filter_type; state->attrs_type = attrs_type; subreq = groups_get_send(req, state->ev, state->id_ctx, state->sdom, state->conn, state->filter_val, state->filter_type, state->attrs_type, state->noexist_delete); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("users_get_send failed.\n")); ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, get_user_and_group_groups_done, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void get_user_and_group_groups_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct get_user_and_group_state *state = tevent_req_data(req, struct get_user_and_group_state); int ret; ret = groups_get_recv(subreq, &state->dp_error, &state->sdap_ret); talloc_zfree(subreq); if (ret != EOK) { /* Fatal error while looking up group */ tevent_req_error(req, ret); return; } if (state->sdap_ret == EOK) { /* Matching group found */ tevent_req_done(req); return; } else if (state->sdap_ret != ENOENT) { tevent_req_error(req, EIO); return; } /* Now the search finished fine but did not find an entry. * Retry with users. */ subreq = users_get_send(req, state->ev, state->id_ctx, state->sdom, state->conn, state->filter_val, state->filter_type, state->attrs_type, state->noexist_delete); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("groups_get_send failed.\n")); tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, get_user_and_group_users_done, req); } static void get_user_and_group_users_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct get_user_and_group_state *state = tevent_req_data(req, struct get_user_and_group_state); int ret; ret = users_get_recv(subreq, &state->dp_error, &state->sdap_ret); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } if (state->sdap_ret == ENOENT) { /* The search ran to completion, but nothing was found. * Delete the existing entry, if any. */ ret = sysdb_delete_by_sid(state->sysdb, state->domain, state->filter_val); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not delete entry by SID!\n")); tevent_req_error(req, ret); return; } } else if (state->sdap_ret != EOK) { tevent_req_error(req, EIO); return; } /* Both ret and sdap->ret are EOK. Matching user found */ tevent_req_done(req); return; } errno_t sdap_get_user_and_group_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret) { struct get_user_and_group_state *state = tevent_req_data(req, struct get_user_and_group_state); if (dp_error_out) { *dp_error_out = state->dp_error; } if (sdap_ret) { *sdap_ret = state->sdap_ret; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_idmap.c0000644000000000000000000000007412320753107021544 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.629874969 sssd-1.11.5/src/providers/ldap/sdap_idmap.c0000664002412700241270000004577412320753107022007 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "util/dlinklist.h" #include "util/murmurhash3.h" #include "providers/ldap/sdap_idmap.h" #include "util/util_sss_idmap.h" static errno_t sdap_idmap_get_configured_external_range(struct sdap_idmap_ctx *idmap_ctx, struct sss_idmap_range *range) { int int_id; struct sdap_id_ctx *id_ctx; uint32_t min; uint32_t max; if (idmap_ctx == NULL) { return EINVAL; } id_ctx = idmap_ctx->id_ctx; int_id = dp_opt_get_int(id_ctx->opts->basic, SDAP_MIN_ID); if (int_id < 0) { DEBUG(SSSDBG_CONF_SETTINGS, ("ldap_min_id must be greater than 0.\n")); return EINVAL; } min = int_id; int_id = dp_opt_get_int(id_ctx->opts->basic, SDAP_MAX_ID); if (int_id < 0) { DEBUG(SSSDBG_CONF_SETTINGS, ("ldap_max_id must be greater than 0.\n")); return EINVAL; } max = int_id; if ((min == 0 && max != 0) || (min != 0 && max == 0)) { DEBUG(SSSDBG_CONF_SETTINGS, ("Both ldap_min_id and ldap_max_id " \ "either must be 0 (not set) " \ "or positive integers.\n")); return EINVAL; } if (min == 0 && max == 0) { /* ldap_min_id and ldap_max_id not set, using min_id and max_id */ min = id_ctx->be->domain->id_min; max = id_ctx->be->domain->id_max; if (max == 0) { max = UINT32_MAX; } } range->min = min; range->max =max; return EOK; } static errno_t sdap_idmap_add_configured_external_range(struct sdap_idmap_ctx *idmap_ctx) { int ret; struct sss_idmap_range range; struct sdap_id_ctx *id_ctx; enum idmap_error_code err; ret = sdap_idmap_get_configured_external_range(idmap_ctx, &range); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_idmap_get_configured_external_range failed.\n")); return ret; } id_ctx = idmap_ctx->id_ctx; err = sss_idmap_add_domain_ex(idmap_ctx->map, id_ctx->be->domain->name, id_ctx->be->domain->domain_id, &range, NULL, 0, true); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add domain [%s] to the map: [%d]\n", id_ctx->be->domain->name, err)); return EIO; } return EOK; } errno_t sdap_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx, const char *dom_name, const char *dom_sid_str) { int ret; ret = sdap_idmap_add_domain(idmap_ctx, dom_name, dom_sid_str, -1); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not add new domain [%s]\n", dom_name)); return ret; } return EOK; } errno_t sdap_idmap_init(TALLOC_CTX *mem_ctx, struct sdap_id_ctx *id_ctx, struct sdap_idmap_ctx **_idmap_ctx) { errno_t ret; TALLOC_CTX *tmp_ctx; enum idmap_error_code err; size_t i; struct ldb_result *res; const char *dom_name; const char *sid_str; id_t slice_num; id_t idmap_lower; id_t idmap_upper; id_t rangesize; bool autorid_mode; struct sdap_idmap_ctx *idmap_ctx = NULL; struct sysdb_ctx *sysdb = id_ctx->be->domain->sysdb; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; idmap_ctx = talloc_zero(tmp_ctx, struct sdap_idmap_ctx); if (!idmap_ctx) { ret = ENOMEM; goto done; } idmap_ctx->id_ctx = id_ctx; idmap_ctx->find_new_domain = sdap_idmap_find_new_domain; idmap_lower = dp_opt_get_int(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_LOWER); idmap_upper = dp_opt_get_int(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_UPPER); rangesize = dp_opt_get_int(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_RANGESIZE); autorid_mode = dp_opt_get_bool(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_AUTORID_COMPAT); /* Validate that the values make sense */ if (rangesize <= 0 || idmap_upper <= idmap_lower || (idmap_upper-idmap_lower) < rangesize) { DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid settings for range selection: " "[%"SPRIid"][%"SPRIid"][%"SPRIid"]\n", idmap_lower, idmap_upper, rangesize)); ret = EINVAL; goto done; } if (((idmap_upper - idmap_lower) % rangesize) != 0) { DEBUG(SSSDBG_CONF_SETTINGS, ("Range size does not divide evenly. Uppermost range will " "not be used\n")); } /* Initialize the map */ err = sss_idmap_init(sss_idmap_talloc, idmap_ctx, sss_idmap_talloc_free, &idmap_ctx->map); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not initialize the ID map: [%s]\n", idmap_error_string(err))); if (err == IDMAP_OUT_OF_MEMORY) { ret = ENOMEM; } else { ret = EINVAL; } goto done; } err = sss_idmap_ctx_set_autorid(idmap_ctx->map, autorid_mode); err |= sss_idmap_ctx_set_lower(idmap_ctx->map, idmap_lower); err |= sss_idmap_ctx_set_upper(idmap_ctx->map, idmap_upper); err |= sss_idmap_ctx_set_rangesize(idmap_ctx->map, rangesize); if (err != IDMAP_SUCCESS) { /* This should never happen */ DEBUG(SSSDBG_CRIT_FAILURE, ("sss_idmap_ctx corrupted\n")); return EIO; } /* Setup range for externally managed IDs, i.e. IDs are read from the * ldap_user_uid_number and ldap_group_gid_number attributes. */ if (!dp_opt_get_bool(idmap_ctx->id_ctx->opts->basic, SDAP_ID_MAPPING)) { ret = sdap_idmap_add_configured_external_range(idmap_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_idmap_add_configured_external_range failed.\n")); goto done; } } /* Read in any existing mappings from the cache */ ret = sysdb_idmap_get_mappings(tmp_ctx, sysdb, id_ctx->be->domain, &res); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not read ID mappings from the cache: [%s]\n", strerror(ret))); goto done; } if (ret == EOK && res->count > 0) { DEBUG(SSSDBG_CONF_SETTINGS, ("Initializing [%d] domains for ID-mapping\n", res->count)); for (i = 0; i < res->count; i++) { dom_name = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_NAME, NULL); if (!dom_name) { /* This should never happen */ ret = EINVAL; goto done; } sid_str = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_IDMAP_SID_ATTR, NULL); if (!sid_str) { /* This should never happen */ ret = EINVAL; goto done; } slice_num = ldb_msg_find_attr_as_int(res->msgs[i], SYSDB_IDMAP_SLICE_ATTR, -1); if (slice_num == -1) { /* This should never happen */ ret = EINVAL; goto done; } ret = sdap_idmap_add_domain(idmap_ctx, dom_name, sid_str, slice_num); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add domain [%s][%s][%"SPRIid"] " "to ID map: [%s]\n", dom_name, sid_str, slice_num, strerror(ret))); goto done; } } } else { /* This is the first time we're setting up id-mapping * Store the default domain as slice 0 */ dom_name = dp_opt_get_string(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_DEFAULT_DOMAIN); if (!dom_name) { /* If it's not explicitly specified, use the SSSD domain name */ dom_name = idmap_ctx->id_ctx->be->domain->name; ret = dp_opt_set_string(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_DEFAULT_DOMAIN, dom_name); if (ret != EOK) goto done; } sid_str = dp_opt_get_string(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_DEFAULT_DOMAIN_SID); if (sid_str) { /* Set the default domain as slice 0 */ ret = sdap_idmap_add_domain(idmap_ctx, dom_name, sid_str, 0); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add domain [%s][%s][%u] to ID map: [%s]\n", dom_name, sid_str, 0, strerror(ret))); goto done; } } else { if (dp_opt_get_bool(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_AUTORID_COMPAT)) { /* In autorid compatibility mode, we MUST have a slice 0 */ DEBUG(SSSDBG_CRIT_FAILURE, ("WARNING: Autorid compatibility mode selected, " "but %s is not set. UID/GID values may differ " "between clients.\n", idmap_ctx->id_ctx->opts->basic[SDAP_IDMAP_DEFAULT_DOMAIN_SID].opt_name)); } /* Otherwise, we'll just fall back to hash values as they are seen */ } } *_idmap_ctx = talloc_steal(mem_ctx, idmap_ctx); ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sdap_idmap_add_domain(struct sdap_idmap_ctx *idmap_ctx, const char *dom_name, const char *dom_sid, id_t slice) { errno_t ret; struct sss_idmap_range range; enum idmap_error_code err; id_t idmap_upper; bool external_mapping = true; ret = sss_idmap_ctx_get_upper(idmap_ctx->map, &idmap_upper); if (ret != IDMAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to get upper bound of available ID range.\n")); ret = EIO; goto done; } if (dp_opt_get_bool(idmap_ctx->id_ctx->opts->basic, SDAP_ID_MAPPING)) { external_mapping = false; ret = sss_idmap_calculate_range(idmap_ctx->map, dom_sid, &slice, &range); if (ret != IDMAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to calculate range for domain [%s]: [%d]\n", dom_name, ret)); ret = EIO; goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Adding domain [%s] as slice [%"SPRIid"]\n", dom_sid, slice)); if (range.max > idmap_upper) { /* This should never happen */ DEBUG(SSSDBG_CRIT_FAILURE, ("BUG: Range maximum exceeds the global maximum: " "%u > %"SPRIid"\n", range.max, idmap_upper)); ret = EINVAL; goto done; } } else { ret = sdap_idmap_get_configured_external_range(idmap_ctx, &range); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_idmap_get_configured_external_range failed.\n")); return ret; } } /* Add this domain to the map */ err = sss_idmap_add_domain_ex(idmap_ctx->map, dom_name, dom_sid, &range, NULL, 0, external_mapping); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add domain [%s] to the map: [%d]\n", dom_name, err)); ret = EIO; goto done; } /* If algorithmic mapping is used add this domain to the SYSDB cache so it * will survive reboot */ if (!external_mapping) { ret = sysdb_idmap_store_mapping(idmap_ctx->id_ctx->be->domain->sysdb, idmap_ctx->id_ctx->be->domain, dom_name, dom_sid, slice); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_idmap_store_mapping failed.\n")); goto done; } } done: return ret; } errno_t sdap_idmap_get_dom_sid_from_object(TALLOC_CTX *mem_ctx, const char *object_sid, char **dom_sid_str) { const char *p; long long a; size_t c; char *endptr; if (object_sid == NULL || strncmp(object_sid, DOM_SID_PREFIX, DOM_SID_PREFIX_LEN) != 0) { return EINVAL; } p = object_sid + DOM_SID_PREFIX_LEN; c = 0; do { errno = 0; a = strtoull(p, &endptr, 10); if (errno != 0 || a > UINT32_MAX) { return EINVAL; } if (*endptr == '-') { p = endptr + 1; } else { return EINVAL; } c++; } while(c < 3); /* If we made it here, we are now one character past * the last hyphen in the object-sid. * Copy the dom-sid substring. */ *dom_sid_str = talloc_strndup(mem_ctx, object_sid, (endptr-object_sid)); if (!*dom_sid_str) return ENOMEM; return EOK; } errno_t sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx, const char *sid_str, id_t *id) { errno_t ret; enum idmap_error_code err; char *dom_sid_str = NULL; /* Convert the SID into a UNIX ID */ err = sss_idmap_sid_to_unix(idmap_ctx->map, sid_str, (uint32_t *)id); switch (err) { case IDMAP_SUCCESS: break; case IDMAP_NO_DOMAIN: /* This is the first time we've seen this domain * Create a new domain for it. We'll use the dom-sid * as the domain name for now, since we don't have * any way to get the real name. */ ret = sdap_idmap_get_dom_sid_from_object(NULL, sid_str, &dom_sid_str); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not parse domain SID from [%s]\n", sid_str)); goto done; } ret = idmap_ctx->find_new_domain(idmap_ctx, dom_sid_str, dom_sid_str); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not add new domain for sid [%s]\n", sid_str)); goto done; } /* Now try converting to a UNIX ID again */ err = sss_idmap_sid_to_unix(idmap_ctx->map, sid_str, (uint32_t *)id); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not convert objectSID [%s] to a UNIX ID\n", sid_str)); ret = EIO; goto done; } break; case IDMAP_BUILTIN_SID: DEBUG(SSSDBG_TRACE_FUNC, ("Object SID [%s] is a built-in one.\n", sid_str)); /* ENOTSUP indicates built-in SID */ ret = ENOTSUP; goto done; break; default: DEBUG(SSSDBG_MINOR_FAILURE, ("Could not convert objectSID [%s] to a UNIX ID\n", sid_str)); ret = EIO; goto done; } ret = EOK; done: talloc_free(dom_sid_str); return ret; } bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx, const char *dom_name, const char *dom_sid) { enum idmap_error_code err; bool has_algorithmic_mapping; char *new_dom_sid; int ret; TALLOC_CTX *tmp_ctx = NULL; if (dp_opt_get_bool(ctx->id_ctx->opts->basic, SDAP_ID_MAPPING) && 0 == strcmp("ldap", ctx->id_ctx->be->bet_info[BET_ID].mod_name)) { return true; } err = sss_idmap_domain_has_algorithmic_mapping(ctx->map, dom_sid, &has_algorithmic_mapping); switch (err){ case IDMAP_SUCCESS: return has_algorithmic_mapping; case IDMAP_SID_INVALID: /* FALLTHROUGH */ case IDMAP_SID_UNKNOWN: /* FALLTHROUGH */ case IDMAP_NO_DOMAIN: /* FALLTHROUGH */ /* continue with idmap_domain_by_name */ break; default: return false; } err = sss_idmap_domain_by_name_has_algorithmic_mapping(ctx->map, dom_name, &has_algorithmic_mapping); if (err == IDMAP_SUCCESS) { return has_algorithmic_mapping; } else if (err != IDMAP_NAME_UNKNOWN && err != IDMAP_NO_DOMAIN) { return false; } /* This is the first time we've seen this domain * Create a new domain for it. We'll use the dom-sid * as the domain name for now, since we don't have * any way to get the real name. */ if (is_domain_sid(dom_sid)) { new_dom_sid = discard_const(dom_sid); } else { tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return false; } ret = sdap_idmap_get_dom_sid_from_object(tmp_ctx, dom_sid, &new_dom_sid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not parse domain SID from [%s]\n", dom_sid)); talloc_free(tmp_ctx); return false; } } ret = ctx->find_new_domain(ctx, dom_name, new_dom_sid); talloc_free(tmp_ctx); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not add new domain for sid [%s]\n", dom_sid)); return false; } err = sss_idmap_domain_has_algorithmic_mapping(ctx->map, dom_sid, &has_algorithmic_mapping); if (err == IDMAP_SUCCESS) { return has_algorithmic_mapping; } return false; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_range.h0000644000000000000000000000007412320753107021553 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.481875078 sssd-1.11.5/src/providers/ldap/sdap_range.h0000664002412700241270000000212212320753107021772 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef SDAP_RANGE_H_ #define SDAP_RANGE_H_ #include "src/util/util.h" errno_t sdap_parse_range(TALLOC_CTX *mem_ctx, const char *attr_desc, char **base_attr, uint32_t *range_offset, bool disable_range_retrieval); #endif /* SDAP_RANGE_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap.h0000644000000000000000000000007312320753107020376 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.474875084 sssd-1.11.5/src/providers/ldap/sdap.h0000664002412700241270000003633612320753107020634 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Helper routines Copyright (C) Simo Sorce This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SDAP_H_ #define _SDAP_H_ #include "providers/dp_backend.h" #include #include "util/sss_ldap.h" struct sdap_msg { struct sdap_msg *next; LDAPMessage *msg; }; struct sdap_op; typedef void (sdap_op_callback_t)(struct sdap_op *op, struct sdap_msg *, int, void *); struct sdap_handle; struct sdap_op { struct sdap_op *prev, *next; struct sdap_handle *sh; int msgid; bool done; sdap_op_callback_t *callback; void *data; struct tevent_context *ev; struct sdap_msg *list; struct sdap_msg *last; }; struct fd_event_item { struct fd_event_item *prev; struct fd_event_item *next; int fd; struct tevent_fd *fde; }; struct ldap_cb_data { struct sdap_handle *sh; struct tevent_context *ev; struct fd_event_item *fd_list; }; struct sup_list { int num_vals; char **vals; }; struct sdap_handle { LDAP *ldap; bool connected; /* Authentication ticket expiration time (if any) */ time_t expire_time; ber_int_t page_size; bool disable_deref; struct sdap_fd_events *sdap_fd_events; struct sup_list supported_saslmechs; struct sup_list supported_controls; struct sup_list supported_extensions; struct sdap_op *ops; /* during release we need to lock access to the handler * from the destructor to avoid recursion */ bool destructor_lock; /* mark when it is safe to finally release the handler memory */ bool release_memory; }; struct sdap_service { char *name; char *uri; char *kinit_service_name; struct sockaddr_storage *sockaddr; }; struct sdap_ppolicy_data { int grace; int expire; }; #define SYSDB_SHADOWPW_LASTCHANGE "shadowLastChange" #define SYSDB_SHADOWPW_MIN "shadowMin" #define SYSDB_SHADOWPW_MAX "shadowMax" #define SYSDB_SHADOWPW_WARNING "shadowWarning" #define SYSDB_SHADOWPW_INACTIVE "shadowInactive" #define SYSDB_SHADOWPW_EXPIRE "shadowExpire" #define SYSDB_SHADOWPW_FLAG "shadowFlag" #define SYSDB_NS_ACCOUNT_LOCK "nsAccountLock" #define SYSDB_KRBPW_LASTCHANGE "krbLastPwdChange" #define SYSDB_KRBPW_EXPIRATION "krbPasswordExpiration" #define SYSDB_PWD_ATTRIBUTE "pwdAttribute" #define SYSDB_AD_ACCOUNT_EXPIRES "adAccountExpires" #define SYSDB_AD_USER_ACCOUNT_CONTROL "adUserAccountControl" #define SYSDB_NDS_LOGIN_DISABLED "ndsLoginDisabled" #define SYSDB_NDS_LOGIN_EXPIRATION_TIME "ndsLoginExpirationTime" #define SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP "ndsLoginAllowedTimeMap" #define SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS "namingContexts" #define SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT "defaultNamingContext" #define SDAP_ROOTDSE_ATTR_AD_VERSION "domainControllerFunctionality" #define SDAP_IPA_USN "entryUSN" #define SDAP_IPA_LAST_USN "lastUSN" #define SDAP_AD_USN "uSNChanged" #define SDAP_AD_LAST_USN "highestCommittedUSN" #define SDAP_AD_GROUP_TYPE_BUILTIN 0x00000001 #define SDAP_AD_GROUP_TYPE_GLOBAL 0x00000002 #define SDAP_AD_GROUP_TYPE_DOMAIN_LOCAL 0x00000004 #define SDAP_AD_GROUP_TYPE_UNIVERSAL 0x00000008 #define SDAP_AD_GROUP_TYPE_APP_BASIC 0x00000010 #define SDAP_AD_GROUP_TYPE_APP_QUERY 0x00000020 #define SDAP_AD_GROUP_TYPE_SECURITY 0x80000000 enum sdap_basic_opt { SDAP_URI = 0, SDAP_BACKUP_URI, SDAP_SEARCH_BASE, SDAP_DEFAULT_BIND_DN, SDAP_DEFAULT_AUTHTOK_TYPE, SDAP_DEFAULT_AUTHTOK, SDAP_SEARCH_TIMEOUT, SDAP_NETWORK_TIMEOUT, SDAP_OPT_TIMEOUT, SDAP_TLS_REQCERT, SDAP_USER_SEARCH_BASE, SDAP_USER_SEARCH_SCOPE, SDAP_USER_SEARCH_FILTER, SDAP_GROUP_SEARCH_BASE, SDAP_GROUP_SEARCH_SCOPE, SDAP_GROUP_SEARCH_FILTER, SDAP_SERVICE_SEARCH_BASE, SDAP_SUDO_SEARCH_BASE, SDAP_SUDO_FULL_REFRESH_INTERVAL, SDAP_SUDO_SMART_REFRESH_INTERVAL, SDAP_SUDO_USE_HOST_FILTER, SDAP_SUDO_HOSTNAMES, SDAP_SUDO_IP, SDAP_SUDO_INCLUDE_NETGROUPS, SDAP_SUDO_INCLUDE_REGEXP, SDAP_AUTOFS_SEARCH_BASE, SDAP_SCHEMA, SDAP_OFFLINE_TIMEOUT, SDAP_FORCE_UPPER_CASE_REALM, SDAP_ENUM_REFRESH_TIMEOUT, SDAP_CACHE_PURGE_TIMEOUT, SDAP_TLS_CACERT, SDAP_TLS_CACERTDIR, SDAP_TLS_CERT, SDAP_TLS_KEY, SDAP_TLS_CIPHER_SUITE, SDAP_ID_TLS, SDAP_ID_MAPPING, SDAP_SASL_MECH, SDAP_SASL_AUTHID, SDAP_SASL_REALM, SDAP_SASL_MINSSF, SDAP_KRB5_KEYTAB, SDAP_KRB5_KINIT, SDAP_KRB5_KDC, SDAP_KRB5_BACKUP_KDC, SDAP_KRB5_REALM, SDAP_KRB5_CANONICALIZE, SDAP_KRB5_USE_KDCINFO, SDAP_PWD_POLICY, SDAP_REFERRALS, SDAP_ACCOUNT_CACHE_EXPIRATION, SDAP_DNS_SERVICE_NAME, SDAP_KRB5_TICKET_LIFETIME, SDAP_ACCESS_FILTER, SDAP_NETGROUP_SEARCH_BASE, SDAP_NESTING_LEVEL, SDAP_DEREF, SDAP_ACCOUNT_EXPIRE_POLICY, SDAP_ACCESS_ORDER, SDAP_CHPASS_URI, SDAP_CHPASS_BACKUP_URI, SDAP_CHPASS_DNS_SERVICE_NAME, SDAP_CHPASS_UPDATE_LAST_CHANGE, SDAP_ENUM_SEARCH_TIMEOUT, SDAP_DISABLE_AUTH_TLS, SDAP_PAGE_SIZE, SDAP_DEREF_THRESHOLD, SDAP_SASL_CANONICALIZE, SDAP_EXPIRE_TIMEOUT, SDAP_DISABLE_PAGING, SDAP_IDMAP_LOWER, SDAP_IDMAP_UPPER, SDAP_IDMAP_RANGESIZE, SDAP_IDMAP_AUTORID_COMPAT, SDAP_IDMAP_DEFAULT_DOMAIN, SDAP_IDMAP_DEFAULT_DOMAIN_SID, SDAP_AD_MATCHING_RULE_GROUPS, SDAP_AD_MATCHING_RULE_INITGROUPS, SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS, SDAP_DISABLE_RANGE_RETRIEVAL, SDAP_MIN_ID, SDAP_MAX_ID, SDAP_OPTS_BASIC /* opts counter */ }; enum sdap_gen_attrs { SDAP_AT_ENTRY_USN = 0, SDAP_AT_LAST_USN, SDAP_AT_GENERAL /* attrs counter */ }; /* the objectclass must be the first attribute. * Functions depend on this */ enum sdap_user_attrs { SDAP_OC_USER = 0, SDAP_AT_USER_NAME, SDAP_AT_USER_PWD, SDAP_AT_USER_UID, SDAP_AT_USER_GID, SDAP_AT_USER_GECOS, SDAP_AT_USER_HOME, SDAP_AT_USER_SHELL, SDAP_AT_USER_PRINC, SDAP_AT_USER_FULLNAME, SDAP_AT_USER_MEMBEROF, SDAP_AT_USER_UUID, SDAP_AT_USER_OBJECTSID, SDAP_AT_USER_PRIMARY_GROUP, SDAP_AT_USER_MODSTAMP, SDAP_AT_USER_USN, SDAP_AT_SP_LSTCHG, SDAP_AT_SP_MIN, SDAP_AT_SP_MAX, SDAP_AT_SP_WARN, SDAP_AT_SP_INACT, SDAP_AT_SP_EXPIRE, SDAP_AT_SP_FLAG, SDAP_AT_KP_LASTCHANGE, SDAP_AT_KP_EXPIRATION, SDAP_AT_PWD_ATTRIBUTE, SDAP_AT_AUTH_SVC, SDAP_AT_AD_ACCOUNT_EXPIRES, SDAP_AT_AD_USER_ACCOUNT_CONTROL, SDAP_AT_NS_ACCOUNT_LOCK, SDAP_AT_AUTHORIZED_HOST, SDAP_AT_NDS_LOGIN_DISABLED, SDAP_AT_NDS_LOGIN_EXPIRATION_TIME, SDAP_AT_NDS_LOGIN_ALLOWED_TIME_MAP, SDAP_AT_USER_SSH_PUBLIC_KEY, SDAP_OPTS_USER /* attrs counter */ }; #define SDAP_FIRST_EXTRA_USER_AT SDAP_AT_SP_LSTCHG /* the objectclass must be the first attribute. * Functions depend on this */ enum sdap_group_attrs { SDAP_OC_GROUP = 0, SDAP_AT_GROUP_NAME, SDAP_AT_GROUP_PWD, SDAP_AT_GROUP_GID, SDAP_AT_GROUP_MEMBER, SDAP_AT_GROUP_UUID, SDAP_AT_GROUP_OBJECTSID, SDAP_AT_GROUP_MODSTAMP, SDAP_AT_GROUP_USN, SDAP_AT_GROUP_TYPE, SDAP_OPTS_GROUP /* attrs counter */ }; enum sdap_netgroup_attrs { SDAP_OC_NETGROUP = 0, SDAP_AT_NETGROUP_NAME, SDAP_AT_NETGROUP_MEMBER, SDAP_AT_NETGROUP_TRIPLE, SDAP_AT_NETGROUP_UUID, SDAP_AT_NETGROUP_MODSTAMP, SDAP_OPTS_NETGROUP /* attrs counter */ }; enum sdap_sudorule_attrs { SDAP_OC_SUDORULE = 0, SDAP_AT_SUDO_NAME, SDAP_AT_SUDO_COMMAND, SDAP_AT_SUDO_HOST, SDAP_AT_SUDO_USER, SDAP_AT_SUDO_OPTION, SDAP_AT_SUDO_RUNASUSER, SDAP_AT_SUDO_RUNASGROUP, SDAP_AT_SUDO_NOTBEFORE, SDAP_AT_SUDO_NOTAFTER, SDAP_AT_SUDO_ORDER, SDAP_AT_SUDO_USN, SDAP_OPTS_SUDO /* attrs counter */ }; enum sdap_service_attrs { SDAP_OC_SERVICE = 0, SDAP_AT_SERVICE_NAME, SDAP_AT_SERVICE_PORT, SDAP_AT_SERVICE_PROTOCOL, SDAP_AT_SERVICE_USN, SDAP_OPTS_SERVICES /* attrs counter */ }; enum sdap_autofs_map_attrs { SDAP_OC_AUTOFS_MAP, SDAP_AT_AUTOFS_MAP_NAME, SDAP_OPTS_AUTOFS_MAP /* attrs counter */ }; enum sdap_autofs_entry_attrs { SDAP_OC_AUTOFS_ENTRY, SDAP_AT_AUTOFS_ENTRY_KEY, SDAP_AT_AUTOFS_ENTRY_VALUE, SDAP_OPTS_AUTOFS_ENTRY /* attrs counter */ }; struct sdap_attr_map { const char *opt_name; const char *def_name; const char *sys_name; char *name; }; #define SDAP_ATTR_MAP_TERMINATOR { NULL, NULL, NULL, NULL } struct sdap_search_base { const char *basedn; int scope; const char *filter; }; /* Values from * http://msdn.microsoft.com/en-us/library/cc223272%28v=prot.13%29.aspx */ enum dc_functional_level { DS_BEHAVIOR_WIN2000 = 0, DS_BEHAVIOR_WIN2003 = 2, DS_BEHAVIOR_WIN2008 = 3, DS_BEHAVIOR_WIN2008R2 = 4, DS_BEHAVIOR_WIN2012 = 5 }; struct sdap_domain { struct sss_domain_info *dom; char *basedn; struct sdap_search_base **search_bases; struct sdap_search_base **user_search_bases; struct sdap_search_base **group_search_bases; struct sdap_search_base **netgroup_search_bases; struct sdap_search_base **sudo_search_bases; struct sdap_search_base **service_search_bases; struct sdap_search_base **autofs_search_bases; struct sdap_domain *next, *prev; /* Need to modify the list from a talloc destructor */ struct sdap_domain **head; /* Enumeration and cleanup periodic task */ struct be_ptask *enum_task; struct be_ptask *cleanup_task; /* enumeration loop timer */ struct timeval last_enum; /* cleanup loop timer */ struct timeval last_purge; void *pvt; }; struct sdap_options { struct dp_option *basic; struct sdap_attr_map *gen_map; struct sdap_attr_map *user_map; struct sdap_attr_map *group_map; struct sdap_attr_map *netgroup_map; struct sdap_attr_map *service_map; /* ID-mapping support */ struct sdap_idmap_ctx *idmap_ctx; /* FIXME - should this go to a special struct to avoid mixing with name-service-switch maps? */ struct sdap_attr_map *sudorule_map; struct sdap_attr_map *autofs_mobject_map; struct sdap_attr_map *autofs_entry_map; /* supported schema types */ enum schema_type { SDAP_SCHEMA_RFC2307 = 1, /* memberUid = uid */ SDAP_SCHEMA_RFC2307BIS = 2, /* member = dn */ SDAP_SCHEMA_IPA_V1 = 3, /* member/memberof */ SDAP_SCHEMA_AD = 4 /* AD's member/memberof */ } schema_type; /* The search bases for the domain or its subdomain */ struct sdap_domain *sdom; bool support_matching_rule; enum dc_functional_level dc_functional_level; }; struct sdap_server_opts { char *server_id; bool supports_usn; unsigned long last_usn; char *max_user_value; char *max_group_value; char *max_service_value; char *max_sudo_value; bool posix_checked; }; struct sdap_id_ctx; struct sdap_attr_map_info { struct sdap_attr_map *map; int num_attrs; }; struct sdap_deref_attrs { struct sdap_attr_map *map; struct sysdb_attrs *attrs; }; int sdap_copy_map(TALLOC_CTX *memctx, struct sdap_attr_map *src_map, int num_entries, struct sdap_attr_map **_map); int sdap_get_map(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct sdap_attr_map *def_map, int num_entries, struct sdap_attr_map **_map); int sdap_parse_entry(TALLOC_CTX *memctx, struct sdap_handle *sh, struct sdap_msg *sm, struct sdap_attr_map *map, int attrs_num, struct sysdb_attrs **_attrs, char **_dn, bool disable_range_retrieval); errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, struct sdap_attr_map_info *minfo, size_t num_maps, LDAPDerefRes *dref, struct sdap_deref_attrs ***_res); int sdap_get_msg_dn(TALLOC_CTX *memctx, struct sdap_handle *sh, struct sdap_msg *sm, char **_dn); errno_t setup_tls_config(struct dp_option *basic_opts); int sdap_set_rootdse_supported_lists(struct sysdb_attrs *rootdse, struct sdap_handle *sh); bool sdap_check_sup_list(struct sup_list *l, const char *val); #define sdap_is_sasl_mech_supported(sh, sasl_mech) \ sdap_check_sup_list(&((sh)->supported_saslmechs), sasl_mech) #define sdap_is_control_supported(sh, ctrl_oid) \ sdap_check_sup_list(&((sh)->supported_controls), ctrl_oid) #define sdap_is_extension_supported(sh, ext_oid) \ sdap_check_sup_list(&((sh)->supported_extensions), ext_oid) int build_attrs_from_map(TALLOC_CTX *memctx, struct sdap_attr_map *map, size_t size, const char **filter, const char ***_attrs, size_t *attr_count); int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical, struct berval *value, int dupval, LDAPControl **ctrlp); int sdap_replace_id(struct sysdb_attrs *entry, const char *attr, id_t val); errno_t sdap_get_group_primary_name(TALLOC_CTX *memctx, struct sdap_options *opts, struct sysdb_attrs *attrs, struct sss_domain_info *dom, const char **_group_name); errno_t sdap_get_user_primary_name(TALLOC_CTX *memctx, struct sdap_options *opts, struct sysdb_attrs *attrs, struct sss_domain_info *dom, const char **_user_name); errno_t sdap_get_netgroup_primary_name(TALLOC_CTX *memctx, struct sdap_options *opts, struct sysdb_attrs *attrs, struct sss_domain_info *dom, const char **_netgroup_name); errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, struct sdap_options *opts, struct sdap_domain *sdom); int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, const char *server, struct sysdb_attrs *rootdse, struct sdap_options *opts, struct sdap_server_opts **srv_opts); void sdap_steal_server_opts(struct sdap_id_ctx *id_ctx, struct sdap_server_opts **srv_opts); #endif /* _SDAP_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_sudo_cache.h0000644000000000000000000000007412320753107022554 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.477875081 sssd-1.11.5/src/providers/ldap/sdap_sudo_cache.h0000664002412700241270000000263012320753107022777 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SDAP_SUDO_CACHE_H_ #define _SDAP_SUDO_CACHE_H_ #include "src/providers/ldap/sdap.h" /* Cache functions specific for the native sudo LDAP schema */ errno_t sdap_save_native_sudorule_list(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *domain, struct sdap_attr_map *map, struct sysdb_attrs **replies, size_t replies_count, int cache_timeout, time_t now, char **_usn); #endif /* _SDAP_SUDO_CACHE_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/ldap_opts.h0000644000000000000000000000007412320753107021435 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.481875078 sssd-1.11.5/src/providers/ldap/ldap_opts.h0000664002412700241270000005163312320753107021667 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef LDAP_OPTS_H_ #define LDAP_OPTS_H_ #include "src/providers/data_provider.h" #include "db/sysdb.h" #include "db/sysdb_sudo.h" #include "db/sysdb_autofs.h" #include "db/sysdb_services.h" struct dp_option default_basic_opts[] = { { "ldap_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_backup_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_authtok_type", DP_OPT_STRING, { "password" }, NULL_STRING}, { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB }, { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING }, { "ldap_user_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_user_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING }, { "ldap_user_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_group_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_group_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING }, { "ldap_group_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_service_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_full_refresh_interval", DP_OPT_NUMBER, { .number = 21600 }, NULL_NUMBER }, /* 360 mins */ { "ldap_sudo_smart_refresh_interval", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, /* 15 mins */ { "ldap_sudo_use_host_filter", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_sudo_hostnames", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_ip", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_include_netgroups", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_sudo_include_regexp", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_autofs_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_schema", DP_OPT_STRING, { "rfc2307" }, NULL_STRING }, { "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 10800 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_key", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cipher_suite", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_id_use_start_tls", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_id_mapping", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_sasl_mech", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER }, { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, /* use the same parm name as the krb5 module so we set it only once */ { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "krb5_use_kdcinfo", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_pwd_policy", DP_OPT_STRING, { "none" }, NULL_STRING }, { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, { "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING }, { "ldap_krb5_ticket_lifetime", DP_OPT_NUMBER, { .number = (24 * 60 * 60) }, NULL_NUMBER }, { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_netgroup_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_group_nesting_level", DP_OPT_NUMBER, { .number = 2 }, NULL_NUMBER }, { "ldap_deref", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_account_expire_policy", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_access_order", DP_OPT_STRING, { "filter" }, NULL_STRING }, { "ldap_chpass_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_backup_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_update_last_change", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, /* Do not include ldap_auth_disable_tls_never_use_in_production in the * manpages or SSSDConfig API */ { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_page_size", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }, { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }, { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER }, { "ldap_idmap_range_size", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, { "ldap_idmap_autorid_compat", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_idmap_default_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_idmap_default_domain_sid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_groups_use_matching_rule_in_chain", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_initgroups_use_matching_rule_in_chain", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_rfc2307_fallback_to_local_users", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_disable_range_retrieval", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_min_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER}, { "ldap_max_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER}, DP_OPTION_TERMINATOR }; struct sdap_attr_map generic_attr_map[] = { { "ldap_entry_usn", NULL, SYSDB_USN, NULL }, { "ldap_rootdse_last_usn", NULL, SYSDB_HIGH_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map gen_ipa_attr_map[] = { { "ldap_entry_usn", SDAP_IPA_USN, SYSDB_USN, NULL }, { "ldap_rootdse_last_usn", SDAP_IPA_LAST_USN, SYSDB_HIGH_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map gen_ad_attr_map[] = { { "ldap_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL }, { "ldap_rootdse_last_usn", SDAP_AD_LAST_USN, SYSDB_HIGH_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map rfc2307_user_map[] = { { "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL }, { "ldap_user_name", "uid", SYSDB_NAME, NULL }, { "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL }, { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL }, { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL }, { "ldap_user_home_directory", "homeDirectory", SYSDB_HOMEDIR, NULL }, { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL }, { "ldap_user_principal", "krbPrincipalName", SYSDB_UPN, NULL }, { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL }, { "ldap_user_member_of", NULL, SYSDB_MEMBEROF, NULL }, { "ldap_user_uuid", NULL, SYSDB_UUID, NULL }, { "ldap_user_objectsid", NULL, SYSDB_SID, NULL }, { "ldap_user_primary_group", NULL, SYSDB_PRIMARY_GROUP, NULL }, { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_user_entry_usn", NULL, SYSDB_USN, NULL }, { "ldap_user_shadow_last_change", "shadowLastChange", SYSDB_SHADOWPW_LASTCHANGE, NULL }, { "ldap_user_shadow_min", "shadowMin", SYSDB_SHADOWPW_MIN, NULL }, { "ldap_user_shadow_max", "shadowMax", SYSDB_SHADOWPW_MAX, NULL }, { "ldap_user_shadow_warning", "shadowWarning", SYSDB_SHADOWPW_WARNING, NULL }, { "ldap_user_shadow_inactive", "shadowInactive", SYSDB_SHADOWPW_INACTIVE, NULL }, { "ldap_user_shadow_expire", "shadowExpire", SYSDB_SHADOWPW_EXPIRE, NULL }, { "ldap_user_shadow_flag", "shadowFlag", SYSDB_SHADOWPW_FLAG, NULL }, { "ldap_user_krb_last_pwd_change", "krbLastPwdChange", SYSDB_KRBPW_LASTCHANGE, NULL }, { "ldap_user_krb_password_expiration", "krbPasswordExpiration", SYSDB_KRBPW_EXPIRATION, NULL }, { "ldap_pwd_attribute", "pwdAttribute", SYSDB_PWD_ATTRIBUTE, NULL }, { "ldap_user_authorized_service", "authorizedService", SYSDB_AUTHORIZED_SERVICE, NULL }, { "ldap_user_ad_account_expires", "accountExpires", SYSDB_AD_ACCOUNT_EXPIRES, NULL}, { "ldap_user_ad_user_account_control", "userAccountControl", SYSDB_AD_USER_ACCOUNT_CONTROL, NULL}, { "ldap_ns_account_lock", "nsAccountLock", SYSDB_NS_ACCOUNT_LOCK, NULL}, { "ldap_user_authorized_host", "host", SYSDB_AUTHORIZED_HOST, NULL }, { "ldap_user_nds_login_disabled", "loginDisabled", SYSDB_NDS_LOGIN_DISABLED, NULL }, { "ldap_user_nds_login_expiration_time", "loginExpirationTime", SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL }, { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map rfc2307_group_map[] = { { "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL }, { "ldap_group_name", "cn", SYSDB_NAME, NULL }, { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL }, { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_group_member", "memberuid", SYSDB_MEMBER, NULL }, { "ldap_group_uuid", NULL, SYSDB_UUID, NULL }, { "ldap_group_objectsid", NULL, SYSDB_SID, NULL }, { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL }, { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map rfc2307bis_user_map[] = { { "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL }, { "ldap_user_name", "uid", SYSDB_NAME, NULL }, { "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL }, { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL }, { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL }, { "ldap_user_home_directory", "homeDirectory", SYSDB_HOMEDIR, NULL }, { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL }, { "ldap_user_principal", "krbPrincipalName", SYSDB_UPN, NULL }, { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL }, { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL }, /* FIXME: this is 389ds specific */ { "ldap_user_uuid", "nsUniqueId", SYSDB_UUID, NULL }, { "ldap_user_objectsid", NULL, SYSDB_SID, NULL }, { "ldap_user_primary_group", NULL, SYSDB_PRIMARY_GROUP, NULL }, { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_user_entry_usn", NULL, SYSDB_USN, NULL }, { "ldap_user_shadow_last_change", "shadowLastChange", SYSDB_SHADOWPW_LASTCHANGE, NULL }, { "ldap_user_shadow_min", "shadowMin", SYSDB_SHADOWPW_MIN, NULL }, { "ldap_user_shadow_max", "shadowMax", SYSDB_SHADOWPW_MAX, NULL }, { "ldap_user_shadow_warning", "shadowWarning", SYSDB_SHADOWPW_WARNING, NULL }, { "ldap_user_shadow_inactive", "shadowInactive", SYSDB_SHADOWPW_INACTIVE, NULL }, { "ldap_user_shadow_expire", "shadowExpire", SYSDB_SHADOWPW_EXPIRE, NULL }, { "ldap_user_shadow_flag", "shadowFlag", SYSDB_SHADOWPW_FLAG, NULL }, { "ldap_user_krb_last_pwd_change", "krbLastPwdChange", SYSDB_KRBPW_LASTCHANGE, NULL }, { "ldap_user_krb_password_expiration", "krbPasswordExpiration", SYSDB_KRBPW_EXPIRATION, NULL }, { "ldap_pwd_attribute", "pwdAttribute", SYSDB_PWD_ATTRIBUTE, NULL }, { "ldap_user_authorized_service", "authorizedService", SYSDB_AUTHORIZED_SERVICE, NULL }, { "ldap_user_ad_account_expires", "accountExpires", SYSDB_AD_ACCOUNT_EXPIRES, NULL}, { "ldap_user_ad_user_account_control", "userAccountControl", SYSDB_AD_USER_ACCOUNT_CONTROL, NULL}, { "ldap_ns_account_lock", "nsAccountLock", SYSDB_NS_ACCOUNT_LOCK, NULL}, { "ldap_user_authorized_host", "host", SYSDB_AUTHORIZED_HOST, NULL }, { "ldap_user_nds_login_disabled", "loginDisabled", SYSDB_NDS_LOGIN_DISABLED, NULL }, { "ldap_user_nds_login_expiration_time", "loginExpirationTime", SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL }, { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map rfc2307bis_group_map[] = { { "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL }, { "ldap_group_name", "cn", SYSDB_NAME, NULL }, { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL }, { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_group_member", "member", SYSDB_MEMBER, NULL }, /* FIXME: this is 389ds specific */ { "ldap_group_uuid", "nsUniqueId", SYSDB_UUID, NULL }, { "ldap_group_objectsid", NULL, SYSDB_SID, NULL }, { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL }, { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map gen_ad2008r2_user_map[] = { { "ldap_user_object_class", "user", SYSDB_USER_CLASS, NULL }, { "ldap_user_name", "sAMAccountName", SYSDB_NAME, NULL }, { "ldap_user_pwd", "unixUserPassword", SYSDB_PWD, NULL }, { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL }, { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL }, { "ldap_user_home_directory", "unixHomeDirectory", SYSDB_HOMEDIR, NULL }, { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL }, { "ldap_user_principal", "userPrincipalName", SYSDB_UPN, NULL }, { "ldap_user_fullname", "name", SYSDB_FULLNAME, NULL }, { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL }, { "ldap_user_uuid", "objectGUID", SYSDB_UUID, NULL }, { "ldap_user_objectsid", "objectSID", SYSDB_SID, NULL }, { "ldap_user_primary_group", "primaryGroupID", SYSDB_PRIMARY_GROUP, NULL }, { "ldap_user_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_user_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL }, { "ldap_user_shadow_last_change", NULL, SYSDB_SHADOWPW_LASTCHANGE, NULL }, { "ldap_user_shadow_min", NULL, SYSDB_SHADOWPW_MIN, NULL }, { "ldap_user_shadow_max", NULL, SYSDB_SHADOWPW_MAX, NULL }, { "ldap_user_shadow_warning", NULL, SYSDB_SHADOWPW_WARNING, NULL }, { "ldap_user_shadow_inactive", NULL, SYSDB_SHADOWPW_INACTIVE, NULL }, { "ldap_user_shadow_expire", NULL, SYSDB_SHADOWPW_EXPIRE, NULL }, { "ldap_user_shadow_flag", NULL, SYSDB_SHADOWPW_FLAG, NULL }, { "ldap_user_krb_last_pwd_change", NULL, SYSDB_KRBPW_LASTCHANGE, NULL }, { "ldap_user_krb_password_expiration", NULL, SYSDB_KRBPW_EXPIRATION, NULL }, { "ldap_pwd_attribute", NULL, SYSDB_PWD_ATTRIBUTE, NULL }, { "ldap_user_authorized_service", NULL, SYSDB_AUTHORIZED_SERVICE, NULL }, { "ldap_user_ad_account_expires", "accountExpires", SYSDB_AD_ACCOUNT_EXPIRES, NULL}, { "ldap_user_ad_user_account_control", "userAccountControl", SYSDB_AD_USER_ACCOUNT_CONTROL, NULL}, { "ldap_ns_account_lock", NULL, SYSDB_NS_ACCOUNT_LOCK, NULL}, { "ldap_user_authorized_host", NULL, SYSDB_AUTHORIZED_HOST, NULL }, { "ldap_user_nds_login_disabled", NULL, SYSDB_NDS_LOGIN_DISABLED, NULL }, { "ldap_user_nds_login_expiration_time", NULL, SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL }, { "ldap_user_nds_login_allowed_time_map", NULL, SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map gen_ad2008r2_group_map[] = { { "ldap_group_object_class", "group", SYSDB_GROUP_CLASS, NULL }, { "ldap_group_name", "name", SYSDB_NAME, NULL }, { "ldap_group_pwd", NULL, SYSDB_PWD, NULL }, { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_group_member", "member", SYSDB_MEMBER, NULL }, { "ldap_group_uuid", "objectGUID", SYSDB_UUID, NULL }, { "ldap_group_objectsid", "objectSID", SYSDB_SID, NULL }, { "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL }, { "ldap_group_type", "groupType", SYSDB_GROUP_TYPE, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map netgroup_map[] = { { "ldap_netgroup_object_class", "nisNetgroup", SYSDB_NETGROUP_CLASS, NULL }, { "ldap_netgroup_name", "cn", SYSDB_NAME, NULL }, { "ldap_netgroup_member", "memberNisNetgroup", SYSDB_ORIG_NETGROUP_MEMBER, NULL }, { "ldap_netgroup_triple", "nisNetgroupTriple", SYSDB_NETGROUP_TRIPLE, NULL }, /* FIXME: this is 389ds specific */ { "ldap_netgroup_uuid", "nsUniqueId", SYSDB_UUID, NULL }, { "ldap_netgroup_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map native_sudorule_map[] = { { "ldap_sudorule_object_class", "sudoRole", SYSDB_SUDO_CACHE_OC, NULL }, { "ldap_sudorule_name", "cn", SYSDB_SUDO_CACHE_AT_CN, NULL }, { "ldap_sudorule_command", "sudoCommand", SYSDB_SUDO_CACHE_AT_COMMAND, NULL }, { "ldap_sudorule_host", "sudoHost", SYSDB_SUDO_CACHE_AT_HOST, NULL }, { "ldap_sudorule_user", "sudoUser", SYSDB_SUDO_CACHE_AT_USER, NULL }, { "ldap_sudorule_option", "sudoOption", SYSDB_SUDO_CACHE_AT_OPTION, NULL }, { "ldap_sudorule_runasuser", "sudoRunAsUser", SYSDB_SUDO_CACHE_AT_RUNASUSER, NULL }, { "ldap_sudorule_runasgroup", "sudoRunAsGroup", SYSDB_SUDO_CACHE_AT_RUNASGROUP, NULL }, { "ldap_sudorule_notbefore", "sudoNotBefore", SYSDB_SUDO_CACHE_AT_NOTBEFORE, NULL }, { "ldap_sudorule_notafter", "sudoNotAfter", SYSDB_SUDO_CACHE_AT_NOTAFTER, NULL }, { "ldap_sudorule_order", "sudoOrder", SYSDB_SUDO_CACHE_AT_ORDER, NULL }, { "ldap_sudorule_entry_usn", NULL, SYSDB_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map service_map[] = { { "ldap_service_object_class", "ipService", SYSDB_SVC_CLASS, NULL }, { "ldap_service_name", "cn", SYSDB_NAME, NULL }, { "ldap_service_port", "ipServicePort", SYSDB_SVC_PORT, NULL }, { "ldap_service_proto", "ipServiceProtocol", SYSDB_SVC_PROTO, NULL }, { "ldap_service_entry_usn", NULL, SYSDB_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map rfc2307_autofs_mobject_map[] = { { "ldap_autofs_map_object_class", "automountMap", SYSDB_AUTOFS_MAP_OC, NULL }, { "ldap_autofs_map_name", "ou", SYSDB_AUTOFS_MAP_NAME, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map rfc2307_autofs_entry_map[] = { { "ldap_autofs_entry_object_class", "automount", SYSDB_AUTOFS_ENTRY_OC, NULL }, { "ldap_autofs_entry_key", "cn", SYSDB_AUTOFS_ENTRY_KEY, NULL }, { "ldap_autofs_entry_value", "automountInformation", SYSDB_AUTOFS_ENTRY_VALUE, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map rfc2307bis_autofs_mobject_map[] = { { "ldap_autofs_map_object_class", "automountMap", SYSDB_AUTOFS_MAP_OC, NULL }, { "ldap_autofs_map_name", "automountMapName", SYSDB_AUTOFS_MAP_NAME, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map rfc2307bis_autofs_entry_map[] = { { "ldap_autofs_entry_object_class", "automount", SYSDB_AUTOFS_ENTRY_OC, NULL }, { "ldap_autofs_entry_key", "automountKey", SYSDB_AUTOFS_ENTRY_KEY, NULL }, { "ldap_autofs_entry_value", "automountInformation", SYSDB_AUTOFS_ENTRY_VALUE, NULL }, SDAP_ATTR_MAP_TERMINATOR }; #endif /* LDAP_OPTS_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap.c0000644000000000000000000000007412320753107020372 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.635874965 sssd-1.11.5/src/providers/ldap/sdap.c0000664002412700241270000011707612320753107020630 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Helper routines Copyright (C) Simo Sorce This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "util/crypto/sss_crypto.h" #include "confdb/confdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap.h" #include "providers/ldap/sdap_range.h" /* =Retrieve-Options====================================================== */ int sdap_copy_map(TALLOC_CTX *memctx, struct sdap_attr_map *src_map, int num_entries, struct sdap_attr_map **_map) { struct sdap_attr_map *map; int i; map = talloc_array(memctx, struct sdap_attr_map, num_entries); if (!map) { return ENOMEM; } for (i = 0; i < num_entries; i++) { map[i].opt_name = talloc_strdup(map, src_map[i].opt_name); map[i].sys_name = talloc_strdup(map, src_map[i].sys_name); if (map[i].opt_name == NULL || map[i].sys_name == NULL) { return ENOMEM; } if (src_map[i].def_name != NULL) { map[i].def_name = talloc_strdup(map, src_map[i].def_name); map[i].name = talloc_strdup(map, src_map[i].def_name); if (map[i].def_name == NULL || map[i].name == NULL) { return ENOMEM; } } else { map[i].def_name = NULL; map[i].name = NULL; } DEBUG(SSSDBG_TRACE_FUNC, ("Option %s has%s value %s\n", map[i].opt_name, map[i].name ? "" : " no", map[i].name ? map[i].name : "")); } *_map = map; return EOK; } int sdap_get_map(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct sdap_attr_map *def_map, int num_entries, struct sdap_attr_map **_map) { struct sdap_attr_map *map; char *name; int i, ret; map = talloc_array(memctx, struct sdap_attr_map, num_entries); if (!map) { return ENOMEM; } for (i = 0; i < num_entries; i++) { map[i].opt_name = def_map[i].opt_name; map[i].def_name = def_map[i].def_name; map[i].sys_name = def_map[i].sys_name; ret = confdb_get_string(cdb, map, conf_path, map[i].opt_name, map[i].def_name, &name); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to retrieve value for %s\n", map[i].opt_name)); talloc_zfree(map); return EINVAL; } if (name) { ret = sss_filter_sanitize(map, name, &map[i].name); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not sanitize attribute [%s]\n", name)); talloc_zfree(map); return EINVAL; } talloc_zfree(name); } else { map[i].name = NULL; } if (map[i].def_name && !map[i].name) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to retrieve value for %s\n", map[i].opt_name)); talloc_zfree(map); return EINVAL; } DEBUG(SSSDBG_TRACE_FUNC, ("Option %s has%s value %s\n", map[i].opt_name, map[i].name ? "" : " no", map[i].name ? map[i].name : "")); } *_map = map; return EOK; } /* =Parse-msg============================================================= */ int sdap_parse_entry(TALLOC_CTX *memctx, struct sdap_handle *sh, struct sdap_msg *sm, struct sdap_attr_map *map, int attrs_num, struct sysdb_attrs **_attrs, char **_dn, bool disable_range_retrieval) { struct sysdb_attrs *attrs; BerElement *ber = NULL; struct berval **vals; struct ldb_val v; char *str; int lerrno; int a, i, ret; const char *name; bool store; bool base64; char *base_attr; char *dn = NULL; uint32_t range_offset; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; lerrno = 0; ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("ldap_set_option failed [%s], ignored.\n", sss_ldap_err2string(ret))); } attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ret = ENOMEM; goto done; } str = ldap_get_dn(sh->ldap, sm->msg); if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); DEBUG(1, ("ldap_get_dn failed: %d(%s)\n", lerrno, sss_ldap_err2string(lerrno))); ret = EIO; goto done; } DEBUG(9, ("OriginalDN: [%s].\n", str)); ret = sysdb_attrs_add_string(attrs, SYSDB_ORIG_DN, str); if (ret) goto done; if (_dn) { dn = talloc_strdup(tmp_ctx, str); if (!dn) { ret = ENOMEM; ldap_memfree(str); goto done; } } ldap_memfree(str); if (map) { vals = ldap_get_values_len(sh->ldap, sm->msg, "objectClass"); if (!vals) { DEBUG(1, ("Unknown entry type, no objectClasses found!\n")); ret = EINVAL; goto done; } for (i = 0; vals[i]; i++) { /* the objectclass is always the first name in the map */ if (strncasecmp(map[0].name, vals[i]->bv_val, vals[i]->bv_len) == 0) { /* ok it's an entry of the right type */ break; } } if (!vals[i]) { DEBUG(1, ("objectClass not matching: %s\n", map[0].name)); ldap_value_free_len(vals); ret = EINVAL; goto done; } ldap_value_free_len(vals); } str = ldap_first_attribute(sh->ldap, sm->msg, &ber); if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); DEBUG(lerrno == LDAP_SUCCESS ? SSSDBG_TRACE_INTERNAL : SSSDBG_MINOR_FAILURE, ("Entry has no attributes [%d(%s)]!?\n", lerrno, sss_ldap_err2string(lerrno))); if (map) { ret = EINVAL; goto done; } } while (str) { base64 = false; ret = sdap_parse_range(tmp_ctx, str, &base_attr, &range_offset, disable_range_retrieval); switch(ret) { case EAGAIN: /* This attribute contained range values and needs more to * be retrieved */ /* TODO: return the set of attributes that need additional retrieval * For now, we'll continue below and treat it as regular values. */ /* FALLTHROUGH */ case ECANCELED: /* FALLTHROUGH */ case EOK: break; default: DEBUG(SSSDBG_MINOR_FAILURE, ("Could not determine if attribute [%s] was ranged\n", str)); goto done; } if (map) { for (a = 1; a < attrs_num; a++) { /* check if this attr is valid with the chosen schema */ if (!map[a].name) continue; /* check if it is an attr we are interested in */ if (strcasecmp(base_attr, map[a].name) == 0) break; } /* interesting attr */ if (a < attrs_num) { store = true; name = map[a].sys_name; if (strcmp(name, SYSDB_SSH_PUBKEY) == 0) { base64 = true; } } else { store = false; name = NULL; } } else { name = base_attr; store = true; } if (ret == ECANCELED) { ret = EOK; store = false; } if (store) { vals = ldap_get_values_len(sh->ldap, sm->msg, str); if (!vals) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (lerrno != LDAP_SUCCESS) { DEBUG(1, ("LDAP Library error: %d(%s)", lerrno, sss_ldap_err2string(lerrno))); ret = EIO; goto done; } DEBUG(5, ("Attribute [%s] has no values, skipping.\n", str)); } else { if (!vals[0]) { DEBUG(1, ("Missing value after ldap_get_values() ??\n")); ret = EINVAL; goto done; } for (i = 0; vals[i]; i++) { if (vals[i]->bv_len == 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("Value of attribute [%s] is empty. " "Skipping this value.\n", str)); continue; } if (base64) { v.data = (uint8_t *)sss_base64_encode(attrs, (uint8_t *)vals[i]->bv_val, vals[i]->bv_len); if (!v.data) { ret = ENOMEM; goto done; } v.length = strlen((const char *)v.data); } else { v.data = (uint8_t *)vals[i]->bv_val; v.length = vals[i]->bv_len; } ret = sysdb_attrs_add_val(attrs, name, &v); if (ret) goto done; } ldap_value_free_len(vals); } } ldap_memfree(str); str = ldap_next_attribute(sh->ldap, sm->msg, ber); } ber_free(ber, 0); ber = NULL; ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (lerrno) { DEBUG(1, ("LDAP Library error: %d(%s)", lerrno, sss_ldap_err2string(lerrno))); ret = EIO; goto done; } *_attrs = talloc_steal(memctx, attrs); if (_dn) *_dn = talloc_steal(memctx, dn); ret = EOK; done: if (ber) ber_free(ber, 0); talloc_free(tmp_ctx); return ret; } /* Parses an LDAPDerefRes into sdap_deref_attrs structure */ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, struct sdap_attr_map_info *minfo, size_t num_maps, LDAPDerefRes *dref, struct sdap_deref_attrs ***_res) { TALLOC_CTX *tmp_ctx; LDAPDerefVal *dval; const char *orig_dn; const char **ocs; struct sdap_attr_map *map; int num_attrs; int ret, i, a, mi; const char *name; size_t len; struct sdap_deref_attrs **res; if (!dref || !minfo) return EINVAL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; res = talloc_array(tmp_ctx, struct sdap_deref_attrs *, num_maps); if (!res) { ret = ENOMEM; goto done; } for (i=0; i < num_maps; i++) { res[i] = talloc_zero(res, struct sdap_deref_attrs); if (!res[i]) { ret = ENOMEM; goto done; } res[i]->map = minfo[i].map; } if (!dref->derefVal.bv_val) { DEBUG(2, ("Entry has no DN?\n")); ret = EINVAL; goto done; } orig_dn = dref->derefVal.bv_val; DEBUG(SSSDBG_TRACE_LIBS, ("Dereferenced DN: %s\n", orig_dn)); if (!dref->attrVals) { DEBUG(SSSDBG_MINOR_FAILURE, ("Dereferenced entry [%s] has no attributes\n", orig_dn)); ret = EINVAL; goto done; } ocs = NULL; for (dval = dref->attrVals; dval != NULL; dval = dval->next) { if (strcasecmp("objectClass", dval->type) == 0) { if (dval->vals == NULL) { DEBUG(4, ("No value for objectClass, skipping\n")); continue; } for(len=0; dval->vals[len].bv_val; len++); ocs = talloc_array(tmp_ctx, const char *, len+1); if (!ocs) { ret = ENOMEM; goto done; } for (i=0; ivals[i].bv_val)); ocs[i] = talloc_strdup(ocs, dval->vals[i].bv_val); if (!ocs[i]) { ret = ENOMEM; goto done; } } ocs[i] = NULL; break; } } if (!ocs) { DEBUG(1, ("Unknown entry type, no objectClasses found!\n")); ret = EINVAL; goto done; } for (mi = 0; mi < num_maps; mi++) { map = NULL; for (i=0; ocs[i]; i++) { /* the objectclass is always the first name in the map */ if (strcasecmp(minfo[mi].map[0].name, ocs[i]) == 0) { DEBUG(9, ("Found map for objectclass '%s'\n", ocs[i])); map = minfo[mi].map; num_attrs = minfo[mi].num_attrs; break; } } if (!map) continue; res[mi]->attrs = sysdb_new_attrs(res[mi]); if (!res[mi]->attrs) { ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(res[mi]->attrs, SYSDB_ORIG_DN, orig_dn); if (ret) { goto done; } for (dval = dref->attrVals; dval != NULL; dval = dval->next) { DEBUG(8, ("Dereferenced attribute: %s\n", dval->type)); for (a = 1; a < num_attrs; a++) { /* check if this attr is valid with the chosen schema */ if (!map[a].name) continue; /* check if it is an attr we are interested in */ if (strcasecmp(dval->type, map[a].name) == 0) break; } /* interesting attr */ if (a < num_attrs) { name = map[a].sys_name; } else { continue; } if (dval->vals == NULL) { DEBUG(4, ("No value for attribute %s, skipping\n", name)); continue; } for (i=0; dval->vals[i].bv_val; i++) { DEBUG(9, ("Dereferenced attribute value: %s\n", dval->vals[i].bv_val)); ret = sysdb_attrs_add_mem(res[mi]->attrs, name, dval->vals[i].bv_val, dval->vals[i].bv_len); if (ret) goto done; } } } *_res = talloc_steal(mem_ctx, res); ret = EOK; done: talloc_zfree(tmp_ctx); return ret; } /* =Get-DN-from-message=================================================== */ int sdap_get_msg_dn(TALLOC_CTX *memctx, struct sdap_handle *sh, struct sdap_msg *sm, char **_dn) { char *str; int lerrno; int ret; lerrno = 0; ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("ldap_set_option failed [%s], ignored.\n", sss_ldap_err2string(ret))); } str = ldap_get_dn(sh->ldap, sm->msg); if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); DEBUG(1, ("ldap_get_dn failed: %d(%s)\n", lerrno, sss_ldap_err2string(lerrno))); return EIO; } *_dn = talloc_strdup(memctx, str); ldap_memfree(str); if (!*_dn) return ENOMEM; return EOK; } errno_t setup_tls_config(struct dp_option *basic_opts) { int ret; int ldap_opt_x_tls_require_cert; const char *tls_opt; tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_REQCERT); if (tls_opt) { if (strcasecmp(tls_opt, "never") == 0) { ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_NEVER; } else if (strcasecmp(tls_opt, "allow") == 0) { ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_ALLOW; } else if (strcasecmp(tls_opt, "try") == 0) { ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_TRY; } else if (strcasecmp(tls_opt, "demand") == 0) { ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_DEMAND; } else if (strcasecmp(tls_opt, "hard") == 0) { ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_HARD; } else { DEBUG(1, ("Unknown value for tls_reqcert.\n")); return EINVAL; } /* LDAP_OPT_X_TLS_REQUIRE_CERT has to be set as a global option, * because the SSL/TLS context is initialized from this value. */ ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_opt_x_tls_require_cert); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret))); return EIO; } } tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_CACERT); if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret))); return EIO; } } tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_CACERTDIR); if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, tls_opt); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret))); return EIO; } } tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_CERT); if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret))); return EIO; } } tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_KEY); if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret))); return EIO; } } tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_CIPHER_SUITE); if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret))); return EIO; } } return EOK; } bool sdap_check_sup_list(struct sup_list *l, const char *val) { int i; if (!val) { return false; } for (i = 0; i < l->num_vals; i++) { if (strcasecmp(val, (char *)l->vals[i])) { continue; } return true; } return false; } static int sdap_init_sup_list(TALLOC_CTX *memctx, struct sup_list *list, int num, struct ldb_val *vals) { int i; list->vals = talloc_array(memctx, char *, num); if (!list->vals) { return ENOMEM; } for (i = 0; i < num; i++) { list->vals[i] = talloc_strndup(list->vals, (char *)vals[i].data, vals[i].length); if (!list->vals[i]) { return ENOMEM; } } list->num_vals = num; return EOK; } int sdap_set_rootdse_supported_lists(struct sysdb_attrs *rootdse, struct sdap_handle *sh) { struct ldb_message_element *el = NULL; int ret; int i; for (i = 0; i < rootdse->num; i++) { el = &rootdse->a[i]; if (strcasecmp(el->name, "supportedControl") == 0) { ret = sdap_init_sup_list(sh, &sh->supported_controls, el->num_values, el->values); if (ret) { return ret; } } else if (strcasecmp(el->name, "supportedExtension") == 0) { ret = sdap_init_sup_list(sh, &sh->supported_extensions, el->num_values, el->values); if (ret) { return ret; } } else if (strcasecmp(el->name, "supportedSASLMechanisms") == 0) { ret = sdap_init_sup_list(sh, &sh->supported_saslmechs, el->num_values, el->values); if (ret) { return ret; } } } return EOK; } static char *get_single_value_as_string(TALLOC_CTX *mem_ctx, struct ldb_message_element *el) { char *str = NULL; if (el->num_values == 0) { DEBUG(3, ("Missing value.\n")); } else if (el->num_values == 1) { str = talloc_strndup(mem_ctx, (char *) el->values[0].data, el->values[0].length); if (str == NULL) { DEBUG(1, ("talloc_strndup failed.\n")); } } else { DEBUG(3, ("More than one value found.\n")); } return str; } static char *get_naming_context(TALLOC_CTX *mem_ctx, struct sysdb_attrs *rootdse) { struct ldb_message_element *nc = NULL; struct ldb_message_element *dnc = NULL; int i; char *naming_context = NULL; for (i = 0; i < rootdse->num; i++) { if (strcasecmp(rootdse->a[i].name, SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS) == 0) { nc = &rootdse->a[i]; } else if (strcasecmp(rootdse->a[i].name, SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT) == 0) { dnc = &rootdse->a[i]; } } if (dnc == NULL && nc == NULL) { DEBUG(3, ("No attributes [%s] or [%s] found in rootDSE.\n", SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS, SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT)); } else { if (dnc != NULL) { DEBUG(5, ("Using value from [%s] as naming context.\n", SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT)); naming_context = get_single_value_as_string(mem_ctx, dnc); } if (naming_context == NULL && nc != NULL) { DEBUG(5, ("Using value from [%s] as naming context.\n", SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS)); naming_context = get_single_value_as_string(mem_ctx, nc); } } /* Some directory servers such as Novell eDirectory will return * a zero-length namingContexts value in some situations. In this * case, we should return it as NULL so things fail gracefully. */ if (naming_context && naming_context[0] == '\0') { talloc_zfree(naming_context); } return naming_context; } static errno_t sdap_set_search_base(struct sdap_options *opts, struct sdap_domain *sdom, enum sdap_basic_opt class, char *naming_context) { errno_t ret; struct sdap_search_base ***bases; switch(class) { case SDAP_SEARCH_BASE: bases = &sdom->search_bases; break; case SDAP_USER_SEARCH_BASE: bases = &sdom->user_search_bases; break; case SDAP_GROUP_SEARCH_BASE: bases = &sdom->group_search_bases; break; case SDAP_NETGROUP_SEARCH_BASE: bases = &sdom->netgroup_search_bases; break; case SDAP_SUDO_SEARCH_BASE: bases = &sdom->sudo_search_bases; break; case SDAP_SERVICE_SEARCH_BASE: bases = &sdom->service_search_bases; break; case SDAP_AUTOFS_SEARCH_BASE: bases = &sdom->autofs_search_bases; break; default: return EINVAL; } DEBUG(SSSDBG_CONF_SETTINGS, ("Setting option [%s] to [%s].\n", opts->basic[class].opt_name, naming_context)); ret = dp_opt_set_string(opts->basic, class, naming_context); if (ret != EOK) { DEBUG(1, ("dp_opt_set_string failed.\n")); goto done; } ret = sdap_parse_search_base(opts, opts->basic, class, bases); if (ret != EOK) goto done; ret = EOK; done: return ret; } errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, struct sdap_options *opts, struct sdap_domain *sdom) { int ret; char *naming_context = NULL; if (!sdom->search_bases || !sdom->user_search_bases || !sdom->group_search_bases || !sdom->netgroup_search_bases || !sdom->sudo_search_bases || !sdom->autofs_search_bases) { naming_context = get_naming_context(opts->basic, rootdse); if (naming_context == NULL) { DEBUG(1, ("get_naming_context failed.\n")); /* This has to be non-fatal, since some servers offer * multiple namingContexts entries. We will just * add NULL checks for the search bases in the lookups. */ ret = EOK; goto done; } } /* Default */ if (!sdom->search_bases) { ret = sdap_set_search_base(opts, sdom, SDAP_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } /* Users */ if (!sdom->user_search_bases) { ret = sdap_set_search_base(opts, sdom, SDAP_USER_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } /* Groups */ if (!sdom->group_search_bases) { ret = sdap_set_search_base(opts, sdom, SDAP_GROUP_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } /* Netgroups */ if (!sdom->netgroup_search_bases) { ret = sdap_set_search_base(opts, sdom, SDAP_NETGROUP_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } /* Sudo */ if (!sdom->sudo_search_bases) { ret = sdap_set_search_base(opts, sdom, SDAP_SUDO_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } /* Services */ if (!sdom->service_search_bases) { ret = sdap_set_search_base(opts, sdom, SDAP_SERVICE_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } /* autofs */ if (!sdom->autofs_search_bases) { ret = sdap_set_search_base(opts, sdom, SDAP_AUTOFS_SEARCH_BASE, naming_context); if (ret != EOK) goto done; } ret = EOK; done: talloc_free(naming_context); return ret; } int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, const char *server, struct sysdb_attrs *rootdse, struct sdap_options *opts, struct sdap_server_opts **srv_opts) { struct sdap_server_opts *so; struct { const char *last_name; const char *entry_name; } usn_attrs[] = { { SDAP_IPA_LAST_USN, SDAP_IPA_USN }, { SDAP_AD_LAST_USN, SDAP_AD_USN }, { NULL, NULL } }; const char *last_usn_name; const char *last_usn_value; const char *entry_usn_name; char *endptr = NULL; int ret; int i; uint32_t dc_level; so = talloc_zero(memctx, struct sdap_server_opts); if (!so) { return ENOMEM; } so->server_id = talloc_strdup(so, server); if (!so->server_id) { talloc_zfree(so); return ENOMEM; } last_usn_name = opts->gen_map[SDAP_AT_LAST_USN].name; entry_usn_name = opts->gen_map[SDAP_AT_ENTRY_USN].name; if (rootdse) { if (last_usn_name) { ret = sysdb_attrs_get_string(rootdse, last_usn_name, &last_usn_value); if (ret != EOK) { switch (ret) { case ENOENT: DEBUG(1, ("%s configured but not found in rootdse!\n", opts->gen_map[SDAP_AT_LAST_USN].opt_name)); break; case ERANGE: DEBUG(1, ("Multiple values of %s found in rootdse!\n", opts->gen_map[SDAP_AT_LAST_USN].opt_name)); break; default: DEBUG(1, ("Unkown error (%d) checking rootdse!\n", ret)); } } else { if (!entry_usn_name) { DEBUG(1, ("%s found in rootdse but %s is not set!\n", last_usn_name, opts->gen_map[SDAP_AT_ENTRY_USN].opt_name)); } else { so->supports_usn = true; so->last_usn = strtoul(last_usn_value, &endptr, 10); if (endptr != NULL && (*endptr != '\0' || endptr == last_usn_value)) { DEBUG(3, ("USN is not valid (value: %s)\n", last_usn_value)); so->last_usn = 0; } else { DEBUG(9, ("USN value: %s (int: %lu)\n", last_usn_value, so->last_usn)); } } } } else { /* no usn option configure, let's try to autodetect. */ for (i = 0; usn_attrs[i].last_name; i++) { ret = sysdb_attrs_get_string(rootdse, usn_attrs[i].last_name, &last_usn_value); if (ret == EOK) { /* Fixate discovered configuration */ opts->gen_map[SDAP_AT_LAST_USN].name = talloc_strdup(opts->gen_map, usn_attrs[i].last_name); opts->gen_map[SDAP_AT_ENTRY_USN].name = talloc_strdup(opts->gen_map, usn_attrs[i].entry_name); so->supports_usn = true; so->last_usn = strtoul(last_usn_value, &endptr, 10); if (endptr != NULL && (*endptr != '\0' || endptr == last_usn_value)) { DEBUG(3, ("USN is not valid (value: %s)\n", last_usn_value)); so->last_usn = 0; } else { DEBUG(9, ("USN value: %s (int: %lu)\n", last_usn_value, so->last_usn)); } last_usn_name = usn_attrs[i].last_name; break; } } } /* Detect Active Directory version if available */ ret = sysdb_attrs_get_uint32_t(rootdse, SDAP_ROOTDSE_ATTR_AD_VERSION, &dc_level); if (ret == EOK) { /* Validate that the DC level matches an expected value */ switch(dc_level) { case DS_BEHAVIOR_WIN2000: case DS_BEHAVIOR_WIN2003: case DS_BEHAVIOR_WIN2008: case DS_BEHAVIOR_WIN2008R2: case DS_BEHAVIOR_WIN2012: opts->dc_functional_level = dc_level; DEBUG(SSSDBG_CONF_SETTINGS, ("Setting AD compatibility level to [%d]\n", opts->dc_functional_level)); break; default: DEBUG(SSSDBG_MINOR_FAILURE, ("Received invalid value for AD compatibility level. " "Continuing without AD performance enhancements\n")); } } else if (ret != ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error detecting Active Directory compatibility level " "(%s). Continuing without AD performance enhancements\n", strerror(ret))); } } if (!last_usn_name) { DEBUG(5, ("No known USN scheme is supported by this server!\n")); if (!entry_usn_name) { DEBUG(5, ("Will use modification timestamp as usn!\n")); opts->gen_map[SDAP_AT_ENTRY_USN].name = talloc_strdup(opts->gen_map, "modifyTimestamp"); } } if (!opts->user_map[SDAP_AT_USER_USN].name) { opts->user_map[SDAP_AT_USER_USN].name = talloc_strdup(opts->user_map, opts->gen_map[SDAP_AT_ENTRY_USN].name); } if (!opts->group_map[SDAP_AT_GROUP_USN].name) { opts->group_map[SDAP_AT_GROUP_USN].name = talloc_strdup(opts->group_map, opts->gen_map[SDAP_AT_ENTRY_USN].name); } if (!opts->service_map[SDAP_AT_SERVICE_USN].name) { opts->service_map[SDAP_AT_SERVICE_USN].name = talloc_strdup(opts->service_map, opts->gen_map[SDAP_AT_ENTRY_USN].name); } if (opts->sudorule_map && !opts->sudorule_map[SDAP_AT_SUDO_USN].name) { opts->sudorule_map[SDAP_AT_SUDO_USN].name = talloc_strdup(opts->sudorule_map, opts->gen_map[SDAP_AT_ENTRY_USN].name); } *srv_opts = so; return EOK; } void sdap_steal_server_opts(struct sdap_id_ctx *id_ctx, struct sdap_server_opts **srv_opts) { if (!id_ctx || !srv_opts || !*srv_opts) { return; } if (!id_ctx->srv_opts) { id_ctx->srv_opts = talloc_move(id_ctx, srv_opts); return; } /* discard if same as previous so we do not reset max usn values * unnecessarily */ if (strcmp(id_ctx->srv_opts->server_id, (*srv_opts)->server_id) == 0) { talloc_zfree(*srv_opts); return; } talloc_zfree(id_ctx->srv_opts); id_ctx->srv_opts = talloc_move(id_ctx, srv_opts); } static bool attr_is_filtered(const char *attr, const char **filter) { int i; if (filter) { i = 0; while (filter[i]) { if (filter[i] == attr || strcasecmp(filter[i], attr) == 0) { return true; } i++; } } return false; } int build_attrs_from_map(TALLOC_CTX *memctx, struct sdap_attr_map *map, size_t size, const char **filter, const char ***_attrs, size_t *attr_count) { errno_t ret; const char **attrs; int i, j; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; /* Assume that all entries in the map have values */ attrs = talloc_zero_array(tmp_ctx, const char *, size + 1); if (!attrs) { ret = ENOMEM; goto done; } /* first attribute is "objectclass" not the specifc one */ attrs[0] = talloc_strdup(memctx, "objectClass"); if (!attrs[0]) return ENOMEM; /* add the others */ for (i = j = 1; i < size; i++) { if (map[i].name && !attr_is_filtered(map[i].name, filter)) { attrs[j] = map[i].name; j++; } } attrs[j] = NULL; /* Trim down the used memory if some attributes were NULL */ attrs = talloc_realloc(tmp_ctx, attrs, const char *, j + 1); if (!attrs) { ret = ENOMEM; goto done; } *_attrs = talloc_steal(memctx, attrs); if (attr_count) *attr_count = j; ret = EOK; done: talloc_free(tmp_ctx); return ret; } int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical, struct berval *value, int dupval, LDAPControl **ctrlp) { int ret; if (sdap_is_control_supported(sh, oid)) { ret = sss_ldap_control_create(oid, iscritical, value, dupval, ctrlp); if (ret != LDAP_SUCCESS) { DEBUG(1, ("sss_ldap_control_create failed [%d][%s].\n", ret, sss_ldap_err2string(ret))); } } else { DEBUG(3, ("Server does not support the requested control [%s].\n", oid)); ret = LDAP_NOT_SUPPORTED; } return ret; } int sdap_replace_id(struct sysdb_attrs *entry, const char *attr, id_t val) { char *str; errno_t ret; struct ldb_message_element *el; ret = sysdb_attrs_get_el_ext(entry, attr, false, &el); if (ret == ENOENT) { return sysdb_attrs_add_uint32(entry, attr, val); } else if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot get attribute [%s]\n", attr)); return ret; } if (el->num_values != 1) { DEBUG(SSSDBG_OP_FAILURE, ("Expected 1 value for %s, got %d\n", attr, el->num_values)); return EINVAL; } str = talloc_asprintf(entry, "%llu", (unsigned long long) val); if (!str) { return ENOMEM; } el->values[0].data = (uint8_t *) str; el->values[0].length = strlen(str); return EOK; } static errno_t sdap_get_primary_name(TALLOC_CTX *memctx, const char *attr_name, struct sysdb_attrs *attrs, struct sss_domain_info *dom, const char **_primary_name) { errno_t ret; const char *orig_name = NULL; char *name; ret = sysdb_attrs_primary_name(dom->sysdb, attrs, attr_name, &orig_name); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("The object has no name attribute\n")); return EINVAL; } name = sss_get_domain_name(memctx, orig_name, dom); if (name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to format original name [%s]\n", orig_name)); return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Processing object %s\n", name)); *_primary_name = name; return EOK; } errno_t sdap_get_user_primary_name(TALLOC_CTX *memctx, struct sdap_options *opts, struct sysdb_attrs *attrs, struct sss_domain_info *dom, const char **_user_name) { return sdap_get_primary_name(memctx, opts->user_map[SDAP_AT_USER_NAME].name, attrs, dom, _user_name); } errno_t sdap_get_group_primary_name(TALLOC_CTX *memctx, struct sdap_options *opts, struct sysdb_attrs *attrs, struct sss_domain_info *dom, const char **_group_name) { return sdap_get_primary_name(memctx, opts->group_map[SDAP_AT_GROUP_NAME].name, attrs, dom, _group_name); } errno_t sdap_get_netgroup_primary_name(TALLOC_CTX *memctx, struct sdap_options *opts, struct sysdb_attrs *attrs, struct sss_domain_info *dom, const char **_netgroup_name) { return sdap_get_primary_name(memctx, opts->netgroup_map[SDAP_AT_NETGROUP_NAME].name, attrs, dom, _netgroup_name); } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_sudo_hostinfo.c0000644000000000000000000000007412320753107024532 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.638874962 sssd-1.11.5/src/providers/ldap/sdap_async_sudo_hostinfo.c0000664002412700241270000004003112320753107024752 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include #include #include "util/util.h" #include "providers/ldap/sdap.h" #include "providers/ldap/sdap_id_op.h" #include "providers/ldap/sdap_sudo.h" #include "resolv/async_resolv.h" static int sdap_sudo_get_ip_addresses(TALLOC_CTX *mem_ctx, char ***_ip_addr); struct sdap_sudo_get_hostinfo_state { char **hostnames; char **ip_addr; }; struct sdap_sudo_get_hostnames_state { struct tevent_context *ev; struct resolv_ctx *resolv_ctx; enum host_database *host_db; enum restrict_family family_order; char **hostnames; }; static void sdap_sudo_get_hostinfo_done(struct tevent_req *req); static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx); static void sdap_sudo_get_hostnames_done(struct tevent_req *subreq); static int sdap_sudo_get_hostnames_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char ***hostnames); struct tevent_req * sdap_sudo_get_hostinfo_send(TALLOC_CTX *mem_ctx, struct sdap_options *opts, struct be_ctx *be_ctx) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_sudo_get_hostinfo_state *state = NULL; char *conf_hostnames = NULL; char *conf_ip_addr = NULL; int ret = EOK; /* create request */ req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_get_hostinfo_state); if (req == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->hostnames = NULL; state->ip_addr = NULL; /* load info from configuration */ conf_hostnames = dp_opt_get_string(opts->basic, SDAP_SUDO_HOSTNAMES); conf_ip_addr = dp_opt_get_string(opts->basic, SDAP_SUDO_IP); if (conf_hostnames != NULL) { ret = split_on_separator(state, conf_hostnames, ' ', true, true, &state->hostnames, NULL); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to parse hostnames [%d]: %s\n", ret, strerror(ret))); goto done; } else { DEBUG(SSSDBG_CONF_SETTINGS, ("Hostnames set to: %s\n", conf_hostnames)); } } if (conf_ip_addr != NULL) { ret = split_on_separator(state, conf_ip_addr, ' ', true, true, &state->ip_addr, NULL); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to parse IP addresses [%d]: %s\n", ret, strerror(ret))); goto done; } else { DEBUG(SSSDBG_CONF_SETTINGS, ("IP addresses set to: %s\n", conf_ip_addr)); } } /* if IP addresses are not specified, configure it automatically */ if (state->ip_addr == NULL) { ret = sdap_sudo_get_ip_addresses(state, &state->ip_addr); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to detect IP addresses [%d]: %s\n", ret, strerror(ret))); } } /* if hostnames are not specified, configure it automatically */ if (state->hostnames == NULL) { subreq = sdap_sudo_get_hostnames_send(state, be_ctx); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_sudo_get_hostinfo_done, req); ret = EAGAIN; } done: if (ret != EAGAIN) { if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, be_ctx->ev); } return req; } static void sdap_sudo_get_hostinfo_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; struct sdap_sudo_get_hostinfo_state *state = NULL; int ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_sudo_get_hostinfo_state); ret = sdap_sudo_get_hostnames_recv(state, subreq, &state->hostnames); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve hostnames [%d]: %s\n", ret, strerror(ret))); tevent_req_error(req, ret); return; } tevent_req_done(req); } int sdap_sudo_get_hostinfo_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char ***hostnames, char ***ip_addr) { struct sdap_sudo_get_hostinfo_state *state = NULL; state = tevent_req_data(req, struct sdap_sudo_get_hostinfo_state); TEVENT_REQ_RETURN_ON_ERROR(req); *hostnames = talloc_steal(mem_ctx, state->hostnames); *ip_addr = talloc_steal(mem_ctx, state->ip_addr); return EOK; } static int sdap_sudo_get_ip_addresses(TALLOC_CTX *mem_ctx, char ***_ip_addr_list) { TALLOC_CTX *tmp_ctx = NULL; char **ip_addr_list = NULL; struct ifaddrs *ifaces = NULL; struct ifaddrs *iface = NULL; struct sockaddr_in *ip4_addr = NULL; struct sockaddr_in *ip4_network = NULL; struct sockaddr_in6 *ip6_addr = NULL; struct sockaddr_in6 *ip6_network = NULL; char ip_addr[INET6_ADDRSTRLEN + 1]; char network_addr[INET6_ADDRSTRLEN + 1]; in_addr_t ip4_netmask = 0; uint32_t ip6_netmask = 0; unsigned int netmask = 0; void *sinx_addr = NULL; void *sinx_network = NULL; int addr_count = 0; int ret; int i; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } errno = 0; ret = getifaddrs(&ifaces); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Could not read interfaces [%d][%s]\n", ret, strerror(ret))); goto done; } for (iface = ifaces; iface != NULL; iface = iface->ifa_next) { /* Some interfaces don't have an ifa_addr */ if (!iface->ifa_addr) continue; netmask = 0; switch (iface->ifa_addr->sa_family) { case AF_INET: ip4_addr = (struct sockaddr_in*)(iface->ifa_addr); ip4_network = (struct sockaddr_in*)(iface->ifa_netmask); /* ignore loopback */ if (inet_netof(ip4_addr->sin_addr) == IN_LOOPBACKNET) { continue; } /* ignore multicast */ if (IN_MULTICAST(ntohl(ip4_addr->sin_addr.s_addr))) { continue; } /* ignore broadcast */ if (ntohl(ip4_addr->sin_addr.s_addr) == INADDR_BROADCAST) { continue; } /* get network mask length */ ip4_netmask = ntohl(ip4_network->sin_addr.s_addr); while (ip4_netmask) { netmask++; ip4_netmask <<= 1; } /* get network address */ ip4_network->sin_addr.s_addr = ip4_addr->sin_addr.s_addr & ip4_network->sin_addr.s_addr; sinx_addr = &ip4_addr->sin_addr; sinx_network = &ip4_network->sin_addr; break; case AF_INET6: ip6_addr = (struct sockaddr_in6*)(iface->ifa_addr); ip6_network = (struct sockaddr_in6*)(iface->ifa_netmask); /* ignore loopback */ if (IN6_IS_ADDR_LOOPBACK(&ip6_addr->sin6_addr)) { continue; } /* ignore multicast */ if (IN6_IS_ADDR_MULTICAST(&ip6_addr->sin6_addr)) { continue; } /* get network mask length */ for (i = 0; i < 4; i++) { ip6_netmask = ntohl(((uint32_t*)(&ip6_network->sin6_addr))[i]); while (ip6_netmask) { netmask++; ip6_netmask <<= 1; } } /* get network address */ for (i = 0; i < 4; i++) { ((uint32_t*)(&ip6_network->sin6_addr))[i] = ((uint32_t*)(&ip6_addr->sin6_addr))[i] & ((uint32_t*)(&ip6_network->sin6_addr))[i]; } sinx_addr = &ip6_addr->sin6_addr; sinx_network = &ip6_network->sin6_addr; break; default: /* skip other families */ continue; } /* ip address */ errno = 0; if (inet_ntop(iface->ifa_addr->sa_family, sinx_addr, ip_addr, INET6_ADDRSTRLEN) == NULL) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("inet_ntop() failed [%d]: %s\n", ret, strerror(ret))); goto done; } /* network */ errno = 0; if (inet_ntop(iface->ifa_addr->sa_family, sinx_network, network_addr, INET6_ADDRSTRLEN) == NULL) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("inet_ntop() failed [%d]: %s\n", ret, strerror(ret))); goto done; } addr_count += 2; ip_addr_list = talloc_realloc(tmp_ctx, ip_addr_list, char*, addr_count + 1); if (ip_addr_list == NULL) { ret = ENOMEM; goto done; } ip_addr_list[addr_count - 2] = talloc_strdup(ip_addr_list, ip_addr); if (ip_addr_list[addr_count - 2] == NULL) { ret = ENOMEM; goto done; } ip_addr_list[addr_count - 1] = talloc_asprintf(ip_addr_list, "%s/%d", network_addr, netmask); if (ip_addr_list[addr_count - 1] == NULL) { ret = ENOMEM; goto done; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Found IP address: %s in network %s/%d\n", ip_addr, network_addr, netmask)); } if (ip_addr_list) { ip_addr_list[addr_count] = NULL; } *_ip_addr_list = talloc_steal(mem_ctx, ip_addr_list); done: freeifaddrs(ifaces); talloc_free(tmp_ctx); return ret; } /* * SUDO allows only one hostname that is returned from gethostname() * (and set to "localhost" if the returned value is empty) * and then - if allowed - resolves its fqdn using gethostbyname() or * getaddrinfo() if available. */ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_sudo_get_hostnames_state *state = NULL; char *dot = NULL; char hostname[HOST_NAME_MAX + 1]; int ret; req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_get_hostnames_state); if (req == NULL) { return NULL; } state->ev = be_ctx->ev; state->hostnames = NULL; /* hostname, fqdn and NULL */ state->hostnames = talloc_zero_array(state, char*, 3); if (state->hostnames == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero_array() failed\n")); ret = ENOMEM; goto done; } /* get hostname */ errno = 0; ret = gethostname(hostname, HOST_NAME_MAX); if (ret != EOK) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve machine hostname " "[%d]: %s\n", ret, strerror(ret))); goto done; } hostname[HOST_NAME_MAX] = '\0'; state->hostnames[0] = talloc_strdup(state->hostnames, hostname); if (state->hostnames[0] == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n")); ret = ENOMEM; goto done; } dot = strchr(hostname, '.'); if (dot != NULL) { /* already a fqdn, determine hostname and finish */ DEBUG(SSSDBG_TRACE_INTERNAL, ("Found fqdn: %s\n", hostname)); *dot = '\0'; DEBUG(SSSDBG_TRACE_INTERNAL, ("Found hostname: %s\n", hostname)); state->hostnames[1] = talloc_strdup(state->hostnames, hostname); if (state->hostnames[1] == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n")); ret = ENOMEM; goto done; } ret = EOK; goto done; } else { DEBUG(SSSDBG_TRACE_INTERNAL, ("Found hostname: %s\n", hostname)); } state->resolv_ctx = be_ctx->be_res->resolv; state->host_db = default_host_dbs; /* get fqdn */ subreq = resolv_gethostbyname_send(state, state->ev, state->resolv_ctx, hostname, be_ctx->be_res->family_order, state->host_db); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_sudo_get_hostnames_done, req); ret = EAGAIN; done: if (ret != EAGAIN) { if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, be_ctx->ev); } return req; } static void sdap_sudo_get_hostnames_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; struct sdap_sudo_get_hostnames_state *state = NULL; struct resolv_hostent *rhostent = NULL; int resolv_status; int ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_sudo_get_hostnames_state); ret = resolv_gethostbyname_recv(subreq, state, &resolv_status, NULL, &rhostent); talloc_zfree(subreq); if (ret == ENOENT) { /* Empty result, just quit */ DEBUG(SSSDBG_TRACE_INTERNAL, ("No hostent found\n")); goto done; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not resolve fqdn for this machine, error [%d]: %s, " "resolver returned: [%d]: %s\n", ret, strerror(ret), resolv_status, resolv_strerror(resolv_status))); tevent_req_error(req, ret); return; } /* EOK */ DEBUG(SSSDBG_TRACE_INTERNAL, ("Found fqdn: %s\n", rhostent->name)); if (state->hostnames == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("state->hostnames is NULL\n")); ret = EINVAL; goto done; } state->hostnames[1] = talloc_strdup(state->hostnames, rhostent->name); if (state->hostnames[1] == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n")); ret = ENOMEM; goto done; } ret = EOK; done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } static int sdap_sudo_get_hostnames_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char ***hostnames) { struct sdap_sudo_get_hostnames_state *state = NULL; state = tevent_req_data(req, struct sdap_sudo_get_hostnames_state); TEVENT_REQ_RETURN_ON_ERROR(req); *hostnames = talloc_steal(mem_ctx, state->hostnames); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_id_op.h0000644000000000000000000000007412320753107021551 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.480875079 sssd-1.11.5/src/providers/ldap/sdap_id_op.h0000664002412700241270000000551212320753107021776 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP ID backend operation retry logic and connection cache Authors: Eugene Indenbom Copyright (C) 2008-2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SDAP_ID_OP_H_ #define _SDAP_ID_OP_H_ struct sdap_id_ctx; struct sdap_id_conn_ctx; /* LDAP async connection cache */ struct sdap_id_conn_cache; /* LDAP async operation tracker: * - keeps track of connection usage * - keeps track of operation retries */ struct sdap_id_op; /* Create a connection cache */ int sdap_id_conn_cache_create(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *id_conn, struct sdap_id_conn_cache** conn_cache_out); /* Create an operation object */ struct sdap_id_op *sdap_id_op_create(TALLOC_CTX *memctx, struct sdap_id_conn_cache *cache); /* Begin to connect to LDAP server. */ struct tevent_req *sdap_id_op_connect_send(struct sdap_id_op *op, TALLOC_CTX *memctx, int *ret_out); /* Get the result of an asynchronous connect operation on sdap_id_op * * In dp_error data provider error code is returned: * DP_ERR_OK - connection established * DP_ERR_OFFLINE - backend is offline, operation result is set EAGAIN * DP_ERR_FATAL - operation failed */ int sdap_id_op_connect_recv(struct tevent_req *req, int *dp_error); /* Report completion of LDAP operation and release associated connection. * Returns operation result (possible updated) passed in ret parameter. * * In dp_error data provider error code is returned: * DP_ERR_OK (operation result = EOK) - operation completed * DP_ERR_OK (operation result != EOK) - operation can be retried * DP_ERR_OFFLINE - backend is offline, operation result is set EAGAIN * DP_ERR_FATAL - operation failed */ int sdap_id_op_done(struct sdap_id_op*, int ret, int *dp_error); /* Get SDAP handle associated with operation by sdap_id_op_connect */ struct sdap_handle *sdap_id_op_handle(struct sdap_id_op *op); /* Get root DSE entry of connected LDAP server */ const struct sysdb_attrs *sdap_id_op_rootDSE(struct sdap_id_op *op); #endif /* _SDAP_ID_OP_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_connection.c0000644000000000000000000000007312320753107024005 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.624874973 sssd-1.11.5/src/providers/ldap/sdap_async_connection.c0000664002412700241270000020743112320753107024237 0ustar00jhrozekjhrozek00000000000000/* SSSD Async LDAP Helper routines Copyright (C) Simo Sorce - 2009 Copyright (C) 2010, rhafer@suse.de, Novell Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "util/util.h" #include "util/sss_krb5.h" #include "util/sss_ldap.h" #include "util/strtonum.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/ldap_common.h" errno_t deref_string_to_val(const char *str, int *val) { if (strcasecmp(str, "never") == 0) { *val = LDAP_DEREF_NEVER; } else if (strcasecmp(str, "searching") == 0) { *val = LDAP_DEREF_SEARCHING; } else if (strcasecmp(str, "finding") == 0) { *val = LDAP_DEREF_FINDING; } else if (strcasecmp(str, "always") == 0) { *val = LDAP_DEREF_ALWAYS; } else { DEBUG(1, ("Illegal deref option [%s].\n", str)); return EINVAL; } return EOK; } /* ==Connect-to-LDAP-Server=============================================== */ struct sdap_rebind_proc_params { struct sdap_options *opts; struct sdap_handle *sh; bool use_start_tls; }; static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *params); struct sdap_connect_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; const char *uri; bool use_start_tls; struct sdap_op *op; struct sdap_msg *reply; int result; }; static void sdap_sys_connect_done(struct tevent_req *subreq); static void sdap_connect_done(struct sdap_op *op, struct sdap_msg *reply, int error, void *pvt); struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, const char *uri, struct sockaddr_storage *sockaddr, bool use_start_tls) { struct tevent_req *req; struct tevent_req *subreq; struct sdap_connect_state *state; int ret; int timeout; req = tevent_req_create(memctx, &state, struct sdap_connect_state); if (!req) return NULL; state->reply = talloc(state, struct sdap_msg); if (!state->reply) { talloc_zfree(req); return NULL; } state->ev = ev; state->opts = opts; state->use_start_tls = use_start_tls; state->uri = talloc_asprintf(state, "%s", uri); if (!state->uri) { talloc_zfree(req); return NULL; } state->sh = sdap_handle_create(state); if (!state->sh) { talloc_zfree(req); return NULL; } state->sh->page_size = dp_opt_get_int(state->opts->basic, SDAP_PAGE_SIZE); timeout = dp_opt_get_int(state->opts->basic, SDAP_NETWORK_TIMEOUT); subreq = sss_ldap_init_send(state, ev, state->uri, sockaddr, sizeof(struct sockaddr_storage), timeout); if (subreq == NULL) { ret = ENOMEM; DEBUG(1, ("sss_ldap_init_send failed.\n")); goto fail; } tevent_req_set_callback(subreq, sdap_sys_connect_done, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void sdap_sys_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_connect_state *state = tevent_req_data(req, struct sdap_connect_state); struct timeval tv; int ver; int lret; int optret; int ret = EOK; int msgid; char *errmsg = NULL; bool ldap_referrals; const char *ldap_deref; int ldap_deref_val; struct sdap_rebind_proc_params *rebind_proc_params; int sd; bool sasl_nocanon; const char *sasl_mech; int sasl_minssf; ber_len_t ber_sasl_minssf; ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd); talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("sdap_async_connect_call request failed.\n")); tevent_req_error(req, ret); return; } ret = setup_ldap_connection_callbacks(state->sh, state->ev); if (ret != EOK) { DEBUG(1, ("setup_ldap_connection_callbacks failed.\n")); goto fail; } /* If sss_ldap_init_recv() does not return a valid file descriptor we have * to assume that the connection callback will be called by internally by * the OpenLDAP client library. */ if (sd != -1) { ret = sdap_call_conn_cb(state->uri, sd, state->sh); if (ret != EOK) { DEBUG(1, ("sdap_call_conn_cb failed.\n")); goto fail; } } /* Force ldap version to 3 */ ver = LDAP_VERSION3; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_PROTOCOL_VERSION, &ver); if (lret != LDAP_OPT_SUCCESS) { DEBUG(1, ("Failed to set ldap version to 3\n")); goto fail; } /* TODO: maybe this can be remove when we go async, currently we need it * to handle EINTR during poll(). */ ret = ldap_set_option(state->sh->ldap, LDAP_OPT_RESTART, LDAP_OPT_ON); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("Failed to set restart option.\n")); } /* Set Network Timeout */ tv.tv_sec = dp_opt_get_int(state->opts->basic, SDAP_NETWORK_TIMEOUT); tv.tv_usec = 0; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_NETWORK_TIMEOUT, &tv); if (lret != LDAP_OPT_SUCCESS) { DEBUG(1, ("Failed to set network timeout to %d\n", dp_opt_get_int(state->opts->basic, SDAP_NETWORK_TIMEOUT))); goto fail; } /* Set Default Timeout */ tv.tv_sec = dp_opt_get_int(state->opts->basic, SDAP_OPT_TIMEOUT); tv.tv_usec = 0; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_TIMEOUT, &tv); if (lret != LDAP_OPT_SUCCESS) { DEBUG(1, ("Failed to set default timeout to %d\n", dp_opt_get_int(state->opts->basic, SDAP_OPT_TIMEOUT))); goto fail; } /* Set Referral chasing */ ldap_referrals = dp_opt_get_bool(state->opts->basic, SDAP_REFERRALS); lret = ldap_set_option(state->sh->ldap, LDAP_OPT_REFERRALS, (ldap_referrals ? LDAP_OPT_ON : LDAP_OPT_OFF)); if (lret != LDAP_OPT_SUCCESS) { DEBUG(1, ("Failed to set referral chasing to %s\n", (ldap_referrals ? "LDAP_OPT_ON" : "LDAP_OPT_OFF"))); goto fail; } if (ldap_referrals) { rebind_proc_params = talloc_zero(state->sh, struct sdap_rebind_proc_params); if (rebind_proc_params == NULL) { DEBUG(1, ("talloc_zero failed.\n")); ret = ENOMEM; goto fail; } rebind_proc_params->opts = state->opts; rebind_proc_params->sh = state->sh; rebind_proc_params->use_start_tls = state->use_start_tls; lret = ldap_set_rebind_proc(state->sh->ldap, sdap_rebind_proc, rebind_proc_params); if (lret != LDAP_SUCCESS) { DEBUG(1, ("ldap_set_rebind_proc failed.\n")); goto fail; } } /* Set alias dereferencing */ ldap_deref = dp_opt_get_string(state->opts->basic, SDAP_DEREF); if (ldap_deref != NULL) { ret = deref_string_to_val(ldap_deref, &ldap_deref_val); if (ret != EOK) { DEBUG(1, ("deref_string_to_val failed.\n")); goto fail; } lret = ldap_set_option(state->sh->ldap, LDAP_OPT_DEREF, &ldap_deref_val); if (lret != LDAP_OPT_SUCCESS) { DEBUG(1, ("Failed to set deref option to %d\n", ldap_deref_val)); goto fail; } } /* Set host name canonicalization for LDAP SASL bind */ sasl_nocanon = !dp_opt_get_bool(state->opts->basic, SDAP_SASL_CANONICALIZE); lret = ldap_set_option(state->sh->ldap, LDAP_OPT_X_SASL_NOCANON, sasl_nocanon ? LDAP_OPT_ON : LDAP_OPT_OFF); if (lret != LDAP_OPT_SUCCESS) { /* Do not fail, just warn into both debug logs and syslog */ DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to set LDAP SASL nocanon option to %s. If your system " "is configured to use SASL, LDAP operations might fail.\n", sasl_nocanon ? "true" : "false")); sss_log(SSS_LOG_INFO, "Failed to set LDAP SASL nocanon option to %s. If your system " "is configured to use SASL, LDAP operations might fail.\n", sasl_nocanon ? "true" : "false"); } sasl_mech = dp_opt_get_string(state->opts->basic, SDAP_SASL_MECH); if (sasl_mech != NULL) { sasl_minssf = dp_opt_get_int(state->opts->basic, SDAP_SASL_MINSSF); if (sasl_minssf >= 0) { ber_sasl_minssf = (ber_len_t)sasl_minssf; lret = ldap_set_option(state->sh->ldap, LDAP_OPT_X_SASL_SSF_MIN, &ber_sasl_minssf); if (lret != LDAP_OPT_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to set LDAP MIN SSF option " "to %d\n", sasl_minssf)); goto fail; } } } /* if we do not use start_tls the connection is not really connected yet * just fake an async procedure and leave connection to the bind call */ if (!state->use_start_tls) { tevent_req_done(req); return; } DEBUG(4, ("Executing START TLS\n")); lret = ldap_start_tls(state->sh->ldap, NULL, NULL, &msgid); if (lret != LDAP_SUCCESS) { optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &errmsg); if (optret == LDAP_SUCCESS) { DEBUG(3, ("ldap_start_tls failed: [%s] [%s]\n", sss_ldap_err2string(lret), errmsg)); sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg); } else { DEBUG(3, ("ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret))); sss_log(SSS_LOG_ERR, "Could not start TLS. " "Check for certificate issues."); } goto fail; } ret = sdap_set_connected(state->sh, state->ev); if (ret) goto fail; /* FIXME: get timeouts from configuration, for now 5 secs. */ ret = sdap_op_add(state, state->ev, state->sh, msgid, sdap_connect_done, req, 5, &state->op); if (ret) { DEBUG(1, ("Failed to set up operation!\n")); goto fail; } return; fail: if (ret) { tevent_req_error(req, ret); } else { if (lret == LDAP_SERVER_DOWN) { tevent_req_error(req, ETIMEDOUT); } else { tevent_req_error(req, EIO); } } return; } static void sdap_connect_done(struct sdap_op *op, struct sdap_msg *reply, int error, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct sdap_connect_state *state = tevent_req_data(req, struct sdap_connect_state); char *errmsg = NULL; char *tlserr; int ret; int optret; if (error) { tevent_req_error(req, error); return; } state->reply = talloc_steal(state, reply); ret = ldap_parse_result(state->sh->ldap, state->reply->msg, &state->result, NULL, &errmsg, NULL, NULL, 0); if (ret != LDAP_SUCCESS) { DEBUG(2, ("ldap_parse_result failed (%d)\n", state->op->msgid)); tevent_req_error(req, EIO); return; } DEBUG(3, ("START TLS result: %s(%d), %s\n", sss_ldap_err2string(state->result), state->result, errmsg)); ldap_memfree(errmsg); if (ldap_tls_inplace(state->sh->ldap)) { DEBUG(9, ("SSL/TLS handler already in place.\n")); tevent_req_done(req); return; } /* FIXME: take care that ldap_install_tls might block */ ret = ldap_install_tls(state->sh->ldap); if (ret != LDAP_SUCCESS) { optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &tlserr); if (optret == LDAP_SUCCESS) { DEBUG(3, ("ldap_install_tls failed: [%s] [%s]\n", sss_ldap_err2string(ret), tlserr)); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", tlserr); } else { DEBUG(3, ("ldap_install_tls failed: [%s]\n", sss_ldap_err2string(ret))); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. " "Check for certificate issues."); } state->result = ret; tevent_req_error(req, EIO); return; } tevent_req_done(req); } int sdap_connect_recv(struct tevent_req *req, TALLOC_CTX *memctx, struct sdap_handle **sh) { struct sdap_connect_state *state = tevent_req_data(req, struct sdap_connect_state); TEVENT_REQ_RETURN_ON_ERROR(req); *sh = talloc_steal(memctx, state->sh); if (!*sh) { return ENOMEM; } return EOK; } struct sdap_connect_host_state { struct tevent_context *ev; struct sdap_options *opts; char *uri; char *protocol; char *host; int port; bool use_start_tls; struct sdap_handle *sh; }; static void sdap_connect_host_resolv_done(struct tevent_req *subreq); static void sdap_connect_host_done(struct tevent_req *subreq); struct tevent_req *sdap_connect_host_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct resolv_ctx *resolv_ctx, enum restrict_family family_order, enum host_database *host_db, const char *protocol, const char *host, int port, bool use_start_tls) { struct sdap_connect_host_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_connect_host_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->ev = ev; state->opts = opts; state->port = port; state->use_start_tls = use_start_tls; state->protocol = talloc_strdup(state, protocol); if (state->protocol == NULL) { ret = ENOMEM; goto immediately; } state->host = talloc_strdup(state, host); if (state->host == NULL) { ret = ENOMEM; goto immediately; } state->uri = talloc_asprintf(state, "%s://%s:%d", protocol, host, port); if (state->uri == NULL) { ret = ENOMEM; goto immediately; } DEBUG(SSSDBG_TRACE_FUNC, ("Resolving host %s\n", host)); subreq = resolv_gethostbyname_send(state, state->ev, resolv_ctx, host, family_order, host_db); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_connect_host_resolv_done, req); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void sdap_connect_host_resolv_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; struct sdap_connect_host_state *state = NULL; struct resolv_hostent *hostent = NULL; struct sockaddr_storage *sockaddr = NULL; int status; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_connect_host_state); ret = resolv_gethostbyname_recv(subreq, state, &status, NULL, &hostent); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to resolve host %s: %s\n", state->host, resolv_strerror(status))); goto done; } sockaddr = resolv_get_sockaddr_address(state, hostent, state->port); if (sockaddr == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("resolv_get_sockaddr_address() failed\n")); ret = EIO; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Connecting to %s\n", state->uri)); subreq = sdap_connect_send(state, state->ev, state->opts, state->uri, sockaddr, state->use_start_tls); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_connect_host_done, req); ret = EAGAIN; done: if (ret == EOK) { tevent_req_done(req); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } static void sdap_connect_host_done(struct tevent_req *subreq) { struct sdap_connect_host_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_connect_host_state); ret = sdap_connect_recv(subreq, state, &state->sh); talloc_zfree(subreq); if (ret != EOK) { goto done; } /* if TLS was used, the sdap handle is already marked as connected */ if (!state->use_start_tls) { /* we need to mark handle as connected to allow anonymous bind */ ret = sdap_set_connected(state->sh, state->ev); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_set_connected() failed\n")); goto done; } } DEBUG(SSSDBG_TRACE_FUNC, ("Successful connection to %s\n", state->uri)); done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } errno_t sdap_connect_host_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct sdap_handle **_sh) { struct sdap_connect_host_state *state = NULL; state = tevent_req_data(req, struct sdap_connect_host_state); TEVENT_REQ_RETURN_ON_ERROR(req); *_sh = talloc_steal(mem_ctx, state->sh); return EOK; } /* ==Simple-Bind========================================================== */ struct simple_bind_state { struct tevent_context *ev; struct sdap_handle *sh; const char *user_dn; struct berval *pw; struct sdap_op *op; struct sdap_msg *reply; struct sdap_ppolicy_data *ppolicy; }; static void simple_bind_done(struct sdap_op *op, struct sdap_msg *reply, int error, void *pvt); static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_handle *sh, const char *user_dn, struct berval *pw) { struct tevent_req *req; struct simple_bind_state *state; int ret = EOK; int msgid; int ldap_err; LDAPControl **request_controls = NULL; LDAPControl *ctrls[2] = { NULL, NULL }; req = tevent_req_create(memctx, &state, struct simple_bind_state); if (!req) return NULL; state->reply = talloc(state, struct sdap_msg); if (!state->reply) { talloc_zfree(req); return NULL; } state->ev = ev; state->sh = sh; state->user_dn = user_dn; state->pw = pw; ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST, 0, NULL, 0, &ctrls[0]); if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { DEBUG(1, ("sss_ldap_control_create failed to create " "Password Policy control.\n")); goto fail; } request_controls = ctrls; DEBUG(4, ("Executing simple bind as: %s\n", state->user_dn)); ret = ldap_sasl_bind(state->sh->ldap, state->user_dn, LDAP_SASL_SIMPLE, pw, request_controls, NULL, &msgid); if (ctrls[0]) ldap_control_free(ctrls[0]); if (ret == -1 || msgid == -1) { ret = ldap_get_option(state->sh->ldap, LDAP_OPT_RESULT_CODE, &ldap_err); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("ldap_bind failed (couldn't get ldap error)\n")); ret = LDAP_LOCAL_ERROR; } else { DEBUG(1, ("ldap_bind failed (%d)[%s]\n", ldap_err, sss_ldap_err2string(ldap_err))); ret = ldap_err; } goto fail; } DEBUG(8, ("ldap simple bind sent, msgid = %d\n", msgid)); if (!sh->connected) { ret = sdap_set_connected(sh, ev); if (ret) goto fail; } /* FIXME: get timeouts from configuration, for now 5 secs. */ ret = sdap_op_add(state, ev, sh, msgid, simple_bind_done, req, 5, &state->op); if (ret) { DEBUG(1, ("Failed to set up operation!\n")); goto fail; } return req; fail: if (ret == LDAP_SERVER_DOWN) { tevent_req_error(req, ETIMEDOUT); } else { tevent_req_error(req, ERR_NETWORK_IO); } tevent_req_post(req, ev); return req; } static void simple_bind_done(struct sdap_op *op, struct sdap_msg *reply, int error, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct simple_bind_state *state = tevent_req_data(req, struct simple_bind_state); char *errmsg = NULL; char *nval; errno_t ret = ERR_INTERNAL; int lret; LDAPControl **response_controls; int c; ber_int_t pp_grace; ber_int_t pp_expire; LDAPPasswordPolicyError pp_error; int result = LDAP_OTHER; if (error) { tevent_req_error(req, error); return; } state->reply = talloc_steal(state, reply); lret = ldap_parse_result(state->sh->ldap, state->reply->msg, &result, NULL, &errmsg, NULL, &response_controls, 0); if (lret != LDAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("ldap_parse_result failed (%d)\n", state->op->msgid)); ret = ERR_INTERNAL; goto done; } if (result == LDAP_SUCCESS) { ret = EOK; } else { ret = ERR_AUTH_FAILED; } if (response_controls == NULL) { DEBUG(SSSDBG_TRACE_LIBS, ("Server returned no controls.\n")); state->ppolicy = NULL; } else { for (c = 0; response_controls[c] != NULL; c++) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Server returned control [%s].\n", response_controls[c]->ldctl_oid)); if (strcmp(response_controls[c]->ldctl_oid, LDAP_CONTROL_PASSWORDPOLICYRESPONSE) == 0) { lret = ldap_parse_passwordpolicy_control(state->sh->ldap, response_controls[c], &pp_expire, &pp_grace, &pp_error); if (lret != LDAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("ldap_parse_passwordpolicy_control failed.\n")); ret = ERR_INTERNAL; goto done; } DEBUG(7, ("Password Policy Response: expire [%d] grace [%d] " "error [%s].\n", pp_expire, pp_grace, ldap_passwordpolicy_err2txt(pp_error))); if (!state->ppolicy) state->ppolicy = talloc_zero(state, struct sdap_ppolicy_data); if (state->ppolicy == NULL) { ret = ENOMEM; goto done; } state->ppolicy->grace = pp_grace; state->ppolicy->expire = pp_expire; if (result == LDAP_SUCCESS) { if (pp_error == PP_changeAfterReset) { DEBUG(SSSDBG_TRACE_LIBS, ("Password was reset. " "User must set a new password.\n")); ret = ERR_PASSWORD_EXPIRED; } else if (pp_grace >= 0) { DEBUG(SSSDBG_TRACE_LIBS, ("Password expired. " "[%d] grace logins remaining.\n", pp_grace)); } else if (pp_expire > 0) { DEBUG(SSSDBG_TRACE_LIBS, ("Password will expire in [%d] seconds.\n", pp_expire)); } } else if (result == LDAP_INVALID_CREDENTIALS && pp_error == PP_passwordExpired) { DEBUG(SSSDBG_TRACE_LIBS, ("Password expired user must set a new password.\n")); ret = ERR_PASSWORD_EXPIRED; } } else if (strcmp(response_controls[c]->ldctl_oid, LDAP_CONTROL_PWEXPIRED) == 0) { DEBUG(SSSDBG_TRACE_LIBS, ("Password expired user must set a new password.\n")); ret = ERR_PASSWORD_EXPIRED; } else if (strcmp(response_controls[c]->ldctl_oid, LDAP_CONTROL_PWEXPIRING) == 0) { /* ignore controls with suspiciously long values */ if (response_controls[c]->ldctl_value.bv_len > 32) { continue; } if (!state->ppolicy) { state->ppolicy = talloc(state, struct sdap_ppolicy_data); } if (state->ppolicy == NULL) { ret = ENOMEM; goto done; } /* ensure that bv_val is a null-terminated string */ nval = talloc_strndup(NULL, response_controls[c]->ldctl_value.bv_val, response_controls[c]->ldctl_value.bv_len); if (nval == NULL) { ret = ENOMEM; goto done; } state->ppolicy->expire = strtouint32(nval, NULL, 10); ret = errno; talloc_zfree(nval); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Couldn't convert control response " "to an integer [%s].\n", strerror(ret))); goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Password will expire in [%d] seconds.\n", state->ppolicy->expire)); } } } DEBUG(SSSDBG_TRACE_FUNC, ("Bind result: %s(%d), %s\n", sss_ldap_err2string(result), result, errmsg ? errmsg : "no errmsg set")); if (result != LDAP_SUCCESS && ret == EOK) { ret = ERR_AUTH_FAILED; } done: ldap_controls_free(response_controls); ldap_memfree(errmsg); if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } static errno_t simple_bind_recv(struct tevent_req *req, TALLOC_CTX *memctx, struct sdap_ppolicy_data **ppolicy) { struct simple_bind_state *state = tevent_req_data(req, struct simple_bind_state); if (ppolicy != NULL) { *ppolicy = talloc_steal(memctx, state->ppolicy); } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==SASL-Bind============================================================ */ struct sasl_bind_state { struct tevent_context *ev; struct sdap_handle *sh; const char *sasl_mech; const char *sasl_user; struct berval *sasl_cred; }; static int sdap_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *interact); static struct tevent_req *sasl_bind_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_handle *sh, const char *sasl_mech, const char *sasl_user, struct berval *sasl_cred) { struct tevent_req *req; struct sasl_bind_state *state; int ret = EOK; int optret; char *diag_msg = NULL; req = tevent_req_create(memctx, &state, struct sasl_bind_state); if (!req) return NULL; state->ev = ev; state->sh = sh; state->sasl_mech = sasl_mech; state->sasl_user = sasl_user; state->sasl_cred = sasl_cred; DEBUG(4, ("Executing sasl bind mech: %s, user: %s\n", sasl_mech, sasl_user)); /* FIXME: Warning, this is a sync call! * No async variant exist in openldap libraries yet */ ret = ldap_sasl_interactive_bind_s(state->sh->ldap, NULL, sasl_mech, NULL, NULL, LDAP_SASL_QUIET, (*sdap_sasl_interact), state); if (ret != LDAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("ldap_sasl_bind failed (%d)[%s]\n", ret, sss_ldap_err2string(ret))); optret = sss_ldap_get_diagnostic_msg(state, state->sh->ldap, &diag_msg); if (optret == EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Extended failure message: [%s]\n", diag_msg)); } talloc_zfree(diag_msg); goto fail; } if (!sh->connected) { ret = sdap_set_connected(sh, ev); if (ret) goto fail; } /* This is a hack, relies on the fact that tevent_req_done() will always * set the state but will not complain if no callback has been set. * tevent_req_post() will only set the immediate event and then just call * the async callback set by the caller right after we return using the * state value set previously by tevent_req_done() */ tevent_req_done(req); tevent_req_post(req, ev); return req; fail: if (ret == LDAP_SERVER_DOWN || ret == LDAP_TIMEOUT) { tevent_req_error(req, ETIMEDOUT); } else { tevent_req_error(req, ERR_AUTH_FAILED); } tevent_req_post(req, ev); return req; } static int sdap_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void *interact) { struct sasl_bind_state *state = talloc_get_type(defaults, struct sasl_bind_state); sasl_interact_t *in = (sasl_interact_t *)interact; if (!ld) return LDAP_PARAM_ERROR; while (in->id != SASL_CB_LIST_END) { switch (in->id) { case SASL_CB_GETREALM: case SASL_CB_USER: case SASL_CB_PASS: if (in->defresult) { in->result = in->defresult; } else { in->result = ""; } in->len = strlen(in->result); break; case SASL_CB_AUTHNAME: if (state->sasl_user) { in->result = state->sasl_user; } else if (in->defresult) { in->result = in->defresult; } else { in->result = ""; } in->len = strlen(in->result); break; case SASL_CB_NOECHOPROMPT: case SASL_CB_ECHOPROMPT: goto fail; } in++; } return LDAP_SUCCESS; fail: return LDAP_UNAVAILABLE; } static errno_t sasl_bind_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==Perform-Kinit-given-keytab-and-principal============================= */ struct sdap_kinit_state { const char *keytab; const char *principal; const char *realm; int timeout; int lifetime; const char *krb_service_name; struct tevent_context *ev; struct be_ctx *be; struct fo_server *kdc_srv; time_t expire_time; }; static void sdap_kinit_done(struct tevent_req *subreq); static struct tevent_req *sdap_kinit_next_kdc(struct tevent_req *req); static void sdap_kinit_kdc_resolved(struct tevent_req *subreq); static struct tevent_req *sdap_kinit_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct be_ctx *be, struct sdap_handle *sh, const char *krb_service_name, int timeout, const char *keytab, const char *principal, const char *realm, bool canonicalize, int lifetime) { struct tevent_req *req; struct tevent_req *subreq; struct sdap_kinit_state *state; int ret; DEBUG(6, ("Attempting kinit (%s, %s, %s, %d)\n", keytab ? keytab : "default", principal, realm, lifetime)); if (lifetime < 0 || lifetime > INT32_MAX) { DEBUG(1, ("Ticket lifetime out of range.\n")); return NULL; } req = tevent_req_create(memctx, &state, struct sdap_kinit_state); if (!req) return NULL; state->keytab = keytab; state->principal = principal; state->realm = realm; state->ev = ev; state->be = be; state->timeout = timeout; state->lifetime = lifetime; state->krb_service_name = krb_service_name; if (keytab) { ret = setenv("KRB5_KTNAME", keytab, 1); if (ret == -1) { DEBUG(2, ("Failed to set KRB5_KTNAME to %s\n", keytab)); talloc_free(req); return NULL; } } if (canonicalize) { ret = setenv("KRB5_CANONICALIZE", "true", 1); } else { ret = setenv("KRB5_CANONICALIZE", "false", 1); } if (ret == -1) { DEBUG(2, ("Failed to set KRB5_CANONICALIZE to %s\n", ((canonicalize)?"true":"false"))); talloc_free(req); return NULL; } subreq = sdap_kinit_next_kdc(req); if (!subreq) { talloc_free(req); return NULL; } return req; } static struct tevent_req *sdap_kinit_next_kdc(struct tevent_req *req) { struct tevent_req *next_req; struct sdap_kinit_state *state = tevent_req_data(req, struct sdap_kinit_state); DEBUG(7, ("Resolving next KDC for service %s\n", state->krb_service_name)); next_req = be_resolve_server_send(state, state->ev, state->be, state->krb_service_name, state->kdc_srv == NULL ? true : false); if (next_req == NULL) { DEBUG(1, ("be_resolve_server_send failed.\n")); return NULL; } tevent_req_set_callback(next_req, sdap_kinit_kdc_resolved, req); return next_req; } static void sdap_kinit_kdc_resolved(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_kinit_state *state = tevent_req_data(req, struct sdap_kinit_state); struct tevent_req *tgtreq; int ret; ret = be_resolve_server_recv(subreq, &state->kdc_srv); talloc_zfree(subreq); if (ret != EOK) { /* all servers have been tried and none * was found good, go offline */ tevent_req_error(req, ERR_NETWORK_IO); return; } DEBUG(7, ("KDC resolved, attempting to get TGT...\n")); tgtreq = sdap_get_tgt_send(state, state->ev, state->realm, state->principal, state->keytab, state->lifetime, state->timeout); if (!tgtreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(tgtreq, sdap_kinit_done, req); } static void sdap_kinit_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_kinit_state *state = tevent_req_data(req, struct sdap_kinit_state); int ret; int result; char *ccname = NULL; time_t expire_time = 0; krb5_error_code kerr; struct tevent_req *nextreq; ret = sdap_get_tgt_recv(subreq, state, &result, &kerr, &ccname, &expire_time); talloc_zfree(subreq); if (ret == ETIMEDOUT) { /* The child didn't even respond. Perhaps the KDC is too busy, * retry with another KDC */ DEBUG(SSSDBG_MINOR_FAILURE, ("Communication with KDC timed out, trying the next one\n")); be_fo_set_port_status(state->be, state->krb_service_name, state->kdc_srv, PORT_NOT_WORKING); nextreq = sdap_kinit_next_kdc(req); if (!nextreq) { tevent_req_error(req, ENOMEM); } return; } else if (ret != EOK) { /* A severe error while executing the child. Abort the operation. */ DEBUG(1, ("child failed (%d [%s])\n", ret, strerror(ret))); tevent_req_error(req, ret); return; } if (result == EOK) { ret = setenv("KRB5CCNAME", ccname, 1); if (ret == -1) { DEBUG(2, ("Unable to set env. variable KRB5CCNAME!\n")); tevent_req_error(req, ERR_AUTH_FAILED); } state->expire_time = expire_time; tevent_req_done(req); return; } else { if (kerr == KRB5_KDC_UNREACH) { be_fo_set_port_status(state->be, state->krb_service_name, state->kdc_srv, PORT_NOT_WORKING); nextreq = sdap_kinit_next_kdc(req); if (!nextreq) { tevent_req_error(req, ENOMEM); } return; } } DEBUG(4, ("Could not get TGT: %d [%s]\n", result, sss_strerror(result))); tevent_req_error(req, ERR_AUTH_FAILED); } static errno_t sdap_kinit_recv(struct tevent_req *req, time_t *expire_time) { struct sdap_kinit_state *state = tevent_req_data(req, struct sdap_kinit_state); enum tevent_req_state tstate; uint64_t err = ERR_INTERNAL; if (tevent_req_is_error(req, &tstate, &err)) { if (tstate != TEVENT_REQ_IN_PROGRESS) { return err; } } *expire_time = state->expire_time; return EOK; } /* ==Authenticaticate-User-by-DN========================================== */ struct sdap_auth_state { struct sdap_ppolicy_data *ppolicy; bool is_sasl; }; static void sdap_auth_done(struct tevent_req *subreq); /* TODO: handle sasl_cred */ struct tevent_req *sdap_auth_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_handle *sh, const char *sasl_mech, const char *sasl_user, const char *user_dn, struct sss_auth_token *authtok) { struct tevent_req *req, *subreq; struct sdap_auth_state *state; req = tevent_req_create(memctx, &state, struct sdap_auth_state); if (!req) return NULL; if (sasl_mech) { state->is_sasl = true; subreq = sasl_bind_send(state, ev, sh, sasl_mech, sasl_user, NULL); if (!subreq) { tevent_req_error(req, ENOMEM); return tevent_req_post(req, ev); } } else { const char *password = NULL; struct berval pw; size_t pwlen; errno_t ret; ret = sss_authtok_get_password(authtok, &password, &pwlen); if (ret != EOK) { DEBUG(1, ("Cannot parse authtok.\n")); tevent_req_error(req, ret); return tevent_req_post(req, ev); } /* Treat a zero-length password as a failure */ if (*password == '\0') { tevent_req_error(req, ENOENT); return tevent_req_post(req, ev); } pw.bv_val = discard_const(password); pw.bv_len = pwlen; state->is_sasl = false; subreq = simple_bind_send(state, ev, sh, user_dn, &pw); if (!subreq) { tevent_req_error(req, ENOMEM); return tevent_req_post(req, ev); } } tevent_req_set_callback(subreq, sdap_auth_done, req); return req; } static int sdap_auth_get_authtok(const char *authtok_type, struct dp_opt_blob authtok, struct berval *pw) { if (!authtok_type) return EOK; if (!pw) return EINVAL; if (strcasecmp(authtok_type,"password") == 0) { pw->bv_len = authtok.length; pw->bv_val = (char *) authtok.data; } else { DEBUG(1, ("Authentication token type [%s] is not supported\n", authtok_type)); return EINVAL; } return EOK; } static void sdap_auth_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_auth_state *state = tevent_req_data(req, struct sdap_auth_state); int ret; if (state->is_sasl) { ret = sasl_bind_recv(subreq); state->ppolicy = NULL; } else { ret = simple_bind_recv(subreq, state, &state->ppolicy); } if (tevent_req_error(req, ret)) { return; } tevent_req_done(req); } errno_t sdap_auth_recv(struct tevent_req *req, TALLOC_CTX *memctx, struct sdap_ppolicy_data **ppolicy) { struct sdap_auth_state *state = tevent_req_data(req, struct sdap_auth_state); if (ppolicy != NULL) { *ppolicy = talloc_steal(memctx, state->ppolicy); } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==Client connect============================================ */ struct sdap_cli_connect_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_service *service; struct be_ctx *be; bool use_rootdse; struct sysdb_attrs *rootdse; struct sdap_handle *sh; struct fo_server *srv; struct sdap_server_opts *srv_opts; enum connect_tls force_tls; bool do_auth; }; static int sdap_cli_resolve_next(struct tevent_req *req); static void sdap_cli_resolve_done(struct tevent_req *subreq); static void sdap_cli_connect_done(struct tevent_req *subreq); static void sdap_cli_rootdse_step(struct tevent_req *req); static void sdap_cli_rootdse_done(struct tevent_req *subreq); static errno_t sdap_cli_use_rootdse(struct sdap_cli_connect_state *state); static void sdap_cli_kinit_step(struct tevent_req *req); static void sdap_cli_kinit_done(struct tevent_req *subreq); static void sdap_cli_auth_step(struct tevent_req *req); static void sdap_cli_auth_done(struct tevent_req *subreq); static void sdap_cli_rootdse_auth_done(struct tevent_req *subreq); struct tevent_req *sdap_cli_connect_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct be_ctx *be, struct sdap_service *service, bool skip_rootdse, enum connect_tls force_tls, bool skip_auth) { struct sdap_cli_connect_state *state; struct tevent_req *req; int ret; req = tevent_req_create(memctx, &state, struct sdap_cli_connect_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->service = service; state->be = be; state->srv = NULL; state->srv_opts = NULL; state->use_rootdse = !skip_rootdse; state->force_tls = force_tls; state->do_auth = !skip_auth; ret = sdap_cli_resolve_next(req); if (ret) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static int sdap_cli_resolve_next(struct tevent_req *req) { struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); struct tevent_req *subreq; /* Before stepping to next server destroy any connection from previous attempt */ talloc_zfree(state->sh); /* NOTE: this call may cause service->uri to be refreshed * with a new valid server. Do not use service->uri before */ subreq = be_resolve_server_send(state, state->ev, state->be, state->service->name, state->srv == NULL ? true : false); if (!subreq) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_cli_resolve_done, req); return EOK; } static void sdap_cli_resolve_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); int ret; bool use_tls = true; switch (state->force_tls) { case CON_TLS_DFL: use_tls = dp_opt_get_bool(state->opts->basic, SDAP_ID_TLS); break; case CON_TLS_ON: use_tls = true; break; case CON_TLS_OFF: use_tls = false; break; default: tevent_req_error(req, EINVAL); break; } ret = be_resolve_server_recv(subreq, &state->srv); talloc_zfree(subreq); if (ret) { state->srv = NULL; /* all servers have been tried and none * was found good, go offline */ tevent_req_error(req, EIO); return; } if (use_tls && sdap_is_secure_uri(state->service->uri)) { DEBUG(8, ("[%s] is a secure channel. No need to run START_TLS\n", state->service->uri)); use_tls = false; } subreq = sdap_connect_send(state, state->ev, state->opts, state->service->uri, state->service->sockaddr, use_tls); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_cli_connect_done, req); } static void sdap_cli_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); const char *sasl_mech; int ret; talloc_zfree(state->sh); ret = sdap_connect_recv(subreq, state, &state->sh); talloc_zfree(subreq); if (ret) { /* retry another server */ be_fo_set_port_status(state->be, state->service->name, state->srv, PORT_NOT_WORKING); ret = sdap_cli_resolve_next(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } if (state->use_rootdse) { /* fetch the rootDSE this time */ sdap_cli_rootdse_step(req); return; } sasl_mech = dp_opt_get_string(state->opts->basic, SDAP_SASL_MECH); if (state->do_auth && sasl_mech && state->use_rootdse) { /* check if server claims to support GSSAPI */ if (!sdap_is_sasl_mech_supported(state->sh, sasl_mech)) { tevent_req_error(req, ENOTSUP); return; } } if (state->do_auth && sasl_mech && (strcasecmp(sasl_mech, "GSSAPI") == 0)) { if (dp_opt_get_bool(state->opts->basic, SDAP_KRB5_KINIT)) { sdap_cli_kinit_step(req); return; } } sdap_cli_auth_step(req); } static void sdap_cli_rootdse_step(struct tevent_req *req) { struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); struct tevent_req *subreq; int ret; subreq = sdap_get_rootdse_send(state, state->ev, state->opts, state->sh); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_cli_rootdse_done, req); if (!state->sh->connected) { /* this rootdse search is performed before we actually do a bind, * so we need to set up the callbacks or we will never get notified * of a reply */ ret = sdap_set_connected(state->sh, state->ev); if (ret) { tevent_req_error(req, ret); } } } static void sdap_cli_rootdse_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); const char *sasl_mech; int ret; ret = sdap_get_rootdse_recv(subreq, state, &state->rootdse); talloc_zfree(subreq); if (ret) { if (ret == ETIMEDOUT) { /* retry another server */ be_fo_set_port_status(state->be, state->service->name, state->srv, PORT_NOT_WORKING); ret = sdap_cli_resolve_next(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } /* RootDSE was not available on * the server. * Continue, and just assume that the * features requested by the config * work properly. */ state->rootdse = NULL; } ret = sdap_cli_use_rootdse(state); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_cli_use_rootdse failed\n")); tevent_req_error(req, ret); return; } sasl_mech = dp_opt_get_string(state->opts->basic, SDAP_SASL_MECH); if (state->do_auth && sasl_mech && state->rootdse) { /* check if server claims to support GSSAPI */ if (!sdap_is_sasl_mech_supported(state->sh, sasl_mech)) { tevent_req_error(req, ENOTSUP); return; } } if (state->do_auth && sasl_mech && (strcasecmp(sasl_mech, "GSSAPI") == 0)) { if (dp_opt_get_bool(state->opts->basic, SDAP_KRB5_KINIT)) { sdap_cli_kinit_step(req); return; } } sdap_cli_auth_step(req); } static errno_t sdap_cli_use_rootdse(struct sdap_cli_connect_state *state) { errno_t ret; if (state->rootdse) { /* save rootdse data about supported features */ ret = sdap_set_rootdse_supported_lists(state->rootdse, state->sh); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_set_rootdse_supported_lists failed\n")); return ret; } ret = sdap_set_config_options_with_rootdse(state->rootdse, state->opts, state->opts->sdom); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_set_config_options_with_rootdse failed.\n")); return ret; } } ret = sdap_get_server_opts_from_rootdse(state, state->service->uri, state->rootdse, state->opts, &state->srv_opts); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_server_opts_from_rootdse failed.\n")); return ret; } return EOK; } static void sdap_cli_kinit_step(struct tevent_req *req) { struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); struct tevent_req *subreq; const char *realm; realm = dp_opt_get_string(state->opts->basic, SDAP_SASL_REALM); if (!realm) { realm = dp_opt_get_string(state->opts->basic, SDAP_KRB5_REALM); } subreq = sdap_kinit_send(state, state->ev, state->be, state->sh, state->service->kinit_service_name, dp_opt_get_int(state->opts->basic, SDAP_OPT_TIMEOUT), dp_opt_get_string(state->opts->basic, SDAP_KRB5_KEYTAB), dp_opt_get_string(state->opts->basic, SDAP_SASL_AUTHID), realm, dp_opt_get_bool(state->opts->basic, SDAP_KRB5_CANONICALIZE), dp_opt_get_int(state->opts->basic, SDAP_KRB5_TICKET_LIFETIME)); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_cli_kinit_done, req); } static void sdap_cli_kinit_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); time_t expire_time = 0; errno_t ret; ret = sdap_kinit_recv(subreq, &expire_time); talloc_zfree(subreq); if (ret != EOK) { /* We're not able to authenticate to the LDAP server. * There's not much we can do except for going offline */ DEBUG(SSSDBG_TRACE_FUNC, ("Cannot get a TGT: ret [%d](%s)\n", ret, sss_strerror(ret))); tevent_req_error(req, EACCES); return; } state->sh->expire_time = expire_time; sdap_cli_auth_step(req); } static void sdap_cli_auth_step(struct tevent_req *req) { struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); struct tevent_req *subreq; time_t now; int expire_timeout; const char *sasl_mech = dp_opt_get_string(state->opts->basic, SDAP_SASL_MECH); const char *user_dn = dp_opt_get_string(state->opts->basic, SDAP_DEFAULT_BIND_DN); const char *authtok_type; struct dp_opt_blob authtok_blob; struct sss_auth_token *authtok; errno_t ret; /* Set the LDAP expiration time * If SASL has already set it, use the sooner of the two */ now = time(NULL); expire_timeout = dp_opt_get_int(state->opts->basic, SDAP_EXPIRE_TIMEOUT); DEBUG(SSSDBG_CONF_SETTINGS, ("expire timeout is %d\n", expire_timeout)); if (!state->sh->expire_time || (state->sh->expire_time > (now + expire_timeout))) { state->sh->expire_time = now + expire_timeout; DEBUG(SSSDBG_TRACE_LIBS, ("the connection will expire at %ld\n", state->sh->expire_time)); } if (!state->do_auth || (sasl_mech == NULL && user_dn == NULL)) { DEBUG(SSSDBG_TRACE_LIBS, ("No authentication requested or SASL auth forced off\n")); tevent_req_done(req); return; } authtok_type = dp_opt_get_string(state->opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE); authtok = sss_authtok_new(state); if(authtok == NULL) { tevent_req_error(req, ENOMEM); return; } if (authtok_type != NULL) { if (strcasecmp(authtok_type, "password") != 0) { DEBUG(SSSDBG_TRACE_LIBS, ("Invalid authtoken type\n")); tevent_req_error(req, EINVAL); return; } authtok_blob = dp_opt_get_blob(state->opts->basic, SDAP_DEFAULT_AUTHTOK); if (authtok_blob.data) { ret = sss_authtok_set_password(authtok, (const char *)authtok_blob.data, authtok_blob.length); if (ret) { tevent_req_error(req, ret); return; } } } subreq = sdap_auth_send(state, state->ev, state->sh, sasl_mech, dp_opt_get_string(state->opts->basic, SDAP_SASL_AUTHID), user_dn, authtok); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_cli_auth_done, req); } static void sdap_cli_auth_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); int ret; ret = sdap_auth_recv(subreq, NULL, NULL); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } if (state->use_rootdse && !state->rootdse) { /* We weren't able to read rootDSE during unauthenticated bind. * Let's try again now that we are authenticated */ subreq = sdap_get_rootdse_send(state, state->ev, state->opts, state->sh); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_cli_rootdse_auth_done, req); return; } tevent_req_done(req); } static void sdap_cli_rootdse_auth_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); ret = sdap_get_rootdse_recv(subreq, state, &state->rootdse); talloc_zfree(subreq); if (ret) { if (ret == ETIMEDOUT) { /* The server we authenticated against went down. Retry another * one */ be_fo_set_port_status(state->be, state->service->name, state->srv, PORT_NOT_WORKING); ret = sdap_cli_resolve_next(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } /* RootDSE was not available on * the server. * Continue, and just assume that the * features requested by the config * work properly. */ state->use_rootdse = false; state->rootdse = NULL; tevent_req_done(req); return; } /* We were able to get rootDSE after authentication */ ret = sdap_cli_use_rootdse(state); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_cli_use_rootdse failed\n")); tevent_req_error(req, ret); return; } tevent_req_done(req); } int sdap_cli_connect_recv(struct tevent_req *req, TALLOC_CTX *memctx, bool *can_retry, struct sdap_handle **gsh, struct sdap_server_opts **srv_opts) { struct sdap_cli_connect_state *state = tevent_req_data(req, struct sdap_cli_connect_state); enum tevent_req_state tstate; uint64_t err; if (can_retry) { *can_retry = true; } if (tevent_req_is_error(req, &tstate, &err)) { /* mark the server as bad if connection failed */ if (state->srv) { be_fo_set_port_status(state->be, state->service->name, state->srv, PORT_NOT_WORKING); } else { if (can_retry) { *can_retry = false; } } if (tstate == TEVENT_REQ_USER_ERROR) { return err; } return EIO; } else if (state->srv) { be_fo_set_port_status(state->be, state->service->name, state->srv, PORT_WORKING); } if (gsh) { if (*gsh) { talloc_zfree(*gsh); } *gsh = talloc_steal(memctx, state->sh); if (!*gsh) { return ENOMEM; } } else { talloc_zfree(state->sh); } if (srv_opts) { *srv_opts = talloc_steal(memctx, state->srv_opts); } return EOK; } static int synchronous_tls_setup(LDAP *ldap) { int lret; int optret; int ldaperr; int msgid; char *errmsg = NULL; char *diag_msg; LDAPMessage *result = NULL; TALLOC_CTX *tmp_ctx; DEBUG(4, ("Executing START TLS\n")); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return LDAP_NO_MEMORY; lret = ldap_start_tls(ldap, NULL, NULL, &msgid); if (lret != LDAP_SUCCESS) { optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg); if (optret == LDAP_SUCCESS) { DEBUG(3, ("ldap_start_tls failed: [%s] [%s]\n", sss_ldap_err2string(lret), diag_msg)); sss_log(SSS_LOG_ERR, "Could not start TLS. %s", diag_msg); } else { DEBUG(3, ("ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret))); sss_log(SSS_LOG_ERR, "Could not start TLS. " "Check for certificate issues."); } goto done; } lret = ldap_result(ldap, msgid, 1, NULL, &result); if (lret != LDAP_RES_EXTENDED) { DEBUG(SSSDBG_OP_FAILURE, ("Unexpected ldap_result, expected [%lu] got [%d].\n", LDAP_RES_EXTENDED, lret)); lret = LDAP_PARAM_ERROR; goto done; } lret = ldap_parse_result(ldap, result, &ldaperr, NULL, &errmsg, NULL, NULL, 0); if (lret != LDAP_SUCCESS) { DEBUG(2, ("ldap_parse_result failed (%d) [%d][%s]\n", msgid, lret, sss_ldap_err2string(lret))); goto done; } DEBUG(3, ("START TLS result: %s(%d), %s\n", sss_ldap_err2string(ldaperr), ldaperr, errmsg)); if (ldap_tls_inplace(ldap)) { DEBUG(9, ("SSL/TLS handler already in place.\n")); lret = LDAP_SUCCESS; goto done; } lret = ldap_install_tls(ldap); if (lret != LDAP_SUCCESS) { optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg); if (optret == LDAP_SUCCESS) { DEBUG(3, ("ldap_install_tls failed: [%s] [%s]\n", sss_ldap_err2string(lret), diag_msg)); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", diag_msg); } else { DEBUG(3, ("ldap_install_tls failed: [%s]\n", sss_ldap_err2string(lret))); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. " "Check for certificate issues."); } goto done; } lret = LDAP_SUCCESS; done: if (result) ldap_msgfree(result); if (errmsg) ldap_memfree(errmsg); talloc_zfree(tmp_ctx); return lret; } static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, ber_int_t msgid, void *params) { struct sdap_rebind_proc_params *p = talloc_get_type(params, struct sdap_rebind_proc_params); const char *sasl_mech; const char *user_dn; struct berval password = {0, NULL}; LDAPControl **request_controls = NULL; LDAPControl *ctrls[2] = { NULL, NULL }; TALLOC_CTX *tmp_ctx = NULL; struct sasl_bind_state *sasl_bind_state; int ret; if (p->use_start_tls) { ret = synchronous_tls_setup(ldap); if (ret != LDAP_SUCCESS) { DEBUG(1, ("synchronous_tls_setup failed.\n")); return ret; } } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(1, ("talloc_new failed.\n")); return LDAP_NO_MEMORY; } sasl_mech = dp_opt_get_string(p->opts->basic, SDAP_SASL_MECH); if (sasl_mech == NULL) { ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST, 0, NULL, 0, &ctrls[0]); if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) { DEBUG(1, ("sss_ldap_control_create failed to create " "Password Policy control.\n")); goto done; } request_controls = ctrls; user_dn = dp_opt_get_string(p->opts->basic, SDAP_DEFAULT_BIND_DN); if (user_dn != NULL) { ret = sdap_auth_get_authtok(dp_opt_get_string(p->opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE), dp_opt_get_blob(p->opts->basic, SDAP_DEFAULT_AUTHTOK), &password); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_auth_get_authtok failed.\n")); ret = LDAP_LOCAL_ERROR; goto done; } } ret = ldap_sasl_bind_s(ldap, user_dn, LDAP_SASL_SIMPLE, &password, request_controls, NULL, NULL); if (ret != LDAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("ldap_sasl_bind_s failed (%d)[%s]\n", ret, sss_ldap_err2string(ret))); } } else { sasl_bind_state = talloc_zero(tmp_ctx, struct sasl_bind_state); if (sasl_bind_state == NULL) { DEBUG(1, ("talloc_zero failed.\n")); ret = LDAP_NO_MEMORY; goto done; } sasl_bind_state->sasl_user = dp_opt_get_string(p->opts->basic, SDAP_SASL_AUTHID); ret = ldap_sasl_interactive_bind_s(ldap, NULL, sasl_mech, NULL, NULL, LDAP_SASL_QUIET, (*sdap_sasl_interact), sasl_bind_state); if (ret != LDAP_SUCCESS) { DEBUG(1, ("ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret, sss_ldap_err2string(ret))); } } DEBUG(7, ("%s bind to [%s].\n", (ret == LDAP_SUCCESS ? "Successfully" : "Failed to"), url)); done: if (ctrls[0]) ldap_control_free(ctrls[0]); talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_nested_groups.c0000644000000000000000000000007312320753107024527 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.621874975 sssd-1.11.5/src/providers/ldap/sdap_async_nested_groups.c0000664002412700241270000021443012320753107024756 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #define sdap_nested_group_sysdb_search_users(domain, filter) \ sdap_nested_group_sysdb_search((domain), (filter), true) #define sdap_nested_group_sysdb_search_groups(domain, filter) \ sdap_nested_group_sysdb_search((domain), (filter), false) enum sdap_nested_group_dn_type { SDAP_NESTED_GROUP_DN_USER, SDAP_NESTED_GROUP_DN_GROUP, SDAP_NESTED_GROUP_DN_UNKNOWN }; struct sdap_nested_group_member { enum sdap_nested_group_dn_type type; const char *dn; const char *user_filter; const char *group_filter; }; struct sdap_nested_group_ctx { struct sss_domain_info *domain; struct sdap_options *opts; struct sdap_search_base **user_search_bases; struct sdap_search_base **group_search_bases; struct sdap_handle *sh; hash_table_t *users; hash_table_t *groups; bool try_deref; int deref_treshold; int max_nesting_level; }; static struct tevent_req * sdap_nested_group_process_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, int nesting_level, struct sysdb_attrs *group); static errno_t sdap_nested_group_process_recv(struct tevent_req *req); static struct tevent_req * sdap_nested_group_single_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, struct sdap_nested_group_member *members, int num_members, int num_groups_max, int nesting_level); static errno_t sdap_nested_group_single_recv(struct tevent_req *req); static struct tevent_req * sdap_nested_group_lookup_user_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, struct sdap_nested_group_member *member); static errno_t sdap_nested_group_lookup_user_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct sysdb_attrs **_user); static struct tevent_req * sdap_nested_group_lookup_group_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, struct sdap_nested_group_member *member); static errno_t sdap_nested_group_lookup_group_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct sysdb_attrs **_group); static struct tevent_req * sdap_nested_group_lookup_unknown_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, struct sdap_nested_group_member *member); static errno_t sdap_nested_group_lookup_unknown_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct sysdb_attrs **_entry, enum sdap_nested_group_dn_type *_type); static struct tevent_req * sdap_nested_group_deref_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, struct ldb_message_element *members, const char *group_dn, int nesting_level); static errno_t sdap_nested_group_deref_recv(struct tevent_req *req); static errno_t sdap_nested_group_extract_hash_table(TALLOC_CTX *mem_ctx, hash_table_t *table, unsigned long *_num_entries, struct sysdb_attrs ***_entries) { struct sysdb_attrs **entries = NULL; struct sysdb_attrs *entry = NULL; hash_value_t *values; unsigned long num_entries; unsigned int i; bool hret; errno_t ret; hret = hash_values(table, &num_entries, &values); if (hret != HASH_SUCCESS) { ret = EIO; goto done; } if (num_entries > 0) { entries = talloc_array(mem_ctx, struct sysdb_attrs *, num_entries); if (entries == NULL) { ret = ENOMEM; goto done; } for (i = 0; i < num_entries; i++) { entry = talloc_get_type(values[i].ptr, struct sysdb_attrs); entries[i] = talloc_steal(entries, entry); } } if (_num_entries != NULL) { *_num_entries = num_entries; } if (_entries != NULL) { *_entries = entries; } ret = EOK; done: talloc_free(values); if (ret != EOK) { talloc_free(entries); } return ret; } static errno_t sdap_nested_group_hash_entry(hash_table_t *table, struct sysdb_attrs *entry, const char *table_name) { hash_key_t key; hash_value_t value; const char *name = NULL; errno_t ret; int hret; ret = sysdb_attrs_get_string(entry, SYSDB_ORIG_DN, &name); if (ret != EOK) { return ret; } DEBUG(SSSDBG_TRACE_ALL, ("Inserting [%s] into hash table [%s]\n", name, table_name)); key.type = HASH_KEY_STRING; key.str = talloc_strdup(NULL, name); if (key.str == NULL) { return ENOMEM; } if (hash_has_key(table, &key)) { talloc_free(key.str); return EEXIST; } value.type = HASH_VALUE_PTR; value.ptr = entry; hret = hash_enter(table, &key, &value); if (hret != HASH_SUCCESS) { talloc_free(key.str); return EIO; } talloc_steal(table, key.str); talloc_steal(table, value.ptr); return EOK; } static errno_t sdap_nested_group_hash_user(struct sdap_nested_group_ctx *group_ctx, struct sysdb_attrs *user) { return sdap_nested_group_hash_entry(group_ctx->users, user, "users"); } static errno_t sdap_nested_group_hash_group(struct sdap_nested_group_ctx *group_ctx, struct sysdb_attrs *group) { struct sdap_attr_map *map = group_ctx->opts->group_map; gid_t gid; errno_t ret; int32_t ad_group_type; bool posix_group = true; if (group_ctx->opts->schema_type == SDAP_SCHEMA_AD) { ret = sysdb_attrs_get_int32_t(group, SYSDB_GROUP_TYPE, &ad_group_type); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_int32_t failed.\n")); return ret; } DEBUG(SSSDBG_TRACE_ALL, ("AD group has type flags %#x.\n", ad_group_type)); /* Only security groups from AD are considered for POSIX groups. * Additionally only global and universal group are taken to account * for trusted domains. */ if (!(ad_group_type & SDAP_AD_GROUP_TYPE_SECURITY) || (IS_SUBDOMAIN(group_ctx->domain) && (!((ad_group_type & SDAP_AD_GROUP_TYPE_GLOBAL) || (ad_group_type & SDAP_AD_GROUP_TYPE_UNIVERSAL))))) { posix_group = false; gid = 0; DEBUG(SSSDBG_TRACE_FUNC, ("Filtering AD group.\n")); } } ret = sysdb_attrs_get_uint32_t(group, map[SDAP_AT_GROUP_GID].sys_name, &gid); if (ret == ENOENT || (ret == EOK && gid == 0) || !posix_group) { DEBUG(SSSDBG_TRACE_ALL, ("The group's gid was %s\n", ret == ENOENT ? "missing" : "zero")); DEBUG(SSSDBG_TRACE_INTERNAL, ("Marking group as non-posix and setting GID=0!\n")); if (ret == ENOENT || !posix_group) { ret = sysdb_attrs_add_uint32(group, map[SDAP_AT_GROUP_GID].sys_name, 0); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to add a GID to non-posix group!\n")); return ret; } } ret = sysdb_attrs_add_bool(group, SYSDB_POSIX, false); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Error: Failed to mark group as non-posix!\n")); return ret; } } else if (ret != EOK) { return ret; } return sdap_nested_group_hash_entry(group_ctx->groups, group, "groups"); } static errno_t sdap_nested_group_sysdb_search(struct sss_domain_info *domain, const char *filter, bool user) { static const char *attrs[] = {SYSDB_CACHE_EXPIRE, SYSDB_UIDNUM, NULL}; struct ldb_message **msgs = NULL; size_t count; time_t now = time(NULL); uint64_t expire; uid_t uid; errno_t ret; if (user) { ret = sysdb_search_users(NULL, domain->sysdb, domain, filter, attrs, &count, &msgs); } else { ret = sysdb_search_groups(NULL, domain->sysdb, domain, filter, attrs, &count, &msgs); } if (ret != EOK) { goto done; } if (count != 1) { DEBUG(SSSDBG_OP_FAILURE, ("More than one entry found?\n")); ret = EFAULT; goto done; } /* we found an object with this origDN in the sysdb, * check if it is valid */ if (user) { uid = ldb_msg_find_attr_as_uint64(msgs[0], SYSDB_UIDNUM, 0); if (uid == 0) { DEBUG(SSSDBG_OP_FAILURE, ("User with no UID?\n")); ret = EINVAL; goto done; } } expire = ldb_msg_find_attr_as_uint64(msgs[0], SYSDB_CACHE_EXPIRE, 0); if (expire != 0 && expire <= now) { /* needs refresh */ ret = EAGAIN; goto done; } /* valid object */ ret = EOK; done: talloc_zfree(msgs); return ret; } static errno_t sdap_nested_group_check_cache(struct sdap_options *opts, struct sss_domain_info *domain, const char *member_dn, enum sdap_nested_group_dn_type *_type) { TALLOC_CTX *tmp_ctx = NULL; struct sdap_domain *sdap_domain = NULL; struct sss_domain_info *member_domain = NULL; char *sanitized_dn = NULL; char *filter = NULL; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn); if (ret != EOK) { goto done; } filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, sanitized_dn); if (filter == NULL) { ret = ENOMEM; goto done; } /* determine correct domain of this member */ sdap_domain = sdap_domain_get_by_dn(opts, member_dn); member_domain = sdap_domain == NULL ? domain : sdap_domain->dom; /* search in users */ ret = sdap_nested_group_sysdb_search_users(member_domain, filter); if (ret == EOK || ret == EAGAIN) { /* user found */ *_type = SDAP_NESTED_GROUP_DN_USER; goto done; } else if (ret != ENOENT) { /* error */ goto done; } /* search in groups */ ret = sdap_nested_group_sysdb_search_groups(member_domain, filter); if (ret == EOK || ret == EAGAIN) { /* group found */ *_type = SDAP_NESTED_GROUP_DN_GROUP; goto done; } else if (ret != ENOENT) { /* error */ goto done; } /* not found in the sysdb */ ret = ENOENT; done: talloc_free(tmp_ctx); return ret; } static bool sdap_nested_member_is_ent(struct sdap_nested_group_ctx *group_ctx, const char *dn, char **filter, bool is_user) { struct sdap_domain *sditer = NULL; bool ret = false; struct sdap_search_base **search_bases; DLIST_FOR_EACH(sditer, group_ctx->opts->sdom) { search_bases = is_user ? sditer->user_search_bases : \ sditer->group_search_bases; ret = sss_ldap_dn_in_search_bases(group_ctx, dn, search_bases, filter); if (ret == true) { break; } } return ret; } static inline bool sdap_nested_member_is_user(struct sdap_nested_group_ctx *group_ctx, const char *dn, char **filter) { return sdap_nested_member_is_ent(group_ctx, dn, filter, true); } static inline bool sdap_nested_member_is_group(struct sdap_nested_group_ctx *group_ctx, const char *dn, char **filter) { return sdap_nested_member_is_ent(group_ctx, dn, filter, false); } static errno_t sdap_nested_group_split_members(TALLOC_CTX *mem_ctx, struct sdap_nested_group_ctx *group_ctx, int nesting_level, struct ldb_message_element *members, struct sdap_nested_group_member **_missing, int *_num_missing, int *_num_groups) { TALLOC_CTX *tmp_ctx = NULL; struct sdap_nested_group_member *missing = NULL; enum sdap_nested_group_dn_type type; char *dn = NULL; char *user_filter = NULL; char *group_filter = NULL; int num_missing = 0; int num_groups = 0; hash_key_t key; bool bret; bool is_user; bool is_group; errno_t ret; int i; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } missing = talloc_zero_array(tmp_ctx, struct sdap_nested_group_member, members->num_values); if (missing == NULL) { ret = ENOMEM; goto done; } /* create list of missing members * skip dn if: * - is present in user or group hash table * - is present in sysdb and not expired * - it is a group and we have reached the maximal nesting level * - it is not under user nor group search bases * * if dn is in sysdb but expired * - we know what object type it is * * if dn is not in hash table or sysdb * - try to determine type of object by search base that match dn */ for (i = 0; i < members->num_values; i++) { dn = (char*)members->values[i].data; type = SDAP_NESTED_GROUP_DN_UNKNOWN; /* check hash tables */ key.type = HASH_KEY_STRING; key.str = dn; bret = hash_has_key(group_ctx->users, &key); if (bret) { continue; } bret = hash_has_key(group_ctx->groups, &key); if (bret) { continue; } /* check sysdb */ ret = sdap_nested_group_check_cache(group_ctx->opts, group_ctx->domain, dn, &type); if (ret == EOK) { /* found and valid */ DEBUG(SSSDBG_TRACE_ALL, ("[%s] found in cache, skipping\n", dn)); continue; } else if (ret != EAGAIN && ret != ENOENT) { /* error */ goto done; } /* try to determine type by dn */ if (type == SDAP_NESTED_GROUP_DN_UNKNOWN) { /* user */ is_user = sdap_nested_member_is_user(group_ctx, dn, &user_filter); is_group = sdap_nested_member_is_group(group_ctx, dn, &group_filter); if (is_user && is_group) { /* search bases overlap */ DEBUG(SSSDBG_TRACE_ALL, ("[%s] is unknown object\n", dn)); type = SDAP_NESTED_GROUP_DN_UNKNOWN; } else if (is_user) { DEBUG(SSSDBG_TRACE_ALL, ("[%s] is a user\n", dn)); type = SDAP_NESTED_GROUP_DN_USER; } else if (is_group) { DEBUG(SSSDBG_TRACE_ALL, ("[%s] is a group\n", dn)); type = SDAP_NESTED_GROUP_DN_GROUP; } else { /* dn is outside search bases */ DEBUG(SSSDBG_TRACE_ALL, ("[%s] is out of scope of configured " "search bases, skipping\n", dn)); continue; } } /* check nesting level */ if (type == SDAP_NESTED_GROUP_DN_GROUP) { if (nesting_level >= group_ctx->max_nesting_level) { DEBUG(SSSDBG_TRACE_ALL, ("[%s] is outside nesting limit " "(level %d), skipping\n", dn, nesting_level)); talloc_zfree(user_filter); talloc_zfree(group_filter); continue; } } missing[num_missing].dn = talloc_strdup(missing, dn); if (missing[num_missing].dn == NULL) { ret = ENOMEM; goto done; } missing[num_missing].type = type; missing[num_missing].user_filter = talloc_steal(missing, user_filter); missing[num_missing].group_filter = talloc_steal(missing, group_filter); num_missing++; if (type != SDAP_NESTED_GROUP_DN_USER) { num_groups++; } } missing = talloc_realloc(mem_ctx, missing, struct sdap_nested_group_member, num_missing); if (missing == NULL) { ret = ENOMEM; goto done; } if (_missing) { *_missing = talloc_steal(mem_ctx, missing); } if (_num_missing) { *_num_missing = num_missing; } if (_num_groups) { *_num_groups = num_groups; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } struct sdap_nested_group_state { struct sdap_nested_group_ctx *group_ctx; }; static void sdap_nested_group_done(struct tevent_req *subreq); struct tevent_req * sdap_nested_group_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_domain *sdom, struct sdap_options *opts, struct sdap_handle *sh, struct sysdb_attrs *group) { struct sdap_nested_group_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; errno_t ret; int i; req = tevent_req_create(mem_ctx, &state, struct sdap_nested_group_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } /* create main nested group context */ state->group_ctx = talloc_zero(state, struct sdap_nested_group_ctx); if (state->group_ctx == NULL) { ret = ENOMEM; goto immediately; } ret = sss_hash_create(state->group_ctx, 32, &state->group_ctx->users); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to create hash table [%d]: %s\n", ret, strerror(ret))); goto immediately; } ret = sss_hash_create(state->group_ctx, 32, &state->group_ctx->groups); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to create hash table [%d]: %s\n", ret, strerror(ret))); goto immediately; } state->group_ctx->try_deref = true; state->group_ctx->deref_treshold = dp_opt_get_int(opts->basic, SDAP_DEREF_THRESHOLD); state->group_ctx->max_nesting_level = dp_opt_get_int(opts->basic, SDAP_NESTING_LEVEL); state->group_ctx->domain = sdom->dom; state->group_ctx->opts = opts; state->group_ctx->user_search_bases = sdom->user_search_bases; state->group_ctx->group_search_bases = sdom->group_search_bases; state->group_ctx->sh = sh; state->group_ctx->try_deref = sdap_has_deref_support(sh, opts); /* disable deref if threshold <= 0 */ if (state->group_ctx->deref_treshold <= 0) { state->group_ctx->try_deref = false; } /* if any search base contains filter, disable dereference. */ if (state->group_ctx->try_deref) { for (i = 0; opts->sdom->user_search_bases[i] != NULL; i++) { if (opts->sdom->user_search_bases[i]->filter != NULL) { DEBUG(SSSDBG_TRACE_FUNC, ("User search base contains filter, " "dereference will be disabled\n")); state->group_ctx->try_deref = false; break; } } } if (state->group_ctx->try_deref) { for (i = 0; opts->sdom->group_search_bases[i] != NULL; i++) { if (opts->sdom->group_search_bases[i]->filter != NULL) { DEBUG(SSSDBG_TRACE_FUNC, ("Group search base contains filter, " "dereference will be disabled\n")); state->group_ctx->try_deref = false; break; } } } /* insert initial group into hash table */ ret = sdap_nested_group_hash_group(state->group_ctx, group); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to insert group into hash table " "[%d]: %s\n", ret, strerror(ret))); goto immediately; } /* resolve group */ subreq = sdap_nested_group_process_send(state, ev, state->group_ctx, 0, group); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_nested_group_done, req); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void sdap_nested_group_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); ret = sdap_nested_group_process_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } errno_t sdap_nested_group_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, unsigned long *_num_users, struct sysdb_attrs ***_users, unsigned long *_num_groups, struct sysdb_attrs ***_groups) { struct sdap_nested_group_state *state = NULL; struct sysdb_attrs **users = NULL; struct sysdb_attrs **groups = NULL; unsigned long num_users; unsigned long num_groups; errno_t ret; state = tevent_req_data(req, struct sdap_nested_group_state); TEVENT_REQ_RETURN_ON_ERROR(req); ret = sdap_nested_group_extract_hash_table(state, state->group_ctx->users, &num_users, &users); if (ret != EOK) { return ret; } DEBUG(SSSDBG_TRACE_FUNC, ("%lu users found in the hash table\n", num_users)); ret = sdap_nested_group_extract_hash_table(state, state->group_ctx->groups, &num_groups, &groups); if (ret != EOK) { return ret; } DEBUG(SSSDBG_TRACE_FUNC, ("%lu groups found in the hash table\n", num_groups)); if (_num_users != NULL) { *_num_users = num_users; } if (_users != NULL) { *_users = talloc_steal(mem_ctx, users); } if (_num_groups!= NULL) { *_num_groups = num_groups; } if (_groups != NULL) { *_groups = talloc_steal(mem_ctx, groups); } return EOK; } struct sdap_nested_group_process_state { struct tevent_context *ev; struct sdap_nested_group_ctx *group_ctx; struct sdap_nested_group_member *missing; int num_missing_total; int num_missing_groups; int nesting_level; char *group_dn; bool deref; }; static void sdap_nested_group_process_done(struct tevent_req *subreq); static struct tevent_req * sdap_nested_group_process_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, int nesting_level, struct sysdb_attrs *group) { struct sdap_nested_group_process_state *state = NULL; struct sdap_attr_map *group_map = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct ldb_message_element *members = NULL; const char *orig_dn = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_nested_group_process_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->ev = ev; state->group_ctx = group_ctx; state->nesting_level = nesting_level; group_map = state->group_ctx->opts->group_map; /* get original dn */ ret = sysdb_attrs_get_string(group, SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve original dn " "[%d]: %s\n", ret, strerror(ret))); goto immediately; } state->group_dn = talloc_strdup(state, orig_dn); if (state->group_dn == NULL) { ret = ENOMEM; goto immediately; } DEBUG(SSSDBG_TRACE_INTERNAL, ("About to process group [%s]\n", orig_dn)); /* get member list */ ret = sysdb_attrs_get_el(group, group_map[SDAP_AT_GROUP_MEMBER].sys_name, &members); if (ret == ENOENT) { ret = EOK; /* no members */ goto immediately; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve member list " "[%d]: %s\n", ret, strerror(ret))); goto immediately; } /* get members that need to be refreshed */ ret = sdap_nested_group_split_members(state, state->group_ctx, state->nesting_level, members, &state->missing, &state->num_missing_total, &state->num_missing_groups); DEBUG(SSSDBG_TRACE_INTERNAL, ("Looking up %d/%d members of group [%s]\n", state->num_missing_total, members->num_values, orig_dn)); if (state->num_missing_total == 0) { ret = EOK; /* we're done */ goto immediately; } /* process members */ if (group_ctx->try_deref && state->num_missing_total > group_ctx->deref_treshold) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Dereferencing members of group [%s]\n", orig_dn)); state->deref = true; subreq = sdap_nested_group_deref_send(state, ev, group_ctx, members, orig_dn, state->nesting_level); } else { DEBUG(SSSDBG_TRACE_INTERNAL, ("Members of group [%s] will be " "processed individually\n", orig_dn)); state->deref = false; subreq = sdap_nested_group_single_send(state, ev, group_ctx, state->missing, state->num_missing_total, state->num_missing_groups, state->nesting_level); } if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_nested_group_process_done, req); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void sdap_nested_group_process_done(struct tevent_req *subreq) { struct sdap_nested_group_process_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_nested_group_process_state); if (state->deref) { ret = sdap_nested_group_deref_recv(subreq); talloc_zfree(subreq); if (ret == ENOTSUP) { /* dereference is not supported, try again without dereference */ state->group_ctx->try_deref = false; state->deref = false; DEBUG(SSSDBG_TRACE_INTERNAL, ("Members of group [%s] will be " "processed individually\n", state->group_dn)); subreq = sdap_nested_group_single_send(state, state->ev, state->group_ctx, state->missing, state->num_missing_total, state->num_missing_groups, state->nesting_level); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_nested_group_process_done, req); ret = EAGAIN; } } else { ret = sdap_nested_group_single_recv(subreq); talloc_zfree(subreq); } done: if (ret == EOK) { tevent_req_done(req); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } } static errno_t sdap_nested_group_process_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } struct sdap_nested_group_recurse_state { struct tevent_context *ev; struct sdap_nested_group_ctx *group_ctx; struct sysdb_attrs **groups; int num_groups; int index; int nesting_level; }; static errno_t sdap_nested_group_recurse_step(struct tevent_req *req); static void sdap_nested_group_recurse_done(struct tevent_req *subreq); static struct tevent_req * sdap_nested_group_recurse_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, struct sysdb_attrs **nested_groups, int num_groups, int nesting_level) { struct sdap_nested_group_recurse_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_nested_group_recurse_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->ev = ev; state->group_ctx = group_ctx; state->groups = nested_groups; state->num_groups = num_groups; state->index = 0; state->nesting_level = nesting_level; /* process each group individually */ ret = sdap_nested_group_recurse_step(req); if (ret != EAGAIN) { goto immediately; } return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t sdap_nested_group_recurse_step(struct tevent_req *req) { struct sdap_nested_group_recurse_state *state = NULL; struct tevent_req *subreq = NULL; state = tevent_req_data(req, struct sdap_nested_group_recurse_state); if (state->index >= state->num_groups) { /* we're done */ return EOK; } subreq = sdap_nested_group_process_send(state, state->ev, state->group_ctx, state->nesting_level, state->groups[state->index]); if (subreq == NULL) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_nested_group_recurse_done, req); state->index++; return EAGAIN; } static void sdap_nested_group_recurse_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); ret = sdap_nested_group_process_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { goto done; } ret = sdap_nested_group_recurse_step(req); done: if (ret == EOK) { tevent_req_done(req); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } static errno_t sdap_nested_group_recurse_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } struct sdap_nested_group_single_state { struct tevent_context *ev; struct sdap_nested_group_ctx *group_ctx; struct sdap_nested_group_member *members; int nesting_level; struct sdap_nested_group_member *current_member; int num_members; int member_index; struct sysdb_attrs **nested_groups; int num_groups; }; static errno_t sdap_nested_group_single_step(struct tevent_req *req); static void sdap_nested_group_single_step_done(struct tevent_req *subreq); static void sdap_nested_group_single_done(struct tevent_req *subreq); static struct tevent_req * sdap_nested_group_single_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, struct sdap_nested_group_member *members, int num_members, int num_groups_max, int nesting_level) { struct sdap_nested_group_single_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_nested_group_single_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->ev = ev; state->group_ctx = group_ctx; state->members = members; state->nesting_level = nesting_level; state->current_member = NULL; state->num_members = num_members; state->member_index = 0; state->nested_groups = talloc_zero_array(state, struct sysdb_attrs *, num_groups_max); if (state->nested_groups == NULL) { ret = ENOMEM; goto immediately; } state->num_groups = 0; /* we will count exact number of the groups */ /* process each member individually */ ret = sdap_nested_group_single_step(req); if (ret != EAGAIN) { goto immediately; } return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t sdap_nested_group_single_step(struct tevent_req *req) { struct sdap_nested_group_single_state *state = NULL; struct tevent_req *subreq = NULL; state = tevent_req_data(req, struct sdap_nested_group_single_state); if (state->member_index >= state->num_members) { /* we're done */ return EOK; } state->current_member = &state->members[state->member_index]; state->member_index++; switch (state->current_member->type) { case SDAP_NESTED_GROUP_DN_USER: subreq = sdap_nested_group_lookup_user_send(state, state->ev, state->group_ctx, state->current_member); break; case SDAP_NESTED_GROUP_DN_GROUP: subreq = sdap_nested_group_lookup_group_send(state, state->ev, state->group_ctx, state->current_member); break; case SDAP_NESTED_GROUP_DN_UNKNOWN: subreq = sdap_nested_group_lookup_unknown_send(state, state->ev, state->group_ctx, state->current_member); break; } if (subreq == NULL) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_nested_group_single_step_done, req); return EAGAIN; } static errno_t sdap_nested_group_single_step_process(struct tevent_req *subreq) { struct sdap_nested_group_single_state *state = NULL; struct tevent_req *req = NULL; struct sysdb_attrs *entry = NULL; enum sdap_nested_group_dn_type type = SDAP_NESTED_GROUP_DN_UNKNOWN; const char *orig_dn = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_nested_group_single_state); /* set correct type if possible */ if (state->current_member->type == SDAP_NESTED_GROUP_DN_UNKNOWN) { ret = sdap_nested_group_lookup_unknown_recv(state, subreq, &entry, &type); if (ret != EOK) { goto done; } if (entry != NULL) { state->current_member->type = type; } } switch (state->current_member->type) { case SDAP_NESTED_GROUP_DN_USER: if (entry == NULL) { /* type was not unknown, receive data */ ret = sdap_nested_group_lookup_user_recv(state, subreq, &entry); if (ret != EOK) { goto done; } if (entry == NULL) { /* user not found, continue */ break; } } /* save user in hash table */ ret = sdap_nested_group_hash_user(state->group_ctx, entry); if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("User was looked up twice, " "this shouldn't have happened.\n")); goto done; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to save user in hash table " "[%d]: %s\n", ret, strerror(ret))); goto done; } break; case SDAP_NESTED_GROUP_DN_GROUP: if (entry == NULL) { /* type was not unknown, receive data */ ret = sdap_nested_group_lookup_group_recv(state, subreq, &entry); if (ret != EOK) { goto done; } if (entry == NULL) { /* group not found, continue */ break; } } else { /* the type was unknown so we had to pull the group, * but we don't want to process it if we have reached * the nesting level */ if (state->nesting_level >= state->group_ctx->max_nesting_level) { ret = sysdb_attrs_get_string(entry, SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("The entry has no originalDN\n")); orig_dn = "invalid"; } DEBUG(SSSDBG_TRACE_ALL, ("[%s] is outside nesting limit " "(level %d), skipping\n", orig_dn, state->nesting_level)); break; } } /* save group in hash table */ ret = sdap_nested_group_hash_group(state->group_ctx, entry); if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("Group was looked up twice, " "this shouldn't have happened.\n")); goto done; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to save group in hash table " "[%d]: %s\n", ret, strerror(ret))); goto done; } /* remember the group for later processing */ state->nested_groups[state->num_groups] = entry; state->num_groups++; break; case SDAP_NESTED_GROUP_DN_UNKNOWN: /* not found in users nor nested_groups, continue */ break; } ret = EOK; done: return ret; } static void sdap_nested_group_single_step_done(struct tevent_req *subreq) { struct sdap_nested_group_single_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_nested_group_single_state); /* process direct members */ ret = sdap_nested_group_single_step_process(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error processing direct membership " "[%d]: %s\n", ret, strerror(ret))); goto done; } ret = sdap_nested_group_single_step(req); if (ret == EOK) { /* we have processed all direct members, * now recurse and process nested groups */ subreq = sdap_nested_group_recurse_send(state, state->ev, state->group_ctx, state->nested_groups, state->num_groups, state->nesting_level + 1); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_nested_group_single_done, req); } else if (ret != EAGAIN) { /* error */ goto done; } /* we're not done yet */ ret = EAGAIN; done: if (ret == EOK) { /* tevent_req_error() cannot cope with EOK */ DEBUG(SSSDBG_CRIT_FAILURE, ("We should not get here with EOK\n")); tevent_req_error(req, EINVAL); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } static void sdap_nested_group_single_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); /* all nested groups are completed */ ret = sdap_nested_group_recurse_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error processing nested groups " "[%d]: %s", ret, strerror(ret))); tevent_req_error(req, ret); } tevent_req_done(req); return; } static errno_t sdap_nested_group_single_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* This should be a function pointer set from the IPA provider */ static errno_t sdap_nested_group_get_ipa_user(TALLOC_CTX *mem_ctx, const char *user_dn, struct sysdb_ctx *sysdb, struct sysdb_attrs **_user) { errno_t ret; struct sysdb_attrs *user = NULL; char *name; struct ldb_dn *dn = NULL; const char *rdn_name; const char *users_comp_name; const char *acct_comp_name; const struct ldb_val *rdn_val; const struct ldb_val *users_comp_val; const struct ldb_val *acct_comp_val; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; /* return username if dn is in form: * uid=username,cn=users,cn=accounts,dc=example,dc=com */ dn = ldb_dn_new(tmp_ctx, sysdb_ctx_get_ldb(sysdb), user_dn); if (dn == NULL) { ret = ENOMEM; goto done; } /* rdn, users, accounts and least one domain component */ if (ldb_dn_get_comp_num(dn) < 4) { ret = ENOENT; goto done; } rdn_name = ldb_dn_get_rdn_name(dn); if (rdn_name == NULL) { ret = EINVAL; goto done; } /* rdn must be 'uid' */ if (strcasecmp("uid", rdn_name) != 0) { ret = ENOENT; goto done; } /* second component must be 'cn=users' */ users_comp_name = ldb_dn_get_component_name(dn, 1); if (strcasecmp("cn", users_comp_name) != 0) { ret = ENOENT; goto done; } users_comp_val = ldb_dn_get_component_val(dn, 1); if (strncasecmp("users", (const char *) users_comp_val->data, users_comp_val->length) != 0) { ret = ENOENT; goto done; } /* third component must be 'cn=accounts' */ acct_comp_name = ldb_dn_get_component_name(dn, 2); if (strcasecmp("cn", acct_comp_name) != 0) { ret = ENOENT; goto done; } acct_comp_val = ldb_dn_get_component_val(dn, 2); if (strncasecmp("accounts", (const char *) acct_comp_val->data, acct_comp_val->length) != 0) { ret = ENOENT; goto done; } /* value of rdn is username */ user = sysdb_new_attrs(tmp_ctx); if (user == NULL) { ret = ENOMEM; goto done; } rdn_val = ldb_dn_get_rdn_val(dn); name = talloc_strndup(user, (const char *)rdn_val->data, rdn_val->length); if (name == NULL) { ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(user, SYSDB_NAME, name); if (ret != EOK) { goto done; } ret = sysdb_attrs_add_string(user, SYSDB_ORIG_DN, user_dn); if (ret != EOK) { goto done; } ret = sysdb_attrs_add_string(user, SYSDB_OBJECTCLASS, SYSDB_USER_CLASS); if (ret != EOK) { goto done; } *_user = talloc_steal(mem_ctx, user); done: talloc_free(tmp_ctx); return ret; } struct sdap_nested_group_lookup_user_state { struct sysdb_attrs *user; }; static void sdap_nested_group_lookup_user_done(struct tevent_req *subreq); static struct tevent_req * sdap_nested_group_lookup_user_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, struct sdap_nested_group_member *member) { struct sdap_nested_group_lookup_user_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; const char **attrs = NULL; const char *base_filter = NULL; const char *filter = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_nested_group_lookup_user_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } if (group_ctx->opts->schema_type == SDAP_SCHEMA_IPA_V1) { /* if the schema is IPA, then just shortcut and guess the name */ ret = sdap_nested_group_get_ipa_user(state, member->dn, group_ctx->domain->sysdb, &state->user); if (ret == EOK) { goto immediately; } DEBUG(SSSDBG_MINOR_FAILURE, ("Couldn't parse out user information " "based on DN %s, falling back to an LDAP lookup\n", member->dn)); } /* only pull down username and originalDN */ attrs = talloc_array(state, const char *, 3); if (attrs == NULL) { ret = ENOMEM; goto immediately; } attrs[0] = "objectClass"; attrs[1] = group_ctx->opts->user_map[SDAP_AT_USER_NAME].name; attrs[2] = NULL; /* create filter */ base_filter = talloc_asprintf(state, "(objectclass=%s)", group_ctx->opts->user_map[SDAP_OC_USER].name); if (base_filter == NULL) { ret = ENOMEM; goto immediately; } /* use search base filter if needed */ filter = sdap_get_id_specific_filter(state, base_filter, member->user_filter); if (filter == NULL) { ret = ENOMEM; goto immediately; } /* search */ subreq = sdap_get_generic_send(state, ev, group_ctx->opts, group_ctx->sh, member->dn, LDAP_SCOPE_BASE, filter, attrs, group_ctx->opts->user_map, SDAP_OPTS_USER, dp_opt_get_int(group_ctx->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_nested_group_lookup_user_done, req); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void sdap_nested_group_lookup_user_done(struct tevent_req *subreq) { struct sdap_nested_group_lookup_user_state *state = NULL; struct tevent_req *req = NULL; struct sysdb_attrs **user = NULL; size_t count = 0; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_nested_group_lookup_user_state); ret = sdap_get_generic_recv(subreq, state, &count, &user); talloc_zfree(subreq); if (ret == ENOENT) { count = 0; } else if (ret != EOK) { goto done; } if (count == 1) { state->user = user[0]; } else if (count == 0) { /* group not found */ state->user = NULL; } else { DEBUG(SSSDBG_OP_FAILURE, ("BASE search returned more than one records\n")); ret = EIO; goto done; } ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static errno_t sdap_nested_group_lookup_user_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct sysdb_attrs **_user) { struct sdap_nested_group_lookup_user_state *state = NULL; state = tevent_req_data(req, struct sdap_nested_group_lookup_user_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_user != NULL) { *_user = talloc_steal(mem_ctx, state->user); } return EOK; } struct sdap_nested_group_lookup_group_state { struct sysdb_attrs *group; }; static void sdap_nested_group_lookup_group_done(struct tevent_req *subreq); static struct tevent_req * sdap_nested_group_lookup_group_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, struct sdap_nested_group_member *member) { struct sdap_nested_group_lookup_group_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_attr_map *map = group_ctx->opts->group_map; const char **attrs = NULL; const char *base_filter = NULL; const char *filter = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_nested_group_lookup_group_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } ret = build_attrs_from_map(state, group_ctx->opts->group_map, SDAP_OPTS_GROUP, NULL, &attrs, NULL); if (ret != EOK) { goto immediately; } /* create filter */ base_filter = talloc_asprintf(attrs, "(&(objectclass=%s)(%s=*))", map[SDAP_OC_GROUP].name, map[SDAP_AT_GROUP_NAME].name); if (base_filter == NULL) { ret = ENOMEM; goto immediately; } /* use search base filter if needed */ filter = sdap_get_id_specific_filter(state, base_filter, member->group_filter); if (filter == NULL) { ret = ENOMEM; goto immediately; } /* search */ subreq = sdap_get_generic_send(state, ev, group_ctx->opts, group_ctx->sh, member->dn, LDAP_SCOPE_BASE, filter, attrs, map, SDAP_OPTS_GROUP, dp_opt_get_int(group_ctx->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_nested_group_lookup_group_done, req); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void sdap_nested_group_lookup_group_done(struct tevent_req *subreq) { struct sdap_nested_group_lookup_group_state *state = NULL; struct tevent_req *req = NULL; struct sysdb_attrs **group = NULL; size_t count = 0; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_nested_group_lookup_group_state); ret = sdap_get_generic_recv(subreq, state, &count, &group); talloc_zfree(subreq); if (ret == ENOENT) { count = 0; } else if (ret != EOK) { goto done; } if (count == 1) { state->group = group[0]; } else if (count == 0) { /* group not found */ state->group = NULL; } else { DEBUG(SSSDBG_OP_FAILURE, ("BASE search returned more than one records\n")); ret = EIO; goto done; } ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static errno_t sdap_nested_group_lookup_group_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct sysdb_attrs **_group) { struct sdap_nested_group_lookup_group_state *state = NULL; state = tevent_req_data(req, struct sdap_nested_group_lookup_group_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_group != NULL) { *_group = talloc_steal(mem_ctx, state->group); } return EOK; } struct sdap_nested_group_lookup_unknown_state { struct tevent_context *ev; struct sdap_nested_group_ctx *group_ctx; struct sdap_nested_group_member *member; enum sdap_nested_group_dn_type type; struct sysdb_attrs *entry; }; static void sdap_nested_group_lookup_unknown_user_done(struct tevent_req *subreq); static void sdap_nested_group_lookup_unknown_group_done(struct tevent_req *subreq); static struct tevent_req * sdap_nested_group_lookup_unknown_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, struct sdap_nested_group_member *member) { struct sdap_nested_group_lookup_unknown_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_nested_group_lookup_unknown_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->ev = ev; state->group_ctx = group_ctx; state->member = member; /* try users first */ subreq = sdap_nested_group_lookup_user_send(state, state->ev, state->group_ctx, state->member); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_nested_group_lookup_unknown_user_done, req); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void sdap_nested_group_lookup_unknown_user_done(struct tevent_req *subreq) { struct sdap_nested_group_lookup_unknown_state *state = NULL; struct tevent_req *req = NULL; struct sysdb_attrs *entry = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_nested_group_lookup_unknown_state); ret = sdap_nested_group_lookup_user_recv(state, subreq, &entry); talloc_zfree(subreq); if (ret != EOK) { goto done; } if (entry != NULL) { /* found in users */ state->entry = entry; state->type = SDAP_NESTED_GROUP_DN_USER; ret = EOK; goto done; } /* not found in users, try group */ subreq = sdap_nested_group_lookup_group_send(state, state->ev, state->group_ctx, state->member); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_nested_group_lookup_unknown_group_done, req); ret = EAGAIN; done: if (ret == EOK) { tevent_req_done(req); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } static void sdap_nested_group_lookup_unknown_group_done(struct tevent_req *subreq) { struct sdap_nested_group_lookup_unknown_state *state = NULL; struct tevent_req *req = NULL; struct sysdb_attrs *entry = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_nested_group_lookup_unknown_state); ret = sdap_nested_group_lookup_group_recv(state, subreq, &entry); talloc_zfree(subreq); if (ret != EOK) { goto done; } if (entry == NULL) { /* not found, end request */ state->entry = NULL; state->type = SDAP_NESTED_GROUP_DN_UNKNOWN; } else { /* found in groups */ state->entry = entry; state->type = SDAP_NESTED_GROUP_DN_GROUP; } ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static errno_t sdap_nested_group_lookup_unknown_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct sysdb_attrs **_entry, enum sdap_nested_group_dn_type *_type) { struct sdap_nested_group_lookup_unknown_state *state = NULL; state = tevent_req_data(req, struct sdap_nested_group_lookup_unknown_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_entry != NULL) { *_entry = talloc_steal(mem_ctx, state->entry); } if (_type != NULL) { *_type = state->type; } return EOK; } struct sdap_nested_group_deref_state { struct tevent_context *ev; struct sdap_nested_group_ctx *group_ctx; struct ldb_message_element *members; int nesting_level; struct sysdb_attrs **nested_groups; int num_groups; }; static void sdap_nested_group_deref_direct_done(struct tevent_req *subreq); static void sdap_nested_group_deref_done(struct tevent_req *subreq); static struct tevent_req * sdap_nested_group_deref_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_nested_group_ctx *group_ctx, struct ldb_message_element *members, const char *group_dn, int nesting_level) { struct sdap_nested_group_deref_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sdap_attr_map_info *maps = NULL; static const int num_maps = 2; struct sdap_options *opts = group_ctx->opts; const char **attrs = NULL; size_t num_attrs = 0; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct sdap_nested_group_deref_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->ev = ev; state->group_ctx = group_ctx; state->members = members; state->nesting_level = nesting_level; state->num_groups = 0; /* we will count exact number of the groups */ maps = talloc_array(state, struct sdap_attr_map_info, num_maps); if (maps == NULL) { ret = ENOMEM; goto immediately; } maps[0].map = opts->user_map; maps[0].num_attrs = SDAP_OPTS_USER; maps[1].map = opts->group_map; maps[1].num_attrs = SDAP_OPTS_GROUP; /* pull down the whole group map, * but only pull down username and originalDN for users */ ret = build_attrs_from_map(state, opts->group_map, SDAP_OPTS_GROUP, NULL, &attrs, &num_attrs); if (ret != EOK) { goto immediately; } attrs = talloc_realloc(state, attrs, const char *, num_attrs + 2); if (attrs == NULL) { ret = ENOMEM; goto immediately; } attrs[num_attrs] = group_ctx->opts->user_map[SDAP_AT_USER_NAME].name; attrs[num_attrs + 1] = NULL; /* send request */ subreq = sdap_deref_search_send(state, ev, opts, group_ctx->sh, group_dn, opts->group_map[SDAP_AT_GROUP_MEMBER].name, attrs, num_maps, maps, dp_opt_get_int(opts->basic, SDAP_SEARCH_TIMEOUT)); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sdap_nested_group_deref_direct_done, req); return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t sdap_nested_group_deref_direct_process(struct tevent_req *subreq) { struct sdap_nested_group_deref_state *state = NULL; struct tevent_req *req = NULL; struct sdap_options *opts = NULL; struct sdap_deref_attrs **entries = NULL; struct ldb_message_element *members = NULL; const char *orig_dn = NULL; const char *member_dn = NULL; size_t num_entries = 0; size_t i, j; bool member_found; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_nested_group_deref_state); opts = state->group_ctx->opts; members = state->members; ret = sdap_deref_search_recv(subreq, state, &num_entries, &entries); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Received %zu dereference results, " "about to process them\n", num_entries)); /* * We don't have any knowledge about possible number of groups when * dereferencing. We expect that every member is a group and we will * allocate enough space to hold it. We will shrink the memory later. */ state->nested_groups = talloc_zero_array(state, struct sysdb_attrs *, num_entries); if (state->nested_groups == NULL) { ret = ENOMEM; goto done; } for (i = 0; i < num_entries; i++) { ret = sysdb_attrs_get_string(entries[i]->attrs, SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("The entry has no originalDN\n")); goto done; } /* Ensure that all members returned from the deref request are included * in the member processing. Sometimes we will get more results back * from deref/asq than we got from the initial lookup, as is the case * with Active Directory and its range retrieval mechanism. */ member_found = false; for (j = 0; j < members->num_values; j++) { /* FIXME: This is inefficient for very large sets of groups */ member_dn = (const char *)members->values[j].data; if (strcasecmp(orig_dn, member_dn) == 0) { member_found = true; break; } } if (!member_found) { /* Append newly found member to member list. * Changes in state->members will propagate into sysdb_attrs of * the group. */ state->members->values = talloc_realloc(members, members->values, struct ldb_val, members->num_values + 1); if (members->values == NULL) { ret = ENOMEM; goto done; } members->values[members->num_values].data = (uint8_t *)talloc_strdup(members->values, orig_dn); if (members->values[members->num_values].data == NULL) { ret = ENOMEM; goto done; } members->values[members->num_values].length = strlen(orig_dn); members->num_values++; } if (entries[i]->map == opts->user_map) { /* we found a user */ /* skip the user if it is not amongst configured search bases */ if (!sdap_nested_member_is_user(state->group_ctx, orig_dn, NULL)) { continue; } /* save user in hash table */ ret = sdap_nested_group_hash_user(state->group_ctx, entries[i]->attrs); if (ret != EOK && ret != EEXIST) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to save user in hash table " "[%d]: %s\n", ret, strerror(ret))); goto done; } } else if (entries[i]->map == opts->group_map) { /* we found a group */ /* skip the group if we have reached the nesting limit */ if (state->nesting_level >= state->group_ctx->max_nesting_level) { DEBUG(SSSDBG_TRACE_ALL, ("[%s] is outside nesting limit " "(level %d), skipping\n", orig_dn, state->nesting_level)); continue; } /* skip the group if it is not amongst configured search bases */ if (!sdap_nested_member_is_group(state->group_ctx, orig_dn, NULL)) { continue; } /* save group in hash table */ ret = sdap_nested_group_hash_group(state->group_ctx, entries[i]->attrs); if (ret == EEXIST) { continue; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to save group in hash table " "[%d]: %s\n", ret, strerror(ret))); goto done; } /* remember the group for later processing */ state->nested_groups[state->num_groups] = entries[i]->attrs; state->num_groups++; } else { /* this should never happen, but if it does, do not loop forever */ DEBUG(SSSDBG_MINOR_FAILURE, ("Entry does not match any known map, skipping\n")); continue; } } /* adjust size of nested groups array */ if (state->num_groups > 0) { state->nested_groups = talloc_realloc(state, state->nested_groups, struct sysdb_attrs *, state->num_groups); if (state->nested_groups == NULL) { ret = ENOMEM; goto done; } } else { talloc_zfree(state->nested_groups); } ret = EOK; done: return ret; } static void sdap_nested_group_deref_direct_done(struct tevent_req *subreq) { struct sdap_nested_group_deref_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_nested_group_deref_state); /* process direct members */ ret = sdap_nested_group_deref_direct_process(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error processing direct membership " "[%d]: %s\n", ret, strerror(ret))); goto done; } /* we have processed all direct members, * now recurse and process nested groups */ subreq = sdap_nested_group_recurse_send(state, state->ev, state->group_ctx, state->nested_groups, state->num_groups, state->nesting_level + 1); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, sdap_nested_group_deref_done, req); ret = EAGAIN; done: if (ret == EOK) { /* tevent_req_error() cannot cope with EOK */ DEBUG(SSSDBG_CRIT_FAILURE, ("We should not get here with EOK\n")); tevent_req_error(req, EINVAL); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } static void sdap_nested_group_deref_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); /* process nested groups */ ret = sdap_nested_group_recurse_recv(subreq); talloc_zfree(subreq); if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } return; } static errno_t sdap_nested_group_deref_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async.h0000644000000000000000000000007312320753107021573 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.476875082 sssd-1.11.5/src/providers/ldap/sdap_async.h0000664002412700241270000003500212320753107022016 0ustar00jhrozekjhrozek00000000000000/* SSSD Async LDAP Helper routines Copyright (C) Simo Sorce This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SDAP_ASYNC_H_ #define _SDAP_ASYNC_H_ #include #include #include #include #include "providers/dp_backend.h" #include "providers/ldap/sdap.h" #include "providers/ldap/sdap_id_op.h" #include "providers/fail_over.h" #define AD_TOKENGROUPS_ATTR "tokenGroups" struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, const char *uri, struct sockaddr_storage *sockaddr, bool use_start_tls); int sdap_connect_recv(struct tevent_req *req, TALLOC_CTX *memctx, struct sdap_handle **sh); struct tevent_req *sdap_connect_host_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct resolv_ctx *resolv_ctx, enum restrict_family family_order, enum host_database *host_db, const char *protocol, const char *host, int port, bool use_start_tls); errno_t sdap_connect_host_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct sdap_handle **_sh); /* Search users in LDAP, return them as attrs */ struct tevent_req *sdap_search_user_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *dom, struct sdap_options *opts, struct sdap_search_base **search_bases, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout, bool enumeration); int sdap_search_user_recv(TALLOC_CTX *memctx, struct tevent_req *req, char **higher_usn, struct sysdb_attrs ***users, size_t *count); /* Search users in LDAP using the request above, save them to cache */ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *dom, struct sysdb_ctx *sysdb, struct sdap_options *opts, struct sdap_search_base **search_bases, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout, bool enumeration); int sdap_get_users_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **timestamp); struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_domain *sdom, struct sdap_options *opts, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout, bool enumeration); int sdap_get_groups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **timestamp); struct tevent_req *sdap_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *dom, struct sysdb_ctx *sysdb, struct sdap_options *opts, struct sdap_search_base **search_bases, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout); int sdap_get_netgroups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **timestamp, size_t *reply_count, struct sysdb_attrs ***reply); struct tevent_req *sdap_auth_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_handle *sh, const char *sasl_mech, const char *sasl_user, const char *user_dn, struct sss_auth_token *authtok); errno_t sdap_auth_recv(struct tevent_req *req, TALLOC_CTX *memctx, struct sdap_ppolicy_data **ppolicy); struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_domain *sdom, struct sdap_handle *sh, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, const char **grp_attrs); int sdap_get_initgr_recv(struct tevent_req *req); struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_handle *sh, char *user_dn, const char *password, const char *new_password); errno_t sdap_exop_modify_passwd_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **user_error_msg); struct tevent_req * sdap_modify_shadow_lastchange_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_handle *sh, const char *dn, char *lastchanged_name); errno_t sdap_modify_shadow_lastchange_recv(struct tevent_req *req); enum connect_tls { CON_TLS_DFL, CON_TLS_ON, CON_TLS_OFF }; struct tevent_req *sdap_cli_connect_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct be_ctx *be, struct sdap_service *service, bool skip_rootdse, enum connect_tls force_tls, bool skip_auth); int sdap_cli_connect_recv(struct tevent_req *req, TALLOC_CTX *memctx, bool *can_retry, struct sdap_handle **gsh, struct sdap_server_opts **srv_opts); struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, const char *search_base, int scope, const char *filter, const char **attrs, struct sdap_attr_map *map, int map_num_attrs, int timeout, bool allow_paging); int sdap_get_generic_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *reply_count, struct sysdb_attrs ***reply_list); bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts); struct tevent_req * sdap_deref_search_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, const char *base_dn, const char *deref_attr, const char **attrs, int num_maps, struct sdap_attr_map_info *maps, int timeout); int sdap_deref_search_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *reply_count, struct sdap_deref_attrs ***reply); struct tevent_req * sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, struct sdap_search_base **search_bases, int timeout); int sdap_posix_check_recv(struct tevent_req *req, bool *_has_posix); errno_t sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, const char *attr_name, const char *attr_desc, bool multivalued, const char *name, struct sysdb_attrs *attrs); #define sdap_attrs_add_string(ldap_attrs, attr_name, attr_desc, name, attrs) \ sdap_attrs_add_ldap_attr(ldap_attrs, attr_name, attr_desc, \ false, name, attrs) #define sdap_attrs_add_list(ldap_attrs, attr_name, attr_desc, name, attrs) \ sdap_attrs_add_ldap_attr(ldap_attrs, attr_name, attr_desc, \ true, name, attrs) errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, struct sss_domain_info *dom, struct sysdb_attrs *attrs); struct tevent_req * sdap_get_services_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *dom, struct sysdb_ctx *sysdb, struct sdap_options *opts, struct sdap_search_base **search_bases, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout, bool enumeration); errno_t sdap_get_services_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **usn_value); struct tevent_req * enum_services_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *id_ctx, struct sdap_id_op *op, bool purge); errno_t enum_services_recv(struct tevent_req *req); /* OID documented in * http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx */ #define SDAP_MATCHING_RULE_IN_CHAIN "1.2.840.113556.1.4.1941" struct tevent_req * sdap_get_ad_match_rule_members_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, struct sysdb_attrs *group, int timeout); errno_t sdap_get_ad_match_rule_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *num_users, struct sysdb_attrs ***users); struct tevent_req * sdap_get_ad_match_rule_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, int timeout); errno_t sdap_get_ad_match_rule_initgroups_recv(struct tevent_req *req); struct tevent_req * sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, struct sdap_options *opts, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_handle *sh, const char *name, const char *orig_dn, int timeout, bool use_id_mapping); errno_t sdap_ad_tokengroups_initgroups_recv(struct tevent_req *req); #endif /* _SDAP_ASYNC_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_dyndns.h0000644000000000000000000000007412320753107021756 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.483875077 sssd-1.11.5/src/providers/ldap/sdap_dyndns.h0000664002412700241270000000432112320753107022200 0ustar00jhrozekjhrozek00000000000000/* SSSD sdap_dyndns.h: LDAP specific dynamic DNS update Authors: Jakub Hrozek Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef SDAP_DYNDNS_H_ #define SDAP_DYNDNS_H_ #include "util/util.h" #include "providers/dp_backend.h" #include "providers/dp_dyndns.h" #include "providers/ldap/ldap_common.h" struct tevent_req * sdap_dyndns_update_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct dp_option *opts, struct sdap_id_ctx *sdap_ctx, enum be_nsupdate_auth auth_type, const char *ifname, const char *hostname, const char *dns_zone, const char *realm, const char *servername, const int ttl, bool check_diff); errno_t sdap_dyndns_update_recv(struct tevent_req *req); /* Connects to the LDAP server in order to read the address from the * socket and be able to perform dynamic DNS updates. Reschedules the * task automatically on errors and sets/resets the timer_in_progress * guard in be_nsupdate_ctx. */ struct tevent_req * sdap_dyndns_timer_conn_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *sdap_ctx, struct be_nsupdate_ctx *dyndns_ctx); errno_t sdap_dyndns_timer_conn_recv(struct tevent_req *req); #endif /* SDAP_DYNDNS_H_ */ sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_fd_events.c0000644000000000000000000000007312320753107022426 xustar000000000000000030 atime=1396954939.268891429 29 ctime=1396954961.62887497 sssd-1.11.5/src/providers/ldap/sdap_fd_events.c0000664002412700241270000002123212320753107022651 0ustar00jhrozekjhrozek00000000000000/* SSSD Helper routines for file descriptor events Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "providers/ldap/sdap_async_private.h" struct sdap_fd_events { #ifdef HAVE_LDAP_CONNCB struct ldap_conncb *conncb; #else struct tevent_fd *fde; #endif }; int get_fd_from_ldap(LDAP *ldap, int *fd) { int ret; ret = ldap_get_option(ldap, LDAP_OPT_DESC, fd); if (ret != LDAP_OPT_SUCCESS || *fd < 0) { DEBUG(1, ("Failed to get fd from ldap!!\n")); *fd = -1; return EIO; } return EOK; } int remove_ldap_connection_callbacks(struct sdap_handle *sh) { /* sdap_fd_events might be NULL here if sdap_mark_offline() * was called before a connection was established. */ if (sh->sdap_fd_events) { #ifdef HAVE_LDAP_CONNCB talloc_zfree(sh->sdap_fd_events->conncb); #else talloc_zfree(sh->sdap_fd_events->fde); #endif } return EOK; } #ifdef HAVE_LDAP_CONNCB static int remove_connection_callback(TALLOC_CTX *mem_ctx) { int lret; struct ldap_conncb *conncb = talloc_get_type(mem_ctx, struct ldap_conncb); struct ldap_cb_data *cb_data = talloc_get_type(conncb->lc_arg, struct ldap_cb_data); lret = ldap_get_option(cb_data->sh->ldap, LDAP_OPT_CONNECT_CB, conncb); if (lret != LDAP_OPT_SUCCESS) { DEBUG(1, ("Failed to remove connection callback.\n")); } else { DEBUG(9, ("Successfully removed connection callback.\n")); } return EOK; } static int sdap_ldap_connect_callback_add(LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, struct sockaddr *addr, struct ldap_conncb *ctx) { int ret; ber_socket_t ber_fd; struct fd_event_item *fd_event_item; struct ldap_cb_data *cb_data = talloc_get_type(ctx->lc_arg, struct ldap_cb_data); if (cb_data == NULL) { DEBUG(1, ("sdap_ldap_connect_callback_add called without " "callback data.\n")); return EINVAL; } ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_GET_FD, &ber_fd); if (ret == -1) { DEBUG(1, ("ber_sockbuf_ctrl failed.\n")); return EINVAL; } if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) { char *uri = ldap_url_desc2str(srv); DEBUG(7, ("New LDAP connection to [%s] with fd [%d].\n", uri, ber_fd)); free(uri); } fd_event_item = talloc_zero(cb_data, struct fd_event_item); if (fd_event_item == NULL) { DEBUG(1, ("talloc failed.\n")); return ENOMEM; } fd_event_item->fde = tevent_add_fd(cb_data->ev, fd_event_item, ber_fd, TEVENT_FD_READ, sdap_ldap_result, cb_data->sh); if (fd_event_item->fde == NULL) { DEBUG(1, ("tevent_add_fd failed.\n")); talloc_free(fd_event_item); return ENOMEM; } fd_event_item->fd = ber_fd; DLIST_ADD(cb_data->fd_list, fd_event_item); return LDAP_SUCCESS; } static void sdap_ldap_connect_callback_del(LDAP *ld, Sockbuf *sb, struct ldap_conncb *ctx) { int ret; ber_socket_t ber_fd; struct fd_event_item *fd_event_item; struct ldap_cb_data *cb_data = talloc_get_type(ctx->lc_arg, struct ldap_cb_data); if (sb == NULL || cb_data == NULL) { return; } ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_GET_FD, &ber_fd); if (ret == -1) { DEBUG(1, ("ber_sockbuf_ctrl failed.\n")); return; } DEBUG(9, ("Closing LDAP connection with fd [%d].\n", ber_fd)); DLIST_FOR_EACH(fd_event_item, cb_data->fd_list) { if (fd_event_item->fd == ber_fd) { break; } } if (fd_event_item == NULL) { DEBUG(1, ("No event for fd [%d] found.\n", ber_fd)); return; } DLIST_REMOVE(cb_data->fd_list, fd_event_item); talloc_zfree(fd_event_item); return; } #else static int sdap_install_ldap_callbacks(struct sdap_handle *sh, struct tevent_context *ev) { int fd; int ret; if (sh->sdap_fd_events) { DEBUG(1, ("sdap_install_ldap_callbacks is called with already " "initialized sdap_fd_events.\n")); return EINVAL; } sh->sdap_fd_events = talloc_zero(sh, struct sdap_fd_events); if (!sh->sdap_fd_events) { DEBUG(1, ("talloc_zero failed.\n")); return ENOMEM; } ret = get_fd_from_ldap(sh->ldap, &fd); if (ret) return ret; sh->sdap_fd_events->fde = tevent_add_fd(ev, sh->sdap_fd_events, fd, TEVENT_FD_READ, sdap_ldap_result, sh); if (!sh->sdap_fd_events->fde) { talloc_zfree(sh->sdap_fd_events); return ENOMEM; } DEBUG(8, ("Trace: sh[%p], connected[%d], ops[%p], fde[%p], ldap[%p]\n", sh, (int)sh->connected, sh->ops, sh->sdap_fd_events->fde, sh->ldap)); return EOK; } #endif errno_t setup_ldap_connection_callbacks(struct sdap_handle *sh, struct tevent_context *ev) { #ifdef HAVE_LDAP_CONNCB int ret; struct ldap_cb_data *cb_data; sh->sdap_fd_events = talloc_zero(sh, struct sdap_fd_events); if (sh->sdap_fd_events == NULL) { DEBUG(1, ("talloc_zero failed.\n")); ret = ENOMEM; goto fail; } sh->sdap_fd_events->conncb = talloc_zero(sh->sdap_fd_events, struct ldap_conncb); if (sh->sdap_fd_events->conncb == NULL) { DEBUG(1, ("talloc_zero failed.\n")); ret = ENOMEM; goto fail; } cb_data = talloc_zero(sh->sdap_fd_events->conncb, struct ldap_cb_data); if (cb_data == NULL) { DEBUG(1, ("talloc_zero failed.\n")); ret = ENOMEM; goto fail; } cb_data->sh = sh; cb_data->ev = ev; sh->sdap_fd_events->conncb->lc_add = sdap_ldap_connect_callback_add; sh->sdap_fd_events->conncb->lc_del = sdap_ldap_connect_callback_del; sh->sdap_fd_events->conncb->lc_arg = cb_data; ret = ldap_set_option(sh->ldap, LDAP_OPT_CONNECT_CB, sh->sdap_fd_events->conncb); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("Failed to set connection callback\n")); ret = EFAULT; goto fail; } talloc_set_destructor((TALLOC_CTX *) sh->sdap_fd_events->conncb, remove_connection_callback); return EOK; fail: talloc_zfree(sh->sdap_fd_events); return ret; #else DEBUG(9, ("LDAP connection callbacks are not supported.\n")); return EOK; #endif } errno_t sdap_set_connected(struct sdap_handle *sh, struct tevent_context *ev) { int ret = EOK; sh->connected = true; #ifndef HAVE_LDAP_CONNCB ret = sdap_install_ldap_callbacks(sh, ev); #endif return ret; } errno_t sdap_call_conn_cb(const char *uri,int fd, struct sdap_handle *sh) { #ifdef HAVE_LDAP_CONNCB int ret; Sockbuf *sb; LDAPURLDesc *lud; sb = ber_sockbuf_alloc(); if (sb == NULL) { DEBUG(1, ("ber_sockbuf_alloc failed.\n")); return ENOMEM; } ret = ber_sockbuf_ctrl(sb, LBER_SB_OPT_SET_FD, &fd); if (ret != 1) { DEBUG(1, ("ber_sockbuf_ctrl failed.\n")); return EFAULT; } ret = ldap_url_parse(uri, &lud); if (ret != 0) { ber_sockbuf_free(sb); DEBUG(SSSDBG_CRIT_FAILURE, ("ldap_url_parse failed to validate [%s] on fd [%d].\n", uri, fd)); return EFAULT; } ret = sdap_ldap_connect_callback_add(NULL, sb, lud, NULL, sh->sdap_fd_events->conncb); ldap_free_urldesc(lud); ber_sockbuf_free(sb); return ret; #else DEBUG(9, ("LDAP connection callbacks are not supported.\n")); return EOK; #endif } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_services.c0000644000000000000000000000007312320753107023471 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.626874971 sssd-1.11.5/src/providers/ldap/sdap_async_services.c0000664002412700241270000004602212320753107023720 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb.h" #include "db/sysdb_services.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/ldap_common.h" struct sdap_get_services_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; struct sss_domain_info *dom; struct sysdb_ctx *sysdb; const char **attrs; const char *base_filter; char *filter; int timeout; bool enumeration; char *higher_usn; struct sysdb_attrs **services; size_t count; size_t base_iter; struct sdap_search_base **search_bases; }; static errno_t sdap_get_services_next_base(struct tevent_req *req); static void sdap_get_services_process(struct tevent_req *subreq); static errno_t sdap_save_services(TALLOC_CTX *memctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs **services, size_t num_services, char **_usn_value); static errno_t sdap_save_service(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sdap_options *opts, struct sss_domain_info *dom, struct sysdb_attrs *attrs, char **_usn_value, time_t now); struct tevent_req * sdap_get_services_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *dom, struct sysdb_ctx *sysdb, struct sdap_options *opts, struct sdap_search_base **search_bases, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout, bool enumeration) { errno_t ret; struct tevent_req *req; struct sdap_get_services_state *state; req = tevent_req_create(memctx, &state, struct sdap_get_services_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->dom = dom; state->sh = sh; state->sysdb = sysdb; state->attrs = attrs; state->higher_usn = NULL; state->services = NULL; state->count = 0; state->timeout = timeout; state->base_filter = filter; state->base_iter = 0; state->search_bases = search_bases; state->enumeration = enumeration; if (!state->search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("Services lookup request without a search base\n")); ret = EINVAL; goto done; } ret = sdap_get_services_next_base(req); done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, state->ev); } return req; } static errno_t sdap_get_services_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_get_services_state *state; state = tevent_req_data(req, struct sdap_get_services_state); talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter(state, state->base_filter, state->search_bases[state->base_iter]->filter); if (!state->filter) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for services with base [%s]\n", state->search_bases[state->base_iter]->basedn)); subreq = sdap_get_generic_send( state, state->ev, state->opts, state->sh, state->search_bases[state->base_iter]->basedn, state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->service_map, SDAP_OPTS_SERVICES, state->timeout, state->enumeration); /* If we're enumerating, we need paging */ if (!subreq) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_get_services_process, req); return EOK; } static void sdap_get_services_process(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_services_state *state = tevent_req_data(req, struct sdap_get_services_state); int ret; size_t count, i; struct sysdb_attrs **services; bool next_base = false; ret = sdap_get_generic_recv(subreq, state, &count, &services); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_FUNC, ("Search for services, returned %zu results.\n", count)); if (state->enumeration || count == 0) { /* No services found in this search or enumerating */ next_base = true; } /* Add this batch of sevices to the list */ if (count > 0) { state->services = talloc_realloc(state, state->services, struct sysdb_attrs *, state->count + count + 1); if (!state->services) { tevent_req_error(req, ENOMEM); return; } /* Copy the new services into the list */ for (i = 0; i < count; i++) { state->services[state->count + i] = talloc_steal(state->services, services[i]); } state->count += count; state->services[state->count] = NULL; } if (next_base) { state->base_iter++; if (state->search_bases[state->base_iter]) { /* There are more search bases to try */ ret = sdap_get_services_next_base(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } } /* No more search bases * Return ENOENT if no services were found */ if (state->count == 0) { tevent_req_error(req, ENOENT); return; } ret = sdap_save_services(state, state->sysdb, state->dom, state->opts, state->services, state->count, &state->higher_usn); if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to store services.\n")); tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Saving %zu services - Done\n", state->count)); tevent_req_done(req); } static errno_t sdap_save_services(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs **services, size_t num_services, char **_usn_value) { errno_t ret, sret; time_t now; size_t i; bool in_transaction = false; char *higher_usn = NULL; char *usn_value; TALLOC_CTX *tmp_ctx; if (num_services == 0) { /* Nothing to do */ return ENOENT; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; now = time(NULL); for (i = 0; i < num_services; i++) { usn_value = NULL; ret = sdap_save_service(tmp_ctx, sysdb, opts, dom, services[i], &usn_value, now); /* Do not fail completely on errors. * Just report the failure to save and go on */ if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to store service %zu. Ignoring.\n", i)); } else { DEBUG(SSSDBG_TRACE_INTERNAL, ("Service [%zu/%zu] processed!\n", i, num_services)); } if (usn_value) { if (higher_usn) { if ((strlen(usn_value) > strlen(higher_usn)) || (strcmp(usn_value, higher_usn) > 0)) { talloc_zfree(higher_usn); higher_usn = usn_value; } else { talloc_zfree(usn_value); } } else { higher_usn = usn_value; } } } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction!\n")); goto done; } in_transaction = false; if (_usn_value) { *_usn_value = talloc_steal(mem_ctx, higher_usn); } done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction!\n")); } } talloc_free(tmp_ctx); return ret; } static errno_t sdap_save_service(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sdap_options *opts, struct sss_domain_info *dom, struct sysdb_attrs *attrs, char **_usn_value, time_t now) { errno_t ret; TALLOC_CTX *tmp_ctx = NULL; struct sysdb_attrs *svc_attrs; struct ldb_message_element *el; char *usn_value = NULL; const char *name = NULL; const char **aliases; const char **protocols; const char **cased_protocols; const char **store_protocols; char **missing; uint16_t port; uint64_t cache_timeout; DEBUG(SSSDBG_TRACE_ALL, ("Saving service\n")); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } svc_attrs = sysdb_new_attrs(tmp_ctx); if (!svc_attrs) { ret = ENOMEM; goto done; } /* Identify the primary name of this services */ ret = sysdb_attrs_primary_name( sysdb, attrs, opts->service_map[SDAP_AT_SERVICE_NAME].name, &name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not determine the primary name of the service\n")); goto done; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Primary name: [%s]\n", name)); /* Handle any available aliases */ ret = sysdb_attrs_get_aliases(tmp_ctx, attrs, name, !dom->case_sensitive, &aliases); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to identify service aliases\n")); goto done; } /* Get the port number */ ret = sysdb_attrs_get_uint16_t(attrs, SYSDB_SVC_PORT, &port); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to identify service port: [%s]\n", strerror(ret))); goto done; } /* Get the protocols this service offers on that port */ ret = sysdb_attrs_get_string_array(attrs, SYSDB_SVC_PROTO, tmp_ctx, &protocols); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to identify service protocols: [%s]\n", strerror(ret))); goto done; } if (dom->case_sensitive == false) { /* Don't perform the extra mallocs if not necessary */ ret = sss_get_cased_name_list(tmp_ctx, protocols, dom->case_sensitive, &cased_protocols); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to get case_sensitive protocols names: [%s]\n", strerror(ret))); goto done; } } store_protocols = dom->case_sensitive ? protocols : cased_protocols; /* Get the USN value, if available */ ret = sysdb_attrs_get_el(attrs, opts->service_map[SDAP_AT_SERVICE_USN].sys_name, &el); if (ret && ret != ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to retrieve USN value: [%s]\n", strerror(ret))); goto done; } if (ret == ENOENT || el->num_values == 0) { DEBUG(SSSDBG_TRACE_LIBS, ("Original USN value is not available for [%s].\n", name)); } else { ret = sysdb_attrs_add_string(svc_attrs, opts->service_map[SDAP_AT_SERVICE_USN].sys_name, (const char*)el->values[0].data); if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add USN value: [%s]\n", strerror(ret))); goto done; } usn_value = talloc_strdup(tmp_ctx, (const char*)el->values[0].data); if (!usn_value) { ret = ENOMEM; goto done; } } /* Make sure to remove any extra attributes from the sysdb * that have been removed from LDAP */ ret = list_missing_attrs(svc_attrs, opts->service_map, SDAP_OPTS_SERVICES, attrs, &missing); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to identify removed attributes: [%s]\n", strerror(ret))); goto done; } cache_timeout = dom->service_timeout; ret = sysdb_store_service(sysdb, dom, name, port, aliases, store_protocols, svc_attrs, missing, cache_timeout, now); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to store service in the sysdb: [%s]\n", strerror(ret))); goto done; } *_usn_value = talloc_steal(mem_ctx, usn_value); done: talloc_free(tmp_ctx); return ret; } errno_t sdap_get_services_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **usn_value) { struct sdap_get_services_state *state = tevent_req_data(req, struct sdap_get_services_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (usn_value) { *usn_value = talloc_steal(mem_ctx, state->higher_usn); } return EOK; } /* Enumeration routines */ struct enum_services_state { struct tevent_context *ev; struct sdap_id_ctx *id_ctx; struct sdap_id_op *op; struct sss_domain_info *domain; struct sysdb_ctx *sysdb; char *filter; const char **attrs; }; static void enum_services_op_done(struct tevent_req *subreq); struct tevent_req * enum_services_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *id_ctx, struct sdap_id_op *op, bool purge) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct enum_services_state *state; req = tevent_req_create(memctx, &state, struct enum_services_state); if (!req) return NULL; state->ev = ev; state->id_ctx = id_ctx; state->domain = id_ctx->be->domain; state->sysdb = id_ctx->be->domain->sysdb; state->op = op; if (id_ctx->srv_opts && id_ctx->srv_opts->max_service_value && !purge) { state->filter = talloc_asprintf( state, "(&(objectclass=%s)(%s=*)(%s=*)(%s=*)(%s>=%s)(!(%s=%s)))", id_ctx->opts->service_map[SDAP_OC_SERVICE].name, id_ctx->opts->service_map[SDAP_AT_SERVICE_NAME].name, id_ctx->opts->service_map[SDAP_AT_SERVICE_PORT].name, id_ctx->opts->service_map[SDAP_AT_SERVICE_PROTOCOL].name, id_ctx->opts->service_map[SDAP_AT_SERVICE_USN].name, id_ctx->srv_opts->max_service_value, id_ctx->opts->service_map[SDAP_AT_SERVICE_USN].name, id_ctx->srv_opts->max_service_value); } else { state->filter = talloc_asprintf( state, "(&(objectclass=%s)(%s=*)(%s=*)(%s=*))", id_ctx->opts->service_map[SDAP_OC_SERVICE].name, id_ctx->opts->service_map[SDAP_AT_SERVICE_NAME].name, id_ctx->opts->service_map[SDAP_AT_SERVICE_PORT].name, id_ctx->opts->service_map[SDAP_AT_SERVICE_PROTOCOL].name); } if (!state->filter) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to build base filter\n")); ret = ENOMEM; goto fail; } /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, id_ctx->opts->service_map, SDAP_OPTS_SERVICES, NULL, &state->attrs, NULL); if (ret != EOK) goto fail; subreq = sdap_get_services_send(state, state->ev, state->domain, state->sysdb, state->id_ctx->opts, state->id_ctx->opts->sdom->service_search_bases, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->id_ctx->opts->basic, SDAP_SEARCH_TIMEOUT), true); if (!subreq) { ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, enum_services_op_done, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void enum_services_op_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct enum_services_state *state = tevent_req_data(req, struct enum_services_state); char *usn_value; char *endptr = NULL; unsigned usn_number; int ret; ret = sdap_get_services_recv(state, subreq, &usn_value); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } if (usn_value) { talloc_zfree(state->id_ctx->srv_opts->max_service_value); state->id_ctx->srv_opts->max_service_value = talloc_steal(state->id_ctx, usn_value); usn_number = strtoul(usn_value, &endptr, 10); if ((endptr == NULL || (*endptr == '\0' && endptr != usn_value)) && (usn_number > state->id_ctx->srv_opts->last_usn)) { state->id_ctx->srv_opts->last_usn = usn_number; } } DEBUG(SSSDBG_FUNC_DATA, ("Services higher USN value: [%s]\n", state->id_ctx->srv_opts->max_service_value)); tevent_req_done(req); } errno_t enum_services_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_range.c0000644000000000000000000000007412320753107021546 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.631874968 sssd-1.11.5/src/providers/ldap/sdap_range.c0000664002412700241270000001036312320753107021773 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/ldap/sdap_range.h" #include "util/util.h" #include "util/strtonum.h" #define SDAP_RANGE_STRING "range=" errno_t sdap_parse_range(TALLOC_CTX *mem_ctx, const char *attr_desc, char **base_attr, uint32_t *range_offset, bool disable_range_retrieval) { errno_t ret; TALLOC_CTX *tmp_ctx; char *endptr; char *end_range; char *base; size_t rangestringlen = sizeof(SDAP_RANGE_STRING) - 1; *range_offset = 0; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; /* The base_attr is the portion before the semicolon (if it exists) */ endptr = strchr(attr_desc, ';'); if (endptr == NULL) { /* Not a ranged attribute. Just copy the attribute desc */ *base_attr = talloc_strdup(mem_ctx, attr_desc); if (!*base_attr) { ret = ENOMEM; } else { ret = EOK; } DEBUG(SSSDBG_TRACE_INTERNAL, ("No sub-attributes for [%s]\n", attr_desc)); goto done; } /* This is a complex attribute. First get the base attribute name */ base = talloc_strndup(tmp_ctx, attr_desc, endptr - attr_desc); if (!base) { ret = ENOMEM; goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Base attribute of [%s] is [%s]\n", attr_desc, base)); /* Next, determine if this is a ranged attribute */ if (strncmp(endptr+1, SDAP_RANGE_STRING, rangestringlen) != 0) { /* This is some other sub-attribute. We'll just return the whole * thing in case it's dealt with elsewhere. */ *base_attr = talloc_strdup(mem_ctx, attr_desc); if (!*base_attr) { ret = ENOMEM; } else { ret = EOK; } DEBUG(SSSDBG_TRACE_LIBS, ("[%s] contains sub-attribute other than a range, returning whole\n", attr_desc)); goto done; } else if (disable_range_retrieval) { /* This is range sub-attribute, but we want to ignore it. */ *base_attr = talloc_strdup(mem_ctx, attr_desc); if (!*base_attr) { ret = ENOMEM; } else { ret = ECANCELED; } goto done; } /* Get the end of the range */ end_range = strchr(endptr + rangestringlen +1, '-'); if (!end_range) { ret = EINVAL; DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot find hyphen in [%s]\n", endptr + rangestringlen +1)); goto done; } end_range++; /* advance past the hyphen */ if (*end_range == '*') { /* this was the last iteration of range retrievals */ *base_attr = talloc_steal(mem_ctx, base); *range_offset = 0; DEBUG(SSSDBG_TRACE_LIBS, ("[%s] contained the last set of values for this attribute\n", attr_desc)); ret = EOK; goto done; } *range_offset = strtouint32(end_range, &endptr, 10); if (*endptr != '\0') { *range_offset = 0; ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("[%s] did not parse as an unsigned integer: [%s]\n", end_range, strerror(ret))); goto done; } (*range_offset)++; *base_attr = talloc_steal(mem_ctx, base); DEBUG(SSSDBG_TRACE_LIBS, ("Parsed range values: [%s][%d]\n", base, *range_offset)); ret = EAGAIN; done: talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/ldap_child.c0000644000000000000000000000007412320753107021526 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.724874899 sssd-1.11.5/src/providers/ldap/ldap_child.c0000664002412700241270000004200012320753107021744 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Backend Module -- prime ccache with TGT in a child process Authors: Jakub Hrozek Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "util/sss_krb5.h" #include "util/child_common.h" #include "providers/dp_backend.h" static krb5_context krb5_error_ctx; #define LDAP_CHILD_DEBUG(level, error) KRB5_DEBUG(level, krb5_error_ctx, error) static const char *__ldap_child_krb5_error_msg; #define KRB5_SYSLOG(krb5_error) do { \ __ldap_child_krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \ sss_log(SSS_LOG_ERR, "%s", __ldap_child_krb5_error_msg); \ sss_krb5_free_error_message(krb5_error_ctx, __ldap_child_krb5_error_msg); \ } while(0) struct input_buffer { const char *realm_str; const char *princ_str; const char *keytab_name; krb5_deltat lifetime; }; static errno_t unpack_buffer(uint8_t *buf, size_t size, struct input_buffer *ibuf) { size_t p = 0; uint32_t len; DEBUG(SSSDBG_TRACE_LIBS, ("total buffer size: %zu\n", size)); /* realm_str size and length */ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); DEBUG(SSSDBG_TRACE_LIBS, ("realm_str size: %d\n", len)); if (len) { if ((p + len ) > size) return EINVAL; ibuf->realm_str = talloc_strndup(ibuf, (char *)(buf + p), len); DEBUG(SSSDBG_TRACE_LIBS, ("got realm_str: %s\n", ibuf->realm_str)); if (ibuf->realm_str == NULL) return ENOMEM; p += len; } /* princ_str size and length */ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); DEBUG(SSSDBG_TRACE_LIBS, ("princ_str size: %d\n", len)); if (len) { if ((p + len ) > size) return EINVAL; ibuf->princ_str = talloc_strndup(ibuf, (char *)(buf + p), len); DEBUG(SSSDBG_TRACE_LIBS, ("got princ_str: %s\n", ibuf->princ_str)); if (ibuf->princ_str == NULL) return ENOMEM; p += len; } /* keytab_name size and length */ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); DEBUG(SSSDBG_TRACE_LIBS, ("keytab_name size: %d\n", len)); if (len) { if ((p + len ) > size) return EINVAL; ibuf->keytab_name = talloc_strndup(ibuf, (char *)(buf + p), len); DEBUG(SSSDBG_TRACE_LIBS, ("got keytab_name: %s\n", ibuf->keytab_name)); if (ibuf->keytab_name == NULL) return ENOMEM; p += len; } /* ticket lifetime */ SAFEALIGN_COPY_INT32_CHECK(&ibuf->lifetime, buf + p, size, &p); DEBUG(SSSDBG_TRACE_LIBS, ("lifetime: %d\n", ibuf->lifetime)); return EOK; } static int pack_buffer(struct response *r, int result, krb5_error_code krberr, const char *msg, time_t expire_time) { int len; size_t p = 0; len = strlen(msg); r->size = 2 * sizeof(uint32_t) + sizeof(krb5_error_code) + len + sizeof(time_t); DEBUG(SSSDBG_TRACE_INTERNAL, ("response size: %zu\n",r->size)); r->buf = talloc_array(r, uint8_t, r->size); if(!r->buf) { return ENOMEM; } DEBUG(SSSDBG_TRACE_LIBS, ("result [%d] krberr [%d] msgsize [%d] msg [%s]\n", result, krberr, len, msg)); /* result */ SAFEALIGN_SET_UINT32(&r->buf[p], result, &p); /* krb5 error code */ safealign_memcpy(&r->buf[p], &krberr, sizeof(krberr), &p); /* message size */ SAFEALIGN_SET_UINT32(&r->buf[p], len, &p); /* message itself */ safealign_memcpy(&r->buf[p], msg, len, &p); /* ticket expiration time */ safealign_memcpy(&r->buf[p], &expire_time, sizeof(expire_time), &p); return EOK; } static errno_t set_child_debugging(krb5_context ctx) { krb5_error_code kerr; /* Set the global error context */ krb5_error_ctx = ctx; if (debug_level & SSSDBG_TRACE_ALL) { kerr = sss_child_set_krb5_tracing(ctx); if (kerr) { LDAP_CHILD_DEBUG(SSSDBG_MINOR_FAILURE, kerr); return EIO; } } return EOK; } static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, const char *realm_str, const char *princ_str, const char *keytab_name, const krb5_deltat lifetime, const char **ccname_out, time_t *expire_time_out) { char *ccname; char *realm_name = NULL; char *full_princ = NULL; char *default_realm = NULL; char *tmp_str = NULL; krb5_context context = NULL; krb5_keytab keytab = NULL; krb5_ccache ccache = NULL; krb5_principal kprinc; krb5_creds my_creds; krb5_get_init_creds_opt options; krb5_error_code krberr; krb5_timestamp kdc_time_offset; int canonicalize = 0; int kdc_time_offset_usec; int ret; krberr = krb5_init_context(&context); if (krberr) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to init kerberos context\n")); return krberr; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Kerberos context initialized\n")); krberr = set_child_debugging(context); if (krberr != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set krb5_child debugging\n")); } if (!realm_str) { krberr = krb5_get_default_realm(context, &default_realm); if (krberr) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get default realm name: %s\n", sss_krb5_get_error_message(context, krberr))); goto done; } realm_name = talloc_strdup(memctx, default_realm); krb5_free_default_realm(context, default_realm); if (!realm_name) { krberr = KRB5KRB_ERR_GENERIC; goto done; } } else { realm_name = talloc_strdup(memctx, realm_str); if (!realm_name) { krberr = KRB5KRB_ERR_GENERIC; goto done; } } DEBUG(SSSDBG_TRACE_INTERNAL, ("got realm_name: [%s]\n", realm_name)); if (princ_str) { if (!strchr(princ_str, '@')) { full_princ = talloc_asprintf(memctx, "%s@%s", princ_str, realm_name); } else { full_princ = talloc_strdup(memctx, princ_str); } } else { char hostname[512]; ret = gethostname(hostname, 511); if (ret == -1) { krberr = KRB5KRB_ERR_GENERIC; goto done; } hostname[511] = '\0'; DEBUG(SSSDBG_TRACE_LIBS, ("got hostname: [%s]\n", hostname)); ret = select_principal_from_keytab(memctx, hostname, realm_name, keytab_name, &full_princ, NULL, NULL); if (ret) { krberr = KRB5_KT_IOERR; goto done; } } if (!full_princ) { krberr = KRB5KRB_ERR_GENERIC; goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Principal name is: [%s]\n", full_princ)); krberr = krb5_parse_name(context, full_princ, &kprinc); if (krberr) { DEBUG(2, ("Unable to build principal: %s\n", sss_krb5_get_error_message(context, krberr))); goto done; } if (keytab_name) { krberr = krb5_kt_resolve(context, keytab_name, &keytab); } else { krberr = krb5_kt_default(context, &keytab); } DEBUG(SSSDBG_CONF_SETTINGS, ("Using keytab [%s]\n", KEYTAB_CLEAN_NAME)); if (krberr) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to read keytab file [%s]: %s\n", KEYTAB_CLEAN_NAME, sss_krb5_get_error_message(context, krberr))); goto done; } /* Verify the keytab */ ret = sss_krb5_verify_keytab_ex(full_princ, keytab_name, context, keytab); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to verify principal is present in the keytab\n")); krberr = KRB5_KT_IOERR; goto done; } ccname = talloc_asprintf(memctx, "FILE:%s/ccache_%s", DB_PATH, realm_name); if (!ccname) { krberr = KRB5KRB_ERR_GENERIC; goto done; } DEBUG(SSSDBG_TRACE_INTERNAL, ("keytab ccname: [%s]\n", ccname)); krberr = krb5_cc_resolve(context, ccname, &ccache); if (krberr) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to set cache name: %s\n", sss_krb5_get_error_message(context, krberr))); goto done; } memset(&my_creds, 0, sizeof(my_creds)); memset(&options, 0, sizeof(options)); krb5_get_init_creds_opt_set_address_list(&options, NULL); krb5_get_init_creds_opt_set_forwardable(&options, 0); krb5_get_init_creds_opt_set_proxiable(&options, 0); krb5_get_init_creds_opt_set_tkt_life(&options, lifetime); tmp_str = getenv("KRB5_CANONICALIZE"); if (tmp_str != NULL && strcasecmp(tmp_str, "true") == 0) { DEBUG(SSSDBG_CONF_SETTINGS, ("Will canonicalize principals\n")); canonicalize = 1; } sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize); krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc, keytab, 0, NULL, &options); if (krberr) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to init credentials: %s\n", sss_krb5_get_error_message(context, krberr))); sss_log(SSS_LOG_ERR, "Failed to initialize credentials using keytab [%s]: %s. " "Unable to create GSSAPI-encrypted LDAP connection.", KEYTAB_CLEAN_NAME, sss_krb5_get_error_message(context, krberr)); goto done; } DEBUG(SSSDBG_TRACE_INTERNAL, ("credentials initialized\n")); /* Use updated principal if changed due to canonicalization. */ krberr = krb5_cc_initialize(context, ccache, my_creds.client); if (krberr) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to init ccache: %s\n", sss_krb5_get_error_message(context, krberr))); goto done; } krberr = krb5_cc_store_cred(context, ccache, &my_creds); if (krberr) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to store creds: %s\n", sss_krb5_get_error_message(context, krberr))); goto done; } DEBUG(SSSDBG_TRACE_INTERNAL, ("credentials stored\n")); #ifdef HAVE_KRB5_GET_TIME_OFFSETS krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); if (krberr) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get KDC time offset: %s\n", sss_krb5_get_error_message(context, krberr))); kdc_time_offset = 0; } else { if (kdc_time_offset_usec > 0) { kdc_time_offset++; } } DEBUG(SSSDBG_TRACE_INTERNAL, ("Got KDC time offset\n")); #else /* If we don't have this function, just assume no offset */ kdc_time_offset = 0; #endif krberr = 0; *ccname_out = ccname; *expire_time_out = my_creds.times.endtime - kdc_time_offset; done: if (krberr != 0) KRB5_SYSLOG(krberr); if (keytab) krb5_kt_close(context, keytab); if (context) krb5_free_context(context); return krberr; } static int prepare_response(TALLOC_CTX *mem_ctx, const char *ccname, time_t expire_time, krb5_error_code kerr, struct response **rsp) { int ret; struct response *r = NULL; const char *krb5_msg = NULL; r = talloc_zero(mem_ctx, struct response); if (!r) return ENOMEM; r->buf = NULL; r->size = 0; DEBUG(SSSDBG_TRACE_FUNC, ("Building response for result [%d]\n", kerr)); if (kerr == 0) { ret = pack_buffer(r, EOK, kerr, ccname, expire_time); } else { krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr); if (krb5_msg == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_krb5_get_error_message failed.\n")); return ENOMEM; } ret = pack_buffer(r, EFAULT, kerr, krb5_msg, 0); sss_krb5_free_error_message(krb5_error_ctx, krb5_msg); } if (ret != EOK) { DEBUG(1, ("pack_buffer failed\n")); return ret; } *rsp = r; return EOK; } int main(int argc, const char *argv[]) { int ret; int kerr; int opt; int debug_fd = -1; poptContext pc; TALLOC_CTX *main_ctx = NULL; uint8_t *buf = NULL; ssize_t len = 0; const char *ccname = NULL; time_t expire_time = 0; struct input_buffer *ibuf = NULL; struct response *resp = NULL; size_t written; struct poptOption long_options[] = { POPT_AUTOHELP {"debug-level", 'd', POPT_ARG_INT, &debug_level, 0, _("Debug level"), NULL}, {"debug-timestamps", 0, POPT_ARG_INT, &debug_timestamps, 0, _("Add debug timestamps"), NULL}, {"debug-microseconds", 0, POPT_ARG_INT, &debug_microseconds, 0, _("Show timestamps with microseconds"), NULL}, {"debug-fd", 0, POPT_ARG_INT, &debug_fd, 0, _("An open file descriptor for the debug logs"), NULL}, POPT_TABLEEND }; /* Set debug level to invalid value so we can decide if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); _exit(-1); } } poptFreeContext(pc); DEBUG_INIT(debug_level); debug_prg_name = talloc_asprintf(NULL, "[sssd[ldap_child[%d]]]", getpid()); if (!debug_prg_name) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_asprintf failed.\n")); goto fail; } if (debug_fd != -1) { ret = set_debug_file_from_fd(debug_fd); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("set_debug_file_from_fd failed.\n")); } } DEBUG(SSSDBG_TRACE_FUNC, ("ldap_child started.\n")); main_ctx = talloc_new(NULL); if (main_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new failed.\n")); talloc_free(discard_const(debug_prg_name)); goto fail; } talloc_steal(main_ctx, debug_prg_name); buf = talloc_size(main_ctx, sizeof(uint8_t)*IN_BUF_SIZE); if (buf == NULL) { DEBUG(1, ("talloc_size failed.\n")); goto fail; } ibuf = talloc_zero(main_ctx, struct input_buffer); if (ibuf == NULL) { DEBUG(1, ("talloc_size failed.\n")); goto fail; } DEBUG(SSSDBG_TRACE_INTERNAL, ("context initialized\n")); errno = 0; len = sss_atomic_read_s(STDIN_FILENO, buf, IN_BUF_SIZE); if (len == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("read failed [%d][%s].\n", ret, strerror(ret))); goto fail; } close(STDIN_FILENO); ret = unpack_buffer(buf, len, ibuf); if (ret != EOK) { DEBUG(1, ("unpack_buffer failed.[%d][%s].\n", ret, strerror(ret))); goto fail; } DEBUG(SSSDBG_TRACE_INTERNAL, ("getting TGT sync\n")); kerr = ldap_child_get_tgt_sync(main_ctx, ibuf->realm_str, ibuf->princ_str, ibuf->keytab_name, ibuf->lifetime, &ccname, &expire_time); if (kerr != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("ldap_child_get_tgt_sync failed.\n")); /* Do not return, must report failure */ } ret = prepare_response(main_ctx, ccname, expire_time, kerr, &resp); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("prepare_response failed. [%d][%s].\n", ret, strerror(ret))); goto fail; } errno = 0; written = sss_atomic_write_s(STDOUT_FILENO, resp->buf, resp->size); if (written == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("write failed [%d][%s].\n", ret, strerror(ret))); goto fail; } if (written != resp->size) { DEBUG(SSSDBG_CRIT_FAILURE, ("Expected to write %zu bytes, wrote %zu\n", resp->size, written)); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, ("ldap_child completed successfully\n")); close(STDOUT_FILENO); talloc_free(main_ctx); _exit(0); fail: DEBUG(SSSDBG_CRIT_FAILURE, ("ldap_child failed!\n")); close(STDOUT_FILENO); talloc_free(main_ctx); _exit(-1); } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_sudo.c0000644000000000000000000000007312320753107022620 xustar000000000000000029 atime=1396954939.26789143 30 ctime=1396954961.636874964 sssd-1.11.5/src/providers/ldap/sdap_async_sudo.c0000664002412700241270000004526212320753107023054 0ustar00jhrozekjhrozek00000000000000/* SSSD Async LDAP Helper routines for sudo Authors: Pavel Březina Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "providers/dp_backend.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_sudo.h" #include "providers/ldap/sdap_sudo_cache.h" #include "db/sysdb_sudo.h" struct sdap_sudo_refresh_state { struct be_ctx *be_ctx; struct sdap_options *opts; struct sdap_id_op *sdap_op; struct sdap_id_conn_cache *sdap_conn_cache; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; const char *ldap_filter; /* search */ const char *sysdb_filter; /* delete */ int dp_error; int error; char *highest_usn; size_t num_rules; }; struct sdap_sudo_load_sudoers_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; struct sysdb_attrs **ldap_rules; /* search result will be stored here */ size_t ldap_rules_count; /* search result will be stored here */ const char **attrs; const char *filter; size_t base_iter; struct sdap_search_base **search_bases; int timeout; }; static int sdap_sudo_refresh_retry(struct tevent_req *req); static void sdap_sudo_refresh_connect_done(struct tevent_req *subreq); static struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, const char *ldap_filter); static errno_t sdap_sudo_load_sudoers_next_base(struct tevent_req *req); static void sdap_sudo_load_sudoers_process(struct tevent_req *subreq); static int sdap_sudo_load_sudoers_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *rules_count, struct sysdb_attrs ***rules); static void sdap_sudo_refresh_load_done(struct tevent_req *subreq); static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *dom, const char *filter, struct sdap_attr_map *map, size_t rules_count, struct sysdb_attrs **rules); static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *domain, struct sdap_options *opts, size_t rules_count, struct sysdb_attrs **rules, int cache_timeout, time_t now, char **_usn); struct tevent_req *sdap_sudo_refresh_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct sdap_options *opts, struct sdap_id_conn_cache *conn_cache, const char *ldap_filter, const char *sysdb_filter) { struct tevent_req *req; struct sdap_sudo_refresh_state *state; int ret; req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_refresh_state); if (!req) { return NULL; } /* if we don't have a search filter, this request is meaningless */ if (ldap_filter == NULL) { ret = EINVAL; goto immediately; } state->be_ctx = be_ctx; state->opts = opts; state->sdap_op = NULL; state->sdap_conn_cache = conn_cache; state->sysdb = be_ctx->domain->sysdb; state->domain = be_ctx->domain; state->ldap_filter = talloc_strdup(state, ldap_filter); state->sysdb_filter = talloc_strdup(state, sysdb_filter); state->dp_error = DP_ERR_OK; state->error = EOK; state->highest_usn = NULL; if (state->ldap_filter == NULL) { ret = ENOMEM; goto immediately; } if (sysdb_filter != NULL && state->sysdb_filter == NULL) { ret = ENOMEM; goto immediately; } ret = sdap_sudo_refresh_retry(req); if (ret == EAGAIN) { /* asynchronous processing */ return req; } immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, be_ctx->ev); return req; } int sdap_sudo_refresh_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, int *dp_error, int *error, char **usn, size_t *num_rules) { struct sdap_sudo_refresh_state *state; state = tevent_req_data(req, struct sdap_sudo_refresh_state); TEVENT_REQ_RETURN_ON_ERROR(req); *dp_error = state->dp_error; *error = state->error; if (usn != NULL && state->highest_usn != NULL) { *usn = talloc_steal(mem_ctx, state->highest_usn); } if (num_rules != NULL) { *num_rules = state->num_rules; } return EOK; } static int sdap_sudo_refresh_retry(struct tevent_req *req) { struct sdap_sudo_refresh_state *state; struct tevent_req *subreq; int ret; state = tevent_req_data(req, struct sdap_sudo_refresh_state); if (be_is_offline(state->be_ctx)) { state->dp_error = DP_ERR_OFFLINE; state->error = EAGAIN; return EOK; } if (state->sdap_op == NULL) { state->sdap_op = sdap_id_op_create(state, state->sdap_conn_cache); if (state->sdap_op == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_id_op_create() failed\n")); state->dp_error = DP_ERR_FATAL; state->error = EIO; return EIO; } } subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_id_op_connect_send() failed: %d(%s)\n", ret, strerror(ret))); talloc_zfree(state->sdap_op); state->dp_error = DP_ERR_FATAL; state->error = ret; return ret; } tevent_req_set_callback(subreq, sdap_sudo_refresh_connect_done, req); return EAGAIN; } static void sdap_sudo_refresh_connect_done(struct tevent_req *subreq) { struct tevent_req *req; /* req from sdap_sudo_refresh_send() */ struct sdap_sudo_refresh_state *state; int dp_error; int ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_sudo_refresh_state); ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (dp_error == DP_ERR_OFFLINE) { talloc_zfree(state->sdap_op); state->dp_error = DP_ERR_OFFLINE; state->error = EAGAIN; tevent_req_done(req); return; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("SUDO LDAP connection failed - %s\n", strerror(ret))); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, ("SUDO LDAP connection successful\n")); subreq = sdap_sudo_load_sudoers_send(state, state->be_ctx->ev, state->opts, sdap_id_op_handle(state->sdap_op), state->ldap_filter); if (subreq == NULL) { ret = EFAULT; goto fail; } tevent_req_set_callback(subreq, sdap_sudo_refresh_load_done, req); return; fail: state->dp_error = DP_ERR_FATAL; state->error = ret; tevent_req_error(req, ret); } static struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, const char *ldap_filter) { struct tevent_req *req; struct sdap_sudo_load_sudoers_state *state; int ret; req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_load_sudoers_state); if (!req) { return NULL; } state->ev = ev; state->opts = opts; state->sh = sh; state->base_iter = 0; state->search_bases = opts->sdom->sudo_search_bases; state->filter = ldap_filter; state->timeout = dp_opt_get_int(opts->basic, SDAP_SEARCH_TIMEOUT); state->ldap_rules = NULL; state->ldap_rules_count = 0; if (!state->search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("SUDOERS lookup request without a search base\n")); ret = EINVAL; goto done; } /* create attrs from map */ ret = build_attrs_from_map(state, opts->sudorule_map, SDAP_OPTS_SUDO, NULL, &state->attrs, NULL); if (ret != EOK) { goto fail; } /* begin search */ ret = sdap_sudo_load_sudoers_next_base(req); done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; fail: talloc_zfree(req); return NULL; } static errno_t sdap_sudo_load_sudoers_next_base(struct tevent_req *req) { struct sdap_sudo_load_sudoers_state *state; struct sdap_search_base *search_base; struct tevent_req *subreq; char *filter; state = tevent_req_data(req, struct sdap_sudo_load_sudoers_state); search_base = state->search_bases[state->base_iter]; if (search_base == NULL) { /* should not happen */ DEBUG(SSSDBG_CRIT_FAILURE, ("search_base is null\n")); return EFAULT; } /* create filter */ filter = sdap_get_id_specific_filter(state, state->filter, search_base->filter); if (filter == NULL) { return ENOMEM; } /* send request */ DEBUG(SSSDBG_TRACE_FUNC, ("Searching for sudo rules with base [%s]\n", search_base->basedn)); subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, search_base->basedn, search_base->scope, filter, state->attrs, state->opts->sudorule_map, SDAP_OPTS_SUDO, state->timeout, true); if (subreq == NULL) { return ENOMEM; } tevent_req_set_callback(subreq, sdap_sudo_load_sudoers_process, req); return EOK; } static void sdap_sudo_load_sudoers_process(struct tevent_req *subreq) { struct tevent_req *req; struct sdap_sudo_load_sudoers_state *state; struct sdap_search_base *search_base; struct sysdb_attrs **attrs = NULL; size_t count; int ret; int i; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_sudo_load_sudoers_state); search_base = state->search_bases[state->base_iter]; DEBUG(SSSDBG_TRACE_FUNC, ("Receiving sudo rules with base [%s]\n", search_base->basedn)); ret = sdap_get_generic_recv(subreq, state, &count, &attrs); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } /* add rules to result */ if (count > 0) { state->ldap_rules = talloc_realloc(state, state->ldap_rules, struct sysdb_attrs *, state->ldap_rules_count + count); if (state->ldap_rules == NULL) { tevent_req_error(req, ENOMEM); return; } for (i = 0; i < count; i++) { state->ldap_rules[state->ldap_rules_count + i] = talloc_steal( state->ldap_rules, attrs[i]); } state->ldap_rules_count += count; } /* go to next base */ state->base_iter++; if (state->search_bases[state->base_iter]) { ret = sdap_sudo_load_sudoers_next_base(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } /* we are done */ tevent_req_done(req); } static int sdap_sudo_load_sudoers_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *rules_count, struct sysdb_attrs ***rules) { struct sdap_sudo_load_sudoers_state *state; state = tevent_req_data(req, struct sdap_sudo_load_sudoers_state); TEVENT_REQ_RETURN_ON_ERROR(req); *rules_count = state->ldap_rules_count; *rules = talloc_steal(mem_ctx, state->ldap_rules); return EOK; } static void sdap_sudo_refresh_load_done(struct tevent_req *subreq) { struct tevent_req *req; /* req from sdap_sudo_refresh_send() */ struct sdap_sudo_refresh_state *state; struct sysdb_attrs **rules = NULL; size_t rules_count = 0; int ret; errno_t sret; bool in_transaction = false; time_t now; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_sudo_refresh_state); ret = sdap_sudo_load_sudoers_recv(subreq, state, &rules_count, &rules); talloc_zfree(subreq); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Received %zu rules\n", rules_count)); /* start transaction */ ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; /* purge cache */ ret = sdap_sudo_purge_sudoers(state->sysdb, state->domain, state->sysdb_filter, state->opts->sudorule_map, rules_count, rules); if (ret != EOK) { goto done; } /* store rules */ now = time(NULL); ret = sdap_sudo_store_sudoers(state, state->sysdb, state->domain, state->opts, rules_count, rules, state->domain->sudo_timeout, now, &state->highest_usn); if (ret != EOK) { goto done; } /* commit transaction */ ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; DEBUG(SSSDBG_TRACE_FUNC, ("Sudoers is successfuly stored in cache\n")); ret = EOK; state->num_rules = rules_count; done: if (in_transaction) { sret = sysdb_transaction_cancel(state->sysdb); if (sret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not cancel transaction\n")); } } state->error = ret; if (ret == EOK) { state->dp_error = DP_ERR_OK; tevent_req_done(req); } else { state->dp_error = DP_ERR_FATAL; tevent_req_error(req, ret); } } static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *dom, const char *filter, struct sdap_attr_map *map, size_t rules_count, struct sysdb_attrs **rules) { const char *name; int i; errno_t ret; if (filter == NULL) { /* removes downloaded rules from the cache */ if (rules_count == 0 || rules == NULL) { return EOK; } for (i = 0; i < rules_count; i++) { ret = sysdb_attrs_get_string(rules[i], map[SDAP_AT_SUDO_NAME].sys_name, &name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to retrieve rule name: [%s]\n", strerror(ret))); continue; } ret = sysdb_sudo_purge_byname(sysdb_ctx, dom, name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to delete rule %s: [%s]\n", name, strerror(ret))); continue; } } ret = EOK; } else { /* purge cache by provided filter */ ret = sysdb_sudo_purge_byfilter(sysdb_ctx, dom, filter); if (ret != EOK) { goto done; } } done: if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("failed to purge sudo rules [%d]: %s\n", ret, strerror(ret))); } return ret; } static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *domain, struct sdap_options *opts, size_t rules_count, struct sysdb_attrs **rules, int cache_timeout, time_t now, char **_usn) { errno_t ret; /* Empty sudoers? Done. */ if (rules_count == 0 || rules == NULL) { return EOK; } ret = sdap_save_native_sudorule_list(mem_ctx, sysdb_ctx, domain, opts->sudorule_map, rules, rules_count, cache_timeout, now, _usn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("failed to save sudo rules [%d]: %s\n", ret, strerror(ret))); return ret; } return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_async_autofs.c0000644000000000000000000000007212320753107023146 xustar000000000000000029 atime=1396954939.26789143 29 ctime=1396954961.64187496 sssd-1.11.5/src/providers/ldap/sdap_async_autofs.c0000664002412700241270000007127312320753107023404 0ustar00jhrozekjhrozek00000000000000/* SSSD Async LDAP Helper routines for autofs Authors: Jakub Hrozek Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/sdap_async_private.h" #include "db/sysdb_autofs.h" #include "providers/ldap/ldap_common.h" enum autofs_map_op { AUTOFS_MAP_OP_ADD, AUTOFS_MAP_OP_DEL }; /* ====== Utility functions ====== */ static const char * get_autofs_map_name(struct sysdb_attrs *map, struct sdap_options *opts) { errno_t ret; struct ldb_message_element *el; ret = sysdb_attrs_get_el(map, opts->autofs_mobject_map[SDAP_AT_AUTOFS_MAP_NAME].sys_name, &el); if (ret) return NULL; if (el->num_values == 0) return NULL; return (const char *)el->values[0].data; } static const char * get_autofs_entry_attr(struct sysdb_attrs *entry, struct sdap_options *opts, enum sdap_autofs_entry_attrs attr) { errno_t ret; struct ldb_message_element *el; ret = sysdb_attrs_get_el(entry, opts->autofs_entry_map[attr].sys_name, &el); if (ret) return NULL; if (el->num_values != 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Expected one entry got %d\n", el->num_values)); return NULL; } return (const char *)el->values[0].data; } static const char * get_autofs_entry_key(struct sysdb_attrs *entry, struct sdap_options *opts) { return get_autofs_entry_attr(entry, opts, SDAP_AT_AUTOFS_ENTRY_KEY); } static const char * get_autofs_entry_value(struct sysdb_attrs *entry, struct sdap_options *opts) { return get_autofs_entry_attr(entry, opts, SDAP_AT_AUTOFS_ENTRY_VALUE); } static errno_t add_autofs_entry(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *map, struct sdap_options *opts, struct sysdb_attrs *entry) { const char *key; const char *value; key = get_autofs_entry_key(entry, opts); if (!key) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get autofs entry key\n")); return EINVAL; } value = get_autofs_entry_value(entry, opts); if (!value) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get autofs entry value\n")); return EINVAL; } return sysdb_save_autofsentry(sysdb, domain, map, key, value, NULL); } static errno_t save_autofs_entries(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_options *opts, const char *map, char **add_dn_list, hash_table_t *entry_hash) { hash_key_t key; hash_value_t value; size_t i; int hret; errno_t ret; struct sysdb_attrs *entry; if (!add_dn_list) { return EOK; } for (i=0; add_dn_list[i]; i++) { key.type = HASH_KEY_STRING; key.str = (char *) add_dn_list[i]; hret = hash_lookup(entry_hash, &key, &value); if (hret != HASH_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot retrieve entry [%s] from hash\n", add_dn_list[i])); continue; } entry = talloc_get_type(value.ptr, struct sysdb_attrs); if (!entry) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot retrieve entry [%s] from ptr\n", add_dn_list[i])); continue; } DEBUG(SSSDBG_TRACE_FUNC, ("Saving autofs entry [%s]\n", add_dn_list[i])); ret = add_autofs_entry(sysdb, domain, map, opts, entry); if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot save entry [%s] to cache\n", add_dn_list[i])); continue; } DEBUG(SSSDBG_TRACE_FUNC, ("Saved entry [%s]\n", add_dn_list[i])); } DEBUG(SSSDBG_TRACE_INTERNAL, ("All entries saved\n")); return EOK; } static errno_t del_autofs_entries(struct sysdb_ctx *sysdb, struct sdap_options *opts, const char *map, char **del_dn_list) { size_t i; errno_t ret; for (i=0; del_dn_list[i]; i++) { DEBUG(SSSDBG_TRACE_FUNC, ("Removing autofs entry [%s]\n", del_dn_list[i])); ret = sysdb_del_autofsentry(sysdb, del_dn_list[i]); if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot delete entry %s\n", del_dn_list[i])); continue; } } DEBUG(SSSDBG_TRACE_INTERNAL, ("All entries removed\n")); return EOK; } static errno_t save_autofs_map(struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs *map) { const char *mapname; errno_t ret; time_t now; mapname = get_autofs_map_name(map, opts); if (!mapname) return EINVAL; now = time(NULL); ret = sysdb_save_autofsmap(sysdb, dom, mapname, mapname, NULL, dom->autofsmap_timeout, now); if (ret != EOK) { return ret; } return EOK; } struct automntmaps_process_members_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; struct sss_domain_info *dom; int timeout; struct sysdb_ctx *sysdb; const char *orig_dn; char *base_filter; char *filter; const char **attrs; size_t base_iter; struct sdap_search_base **search_bases; struct sysdb_attrs *map; struct sysdb_attrs **entries; size_t entries_count; }; static void automntmaps_process_members_done(struct tevent_req *subreq); static errno_t automntmaps_process_members_next_base(struct tevent_req *req); static struct tevent_req * automntmaps_process_members_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sdap_handle *sh, struct sss_domain_info *dom, struct sdap_search_base **search_bases, int timeout, struct sysdb_ctx *sysdb, struct sysdb_attrs *map) { errno_t ret; struct tevent_req *req; struct automntmaps_process_members_state *state; req = tevent_req_create(mem_ctx, &state, struct automntmaps_process_members_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->dom = dom; state->sh = sh; state->sysdb = sysdb; state->timeout = timeout; state->base_iter = 0; state->map = map; state->search_bases = search_bases; state->base_filter = talloc_asprintf(state, "(&(%s=*)(objectclass=%s))", opts->autofs_entry_map[SDAP_AT_AUTOFS_ENTRY_KEY].name, opts->autofs_entry_map[SDAP_OC_AUTOFS_ENTRY].name); if (!state->base_filter) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build filter\n")); ret = ENOMEM; goto immediate; } ret = build_attrs_from_map(state, opts->autofs_entry_map, SDAP_OPTS_AUTOFS_ENTRY, NULL, &state->attrs, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build attributes from map\n")); ret = ENOMEM; goto immediate; } ret = sysdb_attrs_get_string(state->map, SYSDB_ORIG_DN, &state->orig_dn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get originalDN\n")); goto immediate; } DEBUG(SSSDBG_TRACE_FUNC, ("Examining autofs map [%s]\n", state->orig_dn)); ret = automntmaps_process_members_next_base(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("search failed [%d]: %s\n", ret, strerror(ret))); goto immediate; } return req; immediate: if (ret != EOK) { tevent_req_error(req, ret); } else { tevent_req_done(req); } tevent_req_post(req, ev); return req; } static errno_t automntmaps_process_members_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct automntmaps_process_members_state *state = tevent_req_data(req, struct automntmaps_process_members_state); talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter(state, state->base_filter, state->search_bases[state->base_iter]->filter); if (!state->filter) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for automount map entries with base [%s]\n", state->search_bases[state->base_iter]->basedn)); subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, state->orig_dn, state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->autofs_entry_map, SDAP_OPTS_AUTOFS_ENTRY, state->timeout, true); if (!subreq) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot start search for entries\n")); return EIO; } tevent_req_set_callback(subreq, automntmaps_process_members_done, req); return EOK; } static void automntmaps_process_members_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct automntmaps_process_members_state *state = tevent_req_data(req, struct automntmaps_process_members_state); errno_t ret; struct sysdb_attrs **entries; size_t entries_count, i; ret = sdap_get_generic_recv(subreq, state, &entries_count, &entries); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } if (entries_count > 0) { state->entries = talloc_realloc(state, state->entries, struct sysdb_attrs *, state->entries_count + entries_count + 1); if (state->entries == NULL) { tevent_req_error(req, ENOMEM); return; } for (i=0; i < entries_count; i++) { state->entries[state->entries_count + i] = talloc_steal(state->entries, entries[i]); } state->entries_count += entries_count; state->entries[state->entries_count] = NULL; } state->base_iter++; if (state->search_bases[state->base_iter]) { ret = automntmaps_process_members_next_base(req); if (ret != EOK) { tevent_req_error(req, ret); return; } } DEBUG(SSSDBG_TRACE_INTERNAL, ("No more search bases to try\n")); DEBUG(SSSDBG_TRACE_FUNC, ("Search for autofs entries, returned %zu results.\n", state->entries_count)); tevent_req_done(req); return; } static errno_t automntmaps_process_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *entries_count, struct sysdb_attrs ***entries) { struct automntmaps_process_members_state *state; state = tevent_req_data(req, struct automntmaps_process_members_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (entries_count) { *entries_count = state->entries_count; } if (entries) { *entries = talloc_steal(mem_ctx, state->entries); } return EOK; } struct sdap_get_automntmap_state { struct tevent_context *ev; struct sdap_options *opts; struct sdap_handle *sh; struct sss_domain_info *dom; struct sysdb_ctx *sysdb; const char **attrs; const char *base_filter; char *filter; int timeout; char *higher_timestamp; struct sysdb_attrs **map; size_t count; struct sysdb_attrs **entries; size_t entries_count; size_t base_iter; struct sdap_search_base **search_bases; }; static errno_t sdap_get_automntmap_next_base(struct tevent_req *req); static void sdap_get_automntmap_process(struct tevent_req *subreq); static struct tevent_req * sdap_get_automntmap_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *dom, struct sysdb_ctx *sysdb, struct sdap_options *opts, struct sdap_search_base **search_bases, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout) { errno_t ret; struct tevent_req *req; struct sdap_get_automntmap_state *state; req = tevent_req_create(memctx, &state, struct sdap_get_automntmap_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->dom = dom; state->sh = sh; state->sysdb = sysdb; state->attrs = attrs; state->higher_timestamp = NULL; state->map = NULL; state->count = 0; state->timeout = timeout; state->base_filter = filter; state->base_iter = 0; state->search_bases = search_bases; ret = sdap_get_automntmap_next_base(req); if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, state->ev); } return req; } static errno_t sdap_get_automntmap_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_get_automntmap_state *state; state = tevent_req_data(req, struct sdap_get_automntmap_state); talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter(state, state->base_filter, state->search_bases[state->base_iter]->filter); if (!state->filter) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for automount maps with base [%s]\n", state->search_bases[state->base_iter]->basedn)); subreq = sdap_get_generic_send( state, state->ev, state->opts, state->sh, state->search_bases[state->base_iter]->basedn, state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->autofs_mobject_map, SDAP_OPTS_AUTOFS_MAP, state->timeout, false); if (!subreq) { return EIO; } tevent_req_set_callback(subreq, sdap_get_automntmap_process, req); return EOK; } static void sdap_get_automntmap_done(struct tevent_req *subreq); static void sdap_get_automntmap_process(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_automntmap_state *state = tevent_req_data(req, struct sdap_get_automntmap_state); errno_t ret; ret = sdap_get_generic_recv(subreq, state, &state->count, &state->map); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_FUNC, ("Search for autofs maps, returned %zu results.\n", state->count)); if (state->count == 0) { /* No maps found in this search */ state->base_iter++; if (state->search_bases[state->base_iter]) { /* There are more search bases to try */ ret = sdap_get_automntmap_next_base(req); if (ret != EOK) { tevent_req_error(req, ENOENT); } return; } tevent_req_error(req, ENOENT); return; } else if (state->count > 1) { DEBUG(SSSDBG_OP_FAILURE, ("The search yielded more than one autofs map\n")); tevent_req_error(req, EIO); return; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Processing autofs maps\n")); subreq = automntmaps_process_members_send(state, state->ev, state->opts, state->sh, state->dom, state->search_bases, state->timeout, state->sysdb, state->map[0]); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_get_automntmap_done, req); return; } static void sdap_get_automntmap_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_automntmap_state *state = tevent_req_data(req, struct sdap_get_automntmap_state); errno_t ret; ret = automntmaps_process_members_recv(subreq, state, &state->entries_count, &state->entries); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_FUNC, ("automount map members received\n")); tevent_req_done(req); return; } static errno_t sdap_get_automntmap_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct sysdb_attrs **map, size_t *entries_count, struct sysdb_attrs ***entries) { struct sdap_get_automntmap_state *state = tevent_req_data(req, struct sdap_get_automntmap_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (map) { *map = talloc_steal(mem_ctx, state->map[0]); } if (entries_count) { *entries_count = state->entries_count; } if (entries) { *entries = talloc_steal(mem_ctx, state->entries); } return EOK; } struct sdap_autofs_setautomntent_state { char *filter; const char **attrs; struct sdap_options *opts; struct sdap_handle *sh; struct sysdb_ctx *sysdb; struct sdap_id_op *sdap_op; struct sss_domain_info *dom; const char *mapname; struct sysdb_attrs *map; struct sysdb_attrs **entries; size_t entries_count; int dp_error; }; static void sdap_autofs_setautomntent_done(struct tevent_req *subreq); struct tevent_req * sdap_autofs_setautomntent_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sss_domain_info *dom, struct sysdb_ctx *sysdb, struct sdap_handle *sh, struct sdap_id_op *op, struct sdap_options *opts, const char *mapname) { struct tevent_req *req; struct tevent_req *subreq; struct sdap_autofs_setautomntent_state *state; char *clean_mapname; errno_t ret; req = tevent_req_create(memctx, &state, struct sdap_autofs_setautomntent_state); if (!req) return NULL; if (!mapname) { DEBUG(SSSDBG_CRIT_FAILURE, ("No map name given\n")); ret = EINVAL; goto fail; } state->sh = sh; state->sysdb = sysdb; state->opts = opts; state->sdap_op = op; state->dom = dom; state->mapname = mapname; ret = sss_filter_sanitize(state, mapname, &clean_mapname); if (ret != EOK) { goto fail; } state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", state->opts->autofs_mobject_map[SDAP_AT_AUTOFS_MAP_NAME].name, clean_mapname, state->opts->autofs_mobject_map[SDAP_OC_AUTOFS_MAP].name); if (!state->filter) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build filter\n")); ret = ENOMEM; goto fail; } talloc_free(clean_mapname); ret = build_attrs_from_map(state, state->opts->autofs_mobject_map, SDAP_OPTS_AUTOFS_MAP, NULL, &state->attrs, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build attributes from map\n")); ret = ENOMEM; goto fail; } subreq = sdap_get_automntmap_send(state, ev, dom, sysdb, state->opts, state->opts->sdom->autofs_search_bases, state->sh, state->attrs, state->filter, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT)); if (!subreq) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, sdap_autofs_setautomntent_done, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static errno_t sdap_autofs_setautomntent_save(struct tevent_req *req); static void sdap_autofs_setautomntent_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_autofs_setautomntent_state *state = tevent_req_data(req, struct sdap_autofs_setautomntent_state); ret = sdap_get_automntmap_recv(subreq, state, &state->map, &state->entries_count, &state->entries); talloc_zfree(subreq); if (ret != EOK) { if (ret == ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not find automount map\n")); } else { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_automntmap_recv failed [%d]: %s\n", ret, strerror(ret))); } tevent_req_error(req, ret); return; } ret = sdap_autofs_setautomntent_save(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not save automount map\n")); tevent_req_error(req, ret); return; } state->dp_error = DP_ERR_OK; tevent_req_done(req); return; } static errno_t sdap_autofs_setautomntent_save(struct tevent_req *req) { struct sdap_autofs_setautomntent_state *state = tevent_req_data(req, struct sdap_autofs_setautomntent_state); errno_t ret, tret; bool in_transaction = false; TALLOC_CTX *tmp_ctx; struct ldb_message **entries = NULL; size_t count; const char *key; const char *val; char **sysdb_entrylist; char **ldap_entrylist; char **add_entries; char **del_entries; size_t i, j; hash_table_t *entry_hash; hash_key_t hkey; hash_value_t value; int hret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; DEBUG(SSSDBG_TRACE_LIBS, ("Got %zu map entries from LDAP\n", state->entries_count)); if (state->entries_count == 0) { /* No entries for this map in LDAP. * We need to ensure that there are no entries * in the sysdb either. */ ldap_entrylist = NULL; } else { ldap_entrylist = talloc_array(tmp_ctx, char *, state->entries_count+1); if (!ldap_entrylist) { ret = ENOMEM; goto done; } ret = sss_hash_create(state, 32, &entry_hash); if (ret) { goto done; } /* Get a list of the map members by DN */ for (i=0, j=0; i < state->entries_count; i++) { key = get_autofs_entry_key(state->entries[i], state->opts); val = get_autofs_entry_value(state->entries[i], state->opts); if (!key || !val) { DEBUG(SSSDBG_MINOR_FAILURE, ("Malformed entry, skipping\n")); continue; } ldap_entrylist[j] = sysdb_autofsentry_strdn(ldap_entrylist, state->sysdb, state->dom, state->mapname, key, val); if (!ldap_entrylist[j]) { ret = ENOMEM; goto done; } hkey.type = HASH_KEY_STRING; hkey.str = ldap_entrylist[j]; value.type = HASH_VALUE_PTR; value.ptr = state->entries[i]; hret = hash_enter(entry_hash, &hkey, &value); if (hret != HASH_SUCCESS) { ret = EIO; goto done; } j++; } ldap_entrylist[state->entries_count] = NULL; } ret = sysdb_autofs_entries_by_map(tmp_ctx, state->sysdb, state->dom, state->mapname, &count, &entries); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("cache lookup for the map failed [%d]: %s\n", ret, strerror(ret))); goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Got %zu map entries from sysdb\n", count)); if (count == 0) { /* No map members for this map in sysdb currently */ sysdb_entrylist = NULL; } else { sysdb_entrylist = talloc_array(state, char *, count+1); if (!sysdb_entrylist) { ret = ENOMEM; goto done; } /* Get a list of the map members by DN */ for (i=0; i < count; i++) { sysdb_entrylist[i] = talloc_strdup(sysdb_entrylist, ldb_dn_get_linearized(entries[i]->dn)); if (!sysdb_entrylist[i]) { ret = ENOMEM; goto done; } } sysdb_entrylist[count] = NULL; } /* Find the differences between the sysdb and LDAP lists * Entries in the sysdb only must be removed. */ ret = diff_string_lists(tmp_ctx, ldap_entrylist, sysdb_entrylist, &add_entries, &del_entries, NULL); if (ret != EOK) goto done; ret = sysdb_transaction_start(state->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot start sysdb transaction [%d]: %s\n", ret, strerror(ret))); goto done; } in_transaction = true; /* Save the map itself */ ret = save_autofs_map(state->sysdb, state->dom, state->opts, state->map); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot save autofs map entry [%d]: %s\n", ret, strerror(ret))); goto done; } /* Create entries that don't exist yet */ if (add_entries && add_entries[0]) { ret = save_autofs_entries(state->sysdb, state->dom, state->opts, state->mapname, add_entries, entry_hash); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot save autofs entries [%d]: %s\n", ret, strerror(ret))); goto done; } } /* Delete entries that don't exist anymore */ if (del_entries && del_entries[0]) { ret = del_autofs_entries(state->sysdb, state->opts, state->mapname, del_entries); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot delete autofs entries [%d]: %s\n", ret, strerror(ret))); goto done; } } ret = sysdb_transaction_commit(state->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot commit sysdb transaction [%d]: %s\n", ret, strerror(ret))); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { tret = sysdb_transaction_cancel(state->sysdb); if (tret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot cancel sysdb transaction [%d]: %s\n", ret, strerror(ret))); } } talloc_zfree(tmp_ctx); return ret; } errno_t sdap_autofs_setautomntent_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ldap/PaxHeaders.13173/sdap_child_helpers.c0000644000000000000000000000007412320753107023257 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.627874971 sssd-1.11.5/src/providers/ldap/sdap_child_helpers.c0000664002412700241270000003202412320753107023502 0ustar00jhrozekjhrozek00000000000000/* SSSD LDAP Backend Module -- child helpers Authors: Jakub Hrozek Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "util/sss_krb5.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async_private.h" #include "util/child_common.h" #ifndef SSSD_LIBEXEC_PATH #error "SSSD_LIBEXEC_PATH not defined" #else #define LDAP_CHILD SSSD_LIBEXEC_PATH"/ldap_child" #endif #ifndef LDAP_CHILD_USER #define LDAP_CHILD_USER "nobody" #endif struct sdap_child { /* child info */ pid_t pid; int read_from_child_fd; int write_to_child_fd; }; static void sdap_close_fd(int *fd) { int ret; if (*fd == -1) { DEBUG(6, ("fd already closed\n")); return; } ret = close(*fd); if (ret) { ret = errno; DEBUG(2, ("Closing fd %d, return error %d (%s)\n", *fd, ret, strerror(ret))); } *fd = -1; } static int sdap_child_destructor(void *ptr) { struct sdap_child *child = talloc_get_type(ptr, struct sdap_child); child_cleanup(child->read_from_child_fd, child->write_to_child_fd); return 0; } static errno_t sdap_fork_child(struct tevent_context *ev, struct sdap_child *child) { int pipefd_to_child[2]; int pipefd_from_child[2]; pid_t pid; int ret; errno_t err; ret = pipe(pipefd_from_child); if (ret == -1) { err = errno; DEBUG(1, ("pipe failed [%d][%s].\n", err, strerror(err))); return err; } ret = pipe(pipefd_to_child); if (ret == -1) { err = errno; DEBUG(1, ("pipe failed [%d][%s].\n", err, strerror(err))); return err; } pid = fork(); if (pid == 0) { /* child */ err = exec_child(child, pipefd_to_child, pipefd_from_child, LDAP_CHILD, ldap_child_debug_fd); DEBUG(SSSDBG_CRIT_FAILURE, ("Could not exec LDAP child: [%d][%s].\n", err, strerror(err))); return err; } else if (pid > 0) { /* parent */ child->pid = pid; child->read_from_child_fd = pipefd_from_child[0]; close(pipefd_from_child[1]); child->write_to_child_fd = pipefd_to_child[1]; close(pipefd_to_child[0]); fd_nonblocking(child->read_from_child_fd); fd_nonblocking(child->write_to_child_fd); ret = child_handler_setup(ev, pid, NULL, NULL, NULL); if (ret != EOK) { return ret; } } else { /* error */ err = errno; DEBUG(1, ("fork failed [%d][%s].\n", err, strerror(err))); return err; } return EOK; } static errno_t create_tgt_req_send_buffer(TALLOC_CTX *mem_ctx, const char *realm_str, const char *princ_str, const char *keytab_name, int32_t lifetime, struct io_buffer **io_buf) { struct io_buffer *buf; size_t rp; buf = talloc(mem_ctx, struct io_buffer); if (buf == NULL) { DEBUG(1, ("talloc failed.\n")); return ENOMEM; } buf->size = 4 * sizeof(uint32_t); if (realm_str) { buf->size += strlen(realm_str); } if (princ_str) { buf->size += strlen(princ_str); } if (keytab_name) { buf->size += strlen(keytab_name); } DEBUG(SSSDBG_TRACE_FUNC, ("buffer size: %zu\n", buf->size)); buf->data = talloc_size(buf, buf->size); if (buf->data == NULL) { DEBUG(1, ("talloc_size failed.\n")); talloc_free(buf); return ENOMEM; } rp = 0; /* realm */ if (realm_str) { SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(realm_str), &rp); safealign_memcpy(&buf->data[rp], realm_str, strlen(realm_str), &rp); } else { SAFEALIGN_SET_UINT32(&buf->data[rp], 0, &rp); } /* principal */ if (princ_str) { SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(princ_str), &rp); safealign_memcpy(&buf->data[rp], princ_str, strlen(princ_str), &rp); } else { SAFEALIGN_SET_UINT32(&buf->data[rp], 0, &rp); } /* keytab */ if (keytab_name) { SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(keytab_name), &rp); safealign_memcpy(&buf->data[rp], keytab_name, strlen(keytab_name), &rp); } else { SAFEALIGN_SET_UINT32(&buf->data[rp], 0, &rp); } /* lifetime */ SAFEALIGN_SET_UINT32(&buf->data[rp], lifetime, &rp); *io_buf = buf; return EOK; } static int parse_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t size, int *result, krb5_error_code *kerr, char **ccache, time_t *expire_time_out) { size_t p = 0; uint32_t len; uint32_t res; char *ccn; time_t expire_time; krb5_error_code krberr; /* operation result code */ SAFEALIGN_COPY_UINT32_CHECK(&res, buf + p, size, &p); /* krb5 error code */ safealign_memcpy(&krberr, buf+p, sizeof(krberr), &p); /* ccache name size */ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); if ((p + len ) > size) return EINVAL; ccn = talloc_size(mem_ctx, sizeof(char) * (len + 1)); if (ccn == NULL) { DEBUG(1, ("talloc_size failed.\n")); return ENOMEM; } safealign_memcpy(ccn, buf+p, sizeof(char) * len, &p); ccn[len] = '\0'; if (p + sizeof(time_t) > size) { talloc_free(ccn); return EINVAL; } safealign_memcpy(&expire_time, buf+p, sizeof(time_t), &p); *result = res; *ccache = ccn; *expire_time_out = expire_time; *kerr = krberr; return EOK; } /* ==The-public-async-interface============================================*/ struct sdap_get_tgt_state { struct tevent_context *ev; struct sdap_child *child; ssize_t len; uint8_t *buf; }; static errno_t set_tgt_child_timeout(struct tevent_req *req, struct tevent_context *ev, int timeout); static void sdap_get_tgt_step(struct tevent_req *subreq); static void sdap_get_tgt_done(struct tevent_req *subreq); struct tevent_req *sdap_get_tgt_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *realm_str, const char *princ_str, const char *keytab_name, int32_t lifetime, int timeout) { struct tevent_req *req, *subreq; struct sdap_get_tgt_state *state; struct io_buffer *buf; int ret; req = tevent_req_create(mem_ctx, &state, struct sdap_get_tgt_state); if (!req) { return NULL; } state->ev = ev; state->child = talloc_zero(state, struct sdap_child); if (!state->child) { ret = ENOMEM; goto fail; } state->child->read_from_child_fd = -1; state->child->write_to_child_fd = -1; talloc_set_destructor((TALLOC_CTX *)state->child, sdap_child_destructor); /* prepare the data to pass to child */ ret = create_tgt_req_send_buffer(state, realm_str, princ_str, keytab_name, lifetime, &buf); if (ret != EOK) { DEBUG(1, ("create_tgt_req_send_buffer failed.\n")); goto fail; } ret = sdap_fork_child(state->ev, state->child); if (ret != EOK) { DEBUG(1, ("sdap_fork_child failed.\n")); goto fail; } ret = set_tgt_child_timeout(req, ev, timeout); if (ret != EOK) { DEBUG(1, ("activate_child_timeout_handler failed.\n")); goto fail; } subreq = write_pipe_send(state, ev, buf->data, buf->size, state->child->write_to_child_fd); if (!subreq) { ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, sdap_get_tgt_step, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void sdap_get_tgt_step(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_tgt_state *state = tevent_req_data(req, struct sdap_get_tgt_state); int ret; ret = write_pipe_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } sdap_close_fd(&state->child->write_to_child_fd); subreq = read_pipe_send(state, state->ev, state->child->read_from_child_fd); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, sdap_get_tgt_done, req); } static void sdap_get_tgt_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sdap_get_tgt_state *state = tevent_req_data(req, struct sdap_get_tgt_state); int ret; ret = read_pipe_recv(subreq, state, &state->buf, &state->len); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } sdap_close_fd(&state->child->read_from_child_fd); tevent_req_done(req); } int sdap_get_tgt_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, int *result, krb5_error_code *kerr, char **ccname, time_t *expire_time_out) { struct sdap_get_tgt_state *state = tevent_req_data(req, struct sdap_get_tgt_state); char *ccn; time_t expire_time; int res; int ret; krb5_error_code krberr; TEVENT_REQ_RETURN_ON_ERROR(req); ret = parse_child_response(mem_ctx, state->buf, state->len, &res, &krberr, &ccn, &expire_time); if (ret != EOK) { DEBUG(1, ("Cannot parse child response: [%d][%s]\n", ret, strerror(ret))); return ret; } DEBUG(6, ("Child responded: %d [%s], expired on [%ld]\n", res, ccn, (long)expire_time)); *result = res; *kerr = krberr; *ccname = ccn; *expire_time_out = expire_time; return EOK; } static void get_tgt_timeout_handler(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct sdap_get_tgt_state *state = tevent_req_data(req, struct sdap_get_tgt_state); int ret; DEBUG(9, ("timeout for tgt child [%d] reached.\n", state->child->pid)); ret = kill(state->child->pid, SIGKILL); if (ret == -1) { DEBUG(1, ("kill failed [%d][%s].\n", errno, strerror(errno))); } tevent_req_error(req, ETIMEDOUT); } static errno_t set_tgt_child_timeout(struct tevent_req *req, struct tevent_context *ev, int timeout) { struct tevent_timer *te; struct timeval tv; DEBUG(6, ("Setting %d seconds timeout for tgt child\n", timeout)); tv = tevent_timeval_current_ofs(timeout, 0); te = tevent_add_timer(ev, req, tv, get_tgt_timeout_handler, req); if (te == NULL) { DEBUG(1, ("tevent_add_timer failed.\n")); return ENOMEM; } return EOK; } /* Setup child logging */ int sdap_setup_child(void) { int ret; FILE *debug_filep; if (debug_to_file != 0 && ldap_child_debug_fd == -1) { ret = open_debug_file_ex(LDAP_CHILD_LOG_FILE, &debug_filep, false); if (ret != EOK) { DEBUG(0, ("Error setting up logging (%d) [%s]\n", ret, strerror(ret))); return ret; } ldap_child_debug_fd = fileno(debug_filep); if (ldap_child_debug_fd == -1) { DEBUG(0, ("fileno failed [%d][%s]\n", errno, strerror(errno))); ret = errno; return ret; } } return EOK; } sssd-1.11.5/src/providers/PaxHeaders.13173/ad0000644000000000000000000000013212320753521016661 xustar000000000000000030 mtime=1396954961.561875019 30 atime=1396955003.533843848 30 ctime=1396954961.561875019 sssd-1.11.5/src/providers/ad/0000775002412700241270000000000012320753521017165 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_common.c0000644000000000000000000000007312320753107021042 xustar000000000000000030 atime=1396954939.262891434 29 ctime=1396954961.54787503 sssd-1.11.5/src/providers/ad/ad_common.c0000664002412700241270000010271712320753107021275 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "providers/ad/ad_common.h" #include "providers/ad/ad_opts.h" #include "providers/dp_dyndns.h" struct ad_server_data { bool gc; }; errno_t ad_set_search_bases(struct sdap_options *id_opts); static errno_t ad_set_ad_id_options(struct ad_options *ad_opts, struct sdap_options *id_opts); static struct sdap_options * ad_create_default_sdap_options(TALLOC_CTX *mem_ctx) { struct sdap_options *id_opts; errno_t ret; id_opts = talloc_zero(mem_ctx, struct sdap_options); if (!id_opts) { return NULL; } ret = dp_copy_defaults(id_opts, ad_def_ldap_opts, SDAP_OPTS_BASIC, &id_opts->basic); if (ret != EOK) { goto fail; } /* Get sdap option maps */ /* General Attribute Map */ ret = sdap_copy_map(id_opts, ad_2008r2_attr_map, SDAP_AT_GENERAL, &id_opts->gen_map); if (ret != EOK) { goto fail; } /* User map */ ret = sdap_copy_map(id_opts, ad_2008r2_user_map, SDAP_OPTS_USER, &id_opts->user_map); if (ret != EOK) { goto fail; } /* Group map */ ret = sdap_copy_map(id_opts, ad_2008r2_group_map, SDAP_OPTS_GROUP, &id_opts->group_map); if (ret != EOK) { goto fail; } /* Netgroup map */ ret = sdap_copy_map(id_opts, ad_netgroup_map, SDAP_OPTS_NETGROUP, &id_opts->netgroup_map); if (ret != EOK) { goto fail; } /* Services map */ ret = sdap_copy_map(id_opts, ad_service_map, SDAP_OPTS_SERVICES, &id_opts->service_map); if (ret != EOK) { goto fail; } return id_opts; fail: talloc_free(id_opts); return NULL; } struct ad_options * ad_create_default_options(TALLOC_CTX *mem_ctx, const char *realm, const char *hostname) { struct ad_options *ad_options; errno_t ret; ad_options = talloc_zero(mem_ctx, struct ad_options); if (ad_options == NULL) return NULL; ret = dp_copy_defaults(ad_options, ad_basic_opts, AD_OPTS_BASIC, &ad_options->basic); if (ret != EOK) { talloc_free(ad_options); return NULL; } ad_options->id = ad_create_default_sdap_options(ad_options); if (ad_options->id == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize AD LDAP options\n")); talloc_free(ad_options); return NULL; } ret = dp_opt_set_string(ad_options->basic, AD_KRB5_REALM, realm); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set AD domain\n")); talloc_free(ad_options); return NULL; } ret = dp_opt_set_string(ad_options->basic, AD_HOSTNAME, hostname); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set AD domain\n")); talloc_free(ad_options); return NULL; } ret = ad_set_ad_id_options(ad_options, ad_options->id); if (ret != EOK) { talloc_free(ad_options); return NULL; } return ad_options; } static errno_t ad_create_sdap_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options **_id_opts) { struct sdap_options *id_opts; errno_t ret; id_opts = talloc_zero(mem_ctx, struct sdap_options); if (!id_opts) { ret = ENOMEM; goto done; } ret = dp_get_options(id_opts, cdb, conf_path, ad_def_ldap_opts, SDAP_OPTS_BASIC, &id_opts->basic); if (ret != EOK) { goto done; } /* Get sdap option maps */ /* General Attribute Map */ ret = sdap_get_map(id_opts, cdb, conf_path, ad_2008r2_attr_map, SDAP_AT_GENERAL, &id_opts->gen_map); if (ret != EOK) { goto done; } /* User map */ ret = sdap_get_map(id_opts, cdb, conf_path, ad_2008r2_user_map, SDAP_OPTS_USER, &id_opts->user_map); if (ret != EOK) { goto done; } /* Group map */ ret = sdap_get_map(id_opts, cdb, conf_path, ad_2008r2_group_map, SDAP_OPTS_GROUP, &id_opts->group_map); if (ret != EOK) { goto done; } /* Netgroup map */ ret = sdap_get_map(id_opts, cdb, conf_path, ad_netgroup_map, SDAP_OPTS_NETGROUP, &id_opts->netgroup_map); if (ret != EOK) { goto done; } /* Services map */ ret = sdap_get_map(id_opts, cdb, conf_path, ad_service_map, SDAP_OPTS_SERVICES, &id_opts->service_map); if (ret != EOK) { goto done; } ret = EOK; *_id_opts = id_opts; done: return ret; } errno_t ad_get_common_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, struct sss_domain_info *dom, struct ad_options **_opts) { errno_t ret; int gret; struct ad_options *opts = NULL; char *domain; char *server; char *realm; char *ad_hostname; char hostname[HOST_NAME_MAX + 1]; opts = talloc_zero(mem_ctx, struct ad_options); if (!opts) return ENOMEM; ret = dp_get_options(opts, cdb, conf_path, ad_basic_opts, AD_OPTS_BASIC, &opts->basic); if (ret != EOK) { goto done; } /* If the AD domain name wasn't explicitly set, assume that it * matches the SSSD domain name */ domain = dp_opt_get_string(opts->basic, AD_DOMAIN); if (!domain) { ret = dp_opt_set_string(opts->basic, AD_DOMAIN, dom->name); if (ret != EOK) { goto done; } domain = dom->name; } /* Did we get an explicit server name, or are we discovering it? */ server = dp_opt_get_string(opts->basic, AD_SERVER); if (!server) { DEBUG(SSSDBG_CONF_SETTINGS, ("No AD server set, will use service discovery!\n")); } /* Set the machine's hostname to the local host name if it * wasn't explicitly specified. */ ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME); if (ad_hostname == NULL) { gret = gethostname(hostname, HOST_NAME_MAX); if (gret != 0) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, ("gethostname failed [%s].\n", strerror(ret))); goto done; } hostname[HOST_NAME_MAX] = '\0'; DEBUG(SSSDBG_CONF_SETTINGS, ("Setting ad_hostname to [%s].\n", hostname)); ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Setting ad_hostname failed [%s].\n", strerror(ret))); goto done; } } /* Always use the upper-case AD domain for the kerberos realm */ realm = get_uppercase_realm(opts, domain); if (!realm) { ret = ENOMEM; goto done; } ret = dp_opt_set_string(opts->basic, AD_KRB5_REALM, realm); if (ret != EOK) { goto done; } /* Active Directory is always case-insensitive */ dom->case_sensitive = false; /* Set this in the confdb so that the responders pick it * up when they start up. */ ret = confdb_set_bool(cdb, conf_path, "case_sensitive", dom->case_sensitive); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not set domain case-sensitive: [%s]\n", strerror(ret))); goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Setting domain case-insensitive\n")); ret = EOK; *_opts = opts; done: if (ret != EOK) { talloc_zfree(opts); } return ret; } static void ad_resolve_callback(void *private_data, struct fo_server *server); static errno_t _ad_servers_init(TALLOC_CTX *mem_ctx, struct ad_service *service, struct be_ctx *bectx, const char *fo_service, const char *fo_gc_service, const char *servers, const char *ad_domain, bool primary) { size_t i; errno_t ret = 0; char **list; struct ad_server_data *sdata; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; /* Split the server list */ ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n")); goto done; } /* Add each of these servers to the failover service */ for (i = 0; list[i]; i++) { if (be_fo_is_srv_identifier(list[i])) { if (!primary) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add server [%s] to failover service: " "SRV resolution only allowed for primary servers!\n", list[i])); continue; } sdata = talloc(service, struct ad_server_data); if (sdata == NULL) { ret = ENOMEM; goto done; } sdata->gc = true; ret = be_fo_add_srv_server(bectx, fo_gc_service, "gc", ad_domain, BE_FO_PROTO_TCP, false, sdata); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add service discovery to failover: [%s]", strerror(ret))); goto done; } sdata = talloc(service, struct ad_server_data); if (sdata == NULL) { ret = ENOMEM; goto done; } sdata->gc = false; ret = be_fo_add_srv_server(bectx, fo_service, "ldap", ad_domain, BE_FO_PROTO_TCP, false, sdata); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add service discovery to failover: [%s]", strerror(ret))); goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Added service discovery for AD\n")); continue; } /* It could be ipv6 address in square brackets. Remove * the brackets if needed. */ ret = remove_ipv6_brackets(list[i]); if (ret != EOK) { goto done; } sdata = talloc(service, struct ad_server_data); if (sdata == NULL) { ret = ENOMEM; goto done; } sdata->gc = true; ret = be_fo_add_server(bectx, fo_gc_service, list[i], 0, sdata, primary); if (ret && ret != EEXIST) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); goto done; } sdata = talloc(service, struct ad_server_data); if (sdata == NULL) { ret = ENOMEM; goto done; } sdata->gc = false; ret = be_fo_add_server(bectx, fo_service, list[i], 0, sdata, primary); if (ret && ret != EEXIST) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Added failover server %s\n", list[i])); } done: talloc_free(tmp_ctx); return ret; } static inline errno_t ad_primary_servers_init(TALLOC_CTX *mem_ctx, struct ad_service *service, struct be_ctx *bectx, const char *servers, const char *fo_service, const char *fo_gc_service, const char *ad_domain) { return _ad_servers_init(mem_ctx, service, bectx, fo_service, fo_gc_service, servers, ad_domain, true); } static inline errno_t ad_backup_servers_init(TALLOC_CTX *mem_ctx, struct ad_service *service, struct be_ctx *bectx, const char *servers, const char *fo_service, const char *fo_gc_service, const char *ad_domain) { return _ad_servers_init(mem_ctx, service, bectx, fo_service, fo_gc_service, servers, ad_domain, false); } static int ad_user_data_cmp(void *ud1, void *ud2) { struct ad_server_data *sd1, *sd2; sd1 = talloc_get_type(ud1, struct ad_server_data); sd2 = talloc_get_type(ud2, struct ad_server_data); if (sd1 == NULL || sd2 == NULL) { DEBUG(SSSDBG_TRACE_FUNC, ("No user data\n")); return sd1 == sd2 ? 0 : 1; } DEBUG(SSSDBG_TRACE_LIBS, ("Comparing %s with %s\n", sd1->gc ? "GC" : "LDAP", sd2->gc ? "GC" : "LDAP")); if (sd1->gc == sd2->gc) { return 0; } return 1; } static void ad_online_cb(void *pvt) { struct ad_service *service = talloc_get_type(pvt, struct ad_service); if (service == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid private pointer\n")); return; } DEBUG(SSSDBG_TRACE_FUNC, ("The AD provider is online\n")); } errno_t ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx, const char *primary_servers, const char *backup_servers, const char *krb5_realm, const char *ad_service, const char *ad_gc_service, const char *ad_domain, struct ad_service **_service) { errno_t ret; TALLOC_CTX *tmp_ctx; struct ad_service *service; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) return ENOMEM; service = talloc_zero(tmp_ctx, struct ad_service); if (!service) { ret = ENOMEM; goto done; } service->sdap = talloc_zero(service, struct sdap_service); service->gc = talloc_zero(service, struct sdap_service); if (!service->sdap || !service->gc) { ret = ENOMEM; goto done; } service->sdap->name = talloc_strdup(service->sdap, ad_service); service->gc->name = talloc_strdup(service->gc, ad_gc_service); if (!service->sdap->name || !service->gc->name) { ret = ENOMEM; goto done; } service->krb5_service = talloc_zero(service, struct krb5_service); if (!service->krb5_service) { ret = ENOMEM; goto done; } ret = be_fo_add_service(bectx, ad_service, ad_user_data_cmp); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create failover service!\n")); goto done; } ret = be_fo_add_service(bectx, ad_gc_service, ad_user_data_cmp); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create GC failover service!\n")); goto done; } service->krb5_service->name = talloc_strdup(service->krb5_service, ad_service); if (!service->krb5_service->name) { ret = ENOMEM; goto done; } service->sdap->kinit_service_name = service->krb5_service->name; service->gc->kinit_service_name = service->krb5_service->name; if (!krb5_realm) { DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm set\n")); ret = EINVAL; goto done; } service->krb5_service->realm = talloc_strdup(service->krb5_service, krb5_realm); if (!service->krb5_service->realm) { ret = ENOMEM; goto done; } if (!primary_servers) { DEBUG(SSSDBG_CONF_SETTINGS, ("No primary servers defined, using service discovery\n")); primary_servers = BE_SRV_IDENTIFIER; } ret = ad_primary_servers_init(mem_ctx, service, bectx, primary_servers, ad_service, ad_gc_service, ad_domain); if (ret != EOK) { goto done; } if (backup_servers) { ret = ad_backup_servers_init(mem_ctx, service, bectx, backup_servers, ad_service, ad_gc_service, ad_domain); if (ret != EOK) { goto done; } } ret = be_add_online_cb(bectx, bectx, ad_online_cb, service, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not set up AD online callback\n")); return ret; } ret = be_fo_service_add_callback(mem_ctx, bectx, ad_service, ad_resolve_callback, service); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add failover callback! [%s]\n", strerror(ret))); goto done; } ret = be_fo_service_add_callback(mem_ctx, bectx, ad_gc_service, ad_resolve_callback, service); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add failover callback! [%s]\n", strerror(ret))); goto done; } *_service = talloc_steal(mem_ctx, service); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static void ad_resolve_callback(void *private_data, struct fo_server *server) { errno_t ret; TALLOC_CTX *tmp_ctx; struct ad_service *service; struct resolv_hostent *srvaddr; struct sockaddr_storage *sockaddr; char *address; const char *safe_address; char *new_uri; int new_port; const char *srv_name; struct ad_server_data *sdata = NULL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); return; } sdata = fo_get_server_user_data(server); if (fo_is_srv_lookup(server) == false && sdata == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No user data?\n")); return; } service = talloc_get_type(private_data, struct ad_service); if (!service) { ret = EINVAL; goto done; } srvaddr = fo_get_server_hostent(server); if (!srvaddr) { DEBUG(SSSDBG_CRIT_FAILURE, ("No hostent available for server (%s)\n", fo_get_server_str_name(server))); ret = EINVAL; goto done; } address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("resolv_get_string_address failed.\n")); ret = EIO; goto done; } srv_name = fo_get_server_name(server); if (srv_name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not get server host name\n")); ret = EINVAL; goto done; } new_uri = talloc_asprintf(service->sdap, "ldap://%s", srv_name); if (!new_uri) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to copy URI\n")); ret = ENOMEM; goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Constructed uri '%s'\n", new_uri)); sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT); if (sockaddr == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("resolv_get_sockaddr_address failed.\n")); ret = EIO; goto done; } /* free old one and replace with new one */ talloc_zfree(service->sdap->uri); service->sdap->uri = new_uri; talloc_zfree(service->sdap->sockaddr); service->sdap->sockaddr = talloc_steal(service->sdap, sockaddr); talloc_zfree(service->gc->uri); talloc_zfree(service->gc->sockaddr); if (sdata && sdata->gc) { new_port = fo_get_server_port(server); new_port = (new_port == 0) ? AD_GC_PORT : new_port; service->gc->uri = talloc_asprintf(service->gc, "%s:%d", new_uri, new_port); service->gc->sockaddr = resolv_get_sockaddr_address(service->gc, srvaddr, new_port); } else { /* Make sure there always is an URI even if we know that this * server doesn't support GC. That way the lookup would go through * just not return anything */ service->gc->uri = talloc_strdup(service->gc, service->sdap->uri); service->gc->sockaddr = talloc_memdup(service->gc, service->sdap->sockaddr, sizeof(struct sockaddr_storage)); } if (!service->gc->uri) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to append to URI\n")); ret = ENOMEM; goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Constructed GC uri '%s'\n", service->gc->uri)); if (service->gc->sockaddr == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("resolv_get_sockaddr_address failed.\n")); ret = EIO; goto done; } /* Only write kdcinfo files for local servers */ if ((sdata == NULL || sdata->gc == false) && service->krb5_service->write_kdcinfo) { /* Write krb5 info files */ safe_address = sss_escape_ip_address(tmp_ctx, srvaddr->family, address); if (safe_address == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_escape_ip_address failed.\n")); ret = ENOMEM; goto done; } ret = write_krb5info_file(service->krb5_service->realm, safe_address, SSS_KRB5KDC_FO_SRV); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("write_krb5info_file failed, authentication might fail.\n")); } } ret = EOK; done: if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error: [%s]\n", strerror(ret))); } talloc_free(tmp_ctx); return; } static errno_t ad_set_ad_id_options(struct ad_options *ad_opts, struct sdap_options *id_opts) { errno_t ret; char *krb5_realm; char *keytab_path; /* We only support Kerberos password policy with AD, so * force that on. */ ret = dp_opt_set_string(id_opts->basic, SDAP_PWD_POLICY, PWD_POL_OPT_MIT); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not set password policy\n")); goto done; } /* Set the Kerberos Realm for GSSAPI */ krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); if (!krb5_realm) { /* Should be impossible, this is set in ad_get_common_options() */ DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n")); ret = EINVAL; goto done; } ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm); if (ret != EOK) goto done; DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", id_opts->basic[SDAP_KRB5_REALM].opt_name, krb5_realm)); keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB); if (keytab_path) { ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_KEYTAB, keytab_path); if (ret != EOK) goto done; DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", id_opts->basic[SDAP_KRB5_KEYTAB].opt_name, keytab_path)); } ret = sdap_set_sasl_options(id_opts, dp_opt_get_string(ad_opts->basic, AD_HOSTNAME), dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM), keytab_path); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the SASL-related options\n")); goto done; } /* fix schema to AD */ id_opts->schema_type = SDAP_SCHEMA_AD; ad_opts->id = id_opts; ret = EOK; done: return ret; } errno_t ad_get_id_options(struct ad_options *ad_opts, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options **_opts) { struct sdap_options *id_opts; errno_t ret; ret = ad_create_sdap_options(ad_opts, cdb, conf_path, &id_opts); if (ret != EOK) { return ENOMEM; } ret = ad_set_ad_id_options(ad_opts, id_opts); if (ret != EOK) { talloc_free(id_opts); return ret; } ret = sdap_domain_add(id_opts, ad_opts->id_ctx->sdap_id_ctx->be->domain, NULL); if (ret != EOK) { talloc_free(id_opts); return ret; } /* Set up search bases if they were assigned explicitly */ ret = ad_set_search_bases(id_opts); if (ret != EOK) { talloc_free(id_opts); return ret; } *_opts = id_opts; return EOK; } errno_t ad_set_search_bases(struct sdap_options *id_opts) { errno_t ret; char *default_search_base; size_t o; const int search_base_options[] = { SDAP_USER_SEARCH_BASE, SDAP_GROUP_SEARCH_BASE, SDAP_NETGROUP_SEARCH_BASE, SDAP_SERVICE_SEARCH_BASE, -1 }; /* AD servers provide defaultNamingContext, so we will * rely on that to specify the search base unless it has * been specifically overridden. */ default_search_base = dp_opt_get_string(id_opts->basic, SDAP_SEARCH_BASE); if (default_search_base) { /* set search bases if they are not */ for (o = 0; search_base_options[o] != -1; o++) { if (NULL == dp_opt_get_string(id_opts->basic, search_base_options[o])) { ret = dp_opt_set_string(id_opts->basic, search_base_options[o], default_search_base); if (ret != EOK) { goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", id_opts->basic[search_base_options[o]].opt_name, dp_opt_get_string(id_opts->basic, search_base_options[o]))); } } } else { DEBUG(SSSDBG_CONF_SETTINGS, ("Search base not set. SSSD will attempt to discover it later, " "when connecting to the LDAP server.\n")); } /* Default search */ ret = sdap_parse_search_base(id_opts, id_opts->basic, SDAP_SEARCH_BASE, &id_opts->sdom->search_bases); if (ret != EOK && ret != ENOENT) goto done; /* User search */ ret = sdap_parse_search_base(id_opts, id_opts->basic, SDAP_USER_SEARCH_BASE, &id_opts->sdom->user_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Group search base */ ret = sdap_parse_search_base(id_opts, id_opts->basic, SDAP_GROUP_SEARCH_BASE, &id_opts->sdom->group_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Netgroup search */ ret = sdap_parse_search_base(id_opts, id_opts->basic, SDAP_NETGROUP_SEARCH_BASE, &id_opts->sdom->netgroup_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Service search */ ret = sdap_parse_search_base(id_opts, id_opts->basic, SDAP_SERVICE_SEARCH_BASE, &id_opts->sdom->service_search_bases); if (ret != EOK && ret != ENOENT) goto done; ret = EOK; done: return ret; } errno_t ad_get_auth_options(TALLOC_CTX *mem_ctx, struct ad_options *ad_opts, struct be_ctx *bectx, struct dp_option **_opts) { errno_t ret; struct dp_option *krb5_options; const char *ad_servers; const char *krb5_realm; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; /* Get krb5 options */ ret = dp_get_options(tmp_ctx, bectx->cdb, bectx->conf_path, ad_def_krb5_opts, KRB5_OPTS, &krb5_options); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not read Kerberos options from the configuration\n")); goto done; } ad_servers = dp_opt_get_string(ad_opts->basic, AD_SERVER); /* Force the krb5_servers to match the ad_servers */ ret = dp_opt_set_string(krb5_options, KRB5_KDC, ad_servers); if (ret != EOK) goto done; DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", krb5_options[KRB5_KDC].opt_name, ad_servers)); /* Set krb5 realm */ /* Set the Kerberos Realm for GSSAPI */ krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM); if (!krb5_realm) { /* Should be impossible, this is set in ad_get_common_options() */ DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n")); ret = EINVAL; goto done; } /* Force the kerberos realm to match the AD_KRB5_REALM (which may have * been upper-cased in ad_common_options() */ ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm); if (ret != EOK) goto done; DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", krb5_options[KRB5_REALM].opt_name, krb5_realm)); /* Set flag that controls whether we want to write the * kdcinfo files at all */ ad_opts->service->krb5_service->write_kdcinfo = \ dp_opt_get_bool(krb5_options, KRB5_USE_KDCINFO); DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", krb5_options[KRB5_USE_KDCINFO].opt_name, ad_opts->service->krb5_service->write_kdcinfo ? "true" : "false")); *_opts = talloc_steal(mem_ctx, krb5_options); ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t ad_get_dyndns_options(struct be_ctx *be_ctx, struct ad_options *ad_opts) { errno_t ret; ret = be_nsupdate_init(ad_opts, be_ctx, ad_dyndns_opts, &ad_opts->dyndns_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize AD dyndns opts [%d]: %s\n", ret, sss_strerror(ret))); return ret; } return EOK; } struct ad_id_ctx * ad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx) { struct sdap_id_ctx *sdap_ctx; struct ad_id_ctx *ad_ctx; ad_ctx = talloc_zero(ad_opts, struct ad_id_ctx); if (ad_ctx == NULL) { return NULL; } ad_ctx->ad_options = ad_opts; sdap_ctx = sdap_id_ctx_new(ad_ctx, bectx, ad_opts->service->sdap); if (sdap_ctx == NULL) { talloc_free(ad_ctx); return NULL; } ad_ctx->sdap_id_ctx = sdap_ctx; ad_ctx->ldap_ctx = sdap_ctx->conn; ad_ctx->gc_ctx = sdap_id_ctx_conn_add(sdap_ctx, ad_opts->service->gc); if (ad_ctx->gc_ctx == NULL) { talloc_free(ad_ctx); return NULL; } return ad_ctx; } struct sdap_id_conn_ctx * ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom) { struct sdap_id_conn_ctx *conn; struct sdap_domain *sdom; struct ad_id_ctx *subdom_id_ctx; if (IS_SUBDOMAIN(dom)) { sdom = sdap_domain_get(ad_ctx->sdap_id_ctx->opts, dom); if (sdom == NULL || sdom->pvt == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No ID ctx available for [%s].\n", dom->name)); return NULL; } subdom_id_ctx = talloc_get_type(sdom->pvt, struct ad_id_ctx); conn = subdom_id_ctx->ldap_ctx; } else { conn = ad_ctx->ldap_ctx; } return conn; } struct sdap_id_conn_ctx ** ad_gc_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom) { struct sdap_id_conn_ctx **clist; int cindex = 0; clist = talloc_zero_array(mem_ctx, struct sdap_id_conn_ctx *, 3); if (clist == NULL) return NULL; /* Always try GC first */ if (dp_opt_get_bool(ad_ctx->ad_options->basic, AD_ENABLE_GC)) { clist[cindex] = ad_ctx->gc_ctx; clist[cindex]->ignore_mark_offline = true; cindex++; } clist[cindex] = ad_get_dom_ldap_conn(ad_ctx, dom); return clist; } sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_opts.h0000644000000000000000000000007412320753107020545 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.553875025 sssd-1.11.5/src/providers/ad/ad_opts.h0000664002412700241270000003521412320753107020774 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef AD_OPTS_H_ #define AD_OPTS_H_ #include "src/providers/data_provider.h" #include "db/sysdb_services.h" #include "db/sysdb_autofs.h" struct dp_option ad_basic_opts[] = { { "ad_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ad_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ad_enable_dns_sites", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ad_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ad_enable_gc", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, DP_OPTION_TERMINATOR }; struct dp_option ad_def_ldap_opts[] = { { "ldap_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_backup_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_authtok_type", DP_OPT_STRING, { "password" }, NULL_STRING}, { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB }, { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING }, { "ldap_user_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_user_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING }, { "ldap_user_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_group_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_group_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING }, { "ldap_group_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_service_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_full_refresh_interval", DP_OPT_NUMBER, { .number = 21600 }, NULL_NUMBER }, /* 360 mins */ { "ldap_sudo_smart_refresh_interval", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, /* 15 mins */ { "ldap_sudo_use_host_filter", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_sudo_hostnames", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_ip", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_include_netgroups", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_sudo_include_regexp", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_autofs_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_schema", DP_OPT_STRING, { "ad" }, NULL_STRING }, { "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 10800 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_key", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cipher_suite", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_id_use_start_tls", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_id_mapping", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_sasl_mech", DP_OPT_STRING, { "gssapi" }, NULL_STRING }, { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER }, { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, /* use the same parm name as the krb5 module so we set it only once */ { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_use_kdcinfo", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_pwd_policy", DP_OPT_STRING, { "none" }, NULL_STRING }, { "ldap_referrals", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, { "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING }, { "ldap_krb5_ticket_lifetime", DP_OPT_NUMBER, { .number = (24 * 60 * 60) }, NULL_NUMBER }, { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_netgroup_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_group_nesting_level", DP_OPT_NUMBER, { .number = 2 }, NULL_NUMBER }, { "ldap_deref", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_account_expire_policy", DP_OPT_STRING, { "ad" }, NULL_STRING }, { "ldap_access_order", DP_OPT_STRING, { "filter" }, NULL_STRING }, { "ldap_chpass_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_backup_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_update_last_change", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, /* Do not include ldap_auth_disable_tls_never_use_in_production in the * manpages or SSSDConfig API */ { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_page_size", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }, { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }, { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER }, { "ldap_idmap_range_size", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, { "ldap_idmap_autorid_compat", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_idmap_default_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_idmap_default_domain_sid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_groups_use_matching_rule_in_chain", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_initgroups_use_matching_rule_in_chain", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_rfc2307_fallback_to_local_users", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_disable_range_retrieval", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_min_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER}, { "ldap_max_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER}, DP_OPTION_TERMINATOR }; struct dp_option ad_def_krb5_opts[] = { { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_ccachedir", DP_OPT_STRING, { DEFAULT_CCACHE_DIR }, NULL_STRING }, { "krb5_ccname_template", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "krb5_auth_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "krb5_keytab", DP_OPT_STRING, { "/etc/krb5.keytab" }, NULL_STRING }, { "krb5_validate", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "krb5_kpasswd", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_backup_kpasswd", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_store_password_if_offline", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_renewable_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_renew_interval", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_use_fast", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_use_enterprise_principal", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "krb5_use_kdcinfo", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, DP_OPTION_TERMINATOR }; struct sdap_attr_map ad_2008r2_attr_map[] = { { "ldap_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL }, { "ldap_rootdse_last_usn", SDAP_AD_LAST_USN, SYSDB_HIGH_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ad_2008r2_user_map[] = { { "ldap_user_object_class", "user", SYSDB_USER_CLASS, NULL }, { "ldap_user_name", "sAMAccountName", SYSDB_NAME, NULL }, { "ldap_user_pwd", "unixUserPassword", SYSDB_PWD, NULL }, { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL }, { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL }, { "ldap_user_home_directory", "unixHomeDirectory", SYSDB_HOMEDIR, NULL }, { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL }, { "ldap_user_principal", "userPrincipalName", SYSDB_UPN, NULL }, { "ldap_user_fullname", "name", SYSDB_FULLNAME, NULL }, { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL }, { "ldap_user_uuid", "objectGUID", SYSDB_UUID, NULL }, { "ldap_user_objectsid", "objectSID", SYSDB_SID, NULL }, { "ldap_user_primary_group", "primaryGroupID", SYSDB_PRIMARY_GROUP, NULL }, { "ldap_user_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_user_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL }, { "ldap_user_shadow_last_change", NULL, SYSDB_SHADOWPW_LASTCHANGE, NULL }, { "ldap_user_shadow_min", NULL, SYSDB_SHADOWPW_MIN, NULL }, { "ldap_user_shadow_max", NULL, SYSDB_SHADOWPW_MAX, NULL }, { "ldap_user_shadow_warning", NULL, SYSDB_SHADOWPW_WARNING, NULL }, { "ldap_user_shadow_inactive", NULL, SYSDB_SHADOWPW_INACTIVE, NULL }, { "ldap_user_shadow_expire", NULL, SYSDB_SHADOWPW_EXPIRE, NULL }, { "ldap_user_shadow_flag", NULL, SYSDB_SHADOWPW_FLAG, NULL }, { "ldap_user_krb_last_pwd_change", NULL, SYSDB_KRBPW_LASTCHANGE, NULL }, { "ldap_user_krb_password_expiration", NULL, SYSDB_KRBPW_EXPIRATION, NULL }, { "ldap_pwd_attribute", NULL, SYSDB_PWD_ATTRIBUTE, NULL }, { "ldap_user_authorized_service", NULL, SYSDB_AUTHORIZED_SERVICE, NULL }, { "ldap_user_ad_account_expires", "accountExpires", SYSDB_AD_ACCOUNT_EXPIRES, NULL}, { "ldap_user_ad_user_account_control", "userAccountControl", SYSDB_AD_USER_ACCOUNT_CONTROL, NULL}, { "ldap_ns_account_lock", NULL, SYSDB_NS_ACCOUNT_LOCK, NULL}, { "ldap_user_authorized_host", NULL, SYSDB_AUTHORIZED_HOST, NULL }, { "ldap_user_nds_login_disabled", NULL, SYSDB_NDS_LOGIN_DISABLED, NULL }, { "ldap_user_nds_login_expiration_time", NULL, SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL }, { "ldap_user_nds_login_allowed_time_map", NULL, SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ad_2008r2_group_map[] = { { "ldap_group_object_class", "group", SYSDB_GROUP_CLASS, NULL }, { "ldap_group_name", "name", SYSDB_NAME, NULL }, { "ldap_group_pwd", NULL, SYSDB_PWD, NULL }, { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_group_member", "member", SYSDB_MEMBER, NULL }, { "ldap_group_uuid", "objectGUID", SYSDB_UUID, NULL }, { "ldap_group_objectsid", "objectSID", SYSDB_SID, NULL }, { "ldap_group_modify_timestamp", "whenChanged", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_group_entry_usn", SDAP_AD_USN, SYSDB_USN, NULL }, { "ldap_group_type", "groupType", SYSDB_GROUP_TYPE, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ad_netgroup_map[] = { { "ldap_netgroup_object_class", "nisNetgroup", SYSDB_NETGROUP_CLASS, NULL }, { "ldap_netgroup_name", "cn", SYSDB_NAME, NULL }, { "ldap_netgroup_member", "memberNisNetgroup", SYSDB_ORIG_NETGROUP_MEMBER, NULL }, { "ldap_netgroup_triple", "nisNetgroupTriple", SYSDB_NETGROUP_TRIPLE, NULL }, /* FIXME: this is 389ds specific */ { "ldap_netgroup_uuid", "nsUniqueId", SYSDB_UUID, NULL }, { "ldap_netgroup_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ad_service_map[] = { { "ldap_service_object_class", "ipService", SYSDB_SVC_CLASS, NULL }, { "ldap_service_name", "cn", SYSDB_NAME, NULL }, { "ldap_service_port", "ipServicePort", SYSDB_SVC_PORT, NULL }, { "ldap_service_proto", "ipServiceProtocol", SYSDB_SVC_PROTO, NULL }, { "ldap_service_entry_usn", NULL, SYSDB_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ad_autofs_mobject_map[] = { { "ldap_autofs_map_object_class", "nisMap", SYSDB_AUTOFS_MAP_OC, NULL }, { "ldap_autofs_map_name", "nisMapName", SYSDB_AUTOFS_MAP_NAME, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ad_autofs_entry_map[] = { { "ldap_autofs_entry_object_class", "nisObject", SYSDB_AUTOFS_ENTRY_OC, NULL }, { "ldap_autofs_entry_key", "cn", SYSDB_AUTOFS_ENTRY_KEY, NULL }, { "ldap_autofs_entry_value", "nisMapEntry", SYSDB_AUTOFS_ENTRY_VALUE, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct dp_option ad_dyndns_opts[] = { { "dyndns_update", DP_OPT_BOOL, BOOL_TRUE, BOOL_FALSE }, { "dyndns_refresh_interval", DP_OPT_NUMBER, { .number = 86400 }, NULL_NUMBER }, { "dyndns_iface", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "dyndns_ttl", DP_OPT_NUMBER, { .number = 3600 }, NULL_NUMBER }, { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING }, DP_OPTION_TERMINATOR }; #endif /* AD_OPTS_H_ */ sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_subdomains.c0000644000000000000000000000007412320753107021717 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.555875024 sssd-1.11.5/src/providers/ad/ad_subdomains.c0000664002412700241270000010710612320753107022146 0ustar00jhrozekjhrozek00000000000000/* SSSD AD Subdomains Module Authors: Sumit Bose Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/ldap/sdap_async.h" #include "providers/ad/ad_subdomains.h" #include "providers/ad/ad_domain_info.h" #include "providers/ad/ad_srv.h" #include "providers/ldap/sdap_idmap.h" #include "util/util_sss_idmap.h" #include #include #include #define AD_AT_OBJECT_SID "objectSID" #define AD_AT_DNS_DOMAIN "DnsDomain" #define AD_AT_NT_VERSION "NtVer" #define AD_AT_NETLOGON "netlogon" /* Attributes of AD trusted domains */ #define AD_AT_FLATNAME "flatName" #define AD_AT_SID "securityIdentifier" #define AD_AT_TRUST_TYPE "trustType" #define AD_AT_TRUST_PARTNER "trustPartner" #define AD_AT_TRUST_ATTRS "trustAttributes" #define MASTER_DOMAIN_SID_FILTER "objectclass=domain" /* trustType=2 denotes uplevel (NT5 and later) trusted domains. See * http://msdn.microsoft.com/en-us/library/windows/desktop/ms680342%28v=vs.85%29.aspx * for example. * * The absence of msDS-TrustForestTrustInfo attribute denotes a domain from * the same forest. See http://msdn.microsoft.com/en-us/library/cc223786.aspx * for more information. */ #define SLAVE_DOMAIN_FILTER_BASE "(objectclass=trustedDomain)(trustType=2)(!(msDS-TrustForestTrustInfo=*))" #define SLAVE_DOMAIN_FILTER "(&"SLAVE_DOMAIN_FILTER_BASE")" #define FOREST_ROOT_FILTER_FMT "(&"SLAVE_DOMAIN_FILTER_BASE"(cn=%s))" /* do not refresh more often than every 5 seconds for now */ #define AD_SUBDOMAIN_REFRESH_LIMIT 5 struct ad_subdomains_ctx { struct be_ctx *be_ctx; struct sdap_id_ctx *sdap_id_ctx; struct sdap_domain *sdom; struct sdap_id_conn_ctx *ldap_ctx; struct sss_idmap_ctx *idmap_ctx; char *domain_name; time_t last_refreshed; struct tevent_timer *timer_event; struct ad_id_ctx *ad_id_ctx; }; struct ad_subdomains_req_ctx { struct be_req *be_req; struct ad_subdomains_ctx *sd_ctx; struct sdap_id_op *sdap_op; char *current_filter; size_t base_iter; struct ad_id_ctx *root_id_ctx; struct sdap_id_op *root_op; size_t root_base_iter; struct sysdb_attrs *root_domain; size_t reply_count; struct sysdb_attrs **reply; char *master_sid; char *flat_name; char *forest; }; static errno_t ad_subdom_ad_ctx_new(struct be_ctx *be_ctx, struct ad_id_ctx *id_ctx, struct sss_domain_info *subdom, struct ad_id_ctx **_subdom_id_ctx) { struct ad_options *ad_options; struct ad_id_ctx *ad_id_ctx; const char *gc_service_name; struct ad_srv_plugin_ctx *srv_ctx; char *ad_domain; struct sdap_domain *sdom; errno_t ret; const char *realm; const char *hostname; realm = dp_opt_get_cstring(id_ctx->ad_options->basic, AD_KRB5_REALM); hostname = dp_opt_get_cstring(id_ctx->ad_options->basic, AD_HOSTNAME); if (realm == NULL || hostname == NULL) { DEBUG(SSSDBG_CONF_SETTINGS, ("Missing realm or hostname.\n")); return EINVAL; } ad_options = ad_create_default_options(id_ctx, realm, hostname); if (ad_options == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize AD options\n")); talloc_free(ad_options); return ENOMEM; } ad_domain = subdom->name; ret = dp_opt_set_string(ad_options->basic, AD_DOMAIN, ad_domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set AD domain\n")); talloc_free(ad_options); return ret; } gc_service_name = talloc_asprintf(ad_options, "%s%s", "gc_", subdom->name); if (gc_service_name == NULL) { talloc_free(ad_options); return ENOMEM; } ret = ad_failover_init(ad_options, be_ctx, NULL, NULL, realm, subdom->name, gc_service_name, subdom->name, &ad_options->service); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize AD failover\n")); talloc_free(ad_options); return ret; } ad_id_ctx = ad_id_ctx_init(ad_options, be_ctx); if (ad_id_ctx == NULL) { talloc_free(ad_options); return ENOMEM; } ad_id_ctx->sdap_id_ctx->opts = ad_options->id; ad_options->id_ctx = ad_id_ctx; /* use AD plugin */ srv_ctx = ad_srv_plugin_ctx_init(be_ctx, be_ctx->be_res, default_host_dbs, ad_id_ctx->ad_options->id, hostname, ad_domain); if (srv_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); return ENOMEM; } be_fo_set_srv_lookup_plugin(be_ctx, ad_srv_plugin_send, ad_srv_plugin_recv, srv_ctx, "AD"); ret = sdap_domain_subdom_add(ad_id_ctx->sdap_id_ctx, ad_id_ctx->sdap_id_ctx->opts->sdom, subdom->parent); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize sdap domain\n")); talloc_free(ad_options); return ret; } sdom = sdap_domain_get(ad_id_ctx->sdap_id_ctx->opts, subdom); if (sdom == NULL) { return EFAULT; } /* Set up the ID mapping object */ ad_id_ctx->sdap_id_ctx->opts->idmap_ctx = id_ctx->sdap_id_ctx->opts->idmap_ctx; *_subdom_id_ctx = ad_id_ctx; return EOK; } static errno_t ads_store_sdap_subdom(struct ad_subdomains_ctx *ctx, struct sss_domain_info *parent) { int ret; struct sdap_domain *sditer; struct ad_id_ctx *subdom_id_ctx; ret = sdap_domain_subdom_add(ctx->sdap_id_ctx, ctx->sdom, parent); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_domain_subdom_add failed.\n")); return ret; } DLIST_FOR_EACH(sditer, ctx->sdom) { if (IS_SUBDOMAIN(sditer->dom) && sditer->pvt == NULL) { ret = ad_subdom_ad_ctx_new(ctx->be_ctx, ctx->ad_id_ctx, sditer->dom, &subdom_id_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ad_subdom_ad_ctx_new failed.\n")); } else { sditer->pvt = subdom_id_ctx; } } } return EOK; } static errno_t ad_subdom_enumerates(struct sss_domain_info *parent, struct sysdb_attrs *attrs, bool *_enumerates) { errno_t ret; const char *name; ret = sysdb_attrs_get_string(attrs, AD_AT_TRUST_PARTNER, &name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); return ret; } *_enumerates = subdomain_enumerates(parent, name); return EOK; } static errno_t ad_subdom_store(struct ad_subdomains_ctx *ctx, struct sss_domain_info *domain, struct sysdb_attrs *subdom_attrs, bool enumerate) { TALLOC_CTX *tmp_ctx; const char *name; char *realm; const char *flat; errno_t ret; enum idmap_error_code err; struct ldb_message_element *el; char *sid_str = NULL; uint32_t trust_type; bool mpg; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } ret = sysdb_attrs_get_uint32_t(subdom_attrs, AD_AT_TRUST_TYPE, &trust_type); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_uint32_t failed.\n")); goto done; } ret = sysdb_attrs_get_string(subdom_attrs, AD_AT_TRUST_PARTNER, &name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("failed to get subdomain name\n")); goto done; } realm = get_uppercase_realm(tmp_ctx, name); if (!realm) { ret = ENOMEM; goto done; } ret = sysdb_attrs_get_string(subdom_attrs, AD_AT_FLATNAME, &flat); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("failed to get flat name of subdomain %s\n", name)); goto done; } ret = sysdb_attrs_get_el(subdom_attrs, AD_AT_SID, &el); if (ret != EOK || el->num_values != 1) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_attrs_get_el failed.\n")); goto done; } err = sss_idmap_bin_sid_to_sid(ctx->idmap_ctx, el->values[0].data, el->values[0].length, &sid_str); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not convert SID: [%s].\n", idmap_error_string(err))); ret = EFAULT; goto done; } mpg = sdap_idmap_domain_has_algorithmic_mapping( ctx->sdap_id_ctx->opts->idmap_ctx, name, sid_str); ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str, mpg, enumerate, domain->forest); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n")); goto done; } ret = EOK; done: sss_idmap_free_sid(ctx->sdap_id_ctx->opts->idmap_ctx->map, sid_str); talloc_free(tmp_ctx); return ret; } static errno_t ad_subdomains_refresh(struct ad_subdomains_ctx *ctx, int count, struct sysdb_attrs **reply, bool *changes) { struct sdap_domain *sdom; struct sss_domain_info *domain, *dom; bool handled[count]; const char *value; int c, h; int ret; bool enumerate; domain = ctx->be_ctx->domain; memset(handled, 0, sizeof(bool) * count); h = 0; /* check existing subdomains */ for (dom = get_next_domain(domain, true); dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */ dom = get_next_domain(dom, false)) { for (c = 0; c < count; c++) { if (handled[c]) { continue; } ret = sysdb_attrs_get_string(reply[c], AD_AT_TRUST_PARTNER, &value); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } if (strcmp(value, dom->name) == 0) { break; } } if (c >= count) { /* ok this subdomain does not exist anymore, let's clean up */ dom->disabled = true; ret = sysdb_subdomain_delete(dom->sysdb, dom->name); if (ret != EOK) { goto done; } sdom = sdap_domain_get(ctx->sdap_id_ctx->opts, dom); if (sdom == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("BUG: Domain does not exist?\n")); continue; } /* Remove the subdomain from the list of LDAP domains */ sdap_domain_remove(ctx->sdap_id_ctx->opts, dom); be_ptask_destroy(&sdom->enum_task); be_ptask_destroy(&sdom->cleanup_task); /* terminate all requests for this subdomain so we can free it */ be_terminate_domain_requests(ctx->be_ctx, dom->name); talloc_zfree(sdom); } else { /* ok let's try to update it */ ret = ad_subdom_enumerates(domain, reply[c], &enumerate); if (ret != EOK) { goto done; } ret = ad_subdom_store(ctx, domain, reply[c], enumerate); if (ret) { /* Nothing we can do about the error. Let's at least try * to reuse the existing domains */ DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to parse subdom data, " "will try to use cached subdomain\n")); } handled[c] = true; h++; } } if (count == h) { /* all domains were already accounted for and have been updated */ ret = EOK; goto done; } /* if we get here it means we have changes to the subdomains list */ *changes = true; for (c = 0; c < count; c++) { if (handled[c]) { continue; } /* Nothing we can do about the error. Let's at least try * to reuse the existing domains. */ ret = ad_subdom_enumerates(domain, reply[c], &enumerate); if (ret != EOK) { goto done; } ret = ad_subdom_store(ctx, domain, reply[c], enumerate); if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to parse subdom data, " "will try to use cached subdomain\n")); } } ret = EOK; done: if (ret != EOK) { ctx->last_refreshed = 0; } else { ctx->last_refreshed = time(NULL); } return ret; } static errno_t ad_subdom_reinit(struct ad_subdomains_ctx *ctx) { errno_t ret; ret = sysdb_update_subdomains(ctx->be_ctx->domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_update_subdomains failed.\n")); return ret; } ret = sss_write_domain_mappings(ctx->be_ctx->domain, false); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("sss_krb5_write_mappings failed.\n")); /* Just continue */ } ret = ads_store_sdap_subdom(ctx, ctx->be_ctx->domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ads_store_sdap_subdom failed.\n")); return ret; } return EOK; } static void ad_subdomains_get_conn_done(struct tevent_req *req); static void ad_subdomains_master_dom_done(struct tevent_req *req); static errno_t ad_subdomains_get_root(struct ad_subdomains_req_ctx *ctx); static errno_t ad_subdomains_get_slave(struct ad_subdomains_req_ctx *ctx); static void ad_subdomains_retrieve(struct ad_subdomains_ctx *ctx, struct be_req *be_req) { struct ad_subdomains_req_ctx *req_ctx = NULL; struct tevent_req *req; int dp_error = DP_ERR_FATAL; int ret; req_ctx = talloc(be_req, struct ad_subdomains_req_ctx); if (req_ctx == NULL) { ret = ENOMEM; goto done; } req_ctx->be_req = be_req; req_ctx->sd_ctx = ctx; req_ctx->current_filter = NULL; req_ctx->base_iter = 0; req_ctx->root_base_iter = 0; req_ctx->root_id_ctx = NULL; req_ctx->root_op = NULL; req_ctx->root_domain = NULL; req_ctx->reply_count = 0; req_ctx->reply = NULL; req_ctx->sdap_op = sdap_id_op_create(req_ctx, ctx->ldap_ctx->conn_cache); if (req_ctx->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); ret = ENOMEM; goto done; } req = sdap_id_op_connect_send(req_ctx->sdap_op, req_ctx, &ret); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret))); goto done; } tevent_req_set_callback(req, ad_subdomains_get_conn_done, req_ctx); return; done: talloc_free(req_ctx); if (ret == EOK) { dp_error = DP_ERR_OK; } be_req_terminate(be_req, dp_error, ret, NULL); } static void ad_subdomains_get_conn_done(struct tevent_req *req) { int ret; int dp_error = DP_ERR_FATAL; struct ad_subdomains_req_ctx *ctx; ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx); ret = sdap_id_op_connect_recv(req, &dp_error); talloc_zfree(req); if (ret) { if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_MINOR_FAILURE, ("No AD server is available, cannot get the " "subdomain list while offline\n")); } else { DEBUG(SSSDBG_OP_FAILURE, ("Failed to connect to AD server: [%d](%s)\n", ret, strerror(ret))); } goto fail; } req = ad_master_domain_send(ctx, ctx->sd_ctx->be_ctx->ev, ctx->sd_ctx->ldap_ctx, ctx->sdap_op, ctx->sd_ctx->domain_name); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ad_master_domain_send failed.\n")); ret = ENOMEM; goto fail; } tevent_req_set_callback(req, ad_subdomains_master_dom_done, ctx); return; fail: be_req_terminate(ctx->be_req, dp_error, ret, NULL); } static void ad_subdomains_master_dom_done(struct tevent_req *req) { struct ad_subdomains_req_ctx *ctx; errno_t ret; ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx); ret = ad_master_domain_recv(req, ctx, &ctx->flat_name, &ctx->master_sid, &ctx->forest); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot retrieve master domain info\n")); goto done; } ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain, ctx->flat_name, ctx->master_sid, ctx->forest); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot save master domain info\n")); goto done; } if (strcasecmp(ctx->sd_ctx->be_ctx->domain->name, ctx->forest) != 0) { DEBUG(SSSDBG_TRACE_FUNC, ("SSSD needs to look up the forest root domain\n")); ret = ad_subdomains_get_root(ctx); } else { DEBUG(SSSDBG_TRACE_FUNC, ("Connected to forest root, looking up child domains..\n")); ctx->root_op = ctx->sdap_op; ctx->root_id_ctx = ctx->sd_ctx->ad_id_ctx; ret = ad_subdomains_get_slave(ctx); } if (ret == EAGAIN) { return; } else if (ret != EOK) { goto done; } done: be_req_terminate(ctx->be_req, DP_ERR_FATAL, ret, NULL); } static void ad_subdomains_get_root_domain_done(struct tevent_req *req); static errno_t ad_subdomains_get_root(struct ad_subdomains_req_ctx *ctx) { struct tevent_req *req; struct sdap_search_base *base; struct sdap_id_ctx *sdap_id_ctx; char *filter; const char *forest_root_attrs[] = { AD_AT_FLATNAME, AD_AT_TRUST_PARTNER, AD_AT_SID, AD_AT_TRUST_TYPE, AD_AT_TRUST_ATTRS, NULL }; sdap_id_ctx = ctx->sd_ctx->sdap_id_ctx; base = sdap_id_ctx->opts->sdom->search_bases[ctx->root_base_iter]; if (base == NULL) { return EOK; } filter = talloc_asprintf(ctx, FOREST_ROOT_FILTER_FMT, ctx->forest); if (filter == NULL) { return ENOMEM; } req = sdap_get_generic_send(ctx, ctx->sd_ctx->be_ctx->ev, sdap_id_ctx->opts, sdap_id_op_handle(ctx->sdap_op), base->basedn, LDAP_SCOPE_SUBTREE, filter, forest_root_attrs, NULL, 0, dp_opt_get_int(sdap_id_ctx->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n")); return ENOMEM; } tevent_req_set_callback(req, ad_subdomains_get_root_domain_done, ctx); return EAGAIN; } static struct ad_id_ctx *ads_get_root_id_ctx(struct ad_subdomains_req_ctx *ctx); static void ad_subdomains_root_conn_done(struct tevent_req *req); static void ad_subdomains_get_root_domain_done(struct tevent_req *req) { int ret; size_t reply_count; struct sysdb_attrs **reply = NULL; struct ad_subdomains_req_ctx *ctx; int dp_error = DP_ERR_FATAL; bool has_changes; ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx); ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n")); goto fail; } if (reply_count == 0) { /* If no root domain was found in the default search base, try the * next one, if available */ ctx->root_base_iter++; ret = ad_subdomains_get_root(ctx); if (ret == EAGAIN) { return; } goto fail; } else if (reply_count > 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Multiple results for root domain search, " "domain list might be incomplete!\n")); ctx->root_op = ctx->sdap_op; ctx->root_id_ctx = ctx->sd_ctx->ad_id_ctx; ret = ad_subdomains_get_slave(ctx); if (ret == EAGAIN) { return; } goto fail; } /* Exactly one result, good. */ /* We won't use the operation to the local LDAP anymore, but * read from the forest root */ ret = sdap_id_op_done(ctx->sdap_op, ret, &dp_error); if (ret != EOK) { if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_MINOR_FAILURE, ("No AD server is available, cannot get the " "subdomain list while offline\n")); } else { DEBUG(SSSDBG_OP_FAILURE, ("Failed to search the AD server: [%d](%s)\n", ret, strerror(ret))); } goto fail; } ret = ad_subdomains_refresh(ctx->sd_ctx, 1, reply, &has_changes); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ad_subdomains_refresh failed.\n")); goto fail; } if (has_changes) { ret = ad_subdom_reinit(ctx->sd_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not reinitialize subdomains\n")); goto fail; } } ctx->root_domain = reply[0]; ctx->root_id_ctx = ads_get_root_id_ctx(ctx); if (ctx->root_id_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot create id ctx for the root domain\n")); ret = EFAULT; goto fail; } ctx->root_op = sdap_id_op_create(ctx, ctx->root_id_ctx->ldap_ctx->conn_cache); if (ctx->root_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); ret = ENOMEM; goto fail; } req = sdap_id_op_connect_send(ctx->root_op, ctx, &ret); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret))); goto fail; } tevent_req_set_callback(req, ad_subdomains_root_conn_done, ctx); return; fail: if (ret == EOK) { ctx->sd_ctx->last_refreshed = time(NULL); dp_error = DP_ERR_OK; } be_req_terminate(ctx->be_req, dp_error, ret, NULL); } static struct ad_id_ctx *ads_get_root_id_ctx(struct ad_subdomains_req_ctx *ctx) { errno_t ret; const char *name; struct sss_domain_info *root; struct sdap_domain *sdom; struct ad_id_ctx *root_id_ctx; ret = sysdb_attrs_get_string(ctx->root_domain, AD_AT_TRUST_PARTNER, &name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); return NULL; } /* With a subsequent run, the root should already be known */ root = find_subdomain_by_name(ctx->sd_ctx->be_ctx->domain, name, false); if (root == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Could not find the root domain\n")); return NULL; } sdom = sdap_domain_get(ctx->sd_ctx->ad_id_ctx->sdap_id_ctx->opts, root); if (sdom == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot get the sdom for %s!\n", root->name)); return NULL; } if (sdom->pvt == NULL) { ret = ad_subdom_ad_ctx_new(ctx->sd_ctx->be_ctx, ctx->sd_ctx->ad_id_ctx, root, &root_id_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ad_subdom_ad_ctx_new failed.\n")); return NULL; } sdom->pvt = root_id_ctx; } else { root_id_ctx = sdom->pvt; } return root_id_ctx; } static void ad_subdomains_root_conn_done(struct tevent_req *req) { int ret; int dp_error = DP_ERR_FATAL; struct ad_subdomains_req_ctx *ctx; ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx); ret = sdap_id_op_connect_recv(req, &dp_error); talloc_zfree(req); if (ret) { if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_MINOR_FAILURE, ("No AD server is available, cannot get the " "subdomain list while offline\n")); } else { DEBUG(SSSDBG_OP_FAILURE, ("Failed to connect to AD server: [%d](%s)\n", ret, strerror(ret))); } goto fail; } ret = ad_subdomains_get_slave(ctx); if (ret == EAGAIN) { return; } else if (ret != EOK) { goto fail; } fail: be_req_terminate(ctx->be_req, dp_error, ret, NULL); } static void ad_subdomains_get_slave_domain_done(struct tevent_req *req); static errno_t ad_subdomains_get_slave(struct ad_subdomains_req_ctx *ctx) { struct tevent_req *req; struct sdap_search_base *base; const char *slave_dom_attrs[] = { AD_AT_FLATNAME, AD_AT_TRUST_PARTNER, AD_AT_SID, AD_AT_TRUST_TYPE, AD_AT_TRUST_ATTRS, NULL }; base = ctx->root_id_ctx->sdap_id_ctx->opts->sdom->search_bases[ctx->base_iter]; if (base == NULL) { return EOK; } req = sdap_get_generic_send(ctx, ctx->sd_ctx->be_ctx->ev, ctx->root_id_ctx->sdap_id_ctx->opts, sdap_id_op_handle(ctx->root_op), base->basedn, LDAP_SCOPE_SUBTREE, SLAVE_DOMAIN_FILTER, slave_dom_attrs, NULL, 0, dp_opt_get_int(ctx->root_id_ctx->sdap_id_ctx->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n")); return ENOMEM; } tevent_req_set_callback(req, ad_subdomains_get_slave_domain_done, ctx); return EAGAIN; } static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, size_t nsd, struct sysdb_attrs **sd, struct sysdb_attrs *root, size_t *_nsd_out, struct sysdb_attrs ***_sd_out) { size_t i, sdi; struct sysdb_attrs **sd_out; const char *sd_name; errno_t ret; if (root == NULL) { /* We are connected directly to the root domain. The 'sd' * list is complete and we can just use it */ *_nsd_out = nsd; *_sd_out = sd; return EOK; } /* If we searched for root separately, we must: * a) treat the root domain as a subdomain * b) filter the subdomain we are connected to from the subdomain * list, from our point of view, it's the master domain */ sd_out = talloc_zero_array(mem_ctx, struct sysdb_attrs *, nsd+1); if (sd_out == NULL) { return ENOMEM; } sdi = 0; for (i = 0; i < nsd; i++) { ret = sysdb_attrs_get_string(sd[i], AD_AT_TRUST_PARTNER, &sd_name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto fail; } if (strcasecmp(sd_name, domain->name) == 0) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Not including primary domain %s in the subdomain list\n", domain->name)); continue; } sd_out[sdi] = talloc_steal(sd_out, sd[i]); sdi++; } /* Now include the root */ sd_out[sdi] = talloc_steal(sd_out, root); *_nsd_out = sdi+1; *_sd_out = sd_out; return EOK; fail: talloc_free(sd_out); return ret; } static void ad_subdomains_get_slave_domain_done(struct tevent_req *req) { int ret; size_t reply_count; struct sysdb_attrs **reply = NULL; struct ad_subdomains_req_ctx *ctx; int dp_error = DP_ERR_FATAL; bool refresh_has_changes = false; size_t nsubdoms; struct sysdb_attrs **subdoms; ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx); ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n")); goto done; } if (reply_count) { ctx->reply = talloc_realloc(ctx, ctx->reply, struct sysdb_attrs *, ctx->reply_count + reply_count); if (ctx->reply == NULL) { ret = ENOMEM; goto done; } memcpy(ctx->reply+ctx->reply_count, reply, reply_count * sizeof(struct sysdb_attrs *)); ctx->reply_count += reply_count; } ctx->base_iter++; ret = ad_subdomains_get_slave(ctx); if (ret == EAGAIN) { /* Search in progress */ return; } ret = sdap_id_op_done(ctx->root_op, ret, &dp_error); if (ret != EOK) { if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_MINOR_FAILURE, ("No AD server is available, cannot get the " "subdomain list while offline\n")); } else { DEBUG(SSSDBG_OP_FAILURE, ("Failed to search the AD server: [%d](%s)\n", ret, strerror(ret))); } tevent_req_error(req, ret); return; } /* Based on whether we are connected to the forest root or not, we might * need to exclude the subdomain we are connected to from the list of * subdomains */ ret = ad_subdomains_process(ctx, ctx->sd_ctx->be_ctx->domain, ctx->reply_count, ctx->reply, ctx->root_domain, &nsubdoms, &subdoms); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot process subdomain list\n")); tevent_req_error(req, ret); return; } /* Got all the subdomains, let's process them */ ret = ad_subdomains_refresh(ctx->sd_ctx, nsubdoms, subdoms, &refresh_has_changes); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to refresh subdomains.\n")); goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("There are %schanges\n", refresh_has_changes ? "" : "no ")); if (refresh_has_changes) { ret = ad_subdom_reinit(ctx->sd_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not reinitialize subdomains\n")); goto done; } } ret = EOK; done: if (ret == EOK) { ctx->sd_ctx->last_refreshed = time(NULL); dp_error = DP_ERR_OK; } be_req_terminate(ctx->be_req, dp_error, ret, NULL); } static void ad_subdom_online_cb(void *pvt); static void ad_subdom_timer_refresh(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt) { ad_subdom_online_cb(pvt); } static void ad_subdom_be_req_callback(struct be_req *be_req, int dp_err, int dp_ret, const char *errstr) { talloc_free(be_req); } static void ad_subdom_online_cb(void *pvt) { struct ad_subdomains_ctx *ctx; struct be_req *be_req; struct timeval tv; uint32_t refresh_interval; ctx = talloc_get_type(pvt, struct ad_subdomains_ctx); if (!ctx) { DEBUG(SSSDBG_CRIT_FAILURE, ("Bad private pointer\n")); return; } refresh_interval = ctx->be_ctx->domain->subdomain_refresh_interval; be_req = be_req_create(ctx, NULL, ctx->be_ctx, ad_subdom_be_req_callback, NULL); if (be_req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("be_req_create() failed.\n")); return; } ad_subdomains_retrieve(ctx, be_req); tv = tevent_timeval_current_ofs(refresh_interval, 0); ctx->timer_event = tevent_add_timer(ctx->be_ctx->ev, ctx, tv, ad_subdom_timer_refresh, ctx); if (!ctx->timer_event) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom timer event\n")); } } static void ad_subdom_offline_cb(void *pvt) { struct ad_subdomains_ctx *ctx; ctx = talloc_get_type(pvt, struct ad_subdomains_ctx); if (ctx) { talloc_zfree(ctx->timer_event); } } void ad_subdomains_handler(struct be_req *be_req) { struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct ad_subdomains_ctx *ctx; time_t now; ctx = talloc_get_type(be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data, struct ad_subdomains_ctx); if (!ctx) { be_req_terminate(be_req, DP_ERR_FATAL, EINVAL, NULL); return; } now = time(NULL); if (ctx->last_refreshed > now - AD_SUBDOMAIN_REFRESH_LIMIT) { be_req_terminate(be_req, DP_ERR_OK, EOK, NULL); return; } ad_subdomains_retrieve(ctx, be_req); } struct bet_ops ad_subdomains_ops = { .handler = ad_subdomains_handler, .finalize = NULL }; int ad_subdom_init(struct be_ctx *be_ctx, struct ad_id_ctx *id_ctx, const char *ad_domain, struct bet_ops **ops, void **pvt_data) { struct ad_subdomains_ctx *ctx; int ret; enum idmap_error_code err; ctx = talloc_zero(id_ctx, struct ad_subdomains_ctx); if (ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); return ENOMEM; } ctx->be_ctx = be_ctx; ctx->sdom = id_ctx->sdap_id_ctx->opts->sdom; ctx->ldap_ctx = id_ctx->ldap_ctx; ctx->sdap_id_ctx = id_ctx->sdap_id_ctx; ctx->domain_name = talloc_strdup(ctx, ad_domain); if (ctx->domain_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); return ENOMEM; } ctx->ad_id_ctx = id_ctx; *ops = &ad_subdomains_ops; *pvt_data = ctx; ret = be_add_online_cb(ctx, be_ctx, ad_subdom_online_cb, ctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom online callback")); } ret = be_add_offline_cb(ctx, be_ctx, ad_subdom_offline_cb, ctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom offline callback")); } err = sss_idmap_init(sss_idmap_talloc, ctx, sss_idmap_talloc_free, &ctx->idmap_ctx); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to initialize idmap context.\n")); return EFAULT; } ret = ad_subdom_reinit(ctx); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not reinitialize subdomains. " "Users from trusted domains might not be resolved correctly\n")); /* Ignore this error and try to discover the subdomains later */ } return EOK; } sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_id.h0000644000000000000000000000007412320753107020154 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.551875027 sssd-1.11.5/src/providers/ad/ad_id.h0000664002412700241270000000324112320753107020376 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef AD_ID_H_ #define AD_ID_H_ void ad_account_info_handler(struct be_req *breq); struct tevent_req * ad_handle_acct_info_send(TALLOC_CTX *mem_ctx, struct be_req *breq, struct be_acct_req *ar, struct sdap_id_ctx *ctx, struct ad_options *ad_options, struct sdap_domain *sdom, struct sdap_id_conn_ctx **conn); errno_t ad_handle_acct_info_recv(struct tevent_req *req, int *_dp_error, const char **_err); struct tevent_req * ad_enumeration_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct be_ptask *be_ptask, void *pvt); errno_t ad_enumeration_recv(struct tevent_req *req); void ad_check_online(struct be_req *be_req); #endif /* AD_ID_H_ */ sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_domain_info.h0000644000000000000000000000007412320753107022042 xustar000000000000000030 atime=1396954939.262891434 30 ctime=1396954961.557875022 sssd-1.11.5/src/providers/ad/ad_domain_info.h0000664002412700241270000000247212320753107022271 0ustar00jhrozekjhrozek00000000000000/* SSSD AD Master Domain Module Authors: Sumit Bose Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _AD_MASTER_DOMAIN_H_ #define _AD_MASTER_DOMAIN_H_ struct tevent_req * ad_master_domain_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_conn_ctx *conn, struct sdap_id_op *op, const char *dom_name); errno_t ad_master_domain_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **_flat, char **_id, char **_forest); #endif /* _AD_MASTER_DOMAIN_H_ */ sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_id.c0000644000000000000000000000007412320753107020147 xustar000000000000000030 atime=1396954939.262891434 30 ctime=1396954961.550875027 sssd-1.11.5/src/providers/ad/ad_id.c0000664002412700241270000007467112320753107020410 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "util/strtonum.h" #include "providers/ad/ad_common.h" #include "providers/ad/ad_id.h" #include "providers/ad/ad_domain_info.h" #include "providers/ldap/sdap_async_enum.h" #include "providers/ldap/sdap_idmap.h" static void disable_gc(struct ad_options *ad_options) { errno_t ret; if (dp_opt_get_bool(ad_options->basic, AD_ENABLE_GC) == false) { return; } DEBUG(SSSDBG_IMPORTANT_INFO, ("POSIX attributes were requested " "but are not present on the server side. Global Catalog " "lookups will be disabled\n")); ret = dp_opt_set_bool(ad_options->basic, AD_ENABLE_GC, false); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not turn off GC support\n")); /* Not fatal */ } } struct ad_handle_acct_info_state { struct be_req *breq; struct be_acct_req *ar; struct sdap_id_ctx *ctx; struct sdap_id_conn_ctx **conn; struct sdap_domain *sdom; size_t cindex; struct ad_options *ad_options; int dp_error; const char *err; }; static errno_t ad_handle_acct_info_step(struct tevent_req *req); static void ad_handle_acct_info_done(struct tevent_req *subreq); struct tevent_req * ad_handle_acct_info_send(TALLOC_CTX *mem_ctx, struct be_req *breq, struct be_acct_req *ar, struct sdap_id_ctx *ctx, struct ad_options *ad_options, struct sdap_domain *sdom, struct sdap_id_conn_ctx **conn) { struct tevent_req *req; struct ad_handle_acct_info_state *state; struct be_ctx *be_ctx = be_req_get_be_ctx(breq); errno_t ret; req = tevent_req_create(mem_ctx, &state, struct ad_handle_acct_info_state); if (req == NULL) { return NULL; } state->breq = breq; state->ar = ar; state->ctx = ctx; state->sdom = sdom; state->conn = conn; state->ad_options = ad_options; state->cindex = 0; ret = ad_handle_acct_info_step(req); if (ret == EOK) { tevent_req_done(req); tevent_req_post(req, be_ctx->ev); } else if (ret != EAGAIN) { tevent_req_error(req, ret); tevent_req_post(req, be_ctx->ev); } /* Lookup in progress */ return req; } static errno_t ad_handle_acct_info_step(struct tevent_req *req) { struct tevent_req *subreq; struct ad_handle_acct_info_state *state = tevent_req_data(req, struct ad_handle_acct_info_state); bool noexist_delete = false; if (state->conn[state->cindex] == NULL) { return EOK; } if (state->conn[state->cindex+1] == NULL) { noexist_delete = true; } subreq = sdap_handle_acct_req_send(state, state->breq, state->ar, state->ctx, state->sdom, state->conn[state->cindex], noexist_delete); if (req == NULL) { return ENOMEM; } tevent_req_set_callback(subreq, ad_handle_acct_info_done, req); return EAGAIN; } static void ad_handle_acct_info_done(struct tevent_req *subreq) { errno_t ret; int dp_error; int sdap_err; const char *err; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ad_handle_acct_info_state *state = tevent_req_data(req, struct ad_handle_acct_info_state); ret = sdap_handle_acct_req_recv(subreq, &dp_error, &err, &sdap_err); if (dp_error == DP_ERR_OFFLINE && state->conn[state->cindex]->ignore_mark_offline) { /* This is a special case: GC does not work. * We need to Fall back to ldap */ ret = EOK; sdap_err = ENOENT; } talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } if (sdap_err == EOK) { tevent_req_done(req); return; } else if (sdap_err == ERR_NO_POSIX) { disable_gc(state->ad_options); } else if (sdap_err != ENOENT) { tevent_req_error(req, EIO); return; } /* Ret is only ENOENT or ERR_NO_POSIX now. Try the next connection */ state->cindex++; ret = ad_handle_acct_info_step(req); if (ret != EAGAIN) { /* No additional search in progress. Save the last * error status, we'll be returning it. */ state->dp_error = dp_error; state->err = err; if (ret == EOK) { /* No more connections */ tevent_req_done(req); } else { tevent_req_error(req, ret); } return; } /* Another lookup in progress */ } errno_t ad_handle_acct_info_recv(struct tevent_req *req, int *_dp_error, const char **_err) { struct ad_handle_acct_info_state *state = tevent_req_data(req, struct ad_handle_acct_info_state); if (_dp_error) { *_dp_error = state->dp_error; } if (_err) { *_err = state->err; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } struct sdap_id_conn_ctx ** get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom, struct be_acct_req *ar) { struct sdap_id_conn_ctx **clist; int cindex = 0; switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ clist = talloc_zero_array(ad_ctx, struct sdap_id_conn_ctx *, 3); if (clist == NULL) return NULL; /* Try GC first for users from trusted domains */ if (dp_opt_get_bool(ad_ctx->ad_options->basic, AD_ENABLE_GC) && IS_SUBDOMAIN(dom)) { clist[cindex] = ad_ctx->gc_ctx; clist[cindex]->ignore_mark_offline = true; cindex++; } /* Users from primary domain can be just downloaded from LDAP. * The domain's LDAP connection also works as a fallback */ clist[cindex] = ad_get_dom_ldap_conn(ad_ctx, dom); break; case BE_REQ_BY_SECID: /* by SID */ case BE_REQ_USER_AND_GROUP: /* get SID */ case BE_REQ_GROUP: /* group */ case BE_REQ_INITGROUPS: /* init groups for user */ clist = ad_gc_conn_list(breq, ad_ctx, dom); if (clist == NULL) return NULL; break; default: /* Requests for other object should only contact LDAP by default */ clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 2); if (clist == NULL) return NULL; clist[0] = ad_ctx->ldap_ctx; clist[1] = NULL; break; } return clist; } static errno_t ad_account_can_shortcut(struct be_ctx *be_ctx, struct sdap_idmap_ctx *idmap_ctx, int filter_type, const char *filter_value, const char *filter_domain, bool *_shortcut) { struct sss_domain_info *domain = be_ctx->domain; struct sss_domain_info *req_dom = NULL; enum idmap_error_code err; char *sid = NULL; const char *csid = NULL; uint32_t id; bool shortcut = false; errno_t ret; if (!sdap_idmap_domain_has_algorithmic_mapping(idmap_ctx, domain->name, domain->domain_id)) { shortcut = false; ret = EOK; goto done; } switch (filter_type) { case BE_FILTER_IDNUM: /* convert value to ID */ errno = 0; id = strtouint32(filter_value, NULL, 10); if (errno != 0) { ret = errno; goto done; } /* convert the ID to its SID equivalent */ err = sss_idmap_unix_to_sid(idmap_ctx->map, id, &sid); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Mapping ID [%s] to SID failed: " "[%s]\n", filter_value, idmap_error_string(err))); ret = EIO; goto done; } /* fall through */ case BE_FILTER_SECID: csid = sid == NULL ? filter_value : sid; req_dom = find_subdomain_by_sid(domain, csid); if (req_dom == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Invalid domain\n")); ret = ERR_DOMAIN_NOT_FOUND; goto done; } if (strcasecmp(req_dom->name, filter_domain) != 0) { shortcut = true; } else { shortcut = false; } break; default: shortcut = false; break; } ret = EOK; done: if (sid != NULL) { sss_idmap_free_sid(idmap_ctx->map, sid); } if (ret == EOK) { *_shortcut = shortcut; } return ret; } static void ad_account_info_complete(struct tevent_req *req); void ad_account_info_handler(struct be_req *be_req) { struct ad_id_ctx *ad_ctx; struct be_acct_req *ar; struct sdap_id_ctx *sdap_id_ctx; struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct tevent_req *req; struct sss_domain_info *dom; struct sdap_domain *sdom; struct sdap_id_conn_ctx **clist; bool shortcut; errno_t ret; ad_ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data, struct ad_id_ctx); ar = talloc_get_type(be_req_get_data(be_req), struct be_acct_req); sdap_id_ctx = ad_ctx->sdap_id_ctx; if (be_is_offline(be_ctx)) { return be_req_terminate(be_req, DP_ERR_OFFLINE, EAGAIN, "Offline"); } /* Try to shortcut if this is ID or SID search and it belongs to * other domain range than is in ar->domain. */ ret = ad_account_can_shortcut(be_ctx, sdap_id_ctx->opts->idmap_ctx, ar->filter_type, ar->filter_value, ar->domain, &shortcut); if (ret != EOK) { DEBUG(SSSDBG_TRACE_FUNC, ("Cannot determine the right domain: %s\n", sss_strerror(ret))); shortcut = false; } if (shortcut) { DEBUG(SSSDBG_TRACE_FUNC, ("This ID is from different domain\n")); be_req_terminate(be_req, DP_ERR_OK, EOK, NULL); return; } dom = be_ctx->domain; if (strcasecmp(ar->domain, be_ctx->domain->name) != 0) { /* Subdomain request, verify subdomain */ dom = find_subdomain_by_name(be_ctx->domain, ar->domain, true); } if (dom == NULL) { ret = EINVAL; goto fail; } /* Determine whether to connect to GC, LDAP or try both */ clist = get_conn_list(be_req, ad_ctx, dom, ar); if (clist == NULL) { ret = EIO; goto fail; } sdom = sdap_domain_get(sdap_id_ctx->opts, dom); if (sdom == NULL) { ret = EIO; goto fail; } req = ad_handle_acct_info_send(be_req, be_req, ar, sdap_id_ctx, ad_ctx->ad_options, sdom, clist); if (req == NULL) { ret = ENOMEM; goto fail; } tevent_req_set_callback(req, ad_account_info_complete, be_req); return; fail: be_req_terminate(be_req, DP_ERR_FATAL, ret, NULL); } static void ad_account_info_complete(struct tevent_req *req) { struct be_req *be_req; errno_t ret; int dp_error; const char *error_text = "Internal error"; const char *req_error_text; be_req = tevent_req_callback_data(req, struct be_req); ret = ad_handle_acct_info_recv(req, &dp_error, &req_error_text); talloc_zfree(req); if (dp_error == DP_ERR_OK) { if (ret == EOK) { error_text = NULL; } else { DEBUG(SSSDBG_FATAL_FAILURE, ("Bug: dp_error is OK on failed request\n")); dp_error = DP_ERR_FATAL; error_text = req_error_text; } } else if (dp_error == DP_ERR_OFFLINE) { error_text = "Offline"; } else if (dp_error == DP_ERR_FATAL && ret == ENOMEM) { error_text = "Out of memory"; } else { error_text = req_error_text; } return be_req_terminate(be_req, dp_error, ret, error_text); } void ad_check_online(struct be_req *be_req) { struct ad_id_ctx *ad_ctx; struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); ad_ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data, struct ad_id_ctx); return sdap_do_online_check(be_req, ad_ctx->sdap_id_ctx); } struct ad_enumeration_state { struct ad_id_ctx *id_ctx; struct ldap_enum_ctx *ectx; struct sdap_id_op *sdap_op; struct tevent_context *ev; struct sdap_domain *sdom; struct sdap_domain *sditer; }; static void ad_enumeration_conn_done(struct tevent_req *subreq); static void ad_enumeration_master_done(struct tevent_req *subreq); static errno_t ad_enum_sdom(struct tevent_req *req, struct sdap_domain *sd, struct ad_id_ctx *id_ctx); static void ad_enumeration_done(struct tevent_req *subreq); struct tevent_req * ad_enumeration_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct be_ptask *be_ptask, void *pvt) { struct tevent_req *req; struct tevent_req *subreq; struct ad_enumeration_state *state; struct ldap_enum_ctx *ectx; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct ad_enumeration_state); if (req == NULL) return NULL; ectx = talloc_get_type(pvt, struct ldap_enum_ctx); if (ectx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot retrieve ldap_enum_ctx!\n")); ret = EFAULT; goto fail; } state->ectx = ectx; state->ev = ev; state->sdom = ectx->sdom; state->sditer = state->sdom; state->id_ctx = talloc_get_type(ectx->pvt, struct ad_id_ctx); state->sdap_op = sdap_id_op_create(state, state->id_ctx->ldap_ctx->conn_cache); if (state->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); ret = ENOMEM; goto fail; } subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret))); goto fail; } tevent_req_set_callback(subreq, ad_enumeration_conn_done, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void ad_enumeration_conn_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ad_enumeration_state *state = tevent_req_data(req, struct ad_enumeration_state); int ret, dp_error; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_TRACE_FUNC, ("Backend is marked offline, retry later!\n")); tevent_req_done(req); } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Domain enumeration failed to connect to " \ "LDAP server: (%d)[%s]\n", ret, strerror(ret))); tevent_req_error(req, ret); } return; } subreq = ad_master_domain_send(state, state->ev, state->id_ctx->ldap_ctx, state->sdap_op, state->sdom->dom->name); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ad_master_domain_send failed.\n")); tevent_req_error(req, ret); return; } tevent_req_set_callback(subreq, ad_enumeration_master_done, req); } static void ad_enumeration_master_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ad_enumeration_state *state = tevent_req_data(req, struct ad_enumeration_state); char *flat_name; char *master_sid; char *forest; ret = ad_master_domain_recv(subreq, state, &flat_name, &master_sid, &forest); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot retrieve master domain info\n")); tevent_req_error(req, ret); return; } ret = sysdb_master_domain_add_info(state->sdom->dom, flat_name, master_sid, forest); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot save master domain info\n")); tevent_req_error(req, ret); return; } ret = ad_enum_sdom(req, state->sdom, state->id_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not enumerate domain %s\n", state->sdom->dom->name)); tevent_req_error(req, ret); return; } /* Execution will resume in ad_enumeration_done */ } static errno_t ad_enum_sdom(struct tevent_req *req, struct sdap_domain *sd, struct ad_id_ctx *id_ctx) { struct sdap_id_conn_ctx *user_conn; struct tevent_req *subreq; struct ad_enumeration_state *state = tevent_req_data(req, struct ad_enumeration_state); if (dp_opt_get_bool(id_ctx->ad_options->basic, AD_ENABLE_GC)) { user_conn = id_ctx->gc_ctx; } else { user_conn = id_ctx->ldap_ctx; } /* Groups are searched for in LDAP, users in GC. Services (if present, * which is unlikely in AD) from LDAP as well */ subreq = sdap_dom_enum_ex_send(state, state->ev, id_ctx->sdap_id_ctx, sd, user_conn, /* Users */ id_ctx->ldap_ctx, /* Groups */ id_ctx->ldap_ctx); /* Services */ if (subreq == NULL) { /* The ptask API will reschedule the enumeration on its own on * failure */ DEBUG(SSSDBG_OP_FAILURE, ("Failed to schedule enumeration, retrying later!\n")); return ENOMEM; } tevent_req_set_callback(subreq, ad_enumeration_done, req); return EOK; } static errno_t ad_enum_cross_dom_members(struct sdap_options *opts, struct sss_domain_info *dom); static void ad_enumeration_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ad_enumeration_state *state = tevent_req_data(req, struct ad_enumeration_state); ret = sdap_dom_enum_ex_recv(subreq); talloc_zfree(subreq); if (ret == ERR_NO_POSIX) { /* Retry enumerating the same domain again, this time w/o * connecting to GC */ disable_gc(state->id_ctx->ad_options); ret = ad_enum_sdom(req, state->sditer, state->id_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not retry domain %s\n", state->sditer->dom->name)); tevent_req_error(req, ret); return; } /* Execution will resume in ad_enumeration_done */ return; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not enumerate domain %s\n", state->sditer->dom->name)); tevent_req_error(req, ret); return; } do { state->sditer = state->sditer->next; } while (state->sditer && state->sditer->dom->enumerate == false); if (state->sditer != NULL) { ret = ad_enum_sdom(req, state->sditer, state->sditer->pvt); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not enumerate domain %s\n", state->sditer->dom->name)); tevent_req_error(req, ret); return; } /* Execution will resume in ad_enumeration_done */ return; } /* No more subdomains to enumerate. Check if we need to fixup * cross-domain membership */ if (state->sditer != state->sdom) { /* We did enumerate at least one subdomain. Walk the subdomains * and fixup members for each of them */ for (state->sditer = state->sdom; state->sditer; state->sditer = state->sditer->next) { ret = ad_enum_cross_dom_members(state->id_ctx->ad_options->id, state->sditer->dom); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not check cross-domain " "memberships for %s, group memberships might be " "incomplete!\n", state->sdom->dom->name)); continue; } } } tevent_req_done(req); } static errno_t ad_group_extra_members(TALLOC_CTX *mem_ctx, const struct ldb_message *group, struct sss_domain_info *dom, char ***_group_only); static errno_t ad_group_add_member(struct sdap_options *opts, struct sss_domain_info *group_domain, struct ldb_dn *group_dn, const char *member); static errno_t ad_enum_cross_dom_members(struct sdap_options *opts, struct sss_domain_info *dom) { errno_t ret; errno_t sret; char *filter; TALLOC_CTX *tmp_ctx; const char *attrs[] = { SYSDB_NAME, SYSDB_MEMBER, SYSDB_ORIG_MEMBER, NULL }; size_t count, i, mi; struct ldb_message **msgs; bool in_transaction = false; char **group_only; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) return ENOMEM; ret = sysdb_transaction_start(dom->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; filter = talloc_asprintf(tmp_ctx, "(%s=*)", SYSDB_NAME); if (filter == NULL) { ret = ENOMEM; goto done; } ret = sysdb_search_groups(tmp_ctx, dom->sysdb, dom, filter, attrs, &count, &msgs); if (ret != EOK) { goto done; } for (i = 0; i < count; i++) { ret = ad_group_extra_members(tmp_ctx, msgs[i], dom, &group_only); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to check extra members\n")); continue; } else if (group_only == NULL) { DEBUG(SSSDBG_TRACE_INTERNAL, ("No extra members\n")); continue; } /* Group has extra members */ for (mi = 0; group_only[mi]; mi++) { ret = ad_group_add_member(opts, dom, msgs[i]->dn, group_only[mi]); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add [%s]: %s\n", group_only[mi], strerror(ret))); continue; } } talloc_zfree(group_only); } ret = sysdb_transaction_commit(dom->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { sret = sysdb_transaction_cancel(dom->sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } static errno_t ad_group_stored_orig_members(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, struct ldb_dn *dn, char ***_odn_list); static errno_t ad_group_extra_members(TALLOC_CTX *mem_ctx, const struct ldb_message *group, struct sss_domain_info *dom, char ***_group_only) { TALLOC_CTX *tmp_ctx; struct ldb_message_element *m, *om; const char *name; errno_t ret; char **sysdb_odn_list; const char **group_odn_list; char **group_only = NULL; if (_group_only == NULL) return EINVAL; *_group_only = NULL; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) return ENOMEM; om = ldb_msg_find_element(group, SYSDB_ORIG_MEMBER); m = ldb_msg_find_element(group, SYSDB_MEMBER); name = ldb_msg_find_attr_as_string(group, SYSDB_NAME, NULL); if (name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("A group with no name!\n")); ret = EFAULT; goto done; } if (om == NULL || om->num_values == 0) { DEBUG(SSSDBG_TRACE_FUNC, ("Group %s has no original members\n", name)); ret = EOK; goto done; } if (m == NULL || (m->num_values < om->num_values)) { DEBUG(SSSDBG_TRACE_FUNC, ("Group %s has %d members but %d original members\n", name, m ? m->num_values : 0, om->num_values)); /* Get the list of originalDN attributes that are already * linked to the group */ ret = ad_group_stored_orig_members(tmp_ctx, dom, group->dn, &sysdb_odn_list); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not retrieve list of original members for %s\n", name)); goto done; } /* Get the list of original DN attributes the group had in AD */ group_odn_list = sss_ldb_el_to_string_list(tmp_ctx, om); if (group_odn_list == NULL) { ret = EFAULT; goto done; } /* Compare the two lists */ ret = diff_string_lists(tmp_ctx, discard_const(group_odn_list), sysdb_odn_list, &group_only, NULL, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not compare lists of members for %s\n", name)); goto done; } } ret = EOK; *_group_only = talloc_steal(mem_ctx, group_only); done: talloc_free(tmp_ctx); return ret; } static errno_t ad_group_stored_orig_members(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, struct ldb_dn *dn, char ***_odn_list) { errno_t ret; TALLOC_CTX *tmp_ctx; size_t m_count, i; struct ldb_message **members; const char *attrs[] = { SYSDB_NAME, SYSDB_ORIG_DN, NULL }; char **odn_list; const char *odn; size_t oi; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) return ENOMEM; /* Get all entries member element points to */ ret = sysdb_asq_search(tmp_ctx, dom->sysdb, dn, NULL, SYSDB_MEMBER, attrs, &m_count, &members); if (ret != EOK) { goto done; } odn_list = talloc_zero_array(tmp_ctx, char *, m_count + 1); if (odn_list == NULL) { ret = ENOMEM; goto done; } /* Get a list of their original DNs */ oi = 0; for (i = 0; i < m_count; i++) { odn = ldb_msg_find_attr_as_string(members[i], SYSDB_ORIG_DN, NULL); if (odn == NULL) { continue; } odn_list[oi] = talloc_strdup(odn_list, odn); if (odn_list[oi] == NULL) { ret = ENOMEM; goto done; } oi++; DEBUG(SSSDBG_TRACE_INTERNAL, ("Member %s already in sysdb\n", odn)); } ret = EOK; *_odn_list = talloc_steal(mem_ctx, odn_list); done: talloc_free(tmp_ctx); return ret; } static errno_t ad_group_add_member(struct sdap_options *opts, struct sss_domain_info *group_domain, struct ldb_dn *group_dn, const char *member) { struct sdap_domain *sd; struct ldb_dn *base_dn; TALLOC_CTX *tmp_ctx; errno_t ret; const char *mem_filter; size_t msgs_count; struct ldb_message **msgs; /* This member would be from a different domain */ sd = sdap_domain_get_by_dn(opts, member); if (sd == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("No matching domain for %s\n", member)); return ENOENT; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) return ENOMEM; mem_filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, member); if (mem_filter == NULL) { ret = ENOMEM; goto done; } base_dn = sysdb_domain_dn(sd->dom->sysdb, tmp_ctx, sd->dom); if (base_dn == NULL) { ret = ENOMEM; goto done; } ret = sysdb_search_entry(tmp_ctx, sd->dom->sysdb, base_dn, LDB_SCOPE_SUBTREE, mem_filter, NULL, &msgs_count, &msgs); if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No member [%s] in sysdb\n", member)); ret = EOK; goto done; } else if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_INTERNAL, ("[%s] found in sysdb\n", member)); if (msgs_count != 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Search by orig DN returned %zd results!\n", msgs_count)); ret = EFAULT; goto done; } ret = sysdb_mod_group_member(group_domain->sysdb, msgs[0]->dn, group_dn, SYSDB_MOD_ADD); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add [%s] as a member of [%s]\n", ldb_dn_get_linearized(msgs[0]->dn), ldb_dn_get_linearized(group_dn))); goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t ad_enumeration_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_dyndns.c0000644000000000000000000000007412320753107021052 xustar000000000000000030 atime=1396954939.262891434 30 ctime=1396954961.549875028 sssd-1.11.5/src/providers/ad/ad_dyndns.c0000664002412700241270000002141612320753107021300 0ustar00jhrozekjhrozek00000000000000/* SSSD ad_dyndns.c Authors: Jakub Hrozek Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "providers/ldap/sdap_dyndns.h" #include "providers/data_provider.h" #include "providers/dp_dyndns.h" #include "providers/ad/ad_common.h" void ad_dyndns_update(void *pvt); errno_t ad_dyndns_init(struct be_ctx *be_ctx, struct ad_options *ad_opts) { errno_t ret; /* nsupdate is available. Dynamic updates * are supported */ ret = ad_get_dyndns_options(be_ctx, ad_opts); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not set AD options\n")); return ret; } if (dp_opt_get_bool(ad_opts->dyndns_ctx->opts, DP_OPT_DYNDNS_UPDATE) == false) { DEBUG(SSSDBG_CONF_SETTINGS, ("Dynamic DNS updates not set\n")); return EOK; } DEBUG(SSSDBG_CONF_SETTINGS, ("Dynamic DNS updates are on. Checking for nsupdate..\n")); ret = be_nsupdate_check(); if (ret == ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, ("DNS updates requested but nsupdate not available\n")); return EOK; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not check for nsupdate\n")); return ret; } ad_opts->be_res = be_ctx->be_res; if (ad_opts->be_res == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Resolver must be initialized in order " "to use the AD dynamic DNS updates\n")); return EINVAL; } ret = be_nsupdate_init_timer(ad_opts->dyndns_ctx, be_ctx->ev, ad_dyndns_timer, ad_opts); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not set up periodic update\n")); return ret; } ret = be_add_online_cb(be_ctx, be_ctx, ad_dyndns_update, ad_opts, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not set up online callback\n")); return ret; } return EOK; } static void ad_dyndns_timer_connected(struct tevent_req *req); void ad_dyndns_timer(void *pvt) { struct ad_options *ctx = talloc_get_type(pvt, struct ad_options); struct sdap_id_ctx *sdap_ctx = ctx->id_ctx->sdap_id_ctx; struct tevent_req *req; req = sdap_dyndns_timer_conn_send(ctx, sdap_ctx->be->ev, sdap_ctx, ctx->dyndns_ctx); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); /* Not much we can do. Just attempt to reschedule */ be_nsupdate_timer_schedule(sdap_ctx->be->ev, ctx->dyndns_ctx); return; } tevent_req_set_callback(req, ad_dyndns_timer_connected, ctx); } static void ad_dyndns_timer_connected(struct tevent_req *req) { errno_t ret; struct ad_options *ctx = tevent_req_callback_data(req, struct ad_options); ret = sdap_dyndns_timer_conn_recv(req); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to connect to AD: [%d](%s)\n", ret, sss_strerror(ret))); return; } return ad_dyndns_update(ctx); } static struct tevent_req *ad_dyndns_update_send(struct ad_options *ctx); static errno_t ad_dyndns_update_recv(struct tevent_req *req); static void ad_dyndns_nsupdate_done(struct tevent_req *req); void ad_dyndns_update(void *pvt) { struct ad_options *ctx = talloc_get_type(pvt, struct ad_options); struct sdap_id_ctx *sdap_ctx = ctx->id_ctx->sdap_id_ctx; struct tevent_req *req; /* Schedule timer after provider went offline */ be_nsupdate_timer_schedule(sdap_ctx->be->ev, ctx->dyndns_ctx); req = ad_dyndns_update_send(ctx); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not update DNS\n")); return; } tevent_req_set_callback(req, ad_dyndns_nsupdate_done, NULL); } static void ad_dyndns_nsupdate_done(struct tevent_req *req) { int ret = ad_dyndns_update_recv(req); talloc_free(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Updating DNS entry failed [%d]: %s\n", ret, sss_strerror(ret))); return; } DEBUG(SSSDBG_OP_FAILURE, ("DNS update finished\n")); } struct ad_dyndns_update_state { struct ad_options *ad_ctx; const char *servername; }; static void ad_dyndns_sdap_update_done(struct tevent_req *subreq); static struct tevent_req * ad_dyndns_update_send(struct ad_options *ctx) { int ret; struct ad_dyndns_update_state *state; struct tevent_req *req, *subreq; struct sdap_id_ctx *sdap_ctx = ctx->id_ctx->sdap_id_ctx; LDAPURLDesc *lud; DEBUG(SSSDBG_TRACE_FUNC, ("Performing update\n")); req = tevent_req_create(ctx, &state, struct ad_dyndns_update_state); if (req == NULL) { return NULL; } state->ad_ctx = ctx; if (ctx->dyndns_ctx->last_refresh + 60 > time(NULL) || ctx->dyndns_ctx->timer_in_progress) { DEBUG(SSSDBG_FUNC_DATA, ("Last periodic update ran recently or timer" "in progress, not scheduling another update\n")); tevent_req_done(req); tevent_req_post(req, sdap_ctx->be->ev); return req; } state->ad_ctx->dyndns_ctx->last_refresh = time(NULL); ret = ldap_url_parse(ctx->service->sdap->uri, &lud); if (ret != LDAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse ldap URI (%s)!\n", ctx->service->sdap->uri)); ret = EINVAL; goto done; } if (lud->lud_scheme != NULL && strcasecmp(lud->lud_scheme, "ldapi") == 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("The LDAP scheme is ldapi://, cannot proceed with update\n")); ldap_free_urldesc(lud); ret = EINVAL; goto done; } if (lud->lud_host == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("The LDAP URI (%s) did not contain a host name\n", ctx->service->sdap->uri)); ldap_free_urldesc(lud); ret = EINVAL; goto done; } state->servername = talloc_strdup(state, lud->lud_host); ldap_free_urldesc(lud); if (!state->servername) { ret = ENOMEM; goto done; } subreq = sdap_dyndns_update_send(state, sdap_ctx->be->ev, sdap_ctx->be, ctx->dyndns_ctx->opts, sdap_ctx, ctx->dyndns_ctx->auth_type, dp_opt_get_string(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_IFACE), dp_opt_get_string(ctx->basic, AD_HOSTNAME), NULL, dp_opt_get_string(ctx->basic, AD_KRB5_REALM), state->servername, dp_opt_get_int(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_TTL), false); if (!subreq) { ret = EIO; DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: [%d](%s)\n", ret, sss_strerror(ret))); goto done; } tevent_req_set_callback(subreq, ad_dyndns_sdap_update_done, req); ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, sdap_ctx->be->ev); } return req; } static void ad_dyndns_sdap_update_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); errno_t ret; ret = sdap_dyndns_update_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Dynamic DNS update failed [%d]: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); return; } tevent_req_done(req); } static errno_t ad_dyndns_update_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_access.h0000644000000000000000000000007412320753107021021 xustar000000000000000030 atime=1396954939.262891434 30 ctime=1396954961.552875026 sssd-1.11.5/src/providers/ad/ad_access.h0000664002412700241270000000177112320753107021251 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef AD_ACCESS_H_ #define AD_ACCESS_H_ struct ad_access_ctx { struct dp_option *ad_options; struct sdap_access_ctx *sdap_access_ctx; struct ad_id_ctx *ad_id_ctx; }; void ad_access_handler(struct be_req *breq); #endif /* AD_ACCESS_H_ */ sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_subdomains.h0000644000000000000000000000007412320753107021724 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.556875023 sssd-1.11.5/src/providers/ad/ad_subdomains.h0000664002412700241270000000216612320753107022153 0ustar00jhrozekjhrozek00000000000000/* SSSD AD Subdomains Module Authors: Sumit Bose Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _AD_SUBDOMAINS_H_ #define _AD_SUBDOMAINS_H_ #include "providers/dp_backend.h" #include "providers/ad/ad_common.h" int ad_subdom_init(struct be_ctx *be_ctx, struct ad_id_ctx *id_ctx, const char *ad_domain, struct bet_ops **ops, void **pvt_data); #endif /* _AD_SUBDOMAINS_H_ */ sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_srv.c0000644000000000000000000000007412320753107020365 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.554875024 sssd-1.11.5/src/providers/ad/ad_srv.c0000664002412700241270000006343412320753107020621 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "util/sss_ldap.h" #include "resolv/async_resolv.h" #include "providers/dp_backend.h" #include "providers/fail_over.h" #include "providers/fail_over_srv.h" #include "providers/ldap/sdap.h" #include "providers/ldap/sdap_async.h" #define AD_SITE_DOMAIN_FMT "%s._sites.%s" #define AD_AT_DNS_DOMAIN "DnsDomain" #define AD_AT_NT_VERSION "NtVer" #define AD_AT_NETLOGON "netlogon" static errno_t ad_sort_servers_by_dns(TALLOC_CTX *mem_ctx, const char *domain, struct fo_server_info **_srv, size_t num) { struct fo_server_info *out = NULL; struct fo_server_info *srv = NULL; struct fo_server_info in_domain[num]; struct fo_server_info out_domain[num]; size_t srv_index = 0; size_t in_index = 0; size_t out_index = 0; size_t i, j; if (_srv == NULL) { return EINVAL; } srv = *_srv; if (num <= 1) { return EOK; } out = talloc_zero_array(mem_ctx, struct fo_server_info, num); if (out == NULL) { return ENOMEM; } /* When several servers share priority, we will prefer the one that * is located in the same domain as client (e.g. child domain instead * of forest root) but obey their weight. We will use the fact that * the servers are already sorted by priority. */ for (i = 0; i < num; i++) { if (is_host_in_domain(srv[i].host, domain)) { /* this is a preferred server, push it to the in domain list */ in_domain[in_index] = srv[i]; in_index++; } else { /* this is a normal server, push it to the out domain list */ out_domain[out_index] = srv[i]; out_index++; } if (i + 1 == num || srv[i].priority != srv[i + 1].priority) { /* priority has changed or we have reached the end of the srv list, * we will merge the list into final list and start over with * next priority */ for (j = 0; j < in_index; j++) { out[srv_index] = in_domain[j]; talloc_steal(out, out[srv_index].host); srv_index++; } for (j = 0; j < out_index; j++) { out[srv_index] = out_domain[j]; talloc_steal(out, out[srv_index].host); srv_index++; } in_index = 0; out_index = 0; } } talloc_free(*_srv); *_srv = out; return EOK; } struct ad_get_dc_servers_state { struct fo_server_info *servers; size_t num_servers; }; static void ad_get_dc_servers_done(struct tevent_req *subreq); static struct tevent_req *ad_get_dc_servers_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv_ctx, const char *domain) { struct ad_get_dc_servers_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; const char **domains = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct ad_get_dc_servers_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } domains = talloc_zero_array(state, const char *, 2); if (domains == NULL) { ret = ENOMEM; goto immediately; } domains[0] = talloc_strdup(domains, domain); if (domains[0] == NULL) { ret = ENOMEM; goto immediately; } DEBUG(SSSDBG_TRACE_FUNC, ("Looking up domain controllers in domain %s\n", domain)); subreq = fo_discover_srv_send(state, ev, resolv_ctx, "ldap", FO_PROTO_TCP, domains); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, ad_get_dc_servers_done, req); return req; immediately: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void ad_get_dc_servers_done(struct tevent_req *subreq) { struct ad_get_dc_servers_state *state = NULL; struct tevent_req *req = NULL; char *domain = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_get_dc_servers_state); ret = fo_discover_srv_recv(state, subreq, &domain, &state->servers, &state->num_servers); talloc_zfree(subreq); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Found %zu domain controllers in domain %s\n", state->num_servers, domain)); done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static int ad_get_dc_servers_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct fo_server_info **_dcs, size_t *_num_dcs) { struct ad_get_dc_servers_state *state = NULL; state = tevent_req_data(req, struct ad_get_dc_servers_state); TEVENT_REQ_RETURN_ON_ERROR(req); *_dcs = talloc_steal(mem_ctx, state->servers); *_num_dcs = state->num_servers; return EOK; } struct ad_get_client_site_state { struct tevent_context *ev; struct be_resolv_ctx *be_res; enum host_database *host_db; struct sdap_options *opts; const char *ad_domain; struct fo_server_info *dcs; size_t num_dcs; size_t dc_index; struct fo_server_info dc; struct sdap_handle *sh; char *site; char *forest; }; static errno_t ad_get_client_site_next_dc(struct tevent_req *req); static void ad_get_client_site_connect_done(struct tevent_req *subreq); static void ad_get_client_site_done(struct tevent_req *subreq); struct tevent_req *ad_get_client_site_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_resolv_ctx *be_res, enum host_database *host_db, struct sdap_options *opts, const char *ad_domain, struct fo_server_info *dcs, size_t num_dcs) { struct ad_get_client_site_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct ad_get_client_site_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } if (be_res == NULL || host_db == NULL || opts == NULL) { ret = EINVAL; goto immediately; } state->ev = ev; state->be_res = be_res; state->host_db = host_db; state->opts = opts; state->ad_domain = ad_domain; state->dcs = dcs; state->num_dcs = num_dcs; state->dc_index = 0; ret = ad_get_client_site_next_dc(req); if (ret == EOK) { ret = ENOENT; goto immediately; } else if (ret != EAGAIN) { goto immediately; } return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t ad_get_client_site_next_dc(struct tevent_req *req) { struct ad_get_client_site_state *state = NULL; struct tevent_req *subreq = NULL; errno_t ret; state = tevent_req_data(req, struct ad_get_client_site_state); if (state->dc_index >= state->num_dcs) { ret = EOK; goto done; } state->dc = state->dcs[state->dc_index]; subreq = sdap_connect_host_send(state, state->ev, state->opts, state->be_res->resolv, state->be_res->family_order, state->host_db, "ldap", state->dc.host, state->dc.port, false); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, ad_get_client_site_connect_done, req); state->dc_index++; ret = EAGAIN; done: return ret; } static void ad_get_client_site_connect_done(struct tevent_req *subreq) { struct ad_get_client_site_state *state = NULL; struct tevent_req *req = NULL; static const char *attrs[] = {AD_AT_NETLOGON, NULL}; char *filter = NULL; char *ntver = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_get_client_site_state); ret = sdap_connect_host_recv(state, subreq, &state->sh); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to connect to domain controller " "[%s:%d]\n", state->dc.host, state->dc.port)); ret = ad_get_client_site_next_dc(req); if (ret == EOK) { ret = ENOENT; } goto done; } ntver = sss_ldap_encode_ndr_uint32(state, NETLOGON_NT_VERSION_5EX | NETLOGON_NT_VERSION_WITH_CLOSEST_SITE); if (ntver == NULL) { ret = ENOMEM; goto done; } filter = talloc_asprintf(state, "(&(%s=%s)(%s=%s))", AD_AT_DNS_DOMAIN, state->ad_domain, AD_AT_NT_VERSION, ntver); if (filter == NULL) { ret = ENOMEM; goto done; } subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, "", LDAP_SCOPE_BASE, filter, attrs, NULL, 0, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, ad_get_client_site_done, req); ret = EAGAIN; done: if (ret == EOK) { tevent_req_done(req); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } static errno_t ad_get_client_site_parse_ndr(TALLOC_CTX *mem_ctx, uint8_t *data, size_t length, char **_site_name, char **_forest_name) { TALLOC_CTX *tmp_ctx = NULL; struct ndr_pull *ndr_pull = NULL; struct netlogon_samlogon_response response; enum ndr_err_code ndr_err; char *site = NULL; char *forest = NULL; DATA_BLOB blob; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } blob.data = data; blob.length = length; ndr_pull = ndr_pull_init_blob(&blob, mem_ctx); if (ndr_pull == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_init_blob() failed.\n")); ret = ENOMEM; goto done; } ndr_err = ndr_pull_netlogon_samlogon_response(ndr_pull, NDR_SCALARS, &response); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_netlogon_samlogon_response() " "failed [%d]\n", ndr_err)); ret = EBADMSG; goto done; } if (!(response.ntver & NETLOGON_NT_VERSION_5EX)) { DEBUG(SSSDBG_OP_FAILURE, ("This NT version does not provide site " "information [%x]\n", response.ntver)); ret = EBADMSG; goto done; } if (response.data.nt5_ex.client_site != NULL && response.data.nt5_ex.client_site[0] != '\0') { site = talloc_strdup(tmp_ctx, response.data.nt5_ex.client_site); } else if (response.data.nt5_ex.next_closest_site != NULL && response.data.nt5_ex.next_closest_site[0] != '\0') { site = talloc_strdup(tmp_ctx, response.data.nt5_ex.next_closest_site); } else { ret = ENOENT; goto done; } if (response.data.nt5_ex.forest != NULL && response.data.nt5_ex.forest[0] != '\0') { forest = talloc_strdup(tmp_ctx, response.data.nt5_ex.forest); } else { ret = ENOENT; goto done; } if (site == NULL || forest == NULL) { ret = ENOMEM; goto done; } *_site_name = talloc_steal(mem_ctx, site); *_forest_name = talloc_steal(mem_ctx, forest); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static void ad_get_client_site_done(struct tevent_req *subreq) { struct ad_get_client_site_state *state = NULL; struct tevent_req *req = NULL; struct ldb_message_element *el = NULL; struct sysdb_attrs **reply = NULL; size_t reply_count; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_get_client_site_state); ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply); talloc_zfree(subreq); /* we're done with this LDAP, close connection */ talloc_zfree(state->sh); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to get netlogon information\n")); ret = ad_get_client_site_next_dc(req); if (ret == EOK) { ret = ENOENT; } goto done; } if (reply_count == 0) { DEBUG(SSSDBG_OP_FAILURE, ("No netlogon information retrieved\n")); ret = ENOENT; goto done; } ret = sysdb_attrs_get_el(reply[0], AD_AT_NETLOGON, &el); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_el() failed\n")); goto done; } if (el->num_values == 0) { DEBUG(SSSDBG_OP_FAILURE, ("netlogon has no value\n")); ret = ENOENT; goto done; } else if (el->num_values > 1) { DEBUG(SSSDBG_OP_FAILURE, ("More than one netlogon value?\n")); ret = EIO; goto done; } ret = ad_get_client_site_parse_ndr(state, el->values[0].data, el->values[0].length, &state->site, &state->forest); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to retrieve site name [%d]: %s\n", ret, strerror(ret))); ret = ENOENT; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Found site: %s\n", state->site)); done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } int ad_get_client_site_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_site, char **_forest) { struct ad_get_client_site_state *state = NULL; state = tevent_req_data(req, struct ad_get_client_site_state); TEVENT_REQ_RETURN_ON_ERROR(req); *_site = talloc_steal(mem_ctx, state->site); *_forest = talloc_steal(mem_ctx, state->forest); return EOK; } struct ad_srv_plugin_ctx { struct be_resolv_ctx *be_res; enum host_database *host_dbs; struct sdap_options *opts; const char *hostname; const char *ad_domain; }; struct ad_srv_plugin_ctx * ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, struct be_resolv_ctx *be_res, enum host_database *host_dbs, struct sdap_options *opts, const char *hostname, const char *ad_domain) { struct ad_srv_plugin_ctx *ctx = NULL; ctx = talloc_zero(mem_ctx, struct ad_srv_plugin_ctx); if (ctx == NULL) { return NULL; } ctx->be_res = be_res; ctx->host_dbs = host_dbs; ctx->opts = opts; ctx->hostname = talloc_strdup(ctx, hostname); if (ctx->hostname == NULL) { goto fail; } ctx->ad_domain = talloc_strdup(ctx, ad_domain); if (ctx->ad_domain == NULL) { goto fail; } return ctx; fail: talloc_free(ctx); return NULL; } struct ad_srv_plugin_state { struct tevent_context *ev; struct ad_srv_plugin_ctx *ctx; const char *service; const char *protocol; const char *discovery_domain; char *site; char *dns_domain; char *forest; struct fo_server_info *primary_servers; size_t num_primary_servers; struct fo_server_info *backup_servers; size_t num_backup_servers; }; static void ad_srv_plugin_dcs_done(struct tevent_req *subreq); static void ad_srv_plugin_site_done(struct tevent_req *subreq); static void ad_srv_plugin_servers_done(struct tevent_req *subreq); /* 1. Do a DNS lookup to find any DC in domain * _ldap._tcp.domain.name * 2. Send a CLDAP ping to the found DC to get the desirable site * 3. Do a DNS lookup to find SRV in the site (a) * _service._protocol.site-name._sites.domain.name * 4. Do a DNS lookup to find global SRV records (b) * _service._protocol.domain.name * 5. If the site is found, use (a) as primary and (b) as backup servers, * otherwise use (b) as primary servers */ struct tevent_req *ad_srv_plugin_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *service, const char *protocol, const char *discovery_domain, void *pvt) { struct ad_srv_plugin_state *state = NULL; struct ad_srv_plugin_ctx *ctx = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct ad_srv_plugin_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } ctx = talloc_get_type(pvt, struct ad_srv_plugin_ctx); if (ctx == NULL) { ret = EINVAL; goto immediately; } state->ev = ev; state->ctx = ctx; state->service = talloc_strdup(state, service); if (state->service == NULL) { ret = ENOMEM; goto immediately; } state->protocol = talloc_strdup(state, protocol); if (state->protocol == NULL) { ret = ENOMEM; goto immediately; } if (discovery_domain != NULL) { state->discovery_domain = talloc_strdup(state, discovery_domain); } else { state->discovery_domain = talloc_strdup(state, ctx->ad_domain); } if (state->discovery_domain == NULL) { ret = ENOMEM; goto immediately; } DEBUG(SSSDBG_TRACE_FUNC, ("About to find domain controllers\n")); subreq = ad_get_dc_servers_send(state, ev, ctx->be_res->resolv, state->discovery_domain); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, ad_srv_plugin_dcs_done, req); return req; immediately: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void ad_srv_plugin_dcs_done(struct tevent_req *subreq) { struct ad_srv_plugin_state *state = NULL; struct tevent_req *req = NULL; struct fo_server_info *dcs = NULL; size_t num_dcs = 0; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_srv_plugin_state); ret = ad_get_dc_servers_recv(state, subreq, &dcs, &num_dcs); talloc_zfree(subreq); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("About to locate suitable site\n")); subreq = ad_get_client_site_send(state, state->ev, state->ctx->be_res, state->ctx->host_dbs, state->ctx->opts, state->discovery_domain, dcs, num_dcs); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, ad_srv_plugin_site_done, req); ret = EAGAIN; done: if (ret == EOK) { tevent_req_done(req); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } static void ad_srv_plugin_site_done(struct tevent_req *subreq) { struct ad_srv_plugin_state *state = NULL; struct tevent_req *req = NULL; const char *primary_domain = NULL; const char *backup_domain = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_srv_plugin_state); ret = ad_get_client_site_recv(state, subreq, &state->site, &state->forest); talloc_zfree(subreq); if (ret == EOK) { if (strcmp(state->service, "gc") == 0) { primary_domain = talloc_asprintf(state, AD_SITE_DOMAIN_FMT, state->site, state->forest); if (primary_domain == NULL) { ret = ENOMEM; goto done; } backup_domain = state->forest; } else { primary_domain = talloc_asprintf(state, AD_SITE_DOMAIN_FMT, state->site, state->discovery_domain); if (primary_domain == NULL) { ret = ENOMEM; goto done; } backup_domain = state->discovery_domain; } } else if (ret == ENOENT) { primary_domain = state->discovery_domain; backup_domain = NULL; } else { goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("About to discover primary and " "backup servers\n")); subreq = fo_discover_servers_send(state, state->ev, state->ctx->be_res->resolv, state->service, state->protocol, primary_domain, backup_domain); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, ad_srv_plugin_servers_done, req); ret = EAGAIN; done: if (ret == EOK) { tevent_req_done(req); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } static void ad_srv_plugin_servers_done(struct tevent_req *subreq) { struct ad_srv_plugin_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_srv_plugin_state); ret = fo_discover_servers_recv(state, subreq, &state->dns_domain, &state->primary_servers, &state->num_primary_servers, &state->backup_servers, &state->num_backup_servers); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_FUNC, ("Got %zu primary and %zu backup servers\n", state->num_primary_servers, state->num_backup_servers)); ret = ad_sort_servers_by_dns(state, state->discovery_domain, &state->primary_servers, state->num_primary_servers); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to sort primary servers by DNS" "[%d]: %s\n", ret, sss_strerror(ret))); /* continue */ } ret = ad_sort_servers_by_dns(state, state->discovery_domain, &state->backup_servers, state->num_backup_servers); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to sort backup servers by DNS" "[%d]: %s\n", ret, sss_strerror(ret))); /* continue */ } tevent_req_done(req); } errno_t ad_srv_plugin_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain, struct fo_server_info **_primary_servers, size_t *_num_primary_servers, struct fo_server_info **_backup_servers, size_t *_num_backup_servers) { struct ad_srv_plugin_state *state = NULL; state = tevent_req_data(req, struct ad_srv_plugin_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_primary_servers) { *_primary_servers = talloc_steal(mem_ctx, state->primary_servers); } if (_num_primary_servers) { *_num_primary_servers = state->num_primary_servers; } if (_backup_servers) { *_backup_servers = talloc_steal(mem_ctx, state->backup_servers); } if (_num_backup_servers) { *_num_backup_servers = state->num_backup_servers; } if (_dns_domain) { *_dns_domain = talloc_steal(mem_ctx, state->dns_domain); } return EOK; } sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_common.h0000644000000000000000000000007312320753107021047 xustar000000000000000030 atime=1396954939.262891434 29 ctime=1396954961.54787503 sssd-1.11.5/src/providers/ad/ad_common.h0000664002412700241270000000745212320753107021302 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef AD_COMMON_H_ #define AD_COMMON_H_ #include "util/util.h" #include "providers/ldap/ldap_common.h" #define AD_SERVICE_NAME "AD" #define AD_GC_SERVICE_NAME "AD_GC" /* The port the Global Catalog runs on */ #define AD_GC_PORT 3268 struct ad_options; enum ad_basic_opt { AD_DOMAIN = 0, AD_SERVER, AD_BACKUP_SERVER, AD_HOSTNAME, AD_KEYTAB, AD_KRB5_REALM, AD_ENABLE_DNS_SITES, AD_ACCESS_FILTER, AD_ENABLE_GC, AD_OPTS_BASIC /* opts counter */ }; struct ad_id_ctx { struct sdap_id_ctx *sdap_id_ctx; struct sdap_id_conn_ctx *ldap_ctx; struct sdap_id_conn_ctx *gc_ctx; struct ad_options *ad_options; }; struct ad_service { struct sdap_service *sdap; struct sdap_service *gc; struct krb5_service *krb5_service; }; struct ad_options { /* Common options */ struct dp_option *basic; struct ad_service *service; /* ID Provider */ struct sdap_options *id; struct ad_id_ctx *id_ctx; /* Auth and chpass Provider */ struct krb5_ctx *auth_ctx; /* Dynamic DNS updates */ struct be_resolv_ctx *be_res; struct be_nsupdate_ctx *dyndns_ctx; }; errno_t ad_get_common_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, struct sss_domain_info *dom, struct ad_options **_opts); struct ad_options *ad_create_default_options(TALLOC_CTX *mem_ctx, const char *realm, const char *hostname); errno_t ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, const char *primary_servers, const char *backup_servers, const char *krb5_realm, const char *ad_service, const char *ad_gc_service, const char *ad_domain, struct ad_service **_service); errno_t ad_get_id_options(struct ad_options *ad_opts, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options **_opts); errno_t ad_get_auth_options(TALLOC_CTX *mem_ctx, struct ad_options *ad_opts, struct be_ctx *bectx, struct dp_option **_opts); errno_t ad_get_dyndns_options(struct be_ctx *be_ctx, struct ad_options *ad_opts); struct ad_id_ctx * ad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx); struct sdap_id_conn_ctx ** ad_gc_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom); struct sdap_id_conn_ctx * ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom); /* AD dynamic DNS updates */ errno_t ad_dyndns_init(struct be_ctx *be_ctx, struct ad_options *ctx); void ad_dyndns_timer(void *pvt); int ad_sudo_init(struct be_ctx *be_ctx, struct ad_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data); #endif /* AD_COMMON_H_ */ sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_init.c0000644000000000000000000000007412320753107020516 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.548875029 sssd-1.11.5/src/providers/ad/ad_init.c0000664002412700241270000003351212320753107020744 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "providers/ad/ad_common.h" #include "providers/ad/ad_access.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_access.h" #include "providers/ldap/sdap_idmap.h" #include "providers/krb5/krb5_auth.h" #include "providers/krb5/krb5_init_shared.h" #include "providers/ad/ad_id.h" #include "providers/ad/ad_srv.h" #include "providers/dp_dyndns.h" #include "providers/ad/ad_subdomains.h" #include "providers/ad/ad_domain_info.h" struct ad_options *ad_options = NULL; static void ad_shutdown(struct be_req *req); struct bet_ops ad_id_ops = { .handler = ad_account_info_handler, .finalize = ad_shutdown, .check_online = ad_check_online }; struct bet_ops ad_auth_ops = { .handler = krb5_pam_handler, .finalize = NULL }; struct bet_ops ad_chpass_ops = { .handler = krb5_pam_handler, .finalize = NULL }; struct bet_ops ad_access_ops = { .handler = ad_access_handler, .finalize = NULL }; #define AD_COMPAT_ON "1" static int ad_sasl_getopt(void *context, const char *plugin_name, const char *option, const char **result, unsigned *len) { if (!plugin_name || !result) { return SASL_FAIL; } if (strcmp(plugin_name, "GSSAPI") != 0) { return SASL_FAIL; } if (strcmp(option, "ad_compat") != 0) { return SASL_FAIL; } *result = AD_COMPAT_ON; if (len) { *len = 2; } return SASL_OK; } typedef int (*sss_sasl_gen_cb_fn)(void); static const sasl_callback_t ad_sasl_callbacks[] = { { SASL_CB_GETOPT, (sss_sasl_gen_cb_fn)ad_sasl_getopt, NULL }, { SASL_CB_LIST_END, NULL, NULL } }; /* This is quite a hack, we *try* to fool openldap libraries by initializing * sasl first so we can pass in the SASL_CB_GETOPT callback we need to set some * options. Should be removed as soon as openldap exposes a way to do that */ static void ad_sasl_initialize(void) { /* NOTE: this may fail if soe other library in the system happens to * initialize and use openldap libraries or directly the cyrus-sasl * library as this initialization function can be called only once per * process */ (void)sasl_client_init(ad_sasl_callbacks); } static errno_t common_ad_init(struct be_ctx *bectx) { errno_t ret; char *ad_servers = NULL; char *ad_backup_servers = NULL; char *ad_realm; ad_sasl_initialize(); /* Get AD-specific options */ ret = ad_get_common_options(bectx, bectx->cdb, bectx->conf_path, bectx->domain, &ad_options); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not parse common options: [%s]\n", strerror(ret))); goto done; } ad_servers = dp_opt_get_string(ad_options->basic, AD_SERVER); ad_backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER); ad_realm = dp_opt_get_string(ad_options->basic, AD_KRB5_REALM); /* Set up the failover service */ ret = ad_failover_init(ad_options, bectx, ad_servers, ad_backup_servers, ad_realm, AD_SERVICE_NAME, AD_GC_SERVICE_NAME, dp_opt_get_string(ad_options->basic, AD_DOMAIN), &ad_options->service); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to init AD failover service: [%s]\n", strerror(ret))); goto done; } ret = EOK; done: return ret; } int sssm_ad_id_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { errno_t ret; struct ad_id_ctx *ad_ctx; const char *hostname; const char *ad_domain; struct ad_srv_plugin_ctx *srv_ctx; if (!ad_options) { ret = common_ad_init(bectx); if (ret != EOK) { return ret; } } if (ad_options->id_ctx) { /* already initialized */ *ops = &ad_id_ops; *pvt_data = ad_options->id_ctx; return EOK; } ad_ctx = ad_id_ctx_init(ad_options, bectx); if (ad_ctx == NULL) { return ENOMEM; } ad_options->id_ctx = ad_ctx; ret = ad_dyndns_init(ad_ctx->sdap_id_ctx->be, ad_options); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failure setting up automatic DNS update\n")); /* Continue without DNS updates */ } ret = sdap_setup_child(); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("setup_child failed [%d][%s].\n", ret, strerror(ret))); goto done; } /* Set up various SDAP options */ ret = ad_get_id_options(ad_options, bectx->cdb, bectx->conf_path, &ad_ctx->sdap_id_ctx->opts); if (ret != EOK) { goto done; } ret = sdap_id_setup_tasks(bectx, ad_ctx->sdap_id_ctx, ad_ctx->sdap_id_ctx->opts->sdom, ad_enumeration_send, ad_enumeration_recv, ad_ctx); if (ret != EOK) { goto done; } ad_ctx->sdap_id_ctx->opts->sdom->pvt = ad_ctx; /* Set up the ID mapping object */ ret = sdap_idmap_init(ad_ctx->sdap_id_ctx, ad_ctx->sdap_id_ctx, &ad_ctx->sdap_id_ctx->opts->idmap_ctx); if (ret != EOK) goto done; ret = setup_tls_config(ad_ctx->sdap_id_ctx->opts->basic); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("setup_tls_config failed [%s]\n", strerror(ret))); goto done; } /* setup SRV lookup plugin */ hostname = dp_opt_get_string(ad_options->basic, AD_HOSTNAME); if (dp_opt_get_bool(ad_options->basic, AD_ENABLE_DNS_SITES)) { /* use AD plugin */ ad_domain = dp_opt_get_string(ad_options->basic, AD_DOMAIN); srv_ctx = ad_srv_plugin_ctx_init(bectx, bectx->be_res, default_host_dbs, ad_options->id, hostname, ad_domain); if (srv_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); ret = ENOMEM; goto done; } be_fo_set_srv_lookup_plugin(bectx, ad_srv_plugin_send, ad_srv_plugin_recv, srv_ctx, "AD"); } else { /* fall back to standard plugin */ ret = be_fo_set_dns_srv_lookup_plugin(bectx, hostname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set SRV lookup plugin " "[%d]: %s\n", ret, strerror(ret))); goto done; } } /* setup periodical refresh of expired records */ ret = be_refresh_add_cb(bectx->refresh_ctx, BE_REFRESH_TYPE_NETGROUPS, sdap_refresh_netgroups_send, sdap_refresh_netgroups_recv, ad_ctx->sdap_id_ctx); if (ret != EOK && ret != EEXIST) { DEBUG(SSSDBG_MINOR_FAILURE, ("Periodical refresh of netgroups " "will not work [%d]: %s\n", ret, strerror(ret))); } *ops = &ad_id_ops; *pvt_data = ad_ctx; ret = EOK; done: if (ret != EOK) { talloc_zfree(ad_options->id_ctx); } return ret; } int sssm_ad_auth_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { errno_t ret; struct krb5_ctx *krb5_auth_ctx = NULL; if (!ad_options) { ret = common_ad_init(bectx); if (ret != EOK) { return ret; } } if (ad_options->auth_ctx) { /* Already initialized */ *ops = &ad_auth_ops; *pvt_data = ad_options->auth_ctx; return EOK; } krb5_auth_ctx = talloc_zero(NULL, struct krb5_ctx); if (!krb5_auth_ctx) { ret = ENOMEM; goto done; } krb5_auth_ctx->config_type = K5C_GENERIC; krb5_auth_ctx->service = ad_options->service->krb5_service; ret = ad_get_auth_options(krb5_auth_ctx, ad_options, bectx, &krb5_auth_ctx->opts); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not determine Kerberos options\n")); goto done; } ret = krb5_child_init(krb5_auth_ctx, bectx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not initialize krb5_child settings: [%s]\n", strerror(ret))); goto done; } ad_options->auth_ctx = talloc_steal(ad_options, krb5_auth_ctx); *ops = &ad_auth_ops; *pvt_data = ad_options->auth_ctx; done: if (ret != EOK) { talloc_free(krb5_auth_ctx); } return ret; } int sssm_ad_chpass_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { errno_t ret; if (!ad_options) { ret = common_ad_init(bectx); if (ret != EOK) { return ret; } } if (ad_options->auth_ctx) { /* Already initialized */ *ops = &ad_chpass_ops; *pvt_data = ad_options->auth_ctx; return EOK; } ret = sssm_ad_auth_init(bectx, ops, pvt_data); *ops = &ad_chpass_ops; ad_options->auth_ctx = *pvt_data; return ret; } int sssm_ad_access_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { errno_t ret; struct ad_access_ctx *access_ctx; struct ad_id_ctx *ad_id_ctx; const char *filter; access_ctx = talloc_zero(bectx, struct ad_access_ctx); if (!access_ctx) return ENOMEM; ret = sssm_ad_id_init(bectx, ops, (void **)&ad_id_ctx); if (ret != EOK) { goto fail; } access_ctx->ad_id_ctx = ad_id_ctx; ret = dp_copy_options(access_ctx, ad_options->basic, AD_OPTS_BASIC, &access_ctx->ad_options); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not initialize access provider options: [%s]\n", strerror(ret))); goto fail; } /* Set up an sdap_access_ctx for checking expired/locked accounts */ access_ctx->sdap_access_ctx = talloc_zero(access_ctx, struct sdap_access_ctx); if (!access_ctx->sdap_access_ctx) { ret = ENOMEM; goto fail; } access_ctx->sdap_access_ctx->id_ctx = ad_id_ctx->sdap_id_ctx; /* If ad_access_filter is set, the value of ldap_acess_order is * expire, filter, otherwise only expire */ access_ctx->sdap_access_ctx->access_rule[0] = LDAP_ACCESS_EXPIRE; filter = dp_opt_get_cstring(access_ctx->ad_options, AD_ACCESS_FILTER); if (filter != NULL) { /* The processing of the extended filter is performed during the access * check itself */ access_ctx->sdap_access_ctx->filter = talloc_strdup( access_ctx->sdap_access_ctx, filter); if (access_ctx->sdap_access_ctx->filter == NULL) { ret = ENOMEM; goto fail; } access_ctx->sdap_access_ctx->access_rule[1] = LDAP_ACCESS_FILTER; access_ctx->sdap_access_ctx->access_rule[2] = LDAP_ACCESS_EMPTY; } else { access_ctx->sdap_access_ctx->access_rule[1] = LDAP_ACCESS_EMPTY; } *ops = &ad_access_ops; *pvt_data = access_ctx; return EOK; fail: talloc_free(access_ctx); return ret; } static void ad_shutdown(struct be_req *req) { /* TODO: Clean up any internal data */ sdap_handler_done(req, DP_ERR_OK, EOK, NULL); } int sssm_ad_subdomains_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret; struct ad_id_ctx *id_ctx; const char *ad_domain; ret = sssm_ad_id_init(bectx, ops, (void **) &id_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ad_id_init failed.\n")); return ret; } if (ad_options == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Global AD options not available.\n")); return EINVAL; } ad_domain = dp_opt_get_string(ad_options->basic, AD_DOMAIN); ret = ad_subdom_init(bectx, id_ctx, ad_domain, ops, pvt_data); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("ad_subdom_init failed.\n")); return ret; } return EOK; } int sssm_ad_sudo_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { #ifdef BUILD_SUDO struct ad_id_ctx *id_ctx; int ret; DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing AD sudo handler\n")); ret = sssm_ad_id_init(bectx, ops, (void **) &id_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ad_id_init failed.\n")); return ret; } return ad_sudo_init(bectx, id_ctx, ops, pvt_data); #else DEBUG(SSSDBG_MINOR_FAILURE, ("Sudo init handler called but SSSD is " "built without sudo support, ignoring\n")); return EOK; #endif } sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_access.c0000644000000000000000000000007412320753107021014 xustar000000000000000030 atime=1396954939.262891434 30 ctime=1396954961.552875026 sssd-1.11.5/src/providers/ad/ad_access.c0000664002412700241270000003223612320753107021244 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "src/util/util.h" #include "src/providers/data_provider.h" #include "src/providers/dp_backend.h" #include "src/providers/ad/ad_access.h" #include "src/providers/ad/ad_common.h" #include "src/providers/ldap/sdap_access.h" static void ad_access_done(struct tevent_req *req); static errno_t ad_access_step(struct tevent_req *req, struct sdap_id_conn_ctx *conn); /* * More advanced format can be used to restrict the filter to a specific * domain or a specific forest. This format is KEYWORD:NAME:FILTER * * KEYWORD can be one of DOM or FOREST * KEYWORD can be missing * NAME is a label. * - if KEYWORD equals DOM or missing completely, the filter is applied * for users from domain named NAME only * - if KEYWORD equals FOREST, the filter is applied on users from * forest named NAME only * examples of valid filters are: * apply filter on domain called dom1 only: * dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com) * apply filter on domain called dom2 only: * DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com) * apply filter on forest called EXAMPLE.COM only: * FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) * * If any of the extended formats are used, the filter MUST be enclosed * already. */ /* From least specific */ #define AD_FILTER_GENERIC 0x01 #define AD_FILTER_FOREST 0x02 #define AD_FILTER_DOMAIN 0x04 #define KW_FOREST "FOREST" #define KW_DOMAIN "DOM" /* parse filter in the format domain_name:filter */ static errno_t parse_sub_filter(TALLOC_CTX *mem_ctx, const char *full_filter, char **filter, char **sub_name, int *flags, const int flagconst) { char *specdelim; specdelim = strchr(full_filter, ':'); if (specdelim == NULL) return EINVAL; /* Make sure the filter is already enclosed in brackets */ if (*(specdelim+1) != '(') return EINVAL; *sub_name = talloc_strndup(mem_ctx, full_filter, specdelim - full_filter); *filter = talloc_strdup(mem_ctx, specdelim+1); if (*sub_name == NULL || *filter == NULL) return ENOMEM; *flags = flagconst; return EOK; } static inline errno_t parse_dom_filter(TALLOC_CTX *mem_ctx, const char *dom_filter, char **filter, char **domname, int *flags) { return parse_sub_filter(mem_ctx, dom_filter, filter, domname, flags, AD_FILTER_DOMAIN); } static inline errno_t parse_forest_filter(TALLOC_CTX *mem_ctx, const char *forest_filter, char **filter, char **forest_name, int *flags) { return parse_sub_filter(mem_ctx, forest_filter, filter, forest_name, flags, AD_FILTER_FOREST); } static errno_t parse_filter(TALLOC_CTX *mem_ctx, const char *full_filter, char **filter, char **spec, int *flags) { char *kwdelim, *specdelim; if (filter == NULL || spec == NULL || flags == NULL) return EINVAL; kwdelim = strchr(full_filter, ':'); if (kwdelim != NULL) { specdelim = strchr(kwdelim+1, ':'); if (specdelim == NULL) { /* There is a single keyword. Treat it as a domain name */ return parse_dom_filter(mem_ctx, full_filter, filter, spec, flags); } else if (strncmp(full_filter, "DOM", kwdelim-full_filter) == 0) { /* The format must be DOM:domain_name:filter */ if (specdelim && specdelim-kwdelim <= 1) { /* Check if there is some domain_name */ return EINVAL; } return parse_dom_filter(mem_ctx, kwdelim + 1, filter, spec, flags); } else if (strncmp(full_filter, "FOREST", kwdelim-full_filter) == 0) { /* The format must be FOREST:forest_name:filter */ if (specdelim && specdelim-kwdelim <= 1) { /* Check if there is some domain_name */ return EINVAL; } return parse_forest_filter(mem_ctx, kwdelim + 1, filter, spec, flags); } /* Malformed option */ DEBUG(SSSDBG_CRIT_FAILURE, ("Keyword in filter [%s] did not match expected format\n", full_filter)); return EINVAL; } /* No keyword. Easy. */ *filter = talloc_strdup(mem_ctx, full_filter); if (*filter == NULL) return ENOMEM; *spec = NULL; *flags = AD_FILTER_GENERIC; return EOK; } static errno_t ad_parse_access_filter(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *filter_list, char **_filter) { char **filters; int nfilters; errno_t ret; char *best_match; int best_flags; char *filter; char *spec; int flags; TALLOC_CTX *tmp_ctx; if (_filter == NULL) return EINVAL; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } if (filter_list == NULL) { *_filter = NULL; ret = EOK; goto done; } ret = split_on_separator(tmp_ctx, filter_list, '?', true, true, &filters, &nfilters); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot parse the list of ad_access_filters\n")); goto done; } best_match = NULL; best_flags = 0; for (int i=0; i < nfilters; i++) { ret = parse_filter(tmp_ctx, filters[i], &filter, &spec, &flags); if (ret != EOK) { /* Skip the faulty filter. At worst, the user won't be * allowed access */ DEBUG(SSSDBG_MINOR_FAILURE, ("Access filter [%s] could not be " "parsed, skipping\n", filters[i])); continue; } if (flags & AD_FILTER_DOMAIN && strcasecmp(spec, dom->name) != 0) { /* If the filter specifies a domain, it must match the * domain the user comes from */ continue; } if (flags & AD_FILTER_FOREST && strcasecmp(spec, dom->forest) != 0) { /* If the filter specifies a forest, it must match the * forest the user comes from */ continue; } if (flags > best_flags) { best_flags = flags; best_match = filter; } } ret = EOK; /* Make sure the result is enclosed in brackets */ *_filter = sdap_get_access_filter(mem_ctx, best_match); done: talloc_free(tmp_ctx); return ret; } struct ad_access_state { struct tevent_context *ev; struct ad_access_ctx *ctx; struct pam_data *pd; struct be_ctx *be_ctx; struct sss_domain_info *domain; char *filter; struct sdap_id_conn_ctx **clist; int cindex; }; static struct tevent_req * ad_access_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct sss_domain_info *domain, struct ad_access_ctx *ctx, struct pam_data *pd) { struct tevent_req *req; struct ad_access_state *state; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct ad_access_state); if (req == NULL) { return NULL; } state->ev = ev; state->ctx = ctx; state->pd = pd; state->be_ctx = be_ctx; state->domain = domain; ret = ad_parse_access_filter(state, domain, ctx->sdap_access_ctx->filter, &state->filter); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not determine the best filter\n")); ret = ERR_ACCESS_DENIED; goto done; } state->clist = ad_gc_conn_list(state, ctx->ad_id_ctx, domain); if (state->clist == NULL) { ret = ENOMEM; goto done; } ret = ad_access_step(req, state->clist[state->cindex]); if (ret != EOK) { goto done; } ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static errno_t ad_access_step(struct tevent_req *req, struct sdap_id_conn_ctx *conn) { struct tevent_req *subreq; struct ad_access_state *state; struct sdap_access_ctx *req_ctx; state = tevent_req_data(req, struct ad_access_state); req_ctx = talloc(state, struct sdap_access_ctx); if (req_ctx == NULL) { return ENOMEM; } req_ctx->id_ctx = state->ctx->sdap_access_ctx->id_ctx; req_ctx->filter = state->filter; memcpy(&req_ctx->access_rule, state->ctx->sdap_access_ctx->access_rule, sizeof(int) * LDAP_ACCESS_LAST); subreq = sdap_access_send(req, state->ev, state->be_ctx, state->domain, req_ctx, conn, state->pd); if (req == NULL) { talloc_free(req_ctx); return ENOMEM; } tevent_req_set_callback(subreq, ad_access_done, req); return EOK; } static void ad_access_done(struct tevent_req *subreq) { struct tevent_req *req; struct ad_access_state *state; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_access_state); ret = sdap_access_recv(subreq); talloc_zfree(subreq); switch (ret) { case EOK: tevent_req_done(req); return; case ERR_ACCOUNT_EXPIRED: tevent_req_error(req, ret); return; case ERR_ACCESS_DENIED: /* Retry on ACCESS_DENIED, too, to make sure that we don't * miss out any attributes not present in GC * FIXME - this is slow. We should retry only if GC failed * and LDAP succeeded after the first ACCESS_DENIED */ break; default: break; } /* If possible, retry with LDAP */ state->cindex++; if (state->clist[state->cindex] == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Error retrieving access check result: %s\n", sss_strerror(ret))); tevent_req_error(req, ret); return; } ret = ad_access_step(req, state->clist[state->cindex]); if (ret != EOK) { tevent_req_error(req, ret); return; } /* Another check in progress */ } static errno_t ad_access_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void ad_access_check_done(struct tevent_req *req); void ad_access_handler(struct be_req *breq) { struct tevent_req *req; struct be_ctx *be_ctx = be_req_get_be_ctx(breq); struct ad_access_ctx *access_ctx = talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data, struct ad_access_ctx); struct pam_data *pd = talloc_get_type(be_req_get_data(breq), struct pam_data); struct sss_domain_info *domain; /* Handle subdomains */ if (strcasecmp(pd->domain, be_ctx->domain->name) != 0) { domain = find_subdomain_by_name(be_ctx->domain, pd->domain, true); if (domain == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("find_subdomain_by_name failed.\n")); be_req_terminate(breq, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL); return; } } else { domain = be_ctx->domain; } /* Verify that the account is not locked */ req = ad_access_send(breq, be_ctx->ev, be_ctx, domain, access_ctx, pd); if (!req) { be_req_terminate(breq, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL); return; } tevent_req_set_callback(req, ad_access_check_done, breq); } static void ad_access_check_done(struct tevent_req *req) { errno_t ret; struct be_req *breq = tevent_req_callback_data(req, struct be_req); struct pam_data *pd = talloc_get_type(be_req_get_data(breq), struct pam_data); ret = ad_access_recv(req); talloc_zfree(req); switch (ret) { case EOK: pd->pam_status = PAM_SUCCESS; be_req_terminate(breq, DP_ERR_OK, PAM_SUCCESS, NULL); return; case ERR_ACCESS_DENIED: /* We got the proper denial */ pd->pam_status = PAM_PERM_DENIED; be_req_terminate(breq, DP_ERR_OK, PAM_PERM_DENIED, NULL); return; case ERR_ACCOUNT_EXPIRED: pd->pam_status = PAM_ACCT_EXPIRED; be_req_terminate(breq, DP_ERR_OK, PAM_ACCT_EXPIRED, NULL); return; default: /* Something went wrong */ pd->pam_status = PAM_SYSTEM_ERR; be_req_terminate(breq, DP_ERR_FATAL, PAM_SYSTEM_ERR, sss_strerror(ret)); return; } } sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_domain_info.c0000644000000000000000000000007412320753107022035 xustar000000000000000030 atime=1396954939.262891434 30 ctime=1396954961.556875023 sssd-1.11.5/src/providers/ad/ad_domain_info.c0000664002412700241270000002773312320753107022273 0ustar00jhrozekjhrozek00000000000000/* SSSD AD Domain Info Module Authors: Sumit Bose Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "providers/ldap/sdap.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_idmap.h" #include "util/util.h" #define AD_AT_OBJECT_SID "objectSID" #define AD_AT_DNS_DOMAIN "DnsDomain" #define AD_AT_NT_VERSION "NtVer" #define AD_AT_NETLOGON "netlogon" #define MASTER_DOMAIN_SID_FILTER "objectclass=domain" static errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx, struct sysdb_attrs *reply, char **_flat_name, char **_forest) { errno_t ret; struct ldb_message_element *el; DATA_BLOB blob; struct ndr_pull *ndr_pull = NULL; enum ndr_err_code ndr_err; struct netlogon_samlogon_response response; const char *flat_name; const char *forest; ret = sysdb_attrs_get_el(reply, AD_AT_NETLOGON, &el); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_el() failed\n")); return ret; } if (el->num_values == 0) { DEBUG(SSSDBG_OP_FAILURE, ("netlogon has no value\n")); return ENOENT; } else if (el->num_values > 1) { DEBUG(SSSDBG_OP_FAILURE, ("More than one netlogon value?\n")); return EIO; } blob.data = el->values[0].data; blob.length = el->values[0].length; ndr_pull = ndr_pull_init_blob(&blob, mem_ctx); if (ndr_pull == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_init_blob() failed.\n")); return ENOMEM; } ndr_err = ndr_pull_netlogon_samlogon_response(ndr_pull, NDR_SCALARS, &response); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_netlogon_samlogon_response() " "failed [%d]\n", ndr_err)); ret = EBADMSG; goto done; } if (!(response.ntver & NETLOGON_NT_VERSION_5EX)) { DEBUG(SSSDBG_OP_FAILURE, ("Wrong version returned [%x]\n", response.ntver)); ret = EBADMSG; goto done; } /* get flat name */ if (response.data.nt5_ex.domain_name != NULL && *response.data.nt5_ex.domain_name != '\0') { flat_name = response.data.nt5_ex.domain_name; } else { DEBUG(SSSDBG_MINOR_FAILURE, ("No netlogon domain name data available\n")); ret = ENOENT; goto done; } *_flat_name = talloc_strdup(mem_ctx, flat_name); if (*_flat_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } /* get forest */ if (response.data.nt5_ex.forest != NULL && *response.data.nt5_ex.forest != '\0') { forest = response.data.nt5_ex.forest; } else { DEBUG(SSSDBG_MINOR_FAILURE, ("No netlogon forest data available\n")); ret = ENOENT; goto done; } *_forest = talloc_strdup(mem_ctx, forest); if (*_forest == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } ret = EOK; done: talloc_free(ndr_pull); return ret; } struct ad_master_domain_state { struct tevent_context *ev; struct sdap_id_conn_ctx *conn; struct sdap_id_op *id_op; struct sdap_id_ctx *id_ctx; struct sdap_options *opts; const char *dom_name; int base_iter; char *flat; char *forest; char *sid; }; static errno_t ad_master_domain_next(struct tevent_req *req); static void ad_master_domain_next_done(struct tevent_req *subreq); static void ad_master_domain_netlogon_done(struct tevent_req *req); struct tevent_req * ad_master_domain_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_conn_ctx *conn, struct sdap_id_op *op, const char *dom_name) { errno_t ret; struct tevent_req *req; struct ad_master_domain_state *state; req = tevent_req_create(mem_ctx, &state, struct ad_master_domain_state); if (!req) return NULL; state->ev = ev; state->id_op = op; state->conn = conn; state->id_ctx = conn->id_ctx; state->opts = conn->id_ctx->opts; state->dom_name = dom_name; ret = ad_master_domain_next(req); if (ret != EOK && ret != EAGAIN) { goto immediate; } return req; immediate: if (ret != EOK) { tevent_req_error(req, ret); } else { tevent_req_done(req); } tevent_req_post(req, ev); return req; } static errno_t ad_master_domain_next(struct tevent_req *req) { struct tevent_req *subreq; struct sdap_search_base *base; const char *master_sid_attrs[] = {AD_AT_OBJECT_SID, NULL}; struct ad_master_domain_state *state = tevent_req_data(req, struct ad_master_domain_state); base = state->opts->sdom->search_bases[state->base_iter]; if (base == NULL) { return EOK; } subreq = sdap_get_generic_send(state, state->ev, state->id_ctx->opts, sdap_id_op_handle(state->id_op), base->basedn, LDAP_SCOPE_BASE, MASTER_DOMAIN_SID_FILTER, master_sid_attrs, NULL, 0, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n")); return ENOMEM; } tevent_req_set_callback(subreq, ad_master_domain_next_done, req); return EAGAIN; } static void ad_master_domain_next_done(struct tevent_req *subreq) { errno_t ret; size_t reply_count; struct sysdb_attrs **reply = NULL; struct ldb_message_element *el; char *sid_str; enum idmap_error_code err; static const char *attrs[] = {AD_AT_NETLOGON, NULL}; char *filter; char *ntver; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ad_master_domain_state *state = tevent_req_data(req, struct ad_master_domain_state); ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n")); goto done; } if (reply_count == 0) { state->base_iter++; ret = ad_master_domain_next(req); if (ret == EAGAIN) { /* Async request will get us back here again */ return; } else if (ret != EOK) { goto done; } /* EOK */ tevent_req_done(req); return; } else if (reply_count == 1) { ret = sysdb_attrs_get_el(reply[0], AD_AT_OBJECT_SID, &el); if (ret != EOK || el->num_values != 1) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_attrs_get_el failed.\n")); goto done; } err = sss_idmap_bin_sid_to_sid(state->opts->idmap_ctx->map, el->values[0].data, el->values[0].length, &sid_str); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not convert SID: [%s].\n", idmap_error_string(err))); ret = EFAULT; goto done; } state->sid = talloc_steal(state, sid_str); } else { DEBUG(SSSDBG_OP_FAILURE, ("More than one result for domain SID found.\n")); ret = EINVAL; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Found SID [%s].\n", state->sid)); ntver = sss_ldap_encode_ndr_uint32(state, NETLOGON_NT_VERSION_5EX | NETLOGON_NT_VERSION_WITH_CLOSEST_SITE); if (ntver == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sss_ldap_encode_ndr_uint32 failed.\n")); ret = ENOMEM; goto done; } filter = talloc_asprintf(state, "(&(%s=%s)(%s=%s))", AD_AT_DNS_DOMAIN, state->dom_name, AD_AT_NT_VERSION, ntver); if (filter == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } subreq = sdap_get_generic_send(state, state->ev, state->id_ctx->opts, sdap_id_op_handle(state->id_op), "", LDAP_SCOPE_BASE, filter, attrs, NULL, 0, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n")); ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, ad_master_domain_netlogon_done, req); return; done: tevent_req_error(req, ret); } static void ad_master_domain_netlogon_done(struct tevent_req *subreq) { int ret; size_t reply_count; struct sysdb_attrs **reply = NULL; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ad_master_domain_state *state = tevent_req_data(req, struct ad_master_domain_state); ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n")); tevent_req_error(req, ret); return; } /* Failure to get the flat name is not fatal. Just quit. */ if (reply_count == 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("No netlogon data available. Flat name " \ "might not be usable\n")); goto done; } else if (reply_count > 1) { DEBUG(SSSDBG_MINOR_FAILURE, ("More than one netlogon info returned.\n")); goto done; } /* Exactly one flat name. Carry on */ ret = netlogon_get_domain_info(state, reply[0], &state->flat, &state->forest); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not get the flat name or forest\n")); /* Not fatal. Just quit. */ goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Found flat name [%s].\n", state->flat)); DEBUG(SSSDBG_TRACE_FUNC, ("Found forest [%s].\n", state->forest)); done: tevent_req_done(req); return; } errno_t ad_master_domain_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **_flat, char **_id, char **_forest) { struct ad_master_domain_state *state = tevent_req_data(req, struct ad_master_domain_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_flat) { *_flat = talloc_steal(mem_ctx, state->flat); } if (_forest) { *_forest = talloc_steal(mem_ctx, state->forest); } if (_id) { *_id = talloc_steal(mem_ctx, state->sid); } return EOK; } sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_sudo.c0000644000000000000000000000007412320753107020525 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.561875019 sssd-1.11.5/src/providers/ad/ad_sudo.c0000664002412700241270000000311012320753107020742 0ustar00jhrozekjhrozek00000000000000/* SSSD AD SUDO Provider Initialization functions Authors: Sumit Bose Copyright (C) 2014 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/ad/ad_common.h" #include "providers/ldap/sdap_sudo.h" int ad_sudo_init(struct be_ctx *be_ctx, struct ad_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data) { int ret; struct ad_options *ad_options; struct sdap_options *ldap_options; DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing sudo AD back end\n")); ret = sdap_sudo_init(be_ctx, id_ctx->sdap_id_ctx, ops, pvt_data); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize LDAP SUDO [%d]: %s\n", ret, strerror(ret))); return ret; } ad_options = id_ctx->ad_options; ldap_options = id_ctx->sdap_id_ctx->opts; ad_options->id->sudorule_map = ldap_options->sudorule_map; return EOK; } sssd-1.11.5/src/providers/ad/PaxHeaders.13173/ad_srv.h0000644000000000000000000000007412320753107020372 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.496875067 sssd-1.11.5/src/providers/ad/ad_srv.h0000664002412700241270000000362112320753107020616 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __AD_SRV_H__ #define __AD_SRV_H__ struct ad_srv_plugin_ctx; struct ad_srv_plugin_ctx * ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, struct be_resolv_ctx *be_res, enum host_database *host_dbs, struct sdap_options *opts, const char *hostname, const char *ad_domain); struct tevent_req *ad_srv_plugin_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *service, const char *protocol, const char *discovery_domain, void *pvt); errno_t ad_srv_plugin_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain, struct fo_server_info **_primary_servers, size_t *_num_primary_servers, struct fo_server_info **_backup_servers, size_t *_num_backup_servers); #endif /* __AD_SRV_H__ */ sssd-1.11.5/src/providers/PaxHeaders.13173/krb50000644000000000000000000000012612320753521017143 xustar000000000000000028 mtime=1396954961.7238749 30 atime=1396955003.533843848 28 ctime=1396954961.7238749 sssd-1.11.5/src/providers/krb5/0000775002412700241270000000000012320753521017444 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_auth.c0000644000000000000000000000007412320753107021252 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.606874986 sssd-1.11.5/src/providers/krb5/krb5_auth.c0000664002412700241270000012514612320753107021505 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos 5 Backend Module Authors: Sumit Bose Copyright (C) 2009-2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include "util/util.h" #include "util/find_uid.h" #include "util/auth_utils.h" #include "db/sysdb.h" #include "util/child_common.h" #include "providers/krb5/krb5_auth.h" #include "providers/krb5/krb5_utils.h" static errno_t safe_remove_old_ccache_file(const char *old_ccache, const char *new_ccache, uid_t uid, gid_t gid) { if ((old_ccache == new_ccache) || (old_ccache && new_ccache && (strcmp(old_ccache, new_ccache) == 0))) { DEBUG(SSSDBG_TRACE_FUNC, ("New and old ccache file are the same, " "none will be deleted.\n")); return EOK; } return sss_krb5_cc_destroy(old_ccache, uid, gid); } static errno_t check_old_ccache(const char *old_ccache, struct krb5child_req *kr, const char *realm, bool *active, bool *valid) { errno_t ret; *active = false; *valid = false; ret = sss_krb5_cc_verify_ccache(old_ccache, kr->uid, kr->gid, realm, kr->upn); switch (ret) { case ERR_NOT_FOUND: case ENOENT: DEBUG(SSSDBG_TRACE_FUNC, ("Saved ccache %s doesn't exist.\n", old_ccache)); return ENOENT; case EINVAL: /* cache found but no tgt or expired */ case EOK: *valid = true; break; default: DEBUG(SSSDBG_OP_FAILURE, ("Cannot check if saved ccache %s is valid\n", old_ccache)); return ret; } ret = check_if_uid_is_active(kr->uid, active); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("check_if_uid_is_active failed.\n")); return ret; } return EOK; } static int krb5_mod_ccname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *ccname, int mod_op) { TALLOC_CTX *tmpctx; struct sysdb_attrs *attrs; int ret; errno_t sret; bool in_transaction = false; if (name == NULL || ccname == NULL) { DEBUG(1, ("Missing user or ccache name.\n")); return EINVAL; } if (mod_op != SYSDB_MOD_REP && mod_op != SYSDB_MOD_DEL) { DEBUG(1, ("Unsupported operation [%d].\n", mod_op)); return EINVAL; } DEBUG(9, ("%s ccname [%s] for user [%s].\n", mod_op == SYSDB_MOD_REP ? "Save" : "Delete", ccname, name)); tmpctx = talloc_new(mem_ctx); if (!tmpctx) { return ENOMEM; } attrs = sysdb_new_attrs(tmpctx); if (!attrs) { ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_CCACHE_FILE, ccname); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_add_string failed.\n")); goto done; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error %d starting transaction (%s)\n", ret, strerror(ret))); goto done; } in_transaction = true; ret = sysdb_set_user_attr(sysdb, domain, name, attrs, mod_op); if (ret != EOK) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction!\n")); goto done; } in_transaction = false; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } talloc_zfree(tmpctx); return ret; } static int krb5_save_ccname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *ccname) { return krb5_mod_ccname(mem_ctx, sysdb, domain, name, ccname, SYSDB_MOD_REP); } static int krb5_delete_ccname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *ccname) { return krb5_mod_ccname(mem_ctx, sysdb, domain, name, ccname, SYSDB_MOD_DEL); } static struct krb5_ctx *get_krb5_ctx(struct be_req *be_req) { struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct pam_data *pd; pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: case SSS_CMD_RENEW: return talloc_get_type(be_ctx->bet_info[BET_AUTH].pvt_bet_data, struct krb5_ctx); break; case SSS_PAM_ACCT_MGMT: return talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data, struct krb5_ctx); break; case SSS_PAM_CHAUTHTOK: case SSS_PAM_CHAUTHTOK_PRELIM: return talloc_get_type(be_ctx->bet_info[BET_CHPASS].pvt_bet_data, struct krb5_ctx); break; default: DEBUG(1, ("Unsupported PAM task.\n")); return NULL; } } static int krb5_cleanup(void *ptr) { struct krb5child_req *kr = talloc_get_type(ptr, struct krb5child_req); if (kr == NULL) return EOK; memset(kr, 0, sizeof(struct krb5child_req)); return EOK; } errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd, struct krb5_ctx *krb5_ctx, struct krb5child_req **krb5_req) { struct krb5child_req *kr = NULL; kr = talloc_zero(mem_ctx, struct krb5child_req); if (kr == NULL) { DEBUG(1, ("talloc failed.\n")); return ENOMEM; } kr->is_offline = false; kr->active_ccache = true; kr->run_as_user = true; talloc_set_destructor((TALLOC_CTX *) kr, krb5_cleanup); kr->pd = pd; kr->krb5_ctx = krb5_ctx; *krb5_req = kr; return EOK; } static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct confdb_ctx *cdb, struct pam_data *pd, uid_t uid, int *pam_status, int *dp_err) { const char *password = NULL; errno_t ret; ret = sss_authtok_get_password(pd->authtok, &password, NULL); if (ret != EOK) { DEBUG(0, ("Failed to get password [%d] %s\n", ret, strerror(ret))); *pam_status = PAM_SYSTEM_ERR; *dp_err = DP_ERR_OK; return; } ret = sysdb_cache_auth(sysdb, domain, pd->user, password, cdb, true, NULL, NULL); if (ret != EOK) { DEBUG(1, ("Offline authentication failed\n")); *pam_status = cached_login_pam_status(ret); *dp_err = DP_ERR_OK; return; } ret = add_user_to_delayed_online_authentication(krb5_ctx, pd, uid); if (ret != EOK) { /* This error is not fatal */ DEBUG(1, ("add_user_to_delayed_online_authentication failed.\n")); } *pam_status = PAM_AUTHINFO_UNAVAIL; *dp_err = DP_ERR_OFFLINE; } static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, struct be_ctx *be_ctx) { const char *ccname_template; errno_t ret; if (!kr->is_offline) { kr->is_offline = be_is_offline(be_ctx); } /* The ccache file should be (re)created if one of the following conditions * is true: * - it doesn't exist (kr->ccname == NULL) * - the backend is online and the current ccache file is not used, i.e * the related user is currently not logged in and it is not a renewal * request * (!kr->is_offline && !kr->active_ccache && kr->pd->cmd != SSS_CMD_RENEW) * - the backend is offline and the current cache file not used and * it does not contain a valid tgt * (kr->is_offline && !kr->active_ccache && !kr->valid_tgt) */ if (kr->ccname == NULL || (kr->is_offline && !kr->active_ccache && !kr->valid_tgt) || (!kr->is_offline && !kr->active_ccache && kr->pd->cmd != SSS_CMD_RENEW)) { DEBUG(9, ("Recreating ccache file.\n")); ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL); kr->ccname = expand_ccname_template(kr, kr, ccname_template, true, be_ctx->domain->case_sensitive); if (kr->ccname == NULL) { DEBUG(1, ("expand_ccname_template failed.\n")); return ENOMEM; } ret = sss_krb5_precreate_ccache(kr->ccname, kr->krb5_ctx->illegal_path_re, kr->uid, kr->gid); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ccache creation failed.\n")); return ret; } } return EOK; } static void krb5_auth_store_creds(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct pam_data *pd) { const char *password = NULL; int ret = EOK; switch(pd->cmd) { case SSS_CMD_RENEW: /* The authtok is set to the credential cache * during renewal. We don't want to save this * as the cached password. */ break; case SSS_PAM_AUTHENTICATE: case SSS_PAM_CHAUTHTOK_PRELIM: ret = sss_authtok_get_password(pd->authtok, &password, NULL); break; case SSS_PAM_CHAUTHTOK: ret = sss_authtok_get_password(pd->newauthtok, &password, NULL); break; default: DEBUG(0, ("unsupported PAM command [%d].\n", pd->cmd)); } if (ret != EOK) { DEBUG(0, ("Failed to get password [%d] %s\n", ret, strerror(ret))); /* password caching failures are not fatal errors */ return; } if (password == NULL) { if (pd->cmd != SSS_CMD_RENEW) { DEBUG(0, ("password not available, offline auth may not work.\n")); /* password caching failures are not fatal errors */ } return; } ret = sysdb_cache_password(sysdb, domain, pd->user, password); if (ret) { DEBUG(2, ("Failed to cache password, offline auth may not work." " (%d)[%s]!?\n", ret, strerror(ret))); /* password caching failures are not fatal errors */ } } /* krb5_auth request */ struct krb5_auth_state { struct tevent_context *ev; struct be_ctx *be_ctx; struct pam_data *pd; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; struct krb5_ctx *krb5_ctx; struct krb5child_req *kr; bool search_kpasswd; int pam_status; int dp_err; }; static void krb5_auth_resolve_done(struct tevent_req *subreq); static void krb5_auth_done(struct tevent_req *subreq); struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct pam_data *pd, struct krb5_ctx *krb5_ctx) { const char **attrs; struct krb5_auth_state *state; struct ldb_result *res; struct krb5child_req *kr = NULL; const char *ccache_file = NULL; const char *realm; struct tevent_req *req; struct tevent_req *subreq; int authtok_type; int ret; req = tevent_req_create(mem_ctx, &state, struct krb5_auth_state); if (req == NULL) { DEBUG(1, ("tevent_req_create failed.\n")); return NULL; } state->ev = ev; state->be_ctx = be_ctx; state->pd = pd; state->krb5_ctx = krb5_ctx; state->kr = NULL; state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_FATAL; ret = get_domain_or_subdomain(be_ctx, pd->domain, &state->domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("get_domain_or_subdomain failed.\n")); goto done; } state->sysdb = state->domain->sysdb; authtok_type = sss_authtok_get_type(pd->authtok); switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: case SSS_PAM_CHAUTHTOK: if (authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) { /* handle empty password gracefully */ if (authtok_type == SSS_AUTHTOK_TYPE_EMPTY) { DEBUG(SSSDBG_CRIT_FAILURE, ("Illegal zero-length authtok for user [%s]\n", pd->user)); state->pam_status = PAM_AUTH_ERR; state->dp_err = DP_ERR_OK; ret = EOK; goto done; } DEBUG(SSSDBG_CRIT_FAILURE, ("Wrong authtok type for user [%s]. " \ "Expected [%d], got [%d]\n", pd->user, SSS_AUTHTOK_TYPE_PASSWORD, authtok_type)); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_FATAL; ret = EINVAL; goto done; } break; case SSS_PAM_CHAUTHTOK_PRELIM: if (pd->priv == 1 && authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) { DEBUG(SSSDBG_MINOR_FAILURE, ("Password reset by root is not supported.\n")); state->pam_status = PAM_PERM_DENIED; state->dp_err = DP_ERR_OK; ret = EOK; goto done; } break; case SSS_CMD_RENEW: if (authtok_type != SSS_AUTHTOK_TYPE_CCFILE) { DEBUG(SSSDBG_CRIT_FAILURE, ("Wrong authtok type for user [%s]. " \ "Expected [%d], got [%d]\n", pd->user, SSS_AUTHTOK_TYPE_CCFILE, authtok_type)); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_FATAL; ret = EINVAL; goto done; } break; default: DEBUG(4, ("Unexpected pam task %d.\n", pd->cmd)); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_FATAL; ret = EINVAL; goto done; } if (be_is_offline(be_ctx) && (pd->cmd == SSS_PAM_CHAUTHTOK || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM || pd->cmd == SSS_CMD_RENEW)) { DEBUG(9, ("Password changes and ticket renewal are not possible " "while offline.\n")); state->pam_status = PAM_AUTHINFO_UNAVAIL; state->dp_err = DP_ERR_OFFLINE; ret = EOK; goto done; } attrs = talloc_array(state, const char *, 7); if (attrs == NULL) { ret = ENOMEM; goto done; } attrs[0] = SYSDB_UPN; attrs[1] = SYSDB_HOMEDIR; attrs[2] = SYSDB_CCACHE_FILE; attrs[3] = SYSDB_UIDNUM; attrs[4] = SYSDB_GIDNUM; attrs[5] = SYSDB_CANONICAL_UPN; attrs[6] = NULL; ret = krb5_setup(state, pd, krb5_ctx, &state->kr); if (ret != EOK) { DEBUG(1, ("krb5_setup failed.\n")); goto done; } kr = state->kr; ret = sysdb_get_user_attr(state, state->sysdb, state->domain, state->pd->user, attrs, &res); if (ret) { DEBUG(5, ("sysdb search for upn of user [%s] failed.\n", pd->user)); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_OK; goto done; } realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (realm == NULL) { DEBUG(1, ("Missing Kerberos realm.\n")); ret = ENOENT; goto done; } switch (res->count) { case 0: DEBUG(5, ("No attributes for user [%s] found.\n", pd->user)); ret = ENOENT; goto done; break; case 1: ret = find_or_guess_upn(state, res->msgs[0], krb5_ctx, be_ctx->domain, pd->user, pd->domain, &kr->upn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n")); goto done; } ret = compare_principal_realm(kr->upn, realm, &kr->upn_from_different_realm); if (ret != 0) { DEBUG(SSSDBG_OP_FAILURE, ("compare_principal_realm failed.\n")); goto done; } kr->homedir = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_HOMEDIR, NULL); if (kr->homedir == NULL) { DEBUG(4, ("Home directory for user [%s] not known.\n", pd->user)); } kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); if (kr->uid == 0) { DEBUG(4, ("UID for user [%s] not known.\n", pd->user)); ret = ENOENT; goto done; } kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); if (kr->gid == 0) { DEBUG(4, ("GID for user [%s] not known.\n", pd->user)); ret = ENOENT; goto done; } ccache_file = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CCACHE_FILE, NULL); if (ccache_file != NULL) { ret = check_old_ccache(ccache_file, kr, realm, &kr->active_ccache, &kr->valid_tgt); if (ret == ENOENT) { DEBUG(SSSDBG_FUNC_DATA, ("Ignoring ccache attribute [%s], because it doesn't" "exist.\n", ccache_file)); ccache_file = NULL; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("check_if_ccache_file_is_used failed.\n")); ccache_file = NULL; } } else { kr->active_ccache = false; kr->valid_tgt = false; DEBUG(4, ("No ccache file for user [%s] found.\n", pd->user)); } DEBUG(9, ("Ccache_file is [%s] and is %s active and TGT is %s valid.\n", ccache_file ? ccache_file : "not set", kr->active_ccache ? "" : "not", kr->valid_tgt ? "" : "not")); if (ccache_file != NULL) { kr->ccname = ccache_file; kr->old_ccname = talloc_strdup(kr, ccache_file); if (kr->old_ccname == NULL) { DEBUG(1, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } } else { kr->ccname = NULL; kr->old_ccname = NULL; } break; default: DEBUG(1, ("User search for (%s) returned > 1 results!\n", pd->user)); ret = EINVAL; goto done; break; } kr->srv = NULL; kr->kpasswd_srv = NULL; state->search_kpasswd = false; subreq = be_resolve_server_send(state, state->ev, state->be_ctx, state->krb5_ctx->service->name, state->kr->srv == NULL ? true : false); if (!subreq) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed resolver request.\n")); ret = EIO; goto done; } tevent_req_set_callback(subreq, krb5_auth_resolve_done, req); return req; done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, state->ev); return req; } static void krb5_auth_resolve_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct krb5_auth_state *state = tevent_req_data(req, struct krb5_auth_state); struct krb5child_req *kr = state->kr; char *msg; int ret; if (!state->search_kpasswd) { ret = be_resolve_server_recv(subreq, &kr->srv); } else { ret = be_resolve_server_recv(subreq, &kr->kpasswd_srv); } talloc_zfree(subreq); if (state->search_kpasswd) { if ((ret != EOK) && (kr->pd->cmd == SSS_PAM_CHAUTHTOK || kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM)) { /* all kpasswd servers have been tried and none was found good, * but the kdc seems ok. Password changes are not possible but * authentication is. We return an PAM error here, but do not * mark the backend offline. */ state->pam_status = PAM_AUTHTOK_LOCK_BUSY; state->dp_err = DP_ERR_OK; ret = EOK; goto done; } } else { if (ret != EOK) { /* all servers have been tried and none * was found good, setting offline, * but we still have to call the child to setup * the ccache file if we are performing auth */ be_mark_offline(state->be_ctx); kr->is_offline = true; if (kr->pd->cmd == SSS_PAM_CHAUTHTOK || kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) { DEBUG(SSSDBG_TRACE_FUNC, ("No KDC suitable for password change is available\n")); state->pam_status = PAM_AUTHTOK_LOCK_BUSY; state->dp_err = DP_ERR_OK; ret = EOK; goto done; } } else { if (kr->krb5_ctx->kpasswd_service != NULL) { state->search_kpasswd = true; subreq = be_resolve_server_send(state, state->ev, state->be_ctx, state->krb5_ctx->kpasswd_service->name, kr->kpasswd_srv == NULL ? true : false); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Resolver request failed.\n")); ret = EIO; goto done; } tevent_req_set_callback(subreq, krb5_auth_resolve_done, req); return; } } } ret = krb5_auth_prepare_ccache_name(kr, state->be_ctx); if (ret) { goto done; } if (kr->is_offline) { DEBUG(9, ("Preparing for offline operation.\n")); if (kr->valid_tgt || kr->active_ccache) { DEBUG(9, ("Valid TGT available or " "ccache file is already in use.\n")); kr->ccname = kr->old_ccname; msg = talloc_asprintf(kr->pd, "%s=%s", CCACHE_ENV_NAME, kr->ccname); if (msg == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); } else { ret = pam_add_response(kr->pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1, (uint8_t *) msg); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } } if (dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_STORE_PASSWORD_IF_OFFLINE)) { krb5_auth_cache_creds(state->kr->krb5_ctx, state->domain->sysdb, state->domain, state->be_ctx->cdb, kr->pd, kr->uid, &state->pam_status, &state->dp_err); } else { state->pam_status = PAM_AUTHINFO_UNAVAIL; state->dp_err = DP_ERR_OFFLINE; } ret = EOK; goto done; } } /* We need to keep the root privileges to read the keytab file if * validation or FAST is enabled, otherwise we can drop them and run * krb5_child with user privileges. * If we are offline we want to create an empty ccache file. In this * case we can drop the privileges, too. */ if ((dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_VALIDATE) || kr->krb5_ctx->use_fast) && (!kr->is_offline)) { kr->run_as_user = false; } else { kr->run_as_user = true; } subreq = handle_child_send(state, state->ev, kr); if (subreq == NULL) { DEBUG(1, ("handle_child_send failed.\n")); ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, krb5_auth_done, req); return; done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } static void krb5_auth_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct krb5_auth_state *state = tevent_req_data(req, struct krb5_auth_state); struct krb5child_req *kr = state->kr; struct pam_data *pd = state->pd; int ret; uint8_t *buf = NULL; ssize_t len = -1; struct krb5_child_response *res; struct fo_server *search_srv; krb5_deltat renew_interval_delta; char *renew_interval_str; time_t renew_interval_time = 0; bool use_enterprise_principal; uint32_t user_info_type; ret = handle_child_recv(subreq, pd, &buf, &len); talloc_zfree(subreq); if (ret == ETIMEDOUT) { DEBUG(1, ("child timed out!\n")); switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: case SSS_CMD_RENEW: state->search_kpasswd = false; search_srv = kr->srv; break; case SSS_PAM_CHAUTHTOK: case SSS_PAM_CHAUTHTOK_PRELIM: if (state->kr->kpasswd_srv) { state->search_kpasswd = true; search_srv = kr->kpasswd_srv; break; } else { state->search_kpasswd = false; search_srv = kr->srv; break; } default: DEBUG(1, ("Unexpected PAM task\n")); ret = EINVAL; goto done; } be_fo_set_port_status(state->be_ctx, state->krb5_ctx->service->name, search_srv, PORT_NOT_WORKING); subreq = be_resolve_server_send(state, state->ev, state->be_ctx, state->krb5_ctx->service->name, search_srv == NULL ? true : false); if (subreq == NULL) { DEBUG(1, ("Failed resolved request.\n")); ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, krb5_auth_resolve_done, req); return; } else if (ret != EOK) { DEBUG(1, ("child failed (%d [%s])\n", ret, strerror(ret))); goto done; } /* EOK */ ret = parse_krb5_child_response(state, buf, len, pd, state->be_ctx->domain->pwd_expiration_warning, &res); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not parse child response [%d]: %s\n", ret, strerror(ret))); goto done; } if (res->ccname) { kr->ccname = talloc_strdup(kr, res->ccname); if (!kr->ccname) { ret = ENOMEM; goto done; } } use_enterprise_principal = dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_USE_ENTERPRISE_PRINCIPAL); /* Check if the cases of our upn are correct and update it if needed. * Fail if the upn differs by more than just the case for non-enterprise * principals. */ if (res->correct_upn != NULL && strcmp(kr->upn, res->correct_upn) != 0) { if (strcasecmp(kr->upn, res->correct_upn) == 0 || use_enterprise_principal == true) { talloc_free(kr->upn); kr->upn = talloc_strdup(kr, res->correct_upn); if (kr->upn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } ret = check_if_cached_upn_needs_update(state->sysdb, state->domain, pd->user, res->correct_upn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("check_if_cached_upn_needs_update failed.\n")); goto done; } } else { DEBUG(SSSDBG_CRIT_FAILURE, ("UPN used in the request [%s] and " \ "returned UPN [%s] differ by more " \ "than just the case.\n", kr->upn, res->correct_upn)); ret = EINVAL; goto done; } } /* If the child request failed, but did not return an offline error code, * return with the status */ switch (res->msg_status) { case ERR_OK: /* If the child request was successful and we run the first pass of the * change password request just return success. */ if (pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) { state->pam_status = PAM_SUCCESS; state->dp_err = DP_ERR_OK; ret = EOK; goto done; } break; case ERR_NETWORK_IO: if (kr->kpasswd_srv != NULL && (pd->cmd == SSS_PAM_CHAUTHTOK || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM)) { /* if using a dedicated kpasswd server for a chpass operation... */ be_fo_set_port_status(state->be_ctx, state->krb5_ctx->kpasswd_service->name, kr->kpasswd_srv, PORT_NOT_WORKING); /* ..try to resolve next kpasswd server */ state->search_kpasswd = true; subreq = be_resolve_server_send(state, state->ev, state->be_ctx, state->krb5_ctx->kpasswd_service->name, state->kr->kpasswd_srv == NULL ? true : false); if (subreq == NULL) { DEBUG(1, ("Resolver request failed.\n")); ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, krb5_auth_resolve_done, req); return; } else if (kr->srv != NULL) { /* failed to use the KDC... */ be_fo_set_port_status(state->be_ctx, state->krb5_ctx->service->name, kr->srv, PORT_NOT_WORKING); /* ..try to resolve next KDC */ state->search_kpasswd = false; subreq = be_resolve_server_send(state, state->ev, state->be_ctx, state->krb5_ctx->service->name, kr->srv == NULL ? true : false); if (subreq == NULL) { DEBUG(1, ("Resolver request failed.\n")); ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, krb5_auth_resolve_done, req); return; } break; case ERR_CREDS_EXPIRED: /* If the password is expired we can safely remove the ccache from the * cache and disk if it is not actively used anymore. This will allow * to create a new random ccache if sshd with privilege separation is * used. */ if (pd->cmd == SSS_PAM_AUTHENTICATE && !kr->active_ccache) { if (kr->old_ccname != NULL) { ret = safe_remove_old_ccache_file(kr->old_ccname, NULL, kr->uid, kr->gid); if (ret != EOK) { DEBUG(1, ("Failed to remove old ccache file [%s], " "please remove it manually.\n", kr->old_ccname)); } ret = krb5_delete_ccname(state, state->sysdb, state->domain, pd->user, kr->old_ccname); if (ret != EOK) { DEBUG(1, ("krb5_delete_ccname failed.\n")); } } } state->pam_status = PAM_NEW_AUTHTOK_REQD; state->dp_err = DP_ERR_OK; ret = EOK; goto done; case ERR_CREDS_INVALID: state->pam_status = PAM_CRED_ERR; state->dp_err = DP_ERR_OK; ret = EOK; goto done; case ERR_ACCOUNT_EXPIRED: state->pam_status = PAM_ACCT_EXPIRED; state->dp_err = DP_ERR_OK; ret = EOK; goto done; case ERR_NO_CREDS: state->pam_status = PAM_CRED_UNAVAIL; state->dp_err = DP_ERR_OK; ret = EOK; goto done; case ERR_AUTH_FAILED: state->pam_status = PAM_AUTH_ERR; state->dp_err = DP_ERR_OK; ret = EOK; goto done; case ERR_CHPASS_FAILED: state->pam_status = PAM_AUTHTOK_ERR; state->dp_err = DP_ERR_OK; ret = EOK; goto done; default: state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_OK; ret = EOK; goto done; } if (kr->kpasswd_srv != NULL && (pd->cmd == SSS_PAM_CHAUTHTOK || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM)) { /* found a dedicated kpasswd server for a chpass operation */ be_fo_set_port_status(state->be_ctx, state->krb5_ctx->service->name, kr->kpasswd_srv, PORT_WORKING); } else if (kr->srv != NULL) { /* found a KDC */ be_fo_set_port_status(state->be_ctx, state->krb5_ctx->service->name, kr->srv, PORT_WORKING); } /* Now only a successful authentication or password change is left. * * We expect that one of the messages in the received buffer contains * the name of the credential cache file. */ if (kr->ccname == NULL) { DEBUG(1, ("Missing ccache name in child response.\n")); ret = EINVAL; goto done; } ret = sss_krb5_check_ccache_princ(kr->uid, kr->gid, kr->ccname, kr->upn); if (ret) { if (res->otp == true && pd->cmd == SSS_PAM_CHAUTHTOK) { DEBUG(SSSDBG_IMPORTANT_INFO, ("Password change succeeded but currently " "post-chpass kinit is not implemented\n")); user_info_type = SSS_PAM_USER_INFO_OTP_CHPASS; ret = pam_add_response(pd, SSS_PAM_USER_INFO, sizeof(uint32_t), (const uint8_t *) &user_info_type); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("pam_add_response failed.\n")); /* Not fatal */ } } else { DEBUG(SSSDBG_CRIT_FAILURE, ("No ccache for %s in %s?\n", kr->upn, kr->ccname)); goto done; } } if (kr->old_ccname) { ret = safe_remove_old_ccache_file(kr->old_ccname, kr->ccname, kr->uid, kr->gid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to remove old ccache file [%s], " "please remove it manually.\n", kr->old_ccname)); } } ret = krb5_save_ccname(state, state->sysdb, state->domain, pd->user, kr->ccname); if (ret) { DEBUG(1, ("krb5_save_ccname failed.\n")); goto done; } renew_interval_str = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_RENEW_INTERVAL); if (renew_interval_str != NULL) { ret = krb5_string_to_deltat(renew_interval_str, &renew_interval_delta); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Reading krb5_renew_interval failed.\n")); renew_interval_delta = 0; } renew_interval_time = renew_interval_delta; } if (res->msg_status == ERR_OK && renew_interval_time > 0 && (pd->cmd == SSS_PAM_AUTHENTICATE || pd->cmd == SSS_CMD_RENEW || pd->cmd == SSS_PAM_CHAUTHTOK) && (res->tgtt.renew_till > res->tgtt.endtime) && (kr->ccname != NULL)) { DEBUG(7, ("Adding [%s] for automatic renewal.\n", kr->ccname)); ret = add_tgt_to_renew_table(kr->krb5_ctx, kr->ccname, &(res->tgtt), pd, kr->upn); if (ret != EOK) { DEBUG(1, ("add_tgt_to_renew_table failed, " "automatic renewal not possible.\n")); } } if (kr->is_offline) { if (dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_STORE_PASSWORD_IF_OFFLINE)) { krb5_auth_cache_creds(state->kr->krb5_ctx, state->domain->sysdb, state->domain, state->be_ctx->cdb, state->pd, state->kr->uid, &state->pam_status, &state->dp_err); } else { DEBUG(4, ("Backend is marked offline, retry later!\n")); state->pam_status = PAM_AUTHINFO_UNAVAIL; state->dp_err = DP_ERR_OFFLINE; } ret = EOK; goto done; } if (state->be_ctx->domain->cache_credentials == TRUE && !res->otp) { krb5_auth_store_creds(state->sysdb, state->domain, pd); } state->pam_status = PAM_SUCCESS; state->dp_err = DP_ERR_OK; ret = EOK; done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } int krb5_auth_recv(struct tevent_req *req, int *pam_status, int *dp_err) { struct krb5_auth_state *state = tevent_req_data(req, struct krb5_auth_state); *pam_status = state->pam_status; *dp_err = state->dp_err; TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } void krb5_pam_handler_auth_done(struct tevent_req *req); static void krb5_pam_handler_access_done(struct tevent_req *req); void krb5_pam_handler(struct be_req *be_req) { struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct tevent_req *req; struct pam_data *pd; struct krb5_ctx *krb5_ctx; int dp_err = DP_ERR_FATAL; int ret; pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); pd->pam_status = PAM_SYSTEM_ERR; krb5_ctx = get_krb5_ctx(be_req); if (krb5_ctx == NULL) { DEBUG(1, ("Kerberos context not available.\n")); goto done; } switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: case SSS_CMD_RENEW: case SSS_PAM_CHAUTHTOK_PRELIM: case SSS_PAM_CHAUTHTOK: ret = add_to_wait_queue(be_req, pd, krb5_ctx); if (ret == EOK) { DEBUG(7, ("Request successfully added to wait queue " "of user [%s].\n", pd->user)); return; } else if (ret == ENOENT) { DEBUG(7, ("Wait queue of user [%s] is empty, " "running request immediately.\n", pd->user)); } else { DEBUG(7, ("Failed to add request to wait queue of user [%s], " "running request immediately.\n", pd->user)); } req = krb5_auth_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx); if (req == NULL) { DEBUG(1, ("krb5_auth_send failed.\n")); goto done; } tevent_req_set_callback(req, krb5_pam_handler_auth_done, be_req); break; case SSS_PAM_ACCT_MGMT: req = krb5_access_send(be_req, be_ctx->ev, be_ctx, pd, krb5_ctx); if (req == NULL) { DEBUG(1, ("krb5_access_send failed.\n")); goto done; } tevent_req_set_callback(req, krb5_pam_handler_access_done, be_req); break; case SSS_PAM_SETCRED: case SSS_PAM_OPEN_SESSION: case SSS_PAM_CLOSE_SESSION: pd->pam_status = PAM_SUCCESS; dp_err = DP_ERR_OK; goto done; break; default: DEBUG(4, ("krb5 does not handles pam task %d.\n", pd->cmd)); pd->pam_status = PAM_MODULE_UNKNOWN; dp_err = DP_ERR_OK; goto done; } return; done: be_req_terminate(be_req, dp_err, pd->pam_status, NULL); } void krb5_pam_handler_auth_done(struct tevent_req *req) { int ret; struct be_req *be_req = tevent_req_callback_data(req, struct be_req); int pam_status; int dp_err; struct pam_data *pd; struct krb5_ctx *krb5_ctx; pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); ret = krb5_auth_recv(req, &pam_status, &dp_err); talloc_zfree(req); if (ret) { pd->pam_status = PAM_SYSTEM_ERR; dp_err = DP_ERR_OK; } else { pd->pam_status = pam_status; } krb5_ctx = get_krb5_ctx(be_req); if (krb5_ctx != NULL) { check_wait_queue(krb5_ctx, pd->user); } else { DEBUG(1, ("Kerberos context not available.\n")); } be_req_terminate(be_req, dp_err, pd->pam_status, NULL); } static void krb5_pam_handler_access_done(struct tevent_req *req) { int ret; struct be_req *be_req = tevent_req_callback_data(req, struct be_req); bool access_allowed; struct pam_data *pd; int dp_err = DP_ERR_OK; pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); pd->pam_status = PAM_SYSTEM_ERR; ret = krb5_access_recv(req, &access_allowed); talloc_zfree(req); if (ret != EOK) { DEBUG(1, ("krb5_access request failed [%d][%s]\n", ret, strerror(ret))); goto done; } DEBUG(7, ("Access %s for user [%s].\n", access_allowed ? "allowed" : "denied", pd->user)); pd->pam_status = access_allowed ? PAM_SUCCESS : PAM_PERM_DENIED; dp_err = DP_ERR_OK; done: be_req_terminate(be_req, dp_err, pd->pam_status, NULL); } sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_access.c0000644000000000000000000000007412320753107021552 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.606874986 sssd-1.11.5/src/providers/krb5/krb5_access.c0000664002412700241270000001325112320753107021776 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos 5 Backend Module - access control Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "providers/krb5/krb5_auth.h" #include "providers/krb5/krb5_common.h" #include "providers/krb5/krb5_utils.h" struct krb5_access_state { struct tevent_context *ev; struct be_ctx *be_ctx; struct pam_data *pd; struct krb5_ctx *krb5_ctx; struct krb5child_req *kr; bool access_allowed; }; static void krb5_access_done(struct tevent_req *subreq); struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct pam_data *pd, struct krb5_ctx *krb5_ctx) { struct krb5_access_state *state; struct tevent_req *req; struct tevent_req *subreq; int ret; const char **attrs; struct ldb_result *res; req = tevent_req_create(mem_ctx, &state, struct krb5_access_state); if (req == NULL) { DEBUG(1, ("tevent_req_create failed.\n")); return NULL; } state->ev = ev; state->be_ctx = be_ctx; state->pd = pd; state->krb5_ctx = krb5_ctx; state->access_allowed = false; ret = krb5_setup(state, pd, krb5_ctx, &state->kr); if (ret != EOK) { DEBUG(1, ("krb5_setup failed.\n")); goto done; } if (pd->cmd != SSS_PAM_ACCT_MGMT) { DEBUG(1, ("Unexpected pam task.\n")); ret = EINVAL; goto done; } attrs = talloc_array(state, const char *, 5); if (attrs == NULL) { DEBUG(1, ("talloc_array failed.\n")); ret = ENOMEM; goto done; } attrs[0] = SYSDB_UPN; attrs[1] = SYSDB_UIDNUM; attrs[2] = SYSDB_GIDNUM; attrs[3] = SYSDB_CANONICAL_UPN; attrs[4] = NULL; ret = sysdb_get_user_attr(state, be_ctx->domain->sysdb, be_ctx->domain, state->pd->user, attrs, &res); if (ret) { DEBUG(5, ("sysdb search for upn of user [%s] failed.\n", pd->user)); goto done; } switch (res->count) { case 0: DEBUG(5, ("No attributes for user [%s] found.\n", pd->user)); ret = ENOENT; goto done; break; case 1: ret = find_or_guess_upn(state, res->msgs[0], krb5_ctx, be_ctx->domain, pd->user, pd->domain, &state->kr->upn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n")); goto done; } state->kr->uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); if (state->kr->uid == 0) { DEBUG(4, ("UID for user [%s] not known.\n", pd->user)); ret = ENOENT; goto done; } state->kr->gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); if (state->kr->gid == 0) { DEBUG(4, ("GID for user [%s] not known.\n", pd->user)); ret = ENOENT; goto done; } break; default: DEBUG(1, ("User search for [%s] returned > 1 results!\n", pd->user)); ret = EINVAL; goto done; break; } subreq = handle_child_send(state, state->ev, state->kr); if (subreq == NULL) { DEBUG(1, ("handle_child_send failed.\n")); ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, krb5_access_done, req); return req; done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, state->ev); return req; } static void krb5_access_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct krb5_access_state *state = tevent_req_data(req, struct krb5_access_state); int ret; uint8_t *buf = NULL; ssize_t len = -1; int32_t msg_status; ret = handle_child_recv(subreq, state, &buf, &len); talloc_free(subreq); if (ret != EOK) { DEBUG(1, ("child failed [%d][%s].\n", ret, strerror(ret))); goto fail; } if ((size_t) len != sizeof(int32_t)) { DEBUG(1, ("message has the wrong size.\n")); ret = EINVAL; goto fail; } SAFEALIGN_COPY_INT32(&msg_status, buf, NULL); if (msg_status == EOK) { state->access_allowed = true; } else { state->access_allowed = false; } tevent_req_done(req); return; fail: tevent_req_error(req, ret); return; } int krb5_access_recv(struct tevent_req *req, bool *access_allowed) { struct krb5_access_state *state = tevent_req_data(req, struct krb5_access_state); TEVENT_REQ_RETURN_ON_ERROR(req); *access_allowed = state->access_allowed; return EOK; } sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_init.c0000644000000000000000000000007312320753107021253 xustar000000000000000030 atime=1396954939.266891431 29 ctime=1396954961.60087499 sssd-1.11.5/src/providers/krb5/krb5_init.c0000664002412700241270000001377612320753107021514 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos 5 Backend Module Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "util/child_common.h" #include "providers/krb5/krb5_auth.h" #include "providers/krb5/krb5_common.h" #include "providers/krb5/krb5_init_shared.h" struct krb5_options { struct dp_option *opts; struct krb5_ctx *auth_ctx; }; struct krb5_options *krb5_options = NULL; struct bet_ops krb5_auth_ops = { .handler = krb5_pam_handler, .finalize = NULL, }; int krb5_ctx_re_destructor(void *memctx) { struct krb5_ctx *ctx = (struct krb5_ctx *) memctx; if (ctx->illegal_path_re) { pcre_free(ctx->illegal_path_re); ctx->illegal_path_re = NULL; } return 0; } int sssm_krb5_auth_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_auth_data) { struct krb5_ctx *ctx = NULL; int ret; const char *krb5_servers; const char *krb5_backup_servers; const char *krb5_kpasswd_servers; const char *krb5_backup_kpasswd_servers; const char *krb5_realm; const char *errstr; int errval; int errpos; if (krb5_options == NULL) { krb5_options = talloc_zero(bectx, struct krb5_options); if (krb5_options == NULL) { DEBUG(1, ("talloc_zero failed.\n")); return ENOMEM; } ret = krb5_get_options(krb5_options, bectx->cdb, bectx->conf_path, &krb5_options->opts); if (ret != EOK) { DEBUG(1, ("krb5_get_options failed.\n")); return ret; } } if (krb5_options->auth_ctx != NULL) { *ops = &krb5_auth_ops; *pvt_auth_data = krb5_options->auth_ctx; return EOK; } ctx = talloc_zero(bectx, struct krb5_ctx); if (!ctx) { DEBUG(1, ("talloc failed.\n")); return ENOMEM; } krb5_options->auth_ctx = ctx; ctx->action = INIT_PW; ctx->opts = krb5_options->opts; ctx->config_type = K5C_GENERIC; krb5_servers = dp_opt_get_string(ctx->opts, KRB5_KDC); krb5_backup_servers = dp_opt_get_string(ctx->opts, KRB5_BACKUP_KDC); krb5_realm = dp_opt_get_string(ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { DEBUG(0, ("Missing krb5_realm option!\n")); return EINVAL; } ret = krb5_service_init(ctx, bectx, SSS_KRB5KDC_FO_SRV, krb5_servers, krb5_backup_servers, krb5_realm, dp_opt_get_bool(krb5_options->opts, KRB5_USE_KDCINFO), &ctx->service); if (ret != EOK) { DEBUG(0, ("Failed to init KRB5 failover service!\n")); return ret; } krb5_kpasswd_servers = dp_opt_get_string(ctx->opts, KRB5_KPASSWD); krb5_backup_kpasswd_servers = dp_opt_get_string(ctx->opts, KRB5_BACKUP_KPASSWD); if (krb5_kpasswd_servers == NULL && krb5_backup_kpasswd_servers != NULL) { DEBUG(SSSDBG_CONF_SETTINGS, ("kpasswd server wasn't specified but " "backup kpasswd given. Using it as primary\n")); krb5_kpasswd_servers = krb5_backup_kpasswd_servers; krb5_backup_kpasswd_servers = NULL; } if (krb5_kpasswd_servers == NULL && krb5_servers != NULL) { DEBUG(0, ("Missing krb5_kpasswd option and KDC set explicitly, " "will use KDC for pasword change operations!\n")); ctx->kpasswd_service = NULL; } else { ret = krb5_service_init(ctx, bectx, SSS_KRB5KPASSWD_FO_SRV, krb5_kpasswd_servers, krb5_backup_kpasswd_servers, krb5_realm, dp_opt_get_bool(krb5_options->opts, KRB5_USE_KDCINFO), &ctx->kpasswd_service); if (ret != EOK) { DEBUG(0, ("Failed to init KRB5KPASSWD failover service!\n")); return ret; } } /* Initialize features needed by the krb5_child */ ret = krb5_child_init(ctx, bectx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not initialize krb5_child settings: [%s]\n", strerror(ret))); goto fail; } ctx->illegal_path_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0, &errval, &errstr, &errpos, NULL); if (ctx->illegal_path_re == NULL) { DEBUG(1, ("Invalid Regular Expression pattern at position %d. " "(Error: %d [%s])\n", errpos, errval, errstr)); ret = EFAULT; goto fail; } talloc_set_destructor((TALLOC_CTX *) ctx, krb5_ctx_re_destructor); *ops = &krb5_auth_ops; *pvt_auth_data = ctx; return EOK; fail: talloc_zfree(krb5_options->auth_ctx); return ret; } int sssm_krb5_chpass_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_auth_data) { return sssm_krb5_auth_init(bectx, ops, pvt_auth_data); } int sssm_krb5_access_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_auth_data) { return sssm_krb5_auth_init(bectx, ops, pvt_auth_data); } sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_init_shared.h0000644000000000000000000000007412320753107022607 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.472875085 sssd-1.11.5/src/providers/krb5/krb5_init_shared.h0000664002412700241270000000167512320753107023042 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef KRB5_INIT_SHARED_H_ #define KRB5_INIT_SHARED_H_ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, struct be_ctx *bectx); #endif /* KRB5_INIT_SHARED_H_ */ sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_wait_queue.c0000644000000000000000000000007412320753107022461 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.604874988 sssd-1.11.5/src/providers/krb5/krb5_wait_queue.c0000664002412700241270000001401112320753107022700 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos 5 Backend Module - Serialize the request of a user Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include "src/providers/krb5/krb5_auth.h" #define INIT_HASH_SIZE 5 struct queue_entry { struct queue_entry *prev; struct queue_entry *next; struct be_req *be_req; struct pam_data *pd; struct krb5_ctx *krb5_ctx; }; static void wait_queue_auth(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *private_data) { struct queue_entry *qe = talloc_get_type(private_data, struct queue_entry); struct be_ctx *be_ctx = be_req_get_be_ctx(qe->be_req); struct tevent_req *req; req = krb5_auth_send(qe->be_req, be_ctx->ev, be_ctx, qe->pd, qe->krb5_ctx); if (req == NULL) { DEBUG(1, ("krb5_auth_send failed.\n")); } else { tevent_req_set_callback(req, krb5_pam_handler_auth_done, qe->be_req); } talloc_zfree(qe); } static void wait_queue_del_cb(hash_entry_t *entry, hash_destroy_enum type, void *pvt) { struct queue_entry *head; if (entry->value.type == HASH_VALUE_PTR) { head = talloc_get_type(entry->value.ptr, struct queue_entry); talloc_zfree(head); return; } DEBUG(1, ("Unexpected value type [%d].\n", entry->value.type)); } errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, struct krb5_ctx *krb5_ctx) { int ret; hash_key_t key; hash_value_t value; struct queue_entry *head; struct queue_entry *queue_entry; if (krb5_ctx->wait_queue_hash == NULL) { ret = sss_hash_create_ex(krb5_ctx, INIT_HASH_SIZE, &krb5_ctx->wait_queue_hash, 0, 0, 0, 0, wait_queue_del_cb, NULL); if (ret != EOK) { DEBUG(1, ("sss_hash_create failed")); return ret; } } key.type = HASH_KEY_STRING; key.str = pd->user; ret = hash_lookup(krb5_ctx->wait_queue_hash, &key, &value); switch (ret) { case HASH_SUCCESS: if (value.type != HASH_VALUE_PTR) { DEBUG(1, ("Unexpected hash value type.\n")); return EINVAL; } head = talloc_get_type(value.ptr, struct queue_entry); queue_entry = talloc_zero(head, struct queue_entry); if (queue_entry == NULL) { DEBUG(1, ("talloc_zero failed.\n")); return ENOMEM; } queue_entry->be_req = be_req; queue_entry->pd = pd; queue_entry->krb5_ctx = krb5_ctx; DLIST_ADD_END(head, queue_entry, struct queue_entry *); break; case HASH_ERROR_KEY_NOT_FOUND: value.type = HASH_VALUE_PTR; head = talloc_zero(krb5_ctx->wait_queue_hash, struct queue_entry); if (head == NULL) { DEBUG(1, ("talloc_zero failed.\n")); return ENOMEM; } value.ptr = head; ret = hash_enter(krb5_ctx->wait_queue_hash, &key, &value); if (ret != HASH_SUCCESS) { DEBUG(1, ("hash_enter failed.\n")); talloc_free(head); return EIO; } break; default: DEBUG(1, ("hash_lookup failed.\n")); return EIO; } if (head->next == NULL) { return ENOENT; } else { return EOK; } } void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username) { int ret; hash_key_t key; hash_value_t value; struct queue_entry *head; struct queue_entry *queue_entry; struct tevent_timer *te; struct be_ctx *be_ctx; if (krb5_ctx->wait_queue_hash == NULL) { DEBUG(1, ("No wait queue available.\n")); return; } key.type = HASH_KEY_STRING; key.str = username; ret = hash_lookup(krb5_ctx->wait_queue_hash, &key, &value); switch (ret) { case HASH_SUCCESS: if (value.type != HASH_VALUE_PTR) { DEBUG(1, ("Unexpected hash value type.\n")); return; } head = talloc_get_type(value.ptr, struct queue_entry); if (head->next == NULL) { DEBUG(7, ("Wait queue for user [%s] is empty.\n", username)); } else { queue_entry = head->next; DLIST_REMOVE(head, queue_entry); be_ctx = be_req_get_be_ctx(queue_entry->be_req); te = tevent_add_timer(be_ctx->ev, krb5_ctx, tevent_timeval_current(), wait_queue_auth, queue_entry); if (te == NULL) { DEBUG(1, ("tevent_add_timer failed.\n")); } else { return; } } ret = hash_delete(krb5_ctx->wait_queue_hash, &key); if (ret != HASH_SUCCESS) { DEBUG(1, ("Failed to remove wait queue for user [%s].\n", username)); } break; case HASH_ERROR_KEY_NOT_FOUND: DEBUG(1, ("No wait queue for user [%s] found.\n", username)); break; default: DEBUG(1, ("hash_lookup failed.\n")); } return; } sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_utils.c0000644000000000000000000000007312320753107021450 xustar000000000000000030 atime=1396954939.266891431 29 ctime=1396954961.60187499 sssd-1.11.5/src/providers/krb5/krb5_utils.c0000664002412700241270000007755312320753107021714 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos 5 Backend Module -- Utilities Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "providers/krb5/krb5_utils.h" #include "providers/krb5/krb5_auth.h" #include "src/util/find_uid.h" #include "util/util.h" errno_t find_or_guess_upn(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct krb5_ctx *krb5_ctx, struct sss_domain_info *dom, const char *user, const char *user_dom, char **_upn) { const char *upn = NULL; int ret; if (krb5_ctx == NULL || dom == NULL || user == NULL || _upn == NULL) { return EINVAL; } if (msg != NULL) { upn = ldb_msg_find_attr_as_string(msg, SYSDB_CANONICAL_UPN, NULL); if (upn != NULL) { ret = EOK; goto done; } upn = ldb_msg_find_attr_as_string(msg, SYSDB_UPN, NULL); if (upn != NULL) { ret = EOK; goto done; } } ret = krb5_get_simple_upn(mem_ctx, krb5_ctx, dom, user, user_dom, _upn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_get_simple_upn failed.\n")); return ret; } done: if (ret == EOK && upn != NULL) { *_upn = talloc_strdup(mem_ctx, upn); if (*_upn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); return ENOMEM; } } return ret; } errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *user, const char *upn) { TALLOC_CTX *tmp_ctx; int ret; int sret; const char *attrs[] = {SYSDB_UPN, SYSDB_CANONICAL_UPN, NULL}; struct sysdb_attrs *new_attrs; struct ldb_result *res; bool in_transaction = false; const char *cached_upn; const char *cached_canonical_upn; if (sysdb == NULL || user == NULL || upn == NULL) { return EINVAL; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } ret = sysdb_get_user_attr(tmp_ctx, sysdb, domain, user, attrs, &res); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_get_user_attr failed.\n")); goto done; } if (res->count != 1) { DEBUG(SSSDBG_OP_FAILURE, ("[%d] user objects for name [%s] found, " \ "expected 1.\n", res->count, user)); ret = EINVAL; goto done; } cached_upn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_UPN, NULL); if (cached_upn != NULL && strcmp(cached_upn, upn) == 0) { DEBUG(SSSDBG_TRACE_ALL, ("Cached UPN and new one match, " "nothing to do.\n")); ret = EOK; goto done; } cached_canonical_upn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CANONICAL_UPN, NULL); if (cached_canonical_upn != NULL && strcmp(cached_canonical_upn, upn) == 0) { DEBUG(SSSDBG_TRACE_ALL, ("Cached canonical UPN and new one match, " "nothing to do.\n")); ret = EOK; goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Replacing canonical UPN [%s] with [%s] " \ "for user [%s].\n", cached_canonical_upn == NULL ? "empty" : cached_canonical_upn, upn, user)); new_attrs = sysdb_new_attrs(tmp_ctx); if (new_attrs == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n")); ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(new_attrs, SYSDB_CANONICAL_UPN, upn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); goto done; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Error %d starting transaction (%s)\n", ret, strerror(ret))); goto done; } in_transaction = true; ret = sysdb_set_entry_attr(sysdb, res->msgs[0]->dn, new_attrs, cached_canonical_upn == NULL ? SYSDB_MOD_ADD : SYSDB_MOD_REP); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_set_entry_attr failed [%d][%s].\n", ret, strerror(ret))); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to commit transaction!\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } #define S_EXP_UID "{uid}" #define L_EXP_UID (sizeof(S_EXP_UID) - 1) #define S_EXP_USERID "{USERID}" #define L_EXP_USERID (sizeof(S_EXP_USERID) - 1) #define S_EXP_EUID "{euid}" #define L_EXP_EUID (sizeof(S_EXP_EUID) - 1) #define S_EXP_USERNAME "{username}" #define L_EXP_USERNAME (sizeof(S_EXP_USERNAME) - 1) char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, const char *template, bool file_mode, bool case_sensitive) { char *copy; char *p; char *n; char *result = NULL; char *dummy; char *name; char *res = NULL; const char *cache_dir_tmpl; TALLOC_CTX *tmp_ctx = NULL; char action; bool rerun; if (template == NULL) { DEBUG(1, ("Missing template.\n")); return NULL; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return NULL; copy = talloc_strdup(tmp_ctx, template); if (copy == NULL) { DEBUG(1, ("talloc_strdup failed.\n")); goto done; } result = talloc_strdup(tmp_ctx, ""); if (result == NULL) { DEBUG(1, ("talloc_strdup failed.\n")); goto done; } p = copy; while ( (n = strchr(p, '%')) != NULL) { *n = '\0'; n++; if ( *n == '\0' ) { DEBUG(1, ("format error, single %% at the end of the template.\n")); goto done; } rerun = true; action = *n; while (rerun) { rerun = false; switch (action) { case 'u': if (kr->pd->user == NULL) { DEBUG(1, ("Cannot expand user name template " "because user name is empty.\n")); goto done; } name = sss_get_cased_name(tmp_ctx, kr->pd->user, case_sensitive); if (!name) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_get_cased_name failed\n")); goto done; } result = talloc_asprintf_append(result, "%s%s", p, name); break; case 'U': if (kr->uid <= 0) { DEBUG(1, ("Cannot expand uid template " "because uid is invalid.\n")); goto done; } result = talloc_asprintf_append(result, "%s%"SPRIuid, p, kr->uid); break; case 'p': if (kr->upn == NULL) { DEBUG(1, ("Cannot expand user principal name template " "because upn is empty.\n")); goto done; } result = talloc_asprintf_append(result, "%s%s", p, kr->upn); break; case '%': result = talloc_asprintf_append(result, "%s%%", p); break; case 'r': dummy = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_REALM); if (dummy == NULL) { DEBUG(1, ("Missing kerberos realm.\n")); goto done; } result = talloc_asprintf_append(result, "%s%s", p, dummy); break; case 'h': if (kr->homedir == NULL) { DEBUG(1, ("Cannot expand home directory template " "because the path is not available.\n")); goto done; } result = talloc_asprintf_append(result, "%s%s", p, kr->homedir); break; case 'd': if (file_mode) { cache_dir_tmpl = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR); if (cache_dir_tmpl == NULL) { DEBUG(1, ("Missing credential cache directory.\n")); goto done; } dummy = expand_ccname_template(tmp_ctx, kr, cache_dir_tmpl, false, case_sensitive); if (dummy == NULL) { DEBUG(1, ("Expanding credential cache directory " "template failed.\n")); goto done; } result = talloc_asprintf_append(result, "%s%s", p, dummy); talloc_zfree(dummy); } else { DEBUG(1, ("'%%d' is not allowed in this template.\n")); goto done; } break; case 'P': if (!file_mode) { DEBUG(1, ("'%%P' is not allowed in this template.\n")); goto done; } if (kr->pd->cli_pid == 0) { DEBUG(1, ("Cannot expand PID template " "because PID is not available.\n")); goto done; } result = talloc_asprintf_append(result, "%s%d", p, kr->pd->cli_pid); break; /* Additional syntax from krb5.conf default_ccache_name */ case '{': if (strncmp(n , S_EXP_UID, L_EXP_UID) == 0) { action = 'U'; n += L_EXP_UID - 1; rerun = true; continue; } else if (strncmp(n , S_EXP_USERID, L_EXP_USERID) == 0) { action = 'U'; n += L_EXP_USERID - 1; rerun = true; continue; } else if (strncmp(n , S_EXP_EUID, L_EXP_EUID) == 0) { /* SSSD does not distinguish betwen uid and euid, * so we treat both the same way */ action = 'U'; n += L_EXP_EUID - 1; rerun = true; continue; } else if (strncmp(n , S_EXP_USERNAME, L_EXP_USERNAME) == 0) { action = 'u'; n += L_EXP_USERNAME - 1; rerun = true; continue; } else { /* ignore any expansion variable we do not understand and * let libkrb5 hndle it or fail */ name = n; n = strchr(name, '}'); if (!n) { DEBUG(SSSDBG_CRIT_FAILURE, ( "Invalid substitution sequence in cache " "template. Missing closing '}' in [%s].\n", template)); goto done; } result = talloc_asprintf_append(result, "%s%%%.*s", p, (int)(n - name + 1), name); } break; default: DEBUG(1, ("format error, unknown template [%%%c].\n", *n)); goto done; } } if (result == NULL) { DEBUG(1, ("talloc_asprintf_append failed.\n")); goto done; } p = n + 1; } result = talloc_asprintf_append(result, "%s", p); if (result == NULL) { DEBUG(1, ("talloc_asprintf_append failed.\n")); goto done; } res = talloc_move(mem_ctx, &result); done: talloc_zfree(tmp_ctx); return res; } static errno_t check_parent_stat(struct stat *parent_stat, uid_t uid, gid_t gid) { if (!((parent_stat->st_uid == 0 && parent_stat->st_gid == 0) || parent_stat->st_uid == uid)) { DEBUG(SSSDBG_CRIT_FAILURE, ("Private directory can only be created below a directory " "belonging to root or to [%"SPRIuid"][%"SPRIgid"].\n", uid, gid)); return EINVAL; } if (parent_stat->st_uid == uid) { if (!(parent_stat->st_mode & S_IXUSR)) { DEBUG(SSSDBG_CRIT_FAILURE, ("Parent directory does not have the search bit set for " "the owner.\n")); return EINVAL; } } else { if (!(parent_stat->st_mode & S_IXOTH)) { DEBUG(SSSDBG_CRIT_FAILURE, ("Parent directory does not have the search bit set for " "others.\n")); return EINVAL; } } return EOK; } struct string_list { struct string_list *next; struct string_list *prev; char *s; }; static errno_t find_ccdir_parent_data(TALLOC_CTX *mem_ctx, const char *ccdirname, struct stat *parent_stat, struct string_list **missing_parents) { int ret = EFAULT; char *parent = NULL; char *end; struct string_list *li; ret = stat(ccdirname, parent_stat); if (ret == EOK) { if ( !S_ISDIR(parent_stat->st_mode) ) { DEBUG(SSSDBG_MINOR_FAILURE, ("[%s] is not a directory.\n", ccdirname)); return EINVAL; } return EOK; } else { if (errno != ENOENT) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("stat for [%s] failed: [%d][%s].\n", ccdirname, ret, strerror(ret))); return ret; } } li = talloc_zero(mem_ctx, struct string_list); if (li == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); return ENOMEM; } li->s = talloc_strdup(li, ccdirname); if (li->s == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed.\n")); return ENOMEM; } DLIST_ADD(*missing_parents, li); parent = talloc_strdup(mem_ctx, ccdirname); if (parent == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed.\n")); return ENOMEM; } /* We'll remove all trailing slashes from the back so that * we only pass /some/path to find_ccdir_parent_data, not * /some/path */ do { end = strrchr(parent, '/'); if (end == NULL || end == parent) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot find parent directory of [%s], / is not allowed.\n", ccdirname)); ret = EINVAL; goto done; } *end = '\0'; } while (*(end+1) == '\0'); ret = find_ccdir_parent_data(mem_ctx, parent, parent_stat, missing_parents); done: talloc_free(parent); return ret; } static errno_t check_ccache_re(const char *filename, pcre *illegal_re) { errno_t ret; ret = pcre_exec(illegal_re, NULL, filename, strlen(filename), 0, 0, NULL, 0); if (ret == 0) { DEBUG(SSSDBG_OP_FAILURE, ("Illegal pattern in ccache directory name [%s].\n", filename)); return EINVAL; } else if (ret == PCRE_ERROR_NOMATCH) { DEBUG(SSSDBG_TRACE_LIBS, ("Ccache directory name [%s] does not contain " "illegal patterns.\n", filename)); return EOK; } DEBUG(SSSDBG_CRIT_FAILURE, ("pcre_exec failed [%d].\n", ret)); return EFAULT; } errno_t create_ccache_dir(const char *ccdirname, pcre *illegal_re, uid_t uid, gid_t gid) { int ret = EFAULT; struct stat parent_stat; struct string_list *missing_parents = NULL; struct string_list *li = NULL; mode_t old_umask; mode_t new_dir_mode; TALLOC_CTX *tmp_ctx = NULL; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } if (*ccdirname != '/') { DEBUG(SSSDBG_MINOR_FAILURE, ("Only absolute paths are allowed, not [%s] .\n", ccdirname)); ret = EINVAL; goto done; } if (illegal_re != NULL) { ret = check_ccache_re(ccdirname, illegal_re); if (ret != EOK) { goto done; } } ret = find_ccdir_parent_data(tmp_ctx, ccdirname, &parent_stat, &missing_parents); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("find_ccdir_parent_data failed.\n")); goto done; } ret = check_parent_stat(&parent_stat, uid, gid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("check_parent_stat failed for directory [%s].\n", ccdirname)); goto done; } DLIST_FOR_EACH(li, missing_parents) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Creating directory [%s].\n", li->s)); new_dir_mode = 0700; old_umask = umask(0000); ret = mkdir(li->s, new_dir_mode); umask(old_umask); if (ret != EOK) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("mkdir [%s] failed: [%d][%s].\n", li->s, ret, strerror(ret))); goto done; } ret = chown(li->s, uid, gid); if (ret != EOK) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("chown failed [%d][%s].\n", ret, strerror(ret))); goto done; } } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, struct tgt_times *tgtt) { krb5_error_code kerr; krb5_context ctx = NULL; krb5_ccache cc = NULL; krb5_principal client_princ = NULL; krb5_principal server_princ = NULL; char *server_name; krb5_creds mcred; krb5_creds cred; const char *realm_name; int realm_length; kerr = krb5_init_context(&ctx); if (kerr != 0) { DEBUG(1, ("krb5_init_context failed.\n")); goto done; } kerr = krb5_parse_name(ctx, client_name, &client_princ); if (kerr != 0) { KRB5_DEBUG(SSSDBG_OP_FAILURE, ctx, kerr); DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_parse_name failed.\n")); goto done; } sss_krb5_princ_realm(ctx, client_princ, &realm_name, &realm_length); server_name = talloc_asprintf(NULL, "krbtgt/%.*s@%.*s", realm_length, realm_name, realm_length, realm_name); if (server_name == NULL) { kerr = KRB5_CC_NOMEM; DEBUG(1, ("talloc_asprintf failed.\n")); goto done; } kerr = krb5_parse_name(ctx, server_name, &server_princ); talloc_free(server_name); if (kerr != 0) { KRB5_DEBUG(SSSDBG_OP_FAILURE, ctx, kerr); DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_parse_name failed.\n")); goto done; } kerr = krb5_cc_resolve(ctx, ccache_file, &cc); if (kerr != 0) { KRB5_DEBUG(SSSDBG_OP_FAILURE, ctx, kerr); DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_cc_resolve failed.\n")); goto done; } memset(&mcred, 0, sizeof(mcred)); memset(&cred, 0, sizeof(mcred)); mcred.server = server_princ; mcred.client = client_princ; kerr = krb5_cc_retrieve_cred(ctx, cc, 0, &mcred, &cred); if (kerr != 0) { KRB5_DEBUG(SSSDBG_OP_FAILURE, ctx, kerr); DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_cc_retrieve_cred failed.\n")); goto done; } tgtt->authtime = cred.times.authtime; tgtt->starttime = cred.times.starttime; tgtt->endtime = cred.times.endtime; tgtt->renew_till = cred.times.renew_till; krb5_free_cred_contents(ctx, &cred); kerr = krb5_cc_close(ctx, cc); if (kerr != 0) { KRB5_DEBUG(SSSDBG_OP_FAILURE, ctx, kerr); DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_cc_close failed.\n")); goto done; } cc = NULL; kerr = 0; done: if (cc != NULL) { krb5_cc_close(ctx, cc); } if (client_princ != NULL) { krb5_free_principal(ctx, client_princ); } if (server_princ != NULL) { krb5_free_principal(ctx, server_princ); } if (ctx != NULL) { krb5_free_context(ctx); } if (kerr != 0) { return EIO; } return EOK; } errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re, uid_t uid, gid_t gid) { TALLOC_CTX *tmp_ctx = NULL; const char *filename; char *ccdirname; char *end; errno_t ret; if (ccname[0] == '/') { filename = ccname; } else if (strncmp(ccname, "FILE:", 5) == 0) { filename = ccname + 5; } else if (strncmp(ccname, "DIR:", 4) == 0) { filename = ccname + 4; } else { /* only FILE and DIR types need precreation so far, we ignore any * other type */ return EOK; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; ccdirname = talloc_strdup(tmp_ctx, filename); if (ccdirname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } /* We'll remove all trailing slashes from the back so that * we only pass /some/path to find_ccdir_parent_data, not * /some/path/ */ do { end = strrchr(ccdirname, '/'); if (end == NULL || end == ccdirname) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot find parent directory of [%s], " "/ is not allowed.\n", ccdirname)); ret = EINVAL; goto done; } *end = '\0'; } while (*(end+1) == '\0'); ret = create_ccache_dir(ccdirname, illegal_re, uid, gid); done: talloc_free(tmp_ctx); return ret; } struct sss_krb5_ccache { struct sss_creds *creds; krb5_context context; krb5_ccache ccache; }; static int sss_free_krb5_ccache(void *mem) { struct sss_krb5_ccache *cc = talloc_get_type(mem, struct sss_krb5_ccache); if (cc->ccache) { krb5_cc_close(cc->context, cc->ccache); } krb5_free_context(cc->context); restore_creds(cc->creds); return 0; } static errno_t sss_open_ccache_as_user(TALLOC_CTX *mem_ctx, const char *ccname, uid_t uid, gid_t gid, struct sss_krb5_ccache **ccache) { struct sss_krb5_ccache *cc; krb5_error_code kerr; errno_t ret; cc = talloc_zero(mem_ctx, struct sss_krb5_ccache); if (!cc) { return ENOMEM; } talloc_set_destructor((TALLOC_CTX *)cc, sss_free_krb5_ccache); ret = switch_creds(cc, uid, gid, 0, NULL, &cc->creds); if (ret) { goto done; } kerr = krb5_init_context(&cc->context); if (kerr) { ret = EIO; goto done; } kerr = krb5_cc_resolve(cc->context, ccname, &cc->ccache); if (kerr == KRB5_FCC_NOFILE || cc->ccache == NULL) { DEBUG(SSSDBG_TRACE_FUNC, ("ccache %s is missing or empty\n", ccname)); ret = ERR_NOT_FOUND; goto done; } else if (kerr != 0) { KRB5_DEBUG(SSSDBG_OP_FAILURE, cc->context, kerr); DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_cc_resolve failed.\n")); ret = ERR_INTERNAL; goto done; } ret = EOK; done: if (ret) { talloc_free(cc); } else { *ccache = cc; } return ret; } static errno_t sss_destroy_ccache(struct sss_krb5_ccache *cc) { krb5_error_code kerr; errno_t ret; kerr = krb5_cc_destroy(cc->context, cc->ccache); if (kerr) { KRB5_DEBUG(SSSDBG_OP_FAILURE, cc->context, kerr); DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_cc_destroy failed.\n")); ret = EIO; } else { ret = EOK; } /* krb5_cc_destroy frees cc->ccache in all events */ cc->ccache = NULL; return ret; } errno_t sss_krb5_cc_destroy(const char *ccname, uid_t uid, gid_t gid) { struct sss_krb5_ccache *cc = NULL; TALLOC_CTX *tmp_ctx; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } ret = sss_open_ccache_as_user(tmp_ctx, ccname, uid, gid, &cc); if (ret) { goto done; } ret = sss_destroy_ccache(cc); done: talloc_free(tmp_ctx); return ret; } /* This function is called only as a way to validate that we have the * right cache */ errno_t sss_krb5_check_ccache_princ(uid_t uid, gid_t gid, const char *ccname, const char *principal) { struct sss_krb5_ccache *cc = NULL; krb5_principal ccprinc = NULL; krb5_principal kprinc = NULL; krb5_error_code kerr; const char *cc_type; TALLOC_CTX *tmp_ctx; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } ret = sss_open_ccache_as_user(tmp_ctx, ccname, uid, gid, &cc); if (ret) { goto done; } cc_type = krb5_cc_get_type(cc->context, cc->ccache); DEBUG(SSSDBG_TRACE_INTERNAL, ("Searching for [%s] in cache of type [%s]\n", principal, cc_type)); kerr = krb5_parse_name(cc->context, principal, &kprinc); if (kerr != 0) { KRB5_DEBUG(SSSDBG_OP_FAILURE, cc->context, kerr); DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_parse_name failed.\n")); ret = ERR_INTERNAL; goto done; } kerr = krb5_cc_get_principal(cc->context, cc->ccache, &ccprinc); if (kerr != 0) { KRB5_DEBUG(SSSDBG_OP_FAILURE, cc->context, kerr); DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_cc_get_principal failed.\n")); } if (ccprinc) { if (krb5_principal_compare(cc->context, kprinc, ccprinc) == TRUE) { /* found in the primary ccache */ ret = EOK; goto done; } } #ifdef HAVE_KRB5_CC_COLLECTION if (krb5_cc_support_switch(cc->context, cc_type)) { krb5_cc_close(cc->context, cc->ccache); cc->ccache = NULL; kerr = krb5_cc_set_default_name(cc->context, ccname); if (kerr != 0) { KRB5_DEBUG(SSSDBG_MINOR_FAILURE, cc->context, kerr); /* try to continue despite failure */ } kerr = krb5_cc_cache_match(cc->context, kprinc, &cc->ccache); if (kerr == 0) { ret = EOK; goto done; } KRB5_DEBUG(SSSDBG_TRACE_INTERNAL, cc->context, kerr); } #endif /* HAVE_KRB5_CC_COLLECTION */ ret = ERR_NOT_FOUND; done: krb5_free_principal(cc->context, ccprinc); krb5_free_principal(cc->context, kprinc); talloc_free(tmp_ctx); return ret; } static errno_t sss_low_level_path_check(const char *ccname) { const char *filename; struct stat buf; int ret; if (ccname[0] == '/') { filename = ccname; } else if (strncmp(ccname, "FILE:", 5) == 0) { filename = ccname + 5; } else if (strncmp(ccname, "DIR:", 4) == 0) { filename = ccname + 4; if (filename[0] == ':') filename += 1; } else { /* only FILE and DIR types need file checks so far, we ignore any * other type */ return EOK; } ret = stat(filename, &buf); if (ret == -1) return errno; return EOK; } errno_t sss_krb5_cc_verify_ccache(const char *ccname, uid_t uid, gid_t gid, const char *realm, const char *principal) { struct sss_krb5_ccache *cc = NULL; TALLOC_CTX *tmp_ctx = NULL; krb5_principal tgt_princ = NULL; krb5_principal princ = NULL; char *tgt_name; krb5_creds mcred = { 0 }; krb5_creds cred = { 0 }; krb5_error_code kerr; errno_t ret; /* first of all verify if the old ccache file/dir exists as we may be * trying to verify if an old ccache exists at all. If no file/dir * exists bail out immediately otherwise a following krb5_cc_resolve() * call may actually create paths and files we do not want to have * around */ ret = sss_low_level_path_check(ccname); if (ret) { return ret; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } ret = sss_open_ccache_as_user(tmp_ctx, ccname, uid, gid, &cc); if (ret) { goto done; } tgt_name = talloc_asprintf(tmp_ctx, "krbtgt/%s@%s", realm, realm); if (!tgt_name) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new failed.\n")); ret = ENOMEM; goto done; } kerr = krb5_parse_name(cc->context, tgt_name, &tgt_princ); if (kerr) { KRB5_DEBUG(SSSDBG_CRIT_FAILURE, cc->context, kerr); if (kerr == KRB5_PARSE_MALFORMED) ret = EINVAL; else ret = ERR_INTERNAL; goto done; } kerr = krb5_parse_name(cc->context, principal, &princ); if (kerr) { KRB5_DEBUG(SSSDBG_CRIT_FAILURE, cc->context, kerr); if (kerr == KRB5_PARSE_MALFORMED) ret = EINVAL; else ret = ERR_INTERNAL; goto done; } mcred.client = princ; mcred.server = tgt_princ; mcred.times.endtime = time(NULL); kerr = krb5_cc_retrieve_cred(cc->context, cc->ccache, KRB5_TC_MATCH_TIMES, &mcred, &cred); if (kerr) { if (kerr == KRB5_CC_NOTFOUND || kerr == KRB5_FCC_NOFILE) { DEBUG(SSSDBG_TRACE_INTERNAL, ("TGT not found or expired.\n")); ret = EINVAL; } else { KRB5_DEBUG(SSSDBG_CRIT_FAILURE, cc->context, kerr); ret = ERR_INTERNAL; } } krb5_free_cred_contents(cc->context, &cred); done: if (tgt_princ) krb5_free_principal(cc->context, tgt_princ); if (princ) krb5_free_principal(cc->context, princ); talloc_free(tmp_ctx); return ret; } errno_t get_domain_or_subdomain(struct be_ctx *be_ctx, char *domain_name, struct sss_domain_info **dom) { if (domain_name != NULL && strcasecmp(domain_name, be_ctx->domain->name) != 0) { *dom = find_subdomain_by_name(be_ctx->domain, domain_name, true); if (*dom == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("find_subdomain_by_name failed.\n")); return ENOMEM; } } else { *dom = be_ctx->domain; } return EOK; } sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_utils.h0000644000000000000000000000007412320753107021456 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.471875086 sssd-1.11.5/src/providers/krb5/krb5_utils.h0000664002412700241270000000556112320753107021707 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos Backend, header file for utilities Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __KRB5_UTILS_H__ #define __KRB5_UTILS_H__ #include #include "config.h" #include "providers/krb5/krb5_auth.h" #include "providers/data_provider.h" errno_t find_or_guess_upn(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct krb5_ctx *krb5_ctx, struct sss_domain_info *dom, const char *user, const char *user_dom, char **_upn); errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *user, const char *upn); errno_t create_ccache_dir(const char *dirname, pcre *illegal_re, uid_t uid, gid_t gid); char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, const char *template, bool file_mode, bool case_sensitive); errno_t become_user(uid_t uid, gid_t gid); struct sss_creds; errno_t switch_creds(TALLOC_CTX *mem_ctx, uid_t uid, gid_t gid, int num_gids, gid_t *gids, struct sss_creds **saved_creds); errno_t restore_creds(struct sss_creds *saved_creds); errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re, uid_t uid, gid_t gid); errno_t sss_krb5_cc_destroy(const char *ccname, uid_t uid, gid_t gid); errno_t sss_krb5_check_ccache_princ(uid_t uid, gid_t gid, const char *ccname, const char *principal); errno_t sss_krb5_cc_verify_ccache(const char *ccname, uid_t uid, gid_t gid, const char *realm, const char *principal); errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, struct tgt_times *tgtt); errno_t get_domain_or_subdomain(struct be_ctx *be_ctx, char *domain_name, struct sss_domain_info **dom); #endif /* __KRB5_UTILS_H__ */ sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_become_user.c0000644000000000000000000000007312320753107022600 xustar000000000000000030 atime=1396954939.265891431 29 ctime=1396954961.60187499 sssd-1.11.5/src/providers/krb5/krb5_become_user.c0000664002412700241270000001347012320753107023030 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos 5 Backend Module -- Utilities Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include errno_t become_user(uid_t uid, gid_t gid) { uid_t cuid; int ret; DEBUG(SSSDBG_FUNC_DATA, ("Trying to become user [%"SPRIuid"][%"SPRIgid"].\n", uid, gid)); /* skip call if we already are the requested user */ cuid = geteuid(); if (uid == cuid) { DEBUG(SSSDBG_FUNC_DATA, ("Already user [%"SPRIuid"].\n", uid)); return EOK; } /* drop supplmentary groups first */ ret = setgroups(0, NULL); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("setgroups failed [%d][%s].\n", ret, strerror(ret))); return ret; } /* change gid so that root cannot be regained (changes saved gid too) */ ret = setresgid(gid, gid, gid); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("setresgid failed [%d][%s].\n", ret, strerror(ret))); return ret; } /* change uid so that root cannot be regained (changes saved uid too) */ /* this call also takes care of dropping CAP_SETUID, so this is a PNR */ ret = setresuid(uid, uid, uid); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("setresuid failed [%d][%s].\n", ret, strerror(ret))); return ret; } return EOK; } struct sss_creds { uid_t uid; gid_t gid; int num_gids; gid_t gids[]; }; errno_t restore_creds(struct sss_creds *saved_creds); /* This is a reversible version of become_user, and returns the saved * credentials so that creds can be switched back calling restore_creds */ errno_t switch_creds(TALLOC_CTX *mem_ctx, uid_t uid, gid_t gid, int num_gids, gid_t *gids, struct sss_creds **saved_creds) { struct sss_creds *ssc = NULL; int size; int ret; DEBUG(SSSDBG_FUNC_DATA, ("Switch user to [%d][%d].\n", uid, gid)); if (saved_creds) { /* save current user credentials */ size = getgroups(0, NULL); if (size == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Getgroups failed! (%d, %s)\n", ret, strerror(ret))); goto done; } ssc = talloc_size(mem_ctx, (sizeof(struct sss_creds) + size * sizeof(gid_t))); if (!ssc) { DEBUG(SSSDBG_CRIT_FAILURE, ("Allocation failed!\n")); ret = ENOMEM; goto done; } ssc->num_gids = size; size = getgroups(ssc->num_gids, ssc->gids); if (size == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Getgroups failed! (%d, %s)\n", ret, strerror(ret))); /* free ssc immediately otherwise the code will try to restore * wrong creds */ talloc_zfree(ssc); goto done; } /* we care only about effective ids */ ssc->uid = geteuid(); ssc->gid = getegid(); } /* if we are regaining root set euid first so that we have CAP_SETUID back, * ane the other calls work too, otherwise call it last so that we can * change groups before we loose CAP_SETUID */ if (uid == 0) { ret = setresuid(0, 0, 0); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("setresuid failed [%d][%s].\n", ret, strerror(ret))); goto done; } } /* TODO: use prctl to get/set capabilities too ? */ /* try to setgroups first should always work if CAP_SETUID is set, * otherwise it will always fail, failure is not critical though as * generally we only really care about uid and at mot primary gid */ ret = setgroups(num_gids, gids); if (ret == -1) { ret = errno; DEBUG(SSSDBG_TRACE_FUNC, ("setgroups failed [%d][%s].\n", ret, strerror(ret))); } /* change gid now, (leaves saved gid to current, so we can restore) */ ret = setresgid(-1, gid, -1); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("setresgid failed [%d][%s].\n", ret, strerror(ret))); goto done; } if (uid != 0) { /* change uid, (leaves saved uid to current, so we can restore) */ ret = setresuid(-1, uid, -1); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("setresuid failed [%d][%s].\n", ret, strerror(ret))); goto done; } } ret = 0; done: if (ret) { if (ssc) { /* attempt to restore creds first */ restore_creds(ssc); talloc_free(ssc); } } else if (saved_creds) { *saved_creds = ssc; } return ret; } errno_t restore_creds(struct sss_creds *saved_creds) { return switch_creds(saved_creds, saved_creds->uid, saved_creds->gid, saved_creds->num_gids, saved_creds->gids, NULL); } sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_auth.h0000644000000000000000000000007412320753107021257 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.469875087 sssd-1.11.5/src/providers/krb5/krb5_auth.h0000664002412700241270000001010112320753107021472 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos Backend, private header file Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __KRB5_AUTH_H__ #define __KRB5_AUTH_H__ #include #include "util/sss_krb5.h" #include "providers/dp_backend.h" #include "util/child_common.h" #include "providers/krb5/krb5_common.h" #define CCACHE_ENV_NAME "KRB5CCNAME" #define ILLEGAL_PATH_PATTERN "//|/\\./|/\\.\\./" struct krb5child_req { struct pam_data *pd; struct krb5_ctx *krb5_ctx; const char *ccname; const char *old_ccname; const char *homedir; char *upn; uid_t uid; gid_t gid; bool is_offline; struct fo_server *srv; struct fo_server *kpasswd_srv; bool active_ccache; bool valid_tgt; bool run_as_user; bool upn_from_different_realm; bool send_pac; }; errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd, struct krb5_ctx *krb5_ctx, struct krb5child_req **krb5_req); void krb5_pam_handler(struct be_req *be_req); void krb5_pam_handler_auth_done(struct tevent_req *req); struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct pam_data *pd, struct krb5_ctx *krb5_ctx); int krb5_auth_recv(struct tevent_req *req, int *pam_status, int *dp_err); struct tevent_req *handle_child_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct krb5child_req *kr); int handle_child_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, uint8_t **buf, ssize_t *len); struct krb5_child_response { int32_t msg_status; struct tgt_times tgtt; char *ccname; char *correct_upn; bool otp; }; errno_t parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len, struct pam_data *pd, int pwd_exp_warning, struct krb5_child_response **_res); errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, struct pam_data *pd, uid_t uid); errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, struct tevent_context *ev); errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, struct tevent_context *ev, time_t renew_intv); errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, struct tgt_times *tgtt, struct pam_data *pd, const char *upn); /* krb5_access.c */ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct pam_data *pd, struct krb5_ctx *krb5_ctx); int krb5_access_recv(struct tevent_req *req, bool *access_allowed); /* krb5_wait_queue.c */ errno_t add_to_wait_queue(struct be_req *be_req, struct pam_data *pd, struct krb5_ctx *krb5_ctx); void check_wait_queue(struct krb5_ctx *krb5_ctx, char *username); #endif /* __KRB5_AUTH_H__ */ sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_renew_tgt.c0000644000000000000000000000007412320753107022307 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.603874988 sssd-1.11.5/src/providers/krb5/krb5_renew_tgt.c0000664002412700241270000005223212320753107022535 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos 5 Backend Module -- Renew a TGT automatically Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "providers/krb5/krb5_common.h" #include "providers/krb5/krb5_auth.h" #include "providers/krb5/krb5_utils.h" #define INITIAL_TGT_TABLE_SIZE 10 struct renew_tgt_ctx { hash_table_t *tgt_table; struct be_ctx *be_ctx; struct tevent_context *ev; struct krb5_ctx *krb5_ctx; time_t timer_interval; struct tevent_timer *te; }; struct renew_data { const char *ccfile; time_t start_time; time_t lifetime; time_t start_renew_at; struct pam_data *pd; }; struct auth_data { struct be_ctx *be_ctx; struct krb5_ctx *krb5_ctx; struct pam_data *pd; struct renew_data *renew_data; hash_table_t *table; hash_key_t key; }; static void renew_tgt_done(struct tevent_req *req); static void renew_tgt(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *private_data) { struct auth_data *auth_data = talloc_get_type(private_data, struct auth_data); struct tevent_req *req; req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd, auth_data->krb5_ctx); if (req == NULL) { DEBUG(1, ("krb5_auth_send failed.\n")); /* Give back the pam data to the renewal item to be able to retry at the next * time the renewals re run. */ auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, auth_data->pd); talloc_free(auth_data); return; } tevent_req_set_callback(req, renew_tgt_done, auth_data); } static void renew_tgt_done(struct tevent_req *req) { struct auth_data *auth_data = tevent_req_callback_data(req, struct auth_data); int ret; int pam_status = PAM_SYSTEM_ERR; int dp_err; hash_value_t value; ret = krb5_auth_recv(req, &pam_status, &dp_err); talloc_free(req); if (ret) { DEBUG(1, ("krb5_auth request failed.\n")); if (auth_data->renew_data != NULL) { DEBUG(5, ("Giving back pam data.\n")); auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, auth_data->pd); } } else { switch (pam_status) { case PAM_SUCCESS: DEBUG(4, ("Successfully renewed TGT for user [%s].\n", auth_data->pd->user)); /* In general a successful renewal will update the renewal item and free the * old data. But if the TGT has reached the end of his renewable lifetime it * will not be put into the list of renewable tickets again. In this case the * renewal item is not updated and the value from the hash and the one we have * stored are the same. Since the TGT cannot be renewed anymore we want to * remove it from the list of renewable tickets. */ ret = hash_lookup(auth_data->table, &auth_data->key, &value); if (ret == HASH_SUCCESS) { if (value.type == HASH_VALUE_PTR && auth_data->renew_data == talloc_get_type(value.ptr, struct renew_data)) { DEBUG(5, ("New TGT was not added for renewal, " "removing list entry for user [%s].\n", auth_data->pd->user)); ret = hash_delete(auth_data->table, &auth_data->key); if (ret != HASH_SUCCESS) { DEBUG(1, ("hash_delete failed.\n")); } } } break; case PAM_AUTHINFO_UNAVAIL: case PAM_AUTHTOK_LOCK_BUSY: DEBUG(4, ("Cannot renewed TGT for user [%s] while offline, " "will retry later.\n", auth_data->pd->user)); if (auth_data->renew_data != NULL) { DEBUG(5, ("Giving back pam data.\n")); auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, auth_data->pd); } break; default: DEBUG(1, ("Failed to renew TGT for user [%s].\n", auth_data->pd->user)); ret = hash_delete(auth_data->table, &auth_data->key); if (ret != HASH_SUCCESS) { DEBUG(1, ("hash_delete failed.\n")); } } } talloc_zfree(auth_data); } static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx) { int ret; hash_entry_t *entries; unsigned long count; size_t c; time_t now; struct auth_data *auth_data; struct renew_data *renew_data; struct tevent_timer *te = NULL; ret = hash_entries(renew_tgt_ctx->tgt_table, &count, &entries); if (ret != HASH_SUCCESS) { DEBUG(1, ("hash_entries failed.\n")); return ENOMEM; } now = time(NULL); for (c = 0; c < count; c++) { renew_data = talloc_get_type(entries[c].value.ptr, struct renew_data); DEBUG(9, ("Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile, ctime(&renew_data->start_renew_at))); /* If renew_data->pd == NULL a renewal request for this data is * currently running so we skip it. */ if (renew_data->start_renew_at < now && renew_data->pd != NULL) { auth_data = talloc_zero(renew_tgt_ctx, struct auth_data); if (auth_data == NULL) { DEBUG(1, ("talloc_zero failed.\n")); } else { /* We need to steal the pam_data here, because a successful renewal of the * ticket might add a new renewal item to the list with the same key (upn). * This would delete renew_data and all its children. But we cannot be sure * that adding the new renewal item is the last operation of the renewal * process with access the pam_data. To be on the safe side we steal the * pam_data and make it a child of auth_data which is only freed after the * renewal process is finished. In the case of an error during renewal we * might want to steal the pam_data back to renew_data before freeing * auth_data to allow a new renewal attempt. */ auth_data->pd = talloc_move(auth_data, &renew_data->pd); auth_data->krb5_ctx = renew_tgt_ctx->krb5_ctx; auth_data->be_ctx = renew_tgt_ctx->be_ctx; auth_data->table = renew_tgt_ctx->tgt_table; auth_data->renew_data = renew_data; auth_data->key.type = entries[c].key.type; auth_data->key.str = talloc_strdup(auth_data, entries[c].key.str); if (auth_data->key.str == NULL) { DEBUG(1, ("talloc_strdup failed.\n")); } else { te = tevent_add_timer(renew_tgt_ctx->ev, auth_data, tevent_timeval_current(), renew_tgt, auth_data); if (te == NULL) { DEBUG(1, ("tevent_add_timer failed.\n")); } } } if (auth_data == NULL || te == NULL) { DEBUG(1, ("Failed to renew TGT in [%s].\n", renew_data->ccfile)); ret = hash_delete(renew_tgt_ctx->tgt_table, &entries[c].key); if (ret != HASH_SUCCESS) { DEBUG(1, ("hash_delete failed.\n")); } } } } talloc_free(entries); return EOK; } static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx); static void renew_tgt_offline_callback(void *private_data) { struct renew_tgt_ctx *renew_tgt_ctx = talloc_get_type(private_data, struct renew_tgt_ctx); talloc_zfree(renew_tgt_ctx->te); } static void renew_tgt_online_callback(void *private_data) { struct renew_tgt_ctx *renew_tgt_ctx = talloc_get_type(private_data, struct renew_tgt_ctx); renew_handler(renew_tgt_ctx); } static void renew_tgt_timer_handler(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *data) { struct renew_tgt_ctx *renew_tgt_ctx = talloc_get_type(data, struct renew_tgt_ctx); /* forget the timer event, it will be freed by the tevent timer loop */ renew_tgt_ctx->te = NULL; renew_handler(renew_tgt_ctx); } static void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx) { struct timeval next; int ret; if (be_is_offline(renew_tgt_ctx->be_ctx)) { DEBUG(4, ("Offline, disable renew timer.\n")); return; } ret = renew_all_tgts(renew_tgt_ctx); if (ret != EOK) { DEBUG(1, ("renew_all_tgts failed. " "Disabling automatic TGT renewal\n")); sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal."); talloc_zfree(renew_tgt_ctx); return; } if (renew_tgt_ctx->te != NULL) { DEBUG(7, ("There is an active renewal timer, doing nothing.\n")); return; } DEBUG(7, ("Adding new renew timer.\n")); next = tevent_timeval_current_ofs(renew_tgt_ctx->timer_interval, 0); renew_tgt_ctx->te = tevent_add_timer(renew_tgt_ctx->ev, renew_tgt_ctx, next, renew_tgt_timer_handler, renew_tgt_ctx); if (renew_tgt_ctx->te == NULL) { DEBUG(1, ("tevent_add_timer failed.\n")); sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal."); talloc_zfree(renew_tgt_ctx); } return; } static void renew_del_cb(hash_entry_t *entry, hash_destroy_enum type, void *pvt) { struct renew_data *renew_data; if (entry->value.type == HASH_VALUE_PTR) { renew_data = talloc_get_type(entry->value.ptr, struct renew_data); talloc_zfree(renew_data); return; } DEBUG(1, ("Unexpected value type [%d].\n", entry->value.type)); } static errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx, const char *ccache_file, const char *upn, const char *user_name) { int ret; struct stat stat_buf; struct tgt_times tgtt; struct pam_data pd; time_t now; const char *filename; if (ccache_file == NULL || upn == NULL || user_name == NULL) { DEBUG(6, ("Missing one of the needed attributes: [%s][%s][%s].\n", ccache_file == NULL ? "cache file missing" : ccache_file, upn == NULL ? "principal missing" : upn, user_name == NULL ? "user name missing" : user_name)); return EINVAL; } if (strncmp(ccache_file, "FILE:", 5) == 0) { filename = ccache_file + 5; } else { filename = ccache_file; } ret = stat(filename, &stat_buf); if (ret != EOK) { if (ret == ENOENT) { return EOK; } return ret; } DEBUG(9, ("Found ccache file [%s].\n", ccache_file)); memset(&tgtt, 0, sizeof(tgtt)); ret = get_ccache_file_data(ccache_file, upn, &tgtt); if (ret != EOK) { DEBUG(1, ("get_ccache_file_data failed.\n")); return ret; } memset(&pd, 0, sizeof(pd)); pd.cmd = SSS_CMD_RENEW; pd.user = discard_const_p(char, user_name); now = time(NULL); if (tgtt.renew_till > tgtt.endtime && tgtt.renew_till > now && tgtt.endtime > now) { DEBUG(7, ("Adding [%s] for automatic renewal.\n", ccache_file)); ret = add_tgt_to_renew_table(renew_tgt_ctx->krb5_ctx, ccache_file, &tgtt, &pd, upn); if (ret != EOK) { DEBUG(1, ("add_tgt_to_renew_table failed, " "automatic renewal not possible.\n")); } } else { DEBUG(9, ("TGT in [%s] for [%s] is too old.\n", ccache_file, upn)); } return EOK; } static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) { TALLOC_CTX *tmp_ctx; int ret; const char *ccache_filter = "(&("SYSDB_CCACHE_FILE"=*)" \ "("SYSDB_OBJECTCLASS"="SYSDB_USER_CLASS"))"; const char *ccache_attrs[] = { SYSDB_CCACHE_FILE, SYSDB_UPN, SYSDB_NAME, SYSDB_CANONICAL_UPN, NULL }; size_t msgs_count = 0; struct ldb_message **msgs = NULL; size_t c; const char *ccache_file; char *upn; const char *user_name; struct ldb_dn *base_dn; const struct ldb_val *user_dom_val; char *user_dom; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(1, ("talloc_new failed.\n")); return ENOMEM; } base_dn = sysdb_base_dn(renew_tgt_ctx->be_ctx->domain->sysdb, tmp_ctx); if (base_dn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_base_dn failed.\n")); ret = ENOMEM; goto done; } ret = sysdb_search_entry(tmp_ctx, renew_tgt_ctx->be_ctx->domain->sysdb, base_dn, LDB_SCOPE_SUBTREE, ccache_filter, ccache_attrs, &msgs_count, &msgs); if (ret != EOK) { DEBUG(1, ("sysdb_search_entry failed.\n")); goto done; } if (msgs_count == 0) { DEBUG(9, ("No entries with ccache file found in cache.\n")); ret = EOK; goto done; } DEBUG(SSSDBG_TRACE_ALL, ("Found [%zu] entries with ccache file in cache.\n", msgs_count)); for (c = 0; c < msgs_count; c++) { user_name = ldb_msg_find_attr_as_string(msgs[c], SYSDB_NAME, NULL); if (user_name == NULL) { DEBUG(1, ("No user name found, this is a severe error, " "but we ignore it here.\n")); continue; } /* The DNs of users in sysdb looks like * name=username,cn=users,cn=domain.name,cn=sysdb * the value of the third component (index 2) is the domain name. */ user_dom_val = ldb_dn_get_component_val(msgs[c]->dn, 2); if (user_dom_val == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Invalid user DN [%s].\n", ldb_dn_get_linearized(msgs[c]->dn))); ret = EINVAL; goto done; } user_dom = talloc_strndup(tmp_ctx, (char *) user_dom_val->data, user_dom_val->length); if (user_dom == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strndup failed,\n")); ret = ENOMEM; goto done; } ret = find_or_guess_upn(tmp_ctx, msgs[c], renew_tgt_ctx->krb5_ctx, renew_tgt_ctx->be_ctx->domain, user_name, user_dom, &upn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("find_or_guess_upn failed.\n")); goto done; } ccache_file = ldb_msg_find_attr_as_string(msgs[c], SYSDB_CCACHE_FILE, NULL); ret = check_ccache_file(renew_tgt_ctx, ccache_file, upn, user_name); if (ret != EOK) { DEBUG(5, ("Failed to check ccache file [%s].\n", ccache_file)); } } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, struct tevent_context *ev, time_t renew_intv) { int ret; struct timeval next; krb5_ctx->renew_tgt_ctx = talloc_zero(krb5_ctx, struct renew_tgt_ctx); if (krb5_ctx->renew_tgt_ctx == NULL) { DEBUG(1, ("talloc_zero failed.\n")); return ENOMEM; } ret = sss_hash_create_ex(krb5_ctx->renew_tgt_ctx, INITIAL_TGT_TABLE_SIZE, &krb5_ctx->renew_tgt_ctx->tgt_table, 0, 0, 0, 0, renew_del_cb, NULL); if (ret != EOK) { DEBUG(1, ("sss_hash_create failed.\n")); goto fail; } krb5_ctx->renew_tgt_ctx->be_ctx = be_ctx; krb5_ctx->renew_tgt_ctx->krb5_ctx = krb5_ctx; krb5_ctx->renew_tgt_ctx->ev = ev; krb5_ctx->renew_tgt_ctx->timer_interval = renew_intv; ret = check_ccache_files(krb5_ctx->renew_tgt_ctx); if (ret != EOK) { DEBUG(1, ("Failed to read ccache files, continuing ...\n")); } next = tevent_timeval_current_ofs(krb5_ctx->renew_tgt_ctx->timer_interval, 0); krb5_ctx->renew_tgt_ctx->te = tevent_add_timer(ev, krb5_ctx->renew_tgt_ctx, next, renew_tgt_timer_handler, krb5_ctx->renew_tgt_ctx); if (krb5_ctx->renew_tgt_ctx->te == NULL) { DEBUG(1, ("tevent_add_timer failed.\n")); ret = ENOMEM; goto fail; } DEBUG(7, ("Adding offline callback to remove renewal timer.\n")); ret = be_add_offline_cb(krb5_ctx->renew_tgt_ctx, be_ctx, renew_tgt_offline_callback, krb5_ctx->renew_tgt_ctx, NULL); if (ret != EOK) { DEBUG(1, ("Failed to add offline callback.\n")); goto fail; } DEBUG(7, ("Adding renewal task to online callbacks.\n")); ret = be_add_online_cb(krb5_ctx->renew_tgt_ctx, be_ctx, renew_tgt_online_callback, krb5_ctx->renew_tgt_ctx, NULL); if (ret != EOK) { DEBUG(1, ("Failed to add renewal task to online callbacks.\n")); goto fail; } return EOK; fail: talloc_zfree(krb5_ctx->renew_tgt_ctx); return ret; } errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, struct tgt_times *tgtt, struct pam_data *pd, const char *upn) { int ret; hash_key_t key; hash_value_t value; struct renew_data *renew_data = NULL; if (krb5_ctx->renew_tgt_ctx == NULL) { DEBUG(7 ,("Renew context not initialized, " "automatic renewal not available.\n")); return EOK; } if (pd->cmd != SSS_PAM_AUTHENTICATE && pd->cmd != SSS_CMD_RENEW && pd->cmd != SSS_PAM_CHAUTHTOK) { DEBUG(1, ("Unexpected pam task [%d].\n", pd->cmd)); return EINVAL; } if (upn == NULL) { DEBUG(1, ("Missing user principal name.\n")); return EINVAL; } /* hash_enter copies the content of the hash string, so it is safe to use * discard_const_p here. */ key.type = HASH_KEY_STRING; key.str = discard_const_p(char, upn); renew_data = talloc_zero(krb5_ctx->renew_tgt_ctx, struct renew_data); if (renew_data == NULL) { DEBUG(1, ("talloc_zero failed.\n")); ret = ENOMEM; goto done; } if (ccfile[0] == '/') { renew_data->ccfile = talloc_asprintf(renew_data, "FILE:%s", ccfile); if (renew_data->ccfile == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } } else { renew_data->ccfile = talloc_strdup(renew_data, ccfile); } renew_data->start_time = tgtt->starttime; renew_data->lifetime = tgtt->endtime; renew_data->start_renew_at = (time_t) (tgtt->starttime + 0.5 *(tgtt->endtime - tgtt->starttime)); ret = copy_pam_data(renew_data, pd, &renew_data->pd); if (ret != EOK) { DEBUG(1, ("copy_pam_data failed.\n")); goto done; } sss_authtok_set_empty(renew_data->pd->newauthtok); ret = sss_authtok_set_ccfile(renew_data->pd->authtok, renew_data->ccfile, 0); if (ret) { DEBUG(1, ("Failed to store ccfile in auth token.\n")); goto done; } renew_data->pd->cmd = SSS_CMD_RENEW; value.type = HASH_VALUE_PTR; value.ptr = renew_data; ret = hash_enter(krb5_ctx->renew_tgt_ctx->tgt_table, &key, &value); if (ret != HASH_SUCCESS) { DEBUG(1, ("hash_enter failed.\n")); ret = EFAULT; goto done; } DEBUG(7, ("Added [%s] for renewal at [%.24s].\n", renew_data->ccfile, ctime(&renew_data->start_renew_at))); ret = EOK; done: if (ret != EOK) { talloc_free(renew_data); } return ret; } sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_delayed_online_authentication.c0000644000000000000000000000007412320753107026363 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.602874989 sssd-1.11.5/src/providers/krb5/krb5_delayed_online_authentication.c0000664002412700241270000002574012320753107026615 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos 5 Backend Module -- Request a TGT when the system gets online Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #ifdef USE_KEYRING #include #include #endif #include "providers/krb5/krb5_auth.h" #include "dhash.h" #include "util/util.h" #include "util/find_uid.h" #define INITIAL_USER_TABLE_SIZE 10 struct deferred_auth_ctx { hash_table_t *user_table; struct be_ctx *be_ctx; struct tevent_context *ev; struct krb5_ctx *krb5_ctx; }; struct auth_data { struct be_ctx *be_ctx; struct krb5_ctx *krb5_ctx; struct pam_data *pd; }; static void *hash_talloc(const size_t size, void *pvt) { return talloc_size(pvt, size); } static void hash_talloc_free(void *ptr, void *pvt) { talloc_free(ptr); } static void authenticate_user_done(struct tevent_req *req); static void authenticate_user(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *private_data) { struct auth_data *auth_data = talloc_get_type(private_data, struct auth_data); struct pam_data *pd = auth_data->pd; struct tevent_req *req; DEBUG_PAM_DATA(9, pd); #ifdef USE_KEYRING char *password; long keysize; long keyrevoke; errno_t ret; keysize = keyctl_read_alloc(pd->key_serial, (void **)&password); if (keysize == -1) { ret = errno; DEBUG(1, ("keyctl_read failed [%d][%s].\n", ret, strerror(ret))); return; } ret = sss_authtok_set_password(pd->authtok, password, keysize); safezero(password, keysize); free(password); if (ret) { DEBUG(1, ("failed to set password in auth token [%d][%s].\n", ret, strerror(ret))); return; } keyrevoke = keyctl_revoke(pd->key_serial); if (keyrevoke == -1) { ret = errno; DEBUG(1, ("keyctl_revoke failed [%d][%s].\n", ret, strerror(ret))); } #endif req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd, auth_data->krb5_ctx); if (req == NULL) { DEBUG(1, ("krb5_auth_send failed.\n")); talloc_free(auth_data); return; } tevent_req_set_callback(req, authenticate_user_done, auth_data); } static void authenticate_user_done(struct tevent_req *req) { struct auth_data *auth_data = tevent_req_callback_data(req, struct auth_data); int ret; int pam_status = PAM_SYSTEM_ERR; int dp_err; ret = krb5_auth_recv(req, &pam_status, &dp_err); talloc_free(req); if (ret) { DEBUG(1, ("krb5_auth request failed.\n")); } else { if (pam_status == PAM_SUCCESS) { DEBUG(4, ("Successfully authenticated user [%s].\n", auth_data->pd->user)); } else { DEBUG(1, ("Failed to authenticate user [%s].\n", auth_data->pd->user)); } } talloc_free(auth_data); } static errno_t authenticate_stored_users( struct deferred_auth_ctx *deferred_auth_ctx) { int ret; hash_table_t *uid_table; struct hash_iter_context_t *iter; hash_entry_t *entry; hash_key_t key; hash_value_t value; struct pam_data *pd; struct auth_data *auth_data; struct tevent_timer *te; ret = get_uid_table(deferred_auth_ctx, &uid_table); if (ret != HASH_SUCCESS) { DEBUG(1, ("get_uid_table failed.\n")); return ret; } iter = new_hash_iter_context(deferred_auth_ctx->user_table); if (iter == NULL) { DEBUG(1, ("new_hash_iter_context failed.\n")); return EINVAL; } while ((entry = iter->next(iter)) != NULL) { key.type = HASH_KEY_ULONG; key.ul = entry->key.ul; pd = talloc_get_type(entry->value.ptr, struct pam_data); ret = hash_lookup(uid_table, &key, &value); if (ret == HASH_SUCCESS) { DEBUG(1, ("User [%s] is still logged in, " "trying online authentication.\n", pd->user)); auth_data = talloc_zero(deferred_auth_ctx->be_ctx, struct auth_data); if (auth_data == NULL) { DEBUG(1, ("talloc_zero failed.\n")); } else { auth_data->pd = talloc_steal(auth_data, pd); auth_data->krb5_ctx = deferred_auth_ctx->krb5_ctx; auth_data->be_ctx = deferred_auth_ctx->be_ctx; te = tevent_add_timer(deferred_auth_ctx->ev, auth_data, tevent_timeval_current(), authenticate_user, auth_data); if (te == NULL) { DEBUG(1, ("tevent_add_timer failed.\n")); } } } else { DEBUG(1, ("User [%s] is not logged in anymore, " "discarding online authentication.\n", pd->user)); talloc_free(pd); } ret = hash_delete(deferred_auth_ctx->user_table, &entry->key); if (ret != HASH_SUCCESS) { DEBUG(1, ("hash_delete failed [%s].\n", hash_error_string(ret))); } } talloc_free(iter); return EOK; } static void delayed_online_authentication_callback(void *private_data) { struct deferred_auth_ctx *deferred_auth_ctx = talloc_get_type(private_data, struct deferred_auth_ctx); int ret; if (deferred_auth_ctx->user_table == NULL) { DEBUG(1, ("Delayed online authentication activated, " "but user table does not exists.\n")); return; } DEBUG(5, ("Backend is online, starting delayed online authentication.\n")); ret = authenticate_stored_users(deferred_auth_ctx); if (ret != EOK) { DEBUG(1, ("authenticate_stored_users failed.\n")); } return; } errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, struct pam_data *pd, uid_t uid) { int ret; hash_key_t key; hash_value_t value; struct pam_data *new_pd; if (krb5_ctx->deferred_auth_ctx == NULL) { DEBUG(1, ("Missing context for delayed online authentication.\n")); return EINVAL; } if (krb5_ctx->deferred_auth_ctx->user_table == NULL) { DEBUG(1, ("user_table not available.\n")); return EINVAL; } if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) { DEBUG(1, ("Invalid authtok for user [%s].\n", pd->user)); return EINVAL; } ret = copy_pam_data(krb5_ctx->deferred_auth_ctx, pd, &new_pd); if (ret != EOK) { DEBUG(1, ("copy_pam_data failed\n")); return ENOMEM; } #ifdef USE_KEYRING const char *password; size_t len; ret = sss_authtok_get_password(new_pd->authtok, &password, &len); if (ret) { DEBUG(1, ("Failed to get password [%d][%s].\n", ret, strerror(ret))); sss_authtok_set_empty(new_pd->authtok); talloc_free(new_pd); return ret; } new_pd->key_serial = add_key("user", new_pd->user, password, len, KEY_SPEC_SESSION_KEYRING); if (new_pd->key_serial == -1) { ret = errno; DEBUG(1, ("add_key failed [%d][%s].\n", ret, strerror(ret))); sss_authtok_set_empty(new_pd->authtok); talloc_free(new_pd); return ret; } DEBUG(SSSDBG_TRACE_ALL, ("Saved authtok of user [%s] with serial [%"SPRIkey_ser"].\n", new_pd->user, new_pd->key_serial)); sss_authtok_set_empty(new_pd->authtok); #endif key.type = HASH_KEY_ULONG; key.ul = uid; value.type = HASH_VALUE_PTR; value.ptr = new_pd; ret = hash_enter(krb5_ctx->deferred_auth_ctx->user_table, &key, &value); if (ret != HASH_SUCCESS) { DEBUG(1, ("Cannot add user [%s] to table [%s], " "delayed online authentication not possible.\n", pd->user, hash_error_string(ret))); talloc_free(new_pd); return ENOMEM; } DEBUG(9, ("Added user [%s] successfully to " "delayed online authentication.\n", pd->user)); return EOK; } errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, struct tevent_context *ev) { int ret; hash_table_t *tmp_table; ret = get_uid_table(krb5_ctx, &tmp_table); if (ret != EOK) { if (ret == ENOSYS) { DEBUG(0, ("Delayed online auth was requested " "on an unsupported system.\n")); } else { DEBUG(0, ("Delayed online auth was requested " "but initialisation failed.\n")); } return ret; } ret = hash_destroy(tmp_table); if (ret != HASH_SUCCESS) { DEBUG(1, ("hash_destroy failed [%s].\n", hash_error_string(ret))); return EFAULT; } krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx, struct deferred_auth_ctx); if (krb5_ctx->deferred_auth_ctx == NULL) { DEBUG(1, ("talloc_zero failed.\n")); return ENOMEM; } ret = hash_create_ex(INITIAL_USER_TABLE_SIZE, &krb5_ctx->deferred_auth_ctx->user_table, 0, 0, 0, 0, hash_talloc, hash_talloc_free, krb5_ctx->deferred_auth_ctx, NULL, NULL); if (ret != HASH_SUCCESS) { DEBUG(1, ("hash_create_ex failed [%s]\n", hash_error_string(ret))); ret = ENOMEM; goto fail; } krb5_ctx->deferred_auth_ctx->be_ctx = be_ctx; krb5_ctx->deferred_auth_ctx->krb5_ctx = krb5_ctx; krb5_ctx->deferred_auth_ctx->ev = ev; ret = be_add_online_cb(krb5_ctx, be_ctx, delayed_online_authentication_callback, krb5_ctx->deferred_auth_ctx, NULL); if (ret != EOK) { DEBUG(1, ("be_add_online_cb failed.\n")); goto fail; } /* TODO: add destructor */ return EOK; fail: talloc_zfree(krb5_ctx->deferred_auth_ctx); return ret; } sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_common.h0000644000000000000000000000007412320753107021606 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.470875087 sssd-1.11.5/src/providers/krb5/krb5_common.h0000664002412700241270000001257212320753107022037 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos Backend, common header file Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __KRB5_COMMON_H__ #define __KRB5_COMMON_H__ #include "config.h" #include #include "providers/dp_backend.h" #include "util/util.h" #include "util/sss_krb5.h" #define SSSD_KRB5_KDC "SSSD_KRB5_KDC" #define SSSD_KRB5_REALM "SSSD_KRB5_REALM" #define SSSD_KRB5_RENEWABLE_LIFETIME "SSSD_KRB5_RENEWABLE_LIFETIME" #define SSSD_KRB5_LIFETIME "SSSD_KRB5_LIFETIME" #define SSSD_KRB5_USE_FAST "SSSD_KRB5_USE_FAST" #define SSSD_KRB5_FAST_PRINCIPAL "SSSD_KRB5_FAST_PRINCIPAL" #define SSSD_KRB5_CANONICALIZE "SSSD_KRB5_CANONICALIZE" #define KDCINFO_TMPL PUBCONF_PATH"/kdcinfo.%s" #define KPASSWDINFO_TMPL PUBCONF_PATH"/kpasswdinfo.%s" #define SSS_KRB5KDC_FO_SRV "KERBEROS" #define SSS_KRB5KPASSWD_FO_SRV "KPASSWD" enum krb5_opts { KRB5_KDC = 0, KRB5_BACKUP_KDC, KRB5_REALM, KRB5_CCACHEDIR, KRB5_CCNAME_TMPL, KRB5_AUTH_TIMEOUT, KRB5_KEYTAB, KRB5_VALIDATE, KRB5_KPASSWD, KRB5_BACKUP_KPASSWD, KRB5_STORE_PASSWORD_IF_OFFLINE, KRB5_RENEWABLE_LIFETIME, KRB5_LIFETIME, KRB5_RENEW_INTERVAL, KRB5_USE_FAST, KRB5_FAST_PRINCIPAL, KRB5_CANONICALIZE, KRB5_USE_ENTERPRISE_PRINCIPAL, KRB5_USE_KDCINFO, KRB5_OPTS }; typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type; struct tgt_times { time_t authtime; time_t starttime; time_t endtime; time_t renew_till; }; struct krb5_service { char *name; char *realm; bool write_kdcinfo; }; struct fo_service; struct deferred_auth_ctx; struct renew_tgt_ctx; enum krb5_config_type { K5C_GENERIC, K5C_IPA_CLIENT, K5C_IPA_SERVER }; struct krb5_ctx { /* opts taken from kinit */ /* in seconds */ krb5_deltat starttime; krb5_deltat lifetime; krb5_deltat rlife; int forwardable; int proxiable; int addresses; int not_forwardable; int not_proxiable; int no_addresses; int verbose; char* principal_name; char* service_name; char* keytab_name; char* k5_cache_name; char* k4_cache_name; action_type action; struct dp_option *opts; struct krb5_service *service; struct krb5_service *kpasswd_service; int child_debug_fd; pcre *illegal_path_re; struct deferred_auth_ctx *deferred_auth_ctx; struct renew_tgt_ctx *renew_tgt_ctx; bool use_fast; hash_table_t *wait_queue_hash; enum krb5_config_type config_type; }; struct remove_info_files_ctx { char *realm; struct be_ctx *be_ctx; const char *kdc_service_name; const char *kpasswd_service_name; }; errno_t check_and_export_options(struct dp_option *opts, struct sss_domain_info *dom, struct krb5_ctx *krb5_ctx); errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path, struct dp_option *opts, int opt_id); errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct dp_option **_opts); errno_t write_krb5info_file(const char *realm, const char *kdc, const char *service); int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, const char *service_name, const char *primary_servers, const char *backup_servers, const char *realm, bool use_kdcinfo, struct krb5_service **_service); void remove_krb5_info_files_callback(void *pvt); void krb5_finalize(struct tevent_context *ev, struct tevent_signal *se, int signum, int count, void *siginfo, void *private_data); errno_t krb5_install_offline_callback(struct be_ctx *be_ctx, struct krb5_ctx *krb_ctx); errno_t krb5_install_sigterm_handler(struct tevent_context *ev, struct krb5_ctx *krb5_ctx); errno_t write_krb5info_file(const char *realm, const char *kdc, const char *service); errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm); errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, struct sss_domain_info *dom, const char *username, const char *user_dom, char **_upn); errno_t compare_principal_realm(const char *upn, const char *realm, bool *different_realm); int sssm_krb5_auth_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_auth_data); #endif /* __KRB5_COMMON_H__ */ sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_child.c0000644000000000000000000000007212320753107021372 xustar000000000000000030 atime=1396954939.265891431 28 ctime=1396954961.7238749 sssd-1.11.5/src/providers/krb5/krb5_child.c0000664002412700241270000017521212320753107021626 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos 5 Backend Module -- tgt_req and changepw child Authors: Sumit Bose Copyright (C) 2009-2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "util/sss_krb5.h" #include "util/user_info_msg.h" #include "util/child_common.h" #include "providers/dp_backend.h" #include "providers/krb5/krb5_auth.h" #include "providers/krb5/krb5_utils.h" #include "sss_cli.h" #define SSSD_KRB5_CHANGEPW_PRINCIPAL "kadmin/changepw" struct krb5_req { krb5_context ctx; krb5_principal princ; char* name; krb5_creds *creds; bool otp; krb5_get_init_creds_opt *options; struct pam_data *pd; char *realm; char *ccname; char *keytab; bool validate; bool send_pac; bool use_enterprise_princ; char *fast_ccname; const char *upn; uid_t uid; gid_t gid; }; static krb5_context krb5_error_ctx; #define KRB5_CHILD_DEBUG(level, error) KRB5_DEBUG(level, krb5_error_ctx, error) static krb5_error_code set_lifetime_options(krb5_get_init_creds_opt *options) { char *lifetime_str; krb5_error_code kerr; krb5_deltat lifetime; lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME); if (lifetime_str == NULL) { DEBUG(SSSDBG_CONF_SETTINGS, ("Cannot read [%s] from environment.\n", SSSD_KRB5_RENEWABLE_LIFETIME)); /* Unset option flag to make sure defaults from krb5.conf are used. */ options->flags &= ~(KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE); } else { kerr = krb5_string_to_deltat(lifetime_str, &lifetime); if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_string_to_deltat failed for [%s].\n", lifetime_str)); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } DEBUG(SSSDBG_CONF_SETTINGS, ("%s is set to [%s]\n", SSSD_KRB5_RENEWABLE_LIFETIME, lifetime_str)); krb5_get_init_creds_opt_set_renew_life(options, lifetime); } lifetime_str = getenv(SSSD_KRB5_LIFETIME); if (lifetime_str == NULL) { DEBUG(SSSDBG_CONF_SETTINGS, ("Cannot read [%s] from environment.\n", SSSD_KRB5_LIFETIME)); /* Unset option flag to make sure defaults from krb5.conf are used. */ options->flags &= ~(KRB5_GET_INIT_CREDS_OPT_TKT_LIFE); } else { kerr = krb5_string_to_deltat(lifetime_str, &lifetime); if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_string_to_deltat failed for [%s].\n", lifetime_str)); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } DEBUG(SSSDBG_CONF_SETTINGS, ("%s is set to [%s]\n", SSSD_KRB5_LIFETIME, lifetime_str)); krb5_get_init_creds_opt_set_tkt_life(options, lifetime); } return 0; } static void set_canonicalize_option(krb5_get_init_creds_opt *opts) { int canonicalize = 0; char *tmp_str; tmp_str = getenv(SSSD_KRB5_CANONICALIZE); if (tmp_str != NULL && strcasecmp(tmp_str, "true") == 0) { canonicalize = 1; } DEBUG(SSSDBG_CONF_SETTINGS, ("%s is set to [%s]\n", SSSD_KRB5_CANONICALIZE, tmp_str ? tmp_str : "not set")); sss_krb5_get_init_creds_opt_set_canonicalize(opts, canonicalize); } static void set_changepw_options(krb5_context ctx, krb5_get_init_creds_opt *options) { sss_krb5_get_init_creds_opt_set_canonicalize(options, 0); krb5_get_init_creds_opt_set_forwardable(options, 0); krb5_get_init_creds_opt_set_proxiable(options, 0); krb5_get_init_creds_opt_set_renew_life(options, 0); krb5_get_init_creds_opt_set_tkt_life(options, 5*60); } static void revert_changepw_options(krb5_get_init_creds_opt *options) { krb5_error_code kerr; set_canonicalize_option(options); /* Currently we do not set forwardable and proxiable explicitly, the flags * must be removed so that libkrb5 can take the defaults from krb5.conf */ options->flags &= ~(KRB5_GET_INIT_CREDS_OPT_FORWARDABLE); options->flags &= ~(KRB5_GET_INIT_CREDS_OPT_PROXIABLE); kerr = set_lifetime_options(options); if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, ("set_lifetime_options failed.\n")); } } static errno_t sss_send_pac(krb5_authdata **pac_authdata) { struct sss_cli_req_data sss_data; int ret; int errnop; sss_data.len = pac_authdata[0]->length; sss_data.data = pac_authdata[0]->contents; ret = sss_pac_make_request(SSS_PAC_ADD_PAC_USER, &sss_data, NULL, NULL, &errnop); if (ret != NSS_STATUS_SUCCESS || errnop != 0) { DEBUG(SSSDBG_OP_FAILURE, ("sss_pac_make_request failed [%d][%d].\n", ret, errnop)); return EIO; } return EOK; } static void sss_krb5_expire_callback_func(krb5_context context, void *data, krb5_timestamp password_expiration, krb5_timestamp account_expiration, krb5_boolean is_last_req) { int ret; uint32_t *blob; long exp_time; struct krb5_req *kr = talloc_get_type(data, struct krb5_req); if (password_expiration == 0) { return; } exp_time = password_expiration - time(NULL); if (exp_time < 0 || exp_time > UINT32_MAX) { DEBUG(1, ("Time to expire out of range.\n")); return; } DEBUG(SSSDBG_TRACE_INTERNAL, ("exp_time: [%ld]\n", exp_time)); blob = talloc_array(kr->pd, uint32_t, 2); if (blob == NULL) { DEBUG(1, ("talloc_size failed.\n")); return; } blob[0] = SSS_PAM_USER_INFO_EXPIRE_WARN; blob[1] = (uint32_t) exp_time; ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, 2 * sizeof(uint32_t), (uint8_t *) blob); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } return; } #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_RESPONDER /* * TODO: These features generally would requires a significant refactoring * of SSSD and MIT krb5 doesn't support them anyway. They are listed here * simply as a reminder of things that might become future feature potential. * * 1. tokeninfo selection * 2. challenge * 3. discreet token/pin prompting * 4. interactive otp format correction * 5. nextOTP * */ typedef int (*checker)(int c); static inline checker pick_checker(int format) { switch (format) { case KRB5_RESPONDER_OTP_FORMAT_DECIMAL: return isdigit; case KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL: return isxdigit; case KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC: return isalnum; } return NULL; } static int token_pin_destructor(char *mem) { safezero(mem, strlen(mem)); return 0; } static krb5_error_code tokeninfo_matches(TALLOC_CTX *mem_ctx, const krb5_responder_otp_tokeninfo *ti, const char *pwd, size_t len, char **out_token, char **out_pin) { char *token = NULL, *pin = NULL; checker check = NULL; int i; if (ti->flags & KRB5_RESPONDER_OTP_FLAGS_NEXTOTP) { return ENOTSUP; } if (ti->challenge != NULL) { return ENOTSUP; } /* This is a non-sensical value. */ if (ti->length == 0) { return EPROTO; } if (ti->flags & KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN) { /* ASSUMPTION: authtok has one of the following formats: * 1. TokenValue * 2. PIN+TokenValue */ token = talloc_strndup(mem_ctx, pwd, len); if (token == NULL) { return ENOMEM; } talloc_set_destructor(token, token_pin_destructor); if (ti->flags & KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN) { /* If the server desires a separate pin, we will split it. * ASSUMPTION: Format of authtok is PIN+TokenValue. */ if (ti->flags & KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN) { if (ti->length < 1) { talloc_free(token); return ENOTSUP; } if (ti->length >= len) { talloc_free(token); return EMSGSIZE; } /* Copy the PIN from the front of the value. */ pin = talloc_strndup(NULL, pwd, len - ti->length); if (pin == NULL) { talloc_free(token); return ENOMEM; } talloc_set_destructor(pin, token_pin_destructor); /* Remove the PIN from the front of the token value. */ memmove(token, token + len - ti->length, ti->length + 1); check = pick_checker(ti->format); } else { if (ti->length > 0 && ti->length > len) { talloc_free(token); return EMSGSIZE; } } } else { if (ti->length > 0 && ti->length != len) { talloc_free(token); return EMSGSIZE; } check = pick_checker(ti->format); } } else { pin = talloc_strndup(mem_ctx, pwd, len); if (pin == NULL) { return ENOMEM; } talloc_set_destructor(pin, token_pin_destructor); } /* If check is set, we need to verify the contents of the token. */ for (i = 0; check != NULL && token[i] != '\0'; i++) { if (!check(token[i])) { talloc_free(token); talloc_free(pin); return EBADMSG; } } *out_token = token; *out_pin = pin; return 0; } static krb5_error_code answer_otp(krb5_context ctx, struct krb5_req *kr, krb5_responder_context rctx) { krb5_responder_otp_challenge *chl; char *token = NULL, *pin = NULL; const char *pwd = NULL; krb5_error_code ret; size_t i, len; ret = krb5_responder_otp_get_challenge(ctx, rctx, &chl); if (ret != EOK || chl == NULL) { /* Either an error, or nothing to do. */ return ret; } if (chl->tokeninfo == NULL || chl->tokeninfo[0] == NULL) { /* No tokeninfos? Absurd! */ ret = EINVAL; goto done; } kr->otp = true; /* Validate our assumptions about the contents of authtok. */ ret = sss_authtok_get_password(kr->pd->authtok, &pwd, &len); if (ret != EOK) goto done; /* Find the first supported tokeninfo which matches our authtoken. */ for (i = 0; chl->tokeninfo[i] != NULL; i++) { ret = tokeninfo_matches(kr, chl->tokeninfo[i], pwd, len, &token, &pin); if (ret == EOK) { break; } switch (ret) { case EBADMSG: case EMSGSIZE: case ENOTSUP: case EPROTO: break; default: goto done; } } if (chl->tokeninfo[i] == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No tokeninfos found which match our credentials.\n")); ret = EOK; goto done; } if (chl->tokeninfo[i]->flags & KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN) { /* Don't let SSSD cache the OTP authtok since it is single-use. */ ret = pam_add_response(kr->pd, SSS_OTP, 0, NULL); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); goto done; } } /* Respond with the appropriate answer. */ ret = krb5_responder_otp_set_answer(ctx, rctx, i, token, pin); done: talloc_free(token); talloc_free(pin); krb5_responder_otp_challenge_free(ctx, rctx, chl); return ret; } static krb5_error_code sss_krb5_responder(krb5_context ctx, void *data, krb5_responder_context rctx) { struct krb5_req *kr = talloc_get_type(data, struct krb5_req); if (kr == NULL) { return EINVAL; } return answer_otp(ctx, kr, rctx); } #endif static krb5_error_code sss_krb5_prompter(krb5_context context, void *data, const char *name, const char *banner, int num_prompts, krb5_prompt prompts[]) { int ret; struct krb5_req *kr = talloc_get_type(data, struct krb5_req); if (num_prompts != 0) { DEBUG(1, ("Cannot handle password prompts.\n")); return KRB5_LIBOS_CANTREADPWD; } if (banner == NULL || *banner == '\0') { DEBUG(5, ("Prompter called with empty banner, nothing to do.\n")); return EOK; } DEBUG(SSSDBG_FUNC_DATA, ("Prompter called with [%s].\n", banner)); ret = pam_add_response(kr->pd, SSS_PAM_TEXT_MSG, strlen(banner)+1, (const uint8_t *) banner); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } return EOK; } static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ, krb5_creds **_cred) { krb5_error_code kerr; krb5_creds *cred = NULL; krb5_data *krb5_realm; cred = calloc(sizeof(krb5_creds), 1); if (cred == NULL) { DEBUG(1, ("calloc failed.\n")); return ENOMEM; } kerr = krb5_copy_principal(ctx, princ, &cred->client); if (kerr != 0) { DEBUG(1, ("krb5_copy_principal failed.\n")); goto done; } krb5_realm = krb5_princ_realm(ctx, princ); kerr = krb5_build_principal_ext(ctx, &cred->server, krb5_realm->length, krb5_realm->data, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, krb5_realm->length, krb5_realm->data, 0); if (kerr != 0) { DEBUG(1, ("krb5_build_principal_ext failed.\n")); goto done; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Created empty krb5_creds.\n")); done: if (kerr != 0) { krb5_free_cred_contents(ctx, cred); free(cred); } else { *_cred = cred; } return kerr; } static errno_t handle_randomized(char *in) { size_t ccname_len; char *ccname = NULL; int ret; int fd; mode_t old_umask; /* We only treat the FILE type case in a special way due to the history * of storing FILE type ccache in /tmp and associated security issues */ if (in[0] == '/') { ccname = in; } else if (strncmp(in, "FILE:", 5) == 0) { ccname = in + 5; } else { return EOK; } ccname_len = strlen(ccname); if (ccname_len >= 6 && strcmp(ccname + (ccname_len - 6), "XXXXXX") == 0) { /* NOTE: this call is only used to create a unique name, as later * krb5_cc_initialize() will unlink and recreate the file. * This is ok because this part of the code is called with * privileges already dropped when handling user ccache, or the ccache * is stored in a private directory. So we do not have huge issues if * something races, we mostly care only about not accidentally use * an existing name and thus failing in the process of saving the * cache. Malicious races can only be avoided by libkrb5 itself. */ old_umask = umask(077); fd = mkstemp(ccname); umask(old_umask); if (fd == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("mkstemp(\"%s\") failed!\n", ccname)); return ret; } } return EOK; } /* NOTE: callers rely on 'name' being *changed* if it needs to be randomized, * as they will then send the name back to the new name via the return call * k5c_attach_ccname_msg(). Callers will send in a copy of the name if they * do not care for changes. */ static krb5_error_code create_ccache(char *ccname, krb5_creds *creds) { krb5_context kctx = NULL; krb5_ccache kcc = NULL; const char *type; krb5_error_code kerr; #ifdef HAVE_KRB5_CC_COLLECTION krb5_ccache cckcc; bool switch_to_cc = false; #endif /* Set a restrictive umask, just in case we end up creating any file */ umask(077); /* we create a new context here as the main process one may have been * opened as root and contain possibly references (even open handles ?) * to resources we do not have or do not want to have access to */ kerr = krb5_init_context(&kctx); if (kerr) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return ERR_INTERNAL; } kerr = handle_randomized(ccname); if (kerr) goto done; kerr = krb5_cc_resolve(kctx, ccname, &kcc); if (kerr) goto done; type = krb5_cc_get_type(kctx, kcc); DEBUG(SSSDBG_TRACE_ALL, ("Initializing ccache of type [%s]\n", type)); #ifdef HAVE_KRB5_CC_COLLECTION if (krb5_cc_support_switch(kctx, type)) { kerr = krb5_cc_set_default_name(kctx, ccname); if (kerr) goto done; kerr = krb5_cc_cache_match(kctx, creds->client, &cckcc); if (kerr == KRB5_CC_NOTFOUND) { kerr = krb5_cc_new_unique(kctx, type, NULL, &cckcc); switch_to_cc = true; } if (kerr) goto done; krb5_cc_close(kctx, kcc); kcc = cckcc; } #endif kerr = krb5_cc_initialize(kctx, kcc, creds->client); if (kerr) goto done; kerr = krb5_cc_store_cred(kctx, kcc, creds); if (kerr) goto done; #ifdef HAVE_KRB5_CC_COLLECTION if (switch_to_cc) { kerr = krb5_cc_switch(kctx, kcc); if (kerr) goto done; } #endif done: if (kcc) { /* FIXME: should we krb5_cc_destroy in case of error ? */ krb5_cc_close(kctx, kcc); } return kerr; } static errno_t pack_response_packet(TALLOC_CTX *mem_ctx, errno_t error, struct response_data *resp_list, uint8_t **_buf, size_t *_len) { uint8_t *buf; size_t size = 0; size_t p = 0; struct response_data *pdr; /* A buffer with the following structure must be created: * int32_t status of the request (required) * message (zero or more) * * A message consists of: * int32_t type of the message * int32_t length of the following data * uint8_t[len] data */ size = sizeof(int32_t); for (pdr = resp_list; pdr != NULL; pdr = pdr->next) { size += 2*sizeof(int32_t) + pdr->len; } buf = talloc_array(mem_ctx, uint8_t, size); if (!buf) { DEBUG(1, ("Insufficient memory to create message.\n")); return ENOMEM; } SAFEALIGN_SET_INT32(&buf[p], error, &p); for (pdr = resp_list; pdr != NULL; pdr = pdr->next) { SAFEALIGN_SET_INT32(&buf[p], pdr->type, &p); SAFEALIGN_SET_INT32(&buf[p], pdr->len, &p); safealign_memcpy(&buf[p], pdr->data, pdr->len, &p); } DEBUG(SSSDBG_TRACE_INTERNAL, ("response packet size: [%zu]\n", p)); *_buf = buf; *_len = p; return EOK; } static errno_t k5c_attach_ccname_msg(struct krb5_req *kr) { char *msg = NULL; int ret; if (kr->ccname == NULL) { DEBUG(1, ("Error obtaining ccname.\n")); return ERR_INTERNAL; } msg = talloc_asprintf(kr, "%s=%s",CCACHE_ENV_NAME, kr->ccname); if (msg == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); return ENOMEM; } ret = pam_add_response(kr->pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1, (uint8_t *)msg); talloc_zfree(msg); return ret; } static errno_t k5c_send_data(struct krb5_req *kr, int fd, errno_t error) { size_t written; uint8_t *buf; size_t len; int ret; DEBUG(SSSDBG_FUNC_DATA, ("Received error code %d\n", error)); ret = pack_response_packet(kr, error, kr->pd->resp_list, &buf, &len); if (ret != EOK) { DEBUG(1, ("pack_response_packet failed.\n")); return ret; } errno = 0; written = sss_atomic_write_s(fd, buf, len); if (written == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("write failed [%d][%s].\n", ret, strerror(ret))); return ret; } if (written != len) { DEBUG(SSSDBG_CRIT_FAILURE, ("Write error, wrote [%zu] bytes, expected [%zu]\n", written, len)); return EOK; } DEBUG(SSSDBG_TRACE_ALL, ("Response sent.\n")); return EOK; } static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr) { int ret; int64_t t[4]; krb5_error_code kerr; char *upn = NULL; unsigned int upn_len = 0; t[0] = (int64_t) kr->creds->times.authtime; t[1] = (int64_t) kr->creds->times.starttime; t[2] = (int64_t) kr->creds->times.endtime; t[3] = (int64_t) kr->creds->times.renew_till; ret = pam_add_response(kr->pd, SSS_KRB5_INFO_TGT_LIFETIME, 4*sizeof(int64_t), (uint8_t *) t); if (ret != EOK) { DEBUG(1, ("pack_response_packet failed.\n")); goto done; } kerr = krb5_unparse_name_ext(kr->ctx, kr->creds->client, &upn, &upn_len); if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_unparse_name failed.\n")); goto done; } ret = pam_add_response(kr->pd, SSS_KRB5_INFO_UPN, upn_len, (uint8_t *) upn); krb5_free_unparsed_name(kr->ctx, upn); if (ret != EOK) { DEBUG(1, ("pack_response_packet failed.\n")); goto done; } done: return ret; } static krb5_error_code validate_tgt(struct krb5_req *kr) { krb5_error_code kerr; krb5_error_code kt_err; char *principal = NULL; krb5_keytab keytab; krb5_kt_cursor cursor; krb5_keytab_entry entry; krb5_verify_init_creds_opt opt; krb5_principal validation_princ = NULL; bool realm_entry_found = false; krb5_ccache validation_ccache = NULL; krb5_authdata **pac_authdata = NULL; memset(&keytab, 0, sizeof(keytab)); kerr = krb5_kt_resolve(kr->ctx, kr->keytab, &keytab); if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("error resolving keytab [%s], " \ "not verifying TGT.\n", kr->keytab)); return kerr; } memset(&cursor, 0, sizeof(cursor)); kerr = krb5_kt_start_seq_get(kr->ctx, keytab, &cursor); if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("error reading keytab [%s], " \ "not verifying TGT.\n", kr->keytab)); return kerr; } /* We look for the first entry from our realm or take the last one */ memset(&entry, 0, sizeof(entry)); while ((kt_err = krb5_kt_next_entry(kr->ctx, keytab, &entry, &cursor)) == 0) { if (validation_princ != NULL) { krb5_free_principal(kr->ctx, validation_princ); validation_princ = NULL; } kerr = krb5_copy_principal(kr->ctx, entry.principal, &validation_princ); if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_copy_principal failed.\n")); goto done; } kerr = sss_krb5_free_keytab_entry_contents(kr->ctx, &entry); if (kerr != 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to free keytab entry.\n")); } memset(&entry, 0, sizeof(entry)); if (krb5_realm_compare(kr->ctx, validation_princ, kr->creds->client)) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Found keytab entry with the realm of the credential.\n")); realm_entry_found = true; break; } } if (!realm_entry_found) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Keytab entry with the realm of the credential not found " "in keytab. Using the last entry.\n")); } /* Close the keytab here. Even though we're using cursors, the file * handle is stored in the krb5_keytab structure, and it gets * overwritten when the verify_init_creds() call below creates its own * cursor, creating a leak. */ kerr = krb5_kt_end_seq_get(kr->ctx, keytab, &cursor); if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_kt_end_seq_get failed, " \ "not verifying TGT.\n")); goto done; } /* check if we got any errors from krb5_kt_next_entry */ if (kt_err != 0 && kt_err != KRB5_KT_END) { DEBUG(SSSDBG_CRIT_FAILURE, ("error reading keytab [%s], " \ "not verifying TGT.\n", kr->keytab)); goto done; } /* Get the principal to which the key belongs, for logging purposes. */ principal = NULL; kerr = krb5_unparse_name(kr->ctx, validation_princ, &principal); if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("internal error parsing principal name, " "not verifying TGT.\n")); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); goto done; } krb5_verify_init_creds_opt_init(&opt); kerr = krb5_verify_init_creds(kr->ctx, kr->creds, validation_princ, keytab, &validation_ccache, &opt); if (kerr == 0) { DEBUG(SSSDBG_TRACE_FUNC, ("TGT verified using key for [%s].\n", principal)); } else { DEBUG(SSSDBG_CRIT_FAILURE ,("TGT failed verification using key " \ "for [%s].\n", principal)); goto done; } /* Try to find and send the PAC to the PAC responder. * Failures are not critical. */ if (kr->send_pac) { kerr = sss_extract_pac(kr->ctx, validation_ccache, validation_princ, kr->creds->client, keytab, &pac_authdata); if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, ("sss_extract_and_send_pac failed, group " \ "membership for user with principal [%s] " \ "might not be correct.\n", kr->name)); kerr = 0; goto done; } kerr = sss_send_pac(pac_authdata); krb5_free_authdata(kr->ctx, pac_authdata); if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, ("sss_send_pac failed, group " \ "membership for user with principal [%s] " \ "might not be correct.\n", kr->name)); kerr = 0; } } done: if (validation_ccache != NULL) { krb5_cc_destroy(kr->ctx, validation_ccache); } if (krb5_kt_close(kr->ctx, keytab) != 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("krb5_kt_close failed")); } if (validation_princ != NULL) { krb5_free_principal(kr->ctx, validation_princ); } if (principal != NULL) { sss_krb5_free_unparsed_name(kr->ctx, principal); } return kerr; } static krb5_error_code get_and_save_tgt_with_keytab(krb5_context ctx, krb5_principal princ, krb5_keytab keytab, char *ccname) { krb5_error_code kerr = 0; krb5_creds creds; krb5_get_init_creds_opt options; memset(&creds, 0, sizeof(creds)); memset(&options, 0, sizeof(options)); krb5_get_init_creds_opt_set_address_list(&options, NULL); krb5_get_init_creds_opt_set_forwardable(&options, 0); krb5_get_init_creds_opt_set_proxiable(&options, 0); set_canonicalize_option(&options); kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL, &options); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } /* Use the updated principal in the creds in case canonicalized */ kerr = create_ccache(ccname, &creds); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); goto done; } kerr = 0; done: krb5_free_cred_contents(ctx, &creds); return kerr; } static krb5_error_code get_and_save_tgt(struct krb5_req *kr, const char *password) { const char *realm_name; int realm_length; krb5_error_code kerr; char *cc_name; kerr = sss_krb5_get_init_creds_opt_set_expire_callback(kr->ctx, kr->options, sss_krb5_expire_callback_func, kr); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); DEBUG(1, ("Failed to set expire callback, continue without.\n")); } sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length); DEBUG(SSSDBG_TRACE_FUNC, ("Attempting kinit for realm [%s]\n",realm_name)); kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, discard_const(password), sss_krb5_prompter, kr, 0, NULL, kr->options); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } if (kr->validate) { kerr = validate_tgt(kr); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } } else { DEBUG(SSSDBG_CONF_SETTINGS, ("TGT validation is disabled.\n")); } if (kr->validate || kr->fast_ccname != NULL) { /* We drop root privileges which were needed to read the keytab file * for the validation of the credentials or for FAST here to run the * ccache I/O operations with user privileges. */ kerr = become_user(kr->uid, kr->gid); if (kerr != 0) { DEBUG(1, ("become_user failed.\n")); return kerr; } } /* If kr->ccname is cache collection (DIR:/...), we want to work * directly with file ccache (DIR::/...), but cache collection * should be returned back to back end. */ cc_name = sss_get_ccache_name_for_principal(kr->pd, kr->ctx, kr->creds->client, kr->ccname); if (cc_name == NULL) { cc_name = kr->ccname; } /* Use the updated principal in the creds in case canonicalized */ kerr = create_ccache(cc_name, kr->creds); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); goto done; } kerr = add_ticket_times_and_upn_to_response(kr); if (kerr != 0) { DEBUG(1, ("add_ticket_times_and_upn_to_response failed.\n")); } kerr = 0; done: krb5_free_cred_contents(kr->ctx, kr->creds); return kerr; } static errno_t map_krb5_error(krb5_error_code kerr) { if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); } switch (kerr) { case 0: return ERR_OK; case KRB5_LIBOS_CANTREADPWD: return ERR_NO_CREDS; case KRB5_KDC_UNREACH: case KRB5_REALM_CANT_RESOLVE: return ERR_NETWORK_IO; case KRB5KDC_ERR_CLIENT_REVOKED: return ERR_ACCOUNT_EXPIRED; case KRB5KDC_ERR_KEY_EXP: return ERR_CREDS_EXPIRED; case KRB5KRB_AP_ERR_BAD_INTEGRITY: return ERR_AUTH_FAILED; /* ERR_CREDS_INVALID is used to indicate to the IPA provider that trying * password migration would make sense. All Kerberos error codes which can * be seen while migrating LDAP users to IPA should be added here. */ case KRB5_PROG_ETYPE_NOSUPP: case KRB5_PREAUTH_FAILED: case KRB5KDC_ERR_PREAUTH_FAILED: return ERR_CREDS_INVALID; default: return ERR_INTERNAL; } } static errno_t changepw_child(struct krb5_req *kr, bool prelim) { int ret; krb5_error_code kerr = 0; const char *password = NULL; const char *newpassword = NULL; int result_code = -1; krb5_data result_code_string; krb5_data result_string; char *user_error_message = NULL; size_t user_resp_len; uint8_t *user_resp; krb5_prompter_fct prompter = NULL; const char *realm_name; int realm_length; size_t msg_len; uint8_t *msg; DEBUG(SSSDBG_TRACE_LIBS, ("Password change operation\n")); ret = sss_authtok_get_password(kr->pd->authtok, &password, NULL); if (ret != EOK) { DEBUG(1, ("Failed to fetch current password [%d] %s.\n", ret, strerror(ret))); return ERR_NO_CREDS; } if (!prelim) { /* We do not need a password expiration warning here. */ prompter = sss_krb5_prompter; } set_changepw_options(kr->ctx, kr->options); sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length); DEBUG(SSSDBG_TRACE_FUNC, ("Attempting kinit for realm [%s]\n",realm_name)); kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, discard_const(password), prompter, kr, 0, SSSD_KRB5_CHANGEPW_PRINCIPAL, kr->options); DEBUG(SSSDBG_TRACE_INTERNAL, ("chpass is%s using OTP\n", kr->otp ? "" : " not")); if (kerr != 0) { ret = pack_user_info_chpass_error(kr->pd, "Old password not accepted.", &msg_len, &msg); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("pack_user_info_chpass_error failed.\n")); } else { ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, msg_len, msg); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("pam_add_response failed.\n")); } } return kerr; } sss_authtok_set_empty(kr->pd->authtok); if (prelim) { DEBUG(SSSDBG_TRACE_LIBS, ("Initial authentication for change password operation " "successful.\n")); krb5_free_cred_contents(kr->ctx, kr->creds); return EOK; } ret = sss_authtok_get_password(kr->pd->newauthtok, &newpassword, NULL); if (ret != EOK) { DEBUG(1, ("Failed to fetch new password [%d] %s.\n", ret, strerror(ret))); return ERR_NO_CREDS; } memset(&result_code_string, 0, sizeof(krb5_data)); memset(&result_string, 0, sizeof(krb5_data)); kerr = krb5_change_password(kr->ctx, kr->creds, discard_const(newpassword), &result_code, &result_code_string, &result_string); if (kerr == KRB5_KDC_UNREACH) { return ERR_NETWORK_IO; } if (kerr != 0 || result_code != 0) { if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); } if (result_code_string.length > 0) { DEBUG(1, ("krb5_change_password failed [%d][%.*s].\n", result_code, result_code_string.length, result_code_string.data)); user_error_message = talloc_strndup(kr->pd, result_code_string.data, result_code_string.length); if (user_error_message == NULL) { DEBUG(1, ("talloc_strndup failed.\n")); } } if (result_string.length > 0 && result_string.data[0] != '\0') { DEBUG(1, ("krb5_change_password failed [%d][%.*s].\n", result_code, result_string.length, result_string.data)); talloc_free(user_error_message); user_error_message = talloc_strndup(kr->pd, result_string.data, result_string.length); if (user_error_message == NULL) { DEBUG(1, ("talloc_strndup failed.\n")); } } else if (result_code == KRB5_KPASSWD_SOFTERROR) { user_error_message = talloc_strdup(kr->pd, "Please make sure the " "password meets the complexity constraints."); if (user_error_message == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strndup failed.\n")); } } if (user_error_message != NULL) { ret = pack_user_info_chpass_error(kr->pd, user_error_message, &user_resp_len, &user_resp); if (ret != EOK) { DEBUG(1, ("pack_user_info_chpass_error failed.\n")); } else { ret = pam_add_response(kr->pd, SSS_PAM_USER_INFO, user_resp_len, user_resp); if (ret != EOK) { DEBUG(1, ("pack_response_packet failed.\n")); } } } return ERR_CHPASS_FAILED; } krb5_free_cred_contents(kr->ctx, kr->creds); if (kr->otp == true) { sss_authtok_set_empty(kr->pd->newauthtok); return map_krb5_error(kerr); } /* We changed some of the gic options for the password change, now we have * to change them back to get a fresh TGT. */ revert_changepw_options(kr->options); kerr = get_and_save_tgt(kr, newpassword); sss_authtok_set_empty(kr->pd->newauthtok); if (kerr == 0) { kerr = k5c_attach_ccname_msg(kr); } return map_krb5_error(kerr); } static errno_t tgt_req_child(struct krb5_req *kr) { const char *password = NULL; krb5_error_code kerr; int ret; DEBUG(SSSDBG_TRACE_LIBS, ("Attempting to get a TGT\n")); ret = sss_authtok_get_password(kr->pd->authtok, &password, NULL); switch (ret) { case EOK: break; case EACCES: DEBUG(SSSDBG_OP_FAILURE, ("Invalid authtok type\n")); return ERR_INVALID_CRED_TYPE; break; default: DEBUG(SSSDBG_OP_FAILURE, ("No credentials available\n")); return ERR_NO_CREDS; break; } kerr = get_and_save_tgt(kr, password); if (kerr != KRB5KDC_ERR_KEY_EXP) { if (kerr == 0) { kerr = k5c_attach_ccname_msg(kr); } ret = map_krb5_error(kerr); goto done; } /* If the password is expired the KDC will always return KRB5KDC_ERR_KEY_EXP regardless if the supplied password is correct or not. In general the password can still be used to get a changepw ticket. So we validate the password by trying to get a changepw ticket. */ DEBUG(SSSDBG_TRACE_LIBS, ("Password was expired\n")); kerr = sss_krb5_get_init_creds_opt_set_expire_callback(kr->ctx, kr->options, NULL, NULL); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); DEBUG(1, ("Failed to unset expire callback, continue ...\n")); } set_changepw_options(kr->ctx, kr->options); kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, discard_const(password), sss_krb5_prompter, kr, 0, SSSD_KRB5_CHANGEPW_PRINCIPAL, kr->options); krb5_free_cred_contents(kr->ctx, kr->creds); if (kerr == 0) { ret = ERR_CREDS_EXPIRED; } else { ret = map_krb5_error(kerr); } done: sss_authtok_set_empty(kr->pd->authtok); return ret; } static errno_t kuserok_child(struct krb5_req *kr) { krb5_boolean access_allowed; krb5_error_code kerr; DEBUG(SSSDBG_TRACE_LIBS, ("Verifying if principal can log in as user\n")); /* krb5_kuserok tries to verify that kr->pd->user is a locally known * account, so we have to unset _SSS_LOOPS to make getpwnam() work. */ if (unsetenv("_SSS_LOOPS") != 0) { DEBUG(1, ("Failed to unset _SSS_LOOPS, " "krb5_kuserok will most certainly fail.\n")); } kerr = krb5_set_default_realm(kr->ctx, kr->realm); if (kerr != 0) { DEBUG(1, ("krb5_set_default_realm failed, " "krb5_kuserok may fail.\n")); } access_allowed = krb5_kuserok(kr->ctx, kr->princ, kr->pd->user); DEBUG(SSSDBG_TRACE_LIBS, ("Access was %s\n", access_allowed ? "allowed" : "denied")); if (access_allowed) { return EOK; } return ERR_AUTH_DENIED; } static errno_t renew_tgt_child(struct krb5_req *kr) { const char *ccname; krb5_ccache ccache = NULL; krb5_error_code kerr; int ret; DEBUG(SSSDBG_TRACE_LIBS, ("Renewing a ticket\n")); ret = sss_authtok_get_ccfile(kr->pd->authtok, &ccname, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unsupported authtok type for TGT renewal [%d].\n", sss_authtok_get_type(kr->pd->authtok))); return ERR_INVALID_CRED_TYPE; } kerr = krb5_cc_resolve(kr->ctx, ccname, &ccache); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); goto done; } kerr = krb5_get_renewed_creds(kr->ctx, kr->creds, kr->princ, ccache, NULL); if (kerr != 0) { goto done; } if (kr->validate) { kerr = validate_tgt(kr); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); goto done; } } else { DEBUG(SSSDBG_CONF_SETTINGS, ("TGT validation is disabled.\n")); } if (kr->validate || kr->fast_ccname != NULL) { /* We drop root privileges which were needed to read the keytab file * for the validation of the credentials or for FAST here to run the * ccache I/O operations with user privileges. */ kerr = become_user(kr->uid, kr->gid); if (kerr != 0) { DEBUG(1, ("become_user failed.\n")); goto done; } } kerr = krb5_cc_initialize(kr->ctx, ccache, kr->princ); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); goto done; } kerr = krb5_cc_store_cred(kr->ctx, ccache, kr->creds); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); goto done; } kerr = add_ticket_times_and_upn_to_response(kr); if (kerr != 0) { DEBUG(1, ("add_ticket_times_and_upn_to_response failed.\n")); } kerr = k5c_attach_ccname_msg(kr); done: krb5_free_cred_contents(kr->ctx, kr->creds); if (ccache != NULL) { krb5_cc_close(kr->ctx, ccache); } return map_krb5_error(kerr); } static errno_t create_empty_ccache(struct krb5_req *kr) { krb5_creds *creds = NULL; krb5_error_code kerr; DEBUG(SSSDBG_TRACE_LIBS, ("Creating empty ccache\n")); kerr = create_empty_cred(kr->ctx, kr->princ, &creds); if (kerr == 0) { kerr = create_ccache(kr->ccname, creds); } if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); } else { kerr = k5c_attach_ccname_msg(kr); } krb5_free_creds(kr->ctx, creds); return map_krb5_error(kerr); } static errno_t unpack_authtok(struct sss_auth_token *tok, uint8_t *buf, size_t size, size_t *p) { uint32_t auth_token_type; uint32_t auth_token_length; errno_t ret = EOK; SAFEALIGN_COPY_UINT32_CHECK(&auth_token_type, buf + *p, size, p); SAFEALIGN_COPY_UINT32_CHECK(&auth_token_length, buf + *p, size, p); if ((*p + auth_token_length) > size) { return EINVAL; } switch (auth_token_type) { case SSS_AUTHTOK_TYPE_EMPTY: sss_authtok_set_empty(tok); break; case SSS_AUTHTOK_TYPE_PASSWORD: ret = sss_authtok_set_password(tok, (char *)(buf + *p), 0); break; case SSS_AUTHTOK_TYPE_CCFILE: ret = sss_authtok_set_ccfile(tok, (char *)(buf + *p), 0); break; default: return EINVAL; } if (ret == EOK) { *p += auth_token_length; } return ret; } static errno_t unpack_buffer(uint8_t *buf, size_t size, struct krb5_req *kr, uint32_t *offline) { size_t p = 0; uint32_t len; uint32_t validate; uint32_t send_pac; uint32_t use_enterprise_princ; struct pam_data *pd; errno_t ret; DEBUG(SSSDBG_TRACE_LIBS, ("total buffer size: [%zu]\n", size)); if (!offline || !kr) return EINVAL; pd = create_pam_data(kr); if (pd == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); return ENOMEM; } kr->pd = pd; SAFEALIGN_COPY_UINT32_CHECK(&pd->cmd, buf + p, size, &p); SAFEALIGN_COPY_UINT32_CHECK(&kr->uid, buf + p, size, &p); SAFEALIGN_COPY_UINT32_CHECK(&kr->gid, buf + p, size, &p); SAFEALIGN_COPY_UINT32_CHECK(&validate, buf + p, size, &p); kr->validate = (validate == 0) ? false : true; SAFEALIGN_COPY_UINT32_CHECK(offline, buf + p, size, &p); SAFEALIGN_COPY_UINT32_CHECK(&send_pac, buf + p, size, &p); kr->send_pac = (send_pac == 0) ? false : true; SAFEALIGN_COPY_UINT32_CHECK(&use_enterprise_princ, buf + p, size, &p); kr->use_enterprise_princ = (use_enterprise_princ == 0) ? false : true; SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); if ((p + len ) > size) return EINVAL; kr->upn = talloc_strndup(pd, (char *)(buf + p), len); if (kr->upn == NULL) return ENOMEM; p += len; DEBUG(SSSDBG_CONF_SETTINGS, ("cmd [%d] uid [%llu] gid [%llu] validate [%s] " "enterprise principal [%s] offline [%s] UPN [%s]\n", pd->cmd, (unsigned long long) kr->uid, (unsigned long long) kr->gid, kr->validate ? "true" : "false", kr->use_enterprise_princ ? "true" : "false", *offline ? "true" : "false", kr->upn ? kr->upn : "none")); if (pd->cmd == SSS_PAM_AUTHENTICATE || pd->cmd == SSS_CMD_RENEW || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM || pd->cmd == SSS_PAM_CHAUTHTOK) { SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); if ((p + len ) > size) return EINVAL; kr->ccname = talloc_strndup(pd, (char *)(buf + p), len); if (kr->ccname == NULL) return ENOMEM; p += len; SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); if ((p + len ) > size) return EINVAL; kr->keytab = talloc_strndup(pd, (char *)(buf + p), len); if (kr->keytab == NULL) return ENOMEM; p += len; ret = unpack_authtok(pd->authtok, buf, size, &p); if (ret) { return ret; } DEBUG(SSSDBG_CONF_SETTINGS, ("ccname: [%s] keytab: [%s]\n", kr->ccname, kr->keytab)); } else { kr->ccname = NULL; kr->keytab = NULL; sss_authtok_set_empty(pd->authtok); } if (pd->cmd == SSS_PAM_CHAUTHTOK) { ret = unpack_authtok(pd->newauthtok, buf, size, &p); if (ret) { return ret; } } else { sss_authtok_set_empty(pd->newauthtok); } if (pd->cmd == SSS_PAM_ACCT_MGMT) { SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); if ((p + len ) > size) return EINVAL; pd->user = talloc_strndup(pd, (char *)(buf + p), len); if (pd->user == NULL) return ENOMEM; p += len; DEBUG(SSSDBG_CONF_SETTINGS, ("user: [%s]\n", pd->user)); } else { pd->user = NULL; } return EOK; } static int krb5_cleanup(struct krb5_req *kr) { if (kr == NULL) return EOK; if (kr->options != NULL) { sss_krb5_get_init_creds_opt_free(kr->ctx, kr->options); } if (kr->creds != NULL) { krb5_free_cred_contents(kr->ctx, kr->creds); krb5_free_creds(kr->ctx, kr->creds); } if (kr->name != NULL) sss_krb5_free_unparsed_name(kr->ctx, kr->name); if (kr->princ != NULL) krb5_free_principal(kr->ctx, kr->princ); if (kr->ctx != NULL) krb5_free_context(kr->ctx); memset(kr, 0, sizeof(struct krb5_req)); return EOK; } static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname, krb5_principal server_principal, krb5_principal client_principal, sss_krb5_ticket_times *tgtt) { krb5_error_code krberr; krb5_ccache ccache = NULL; krb5_creds mcred; krb5_creds cred; krberr = krb5_cc_resolve(ctx, ccname, &ccache); if (krberr != 0) { DEBUG(1, ("krb5_cc_resolve failed.\n")); goto done; } memset(&mcred, 0, sizeof(mcred)); memset(&cred, 0, sizeof(mcred)); mcred.server = server_principal; mcred.client = client_principal; krberr = krb5_cc_retrieve_cred(ctx, ccache, 0, &mcred, &cred); if (krberr != 0) { DEBUG(1, ("krb5_cc_retrieve_cred failed.\n")); krberr = 0; goto done; } tgtt->authtime = cred.times.authtime; tgtt->starttime = cred.times.starttime; tgtt->endtime = cred.times.endtime; tgtt->renew_till = cred.times.renew_till; krb5_free_cred_contents(ctx, &cred); krberr = 0; done: if (ccache != NULL) { krb5_cc_close(ctx, ccache); } return krberr; } static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx, krb5_context ctx, const char *primary, const char *realm, const char *keytab_name, char **fast_ccname) { TALLOC_CTX *tmp_ctx = NULL; krb5_error_code kerr; char *ccname; char *server_name; sss_krb5_ticket_times tgtt; krb5_keytab keytab = NULL; krb5_principal client_princ = NULL; krb5_principal server_princ = NULL; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(1, ("talloc_new failed.\n")); return ENOMEM; } ccname = talloc_asprintf(tmp_ctx, "FILE:%s/fast_ccache_%s", DB_PATH, realm); if (ccname == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); kerr = ENOMEM; goto done; } if (keytab_name != NULL) { kerr = krb5_kt_resolve(ctx, keytab_name, &keytab); } else { kerr = krb5_kt_default(ctx, &keytab); } if (kerr) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to read keytab file [%s]: %s\n", KEYTAB_CLEAN_NAME, sss_krb5_get_error_message(ctx, kerr))); goto done; } kerr = find_principal_in_keytab(ctx, keytab, primary, realm, &client_princ); if (kerr != 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("find_principal_in_keytab failed for principal %s@%s.\n", primary, realm)); goto done; } server_name = talloc_asprintf(tmp_ctx, "krbtgt/%s@%s", realm, realm); if (server_name == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); kerr = ENOMEM; goto done; } kerr = krb5_parse_name(ctx, server_name, &server_princ); if (kerr != 0) { DEBUG(1, ("krb5_parse_name failed.\n")); goto done; } memset(&tgtt, 0, sizeof(tgtt)); kerr = get_tgt_times(ctx, ccname, server_princ, client_princ, &tgtt); if (kerr == 0) { if (tgtt.endtime > time(NULL)) { DEBUG(5, ("FAST TGT is still valid.\n")); goto done; } } kerr = get_and_save_tgt_with_keytab(ctx, client_princ, keytab, ccname); if (kerr != 0) { DEBUG(1, ("get_and_save_tgt_with_keytab failed.\n")); goto done; } kerr = 0; done: if (client_princ != NULL) { krb5_free_principal(ctx, client_princ); } if (server_princ != NULL) { krb5_free_principal(ctx, server_princ); } if (kerr == 0) { *fast_ccname = talloc_steal(mem_ctx, ccname); } talloc_free(tmp_ctx); if (keytab != NULL) { krb5_kt_close(ctx, keytab); } return kerr; } static errno_t k5c_recv_data(struct krb5_req *kr, int fd, uint32_t *offline) { uint8_t buf[IN_BUF_SIZE]; ssize_t len; errno_t ret; errno = 0; len = sss_atomic_read_s(fd, buf, IN_BUF_SIZE); if (len == -1) { ret = errno; ret = (ret == 0) ? EINVAL: ret; DEBUG(SSSDBG_CRIT_FAILURE, ("read failed [%d][%s].\n", ret, strerror(ret))); return ret; } ret = unpack_buffer(buf, len, kr, offline); if (ret != EOK) { DEBUG(1, ("unpack_buffer failed.\n")); } return ret; } static int k5c_setup_fast(struct krb5_req *kr, bool demand) { krb5_principal fast_princ_struct; krb5_data *realm_data; char *fast_principal_realm; char *fast_principal; krb5_error_code kerr; char *tmp_str; tmp_str = getenv(SSSD_KRB5_FAST_PRINCIPAL); if (tmp_str) { DEBUG(SSSDBG_CONF_SETTINGS, ("%s is set to [%s]\n", SSSD_KRB5_FAST_PRINCIPAL, tmp_str)); kerr = krb5_parse_name(kr->ctx, tmp_str, &fast_princ_struct); if (kerr) { DEBUG(1, ("krb5_parse_name failed.\n")); return kerr; } kerr = sss_krb5_unparse_name_flags(kr->ctx, fast_princ_struct, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &tmp_str); if (kerr) { DEBUG(1, ("sss_krb5_unparse_name_flags failed.\n")); return kerr; } fast_principal = talloc_strdup(kr, tmp_str); if (!fast_principal) { DEBUG(1, ("talloc_strdup failed.\n")); return KRB5KRB_ERR_GENERIC; } free(tmp_str); realm_data = krb5_princ_realm(kr->ctx, fast_princ_struct); fast_principal_realm = talloc_asprintf(kr, "%.*s", realm_data->length, realm_data->data); if (!fast_principal_realm) { DEBUG(1, ("talloc_asprintf failed.\n")); return ENOMEM; } } else { fast_principal_realm = kr->realm; fast_principal = NULL; } kerr = check_fast_ccache(kr, kr->ctx, fast_principal, fast_principal_realm, kr->keytab, &kr->fast_ccname); if (kerr != 0) { DEBUG(1, ("check_fast_ccache failed.\n")); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } kerr = sss_krb5_get_init_creds_opt_set_fast_ccache_name(kr->ctx, kr->options, kr->fast_ccname); if (kerr != 0) { DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_ccache_name " "failed.\n")); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } if (demand) { kerr = sss_krb5_get_init_creds_opt_set_fast_flags(kr->ctx, kr->options, SSS_KRB5_FAST_REQUIRED); if (kerr != 0) { DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_flags " "failed.\n")); KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } } return EOK; } static int k5c_setup(struct krb5_req *kr, uint32_t offline) { krb5_error_code kerr; char *use_fast_str; int parse_flags; kr->realm = getenv(SSSD_KRB5_REALM); if (kr->realm == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot read [%s] from environment.\n", SSSD_KRB5_REALM)); } kerr = krb5_init_context(&kr->ctx); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } /* Set the global error context */ krb5_error_ctx = kr->ctx; if (debug_level & SSSDBG_TRACE_ALL) { kerr = sss_child_set_krb5_tracing(kr->ctx); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_MINOR_FAILURE, kerr); return EIO; } } /* Enterprise principals require that a default realm is available. To * make SSSD more robust in the case that the default realm option is * missing in krb5.conf or to allow SSSD to work with multiple unconnected * realms (e.g. AD domains without trust between them) the default realm * will be set explicitly. */ if (kr->use_enterprise_princ) { kerr = krb5_set_default_realm(kr->ctx, kr->realm); if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_set_default_realm failed.\n")); } } parse_flags = kr->use_enterprise_princ ? KRB5_PRINCIPAL_PARSE_ENTERPRISE : 0; kerr = sss_krb5_parse_name_flags(kr->ctx, kr->upn, parse_flags, &kr->princ); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } kerr = krb5_unparse_name(kr->ctx, kr->princ, &kr->name); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } kr->creds = calloc(1, sizeof(krb5_creds)); if (kr->creds == NULL) { DEBUG(1, ("talloc_zero failed.\n")); return ENOMEM; } kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_RESPONDER kerr = krb5_get_init_creds_opt_set_responder(kr->ctx, kr->options, sss_krb5_responder, kr); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr); return kerr; } #endif #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT /* A prompter is used to catch messages about when a password will * expired. The library shall not use the prompter to ask for a new password * but shall return KRB5KDC_ERR_KEY_EXP. */ krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0); #endif kerr = set_lifetime_options(kr->options); if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, ("set_lifetime_options failed.\n")); return kerr; } if (!offline) { set_canonicalize_option(kr->options); use_fast_str = getenv(SSSD_KRB5_USE_FAST); if (use_fast_str == NULL || strcasecmp(use_fast_str, "never") == 0) { DEBUG(SSSDBG_CONF_SETTINGS, ("Not using FAST.\n")); } else if (strcasecmp(use_fast_str, "try") == 0) { kerr = k5c_setup_fast(kr, false); } else if (strcasecmp(use_fast_str, "demand") == 0) { kerr = k5c_setup_fast(kr, true); } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Unsupported value [%s] for krb5_use_fast.\n", use_fast_str)); return EINVAL; } } /* TODO: set options, e.g. * krb5_get_init_creds_opt_set_forwardable * krb5_get_init_creds_opt_set_proxiable * krb5_get_init_creds_opt_set_etype_list * krb5_get_init_creds_opt_set_address_list * krb5_get_init_creds_opt_set_preauth_list * krb5_get_init_creds_opt_set_salt * krb5_get_init_creds_opt_set_change_password_prompt * krb5_get_init_creds_opt_set_pa */ return kerr; } int main(int argc, const char *argv[]) { struct krb5_req *kr = NULL; uint32_t offline; int opt; poptContext pc; int debug_fd = -1; errno_t ret; struct poptOption long_options[] = { POPT_AUTOHELP {"debug-level", 'd', POPT_ARG_INT, &debug_level, 0, _("Debug level"), NULL}, {"debug-timestamps", 0, POPT_ARG_INT, &debug_timestamps, 0, _("Add debug timestamps"), NULL}, {"debug-microseconds", 0, POPT_ARG_INT, &debug_microseconds, 0, _("Show timestamps with microseconds"), NULL}, {"debug-fd", 0, POPT_ARG_INT, &debug_fd, 0, _("An open file descriptor for the debug logs"), NULL}, POPT_TABLEEND }; /* Set debug level to invalid value so we can decide if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); _exit(-1); } } poptFreeContext(pc); DEBUG_INIT(debug_level); kr = talloc_zero(NULL, struct krb5_req); if (kr == NULL) { DEBUG(1, ("talloc failed.\n")); exit(-1); } debug_prg_name = talloc_asprintf(kr, "[sssd[krb5_child[%d]]]", getpid()); if (!debug_prg_name) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } if (debug_fd != -1) { ret = set_debug_file_from_fd(debug_fd); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("set_debug_file_from_fd failed.\n")); } } DEBUG(SSSDBG_TRACE_FUNC, ("krb5_child started.\n")); ret = k5c_recv_data(kr, STDIN_FILENO, &offline); if (ret != EOK) { goto done; } close(STDIN_FILENO); ret = k5c_setup(kr, offline); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_child_setup failed.\n")); goto done; } switch(kr->pd->cmd) { case SSS_PAM_AUTHENTICATE: /* If we are offline, we need to create an empty ccache file */ if (offline) { DEBUG(SSSDBG_TRACE_FUNC, ("Will perform offline auth\n")); ret = create_empty_ccache(kr); } else { DEBUG(SSSDBG_TRACE_FUNC, ("Will perform online auth\n")); ret = tgt_req_child(kr); } break; case SSS_PAM_CHAUTHTOK: DEBUG(SSSDBG_TRACE_FUNC, ("Will perform password change\n")); ret = changepw_child(kr, false); break; case SSS_PAM_CHAUTHTOK_PRELIM: DEBUG(SSSDBG_TRACE_FUNC, ("Will perform password change checks\n")); ret = changepw_child(kr, true); break; case SSS_PAM_ACCT_MGMT: DEBUG(SSSDBG_TRACE_FUNC, ("Will perform account management\n")); ret = kuserok_child(kr); break; case SSS_CMD_RENEW: if (offline) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot renew TGT while offline\n")); ret = KRB5_KDC_UNREACH; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Will perform ticket renewal\n")); ret = renew_tgt_child(kr); break; default: DEBUG(1, ("PAM command [%d] not supported.\n", kr->pd->cmd)); ret = EINVAL; goto done; } ret = k5c_send_data(kr, STDOUT_FILENO, ret); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to send reply\n")); } done: krb5_cleanup(kr); talloc_free(kr); if (ret == EOK) { DEBUG(SSSDBG_TRACE_FUNC, ("krb5_child completed successfully\n")); exit(0); } else { DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_child failed!\n")); exit(-1); } } sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_init_shared.c0000644000000000000000000000007412320753107022602 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.608874985 sssd-1.11.5/src/providers/krb5/krb5_init_shared.c0000664002412700241270000000625612320753107023035 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "providers/krb5/krb5_common.h" #include "providers/krb5/krb5_auth.h" errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx, struct be_ctx *bectx) { errno_t ret; FILE *debug_filep; time_t renew_intv = 0; krb5_deltat renew_interval_delta; char *renew_interval_str; if (dp_opt_get_bool(krb5_auth_ctx->opts, KRB5_STORE_PASSWORD_IF_OFFLINE)) { ret = init_delayed_online_authentication(krb5_auth_ctx, bectx, bectx->ev); if (ret != EOK) { DEBUG(1, ("init_delayed_online_authentication failed.\n")); goto done; } } renew_interval_str = dp_opt_get_string(krb5_auth_ctx->opts, KRB5_RENEW_INTERVAL); if (renew_interval_str != NULL) { ret = krb5_string_to_deltat(renew_interval_str, &renew_interval_delta); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Reading krb5_renew_interval failed.\n")); renew_interval_delta = 0; } renew_intv = renew_interval_delta; } if (renew_intv > 0) { ret = init_renew_tgt(krb5_auth_ctx, bectx, bectx->ev, renew_intv); if (ret != EOK) { DEBUG(1, ("init_renew_tgt failed.\n")); goto done; } } ret = check_and_export_options(krb5_auth_ctx->opts, bectx->domain, krb5_auth_ctx); if (ret != EOK) { DEBUG(1, ("check_and_export_opts failed.\n")); goto done; } ret = krb5_install_offline_callback(bectx, krb5_auth_ctx); if (ret != EOK) { DEBUG(1, ("krb5_install_offline_callback failed.\n")); goto done; } ret = krb5_install_sigterm_handler(bectx->ev, krb5_auth_ctx); if (ret != EOK) { DEBUG(1, ("krb5_install_sigterm_handler failed.\n")); goto done; } if (debug_to_file != 0) { ret = open_debug_file_ex(KRB5_CHILD_LOG_FILE, &debug_filep, false); if (ret != EOK) { DEBUG(0, ("Error setting up logging (%d) [%s]\n", ret, strerror(ret))); goto done; } krb5_auth_ctx->child_debug_fd = fileno(debug_filep); if (krb5_auth_ctx->child_debug_fd == -1) { DEBUG(0, ("fileno failed [%d][%s]\n", errno, strerror(errno))); ret = errno; goto done; } } done: return ret; } sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_child_handler.c0000644000000000000000000000007412320753107023071 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.607874985 sssd-1.11.5/src/providers/krb5/krb5_child_handler.c0000664002412700241270000004571112320753107023323 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos 5 Backend Module - Manage krb5_child Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "util/child_common.h" #include "providers/krb5/krb5_common.h" #include "providers/krb5/krb5_auth.h" #include "src/providers/krb5/krb5_utils.h" #ifndef KRB5_CHILD_DIR #ifndef SSSD_LIBEXEC_PATH #error "SSSD_LIBEXEC_PATH not defined" #endif /* SSSD_LIBEXEC_PATH */ #define KRB5_CHILD_DIR SSSD_LIBEXEC_PATH #endif /* KRB5_CHILD_DIR */ #define KRB5_CHILD KRB5_CHILD_DIR"/krb5_child" #define TIME_T_MAX LONG_MAX #define int64_to_time_t(val) ((time_t)((val) < TIME_T_MAX ? val : TIME_T_MAX)) struct io { int read_from_child_fd; int write_to_child_fd; }; struct handle_child_state { struct tevent_context *ev; struct krb5child_req *kr; uint8_t *buf; ssize_t len; struct tevent_timer *timeout_handler; pid_t child_pid; struct io *io; }; static int child_io_destructor(void *ptr) { int ret; struct io *io = talloc_get_type(ptr, struct io); if (io == NULL) return EOK; if (io->write_to_child_fd != -1) { ret = close(io->write_to_child_fd); io->write_to_child_fd = -1; if (ret != EOK) { ret = errno; DEBUG(1, ("close failed [%d][%s].\n", ret, strerror(ret))); } } if (io->read_from_child_fd != -1) { ret = close(io->read_from_child_fd); io->read_from_child_fd = -1; if (ret != EOK) { ret = errno; DEBUG(1, ("close failed [%d][%s].\n", ret, strerror(ret))); } } return EOK; } static errno_t pack_authtok(struct io_buffer *buf, size_t *rp, struct sss_auth_token *tok) { uint32_t auth_token_type; uint32_t auth_token_length = 0; const char *data; size_t len; errno_t ret = EOK; auth_token_type = sss_authtok_get_type(tok); switch (auth_token_type) { case SSS_AUTHTOK_TYPE_EMPTY: auth_token_length = 0; data = ""; break; case SSS_AUTHTOK_TYPE_PASSWORD: ret = sss_authtok_get_password(tok, &data, &len); auth_token_length = len + 1; break; case SSS_AUTHTOK_TYPE_CCFILE: ret = sss_authtok_get_ccfile(tok, &data, &len); auth_token_length = len + 1; break; default: ret = EINVAL; } if (ret == EOK) { SAFEALIGN_COPY_UINT32(&buf->data[*rp], &auth_token_type, rp); SAFEALIGN_COPY_UINT32(&buf->data[*rp], &auth_token_length, rp); safealign_memcpy(&buf->data[*rp], data, auth_token_length, rp); } return ret; } static errno_t create_send_buffer(struct krb5child_req *kr, struct io_buffer **io_buf) { struct io_buffer *buf; size_t rp; const char *keytab; uint32_t validate; uint32_t send_pac; uint32_t use_enterprise_principal; size_t username_len = 0; errno_t ret; keytab = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_KEYTAB); if (keytab == NULL) { DEBUG(1, ("Missing keytab option.\n")); return EINVAL; } validate = dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_VALIDATE) ? 1 : 0; /* Always send PAC except for local IPA users and IPA server mode */ switch (kr->krb5_ctx->config_type) { case K5C_IPA_CLIENT: send_pac = kr->upn_from_different_realm ? 1 : 0; break; case K5C_IPA_SERVER: send_pac = 0; break; default: send_pac = 1; break; } if (kr->pd->cmd == SSS_CMD_RENEW || kr->is_offline) { use_enterprise_principal = false; } else { use_enterprise_principal = dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_USE_ENTERPRISE_PRINCIPAL) ? 1 : 0; } buf = talloc(kr, struct io_buffer); if (buf == NULL) { DEBUG(1, ("talloc failed.\n")); return ENOMEM; } buf->size = 8*sizeof(uint32_t) + strlen(kr->upn); if (kr->pd->cmd == SSS_PAM_AUTHENTICATE || kr->pd->cmd == SSS_CMD_RENEW || kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM || kr->pd->cmd == SSS_PAM_CHAUTHTOK) { buf->size += 4*sizeof(uint32_t) + strlen(kr->ccname) + strlen(keytab) + sss_authtok_get_size(kr->pd->authtok); } if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) { buf->size += 2*sizeof(uint32_t) + sss_authtok_get_size(kr->pd->newauthtok); } if (kr->pd->cmd == SSS_PAM_ACCT_MGMT) { username_len = strlen(kr->pd->user); buf->size += sizeof(uint32_t) + username_len; } buf->data = talloc_size(kr, buf->size); if (buf->data == NULL) { DEBUG(1, ("talloc_size failed.\n")); talloc_free(buf); return ENOMEM; } rp = 0; SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->cmd, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->uid, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->gid, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &validate, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->is_offline, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &send_pac, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &use_enterprise_principal, &rp); SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(kr->upn), &rp); safealign_memcpy(&buf->data[rp], kr->upn, strlen(kr->upn), &rp); if (kr->pd->cmd == SSS_PAM_AUTHENTICATE || kr->pd->cmd == SSS_CMD_RENEW || kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM || kr->pd->cmd == SSS_PAM_CHAUTHTOK) { SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(kr->ccname), &rp); safealign_memcpy(&buf->data[rp], kr->ccname, strlen(kr->ccname), &rp); SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(keytab), &rp); safealign_memcpy(&buf->data[rp], keytab, strlen(keytab), &rp); ret = pack_authtok(buf, &rp, kr->pd->authtok); if (ret) { return ret; } } if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) { ret = pack_authtok(buf, &rp, kr->pd->newauthtok); if (ret) { return ret; } } if (kr->pd->cmd == SSS_PAM_ACCT_MGMT) { SAFEALIGN_SET_UINT32(&buf->data[rp], username_len, &rp); safealign_memcpy(&buf->data[rp], kr->pd->user, username_len, &rp); } *io_buf = buf; return EOK; } static void krb5_child_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct handle_child_state *state = tevent_req_data(req, struct handle_child_state); int ret; if (state->timeout_handler == NULL) { return; } DEBUG(SSSDBG_IMPORTANT_INFO, ("Timeout for child [%d] reached. In case KDC is distant or network " "is slow you may consider increasing value of krb5_auth_timeout.\n", state->child_pid)); ret = kill(state->child_pid, SIGKILL); if (ret == -1) { DEBUG(1, ("kill failed [%d][%s].\n", errno, strerror(errno))); } tevent_req_error(req, ETIMEDOUT); } static errno_t activate_child_timeout_handler(struct tevent_req *req, struct tevent_context *ev, const uint32_t timeout_seconds) { struct timeval tv; struct handle_child_state *state = tevent_req_data(req, struct handle_child_state); tv = tevent_timeval_current(); tv = tevent_timeval_add(&tv, timeout_seconds, 0); state->timeout_handler = tevent_add_timer(ev, state, tv, krb5_child_timeout, req); if (state->timeout_handler == NULL) { DEBUG(1, ("tevent_add_timer failed.\n")); return ENOMEM; } return EOK; } static errno_t fork_child(struct tevent_req *req) { int pipefd_to_child[2]; int pipefd_from_child[2]; pid_t pid; int ret; errno_t err; struct handle_child_state *state = tevent_req_data(req, struct handle_child_state); ret = pipe(pipefd_from_child); if (ret == -1) { err = errno; DEBUG(1, ("pipe failed [%d][%s].\n", errno, strerror(errno))); return err; } ret = pipe(pipefd_to_child); if (ret == -1) { err = errno; DEBUG(1, ("pipe failed [%d][%s].\n", errno, strerror(errno))); return err; } pid = fork(); if (pid == 0) { /* child */ if (state->kr->run_as_user) { ret = become_user(state->kr->uid, state->kr->gid); if (ret != EOK) { DEBUG(1, ("become_user failed.\n")); return ret; } } err = exec_child(state, pipefd_to_child, pipefd_from_child, KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd); if (err != EOK) { DEBUG(1, ("Could not exec KRB5 child: [%d][%s].\n", err, strerror(err))); return err; } } else if (pid > 0) { /* parent */ state->child_pid = pid; state->io->read_from_child_fd = pipefd_from_child[0]; close(pipefd_from_child[1]); state->io->write_to_child_fd = pipefd_to_child[1]; close(pipefd_to_child[0]); fd_nonblocking(state->io->read_from_child_fd); fd_nonblocking(state->io->write_to_child_fd); ret = child_handler_setup(state->ev, pid, NULL, NULL, NULL); if (ret != EOK) { DEBUG(1, ("Could not set up child signal handler\n")); return ret; } err = activate_child_timeout_handler(req, state->ev, dp_opt_get_int(state->kr->krb5_ctx->opts, KRB5_AUTH_TIMEOUT)); if (err != EOK) { DEBUG(1, ("activate_child_timeout_handler failed.\n")); } } else { /* error */ err = errno; DEBUG(1, ("fork failed [%d][%s].\n", errno, strerror(errno))); return err; } return EOK; } static void handle_child_step(struct tevent_req *subreq); static void handle_child_done(struct tevent_req *subreq); struct tevent_req *handle_child_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct krb5child_req *kr) { struct tevent_req *req, *subreq; struct handle_child_state *state; int ret; struct io_buffer *buf = NULL; req = tevent_req_create(mem_ctx, &state, struct handle_child_state); if (req == NULL) { return NULL; } state->ev = ev; state->kr = kr; state->buf = NULL; state->len = 0; state->child_pid = -1; state->timeout_handler = NULL; state->io = talloc(state, struct io); if (state->io == NULL) { DEBUG(1, ("talloc failed.\n")); ret = ENOMEM; goto fail; } state->io->write_to_child_fd = -1; state->io->read_from_child_fd = -1; talloc_set_destructor((void *) state->io, child_io_destructor); ret = create_send_buffer(kr, &buf); if (ret != EOK) { DEBUG(1, ("create_send_buffer failed.\n")); goto fail; } ret = fork_child(req); if (ret != EOK) { DEBUG(1, ("fork_child failed.\n")); goto fail; } subreq = write_pipe_send(state, ev, buf->data, buf->size, state->io->write_to_child_fd); if (!subreq) { ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, handle_child_step, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void handle_child_step(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct handle_child_state *state = tevent_req_data(req, struct handle_child_state); int ret; ret = write_pipe_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } close(state->io->write_to_child_fd); state->io->write_to_child_fd = -1; subreq = read_pipe_send(state, state->ev, state->io->read_from_child_fd); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, handle_child_done, req); } static void handle_child_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct handle_child_state *state = tevent_req_data(req, struct handle_child_state); int ret; talloc_zfree(state->timeout_handler); ret = read_pipe_recv(subreq, state, &state->buf, &state->len); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } close(state->io->read_from_child_fd); state->io->read_from_child_fd = -1; tevent_req_done(req); return; } int handle_child_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, uint8_t **buf, ssize_t *len) { struct handle_child_state *state = tevent_req_data(req, struct handle_child_state); TEVENT_REQ_RETURN_ON_ERROR(req); *buf = talloc_move(mem_ctx, &state->buf); *len = state->len; return EOK; } errno_t parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len, struct pam_data *pd, int pwd_exp_warning, struct krb5_child_response **_res) { ssize_t pref_len; size_t p; errno_t ret; bool skip; char *ccname = NULL; size_t ccname_len = 0; int32_t msg_status; int32_t msg_type; int32_t msg_len; int64_t time_data; struct tgt_times tgtt; uint32_t *expiration; uint32_t *msg_subtype; struct krb5_child_response *res; const char *upn = NULL; size_t upn_len = 0; bool otp = false; if ((size_t) len < sizeof(int32_t)) { DEBUG(SSSDBG_CRIT_FAILURE, ("message too short.\n")); return EINVAL; } memset(&tgtt, 0, sizeof(struct tgt_times)); if (pwd_exp_warning < 0) { pwd_exp_warning = KERBEROS_PWEXPIRE_WARNING_TIME; } /* A buffer with the following structure is expected. * int32_t status of the request (required) * message (zero or more) * * A message consists of: * int32_t type of the message * int32_t length of the following data * uint8_t[len] data */ p=0; SAFEALIGN_COPY_INT32(&msg_status, buf+p, &p); while (p < len) { skip = false; SAFEALIGN_COPY_INT32(&msg_type, buf+p, &p); SAFEALIGN_COPY_INT32(&msg_len, buf+p, &p); DEBUG(SSSDBG_TRACE_LIBS, ("child response [%d][%d][%d].\n", msg_status, msg_type, msg_len)); if ((p + msg_len) > len) { DEBUG(SSSDBG_CRIT_FAILURE, ("message format error [%zu] > [%zd].\n", p+msg_len, len)); return EINVAL; } /* We need to save the name of the credential cache file. To find it * we check if the data part of a message starts with * CCACHE_ENV_NAME"=". pref_len also counts the trailing '=' because * sizeof() counts the trailing '\0' of a string. */ pref_len = sizeof(CCACHE_ENV_NAME); if ((msg_type == SSS_PAM_ENV_ITEM) && (msg_len > pref_len) && (strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0)) { ccname = (char *) &buf[p+pref_len]; ccname_len = msg_len-pref_len; } if (msg_type == SSS_KRB5_INFO_TGT_LIFETIME && msg_len == 4*sizeof(int64_t)) { SAFEALIGN_COPY_INT64(&time_data, buf+p, NULL); tgtt.authtime = int64_to_time_t(time_data); SAFEALIGN_COPY_INT64(&time_data, buf+p+sizeof(int64_t), NULL); tgtt.starttime = int64_to_time_t(time_data); SAFEALIGN_COPY_INT64(&time_data, buf+p+2*sizeof(int64_t), NULL); tgtt.endtime = int64_to_time_t(time_data); SAFEALIGN_COPY_INT64(&time_data, buf+p+3*sizeof(int64_t), NULL); tgtt.renew_till = int64_to_time_t(time_data); DEBUG(SSSDBG_TRACE_LIBS, ("TGT times are [%ld][%ld][%ld][%ld].\n", tgtt.authtime, tgtt.starttime, tgtt.endtime, tgtt.renew_till)); } if (msg_type == SSS_KRB5_INFO_UPN) { upn = (char *) buf + p; upn_len = msg_len; } if (msg_type == SSS_PAM_USER_INFO) { msg_subtype = (uint32_t *)&buf[p]; if (*msg_subtype == SSS_PAM_USER_INFO_EXPIRE_WARN) { expiration = (uint32_t *)&buf[p+sizeof(uint32_t)]; if (pwd_exp_warning > 0 && difftime(pwd_exp_warning, *expiration) < 0.0) { skip = true; } } } if (msg_type == SSS_OTP) { otp = true; skip = true; } if (!skip) { ret = pam_add_response(pd, msg_type, msg_len, &buf[p]); if (ret != EOK) { /* This is not a fatal error */ DEBUG(SSSDBG_CRIT_FAILURE, ("pam_add_response failed.\n")); } } p += msg_len; if ((p < len) && (p + 2*sizeof(int32_t) > len)) { DEBUG(SSSDBG_CRIT_FAILURE, ("The remainder of the message is too short.\n")); return EINVAL; } } res = talloc_zero(mem_ctx, struct krb5_child_response); if (!res) return ENOMEM; res->otp = otp; res->msg_status = msg_status; memcpy(&res->tgtt, &tgtt, sizeof(tgtt)); if (ccname) { res->ccname = talloc_strndup(res, ccname, ccname_len); if (res->ccname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strndup failed.\n")); talloc_free(res); return ENOMEM; } } if (upn != NULL) { res->correct_upn = talloc_strndup(res, upn, upn_len); if (res->correct_upn == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strndup failed.\n")); talloc_free(res); return ENOMEM; } } *_res = res; return EOK; } sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_opts.h0000644000000000000000000000007412320753107021303 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.473875084 sssd-1.11.5/src/providers/krb5/krb5_opts.h0000664002412700241270000000434612320753107021534 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef KRB5_OPTS_H_ #define KRB5_OPTS_H_ #include "src/providers/data_provider.h" struct dp_option default_krb5_opts[] = { { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_ccachedir", DP_OPT_STRING, { DEFAULT_CCACHE_DIR }, NULL_STRING }, { "krb5_ccname_template", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "krb5_auth_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "krb5_keytab", DP_OPT_STRING, { "/etc/krb5.keytab" }, NULL_STRING }, { "krb5_validate", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_kpasswd", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_backup_kpasswd", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_store_password_if_offline", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_renewable_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_renew_interval", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_use_fast", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_use_enterprise_principal", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_use_kdcinfo", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, DP_OPTION_TERMINATOR }; #endif /* KRB5_OPTS_H_ */ sssd-1.11.5/src/providers/krb5/PaxHeaders.13173/krb5_common.c0000644000000000000000000000007412320753107021601 xustar000000000000000030 atime=1396954939.266891431 30 ctime=1396954961.605874987 sssd-1.11.5/src/providers/krb5/krb5_common.c0000664002412700241270000007435012320753107022034 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos Provider Common Functions Authors: Sumit Bose Copyright (C) 2008-2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include "providers/dp_backend.h" #include "providers/krb5/krb5_common.h" #include "providers/krb5/krb5_opts.h" #include "providers/krb5/krb5_utils.h" #ifdef HAVE_KRB5_CC_COLLECTION /* krb5 profile functions */ #include #endif errno_t check_and_export_lifetime(struct dp_option *opts, const int opt_id, const char *env_name) { int ret; char *str; krb5_deltat lifetime; bool free_str = false; str = dp_opt_get_string(opts, opt_id); if (str == NULL || *str == '\0') { DEBUG(5, ("No lifetime configured.\n")); return EOK; } if (isdigit(str[strlen(str)-1])) { str = talloc_asprintf(opts, "%ss", str); if (str == NULL) { DEBUG(1, ("talloc_asprintf failed\n")); return ENOMEM; } free_str = true; ret = dp_opt_set_string(opts, opt_id, str); if (ret != EOK) { DEBUG(1, ("dp_opt_set_string failed\n")); goto done; } } ret = krb5_string_to_deltat(str, &lifetime); if (ret != 0) { DEBUG(1, ("Invalid value [%s] for a lifetime.\n", str)); ret = EINVAL; goto done; } ret = setenv(env_name, str, 1); if (ret != EOK) { ret = errno; DEBUG(2, ("setenv [%s] failed.\n", env_name)); goto done; } ret = EOK; done: if (free_str) { talloc_free(str); } return ret; } #ifdef HAVE_KRB5_CC_COLLECTION /* source default_ccache_name from krb5.conf */ static errno_t sss_get_system_ccname_template(TALLOC_CTX *mem_ctx, char **ccname) { krb5_context ctx; profile_t p; char *value = NULL; long ret; *ccname = NULL; ret = krb5_init_context(&ctx); if (ret) return ret; ret = krb5_get_profile(ctx, &p); if (ret) goto done; ret = profile_get_string(p, "libdefaults", "default_ccache_name", NULL, NULL, &value); if (ret) goto done; if (!value) { ret = ERR_NOT_FOUND; goto done; } *ccname = talloc_strdup(mem_ctx, value); if (*ccname == NULL) { ret = ENOMEM; goto done; } ret = EOK; done: krb5_free_context(ctx); free(value); return ret; } #else static errno_t sss_get_system_ccname_template(TALLOC_CTX *mem_ctx, char **ccname) { DEBUG(SSSDBG_CONF_SETTINGS, ("Your kerberos library does not support the default_ccache_name " "option or the profile library. Please use krb5_ccname_template " "in sssd.conf if you want to change the default\n")); *ccname = NULL; return ERR_NOT_FOUND; } #endif static void sss_check_cc_template(const char *cc_template) { size_t template_len; template_len = strlen(cc_template); if (template_len >= 6 && strcmp(cc_template + (template_len - 6), "XXXXXX") != 0) { DEBUG(SSSDBG_CONF_SETTINGS, ("ccache file name template [%s] doesn't " "contain randomizing characters (XXXXXX), file might not " "be rewritable\n", cc_template)); } } errno_t check_and_export_options(struct dp_option *opts, struct sss_domain_info *dom, struct krb5_ctx *krb5_ctx) { TALLOC_CTX *tmp_ctx = NULL; int ret; const char *realm; const char *dummy; char *use_fast_str; char *fast_principal; char *ccname; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } realm = dp_opt_get_cstring(opts, KRB5_REALM); if (realm == NULL) { ret = dp_opt_set_string(opts, KRB5_REALM, dom->name); if (ret != EOK) { DEBUG(1, ("dp_opt_set_string failed.\n")); goto done; } realm = dom->name; } ret = setenv(SSSD_KRB5_REALM, realm, 1); if (ret != EOK) { DEBUG(2, ("setenv %s failed, authentication might fail.\n", SSSD_KRB5_REALM)); } ret = check_and_export_lifetime(opts, KRB5_RENEWABLE_LIFETIME, SSSD_KRB5_RENEWABLE_LIFETIME); if (ret != EOK) { DEBUG(1, ("Failed to check value of krb5_renewable_lifetime. [%d][%s]\n", ret, strerror(ret))); goto done; } ret = check_and_export_lifetime(opts, KRB5_LIFETIME, SSSD_KRB5_LIFETIME); if (ret != EOK) { DEBUG(1, ("Failed to check value of krb5_lifetime. [%d][%s]\n", ret, strerror(ret))); goto done; } use_fast_str = dp_opt_get_string(opts, KRB5_USE_FAST); if (use_fast_str != NULL) { ret = check_fast(use_fast_str, &krb5_ctx->use_fast); if (ret != EOK) { DEBUG(1, ("check_fast failed.\n")); goto done; } if (krb5_ctx->use_fast) { ret = setenv(SSSD_KRB5_USE_FAST, use_fast_str, 1); if (ret != EOK) { DEBUG(2, ("setenv [%s] failed.\n", SSSD_KRB5_USE_FAST)); } else { fast_principal = dp_opt_get_string(opts, KRB5_FAST_PRINCIPAL); if (fast_principal != NULL) { ret = setenv(SSSD_KRB5_FAST_PRINCIPAL, fast_principal, 1); if (ret != EOK) { DEBUG(2, ("setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL)); } } } } } /* In contrast to MIT KDCs AD does not automatically canonicalize the * enterprise principal in an AS request but requires the canonicalize * flags to be set. To be on the safe side we always enable * canonicalization if enterprise principals are used. */ if (dp_opt_get_bool(opts, KRB5_CANONICALIZE) || dp_opt_get_bool(opts, KRB5_USE_ENTERPRISE_PRINCIPAL)) { ret = setenv(SSSD_KRB5_CANONICALIZE, "true", 1); } else { ret = setenv(SSSD_KRB5_CANONICALIZE, "false", 1); } if (ret != EOK) { DEBUG(2, ("setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE)); } dummy = dp_opt_get_cstring(opts, KRB5_KDC); if (dummy == NULL) { DEBUG(SSSDBG_CONF_SETTINGS, ("No KDC explicitly configured, using defaults.\n")); } dummy = dp_opt_get_cstring(opts, KRB5_KPASSWD); if (dummy == NULL) { DEBUG(SSSDBG_CONF_SETTINGS, ("No kpasswd server explicitly configured, " "using the KDC or defaults.\n")); } ccname = dp_opt_get_string(opts, KRB5_CCNAME_TMPL); if (ccname != NULL) { DEBUG(SSSDBG_CONF_SETTINGS, ("The credential ccache name template has been explicitly set " "in sssd.conf, it is recommended to set default_ccache_name " "in krb5.conf instead so that a system default is used\n")); ccname = talloc_strdup(tmp_ctx, ccname); if (!ccname) { ret = ENOMEM; goto done; } } else { ret = sss_get_system_ccname_template(tmp_ctx, &ccname); if (ret && ret != ERR_NOT_FOUND) { goto done; } if (ret == ERR_NOT_FOUND) { /* Use fallback default */ ccname = talloc_strdup(tmp_ctx, DEFAULT_CCNAME_TEMPLATE); if (!ccname) { ret = ENOMEM; goto done; } } /* set back in opts */ ret = dp_opt_set_string(opts, KRB5_CCNAME_TMPL, ccname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("dp_opt_set_string failed.\n")); goto done; } } if ((ccname[0] == '/') || (strncmp(ccname, "FILE:", 5) == 0)) { DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type FILE\n")); /* warn if the file type (which is usally created in a sticky bit * laden directory) does not have randomizing chracters */ sss_check_cc_template(ccname); if (ccname[0] == '/') { /* /path/to/cc prepend FILE: */ DEBUG(SSSDBG_CONF_SETTINGS, ("The ccname template was " "missing an explicit type, but is an absolute " "path specifier. Assuming FILE:\n")); ccname = talloc_asprintf(tmp_ctx, "FILE:%s", ccname); if (!ccname) { ret = ENOMEM; goto done; } ret = dp_opt_set_string(opts, KRB5_CCNAME_TMPL, ccname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("dp_opt_set_string failed.\n")); goto done; } } } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path, struct dp_option *opts, int opt_id) { char *krb5_servers = NULL; errno_t ret; krb5_servers = dp_opt_get_string(opts, opt_id); if (krb5_servers == NULL) { DEBUG(4, ("No KDC found in configuration, trying legacy option\n")); ret = confdb_get_string(cdb, NULL, conf_path, "krb5_kdcip", NULL, &krb5_servers); if (ret != EOK) { DEBUG(1, ("confdb_get_string failed.\n")); return ret; } if (krb5_servers != NULL) { ret = dp_opt_set_string(opts, opt_id, krb5_servers); if (ret != EOK) { DEBUG(1, ("dp_opt_set_string failed.\n")); talloc_free(krb5_servers); return ret; } DEBUG(SSSDBG_CONF_SETTINGS, ("Set krb5 server [%s] based on legacy krb5_kdcip option\n", krb5_servers)); DEBUG(SSSDBG_FATAL_FAILURE, ("Your configuration uses the deprecated option " "'krb5_kdcip' to specify the KDC. Please change the " "configuration to use the 'krb5_server' option " "instead.\n")); talloc_free(krb5_servers); } } return EOK; } errno_t krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct dp_option **_opts) { int ret; struct dp_option *opts; opts = talloc_zero(memctx, struct dp_option); if (opts == NULL) { DEBUG(1, ("talloc_zero failed.\n")); return ENOMEM; } ret = dp_get_options(opts, cdb, conf_path, default_krb5_opts, KRB5_OPTS, &opts); if (ret != EOK) { DEBUG(1, ("dp_get_options failed.\n")); goto done; } /* If there is no KDC, try the deprecated krb5_kdcip option, too */ /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, opts, KRB5_KDC); if (ret != EOK) { DEBUG(1, ("sss_krb5_try_kdcip failed.\n")); goto done; } *_opts = opts; ret = EOK; done: if (ret != EOK) { talloc_zfree(opts); } return ret; } errno_t write_krb5info_file(const char *realm, const char *server, const char *service) { int ret; int fd = -1; char *tmp_name = NULL; char *krb5info_name = NULL; TALLOC_CTX *tmp_ctx = NULL; const char *name_tmpl = NULL; size_t server_len; ssize_t written; mode_t old_umask; if (realm == NULL || *realm == '\0' || server == NULL || *server == '\0' || service == NULL || service == '\0') { DEBUG(1, ("Missing or empty realm, server or service.\n")); return EINVAL; } if (strcmp(service, SSS_KRB5KDC_FO_SRV) == 0) { name_tmpl = KDCINFO_TMPL; } else if (strcmp(service, SSS_KRB5KPASSWD_FO_SRV) == 0) { name_tmpl = KPASSWDINFO_TMPL; } else { DEBUG(1, ("Unsupported service [%s]\n.", service)); return EINVAL; } server_len = strlen(server); tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(1, ("talloc_new failed.\n")); return ENOMEM; } tmp_name = talloc_asprintf(tmp_ctx, PUBCONF_PATH"/.krb5info_dummy_XXXXXX"); if (tmp_name == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } krb5info_name = talloc_asprintf(tmp_ctx, name_tmpl, realm); if (krb5info_name == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } old_umask = umask(077); fd = mkstemp(tmp_name); umask(old_umask); if (fd == -1) { ret = errno; DEBUG(1, ("mkstemp failed [%d][%s].\n", ret, strerror(ret))); goto done; } errno = 0; written = sss_atomic_write_s(fd, discard_const(server), server_len); if (written == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("write failed [%d][%s].\n", ret, strerror(ret))); goto done; } if (written != server_len) { DEBUG(SSSDBG_CRIT_FAILURE, ("Write error, wrote [%zd] bytes, expected [%zu]\n", written, server_len)); ret = EIO; goto done; } ret = fchmod(fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); if (ret == -1) { ret = errno; DEBUG(1, ("fchmod failed [%d][%s].\n", ret, strerror(ret))); goto done; } ret = close(fd); if (ret == -1) { ret = errno; DEBUG(1, ("close failed [%d][%s].\n", ret, strerror(ret))); goto done; } ret = rename(tmp_name, krb5info_name); if (ret == -1) { ret = errno; DEBUG(1, ("rename failed [%d][%s].\n", ret, strerror(ret))); goto done; } done: talloc_free(tmp_ctx); return ret; } static void krb5_resolve_callback(void *private_data, struct fo_server *server) { struct krb5_service *krb5_service; struct resolv_hostent *srvaddr; char *address; char *safe_address; int ret; TALLOC_CTX *tmp_ctx = NULL; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(1, ("talloc_new failed\n")); return; } krb5_service = talloc_get_type(private_data, struct krb5_service); if (!krb5_service) { DEBUG(1, ("FATAL: Bad private_data\n")); talloc_free(tmp_ctx); return; } srvaddr = fo_get_server_hostent(server); if (!srvaddr) { DEBUG(1, ("FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server))); talloc_free(tmp_ctx); return; } address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { DEBUG(1, ("resolv_get_string_address failed.\n")); talloc_free(tmp_ctx); return; } safe_address = sss_escape_ip_address(tmp_ctx, srvaddr->family, address); if (safe_address == NULL) { DEBUG(1, ("sss_escape_ip_address failed.\n")); talloc_free(tmp_ctx); return; } if (krb5_service->write_kdcinfo) { safe_address = talloc_asprintf_append(safe_address, ":%d", fo_get_server_port(server)); if (safe_address == NULL) { DEBUG(1, ("talloc_asprintf_append failed.\n")); talloc_free(tmp_ctx); return; } ret = write_krb5info_file(krb5_service->realm, safe_address, krb5_service->name); if (ret != EOK) { DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n")); } } talloc_free(tmp_ctx); return; } static errno_t _krb5_servers_init(struct be_ctx *ctx, struct krb5_service *service, const char *service_name, const char *servers, bool primary) { TALLOC_CTX *tmp_ctx; char **list = NULL; errno_t ret = 0; int i; char *port_str; long port; char *server_spec; char *endptr; struct servent *servent; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n")); goto done; } for (i = 0; list[i]; i++) { talloc_steal(service, list[i]); server_spec = talloc_strdup(service, list[i]); if (!server_spec) { ret = ENOMEM; goto done; } if (be_fo_is_srv_identifier(server_spec)) { if (!primary) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add server [%s] to failover service: " "SRV resolution only allowed for primary servers!\n", list[i])); continue; } ret = be_fo_add_srv_server(ctx, service_name, service_name, NULL, BE_FO_PROTO_UDP, true, NULL); if (ret) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Added service lookup\n")); continue; } /* Do not try to get port number if last character is ']' */ if (server_spec[strlen(server_spec) - 1] != ']') { port_str = strrchr(server_spec, ':'); } else { port_str = NULL; } if (port_str == NULL) { port = 0; } else { *port_str = '\0'; ++port_str; if (isdigit(*port_str)) { errno = 0; port = strtol(port_str, &endptr, 10); if (errno != 0) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("strtol failed on [%s]: [%d][%s].\n", port_str, ret, strerror(ret))); goto done; } if (*endptr != '\0') { DEBUG(SSSDBG_CRIT_FAILURE, ("Found additional characters [%s] in port number " "[%s].\n", endptr, port_str)); ret = EINVAL; goto done; } if (port < 1 || port > 65535) { DEBUG(SSSDBG_CRIT_FAILURE, ("Illegal port number [%ld].\n", port)); ret = EINVAL; goto done; } } else if (isalpha(*port_str)) { servent = getservbyname(port_str, NULL); if (servent == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("getservbyname cannot find service [%s].\n", port_str)); ret = EINVAL; goto done; } port = servent->s_port; } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Unsupported port specifier in [%s].\n", list[i])); ret = EINVAL; goto done; } } /* It could be ipv6 address in square brackets. Remove * the brackets if needed. */ ret = remove_ipv6_brackets(server_spec); if (ret != EOK) { goto done; } ret = be_fo_add_server(ctx, service_name, server_spec, (int) port, list[i], primary); if (ret && ret != EEXIST) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Added Server %s\n", list[i])); } done: talloc_free(tmp_ctx); return ret; } static inline errno_t krb5_primary_servers_init(struct be_ctx *ctx, struct krb5_service *service, const char *service_name, const char *servers) { return _krb5_servers_init(ctx, service, service_name, servers, true); } static inline errno_t krb5_backup_servers_init(struct be_ctx *ctx, struct krb5_service *service, const char *service_name, const char *servers) { return _krb5_servers_init(ctx, service, service_name, servers, false); } static int krb5_user_data_cmp(void *ud1, void *ud2) { return strcasecmp((char*) ud1, (char*) ud2); } int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, const char *service_name, const char *primary_servers, const char *backup_servers, const char *realm, bool use_kdcinfo, struct krb5_service **_service) { TALLOC_CTX *tmp_ctx; struct krb5_service *service; int ret; tmp_ctx = talloc_new(memctx); if (!tmp_ctx) { return ENOMEM; } service = talloc_zero(tmp_ctx, struct krb5_service); if (!service) { ret = ENOMEM; goto done; } ret = be_fo_add_service(ctx, service_name, krb5_user_data_cmp); if (ret != EOK) { DEBUG(1, ("Failed to create failover service!\n")); goto done; } service->name = talloc_strdup(service, service_name); if (!service->name) { ret = ENOMEM; goto done; } service->realm = talloc_strdup(service, realm); if (!service->realm) { ret = ENOMEM; goto done; } service->write_kdcinfo = use_kdcinfo; if (!primary_servers) { DEBUG(SSSDBG_CONF_SETTINGS, ("No primary servers defined, using service discovery\n")); primary_servers = BE_SRV_IDENTIFIER; } ret = krb5_primary_servers_init(ctx, service, service_name, primary_servers); if (ret != EOK) { goto done; } if (backup_servers) { ret = krb5_backup_servers_init(ctx, service, service_name, backup_servers); if (ret != EOK) { goto done; } } ret = be_fo_service_add_callback(memctx, ctx, service_name, krb5_resolve_callback, service); if (ret != EOK) { DEBUG(1, ("Failed to add failover callback!\n")); goto done; } ret = EOK; done: if (ret == EOK) { *_service = talloc_steal(memctx, service); } talloc_zfree(tmp_ctx); return ret; } errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm) { int ret; errno_t err; char *file; file = talloc_asprintf(mem_ctx, KDCINFO_TMPL, realm); if(file == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); return ENOMEM; } errno = 0; ret = unlink(file); if (ret == -1) { err = errno; DEBUG(5, ("Could not remove [%s], [%d][%s]\n", file, err, strerror(err))); } file = talloc_asprintf(mem_ctx, KPASSWDINFO_TMPL, realm); if(file == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); return ENOMEM; } errno = 0; ret = unlink(file); if (ret == -1) { err = errno; DEBUG(5, ("Could not remove [%s], [%d][%s]\n", file, err, strerror(err))); } return EOK; } void remove_krb5_info_files_callback(void *pvt) { int ret; TALLOC_CTX *tmp_ctx = NULL; struct remove_info_files_ctx *ctx = talloc_get_type(pvt, struct remove_info_files_ctx); ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kdc_service_name); if (ret != EOK) { DEBUG(1, ("be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n")); return; } if (ctx->kpasswd_service_name != NULL) { ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kpasswd_service_name); if (ret != EOK) { DEBUG(1, ("be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n")); return; } } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(1, ("talloc_new failed, cannot remove krb5 info files.\n")); return; } ret = remove_krb5_info_files(tmp_ctx, ctx->realm); if (ret != EOK) { DEBUG(1, ("remove_krb5_info_files failed.\n")); } talloc_zfree(tmp_ctx); } void krb5_finalize(struct tevent_context *ev, struct tevent_signal *se, int signum, int count, void *siginfo, void *private_data) { char *realm = (char *)private_data; int ret; ret = remove_krb5_info_files(se, realm); if (ret != EOK) { DEBUG(1, ("remove_krb5_info_files failed.\n")); } sig_term(signum); } errno_t krb5_install_offline_callback(struct be_ctx *be_ctx, struct krb5_ctx *krb5_ctx) { int ret; struct remove_info_files_ctx *ctx; const char *krb5_realm; if (krb5_ctx->service == NULL || krb5_ctx->service->name == NULL) { DEBUG(1, ("Missing KDC service name!\n")); return EINVAL; } ctx = talloc_zero(krb5_ctx, struct remove_info_files_ctx); if (ctx == NULL) { DEBUG(1, ("talloc_zfree failed.\n")); return ENOMEM; } krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { DEBUG(1, ("Missing krb5_realm option!\n")); ret = EINVAL; goto done; } ctx->realm = talloc_strdup(ctx, krb5_realm); if (ctx->realm == NULL) { DEBUG(1, ("talloc_strdup failed!\n")); ret = ENOMEM; goto done; } ctx->be_ctx = be_ctx; ctx->kdc_service_name = krb5_ctx->service->name; if (krb5_ctx->kpasswd_service == NULL) { ctx->kpasswd_service_name =NULL; } else { ctx->kpasswd_service_name = krb5_ctx->kpasswd_service->name; } ret = be_add_offline_cb(ctx, be_ctx, remove_krb5_info_files_callback, ctx, NULL); if (ret != EOK) { DEBUG(1, ("be_add_offline_cb failed.\n")); goto done; } ret = EOK; done: if (ret != EOK) { talloc_zfree(ctx); } return ret; } errno_t krb5_install_sigterm_handler(struct tevent_context *ev, struct krb5_ctx *krb5_ctx) { const char *krb5_realm; char *sig_realm; struct tevent_signal *sige; BlockSignals(false, SIGTERM); krb5_realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (krb5_realm == NULL) { DEBUG(1, ("Missing krb5_realm option!\n")); return EINVAL; } sig_realm = talloc_strdup(krb5_ctx, krb5_realm); if (sig_realm == NULL) { DEBUG(1, ("talloc_strdup failed!\n")); return ENOMEM; } sige = tevent_add_signal(ev, krb5_ctx, SIGTERM, SA_SIGINFO, krb5_finalize, sig_realm); if (sige == NULL) { DEBUG(1, ("tevent_add_signal failed.\n")); talloc_free(sig_realm); return ENOMEM; } talloc_steal(sige, sig_realm); return EOK; } errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx, struct sss_domain_info *dom, const char *username, const char *user_dom, char **_upn) { const char *realm = NULL; char *uc_dom = NULL; char *upn; char *name; char *domname; TALLOC_CTX *tmp_ctx = NULL; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } if (user_dom != NULL && dom->name != NULL && strcasecmp(dom->name, user_dom) != 0) { uc_dom = get_uppercase_realm(tmp_ctx, user_dom); if (uc_dom == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n")); ret = ENOMEM; goto done; } } else { realm = dp_opt_get_cstring(krb5_ctx->opts, KRB5_REALM); if (realm == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing Kerberos realm.\n")); ret = ENOMEM; goto done; } } /* Subdomains already have a fully qualified name, which contains * the domain name. We need to replace it with the realm name */ ret = sss_parse_name(tmp_ctx, dom->names, username, &domname, &name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not parse [%s] into name and " "domain components, login might fail\n", username)); name = discard_const(username); } /* NOTE: this is a hack, works only in some environments */ upn = talloc_asprintf(tmp_ctx, "%s@%s", name, realm != NULL ? realm : uc_dom); if (upn == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } DEBUG(9, ("Using simple UPN [%s].\n", upn)); *_upn = talloc_steal(mem_ctx, upn); ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t compare_principal_realm(const char *upn, const char *realm, bool *different_realm) { char *at_sign; if (upn == NULL || realm == NULL || different_realm == NULL || *upn == '\0' || *realm == '\0') { return EINVAL; } at_sign = strchr(upn, '@'); if (at_sign == NULL) { return EINVAL; } if (strcmp(realm, at_sign + 1) == 0) { *different_realm = false; } else { *different_realm = true; } return EOK; } sssd-1.11.5/src/providers/PaxHeaders.13173/dp_refresh.c0000644000000000000000000000007412320753107020644 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.526875045 sssd-1.11.5/src/providers/dp_refresh.c0000664002412700241270000002041612320753107021071 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "providers/dp_backend.h" #include "providers/dp_ptask.h" #include "providers/dp_refresh.h" #include "util/util_errors.h" #include "db/sysdb.h" static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, time_t period, const char *objectclass, struct ldb_dn *base_dn, const char *attr, char ***_values) { TALLOC_CTX *tmp_ctx = NULL; const char *attrs[] = {attr, NULL}; const char *filter = NULL; char **values = NULL; struct ldb_message **msgs = NULL; struct sysdb_attrs **records = NULL; size_t count; time_t now = time(NULL); errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } filter = talloc_asprintf(tmp_ctx, "(&(%s<=%lld))", SYSDB_CACHE_EXPIRE, (long long) now + period); if (filter == NULL) { ret = ENOMEM; goto done; } ret = sysdb_search_entry(tmp_ctx, domain->sysdb, base_dn, LDB_SCOPE_SUBTREE, filter, attrs, &count, &msgs); if (ret == ENOENT) { count = 0; } else if (ret != EOK) { goto done; } ret = sysdb_msg2attrs(tmp_ctx, count, msgs, &records); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not convert ldb message to sysdb_attrs\n")); goto done; } ret = sysdb_attrs_to_list(tmp_ctx, records, count, attr, &values); if (ret != EOK) { goto done; } *_values = talloc_steal(mem_ctx, values); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static errno_t be_refresh_get_netgroups(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, time_t period, char ***_values) { struct ldb_dn *base_dn = NULL; errno_t ret; base_dn = sysdb_netgroup_base_dn(domain->sysdb, mem_ctx, domain); if (base_dn == NULL) { return ENOMEM; } ret = be_refresh_get_values(mem_ctx, domain, period, SYSDB_NETGROUP_CLASS, base_dn, SYSDB_NAME, _values); talloc_free(base_dn); return ret; } typedef errno_t (*be_refresh_get_values_t)(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, time_t period, char ***_values); struct be_refresh_cb { bool enabled; be_refresh_get_values_t get_values; be_refresh_send_t send_fn; be_refresh_recv_t recv_fn; void *pvt; }; struct be_refresh_ctx { struct be_refresh_cb callbacks[BE_REFRESH_TYPE_SENTINEL]; }; struct be_refresh_ctx *be_refresh_ctx_init(TALLOC_CTX *mem_ctx) { struct be_refresh_ctx *ctx = NULL; ctx = talloc_zero(mem_ctx, struct be_refresh_ctx); if (ctx == NULL) { return NULL; } ctx->callbacks[BE_REFRESH_TYPE_NETGROUPS].get_values \ = be_refresh_get_netgroups; return ctx; } errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, enum be_refresh_type type, be_refresh_send_t send_fn, be_refresh_recv_t recv_fn, void *pvt) { if (ctx == NULL || send_fn == NULL || recv_fn == NULL || type >= BE_REFRESH_TYPE_SENTINEL) { return EINVAL; } if (ctx->callbacks[type].enabled) { return EEXIST; } ctx->callbacks[type].enabled = true; ctx->callbacks[type].send_fn = send_fn; ctx->callbacks[type].recv_fn = recv_fn; ctx->callbacks[type].pvt = pvt; return EOK; } struct be_refresh_state { struct tevent_context *ev; struct be_ctx *be_ctx; struct be_refresh_ctx *ctx; struct be_refresh_cb *cb; enum be_refresh_type index; time_t period; }; static errno_t be_refresh_step(struct tevent_req *req); static void be_refresh_done(struct tevent_req *subreq); struct tevent_req *be_refresh_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct be_ptask *be_ptask, void *pvt) { struct be_refresh_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct be_refresh_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->ev = ev; state->be_ctx = be_ctx; state->period = be_ptask_get_period(be_ptask); state->ctx = talloc_get_type(pvt, struct be_refresh_ctx); if (state->ctx == NULL) { ret = EINVAL; goto immediately; } ret = be_refresh_step(req); if (ret == EOK) { goto immediately; } else if (ret != EAGAIN) { DEBUG(SSSDBG_CRIT_FAILURE, ("be_refresh_step() failed [%d]: %s\n", ret, sss_strerror(ret))); goto immediately; } return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t be_refresh_step(struct tevent_req *req) { struct be_refresh_state *state = NULL; struct tevent_req *subreq = NULL; char **values = NULL; errno_t ret; state = tevent_req_data(req, struct be_refresh_state); state->cb = &state->ctx->callbacks[state->index]; while (state->index != BE_REFRESH_TYPE_SENTINEL && !state->cb->enabled) { state->index++; state->cb = &state->ctx->callbacks[state->index]; } if (state->index == BE_REFRESH_TYPE_SENTINEL) { ret = EOK; goto done; } if (state->cb->get_values == NULL || state->cb->send_fn == NULL || state->cb->recv_fn == NULL) { ret = EINVAL; goto done; } ret = state->cb->get_values(state, state->be_ctx->domain, state->period, &values); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to obtain DN list [%d]: %s\n", ret, sss_strerror(ret))); goto done; } subreq = state->cb->send_fn(state, state->ev, state->be_ctx, values, state->cb->pvt); if (subreq == NULL) { ret = ENOMEM; goto done; } /* make the list disappear with subreq */ talloc_steal(subreq, values); tevent_req_set_callback(subreq, be_refresh_done, req); state->index++; ret = EAGAIN; done: return ret; } static void be_refresh_done(struct tevent_req *subreq) { struct be_refresh_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct be_refresh_state); ret = state->cb->recv_fn(subreq); talloc_zfree(subreq); if (ret != EOK) { goto done; } ret = be_refresh_step(req); if (ret == EAGAIN) { return; } done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } errno_t be_refresh_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/PaxHeaders.13173/dp_refresh.h0000644000000000000000000000007312320753107020650 xustar000000000000000030 atime=1396954939.263891433 29 ctime=1396954961.46587509 sssd-1.11.5/src/providers/dp_refresh.h0000664002412700241270000000403012320753107021070 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _DP_REFRESH_H_ #define _DP_REFRESH_H_ #include #include #include "providers/dp_ptask.h" /* solve circular dependency */ struct be_ctx; /** * name_list contains SYSDB_NAME of all expired records. */ typedef struct tevent_req * (*be_refresh_send_t)(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, char **values, void *pvt); typedef errno_t (*be_refresh_recv_t)(struct tevent_req *req); enum be_refresh_type { BE_REFRESH_TYPE_NETGROUPS, BE_REFRESH_TYPE_SENTINEL }; struct be_refresh_ctx; struct be_refresh_ctx *be_refresh_ctx_init(TALLOC_CTX *mem_ctx); errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, enum be_refresh_type type, be_refresh_send_t send_fn, be_refresh_recv_t recv_fn, void *pvt); struct tevent_req *be_refresh_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct be_ptask *be_ptask, void *pvt); errno_t be_refresh_recv(struct tevent_req *req); #endif /* _DP_REFRESH_H_ */ sssd-1.11.5/src/providers/PaxHeaders.13173/fail_over_srv.c0000644000000000000000000000007412320753107021363 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.528875044 sssd-1.11.5/src/providers/fail_over_srv.c0000664002412700241270000004762612320753107021624 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "util/util.h" #include "resolv/async_resolv.h" #include "providers/fail_over_srv.h" struct fo_discover_srv_state { char *dns_domain; struct fo_server_info *servers; size_t num_servers; }; static void fo_discover_srv_done(struct tevent_req *subreq); struct tevent_req *fo_discover_srv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv_ctx, const char *service, const char *protocol, const char **discovery_domains) { struct fo_discover_srv_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct fo_discover_srv_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } subreq = resolv_discover_srv_send(state, ev, resolv_ctx, service, protocol, discovery_domains); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, fo_discover_srv_done, req); return req; immediately: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void fo_discover_srv_done(struct tevent_req *subreq) { struct fo_discover_srv_state *state = NULL; struct tevent_req *req = NULL; struct ares_srv_reply *reply_list = NULL; struct ares_srv_reply *record = NULL; int i; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct fo_discover_srv_state); ret = resolv_discover_srv_recv(state, subreq, &reply_list, &state->dns_domain); talloc_zfree(subreq); if (ret == ENOENT) { ret = ERR_SRV_NOT_FOUND; goto done; } else if (ret == EIO) { ret = ERR_SRV_LOOKUP_ERROR; goto done; } else if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Got answer. Processing...\n")); /* sort and store the answer */ ret = resolv_sort_srv_reply(&reply_list); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not sort the answers from DNS " "[%d]: %s\n", ret, strerror(ret))); goto done; } state->num_servers = 0; for (record = reply_list; record != NULL; record = record->next) { state->num_servers++; } DEBUG(SSSDBG_TRACE_FUNC, ("Got %zu servers\n", state->num_servers)); state->servers = talloc_array(state, struct fo_server_info, state->num_servers); if (state->servers == NULL) { ret = ENOMEM; goto done; } for (record = reply_list, i = 0; record != NULL; record = record->next, i++) { state->servers[i].host = talloc_steal(state->servers, record->host); state->servers[i].port = record->port; state->servers[i].priority = record->priority; } talloc_zfree(reply_list); ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } errno_t fo_discover_srv_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain, struct fo_server_info **_servers, size_t *_num_servers) { struct fo_discover_srv_state *state = NULL; state = tevent_req_data(req, struct fo_discover_srv_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_dns_domain != NULL) { *_dns_domain = talloc_steal(mem_ctx, state->dns_domain); } if (_servers != NULL) { *_servers = talloc_steal(mem_ctx, state->servers); } if (_num_servers != NULL) { *_num_servers = state->num_servers; } return EOK; } struct fo_discover_servers_state { struct tevent_context *ev; struct resolv_ctx *resolv_ctx; const char *service; const char *protocol; const char *primary_domain; const char *backup_domain; char *dns_domain; struct fo_server_info *primary_servers; size_t num_primary_servers; struct fo_server_info *backup_servers; size_t num_backup_servers; }; static void fo_discover_servers_primary_done(struct tevent_req *subreq); static void fo_discover_servers_backup_done(struct tevent_req *subreq); struct tevent_req *fo_discover_servers_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv_ctx, const char *service, const char *protocol, const char *primary_domain, const char *backup_domain) { struct fo_discover_servers_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; const char **domains = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct fo_discover_servers_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } if (primary_domain == NULL) { if (backup_domain == NULL) { state->primary_servers = NULL; state->num_primary_servers = 0; state->backup_servers = NULL; state->num_backup_servers = 0; state->dns_domain = NULL; ret = EOK; goto immediately; } else { primary_domain = backup_domain; backup_domain = NULL; } } state->ev = ev; state->resolv_ctx = resolv_ctx; state->service = talloc_strdup(state, service); if (state->service == NULL) { ret = ENOMEM; goto immediately; } state->protocol = talloc_strdup(state, protocol); if (state->protocol == NULL) { ret = ENOMEM; goto immediately; } state->primary_domain = talloc_strdup(state, primary_domain); if (state->primary_domain == NULL) { ret = ENOMEM; goto immediately; } state->backup_domain = talloc_strdup(state, backup_domain); if (state->backup_domain == NULL && backup_domain != NULL) { ret = ENOMEM; goto immediately; } DEBUG(SSSDBG_TRACE_FUNC, ("Looking up primary servers\n")); domains = talloc_zero_array(state, const char *, 3); if (domains == NULL) { ret = ENOMEM; goto immediately; } domains[0] = state->primary_domain; domains[1] = state->backup_domain; subreq = fo_discover_srv_send(state, ev, resolv_ctx, state->service, state->protocol, domains); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, fo_discover_servers_primary_done, req); return req; immediately: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void fo_discover_servers_primary_done(struct tevent_req *subreq) { struct fo_discover_servers_state *state = NULL; struct tevent_req *req = NULL; const char **domains = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct fo_discover_servers_state); ret = fo_discover_srv_recv(state, subreq, &state->dns_domain, &state->primary_servers, &state->num_primary_servers); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to retrieve primary servers " "[%d]: %s\n", ret, sss_strerror(ret))); if (ret != ERR_SRV_NOT_FOUND && ret != ERR_SRV_LOOKUP_ERROR) { /* abort on system error */ goto done; } } if (state->backup_domain == NULL) { /* if there is no backup domain, we are done */ DEBUG(SSSDBG_TRACE_FUNC, ("No backup domain specified\n")); goto done; } if (state->dns_domain != NULL && strcasecmp(state->dns_domain, state->backup_domain) == 0) { /* If there was no error and dns_domain is the same as backup domain, * it means that we were unable to resolve SRV in primary domain, but * SRV from backup domain was resolved and those servers are considered * to be primary. We are done. */ state->backup_servers = NULL; state->num_backup_servers = 0; ret = EOK; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Looking up backup servers\n")); domains = talloc_zero_array(state, const char *, 2); if (domains == NULL) { ret = ENOMEM; goto done; } domains[0] = state->backup_domain; subreq = fo_discover_srv_send(state, state->ev, state->resolv_ctx, state->service, state->protocol, domains); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, fo_discover_servers_backup_done, req); ret = EAGAIN; done: if (ret == EOK) { tevent_req_done(req); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } static void fo_discover_servers_backup_done(struct tevent_req *subreq) { struct fo_discover_servers_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct fo_discover_servers_state); ret = fo_discover_srv_recv(state, subreq, NULL, &state->backup_servers, &state->num_backup_servers); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to retrieve backup servers " "[%d]: %s\n", ret, sss_strerror(ret))); if (ret == ERR_SRV_NOT_FOUND || ret == ERR_SRV_LOOKUP_ERROR) { /* we have successfully fetched primary servers, so we will * finish the request normally on non system error */ ret = EOK; } } if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } errno_t fo_discover_servers_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain, struct fo_server_info **_primary_servers, size_t *_num_primary_servers, struct fo_server_info **_backup_servers, size_t *_num_backup_servers) { struct fo_discover_servers_state *state = NULL; state = tevent_req_data(req, struct fo_discover_servers_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_primary_servers) { *_primary_servers = talloc_steal(mem_ctx, state->primary_servers); } if (_num_primary_servers) { *_num_primary_servers = state->num_primary_servers; } if (_backup_servers) { *_backup_servers = talloc_steal(mem_ctx, state->backup_servers); } if (_num_backup_servers) { *_num_backup_servers = state->num_backup_servers; } if (_dns_domain) { *_dns_domain = talloc_steal(mem_ctx, state->dns_domain); } return EOK; } struct fo_resolve_srv_dns_ctx { struct resolv_ctx *resolv_ctx; enum restrict_family family_order; enum host_database *host_dbs; char *hostname; char *sssd_domain; char *detected_domain; }; struct fo_resolve_srv_dns_state { struct tevent_context *ev; struct fo_resolve_srv_dns_ctx *ctx; const char *service; const char *protocol; const char *discovery_domain; char *dns_domain; struct fo_server_info *servers; size_t num_servers; }; static void fo_resolve_srv_dns_domain_done(struct tevent_req *subreq); static errno_t fo_resolve_srv_dns_discover(struct tevent_req *req); static void fo_resolve_srv_dns_done(struct tevent_req *subreq); struct fo_resolve_srv_dns_ctx * fo_resolve_srv_dns_ctx_init(TALLOC_CTX *mem_ctx, struct resolv_ctx *resolv_ctx, enum restrict_family family_order, enum host_database *host_dbs, const char *hostname, const char *sssd_domain) { struct fo_resolve_srv_dns_ctx *ctx = NULL; ctx = talloc_zero(mem_ctx, struct fo_resolve_srv_dns_ctx); if (ctx == NULL) { return NULL; } ctx->resolv_ctx = resolv_ctx; ctx->family_order = family_order; ctx->host_dbs = host_dbs; ctx->hostname = talloc_strdup(ctx, hostname); if (ctx->hostname == NULL) { goto fail; } ctx->sssd_domain = talloc_strdup(ctx, sssd_domain); if (ctx->sssd_domain == NULL) { goto fail; } return ctx; fail: talloc_free(ctx); return NULL; } struct tevent_req *fo_resolve_srv_dns_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *service, const char *protocol, const char *discovery_domain, void *pvt) { struct fo_resolve_srv_dns_state *state = NULL; struct fo_resolve_srv_dns_ctx *ctx = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct fo_resolve_srv_dns_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } ctx = talloc_get_type(pvt, struct fo_resolve_srv_dns_ctx); if (ctx == NULL) { ret = EINVAL; goto immediately; } state->ev = ev; state->ctx = ctx; state->service = service; state->protocol = protocol; if (discovery_domain == NULL) { state->discovery_domain = NULL; } else { state->discovery_domain = discovery_domain; } if (discovery_domain == NULL && ctx->detected_domain == NULL) { /* we will try to detect proper discovery domain */ subreq = resolv_get_domain_send(state, state->ev, ctx->resolv_ctx, ctx->hostname, ctx->host_dbs, ctx->family_order); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, fo_resolve_srv_dns_domain_done, req); } else { /* we will use either provided or previously detected * discovery domain */ ret = fo_resolve_srv_dns_discover(req); if (ret != EAGAIN) { goto immediately; } } return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void fo_resolve_srv_dns_domain_done(struct tevent_req *subreq) { struct fo_resolve_srv_dns_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct fo_resolve_srv_dns_state); ret = resolv_get_domain_recv(state->ctx, subreq, &state->ctx->detected_domain); talloc_zfree(subreq); if (ret != EOK) { goto done; } ret = fo_resolve_srv_dns_discover(req); done: if (ret == EOK) { tevent_req_done(req); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } static errno_t fo_resolve_srv_dns_discover(struct tevent_req *req) { struct fo_resolve_srv_dns_state *state = NULL; struct fo_resolve_srv_dns_ctx *ctx = NULL; struct tevent_req *subreq = NULL; const char **domains = NULL; errno_t ret; state = tevent_req_data(req, struct fo_resolve_srv_dns_state); ctx = state->ctx; domains = talloc_zero_array(state, const char *, 3); if (domains == NULL) { ret = ENOMEM; goto done; } if (state->discovery_domain == NULL) { /* we will use detected domain with SSSD domain as fallback */ domains[0] = talloc_strdup(domains, ctx->detected_domain); if (domains[0] == NULL) { ret = ENOMEM; goto done; } if (strcasecmp(ctx->detected_domain, ctx->sssd_domain) != 0) { domains[1] = talloc_strdup(domains, ctx->sssd_domain); if (domains[1] == NULL) { ret = ENOMEM; goto done; } } } else { /* We will use only discovery domain that was provided via plugin * interface. We don't have to dup here because it is already on * state. */ domains[0] = state->discovery_domain; } subreq = fo_discover_srv_send(state, state->ev, ctx->resolv_ctx, state->service, state->protocol, domains); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, fo_resolve_srv_dns_done, req); ret = EAGAIN; done: if (ret != EAGAIN) { talloc_free(domains); } return ret; } static void fo_resolve_srv_dns_done(struct tevent_req *subreq) { struct fo_resolve_srv_dns_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct fo_resolve_srv_dns_state); ret = fo_discover_srv_recv(state, subreq, &state->dns_domain, &state->servers, &state->num_servers); talloc_zfree(subreq); if (ret != EOK) { goto done; } done: if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } errno_t fo_resolve_srv_dns_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain, struct fo_server_info **_primary_servers, size_t *_num_primary_servers, struct fo_server_info **_backup_servers, size_t *_num_backup_servers) { struct fo_resolve_srv_dns_state *state = NULL; state = tevent_req_data(req, struct fo_resolve_srv_dns_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_primary_servers) { *_primary_servers = talloc_steal(mem_ctx, state->servers); } if (_num_primary_servers) { *_num_primary_servers = state->num_servers; } /* backup servers are not supported by simple srv lookup */ if (_backup_servers) { *_backup_servers = NULL; } if (_num_backup_servers) { *_num_backup_servers = 0; } if (_dns_domain) { *_dns_domain = talloc_steal(mem_ctx, state->dns_domain); } return EOK; } sssd-1.11.5/src/providers/PaxHeaders.13173/proxy0000644000000000000000000000013212320753521017456 xustar000000000000000030 mtime=1396954961.735874891 30 atime=1396955003.533843848 30 ctime=1396954961.735874891 sssd-1.11.5/src/providers/proxy/0000775002412700241270000000000012320753521017762 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/providers/proxy/PaxHeaders.13173/proxy_services.c0000644000000000000000000000007412320753107022770 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.646874957 sssd-1.11.5/src/providers/proxy/proxy_services.c0000664002412700241270000002377012320753107023223 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/proxy/proxy.h" #include "util/util.h" #include "util/strtonum.h" #include "db/sysdb_services.h" #define BUFLEN 1024 errno_t proxy_save_service(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct servent *svc, bool lowercase, uint64_t cache_timeout) { errno_t ret; char *cased_name; const char **protocols; const char **cased_aliases; TALLOC_CTX *tmp_ctx; time_t now = time(NULL); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; cased_name = sss_get_cased_name(tmp_ctx, svc->s_name, !lowercase); if (!cased_name) { ret = ENOMEM; goto done; } protocols = talloc_array(tmp_ctx, const char *, 2); if (!protocols) { ret = ENOMEM; goto done; } protocols[0] = sss_get_cased_name(protocols, svc->s_proto, !lowercase); if (!protocols[0]) { ret = ENOMEM; goto done; } protocols[1] = NULL; /* Count the aliases */ ret = sss_get_cased_name_list(tmp_ctx, (const char * const *) svc->s_aliases, !lowercase, &cased_aliases); if (ret != EOK) { goto done; } ret = sysdb_store_service(sysdb, domain, cased_name, ntohs(svc->s_port), cased_aliases, protocols, NULL, NULL, cache_timeout, now); done: talloc_free(tmp_ctx); return ret; } errno_t get_serv_byname(struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, const char *name, const char *protocol) { errno_t ret; enum nss_status status; struct servent *result; TALLOC_CTX *tmp_ctx; char buffer[BUFLEN]; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; result = talloc_zero(tmp_ctx, struct servent); if (!result) { ret = ENOMEM; goto done; } status = ctx->ops.getservbyname_r(name, protocol, result, buffer, BUFLEN, &ret); if (status != NSS_STATUS_SUCCESS && status != NSS_STATUS_NOTFOUND) { DEBUG(SSSDBG_MINOR_FAILURE, ("getservbyname_r failed for service [%s].\n", name)); return ret; } if (status == NSS_STATUS_NOTFOUND) { /* Make sure we remove it from the cache */ ret = sysdb_svc_delete(sysdb, dom, name, 0, protocol); } else { /* Results found. Save them into the cache */ ret = proxy_save_service(sysdb, dom, result, !dom->case_sensitive, dom->service_timeout); } done: talloc_free(tmp_ctx); return ret; } errno_t get_serv_byport(struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, const char *be_filter, const char *protocol) { errno_t ret; enum nss_status status; struct servent *result; TALLOC_CTX *tmp_ctx; uint16_t port; char buffer[BUFLEN]; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; result = talloc_zero(tmp_ctx, struct servent); if (!result) { ret = ENOMEM; goto done; } errno = 0; port = htons(strtouint16(be_filter, NULL, 0)); if (errno) { ret = errno; goto done; } status = ctx->ops.getservbyport_r(port, protocol, result, buffer, BUFLEN, &ret); if (status != NSS_STATUS_SUCCESS && status != NSS_STATUS_NOTFOUND) { DEBUG(SSSDBG_MINOR_FAILURE, ("getservbyport_r failed for service [%s].\n", be_filter)); return ret; } if (status == NSS_STATUS_NOTFOUND) { /* Make sure we remove it from the cache */ ret = sysdb_svc_delete(sysdb, dom, NULL, port, protocol); } else { /* Results found. Save them into the cache */ ret = proxy_save_service(sysdb, dom, result, !dom->case_sensitive, dom->service_timeout); } done: talloc_free(tmp_ctx); return ret; } errno_t enum_services(struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom) { TALLOC_CTX *tmpctx; bool in_transaction = false; struct servent *svc; enum nss_status status; size_t buflen; char *buffer; char *newbuf; errno_t ret, sret; time_t now = time(NULL); const char **protocols; const char **cased_aliases; bool again; DEBUG(SSSDBG_TRACE_FUNC, ("Enumerating services\n")); tmpctx = talloc_new(NULL); if (!tmpctx) { return ENOMEM; } svc = talloc(tmpctx, struct servent); if (!svc) { ret = ENOMEM; goto done; } buflen = DEFAULT_BUFSIZE; buffer = talloc_size(tmpctx, buflen); if (!buffer) { ret = ENOMEM; goto done; } protocols = talloc_zero_array(tmpctx, const char *, 2); if (protocols == NULL) { ret = ENOMEM; goto done; } ret = sysdb_transaction_start(sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; status = ctx->ops.setservent(); if (status != NSS_STATUS_SUCCESS) { ret = EIO; goto done; } do { again = false; /* always zero out the svc structure */ memset(svc, 0, sizeof(struct servent)); /* get entry */ status = ctx->ops.getservent_r(svc, buffer, buflen, &ret); switch (status) { case NSS_STATUS_TRYAGAIN: /* buffer too small ? */ if (buflen < MAX_BUF_SIZE) { buflen *= 2; } if (buflen > MAX_BUF_SIZE) { buflen = MAX_BUF_SIZE; } newbuf = talloc_realloc_size(tmpctx, buffer, buflen); if (!newbuf) { ret = ENOMEM; goto done; } buffer = newbuf; again = true; break; case NSS_STATUS_NOTFOUND: /* we are done here */ DEBUG(SSSDBG_TRACE_FUNC, ("Enumeration completed.\n")); ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; break; case NSS_STATUS_SUCCESS: DEBUG(SSSDBG_TRACE_INTERNAL, ("Service found (%s, %d/%s)\n", svc->s_name, svc->s_port, svc->s_proto)); protocols[0] = sss_get_cased_name(protocols, svc->s_proto, dom->case_sensitive); if (!protocols[0]) { ret = ENOMEM; goto done; } protocols[1] = NULL; ret = sss_get_cased_name_list(tmpctx, (const char * const *) svc->s_aliases, dom->case_sensitive, &cased_aliases); if (ret != EOK) { /* Do not fail completely on errors. * Just report the failure to save and go on */ DEBUG(SSSDBG_OP_FAILURE, ("Failed to store service [%s]. Ignoring.\n", strerror(ret))); again = true; break; } ret = sysdb_store_service(sysdb, dom, svc->s_name, svc->s_port, cased_aliases, protocols, NULL, NULL, dom->service_timeout, now); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ DEBUG(SSSDBG_OP_FAILURE, ("Failed to store service [%s]. Ignoring.\n", strerror(ret))); } again = true; break; case NSS_STATUS_UNAVAIL: /* "remote" backend unavailable. Enter offline mode */ ret = ENXIO; break; default: ret = EIO; DEBUG(SSSDBG_CRIT_FAILURE, ("proxy -> getservent_r failed (%d)[%s]\n", ret, strerror(ret))); break; } } while (again); done: talloc_zfree(tmpctx); if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction! [%s]\n", strerror(sret))); } } ctx->ops.endservent(); return ret; } sssd-1.11.5/src/providers/proxy/PaxHeaders.13173/proxy_id.c0000644000000000000000000000007412320753107021541 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.644874958 sssd-1.11.5/src/providers/proxy/proxy_id.c0000664002412700241270000012704712320753107021776 0ustar00jhrozekjhrozek00000000000000/* SSSD proxy_id.c Authors: Stephen Gallagher Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include "util/sss_format.h" #include "util/strtonum.h" #include "providers/proxy/proxy.h" /* =Getpwnam-wrapper======================================================*/ static int save_user(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, bool lowercase, struct passwd *pwd, const char *real_name, const char *alias, uint64_t cache_timeout); static int handle_getpw_result(enum nss_status status, struct passwd *pwd, struct sss_domain_info *dom, bool *del_user); static int delete_user(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, uid_t uid); static int get_pw_name(TALLOC_CTX *mem_ctx, struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, const char *name) { TALLOC_CTX *tmpctx; struct passwd *pwd; enum nss_status status; char *buffer; size_t buflen; int ret; uid_t uid; bool del_user; struct ldb_result *cached_pwd = NULL; const char *real_name = NULL; DEBUG(SSSDBG_TRACE_FUNC, ("Searching user by name (%s)\n", name)); tmpctx = talloc_new(NULL); if (!tmpctx) { return ENOMEM; } pwd = talloc_zero(tmpctx, struct passwd); if (!pwd) { ret = ENOMEM; goto done; } buflen = DEFAULT_BUFSIZE; buffer = talloc_size(tmpctx, buflen); if (!buffer) { ret = ENOMEM; goto done; } /* FIXME: should we move this call outside the transaction to keep the * transaction as short as possible ? */ status = ctx->ops.getpwnam_r(name, pwd, buffer, buflen, &ret); ret = handle_getpw_result(status, pwd, dom, &del_user); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("getpwnam failed [%d]: %s\n", ret, strerror(ret))); goto done; } if (del_user) { ret = delete_user(sysdb, dom, name, 0); goto done; } uid = pwd->pw_uid; /* Canonicalize the username in case it was actually an alias */ if (ctx->fast_alias == true) { ret = sysdb_getpwuid(tmpctx, sysdb, dom, uid, &cached_pwd); if (ret != EOK) { /* Non-fatal, attempt to canonicalize online */ DEBUG(SSSDBG_TRACE_FUNC, ("Request to cache failed [%d]: %s\n", ret, strerror(ret))); } if (ret == EOK && cached_pwd->count == 1) { real_name = ldb_msg_find_attr_as_string(cached_pwd->msgs[0], SYSDB_NAME, NULL); if (!real_name) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cached user has no name?\n")); } } } if (real_name == NULL) { memset(buffer, 0, buflen); status = ctx->ops.getpwuid_r(uid, pwd, buffer, buflen, &ret); ret = handle_getpw_result(status, pwd, dom, &del_user); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("getpwuid failed [%d]: %s\n", ret, strerror(ret))); goto done; } real_name = pwd->pw_name; } if (del_user) { ret = delete_user(sysdb, dom, name, uid); goto done; } /* Both lookups went fine, we can save the user now */ ret = save_user(sysdb, dom, !dom->case_sensitive, pwd, real_name, name, dom->user_timeout); done: talloc_zfree(tmpctx); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("proxy -> getpwnam_r failed for '%s' <%d>: %s\n", name, ret, strerror(ret))); } return ret; } static int handle_getpw_result(enum nss_status status, struct passwd *pwd, struct sss_domain_info *dom, bool *del_user) { int ret = EOK; if (!del_user) { return EINVAL; } *del_user = false; switch (status) { case NSS_STATUS_NOTFOUND: DEBUG(SSSDBG_MINOR_FAILURE, ("User not found.\n")); *del_user = true; break; case NSS_STATUS_SUCCESS: DEBUG(SSSDBG_TRACE_FUNC, ("User found: (%s, %"SPRIuid", %"SPRIgid")\n", pwd->pw_name, pwd->pw_uid, pwd->pw_gid)); /* uid=0 or gid=0 are invalid values */ /* also check that the id is in the valid range for this domain */ if (OUT_OF_ID_RANGE(pwd->pw_uid, dom->id_min, dom->id_max) || OUT_OF_ID_RANGE(pwd->pw_gid, dom->id_min, dom->id_max)) { DEBUG(SSSDBG_MINOR_FAILURE, ("User filtered out! (id out of range)\n")); *del_user = true; break; } break; case NSS_STATUS_UNAVAIL: DEBUG(SSSDBG_MINOR_FAILURE, ("Remote back end is not available. Entering offline mode\n")); ret = ENXIO; break; default: DEBUG(SSSDBG_OP_FAILURE, ("Unknown return code %d\n", status)); ret = EIO; break; } return ret; } static int delete_user(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, uid_t uid) { int ret = EOK; DEBUG(SSSDBG_TRACE_FUNC, ("User %s does not exist (or is invalid) on remote server," " deleting!\n", name)); ret = sysdb_delete_user(sysdb, domain, name, uid); if (ret == ENOENT) { ret = EOK; } return ret; } static int save_user(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, bool lowercase, struct passwd *pwd, const char *real_name, const char *alias, uint64_t cache_timeout) { const char *shell; const char *gecos; struct sysdb_attrs *attrs = NULL; errno_t ret; const char *cased_alias; if (pwd->pw_shell && pwd->pw_shell[0] != '\0') { shell = pwd->pw_shell; } else { shell = NULL; } if (pwd->pw_gecos && pwd->pw_gecos[0] != '\0') { gecos = pwd->pw_gecos; } else { gecos = NULL; } if (lowercase || alias) { attrs = sysdb_new_attrs(NULL); if (!attrs) { DEBUG(SSSDBG_CRIT_FAILURE, ("Allocation error ?!\n")); return ENOMEM; } } if (lowercase) { ret = sysdb_attrs_add_lc_name_alias(attrs, pwd->pw_name); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add name alias\n")); talloc_zfree(attrs); return ret; } } if (alias) { cased_alias = sss_get_cased_name(attrs, alias, !lowercase); if (!cased_alias) { talloc_zfree(attrs); return ENOMEM; } ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, cased_alias); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add name alias\n")); talloc_zfree(attrs); return ret; } } ret = sysdb_store_user(sysdb, domain, real_name, pwd->pw_passwd, pwd->pw_uid, pwd->pw_gid, gecos, pwd->pw_dir, shell, NULL, attrs, NULL, cache_timeout, 0); talloc_zfree(attrs); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add user to cache\n")); return ret; } return EOK; } /* =Getpwuid-wrapper======================================================*/ static int get_pw_uid(TALLOC_CTX *mem_ctx, struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, uid_t uid) { TALLOC_CTX *tmpctx; struct passwd *pwd; enum nss_status status; char *buffer; size_t buflen; bool del_user = false; int ret; DEBUG(SSSDBG_TRACE_FUNC, ("Searching user by uid (%"SPRIuid")\n", uid)); tmpctx = talloc_new(NULL); if (!tmpctx) { return ENOMEM; } pwd = talloc_zero(tmpctx, struct passwd); if (!pwd) { ret = ENOMEM; goto done; } buflen = DEFAULT_BUFSIZE; buffer = talloc_size(tmpctx, buflen); if (!buffer) { ret = ENOMEM; goto done; } status = ctx->ops.getpwuid_r(uid, pwd, buffer, buflen, &ret); ret = handle_getpw_result(status, pwd, dom, &del_user); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("getpwuid failed [%d]: %s\n", ret, strerror(ret))); goto done; } if (del_user) { ret = delete_user(sysdb, dom, NULL, uid); goto done; } ret = save_user(sysdb, dom, !dom->case_sensitive, pwd, pwd->pw_name, NULL, dom->user_timeout); done: talloc_zfree(tmpctx); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("proxy -> getpwuid_r failed for '%"SPRIuid"' <%d>: %s\n", uid, ret, strerror(ret))); } return ret; } /* =Getpwent-wrapper======================================================*/ static int enum_users(TALLOC_CTX *mem_ctx, struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom) { TALLOC_CTX *tmpctx; bool in_transaction = false; struct passwd *pwd; enum nss_status status; size_t buflen; char *buffer; char *newbuf; int ret; errno_t sret; bool again; DEBUG(SSSDBG_TRACE_LIBS, ("Enumerating users\n")); tmpctx = talloc_new(mem_ctx); if (!tmpctx) { return ENOMEM; } pwd = talloc_zero(tmpctx, struct passwd); if (!pwd) { ret = ENOMEM; goto done; } buflen = DEFAULT_BUFSIZE; buffer = talloc_size(tmpctx, buflen); if (!buffer) { ret = ENOMEM; goto done; } ret = sysdb_transaction_start(sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; status = ctx->ops.setpwent(); if (status != NSS_STATUS_SUCCESS) { ret = EIO; goto done; } do { again = false; /* always zero out the pwd structure */ memset(pwd, 0, sizeof(struct passwd)); /* get entry */ status = ctx->ops.getpwent_r(pwd, buffer, buflen, &ret); switch (status) { case NSS_STATUS_TRYAGAIN: /* buffer too small ? */ if (buflen < MAX_BUF_SIZE) { buflen *= 2; } if (buflen > MAX_BUF_SIZE) { buflen = MAX_BUF_SIZE; } newbuf = talloc_realloc_size(tmpctx, buffer, buflen); if (!newbuf) { ret = ENOMEM; goto done; } buffer = newbuf; again = true; break; case NSS_STATUS_NOTFOUND: /* we are done here */ DEBUG(SSSDBG_TRACE_LIBS, ("Enumeration completed.\n")); ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; break; case NSS_STATUS_SUCCESS: DEBUG(SSSDBG_TRACE_LIBS, ("User found (%s, %"SPRIuid", %"SPRIgid")\n", pwd->pw_name, pwd->pw_uid, pwd->pw_gid)); /* uid=0 or gid=0 are invalid values */ /* also check that the id is in the valid range for this domain */ if (OUT_OF_ID_RANGE(pwd->pw_uid, dom->id_min, dom->id_max) || OUT_OF_ID_RANGE(pwd->pw_gid, dom->id_min, dom->id_max)) { DEBUG(SSSDBG_OP_FAILURE, ("User [%s] filtered out! (id out" " of range)\n", pwd->pw_name)); again = true; break; } ret = save_user(sysdb, dom, !dom->case_sensitive, pwd, pwd->pw_name, NULL, dom->user_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ DEBUG(SSSDBG_OP_FAILURE, ("Failed to store user %s." " Ignoring.\n", pwd->pw_name)); } again = true; break; case NSS_STATUS_UNAVAIL: /* "remote" backend unavailable. Enter offline mode */ ret = ENXIO; break; default: ret = EIO; DEBUG(SSSDBG_OP_FAILURE, ("proxy -> getpwent_r failed (%d)[%s]" "\n", ret, strerror(ret))); break; } } while (again); done: talloc_zfree(tmpctx); if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } ctx->ops.endpwent(); return ret; } /* =Save-group-utilities=================================================*/ #define DEBUG_GR_MEM(level, grp) \ do { \ if (DEBUG_IS_SET(debug_get_level(level))) { \ if (!grp->gr_mem || !grp->gr_mem[0]) { \ DEBUG(level, ("Group %s has no members!\n", \ grp->gr_name)); \ } else { \ int i = 0; \ while (grp->gr_mem[i]) { \ /* count */ \ i++; \ } \ DEBUG(level, ("Group %s has %d members!\n", \ grp->gr_name, i)); \ } \ } \ } while(0) static errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sysdb_attrs *group_attrs, struct group *grp, time_t now); static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct group *grp, const char *real_name, const char *alias, uint64_t cache_timeout) { errno_t ret, sret; struct sysdb_attrs *attrs = NULL; const char *cased_alias; TALLOC_CTX *tmp_ctx; time_t now = time(NULL); bool in_transaction = false; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } DEBUG_GR_MEM(7, grp); ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; if (grp->gr_mem && grp->gr_mem[0]) { attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { DEBUG(SSSDBG_CRIT_FAILURE, ("Allocation error ?!\n")); ret = ENOMEM; goto done; } ret = sysdb_attrs_users_from_str_list( attrs, SYSDB_MEMBER, dom->name, (const char *const *)grp->gr_mem); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add group members\n")); goto done; } /* Create ghost users */ ret = proxy_process_missing_users(sysdb, dom, attrs, grp, now); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add missing members\n")); goto done; } } if (dom->case_sensitive == false || alias) { if (!attrs) { attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { DEBUG(SSSDBG_CRIT_FAILURE, ("Allocation error ?!\n")); ret = ENOMEM; goto done; } } if (dom->case_sensitive == false) { ret = sysdb_attrs_add_lc_name_alias(attrs, grp->gr_name); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add name alias\n")); ret = ENOMEM; goto done; } } if (alias) { cased_alias = sss_get_cased_name(attrs, alias, dom->case_sensitive); if (!cased_alias) { talloc_zfree(attrs); return ENOMEM; } ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, cased_alias); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add name alias\n")); ret = ENOMEM; goto done; } } } ret = sysdb_store_group(sysdb, dom, real_name, grp->gr_gid, attrs, cache_timeout, now); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add group to cache\n")); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not commit transaction: [%s]\n", strerror(ret))); goto done; } in_transaction = false; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } static errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sysdb_attrs *group_attrs, struct group *grp, time_t now) { errno_t ret; size_t i; TALLOC_CTX *tmp_ctx = NULL; struct ldb_message *msg; if (!sysdb || !grp) return EINVAL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; for (i = 0; grp->gr_mem[i]; i++) { ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, grp->gr_mem[i], NULL, &msg); if (ret == EOK) { /* Member already exists in the cache */ DEBUG(SSSDBG_TRACE_INTERNAL, ("Member [%s] already cached\n", grp->gr_mem[i])); /* clean up */ talloc_zfree(msg); continue; } else if (ret == ENOENT) { /* No entry for this user. Create a ghost user */ DEBUG(SSSDBG_TRACE_LIBS, ("Member [%s] not cached, creating ghost user entry\n", grp->gr_mem[i])); ret = sysdb_attrs_add_string(group_attrs, SYSDB_GHOST, grp->gr_mem[i]); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot store ghost user entry: [%d]: %s\n", ret, strerror(ret))); goto done; } } else { /* Unexpected error */ DEBUG(SSSDBG_MINOR_FAILURE, ("Error searching cache for user [%s]: [%s]\n", grp->gr_mem[i], strerror(ret))); goto done; } } ret = EOK; done: talloc_free(tmp_ctx); return ret; } /* =Getgrnam-wrapper======================================================*/ static char * grow_group_buffer(TALLOC_CTX *mem_ctx, char **buffer, size_t *buflen) { char *newbuf; if (*buflen == 0) { *buflen = DEFAULT_BUFSIZE; } if (*buflen < MAX_BUF_SIZE) { *buflen *= 2; } if (*buflen > MAX_BUF_SIZE) { *buflen = MAX_BUF_SIZE; } newbuf = talloc_realloc_size(mem_ctx, *buffer, *buflen); if (!newbuf) { return NULL; } *buffer = newbuf; return *buffer; } static errno_t handle_getgr_result(enum nss_status status, struct group *grp, struct sss_domain_info *dom, bool *delete_group) { switch (status) { case NSS_STATUS_TRYAGAIN: DEBUG(SSSDBG_MINOR_FAILURE, ("Buffer too small\n")); return EAGAIN; case NSS_STATUS_NOTFOUND: DEBUG(SSSDBG_MINOR_FAILURE, ("Group not found.\n")); *delete_group = true; break; case NSS_STATUS_SUCCESS: DEBUG(SSSDBG_FUNC_DATA, ("Group found: (%s, %"SPRIgid")\n", grp->gr_name, grp->gr_gid)); /* gid=0 is an invalid value */ /* also check that the id is in the valid range for this domain */ if (OUT_OF_ID_RANGE(grp->gr_gid, dom->id_min, dom->id_max)) { DEBUG(SSSDBG_MINOR_FAILURE, ("Group filtered out! (id out of range)\n")); *delete_group = true; break; } break; case NSS_STATUS_UNAVAIL: DEBUG(SSSDBG_MINOR_FAILURE, ("Remote back end is not available. Entering offline mode\n")); return ENXIO; default: DEBUG(SSSDBG_OP_FAILURE, ("Unknown return code %d\n", status)); return EIO; } return EOK; } static int get_gr_name(TALLOC_CTX *mem_ctx, struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, const char *name) { TALLOC_CTX *tmpctx; struct group *grp; enum nss_status status; char *buffer = 0; size_t buflen = 0; bool delete_group = false; int ret; gid_t gid; struct ldb_result *cached_grp = NULL; const char *real_name = NULL; DEBUG(SSSDBG_FUNC_DATA, ("Searching group by name (%s)\n", name)); tmpctx = talloc_new(NULL); if (!tmpctx) { return ENOMEM; } grp = talloc(tmpctx, struct group); if (!grp) { ret = ENOMEM; DEBUG(SSSDBG_CRIT_FAILURE, ("proxy -> getgrnam_r failed for '%s': [%d] %s\n", name, ret, strerror(ret))); goto done; } do { /* always zero out the grp structure */ memset(grp, 0, sizeof(struct group)); buffer = grow_group_buffer(tmpctx, &buffer, &buflen); if (!buffer) { ret = ENOMEM; goto done; } status = ctx->ops.getgrnam_r(name, grp, buffer, buflen, &ret); ret = handle_getgr_result(status, grp, dom, &delete_group); } while (ret == EAGAIN); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("getgrnam failed [%d]: %s\n", ret, strerror(ret))); goto done; } gid = grp->gr_gid; /* Canonicalize the group name in case it was actually an alias */ if (ctx->fast_alias == true) { ret = sysdb_getgrgid(tmpctx, sysdb, dom, gid, &cached_grp); if (ret != EOK) { /* Non-fatal, attempt to canonicalize online */ DEBUG(SSSDBG_TRACE_FUNC, ("Request to cache failed [%d]: %s\n", ret, strerror(ret))); } if (ret == EOK && cached_grp->count == 1) { real_name = ldb_msg_find_attr_as_string(cached_grp->msgs[0], SYSDB_NAME, NULL); if (!real_name) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cached group has no name?\n")); } } } if (real_name == NULL) { talloc_zfree(buffer); buflen = 0; do { memset(grp, 0, sizeof(struct group)); buffer = grow_group_buffer(tmpctx, &buffer, &buflen); if (!buffer) { ret = ENOMEM; goto done; } status = ctx->ops.getgrgid_r(gid, grp, buffer, buflen, &ret); ret = handle_getgr_result(status, grp, dom, &delete_group); } while (ret == EAGAIN); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("getgrgid failed [%d]: %s\n", ret, strerror(ret))); goto done; } real_name = grp->gr_name; } if (delete_group) { DEBUG(SSSDBG_TRACE_FUNC, ("Group %s does not exist (or is invalid) on remote server," " deleting!\n", name)); ret = sysdb_delete_group(sysdb, dom, NULL, gid); if (ret == ENOENT) { ret = EOK; } goto done; } ret = save_group(sysdb, dom, grp, real_name, name, dom->group_timeout); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot save group [%d]: %s\n", ret, strerror(ret))); goto done; } done: talloc_zfree(tmpctx); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("proxy -> getgrnam_r failed for '%s' <%d>: %s\n", name, ret, strerror(ret))); } return ret; } /* =Getgrgid-wrapper======================================================*/ static int get_gr_gid(TALLOC_CTX *mem_ctx, struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, gid_t gid, time_t now) { TALLOC_CTX *tmpctx; struct group *grp; enum nss_status status; char *buffer = NULL; size_t buflen = 0; bool delete_group = false; int ret; DEBUG(SSSDBG_TRACE_FUNC, ("Searching group by gid (%"SPRIgid")\n", gid)); tmpctx = talloc_new(mem_ctx); if (!tmpctx) { return ENOMEM; } grp = talloc(tmpctx, struct group); if (!grp) { ret = ENOMEM; goto done; } do { /* always zero out the grp structure */ memset(grp, 0, sizeof(struct group)); buffer = grow_group_buffer(tmpctx, &buffer, &buflen); if (!buffer) { ret = ENOMEM; goto done; } status = ctx->ops.getgrgid_r(gid, grp, buffer, buflen, &ret); ret = handle_getgr_result(status, grp, dom, &delete_group); } while (ret == EAGAIN); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("getgrgid failed [%d]: %s\n", ret, strerror(ret))); goto done; } if (delete_group) { DEBUG(SSSDBG_TRACE_FUNC, ("Group %"SPRIgid" does not exist (or is invalid) on remote " "server, deleting!\n", gid)); ret = sysdb_delete_group(sysdb, dom, NULL, gid); if (ret == ENOENT) { ret = EOK; } goto done; } ret = save_group(sysdb, dom, grp, grp->gr_name, NULL, dom->group_timeout); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot save user [%d]: %s\n", ret, strerror(ret))); goto done; } done: talloc_zfree(tmpctx); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("proxy -> getgrgid_r failed for '%"SPRIgid"' <%d>: %s\n", gid, ret, strerror(ret))); } return ret; } /* =Getgrent-wrapper======================================================*/ static int enum_groups(TALLOC_CTX *mem_ctx, struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom) { TALLOC_CTX *tmpctx; bool in_transaction = false; struct group *grp; enum nss_status status; size_t buflen; char *buffer; char *newbuf; int ret; errno_t sret; bool again; DEBUG(SSSDBG_TRACE_LIBS, ("Enumerating groups\n")); tmpctx = talloc_new(mem_ctx); if (!tmpctx) { return ENOMEM; } grp = talloc(tmpctx, struct group); if (!grp) { ret = ENOMEM; goto done; } buflen = DEFAULT_BUFSIZE; buffer = talloc_size(tmpctx, buflen); if (!buffer) { ret = ENOMEM; goto done; } ret = sysdb_transaction_start(sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; status = ctx->ops.setgrent(); if (status != NSS_STATUS_SUCCESS) { ret = EIO; goto done; } do { again = false; /* always zero out the grp structure */ memset(grp, 0, sizeof(struct group)); /* get entry */ status = ctx->ops.getgrent_r(grp, buffer, buflen, &ret); switch (status) { case NSS_STATUS_TRYAGAIN: /* buffer too small ? */ if (buflen < MAX_BUF_SIZE) { buflen *= 2; } if (buflen > MAX_BUF_SIZE) { buflen = MAX_BUF_SIZE; } newbuf = talloc_realloc_size(tmpctx, buffer, buflen); if (!newbuf) { ret = ENOMEM; goto done; } buffer = newbuf; again = true; break; case NSS_STATUS_NOTFOUND: /* we are done here */ DEBUG(SSSDBG_TRACE_LIBS, ("Enumeration completed.\n")); ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; break; case NSS_STATUS_SUCCESS: DEBUG(SSSDBG_OP_FAILURE, ("Group found (%s, %"SPRIgid")\n", grp->gr_name, grp->gr_gid)); /* gid=0 is an invalid value */ /* also check that the id is in the valid range for this domain */ if (OUT_OF_ID_RANGE(grp->gr_gid, dom->id_min, dom->id_max)) { DEBUG(SSSDBG_OP_FAILURE, ("Group [%s] filtered out! (id" "out of range)\n", grp->gr_name)); again = true; break; } ret = save_group(sysdb, dom, grp, grp->gr_name, NULL, dom->group_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ DEBUG(SSSDBG_OP_FAILURE, ("Failed to store group." "Ignoring\n")); } again = true; break; case NSS_STATUS_UNAVAIL: /* "remote" backend unavailable. Enter offline mode */ ret = ENXIO; break; default: ret = EIO; DEBUG(SSSDBG_OP_FAILURE, ("proxy -> getgrent_r failed (%d)[%s]" "\n", ret, strerror(ret))); break; } } while (again); done: talloc_zfree(tmpctx); if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } ctx->ops.endgrent(); return ret; } /* =Initgroups-wrapper====================================================*/ static int get_initgr_groups_process(TALLOC_CTX *memctx, struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct passwd *pwd); static int get_initgr(TALLOC_CTX *mem_ctx, struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, const char *name) { TALLOC_CTX *tmpctx; bool in_transaction = false; struct passwd *pwd; enum nss_status status; char *buffer; size_t buflen; int ret; errno_t sret; bool del_user; uid_t uid; struct ldb_result *cached_pwd = NULL; const char *real_name = NULL; tmpctx = talloc_new(mem_ctx); if (!tmpctx) { return ENOMEM; } pwd = talloc_zero(tmpctx, struct passwd); if (!pwd) { ret = ENOMEM; goto fail; } buflen = DEFAULT_BUFSIZE; buffer = talloc_size(tmpctx, buflen); if (!buffer) { ret = ENOMEM; goto fail; } ret = sysdb_transaction_start(sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto fail; } in_transaction = true; /* FIXME: should we move this call outside the transaction to keep the * transaction as short as possible ? */ status = ctx->ops.getpwnam_r(name, pwd, buffer, buflen, &ret); ret = handle_getpw_result(status, pwd, dom, &del_user); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("getpwnam failed [%d]: %s\n", ret, strerror(ret))); goto fail; } if (del_user) { ret = delete_user(sysdb, dom, name, 0); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not delete user\n")); goto fail; } goto done; } uid = pwd->pw_uid; memset(buffer, 0, buflen); /* Canonicalize the username in case it was actually an alias */ if (ctx->fast_alias == true) { ret = sysdb_getpwuid(tmpctx, sysdb, dom, uid, &cached_pwd); if (ret != EOK) { /* Non-fatal, attempt to canonicalize online */ DEBUG(SSSDBG_TRACE_FUNC, ("Request to cache failed [%d]: %s\n", ret, strerror(ret))); } if (ret == EOK && cached_pwd->count == 1) { real_name = ldb_msg_find_attr_as_string(cached_pwd->msgs[0], SYSDB_NAME, NULL); if (!real_name) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cached user has no name?\n")); } } } if (real_name == NULL) { memset(buffer, 0, buflen); status = ctx->ops.getpwuid_r(uid, pwd, buffer, buflen, &ret); ret = handle_getpw_result(status, pwd, dom, &del_user); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("getpwuid failed [%d]: %s\n", ret, strerror(ret))); goto done; } real_name = pwd->pw_name; } if (del_user) { ret = delete_user(sysdb, dom, name, uid); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not delete user\n")); goto fail; } goto done; } ret = save_user(sysdb, dom, !dom->case_sensitive, pwd, real_name, name, dom->user_timeout); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not save user\n")); goto fail; } ret = get_initgr_groups_process(tmpctx, ctx, sysdb, dom, pwd); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not process initgroups\n")); goto fail; } done: ret = sysdb_transaction_commit(sysdb); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to commit transaction\n")); goto fail; } in_transaction = false; fail: talloc_zfree(tmpctx); if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } return ret; } static int get_initgr_groups_process(TALLOC_CTX *memctx, struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct passwd *pwd) { enum nss_status status; long int limit; long int size; long int num; long int num_gids; gid_t *gids; int ret; int i; time_t now; num_gids = 0; limit = 4096; num = 4096; size = num*sizeof(gid_t); gids = talloc_size(memctx, size); if (!gids) { return ENOMEM; } /* nss modules may skip the primary group when we pass it in so always add * it in advance */ gids[0] = pwd->pw_gid; num_gids++; /* FIXME: should we move this call outside the transaction to keep the * transaction as short as possible ? */ do { status = ctx->ops.initgroups_dyn(pwd->pw_name, pwd->pw_gid, &num_gids, &num, &gids, limit, &ret); if (status == NSS_STATUS_TRYAGAIN) { /* buffer too small ? */ if (size < MAX_BUF_SIZE) { num *= 2; size = num*sizeof(gid_t); } if (size > MAX_BUF_SIZE) { size = MAX_BUF_SIZE; num = size/sizeof(gid_t); } limit = num; gids = talloc_realloc_size(memctx, gids, size); if (!gids) { return ENOMEM; } } } while(status == NSS_STATUS_TRYAGAIN); switch (status) { case NSS_STATUS_NOTFOUND: DEBUG(SSSDBG_FUNC_DATA, ("The initgroups call returned 'NOTFOUND'. " "Assume the user is only member of its " "primary group (%"SPRIgid")\n", pwd->pw_gid)); /* fall through */ case NSS_STATUS_SUCCESS: DEBUG(SSSDBG_CONF_SETTINGS, ("User [%s] appears to be member of %lu" "groups\n", pwd->pw_name, num_gids)); now = time(NULL); for (i = 0; i < num_gids; i++) { ret = get_gr_gid(memctx, ctx, sysdb, dom, gids[i], now); if (ret) { return ret; } } ret = EOK; break; default: DEBUG(2, ("proxy -> initgroups_dyn failed (%d)[%s]\n", ret, strerror(ret))); ret = EIO; break; } return ret; } /* =Proxy_Id-Functions====================================================*/ void proxy_get_account_info(struct be_req *breq) { struct be_ctx *be_ctx = be_req_get_be_ctx(breq); struct be_acct_req *ar; struct proxy_id_ctx *ctx; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; uid_t uid; gid_t gid; int ret; char *endptr; ar = talloc_get_type(be_req_get_data(breq), struct be_acct_req); ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data, struct proxy_id_ctx); sysdb = be_ctx->domain->sysdb; domain = be_ctx->domain; if (be_is_offline(be_ctx)) { return be_req_terminate(breq, DP_ERR_OFFLINE, EAGAIN, "Offline"); } /* for now we support only core attrs */ if (ar->attr_type != BE_ATTR_CORE) { return be_req_terminate(breq, DP_ERR_FATAL, EINVAL, "Invalid attr type"); } /* proxy provider does not support security ID lookups */ if (ar->filter_type == BE_FILTER_SECID) { return be_req_terminate(breq, DP_ERR_FATAL, ENOSYS, "Invalid filter type"); } switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ switch (ar->filter_type) { case BE_FILTER_ENUM: ret = enum_users(breq, ctx, sysdb, domain); break; case BE_FILTER_NAME: ret = get_pw_name(breq, ctx, sysdb, domain, ar->filter_value); break; case BE_FILTER_IDNUM: uid = (uid_t) strtouint32(ar->filter_value, &endptr, 10); if (errno || *endptr || (ar->filter_value == endptr)) { return be_req_terminate(breq, DP_ERR_FATAL, EINVAL, "Invalid attr type"); } ret = get_pw_uid(breq, ctx, sysdb, domain, uid); break; default: return be_req_terminate(breq, DP_ERR_FATAL, EINVAL, "Invalid filter type"); } break; case BE_REQ_GROUP: /* group */ switch (ar->filter_type) { case BE_FILTER_ENUM: ret = enum_groups(breq, ctx, sysdb, domain); break; case BE_FILTER_NAME: ret = get_gr_name(breq, ctx, sysdb, domain, ar->filter_value); break; case BE_FILTER_IDNUM: gid = (gid_t) strtouint32(ar->filter_value, &endptr, 10); if (errno || *endptr || (ar->filter_value == endptr)) { return be_req_terminate(breq, DP_ERR_FATAL, EINVAL, "Invalid attr type"); } ret = get_gr_gid(breq, ctx, sysdb, domain, gid, 0); break; default: return be_req_terminate(breq, DP_ERR_FATAL, EINVAL, "Invalid filter type"); } break; case BE_REQ_INITGROUPS: /* init groups for user */ if (ar->filter_type != BE_FILTER_NAME) { return be_req_terminate(breq, DP_ERR_FATAL, EINVAL, "Invalid filter type"); } if (ctx->ops.initgroups_dyn == NULL) { return be_req_terminate(breq, DP_ERR_FATAL, ENODEV, "Initgroups call not supported"); } ret = get_initgr(breq, ctx, sysdb, domain, ar->filter_value); break; case BE_REQ_NETGROUP: if (ar->filter_type != BE_FILTER_NAME) { return be_req_terminate(breq, DP_ERR_FATAL, EINVAL, "Invalid filter type"); } if (ctx->ops.setnetgrent == NULL || ctx->ops.getnetgrent_r == NULL || ctx->ops.endnetgrent == NULL) { return be_req_terminate(breq, DP_ERR_FATAL, ENODEV, "Netgroups are not supported"); } ret = get_netgroup(ctx, sysdb, domain, ar->filter_value); break; case BE_REQ_SERVICES: switch (ar->filter_type) { case BE_FILTER_NAME: if (ctx->ops.getservbyname_r == NULL) { return be_req_terminate(breq, DP_ERR_FATAL, ENODEV, "Services are not supported"); } ret = get_serv_byname(ctx, sysdb, domain, ar->filter_value, ar->extra_value); break; case BE_FILTER_IDNUM: if (ctx->ops.getservbyport_r == NULL) { return be_req_terminate(breq, DP_ERR_FATAL, ENODEV, "Services are not supported"); } ret = get_serv_byport(ctx, sysdb, domain, ar->filter_value, ar->extra_value); break; case BE_FILTER_ENUM: if (!ctx->ops.setservent || !ctx->ops.getservent_r || !ctx->ops.endservent) { return be_req_terminate(breq, DP_ERR_FATAL, ENODEV, "Services are not supported"); } ret = enum_services(ctx, sysdb, domain); break; default: return be_req_terminate(breq, DP_ERR_FATAL, EINVAL, "Invalid filter type"); } break; default: /*fail*/ return be_req_terminate(breq, DP_ERR_FATAL, EINVAL, "Invalid request type"); } if (ret) { if (ret == ENXIO) { DEBUG(2, ("proxy returned UNAVAIL error, going offline!\n")); be_mark_offline(be_ctx); } be_req_terminate(breq, DP_ERR_FATAL, ret, NULL); return; } be_req_terminate(breq, DP_ERR_OK, EOK, NULL); } sssd-1.11.5/src/providers/proxy/PaxHeaders.13173/proxy.h0000644000000000000000000000007412320753107021072 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.497875067 sssd-1.11.5/src/providers/proxy/proxy.h0000664002412700241270000001307512320753107021322 0ustar00jhrozekjhrozek00000000000000/* SSSD Proxy provider, private header file Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __PROXY_H__ #define __PROXY_H__ #include #include #include #include #include #include #include #include #include #include "util/util.h" #include "providers/dp_backend.h" #include "db/sysdb.h" #include "sss_client/nss_compat.h" #include struct proxy_nss_ops { enum nss_status (*getpwnam_r)(const char *name, struct passwd *result, char *buffer, size_t buflen, int *errnop); enum nss_status (*getpwuid_r)(uid_t uid, struct passwd *result, char *buffer, size_t buflen, int *errnop); enum nss_status (*setpwent)(void); enum nss_status (*getpwent_r)(struct passwd *result, char *buffer, size_t buflen, int *errnop); enum nss_status (*endpwent)(void); enum nss_status (*getgrnam_r)(const char *name, struct group *result, char *buffer, size_t buflen, int *errnop); enum nss_status (*getgrgid_r)(gid_t gid, struct group *result, char *buffer, size_t buflen, int *errnop); enum nss_status (*setgrent)(void); enum nss_status (*getgrent_r)(struct group *result, char *buffer, size_t buflen, int *errnop); enum nss_status (*endgrent)(void); enum nss_status (*initgroups_dyn)(const char *user, gid_t group, long int *start, long int *size, gid_t **groups, long int limit, int *errnop); enum nss_status (*setnetgrent)(const char *netgroup, struct __netgrent *result); enum nss_status (*getnetgrent_r)(struct __netgrent *result, char *buffer, size_t buflen, int *errnop); enum nss_status (*endnetgrent)(struct __netgrent *result); /* Services */ enum nss_status (*getservbyname_r)(const char *name, const char *protocol, struct servent *result, char *buffer, size_t buflen, int *errnop); enum nss_status (*getservbyport_r)(int port, const char *protocol, struct servent *result, char *buffer, size_t buflen, int *errnop); enum nss_status (*setservent)(void); enum nss_status (*getservent_r)(struct servent *result, char *buffer, size_t buflen, int *errnop); enum nss_status (*endservent)(void); }; struct authtok_conv { struct sss_auth_token *authtok; struct sss_auth_token *newauthtok; bool sent_old; }; struct proxy_id_ctx { struct be_ctx *be; bool fast_alias; struct proxy_nss_ops ops; void *handle; }; struct proxy_auth_ctx { struct be_ctx *be; char *pam_target; uint32_t max_children; uint32_t running; uint32_t next_id; hash_table_t *request_table; struct sbus_connection *sbus_srv; int timeout_ms; }; struct proxy_child_ctx { struct proxy_auth_ctx *auth_ctx; struct be_req *be_req; struct pam_data *pd; uint32_t id; pid_t pid; bool running; struct sbus_connection *conn; struct tevent_timer *timer; struct tevent_req *init_req; }; struct pc_init_ctx { char *command; pid_t pid; struct tevent_timer *timeout; struct tevent_signal *sige; struct proxy_child_ctx *child_ctx; struct sbus_connection *conn; }; #define PROXY_CHILD_PIPE "private/proxy_child" #define DEFAULT_BUFSIZE 4096 #define MAX_BUF_SIZE 1024*1024 /* max 1MiB */ /* From proxy_id.c */ void proxy_get_account_info(struct be_req *breq); /* From proxy_auth.c */ void proxy_pam_handler(struct be_req *req); /* From proxy_netgroup.c */ errno_t get_netgroup(struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, const char *name); errno_t get_serv_byname(struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, const char *name, const char *protocol); errno_t get_serv_byport(struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, const char *be_filter, const char *protocol); errno_t enum_services(struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom); #endif /* __PROXY_H__ */ sssd-1.11.5/src/providers/proxy/PaxHeaders.13173/proxy_netgroup.c0000644000000000000000000000007412320753107023010 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.645874957 sssd-1.11.5/src/providers/proxy/proxy_netgroup.c0000664002412700241270000001412212320753107023232 0ustar00jhrozekjhrozek00000000000000/* SSSD Proxy netgroup handler Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/proxy/proxy.h" #include "util/util.h" #define BUFLEN 1024 #define get_triple_el(s) ((s) ? (s) : "") static errno_t make_netgroup_attr(struct __netgrent netgrent, struct sysdb_attrs *attrs) { int ret; char *dummy; if (netgrent.type == group_val) { ret =sysdb_attrs_add_string(attrs, SYSDB_NETGROUP_MEMBER, netgrent.val.group); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_add_string failed.\n")); return ret; } } else if (netgrent.type == triple_val) { dummy = talloc_asprintf(attrs, "(%s,%s,%s)", get_triple_el(netgrent.val.triple.host), get_triple_el(netgrent.val.triple.user), get_triple_el(netgrent.val.triple.domain)); if (dummy == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); return ENOMEM; } ret = sysdb_attrs_add_string(attrs, SYSDB_NETGROUP_TRIPLE, dummy); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_add_string failed.\n")); return ret; } } else { DEBUG(1, ("Unknown netgrent entry type [%d].\n", netgrent.type)); return EINVAL; } return EOK; } static errno_t save_netgroup(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs, bool lowercase, uint64_t cache_timeout) { errno_t ret; if (lowercase) { ret = sysdb_attrs_add_lc_name_alias(attrs, name); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add name alias\n")); return ret; } } ret = sysdb_add_netgroup(sysdb, domain, name, NULL, attrs, NULL, cache_timeout, 0); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_add_netgroup failed.\n")); return ret; } return EOK; } static errno_t handle_error(enum nss_status status, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name) { errno_t ret; switch (status) { case NSS_STATUS_SUCCESS: DEBUG(SSSDBG_TRACE_INTERNAL, ("Netgroup lookup succeeded\n")); ret = EOK; break; case NSS_STATUS_NOTFOUND: DEBUG(SSSDBG_MINOR_FAILURE, ("The netgroup was not found\n")); ret = sysdb_delete_netgroup(sysdb, domain, name); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot delete netgroup: %d\n", ret)); ret = EIO; } break; case NSS_STATUS_UNAVAIL: DEBUG(SSSDBG_TRACE_LIBS, ("The proxy target did not respond, going offline\n")); ret = ENXIO; break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unexpected error looking up netgroup\n")); ret = EIO; break; } return ret; } errno_t get_netgroup(struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, const char *name) { struct __netgrent result; enum nss_status status; char buffer[BUFLEN]; int ret; TALLOC_CTX *tmp_ctx = NULL; struct sysdb_attrs *attrs; memset(&result, 0, sizeof(result)); status = ctx->ops.setnetgrent(name, &result); if (status != NSS_STATUS_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("setnetgrent failed for netgroup [%s].\n", name)); ret = handle_error(status, sysdb, dom, name); goto done; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new failed.\n")); ret = ENOMEM; goto done; } attrs = sysdb_new_attrs(tmp_ctx); if (attrs == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_new_attrs failed.\n")); ret = ENOMEM; goto done; } do { status = ctx->ops.getnetgrent_r(&result, buffer, BUFLEN, &ret); if (status != NSS_STATUS_SUCCESS && status != NSS_STATUS_RETURN && status != NSS_STATUS_NOTFOUND) { ret = handle_error(status, sysdb, dom, name); DEBUG(SSSDBG_OP_FAILURE, ("getnetgrent_r failed for netgroup [%s]: [%d][%s].\n", name, ret, strerror(ret))); goto done; } if (status == NSS_STATUS_SUCCESS) { ret = make_netgroup_attr(result, attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("make_netgroup_attr failed.\n")); goto done; } } } while (status != NSS_STATUS_RETURN && status != NSS_STATUS_NOTFOUND); status = ctx->ops.endnetgrent(&result); if (status != NSS_STATUS_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("endnetgrent failed.\n")); ret = handle_error(status, sysdb, dom, name); goto done; } ret = save_netgroup(sysdb, dom, name, attrs, !dom->case_sensitive, dom->netgroup_timeout); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_add_netgroup failed.\n")); goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/providers/proxy/PaxHeaders.13173/proxy_init.c0000644000000000000000000000007412320753107022110 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.643874959 sssd-1.11.5/src/providers/proxy/proxy_init.c0000664002412700241270000004275112320753107022343 0ustar00jhrozekjhrozek00000000000000/* SSSD proxy_init.c Authors: Stephen Gallagher Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include "util/sss_format.h" #include "providers/proxy/proxy.h" static int client_registration(DBusMessage *message, struct sbus_connection *conn); static struct sbus_method proxy_methods[] = { { DP_METHOD_REGISTER, client_registration }, { NULL, NULL } }; struct sbus_interface proxy_interface = { DP_INTERFACE, DP_PATH, SBUS_DEFAULT_VTABLE, proxy_methods, NULL }; static void proxy_shutdown(struct be_req *req) { /* TODO: Clean up any internal data */ be_req_terminate(req, DP_ERR_OK, EOK, NULL); } static void proxy_auth_shutdown(struct be_req *req) { struct be_ctx *be_ctx = be_req_get_be_ctx(req); talloc_free(be_ctx->bet_info[BET_AUTH].pvt_bet_data); be_req_terminate(req, DP_ERR_OK, EOK, NULL); } struct bet_ops proxy_id_ops = { .handler = proxy_get_account_info, .finalize = proxy_shutdown, .check_online = NULL }; struct bet_ops proxy_auth_ops = { .handler = proxy_pam_handler, .finalize = proxy_auth_shutdown }; struct bet_ops proxy_access_ops = { .handler = proxy_pam_handler, .finalize = proxy_auth_shutdown }; struct bet_ops proxy_chpass_ops = { .handler = proxy_pam_handler, .finalize = proxy_auth_shutdown }; static void *proxy_dlsym(void *handle, const char *functemp, char *libname) { char *funcname; void *funcptr; funcname = talloc_asprintf(NULL, functemp, libname); if (funcname == NULL) return NULL; funcptr = dlsym(handle, funcname); talloc_free(funcname); return funcptr; } int sssm_proxy_id_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { struct proxy_id_ctx *ctx; char *libname; char *libpath; int ret; ctx = talloc_zero(bectx, struct proxy_id_ctx); if (!ctx) { return ENOMEM; } ctx->be = bectx; ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, CONFDB_PROXY_LIBNAME, NULL, &libname); if (ret != EOK) goto done; if (libname == NULL) { ret = ENOENT; goto done; } ret = confdb_get_bool(bectx->cdb, bectx->conf_path, CONFDB_PROXY_FAST_ALIAS, false, &ctx->fast_alias); if (ret != EOK) goto done; libpath = talloc_asprintf(ctx, "libnss_%s.so.2", libname); if (!libpath) { ret = ENOMEM; goto done; } ctx->handle = dlopen(libpath, RTLD_NOW); if (!ctx->handle) { DEBUG(0, ("Unable to load %s module with path, error: %s\n", libpath, dlerror())); ret = ELIBACC; goto done; } ctx->ops.getpwnam_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwnam_r", libname); if (!ctx->ops.getpwnam_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); ret = ELIBBAD; goto done; } ctx->ops.getpwuid_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwuid_r", libname); if (!ctx->ops.getpwuid_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); ret = ELIBBAD; goto done; } ctx->ops.setpwent = proxy_dlsym(ctx->handle, "_nss_%s_setpwent", libname); if (!ctx->ops.setpwent) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); ret = ELIBBAD; goto done; } ctx->ops.getpwent_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwent_r", libname); if (!ctx->ops.getpwent_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); ret = ELIBBAD; goto done; } ctx->ops.endpwent = proxy_dlsym(ctx->handle, "_nss_%s_endpwent", libname); if (!ctx->ops.endpwent) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); ret = ELIBBAD; goto done; } ctx->ops.getgrnam_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrnam_r", libname); if (!ctx->ops.getgrnam_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); ret = ELIBBAD; goto done; } ctx->ops.getgrgid_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrgid_r", libname); if (!ctx->ops.getgrgid_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); ret = ELIBBAD; goto done; } ctx->ops.setgrent = proxy_dlsym(ctx->handle, "_nss_%s_setgrent", libname); if (!ctx->ops.setgrent) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); ret = ELIBBAD; goto done; } ctx->ops.getgrent_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrent_r", libname); if (!ctx->ops.getgrent_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); ret = ELIBBAD; goto done; } ctx->ops.endgrent = proxy_dlsym(ctx->handle, "_nss_%s_endgrent", libname); if (!ctx->ops.endgrent) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); ret = ELIBBAD; goto done; } ctx->ops.initgroups_dyn = proxy_dlsym(ctx->handle, "_nss_%s_initgroups_dyn", libname); if (!ctx->ops.initgroups_dyn) { DEBUG(1, ("The '%s' library does not provides the " "_nss_XXX_initgroups_dyn function!\n" "initgroups will be slow as it will require " "full groups enumeration!\n", libname)); } ctx->ops.setnetgrent = proxy_dlsym(ctx->handle, "_nss_%s_setnetgrent", libname); if (!ctx->ops.setnetgrent) { DEBUG(0, ("Failed to load _nss_%s_setnetgrent, error: %s. " "The library does not support netgroups.\n", libname, dlerror())); } ctx->ops.getnetgrent_r = proxy_dlsym(ctx->handle, "_nss_%s_getnetgrent_r", libname); if (!ctx->ops.getgrent_r) { DEBUG(0, ("Failed to load _nss_%s_getnetgrent_r, error: %s. " "The library does not support netgroups.\n", libname, dlerror())); } ctx->ops.endnetgrent = proxy_dlsym(ctx->handle, "_nss_%s_endnetgrent", libname); if (!ctx->ops.endnetgrent) { DEBUG(0, ("Failed to load _nss_%s_endnetgrent, error: %s. " "The library does not support netgroups.\n", libname, dlerror())); } ctx->ops.getservbyname_r = proxy_dlsym(ctx->handle, "_nss_%s_getservbyname_r", libname); if (!ctx->ops.getservbyname_r) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to load _nss_%s_getservbyname_r, error: %s. " "The library does not support services.\n", libname, dlerror())); } ctx->ops.getservbyport_r = proxy_dlsym(ctx->handle, "_nss_%s_getservbyport_r", libname); if (!ctx->ops.getservbyport_r) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to load _nss_%s_getservbyport_r, error: %s. " "The library does not support services.\n", libname, dlerror())); } ctx->ops.setservent = proxy_dlsym(ctx->handle, "_nss_%s_setservent", libname); if (!ctx->ops.setservent) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to load _nss_%s_setservent, error: %s. " "The library does not support services.\n", libname, dlerror())); } ctx->ops.getservent_r = proxy_dlsym(ctx->handle, "_nss_%s_getservent_r", libname); if (!ctx->ops.getservent_r) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to load _nss_%s_getservent_r, error: %s. " "The library does not support services.\n", libname, dlerror())); } ctx->ops.endservent = proxy_dlsym(ctx->handle, "_nss_%s_endservent", libname); if (!ctx->ops.endservent) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to load _nss_%s_endservent, error: %s. " "The library does not support services.\n", libname, dlerror())); } *ops = &proxy_id_ops; *pvt_data = ctx; ret = EOK; done: if (ret != EOK) { talloc_free(ctx); } return ret; } struct proxy_client { struct proxy_auth_ctx *proxy_auth_ctx; struct sbus_connection *conn; struct tevent_timer *timeout; bool initialized; }; static void init_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr); static int proxy_client_init(struct sbus_connection *conn, void *data) { struct proxy_auth_ctx *proxy_auth_ctx; struct proxy_client *proxy_cli; struct timeval tv; proxy_auth_ctx = talloc_get_type(data, struct proxy_auth_ctx); /* hang off this memory to the connection so that when the connection * is freed we can potentially call a destructor */ proxy_cli = talloc_zero(conn, struct proxy_client); if (!proxy_cli) { DEBUG(0,("Out of memory?!\n")); talloc_zfree(conn); return ENOMEM; } proxy_cli->proxy_auth_ctx = proxy_auth_ctx; proxy_cli->conn = conn; proxy_cli->initialized = false; /* 5 seconds should be plenty */ tv = tevent_timeval_current_ofs(5, 0); proxy_cli->timeout = tevent_add_timer(proxy_auth_ctx->be->ev, proxy_cli, tv, init_timeout, proxy_cli); if (!proxy_cli->timeout) { DEBUG(0,("Out of memory?!\n")); talloc_zfree(conn); return ENOMEM; } DEBUG(4, ("Set-up proxy client ID timeout [%p]\n", proxy_cli->timeout)); /* Attach the client context to the connection context, so that it is * always available when we need to manage the connection. */ sbus_conn_set_private_data(conn, proxy_cli); return EOK; } static void init_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { struct proxy_client *proxy_cli; DEBUG(2, ("Client timed out before Identification [%p]!\n", te)); proxy_cli = talloc_get_type(ptr, struct proxy_client); sbus_disconnect(proxy_cli->conn); talloc_zfree(proxy_cli); /* If we time out here, we will also time out to * pc_init_timeout(), so we'll finish the request * there. */ } static int client_registration(DBusMessage *message, struct sbus_connection *conn) { dbus_uint16_t version = DATA_PROVIDER_VERSION; struct proxy_client *proxy_cli; DBusMessage *reply; DBusError dbus_error; dbus_uint16_t cli_ver; uint32_t cli_id; dbus_bool_t dbret; void *data; int hret; hash_key_t key; hash_value_t value; struct tevent_req *req; struct proxy_child_ctx *child_ctx; struct pc_init_ctx *init_ctx; data = sbus_conn_get_private_data(conn); proxy_cli = talloc_get_type(data, struct proxy_client); if (!proxy_cli) { DEBUG(0, ("Connection holds no valid init data\n")); return EINVAL; } /* First thing, cancel the timeout */ DEBUG(4, ("Cancel proxy client ID timeout [%p]\n", proxy_cli->timeout)); talloc_zfree(proxy_cli->timeout); dbus_error_init(&dbus_error); dbret = dbus_message_get_args(message, &dbus_error, DBUS_TYPE_UINT16, &cli_ver, DBUS_TYPE_UINT32, &cli_id, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(1, ("Failed to parse message, killing connection\n")); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); sbus_disconnect(conn); /* FIXME: should we just talloc_zfree(conn) ? */ return EIO; } DEBUG(SSSDBG_FUNC_DATA, ("Proxy client [%"PRIu32"] connected\n", cli_id)); /* Check the hash table */ key.type = HASH_KEY_ULONG; key.ul = cli_id; if (!hash_has_key(proxy_cli->proxy_auth_ctx->request_table, &key)) { DEBUG(1, ("Unknown child ID. Killing the connection\n")); sbus_disconnect(proxy_cli->conn); return EIO; } /* reply that all is ok */ reply = dbus_message_new_method_return(message); if (!reply) { DEBUG(0, ("Dbus Out of memory!\n")); return ENOMEM; } dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &version, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(0, ("Failed to build dbus reply\n")); dbus_message_unref(reply); sbus_disconnect(conn); return EIO; } /* send reply back */ sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); hret = hash_lookup(proxy_cli->proxy_auth_ctx->request_table, &key, &value); if (hret != HASH_SUCCESS) { DEBUG(1, ("Hash error [%d][%s]\n", hret, hash_error_string(hret))); sbus_disconnect(conn); } /* Signal that the child is up and ready to receive the request */ req = talloc_get_type(value.ptr, struct tevent_req); child_ctx = tevent_req_data(req, struct proxy_child_ctx); if (!child_ctx->running) { /* This should hopefully be impossible, but protect * against it anyway. If we're not marked running, then * the init_req will be NULL below and things will * break. */ DEBUG(1, ("Client connection from a request " "that's not marked as running\n")); return EIO; } init_ctx = tevent_req_data(child_ctx->init_req, struct pc_init_ctx); init_ctx->conn = conn; tevent_req_done(child_ctx->init_req); child_ctx->init_req = NULL; return EOK; } int sssm_proxy_auth_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { struct proxy_auth_ctx *ctx; int ret; int hret; char *sbus_address; /* If we're already set up, just return that */ if(bectx->bet_info[BET_AUTH].mod_name && strcmp("proxy", bectx->bet_info[BET_AUTH].mod_name) == 0) { DEBUG(8, ("Re-using proxy_auth_ctx for this provider\n")); *ops = bectx->bet_info[BET_AUTH].bet_ops; *pvt_data = bectx->bet_info[BET_AUTH].pvt_bet_data; return EOK; } ctx = talloc_zero(bectx, struct proxy_auth_ctx); if (!ctx) { return ENOMEM; } ctx->be = bectx; ctx->timeout_ms = SSS_CLI_SOCKET_TIMEOUT/4; ctx->next_id = 1; ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path, CONFDB_PROXY_PAM_TARGET, NULL, &ctx->pam_target); if (ret != EOK) goto done; if (!ctx->pam_target) { DEBUG(1, ("Missing option proxy_pam_target.\n")); ret = EINVAL; goto done; } sbus_address = talloc_asprintf(ctx, "unix:path=%s/%s_%s", PIPE_PATH, PROXY_CHILD_PIPE, bectx->domain->name); if (sbus_address == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } ret = sbus_new_server(ctx, bectx->ev, sbus_address, &proxy_interface, false, &ctx->sbus_srv, proxy_client_init, ctx); if (ret != EOK) { DEBUG(0, ("Could not set up sbus server.\n")); goto done; } /* Set up request hash table */ /* FIXME: get max_children from configuration file */ ctx->max_children = 10; hret = hash_create(ctx->max_children * 2, &ctx->request_table, NULL, NULL); if (hret != HASH_SUCCESS) { DEBUG(0, ("Could not initialize request table\n")); ret = EIO; goto done; } *ops = &proxy_auth_ops; *pvt_data = ctx; done: if (ret != EOK) { talloc_free(ctx); } return ret; } int sssm_proxy_access_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret; ret = sssm_proxy_auth_init(bectx, ops, pvt_data); *ops = &proxy_access_ops; return ret; } int sssm_proxy_chpass_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret; ret = sssm_proxy_auth_init(bectx, ops, pvt_data); *ops = &proxy_chpass_ops; return ret; } sssd-1.11.5/src/providers/proxy/PaxHeaders.13173/proxy_child.c0000644000000000000000000000007412320753107022230 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.735874891 sssd-1.11.5/src/providers/proxy/proxy_child.c0000664002412700241270000004237012320753107022460 0ustar00jhrozekjhrozek00000000000000/* SSSD Pam Proxy Child Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "popt.h" #include "util/util.h" #include "confdb/confdb.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "providers/proxy/proxy.h" #include "providers/dp_backend.h" static int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn); struct sbus_method pc_methods[] = { { DP_METHOD_PAMHANDLER, pc_pam_handler }, { NULL, NULL } }; struct sbus_interface pc_interface = { DP_INTERFACE, DP_PATH, SBUS_DEFAULT_VTABLE, pc_methods, NULL }; struct pc_ctx { struct tevent_context *ev; struct confdb_ctx *cdb; struct sss_domain_info *domain; const char *identity; const char *conf_path; struct sbus_connection *mon_conn; struct sbus_connection *conn; const char *pam_target; uint32_t id; }; static int proxy_internal_conv(int num_msg, const struct pam_message **msgm, struct pam_response **response, void *appdata_ptr) { int i; struct pam_response *reply; struct authtok_conv *auth_data; const char *password; size_t pwlen; errno_t ret; auth_data = talloc_get_type(appdata_ptr, struct authtok_conv); if (num_msg <= 0) return PAM_CONV_ERR; reply = (struct pam_response *) calloc(num_msg, sizeof(struct pam_response)); if (reply == NULL) return PAM_CONV_ERR; for (i=0; i < num_msg; i++) { switch( msgm[i]->msg_style ) { case PAM_PROMPT_ECHO_OFF: DEBUG(4, ("Conversation message: [%s]\n", msgm[i]->msg)); reply[i].resp_retcode = 0; ret = sss_authtok_get_password(auth_data->authtok, &password, &pwlen); if (ret) goto failed; reply[i].resp = calloc(pwlen + 1, sizeof(char)); if (reply[i].resp == NULL) goto failed; memcpy(reply[i].resp, password, pwlen + 1); break; default: DEBUG(1, ("Conversation style %d not supported.\n", msgm[i]->msg_style)); goto failed; } } *response = reply; reply = NULL; return PAM_SUCCESS; failed: free(reply); return PAM_CONV_ERR; } static int proxy_chauthtok_conv(int num_msg, const struct pam_message **msgm, struct pam_response **response, void *appdata_ptr) { int i; struct pam_response *reply; struct authtok_conv *auth_data; const char *password; size_t pwlen; errno_t ret; auth_data = talloc_get_type(appdata_ptr, struct authtok_conv); if (num_msg <= 0) return PAM_CONV_ERR; reply = (struct pam_response *) calloc(num_msg, sizeof(struct pam_response)); if (reply == NULL) return PAM_CONV_ERR; for (i=0; i < num_msg; i++) { switch( msgm[i]->msg_style ) { case PAM_PROMPT_ECHO_OFF: DEBUG(4, ("Conversation message: [%s]\n", msgm[i]->msg)); reply[i].resp_retcode = 0; if (!auth_data->sent_old) { /* The first prompt will be asking for the old authtok */ ret = sss_authtok_get_password(auth_data->authtok, &password, &pwlen); if (ret) goto failed; reply[i].resp = calloc(pwlen + 1, sizeof(char)); if (reply[i].resp == NULL) goto failed; memcpy(reply[i].resp, password, pwlen + 1); auth_data->sent_old = true; } else { /* Subsequent prompts are looking for the new authtok */ ret = sss_authtok_get_password(auth_data->newauthtok, &password, &pwlen); if (ret) goto failed; reply[i].resp = calloc(pwlen + 1, sizeof(char)); if (reply[i].resp == NULL) goto failed; memcpy(reply[i].resp, password, pwlen + 1); auth_data->sent_old = true; } break; default: DEBUG(1, ("Conversation style %d not supported.\n", msgm[i]->msg_style)); goto failed; } } *response = reply; reply = NULL; return PAM_SUCCESS; failed: free(reply); return PAM_CONV_ERR; } static errno_t call_pam_stack(const char *pam_target, struct pam_data *pd) { int ret; int pam_status; pam_handle_t *pamh=NULL; struct authtok_conv *auth_data; struct pam_conv conv; if (pd->cmd == SSS_PAM_CHAUTHTOK) { conv.conv=proxy_chauthtok_conv; } else { conv.conv=proxy_internal_conv; } auth_data = talloc_zero(pd, struct authtok_conv); if (auth_data == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); return ENOMEM; } auth_data->authtok = sss_authtok_new(auth_data); if (auth_data->authtok == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_authtok_new failed.\n")); ret = ENOMEM; goto fail; } auth_data->newauthtok = sss_authtok_new(auth_data); if (auth_data->newauthtok == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_authtok_new failed.\n")); ret = ENOMEM; goto fail; } conv.appdata_ptr=auth_data; ret = pam_start(pam_target, pd->user, &conv, &pamh); if (ret == PAM_SUCCESS) { DEBUG(7, ("Pam transaction started with service name [%s].\n", pam_target)); ret = pam_set_item(pamh, PAM_TTY, pd->tty); if (ret != PAM_SUCCESS) { DEBUG(1, ("Setting PAM_TTY failed: %s.\n", pam_strerror(pamh, ret))); } ret = pam_set_item(pamh, PAM_RUSER, pd->ruser); if (ret != PAM_SUCCESS) { DEBUG(1, ("Setting PAM_RUSER failed: %s.\n", pam_strerror(pamh, ret))); } ret = pam_set_item(pamh, PAM_RHOST, pd->rhost); if (ret != PAM_SUCCESS) { DEBUG(1, ("Setting PAM_RHOST failed: %s.\n", pam_strerror(pamh, ret))); } switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: sss_authtok_copy(pd->authtok, auth_data->authtok); pam_status = pam_authenticate(pamh, 0); break; case SSS_PAM_SETCRED: pam_status=pam_setcred(pamh, 0); break; case SSS_PAM_ACCT_MGMT: pam_status=pam_acct_mgmt(pamh, 0); break; case SSS_PAM_OPEN_SESSION: pam_status=pam_open_session(pamh, 0); break; case SSS_PAM_CLOSE_SESSION: pam_status=pam_close_session(pamh, 0); break; case SSS_PAM_CHAUTHTOK: sss_authtok_copy(pd->authtok, auth_data->authtok); if (pd->priv != 1) { pam_status = pam_authenticate(pamh, 0); auth_data->sent_old = false; if (pam_status != PAM_SUCCESS) break; } sss_authtok_copy(pd->newauthtok, auth_data->newauthtok); pam_status = pam_chauthtok(pamh, 0); break; case SSS_PAM_CHAUTHTOK_PRELIM: if (pd->priv != 1) { sss_authtok_copy(pd->authtok, auth_data->authtok); pam_status = pam_authenticate(pamh, 0); } else { pam_status = PAM_SUCCESS; } break; default: DEBUG(1, ("unknown PAM call\n")); pam_status=PAM_ABORT; } DEBUG(4, ("Pam result: [%d][%s]\n", pam_status, pam_strerror(pamh, pam_status))); ret = pam_end(pamh, pam_status); if (ret != PAM_SUCCESS) { pamh=NULL; DEBUG(1, ("Cannot terminate pam transaction.\n")); } } else { DEBUG(1, ("Failed to initialize pam transaction.\n")); pam_status = PAM_SYSTEM_ERR; } pd->pam_status = pam_status; return EOK; fail: talloc_free(auth_data); return ret; } static int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn) { DBusError dbus_error; DBusMessage *reply; struct pc_ctx *pc_ctx; errno_t ret; void *user_data; struct pam_data *pd = NULL; user_data = sbus_conn_get_private_data(conn); if (!user_data) { ret = EINVAL; goto done; } pc_ctx = talloc_get_type(user_data, struct pc_ctx); if (!pc_ctx) { ret = EINVAL; goto done; } reply = dbus_message_new_method_return(message); if (!reply) { DEBUG(1, ("dbus_message_new_method_return failed, " "cannot send reply.\n")); ret = ENOMEM; goto done; } dbus_error_init(&dbus_error); ret = dp_unpack_pam_request(message, pc_ctx, &pd, &dbus_error); if (!ret) { DEBUG(1,("Failed, to parse message!\n")); ret = EIO; goto done; } pd->pam_status = PAM_SYSTEM_ERR; pd->domain = talloc_strdup(pd, pc_ctx->domain->name); if (pd->domain == NULL) { talloc_free(pd); ret = ENOMEM; goto done; } DEBUG(4, ("Got request with the following data\n")); DEBUG_PAM_DATA(4, pd); ret = call_pam_stack(pc_ctx->pam_target, pd); if (ret != EOK) { DEBUG(1, ("call_pam_stack failed.\n")); } DEBUG(4, ("Sending result [%d][%s]\n", pd->pam_status, pd->domain)); ret = dp_pack_pam_response(reply, pd); if (!ret) { DEBUG(1, ("Failed to generate dbus reply\n")); talloc_free(pd); dbus_message_unref(reply); ret = EIO; goto done; } sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); talloc_free(pd); /* We'll return the message and let the * parent process kill us. */ return EOK; done: exit(ret); } int proxy_child_send_id(struct sbus_connection *conn, uint16_t version, uint32_t id); static int proxy_cli_init(struct pc_ctx *ctx) { char *sbus_address; int ret; sbus_address = talloc_asprintf(ctx, "unix:path=%s/%s_%s", PIPE_PATH, PROXY_CHILD_PIPE, ctx->domain->name); if (sbus_address == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); return ENOMEM; } ret = sbus_client_init(ctx, ctx->ev, sbus_address, &pc_interface, &ctx->conn, NULL, ctx); if (ret != EOK) { DEBUG(1, ("sbus_client_init failed.\n")); return ret; } ret = proxy_child_send_id(ctx->conn, DATA_PROVIDER_VERSION, ctx->id); if (ret != EOK) { DEBUG(0, ("dp_common_send_id failed.\n")); return ret; } return EOK; } int proxy_child_send_id(struct sbus_connection *conn, uint16_t version, uint32_t id) { DBusMessage *msg; dbus_bool_t ret; int retval; /* create the message */ msg = dbus_message_new_method_call(NULL, DP_PATH, DP_INTERFACE, DP_METHOD_REGISTER); if (msg == NULL) { DEBUG(0, ("Out of memory?!\n")); return ENOMEM; } DEBUG(SSSDBG_FUNC_DATA, ("Sending ID to Proxy Backend: (%d,%"PRIu32")\n", version, id)); ret = dbus_message_append_args(msg, DBUS_TYPE_UINT16, &version, DBUS_TYPE_UINT32, &id, DBUS_TYPE_INVALID); if (!ret) { DEBUG(1, ("Failed to build message\n")); return EIO; } retval = sbus_conn_send(conn, msg, 30000, dp_id_callback, NULL, NULL); dbus_message_unref(msg); return retval; } int proxy_child_process_init(TALLOC_CTX *mem_ctx, const char *domain, struct tevent_context *ev, struct confdb_ctx *cdb, const char *pam_target, uint32_t id) { struct pc_ctx *ctx; int ret; ctx = talloc_zero(mem_ctx, struct pc_ctx); if (!ctx) { DEBUG(0, ("fatal error initializing pc_ctx\n")); return ENOMEM; } ctx->ev = ev; ctx->cdb = cdb; ctx->pam_target = talloc_steal(ctx, pam_target); ctx->id = id; ctx->conf_path = talloc_asprintf(ctx, CONFDB_DOMAIN_PATH_TMPL, domain); if (!ctx->conf_path) { DEBUG(0, ("Out of memory!?\n")); return ENOMEM; } ret = confdb_get_domain(cdb, domain, &ctx->domain); if (ret != EOK) { DEBUG(0, ("fatal error retrieving domain configuration\n")); return ret; } ret = proxy_cli_init(ctx); if (ret != EOK) { DEBUG(0, ("fatal error setting up server bus\n")); return ret; } return EOK; } int main(int argc, const char *argv[]) { int opt; poptContext pc; char *domain = NULL; char *srv_name = NULL; char *conf_entry = NULL; struct main_context *main_ctx; int ret; long id; char *pam_target = NULL; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS {"domain", 0, POPT_ARG_STRING, &domain, 0, _("Domain of the information provider (mandatory)"), NULL }, {"id", 0, POPT_ARG_LONG, &id, 0, _("Child identifier (mandatory)"), NULL }, POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } if (domain == NULL) { fprintf(stderr, "\nMissing option, " "--domain is a mandatory option.\n\n"); poptPrintUsage(pc, stderr, 0); return 1; } if (id == 0) { fprintf(stderr, "\nMissing option, " "--id is a mandatory option.\n\n"); poptPrintUsage(pc, stderr, 0); return 1; } poptFreeContext(pc); DEBUG_INIT(debug_level); /* set up things like debug , signals, daemonization, etc... */ debug_log_file = talloc_asprintf(NULL, "proxy_child_%s", domain); if (!debug_log_file) return 2; srv_name = talloc_asprintf(NULL, "sssd[proxy_child[%s]]", domain); if (!srv_name) return 2; conf_entry = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, domain); if (!conf_entry) return 2; ret = server_setup(srv_name, 0, conf_entry, &main_ctx); if (ret != EOK) { DEBUG(0, ("Could not set up mainloop [%d]\n", ret)); return 2; } ret = unsetenv("_SSS_LOOPS"); if (ret != EOK) { DEBUG(1, ("Failed to unset _SSS_LOOPS, " "pam modules might not work as expected.\n")); } ret = confdb_get_string(main_ctx->confdb_ctx, main_ctx, conf_entry, CONFDB_PROXY_PAM_TARGET, NULL, &pam_target); if (ret != EOK) { DEBUG(0, ("Error reading from confdb (%d) [%s]\n", ret, strerror(ret))); return 4; } if (pam_target == NULL) { DEBUG(1, ("Missing option proxy_pam_target.\n")); return 4; } ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ DEBUG(2, ("Could not set up to exit when parent process does\n")); } ret = proxy_child_process_init(main_ctx, domain, main_ctx->event_ctx, main_ctx->confdb_ctx, pam_target, (uint32_t)id); if (ret != EOK) { DEBUG(0, ("Could not initialize proxy child [%d].\n", ret)); return 3; } DEBUG(1, ("Proxy child for domain [%s] started!\n", domain)); /* loop on main */ server_loop(main_ctx); return 0; } sssd-1.11.5/src/providers/proxy/PaxHeaders.13173/proxy_auth.c0000644000000000000000000000007412320753107022106 xustar000000000000000030 atime=1396954939.268891429 30 ctime=1396954961.647874956 sssd-1.11.5/src/providers/proxy/proxy_auth.c0000664002412700241270000006441412320753107022341 0ustar00jhrozekjhrozek00000000000000/* SSSD proxy_auth.c Authors: Stephen Gallagher Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/proxy/proxy.h" struct proxy_client_ctx { struct be_req *be_req; struct proxy_auth_ctx *auth_ctx; }; static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, struct proxy_auth_ctx *ctx, struct be_req *be_req); static void proxy_child_done(struct tevent_req *child_req); void proxy_pam_handler(struct be_req *req) { struct be_ctx *be_ctx = be_req_get_be_ctx(req); struct pam_data *pd; struct proxy_auth_ctx *ctx; struct tevent_req *child_req = NULL; struct proxy_client_ctx *client_ctx; pd = talloc_get_type(be_req_get_data(req), struct pam_data); switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: ctx = talloc_get_type(be_ctx->bet_info[BET_AUTH].pvt_bet_data, struct proxy_auth_ctx); break; case SSS_PAM_CHAUTHTOK: case SSS_PAM_CHAUTHTOK_PRELIM: ctx = talloc_get_type(be_ctx->bet_info[BET_CHPASS].pvt_bet_data, struct proxy_auth_ctx); break; case SSS_PAM_ACCT_MGMT: ctx = talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data, struct proxy_auth_ctx); break; case SSS_PAM_SETCRED: case SSS_PAM_OPEN_SESSION: case SSS_PAM_CLOSE_SESSION: pd->pam_status = PAM_SUCCESS; be_req_terminate(req, DP_ERR_OK, EOK, NULL); return; default: DEBUG(1, ("Unsupported PAM task.\n")); pd->pam_status = PAM_MODULE_UNKNOWN; be_req_terminate(req, DP_ERR_OK, EINVAL, "Unsupported PAM task"); return; } client_ctx = talloc(req, struct proxy_client_ctx); if (client_ctx == NULL) { be_req_terminate(req, DP_ERR_FATAL, ENOMEM, NULL); return; } client_ctx->auth_ctx = ctx; client_ctx->be_req = req; /* Queue the request and spawn a child if there * is an available slot. */ child_req = proxy_child_send(req, ctx, req); if (child_req == NULL) { /* Could not queue request * Return an error */ be_req_terminate(req, DP_ERR_FATAL, EINVAL, "Could not queue request\n"); return; } tevent_req_set_callback(child_req, proxy_child_done, client_ctx); return; } struct pc_init_ctx; static int proxy_child_destructor(TALLOC_CTX *ctx) { struct proxy_child_ctx *child_ctx = talloc_get_type(ctx, struct proxy_child_ctx); hash_key_t key; int hret; DEBUG(8, ("Removing proxy child id [%d]\n", child_ctx->id)); key.type = HASH_KEY_ULONG; key.ul = child_ctx->id; hret = hash_delete(child_ctx->auth_ctx->request_table, &key); if (!(hret == HASH_SUCCESS || hret == HASH_ERROR_KEY_NOT_FOUND)) { DEBUG(1, ("Hash error [%d][%s]\n", hret, hash_error_string(hret))); /* Nothing we can do about this, so just continue */ } return 0; } static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx, struct proxy_child_ctx *child_ctx, struct proxy_auth_ctx *auth_ctx); static void proxy_child_init_done(struct tevent_req *subreq); static struct tevent_req *proxy_child_send(TALLOC_CTX *mem_ctx, struct proxy_auth_ctx *auth_ctx, struct be_req *be_req) { struct tevent_req *req; struct tevent_req *subreq; struct proxy_child_ctx *state; int hret; hash_key_t key; hash_value_t value; uint32_t first; req = tevent_req_create(mem_ctx, &state, struct proxy_child_ctx); if (req == NULL) { DEBUG(1, ("Could not send PAM request to child\n")); return NULL; } state->be_req = be_req; state->auth_ctx = auth_ctx; state->pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); /* Find an available key */ key.type = HASH_KEY_ULONG; key.ul = auth_ctx->next_id; first = auth_ctx->next_id; while (auth_ctx->next_id == 0 || hash_has_key(auth_ctx->request_table, &key)) { /* Handle overflow, zero is a reserved value * Also handle the unlikely case where the next ID * is still awaiting being run */ auth_ctx->next_id++; key.ul = auth_ctx->next_id; if (auth_ctx->next_id == first) { /* We've looped through all possible integers! */ DEBUG(0, ("Serious error: queue is too long!\n")); talloc_zfree(req); return NULL; } } state->id = auth_ctx->next_id; auth_ctx->next_id++; value.type = HASH_VALUE_PTR; value.ptr = req; DEBUG(SSSDBG_TRACE_INTERNAL, ("Queueing request [%lu]\n", key.ul)); hret = hash_enter(auth_ctx->request_table, &key, &value); if (hret != HASH_SUCCESS) { DEBUG(1, ("Could not add request to the queue\n")); talloc_zfree(req); return NULL; } talloc_set_destructor((TALLOC_CTX *) state, proxy_child_destructor); if (auth_ctx->running < auth_ctx->max_children) { /* There's an available slot; start a child * to handle the request */ auth_ctx->running++; subreq = proxy_child_init_send(auth_ctx, state, auth_ctx); if (!subreq) { DEBUG(1, ("Could not fork child process\n")); auth_ctx->running--; talloc_zfree(req); return NULL; } tevent_req_set_callback(subreq, proxy_child_init_done, req); state->running = true; } else { /* If there was no available slot, it will be queued * until a slot is available */ DEBUG(8, ("All available child slots are full, queuing request\n")); } return req; } static int pc_init_destructor (TALLOC_CTX *ctx) { struct pc_init_ctx *init_ctx = talloc_get_type(ctx, struct pc_init_ctx); /* If the init request has died, forcibly kill the child */ kill(init_ctx->pid, SIGKILL); return 0; } static void pc_init_sig_handler(struct tevent_context *ev, struct tevent_signal *sige, int signum, int count, void *__siginfo, void *pvt); static void pc_init_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr); static struct tevent_req *proxy_child_init_send(TALLOC_CTX *mem_ctx, struct proxy_child_ctx *child_ctx, struct proxy_auth_ctx *auth_ctx) { struct tevent_req *req; struct pc_init_ctx *state; char **proxy_child_args; struct timeval tv; errno_t ret; pid_t pid; req = tevent_req_create(mem_ctx, &state, struct pc_init_ctx); if (req == NULL) { DEBUG(1, ("Could not create tevent_req\n")); return NULL; } state->child_ctx = child_ctx; state->command = talloc_asprintf(req, "%s/proxy_child -d %#.4x --debug-timestamps=%d " "--debug-microseconds=%d%s --domain %s --id %d", SSSD_LIBEXEC_PATH, debug_level, debug_timestamps, debug_microseconds, (debug_to_file ? " --debug-to-files" : ""), auth_ctx->be->domain->name, child_ctx->id); if (state->command == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); return NULL; } DEBUG(7, ("Starting proxy child with args [%s]\n", state->command)); pid = fork(); if (pid < 0) { ret = errno; DEBUG(1, ("fork failed [%d][%s].\n", ret, strerror(ret))); talloc_zfree(req); return NULL; } if (pid == 0) { /* child */ proxy_child_args = parse_args(state->command); execvp(proxy_child_args[0], proxy_child_args); ret = errno; DEBUG(0, ("Could not start proxy child [%s]: [%d][%s].\n", state->command, ret, strerror(ret))); _exit(1); } else { /* parent */ state->pid = pid; /* Make sure to kill the child process if we abort */ talloc_set_destructor((TALLOC_CTX *)state, pc_init_destructor); state->sige = tevent_add_signal(auth_ctx->be->ev, req, SIGCHLD, SA_SIGINFO, pc_init_sig_handler, req); if (state->sige == NULL) { DEBUG(1, ("tevent_add_signal failed.\n")); talloc_zfree(req); return NULL; } /* Save the init request to the child context. * This is technically a layering violation, * but it's the only sane way to be able to * identify which client is which when it * connects to the backend in * client_registration() */ child_ctx->init_req = req; /* Wait six seconds for the child to connect * This is because the connection handler will add * its own five-second timeout, and we don't want to * be faster here. */ tv = tevent_timeval_current_ofs(6, 0); state->timeout = tevent_add_timer(auth_ctx->be->ev, req, tv, pc_init_timeout, req); /* processing will continue once the connection is received * in proxy_client_init() */ return req; } } static void pc_init_sig_handler(struct tevent_context *ev, struct tevent_signal *sige, int signum, int count, void *__siginfo, void *pvt) { int ret; int child_status; struct tevent_req *req; struct pc_init_ctx *init_ctx; if (count <= 0) { DEBUG(0, ("SIGCHLD handler called with invalid child count\n")); return; } req = talloc_get_type(pvt, struct tevent_req); init_ctx = tevent_req_data(req, struct pc_init_ctx); DEBUG(7, ("Waiting for child [%d].\n", init_ctx->pid)); errno = 0; ret = waitpid(init_ctx->pid, &child_status, WNOHANG); if (ret == -1) { ret = errno; DEBUG(1, ("waitpid failed [%d][%s].\n", ret, strerror(ret))); } else if (ret == 0) { DEBUG(1, ("waitpid did not find a child with changed status.\n")); } else { if (WIFEXITED(child_status)) { DEBUG(4, ("child [%d] exited with status [%d].\n", ret, WEXITSTATUS(child_status))); tevent_req_error(req, EIO); } else if (WIFSIGNALED(child_status)) { DEBUG(4, ("child [%d] was terminate by signal [%d].\n", ret, WTERMSIG(child_status))); tevent_req_error(req, EIO); } else { if (WIFSTOPPED(child_status)) { DEBUG(1, ("child [%d] was stopped by signal [%d].\n", ret, WSTOPSIG(child_status))); } if (WIFCONTINUED(child_status)) { DEBUG(1, ("child [%d] was resumed by delivery of SIGCONT.\n", ret)); } DEBUG(1, ("Child is still running, no new child is started.\n")); return; } } } static void pc_init_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { struct tevent_req *req; DEBUG(2, ("Client timed out before Identification!\n")); req = talloc_get_type(ptr, struct tevent_req); tevent_req_error(req, ETIMEDOUT); } static errno_t proxy_child_init_recv(struct tevent_req *req, pid_t *pid, struct sbus_connection **conn) { struct pc_init_ctx *state; TEVENT_REQ_RETURN_ON_ERROR(req); state = tevent_req_data(req, struct pc_init_ctx); /* Unset the destructor since we initialized successfully. * We don't want to kill the child now that it's properly * set up. */ talloc_set_destructor((TALLOC_CTX *)state, NULL); *pid = state->pid; *conn = state->conn; return EOK; } struct proxy_child_sig_ctx { struct proxy_auth_ctx *auth_ctx; pid_t pid; }; static void proxy_child_sig_handler(struct tevent_context *ev, struct tevent_signal *sige, int signum, int count, void *__siginfo, void *pvt); static struct tevent_req *proxy_pam_conv_send(TALLOC_CTX *mem_ctx, struct proxy_auth_ctx *auth_ctx, struct sbus_connection *conn, struct pam_data *pd, pid_t pid); static void proxy_pam_conv_done(struct tevent_req *subreq); static void proxy_child_init_done(struct tevent_req *subreq) { int ret; struct tevent_signal *sige; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct proxy_child_ctx *child_ctx = tevent_req_data(req, struct proxy_child_ctx); struct proxy_child_sig_ctx *sig_ctx; ret = proxy_child_init_recv(subreq, &child_ctx->pid, &child_ctx->conn); talloc_zfree(subreq); if (ret != EOK) { DEBUG(6, ("Proxy child init failed [%d]\n", ret)); tevent_req_error(req, ret); return; } /* An initialized child is available, awaiting the PAM command */ subreq = proxy_pam_conv_send(req, child_ctx->auth_ctx, child_ctx->conn, child_ctx->pd, child_ctx->pid); if (!subreq) { DEBUG(1,("Could not start PAM conversation\n")); tevent_req_error(req, EIO); return; } tevent_req_set_callback(subreq, proxy_pam_conv_done, req); /* Add a signal handler for the child under the auth_ctx, * that way if the child exits after completion of the * request, it will still be handled. */ sig_ctx = talloc_zero(child_ctx->auth_ctx, struct proxy_child_sig_ctx); if(sig_ctx == NULL) { DEBUG(1, ("tevent_add_signal failed.\n")); tevent_req_error(req, ENOMEM); return; } sig_ctx->auth_ctx = child_ctx->auth_ctx; sig_ctx->pid = child_ctx->pid; sige = tevent_add_signal(child_ctx->auth_ctx->be->ev, child_ctx->auth_ctx, SIGCHLD, SA_SIGINFO, proxy_child_sig_handler, sig_ctx); if (sige == NULL) { DEBUG(1, ("tevent_add_signal failed.\n")); tevent_req_error(req, ENOMEM); return; } /* Steal the signal context onto the signal event * so that when the signal is freed, the context * will go with it. */ talloc_steal(sige, sig_ctx); } static void remove_sige(struct tevent_context *ev, struct tevent_immediate *imm, void *pvt); static void run_proxy_child_queue(struct tevent_context *ev, struct tevent_immediate *imm, void *pvt); static void proxy_child_sig_handler(struct tevent_context *ev, struct tevent_signal *sige, int signum, int count, void *__siginfo, void *pvt) { int ret; int child_status; struct proxy_child_sig_ctx *sig_ctx; struct tevent_immediate *imm; struct tevent_immediate *imm2; if (count <= 0) { DEBUG(0, ("SIGCHLD handler called with invalid child count\n")); return; } sig_ctx = talloc_get_type(pvt, struct proxy_child_sig_ctx); DEBUG(7, ("Waiting for child [%d].\n", sig_ctx->pid)); errno = 0; ret = waitpid(sig_ctx->pid, &child_status, WNOHANG); if (ret == -1) { ret = errno; DEBUG(1, ("waitpid failed [%d][%s].\n", ret, strerror(ret))); } else if (ret == 0) { DEBUG(1, ("waitpid did not found a child with changed status.\n")); } else { if (WIFEXITED(child_status)) { DEBUG(4, ("child [%d] exited with status [%d].\n", ret, WEXITSTATUS(child_status))); } else if (WIFSIGNALED(child_status)) { DEBUG(4, ("child [%d] was terminated by signal [%d].\n", ret, WTERMSIG(child_status))); } else { if (WIFSTOPPED(child_status)) { DEBUG(1, ("child [%d] was stopped by signal [%d].\n", ret, WSTOPSIG(child_status))); } if (WIFCONTINUED(child_status)) { DEBUG(1, ("child [%d] was resumed by delivery of SIGCONT.\n", ret)); } DEBUG(1, ("Child is still running, no new child is started.\n")); return; } imm = tevent_create_immediate(ev); if (imm == NULL) { DEBUG(1, ("tevent_create_immediate failed.\n")); return; } tevent_schedule_immediate(imm, ev, run_proxy_child_queue, sig_ctx->auth_ctx); /* schedule another immediate timer to delete the sigchld handler */ imm2 = tevent_create_immediate(ev); if (imm2 == NULL) { DEBUG(1, ("tevent_create_immediate failed.\n")); return; } tevent_schedule_immediate(imm2, ev, remove_sige, sige); } return; } static void remove_sige(struct tevent_context *ev, struct tevent_immediate *imm, void *pvt) { talloc_free(pvt); } struct proxy_conv_ctx { struct proxy_auth_ctx *auth_ctx; struct sbus_connection *conn; struct pam_data *pd; pid_t pid; }; static void proxy_pam_conv_reply(DBusPendingCall *pending, void *ptr); static struct tevent_req *proxy_pam_conv_send(TALLOC_CTX *mem_ctx, struct proxy_auth_ctx *auth_ctx, struct sbus_connection *conn, struct pam_data *pd, pid_t pid) { errno_t ret; bool dp_ret; DBusMessage *msg; struct tevent_req *req; struct proxy_conv_ctx *state; req = tevent_req_create(mem_ctx, &state, struct proxy_conv_ctx); if (req == NULL) { return NULL; } state->auth_ctx = auth_ctx; state->conn = conn; state->pd = pd; state->pid = pid; msg = dbus_message_new_method_call(NULL, DP_PATH, DP_INTERFACE, DP_METHOD_PAMHANDLER); if (msg == NULL) { DEBUG(1, ("dbus_message_new_method_call failed.\n")); talloc_zfree(req); return NULL; } DEBUG(4, ("Sending request with the following data:\n")); DEBUG_PAM_DATA(4, pd); dp_ret = dp_pack_pam_request(msg, pd); if (!dp_ret) { DEBUG(1, ("Failed to build message\n")); dbus_message_unref(msg); talloc_zfree(req); return NULL; } ret = sbus_conn_send(state->conn, msg, state->auth_ctx->timeout_ms, proxy_pam_conv_reply, req, NULL); if (ret != EOK) { dbus_message_unref(msg); talloc_zfree(req); return NULL; } dbus_message_unref(msg); return req; } static void proxy_pam_conv_reply(DBusPendingCall *pending, void *ptr) { struct tevent_req *req; struct proxy_conv_ctx *state; DBusError dbus_error; DBusMessage *reply; int type; int ret; DEBUG(8, ("Handling pam conversation reply\n")); req = talloc_get_type(ptr, struct tevent_req); state = tevent_req_data(req, struct proxy_conv_ctx); dbus_error_init(&dbus_error); reply = dbus_pending_call_steal_reply(pending); dbus_pending_call_unref(pending); if (reply == NULL) { DEBUG(0, ("Severe error. A reply callback was called but no reply was" "received and no timeout occurred\n")); state->pd->pam_status = PAM_SYSTEM_ERR; tevent_req_error(req, EIO); } type = dbus_message_get_type(reply); switch (type) { case DBUS_MESSAGE_TYPE_METHOD_RETURN: ret = dp_unpack_pam_response(reply, state->pd, &dbus_error); if (!ret) { DEBUG(0, ("Failed to parse reply.\n")); state->pd->pam_status = PAM_SYSTEM_ERR; dbus_message_unref(reply); tevent_req_error(req, EIO); return; } DEBUG(4, ("received: [%d][%s]\n", state->pd->pam_status, state->pd->domain)); break; case DBUS_MESSAGE_TYPE_ERROR: DEBUG(0, ("Reply error [%s].\n", dbus_message_get_error_name(reply))); state->pd->pam_status = PAM_SYSTEM_ERR; break; default: DEBUG(0, ("Default... what now?.\n")); state->pd->pam_status = PAM_SYSTEM_ERR; } dbus_message_unref(reply); /* Kill the child */ kill(state->pid, SIGKILL); /* Conversation is finished */ tevent_req_done(req); } static errno_t proxy_pam_conv_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void proxy_pam_conv_done(struct tevent_req *subreq) { struct tevent_req *req; int ret; req = tevent_req_callback_data(subreq, struct tevent_req); ret = proxy_pam_conv_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(6, ("Proxy PAM conversation failed [%d]\n", ret)); tevent_req_error(req, ret); return; } tevent_req_done(req); } static int proxy_child_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct pam_data **pd) { struct proxy_child_ctx *ctx; TEVENT_REQ_RETURN_ON_ERROR(req); ctx = tevent_req_data(req, struct proxy_child_ctx); *pd = talloc_steal(mem_ctx, ctx->pd); return EOK; } static void proxy_child_done(struct tevent_req *req) { struct proxy_client_ctx *client_ctx = tevent_req_callback_data(req, struct proxy_client_ctx); struct be_ctx *be_ctx = be_req_get_be_ctx(client_ctx->be_req); struct pam_data *pd = NULL; const char *password; int ret; struct tevent_immediate *imm; ret = proxy_child_recv(req, client_ctx, &pd); talloc_zfree(req); /* Start the next auth in the queue, if any */ client_ctx->auth_ctx->running--; imm = tevent_create_immediate(be_ctx->ev); if (imm == NULL) { DEBUG(1, ("tevent_create_immediate failed.\n")); /* We'll still finish the current request, but we're * likely to have problems if there are queued events * if we've gotten into this state. * Hopefully this is impossible, since freeing req * above should guarantee that we have enough memory * to create this immediate event. */ } else { tevent_schedule_immediate(imm, be_ctx->ev, run_proxy_child_queue, client_ctx->auth_ctx); } if (ret != EOK) { /* Pam child failed */ be_req_terminate(client_ctx->be_req, DP_ERR_FATAL, ret, "PAM child failed"); return; } /* Check if we need to save the cached credentials */ if ((pd->cmd == SSS_PAM_AUTHENTICATE || pd->cmd == SSS_PAM_CHAUTHTOK) && (pd->pam_status == PAM_SUCCESS) && be_ctx->domain->cache_credentials) { ret = sss_authtok_get_password(pd->authtok, &password, NULL); if (ret) { /* password caching failures are not fatal errors */ DEBUG(2, ("Failed to cache password\n")); goto done; } ret = sysdb_cache_password(be_ctx->domain->sysdb, be_ctx->domain, pd->user, password); /* password caching failures are not fatal errors */ /* so we just log it any return */ if (ret != EOK) { DEBUG(2, ("Failed to cache password (%d)[%s]!?\n", ret, strerror(ret))); } } done: be_req_terminate(client_ctx->be_req, DP_ERR_OK, EOK, NULL); } static void run_proxy_child_queue(struct tevent_context *ev, struct tevent_immediate *imm, void *pvt) { struct proxy_auth_ctx *auth_ctx; struct hash_iter_context_t *iter; struct hash_entry_t *entry; struct tevent_req *req; struct tevent_req *subreq; struct proxy_child_ctx *state; auth_ctx = talloc_get_type(pvt, struct proxy_auth_ctx); /* Launch next queued request */ iter = new_hash_iter_context(auth_ctx->request_table); while ((entry = iter->next(iter)) != NULL) { req = talloc_get_type(entry->value.ptr, struct tevent_req); state = tevent_req_data(req, struct proxy_child_ctx); if (!state->running) { break; } } free(iter); if (!entry) { /* Nothing pending on the queue */ return; } if (auth_ctx->running < auth_ctx->max_children) { /* There's an available slot; start a child * to handle the request */ auth_ctx->running++; subreq = proxy_child_init_send(auth_ctx, state, auth_ctx); if (!subreq) { DEBUG(1, ("Could not fork child process\n")); auth_ctx->running--; talloc_zfree(req); return; } tevent_req_set_callback(subreq, proxy_child_init_done, req); state->running = true; } } sssd-1.11.5/src/providers/PaxHeaders.13173/ipa0000644000000000000000000000013212320753521017046 xustar000000000000000030 mtime=1396954961.599874991 30 atime=1396955003.533843848 30 ctime=1396954961.599874991 sssd-1.11.5/src/providers/ipa/0000775002412700241270000000000012320753521017352 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_netgroups.c0000644000000000000000000000007412320753107022153 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.579875006 sssd-1.11.5/src/providers/ipa/ipa_netgroups.c0000664002412700241270000010034312320753107022376 0ustar00jhrozekjhrozek00000000000000/* SSSD Async IPA Helper routines for netgroups Authors: Jan Zeleny Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ipa/ipa_id.h" #include "db/sysdb.h" #include #define ENTITY_NG 1 #define ENTITY_USER 2 #define ENTITY_HOST 4 struct ipa_get_netgroups_state { struct tevent_context *ev; struct sdap_options *opts; struct ipa_options *ipa_opts; struct sdap_handle *sh; struct sysdb_ctx *sysdb; struct sss_domain_info *dom; const char **attrs; int timeout; char *filter; const char *base_filter; size_t netgr_base_iter; size_t host_base_iter; size_t user_base_iter; /* Entities which have been already asked for * and are scheduled for inspection */ hash_table_t *new_netgroups; hash_table_t *new_users; hash_table_t *new_hosts; int current_entity; int entities_found; struct sysdb_attrs **netgroups; int netgroups_count; }; static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, struct sysdb_ctx *ctx, struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs *attrs) { struct ldb_message_element *el; struct sysdb_attrs *netgroup_attrs; const char *name = NULL; int ret; size_t c; ret = sysdb_attrs_get_el(attrs, opts->netgroup_map[IPA_AT_NETGROUP_NAME].sys_name, &el); if (ret) goto fail; if (el->num_values == 0) { ret = EINVAL; goto fail; } name = (const char *)el->values[0].data; DEBUG(SSSDBG_TRACE_INTERNAL, ("Storing netgroup %s\n", name)); netgroup_attrs = sysdb_new_attrs(mem_ctx); if (!netgroup_attrs) { ret = ENOMEM; goto fail; } ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &el); if (ret) { goto fail; } if (el->num_values == 0) { DEBUG(7, ("Original DN is not available for [%s].\n", name)); } else { DEBUG(7, ("Adding original DN [%s] to attributes of [%s].\n", el->values[0].data, name)); ret = sysdb_attrs_add_string(netgroup_attrs, SYSDB_ORIG_DN, (const char *)el->values[0].data); if (ret) { goto fail; } } ret = sysdb_attrs_get_el(attrs, SYSDB_NETGROUP_TRIPLE, &el); if (ret) { goto fail; } if (el->num_values == 0) { DEBUG(SSSDBG_TRACE_INTERNAL, ("No netgroup triples for netgroup [%s].\n", name)); ret = sysdb_attrs_get_el(netgroup_attrs, SYSDB_NETGROUP_TRIPLE, &el); if (ret != EOK) { goto fail; } } else { for(c = 0; c < el->num_values; c++) { ret = sysdb_attrs_add_string(netgroup_attrs, SYSDB_NETGROUP_TRIPLE, (const char*)el->values[c].data); if (ret) { goto fail; } } } ret = sysdb_attrs_get_el(attrs, opts->netgroup_map[IPA_AT_NETGROUP_MEMBER].sys_name, &el); if (ret != EOK) { goto fail; } if (el->num_values == 0) { DEBUG(7, ("No original members for netgroup [%s]\n", name)); } else { DEBUG(7, ("Adding original members to netgroup [%s]\n", name)); for(c = 0; c < el->num_values; c++) { ret = sysdb_attrs_add_string(netgroup_attrs, opts->netgroup_map[IPA_AT_NETGROUP_MEMBER].sys_name, (const char*)el->values[c].data); if (ret) { goto fail; } } } ret = sysdb_attrs_get_el(attrs, SYSDB_NETGROUP_MEMBER, &el); if (ret != EOK) { goto fail; } if (el->num_values == 0) { DEBUG(7, ("No members for netgroup [%s]\n", name)); } else { DEBUG(7, ("Adding members to netgroup [%s]\n", name)); for(c = 0; c < el->num_values; c++) { ret = sysdb_attrs_add_string(netgroup_attrs, SYSDB_NETGROUP_MEMBER, (const char*)el->values[c].data); if (ret) { goto fail; } } } DEBUG(6, ("Storing info for netgroup %s\n", name)); ret = sysdb_add_netgroup(ctx, dom, name, NULL, netgroup_attrs, NULL, dom->netgroup_timeout, 0); if (ret) goto fail; return EOK; fail: DEBUG(2, ("Failed to save netgroup %s\n", name)); return ret; } static errno_t ipa_netgr_next_base(struct tevent_req *req); static void ipa_get_netgroups_process(struct tevent_req *subreq); static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state); struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct sdap_options *opts, struct ipa_options *ipa_options, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout) { struct tevent_req *req; struct ipa_get_netgroups_state *state; int ret; req = tevent_req_create(memctx, &state, struct ipa_get_netgroups_state); if (!req) return NULL; state->ev = ev; state->opts = opts; state->ipa_opts = ipa_options; state->sh = sh; state->sysdb = sysdb; state->attrs = attrs; state->timeout = timeout; state->base_filter = filter; state->netgr_base_iter = 0; state->dom = dom; if (!ipa_options->id->sdom->netgroup_search_bases) { DEBUG(SSSDBG_CRIT_FAILURE, ("Netgroup lookup request without a search base\n")); ret = EINVAL; goto done; } ret = sss_hash_create(state, 32, &state->new_netgroups); if (ret != EOK) goto done; ret = sss_hash_create(state, 32, &state->new_users); if (ret != EOK) goto done; ret = sss_hash_create(state, 32, &state->new_hosts); if (ret != EOK) goto done; ret = ipa_netgr_next_base(req); done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static errno_t ipa_netgr_next_base(struct tevent_req *req) { struct tevent_req *subreq; struct ipa_get_netgroups_state *state; struct sdap_search_base **netgr_bases; state = tevent_req_data(req, struct ipa_get_netgroups_state); netgr_bases = state->ipa_opts->id->sdom->netgroup_search_bases; talloc_zfree(state->filter); state->filter = sdap_get_id_specific_filter( state, state->base_filter, netgr_bases[state->netgr_base_iter]->filter); if (!state->filter) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Searching for netgroups with base [%s]\n", netgr_bases[state->netgr_base_iter]->basedn)); subreq = sdap_get_generic_send( state, state->ev, state->opts, state->sh, netgr_bases[state->netgr_base_iter]->basedn, netgr_bases[state->netgr_base_iter]->scope, state->filter, state->attrs, state->opts->netgroup_map, IPA_OPTS_NETGROUP, state->timeout, true); if (!subreq) { return ENOMEM; } tevent_req_set_callback(subreq, ipa_get_netgroups_process, req); return EOK; } static int ipa_netgr_fetch_netgroups(struct ipa_get_netgroups_state *state, struct tevent_req *req); static int ipa_netgr_fetch_users(struct ipa_get_netgroups_state *state, struct tevent_req *req); static int ipa_netgr_fetch_hosts(struct ipa_get_netgroups_state *state, struct tevent_req *req); static void ipa_netgr_members_process(struct tevent_req *subreq); static void ipa_get_netgroups_process(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_get_netgroups_state *state = tevent_req_data(req, struct ipa_get_netgroups_state); int i, ret; struct ldb_message_element *el; struct sdap_search_base **netgr_bases; struct sysdb_attrs **netgroups; size_t netgroups_count; const char *orig_dn; char *dn; char *filter; bool fetch_members = false; hash_key_t key; hash_value_t value; netgr_bases = state->ipa_opts->id->sdom->netgroup_search_bases; ret = sdap_get_generic_recv(subreq, state, &netgroups_count, &netgroups); talloc_zfree(subreq); if (ret) { goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Search for netgroups, returned %zu results.\n", netgroups_count)); if (netgroups_count == 0) { /* No netgroups found in this search */ state->netgr_base_iter++; if (netgr_bases[state->netgr_base_iter]) { /* There are more search bases to try */ ret = ipa_netgr_next_base(req); if (ret != EOK) { tevent_req_error(req, ENOENT); } return; } ret = ENOENT; goto done; } filter = talloc_strdup(state, "(|"); if (filter == NULL) { ret = ENOMEM; goto done; } for (i = 0; i < netgroups_count; i++) { ret = sysdb_attrs_get_el(netgroups[i], SYSDB_ORIG_NETGROUP_MEMBER, &el); if (ret != EOK) goto done; if (el->num_values) state->entities_found |= ENTITY_NG; ret = sysdb_attrs_get_el(netgroups[i], SYSDB_ORIG_MEMBER_USER, &el); if (ret != EOK) goto done; if (el->num_values) state->entities_found |= ENTITY_USER; ret = sysdb_attrs_get_el(netgroups[i], SYSDB_ORIG_MEMBER_HOST, &el); if (ret != EOK) goto done; if (el->num_values) state->entities_found |= ENTITY_HOST; ret = sysdb_attrs_get_string(netgroups[i], SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { goto done; } key.type = HASH_KEY_STRING; value.type = HASH_VALUE_PTR; key.str = discard_const(orig_dn); value.ptr = netgroups[i]; ret = hash_enter(state->new_netgroups, &key, &value); if (ret != HASH_SUCCESS) { ret = ENOMEM; goto done; } if (state->entities_found == 0) { continue; } ret = sss_filter_sanitize(state, orig_dn, &dn); if (ret != EOK) { goto done; } /* Add this to the filter */ filter = talloc_asprintf_append(filter, "(%s=%s)", state->opts->netgroup_map[IPA_AT_NETGROUP_MEMBER_OF].name, dn); if (filter == NULL) { ret = ENOMEM; goto done; } fetch_members = true; } if (!fetch_members) { ret = ipa_netgr_process_all(state); if (ret != EOK) { tevent_req_error(req, ret); } else { tevent_req_done(req); } return; } state->filter = talloc_asprintf_append(filter, ")"); if (state->filter == NULL) { ret = ENOMEM; goto done; } if (state->entities_found & ENTITY_NG) { state->netgr_base_iter = 0; ret = ipa_netgr_fetch_netgroups(state, req); if (ret != EOK) goto done; } else if (state->entities_found & ENTITY_USER) { ret = ipa_netgr_fetch_users(state, req); if (ret != EOK) goto done; } else if (state->entities_found & ENTITY_HOST) { ret = ipa_netgr_fetch_hosts(state, req); if (ret != EOK) goto done; } return; done: tevent_req_error(req, ret); return; } static int ipa_netgr_fetch_netgroups(struct ipa_get_netgroups_state *state, struct tevent_req *req) { char *filter; const char *base_filter; struct tevent_req *subreq; struct sdap_search_base **bases; bases = state->ipa_opts->id->sdom->netgroup_search_bases; if (bases[state->netgr_base_iter] == NULL) { /* No more bases to try */ return ENOENT; } base_filter = bases[state->netgr_base_iter]->filter; filter = talloc_asprintf(state, "(&%s%s(objectclass=%s))", state->filter, base_filter?base_filter:"", state->opts->netgroup_map[SDAP_OC_NETGROUP].name); if (filter == NULL) return ENOMEM; subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, bases[state->netgr_base_iter]->basedn, bases[state->netgr_base_iter]->scope, filter, state->attrs, state->opts->netgroup_map, IPA_OPTS_NETGROUP, state->timeout, true); state->current_entity = ENTITY_NG; if (subreq == NULL) { return ENOMEM; } tevent_req_set_callback(subreq, ipa_netgr_members_process, req); return EOK; } static int ipa_netgr_fetch_users(struct ipa_get_netgroups_state *state, struct tevent_req *req) { const char *attrs[] = { state->opts->user_map[SDAP_AT_USER_NAME].name, state->opts->user_map[SDAP_AT_USER_MEMBEROF].name, "objectclass", NULL }; char *filter; const char *base_filter; struct tevent_req *subreq; struct sdap_search_base **bases; bases = state->ipa_opts->id->sdom->user_search_bases; if (bases[state->user_base_iter] == NULL) { return ENOENT; } base_filter = bases[state->user_base_iter]->filter; filter = talloc_asprintf(state, "(&%s%s(objectclass=%s))", state->filter, base_filter?base_filter:"", state->opts->user_map[SDAP_OC_USER].name); if (filter == NULL) return ENOMEM; subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, dp_opt_get_string(state->opts->basic, SDAP_USER_SEARCH_BASE), LDAP_SCOPE_SUBTREE, filter, attrs, state->opts->user_map, SDAP_OPTS_USER, state->timeout, true); state->current_entity = ENTITY_USER; if (subreq == NULL) { talloc_free(attrs); return ENOMEM; } tevent_req_set_callback(subreq, ipa_netgr_members_process, req); return EOK; } static int ipa_netgr_fetch_hosts(struct ipa_get_netgroups_state *state, struct tevent_req *req) { const char **attrs; char *filter; const char *base_filter; struct tevent_req *subreq; int ret; struct sdap_search_base **bases; bases = state->ipa_opts->host_search_bases; if (bases[state->host_base_iter] == NULL) { return ENOENT; } base_filter = bases[state->host_base_iter]->filter; filter = talloc_asprintf(state, "(&%s%s(objectclass=%s))", state->filter, base_filter?base_filter:"", state->ipa_opts->host_map[IPA_OC_HOST].name); if (filter == NULL) return ENOMEM; ret = build_attrs_from_map(state, state->ipa_opts->host_map, IPA_OPTS_HOST, NULL, &attrs, NULL); if (ret != EOK) { talloc_free(filter); return ret; } subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, bases[state->host_base_iter]->basedn, bases[state->host_base_iter]->scope, filter, attrs, state->ipa_opts->host_map, IPA_OPTS_HOST, state->timeout, true); state->current_entity = ENTITY_HOST; if (subreq == NULL) { talloc_free(filter); return ENOMEM; } tevent_req_set_callback(subreq, ipa_netgr_members_process, req); return EOK; } static void ipa_netgr_members_process(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_get_netgroups_state *state = tevent_req_data(req, struct ipa_get_netgroups_state); struct sysdb_attrs **entities; size_t count; int ret, i; const char *orig_dn; char *orig_dn_lower; hash_table_t *table; hash_key_t key; hash_value_t value; int (* next_call)(struct ipa_get_netgroups_state *, struct tevent_req *); bool next_batch_scheduled = false; ret = sdap_get_generic_recv(subreq, state, &count, &entities); talloc_zfree(subreq); if (ret) { goto fail; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Found %zu members in current search base\n", count)); next_call = NULL; /* While processing a batch of entities from one search base, * schedule query for another search base if there is one * * If there is no other search base, another class of entities * will be scheduled for lookup after processing of current * batch. The order of lookup is: netgroups -> users -> hosts */ if (state->current_entity == ENTITY_NG) { /* We just received a batch of netgroups */ state->netgr_base_iter++; ret = ipa_netgr_fetch_netgroups(state, req); table = state->new_netgroups; /* If there is a member netgroup, we always have to * ask for both member users and hosts * -> now schedule users */ next_call = ipa_netgr_fetch_users; } else if (state->current_entity == ENTITY_USER) { /* We just received a batch of users */ state->user_base_iter++; ret = ipa_netgr_fetch_users(state, req); table = state->new_users; if (state->entities_found & ENTITY_HOST || state->entities_found & ENTITY_NG) { next_call = ipa_netgr_fetch_hosts; } } else if (state->current_entity == ENTITY_HOST) { /* We just received a batch of hosts */ state->host_base_iter++; ret = ipa_netgr_fetch_hosts(state, req); table = state->new_hosts; } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid entity type given for processing: %d\n", state->current_entity)); ret = EINVAL; goto fail; } if (ret == EOK) { /* Next search base has been scheduled for inspection, * don't try to look for other type of entities */ next_batch_scheduled = true; } else if (ret != ENOENT) { goto fail; } /* Process all member entites and store them in the designated hash table */ key.type = HASH_KEY_STRING; value.type = HASH_VALUE_PTR; for (i = 0; i < count; i++) { ret = sysdb_attrs_get_string(entities[i], SYSDB_ORIG_DN, &orig_dn); if (ret != EOK) { goto fail; } orig_dn_lower = talloc_strdup(table, orig_dn); if (orig_dn_lower == NULL) { ret = ENOMEM; goto fail; } /* Transform the DN to lower case. * this is important, as the member/memberof attributes * have the value also in lower-case */ key.str = orig_dn_lower; while (*orig_dn_lower != '\0') { *orig_dn_lower = tolower(*orig_dn_lower); orig_dn_lower++; } value.ptr = entities[i]; ret = hash_enter(table, &key, &value); if (ret != HASH_SUCCESS) { goto fail; } } if (next_batch_scheduled) { /* The next search base is already scheduled to be searched */ return; } if (next_call) { /* There is another class of members that has to be retrieved * - schedule the lookup */ ret = next_call(state, req); if (ret != EOK) goto fail; } else { /* All members, that could have been fetched, were fetched */ ret = ipa_netgr_process_all(state); if (ret != EOK) goto fail; tevent_req_done(req); } return; fail: tevent_req_error(req, ret); return; } static bool extract_netgroups(hash_entry_t *entry, void *pvt) { struct ipa_get_netgroups_state *state; state = talloc_get_type(pvt, struct ipa_get_netgroups_state); state->netgroups[state->netgroups_count] = talloc_get_type(entry->value.ptr, struct sysdb_attrs); state->netgroups_count++; return true; } struct extract_state { const char *group; const char **entries; int entries_count; }; static bool extract_entities(hash_entry_t *entry, void *pvt) { int i, ret; struct extract_state *state; struct sysdb_attrs *member; struct ldb_message_element *el; struct ldb_message_element *name_el; state = talloc_get_type(pvt, struct extract_state); member = talloc_get_type(entry->value.ptr, struct sysdb_attrs); ret = sysdb_attrs_get_el(member, SYSDB_ORIG_MEMBEROF, &el); if (ret != EOK) return false; ret = sysdb_attrs_get_el(member, SYSDB_NAME, &name_el); if (ret != EOK || name_el == NULL || name_el->num_values == 0) { return false; } for (i = 0; i < el->num_values; i++) { if (strcmp((char *)el->values[i].data, state->group) == 0) { state->entries = talloc_realloc(state, state->entries, const char *, state->entries_count + 1); if (state->entries == NULL) { return false; } state->entries[state->entries_count] = (char *)name_el->values[0].data; state->entries_count++; break; } } return true; } static int extract_members(TALLOC_CTX *mem_ctx, struct sysdb_attrs *netgroup, const char *member_type, hash_table_t *lookup_table, const char ***_ret_array, int *_ret_count) { struct extract_state *state; struct ldb_message_element *el; struct sysdb_attrs *member; hash_key_t key; hash_value_t value; const char **process = NULL; const char **ret_array = NULL; int process_count = 0; int ret_count = 0; int ret, i, pi; key.type = HASH_KEY_STRING; value.type = HASH_VALUE_PTR; state = talloc_zero(mem_ctx, struct extract_state); if (state == NULL) { ret = ENOMEM; goto done; } ret = sysdb_attrs_get_el(netgroup, member_type, &el); if (ret != EOK && ret != ENOENT) { goto done; } if (ret == EOK) { for (i = 0; i < el->num_values; i++) { key.str = (char *)el->values[i].data; ret = hash_lookup(lookup_table, &key, &value); if (ret != HASH_SUCCESS && ret != HASH_ERROR_KEY_NOT_FOUND) { ret = ENOENT; goto done; } if (ret == HASH_ERROR_KEY_NOT_FOUND) { process = talloc_realloc(mem_ctx, process, const char *, process_count + 1); if (process == NULL) { ret = ENOMEM; goto done; } process[process_count] = (char *)el->values[i].data; process_count++; } else { ret_array = talloc_realloc(mem_ctx, ret_array, const char *, ret_count + 1); if (ret_array == NULL) { ret = ENOMEM; goto done; } member = talloc_get_type(value.ptr, struct sysdb_attrs); ret = sysdb_attrs_get_string(member, SYSDB_NAME, &ret_array[ret_count]); if (ret != EOK) { goto done; } ret_count++; } for (pi = 0; pi < process_count; pi++) { state->group = process[pi]; hash_iterate(lookup_table, extract_entities, state); if (state->entries_count > 0) { ret_array = talloc_realloc(mem_ctx, ret_array, const char *, ret_count + state->entries_count); if (ret_array == NULL) { ret = ENOMEM; goto done; } memcpy(&ret_array[ret_count], state->entries, state->entries_count*sizeof(const char *)); ret_count += state->entries_count; } state->entries_count = 0; talloc_zfree(state->entries); } } } else { ret_array = NULL; } *_ret_array = ret_array; *_ret_count = ret_count; ret = EOK; done: return ret; } static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state) { int i, j, k, ret; const char **members; struct sysdb_attrs *member; const char *member_name; struct extract_state *extract_state; struct ldb_message_element *external_hosts; const char *dash[] = {"-"}; const char **uids = NULL; const char **hosts = NULL; int uids_count = 0; int hosts_count = 0; hash_key_t key; hash_value_t value; const char *domain; char *triple; state->netgroups = talloc_zero_array(state, struct sysdb_attrs *, hash_count(state->new_netgroups)); if (state->netgroups == NULL) { return ENOMEM; } extract_state = talloc_zero(state, struct extract_state); if (extract_state == NULL) { ret = ENOMEM; goto done; } key.type = HASH_KEY_STRING; value.type = HASH_VALUE_PTR; hash_iterate(state->new_netgroups, extract_netgroups, state); for (i = 0; i < state->netgroups_count; i++) { /* load all its member netgroups, translate */ DEBUG(SSSDBG_TRACE_INTERNAL, ("Extracting netgroup members of netgroup %d\n", i)); ret = sysdb_attrs_get_string_array(state->netgroups[i], SYSDB_ORIG_NETGROUP_MEMBER, state, &members); if (ret != EOK && ret != ENOENT) { goto done; } j = 0; if (ret == EOK) { for (j = 0; members[j]; j++) { key.str = discard_const(members[j]); ret = hash_lookup(state->new_netgroups, &key, &value); if (ret != HASH_SUCCESS) { ret = ENOENT; goto done; } member = talloc_get_type(value.ptr, struct sysdb_attrs); ret = sysdb_attrs_get_string(member, SYSDB_NAME, &member_name); if (ret != EOK) { goto done; } ret = sysdb_attrs_add_string(state->netgroups[i], SYSDB_NETGROUP_MEMBER, member_name); if (ret != EOK) { goto done; } } talloc_zfree(members); } DEBUG(SSSDBG_TRACE_INTERNAL, ("Extracted %d netgroup members\n", j)); /* Load all UIDs */ DEBUG(SSSDBG_TRACE_ALL, ("Extracting user members of netgroup %d\n", i)); ret = extract_members(state, state->netgroups[i], SYSDB_ORIG_MEMBER_USER, state->new_users, &uids, &uids_count); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Extracted %d user members\n", uids_count)); DEBUG(SSSDBG_TRACE_ALL, ("Extracting host members of netgroup %d\n", i)); ret = extract_members(state, state->netgroups[i], SYSDB_ORIG_MEMBER_HOST, state->new_hosts, &hosts, &hosts_count); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Extracted %d host members\n", hosts_count)); ret = sysdb_attrs_get_el(state->netgroups[i], SYSDB_ORIG_NETGROUP_EXTERNAL_HOST, &external_hosts); if (ret != EOK) { goto done; } if (external_hosts->num_values > 0) { hosts = talloc_realloc(state, hosts, const char *, hosts_count + external_hosts->num_values); if (hosts == NULL) { ret = ENOMEM; goto done; } for (j = 0; j < external_hosts->num_values; j++) { hosts[hosts_count] = talloc_strdup(hosts, (char *)external_hosts->values[j].data); if (hosts[hosts_count] == NULL) { ret = ENOMEM; goto done; } hosts_count++; } } ret = sysdb_attrs_get_string(state->netgroups[i], SYSDB_NETGROUP_DOMAIN, &domain); if (ret != EOK) { goto done; } if (uids_count > 0 || hosts_count > 0) { if (uids_count == 0) { uids_count = 1; uids = dash; } if (hosts_count == 0) { hosts_count = 1; hosts = dash; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Putting together triples of " "netgroup %d\n", i)); for (j = 0; j < uids_count; j++) { for (k = 0; k < hosts_count; k++) { triple = talloc_asprintf(state, "(%s,%s,%s)", hosts[k], uids[j], domain); if (triple == NULL) { ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(state->netgroups[i], SYSDB_NETGROUP_TRIPLE, triple); if (ret != EOK) { goto done; } } } } ret = ipa_save_netgroup(state, state->sysdb, state->dom, state->opts, state->netgroups[i]); if (ret != EOK) { goto done; } } ret = EOK; done: return ret; } int ipa_get_netgroups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *reply_count, struct sysdb_attrs ***reply) { struct ipa_get_netgroups_state *state = tevent_req_data(req, struct ipa_get_netgroups_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (reply_count) { *reply_count = state->netgroups_count; } if (reply) { *reply = talloc_steal(mem_ctx, state->netgroups); } return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_selinux_common.c0000644000000000000000000000007412320753107023164 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.594874995 sssd-1.11.5/src/providers/ipa/ipa_selinux_common.c0000664002412700241270000000417712320753107023417 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- SELinux common routines Authors: Jan Zeleny Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "db/sysdb_selinux.h" #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_selinux_common.h" errno_t ipa_save_user_maps(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, size_t map_count, struct sysdb_attrs **maps) { errno_t ret; errno_t sret; bool in_transaction = false; int i; ret = sysdb_transaction_start(sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; for (i = 0; i < map_count; i++) { ret = sysdb_store_selinux_usermap(sysdb, domain, maps[i]); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to store user map %d. " "Ignoring.\n", i)); } else { DEBUG(SSSDBG_TRACE_FUNC, ("User map %d processed.\n", i)); } } ret = sysdb_transaction_commit(sysdb); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction!\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction")); } } return ret; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_idmap.c0000644000000000000000000000007412320753107021217 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.596874993 sssd-1.11.5/src/providers/ipa/ipa_idmap.c0000664002412700241270000002673312320753107021454 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Sumit Bose Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "providers/ldap/sdap_idmap.h" #include "providers/ipa/ipa_common.h" #include "util/util_sss_idmap.h" static errno_t ipa_idmap_check_posix_child(struct sdap_idmap_ctx *idmap_ctx, const char *dom_name, const char *dom_sid_str, size_t range_count, struct range_info **range_list) { bool has_algorithmic_mapping; enum idmap_error_code err; struct sss_domain_info *dom; struct sss_domain_info *forest_root; size_t c; struct sss_idmap_range range; struct range_info *r; char *range_id; TALLOC_CTX *tmp_ctx; bool found = false; int ret; err = sss_idmap_domain_has_algorithmic_mapping(idmap_ctx->map, dom_sid_str, &has_algorithmic_mapping); if (err == IDMAP_SUCCESS) { DEBUG(SSSDBG_TRACE_ALL, ("Idmap of domain [%s] already known, nothing to do.\n", dom_sid_str)); return EOK; } else { err = sss_idmap_domain_by_name_has_algorithmic_mapping(idmap_ctx->map, dom_name, &has_algorithmic_mapping); if (err == IDMAP_SUCCESS) { DEBUG(SSSDBG_TRACE_ALL, ("Idmap of domain [%s] already known, nothing to do.\n", dom_sid_str)); return EOK; } } DEBUG(SSSDBG_TRACE_ALL, ("Trying to add idmap for domain [%s].\n", dom_sid_str)); if (err != IDMAP_SID_UNKNOWN && err != IDMAP_NAME_UNKNOWN) { DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_domain_has_algorithmic_mapping failed.\n")); return EINVAL; } dom = find_subdomain_by_sid(idmap_ctx->id_ctx->be->domain, dom_sid_str); if (dom == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("find_subdomain_by_sid failed with SID [%s].\n", dom_sid_str)); return EINVAL; } if (dom->forest == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("No forest available for domain [%s].\n", dom_sid_str)); return EINVAL; } forest_root = find_subdomain_by_name(idmap_ctx->id_ctx->be->domain, dom->forest, true); if (forest_root == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("find_subdomain_by_name failed to find forest root [%s].\n", dom->forest)); return ENOENT; } if (forest_root->domain_id == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Forest root [%s] does not have a SID.\n", dom->forest)); return EINVAL; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } for (c = 0; c < range_count; c++) { r = range_list[c]; if (r->trusted_dom_sid != NULL && strcmp(r->trusted_dom_sid, forest_root->domain_id) == 0) { if (r->range_type == NULL || strcmp(r->range_type, IPA_RANGE_AD_TRUST_POSIX) != 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("Forest root does not have range type [%s].\n", IPA_RANGE_AD_TRUST_POSIX)); ret = EINVAL; goto done; } range.min = r->base_id; range.max = r->base_id + r->id_range_size -1; range_id = talloc_asprintf(tmp_ctx, "%s-%s", dom_sid_str, r->name); if (range_id == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } err = sss_idmap_add_domain_ex(idmap_ctx->map, dom_name, dom_sid_str, &range, range_id, 0, true); if (err != IDMAP_SUCCESS && err != IDMAP_COLLISION) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add range [%s] to ID map\n", range_id)); ret = EIO; goto done; } found = true; } } if (!found) { DEBUG(SSSDBG_MINOR_FAILURE, ("No idrange found for forest root [%s].\n", forest_root->domain_id)); ret = ENOENT; goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t get_idmap_data_from_range(struct range_info *r, char *domain_name, char **_name, char **_sid, uint32_t *_rid, struct sss_idmap_range *_range, bool *_external_mapping) { if (r->range_type == NULL) { /* Older IPA servers might not have the range_type attribute, but * only support local ranges and trusts with algorithmic mapping. */ if (r->trusted_dom_sid == NULL && r->secondary_base_rid != 0) { /* local IPA domain */ *_rid = 0; *_external_mapping = true; *_name = domain_name; *_sid = NULL; } else if (r->trusted_dom_sid != NULL && r->secondary_base_rid == 0) { /* trusted domain */ *_rid = r->base_rid; *_external_mapping = false; *_name = r->trusted_dom_sid; *_sid = r->trusted_dom_sid; } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot determine range type, " \ "for id range [%s].\n", r->name)); return EINVAL; } } else { if (strcmp(r->range_type, IPA_RANGE_LOCAL) == 0) { *_rid = 0; *_external_mapping = true; *_name = domain_name; *_sid = NULL; } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST_POSIX) == 0) { *_rid = 0; *_external_mapping = true; *_name = r->trusted_dom_sid; *_sid = r->trusted_dom_sid; } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST) == 0) { *_rid = r->base_rid; *_external_mapping = false; *_name = r->trusted_dom_sid; *_sid = r->trusted_dom_sid; } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Range type [%s] of id range " \ "[%s] not supported.\n", \ r->range_type, r->name)); return EINVAL; } } _range->min = r->base_id; _range->max = r->base_id + r->id_range_size -1; return EOK; } errno_t ipa_idmap_get_ranges_from_sysdb(struct sdap_idmap_ctx *idmap_ctx, const char *dom_name, const char *dom_sid_str, bool allow_collisions) { int ret; size_t range_count; struct range_info **range_list; TALLOC_CTX *tmp_ctx; size_t c; enum idmap_error_code err; struct sss_idmap_range range; uint32_t rid; bool external_mapping; char *name; char *sid; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } ret = sysdb_get_ranges(tmp_ctx, idmap_ctx->id_ctx->be->domain->sysdb, &range_count, &range_list); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_get_ranges failed.\n")); goto done; } for (c = 0; c < range_count; c++) { ret = get_idmap_data_from_range(range_list[c], idmap_ctx->id_ctx->be->domain->name, &name, &sid, &rid, &range, &external_mapping); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("get_idmap_data_from_range failed for " \ "id range [%s], skipping.\n", range_list[c]->name)); continue; } err = sss_idmap_add_domain_ex(idmap_ctx->map, name, sid, &range, range_list[c]->name, rid, external_mapping); if (err != IDMAP_SUCCESS) { if (!allow_collisions || err != IDMAP_COLLISION) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add range [%s] to ID map\n", range_list[c]->name)); ret = EIO; goto done; } } } if (dom_name != NULL || dom_sid_str != NULL) { ret = ipa_idmap_check_posix_child(idmap_ctx, dom_name, dom_sid_str, range_count, range_list); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ipa_idmap_check_posix_child failed.\n")); goto done; } } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t ipa_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx, const char *dom_name, const char *dom_sid_str) { return ipa_idmap_get_ranges_from_sysdb(idmap_ctx, dom_name, dom_sid_str, true); } errno_t ipa_idmap_init(TALLOC_CTX *mem_ctx, struct sdap_id_ctx *id_ctx, struct sdap_idmap_ctx **_idmap_ctx) { errno_t ret; TALLOC_CTX *tmp_ctx; enum idmap_error_code err; struct sdap_idmap_ctx *idmap_ctx = NULL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; idmap_ctx = talloc_zero(tmp_ctx, struct sdap_idmap_ctx); if (!idmap_ctx) { ret = ENOMEM; goto done; } idmap_ctx->id_ctx = id_ctx; idmap_ctx->find_new_domain = ipa_idmap_find_new_domain; /* Initialize the map */ err = sss_idmap_init(sss_idmap_talloc, idmap_ctx, sss_idmap_talloc_free, &idmap_ctx->map); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not initialize the ID map: [%s]\n", idmap_error_string(err))); if (err == IDMAP_OUT_OF_MEMORY) { ret = ENOMEM; } else { ret = EINVAL; } goto done; } ret = ipa_idmap_get_ranges_from_sysdb(idmap_ctx, NULL, NULL, false); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ipa_idmap_get_ranges_from_sysdb failed.\n")); goto done; } *_idmap_ctx = talloc_steal(mem_ctx, idmap_ctx); ret = EOK; done: talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hostid.h0000644000000000000000000000007412320753107021424 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.494875069 sssd-1.11.5/src/providers/ipa/ipa_hostid.h0000664002412700241270000000200012320753107021636 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _IPA_HOSTID_H_ #define _IPA_HOSTID_H_ struct ipa_hostid_ctx { struct sdap_id_ctx *sdap_id_ctx; struct ipa_options *ipa_opts; struct sdap_search_base **host_search_bases; }; void ipa_host_info_handler(struct be_req *be_req); #endif /* _IPA_HOSTID_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_srv.c0000644000000000000000000000007412320753107020737 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.595874994 sssd-1.11.5/src/providers/ipa/ipa_srv.c0000664002412700241270000001464112320753107021167 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "util/util.h" #include "resolv/async_resolv.h" #include "providers/fail_over_srv.h" #define IPA_DNS_LOCATION "_location" struct ipa_srv_plugin_ctx { struct resolv_ctx *resolv_ctx; const char *hostname; const char *ipa_domain; }; struct ipa_srv_plugin_ctx * ipa_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, struct resolv_ctx *resolv_ctx, const char *hostname, const char *ipa_domain) { struct ipa_srv_plugin_ctx *ctx = NULL; ctx = talloc_zero(mem_ctx, struct ipa_srv_plugin_ctx); if (ctx == NULL) { return NULL; } ctx->resolv_ctx = resolv_ctx; ctx->hostname = talloc_strdup(ctx, hostname); if (ctx->hostname == NULL) { goto fail; } ctx->ipa_domain = talloc_strdup(ctx, ipa_domain); if (ctx->ipa_domain == NULL) { goto fail; } return ctx; fail: talloc_free(ctx); return NULL; } struct ipa_srv_plugin_state { char *dns_domain; struct fo_server_info *primary_servers; size_t num_primary_servers; struct fo_server_info *backup_servers; size_t num_backup_servers; }; static void ipa_srv_plugin_done(struct tevent_req *subreq); /* If IPA server supports sites, we will use * _locations.hostname.discovery_domain for primary servers and * discovery_domain for backup servers. If the server does not support sites or * client's SRV record is not found, we will use the latter for primary * servers, setting backup servers to NULL */ struct tevent_req *ipa_srv_plugin_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *service, const char *protocol, const char *discovery_domain, void *pvt) { struct ipa_srv_plugin_state *state = NULL; struct ipa_srv_plugin_ctx *ctx = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; const char *primary_domain = NULL; const char *backup_domain = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct ipa_srv_plugin_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } ctx = talloc_get_type(pvt, struct ipa_srv_plugin_ctx); if (ctx == NULL) { ret = EINVAL; goto immediately; } if (discovery_domain != NULL) { backup_domain = talloc_strdup(state, discovery_domain); } else { backup_domain = talloc_strdup(state, ctx->ipa_domain); } if (backup_domain == NULL) { ret = ENOMEM; goto immediately; } if (strchr(ctx->hostname, '.') == NULL) { /* not FQDN, append domain name */ primary_domain = talloc_asprintf(state, IPA_DNS_LOCATION ".%s.%s", ctx->hostname, backup_domain); } else { primary_domain = talloc_asprintf(state, IPA_DNS_LOCATION ".%s", ctx->hostname); } if (primary_domain == NULL) { ret = ENOMEM; goto immediately; } DEBUG(SSSDBG_TRACE_FUNC, ("About to discover primary and " "backup servers\n")); subreq = fo_discover_servers_send(state, ev, ctx->resolv_ctx, service, protocol, primary_domain, backup_domain); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, ipa_srv_plugin_done, req); return req; immediately: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void ipa_srv_plugin_done(struct tevent_req *subreq) { struct ipa_srv_plugin_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ipa_srv_plugin_state); ret = fo_discover_servers_recv(state, subreq, &state->dns_domain, &state->primary_servers, &state->num_primary_servers, &state->backup_servers, &state->num_backup_servers); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_FUNC, ("Got %zu primary and %zu backup servers\n", state->num_primary_servers, state->num_backup_servers)); tevent_req_done(req); } errno_t ipa_srv_plugin_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain, struct fo_server_info **_primary_servers, size_t *_num_primary_servers, struct fo_server_info **_backup_servers, size_t *_num_backup_servers) { struct ipa_srv_plugin_state *state = NULL; state = tevent_req_data(req, struct ipa_srv_plugin_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_primary_servers) { *_primary_servers = talloc_steal(mem_ctx, state->primary_servers); } if (_num_primary_servers) { *_num_primary_servers = state->num_primary_servers; } if (_backup_servers) { *_backup_servers = talloc_steal(mem_ctx, state->backup_servers); } if (_num_backup_servers) { *_num_backup_servers = state->num_backup_servers; } if (_dns_domain) { *_dns_domain = talloc_steal(mem_ctx, state->dns_domain); } return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/hbac_evaluator.c0000644000000000000000000000007412320753107022253 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.534875039 sssd-1.11.5/src/providers/ipa/hbac_evaluator.c0000664002412700241270000002311612320753107022500 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- Access control Authors: Sumit Bose Stephen Gallagher Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "providers/ipa/ipa_hbac.h" #include "util/sss_utf8.h" #ifndef HAVE_ERRNO_T #define HAVE_ERRNO_T typedef int errno_t; #endif #ifndef EOK #define EOK 0 #endif /* Placeholder structure for future HBAC time-based * evaluation rules */ struct hbac_time_rules { int not_yet_implemented; }; enum hbac_eval_result_int { HBAC_EVAL_MATCH_ERROR = -1, HBAC_EVAL_MATCHED, HBAC_EVAL_UNMATCHED }; static bool hbac_rule_element_is_complete(struct hbac_rule_element *el) { if (el == NULL) return false; if (el->category == HBAC_CATEGORY_ALL) return true; if (el->names == NULL && el->groups == NULL) return false; if ((el->names && el->names[0] != NULL) || (el->groups && el->groups[0] != NULL)) return true; /* If other categories are added, handle them here */ return false; } bool hbac_rule_is_complete(struct hbac_rule *rule, uint32_t *missing_attrs) { bool complete = true; *missing_attrs = 0; if (rule == NULL) { /* No rule passed in? */ return false; } /* Make sure we have all elements */ if (!hbac_rule_element_is_complete(rule->users)) { complete = false; *missing_attrs |= HBAC_RULE_ELEMENT_USERS; } if (!hbac_rule_element_is_complete(rule->services)) { complete = false; *missing_attrs |= HBAC_RULE_ELEMENT_SERVICES; } if (!hbac_rule_element_is_complete(rule->targethosts)) { complete = false; *missing_attrs |= HBAC_RULE_ELEMENT_TARGETHOSTS; } if (!hbac_rule_element_is_complete(rule->srchosts)) { complete = false; *missing_attrs |= HBAC_RULE_ELEMENT_SOURCEHOSTS; } return complete; } enum hbac_eval_result_int hbac_evaluate_rule(struct hbac_rule *rule, struct hbac_eval_req *hbac_req, enum hbac_error_code *error); enum hbac_eval_result hbac_evaluate(struct hbac_rule **rules, struct hbac_eval_req *hbac_req, struct hbac_info **info) { enum hbac_error_code ret; enum hbac_eval_result result = HBAC_EVAL_DENY; enum hbac_eval_result_int intermediate_result; if (info) { *info = malloc(sizeof(struct hbac_info)); if (!*info) { return HBAC_EVAL_OOM; } (*info)->code = HBAC_ERROR_UNKNOWN; (*info)->rule_name = NULL; } uint32_t i; for (i = 0; rules[i]; i++) { intermediate_result = hbac_evaluate_rule(rules[i], hbac_req, &ret); if (intermediate_result == HBAC_EVAL_UNMATCHED) { /* This rule did not match at all. Skip it */ continue; } else if (intermediate_result == HBAC_EVAL_MATCHED) { /* This request matched an ALLOW rule * Set the result to ALLOW but continue checking * the other rules in case a DENY rule trumps it. */ result = HBAC_EVAL_ALLOW; if (info) { (*info)->code = HBAC_SUCCESS; (*info)->rule_name = strdup(rules[i]->name); if (!(*info)->rule_name) { result = HBAC_EVAL_ERROR; (*info)->code = HBAC_ERROR_OUT_OF_MEMORY; } } break; } else { /* An error occurred processing this rule */ result = HBAC_EVAL_ERROR; if (info) { (*info)->code = ret; (*info)->rule_name = strdup(rules[i]->name); } /* Explicitly not checking the result of strdup(), since if * it's NULL, we can't do anything anyway. */ goto done; } } /* If we've reached the end of the loop, we have either set the * result to ALLOW explicitly or we'll stick with the default DENY. */ done: return result; } static errno_t hbac_evaluate_element(struct hbac_rule_element *rule_el, struct hbac_request_element *req_el, bool *matched); enum hbac_eval_result_int hbac_evaluate_rule(struct hbac_rule *rule, struct hbac_eval_req *hbac_req, enum hbac_error_code *error) { errno_t ret; bool matched; if (!rule->enabled) return HBAC_EVAL_UNMATCHED; /* Make sure we have all elements */ if (!rule->users || !rule->services || !rule->targethosts || !rule->srchosts) { *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } /* Check users */ ret = hbac_evaluate_element(rule->users, hbac_req->user, &matched); if (ret != EOK) { *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } else if (!matched) { return HBAC_EVAL_UNMATCHED; } /* Check services */ ret = hbac_evaluate_element(rule->services, hbac_req->service, &matched); if (ret != EOK) { *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } else if (!matched) { return HBAC_EVAL_UNMATCHED; } /* Check target hosts */ ret = hbac_evaluate_element(rule->targethosts, hbac_req->targethost, &matched); if (ret != EOK) { *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } else if (!matched) { return HBAC_EVAL_UNMATCHED; } /* Check source hosts */ ret = hbac_evaluate_element(rule->srchosts, hbac_req->srchost, &matched); if (ret != EOK) { *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } else if (!matched) { return HBAC_EVAL_UNMATCHED; } return HBAC_EVAL_MATCHED; } static errno_t hbac_evaluate_element(struct hbac_rule_element *rule_el, struct hbac_request_element *req_el, bool *matched) { size_t i, j; const uint8_t *rule_name; const uint8_t *req_name; int ret; if (rule_el->category & HBAC_CATEGORY_ALL) { *matched = true; return EOK; } /* First check the name list */ if (rule_el->names) { for (i = 0; rule_el->names[i]; i++) { if (req_el->name != NULL) { rule_name = (const uint8_t *) rule_el->names[i]; req_name = (const uint8_t *) req_el->name; /* Do a case-insensitive comparison. */ ret = sss_utf8_case_eq(rule_name, req_name); if (ret != EOK && ret != ENOMATCH) { return ret; } else if (ret == EOK) { *matched = true; return EOK; } } } } if (rule_el->groups) { /* Not found in the name list * Check for group membership */ for (i = 0; rule_el->groups[i]; i++) { rule_name = (const uint8_t *) rule_el->groups[i]; for (j = 0; req_el->groups[j]; j++) { req_name = (const uint8_t *) req_el->groups[j]; /* Do a case-insensitive comparison. */ ret = sss_utf8_case_eq(rule_name, req_name); if (ret != EOK && ret != ENOMATCH) { return ret; } else if (ret == EOK) { *matched = true; return EOK; } } } } /* Not found in groups either */ *matched = false; return EOK; } const char *hbac_result_string(enum hbac_eval_result result) { switch(result) { case HBAC_EVAL_ALLOW: return "HBAC_EVAL_ALLOW"; case HBAC_EVAL_DENY: return "HBAC_EVAL_DENY"; case HBAC_EVAL_ERROR: return "HBAC_EVAL_ERROR"; case HBAC_EVAL_OOM: return "Could not allocate memory for hbac_info object"; } return "HBAC_EVAL_ERROR"; } void hbac_free_info(struct hbac_info *info) { if (info == NULL) return; free(info->rule_name); free(info); info = NULL; } const char *hbac_error_string(enum hbac_error_code code) { switch(code) { case HBAC_SUCCESS: return "Success"; case HBAC_ERROR_NOT_IMPLEMENTED: return "Function is not yet implemented"; case HBAC_ERROR_OUT_OF_MEMORY: return "Out of memory"; case HBAC_ERROR_UNPARSEABLE_RULE: return "Rule could not be evaluated"; case HBAC_ERROR_UNKNOWN: default: return "Unknown error code"; } } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_selinux_maps.h0000644000000000000000000000007412320753107022641 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.490875072 sssd-1.11.5/src/providers/ipa/ipa_selinux_maps.h0000664002412700241270000000301312320753107023060 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- SELinux user maps (maps retrieval) Authors: Jan Zeleny Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef IPA_SELINUX_MAPS_H_ #define IPA_SELINUX_MAPS_H_ #include "providers/ldap/sdap_async.h" struct tevent_req * ipa_selinux_get_maps_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, struct sdap_handle *sh, struct sdap_options *opts, struct ipa_options *ipa_opts, struct sdap_search_base **search_bases); errno_t ipa_selinux_get_maps_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *count, struct sysdb_attrs ***maps); #endif /* IPA_SELINUX_MAPS_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_selinux_maps.c0000644000000000000000000000007412320753107022634 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.594874995 sssd-1.11.5/src/providers/ipa/ipa_selinux_maps.c0000664002412700241270000001526412320753107023066 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- SELinux user maps (maps retrieval) Authors: Jan Zeleny Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_selinux_maps.h" struct ipa_selinux_get_maps_state { struct tevent_context *ev; struct sysdb_ctx *sysdb; struct sdap_handle *sh; struct sdap_options *opts; struct ipa_options *ipa_opts; const char **attrs; struct sdap_search_base **search_bases; int search_base_iter; char *cur_filter; char *maps_filter; size_t map_count; struct sysdb_attrs **maps; }; static errno_t ipa_selinux_get_maps_next(struct tevent_req *req, struct ipa_selinux_get_maps_state *state); static void ipa_selinux_get_maps_done(struct tevent_req *subreq); struct tevent_req *ipa_selinux_get_maps_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, struct sdap_handle *sh, struct sdap_options *opts, struct ipa_options *ipa_opts, struct sdap_search_base **search_bases) { struct tevent_req *req; struct ipa_selinux_get_maps_state *state; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct ipa_selinux_get_maps_state); if (req == NULL) { return NULL; } state->ev = ev; state->sysdb = sysdb; state->sh = sh; state->opts = opts; state->ipa_opts = ipa_opts; state->search_bases = search_bases; state->search_base_iter = 0; state->map_count = 0; state->maps = NULL; ret = build_attrs_from_map(state, ipa_opts->selinuxuser_map, IPA_OPTS_SELINUX_USERMAP, NULL, &state->attrs, NULL); if (ret != EOK) goto fail; state->cur_filter = NULL; state->maps_filter = talloc_asprintf(state, "(&(objectclass=%s)(%s=TRUE))", ipa_opts->selinuxuser_map[IPA_OC_SELINUX_USERMAP].name, ipa_opts->selinuxuser_map[IPA_AT_SELINUX_USERMAP_ENABLED].name); if (state->maps_filter == NULL) { ret = ENOMEM; goto fail; } ret = ipa_selinux_get_maps_next(req, state); if (ret == EOK) { ret = EINVAL; } if (ret != EAGAIN) { goto fail; } return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static errno_t ipa_selinux_get_maps_next(struct tevent_req *req, struct ipa_selinux_get_maps_state *state) { struct sdap_search_base *base; struct tevent_req *subreq; base = state->search_bases[state->search_base_iter]; if (base == NULL) { return EOK; } talloc_zfree(state->cur_filter); state->cur_filter = sdap_get_id_specific_filter(state, state->maps_filter, base->filter); if (state->cur_filter == NULL) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Trying to fetch SELinux maps with following " "parameters: [%d][%s][%s]\n", base->scope, state->cur_filter, base->basedn)); subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, base->basedn, base->scope, state->cur_filter, state->attrs, state->ipa_opts->selinuxuser_map, IPA_OPTS_SELINUX_USERMAP, dp_opt_get_int(state->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), true); if (subreq == NULL) { return ENOMEM; } tevent_req_set_callback(subreq, ipa_selinux_get_maps_done, req); return EAGAIN; } static void ipa_selinux_get_maps_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_selinux_get_maps_state *state = tevent_req_data(req, struct ipa_selinux_get_maps_state); struct sysdb_attrs **results; size_t total_count; size_t count; int i; ret = sdap_get_generic_recv(subreq, state, &count, &results); if (ret != EOK) { goto done; } if (count > 0) { DEBUG(SSSDBG_TRACE_FUNC, ("Found %zu user maps in current search base\n", count)); total_count = count + state->map_count; state->maps = talloc_realloc(state, state->maps, struct sysdb_attrs *, total_count); if (state->maps == NULL) { ret = ENOMEM; goto done; } i = 0; while (state->map_count < total_count) { state->maps[state->map_count] = talloc_steal(state->maps, results[i]); state->map_count++; i++; } } state->search_base_iter++; ret = ipa_selinux_get_maps_next(req, state); if (ret == EAGAIN) { return; } else if (ret != EOK) { goto done; } if (state->map_count == 0) { DEBUG(SSSDBG_TRACE_FUNC, ("No SELinux user maps found!\n")); ret = ENOENT; } done: if (ret != EOK) { tevent_req_error(req, ret); } else { tevent_req_done(req); } } errno_t ipa_selinux_get_maps_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *count, struct sysdb_attrs ***maps) { struct ipa_selinux_get_maps_state *state = tevent_req_data(req, struct ipa_selinux_get_maps_state); TEVENT_REQ_RETURN_ON_ERROR(req); *count = state->map_count; *maps = talloc_steal(mem_ctx, state->maps); return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_dyndns.c0000644000000000000000000000007412320753107021424 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.582875004 sssd-1.11.5/src/providers/ipa/ipa_dyndns.c0000664002412700241270000001744712320753107021663 0ustar00jhrozekjhrozek00000000000000/* SSSD ipa_dyndns.c Authors: Stephen Gallagher Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "providers/ldap/sdap_dyndns.h" #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_dyndns.h" #include "providers/data_provider.h" #include "providers/dp_dyndns.h" void ipa_dyndns_update(void *pvt); errno_t ipa_dyndns_init(struct be_ctx *be_ctx, struct ipa_options *ctx) { errno_t ret; ctx->be_res = be_ctx->be_res; if (ctx->be_res == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Resolver must be initialized in order " "to use the IPA dynamic DNS updates\n")); return EINVAL; } ret = be_nsupdate_init_timer(ctx->dyndns_ctx, be_ctx->ev, ipa_dyndns_timer, ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not set up periodic update\n")); return ret; } ret = be_add_online_cb(be_ctx, be_ctx, ipa_dyndns_update, ctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not set up online callback\n")); return ret; } return EOK; } struct ipa_dyndns_timer_ctx { struct sdap_id_op *sdap_op; struct tevent_context *ev; struct ipa_options *ctx; }; static void ipa_dyndns_timer_connected(struct tevent_req *req); void ipa_dyndns_timer(void *pvt) { struct ipa_options *ctx = talloc_get_type(pvt, struct ipa_options); struct sdap_id_ctx *sdap_ctx = ctx->id_ctx->sdap_id_ctx; struct tevent_req *req; req = sdap_dyndns_timer_conn_send(ctx, sdap_ctx->be->ev, sdap_ctx, ctx->dyndns_ctx); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); /* Not much we can do. Just attempt to reschedule */ be_nsupdate_timer_schedule(sdap_ctx->be->ev, ctx->dyndns_ctx); return; } tevent_req_set_callback(req, ipa_dyndns_timer_connected, ctx); } static void ipa_dyndns_timer_connected(struct tevent_req *req) { errno_t ret; struct ipa_options *ctx = tevent_req_callback_data(req, struct ipa_options); ret = sdap_dyndns_timer_conn_recv(req); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to connect to IPA: [%d](%s)\n", ret, sss_strerror(ret))); return; } return ipa_dyndns_update(ctx); } static struct tevent_req *ipa_dyndns_update_send(struct ipa_options *ctx); static errno_t ipa_dyndns_update_recv(struct tevent_req *req); static void ipa_dyndns_nsupdate_done(struct tevent_req *subreq); void ipa_dyndns_update(void *pvt) { struct ipa_options *ctx = talloc_get_type(pvt, struct ipa_options); struct sdap_id_ctx *sdap_ctx = ctx->id_ctx->sdap_id_ctx; /* Schedule timer after provider went offline */ be_nsupdate_timer_schedule(sdap_ctx->be->ev, ctx->dyndns_ctx); struct tevent_req *req = ipa_dyndns_update_send(ctx); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not update DNS\n")); return; } tevent_req_set_callback(req, ipa_dyndns_nsupdate_done, NULL); } static void ipa_dyndns_nsupdate_done(struct tevent_req *req) { int ret = ipa_dyndns_update_recv(req); talloc_free(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Updating DNS entry failed [%d]: %s\n", ret, sss_strerror(ret))); return; } DEBUG(SSSDBG_OP_FAILURE, ("DNS update finished\n")); } struct ipa_dyndns_update_state { struct ipa_options *ipa_ctx; }; static void ipa_dyndns_sdap_update_done(struct tevent_req *subreq); static struct tevent_req * ipa_dyndns_update_send(struct ipa_options *ctx) { int ret; struct ipa_dyndns_update_state *state; struct tevent_req *req, *subreq; struct sdap_id_ctx *sdap_ctx = ctx->id_ctx->sdap_id_ctx; char *dns_zone; const char *servername; int i; DEBUG(SSSDBG_TRACE_FUNC, ("Performing update\n")); req = tevent_req_create(ctx, &state, struct ipa_dyndns_update_state); if (req == NULL) { return NULL; } state->ipa_ctx = ctx; if (ctx->dyndns_ctx->last_refresh + 60 > time(NULL) || ctx->dyndns_ctx->timer_in_progress) { DEBUG(SSSDBG_FUNC_DATA, ("Last periodic update ran recently or timer" "in progress, not scheduling another update\n")); tevent_req_done(req); tevent_req_post(req, sdap_ctx->be->ev); return req; } state->ipa_ctx->dyndns_ctx->last_refresh = time(NULL); dns_zone = dp_opt_get_string(ctx->basic, IPA_DOMAIN); if (!dns_zone) { ret = EIO; goto done; } /* The DNS zone for IPA is the lower-case * version of the IPA domain */ for (i = 0; dns_zone[i] != '\0'; i++) { dns_zone[i] = tolower(dns_zone[i]); } if (strncmp(ctx->service->sdap->uri, "ldap://", 7) != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unexpected format of LDAP URI.\n")); ret = EIO; goto done; } servername = ctx->service->sdap->uri + 7; if (servername[0] == '\0') { ret = EIO; goto done; } subreq = sdap_dyndns_update_send(state, sdap_ctx->be->ev, sdap_ctx->be, ctx->dyndns_ctx->opts, sdap_ctx, ctx->dyndns_ctx->auth_type, dp_opt_get_string(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_IFACE), dp_opt_get_string(ctx->basic, IPA_HOSTNAME), dns_zone, dp_opt_get_string(ctx->basic, IPA_KRB5_REALM), servername, dp_opt_get_int(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_TTL), true); if (!subreq) { ret = EIO; DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: [%d](%s)\n", ret, sss_strerror(ret))); goto done; } tevent_req_set_callback(subreq, ipa_dyndns_sdap_update_done, req); ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, sdap_ctx->be->ev); } return req; } static void ipa_dyndns_sdap_update_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); errno_t ret; ret = sdap_dyndns_update_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Dynamic DNS update failed [%d]: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); return; } tevent_req_done(req); } static errno_t ipa_dyndns_update_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hbac.doxy.in0000644000000000000000000000007412320753107022170 xustar000000000000000030 atime=1396954960.376875894 30 ctime=1396954961.363875166 sssd-1.11.5/src/providers/ipa/ipa_hbac.doxy.in0000664002412700241270000023502012320753107022414 0ustar00jhrozekjhrozek00000000000000# Doxyfile 1.8.3 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (" "). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all # text before the first occurrence of this tag. Doxygen uses libiconv (or the # iconv built into libc) for the transcoding. See # http://www.gnu.org/software/libiconv for the list of possible encodings. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or sequence of words) that should # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. PROJECT_NAME = ipa_hbac # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or # if some version control system is used. PROJECT_NUMBER = @PACKAGE_VERSION@ # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer # a quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = # With the PROJECT_LOGO tag one can specify an logo or icon that is # included in the documentation. The maximum height of the logo should not # exceed 55 pixels and the maximum width should not exceed 200 pixels. # Doxygen will copy the logo to the output directory. PROJECT_LOGO = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. # If a relative path is entered, it will be relative to the location # where doxygen was started. If left blank the current directory will be used. OUTPUT_DIRECTORY = hbac_doc # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create # 4096 sub-directories (in 2 levels) under the output directory of each output # format and will distribute the generated files over these directories. # Enabling this option can be useful when feeding doxygen a huge amount of # source files, where putting all generated files in the same directory would # otherwise cause performance problems for the file system. CREATE_SUBDIRS = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # The default language is English, other supported languages are: # Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, # Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, # Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English # messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, # Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrillic, Slovak, # Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will # include brief member descriptions after the members that are listed in # the file and class documentation (similar to JavaDoc). # Set to NO to disable this. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend # the brief description of a member or function before the detailed description. # Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator # that is used to form the text in various listings. Each string # in this list, if found as the leading text of the brief description, will be # stripped from the text and the result after processing the whole list, is # used as the annotated text. Otherwise, the brief description is used as-is. # If left blank, the following values are used ("$name" is automatically # replaced with the name of the entity): "The $name class" "The $name widget" # "The $name file" "is" "provides" "specifies" "contains" # "represents" "a" "an" "the" ABBREVIATE_BRIEF = "The $name class" \ "The $name widget" \ "The $name file" \ is \ provides \ specifies \ contains \ represents \ a \ an \ the # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # Doxygen will generate a detailed section even if there is only a brief # description. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full # path before files name in the file list and in the header files. If set # to NO the shortest path that makes the file name unique will be used. FULL_PATH_NAMES = YES # If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag # can be used to strip a user-defined part of the path. Stripping is # only done if one of the specified strings matches the left-hand part of # the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the # path to strip. Note that you specify absolute paths here, but also # relative paths, which will be relative from the directory where doxygen is # started. STRIP_FROM_PATH = # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of # the path mentioned in the documentation of a class, which tells # the reader which header file to include in order to use a class. # If left blank only the name of the header file containing the class # definition is used. Otherwise one should specify the include paths that # are normally passed to the compiler using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter # (but less readable) file names. This can be useful if your file system # doesn't support long names like on DOS, Mac, or CD-ROM. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen # will interpret the first line (until the first dot) of a JavaDoc-style # comment as the brief description. If set to NO, the JavaDoc # comments will behave just like regular Qt-style comments # (thus requiring an explicit @brief command for a brief description.) JAVADOC_AUTOBRIEF = YES # If the QT_AUTOBRIEF tag is set to YES then Doxygen will # interpret the first line (until the first dot) of a Qt-style # comment as the brief description. If set to NO, the comments # will behave just like regular Qt-style comments (thus requiring # an explicit \brief command for a brief description.) QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen # treat a multi-line C++ special comment block (i.e. a block of //! or /// # comments) as a brief description. This used to be the default behaviour. # The new default is to treat a multi-line C++ comment block as a detailed # description. Set this tag to YES if you prefer the old behaviour instead. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES (the default) then an undocumented # member inherits the documentation from any documented member that it # re-implements. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce # a new page for each member. If set to NO, the documentation of a member will # be part of the file/class/namespace that contains it. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. # Doxygen uses this value to replace tabs by spaces in code fragments. TAB_SIZE = 8 # This tag can be used to specify a number of aliases that acts # as commands in the documentation. An alias has the form "name=value". # For example adding "sideeffect=\par Side Effects:\n" will allow you to # put the command \sideeffect (or @sideeffect) in the documentation, which # will result in a user-defined paragraph with heading "Side Effects:". # You can put \n's in the value part of an alias to insert newlines. ALIASES = # This tag can be used to specify a number of word-keyword mappings (TCL only). # A mapping has the form "name=value". For example adding # "class=itcl::class" will allow you to use the command class in the # itcl::class meaning. TCL_SUBST = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C # sources only. Doxygen will then generate output that is more tailored for C. # For instance, some of the names that are used will be different. The list # of all members will be omitted, etc. OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java # sources only. Doxygen will then generate output that is more tailored for # Java. For instance, namespaces will be presented as packages, qualified # scopes will look different, etc. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources only. Doxygen will then generate output that is more tailored for # Fortran. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for # VHDL. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, # and language is one of the parsers supported by doxygen: IDL, Java, # Javascript, CSharp, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, # C++. For instance to make doxygen treat .inc files as Fortran files (default # is PHP), and .f files as C (default is Fortran), use: inc=Fortran f=C. Note # that for custom extensions you also need to set FILE_PATTERNS otherwise the # files are not read by doxygen. EXTENSION_MAPPING = # If MARKDOWN_SUPPORT is enabled (the default) then doxygen pre-processes all # comments according to the Markdown format, which allows for more readable # documentation. See http://daringfireball.net/projects/markdown/ for details. # The output of markdown processing is further processed by doxygen, so you # can mix doxygen, HTML, and XML commands with Markdown formatting. # Disable only in case of backward compatibilities issues. MARKDOWN_SUPPORT = YES # When enabled doxygen tries to link words that correspond to documented classes, # or namespaces to their corresponding documentation. Such a link can be # prevented in individual cases by by putting a % sign in front of the word or # globally by setting AUTOLINK_SUPPORT to NO. AUTOLINK_SUPPORT = YES # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should # set this tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); v.s. # func(std::string) {}). This also makes the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. # Doxygen will parse them like normal C++ but will assume all classes use public # instead of private inheritance when no explicit protection keyword is present. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate # getter and setter methods for a property. Setting this option to YES (the # default) will make doxygen replace the get and set methods by a property in # the documentation. This will only work if the methods are indeed getting or # setting a simple type. If this is not the case, or you want to show the # methods anyway, you should set this option to NO. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES, then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. DISTRIBUTE_GROUP_DOC = NO # Set the SUBGROUPING tag to YES (the default) to allow class member groups of # the same type (for instance a group of public functions) to be put as a # subgroup of that type (e.g. under the Public Functions section). Set it to # NO to prevent subgrouping. Alternatively, this can be done per class using # the \nosubgrouping command. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and # unions are shown inside the group in which they are included (e.g. using # @ingroup) instead of on a separate page (for HTML and Man pages) or # section (for LaTeX and RTF). INLINE_GROUPED_CLASSES = NO # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and # unions with only public data fields will be shown inline in the documentation # of the scope in which they are defined (i.e. file, namespace, or group # documentation), provided this scope is documented. If set to NO (the default), # structs, classes, and unions are shown on a separate page (for HTML and Man # pages) or section (for LaTeX and RTF). INLINE_SIMPLE_STRUCTS = NO # When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum # is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically # be useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. TYPEDEF_HIDES_STRUCT = NO # The SYMBOL_CACHE_SIZE determines the size of the internal cache use to # determine which symbols to keep in memory and which to flush to disk. # When the cache is full, less often used symbols will be written to disk. # For small to medium size projects (<1000 input files) the default value is # probably good enough. For larger projects a too small cache size can cause # doxygen to be busy swapping symbols to and from disk most of the time # causing a significant performance penalty. # If the system has enough physical memory increasing the cache will improve the # performance by keeping more symbols in memory. Note that the value works on # a logarithmic scale so increasing the size by one will roughly double the # memory usage. The cache size is given by this formula: # 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, # corresponding to a cache size of 2^16 = 65536 symbols. SYMBOL_CACHE_SIZE = 0 # Similar to the SYMBOL_CACHE_SIZE the size of the symbol lookup cache can be # set using LOOKUP_CACHE_SIZE. This cache is used to resolve symbols given # their name and scope. Since this can be an expensive process and often the # same symbol appear multiple times in the code, doxygen keeps a cache of # pre-resolved symbols. If the cache is too small doxygen will become slower. # If the cache is too large, memory is wasted. The cache size is given by this # formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range is 0..9, the default is 0, # corresponding to a cache size of 2^16 = 65536 symbols. LOOKUP_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in # documentation are documented, even if no documentation was available. # Private class members and static file members will be hidden unless # the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES EXTRACT_ALL = NO # If the EXTRACT_PRIVATE tag is set to YES all private members of a class # will be included in the documentation. EXTRACT_PRIVATE = NO # If the EXTRACT_PACKAGE tag is set to YES all members with package or internal # scope will be included in the documentation. EXTRACT_PACKAGE = NO # If the EXTRACT_STATIC tag is set to YES all static members of a file # will be included in the documentation. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) # defined locally in source files will be included in the documentation. # If set to NO only classes defined in header files are included. EXTRACT_LOCAL_CLASSES = NO # This flag is only useful for Objective-C code. When set to YES local # methods, which are defined in the implementation section but not in # the interface are included in the documentation. # If set to NO (the default) only methods in the interface are included. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base # name of the file that contains the anonymous namespace. By default # anonymous namespaces are hidden. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all # undocumented members of documented classes, files or namespaces. # If set to NO (the default) these members will be included in the # various overviews, but no documentation section is generated. # This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_MEMBERS = YES # If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. # If set to NO (the default) these classes will be included in the various # overviews. This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_CLASSES = YES # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all # friend (class|struct|union) declarations. # If set to NO (the default) these declarations will be included in the # documentation. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any # documentation blocks found inside the body of a function. # If set to NO (the default) these blocks will be appended to the # function's detailed documentation block. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation # that is typed after a \internal command is included. If the tag is set # to NO (the default) then the documentation will be excluded. # Set it to YES to include the internal documentation. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate # file names in lower-case letters. If set to YES upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen # will show members with their full class and namespace scopes in the # documentation. If set to YES the scope will be hidden. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen # will put a list of the files that are included by a file in the documentation # of that file. SHOW_INCLUDE_FILES = YES # If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen # will list include files with double quotes in the documentation # rather than with sharp brackets. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES (the default) then a tag [inline] # is inserted in the documentation for inline members. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen # will sort the (detailed) documentation of file and class members # alphabetically by member name. If set to NO the members will appear in # declaration order. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the # brief documentation of file, namespace and class members alphabetically # by member name. If set to NO (the default) the members will appear in # declaration order. SORT_BRIEF_DOCS = NO # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen # will sort the (brief and detailed) documentation of class members so that # constructors and destructors are listed first. If set to NO (the default) # the constructors will appear in the respective orders defined by # SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. # This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO # and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the # hierarchy of group names into alphabetical order. If set to NO (the default) # the group names will appear in their defined order. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be # sorted by fully-qualified names, including namespaces. If set to # NO (the default), the class list will be sorted only by class name, # not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the # alphabetical list. SORT_BY_SCOPE_NAME = NO # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to # do proper type resolution of all parameters of a function it will reject a # match between the prototype and the implementation of a member function even # if there is only one candidate or it is obvious which candidate to choose # by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen # will still accept a match between prototype and implementation in such cases. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable (YES) or # disable (NO) the todo list. This list is created by putting \todo # commands in the documentation. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or # disable (NO) the test list. This list is created by putting \test # commands in the documentation. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or # disable (NO) the bug list. This list is created by putting \bug # commands in the documentation. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or # disable (NO) the deprecated list. This list is created by putting # \deprecated commands in the documentation. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional # documentation sections, marked by \if section-label ... \endif # and \cond section-label ... \endcond blocks. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines # the initial value of a variable or macro consists of for it to appear in # the documentation. If the initializer consists of more lines than specified # here it will be hidden. Use a value of 0 to hide initializers completely. # The appearance of the initializer of individual variables and macros in the # documentation can be controlled using \showinitializer or \hideinitializer # command in the documentation regardless of this setting. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated # at the bottom of the documentation of classes and structs. If set to YES the # list will mention the files that were used to generate the documentation. SHOW_USED_FILES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. # This will remove the Files entry from the Quick Index and from the # Folder Tree View (if specified). The default is YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the # Namespaces page. # This will remove the Namespaces entry from the Quick Index # and from the Folder Tree View (if specified). The default is YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command , where is the value of # the FILE_VERSION_FILTER tag, and is the name of an input file # provided by doxygen. Whatever the program writes to standard output # is used as the file version. See the manual for examples. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. # You can optionally specify a file name after the option, if omitted # DoxygenLayout.xml will be used as the name of the layout file. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files # containing the references data. This must be a list of .bib files. The # .bib extension is automatically appended if omitted. Using this command # requires the bibtex tool to be installed. See also # http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style # of the bibliography can be controlled using LATEX_BIB_STYLE. To use this # feature you need bibtex and perl available in the search path. Do not use # file names with spaces, bibtex cannot handle them. CITE_BIB_FILES = #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated # by doxygen. Possible values are YES and NO. If left blank NO is used. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated by doxygen. Possible values are YES and NO. If left blank # NO is used. WARNINGS = YES # If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings # for undocumented members. If EXTRACT_ALL is set to YES then this flag will # automatically be disabled. WARN_IF_UNDOCUMENTED = YES # If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some # parameters in a documented function, or documenting parameters that # don't exist or using markup commands wrongly. WARN_IF_DOC_ERROR = YES # The WARN_NO_PARAMDOC option can be enabled to get warnings for # functions that are documented, but have no documentation for their parameters # or return value. If set to NO (the default) doxygen will only warn about # wrong or incomplete parameter documentation, but not about the absence of # documentation. WARN_NO_PARAMDOC = NO # The WARN_FORMAT tag determines the format of the warning messages that # doxygen can produce. The string should contain the $file, $line, and $text # tags, which will be replaced by the file and line number from which the # warning originated and the warning text. Optionally the format may contain # $version, which will be replaced by the version of the file (if it could # be obtained via FILE_VERSION_FILTER) WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning # and error messages should be written. If left blank the output is written # to stderr. WARN_LOGFILE = #--------------------------------------------------------------------------- # configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag can be used to specify the files and/or directories that contain # documented source files. You may enter file names like "myfile.cpp" or # directories like "/usr/src/myproject". Separate the files or directories # with spaces. INPUT = @abs_top_srcdir@/src/providers/ipa/ipa_hbac.h # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is # also the default input encoding. Doxygen uses libiconv (or the iconv built # into libc) for the transcoding. See http://www.gnu.org/software/libiconv for # the list of possible encodings. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank the following patterns are tested: # *.c *.cc *.cxx *.cpp *.c++ *.d *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh # *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py # *.f90 *.f *.for *.vhd *.vhdl FILE_PATTERNS = *.cpp \ *.cc \ *.c \ *.h \ *.hh \ *.hpp \ *.dox # The RECURSIVE tag can be used to turn specify whether or not subdirectories # should be searched for input files as well. Possible values are YES and NO. # If left blank NO is used. RECURSIVE = NO # The EXCLUDE tag can be used to specify files and/or directories that should be # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # Note that relative paths are relative to the directory from which doxygen is # run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. Note that the wildcards are matched # against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* EXCLUDE_PATTERNS = */.git/* \ */.svn/* \ */cmake/* \ */build/* # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or # directories that contain example code fragments that are included (see # the \include command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank all files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude # commands irrespective of the value of the RECURSIVE tag. # Possible values are YES and NO. If left blank NO is used. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or # directories that contain image that are included in the documentation (see # the \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command , where # is the value of the INPUT_FILTER tag, and is the name of an # input file. Doxygen will then use the output that the filter program writes # to standard output. # If FILTER_PATTERNS is specified, this tag will be # ignored. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. # Doxygen will compare the file name with each pattern and apply the # filter if there is a match. # The filters are a list of the form: # pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further # info on how filters are used. If FILTER_PATTERNS is empty or if # non of the patterns match the file name, INPUT_FILTER is applied. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will be used to filter the input files when producing source # files to browse (i.e. when SOURCE_BROWSER is set to YES). FILTER_SOURCE_FILES = NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) # and it is also possible to disable source filtering for a specific pattern # using *.ext= (so without naming a filter). This option only has effect when # FILTER_SOURCE_FILES is enabled. FILTER_SOURCE_PATTERNS = # If the USE_MD_FILE_AS_MAINPAGE tag refers to the name of a markdown file that # is part of the input, its contents will be placed on the main page (index.html). # This can be useful if you have a project on for instance GitHub and want reuse # the introduction page also for the doxygen output. USE_MDFILE_AS_MAINPAGE = #--------------------------------------------------------------------------- # configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will # be generated. Documented entities will be cross-referenced with these sources. # Note: To get rid of all source code in the generated output, make sure also # VERBATIM_HEADERS is set to NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body # of functions and classes directly in the documentation. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct # doxygen to hide any special comment blocks from generated source code # fragments. Normal C, C++ and Fortran comments will always remain visible. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES # then for each documented function all documented # functions referencing it will be listed. REFERENCED_BY_RELATION = NO # If the REFERENCES_RELATION tag is set to YES # then for each documented function all documented entities # called/used by that function will be listed. REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES (the default) # and SOURCE_BROWSER tag is set to YES, then the hyperlinks from # functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will # link to the source code. # Otherwise they will link to the documentation. REFERENCES_LINK_SOURCE = YES # If the USE_HTAGS tag is set to YES then the references to source code # will point to the HTML generated by the htags(1) tool instead of doxygen # built-in source browser. The htags tool is part of GNU's global source # tagging system (see http://www.gnu.org/software/global/global.html). You # will need version 4.8.6 or higher. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen # will generate a verbatim copy of the header file for each class for # which an include is specified. Set to NO to disable this. VERBATIM_HEADERS = YES #--------------------------------------------------------------------------- # configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index # of all compounds will be generated. Enable this if the project # contains a lot of classes, structs, unions or interfaces. ALPHABETICAL_INDEX = NO # If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then # the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns # in which this list will be split (can be a number in the range [1..20]) COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all # classes will be put under the same header in the alphabetical index. # The IGNORE_PREFIX tag can be used to specify one or more prefixes that # should be ignored while generating the index headers. IGNORE_PREFIX = #--------------------------------------------------------------------------- # configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES (the default) Doxygen will # generate HTML output. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `html' will be used as the default path. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for # each generated HTML page (for example: .htm,.php,.asp). If it is left blank # doxygen will generate files with .html extension. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a personal HTML header for # each generated HTML page. If it is left blank doxygen will generate a # standard header. Note that when using a custom header you are responsible # for the proper inclusion of any scripts and style sheets that doxygen # needs, which is dependent on the configuration options used. # It is advised to generate a default header using "doxygen -w html # header.html footer.html stylesheet.css YourConfigFile" and then modify # that header. Note that the header is subject to change so you typically # have to redo this when upgrading to a newer version of doxygen or when # changing the value of configuration settings such as GENERATE_TREEVIEW! HTML_HEADER = # The HTML_FOOTER tag can be used to specify a personal HTML footer for # each generated HTML page. If it is left blank doxygen will generate a # standard footer. HTML_FOOTER = # The HTML_STYLESHEET tag can be used to specify a user-defined cascading # style sheet that is used by each HTML page. It can be used to # fine-tune the look of the HTML output. If left blank doxygen will # generate a default style sheet. Note that it is recommended to use # HTML_EXTRA_STYLESHEET instead of this one, as it is more robust and this # tag will in the future become obsolete. HTML_STYLESHEET = # The HTML_EXTRA_STYLESHEET tag can be used to specify an additional # user-defined cascading style sheet that is included after the standard # style sheets created by doxygen. Using this option one can overrule # certain style aspects. This is preferred over using HTML_STYLESHEET # since it does not replace the standard style sheet and is therefor more # robust against future updates. Doxygen will copy the style sheet file to # the output directory. HTML_EXTRA_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath$ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that # the files will be copied as-is; there are no commands or markers available. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. # Doxygen will adjust the colors in the style sheet and background images # according to this color. Hue is specified as an angle on a colorwheel, # see http://en.wikipedia.org/wiki/Hue for more information. # For instance the value 0 represents red, 60 is yellow, 120 is green, # 180 is cyan, 240 is blue, 300 purple, and 360 is red again. # The allowed range is 0 to 359. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of # the colors in the HTML output. For a value of 0 the output will use # grayscales only. A value of 255 will produce the most vivid colors. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to # the luminance component of the colors in the HTML output. Values below # 100 gradually make the output lighter, whereas values above 100 make # the output darker. The value divided by 100 is the actual gamma applied, # so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2, # and 100 does not change the gamma. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting # this to NO can help when comparing the output of multiple runs. HTML_TIMESTAMP = NO # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. HTML_DYNAMIC_SECTIONS = NO # With HTML_INDEX_NUM_ENTRIES one can control the preferred number of # entries shown in the various tree structured indices initially; the user # can expand and collapse entries dynamically later on. Doxygen will expand # the tree to such a level that at most the specified number of entries are # visible (unless a fully collapsed tree already exceeds this amount). # So setting the number of entries 1 will produce a full collapsed tree by # default. 0 is a special value representing an infinite number of entries # and will result in a full expanded tree by default. HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files # will be generated that can be used as input for Apple's Xcode 3 # integrated development environment, introduced with OSX 10.5 (Leopard). # To create a documentation set, doxygen will generate a Makefile in the # HTML output directory. Running make will produce the docset in that # directory and running "make install" will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find # it at startup. # See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. GENERATE_DOCSET = NO # When GENERATE_DOCSET tag is set to YES, this tag determines the name of the # feed. A documentation feed provides an umbrella under which multiple # documentation sets from a single provider (such as a company or product suite) # can be grouped. DOCSET_FEEDNAME = "Doxygen generated docs" # When GENERATE_DOCSET tag is set to YES, this tag specifies a string that # should uniquely identify the documentation set bundle. This should be a # reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen # will append .docset to the name. DOCSET_BUNDLE_ID = org.doxygen.Project # When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely # identify the documentation publisher. This should be a reverse domain-name # style string, e.g. com.mycompany.MyDocSet.documentation. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES, additional index files # will be generated that can be used as input for tools like the # Microsoft HTML help workshop to generate a compiled HTML help file (.chm) # of the generated HTML documentation. GENERATE_HTMLHELP = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can # be used to specify the file name of the resulting .chm file. You # can add a path in front of the file if the result should not be # written to the html output directory. CHM_FILE = # If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can # be used to specify the location (absolute path including file name) of # the HTML help compiler (hhc.exe). If non-empty doxygen will try to run # the HTML help compiler on the generated index.hhp. HHC_LOCATION = # If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag # controls if a separate .chi index file is generated (YES) or that # it should be included in the master .chm file (NO). GENERATE_CHI = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING # is used to encode HtmlHelp index (hhk), content (hhc) and project file # content. CHM_INDEX_ENCODING = # If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag # controls whether a binary table of contents is generated (YES) or a # normal table of contents (NO) in the .chm file. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members # to the contents of the HTML help documentation and to the tree view. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated # that can be used as input for Qt's qhelpgenerator to generate a # Qt Compressed Help (.qch) of the generated HTML documentation. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can # be used to specify the file name of the resulting .qch file. # The path specified is relative to the HTML output folder. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#namespace QHP_NAMESPACE = # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#virtual-folders QHP_VIRTUAL_FOLDER = doc # If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to # add. For more information please see # http://doc.trolltech.com/qthelpproject.html#custom-filters QHP_CUST_FILTER_NAME = # The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see # # Qt Help Project / Custom Filters. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's # filter section matches. # # Qt Help Project / Filter Attributes. QHP_SECT_FILTER_ATTRS = # If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can # be used to specify the location of Qt's qhelpgenerator. # If non-empty doxygen will try to run qhelpgenerator on the generated # .qhp file. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files # will be generated, which together with the HTML files, form an Eclipse help # plugin. To install this plugin and make it available under the help contents # menu in Eclipse, the contents of the directory containing the HTML and XML # files needs to be copied into the plugins directory of eclipse. The name of # the directory within the plugins directory should be the same as # the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before # the help appears. GENERATE_ECLIPSEHELP = NO # A unique identifier for the eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have # this name. ECLIPSE_DOC_ID = org.doxygen.Project # The DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) # at top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. Since the tabs have the same information as the # navigation tree you can set this option to NO if you already set # GENERATE_TREEVIEW to YES. DISABLE_INDEX = NO # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. # If the tag value is set to YES, a side panel will be generated # containing a tree-like index structure (just like the one that # is generated for HTML Help). For this to work a browser that supports # JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). # Windows users are probably better off using the HTML help feature. # Since the tree basically has the same information as the tab index you # could consider to set DISABLE_INDEX to NO when enabling this option. GENERATE_TREEVIEW = NONE # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values # (range [0,1..20]) that doxygen will group on one line in the generated HTML # documentation. Note that a value of 0 will completely suppress the enum # values from appearing in the overview section. ENUM_VALUES_PER_LINE = 4 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be # used to set the initial width (in pixels) of the frame in which the tree # is shown. TREEVIEW_WIDTH = 250 # When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open # links to external symbols imported via tag files in a separate window. EXT_LINKS_IN_WINDOW = NO # Use this tag to change the font size of Latex formulas included # as images in the HTML documentation. The default is 10. Note that # when you change the font size after a successful doxygen run you need # to manually remove any form_*.png images from the HTML output directory # to force them to be regenerated. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are # not supported properly for IE 6.0, but are supported on all modern browsers. # Note that when changing this option you need to delete any form_*.png files # in the HTML output before the changes have effect. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax # (see http://www.mathjax.org) which uses client side Javascript for the # rendering instead of using prerendered bitmaps. Use this if you do not # have LaTeX installed or if you want to formulas look prettier in the HTML # output. When enabled you may also need to install MathJax separately and # configure the path to it using the MATHJAX_RELPATH option. USE_MATHJAX = NO # When MathJax is enabled you can set the default output format to be used for # thA MathJax output. Supported types are HTML-CSS, NativeMML (i.e. MathML) and # SVG. The default value is HTML-CSS, which is slower, but has the best # compatibility. MATHJAX_FORMAT = HTML-CSS # When MathJax is enabled you need to specify the location relative to the # HTML output directory using the MATHJAX_RELPATH option. The destination # directory should contain the MathJax.js script. For instance, if the mathjax # directory is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to # the MathJax Content Delivery Network so you can quickly see the result without # installing MathJax. # However, it is strongly recommended to install a local # copy of MathJax from http://www.mathjax.org before deployment. MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest # The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension # names that should be enabled during MathJax rendering. MATHJAX_EXTENSIONS = # When the SEARCHENGINE tag is enabled doxygen will generate a search box # for the HTML output. The underlying search engine uses javascript # and DHTML and should work on any modern browser. Note that when using # HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets # (GENERATE_DOCSET) there is already a search function so this one should # typically be disabled. For large projects the javascript based search engine # can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution. SEARCHENGINE = NO # When the SERVER_BASED_SEARCH tag is enabled the search engine will be # implemented using a web server instead of a web client using Javascript. # There are two flavours of web server based search depending on the # EXTERNAL_SEARCH setting. When disabled, doxygen will generate a PHP script for # searching and an index file used by the script. When EXTERNAL_SEARCH is # enabled the indexing and searching needs to be provided by external tools. # See the manual for details. SERVER_BASED_SEARCH = NO # When EXTERNAL_SEARCH is enabled doxygen will no longer generate the PHP # script for searching. Instead the search results are written to an XML file # which needs to be processed by an external indexer. Doxygen will invoke an # external search engine pointed to by the SEARCHENGINE_URL option to obtain # the search results. Doxygen ships with an example indexer (doxyindexer) and # search engine (doxysearch.cgi) which are based on the open source search engine # library Xapian. See the manual for configuration details. EXTERNAL_SEARCH = NO # The SEARCHENGINE_URL should point to a search engine hosted by a web server # which will returned the search results when EXTERNAL_SEARCH is enabled. # Doxygen ships with an example search engine (doxysearch) which is based on # the open source search engine library Xapian. See the manual for configuration # details. SEARCHENGINE_URL = # When SERVER_BASED_SEARCH and EXTERNAL_SEARCH are both enabled the unindexed # search data is written to a file for indexing by an external tool. With the # SEARCHDATA_FILE tag the name of this file can be specified. SEARCHDATA_FILE = searchdata.xml # The EXTRA_SEARCH_MAPPINGS tag can be used to enable searching through other # doxygen projects that are not otherwise connected via tags files, but are # all added to the same search index. Each project needs to have a tag file set # via GENERATE_TAGFILE. The search mapping then maps the name of the tag file # to a relative location where the documentation can be found, # similar to the # TAGFILES option but without actually processing the tag file. # The format is: EXTRA_SEARCH_MAPPINGS = tagname1=loc1 tagname2=loc2 ... EXTRA_SEARCH_MAPPINGS = #--------------------------------------------------------------------------- # configuration options related to the LaTeX output #--------------------------------------------------------------------------- # If the GENERATE_LATEX tag is set to YES (the default) Doxygen will # generate Latex output. GENERATE_LATEX = NO # The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `latex' will be used as the default path. LATEX_OUTPUT = latex # The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. If left blank `latex' will be used as the default command name. # Note that when enabling USE_PDFLATEX this option is only used for # generating bitmaps for formulas in the HTML output, but not in the # Makefile that is written to the output directory. LATEX_CMD_NAME = latex # The MAKEINDEX_CMD_NAME tag can be used to specify the command name to # generate index for LaTeX. If left blank `makeindex' will be used as the # default command name. MAKEINDEX_CMD_NAME = makeindex # If the COMPACT_LATEX tag is set to YES Doxygen generates more compact # LaTeX documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_LATEX = NO # The PAPER_TYPE tag can be used to set the paper type that is used # by the printer. Possible values are: a4, letter, legal and # executive. If left blank a4wide will be used. PAPER_TYPE = a4wide # The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX # packages that should be included in the LaTeX output. EXTRA_PACKAGES = # The LATEX_HEADER tag can be used to specify a personal LaTeX header for # the generated latex document. The header should contain everything until # the first chapter. If it is left blank doxygen will generate a # standard header. Notice: only use this tag if you know what you are doing! LATEX_HEADER = # The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for # the generated latex document. The footer should contain everything after # the last chapter. If it is left blank doxygen will generate a # standard footer. Notice: only use this tag if you know what you are doing! LATEX_FOOTER = # If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated # is prepared for conversion to pdf (using ps2pdf). The pdf file will # contain links (just like the HTML output) instead of page references # This makes the output suitable for online browsing using a pdf viewer. PDF_HYPERLINKS = YES # If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of # plain latex in the generated Makefile. Set this option to YES to get a # higher quality PDF documentation. USE_PDFLATEX = YES # If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. # command to the generated LaTeX files. This will instruct LaTeX to keep # running if errors occur, instead of asking the user for help. # This option is also used when generating formulas in HTML. LATEX_BATCHMODE = NO # If LATEX_HIDE_INDICES is set to YES then doxygen will not # include the index chapters (such as File Index, Compound Index, etc.) # in the output. LATEX_HIDE_INDICES = NO # If LATEX_SOURCE_CODE is set to YES then doxygen will include # source code with syntax highlighting in the LaTeX output. # Note that which sources are shown also depends on other settings # such as SOURCE_BROWSER. LATEX_SOURCE_CODE = NO # The LATEX_BIB_STYLE tag can be used to specify the style to use for the # bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See # http://en.wikipedia.org/wiki/BibTeX for more info. LATEX_BIB_STYLE = plain #--------------------------------------------------------------------------- # configuration options related to the RTF output #--------------------------------------------------------------------------- # If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output # The RTF output is optimized for Word 97 and may not look very pretty with # other RTF readers or editors. GENERATE_RTF = NO # The RTF_OUTPUT tag is used to specify where the RTF docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `rtf' will be used as the default path. RTF_OUTPUT = rtf # If the COMPACT_RTF tag is set to YES Doxygen generates more compact # RTF documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_RTF = NO # If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated # will contain hyperlink fields. The RTF file will # contain links (just like the HTML output) instead of page references. # This makes the output suitable for online browsing using WORD or other # programs which support those fields. # Note: wordpad (write) and others do not support links. RTF_HYPERLINKS = NO # Load style sheet definitions from file. Syntax is similar to doxygen's # config file, i.e. a series of assignments. You only have to provide # replacements, missing definitions are set to their default value. RTF_STYLESHEET_FILE = # Set optional variables used in the generation of an rtf document. # Syntax is similar to doxygen's config file. RTF_EXTENSIONS_FILE = #--------------------------------------------------------------------------- # configuration options related to the man page output #--------------------------------------------------------------------------- # If the GENERATE_MAN tag is set to YES (the default) Doxygen will # generate man pages GENERATE_MAN = NO # The MAN_OUTPUT tag is used to specify where the man pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `man' will be used as the default path. MAN_OUTPUT = man # The MAN_EXTENSION tag determines the extension that is added to # the generated man pages (default is the subroutine's section .3) MAN_EXTENSION = .3 # If the MAN_LINKS tag is set to YES and Doxygen generates man output, # then it will generate one additional man file for each entity # documented in the real man page(s). These additional files # only source the real man page, but without them the man command # would be unable to find the correct page. The default is NO. MAN_LINKS = NO #--------------------------------------------------------------------------- # configuration options related to the XML output #--------------------------------------------------------------------------- # If the GENERATE_XML tag is set to YES Doxygen will # generate an XML file that captures the structure of # the code including all documentation. GENERATE_XML = NO # The XML_OUTPUT tag is used to specify where the XML pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `xml' will be used as the default path. XML_OUTPUT = xml # The XML_SCHEMA tag can be used to specify an XML schema, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_SCHEMA = # The XML_DTD tag can be used to specify an XML DTD, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_DTD = # If the XML_PROGRAMLISTING tag is set to YES Doxygen will # dump the program listings (including syntax highlighting # and cross-referencing information) to the XML output. Note that # enabling this will significantly increase the size of the XML output. XML_PROGRAMLISTING = YES #--------------------------------------------------------------------------- # configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- # If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will # generate an AutoGen Definitions (see autogen.sf.net) file # that captures the structure of the code including all # documentation. Note that this feature is still experimental # and incomplete at the moment. GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- # configuration options related to the Perl module output #--------------------------------------------------------------------------- # If the GENERATE_PERLMOD tag is set to YES Doxygen will # generate a Perl module file that captures the structure of # the code including all documentation. Note that this # feature is still experimental and incomplete at the # moment. GENERATE_PERLMOD = NO # If the PERLMOD_LATEX tag is set to YES Doxygen will generate # the necessary Makefile rules, Perl scripts and LaTeX code to be able # to generate PDF and DVI output from the Perl module output. PERLMOD_LATEX = NO # If the PERLMOD_PRETTY tag is set to YES the Perl module output will be # nicely formatted so it can be parsed by a human reader. # This is useful # if you want to understand what is going on. # On the other hand, if this # tag is set to NO the size of the Perl module output will be much smaller # and Perl will parse it just the same. PERLMOD_PRETTY = YES # The names of the make variables in the generated doxyrules.make file # are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. # This is useful so different doxyrules.make files included by the same # Makefile don't overwrite each other's variables. PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- # If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will # evaluate all C-preprocessor directives found in the sources and include # files. ENABLE_PREPROCESSING = YES # If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro # names in the source code. If set to NO (the default) only conditional # compilation will be performed. Macro expansion can be done in a controlled # way by setting EXPAND_ONLY_PREDEF to YES. MACRO_EXPANSION = NO # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES # then the macro expansion is limited to the macros specified with the # PREDEFINED and EXPAND_AS_DEFINED tags. EXPAND_ONLY_PREDEF = NO # If the SEARCH_INCLUDES tag is set to YES (the default) the includes files # pointed to by INCLUDE_PATH will be searched when a #include is found. SEARCH_INCLUDES = YES # The INCLUDE_PATH tag can be used to specify one or more directories that # contain include files that are not input files but should be processed by # the preprocessor. INCLUDE_PATH = # You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard # patterns (like *.h and *.hpp) to filter out the header-files in the # directories. If left blank, the patterns specified with FILE_PATTERNS will # be used. INCLUDE_FILE_PATTERNS = # The PREDEFINED tag can be used to specify one or more macro names that # are defined before the preprocessor is started (similar to the -D option of # gcc). The argument of the tag is a list of macros of the form: name # or name=definition (no spaces). If the definition and the = are # omitted =1 is assumed. To prevent a macro definition from being # undefined via #undef or recursively expanded use the := operator # instead of the = operator. PREDEFINED = DOXYGEN # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # this tag can be used to specify a list of macro names that should be expanded. # The macro definition that is found in the sources will be used. # Use the PREDEFINED tag if you want to use a different macro definition that # overrules the definition found in the source code. EXPAND_AS_DEFINED = # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then # doxygen's preprocessor will remove all references to function-like macros # that are alone on a line, have an all uppercase name, and do not end with a # semicolon, because these will confuse the parser if not removed. SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- # Configuration::additions related to external references #--------------------------------------------------------------------------- # The TAGFILES option can be used to specify one or more tagfiles. For each # tag file the location of the external documentation should be added. The # format of a tag file without this location is as follows: # # TAGFILES = file1 file2 ... # Adding location for the tag files is done as follows: # # TAGFILES = file1=loc1 "file2 = loc2" ... # where "loc1" and "loc2" can be relative or absolute paths # or URLs. Note that each tag file must have a unique name (where the name does # NOT include the path). If a tag file is not located in the directory in which # doxygen is run, you must also specify the path to the tagfile here. TAGFILES = # When a file name is specified after GENERATE_TAGFILE, doxygen will create # a tag file that is based on the input files it reads. GENERATE_TAGFILE = # If the ALLEXTERNALS tag is set to YES all external classes will be listed # in the class index. If set to NO only the inherited external classes # will be listed. ALLEXTERNALS = NO # If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed # in the modules index. If set to NO, only the current project's groups will # be listed. EXTERNAL_GROUPS = YES # The PERL_PATH should be the absolute path and name of the perl script # interpreter (i.e. the result of `which perl'). PERL_PATH = /usr/bin/perl #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- # If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will # generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base # or super classes. Setting the tag to NO turns the diagrams off. Note that # this option also works with HAVE_DOT disabled, but it is recommended to # install and use dot, since it yields more powerful graphs. CLASS_DIAGRAMS = YES # You can define message sequence charts within doxygen comments using the \msc # command. Doxygen will then run the mscgen tool (see # http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the # documentation. The MSCGEN_PATH tag allows you to specify the directory where # the mscgen tool resides. If left empty the tool is assumed to be found in the # default search path. MSCGEN_PATH = # If set to YES, the inheritance and collaboration graphs will hide # inheritance and usage relations if the target is undocumented # or is not a class. HIDE_UNDOC_RELATIONS = YES # If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is # available from the path. This tool is part of Graphviz, a graph visualization # toolkit from AT&T and Lucent Bell Labs. The other options in this section # have no effect if this option is set to NO (the default) HAVE_DOT = NO # The DOT_NUM_THREADS specifies the number of dot invocations doxygen is # allowed to run in parallel. When set to 0 (the default) doxygen will # base this on the number of processors available in the system. You can set it # explicitly to a value larger than 0 to get control over the balance # between CPU load and processing speed. DOT_NUM_THREADS = 0 # By default doxygen will use the Helvetica font for all dot files that # doxygen generates. When you want a differently looking font you can specify # the font name using DOT_FONTNAME. You need to make sure dot is able to find # the font, which can be done by putting it in a standard location or by setting # the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the # directory containing the font. DOT_FONTNAME = FreeSans # The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. # The default size is 10pt. DOT_FONTSIZE = 10 # By default doxygen will tell dot to use the Helvetica font. # If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to # set the path where dot can find it. DOT_FONTPATH = # If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect inheritance relations. Setting this tag to YES will force the # CLASS_DIAGRAMS tag to NO. CLASS_GRAPH = YES # If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect implementation dependencies (inheritance, containment, and # class references variables) of the class with other documented classes. COLLABORATION_GRAPH = YES # If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen # will generate a graph for groups, showing the direct groups dependencies GROUP_GRAPHS = YES # If the UML_LOOK tag is set to YES doxygen will generate inheritance and # collaboration diagrams in a style similar to the OMG's Unified Modeling # Language. UML_LOOK = NO # If the UML_LOOK tag is enabled, the fields and methods are shown inside # the class node. If there are many fields or methods and many nodes the # graph may become too big to be useful. The UML_LIMIT_NUM_FIELDS # threshold limits the number of items for each type to make the size more # managable. Set this to 0 for no limit. Note that the threshold may be # exceeded by 50% before the limit is enforced. UML_LIMIT_NUM_FIELDS = 10 # If set to YES, the inheritance and collaboration graphs will show the # relations between templates and their instances. TEMPLATE_RELATIONS = NO # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT # tags are set to YES then doxygen will generate a graph for each documented # file showing the direct and indirect include dependencies of the file with # other documented files. INCLUDE_GRAPH = YES # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and # HAVE_DOT tags are set to YES then doxygen will generate a graph for each # documented header file showing the documented files that directly or # indirectly include this file. INCLUDED_BY_GRAPH = YES # If the CALL_GRAPH and HAVE_DOT options are set to YES then # doxygen will generate a call dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable call graphs # for selected functions only using the \callgraph command. CALL_GRAPH = NO # If the CALLER_GRAPH and HAVE_DOT tags are set to YES then # doxygen will generate a caller dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable caller # graphs for selected functions only using the \callergraph command. CALLER_GRAPH = NO # If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen # will generate a graphical hierarchy of all classes instead of a textual one. GRAPHICAL_HIERARCHY = YES # If the DIRECTORY_GRAPH and HAVE_DOT tags are set to YES # then doxygen will show the dependencies a directory has on other directories # in a graphical way. The dependency relations are determined by the #include # relations between the files in the directories. DIRECTORY_GRAPH = YES # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images # generated by dot. Possible values are svg, png, jpg, or gif. # If left blank png will be used. If you choose svg you need to set # HTML_FILE_EXTENSION to xhtml in order to make the SVG files # visible in IE 9+ (other browsers do not have this requirement). DOT_IMAGE_FORMAT = png # If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to # enable generation of interactive SVG images that allow zooming and panning. # Note that this requires a modern browser other than Internet Explorer. # Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you # need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files # visible. Older versions of IE do not have SVG support. INTERACTIVE_SVG = NO # The tag DOT_PATH can be used to specify the path where the dot tool can be # found. If left blank, it is assumed the dot tool can be found in the path. DOT_PATH = # The DOTFILE_DIRS tag can be used to specify one or more directories that # contain dot files that are included in the documentation (see the # \dotfile command). DOTFILE_DIRS = # The MSCFILE_DIRS tag can be used to specify one or more directories that # contain msc files that are included in the documentation (see the # \mscfile command). MSCFILE_DIRS = # The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of # nodes that will be shown in the graph. If the number of nodes in a graph # becomes larger than this value, doxygen will truncate the graph, which is # visualized by representing a node as a red box. Note that doxygen if the # number of direct children of the root node in a graph is already larger than # DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note # that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. DOT_GRAPH_MAX_NODES = 50 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the # graphs generated by dot. A depth value of 3 means that only nodes reachable # from the root by following a path via at most 3 edges will be shown. Nodes # that lay further from the root node will be omitted. Note that setting this # option to 1 or 2 may greatly reduce the computation time needed for large # code bases. Also note that the size of a graph can be further restricted by # DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. MAX_DOT_GRAPH_DEPTH = 0 # Set the DOT_TRANSPARENT tag to YES to generate images with a transparent # background. This is disabled by default, because dot on Windows does not # seem to support this out of the box. Warning: Depending on the platform used, # enabling this option may lead to badly anti-aliased labels on the edges of # a graph (i.e. they become hard to read). DOT_TRANSPARENT = YES # Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output # files in one run (i.e. multiple -o and -T options on the command line). This # makes dot run faster, but since only newer versions of dot (>1.8.10) # support this, this feature is disabled by default. DOT_MULTI_TARGETS = NO # If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will # generate a legend page explaining the meaning of the various boxes and # arrows in the dot generated graphs. GENERATE_LEGEND = YES # If the DOT_CLEANUP tag is set to YES (the default) Doxygen will # remove the intermediate dot files that are used to generate # the various graphs. DOT_CLEANUP = YES sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_autofs.c0000644000000000000000000000007412320753107021426 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.597874993 sssd-1.11.5/src/providers/ipa/ipa_autofs.c0000664002412700241270000000345712320753107021661 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Provider Initialization functions Authors: Simo Sorce Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/child_common.h" #include "providers/ipa/ipa_common.h" #include "providers/krb5/krb5_auth.h" #include "providers/ipa/ipa_id.h" #include "providers/ipa/ipa_auth.h" #include "providers/ipa/ipa_access.h" #include "providers/ipa/ipa_dyndns.h" #include "providers/ipa/ipa_selinux.h" struct bet_ops ipa_autofs_ops = { .handler = sdap_autofs_handler, .finalize = NULL, .check_online = sdap_check_online }; int ipa_autofs_init(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data) { int ret; DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing autofs LDAP back end\n")); *ops = &ipa_autofs_ops; *pvt_data = id_ctx->sdap_id_ctx; ret = ipa_get_autofs_options(id_ctx->ipa_options, be_ctx->cdb, be_ctx->conf_path, &id_ctx->sdap_id_ctx->opts); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get IPA autofs options\n")); return ret; } return ret; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_dyndns.h0000644000000000000000000000007412320753107021431 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.491875071 sssd-1.11.5/src/providers/ipa/ipa_dyndns.h0000664002412700241270000000204212320753107021651 0ustar00jhrozekjhrozek00000000000000/* SSSD ipa_dyndns.h Authors: Stephen Gallagher Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef IPA_DYNDNS_H_ #define IPA_DYNDNS_H_ void ipa_dyndns_update(void *pvt); void ipa_dyndns_timer(void *pvt); errno_t ipa_dyndns_init(struct be_ctx *be_ctx, struct ipa_options *ctx); void ipa_dyndns_update(void *pvt); #endif /* IPA_DYNDNS_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_subdomains_id.c0000644000000000000000000000007412320753107022745 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.584875002 sssd-1.11.5/src/providers/ipa/ipa_subdomains_id.c0000664002412700241270000004516312320753107023200 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Identity Backend Module for sub-domains Authors: Sumit Bose Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "util/sss_nss.h" #include "util/strtonum.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_id.h" #include "providers/ad/ad_id.h" #include "providers/ipa/ipa_subdomains.h" struct ipa_get_subdom_acct { struct tevent_context *ev; struct sdap_id_ctx *ctx; struct sdap_id_op *op; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; int entry_type; const char *filter; int filter_type; int dp_error; }; static void ipa_get_subdom_acct_connected(struct tevent_req *subreq); static void ipa_get_subdom_acct_done(struct tevent_req *subreq); struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct be_acct_req *ar) { struct tevent_req *req; struct ipa_get_subdom_acct *state; struct tevent_req *subreq; int ret; req = tevent_req_create(memctx, &state, struct ipa_get_subdom_acct); if (!req) return NULL; state->ev = ev; state->ctx = ctx; state->dp_error = DP_ERR_FATAL; state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto fail; } state->domain = find_subdomain_by_name(state->ctx->be->domain, ar->domain, true); if (state->domain == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("find_subdomain_by_name failed.\n")); ret = ENOMEM; goto fail; } state->sysdb = state->domain->sysdb; state->entry_type = (ar->entry_type & BE_REQ_TYPE_MASK); state->filter = ar->filter_value; state->filter_type = ar->filter_type; switch (state->entry_type) { case BE_REQ_USER: case BE_REQ_GROUP: case BE_REQ_BY_SECID: case BE_REQ_USER_AND_GROUP: ret = EOK; break; case BE_REQ_INITGROUPS: ret = ENOTSUP; DEBUG(SSSDBG_TRACE_FUNC, ("Initgroups requests are not handled " \ "by the IPA provider but are resolved " \ "by the responder directly from the " \ "cache.\n")); break; default: ret = EINVAL; DEBUG(SSSDBG_OP_FAILURE, ("Invalid sub-domain request type.\n")); } if (ret != EOK) goto fail; subreq = sdap_id_op_connect_send(state->op, state, &ret); if (!subreq) { goto fail; } tevent_req_set_callback(subreq, ipa_get_subdom_acct_connected, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void ipa_get_subdom_acct_connected(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_get_subdom_acct *state = tevent_req_data(req, struct ipa_get_subdom_acct); int dp_error = DP_ERR_FATAL; int ret; char *endptr; struct req_input *req_input; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } req_input = talloc(state, struct req_input); if (req_input == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc failed.\n")); tevent_req_error(req, ENOMEM); return; } switch (state->filter_type) { case BE_FILTER_NAME: req_input->type = REQ_INP_NAME; req_input->inp.name = talloc_strdup(req_input, state->filter); if (req_input->inp.name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); tevent_req_error(req, ENOMEM); return; } break; case BE_FILTER_IDNUM: req_input->type = REQ_INP_ID; req_input->inp.id = strtouint32(state->filter, &endptr, 10); if (errno || *endptr || (state->filter == endptr)) { tevent_req_error(req, errno ? errno : EINVAL); return; } break; case BE_FILTER_SECID: req_input->type = REQ_INP_SECID; req_input->inp.secid = talloc_strdup(req_input, state->filter); if (req_input->inp.secid == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); tevent_req_error(req, ENOMEM); return; } break; default: DEBUG(SSSDBG_OP_FAILURE, ("Invalid sub-domain filter type.\n")); state->dp_error = dp_error; tevent_req_error(req, EINVAL); return; } subreq = ipa_s2n_get_acct_info_send(state, state->ev, state->ctx->opts, state->domain, sdap_id_op_handle(state->op), state->entry_type, req_input); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, ipa_get_subdom_acct_done, req); return; } static void ipa_get_subdom_acct_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_get_subdom_acct *state = tevent_req_data(req, struct ipa_get_subdom_acct); int dp_error = DP_ERR_FATAL; int ret; ret = ipa_s2n_get_acct_info_recv(subreq); talloc_zfree(subreq); ret = sdap_id_op_done(state->op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ subreq = sdap_id_op_connect_send(state->op, state, &ret); if (!subreq) { tevent_req_error(req, ret); return; } tevent_req_set_callback(subreq, ipa_get_subdom_acct_connected, req); return; } if (ret && ret != ENOENT) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } /* FIXME: do we need some special handling of ENOENT */ state->dp_error = DP_ERR_OK; tevent_req_done(req); } int ipa_get_subdom_acct_recv(struct tevent_req *req, int *dp_error_out) { struct ipa_get_subdom_acct *state = tevent_req_data(req, struct ipa_get_subdom_acct); if (dp_error_out) { *dp_error_out = state->dp_error; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* IPA lookup for server mode. Directly to AD. */ struct ipa_get_ad_acct_state { int dp_error; struct tevent_context *ev; struct ipa_id_ctx *ipa_ctx; struct be_req *be_req; struct be_acct_req *ar; struct sss_domain_info *user_dom; }; static void ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq); static void ipa_get_ad_acct_done(struct tevent_req *subreq); static struct ad_id_ctx *ipa_get_ad_id_ctx(struct ipa_id_ctx *ipa_ctx, struct sss_domain_info *dom); struct tevent_req * ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct ipa_id_ctx *ipa_ctx, struct be_req *be_req, struct be_acct_req *ar) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct ipa_get_ad_acct_state *state; struct sdap_domain *sdom; struct sdap_id_conn_ctx **clist; struct sdap_id_ctx *sdap_id_ctx;; struct ad_id_ctx *ad_id_ctx; req = tevent_req_create(mem_ctx, &state, struct ipa_get_ad_acct_state); if (req == NULL) return NULL; state->dp_error = -1; state->ev = ev; state->ipa_ctx = ipa_ctx; state->be_req = be_req; state->ar = ar; /* This can only be a subdomain request, verify subdomain */ state->user_dom = find_subdomain_by_name(ipa_ctx->sdap_id_ctx->be->domain, ar->domain, true); if (state->user_dom == NULL) { ret = EINVAL; goto fail; } /* Let's see if this subdomain has a ad_id_ctx */ ad_id_ctx = ipa_get_ad_id_ctx(ipa_ctx, state->user_dom); if (ad_id_ctx == NULL) { ret = EINVAL; goto fail; } sdap_id_ctx = ad_id_ctx->sdap_id_ctx; /* Currently only LDAP port for AD is used because POSIX * attributes are not replicated to GC by default */ if ((state->ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_INITGROUPS) { clist = ad_gc_conn_list(req, ad_id_ctx, state->user_dom); if (clist == NULL) { ret = ENOMEM; goto fail; } } else { clist = talloc_zero_array(req, struct sdap_id_conn_ctx *, 2); if (clist == NULL) { ret = ENOMEM; goto fail; } clist[0] = ad_id_ctx->ldap_ctx; clist[1] = NULL; } /* Now we already need ad_id_ctx in particular sdap_id_conn_ctx */ sdom = sdap_domain_get(sdap_id_ctx->opts, state->user_dom); if (sdom == NULL) { ret = EIO; goto fail; } subreq = ad_handle_acct_info_send(req, be_req, ar, sdap_id_ctx, ad_id_ctx->ad_options, sdom, clist); if (subreq == NULL) { ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, ipa_get_ad_acct_ad_part_done, req); return req; fail: state->dp_error = DP_ERR_FATAL; tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static struct ad_id_ctx * ipa_get_ad_id_ctx(struct ipa_id_ctx *ipa_ctx, struct sss_domain_info *dom) { struct ipa_ad_server_ctx *iter; DLIST_FOR_EACH(iter, ipa_ctx->server_mode->trusts) { if (iter->dom == dom) break; } return (iter) ? iter->ad_id_ctx : NULL; } static errno_t get_subdomain_homedir_of_user(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *fqname, uint32_t uid, const char **_homedir) { errno_t ret; char *name; char *lc_name; const char *homedir; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } ret = sss_parse_name(tmp_ctx, dom->names, fqname, NULL, &name); if (ret != EOK) { goto done; } /* To be compatible with the old winbind based user lookups and IPA * clients the user name in the home directory path will be lower-case. */ lc_name = sss_tc_utf8_str_tolower(tmp_ctx, name); if (lc_name == NULL) { ret =ENOMEM; goto done; } homedir = expand_homedir_template(tmp_ctx, dom->subdomain_homedir, lc_name, uid, NULL, dom->name, dom->flat_name); if (homedir == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("expand_homedir_template failed\n")); ret = ENOMEM; goto done; } if (_homedir == NULL) { ret = EINVAL; goto done; } *_homedir = talloc_steal(mem_ctx, homedir); done: talloc_free(tmp_ctx); return ret; } static errno_t store_homedir_of_user(struct sss_domain_info *domain, const char *fqname, const char *homedir) { errno_t ret; errno_t sret; TALLOC_CTX *tmp_ctx; bool in_transaction = false; struct sysdb_attrs *attrs; struct sysdb_ctx *sysdb = domain->sysdb; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } attrs = sysdb_new_attrs(tmp_ctx); if (attrs == NULL) { ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_HOMEDIR, homedir); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error setting homedir: [%s]\n", strerror(ret))); goto done; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; ret = sysdb_set_user_attr(sysdb, domain, fqname, attrs, SYSDB_MOD_REP); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to update homedir information!\n")); goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot commit sysdb transaction [%d]: %s.\n", ret, strerror(ret))); goto done; } in_transaction = false; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction.\n")); } } talloc_free(tmp_ctx); return ret; } static errno_t apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, int filter_type, const char *filter_value) { errno_t ret; uint32_t uid; const char *fqname; const char *homedir = NULL; struct ldb_result *res; if (filter_type == BE_FILTER_NAME) { ret = sysdb_getpwnam(mem_ctx, dom->sysdb, dom, filter_value, &res); } else if (filter_type == BE_FILTER_IDNUM) { errno = 0; uid = strtouint32(filter_value, NULL, 10); if (errno != 0) { ret = errno; goto done; } ret = sysdb_getpwuid(mem_ctx, dom->sysdb, dom, uid, &res); } else { DEBUG(SSSDBG_OP_FAILURE, ("Unsupported filter type: [%d].\n", filter_type)); ret = EINVAL; goto done; } if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to make request to our cache: [%d]: [%s]\n", ret, sss_strerror(ret))); goto done; } if (res->count == 0) { ret = ENOENT; goto done; } /* * Homedir is always overriden by subdomain_homedir even if it was * explicitly set by user. */ fqname = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); uid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_UIDNUM, 0); if (uid == 0) { DEBUG(SSSDBG_OP_FAILURE, ("UID for user [%s] is not known.\n", filter_value)); ret = ENOENT; goto done; } ret = get_subdomain_homedir_of_user(mem_ctx, dom, fqname, uid, &homedir); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("get_subdomain_homedir_of_user failed: [%d]: [%s]\n", ret, sss_strerror(ret))); goto done; } ret = store_homedir_of_user(dom, fqname, homedir); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("store_homedir_of_user failed: [%d]: [%s]\n", ret, sss_strerror(ret))); goto done; } done: return ret; } static void ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_get_ad_acct_state *state = tevent_req_data(req, struct ipa_get_ad_acct_state); errno_t ret; ret = ad_handle_acct_info_recv(subreq, &state->dp_error, NULL); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("AD lookup failed: %d\n", ret)); tevent_req_error(req, ret); return; } ret = apply_subdomain_homedir(state, state->user_dom, state->ar->filter_type, state->ar->filter_value); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("apply_subdomain_homedir failed: [%d]: [%s].\n", ret, sss_strerror(ret))); goto fail; } if ((state->ar->entry_type & BE_REQ_TYPE_MASK) != BE_REQ_INITGROUPS) { tevent_req_done(req); return; } /* For initgroups request we have to check IPA group memberships of AD * users. */ subreq = ipa_get_ad_memberships_send(state, state->ev, state->ar, state->ipa_ctx->server_mode, state->user_dom, state->ipa_ctx->sdap_id_ctx, state->ipa_ctx->server_mode->realm); if (subreq == NULL) { ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, ipa_get_ad_acct_done, req); return; fail: state->dp_error = DP_ERR_FATAL; tevent_req_error(req, ret); return; } static void ipa_get_ad_acct_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_get_ad_acct_state *state = tevent_req_data(req, struct ipa_get_ad_acct_state); errno_t ret; ret = ipa_get_ad_memberships_recv(subreq, &state->dp_error); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("IPA external groups lookup failed: %d\n", ret)); tevent_req_error(req, ret); return; } tevent_req_done(req); } errno_t ipa_get_ad_acct_recv(struct tevent_req *req, int *dp_error_out) { struct ipa_get_ad_acct_state *state = tevent_req_data(req, struct ipa_get_ad_acct_state); if (dp_error_out) { *dp_error_out = state->dp_error; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hbac_private.h0000644000000000000000000000007412320753107022561 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.588874999 sssd-1.11.5/src/providers/ipa/ipa_hbac_private.h0000664002412700241270000001257312320753107023013 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef IPA_HBAC_PRIVATE_H_ #define IPA_HBAC_PRIVATE_H_ #include "providers/ipa/ipa_access.h" #include "providers/ipa/ipa_hbac.h" #define IPA_HBAC_RULE "ipaHBACRule" #define IPA_HBAC_SERVICE "ipaHBACService" #define IPA_HBAC_SERVICE_GROUP "ipaHBACServiceGroup" #define IPA_UNIQUE_ID "ipauniqueid" #define IPA_MEMBER "member" #define HBAC_HOSTS_SUBDIR "hbac_hosts" #define HBAC_HOSTGROUPS_SUBDIR "hbac_hostgroups" #define OBJECTCLASS "objectclass" #define IPA_MEMBEROF "memberOf" #define IPA_ACCESS_RULE_TYPE "accessRuleType" #define IPA_HBAC_ALLOW "allow" #define IPA_MEMBER_USER "memberUser" #define IPA_USER_CATEGORY "userCategory" #define IPA_SERVICE_NAME "serviceName" #define IPA_SOURCE_HOST "sourceHost" #define IPA_SOURCE_HOST_CATEGORY "sourceHostCategory" #define IPA_EXTERNAL_HOST "externalHost" #define IPA_ENABLED_FLAG "ipaenabledflag" #define IPA_MEMBER_HOST "memberHost" #define IPA_HOST_CATEGORY "hostCategory" #define IPA_CN "cn" #define IPA_MEMBER_SERVICE "memberService" #define IPA_SERVICE_CATEGORY "serviceCategory" #define IPA_TRUE_VALUE "TRUE" #define IPA_HBAC_BASE_TMPL "cn=hbac,%s" #define IPA_SERVICES_BASE_TMPL "cn=hbacservices,cn=accounts,%s" #define SYSDB_HBAC_BASE_TMPL "cn=hbac,"SYSDB_TMPL_CUSTOM_BASE #define HBAC_RULES_SUBDIR "hbac_rules" #define HBAC_SERVICES_SUBDIR "hbac_services" #define HBAC_SERVICEGROUPS_SUBDIR "hbac_servicegroups" /* From ipa_hbac_common.c */ errno_t ipa_hbac_sysdb_save(struct sss_domain_info *domain, const char *primary_subdir, const char *attr_name, size_t primary_count, struct sysdb_attrs **primary, const char *group_subdir, const char *groupattr_name, size_t group_count, struct sysdb_attrs **groups); errno_t replace_attribute_name(const char *old_name, const char *new_name, const size_t count, struct sysdb_attrs **list); errno_t hbac_ctx_to_rules(TALLOC_CTX *mem_ctx, struct hbac_ctx *hbac_ctx, struct hbac_rule ***rules, struct hbac_eval_req **request); errno_t hbac_get_category(struct sysdb_attrs *attrs, const char *category_attr, uint32_t *_categories); errno_t hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **thosts); errno_t hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, bool support_srchost, struct hbac_rule_element **source_hosts); errno_t get_ipa_hostgroupname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, const char *host_dn, char **hostgroupname); /* From ipa_hbac_services.c */ struct tevent_req * ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_handle *sh, struct sdap_options *opts, struct sdap_search_base **search_bases); errno_t ipa_hbac_service_info_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *service_count, struct sysdb_attrs ***services, size_t *servicegroup_count, struct sysdb_attrs ***servicegroups); errno_t hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **services); errno_t get_ipa_servicegroupname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, const char *service_dn, char **servicename); /* From ipa_hbac_users.c */ errno_t hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **users); errno_t get_ipa_groupname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, const char *group_dn, const char **groupname); #endif /* IPA_HBAC_PRIVATE_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hbac_services.c0000644000000000000000000000007412320753107022725 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.590874998 sssd-1.11.5/src/providers/ipa/ipa_hbac_services.c0000664002412700241270000005144112320753107023154 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "providers/ipa/ipa_hbac_private.h" #include "providers/ldap/sdap_async.h" struct ipa_hbac_service_state { struct tevent_context *ev; struct sdap_handle *sh; struct sdap_options *opts; const char **attrs; char *service_filter; char *cur_filter; struct sdap_search_base **search_bases; int search_base_iter; /* Return values */ size_t service_count; struct sysdb_attrs **services; size_t servicegroup_count; struct sysdb_attrs **servicegroups; }; static errno_t ipa_hbac_service_info_next(struct tevent_req *req, struct ipa_hbac_service_state *state); static void ipa_hbac_service_info_done(struct tevent_req *subreq); static errno_t ipa_hbac_servicegroup_info_next(struct tevent_req *req, struct ipa_hbac_service_state *state); static void ipa_hbac_servicegroup_info_done(struct tevent_req *subreq); struct tevent_req * ipa_hbac_service_info_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_handle *sh, struct sdap_options *opts, struct sdap_search_base **search_bases) { errno_t ret; struct ipa_hbac_service_state *state; struct tevent_req *req; char *service_filter; req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_service_state); if (req == NULL) { DEBUG(1, ("tevent_req_create failed.\n")); return NULL; } state->ev = ev; state->sh = sh; state->opts = opts; state->search_bases = search_bases; state->search_base_iter = 0; service_filter = talloc_asprintf(state, "(objectClass=%s)", IPA_HBAC_SERVICE); if (service_filter == NULL) { ret = ENOMEM; goto immediate; } state->service_filter = service_filter; state->cur_filter = NULL; state->attrs = talloc_array(state, const char *, 6); if (state->attrs == NULL) { DEBUG(1, ("Failed to allocate service attribute list.\n")); ret = ENOMEM; goto immediate; } state->attrs[0] = OBJECTCLASS; state->attrs[1] = IPA_CN; state->attrs[2] = IPA_UNIQUE_ID; state->attrs[3] = IPA_MEMBER; state->attrs[4] = IPA_MEMBEROF; state->attrs[5] = NULL; ret = ipa_hbac_service_info_next(req, state); if (ret == EOK) { ret = EINVAL; } if (ret != EAGAIN) { goto immediate; } return req; immediate: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t ipa_hbac_service_info_next(struct tevent_req *req, struct ipa_hbac_service_state *state) { struct tevent_req *subreq; struct sdap_search_base *base; base = state->search_bases[state->search_base_iter]; if (base == NULL) { return EOK; } talloc_zfree(state->cur_filter); state->cur_filter = sdap_get_id_specific_filter(state, state->service_filter, base->filter); if (state->cur_filter == NULL) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Sending request for next search base: " "[%s][%d][%s]\n", base->basedn, base->scope, state->cur_filter)); subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, base->basedn, base->scope, state->cur_filter, state->attrs, NULL, 0, dp_opt_get_int(state->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), true); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error requesting service info\n")); return EIO; } tevent_req_set_callback(subreq, ipa_hbac_service_info_done, req); return EAGAIN; } static void ipa_hbac_service_info_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_hbac_service_state *state = tevent_req_data(req, struct ipa_hbac_service_state); char *servicegroup_filter; ret = sdap_get_generic_recv(subreq, state, &state->service_count, &state->services); talloc_zfree(subreq); if (ret != EOK && ret != ENOENT) { goto done; } if (ret == ENOENT || state->service_count == 0) { /* If there are no services, we'll shortcut out * This is still valid, as rules can apply to * all services * * There's no reason to try to process groups */ state->search_base_iter++; ret = ipa_hbac_service_info_next(req, state); if (ret == EAGAIN) { return; } state->service_count = 0; state->services = NULL; goto done; } ret = replace_attribute_name(IPA_MEMBEROF, SYSDB_ORIG_MEMBEROF, state->service_count, state->services); if (ret != EOK) { DEBUG(1, ("Could not replace attribute names\n")); goto done; } servicegroup_filter = talloc_asprintf(state, "(objectClass=%s)", IPA_HBAC_SERVICE_GROUP); if (servicegroup_filter == NULL) { ret = ENOMEM; goto done; } talloc_zfree(state->service_filter); state->service_filter = servicegroup_filter; state->search_base_iter = 0; ret = ipa_hbac_servicegroup_info_next(req, state); if (ret == EOK) { ret = EINVAL; } if (ret != EAGAIN) { goto done; } return; done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } static errno_t ipa_hbac_servicegroup_info_next(struct tevent_req *req, struct ipa_hbac_service_state *state) { struct tevent_req *subreq; struct sdap_search_base *base; base = state->search_bases[state->search_base_iter]; if (base == NULL) { return EOK; } talloc_zfree(state->cur_filter); state->cur_filter = sdap_get_id_specific_filter(state, state->service_filter, base->filter); if (state->cur_filter == NULL) { return ENOMEM; } /* Look up service groups */ DEBUG(SSSDBG_TRACE_FUNC, ("Sending request for next search base: " "[%s][%d][%s]\n", base->basedn, base->scope, state->cur_filter)); subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, base->basedn, base->scope, state->cur_filter, state->attrs, NULL, 0, dp_opt_get_int(state->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), true); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error requesting servicegroup info\n")); return EIO; } tevent_req_set_callback(subreq, ipa_hbac_servicegroup_info_done, req); return EAGAIN; } static void ipa_hbac_servicegroup_info_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_hbac_service_state *state = tevent_req_data(req, struct ipa_hbac_service_state); size_t total_count; size_t group_count; struct sysdb_attrs **groups; struct sysdb_attrs **target; int i; ret = sdap_get_generic_recv(subreq, state, &group_count, &groups); talloc_zfree(subreq); if (ret != EOK) { goto done; } if (group_count > 0) { ret = replace_attribute_name(IPA_MEMBER, SYSDB_ORIG_MEMBER, group_count, groups); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not replace attribute names\n")); goto done; } ret = replace_attribute_name(IPA_MEMBEROF, SYSDB_ORIG_MEMBEROF, state->servicegroup_count, state->servicegroups); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not replace attribute names\n")); goto done; } total_count = state->servicegroup_count + group_count; state->servicegroups = talloc_realloc(state, state->servicegroups, struct sysdb_attrs *, total_count); if (state->servicegroups == NULL) { ret = ENOMEM; goto done; } i = 0; while (state->servicegroup_count < total_count) { target = &state->servicegroups[state->servicegroup_count]; *target = talloc_steal(state->servicegroups, groups[i]); state->servicegroup_count++; i++; } } state->search_base_iter++; ret = ipa_hbac_servicegroup_info_next(req, state); if (ret == EAGAIN) { return; } else if (ret != EOK) { goto done; } done: if (ret == EOK) { tevent_req_done(req); } else { DEBUG(3, ("Error [%d][%s]\n", ret, strerror(ret))); tevent_req_error(req, ret); } } errno_t ipa_hbac_service_info_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *service_count, struct sysdb_attrs ***services, size_t *servicegroup_count, struct sysdb_attrs ***servicegroups) { size_t c; struct ipa_hbac_service_state *state = tevent_req_data(req, struct ipa_hbac_service_state); TEVENT_REQ_RETURN_ON_ERROR(req); *service_count = state->service_count; *services = talloc_steal(mem_ctx, state->services); for (c = 0; c < state->service_count; c++) { /* Guarantee the memory heirarchy of the list */ talloc_steal(state->services, state->services[c]); } *servicegroup_count = state->servicegroup_count; *servicegroups = talloc_steal(mem_ctx, state->servicegroups); return EOK; } errno_t hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **services) { errno_t ret; TALLOC_CTX *tmp_ctx; struct hbac_rule_element *new_services; const char *attrs[] = { IPA_CN, NULL }; struct ldb_message_element *el; size_t num_services = 0; size_t num_servicegroups = 0; size_t i; char *member_dn; char *filter; size_t count; struct ldb_message **msgs; const char *name; DEBUG(7, ("Processing PAM services for rule [%s]\n", rule_name)); tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return ENOMEM; new_services = talloc_zero(tmp_ctx, struct hbac_rule_element); if (new_services == NULL) { ret = ENOMEM; goto done; } /* First check for service category */ ret = hbac_get_category(rule_attrs, IPA_SERVICE_CATEGORY, &new_services->category); if (ret != EOK) { DEBUG(1, ("Could not identify service categories\n")); goto done; } if (new_services->category & HBAC_CATEGORY_ALL) { /* Short-cut to the exit */ ret = EOK; goto done; } /* Get the list of DNs from the member attr */ ret = sysdb_attrs_get_el(rule_attrs, IPA_MEMBER_SERVICE, &el); if (ret != EOK && ret != ENOENT) { DEBUG(1, ("sysdb_attrs_get_el failed.\n")); goto done; } if (ret == ENOENT || el->num_values == 0) { el->num_values = 0; DEBUG(4, ("No services specified, rule will never apply.\n")); } /* Assume maximum size; We'll trim it later */ new_services->names = talloc_array(new_services, const char *, el->num_values +1); if (new_services->names == NULL) { ret = ENOMEM; goto done; } new_services->groups = talloc_array(new_services, const char *, el->num_values + 1); if (new_services->groups == NULL) { ret = ENOMEM; goto done; } for (i = 0; i < el->num_values; i++) { ret = sss_filter_sanitize(tmp_ctx, (const char *)el->values[i].data, &member_dn); if (ret != EOK) goto done; filter = talloc_asprintf(member_dn, "(%s=%s)", SYSDB_ORIG_DN, member_dn); if (filter == NULL) { ret = ENOMEM; goto done; } /* First check if this is a specific service */ ret = sysdb_search_custom(tmp_ctx, domain->sysdb, domain, filter, HBAC_SERVICES_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; if (ret == EOK && count == 0) { ret = ENOENT; } if (ret == EOK) { if (count > 1) { DEBUG(1, ("Original DN matched multiple services. " "Skipping \n")); talloc_zfree(member_dn); continue; } /* Original DN matched a single service. Get the service name */ name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL); if (name == NULL) { DEBUG(1, ("Attribute is missing!\n")); ret = EFAULT; goto done; } new_services->names[num_services] = talloc_strdup(new_services->names, name); if (new_services->names[num_services] == NULL) { ret = ENOMEM; goto done; } DEBUG(8, ("Added service [%s] to rule [%s]\n", name, rule_name)); num_services++; } else { /* ret == ENOENT */ /* Check if this is a service group */ ret = sysdb_search_custom(tmp_ctx, domain->sysdb, domain, filter, HBAC_SERVICEGROUPS_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; if (ret == EOK && count == 0) { ret = ENOENT; } if (ret == EOK) { if (count > 1) { DEBUG(1, ("Original DN matched multiple service groups. " "Skipping\n")); talloc_zfree(member_dn); continue; } /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL); if (name == NULL) { DEBUG(1, ("Attribute is missing!\n")); ret = EFAULT; goto done; } new_services->groups[num_servicegroups] = talloc_strdup(new_services->groups, name); if (new_services->groups[num_servicegroups] == NULL) { ret = ENOMEM; goto done; } DEBUG(8, ("Added service group [%s] to rule [%s]\n", name, rule_name)); num_servicegroups++; } else { /* ret == ENOENT */ /* Neither a service nor a service group? Skip it */ DEBUG(1, ("[%s] does not map to either a service or " "service group. Skipping\n", member_dn)); } } talloc_zfree(member_dn); } new_services->names[num_services] = NULL; new_services->groups[num_servicegroups] = NULL; /* Shrink the arrays down to their real sizes */ new_services->names = talloc_realloc(new_services, new_services->names, const char *, num_services + 1); if (new_services->names == NULL) { ret = ENOMEM; goto done; } new_services->groups = talloc_realloc(new_services, new_services->groups, const char *, num_servicegroups + 1); if (new_services->groups == NULL) { ret = ENOMEM; goto done; } ret = EOK; done: if (ret == EOK) { *services = talloc_steal(mem_ctx, new_services); } talloc_free(tmp_ctx); return ret; } errno_t get_ipa_servicegroupname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, const char *service_dn, char **servicegroupname) { errno_t ret; struct ldb_dn *dn; const char *rdn_name; const char *svc_comp_name; const char *hbac_comp_name; const struct ldb_val *rdn_val; const struct ldb_val *svc_comp_val; const struct ldb_val *hbac_comp_val; /* This is an IPA-specific hack. It may not * work for non-IPA servers and will need to * be changed if SSSD ever supports HBAC on * a non-IPA server. */ *servicegroupname = NULL; dn = ldb_dn_new(mem_ctx, sysdb_ctx_get_ldb(sysdb), service_dn); if (dn == NULL) { ret = ENOMEM; goto done; } if (!ldb_dn_validate(dn)) { ret = EINVAL; goto done; } if (ldb_dn_get_comp_num(dn) < 4) { /* RDN, services, hbac, and at least one DC= */ /* If it's fewer, it's not a group DN */ ret = ENOENT; goto done; } /* If the RDN name is 'cn' */ rdn_name = ldb_dn_get_rdn_name(dn); if (rdn_name == NULL) { /* Shouldn't happen if ldb_dn_validate() * passed, but we'll be careful. */ ret = EINVAL; goto done; } if (strcasecmp("cn", rdn_name) != 0) { /* RDN has the wrong attribute name. * It's not a service. */ ret = ENOENT; goto done; } /* and the second component is "cn=hbacservicegroups" */ svc_comp_name = ldb_dn_get_component_name(dn, 1); if (strcasecmp("cn", svc_comp_name) != 0) { /* The second component name is not "cn" */ ret = ENOENT; goto done; } svc_comp_val = ldb_dn_get_component_val(dn, 1); if (strncasecmp("hbacservicegroups", (const char *) svc_comp_val->data, svc_comp_val->length) != 0) { /* The second component value is not "hbacservicegroups" */ ret = ENOENT; goto done; } /* and the third component is "hbac" */ hbac_comp_name = ldb_dn_get_component_name(dn, 2); if (strcasecmp("cn", hbac_comp_name) != 0) { /* The third component name is not "cn" */ ret = ENOENT; goto done; } hbac_comp_val = ldb_dn_get_component_val(dn, 2); if (strncasecmp("hbac", (const char *) hbac_comp_val->data, hbac_comp_val->length) != 0) { /* The third component value is not "hbac" */ ret = ENOENT; goto done; } /* Then the value of the RDN is the group name */ rdn_val = ldb_dn_get_rdn_val(dn); *servicegroupname = talloc_strndup(mem_ctx, (const char *)rdn_val->data, rdn_val->length); if (*servicegroupname == NULL) { ret = ENOMEM; goto done; } ret = EOK; done: talloc_free(dn); return ret; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hosts.c0000644000000000000000000000007412320753107021265 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.583875003 sssd-1.11.5/src/providers/ipa/ipa_hosts.c0000664002412700241270000003606212320753107021516 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Jan Zeleny Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_hosts.h" #include "providers/ipa/ipa_common.h" struct ipa_host_state { struct tevent_context *ev; struct sysdb_ctx *sysdb; struct sdap_handle *sh; struct sdap_options *opts; const char **attrs; struct sdap_attr_map *host_map; struct sdap_attr_map *hostgroup_map; struct sdap_search_base **search_bases; int search_base_iter; char *cur_filter; char *host_filter; const char *hostname; /* Return values */ size_t host_count; struct sysdb_attrs **hosts; size_t hostgroup_count; struct sysdb_attrs **hostgroups; struct sdap_attr_map_info *ipa_hostgroup_map; }; static void ipa_host_info_done(struct tevent_req *subreq); static void ipa_hostgroup_info_done(struct tevent_req *subreq); static errno_t ipa_host_info_next(struct tevent_req *req, struct ipa_host_state *state); static errno_t ipa_hostgroup_info_next(struct tevent_req *req, struct ipa_host_state *state); /** * hostname == NULL -> look up all hosts / host groups * hostname != NULL -> look up only given host and groups * it's member of * hostgroup_map == NULL -> skip looking up hostgroups */ struct tevent_req * ipa_host_info_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_handle *sh, struct sdap_options *opts, const char *hostname, struct sdap_attr_map *host_map, struct sdap_attr_map *hostgroup_map, struct sdap_search_base **search_bases) { errno_t ret; struct ipa_host_state *state; struct tevent_req *req; req = tevent_req_create(mem_ctx, &state, struct ipa_host_state); if (req == NULL) { return NULL; } state->ev = ev; state->sh = sh; state->opts = opts; state->hostname = hostname; state->search_bases = search_bases; state->search_base_iter = 0; state->cur_filter = NULL; state->host_map = host_map; state->hostgroup_map = hostgroup_map; ret = build_attrs_from_map(state, host_map, IPA_OPTS_HOST, NULL, &state->attrs, NULL); if (ret != EOK) { goto immediate; } if (hostname == NULL) { state->host_filter = talloc_asprintf(state, "(objectClass=%s)", host_map[IPA_OC_HOST].name); } else { state->host_filter = talloc_asprintf(state, "(&(objectClass=%s)(%s=%s))", host_map[IPA_OC_HOST].name, host_map[IPA_AT_HOST_FQDN].name, hostname); } if (state->host_filter == NULL) { ret = ENOMEM; goto immediate; } ret = ipa_host_info_next(req, state); if (ret == EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("No host search base configured?\n")); ret = EINVAL; } if (ret != EAGAIN) { goto immediate; } return req; immediate: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t ipa_host_info_next(struct tevent_req *req, struct ipa_host_state *state) { struct sdap_search_base *base; struct tevent_req *subreq; base = state->search_bases[state->search_base_iter]; if (base == NULL) { return EOK; } talloc_zfree(state->cur_filter); state->cur_filter = sdap_get_id_specific_filter(state, state->host_filter, base->filter); if (state->cur_filter == NULL) { return ENOMEM; } subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, base->basedn, base->scope, state->cur_filter, state->attrs, state->host_map, IPA_OPTS_HOST, dp_opt_get_int(state->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), true); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error requesting host info\n")); talloc_zfree(state->cur_filter); return EIO; } tevent_req_set_callback(subreq, ipa_host_info_done, req); return EAGAIN; } static void ipa_host_info_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_host_state *state = tevent_req_data(req, struct ipa_host_state); const char *host_dn; ret = sdap_get_generic_recv(subreq, state, &state->host_count, &state->hosts); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } if (state->host_count == 0) { state->search_base_iter++; ret = ipa_host_info_next(req, state); if (ret == EOK) { /* No more search bases to try */ tevent_req_error(req, ENOENT); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } if (state->hostgroup_map) { talloc_free(state->attrs); ret = build_attrs_from_map(state, state->hostgroup_map, IPA_OPTS_HOSTGROUP, NULL, &state->attrs, NULL); if (ret != EOK) { tevent_req_error(req, ret); return; } /* Look up host groups */ if (state->hostname == NULL) { talloc_zfree(state->host_filter); state->host_filter = talloc_asprintf(state, "(objectClass=%s)", state->hostgroup_map[IPA_OC_HOSTGROUP].name); if (state->host_filter == NULL) { tevent_req_error(req, ENOMEM); return; } state->search_base_iter = 0; ret = ipa_hostgroup_info_next(req, state); if (ret == EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("No host search base configured?\n")); tevent_req_error(req, EINVAL); return; } else if (ret != EAGAIN) { tevent_req_error(req, ret); return; } } else { state->ipa_hostgroup_map = talloc_zero(state, struct sdap_attr_map_info); if (state->ipa_hostgroup_map == NULL) { tevent_req_error(req, ENOMEM); return; } state->ipa_hostgroup_map->map = state->hostgroup_map; state->ipa_hostgroup_map->num_attrs = IPA_OPTS_HOSTGROUP; ret = sysdb_attrs_get_string(state->hosts[0], SYSDB_ORIG_DN, &host_dn); if (ret != EOK) { tevent_req_error(req, ret); return; } if (!sdap_has_deref_support(state->sh, state->opts)) { DEBUG(SSSDBG_CRIT_FAILURE, ("Server does not support deref\n")); tevent_req_error(req, EIO); return; } subreq = sdap_deref_search_send(state, state->ev, state->opts, state->sh, host_dn, state->hostgroup_map[IPA_AT_HOSTGROUP_MEMBER_OF].name, state->attrs, 1, state->ipa_hostgroup_map, dp_opt_get_int(state->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT)); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error requesting host info\n")); tevent_req_error(req, EIO); return; } tevent_req_set_callback(subreq, ipa_hostgroup_info_done, req); } } else { /* Nothing else to do, just complete the req */ tevent_req_done(req); } } static errno_t ipa_hostgroup_info_next(struct tevent_req *req, struct ipa_host_state *state) { struct sdap_search_base *base; struct tevent_req *subreq; base = state->search_bases[state->search_base_iter]; if (base == NULL) { return EOK; } talloc_zfree(state->cur_filter); state->cur_filter = sdap_get_id_specific_filter(state, state->host_filter, base->filter); if (state->cur_filter == NULL) { return ENOMEM; } subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, base->basedn, base->scope, state->cur_filter, state->attrs, state->hostgroup_map, IPA_OPTS_HOSTGROUP, dp_opt_get_int(state->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), true); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error requesting hostgroup info\n")); talloc_zfree(state->cur_filter); return EIO; } tevent_req_set_callback(subreq, ipa_hostgroup_info_done, req); return EAGAIN; } static void ipa_hostgroup_info_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_host_state *state = tevent_req_data(req, struct ipa_host_state); size_t hostgroups_total; size_t hostgroup_count; struct sysdb_attrs **hostgroups; struct sdap_deref_attrs **deref_result; const char *hostgroup_name; const char *hostgroup_dn; int i, j; if (state->hostname == NULL) { ret = sdap_get_generic_recv(subreq, state, &hostgroup_count, &hostgroups); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_recv failed: [%d]\n", ret)); tevent_req_error(req, ret); return; } /* Merge the two arrays */ if (hostgroup_count > 0) { hostgroups_total = hostgroup_count + state->hostgroup_count; state->hostgroups = talloc_realloc(state, state->hostgroups, struct sysdb_attrs *, hostgroups_total); if (state->hostgroups == NULL) { tevent_req_error(req, ENOMEM); return; } i = 0; while(state->hostgroup_count < hostgroups_total) { state->hostgroups[state->hostgroup_count] = talloc_steal(state->hostgroups, hostgroups[i]); state->hostgroup_count++; i++; } } /* Now look in the next base */ state->search_base_iter++; ret = ipa_hostgroup_info_next(req, state); if (ret != EOK && ret != EAGAIN) { tevent_req_error(req, ret); } if (ret != EOK) { /* Only continue if no error occurred * and no req was created */ return; } } else { ret = sdap_deref_search_recv(subreq, state, &state->hostgroup_count, &deref_result); talloc_zfree(subreq); if (ret != EOK) goto done; if (state->hostgroup_count == 0) { DEBUG(SSSDBG_FUNC_DATA, ("No host groups were dereferenced\n")); } else { state->hostgroups = talloc_zero_array(state, struct sysdb_attrs *, state->hostgroup_count); if (state->hostgroups == NULL) { ret = ENOMEM; goto done; } j = 0; for (i = 0; i < state->hostgroup_count; i++) { ret = sysdb_attrs_get_string(deref_result[i]->attrs, SYSDB_ORIG_DN, &hostgroup_dn); if (ret != EOK) goto done; if (!sss_ldap_dn_in_search_bases(state, hostgroup_dn, state->search_bases, NULL)) { continue; } ret = sysdb_attrs_get_string(deref_result[i]->attrs, state->hostgroup_map[IPA_AT_HOSTGROUP_NAME].sys_name, &hostgroup_name); if (ret != EOK) goto done; DEBUG(SSSDBG_FUNC_DATA, ("Dereferenced host group: %s\n", hostgroup_name)); state->hostgroups[j] = talloc_steal(state->hostgroups, deref_result[i]->attrs); j++; } state->hostgroup_count = j; } } done: if (ret == EOK) { tevent_req_done(req); } else { DEBUG(SSSDBG_OP_FAILURE, ("Error [%d][%s]\n", ret, strerror(ret))); tevent_req_error(req, ret); } } errno_t ipa_host_info_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *host_count, struct sysdb_attrs ***hosts, size_t *hostgroup_count, struct sysdb_attrs ***hostgroups) { size_t c; struct ipa_host_state *state = tevent_req_data(req, struct ipa_host_state); TEVENT_REQ_RETURN_ON_ERROR(req); *host_count = state->host_count; *hosts = talloc_steal(mem_ctx, state->hosts); for (c = 0; c < state->host_count; c++) { /* Guarantee the memory heirarchy of the list */ talloc_steal(state->hosts, state->hosts[c]); } if (hostgroup_count) *hostgroup_count = state->hostgroup_count; if (hostgroups) *hostgroups = talloc_steal(mem_ctx, state->hostgroups); return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hbac.pc.in0000644000000000000000000000007412320753107021607 xustar000000000000000030 atime=1396954960.365875902 30 ctime=1396954961.362875166 sssd-1.11.5/src/providers/ipa/ipa_hbac.pc.in0000664002412700241270000000035112320753107022030 0ustar00jhrozekjhrozek00000000000000prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ includedir=@includedir@ Name: ipa_hbac Description: FreeIPA HBAC Evaluator library Version: @VERSION@ Libs: -L${libdir} -lipa_hbac Cflags: URL: http://fedorahosted.org/sssd/ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hbac_hosts.c0000644000000000000000000000007112320753107022237 xustar000000000000000030 atime=1396954939.264891432 27 ctime=1396954961.587875 sssd-1.11.5/src/providers/ipa/ipa_hbac_hosts.c0000664002412700241270000003321112320753107022464 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb.h" #include "providers/ipa/ipa_hbac_private.h" #include "providers/ldap/sdap_async.h" /* * Functions to convert sysdb_attrs to the hbac_rule format */ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, const char *category_attr, const char *member_attr, size_t *host_count, struct hbac_rule_element **hosts) { errno_t ret; TALLOC_CTX *tmp_ctx; struct hbac_rule_element *new_hosts; const char *attrs[] = { SYSDB_FQDN, SYSDB_NAME, NULL }; struct ldb_message_element *el; size_t num_hosts = 0; size_t num_hostgroups = 0; size_t i; char *member_dn; char *filter; size_t count; struct ldb_message **msgs; const char *name; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return ENOMEM; new_hosts = talloc_zero(tmp_ctx, struct hbac_rule_element); if (new_hosts == NULL) { ret = ENOMEM; goto done; } /* First check for host category */ ret = hbac_get_category(rule_attrs, category_attr, &new_hosts->category); if (ret != EOK) { DEBUG(1, ("Could not identify host categories\n")); goto done; } if (new_hosts->category & HBAC_CATEGORY_ALL) { /* Short-cut to the exit */ ret = EOK; goto done; } /* Get the list of DNs from the member_attr */ ret = sysdb_attrs_get_el(rule_attrs, member_attr, &el); if (ret != EOK && ret != ENOENT) { DEBUG(1, ("sysdb_attrs_get_el failed.\n")); goto done; } if (ret == ENOENT || el->num_values == 0) { el->num_values = 0; DEBUG(4, ("No host specified, rule will never apply.\n")); } /* Assume maximum size; We'll trim it later */ new_hosts->names = talloc_array(new_hosts, const char *, el->num_values +1); if (new_hosts->names == NULL) { ret = ENOMEM; goto done; } new_hosts->groups = talloc_array(new_hosts, const char *, el->num_values + 1); if (new_hosts->groups == NULL) { ret = ENOMEM; goto done; } for (i = 0; i < el->num_values; i++) { ret = sss_filter_sanitize(tmp_ctx, (const char *)el->values[i].data, &member_dn); if (ret != EOK) goto done; filter = talloc_asprintf(member_dn, "(%s=%s)", SYSDB_ORIG_DN, member_dn); if (filter == NULL) { ret = ENOMEM; goto done; } /* First check if this is a specific host */ ret = sysdb_search_custom(tmp_ctx, domain->sysdb, domain, filter, HBAC_HOSTS_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; if (ret == EOK && count == 0) { ret = ENOENT; } if (ret == EOK) { if (count > 1) { DEBUG(1, ("Original DN matched multiple hosts. Skipping \n")); talloc_zfree(member_dn); continue; } /* Original DN matched a single host. Get the hostname */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_FQDN, NULL); if (name == NULL) { DEBUG(1, ("FQDN is missing!\n")); ret = EFAULT; goto done; } new_hosts->names[num_hosts] = talloc_strdup(new_hosts->names, name); if (new_hosts->names[num_hosts] == NULL) { ret = ENOMEM; goto done; } DEBUG(8, ("Added host [%s] to rule [%s]\n", name, rule_name)); num_hosts++; } else { /* ret == ENOENT */ /* Check if this is a hostgroup */ ret = sysdb_search_custom(tmp_ctx, domain->sysdb, domain, filter, HBAC_HOSTGROUPS_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; if (ret == EOK && count == 0) { ret = ENOENT; } if (ret == EOK) { if (count > 1) { DEBUG(1, ("Original DN matched multiple hostgroups. " "Skipping\n")); talloc_zfree(member_dn); continue; } /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { DEBUG(1, ("Hostgroup name is missing!\n")); ret = EFAULT; goto done; } new_hosts->groups[num_hostgroups] = talloc_strdup(new_hosts->groups, name); if (new_hosts->groups[num_hostgroups] == NULL) { ret = ENOMEM; goto done; } DEBUG(8, ("Added hostgroup [%s] to rule [%s]\n", name, rule_name)); num_hostgroups++; } else { /* ret == ENOENT */ /* Neither a host nor a hostgroup? Skip it */ DEBUG(SSSDBG_TRACE_LIBS, ("[%s] does not map to either a host or hostgroup. " "Skipping\n", member_dn)); } } talloc_zfree(member_dn); } new_hosts->names[num_hosts] = NULL; new_hosts->groups[num_hostgroups] = NULL; /* Shrink the arrays down to their real sizes */ new_hosts->names = talloc_realloc(new_hosts, new_hosts->names, const char *, num_hosts + 1); if (new_hosts->names == NULL) { ret = ENOMEM; goto done; } new_hosts->groups = talloc_realloc(new_hosts, new_hosts->groups, const char *, num_hostgroups + 1); if (new_hosts->groups == NULL) { ret = ENOMEM; goto done; } ret = EOK; done: if (ret == EOK) { *hosts = talloc_steal(mem_ctx, new_hosts); if (host_count) *host_count = num_hosts; } talloc_free(tmp_ctx); return ret; } errno_t hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **thosts) { DEBUG(7, ("Processing target hosts for rule [%s]\n", rule_name)); return hbac_host_attrs_to_rule(mem_ctx, domain, rule_name, rule_attrs, IPA_HOST_CATEGORY, IPA_MEMBER_HOST, NULL, thosts); } errno_t hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, bool support_srchost, struct hbac_rule_element **source_hosts) { errno_t ret; size_t host_count; TALLOC_CTX *tmp_ctx; size_t idx; struct ldb_message_element *el; struct hbac_rule_element *shosts; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return ENOMEM; DEBUG(SSSDBG_TRACE_FUNC, ("Processing source hosts for rule [%s]\n", rule_name)); if (!support_srchost) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Source hosts disabled, setting ALL\n")); shosts = talloc_zero(tmp_ctx, struct hbac_rule_element); if (shosts == NULL) { ret = ENOMEM; goto done; } shosts->category = HBAC_CATEGORY_ALL; ret = EOK; goto done; } ret = hbac_host_attrs_to_rule(tmp_ctx, domain, rule_name, rule_attrs, IPA_SOURCE_HOST_CATEGORY, IPA_SOURCE_HOST, &host_count, &shosts); if (ret != EOK) { goto done; } if (shosts->category & HBAC_CATEGORY_ALL) { /* All hosts (including external) are * allowed. */ goto done; } /* Include external (non-IPA-managed) source hosts */ ret = sysdb_attrs_get_el(rule_attrs, IPA_EXTERNAL_HOST, &el); if (ret != EOK && ret != ENOENT) goto done; if (ret == EOK && el->num_values == 0) ret = ENOENT; if (ret != ENOENT) { shosts->names = talloc_realloc(shosts, shosts->names, const char *, host_count + el->num_values + 1); if (shosts->names == NULL) { ret = ENOMEM; goto done; } for (idx = host_count; idx < host_count + el->num_values; idx++) { shosts->names[idx] = talloc_strdup(shosts->names, (const char *)el->values[idx - host_count].data); if (shosts->names[idx] == NULL) { ret = ENOMEM; goto done; } DEBUG(8, ("Added external source host [%s] to rule [%s]\n", shosts->names[idx], rule_name)); } shosts->names[idx] = NULL; } ret = EOK; done: if (ret == EOK) { *source_hosts = talloc_steal(mem_ctx, shosts); } talloc_free(tmp_ctx); return ret; } errno_t get_ipa_hostgroupname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, const char *host_dn, char **hostgroupname) { errno_t ret; struct ldb_dn *dn; const char *rdn_name; const char *hostgroup_comp_name; const char *account_comp_name; const struct ldb_val *rdn_val; const struct ldb_val *hostgroup_comp_val; const struct ldb_val *account_comp_val; /* This is an IPA-specific hack. It may not * work for non-IPA servers and will need to * be changed if SSSD ever supports HBAC on * a non-IPA server. */ *hostgroupname = NULL; dn = ldb_dn_new(mem_ctx, sysdb_ctx_get_ldb(sysdb), host_dn); if (dn == NULL) { ret = ENOMEM; goto done; } if (!ldb_dn_validate(dn)) { ret = EINVAL; goto done; } if (ldb_dn_get_comp_num(dn) < 4) { /* RDN, hostgroups, accounts, and at least one DC= */ /* If it's fewer, it's not a group DN */ ret = ENOENT; goto done; } /* If the RDN name is 'cn' */ rdn_name = ldb_dn_get_rdn_name(dn); if (rdn_name == NULL) { /* Shouldn't happen if ldb_dn_validate() * passed, but we'll be careful. */ ret = EINVAL; goto done; } if (strcasecmp("cn", rdn_name) != 0) { /* RDN has the wrong attribute name. * It's not a host. */ ret = ENOENT; goto done; } /* and the second component is "cn=hostgroups" */ hostgroup_comp_name = ldb_dn_get_component_name(dn, 1); if (strcasecmp("cn", hostgroup_comp_name) != 0) { /* The second component name is not "cn" */ ret = ENOENT; goto done; } hostgroup_comp_val = ldb_dn_get_component_val(dn, 1); if (strncasecmp("hostgroups", (const char *) hostgroup_comp_val->data, hostgroup_comp_val->length) != 0) { /* The second component value is not "hostgroups" */ ret = ENOENT; goto done; } /* and the third component is "accounts" */ account_comp_name = ldb_dn_get_component_name(dn, 2); if (strcasecmp("cn", account_comp_name) != 0) { /* The third component name is not "cn" */ ret = ENOENT; goto done; } account_comp_val = ldb_dn_get_component_val(dn, 2); if (strncasecmp("accounts", (const char *) account_comp_val->data, account_comp_val->length) != 0) { /* The third component value is not "accounts" */ ret = ENOENT; goto done; } /* Then the value of the RDN is the group name */ rdn_val = ldb_dn_get_rdn_val(dn); *hostgroupname = talloc_strndup(mem_ctx, (const char *)rdn_val->data, rdn_val->length); if (*hostgroupname == NULL) { ret = ENOMEM; goto done; } ret = EOK; done: talloc_free(dn); return ret; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_access.h0000644000000000000000000000007412320753107021373 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.486875075 sssd-1.11.5/src/providers/ipa/ipa_access.h0000664002412700241270000000445612320753107021626 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- Access control Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _IPA_ACCESS_H_ #define _IPA_ACCESS_H_ #include "providers/ldap/ldap_common.h" enum ipa_access_mode { IPA_ACCESS_DENY = 0, IPA_ACCESS_ALLOW }; struct ipa_access_ctx { struct sdap_id_ctx *sdap_ctx; struct dp_option *ipa_options; struct time_rules_ctx *tr_ctx; time_t last_update; struct sdap_access_ctx *sdap_access_ctx; struct sdap_attr_map *host_map; struct sdap_attr_map *hostgroup_map; struct sdap_search_base **host_search_bases; struct sdap_search_base **hbac_search_bases; }; struct hbac_ctx { struct sdap_id_ctx *sdap_ctx; struct ipa_access_ctx *access_ctx; struct sdap_id_op *sdap_op; struct dp_option *ipa_options; struct time_rules_ctx *tr_ctx; struct be_req *be_req; struct pam_data *pd; struct sdap_search_base **search_bases; /* Hosts */ size_t host_count; struct sysdb_attrs **hosts; size_t hostgroup_count; struct sysdb_attrs **hostgroups; struct sysdb_attrs *ipa_host; /* Rules */ bool get_deny_rules; size_t rule_count; struct sysdb_attrs **rules; /* Services */ size_t service_count; struct sysdb_attrs **services; size_t servicegroup_count; struct sysdb_attrs **servicegroups; }; void ipa_access_handler(struct be_req *be_req); errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, size_t *_rule_count, struct sysdb_attrs ***_rules); #endif /* _IPA_ACCESS_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_config.c0000644000000000000000000000007412320753107021372 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.578875007 sssd-1.11.5/src/providers/ipa/ipa_config.c0000664002412700241270000001071212320753107021615 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- configuration retrieval Authors: Jan Zeleny Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/ipa/ipa_config.h" #include "providers/ipa/ipa_common.h" #include "providers/ldap/sdap_async.h" struct ipa_get_config_state { char *base; const char **attrs; struct sysdb_attrs *config; }; static void ipa_get_config_done(struct tevent_req *subreq); struct tevent_req * ipa_get_config_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_handle *sh, struct sdap_options *opts, const char *domain, const char **attrs) { struct tevent_req *req; struct tevent_req *subreq; struct ipa_get_config_state *state; errno_t ret; char *ldap_basedn; req = tevent_req_create(mem_ctx, &state, struct ipa_get_config_state); if (req == NULL) { return NULL; } if (attrs == NULL) { state->attrs = talloc_zero_array(state, const char *, 4); if (state->attrs == NULL) { ret = ENOMEM; goto done; } state->attrs[0] = IPA_CONFIG_MIGRATION_ENABLED; state->attrs[1] = IPA_CONFIG_SELINUX_DEFAULT_USER_CTX; state->attrs[2] = IPA_CONFIG_SELINUX_MAP_ORDER; state->attrs[3] = NULL; } else { state->attrs = attrs; } ret = domain_to_basedn(state, domain, &ldap_basedn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("domain_to_basedn failed.\n")); goto done; } state->base = talloc_asprintf(state, IPA_CONFIG_SEARCH_BASE_TEMPLATE, ldap_basedn); if (state->base == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } subreq = sdap_get_generic_send(state, ev, opts, sh, state->base, LDAP_SCOPE_SUBTREE, IPA_CONFIG_FILTER, state->attrs, NULL, 0, dp_opt_get_int(opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), false); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, ipa_get_config_done, req); ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static void ipa_get_config_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_get_config_state *state = tevent_req_data(req, struct ipa_get_config_state); size_t reply_count; struct sysdb_attrs **reply = NULL; errno_t ret; ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply); talloc_zfree(subreq); if (ret) { goto done; } if (reply_count != 1) { DEBUG(SSSDBG_OP_FAILURE, ("Unexpected number of results, expected 1, " "got %zu.\n", reply_count)); ret = EINVAL; goto done; } state->config = reply[0]; ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); } else { tevent_req_done(req); } } errno_t ipa_get_config_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct sysdb_attrs **config) { struct ipa_get_config_state *state = tevent_req_data(req, struct ipa_get_config_state); TEVENT_REQ_RETURN_ON_ERROR(req); *config = talloc_steal(mem_ctx, state->config); return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_selinux_common.h0000644000000000000000000000007412320753107023171 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.489875072 sssd-1.11.5/src/providers/ipa/ipa_selinux_common.h0000664002412700241270000000227312320753107023417 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- SELinux common routines Authors: Jan Zeleny Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef IPA_SELINUX_COMMON_H_ #define IPA_SELINUX_COMMON_H_ errno_t ipa_save_host(struct sysdb_ctx *sysdb, struct sysdb_attrs *host); errno_t ipa_save_user_maps(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, size_t map_count, struct sysdb_attrs **maps); #endif /* IPA_SELINUX_COMMON_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_auth.c0000644000000000000000000000007412320753107021066 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.580875005 sssd-1.11.5/src/providers/ipa/ipa_auth.c0000664002412700241270000003516412320753107021321 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- Authentication Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include "util/util.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/krb5/krb5_auth.h" #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_config.h" struct get_password_migration_flag_state { struct tevent_context *ev; struct sdap_id_op *sdap_op; struct sdap_id_ctx *sdap_id_ctx; struct fo_server *srv; char *ipa_realm; bool password_migration; }; static void get_password_migration_flag_auth_done(struct tevent_req *subreq); static void get_password_migration_flag_done(struct tevent_req *subreq); static struct tevent_req *get_password_migration_flag_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *sdap_id_ctx, char *ipa_realm) { int ret; struct tevent_req *req, *subreq; struct get_password_migration_flag_state *state; if (sdap_id_ctx == NULL || ipa_realm == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing parameter.\n")); return NULL; } req = tevent_req_create(memctx, &state, struct get_password_migration_flag_state); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("tevent_req_create failed.\n")); return NULL; } state->ev = ev; state->sdap_id_ctx = sdap_id_ctx; state->srv = NULL; state->password_migration = false; state->ipa_realm = ipa_realm; state->sdap_op = sdap_id_op_create(state, state->sdap_id_ctx->conn->conn_cache); if (state->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); goto fail; } subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret); if (!subreq) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret))); goto fail; } tevent_req_set_callback(subreq, get_password_migration_flag_auth_done, req); return req; fail: talloc_zfree(req); return NULL; } static void get_password_migration_flag_auth_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct get_password_migration_flag_state *state = tevent_req_data(req, struct get_password_migration_flag_state); int ret, dp_error; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret) { if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_MINOR_FAILURE, ("No IPA server is available, cannot get the " "migration flag while offline\n")); } else { DEBUG(SSSDBG_OP_FAILURE, ("Failed to connect to IPA server: [%d](%s)\n", ret, strerror(ret))); } tevent_req_error(req, ret); return; } subreq = ipa_get_config_send(state, state->ev, sdap_id_op_handle(state->sdap_op), state->sdap_id_ctx->opts, state->ipa_realm, NULL); tevent_req_set_callback(subreq, get_password_migration_flag_done, req); } static void get_password_migration_flag_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct get_password_migration_flag_state *state = tevent_req_data(req, struct get_password_migration_flag_state); int ret; struct sysdb_attrs *reply = NULL; const char *value = NULL; ret = ipa_get_config_recv(subreq, state, &reply); talloc_zfree(subreq); if (ret) { goto done; } ret = sysdb_attrs_get_string(reply, IPA_CONFIG_MIGRATION_ENABLED, &value); if (ret == EOK && strcasecmp(value, "true") == 0) { state->password_migration = true; } done: if (ret != EOK) { tevent_req_error(req, ret); } else { tevent_req_done(req); } } static int get_password_migration_flag_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, bool *password_migration) { struct get_password_migration_flag_state *state = tevent_req_data(req, struct get_password_migration_flag_state); TEVENT_REQ_RETURN_ON_ERROR(req); *password_migration = state->password_migration; return EOK; } struct ipa_auth_state { struct be_req *be_req; struct tevent_context *ev; struct ipa_auth_ctx *ipa_auth_ctx; struct pam_data *pd; bool password_migration; struct sdap_handle *sh; }; static void ipa_auth_handler_done(struct tevent_req *req); static void ipa_get_migration_flag_done(struct tevent_req *req); static void ipa_migration_flag_connect_done(struct tevent_req *req); static void ipa_auth_ldap_done(struct tevent_req *req); static void ipa_auth_handler_retry_done(struct tevent_req *req); void ipa_auth(struct be_req *be_req) { struct tevent_req *req; struct ipa_auth_state *state; struct pam_data *pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); state = talloc_zero(be_req, struct ipa_auth_state); if (state == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero failed.\n")); goto fail; } state->password_migration = false; state->sh = NULL; state->be_req = be_req; state->ev = be_ctx->ev; state->pd = pd; switch (state->pd->cmd) { case SSS_PAM_AUTHENTICATE: state->ipa_auth_ctx = talloc_get_type( be_ctx->bet_info[BET_AUTH].pvt_bet_data, struct ipa_auth_ctx); break; case SSS_PAM_CHAUTHTOK: case SSS_PAM_CHAUTHTOK_PRELIM: state->ipa_auth_ctx = talloc_get_type( be_ctx->bet_info[BET_CHPASS].pvt_bet_data, struct ipa_auth_ctx); break; default: DEBUG(SSSDBG_OP_FAILURE, ("Unsupported PAM task.\n")); goto fail; } req = krb5_auth_send(state, state->ev, be_ctx, state->pd, state->ipa_auth_ctx->krb5_auth_ctx); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_auth_send failed.\n")); goto fail; } tevent_req_set_callback(req, ipa_auth_handler_done, state); return; fail: talloc_free(state); pd->pam_status = PAM_SYSTEM_ERR; be_req_terminate(be_req, DP_ERR_FATAL, pd->pam_status, NULL); } static void ipa_auth_handler_done(struct tevent_req *req) { struct ipa_auth_state *state = tevent_req_callback_data(req, struct ipa_auth_state); int ret; int pam_status = PAM_SYSTEM_ERR; int dp_err; ret = krb5_auth_recv(req, &pam_status, &dp_err); talloc_zfree(req); state->pd->pam_status = pam_status; if (ret != EOK && pam_status != PAM_CRED_ERR) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_auth_recv request failed.\n")); dp_err = DP_ERR_OK; goto done; } if (dp_err != DP_ERR_OK) { goto done; } if (state->pd->cmd == SSS_PAM_AUTHENTICATE && state->pd->pam_status == PAM_CRED_ERR) { req = get_password_migration_flag_send(state, state->ev, state->ipa_auth_ctx->sdap_id_ctx, dp_opt_get_string( state->ipa_auth_ctx->ipa_options, IPA_KRB5_REALM)); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("get_password_migration_flag failed.\n")); goto done; } tevent_req_set_callback(req, ipa_get_migration_flag_done, state); return; } done: be_req_terminate(state->be_req, dp_err, state->pd->pam_status, NULL); } static void ipa_get_migration_flag_done(struct tevent_req *req) { struct ipa_auth_state *state = tevent_req_callback_data(req, struct ipa_auth_state); int ret; int dp_err = DP_ERR_FATAL; ret = get_password_migration_flag_recv(req, state, &state->password_migration); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("get_password_migration_flag " "request failed.\n")); state->pd->pam_status = PAM_SYSTEM_ERR; dp_err = DP_ERR_OK; goto done; } if (state->password_migration) { req = sdap_cli_connect_send(state, state->ev, state->ipa_auth_ctx->sdap_auth_ctx->opts, state->ipa_auth_ctx->sdap_auth_ctx->be, state->ipa_auth_ctx->sdap_auth_ctx->service, true, CON_TLS_ON, true); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_cli_connect_send failed.\n")); goto done; } tevent_req_set_callback(req, ipa_migration_flag_connect_done, state); return; } DEBUG(SSSDBG_CONF_SETTINGS, ("Password migration is not enabled.\n")); dp_err = DP_ERR_OK; done: be_req_terminate(state->be_req, dp_err, state->pd->pam_status, NULL); } static void ipa_migration_flag_connect_done(struct tevent_req *req) { struct ipa_auth_state *state = tevent_req_callback_data(req, struct ipa_auth_state); struct be_ctx *be_ctx = be_req_get_be_ctx(state->be_req); const char **attrs; struct ldb_message *user_msg; const char *dn; int dp_err = DP_ERR_FATAL; int ret; ret = sdap_cli_connect_recv(req, state, NULL, &state->sh, NULL); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot connect to LDAP server to perform migration\n")); goto done; } state->pd->pam_status = PAM_SYSTEM_ERR; DEBUG(SSSDBG_TRACE_FUNC, ("Assuming Kerberos password is missing, " "starting password migration.\n")); attrs = talloc_array(state, const char *, 2); if (attrs == NULL) { DEBUG(1, ("talloc_array failed.\n")); state->pd->pam_status = PAM_SYSTEM_ERR; dp_err = DP_ERR_OK; goto done; } attrs[0] = SYSDB_ORIG_DN; attrs[1] = NULL; ret = sysdb_search_user_by_name(state, be_ctx->domain->sysdb, be_ctx->domain, state->pd->user, attrs, &user_msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_user_by_name failed.\n")); goto done; } dn = ldb_msg_find_attr_as_string(user_msg, SYSDB_ORIG_DN, NULL); if (dn == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Missing original DN for user [%s].\n", state->pd->user)); state->pd->pam_status = PAM_SYSTEM_ERR; dp_err = DP_ERR_OK; goto done; } req = sdap_auth_send(state, state->ev, state->sh, NULL, NULL, dn, state->pd->authtok); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_auth_send failed.\n")); goto done; } tevent_req_set_callback(req, ipa_auth_ldap_done, state); return; done: be_req_terminate(state->be_req, dp_err, state->pd->pam_status, NULL); } static void ipa_auth_ldap_done(struct tevent_req *req) { struct ipa_auth_state *state = tevent_req_callback_data(req, struct ipa_auth_state); struct be_ctx *be_ctx = be_req_get_be_ctx(state->be_req); int ret; int dp_err = DP_ERR_FATAL; ret = sdap_auth_recv(req, state, NULL); talloc_zfree(req); switch (ret) { case EOK: break; case ERR_AUTH_DENIED: case ERR_AUTH_FAILED: case ERR_PASSWORD_EXPIRED: /* TODO: do we need to handle expired passwords? */ DEBUG(SSSDBG_MINOR_FAILURE, ("LDAP authentication failed, " "Password migration not possible.\n")); state->pd->pam_status = PAM_CRED_INSUFFICIENT; dp_err = DP_ERR_OK; goto done; default: DEBUG(SSSDBG_OP_FAILURE, ("auth_send request failed.\n")); state->pd->pam_status = PAM_SYSTEM_ERR; dp_err = DP_ERR_OK; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("LDAP authentication succeded, " "trying Kerberos authentication again.\n")); req = krb5_auth_send(state, state->ev, be_ctx, state->pd, state->ipa_auth_ctx->krb5_auth_ctx); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_auth_send failed.\n")); goto done; } tevent_req_set_callback(req, ipa_auth_handler_retry_done, state); return; done: be_req_terminate(state->be_req, dp_err, state->pd->pam_status, NULL); } static void ipa_auth_handler_retry_done(struct tevent_req *req) { struct ipa_auth_state *state = tevent_req_callback_data(req, struct ipa_auth_state); int ret; int pam_status; int dp_err; ret = krb5_auth_recv(req, &pam_status, &dp_err); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_auth_recv request failed.\n")); state->pd->pam_status = PAM_SYSTEM_ERR; dp_err = DP_ERR_OK; goto done; } state->pd->pam_status = pam_status; done: be_req_terminate(state->be_req, dp_err, state->pd->pam_status, NULL); } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_id.c0000644000000000000000000000007412320753107020521 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.578875007 sssd-1.11.5/src/providers/ipa/ipa_id.c0000664002412700241270000002526512320753107020755 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Identity Backend Module Authors: Jan Zeleny Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_id.h" static const char *ipa_account_info_error_text(int ret, int *dp_error, const char *default_text) { switch (*dp_error) { case DP_ERR_OK: if (ret == EOK) { return NULL; } DEBUG(SSSDBG_CRIT_FAILURE, ("Bug: dp_error is OK on failed request\n")); *dp_error = DP_ERR_FATAL; break; case DP_ERR_OFFLINE: return "Offline"; case DP_ERR_FATAL: if (ret == ENOMEM) { return "Out of memory"; } break; default: break; } return default_text; } static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct ipa_id_ctx *ipa_ctx, const char *name); static int ipa_id_get_netgroup_recv(struct tevent_req *req, int *dp_error); static void ipa_account_info_done(struct tevent_req *req); void ipa_account_info_handler(struct be_req *breq) { struct be_ctx *be_ctx = be_req_get_be_ctx(breq); struct ipa_id_ctx *ipa_ctx; struct sdap_id_ctx *ctx; struct be_acct_req *ar; struct tevent_req *req = NULL; ipa_ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data, struct ipa_id_ctx); ctx = ipa_ctx->sdap_id_ctx; if (be_is_offline(ctx->be)) { return sdap_handler_done(breq, DP_ERR_OFFLINE, EAGAIN, "Offline"); } ar = talloc_get_type(be_req_get_data(breq), struct be_acct_req); if (strcasecmp(ar->domain, be_ctx->domain->name) != 0) { /* if domain names do not match, this is a subdomain case * subdomain lookups are handled differently on the server * and the client */ if (dp_opt_get_bool(ipa_ctx->ipa_options->basic, IPA_SERVER_MODE)) { req = ipa_get_ad_acct_send(breq, be_ctx->ev, ipa_ctx, breq, ar); } else { req = ipa_get_subdom_acct_send(breq, be_ctx->ev, ctx, ar); } } else if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_NETGROUP) { /* netgroups are handled by a separate request function */ if (ar->filter_type != BE_FILTER_NAME) { return sdap_handler_done(breq, DP_ERR_FATAL, EINVAL, "Invalid filter type"); } req = ipa_id_get_netgroup_send(breq, be_ctx->ev, ipa_ctx, ar->filter_value); } else { /* any account request is handled by sdap, * any invalid request is caught there. */ return sdap_handle_account_info(breq, ctx, ctx->conn); } if (!req) { return sdap_handler_done(breq, DP_ERR_FATAL, ENOMEM, "Out of memory"); } tevent_req_set_callback(req, ipa_account_info_done, breq); } static void ipa_account_info_done(struct tevent_req *req) { struct be_req *breq = tevent_req_callback_data(req, struct be_req); struct be_ctx *be_ctx = be_req_get_be_ctx(breq); struct ipa_id_ctx *ipa_ctx; struct be_acct_req *ar = talloc_get_type(be_req_get_data(breq), struct be_acct_req); const char *error_text; int ret, dp_error; ipa_ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data, struct ipa_id_ctx); if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_NETGROUP) { ret = ipa_id_get_netgroup_recv(req, &dp_error); } else { if (dp_opt_get_bool(ipa_ctx->ipa_options->basic, IPA_SERVER_MODE)) { ret = ipa_get_ad_acct_recv(req, &dp_error); } else { ret = ipa_get_subdom_acct_recv(req, &dp_error); } } talloc_zfree(req); error_text = ipa_account_info_error_text(ret, &dp_error, "Account info lookup failed"); sdap_handler_done(breq, dp_error, ret, error_text); } /* Request for netgroups * - first start here and then go to ipa_netgroups.c */ struct ipa_id_get_netgroup_state { struct tevent_context *ev; struct ipa_id_ctx *ctx; struct sdap_id_op *op; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; const char *name; int timeout; char *filter; const char **attrs; size_t count; struct sysdb_attrs **netgroups; int dp_error; }; static void ipa_id_get_netgroup_connected(struct tevent_req *subreq); static void ipa_id_get_netgroup_done(struct tevent_req *subreq); static struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct ipa_id_ctx *ipa_ctx, const char *name) { struct tevent_req *req; struct ipa_id_get_netgroup_state *state; struct tevent_req *subreq; struct sdap_id_ctx *ctx; char *clean_name; int ret; ctx = ipa_ctx->sdap_id_ctx; req = tevent_req_create(memctx, &state, struct ipa_id_get_netgroup_state); if (!req) return NULL; state->ev = ev; state->ctx = ipa_ctx; state->dp_error = DP_ERR_FATAL; state->op = sdap_id_op_create(state, ctx->conn->conn_cache); if (!state->op) { DEBUG(2, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto fail; } state->sysdb = ctx->be->domain->sysdb; state->domain = ctx->be->domain; state->name = name; state->timeout = dp_opt_get_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT); ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) { goto fail; } state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", ctx->opts->netgroup_map[IPA_AT_NETGROUP_NAME].name, clean_name, ctx->opts->netgroup_map[IPA_OC_NETGROUP].name); if (!state->filter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto fail; } talloc_zfree(clean_name); ret = build_attrs_from_map(state, ctx->opts->netgroup_map, IPA_OPTS_NETGROUP, NULL, &state->attrs, NULL); if (ret != EOK) goto fail; subreq = sdap_id_op_connect_send(state->op, state, &ret); if (!subreq) { goto fail; } tevent_req_set_callback(subreq, ipa_id_get_netgroup_connected, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void ipa_id_get_netgroup_connected(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_id_get_netgroup_state *state = tevent_req_data(req, struct ipa_id_get_netgroup_state); int dp_error = DP_ERR_FATAL; int ret; struct sdap_id_ctx *sdap_ctx = state->ctx->sdap_id_ctx; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } subreq = ipa_get_netgroups_send(state, state->ev, state->sysdb, state->domain, sdap_ctx->opts, state->ctx->ipa_options, sdap_id_op_handle(state->op), state->attrs, state->filter, state->timeout); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, ipa_id_get_netgroup_done, req); return; } static void ipa_id_get_netgroup_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_id_get_netgroup_state *state = tevent_req_data(req, struct ipa_id_get_netgroup_state); int dp_error = DP_ERR_FATAL; int ret; ret = ipa_get_netgroups_recv(subreq, state, &state->count, &state->netgroups); talloc_zfree(subreq); ret = sdap_id_op_done(state->op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ subreq = sdap_id_op_connect_send(state->op, state, &ret); if (!subreq) { tevent_req_error(req, ret); return; } tevent_req_set_callback(subreq, ipa_id_get_netgroup_connected, req); return; } if (ret && ret != ENOENT) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } if (ret == EOK && state->count > 1) { DEBUG(1, ("Found more than one netgroup with the name [%s].\n", state->name)); tevent_req_error(req, EINVAL); return; } if (ret == ENOENT) { ret = sysdb_delete_netgroup(state->sysdb, state->domain, state->name); if (ret != EOK && ret != ENOENT) { tevent_req_error(req, ret); return; } } state->dp_error = DP_ERR_OK; tevent_req_done(req); return; } static int ipa_id_get_netgroup_recv(struct tevent_req *req, int *dp_error) { struct ipa_id_get_netgroup_state *state = tevent_req_data(req, struct ipa_id_get_netgroup_state); if (dp_error) { *dp_error = state->dp_error; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } void ipa_check_online(struct be_req *be_req) { struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct ipa_id_ctx *ipa_ctx; ipa_ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data, struct ipa_id_ctx); return sdap_do_online_check(be_req, ipa_ctx->sdap_id_ctx); } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_opts.h0000644000000000000000000000007412320753107021117 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.494875069 sssd-1.11.5/src/providers/ipa/ipa_opts.h0000664002412700241270000004303012320753107021341 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef IPA_OPTS_H_ #define IPA_OPTS_H_ #include "src/providers/data_provider.h" #include "db/sysdb.h" #include "db/sysdb_sudo.h" #include "db/sysdb_autofs.h" #include "db/sysdb_services.h" #include "db/sysdb_selinux.h" struct dp_option ipa_basic_opts[] = { { "ipa_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ipa_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ipa_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ipa_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ipa_hbac_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ipa_host_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ipa_selinux_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ipa_subdomains_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ipa_master_domain_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ipa_hbac_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER }, { "ipa_selinux_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER }, { "ipa_hbac_treat_deny_as", DP_OPT_STRING, { "DENY_ALL" }, NULL_STRING }, { "ipa_hbac_support_srchost", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ipa_automount_location", DP_OPT_STRING, { "default" }, NULL_STRING }, { "ipa_ranges_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ipa_enable_dns_sites", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ipa_server_mode", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, DP_OPTION_TERMINATOR }; struct dp_option ipa_dyndns_opts[] = { { "dyndns_update", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_refresh_interval", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER }, { "dyndns_iface", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "dyndns_ttl", DP_OPT_NUMBER, { .number = 1200 }, NULL_NUMBER }, { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING }, DP_OPTION_TERMINATOR }; struct dp_option ipa_def_ldap_opts[] = { { "ldap_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_backup_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB }, { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING }, { "ldap_user_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_user_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING }, { "ldap_user_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_group_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_group_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING }, { "ldap_group_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_service_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_full_refresh_interval", DP_OPT_NUMBER, { .number = 21600 }, NULL_NUMBER }, { "ldap_sudo_smart_refresh_interval", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, /* 15 mins */ { "ldap_sudo_use_host_filter", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_sudo_hostnames", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_ip", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_include_netgroups", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_sudo_include_regexp", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_autofs_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_schema", DP_OPT_STRING, { "ipa_v1" }, NULL_STRING }, { "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_enumeration_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_purge_cache_timeout", DP_OPT_NUMBER, { .number = 3600 }, NULL_NUMBER }, { "ldap_tls_cacert", DP_OPT_STRING, { "/etc/ipa/ca.crt" }, NULL_STRING }, { "ldap_tls_cacertdir", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cert", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_key", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_tls_cipher_suite", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_id_use_start_tls", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_id_mapping", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_sasl_mech", DP_OPT_STRING, { "GSSAPI" } , NULL_STRING }, { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = 56 }, NULL_NUMBER }, { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, /* use the same parm name as the krb5 module so we set it only once */ { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "krb5_use_kdcinfo", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING }, { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, { "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING }, { "ldap_krb5_ticket_lifetime", DP_OPT_NUMBER, { .number = (24 * 60 * 60) }, NULL_NUMBER }, { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_netgroup_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_group_nesting_level", DP_OPT_NUMBER, { .number = 2 }, NULL_NUMBER }, { "ldap_deref", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_account_expire_policy", DP_OPT_STRING, { "ipa" }, NULL_STRING }, { "ldap_access_order", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_backup_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_update_last_change", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_enumeration_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, /* Do not include ldap_auth_disable_tls_never_use_in_production in the * manpages or SSSDConfig API */ { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_page_size", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }, { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }, { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER }, { "ldap_idmap_range_size", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER }, { "ldap_idmap_autorid_compat", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_idmap_default_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_idmap_default_domain_sid", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_groups_use_matching_rule_in_chain", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_initgroups_use_matching_rule_in_chain", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_rfc2307_fallback_to_local_users", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_disable_range_retrieval", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_min_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER}, { "ldap_max_id", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER}, DP_OPTION_TERMINATOR }; struct sdap_attr_map ipa_attr_map[] = { { "ldap_entry_usn", "entryUSN", SYSDB_USN, NULL }, { "ldap_rootdse_last_usn", "lastUSN", SYSDB_HIGH_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ipa_user_map[] = { { "ldap_user_object_class", "posixAccount", SYSDB_USER_CLASS, NULL }, { "ldap_user_name", "uid", SYSDB_NAME, NULL }, { "ldap_user_pwd", "userPassword", SYSDB_PWD, NULL }, { "ldap_user_uid_number", "uidNumber", SYSDB_UIDNUM, NULL }, { "ldap_user_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_user_gecos", "gecos", SYSDB_GECOS, NULL }, { "ldap_user_home_directory", "homeDirectory", SYSDB_HOMEDIR, NULL }, { "ldap_user_shell", "loginShell", SYSDB_SHELL, NULL }, { "ldap_user_principal", "krbPrincipalName", SYSDB_UPN, NULL }, { "ldap_user_fullname", "cn", SYSDB_FULLNAME, NULL }, { "ldap_user_member_of", "memberOf", SYSDB_MEMBEROF, NULL }, { "ldap_user_uuid", "nsUniqueId", SYSDB_UUID, NULL }, { "ldap_user_objectsid", "ipaNTSecurityIdentifier", SYSDB_SID_STR, NULL }, { "ldap_user_primary_group", NULL, SYSDB_PRIMARY_GROUP, NULL }, { "ldap_user_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_user_entry_usn", NULL, SYSDB_USN, NULL }, { "ldap_user_shadow_last_change", "shadowLastChange", SYSDB_SHADOWPW_LASTCHANGE, NULL }, { "ldap_user_shadow_min", "shadowMin", SYSDB_SHADOWPW_MIN, NULL }, { "ldap_user_shadow_max", "shadowMax", SYSDB_SHADOWPW_MAX, NULL }, { "ldap_user_shadow_warning", "shadowWarning", SYSDB_SHADOWPW_WARNING, NULL }, { "ldap_user_shadow_inactive", "shadowInactive", SYSDB_SHADOWPW_INACTIVE, NULL }, { "ldap_user_shadow_expire", "shadowExpire", SYSDB_SHADOWPW_EXPIRE, NULL }, { "ldap_user_shadow_flag", "shadowFlag", SYSDB_SHADOWPW_FLAG, NULL }, { "ldap_user_krb_last_pwd_change", "krbLastPwdChange", SYSDB_KRBPW_LASTCHANGE, NULL }, { "ldap_user_krb_password_expiration", "krbPasswordExpiration", SYSDB_KRBPW_EXPIRATION, NULL }, { "ldap_pwd_attribute", "pwdAttribute", SYSDB_PWD_ATTRIBUTE, NULL }, { "ldap_user_authorized_service", "authorizedService", SYSDB_AUTHORIZED_SERVICE, NULL }, { "ldap_user_ad_account_expires", "accountExpires", SYSDB_AD_ACCOUNT_EXPIRES, NULL}, { "ldap_user_ad_user_account_control", "userAccountControl", SYSDB_AD_USER_ACCOUNT_CONTROL, NULL}, { "ldap_ns_account_lock", "nsAccountLock", SYSDB_NS_ACCOUNT_LOCK, NULL}, { "ldap_user_authorized_host", "host", SYSDB_AUTHORIZED_HOST, NULL }, { "ldap_user_nds_login_disabled", "loginDisabled", SYSDB_NDS_LOGIN_DISABLED, NULL }, { "ldap_user_nds_login_expiration_time", "loginExpirationTime", SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL }, { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, { "ldap_user_ssh_public_key", "ipaSshPubKey", SYSDB_SSH_PUBKEY, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ipa_group_map[] = { { "ldap_group_object_class", "posixGroup", SYSDB_GROUP_CLASS, NULL }, { "ldap_group_name", "cn", SYSDB_NAME, NULL }, { "ldap_group_pwd", "userPassword", SYSDB_PWD, NULL }, { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_group_member", "member", SYSDB_MEMBER, NULL }, { "ldap_group_uuid", "nsUniqueId", SYSDB_UUID, NULL }, { "ldap_group_objectsid", "ipaNTSecurityIdentifier", SYSDB_SID_STR, NULL }, { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }, { "ldap_group_entry_usn", NULL, SYSDB_USN, NULL }, { "ldap_group_type", NULL, SYSDB_GROUP_TYPE, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ipa_netgroup_map[] = { { "ipa_netgroup_object_class", "ipaNisNetgroup", SYSDB_NETGROUP_CLASS, NULL }, { "ipa_netgroup_name", "cn", SYSDB_NAME, NULL }, { "ipa_netgroup_member", "member", SYSDB_ORIG_NETGROUP_MEMBER, NULL }, { "ipa_netgroup_member_of", "memberOf", SYSDB_MEMBEROF, NULL }, { "ipa_netgroup_member_user", "memberUser", SYSDB_ORIG_MEMBER_USER, NULL }, { "ipa_netgroup_member_host", "memberHost", SYSDB_ORIG_MEMBER_HOST, NULL }, { "ipa_netgroup_member_ext_host", "externalHost", SYSDB_ORIG_NETGROUP_EXTERNAL_HOST, NULL }, { "ipa_netgroup_domain", "nisDomainName", SYSDB_NETGROUP_DOMAIN, NULL }, { "ipa_netgroup_uuid", "ipaUniqueID", SYSDB_UUID, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ipa_host_map[] = { { "ipa_host_object_class", "ipaHost", SYSDB_HOST_CLASS, NULL }, { "ipa_host_name", "cn", SYSDB_NAME, NULL }, { "ipa_host_fqdn", "fqdn", SYSDB_FQDN, NULL }, { "ipa_host_serverhostname", "serverHostname", SYSDB_SERVERHOSTNAME, NULL }, { "ipa_host_member_of", "memberOf", SYSDB_ORIG_MEMBEROF, NULL }, { "ipa_host_ssh_public_key", "ipaSshPubKey", SYSDB_SSH_PUBKEY, NULL }, { "ipa_host_uuid", "ipaUniqueID", SYSDB_UUID, NULL}, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ipa_hostgroup_map[] = { { "ipa_hostgroup_objectclass", "ipaHostgroup", SYSDB_HOSTGROUP_CLASS, NULL}, { "ipa_hostgroup_name", "cn", SYSDB_NAME, NULL}, { "ipa_hostgroup_memberof", "memberOf", SYSDB_ORIG_MEMBEROF, NULL}, { "ipa_hostgroup_uuid", "ipaUniqueID", SYSDB_UUID, NULL}, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ipa_selinux_user_map[] = { { "ipa_selinux_usermap_object_class", "ipaselinuxusermap", SYSDB_SELINUX_USERMAP_CLASS, NULL}, { "ipa_selinux_usermap_name", "cn", SYSDB_NAME, NULL}, { "ipa_selinux_usermap_member_user", "memberUser", SYSDB_ORIG_MEMBER_USER, NULL}, { "ipa_selinux_usermap_member_host", "memberHost", SYSDB_ORIG_MEMBER_HOST, NULL}, { "ipa_selinux_usermap_see_also", "seeAlso", SYSDB_SELINUX_SEEALSO, NULL}, { "ipa_selinux_usermap_selinux_user", "ipaSELinuxUser", SYSDB_SELINUX_USER, NULL}, { "ipa_selinux_usermap_enabled", "ipaEnabledFlag", SYSDB_SELINUX_ENABLED, NULL}, { "ipa_selinux_usermap_user_category", "userCategory", SYSDB_USER_CATEGORY, NULL}, { "ipa_selinux_usermap_host_category", "hostCategory", SYSDB_HOST_CATEGORY, NULL}, { "ipa_selinux_usermap_uuid", "ipaUniqueID", SYSDB_UUID, NULL}, SDAP_ATTR_MAP_TERMINATOR }; struct dp_option ipa_def_krb5_opts[] = { { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_ccachedir", DP_OPT_STRING, { DEFAULT_CCACHE_DIR }, NULL_STRING }, { "krb5_ccname_template", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "krb5_auth_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "krb5_keytab", DP_OPT_STRING, { "/etc/krb5.keytab" }, NULL_STRING }, { "krb5_validate", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "krb5_kpasswd", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_backup_kpasswd", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_store_password_if_offline", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_renewable_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_lifetime", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_renew_interval", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_use_fast", DP_OPT_STRING, { "try" }, NULL_STRING }, { "krb5_fast_principal", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "krb5_use_enterprise_principal", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_use_kdcinfo", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, DP_OPTION_TERMINATOR }; struct sdap_attr_map ipa_service_map[] = { { "ldap_service_object_class", "ipService", SYSDB_SVC_CLASS, NULL }, { "ldap_service_name", "cn", SYSDB_NAME, NULL }, { "ldap_service_port", "ipServicePort", SYSDB_SVC_PORT, NULL }, { "ldap_service_proto", "ipServiceProtocol", SYSDB_SVC_PROTO, NULL }, { "ldap_service_entry_usn", NULL, SYSDB_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ipa_autofs_mobject_map[] = { { "ldap_autofs_map_object_class", "automountMap", SYSDB_AUTOFS_MAP_OC, NULL }, { "ldap_autofs_map_name", "automountMapName", SYSDB_AUTOFS_MAP_NAME, NULL }, SDAP_ATTR_MAP_TERMINATOR }; struct sdap_attr_map ipa_autofs_entry_map[] = { { "ldap_autofs_entry_object_class", "automount", SYSDB_AUTOFS_ENTRY_OC, NULL }, { "ldap_autofs_entry_key", "automountKey", SYSDB_AUTOFS_ENTRY_KEY, NULL }, { "ldap_autofs_entry_value", "automountInformation", SYSDB_AUTOFS_ENTRY_VALUE, NULL }, SDAP_ATTR_MAP_TERMINATOR }; #endif /* IPA_OPTS_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_id.h0000644000000000000000000000007412320753107020526 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.493875069 sssd-1.11.5/src/providers/ipa/ipa_id.h0000664002412700241270000000626412320753107020760 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Identity Backend Module Authors: Jan Zeleny Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _IPA_ID_H_ #define _IPA_ID_H_ #include "providers/ldap/ldap_common.h" #include "providers/ipa/ipa_common.h" #include "providers/ldap/sdap.h" #include "providers/ipa/ipa_subdomains.h" void ipa_account_info_handler(struct be_req *breq); struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, struct sdap_options *opts, struct ipa_options *ipa_options, struct sdap_handle *sh, const char **attrs, const char *filter, int timeout); int ipa_get_netgroups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *reply_count, struct sysdb_attrs ***reply); void ipa_check_online(struct be_req *be_req); struct tevent_req *ipa_s2n_get_acct_info_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sss_domain_info *dom, struct sdap_handle *sh, int entry_type, struct req_input *req_input); int ipa_s2n_get_acct_info_recv(struct tevent_req *req); struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, struct be_acct_req *ar); int ipa_get_subdom_acct_recv(struct tevent_req *req, int *dp_error_out); struct tevent_req *ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct ipa_id_ctx *ipa_ctx, struct be_req *be_req, struct be_acct_req *ar); errno_t ipa_get_ad_acct_recv(struct tevent_req *req, int *dp_error_out); #endif sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hbac_rules.h0000644000000000000000000000007412320753107022241 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.589874999 sssd-1.11.5/src/providers/ipa/ipa_hbac_rules.h0000664002412700241270000000264712320753107022474 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Jan Zeleny Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef IPA_HBAC_RULES_H_ #define IPA_HBAC_RULES_H_ /* From ipa_hbac_rules.c */ struct tevent_req * ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, bool get_deny_rules, struct tevent_context *ev, struct sdap_handle *sh, struct sdap_options *opts, struct sdap_search_base **search_bases, struct sysdb_attrs *ipa_host); errno_t ipa_hbac_rule_info_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *rule_count, struct sysdb_attrs ***rules); #endif /* IPA_HBAC_RULES_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_config.h0000644000000000000000000000007412320753107021377 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.485875075 sssd-1.11.5/src/providers/ipa/ipa_config.h0000664002412700241270000000346712320753107021633 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- configuration retrieval header Authors: Jan Zeleny Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef IPA_CONFIG_H_ #define IPA_CONFIG_H_ #include #include #include "providers/ldap/ldap_common.h" #include "db/sysdb.h" #define IPA_CONFIG_SELINUX_DEFAULT_USER_CTX "ipaSELinuxUserMapDefault" #define IPA_CONFIG_SELINUX_MAP_ORDER "ipaSELinuxUserMapOrder" #define IPA_CONFIG_MIGRATION_ENABLED "ipaMigrationEnabled" #define IPA_CONFIG_SEARCH_BASE_TEMPLATE "cn=etc,%s" #define IPA_CONFIG_FILTER "(&(cn=ipaConfig)(objectClass=ipaGuiConfig))" struct tevent_req * ipa_get_config_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_handle *sh, struct sdap_options *opts, const char *domain, const char **attrs); errno_t ipa_get_config_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct sysdb_attrs **config); #endif /* IPA_CONFIG_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_subdomains_ext_groups.c0000644000000000000000000000007412320753107024550 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.585875002 sssd-1.11.5/src/providers/ipa/ipa_subdomains_ext_groups.c0000664002412700241270000007347212320753107025007 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Identity Backend Module for sub-domains - evaluate external group memberships Authors: Sumit Bose Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_id.h" #include "providers/ad/ad_id.h" #include "providers/ipa/ipa_subdomains.h" #define IPA_EXT_GROUPS_FILTER "objectClass=ipaexternalgroup" struct ipa_ext_groups { time_t next_update; hash_table_t *ext_groups; }; static errno_t process_ext_groups(TALLOC_CTX *mem_ctx, size_t reply_count, struct sysdb_attrs **reply, hash_table_t **_ext_group_hash) { int ret; hash_table_t *ext_group_hash = NULL; hash_key_t key; hash_value_t value; hash_table_t *m_hash = NULL; hash_key_t m_key; hash_value_t m_value; size_t g; size_t s; size_t m; TALLOC_CTX *tmp_ctx = NULL; const char **ext_sids; const char **mof; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); ret = ENOMEM; goto done; } ret = sss_hash_create(mem_ctx, reply_count, &ext_group_hash); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("sss_hash_create failed.\n")); goto done; } key.type = HASH_KEY_STRING; m_key.type = HASH_KEY_STRING; m_value.type = HASH_VALUE_PTR; m_value.ptr = NULL; for (g = 0; g < reply_count; g++) { ret = sysdb_attrs_get_string_array(reply[g], "ipaExternalMember", tmp_ctx, &ext_sids); if (ret == ENOENT) { /* no external members, try next external group. */ continue; } if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string_array failed.\n")); goto done; } ret = sysdb_attrs_get_string_array(reply[g], "memberOf", tmp_ctx, &mof); if (ret == ENOENT) { /* no IPA groups, try next external group. */ continue; } if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string_array failed.\n")); goto done; } for (s = 0; ext_sids[s] != NULL; s++) { /* hash_lookup does not modify key.str. */ key.str = discard_const(ext_sids[s]); ret = hash_lookup(ext_group_hash, &key, &value); if (ret == HASH_SUCCESS) { if (value.type != HASH_VALUE_PTR) { DEBUG(SSSDBG_OP_FAILURE, ("Unexpected value type.\n")); ret = EINVAL; goto done; } for (m = 0; mof[m] != NULL; m++) { /* hash_enter does not modify m_key.str. */ m_key.str = discard_const(mof[m]); DEBUG(SSSDBG_TRACE_ALL, ("Adding group [%s] to SID [%s].\n", m_key.str, key.str)); ret = hash_enter(value.ptr, &m_key, &m_value); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("hash_enter failed.\n")); goto done; } } } else if (ret == HASH_ERROR_KEY_NOT_FOUND) { ret = sss_hash_create(ext_group_hash, 5, &m_hash); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("sss_hash_create failed.\n")); goto done; } value.type = HASH_VALUE_PTR; value.ptr = m_hash; DEBUG(SSSDBG_TRACE_ALL, ("Adding SID [%s] to external group hash.\n", key.str)); ret = hash_enter(ext_group_hash, &key, &value); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("hash_enter failed.\n")); goto done; } for (m = 0; mof[m] != NULL; m++) { /* hash_enter does not modify m_key.str. */ m_key.str = discard_const(mof[m]); DEBUG(SSSDBG_TRACE_ALL, ("Adding group [%s] to SID [%s].\n", m_key.str, key.str)); ret = hash_enter(m_hash, &m_key, &m_value); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("hash_enter failed.\n")); goto done; } } } else { DEBUG(SSSDBG_OP_FAILURE, ("hash_lookup failed.\n")); goto done; } } } ret = EOK; done: if (ret != EOK) { talloc_free(ext_group_hash); } else { *_ext_group_hash = ext_group_hash; } talloc_free(tmp_ctx); return ret; } static errno_t find_ipa_ext_memberships(TALLOC_CTX *mem_ctx, const char *user_name, struct sss_domain_info *user_dom, hash_table_t *ext_group_hash, struct ldb_dn **_user_dn, char ***_groups) { int ret; TALLOC_CTX *tmp_ctx = NULL; struct ldb_result *result; char **groups = NULL; size_t c; const char *sid; hash_key_t key; hash_value_t value; hash_entry_t *entry; struct hash_iter_context_t *iter; hash_table_t *group_hash; size_t g_count; struct ldb_dn *user_dn = NULL; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } ret = sysdb_initgroups(tmp_ctx, user_dom->sysdb, user_dom, user_name, &result); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_initgroups failed.\n")); goto done; } if (result->count == 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("User [%s] not found in cache.\n", user_name)); ret = EOK; goto done; } ret = sss_hash_create(tmp_ctx, 10, &group_hash); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("sss_hash_create failed.\n")); goto done; } key.type = HASH_KEY_STRING; /* The IPA external domains can have references to group and user SIDs. * This means that we not only want to look up the group SIDs but the SID * of the user (first element of result) as well. */ for (c = 0; c < result->count; c++) { sid = ldb_msg_find_attr_as_string(result->msgs[c], SYSDB_SID_STR, NULL); if (sid == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Group [%s] does not have a SID.\n", ldb_dn_get_linearized(result->msgs[c]->dn))); continue; } key.str = discard_const(sid); ret = hash_lookup(ext_group_hash, &key, &value); if (ret == HASH_ERROR_KEY_NOT_FOUND) { DEBUG(SSSDBG_TRACE_ALL, ("SID [%s] not found in ext group hash.\n", sid)); } else if (ret == HASH_SUCCESS) { iter = new_hash_iter_context(value.ptr); if (iter == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("new_hash_iter_context failed.\n")); ret = EINVAL; goto done; } while ((entry = iter->next(iter)) != NULL) { ret = hash_enter(group_hash, &entry->key, &entry->value); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to add group [%s].\n", entry->key.str)); } } talloc_free(iter); } else { DEBUG(SSSDBG_OP_FAILURE, ("hash_lookup failed for SID [%s].\n", sid)); } } g_count = hash_count(group_hash); if (g_count == 0) { DEBUG(SSSDBG_TRACE_FUNC, ("No external groupmemberships found.\n")); ret = EOK; goto done; } groups = talloc_zero_array(mem_ctx, char *, g_count + 1); if (groups == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n")); ret = ENOMEM; goto done; } iter = new_hash_iter_context(group_hash); if (iter == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("new_hash_iter_context failed.\n")); ret = EINVAL; goto done; } c = 0; while ((entry = iter->next(iter)) != NULL) { groups[c] = talloc_strdup(groups, entry->key.str); if (groups[c] == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } c++; } user_dn = ldb_dn_copy(mem_ctx, result->msgs[0]->dn); if (user_dn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ldb_dn_copy failed.\n")); ret = ENOMEM; goto done; } ret = EOK; done: *_user_dn = user_dn; *_groups = groups; talloc_free(tmp_ctx); return ret; } static errno_t add_ad_user_to_cached_groups(struct ldb_dn *user_dn, struct sss_domain_info *user_dom, struct sss_domain_info *group_dom, char **groups, bool *missing_groups) { size_t c; struct sysdb_attrs *user_attrs; size_t msgs_count; struct ldb_message **msgs; char *subfilter; TALLOC_CTX *tmp_ctx; int ret; *missing_groups = false; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } for (c = 0; groups[c] != NULL; c++) { if (groups[c][0] == '\0') { continue; } subfilter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, groups[c]); if (subfilter == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } ret = sysdb_search_groups(tmp_ctx, group_dom->sysdb, group_dom, subfilter, NULL, &msgs_count, &msgs); if (ret != EOK) { if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_ALL, ("Group [%s] not in the cache.\n", groups[c])); *missing_groups = true; continue; } else { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_entry failed.\n")); goto done; } } /* TODO? Do we have to remove members as well? I think not because the AD * query before removes all memberships. */ ret = sysdb_mod_group_member(group_dom->sysdb, user_dn, msgs[0]->dn, LDB_FLAG_MOD_ADD); if (ret != EOK && ret != EEXIST) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_mod_group_member failed.\n")); goto done; } user_attrs = sysdb_new_attrs(tmp_ctx); if (user_attrs == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n")); ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_MEMBEROF, groups[c]); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); goto done; } ret = sysdb_set_entry_attr(user_dom->sysdb, user_dn, user_attrs, LDB_FLAG_MOD_ADD); if (ret != EOK && ret != EEXIST) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_set_entry_attr failed.\n")); goto done; } /* mark group as already processed */ groups[c][0] = '\0'; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } static struct tevent_req *ipa_add_ad_memberships_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *sdap_id_ctx, struct ldb_dn *user_dn, struct sss_domain_info *user_dom, char **groups, struct sss_domain_info *group_dom); static void ipa_add_ad_memberships_done(struct tevent_req *subreq); struct get_ad_membership_state { struct tevent_context *ev; struct ipa_server_mode_ctx *server_mode; struct sdap_id_op *sdap_op; struct sdap_id_ctx *sdap_id_ctx; struct fo_server *srv; char *user_name; struct sss_domain_info *user_dom; int dp_error; const char *domain; size_t reply_count; struct sysdb_attrs **reply; }; static void ipa_get_ad_memberships_connect_done(struct tevent_req *subreq); static void ipa_get_ext_groups_done(struct tevent_req *subreq); static errno_t ipa_add_ext_groups_step(struct tevent_req *req); static errno_t ipa_add_ad_memberships_recv(struct tevent_req *req, int *dp_error_out); struct tevent_req *ipa_get_ad_memberships_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_acct_req *ar, struct ipa_server_mode_ctx *server_mode, struct sss_domain_info *user_dom, struct sdap_id_ctx *sdap_id_ctx, const char *domain) { int ret; struct tevent_req *req; struct tevent_req *subreq; struct get_ad_membership_state *state; req = tevent_req_create(mem_ctx, &state, struct get_ad_membership_state); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("tevent_req_create failed.\n")); return NULL; } state->ev = ev; state->user_dom = user_dom; state->sdap_id_ctx = sdap_id_ctx; state->srv = NULL; state->domain = domain; state->dp_error = -1; if ((ar->entry_type & BE_REQ_TYPE_MASK) != BE_REQ_INITGROUPS || ar->filter_type != BE_FILTER_NAME) { DEBUG(SSSDBG_OP_FAILURE, ("Unsupported request type.\n")); ret = EINVAL; goto done; } state->user_name = talloc_strdup(state, ar->filter_value); if (state->user_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_Strdup failed.\n")); ret = ENOMEM; goto done; } state->sdap_op = sdap_id_op_create(state, state->sdap_id_ctx->conn->conn_cache); if (state->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto done; } state->server_mode = server_mode; if (server_mode->ext_groups == NULL) { server_mode->ext_groups = talloc_zero(server_mode, struct ipa_ext_groups); if (server_mode->ext_groups == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero failed.\n")); ret = ENOMEM; goto done; } } if (server_mode->ext_groups->next_update > time(NULL)) { DEBUG(SSSDBG_TRACE_FUNC, ("External group information still valid.\n")); ret = ipa_add_ext_groups_step(req); if (ret == EOK) { goto done; } else if (ret == EAGAIN) { return req; } else { DEBUG(SSSDBG_OP_FAILURE, ("ipa_add_ext_groups_step failed.\n")); goto done; } } subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret))); goto done; } tevent_req_set_callback(subreq, ipa_get_ad_memberships_connect_done, req); return req; done: if (ret != EOK) { state->dp_error = DP_ERR_FATAL; tevent_req_error(req, ret); } else { state->dp_error = DP_ERR_OK; tevent_req_done(req); } tevent_req_post(req, state->ev); return req; } static void ipa_get_ad_memberships_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct get_ad_membership_state *state = tevent_req_data(req, struct get_ad_membership_state); int ret; char *basedn; ret = sdap_id_op_connect_recv(subreq, &state->dp_error); talloc_zfree(subreq); if (ret != EOK) { if (state->dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_MINOR_FAILURE, ("No IPA server is available, going offline\n")); } else { DEBUG(SSSDBG_OP_FAILURE, ("Failed to connect to IPA server: [%d](%s)\n", ret, strerror(ret))); } goto fail; } ret = domain_to_basedn(state, state->domain, &basedn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("domain_to_basedn failed.\n")); goto fail; } subreq = sdap_get_generic_send(state, state->ev, state->sdap_id_ctx->opts, sdap_id_op_handle(state->sdap_op), basedn, LDAP_SCOPE_SUBTREE, IPA_EXT_GROUPS_FILTER, NULL, NULL, 0, dp_opt_get_int(state->sdap_id_ctx->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), false); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n")); ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, ipa_get_ext_groups_done, req); return; fail: tevent_req_error(req, ret); return; } static void ipa_get_ext_groups_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct get_ad_membership_state *state = tevent_req_data(req, struct get_ad_membership_state); int ret; hash_table_t *ext_group_hash; ret = sdap_get_generic_recv(subreq, state, &state->reply_count, &state->reply); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ipa_get_ext_groups request failed.\n")); tevent_req_error(req, ret); return; } DEBUG(SSSDBG_TRACE_FUNC, ("[%zu] external groups found.\n", state->reply_count)); ret = process_ext_groups(state->server_mode->ext_groups, state->reply_count, state->reply, &ext_group_hash); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("process_ext_groups failed.\n")); goto fail; } state->server_mode->ext_groups->ext_groups = ext_group_hash; /* Do we have to make the update timeout configurable? */ state->server_mode->ext_groups->next_update = time(NULL) + 10; ret = ipa_add_ext_groups_step(req); if (ret == EOK) { tevent_req_done(req); return; } else if (ret == EAGAIN) { return; } else { DEBUG(SSSDBG_OP_FAILURE, ("ipa_add_ext_groups_step failed.\n")); goto fail; } fail: tevent_req_error(req, ret); return; } static errno_t ipa_add_ext_groups_step(struct tevent_req *req) { struct get_ad_membership_state *state = tevent_req_data(req, struct get_ad_membership_state); struct ldb_dn *user_dn; int ret; char **groups = NULL; struct tevent_req *subreq; ret = find_ipa_ext_memberships(state, state->user_name, state->user_dom, state->server_mode->ext_groups->ext_groups, &user_dn, &groups); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("find_ipa_ext_memberships failed.\n")); goto fail; } if (groups == NULL) { DEBUG(SSSDBG_TRACE_ALL, ("No external groups memberships found.\n")); state->dp_error = DP_ERR_OK; return EOK; } subreq = ipa_add_ad_memberships_send(state, state->ev, state->sdap_id_ctx, user_dn, state->user_dom, groups, state->sdap_id_ctx->be->domain); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ipa_add_ad_memberships_send failed.\n")); ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, ipa_add_ad_memberships_done, req); return EAGAIN; fail: tevent_req_error(req, ret); return ret; } static void ipa_add_ad_memberships_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct get_ad_membership_state *state = tevent_req_data(req, struct get_ad_membership_state); int ret; ret = ipa_add_ad_memberships_recv(subreq, &state->dp_error); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ipa_add_ad_memberships request failed.\n")); tevent_req_error(req, ret); return; } state->dp_error = DP_ERR_OK; tevent_req_done(req); return; } errno_t ipa_get_ad_memberships_recv(struct tevent_req *req, int *dp_error_out) { struct get_ad_membership_state *state = tevent_req_data(req, struct get_ad_membership_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (dp_error_out) { *dp_error_out = state->dp_error; } return EOK; } struct add_ad_membership_state { struct tevent_context *ev; struct sdap_id_ctx *sdap_id_ctx; struct sdap_id_op *sdap_op; struct ldb_dn *user_dn; struct sss_domain_info *user_dom; struct sss_domain_info *group_dom; char **groups; int dp_error; size_t iter; struct sdap_domain *group_sdom; }; static void ipa_add_ad_memberships_connect_done(struct tevent_req *subreq); static void ipa_add_ad_memberships_get_next(struct tevent_req *req); static void ipa_add_ad_memberships_get_group_done(struct tevent_req *subreq); static struct tevent_req *ipa_add_ad_memberships_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *sdap_id_ctx, struct ldb_dn *user_dn, struct sss_domain_info *user_dom, char **groups, struct sss_domain_info *group_dom) { int ret; struct tevent_req *req; struct tevent_req *subreq; struct add_ad_membership_state *state; bool missing_groups = false; req = tevent_req_create(mem_ctx, &state, struct add_ad_membership_state); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("tevent_req_create failed.\n")); return NULL; } state->ev = ev; state->user_dom = user_dom; state->sdap_id_ctx = sdap_id_ctx; state->user_dn = user_dn; state->group_dom = group_dom; state->groups = groups; state->dp_error = -1; state->iter = 0; state->group_sdom = sdap_domain_get(sdap_id_ctx->opts, group_dom); if (state->group_sdom == NULL) { ret = EIO; goto done; } ret = add_ad_user_to_cached_groups(user_dn, user_dom, group_dom, groups, &missing_groups); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("add_ad_user_to_cached_groups failed.\n")); goto done; } if (!missing_groups) { DEBUG(SSSDBG_TRACE_ALL, ("All groups found in cache.\n")); ret = EOK; goto done; } state->sdap_op = sdap_id_op_create(state, state->sdap_id_ctx->conn->conn_cache); if (state->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto done; } subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret))); goto done; } tevent_req_set_callback(subreq, ipa_add_ad_memberships_connect_done, req); return req; done: if (ret != EOK) { state->dp_error = DP_ERR_FATAL; tevent_req_error(req, ret); } else { state->dp_error = DP_ERR_OK; tevent_req_done(req); } tevent_req_post(req, state->ev); return req; } static void ipa_add_ad_memberships_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct add_ad_membership_state *state = tevent_req_data(req, struct add_ad_membership_state); int ret; ret = sdap_id_op_connect_recv(subreq, &state->dp_error); talloc_zfree(subreq); if (ret != EOK) { if (state->dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_MINOR_FAILURE, ("No IPA server is available, going offline\n")); } else { DEBUG(SSSDBG_OP_FAILURE, ("Failed to connect to IPA server: [%d](%s)\n", ret, strerror(ret))); } tevent_req_error(req, ret); return; } state->iter = 0; ipa_add_ad_memberships_get_next(req); } static void ipa_add_ad_memberships_get_next(struct tevent_req *req) { struct add_ad_membership_state *state = tevent_req_data(req, struct add_ad_membership_state); struct tevent_req *subreq; struct ldb_dn *group_dn; int ret; const struct ldb_val *val; bool missing_groups; while (state->groups[state->iter] != NULL && state->groups[state->iter][0] == '\0') { state->iter++; } if (state->groups[state->iter] == NULL) { ret = add_ad_user_to_cached_groups(state->user_dn, state->user_dom, state->group_dom, state->groups, &missing_groups); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("add_ad_user_to_cached_groups failed.\n")); goto fail; } if (missing_groups) { DEBUG(SSSDBG_CRIT_FAILURE, ("There are unresolved external group " \ "memberships even after all groups have " \ "been looked up on the LDAP server.")); } tevent_req_done(req); return; } group_dn = ldb_dn_new(state, sysdb_ctx_get_ldb(state->group_dom->sysdb), state->groups[state->iter]); if (group_dn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ldb_dn_new failed.\n")); ret = ENOMEM; goto fail; } val = ldb_dn_get_component_val(group_dn, 0); /* TODO: here is would be useful for have a filter type like BE_FILTER_DN to * directly fetch the group with the corresponding DN. */ subreq = groups_get_send(state, state->ev, state->sdap_id_ctx, state->group_sdom, state->sdap_id_ctx->conn, (const char *) val->data, BE_FILTER_NAME, BE_ATTR_CORE, false); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("groups_get_send failed.\n")); ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, ipa_add_ad_memberships_get_group_done, req); return; fail: tevent_req_error(req, ret); } static void ipa_add_ad_memberships_get_group_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct add_ad_membership_state *state = tevent_req_data(req, struct add_ad_membership_state); int ret; ret = groups_get_recv(subreq, &state->dp_error, NULL); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to read group [%s] from LDAP [%d](%s)\n", state->groups[state->iter], ret, strerror(ret))); tevent_req_error(req, ret); return; } state->iter++; ipa_add_ad_memberships_get_next(req); } static errno_t ipa_add_ad_memberships_recv(struct tevent_req *req, int *dp_error_out) { struct add_ad_membership_state *state = tevent_req_data(req, struct add_ad_membership_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (dp_error_out) { *dp_error_out = state->dp_error; } return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hbac_rules.c0000644000000000000000000000007412320753107022234 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.589874999 sssd-1.11.5/src/providers/ipa/ipa_hbac_rules.c0000664002412700241270000002347712320753107022473 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "providers/ipa/ipa_hbac_private.h" #include "providers/ipa/ipa_hbac_rules.h" #include "providers/ldap/sdap_async.h" struct ipa_hbac_rule_state { struct tevent_context *ev; struct sdap_handle *sh; struct sdap_options *opts; int search_base_iter; struct sdap_search_base **search_bases; const char **attrs; char *rules_filter; char *cur_filter; size_t rule_count; struct sysdb_attrs **rules; }; static errno_t ipa_hbac_rule_info_next(struct tevent_req *req, struct ipa_hbac_rule_state *state); static void ipa_hbac_rule_info_done(struct tevent_req *subreq); struct tevent_req * ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, bool get_deny_rules, struct tevent_context *ev, struct sdap_handle *sh, struct sdap_options *opts, struct sdap_search_base **search_bases, struct sysdb_attrs *ipa_host) { errno_t ret; size_t i; struct tevent_req *req = NULL; struct ipa_hbac_rule_state *state; TALLOC_CTX *tmp_ctx; const char *host_dn; char *host_dn_clean; char *host_group_clean; char *rule_filter; const char **memberof_list; if (ipa_host == NULL) { DEBUG(1, ("Missing host\n")); return NULL; } tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return NULL; ret = sysdb_attrs_get_string(ipa_host, SYSDB_ORIG_DN, &host_dn); if (ret != EOK) { DEBUG(1, ("Could not identify IPA hostname\n")); goto error; } ret = sss_filter_sanitize(tmp_ctx, host_dn, &host_dn_clean); if (ret != EOK) goto error; req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_rule_state); if (req == NULL) { DEBUG(1, ("tevent_req_create failed.\n")); return NULL; } state->ev = ev; state->sh = sh; state->opts = opts; state->search_bases = search_bases; state->search_base_iter = 0; state->attrs = talloc_zero_array(state, const char *, 15); if (state->attrs == NULL) { ret = ENOMEM; goto immediate; } state->attrs[0] = OBJECTCLASS; state->attrs[1] = IPA_CN; state->attrs[2] = IPA_UNIQUE_ID; state->attrs[3] = IPA_ENABLED_FLAG; state->attrs[4] = IPA_ACCESS_RULE_TYPE; state->attrs[5] = IPA_MEMBER_USER; state->attrs[6] = IPA_USER_CATEGORY; state->attrs[7] = IPA_MEMBER_SERVICE; state->attrs[8] = IPA_SERVICE_CATEGORY; state->attrs[9] = IPA_SOURCE_HOST; state->attrs[10] = IPA_SOURCE_HOST_CATEGORY; state->attrs[11] = IPA_EXTERNAL_HOST; state->attrs[12] = IPA_MEMBER_HOST; state->attrs[13] = IPA_HOST_CATEGORY; state->attrs[14] = NULL; if (get_deny_rules) { rule_filter = talloc_asprintf(tmp_ctx, "(&(objectclass=%s)" "(%s=%s)(|(%s=%s)(%s=%s)", IPA_HBAC_RULE, IPA_ENABLED_FLAG, IPA_TRUE_VALUE, IPA_HOST_CATEGORY, "all", IPA_MEMBER_HOST, host_dn_clean); } else { rule_filter = talloc_asprintf(tmp_ctx, "(&(objectclass=%s)" "(%s=%s)(%s=%s)" "(|(%s=%s)(%s=%s)", IPA_HBAC_RULE, IPA_ENABLED_FLAG, IPA_TRUE_VALUE, IPA_ACCESS_RULE_TYPE, IPA_HBAC_ALLOW, IPA_HOST_CATEGORY, "all", IPA_MEMBER_HOST, host_dn_clean); } if (rule_filter == NULL) { ret = ENOMEM; goto immediate; } /* Add all parent groups of ipa_hostname to the filter */ ret = sysdb_attrs_get_string_array(ipa_host, SYSDB_ORIG_MEMBEROF, tmp_ctx, &memberof_list); if (ret != EOK && ret != ENOENT) { DEBUG(1, ("Could not identify ")); } if (ret == ENOENT) { /* This host is not a member of any hostgroups */ memberof_list = talloc_array(tmp_ctx, const char *, 1); if (memberof_list == NULL) { ret = ENOMEM; goto immediate; } memberof_list[0] = NULL; } for (i = 0; memberof_list[i]; i++) { ret = sss_filter_sanitize(tmp_ctx, memberof_list[i], &host_group_clean); if (ret != EOK) goto immediate; rule_filter = talloc_asprintf_append(rule_filter, "(%s=%s)", IPA_MEMBER_HOST, host_group_clean); if (rule_filter == NULL) { ret = ENOMEM; goto immediate; } } rule_filter = talloc_asprintf_append(rule_filter, "))"); if (rule_filter == NULL) { ret = ENOMEM; goto immediate; } state->rules_filter = talloc_steal(state, rule_filter); ret = ipa_hbac_rule_info_next(req, state); if (ret == EOK) { ret = EINVAL; } if (ret != EAGAIN) { goto immediate; } talloc_free(tmp_ctx); return req; immediate: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); talloc_free(tmp_ctx); return req; error: talloc_free(tmp_ctx); return NULL; } static errno_t ipa_hbac_rule_info_next(struct tevent_req *req, struct ipa_hbac_rule_state *state) { struct tevent_req *subreq; struct sdap_search_base *base; base = state->search_bases[state->search_base_iter]; if (base == NULL) { return EOK; } talloc_zfree(state->cur_filter); state->cur_filter = sdap_get_id_specific_filter(state, state->rules_filter, base->filter); if (state->cur_filter == NULL) { return ENOMEM; } DEBUG(SSSDBG_TRACE_FUNC, ("Sending request for next search base: " "[%s][%d][%s]\n", base->basedn, base->scope, state->cur_filter)); subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, base->basedn, base->scope, state->cur_filter, state->attrs, NULL, 0, dp_opt_get_int(state->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), true); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_get_generic_send failed.\n")); return ENOMEM; } tevent_req_set_callback(subreq, ipa_hbac_rule_info_done, req); return EAGAIN; } static void ipa_hbac_rule_info_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_hbac_rule_state *state = tevent_req_data(req, struct ipa_hbac_rule_state); int i; size_t rule_count; size_t total_count; struct sysdb_attrs **rules; struct sysdb_attrs **target; ret = sdap_get_generic_recv(subreq, state, &rule_count, &rules); if (ret != EOK) { DEBUG(3, ("Could not retrieve HBAC rules\n")); goto fail; } if (rule_count > 0) { total_count = rule_count + state->rule_count; state->rules = talloc_realloc(state, state->rules, struct sysdb_attrs *, total_count); if (state->rules == NULL) { ret = ENOMEM; goto fail; } i = 0; while (state->rule_count < total_count) { target = &state->rules[state->rule_count]; *target = talloc_steal(state->rules, rules[i]); state->rule_count++; i++; } } state->search_base_iter++; ret = ipa_hbac_rule_info_next(req, state); if (ret == EAGAIN) { return; } else if (ret != EOK) { goto fail; } else if (ret == EOK && state->rule_count == 0) { DEBUG(3, ("No rules apply to this host\n")); tevent_req_error(req, ENOENT); return; } /* We went through all search bases and we have some results */ tevent_req_done(req); return; fail: tevent_req_error(req, ret); } errno_t ipa_hbac_rule_info_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *rule_count, struct sysdb_attrs ***rules) { struct ipa_hbac_rule_state *state = tevent_req_data(req, struct ipa_hbac_rule_state); TEVENT_REQ_RETURN_ON_ERROR(req); *rule_count = state->rule_count; *rules = talloc_steal(mem_ctx, state->rules); return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_subdomains.h0000644000000000000000000000007312320753107022275 xustar000000000000000030 atime=1396954939.265891431 29 ctime=1396954961.49287507 sssd-1.11.5/src/providers/ipa/ipa_subdomains.h0000664002412700241270000000515412320753107022525 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Subdomains Module Authors: Sumit Bose Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _IPA_SUBDOMAINS_H_ #define _IPA_SUBDOMAINS_H_ #include "providers/dp_backend.h" #include "providers/ipa/ipa_common.h" struct be_ctx *ipa_get_subdomains_be_ctx(struct be_ctx *be_ctx); const char *get_flat_name_from_subdomain_name(struct be_ctx *be_ctx, const char *name); int ipa_subdom_init(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data); /* The following are used in server mode only */ struct ipa_ad_server_ctx { struct sss_domain_info *dom; struct ad_id_ctx *ad_id_ctx; struct ipa_ad_server_ctx *next, *prev; }; /* struct for external group memberships, defined in * ipa_subdomains_ext_groups.c */ struct ipa_ext_groups; struct ipa_server_mode_ctx { const char *realm; const char *hostname; struct ipa_ad_server_ctx *trusts; struct ipa_ext_groups *ext_groups; }; int ipa_ad_subdom_init(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx); enum req_input_type { REQ_INP_NAME, REQ_INP_ID, REQ_INP_SECID }; struct req_input { enum req_input_type type; union { const char *name; uint32_t id; const char *secid; } inp; }; struct tevent_req *ipa_get_ad_memberships_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_acct_req *ar, struct ipa_server_mode_ctx *server_mode, struct sss_domain_info *user_dom, struct sdap_id_ctx *sdap_id_ctx, const char *domain); errno_t ipa_get_ad_memberships_recv(struct tevent_req *req, int *dp_error_out); #endif /* _IPA_SUBDOMAINS_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hostid.c0000644000000000000000000000007412320753107021417 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.599874991 sssd-1.11.5/src/providers/ipa/ipa_hostid.c0000664002412700241270000002155012320753107021644 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "util/crypto/sss_crypto.h" #include "db/sysdb_ssh.h" #include "providers/ldap/ldap_common.h" #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_hostid.h" #include "providers/ipa/ipa_hosts.h" struct hosts_get_state { struct tevent_context *ev; struct ipa_hostid_ctx *ctx; struct sdap_id_op *op; struct sss_domain_info *domain; const char *name; const char *alias; size_t count; struct sysdb_attrs **hosts; int dp_error; }; struct tevent_req * hosts_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct ipa_hostid_ctx *hostid_ctx, const char *name, const char *alias); static errno_t hosts_get_recv(struct tevent_req *req, int *dp_error_out); static void ipa_host_info_hosts_done(struct tevent_req *req); void ipa_host_info_handler(struct be_req *breq) { struct be_ctx *be_ctx = be_req_get_be_ctx(breq); struct ipa_hostid_ctx *hostid_ctx; struct sdap_id_ctx *ctx; struct be_host_req *hr; struct tevent_req *req; int dp_error = DP_ERR_FATAL; errno_t ret = EOK; const char *err = "Unknown Error"; hostid_ctx = talloc_get_type(be_ctx->bet_info[BET_HOSTID].pvt_bet_data, struct ipa_hostid_ctx); ctx = hostid_ctx->sdap_id_ctx; if (be_is_offline(ctx->be)) { dp_error = DP_ERR_OFFLINE; ret = EAGAIN; err = "Offline"; goto done; } hr = talloc_get_type(be_req_get_data(breq), struct be_host_req); if (hr->filter_type != BE_FILTER_NAME) { ret = EINVAL; err = "Invalid filter type"; goto done; } req = hosts_get_send(breq, be_ctx->ev, hostid_ctx, hr->name, hr->alias); if (!req) { ret = ENOMEM; err = "Out of memory"; goto done; } tevent_req_set_callback(req, ipa_host_info_hosts_done, breq); ret = EOK; done: if (ret != EOK) return sdap_handler_done(breq, dp_error, ret, err); } static void ipa_host_info_complete(struct be_req *breq, int dp_error, errno_t ret, const char *default_error_text) { const char* error_text; if (dp_error == DP_ERR_OK) { if (ret == EOK) { error_text = NULL; } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Bug: dp_error is OK on failed request")); dp_error = DP_ERR_FATAL; error_text = default_error_text; } } else if (dp_error == DP_ERR_OFFLINE) { error_text = "Offline"; } else if (dp_error == DP_ERR_FATAL && ret == ENOMEM) { error_text = "Out of memory"; } else { error_text = default_error_text; } sdap_handler_done(breq, dp_error, ret, error_text); } static void ipa_host_info_hosts_done(struct tevent_req *req) { struct be_req *breq = tevent_req_callback_data(req, struct be_req); int ret, dp_error; ret = hosts_get_recv(req, &dp_error); talloc_zfree(req); ipa_host_info_complete(breq, dp_error, ret, "Host lookup failed"); } static errno_t hosts_get_retry(struct tevent_req *req); static void hosts_get_connect_done(struct tevent_req *subreq); static void hosts_get_done(struct tevent_req *subreq); struct tevent_req * hosts_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct ipa_hostid_ctx *hostid_ctx, const char *name, const char *alias) { struct tevent_req *req; struct hosts_get_state *state; struct sdap_id_ctx *ctx; errno_t ret; ctx = hostid_ctx->sdap_id_ctx; req = tevent_req_create(memctx, &state, struct hosts_get_state); if (!req) return NULL; state->ev = ev; state->ctx = hostid_ctx; state->dp_error = DP_ERR_FATAL; state->op = sdap_id_op_create(state, ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto fail; } state->domain = ctx->be->domain; state->name = name; state->alias = alias; ret = hosts_get_retry(req); if (ret != EOK) { goto fail; } return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static errno_t hosts_get_retry(struct tevent_req *req) { struct hosts_get_state *state = tevent_req_data(req, struct hosts_get_state); struct tevent_req *subreq; errno_t ret = EOK; subreq = sdap_id_op_connect_send(state->op, state, &ret); if (!subreq) { return ret; } tevent_req_set_callback(subreq, hosts_get_connect_done, req); return EOK; } static void hosts_get_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct hosts_get_state *state = tevent_req_data(req, struct hosts_get_state); int dp_error = DP_ERR_FATAL; errno_t ret; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (ret != EOK) { state->dp_error = dp_error; tevent_req_error(req, ret); return; } subreq = ipa_host_info_send(state, state->ev, sdap_id_op_handle(state->op), state->ctx->sdap_id_ctx->opts, state->name, state->ctx->ipa_opts->host_map, NULL, state->ctx->host_search_bases); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, hosts_get_done, req); } static void hosts_get_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct hosts_get_state *state = tevent_req_data(req, struct hosts_get_state); int dp_error = DP_ERR_FATAL; errno_t ret; struct sysdb_attrs *attrs; time_t now = time(NULL); ret = ipa_host_info_recv(subreq, state, &state->count, &state->hosts, NULL, NULL); talloc_zfree(subreq); ret = sdap_id_op_done(state->op, ret, &dp_error); if (dp_error == DP_ERR_OK && ret != EOK) { /* retry */ ret = hosts_get_retry(req); if (ret != EOK) { goto done; } return; } if (ret != EOK && ret != ENOENT) { goto done; } if (state->count == 0) { DEBUG(SSSDBG_OP_FAILURE, ("No host with name [%s] found.\n", state->name)); ret = sysdb_delete_ssh_host(state->domain->sysdb, state->domain, state->name); if (ret != EOK && ret != ENOENT) { goto done; } ret = EINVAL; goto done; } if (state->count > 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Found more than one host with name [%s].\n", state->name)); ret = EINVAL; goto done; } attrs = sysdb_new_attrs(state); if (!attrs) { ret = ENOMEM; goto done; } /* we are interested only in the host keys */ ret = sysdb_attrs_copy_values(state->hosts[0], attrs, SYSDB_SSH_PUBKEY); if (ret != EOK) { goto done; } ret = sysdb_store_ssh_host(state->domain->sysdb, state->domain, state->name, state->alias, now, attrs); if (ret != EOK) { goto done; } dp_error = DP_ERR_OK; done: state->dp_error = dp_error; if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } static errno_t hosts_get_recv(struct tevent_req *req, int *dp_error_out) { struct hosts_get_state *state = tevent_req_data(req, struct hosts_get_state); if (dp_error_out) { *dp_error_out = state->dp_error; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hosts.h0000644000000000000000000000007412320753107021272 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.488875073 sssd-1.11.5/src/providers/ipa/ipa_hosts.h0000664002412700241270000000274112320753107021520 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Jan Zeleny Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef IPA_HOSTS_H_ #define IPA_HOSTS_H_ struct tevent_req * ipa_host_info_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_handle *sh, struct sdap_options *opts, const char *hostname, struct sdap_attr_map *host_map, struct sdap_attr_map *hostgroup_map, struct sdap_search_base **search_bases); errno_t ipa_host_info_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *host_count, struct sysdb_attrs ***hosts, size_t *hostgroup_count, struct sysdb_attrs ***hostgroups); #endif /* IPA_HOSTS_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hbac_common.c0000644000000000000000000000007412320753107022372 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.592874996 sssd-1.11.5/src/providers/ipa/ipa_hbac_common.c0000664002412700241270000005737312320753107022633 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/ipa/ipa_hbac_private.h" #include "providers/ipa/ipa_hbac.h" #include "providers/ipa/ipa_common.h" static errno_t ipa_hbac_save_list(struct sss_domain_info *domain, bool delete_subdir, const char *subdir, const char *naming_attribute, size_t count, struct sysdb_attrs **list) { int ret; size_t c; struct ldb_dn *base_dn; const char *object_name; struct ldb_message_element *el; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(1, ("talloc_new failed.\n")); return ENOMEM; } if (delete_subdir) { base_dn = sysdb_custom_subtree_dn(domain->sysdb, tmp_ctx, domain, subdir); if (base_dn == NULL) { ret = ENOMEM; goto done; } ret = sysdb_delete_recursive(domain->sysdb, base_dn, true); if (ret != EOK) { DEBUG(1, ("sysdb_delete_recursive failed.\n")); goto done; } } for (c = 0; c < count; c++) { ret = sysdb_attrs_get_el(list[c], naming_attribute, &el); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_get_el failed.\n")); goto done; } if (el->num_values == 0) { DEBUG(1, ("[%s] not found.\n", naming_attribute)); ret = EINVAL; goto done; } object_name = talloc_strndup(tmp_ctx, (const char *)el->values[0].data, el->values[0].length); if (object_name == NULL) { DEBUG(1, ("talloc_strndup failed.\n")); ret = ENOMEM; goto done; } DEBUG(9, ("Object name: [%s].\n", object_name)); ret = sysdb_store_custom(domain->sysdb, domain, object_name, subdir, list[c]); if (ret != EOK) { DEBUG(1, ("sysdb_store_custom failed.\n")); goto done; } } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t ipa_hbac_sysdb_save(struct sss_domain_info *domain, const char *primary_subdir, const char *attr_name, size_t primary_count, struct sysdb_attrs **primary, const char *group_subdir, const char *groupattr_name, size_t group_count, struct sysdb_attrs **groups) { errno_t ret, sret; bool in_transaction = false; if ((primary_count == 0 || primary == NULL) || (group_count > 0 && groups == NULL)) { /* There always has to be at least one * primary entry. */ return EINVAL; } /* Save the entries and groups to the cache */ ret = sysdb_transaction_start(domain->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; }; in_transaction = true; /* First, save the specific entries */ ret = ipa_hbac_save_list(domain, true, primary_subdir, attr_name, primary_count, primary); if (ret != EOK) { DEBUG(1, ("Could not save %s. [%d][%s]\n", primary_subdir, ret, strerror(ret))); goto done; } /* Second, save the groups */ if (group_count > 0) { ret = ipa_hbac_save_list(domain, true, group_subdir, groupattr_name, group_count, groups); if (ret != EOK) { DEBUG(1, ("Could not save %s. [%d][%s]\n", group_subdir, ret, strerror(ret))); goto done; } } ret = sysdb_transaction_commit(domain->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; done: if (in_transaction) { sret = sysdb_transaction_cancel(domain->sysdb); if (sret != EOK) { DEBUG(0, ("Could not cancel sysdb transaction\n")); } } if (ret != EOK) { DEBUG(3, ("Error [%d][%s]\n", ret, strerror(ret))); } return ret; } errno_t replace_attribute_name(const char *old_name, const char *new_name, const size_t count, struct sysdb_attrs **list) { int ret; int i; for (i = 0; i < count; i++) { ret = sysdb_attrs_replace_name(list[i], old_name, new_name); if (ret != EOK) { DEBUG(1, ("sysdb_attrs_replace_name failed.\n")); return ret; } } return EOK; } static errno_t create_empty_grouplist(struct hbac_request_element *el) { el->groups = talloc_array(el, const char *, 1); if (!el->groups) return ENOMEM; el->groups[0] = NULL; return EOK; } /******************************************** * Functions for handling conversion to the * * HBAC evaluator format * ********************************************/ static errno_t hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, struct hbac_ctx *hbac_ctx, size_t index, struct hbac_rule **rule); static errno_t hbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx, struct hbac_ctx *hbac_ctx, struct hbac_eval_req **request); errno_t hbac_ctx_to_rules(TALLOC_CTX *mem_ctx, struct hbac_ctx *hbac_ctx, struct hbac_rule ***rules, struct hbac_eval_req **request) { errno_t ret; struct hbac_rule **new_rules; struct hbac_eval_req *new_request = NULL; size_t i; TALLOC_CTX *tmp_ctx = NULL; if (!rules || !request) return EINVAL; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return ENOMEM; /* First create an array of rules */ new_rules = talloc_array(tmp_ctx, struct hbac_rule *, hbac_ctx->rule_count + 1); if (new_rules == NULL) { ret = ENOMEM; goto done; } /* Create each rule one at a time */ for (i = 0; i < hbac_ctx->rule_count ; i++) { ret = hbac_attrs_to_rule(new_rules, hbac_ctx, i, &(new_rules[i])); if (ret == EPERM) { goto done; } else if (ret != EOK) { DEBUG(1, ("Could not construct rules\n")); goto done; } } new_rules[i] = NULL; /* Create the eval request */ ret = hbac_ctx_to_eval_request(tmp_ctx, hbac_ctx, &new_request); if (ret != EOK) { DEBUG(1, ("Could not construct eval request\n")); goto done; } *rules = talloc_steal(mem_ctx, new_rules); *request = talloc_steal(mem_ctx, new_request); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static errno_t hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, struct hbac_ctx *hbac_ctx, size_t idx, struct hbac_rule **rule) { struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); errno_t ret; struct hbac_rule *new_rule; struct ldb_message_element *el; const char *rule_type; new_rule = talloc_zero(mem_ctx, struct hbac_rule); if (new_rule == NULL) return ENOMEM; ret = sysdb_attrs_get_el(hbac_ctx->rules[idx], IPA_CN, &el); if (ret != EOK || el->num_values == 0) { DEBUG(4, ("rule has no name, assuming '(none)'.\n")); new_rule->name = talloc_strdup(new_rule, "(none)"); } else { new_rule->name = talloc_strndup(new_rule, (const char*) el->values[0].data, el->values[0].length); } DEBUG(7, ("Processing rule [%s]\n", new_rule->name)); ret = sysdb_attrs_get_bool(hbac_ctx->rules[idx], IPA_ENABLED_FLAG, &new_rule->enabled); if (ret != EOK) goto done; if (!new_rule->enabled) { ret = EOK; goto done; } ret = sysdb_attrs_get_string(hbac_ctx->rules[idx], IPA_ACCESS_RULE_TYPE, &rule_type); if (ret != EOK) goto done; if (strcasecmp(rule_type, IPA_HBAC_ALLOW) != 0) { DEBUG(7, ("Rule [%s] is not an ALLOW rule\n", new_rule->name)); ret = EPERM; goto done; } /* Get the users */ ret = hbac_user_attrs_to_rule(new_rule, be_ctx->domain, new_rule->name, hbac_ctx->rules[idx], &new_rule->users); if (ret != EOK) { DEBUG(1, ("Could not parse users for rule [%s]\n", new_rule->name)); goto done; } /* Get the services */ ret = hbac_service_attrs_to_rule(new_rule, be_ctx->domain, new_rule->name, hbac_ctx->rules[idx], &new_rule->services); if (ret != EOK) { DEBUG(1, ("Could not parse services for rule [%s]\n", new_rule->name)); goto done; } /* Get the target hosts */ ret = hbac_thost_attrs_to_rule(new_rule, be_ctx->domain, new_rule->name, hbac_ctx->rules[idx], &new_rule->targethosts); if (ret != EOK) { DEBUG(1, ("Could not parse target hosts for rule [%s]\n", new_rule->name)); goto done; } /* Get the source hosts */ ret = hbac_shost_attrs_to_rule(new_rule, be_ctx->domain, new_rule->name, hbac_ctx->rules[idx], dp_opt_get_bool(hbac_ctx->ipa_options, IPA_HBAC_SUPPORT_SRCHOST), &new_rule->srchosts); if (ret != EOK) { DEBUG(1, ("Could not parse source hosts for rule [%s]\n", new_rule->name)); goto done; } *rule = new_rule; ret = EOK; done: if (ret != EOK) talloc_free(new_rule); return ret; } errno_t hbac_get_category(struct sysdb_attrs *attrs, const char *category_attr, uint32_t *_categories) { errno_t ret; size_t i; uint32_t cats = HBAC_CATEGORY_NULL; const char **categories; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) return ENOMEM; ret = sysdb_attrs_get_string_array(attrs, category_attr, tmp_ctx, &categories); if (ret != EOK && ret != ENOENT) goto done; if (ret != ENOENT) { for (i = 0; categories[i]; i++) { if (strcasecmp("all", categories[i]) == 0) { DEBUG(5, ("Category is set to 'all'.\n")); cats |= HBAC_CATEGORY_ALL; continue; } DEBUG(9, ("Unsupported user category [%s].\n", categories[i])); } } *_categories = cats; ret = EOK; done: talloc_free(tmp_ctx); return ret; } static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *username, struct hbac_request_element **user_element); static errno_t hbac_eval_service_element(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *servicename, struct hbac_request_element **svc_element); static errno_t hbac_eval_host_element(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *hostname, struct hbac_request_element **host_element); static errno_t hbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx, struct hbac_ctx *hbac_ctx, struct hbac_eval_req **request) { errno_t ret; struct pam_data *pd = hbac_ctx->pd; TALLOC_CTX *tmp_ctx; struct hbac_eval_req *eval_req; struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); struct sss_domain_info *domain = be_ctx->domain; const char *rhost; const char *thost; struct sss_domain_info *user_dom; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return ENOMEM; eval_req = talloc_zero(tmp_ctx, struct hbac_eval_req); if (eval_req == NULL) { ret = ENOMEM; goto done; } eval_req->request_time = time(NULL); /* Get user the user name and groups, * take care of subdomain users as well */ if (strcasecmp(pd->domain, domain->name) != 0) { user_dom = find_subdomain_by_name(domain, pd->domain, true); if (user_dom == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("find_subdomain_by_name failed.\n")); ret = ENOMEM; goto done; } ret = hbac_eval_user_element(eval_req, user_dom->sysdb, user_dom, pd->user, &eval_req->user); } else { ret = hbac_eval_user_element(eval_req, domain->sysdb, domain, pd->user, &eval_req->user); } if (ret != EOK) goto done; /* Get the PAM service and service groups */ ret = hbac_eval_service_element(eval_req, domain->sysdb, domain, pd->service, &eval_req->service); if (ret != EOK) goto done; /* Get the source host */ if (pd->rhost == NULL || pd->rhost[0] == '\0') { /* If we haven't been passed an rhost, * the rhost is unknown. This will fail * to match any rule requiring the * source host. */ rhost = NULL; } else { rhost = pd->rhost; } ret = hbac_eval_host_element(eval_req, domain->sysdb, domain, rhost, &eval_req->srchost); if (ret != EOK) goto done; /* The target host is always the current machine */ thost = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME); if (thost == NULL) { DEBUG(1, ("Missing ipa_hostname, this should never happen.\n")); ret = EINVAL; goto done; } ret = hbac_eval_host_element(eval_req, domain->sysdb, domain, thost, &eval_req->targethost); if (ret != EOK) goto done; *request = talloc_steal(mem_ctx, eval_req); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *username, struct hbac_request_element **user_element) { errno_t ret; unsigned int i; unsigned int num_groups = 0; TALLOC_CTX *tmp_ctx; const char *member_dn; struct hbac_request_element *users; struct ldb_message *msg; struct ldb_message_element *el; const char *attrs[] = { SYSDB_ORIG_MEMBEROF, NULL }; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return ENOMEM; users = talloc_zero(tmp_ctx, struct hbac_request_element); if (users == NULL) { ret = ENOMEM; goto done; } users->name = username; /* Read the originalMemberOf attribute * This will give us the list of both POSIX and * non-POSIX groups that this user belongs to. */ ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, users->name, attrs, &msg); if (ret != EOK) { DEBUG(1, ("Could not determine user memberships for [%s]\n", users->name)); goto done; } el = ldb_msg_find_element(msg, SYSDB_ORIG_MEMBEROF); if (el == NULL || el->num_values == 0) { DEBUG(7, ("No groups for [%s]\n", users->name)); ret = create_empty_grouplist(users); goto done; } DEBUG(7, ("[%d] groups for [%s]\n", el->num_values, users->name)); users->groups = talloc_array(users, const char *, el->num_values + 1); if (users->groups == NULL) { ret = ENOMEM; goto done; } for (i = 0; i < el->num_values; i++) { member_dn = (const char *)el->values[i].data; ret = get_ipa_groupname(users->groups, sysdb, member_dn, &users->groups[num_groups]); if (ret != EOK && ret != ENOENT) { DEBUG(3, ("Parse error on [%s]\n", member_dn)); goto done; } else if (ret == EOK) { DEBUG(7, ("Added group [%s] for user [%s]\n", users->groups[num_groups], users->name)); num_groups++; continue; } /* Skip entries that are not groups */ DEBUG(8, ("Skipping non-group memberOf [%s]\n", member_dn)); } users->groups[num_groups] = NULL; if (num_groups < el->num_values) { /* Shrink the array memory */ users->groups = talloc_realloc(users, users->groups, const char *, num_groups+1); if (users->groups == NULL) { ret = ENOMEM; goto done; } } ret = EOK; done: if (ret == EOK) { *user_element = talloc_steal(mem_ctx, users); } talloc_free(tmp_ctx); return ret; } static errno_t hbac_eval_service_element(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *servicename, struct hbac_request_element **svc_element) { errno_t ret; size_t i, j, count; TALLOC_CTX *tmp_ctx; struct hbac_request_element *svc; struct ldb_message **msgs; struct ldb_message_element *el; struct ldb_dn *svc_dn; const char *memberof_attrs[] = { SYSDB_ORIG_MEMBEROF, NULL }; char *name; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return ENOMEM; svc = talloc_zero(tmp_ctx, struct hbac_request_element); if (svc == NULL) { ret = ENOMEM; goto done; } svc->name = servicename; svc_dn = sysdb_custom_dn(sysdb, tmp_ctx, domain, svc->name, HBAC_SERVICES_SUBDIR); if (svc_dn == NULL) { ret = ENOMEM; goto done; } /* Look up the service to get its originalMemberOf entries */ ret = sysdb_search_entry(tmp_ctx, sysdb, svc_dn, LDB_SCOPE_BASE, NULL, memberof_attrs, &count, &msgs); if (ret == ENOENT || count == 0) { /* We won't be able to identify any groups * This rule will only match the name or * a service category of ALL */ ret = create_empty_grouplist(svc); goto done; } else if (ret != EOK) { goto done; } else if (count > 1) { DEBUG(1, ("More than one result for a BASE search!\n")); ret = EIO; goto done; } el = ldb_msg_find_element(msgs[0], SYSDB_ORIG_MEMBEROF); if (!el) { /* Service is not a member of any groups * This rule will only match the name or * a service category of ALL */ ret = create_empty_grouplist(svc); goto done; } svc->groups = talloc_array(svc, const char *, el->num_values + 1); if (svc->groups == NULL) { ret = ENOMEM; goto done; } for (i = j = 0; i < el->num_values; i++) { ret = get_ipa_servicegroupname(tmp_ctx, sysdb, (const char *)el->values[i].data, &name); if (ret != EOK && ret != ENOENT) goto done; /* ENOENT means we had a memberOf entry that wasn't a * service group. We'll just ignore those (could be * HBAC rules) */ if (ret == EOK) { svc->groups[j] = talloc_steal(svc->groups, name); j++; } } svc->groups[j] = NULL; ret = EOK; done: if (ret == EOK) { *svc_element = talloc_steal(mem_ctx, svc); } talloc_free(tmp_ctx); return ret; } static errno_t hbac_eval_host_element(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *hostname, struct hbac_request_element **host_element) { errno_t ret; size_t i, j, count; TALLOC_CTX *tmp_ctx; struct hbac_request_element *host; struct ldb_message **msgs; struct ldb_message_element *el; struct ldb_dn *host_dn; const char *memberof_attrs[] = { SYSDB_ORIG_MEMBEROF, NULL }; char *name; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return ENOMEM; host = talloc_zero(tmp_ctx, struct hbac_request_element); if (host == NULL) { ret = ENOMEM; goto done; } host->name = hostname; if (host->name == NULL) { /* We don't know the host (probably an rhost) * So we can't determine it's groups either. */ ret = create_empty_grouplist(host); goto done; } host_dn = sysdb_custom_dn(sysdb, tmp_ctx, domain, host->name, HBAC_HOSTS_SUBDIR); if (host_dn == NULL) { ret = ENOMEM; goto done; } /* Look up the host to get its originalMemberOf entries */ ret = sysdb_search_entry(tmp_ctx, sysdb, host_dn, LDB_SCOPE_BASE, NULL, memberof_attrs, &count, &msgs); if (ret == ENOENT || count == 0) { /* We won't be able to identify any groups * This rule will only match the name or * a host category of ALL */ ret = create_empty_grouplist(host); goto done; } else if (ret != EOK) { goto done; } else if (count > 1) { DEBUG(1, ("More than one result for a BASE search!\n")); ret = EIO; goto done; } el = ldb_msg_find_element(msgs[0], SYSDB_ORIG_MEMBEROF); if (!el) { /* Host is not a member of any groups * This rule will only match the name or * a host category of ALL */ ret = create_empty_grouplist(host); goto done; } host->groups = talloc_array(host, const char *, el->num_values + 1); if (host->groups == NULL) { ret = ENOMEM; goto done; } for (i = j = 0; i < el->num_values; i++) { ret = get_ipa_hostgroupname(tmp_ctx, sysdb, (const char *)el->values[i].data, &name); if (ret != EOK && ret != ENOENT) goto done; /* ENOENT means we had a memberOf entry that wasn't a * host group. We'll just ignore those (could be * HBAC rules) */ if (ret == EOK) { host->groups[j] = talloc_steal(host->groups, name); j++; } } host->groups[j] = NULL; ret = EOK; done: if (ret == EOK) { *host_element = talloc_steal(mem_ctx, host); } talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_selinux.h0000644000000000000000000000007412320753107021621 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.487875074 sssd-1.11.5/src/providers/ipa/ipa_selinux.h0000664002412700241270000000256112320753107022047 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- selinux loading Authors: Jan Zeleny Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _IPA_SELINUX_H_ #define _IPA_SELINUX_H_ #include "providers/ldap/ldap_common.h" #ifdef HAVE_SELINUX_LOGIN_DIR #define ALL_SERVICES "*" #define selogin_path(mem_ctx, username) \ talloc_asprintf(mem_ctx, "%s/logins/%s", selinux_policy_root(), username) #endif /* HAVE_SELINUX_LOGIN_DIR */ struct ipa_selinux_ctx { struct ipa_id_ctx *id_ctx; time_t last_update; struct sdap_search_base **selinux_search_bases; struct sdap_search_base **host_search_bases; struct sdap_search_base **hbac_search_bases; }; void ipa_selinux_handler(struct be_req *be_req); #endif sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_selinux.c0000644000000000000000000000007412320753107021614 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.593874996 sssd-1.11.5/src/providers/ipa/ipa_selinux.c0000664002412700241270000012561212320753107022045 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- selinux loading Authors: Jan Zeleny Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "db/sysdb_selinux.h" #include "util/sss_selinux.h" #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_config.h" #include "providers/ipa/ipa_selinux.h" #include "providers/ipa/ipa_hosts.h" #include "providers/ipa/ipa_hbac_rules.h" #include "providers/ipa/ipa_hbac_private.h" #include "providers/ipa/ipa_access.h" #include "providers/ipa/ipa_selinux_common.h" #include "providers/ipa/ipa_selinux_maps.h" #include "providers/ipa/ipa_subdomains.h" #if defined HAVE_SELINUX && defined HAVE_SELINUX_LOGIN_DIR #include static struct tevent_req * ipa_get_selinux_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct sysdb_attrs *user, struct sysdb_attrs *host, struct ipa_selinux_ctx *selinux_ctx); static errno_t ipa_get_selinux_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *count, struct sysdb_attrs ***maps, size_t *hbac_count, struct sysdb_attrs ***hbac_rules, char **default_user, char **map_order); static struct ipa_selinux_op_ctx * ipa_selinux_create_op_ctx(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *ipa_domain, struct sss_domain_info *user_domain, struct be_req *be_req, const char *username, const char *hostname, struct ipa_selinux_ctx *selinux_ctx); static void ipa_selinux_handler_done(struct tevent_req *subreq); static void ipa_get_selinux_connect_done(struct tevent_req *subreq); static void ipa_get_selinux_hosts_done(struct tevent_req *subreq); static void ipa_get_config_step(struct tevent_req *req); static void ipa_get_selinux_config_done(struct tevent_req *subreq); static void ipa_get_selinux_maps_done(struct tevent_req *subreq); static void ipa_get_selinux_hbac_done(struct tevent_req *subreq); static errno_t ipa_selinux_process_maps(TALLOC_CTX *mem_ctx, struct sysdb_attrs *user, struct sysdb_attrs *host, struct sysdb_attrs **selinux_maps, size_t selinux_map_count, struct sysdb_attrs **hbac_rules, size_t hbac_rule_count, struct sysdb_attrs ***usermaps); struct ipa_selinux_op_ctx { struct be_req *be_req; struct sss_domain_info *user_domain; struct sss_domain_info *ipa_domain; struct ipa_selinux_ctx *selinux_ctx; struct sysdb_attrs *user; struct sysdb_attrs *host; }; void ipa_selinux_handler(struct be_req *be_req) { struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct ipa_selinux_ctx *selinux_ctx; struct ipa_selinux_op_ctx *op_ctx; struct tevent_req *req; struct pam_data *pd; const char *hostname; struct sss_domain_info *user_domain; struct be_ctx *subdom_be_ctx; pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); selinux_ctx = talloc_get_type(be_ctx->bet_info[BET_SELINUX].pvt_bet_data, struct ipa_selinux_ctx); hostname = dp_opt_get_string(selinux_ctx->id_ctx->ipa_options->basic, IPA_HOSTNAME); if (!hostname) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot determine this machine's host name\n")); goto fail; } if (strcasecmp(pd->domain, be_ctx->domain->name) != 0) { subdom_be_ctx = ipa_get_subdomains_be_ctx(be_ctx); if (subdom_be_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Subdomains are not configured, " \ "cannot lookup domain [%s].\n", pd->domain)); goto fail; } else { user_domain = find_subdomain_by_name(subdom_be_ctx->domain, pd->domain, true); if (user_domain == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("No domain entry found " \ "for [%s].\n", pd->domain)); goto fail; } } } else { user_domain = be_ctx->domain; } op_ctx = ipa_selinux_create_op_ctx(be_req, user_domain->sysdb, be_ctx->domain, user_domain, be_req, pd->user, hostname, selinux_ctx); if (op_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot create op context\n")); goto fail; } req = ipa_get_selinux_send(be_req, be_ctx, op_ctx->user, op_ctx->host, selinux_ctx); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initiate the search\n")); goto fail; } tevent_req_set_callback(req, ipa_selinux_handler_done, op_ctx); return; fail: be_req_terminate(be_req, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL); } static struct ipa_selinux_op_ctx * ipa_selinux_create_op_ctx(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *ipa_domain, struct sss_domain_info *user_domain, struct be_req *be_req, const char *username, const char *hostname, struct ipa_selinux_ctx *selinux_ctx) { struct ipa_selinux_op_ctx *op_ctx; struct ldb_dn *host_dn; const char *attrs[] = { SYSDB_ORIG_DN, SYSDB_ORIG_MEMBEROF, NULL }; size_t count; struct ldb_message **msgs; struct sysdb_attrs **hosts; errno_t ret; op_ctx = talloc_zero(mem_ctx, struct ipa_selinux_op_ctx); if (op_ctx == NULL) { return NULL; } op_ctx->be_req = be_req; op_ctx->ipa_domain = ipa_domain; op_ctx->user_domain = user_domain; op_ctx->selinux_ctx = selinux_ctx; ret = sss_selinux_extract_user(op_ctx, sysdb, user_domain, username, &op_ctx->user); if (ret != EOK) { goto fail; } host_dn = sysdb_custom_dn(sysdb, op_ctx, ipa_domain, hostname, HBAC_HOSTS_SUBDIR); if (host_dn == NULL) { goto fail; } /* Look up the host to get its originalMemberOf entries */ ret = sysdb_search_entry(op_ctx, sysdb, host_dn, LDB_SCOPE_BASE, NULL, attrs, &count, &msgs); if (ret == ENOENT || count == 0) { op_ctx->host = NULL; return op_ctx; } else if (ret != EOK) { goto fail; } else if (count > 1) { DEBUG(SSSDBG_OP_FAILURE, ("More than one result for a BASE search!\n")); goto fail; } ret = sysdb_msg2attrs(op_ctx, count, msgs, &hosts); talloc_free(msgs); if (ret != EOK) { goto fail; } op_ctx->host = hosts[0]; return op_ctx; fail: talloc_free(op_ctx); return NULL; } static errno_t create_order_array(TALLOC_CTX *mem_ctx, const char *map_order, char ***_order_array, size_t *_order_count); static errno_t choose_best_seuser(struct sysdb_attrs **usermaps, struct pam_data *pd, struct sss_domain_info *user_domain, char **order_array, int order_count, const char *default_user); static void ipa_selinux_handler_done(struct tevent_req *req) { struct ipa_selinux_op_ctx *op_ctx = tevent_req_callback_data(req, struct ipa_selinux_op_ctx); struct be_req *breq = op_ctx->be_req; struct be_ctx *be_ctx = be_req_get_be_ctx(breq); struct sysdb_ctx *sysdb = op_ctx->ipa_domain->sysdb; errno_t ret, sret; size_t map_count = 0; struct sysdb_attrs **maps = NULL; bool in_transaction = false; char *default_user = NULL; struct pam_data *pd = talloc_get_type(be_req_get_data(breq), struct pam_data); char *map_order = NULL; size_t hbac_count = 0; struct sysdb_attrs **hbac_rules = 0; struct sysdb_attrs **best_match_maps; size_t order_count; char **order_array; ret = ipa_get_selinux_recv(req, breq, &map_count, &maps, &hbac_count, &hbac_rules, &default_user, &map_order); if (ret != EOK) { goto fail; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto fail; } in_transaction = true; ret = sysdb_delete_usermaps(op_ctx->ipa_domain->sysdb, op_ctx->ipa_domain); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot delete existing maps from sysdb\n")); goto fail; } ret = sysdb_store_selinux_config(op_ctx->ipa_domain->sysdb, op_ctx->ipa_domain, default_user, map_order); if (ret != EOK) { goto fail; } if (map_count > 0) { ret = ipa_save_user_maps(sysdb, op_ctx->ipa_domain, map_count, maps); if (ret != EOK) { goto fail; } } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not commit transaction\n")); goto fail; } in_transaction = false; /* Process the maps and return list of best matches (maps with * highest priority). The input maps are also parent memory * context for the output list of best matches. The best match * maps should never be freed explicitly but always through * their parent (or any indirect parent) */ ret = ipa_selinux_process_maps(maps, op_ctx->user, op_ctx->host, maps, map_count, hbac_rules, hbac_count, &best_match_maps); if (ret != EOK) { goto fail; } ret = create_order_array(op_ctx, map_order, &order_array, &order_count); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create ordered SELinux users array.\n")); goto fail; } ret = choose_best_seuser(best_match_maps, pd, op_ctx->user_domain, order_array, order_count, default_user); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to evaluate ordered SELinux users array.\n")); goto fail; } /* If we got here in online mode, set last_update to current time */ if (!be_is_offline(be_ctx)) { op_ctx->selinux_ctx->last_update = time(NULL); } pd->pam_status = PAM_SUCCESS; be_req_terminate(breq, DP_ERR_OK, EOK, "Success"); return; fail: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not cancel transaction\n")); } } if (ret == EAGAIN) { be_req_terminate(breq, DP_ERR_OFFLINE, EAGAIN, "Offline"); } else { be_req_terminate(breq, DP_ERR_FATAL, ret, NULL); } } static errno_t ipa_selinux_process_seealso_maps(struct sysdb_attrs *user, struct sysdb_attrs *host, struct sysdb_attrs **seealso_rules, size_t seealso_rules_count, struct sysdb_attrs **hbac_rules, size_t hbac_rule_count, uint32_t top_priority, struct sysdb_attrs **usermaps, size_t best_match_maps_cnt); static errno_t ipa_selinux_process_maps(TALLOC_CTX *mem_ctx, struct sysdb_attrs *user, struct sysdb_attrs *host, struct sysdb_attrs **selinux_maps, size_t selinux_map_count, struct sysdb_attrs **hbac_rules, size_t hbac_rule_count, struct sysdb_attrs ***_usermaps) { TALLOC_CTX *tmp_ctx; int i; errno_t ret; uint32_t priority = 0; uint32_t top_priority = 0; struct sysdb_attrs **seealso_rules; size_t num_seealso_rules = 0; const char *seealso_str; struct sysdb_attrs **usermaps; size_t best_match_maps_cnt = 0; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } seealso_rules = talloc_zero_array(tmp_ctx, struct sysdb_attrs *, selinux_map_count + 1); if (seealso_rules == NULL) { ret = ENOMEM; goto done; } usermaps = talloc_zero_array(tmp_ctx, struct sysdb_attrs *, selinux_map_count + 1); if (usermaps == NULL) { ret = ENOMEM; goto done; } for (i = 0; i < selinux_map_count; i++) { if (sss_selinux_match(selinux_maps[i], user, host, &priority)) { if (priority < top_priority) { /* This rule has lower priority than what we already have, * skip it. */ continue; } else if (priority > top_priority) { /* This rule has higher priority, drop what we already have */ while (best_match_maps_cnt > 0) { best_match_maps_cnt--; usermaps[best_match_maps_cnt] = NULL; } top_priority = priority; } usermaps[best_match_maps_cnt] = selinux_maps[i]; best_match_maps_cnt++; continue; } /* SELinux map did not matched -> check sealso attribute for * possible HBAC match */ ret = sysdb_attrs_get_string(selinux_maps[i], SYSDB_SELINUX_SEEALSO, &seealso_str); if (ret == ENOENT) { continue; } else if (ret != EOK) { goto done; } seealso_rules[num_seealso_rules] = selinux_maps[i]; num_seealso_rules++; } ret = ipa_selinux_process_seealso_maps(user, host, seealso_rules, num_seealso_rules, hbac_rules, hbac_rule_count, top_priority, usermaps, best_match_maps_cnt); if (ret != EOK) { goto done; } *_usermaps = talloc_steal(mem_ctx, usermaps); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static errno_t ipa_selinux_process_seealso_maps(struct sysdb_attrs *user, struct sysdb_attrs *host, struct sysdb_attrs **seealso_rules, size_t seealso_rules_count, struct sysdb_attrs **hbac_rules, size_t hbac_rule_count, uint32_t top_priority, struct sysdb_attrs **usermaps, size_t best_match_maps_cnt) { int i, j; errno_t ret; struct ldb_message_element *el; struct sysdb_attrs *usermap; const char *seealso_dn; const char *hbac_dn; uint32_t priority; for (i = 0; i < hbac_rule_count; i++) { ret = sysdb_attrs_get_string(hbac_rules[i], SYSDB_ORIG_DN, &hbac_dn); if (ret != EOK) { return ret; } /* We need to do this translation for further processing. We have to * do it manually because no map was used to retrieve HBAC rules. */ ret = sysdb_attrs_get_el(hbac_rules[i], IPA_MEMBER_HOST, &el); if (ret != EOK) return ret; el->name = SYSDB_ORIG_MEMBER_HOST; ret = sysdb_attrs_get_el(hbac_rules[i], IPA_MEMBER_USER, &el); if (ret != EOK) return ret; el->name = SYSDB_ORIG_MEMBER_USER; DEBUG(SSSDBG_TRACE_ALL, ("Matching HBAC rule %s with SELinux mappings\n", hbac_dn)); if (!sss_selinux_match(hbac_rules[i], user, host, &priority)) { DEBUG(SSSDBG_TRACE_ALL, ("Rule did not match\n")); continue; } /* HBAC rule matched, find if it is in the "possible" list */ for (j = 0; j < seealso_rules_count; j++) { usermap = seealso_rules[j]; if (usermap == NULL) { continue; } ret = sysdb_attrs_get_string(usermap, SYSDB_SELINUX_SEEALSO, &seealso_dn); if (ret != EOK) { return ret; } if (strcasecmp(hbac_dn, seealso_dn) == 0) { DEBUG(SSSDBG_TRACE_FUNC, ("HBAC rule [%s] matched, copying its" "attributes to SELinux user map [%s]\n", hbac_dn, seealso_dn)); /* Selinux maps priority evaluation removed --DELETE this comment before pushing*/ if (priority < top_priority) { /* This rule has lower priority than what we already have, * skip it. */ continue; } else if (priority > top_priority) { /* This rule has higher priority, drop what we already have */ while (best_match_maps_cnt > 0) { best_match_maps_cnt--; usermaps[best_match_maps_cnt] = NULL; } top_priority = priority; } usermaps[best_match_maps_cnt] = usermap; best_match_maps_cnt++; ret = sysdb_attrs_copy_values(hbac_rules[i], usermap, SYSDB_ORIG_MEMBER_USER); if (ret != EOK) { return ret; } ret = sysdb_attrs_copy_values(hbac_rules[i], usermap, SYSDB_USER_CATEGORY); if (ret != EOK) { return ret; } /* Speed up the next iteration */ seealso_rules[j] = NULL; } } } return EOK; } static errno_t create_order_array(TALLOC_CTX *mem_ctx, const char *map_order, char ***_order_array, size_t *_order_count) { TALLOC_CTX *tmp_ctx; char *order = NULL; char **order_array; errno_t ret; int i; int len; size_t order_count; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } /* The "order" string contains one or more SELinux user records * separated by $. Now we need to create an array of string from * this one string. First find out how many elements in the array * will be. This way only one alloc will be necessary for the array */ order_count = 1; len = strlen(map_order); for (i = 0; i < len; i++) { if (map_order[i] == '$') order_count++; } order_array = talloc_array(tmp_ctx, char *, order_count); if (order_array == NULL) { ret = ENOMEM; goto done; } order = talloc_strdup(order_array, map_order); if (order == NULL) { ret = ENOMEM; goto done; } /* Now fill the array with pointers to the original string. Also * use binary zeros to make multiple string out of the one. */ order_array[0] = order; order_count = 1; for (i = 0; i < len; i++) { if (order[i] == '$') { order[i] = '\0'; order_array[order_count] = &order[i+1]; order_count++; } } *_order_array = talloc_steal(mem_ctx, order_array); *_order_count = order_count; ret = EOK; done: talloc_free(tmp_ctx); return ret; } static errno_t write_selinux_login_file(const char *orig_name, struct sss_domain_info *dom, char *string); static errno_t remove_selinux_login_file(const char *username); /* Choose best selinux user based on given order and write * the user to selinux login file. */ static errno_t choose_best_seuser(struct sysdb_attrs **usermaps, struct pam_data *pd, struct sss_domain_info *user_domain, char **order_array, int order_count, const char *default_user) { TALLOC_CTX *tmp_ctx; char *file_content = NULL; const char *tmp_str; errno_t ret, err; int i, j; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } /* If no maps match, we'll use the default SELinux user from the * config */ file_content = talloc_strdup(tmp_ctx, default_user); if (file_content == NULL) { ret = ENOMEM; goto done; } /* Iterate through the order array and try to find SELinux users * in fetched maps. The order array contains all SELinux users * allowed in the domain in the same order they should appear * in the SELinux config file. If any user from the order array * is not in fetched user maps, it means it should not be allowed * for the user who is just logging in. * * Right now we have empty content of the SELinux config file, * we shall add only those SELinux users that are present both in * the order array and user maps applicable to the user who is * logging in. */ for (i = 0; i < order_count; i++) { for (j = 0; usermaps[j] != NULL; j++) { tmp_str = sss_selinux_map_get_seuser(usermaps[j]); if (tmp_str && !strcasecmp(tmp_str, order_array[i])) { /* If file_content contained something, overwrite it. * This record has higher priority. */ talloc_zfree(file_content); file_content = talloc_strdup(tmp_ctx, tmp_str); if (file_content == NULL) { ret = ENOMEM; goto done; } break; } } } ret = write_selinux_login_file(pd->user, user_domain, file_content); done: if (!file_content) { err = remove_selinux_login_file(pd->user); /* Don't overwrite original error condition if there was one */ if (ret == EOK) ret = err; } talloc_free(tmp_ctx); return ret; } static errno_t write_selinux_login_file(const char *orig_name, struct sss_domain_info *dom, char *string) { char *path = NULL; char *tmp_path = NULL; ssize_t written; size_t len; int fd = -1; mode_t oldmask; TALLOC_CTX *tmp_ctx; char *full_string = NULL; int enforce; errno_t ret = EOK; const char *username; len = strlen(string); if (len == 0) { return EINVAL; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } /* pam_selinux needs the username in the same format getpwnam() would * return it */ username = sss_get_cased_name(tmp_ctx, orig_name, dom->case_sensitive); if (username == NULL) { ret = ENOMEM; goto done; } path = selogin_path(tmp_ctx, username); if (path == NULL) { ret = ENOMEM; goto done; } tmp_path = talloc_asprintf(tmp_ctx, "%sXXXXXX", path); if (tmp_path == NULL) { ret = ENOMEM; goto done; } oldmask = umask(022); fd = mkstemp(tmp_path); ret = errno; umask(oldmask); if (fd < 0) { if (ret == ENOENT) { /* if selinux is disabled and selogin dir does not exist, * just ignore the error */ if (selinux_getenforcemode(&enforce) == 0 && enforce == -1) { ret = EOK; goto done; } /* continue if we can't get enforce mode or selinux is enabled */ } DEBUG(SSSDBG_OP_FAILURE, ("unable to create temp file [%s] " "for SELinux data [%d]: %s\n", tmp_path, ret, strerror(ret))); goto done; } full_string = talloc_asprintf(tmp_ctx, "%s:%s", ALL_SERVICES, string); if (full_string == NULL) { ret = ENOMEM; goto done; } len = strlen(full_string); errno = 0; written = sss_atomic_write_s(fd, full_string, len); if (written == -1) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("writing to SELinux data file %s" "failed [%d]: %s", tmp_path, ret, strerror(ret))); goto done; } if (written != len) { DEBUG(SSSDBG_OP_FAILURE, ("Expected to write %zd bytes, wrote %zu", written, len)); ret = EIO; goto done; } errno = 0; if (rename(tmp_path, path) < 0) { ret = errno; } else { ret = EOK; } close(fd); fd = -1; done: if (fd != -1) { close(fd); if (unlink(tmp_path) < 0) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not remove file [%s]", tmp_path)); } } talloc_free(tmp_ctx); return ret; } static errno_t remove_selinux_login_file(const char *username) { char *path; errno_t ret; path = selogin_path(NULL, username); if (!path) return ENOMEM; errno = 0; ret = unlink(path); if (ret < 0) { ret = errno; if (ret == ENOENT) { /* Just return success if the file was not there */ ret = EOK; } else { DEBUG(SSSDBG_OP_FAILURE, ("Could not remove login file %s [%d]: %s\n", path, ret, strerror(ret))); } } talloc_free(path); return ret; } /* A more generic request to gather all SELinux and HBAC rules. Updates * cache if necessary */ struct ipa_get_selinux_state { struct be_ctx *be_ctx; struct ipa_selinux_ctx *selinux_ctx; struct sdap_id_op *op; struct sysdb_attrs *host; struct sysdb_attrs *user; struct sysdb_attrs *defaults; struct sysdb_attrs **selinuxmaps; size_t nmaps; struct sysdb_attrs **hbac_rules; size_t hbac_rule_count; }; static errno_t ipa_get_selinux_maps_offline(struct tevent_req *req); static struct tevent_req * ipa_get_selinux_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct sysdb_attrs *user, struct sysdb_attrs *host, struct ipa_selinux_ctx *selinux_ctx) { struct tevent_req *req; struct tevent_req *subreq; struct ipa_get_selinux_state *state; bool offline; int ret = EOK; time_t now; time_t refresh_interval; struct ipa_options *ipa_options = selinux_ctx->id_ctx->ipa_options; DEBUG(SSSDBG_TRACE_FUNC, ("Retrieving SELinux user mapping\n")); req = tevent_req_create(mem_ctx, &state, struct ipa_get_selinux_state); if (req == NULL) { return NULL; } state->be_ctx = be_ctx; state->selinux_ctx = selinux_ctx; state->user = user; state->host = host; offline = be_is_offline(be_ctx); DEBUG(SSSDBG_TRACE_INTERNAL, ("Connection status is [%s].\n", offline ? "offline" : "online")); if (!offline) { refresh_interval = dp_opt_get_int(ipa_options->basic, IPA_SELINUX_REFRESH); now = time(NULL); if (now < selinux_ctx->last_update + refresh_interval) { /* SELinux maps were recently updated -> force offline */ DEBUG(SSSDBG_TRACE_INTERNAL, ("Performing cached SELinux processing\n")); offline = true; } } if (!offline) { state->op = sdap_id_op_create(state, selinux_ctx->id_ctx->sdap_id_ctx->conn->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; goto immediate; } subreq = sdap_id_op_connect_send(state->op, state, &ret); if (!subreq) { DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_id_op_connect_send failed: " "%d(%s).\n", ret, strerror(ret))); talloc_zfree(state->op); goto immediate; } tevent_req_set_callback(subreq, ipa_get_selinux_connect_done, req); } else { ret = ipa_get_selinux_maps_offline(req); goto immediate; } return req; immediate: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, be_ctx->ev); return req; } static void ipa_get_selinux_connect_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_get_selinux_state *state = tevent_req_data(req, struct ipa_get_selinux_state); int dp_error = DP_ERR_FATAL; int ret; struct ipa_id_ctx *id_ctx = state->selinux_ctx->id_ctx; const char *access_name; const char *selinux_name; const char *hostname; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (dp_error == DP_ERR_OFFLINE) { talloc_zfree(state->op); ret = ipa_get_selinux_maps_offline(req); if (ret == EOK) { tevent_req_done(req); return; } goto fail; } if (ret != EOK) { goto fail; } access_name = state->be_ctx->bet_info[BET_ACCESS].mod_name; selinux_name = state->be_ctx->bet_info[BET_SELINUX].mod_name; if (strcasecmp(access_name, selinux_name) == 0 && state->host != NULL) { /* If the access control module is the same as the selinux module * and the access control had already discovered the host */ return ipa_get_config_step(req); } hostname = dp_opt_get_string(state->selinux_ctx->id_ctx->ipa_options->basic, IPA_HOSTNAME); if (hostname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot determine the host name\n")); goto fail; } subreq = ipa_host_info_send(state, state->be_ctx->ev, sdap_id_op_handle(state->op), id_ctx->sdap_id_ctx->opts, hostname, id_ctx->ipa_options->host_map, NULL, state->selinux_ctx->host_search_bases); if (subreq == NULL) { ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, ipa_get_selinux_hosts_done, req); return; fail: tevent_req_error(req, ret); } static errno_t ipa_get_selinux_maps_offline(struct tevent_req *req) { errno_t ret; size_t nmaps; struct ldb_message **maps; struct ldb_message *defaults; const char *attrs[] = { SYSDB_NAME, SYSDB_USER_CATEGORY, SYSDB_HOST_CATEGORY, SYSDB_ORIG_MEMBER_USER, SYSDB_ORIG_MEMBER_HOST, SYSDB_SELINUX_SEEALSO, SYSDB_SELINUX_USER, NULL }; const char *default_user; const char *order; struct ipa_get_selinux_state *state = tevent_req_data(req, struct ipa_get_selinux_state); /* read the config entry */ ret = sysdb_search_selinux_config(state, state->be_ctx->domain->sysdb, state->be_ctx->domain, NULL, &defaults); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_selinux_config failed [%d]: %s\n", ret, strerror(ret))); return ret; } default_user = ldb_msg_find_attr_as_string(defaults, SYSDB_SELINUX_DEFAULT_USER, NULL); order = ldb_msg_find_attr_as_string(defaults, SYSDB_SELINUX_DEFAULT_ORDER, NULL); state->defaults = sysdb_new_attrs(state); if (state->defaults == NULL) { return ENOMEM; } ret = sysdb_attrs_add_string(state->defaults, IPA_CONFIG_SELINUX_DEFAULT_USER_CTX, default_user); if (ret != EOK) { return ret; } ret = sysdb_attrs_add_string(state->defaults, IPA_CONFIG_SELINUX_MAP_ORDER, order); if (ret != EOK) { return ret; } /* read all the SELinux rules */ ret = sysdb_get_selinux_usermaps(state, state->be_ctx->domain->sysdb, state->be_ctx->domain, attrs, &nmaps, &maps); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_get_selinux_usermaps failed [%d]: %s\n", ret, strerror(ret))); return ret; } ret = sysdb_msg2attrs(state, nmaps, maps, &state->selinuxmaps); if (ret != EOK) { return ret; } state->nmaps = nmaps; /* read all the HBAC rules */ ret = hbac_get_cached_rules(state, state->be_ctx->domain, &state->hbac_rule_count, &state->hbac_rules); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("hbac_get_cached_rules failed [%d]: %s\n", ret, strerror(ret))); return ret; } return EOK; } static void ipa_get_selinux_hosts_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_get_selinux_state *state = tevent_req_data(req, struct ipa_get_selinux_state); size_t host_count, hostgroup_count; struct sysdb_attrs **hostgroups; struct sysdb_attrs **host; ret = ipa_host_info_recv(subreq, state, &host_count, &host, &hostgroup_count, &hostgroups); talloc_free(subreq); if (ret != EOK) { goto done; } state->host = host[0]; return ipa_get_config_step(req); done: if (ret != EOK) { tevent_req_error(req, ret); } } static void ipa_get_config_step(struct tevent_req *req) { const char *domain; struct tevent_req *subreq; struct ipa_get_selinux_state *state = tevent_req_data(req, struct ipa_get_selinux_state); struct ipa_id_ctx *id_ctx = state->selinux_ctx->id_ctx; domain = dp_opt_get_string(state->selinux_ctx->id_ctx->ipa_options->basic, IPA_KRB5_REALM); subreq = ipa_get_config_send(state, state->be_ctx->ev, sdap_id_op_handle(state->op), id_ctx->sdap_id_ctx->opts, domain, NULL); if (subreq == NULL) { tevent_req_error(req, ENOMEM); } tevent_req_set_callback(subreq, ipa_get_selinux_config_done, req); } static void ipa_get_selinux_config_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_get_selinux_state *state = tevent_req_data(req, struct ipa_get_selinux_state); struct sdap_id_ctx *id_ctx = state->selinux_ctx->id_ctx->sdap_id_ctx; errno_t ret; ret = ipa_get_config_recv(subreq, state, &state->defaults); talloc_free(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get IPA config\n")); goto done; } subreq = ipa_selinux_get_maps_send(state, state->be_ctx->ev, state->be_ctx->domain->sysdb, sdap_id_op_handle(state->op), id_ctx->opts, state->selinux_ctx->id_ctx->ipa_options, state->selinux_ctx->selinux_search_bases); if (!subreq) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, ipa_get_selinux_maps_done, req); return; done: if (ret != EOK) { tevent_req_error(req, ret); } else { tevent_req_done(req); } } static void ipa_get_selinux_maps_done(struct tevent_req *subreq) { struct tevent_req *req; struct ipa_get_selinux_state *state; struct ipa_id_ctx *id_ctx; char *selinux_name; char *access_name; const char *tmp_str; bool check_hbac; errno_t ret; int i; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ipa_get_selinux_state); id_ctx = state->selinux_ctx->id_ctx; ret = ipa_selinux_get_maps_recv(subreq, state, &state->nmaps, &state->selinuxmaps); talloc_free(subreq); if (ret != EOK) { if (ret == ENOENT) { /* This is returned if no SELinux mapping * rules were found. In that case no error * occurred, but we don't want any more processing.*/ ret = EOK; } goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Found %zu SELinux user maps\n", state->nmaps)); check_hbac = false; for (i = 0; i < state->nmaps; i++) { ret = sysdb_attrs_get_string(state->selinuxmaps[i], SYSDB_SELINUX_SEEALSO, &tmp_str); if (ret == EOK) { check_hbac = true; break; } } if (check_hbac) { access_name = state->be_ctx->bet_info[BET_ACCESS].mod_name; selinux_name = state->be_ctx->bet_info[BET_SELINUX].mod_name; if (strcasecmp(access_name, selinux_name) == 0) { ret = hbac_get_cached_rules(state, state->be_ctx->domain, &state->hbac_rule_count, &state->hbac_rules); /* Terminates the request */ goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("SELinux maps referenced an HBAC rule. " "Need to refresh HBAC rules\n")); subreq = ipa_hbac_rule_info_send(state, false, state->be_ctx->ev, sdap_id_op_handle(state->op), id_ctx->sdap_id_ctx->opts, state->selinux_ctx->hbac_search_bases, state->host); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, ipa_get_selinux_hbac_done, req); return; } ret = EOK; done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } static void ipa_get_selinux_hbac_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_get_selinux_state *state = tevent_req_data(req, struct ipa_get_selinux_state); errno_t ret; ret = ipa_hbac_rule_info_recv(subreq, state, &state->hbac_rule_count, &state->hbac_rules); DEBUG(SSSDBG_TRACE_INTERNAL, ("Received %zu HBAC rules\n", state->hbac_rule_count)); talloc_free(subreq); if (ret != EOK) { tevent_req_error(req, ret); } else { tevent_req_done(req); } } static errno_t ipa_get_selinux_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *count, struct sysdb_attrs ***maps, size_t *hbac_count, struct sysdb_attrs ***hbac_rules, char **default_user, char **map_order) { struct ipa_get_selinux_state *state = tevent_req_data(req, struct ipa_get_selinux_state); const char *tmp_str; errno_t ret; TEVENT_REQ_RETURN_ON_ERROR(req); if (state->defaults != NULL) { ret = sysdb_attrs_get_string(state->defaults, IPA_CONFIG_SELINUX_DEFAULT_USER_CTX, &tmp_str); if (ret != EOK && ret != ENOENT) { return ret; } if (ret == EOK) { *default_user = talloc_strdup(mem_ctx, tmp_str); if (*default_user == NULL) { return ENOMEM; } } ret = sysdb_attrs_get_string(state->defaults, IPA_CONFIG_SELINUX_MAP_ORDER, &tmp_str); if (ret != EOK) { return ret; } *map_order = talloc_strdup(mem_ctx, tmp_str); if (*map_order == NULL) { talloc_zfree(*default_user); return ENOMEM; } } else { *map_order = NULL; *default_user = NULL; } if (state->selinuxmaps != NULL && state->nmaps != 0) { *count = state->nmaps; *maps = talloc_steal(mem_ctx, state->selinuxmaps); } else { *count = 0; *maps = NULL; } if (state->hbac_rules != NULL) { *hbac_count = state->hbac_rule_count; *hbac_rules = talloc_steal(mem_ctx, state->hbac_rules); } else { *hbac_count = 0; *hbac_rules = NULL; } return EOK; } /*end of #if defined HAVE_SELINUX && defined HAVE_SELINUX_LOGIN_DIR */ #else /* Simply return success if HAVE_SELINUX_LOGIN_DIR is not defined. */ void ipa_selinux_handler(struct be_req *be_req) { struct pam_data *pd; pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); pd->pam_status = PAM_SUCCESS; be_req_terminate(be_req, DP_ERR_OK, EOK, "Success"); } #endif sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_subdomains.c0000644000000000000000000000007412320753107022271 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.584875002 sssd-1.11.5/src/providers/ipa/ipa_subdomains.c0000664002412700241270000012375512320753107022530 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Subdomains Module Authors: Sumit Bose Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_idmap.h" #include "providers/ipa/ipa_subdomains.h" #include "providers/ipa/ipa_common.h" #include #define SUBDOMAINS_FILTER "objectclass=ipaNTTrustedDomain" #define MASTER_DOMAIN_FILTER "objectclass=ipaNTDomainAttrs" #define RANGE_FILTER "objectclass=ipaIDRange" #define IPA_CN "cn" #define IPA_FLATNAME "ipaNTFlatName" #define IPA_SID "ipaNTSecurityIdentifier" #define IPA_TRUSTED_DOMAIN_SID "ipaNTTrustedDomainSID" #define IPA_RANGE_TYPE "ipaRangeType" #define IPA_BASE_ID "ipaBaseID" #define IPA_ID_RANGE_SIZE "ipaIDRangeSize" #define IPA_BASE_RID "ipaBaseRID" #define IPA_SECONDARY_BASE_RID "ipaSecondaryBaseRID" #define OBJECTCLASS "objectClass" /* do not refresh more often than every 5 seconds for now */ #define IPA_SUBDOMAIN_REFRESH_LIMIT 5 #define IPA_SUBDOMAIN_DISABLED_PERIOD 3600 enum ipa_subdomains_req_type { IPA_SUBDOMAINS_MASTER, IPA_SUBDOMAINS_SLAVE, IPA_SUBDOMAINS_RANGES, IPA_SUBDOMAINS_MAX /* Counter */ }; struct ipa_subdomains_req_params { const char *filter; tevent_req_fn cb; const char *attrs[9]; }; struct ipa_subdomains_ctx { struct be_ctx *be_ctx; struct ipa_id_ctx *id_ctx; struct sdap_id_ctx *sdap_id_ctx; struct sdap_search_base **search_bases; struct sdap_search_base **master_search_bases; struct sdap_search_base **ranges_search_bases; time_t last_refreshed; struct tevent_timer *timer_event; bool configured_explicit; time_t disabled_until; }; struct be_ctx *ipa_get_subdomains_be_ctx(struct be_ctx *be_ctx) { struct ipa_subdomains_ctx *subdom_ctx; subdom_ctx = talloc_get_type(be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data, struct ipa_subdomains_ctx); if (subdom_ctx == NULL) { DEBUG(SSSDBG_TRACE_ALL, ("Subdomains are not configured.\n")); return NULL; } return subdom_ctx->be_ctx; } static errno_t ipa_ad_ctx_new(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx, struct sss_domain_info *subdom, struct ad_id_ctx **_ad_id_ctx) { struct ad_options *ad_options; struct ad_id_ctx *ad_id_ctx; const char *gc_service_name; struct ad_srv_plugin_ctx *srv_ctx; char *ad_domain; struct sdap_domain *sdom; errno_t ret; ad_options = ad_create_default_options(id_ctx, id_ctx->server_mode->realm, id_ctx->server_mode->hostname); if (ad_options == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize AD options\n")); talloc_free(ad_options); return ENOMEM; } ad_domain = subdom->name; ret = dp_opt_set_string(ad_options->basic, AD_DOMAIN, ad_domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set AD domain\n")); talloc_free(ad_options); return ret; } ret = dp_opt_set_string(ad_options->basic, AD_KRB5_REALM, id_ctx->server_mode->realm); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set AD realm\n")); talloc_free(ad_options); return ret; } gc_service_name = talloc_asprintf(ad_options, "%s%s", "gc_", subdom->name); if (gc_service_name == NULL) { talloc_free(ad_options); return ENOMEM; } /* Set KRB5 realm to same as the one of IPA when IPA * is able to attach PAC. For testing, use hardcoded. */ ret = ad_failover_init(ad_options, be_ctx, NULL, NULL, id_ctx->server_mode->realm, subdom->name, gc_service_name, subdom->name, &ad_options->service); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize AD failover\n")); talloc_free(ad_options); return ret; } ad_id_ctx = ad_id_ctx_init(ad_options, be_ctx); if (ad_id_ctx == NULL) { talloc_free(ad_options); return ENOMEM; } ad_id_ctx->sdap_id_ctx->opts = ad_options->id; ad_options->id_ctx = ad_id_ctx; /* use AD plugin */ srv_ctx = ad_srv_plugin_ctx_init(be_ctx, be_ctx->be_res, default_host_dbs, ad_id_ctx->ad_options->id, id_ctx->server_mode->hostname, ad_domain); if (srv_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); return ENOMEM; } be_fo_set_srv_lookup_plugin(be_ctx, ad_srv_plugin_send, ad_srv_plugin_recv, srv_ctx, "AD"); ret = sdap_domain_subdom_add(ad_id_ctx->sdap_id_ctx, ad_id_ctx->sdap_id_ctx->opts->sdom, subdom->parent); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize sdap domain\n")); talloc_free(ad_options); return ret; } sdom = sdap_domain_get(ad_id_ctx->sdap_id_ctx->opts, subdom); if (sdom == NULL) { return EFAULT; } ret = sdap_id_setup_tasks(be_ctx, ad_id_ctx->sdap_id_ctx, sdom, ldap_enumeration_send, ldap_enumeration_recv, ad_id_ctx->sdap_id_ctx); if (ret != EOK) { talloc_free(ad_options); return ret; } sdom->pvt = ad_id_ctx; /* Set up the ID mapping object */ ad_id_ctx->sdap_id_ctx->opts->idmap_ctx = id_ctx->sdap_id_ctx->opts->idmap_ctx; *_ad_id_ctx = ad_id_ctx; return EOK; } static errno_t ipa_server_trust_add(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx, struct sss_domain_info *subdom) { struct ipa_ad_server_ctx *trust_ctx; struct ad_id_ctx *ad_id_ctx; errno_t ret; ret = ipa_ad_ctx_new(be_ctx, id_ctx, subdom, &ad_id_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot create ad_id_ctx for subdomain %s\n", subdom->name)); return ret; } trust_ctx = talloc(id_ctx->server_mode, struct ipa_ad_server_ctx); if (trust_ctx == NULL) { return ENOMEM; } trust_ctx->dom = subdom; trust_ctx->ad_id_ctx = ad_id_ctx; DLIST_ADD(id_ctx->server_mode->trusts, trust_ctx); return EOK; } static errno_t ipa_ad_subdom_refresh(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx, struct sss_domain_info *parent) { struct sss_domain_info *dom; struct ipa_ad_server_ctx *trust_iter; errno_t ret; if (dp_opt_get_bool(id_ctx->ipa_options->basic, IPA_SERVER_MODE) == false) { return EOK; } for (dom = get_next_domain(parent, true); dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */ dom = get_next_domain(dom, false)) { /* Check if we already have an ID context for this subdomain */ DLIST_FOR_EACH(trust_iter, id_ctx->server_mode->trusts) { if (trust_iter->dom == dom) { break; } } /* Newly detected trust */ if (trust_iter == NULL) { ret = ipa_server_trust_add(be_ctx, id_ctx, dom); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot create ad_id_ctx for subdomain %s\n", dom->name)); continue; } } } return EOK; } static errno_t ipa_subdom_reinit(struct ipa_subdomains_ctx *ctx) { errno_t ret; ret = sysdb_update_subdomains(ctx->be_ctx->domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_update_subdomains failed.\n")); return ret; } ret = sss_write_domain_mappings(ctx->be_ctx->domain, dp_opt_get_bool(ctx->id_ctx->ipa_options->basic, IPA_SERVER_MODE)); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("sss_krb5_write_mappings failed.\n")); /* Just continue */ } return EOK; } static void ipa_ad_subdom_remove(struct ipa_subdomains_ctx *ctx, struct sss_domain_info *subdom) { struct ipa_ad_server_ctx *iter; struct sdap_domain *sdom; if (dp_opt_get_bool(ctx->id_ctx->ipa_options->basic, IPA_SERVER_MODE) == false) { return; } DLIST_FOR_EACH(iter, ctx->id_ctx->server_mode->trusts) { if (iter->dom == subdom) break; } if (iter == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No IPA-AD context for subdomain %s\n", subdom->name)); return; } sdom = sdap_domain_get(iter->ad_id_ctx->sdap_id_ctx->opts, subdom); if (sdom == NULL) return; be_ptask_destroy(&sdom->enum_task); be_ptask_destroy(&sdom->cleanup_task); sdap_domain_remove(iter->ad_id_ctx->sdap_id_ctx->opts, subdom); DLIST_REMOVE(ctx->id_ctx->server_mode->trusts, iter); /* terminate all requests for this subdomain so we can free it */ be_terminate_domain_requests(ctx->be_ctx, subdom->name); talloc_zfree(sdom); } const char *get_flat_name_from_subdomain_name(struct be_ctx *be_ctx, const char *name) { struct ipa_subdomains_ctx *ctx; struct sss_domain_info *dom; ctx = talloc_get_type(be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data, struct ipa_subdomains_ctx); if (ctx == NULL) { DEBUG(SSSDBG_TRACE_ALL, ("Subdomains are not configured.\n")); return NULL; } dom = find_subdomain_by_name(ctx->be_ctx->domain, name, true); if (dom) { return dom->flat_name; } return NULL; } static errno_t ipa_ranges_parse_results(TALLOC_CTX *mem_ctx, char *domain_name, size_t count, struct sysdb_attrs **reply, struct range_info ***_range_list) { struct range_info **range_list = NULL; struct range_info *r; const char *value; size_t c; size_t d; int ret; enum idmap_error_code err; char *name1; char *name2; char *sid1; char *sid2; uint32_t rid1; uint32_t rid2; struct sss_idmap_range range1; struct sss_idmap_range range2; bool mapping1; bool mapping2; range_list = talloc_array(mem_ctx, struct range_info *, count + 1); if (range_list == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n")); return ENOMEM; } for (c = 0; c < count; c++) { r = talloc_zero(range_list, struct range_info); if (r == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero failed.\n")); ret = ENOMEM; goto done; } ret = sysdb_attrs_get_string(reply[c], IPA_CN, &value); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } r->name = talloc_strdup(r, value); if (r->name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } ret = sysdb_attrs_get_string(reply[c], IPA_TRUSTED_DOMAIN_SID, &value); if (ret == EOK) { r->trusted_dom_sid = talloc_strdup(r, value); if (r->trusted_dom_sid == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } } else if (ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } ret = sysdb_attrs_get_uint32_t(reply[c], IPA_BASE_ID, &r->base_id); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } ret = sysdb_attrs_get_uint32_t(reply[c], IPA_ID_RANGE_SIZE, &r->id_range_size); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } ret = sysdb_attrs_get_uint32_t(reply[c], IPA_BASE_RID, &r->base_rid); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } ret = sysdb_attrs_get_uint32_t(reply[c], IPA_SECONDARY_BASE_RID, &r->secondary_base_rid); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } ret = sysdb_attrs_get_string(reply[c], IPA_RANGE_TYPE, &value); if (ret == EOK) { r->range_type = talloc_strdup(r, value); if (r->range_type == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } } else if (ret == ENOENT) { /* Older IPA servers might not have the range_type attribute, but * only support local ranges and trusts with algorithmic mapping. */ if (r->trusted_dom_sid == NULL) { r->range_type = talloc_strdup(r, IPA_RANGE_LOCAL); } else { r->range_type = talloc_strdup(r, IPA_RANGE_AD_TRUST); } } else { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } if (r->range_type == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } ret = get_idmap_data_from_range(r, domain_name, &name1, &sid1, &rid1, &range1, &mapping1); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("get_idmap_data_from_range failed.\n")); goto done; } for (d = 0; d < c; d++) { ret = get_idmap_data_from_range(range_list[d], domain_name, &name2, &sid2, &rid2, &range2, &mapping2); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("get_idmap_data_from_range failed.\n")); goto done; } err = sss_idmap_check_collision_ex(name1, sid1, &range1, rid1, r->name, mapping1, name2, sid2, &range2, rid2, range_list[d]->name, mapping2); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Collision of ranges [%s] and [%s] detected.\n", r->name, range_list[d]->name)); ret = EINVAL; goto done; } } range_list[c] = r; } range_list[c] = NULL; *_range_list = range_list; ret = EOK; done: if (ret != EOK) { talloc_free(range_list); } return ret; } static errno_t ipa_subdom_enumerates(struct sss_domain_info *parent, struct sysdb_attrs *attrs, bool *_enumerates) { errno_t ret; const char *name; ret = sysdb_attrs_get_string(attrs, IPA_CN, &name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); return ret; } *_enumerates = subdomain_enumerates(parent, name); return EOK; } static errno_t ipa_subdom_get_forest(TALLOC_CTX *mem_ctx, struct ldb_context *ldb_ctx, struct sysdb_attrs *attrs, char **_forest) { int ret; const char *orig_dn; struct ldb_dn *dn = NULL; const struct ldb_val *val; char *forest = NULL; ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } DEBUG(SSSDBG_TRACE_ALL, ("Checking if we need the forest name for [%s].\n", orig_dn)); dn = ldb_dn_new(mem_ctx, ldb_ctx, orig_dn); if (dn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ldb_dn_new failed.\n")); goto done; } if (!ldb_dn_validate(dn)) { DEBUG(SSSDBG_OP_FAILURE, ("Original DN [%s] is not a valid DN.\n", orig_dn)); ret = EINVAL; goto done; } if (ldb_dn_get_comp_num(dn) < 5) { /* We are only interested in the member domain objects. In IPA the * forest root object is stored as e.g. * cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Member domains in the * forest are children of the forest root object e.g. * cn=SUB.AD.DOM,cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Since * the forest name is not stored in the member objects we derive it * from the RDN of the forest root object. */ ret = EOK; goto done; } val = ldb_dn_get_component_val(dn, 3); if (strncasecmp("trusts", (const char *) val->data, val->length) != 0) { DEBUG(SSSDBG_TRACE_FUNC, ("4th component is not 'trust', nothing to do.\n")); ret = EOK; goto done; } val = ldb_dn_get_component_val(dn, 2); if (strncasecmp("ad", (const char *) val->data, val->length) != 0) { DEBUG(SSSDBG_TRACE_FUNC, ("3rd component is not 'ad', nothing to do.\n")); ret = EOK; goto done; } val = ldb_dn_get_component_val(dn, 1); forest = talloc_strndup(mem_ctx, (const char *) val->data, val->length); if (forest == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strndup failed.\n")); ret = ENOMEM; goto done; } done: talloc_free(dn); if (ret == EOK) { *_forest = forest; } return ret; } static errno_t ipa_subdom_store(struct sss_domain_info *parent, struct sdap_idmap_ctx *sdap_idmap_ctx, struct sysdb_attrs *attrs, bool enumerate) { TALLOC_CTX *tmp_ctx; const char *name; char *realm; const char *flat; const char *id; char *forest = NULL; int ret; bool mpg; tmp_ctx = talloc_new(parent); if (tmp_ctx == NULL) { return ENOMEM; } ret = sysdb_attrs_get_string(attrs, IPA_CN, &name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } realm = get_uppercase_realm(tmp_ctx, name); if (!realm) { ret = ENOMEM; goto done; } ret = sysdb_attrs_get_string(attrs, IPA_FLATNAME, &flat); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } ret = sysdb_attrs_get_string(attrs, IPA_TRUSTED_DOMAIN_SID, &id); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } mpg = sdap_idmap_domain_has_algorithmic_mapping(sdap_idmap_ctx, name, id); ret = ipa_subdom_get_forest(tmp_ctx, sysdb_ctx_get_ldb(parent->sysdb), attrs, &forest); if (ret != EOK) { goto done; } ret = sysdb_subdomain_store(parent->sysdb, name, realm, flat, id, mpg, enumerate, forest); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n")); goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } static errno_t ipa_subdomains_refresh(struct ipa_subdomains_ctx *ctx, int count, struct sysdb_attrs **reply, bool *changes) { struct sss_domain_info *parent, *dom; bool handled[count]; const char *value; int c, h; int ret; bool enumerate; parent = ctx->be_ctx->domain; memset(handled, 0, sizeof(bool) * count); h = 0; /* check existing subdomains */ for (dom = get_next_domain(parent, true); dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */ dom = get_next_domain(dom, false)) { for (c = 0; c < count; c++) { if (handled[c]) { continue; } ret = sysdb_attrs_get_string(reply[c], IPA_CN, &value); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); goto done; } if (strcmp(value, dom->name) == 0) { break; } } if (c >= count) { /* ok this subdomain does not exist anymore, let's clean up */ dom->disabled = true; ret = sysdb_subdomain_delete(dom->sysdb, dom->name); if (ret != EOK) { goto done; } /* Remove the AD ID ctx from the list of LDAP domains */ ipa_ad_subdom_remove(ctx, dom); } else { /* ok let's try to update it */ ret = ipa_subdom_enumerates(parent, reply[c], &enumerate); if (ret != EOK) { goto done; } ret = ipa_subdom_store(parent, ctx->sdap_id_ctx->opts->idmap_ctx, reply[c], enumerate); if (ret) { /* Nothing we can do about the errorr. Let's at least try * to reuse the existing domain */ DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to parse subdom data, " "will try to use cached subdomain\n")); } handled[c] = true; h++; } } if (count == h) { /* all domains were already accounted for and have been updated */ ret = EOK; goto done; } /* if we get here it means we have changes to the subdomains list */ *changes = true; for (c = 0; c < count; c++) { if (handled[c]) { continue; } /* Nothing we can do about the errorr. Let's at least try * to reuse the existing domain. */ ret = ipa_subdom_enumerates(parent, reply[c], &enumerate); if (ret != EOK) { goto done; } ret = ipa_subdom_store(parent, ctx->sdap_id_ctx->opts->idmap_ctx, reply[c], enumerate); if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to parse subdom data, " "will try to use cached subdomain\n")); } } ret = EOK; done: if (ret != EOK) { ctx->last_refreshed = 0; } else { ctx->last_refreshed = time(NULL); } return ret; } struct ipa_subdomains_req_ctx { struct be_req *be_req; struct ipa_subdomains_ctx *sd_ctx; struct sdap_id_op *sdap_op; char *current_filter; struct sdap_search_base **search_bases; int search_base_iter; size_t reply_count; struct sysdb_attrs **reply; }; static void ipa_subdomains_get_conn_done(struct tevent_req *req); static errno_t ipa_subdomains_handler_get(struct ipa_subdomains_req_ctx *ctx, enum ipa_subdomains_req_type type); static void ipa_subdomains_handler_done(struct tevent_req *req); static void ipa_subdomains_handler_master_done(struct tevent_req *req); static void ipa_subdomains_handler_ranges_done(struct tevent_req *req); static struct ipa_subdomains_req_params subdomain_requests[] = { { MASTER_DOMAIN_FILTER, ipa_subdomains_handler_master_done, { IPA_CN, IPA_FLATNAME, IPA_SID, NULL } }, { SUBDOMAINS_FILTER, ipa_subdomains_handler_done, { IPA_CN, IPA_FLATNAME, IPA_TRUSTED_DOMAIN_SID, NULL } }, { RANGE_FILTER, ipa_subdomains_handler_ranges_done, { OBJECTCLASS, IPA_CN, IPA_BASE_ID, IPA_BASE_RID, IPA_SECONDARY_BASE_RID, IPA_ID_RANGE_SIZE, IPA_TRUSTED_DOMAIN_SID, IPA_RANGE_TYPE, NULL } } }; static void ipa_subdomains_retrieve(struct ipa_subdomains_ctx *ctx, struct be_req *be_req) { struct ipa_subdomains_req_ctx *req_ctx = NULL; struct tevent_req *req; int dp_error = DP_ERR_FATAL; int ret; req_ctx = talloc(be_req, struct ipa_subdomains_req_ctx); if (req_ctx == NULL) { ret = ENOMEM; goto done; } req_ctx->be_req = be_req; req_ctx->sd_ctx = ctx; req_ctx->search_base_iter = 0; req_ctx->search_bases = ctx->ranges_search_bases; req_ctx->current_filter = NULL; req_ctx->reply_count = 0; req_ctx->reply = NULL; req_ctx->sdap_op = sdap_id_op_create(req_ctx, ctx->sdap_id_ctx->conn->conn_cache); if (req_ctx->sdap_op == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n")); ret = ENOMEM; goto done; } req = sdap_id_op_connect_send(req_ctx->sdap_op, req_ctx, &ret); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret))); goto done; } tevent_req_set_callback(req, ipa_subdomains_get_conn_done, req_ctx); return; done: talloc_free(req_ctx); if (ret == EOK) { dp_error = DP_ERR_OK; } be_req_terminate(be_req, dp_error, ret, NULL); } static void ipa_subdomains_get_conn_done(struct tevent_req *req) { int ret; int dp_error = DP_ERR_FATAL; struct ipa_subdomains_req_ctx *ctx; ctx = tevent_req_callback_data(req, struct ipa_subdomains_req_ctx); ret = sdap_id_op_connect_recv(req, &dp_error); talloc_zfree(req); if (ret) { if (dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_MINOR_FAILURE, ("No IPA server is available, cannot get the " "subdomain list while offline\n")); } else { DEBUG(SSSDBG_OP_FAILURE, ("Failed to connect to IPA server: [%d](%s)\n", ret, strerror(ret))); } goto fail; } ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_RANGES); if (ret != EOK && ret != EAGAIN) { goto fail; } return; fail: be_req_terminate(ctx->be_req, dp_error, ret, NULL); } static errno_t ipa_subdomains_handler_get(struct ipa_subdomains_req_ctx *ctx, enum ipa_subdomains_req_type type) { struct tevent_req *req; struct sdap_search_base *base; struct ipa_subdomains_req_params *params; if (type >= IPA_SUBDOMAINS_MAX) { return EINVAL; } params = &subdomain_requests[type]; base = ctx->search_bases[ctx->search_base_iter]; if (base == NULL) { return EOK; } talloc_free(ctx->current_filter); ctx->current_filter = sdap_get_id_specific_filter(ctx, params->filter, base->filter); if (ctx->current_filter == NULL) { return ENOMEM; } req = sdap_get_generic_send(ctx, ctx->sd_ctx->be_ctx->ev, ctx->sd_ctx->sdap_id_ctx->opts, sdap_id_op_handle(ctx->sdap_op), base->basedn, base->scope, ctx->current_filter, params->attrs, NULL, 0, dp_opt_get_int(ctx->sd_ctx->sdap_id_ctx->opts->basic, SDAP_SEARCH_TIMEOUT), false); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n")); return ENOMEM; } tevent_req_set_callback(req, params->cb, ctx); return EAGAIN; } static void ipa_subdomains_handler_done(struct tevent_req *req) { int ret; size_t reply_count; struct sysdb_attrs **reply = NULL; struct ipa_subdomains_req_ctx *ctx; struct sss_domain_info *domain; bool refresh_has_changes = false; int dp_error = DP_ERR_FATAL; ctx = tevent_req_callback_data(req, struct ipa_subdomains_req_ctx); domain = ctx->sd_ctx->be_ctx->domain; ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n")); goto done; } if (reply_count) { ctx->reply = talloc_realloc(ctx, ctx->reply, struct sysdb_attrs *, ctx->reply_count + reply_count); if (ctx->reply == NULL) { ret = ENOMEM; goto done; } memcpy(ctx->reply+ctx->reply_count, reply, reply_count * sizeof(struct sysdb_attrs *)); ctx->reply_count += reply_count; } ctx->search_base_iter++; ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_SLAVE); if (ret == EAGAIN) { return; } else if (ret != EOK) { goto done; } ret = ipa_subdomains_refresh(ctx->sd_ctx, ctx->reply_count, ctx->reply, &refresh_has_changes); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to refresh subdomains.\n")); goto done; } if (refresh_has_changes) { ret = ipa_subdom_reinit(ctx->sd_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not reinitialize subdomains\n")); goto done; } ret = ipa_ad_subdom_refresh(ctx->sd_ctx->be_ctx, ctx->sd_ctx->id_ctx, domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ipa_ad_subdom_refresh failed.\n")); goto done; } } ret = sysdb_master_domain_update(domain); if (ret != EOK) { goto done; } if (domain->flat_name == NULL || domain->domain_id == NULL || domain->realm == NULL) { ctx->search_base_iter = 0; ctx->search_bases = ctx->sd_ctx->master_search_bases; ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_MASTER); if (ret == EAGAIN) { return; } else if (ret != EOK) { goto done; } } else { ret = EOK; } done: if (ret == EOK) { dp_error = DP_ERR_OK; } be_req_terminate(ctx->be_req, dp_error, ret, NULL); } static void ipa_subdomains_handler_ranges_done(struct tevent_req *req) { errno_t ret; int dp_error = DP_ERR_FATAL; size_t reply_count; struct sysdb_attrs **reply = NULL; struct ipa_subdomains_req_ctx *ctx; struct range_info **range_list = NULL; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; ctx = tevent_req_callback_data(req, struct ipa_subdomains_req_ctx); domain = ctx->sd_ctx->be_ctx->domain; sysdb = domain->sysdb; ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n")); goto done; } ret = ipa_ranges_parse_results(ctx, domain->name, reply_count, reply, &range_list); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ipa_ranges_parse_results request failed.\n")); goto done; } ret = sysdb_update_ranges(sysdb, range_list); talloc_free(range_list); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_update_ranges failed.\n")); goto done; } ctx->search_base_iter = 0; ctx->search_bases = ctx->sd_ctx->search_bases; ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_SLAVE); if (ret == EAGAIN) { return; } else if (ret != EOK) { goto done; } DEBUG(SSSDBG_OP_FAILURE, ("No search base for ranges available.\n")); ret = EINVAL; done: if (ret == EOK) { dp_error = DP_ERR_OK; } be_req_terminate(ctx->be_req, dp_error, ret, NULL); } static void ipa_subdomains_handler_master_done(struct tevent_req *req) { errno_t ret; int dp_error = DP_ERR_FATAL; size_t reply_count; struct sysdb_attrs **reply = NULL; struct ipa_subdomains_req_ctx *ctx; ctx = tevent_req_callback_data(req, struct ipa_subdomains_req_ctx); ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n")); goto done; } if (reply_count) { const char *flat = NULL; const char *id = NULL; ret = sysdb_attrs_get_string(reply[0], IPA_FLATNAME, &flat); if (ret != EOK) { goto done; } ret = sysdb_attrs_get_string(reply[0], IPA_SID, &id); if (ret != EOK) { goto done; } ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain, flat, id, NULL); } else { ctx->search_base_iter++; ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_MASTER); if (ret == EAGAIN) { return; } else if (ret != EOK) { goto done; } /* Right now we know there has been an error * and we don't have the master domain record */ DEBUG(SSSDBG_CRIT_FAILURE, ("Master domain record not found!\n")); if (!ctx->sd_ctx->configured_explicit) { ctx->sd_ctx->disabled_until = time(NULL) + IPA_SUBDOMAIN_DISABLED_PERIOD; } ret = EIO; } done: if (ret == EOK) { dp_error = DP_ERR_OK; } be_req_terminate(ctx->be_req, dp_error, ret, NULL); } static void ipa_subdom_online_cb(void *pvt); static void ipa_subdom_timer_refresh(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt) { ipa_subdom_online_cb(pvt); } static void ipa_subdom_be_req_callback(struct be_req *be_req, int dp_err, int dp_ret, const char *errstr) { talloc_free(be_req); } static void ipa_subdom_reset_timeouts_cb(void *pvt) { struct ipa_subdomains_ctx *ctx; ctx = talloc_get_type(pvt, struct ipa_subdomains_ctx); if (ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Bad private pointer\n")); return; } DEBUG(SSSDBG_TRACE_ALL, ("Resetting last_refreshed and disabled_until.\n")); ctx->last_refreshed = 0; ctx->disabled_until = 0; } static void ipa_subdom_online_cb(void *pvt) { struct ipa_subdomains_ctx *ctx; struct be_req *be_req; struct timeval tv; uint32_t refresh_interval; ctx = talloc_get_type(pvt, struct ipa_subdomains_ctx); if (!ctx) { DEBUG(SSSDBG_CRIT_FAILURE, ("Bad private pointer\n")); return; } ctx->disabled_until = 0; refresh_interval = ctx->be_ctx->domain->subdomain_refresh_interval; be_req = be_req_create(ctx, NULL, ctx->be_ctx, ipa_subdom_be_req_callback, NULL); if (be_req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("be_req_create() failed.\n")); return; } ipa_subdomains_retrieve(ctx, be_req); tv = tevent_timeval_current_ofs(refresh_interval, 0); ctx->timer_event = tevent_add_timer(ctx->be_ctx->ev, ctx, tv, ipa_subdom_timer_refresh, ctx); if (!ctx->timer_event) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom timer event\n")); } } static void ipa_subdom_offline_cb(void *pvt) { struct ipa_subdomains_ctx *ctx; ctx = talloc_get_type(pvt, struct ipa_subdomains_ctx); if (ctx) { talloc_zfree(ctx->timer_event); } } static errno_t get_config_status(struct be_ctx *be_ctx, bool *configured_explicit) { int ret; TALLOC_CTX *tmp_ctx = NULL; char *tmp_str; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } ret = confdb_get_string(be_ctx->cdb, tmp_ctx, be_ctx->conf_path, CONFDB_DOMAIN_SUBDOMAINS_PROVIDER, NULL, &tmp_str); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("confdb_get_string failed.\n")); goto done; } if (tmp_str == NULL) { *configured_explicit = false; } else { *configured_explicit = true; } DEBUG(SSSDBG_TRACE_ALL, ("IPA subdomain provider is configured %s.\n", *configured_explicit ? "explicit" : "implicit")); ret = EOK; done: talloc_free(tmp_ctx); return ret; } void ipa_subdomains_handler(struct be_req *be_req) { struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct ipa_subdomains_ctx *ctx; time_t now; ctx = talloc_get_type(be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data, struct ipa_subdomains_ctx); if (!ctx) { be_req_terminate(be_req, DP_ERR_FATAL, EINVAL, NULL); return; } now = time(NULL); if (ctx->disabled_until > now) { DEBUG(SSSDBG_TRACE_ALL, ("Subdomain provider disabled.\n")); be_req_terminate(be_req, DP_ERR_OK, EOK, NULL); return; } if (ctx->last_refreshed > now - IPA_SUBDOMAIN_REFRESH_LIMIT) { be_req_terminate(be_req, DP_ERR_OK, EOK, NULL); return; } ipa_subdomains_retrieve(ctx, be_req); } struct bet_ops ipa_subdomains_ops = { .handler = ipa_subdomains_handler, .finalize = NULL }; int ipa_subdom_init(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data) { struct ipa_subdomains_ctx *ctx; int ret; bool configured_explicit = false; ret = get_config_status(be_ctx, &configured_explicit); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("get_config_status failed.\n")); return ret; } ctx = talloc_zero(id_ctx, struct ipa_subdomains_ctx); if (ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); return ENOMEM; } ctx->be_ctx = be_ctx; ctx->id_ctx = id_ctx; ctx->sdap_id_ctx = id_ctx->sdap_id_ctx; ctx->search_bases = id_ctx->ipa_options->subdomains_search_bases; ctx->master_search_bases = id_ctx->ipa_options->master_domain_search_bases; ctx->ranges_search_bases = id_ctx->ipa_options->ranges_search_bases; ctx->configured_explicit = configured_explicit; ctx->disabled_until = 0; *ops = &ipa_subdomains_ops; *pvt_data = ctx; ret = be_add_unconditional_online_cb(ctx, be_ctx, ipa_subdom_reset_timeouts_cb, ctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom reset timeouts callback")); } ret = be_add_online_cb(ctx, be_ctx, ipa_subdom_online_cb, ctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom online callback")); } ret = be_add_offline_cb(ctx, be_ctx, ipa_subdom_offline_cb, ctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom offline callback")); } ret = ipa_subdom_reinit(ctx); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not load the list of subdomains. " "Users from trusted domains might not be resolved correctly\n")); } return EOK; } int ipa_ad_subdom_init(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx) { char *realm; char *hostname; errno_t ret; if (dp_opt_get_bool(id_ctx->ipa_options->basic, IPA_SERVER_MODE) == false) { return EOK; } /* The IPA code relies on the default FQDN format to unparse user * names. Warn loudly if the full_name_format was customized on the * IPA server */ if ((strcmp(be_ctx->domain->names->fq_fmt, CONFDB_DEFAULT_FULL_NAME_FORMAT) != 0) && (strcmp(be_ctx->domain->names->fq_fmt, CONFDB_DEFAULT_FULL_NAME_FORMAT_INTERNAL) != 0)) { DEBUG(SSSDBG_FATAL_FAILURE, ("%s is set to a non-default value [%s] " \ "lookups of subdomain users will likely fail!\n", CONFDB_FULL_NAME_FORMAT, be_ctx->domain->names->fq_fmt)); sss_log(SSS_LOG_ERR, "%s is set to a non-default value [%s] " \ "lookups of subdomain users will likely fail!\n", CONFDB_FULL_NAME_FORMAT, be_ctx->domain->names->fq_fmt); /* Attempt to continue */ } realm = dp_opt_get_string(id_ctx->ipa_options->basic, IPA_KRB5_REALM); if (realm == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm for IPA?\n")); return EINVAL; } hostname = dp_opt_get_string(id_ctx->ipa_options->basic, IPA_HOSTNAME); if (hostname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No host name for IPA?\n")); return EINVAL; } id_ctx->server_mode = talloc_zero(id_ctx, struct ipa_server_mode_ctx); if (id_ctx->server_mode == NULL) { return ENOMEM; } id_ctx->server_mode->realm = realm; id_ctx->server_mode->hostname = hostname; id_ctx->server_mode->trusts = NULL; id_ctx->server_mode->ext_groups = NULL; ret = ipa_ad_subdom_refresh(be_ctx, id_ctx, be_ctx->domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ipa_ad_subdom_refresh failed.\n")); return ret; } return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_srv.h0000644000000000000000000000007412320753107020744 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.495875068 sssd-1.11.5/src/providers/ipa/ipa_srv.h0000664002412700241270000000346712320753107021200 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __IPA_SRV_H__ #define __IPA_SRV_H__ struct ipa_srv_plugin_ctx; struct ipa_srv_plugin_ctx * ipa_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx, struct resolv_ctx *resolv_ctx, const char *hostname, const char *ipa_domain); struct tevent_req *ipa_srv_plugin_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *service, const char *protocol, const char *discovery_domain, void *pvt); errno_t ipa_srv_plugin_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain, struct fo_server_info **_primary_servers, size_t *_num_primary_servers, struct fo_server_info **_backup_servers, size_t *_num_backup_servers); #endif /* __IPA_SRV_H__ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_auth.h0000644000000000000000000000007412320753107021073 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.490875072 sssd-1.11.5/src/providers/ipa/ipa_auth.h0000664002412700241270000000165212320753107021321 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- Authentication Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _IPA_AUTH_H_ #define _IPA_AUTH_H_ #include "providers/dp_backend.h" void ipa_auth(struct be_req *be_req); #endif /* _IPA_AUTH_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_init.c0000644000000000000000000000007412320753107021070 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.576875008 sssd-1.11.5/src/providers/ipa/ipa_init.c0000664002412700241270000004641312320753107021322 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Provider Initialization functions Authors: Simo Sorce Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "util/child_common.h" #include "providers/ipa/ipa_common.h" #include "providers/krb5/krb5_auth.h" #include "providers/krb5/krb5_init_shared.h" #include "providers/ipa/ipa_id.h" #include "providers/ipa/ipa_auth.h" #include "providers/ipa/ipa_access.h" #include "providers/ipa/ipa_hostid.h" #include "providers/ipa/ipa_dyndns.h" #include "providers/ipa/ipa_selinux.h" #include "providers/ldap/sdap_access.h" #include "providers/ldap/sdap_idmap.h" #include "providers/ipa/ipa_subdomains.h" #include "providers/ipa/ipa_srv.h" #include "providers/dp_dyndns.h" struct ipa_options *ipa_options = NULL; /* Id Handler */ struct bet_ops ipa_id_ops = { .handler = ipa_account_info_handler, .finalize = NULL, .check_online = ipa_check_online }; struct bet_ops ipa_auth_ops = { .handler = ipa_auth, .finalize = NULL, }; struct bet_ops ipa_chpass_ops = { .handler = ipa_auth, .finalize = NULL, }; struct bet_ops ipa_access_ops = { .handler = ipa_access_handler, .finalize = NULL }; struct bet_ops ipa_selinux_ops = { .handler = ipa_selinux_handler, .finalize = NULL }; #ifdef BUILD_SSH struct bet_ops ipa_hostid_ops = { .handler = ipa_host_info_handler, .finalize = NULL }; #endif static bool srv_in_server_list(const char *servers) { TALLOC_CTX *tmp_ctx; char **list = NULL; int ret = 0; bool has_srv = false; if (servers == NULL) return true; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return false; } /* split server parm into a list */ ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n")); goto done; } for (int i = 0; list[i]; i++) { has_srv = be_fo_is_srv_identifier(list[i]); if (has_srv == true) { break; } } done: talloc_free(tmp_ctx); return has_srv; } int common_ipa_init(struct be_ctx *bectx) { const char *ipa_servers; const char *ipa_backup_servers; int ret; ret = ipa_get_options(bectx, bectx->cdb, bectx->conf_path, bectx->domain, &ipa_options); if (ret != EOK) { return ret; } ipa_servers = dp_opt_get_string(ipa_options->basic, IPA_SERVER); ipa_backup_servers = dp_opt_get_string(ipa_options->basic, IPA_BACKUP_SERVER); ret = ipa_service_init(ipa_options, bectx, ipa_servers, ipa_backup_servers, ipa_options, &ipa_options->service); if (ret != EOK) { DEBUG(0, ("Failed to init IPA failover service!\n")); return ret; } return EOK; } int sssm_ipa_id_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { struct ipa_id_ctx *ipa_ctx; struct sdap_id_ctx *sdap_ctx; const char *hostname; const char *ipa_domain; const char *ipa_servers; struct ipa_srv_plugin_ctx *srv_ctx; bool server_mode; int ret; if (!ipa_options) { ret = common_ipa_init(bectx); if (ret != EOK) { return ret; } } if (ipa_options->id_ctx) { /* already initialized */ *ops = &ipa_id_ops; *pvt_data = ipa_options->id_ctx; return EOK; } ipa_ctx = talloc_zero(ipa_options, struct ipa_id_ctx); if (!ipa_ctx) { return ENOMEM; } ipa_options->id_ctx = ipa_ctx; ipa_ctx->ipa_options = ipa_options; sdap_ctx = sdap_id_ctx_new(ipa_options, bectx, ipa_options->service->sdap); if (sdap_ctx == NULL) { return ENOMEM; } ipa_ctx->sdap_id_ctx = sdap_ctx; ret = ipa_get_id_options(ipa_options, bectx->cdb, bectx->conf_path, &sdap_ctx->opts); if (ret != EOK) { goto done; } ret = ipa_get_dyndns_options(bectx, ipa_options); if (ret != EOK) { goto done; } if (dp_opt_get_bool(ipa_options->dyndns_ctx->opts, DP_OPT_DYNDNS_UPDATE)) { /* Perform automatic DNS updates when the * IP address changes. * Register a callback for successful LDAP * reconnections. This is the easiest way to * identify that we have gone online. */ DEBUG(SSSDBG_CONF_SETTINGS, ("Dynamic DNS updates are on. Checking for nsupdate..\n")); ret = be_nsupdate_check(); if (ret == EOK) { /* nsupdate is available. Dynamic updates * are supported */ ret = ipa_dyndns_init(sdap_ctx->be, ipa_options); if (ret != EOK) { DEBUG(1, ("Failure setting up automatic DNS update\n")); /* We will continue without DNS updating */ } } } ret = setup_tls_config(sdap_ctx->opts->basic); if (ret != EOK) { DEBUG(1, ("setup_tls_config failed [%d][%s].\n", ret, strerror(ret))); goto done; } /* Set up the ID mapping object */ ret = ipa_idmap_init(sdap_ctx, sdap_ctx, &sdap_ctx->opts->idmap_ctx); if (ret != EOK) goto done; ret = ldap_id_setup_tasks(sdap_ctx); if (ret != EOK) { goto done; } ret = sdap_setup_child(); if (ret != EOK) { DEBUG(1, ("setup_child failed [%d][%s].\n", ret, strerror(ret))); goto done; } /* setup SRV lookup plugin */ hostname = dp_opt_get_string(ipa_options->basic, IPA_HOSTNAME); server_mode = dp_opt_get_bool(ipa_options->basic, IPA_SERVER_MODE); if (dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES)) { /* use IPA plugin */ ipa_domain = dp_opt_get_string(ipa_options->basic, IPA_DOMAIN); srv_ctx = ipa_srv_plugin_ctx_init(bectx, bectx->be_res->resolv, hostname, ipa_domain); if (srv_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); ret = ENOMEM; goto done; } be_fo_set_srv_lookup_plugin(bectx, ipa_srv_plugin_send, ipa_srv_plugin_recv, srv_ctx, "IPA"); } else if (server_mode == true) { ipa_servers = dp_opt_get_string(ipa_options->basic, IPA_SERVER); if (srv_in_server_list(ipa_servers) == true) { DEBUG(SSSDBG_MINOR_FAILURE, ("SRV resolution enabled on the IPA server. " "Site discovery of trusted AD servers might not work\n")); /* If SRV discovery is enabled on the server and * dns_discovery_domain is set explicitly, then * the current failover code would use the dns_discovery * domain to try to find AD servers and fail */ if (dp_opt_get_string(bectx->be_res->opts, DP_RES_OPT_DNS_DOMAIN)) { sss_log(SSS_LOG_ERR, ("SRV discovery is enabled on the IPA " "server while using custom dns_discovery_domain. " "DNS discovery of trusted AD domain will likely fail. " "It is recommended not to use SRV discovery or the " "dns_discovery_domain option for the IPA domain while " "running on the server itself\n")); DEBUG(SSSDBG_CRIT_FAILURE, ("SRV discovery is enabled on IPA " "server while using custom dns_discovery_domain. " "DNS discovery of trusted AD domain will likely fail. " "It is recommended not to use SRV discovery or the " "dns_discovery_domain option for the IPA domain while " "running on the server itself\n")); } ret = be_fo_set_dns_srv_lookup_plugin(bectx, hostname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set SRV lookup plugin " "[%d]: %s\n", ret, strerror(ret))); goto done; } } else { /* In server mode we need to ignore the dns_discovery_domain if set * and only discover servers based on AD domains */ ret = dp_opt_set_string(bectx->be_res->opts, DP_RES_OPT_DNS_DOMAIN, NULL); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not reset the " "dns_discovery_domain, trusted AD domains discovery " "might fail. Please remove dns_discovery_domain " "from the config file and restart the SSSD\n")); } else { DEBUG(SSSDBG_CONF_SETTINGS, ("The value of dns_discovery_domain " "will be ignored in ipa_server_mode\n")); } } } else { /* fall back to standard plugin on clients. */ ret = be_fo_set_dns_srv_lookup_plugin(bectx, hostname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set SRV lookup plugin " "[%d]: %s\n", ret, strerror(ret))); goto done; } } /* setup periodical refresh of expired records */ ret = be_refresh_add_cb(bectx->refresh_ctx, BE_REFRESH_TYPE_NETGROUPS, sdap_refresh_netgroups_send, sdap_refresh_netgroups_recv, sdap_ctx); if (ret != EOK && ret != EEXIST) { DEBUG(SSSDBG_MINOR_FAILURE, ("Periodical refresh of netgroups " "will not work [%d]: %s\n", ret, strerror(ret))); } *ops = &ipa_id_ops; *pvt_data = ipa_ctx; ret = EOK; done: if (ret != EOK) { talloc_zfree(ipa_options->id_ctx); } return ret; } int sssm_ipa_auth_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { struct ipa_auth_ctx *ipa_auth_ctx; struct ipa_id_ctx *id_ctx; struct krb5_ctx *krb5_auth_ctx; struct sdap_auth_ctx *sdap_auth_ctx; struct bet_ops *id_ops; int ret; if (!ipa_options) { ret = common_ipa_init(bectx); if (ret != EOK) { return ret; } } if (ipa_options->auth_ctx) { /* already initialized */ *ops = &ipa_auth_ops; *pvt_data = ipa_options->auth_ctx; return EOK; } ipa_auth_ctx = talloc_zero(ipa_options, struct ipa_auth_ctx); if (!ipa_auth_ctx) { return ENOMEM; } ipa_options->auth_ctx = ipa_auth_ctx; ret = sssm_ipa_id_init(bectx, &id_ops, (void **) &id_ctx); if (ret != EOK) { DEBUG(1, ("sssm_ipa_id_init failed.\n")); goto done; } ipa_auth_ctx->sdap_id_ctx = id_ctx->sdap_id_ctx; ret = dp_copy_options(ipa_auth_ctx, ipa_options->basic, IPA_OPTS_BASIC, &ipa_auth_ctx->ipa_options); if (ret != EOK) { DEBUG(1, ("dp_copy_options failed.\n")); goto done; } krb5_auth_ctx = talloc_zero(ipa_auth_ctx, struct krb5_ctx); if (!krb5_auth_ctx) { ret = ENOMEM; goto done; } krb5_auth_ctx->service = ipa_options->service->krb5_service; if (dp_opt_get_bool(id_ctx->ipa_options->basic, IPA_SERVER_MODE) == true) { krb5_auth_ctx->config_type = K5C_IPA_SERVER; } else { krb5_auth_ctx->config_type = K5C_IPA_CLIENT; } ipa_options->auth_ctx->krb5_auth_ctx = krb5_auth_ctx; ret = ipa_get_auth_options(ipa_options, bectx->cdb, bectx->conf_path, &krb5_auth_ctx->opts); if (ret != EOK) { goto done; } sdap_auth_ctx = talloc_zero(ipa_auth_ctx, struct sdap_auth_ctx); if (!sdap_auth_ctx) { ret = ENOMEM; goto done; } sdap_auth_ctx->be = bectx; sdap_auth_ctx->service = ipa_options->service->sdap; if (ipa_options->id == NULL) { ret = EINVAL; goto done; } sdap_auth_ctx->opts = ipa_options->id; ipa_options->auth_ctx->sdap_auth_ctx = sdap_auth_ctx; ret = setup_tls_config(sdap_auth_ctx->opts->basic); if (ret != EOK) { DEBUG(1, ("setup_tls_config failed [%d][%s].\n", ret, strerror(ret))); goto done; } /* Initialize features needed by the krb5_child */ ret = krb5_child_init(krb5_auth_ctx, bectx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not initialize krb5_child settings: [%s]\n", strerror(ret))); goto done; } *ops = &ipa_auth_ops; *pvt_data = ipa_auth_ctx; ret = EOK; done: if (ret != EOK) { talloc_zfree(ipa_options->auth_ctx); } return ret; } int sssm_ipa_chpass_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret; ret = sssm_ipa_auth_init(bectx, ops, pvt_data); *ops = &ipa_chpass_ops; return ret; } int sssm_ipa_access_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret; struct ipa_access_ctx *ipa_access_ctx; struct ipa_id_ctx *id_ctx; ipa_access_ctx = talloc_zero(bectx, struct ipa_access_ctx); if (ipa_access_ctx == NULL) { DEBUG(1, ("talloc_zero failed.\n")); return ENOMEM; } ret = sssm_ipa_id_init(bectx, ops, (void **) &id_ctx); if (ret != EOK) { DEBUG(1, ("sssm_ipa_id_init failed.\n")); goto done; } ipa_access_ctx->sdap_ctx = id_ctx->sdap_id_ctx; ipa_access_ctx->host_map = id_ctx->ipa_options->host_map; ipa_access_ctx->hostgroup_map = id_ctx->ipa_options->hostgroup_map; ipa_access_ctx->host_search_bases = id_ctx->ipa_options->host_search_bases; ipa_access_ctx->hbac_search_bases = id_ctx->ipa_options->hbac_search_bases; ret = dp_copy_options(ipa_access_ctx, ipa_options->basic, IPA_OPTS_BASIC, &ipa_access_ctx->ipa_options); if (ret != EOK) { DEBUG(1, ("dp_copy_options failed.\n")); goto done; } /* Set up an sdap_access_ctx for checking expired/locked * accounts. */ ipa_access_ctx->sdap_access_ctx = talloc_zero(ipa_access_ctx, struct sdap_access_ctx); ipa_access_ctx->sdap_access_ctx->id_ctx = ipa_access_ctx->sdap_ctx; ipa_access_ctx->sdap_access_ctx->access_rule[0] = LDAP_ACCESS_EXPIRE; ipa_access_ctx->sdap_access_ctx->access_rule[1] = LDAP_ACCESS_EMPTY; *ops = &ipa_access_ops; *pvt_data = ipa_access_ctx; done: if (ret != EOK) { talloc_free(ipa_access_ctx); } return ret; } int sssm_ipa_selinux_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret; struct ipa_selinux_ctx *selinux_ctx; struct ipa_options *opts; selinux_ctx = talloc_zero(bectx, struct ipa_selinux_ctx); if (selinux_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); return ENOMEM; } ret = sssm_ipa_id_init(bectx, ops, (void **) &selinux_ctx->id_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ipa_id_init failed.\n")); goto done; } opts = selinux_ctx->id_ctx->ipa_options; selinux_ctx->hbac_search_bases = opts->hbac_search_bases; selinux_ctx->host_search_bases = opts->host_search_bases; selinux_ctx->selinux_search_bases = opts->selinux_search_bases; *ops = &ipa_selinux_ops; *pvt_data = selinux_ctx; done: if (ret != EOK) { talloc_free(selinux_ctx); } return ret; } #ifdef BUILD_SSH int sssm_ipa_hostid_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret; struct ipa_hostid_ctx *hostid_ctx; struct ipa_id_ctx *id_ctx; hostid_ctx = talloc_zero(bectx, struct ipa_hostid_ctx); if (hostid_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); return ENOMEM; } ret = sssm_ipa_id_init(bectx, ops, (void **) &id_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ipa_id_init failed.\n")); goto done; } hostid_ctx->sdap_id_ctx = id_ctx->sdap_id_ctx; hostid_ctx->host_search_bases = id_ctx->ipa_options->host_search_bases; hostid_ctx->ipa_opts = ipa_options; *ops = &ipa_hostid_ops; *pvt_data = hostid_ctx; done: if (ret != EOK) { talloc_free(hostid_ctx); } return ret; } #endif int sssm_ipa_autofs_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { #ifdef BUILD_AUTOFS struct ipa_id_ctx *id_ctx; int ret; DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing IPA autofs handler\n")); ret = sssm_ipa_id_init(bectx, ops, (void **) &id_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ipa_id_init failed.\n")); return ret; } return ipa_autofs_init(bectx, id_ctx, ops, pvt_data); #else DEBUG(SSSDBG_MINOR_FAILURE, ("Autofs init handler called but SSSD is " "built without autofs support, ignoring\n")); return EOK; #endif } int sssm_ipa_subdomains_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret; struct ipa_id_ctx *id_ctx; ret = sssm_ipa_id_init(bectx, ops, (void **) &id_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ipa_id_init failed.\n")); return ret; } ret = ipa_subdom_init(bectx, id_ctx, ops, pvt_data); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("ipa_subdom_init failed.\n")); return ret; } ret = ipa_ad_subdom_init(bectx, id_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("ipa_ad_subdom_init failed.\n")); return ret; } return EOK; } int sssm_ipa_sudo_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { #ifdef BUILD_SUDO struct ipa_id_ctx *id_ctx; int ret; DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing IPA sudo handler\n")); ret = sssm_ipa_id_init(bectx, ops, (void **) &id_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ipa_id_init failed.\n")); return ret; } return ipa_sudo_init(bectx, id_ctx, ops, pvt_data); #else DEBUG(SSSDBG_MINOR_FAILURE, ("Sudo init handler called but SSSD is " "built without sudo support, ignoring\n")); return EOK; #endif } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_access.c0000644000000000000000000000007412320753107021366 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.581875005 sssd-1.11.5/src/providers/ipa/ipa_access.c0000664002412700241270000005442712320753107021624 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- Access control Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include "util/util.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_access.h" #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_access.h" #include "providers/ipa/ipa_hbac.h" #include "providers/ipa/ipa_hosts.h" #include "providers/ipa/ipa_hbac_private.h" #include "providers/ipa/ipa_hbac_rules.h" static void ipa_access_reply(struct hbac_ctx *hbac_ctx, int pam_status) { struct be_req *be_req = hbac_ctx->be_req; struct pam_data *pd; pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); pd->pam_status = pam_status; /* destroy HBAC context now to release all used resources and LDAP connection */ talloc_zfree(hbac_ctx); if (pam_status == PAM_SUCCESS || pam_status == PAM_PERM_DENIED) { be_req_terminate(be_req, DP_ERR_OK, pam_status, NULL); } else { be_req_terminate(be_req, DP_ERR_FATAL, pam_status, NULL); } } enum hbac_result { HBAC_ALLOW = 1, HBAC_DENY, HBAC_NOT_APPLICABLE }; enum check_result { RULE_APPLICABLE = 0, RULE_NOT_APPLICABLE, RULE_ERROR }; static void ipa_hbac_check(struct tevent_req *req); static int hbac_retry(struct hbac_ctx *hbac_ctx); static void hbac_connect_done(struct tevent_req *subreq); static bool hbac_check_step_result(struct hbac_ctx *hbac_ctx, int ret); static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx); static void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx); void ipa_access_handler(struct be_req *be_req) { struct pam_data *pd; struct ipa_access_ctx *ipa_access_ctx; struct tevent_req *req; struct sss_domain_info *dom; struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); ipa_access_ctx = talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data, struct ipa_access_ctx); dom = be_ctx->domain; if (strcasecmp(pd->domain, be_ctx->domain->name) != 0) { /* Subdomain request, verify subdomain */ dom = find_subdomain_by_name(be_ctx->domain, pd->domain, true); } /* First, verify that this account isn't locked. * We need to do this in case the auth phase was * skipped (such as during GSSAPI single-sign-on * or SSH public key exchange. */ req = sdap_access_send(be_req, be_ctx->ev, be_ctx, dom, ipa_access_ctx->sdap_access_ctx, ipa_access_ctx->sdap_access_ctx->id_ctx->conn, pd); if (!req) { be_req_terminate(be_req, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL); return; } tevent_req_set_callback(req, ipa_hbac_check, be_req); } static void ipa_hbac_check(struct tevent_req *req) { struct be_req *be_req; struct be_ctx *be_ctx; struct pam_data *pd; struct hbac_ctx *hbac_ctx = NULL; const char *deny_method; struct ipa_access_ctx *ipa_access_ctx; int ret; be_req = tevent_req_callback_data(req, struct be_req); be_ctx = be_req_get_be_ctx(be_req); pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); ret = sdap_access_recv(req); talloc_zfree(req); switch(ret) { case EOK: /* Account wasn't locked. Continue below * to HBAC processing. */ break; case ERR_ACCESS_DENIED: /* Account was locked. Return permission denied * here. */ pd->pam_status = PAM_PERM_DENIED; be_req_terminate(be_req, DP_ERR_OK, pd->pam_status, NULL); return; case ERR_ACCOUNT_EXPIRED: pd->pam_status = PAM_ACCT_EXPIRED; be_req_terminate(be_req, DP_ERR_OK, pd->pam_status, NULL); return; default: /* We got an unexpected error. Return it as-is */ pd->pam_status = PAM_SYSTEM_ERR; be_req_terminate(be_req, DP_ERR_FATAL, pd->pam_status, sss_strerror(ret)); return; } hbac_ctx = talloc_zero(be_req, struct hbac_ctx); if (hbac_ctx == NULL) { DEBUG(1, ("talloc failed.\n")); ret = ENOMEM; goto fail; } hbac_ctx->be_req = be_req; hbac_ctx->pd = pd; ipa_access_ctx = talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data, struct ipa_access_ctx); hbac_ctx->access_ctx = ipa_access_ctx; hbac_ctx->sdap_ctx = ipa_access_ctx->sdap_ctx; hbac_ctx->ipa_options = ipa_access_ctx->ipa_options; hbac_ctx->tr_ctx = ipa_access_ctx->tr_ctx; hbac_ctx->search_bases = ipa_access_ctx->hbac_search_bases; if (hbac_ctx->search_bases == NULL) { DEBUG(1, ("No HBAC search base found.\n")); ret = EINVAL; goto fail; } deny_method = dp_opt_get_string(hbac_ctx->ipa_options, IPA_HBAC_DENY_METHOD); if (strcasecmp(deny_method, "IGNORE") == 0) { hbac_ctx->get_deny_rules = false; } else { hbac_ctx->get_deny_rules = true; } ret = hbac_retry(hbac_ctx); if (ret != EOK) { goto fail; } return; fail: if (hbac_ctx) { /* Return an proper error */ ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); } else { be_req_terminate(be_req, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL); } } static int hbac_retry(struct hbac_ctx *hbac_ctx) { struct tevent_req *subreq; int ret; bool offline; time_t now, refresh_interval; struct ipa_access_ctx *access_ctx = hbac_ctx->access_ctx; struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); offline = be_is_offline(be_ctx); DEBUG(9, ("Connection status is [%s].\n", offline ? "offline" : "online")); refresh_interval = dp_opt_get_int(hbac_ctx->ipa_options, IPA_HBAC_REFRESH); now = time(NULL); if (now < access_ctx->last_update + refresh_interval) { /* Simulate offline mode and just go to the cache */ DEBUG(6, ("Performing cached HBAC evaluation\n")); offline = true; } if (!offline) { if (hbac_ctx->sdap_op == NULL) { hbac_ctx->sdap_op = sdap_id_op_create(hbac_ctx, hbac_ctx->sdap_ctx->conn->conn_cache); if (hbac_ctx->sdap_op == NULL) { DEBUG(1, ("sdap_id_op_create failed.\n")); return EIO; } } subreq = sdap_id_op_connect_send(hbac_ctx->sdap_op, hbac_ctx, &ret); if (!subreq) { DEBUG(1, ("sdap_id_op_connect_send failed: %d(%s).\n", ret, strerror(ret))); talloc_zfree(hbac_ctx->sdap_op); return ret; } tevent_req_set_callback(subreq, hbac_connect_done, hbac_ctx); } else { /* Evaluate the rules based on what we have in the * sysdb */ ipa_hbac_evaluate_rules(hbac_ctx); return EOK; } return EOK; } static void hbac_connect_done(struct tevent_req *subreq) { struct hbac_ctx *hbac_ctx = tevent_req_callback_data(subreq, struct hbac_ctx); int ret, dp_error; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); if (dp_error == DP_ERR_OFFLINE) { /* switching to offline mode */ talloc_zfree(hbac_ctx->sdap_op); ipa_hbac_evaluate_rules(hbac_ctx); return; } else if (ret != EOK) { goto fail; } ret = hbac_get_host_info_step(hbac_ctx); if (ret != EOK) { goto fail; } return; fail: ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); } static void hbac_clear_rule_data(struct hbac_ctx *hbac_ctx) { hbac_ctx->host_count = 0; talloc_zfree(hbac_ctx->hosts); hbac_ctx->hostgroup_count = 0; talloc_zfree(hbac_ctx->hostgroups); hbac_ctx->service_count = 0; talloc_zfree(hbac_ctx->services); hbac_ctx->servicegroup_count = 0; talloc_zfree(hbac_ctx->servicegroups); hbac_ctx->rule_count = 0; talloc_zfree(hbac_ctx->rules); } /* Check whether the current HBAC request is processed in off-line mode */ static inline bool hbac_ctx_is_offline(struct hbac_ctx *ctx) { return ctx == NULL || ctx->sdap_op == NULL; } /* Check the step result code and continue, retry, get offline result or abort accordingly */ static bool hbac_check_step_result(struct hbac_ctx *hbac_ctx, int ret) { int dp_error; if (ret == EOK) { return true; } if (hbac_ctx_is_offline(hbac_ctx)) { /* already offline => the error is fatal */ ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return false; } ret = sdap_id_op_done(hbac_ctx->sdap_op, ret, &dp_error); if (ret != EOK) { if (dp_error == DP_ERR_OFFLINE) { /* switching to offline mode */ talloc_zfree(hbac_ctx->sdap_op); /* Free any of the results we've gotten */ hbac_clear_rule_data(hbac_ctx); dp_error = DP_ERR_OK; } if (dp_error == DP_ERR_OK) { /* retry */ ret = hbac_retry(hbac_ctx); if (ret == EOK) { return false; } } } ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return false; } static void hbac_get_service_info_step(struct tevent_req *req); static void hbac_get_rule_info_step(struct tevent_req *req); static void hbac_sysdb_save (struct tevent_req *req); static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx) { struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); const char *hostname; struct tevent_req *req; if (dp_opt_get_bool(hbac_ctx->ipa_options, IPA_HBAC_SUPPORT_SRCHOST)) { /* Support srchost * -> we don't want any particular host, * we want all hosts */ hostname = NULL; } else { hostname = dp_opt_get_string(hbac_ctx->ipa_options, IPA_HOSTNAME); } req = ipa_host_info_send(hbac_ctx, be_ctx->ev, sdap_id_op_handle(hbac_ctx->sdap_op), hbac_ctx->sdap_ctx->opts, hostname, hbac_ctx->access_ctx->host_map, hbac_ctx->access_ctx->hostgroup_map, hbac_ctx->access_ctx->host_search_bases); if (req == NULL) { DEBUG(1, ("Could not get host info\n")); return ENOMEM; } tevent_req_set_callback(req, hbac_get_service_info_step, hbac_ctx); return EOK; } static void hbac_get_service_info_step(struct tevent_req *req) { errno_t ret; struct hbac_ctx *hbac_ctx = tevent_req_callback_data(req, struct hbac_ctx); struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); ret = ipa_host_info_recv(req, hbac_ctx, &hbac_ctx->host_count, &hbac_ctx->hosts, &hbac_ctx->hostgroup_count, &hbac_ctx->hostgroups); talloc_zfree(req); if (!hbac_check_step_result(hbac_ctx, ret)) { return; } /* Get services and service groups */ req = ipa_hbac_service_info_send(hbac_ctx, be_ctx->ev, sdap_id_op_handle(hbac_ctx->sdap_op), hbac_ctx->sdap_ctx->opts, hbac_ctx->search_bases); if (req == NULL) { DEBUG(1,("Could not get service info\n")); goto fail; } tevent_req_set_callback(req, hbac_get_rule_info_step, hbac_ctx); return; fail: ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); } static void hbac_get_rule_info_step(struct tevent_req *req) { errno_t ret; size_t i; const char *ipa_hostname; const char *hostname; struct hbac_ctx *hbac_ctx = tevent_req_callback_data(req, struct hbac_ctx); struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); ret = ipa_hbac_service_info_recv(req, hbac_ctx, &hbac_ctx->service_count, &hbac_ctx->services, &hbac_ctx->servicegroup_count, &hbac_ctx->servicegroups); talloc_zfree(req); if (!hbac_check_step_result(hbac_ctx, ret)) { return; } /* Get the ipa_host attrs */ hbac_ctx->ipa_host = NULL; ipa_hostname = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME); if (ipa_hostname == NULL) { DEBUG(1, ("Missing ipa_hostname, this should never happen.\n")); goto fail; } for (i = 0; i < hbac_ctx->host_count; i++) { ret = sysdb_attrs_get_string(hbac_ctx->hosts[i], SYSDB_FQDN, &hostname); if (ret != EOK) { DEBUG(1, ("Could not locate IPA host\n")); goto fail; } if (strcasecmp(hostname, ipa_hostname) == 0) { hbac_ctx->ipa_host = hbac_ctx->hosts[i]; break; } } if (hbac_ctx->ipa_host == NULL) { DEBUG(1, ("Could not locate IPA host\n")); goto fail; } /* Get the list of applicable rules */ req = ipa_hbac_rule_info_send(hbac_ctx, hbac_ctx->get_deny_rules, be_ctx->ev, sdap_id_op_handle(hbac_ctx->sdap_op), hbac_ctx->sdap_ctx->opts, hbac_ctx->search_bases, hbac_ctx->ipa_host); if (req == NULL) { DEBUG(1, ("Could not get rules\n")); goto fail; } tevent_req_set_callback(req, hbac_sysdb_save, hbac_ctx); return; fail: ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); } static void hbac_sysdb_save(struct tevent_req *req) { errno_t ret; bool in_transaction = false; struct hbac_ctx *hbac_ctx = tevent_req_callback_data(req, struct hbac_ctx); struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); struct sss_domain_info *domain = be_ctx->domain; struct ldb_dn *base_dn; struct ipa_access_ctx *access_ctx = talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data, struct ipa_access_ctx); TALLOC_CTX *tmp_ctx; ret = ipa_hbac_rule_info_recv(req, hbac_ctx, &hbac_ctx->rule_count, &hbac_ctx->rules); talloc_zfree(req); if (ret == ENOENT) { /* No rules were found that apply to this * host. */ tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } /* Delete any rules in the sysdb so offline logins * are also denied. */ base_dn = sysdb_custom_subtree_dn(domain->sysdb, tmp_ctx, domain, HBAC_RULES_SUBDIR); if (base_dn == NULL) { talloc_free(tmp_ctx); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } ret = sysdb_delete_recursive(domain->sysdb, base_dn, true); talloc_free(tmp_ctx); if (ret != EOK) { DEBUG(1, ("sysdb_delete_recursive failed.\n")); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } /* If no rules are found, we default to DENY */ ipa_access_reply(hbac_ctx, PAM_PERM_DENIED); return; } if (!hbac_check_step_result(hbac_ctx, ret)) { return; } ret = sysdb_transaction_start(domain->sysdb); if (ret != EOK) { DEBUG(0, ("Could not start transaction\n")); goto fail; } in_transaction = true; /* Save the hosts */ ret = ipa_hbac_sysdb_save(domain, HBAC_HOSTS_SUBDIR, SYSDB_FQDN, hbac_ctx->host_count, hbac_ctx->hosts, HBAC_HOSTGROUPS_SUBDIR, SYSDB_NAME, hbac_ctx->hostgroup_count, hbac_ctx->hostgroups); if (ret != EOK) { DEBUG(1, ("Error saving hosts: [%d][%s]\n", ret, strerror(ret))); goto fail; } /* Save the services */ ret = ipa_hbac_sysdb_save(domain, HBAC_SERVICES_SUBDIR, IPA_CN, hbac_ctx->service_count, hbac_ctx->services, HBAC_SERVICEGROUPS_SUBDIR, IPA_CN, hbac_ctx->servicegroup_count, hbac_ctx->servicegroups); if (ret != EOK) { DEBUG(1, ("Error saving services: [%d][%s]\n", ret, strerror(ret))); goto fail; } /* Save the rules */ ret = ipa_hbac_sysdb_save(domain, HBAC_RULES_SUBDIR, IPA_UNIQUE_ID, hbac_ctx->rule_count, hbac_ctx->rules, NULL, NULL, 0, NULL); if (ret != EOK) { DEBUG(1, ("Error saving rules: [%d][%s]\n", ret, strerror(ret))); goto fail; } ret = sysdb_transaction_commit(domain->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto fail; } in_transaction = false; /* We don't need the rule data any longer, * the rest of the processing relies on * sysdb lookups. */ hbac_clear_rule_data(hbac_ctx); access_ctx->last_update = time(NULL); /* Now evaluate the request against the rules */ ipa_hbac_evaluate_rules(hbac_ctx); return; fail: if (in_transaction) { ret = sysdb_transaction_cancel(domain->sysdb); if (ret != EOK) { DEBUG(0, ("Could not cancel transaction\n")); } } ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); } void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx) { struct be_ctx *be_ctx = be_req_get_be_ctx(hbac_ctx->be_req); errno_t ret; struct hbac_rule **hbac_rules; struct hbac_eval_req *eval_req; enum hbac_eval_result result; struct hbac_info *info; /* Get HBAC rules from the sysdb */ ret = hbac_get_cached_rules(hbac_ctx, be_ctx->domain, &hbac_ctx->rule_count, &hbac_ctx->rules); if (ret != EOK) { DEBUG(1, ("Could not retrieve rules from the cache\n")); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); } ret = hbac_ctx_to_rules(hbac_ctx, hbac_ctx, &hbac_rules, &eval_req); if (ret == EPERM) { DEBUG(1, ("DENY rules detected. Denying access to all users\n")); ipa_access_reply(hbac_ctx, PAM_PERM_DENIED); return; } else if (ret != EOK) { DEBUG(1, ("Could not construct HBAC rules\n")); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } result = hbac_evaluate(hbac_rules, eval_req, &info); if (result == HBAC_EVAL_ALLOW) { DEBUG(3, ("Access granted by HBAC rule [%s]\n", info->rule_name)); hbac_free_info(info); ipa_access_reply(hbac_ctx, PAM_SUCCESS); return; } else if (result == HBAC_EVAL_ERROR) { DEBUG(1, ("Error [%s] occurred in rule [%s]\n", hbac_error_string(info->code), info->rule_name)); hbac_free_info(info); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } else if (result == HBAC_EVAL_OOM) { DEBUG(1, ("Insufficient memory\n")); ipa_access_reply(hbac_ctx, PAM_SYSTEM_ERR); return; } DEBUG(3, ("Access denied by HBAC rules\n")); hbac_free_info(info); ipa_access_reply(hbac_ctx, PAM_PERM_DENIED); } errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, size_t *_rule_count, struct sysdb_attrs ***_rules) { errno_t ret; struct ldb_message **msgs; struct sysdb_attrs **rules; size_t rule_count; TALLOC_CTX *tmp_ctx; char *filter; const char *attrs[] = { OBJECTCLASS, IPA_CN, SYSDB_ORIG_DN, IPA_UNIQUE_ID, IPA_ENABLED_FLAG, IPA_ACCESS_RULE_TYPE, IPA_MEMBER_USER, IPA_USER_CATEGORY, IPA_MEMBER_SERVICE, IPA_SERVICE_CATEGORY, IPA_SOURCE_HOST, IPA_SOURCE_HOST_CATEGORY, IPA_EXTERNAL_HOST, IPA_MEMBER_HOST, IPA_HOST_CATEGORY, NULL }; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) return ENOMEM; filter = talloc_asprintf(tmp_ctx, "(objectClass=%s)", IPA_HBAC_RULE); if (filter == NULL) { ret = ENOMEM; goto done; } ret = sysdb_search_custom(tmp_ctx, domain->sysdb, domain, filter, HBAC_RULES_SUBDIR, attrs, &rule_count, &msgs); if (ret != EOK && ret != ENOENT) { DEBUG(1, ("Error looking up HBAC rules")); goto done; } if (ret == ENOENT) { rule_count = 0; } ret = sysdb_msg2attrs(tmp_ctx, rule_count, msgs, &rules); if (ret != EOK) { DEBUG(1, ("Could not convert ldb message to sysdb_attrs\n")); goto done; } if (_rules) *_rules = talloc_steal(mem_ctx, rules); if (_rule_count) *_rule_count = rule_count; ret = EOK; done: talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hbac.pc0000644000000000000000000000013012320753520021172 xustar000000000000000028 mtime=1396954960.3688759 30 atime=1396954961.035875408 30 ctime=1396954961.405875134 sssd-1.11.5/src/providers/ipa/ipa_hbac.pc0000664002412700241270000000036312320753520021425 0ustar00jhrozekjhrozek00000000000000prefix=/usr/local exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include Name: ipa_hbac Description: FreeIPA HBAC Evaluator library Version: 1.11.5 Libs: -L${libdir} -lipa_hbac Cflags: URL: http://fedorahosted.org/sssd/ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hbac_users.c0000644000000000000000000000007412320753107022243 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.591874997 sssd-1.11.5/src/providers/ipa/ipa_hbac_users.c0000664002412700241270000002501412320753107022467 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "providers/ipa/ipa_hbac_private.h" #include "providers/ldap/sdap_async.h" /* Returns EOK and populates groupname if * the group_dn is actually a group. * Returns ENOENT if group_dn does not point * at a a group. * Returns EINVAL if there is a parsing error. * Returns ENOMEM as appropriate */ errno_t get_ipa_groupname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, const char *group_dn, const char **groupname) { errno_t ret; struct ldb_dn *dn; const char *rdn_name; const char *group_comp_name; const char *account_comp_name; const struct ldb_val *rdn_val; const struct ldb_val *group_comp_val; const struct ldb_val *account_comp_val; /* This is an IPA-specific hack. It may not * work for non-IPA servers and will need to * be changed if SSSD ever supports HBAC on * a non-IPA server. */ *groupname = NULL; dn = ldb_dn_new(mem_ctx, sysdb_ctx_get_ldb(sysdb), group_dn); if (dn == NULL) { ret = ENOMEM; goto done; } if (!ldb_dn_validate(dn)) { ret = EINVAL; goto done; } if (ldb_dn_get_comp_num(dn) < 4) { /* RDN, groups, accounts, and at least one DC= */ /* If it's fewer, it's not a group DN */ ret = ENOENT; goto done; } /* If the RDN name is 'cn' */ rdn_name = ldb_dn_get_rdn_name(dn); if (rdn_name == NULL) { /* Shouldn't happen if ldb_dn_validate() * passed, but we'll be careful. */ ret = EINVAL; goto done; } if (strcasecmp("cn", rdn_name) != 0) { /* RDN has the wrong attribute name. * It's not a group. */ ret = ENOENT; goto done; } /* and the second component is "cn=groups" */ group_comp_name = ldb_dn_get_component_name(dn, 1); if (strcasecmp("cn", group_comp_name) != 0) { /* The second component name is not "cn" */ ret = ENOENT; goto done; } group_comp_val = ldb_dn_get_component_val(dn, 1); if (strncasecmp("groups", (const char *) group_comp_val->data, group_comp_val->length) != 0) { /* The second component value is not "groups" */ ret = ENOENT; goto done; } /* and the third component is "accounts" */ account_comp_name = ldb_dn_get_component_name(dn, 2); if (strcasecmp("cn", account_comp_name) != 0) { /* The third component name is not "cn" */ ret = ENOENT; goto done; } account_comp_val = ldb_dn_get_component_val(dn, 2); if (strncasecmp("accounts", (const char *) account_comp_val->data, account_comp_val->length) != 0) { /* The third component value is not "accounts" */ ret = ENOENT; goto done; } /* Then the value of the RDN is the group name */ rdn_val = ldb_dn_get_rdn_val(dn); *groupname = talloc_strndup(mem_ctx, (const char *)rdn_val->data, rdn_val->length); if (*groupname == NULL) { ret = ENOMEM; goto done; } ret = EOK; done: talloc_free(dn); return ret; } errno_t hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **users) { errno_t ret; TALLOC_CTX *tmp_ctx = NULL; struct hbac_rule_element *new_users = NULL; struct ldb_message_element *el = NULL; struct ldb_message **msgs = NULL; char *filter; char *member_dn; const char *member_user; const char *attrs[] = { SYSDB_NAME, NULL }; size_t num_users = 0; size_t num_groups = 0; const char *name; size_t count; size_t i; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) return ENOMEM; new_users = talloc_zero(tmp_ctx, struct hbac_rule_element); if (new_users == NULL) { ret = ENOMEM; goto done; } DEBUG(7, ("Processing users for rule [%s]\n", rule_name)); ret = hbac_get_category(rule_attrs, IPA_USER_CATEGORY, &new_users->category); if (ret != EOK) { DEBUG(1, ("Could not identify user categories\n")); goto done; } if (new_users->category & HBAC_CATEGORY_ALL) { /* Short-cut to the exit */ ret = EOK; goto done; } ret = sysdb_attrs_get_el(rule_attrs, IPA_MEMBER_USER, &el); if (ret != EOK && ret != ENOENT) { DEBUG(1, ("sysdb_attrs_get_el failed.\n")); goto done; } if (ret == ENOENT || el->num_values == 0) { el->num_values = 0; DEBUG(4, ("No user specified, rule will never apply.\n")); } new_users->names = talloc_array(new_users, const char *, el->num_values + 1); if (new_users->names == NULL) { ret = ENOMEM; goto done; } new_users->groups = talloc_array(new_users, const char *, el->num_values + 1); if (new_users->groups == NULL) { ret = ENOMEM; goto done; } for (i = 0; i < el->num_values; i++) { member_user = (const char *)el->values[i].data; ret = sss_filter_sanitize(tmp_ctx, member_user, &member_dn); if (ret != EOK) goto done; filter = talloc_asprintf(member_dn, "(%s=%s)", SYSDB_ORIG_DN, member_dn); if (filter == NULL) { ret = ENOMEM; goto done; } /* First check if this is a user */ ret = sysdb_search_users(tmp_ctx, domain->sysdb, domain, filter, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; if (ret == EOK && count == 0) { ret = ENOENT; } if (ret == EOK) { if (count > 1) { DEBUG(1, ("Original DN matched multiple users. Skipping \n")); talloc_zfree(member_dn); continue; } /* Original DN matched a single user. Get the username */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { DEBUG(1, ("Attribute is missing!\n")); ret = EFAULT; goto done; } new_users->names[num_users] = talloc_strdup(new_users->names, name); if (new_users->names[num_users] == NULL) { ret = ENOMEM; goto done; } DEBUG(8, ("Added user [%s] to rule [%s]\n", name, rule_name)); num_users++; } else { /* Check if it is a group instead */ ret = sysdb_search_groups(tmp_ctx, domain->sysdb, domain, filter, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; if (ret == EOK && count == 0) { ret = ENOENT; } if (ret == EOK) { if (count > 1) { DEBUG(1, ("Original DN matched multiple groups. " "Skipping\n")); talloc_zfree(member_dn); continue; } /* Original DN matched a single group. Get the groupname */ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { DEBUG(1, ("Attribute is missing!\n")); ret = EFAULT; goto done; } new_users->groups[num_groups] = talloc_strdup(new_users->groups, name); if (new_users->groups[num_groups] == NULL) { ret = ENOMEM; goto done; } DEBUG(8, ("Added POSIX group [%s] to rule [%s]\n", name, rule_name)); num_groups++; } else { /* If the group still matches the group pattern, * we can assume it is a non-POSIX group. */ ret = get_ipa_groupname(new_users->groups, domain->sysdb, member_user, &new_users->groups[num_groups]); if (ret == EOK) { DEBUG(8, ("Added non-POSIX group [%s] to rule [%s]\n", new_users->groups[num_groups], rule_name)); num_groups++; } else { /* Not a group, so we don't care about it */ DEBUG(1, ("[%s] does not map to either a user or group. " "Skipping\n", member_dn)); } } } talloc_zfree(member_dn); } new_users->names[num_users] = NULL; new_users->groups[num_groups] = NULL; /* Shrink the arrays down to their real sizes */ new_users->names = talloc_realloc(new_users, new_users->names, const char *, num_users + 1); if (new_users->names == NULL) { ret = ENOMEM; goto done; } new_users->groups = talloc_realloc(new_users, new_users->groups, const char *, num_groups + 1); if (new_users->groups == NULL) { ret = ENOMEM; goto done; } ret = EOK; done: if (ret == EOK) { *users = talloc_steal(mem_ctx, new_users); } talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_common.c0000644000000000000000000000007412320753107021415 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.577875007 sssd-1.11.5/src/providers/ipa/ipa_common.c0000664002412700241270000011254212320753107021644 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Provider Common Functions Authors: Simo Sorce Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "db/sysdb_selinux.h" #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_dyndns.h" #include "providers/ldap/sdap_async_private.h" #include "providers/dp_dyndns.h" #include "util/sss_krb5.h" #include "db/sysdb_services.h" #include "db/sysdb_autofs.h" #include "providers/ipa/ipa_opts.h" int ipa_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct sss_domain_info *dom, struct ipa_options **_opts) { struct ipa_options *opts; char *domain; char *server; char *realm; char *ipa_hostname; int ret; char hostname[HOST_NAME_MAX + 1]; opts = talloc_zero(memctx, struct ipa_options); if (!opts) return ENOMEM; ret = dp_get_options(opts, cdb, conf_path, ipa_basic_opts, IPA_OPTS_BASIC, &opts->basic); if (ret != EOK) { goto done; } domain = dp_opt_get_string(opts->basic, IPA_DOMAIN); if (!domain) { ret = dp_opt_set_string(opts->basic, IPA_DOMAIN, dom->name); if (ret != EOK) { goto done; } domain = dom->name; } server = dp_opt_get_string(opts->basic, IPA_SERVER); if (!server) { DEBUG(1, ("No ipa server set, will use service discovery!\n")); } ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); if (ipa_hostname == NULL) { ret = gethostname(hostname, HOST_NAME_MAX); if (ret != EOK) { DEBUG(1, ("gethostname failed [%d][%s].\n", errno, strerror(errno))); ret = errno; goto done; } hostname[HOST_NAME_MAX] = '\0'; DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname)); ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); if (ret != EOK) { goto done; } } /* First check whether the realm has been manually specified */ realm = dp_opt_get_string(opts->basic, IPA_KRB5_REALM); if (!realm) { /* No explicit krb5_realm, use the IPA domain, transform to upper-case */ realm = get_uppercase_realm(opts, domain); if (!realm) { ret = ENOMEM; goto done; } ret = dp_opt_set_string(opts->basic, IPA_KRB5_REALM, realm); if (ret != EOK) { goto done; } } ret = EOK; *_opts = opts; done: if (ret != EOK) { talloc_zfree(opts); } return ret; } static errno_t ipa_parse_search_base(TALLOC_CTX *mem_ctx, struct dp_option *opts, int class, struct sdap_search_base ***_search_bases) { const char *class_name; char *unparsed_base; *_search_bases = NULL; switch (class) { case IPA_HBAC_SEARCH_BASE: class_name = "IPA_HBAC"; break; case IPA_HOST_SEARCH_BASE: class_name = "IPA_HOST"; break; case IPA_SELINUX_SEARCH_BASE: class_name = "IPA_SELINUX"; break; case IPA_SUBDOMAINS_SEARCH_BASE: class_name = "IPA_SUBDOMAINS"; break; case IPA_MASTER_DOMAIN_SEARCH_BASE: class_name = "IPA_MASTER_DOMAIN"; break; case IPA_RANGES_SEARCH_BASE: class_name = "IPA_RANGES"; break; default: DEBUG(SSSDBG_CONF_SETTINGS, ("Unknown search base type: [%d]\n", class)); class_name = "UNKNOWN"; /* Non-fatal */ break; } unparsed_base = dp_opt_get_string(opts, class); if (!unparsed_base || unparsed_base[0] == '\0') return ENOENT; return common_parse_search_base(mem_ctx, unparsed_base, class_name, NULL, _search_bases); } int ipa_get_id_options(struct ipa_options *ipa_opts, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options **_opts) { TALLOC_CTX *tmpctx; char *basedn; char *realm; char *value; int ret; int i; tmpctx = talloc_new(ipa_opts); if (!tmpctx) { return ENOMEM; } ipa_opts->id = talloc_zero(ipa_opts, struct sdap_options); if (!ipa_opts->id) { ret = ENOMEM; goto done; } ret = sdap_domain_add(ipa_opts->id, ipa_opts->id_ctx->sdap_id_ctx->be->domain, NULL); if (ret != EOK) { goto done; } /* get sdap options */ ret = dp_get_options(ipa_opts->id, cdb, conf_path, ipa_def_ldap_opts, SDAP_OPTS_BASIC, &ipa_opts->id->basic); if (ret != EOK) { goto done; } ret = domain_to_basedn(tmpctx, dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM), &basedn); if (ret != EOK) { goto done; } if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)) { /* FIXME: get values by querying IPA */ /* set search base */ value = talloc_asprintf(tmpctx, "cn=accounts,%s", basedn); if (!value) { ret = ENOMEM; goto done; } ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_SEARCH_BASE, value); if (ret != EOK) { goto done; } DEBUG(6, ("Option %s set to %s\n", ipa_opts->id->basic[SDAP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE))); } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_SEARCH_BASE, &ipa_opts->id->sdom->search_bases); if (ret != EOK) goto done; /* set krb realm */ if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM)) { realm = dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM); value = talloc_strdup(tmpctx, realm); if (value == NULL) { DEBUG(1, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_KRB5_REALM, value); if (ret != EOK) { goto done; } DEBUG(6, ("Option %s set to %s\n", ipa_opts->id->basic[SDAP_KRB5_REALM].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM))); } ret = sdap_set_sasl_options(ipa_opts->id, dp_opt_get_string(ipa_opts->basic, IPA_HOSTNAME), dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM), dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_KEYTAB)); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the SASL-related options\n")); goto done; } /* fix schema to IPAv1 for now */ ipa_opts->id->schema_type = SDAP_SCHEMA_IPA_V1; /* set user/group search bases if they are not specified */ if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_USER_SEARCH_BASE)) { ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_USER_SEARCH_BASE, dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)); if (ret != EOK) { goto done; } DEBUG(6, ("Option %s set to %s\n", ipa_opts->id->basic[SDAP_USER_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_USER_SEARCH_BASE))); } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_USER_SEARCH_BASE, &ipa_opts->id->sdom->user_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE)) { ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE, dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)); if (ret != EOK) { goto done; } DEBUG(6, ("Option %s set to %s\n", ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE))); } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE, &ipa_opts->id->sdom->group_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE)) { #if 0 ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE, dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)); if (ret != EOK) { goto done; } #else /* We don't yet have support for the representation * of sudo in IPA. For now, we need to point at the * compat tree */ value = talloc_asprintf(tmpctx, "ou=SUDOers,%s", basedn); if (!value) { ret = ENOMEM; goto done; } ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE, value); if (ret != EOK) { goto done; } #endif DEBUG(6, ("Option %s set to %s\n", ipa_opts->id->basic[SDAP_SUDO_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE))); } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE, &ipa_opts->id->sdom->sudo_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE)) { value = talloc_asprintf(tmpctx, "cn=ng,cn=alt,%s", basedn); if (!value) { ret = ENOMEM; goto done; } ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE, value); if (ret != EOK) { goto done; } DEBUG(6, ("Option %s set to %s\n", ipa_opts->id->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE))); } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE, &ipa_opts->id->sdom->netgroup_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->basic, IPA_HOST_SEARCH_BASE)) { ret = dp_opt_set_string(ipa_opts->basic, IPA_HOST_SEARCH_BASE, dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)); if (ret != EOK) { goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", ipa_opts->basic[IPA_HOST_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->basic, IPA_HOST_SEARCH_BASE))); } ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic, IPA_HOST_SEARCH_BASE, &ipa_opts->host_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->basic, IPA_HBAC_SEARCH_BASE)) { value = talloc_asprintf(tmpctx, "cn=hbac,%s", basedn); if (!value) { ret = ENOMEM; goto done; } ret = dp_opt_set_string(ipa_opts->basic, IPA_HBAC_SEARCH_BASE, value); if (ret != EOK) { goto done; } DEBUG(6, ("Option %s set to %s\n", ipa_opts->basic[IPA_HBAC_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->basic, IPA_HBAC_SEARCH_BASE))); } ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic, IPA_HBAC_SEARCH_BASE, &ipa_opts->hbac_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->basic, IPA_SELINUX_SEARCH_BASE)) { value = talloc_asprintf(tmpctx, "cn=selinux,%s", basedn); if (!value) { ret = ENOMEM; goto done; } ret = dp_opt_set_string(ipa_opts->basic, IPA_SELINUX_SEARCH_BASE, value); if (ret != EOK) { goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", ipa_opts->basic[IPA_SELINUX_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->basic, IPA_SELINUX_SEARCH_BASE))); } ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic, IPA_SELINUX_SEARCH_BASE, &ipa_opts->selinux_search_bases); if (ret != EOK) goto done; value = dp_opt_get_string(ipa_opts->id->basic, SDAP_DEREF); if (value != NULL) { ret = deref_string_to_val(value, &i); if (ret != EOK) { DEBUG(1, ("Failed to verify ldap_deref option.\n")); goto done; } } if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_SERVICE_SEARCH_BASE)) { ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_SERVICE_SEARCH_BASE, dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)); if (ret != EOK) { goto done; } DEBUG(6, ("Option %s set to %s\n", ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE))); } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_SERVICE_SEARCH_BASE, &ipa_opts->id->sdom->service_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->basic, IPA_SUBDOMAINS_SEARCH_BASE)) { value = talloc_asprintf(tmpctx, "cn=trusts,%s", basedn); if (value == NULL) { ret = ENOMEM; goto done; } ret = dp_opt_set_string(ipa_opts->basic, IPA_SUBDOMAINS_SEARCH_BASE, value); if (ret != EOK) { goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", ipa_opts->basic[IPA_SUBDOMAINS_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->basic, IPA_SUBDOMAINS_SEARCH_BASE))); } ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic, IPA_SUBDOMAINS_SEARCH_BASE, &ipa_opts->subdomains_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->basic, IPA_MASTER_DOMAIN_SEARCH_BASE)) { value = talloc_asprintf(tmpctx, "cn=ad,cn=etc,%s", basedn); if (value == NULL) { ret = ENOMEM; goto done; } ret = dp_opt_set_string(ipa_opts->basic, IPA_MASTER_DOMAIN_SEARCH_BASE, value); if (ret != EOK) { goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", ipa_opts->basic[IPA_MASTER_DOMAIN_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->basic, IPA_MASTER_DOMAIN_SEARCH_BASE))); } ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic, IPA_MASTER_DOMAIN_SEARCH_BASE, &ipa_opts->master_domain_search_bases); if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->basic, IPA_RANGES_SEARCH_BASE)) { value = talloc_asprintf(tmpctx, "cn=ranges,cn=etc,%s", basedn); if (value == NULL) { ret = ENOMEM; goto done; } ret = dp_opt_set_string(ipa_opts->basic, IPA_RANGES_SEARCH_BASE, value); if (ret != EOK) { goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", ipa_opts->basic[IPA_RANGES_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->basic, IPA_RANGES_SEARCH_BASE))); } ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic, IPA_RANGES_SEARCH_BASE, &ipa_opts->ranges_search_bases); if (ret != EOK) goto done; ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_attr_map, SDAP_AT_GENERAL, &ipa_opts->id->gen_map); if (ret != EOK) { goto done; } ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_user_map, SDAP_OPTS_USER, &ipa_opts->id->user_map); if (ret != EOK) { goto done; } ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_group_map, SDAP_OPTS_GROUP, &ipa_opts->id->group_map); if (ret != EOK) { goto done; } ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_netgroup_map, IPA_OPTS_NETGROUP, &ipa_opts->id->netgroup_map); if (ret != EOK) { goto done; } ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_host_map, IPA_OPTS_HOST, &ipa_opts->host_map); if (ret != EOK) { goto done; } ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_hostgroup_map, IPA_OPTS_HOSTGROUP, &ipa_opts->hostgroup_map); if (ret != EOK) { goto done; } ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_service_map, SDAP_OPTS_SERVICES, &ipa_opts->id->service_map); if (ret != EOK) { goto done; } ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_selinux_user_map, IPA_OPTS_SELINUX_USERMAP, &ipa_opts->selinuxuser_map); if (ret != EOK) { goto done; } ret = EOK; *_opts = ipa_opts->id; done: talloc_zfree(tmpctx); if (ret != EOK) { talloc_zfree(ipa_opts->id); } return ret; } int ipa_get_auth_options(struct ipa_options *ipa_opts, struct confdb_ctx *cdb, const char *conf_path, struct dp_option **_opts) { char *value; char *copy = NULL; int ret; ipa_opts->auth = talloc_zero(ipa_opts, struct dp_option); if (ipa_opts->auth == NULL) { ret = ENOMEM; goto done; } /* get krb5 options */ ret = dp_get_options(ipa_opts, cdb, conf_path, ipa_def_krb5_opts, KRB5_OPTS, &ipa_opts->auth); if (ret != EOK) { goto done; } /* If there is no KDC, try the deprecated krb5_kdcip option, too */ /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, ipa_opts->auth, KRB5_KDC); if (ret != EOK) { DEBUG(1, ("sss_krb5_try_kdcip failed.\n")); goto done; } /* set krb realm */ if (NULL == dp_opt_get_string(ipa_opts->auth, KRB5_REALM)) { value = dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM); if (!value) { ret = ENOMEM; goto done; } copy = talloc_strdup(ipa_opts->auth, value); if (copy == NULL) { DEBUG(1, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } ret = dp_opt_set_string(ipa_opts->auth, KRB5_REALM, copy); if (ret != EOK) { goto done; } DEBUG(6, ("Option %s set to %s\n", ipa_opts->auth[KRB5_REALM].opt_name, dp_opt_get_string(ipa_opts->auth, KRB5_REALM))); } /* If krb5_fast_principal was not set explicitly, default to * host/$client_hostname@REALM */ value = dp_opt_get_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL); if (value == NULL) { value = talloc_asprintf(ipa_opts->auth, "host/%s@%s", dp_opt_get_string(ipa_opts->basic, IPA_HOSTNAME), dp_opt_get_string(ipa_opts->auth, KRB5_REALM)); if (value == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot set %s!\n", ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name)); ret = ENOMEM; goto done; } ret = dp_opt_set_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL, value); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot set %s!\n", ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name)); goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name, value)); } /* Set flag that controls whether we want to write the * kdcinfo files at all */ ipa_opts->service->krb5_service->write_kdcinfo = \ dp_opt_get_bool(ipa_opts->auth, KRB5_USE_KDCINFO); DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", ipa_opts->auth[KRB5_USE_KDCINFO].opt_name, ipa_opts->service->krb5_service->write_kdcinfo ? "true" : "false")); *_opts = ipa_opts->auth; ret = EOK; done: talloc_free(copy); if (ret != EOK) { talloc_zfree(ipa_opts->auth); } return ret; } static void ipa_resolve_callback(void *private_data, struct fo_server *server) { TALLOC_CTX *tmp_ctx = NULL; struct ipa_service *service; struct resolv_hostent *srvaddr; struct sockaddr_storage *sockaddr; char *address; const char *safe_address; char *new_uri; const char *srv_name; int ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(1, ("talloc_new failed\n")); return; } service = talloc_get_type(private_data, struct ipa_service); if (!service) { DEBUG(1, ("FATAL: Bad private_data\n")); talloc_free(tmp_ctx); return; } srvaddr = fo_get_server_hostent(server); if (!srvaddr) { DEBUG(1, ("FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server))); talloc_free(tmp_ctx); return; } sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT); if (sockaddr == NULL) { DEBUG(1, ("resolv_get_sockaddr_address failed.\n")); talloc_free(tmp_ctx); return; } address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { DEBUG(1, ("resolv_get_string_address failed.\n")); talloc_free(tmp_ctx); return; } srv_name = fo_get_server_name(server); if (srv_name == NULL) { DEBUG(1, ("Could not get server host name\n")); talloc_free(tmp_ctx); return; } new_uri = talloc_asprintf(service, "ldap://%s", srv_name); if (!new_uri) { DEBUG(2, ("Failed to copy URI ...\n")); talloc_free(tmp_ctx); return; } DEBUG(6, ("Constructed uri '%s'\n", new_uri)); /* free old one and replace with new one */ talloc_zfree(service->sdap->uri); service->sdap->uri = new_uri; talloc_zfree(service->sdap->sockaddr); service->sdap->sockaddr = talloc_steal(service, sockaddr); if (service->krb5_service->write_kdcinfo) { safe_address = sss_escape_ip_address(tmp_ctx, srvaddr->family, address); if (safe_address == NULL) { DEBUG(1, ("sss_escape_ip_address failed.\n")); talloc_free(tmp_ctx); return; } ret = write_krb5info_file(service->krb5_service->realm, safe_address, SSS_KRB5KDC_FO_SRV); if (ret != EOK) { DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n")); } } talloc_free(tmp_ctx); } static errno_t _ipa_servers_init(struct be_ctx *ctx, struct ipa_service *service, struct ipa_options *options, const char *servers, bool primary) { TALLOC_CTX *tmp_ctx; char **list = NULL; char *ipa_domain; int ret = 0; int i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } /* split server parm into a list */ ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n")); goto done; } /* now for each one add a new server to the failover service */ for (i = 0; list[i]; i++) { talloc_steal(service, list[i]); if (be_fo_is_srv_identifier(list[i])) { if (!primary) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add server [%s] to failover service: " "SRV resolution only allowed for primary servers!\n", list[i])); continue; } ipa_domain = dp_opt_get_string(options->basic, IPA_DOMAIN); ret = be_fo_add_srv_server(ctx, "IPA", "ldap", ipa_domain, BE_FO_PROTO_TCP, false, NULL); if (ret) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Added service lookup for service IPA\n")); continue; } /* It could be ipv6 address in square brackets. Remove * the brackets if needed. */ ret = remove_ipv6_brackets(list[i]); if (ret != EOK) { goto done; } ret = be_fo_add_server(ctx, "IPA", list[i], 0, NULL, primary); if (ret && ret != EEXIST) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Added Server %s\n", list[i])); } done: talloc_free(tmp_ctx); return ret; } static inline errno_t ipa_primary_servers_init(struct be_ctx *ctx, struct ipa_service *service, struct ipa_options *options, const char *servers) { return _ipa_servers_init(ctx, service, options, servers, true); } static inline errno_t ipa_backup_servers_init(struct be_ctx *ctx, struct ipa_service *service, struct ipa_options *options, const char *servers) { return _ipa_servers_init(ctx, service, options, servers, false); } static int ipa_user_data_cmp(void *ud1, void *ud2) { return strcasecmp((char*) ud1, (char*) ud2); } int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, const char *primary_servers, const char *backup_servers, struct ipa_options *options, struct ipa_service **_service) { TALLOC_CTX *tmp_ctx; struct ipa_service *service; char *realm; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } service = talloc_zero(tmp_ctx, struct ipa_service); if (!service) { ret = ENOMEM; goto done; } service->sdap = talloc_zero(service, struct sdap_service); if (!service->sdap) { ret = ENOMEM; goto done; } service->krb5_service = talloc_zero(service, struct krb5_service); if (!service->krb5_service) { ret = ENOMEM; goto done; } ret = be_fo_add_service(ctx, "IPA", ipa_user_data_cmp); if (ret != EOK) { DEBUG(1, ("Failed to create failover service!\n")); goto done; } service->sdap->name = talloc_strdup(service, "IPA"); if (!service->sdap->name) { ret = ENOMEM; goto done; } service->krb5_service->name = talloc_strdup(service, "IPA"); if (!service->krb5_service->name) { ret = ENOMEM; goto done; } service->sdap->kinit_service_name = service->krb5_service->name; realm = dp_opt_get_string(options->basic, IPA_KRB5_REALM); if (!realm) { DEBUG(1, ("No Kerberos realm set\n")); ret = EINVAL; goto done; } service->krb5_service->realm = talloc_strdup(service->krb5_service, realm); if (!service->krb5_service->realm) { ret = ENOMEM; goto done; } if (!primary_servers) { DEBUG(SSSDBG_CONF_SETTINGS, ("No primary servers defined, using service discovery\n")); primary_servers = BE_SRV_IDENTIFIER; } ret = ipa_primary_servers_init(ctx, service, options, primary_servers); if (ret != EOK) { goto done; } if (backup_servers) { ret = ipa_backup_servers_init(ctx, service, options, backup_servers); if (ret != EOK) { goto done; } } ret = be_fo_service_add_callback(memctx, ctx, "IPA", ipa_resolve_callback, service); if (ret != EOK) { DEBUG(1, ("Failed to add failover callback!\n")); goto done; } ret = EOK; done: if (ret == EOK) { *_service = talloc_steal(memctx, service); } talloc_zfree(tmp_ctx); return ret; } int ipa_get_autofs_options(struct ipa_options *ipa_opts, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options **_opts) { TALLOC_CTX *tmp_ctx; char *basedn; char *autofs_base; errno_t ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = domain_to_basedn(tmp_ctx, dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM), &basedn); if (ret != EOK) { goto done; } if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_AUTOFS_SEARCH_BASE)) { autofs_base = talloc_asprintf(tmp_ctx, "cn=%s,cn=automount,%s", dp_opt_get_string(ipa_opts->basic, IPA_AUTOMOUNT_LOCATION), basedn); if (!autofs_base) { ret = ENOMEM; goto done; } ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_AUTOFS_SEARCH_BASE, autofs_base); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Option %s set to %s\n", ipa_opts->id->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name, dp_opt_get_string(ipa_opts->id->basic, SDAP_AUTOFS_SEARCH_BASE))); } ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, SDAP_AUTOFS_SEARCH_BASE, &ipa_opts->id->sdom->autofs_search_bases); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("Could not parse autofs search base\n")); goto done; } ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_autofs_mobject_map, SDAP_OPTS_AUTOFS_MAP, &ipa_opts->id->autofs_mobject_map); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get autofs map object attribute map\n")); goto done; } ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_autofs_entry_map, SDAP_OPTS_AUTOFS_ENTRY, &ipa_opts->id->autofs_entry_map); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get autofs entry object attribute map\n")); goto done; } *_opts = ipa_opts->id; ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t ipa_get_dyndns_options(struct be_ctx *be_ctx, struct ipa_options *ctx) { errno_t ret; char *val; bool update; int ttl; ret = be_nsupdate_init(ctx, be_ctx, ipa_dyndns_opts, &ctx->dyndns_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize IPA dyndns opts [%d]: %s\n", ret, sss_strerror(ret))); return ret; } if (ctx->basic == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("IPA basic options not (yet) " "initialized, cannot copy legacy options\n")); return EOK; } /* Reuse legacy option values */ ret = confdb_get_string(be_ctx->cdb, ctx, be_ctx->conf_path, "ipa_dyndns_update", NULL, &val); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot get the value of %s\n", "ipa_dyndns_update")); /* Not fatal */ } else if (ret == EOK && val) { if (strcasecmp(val, "FALSE") == 0) { update = false; } else if (strcasecmp(val, "TRUE") == 0) { update = true; } else { DEBUG(SSSDBG_MINOR_FAILURE, ("ipa_dyndns_update value is not a boolean!\n")); talloc_free(val); return EINVAL; } DEBUG(SSSDBG_MINOR_FAILURE, ("Deprecation warning: The option %s is " "deprecated and should not be used in favor of %s\n", "ipa_dyndns_update", "dyndns_update")); ret = dp_opt_set_bool(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_UPDATE, update); talloc_free(val); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set option value\n")); return ret; } } ret = confdb_get_int(be_ctx->cdb, be_ctx->conf_path, "ipa_dyndns_ttl", -1, &ttl); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot get the value of %s\n", "ipa_dyndns_ttl")); /* Not fatal */ } else if (ret == EOK && ttl != -1) { DEBUG(SSSDBG_MINOR_FAILURE, ("Deprecation warning: The option %s is " "deprecated and should not be used in favor of %s\n", "ipa_dyndns_ttl", "dyndns_ttl")); ret = dp_opt_set_int(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_TTL, ttl); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set option value\n")); return ret; } } /* Reuse legacy option values */ ret = confdb_get_string(be_ctx->cdb, ctx, be_ctx->conf_path, "ipa_dyndns_iface", NULL, &val); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot get the value of %s\n", "ipa_dyndns_iface")); /* Not fatal */ } else if (ret == EOK && val) { DEBUG(SSSDBG_MINOR_FAILURE, ("Deprecation warning: The option %s is " "deprecated and should not be used in favor of %s\n", "ipa_dyndns_iface", "dyndns_iface")); ret = dp_opt_set_string(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_IFACE, val); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot set option value\n")); return ret; } } return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_hbac.h0000644000000000000000000000007412320753107021027 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.509875058 sssd-1.11.5/src/providers/ipa/ipa_hbac.h0000664002412700241270000001743512320753107021263 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Backend Module -- Access control Authors: Sumit Bose Stephen Gallagher Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef IPA_HBAC_H_ #define IPA_HBAC_H_ /** * @defgroup ipa_hbac Host-Based Access Control Resolver * Libipa_hbac provides a mechanism to validate FreeIPA * HBAC rules as well as evaluate whether they apply to * a particular user login attempt. * * Libipa_hbac is case-insensitive and compatible with * UTF-8. * @{ */ #include #include #include /** Result of HBAC evaluation */ enum hbac_eval_result { /** An error occurred * See the #hbac_info for more details */ HBAC_EVAL_ERROR = -1, /** Evaluation grants access */ HBAC_EVAL_ALLOW, /** Evaluation denies access */ HBAC_EVAL_DENY, /** Evaluation failed due to lack of memory * #hbac_info is not available */ HBAC_EVAL_OOM }; /** * No service category specified */ #define HBAC_CATEGORY_NULL 0x0000 /** * Rule should apply to all */ #define HBAC_CATEGORY_ALL 0x0001 /** * Opaque type contained in hbac_evaluator.c */ struct hbac_time_rules; /** * Component of an HBAC rule * * Components can be one of users, target hosts, * source hosts, or services. */ struct hbac_rule_element { /** * Category for this element * * This value is a bitmask. * See #HBAC_CATEGORY_NULL and * #HBAC_CATEGORY_ALL */ uint32_t category; /** * List of explicit members of this rule component * * - Users: usernames * - Hosts: hostnames * - Services: PAM service names */ const char **names; /** * List of group members of this rule component * * - Users: user groups (POSIX or non-POSIX) * - Hosts: hostgroups * - Services: PAM service groups. */ const char **groups; }; /** * HBAC rule object for evaluation */ struct hbac_rule { const char *name; bool enabled; /** * Services and service groups * for which this rule applies */ struct hbac_rule_element *services; /** * Users and groups for which this * rule applies */ struct hbac_rule_element *users; /** * Target hosts for which this rule apples */ struct hbac_rule_element *targethosts; /** * Source hosts for which this rule applies */ struct hbac_rule_element *srchosts; /** * For future use */ struct hbac_time_rules *timerules; }; /** * Component of an HBAC request */ struct hbac_request_element { /** * List of explicit members of this request component * * - Users: usernames * - Hosts: hostnames * - Services: PAM service names */ const char *name; /** * List of group members of this request component * * - Users: user groups (POSIX or non-POSIX) * - Hosts: hostgroups * - Services: PAM service groups. */ const char **groups; }; /** * Request object for an HBAC rule evaluation * * */ struct hbac_eval_req { /** This is a list of service DNs to check, * it must consist of the actual service * requested, as well as all parent groups * containing that service. */ struct hbac_request_element *service; /** This is a list of user DNs to check, * it must consist of the actual user * requested, as well as all parent groups * containing that user. */ struct hbac_request_element *user; /** This is a list of target hosts to check, * it must consist of the actual target host * requested, as well as all parent groups * containing that target host. */ struct hbac_request_element *targethost; /** This is a list of source hosts to check, * it must consist of the actual source host * requested, as well as all parent groups * containing that source host. */ struct hbac_request_element *srchost; /** For future use */ time_t request_time; }; /** * Error code returned by the evaluator */ enum hbac_error_code { /** Unexpected error */ HBAC_ERROR_UNKNOWN = -1, /** Successful evaluation */ HBAC_SUCCESS, /** Function is not yet implemented */ HBAC_ERROR_NOT_IMPLEMENTED, /** Ran out of memory during processing */ HBAC_ERROR_OUT_OF_MEMORY, /** Parse error while evaluating rule */ HBAC_ERROR_UNPARSEABLE_RULE }; /** Extended information */ struct hbac_info { /** * If the hbac_eval_result was HBAC_EVAL_ERROR, * this will be an error code. * Otherwise it will be HBAC_SUCCESS */ enum hbac_error_code code; /** * Specify the name of the rule that matched or * threw an error */ char *rule_name; }; /** * @brief Evaluate an authorization request against a set of HBAC rules * * @param[in] rules A NULL-terminated list of rules to evaluate against * @param[in] hbac_req A user authorization request * @param[out] info Extended information (including the name of the * rule that allowed access (or caused a parse error) * @return * - #HBAC_EVAL_ERROR: An error occurred * - #HBAC_EVAL_ALLOW: Access is granted * - #HBAC_EVAL_DENY: Access is denied * - #HBAC_EVAL_OOM: Insufficient memory to complete the evaluation */ enum hbac_eval_result hbac_evaluate(struct hbac_rule **rules, struct hbac_eval_req *hbac_req, struct hbac_info **info); /** * @brief Display result of hbac evaluation in human-readable form * @param[in] result Return value of #hbac_evaluate * @return English string describing the evaluation result */ const char *hbac_result_string(enum hbac_eval_result result); /** * @brief Display error description * @param code Error code returned in #hbac_info * @return English string describing the error */ const char *hbac_error_string(enum hbac_error_code code); /** * @brief Function to safely free #hbac_info returned by #hbac_evaluate * @param info #hbac_info returned by #hbac_evaluate */ void hbac_free_info(struct hbac_info *info); /** User element */ #define HBAC_RULE_ELEMENT_USERS 0x01 /** Service element */ #define HBAC_RULE_ELEMENT_SERVICES 0x02 /** Target host element */ #define HBAC_RULE_ELEMENT_TARGETHOSTS 0x04 /** Source host element */ #define HBAC_RULE_ELEMENT_SOURCEHOSTS 0x08 /** * @brief Evaluate whether an HBAC rule contains all necessary elements * * @param[in] rule An HBAC rule to evaluate * @param[out] missing_attrs A list of attributes missing from the rule * This is a bitmask that may contain one or more * of #HBAC_RULE_ELEMENT_USERS, * #HBAC_RULE_ELEMENT_SERVICES, * #HBAC_RULE_ELEMENT_TARGETHOSTS and * #HBAC_RULE_ELEMENT_SOURCEHOSTS * * @return True if the rule contains all mandatory attributes * * @note This function does not care if the rule is enabled or disabled */ bool hbac_rule_is_complete(struct hbac_rule *rule, uint32_t *missing_attrs); /** * @} */ #endif /* IPA_HBAC_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_common.h0000644000000000000000000000007412320753107021422 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.485875075 sssd-1.11.5/src/providers/ipa/ipa_common.h0000664002412700241270000001450712320753107021653 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Common utility code Copyright (C) Simo Sorce 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _IPA_COMMON_H_ #define _IPA_COMMON_H_ #include "util/util.h" #include "confdb/confdb.h" #include "providers/ldap/ldap_common.h" #include "providers/krb5/krb5_common.h" #include "providers/ad/ad_common.h" #include "providers/ad/ad_srv.h" struct ipa_service { struct sdap_service *sdap; struct krb5_service *krb5_service; }; enum ipa_basic_opt { IPA_DOMAIN = 0, IPA_SERVER, IPA_BACKUP_SERVER, IPA_HOSTNAME, IPA_HBAC_SEARCH_BASE, IPA_HOST_SEARCH_BASE, IPA_SELINUX_SEARCH_BASE, IPA_SUBDOMAINS_SEARCH_BASE, IPA_MASTER_DOMAIN_SEARCH_BASE, IPA_KRB5_REALM, IPA_HBAC_REFRESH, IPA_SELINUX_REFRESH, IPA_HBAC_DENY_METHOD, IPA_HBAC_SUPPORT_SRCHOST, IPA_AUTOMOUNT_LOCATION, IPA_RANGES_SEARCH_BASE, IPA_ENABLE_DNS_SITES, IPA_SERVER_MODE, IPA_OPTS_BASIC /* opts counter */ }; enum ipa_netgroup_attrs { IPA_OC_NETGROUP = 0, IPA_AT_NETGROUP_NAME, IPA_AT_NETGROUP_MEMBER, IPA_AT_NETGROUP_MEMBER_OF, IPA_AT_NETGROUP_MEMBER_USER, IPA_AT_NETGROUP_MEMBER_HOST, IPA_AT_NETGROUP_EXTERNAL_HOST, IPA_AT_NETGROUP_DOMAIN, IPA_AT_NETGROUP_UUID, IPA_OPTS_NETGROUP /* attrs counter */ }; enum ipa_host_attrs { IPA_OC_HOST = 0, IPA_AT_HOST_NAME, IPA_AT_HOST_FQDN, IPA_AT_HOST_SERVERHOSTNAME, IPA_AT_HOST_MEMBER_OF, IPA_AT_HOST_SSH_PUBLIC_KEY, IPA_AT_HOST_UUID, IPA_OPTS_HOST /* attrs counter */ }; enum ipa_hostgroup_attrs { IPA_OC_HOSTGROUP = 0, IPA_AT_HOSTGROUP_NAME, IPA_AT_HOSTGROUP_MEMBER_OF, IPA_AT_HOSTGROUP_UUID, IPA_OPTS_HOSTGROUP /* attrs counter */ }; enum ipa_selinux_usermap_attrs { IPA_OC_SELINUX_USERMAP = 0, IPA_AT_SELINUX_USERMAP_NAME, IPA_AT_SELINUX_USERMAP_MEMBER_USER, IPA_AT_SELINUX_USERMAP_MEMBER_HOST, IPA_AT_SELINUX_USERMAP_SEE_ALSO, IPA_AT_SELINUX_USERMAP_SELINUX_USER, IPA_AT_SELINUX_USERMAP_ENABLED, IPA_AT_SELINUX_USERMAP_USERCAT, IPA_AT_SELINUX_USERMAP_HOSTCAT, IPA_AT_SELINUX_USERMAP_UUID, IPA_OPTS_SELINUX_USERMAP /* attrs counter */ }; struct ipa_auth_ctx { struct krb5_ctx *krb5_auth_ctx; struct sdap_id_ctx *sdap_id_ctx; struct sdap_auth_ctx *sdap_auth_ctx; struct dp_option *ipa_options; }; /* In server mode, each subdomain corresponds to an AD context */ struct ipa_id_ctx { struct sdap_id_ctx *sdap_id_ctx; struct ipa_options *ipa_options; /* Only used with server mode */ struct ipa_server_mode_ctx *server_mode; }; struct ipa_options { struct dp_option *basic; struct sdap_attr_map *host_map; struct sdap_attr_map *hostgroup_map; struct sdap_attr_map *selinuxuser_map; struct sdap_search_base **host_search_bases; struct sdap_search_base **hbac_search_bases; struct sdap_search_base **selinux_search_bases; struct sdap_search_base **subdomains_search_bases; struct sdap_search_base **master_domain_search_bases; struct sdap_search_base **ranges_search_bases; struct ipa_service *service; /* id provider */ struct sdap_options *id; struct ipa_id_ctx *id_ctx; struct be_resolv_ctx *be_res; struct be_nsupdate_ctx *dyndns_ctx; /* auth and chpass provider */ struct dp_option *auth; struct ipa_auth_ctx *auth_ctx; }; #define IPA_RANGE_LOCAL "ipa-local" #define IPA_RANGE_AD_TRUST "ipa-ad-trust" #define IPA_RANGE_AD_TRUST_POSIX "ipa-ad-trust-posix" /* options parsers */ int ipa_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct sss_domain_info *dom, struct ipa_options **_opts); int ipa_get_id_options(struct ipa_options *ipa_opts, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options **_opts); int ipa_get_auth_options(struct ipa_options *ipa_opts, struct confdb_ctx *cdb, const char *conf_path, struct dp_option **_opts); int ipa_get_autofs_options(struct ipa_options *ipa_opts, struct confdb_ctx *cdb, const char *conf_path, struct sdap_options **_opts); errno_t ipa_get_dyndns_options(struct be_ctx *be_ctx, struct ipa_options *ctx); int ipa_autofs_init(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data); int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, const char *primary_servers, const char *backup_servers, struct ipa_options *options, struct ipa_service **_service); int ipa_sudo_init(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data); errno_t get_idmap_data_from_range(struct range_info *r, char *domain_name, char **_name, char **_sid, uint32_t *_rid, struct sss_idmap_range *_range, bool *_external_mapping); errno_t ipa_idmap_get_ranges_from_sysdb(struct sdap_idmap_ctx *idmap_ctx, const char *dom_name, const char *dom_sid_str, bool allow_collisions); errno_t ipa_idmap_init(TALLOC_CTX *mem_ctx, struct sdap_id_ctx *id_ctx, struct sdap_idmap_ctx **_idmap_ctx); #endif /* _IPA_COMMON_H_ */ sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_sudo.c0000644000000000000000000000007412320753107021077 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.598874992 sssd-1.11.5/src/providers/ipa/ipa_sudo.c0000664002412700241270000000331112320753107021317 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Provider Initialization functions Authors: Lukas Slebodnik Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/ipa/ipa_common.h" #include "providers/ldap/sdap_sudo.h" int ipa_sudo_init(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data) { int ret; struct ipa_options *ipa_options; struct sdap_options *ldap_options; DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing sudo IPA back end\n")); /* * SDAP_SUDO_SEARCH_BASE has already been initialized in * function ipa_get_id_options */ ret = sdap_sudo_init(be_ctx, id_ctx->sdap_id_ctx, ops, pvt_data); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize LDAP SUDO [%d]: %s\n", ret, strerror(ret))); return ret; } ipa_options = id_ctx->ipa_options; ldap_options = id_ctx->sdap_id_ctx->opts; ipa_options->id->sudorule_map = ldap_options->sudorule_map; return EOK; } sssd-1.11.5/src/providers/ipa/PaxHeaders.13173/ipa_s2n_exop.c0000644000000000000000000000007412320753107021662 xustar000000000000000030 atime=1396954939.265891431 30 ctime=1396954961.586875001 sssd-1.11.5/src/providers/ipa/ipa_s2n_exop.c0000664002412700241270000006664112320753107022121 0ustar00jhrozekjhrozek00000000000000/* SSSD IPA Helper routines - external users and groups with s2n plugin Copyright (C) Sumit Bose - 2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "util/sss_nss.h" #include "db/sysdb.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/ldap_common.h" #include "providers/ipa/ipa_subdomains.h" enum input_types { INP_SID = 1, INP_NAME, INP_POSIX_UID, INP_POSIX_GID }; enum request_types { REQ_SIMPLE = 1, REQ_FULL }; enum response_types { RESP_SID = 1, RESP_NAME, RESP_USER, RESP_GROUP }; /* ==Sid2Name Extended Operation============================================= */ #define EXOP_SID2NAME_OID "2.16.840.1.113730.3.8.10.4" struct ipa_s2n_exop_state { struct sdap_handle *sh; struct sdap_op *op; char *retoid; struct berval *retdata; }; static void ipa_s2n_exop_done(struct sdap_op *op, struct sdap_msg *reply, int error, void *pvt); static struct tevent_req *ipa_s2n_exop_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_handle *sh, struct berval *bv) { struct tevent_req *req = NULL; struct ipa_s2n_exop_state *state; int ret; int msgid; req = tevent_req_create(mem_ctx, &state, struct ipa_s2n_exop_state); if (!req) return NULL; state->sh = sh; state->retoid = NULL; state->retdata = NULL; DEBUG(SSSDBG_TRACE_FUNC, ("Executing extended operation\n")); ret = ldap_extended_operation(state->sh->ldap, EXOP_SID2NAME_OID, bv, NULL, NULL, &msgid); if (ret == -1 || msgid == -1) { DEBUG(SSSDBG_CRIT_FAILURE, ("ldap_extended_operation failed\n")); ret = ERR_NETWORK_IO; goto fail; } DEBUG(SSSDBG_TRACE_INTERNAL, ("ldap_extended_operation sent, msgid = %d\n", msgid)); /* FIXME: get timeouts from configuration, for now 10 secs. */ ret = sdap_op_add(state, ev, state->sh, msgid, ipa_s2n_exop_done, req, 10, &state->op); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to set up operation!\n")); ret = ERR_INTERNAL; goto fail; } return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void ipa_s2n_exop_done(struct sdap_op *op, struct sdap_msg *reply, int error, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct ipa_s2n_exop_state *state = tevent_req_data(req, struct ipa_s2n_exop_state); int ret; char *errmsg = NULL; char *retoid = NULL; struct berval *retdata = NULL; int result; if (error) { tevent_req_error(req, error); return; } ret = ldap_parse_result(state->sh->ldap, reply->msg, &result, &errmsg, NULL, NULL, NULL, 0); if (ret != LDAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("ldap_parse_result failed (%d)\n", state->op->msgid)); ret = ERR_NETWORK_IO; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("ldap_extended_operation result: %s(%d), %s\n", sss_ldap_err2string(result), result, errmsg)); if (result != LDAP_SUCCESS) { ret = ERR_NETWORK_IO; goto done; } ret = ldap_parse_extended_result(state->sh->ldap, reply->msg, &retoid, &retdata, 0); if (ret != LDAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("ldap_parse_extendend_result failed (%d)\n", ret)); ret = ERR_NETWORK_IO; goto done; } state->retoid = talloc_strdup(state, retoid); if (state->retoid == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } state->retdata = talloc(state, struct berval); if (state->retdata == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc failed.\n")); ret = ENOMEM; goto done; } state->retdata->bv_len = retdata->bv_len; state->retdata->bv_val = talloc_memdup(state->retdata, retdata->bv_val, retdata->bv_len); if (state->retdata->bv_val == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_memdup failed.\n")); ret = ENOMEM; goto done; } ret = EOK; done: ldap_memfree(errmsg); ldap_memfree(retoid); ber_bvfree(retdata); if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } static int ipa_s2n_exop_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **retoid, struct berval **retdata) { struct ipa_s2n_exop_state *state = tevent_req_data(req, struct ipa_s2n_exop_state); TEVENT_REQ_RETURN_ON_ERROR(req); *retoid = talloc_steal(mem_ctx, state->retoid); *retdata = talloc_steal(mem_ctx, state->retdata); return EOK; } static errno_t talloc_ber_flatten(TALLOC_CTX *mem_ctx, BerElement *ber, struct berval **_bv) { int ret; struct berval *bv = NULL; struct berval *tbv = NULL; ret = ber_flatten(ber, &bv); if (ret == -1) { ret = EFAULT; goto done; } tbv = talloc_zero(mem_ctx, struct berval); if (tbv == NULL) { ret = ENOMEM; goto done; } tbv->bv_len = bv->bv_len; tbv->bv_val = talloc_memdup(tbv, bv->bv_val, bv->bv_len); if (tbv->bv_val == NULL) { ret = ENOMEM; goto done; } ret = EOK; done: ber_bvfree(bv); if (ret == EOK) { *_bv = tbv; } else { talloc_free(tbv); } return ret; } /* The extended operation expect the following ASN.1 encoded request data: * * ExtdomRequestValue ::= SEQUENCE { * inputType ENUMERATED { * sid (1), * name (2), * posix uid (3), * posix gid (3) * }, * requestType ENUMERATED { * simple (1), * full (2) * }, * data InputData * } * * InputData ::= CHOICE { * sid OCTET STRING, * name NameDomainData * uid PosixUid, * gid PosixGid * } * * NameDomainData ::= SEQUENCE { * domain_name OCTET STRING, * object_name OCTET STRING * } * * PosixUid ::= SEQUENCE { * domain_name OCTET STRING, * uid INTEGER * } * * PosixGid ::= SEQUENCE { * domain_name OCTET STRING, * gid INTEGER * } * */ static errno_t s2n_encode_request(TALLOC_CTX *mem_ctx, const char *domain_name, int entry_type, enum request_types request_type, struct req_input *req_input, struct berval **_bv) { BerElement *ber = NULL; int ret; ber = ber_alloc_t( LBER_USE_DER ); if (ber == NULL) { return ENOMEM; } switch (entry_type) { case BE_REQ_USER: case BE_REQ_USER_AND_GROUP: /* the extdom exop does not care if the ID belongs to a user or a group */ if (req_input->type == REQ_INP_NAME) { ret = ber_printf(ber, "{ee{ss}}", INP_NAME, request_type, domain_name, req_input->inp.name); } else if (req_input->type == REQ_INP_ID) { ret = ber_printf(ber, "{ee{si}}", INP_POSIX_UID, request_type, domain_name, req_input->inp.id); } else { DEBUG(SSSDBG_OP_FAILURE, ("Unexpected input type [%d].\n", req_input->type == REQ_INP_ID)); ret = EINVAL; goto done; } break; case BE_REQ_GROUP: if (req_input->type == REQ_INP_NAME) { ret = ber_printf(ber, "{ee{ss}}", INP_NAME, request_type, domain_name, req_input->inp.name); } else if (req_input->type == REQ_INP_ID) { ret = ber_printf(ber, "{ee{si}}", INP_POSIX_GID, request_type, domain_name, req_input->inp.id); } else { DEBUG(SSSDBG_OP_FAILURE, ("Unexpected input type [%d].\n", req_input->type == REQ_INP_ID)); ret = EINVAL; goto done; } break; case BE_REQ_BY_SECID: if (req_input->type == REQ_INP_SECID) { ret = ber_printf(ber, "{ees}", INP_SID, request_type, req_input->inp.secid); } else { DEBUG(SSSDBG_OP_FAILURE, ("Unexpected input type [%d].\n", req_input->type == REQ_INP_ID)); ret = EINVAL; goto done; } break; default: ret = EINVAL; goto done; } if (ret == -1) { ret = EFAULT; goto done; } ret = talloc_ber_flatten(mem_ctx, ber, _bv); if (ret == -1) { ret = EFAULT; goto done; } ret = EOK; done: ber_free(ber, 1); return ret; } /* If the extendend operation is successful it returns the following ASN.1 * encoded response: * * ExtdomResponseValue ::= SEQUENCE { * responseType ENUMERATED { * sid (1), * name (2), * posix_user (3), * posix_group (4) * }, * data OutputData * } * * OutputData ::= CHOICE { * sid OCTET STRING, * name NameDomainData, * user PosixUser, * group PosixGroup * } * * NameDomainData ::= SEQUENCE { * domain_name OCTET STRING, * object_name OCTET STRING * } * * PosixUser ::= SEQUENCE { * domain_name OCTET STRING, * user_name OCTET STRING, * uid INTEGER * gid INTEGER * } * * PosixGroup ::= SEQUENCE { * domain_name OCTET STRING, * group_name OCTET STRING, * gid INTEGER * } * */ struct resp_attrs { enum response_types response_type; char *domain_name; union { struct passwd user; struct group group; char *sid_str; char *name; } a; }; static errno_t s2n_response_to_attrs(TALLOC_CTX *mem_ctx, char *retoid, struct berval *retdata, struct resp_attrs **resp_attrs) { BerElement *ber = NULL; ber_tag_t tag; int ret; enum response_types type; char *domain_name = NULL; char *name = NULL; uid_t uid; gid_t gid; struct resp_attrs *attrs = NULL; char *sid_str; if (retoid == NULL || retdata == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing OID or data.\n")); return EINVAL; } if (strcmp(retoid, EXOP_SID2NAME_OID) != 0) { DEBUG(SSSDBG_OP_FAILURE, ("Result has wrong OID, expected [%s], got [%s].\n", EXOP_SID2NAME_OID, retoid)); return EINVAL; } ber = ber_init(retdata); if (ber == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ber_init failed.\n")); return EINVAL; } tag = ber_scanf(ber, "{e", &type); if (tag == LBER_ERROR) { DEBUG(SSSDBG_OP_FAILURE, ("ber_scanf failed.\n")); ret = EINVAL; goto done; } attrs = talloc_zero(mem_ctx, struct resp_attrs); if (attrs == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero failed.\n")); ret = ENOMEM; goto done; } switch (type) { case RESP_USER: tag = ber_scanf(ber, "{aaii}}", &domain_name, &name, &uid, &gid); if (tag == LBER_ERROR) { DEBUG(SSSDBG_OP_FAILURE, ("ber_scanf failed.\n")); ret = EINVAL; goto done; } /* Winbind is not consistent with the case of the returned user * name. In general all names should be lower case but there are * bug in some version of winbind which might lead to upper case * letters in the name. To be on the safe side we explicitly * lowercase the name. */ attrs->a.user.pw_name = sss_tc_utf8_str_tolower(attrs, name); if (attrs->a.user.pw_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } attrs->a.user.pw_uid = uid; attrs->a.user.pw_gid = gid; break; case RESP_GROUP: tag = ber_scanf(ber, "{aai}}", &domain_name, &name, &gid); if (tag == LBER_ERROR) { DEBUG(SSSDBG_OP_FAILURE, ("ber_scanf failed.\n")); ret = EINVAL; goto done; } /* Winbind is not consistent with the case of the returned user * name. In general all names should be lower case but there are * bug in some version of winbind which might lead to upper case * letters in the name. To be on the safe side we explicitly * lowercase the name. */ attrs->a.group.gr_name = sss_tc_utf8_str_tolower(attrs, name); if (attrs->a.group.gr_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } attrs->a.group.gr_gid = gid; break; case RESP_SID: tag = ber_scanf(ber, "a}", &sid_str); if (tag == LBER_ERROR) { DEBUG(SSSDBG_OP_FAILURE, ("ber_scanf failed.\n")); ret = EINVAL; goto done; } attrs->a.sid_str = talloc_strdup(attrs, sid_str); if (attrs->a.sid_str == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } break; case RESP_NAME: tag = ber_scanf(ber, "{aa}", &domain_name, &name); if (tag == LBER_ERROR) { DEBUG(SSSDBG_OP_FAILURE, ("ber_scanf failed.\n")); ret = EINVAL; goto done; } attrs->a.name = sss_tc_utf8_str_tolower(attrs, name); if (attrs->a.name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sss_tc_utf8_str_tolower failed.\n")); ret = ENOMEM; goto done; } break; default: DEBUG(SSSDBG_OP_FAILURE, ("Unexpected response type [%d].\n", type)); ret = EINVAL; goto done; } attrs->response_type = type; if (type != RESP_SID) { attrs->domain_name = talloc_strdup(attrs, domain_name); if (attrs->domain_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } } ret = EOK; done: ber_memfree(domain_name); ber_memfree(name); ber_free(ber, 1); if (ret == EOK) { *resp_attrs = attrs; } else { talloc_free(attrs); } return ret; } struct ipa_s2n_get_user_state { struct tevent_context *ev; struct sdap_options *opts; struct sss_domain_info *dom; struct sdap_handle *sh; struct req_input *req_input; int entry_type; enum request_types request_type; struct resp_attrs *attrs; }; static void ipa_s2n_get_user_done(struct tevent_req *subreq); struct tevent_req *ipa_s2n_get_acct_info_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_options *opts, struct sss_domain_info *dom, struct sdap_handle *sh, int entry_type, struct req_input *req_input) { struct ipa_s2n_get_user_state *state; struct tevent_req *req; struct tevent_req *subreq; struct berval *bv_req = NULL; int ret = EFAULT; req = tevent_req_create(mem_ctx, &state, struct ipa_s2n_get_user_state); if (req == NULL) { return NULL; } state->ev = ev; state->opts = opts; state->dom = dom; state->sh = sh; state->req_input = req_input; state->entry_type = entry_type; state->request_type = REQ_FULL; ret = s2n_encode_request(state, dom->name, entry_type, state->request_type, req_input, &bv_req); if (ret != EOK) { goto fail; } subreq = ipa_s2n_exop_send(state, state->ev, state->sh, bv_req); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ipa_s2n_exop_send failed.\n")); ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, ipa_s2n_get_user_done, req); return req; fail: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void ipa_s2n_get_user_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct ipa_s2n_get_user_state *state = tevent_req_data(req, struct ipa_s2n_get_user_state); int ret; char *retoid = NULL; struct berval *retdata = NULL; struct resp_attrs *attrs = NULL; struct resp_attrs *simple_attrs = NULL; time_t now; uint64_t timeout = 10*60*60; /* FIXME: find a better timeout ! */ const char *homedir = NULL; struct sysdb_attrs *user_attrs = NULL; struct sysdb_attrs *group_attrs = NULL; char *name; char *realm; char *upn; struct berval *bv_req = NULL; gid_t gid; ret = ipa_s2n_exop_recv(subreq, state, &retoid, &retdata); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("s2n exop request failed.\n")); goto done; } switch (state->request_type) { case REQ_FULL: ret = s2n_response_to_attrs(state, retoid, retdata, &attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("s2n_response_to_attrs failed.\n")); goto done; } if (!(strcasecmp(state->dom->name, attrs->domain_name) == 0 || (state->dom->flat_name != NULL && strcasecmp(state->dom->flat_name, attrs->domain_name) == 0))) { DEBUG(SSSDBG_OP_FAILURE, ("Unexpected domain name returned, " "expected [%s] or [%s], got [%s].\n", state->dom->name, state->dom->flat_name == NULL ? "" : state->dom->flat_name, attrs->domain_name)); ret = EINVAL; goto done; } state->attrs = attrs; if (state->req_input->type == REQ_INP_SECID) { /* We already know the SID, we do not have to read it. */ break; } state->request_type = REQ_SIMPLE; ret = s2n_encode_request(state, state->dom->name, state->entry_type, state->request_type, state->req_input, &bv_req); if (ret != EOK) { goto done; } subreq = ipa_s2n_exop_send(state, state->ev, state->sh, bv_req); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ipa_s2n_exop_send failed.\n")); ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, ipa_s2n_get_user_done, req); return; case REQ_SIMPLE: ret = s2n_response_to_attrs(state, retoid, retdata, &simple_attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("s2n_response_to_attrs failed.\n")); goto done; } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unexpected request type.\n")); ret = EINVAL; goto done; } if (state->attrs == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Missing data of full request.\n")); ret = EINVAL; goto done; } else { attrs = state->attrs; } now = time(NULL); switch (attrs->response_type) { case RESP_USER: if (state->dom->subdomain_homedir) { homedir = expand_homedir_template(state, state->dom->subdomain_homedir, attrs->a.user.pw_name, attrs->a.user.pw_uid, NULL, state->dom->name, state->dom->flat_name); if (homedir == NULL) { ret = ENOMEM; goto done; } } user_attrs = sysdb_new_attrs(state); if (user_attrs == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n")); ret = ENOMEM; goto done; } /* we always use the fully qualified name for subdomain users */ name = sss_tc_fqname(state, state->dom->names, state->dom, attrs->a.user.pw_name); if (!name) { DEBUG(SSSDBG_OP_FAILURE, ("failed to format user name.\n")); ret = ENOMEM; goto done; } ret = sysdb_attrs_add_lc_name_alias(user_attrs, name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_lc_name_alias failed.\n")); goto done; } /* We also have to store a fake UPN here, because otherwise the * krb5 child later won't be able to properly construct one as * the username is fully qualified but the child doesn't have * access to the regex to deconstruct it */ /* FIXME: The real UPN is available from the PAC, we should get * it from there. */ realm = get_uppercase_realm(state, state->dom->name); if (!realm) { DEBUG(SSSDBG_OP_FAILURE, ("failed to get realm.\n")); ret = ENOMEM; goto done; } upn = talloc_asprintf(state, "%s@%s", attrs->a.user.pw_name, realm); if (!upn) { DEBUG(SSSDBG_OP_FAILURE, ("failed to format UPN.\n")); ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, upn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); goto done; } if (state->req_input->type == REQ_INP_SECID) { ret = sysdb_attrs_add_string(user_attrs, SYSDB_SID_STR, state->req_input->inp.secid); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); goto done; } } if (simple_attrs != NULL && simple_attrs->response_type == RESP_SID) { ret = sysdb_attrs_add_string(user_attrs, SYSDB_SID_STR, simple_attrs->a.sid_str); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); goto done; } } gid = 0; if (state->dom->mpg == false) { gid = attrs->a.user.pw_gid; } ret = sysdb_store_user(state->dom->sysdb, state->dom, name, NULL, attrs->a.user.pw_uid, gid, NULL, /* gecos */ homedir, NULL, NULL, user_attrs, NULL, timeout, now); break; case RESP_GROUP: /* we always use the fully qualified name for subdomain users */ name = sss_tc_fqname(state, state->dom->names, state->dom, attrs->a.group.gr_name); if (!name) { DEBUG(SSSDBG_OP_FAILURE, ("failed to format user name,\n")); ret = ENOMEM; goto done; } group_attrs = sysdb_new_attrs(state); if (group_attrs == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n")); ret = ENOMEM; goto done; } ret = sysdb_attrs_add_lc_name_alias(group_attrs, name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_lc_name_alias failed.\n")); goto done; } if (state->req_input->type == REQ_INP_SECID) { ret = sysdb_attrs_add_string(group_attrs, SYSDB_SID_STR, state->req_input->inp.secid); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); goto done; } } if (simple_attrs != NULL && simple_attrs->response_type == RESP_SID) { ret = sysdb_attrs_add_string(group_attrs, SYSDB_SID_STR, simple_attrs->a.sid_str); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); goto done; } } ret = sysdb_store_group(state->dom->sysdb, state->dom, name, attrs->a.group.gr_gid, group_attrs, timeout, now); break; default: DEBUG(SSSDBG_OP_FAILURE, ("Unexpected response type [%d].\n", attrs->response_type)); ret = EINVAL; goto done; } done: talloc_free(user_attrs); talloc_free(group_attrs); if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } return; } int ipa_s2n_get_acct_info_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } sssd-1.11.5/src/providers/PaxHeaders.13173/dp_sbus.c0000644000000000000000000000007412320753107020162 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.667874941 sssd-1.11.5/src/providers/dp_sbus.c0000664002412700241270000000252712320753107020412 0ustar00jhrozekjhrozek00000000000000/* SSSD Data Provider Helpers Copyright (C) Stephen Gallagher 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include "talloc.h" #include "tevent.h" #include "confdb/confdb.h" #include "sbus/sssd_dbus.h" #include "providers/data_provider.h" int dp_get_sbus_address(TALLOC_CTX *mem_ctx, char **address, const char *domain_name) { char *default_address; *address = NULL; default_address = talloc_asprintf(mem_ctx, "unix:path=%s/%s_%s", PIPE_PATH, DATA_PROVIDER_PIPE, domain_name); if (default_address == NULL) { return ENOMEM; } *address = default_address; return EOK; } sssd-1.11.5/src/providers/PaxHeaders.13173/fail_over.h0000644000000000000000000000007412320753107020476 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.466875089 sssd-1.11.5/src/providers/fail_over.h0000664002412700241270000001576512320753107020736 0ustar00jhrozekjhrozek00000000000000/* SSSD Fail over helper functions. Authors: Martin Nagy Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __FAIL_OVER_H__ #define __FAIL_OVER_H__ #include #include #include "resolv/async_resolv.h" #include "providers/fail_over_srv.h" #define FO_PROTO_TCP "tcp" #define FO_PROTO_UDP "udp" /* Some forward declarations that don't have to do anything with fail over. */ struct hostent; struct tevent_context; struct tevent_req; enum port_status { PORT_NEUTRAL, /* We didn't try this port yet. */ PORT_WORKING, /* This port was reported to work. */ PORT_NOT_WORKING /* This port was reported to not work. */ }; enum server_status { SERVER_NAME_NOT_RESOLVED, /* We didn't yet resolved the host name. */ SERVER_RESOLVING_NAME, /* Name resolving is in progress. */ SERVER_NAME_RESOLVED, /* We resolved the host name but didn't try to connect. */ SERVER_WORKING, /* We successfully connected to the server. */ SERVER_NOT_WORKING /* We tried and failed to connect to the server. */ }; struct fo_ctx; struct fo_service; struct fo_server; /* * Failover settings. * * The 'retry_timeout' member specifies the * duration in seconds of how long a server or port will be considered * non-working after being marked as such. * * The 'service_resolv_timeout' member specifies how long we wait for * service resolution. When this timeout is reached, the resolve request * is cancelled with an error * * The 'srv_retry_timeout' member specifies how long a SRV lookup * is considered valid until we ask the server again. * * The family_order member specifies the order of address families to * try when looking up the service. */ struct fo_options { time_t srv_retry_timeout; time_t retry_timeout; int service_resolv_timeout; enum restrict_family family_order; }; /* * Create a new fail over context based on options passed in the * opts parameter */ struct fo_ctx *fo_context_init(TALLOC_CTX *mem_ctx, struct fo_options *opts); typedef int (*datacmp_fn)(void*, void*); /* * Create a new service structure for 'ctx', saving it to the location pointed * to by '_service'. The needed memory will be allocated from 'ctx'. * Service name will be set to 'name'. * * Function pointed by user_data_cmp returns 0 if user_data is equal * or nonzero value if not. Set to NULL if no user data comparison * is needed in fail over duplicate servers detection. */ int fo_new_service(struct fo_ctx *ctx, const char *name, datacmp_fn user_data_cmp, struct fo_service **_service); /* * Look up service named 'name' from the 'ctx' service list. Target of * '_service' will be set to the service if it was found. */ int fo_get_service(struct fo_ctx *ctx, const char *name, struct fo_service **_service); /* * Get number of servers registered for the 'service'. */ int fo_get_server_count(struct fo_service *service); /* * Adds a server 'name' to the 'service'. Port 'port' will be used for * connection. If 'name' is NULL, no server resolution will be done. */ int fo_add_server(struct fo_service *service, const char *name, int port, void *user_data, bool primary); int fo_add_srv_server(struct fo_service *service, const char *srv, const char *discovery_domain, const char *sssd_domain, const char *proto, void *user_data); /* * Request the first server from the service's list of servers. It is only * considered if it is not marked as not working (or the retry interval already * passed). If the server address wasn't resolved yet, it will be done. */ struct tevent_req *fo_resolve_service_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv, struct fo_ctx *ctx, struct fo_service *service); int fo_resolve_service_recv(struct tevent_req *req, struct fo_server **server); /* * Set feedback about 'server'. Caller should use this to indicate a problem * with the server itself, not only with the service on that server. This * should be used, for example, when the IP address of the server can't be * reached. This setting can affect other services as well, since they can * share the same server. */ void fo_set_server_status(struct fo_server *server, enum server_status status); /* * Set feedback about the port status. This function should be used when * the server itself is working but the service is not. When status is set * to PORT_WORKING, 'server' is also marked as an "active server" for its * service. When the next fo_resolve_service_send() function is called, this * server will be preferred. This will hold as long as it is not marked as * not-working. */ void fo_set_port_status(struct fo_server *server, enum port_status status); /* * Instruct fail-over to try next server on the next connect attempt. * Should be used after connection to service was unexpectedly dropped * but there is no authoritative information on whether active server is down. */ void fo_try_next_server(struct fo_service *service); void *fo_get_server_user_data(struct fo_server *server); int fo_get_server_port(struct fo_server *server); const char *fo_get_server_name(struct fo_server *server); const char *fo_get_server_str_name(struct fo_server *server); struct resolv_hostent *fo_get_server_hostent(struct fo_server *server); bool fo_is_server_primary(struct fo_server *server); time_t fo_get_server_hostname_last_change(struct fo_server *server); int fo_is_srv_lookup(struct fo_server *s); time_t fo_get_service_retry_timeout(struct fo_service *svc); void fo_reset_services(struct fo_ctx *fo_ctx); bool fo_svc_has_server(struct fo_service *service, struct fo_server *server); /* * pvt will be talloc_stealed to ctx */ bool fo_set_srv_lookup_plugin(struct fo_ctx *ctx, fo_srv_lookup_plugin_send_t send_fn, fo_srv_lookup_plugin_recv_t recv_fn, void *pvt); #endif /* !__FAIL_OVER_H__ */ sssd-1.11.5/src/providers/PaxHeaders.13173/simple0000644000000000000000000000013212320753521017566 xustar000000000000000030 mtime=1396954961.648874955 30 atime=1396955003.534843847 30 ctime=1396954961.648874955 sssd-1.11.5/src/providers/simple/0000775002412700241270000000000012320753521020072 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/providers/simple/PaxHeaders.13173/simple_access.h0000644000000000000000000000007412320753107022633 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.468875088 sssd-1.11.5/src/providers/simple/simple_access.h0000664002412700241270000000266712320753107023070 0ustar00jhrozekjhrozek00000000000000/* SSSD Simple access control Copyright (C) Sumit Bose 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SIMPLE_ACCESS_H__ #define __SIMPLE_ACCESS_H__ #include "util/util.h" struct simple_ctx { struct sss_domain_info *domain; struct be_ctx *be_ctx; char **allow_users; char **deny_users; char **allow_groups; char **deny_groups; time_t last_refresh_of_filter_lists; }; struct tevent_req *simple_access_check_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct simple_ctx *ctx, const char *username); errno_t simple_access_check_recv(struct tevent_req *req, bool *access_granted); #endif /* __SIMPLE_ACCESS_H__ */ sssd-1.11.5/src/providers/simple/PaxHeaders.13173/simple_access_check.c0000644000000000000000000000007412320753107023763 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.647874956 sssd-1.11.5/src/providers/simple/simple_access_check.c0000664002412700241270000006153012320753107024212 0ustar00jhrozekjhrozek00000000000000/* SSSD Simple access control Copyright (C) Sumit Bose 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/dp_backend.h" #include "providers/simple/simple_access.h" #include "util/sss_utf8.h" #include "db/sysdb.h" static bool is_posix(const struct ldb_message *group) { const char *val; val = ldb_msg_find_attr_as_string(group, SYSDB_POSIX, NULL); if (!val || /* Groups are posix by default */ strcasecmp(val, "TRUE") == 0) { return true; } return false; } /* Returns EOK if the result is definitive, EAGAIN if only partial result */ static errno_t simple_check_users(struct simple_ctx *ctx, const char *username, bool *access_granted) { struct sss_domain_info *domain = NULL; int i; /* First, check whether the user is in the allowed users list */ if (ctx->allow_users != NULL) { for(i = 0; ctx->allow_users[i] != NULL; i++) { domain = find_subdomain_by_object_name(ctx->domain, ctx->allow_users[i]); if (domain == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid user %s!\n", ctx->allow_users[i])); return EINVAL; } if (sss_string_equal(domain->case_sensitive, username, ctx->allow_users[i])) { DEBUG(SSSDBG_TRACE_LIBS, ("User [%s] found in allow list, access granted.\n", username)); /* Do not return immediately on explicit allow * We need to make sure none of the user's groups * are denied. */ *access_granted = true; } } } else if (!ctx->allow_groups) { /* If neither allow rule is in place, we'll assume allowed * unless a deny rule disables us below. */ DEBUG(SSSDBG_TRACE_LIBS, ("No allow rule, assumuing allow unless explicitly denied\n")); *access_granted = true; } /* Next check whether this user has been specifically denied */ if (ctx->deny_users != NULL) { for(i = 0; ctx->deny_users[i] != NULL; i++) { domain = find_subdomain_by_object_name(ctx->domain, ctx->deny_users[i]); if (domain == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid user %s!\n", ctx->deny_users[i])); return EINVAL; } if (sss_string_equal(domain->case_sensitive, username, ctx->deny_users[i])) { DEBUG(SSSDBG_TRACE_LIBS, ("User [%s] found in deny list, access denied.\n", ctx->deny_users[i])); /* Return immediately on explicit denial */ *access_granted = false; return EOK; } } } return EAGAIN; } static errno_t simple_check_groups(struct simple_ctx *ctx, const char **group_names, bool *access_granted) { struct sss_domain_info *domain = NULL; bool matched; int i, j; /* Now process allow and deny group rules * If access was already granted above, we'll skip * this redundant rule check */ if (ctx->allow_groups && !*access_granted) { matched = false; for (i = 0; ctx->allow_groups[i]; i++) { domain = find_subdomain_by_object_name(ctx->domain, ctx->allow_groups[i]); if (domain == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid group %s!\n", ctx->allow_groups[i])); return EINVAL; } for(j = 0; group_names[j]; j++) { if (sss_string_equal(domain->case_sensitive, group_names[j], ctx->allow_groups[i])) { matched = true; break; } } /* If any group has matched, we can skip out on the * processing early */ if (matched) { DEBUG(SSSDBG_TRACE_LIBS, ("Group [%s] found in allow list, access granted.\n", group_names[j])); *access_granted = true; break; } } } /* Finally, process the deny group rules */ if (ctx->deny_groups) { matched = false; for (i = 0; ctx->deny_groups[i]; i++) { domain = find_subdomain_by_object_name(ctx->domain, ctx->deny_groups[i]); if (domain == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid group %s!\n", ctx->deny_groups[i])); return EINVAL; } for(j = 0; group_names[j]; j++) { if (sss_string_equal(domain->case_sensitive, group_names[j], ctx->deny_groups[i])) { matched = true; break; } } /* If any group has matched, we can skip out on the * processing early */ if (matched) { DEBUG(SSSDBG_TRACE_LIBS, ("Group [%s] found in deny list, access denied.\n", group_names[j])); *access_granted = false; break; } } } return EOK; } struct simple_resolve_group_state { struct sss_domain_info *domain; gid_t gid; struct simple_ctx *ctx; const char *name; }; static errno_t simple_resolve_group_check(struct simple_resolve_group_state *state); static void simple_resolve_group_done(struct tevent_req *subreq); static struct tevent_req * simple_resolve_group_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct simple_ctx *ctx, struct sss_domain_info *domain, gid_t gid) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct simple_resolve_group_state *state; struct be_acct_req *ar; req = tevent_req_create(mem_ctx, &state, struct simple_resolve_group_state); if (!req) return NULL; state->domain = domain; state->gid = gid; state->ctx = ctx; /* First check if the group was updated already. If it was (maybe its * parent was updated first), then just shortcut */ ret = simple_resolve_group_check(state); if (ret == EOK) { DEBUG(SSSDBG_TRACE_LIBS, ("Group already updated\n")); ret = EOK; goto done; } else if (ret != EAGAIN) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot check if group was already updated [%d]: %s\n", ret, sss_strerror(ret))); goto done; } /* EAGAIN - still needs update */ ar = talloc(state, struct be_acct_req); if (!ar) { ret = ENOMEM; goto done; } ar->entry_type = BE_REQ_GROUP; ar->attr_type = BE_ATTR_CORE; ar->filter_type = BE_FILTER_IDNUM; ar->filter_value = talloc_asprintf(ar, "%llu", (unsigned long long) gid); ar->domain = talloc_strdup(ar, state->domain->name); if (!ar->domain || !ar->filter_value) { ret = ENOMEM; goto done; } subreq = be_get_account_info_send(state, ev, NULL, ctx->be_ctx, ar); if (!subreq) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, simple_resolve_group_done, req); return req; done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t simple_resolve_group_check(struct simple_resolve_group_state *state) { errno_t ret; struct ldb_message *group; const char *group_attrs[] = { SYSDB_NAME, SYSDB_POSIX, SYSDB_GIDNUM, NULL }; /* Check the cache by GID again and fetch the name */ ret = sysdb_search_group_by_gid(state, state->domain->sysdb, state->domain, state->gid, group_attrs, &group); if (ret == ENOENT) { /* The group is missing, we will try to update it. */ return EAGAIN; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not look up group by gid [%"SPRIgid"]: [%d][%s]\n", state->gid, ret, sss_strerror(ret))); return ret; } state->name = ldb_msg_find_attr_as_string(group, SYSDB_NAME, NULL); if (!state->name) { DEBUG(SSSDBG_OP_FAILURE, ("No group name\n")); return ERR_ACCOUNT_UNKNOWN; } if (is_posix(group) == false) { DEBUG(SSSDBG_TRACE_LIBS, ("The group is still non-POSIX\n")); return EAGAIN; } DEBUG(SSSDBG_TRACE_LIBS, ("Got POSIX group\n")); return EOK; } static void simple_resolve_group_done(struct tevent_req *subreq) { struct tevent_req *req; struct simple_resolve_group_state *state; int err_maj; int err_min; errno_t ret; const char *err_msg; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct simple_resolve_group_state); ret = be_get_account_info_recv(subreq, state, &err_maj, &err_min, &err_msg); talloc_zfree(subreq); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("be_get_account_info_recv failed\n")); tevent_req_error(req, ret); return; } if (err_maj) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot refresh data from DP: %u,%u: %s\n", err_maj, err_min, err_msg)); tevent_req_error(req, EIO); return; } /* Check the cache by GID again and fetch the name */ ret = simple_resolve_group_check(state); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Refresh failed\n")); tevent_req_error(req, ret); return; } tevent_req_done(req); } static errno_t simple_resolve_group_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, const char **name) { struct simple_resolve_group_state *state; state = tevent_req_data(req, struct simple_resolve_group_state); TEVENT_REQ_RETURN_ON_ERROR(req); *name = talloc_strdup(mem_ctx, state->name); return EOK; } struct simple_group { struct sss_domain_info *domain; gid_t gid; }; struct simple_check_groups_state { struct tevent_context *ev; struct simple_ctx *ctx; struct sss_domain_info *domain; struct simple_group *lookup_groups; size_t num_groups; size_t giter; const char **group_names; size_t num_names; }; static void simple_check_get_groups_next(struct tevent_req *subreq); static errno_t simple_check_get_groups_primary(struct simple_check_groups_state *state, gid_t gid); static errno_t simple_check_process_group(struct simple_check_groups_state *state, struct ldb_message *group); static struct tevent_req * simple_check_get_groups_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct simple_ctx *ctx, const char *username) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct simple_check_groups_state *state; const char *attrs[] = { SYSDB_NAME, SYSDB_POSIX, SYSDB_GIDNUM, SYSDB_SID_STR, NULL }; size_t group_count; struct ldb_message *user; struct ldb_message **groups; int i; gid_t gid; req = tevent_req_create(mem_ctx, &state, struct simple_check_groups_state); if (!req) return NULL; state->ev = ev; state->ctx = ctx; DEBUG(SSSDBG_TRACE_LIBS, ("Looking up groups for user %s\n", username)); /* get domain from username */ state->domain = find_subdomain_by_object_name(ctx->domain, username); if (state->domain == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid user %s!\n", username)); ret = EINVAL; goto done; } ret = sysdb_search_user_by_name(state, state->domain->sysdb, state->domain, username, attrs, &user); if (ret == ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, ("No such user %s\n", username)); ret = ERR_ACCOUNT_UNKNOWN; goto done; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not look up username [%s]: [%d][%s]\n", username, ret, sss_strerror(ret))); goto done; } ret = sysdb_asq_search(state, state->domain->sysdb, user->dn, NULL, SYSDB_MEMBEROF, attrs, &group_count, &groups); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("User %s is a member of %zu supplemental groups\n", username, group_count)); /* One extra space for terminator, one extra space for private group */ state->group_names = talloc_zero_array(state, const char *, group_count + 2); state->lookup_groups = talloc_zero_array(state, struct simple_group, group_count + 2); if (!state->group_names || !state->lookup_groups) { ret = ENOMEM; goto done; } for (i=0; i < group_count; i++) { /* Some providers (like the AD provider) might perform initgroups * without resolving the group names. In order for the simple access * provider to work correctly, we need to resolve the groups before * performing the access check. In AD provider, the situation is * even more tricky b/c the groups HAVE name, but their name * attribute is set to SID and they are set as non-POSIX */ ret = simple_check_process_group(state, groups[i]); if (ret != EOK) { goto done; } } gid = ldb_msg_find_attr_as_uint64(user, SYSDB_GIDNUM, 0); if (!gid) { DEBUG(SSSDBG_MINOR_FAILURE, ("User %s has no gid?\n", username)); ret = EINVAL; goto done; } ret = simple_check_get_groups_primary(state, gid); if (ret != EOK) { goto done; } if (state->num_groups == 0) { /* If all groups could have been resolved by name, we are * done */ DEBUG(SSSDBG_TRACE_FUNC, ("All groups had name attribute\n")); ret = EOK; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Need to resolve %zu groups\n", state->num_groups)); state->giter = 0; subreq = simple_resolve_group_send(req, state->ev, state->ctx, state->lookup_groups[state->giter].domain, state->lookup_groups[state->giter].gid); if (!subreq) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, simple_check_get_groups_next, req); return req; done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void simple_check_get_groups_next(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct simple_check_groups_state *state = tevent_req_data(req, struct simple_check_groups_state); errno_t ret; ret = simple_resolve_group_recv(subreq, state->group_names, &state->group_names[state->num_names]); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not resolve name of group with GID %"SPRIgid"\n", state->lookup_groups[state->giter].gid)); tevent_req_error(req, ret); return; } state->num_names++; state->giter++; if (state->giter < state->num_groups) { subreq = simple_resolve_group_send(req, state->ev, state->ctx, state->lookup_groups[state->giter].domain, state->lookup_groups[state->giter].gid); if (!subreq) { tevent_req_error(req, ENOMEM); return; } tevent_req_set_callback(subreq, simple_check_get_groups_next, req); return; } DEBUG(SSSDBG_TRACE_INTERNAL, ("All groups resolved. Done.\n")); tevent_req_done(req); } static errno_t simple_check_process_group(struct simple_check_groups_state *state, struct ldb_message *group) { const char *name; const char *group_sid; struct sss_domain_info *domain; gid_t gid; bool posix; posix = is_posix(group); name = ldb_msg_find_attr_as_string(group, SYSDB_NAME, NULL); gid = ldb_msg_find_attr_as_uint64(group, SYSDB_GIDNUM, 0); /* With the current sysdb layout, every group has a name */ if (name == NULL) { return EINVAL; } if (gid == 0) { if (posix == true) { DEBUG(SSSDBG_CRIT_FAILURE, ("POSIX group without GID\n")); return EINVAL; } /* Non-posix group with a name. Still can be used for access * control as the name should point to the real name, no SID */ state->group_names[state->num_names] = talloc_strdup(state->group_names, name); if (!state->group_names[state->num_names]) { return ENOMEM; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding group %s\n", name)); state->num_names++; return EOK; } /* Here are only groups with a name and gid. POSIX group can already * be used, non-POSIX groups can be resolved */ if (posix) { state->group_names[state->num_names] = talloc_strdup(state->group_names, name); if (!state->group_names[state->num_names]) { return ENOMEM; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding group %s\n", name)); state->num_names++; return EOK; } /* Try to get group SID and assign it a domain */ group_sid = ldb_msg_find_attr_as_string(group, SYSDB_SID_STR, NULL); if (group_sid == NULL) { /* We will look it up in main domain. */ domain = state->ctx->domain; } else { domain = find_subdomain_by_sid(state->ctx->domain, group_sid); if (domain == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("There is no domain information for " "SID %s\n", group_sid)); return ENOENT; } } /* It is a non-posix group with a GID. Needs resolving */ state->lookup_groups[state->num_groups].domain = domain; state->lookup_groups[state->num_groups].gid = gid; DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding GID %"SPRIgid"\n", gid)); state->num_groups++; return EOK; } static errno_t simple_check_get_groups_primary(struct simple_check_groups_state *state, gid_t gid) { errno_t ret; const char *group_attrs[] = { SYSDB_NAME, SYSDB_POSIX, SYSDB_GIDNUM, SYSDB_SID_STR, NULL }; struct ldb_message *msg; ret = sysdb_search_group_by_gid(state, state->domain->sysdb, state->domain, gid, group_attrs, &msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not look up primary group [%"SPRIgid"]: [%d][%s]\n", gid, ret, sss_strerror(ret))); /* We have to treat this as non-fatal, because the primary * group may be local to the machine and not available in * our ID provider. */ } else { ret = simple_check_process_group(state, msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot process primary group\n")); return ret; } } return EOK; } static errno_t simple_check_get_groups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, const char ***_group_names) { struct simple_check_groups_state *state; state = tevent_req_data(req, struct simple_check_groups_state); TEVENT_REQ_RETURN_ON_ERROR(req); *_group_names = talloc_steal(mem_ctx, state->group_names); return EOK; } struct simple_access_check_state { bool access_granted; struct simple_ctx *ctx; const char *username; const char **group_names; }; static void simple_access_check_done(struct tevent_req *subreq); struct tevent_req *simple_access_check_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct simple_ctx *ctx, const char *username) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct simple_access_check_state *state; req = tevent_req_create(mem_ctx, &state, struct simple_access_check_state); if (!req) return NULL; state->access_granted = false; state->ctx = ctx; state->username = talloc_strdup(state, username); if (!state->username) { ret = ENOMEM; goto immediate; } DEBUG(SSSDBG_FUNC_DATA, ("Simple access check for %s\n", username)); ret = simple_check_users(ctx, username, &state->access_granted); if (ret == EOK) { goto immediate; } else if (ret != EAGAIN) { ret = ERR_INTERNAL; goto immediate; } /* EAGAIN -- check groups */ if (!ctx->allow_groups && !ctx->deny_groups) { /* There are no group restrictions, so just return * here with whatever we've decided. */ DEBUG(SSSDBG_TRACE_LIBS, ("No group restrictions, end request\n")); ret = EOK; goto immediate; } /* The group names might not be available. Fire a request to * gather them. In most cases, the request will just shortcut */ subreq = simple_check_get_groups_send(state, ev, ctx, username); if (!subreq) { ret = ENOMEM; goto immediate; } tevent_req_set_callback(subreq, simple_access_check_done, req); return req; immediate: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static void simple_access_check_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct simple_access_check_state *state = tevent_req_data(req, struct simple_access_check_state); errno_t ret; /* We know the names now. Run the check. */ ret = simple_check_get_groups_recv(subreq, state, &state->group_names); talloc_zfree(subreq); if (ret == ENOENT) { /* If the user wasn't found, just shortcut */ state->access_granted = false; tevent_req_done(req); return; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not collect groups of user %s\n", state->username)); tevent_req_error(req, ret); return; } ret = simple_check_groups(state->ctx, state->group_names, &state->access_granted); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not check group access [%d]: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ERR_INTERNAL); return; } /* Now just return whatever we decided */ DEBUG(SSSDBG_TRACE_INTERNAL, ("Group check done\n")); tevent_req_done(req); } errno_t simple_access_check_recv(struct tevent_req *req, bool *access_granted) { struct simple_access_check_state *state = tevent_req_data(req, struct simple_access_check_state); TEVENT_REQ_RETURN_ON_ERROR(req); DEBUG(SSSDBG_TRACE_LIBS, ("Access %sgranted\n", state->access_granted ? "" : "not ")); if (access_granted) { *access_granted = state->access_granted; } return EOK; } sssd-1.11.5/src/providers/simple/PaxHeaders.13173/simple_access.c0000644000000000000000000000007412320753107022626 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.648874955 sssd-1.11.5/src/providers/simple/simple_access.c0000664002412700241270000002074512320753107023060 0ustar00jhrozekjhrozek00000000000000/* SSSD Simple access control Copyright (C) Sumit Bose 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "providers/simple/simple_access.h" #include "util/sss_utf8.h" #include "providers/dp_backend.h" #include "db/sysdb.h" #define CONFDB_SIMPLE_ALLOW_USERS "simple_allow_users" #define CONFDB_SIMPLE_DENY_USERS "simple_deny_users" #define CONFDB_SIMPLE_ALLOW_GROUPS "simple_allow_groups" #define CONFDB_SIMPLE_DENY_GROUPS "simple_deny_groups" #define TIMEOUT_OF_REFRESH_FILTER_LISTS 5 static void simple_access_check(struct tevent_req *req); static errno_t simple_access_parse_names(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, char **list, char ***_out); static int simple_access_obtain_filter_lists(struct simple_ctx *ctx) { struct be_ctx *bectx = ctx->be_ctx; int ret; int i; struct { const char *name; const char *option; char **orig_list; char ***ctx_list; } lists[] = {{"Allow users", CONFDB_SIMPLE_ALLOW_USERS, NULL, NULL}, {"Deny users", CONFDB_SIMPLE_DENY_USERS, NULL, NULL}, {"Allow groups", CONFDB_SIMPLE_ALLOW_GROUPS, NULL, NULL}, {"Deny groups", CONFDB_SIMPLE_DENY_GROUPS, NULL, NULL}, {NULL, NULL, NULL, NULL}}; lists[0].ctx_list = &ctx->allow_users; lists[1].ctx_list = &ctx->deny_users; lists[2].ctx_list = &ctx->allow_groups; lists[3].ctx_list = &ctx->deny_groups; ret = sysdb_master_domain_update(bectx->domain); if (ret != EOK) { DEBUG(SSSDBG_FUNC_DATA, ("Update of master domain failed [%d]: %s.\n", ret, sss_strerror(ret))); goto failed; } for (i = 0; lists[i].name != NULL; i++) { ret = confdb_get_string_as_list(bectx->cdb, ctx, bectx->conf_path, lists[i].option, &lists[i].orig_list); if (ret == ENOENT) { DEBUG(SSSDBG_FUNC_DATA, ("%s list is empty.\n", lists[i].name)); *lists[i].ctx_list = NULL; continue; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("confdb_get_string_as_list failed.\n")); goto failed; } ret = simple_access_parse_names(ctx, bectx, lists[i].orig_list, lists[i].ctx_list); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to parse %s list [%d]: %s\n", lists[i].name, ret, sss_strerror(ret))); goto failed; } } if (!ctx->allow_users && !ctx->allow_groups && !ctx->deny_users && !ctx->deny_groups) { DEBUG(SSSDBG_OP_FAILURE, ("No rules supplied for simple access provider. " "Access will be granted for all users.\n")); } return EOK; failed: return ret; } void simple_access_handler(struct be_req *be_req) { struct be_ctx *be_ctx = be_req_get_be_ctx(be_req); struct pam_data *pd; struct tevent_req *req; struct simple_ctx *ctx; int ret; time_t now; pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); pd->pam_status = PAM_SYSTEM_ERR; if (pd->cmd != SSS_PAM_ACCT_MGMT) { DEBUG(SSSDBG_CONF_SETTINGS, ("simple access does not handle pam task %d.\n", pd->cmd)); pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } ctx = talloc_get_type(be_ctx->bet_info[BET_ACCESS].pvt_bet_data, struct simple_ctx); now = time(NULL); if ((now - ctx->last_refresh_of_filter_lists) > TIMEOUT_OF_REFRESH_FILTER_LISTS) { ret = simple_access_obtain_filter_lists(ctx); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to refresh filter lists\n")); } ctx->last_refresh_of_filter_lists = now; } req = simple_access_check_send(be_req, be_ctx->ev, ctx, pd->user); if (!req) { pd->pam_status = PAM_SYSTEM_ERR; goto done; } tevent_req_set_callback(req, simple_access_check, be_req); return; done: be_req_terminate(be_req, DP_ERR_OK, pd->pam_status, NULL); } static void simple_access_check(struct tevent_req *req) { bool access_granted = false; errno_t ret; struct pam_data *pd; struct be_req *be_req; be_req = tevent_req_callback_data(req, struct be_req); pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); ret = simple_access_check_recv(req, &access_granted); talloc_free(req); if (ret != EOK) { pd->pam_status = PAM_SYSTEM_ERR; goto done; } if (access_granted) { pd->pam_status = PAM_SUCCESS; } else { pd->pam_status = PAM_PERM_DENIED; } done: be_req_terminate(be_req, DP_ERR_OK, pd->pam_status, NULL); } static errno_t simple_access_parse_names(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, char **list, char ***_out) { TALLOC_CTX *tmp_ctx = NULL; char **out = NULL; char *domain = NULL; char *name = NULL; size_t size; size_t i; errno_t ret; if (list == NULL) { *_out = NULL; return EOK; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); ret = ENOMEM; goto done; } for (size = 0; list[size] != NULL; size++) { /* count size */ } out = talloc_zero_array(tmp_ctx, char*, size + 1); if (out == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero_array() failed\n")); ret = ENOMEM; goto done; } /* Since this is access provider, we should fail on any error so we don't * allow unauthorized access. */ for (i = 0; i < size; i++) { ret = sss_parse_name(tmp_ctx, be_ctx->domain->names, list[i], &domain, &name); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to parse name '%s' [%d]: %s\n", list[i], ret, sss_strerror(ret))); goto done; } if (domain == NULL || strcasecmp(domain, be_ctx->domain->name) == 0 || (be_ctx->domain->flat_name != NULL && strcasecmp(domain, be_ctx->domain->flat_name) == 0)) { /* This object belongs to main SSSD domain. Those users and groups * are stored without domain part, so we will strip it off. * */ out[i] = talloc_move(out, &name); } else { /* Subdomain users and groups are stored as fully qualified names, * thus we will remember the domain part. * * Since subdomains may come and go, we will look for their * existence later, during each access check. */ out[i] = talloc_move(out, &list[i]); } } *_out = talloc_steal(mem_ctx, out); ret = EOK; done: talloc_free(tmp_ctx); return ret; } struct bet_ops simple_access_ops = { .handler = simple_access_handler, .finalize = NULL }; int sssm_simple_access_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret = EINVAL; struct simple_ctx *ctx; ctx = talloc_zero(bectx, struct simple_ctx); if (ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); return ENOMEM; } ctx->domain = bectx->domain; ctx->be_ctx = bectx; ctx->last_refresh_of_filter_lists = 0; ret = simple_access_obtain_filter_lists(ctx); if (ret != EOK) { goto failed; } *ops = &simple_access_ops; *pvt_data = ctx; return EOK; failed: talloc_free(ctx); return ret; } sssd-1.11.5/src/providers/PaxHeaders.13173/dp_dyndns.h0000644000000000000000000000007412320753107020512 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.463875092 sssd-1.11.5/src/providers/dp_dyndns.h0000664002412700241270000001063612320753107020742 0ustar00jhrozekjhrozek00000000000000/* SSSD dp_dyndns.h Authors: Jakub Hrozek Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef DP_DYNDNS_H_ #define DP_DYNDNS_H_ /* dynamic dns helpers */ struct sss_iface_addr; typedef void (*nsupdate_timer_fn_t)(void *pvt); enum be_nsupdate_auth { BE_NSUPDATE_AUTH_NONE, BE_NSUPDATE_AUTH_GSS_TSIG, }; struct be_nsupdate_ctx { struct dp_option *opts; enum be_nsupdate_auth auth_type; time_t last_refresh; bool timer_in_progress; struct tevent_timer *refresh_timer; nsupdate_timer_fn_t timer_callback; void *timer_pvt; }; enum dp_dyndns_opts { DP_OPT_DYNDNS_UPDATE, DP_OPT_DYNDNS_REFRESH_INTERVAL, DP_OPT_DYNDNS_IFACE, DP_OPT_DYNDNS_TTL, DP_OPT_DYNDNS_UPDATE_PTR, DP_OPT_DYNDNS_FORCE_TCP, DP_OPT_DYNDNS_AUTH, DP_OPT_DYNDNS /* attrs counter */ }; #define DYNDNS_REMOVE_A 0x1 #define DYNDNS_REMOVE_AAAA 0x2 errno_t be_nsupdate_check(void); errno_t be_nsupdate_init(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct dp_option *defopts, struct be_nsupdate_ctx **_ctx); errno_t be_nsupdate_init_timer(struct be_nsupdate_ctx *ctx, struct tevent_context *ev, nsupdate_timer_fn_t timer_callback, void *timer_pvt); void be_nsupdate_timer_schedule(struct tevent_context *ev, struct be_nsupdate_ctx *ctx); errno_t sss_iface_addr_list_get(TALLOC_CTX *mem_ctx, const char *ifname, struct sss_iface_addr **_addrlist); struct sss_iface_addr * sss_iface_addr_add(TALLOC_CTX *mem_ctx, struct sss_iface_addr **list, struct sockaddr_storage *ss); errno_t sss_iface_addr_list_as_str_list(TALLOC_CTX *mem_ctx, struct sss_iface_addr *ifaddr_list, char ***_straddrs); errno_t be_nsupdate_create_fwd_msg(TALLOC_CTX *mem_ctx, const char *realm, const char *zone, const char *servername, const char *hostname, const unsigned int ttl, uint8_t remove_af, struct sss_iface_addr *addresses, struct sss_iface_addr *old_addresses, char **_update_msg); errno_t be_nsupdate_create_ptr_msg(TALLOC_CTX *mem_ctx, const char *realm, const char *servername, const char *hostname, const unsigned int ttl, uint8_t remove_af, struct sss_iface_addr *addresses, struct sss_iface_addr *old_addresses, char **_update_msg); /* Returns: * * ERR_OK - on success * * ERR_DYNDNS_FAILED - if nsupdate fails for any reason * * ERR_DYNDNS_TIMEOUT - if the update times out. child_status * is ETIMEDOUT in this case */ struct tevent_req *be_nsupdate_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, enum be_nsupdate_auth auth_type, char *nsupdate_msg, bool force_tcp); errno_t be_nsupdate_recv(struct tevent_req *req, int *child_status); struct tevent_req * nsupdate_get_addrs_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_resolv_ctx *be_res, const char *hostname); errno_t nsupdate_get_addrs_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct sss_iface_addr **_addrlist, size_t *_count); #endif /* DP_DYNDNS_H_ */ sssd-1.11.5/src/providers/PaxHeaders.13173/fail_over.c0000644000000000000000000000007412320753107020471 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.527875044 sssd-1.11.5/src/providers/fail_over.c0000664002412700241270000013134712320753107020724 0ustar00jhrozekjhrozek00000000000000/* SSSD Fail over helper functions. Authors: Martin Nagy Jakub Hrozek Copyright (C) Red Hat, Inc 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/dlinklist.h" #include "util/refcount.h" #include "util/util.h" #include "providers/fail_over.h" #include "resolv/async_resolv.h" #define STATUS_DIFF(p, now) ((now).tv_sec - (p)->last_status_change.tv_sec) #define SERVER_NAME(s) ((s)->common ? (s)->common->name : "(no name)") #define DEFAULT_PORT_STATUS PORT_NEUTRAL #define DEFAULT_SERVER_STATUS SERVER_NAME_NOT_RESOLVED #define DEFAULT_SRV_STATUS SRV_NEUTRAL enum srv_lookup_status { SRV_NEUTRAL, /* We didn't try this SRV lookup yet */ SRV_RESOLVED, /* This SRV lookup is resolved */ SRV_RESOLVE_ERROR, /* Could not resolve this SRV lookup */ SRV_EXPIRED /* Need to refresh the SRV query */ }; struct fo_ctx { struct fo_service *service_list; struct server_common *server_common_list; struct fo_options *opts; fo_srv_lookup_plugin_send_t srv_send_fn; fo_srv_lookup_plugin_recv_t srv_recv_fn; void *srv_pvt; }; struct fo_service { struct fo_service *prev; struct fo_service *next; struct fo_ctx *ctx; char *name; struct fo_server *active_server; struct fo_server *last_tried_server; struct fo_server *server_list; /* Function pointed by user_data_cmp returns 0 if user_data is equal * or nonzero value if not. Set to NULL if no user data comparison * is needed in fail over duplicate servers detection. */ datacmp_fn user_data_cmp; }; struct fo_server { struct fo_server *prev; struct fo_server *next; bool primary; void *user_data; int port; enum port_status port_status; struct srv_data *srv_data; struct fo_service *service; struct timeval last_status_change; struct server_common *common; }; struct server_common { REFCOUNT_COMMON; struct fo_ctx *ctx; struct server_common *prev; struct server_common *next; char *name; struct resolv_hostent *rhostent; struct resolve_service_request *request_list; enum server_status server_status; struct timeval last_status_change; }; struct srv_data { char *dns_domain; char *discovery_domain; char *sssd_domain; char *proto; char *srv; struct fo_server *meta; int srv_lookup_status; struct timeval last_status_change; }; struct resolve_service_request { struct resolve_service_request *prev; struct resolve_service_request *next; struct server_common *server_common; struct tevent_req *req; }; struct status { int value; struct timeval last_change; }; struct fo_ctx * fo_context_init(TALLOC_CTX *mem_ctx, struct fo_options *opts) { struct fo_ctx *ctx; ctx = talloc_zero(mem_ctx, struct fo_ctx); if (ctx == NULL) { DEBUG(1, ("No memory\n")); return NULL; } ctx->opts = talloc_zero(ctx, struct fo_options); if (ctx->opts == NULL) { DEBUG(1, ("No memory\n")); return NULL; } ctx->opts->srv_retry_timeout = opts->srv_retry_timeout; ctx->opts->retry_timeout = opts->retry_timeout; ctx->opts->family_order = opts->family_order; ctx->opts->service_resolv_timeout = opts->service_resolv_timeout; DEBUG(SSSDBG_TRACE_FUNC, ("Created new fail over context, retry timeout is %ld\n", ctx->opts->retry_timeout)); return ctx; } static const char * str_port_status(enum port_status status) { switch (status) { case PORT_NEUTRAL: return "neutral"; case PORT_WORKING: return "working"; case PORT_NOT_WORKING: return "not working"; } return "unknown port status"; } static const char * str_srv_data_status(enum srv_lookup_status status) { switch (status) { case SRV_NEUTRAL: return "neutral"; case SRV_RESOLVED: return "resolved"; case SRV_RESOLVE_ERROR: return "not resolved"; case SRV_EXPIRED: return "expired"; } return "unknown SRV lookup status"; } static const char * str_server_status(enum server_status status) { switch (status) { case SERVER_NAME_NOT_RESOLVED: return "name not resolved"; case SERVER_RESOLVING_NAME: return "resolving name"; case SERVER_NAME_RESOLVED: return "name resolved"; case SERVER_WORKING: return "working"; case SERVER_NOT_WORKING: return "not working"; } return "unknown server status"; } int fo_is_srv_lookup(struct fo_server *s) { return s && s->srv_data; } static struct fo_server * collapse_srv_lookup(struct fo_server **_server) { struct fo_server *tmp, *meta, *server; server = *_server; meta = server->srv_data->meta; DEBUG(4, ("Need to refresh SRV lookup for domain %s\n", meta->srv_data->dns_domain)); if (server != meta) { while (server->prev && server->prev->srv_data == meta->srv_data) { tmp = server->prev; DLIST_REMOVE(server->service->server_list, tmp); talloc_zfree(tmp); } while (server->next && server->next->srv_data == meta->srv_data) { tmp = server->next; DLIST_REMOVE(server->service->server_list, tmp); talloc_zfree(tmp); } if (server == server->service->active_server) { server->service->active_server = NULL; } if (server == server->service->last_tried_server) { server->service->last_tried_server = meta; } /* add back the meta server to denote SRV lookup */ DLIST_ADD_AFTER(server->service->server_list, meta, server); DLIST_REMOVE(server->service->server_list, server); talloc_zfree(server); } meta->srv_data->srv_lookup_status = SRV_NEUTRAL; meta->srv_data->last_status_change.tv_sec = 0; *_server = NULL; return meta; } static enum srv_lookup_status get_srv_data_status(struct srv_data *data) { struct timeval tv; time_t timeout; timeout = data->meta->service->ctx->opts->srv_retry_timeout; gettimeofday(&tv, NULL); if (timeout && STATUS_DIFF(data, tv) > timeout) { switch(data->srv_lookup_status) { case SRV_EXPIRED: case SRV_NEUTRAL: break; case SRV_RESOLVED: data->srv_lookup_status = SRV_EXPIRED; data->last_status_change.tv_sec = 0; break; case SRV_RESOLVE_ERROR: data->srv_lookup_status = SRV_NEUTRAL; data->last_status_change.tv_sec = 0; break; default: DEBUG(1, ("Unknown state for SRV server!\n")); } } return data->srv_lookup_status; } static void set_srv_data_status(struct srv_data *data, enum srv_lookup_status status) { DEBUG(4, ("Marking SRV lookup of service '%s' as '%s'\n", data->meta->service->name, str_srv_data_status(status))); gettimeofday(&data->last_status_change, NULL); data->srv_lookup_status = status; } /* * This function will return the status of the server. If the status was * last updated a long time ago, we will first reset the status. */ static enum server_status get_server_status(struct fo_server *server) { struct timeval tv; time_t timeout; if (server->common == NULL) return SERVER_NAME_RESOLVED; DEBUG(7, ("Status of server '%s' is '%s'\n", SERVER_NAME(server), str_server_status(server->common->server_status))); timeout = server->service->ctx->opts->retry_timeout; gettimeofday(&tv, NULL); if (timeout != 0 && server->common->server_status == SERVER_NOT_WORKING) { if (STATUS_DIFF(server->common, tv) > timeout) { DEBUG(4, ("Reseting the server status of '%s'\n", SERVER_NAME(server))); server->common->server_status = SERVER_NAME_NOT_RESOLVED; server->common->last_status_change.tv_sec = tv.tv_sec; } } if (server->common->rhostent && STATUS_DIFF(server->common, tv) > server->common->rhostent->addr_list[0]->ttl) { DEBUG(4, ("Hostname resolution expired, resetting the server " "status of '%s'\n", SERVER_NAME(server))); fo_set_server_status(server, SERVER_NAME_NOT_RESOLVED); } return server->common->server_status; } /* * This function will return the status of the service. If the status was * last updated a long time ago, we will first reset the status. */ static enum port_status get_port_status(struct fo_server *server) { struct timeval tv; time_t timeout; DEBUG(7, ("Port status of port %d for server '%s' is '%s'\n", server->port, SERVER_NAME(server), str_port_status(server->port_status))); timeout = server->service->ctx->opts->retry_timeout; if (timeout != 0 && server->port_status == PORT_NOT_WORKING) { gettimeofday(&tv, NULL); if (STATUS_DIFF(server, tv) > timeout) { DEBUG(4, ("Reseting the status of port %d for server '%s'\n", server->port, SERVER_NAME(server))); server->port_status = PORT_NEUTRAL; server->last_status_change.tv_sec = tv.tv_sec; } } return server->port_status; } static int server_works(struct fo_server *server) { if (get_server_status(server) == SERVER_NOT_WORKING) return 0; return 1; } static int service_works(struct fo_server *server) { if (!server_works(server)) return 0; if (get_port_status(server) == PORT_NOT_WORKING) return 0; return 1; } static int service_destructor(struct fo_service *service) { DLIST_REMOVE(service->ctx->service_list, service); return 0; } int fo_new_service(struct fo_ctx *ctx, const char *name, datacmp_fn user_data_cmp, struct fo_service **_service) { struct fo_service *service; int ret; DEBUG(SSSDBG_TRACE_FUNC, ("Creating new service '%s'\n", name)); ret = fo_get_service(ctx, name, &service); if (ret == EOK) { DEBUG(5, ("Service '%s' already exists\n", name)); if (_service) { *_service = service; } return EEXIST; } else if (ret != ENOENT) { return ret; } service = talloc_zero(ctx, struct fo_service); if (service == NULL) return ENOMEM; service->name = talloc_strdup(service, name); if (service->name == NULL) { talloc_free(service); return ENOMEM; } service->user_data_cmp = user_data_cmp; service->ctx = ctx; DLIST_ADD(ctx->service_list, service); talloc_set_destructor(service, service_destructor); if (_service) { *_service = service; } return EOK; } int fo_get_service(struct fo_ctx *ctx, const char *name, struct fo_service **_service) { struct fo_service *service; DLIST_FOR_EACH(service, ctx->service_list) { if (!strcmp(name, service->name)) { *_service = service; return EOK; } } return ENOENT; } static int get_server_common(TALLOC_CTX *mem_ctx, struct fo_ctx *ctx, const char *name, struct server_common **_common) { struct server_common *common; DLIST_FOR_EACH(common, ctx->server_common_list) { if (!strcasecmp(name, common->name)) { *_common = rc_reference(mem_ctx, struct server_common, common); if (*_common == NULL) return ENOMEM; return EOK; } } return ENOENT; } static int server_common_destructor(void *memptr) { struct server_common *common; common = talloc_get_type(memptr, struct server_common); if (common->request_list) { DEBUG(1, ("BUG: pending requests still associated with this server\n")); return -1; } DLIST_REMOVE(common->ctx->server_common_list, common); return 0; } static struct server_common * create_server_common(TALLOC_CTX *mem_ctx, struct fo_ctx *ctx, const char *name) { struct server_common *common; common = rc_alloc(mem_ctx, struct server_common); if (common == NULL) return NULL; common->name = talloc_strdup(common, name); if (common->name == NULL) { talloc_free(common); return NULL; } common->ctx = ctx; common->prev = NULL; common->next = NULL; common->rhostent = NULL; common->request_list = NULL; common->server_status = DEFAULT_SERVER_STATUS; common->last_status_change.tv_sec = 0; common->last_status_change.tv_usec = 0; talloc_set_destructor((TALLOC_CTX *) common, server_common_destructor); DLIST_ADD_END(ctx->server_common_list, common, struct server_common *); return common; } int fo_add_srv_server(struct fo_service *service, const char *srv, const char *discovery_domain, const char *sssd_domain, const char *proto, void *user_data) { struct fo_server *server; DEBUG(SSSDBG_TRACE_FUNC, ("Adding new SRV server to service '%s' using '%s'.\n", service->name, proto)); DLIST_FOR_EACH(server, service->server_list) { /* Compare user data only if user_data_cmp and both arguments * are not NULL. */ if (server->service->user_data_cmp && user_data && server->user_data) { if (server->service->user_data_cmp(server->user_data, user_data)) { continue; } } if (fo_is_srv_lookup(server)) { if (((discovery_domain == NULL && server->srv_data->dns_domain == NULL) || (discovery_domain != NULL && server->srv_data->dns_domain != NULL && strcasecmp(server->srv_data->dns_domain, discovery_domain) == 0)) && strcasecmp(server->srv_data->proto, proto) == 0) { return EEXIST; } } } server = talloc_zero(service, struct fo_server); if (server == NULL) return ENOMEM; server->user_data = user_data; server->service = service; server->port_status = DEFAULT_PORT_STATUS; server->primary = true; /* SRV servers are never back up */ /* add the SRV-specific data */ server->srv_data = talloc_zero(service, struct srv_data); if (server->srv_data == NULL) return ENOMEM; server->srv_data->proto = talloc_strdup(server->srv_data, proto); server->srv_data->srv = talloc_strdup(server->srv_data, srv); if (server->srv_data->proto == NULL || server->srv_data->srv == NULL) return ENOMEM; if (discovery_domain) { server->srv_data->discovery_domain = talloc_strdup(server->srv_data, discovery_domain); if (server->srv_data->discovery_domain == NULL) return ENOMEM; server->srv_data->dns_domain = talloc_strdup(server->srv_data, discovery_domain); if (server->srv_data->dns_domain == NULL) return ENOMEM; } server->srv_data->sssd_domain = talloc_strdup(server->srv_data, sssd_domain); if (server->srv_data->sssd_domain == NULL) return ENOMEM; server->srv_data->meta = server; server->srv_data->srv_lookup_status = DEFAULT_SRV_STATUS; server->srv_data->last_status_change.tv_sec = 0; DLIST_ADD_END(service->server_list, server, struct fo_server *); return EOK; } static struct fo_server * create_fo_server(struct fo_service *service, const char *name, int port, void *user_data, bool primary) { struct fo_server *server; int ret; server = talloc_zero(service, struct fo_server); if (server == NULL) return NULL; server->port = port; server->user_data = user_data; server->service = service; server->port_status = DEFAULT_PORT_STATUS; server->primary = primary; if (name != NULL) { ret = get_server_common(server, service->ctx, name, &server->common); if (ret == ENOENT) { server->common = create_server_common(server, service->ctx, name); if (server->common == NULL) { talloc_free(server); return NULL; } } else if (ret != EOK) { talloc_free(server); return NULL; } } return server; } int fo_get_server_count(struct fo_service *service) { struct fo_server *server; int count = 0; DLIST_FOR_EACH(server, service->server_list) { count++; } return count; } static bool fo_server_match(struct fo_server *server, const char *name, int port, void *user_data) { if (server->port != port) { return false; } /* Compare user data only if user_data_cmp and both arguments * are not NULL. */ if (server->service->user_data_cmp && server->user_data && user_data) { if (server->service->user_data_cmp(server->user_data, user_data)) { return false; } } if (name == NULL && server->common == NULL) { return true; } if (name != NULL && server->common != NULL && server->common->name != NULL) { if (!strcasecmp(name, server->common->name)) return true; } return false; } static bool fo_server_cmp(struct fo_server *s1, struct fo_server *s2) { char *name = NULL; if (s2->common != NULL) { name = s2->common->name; } return fo_server_match(s1, name, s2->port, s2->user_data); } static bool fo_server_exists(struct fo_server *list, const char *name, int port, void *user_data) { struct fo_server *server = NULL; DLIST_FOR_EACH(server, list) { if (fo_server_match(server, name, port, user_data)) { return true; } } return false; } static errno_t fo_add_server_to_list(struct fo_server **to_list, struct fo_server *check_list, struct fo_server *server, const char *service_name) { const char *debug_name = NULL; const char *name = NULL; bool exists; if (server->common == NULL || server->common->name == NULL) { debug_name = "(no name)"; name = NULL; } else { debug_name = server->common->name; name = server->common->name; } exists = fo_server_exists(check_list, name, server->port, server->user_data); if (exists) { DEBUG(SSSDBG_TRACE_FUNC, ("Server '%s:%d' for service '%s' " "is already present\n", debug_name, server->port, service_name)); return EEXIST; } DLIST_ADD_END(*to_list, server, struct fo_server *); DEBUG(SSSDBG_TRACE_FUNC, ("Inserted %s server '%s:%d' to service " "'%s'\n", (server->primary ? "primary" : "backup"), debug_name, server->port, service_name)); return EOK; } static errno_t fo_add_server_list(struct fo_service *service, struct fo_server *after_server, struct fo_server_info *servers, size_t num_servers, struct srv_data *srv_data, void *user_data, bool primary, struct fo_server **_last_server) { struct fo_server *server = NULL; struct fo_server *last_server = NULL; struct fo_server *srv_list = NULL; size_t i; errno_t ret; for (i = 0; i < num_servers; i++) { server = create_fo_server(service, servers[i].host, servers[i].port, user_data, primary); if (server == NULL) { talloc_free(srv_list); return ENOMEM; } server->srv_data = srv_data; ret = fo_add_server_to_list(&srv_list, service->server_list, server, service->name); if (ret != EOK) { talloc_zfree(server); continue; } last_server = server; } if (srv_list != NULL) { DLIST_ADD_LIST_AFTER(service->server_list, after_server, srv_list, struct fo_server *); } if (_last_server != NULL) { *_last_server = last_server == NULL ? after_server : last_server; } return EOK; } int fo_add_server(struct fo_service *service, const char *name, int port, void *user_data, bool primary) { struct fo_server *server; errno_t ret; server = create_fo_server(service, name, port, user_data, primary); if (!server) { return ENOMEM; } ret = fo_add_server_to_list(&service->server_list, service->server_list, server, service->name); if (ret != EOK) { talloc_free(server); } return ret; } static int get_first_server_entity(struct fo_service *service, struct fo_server **_server) { struct fo_server *server; /* If we already have a working server, use that one. */ server = service->active_server; if (server != NULL) { if (service_works(server) && fo_is_server_primary(server)) { goto done; } service->active_server = NULL; } /* * Otherwise iterate through the server list. */ /* First, try primary servers after the last one we tried. * (only if the last one was primary as well) */ if (service->last_tried_server != NULL && service->last_tried_server->primary) { if (service->last_tried_server->port_status == PORT_NEUTRAL && server_works(service->last_tried_server)) { server = service->last_tried_server; goto done; } DLIST_FOR_EACH(server, service->last_tried_server->next) { /* Go only through primary servers */ if (!server->primary) continue; if (service_works(server)) { goto done; } } } /* If none were found, try at the start, primary first */ DLIST_FOR_EACH(server, service->server_list) { /* First iterate only over primary servers */ if (!server->primary) continue; if (service_works(server)) { goto done; } if (server == service->last_tried_server) { break; } } DLIST_FOR_EACH(server, service->server_list) { /* Now iterate only over backup servers */ if (server->primary) continue; if (service_works(server)) { goto done; } } service->last_tried_server = NULL; return ENOENT; done: service->last_tried_server = server; *_server = server; return EOK; } static int resolve_service_request_destructor(struct resolve_service_request *request) { DLIST_REMOVE(request->server_common->request_list, request); return 0; } static int set_lookup_hook(struct fo_server *server, struct tevent_req *req) { struct resolve_service_request *request; request = talloc(req, struct resolve_service_request); if (request == NULL) { DEBUG(1, ("No memory\n")); talloc_free(request); return ENOMEM; } request->server_common = rc_reference(request, struct server_common, server->common); if (request->server_common == NULL) { talloc_free(request); return ENOMEM; } request->req = req; DLIST_ADD(server->common->request_list, request); talloc_set_destructor(request, resolve_service_request_destructor); return EOK; } /******************************************************************* * Get server to connect to. * *******************************************************************/ struct resolve_service_state { struct fo_server *server; struct resolv_ctx *resolv; struct tevent_context *ev; struct tevent_timer *timeout_handler; struct fo_ctx *fo_ctx; }; static errno_t fo_resolve_service_activate_timeout(struct tevent_req *req, struct tevent_context *ev, const unsigned long timeout_seconds); static void fo_resolve_service_cont(struct tevent_req *subreq); static void fo_resolve_service_done(struct tevent_req *subreq); static bool fo_resolve_service_server(struct tevent_req *req); /* Forward declarations for SRV resolving */ static struct tevent_req * resolve_srv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv, struct fo_ctx *ctx, struct fo_server *server); static int resolve_srv_recv(struct tevent_req *req, struct fo_server **server); struct tevent_req * fo_resolve_service_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv, struct fo_ctx *ctx, struct fo_service *service) { int ret; struct fo_server *server; struct tevent_req *req; struct tevent_req *subreq; struct resolve_service_state *state; DEBUG(4, ("Trying to resolve service '%s'\n", service->name)); req = tevent_req_create(mem_ctx, &state, struct resolve_service_state); if (req == NULL) return NULL; state->resolv = resolv; state->ev = ev; state->fo_ctx = ctx; ret = get_first_server_entity(service, &server); if (ret != EOK) { DEBUG(1, ("No available servers for service '%s'\n", service->name)); goto done; } /* Activate per-service timeout handler */ ret = fo_resolve_service_activate_timeout(req, ev, ctx->opts->service_resolv_timeout); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set service timeout\n")); goto done; } if (fo_is_srv_lookup(server)) { /* Don't know the server yet, must do a SRV lookup */ subreq = resolve_srv_send(state, ev, resolv, ctx, server); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, fo_resolve_service_cont, req); return req; } /* This is a regular server, just do hostname lookup */ state->server = server; if (fo_resolve_service_server(req)) { tevent_req_post(req, ev); } ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static void set_server_common_status(struct server_common *common, enum server_status status); static void fo_resolve_service_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); DEBUG(SSSDBG_MINOR_FAILURE, ("Service resolving timeout reached\n")); tevent_req_error(req, ETIMEDOUT); } static errno_t fo_resolve_service_activate_timeout(struct tevent_req *req, struct tevent_context *ev, const unsigned long timeout_seconds) { struct timeval tv; struct resolve_service_state *state = tevent_req_data(req, struct resolve_service_state); tv = tevent_timeval_current(); tv = tevent_timeval_add(&tv, timeout_seconds, 0); state->timeout_handler = tevent_add_timer(ev, state, tv, fo_resolve_service_timeout, req); if (state->timeout_handler == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_add_timer failed.\n")); return ENOMEM; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Resolve timeout set to %lu seconds\n", timeout_seconds)); return EOK; } /* SRV resolving finished, see if we got server to work with */ static void fo_resolve_service_cont(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct resolve_service_state *state = tevent_req_data(req, struct resolve_service_state); int ret; ret = resolve_srv_recv(subreq, &state->server); talloc_zfree(subreq); if (ret) { tevent_req_error(req, ret); return; } fo_resolve_service_server(req); } static bool fo_resolve_service_server(struct tevent_req *req) { struct resolve_service_state *state = tevent_req_data(req, struct resolve_service_state); struct tevent_req *subreq; int ret; switch (get_server_status(state->server)) { case SERVER_NAME_NOT_RESOLVED: /* Request name resolution. */ subreq = resolv_gethostbyname_send(state->server->common, state->ev, state->resolv, state->server->common->name, state->fo_ctx->opts->family_order, default_host_dbs); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return true; } tevent_req_set_callback(subreq, fo_resolve_service_done, state->server->common); fo_set_server_status(state->server, SERVER_RESOLVING_NAME); /* FALLTHROUGH */ case SERVER_RESOLVING_NAME: /* Name resolution is already under way. Just add ourselves into the * waiting queue so we get notified after the operation is finished. */ ret = set_lookup_hook(state->server, req); if (ret != EOK) { tevent_req_error(req, ret); return true; } break; default: /* The name is already resolved. Return immediately. */ tevent_req_done(req); return true; } return false; } static void fo_resolve_service_done(struct tevent_req *subreq) { struct server_common *common = tevent_req_callback_data(subreq, struct server_common); int resolv_status; struct resolve_service_request *request; int ret; if (common->rhostent != NULL) { talloc_zfree(common->rhostent); } ret = resolv_gethostbyname_recv(subreq, common, &resolv_status, NULL, &common->rhostent); talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Failed to resolve server '%s': %s\n", common->name, resolv_strerror(resolv_status))); /* If the resolver failed to resolve a hostname but did not * encounter an error, tell the caller to retry another server. * * If there are no more servers to try, the next request would * just shortcut with ENOENT. */ if (ret == ENOENT) { ret = EAGAIN; } set_server_common_status(common, SERVER_NOT_WORKING); } else { set_server_common_status(common, SERVER_NAME_RESOLVED); } /* Take care of all requests for this server. */ while ((request = common->request_list) != NULL) { DLIST_REMOVE(common->request_list, request); if (ret) { tevent_req_error(request->req, ret); } else { tevent_req_done(request->req); } } } int fo_resolve_service_recv(struct tevent_req *req, struct fo_server **server) { struct resolve_service_state *state; state = tevent_req_data(req, struct resolve_service_state); /* always return the server if asked for, otherwise the caller * cannot mark it as faulty in case we return an error */ if (server) *server = state->server; TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /******************************************************************* * Resolve the server to connect to using a SRV query. * *******************************************************************/ static void resolve_srv_done(struct tevent_req *subreq); struct resolve_srv_state { struct fo_server *meta; struct fo_service *service; struct fo_server *out; struct resolv_ctx *resolv; struct tevent_context *ev; struct fo_ctx *fo_ctx; }; static struct tevent_req * resolve_srv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv, struct fo_ctx *ctx, struct fo_server *server) { int ret; struct tevent_req *req; struct tevent_req *subreq; struct resolve_srv_state *state; int status; req = tevent_req_create(mem_ctx, &state, struct resolve_srv_state); if (req == NULL) return NULL; state->service = server->service; state->ev = ev; state->resolv = resolv; state->fo_ctx = ctx; state->meta = server->srv_data->meta; status = get_srv_data_status(server->srv_data); DEBUG(SSSDBG_FUNC_DATA, ("The status of SRV lookup is %s\n", str_srv_data_status(status))); switch(status) { case SRV_EXPIRED: /* Need a refresh */ state->meta = collapse_srv_lookup(&server); /* FALLTHROUGH. * "server" might be invalid now if the SRV * query collapsed * */ case SRV_NEUTRAL: /* Request SRV lookup */ if (server != NULL && server != state->meta) { /* A server created by expansion of meta server was marked as * neutral. We have to collapse the servers and issue new * SRV resolution. */ state->meta = collapse_srv_lookup(&server); } if (ctx->srv_send_fn == NULL || ctx->srv_recv_fn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("No SRV lookup plugin is set\n")); ret = ENOTSUP; goto done; } subreq = ctx->srv_send_fn(state, ev, state->meta->srv_data->srv, state->meta->srv_data->proto, state->meta->srv_data->discovery_domain, ctx->srv_pvt); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, resolve_srv_done, req); break; case SRV_RESOLVE_ERROR: /* query could not be resolved but don't retry yet */ ret = EIO; state->out = server; goto done; case SRV_RESOLVED: /* The query is resolved and valid. Return. */ state->out = server; tevent_req_done(req); tevent_req_post(req, state->ev); return req; default: DEBUG(1, ("Unexpected status %d for a SRV server\n", status)); ret = EIO; goto done; } ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static void resolve_srv_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct resolve_srv_state *state = tevent_req_data(req, struct resolve_srv_state); struct fo_server *last_server = NULL; struct fo_server_info *primary_servers = NULL; struct fo_server_info *backup_servers = NULL; size_t num_primary_servers = 0; size_t num_backup_servers = 0; char *dns_domain = NULL; int ret; ret = state->fo_ctx->srv_recv_fn(state, subreq, &dns_domain, &primary_servers, &num_primary_servers, &backup_servers, &num_backup_servers); talloc_free(subreq); switch (ret) { case EOK: if ((num_primary_servers == 0 || primary_servers == NULL) && (num_backup_servers == 0 || backup_servers == NULL)) { DEBUG(SSSDBG_CRIT_FAILURE, ("SRV lookup plugin returned EOK but " "no servers\n")); ret = EFAULT; goto done; } talloc_zfree(state->meta->srv_data->dns_domain); state->meta->srv_data->dns_domain = talloc_steal(state->meta->srv_data, dns_domain); last_server = state->meta; if (primary_servers != NULL) { ret = fo_add_server_list(state->service, last_server, primary_servers, num_primary_servers, state->meta->srv_data, state->meta->user_data, true, &last_server); if (ret != EOK) { goto done; } } if (backup_servers != NULL) { ret = fo_add_server_list(state->service, last_server, backup_servers, num_backup_servers, state->meta->srv_data, state->meta->user_data, false, &last_server); if (ret != EOK) { goto done; } } if (last_server == state->meta) { /* SRV lookup returned only those servers * that are already present. */ DEBUG(SSSDBG_TRACE_FUNC, ("SRV lookup did not return " "any new server.\n")); ret = ERR_SRV_DUPLICATES; goto done; } /* At least one new server was inserted. * We will return the first new server. */ if (state->meta->next == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("BUG: state->meta->next is NULL\n")); ret = ERR_INTERNAL; goto done; } state->out = state->meta->next; /* And remove meta server from the server list. It will be * inserted again during srv collapse. */ DLIST_REMOVE(state->service->server_list, state->meta); if (state->service->last_tried_server == state->meta) { state->service->last_tried_server = state->out; } set_srv_data_status(state->meta->srv_data, SRV_RESOLVED); ret = EOK; break; case ERR_SRV_NOT_FOUND: /* fall through */ case ERR_SRV_LOOKUP_ERROR: fo_set_port_status(state->meta, PORT_NOT_WORKING); /* fall through */ default: DEBUG(SSSDBG_OP_FAILURE, ("Unable to resolve SRV [%d]: %s\n", ret, sss_strerror(ret))); } done: if (ret != EOK) { state->out = state->meta; set_srv_data_status(state->meta->srv_data, SRV_RESOLVE_ERROR); tevent_req_error(req, ret); return; } tevent_req_done(req); } static int resolve_srv_recv(struct tevent_req *req, struct fo_server **server) { struct resolve_srv_state *state = tevent_req_data(req, struct resolve_srv_state); /* always return the server if asked for, otherwise the caller * cannot mark it as faulty in case we return an error */ if (server) { *server = state->out; } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /******************************************************************* * Get Fully Qualified Domain Name of the host machine * *******************************************************************/ struct resolve_get_domain_state { char *fqdn; char hostname[HOST_NAME_MAX]; }; static void set_server_common_status(struct server_common *common, enum server_status status) { DEBUG(4, ("Marking server '%s' as '%s'\n", common->name, str_server_status(status))); common->server_status = status; gettimeofday(&common->last_status_change, NULL); } void fo_set_server_status(struct fo_server *server, enum server_status status) { if (server->common == NULL) { DEBUG(1, ("Bug: Trying to set server status of a name-less server\n")); return; } set_server_common_status(server->common, status); } void fo_set_port_status(struct fo_server *server, enum port_status status) { struct fo_server *siter; DEBUG(4, ("Marking port %d of server '%s' as '%s'\n", server->port, SERVER_NAME(server), str_port_status(status))); server->port_status = status; gettimeofday(&server->last_status_change, NULL); if (status == PORT_WORKING) { fo_set_server_status(server, SERVER_WORKING); server->service->active_server = server; } if (!server->common || !server->common->name) return; /* It is possible to introduce duplicates when expanding SRV results * into fo_server structures. Find the duplicates and set the same * status */ DLIST_FOR_EACH(siter, server->service->server_list) { if (fo_server_cmp(siter, server)) { DEBUG(SSSDBG_TRACE_FUNC, ("Marking port %d of duplicate server '%s' as '%s'\n", siter->port, SERVER_NAME(siter), str_port_status(status))); siter->port_status = status; gettimeofday(&siter->last_status_change, NULL); } } } void fo_try_next_server(struct fo_service *service) { struct fo_server *server; if (!service) { DEBUG(1, ("Bug: No service supplied\n")); return; } server = service->active_server; if (!server) { return; } service->active_server = 0; if (server->port_status == PORT_WORKING) { server->port_status = PORT_NEUTRAL; } } void * fo_get_server_user_data(struct fo_server *server) { return server->user_data; } int fo_get_server_port(struct fo_server *server) { return server->port; } const char * fo_get_server_name(struct fo_server *server) { if (!server->common) { return NULL; } return server->common->name; } const char *fo_get_server_str_name(struct fo_server *server) { if (!server->common) { if (fo_is_srv_lookup(server)) { return "SRV lookup meta-server"; } return "unknown name"; } return server->common->name; } struct resolv_hostent * fo_get_server_hostent(struct fo_server *server) { if (server->common == NULL) { DEBUG(1, ("Bug: Trying to get hostent from a name-less server\n")); return NULL; } return server->common->rhostent; } bool fo_is_server_primary(struct fo_server *server) { return server->primary; } time_t fo_get_server_hostname_last_change(struct fo_server *server) { if (server->common == NULL) { return 0; } return server->common->last_status_change.tv_sec; } time_t fo_get_service_retry_timeout(struct fo_service *svc) { if (svc == NULL || svc->ctx == NULL || svc->ctx->opts == NULL) { return 0; } return svc->ctx->opts->retry_timeout; } void fo_reset_services(struct fo_ctx *fo_ctx) { struct fo_service *service; struct fo_server *server; DLIST_FOR_EACH(service, fo_ctx->service_list) { DLIST_FOR_EACH(server, service->server_list) { if (server->srv_data != NULL) { set_srv_data_status(server->srv_data, SRV_NEUTRAL); } else { fo_set_server_status(server, SERVER_NAME_NOT_RESOLVED); } fo_set_port_status(server, PORT_NEUTRAL); } } } bool fo_svc_has_server(struct fo_service *service, struct fo_server *server) { struct fo_server *srv; DLIST_FOR_EACH(srv, service->server_list) { if (srv == server) return true; } return false; } bool fo_set_srv_lookup_plugin(struct fo_ctx *ctx, fo_srv_lookup_plugin_send_t send_fn, fo_srv_lookup_plugin_recv_t recv_fn, void *pvt) { if (ctx == NULL || send_fn == NULL || recv_fn == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid parameters\n")); return false; } if (ctx->srv_send_fn != NULL || ctx->srv_recv_fn != NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("SRV lookup plugin is already set\n")); return false; } ctx->srv_send_fn = send_fn; ctx->srv_recv_fn = recv_fn; ctx->srv_pvt = talloc_steal(ctx, pvt); return true; } sssd-1.11.5/src/providers/PaxHeaders.13173/dp_pam_data_util.c0000644000000000000000000000007412320753107022011 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.667874941 sssd-1.11.5/src/providers/dp_pam_data_util.c0000664002412700241270000001326212320753107022237 0ustar00jhrozekjhrozek00000000000000/* SSSD Utilities to for tha pam_data structure Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "providers/data_provider.h" #define PAM_SAFE_ITEM(item) item ? item : "not set" static const char *pamcmd2str(int cmd) { switch (cmd) { case SSS_PAM_AUTHENTICATE: return "PAM_AUTHENTICATE"; case SSS_PAM_SETCRED: return "PAM_SETCRED"; case SSS_PAM_ACCT_MGMT: return "PAM_ACCT_MGMT"; case SSS_PAM_OPEN_SESSION: return "PAM_OPEN_SESSION"; case SSS_PAM_CLOSE_SESSION: return "PAM_CLOSE_SESSION"; case SSS_PAM_CHAUTHTOK: return "PAM_CHAUTHTOK"; case SSS_PAM_CHAUTHTOK_PRELIM: return "PAM_CHAUTHTOK_PRELIM"; default: return "UNKNOWN"; } } int pam_data_destructor(void *ptr) { struct pam_data *pd = talloc_get_type(ptr, struct pam_data); /* make sure to wipe any password from memory before freeing */ sss_authtok_wipe_password(pd->authtok); sss_authtok_wipe_password(pd->newauthtok); return 0; } struct pam_data *create_pam_data(TALLOC_CTX *mem_ctx) { struct pam_data *pd; pd = talloc_zero(mem_ctx, struct pam_data); if (pd == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); goto failed; } pd->authtok = sss_authtok_new(pd); if (pd->authtok == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); goto failed; } pd->newauthtok = sss_authtok_new(pd); if (pd->newauthtok == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); goto failed; } talloc_set_destructor((TALLOC_CTX *) pd, pam_data_destructor); return pd; failed: talloc_free(pd); return NULL; } errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *src, struct pam_data **dst) { struct pam_data *pd = NULL; errno_t ret; pd = create_pam_data(mem_ctx); if (pd == NULL) { ret = ENOMEM; goto failed; } pd->cmd = src->cmd; pd->priv = src->priv; pd->domain = talloc_strdup(pd, src->domain); if (pd->domain == NULL && src->domain != NULL) { ret = ENOMEM; goto failed; } pd->user = talloc_strdup(pd, src->user); if (pd->user == NULL && src->user != NULL) { ret = ENOMEM; goto failed; } pd->service = talloc_strdup(pd, src->service); if (pd->service == NULL && src->service != NULL) { ret = ENOMEM; goto failed; } pd->tty = talloc_strdup(pd, src->tty); if (pd->tty == NULL && src->tty != NULL) { ret = ENOMEM; goto failed; } pd->ruser = talloc_strdup(pd, src->ruser); if (pd->ruser == NULL && src->ruser != NULL) { ret = ENOMEM; goto failed; } pd->rhost = talloc_strdup(pd, src->rhost); if (pd->rhost == NULL && src->rhost != NULL) { ret = ENOMEM; goto failed; } pd->cli_pid = src->cli_pid; /* if structure pam_data was allocated on stack and zero initialized, * than src->authtok and src->newauthtok are NULL, therefore * instead of copying, new empty authtok will be created. */ if (src->authtok) { ret = sss_authtok_copy(src->authtok, pd->authtok); if (ret) { goto failed; } } else { pd->authtok = sss_authtok_new(pd); if (pd->authtok == NULL) { ret = ENOMEM; goto failed; } } if (src->newauthtok) { ret = sss_authtok_copy(src->newauthtok, pd->newauthtok); if (ret) { goto failed; } } else { pd->newauthtok = sss_authtok_new(pd); if (pd->newauthtok == NULL) { ret = ENOMEM; goto failed; } } *dst = pd; return EOK; failed: talloc_free(pd); DEBUG(1, ("copy_pam_data failed: (%d) %s.\n", ret, strerror(ret))); return ret; } void pam_print_data(int l, struct pam_data *pd) { DEBUG(l, ("command: %s\n", pamcmd2str(pd->cmd))); DEBUG(l, ("domain: %s\n", PAM_SAFE_ITEM(pd->domain))); DEBUG(l, ("user: %s\n", PAM_SAFE_ITEM(pd->user))); DEBUG(l, ("service: %s\n", PAM_SAFE_ITEM(pd->service))); DEBUG(l, ("tty: %s\n", PAM_SAFE_ITEM(pd->tty))); DEBUG(l, ("ruser: %s\n", PAM_SAFE_ITEM(pd->ruser))); DEBUG(l, ("rhost: %s\n", PAM_SAFE_ITEM(pd->rhost))); DEBUG(l, ("authtok type: %d\n", sss_authtok_get_type(pd->authtok))); DEBUG(l, ("newauthtok type: %d\n", sss_authtok_get_type(pd->newauthtok))); DEBUG(l, ("priv: %d\n", pd->priv)); DEBUG(l, ("cli_pid: %d\n", pd->cli_pid)); } int pam_add_response(struct pam_data *pd, enum response_type type, int len, const uint8_t *data) { struct response_data *new; new = talloc(pd, struct response_data); if (new == NULL) return ENOMEM; new->type = type; new->len = len; new->data = talloc_memdup(pd, data, len); if (new->data == NULL) return ENOMEM; new->do_not_send_to_client = false; new->next = pd->resp_list; pd->resp_list = new; return EOK; } sssd-1.11.5/src/providers/PaxHeaders.13173/dp_dyndns.c0000644000000000000000000000007412320753107020505 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.524875047 sssd-1.11.5/src/providers/dp_dyndns.c0000664002412700241270000010772212320753107020740 0ustar00jhrozekjhrozek00000000000000/* SSSD dp_dyndns.c Authors: Stephen Gallagher Jakub Hrozek Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include "util/util.h" #include "confdb/confdb.h" #include "util/child_common.h" #include "providers/data_provider.h" #include "providers/dp_backend.h" #include "providers/dp_dyndns.h" #include "resolv/async_resolv.h" #ifndef DYNDNS_TIMEOUT #define DYNDNS_TIMEOUT 15 #endif /* DYNDNS_TIMEOUT */ struct sss_iface_addr { struct sss_iface_addr *next; struct sss_iface_addr *prev; struct sockaddr_storage *addr; }; struct sss_iface_addr * sss_iface_addr_add(TALLOC_CTX *mem_ctx, struct sss_iface_addr **list, struct sockaddr_storage *ss) { struct sss_iface_addr *address; address = talloc(mem_ctx, struct sss_iface_addr); if (address == NULL) { return NULL; } address->addr = talloc_memdup(address, ss, sizeof(struct sockaddr_storage)); if(address->addr == NULL) { talloc_zfree(address); return NULL; } DLIST_ADD(*list, address); return address; } errno_t sss_iface_addr_list_as_str_list(TALLOC_CTX *mem_ctx, struct sss_iface_addr *ifaddr_list, char ***_straddrs) { struct sss_iface_addr *ifaddr; size_t count; int ai; char **straddrs; const char *ip; char ip_addr[INET6_ADDRSTRLEN]; errno_t ret; count = 0; DLIST_FOR_EACH(ifaddr, ifaddr_list) { count++; } straddrs = talloc_array(mem_ctx, char *, count+1); if (straddrs == NULL) { return ENOMEM; } ai = 0; DLIST_FOR_EACH(ifaddr, ifaddr_list) { switch(ifaddr->addr->ss_family) { case AF_INET: errno = 0; ip = inet_ntop(ifaddr->addr->ss_family, &(((struct sockaddr_in *)ifaddr->addr)->sin_addr), ip_addr, INET6_ADDRSTRLEN); if (ip == NULL) { ret = errno; goto fail; } break; case AF_INET6: errno = 0; ip = inet_ntop(ifaddr->addr->ss_family, &(((struct sockaddr_in6 *)ifaddr->addr)->sin6_addr), ip_addr, INET6_ADDRSTRLEN); if (ip == NULL) { ret = errno; goto fail; } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n")); continue; } straddrs[ai] = talloc_strdup(straddrs, ip); if (straddrs[ai] == NULL) { ret = ENOMEM; goto fail; } ai++; } straddrs[count] = NULL; *_straddrs = straddrs; return EOK; fail: talloc_free(straddrs); return ret; } static bool ok_for_dns(struct sockaddr *sa) { char straddr[INET6_ADDRSTRLEN]; struct in6_addr *addr6; struct in_addr *addr; switch (sa->sa_family) { case AF_INET6: addr6 = &((struct sockaddr_in6 *) sa)->sin6_addr; if (inet_ntop(AF_INET6, addr6, straddr, INET6_ADDRSTRLEN) == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("inet_ntop failed, won't log IP addresses\n")); snprintf(straddr, INET6_ADDRSTRLEN, "unknown"); } if (IN6_IS_ADDR_LINKLOCAL(addr6)) { DEBUG(SSSDBG_FUNC_DATA, ("Link local IPv6 address %s\n", straddr)); return false; } else if (IN6_IS_ADDR_LOOPBACK(addr6)) { DEBUG(SSSDBG_FUNC_DATA, ("Loopback IPv6 address %s\n", straddr)); return false; } else if (IN6_IS_ADDR_MULTICAST(addr6)) { DEBUG(SSSDBG_FUNC_DATA, ("Multicast IPv6 address %s\n", straddr)); return false; } break; case AF_INET: addr = &((struct sockaddr_in *) sa)->sin_addr; if (inet_ntop(AF_INET, addr, straddr, INET6_ADDRSTRLEN) == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("inet_ntop failed, won't log IP addresses\n")); snprintf(straddr, INET6_ADDRSTRLEN, "unknown"); } if (IN_MULTICAST(ntohl(addr->s_addr))) { DEBUG(SSSDBG_FUNC_DATA, ("Multicast IPv4 address %s\n", straddr)); return false; } else if (inet_netof(*addr) == IN_LOOPBACKNET) { DEBUG(SSSDBG_FUNC_DATA, ("Loopback IPv4 address %s\n", straddr)); return false; } else if ((addr->s_addr & htonl(0xffff0000)) == htonl(0xa9fe0000)) { /* 169.254.0.0/16 */ DEBUG(SSSDBG_FUNC_DATA, ("Link-local IPv4 address %s\n", straddr)); return false; } else if (addr->s_addr == htonl(INADDR_BROADCAST)) { DEBUG(SSSDBG_FUNC_DATA, ("Broadcast IPv4 address %s\n", straddr)); return false; } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n")); return false; } return true; } /* Collect IP addresses associated with an interface */ errno_t sss_iface_addr_list_get(TALLOC_CTX *mem_ctx, const char *ifname, struct sss_iface_addr **_addrlist) { struct ifaddrs *ifaces = NULL; struct ifaddrs *ifa; errno_t ret; size_t addrsize; struct sss_iface_addr *address; struct sss_iface_addr *addrlist = NULL; /* Get the IP addresses associated with the * specified interface */ errno = 0; ret = getifaddrs(&ifaces); if (ret == -1) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("Could not read interfaces [%d][%s]\n", ret, strerror(ret))); goto done; } for (ifa = ifaces; ifa != NULL; ifa = ifa->ifa_next) { /* Some interfaces don't have an ifa_addr */ if (!ifa->ifa_addr) continue; /* Add IP addresses to the list */ if ((ifa->ifa_addr->sa_family == AF_INET || ifa->ifa_addr->sa_family == AF_INET6) && strcasecmp(ifa->ifa_name, ifname) == 0 && ok_for_dns(ifa->ifa_addr)) { /* Add this address to the IP address list */ address = talloc_zero(mem_ctx, struct sss_iface_addr); if (!address) { goto done; } addrsize = ifa->ifa_addr->sa_family == AF_INET ? \ sizeof(struct sockaddr_in) : \ sizeof(struct sockaddr_in6); address->addr = talloc_memdup(address, ifa->ifa_addr, addrsize); if (address->addr == NULL) { ret = ENOMEM; goto done; } DLIST_ADD(addrlist, address); } } ret = EOK; *_addrlist = addrlist; done: freeifaddrs(ifaces); return ret; } static char * nsupdate_msg_add_fwd(char *update_msg, struct sss_iface_addr *addresses, const char *hostname, int ttl, uint8_t remove_af) { struct sss_iface_addr *new_record; char ip_addr[INET6_ADDRSTRLEN]; const char *ip; errno_t ret; /* Remove existing entries as needed */ if (remove_af & DYNDNS_REMOVE_A) { update_msg = talloc_asprintf_append(update_msg, "update delete %s. in A\nsend\n", hostname); if (update_msg == NULL) { return NULL; } } if (remove_af & DYNDNS_REMOVE_AAAA) { update_msg = talloc_asprintf_append(update_msg, "update delete %s. in AAAA\nsend\n", hostname); if (update_msg == NULL) { return NULL; } } DLIST_FOR_EACH(new_record, addresses) { switch(new_record->addr->ss_family) { case AF_INET: ip = inet_ntop(new_record->addr->ss_family, &(((struct sockaddr_in *)new_record->addr)->sin_addr), ip_addr, INET6_ADDRSTRLEN); if (ip == NULL) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("inet_ntop failed [%d]: %s\n", ret, strerror(ret))); return NULL; } break; case AF_INET6: ip = inet_ntop(new_record->addr->ss_family, &(((struct sockaddr_in6 *)new_record->addr)->sin6_addr), ip_addr, INET6_ADDRSTRLEN); if (ip == NULL) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("inet_ntop failed [%d]: %s\n", ret, strerror(ret))); return NULL; } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n")); return NULL; } /* Format the record update */ update_msg = talloc_asprintf_append(update_msg, "update add %s. %d in %s %s\n", hostname, ttl, new_record->addr->ss_family == AF_INET ? "A" : "AAAA", ip_addr); if (update_msg == NULL) { return NULL; } } return talloc_asprintf_append(update_msg, "send\n"); } static char * nsupdate_msg_add_ptr(char *update_msg, struct sss_iface_addr *addresses, const char *hostname, int ttl, uint8_t remove_af, struct sss_iface_addr *old_addresses) { struct sss_iface_addr *new_record, *old_record; char *strptr; uint8_t *addr; DLIST_FOR_EACH(old_record, old_addresses) { switch(old_record->addr->ss_family) { case AF_INET: if (!(remove_af & DYNDNS_REMOVE_A)) { continue; } addr = (uint8_t *) &((struct sockaddr_in *) old_record->addr)->sin_addr; break; case AF_INET6: if (!(remove_af & DYNDNS_REMOVE_AAAA)) { continue; } addr = (uint8_t *) &((struct sockaddr_in6 *) old_record->addr)->sin6_addr; break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n")); return NULL; } strptr = resolv_get_string_ptr_address(update_msg, old_record->addr->ss_family, addr); if (strptr == NULL) { return NULL; } /* example: update delete 38.78.16.10.in-addr.arpa. in PTR */ update_msg = talloc_asprintf_append(update_msg, "update delete %s in PTR\n", strptr); talloc_free(strptr); if (update_msg == NULL) { return NULL; } } /* example: update add 11.78.16.10.in-addr.arpa. 85000 in PTR testvm.example.com */ DLIST_FOR_EACH(new_record, addresses) { switch(new_record->addr->ss_family) { case AF_INET: addr = (uint8_t *) &((struct sockaddr_in *) new_record->addr)->sin_addr; break; case AF_INET6: addr = (uint8_t *) &((struct sockaddr_in6 *) new_record->addr)->sin6_addr; break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n")); return NULL; } strptr = resolv_get_string_ptr_address(update_msg, new_record->addr->ss_family, addr); if (strptr == NULL) { return NULL; } /* example: update delete 38.78.16.10.in-addr.arpa. in PTR */ update_msg = talloc_asprintf_append(update_msg, "update add %s %d in PTR %s.\n", strptr, ttl, hostname); talloc_free(strptr); if (update_msg == NULL) { return NULL; } } return talloc_asprintf_append(update_msg, "send\n"); } static char * nsupdate_msg_create_common(TALLOC_CTX *mem_ctx, const char *realm, const char *servername) { char *realm_directive; char *update_msg; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) return NULL; #ifdef HAVE_NSUPDATE_REALM realm_directive = talloc_asprintf(tmp_ctx, "realm %s\n", realm); #else realm_directive = talloc_asprintf(tmp_ctx, ""); #endif if (!realm_directive) { goto fail; } /* The realm_directive would now either contain an empty string or be * completely empty so we don't need to add another newline here */ if (servername) { DEBUG(SSSDBG_FUNC_DATA, ("Creating update message for server [%s] and realm [%s]\n.", servername, realm)); /* Add the server, realm and headers */ update_msg = talloc_asprintf(tmp_ctx, "server %s\n%s", servername, realm_directive); } else { DEBUG(SSSDBG_FUNC_DATA, ("Creating update message for realm [%s].\n", realm)); /* Add the realm headers */ update_msg = talloc_asprintf(tmp_ctx, "%s", realm_directive); } talloc_free(realm_directive); if (update_msg == NULL) { goto fail; } update_msg = talloc_steal(mem_ctx, update_msg); talloc_free(tmp_ctx); return update_msg; fail: talloc_free(tmp_ctx); return NULL; } errno_t be_nsupdate_create_fwd_msg(TALLOC_CTX *mem_ctx, const char *realm, const char *zone, const char *servername, const char *hostname, const unsigned int ttl, uint8_t remove_af, struct sss_iface_addr *addresses, struct sss_iface_addr *old_addresses, char **_update_msg) { int ret; char *update_msg; TALLOC_CTX *tmp_ctx; /* in some cases realm could have been NULL if we weren't using TSIG */ if (hostname == NULL) { return EINVAL; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) return ENOMEM; update_msg = nsupdate_msg_create_common(tmp_ctx, realm, servername); if (update_msg == NULL) { ret = ENOMEM; goto done; } if (zone) { DEBUG(SSSDBG_FUNC_DATA, ("Setting the zone explicitly to [%s].\n", zone)); update_msg = talloc_asprintf_append(update_msg, "zone %s.\n", zone); if (update_msg == NULL) { ret = ENOMEM; goto done; } } update_msg = nsupdate_msg_add_fwd(update_msg, addresses, hostname, ttl, remove_af); if (update_msg == NULL) { ret = ENOMEM; goto done; } DEBUG(SSSDBG_TRACE_FUNC, (" -- Begin nsupdate message -- \n%s", update_msg)); DEBUG(SSSDBG_TRACE_FUNC, (" -- End nsupdate message -- \n")); ret = ERR_OK; *_update_msg = talloc_steal(mem_ctx, update_msg); done: talloc_free(tmp_ctx); return ret; } errno_t be_nsupdate_create_ptr_msg(TALLOC_CTX *mem_ctx, const char *realm, const char *servername, const char *hostname, const unsigned int ttl, uint8_t remove_af, struct sss_iface_addr *addresses, struct sss_iface_addr *old_addresses, char **_update_msg) { errno_t ret; char *update_msg; /* in some cases realm could have been NULL if we weren't using TSIG */ if (hostname == NULL) { return EINVAL; } update_msg = nsupdate_msg_create_common(mem_ctx, realm, servername); if (update_msg == NULL) { ret = ENOMEM; goto done; } update_msg = nsupdate_msg_add_ptr(update_msg, addresses, hostname, ttl, remove_af, old_addresses); if (update_msg == NULL) { ret = ENOMEM; goto done; } DEBUG(SSSDBG_TRACE_FUNC, (" -- Begin nsupdate message -- \n%s", update_msg)); DEBUG(SSSDBG_TRACE_FUNC, (" -- End nsupdate message -- \n")); ret = ERR_OK; *_update_msg = talloc_steal(mem_ctx, update_msg); done: return ret; } struct nsupdate_get_addrs_state { struct tevent_context *ev; struct be_resolv_ctx *be_res; enum host_database *db; const char *hostname; /* Use sss_addr in this request */ struct sss_iface_addr *addrlist; size_t count; }; static void nsupdate_get_addrs_done(struct tevent_req *subreq); struct tevent_req * nsupdate_get_addrs_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_resolv_ctx *be_res, const char *hostname) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct nsupdate_get_addrs_state *state; req = tevent_req_create(mem_ctx, &state, struct nsupdate_get_addrs_state); if (req == NULL) { return NULL; } state->be_res = be_res; state->ev = ev; state->hostname = talloc_strdup(state, hostname); if (state->hostname == NULL) { ret = ENOMEM; goto done; } state->db = talloc_array(state, enum host_database, 2); if (state->db == NULL) { ret = ENOMEM; goto done; } state->db[0] = DB_DNS; state->db[1] = DB_SENTINEL; subreq = resolv_gethostbyname_send(state, ev, be_res->resolv, hostname, state->be_res->family_order, state->db); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, nsupdate_get_addrs_done, req); ret = ERR_OK; done: if (ret != ERR_OK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static void nsupdate_get_addrs_done(struct tevent_req *subreq) { errno_t ret; size_t count; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct nsupdate_get_addrs_state *state = tevent_req_data(req, struct nsupdate_get_addrs_state); struct resolv_hostent *rhostent; struct sss_iface_addr *addr; int i; int resolv_status; enum restrict_family retry_family_order; ret = resolv_gethostbyname_recv(subreq, state, &resolv_status, NULL, &rhostent); talloc_zfree(subreq); /* If the retry did not match, simply quit */ if (ret == ENOENT) { /* If the resolver is set to honor both address families * it automatically retries the other one internally, so ENOENT * means neither matched and we can simply quit. */ ret = EOK; goto done; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not resolve address for this machine, error [%d]: %s, " "resolver returned: [%d]: %s\n", ret, sss_strerror(ret), resolv_status, resolv_strerror(resolv_status))); goto done; } /* EOK */ if (rhostent->addr_list) { for (count=0; rhostent->addr_list[count]; count++); } else { /* The address list is NULL. This is probably a bug in * c-ares, but we need to handle it gracefully. */ DEBUG(SSSDBG_MINOR_FAILURE, ("Lookup of [%s] returned no addresses. Skipping.\n", rhostent->name)); count = 0; } for (i=0; i < count; i++) { addr = talloc(state, struct sss_iface_addr); if (addr == NULL) { ret = ENOMEM; goto done; } addr->addr = resolv_get_sockaddr_address_index(addr, rhostent, 0, i); if (addr->addr == NULL) { ret = ENOMEM; goto done; } if (state->addrlist) { talloc_steal(state->addrlist, addr); } DLIST_ADD(state->addrlist, addr); } state->count += count; /* If the resolver is set to honor both address families * and the first one matched, retry the second one to * get the complete list. */ if (((state->be_res->family_order == IPV4_FIRST && rhostent->family == AF_INET) || (state->be_res->family_order == IPV6_FIRST && rhostent->family == AF_INET6))) { retry_family_order = (state->be_res->family_order == IPV4_FIRST) ? \ IPV6_ONLY : \ IPV4_ONLY; subreq = resolv_gethostbyname_send(state, state->ev, state->be_res->resolv, state->hostname, retry_family_order, state->db); if (!subreq) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, nsupdate_get_addrs_done, req); return; } /* The second address matched either immediatelly or after a retry. * No need to retry again. */ ret = EOK; done: if (ret == EOK) { /* All done */ tevent_req_done(req); } else if (ret != EAGAIN) { DEBUG(SSSDBG_OP_FAILURE, ("nsupdate_get_addrs_done failed: [%d]: [%s]\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); } /* EAGAIN - another lookup in progress */ } errno_t nsupdate_get_addrs_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, struct sss_iface_addr **_addrlist, size_t *_count) { struct nsupdate_get_addrs_state *state = tevent_req_data(req, struct nsupdate_get_addrs_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_addrlist) { *_addrlist = talloc_steal(mem_ctx, state->addrlist); } if (_count) { *_count = state->count; } return EOK; } /* Write the nsupdate_msg into the already forked child, wait until * the child finishes * * This is not a typical tevent_req styled request as it ends either after * a timeout or when the child finishes operation. */ struct nsupdate_child_state { int pipefd_to_child; struct tevent_timer *timeout_handler; struct sss_child_ctx_old *child_ctx; int child_status; }; static void nsupdate_child_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt); static void nsupdate_child_handler(int child_status, struct tevent_signal *sige, void *pvt); static void nsupdate_child_stdin_done(struct tevent_req *subreq); static struct tevent_req * nsupdate_child_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, int pipefd_to_child, pid_t child_pid, char *child_stdin) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct nsupdate_child_state *state; struct timeval tv; req = tevent_req_create(mem_ctx, &state, struct nsupdate_child_state); if (req == NULL) { return NULL; } state->pipefd_to_child = pipefd_to_child; /* Set up SIGCHLD handler */ ret = child_handler_setup(ev, child_pid, nsupdate_child_handler, req, &state->child_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set up child handlers [%d]: %s\n", ret, sss_strerror(ret))); ret = ERR_DYNDNS_FAILED; goto done; } /* Set up timeout handler */ tv = tevent_timeval_current_ofs(DYNDNS_TIMEOUT, 0); state->timeout_handler = tevent_add_timer(ev, req, tv, nsupdate_child_timeout, req); if(state->timeout_handler == NULL) { ret = ERR_DYNDNS_FAILED; goto done; } /* Write the update message to the nsupdate child */ subreq = write_pipe_send(req, ev, (uint8_t *) child_stdin, strlen(child_stdin)+1, state->pipefd_to_child); if (subreq == NULL) { ret = ERR_DYNDNS_FAILED; goto done; } tevent_req_set_callback(subreq, nsupdate_child_stdin_done, req); ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static void nsupdate_child_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct nsupdate_child_state *state = tevent_req_data(req, struct nsupdate_child_state); DEBUG(SSSDBG_CRIT_FAILURE, ("Timeout reached for dynamic DNS update\n")); child_handler_destroy(state->child_ctx); state->child_ctx = NULL; state->child_status = ETIMEDOUT; tevent_req_error(req, ERR_DYNDNS_TIMEOUT); } static void nsupdate_child_stdin_done(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct nsupdate_child_state *state = tevent_req_data(req, struct nsupdate_child_state); /* Verify that the buffer was sent, then return * and wait for the sigchld handler to finish. */ DEBUG(SSSDBG_TRACE_LIBS, ("Sending nsupdate data complete\n")); ret = write_pipe_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Sending nsupdate data failed [%d]: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ERR_DYNDNS_FAILED); return; } close(state->pipefd_to_child); state->pipefd_to_child = -1; /* Now either wait for the timeout to fire or the child * to finish */ } static void nsupdate_child_handler(int child_status, struct tevent_signal *sige, void *pvt) { struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); struct nsupdate_child_state *state = tevent_req_data(req, struct nsupdate_child_state); state->child_status = child_status; if (WIFEXITED(child_status) && WEXITSTATUS(child_status) != 0) { DEBUG(SSSDBG_OP_FAILURE, ("Dynamic DNS child failed with status [%d]\n", child_status)); tevent_req_error(req, ERR_DYNDNS_FAILED); return; } if (WIFSIGNALED(child_status)) { DEBUG(SSSDBG_OP_FAILURE, ("Dynamic DNS child was terminated by signal [%d]\n", WTERMSIG(child_status))); tevent_req_error(req, ERR_DYNDNS_FAILED); return; } tevent_req_done(req); } static errno_t nsupdate_child_recv(struct tevent_req *req, int *child_status) { struct nsupdate_child_state *state = tevent_req_data(req, struct nsupdate_child_state); *child_status = state->child_status; TEVENT_REQ_RETURN_ON_ERROR(req); return ERR_OK; } /* Fork a nsupdate child, write the nsupdate_msg into stdin and wait for the child * to finish one way or another */ struct be_nsupdate_state { int child_status; }; static void be_nsupdate_done(struct tevent_req *subreq); static char **be_nsupdate_args(TALLOC_CTX *mem_ctx, enum be_nsupdate_auth auth_type, bool force_tcp); struct tevent_req *be_nsupdate_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, enum be_nsupdate_auth auth_type, char *nsupdate_msg, bool force_tcp) { int pipefd_to_child[2]; pid_t child_pid; errno_t ret; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct be_nsupdate_state *state; char **args; req = tevent_req_create(mem_ctx, &state, struct be_nsupdate_state); if (req == NULL) { return NULL; } state->child_status = 0; ret = pipe(pipefd_to_child); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("pipe failed [%d][%s].\n", ret, strerror(ret))); goto done; } child_pid = fork(); if (child_pid == 0) { /* child */ close(pipefd_to_child[1]); ret = dup2(pipefd_to_child[0], STDIN_FILENO); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("dup2 failed [%d][%s].\n", ret, strerror(ret))); goto done; } args = be_nsupdate_args(state, auth_type, force_tcp); if (args == NULL) { ret = ENOMEM; goto done; } errno = 0; execv(NSUPDATE_PATH, args); /* The child should never end up here */ ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("execv failed [%d][%s].\n", ret, strerror(ret))); goto done; } else if (child_pid > 0) { /* parent */ close(pipefd_to_child[0]); subreq = nsupdate_child_send(state, ev, pipefd_to_child[1], child_pid, nsupdate_msg); if (subreq == NULL) { ret = ERR_DYNDNS_FAILED; goto done; } tevent_req_set_callback(subreq, be_nsupdate_done, req); } else { /* error */ ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("fork failed [%d][%s].\n", ret, strerror(ret))); goto done; } ret = EOK; done: if (ret != EOK) { tevent_req_error(req, ret); tevent_req_post(req, ev); } return req; } static char ** be_nsupdate_args(TALLOC_CTX *mem_ctx, enum be_nsupdate_auth auth_type, bool force_tcp) { char **argv; int argc = 0; argv = talloc_zero_array(mem_ctx, char *, 4); if (argv == NULL) { return NULL; } argv[argc] = talloc_strdup(argv, NSUPDATE_PATH); if (argv[argc] == NULL) { goto fail; } argc++; switch (auth_type) { case BE_NSUPDATE_AUTH_NONE: DEBUG(SSSDBG_FUNC_DATA, ("nsupdate auth type: none\n")); break; case BE_NSUPDATE_AUTH_GSS_TSIG: DEBUG(SSSDBG_FUNC_DATA, ("nsupdate auth type: GSS-TSIG\n")); argv[argc] = talloc_strdup(argv, "-g"); if (argv[argc] == NULL) { goto fail; } argc++; break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown nsupdate auth type\n")); goto fail; } if (force_tcp) { DEBUG(SSSDBG_FUNC_DATA, ("TCP is set to on\n")); argv[argc] = talloc_strdup(argv, "-v"); if (argv[argc] == NULL) { goto fail; } argc++; } return argv; fail: talloc_free(argv); return NULL; } static void be_nsupdate_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct be_nsupdate_state *state = tevent_req_data(req, struct be_nsupdate_state); errno_t ret; ret = nsupdate_child_recv(subreq, &state->child_status); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("nsupdate child execution failed [%d]: %s\n", ret, sss_strerror(ret))); tevent_req_error(req, ret); return; } DEBUG(SSSDBG_FUNC_DATA, ("nsupdate child status: %d\n", state->child_status)); tevent_req_done(req); } errno_t be_nsupdate_recv(struct tevent_req *req, int *child_status) { struct be_nsupdate_state *state = tevent_req_data(req, struct be_nsupdate_state); *child_status = state->child_status; TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void be_nsupdate_timer(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt) { struct be_nsupdate_ctx *ctx = talloc_get_type(pvt, struct be_nsupdate_ctx); talloc_zfree(ctx->refresh_timer); ctx->timer_callback(ctx->timer_pvt); /* timer_callback is responsible for calling be_nsupdate_timer_schedule * again */ } void be_nsupdate_timer_schedule(struct tevent_context *ev, struct be_nsupdate_ctx *ctx) { int refresh; struct timeval tv; if (ctx->refresh_timer) { DEBUG(SSSDBG_FUNC_DATA, ("Timer already scheduled\n")); return; } refresh = dp_opt_get_int(ctx->opts, DP_OPT_DYNDNS_REFRESH_INTERVAL); if (refresh == 0) return; DEBUG(SSSDBG_FUNC_DATA, ("Scheduling timer in %d seconds\n", refresh)); tv = tevent_timeval_current_ofs(refresh, 0); ctx->refresh_timer = tevent_add_timer(ev, ctx, tv, be_nsupdate_timer, ctx); if (!ctx->refresh_timer) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add dyndns refresh timer event\n")); } } errno_t be_nsupdate_check(void) { errno_t ret; struct stat stat_buf; /* Ensure that nsupdate exists */ errno = 0; ret = stat(NSUPDATE_PATH, &stat_buf); if (ret == -1) { ret = errno; if (ret == ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, ("%s does not exist. Dynamic DNS updates disabled\n", NSUPDATE_PATH)); } else { DEBUG(SSSDBG_OP_FAILURE, ("Could not set up dynamic DNS updates: [%d][%s]\n", ret, strerror(ret))); } } return ret; } static struct dp_option default_dyndns_opts[] = { { "dyndns_update", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_refresh_interval", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER }, { "dyndns_iface", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "dyndns_ttl", DP_OPT_NUMBER, { .number = 1200 }, NULL_NUMBER }, { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_FALSE }, { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING }, DP_OPTION_TERMINATOR }; errno_t be_nsupdate_init(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct dp_option *defopts, struct be_nsupdate_ctx **_ctx) { errno_t ret; struct dp_option *src_opts; struct be_nsupdate_ctx *ctx; char *strauth; ctx = talloc_zero(mem_ctx, struct be_nsupdate_ctx); if (ctx == NULL) return ENOMEM; src_opts = defopts ? defopts : default_dyndns_opts; ret = dp_get_options(ctx, be_ctx->cdb, be_ctx->conf_path, src_opts, DP_OPT_DYNDNS, &ctx->opts); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot retrieve dynamic DNS options\n")); return ret; } strauth = dp_opt_get_string(ctx->opts, DP_OPT_DYNDNS_AUTH); if (strcasecmp(strauth, "gss-tsig") == 0) { ctx->auth_type = BE_NSUPDATE_AUTH_GSS_TSIG; } else if (strcasecmp(strauth, "none") == 0) { ctx->auth_type = BE_NSUPDATE_AUTH_NONE; } else { DEBUG(SSSDBG_OP_FAILURE, ("Uknown dyndns auth type %s\n", strauth)); return EINVAL; } *_ctx = ctx; return ERR_OK; } errno_t be_nsupdate_init_timer(struct be_nsupdate_ctx *ctx, struct tevent_context *ev, nsupdate_timer_fn_t timer_callback, void *timer_pvt) { if (ctx == NULL) return EINVAL; ctx->timer_callback = timer_callback; ctx->timer_pvt = timer_pvt; be_nsupdate_timer_schedule(ev, ctx); return ERR_OK; } sssd-1.11.5/src/providers/PaxHeaders.13173/data_provider_opts.c0000644000000000000000000000007412320753107022413 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.523875047 sssd-1.11.5/src/providers/data_provider_opts.c0000664002412700241270000003237012320753107022642 0ustar00jhrozekjhrozek00000000000000/* SSSD Data Provider Helpers Copyright (C) Simo Sorce 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "data_provider.h" /* =Retrieve-Options====================================================== */ int dp_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct dp_option *def_opts, int num_opts, struct dp_option **_opts) { struct dp_option *opts; int i, ret; opts = talloc_zero_array(memctx, struct dp_option, num_opts); if (!opts) return ENOMEM; for (i = 0; i < num_opts; i++) { char *tmp; opts[i].opt_name = def_opts[i].opt_name; opts[i].type = def_opts[i].type; opts[i].def_val = def_opts[i].def_val; switch (def_opts[i].type) { case DP_OPT_STRING: ret = confdb_get_string(cdb, opts, conf_path, opts[i].opt_name, opts[i].def_val.cstring, &opts[i].val.string); if (ret != EOK || ((opts[i].def_val.string != NULL) && (opts[i].val.string == NULL))) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to retrieve value for option (%s)\n", opts[i].opt_name)); if (ret == EOK) ret = EINVAL; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Option %s has%s value %s\n", opts[i].opt_name, opts[i].val.cstring ? "" : " no", opts[i].val.cstring ? opts[i].val.cstring : "")); break; case DP_OPT_BLOB: ret = confdb_get_string(cdb, opts, conf_path, opts[i].opt_name, NULL, &tmp); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to retrieve value for option (%s)\n", opts[i].opt_name)); goto done; } if (tmp) { opts[i].val.blob.data = (uint8_t *)tmp; opts[i].val.blob.length = strlen(tmp); } else if (opts[i].def_val.blob.data != NULL) { opts[i].val.blob.data = opts[i].def_val.blob.data; opts[i].val.blob.length = opts[i].def_val.blob.length; } else { opts[i].val.blob.data = NULL; opts[i].val.blob.length = 0; } DEBUG(SSSDBG_TRACE_FUNC, ("Option %s has %s binary value.\n", opts[i].opt_name, opts[i].val.blob.length?"a":"no")); break; case DP_OPT_NUMBER: ret = confdb_get_int(cdb, conf_path, opts[i].opt_name, opts[i].def_val.number, &opts[i].val.number); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to retrieve value for option (%s)\n", opts[i].opt_name)); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Option %s has value %d\n", opts[i].opt_name, opts[i].val.number)); break; case DP_OPT_BOOL: ret = confdb_get_bool(cdb, conf_path, opts[i].opt_name, opts[i].def_val.boolean, &opts[i].val.boolean); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to retrieve value for option (%s)\n", opts[i].opt_name)); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Option %s is %s\n", opts[i].opt_name, opts[i].val.boolean?"TRUE":"FALSE")); break; } } ret = EOK; *_opts = opts; done: if (ret != EOK) talloc_zfree(opts); return ret; } /* =Basic-Option-Helpers================================================== */ static int dp_copy_options_ex(TALLOC_CTX *memctx, bool copy_values, struct dp_option *src_opts, int num_opts, struct dp_option **_opts) { struct dp_option *opts; int i, ret = EOK; opts = talloc_zero_array(memctx, struct dp_option, num_opts); if (!opts) return ENOMEM; for (i = 0; i < num_opts; i++) { opts[i].opt_name = src_opts[i].opt_name; opts[i].type = src_opts[i].type; opts[i].def_val = src_opts[i].def_val; ret = EOK; switch (src_opts[i].type) { case DP_OPT_STRING: if (copy_values) { ret = dp_opt_set_string(opts, i, src_opts[i].val.string); } else { ret = dp_opt_set_string(opts, i, src_opts[i].def_val.string); } if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to copy value for option (%s)\n", opts[i].opt_name)); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Option %s has%s value %s\n", opts[i].opt_name, opts[i].val.cstring ? "" : " no", opts[i].val.cstring ? opts[i].val.cstring : "")); break; case DP_OPT_BLOB: if (copy_values) { ret = dp_opt_set_blob(opts, i, src_opts[i].val.blob); } else { ret = dp_opt_set_blob(opts, i, src_opts[i].def_val.blob); } if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to retrieve value for option (%s)\n", opts[i].opt_name)); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Option %s has %s binary value.\n", opts[i].opt_name, opts[i].val.blob.length?"a":"no")); break; case DP_OPT_NUMBER: if (copy_values) { ret = dp_opt_set_int(opts, i, src_opts[i].val.number); } else { ret = dp_opt_set_int(opts, i, src_opts[i].def_val.number); } if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to retrieve value for option (%s)\n", opts[i].opt_name)); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Option %s has value %d\n", opts[i].opt_name, opts[i].val.number)); break; case DP_OPT_BOOL: if (copy_values) { ret = dp_opt_set_bool(opts, i, src_opts[i].val.boolean); } else { ret = dp_opt_set_bool(opts, i, src_opts[i].def_val.boolean); } if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to retrieve value for option (%s)\n", opts[i].opt_name)); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Option %s is %s\n", opts[i].opt_name, opts[i].val.boolean?"TRUE":"FALSE")); break; } } *_opts = opts; done: if (ret != EOK) talloc_zfree(opts); return ret; } int dp_copy_options(TALLOC_CTX *memctx, struct dp_option *src_opts, int num_opts, struct dp_option **_opts) { return dp_copy_options_ex(memctx, true, src_opts, num_opts, _opts); } int dp_copy_defaults(TALLOC_CTX *memctx, struct dp_option *src_opts, int num_opts, struct dp_option **_opts) { return dp_copy_options_ex(memctx, false, src_opts, num_opts, _opts); } static const char *dp_opt_type_to_string(enum dp_opt_type type) { switch (type) { case DP_OPT_STRING: return "String"; case DP_OPT_BLOB: return "Blob"; case DP_OPT_NUMBER: return "Number"; case DP_OPT_BOOL: return "Boolean"; } return NULL; } /* Getters */ const char *_dp_opt_get_cstring(struct dp_option *opts, int id, const char *location) { if (opts[id].type != DP_OPT_STRING) { DEBUG(0, ("[%s] Requested type 'String' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type))); return NULL; } return opts[id].val.cstring; } char *_dp_opt_get_string(struct dp_option *opts, int id, const char *location) { if (opts[id].type != DP_OPT_STRING) { DEBUG(0, ("[%s] Requested type 'String' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type))); return NULL; } return opts[id].val.string; } struct dp_opt_blob _dp_opt_get_blob(struct dp_option *opts, int id, const char *location) { struct dp_opt_blob null_blob = { NULL, 0 }; if (opts[id].type != DP_OPT_BLOB) { DEBUG(0, ("[%s] Requested type 'Blob' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type))); return null_blob; } return opts[id].val.blob; } int _dp_opt_get_int(struct dp_option *opts, int id, const char *location) { if (opts[id].type != DP_OPT_NUMBER) { DEBUG(0, ("[%s] Requested type 'Number' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type))); return 0; } return opts[id].val.number; } bool _dp_opt_get_bool(struct dp_option *opts, int id, const char *location) { if (opts[id].type != DP_OPT_BOOL) { DEBUG(0, ("[%s] Requested type 'Boolean' for option '%s'" " but value is of type '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type))); return false; } return opts[id].val.boolean; } /* Setters */ int _dp_opt_set_string(struct dp_option *opts, int id, const char *s, const char *location) { if (opts[id].type != DP_OPT_STRING) { DEBUG(0, ("[%s] Requested type 'String' for option '%s'" " but type is '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type))); return EINVAL; } if (opts[id].val.string) { talloc_zfree(opts[id].val.string); } if (s) { opts[id].val.string = talloc_strdup(opts, s); if (!opts[id].val.string) { DEBUG(0, ("talloc_strdup() failed!\n")); return ENOMEM; } } return EOK; } int _dp_opt_set_blob(struct dp_option *opts, int id, struct dp_opt_blob b, const char *location) { if (opts[id].type != DP_OPT_BLOB) { DEBUG(0, ("[%s] Requested type 'Blob' for option '%s'" " but type is '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type))); return EINVAL; } if (opts[id].val.blob.data) { talloc_zfree(opts[id].val.blob.data); opts[id].val.blob.length = 0; } if (b.data) { opts[id].val.blob.data = talloc_memdup(opts, b.data, b.length); if (!opts[id].val.blob.data) { DEBUG(0, ("talloc_memdup() failed!\n")); return ENOMEM; } } opts[id].val.blob.length = b.length; return EOK; } int _dp_opt_set_int(struct dp_option *opts, int id, int i, const char *location) { if (opts[id].type != DP_OPT_NUMBER) { DEBUG(0, ("[%s] Requested type 'Number' for option '%s'" " but type is '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type))); return EINVAL; } opts[id].val.number = i; return EOK; } int _dp_opt_set_bool(struct dp_option *opts, int id, bool b, const char *location) { if (opts[id].type != DP_OPT_BOOL) { DEBUG(0, ("[%s] Requested type 'Boolean' for option '%s'" " but type is '%s'!\n", location, opts[id].opt_name, dp_opt_type_to_string(opts[id].type))); return EINVAL; } opts[id].val.boolean = b; return EOK; } sssd-1.11.5/src/providers/PaxHeaders.13173/data_provider_fo.c0000644000000000000000000000007412320753107022032 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.522875048 sssd-1.11.5/src/providers/data_provider_fo.c0000664002412700241270000006116612320753107022266 0ustar00jhrozekjhrozek00000000000000/* SSSD Data Provider Helpers Copyright (C) Simo Sorce 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include "providers/dp_backend.h" #include "resolv/async_resolv.h" struct be_svc_callback { struct be_svc_callback *prev; struct be_svc_callback *next; struct be_svc_data *svc; be_svc_callback_fn_t *fn; void *private_data; }; struct be_svc_data { struct be_svc_data *prev; struct be_svc_data *next; const char *name; struct fo_service *fo_service; struct fo_server *last_good_srv; time_t last_status_change; bool run_callbacks; struct be_svc_callback *callbacks; struct fo_server *first_resolved; }; struct be_failover_ctx { struct fo_ctx *fo_ctx; struct be_resolv_ctx *be_res; struct be_svc_data *svcs; struct tevent_timer *primary_server_handler; }; static const char *proto_table[] = { FO_PROTO_TCP, FO_PROTO_UDP, NULL }; int be_fo_is_srv_identifier(const char *server) { return server && strcasecmp(server, BE_SRV_IDENTIFIER) == 0; } static int be_fo_get_options(struct be_ctx *ctx, struct fo_options *opts) { opts->service_resolv_timeout = dp_opt_get_int(ctx->be_res->opts, DP_RES_OPT_RESOLVER_TIMEOUT); opts->retry_timeout = 30; opts->srv_retry_timeout = 14400; opts->family_order = ctx->be_res->family_order; return EOK; } int be_init_failover(struct be_ctx *ctx) { int ret; struct fo_options fopts; if (ctx->be_fo != NULL) { return EOK; } ctx->be_fo = talloc_zero(ctx, struct be_failover_ctx); if (!ctx->be_fo) { return ENOMEM; } ret = be_res_init(ctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing resolver context\n")); talloc_zfree(ctx->be_fo); return ret; } ctx->be_fo->be_res = ctx->be_res; ret = be_fo_get_options(ctx, &fopts); if (ret != EOK) { talloc_zfree(ctx->be_fo); return ret; } ctx->be_fo->fo_ctx = fo_context_init(ctx->be_fo, &fopts); if (!ctx->be_fo->fo_ctx) { talloc_zfree(ctx->be_fo); return ENOMEM; } return EOK; } static int be_svc_data_destroy(void *memptr) { struct be_svc_data *svc; svc = talloc_get_type(memptr, struct be_svc_data); while (svc->callbacks) { /* callbacks removes themselves from the list, * so this while will freem them all and then terminate */ talloc_free(svc->callbacks); } return 0; } /* * Find registered be_svc_data by service name. */ static struct be_svc_data *be_fo_find_svc_data(struct be_ctx *ctx, const char *service_name) { struct be_svc_data *svc; if (!ctx || !ctx->be_fo) { return 0; } DLIST_FOR_EACH(svc, ctx->be_fo->svcs) { if (strcmp(svc->name, service_name) == 0) { return svc; } } return 0; } int be_fo_add_service(struct be_ctx *ctx, const char *service_name, datacmp_fn user_data_cmp) { struct fo_service *service; struct be_svc_data *svc; int ret; svc = be_fo_find_svc_data(ctx, service_name); if (svc) { DEBUG(6, ("Failover service already initialized!\n")); /* we already have a service up and configured, * can happen when using both id and auth provider */ return EOK; } /* if not in the be service list, try to create new one */ ret = fo_new_service(ctx->be_fo->fo_ctx, service_name, user_data_cmp, &service); if (ret != EOK && ret != EEXIST) { DEBUG(1, ("Failed to create failover service!\n")); return ret; } svc = talloc_zero(ctx->be_fo, struct be_svc_data); if (!svc) { return ENOMEM; } talloc_set_destructor((TALLOC_CTX *)svc, be_svc_data_destroy); svc->name = talloc_strdup(svc, service_name); if (!svc->name) { talloc_zfree(svc); return ENOMEM; } svc->fo_service = service; DLIST_ADD(ctx->be_fo->svcs, svc); return EOK; } static int be_svc_callback_destroy(void *memptr) { struct be_svc_callback *callback; callback = talloc_get_type(memptr, struct be_svc_callback); if (callback->svc) { DLIST_REMOVE(callback->svc->callbacks, callback); } return 0; } int be_fo_service_add_callback(TALLOC_CTX *memctx, struct be_ctx *ctx, const char *service_name, be_svc_callback_fn_t *fn, void *private_data) { struct be_svc_callback *callback; struct be_svc_data *svc; svc = be_fo_find_svc_data(ctx, service_name); if (NULL == svc) { return ENOENT; } callback = talloc_zero(memctx, struct be_svc_callback); if (!callback) { return ENOMEM; } talloc_set_destructor((TALLOC_CTX *)callback, be_svc_callback_destroy); callback->svc = svc; callback->fn = fn; callback->private_data = private_data; DLIST_ADD(svc->callbacks, callback); return EOK; } void be_fo_set_srv_lookup_plugin(struct be_ctx *ctx, fo_srv_lookup_plugin_send_t send_fn, fo_srv_lookup_plugin_recv_t recv_fn, void *pvt, const char *plugin_name) { bool bret; DEBUG(SSSDBG_TRACE_FUNC, ("Trying to set SRV lookup plugin to %s\n", plugin_name)); bret = fo_set_srv_lookup_plugin(ctx->be_fo->fo_ctx, send_fn, recv_fn, pvt); if (bret) { DEBUG(SSSDBG_TRACE_FUNC, ("SRV lookup plugin is now %s\n", plugin_name)); } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to set SRV lookup plugin, " "another plugin may be already in place\n")); } } errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx *be_ctx, const char *hostname) { struct fo_resolve_srv_dns_ctx *srv_ctx = NULL; char resolved_hostname[HOST_NAME_MAX]; errno_t ret; if (hostname == NULL) { ret = gethostname(resolved_hostname, HOST_NAME_MAX); if (ret != EOK) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("gethostname() failed: [%d]: %s\n", ret, strerror(ret))); return ret; } resolved_hostname[HOST_NAME_MAX-1] = '\0'; hostname = resolved_hostname; } srv_ctx = fo_resolve_srv_dns_ctx_init(be_ctx, be_ctx->be_res->resolv, be_ctx->be_res->family_order, default_host_dbs, hostname, be_ctx->domain->name); if (srv_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); return ENOMEM; } be_fo_set_srv_lookup_plugin(be_ctx, fo_resolve_srv_dns_send, fo_resolve_srv_dns_recv, srv_ctx, "DNS"); return EOK; } int be_fo_add_srv_server(struct be_ctx *ctx, const char *service_name, const char *query_service, const char *default_discovery_domain, enum be_fo_protocol proto, bool proto_fallback, void *user_data) { struct be_svc_data *svc; const char *domain; int ret; int i; svc = be_fo_find_svc_data(ctx, service_name); if (NULL == svc) { return ENOENT; } domain = dp_opt_get_string(ctx->be_res->opts, DP_RES_OPT_DNS_DOMAIN); if (!domain) { domain = default_discovery_domain; } /* Add the first protocol as the primary lookup */ ret = fo_add_srv_server(svc->fo_service, query_service, domain, ctx->domain->name, proto_table[proto], user_data); if (ret && ret != EEXIST) { DEBUG(1, ("Failed to add SRV lookup reference to failover service\n")); return ret; } if (proto_fallback) { i = (proto + 1) % BE_FO_PROTO_SENTINEL; /* All the rest as fallback */ while (i != proto) { ret = fo_add_srv_server(svc->fo_service, query_service, domain, ctx->domain->name, proto_table[i], user_data); if (ret && ret != EEXIST) { DEBUG(1, ("Failed to add SRV lookup reference to failover service\n")); return ret; } i = (i + 1) % BE_FO_PROTO_SENTINEL; } } return EOK; } int be_fo_get_server_count(struct be_ctx *ctx, const char *service_name) { struct be_svc_data *svc_data; svc_data = be_fo_find_svc_data(ctx, service_name); if (!svc_data) { return 0; } return fo_get_server_count(svc_data->fo_service); } int be_fo_add_server(struct be_ctx *ctx, const char *service_name, const char *server, int port, void *user_data, bool primary) { struct be_svc_data *svc; int ret; svc = be_fo_find_svc_data(ctx, service_name); if (NULL == svc) { return ENOENT; } ret = fo_add_server(svc->fo_service, server, port, user_data, primary); if (ret && ret != EEXIST) { DEBUG(1, ("Failed to add server to failover service\n")); return ret; } return EOK; } struct be_resolve_server_state { struct tevent_context *ev; struct be_ctx *ctx; struct be_svc_data *svc; int attempts; struct fo_server *srv; bool first_try; }; struct be_primary_server_ctx { struct be_ctx *bctx; struct tevent_context *ev; struct be_svc_data *svc; unsigned long timeout; int attempts; }; errno_t be_resolve_server_process(struct tevent_req *subreq, struct be_resolve_server_state *state, struct tevent_req **new_subreq); static void be_primary_server_done(struct tevent_req *subreq); static errno_t be_primary_server_timeout_activate(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *bctx, struct be_svc_data *svc, const unsigned long timeout_seconds); static void be_primary_server_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { struct be_primary_server_ctx *ctx = talloc_get_type(pvt, struct be_primary_server_ctx); struct tevent_req *subreq; ctx->bctx->be_fo->primary_server_handler = NULL; DEBUG(SSSDBG_TRACE_FUNC, ("Looking for primary server!\n")); subreq = fo_resolve_service_send(ctx->bctx, ctx->ev, ctx->bctx->be_fo->be_res->resolv, ctx->bctx->be_fo->fo_ctx, ctx->svc->fo_service); if (subreq == NULL) { return; } tevent_req_set_callback(subreq, be_primary_server_done, ctx); } static void be_primary_server_done(struct tevent_req *subreq) { errno_t ret; struct be_primary_server_ctx *ctx; struct be_resolve_server_state *resolve_state; struct tevent_req *new_subreq; ctx = tevent_req_callback_data(subreq, struct be_primary_server_ctx); resolve_state = talloc_zero(ctx->bctx, struct be_resolve_server_state); if (resolve_state == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero() failed\n")); return; } resolve_state->attempts = ctx->attempts; resolve_state->ctx = ctx->bctx; resolve_state->ev = ctx->ev; resolve_state->first_try = true; resolve_state->srv = NULL; resolve_state->svc = ctx->svc; ret = be_resolve_server_process(subreq, resolve_state, &new_subreq); talloc_free(subreq); if (ret == EAGAIN) { ctx->attempts++; tevent_req_set_callback(new_subreq, be_primary_server_done, ctx); return; } else if (ret == EIO || (ret == EOK && !fo_is_server_primary(resolve_state->srv))) { /* Schedule another lookup * (either no server could be found or it was not primary) */ ret = be_primary_server_timeout_activate(ctx->bctx, ctx->ev, ctx->bctx, ctx->svc, ctx->timeout); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not schedule primary server lookup\n")); } } else if (ret == EOK) { be_run_reconnect_cb(ctx->bctx); } talloc_zfree(ctx); /* If an error occurred just end the routine */ } static errno_t be_primary_server_timeout_activate(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *bctx, struct be_svc_data *svc, const unsigned long timeout_seconds) { struct timeval tv; struct be_primary_server_ctx *ctx; struct be_failover_ctx *fo_ctx = bctx->be_fo; if (fo_ctx->primary_server_handler != NULL) { DEBUG(SSSDBG_TRACE_FUNC, ("The primary server reconnection " "is already scheduled\n")); return EOK; } ctx = talloc_zero(mem_ctx, struct be_primary_server_ctx); if (ctx == NULL) { return ENOMEM; } ctx->bctx = bctx; ctx->ev = ev; ctx->svc = svc; ctx->timeout = timeout_seconds; tv = tevent_timeval_current(); tv = tevent_timeval_add(&tv, timeout_seconds, 0); fo_ctx->primary_server_handler = tevent_add_timer(ev, bctx, tv, be_primary_server_timeout, ctx); if (fo_ctx->primary_server_handler == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_add_timer failed.\n")); talloc_free(ctx); return ENOMEM; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Primary server reactivation timeout set " "to %lu seconds\n", timeout_seconds)); return EOK; } static void be_resolve_server_done(struct tevent_req *subreq); struct tevent_req *be_resolve_server_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct be_ctx *ctx, const char *service_name, bool first_try) { struct tevent_req *req, *subreq; struct be_resolve_server_state *state; struct be_svc_data *svc; req = tevent_req_create(memctx, &state, struct be_resolve_server_state); if (!req) return NULL; state->ev = ev; state->ctx = ctx; svc = be_fo_find_svc_data(ctx, service_name); if (NULL == svc) { tevent_req_error(req, EINVAL); tevent_req_post(req, ev); return req; } state->svc = svc; state->attempts = 0; state->first_try = first_try; subreq = fo_resolve_service_send(state, ev, ctx->be_fo->be_res->resolv, ctx->be_fo->fo_ctx, svc->fo_service); if (!subreq) { talloc_zfree(req); return NULL; } tevent_req_set_callback(subreq, be_resolve_server_done, req); return req; } static void be_resolve_server_done(struct tevent_req *subreq) { struct tevent_req *new_subreq; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct be_resolve_server_state *state = tevent_req_data(req, struct be_resolve_server_state); time_t timeout = fo_get_service_retry_timeout(state->svc->fo_service) + 1; int ret; ret = be_resolve_server_process(subreq, state, &new_subreq); talloc_zfree(subreq); if (ret == EAGAIN) { tevent_req_set_callback(new_subreq, be_resolve_server_done, req); return; } else if (ret != EOK) { goto fail; } if (!fo_is_server_primary(state->srv)) { /* FIXME: make the timeout configurable */ ret = be_primary_server_timeout_activate(state->ctx, state->ev, state->ctx, state->svc, timeout); if (ret != EOK) { goto fail; } } tevent_req_done(req); return; fail: DEBUG(SSSDBG_TRACE_LIBS, ("Server resolution failed: %d\n", ret)); state->svc->first_resolved = NULL; tevent_req_error(req, ret); } errno_t be_resolve_server_process(struct tevent_req *subreq, struct be_resolve_server_state *state, struct tevent_req **new_subreq) { errno_t ret; time_t srv_status_change; struct be_svc_callback *callback; ret = fo_resolve_service_recv(subreq, &state->srv); switch (ret) { case EOK: if (!state->srv) { return EFAULT; } break; case ENOENT: /* all servers have been tried and none * was found good, go offline */ return EIO; default: /* mark server as bad and retry */ if (!state->srv) { return EFAULT; } DEBUG(SSSDBG_MINOR_FAILURE, ("Couldn't resolve server (%s), resolver returned (%d)\n", fo_get_server_str_name(state->srv), ret)); state->attempts++; if (state->attempts >= 10) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to find a server after 10 attempts\n")); return EIO; } /* now try next one */ DEBUG(SSSDBG_TRACE_LIBS, ("Trying with the next one!\n")); subreq = fo_resolve_service_send(state, state->ev, state->ctx->be_fo->be_res->resolv, state->ctx->be_fo->fo_ctx, state->svc->fo_service); if (!subreq) { return ENOMEM; } if (new_subreq) { *new_subreq = subreq; } return EAGAIN; } /* all fine we got the server */ if (state->svc->first_resolved == NULL || state->first_try == true) { DEBUG(SSSDBG_TRACE_LIBS, ("Saving the first resolved server\n")); state->svc->first_resolved = state->srv; } else if (state->svc->first_resolved == state->srv) { DEBUG(SSSDBG_OP_FAILURE, ("The fail over cycled through all available servers\n")); return ENOENT; } if (DEBUG_IS_SET(SSSDBG_FUNC_DATA) && fo_get_server_name(state->srv)) { struct resolv_hostent *srvaddr; char ipaddr[128]; srvaddr = fo_get_server_hostent(state->srv); if (!srvaddr) { DEBUG(SSSDBG_CRIT_FAILURE, ("FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(state->srv))); return EFAULT; } inet_ntop(srvaddr->family, srvaddr->addr_list[0]->ipaddr, ipaddr, 128); DEBUG(SSSDBG_FUNC_DATA, ("Found address for server %s: [%s] TTL %d\n", fo_get_server_str_name(state->srv), ipaddr, srvaddr->addr_list[0]->ttl)); } srv_status_change = fo_get_server_hostname_last_change(state->srv); /* now call all svc callbacks if server changed or if it is explicitly * requested or if the server is the same but changed status since last time*/ if (state->srv != state->svc->last_good_srv || state->svc->run_callbacks || srv_status_change > state->svc->last_status_change) { state->svc->last_good_srv = state->srv; state->svc->last_status_change = srv_status_change; state->svc->run_callbacks = false; DLIST_FOR_EACH(callback, state->svc->callbacks) { callback->fn(callback->private_data, state->srv); } } return EOK; } int be_resolve_server_recv(struct tevent_req *req, struct fo_server **srv) { struct be_resolve_server_state *state = tevent_req_data(req, struct be_resolve_server_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (srv) { *srv = state->srv; } return EOK; } void be_fo_try_next_server(struct be_ctx *ctx, const char *service_name) { struct be_svc_data *svc; svc = be_fo_find_svc_data(ctx, service_name); if (svc) { fo_try_next_server(svc->fo_service); } } int be_fo_run_callbacks_at_next_request(struct be_ctx *ctx, const char *service_name) { struct be_svc_data *svc; svc = be_fo_find_svc_data(ctx, service_name); if (NULL == svc) { return ENOENT; } svc->run_callbacks = true; return EOK; } void reset_fo(struct be_ctx *be_ctx) { fo_reset_services(be_ctx->be_fo->fo_ctx); } void be_fo_set_port_status(struct be_ctx *ctx, const char *service_name, struct fo_server *server, enum port_status status) { struct be_svc_data *be_svc; be_svc = be_fo_find_svc_data(ctx, service_name); if (be_svc == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("No service associated with name %s\n", service_name)); return; } if (!fo_svc_has_server(be_svc->fo_service, server)) { DEBUG(SSSDBG_OP_FAILURE, ("The server %p is not valid anymore, cannot set its status\n", server)); return; } /* Now we know that the server is valid */ fo_set_port_status(server, status); if (status == PORT_WORKING) { /* We were successful in connecting to the server. Cycle through all * available servers next time */ be_svc->first_resolved = NULL; } } /* Resolver back end interface */ static struct dp_option dp_res_default_opts[] = { { "lookup_family_order", DP_OPT_STRING, { "ipv4_first" }, NULL_STRING }, { "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; static errno_t be_res_get_opts(struct be_resolv_ctx *res_ctx, struct confdb_ctx *cdb, const char *conf_path) { errno_t ret; const char *str_family; ret = dp_get_options(res_ctx, cdb, conf_path, dp_res_default_opts, DP_RES_OPTS, &res_ctx->opts); if (ret != EOK) { return ret; } str_family = dp_opt_get_string(res_ctx->opts, DP_RES_OPT_FAMILY_ORDER); DEBUG(SSSDBG_CONF_SETTINGS, ("Lookup order: %s\n", str_family)); if (strcasecmp(str_family, "ipv4_first") == 0) { res_ctx->family_order = IPV4_FIRST; } else if (strcasecmp(str_family, "ipv4_only") == 0) { res_ctx->family_order = IPV4_ONLY; } else if (strcasecmp(str_family, "ipv6_first") == 0) { res_ctx->family_order = IPV6_FIRST; } else if (strcasecmp(str_family, "ipv6_only") == 0) { res_ctx->family_order = IPV6_ONLY; } else { DEBUG(SSSDBG_OP_FAILURE, ("Unknown value for option %s: %s\n", dp_res_default_opts[DP_RES_OPT_FAMILY_ORDER].opt_name, str_family)); return EINVAL; } return EOK; } errno_t be_res_init(struct be_ctx *ctx) { errno_t ret; if (ctx->be_res != NULL) { return EOK; } ctx->be_res = talloc_zero(ctx, struct be_resolv_ctx); if (!ctx->be_res) { return ENOMEM; } ret = be_res_get_opts(ctx->be_res, ctx->cdb, ctx->conf_path); if (ret != EOK) { talloc_zfree(ctx->be_res); return ret; } ret = resolv_init(ctx, ctx->ev, dp_opt_get_int(ctx->be_res->opts, DP_RES_OPT_RESOLVER_OP_TIMEOUT), &ctx->be_res->resolv); if (ret != EOK) { talloc_zfree(ctx->be_res); return ret; } return EOK; } sssd-1.11.5/src/providers/PaxHeaders.13173/fail_over_srv.h0000644000000000000000000000007412320753107021370 xustar000000000000000030 atime=1396954939.264891432 30 ctime=1396954961.467875089 sssd-1.11.5/src/providers/fail_over_srv.h0000664002412700241270000001223112320753107021611 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __FAIL_OVER_SRV_H__ #define __FAIL_OVER_SRV_H__ #include #include #include "resolv/async_resolv.h" /* SRV lookup plugin interface */ struct fo_server_info { char *host; int port; unsigned short priority; }; /* * If discovery_domain is NULL, it should be detected automatically. */ typedef struct tevent_req * (*fo_srv_lookup_plugin_send_t)(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *service, const char *protocol, const char *discovery_domain, void *pvt); /* * Returns: * EOK - at least one primary or backup server was found * ERR_SRV_NOT_FOUND - no primary nor backup server found * ERR_SRV_LOOKUP_ERROR - error communicating with SRV database * other code - depends on plugin * * If EOK is returned: * - and no primary server is found: * *_primary_servers = NULL * *_num_primary_servers = 0 * - and no backup server is found: * *_backup_servers = NULL * *_num_backup_servers = 0 * - *_dns_domain = DNS domain name where the servers were found */ typedef errno_t (*fo_srv_lookup_plugin_recv_t)(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain, struct fo_server_info **_primary_servers, size_t *_num_primary_servers, struct fo_server_info **_backup_servers, size_t *_num_backup_servers); struct tevent_req *fo_discover_srv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv_ctx, const char *service, const char *protocol, const char **discovery_domains); errno_t fo_discover_srv_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain, struct fo_server_info **_servers, size_t *_num_servers); struct tevent_req *fo_discover_servers_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv_ctx, const char *service, const char *protocol, const char *primary_domain, const char *backup_domain); errno_t fo_discover_servers_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain, struct fo_server_info **_primary_servers, size_t *_num_primary_servers, struct fo_server_info **_backup_servers, size_t *_num_backup_servers); /* Simple SRV lookup plugin */ struct fo_resolve_srv_dns_ctx; struct fo_resolve_srv_dns_ctx * fo_resolve_srv_dns_ctx_init(TALLOC_CTX *mem_ctx, struct resolv_ctx *resolv_ctx, enum restrict_family family_order, enum host_database *host_dbs, const char *hostname, const char *sssd_domain); struct tevent_req *fo_resolve_srv_dns_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *service, const char *protocol, const char *discovery_domain, void *pvt); errno_t fo_resolve_srv_dns_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain, struct fo_server_info **_primary_servers, size_t *_num_primary_servers, struct fo_server_info **_backup_servers, size_t *_num_backup_servers); #endif /* __FAIL_OVER_SRV_H__ */ sssd-1.11.5/src/providers/PaxHeaders.13173/dp_backend.h0000644000000000000000000000007412320753107020602 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.462875092 sssd-1.11.5/src/providers/dp_backend.h0000664002412700241270000002225612320753107021033 0ustar00jhrozekjhrozek00000000000000/* SSSD Data Provider, private header file Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __DP_BACKEND_H__ #define __DP_BACKEND_H__ #include "providers/data_provider.h" #include "providers/fail_over.h" #include "providers/dp_refresh.h" #include "util/child_common.h" #include "db/sysdb.h" /* a special token, if used in place of the hostname, denotes that real * hostnames should be looked up from DNS using SRV requests */ #define BE_SRV_IDENTIFIER "_srv_" struct be_ctx; struct bet_ops; struct be_req; typedef int (*bet_init_fn_t)(TALLOC_CTX *, struct bet_ops **, void **); typedef void (*be_shutdown_fn)(void *); typedef void (*be_req_fn_t)(struct be_req *); typedef void (*be_async_callback_t)(struct be_req *, int, int, const char *); typedef void (*be_callback_t)(void *); enum bet_type { BET_NULL = 0, BET_ID, BET_AUTH, BET_ACCESS, BET_CHPASS, BET_SUDO, BET_AUTOFS, BET_SELINUX, BET_HOSTID, BET_SUBDOMAINS, BET_MAX }; struct bet_data { enum bet_type bet_type; const char *option_name; const char *mod_init_fn_name_fmt; }; struct loaded_be { char *be_name; void *handle; }; struct bet_queue_item { struct bet_queue_item *prev; struct bet_queue_item *next; TALLOC_CTX *mem_ctx; struct be_req *be_req; be_req_fn_t fn; }; struct bet_info { enum bet_type bet_type; struct bet_ops *bet_ops; void *pvt_bet_data; char *mod_name; struct bet_queue_item *req_queue; }; struct be_offline_status { time_t went_offline; bool offline; }; struct be_resolv_ctx { struct resolv_ctx *resolv; struct dp_option *opts; enum restrict_family family_order; }; struct be_client { struct be_ctx *bectx; struct sbus_connection *conn; struct tevent_timer *timeout; bool initialized; }; struct be_failover_ctx; struct be_cb; struct be_ctx { struct tevent_context *ev; struct confdb_ctx *cdb; struct sss_domain_info *domain; const char *identity; const char *conf_path; struct be_failover_ctx *be_fo; struct be_resolv_ctx *be_res; /* Functions to be invoked when the * backend goes online or offline */ struct be_cb *online_cb_list; bool run_online_cb; struct be_cb *offline_cb_list; struct be_cb *reconnect_cb_list; /* In contrast to online_cb_list which are only run if the backend is * offline the unconditional_online_cb_list should be run whenever the * backend receives a request to go online. The typical use case is to * reset timers independenly of the state of the backend. */ struct be_cb *unconditional_online_cb_list; struct be_offline_status offstat; struct sbus_connection *mon_conn; struct sbus_connection *sbus_srv; struct be_client *nss_cli; struct be_client *pam_cli; struct be_client *sudo_cli; struct be_client *autofs_cli; struct be_client *ssh_cli; struct be_client *pac_cli; struct loaded_be loaded_be[BET_MAX]; struct bet_info bet_info[BET_MAX]; struct be_refresh_ctx *refresh_ctx; size_t check_online_ref_count; /* List of ongoing requests */ struct be_req *active_requests; }; struct bet_ops { be_req_fn_t check_online; be_req_fn_t handler; be_req_fn_t finalize; }; struct be_acct_req { int entry_type; int attr_type; int filter_type; char *filter_value; char *extra_value; char *domain; }; struct be_sudo_req { uint32_t type; char **rules; }; struct be_autofs_req { char *mapname; bool invalidate; }; struct be_subdom_req { bool force; char *domain_hint; }; struct be_host_req { uint32_t type; int filter_type; char *name; char *alias; }; bool be_is_offline(struct be_ctx *ctx); void be_mark_offline(struct be_ctx *ctx); int be_add_reconnect_cb(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, be_callback_t cb, void *pvt, struct be_cb **reconnect_cb); void be_run_reconnect_cb(struct be_ctx *be); int be_add_online_cb(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, be_callback_t cb, void *pvt, struct be_cb **online_cb); void be_run_online_cb(struct be_ctx *be); int be_add_unconditional_online_cb(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, be_callback_t cb, void *pvt, struct be_cb **unconditional_online_cb); void be_run_unconditional_online_cb(struct be_ctx *be); int be_add_offline_cb(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, be_callback_t cb, void *pvt, struct be_cb **online_cb); void be_run_offline_cb(struct be_ctx *be); /* from data_provider_fo.c */ enum be_fo_protocol { BE_FO_PROTO_TCP, BE_FO_PROTO_UDP, BE_FO_PROTO_SENTINEL }; typedef void (be_svc_callback_fn_t)(void *, struct fo_server *); int be_init_failover(struct be_ctx *ctx); int be_fo_is_srv_identifier(const char *server); int be_fo_add_service(struct be_ctx *ctx, const char *service_name, datacmp_fn user_data_cmp); int be_fo_service_add_callback(TALLOC_CTX *memctx, struct be_ctx *ctx, const char *service_name, be_svc_callback_fn_t *fn, void *private_data); int be_fo_get_server_count(struct be_ctx *ctx, const char *service_name); void be_fo_set_srv_lookup_plugin(struct be_ctx *ctx, fo_srv_lookup_plugin_send_t send_fn, fo_srv_lookup_plugin_recv_t recv_fn, void *pvt, const char *plugin_name); errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx *be_ctx, const char *hostname); int be_fo_add_srv_server(struct be_ctx *ctx, const char *service_name, const char *query_service, const char *default_discovery_domain, enum be_fo_protocol proto, bool proto_fallback, void *user_data); int be_fo_add_server(struct be_ctx *ctx, const char *service_name, const char *server, int port, void *user_data, bool primary); struct tevent_req *be_resolve_server_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct be_ctx *ctx, const char *service_name, bool first_try); int be_resolve_server_recv(struct tevent_req *req, struct fo_server **srv); void be_fo_set_port_status(struct be_ctx *ctx, const char *service_name, struct fo_server *server, enum port_status status); /* * Instruct fail-over to try next server on the next connect attempt. * Should be used after connection to service was unexpectedly dropped * but there is no authoritative information on whether active server is down. */ void be_fo_try_next_server(struct be_ctx *ctx, const char *service_name); int be_fo_run_callbacks_at_next_request(struct be_ctx *ctx, const char *service_name); void reset_fo(struct be_ctx *be_ctx); errno_t be_res_init(struct be_ctx *ctx); /* be_req helpers */ struct be_req *be_req_create(TALLOC_CTX *mem_ctx, struct be_client *becli, struct be_ctx *be_ctx, be_async_callback_t fn, void *pvt_fn_data); struct be_ctx *be_req_get_be_ctx(struct be_req *be_req); void *be_req_get_data(struct be_req *be_req); void be_req_terminate(struct be_req *be_req, int dp_err_type, int errnum, const char *errstr); void be_terminate_domain_requests(struct be_ctx *be_ctx, const char *domain); /* Request account information */ struct tevent_req * be_get_account_info_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_client *becli, struct be_ctx *be_ctx, struct be_acct_req *ar); errno_t be_get_account_info_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, int *_err_maj, int *_err_min, const char **_err_msg); #endif /* __DP_BACKEND_H___ */ sssd-1.11.5/src/providers/PaxHeaders.13173/data_provider_callbacks.c0000644000000000000000000000007412320753107023345 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.523875047 sssd-1.11.5/src/providers/data_provider_callbacks.c0000664002412700241270000001647712320753107023606 0ustar00jhrozekjhrozek00000000000000/* SSSD Data Provider Process - Callback Authors: Stephen Gallagher Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "providers/dp_backend.h" struct be_cb { struct be_cb *prev; struct be_cb *next; be_callback_t cb; void *pvt; struct be_cb **list; struct be_ctx *be; }; struct be_cb_ctx { struct be_ctx *be; struct be_cb *callback; }; static int cb_destructor(TALLOC_CTX *ptr) { struct be_cb *cb = talloc_get_type(ptr, struct be_cb); DLIST_REMOVE(*(cb->list), cb); return 0; } static int be_add_cb(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, be_callback_t cb, void *pvt, struct be_cb **cb_list, struct be_cb **return_cb) { struct be_cb *new_cb; if (!ctx || !cb) { return EINVAL; } new_cb = talloc(mem_ctx, struct be_cb); if (!new_cb) { return ENOMEM; } new_cb->cb = cb; new_cb->pvt = pvt; new_cb->list = cb_list; new_cb->be = ctx; DLIST_ADD(*cb_list, new_cb); talloc_set_destructor((TALLOC_CTX *) new_cb, cb_destructor); if (return_cb) { *return_cb = new_cb; } return EOK; } static void be_run_cb_step(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt) { struct be_cb_ctx *cb_ctx = talloc_get_type(pvt, struct be_cb_ctx); struct be_cb *next_cb; struct tevent_timer *tev; struct timeval soon; /* Store next callback in case this callback frees itself */ next_cb = cb_ctx->callback->next; /* Call the callback */ cb_ctx->callback->cb(cb_ctx->callback->pvt); if (next_cb) { cb_ctx->callback = next_cb; /* Delay 30ms so we don't block any other events */ soon = tevent_timeval_current_ofs(0, 30000); tev = tevent_add_timer(cb_ctx->be->ev, cb_ctx, soon, be_run_cb_step, cb_ctx); if (!tev) { DEBUG(0, ("Out of memory. Could not invoke callbacks\n")); goto final; } return; } final: /* Steal the timer event onto the be_ctx so it doesn't * get freed with the cb_ctx */ talloc_steal(cb_ctx->be, te); talloc_free(cb_ctx); } static errno_t be_run_cb(struct be_ctx *be, struct be_cb *cb_list) { struct timeval soon; struct tevent_timer *te; struct be_cb_ctx *cb_ctx; if (cb_list == NULL) { return EOK; } cb_ctx = talloc(be, struct be_cb_ctx); if (!cb_ctx) { DEBUG(0, ("Out of memory. Could not invoke callbacks\n")); return ENOMEM; } cb_ctx->be = be; cb_ctx->callback = cb_list; /* Delay 30ms so we don't block any other events */ soon = tevent_timeval_current_ofs(0, 30000); te = tevent_add_timer(be->ev, cb_ctx, soon, be_run_cb_step, cb_ctx); if (!te) { DEBUG(0, ("Out of memory. Could not invoke callbacks\n")); talloc_free(cb_ctx); return ENOMEM; } return EOK; } int be_add_reconnect_cb(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, be_callback_t cb, void *pvt, struct be_cb **reconnect_cb) { int ret; ret = be_add_cb(mem_ctx, ctx, cb, pvt, &ctx->reconnect_cb_list, reconnect_cb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("be_add_cb failed.\n")); return ret; } return EOK; } void be_run_reconnect_cb(struct be_ctx *be) { struct be_cb *callback = be->reconnect_cb_list; struct be_cb *next_cb; if (callback) { DEBUG(SSSDBG_TRACE_FUNC, ("Reconnecting. Running callbacks.\n")); /** * Call the callback: we have to call this right away * so the provider doesn't go into offline even for * a little while */ do { /* Store next callback in case this callback frees itself */ next_cb = callback->next; callback->cb(callback->pvt); callback = next_cb; } while(callback != NULL); } else { DEBUG(SSSDBG_TRACE_INTERNAL, ("Reconnect call back list is empty, nothing to do.\n")); } } int be_add_online_cb(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, be_callback_t cb, void *pvt, struct be_cb **online_cb) { int ret; ret = be_add_cb(mem_ctx, ctx, cb, pvt, &ctx->online_cb_list, online_cb); if (ret != EOK) { DEBUG(1, ("be_add_cb failed.\n")); return ret; } /* Make sure we run the callback for the first * connection after startup. */ ctx->run_online_cb = true; return EOK; } void be_run_online_cb(struct be_ctx *be) { int ret; if (be->run_online_cb) { /* Reset the flag. We only want to run these * callbacks when transitioning to online */ be->run_online_cb = false; if (be->online_cb_list) { DEBUG(3, ("Going online. Running callbacks.\n")); ret = be_run_cb(be, be->online_cb_list); if (ret != EOK) { DEBUG(1, ("be_run_cb failed.\n")); } } else { DEBUG(9, ("Online call back list is empty, nothing to do.\n")); } } } int be_add_unconditional_online_cb(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, be_callback_t cb, void *pvt, struct be_cb **unconditional_online_cb) { return be_add_cb(mem_ctx, ctx, cb, pvt, &ctx->unconditional_online_cb_list, unconditional_online_cb); } void be_run_unconditional_online_cb(struct be_ctx *be) { int ret; if (be->unconditional_online_cb_list) { DEBUG(SSSDBG_TRACE_FUNC, ("Running unconditional online callbacks.\n")); ret = be_run_cb(be, be->unconditional_online_cb_list); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("be_run_cb failed.\n")); } } else { DEBUG(SSSDBG_TRACE_ALL, ("List of unconditional online callbacks is empty, " \ "nothing to do.\n")); } } int be_add_offline_cb(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, be_callback_t cb, void *pvt, struct be_cb **offline_cb) { return be_add_cb(mem_ctx, ctx, cb, pvt, &ctx->offline_cb_list, offline_cb); } void be_run_offline_cb(struct be_ctx *be) { int ret; if (be->offline_cb_list) { DEBUG(3, ("Going offline. Running callbacks.\n")); ret = be_run_cb(be, be->offline_cb_list); if (ret != EOK) { DEBUG(1, ("be_run_cb failed.\n")); } } else { DEBUG(9, ("Offline call back list is empty, nothing to do.\n")); } } sssd-1.11.5/src/providers/PaxHeaders.13173/dp_ptask.h0000644000000000000000000000007412320753107020335 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.464875091 sssd-1.11.5/src/providers/dp_ptask.h0000664002412700241270000000750212320753107020563 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _DP_PTASK_H_ #define _DP_PTASK_H_ #include #include #include /* solve circular dependency */ struct be_ctx; struct be_ptask; /** * Defines how should task behave when back end is offline. */ enum be_ptask_offline { /* current request will be skipped and rescheduled to 'now + period' */ BE_PTASK_OFFLINE_SKIP, /* An offline and online callback is registered. The task is disabled * immediately when back end goes offline and then enabled again * when back end goes back online */ BE_PTASK_OFFLINE_DISABLE, /* current request will be executed as planned */ BE_PTASK_OFFLINE_EXECUTE }; typedef struct tevent_req * (*be_ptask_send_t)(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct be_ptask *be_ptask, void *pvt); /** * If EOK, task will be scheduled again to 'last_execution_time + period'. * If other error code, task will be rescheduled to 'now + period'. */ typedef errno_t (*be_ptask_recv_t)(struct tevent_req *req); /** * If EOK, task will be scheduled again to 'last_execution_time + period'. * If other error code, task will be rescheduled to 'now + period'. */ typedef errno_t (*be_ptask_sync_t)(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct be_ptask *be_ptask, void *pvt); /** * The first execution is scheduled first_delay seconds after the task is * created. * * If request does not complete in timeout seconds, it will be * cancelled and rescheduled to 'now + period'. * * If the task is reenabled, it will be scheduled again to * 'now + enabled_delay'. * * If an internal error occurred, the task is automatically disabled. */ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, time_t period, time_t first_delay, time_t enabled_delay, time_t timeout, enum be_ptask_offline offline, be_ptask_send_t send_fn, be_ptask_recv_t recv_fn, void *pvt, const char *name, struct be_ptask **_task); errno_t be_ptask_create_sync(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, time_t period, time_t first_delay, time_t enabled_delay, time_t timeout, enum be_ptask_offline offline, be_ptask_sync_t fn, void *pvt, const char *name, struct be_ptask **_task); void be_ptask_enable(struct be_ptask *task); void be_ptask_disable(struct be_ptask *task); void be_ptask_destroy(struct be_ptask **task); time_t be_ptask_get_period(struct be_ptask *task); #endif /* _DP_PTASK_H_ */ sssd-1.11.5/src/providers/PaxHeaders.13173/data_provider_be.c0000644000000000000000000000007412320753107022014 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.521875049 sssd-1.11.5/src/providers/data_provider_be.c0000664002412700241270000026427012320753107022251 0ustar00jhrozekjhrozek00000000000000/* SSSD Data Provider Process Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "popt.h" #include "util/util.h" #include "confdb/confdb.h" #include "db/sysdb.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "providers/dp_backend.h" #include "providers/fail_over.h" #include "providers/dp_refresh.h" #include "providers/dp_ptask.h" #include "util/child_common.h" #include "resolv/async_resolv.h" #include "monitor/monitor_interfaces.h" #define MSG_TARGET_NO_CONFIGURED "sssd_be: The requested target is not configured" #define ACCESS_PERMIT "permit" #define ACCESS_DENY "deny" #define NO_PROVIDER "none" static int data_provider_res_init(DBusMessage *message, struct sbus_connection *conn); static int data_provider_go_offline(DBusMessage *message, struct sbus_connection *conn); static int data_provider_reset_offline(DBusMessage *message, struct sbus_connection *conn); static int data_provider_logrotate(DBusMessage *message, struct sbus_connection *conn); struct sbus_method monitor_be_methods[] = { { MON_CLI_METHOD_PING, monitor_common_pong }, { MON_CLI_METHOD_RES_INIT, data_provider_res_init }, { MON_CLI_METHOD_OFFLINE, data_provider_go_offline }, { MON_CLI_METHOD_RESET_OFFLINE, data_provider_reset_offline }, { MON_CLI_METHOD_ROTATE, data_provider_logrotate }, { NULL, NULL } }; struct sbus_interface monitor_be_interface = { MONITOR_INTERFACE, MONITOR_PATH, SBUS_DEFAULT_VTABLE, monitor_be_methods, NULL }; static int client_registration(DBusMessage *message, struct sbus_connection *conn); static int be_get_account_info(DBusMessage *message, struct sbus_connection *conn); static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn); static int be_sudo_handler(DBusMessage *message, struct sbus_connection *conn); static int be_autofs_handler(DBusMessage *message, struct sbus_connection *conn); static int be_host_handler(DBusMessage *message, struct sbus_connection *conn); static int be_get_subdomains(DBusMessage *message, struct sbus_connection *conn); struct sbus_method be_methods[] = { { DP_METHOD_REGISTER, client_registration }, { DP_METHOD_GETACCTINFO, be_get_account_info }, { DP_METHOD_PAMHANDLER, be_pam_handler }, { DP_METHOD_SUDOHANDLER, be_sudo_handler }, { DP_METHOD_AUTOFSHANDLER, be_autofs_handler }, { DP_METHOD_HOSTHANDLER, be_host_handler }, { DP_METHOD_GETDOMAINS, be_get_subdomains }, { NULL, NULL } }; struct sbus_interface be_interface = { DP_INTERFACE, DP_PATH, SBUS_DEFAULT_VTABLE, be_methods, NULL }; static struct bet_data bet_data[] = { {BET_NULL, NULL, NULL}, {BET_ID, CONFDB_DOMAIN_ID_PROVIDER, "sssm_%s_id_init"}, {BET_AUTH, CONFDB_DOMAIN_AUTH_PROVIDER, "sssm_%s_auth_init"}, {BET_ACCESS, CONFDB_DOMAIN_ACCESS_PROVIDER, "sssm_%s_access_init"}, {BET_CHPASS, CONFDB_DOMAIN_CHPASS_PROVIDER, "sssm_%s_chpass_init"}, {BET_SUDO, CONFDB_DOMAIN_SUDO_PROVIDER, "sssm_%s_sudo_init"}, {BET_AUTOFS, CONFDB_DOMAIN_AUTOFS_PROVIDER, "sssm_%s_autofs_init"}, {BET_SELINUX, CONFDB_DOMAIN_SELINUX_PROVIDER, "sssm_%s_selinux_init"}, {BET_HOSTID, CONFDB_DOMAIN_HOSTID_PROVIDER, "sssm_%s_hostid_init"}, {BET_SUBDOMAINS, CONFDB_DOMAIN_SUBDOMAINS_PROVIDER, "sssm_%s_subdomains_init"}, {BET_MAX, NULL, NULL} }; #define REQ_PHASE_ACCESS 0 #define REQ_PHASE_SELINUX 1 struct be_req { struct be_client *becli; struct be_ctx *be_ctx; struct sss_domain_info *domain; void *req_data; be_async_callback_t fn; void *pvt; /* This is utilized in access provider * request handling to indicate if access or * selinux provider is calling the callback. */ int phase; struct be_req *prev; struct be_req *next; }; static int be_req_destructor(struct be_req *be_req) { DLIST_REMOVE(be_req->be_ctx->active_requests, be_req); return 0; } struct be_req *be_req_create(TALLOC_CTX *mem_ctx, struct be_client *becli, struct be_ctx *be_ctx, be_async_callback_t fn, void *pvt_fn_data) { struct be_req *be_req; be_req = talloc_zero(mem_ctx, struct be_req); if (be_req == NULL) return NULL; be_req->becli = becli; be_req->be_ctx = be_ctx; be_req->domain = be_ctx->domain; be_req->fn = fn; be_req->pvt = pvt_fn_data; /* Add this request to active request list and make sure it is * removed on termination. */ DLIST_ADD(be_ctx->active_requests, be_req); talloc_set_destructor(be_req, be_req_destructor); return be_req; } static errno_t be_req_set_domain(struct be_req *be_req, const char *domain) { struct sss_domain_info *dom = NULL; dom = find_subdomain_by_name(be_req->be_ctx->domain, domain, true); if (dom == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown domain [%s]!\n", domain)); return ERR_DOMAIN_NOT_FOUND; } DEBUG(SSSDBG_TRACE_FUNC, ("Changing request domain from [%s] to [%s]\n", be_req->domain->name, dom->name)); be_req->domain = dom; return EOK; } struct be_ctx *be_req_get_be_ctx(struct be_req *be_req) { return be_req->be_ctx; } void *be_req_get_data(struct be_req *be_req) { return be_req->req_data; } void be_req_terminate(struct be_req *be_req, int dp_err_type, int errnum, const char *errstr) { if (be_req->fn == NULL) return; be_req->fn(be_req, dp_err_type, errnum, errstr); } void be_terminate_domain_requests(struct be_ctx *be_ctx, const char *domain) { struct be_req *be_req = NULL; DEBUG(SSSDBG_TRACE_FUNC, ("Terminating requests for domain [%s]\n", domain)); if (domain == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("BUG: domain is NULL\n")); return; } DLIST_FOR_EACH(be_req, be_ctx->active_requests) { if (strcmp(domain, be_req->domain->name) == 0) { be_req_terminate(be_req, DP_ERR_FATAL, ERR_DOMAIN_NOT_FOUND, sss_strerror(ERR_DOMAIN_NOT_FOUND)); } } } struct be_async_req { be_req_fn_t fn; struct be_req *req; }; static void be_async_req_handler(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { struct be_async_req *async_req; async_req = talloc_get_type(pvt, struct be_async_req); async_req->fn(async_req->req); } struct be_spy { TALLOC_CTX *freectx; struct be_spy *double_agent; }; static int be_spy_destructor(struct be_spy *spy) { /* If there's a double_agent, set its * freectx to NULL so that we don't * try to loop. When that spy fires, * it will just be a no-op. */ spy->double_agent->freectx = NULL; talloc_zfree(spy->freectx); return 0; } static errno_t be_spy_create(TALLOC_CTX *mem_ctx, struct be_req *be_req) { errno_t ret; struct be_spy *cli_spy = NULL; struct be_spy *req_spy = NULL; /* Attach a spy for the be_client so that if it dies, * we can free the be_req automatically. */ cli_spy = talloc_zero(be_req->becli, struct be_spy); if (!cli_spy) { ret = ENOMEM; goto done; } cli_spy->freectx = be_req; /* Also create a spy on the be_req so that we * can free the other spy when the be_req * completes successfully. */ req_spy = talloc_zero(be_req, struct be_spy); if (!req_spy) { ret = ENOMEM; goto done; } req_spy->freectx = cli_spy; /* Create paired spy links to prevent loops */ cli_spy->double_agent = req_spy; req_spy->double_agent = cli_spy; /* Now create the destructors that will actually free * the opposing spies. */ talloc_set_destructor(cli_spy, be_spy_destructor); talloc_set_destructor(req_spy, be_spy_destructor); /* Now steal the be_req onto the mem_ctx so that it * will be guaranteed that this data will be * available for the full duration of execution. */ talloc_steal(mem_ctx, be_req); ret = EOK; done: if (ret != EOK) { talloc_free(cli_spy); talloc_free(req_spy); } return ret; } /* This function alters the memory hierarchy of the be_req * to ensure memory safety during shutdown. It creates a * spy on the be_cli object so that it will free the be_req * if the client is freed. * * It is generally allocated atop the private data context * for the appropriate back-end against which it is being * filed. */ static errno_t be_file_request(TALLOC_CTX *mem_ctx, struct be_req *be_req, be_req_fn_t fn) { errno_t ret; struct be_async_req *areq; struct tevent_timer *te; struct timeval tv; if (!fn || !be_req) return EINVAL; ret = be_spy_create(mem_ctx, be_req); if (ret != EOK) return ret; areq = talloc(be_req, struct be_async_req); if (!areq) { return ENOMEM; } areq->fn = fn; areq->req = be_req; /* fire immediately */ tv.tv_sec = 0; tv.tv_usec = 0; te = tevent_add_timer(be_req->be_ctx->ev, be_req, tv, be_async_req_handler, areq); if (te == NULL) { return EIO; } return EOK; } static errno_t be_queue_request(TALLOC_CTX *queue_mem_ctx, struct bet_queue_item **req_queue, TALLOC_CTX *req_mem_ctx, struct be_req *be_req, be_req_fn_t fn) { struct bet_queue_item *item; int ret; if (*req_queue == NULL) { DEBUG(SSSDBG_TRACE_ALL, ("Queue is empty, " \ "running request immediately.\n")); ret = be_file_request(req_mem_ctx, be_req, fn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("be_file_request failed.\n")); return ret; } } item = talloc_zero(queue_mem_ctx, struct bet_queue_item); if (item == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero failed, cannot add item to " \ "request queue.\n")); } else { DEBUG(SSSDBG_TRACE_ALL, ("Adding request to queue.\n")); item->mem_ctx = req_mem_ctx; item->be_req = be_req; item->fn = fn; DLIST_ADD_END(*req_queue, item, struct bet_queue_item *); } return EOK; } static void be_queue_next_request(struct be_req *be_req, enum bet_type type) { struct bet_queue_item *item; struct bet_queue_item *current = NULL; struct bet_queue_item **req_queue; int ret; DBusMessage *reply; uint16_t err_maj; uint32_t err_min; const char *err_msg = "Cannot file back end request"; struct be_req *next_be_req = NULL; dbus_bool_t dbret; DBusConnection *dbus_conn; req_queue = &be_req->becli->bectx->bet_info[type].req_queue; if (*req_queue == NULL) { DEBUG(SSSDBG_TRACE_ALL, ("Queue is empty, nothing to do.\n")); return; } DLIST_FOR_EACH(item, *req_queue) { if (item->be_req == be_req) { current = item; break; } } if (current != NULL) { DLIST_REMOVE(*req_queue, current); } if (*req_queue == NULL) { DEBUG(SSSDBG_TRACE_ALL, ("Request queue is empty.\n")); return; } next_be_req = (*req_queue)->be_req; ret = be_file_request((*req_queue)->mem_ctx, next_be_req, (*req_queue)->fn); if (ret == EOK) { DEBUG(SSSDBG_TRACE_ALL, ("Queued request filed successfully.\n")); return; } DEBUG(SSSDBG_OP_FAILURE, ("be_file_request failed.\n")); be_queue_next_request(next_be_req, type); reply = (DBusMessage *) next_be_req->pvt; if (reply) { /* Return a reply if one was requested * There may not be one if this request began * while we were offline */ err_maj = DP_ERR_FATAL; err_min = ret; dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &err_maj, DBUS_TYPE_UINT32, &err_min, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to generate dbus reply\n")); dbus_message_unref(reply); goto done; } dbus_conn = sbus_get_connection(next_be_req->becli->conn); if (dbus_conn == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("D-BUS not connected\n")); goto done; } dbus_connection_send(dbus_conn, reply, NULL); dbus_message_unref(reply); } done: talloc_free(next_be_req); } bool be_is_offline(struct be_ctx *ctx) { time_t now = time(NULL); /* check if we are past the offline blackout timeout */ /* FIXME: get offline_timeout from configuration */ if (ctx->offstat.went_offline + 60 < now) { ctx->offstat.offline = false; } return ctx->offstat.offline; } void be_mark_offline(struct be_ctx *ctx) { DEBUG(8, ("Going offline!\n")); ctx->offstat.went_offline = time(NULL); ctx->offstat.offline = true; ctx->run_online_cb = true; be_run_offline_cb(ctx); } static void be_reset_offline(struct be_ctx *ctx) { ctx->offstat.went_offline = 0; ctx->offstat.offline = false; be_run_online_cb(ctx); } static char *dp_pam_err_to_string(TALLOC_CTX *memctx, int dp_err_type, int errnum) { switch (dp_err_type) { case DP_ERR_OK: return talloc_strdup(memctx, "Success"); break; case DP_ERR_OFFLINE: return talloc_asprintf(memctx, "Provider is Offline (%s)", pam_strerror(NULL, errnum)); break; case DP_ERR_TIMEOUT: return talloc_asprintf(memctx, "Request timed out (%s)", pam_strerror(NULL, errnum)); break; case DP_ERR_FATAL: default: return talloc_asprintf(memctx, "Internal Error (%s)", pam_strerror(NULL, errnum)); break; } return NULL; } static void get_subdomains_callback(struct be_req *req, int dp_err_type, int errnum, const char *errstr) { DBusMessage *reply; DBusConnection *dbus_conn; dbus_bool_t dbret; dbus_uint16_t err_maj = 0; dbus_uint32_t err_min = 0; const char *err_msg = NULL; DEBUG(SSSDBG_TRACE_FUNC, ("Backend returned: (%d, %d, %s) [%s]\n", dp_err_type, errnum, errstr?errstr:"", dp_pam_err_to_string(req, dp_err_type, errnum))); be_queue_next_request(req, BET_SUBDOMAINS); reply = (DBusMessage *)req->pvt; if (reply) { /* Return a reply if one was requested * There may not be one if this request began * while we were offline */ err_maj = dp_err_type; err_min = errnum; if (errstr) { err_msg = errstr; } else { err_msg = dp_pam_err_to_string(req, dp_err_type, errnum); } if (!err_msg) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to set err_msg, Out of memory?\n")); err_msg = "OOM"; } dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &err_maj, DBUS_TYPE_UINT32, &err_min, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to generate dbus reply\n")); dbus_message_unref(reply); goto done; } dbus_conn = sbus_get_connection(req->becli->conn); if (dbus_conn == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("D-BUS not connected\n")); goto done; } dbus_connection_send(dbus_conn, reply, NULL); dbus_message_unref(reply); } done: talloc_free(req); } static int be_get_subdomains(DBusMessage *message, struct sbus_connection *conn) { struct be_subdom_req *req; struct be_req *be_req = NULL; struct be_client *becli; DBusMessage *reply; DBusError dbus_error; dbus_bool_t dbret; void *user_data; dbus_bool_t force; char *domain_hint; dbus_uint16_t err_maj; dbus_uint32_t err_min; const char *err_msg; int ret; user_data = sbus_conn_get_private_data(conn); if (!user_data) return EINVAL; becli = talloc_get_type(user_data, struct be_client); if (!becli) return EINVAL; dbus_error_init(&dbus_error); ret = dbus_message_get_args(message, &dbus_error, DBUS_TYPE_BOOLEAN, &force, DBUS_TYPE_STRING, &domain_hint, DBUS_TYPE_INVALID); if (!ret) { DEBUG(SSSDBG_CRIT_FAILURE,("Failed, to parse message!\n")); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); return EIO; } reply = dbus_message_new_method_return(message); if (!reply) return ENOMEM; /* return an error if corresponding backend target is not configured */ if (becli->bectx->bet_info[BET_SUBDOMAINS].bet_ops == NULL) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Undefined backend target.\n")); err_maj = DP_ERR_FATAL; err_min = ENODEV; err_msg = "Subdomains back end target is not configured"; goto immediate; } DEBUG(SSSDBG_TRACE_FUNC, ("Got get subdomains [%sforced][%s]\n", force ? "" : "not ", domain_hint == NULL ? "no hint": domain_hint )); /* If we are offline return immediately */ if (becli->bectx->offstat.offline) { DEBUG(SSSDBG_TRACE_FUNC, ("Cannot proceed, provider is offline.\n")); err_maj = DP_ERR_OFFLINE; err_min = EAGAIN; err_msg = "Provider is offline"; goto immediate; } /* process request */ be_req = be_req_create(becli, becli, becli->bectx, get_subdomains_callback, reply); if (!be_req) { err_maj = DP_ERR_FATAL; err_min = ENOMEM; err_msg = "Out of memory"; goto immediate; } req = talloc(be_req, struct be_subdom_req); if (!req) { err_maj = DP_ERR_FATAL; err_min = ENOMEM; err_msg = "Out of memory"; goto immediate; } req->force = force; req->domain_hint = talloc_strdup(req, domain_hint); if (!req->domain_hint) { err_maj = DP_ERR_FATAL; err_min = ENOMEM; err_msg = "Out of memory"; goto immediate; } be_req->req_data = req; ret = be_queue_request(becli->bectx, &becli->bectx->bet_info[BET_SUBDOMAINS].req_queue, becli->bectx, be_req, becli->bectx->bet_info[BET_SUBDOMAINS].bet_ops->handler); if (ret != EOK) { err_maj = DP_ERR_FATAL; err_min = ret; err_msg = "Cannot file back end request"; goto immediate; } return EOK; immediate: if (be_req) { talloc_free(be_req); } if (reply) { dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &err_maj, DBUS_TYPE_UINT32, &err_min, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to generate dbus reply\n")); dbus_message_unref(reply); return EIO; } if (!(err_maj == DP_ERR_FATAL && err_min == ENODEV)) { DEBUG(SSSDBG_TRACE_LIBS, ("Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg)); } /* send reply back */ sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); } return EOK; } static void acctinfo_callback(struct be_req *req, int dp_err_type, int errnum, const char *errstr) { DBusMessage *reply; DBusConnection *dbus_conn; dbus_bool_t dbret; dbus_uint16_t err_maj = 0; dbus_uint32_t err_min = 0; const char *err_msg = NULL; reply = (DBusMessage *)req->pvt; if (reply) { /* Return a reply if one was requested * There may not be one if this request began * while we were offline */ err_maj = dp_err_type; err_min = errnum; if (errstr) { err_msg = errstr; } else { err_msg = dp_pam_err_to_string(req, dp_err_type, errnum); } if (!err_msg) { DEBUG(1, ("Failed to set err_msg, Out of memory?\n")); err_msg = "OOM"; } dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &err_maj, DBUS_TYPE_UINT32, &err_min, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(1, ("Failed to generate dbus reply\n")); return; } dbus_conn = sbus_get_connection(req->becli->conn); if (!dbus_conn) { DEBUG(SSSDBG_CRIT_FAILURE, ("D-BUS not connected\n")); return; } dbus_connection_send(dbus_conn, reply, NULL); dbus_message_unref(reply); DEBUG(4, ("Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg)); } /* finally free the request */ talloc_free(req); } struct be_initgr_prereq { char *user; char *domain; uint32_t gnum; uint32_t *groups; void *orig_pvt_data; int orig_dp_err_type; int orig_errnum; const char *orig_errstr; }; static void acctinfo_callback_initgr_wrap(struct be_req *be_req) { struct be_initgr_prereq *pr = talloc_get_type(be_req->pvt, struct be_initgr_prereq); be_req->pvt = pr->orig_pvt_data; acctinfo_callback(be_req, pr->orig_dp_err_type, pr->orig_errnum, pr->orig_errstr); } static void acctinfo_callback_initgr_sbus(DBusPendingCall *pending, void *ptr) { struct be_req *be_req = talloc_get_type(ptr, struct be_req); dbus_pending_call_unref(pending); acctinfo_callback_initgr_wrap(be_req); } static void acctinfo_initgroups_callback(struct be_req *be_req, int dp_err_type, int errnum, const char *errstr) { struct be_initgr_prereq *pr = talloc_get_type(be_req->pvt, struct be_initgr_prereq); DBusMessage *msg = NULL; dbus_bool_t dbret; int num; int ret; pr->orig_dp_err_type = dp_err_type; pr->orig_errnum = errnum; pr->orig_errstr = errstr; if (!be_req->be_ctx->nss_cli || !be_req->be_ctx->nss_cli->conn) { DEBUG(SSSDBG_MINOR_FAILURE, ("NSS Service not conected\n")); ret = EACCES; goto done; } /* Set up null request */ msg = dbus_message_new_method_call(NULL, DP_PATH, DP_INTERFACE, DP_REV_METHOD_INITGR_CHECK); if (!msg) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory?!\n")); ret = ENOMEM; goto done; } num = pr->gnum; dbret = dbus_message_append_args(msg, DBUS_TYPE_STRING, &pr->user, DBUS_TYPE_STRING, &pr->domain, DBUS_TYPE_ARRAY, DBUS_TYPE_UINT32, &pr->groups, num, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory?!\n")); ret = ENOMEM; goto done; } /* ping the NSS service, no reply expected */ ret = sbus_conn_send(be_req->be_ctx->nss_cli->conn, msg, -1, acctinfo_callback_initgr_sbus, be_req, NULL); if (ret != EOK) { DEBUG(SSSDBG_TRACE_FUNC, ("Error contacting NSS responder: %d [%s]\n", ret, strerror(ret))); } done: if (msg) { dbus_message_unref(msg); } if (ret != EOK) { /* return immediately if we cannot contact nss provider */ acctinfo_callback_initgr_wrap(be_req); } } static errno_t be_initgroups_prereq(struct be_req *be_req) { struct be_acct_req *ar = talloc_get_type(be_req_get_data(be_req), struct be_acct_req); struct be_initgr_prereq *pr; struct ldb_result *res; errno_t ret; const char *tmpstr; int i; ret = sysdb_initgroups(be_req, be_req->be_ctx->domain->sysdb, be_req->be_ctx->domain, ar->filter_value, &res); if (ret && ret != ENOENT) { return ret; } /* if the user is completely missing there is no need to contact NSS, * it would be a noop */ if (ret == ENOENT || res->count == 0) { /* yet unknown, ignore */ return EOK; } pr = talloc(be_req, struct be_initgr_prereq); if (!pr) { return ENOMEM; } pr->groups = talloc_array(pr, gid_t, res->count); if (!pr->groups) { return ENOMEM; } tmpstr = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); if (!tmpstr) { return EINVAL; } pr->user = talloc_strdup(pr, tmpstr); if (!pr->user) { return ENOMEM; } pr->domain = talloc_strdup(pr, be_req->be_ctx->domain->name); if (!pr->domain) { return ENOMEM; } /* The first GID is the primary so it might be duplicated * later in the list */ for (pr->gnum = 0, i = 0; i < res->count; i++) { pr->groups[pr->gnum] = ldb_msg_find_attr_as_uint(res->msgs[i], SYSDB_GIDNUM, 0); /* if 0 it may be a non-posix group, so we skip it */ if (pr->groups[pr->gnum] != 0) { pr->gnum++; } } talloc_zfree(res); pr->orig_pvt_data = be_req->pvt; be_req->pvt = pr; be_req->fn = acctinfo_initgroups_callback; return EOK; } static errno_t be_file_account_request(struct be_req *be_req, struct be_acct_req *ar) { errno_t ret; struct be_ctx *be_ctx = be_req->be_ctx; be_req->req_data = ar; /* see if we need a pre request call, only done for initgroups for now */ if ((ar->entry_type & 0xFF) == BE_REQ_INITGROUPS) { ret = be_initgroups_prereq(be_req); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Prerequest failed")); return ret; } } /* process request */ ret = be_file_request(be_ctx, be_req, be_ctx->bet_info[BET_ID].bet_ops->handler); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to file request")); return ret; } return EOK; } static errno_t split_name_extended(TALLOC_CTX *mem_ctx, const char *filter, char **name, char **extended) { char *p; *name = talloc_strdup(mem_ctx, filter); if (!*name) { return ENOENT; } p = strchr(*name, ':'); if (p) { /* Extended info included */ *p = '\0'; *extended = p + 1; } else { *extended = NULL; } return EOK; } static void be_get_account_info_done(struct be_req *be_req, int dp_err, int dp_ret, const char *errstr); struct be_get_account_info_state { int err_maj; int err_min; const char *err_msg; }; struct tevent_req * be_get_account_info_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_client *becli, struct be_ctx *be_ctx, struct be_acct_req *ar) { struct tevent_req *req; struct be_get_account_info_state *state; struct be_req *be_req; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct be_get_account_info_state); if (!req) return NULL; be_req = be_req_create(state, becli, be_ctx, be_get_account_info_done, req); if (!be_req) { ret = ENOMEM; goto done; } ret = be_req_set_domain(be_req, ar->domain); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set request domain [%d]: %s\n", ret, sss_strerror(ret))); goto done; } ret = be_file_account_request(be_req, ar); if (ret != EOK) { goto done; } return req; done: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void be_get_account_info_done(struct be_req *be_req, int dp_err, int dp_ret, const char *errstr) { struct tevent_req *req; struct be_get_account_info_state *state; req = talloc_get_type(be_req->pvt, struct tevent_req); state = tevent_req_data(req, struct be_get_account_info_state); state->err_maj = dp_err; state->err_min = dp_ret; if (errstr) { state->err_msg = talloc_strdup(state, errstr); if (state->err_msg == NULL) { talloc_free(be_req); tevent_req_error(req, ENOMEM); return; } } talloc_free(be_req); tevent_req_done(req); } errno_t be_get_account_info_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, int *_err_maj, int *_err_min, const char **_err_msg) { struct be_get_account_info_state *state; state = tevent_req_data(req, struct be_get_account_info_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_err_maj) { *_err_maj = state->err_maj; } if (_err_min) { *_err_min = state->err_min; } if (_err_msg) { *_err_msg = talloc_steal(mem_ctx, state->err_msg); } return EOK; } static int be_get_account_info(DBusMessage *message, struct sbus_connection *conn) { struct be_acct_req *req; struct be_req *be_req; struct be_client *becli; DBusMessage *reply; DBusError dbus_error; dbus_bool_t dbret; void *user_data; uint32_t type; char *filter; char *domain; uint32_t attr_type; int ret; dbus_uint16_t err_maj; dbus_uint32_t err_min; const char *err_msg; be_req = NULL; user_data = sbus_conn_get_private_data(conn); if (!user_data) return EINVAL; becli = talloc_get_type(user_data, struct be_client); if (!becli) return EINVAL; dbus_error_init(&dbus_error); ret = dbus_message_get_args(message, &dbus_error, DBUS_TYPE_UINT32, &type, DBUS_TYPE_UINT32, &attr_type, DBUS_TYPE_STRING, &filter, DBUS_TYPE_STRING, &domain, DBUS_TYPE_INVALID); if (!ret) { DEBUG(1,("Failed, to parse message!\n")); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); return EIO; } DEBUG(4, ("Got request for [%u][%d][%s]\n", type, attr_type, filter)); reply = dbus_message_new_method_return(message); if (!reply) return ENOMEM; /* If we are offline and fast reply was requested * return offline immediately */ if ((type & BE_REQ_FAST) && becli->bectx->offstat.offline) { /* Send back an immediate reply */ err_maj = DP_ERR_OFFLINE; err_min = EAGAIN; err_msg = "Fast reply - offline"; dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &err_maj, DBUS_TYPE_UINT32, &err_min, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) return EIO; DEBUG(4, ("Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg)); sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); reply = NULL; /* This reply will be queued and sent * when we reenter the mainloop. * * Continue processing in case we are * going back online. */ } be_req = be_req_create(becli, becli, becli->bectx, acctinfo_callback, reply); if (!be_req) { err_maj = DP_ERR_FATAL; err_min = ENOMEM; err_msg = "Out of memory"; goto done; } ret = be_req_set_domain(be_req, domain); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set request domain [%d]: %s\n", ret, sss_strerror(ret))); err_maj = DP_ERR_FATAL; err_min = ret; err_msg = sss_strerror(ret); goto done; } req = talloc(be_req, struct be_acct_req); if (!req) { err_maj = DP_ERR_FATAL; err_min = ENOMEM; err_msg = "Out of memory"; goto done; } req->entry_type = type; req->attr_type = (int)attr_type; req->domain = talloc_strdup(req, domain); if (!req->domain) { err_maj = DP_ERR_FATAL; err_min = ENOMEM; err_msg = "Out of memory"; goto done; } if ((attr_type != BE_ATTR_CORE) && (attr_type != BE_ATTR_MEM) && (attr_type != BE_ATTR_ALL)) { /* Unrecognized attr type */ err_maj = DP_ERR_FATAL; err_min = EINVAL; err_msg = "Invalid Attrs Parameter"; goto done; } if (filter) { ret = EOK; if (strncmp(filter, "name=", 5) == 0) { req->filter_type = BE_FILTER_NAME; ret = split_name_extended(req, &filter[5], &req->filter_value, &req->extra_value); } else if (strncmp(filter, "idnumber=", 9) == 0) { req->filter_type = BE_FILTER_IDNUM; ret = split_name_extended(req, &filter[9], &req->filter_value, &req->extra_value); } else if (strncmp(filter, DP_SEC_ID"=", DP_SEC_ID_LEN + 1) == 0) { req->filter_type = BE_FILTER_SECID; ret = split_name_extended(req, &filter[DP_SEC_ID_LEN + 1], &req->filter_value, &req->extra_value); } else if (strcmp(filter, ENUM_INDICATOR) == 0) { req->filter_type = BE_FILTER_ENUM; req->filter_value = NULL; } else { err_maj = DP_ERR_FATAL; err_min = EINVAL; err_msg = "Invalid Filter"; goto done; } if (ret != EOK) { err_maj = DP_ERR_FATAL; err_min = EINVAL; err_msg = "Invalid Filter"; goto done; } } else { err_maj = DP_ERR_FATAL; err_min = EINVAL; err_msg = "Missing Filter Parameter"; goto done; } ret = be_file_account_request(be_req, req); if (ret != EOK) { err_maj = DP_ERR_FATAL; err_min = ret; err_msg = "Cannot file account request"; goto done; } return EOK; done: if (be_req) { talloc_free(be_req); } if (reply) { dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &err_maj, DBUS_TYPE_UINT32, &err_min, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) return EIO; DEBUG(4, ("Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg)); /* send reply back */ sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); } return EOK; } static void be_pam_handler_callback(struct be_req *req, int dp_err_type, int errnum, const char *errstr) { struct be_client *becli = req->becli; struct pam_data *pd; DBusMessage *reply; DBusConnection *dbus_conn; dbus_bool_t dbret; errno_t ret; DEBUG(4, ("Backend returned: (%d, %d, %s) [%s]\n", dp_err_type, errnum, errstr?errstr:"", dp_pam_err_to_string(req, dp_err_type, errnum))); pd = talloc_get_type(be_req_get_data(req), struct pam_data); if (pd->cmd == SSS_PAM_ACCT_MGMT && pd->pam_status == PAM_SUCCESS && req->phase == REQ_PHASE_ACCESS && dp_err_type == DP_ERR_OK) { if (!becli->bectx->bet_info[BET_SELINUX].bet_ops) { DEBUG(SSSDBG_TRACE_FUNC, ("SELinux provider doesn't exist, " "not sending the request to it.\n")); } else { req->phase = REQ_PHASE_SELINUX; /* Now is the time to call SELinux provider */ ret = be_file_request(becli->bectx->bet_info[BET_SELINUX].pvt_bet_data, req, becli->bectx->bet_info[BET_SELINUX].bet_ops->handler); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("be_file_request failed.\n")); goto done; } return; } } DEBUG(4, ("Sending result [%d][%s]\n", pd->pam_status, pd->domain)); reply = (DBusMessage *)req->pvt; dbret = dp_pack_pam_response(reply, pd); if (!dbret) { DEBUG(1, ("Failed to generate dbus reply\n")); dbus_message_unref(reply); goto done; } dbus_conn = sbus_get_connection(req->becli->conn); if (!dbus_conn) { DEBUG(SSSDBG_CRIT_FAILURE, ("D-BUS not connected\n")); goto done; } dbus_connection_send(dbus_conn, reply, NULL); dbus_message_unref(reply); DEBUG(4, ("Sent result [%d][%s]\n", pd->pam_status, pd->domain)); done: talloc_free(req); } static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) { DBusError dbus_error; DBusMessage *reply; struct be_client *becli; dbus_bool_t ret; void *user_data; struct pam_data *pd = NULL; struct be_req *be_req = NULL; enum bet_type target = BET_NULL; user_data = sbus_conn_get_private_data(conn); if (!user_data) return EINVAL; becli = talloc_get_type(user_data, struct be_client); if (!becli) return EINVAL; reply = dbus_message_new_method_return(message); if (!reply) { DEBUG(1, ("dbus_message_new_method_return failed, cannot send reply.\n")); return ENOMEM; } be_req = be_req_create(becli, becli, becli->bectx, be_pam_handler_callback, reply); if (!be_req) { DEBUG(7, ("talloc_zero failed.\n")); dbus_message_unref(reply); return ENOMEM; } dbus_error_init(&dbus_error); ret = dp_unpack_pam_request(message, be_req, &pd, &dbus_error); if (!ret) { DEBUG(1,("Failed, to parse message!\n")); talloc_free(be_req); return EIO; } pd->pam_status = PAM_SYSTEM_ERR; if (pd->domain == NULL) { pd->domain = talloc_strdup(pd, becli->bectx->domain->name); if (pd->domain == NULL) { talloc_free(be_req); return ENOMEM; } } ret = be_req_set_domain(be_req, pd->domain); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set request domain [%d]: %s\n", ret, sss_strerror(ret))); pd->pam_status = PAM_SYSTEM_ERR; goto done; } DEBUG(4, ("Got request with the following data\n")); DEBUG_PAM_DATA(4, pd); switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: target = BET_AUTH; break; case SSS_PAM_ACCT_MGMT: target = BET_ACCESS; be_req->phase = REQ_PHASE_ACCESS; break; case SSS_PAM_CHAUTHTOK: case SSS_PAM_CHAUTHTOK_PRELIM: target = BET_CHPASS; break; case SSS_PAM_OPEN_SESSION: case SSS_PAM_SETCRED: case SSS_PAM_CLOSE_SESSION: pd->pam_status = PAM_SUCCESS; goto done; break; default: DEBUG(7, ("Unsupported PAM command [%d].\n", pd->cmd)); pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } /* return PAM_MODULE_UNKNOWN if corresponding backend target is not * configured */ if (!becli->bectx->bet_info[target].bet_ops) { DEBUG(7, ("Undefined backend target.\n")); pd->pam_status = PAM_MODULE_UNKNOWN; goto done; } be_req->req_data = pd; ret = be_file_request(becli->bectx->bet_info[target].pvt_bet_data, be_req, becli->bectx->bet_info[target].bet_ops->handler); if (ret != EOK) { DEBUG(7, ("be_file_request failed.\n")); goto done; } return EOK; done: DEBUG(4, ("Sending result [%d][%s]\n", pd->pam_status, pd->domain)); ret = dp_pack_pam_response(reply, pd); if (!ret) { DEBUG(1, ("Failed to generate dbus reply\n")); talloc_free(be_req); dbus_message_unref(reply); return EIO; } /* send reply back immediately */ sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); talloc_free(be_req); return EOK; } static void be_sudo_handler_reply(struct sbus_connection *conn, DBusMessage *reply, dbus_uint16_t dp_err, dbus_uint32_t dp_ret, const char *errstr) { DBusConnection *dbus_conn = NULL; dbus_bool_t dbret; const char *err_msg = NULL; if (reply == NULL) { return; } err_msg = errstr ? errstr : "No errmsg set\n"; dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &dp_err, DBUS_TYPE_UINT32, &dp_ret, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to generate dbus reply\n")); return; } DEBUG(SSSDBG_FUNC_DATA, ("SUDO Backend returned: (%d, %d, %s)\n", dp_err, dp_ret, errstr ? errstr : "")); dbus_conn = sbus_get_connection(conn); if (!dbus_conn) { DEBUG(SSSDBG_CRIT_FAILURE, ("D-BUS not connected\n")); return; } dbus_connection_send(dbus_conn, reply, NULL); dbus_message_unref(reply); } static void be_sudo_handler_callback(struct be_req *req, int dp_err, int dp_ret, const char *errstr) { DBusMessage *reply = NULL; reply = (DBusMessage*)(req->pvt); be_sudo_handler_reply(req->becli->conn, reply, dp_err, dp_ret, errstr); talloc_free(req); } static int be_sudo_handler(DBusMessage *message, struct sbus_connection *conn) { DBusError dbus_error; DBusMessage *reply = NULL; DBusMessageIter iter; dbus_bool_t iter_next = FALSE; struct be_client *be_cli = NULL; struct be_req *be_req = NULL; struct be_sudo_req *sudo_req = NULL; void *user_data = NULL; int ret = 0; uint32_t type; uint32_t rules_num = 0; const char *rule = NULL; const char *err_msg = NULL; int i; DEBUG(SSSDBG_TRACE_FUNC, ("Entering be_sudo_handler()\n")); user_data = sbus_conn_get_private_data(conn); if (user_data == NULL) { return EINVAL; } be_cli = talloc_get_type(user_data, struct be_client); if (be_cli == NULL) { return EINVAL; } reply = dbus_message_new_method_return(message); if (!reply) { DEBUG(SSSDBG_CRIT_FAILURE, ("dbus_message_new_method_return failed, cannot send reply.\n")); return ENOMEM; } /* create be request */ be_req = be_req_create(be_cli, be_cli, be_cli->bectx, be_sudo_handler_callback, reply); if (be_req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); dbus_message_unref(reply); return ENOMEM; } dbus_error_init(&dbus_error); dbus_message_iter_init(message, &iter); /* get type of the request */ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_UINT32) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed, to parse the message!\n")); ret = EIO; err_msg = "Invalid D-Bus message format"; goto fail; } dbus_message_iter_get_basic(&iter, &type); dbus_message_iter_next(&iter); /* step behind the request type */ /* If we are offline and fast reply was requested * return offline immediately */ if ((type & BE_REQ_FAST) && be_cli->bectx->offstat.offline) { be_sudo_handler_reply(conn, reply, DP_ERR_OFFLINE, EAGAIN, "Fast reply - offline"); reply = NULL; /* This reply will be queued and sent * when we reenter the mainloop. * * Continue processing in case we are * going back online. */ } /* get and set sudo request data */ sudo_req = talloc_zero(be_req, struct be_sudo_req); if (sudo_req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); goto fail; } sudo_req->type = (~BE_REQ_FAST) & type; /* get additional arguments according to the request type */ switch (sudo_req->type) { case BE_REQ_SUDO_FULL: /* no arguments required */ break; case BE_REQ_SUDO_RULES: /* additional arguments: * rules_num * rules[rules_num] */ /* read rules_num */ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_UINT32) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed, to parse the message!\n")); ret = EIO; err_msg = "Invalid D-Bus message format"; goto fail; } dbus_message_iter_get_basic(&iter, &rules_num); sudo_req->rules = talloc_array(sudo_req, char*, rules_num + 1); if (sudo_req->rules == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_array failed.\n")); ret = ENOMEM; goto fail; } /* read the rules */ for (i = 0; i < rules_num; i++) { iter_next = dbus_message_iter_next(&iter); if (iter_next == FALSE) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed, to parse the message!\n")); ret = EIO; err_msg = "Invalid D-Bus message format"; goto fail; } if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_STRING) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed, to parse the message!\n")); ret = EIO; err_msg = "Invalid D-Bus message format"; goto fail; } dbus_message_iter_get_basic(&iter, &rule); sudo_req->rules[i] = talloc_strdup(sudo_req->rules, rule); if (sudo_req->rules[i] == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto fail; } } sudo_req->rules[rules_num] = NULL; break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid request type %d\n", sudo_req->type)); ret = EINVAL; err_msg = "Invalid DP request type"; goto fail; } be_req->req_data = sudo_req; /* return an error if corresponding backend target is not configured */ if (!be_cli->bectx->bet_info[BET_SUDO].bet_ops) { DEBUG(SSSDBG_CRIT_FAILURE, ("Undefined backend target.\n")); ret = ENODEV; goto fail; } ret = be_file_request(be_cli->bectx->bet_info[BET_SUDO].pvt_bet_data, be_req, be_cli->bectx->bet_info[BET_SUDO].bet_ops->handler); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("be_file_request failed.\n")); err_msg = "Cannot file back end request"; goto fail; } return EOK; fail: /* send reply back immediately */ be_sudo_handler_callback(be_req, DP_ERR_FATAL, ret, err_msg ? err_msg : strerror(ret)); return EOK; } static void be_autofs_handler_callback(struct be_req *req, int dp_err_type, int errnum, const char *errstr); static int be_autofs_handler(DBusMessage *message, struct sbus_connection *conn) { DBusError dbus_error; DBusMessage *reply = NULL; dbus_bool_t dbret; struct be_client *be_cli = NULL; struct be_req *be_req = NULL; struct be_autofs_req *be_autofs_req = NULL; void *user_data = NULL; int ret = 0; uint32_t type; char *filter; char *filter_val; dbus_uint16_t err_maj; dbus_uint32_t err_min; const char *err_msg; DEBUG(SSSDBG_TRACE_FUNC, ("Entering be_autofs_handler()\n")); user_data = sbus_conn_get_private_data(conn); if (user_data == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get SBUS private data\n")); return EINVAL; } be_cli = talloc_get_type(user_data, struct be_client); if (be_cli == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get back end client context\n")); return EINVAL; } dbus_error_init(&dbus_error); ret = dbus_message_get_args(message, &dbus_error, DBUS_TYPE_UINT32, &type, DBUS_TYPE_STRING, &filter, DBUS_TYPE_INVALID); if (!ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed, to parse message!\n")); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); return EIO; } reply = dbus_message_new_method_return(message); if (!reply) { DEBUG(SSSDBG_CRIT_FAILURE, ("dbus_message_new_method_return failed, cannot send reply.\n")); return ENOMEM; } /* If we are offline and fast reply was requested * return offline immediately */ if ((type & BE_REQ_FAST) && be_cli->bectx->offstat.offline) { /* Send back an immediate reply */ err_maj = DP_ERR_OFFLINE; err_min = EAGAIN; err_msg = "Fast reply - offline"; dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &err_maj, DBUS_TYPE_UINT32, &err_min, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) return EIO; DEBUG(SSSDBG_TRACE_LIBS, ("Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg)); sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); reply = NULL; /* This reply will be queued and sent * when we reenter the mainloop. * * Continue processing in case we are * going back online. */ } if (filter) { if (strncmp(filter, "mapname=", 8) == 0) { filter_val = &filter[8]; } else { err_maj = DP_ERR_FATAL; err_min = EINVAL; err_msg = "Invalid Filter"; goto done; } } else { err_maj = DP_ERR_FATAL; err_min = EINVAL; err_msg = "Missing Filter Parameter"; goto done; } /* create be request */ be_req = be_req_create(be_cli, be_cli, be_cli->bectx, be_autofs_handler_callback, reply); if (be_req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); err_maj = DP_ERR_FATAL; err_min = ENOMEM; err_msg = "Out of memory"; goto done; } /* set autofs request data */ be_autofs_req = talloc_zero(be_req, struct be_autofs_req); if (be_autofs_req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); err_maj = DP_ERR_FATAL; err_min = ENOMEM; err_msg = "Out of memory"; goto done; } be_autofs_req->mapname = talloc_strdup(be_autofs_req, filter_val); if (be_autofs_req->mapname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed.\n")); err_maj = DP_ERR_FATAL; err_min = ENOMEM; err_msg = "Out of memory"; goto done; } /* If a request for auto.master comes in, the automounter deamon * has been reloaded. Expire all autofs maps to force reload */ if (strcmp(be_autofs_req->mapname, "auto.master") == 0) { be_autofs_req->invalidate = true; } be_req->req_data = be_autofs_req; if (!be_cli->bectx->bet_info[BET_AUTOFS].bet_ops) { DEBUG(SSSDBG_CRIT_FAILURE, ("Undefined backend target.\n")); err_maj = DP_ERR_FATAL; err_min = ENODEV; err_msg = "Autofs back end target is not configured"; goto done; } ret = be_file_request(be_cli->bectx->bet_info[BET_AUTOFS].pvt_bet_data, be_req, be_cli->bectx->bet_info[BET_AUTOFS].bet_ops->handler); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("be_file_request failed.\n")); err_maj = DP_ERR_FATAL; err_min = ENODEV; err_msg = "Cannot file back end request"; goto done; } return EOK; done: if (be_req) { talloc_free(be_req); } if (reply) { dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &err_maj, DBUS_TYPE_UINT32, &err_min, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) return EIO; DEBUG(SSSDBG_TRACE_LIBS, ("Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg)); /* send reply back */ sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); } return EOK; } static void be_autofs_handler_callback(struct be_req *req, int dp_err_type, int errnum, const char *errstr) { DBusMessage *reply; DBusConnection *dbus_conn; dbus_bool_t dbret; dbus_uint16_t err_maj = 0; dbus_uint32_t err_min = 0; const char *err_msg = NULL; reply = (DBusMessage *)req->pvt; if (reply) { /* Return a reply if one was requested * There may not be one if this request began * while we were offline */ err_maj = dp_err_type; err_min = errnum; if (errstr) { err_msg = errstr; } else { err_msg = dp_pam_err_to_string(req, dp_err_type, errnum); } if (!err_msg) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to set err_msg, Out of memory?\n")); err_msg = "OOM"; } dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &err_maj, DBUS_TYPE_UINT32, &err_min, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to generate dbus reply\n")); return; } dbus_conn = sbus_get_connection(req->becli->conn); if (!dbus_conn) { DEBUG(SSSDBG_CRIT_FAILURE, ("D-BUS not connected\n")); return; } dbus_connection_send(dbus_conn, reply, NULL); dbus_message_unref(reply); DEBUG(SSSDBG_TRACE_LIBS, ("Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg)); } /* finally free the request */ talloc_free(req); } static int be_host_handler(DBusMessage *message, struct sbus_connection *conn) { struct be_host_req *req; struct be_req *be_req; struct be_client *becli; DBusMessage *reply; DBusError dbus_error; dbus_bool_t dbret; void *user_data; uint32_t flags; char *filter; int ret; dbus_uint16_t err_maj; dbus_uint32_t err_min; const char *err_msg; be_req = NULL; user_data = sbus_conn_get_private_data(conn); if (!user_data) return EINVAL; becli = talloc_get_type(user_data, struct be_client); if (!becli) return EINVAL; dbus_error_init(&dbus_error); ret = dbus_message_get_args(message, &dbus_error, DBUS_TYPE_UINT32, &flags, DBUS_TYPE_STRING, &filter, DBUS_TYPE_INVALID); if (!ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed, to parse message!\n")); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); return EIO; } DEBUG(SSSDBG_TRACE_LIBS, ("Got request for [%u][%s]\n", flags, filter)); reply = dbus_message_new_method_return(message); if (!reply) return ENOMEM; /* If we are offline and fast reply was requested * return offline immediately */ if ((flags & BE_REQ_FAST) && becli->bectx->offstat.offline) { /* Send back an immediate reply */ err_maj = DP_ERR_OFFLINE; err_min = EAGAIN; err_msg = "Fast reply - offline"; dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &err_maj, DBUS_TYPE_UINT32, &err_min, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) return EIO; DEBUG(SSSDBG_TRACE_LIBS, ("Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg)); sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); reply = NULL; /* This reply will be queued and sent * when we reenter the mainloop. * * Continue processing in case we are * going back online. */ } be_req = be_req_create(becli, becli, becli->bectx, acctinfo_callback, reply); if (!be_req) { err_maj = DP_ERR_FATAL; err_min = ENOMEM; err_msg = "Out of memory"; goto done; } req = talloc(be_req, struct be_host_req); if (!req) { err_maj = DP_ERR_FATAL; err_min = ENOMEM; err_msg = "Out of memory"; goto done; } req->type = BE_REQ_HOST | (flags & BE_REQ_FAST); be_req->req_data = req; if (filter) { ret = strncmp(filter, "name=", 5); if (ret == 0) { req->filter_type = BE_FILTER_NAME; ret = split_name_extended(req, &filter[5], &req->name, &req->alias); } if (ret) { err_maj = DP_ERR_FATAL; err_min = EINVAL; err_msg = "Invalid Filter"; goto done; } } else { err_maj = DP_ERR_FATAL; err_min = EINVAL; err_msg = "Missing Filter Parameter"; goto done; } /* process request */ if (!becli->bectx->bet_info[BET_HOSTID].bet_ops) { DEBUG(SSSDBG_CRIT_FAILURE, ("Undefined backend target.\n")); err_maj = DP_ERR_FATAL; err_min = ENODEV; err_msg = "HostID back end target is not configured"; goto done; } ret = be_file_request(becli->bectx->bet_info[BET_HOSTID].pvt_bet_data, be_req, becli->bectx->bet_info[BET_HOSTID].bet_ops->handler); if (ret != EOK) { err_maj = DP_ERR_FATAL; err_min = ret; err_msg = "Failed to file request"; goto done; } return EOK; done: if (be_req) { talloc_free(be_req); } if (reply) { dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &err_maj, DBUS_TYPE_UINT32, &err_min, DBUS_TYPE_STRING, &err_msg, DBUS_TYPE_INVALID); if (!dbret) return EIO; DEBUG(SSSDBG_TRACE_LIBS, ("Request processed. Returned %d,%d,%s\n", err_maj, err_min, err_msg)); /* send reply back */ sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); } return EOK; } static int be_client_destructor(void *ctx) { struct be_client *becli = talloc_get_type(ctx, struct be_client); if (becli->bectx) { if (becli->bectx->nss_cli == becli) { DEBUG(SSSDBG_TRACE_FUNC, ("Removed NSS client\n")); becli->bectx->nss_cli = NULL; } else if (becli->bectx->pam_cli == becli) { DEBUG(SSSDBG_TRACE_FUNC, ("Removed PAM client\n")); becli->bectx->pam_cli = NULL; } else if (becli->bectx->sudo_cli == becli) { DEBUG(SSSDBG_TRACE_FUNC, ("Removed SUDO client\n")); becli->bectx->sudo_cli = NULL; } else if (becli->bectx->autofs_cli == becli) { DEBUG(SSSDBG_TRACE_FUNC, ("Removed autofs client\n")); becli->bectx->autofs_cli = NULL; } else if (becli->bectx->ssh_cli == becli) { DEBUG(SSSDBG_TRACE_FUNC, ("Removed SSH client\n")); becli->bectx->ssh_cli = NULL; } else if (becli->bectx->pac_cli == becli) { DEBUG(SSSDBG_TRACE_FUNC, ("Removed PAC client\n")); becli->bectx->pac_cli = NULL; } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown client removed ...\n")); } } return 0; } static int client_registration(DBusMessage *message, struct sbus_connection *conn) { dbus_uint16_t version = DATA_PROVIDER_VERSION; struct be_client *becli; DBusMessage *reply; DBusError dbus_error; dbus_uint16_t cli_ver; char *cli_name; dbus_bool_t dbret; void *data; data = sbus_conn_get_private_data(conn); becli = talloc_get_type(data, struct be_client); if (!becli) { DEBUG(0, ("Connection holds no valid init data\n")); return EINVAL; } /* First thing, cancel the timeout */ DEBUG(4, ("Cancel DP ID timeout [%p]\n", becli->timeout)); talloc_zfree(becli->timeout); dbus_error_init(&dbus_error); dbret = dbus_message_get_args(message, &dbus_error, DBUS_TYPE_UINT16, &cli_ver, DBUS_TYPE_STRING, &cli_name, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(1, ("Failed to parse message, killing connection\n")); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); sbus_disconnect(conn); /* FIXME: should we just talloc_zfree(conn) ? */ return EIO; } if (strcasecmp(cli_name, "NSS") == 0) { becli->bectx->nss_cli = becli; } else if (strcasecmp(cli_name, "PAM") == 0) { becli->bectx->pam_cli = becli; } else if (strcasecmp(cli_name, "SUDO") == 0) { becli->bectx->sudo_cli = becli; } else if (strcasecmp(cli_name, "autofs") == 0) { becli->bectx->autofs_cli = becli; } else if (strcasecmp(cli_name, "SSH") == 0) { becli->bectx->ssh_cli = becli; } else if (strcasecmp(cli_name, "PAC") == 0) { becli->bectx->pac_cli = becli; } else { DEBUG(1, ("Unknown client! [%s]\n", cli_name)); } talloc_set_destructor((TALLOC_CTX *)becli, be_client_destructor); DEBUG(4, ("Added Frontend client [%s]\n", cli_name)); /* reply that all is ok */ reply = dbus_message_new_method_return(message); if (!reply) { DEBUG(0, ("Dbus Out of memory!\n")); return ENOMEM; } dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &version, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(0, ("Failed to build dbus reply\n")); dbus_message_unref(reply); sbus_disconnect(conn); return EIO; } /* send reply back */ sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); becli->initialized = true; return EOK; } static errno_t be_file_check_online_request(struct be_req *req) { int ret; req->be_ctx->offstat.went_offline = time(NULL); reset_fo(req->be_ctx); ret = be_file_request(req->be_ctx, req, req->be_ctx->bet_info[BET_ID].bet_ops->check_online); if (ret != EOK) { DEBUG(1, ("be_file_request failed.\n")); } return ret; } static void check_online_callback(struct be_req *req, int dp_err_type, int errnum, const char *errstr) { int ret; DEBUG(4, ("Backend returned: (%d, %d, %s) [%s]\n", dp_err_type, errnum, errstr?errstr:"", dp_pam_err_to_string(req, dp_err_type, errnum))); req->be_ctx->check_online_ref_count--; if (dp_err_type != DP_ERR_OK && req->be_ctx->check_online_ref_count > 0) { ret = be_file_check_online_request(req); if (ret != EOK) { DEBUG(1, ("be_file_check_online_request failed.\n")); goto done; } return; } done: req->be_ctx->check_online_ref_count = 0; if (dp_err_type != DP_ERR_OFFLINE) { if (dp_err_type != DP_ERR_OK) { reset_fo(req->be_ctx); } be_reset_offline(req->be_ctx); } talloc_free(req); return; } static void check_if_online(struct be_ctx *ctx) { int ret; struct be_req *be_req = NULL; be_run_unconditional_online_cb(ctx); if (ctx->offstat.offline == false) { DEBUG(8, ("Backend is already online, nothing to do.\n")); return; } /* Make sure nobody tries to go online while we are checking */ ctx->offstat.went_offline = time(NULL); DEBUG(8, ("Trying to go back online!\n")); ctx->check_online_ref_count++; if (ctx->check_online_ref_count != 1) { DEBUG(8, ("There is an online check already running.\n")); return; } if (ctx->bet_info[BET_ID].bet_ops->check_online == NULL) { DEBUG(8, ("ID providers does not provide a check_online method.\n")); goto failed; } be_req = be_req_create(ctx, NULL, ctx, check_online_callback, NULL); if (be_req == NULL) { DEBUG(1, ("talloc_zero failed.\n")); goto failed; } ret = be_file_check_online_request(be_req); if (ret != EOK) { DEBUG(1, ("be_file_check_online_request failed.\n")); goto failed; } return; failed: ctx->check_online_ref_count--; DEBUG(1, ("Failed to run a check_online test.\n")); talloc_free(be_req); if (ctx->check_online_ref_count == 0) { reset_fo(ctx); be_reset_offline(ctx); } return; } static void init_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { struct be_client *becli; DEBUG(2, ("Client timed out before Identification [%p]!\n", te)); becli = talloc_get_type(ptr, struct be_client); sbus_disconnect(becli->conn); talloc_zfree(becli); } static int be_client_init(struct sbus_connection *conn, void *data) { struct be_ctx *bectx; struct be_client *becli; struct timeval tv; bectx = talloc_get_type(data, struct be_ctx); /* hang off this memory to the connection so that when the connection * is freed we can potentially call a destructor */ becli = talloc(conn, struct be_client); if (!becli) { DEBUG(0,("Out of memory?!\n")); talloc_zfree(conn); return ENOMEM; } becli->bectx = bectx; becli->conn = conn; becli->initialized = false; /* 5 seconds should be plenty */ tv = tevent_timeval_current_ofs(5, 0); becli->timeout = tevent_add_timer(bectx->ev, becli, tv, init_timeout, becli); if (!becli->timeout) { DEBUG(0,("Out of memory?!\n")); talloc_zfree(conn); return ENOMEM; } DEBUG(4, ("Set-up Backend ID timeout [%p]\n", becli->timeout)); /* Attach the client context to the connection context, so that it is * always available when we need to manage the connection. */ sbus_conn_set_private_data(conn, becli); return EOK; } /* be_srv_init * set up per-domain sbus channel */ static int be_srv_init(struct be_ctx *ctx) { char *sbus_address; int ret; /* Set up SBUS connection to the monitor */ ret = dp_get_sbus_address(ctx, &sbus_address, ctx->domain->name); if (ret != EOK) { DEBUG(0, ("Could not get sbus backend address.\n")); return ret; } ret = sbus_new_server(ctx, ctx->ev, sbus_address, &be_interface, true, &ctx->sbus_srv, be_client_init, ctx); if (ret != EOK) { DEBUG(0, ("Could not set up sbus server.\n")); return ret; } return EOK; } static void be_target_access_permit(struct be_req *be_req) { struct pam_data *pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); DEBUG(9, ("be_target_access_permit called, returning PAM_SUCCESS.\n")); pd->pam_status = PAM_SUCCESS; be_req_terminate(be_req, DP_ERR_OK, PAM_SUCCESS, NULL); } static struct bet_ops be_target_access_permit_ops = { .check_online = NULL, .handler = be_target_access_permit, .finalize = NULL }; static void be_target_access_deny(struct be_req *be_req) { struct pam_data *pd = talloc_get_type(be_req_get_data(be_req), struct pam_data); DEBUG(9, ("be_target_access_deny called, returning PAM_PERM_DENIED.\n")); pd->pam_status = PAM_PERM_DENIED; be_req_terminate(be_req, DP_ERR_OK, PAM_PERM_DENIED, NULL); } static struct bet_ops be_target_access_deny_ops = { .check_online = NULL, .handler = be_target_access_deny, .finalize = NULL }; static int load_backend_module(struct be_ctx *ctx, enum bet_type bet_type, struct bet_info *bet_info, const char *default_mod_name) { TALLOC_CTX *tmp_ctx; int ret = EINVAL; bool already_loaded = false; int lb=0; char *mod_name = NULL; char *path = NULL; void *handle; char *mod_init_fn_name = NULL; bet_init_fn_t mod_init_fn = NULL; (*bet_info).bet_type = bet_type; (*bet_info).mod_name = NULL; (*bet_info).bet_ops = NULL; (*bet_info).pvt_bet_data = NULL; if (bet_type <= BET_NULL || bet_type >= BET_MAX || bet_type != bet_data[bet_type].bet_type) { DEBUG(2, ("invalid bet_type or bet_data corrupted.\n")); return EINVAL; } tmp_ctx = talloc_new(ctx); if (!tmp_ctx) { DEBUG(7, ("talloc_new failed.\n")); return ENOMEM; } ret = confdb_get_string(ctx->cdb, tmp_ctx, ctx->conf_path, bet_data[bet_type].option_name, NULL, &mod_name); if (ret != EOK) { ret = EFAULT; goto done; } if (!mod_name) { if (default_mod_name != NULL) { DEBUG(5, ("no module name found in confdb, using [%s].\n", default_mod_name)); mod_name = talloc_strdup(ctx, default_mod_name); } else { ret = ENOENT; goto done; } } if (strcasecmp(mod_name, NO_PROVIDER) == 0) { ret = ENOENT; goto done; } if (bet_type == BET_ACCESS) { if (strcmp(mod_name, ACCESS_PERMIT) == 0) { (*bet_info).bet_ops = &be_target_access_permit_ops; (*bet_info).pvt_bet_data = NULL; (*bet_info).mod_name = talloc_strdup(ctx, ACCESS_PERMIT); ret = EOK; goto done; } if (strcmp(mod_name, ACCESS_DENY) == 0) { (*bet_info).bet_ops = &be_target_access_deny_ops; (*bet_info).pvt_bet_data = NULL; (*bet_info).mod_name = talloc_strdup(ctx, ACCESS_DENY); ret = EOK; goto done; } } mod_init_fn_name = talloc_asprintf(tmp_ctx, bet_data[bet_type].mod_init_fn_name_fmt, mod_name); if (mod_init_fn_name == NULL) { DEBUG(7, ("talloc_asprintf failed\n")); ret = ENOMEM; goto done; } lb = 0; while(ctx->loaded_be[lb].be_name != NULL) { if (strncmp(ctx->loaded_be[lb].be_name, mod_name, strlen(mod_name)) == 0) { DEBUG(7, ("Backend [%s] already loaded.\n", mod_name)); already_loaded = true; break; } ++lb; if (lb >= BET_MAX) { DEBUG(2, ("Backend context corrupted.\n")); ret = EINVAL; goto done; } } if (!already_loaded) { path = talloc_asprintf(tmp_ctx, "%s/libsss_%s.so", DATA_PROVIDER_PLUGINS_PATH, mod_name); if (!path) { ret = ENOMEM; goto done; } DEBUG(7, ("Loading backend [%s] with path [%s].\n", mod_name, path)); handle = dlopen(path, RTLD_NOW); if (!handle) { DEBUG(0, ("Unable to load %s module with path (%s), error: %s\n", mod_name, path, dlerror())); ret = ELIBACC; goto done; } ctx->loaded_be[lb].be_name = talloc_strdup(ctx, mod_name); ctx->loaded_be[lb].handle = handle; } mod_init_fn = (bet_init_fn_t)dlsym(ctx->loaded_be[lb].handle, mod_init_fn_name); if (mod_init_fn == NULL) { if (default_mod_name != NULL && strcmp(default_mod_name, mod_name) == 0 ) { /* If the default is used and fails we indicate this to the caller * by returning ENOENT. Ths way the caller can decide how to * handle the different types of error conditions. */ ret = ENOENT; } else { DEBUG(0, ("Unable to load init fn %s from module %s, error: %s\n", mod_init_fn_name, mod_name, dlerror())); ret = ELIBBAD; } goto done; } ret = mod_init_fn(ctx, &(*bet_info).bet_ops, &(*bet_info).pvt_bet_data); if (ret != EOK) { DEBUG(0, ("Error (%d) in module (%s) initialization (%s)!\n", ret, mod_name, mod_init_fn_name)); goto done; } (*bet_info).mod_name = talloc_strdup(ctx, mod_name); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static void signal_be_offline(struct tevent_context *ev, struct tevent_signal *se, int signum, int count, void *siginfo, void *private_data) { struct be_ctx *ctx = talloc_get_type(private_data, struct be_ctx); be_mark_offline(ctx); } int be_process_init_sudo(struct be_ctx *be_ctx) { TALLOC_CTX *tmp_ctx = NULL; char **services = NULL; char *provider = NULL; bool responder_enabled = false; int i; int ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } ret = confdb_get_string_as_list(be_ctx->cdb, tmp_ctx, CONFDB_MONITOR_CONF_ENTRY, CONFDB_MONITOR_ACTIVE_SERVICES, &services); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to read from confdb [%d]: %s\n", ret, strerror(ret))); goto done; } for (i = 0; services[i] != NULL; i++) { if (strcmp(services[i], "sudo") == 0) { responder_enabled = true; break; } } ret = confdb_get_string(be_ctx->cdb, tmp_ctx, be_ctx->conf_path, CONFDB_DOMAIN_SUDO_PROVIDER, NULL, &provider); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to read from confdb [%d]: %s\n", ret, strerror(ret))); goto done; } if (!responder_enabled && provider == NULL) { /* provider is not set explicitly */ DEBUG(SSSDBG_TRACE_FUNC, ("SUDO is not listed in services, disabling SUDO module.\n")); ret = ENOENT; goto done; } if (!responder_enabled && provider != NULL && strcmp(provider, NO_PROVIDER) != 0) { /* provider is set but responder is disabled */ DEBUG(SSSDBG_MINOR_FAILURE, ("SUDO provider is set, but it is not " "listed in active services. SUDO support will not work!\n")); } ret = load_backend_module(be_ctx, BET_SUDO, &be_ctx->bet_info[BET_SUDO], be_ctx->bet_info[BET_ID].mod_name); done: talloc_free(tmp_ctx); return ret; } int be_process_init(TALLOC_CTX *mem_ctx, const char *be_domain, struct tevent_context *ev, struct confdb_ctx *cdb) { struct be_ctx *ctx; struct tevent_signal *tes; int ret; ctx = talloc_zero(mem_ctx, struct be_ctx); if (!ctx) { DEBUG(0, ("fatal error initializing be_ctx\n")); return ENOMEM; } ctx->ev = ev; ctx->cdb = cdb; ctx->identity = talloc_asprintf(ctx, "%%BE_%s", be_domain); ctx->conf_path = talloc_asprintf(ctx, CONFDB_DOMAIN_PATH_TMPL, be_domain); if (!ctx->identity || !ctx->conf_path) { DEBUG(0, ("Out of memory!?\n")); ret = ENOMEM; goto fail; } ret = be_init_failover(ctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing failover context\n")); goto fail; } ret = sssd_domain_init(ctx, cdb, be_domain, DB_PATH, &ctx->domain); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error opening cache database\n")); goto fail; } ret = sss_monitor_init(ctx, ctx->ev, &monitor_be_interface, ctx->identity, DATA_PROVIDER_VERSION, ctx, &ctx->mon_conn); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error setting up monitor bus\n")); goto fail; } /* We need this for subdomains support, as they have to store fully * qualified user and group names for now */ ret = sss_names_init(ctx->domain, cdb, ctx->domain->name, &ctx->domain->names); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error setting fully qualified name format for %s\n", ctx->domain->name)); goto fail; } ret = be_srv_init(ctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error setting up server bus\n")); goto fail; } /* Initialize be_refresh periodic task. */ ctx->refresh_ctx = be_refresh_ctx_init(ctx); if (ctx->refresh_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to initialize refresh_ctx\n")); ret = ENOMEM; goto fail; } if (ctx->domain->refresh_expired_interval > 0) { ret = be_ptask_create(ctx, ctx, ctx->domain->refresh_expired_interval, 30, 5, ctx->domain->refresh_expired_interval, BE_PTASK_OFFLINE_SKIP, be_refresh_send, be_refresh_recv, ctx->refresh_ctx, "Refresh Records", NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to initialize refresh periodic task\n")); goto fail; } } ret = load_backend_module(ctx, BET_ID, &ctx->bet_info[BET_ID], NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing data providers\n")); goto fail; } DEBUG(SSSDBG_TRACE_INTERNAL, ("ID backend target successfully loaded from provider [%s].\n", ctx->bet_info[BET_ID].mod_name)); ret = load_backend_module(ctx, BET_AUTH, &ctx->bet_info[BET_AUTH], ctx->bet_info[BET_ID].mod_name); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing data providers\n")); goto fail; } DEBUG(SSSDBG_MINOR_FAILURE, ("No authentication module provided for [%s] !!\n", be_domain)); } else { DEBUG(SSSDBG_TRACE_INTERNAL, ("AUTH backend target successfully loaded " "from provider [%s].\n", ctx->bet_info[BET_AUTH].mod_name)); } ret = load_backend_module(ctx, BET_ACCESS, &ctx->bet_info[BET_ACCESS], ACCESS_PERMIT); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to setup ACCESS backend.\n")); goto fail; } DEBUG(SSSDBG_TRACE_INTERNAL, ("ACCESS backend target successfully loaded " "from provider [%s].\n", ctx->bet_info[BET_ACCESS].mod_name)); ret = load_backend_module(ctx, BET_CHPASS, &ctx->bet_info[BET_CHPASS], ctx->bet_info[BET_AUTH].mod_name); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing data providers\n")); goto fail; } DEBUG(SSSDBG_MINOR_FAILURE, ("No change password module provided for [%s] !!\n", be_domain)); } else { DEBUG(SSSDBG_TRACE_INTERNAL, ("CHPASS backend target successfully loaded " "from provider [%s].\n", ctx->bet_info[BET_CHPASS].mod_name)); } ret = be_process_init_sudo(ctx); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing data providers\n")); goto fail; } DEBUG(SSSDBG_MINOR_FAILURE, ("No SUDO module provided for [%s] !!\n", be_domain)); } else { DEBUG(SSSDBG_TRACE_INTERNAL, ("SUDO backend target successfully loaded " "from provider [%s].\n", ctx->bet_info[BET_SUDO].mod_name)); } ret = load_backend_module(ctx, BET_AUTOFS, &ctx->bet_info[BET_AUTOFS], ctx->bet_info[BET_ID].mod_name); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing data providers\n")); goto fail; } DEBUG(SSSDBG_MINOR_FAILURE, ("No autofs module provided for [%s] !!\n", be_domain)); } else { DEBUG(SSSDBG_TRACE_INTERNAL, ("autofs backend target successfully loaded " "from provider [%s].\n", ctx->bet_info[BET_AUTOFS].mod_name)); } ret = load_backend_module(ctx, BET_SELINUX, &ctx->bet_info[BET_SELINUX], ctx->bet_info[BET_ID].mod_name); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing data providers\n")); goto fail; } DEBUG(SSSDBG_CRIT_FAILURE, ("No selinux module provided for [%s] !!\n", be_domain)); } else { DEBUG(SSSDBG_TRACE_ALL, ("selinux backend target successfully loaded " "from provider [%s].\n", ctx->bet_info[BET_SELINUX].mod_name)); } ret = load_backend_module(ctx, BET_HOSTID, &ctx->bet_info[BET_HOSTID], ctx->bet_info[BET_ID].mod_name); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing data providers\n")); goto fail; } DEBUG(SSSDBG_CRIT_FAILURE, ("No host info module provided for [%s] !!\n", be_domain)); } else { DEBUG(SSSDBG_TRACE_ALL, ("HOST backend target successfully loaded from provider [%s].\n", ctx->bet_info[BET_HOSTID].mod_name)); } ret = load_backend_module(ctx, BET_SUBDOMAINS, &ctx->bet_info[BET_SUBDOMAINS], ctx->bet_info[BET_ID].mod_name); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Subdomains are not supported for [%s] !!\n", be_domain)); } else { DEBUG(SSSDBG_TRACE_ALL, ("Get-Subdomains backend target successfully loaded " "from provider [%s].\n", ctx->bet_info[BET_SUBDOMAINS].mod_name)); } /* Handle SIGUSR1 to force offline behavior */ BlockSignals(false, SIGUSR1); tes = tevent_add_signal(ctx->ev, ctx, SIGUSR1, 0, signal_be_offline, ctx); if (tes == NULL) { ret = EIO; goto fail; } return EOK; fail: talloc_free(ctx); return ret; } #ifndef UNIT_TESTING int main(int argc, const char *argv[]) { int opt; poptContext pc; char *be_domain = NULL; char *srv_name = NULL; struct main_context *main_ctx; char *confdb_path; int ret; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS {"domain", 0, POPT_ARG_STRING, &be_domain, 0, _("Domain of the information provider (mandatory)"), NULL }, POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } if (be_domain == NULL) { fprintf(stderr, "\nMissing option, --domain is a mandatory option.\n\n"); poptPrintUsage(pc, stderr, 0); return 1; } poptFreeContext(pc); DEBUG_INIT(debug_level); /* set up things like debug , signals, daemonization, etc... */ debug_log_file = talloc_asprintf(NULL, "sssd_%s", be_domain); if (!debug_log_file) return 2; srv_name = talloc_asprintf(NULL, "sssd[be[%s]]", be_domain); if (!srv_name) return 2; confdb_path = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, be_domain); if (!confdb_path) return 2; ret = server_setup(srv_name, 0, confdb_path, &main_ctx); if (ret != EOK) { DEBUG(0, ("Could not set up mainloop [%d]\n", ret)); return 2; } ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ DEBUG(2, ("Could not set up to exit when parent process does\n")); } ret = be_process_init(main_ctx, be_domain, main_ctx->event_ctx, main_ctx->confdb_ctx); if (ret != EOK) { DEBUG(0, ("Could not initialize backend [%d]\n", ret)); return 3; } DEBUG(SSSDBG_TRACE_FUNC, ("Backend provider (%s) started!\n", be_domain)); /* loop on main */ server_loop(main_ctx); return 0; } #endif static int data_provider_res_init(DBusMessage *message, struct sbus_connection *conn) { struct be_ctx *be_ctx; be_ctx = talloc_get_type(sbus_conn_get_private_data(conn), struct be_ctx); resolv_reread_configuration(be_ctx->be_res->resolv); check_if_online(be_ctx); return monitor_common_res_init(message, conn); } static int data_provider_go_offline(DBusMessage *message, struct sbus_connection *conn) { struct be_ctx *be_ctx; be_ctx = talloc_get_type(sbus_conn_get_private_data(conn), struct be_ctx); be_mark_offline(be_ctx); return monitor_common_pong(message, conn); } static int data_provider_reset_offline(DBusMessage *message, struct sbus_connection *conn) { struct be_ctx *be_ctx; be_ctx = talloc_get_type(sbus_conn_get_private_data(conn), struct be_ctx); check_if_online(be_ctx); return monitor_common_pong(message, conn); } static int data_provider_logrotate(DBusMessage *message, struct sbus_connection *conn) { errno_t ret; struct be_ctx *be_ctx = talloc_get_type(sbus_conn_get_private_data(conn), struct be_ctx); ret = monitor_common_rotate_logs(be_ctx->cdb, be_ctx->conf_path); if (ret != EOK) return ret; return monitor_common_pong(message, conn); } sssd-1.11.5/src/providers/PaxHeaders.13173/data_provider.h0000644000000000000000000000007412320753107021353 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.462875092 sssd-1.11.5/src/providers/data_provider.h0000664002412700241270000002672612320753107021612 0ustar00jhrozekjhrozek00000000000000/* SSSD Data Provider, private header file Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __DATA_PROVIDER_H__ #define __DATA_PROVIDER_H__ #include "config.h" #include #include #include #include #ifdef USE_KEYRING #include #include #endif #include "talloc.h" #include "tevent.h" #include "ldb.h" #include "util/util.h" #include "confdb/confdb.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "sbus/sbus_client.h" #include "sss_client/sss_cli.h" #include "util/authtok.h" #define DATA_PROVIDER_VERSION 0x0001 #define DATA_PROVIDER_PIPE "private/sbus-dp" #define DP_INTERFACE "org.freedesktop.sssd.dataprovider" #define DP_PATH "/org/freedesktop/sssd/dataprovider" #define DP_METHOD_REGISTER "RegisterService" #define DP_METHOD_GETACCTINFO "getAccountInfo" #define DP_METHOD_SUDOHANDLER "sudoHandler" #define DP_METHOD_AUTOFSHANDLER "autofsHandler" #define DP_METHOD_HOSTHANDLER "hostHandler" #define DP_METHOD_GETDOMAINS "getDomains" /* this is a reverse method sent from providers to * the nss responder to tell it to update the mmap * cache */ #define DP_REV_METHOD_UPDATE_CACHE "updateCache" #define DP_REV_METHOD_INITGR_CHECK "initgrCheck" /** * @defgroup pamHandler PAM DBUS request * @ingroup sss_pam * * The PAM responder send all the data it has received from the PAM client to * the authentication backend with a DBUS message. * * As a response it expects a PAM return value (see pam(3) for details). * The backend may send any number of additional messages (see ...) which are * forwarded by the PAM responder to the PAM client. * @{ */ /** Then pamHandler Request * * The following two functions can help you to pack and unpack the DBUS * message for a PAM request. If it is necessary to create the DBUS message by * hand it must have the following elements: * * @param DBUS_TYPE_INT32 PAM Command, see #sss_cli_command for allowed values * @param DBUS_TYPE_STRING User name, this value is send by the PAM client and * contains the value of the PAM item PAM_USER * @param DBUS_TYPE_STRING Service name, this value is send by the PAM client * and contains the value of the PAM item PAM_SERVICE * @param DBUS_TYPE_STRING TTY name this value is send by the PAM client and * contains the value of the PAM item PAM_TTY * @param DBUS_TYPE_STRING Remote user, this value is send by the PAM client * and contains the value of the PAM item PAM_RUSER * @param DBUS_TYPE_STRING Remote host, this value is send by the PAM client * and contains the value of the PAM item PAM_RHOST * @param DBUS_TYPE_UINT32 Type of the authentication token, see #sss_authtok_type * for allowed values * @param DBUS_TYPE_ARRAY__(BYTE) Authentication token, DBUS array which * contains the authentication token, it is not required that passwords have a * trailing \\0, this value is send by the PAM client and contains the value of * the PAM item PAM_AUTHTOK or PAM_OLDAUTHTOK if the PAM command is * #SSS_PAM_CHAUTHTOK or #SSS_PAM_CHAUTHTOK_PRELIM * @param DBUS_TYPE_UINT32 Type of the new authentication token, see * #sss_authtok_type for allowed values * @param DBUS_TYPE_ARRAY__(BYTE) New authentication token, DBUS array which * contains the new authentication token for a password change, it is not * required that passwords have a trailing \\0, this value is send by the PAM * client and contains the value of the PAM item PAM_AUTHTOK if the PAM * command is #SSS_PAM_CHAUTHTOK or #SSS_PAM_CHAUTHTOK_PRELIM * @param DBUS_TYPE_INT32 Privileged flag is set to a non-zero value if the * PAM client connected to the PAM responder via the privileged pipe, i.e. if * the PAM client is running with root privileges * @param DBUS_TYPE_UINT32 * * @retval DBUS_TYPE_UINT32 PAM return value, PAM_AUTHINFO_UNAVAIL is used to * indicate that the provider is offline and that the PAM responder should try * a chached authentication, for all other return value see the man pages for * the corresponding PAM service functions * @retval DBUS_TYPE_ARRAY__(STRUCT) Zero or more additional getAccountInfo * messages, here the DBUS_TYPE_STRUCT is build of a DBUS_TYPE_UINT32 holding * an identifier (see #response_type) and DBUS_TYPE_G_BYTE_ARRAY with the data * of the message. */ #define DP_METHOD_PAMHANDLER "pamHandler" /** * @} */ /* end of group pamHandler */ #define DP_ERR_OK 0 #define DP_ERR_OFFLINE 1 #define DP_ERR_TIMEOUT 2 #define DP_ERR_FATAL 3 #define BE_ATTR_CORE 1 #define BE_ATTR_MEM 2 #define BE_ATTR_ALL 3 #define BE_FILTER_NAME 1 #define BE_FILTER_IDNUM 2 #define BE_FILTER_ENUM 3 #define BE_FILTER_SECID 4 #define BE_REQ_USER 0x0001 #define BE_REQ_GROUP 0x0002 #define BE_REQ_INITGROUPS 0x0003 #define BE_REQ_NETGROUP 0x0004 #define BE_REQ_SERVICES 0x0005 #define BE_REQ_SUDO_FULL 0x0006 #define BE_REQ_SUDO_RULES 0x0007 #define BE_REQ_AUTOFS 0x0009 #define BE_REQ_HOST 0x0010 #define BE_REQ_BY_SECID 0x0011 #define BE_REQ_USER_AND_GROUP 0x0012 #define BE_REQ_TYPE_MASK 0x00FF #define BE_REQ_FAST 0x1000 #define DP_SEC_ID "secid" /* sizeof() counts the trailing \0 so we must substract 1 for the string * length */ #define DP_SEC_ID_LEN (sizeof(DP_SEC_ID) - 1) /* AUTH related common data and functions */ #define DEBUG_PAM_DATA(level, pd) do { \ if (DEBUG_IS_SET(debug_get_level(level))) pam_print_data(level, pd); \ } while(0) struct response_data { int32_t type; int32_t len; uint8_t *data; bool do_not_send_to_client; struct response_data *next; }; struct pam_data { int cmd; char *domain; char *user; char *service; char *tty; char *ruser; char *rhost; struct sss_auth_token *authtok; struct sss_auth_token *newauthtok; uint32_t cli_pid; int pam_status; int response_delay; struct response_data *resp_list; bool offline_auth; bool last_auth_saved; int priv; #ifdef USE_KEYRING key_serial_t key_serial; #endif }; /* from dp_auth_util.c */ #define SSS_SERVER_INFO 0x80000000 #define SSS_KRB5_INFO 0x40000000 #define SSS_LDAP_INFO 0x20000000 #define SSS_PROXY_INFO 0x10000000 #define SSS_KRB5_INFO_TGT_LIFETIME (SSS_SERVER_INFO|SSS_KRB5_INFO|0x01) #define SSS_KRB5_INFO_UPN (SSS_SERVER_INFO|SSS_KRB5_INFO|0x02) /** * @brief Create new zero initialized struct pam_data. * * @param mem_ctx A memory context use to allocate the internal data * @return A pointer to new struct pam_data * NULL on error * * NOTE: This function should be the only way, how to create new empty * struct pam_data, because this function automatically initialize sub * structures and set destructor to created object. */ struct pam_data *create_pam_data(TALLOC_CTX *mem_ctx); errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *old_pd, struct pam_data **new_pd); void pam_print_data(int l, struct pam_data *pd); int pam_add_response(struct pam_data *pd, enum response_type type, int len, const uint8_t *data); bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd); bool dp_unpack_pam_request(DBusMessage *msg, TALLOC_CTX *mem_ctx, struct pam_data **new_pd, DBusError *dbus_error); bool dp_pack_pam_response(DBusMessage *msg, struct pam_data *pd); bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *dbus_error); int dp_common_send_id(struct sbus_connection *conn, uint16_t version, const char *name); void dp_id_callback(DBusPendingCall *pending, void *ptr); /* from dp_sbus.c */ int dp_get_sbus_address(TALLOC_CTX *mem_ctx, char **address, const char *domain_name); /* Helpers */ #define NULL_STRING { .string = NULL } #define NULL_BLOB { .blob = { NULL, 0 } } #define NULL_NUMBER { .number = 0 } #define BOOL_FALSE { .boolean = false } #define BOOL_TRUE { .boolean = true } enum dp_opt_type { DP_OPT_STRING, DP_OPT_BLOB, DP_OPT_NUMBER, DP_OPT_BOOL }; struct dp_opt_blob { uint8_t *data; size_t length; }; union dp_opt_value { const char *cstring; char *string; struct dp_opt_blob blob; int number; bool boolean; }; struct dp_option { const char *opt_name; enum dp_opt_type type; union dp_opt_value def_val; union dp_opt_value val; }; #define DP_OPTION_TERMINATOR { NULL, 0, NULL_STRING, NULL_STRING } int dp_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, struct dp_option *def_opts, int num_opts, struct dp_option **_opts); int dp_copy_options(TALLOC_CTX *memctx, struct dp_option *src_opts, int num_opts, struct dp_option **_opts); int dp_copy_defaults(TALLOC_CTX *memctx, struct dp_option *src_opts, int num_opts, struct dp_option **_opts); const char *_dp_opt_get_cstring(struct dp_option *opts, int id, const char *location); char *_dp_opt_get_string(struct dp_option *opts, int id, const char *location); struct dp_opt_blob _dp_opt_get_blob(struct dp_option *opts, int id, const char *location); int _dp_opt_get_int(struct dp_option *opts, int id, const char *location); bool _dp_opt_get_bool(struct dp_option *opts, int id, const char *location); #define dp_opt_get_cstring(o, i) _dp_opt_get_cstring(o, i, __FUNCTION__) #define dp_opt_get_string(o, i) _dp_opt_get_string(o, i, __FUNCTION__) #define dp_opt_get_blob(o, i) _dp_opt_get_blob(o, i, __FUNCTION__) #define dp_opt_get_int(o, i) _dp_opt_get_int(o, i, __FUNCTION__) #define dp_opt_get_bool(o, i) _dp_opt_get_bool(o, i, __FUNCTION__) int _dp_opt_set_string(struct dp_option *opts, int id, const char *s, const char *location); int _dp_opt_set_blob(struct dp_option *opts, int id, struct dp_opt_blob b, const char *location); int _dp_opt_set_int(struct dp_option *opts, int id, int i, const char *location); int _dp_opt_set_bool(struct dp_option *opts, int id, bool b, const char *location); #define dp_opt_set_string(o, i, v) _dp_opt_set_string(o, i, v, __FUNCTION__) #define dp_opt_set_blob(o, i, v) _dp_opt_set_blob(o, i, v, __FUNCTION__) #define dp_opt_set_int(o, i, v) _dp_opt_set_int(o, i, v, __FUNCTION__) #define dp_opt_set_bool(o, i, v) _dp_opt_set_bool(o, i, v, __FUNCTION__) /* Generic Data Provider options */ /* Resolver DP options */ enum dp_res_opts { DP_RES_OPT_FAMILY_ORDER, DP_RES_OPT_RESOLVER_TIMEOUT, DP_RES_OPT_RESOLVER_OP_TIMEOUT, DP_RES_OPT_DNS_DOMAIN, DP_RES_OPTS /* attrs counter */ }; #endif /* __DATA_PROVIDER_ */ sssd-1.11.5/src/providers/PaxHeaders.13173/sssd_be.exports0000644000000000000000000000007412320753107021427 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.390875146 sssd-1.11.5/src/providers/sssd_be.exports0000664002412700241270000000003012320753107021642 0ustar00jhrozekjhrozek00000000000000{ global: *; }; sssd-1.11.5/src/providers/PaxHeaders.13173/dp_ptask.c0000644000000000000000000000007412320753107020330 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.525875046 sssd-1.11.5/src/providers/dp_ptask.c0000664002412700241270000003110312320753107020550 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "util/util.h" #include "providers/dp_backend.h" #include "providers/dp_ptask.h" enum be_ptask_schedule { BE_PTASK_SCHEDULE_FROM_NOW, BE_PTASK_SCHEDULE_FROM_LAST }; struct be_ptask { struct tevent_context *ev; struct be_ctx *be_ctx; time_t period; time_t enabled_delay; time_t timeout; enum be_ptask_offline offline; be_ptask_send_t send_fn; be_ptask_recv_t recv_fn; void *pvt; const char *name; time_t last_execution; /* last time when send was called */ struct tevent_req *req; /* active tevent request */ struct tevent_timer *timer; /* active tevent timer */ bool enabled; }; static void be_ptask_schedule(struct be_ptask *task, time_t delay, enum be_ptask_schedule from); static int be_ptask_destructor(void *pvt) { struct be_ptask *task; task = talloc_get_type(pvt, struct be_ptask); if (task == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("BUG: task is NULL\n")); return 0; } DEBUG(SSSDBG_TRACE_FUNC, ("Terminating periodic task [%s]\n", task->name)); return 0; } static void be_ptask_online_cb(void *pvt) { struct be_ptask *task = NULL; task = talloc_get_type(pvt, struct be_ptask); if (task == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("BUG: task is NULL\n")); return; } DEBUG(SSSDBG_TRACE_FUNC, ("Back end is online\n")); be_ptask_enable(task); } static void be_ptask_offline_cb(void *pvt) { struct be_ptask *task = NULL; task = talloc_get_type(pvt, struct be_ptask); DEBUG(SSSDBG_TRACE_FUNC, ("Back end is offline\n")); be_ptask_disable(task); } static void be_ptask_timeout(struct tevent_context *ev, struct tevent_timer *tt, struct timeval tv, void *pvt) { struct be_ptask *task = NULL; task = talloc_get_type(pvt, struct be_ptask); DEBUG(SSSDBG_OP_FAILURE, ("Task [%s]: timed out\n", task->name)); talloc_zfree(task->req); be_ptask_schedule(task, task->period, BE_PTASK_SCHEDULE_FROM_NOW); } static void be_ptask_done(struct tevent_req *req); static void be_ptask_execute(struct tevent_context *ev, struct tevent_timer *tt, struct timeval tv, void *pvt) { struct be_ptask *task = NULL; struct tevent_timer *timeout = NULL; task = talloc_get_type(pvt, struct be_ptask); task->timer = NULL; /* timer is freed by tevent */ if (be_is_offline(task->be_ctx)) { DEBUG(SSSDBG_TRACE_FUNC, ("Back end is offline\n")); switch (task->offline) { case BE_PTASK_OFFLINE_SKIP: be_ptask_schedule(task, task->period, BE_PTASK_SCHEDULE_FROM_NOW); return; case BE_PTASK_OFFLINE_DISABLE: /* This case is handled by offline callback. */ return; case BE_PTASK_OFFLINE_EXECUTE: /* continue */ break; } } DEBUG(SSSDBG_TRACE_FUNC, ("Task [%s]: executing task, timeout %lu " "seconds\n", task->name, task->timeout)); task->last_execution = time(NULL); task->req = task->send_fn(task, task->ev, task->be_ctx, task, task->pvt); if (task->req == NULL) { /* skip this iteration and try again later */ DEBUG(SSSDBG_OP_FAILURE, ("Task [%s]: failed to execute task, " "will try again later\n", task->name)); be_ptask_schedule(task, task->period, BE_PTASK_SCHEDULE_FROM_NOW); return; } tevent_req_set_callback(task->req, be_ptask_done, task); /* schedule timeout */ if (task->timeout > 0) { tv = tevent_timeval_current_ofs(task->timeout, 0); timeout = tevent_add_timer(task->ev, task->req, tv, be_ptask_timeout, task); if (timeout == NULL) { /* If we can't guarantee a timeout, * we need to cancel the request. */ talloc_zfree(task->req); DEBUG(SSSDBG_OP_FAILURE, ("Task [%s]: failed to set timeout, " "the task will be rescheduled\n", task->name)); be_ptask_schedule(task, task->period, BE_PTASK_SCHEDULE_FROM_NOW); } } return; } static void be_ptask_done(struct tevent_req *req) { struct be_ptask *task = NULL; errno_t ret; task = tevent_req_callback_data(req, struct be_ptask); ret = task->recv_fn(req); talloc_zfree(req); task->req = NULL; switch (ret) { case EOK: DEBUG(SSSDBG_TRACE_FUNC, ("Task [%s]: finished successfully\n", task->name)); be_ptask_schedule(task, task->period, BE_PTASK_SCHEDULE_FROM_LAST); break; default: DEBUG(SSSDBG_OP_FAILURE, ("Task [%s]: failed with [%d]: %s\n", task->name, ret, sss_strerror(ret))); be_ptask_schedule(task, task->period, BE_PTASK_SCHEDULE_FROM_NOW); break; } } static void be_ptask_schedule(struct be_ptask *task, time_t delay, enum be_ptask_schedule from) { struct timeval tv; if (!task->enabled) { DEBUG(SSSDBG_TRACE_FUNC, ("Task [%s]: disabled\n", task->name)); return; } switch (from) { case BE_PTASK_SCHEDULE_FROM_NOW: tv = tevent_timeval_current_ofs(delay, 0); DEBUG(SSSDBG_TRACE_FUNC, ("Task [%s]: scheduling task %lu seconds " "from now [%lu]\n", task->name, delay, tv.tv_sec)); break; case BE_PTASK_SCHEDULE_FROM_LAST: tv = tevent_timeval_set(task->last_execution + delay, 0); DEBUG(SSSDBG_TRACE_FUNC, ("Task [%s]: scheduling task %lu seconds " "from last execution time [%lu]\n", task->name, delay, tv.tv_sec)); break; } if (task->timer != NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Task [%s]: another timer is already " "active?\n", task->name)); talloc_zfree(task->timer); } task->timer = tevent_add_timer(task->ev, task, tv, be_ptask_execute, task); if (task->timer == NULL) { /* nothing we can do about it */ DEBUG(SSSDBG_CRIT_FAILURE, ("FATAL: Unable to schedule task [%s]\n", task->name)); be_ptask_disable(task); } } errno_t be_ptask_create(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, time_t period, time_t first_delay, time_t enabled_delay, time_t timeout, enum be_ptask_offline offline, be_ptask_send_t send_fn, be_ptask_recv_t recv_fn, void *pvt, const char *name, struct be_ptask **_task) { struct be_ptask *task = NULL; errno_t ret; if (be_ctx == NULL || period == 0 || send_fn == NULL || recv_fn == NULL || name == NULL) { return EINVAL; } task = talloc_zero(mem_ctx, struct be_ptask); if (task == NULL) { ret = ENOMEM; goto done; } task->ev = be_ctx->ev; task->be_ctx = be_ctx; task->period = period; task->enabled_delay = enabled_delay; task->timeout = timeout; task->offline = offline; task->send_fn = send_fn; task->recv_fn = recv_fn; task->pvt = pvt; task->name = talloc_strdup(task, name); if (task->name == NULL) { ret = ENOMEM; goto done; } task->enabled = true; talloc_set_destructor((TALLOC_CTX*)task, be_ptask_destructor); if (offline == BE_PTASK_OFFLINE_DISABLE) { /* install offline and online callbacks */ ret = be_add_online_cb(task, be_ctx, be_ptask_online_cb, task, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to install online callback " "[%d]: %s", ret, sss_strerror(ret))); goto done; } ret = be_add_offline_cb(task, be_ctx, be_ptask_offline_cb, task, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to install offline callback " "[%d]: %s", ret, sss_strerror(ret))); goto done; } } DEBUG(SSSDBG_TRACE_FUNC, ("Periodic task [%s] was created\n", task->name)); be_ptask_schedule(task, first_delay, BE_PTASK_SCHEDULE_FROM_NOW); if (_task != NULL) { *_task = task; } ret = EOK; done: if (ret != EOK) { talloc_free(task); } return ret; } void be_ptask_enable(struct be_ptask *task) { if (task->enabled) { DEBUG(SSSDBG_MINOR_FAILURE, ("Task [%s]: already enabled\n", task->name)); return; } DEBUG(SSSDBG_TRACE_FUNC, ("Task [%s]: enabling task\n", task->name)); task->enabled = true; be_ptask_schedule(task, task->enabled_delay, BE_PTASK_SCHEDULE_FROM_NOW); } /* Disable the task, but if a request already in progress, let it finish. */ void be_ptask_disable(struct be_ptask *task) { DEBUG(SSSDBG_TRACE_FUNC, ("Task [%s]: disabling task\n", task->name)); talloc_zfree(task->timer); task->enabled = false; } void be_ptask_destroy(struct be_ptask **task) { talloc_zfree(*task); } time_t be_ptask_get_period(struct be_ptask *task) { return task->period; } struct be_ptask_sync_ctx { be_ptask_sync_t fn; void *pvt; }; struct be_ptask_sync_state { int dummy; }; /* This is not an asynchronous request so there is not any _done function. */ static struct tevent_req * be_ptask_sync_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct be_ctx *be_ctx, struct be_ptask *be_ptask, void *pvt) { struct be_ptask_sync_ctx *ctx = NULL; struct be_ptask_sync_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct be_ptask_sync_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } ctx = talloc_get_type(pvt, struct be_ptask_sync_ctx); ret = ctx->fn(mem_ctx, ev, be_ctx, be_ptask, ctx->pvt); if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t be_ptask_sync_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } errno_t be_ptask_create_sync(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, time_t period, time_t first_delay, time_t enabled_delay, time_t timeout, enum be_ptask_offline offline, be_ptask_sync_t fn, void *pvt, const char *name, struct be_ptask **_task) { errno_t ret; struct be_ptask_sync_ctx *ctx = NULL; ctx = talloc_zero(mem_ctx, struct be_ptask_sync_ctx); if (ctx == NULL) { ret = ENOMEM; goto done; } ctx->fn = fn; ctx->pvt = pvt; ret = be_ptask_create(mem_ctx, be_ctx, period, first_delay, enabled_delay, timeout, offline, be_ptask_sync_send, be_ptask_sync_recv, ctx, name, _task); if (ret != EOK) { goto done; } if (_task != NULL) { talloc_steal(*_task, ctx); } ret = EOK; done: if (ret != EOK) { talloc_free(ctx); } return ret; } sssd-1.11.5/src/providers/PaxHeaders.13173/dp_auth_util.c0000644000000000000000000000007412320753107021204 xustar000000000000000030 atime=1396954939.263891433 30 ctime=1396954961.666874942 sssd-1.11.5/src/providers/dp_auth_util.c0000664002412700241270000003216012320753107021430 0ustar00jhrozekjhrozek00000000000000/* SSSD Data Provider, auth utils Copyright (C) Sumit Bose 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "data_provider.h" bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd) { dbus_bool_t db_ret; const char *service; const char *tty; const char *ruser; const char *rhost; uint32_t authtok_type; int authtok_length; uint8_t *authtok_data; uint32_t new_authtok_type; int new_authtok_length; uint8_t *new_authtok_data; int32_t pd_priv; int32_t pd_cmd; if (pd->user == NULL) return false; service = pd->service ? pd->service : ""; tty = pd->tty ? pd->tty : ""; ruser = pd->ruser ? pd->ruser : ""; rhost = pd->rhost ? pd->rhost : ""; authtok_type = (uint32_t)sss_authtok_get_type(pd->authtok); authtok_data = sss_authtok_get_data(pd->authtok); authtok_length = sss_authtok_get_size(pd->authtok); new_authtok_type = (uint32_t)sss_authtok_get_type(pd->newauthtok); new_authtok_data = sss_authtok_get_data(pd->newauthtok); new_authtok_length = sss_authtok_get_size(pd->newauthtok); pd_priv = pd->priv; pd_cmd = pd->cmd; db_ret = dbus_message_append_args(msg, DBUS_TYPE_INT32, &pd_cmd, DBUS_TYPE_STRING, &(pd->user), DBUS_TYPE_STRING, &(pd->domain), DBUS_TYPE_STRING, &service, DBUS_TYPE_STRING, &tty, DBUS_TYPE_STRING, &ruser, DBUS_TYPE_STRING, &rhost, DBUS_TYPE_UINT32, &authtok_type, DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, &authtok_data, authtok_length, DBUS_TYPE_UINT32, &new_authtok_type, DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, &new_authtok_data, new_authtok_length, DBUS_TYPE_INT32, &pd_priv, DBUS_TYPE_UINT32, &(pd->cli_pid), DBUS_TYPE_INVALID); return db_ret; } bool dp_unpack_pam_request(DBusMessage *msg, TALLOC_CTX *mem_ctx, struct pam_data **new_pd, DBusError *dbus_error) { dbus_bool_t db_ret; int ret; struct pam_data pd; uint32_t authtok_type; int authtok_length; uint8_t *authtok_data; uint32_t new_authtok_type; int new_authtok_length; uint8_t *new_authtok_data; int32_t pd_cmd; int32_t pd_priv; memset(&pd, 0, sizeof(pd)); db_ret = dbus_message_get_args(msg, dbus_error, DBUS_TYPE_INT32, &pd_cmd, DBUS_TYPE_STRING, &(pd.user), DBUS_TYPE_STRING, &(pd.domain), DBUS_TYPE_STRING, &(pd.service), DBUS_TYPE_STRING, &(pd.tty), DBUS_TYPE_STRING, &(pd.ruser), DBUS_TYPE_STRING, &(pd.rhost), DBUS_TYPE_UINT32, &authtok_type, DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, &authtok_data, &authtok_length, DBUS_TYPE_UINT32, &new_authtok_type, DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, &new_authtok_data, &new_authtok_length, DBUS_TYPE_INT32, &pd_priv, DBUS_TYPE_UINT32, &(pd.cli_pid), DBUS_TYPE_INVALID); if (!db_ret) { DEBUG(1, ("dbus_message_get_args failed.\n")); return false; } pd.cmd = pd_cmd; pd.priv = pd_priv; ret = copy_pam_data(mem_ctx, &pd, new_pd); if (ret != EOK) { DEBUG(1, ("copy_pam_data failed.\n")); return false; } ret = sss_authtok_set((*new_pd)->authtok, authtok_type, authtok_data, authtok_length); if (ret) { DEBUG(1, ("Failed to set auth token: %d [%s]\n", ret, strerror(ret))); return false; } ret = sss_authtok_set((*new_pd)->newauthtok, new_authtok_type, new_authtok_data, new_authtok_length); if (ret) { DEBUG(1, ("Failed to set auth token: %d [%s]\n", ret, strerror(ret))); return false; } return true; } bool dp_pack_pam_response(DBusMessage *msg, struct pam_data *pd) { dbus_bool_t dbret; struct response_data *resp; DBusMessageIter iter; DBusMessageIter array_iter; DBusMessageIter struct_iter; DBusMessageIter data_iter; uint32_t pam_status; uint32_t resp_type; dbus_message_iter_init_append(msg, &iter); /* Append the PAM status */ pam_status = pd->pam_status; dbret = dbus_message_iter_append_basic(&iter, DBUS_TYPE_UINT32, &pam_status); if (!dbret) { return false; } /* Create an array of response structures */ dbret = dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY, "(uay)", &array_iter); if (!dbret) { return false; } resp = pd->resp_list; while (resp != NULL) { /* Create a DBUS struct */ dbret = dbus_message_iter_open_container(&array_iter, DBUS_TYPE_STRUCT, NULL, &struct_iter); if (!dbret) { return false; } /* Add the response type */ resp_type = resp->type; dbret = dbus_message_iter_append_basic(&struct_iter, DBUS_TYPE_UINT32, &resp_type); if (!dbret) { return false; } /* Add the response message */ dbret = dbus_message_iter_open_container(&struct_iter, DBUS_TYPE_ARRAY, "y", &data_iter); if (!dbret) { return false; } dbret = dbus_message_iter_append_fixed_array(&data_iter, DBUS_TYPE_BYTE, &(resp->data), resp->len); if (!dbret) { return false; } dbret = dbus_message_iter_close_container(&struct_iter, &data_iter); if (!dbret) { return false; } resp = resp->next; dbret = dbus_message_iter_close_container(&array_iter, &struct_iter); if (!dbret) { return false; } } /* Close the struct array */ dbret = dbus_message_iter_close_container(&iter, &array_iter); if (!dbret) { return false; } return true; } bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *dbus_error) { DBusMessageIter iter; DBusMessageIter array_iter; DBusMessageIter struct_iter; DBusMessageIter sub_iter; int type; int len; const uint8_t *data; if (!dbus_message_iter_init(msg, &iter)) { DEBUG(1, ("pam response has no arguments.\n")); return false; } if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_UINT32) { DEBUG(1, ("pam response format error.\n")); return false; } dbus_message_iter_get_basic(&iter, &(pd->pam_status)); if (!dbus_message_iter_next(&iter)) { DEBUG(1, ("pam response has too few arguments.\n")); return false; } /* After this point will be an array of pam data */ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY) { DEBUG(1, ("pam response format error.\n")); DEBUG(1, ("Type was %c\n", (char)dbus_message_iter_get_arg_type(&iter))); return false; } if (dbus_message_iter_get_element_type(&iter) != DBUS_TYPE_STRUCT) { DEBUG(1, ("pam response format error.\n")); return false; } dbus_message_iter_recurse(&iter, &array_iter); while (dbus_message_iter_get_arg_type(&array_iter) != DBUS_TYPE_INVALID) { /* Read in a pam data struct */ if (dbus_message_iter_get_arg_type(&array_iter) != DBUS_TYPE_STRUCT) { DEBUG(1, ("pam response format error.\n")); return false; } dbus_message_iter_recurse(&array_iter, &struct_iter); /* PAM data struct contains a type and a byte-array of data */ /* Get the pam data type */ if (dbus_message_iter_get_arg_type(&struct_iter) != DBUS_TYPE_UINT32) { DEBUG(1, ("pam response format error.\n")); return false; } dbus_message_iter_get_basic(&struct_iter, &type); if (!dbus_message_iter_next(&struct_iter)) { DEBUG(1, ("pam response format error.\n")); return false; } /* Get the byte array */ if (dbus_message_iter_get_arg_type(&struct_iter) != DBUS_TYPE_ARRAY || dbus_message_iter_get_element_type(&struct_iter) != DBUS_TYPE_BYTE) { DEBUG(1, ("pam response format error.\n")); return false; } dbus_message_iter_recurse(&struct_iter, &sub_iter); dbus_message_iter_get_fixed_array(&sub_iter, &data, &len); if (pam_add_response(pd, type, len, data) != EOK) { DEBUG(1, ("pam_add_response failed.\n")); return false; } dbus_message_iter_next(&array_iter); } return true; } void dp_id_callback(DBusPendingCall *pending, void *ptr) { DBusMessage *reply; DBusError dbus_error; dbus_bool_t ret; dbus_uint16_t dp_ver; int type; dbus_error_init(&dbus_error); reply = dbus_pending_call_steal_reply(pending); if (!reply) { /* reply should never be null. This function shouldn't be called * until reply is valid or timeout has occurred. If reply is NULL * here, something is seriously wrong and we should bail out. */ DEBUG(0, ("Severe error. A reply callback was called but no" " reply was received and no timeout occurred\n")); /* FIXME: Destroy this connection ? */ goto done; } type = dbus_message_get_type(reply); switch (type) { case DBUS_MESSAGE_TYPE_METHOD_RETURN: ret = dbus_message_get_args(reply, &dbus_error, DBUS_TYPE_UINT16, &dp_ver, DBUS_TYPE_INVALID); if (!ret) { DEBUG(1, ("Failed to parse message\n")); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); /* FIXME: Destroy this connection ? */ goto done; } DEBUG(4, ("Got id ack and version (%d) from DP\n", dp_ver)); break; case DBUS_MESSAGE_TYPE_ERROR: DEBUG(0,("The Monitor returned an error [%s]\n", dbus_message_get_error_name(reply))); /* Falling through to default intentionally*/ default: /* * Timeout or other error occurred or something * unexpected happened. * It doesn't matter which, because either way we * know that this connection isn't trustworthy. * We'll destroy it now. */ /* FIXME: Destroy this connection ? */ break; } done: dbus_pending_call_unref(pending); dbus_message_unref(reply); } int dp_common_send_id(struct sbus_connection *conn, uint16_t version, const char *name) { DBusMessage *msg; dbus_bool_t ret; int retval; /* create the message */ msg = dbus_message_new_method_call(NULL, DP_PATH, DP_INTERFACE, DP_METHOD_REGISTER); if (msg == NULL) { DEBUG(0, ("Out of memory?!\n")); return ENOMEM; } DEBUG(4, ("Sending ID to DP: (%d,%s)\n", version, name)); ret = dbus_message_append_args(msg, DBUS_TYPE_UINT16, &version, DBUS_TYPE_STRING, &name, DBUS_TYPE_INVALID); if (!ret) { DEBUG(1, ("Failed to build message\n")); return EIO; } retval = sbus_conn_send(conn, msg, 30000, dp_id_callback, NULL, NULL); dbus_message_unref(msg); return retval; } sssd-1.11.5/src/PaxHeaders.13173/external0000644000000000000000000000013212320753521016102 xustar000000000000000030 mtime=1396954961.353875173 30 atime=1396955003.534843847 30 ctime=1396954961.353875173 sssd-1.11.5/src/external/0000775002412700241270000000000012320753521016406 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/external/PaxHeaders.13173/libunistring.m40000644000000000000000000000007412320753107021137 xustar000000000000000030 atime=1396954939.739891084 30 ctime=1396954961.352875174 sssd-1.11.5/src/external/libunistring.m40000664002412700241270000000204612320753107021363 0ustar00jhrozekjhrozek00000000000000SSS_AC_EXPAND_LIB_DIR() AC_CHECK_HEADERS([unistr.h], [AC_CHECK_LIB([unistring], [u8_strlen], [UNISTRING_LIBS="-lunistring"], [AC_MSG_ERROR([No usable libunistring library found])], [-L$sss_extra_libdir])], [AC_MSG_ERROR([libunistring header files are not installed])] ) AC_CHECK_HEADERS([unicase.h], [AC_CHECK_LIB([unistring], [u8_casecmp], [UNISTRING_LIBS="-lunistring"], [AC_MSG_ERROR([No usable libunistring library found])], [-L$sss_extra_libdir])], [AC_MSG_ERROR([libunistring header files are not installed])] ) AC_CHECK_HEADERS([unistr.h], [AC_CHECK_LIB([unistring], [u8_check], [UNISTRING_LIBS="-lunistring"], [AC_MSG_ERROR([No usable libunistring library found])], [-L$sss_extra_libdir])], [AC_MSG_ERROR([libunistring header files are not installed])] ) UNISTRING_LIBS="-L$sss_extra_libdir $UNISTRING_LIBS " sssd-1.11.5/src/external/PaxHeaders.13173/selinux.m40000644000000000000000000000007312320753107020114 xustar000000000000000030 atime=1396954939.726891093 29 ctime=1396954961.34387518 sssd-1.11.5/src/external/selinux.m40000664002412700241270000000255412320753107020345 0ustar00jhrozekjhrozek00000000000000dnl A macro to check the availability of SELinux AC_DEFUN([AM_CHECK_SELINUX], [ AC_CHECK_HEADERS(selinux/selinux.h, [AC_CHECK_LIB(selinux, is_selinux_enabled, [SELINUX_LIBS="-lselinux"], [AC_MSG_ERROR([SELinux library is missing])] ) ], [AC_MSG_ERROR([SELinux headers are missing])]) AC_SUBST(SELINUX_LIBS) ]) dnl A macro to check the availability of SELinux management library AC_DEFUN([AM_CHECK_SEMANAGE], [ AC_CHECK_HEADERS(semanage/semanage.h, [AC_CHECK_LIB(semanage, semanage_handle_create, [SEMANAGE_LIBS="-lsemanage"], [AC_MSG_ERROR([libsemanage is missing])] ) ], [AC_MSG_ERROR([libsemanage is missing])]) AC_SUBST(SEMANAGE_LIBS) ]) dnl Check if the SELinux login directory exists AC_DEFUN([AM_CHECK_SELINUX_LOGIN_DIR], [ AC_CHECK_FILE(/etc/selinux/targeted/logins/, [AC_DEFINE([HAVE_SELINUX_LOGIN_DIR], [1], [The directory to store SELinux user login is available])], [AC_MSG_WARN([SELinux login directory is not available])]) ]) sssd-1.11.5/src/external/PaxHeaders.13173/libkeyutils.m40000644000000000000000000000007412320753107020766 xustar000000000000000030 atime=1396954939.729891091 30 ctime=1396954961.346875178 sssd-1.11.5/src/external/libkeyutils.m40000664002412700241270000000075412320753107021216 0ustar00jhrozekjhrozek00000000000000AC_SUBST(KEYUTILS_LIBS) AC_CHECK_HEADERS([keyutils.h], [AC_CHECK_LIB([keyutils], [add_key], [AC_DEFINE(USE_KEYRING, 1, [Define if the keyring should be used]) KEYUTILS_LIBS="-lkeyutils" ], [AC_MSG_WARN([No usable keyutils library found])] )], [AC_MSG_WARN([keyutils header files are not available])] ) sssd-1.11.5/src/external/PaxHeaders.13173/platform.m40000644000000000000000000000007412320753107020252 xustar000000000000000030 atime=1396954939.612891177 30 ctime=1396954961.327875192 sssd-1.11.5/src/external/platform.m40000664002412700241270000000314712320753107020501 0ustar00jhrozekjhrozek00000000000000AC_ARG_WITH([os], [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (fedora|redhat|suse|gentoo)])] ) osname="" if test x"$with_os" != x ; then if test x"$with_os" = xfedora || \ test x"$with_os" = xredhat || \ test x"$with_os" = xsuse || \ test x"$with_os" = xgentoo || \ test x"$with_os" = xdebian ; then osname=$with_os else AC_MSG_ERROR([Illegal value -$with_os- for option --with-os]) fi fi if test x"$osname" = x ; then if test -f /etc/fedora-release ; then osname="fedora" elif test -f /etc/redhat-release ; then osname="redhat" elif test -f /etc/SuSE-release ; then osname="suse" elif test -f /etc/debian_version ; then osname="debian" elif test -f /etc/gentoo-release ; then osname="gentoo" fi AC_MSG_NOTICE([Detected operating system type: $osname]) fi AM_CONDITIONAL([HAVE_FEDORA], [test x"$osname" = xfedora]) AM_CONDITIONAL([HAVE_REDHAT], [test x"$osname" = xredhat]) AM_CONDITIONAL([HAVE_SUSE], [test x"$osname" = xsuse]) AM_CONDITIONAL([HAVE_DEBIAN], [test x"$osname" = xdebian]) AM_CONDITIONAL([HAVE_GENTOO], [test x"$osname" = xgentoo]) AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , , [[#include ]]) if test x"$ac_cv_member_struct_ucred_pid" = xyes -a \ x"$ac_cv_member_struct_ucred_uid" = xyes -a \ x"$ac_cv_member_struct_ucred_gid" = xyes ; then AC_DEFINE([HAVE_UCRED], [1], [Define if struct ucred is available]) else AC_MSG_WARN([struct ucred is not available]) fi sssd-1.11.5/src/external/PaxHeaders.13173/inotify.m40000644000000000000000000000007412320753107020107 xustar000000000000000030 atime=1396954939.737891085 30 ctime=1396954961.350875175 sssd-1.11.5/src/external/inotify.m40000664002412700241270000000162412320753107020334 0ustar00jhrozekjhrozek00000000000000dnl A macro to check if inotify works AC_DEFUN([AM_CHECK_INOTIFY], [ AC_CHECK_HEADERS([sys/inotify.h]) AC_MSG_CHECKING([whether sys/inotify.h actually works]) AC_LINK_IFELSE( [AC_LANG_SOURCE([ #ifdef HAVE_SYS_INOTITY_H #include , #endif int main () { return (-1 == inotify_init()); }])], [AC_MSG_RESULT([yes]); inotify_works=yes], [AC_MSG_RESULT([no])] ) SSS_AC_EXPAND_LIB_DIR() AS_IF([test x"$inotify_works" != xyes], [AC_CHECK_LIB([inotify], [inotify_init], [INOTIFY_LIBS="$sss_extra_libdir -linotify" inotify_works=yes], [inotify_works=no], [$sss_extra_libdir])] ) AS_IF([test x"$inotify_works" = xyes], [AC_DEFINE_UNQUOTED([HAVE_INOTIFY], [1], [Inotify works])]) AC_SUBST(INOTIFY_LIBS) ]) sssd-1.11.5/src/external/PaxHeaders.13173/docbook.m40000644000000000000000000000007412320753107020046 xustar000000000000000030 atime=1396954939.696891115 30 ctime=1396954961.341875182 sssd-1.11.5/src/external/docbook.m40000664002412700241270000000160612320753107020273 0ustar00jhrozekjhrozek00000000000000dnl Checks for tools needed to generate manual pages AC_DEFUN([CHECK_XML_TOOLS], [ AC_PATH_PROG([XSLTPROC], [xsltproc]) if test ! -x "$XSLTPROC"; then AC_MSG_ERROR([Could not find xsltproc]) fi AC_PATH_PROG([XMLLINT], [xmllint]) if test ! -x "$XMLLINT"; then AC_MSG_ERROR([Could not find xmllint]) fi ]) dnl Usage: dnl CHECK_STYLESHEET_URI(FILE, URI, [FRIENDLY-NAME], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) dnl Checks if the XML catalog given by FILE exists and dnl if a particular URI appears in the XML catalog AC_DEFUN([CHECK_STYLESHEET], [ AC_CHECK_FILE($1, [], [AC_MSG_ERROR([could not find XML catalog])]) AC_MSG_CHECKING([for ifelse([$3],,[$2],[$3]) in XML catalog]) if AC_RUN_LOG([$XSLTPROC --catalogs --nonet --noout "$2" >&2]); then AC_MSG_RESULT([yes]) m4_ifval([$4], [$4], [:]) else AC_MSG_RESULT([no]) m4_ifval([$5], [$5], [:]) fi ]) sssd-1.11.5/src/external/PaxHeaders.13173/libcollection.m40000644000000000000000000000007412320753107021250 xustar000000000000000030 atime=1396954939.660891142 30 ctime=1396954961.335875186 sssd-1.11.5/src/external/libcollection.m40000664002412700241270000000031312320753107021467 0ustar00jhrozekjhrozek00000000000000AC_SUBST(COLLECTION_OBJ) AC_SUBST(COLLECTION_CFLAGS) AC_SUBST(COLLECTION_LIBS) PKG_CHECK_MODULES(COLLECTION, collection >= 0.5.1, , AC_MSG_ERROR("Please install libcollection-devel") ) sssd-1.11.5/src/external/PaxHeaders.13173/libtalloc.m40000644000000000000000000000007312320753107020372 xustar000000000000000030 atime=1396954939.645891153 29 ctime=1396954961.33087519 sssd-1.11.5/src/external/libtalloc.m40000664002412700241270000000107012320753107020613 0ustar00jhrozekjhrozek00000000000000AC_SUBST(TALLOC_OBJ) AC_SUBST(TALLOC_CFLAGS) AC_SUBST(TALLOC_LIBS) PKG_CHECK_MODULES([TALLOC], [talloc], [found_talloc=yes], [found_talloc=no]) SSS_AC_EXPAND_LIB_DIR() AS_IF([test x"$found_talloc" != xyes], [AC_CHECK_HEADER([talloc.h], [AC_CHECK_LIB([talloc], [talloc_init], [TALLOC_LIBS="-L$sss_extra_libdir -ltalloc"], [AC_MSG_ERROR([libtalloc missing talloc_init])], [-L$sss_extra_libdir])], [AC_MSG_ERROR([libtalloc header files are not installed])])] ) sssd-1.11.5/src/external/PaxHeaders.13173/libpcre.m40000644000000000000000000000007412320753107020046 xustar000000000000000030 atime=1396954939.675891131 30 ctime=1396954961.338875184 sssd-1.11.5/src/external/libpcre.m40000664002412700241270000000156212320753107020274 0ustar00jhrozekjhrozek00000000000000PCRE_OBJ="" AC_SUBST(PCRE_OBJ) AC_SUBST(PCRE_LIBS) AC_SUBST(PCRE_CFLAGS) PKG_CHECK_MODULES([PCRE], [libpcre], [found_libpcre=yes], [found_libpcre=no]) PKG_CHECK_EXISTS(libpcre >= 7, [AC_MSG_NOTICE([PCRE version is 7 or higher])], [AC_MSG_NOTICE([PCRE version is below 7]) AC_DEFINE([HAVE_LIBPCRE_LESSER_THAN_7], 1, [Define if libpcre version is less than 7])]) SSS_AC_EXPAND_LIB_DIR() AS_IF([test x"$found_libpcre" != xyes], [AC_CHECK_HEADERS([pcre.h], [AC_CHECK_LIB([pcre], [pcre_compile], [PCRE_LIBS="-L$sss_extra_libdir -lpcre"], [AC_MSG_ERROR([No usable PCRE library found])], [-L$sss_extra_libdir])], [AC_MSG_ERROR([pcre header files are not installed])])] ) sssd-1.11.5/src/external/PaxHeaders.13173/libini_config.m40000644000000000000000000000007412320753107021221 xustar000000000000000030 atime=1396954939.661891141 30 ctime=1396954961.335875186 sssd-1.11.5/src/external/libini_config.m40000664002412700241270000000117012320753107021442 0ustar00jhrozekjhrozek00000000000000PKG_CHECK_MODULES(INI_CONFIG, [ ini_config >= 1.0.0], [ AC_DEFINE_UNQUOTED(HAVE_LIBINI_CONFIG_V1, 1, [libini_config version greater than 1.0.0]) ], [ AC_MSG_WARN([libini_config-devel >= 1.0.0 not available, trying older version]) PKG_CHECK_MODULES(INI_CONFIG, [ ini_config >= 0.6.1], [ AC_DEFINE_UNQUOTED(HAVE_LIBINI_CONFIG_V0, 1, [libini_config version lesser than 1.0.0]) ], [ AC_MSG_ERROR([Please install libini_config-devel]) ] ) ] ) AC_SUBST(INI_CONFIG_OBJ) AC_SUBST(INI_CONFIG_CFLAGS) AC_SUBST(INI_CONFIG_LIBS) sssd-1.11.5/src/external/PaxHeaders.13173/sizes.m40000644000000000000000000000007412320753107017563 xustar000000000000000030 atime=1396954939.696891115 30 ctime=1396954961.342875181 sssd-1.11.5/src/external/sizes.m40000664002412700241270000000247012320753107020010 0ustar00jhrozekjhrozek00000000000000# Solaris needs HAVE_LONG_LONG defined AC_CHECK_TYPES(long long) AC_CHECK_SIZEOF(int) AC_CHECK_SIZEOF(char) AC_CHECK_SIZEOF(short) AC_CHECK_SIZEOF(long) AC_CHECK_SIZEOF(long long) AC_CHECK_SIZEOF(uid_t) AC_CHECK_SIZEOF(gid_t) AC_CHECK_SIZEOF(id_t) if test $ac_cv_sizeof_long_long -lt 8 ; then AC_MSG_ERROR([SSSD requires long long of 64-bits]) fi AC_CHECK_TYPE(uint_t, unsigned int) AC_CHECK_TYPE(int8_t, char) AC_CHECK_TYPE(uint8_t, unsigned char) AC_CHECK_TYPE(int16_t, short) AC_CHECK_TYPE(uint16_t, unsigned short) if test $ac_cv_sizeof_int -eq 4 ; then AC_CHECK_TYPE(int32_t, int) AC_CHECK_TYPE(uint32_t, unsigned int) elif test $ac_cv_size_long -eq 4 ; then AC_CHECK_TYPE(int32_t, long) AC_CHECK_TYPE(uint32_t, unsigned long) else AC_MSG_ERROR([LIBREPLACE no 32-bit type found]) fi AC_CHECK_TYPE(int64_t, long long) AC_CHECK_TYPE(uint64_t, unsigned long long) AC_CHECK_TYPE(size_t, unsigned int) AC_CHECK_TYPE(ssize_t, int) AC_CHECK_SIZEOF(off_t) AC_CHECK_SIZEOF(size_t) AC_CHECK_SIZEOF(ssize_t) AC_CHECK_TYPES([intptr_t], [], [AC_DEFINE_UNQUOTED([intptr_t], [long long], [Define to `long long' if does not define.])]) AC_CHECK_TYPE(uintptr_t, unsigned long long) AC_CHECK_TYPE(ptrdiff_t, unsigned long long) sssd-1.11.5/src/external/PaxHeaders.13173/libtevent.m40000644000000000000000000000007412320753107020422 xustar000000000000000030 atime=1396954939.650891149 30 ctime=1396954961.332875188 sssd-1.11.5/src/external/libtevent.m40000664002412700241270000000112712320753107020645 0ustar00jhrozekjhrozek00000000000000AC_SUBST(TEVENT_OBJ) AC_SUBST(TEVENT_CFLAGS) AC_SUBST(TEVENT_LIBS) PKG_CHECK_MODULES([TEVENT], [tevent], [found_tevent=yes], [found_tevent=no]) SSS_AC_EXPAND_LIB_DIR() AS_IF([test x"$found_tevent" != xyes], [AC_CHECK_HEADER([tevent.h], [AC_CHECK_LIB([tevent], [tevent_context_init], [TEVENT_LIBS="-L$sss_extra_libdir -ltevent -ltalloc"], [AC_MSG_ERROR([libtevent missing tevent_context_init])], [-L$sss_extra_libdir -ltalloc])], [AC_MSG_ERROR([tevent header files are not installed])])] ) sssd-1.11.5/src/external/PaxHeaders.13173/libcmocka.m40000644000000000000000000000007412320753107020352 xustar000000000000000030 atime=1396954939.696891115 30 ctime=1396954961.340875182 sssd-1.11.5/src/external/libcmocka.m40000664002412700241270000000134612320753107020600 0ustar00jhrozekjhrozek00000000000000dnl A macro to check presence of cmocka on the system AC_DEFUN([AM_CHECK_CMOCKA], [ PKG_CHECK_EXISTS(cmocka, [AC_CHECK_HEADERS([stdarg.h stddef.h setjmp.h], [], dnl We are only intrested in action-if-not-found [AC_MSG_WARN([Header files stdarg.h stddef.h setjmp.h are required by cmocka]) cmocka_required_headers="no" ] ) AS_IF([test x"$cmocka_required_headers" != x"no"], [PKG_CHECK_MODULES([CMOCKA], [cmocka], [have_cmocka="yes"])] )], dnl PKG_CHECK_EXISTS ACTION-IF-NOT-FOUND [AC_MSG_WARN([No libcmocka library found, cmocka tests will not be built])] ) AM_CONDITIONAL([HAVE_CMOCKA], [test x$have_cmocka = xyes]) ]) sssd-1.11.5/src/external/PaxHeaders.13173/systemd.m40000644000000000000000000000007412320753107020116 xustar000000000000000030 atime=1396954939.732891089 30 ctime=1396954961.348875177 sssd-1.11.5/src/external/systemd.m40000664002412700241270000000042712320753107020343 0ustar00jhrozekjhrozek00000000000000dnl A macro to check presence of systemd on the system AC_DEFUN([AM_CHECK_SYSTEMD], [ PKG_CHECK_EXISTS(systemd, [ HAVE_SYSTEMD=1, AC_SUBST(HAVE_SYSTEMD) ], [AC_MSG_ERROR([Could not detect systemd presence])] ) ]) sssd-1.11.5/src/external/PaxHeaders.13173/pac_responder.m40000644000000000000000000000007412320753107021252 xustar000000000000000030 atime=1396954939.732891089 30 ctime=1396954961.349875176 sssd-1.11.5/src/external/pac_responder.m40000664002412700241270000000252412320753107021477 0ustar00jhrozekjhrozek00000000000000AC_SUBST(NDR_KRB5PAC_CFLAGS) AC_SUBST(NDR_KRB5PAC_LIBS) AC_ARG_ENABLE([pac-responder], [AS_HELP_STRING([--enable-pac-responder], [build pac responder])], [build_pac_responder=$enableval], [build_pac_responder=yes]) ndr_krb5pac_ok=no krb5_version_ok=no if test x$build_pac_responder == xyes then PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes, AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac])) AC_PATH_PROG(KRB5_CONFIG, krb5-config) AC_MSG_CHECKING(for supported MIT krb5 version) KRB5_VERSION="`$KRB5_CONFIG --version`" case $KRB5_VERSION in Kerberos\ 5\ release\ 1.9* | \ Kerberos\ 5\ release\ 1.10* | \ Kerberos\ 5\ release\ 1.11* | \ Kerberos\ 5\ release\ 1.12*) krb5_version_ok=yes AC_MSG_RESULT([yes]) ;; *) AC_MSG_RESULT([no]) AC_MSG_WARN([Cannot build authdata plugin with this version of MIT Kerberos, please use 1.9.x or later]) esac fi AM_CONDITIONAL([BUILD_PAC_RESPONDER], [test x$build_pac_responder = xyes -a x$ndr_krb5pac_ok = xyes -a x$krb5_version_ok = xyes ]) AM_COND_IF([BUILD_PAC_RESPONDER], [AC_DEFINE_UNQUOTED(HAVE_PAC_RESPONDER, 1, [Build with the PAC responder])]) sssd-1.11.5/src/external/PaxHeaders.13173/libcares.m40000644000000000000000000000007312320753107020211 xustar000000000000000029 atime=1396954939.69089112 30 ctime=1396954961.339875183 sssd-1.11.5/src/external/libcares.m40000664002412700241270000000210212320753107020427 0ustar00jhrozekjhrozek00000000000000AC_SUBST(CARES_OBJ) AC_SUBST(CARES_LIBS) AC_SUBST(CARES_CFLAGS) PKG_CHECK_MODULES([CARES], [libcares], [found_libcares=yes], [found_libcares=no]) SSS_AC_EXPAND_LIB_DIR() AS_IF([test x"$found_libcares" != xyes], [AC_CHECK_HEADERS([ares.h], [AC_CHECK_LIB([cares], [ares_init], [CARES_LIBS="-L$sss_extra_libdir -lcares"], [AC_MSG_ERROR([No usable c-ares library found])], [-L$sss_extra_libdir])], [AC_MSG_ERROR([c-ares header files are not installed])])] ) dnl Check if this particular version of c-ares supports the generic ares_free_data function AC_CHECK_LIB([cares], [ares_free_data], [AC_DEFINE([HAVE_ARES_DATA], 1, [Does c-ares have ares_free_data()?]) ], [ares_data=1], [$CARES_LIBS] ) AM_CONDITIONAL(BUILD_ARES_DATA, test x$ares_data = x1) dnl Check if this particular version of c-ares support the new TTL structures AC_CHECK_TYPES([struct ares_addrttl, struct ares_addr6ttl], [], [], [#include ]) sssd-1.11.5/src/external/PaxHeaders.13173/crypto.m40000644000000000000000000000007412320753107017746 xustar000000000000000030 atime=1396954939.726891093 30 ctime=1396954961.344875179 sssd-1.11.5/src/external/crypto.m40000664002412700241270000000047512320753107020176 0ustar00jhrozekjhrozek00000000000000AC_DEFUN([AM_CHECK_NSS], [PKG_CHECK_MODULES([NSS],[nss]) AC_DEFINE_UNQUOTED(HAVE_NSS, 1, [Build with NSS crypto back end]) ]) AC_DEFUN([AM_CHECK_LIBCRYPTO], [PKG_CHECK_MODULES([CRYPTO],[libcrypto]) AC_DEFINE_UNQUOTED(HAVE_LIBCRYPTO, 1, [Build with libcrypt crypto back end]) ]) sssd-1.11.5/src/external/PaxHeaders.13173/ldap.m40000644000000000000000000000007412320753107017346 xustar000000000000000030 atime=1396954939.668891136 30 ctime=1396954961.337875185 sssd-1.11.5/src/external/ldap.m40000664002412700241270000000701712320753107017575 0ustar00jhrozekjhrozek00000000000000dnl AC_SUBST(LDAP_LIBS) dnl dnl AC_CHECK_HEADERS(lber.h ldap.h, , AC_MSG_ERROR("could not locate ldap header files please install devel package")) dnl dnl AC_CHECK_LIB(lber, main, LDAP_LIBS="-llber $LDAP_LIBS") dnl AC_CHECK_LIB(ldap, main, LDAP_LIBS="-lldap $LDAP_LIBS") dnl dnl --------------------------------------------------------------------------- dnl - Check for Mozilla LDAP or OpenLDAP SDK dnl --------------------------------------------------------------------------- for p in /usr/include/openldap24 /usr/local/include; do if test -f "${p}/ldap.h"; then OPENLDAP_CFLAGS="${OPENLDAP_CFLAGS} -I${p}" break; fi done for p in /usr/lib64/openldap24 /usr/lib/openldap24 /usr/local/lib ; do if test -f "${p}/libldap.so"; then OPENLDAP_LIBS="${OPENLDAP_LIBS} -L${p}" break; fi done SAVE_CFLAGS=$CFLAGS SAVE_LIBS=$LIBS CFLAGS="$CFLAGS $OPENLDAP_CFLAGS" LIBS="$LIBS $OPENLDAP_LIBS" AC_CHECK_LIB(ldap, ldap_search, with_ldap=yes) dnl Check for other libraries we need to link with to get the main routines. test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes], , -llber) } test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes], , -llber -lkrb) } test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes with_ldap_des=yes], , -llber -lkrb -ldes) } CFLAGS=$SAVE_CFLAGS LIBS=$SAVE_LIBS dnl Recently, we need -lber even though the main routines are elsewhere, dnl because otherwise be get link errors w.r.t. ber_pvt_opt_on. So just dnl check for that (it's a variable not a fun but that doesn't seem to dnl matter in these checks) and stick in -lber if so. Can't hurt (even to dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who dnl #### understands LDAP needs to fix this properly. test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber, ber_pvt_opt_on, with_ldap_lber=yes) } if test "$with_ldap" = "yes"; then if test "$with_ldap_des" = "yes" ; then OPENLDAP_LIBS="${OPENLDAP_LIBS} -ldes" fi if test "$with_ldap_krb" = "yes" ; then OPENLDAP_LIBS="${OPENLDAP_LIBS} -lkrb" fi if test "$with_ldap_lber" = "yes" ; then OPENLDAP_LIBS="${OPENLDAP_LIBS} -llber" fi OPENLDAP_LIBS="${OPENLDAP_LIBS} -lldap" else AC_MSG_ERROR([OpenLDAP not found]) fi AC_SUBST(OPENLDAP_LIBS) AC_SUBST(OPENLDAP_CFLAGS) SAVE_CFLAGS=$CFLAGS SAVE_LIBS=$LIBS CFLAGS="$CFLAGS $OPENLDAP_CFLAGS" LIBS="$LIBS $OPENLDAP_LIBS" AC_CHECK_FUNCS([ldap_control_create ldap_init_fd \ ldap_create_deref_control_value \ ldap_parse_derefresponse_control \ ldap_derefresponse_free]) AC_CHECK_MEMBERS([struct ldap_conncb.lc_arg], [AC_RUN_IFELSE( [AC_LANG_PROGRAM( [[ #include ]], [[ struct ldap_conncb cb; return ldap_set_option(NULL, LDAP_OPT_CONNECT_CB, &cb); ]] )], [AC_DEFINE([HAVE_LDAP_CONNCB], [1], [Define if LDAP connection callbacks are available])], [AC_MSG_WARN([Found broken callback implementation])], [])], [], [[#include ]]) AC_CHECK_TYPE([LDAPDerefRes], [], [AC_MSG_ERROR([The OpenLDAP version found does not contain the required type LDAPDerefRes])], [[#include ]]) CFLAGS=$SAVE_CFLAGS LIBS=$SAVE_LIBS sssd-1.11.5/src/external/PaxHeaders.13173/glib.m40000644000000000000000000000007312320753107017342 xustar000000000000000029 atime=1396954939.74489108 30 ctime=1396954961.353875173 sssd-1.11.5/src/external/glib.m40000664002412700241270000000046112320753107017566 0ustar00jhrozekjhrozek00000000000000PKG_CHECK_MODULES([GLIB2],[glib-2.0]) if test x$has_glib2 != xno; then SAFE_LIBS="$LIBS" LIBS="$GLIB2_LIBS" AC_CHECK_FUNC([g_utf8_validate], AC_DEFINE([HAVE_G_UTF8_VALIDATE], [1], [Define if g_utf8_validate exists])) LIBS="$SAFE_LIBS" fisssd-1.11.5/src/external/PaxHeaders.13173/libtdb.m40000644000000000000000000000007412320753107017666 xustar000000000000000030 atime=1396954939.647891151 30 ctime=1396954961.331875189 sssd-1.11.5/src/external/libtdb.m40000664002412700241270000000103512320753107020107 0ustar00jhrozekjhrozek00000000000000AC_SUBST(TDB_OBJ) AC_SUBST(TDB_CFLAGS) AC_SUBST(TDB_LIBS) PKG_CHECK_MODULES([TDB], [tdb >= 1.1.3], [found_tdb=yes], [found_tdb=no]) SSS_AC_EXPAND_LIB_DIR() AS_IF([test x"$found_tdb" != xyes], [AC_CHECK_HEADERS([tdb.h], [AC_CHECK_LIB([tdb], [tdb_repack], [TDB_LIBS="-L$sss_extra_libdir -ltdb"], [AC_MSG_ERROR([library TDB must support tdb_repack])], [-L$sss_extra_libdir])], [AC_MSG_ERROR([tdb header files are not installed])])] ) sssd-1.11.5/src/external/PaxHeaders.13173/nscd.m40000644000000000000000000000007412320753107017355 xustar000000000000000030 atime=1396954939.726891093 30 ctime=1396954961.345875179 sssd-1.11.5/src/external/nscd.m40000664002412700241270000000037612320753107017605 0ustar00jhrozekjhrozek00000000000000AC_PATH_PROG(NSCD, nscd, $NSCD_PATH) AC_MSG_CHECKING(for nscd) AC_DEFINE_UNQUOTED([NSCD_PATH], "$NSCD", [The path to nscd, if available]) if test -x "$NSCD"; then AC_MSG_RESULT(yes) else AC_MSG_RESULT([not installed, assuming standard location]) fi sssd-1.11.5/src/external/PaxHeaders.13173/libpopt.m40000644000000000000000000000007312320753107020076 xustar000000000000000030 atime=1396954939.639891157 29 ctime=1396954961.33087519 sssd-1.11.5/src/external/libpopt.m40000664002412700241270000000106612320753107020324 0ustar00jhrozekjhrozek00000000000000POPT_OBJ="" AC_SUBST(POPT_OBJ) AC_SUBST(POPT_LIBS) AC_SUBST(POPT_CFLAGS) PKG_CHECK_MODULES([POPT], [popt], [found_popt=yes], [found_popt=no]) SSS_AC_EXPAND_LIB_DIR() AS_IF([test x"$found_popt" != xyes], [AC_CHECK_HEADERS([popt.h], [AC_CHECK_LIB([popt], [poptGetContext], [POPT_LIBS="-L$sss_extra_libdir -lpopt"], [AC_MSG_ERROR([POPT library must support poptGetContext])], [-L$sss_extra_libdir])], [AC_MSG_ERROR([POPT header files are not installed])])] ) sssd-1.11.5/src/external/PaxHeaders.13173/libndr_nbt.m40000644000000000000000000000007412320753107020543 xustar000000000000000030 atime=1396954939.737891085 30 ctime=1396954961.351875174 sssd-1.11.5/src/external/libndr_nbt.m40000664002412700241270000000024612320753107020767 0ustar00jhrozekjhrozek00000000000000AC_SUBST(NDR_NBT_CFLAGS) AC_SUBST(NDR_NBT_LIBS) PKG_CHECK_MODULES(NDR_NBT, ndr_nbt, , AC_MSG_ERROR("Please install Samba 4 development libraries"))sssd-1.11.5/src/external/PaxHeaders.13173/libldb.m40000644000000000000000000000007412320753107017656 xustar000000000000000030 atime=1396954939.653891147 30 ctime=1396954961.333875188 sssd-1.11.5/src/external/libldb.m40000664002412700241270000000244012320753107020100 0ustar00jhrozekjhrozek00000000000000AC_SUBST(LDB_OBJ) AC_SUBST(LDB_CFLAGS) AC_SUBST(LDB_LIBS) PKG_CHECK_MODULES(LDB, ldb >= 0.9.2) AC_CHECK_HEADERS(ldb.h ldb_module.h, [AC_CHECK_LIB(ldb, ldb_init, [LDB_LIBS="-lldb"], , -ltevent -ltdb -ldl -lldap) ], [AC_MSG_ERROR([LDB header files are not installed])] ) AC_ARG_WITH([ldb-lib-dir], [AC_HELP_STRING([--with-ldb-lib-dir=PATH], [Path to store ldb modules [${libdir}/ldb]] ) ] ) if test x"$with_ldb_lib_dir" != x; then ldblibdir=$with_ldb_lib_dir else ldblibdir="`$PKG_CONFIG --variable=modulesdir ldb`" if ! test -d $ldblibdir; then ldblibdir="${libdir}/ldb" fi fi AC_MSG_CHECKING([feature ldb runtime version check]) AC_ARG_ENABLE(ldb-version-check, [AS_HELP_STRING([--enable-ldb-version-check], [compile with ldb runtime version check [default=no]])], enable_ldb_version_check="$enableval", enable_ldb_version_check="no") if test x"$enable_ldb_version_check" = xyes ; then AC_MSG_RESULT([yes]) AC_DEFINE([SSS_LDB_VERSION_CHECK], [1], [Define to 1 if you want ldb version check.]) else AC_MSG_RESULT([no]) fi AC_MSG_NOTICE([ldb lib directory: $ldblibdir]) AC_SUBST(ldblibdir) sssd-1.11.5/src/external/PaxHeaders.13173/signal.m40000644000000000000000000000007412320753107017703 xustar000000000000000030 atime=1396954939.735891086 30 ctime=1396954961.350875175 sssd-1.11.5/src/external/signal.m40000664002412700241270000000007512320753107020127 0ustar00jhrozekjhrozek00000000000000AC_CHECK_FUNCS(sigprocmask sigblock sigaction getpgrp prctl) sssd-1.11.5/src/external/PaxHeaders.13173/pam.m40000644000000000000000000000007412320753107017203 xustar000000000000000030 atime=1396954939.666891137 30 ctime=1396954961.336875185 sssd-1.11.5/src/external/pam.m40000664002412700241270000000042512320753107017426 0ustar00jhrozekjhrozek00000000000000AC_SUBST(PAM_LIBS) AC_CHECK_HEADERS([security/pam_appl.h security/pam_misc.h security/pam_modules.h], [AC_CHECK_LIB(pam, pam_get_item, [ PAM_LIBS="-lpam" ], [AC_MSG_ERROR([PAM must support pam_get_item])])], [AC_MSG_ERROR([PAM development libraries not installed])] ) sssd-1.11.5/src/external/PaxHeaders.13173/pkg.m40000644000000000000000000000007412320753107017207 xustar000000000000000030 atime=1396954939.639891157 30 ctime=1396954961.329875191 sssd-1.11.5/src/external/pkg.m40000664002412700241270000001205412320753107017433 0ustar00jhrozekjhrozek00000000000000# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- # # Copyright © 2004 Scott James Remnant . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # PKG_PROG_PKG_CONFIG([MIN-VERSION]) # ---------------------------------- AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_PATH)?$]) AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) fi if test -n "$PKG_CONFIG"; then _pkg_min_version=m4_default([$1], [0.9.0]) AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) PKG_CONFIG="" fi fi[]dnl ])# PKG_PROG_PKG_CONFIG # PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # # Check to see whether a particular set of modules exists. Similar # to PKG_CHECK_MODULES(), but does not set variables or print errors. # # # Similar to PKG_CHECK_MODULES, make sure that the first instance of # this or PKG_CHECK_MODULES is called, or make sure to call # PKG_CHECK_EXISTS manually # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then m4_ifval([$2], [$2], [:]) m4_ifvaln([$3], [else $3])dnl fi]) # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) # --------------------------------------------- m4_define([_PKG_CONFIG], [if test -n "$PKG_CONFIG"; then if test -n "$$1"; then pkg_cv_[]$1="$$1" else PKG_CHECK_EXISTS([$3], [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], [pkg_failed=yes]) fi else pkg_failed=untried fi[]dnl ])# _PKG_CONFIG # _PKG_SHORT_ERRORS_SUPPORTED # ----------------------------- AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], [AC_REQUIRE([PKG_PROG_PKG_CONFIG]) if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi[]dnl ])# _PKG_SHORT_ERRORS_SUPPORTED # PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], # [ACTION-IF-NOT-FOUND]) # # # Note that if there is a possibility the first call to # PKG_CHECK_MODULES might not happen, you should be sure to include an # explicit call to PKG_PROG_PKG_CONFIG in your configure.ac # # # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_MODULES], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl pkg_failed=no AC_MSG_CHECKING([for $1]) _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) _PKG_CONFIG([$1][_LIBS], [libs], [$2]) m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS and $1[]_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.]) if test $pkg_failed = yes; then _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"` else $1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"` fi # Put the nasty error message in config.log where it belongs echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD ifelse([$4], , [AC_MSG_ERROR(dnl [Package requirements ($2) were not met: $$1_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. _PKG_TEXT ])], [AC_MSG_RESULT([no]) $4]) elif test $pkg_failed = untried; then ifelse([$4], , [AC_MSG_FAILURE(dnl [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. _PKG_TEXT To get pkg-config, see .])], [$4]) else $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS $1[]_LIBS=$pkg_cv_[]$1[]_LIBS AC_MSG_RESULT([yes]) ifelse([$3], , :, [$3]) fi[]dnl ])# PKG_CHECK_MODULES sssd-1.11.5/src/external/PaxHeaders.13173/libnl.m40000644000000000000000000000007412320753107017526 xustar000000000000000030 atime=1396954939.731891089 30 ctime=1396954961.347875177 sssd-1.11.5/src/external/libnl.m40000664002412700241270000000442412320753107017754 0ustar00jhrozekjhrozek00000000000000dnl A macro to check if this particular version of libnl supports particular common libnl functions AC_DEFUN([AM_CHECK_LIBNL_FCS], [ AC_CHECK_LIB($1, [nl_socket_add_membership], [AC_DEFINE([HAVE_NL_SOCKET_ADD_MEMBERSHIP], 1, [Does libnl have nl_socket_add_membership?]) ], ) AC_CHECK_LIB($1, [nl_socket_modify_cb], [AC_DEFINE([HAVE_NL_SOCKET_MODIFY_CB], 1, [Does libnl have nl_socket_modify_cb?]) ], ) AC_CHECK_LIB($1, [rtnl_route_get_oif], [AC_DEFINE([HAVE_RTNL_ROUTE_GET_OIF], 1, [Does libnl have rtnl_route_get_oif?]) ], ) AC_CHECK_LIB($1, [nl_set_passcred], [AC_DEFINE([HAVE_NL_SET_PASSCRED], 1, [Does libnl have nl_set_passcred?]) ], ) AC_CHECK_LIB($1, [nl_socket_set_passcred], [AC_DEFINE([HAVE_NL_SOCKET_SET_PASSCRED], 1, [Does libnl have nl_socket_set_passcred?]) ], ) ]) dnl A macro to check the availability and version of libnetlink AC_DEFUN([AM_CHECK_LIBNL1], [ PKG_CHECK_MODULES(LIBNL, libnl-1 >= 1.1,[ HAVE_LIBNL=1 HAVE_LIBNL1=1 AC_DEFINE_UNQUOTED(HAVE_LIBNL, 1, [Build with libnetlink support]) AC_DEFINE_UNQUOTED(HAVE_LIBNL1, 1, [Libnetlink version = 1]) AC_MSG_NOTICE([Building with libnl]) AC_CHECK_HEADERS(netlink.h) AC_CHECK_LIB(nl, nl_connect, [ LIBNL_LIBS="-lnl" ], [AC_MSG_ERROR([libnl is required])]) AM_CHECK_LIBNL_FCS(nl) ],[AC_MSG_WARN([Netlink v1 support unavailable or too old])]) AC_SUBST(LIBNL_CFLAGS) AC_SUBST(LIBNL_LIBS) ]) dnl A macro to check the availability of libnetlink version 3 AC_DEFUN([AM_CHECK_LIBNL3], [ PKG_CHECK_MODULES(LIBNL, [ libnl-3.0 >= 3.0 libnl-route-3.0 >= 3.0], [ HAVE_LIBNL=1 HAVE_LIBNL3=1 AC_DEFINE_UNQUOTED(HAVE_LIBNL, 1, [Build with libnetlink support]) AC_DEFINE_UNQUOTED(HAVE_LIBNL3, 1, [Libnetlink version = 3]) AC_MSG_NOTICE([Building with libnl3]) AM_CHECK_LIBNL_FCS(nl-3) ],[AC_MSG_WARN([Netlink v3 support unavailable or too old])]) AC_SUBST(LIBNL_CFLAGS) AC_SUBST(LIBNL_LIBS) ]) sssd-1.11.5/src/external/PaxHeaders.13173/krb5.m40000644000000000000000000000007412320753107017271 xustar000000000000000030 atime=1396954939.679891128 30 ctime=1396954961.339875183 sssd-1.11.5/src/external/krb5.m40000664002412700241270000000647012320753107017522 0ustar00jhrozekjhrozek00000000000000AC_SUBST(KRB5_CFLAGS) AC_SUBST(KRB5_LIBS) if test x$KRB5_LIBS != x; then KRB5_PASSED_LIBS=$KRB5_LIBS fi if test x$KRB5_CFLAGS != x; then KRB5_PASSED_CFLAGS=$KRB5_CFLAGS fi AC_PATH_PROG(KRB5_CONFIG, krb5-config) AC_MSG_CHECKING(for working krb5-config) if test -x "$KRB5_CONFIG"; then KRB5_CFLAGS="`$KRB5_CONFIG --cflags`" KRB5_LIBS="`$KRB5_CONFIG --libs`" AC_MSG_RESULT(yes) else AC_MSG_RESULT([no]) if test x$KRB5_PASSED_LIBS = x; then AC_MSG_ERROR([Please install MIT kerberos devel package]) fi fi if test x$KRB5_PASSED_LIBS != x; then KRB5_LIBS=$KRB5_PASSED_LIBS fi if test x$KRB5_PASSED_CFLAGS != x; then KRB5_CFLAGS=$KRB5_PASSED_CFLAGS fi AC_ARG_VAR([KRB5_CFLAGS], [C compiler flags for kerberos, overriding krb5-config])dnl AC_ARG_VAR([KRB5_LIBS], [linker flags for kerberos, overriding krb5-config])dnl SAVE_CFLAGS=$CFLAGS SAVE_LIBS=$LIBS CFLAGS="$CFLAGS $KRB5_CFLAGS" LIBS="$LIBS $KRB5_LIBS" AC_CHECK_HEADERS([krb5.h krb5/krb5.h]) AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [], [ #ifdef HAVE_KRB5_KRB5_H #include #else #include #endif ]) AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \ krb5_free_unparsed_name \ krb5_get_init_creds_opt_set_expire_callback \ krb5_get_init_creds_opt_set_fast_ccache_name \ krb5_get_init_creds_opt_set_fast_flags \ krb5_get_init_creds_opt_set_canonicalize \ krb5_get_init_creds_opt_set_responder \ krb5_parse_name_flags \ krb5_unparse_name_flags \ krb5_get_init_creds_opt_set_change_password_prompt \ krb5_free_keytab_entry_contents \ krb5_kt_free_entry \ krb5_princ_realm \ krb5_get_time_offsets \ krb5_principal_get_realm \ krb5_cc_cache_match \ krb5_timestamp_to_sfstring \ krb5_set_trace_callback \ krb5_find_authdata \ krb5_cc_get_full_name]) CFLAGS=$SAVE_CFLAGS LIBS=$SAVE_LIBS CFLAGS="$CFLAGS $KRB5_CFLAGS" LIBS="$LIBS $KRB5_LIBS" if test x$ac_cv_header_krb5_h != xyes -a x$ac_cv_header_krb5_krb5_h != xyes then AC_MSG_ERROR(you must have Kerberos 5 header files to build sssd) fi AC_ARG_ENABLE([krb5-locator-plugin], [AS_HELP_STRING([--disable-krb5-locator-plugin], [do not build Kerberos locator plugin])], [build_locator=$enableval], [build_locator=yes]) AC_CHECK_HEADER([krb5/locate_plugin.h], [have_locate_plugin=yes], [have_locate_plugin=no] [AC_MSG_NOTICE([Kerberos locator plugin cannot be built])], [ #ifdef HAVE_KRB5_KRB5_H #include #else #include #endif ]) AM_CONDITIONAL([BUILD_KRB5_LOCATOR_PLUGIN], [test x$have_locate_plugin = xyes -a x$build_locator = xyes]) AM_COND_IF([BUILD_KRB5_LOCATOR_PLUGIN], [AC_DEFINE_UNQUOTED(HAVE_KRB5_LOCATOR_PLUGIN, 1, [Build with krb5 locator plugin])]) CFLAGS=$SAVE_CFLAGS LIBS=$SAVE_LIBS sssd-1.11.5/src/external/PaxHeaders.13173/libdhash.m40000644000000000000000000000007412320753107020204 xustar000000000000000030 atime=1396954939.658891143 30 ctime=1396954961.334875187 sssd-1.11.5/src/external/libdhash.m40000664002412700241270000000025512320753107020430 0ustar00jhrozekjhrozek00000000000000AC_SUBST(DHASH_OBJ) AC_SUBST(DHASH_CFLAGS) AC_SUBST(DHASH_LIBS) PKG_CHECK_MODULES(DHASH, dhash >= 0.4.2, , AC_MSG_ERROR("Please install libdhash-devel") ) sssd-1.11.5/src/external/PaxHeaders.13173/python.m40000644000000000000000000000007312320753107017746 xustar000000000000000030 atime=1396954939.726891093 29 ctime=1396954961.34387518 sssd-1.11.5/src/external/python.m40000664002412700241270000000566412320753107020204 0ustar00jhrozekjhrozek00000000000000dnl Check for python-config and substitute needed CFLAGS and LDFLAGS dnl Usage: dnl AM_PYTHON_CONFIG AC_DEFUN([AM_PYTHON_CONFIG], [ AC_SUBST(PYTHON_CFLAGS) AC_SUBST(PYTHON_LIBS) dnl We need to check for python build flags using distutils.sysconfig dnl We cannot use python-config, as it was not available on older dnl versions of python AC_PATH_PROG(PYTHON, python) AC_MSG_CHECKING([for working python]) if test -x "$PYTHON"; then PYTHON_CFLAGS="`$PYTHON -c \"from distutils import sysconfig; \ print '-I' + sysconfig.get_python_inc() + \ ' -I' + sysconfig.get_python_inc(plat_specific=True) + ' ' + \ sysconfig.get_config_var('BASECFLAGS')\"`" PYTHON_LIBS="`$PYTHON -c \"from distutils import sysconfig; \ print \\\" \\\".join(sysconfig.get_config_var('LIBS').split() + \ sysconfig.get_config_var('SYSLIBS').split()) + \ ' -lpython' + sysconfig.get_config_var('VERSION') + \ ' -L' + sysconfig.get_config_var('LIBDIR')\"`" AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) AC_MSG_ERROR([Please install python devel package]) fi ]) dnl Taken from GNOME sources dnl a macro to check for ability to create python extensions dnl AM_CHECK_PYTHON_HEADERS([ACTION-IF-POSSIBLE], [ACTION-IF-NOT-POSSIBLE]) dnl function also defines PYTHON_INCLUDES AC_DEFUN([AM_CHECK_PYTHON_HEADERS], [AC_REQUIRE([AM_PATH_PYTHON]) AC_MSG_CHECKING(for headers required to compile python extensions) dnl deduce PYTHON_INCLUDES py_prefix=`$PYTHON -c "import sys; print sys.prefix"` py_exec_prefix=`$PYTHON -c "import sys; print sys.exec_prefix"` PYTHON_INCLUDES="-I${py_prefix}/include/python${PYTHON_VERSION}" if test "$py_prefix" != "$py_exec_prefix"; then PYTHON_INCLUDES="$PYTHON_INCLUDES -I${py_exec_prefix}/include/python${PYTHON_VERSION}" fi AC_SUBST(PYTHON_INCLUDES) dnl check if the headers exist: save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $PYTHON_INCLUDES" AC_TRY_CPP([#include ],dnl [AC_MSG_RESULT([found]) $1],dnl [AC_MSG_RESULT([not found]) $2]) CPPFLAGS="$save_CPPFLAGS" ]) dnl Checks for a couple of functions we use that may not be defined dnl in some older python versions used e.g. on RHEL5 AC_DEFUN([AM_CHECK_PYTHON_COMPAT], [AC_REQUIRE([AM_CHECK_PYTHON_HEADERS]) save_CPPFLAGS="$CPPFLAGS" save_LIBS="$LIBS" CPPFLAGS="$CPPFLAGS $PYTHON_INCLUDES" LIBS="$LIBS $PYTHON_LIBS" AC_CHECK_TYPE(Py_ssize_t, [ AC_DEFINE_UNQUOTED(HAVE_PY_SSIZE_T, 1, [Native Py_ssize_t type]) ], [], [[#include ]]) AC_CHECK_FUNCS([PySet_New PySet_Add PyErr_NewExceptionWithDoc]) AC_CHECK_DECLS([PySet_Check, PyModule_AddIntMacro, PyUnicode_FromString], [], [], [[#include ]]) CPPFLAGS="$save_CPPFLAGS" LIBS="$save_LIBS" ]) sssd-1.11.5/src/external/PaxHeaders.13173/nsupdate.m40000644000000000000000000000007412320753107020251 xustar000000000000000030 atime=1396954939.727891092 30 ctime=1396954961.346875178 sssd-1.11.5/src/external/nsupdate.m40000664002412700241270000000113112320753107020467 0ustar00jhrozekjhrozek00000000000000AC_PATH_PROG(NSUPDATE, nsupdate) AC_MSG_CHECKING(for executable nsupdate) if test -x "$NSUPDATE"; then AC_DEFINE_UNQUOTED([NSUPDATE_PATH], ["$NSUPDATE"], [The path to nsupdate]) AC_MSG_RESULT(yes) AC_MSG_CHECKING(for nsupdate 'realm' support') if AC_RUN_LOG([echo realm |$NSUPDATE >&2]); then AC_MSG_RESULT([yes]) AC_DEFINE_UNQUOTED([HAVE_NSUPDATE_REALM], 1, [Whether to use the 'realm' directive with nsupdate]) else AC_MSG_RESULT([no]) AC_MSG_WARN([Will build without the 'realm' directive]) fi else AC_MSG_RESULT([no]) AC_MSG_ERROR([nsupdate is not available]) fi sssd-1.11.5/src/PaxHeaders.13173/confdb0000644000000000000000000000013212320753521015513 xustar000000000000000030 mtime=1396954961.758874874 30 atime=1396955003.534843847 30 ctime=1396954961.758874874 sssd-1.11.5/src/confdb/0000775002412700241270000000000012320753521016017 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/confdb/PaxHeaders.13173/confdb_private.h0000644000000000000000000000007412320753107020733 xustar000000000000000030 atime=1396954939.252891441 30 ctime=1396954961.460875094 sssd-1.11.5/src/confdb/confdb_private.h0000664002412700241270000000206112320753107021154 0ustar00jhrozekjhrozek00000000000000/* SSSD Configuration Database Copyright (C) Stephen Gallagher 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef CONFDB_PRIVATE_H_ #define CONFDB_PRIVATE_H_ struct confdb_ctx { struct tevent_context *pev; struct ldb_context *ldb; struct sss_domain_info *doms; }; int parse_section(TALLOC_CTX *mem_ctx, const char *section, char **sec_dn, const char **rdn_name); #endif /* CONFDB_PRIVATE_H_ */ sssd-1.11.5/src/confdb/PaxHeaders.13173/confdb.c0000644000000000000000000000007412320753107017174 xustar000000000000000030 atime=1396954939.252891441 30 ctime=1396954961.656874949 sssd-1.11.5/src/confdb/confdb.c0000664002412700241270000010277312320753107017430 0ustar00jhrozekjhrozek00000000000000/* SSSD NSS Configuratoin DB Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include #include "util/util.h" #include "confdb/confdb.h" #include "confdb/confdb_private.h" #include "util/strtonum.h" #include "db/sysdb.h" #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ if (!var) { \ ret = err; \ goto label; \ } \ } while(0) static char *prepend_cn(char *str, int *slen, const char *comp, int clen) { char *ret; ret = talloc_realloc(NULL, str, char, *slen + 4 + clen + 1); if (!ret) return NULL; /* move current string to the end */ memmove(&ret[clen +4], ret, *slen+1); /* includes termination */ memcpy(ret, "cn=", 3); memcpy(&ret[3], comp, clen); ret[clen+3] = ','; *slen = *slen + 4 + clen; return ret; } int parse_section(TALLOC_CTX *mem_ctx, const char *section, char **sec_dn, const char **rdn_name) { TALLOC_CTX *tmp_ctx; char *dn = NULL; char *p; const char *s; int l, ret; /* section must be a non null string and must not start with '/' */ if (!section || !*section || *section == '/') return EINVAL; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) return ENOMEM; s = section; l = 0; while ((p = strchrnul(s, '/'))) { if (l == 0) { dn = talloc_asprintf(tmp_ctx, "cn=%s", s); l = 3 + (p-s); dn[l] = '\0'; } else { dn = prepend_cn(dn, &l, s, p-s); } if (!dn) { ret = ENOMEM; goto done; } if (*p == '\0') { if (rdn_name) *rdn_name = s; break; /* reached end */ } s = p+1; if (*s == '\0') { /* a section cannot end in '.' */ ret = EINVAL; goto done; } } *sec_dn = talloc_steal(mem_ctx, dn); ret = EOK; done: talloc_free(tmp_ctx); return ret; } int confdb_add_param(struct confdb_ctx *cdb, bool replace, const char *section, const char *attribute, const char **values) { TALLOC_CTX *tmp_ctx = NULL; struct ldb_message *msg; struct ldb_result *res; struct ldb_dn *dn; char *secdn; const char *rdn_name; int ret, i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } ret = parse_section(tmp_ctx, section, &secdn, &rdn_name); if (ret != EOK) { goto done; } dn = ldb_dn_new(tmp_ctx, cdb->ldb, secdn); CONFDB_ZERO_CHECK_OR_JUMP(dn, ret, EIO, done); ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } msg = ldb_msg_new(tmp_ctx); CONFDB_ZERO_CHECK_OR_JUMP(msg, ret, ENOMEM, done); msg->dn = talloc_steal(msg, dn); CONFDB_ZERO_CHECK_OR_JUMP(msg->dn, ret, ENOMEM, done); if (res->count == 0) { /* add a new message */ errno = 0; /* cn first */ ret = ldb_msg_add_string(msg, "cn", rdn_name); if (ret != LDB_SUCCESS) { if (errno) ret = errno; else ret = EIO; goto done; } /* now the requested attribute */ for (i = 0; values[i]; i++) { ret = ldb_msg_add_string(msg, attribute, values[i]); if (ret != LDB_SUCCESS) { if (errno) ret = errno; else ret = EIO; goto done; } } ret = ldb_add(cdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } } else { int optype; errno = 0; /* mark this as a replacement */ if (replace) optype = LDB_FLAG_MOD_REPLACE; else optype = LDB_FLAG_MOD_ADD; ret = ldb_msg_add_empty(msg, attribute, optype, NULL); if (ret != LDB_SUCCESS) { if (errno) ret = errno; else ret = EIO; goto done; } /* now the requested attribute */ for (i = 0; values[i]; i++) { ret = ldb_msg_add_string(msg, attribute, values[i]); if (ret != LDB_SUCCESS) { if (errno) ret = errno; else ret = EIO; goto done; } } ret = ldb_modify(cdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } } ret = EOK; done: talloc_free(tmp_ctx); if (ret != EOK) { DEBUG(1, ("Failed to add [%s] to [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret))); } return ret; } int confdb_get_param(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx, const char *section, const char *attribute, char ***values) { TALLOC_CTX *tmp_ctx; struct ldb_result *res; struct ldb_dn *dn; char *secdn; const char *attrs[] = { attribute, NULL }; char **vals; struct ldb_message_element *el; int ret, i; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) return ENOMEM; ret = parse_section(tmp_ctx, section, &secdn, NULL); if (ret != EOK) { goto done; } dn = ldb_dn_new(tmp_ctx, cdb->ldb, secdn); if (!dn) { ret = EIO; goto done; } ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, NULL); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } if (res->count > 1) { ret = EIO; goto done; } vals = talloc_zero(mem_ctx, char *); ret = EOK; if (res->count > 0) { el = ldb_msg_find_element(res->msgs[0], attribute); if (el && el->num_values > 0) { vals = talloc_realloc(mem_ctx, vals, char *, el->num_values +1); if (!vals) { ret = ENOMEM; goto done; } /* should always be strings so this should be safe */ for (i = 0; i < el->num_values; i++) { struct ldb_val v = el->values[i]; vals[i] = talloc_strndup(vals, (char *)v.data, v.length); if (!vals[i]) { ret = ENOMEM; goto done; } } vals[i] = NULL; } } *values = vals; done: talloc_free(tmp_ctx); if (ret != EOK) { DEBUG(1, ("Failed to get [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret))); } return ret; } int confdb_set_bool(struct confdb_ctx *cdb, const char *section, const char *attribute, bool val) { TALLOC_CTX *tmp_ctx; struct ldb_dn *dn; char *secdn; struct ldb_message *msg; int ret, lret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; ret = parse_section(tmp_ctx, section, &secdn, NULL); if (ret != EOK) { goto done; } dn = ldb_dn_new(tmp_ctx, cdb->ldb, secdn); if (!dn) { ret = EIO; goto done; } msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = dn; lret = ldb_msg_add_empty(msg, attribute, LDB_FLAG_MOD_REPLACE, NULL); if (lret != LDB_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("ldb_msg_add_empty failed: [%s]\n", ldb_strerror(lret))); ret = EIO; goto done; } if (val) { lret = ldb_msg_add_string(msg, attribute, "True"); } else { lret = ldb_msg_add_string(msg, attribute, "False"); } if (lret != LDB_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("ldb_msg_add_string failed: [%s]\n", ldb_strerror(lret))); ret = EIO; goto done; } lret = ldb_modify(cdb->ldb, msg); if (lret != LDB_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("ldb_modify failed: [%s]\n", ldb_strerror(lret))); ret = EIO; goto done; } ret = EOK; done: talloc_free(tmp_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to set [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret))); } return ret; } int confdb_get_string(struct confdb_ctx *cdb, TALLOC_CTX *ctx, const char *section, const char *attribute, const char *defstr, char **result) { char **values = NULL; char *restr; int ret; ret = confdb_get_param(cdb, ctx, section, attribute, &values); if (ret != EOK) { goto failed; } if (values[0]) { if (values[1] != NULL) { /* too many values */ ret = EINVAL; goto failed; } restr = talloc_steal(ctx, values[0]); } else { /* Did not return a value, so use the default */ if (defstr == NULL) { /* No default given */ *result = NULL; talloc_free(values); return EOK; } /* Copy the default string */ restr = talloc_strdup(ctx, defstr); } if (!restr) { ret = ENOMEM; goto failed; } talloc_free(values); *result = restr; return EOK; failed: talloc_free(values); DEBUG(1, ("Failed to get [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret))); return ret; } int confdb_get_int(struct confdb_ctx *cdb, const char *section, const char *attribute, int defval, int *result) { char **values = NULL; long val; int ret; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto failed; } ret = confdb_get_param(cdb, tmp_ctx, section, attribute, &values); if (ret != EOK) { goto failed; } if (values[0]) { if (values[1] != NULL) { /* too many values */ ret = EINVAL; goto failed; } errno = 0; val = strtol(values[0], NULL, 0); if (errno) { ret = errno; goto failed; } if (val < INT_MIN || val > INT_MAX) { ret = ERANGE; goto failed; } } else { val = defval; } talloc_free(tmp_ctx); *result = (int)val; return EOK; failed: talloc_free(tmp_ctx); DEBUG(1, ("Failed to read [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret))); return ret; } long confdb_get_long(struct confdb_ctx *cdb, const char *section, const char *attribute, long defval, long *result) { char **values = NULL; long val; int ret; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto failed; } ret = confdb_get_param(cdb, tmp_ctx, section, attribute, &values); if (ret != EOK) { goto failed; } if (values[0]) { if (values[1] != NULL) { /* too many values */ ret = EINVAL; goto failed; } errno = 0; val = strtol(values[0], NULL, 0); if (errno) { ret = errno; goto failed; } } else { val = defval; } talloc_free(tmp_ctx); *result = val; return EOK; failed: talloc_free(tmp_ctx); DEBUG(1, ("Failed to read [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret))); return ret; } int confdb_get_bool(struct confdb_ctx *cdb, const char *section, const char *attribute, bool defval, bool *result) { char **values = NULL; bool val; int ret; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto failed; } ret = confdb_get_param(cdb, tmp_ctx, section, attribute, &values); if (ret != EOK) { goto failed; } if (values[0]) { if (values[1] != NULL) { /* too many values */ ret = EINVAL; goto failed; } if (strcasecmp(values[0], "FALSE") == 0) { val = false; } else if (strcasecmp(values[0], "TRUE") == 0) { val = true; } else { DEBUG(2, ("Value is not a boolean!\n")); ret = EINVAL; goto failed; } } else { val = defval; } talloc_free(tmp_ctx); *result = val; return EOK; failed: talloc_free(tmp_ctx); DEBUG(1, ("Failed to read [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret))); return ret; } /* WARNING: Unlike other similar functions, this one does NOT take a default, * and returns ENOENT if the attribute was not found ! */ int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx, const char *section, const char *attribute, char ***result) { char **values = NULL; int ret; ret = confdb_get_param(cdb, ctx, section, attribute, &values); if (ret != EOK) { goto done; } if (values && values[0]) { if (values[1] != NULL) { /* too many values */ ret = EINVAL; goto done; } } else { /* Did not return a value */ ret = ENOENT; goto done; } ret = split_on_separator(ctx, values[0], ',', true, true, result, NULL); done: talloc_free(values); if (ret != EOK && ret != ENOENT) { DEBUG(2, ("Failed to get [%s] from [%s], error [%d] (%s)\n", attribute, section, ret, strerror(ret))); } return ret; } int confdb_init(TALLOC_CTX *mem_ctx, struct confdb_ctx **cdb_ctx, const char *confdb_location) { struct confdb_ctx *cdb; int ret = EOK; mode_t old_umask; cdb = talloc_zero(mem_ctx, struct confdb_ctx); if (!cdb) return ENOMEM; /* Because confdb calls use sync ldb calls, we create a separate event * context here. This will prevent the ldb sync calls to start nested * events. * NOTE: this means that we *cannot* do async calls and return in confdb * unless we convert all calls and hook back to the main event context. */ cdb->pev = tevent_context_init(cdb); if (!cdb->pev) { talloc_free(cdb); return EIO; } cdb->ldb = ldb_init(cdb, cdb->pev); if (!cdb->ldb) { talloc_free(cdb); return EIO; } ret = ldb_set_debug(cdb->ldb, ldb_debug_messages, NULL); if (ret != LDB_SUCCESS) { DEBUG(0,("Could not set up debug fn.\n")); talloc_free(cdb); return EIO; } old_umask = umask(0177); ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); umask(old_umask); if (ret != LDB_SUCCESS) { DEBUG(0, ("Unable to open config database [%s]\n", confdb_location)); talloc_free(cdb); return EIO; } *cdb_ctx = cdb; return EOK; } static errno_t get_entry_as_uint32(struct ldb_message *msg, uint32_t *return_value, const char *entry, uint32_t default_value) { const char *tmp = NULL; char *endptr; uint32_t u32ret = 0; *return_value = 0; if (!msg || !entry) { return EFAULT; } tmp = ldb_msg_find_attr_as_string(msg, entry, NULL); if (tmp == NULL) { *return_value = default_value; return EOK; } if ((*tmp == '-') || (*tmp == '\0')) { return EINVAL; } u32ret = strtouint32 (tmp, &endptr, 10); if (errno) { return errno; } if (*endptr != '\0') { /* Not all of the string was a valid number */ return EINVAL; } *return_value = u32ret; return EOK; } static errno_t get_entry_as_bool(struct ldb_message *msg, bool *return_value, const char *entry, bool default_value) { const char *tmp = NULL; *return_value = 0; if (!msg || !entry) { return EFAULT; } tmp = ldb_msg_find_attr_as_string(msg, entry, NULL); if (tmp == NULL || *tmp == '\0') { *return_value = default_value; return EOK; } if (strcasecmp(tmp, "FALSE") == 0) { *return_value = 0; } else if (strcasecmp(tmp, "TRUE") == 0) { *return_value = 1; } else { return EINVAL; } return EOK; } /* The default UID/GID for domains is 1. This wouldn't work well with * the local provider */ static uint32_t confdb_get_min_id(struct sss_domain_info *domain) { uint32_t defval = SSSD_MIN_ID; if (domain && strcasecmp(domain->provider, "local") == 0) { defval = SSSD_LOCAL_MINID; } return defval; } static int confdb_get_domain_internal(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx, const char *name, struct sss_domain_info **_domain) { struct sss_domain_info *domain; struct ldb_result *res; TALLOC_CTX *tmp_ctx; struct ldb_dn *dn; const char *tmp; int ret, val; uint32_t entry_cache_timeout; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) return ENOMEM; dn = ldb_dn_new_fmt(tmp_ctx, cdb->ldb, "cn=%s,%s", name, CONFDB_DOMAIN_BASEDN); if (!dn) { ret = ENOMEM; goto done; } ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } if (res->count != 1) { DEBUG(0, ("Unknown domain [%s]\n", name)); ret = ENOENT; goto done; } domain = talloc_zero(mem_ctx, struct sss_domain_info); if (!domain) { ret = ENOMEM; goto done; } tmp = ldb_msg_find_attr_as_string(res->msgs[0], "cn", NULL); if (!tmp) { DEBUG(0, ("Invalid configuration entry, fatal error!\n")); ret = EINVAL; goto done; } domain->name = talloc_strdup(domain, tmp); if (!domain->name) { ret = ENOMEM; goto done; } domain->conn_name = domain->name; tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_DOMAIN_ID_PROVIDER, NULL); if (tmp) { domain->provider = talloc_strdup(domain, tmp); if (!domain->provider) { ret = ENOMEM; goto done; } } else { DEBUG(0, ("Domain [%s] does not specify an ID provider, disabling!\n", domain->name)); ret = EINVAL; goto done; } if (strcasecmp(domain->provider, "files") == 0) { /* The files provider is not valid anymore */ DEBUG(0, ("The \"files\" provider is invalid\n")); ret = EINVAL; goto done; } if (strcasecmp(domain->provider, "local") == 0) { /* If this is the local provider, we need to ensure that * no other provider was specified for other types, since * the local provider cannot load them. */ tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_DOMAIN_AUTH_PROVIDER, NULL); if (tmp && strcasecmp(tmp, "local") != 0) { DEBUG(0, ("Local ID provider does not support [%s] as an AUTH provider.\n", tmp)); ret = EINVAL; goto done; } tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_DOMAIN_ACCESS_PROVIDER, NULL); if (tmp && strcasecmp(tmp, "permit") != 0) { DEBUG(0, ("Local ID provider does not support [%s] as an ACCESS provider.\n", tmp)); ret = EINVAL; goto done; } tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_DOMAIN_CHPASS_PROVIDER, NULL); if (tmp && strcasecmp(tmp, "local") != 0) { DEBUG(0, ("Local ID provider does not support [%s] as a CHPASS provider.\n", tmp)); ret = EINVAL; goto done; } /* The LOCAL provider use always Magic Private Groups */ domain->mpg = true; } domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_TIMEOUT, 0); /* Determine if this domain can be enumerated */ /* TEMP: test if the old bitfield conf value is used and warn it has been * superceeded. */ val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_ENUMERATE, 0); if (val > 0) { /* ok there was a number in here */ DEBUG(0, ("Warning: enumeration parameter in %s still uses integers! " "Enumeration is now a boolean and takes true/false values. " "Interpreting as true\n", domain->name)); domain->enumerate = true; } else { /* assume the new format */ ret = get_entry_as_bool(res->msgs[0], &domain->enumerate, CONFDB_DOMAIN_ENUMERATE, 0); if(ret != EOK) { DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE)); goto done; } } if (!domain->enumerate) { DEBUG(SSSDBG_TRACE_FUNC, ("No enumeration for [%s]!\n", domain->name)); } /* Determine if user/group names will be Fully Qualified * in NSS interfaces */ ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_DOMAIN_FQ, 0); if(ret != EOK) { DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_FQ)); goto done; } ret = get_entry_as_bool(res->msgs[0], &domain->ignore_group_members, CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS, 0); if(ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid value for %s\n", CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS)); goto done; } ret = get_entry_as_uint32(res->msgs[0], &domain->id_min, CONFDB_DOMAIN_MINID, confdb_get_min_id(domain)); if (ret != EOK) { DEBUG(0, ("Invalid value for minId\n")); ret = EINVAL; goto done; } ret = get_entry_as_uint32(res->msgs[0], &domain->id_max, CONFDB_DOMAIN_MAXID, 0); if (ret != EOK) { DEBUG(0, ("Invalid value for maxId\n")); ret = EINVAL; goto done; } if (domain->id_max && (domain->id_max < domain->id_min)) { DEBUG(0, ("Invalid domain range\n")); ret = EINVAL; goto done; } /* Do we allow to cache credentials */ ret = get_entry_as_bool(res->msgs[0], &domain->cache_credentials, CONFDB_DOMAIN_CACHE_CREDS, 0); if(ret != EOK) { DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_CACHE_CREDS)); goto done; } ret = get_entry_as_bool(res->msgs[0], &domain->legacy_passwords, CONFDB_DOMAIN_LEGACY_PASS, 0); if(ret != EOK) { DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS)); goto done; } /* Get the global entry cache timeout setting */ ret = get_entry_as_uint32(res->msgs[0], &entry_cache_timeout, CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 5400); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid value for [%s]\n", CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT)); goto done; } /* Override the user cache timeout, if specified */ ret = get_entry_as_uint32(res->msgs[0], &domain->user_timeout, CONFDB_DOMAIN_USER_CACHE_TIMEOUT, entry_cache_timeout); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid value for [%s]\n", CONFDB_DOMAIN_USER_CACHE_TIMEOUT)); goto done; } /* Override the group cache timeout, if specified */ ret = get_entry_as_uint32(res->msgs[0], &domain->group_timeout, CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT, entry_cache_timeout); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid value for [%s]\n", CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT)); goto done; } /* Override the netgroup cache timeout, if specified */ ret = get_entry_as_uint32(res->msgs[0], &domain->netgroup_timeout, CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT, entry_cache_timeout); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid value for [%s]\n", CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT)); goto done; } /* Override the service cache timeout, if specified */ ret = get_entry_as_uint32(res->msgs[0], &domain->service_timeout, CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT, entry_cache_timeout); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid value for [%s]\n", CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT)); goto done; } /* Override the autofs cache timeout, if specified */ ret = get_entry_as_uint32(res->msgs[0], &domain->autofsmap_timeout, CONFDB_DOMAIN_AUTOFS_CACHE_TIMEOUT, entry_cache_timeout); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid value for [%s]\n", CONFDB_DOMAIN_AUTOFS_CACHE_TIMEOUT)); goto done; } /* Override the sudo cache timeout, if specified */ ret = get_entry_as_uint32(res->msgs[0], &domain->sudo_timeout, CONFDB_DOMAIN_SUDO_CACHE_TIMEOUT, entry_cache_timeout); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid value for [%s]\n", CONFDB_DOMAIN_SUDO_CACHE_TIMEOUT)); goto done; } /* Set refresh_expired_interval, if specified */ ret = get_entry_as_uint32(res->msgs[0], &domain->refresh_expired_interval, CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL, 0); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid value for [%s]\n", CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL)); goto done; } /* Set the PAM warning time, if specified. If not specified, pass on * the "not set" value of "-1" which means "use provider default". The * value 0 means "always display the warning if server sends one" */ domain->pwd_expiration_warning = -1; val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_PWD_EXPIRATION_WARNING, -1); if (val == -1) { ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_PWD_EXPIRATION_WARNING, -1, &val); if (ret != EOK) { DEBUG(1, ("Failed to read PAM expiration warning, not fatal.\n")); val = -1; } } DEBUG(SSSDBG_TRACE_LIBS, ("pwd_expiration_warning is %d\n", val)); if (val >= 0) { DEBUG(SSSDBG_CONF_SETTINGS, ("Setting domain password expiration warning to %d days\n", val)); /* The value is in days, transform it to seconds */ domain->pwd_expiration_warning = val * 24 * 3600; } ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid, CONFDB_DOMAIN_OVERRIDE_GID, 0); if (ret != EOK) { DEBUG(0, ("Invalid value for [%s]\n", CONFDB_DOMAIN_OVERRIDE_GID)); goto done; } tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_NSS_OVERRIDE_HOMEDIR, NULL); if (tmp != NULL) { domain->override_homedir = talloc_strdup(domain, tmp); if (!domain->override_homedir) { ret = ENOMEM; goto done; } } tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_NSS_FALLBACK_HOMEDIR, NULL); if (tmp != NULL) { domain->fallback_homedir = talloc_strdup(domain, tmp); if (!domain->fallback_homedir) { ret = ENOMEM; goto done; } } tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_DOMAIN_SUBDOMAIN_HOMEDIR, CONFDB_DOMAIN_DEFAULT_SUBDOMAIN_HOMEDIR); if (tmp != NULL) { domain->subdomain_homedir = talloc_strdup(domain, tmp); if (!domain->subdomain_homedir) { ret = ENOMEM; goto done; } } tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_NSS_OVERRIDE_SHELL, NULL); if (tmp != NULL) { domain->override_shell = talloc_strdup(domain, tmp); if (!domain->override_shell) { ret = ENOMEM; goto done; } } tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_NSS_DEFAULT_SHELL, NULL); if (tmp != NULL) { domain->default_shell = talloc_strdup(domain, tmp); if (!domain->default_shell) { ret = ENOMEM; goto done; } } ret = get_entry_as_bool(res->msgs[0], &domain->case_sensitive, CONFDB_DOMAIN_CASE_SENSITIVE, true); if(ret != EOK) { DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_CASE_SENSITIVE)); goto done; } if (domain->case_sensitive == false && strcasecmp(domain->provider, "local") == 0) { DEBUG(SSSDBG_FATAL_FAILURE, ("Local ID provider does not support the case insensitive flag\n")); ret = EINVAL; goto done; } tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_SUBDOMAIN_ENUMERATE, CONFDB_DEFAULT_SUBDOMAIN_ENUMERATE); if (tmp != NULL) { ret = split_on_separator(domain, tmp, ',', true, true, &domain->sd_enumerate, NULL); if (ret != 0) { DEBUG(SSSDBG_FATAL_FAILURE, ("Cannot parse %s\n", CONFDB_SUBDOMAIN_ENUMERATE)); goto done; } } ret = get_entry_as_uint32(res->msgs[0], &domain->subdomain_refresh_interval, CONFDB_DOMAIN_SUBDOMAIN_REFRESH, 14400); if (ret != EOK || domain->subdomain_refresh_interval == 0) { DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid value for [%s]\n", CONFDB_DOMAIN_SUBDOMAIN_REFRESH)); goto done; } *_domain = domain; ret = EOK; done: talloc_free(tmp_ctx); return ret; } int confdb_get_domains(struct confdb_ctx *cdb, struct sss_domain_info **domains) { TALLOC_CTX *tmp_ctx; struct sss_domain_info *domain = NULL; char **domlist; int ret, i; if (cdb->doms) { *domains = cdb->doms; return EOK; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; ret = confdb_get_string_as_list(cdb, tmp_ctx, CONFDB_MONITOR_CONF_ENTRY, CONFDB_MONITOR_ACTIVE_DOMAINS, &domlist); if (ret == ENOENT) { DEBUG(0, ("No domains configured, fatal error!\n")); goto done; } if (ret != EOK ) { DEBUG(0, ("Fatal error retrieving domains list!\n")); goto done; } for (i = 0; domlist[i]; i++) { ret = confdb_get_domain_internal(cdb, cdb, domlist[i], &domain); if (ret) { DEBUG(0, ("Error (%d [%s]) retrieving domain [%s], skipping!\n", ret, strerror(ret), domlist[i])); continue; } DLIST_ADD_END(cdb->doms, domain, struct sss_domain_info *); } if (cdb->doms == NULL) { DEBUG(0, ("No properly configured domains, fatal error!\n")); ret = ENOENT; goto done; } *domains = cdb->doms; ret = EOK; done: talloc_free(tmp_ctx); return ret; } int confdb_get_domain(struct confdb_ctx *cdb, const char *name, struct sss_domain_info **_domain) { struct sss_domain_info *dom, *doms; int ret; ret = confdb_get_domains(cdb, &doms); if (ret != EOK) { return ret; } for (dom = doms; dom; dom = get_next_domain(dom, false)) { if (strcasecmp(dom->name, name) == 0) { *_domain = dom; return EOK; } } return ENOENT; } sssd-1.11.5/src/confdb/PaxHeaders.13173/confdb_setup.h0000644000000000000000000000007412320753107020421 xustar000000000000000030 atime=1396954939.252891441 30 ctime=1396954961.461875093 sssd-1.11.5/src/confdb/confdb_setup.h0000664002412700241270000000274612320753107020654 0ustar00jhrozekjhrozek00000000000000/* SSSD Configuration Database Copyright (C) Stephen Gallagher 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef CONFDB_SETUP_H_ #define CONFDB_SETUP_H_ #define CONFDB_VERSION "2" #define CONFDB_VERSION_INT 2 #define CONFDB_BASE_LDIF \ "dn: @ATTRIBUTES\n" \ "cn: CASE_INSENSITIVE\n" \ "dc: CASE_INSENSITIVE\n" \ "dn: CASE_INSENSITIVE\n" \ "name: CASE_INSENSITIVE\n" \ "objectclass: CASE_INSENSITIVE\n" \ "\n" \ "dn: @INDEXLIST\n" \ "@IDXATTR: cn\n" \ "\n" \ "dn: @MODULES\n" \ "@LIST: server_sort\n" \ "\n" #define CONFDB_INTERNAL_LDIF \ "dn: cn=config\n" \ "version: "CONFDB_VERSION"\n" \ "\n" int confdb_create_base(struct confdb_ctx *cdb); int confdb_test(struct confdb_ctx *cdb); int confdb_init_db(const char *config_file, struct confdb_ctx *cdb); #endif /* CONFDB_SETUP_H_ */ sssd-1.11.5/src/confdb/PaxHeaders.13173/confdb.h0000644000000000000000000000007412320753107017201 xustar000000000000000030 atime=1396954939.252891441 30 ctime=1396954961.459875095 sssd-1.11.5/src/confdb/confdb.h0000664002412700241270000004540412320753107017432 0ustar00jhrozekjhrozek00000000000000/* SSSD NSS Configuratoin DB Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _CONF_DB_H #define _CONF_DB_H #include #include "talloc.h" #include "tevent.h" #include "ldb.h" #include "ldb_errors.h" #include "config.h" /** * @defgroup sss_confdb The ConfDB API * The ConfDB is an interface for data providers to * access the configuration information provided in * the sssd.conf * @{ */ #define CONFDB_FILE "config.ldb" #define CONFDB_DEFAULT_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf" #define SSSD_MIN_ID 1 #define SSSD_LOCAL_MINID 1000 #define CONFDB_DEFAULT_SHELL_FALLBACK "/bin/sh" /* Configuration options */ /* Services */ #define CONFDB_SERVICE_PATH_TMPL "config/%s" #define CONFDB_SERVICE_COMMAND "command" #define CONFDB_SERVICE_DEBUG_LEVEL "debug_level" #define CONFDB_SERVICE_DEBUG_TIMESTAMPS "debug_timestamps" #define CONFDB_SERVICE_DEBUG_MICROSECONDS "debug_microseconds" #define CONFDB_SERVICE_DEBUG_TO_FILES "debug_to_files" #define CONFDB_SERVICE_TIMEOUT "timeout" #define CONFDB_SERVICE_FORCE_TIMEOUT "force_timeout" #define CONFDB_SERVICE_RECON_RETRIES "reconnection_retries" #define CONFDB_SERVICE_FD_LIMIT "fd_limit" #define CONFDB_SERVICE_ALLOWED_UIDS "allowed_uids" /* Monitor */ #define CONFDB_MONITOR_CONF_ENTRY "config/sssd" #define CONFDB_MONITOR_SBUS_TIMEOUT "sbus_timeout" #define CONFDB_MONITOR_ACTIVE_SERVICES "services" #define CONFDB_MONITOR_ACTIVE_DOMAINS "domains" #define CONFDB_MONITOR_TRY_INOTIFY "try_inotify" #define CONFDB_MONITOR_KRB5_RCACHEDIR "krb5_rcache_dir" #define CONFDB_MONITOR_DEFAULT_DOMAIN "default_domain_suffix" /* Both monitor and domains */ #define CONFDB_NAME_REGEX "re_expression" #define CONFDB_FULL_NAME_FORMAT "full_name_format" #define CONFDB_DEFAULT_FULL_NAME_FORMAT_INTERNAL "%1$s@%2$s%3$s" #define CONFDB_DEFAULT_FULL_NAME_FORMAT "%1$s@%2$s" /* Responders */ #define CONFDB_RESPONDER_GET_DOMAINS_TIMEOUT "get_domains_timeout" #define CONFDB_RESPONDER_CLI_IDLE_TIMEOUT "client_idle_timeout" #define CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT 60 /* NSS */ #define CONFDB_NSS_CONF_ENTRY "config/nss" #define CONFDB_NSS_ENUM_CACHE_TIMEOUT "enum_cache_timeout" #define CONFDB_NSS_ENTRY_CACHE_NOWAIT_PERCENTAGE "entry_cache_nowait_percentage" #define CONFDB_NSS_ENTRY_NEG_TIMEOUT "entry_negative_timeout" #define CONFDB_NSS_FILTER_USERS_IN_GROUPS "filter_users_in_groups" #define CONFDB_NSS_FILTER_USERS "filter_users" #define CONFDB_NSS_FILTER_GROUPS "filter_groups" #define CONFDB_NSS_PWFIELD "pwfield" #define CONFDB_NSS_OVERRIDE_HOMEDIR "override_homedir" #define CONFDB_NSS_FALLBACK_HOMEDIR "fallback_homedir" #define CONFDB_NSS_OVERRIDE_SHELL "override_shell" #define CONFDB_NSS_VETOED_SHELL "vetoed_shells" #define CONFDB_NSS_ALLOWED_SHELL "allowed_shells" #define CONFDB_NSS_SHELL_FALLBACK "shell_fallback" #define CONFDB_NSS_DEFAULT_SHELL "default_shell" #define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout" /* PAM */ #define CONFDB_PAM_CONF_ENTRY "config/pam" #define CONFDB_PAM_CRED_TIMEOUT "offline_credentials_expiration" #define CONFDB_PAM_FAILED_LOGIN_ATTEMPTS "offline_failed_login_attempts" #define CONFDB_DEFAULT_PAM_FAILED_LOGIN_ATTEMPTS 0 #define CONFDB_PAM_FAILED_LOGIN_DELAY "offline_failed_login_delay" #define CONFDB_DEFAULT_PAM_FAILED_LOGIN_DELAY 5 #define CONFDB_PAM_VERBOSITY "pam_verbosity" #define CONFDB_PAM_ID_TIMEOUT "pam_id_timeout" #define CONFDB_PAM_PWD_EXPIRATION_WARNING "pam_pwd_expiration_warning" /* SUDO */ #define CONFDB_SUDO_CONF_ENTRY "config/sudo" #define CONFDB_SUDO_CACHE_TIMEOUT "sudo_cache_timeout" #define CONFDB_DEFAULT_SUDO_CACHE_TIMEOUT 180 #define CONFDB_SUDO_TIMED "sudo_timed" #define CONFDB_DEFAULT_SUDO_TIMED false /* autofs */ #define CONFDB_AUTOFS_CONF_ENTRY "config/autofs" #define CONFDB_AUTOFS_MAP_NEG_TIMEOUT "autofs_negative_timeout" /* SSH */ #define CONFDB_SSH_CONF_ENTRY "config/ssh" #define CONFDB_SSH_HASH_KNOWN_HOSTS "ssh_hash_known_hosts" #define CONFDB_DEFAULT_SSH_HASH_KNOWN_HOSTS true #define CONFDB_SSH_KNOWN_HOSTS_TIMEOUT "ssh_known_hosts_timeout" #define CONFDB_DEFAULT_SSH_KNOWN_HOSTS_TIMEOUT 180 /* PAC */ #define CONFDB_PAC_CONF_ENTRY "config/pac" /* Data Provider */ #define CONFDB_DP_CONF_ENTRY "config/dp" /* Domains */ #define CONFDB_DOMAIN_PATH_TMPL "config/domain/%s" #define CONFDB_DOMAIN_BASEDN "cn=domain,cn=config" #define CONFDB_DOMAIN_ID_PROVIDER "id_provider" #define CONFDB_DOMAIN_AUTH_PROVIDER "auth_provider" #define CONFDB_DOMAIN_ACCESS_PROVIDER "access_provider" #define CONFDB_DOMAIN_CHPASS_PROVIDER "chpass_provider" #define CONFDB_DOMAIN_SUDO_PROVIDER "sudo_provider" #define CONFDB_DOMAIN_AUTOFS_PROVIDER "autofs_provider" #define CONFDB_DOMAIN_SELINUX_PROVIDER "selinux_provider" #define CONFDB_DOMAIN_HOSTID_PROVIDER "hostid_provider" #define CONFDB_DOMAIN_SUBDOMAINS_PROVIDER "subdomains_provider" #define CONFDB_DOMAIN_COMMAND "command" #define CONFDB_DOMAIN_TIMEOUT "timeout" #define CONFDB_DOMAIN_ATTR "cn" #define CONFDB_DOMAIN_ENUMERATE "enumerate" #define CONFDB_SUBDOMAIN_ENUMERATE "subdomain_enumerate" #define CONFDB_DEFAULT_SUBDOMAIN_ENUMERATE "none" #define CONFDB_DOMAIN_MINID "min_id" #define CONFDB_DOMAIN_MAXID "max_id" #define CONFDB_DOMAIN_CACHE_CREDS "cache_credentials" #define CONFDB_DOMAIN_LEGACY_PASS "store_legacy_passwords" #define CONFDB_DOMAIN_MPG "magic_private_groups" #define CONFDB_DOMAIN_FQ "use_fully_qualified_names" #define CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT "entry_cache_timeout" #define CONFDB_DOMAIN_ACCOUNT_CACHE_EXPIRATION "account_cache_expiration" #define CONFDB_DOMAIN_OVERRIDE_GID "override_gid" #define CONFDB_DOMAIN_CASE_SENSITIVE "case_sensitive" #define CONFDB_DOMAIN_SUBDOMAIN_HOMEDIR "subdomain_homedir" #define CONFDB_DOMAIN_DEFAULT_SUBDOMAIN_HOMEDIR "/home/%d/%u" #define CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS "ignore_group_members" #define CONFDB_DOMAIN_SUBDOMAIN_REFRESH "subdomain_refresh_interval" #define CONFDB_DOMAIN_USER_CACHE_TIMEOUT "entry_cache_user_timeout" #define CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT "entry_cache_group_timeout" #define CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT "entry_cache_netgroup_timeout" #define CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT "entry_cache_service_timeout" #define CONFDB_DOMAIN_AUTOFS_CACHE_TIMEOUT "entry_cache_autofs_timeout" #define CONFDB_DOMAIN_SUDO_CACHE_TIMEOUT "entry_cache_sudo_timeout" #define CONFDB_DOMAIN_PWD_EXPIRATION_WARNING "pwd_expiration_warning" #define CONFDB_DOMAIN_REFRESH_EXPIRED_INTERVAL "refresh_expired_interval" /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" #define CONFDB_LOCAL_DEFAULT_BASEDIR "base_directory" #define CONFDB_LOCAL_CREATE_HOMEDIR "create_homedir" #define CONFDB_LOCAL_REMOVE_HOMEDIR "remove_homedir" #define CONFDB_LOCAL_UMASK "homedir_umask" #define CONFDB_LOCAL_SKEL_DIR "skel_dir" #define CONFDB_LOCAL_MAIL_DIR "mail_dir" #define CONFDB_LOCAL_USERDEL_CMD "userdel_cmd" /* Proxy Provider */ #define CONFDB_PROXY_LIBNAME "proxy_lib_name" #define CONFDB_PROXY_PAM_TARGET "proxy_pam_target" #define CONFDB_PROXY_FAST_ALIAS "proxy_fast_alias" struct confdb_ctx; struct config_file_ctx; /** * Data structure storing all of the basic features * of a domain. */ struct sss_domain_info { char *name; char *conn_name; char *provider; int timeout; bool enumerate; char **sd_enumerate; bool fqnames; bool mpg; bool ignore_group_members; uint32_t id_min; uint32_t id_max; bool cache_credentials; bool legacy_passwords; bool case_sensitive; gid_t override_gid; const char *override_homedir; const char *fallback_homedir; const char *subdomain_homedir; const char *override_shell; const char *default_shell; uint32_t user_timeout; uint32_t group_timeout; uint32_t netgroup_timeout; uint32_t service_timeout; uint32_t autofsmap_timeout; uint32_t sudo_timeout; uint32_t refresh_expired_interval; uint32_t subdomain_refresh_interval; int pwd_expiration_warning; struct sysdb_ctx *sysdb; struct sss_names_ctx *names; struct sss_domain_info *parent; struct sss_domain_info *subdomains; char *realm; char *flat_name; char *domain_id; char *forest; struct timeval subdomains_last_checked; struct sss_domain_info *prev; struct sss_domain_info *next; bool disabled; }; /** * Initialize the connection to the ConfDB * * @param[in] mem_ctx The parent memory context for the confdb_ctx * @param[out] cdb_ctx The newly-created connection object * @param[in] confdb_location The absolute path to the ConfDB file on the * filesystem * * @return 0 - Connection succeeded and cdb_ctx was populated * @return ENOMEM - There was not enough memory to create the cdb_ctx * @return EIO - There was an I/O error communicating with the ConfDB file */ int confdb_init(TALLOC_CTX *mem_ctx, struct confdb_ctx **cdb_ctx, const char *confdb_location); /** * Get a domain object for the named domain * * @param[in] cdb The connection object to the confdb * @param[in] name The name of the domain to retrieve * @param[out] domain A pointer to a domain object for the domain given by * name * * @return 0 - Lookup succeeded and domain was populated * @return ENOMEM - There was insufficient memory to complete the operation * @return ENOENT - The named domain does not exist or is not set active */ int confdb_get_domain(struct confdb_ctx *cdb, const char *name, struct sss_domain_info **domain); /** * Get a null-terminated linked-list of active domain objects * @param[in] cdb The connection object to the confdb * @param[out] domains A pointer to the first entry of a linked-list of domain * objects * * @return 0 - Lookup succeeded and all active domains are in the list * @return ENOMEM - There was insufficient memory to complete the operation * @return ENOENT - No active domains are configured */ int confdb_get_domains(struct confdb_ctx *cdb, struct sss_domain_info **domains); /** * @brief Add an arbitrary parameter to the confdb. * * This is mostly useful * for testing, as they will not persist between SSSD restarts. For * persistence, make changes to the sssd.conf file. * * @param[in] cdb The connection object to the confdb * @param[in] replace If replace is set to true, pre-existing values will be * overwritten. * If it is false, the provided values will be added to the * attribute. * @param[in] section The ConfDB section to update. This is constructed from * the format of the sssd.conf file. All sections start * with 'config/'. Subsections are separated by slashes. * e.g. [domain/LDAP] in sssd.conf would translate to * config/domain/LDAP * @param[in] attribute The name of the attribute to update * @param[in] values A null-terminated array of values to add to the attribute * * @return 0 - Successfully added the provided value(s) * @return ENOMEM - There was insufficient memory to complete the operation * @return EINVAL - The section could not be parsed * @return EIO - An I/O error occurred communicating with the ConfDB */ int confdb_add_param(struct confdb_ctx *cdb, bool replace, const char *section, const char *attribute, const char **values); /** * @brief Retrieve all values for an attribute * * @param[in] cdb The connection object to the confdb * @param[in] mem_ctx The parent memory context for the value list * @param[in] section The ConfDB section to update. This is constructed from * the format of the sssd.conf file. All sections start * with 'config/'. Subsections are separated by slashes. * e.g. [domain/LDAP] in sssd.conf would translate to * config/domain/LDAP * @param[in] attribute The name of the attribute to update * @param[out] values A null-terminated array of cstrings containing all * values for this attribute * * @return 0 - Successfully retrieved the value(s) * @return ENOMEM - There was insufficient memory to complete the operation * @return EINVAL - The section could not be parsed * @return EIO - An I/O error occurred while communicating with the ConfDB */ int confdb_get_param(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx, const char *section, const char *attribute, char ***values); /** * @brief Convenience function to retrieve a single-valued attribute as a * string * * @param[in] cdb The connection object to the confdb * @param[in] ctx The parent memory context for the returned string * @param[in] section The ConfDB section to update. This is constructed from * the format of the sssd.conf file. All sections start * with 'config/'. Subsections are separated by slashes. * e.g. [domain/LDAP] in sssd.conf would translate to * config/domain/LDAP * @param[in] attribute The name of the attribute to update * @param[in] defstr If not NULL, the string to use if the attribute does not * exist in the ConfDB * @param[out] result A pointer to the retrieved (or default) string * * @return 0 - Successfully retrieved the entry (or used the default) * @return ENOMEM - There was insufficient memory to complete the operation * @return EINVAL - The section could not be parsed, or the attribute was not * single-valued. * @return EIO - An I/O error occurred while communicating with the ConfDB */ int confdb_get_string(struct confdb_ctx *cdb, TALLOC_CTX *ctx, const char *section, const char *attribute, const char *defstr, char **result); /** * @brief Convenience function to retrieve a single-valued attribute as an * integer * * @param[in] cdb The connection object to the confdb * @param[in] section The ConfDB section to update. This is constructed from * the format of the sssd.conf file. All sections start * with 'config/'. Subsections are separated by slashes. * e.g. [domain/LDAP] in sssd.conf would translate to * config/domain/LDAP * @param[in] attribute The name of the attribute to update * @param[in] defval If not NULL, the integer to use if the attribute does not * exist in the ConfDB * @param[out] result A pointer to the retrieved (or default) integer * * @return 0 - Successfully retrieved the entry (or used the default) * @return ENOMEM - There was insufficient memory to complete the operation * @return EINVAL - The section could not be parsed, or the attribute was not * single-valued. * @return EIO - An I/O error occurred while communicating with the ConfDB * @return ERANGE - The value stored in the ConfDB was outside the range * [INT_MIN..INT_MAX] */ int confdb_get_int(struct confdb_ctx *cdb, const char *section, const char *attribute, int defval, int *result); /** * @brief Convenience function to retrieve a single-valued attribute as a * boolean * * This function will read (in a case-insensitive manner) a "true" or "false" * value from the ConfDB and convert it to an integral bool value. * * @param[in] cdb The connection object to the confdb * @param[in] section The ConfDB section to update. This is constructed from * the format of the sssd.conf file. All sections start * with 'config/'. Subsections are separated by slashes. * e.g. [domain/LDAP] in sssd.conf would translate to * config/domain/LDAP * @param[in] attribute The name of the attribute to update * @param[in] defval If not NULL, the boolean state to use if the attribute * does not exist in the ConfDB * @param[out] result A pointer to the retrieved (or default) bool * * @return 0 - Successfully retrieved the entry (or used the default) * @return ENOMEM - There was insufficient memory to complete the operation * @return EINVAL - The section could not be parsed, the attribute was not * single-valued, or the value was not a boolean. * @return EIO - An I/O error occurred while communicating with the ConfDB */ int confdb_get_bool(struct confdb_ctx *cdb, const char *section, const char *attribute, bool defval, bool *result); int confdb_set_bool(struct confdb_ctx *cdb, const char *section, const char *attribute, bool val); /** * @brief Convenience function to retrieve a single-valued attribute as a * null-terminated array of strings * * This function will automatically split a comma-separated string in an * attribute into a null-terminated array of strings. This is useful for * storing and retrieving ordered lists, as ConfDB multivalued attributes do * not guarantee retrieval order. * * @param[in] cdb The connection object to the confdb * @param[in] ctx The parent memory context for the returned string * @param[in] section The ConfDB section to update. This is constructed from * the format of the sssd.conf file. All sections start * with 'config/'. Subsections are separated by slashes. * e.g. [domain/LDAP] in sssd.conf would translate to * config/domain/LDAP * @param[in] attribute The name of the attribute to update * @param[out] result A pointer to the retrieved array of strings * * @return 0 - Successfully retrieved the entry (or used the default) * @return ENOMEM - There was insufficient memory to complete the operation * @return EINVAL - The section could not be parsed, or the attribute was not * single-valued. * @return ENOENT - The attribute was not found. * @return EIO - An I/O error occurred while communicating with the ConfDB */ int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx, const char *section, const char *attribute, char ***result); /** * @} */ #endif sssd-1.11.5/src/confdb/PaxHeaders.13173/confdb_setup.c0000644000000000000000000000007412320753107020414 xustar000000000000000030 atime=1396954939.252891441 30 ctime=1396954961.758874874 sssd-1.11.5/src/confdb/confdb_setup.c0000664002412700241270000002172312320753107020643 0ustar00jhrozekjhrozek00000000000000/* SSSD Configuration Database Copyright (C) Stephen Gallagher 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include #include "util/util.h" #include "db/sysdb.h" #include "confdb.h" #include "confdb_private.h" #include "confdb_setup.h" #include "util/sss_ini.h" int confdb_test(struct confdb_ctx *cdb) { char **values; int ret; ret = confdb_get_param(cdb, cdb, "config", "version", &values); if (ret != EOK) { return ret; } if (values[0] == NULL) { /* empty database, will need to init */ talloc_free(values); return ENOENT; } if (values[1] != NULL) { /* more than 1 value ?? */ talloc_free(values); return EIO; } if (strcmp(values[0], CONFDB_VERSION) != 0) { /* Existing version does not match executable version */ DEBUG(1, ("Upgrading confdb version from %s to %s\n", values[0], CONFDB_VERSION)); /* This is recoverable, since we purge the confdb file * when we re-initialize it. */ talloc_free(values); return ENOENT; } talloc_free(values); return EOK; } static int confdb_purge(struct confdb_ctx *cdb) { int ret, i; TALLOC_CTX *tmp_ctx; struct ldb_result *res; struct ldb_dn *dn; const char *attrs[] = { "dn", NULL }; tmp_ctx = talloc_new(NULL); dn = ldb_dn_new(tmp_ctx, cdb->ldb, "cn=config"); /* Get the list of all DNs */ ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE, attrs, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } for(i=0; icount; i++) { /* Delete this DN */ ret = ldb_delete(cdb->ldb, res->msgs[i]->dn); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } } done: talloc_free(tmp_ctx); return ret; } int confdb_create_base(struct confdb_ctx *cdb) { int ret; struct ldb_ldif *ldif; const char *base_ldif = CONFDB_BASE_LDIF; while ((ldif = ldb_ldif_read_string(cdb->ldb, &base_ldif))) { ret = ldb_add(cdb->ldb, ldif->msg); if (ret != LDB_SUCCESS) { DEBUG(0, ("Failed to initialize DB (%d,[%s]), aborting!\n", ret, ldb_errstring(cdb->ldb))); return EIO; } ldb_ldif_read_free(cdb->ldb, ldif); } return EOK; } int confdb_init_db(const char *config_file, struct confdb_ctx *cdb) { TALLOC_CTX *tmp_ctx; int ret; int sret = EOK; int version; char timestr[21]; char *lasttimestr; bool in_transaction = false; const char *config_ldif; const char *vals[2] = { timestr, NULL }; struct ldb_ldif *ldif; struct sss_ini_initdata *init_data; tmp_ctx = talloc_new(cdb); if (tmp_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory.\n")); return ENOMEM; } init_data = sss_ini_initdata_init(tmp_ctx); if (!init_data) { DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory.\n")); ret = ENOMEM; goto done; } /* Open config file */ ret = sss_ini_config_file_open(init_data, config_file); if (ret != EOK) { DEBUG(SSSDBG_TRACE_FUNC, ("sss_ini_config_file_open failed: %s [%d]\n", strerror(ret), ret)); if (ret == ENOENT) { /* sss specific error denoting missing configuration file */ ret = ERR_MISSING_CONF; } goto done; } ret = sss_ini_config_access_check(init_data); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Permission check on config file failed.\n")); ret = EPERM; goto done; } /* Determine if the conf file has changed since we last updated * the confdb */ ret = sss_ini_get_stat(init_data); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Status check on config file failed.\n")); ret = errno; goto done; } errno = 0; ret = sss_ini_get_mtime(init_data, sizeof(timestr), timestr); if (ret <= 0 || ret >= sizeof(timestr)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to convert time_t to string ??\n")); ret = errno ? errno : EFAULT; } ret = confdb_get_string(cdb, tmp_ctx, "config", "lastUpdate", NULL, &lasttimestr); if (ret == EOK) { /* check if we lastUpdate and last file modification change differ*/ if ((lasttimestr != NULL) && (strcmp(lasttimestr, timestr) == 0)) { /* not changed, get out, nothing more to do */ ret = EOK; goto done; } } else { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to get lastUpdate attribute.\n")); goto done; } ret = sss_ini_get_config(init_data, config_file); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to load configuration\n")); goto done; } /* Make sure that the config file version matches the confdb version */ ret = sss_ini_get_cfgobj(init_data, "sssd", "config_file_version"); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Internal error determining config_file_version\n")); goto done; } ret = sss_ini_check_config_obj(init_data); if (ret != EOK) { /* No known version. Assumed to be version 1 */ DEBUG(SSSDBG_FATAL_FAILURE, ("Config file is an old version. " "Please run configuration upgrade script.\n")); ret = EINVAL; goto done; } version = sss_ini_get_int_config_value(init_data, 1, -1, &ret); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Config file version could not be determined\n")); goto done; } else if (version < CONFDB_VERSION_INT) { DEBUG(SSSDBG_FATAL_FAILURE, ("Config file is an old version. " "Please run configuration upgrade script.\n")); ret = EINVAL; goto done; } else if (version > CONFDB_VERSION_INT) { DEBUG(SSSDBG_FATAL_FAILURE, ("Config file version is newer than confdb\n")); ret = EINVAL; goto done; } /* Set up a transaction to replace the configuration */ ret = ldb_transaction_start(cdb->ldb); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to start a transaction for " "updating the configuration\n")); ret = sysdb_error_to_errno(ret); goto done; } in_transaction = true; /* Purge existing database */ ret = confdb_purge(cdb); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not purge existing configuration\n")); goto done; } ret = sss_confdb_create_ldif(tmp_ctx, init_data, &config_ldif); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not create LDIF for confdb\n")); goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("LDIF file to import: \n%s", config_ldif)); while ((ldif = ldb_ldif_read_string(cdb->ldb, &config_ldif))) { ret = ldb_add(cdb->ldb, ldif->msg); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to initialize DB (%d,[%s]), aborting!\n", ret, ldb_errstring(cdb->ldb))); ret = EIO; goto done; } ldb_ldif_read_free(cdb->ldb, ldif); } /* now store the lastUpdate time so that we do not re-init if nothing * changed on restart */ ret = confdb_add_param(cdb, true, "config", "lastUpdate", vals); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to set last update time on db!\n")); goto done; } ret = ldb_transaction_commit(cdb->ldb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { sret = ldb_transaction_cancel(cdb->ldb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n")); } } sss_ini_config_destroy(init_data); sss_ini_close_file(init_data); talloc_zfree(tmp_ctx); return ret; } sssd-1.11.5/src/PaxHeaders.13173/m40000644000000000000000000000007412320753107014605 xustar000000000000000030 atime=1396955003.534843847 30 ctime=1396954961.394875143 sssd-1.11.5/src/m4/0000775002412700241270000000000012320753107015104 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/m4/PaxHeaders.13173/.dir0000644000000000000000000000007412320753107015441 xustar000000000000000030 atime=1396954939.255891439 30 ctime=1396954961.394875143 sssd-1.11.5/src/m4/.dir0000664002412700241270000000000012320753107015651 0ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/PaxHeaders.13173/db0000644000000000000000000000013212320753521014645 xustar000000000000000030 mtime=1396954961.688874926 30 atime=1396955003.534843847 30 ctime=1396954961.688874926 sssd-1.11.5/src/db/0000775002412700241270000000000012320753521015151 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_ssh.c0000644000000000000000000000007312320753107017073 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.688874926 sssd-1.11.5/src/db/sysdb_ssh.c0000664002412700241270000002302112320753107017314 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "db/sysdb_ssh.h" #include "db/sysdb_private.h" static errno_t sysdb_update_ssh_host(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs) { errno_t ret; ret = sysdb_store_custom(sysdb, domain, name, SSH_HOSTS_SUBDIR, attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Error storing host %s [%d]: %s\n", name, ret, strerror(ret))); return ret; } return EOK; } errno_t sysdb_store_ssh_host(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *alias, time_t now, struct sysdb_attrs *attrs) { TALLOC_CTX *tmp_ctx; errno_t ret, sret; bool in_transaction = false; const char *search_attrs[] = { SYSDB_NAME_ALIAS, NULL }; bool new_alias; struct ldb_message *host = NULL; struct ldb_message_element *el; unsigned int i; DEBUG(SSSDBG_TRACE_FUNC, ("Storing host %s\n", name)); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; ret = sysdb_get_ssh_host(tmp_ctx, sysdb, domain, name, search_attrs, &host); if (ret != EOK && ret != ENOENT) { goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS, SYSDB_SSH_HOST_OC); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set object class [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set name attribute [%d]: %s\n", ret, strerror(ret))); goto done; } if (alias) { new_alias = true; /* copy aliases from the existing entry */ if (host) { el = ldb_msg_find_element(host, SYSDB_NAME_ALIAS); if (el) { for (i = 0; i < el->num_values; i++) { if (strcmp((char *)el->values[i].data, alias) == 0) { new_alias = false; } ret = sysdb_attrs_add_val(attrs, SYSDB_NAME_ALIAS, &el->values[i]); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add name alias %s [%d]: %s\n", el->values[i].data, ret, strerror(ret))); goto done; } } } } /* add alias only if it is not already present */ if (new_alias) { ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, alias); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not add name alias %s [%d]: %s\n", alias, ret, strerror(ret))); goto done; } } } /* make sure sshPublicKey is present when modifying an existing host */ if (host) { ret = sysdb_attrs_get_el(attrs, SYSDB_SSH_PUBKEY, &el); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get sysdb sshPublicKey [%d]: %s\n", ret, strerror(ret))); goto done; } } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set sysdb lastUpdate [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_update_ssh_host(sysdb, domain, name, attrs); if (ret != EOK) { goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } errno_t sysdb_update_ssh_known_host_expire(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, time_t now, int known_hosts_timeout) { TALLOC_CTX *tmp_ctx; errno_t ret; struct sysdb_attrs *attrs; DEBUG(SSSDBG_TRACE_FUNC, ("Updating known_hosts expire time of host %s\n", name)); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ret = ENOMEM; goto done; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_SSH_KNOWN_HOSTS_EXPIRE, now + known_hosts_timeout); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set known_hosts expire time [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_update_ssh_host(sysdb, domain, name, attrs); if (ret != EOK) { goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_delete_ssh_host(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name) { DEBUG(SSSDBG_TRACE_FUNC, ("Deleting host %s\n", name)); return sysdb_delete_custom(sysdb, domain, name, SSH_HOSTS_SUBDIR); } static errno_t sysdb_search_ssh_hosts(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *filter, const char **attrs, struct ldb_message ***hosts, size_t *num_hosts) { errno_t ret; TALLOC_CTX *tmp_ctx; struct ldb_message **results; size_t num_results; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, SSH_HOSTS_SUBDIR, attrs, &num_results, &results); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up host [%d]: %s\n", ret, strerror(ret))); goto done; } if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No such host\n")); *hosts = NULL; *num_hosts = 0; goto done; } *hosts = talloc_steal(mem_ctx, results); *num_hosts = num_results; ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_get_ssh_host(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **attrs, struct ldb_message **host) { TALLOC_CTX *tmp_ctx; errno_t ret; const char *filter; struct ldb_message **hosts; size_t num_hosts; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_NAME, name); if (!filter) { ret = ENOMEM; goto done; } ret = sysdb_search_ssh_hosts(tmp_ctx, sysdb, domain, filter, attrs, &hosts, &num_hosts); if (ret != EOK) { goto done; } if (num_hosts > 1) { ret = EINVAL; DEBUG(SSSDBG_CRIT_FAILURE, ("Found more than one host with name %s\n", name)); goto done; } *host = talloc_steal(mem_ctx, hosts[0]); ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_get_ssh_known_hosts(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, time_t now, const char **attrs, struct ldb_message ***hosts, size_t *num_hosts) { TALLOC_CTX *tmp_ctx; errno_t ret; const char *filter; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } filter = talloc_asprintf(tmp_ctx, "(%s>=%ld)", SYSDB_SSH_KNOWN_HOSTS_EXPIRE, (long)now); if (!filter) { ret = ENOMEM; goto done; } ret = sysdb_search_ssh_hosts(mem_ctx, sysdb, domain, filter, attrs, hosts, num_hosts); done: talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_sudo.c0000644000000000000000000000007312320753107017250 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.687874926 sssd-1.11.5/src/db/sysdb_sudo.c0000664002412700241270000005314612320753107017504 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #define _XOPEN_SOURCE #include #include #include "db/sysdb.h" #include "db/sysdb_private.h" #include "db/sysdb_sudo.h" #define NULL_CHECK(val, rval, label) do { \ if (!val) { \ rval = ENOMEM; \ goto label; \ } \ } while(0) /* ==================== Utility functions ==================== */ static errno_t sysdb_sudo_convert_time(const char *str, time_t *unix_time) { struct tm tm; char *tret = NULL; /* SUDO requires times to be in generalized time format: * YYYYMMDDHHMMSS[.|,fraction][(+|-HHMM)|Z] * * We need to use more format strings to parse this with strptime(). */ const char **format = NULL; const char *formats[] = {"%Y%m%d%H%M%SZ", /* 201212121300Z */ "%Y%m%d%H%M%S%z", /* 201212121300+-0200 */ "%Y%m%d%H%M%S.0Z", "%Y%m%d%H%M%S.0%z", "%Y%m%d%H%M%S,0Z", "%Y%m%d%H%M%S,0%z", NULL}; for (format = formats; *format != NULL; format++) { /* strptime() may leave some fields uninitialized */ memset(&tm, 0, sizeof(struct tm)); tret = strptime(str, *format, &tm); if (tret != NULL && *tret == '\0') { *unix_time = mktime(&tm); return EOK; } } return EINVAL; } static errno_t sysdb_sudo_check_time(struct sysdb_attrs *rule, time_t now, bool *result) { TALLOC_CTX *tmp_ctx = NULL; const char **values = NULL; const char *name = NULL; time_t notBefore = 0; time_t notAfter = 0; time_t converted; errno_t ret; int i; if (!result) return EINVAL; *result = false; tmp_ctx = talloc_new(NULL); NULL_CHECK(tmp_ctx, ret, done); ret = sysdb_attrs_get_string(rule, SYSDB_SUDO_CACHE_AT_CN, &name); if (ret == ENOENT) { name = ""; } else if(ret != EOK) { goto done; } /* * From man sudoers.ldap: * * If multiple sudoNotBefore entries are present, the *earliest* is used. * If multiple sudoNotAfter entries are present, the *last one* is used. * * From sudo sources, ldap.c: * If either the sudoNotAfter or sudoNotBefore attributes are missing, * no time restriction shall be imposed. */ /* check for sudoNotBefore */ ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTBEFORE, tmp_ctx, &values); if (ret == EOK) { for (i=0; values[i] ; i++) { ret = sysdb_sudo_convert_time(values[i], &converted); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", name)); goto done; } /* Grab the earliest */ if (!notBefore) { notBefore = converted; } else if (notBefore > converted) { notBefore = converted; } } } else if (ret != ENOENT) { goto done; } /* check for sudoNotAfter */ ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTAFTER, tmp_ctx, &values); if (ret == EOK) { for (i=0; values[i] ; i++) { ret = sysdb_sudo_convert_time(values[i], &converted); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", name)); goto done; } /* Grab the latest */ if (!notAfter) { notAfter = converted; } else if (notAfter < converted) { notAfter = converted; } } } else if (ret != ENOENT) { goto done; } if ((notBefore == 0 || now >= notBefore) && (notAfter == 0 || now <= notAfter)) { *result = true; } if (*result) { DEBUG(SSSDBG_TRACE_ALL, ("Rule [%s] matches time restrictions\n", name)); } else { DEBUG(SSSDBG_TRACE_ALL, ("Rule [%s] does not match time " "restrictions\n", name)); } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_sudo_filter_rules_by_time(TALLOC_CTX *mem_ctx, uint32_t in_num_rules, struct sysdb_attrs **in_rules, time_t now, uint32_t *_num_rules, struct sysdb_attrs ***_rules) { uint32_t num_rules = 0; struct sysdb_attrs **rules = NULL; TALLOC_CTX *tmp_ctx = NULL; bool allowed = false; errno_t ret; int i; tmp_ctx = talloc_new(NULL); NULL_CHECK(tmp_ctx, ret, done); if (now == 0) { now = time(NULL); } for (i = 0; i < in_num_rules; i++) { ret = sysdb_sudo_check_time(in_rules[i], now, &allowed); if (ret == EOK && allowed) { num_rules++; rules = talloc_realloc(tmp_ctx, rules, struct sysdb_attrs *, num_rules); NULL_CHECK(rules, ret, done); rules[num_rules - 1] = in_rules[i]; } } *_num_rules = num_rules; *_rules = talloc_steal(mem_ctx, rules); ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, uid_t uid, char **groupnames, unsigned int flags, char **_filter) { TALLOC_CTX *tmp_ctx = NULL; char *filter = NULL; char *specific_filter = NULL; time_t now; errno_t ret; int i; tmp_ctx = talloc_new(NULL); NULL_CHECK(tmp_ctx, ret, done); /* build specific filter */ specific_filter = talloc_zero(tmp_ctx, char); /* assign to tmp_ctx */ NULL_CHECK(specific_filter, ret, done); if (flags & SYSDB_SUDO_FILTER_INCLUDE_ALL) { specific_filter = talloc_asprintf_append(specific_filter, "(%s=ALL)", SYSDB_SUDO_CACHE_AT_USER); NULL_CHECK(specific_filter, ret, done); } if (flags & SYSDB_SUDO_FILTER_INCLUDE_DFL) { specific_filter = talloc_asprintf_append(specific_filter, "(%s=defaults)", SYSDB_NAME); NULL_CHECK(specific_filter, ret, done); } if ((flags & SYSDB_SUDO_FILTER_USERNAME) && (username != NULL)) { specific_filter = talloc_asprintf_append(specific_filter, "(%s=%s)", SYSDB_SUDO_CACHE_AT_USER, username); NULL_CHECK(specific_filter, ret, done); } if ((flags & SYSDB_SUDO_FILTER_UID) && (uid != 0)) { specific_filter = talloc_asprintf_append(specific_filter, "(%s=#%llu)", SYSDB_SUDO_CACHE_AT_USER, (unsigned long long) uid); NULL_CHECK(specific_filter, ret, done); } if ((flags & SYSDB_SUDO_FILTER_GROUPS) && (groupnames != NULL)) { for (i=0; groupnames[i] != NULL; i++) { specific_filter = talloc_asprintf_append(specific_filter, "(%s=%%%s)", SYSDB_SUDO_CACHE_AT_USER, groupnames[i]); NULL_CHECK(specific_filter, ret, done); } } if (flags & SYSDB_SUDO_FILTER_NGRS) { specific_filter = talloc_asprintf_append(specific_filter, "(%s=+*)", SYSDB_SUDO_CACHE_AT_USER); NULL_CHECK(specific_filter, ret, done); } /* build global filter */ filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)", SYSDB_OBJECTCLASS, SYSDB_SUDO_CACHE_OC); NULL_CHECK(filter, ret, done); if (specific_filter[0] != '\0') { filter = talloc_asprintf_append(filter, "(|%s)", specific_filter); NULL_CHECK(filter, ret, done); } if (flags & SYSDB_SUDO_FILTER_ONLY_EXPIRED) { now = time(NULL); filter = talloc_asprintf_append(filter, "(&(%s<=%lld))", SYSDB_CACHE_EXPIRE, (long long)now); NULL_CHECK(filter, ret, done); } filter = talloc_strdup_append(filter, ")"); NULL_CHECK(filter, ret, done); ret = EOK; *_filter = talloc_steal(mem_ctx, filter); done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *username, uid_t *_uid, char ***groupnames) { TALLOC_CTX *tmp_ctx; errno_t ret; struct ldb_message *msg; struct ldb_message *group_msg = NULL; char **sysdb_groupnames = NULL; const char *primary_group = NULL; struct ldb_message_element *groups; uid_t uid = 0; gid_t gid = 0; size_t num_groups = 0; int i; const char *attrs[] = { SYSDB_MEMBEROF, SYSDB_GIDNUM, SYSDB_UIDNUM, NULL }; const char *group_attrs[] = { SYSDB_NAME, NULL }; tmp_ctx = talloc_new(NULL); NULL_CHECK(tmp_ctx, ret, done); ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, username, attrs, &msg); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up user %s\n", username)); goto done; } if (_uid != NULL) { uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); if (!uid) { DEBUG(SSSDBG_CRIT_FAILURE, ("A user with no UID?\n")); ret = EIO; goto done; } } /* resolve secondary groups */ if (groupnames != NULL) { groups = ldb_msg_find_element(msg, SYSDB_MEMBEROF); if (!groups || groups->num_values == 0) { /* No groups for this user in sysdb currently */ sysdb_groupnames = NULL; num_groups = 0; } else { num_groups = groups->num_values; sysdb_groupnames = talloc_array(tmp_ctx, char *, num_groups + 1); NULL_CHECK(sysdb_groupnames, ret, done); /* Get a list of the groups by groupname only */ for (i = 0; i < groups->num_values; i++) { ret = sysdb_group_dn_name(sysdb, sysdb_groupnames, (const char *)groups->values[i].data, &sysdb_groupnames[i]); if (ret != EOK) { ret = ENOMEM; goto done; } } sysdb_groupnames[groups->num_values] = NULL; } } /* resolve primary group */ gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); if (gid != 0) { ret = sysdb_search_group_by_gid(tmp_ctx, sysdb, domain, gid, group_attrs, &group_msg); if (ret == EOK) { primary_group = ldb_msg_find_attr_as_string(group_msg, SYSDB_NAME, NULL); if (primary_group == NULL) { ret = ENOMEM; goto done; } num_groups++; sysdb_groupnames = talloc_realloc(tmp_ctx, sysdb_groupnames, char *, num_groups + 1); NULL_CHECK(sysdb_groupnames, ret, done); sysdb_groupnames[num_groups - 1] = talloc_strdup(sysdb_groupnames, primary_group); NULL_CHECK(sysdb_groupnames[num_groups - 1], ret, done); sysdb_groupnames[num_groups] = NULL; } else if (ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up group [%d]: %s\n", ret, strerror(ret))); goto done; } } ret = EOK; if (_uid != NULL) { *_uid = uid; } if (groupnames != NULL) { *groupnames = talloc_steal(mem_ctx, sysdb_groupnames); } done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_save_sudorule(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *attrs) { errno_t ret; DEBUG(SSSDBG_TRACE_FUNC, ("Adding sudo rule %s\n", rule_name)); ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS, SYSDB_SUDO_CACHE_OC); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set rule object class [%d]: %s\n", ret, strerror(ret))); return ret; } ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, rule_name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set name attribute [%d]: %s\n", ret, strerror(ret))); return ret; } ret = sysdb_store_custom(sysdb, domain, rule_name, SUDORULE_SUBDIR, attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_custom failed [%d]: %s\n", ret, strerror(ret))); return ret; } return EOK; } static errno_t sysdb_sudo_set_refresh_time(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *attr_name, time_t value) { TALLOC_CTX *tmp_ctx; struct ldb_dn *dn; struct ldb_message *msg = NULL; struct ldb_result *res = NULL; errno_t ret; int lret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE, SUDORULE_SUBDIR, domain->name); if (!dn) { ret = ENOMEM; goto done; } lret = ldb_search(sysdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } msg = ldb_msg_new(tmp_ctx); if (msg == NULL) { ret = ENOMEM; goto done; } msg->dn = dn; if (res->count == 0) { lret = ldb_msg_add_string(msg, "cn", SUDORULE_SUBDIR); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } } else if (res->count != 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Got more than one reply for base search!\n")); ret = EIO; goto done; } else { lret = ldb_msg_add_empty(msg, attr_name, LDB_FLAG_MOD_REPLACE, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } } lret = ldb_msg_add_fmt(msg, attr_name, "%lld", (long long)value); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } if (res->count) { lret = ldb_modify(sysdb->ldb, msg); } else { lret = ldb_add(sysdb->ldb, msg); } ret = sysdb_error_to_errno(lret); done: talloc_free(tmp_ctx); return ret; } static errno_t sysdb_sudo_get_refresh_time(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *attr_name, time_t *value) { TALLOC_CTX *tmp_ctx; struct ldb_dn *dn; struct ldb_result *res; errno_t ret; int lret; const char *attrs[2] = {attr_name, NULL}; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE, SUDORULE_SUBDIR, domain->name); if (!dn) { ret = ENOMEM; goto done; } lret = ldb_search(sysdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } if (res->count == 0) { /* This entry has not been populated in LDB * This is a common case, as unlike LDAP, * LDB does not need to have all of its parent * objects actually exist. */ *value = 0; ret = EOK; goto done; } else if (res->count != 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Got more than one reply for base search!\n")); ret = EIO; goto done; } *value = ldb_msg_find_attr_as_int(res->msgs[0], attr_name, 0); ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, time_t value) { return sysdb_sudo_set_refresh_time(sysdb, domain, SYSDB_SUDO_AT_LAST_FULL_REFRESH, value); } errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, time_t *value) { return sysdb_sudo_get_refresh_time(sysdb, domain, SYSDB_SUDO_AT_LAST_FULL_REFRESH, value); } /* ==================== Purge functions ==================== */ static errno_t sysdb_sudo_purge_all(struct sysdb_ctx *sysdb, struct sss_domain_info *domain) { struct ldb_dn *base_dn = NULL; TALLOC_CTX *tmp_ctx = NULL; errno_t ret; tmp_ctx = talloc_new(NULL); NULL_CHECK(tmp_ctx, ret, done); base_dn = sysdb_custom_subtree_dn(sysdb, tmp_ctx, domain, SUDORULE_SUBDIR); NULL_CHECK(base_dn, ret, done); ret = sysdb_delete_recursive(sysdb, base_dn, true); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_delete_recursive failed.\n")); goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_sudo_purge_byname(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Deleting sudo rule %s\n", name)); return sysdb_delete_custom(sysdb, domain, name, SUDORULE_SUBDIR); } errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *filter) { TALLOC_CTX *tmp_ctx; size_t count; struct ldb_message **msgs; const char *name; int i; errno_t ret; errno_t sret; bool in_transaction = false; const char *attrs[] = { SYSDB_OBJECTCLASS, SYSDB_NAME, SYSDB_SUDO_CACHE_AT_CN, NULL }; /* just purge all if there's no filter */ if (!filter) { return sysdb_sudo_purge_all(sysdb, domain); } tmp_ctx = talloc_new(NULL); NULL_CHECK(tmp_ctx, ret, done); /* match entries based on the filter and remove them one by one */ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, SUDORULE_SUBDIR, attrs, &count, &msgs); if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No rules matched\n")); ret = EOK; goto done; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up SUDO rules")); goto done; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; for (i = 0; i < count; i++) { name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL); if (name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("A rule without a name?\n")); /* skip this one but still delete other entries */ continue; } ret = sysdb_sudo_purge_byname(sysdb, domain, name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not delete rule %s\n", name)); goto done; } } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_autofs.c0000644000000000000000000000007312320753107017577 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.662874945 sssd-1.11.5/src/db/sysdb_autofs.c0000664002412700241270000003475612320753107020041 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "db/sysdb.h" #include "db/sysdb_private.h" #include "db/sysdb_autofs.h" #define SYSDB_TMPL_AUTOFS_ENTRY SYSDB_NAME"=%s,"SYSDB_TMPL_CUSTOM static struct ldb_dn * sysdb_autofsmap_dn(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *map_name) { return sysdb_custom_dn(sysdb, mem_ctx, domain, map_name, AUTOFS_MAP_SUBDIR); } static struct ldb_dn * sysdb_autofsentry_dn(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *map_name, const char *entry_name, const char *entry_value) { errno_t ret; TALLOC_CTX *tmp_ctx; char *clean_name; char *clean_value; const char *rdn; struct ldb_dn *dn = NULL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return NULL; } ret = sysdb_dn_sanitize(tmp_ctx, entry_name, &clean_name); if (ret != EOK) { goto done; } ret = sysdb_dn_sanitize(tmp_ctx, entry_value, &clean_value); if (ret != EOK) { goto done; } rdn = talloc_asprintf(tmp_ctx, "%s%s", clean_name, clean_value); if (!rdn) { goto done; } dn = ldb_dn_new_fmt(mem_ctx, sysdb->ldb, SYSDB_TMPL_AUTOFS_ENTRY, rdn, map_name, AUTOFS_MAP_SUBDIR, domain->name); done: talloc_free(tmp_ctx); return dn; } char * sysdb_autofsentry_strdn(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *map_name, const char *entry_name, const char *entry_value) { struct ldb_dn *dn; char *strdn; dn = sysdb_autofsentry_dn(mem_ctx, sysdb, domain, map_name, entry_name, entry_value); if (!dn) return NULL; strdn = talloc_strdup(mem_ctx, ldb_dn_get_linearized(dn)); talloc_free(dn); return strdn; } errno_t sysdb_save_autofsmap(struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *domain, const char *name, const char *autofsmapname, struct sysdb_attrs *attrs, int cache_timeout, time_t now) { errno_t ret; TALLOC_CTX *tmp_ctx; DEBUG(SSSDBG_TRACE_FUNC, ("Adding autofs map %s\n", autofsmapname)); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (!attrs) { attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ret = ENOMEM; goto done; } } ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS, SYSDB_AUTOFS_MAP_OC); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set map object class [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_AUTOFS_MAP_NAME, autofsmapname); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set map name [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set name attribute [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set sysdb lastUpdate [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, ((cache_timeout) ? (now + cache_timeout) : 0)); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set sysdb cache expire [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_store_custom(sysdb_ctx, domain, name, AUTOFS_MAP_SUBDIR, attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_custom failed [%d]: %s\n", ret, strerror(ret))); goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_delete_autofsmap(struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *domain, const char *name) { DEBUG(SSSDBG_TRACE_FUNC, ("Deleting autofs map %s\n", name)); return sysdb_delete_custom(sysdb_ctx, domain, name, AUTOFS_MAP_SUBDIR); } errno_t sysdb_get_map_byname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *map_name, struct ldb_message **_map) { errno_t ret; TALLOC_CTX *tmp_ctx; const char *filter; char *safe_map_name; size_t count; struct ldb_message **msgs; const char *attrs[] = { SYSDB_OBJECTCLASS, SYSDB_CACHE_EXPIRE, SYSDB_LAST_UPDATE, SYSDB_AUTOFS_MAP_NAME, SYSDB_MEMBER, NULL }; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; ret = sss_filter_sanitize(tmp_ctx, map_name, &safe_map_name); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot sanitize map [%s] error [%d]: %s\n", map_name, ret, strerror(ret))); goto done; } filter = talloc_asprintf(tmp_ctx, "(&(objectclass=%s)(%s=%s))", SYSDB_AUTOFS_MAP_OC, SYSDB_NAME, safe_map_name); if (!filter) { ret = ENOMEM; goto done; } ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, AUTOFS_MAP_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up autofs map [%s]", safe_map_name)); goto done; } else if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No such map\n")); *_map = NULL; goto done; } if (count != 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("More than one map named %s\n", safe_map_name)); goto done; } *_map = talloc_steal(mem_ctx, msgs[0]); ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_save_autofsentry(struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *domain, const char *map, const char *key, const char *value, struct sysdb_attrs *attrs) { errno_t ret; TALLOC_CTX *tmp_ctx; struct ldb_message *msg; struct ldb_dn *dn; const char *name; DEBUG(SSSDBG_TRACE_FUNC, ("Adding autofs entry [%s] - [%s]\n", key, value)); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (!attrs) { attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ret = ENOMEM; goto done; } } ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS, SYSDB_AUTOFS_ENTRY_OC); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set entry object class [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_AUTOFS_ENTRY_KEY, key); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set entry key [%d]: %s\n", ret, strerror(ret))); goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_AUTOFS_ENTRY_VALUE, value); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set entry key [%d]: %s\n", ret, strerror(ret))); goto done; } name = talloc_asprintf(tmp_ctx, "%s%s", key, value); if (!name) { ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set name attribute [%d]: %s\n", ret, strerror(ret))); goto done; } dn = sysdb_autofsentry_dn(tmp_ctx, sysdb_ctx, domain, map, key, value); if (!dn) { ret = ENOMEM; goto done; } msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = dn; msg->elements = attrs->a; msg->num_elements = attrs->num; ret = ldb_add(sysdb_ctx->ldb, msg); ret = sysdb_error_to_errno(ret); done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_del_autofsentry(struct sysdb_ctx *sysdb_ctx, const char *entry_dn) { struct ldb_dn *dn; errno_t ret; dn = ldb_dn_new(NULL, sysdb_ctx_get_ldb(sysdb_ctx), entry_dn); if (!dn) { return ENOMEM; } ret = sysdb_delete_entry(sysdb_ctx, dn, true); talloc_free(dn); return ret; } errno_t sysdb_autofs_entries_by_map(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *mapname, size_t *_count, struct ldb_message ***_entries) { errno_t ret; TALLOC_CTX *tmp_ctx; char *filter; const char *attrs[] = { SYSDB_AUTOFS_ENTRY_KEY, SYSDB_AUTOFS_ENTRY_VALUE, NULL }; size_t count; struct ldb_message **msgs; struct ldb_dn *mapdn; DEBUG(SSSDBG_TRACE_FUNC, ("Getting entries for map %s\n", mapname)); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } mapdn = sysdb_autofsmap_dn(tmp_ctx, sysdb, domain, mapname); if (!mapdn) { ret = ENOMEM; goto done; } filter = talloc_asprintf(tmp_ctx, "(objectclass=%s)", SYSDB_AUTOFS_ENTRY_OC); if (!filter) { ret = ENOMEM; goto done; } ret = sysdb_search_entry(tmp_ctx, sysdb, mapdn, LDB_SCOPE_ONELEVEL, filter, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb search failed: %d\n", ret)); goto done; } else if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No entries for the map\n")); *_count = 0; *_entries = NULL; goto done; } *_count = count; *_entries = talloc_steal(mem_ctx, msgs); ret = EOK; DEBUG(SSSDBG_TRACE_INTERNAL, ("found %zu entries for map %s\n", count, mapname)); done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_set_autofsmap_attr(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs, int mod_op) { errno_t ret; struct ldb_dn *dn; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } dn = sysdb_autofsmap_dn(tmp_ctx, sysdb, domain, name); if (!dn) { ret = ENOMEM; goto done; } ret = sysdb_set_entry_attr(sysdb, dn, attrs, mod_op); done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_invalidate_autofs_maps(struct sysdb_ctx *sysdb, struct sss_domain_info *domain) { errno_t ret; TALLOC_CTX *tmp_ctx; const char *filter; struct sysdb_attrs *sys_attrs = NULL; const char *attrs[] = { SYSDB_OBJECTCLASS, SYSDB_NAME, SYSDB_CACHE_EXPIRE, NULL }; size_t count; struct ldb_message **msgs; const char *name; bool in_transaction = false; int sret; int i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; filter = talloc_asprintf(tmp_ctx, "(&(objectclass=%s)(%s=*))", SYSDB_AUTOFS_MAP_OC, SYSDB_NAME); if (!filter) { ret = ENOMEM; goto done; } ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, AUTOFS_MAP_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up autofs maps")); goto done; } else if (ret == ENOENT) { ret = EOK; goto done; } sys_attrs = sysdb_new_attrs(tmp_ctx); if (!sys_attrs) { ret = ENOMEM; goto done; } ret = sysdb_attrs_add_time_t(sys_attrs, SYSDB_CACHE_EXPIRE, 1); if (ret != EOK) { goto done; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; for (i = 0; i < count; i++) { name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL); if (!name) { DEBUG(SSSDBG_MINOR_FAILURE, ("A map with no name?\n")); continue; } ret = sysdb_set_autofsmap_attr(sysdb, domain, name, sys_attrs, SYSDB_MOD_REP); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not expire map %s\n", name)); continue; } } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not commit transaction\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_subdomains.c0000644000000000000000000000007312320753107020442 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.662874945 sssd-1.11.5/src/db/sysdb_subdomains.c0000664002412700241270000005117012320753107020671 0ustar00jhrozekjhrozek00000000000000/* SSSD System Database - Sub-domain related calls Copyright (C) 2012 Jan Zeleny Copyright (C) 2012 Sumit Bose This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb_private.h" errno_t sysdb_update_subdomains(struct sss_domain_info *domain) { int i; errno_t ret; TALLOC_CTX *tmp_ctx; struct ldb_result *res; const char *attrs[] = {"cn", SYSDB_SUBDOMAIN_REALM, SYSDB_SUBDOMAIN_FLAT, SYSDB_SUBDOMAIN_ID, SYSDB_SUBDOMAIN_MPG, SYSDB_SUBDOMAIN_ENUM, SYSDB_SUBDOMAIN_FOREST, NULL}; struct sss_domain_info *dom; struct ldb_dn *basedn; const char *name; const char *realm; const char *flat; const char *id; const char *forest; bool mpg; bool enumerate; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } basedn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, SYSDB_BASE); if (basedn == NULL) { ret = EIO; goto done; } ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_ONELEVEL, attrs, "objectclass=%s", SYSDB_SUBDOMAIN_CLASS); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } /* disable all domains, * let the search result refresh any that are still valid */ for (dom = domain->subdomains; dom; dom = get_next_domain(dom, false)) { dom->disabled = true; } if (res->count == 0) { ret = EOK; goto done; } for (i = 0; i < res->count; i++) { name = ldb_msg_find_attr_as_string(res->msgs[i], "cn", NULL); if (name == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("The object [%s] doesn't have a name\n", ldb_dn_get_linearized(res->msgs[i]->dn))); ret = EINVAL; goto done; } realm = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_SUBDOMAIN_REALM, NULL); flat = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_SUBDOMAIN_FLAT, NULL); id = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_SUBDOMAIN_ID, NULL); mpg = ldb_msg_find_attr_as_bool(res->msgs[i], SYSDB_SUBDOMAIN_MPG, false); enumerate = ldb_msg_find_attr_as_bool(res->msgs[i], SYSDB_SUBDOMAIN_ENUM, false); forest = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_SUBDOMAIN_FOREST, NULL); /* explicitly use dom->next as we need to check 'disabled' domains */ for (dom = domain->subdomains; dom; dom = dom->next) { if (strcasecmp(dom->name, name) == 0) { dom->disabled = false; /* in theory these may change, but it should never happen */ if (strcasecmp(dom->realm, realm) != 0) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Realm name changed from [%s] to [%s]!\n", dom->realm, realm)); talloc_zfree(dom->realm); dom->realm = talloc_strdup(dom, realm); if (dom->realm == NULL) { ret = ENOMEM; goto done; } } if (strcasecmp(dom->flat_name, flat) != 0) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Flat name changed from [%s] to [%s]!\n", dom->flat_name, flat)); talloc_zfree(dom->flat_name); dom->flat_name = talloc_strdup(dom, flat); if (dom->flat_name == NULL) { ret = ENOMEM; goto done; } } if (strcasecmp(dom->domain_id, id) != 0) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Domain changed from [%s] to [%s]!\n", dom->domain_id, id)); talloc_zfree(dom->domain_id); dom->domain_id = talloc_strdup(dom, id); if (dom->domain_id == NULL) { ret = ENOMEM; goto done; } } if (dom->mpg != mpg) { DEBUG(SSSDBG_TRACE_INTERNAL, ("MPG state change from [%s] to [%s]!\n", dom->mpg ? "true" : "false", mpg ? "true" : "false")); dom->mpg = mpg; } if (dom->enumerate != enumerate) { DEBUG(SSSDBG_TRACE_INTERNAL, ("MPG state change from [%s] to [%s]!\n", dom->enumerate ? "true" : "false", enumerate ? "true" : "false")); dom->enumerate = enumerate; } if ((dom->forest == NULL && forest != NULL) || (dom->forest != NULL && forest != NULL && strcasecmp(dom->forest, forest) != 0)) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Forest changed from [%s] to [%s]!\n", dom->forest, forest)); talloc_zfree(dom->forest); dom->forest = talloc_strdup(dom, forest); if (dom->forest == NULL) { ret = ENOMEM; goto done; } } break; } } /* If not found in loop it is a new subdomain */ if (dom == NULL) { dom = new_subdomain(domain, domain, name, realm, flat, id, mpg, enumerate, forest); if (dom == NULL) { ret = ENOMEM; goto done; } DLIST_ADD_END(domain->subdomains, dom, struct sss_domain_info *); } } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_master_domain_update(struct sss_domain_info *domain) { errno_t ret; TALLOC_CTX *tmp_ctx; const char *tmp_str; struct ldb_dn *basedn; struct ldb_result *res; const char *attrs[] = {"cn", SYSDB_SUBDOMAIN_REALM, SYSDB_SUBDOMAIN_FLAT, SYSDB_SUBDOMAIN_ID, SYSDB_SUBDOMAIN_FOREST, NULL}; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb, SYSDB_DOM_BASE, domain->name); if (basedn == NULL) { ret = EIO; goto done; } ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_BASE, attrs, NULL); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } if (res->count == 0) { ret = ENOENT; goto done; } if (res->count > 1) { DEBUG(SSSDBG_OP_FAILURE, ("Base search returned [%d] results, " "expected 1.\n", res->count)); ret = EINVAL; goto done; } tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_REALM, NULL); if (tmp_str != NULL && (domain->realm == NULL || strcasecmp(tmp_str, domain->realm) != 0)) { talloc_free(domain->realm); domain->realm = talloc_strdup(domain, tmp_str); if (domain->realm == NULL) { ret = ENOMEM; goto done; } } tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FLAT, NULL); if (tmp_str != NULL && (domain->flat_name == NULL || strcasecmp(tmp_str, domain->flat_name) != 0)) { talloc_free(domain->flat_name); domain->flat_name = talloc_strdup(domain, tmp_str); if (domain->flat_name == NULL) { ret = ENOMEM; goto done; } } tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_ID, NULL); if (tmp_str != NULL && (domain->domain_id == NULL || strcasecmp(tmp_str, domain->domain_id) != 0)) { talloc_free(domain->domain_id); domain->domain_id = talloc_strdup(domain, tmp_str); if (domain->domain_id == NULL) { ret = ENOMEM; goto done; } } tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FOREST, NULL); if (tmp_str != NULL && (domain->forest == NULL || strcasecmp(tmp_str, domain->forest) != 0)) { talloc_free(domain->forest); domain->forest = talloc_strdup(domain, tmp_str); if (domain->forest == NULL) { ret = ENOMEM; goto done; } } done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, const char *flat, const char *id, const char* forest) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; int ret; bool do_update = false; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } msg = ldb_msg_new(tmp_ctx); if (msg == NULL) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb, SYSDB_DOM_BASE, domain->name); if (msg->dn == NULL) { ret = EIO; goto done; } if (flat != NULL && (domain->flat_name == NULL || strcmp(domain->flat_name, flat) != 0)) { ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FLAT, LDB_FLAG_MOD_REPLACE, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FLAT, flat); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } do_update = true; } if (id != NULL && (domain->domain_id == NULL || strcmp(domain->domain_id, id) != 0)) { ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ID, LDB_FLAG_MOD_REPLACE, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_ID, id); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } do_update = true; } if (forest != NULL && (domain->forest == NULL || strcmp(domain->forest, forest) != 0)) { ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FOREST, LDB_FLAG_MOD_REPLACE, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FOREST, forest); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } do_update = true; } if (do_update == false) { ret = EOK; goto done; } ret = ldb_modify(domain->sysdb->ldb, msg); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add subdomain attributes to " "[%s]: [%d][%s]!\n", domain->name, ret, ldb_errstring(domain->sysdb->ldb))); ret = sysdb_error_to_errno(ret); goto done; } ret = sysdb_master_domain_update(domain); if (ret != EOK) { goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb, const char *name, const char *realm, const char *flat_name, const char *domain_id, bool mpg, bool enumerate, const char *forest) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; struct ldb_dn *dn; struct ldb_result *res; const char *attrs[] = {"cn", SYSDB_SUBDOMAIN_REALM, SYSDB_SUBDOMAIN_FLAT, SYSDB_SUBDOMAIN_ID, SYSDB_SUBDOMAIN_MPG, SYSDB_SUBDOMAIN_ENUM, SYSDB_SUBDOMAIN_FOREST, NULL}; const char *tmp_str; bool tmp_bool; bool store = false; int realm_flags = 0; int flat_flags = 0; int id_flags = 0; int mpg_flags = 0; int enum_flags = 0; int forest_flags = 0; int ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, name); if (dn == NULL) { ret = EIO; goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, NULL); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } if (res->count == 0) { ret = sysdb_domain_create(sysdb, name); if (ret) { goto done; } store = true; if (realm) realm_flags = LDB_FLAG_MOD_ADD; if (flat_name) flat_flags = LDB_FLAG_MOD_ADD; if (domain_id) id_flags = LDB_FLAG_MOD_ADD; mpg_flags = LDB_FLAG_MOD_ADD; enum_flags = LDB_FLAG_MOD_ADD; if (forest) forest_flags = LDB_FLAG_MOD_ADD; } else if (res->count != 1) { ret = EINVAL; goto done; } else { /* 1 found */ if (realm) { tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_REALM, NULL); if (!tmp_str || strcasecmp(tmp_str, realm) != 0) { realm_flags = LDB_FLAG_MOD_REPLACE; } } if (flat_name) { tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FLAT, NULL); if (!tmp_str || strcasecmp(tmp_str, flat_name) != 0) { flat_flags = LDB_FLAG_MOD_REPLACE; } } if (domain_id) { tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_ID, NULL); if (!tmp_str || strcasecmp(tmp_str, domain_id) != 0) { id_flags = LDB_FLAG_MOD_REPLACE; } } tmp_bool = ldb_msg_find_attr_as_bool(res->msgs[0], SYSDB_SUBDOMAIN_MPG, !mpg); if (tmp_bool != mpg) { mpg_flags = LDB_FLAG_MOD_REPLACE; } tmp_bool = ldb_msg_find_attr_as_bool(res->msgs[0], SYSDB_SUBDOMAIN_ENUM, !enumerate); if (tmp_bool != enumerate) { enum_flags = LDB_FLAG_MOD_REPLACE; } if (forest) { tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FOREST, NULL); if (!tmp_str || strcasecmp(tmp_str, forest) != 0) { forest_flags = LDB_FLAG_MOD_REPLACE; } } } if (!store && realm_flags == 0 && flat_flags == 0 && id_flags == 0 && mpg_flags == 0 && enum_flags == 0 && forest_flags == 0) { ret = EOK; goto done; } msg = ldb_msg_new(tmp_ctx); if (msg == NULL) { ret = ENOMEM; goto done; } msg->dn = dn; if (store) { ret = ldb_msg_add_empty(msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_ADD, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = ldb_msg_add_string(msg, SYSDB_OBJECTCLASS, SYSDB_SUBDOMAIN_CLASS); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } } if (realm_flags) { ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_REALM, realm_flags, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_REALM, realm); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } } if (flat_flags) { ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FLAT, flat_flags, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FLAT, flat_name); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } } if (id_flags) { ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ID, id_flags, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_ID, domain_id); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } } if (mpg_flags) { ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_MPG, mpg_flags, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_MPG, mpg ? "TRUE" : "FALSE"); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } } if (enum_flags) { ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ENUM, enum_flags, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_ENUM, enumerate ? "TRUE" : "FALSE"); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } } if (forest_flags) { ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FOREST, forest_flags, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FOREST, forest); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } } ret = ldb_modify(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add subdomain attributes to " "[%s]: [%d][%s]!\n", name, ret, ldb_errstring(sysdb->ldb))); ret = sysdb_error_to_errno(ret); goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name) { TALLOC_CTX *tmp_ctx = NULL; struct ldb_dn *dn; int ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Removing sub-domain [%s] from db.\n", name)); dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, name); if (dn == NULL) { ret = ENOMEM; goto done; } ret = sysdb_delete_recursive(sysdb, dn, true); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_delete_recursive failed.\n")); goto done; } done: talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_private.h0000644000000000000000000000007312320753107017755 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.457875096 sssd-1.11.5/src/db/sysdb_private.h0000664002412700241270000001053612320753107020205 0ustar00jhrozekjhrozek00000000000000 /* SSSD Private System Database Header Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __INT_SYS_DB_H__ #define __INT_SYS_DB_H__ #define SYSDB_VERSION_0_15 "0.15" #define SYSDB_VERSION_0_14 "0.14" #define SYSDB_VERSION_0_13 "0.13" #define SYSDB_VERSION_0_12 "0.12" #define SYSDB_VERSION_0_11 "0.11" #define SYSDB_VERSION_0_10 "0.10" #define SYSDB_VERSION_0_9 "0.9" #define SYSDB_VERSION_0_8 "0.8" #define SYSDB_VERSION_0_7 "0.7" #define SYSDB_VERSION_0_6 "0.6" #define SYSDB_VERSION_0_5 "0.5" #define SYSDB_VERSION_0_4 "0.4" #define SYSDB_VERSION_0_3 "0.3" #define SYSDB_VERSION_0_2 "0.2" #define SYSDB_VERSION_0_1 "0.1" #define SYSDB_VERSION SYSDB_VERSION_0_15 #define SYSDB_BASE_LDIF \ "dn: @ATTRIBUTES\n" \ "userPrincipalName: CASE_INSENSITIVE\n" \ "cn: CASE_INSENSITIVE\n" \ "dc: CASE_INSENSITIVE\n" \ "dn: CASE_INSENSITIVE\n" \ "originalDN: CASE_INSENSITIVE\n" \ "objectclass: CASE_INSENSITIVE\n" \ "\n" \ "dn: @INDEXLIST\n" \ "@IDXATTR: cn\n" \ "@IDXATTR: objectclass\n" \ "@IDXATTR: member\n" \ "@IDXATTR: memberof\n" \ "@IDXATTR: name\n" \ "@IDXATTR: uidNumber\n" \ "@IDXATTR: gidNumber\n" \ "@IDXATTR: lastUpdate\n" \ "@IDXATTR: dataExpireTimestamp\n" \ "@IDXATTR: originalDN\n" \ "@IDXATTR: nameAlias\n" \ "@IDXATTR: servicePort\n" \ "@IDXATTR: serviceProtocol\n" \ "@IDXATTR: sudoUser\n" \ "@IDXATTR: sshKnownHostsExpire\n" \ "@IDXONE: 1\n" \ "\n" \ "dn: @MODULES\n" \ "@LIST: asq,memberof\n" \ "\n" \ "dn: cn=sysdb\n" \ "cn: sysdb\n" \ "version: " SYSDB_VERSION "\n" \ "description: base object\n" \ "\n" \ "dn: cn=ranges,cn=sysdb\n" \ "cn: ranges\n" \ "\n" #include "db/sysdb.h" struct sysdb_ctx { struct ldb_context *ldb; char *ldb_file; }; /* Internal utility functions */ int sysdb_get_db_file(TALLOC_CTX *mem_ctx, const char *provider, const char *name, const char *base_path, char **_ldb_file); errno_t sysdb_ldb_connect(TALLOC_CTX *mem_ctx, const char *filename, struct ldb_context **_ldb); int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *db_path, bool allow_upgrade, struct sysdb_ctx **_ctx); /* Upgrade routines */ int sysdb_upgrade_01(struct ldb_context *ldb, const char **ver); int sysdb_check_upgrade_02(struct sss_domain_info *domains, const char *db_path); int sysdb_upgrade_03(struct sysdb_ctx *sysdb, const char **ver); int sysdb_upgrade_04(struct sysdb_ctx *sysdb, const char **ver); int sysdb_upgrade_05(struct sysdb_ctx *sysdb, const char **ver); int sysdb_upgrade_06(struct sysdb_ctx *sysdb, const char **ver); int sysdb_upgrade_07(struct sysdb_ctx *sysdb, const char **ver); int sysdb_upgrade_08(struct sysdb_ctx *sysdb, const char **ver); int sysdb_upgrade_09(struct sysdb_ctx *sysdb, const char **ver); int sysdb_upgrade_10(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char **ver); int sysdb_upgrade_11(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char **ver); int sysdb_upgrade_12(struct sysdb_ctx *sysdb, const char **ver); int sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char **ver); int sysdb_upgrade_14(struct sysdb_ctx *sysdb, const char **ver); int add_string(struct ldb_message *msg, int flags, const char *attr, const char *value); int add_ulong(struct ldb_message *msg, int flags, const char *attr, unsigned long value); #endif /* __INT_SYS_DB_H__ */ sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_services.c0000644000000000000000000000007312320753107020121 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.661874945 sssd-1.11.5/src/db/sysdb_services.c0000664002412700241270000005731412320753107020356 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb.h" #include "db/sysdb_private.h" #include "db/sysdb_services.h" static errno_t sysdb_svc_update(struct sysdb_ctx *sysdb, struct ldb_dn *dn, int port, const char **aliases, const char **protocols); errno_t sysdb_svc_remove_alias(struct sysdb_ctx *sysdb, struct ldb_dn *dn, const char *alias); errno_t sysdb_getservbyname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *proto, struct ldb_result **_res) { errno_t ret; TALLOC_CTX *tmp_ctx; static const char *attrs[] = SYSDB_SVC_ATTRS; char *sanitized_name; char *sanitized_proto; char *subfilter; struct ldb_result *res = NULL; struct ldb_message **msgs; size_t msgs_count; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name); if (ret != EOK) { goto done; } if (proto) { ret = sss_filter_sanitize(tmp_ctx, proto, &sanitized_proto); if (ret != EOK) { goto done; } } subfilter = talloc_asprintf(tmp_ctx, SYSDB_SVC_BYNAME_FILTER, proto ? sanitized_proto : "*", sanitized_name, sanitized_name); if (!subfilter) { ret = ENOMEM; goto done; } ret = sysdb_search_services(mem_ctx, sysdb, domain, subfilter, attrs, &msgs_count, &msgs); if (ret == EOK) { res = talloc_zero(mem_ctx, struct ldb_result); if (!res) { ret = ENOMEM; goto done; } res->count = msgs_count; res->msgs = talloc_steal(res, msgs); } *_res = res; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_getservbyport(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, int port, const char *proto, struct ldb_result **_res) { errno_t ret; TALLOC_CTX *tmp_ctx; static const char *attrs[] = SYSDB_SVC_ATTRS; char *sanitized_proto = NULL; char *subfilter; struct ldb_result *res = NULL; struct ldb_message **msgs; size_t msgs_count; if (port <= 0) { return EINVAL; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (proto) { ret = sss_filter_sanitize(tmp_ctx, proto, &sanitized_proto); if (ret != EOK) { goto done; } } subfilter = talloc_asprintf(tmp_ctx, SYSDB_SVC_BYPORT_FILTER, proto ? sanitized_proto : "*", (unsigned int) port); if (!subfilter) { ret = ENOMEM; goto done; } ret = sysdb_search_services(mem_ctx, sysdb, domain, subfilter, attrs, &msgs_count, &msgs); if (ret == EOK) { res = talloc_zero(mem_ctx, struct ldb_result); if (!res) { ret = ENOMEM; goto done; } res->count = msgs_count; res->msgs = talloc_steal(res, msgs); } *_res = res; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_store_service(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *primary_name, int port, const char **aliases, const char **protocols, struct sysdb_attrs *extra_attrs, char **remove_attrs, uint64_t cache_timeout, time_t now) { errno_t ret; errno_t sret; TALLOC_CTX *tmp_ctx; bool in_transaction = false; struct ldb_result *res = NULL; const char *name; unsigned int i; struct ldb_dn *update_dn = NULL; struct sysdb_attrs *attrs; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; /* Check that the port is unique * If the port appears for any service other than * the one matching the primary_name, we need to * remove them so that getservbyport() can work * properly. Last entry saved to the cache should * always "win". */ ret = sysdb_getservbyport(tmp_ctx, sysdb, domain, port, NULL, &res); if (ret != EOK && ret != ENOENT) { goto done; } else if (ret != ENOENT) { if (res->count != 1) { /* Somehow the cache has multiple entries with * the same port. This is corrupted. We'll delete * them all to sort it out. */ for (i = 0; i < res->count; i++) { DEBUG(SSSDBG_TRACE_FUNC, ("Corrupt cache entry [%s] detected. Deleting\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[i]->dn))); ret = sysdb_delete_entry(sysdb, res->msgs[i]->dn, true); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not delete corrupt cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[i]->dn))); goto done; } } } else { /* Check whether this is the same name as we're currently * saving to the cache. */ name = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); if (!name || strcmp(name, primary_name) != 0) { if (!name) { DEBUG(SSSDBG_CRIT_FAILURE, ("A service with no name?\n")); /* Corrupted */ } /* Either this is a corrupt entry or it's another service * claiming ownership of this port. In order to account * for port reassignments, we need to delete the old entry. */ DEBUG(SSSDBG_TRACE_FUNC, ("Corrupt or replaced cache entry [%s] detected. " "Deleting\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[0]->dn))); ret = sysdb_delete_entry(sysdb, res->msgs[0]->dn, true); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not delete cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[0]->dn))); } } } } talloc_zfree(res); /* Ok, ports should now be unique. Now look * the service up by name to determine if we * need to update existing entries or modify * aliases. */ ret = sysdb_getservbyname(tmp_ctx, sysdb, domain, primary_name, NULL, &res); if (ret != EOK && ret != ENOENT) { goto done; } else if (ret != ENOENT) { /* Found entries */ for (i = 0; i < res->count; i++) { /* Check whether this is the same name as we're currently * saving to the cache. */ name = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_NAME, NULL); if (!name) { /* Corrupted */ DEBUG(SSSDBG_CRIT_FAILURE, ("A service with no name?\n")); DEBUG(SSSDBG_TRACE_FUNC, ("Corrupt cache entry [%s] detected. Deleting\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[i]->dn))); ret = sysdb_delete_entry(sysdb, res->msgs[i]->dn, true); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not delete corrupt cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[i]->dn))); goto done; } } else if (strcmp(name, primary_name) == 0) { /* This is the same service name, so we need * to update this entry with the values * provided. */ if(update_dn) { DEBUG(SSSDBG_CRIT_FAILURE, ("Two existing services with the same name: [%s]? " "Deleting both.\n", primary_name)); /* Delete the entry from the previous pass */ ret = sysdb_delete_entry(sysdb, update_dn, true); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not delete cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, update_dn))); goto done; } /* Delete the new entry as well */ ret = sysdb_delete_entry(sysdb, res->msgs[i]->dn, true); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not delete cache entry [%s]\n", ldb_dn_canonical_string(tmp_ctx, res->msgs[i]->dn))); goto done; } update_dn = NULL; } else { update_dn = talloc_steal(tmp_ctx, res->msgs[i]->dn); } } else { /* Another service is claiming this name as an alias. * In order to account for aliases being promoted to * primary names, we need to make sure to remove the * old alias entry. */ ret = sysdb_svc_remove_alias(sysdb, res->msgs[i]->dn, primary_name); if (ret != EOK) goto done; } } talloc_zfree(res); } if (update_dn) { /* Update the existing entry */ ret = sysdb_svc_update(sysdb, update_dn, port, aliases, protocols); } else { /* Add a new entry */ ret = sysdb_svc_add(tmp_ctx, sysdb, domain, primary_name, port, aliases, protocols, &update_dn); } if (ret != EOK) goto done; /* Set the cache timeout */ if (!extra_attrs) { attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ret = ENOMEM; goto done; } } else { attrs = extra_attrs; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now); if (ret) goto done; ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, ((cache_timeout) ? (now + cache_timeout) : 0)); if (ret) goto done; ret = sysdb_set_entry_attr(sysdb, update_dn, attrs, SYSDB_MOD_REP); if (ret != EOK) goto done; if (remove_attrs) { ret = sysdb_remove_attrs(sysdb, domain, primary_name, SYSDB_MEMBER_SERVICE, remove_attrs); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not remove missing attributes: [%s]\n", strerror(ret))); goto done; } } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } struct ldb_dn * sysdb_svc_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, const char *domain, const char *name) { errno_t ret; char *clean_name; struct ldb_dn *dn; ret = sysdb_dn_sanitize(NULL, name, &clean_name); if (ret != EOK) { return NULL; } dn = ldb_dn_new_fmt(mem_ctx, sysdb->ldb, SYSDB_TMPL_SVC, clean_name, domain); talloc_free(clean_name); return dn; } errno_t sysdb_svc_add(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *primary_name, int port, const char **aliases, const char **protocols, struct ldb_dn **dn) { errno_t ret; int lret; TALLOC_CTX *tmp_ctx; struct ldb_message *msg; unsigned long i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } /* svc dn */ msg->dn = sysdb_svc_dn(sysdb, msg, domain->name, primary_name); if (!msg->dn) { ret = ENOMEM; goto done; } /* Objectclass */ ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_SVC_CLASS); if (ret != EOK) goto done; /* Set the primary name */ ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, primary_name); if (ret != EOK) goto done; /* Set the port number */ ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_SVC_PORT, port); if (ret != EOK) goto done; /* If this service has any aliases, include them */ if (aliases && aliases[0]) { /* Set the name aliases */ lret = ldb_msg_add_empty(msg, SYSDB_NAME_ALIAS, LDB_FLAG_MOD_ADD, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } for (i=0; aliases[i]; i++) { lret = ldb_msg_add_string(msg, SYSDB_NAME_ALIAS, aliases[i]); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } } } /* Set the protocols */ lret = ldb_msg_add_empty(msg, SYSDB_SVC_PROTO, LDB_FLAG_MOD_ADD, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } for (i=0; protocols[i]; i++) { lret = ldb_msg_add_string(msg, SYSDB_SVC_PROTO, protocols[i]); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } } /* creation time */ ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME, (unsigned long)time(NULL)); if (ret) goto done; lret = ldb_add(sysdb->ldb, msg); ret = sysdb_error_to_errno(lret); if (ret == EOK && dn) { *dn = talloc_steal(mem_ctx, msg->dn); } done: if (ret) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_free(tmp_ctx); return ret; } static errno_t sysdb_svc_update(struct sysdb_ctx *sysdb, struct ldb_dn *dn, int port, const char **aliases, const char **protocols) { errno_t ret; struct ldb_message *msg; int lret; unsigned int i; if (!dn || !protocols || !protocols[0]) { return EINVAL; } msg = ldb_msg_new(NULL); if (!msg) { ret = ENOMEM; goto done; } msg->dn = dn; /* Update the port */ ret = add_ulong(msg, SYSDB_MOD_REP, SYSDB_SVC_PORT, port); if (ret != EOK) goto done; if (aliases && aliases[0]) { /* Update the aliases */ lret = ldb_msg_add_empty(msg, SYSDB_NAME_ALIAS, SYSDB_MOD_REP, NULL); if (lret != LDB_SUCCESS) { ret = ENOMEM; goto done; } for (i = 0; aliases[i]; i++) { lret = ldb_msg_add_string(msg, SYSDB_NAME_ALIAS, aliases[i]); if (lret != LDB_SUCCESS) { ret = EINVAL; goto done; } } } /* Update the protocols */ lret = ldb_msg_add_empty(msg, SYSDB_SVC_PROTO, SYSDB_MOD_REP, NULL); if (lret != LDB_SUCCESS) { ret = ENOMEM; goto done; } for (i = 0; protocols[i]; i++) { lret = ldb_msg_add_string(msg, SYSDB_SVC_PROTO, protocols[i]); if (lret != LDB_SUCCESS) { ret = EINVAL; goto done; } } lret = ldb_modify(sysdb->ldb, msg); ret = sysdb_error_to_errno(lret); done: if (ret) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_free(msg); return ret; } errno_t sysdb_svc_remove_alias(struct sysdb_ctx *sysdb, struct ldb_dn *dn, const char *alias) { errno_t ret; struct ldb_message *msg; int lret; msg = ldb_msg_new(NULL); if (!msg) { ret = ENOMEM; goto done; } msg->dn = dn; ret = add_string(msg, SYSDB_MOD_DEL, SYSDB_NAME_ALIAS, alias); if (ret != EOK) goto done; lret = ldb_modify(sysdb->ldb, msg); ret = sysdb_error_to_errno(lret); done: if (ret) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(msg); return ret; } errno_t sysdb_svc_delete(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, int port, const char *proto) { errno_t ret, sret; TALLOC_CTX *tmp_ctx; struct ldb_result *res; unsigned int i; bool in_transaction = false; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; if (name) { ret = sysdb_getservbyname(tmp_ctx, sysdb, domain, name, proto, &res); if (ret != EOK && ret != ENOENT) goto done; if (ret == ENOENT) { /* Doesn't exist in the DB. Nothing to do */ ret = EOK; goto done; } } else { ret = sysdb_getservbyport(tmp_ctx, sysdb, domain, port, proto, &res); if (ret != EOK && ret != ENOENT) goto done; if (ret == ENOENT) { /* Doesn't exist in the DB. Nothing to do */ ret = EOK; goto done; } } /* There should only be one matching entry, * but if there are multiple, we should delete * them all to de-corrupt the DB. */ for (i = 0; i < res->count; i++) { ret = sysdb_delete_entry(sysdb, res->msgs[i]->dn, false); if (ret != EOK) goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } errno_t sysdb_enumservent(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct ldb_result **_res) { errno_t ret; TALLOC_CTX *tmp_ctx; static const char *attrs[] = SYSDB_SVC_ATTRS; struct ldb_result *res = NULL; struct ldb_message **msgs; size_t msgs_count; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_search_services(mem_ctx, sysdb, domain, "", attrs, &msgs_count, &msgs); if (ret == EOK) { res = talloc_zero(mem_ctx, struct ldb_result); if (!res) { ret = ENOMEM; goto done; } res->count = msgs_count; res->msgs = talloc_steal(res, msgs); } *_res = res; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_set_service_attr(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs, int mod_op) { errno_t ret; struct ldb_dn *dn; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } dn = sysdb_svc_dn(sysdb, tmp_ctx, domain->name, name); if (!dn) { ret = ENOMEM; goto done; } ret = sysdb_set_entry_attr(sysdb, dn, attrs, mod_op); done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_search_services(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs) { TALLOC_CTX *tmp_ctx; struct ldb_dn *basedn; char *filter; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_SVC_BASE, domain->name); if (!basedn) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to build base dn\n")); ret = ENOMEM; goto fail; } filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_SC, sub_filter); if (!filter) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to build filter\n")); ret = ENOMEM; goto fail; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Search services with filter: %s\n", filter)); ret = sysdb_search_entry(mem_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, attrs, msgs_count, msgs); if (ret) { goto fail; } talloc_zfree(tmp_ctx); return EOK; fail: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_INTERNAL, ("No such entry\n")); } else if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_ops.c0000644000000000000000000000007312320753107017077 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.657874948 sssd-1.11.5/src/db/sysdb_ops.c0000664002412700241270000027444312320753107017340 0ustar00jhrozekjhrozek00000000000000/* SSSD System Database Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb_private.h" #include "db/sysdb_services.h" #include "db/sysdb_autofs.h" #include "util/crypto/sss_crypto.h" #include int add_string(struct ldb_message *msg, int flags, const char *attr, const char *value) { int ret; ret = ldb_msg_add_empty(msg, attr, flags, NULL); if (ret == LDB_SUCCESS) { ret = ldb_msg_add_string(msg, attr, value); if (ret == LDB_SUCCESS) return EOK; } return ENOMEM; } int add_ulong(struct ldb_message *msg, int flags, const char *attr, unsigned long value) { int ret; ret = ldb_msg_add_empty(msg, attr, flags, NULL); if (ret == LDB_SUCCESS) { ret = ldb_msg_add_fmt(msg, attr, "%lu", value); if (ret == LDB_SUCCESS) return EOK; } return ENOMEM; } static uint32_t get_attr_as_uint32(struct ldb_message *msg, const char *attr) { const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr); long long int l; if (!v || !v->data) { return 0; } errno = 0; l = strtoll((const char *)v->data, NULL, 10); if (errno) { return (uint32_t)-1; } if (l < 0 || l > ((uint32_t)(-1))) { return (uint32_t)-1; } return l; } /* * The wrapper around ldb_modify that uses LDB_CONTROL_PERMISSIVE_MODIFY_OID * so that on adds entries that already exist are skipped and similarly * entries that are missing are ignored on deletes */ int sss_ldb_modify_permissive(struct ldb_context *ldb, struct ldb_message *msg) { struct ldb_request *req; int ret = EOK; ret = ldb_build_mod_req(&req, ldb, ldb, msg, NULL, NULL, ldb_op_default_callback, NULL); if (ret != LDB_SUCCESS) return ret; ret = ldb_request_add_control(req, LDB_CONTROL_PERMISSIVE_MODIFY_OID, false, NULL); if (ret != LDB_SUCCESS) { talloc_free(req); return ret; } ret = ldb_request(ldb, req); if (ret == LDB_SUCCESS) { ret = ldb_wait(req->handle, LDB_WAIT_ALL); } talloc_free(req); return ret; } #define ERROR_OUT(v, r, l) do { v = r; goto l; } while(0) /* =Remove-Entry-From-Sysdb=============================================== */ int sysdb_delete_entry(struct sysdb_ctx *sysdb, struct ldb_dn *dn, bool ignore_not_found) { int ret; ret = ldb_delete(sysdb->ldb, dn); switch (ret) { case LDB_SUCCESS: return EOK; case LDB_ERR_NO_SUCH_OBJECT: if (ignore_not_found) { return EOK; } /* fall through */ default: DEBUG(1, ("LDB Error: %s(%d)\nError Message: [%s]\n", ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb))); return sysdb_error_to_errno(ret); } } /* =Remove-Subentries-From-Sysdb=========================================== */ int sysdb_delete_recursive(struct sysdb_ctx *sysdb, struct ldb_dn *dn, bool ignore_not_found) { const char *no_attrs[] = { NULL }; struct ldb_message **msgs; size_t msgs_count; int ret; int i; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = ldb_transaction_start(sysdb->ldb); if (ret) { ret = sysdb_error_to_errno(ret); goto done; } ret = sysdb_search_entry(tmp_ctx, sysdb, dn, LDB_SCOPE_SUBTREE, "(distinguishedName=*)", no_attrs, &msgs_count, &msgs); if (ret) { if (ignore_not_found && ret == ENOENT) { ret = EOK; } if (ret) { DEBUG(6, ("Search error: %d (%s)\n", ret, strerror(ret))); } goto done; } DEBUG(SSSDBG_TRACE_ALL, ("Found [%zu] items to delete.\n", msgs_count)); qsort(msgs, msgs_count, sizeof(struct ldb_message *), compare_ldb_dn_comp_num); for (i = 0; i < msgs_count; i++) { DEBUG(9 ,("Trying to delete [%s].\n", ldb_dn_get_linearized(msgs[i]->dn))); ret = sysdb_delete_entry(sysdb, msgs[i]->dn, false); if (ret) { goto done; } } done: if (ret == EOK) { ret = ldb_transaction_commit(sysdb->ldb); ret = sysdb_error_to_errno(ret); } else { ldb_transaction_cancel(sysdb->ldb); } talloc_free(tmp_ctx); return ret; } /* =Search-Entry========================================================== */ int sysdb_search_entry(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ldb_dn *base_dn, int scope, const char *filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs) { struct ldb_result *res; int ret; ret = ldb_search(sysdb->ldb, mem_ctx, &res, base_dn, scope, attrs, filter?"%s":NULL, filter); if (ret) { return sysdb_error_to_errno(ret); } *msgs_count = res->count; *msgs = talloc_steal(mem_ctx, res->msgs); if (res->count == 0) { return ENOENT; } return EOK; } /* =Search-Entry-by-SID-string============================================ */ int sysdb_search_entry_by_sid_str(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *search_base, const char *filter_str, const char *sid_str, const char **attrs, struct ldb_message **msg) { TALLOC_CTX *tmp_ctx; const char *def_attrs[] = { SYSDB_NAME, SYSDB_SID_STR, NULL }; struct ldb_message **msgs = NULL; struct ldb_dn *basedn; size_t msgs_count = 0; char *filter; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, search_base, domain->name); if (!basedn) { ret = ENOMEM; goto done; } filter = talloc_asprintf(tmp_ctx, filter_str, sid_str); if (!filter) { ret = ENOMEM; goto done; } ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, attrs?attrs:def_attrs, &msgs_count, &msgs); if (ret) { goto done; } *msg = talloc_steal(mem_ctx, msgs[0]); done: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n")); } else if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Search-User-by-[UID/SID/NAME]============================================= */ int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **attrs, struct ldb_message **msg) { TALLOC_CTX *tmp_ctx; const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL }; struct ldb_message **msgs = NULL; struct ldb_dn *basedn; size_t msgs_count = 0; char *sanitized_name; char *lc_sanitized_name; char *filter; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_USER_BASE, domain->name); if (!basedn) { ret = ENOMEM; goto done; } ret = sss_filter_sanitize_for_dom(tmp_ctx, name, domain, &sanitized_name, &lc_sanitized_name); if (ret != EOK) { goto done; } filter = talloc_asprintf(tmp_ctx, SYSDB_PWNAM_FILTER, lc_sanitized_name, sanitized_name, sanitized_name); if (!filter) { ret = ENOMEM; goto done; } ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, attrs?attrs:def_attrs, &msgs_count, &msgs); if (ret) { goto done; } *msg = talloc_steal(mem_ctx, msgs[0]); done: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n")); } else if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } int sysdb_search_user_by_uid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, uid_t uid, const char **attrs, struct ldb_message **msg) { TALLOC_CTX *tmp_ctx; const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL }; struct ldb_message **msgs = NULL; struct ldb_dn *basedn; size_t msgs_count = 0; char *filter; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_USER_BASE, domain->name); if (!basedn) { ret = ENOMEM; goto done; } filter = talloc_asprintf(tmp_ctx, SYSDB_PWUID_FILTER, (unsigned long)uid); if (!filter) { ret = ENOMEM; goto done; } /* Use SUBTREE scope here, not ONELEVEL * There is a bug in LDB that makes ONELEVEL searches extremely * slow (it ignores indexing) */ ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, attrs?attrs:def_attrs, &msgs_count, &msgs); if (ret) { goto done; } *msg = talloc_steal(mem_ctx, msgs[0]); done: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n")); } else if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } int sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sid_str, const char **attrs, struct ldb_message **msg) { return sysdb_search_entry_by_sid_str(mem_ctx, sysdb, domain, SYSDB_TMPL_USER_BASE, SYSDB_PWSID_FILTER, sid_str, attrs, msg); } /* =Search-Group-by-[GID/SID/NAME]============================================ */ int sysdb_search_group_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **attrs, struct ldb_message **msg) { TALLOC_CTX *tmp_ctx; static const char *def_attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL }; struct ldb_message **msgs = NULL; struct ldb_dn *basedn; size_t msgs_count = 0; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = sysdb_group_dn(sysdb, tmp_ctx, domain, name); if (!basedn) { ret = ENOMEM; goto done; } ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL, attrs?attrs:def_attrs, &msgs_count, &msgs); if (ret) { goto done; } *msg = talloc_steal(mem_ctx, msgs[0]); done: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n")); } else if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } int sysdb_search_group_by_gid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, gid_t gid, const char **attrs, struct ldb_message **msg) { TALLOC_CTX *tmp_ctx; const char *def_attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL }; struct ldb_message **msgs = NULL; struct ldb_dn *basedn; size_t msgs_count = 0; char *filter; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_GROUP_BASE, domain->name); if (!basedn) { ret = ENOMEM; goto done; } filter = talloc_asprintf(tmp_ctx, SYSDB_GRGID_FILTER, (unsigned long)gid); if (!filter) { ret = ENOMEM; goto done; } /* Use SUBTREE scope here, not ONELEVEL * There is a bug in LDB that makes ONELEVEL searches extremely * slow (it ignores indexing) */ ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, attrs?attrs:def_attrs, &msgs_count, &msgs); if (ret) { goto done; } *msg = talloc_steal(mem_ctx, msgs[0]); done: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n")); } else if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } int sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sid_str, const char **attrs, struct ldb_message **msg) { return sysdb_search_entry_by_sid_str(mem_ctx, sysdb, domain, SYSDB_TMPL_GROUP_BASE, SYSDB_GRSID_FILTER, sid_str, attrs, msg); } /* =Search-Group-by-Name============================================ */ int sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **attrs, struct ldb_message **msg) { TALLOC_CTX *tmp_ctx; static const char *def_attrs[] = { SYSDB_NAME, NULL }; struct ldb_message **msgs = NULL; struct ldb_dn *basedn; size_t msgs_count = 0; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = sysdb_netgroup_dn(sysdb, tmp_ctx, domain, name); if (!basedn) { ret = ENOMEM; goto done; } ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL, attrs?attrs:def_attrs, &msgs_count, &msgs); if (ret) { goto done; } *msg = talloc_steal(mem_ctx, msgs[0]); done: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n")); } else if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Replace-Attributes-On-Entry=========================================== */ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb, struct ldb_dn *entry_dn, struct sysdb_attrs *attrs, int mod_op) { struct ldb_message *msg; int i, ret; int lret; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (!entry_dn || attrs->num == 0) { ret = EINVAL; goto done; } msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = entry_dn; msg->elements = talloc_array(msg, struct ldb_message_element, attrs->num); if (!msg->elements) { ret = ENOMEM; goto done; } for (i = 0; i < attrs->num; i++) { msg->elements[i] = attrs->a[i]; msg->elements[i].flags = mod_op; } msg->num_elements = attrs->num; lret = ldb_modify(sysdb->ldb, msg); if (lret != LDB_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("ldb_modify failed: [%s]\n", ldb_strerror(lret))); } ret = sysdb_error_to_errno(lret); done: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n")); } else if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Replace-Attributes-On-User============================================ */ int sysdb_set_user_attr(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs, int mod_op) { struct ldb_dn *dn; TALLOC_CTX *tmp_ctx; errno_t ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } dn = sysdb_user_dn(sysdb, tmp_ctx, domain, name); if (!dn) { ret = ENOMEM; goto done; } ret = sysdb_set_entry_attr(sysdb, dn, attrs, mod_op); if (ret != EOK) { goto done; } ret = EOK; done: talloc_zfree(tmp_ctx); return ret; } /* =Replace-Attributes-On-Group=========================================== */ int sysdb_set_group_attr(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs, int mod_op) { struct ldb_dn *dn; TALLOC_CTX *tmp_ctx; errno_t ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } dn = sysdb_group_dn(sysdb, tmp_ctx, domain, name); if (!dn) { ret = ENOMEM; goto done; } ret = sysdb_set_entry_attr(sysdb, dn, attrs, mod_op); if (ret) { goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } /* =Replace-Attributes-On-Netgroup=========================================== */ int sysdb_set_netgroup_attr(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs, int mod_op) { errno_t ret; struct ldb_dn *dn; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } dn = sysdb_netgroup_dn(sysdb, tmp_ctx, domain, name); if (!dn) { ret = ENOMEM; goto done; } ret = sysdb_set_entry_attr(sysdb, dn, attrs, mod_op); done: talloc_free(tmp_ctx); return ret; } /* =Get-New-ID============================================================ */ int sysdb_get_new_id(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, uint32_t *_id) { TALLOC_CTX *tmp_ctx; const char *attrs_1[] = { SYSDB_NEXTID, NULL }; const char *attrs_2[] = { SYSDB_UIDNUM, SYSDB_GIDNUM, NULL }; struct ldb_dn *base_dn; char *filter; uint32_t new_id = 0; struct ldb_message **msgs; size_t count; struct ldb_message *msg; uint32_t id; int ret; int i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } base_dn = sysdb_domain_dn(sysdb, tmp_ctx, domain); if (!base_dn) { talloc_zfree(tmp_ctx); return ENOMEM; } ret = ldb_transaction_start(sysdb->ldb); if (ret) { talloc_zfree(tmp_ctx); ret = sysdb_error_to_errno(ret); return ret; } ret = sysdb_search_entry(tmp_ctx, sysdb, base_dn, LDB_SCOPE_BASE, SYSDB_NEXTID_FILTER, attrs_1, &count, &msgs); switch (ret) { case EOK: new_id = get_attr_as_uint32(msgs[0], SYSDB_NEXTID); if (new_id == (uint32_t)(-1)) { DEBUG(1, ("Invalid Next ID in domain %s\n", domain->name)); ret = ERANGE; goto done; } if (new_id < domain->id_min) { new_id = domain->id_min; } if ((domain->id_max != 0) && (new_id > domain->id_max)) { DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n", new_id, domain->id_max)); ret = ERANGE; goto done; } break; case ENOENT: /* looks like the domain is not initialized yet, use min_id */ new_id = domain->id_min; break; default: goto done; } talloc_zfree(msgs); count = 0; /* verify the id is actually really free. * search all entries with id >= new_id and < max_id */ if (domain->id_max) { filter = talloc_asprintf(tmp_ctx, "(|(&(%s>=%u)(%s<=%u))(&(%s>=%u)(%s<=%u)))", SYSDB_UIDNUM, new_id, SYSDB_UIDNUM, domain->id_max, SYSDB_GIDNUM, new_id, SYSDB_GIDNUM, domain->id_max); } else { filter = talloc_asprintf(tmp_ctx, "(|(%s>=%u)(%s>=%u))", SYSDB_UIDNUM, new_id, SYSDB_GIDNUM, new_id); } if (!filter) { DEBUG(6, ("Error: Out of memory\n")); ret = ENOMEM; goto done; } ret = sysdb_search_entry(tmp_ctx, sysdb, base_dn, LDB_SCOPE_SUBTREE, filter, attrs_2, &count, &msgs); switch (ret) { /* if anything was found, find the maximum and increment past it */ case EOK: for (i = 0; i < count; i++) { id = get_attr_as_uint32(msgs[i], SYSDB_UIDNUM); if (id != (uint32_t)(-1)) { if (id > new_id) new_id = id; } id = get_attr_as_uint32(msgs[i], SYSDB_GIDNUM); if (id != (uint32_t)(-1)) { if (id > new_id) new_id = id; } } new_id++; /* check again we are not falling out of range */ if ((domain->id_max != 0) && (new_id > domain->id_max)) { DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n", new_id, domain->id_max)); ret = ERANGE; goto done; } break; case ENOENT: break; default: goto done; } talloc_zfree(msgs); count = 0; /* finally store the new next id */ msg = ldb_msg_new(tmp_ctx); if (!msg) { DEBUG(6, ("Error: Out of memory\n")); ret = ENOMEM; goto done; } msg->dn = base_dn; ret = add_ulong(msg, LDB_FLAG_MOD_REPLACE, SYSDB_NEXTID, new_id + 1); if (ret) { goto done; } ret = ldb_modify(sysdb->ldb, msg); ret = sysdb_error_to_errno(ret); *_id = new_id; done: if (ret == EOK) { ret = ldb_transaction_commit(sysdb->ldb); ret = sysdb_error_to_errno(ret); } else { ldb_transaction_cancel(sysdb->ldb); } if (ret) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Add-Basic-User-NO-CHECKS============================================== */ int sysdb_add_basic_user(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, uid_t uid, gid_t gid, const char *gecos, const char *homedir, const char *shell) { struct ldb_message *msg; int ret; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } /* user dn */ msg->dn = sysdb_user_dn(sysdb, msg, domain, name); if (!msg->dn) { ERROR_OUT(ret, ENOMEM, done); } ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_USER_CLASS); if (ret) goto done; ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name); if (ret) goto done; ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_UIDNUM, (unsigned long)uid); if (ret) goto done; ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_GIDNUM, (unsigned long)gid); if (ret) goto done; /* We set gecos to be the same as fullname on user creation, * But we will not enforce coherency after that, it's up to * admins to decide if they want to keep it in sync if they change * one of the 2 */ if (gecos && *gecos) { ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_FULLNAME, gecos); if (ret) goto done; ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_GECOS, gecos); if (ret) goto done; } if (homedir && *homedir) { ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_HOMEDIR, homedir); if (ret) goto done; } if (shell && *shell) { ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_SHELL, shell); if (ret) goto done; } /* creation time */ ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME, (unsigned long)time(NULL)); if (ret) goto done; ret = ldb_add(sysdb->ldb, msg); ret = sysdb_error_to_errno(ret); done: if (ret) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } static errno_t sysdb_remove_ghost_from_group(struct sysdb_ctx *sysdb, struct ldb_message *group, struct ldb_message_element *alias_el, const char *name, const char *orig_dn, const char *userdn) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; struct ldb_message_element *orig_members; bool add_member = false; errno_t ret = EOK; int i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOENT; } msg = ldb_msg_new(tmp_ctx); if (!msg) { ERROR_OUT(ret, ENOMEM, done); } msg->dn = group->dn; if (orig_dn == NULL) { /* We have no way of telling which groups this user belongs to. * Add it to all that reference it in the ghost attribute */ add_member = true; } else { add_member = false; orig_members = ldb_msg_find_element(group, SYSDB_ORIG_MEMBER); if (orig_members) { for (i = 0; i < orig_members->num_values; i++) { if (strcmp((const char *) orig_members->values[i].data, orig_dn) == 0) { /* This is a direct member. Add the member attribute */ add_member = true; } } } else { /* Nothing to compare the originalDN with. Let's rely on the * memberof plugin to do the right thing during initgroups.. */ add_member = true; } } if (add_member) { ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_MEMBER, userdn); if (ret) goto done; } ret = add_string(msg, LDB_FLAG_MOD_DELETE, SYSDB_GHOST, name); if (ret) goto done; /* Delete aliases from the ghost attribute as well */ for (i = 0; i < alias_el->num_values; i++) { if (strcmp((const char *)alias_el->values[i].data, name) == 0) { continue; } ret = ldb_msg_add_string(msg, SYSDB_GHOST, (char *) alias_el->values[i].data); if (ret != LDB_SUCCESS) { ERROR_OUT(ret, EINVAL, done); } } ret = sss_ldb_modify_permissive(sysdb->ldb, msg); ret = sysdb_error_to_errno(ret); if (ret != EOK) { goto done; } talloc_zfree(msg); done: talloc_free(tmp_ctx); return ret; } static errno_t sysdb_remove_ghostattr_from_groups(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *orig_dn, struct sysdb_attrs *attrs, const char *name) { TALLOC_CTX *tmp_ctx; struct ldb_message **groups; struct ldb_message_element *alias_el; struct ldb_dn *tmpdn; const char *group_attrs[] = {SYSDB_NAME, SYSDB_GHOST, SYSDB_ORIG_MEMBER, NULL}; const char *userdn; char *sanitized_name; char *filter; errno_t ret = EOK; size_t group_count = 0; int i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOENT; } ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name); if (ret != EOK) { goto done; } filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)", SYSDB_GHOST, sanitized_name); if (!filter) { ret = ENOMEM; goto done; } ret = sysdb_attrs_get_el(attrs, SYSDB_NAME_ALIAS, &alias_el); if (ret != EOK) { goto done; } for (i = 0; i < alias_el->num_values; i++) { if (strcmp((const char *)alias_el->values[i].data, name) == 0) { continue; } filter = talloc_asprintf_append(filter, "(%s=%s)", SYSDB_GHOST, alias_el->values[i].data); if (filter == NULL) { ret = ENOMEM; goto done; } } filter = talloc_asprintf_append(filter, ")"); if (filter == NULL) { ret = ENOMEM; goto done; } tmpdn = sysdb_user_dn(sysdb, tmp_ctx, domain, name); if (!tmpdn) { ERROR_OUT(ret, ENOMEM, done); } userdn = ldb_dn_get_linearized(tmpdn); if (!userdn) { ERROR_OUT(ret, EINVAL, done); } tmpdn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_GROUP_BASE, domain->name); if (!tmpdn) { ret = ENOMEM; goto done; } /* We need to find all groups that contain this object as a ghost user * and replace the ghost user by actual member record in direct parents. * Note that this object can be referred to either by its name or any * of its aliases */ ret = sysdb_search_entry(tmp_ctx, sysdb, tmpdn, LDB_SCOPE_SUBTREE, filter, group_attrs, &group_count, &groups); if (ret != EOK && ret != ENOENT) { goto done; } for (i = 0; i < group_count; i++) { sysdb_remove_ghost_from_group(sysdb, groups[i], alias_el, name, orig_dn, userdn); } ret = EOK; done: talloc_free(tmp_ctx); return ret; } /* =Add-User-Function===================================================== */ int sysdb_add_user(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, uid_t uid, gid_t gid, const char *gecos, const char *homedir, const char *shell, const char *orig_dn, struct sysdb_attrs *attrs, int cache_timeout, time_t now) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; struct sysdb_attrs *id_attrs; uint32_t id; int ret; if (domain->mpg) { if (gid != 0) { DEBUG(0, ("Cannot add user with arbitrary GID in MPG domain!\n")); return EINVAL; } gid = uid; } if (domain->id_max != 0 && uid != 0 && (uid < domain->id_min || uid > domain->id_max)) { DEBUG(SSSDBG_OP_FAILURE, ("Supplied uid [%"SPRIuid"] is not in the allowed range " "[%d-%d].\n", uid, domain->id_min, domain->id_max)); return ERANGE; } if (domain->id_max != 0 && gid != 0 && (gid < domain->id_min || gid > domain->id_max)) { DEBUG(SSSDBG_OP_FAILURE, ("Supplied gid [%"SPRIgid"] is not in the allowed range " "[%d-%d].\n", gid, domain->id_min, domain->id_max)); return ERANGE; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = ldb_transaction_start(sysdb->ldb); if (ret) { ret = sysdb_error_to_errno(ret); talloc_free(tmp_ctx); return ret; } if (domain->mpg) { /* In MPG domains you can't have groups with the same name as users, * search if a group with the same name exists. * Don't worry about users, if we try to add a user with the same * name the operation will fail */ ret = sysdb_search_group_by_name(tmp_ctx, sysdb, domain, name, NULL, &msg); if (ret != ENOENT) { if (ret == EOK) ret = EEXIST; goto done; } } /* check no other user with the same uid exist */ if (uid != 0) { ret = sysdb_search_user_by_uid(tmp_ctx, sysdb, domain, uid, NULL, &msg); if (ret != ENOENT) { if (ret == EOK) ret = EEXIST; goto done; } } /* try to add the user */ ret = sysdb_add_basic_user(sysdb, domain, name, uid, gid, gecos, homedir, shell); if (ret) goto done; if (uid == 0) { ret = sysdb_get_new_id(sysdb, domain, &id); if (ret) goto done; id_attrs = sysdb_new_attrs(tmp_ctx); if (!id_attrs) { ret = ENOMEM; goto done; } ret = sysdb_attrs_add_uint32(id_attrs, SYSDB_UIDNUM, id); if (ret) goto done; if (domain->mpg) { ret = sysdb_attrs_add_uint32(id_attrs, SYSDB_GIDNUM, id); if (ret) goto done; } ret = sysdb_set_user_attr(sysdb, domain, name, id_attrs, SYSDB_MOD_REP); goto done; } if (!attrs) { attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ret = ENOMEM; goto done; } } if (!now) { now = time(NULL); } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now); if (ret) goto done; ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, ((cache_timeout) ? (now + cache_timeout) : 0)); if (ret) goto done; ret = sysdb_set_user_attr(sysdb, domain, name, attrs, SYSDB_MOD_REP); if (ret) goto done; if (domain->enumerate == false) { /* If we're not enumerating, previous getgr{nam,gid} calls might * have stored ghost users into the cache, so we need to link them * with the newly-created user entry */ ret = sysdb_remove_ghostattr_from_groups(sysdb, domain, orig_dn, attrs, name); if (ret) goto done; } ret = EOK; done: if (ret == EOK) { ret = ldb_transaction_commit(sysdb->ldb); ret = sysdb_error_to_errno(ret); } else { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); ldb_transaction_cancel(sysdb->ldb); } talloc_zfree(tmp_ctx); return ret; } /* =Add-Basic-Group-NO-CHECKS============================================= */ int sysdb_add_basic_group(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, gid_t gid) { struct ldb_message *msg; int ret; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } /* group dn */ msg->dn = sysdb_group_dn(sysdb, msg, domain, name); if (!msg->dn) { ERROR_OUT(ret, ENOMEM, done); } ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS); if (ret) goto done; ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name); if (ret) goto done; ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_GIDNUM, (unsigned long)gid); if (ret) goto done; /* creation time */ ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME, (unsigned long)time(NULL)); if (ret) goto done; ret = ldb_add(sysdb->ldb, msg); ret = sysdb_error_to_errno(ret); done: if (ret) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Add-Group-Function==================================================== */ int sysdb_add_group(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, gid_t gid, struct sysdb_attrs *attrs, int cache_timeout, time_t now) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; uint32_t id; int ret; bool posix; if (domain->id_max != 0 && gid != 0 && (gid < domain->id_min || gid > domain->id_max)) { DEBUG(SSSDBG_OP_FAILURE, ("Supplied gid [%"SPRIgid"] is not in the allowed range " "[%d-%d].\n", gid, domain->id_min, domain->id_max)); return ERANGE; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = ldb_transaction_start(sysdb->ldb); if (ret) { ret = sysdb_error_to_errno(ret); talloc_free(tmp_ctx); return ret; } if (domain->mpg) { /* In MPG domains you can't have groups with the same name as users, * search if a group with the same name exists. * Don't worry about users, if we try to add a user with the same * name the operation will fail */ ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, name, NULL, &msg); if (ret != ENOENT) { if (ret == EOK) ret = EEXIST; goto done; } } /* check no other groups with the same gid exist */ if (gid != 0) { ret = sysdb_search_group_by_gid(tmp_ctx, sysdb, domain, gid, NULL, &msg); if (ret != ENOENT) { if (ret == EOK) ret = EEXIST; goto done; } } /* try to add the group */ ret = sysdb_add_basic_group(sysdb, domain, name, gid); if (ret) goto done; if (!attrs) { attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ret = ENOMEM; goto done; } } ret = sysdb_attrs_get_bool(attrs, SYSDB_POSIX, &posix); if (ret == ENOENT) { posix = true; ret = sysdb_attrs_add_bool(attrs, SYSDB_POSIX, true); if (ret) goto done; } else if (ret != EOK) { goto done; } if (posix && gid == 0) { ret = sysdb_get_new_id(sysdb, domain, &id); if (ret) goto done; ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, id); if (ret) goto done; } if (!now) { now = time(NULL); } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now); if (ret) goto done; ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, ((cache_timeout) ? (now + cache_timeout) : 0)); if (ret) goto done; ret = sysdb_set_group_attr(sysdb, domain, name, attrs, SYSDB_MOD_REP); done: if (ret == EOK) { ret = ldb_transaction_commit(sysdb->ldb); ret = sysdb_error_to_errno(ret); } else { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); ldb_transaction_cancel(sysdb->ldb); } talloc_zfree(tmp_ctx); return ret; } int sysdb_add_incomplete_group(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, gid_t gid, const char *original_dn, const char *sid_str, bool posix, time_t now) { TALLOC_CTX *tmp_ctx; int ret; struct sysdb_attrs *attrs; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } /* try to add the group */ ret = sysdb_add_basic_group(sysdb, domain, name, gid); if (ret) goto done; attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ret = ENOMEM; goto done; } if (!now) { now = time(NULL); } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now); if (ret) goto done; ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, now-1); if (ret) goto done; ret = sysdb_attrs_add_bool(attrs, SYSDB_POSIX, posix); if (ret) goto done; if (original_dn) { ret = sysdb_attrs_add_string(attrs, SYSDB_ORIG_DN, original_dn); if (ret) goto done; } if (sid_str) { ret = sysdb_attrs_add_string(attrs, SYSDB_SID_STR, sid_str); if (ret) goto done; } ret = sysdb_set_group_attr(sysdb, domain, name, attrs, SYSDB_MOD_REP); done: if (ret != EOK) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Add-Or-Remove-Group-Memeber=========================================== */ /* mod_op must be either SYSDB_MOD_ADD or SYSDB_MOD_DEL */ int sysdb_mod_group_member(struct sysdb_ctx *sysdb, struct ldb_dn *member_dn, struct ldb_dn *group_dn, int mod_op) { struct ldb_message *msg; const char *dn; int ret; msg = ldb_msg_new(NULL); if (!msg) { ERROR_OUT(ret, ENOMEM, fail); } msg->dn = group_dn; ret = ldb_msg_add_empty(msg, SYSDB_MEMBER, mod_op, NULL); if (ret != LDB_SUCCESS) { ERROR_OUT(ret, ENOMEM, fail); } dn = ldb_dn_get_linearized(member_dn); if (!dn) { ERROR_OUT(ret, EINVAL, fail); } ret = ldb_msg_add_string(msg, SYSDB_MEMBER, dn); if (ret != LDB_SUCCESS) { ERROR_OUT(ret, EINVAL, fail); } ret = ldb_modify(sysdb->ldb, msg); ret = sysdb_error_to_errno(ret); fail: if (ret) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(msg); return ret; } /* =Add-Basic-Netgroup-NO-CHECKS============================================= */ int sysdb_add_basic_netgroup(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *description) { struct ldb_message *msg; int ret; msg = ldb_msg_new(NULL); if (!msg) { return ENOMEM; } /* netgroup dn */ msg->dn = sysdb_netgroup_dn(sysdb, msg, domain, name); if (!msg->dn) { ERROR_OUT(ret, ENOMEM, done); } ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_NETGROUP_CLASS); if (ret) goto done; ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name); if (ret) goto done; if (description && *description) { ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_DESCRIPTION, description); if (ret) goto done; } /* creation time */ ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME, (unsigned long) time(NULL)); if (ret) goto done; ret = ldb_add(sysdb->ldb, msg); ret = sysdb_error_to_errno(ret); done: if (ret) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(msg); return ret; } /* =Add-Netgroup-Function==================================================== */ int sysdb_add_netgroup(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *description, struct sysdb_attrs *attrs, char **missing, int cache_timeout, time_t now) { TALLOC_CTX *tmp_ctx; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = ldb_transaction_start(sysdb->ldb); if (ret) { ret = sysdb_error_to_errno(ret); talloc_free(tmp_ctx); return ret; } /* try to add the netgroup */ ret = sysdb_add_basic_netgroup(sysdb, domain, name, description); if (ret && ret != EEXIST) goto done; if (!attrs) { attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ret = ENOMEM; goto done; } } if (!now) { now = time(NULL); } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now); if (ret) goto done; ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, ((cache_timeout) ? (now + cache_timeout) : 0)); if (ret) goto done; ret = sysdb_set_netgroup_attr(sysdb, domain, name, attrs, SYSDB_MOD_REP); if (missing) { ret = sysdb_remove_attrs(sysdb, domain, name, SYSDB_MEMBER_NETGROUP, missing); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not remove missing attributes\n")); } } done: if (ret == EOK) { ret = ldb_transaction_commit(sysdb->ldb); ret = sysdb_error_to_errno(ret); } if (ret != EOK) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); ldb_transaction_cancel(sysdb->ldb); } talloc_zfree(tmp_ctx); return ret; } /* =Store-Users-(Native/Legacy)-(replaces-existing-data)================== */ /* if one of the basic attributes is empty ("") as opposed to NULL, * this will just remove it */ int sysdb_store_user(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *pwd, uid_t uid, gid_t gid, const char *gecos, const char *homedir, const char *shell, const char *orig_dn, struct sysdb_attrs *attrs, char **remove_attrs, uint64_t cache_timeout, time_t now) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; int ret; errno_t sret = EOK; bool in_transaction = false; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (!attrs) { attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ret = ENOMEM; goto fail; } } if (pwd && (domain->legacy_passwords || !*pwd)) { ret = sysdb_attrs_add_string(attrs, SYSDB_PWD, pwd); if (ret) goto fail; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto fail; } in_transaction = true; ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, name, NULL, &msg); if (ret && ret != ENOENT) { goto fail; } /* get transaction timestamp */ if (!now) { now = time(NULL); } if (ret == ENOENT) { /* users doesn't exist, turn into adding a user */ ret = sysdb_add_user(sysdb, domain, name, uid, gid, gecos, homedir, shell, orig_dn, attrs, cache_timeout, now); if (ret == EEXIST) { /* This may be a user rename. If there is a user with the * same UID, remove it and try to add the basic user again */ ret = sysdb_delete_user(sysdb, domain, NULL, uid); if (ret == ENOENT) { /* Not found by UID, return the original EEXIST, * this may be a conflict in MPG domain or something * else */ ret = EEXIST; goto fail; } else if (ret != EOK) { goto fail; } DEBUG(SSSDBG_MINOR_FAILURE, ("A user with the same UID [%llu] was removed from the " "cache\n", (unsigned long long) uid)); ret = sysdb_add_user(sysdb, domain, name, uid, gid, gecos, homedir, shell, orig_dn, attrs, cache_timeout, now); } /* Handle the result of sysdb_add_user */ if (ret == EOK) { goto done; } else { DEBUG(SSSDBG_OP_FAILURE, ("Could not add user\n")); goto fail; } } /* the user exists, let's just replace attributes when set */ if (uid) { ret = sysdb_attrs_add_uint32(attrs, SYSDB_UIDNUM, uid); if (ret) goto fail; } if (gid) { ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid); if (ret) goto fail; } if (uid && !gid && domain->mpg) { ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, uid); if (ret) goto fail; } if (gecos) { ret = sysdb_attrs_add_string(attrs, SYSDB_GECOS, gecos); if (ret) goto fail; } if (homedir) { ret = sysdb_attrs_add_string(attrs, SYSDB_HOMEDIR, homedir); if (ret) goto fail; } if (shell) { ret = sysdb_attrs_add_string(attrs, SYSDB_SHELL, shell); if (ret) goto fail; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now); if (ret) goto fail; ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, ((cache_timeout) ? (now + cache_timeout) : 0)); if (ret) goto fail; ret = sysdb_set_user_attr(sysdb, domain, name, attrs, SYSDB_MOD_REP); if (ret != EOK) goto fail; if (remove_attrs) { ret = sysdb_remove_attrs(sysdb, domain, name, SYSDB_MEMBER_USER, remove_attrs); if (ret != EOK) { DEBUG(4, ("Could not remove missing attributes\n")); } } done: ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto fail; } in_transaction = false; fail: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } if (ret) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Store-Group-(Native/Legacy)-(replaces-existing-data)================== */ /* this function does not check that all user members are actually present */ int sysdb_store_group(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, gid_t gid, struct sysdb_attrs *attrs, uint64_t cache_timeout, time_t now) { TALLOC_CTX *tmp_ctx; static const char *src_attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, SYSDB_ORIG_MODSTAMP, NULL }; struct ldb_message *msg; bool new_group = false; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_search_group_by_name(tmp_ctx, sysdb, domain, name, src_attrs, &msg); if (ret && ret != ENOENT) { goto done; } if (ret == ENOENT) { new_group = true; } if (!attrs) { attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ret = ENOMEM; goto done; } } /* get transaction timestamp */ if (!now) { now = time(NULL); } /* FIXME: use the remote modification timestamp to know if the * group needs any update */ if (new_group) { /* group doesn't exist, turn into adding a group */ ret = sysdb_add_group(sysdb, domain, name, gid, attrs, cache_timeout, now); if (ret == EEXIST) { /* This may be a group rename. If there is a group with the * same GID, remove it and try to add the basic group again */ ret = sysdb_delete_group(sysdb, domain, NULL, gid); if (ret == ENOENT) { /* Not found by GID, return the original EEXIST, * this may be a conflict in MPG domain or something * else */ return EEXIST; } else if (ret != EOK) { goto done; } DEBUG(SSSDBG_MINOR_FAILURE, ("A group with the same GID [%llu] was removed from the " "cache\n", (unsigned long long) gid)); ret = sysdb_add_group(sysdb, domain, name, gid, attrs, cache_timeout, now); } goto done; } /* the group exists, let's just replace attributes when set */ if (gid) { ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid); if (ret) goto done; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now); if (ret) goto done; ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, ((cache_timeout) ? (now + cache_timeout) : 0)); if (ret) goto done; ret = sysdb_set_group_attr(sysdb, domain, name, attrs, SYSDB_MOD_REP); done: if (ret) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Add-User-to-Group(Native/Legacy)====================================== */ static int sysdb_group_membership_mod(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *group, const char *member, enum sysdb_member_type type, int modify_op, bool is_dn) { struct ldb_dn *group_dn; struct ldb_dn *member_dn; int ret; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (type == SYSDB_MEMBER_USER) { member_dn = sysdb_user_dn(sysdb, tmp_ctx, domain, member); } else if (type == SYSDB_MEMBER_GROUP) { member_dn = sysdb_group_dn(sysdb, tmp_ctx, domain, member); } else { ret = EINVAL; goto done; } if (!member_dn) { ret = ENOMEM; goto done; } if (!is_dn) { group_dn = sysdb_group_dn(sysdb, tmp_ctx, domain, group); } else { group_dn = ldb_dn_new(tmp_ctx, sysdb->ldb, group); } if (!group_dn) { ret = ENOMEM; goto done; } ret = sysdb_mod_group_member(sysdb, member_dn, group_dn, modify_op); done: talloc_free(tmp_ctx); return ret; } int sysdb_add_group_member(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *group, const char *member, enum sysdb_member_type type, bool is_dn) { return sysdb_group_membership_mod(sysdb, domain, group, member, type, SYSDB_MOD_ADD, is_dn); } /* =Remove-member-from-Group(Native/Legacy)=============================== */ int sysdb_remove_group_member(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *group, const char *member, enum sysdb_member_type type, bool is_dn) { return sysdb_group_membership_mod(sysdb, domain, group, member, type, SYSDB_MOD_DEL, is_dn); } /* =Password-Caching====================================================== */ int sysdb_cache_password(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *username, const char *password) { TALLOC_CTX *tmp_ctx; struct sysdb_attrs *attrs; char *hash = NULL; char *salt; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = s3crypt_gen_salt(tmp_ctx, &salt); if (ret) { DEBUG(4, ("Failed to generate random salt.\n")); goto fail; } ret = s3crypt_sha512(tmp_ctx, password, salt, &hash); if (ret) { DEBUG(4, ("Failed to create password hash.\n")); goto fail; } attrs = sysdb_new_attrs(tmp_ctx); if (!attrs) { ERROR_OUT(ret, ENOMEM, fail); } ret = sysdb_attrs_add_string(attrs, SYSDB_CACHEDPWD, hash); if (ret) goto fail; /* FIXME: should we use a different attribute for chache passwords ?? */ ret = sysdb_attrs_add_long(attrs, "lastCachedPasswordChange", (long)time(NULL)); if (ret) goto fail; ret = sysdb_attrs_add_uint32(attrs, SYSDB_FAILED_LOGIN_ATTEMPTS, 0U); if (ret) goto fail; ret = sysdb_set_user_attr(sysdb, domain, username, attrs, SYSDB_MOD_REP); if (ret) { goto fail; } talloc_zfree(tmp_ctx); return EOK; fail: if (ret) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Custom Search================== */ int sysdb_search_custom(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *filter, const char *subtree_name, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs) { struct ldb_dn *basedn; int ret; if (filter == NULL || subtree_name == NULL) { return EINVAL; } basedn = sysdb_custom_subtree_dn(sysdb, mem_ctx, domain, subtree_name); if (basedn == NULL) { DEBUG(1, ("sysdb_custom_subtree_dn failed.\n")); return ENOMEM; } if (!ldb_dn_validate(basedn)) { DEBUG(1, ("Failed to create DN.\n")); return EINVAL; } ret = sysdb_search_entry(mem_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, attrs, msgs_count, msgs); return ret; } int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *object_name, const char *subtree_name, const char **attrs, size_t *_count, struct ldb_message ***_msgs) { TALLOC_CTX *tmp_ctx; struct ldb_dn *basedn; struct ldb_message **msgs; size_t count; int ret; if (object_name == NULL || subtree_name == NULL) { return EINVAL; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = sysdb_custom_dn(sysdb, tmp_ctx, domain, object_name, subtree_name); if (basedn == NULL) { DEBUG(1, ("sysdb_custom_dn failed.\n")); ret = ENOMEM; goto done; } if (!ldb_dn_validate(basedn)) { DEBUG(1, ("Failed to create DN.\n")); ret = EINVAL; goto done; } ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL, attrs, &count, &msgs); if (ret) { goto done; } if (count > 1) { DEBUG(1, ("More than one result found.\n")); ret = EFAULT; goto done; } *_count = count; *_msgs = talloc_move(mem_ctx, &msgs); done: talloc_zfree(tmp_ctx); return ret; } /* =Custom Store (replaces-existing-data)================== */ int sysdb_store_custom(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *object_name, const char *subtree_name, struct sysdb_attrs *attrs) { TALLOC_CTX *tmp_ctx; const char *search_attrs[] = { "*", NULL }; size_t resp_count = 0; struct ldb_message **resp; struct ldb_message *msg; struct ldb_message_element *el; bool add_object = false; int ret; int i; if (object_name == NULL || subtree_name == NULL) { return EINVAL; } ret = ldb_transaction_start(sysdb->ldb); if (ret) { return sysdb_error_to_errno(ret); } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } ret = sysdb_search_custom_by_name(tmp_ctx, sysdb, domain, object_name, subtree_name, search_attrs, &resp_count, &resp); if (ret != EOK && ret != ENOENT) { goto done; } if (ret == ENOENT) { add_object = true; } msg = ldb_msg_new(tmp_ctx); if (msg == NULL) { ret = ENOMEM; goto done; } msg->dn = sysdb_custom_dn(sysdb, tmp_ctx, domain, object_name, subtree_name); if (!msg->dn) { DEBUG(1, ("sysdb_custom_dn failed.\n")); ret = ENOMEM; goto done; } msg->elements = talloc_array(msg, struct ldb_message_element, attrs->num); if (!msg->elements) { ret = ENOMEM; goto done; } for (i = 0; i < attrs->num; i++) { msg->elements[i] = attrs->a[i]; if (add_object) { msg->elements[i].flags = LDB_FLAG_MOD_ADD; } else { el = ldb_msg_find_element(resp[0], attrs->a[i].name); if (el == NULL) { msg->elements[i].flags = LDB_FLAG_MOD_ADD; } else { msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; } } } msg->num_elements = attrs->num; if (add_object) { ret = ldb_add(sysdb->ldb, msg); } else { ret = ldb_modify(sysdb->ldb, msg); } if (ret != LDB_SUCCESS) { DEBUG(1, ("Failed to store custom entry: %s(%d)[%s]\n", ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb))); ret = sysdb_error_to_errno(ret); } done: if (ret) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); ldb_transaction_cancel(sysdb->ldb); } else { ret = ldb_transaction_commit(sysdb->ldb); ret = sysdb_error_to_errno(ret); } talloc_zfree(tmp_ctx); return ret; } /* = Custom Delete======================================= */ int sysdb_delete_custom(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *object_name, const char *subtree_name) { TALLOC_CTX *tmp_ctx; struct ldb_dn *dn; int ret; if (object_name == NULL || subtree_name == NULL) { return EINVAL; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } dn = sysdb_custom_dn(sysdb, tmp_ctx, domain, object_name, subtree_name); if (dn == NULL) { DEBUG(1, ("sysdb_custom_dn failed.\n")); ret = ENOMEM; goto done; } ret = ldb_delete(sysdb->ldb, dn); switch (ret) { case LDB_SUCCESS: case LDB_ERR_NO_SUCH_OBJECT: ret = EOK; break; default: DEBUG(1, ("LDB Error: %s(%d)\nError Message: [%s]\n", ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb))); ret = sysdb_error_to_errno(ret); break; } done: talloc_zfree(tmp_ctx); return ret; } /* = ASQ search request ======================================== */ int sysdb_asq_search(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ldb_dn *base_dn, const char *expression, const char *asq_attribute, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs) { TALLOC_CTX *tmp_ctx; struct ldb_request *ldb_req; struct ldb_control **ctrl; struct ldb_asq_control *asq_control; struct ldb_result *res; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ctrl = talloc_array(tmp_ctx, struct ldb_control *, 2); if (ctrl == NULL) { ret = ENOMEM; goto fail; } ctrl[0] = talloc(ctrl, struct ldb_control); if (ctrl[0] == NULL) { ret = ENOMEM; goto fail; } ctrl[1] = NULL; ctrl[0]->oid = LDB_CONTROL_ASQ_OID; ctrl[0]->critical = 1; asq_control = talloc(ctrl[0], struct ldb_asq_control); if (asq_control == NULL) { ret = ENOMEM; goto fail; } asq_control->request = 1; asq_control->source_attribute = talloc_strdup(asq_control, asq_attribute); if (asq_control->source_attribute == NULL) { ret = ENOMEM; goto fail; } asq_control->src_attr_len = strlen(asq_control->source_attribute); ctrl[0]->data = asq_control; res = talloc_zero(tmp_ctx, struct ldb_result); if (!res) { ret = ENOMEM; goto fail; } ret = ldb_build_search_req(&ldb_req, sysdb->ldb, tmp_ctx, base_dn, LDB_SCOPE_BASE, expression, attrs, ctrl, res, ldb_search_default_callback, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto fail; } ret = ldb_request(sysdb->ldb, ldb_req); if (ret == LDB_SUCCESS) { ret = ldb_wait(ldb_req->handle, LDB_WAIT_ALL); } if (ret) { ret = sysdb_error_to_errno(ret); goto fail; } *msgs_count = res->count; *msgs = talloc_move(mem_ctx, &res->msgs); talloc_zfree(tmp_ctx); return EOK; fail: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n")); } else if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Search-Users-with-Custom-Filter====================================== */ int sysdb_search_users(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs) { TALLOC_CTX *tmp_ctx; struct ldb_dn *basedn; char *filter; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_USER_BASE, domain->name); if (!basedn) { DEBUG(2, ("Failed to build base dn\n")); ret = ENOMEM; goto fail; } filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_UC, sub_filter); if (!filter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto fail; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Search users with filter: %s\n", filter)); ret = sysdb_search_entry(mem_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, attrs, msgs_count, msgs); if (ret) { goto fail; } talloc_zfree(tmp_ctx); return EOK; fail: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_INTERNAL, ("No such entry\n")); } else if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Delete-User-by-Name-OR-uid============================================ */ int sysdb_delete_user(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, uid_t uid) { TALLOC_CTX *tmp_ctx; const char *attrs[] = {SYSDB_GHOST, NULL}; size_t msg_count; char *filter; struct ldb_message **msgs; struct ldb_message *msg; int ret; int i; char *sanitized_name; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (name) { ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, name, NULL, &msg); } else { ret = sysdb_search_user_by_uid(tmp_ctx, sysdb, domain, uid, NULL, &msg); } if (ret == EOK) { if (name && uid) { /* verify name/gid match */ const char *c_name; uint64_t c_uid; c_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); c_uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); if (c_name == NULL || c_uid == 0) { DEBUG(2, ("Attribute is missing but this should never happen!\n")); ret = EFAULT; goto fail; } if (strcmp(name, c_name) || uid != c_uid) { /* this is not the entry we are looking for */ ret = EINVAL; goto fail; } } ret = sysdb_delete_entry(sysdb, msg->dn, false); if (ret) { goto fail; } } else if (ret == ENOENT && name != NULL) { /* Perhaps a ghost user? */ ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name); if (ret != EOK) { goto fail; } filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_GHOST, sanitized_name); if (filter == NULL) { ret = ENOMEM; goto fail; } ret = sysdb_search_groups(tmp_ctx, sysdb, domain, filter, attrs, &msg_count, &msgs); if (ret != EOK) { goto fail; } for (i = 0; i < msg_count; i++) { msg = ldb_msg_new(tmp_ctx); if (!msg) { ERROR_OUT(ret, ENOMEM, fail); } msg->dn = msgs[i]->dn; ret = add_string(msg, LDB_FLAG_MOD_DELETE, SYSDB_GHOST, name); if (ret) goto fail; ret = ldb_modify(sysdb->ldb, msg); ret = sysdb_error_to_errno(ret); if (ret != EOK) { goto fail; } talloc_zfree(msg); } } else { goto fail; } talloc_zfree(tmp_ctx); return EOK; fail: DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); talloc_zfree(tmp_ctx); return ret; } /* =Search-Groups-with-Custom-Filter===================================== */ int sysdb_search_groups(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs) { TALLOC_CTX *tmp_ctx; struct ldb_dn *basedn; char *filter; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_GROUP_BASE, domain->name); if (!basedn) { DEBUG(2, ("Failed to build base dn\n")); ret = ENOMEM; goto fail; } filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_GC, sub_filter); if (!filter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto fail; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Search groups with filter: %s\n", filter)); ret = sysdb_search_entry(mem_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, attrs, msgs_count, msgs); if (ret) { goto fail; } talloc_zfree(tmp_ctx); return EOK; fail: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_INTERNAL, ("No such entry\n")); } else if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Delete-Group-by-Name-OR-gid=========================================== */ int sysdb_delete_group(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, gid_t gid) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (name) { ret = sysdb_search_group_by_name(tmp_ctx, sysdb, domain, name, NULL, &msg); } else { ret = sysdb_search_group_by_gid(tmp_ctx, sysdb, domain, gid, NULL, &msg); } if (ret) { goto fail; } if (name && gid) { /* verify name/gid match */ const char *c_name; uint64_t c_gid; c_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); c_gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); if (c_name == NULL || c_gid == 0) { DEBUG(2, ("Attribute is missing but this should never happen!\n")); ret = EFAULT; goto fail; } if (strcmp(name, c_name) || gid != c_gid) { /* this is not the entry we are looking for */ ret = EINVAL; goto fail; } } ret = sysdb_delete_entry(sysdb, msg->dn, false); if (ret) { goto fail; } talloc_zfree(tmp_ctx); return EOK; fail: DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); talloc_zfree(tmp_ctx); return ret; } /* =Search-Netgroups-with-Custom-Filter===================================== */ int sysdb_search_netgroups(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs) { TALLOC_CTX *tmp_ctx; struct ldb_dn *basedn; char *filter; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_NETGROUP_BASE, domain->name); if (!basedn) { DEBUG(2, ("Failed to build base dn\n")); ret = ENOMEM; goto fail; } filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_NC, sub_filter); if (!filter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto fail; } DEBUG(6, ("Search netgroups with filter: %s\n", filter)); ret = sysdb_search_entry(mem_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, attrs, msgs_count, msgs); if (ret) { goto fail; } talloc_zfree(tmp_ctx); return EOK; fail: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("Entry not found\n")); } else { DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } /* =Delete-Netgroup-by-Name============================================== */ int sysdb_delete_netgroup(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; int ret; if (!name) return EINVAL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_search_netgroup_by_name(tmp_ctx, sysdb, domain, name, NULL, &msg); if (ret != EOK && ret != ENOENT) { DEBUG(6, ("sysdb_search_netgroup_by_name failed: %d (%s)\n", ret, strerror(ret))); goto done; } else if (ret == ENOENT) { DEBUG(6, ("Netgroup does not exist, nothing to delete\n")); ret = EOK; goto done; } ret = sysdb_delete_entry(sysdb, msg->dn, false); if (ret != EOK) { goto done; } done: if (ret != EOK) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_free(tmp_ctx); return ret; } int sysdb_delete_by_sid(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sid_str) { TALLOC_CTX *tmp_ctx; struct ldb_result *res; int ret; if (!sid_str) return EINVAL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_search_object_by_sid(tmp_ctx, sysdb, domain, sid_str, NULL, &res); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("search by sid failed: %d (%s)\n", ret, strerror(ret))); goto done; } if (res->count > 1) { DEBUG(SSSDBG_FATAL_FAILURE, ("getbysid call returned more than one " \ "result !?!\n")); ret = EIO; goto done; } if (res->count == 0) { /* No existing entry. Just quit. */ ret = EOK; goto done; } ret = sysdb_delete_entry(sysdb, res->msgs[0]->dn, false); if (ret != EOK) { goto done; } done: if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_free(tmp_ctx); return ret; } /* ========= Authentication against cached password ============ */ errno_t check_failed_login_attempts(struct confdb_ctx *cdb, struct ldb_message *ldb_msg, uint32_t *failed_login_attempts, time_t *delayed_until) { int ret; int allowed_failed_login_attempts; int failed_login_delay; time_t last_failed_login; time_t end; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } *delayed_until = -1; *failed_login_attempts = ldb_msg_find_attr_as_uint(ldb_msg, SYSDB_FAILED_LOGIN_ATTEMPTS, 0); last_failed_login = (time_t) ldb_msg_find_attr_as_int64(ldb_msg, SYSDB_LAST_FAILED_LOGIN, 0); ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_FAILED_LOGIN_ATTEMPTS, CONFDB_DEFAULT_PAM_FAILED_LOGIN_ATTEMPTS, &allowed_failed_login_attempts); if (ret != EOK) { DEBUG(1, ("Failed to read the number of allowed failed login " "attempts.\n")); ret = ERR_INTERNAL; goto done; } ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_FAILED_LOGIN_DELAY, CONFDB_DEFAULT_PAM_FAILED_LOGIN_DELAY, &failed_login_delay); if (ret != EOK) { DEBUG(1, ("Failed to read the failed login delay.\n")); ret = ERR_INTERNAL; goto done; } DEBUG(9, ("Failed login attempts [%d], allowed failed login attempts [%d], " "failed login delay [%d].\n", *failed_login_attempts, allowed_failed_login_attempts, failed_login_delay)); if (allowed_failed_login_attempts) { if (*failed_login_attempts >= allowed_failed_login_attempts) { if (failed_login_delay) { end = last_failed_login + (failed_login_delay * 60); if (end < time(NULL)) { DEBUG(7, ("failed_login_delay has passed, " "resetting failed_login_attempts.\n")); *failed_login_attempts = 0; } else { DEBUG(7, ("login delayed until %lld.\n", (long long) end)); *delayed_until = end; ret = ERR_AUTH_DENIED; goto done; } } else { DEBUG(4, ("Too many failed logins.\n")); ret = ERR_AUTH_DENIED; goto done; } } } ret = EOK; done: talloc_free(tmp_ctx); return ret; } int sysdb_cache_auth(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *password, struct confdb_ctx *cdb, bool just_check, time_t *_expire_date, time_t *_delayed_until) { TALLOC_CTX *tmp_ctx; const char *attrs[] = { SYSDB_NAME, SYSDB_CACHEDPWD, SYSDB_DISABLED, SYSDB_LAST_LOGIN, SYSDB_LAST_ONLINE_AUTH, "lastCachedPasswordChange", "accountExpires", SYSDB_FAILED_LOGIN_ATTEMPTS, SYSDB_LAST_FAILED_LOGIN, NULL }; struct ldb_message *ldb_msg; const char *userhash; char *comphash; uint64_t lastLogin = 0; int cred_expiration; uint32_t failed_login_attempts = 0; struct sysdb_attrs *update_attrs; bool authentication_successful = false; time_t expire_date = -1; time_t delayed_until = -1; int ret; if (name == NULL || *name == '\0') { DEBUG(1, ("Missing user name.\n")); return EINVAL; } if (cdb == NULL) { DEBUG(1, ("Missing config db context.\n")); return EINVAL; } if (sysdb == NULL) { DEBUG(1, ("Missing sysdb db context.\n")); return EINVAL; } if (!domain->cache_credentials) { DEBUG(3, ("Cached credentials not available.\n")); return EINVAL; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = ldb_transaction_start(sysdb->ldb); if (ret) { talloc_zfree(tmp_ctx); ret = sysdb_error_to_errno(ret); return ret; } ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, name, attrs, &ldb_msg); if (ret != EOK) { DEBUG(1, ("sysdb_search_user_by_name failed [%d][%s].\n", ret, strerror(ret))); if (ret == ENOENT) ret = ERR_ACCOUNT_UNKNOWN; goto done; } /* Check offline_auth_cache_timeout */ lastLogin = ldb_msg_find_attr_as_uint64(ldb_msg, SYSDB_LAST_ONLINE_AUTH, 0); ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_CRED_TIMEOUT, 0, &cred_expiration); if (ret != EOK) { DEBUG(1, ("Failed to read expiration time of offline credentials.\n")); goto done; } DEBUG(9, ("Offline credentials expiration is [%d] days.\n", cred_expiration)); if (cred_expiration) { expire_date = lastLogin + (cred_expiration * 86400); if (expire_date < time(NULL)) { DEBUG(4, ("Cached user entry is too old.\n")); expire_date = 0; ret = ERR_CACHED_CREDS_EXPIRED; goto done; } } else { expire_date = 0; } ret = check_failed_login_attempts(cdb, ldb_msg, &failed_login_attempts, &delayed_until); if (ret != EOK) { DEBUG(1, ("Failed to check login attempts\n")); goto done; } /* TODO: verify user account (disabled, expired ...) */ userhash = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_CACHEDPWD, NULL); if (userhash == NULL || *userhash == '\0') { DEBUG(4, ("Cached credentials not available.\n")); ret = ERR_NO_CACHED_CREDS; goto done; } ret = s3crypt_sha512(tmp_ctx, password, userhash, &comphash); if (ret) { DEBUG(4, ("Failed to create password hash.\n")); ret = ERR_INTERNAL; goto done; } update_attrs = sysdb_new_attrs(tmp_ctx); if (update_attrs == NULL) { DEBUG(1, ("sysdb_new_attrs failed.\n")); ret = ENOMEM; goto done; } if (strcmp(userhash, comphash) == 0) { /* TODO: probable good point for audit logging */ DEBUG(4, ("Hashes do match!\n")); authentication_successful = true; if (just_check) { ret = EOK; goto done; } ret = sysdb_attrs_add_time_t(update_attrs, SYSDB_LAST_LOGIN, time(NULL)); if (ret != EOK) { DEBUG(3, ("sysdb_attrs_add_time_t failed, " "but authentication is successful.\n")); ret = EOK; goto done; } ret = sysdb_attrs_add_uint32(update_attrs, SYSDB_FAILED_LOGIN_ATTEMPTS, 0U); if (ret != EOK) { DEBUG(3, ("sysdb_attrs_add_uint32 failed, " "but authentication is successful.\n")); ret = EOK; goto done; } } else { DEBUG(4, ("Authentication failed.\n")); authentication_successful = false; ret = sysdb_attrs_add_time_t(update_attrs, SYSDB_LAST_FAILED_LOGIN, time(NULL)); if (ret != EOK) { DEBUG(3, ("sysdb_attrs_add_time_t failed\n.")); goto done; } ret = sysdb_attrs_add_uint32(update_attrs, SYSDB_FAILED_LOGIN_ATTEMPTS, ++failed_login_attempts); if (ret != EOK) { DEBUG(3, ("sysdb_attrs_add_uint32 failed.\n")); goto done; } } ret = sysdb_set_user_attr(sysdb, domain, name, update_attrs, LDB_FLAG_MOD_REPLACE); if (ret) { DEBUG(1, ("Failed to update Login attempt information!\n")); } done: if (_expire_date != NULL) { *_expire_date = expire_date; } if (_delayed_until != NULL) { *_delayed_until = delayed_until; } if (ret) { ldb_transaction_cancel(sysdb->ldb); } else { ret = ldb_transaction_commit(sysdb->ldb); ret = sysdb_error_to_errno(ret); if (ret) { DEBUG(2, ("Failed to commit transaction!\n")); } } if (authentication_successful) { ret = EOK; } else { if (ret == EOK) { ret = ERR_AUTH_FAILED; } } talloc_free(tmp_ctx); return ret; } static errno_t sysdb_update_members_ex(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *member, enum sysdb_member_type type, const char *const *add_groups, const char *const *del_groups, bool is_dn) { errno_t ret; errno_t sret; int i; bool in_transaction = false; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if(!tmp_ctx) { return ENOMEM; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(0, ("Failed to start update transaction\n")); goto done; } in_transaction = true; if (add_groups) { /* Add the user to all add_groups */ for (i = 0; add_groups[i]; i++) { ret = sysdb_add_group_member(sysdb, domain, add_groups[i], member, type, is_dn); if (ret != EOK) { DEBUG(1, ("Could not add member [%s] to group [%s]. " "Skipping.\n", member, add_groups[i])); /* Continue on, we should try to finish the rest */ } } } if (del_groups) { /* Remove the user from all del_groups */ for (i = 0; del_groups[i]; i++) { ret = sysdb_remove_group_member(sysdb, domain, del_groups[i], member, type, is_dn); if (ret != EOK) { DEBUG(1, ("Could not remove member [%s] from group [%s]. " "Skipping\n", member, del_groups[i])); /* Continue on, we should try to finish the rest */ } } } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } errno_t sysdb_update_members(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *member, enum sysdb_member_type type, const char *const *add_groups, const char *const *del_groups) { return sysdb_update_members_ex(sysdb, domain, member, type, add_groups, del_groups, false); } errno_t sysdb_update_members_dn(struct sysdb_ctx *sysdb, struct sss_domain_info *member_domain, const char *member, enum sysdb_member_type type, const char *const *add_groups, const char *const *del_groups) { return sysdb_update_members_ex(sysdb, member_domain, member, type, add_groups, del_groups, true); } errno_t sysdb_remove_attrs(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, enum sysdb_member_type type, char **remove_attrs) { errno_t ret; errno_t sret = EOK; bool in_transaction = false; struct ldb_message *msg; int lret; size_t i; msg = ldb_msg_new(NULL); if (!msg) return ENOMEM; switch(type) { case SYSDB_MEMBER_USER: msg->dn = sysdb_user_dn(sysdb, msg, domain, name); break; case SYSDB_MEMBER_GROUP: msg->dn = sysdb_group_dn(sysdb, msg, domain, name); break; case SYSDB_MEMBER_NETGROUP: msg->dn = sysdb_netgroup_dn(sysdb, msg, domain, name); break; case SYSDB_MEMBER_SERVICE: msg->dn = sysdb_svc_dn(sysdb, msg, domain->name, name); break; } if (!msg->dn) { ret = ENOMEM; goto done; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; for (i = 0; remove_attrs[i]; i++) { /* SYSDB_MEMBEROF is exclusively handled by the memberof plugin */ if (strcasecmp(remove_attrs[i], SYSDB_MEMBEROF) == 0) { continue; } DEBUG(8, ("Removing attribute [%s] from [%s]\n", remove_attrs[i], name)); lret = ldb_msg_add_empty(msg, remove_attrs[i], LDB_FLAG_MOD_DELETE, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } /* We need to do individual modifies so that we can * skip unknown attributes. Otherwise, any nonexistent * attribute in the sysdb will cause other removals to * fail. */ lret = ldb_modify(sysdb->ldb, msg); if (lret != LDB_SUCCESS && lret != LDB_ERR_NO_SUCH_ATTRIBUTE) { ret = sysdb_error_to_errno(lret); goto done; } /* Remove this attribute and move on to the next one */ ldb_msg_remove_attr(msg, remove_attrs[i]); } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(msg); return ret; } errno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sid_str, const char **attrs, struct ldb_result **msg) { TALLOC_CTX *tmp_ctx; const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, SYSDB_GIDNUM, SYSDB_OBJECTCLASS, NULL }; struct ldb_dn *basedn; int ret; struct ldb_result *res = NULL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, domain->name); if (basedn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ldb_dn_new_fmt failed.\n")); ret = ENOMEM; goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE, attrs?attrs:def_attrs, SYSDB_SID_FILTER, sid_str); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ldb_search failed.\n")); goto done; } if (res->count > 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Search for SID [%s] returned more than " \ "one object.\n", sid_str)); ret = EINVAL; goto done; } *msg = talloc_steal(mem_ctx, res); done: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No such entry.\n")); } else if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } sssd-1.11.5/src/db/PaxHeaders.13173/sysdb.c0000644000000000000000000000007312320753107016216 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.657874948 sssd-1.11.5/src/db/sysdb.c0000664002412700241270000014257112320753107016453 0ustar00jhrozekjhrozek00000000000000/* SSSD System Database Copyright (C) 2008-2011 Simo Sorce Copyright (C) 2008-2011 Stephen Gallagher This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "util/strtonum.h" #include "util/sss_utf8.h" #include "db/sysdb_private.h" #include "confdb/confdb.h" #include #define LDB_MODULES_PATH "LDB_MODULES_PATH" errno_t sysdb_ldb_connect(TALLOC_CTX *mem_ctx, const char *filename, struct ldb_context **_ldb) { int ret; struct ldb_context *ldb; const char *mod_path; if (_ldb == NULL) { return EINVAL; } ldb = ldb_init(mem_ctx, NULL); if (!ldb) { return EIO; } ret = ldb_set_debug(ldb, ldb_debug_messages, NULL); if (ret != LDB_SUCCESS) { return EIO; } mod_path = getenv(LDB_MODULES_PATH); if (mod_path != NULL) { DEBUG(9, ("Setting ldb module path to [%s].\n", mod_path)); ldb_set_modules_dir(ldb, mod_path); } ret = ldb_connect(ldb, filename, 0, NULL); if (ret != LDB_SUCCESS) { return EIO; } *_ldb = ldb; return EOK; } errno_t sysdb_dn_sanitize(TALLOC_CTX *mem_ctx, const char *input, char **sanitized) { struct ldb_val val; errno_t ret = EOK; val.data = (uint8_t *)talloc_strdup(mem_ctx, input); if (!val.data) { return ENOMEM; } /* We can't include the trailing NULL because it would * be escaped and result in an unterminated string */ val.length = strlen(input); *sanitized = ldb_dn_escape_value(mem_ctx, val); if (!*sanitized) { ret = ENOMEM; } talloc_free(val.data); return ret; } struct ldb_dn *sysdb_custom_subtree_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *subtree_name) { errno_t ret; char *clean_subtree; struct ldb_dn *dn = NULL; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return NULL; ret = sysdb_dn_sanitize(tmp_ctx, subtree_name, &clean_subtree); if (ret != EOK) { talloc_free(tmp_ctx); return NULL; } dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE, clean_subtree, dom->name); if (dn) { talloc_steal(mem_ctx, dn); } talloc_free(tmp_ctx); return dn; } struct ldb_dn *sysdb_custom_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *object_name, const char *subtree_name) { errno_t ret; TALLOC_CTX *tmp_ctx; char *clean_name; char *clean_subtree; struct ldb_dn *dn = NULL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return NULL; } ret = sysdb_dn_sanitize(tmp_ctx, object_name, &clean_name); if (ret != EOK) { goto done; } ret = sysdb_dn_sanitize(tmp_ctx, subtree_name, &clean_subtree); if (ret != EOK) { goto done; } dn = ldb_dn_new_fmt(mem_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM, clean_name, clean_subtree, dom->name); done: talloc_free(tmp_ctx); return dn; } struct ldb_dn *sysdb_user_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *name) { errno_t ret; char *clean_name; struct ldb_dn *dn; ret = sysdb_dn_sanitize(NULL, name, &clean_name); if (ret != EOK) { return NULL; } dn = ldb_dn_new_fmt(mem_ctx, sysdb->ldb, SYSDB_TMPL_USER, clean_name, dom->name); talloc_free(clean_name); return dn; } struct ldb_dn *sysdb_group_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *name) { errno_t ret; char *clean_name; struct ldb_dn *dn; ret = sysdb_dn_sanitize(NULL, name, &clean_name); if (ret != EOK) { return NULL; } dn = ldb_dn_new_fmt(mem_ctx, sysdb->ldb, SYSDB_TMPL_GROUP, clean_name, dom->name); talloc_free(clean_name); return dn; } struct ldb_dn *sysdb_netgroup_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *name) { errno_t ret; char *clean_name; struct ldb_dn *dn; ret = sysdb_dn_sanitize(NULL, name, &clean_name); if (ret != EOK) { return NULL; } dn = ldb_dn_new_fmt(mem_ctx, sysdb->ldb, SYSDB_TMPL_NETGROUP, clean_name, dom->name); talloc_free(clean_name); return dn; } struct ldb_dn *sysdb_netgroup_base_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom) { return ldb_dn_new_fmt(mem_ctx, sysdb->ldb, SYSDB_TMPL_NETGROUP_BASE, dom->name); } errno_t sysdb_get_rdn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, const char *_dn, char **_name, char **_val) { errno_t ret; struct ldb_dn *dn; const char *attr_name = NULL; const struct ldb_val *val; TALLOC_CTX *tmp_ctx; /* We have to create a tmp_ctx here because * ldb_dn_new_fmt() fails if mem_ctx is NULL */ tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, "%s", _dn); if (dn == NULL) { ret = ENOMEM; goto done; } if (_name) { attr_name = ldb_dn_get_rdn_name(dn); if (attr_name == NULL) { ret = EINVAL; goto done; } *_name = talloc_strdup(mem_ctx, attr_name); if (!*_name) { ret = ENOMEM; goto done; } } val = ldb_dn_get_rdn_val(dn); if (val == NULL) { ret = EINVAL; if (_name) talloc_free(*_name); goto done; } *_val = talloc_strndup(mem_ctx, (char *) val->data, val->length); if (!*_val) { ret = ENOMEM; if (_name) talloc_free(*_name); goto done; } ret = EOK; done: talloc_zfree(tmp_ctx); return ret; } errno_t sysdb_group_dn_name(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, const char *_dn, char **_name) { return sysdb_get_rdn(sysdb, mem_ctx, _dn, NULL, _name); } struct ldb_dn *sysdb_domain_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom) { return ldb_dn_new_fmt(mem_ctx, sysdb->ldb, SYSDB_DOM_BASE, dom->name); } struct ldb_dn *sysdb_base_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx) { return ldb_dn_new(mem_ctx, sysdb->ldb, SYSDB_BASE); } struct ldb_context *sysdb_ctx_get_ldb(struct sysdb_ctx *sysdb) { return sysdb->ldb; } struct sysdb_attrs *sysdb_new_attrs(TALLOC_CTX *mem_ctx) { return talloc_zero(mem_ctx, struct sysdb_attrs); } int sysdb_attrs_get_el_ext(struct sysdb_attrs *attrs, const char *name, bool alloc, struct ldb_message_element **el) { struct ldb_message_element *e = NULL; int i; for (i = 0; i < attrs->num; i++) { if (strcasecmp(name, attrs->a[i].name) == 0) e = &(attrs->a[i]); } if (!e && alloc) { e = talloc_realloc(attrs, attrs->a, struct ldb_message_element, attrs->num+1); if (!e) return ENOMEM; attrs->a = e; e[attrs->num].name = talloc_strdup(e, name); if (!e[attrs->num].name) return ENOMEM; e[attrs->num].num_values = 0; e[attrs->num].values = NULL; e[attrs->num].flags = 0; e = &(attrs->a[attrs->num]); attrs->num++; } if (!e) { return ENOENT; } *el = e; return EOK; } int sysdb_attrs_get_el(struct sysdb_attrs *attrs, const char *name, struct ldb_message_element **el) { return sysdb_attrs_get_el_ext(attrs, name, true, el); } int sysdb_attrs_get_string(struct sysdb_attrs *attrs, const char *name, const char **string) { struct ldb_message_element *el; int ret; ret = sysdb_attrs_get_el_ext(attrs, name, false, &el); if (ret) { return ret; } if (el->num_values != 1) { return ERANGE; } *string = (const char *)el->values[0].data; return EOK; } int sysdb_attrs_get_int32_t(struct sysdb_attrs *attrs, const char *name, int32_t *value) { struct ldb_message_element *el; int ret; char *endptr; int32_t val; ret = sysdb_attrs_get_el_ext(attrs, name, false, &el); if (ret) { return ret; } if (el->num_values != 1) { return ERANGE; } errno = 0; val = strtoint32((const char *) el->values[0].data, &endptr, 10); if (errno != 0) return errno; if (*endptr) return EINVAL; *value = val; return EOK; } int sysdb_attrs_get_uint32_t(struct sysdb_attrs *attrs, const char *name, uint32_t *value) { struct ldb_message_element *el; int ret; char *endptr; uint32_t val; ret = sysdb_attrs_get_el_ext(attrs, name, false, &el); if (ret) { return ret; } if (el->num_values != 1) { return ERANGE; } errno = 0; val = strtouint32((const char *) el->values[0].data, &endptr, 10); if (errno != 0) return errno; if (*endptr) return EINVAL; *value = val; return EOK; } int sysdb_attrs_get_uint16_t(struct sysdb_attrs *attrs, const char *name, uint16_t *value) { struct ldb_message_element *el; int ret; char *endptr; uint16_t val; ret = sysdb_attrs_get_el_ext(attrs, name, false, &el); if (ret) { return ret; } if (el->num_values != 1) { return ERANGE; } errno = 0; val = strtouint16((const char *) el->values[0].data, &endptr, 10); if (errno != 0) return errno; if (*endptr) return EINVAL; *value = val; return EOK; } errno_t sysdb_attrs_get_bool(struct sysdb_attrs *attrs, const char *name, bool *value) { struct ldb_message_element *el; int ret; ret = sysdb_attrs_get_el_ext(attrs, name, false, &el); if (ret) { return ret; } if (el->num_values != 1) { return ERANGE; } if (strcmp((const char *)el->values[0].data, "TRUE") == 0) *value = true; else *value = false; return EOK; } const char **sss_ldb_el_to_string_list(TALLOC_CTX *mem_ctx, struct ldb_message_element *el) { unsigned int u; const char **a; a = talloc_zero_array(mem_ctx, const char *, el->num_values + 1); if (a == NULL) { return NULL; } for (u = 0; u < el->num_values; u++) { a[u] = talloc_strndup(a, (const char *)el->values[u].data, el->values[u].length); if (a[u] == NULL) { talloc_free(a); return NULL; } } return a; } int sysdb_attrs_get_string_array(struct sysdb_attrs *attrs, const char *name, TALLOC_CTX *mem_ctx, const char ***string) { struct ldb_message_element *el; int ret; const char **a; ret = sysdb_attrs_get_el_ext(attrs, name, false, &el); if (ret) { return ret; } a = sss_ldb_el_to_string_list(mem_ctx, el); if (a == NULL) { return ENOMEM; } *string = a; return EOK; } int sysdb_attrs_add_val(struct sysdb_attrs *attrs, const char *name, const struct ldb_val *val) { struct ldb_message_element *el = NULL; struct ldb_val *vals; int ret; ret = sysdb_attrs_get_el(attrs, name, &el); if (ret != EOK) { return ret; } vals = talloc_realloc(attrs->a, el->values, struct ldb_val, el->num_values+1); if (!vals) return ENOMEM; vals[el->num_values] = ldb_val_dup(vals, val); if (vals[el->num_values].data == NULL && vals[el->num_values].length != 0) { return ENOMEM; } el->values = vals; el->num_values++; return EOK; } int sysdb_attrs_add_string(struct sysdb_attrs *attrs, const char *name, const char *str) { struct ldb_val v; v.data = (uint8_t *)discard_const(str); v.length = strlen(str); return sysdb_attrs_add_val(attrs, name, &v); } int sysdb_attrs_add_mem(struct sysdb_attrs *attrs, const char *name, const void *mem, size_t size) { struct ldb_val v; v.data = discard_const(mem); v.length = size; return sysdb_attrs_add_val(attrs, name, &v); } int sysdb_attrs_add_bool(struct sysdb_attrs *attrs, const char *name, bool value) { if(value) { return sysdb_attrs_add_string(attrs, name, "TRUE"); } return sysdb_attrs_add_string(attrs, name, "FALSE"); } int sysdb_attrs_steal_string(struct sysdb_attrs *attrs, const char *name, char *str) { struct ldb_message_element *el = NULL; struct ldb_val *vals; int ret; ret = sysdb_attrs_get_el(attrs, name, &el); if (ret != EOK) { return ret; } vals = talloc_realloc(attrs->a, el->values, struct ldb_val, el->num_values+1); if (!vals) return ENOMEM; el->values = vals; /* now steal and assign the string */ talloc_steal(el->values, str); el->values[el->num_values].data = (uint8_t *)str; el->values[el->num_values].length = strlen(str); el->num_values++; return EOK; } int sysdb_attrs_add_long(struct sysdb_attrs *attrs, const char *name, long value) { struct ldb_val v; char *str; int ret; str = talloc_asprintf(attrs, "%ld", value); if (!str) return ENOMEM; v.data = (uint8_t *)str; v.length = strlen(str); ret = sysdb_attrs_add_val(attrs, name, &v); talloc_free(str); return ret; } int sysdb_attrs_add_uint32(struct sysdb_attrs *attrs, const char *name, uint32_t value) { unsigned long val = value; struct ldb_val v; char *str; int ret; str = talloc_asprintf(attrs, "%lu", val); if (!str) return ENOMEM; v.data = (uint8_t *)str; v.length = strlen(str); ret = sysdb_attrs_add_val(attrs, name, &v); talloc_free(str); return ret; } int sysdb_attrs_add_time_t(struct sysdb_attrs *attrs, const char *name, time_t value) { long long val = value; struct ldb_val v; char *str; int ret; str = talloc_asprintf(attrs, "%lld", val); if (!str) return ENOMEM; v.data = (uint8_t *)str; v.length = strlen(str); ret = sysdb_attrs_add_val(attrs, name, &v); talloc_free(str); return ret; } int sysdb_attrs_add_lc_name_alias(struct sysdb_attrs *attrs, const char *value) { char *lc_str; int ret; if (attrs == NULL || value == NULL) { return EINVAL; } lc_str = sss_tc_utf8_str_tolower(attrs, value); if (lc_str == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot convert name to lowercase\n")); return ENOMEM; } ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, lc_str); talloc_free(lc_str); return ret; } int sysdb_attrs_copy_values(struct sysdb_attrs *src, struct sysdb_attrs *dst, const char *name) { int ret = EOK; int i; struct ldb_message_element *src_el; ret = sysdb_attrs_get_el(src, name, &src_el); if (ret != EOK) { goto done; } for (i = 0; i < src_el->num_values; i++) { ret = sysdb_attrs_add_val(dst, name, &src_el->values[i]); if (ret != EOK) { goto done; } } done: return ret; } int sysdb_attrs_users_from_str_list(struct sysdb_attrs *attrs, const char *attr_name, const char *domain, const char *const *list) { struct ldb_message_element *el = NULL; struct ldb_val *vals; int i, j, num; char *member; int ret; ret = sysdb_attrs_get_el(attrs, attr_name, &el); if (ret) { return ret; } for (num = 0; list[num]; num++) /* count */ ; vals = talloc_realloc(attrs->a, el->values, struct ldb_val, el->num_values + num); if (!vals) { return ENOMEM; } el->values = vals; DEBUG(9, ("Adding %d members to existing %d ones\n", num, el->num_values)); for (i = 0, j = el->num_values; i < num; i++) { member = sysdb_user_strdn(el->values, domain, list[i]); if (!member) { DEBUG(4, ("Failed to get user dn for [%s]\n", list[i])); continue; } el->values[j].data = (uint8_t *)member; el->values[j].length = strlen(member); j++; DEBUG(7, (" member #%d: [%s]\n", i, member)); } el->num_values = j; return EOK; } static char *build_dom_dn_str_escape(TALLOC_CTX *mem_ctx, const char *template, const char *domain, const char *name) { char *ret; int l; l = strcspn(name, ",=\n+<>#;\\\""); if (name[l] != '\0') { struct ldb_val v; char *tmp; v.data = discard_const_p(uint8_t, name); v.length = strlen(name); tmp = ldb_dn_escape_value(mem_ctx, v); if (!tmp) { return NULL; } ret = talloc_asprintf(mem_ctx, template, tmp, domain); talloc_zfree(tmp); if (!ret) { return NULL; } return ret; } ret = talloc_asprintf(mem_ctx, template, name, domain); if (!ret) { return NULL; } return ret; } char *sysdb_user_strdn(TALLOC_CTX *mem_ctx, const char *domain, const char *name) { return build_dom_dn_str_escape(mem_ctx, SYSDB_TMPL_USER, domain, name); } char *sysdb_group_strdn(TALLOC_CTX *mem_ctx, const char *domain, const char *name) { return build_dom_dn_str_escape(mem_ctx, SYSDB_TMPL_GROUP, domain, name); } /* TODO: make a more complete and precise mapping */ int sysdb_error_to_errno(int ldberr) { switch (ldberr) { case LDB_SUCCESS: return EOK; case LDB_ERR_OPERATIONS_ERROR: return EIO; case LDB_ERR_NO_SUCH_OBJECT: return ENOENT; case LDB_ERR_BUSY: return EBUSY; case LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS: case LDB_ERR_ENTRY_ALREADY_EXISTS: return EEXIST; case LDB_ERR_INVALID_ATTRIBUTE_SYNTAX: return EINVAL; default: DEBUG(SSSDBG_CRIT_FAILURE, ("LDB returned unexpected error: [%s]\n", ldb_strerror(ldberr))); return EFAULT; } } /* =Transactions========================================================== */ int sysdb_transaction_start(struct sysdb_ctx *sysdb) { int ret; ret = ldb_transaction_start(sysdb->ldb); if (ret != LDB_SUCCESS) { DEBUG(1, ("Failed to start ldb transaction! (%d)\n", ret)); } return sysdb_error_to_errno(ret); } int sysdb_transaction_commit(struct sysdb_ctx *sysdb) { int ret; ret = ldb_transaction_commit(sysdb->ldb); if (ret != LDB_SUCCESS) { DEBUG(1, ("Failed to commit ldb transaction! (%d)\n", ret)); } return sysdb_error_to_errno(ret); } int sysdb_transaction_cancel(struct sysdb_ctx *sysdb) { int ret; ret = ldb_transaction_cancel(sysdb->ldb); if (ret != LDB_SUCCESS) { DEBUG(1, ("Failed to cancel ldb transaction! (%d)\n", ret)); } return sysdb_error_to_errno(ret); } /* =Initialization======================================================== */ int sysdb_get_db_file(TALLOC_CTX *mem_ctx, const char *provider, const char *name, const char *base_path, char **_ldb_file) { char *ldb_file; /* special case for the local domain */ if (strcasecmp(provider, "local") == 0) { ldb_file = talloc_asprintf(mem_ctx, "%s/"LOCAL_SYSDB_FILE, base_path); } else { ldb_file = talloc_asprintf(mem_ctx, "%s/"CACHE_SYSDB_FILE, base_path, name); } if (!ldb_file) { return ENOMEM; } *_ldb_file = ldb_file; return EOK; } errno_t sysdb_domain_create(struct sysdb_ctx *sysdb, const char *domain_name) { struct ldb_message *msg; TALLOC_CTX *tmp_ctx; int ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } /* == create base domain object == */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new_fmt(msg, sysdb->ldb, SYSDB_DOM_BASE, domain_name); if (!msg->dn) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "cn", domain_name); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } /* do a synchronous add */ ret = ldb_add(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to initialize DB (%d, [%s]) " "for domain %s!\n", ret, ldb_errstring(sysdb->ldb), domain_name)); ret = EIO; goto done; } talloc_zfree(msg); /* == create Users tree == */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new_fmt(msg, sysdb->ldb, SYSDB_TMPL_USER_BASE, domain_name); if (!msg->dn) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "cn", "Users"); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } /* do a synchronous add */ ret = ldb_add(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to initialize DB (%d, [%s]) " "for domain %s!\n", ret, ldb_errstring(sysdb->ldb), domain_name)); ret = EIO; goto done; } talloc_zfree(msg); /* == create Groups tree == */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new_fmt(msg, sysdb->ldb, SYSDB_TMPL_GROUP_BASE, domain_name); if (!msg->dn) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "cn", "Groups"); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } /* do a synchronous add */ ret = ldb_add(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to initialize DB (%d, [%s]) for " "domain %s!\n", ret, ldb_errstring(sysdb->ldb), domain_name)); ret = EIO; goto done; } talloc_zfree(msg); ret = EOK; done: talloc_zfree(tmp_ctx); return ret; } /* Compare versions of sysdb, returns ERRNO accordingly */ static errno_t sysdb_version_check(const char *expected, const char *received) { int ret; unsigned int exp_major, exp_minor, recv_major, recv_minor; ret = sscanf(expected, "%u.%u", &exp_major, &exp_minor); if (ret != 2) { return EINVAL; } ret = sscanf(received, "%u.%u", &recv_major, &recv_minor); if (ret != 2) { return EINVAL; } if (recv_major > exp_major) { return EUCLEAN; } else if (recv_major < exp_major) { return EMEDIUMTYPE; } if (recv_minor > exp_minor) { return EUCLEAN; } else if (recv_minor < exp_minor) { return EMEDIUMTYPE; } return EOK; } int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *db_path, bool allow_upgrade, struct sysdb_ctx **_ctx) { TALLOC_CTX *tmp_ctx = NULL; struct sysdb_ctx *sysdb; const char *base_ldif; struct ldb_ldif *ldif; struct ldb_message_element *el; struct ldb_result *res; struct ldb_dn *verdn; const char *version = NULL; int ret; sysdb = talloc_zero(mem_ctx, struct sysdb_ctx); if (!sysdb) { return ENOMEM; } ret = sysdb_get_db_file(sysdb, domain->provider, domain->name, db_path, &sysdb->ldb_file); if (ret != EOK) { goto done; } DEBUG(5, ("DB File for %s: %s\n", domain->name, sysdb->ldb_file)); ret = sysdb_ldb_connect(sysdb, sysdb->ldb_file, &sysdb->ldb); if (ret != EOK) { DEBUG(1, ("sysdb_ldb_connect failed.\n")); goto done; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } verdn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_BASE); if (!verdn) { ret = EIO; goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, verdn, LDB_SCOPE_BASE, NULL, NULL); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } if (res->count > 1) { ret = EIO; goto done; } if (res->count == 1) { el = ldb_msg_find_element(res->msgs[0], "version"); if (!el) { ret = EIO; goto done; } if (el->num_values != 1) { ret = EINVAL; goto done; } version = talloc_strndup(tmp_ctx, (char *)(el->values[0].data), el->values[0].length); if (!version) { ret = ENOMEM; goto done; } if (strcmp(version, SYSDB_VERSION) == 0) { /* all fine, return */ ret = EOK; goto done; } if (!allow_upgrade) { DEBUG(SSSDBG_FATAL_FAILURE, ("Wrong DB version (got %s expected %s)\n", version, SYSDB_VERSION)); ret = sysdb_version_check(SYSDB_VERSION, version); goto done; } DEBUG(SSSDBG_CONF_SETTINGS, ("Upgrading DB [%s] from version: %s\n", domain->name, version)); if (strcmp(version, SYSDB_VERSION_0_3) == 0) { ret = sysdb_upgrade_03(sysdb, &version); if (ret != EOK) { goto done; } } if (strcmp(version, SYSDB_VERSION_0_4) == 0) { ret = sysdb_upgrade_04(sysdb, &version); if (ret != EOK) { goto done; } } if (strcmp(version, SYSDB_VERSION_0_5) == 0) { ret = sysdb_upgrade_05(sysdb, &version); if (ret != EOK) { goto done; } } if (strcmp(version, SYSDB_VERSION_0_6) == 0) { ret = sysdb_upgrade_06(sysdb, &version); if (ret != EOK) { goto done; } } if (strcmp(version, SYSDB_VERSION_0_7) == 0) { ret = sysdb_upgrade_07(sysdb, &version); if (ret != EOK) { goto done; } } if (strcmp(version, SYSDB_VERSION_0_8) == 0) { ret = sysdb_upgrade_08(sysdb, &version); if (ret != EOK) { goto done; } } if (strcmp(version, SYSDB_VERSION_0_9) == 0) { ret = sysdb_upgrade_09(sysdb, &version); if (ret != EOK) { goto done; } } if (strcmp(version, SYSDB_VERSION_0_10) == 0) { ret = sysdb_upgrade_10(sysdb, domain, &version); if (ret != EOK) { goto done; } } if (strcmp(version, SYSDB_VERSION_0_11) == 0) { ret = sysdb_upgrade_11(sysdb, domain, &version); if (ret != EOK) { goto done; } } if (strcmp(version, SYSDB_VERSION_0_12) == 0) { ret = sysdb_upgrade_12(sysdb, &version); if (ret != EOK) { goto done; } } if (strcmp(version, SYSDB_VERSION_0_13) == 0) { ret = sysdb_upgrade_13(sysdb, &version); if (ret != EOK) { goto done; } } if (strcmp(version, SYSDB_VERSION_0_14) == 0) { ret = sysdb_upgrade_14(sysdb, &version); if (ret != EOK) { goto done; } } /* The version should now match SYSDB_VERSION. * If not, it means we didn't match any of the * known older versions. The DB might be * corrupt or generated by a newer version of * SSSD. */ if (strcmp(version, SYSDB_VERSION) == 0) { /* The cache has been upgraded. * We need to reopen the LDB to ensure that * any changes made above take effect. */ talloc_zfree(sysdb->ldb); ret = sysdb_ldb_connect(sysdb, sysdb->ldb_file, &sysdb->ldb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_ldb_connect failed.\n")); } goto done; } DEBUG(0,("Unknown DB version [%s], expected [%s] for domain %s!\n", version?version:"not found", SYSDB_VERSION, domain->name)); ret = sysdb_version_check(SYSDB_VERSION, version); goto done; } /* SYSDB_BASE does not exists, means db is empty, populate */ base_ldif = SYSDB_BASE_LDIF; while ((ldif = ldb_ldif_read_string(sysdb->ldb, &base_ldif))) { ret = ldb_add(sysdb->ldb, ldif->msg); if (ret != LDB_SUCCESS) { DEBUG(0, ("Failed to initialize DB (%d, [%s]) for domain %s!\n", ret, ldb_errstring(sysdb->ldb), domain->name)); ret = EIO; goto done; } ldb_ldif_read_free(sysdb->ldb, ldif); } ret = sysdb_domain_create(sysdb, domain->name); if (ret != EOK) { goto done; } /* The cache has been newly created. * We need to reopen the LDB to ensure that * all of the special values take effect * (such as enabling the memberOf plugin and * the various indexes). */ talloc_zfree(sysdb->ldb); ret = sysdb_ldb_connect(sysdb, sysdb->ldb_file, &sysdb->ldb); if (ret != EOK) { DEBUG(1, ("sysdb_ldb_connect failed.\n")); } done: talloc_free(tmp_ctx); if (ret == EOK) { *_ctx = sysdb; } else { talloc_free(sysdb); } return ret; } int sysdb_init(TALLOC_CTX *mem_ctx, struct sss_domain_info *domains, bool allow_upgrade) { struct sss_domain_info *dom; struct sysdb_ctx *sysdb; int ret; if (allow_upgrade) { /* check if we have an old sssd.ldb to upgrade */ ret = sysdb_check_upgrade_02(domains, DB_PATH); if (ret != EOK) { return ret; } } /* open a db for each domain */ for (dom = domains; dom; dom = dom->next) { ret = sysdb_domain_init_internal(mem_ctx, dom, DB_PATH, allow_upgrade, &sysdb); if (ret != EOK) { return ret; } dom->sysdb = talloc_move(dom, &sysdb); } return EOK; } int sysdb_domain_init(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *db_path, struct sysdb_ctx **_ctx) { return sysdb_domain_init_internal(mem_ctx, domain, db_path, false, _ctx); } int compare_ldb_dn_comp_num(const void *m1, const void *m2) { struct ldb_message *msg1 = talloc_get_type(*(void **) discard_const(m1), struct ldb_message); struct ldb_message *msg2 = talloc_get_type(*(void **) discard_const(m2), struct ldb_message); return ldb_dn_get_comp_num(msg2->dn) - ldb_dn_get_comp_num(msg1->dn); } int sysdb_attrs_replace_name(struct sysdb_attrs *attrs, const char *oldname, const char *newname) { struct ldb_message_element *e = NULL; int i; const char *dummy; if (attrs == NULL || oldname == NULL || newname == NULL) return EINVAL; for (i = 0; i < attrs->num; i++) { if (strcasecmp(oldname, attrs->a[i].name) == 0) { e = &(attrs->a[i]); } if (strcasecmp(newname, attrs->a[i].name) == 0) { DEBUG(3, ("New attribute name [%s] already exists.\n", newname)); return EEXIST; } } if (e != NULL) { dummy = talloc_strdup(attrs, newname); if (dummy == NULL) { DEBUG(1, ("talloc_strdup failed.\n")); return ENOMEM; } talloc_free(discard_const(e->name)); e->name = dummy; } return EOK; } /* Search for all incidences of attr_name in a list of * sysdb_attrs and add their value to a list * * TODO: Currently only works for single-valued * attributes. Multi-valued attributes will return * only the first entry */ errno_t sysdb_attrs_to_list(TALLOC_CTX *mem_ctx, struct sysdb_attrs **attrs, int attr_count, const char *attr_name, char ***_list) { int attr_idx; int i; char **list; char **tmp_list; int list_idx; *_list = NULL; /* Assume that every attrs entry contains the attr_name * This may waste a little memory if some entries don't * have the attribute, but it will save us the trouble * of continuously resizing the array. */ list = talloc_array(mem_ctx, char *, attr_count+1); if (!list) { return ENOMEM; } list_idx = 0; /* Loop through all entries in attrs */ for (attr_idx = 0; attr_idx < attr_count; attr_idx++) { /* Examine each attribute within the entry */ for (i = 0; i < attrs[attr_idx]->num; i++) { if (strcasecmp(attrs[attr_idx]->a[i].name, attr_name) == 0) { /* Attribute name matches the requested name * Copy it to the output list */ list[list_idx] = talloc_strdup( list, (const char *)attrs[attr_idx]->a[i].values[0].data); if (!list[list_idx]) { talloc_free(list); return ENOMEM; } list_idx++; /* We only support single-valued attributes * Break here and go on to the next entry */ break; } } } list[list_idx] = NULL; /* if list_idx < attr_count, do a realloc to * reclaim unused memory */ if (list_idx < attr_count) { tmp_list = talloc_realloc(mem_ctx, list, char *, list_idx+1); if (!tmp_list) { talloc_zfree(list); return ENOMEM; } list = tmp_list; } *_list = list; return EOK; } errno_t sysdb_get_bool(struct sysdb_ctx *sysdb, struct ldb_dn *dn, const char *attr_name, bool *value) { TALLOC_CTX *tmp_ctx; struct ldb_result *res; errno_t ret; int lret; const char *attrs[2] = {attr_name, NULL}; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } lret = ldb_search(sysdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } if (res->count == 0) { /* This entry has not been populated in LDB * This is a common case, as unlike LDAP, * LDB does not need to have all of its parent * objects actually exist. * This object in the sysdb exists mostly just * to contain this attribute. */ *value = false; ret = EOK; goto done; } else if (res->count != 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Got more than one reply for base search!\n")); ret = EIO; goto done; } *value = ldb_msg_find_attr_as_bool(res->msgs[0], attr_name, false); ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_set_bool(struct sysdb_ctx *sysdb, struct ldb_dn *dn, const char *cn_value, const char *attr_name, bool value) { TALLOC_CTX *tmp_ctx = NULL; struct ldb_message *msg = NULL; struct ldb_result *res = NULL; errno_t ret; int lret; if (dn == NULL || cn_value == NULL || attr_name == NULL) { return EINVAL; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } lret = ldb_search(sysdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE, NULL, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } msg = ldb_msg_new(tmp_ctx); if (msg == NULL) { ret = ENOMEM; goto done; } msg->dn = dn; if (res->count == 0) { lret = ldb_msg_add_string(msg, "cn", cn_value); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } } else if (res->count != 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Got more than one reply for base search!\n")); ret = EIO; goto done; } else { lret = ldb_msg_add_empty(msg, attr_name, LDB_FLAG_MOD_REPLACE, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } } lret = ldb_msg_add_string(msg, attr_name, value ? "TRUE" : "FALSE"); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } if (res->count) { lret = ldb_modify(sysdb->ldb, msg); } else { lret = ldb_add(sysdb->ldb, msg); } ret = sysdb_error_to_errno(lret); done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_has_enumerated(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, bool *has_enumerated) { errno_t ret; struct ldb_dn *dn; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, domain->name); if (!dn) { ret = ENOMEM; goto done; } ret = sysdb_get_bool(sysdb, dn, SYSDB_HAS_ENUMERATED, has_enumerated); done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_set_enumerated(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, bool enumerated) { errno_t ret; TALLOC_CTX *tmp_ctx; struct ldb_dn *dn; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { ret = ENOMEM; goto done; } dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, domain->name); if (!dn) { ret = ENOMEM; goto done; } ret = sysdb_set_bool(sysdb, dn, domain->name, SYSDB_HAS_ENUMERATED, enumerated); done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb, struct sysdb_attrs *attrs, const char *ldap_attr, const char **_primary) { errno_t ret; char *rdn_attr = NULL; char *rdn_val = NULL; struct ldb_message_element *sysdb_name_el; struct ldb_message_element *orig_dn_el; size_t i; TALLOC_CTX *tmp_ctx = NULL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_attrs_get_el(attrs, SYSDB_NAME, &sysdb_name_el); if (ret != EOK || sysdb_name_el->num_values == 0) { ret = EINVAL; goto done; } if (sysdb_name_el->num_values == 1) { /* Entry contains only one name. Just return that */ *_primary = (const char *)sysdb_name_el->values[0].data; ret = EOK; goto done; } /* Multiple values for name. Check whether one matches the RDN */ ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &orig_dn_el); if (ret) { goto done; } if (orig_dn_el->num_values == 0) { DEBUG(1, ("Original DN is not available.\n")); ret = EINVAL; goto done; } else if (orig_dn_el->num_values == 1) { ret = sysdb_get_rdn(sysdb, tmp_ctx, (const char *) orig_dn_el->values[0].data, &rdn_attr, &rdn_val); if (ret != EOK) { DEBUG(1, ("Could not get rdn from [%s]\n", (const char *) orig_dn_el->values[0].data)); goto done; } } else { DEBUG(1, ("Should not have more than one origDN\n")); ret = EINVAL; goto done; } /* First check whether the attribute name matches */ DEBUG(8, ("Comparing attribute names [%s] and [%s]\n", rdn_attr, ldap_attr)); if (strcasecmp(rdn_attr, ldap_attr) != 0) { /* Multiple entries, and the RDN attribute doesn't match. * We have no way of resolving this deterministically, * so we'll use the first value as a fallback. */ DEBUG(3, ("The entry has multiple names and the RDN attribute does " "not match. Will use the first value as fallback.\n")); *_primary = (const char *)sysdb_name_el->values[0].data; ret = EOK; goto done; } for (i = 0; i < sysdb_name_el->num_values; i++) { if (strcasecmp(rdn_val, (const char *)sysdb_name_el->values[i].data) == 0) { /* This name matches the RDN. Use it */ break; } } if (i < sysdb_name_el->num_values) { /* Match was found */ *_primary = (const char *)sysdb_name_el->values[i].data; } else { /* If we can't match the name to the RDN, we just have to * throw up our hands. There's no deterministic way to * decide which name is correct. */ DEBUG(1, ("Cannot save entry. Unable to determine groupname\n")); ret = EINVAL; goto done; } ret = EOK; done: if (ret != EOK) { DEBUG(1, ("Could not determine primary name: [%d][%s]\n", ret, strerror(ret))); } talloc_free(tmp_ctx); return ret; } /* * An entity with multiple names would have multiple SYSDB_NAME attributes * after being translated into sysdb names using a map. * Given a primary name returned by sysdb_attrs_primary_name(), this function * returns the other SYSDB_NAME attribute values so they can be saved as * SYSDB_NAME_ALIAS into cache. * * If lowercase is set, all aliases are duplicated in lowercase as well. */ errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx, struct sysdb_attrs *attrs, const char *primary, bool lowercase, const char ***_aliases) { TALLOC_CTX *tmp_ctx = NULL; struct ldb_message_element *sysdb_name_el; size_t i, j, ai; errno_t ret; const char **aliases = NULL; const char *name; char *lower; if (_aliases == NULL) return EINVAL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_attrs_get_el(attrs, SYSDB_NAME, &sysdb_name_el); if (ret != EOK || sysdb_name_el->num_values == 0) { ret = EINVAL; goto done; } aliases = talloc_array(tmp_ctx, const char *, sysdb_name_el->num_values + 1); if (!aliases) { ret = ENOMEM; goto done; } if (lowercase) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Domain is case-insensitive; will add lowercased aliases\n")); } ai = 0; for (i=0; i < sysdb_name_el->num_values; i++) { name = (const char *)sysdb_name_el->values[i].data; if (lowercase) { /* Domain is case-insensitive. Save the lower-cased version */ lower = sss_tc_utf8_str_tolower(tmp_ctx, name); if (!lower) { ret = ENOMEM; goto done; } for (j=0; j < ai; j++) { if (sss_utf8_case_eq((const uint8_t *) aliases[j], (const uint8_t *) lower) == ENOMATCH) { break; } } if (ai == 0 || j < ai) { aliases[ai] = talloc_strdup(aliases, lower); if (!aliases[ai]) { ret = ENOMEM; goto done; } ai++; } } else { /* Domain is case-sensitive. Save it as-is */ if (strcmp(primary, name) != 0) { aliases[ai] = talloc_strdup(aliases, name); if (!aliases[ai]) { ret = ENOMEM; goto done; } ai++; } } } aliases[ai] = NULL; ret = EOK; done: *_aliases = talloc_steal(mem_ctx, aliases); talloc_free(tmp_ctx); return ret; } errno_t sysdb_attrs_primary_name_list(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sysdb_attrs **attr_list, size_t attr_count, const char *ldap_attr, char ***name_list) { errno_t ret; size_t i, j; char **list; const char *name; /* Assume that every entry has a primary name */ list = talloc_array(mem_ctx, char *, attr_count+1); if (!list) { return ENOMEM; } j = 0; for (i = 0; i < attr_count; i++) { ret = sysdb_attrs_primary_name(sysdb, attr_list[i], ldap_attr, &name); if (ret != EOK) { DEBUG(1, ("Could not determine primary name\n")); /* Skip and continue. Don't advance 'j' */ continue; } list[j] = talloc_strdup(list, name); if (!list[j]) { ret = ENOMEM; goto done; } j++; } /* NULL-terminate the list */ list[j] = NULL; *name_list = list; ret = EOK; done: if (ret != EOK) { talloc_free(list); } return ret; } errno_t sysdb_get_real_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **_cname) { errno_t ret; TALLOC_CTX *tmp_ctx; struct ldb_result *res; const char *cname; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_getpwnam(tmp_ctx, sysdb, domain, name, &res); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot canonicalize username\n")); goto done; } if (res->count == 0) { /* User is not cached yet */ ret = ENOENT; goto done; } else if (res->count != 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_getpwnam returned count: [%d]\n", res->count)); ret = EIO; goto done; } cname = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); if (!cname) { DEBUG(SSSDBG_CRIT_FAILURE, ("A user with no name?\n")); ret = ENOENT; goto done; } ret = EOK; *_cname = talloc_steal(mem_ctx, cname); done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_msg2attrs(TALLOC_CTX *mem_ctx, size_t count, struct ldb_message **msgs, struct sysdb_attrs ***attrs) { int i; struct sysdb_attrs **a; a = talloc_array(mem_ctx, struct sysdb_attrs *, count); if (a == NULL) { DEBUG(1, ("talloc_array failed.\n")); return ENOMEM; } for (i = 0; i < count; i++) { a[i] = talloc(a, struct sysdb_attrs); if (a[i] == NULL) { DEBUG(1, ("talloc failed.\n")); talloc_free(a); return ENOMEM; } a[i]->num = msgs[i]->num_elements; a[i]->a = talloc_steal(a[i], msgs[i]->elements); } *attrs = a; return EOK; } sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_services.h0000644000000000000000000000007312320753107020126 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.458875095 sssd-1.11.5/src/db/sysdb_services.h0000664002412700241270000000752712320753107020364 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef SYSDB_SERVICES_H_ #define SYSDB_SERVICES_H_ #define SYSDB_SVC_CLASS "service" #define SYSDB_SVC_CONTAINER "cn=services" #define SYSDB_SC "objectclass="SYSDB_SVC_CLASS #define SYSDB_SVC_PORT "servicePort" #define SYSDB_SVC_PROTO "serviceProtocol" #define SYSDB_TMPL_SVC_BASE SYSDB_SVC_CONTAINER",cn=%s,"SYSDB_BASE #define SYSDB_TMPL_SVC SYSDB_NAME"=%s,"SYSDB_TMPL_SVC_BASE #define SYSDB_SVC_BYNAME_FILTER "(&("SYSDB_SVC_PROTO"=%s)(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_SVC_BYPORT_FILTER "(&("SYSDB_SVC_PROTO"=%s)("SYSDB_SVC_PORT"=%u))" #define SYSDB_SVC_ATTRS { \ SYSDB_NAME, \ SYSDB_NAME_ALIAS, \ SYSDB_SVC_PORT, \ SYSDB_SVC_PROTO, \ SYSDB_DEFAULT_ATTRS, \ NULL } errno_t sysdb_getservbyname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *proto, struct ldb_result **_res); errno_t sysdb_getservbyport(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, int port, const char *proto, struct ldb_result **_res); errno_t sysdb_enumservent(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct ldb_result **_res); errno_t sysdb_store_service(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *primary_name, int port, const char **aliases, const char **protocols, struct sysdb_attrs *extra_attrs, char **remove_attrs, uint64_t cache_timeout, time_t now); struct ldb_dn * sysdb_svc_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, const char *domain, const char *name); errno_t sysdb_svc_add(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *primary_name, int port, const char **aliases, const char **protocols, struct ldb_dn **dn); errno_t sysdb_svc_delete(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, int port, const char *proto); errno_t sysdb_set_service_attr(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs, int mod_op); errno_t sysdb_search_services(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs); #endif /* SYSDB_SERVICES_H_ */ sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_autofs.h0000644000000000000000000000007312320753107017604 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.455875097 sssd-1.11.5/src/db/sysdb_autofs.h0000664002412700241270000000654312320753107020037 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SYSDB_AUTOFS_H_ #define _SYSDB_AUTOFS_H_ #include "db/sysdb.h" /* subdirs in cn=custom in sysdb. We don't store autofs stuff in sysdb directly * b/c it's not name-service-switch data */ #define AUTOFS_MAP_SUBDIR "autofsmaps" #define AUTOFS_ENTRY_SUBDIR "autofsentries" #define SYSDB_AUTOFS_MAP_OC "automountMap" #define SYSDB_AUTOFS_MAP_NAME "automountMapName" #define SYSDB_AUTOFS_ENTRY_OC "automount" #define SYSDB_AUTOFS_ENTRY_KEY "automountKey" #define SYSDB_AUTOFS_ENTRY_VALUE "automountInformation" errno_t sysdb_save_autofsmap(struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *domain, const char *name, const char *autofsmapname, struct sysdb_attrs *attrs, int cache_timeout, time_t now); errno_t sysdb_get_map_byname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *map_name, struct ldb_message **map); errno_t sysdb_delete_autofsmap(struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *domain, const char *name); errno_t sysdb_save_autofsentry(struct sysdb_ctx *sysdb_ctx, struct sss_domain_info *domain, const char *map, const char *key, const char *value, struct sysdb_attrs *attrs); errno_t sysdb_del_autofsentry(struct sysdb_ctx *sysdb_ctx, const char *entry_dn); errno_t sysdb_autofs_entries_by_map(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *mapname, size_t *_count, struct ldb_message ***_entries); errno_t sysdb_set_autofsmap_attr(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs, int mod_op); errno_t sysdb_invalidate_autofs_maps(struct sysdb_ctx *sysdb, struct sss_domain_info *domain); char * sysdb_autofsentry_strdn(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *map_name, const char *entry_name, const char *entry_value); #endif /* _SYSDB_AUTOFS_H_ */ sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_idmap.c0000644000000000000000000000007312320753107017370 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.664874943 sssd-1.11.5/src/db/sysdb_idmap.c0000664002412700241270000002324412320753107017620 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "db/sysdb.h" #include "db/sysdb_private.h" static struct ldb_dn * sysdb_idmap_dn(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *object_sid) { errno_t ret; char *clean_sid; struct ldb_dn *dn; ret = sysdb_dn_sanitize(NULL, object_sid, &clean_sid); if (ret != EOK) { return NULL; } DEBUG(SSSDBG_TRACE_ALL, (SYSDB_TMPL_IDMAP"\n", clean_sid, domain->name)); dn = ldb_dn_new_fmt(mem_ctx, sysdb->ldb, SYSDB_TMPL_IDMAP, clean_sid, domain->name); talloc_free(clean_sid); return dn; } errno_t sysdb_idmap_store_mapping(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *dom_name, const char *dom_sid, id_t slice_num) { errno_t ret, sret; int lret; bool in_transaction = false; TALLOC_CTX *tmp_ctx; struct ldb_dn *dn; static const char *attrs[] = SYSDB_IDMAP_ATTRS; size_t count; struct ldb_message *update_msg; struct ldb_message **msgs; const char *old_name; id_t old_slice; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; dn = sysdb_idmap_dn(tmp_ctx, sysdb, domain, dom_sid); if (!dn) { ret = ENOMEM; goto done; } update_msg = ldb_msg_new(tmp_ctx); if (!update_msg) { ret = ENOMEM; goto done; } update_msg->dn = dn; ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; /* Check for an existing mapping */ ret = sysdb_search_entry(tmp_ctx, sysdb, dn, LDB_SCOPE_BASE, NULL, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; if (ret == EOK && count != 1) { /* More than one reply for a base search? */ ret = EIO; goto done; } else if (ret == ENOENT) { /* Create a new mapping */ DEBUG(SSSDBG_CONF_SETTINGS, ("Adding new ID mapping [%s][%s][%lu]\n", dom_name, dom_sid, (unsigned long)slice_num)); /* Add the objectClass */ lret = ldb_msg_add_empty(update_msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_ADD, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } lret = ldb_msg_add_string(update_msg, SYSDB_OBJECTCLASS, SYSDB_IDMAP_MAPPING_OC); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } /* Add the domain objectSID */ lret = ldb_msg_add_empty(update_msg, SYSDB_IDMAP_SID_ATTR, LDB_FLAG_MOD_ADD, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } lret = ldb_msg_add_string(update_msg, SYSDB_IDMAP_SID_ATTR, dom_sid); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } /* Add the domain name */ lret = ldb_msg_add_empty(update_msg, SYSDB_NAME, LDB_FLAG_MOD_ADD, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } lret = ldb_msg_add_string(update_msg, SYSDB_NAME, dom_name); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } /* Add the slice number */ lret = ldb_msg_add_empty(update_msg, SYSDB_IDMAP_SLICE_ATTR, LDB_FLAG_MOD_ADD, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } lret = ldb_msg_add_fmt(update_msg, SYSDB_IDMAP_SLICE_ATTR, "%lu", (unsigned long)slice_num); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } lret = ldb_add(sysdb->ldb, update_msg); if (lret != LDB_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add mapping: [%s]\n", ldb_strerror(lret))); ret = sysdb_error_to_errno(lret); goto done; } } else { /* Update the existing mapping */ /* Check whether the slice has changed * This should never happen, and it's a recipe for * disaster. We'll throw an error if it does. */ old_slice = ldb_msg_find_attr_as_int(msgs[0], SYSDB_IDMAP_SLICE_ATTR, -1); if (old_slice == -1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not identify original slice for SID [%s]\n", dom_sid)); ret = ENOENT; goto done; } if (slice_num != old_slice) { DEBUG(SSSDBG_FATAL_FAILURE, ("Detected attempt to change slice value for sid [%s] " "This will break existing users. Refusing to perform.\n", dom_sid)); ret = EINVAL; goto done; } /* Check whether the name has changed. This may happen * if we're told the real name of a domain and want to * replace the SID as placeholder. */ old_name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (!old_name) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not identify original domain name of SID [%s]\n", dom_sid)); ret = ENOENT; goto done; } if (strcmp(old_name, dom_name) == 0) { /* There's nothing to be done. We don't need to * make any changes here. Just return success. */ DEBUG(SSSDBG_TRACE_LIBS, ("No changes needed, canceling transaction\n")); ret = EOK; goto done; } else { /* The name has changed. Replace it */ DEBUG(SSSDBG_CONF_SETTINGS, ("Changing domain name of SID [%s] from [%s] to [%s]\n", dom_sid, old_name, dom_name)); /* Set the new name */ lret = ldb_msg_add_empty(update_msg, SYSDB_NAME, LDB_FLAG_MOD_REPLACE, NULL); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } lret = ldb_msg_add_string(update_msg, SYSDB_NAME, dom_name); if (lret != LDB_SUCCESS) { ret = sysdb_error_to_errno(lret); goto done; } } lret = ldb_modify(sysdb->ldb, update_msg); if (lret != LDB_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to update mapping: [%s]\n", ldb_strerror(lret))); ret = sysdb_error_to_errno(lret); goto done; } } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not commit transaction: [%s]\n", strerror(ret))); goto done; } in_transaction = false; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } errno_t sysdb_idmap_get_mappings(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct ldb_result **_result) { errno_t ret; int lret; struct ldb_dn *base_dn; TALLOC_CTX *tmp_ctx; struct ldb_result *res; static const char *attrs[] = SYSDB_IDMAP_ATTRS; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; DEBUG(SSSDBG_TRACE_ALL, (SYSDB_TMPL_IDMAP_BASE"\n", domain->name)); base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_IDMAP_BASE, domain->name); if (!base_dn) { ret = ENOMEM; goto done; } lret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, SYSDB_IDMAP_FILTER); if (lret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not locate ID mappings: [%s]\n", ldb_strerror(lret))); ret = sysdb_error_to_errno(lret); goto done; } *_result = talloc_steal(mem_ctx, res); ret = EOK; done: talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/db/PaxHeaders.13173/sysdb.h0000644000000000000000000000007312320753107016223 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.453875099 sssd-1.11.5/src/db/sysdb.h0000664002412700241270000011132612320753107016452 0ustar00jhrozekjhrozek00000000000000/* SSSD System Database Header Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SYS_DB_H__ #define __SYS_DB_H__ #include "util/util.h" #include "confdb/confdb.h" #include #define CACHE_SYSDB_FILE "cache_%s.ldb" #define LOCAL_SYSDB_FILE "sssd.ldb" #define SYSDB_BASE "cn=sysdb" #define SYSDB_DOM_BASE "cn=%s,cn=sysdb" #define SYSDB_USERS_CONTAINER "cn=users" #define SYSDB_GROUPS_CONTAINER "cn=groups" #define SYSDB_CUSTOM_CONTAINER "cn=custom" #define SYSDB_NETGROUP_CONTAINER "cn=Netgroups" #define SYSDB_RANGE_CONTAINER "cn=ranges" #define SYSDB_TMPL_USER_BASE SYSDB_USERS_CONTAINER","SYSDB_DOM_BASE #define SYSDB_TMPL_GROUP_BASE SYSDB_GROUPS_CONTAINER","SYSDB_DOM_BASE #define SYSDB_TMPL_CUSTOM_BASE SYSDB_CUSTOM_CONTAINER","SYSDB_DOM_BASE #define SYSDB_TMPL_NETGROUP_BASE SYSDB_NETGROUP_CONTAINER","SYSDB_DOM_BASE #define SYSDB_TMPL_RANGE_BASE SYSDB_RANGE_CONTAINER","SYSDB_BASE #define SYSDB_SUBDOMAIN_CLASS "subdomain" #define SYSDB_USER_CLASS "user" #define SYSDB_GROUP_CLASS "group" #define SYSDB_NETGROUP_CLASS "netgroup" #define SYSDB_HOST_CLASS "host" #define SYSDB_HOSTGROUP_CLASS "hostgroup" #define SYSDB_SELINUX_USERMAP_CLASS "selinuxusermap" #define SYSDB_SELINUX_CLASS "selinux" #define SYSDB_ID_RANGE_CLASS "idRange" #define SYSDB_DOMAIN_ID_RANGE_CLASS "domainIDRange" #define SYSDB_TRUSTED_AD_DOMAIN_RANGE_CLASS "TrustedADDomainRange" #define SYSDB_NAME "name" #define SYSDB_NAME_ALIAS "nameAlias" #define SYSDB_OBJECTCLASS "objectClass" #define SYSDB_NEXTID "nextID" #define SYSDB_UIDNUM "uidNumber" #define SYSDB_GIDNUM "gidNumber" #define SYSDB_CREATE_TIME "createTimestamp" #define SYSDB_PWD "userPassword" #define SYSDB_FULLNAME "fullName" #define SYSDB_HOMEDIR "homeDirectory" #define SYSDB_SHELL "loginShell" #define SYSDB_MEMBEROF "memberOf" #define SYSDB_DISABLED "disabled" #define SYSDB_MEMBER "member" #define SYSDB_MEMBERUID "memberUid" #define SYSDB_GHOST "ghost" #define SYSDB_POSIX "isPosix" #define SYSDB_USER_CATEGORY "userCategory" #define SYSDB_HOST_CATEGORY "hostCategory" #define SYSDB_GROUP_TYPE "groupType" #define SYSDB_GECOS "gecos" #define SYSDB_LAST_LOGIN "lastLogin" #define SYSDB_LAST_ONLINE_AUTH "lastOnlineAuth" #define SYSDB_LAST_FAILED_LOGIN "lastFailedLogin" #define SYSDB_FAILED_LOGIN_ATTEMPTS "failedLoginAttempts" #define SYSDB_LAST_UPDATE "lastUpdate" #define SYSDB_CACHE_EXPIRE "dataExpireTimestamp" #define SYSDB_INITGR_EXPIRE "initgrExpireTimestamp" #define SYSDB_AUTHORIZED_SERVICE "authorizedService" #define SYSDB_AUTHORIZED_HOST "authorizedHost" #define SYSDB_NETGROUP_TRIPLE "netgroupTriple" #define SYSDB_ORIG_NETGROUP_MEMBER "originalMemberNisNetgroup" #define SYSDB_ORIG_NETGROUP_EXTERNAL_HOST "originalExternalHost" #define SYSDB_NETGROUP_DOMAIN "nisDomain" #define SYSDB_NETGROUP_MEMBER "memberNisNetgroup" #define SYSDB_DESCRIPTION "description" #define SYSDB_FQDN "fqdn" #define SYSDB_SERVERHOSTNAME "serverHostname" #define SYSDB_CACHEDPWD "cachedPassword" #define SYSDB_UUID "uniqueID" #define SYSDB_SID "objectSID" #define SYSDB_PRIMARY_GROUP "ADPrimaryGroupID" #define SYSDB_PRIMARY_GROUP_GIDNUM "origPrimaryGroupGidNumber" #define SYSDB_SID_STR "objectSIDString" #define SYSDB_UPN "userPrincipalName" #define SYSDB_CANONICAL_UPN "canonicalUserPrincipalName" #define SYSDB_CCACHE_FILE "ccacheFile" #define SYSDB_ORIG_DN "originalDN" #define SYSDB_ORIG_MODSTAMP "originalModifyTimestamp" #define SYSDB_ORIG_MEMBEROF "originalMemberOf" #define SYSDB_ORIG_MEMBER "orig_member" #define SYSDB_ORIG_MEMBER_USER "originalMemberUser" #define SYSDB_ORIG_MEMBER_HOST "originalMemberHost" #define SYSDB_USN "entryUSN" #define SYSDB_HIGH_USN "highestUSN" #define SYSDB_SSH_PUBKEY "sshPublicKey" #define SYSDB_SUBDOMAIN_REALM "realmName" #define SYSDB_SUBDOMAIN_FLAT "flatName" #define SYSDB_SUBDOMAIN_ID "domainID" #define SYSDB_SUBDOMAIN_MPG "mpg" #define SYSDB_SUBDOMAIN_ENUM "enumerate" #define SYSDB_SUBDOMAIN_FOREST "memberOfForest" #define SYSDB_BASE_ID "baseID" #define SYSDB_ID_RANGE_SIZE "idRangeSize" #define SYSDB_BASE_RID "baseRID" #define SYSDB_SECONDARY_BASE_RID "secondaryBaseRID" #define SYSDB_DOMAIN_ID "domainID" #define SYSDB_ID_RANGE_TYPE "idRangeType" #define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)" #define SYSDB_UC "objectclass="SYSDB_USER_CLASS #define SYSDB_GC "objectclass="SYSDB_GROUP_CLASS #define SYSDB_NC "objectclass="SYSDB_NETGROUP_CLASS #define SYSDB_MPGC "|("SYSDB_UC")("SYSDB_GC")" #define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_PWUID_FILTER "(&("SYSDB_UC")("SYSDB_UIDNUM"=%lu))" #define SYSDB_PWSID_FILTER "(&("SYSDB_UC")("SYSDB_SID_STR"=%s))" #define SYSDB_PWENT_FILTER "("SYSDB_UC")" #define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_GRGID_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))" #define SYSDB_GRSID_FILTER "(&("SYSDB_GC")("SYSDB_SID_STR"=%s))" #define SYSDB_GRENT_FILTER "("SYSDB_GC")" #define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))" #define SYSDB_GRENT_MPG_FILTER "("SYSDB_MPGC")" #define SYSDB_INITGR_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=*))" #define SYSDB_NETGR_FILTER "(&("SYSDB_NC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_NETGR_TRIPLES_FILTER "(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_MEMBEROF"=%s))" #define SYSDB_SID_FILTER "(&(|("SYSDB_UC")("SYSDB_GC"))("SYSDB_SID_STR"=%s))" #define SYSDB_HAS_ENUMERATED "has_enumerated" #define SYSDB_DEFAULT_ATTRS SYSDB_LAST_UPDATE, \ SYSDB_CACHE_EXPIRE, \ SYSDB_INITGR_EXPIRE, \ SYSDB_OBJECTCLASS #define SYSDB_PW_ATTRS {SYSDB_NAME, SYSDB_UIDNUM, \ SYSDB_GIDNUM, SYSDB_GECOS, \ SYSDB_HOMEDIR, SYSDB_SHELL, \ SYSDB_DEFAULT_ATTRS, \ SYSDB_PRIMARY_GROUP_GIDNUM, \ SYSDB_SID_STR, \ NULL} #define SYSDB_GRSRC_ATTRS {SYSDB_NAME, SYSDB_GIDNUM, \ SYSDB_MEMBERUID, \ SYSDB_GHOST, \ SYSDB_DEFAULT_ATTRS, \ NULL} #define SYSDB_NETGR_ATTRS {SYSDB_NAME, SYSDB_NETGROUP_TRIPLE, \ SYSDB_NETGROUP_MEMBER, \ SYSDB_DEFAULT_ATTRS, \ NULL} #define SYSDB_INITGR_ATTR SYSDB_MEMBEROF #define SYSDB_INITGR_ATTRS {SYSDB_GIDNUM, SYSDB_POSIX, \ SYSDB_DEFAULT_ATTRS, \ SYSDB_ORIG_DN, \ SYSDB_SID_STR, \ NULL} #define SYSDB_TMPL_USER SYSDB_NAME"=%s,"SYSDB_TMPL_USER_BASE #define SYSDB_TMPL_GROUP SYSDB_NAME"=%s,"SYSDB_TMPL_GROUP_BASE #define SYSDB_TMPL_NETGROUP SYSDB_NAME"=%s,"SYSDB_TMPL_NETGROUP_BASE #define SYSDB_TMPL_CUSTOM_SUBTREE "cn=%s,"SYSDB_TMPL_CUSTOM_BASE #define SYSDB_TMPL_CUSTOM SYSDB_NAME"=%s,cn=%s,"SYSDB_TMPL_CUSTOM_BASE #define SYSDB_TMPL_RANGE SYSDB_NAME"=%s,"SYSDB_TMPL_RANGE_BASE #define SYSDB_MOD_ADD LDB_FLAG_MOD_ADD #define SYSDB_MOD_DEL LDB_FLAG_MOD_DELETE #define SYSDB_MOD_REP LDB_FLAG_MOD_REPLACE /* sysdb version check macros */ #define SYSDB_VERSION_ERROR_HINT \ ERROR("Removing cache files in "DB_PATH" should fix the issue, " \ "but note that removing cache files will also remove all of your " \ "cached credentials.\n") #define SYSDB_VERSION_LOWER_ERROR(ret) do { \ if (ret == EUCLEAN) { \ ERROR("Lower version of database is expected!\n"); \ SYSDB_VERSION_ERROR_HINT; \ } \ } while(0) #define SYSDB_VERSION_HIGHER_ERROR(ret) do { \ if (ret == EMEDIUMTYPE) { \ ERROR("Higher version of database is expected!\n"); \ ERROR("In order to upgrade the database, you must run SSSD.\n"); \ SYSDB_VERSION_ERROR_HINT; \ } \ } while(0) /* use this in daemons */ #define SYSDB_VERSION_ERROR_DAEMON(ret) \ SYSDB_VERSION_LOWER_ERROR(ret) /* use this in tools */ #define SYSDB_VERSION_ERROR(ret) \ SYSDB_VERSION_LOWER_ERROR(ret); \ SYSDB_VERSION_HIGHER_ERROR(ret) struct confdb_ctx; struct sysdb_ctx; struct sysdb_attrs { int num; struct ldb_message_element *a; }; /* sysdb_attrs helper functions */ struct sysdb_attrs *sysdb_new_attrs(TALLOC_CTX *mem_ctx); struct range_info { char *name; uint32_t base_id; uint32_t id_range_size; uint32_t base_rid; uint32_t secondary_base_rid; char *trusted_dom_sid; char *range_type; }; /* values are copied in the structure, allocated on "attrs" */ int sysdb_attrs_add_val(struct sysdb_attrs *attrs, const char *name, const struct ldb_val *val); int sysdb_attrs_add_string(struct sysdb_attrs *attrs, const char *name, const char *str); int sysdb_attrs_add_mem(struct sysdb_attrs *, const char *, const void *, size_t); int sysdb_attrs_add_bool(struct sysdb_attrs *attrs, const char *name, bool value); int sysdb_attrs_add_long(struct sysdb_attrs *attrs, const char *name, long value); int sysdb_attrs_add_uint32(struct sysdb_attrs *attrs, const char *name, uint32_t value); int sysdb_attrs_add_time_t(struct sysdb_attrs *attrs, const char *name, time_t value); int sysdb_attrs_add_lc_name_alias(struct sysdb_attrs *attrs, const char *value); int sysdb_attrs_copy_values(struct sysdb_attrs *src, struct sysdb_attrs *dst, const char *name); int sysdb_attrs_get_el(struct sysdb_attrs *attrs, const char *name, struct ldb_message_element **el); int sysdb_attrs_get_el_ext(struct sysdb_attrs *attrs, const char *name, bool alloc, struct ldb_message_element **el); int sysdb_attrs_steal_string(struct sysdb_attrs *attrs, const char *name, char *str); int sysdb_attrs_get_string(struct sysdb_attrs *attrs, const char *name, const char **string); const char **sss_ldb_el_to_string_list(TALLOC_CTX *mem_ctx, struct ldb_message_element *el); int sysdb_attrs_get_string_array(struct sysdb_attrs *attrs, const char *name, TALLOC_CTX *mem_ctx, const char ***string); errno_t sysdb_attrs_get_bool(struct sysdb_attrs *attrs, const char *name, bool *value); int sysdb_attrs_get_uint16_t(struct sysdb_attrs *attrs, const char *name, uint16_t *value); int sysdb_attrs_get_int32_t(struct sysdb_attrs *attrs, const char *name, int32_t *value); int sysdb_attrs_get_uint32_t(struct sysdb_attrs *attrs, const char *name, uint32_t *value); int sysdb_attrs_replace_name(struct sysdb_attrs *attrs, const char *oldname, const char *newname); int sysdb_attrs_users_from_str_list(struct sysdb_attrs *attrs, const char *attr_name, const char *domain, const char *const *list); errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb, struct sysdb_attrs *attrs, const char *ldap_attr, const char **_primary); errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx, struct sysdb_attrs *attrs, const char *primary, bool lowercase, const char ***_aliases); errno_t sysdb_attrs_primary_name_list(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sysdb_attrs **attr_list, size_t attr_count, const char *ldap_attr, char ***name_list); errno_t sysdb_get_real_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **_cname); errno_t sysdb_msg2attrs(TALLOC_CTX *mem_ctx, size_t count, struct ldb_message **msgs, struct sysdb_attrs ***attrs); /* convert an ldb error into an errno error */ int sysdb_error_to_errno(int ldberr); /* DNs related helper functions */ errno_t sysdb_get_rdn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, const char *_dn, char **_name, char **_val); struct ldb_dn *sysdb_user_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *name); struct ldb_dn *sysdb_group_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *name); struct ldb_dn *sysdb_netgroup_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *name); struct ldb_dn *sysdb_netgroup_base_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom); errno_t sysdb_group_dn_name(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, const char *dn_str, char **name); struct ldb_dn *sysdb_domain_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom); struct ldb_dn *sysdb_base_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx); struct ldb_dn *sysdb_custom_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *object_name, const char *subtree_name); struct ldb_dn *sysdb_custom_subtree_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *subtree_name); char *sysdb_user_strdn(TALLOC_CTX *mem_ctx, const char *domain, const char *name); char *sysdb_group_strdn(TALLOC_CTX *mem_ctx, const char *domain, const char *name); struct ldb_context *sysdb_ctx_get_ldb(struct sysdb_ctx *sysdb); int compare_ldb_dn_comp_num(const void *m1, const void *m2); /* functions to start and finish transactions */ int sysdb_transaction_start(struct sysdb_ctx *sysdb); int sysdb_transaction_commit(struct sysdb_ctx *sysdb); int sysdb_transaction_cancel(struct sysdb_ctx *sysdb); /* functions related to subdomains */ errno_t sysdb_domain_create(struct sysdb_ctx *sysdb, const char *domain_name); errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb, const char *name, const char *realm, const char *flat_name, const char *domain_id, bool mpg, bool enumerate, const char *forest); errno_t sysdb_update_subdomains(struct sss_domain_info *domain); errno_t sysdb_master_domain_update(struct sss_domain_info *domain); errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain, const char *flat, const char *id, const char* forest); errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name); errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, size_t *range_count, struct range_info ***range_list); errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range); errno_t sysdb_update_ranges(struct sysdb_ctx *sysdb, struct range_info **ranges); /* Sysdb initialization. * call this function *only* once to initialize the database and get * the sysdb ctx */ int sysdb_init(TALLOC_CTX *mem_ctx, struct sss_domain_info *domains, bool allow_upgrade); /* used to initialize only one domain database. * Do NOT use if sysdb_init has already been called */ int sysdb_domain_init(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *db_path, struct sysdb_ctx **_ctx); /* functions to retrieve information from sysdb * These functions automatically starts an operation * therefore they cannot be called within a transaction */ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct ldb_result **res); int sysdb_getpwuid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, uid_t uid, struct ldb_result **res); int sysdb_enumpwent(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct ldb_result **res); int sysdb_getgrnam(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct ldb_result **res); int sysdb_getgrgid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, gid_t gid, struct ldb_result **res); int sysdb_enumgrent(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct ldb_result **res); struct sysdb_netgroup_ctx { enum {SYSDB_NETGROUP_TRIPLE_VAL, SYSDB_NETGROUP_GROUP_VAL} type; union { struct { char *hostname; char *username; char *domainname; } triple; char *groupname; } value; }; errno_t sysdb_getnetgr(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *netgroup, struct ldb_result **res); int sysdb_initgroups(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct ldb_result **res); int sysdb_get_user_attr(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **attributes, struct ldb_result **res); int sysdb_get_netgroup_attr(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *netgrname, const char **attributes, struct ldb_result **res); /* functions that modify the databse * they have to be called within a transaction * See sysdb_transaction_send()/_recv() */ /* Permissive modify */ int sss_ldb_modify_permissive(struct ldb_context *ldb, struct ldb_message *msg); /* Delete Entry */ int sysdb_delete_entry(struct sysdb_ctx *sysdb, struct ldb_dn *dn, bool ignore_not_found); int sysdb_delete_recursive(struct sysdb_ctx *sysdb, struct ldb_dn *dn, bool ignore_not_found); /* Search Entry */ int sysdb_search_entry(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ldb_dn *base_dn, int scope, const char *filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs); /* Search User (by uid, sid or name) */ int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **attrs, struct ldb_message **msg); int sysdb_search_user_by_uid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, uid_t uid, const char **attrs, struct ldb_message **msg); int sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sid_str, const char **attrs, struct ldb_message **msg); /* Search Group (by gid, sid or name) */ int sysdb_search_group_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **attrs, struct ldb_message **msg); int sysdb_search_group_by_gid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, gid_t gid, const char **attrs, struct ldb_message **msg); int sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sid_str, const char **attrs, struct ldb_message **msg); /* Search Netgroup (by name) */ int sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **attrs, struct ldb_message **msg); /* Replace entry attrs */ int sysdb_set_entry_attr(struct sysdb_ctx *sysdb, struct ldb_dn *entry_dn, struct sysdb_attrs *attrs, int mod_op); /* Replace user attrs */ int sysdb_set_user_attr(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs, int mod_op); /* Replace group attrs */ int sysdb_set_group_attr(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs, int mod_op); /* Replace netgroup attrs */ int sysdb_set_netgroup_attr(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct sysdb_attrs *attrs, int mod_op); /* Allocate a new id */ int sysdb_get_new_id(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, uint32_t *id); /* Add user (only basic attrs and w/o checks) */ int sysdb_add_basic_user(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, uid_t uid, gid_t gid, const char *gecos, const char *homedir, const char *shell); /* Add user (all checks) */ int sysdb_add_user(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, uid_t uid, gid_t gid, const char *gecos, const char *homedir, const char *shell, const char *orig_dn, struct sysdb_attrs *attrs, int cache_timeout, time_t now); /* Add group (only basic attrs and w/o checks) */ int sysdb_add_basic_group(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, gid_t gid); /* Add group (all checks) */ int sysdb_add_group(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, gid_t gid, struct sysdb_attrs *attrs, int cache_timeout, time_t now); int sysdb_add_incomplete_group(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, gid_t gid, const char *original_dn, const char *sid_str, bool posix, time_t now); /* Add netgroup (only basic attrs and w/o checks) */ int sysdb_add_basic_netgroup(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *description); int sysdb_add_netgroup(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *description, struct sysdb_attrs *attrs, char **missing, int cache_timeout, time_t now); /* mod_op must be either LDB_FLAG_MOD_ADD or LDB_FLAG_MOD_DELETE */ int sysdb_mod_group_member(struct sysdb_ctx *sysdb, struct ldb_dn *member_dn, struct ldb_dn *group_dn, int mod_op); int sysdb_store_user(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *pwd, uid_t uid, gid_t gid, const char *gecos, const char *homedir, const char *shell, const char *orig_dn, struct sysdb_attrs *attrs, char **remove_attrs, uint64_t cache_timeout, time_t now); int sysdb_store_group(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, gid_t gid, struct sysdb_attrs *attrs, uint64_t cache_timeout, time_t now); enum sysdb_member_type { SYSDB_MEMBER_USER, SYSDB_MEMBER_GROUP, SYSDB_MEMBER_NETGROUP, SYSDB_MEMBER_SERVICE, }; int sysdb_add_group_member(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *group, const char *member, enum sysdb_member_type type, bool is_dn); int sysdb_remove_group_member(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *group, const char *member, enum sysdb_member_type type, bool is_dn); errno_t sysdb_update_members(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *member, enum sysdb_member_type type, const char *const *add_groups, const char *const *del_groups); errno_t sysdb_update_members_dn(struct sysdb_ctx *sysdb, struct sss_domain_info *member_domain, const char *member, enum sysdb_member_type type, const char *const *add_groups, const char *const *del_groups); /* Password caching function. * If you are in a transaction ignore sysdb and pass in the handle. * If you are not in a transaction pass NULL in handle and provide sysdb, * in this case a transaction will be automatically started and the * function will be completely wrapped in it's own sysdb transaction */ int sysdb_cache_password(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *username, const char *password); errno_t check_failed_login_attempts(struct confdb_ctx *cdb, struct ldb_message *ldb_msg, uint32_t *failed_login_attempts, time_t *delayed_until); int sysdb_cache_auth(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *password, struct confdb_ctx *cdb, bool just_check, time_t *_expire_date, time_t *_delayed_until); int sysdb_store_custom(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *object_name, const char *subtree_name, struct sysdb_attrs *attrs); int sysdb_search_custom(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *filter, const char *subtree_name, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs); int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *object_name, const char *subtree_name, const char **attrs, size_t *_count, struct ldb_message ***_msgs); int sysdb_delete_custom(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *object_name, const char *subtree_name); int sysdb_asq_search(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ldb_dn *base_dn, const char *expression, const char *asq_attribute, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs); int sysdb_search_users(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs); int sysdb_delete_user(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, uid_t uid); int sysdb_search_groups(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs); int sysdb_delete_group(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, gid_t gid); int sysdb_search_netgroups(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs); int sysdb_delete_netgroup(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name); int sysdb_delete_by_sid(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sid_str); errno_t sysdb_attrs_to_list(TALLOC_CTX *mem_ctx, struct sysdb_attrs **attrs, int attr_count, const char *attr_name, char ***_list); errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx, struct ldb_result *res, struct sysdb_netgroup_ctx ***entries); errno_t sysdb_dn_sanitize(TALLOC_CTX *mem_ctx, const char *input, char **sanitized); errno_t sysdb_get_bool(struct sysdb_ctx *sysdb, struct ldb_dn *dn, const char *attr_name, bool *value); errno_t sysdb_set_bool(struct sysdb_ctx *sysdb, struct ldb_dn *dn, const char *cn_value, const char *attr_name, bool value); errno_t sysdb_has_enumerated(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, bool *has_enumerated); errno_t sysdb_set_enumerated(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, bool enumerated); errno_t sysdb_remove_attrs(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, enum sysdb_member_type type, char **remove_attrs); errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, enum sysdb_member_type mtype, const char *name, char ***_direct_parents); /* === Functions related to ID-mapping === */ #define SYSDB_IDMAP_CONTAINER "cn=id_mappings" #define SYSDB_IDMAP_SUBTREE "idmap" #define SYSDB_IDMAP_MAPPING_OC "id_mapping" #define SYSDB_IDMAP_FILTER "(objectClass="SYSDB_IDMAP_MAPPING_OC")" #define SYSDB_IDMAP_SID_ATTR "objectSID" #define SYSDB_IDMAP_SLICE_ATTR "slice" #define SYSDB_IDMAP_ATTRS { \ SYSDB_NAME, \ SYSDB_IDMAP_SID_ATTR, \ SYSDB_IDMAP_SLICE_ATTR, \ NULL } #define SYSDB_TMPL_IDMAP_BASE SYSDB_IDMAP_CONTAINER",cn=%s,"SYSDB_BASE #define SYSDB_TMPL_IDMAP SYSDB_IDMAP_SID_ATTR"=%s,"SYSDB_TMPL_IDMAP_BASE errno_t sysdb_idmap_store_mapping(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *dom_name, const char *dom_sid, id_t slice_num); errno_t sysdb_idmap_get_mappings(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct ldb_result **_result); errno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *sid_str, const char **attrs, struct ldb_result **msg); #endif /* __SYS_DB_H__ */ sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_search.c0000644000000000000000000000007312320753107017543 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.658874948 sssd-1.11.5/src/db/sysdb_search.c0000664002412700241270000006512512320753107017777 0ustar00jhrozekjhrozek00000000000000/* SSSD System Database Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb_private.h" #include "confdb/confdb.h" #include #include /* users */ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct ldb_result **_res) { TALLOC_CTX *tmp_ctx; static const char *attrs[] = SYSDB_PW_ATTRS; struct ldb_dn *base_dn; struct ldb_result *res; char *sanitized_name; char *lc_sanitized_name; const char *src_name; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_USER_BASE, domain->name); if (!base_dn) { ret = ENOMEM; goto done; } /* If this is a subomain we need to use fully qualified names for the * search as well by default */ src_name = sss_get_domain_name(tmp_ctx, name, domain); if (!src_name) { ret = ENOMEM; goto done; } ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain, &sanitized_name, &lc_sanitized_name); if (ret != EOK) { goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, SYSDB_PWNAM_FILTER, lc_sanitized_name, sanitized_name, sanitized_name); if (ret) { ret = sysdb_error_to_errno(ret); goto done; } *_res = talloc_steal(mem_ctx, res); done: talloc_zfree(tmp_ctx); return ret; } int sysdb_getpwuid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, uid_t uid, struct ldb_result **_res) { TALLOC_CTX *tmp_ctx; unsigned long int ul_uid = uid; static const char *attrs[] = SYSDB_PW_ATTRS; struct ldb_dn *base_dn; struct ldb_result *res; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_USER_BASE, domain->name); if (!base_dn) { ret = ENOMEM; goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, SYSDB_PWUID_FILTER, ul_uid); if (ret) { ret = sysdb_error_to_errno(ret); goto done; } *_res = talloc_steal(mem_ctx, res); done: talloc_zfree(tmp_ctx); return ret; } int sysdb_enumpwent(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct ldb_result **_res) { TALLOC_CTX *tmp_ctx; static const char *attrs[] = SYSDB_PW_ATTRS; struct ldb_dn *base_dn; struct ldb_result *res; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_USER_BASE, domain->name); if (!base_dn) { ret = ENOMEM; goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, SYSDB_PWENT_FILTER); if (ret) { ret = sysdb_error_to_errno(ret); goto done; } *_res = talloc_steal(mem_ctx, res); done: talloc_zfree(tmp_ctx); return ret; } /* groups */ static int mpg_convert(struct ldb_message *msg) { struct ldb_message_element *el; struct ldb_val *val = NULL; int i; el = ldb_msg_find_element(msg, "objectClass"); if (!el) return EINVAL; /* see if this is a user to convert to a group */ for (i = 0; i < el->num_values; i++) { val = &(el->values[i]); if (strncasecmp(SYSDB_USER_CLASS, (char *)val->data, val->length) == 0) { break; } } /* no, leave as is */ if (i == el->num_values) return EOK; /* yes, convert */ val->data = (uint8_t *)talloc_strdup(msg, SYSDB_GROUP_CLASS); if (val->data == NULL) return ENOMEM; val->length = strlen(SYSDB_GROUP_CLASS); return EOK; } static int mpg_res_convert(struct ldb_result *res) { int ret; int i; for (i = 0; i < res->count; i++) { ret = mpg_convert(res->msgs[i]); if (ret) { return ret; } } return EOK; } int sysdb_getgrnam(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct ldb_result **_res) { TALLOC_CTX *tmp_ctx; static const char *attrs[] = SYSDB_GRSRC_ATTRS; const char *fmt_filter; char *sanitized_name; struct ldb_dn *base_dn; struct ldb_result *res; const char *src_name; char *lc_sanitized_name; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (domain->mpg) { fmt_filter = SYSDB_GRNAM_MPG_FILTER; base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, domain->name); } else { fmt_filter = SYSDB_GRNAM_FILTER; base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_GROUP_BASE, domain->name); } if (!base_dn) { ret = ENOMEM; goto done; } /* If this is a subomain we need to use fully qualified names for the * search as well by default */ src_name = sss_get_domain_name(tmp_ctx, name, domain); if (!src_name) { ret = ENOMEM; goto done; } ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain, &sanitized_name, &lc_sanitized_name); if (ret != EOK) { goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, fmt_filter, lc_sanitized_name, sanitized_name, sanitized_name); if (ret) { ret = sysdb_error_to_errno(ret); goto done; } ret = mpg_res_convert(res); if (ret) { goto done; } *_res = talloc_steal(mem_ctx, res); done: talloc_zfree(tmp_ctx); return ret; } int sysdb_getgrgid(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, gid_t gid, struct ldb_result **_res) { TALLOC_CTX *tmp_ctx; unsigned long int ul_gid = gid; static const char *attrs[] = SYSDB_GRSRC_ATTRS; const char *fmt_filter; struct ldb_dn *base_dn; struct ldb_result *res; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (domain->mpg) { fmt_filter = SYSDB_GRGID_MPG_FILTER; base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, domain->name); } else { fmt_filter = SYSDB_GRGID_FILTER; base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_GROUP_BASE, domain->name); } if (!base_dn) { ret = ENOMEM; goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, fmt_filter, ul_gid); if (ret) { ret = sysdb_error_to_errno(ret); goto done; } ret = mpg_res_convert(res); if (ret) { goto done; } *_res = talloc_steal(mem_ctx, res); done: talloc_zfree(tmp_ctx); return ret; } int sysdb_enumgrent(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct ldb_result **_res) { TALLOC_CTX *tmp_ctx; static const char *attrs[] = SYSDB_GRSRC_ATTRS; const char *fmt_filter; struct ldb_dn *base_dn; struct ldb_result *res; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (domain->mpg) { fmt_filter = SYSDB_GRENT_MPG_FILTER; base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, domain->name); } else { fmt_filter = SYSDB_GRENT_FILTER; base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_GROUP_BASE, domain->name); } if (!base_dn) { ret = ENOMEM; goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, "%s", fmt_filter); if (ret) { ret = sysdb_error_to_errno(ret); goto done; } ret = mpg_res_convert(res); if (ret) { goto done; } *_res = talloc_steal(mem_ctx, res); done: talloc_zfree(tmp_ctx); return ret; } int sysdb_initgroups(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, struct ldb_result **_res) { TALLOC_CTX *tmp_ctx; struct ldb_result *res; struct ldb_dn *user_dn; struct ldb_request *req; struct ldb_control **ctrl; struct ldb_asq_control *control; static const char *attrs[] = SYSDB_INITGR_ATTRS; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_getpwnam(tmp_ctx, sysdb, domain, name, &res); if (ret != EOK) { DEBUG(1, ("sysdb_getpwnam failed: [%d][%s]\n", ret, strerror(ret))); goto done; } if (res->count == 0) { /* User is not cached yet */ *_res = talloc_steal(mem_ctx, res); ret = EOK; goto done; } else if (res->count != 1) { ret = EIO; DEBUG(1, ("sysdb_getpwnam returned count: [%d]\n", res->count)); goto done; } /* no need to steal the dn, we are not freeing the result */ user_dn = res->msgs[0]->dn; /* note we count on the fact that the default search callback * will just keep appending values. This is by design and can't * change so it is ok to already have a result (from the getpwnam) * even before we call the next search */ ctrl = talloc_array(tmp_ctx, struct ldb_control *, 2); if (!ctrl) { ret = ENOMEM; goto done; } ctrl[1] = NULL; ctrl[0] = talloc(ctrl, struct ldb_control); if (!ctrl[0]) { ret = ENOMEM; goto done; } ctrl[0]->oid = LDB_CONTROL_ASQ_OID; ctrl[0]->critical = 1; control = talloc(ctrl[0], struct ldb_asq_control); if (!control) { ret = ENOMEM; goto done; } control->request = 1; control->source_attribute = talloc_strdup(control, SYSDB_INITGR_ATTR); if (!control->source_attribute) { ret = ENOMEM; goto done; } control->src_attr_len = strlen(control->source_attribute); ctrl[0]->data = control; ret = ldb_build_search_req(&req, sysdb->ldb, tmp_ctx, user_dn, LDB_SCOPE_BASE, SYSDB_INITGR_FILTER, attrs, ctrl, res, ldb_search_default_callback, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = ldb_request(sysdb->ldb, req); if (ret == LDB_SUCCESS) { ret = ldb_wait(req->handle, LDB_WAIT_ALL); } if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } *_res = talloc_steal(mem_ctx, res); done: talloc_zfree(tmp_ctx); return ret; } int sysdb_get_user_attr(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **attributes, struct ldb_result **_res) { TALLOC_CTX *tmp_ctx; struct ldb_dn *base_dn; struct ldb_result *res; char *sanitized_name; char *lc_sanitized_name; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_USER_BASE, domain->name); if (!base_dn) { ret = ENOMEM; goto done; } ret = sss_filter_sanitize_for_dom(tmp_ctx, name, domain, &sanitized_name, &lc_sanitized_name); if (ret != EOK) { goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attributes, SYSDB_PWNAM_FILTER, lc_sanitized_name, sanitized_name, sanitized_name); if (ret) { ret = sysdb_error_to_errno(ret); goto done; } *_res = talloc_steal(mem_ctx, res); done: talloc_zfree(tmp_ctx); return ret; } /* This function splits a three-tuple into three strings * It assumes that any whitespace between the parentheses * and commas are intentional and does not attempt to * strip them out. Leading and trailing whitespace is * ignored. * * This behavior is compatible with nss_ldap's * implementation. */ static errno_t sysdb_netgr_split_triple(TALLOC_CTX *mem_ctx, const char *triple, char **hostname, char **username, char **domainname) { errno_t ret; TALLOC_CTX *tmp_ctx; const char *p = triple; const char *p_host; const char *p_user; const char *p_domain; size_t len; char *host = NULL; char *user = NULL; char *domain = NULL; /* Pre-set the values to NULL here so if they are not * copied, we don't return garbage below. */ *hostname = NULL; *username = NULL; *domainname = NULL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } /* Remove any leading whitespace */ while (*p && isspace(*p)) p++; if (*p != '(') { /* Triple must start and end with parentheses */ ret = EINVAL; goto done; } p++; p_host = p; /* Find the first comma */ while (*p && *p != ',') p++; if (!*p) { /* No comma was found: parse error */ ret = EINVAL; goto done; } len = p - p_host; if (len > 0) { /* Copy the host string */ host = talloc_strndup(tmp_ctx, p_host, len); if (!host) { ret = ENOMEM; goto done; } } p++; p_user = p; /* Find the second comma */ while (*p && *p != ',') p++; if (!*p) { /* No comma was found: parse error */ ret = EINVAL; goto done; } len = p - p_user; if (len > 0) { /* Copy the user string */ user = talloc_strndup(tmp_ctx, p_user, len); if (!user) { ret = ENOMEM; goto done; } } p++; p_domain = p; /* Find the closing parenthesis */ while (*p && *p != ')') p++; if (*p != ')') { /* No trailing parenthesis: parse error */ ret = EINVAL; goto done; } len = p - p_domain; if (len > 0) { /* Copy the domain string */ domain = talloc_strndup(tmp_ctx, p_domain, len); if (!domain) { ret = ENOMEM; goto done; } } p++; /* skip trailing whitespace */ while (*p && isspace(*p)) p++; if (*p) { /* Extra data after the closing parenthesis * is a parse error */ ret = EINVAL; goto done; } /* Return any non-NULL values */ if (host) { *hostname = talloc_steal(mem_ctx, host); } if (user) { *username = talloc_steal(mem_ctx, user); } if (domain) { *domainname = talloc_steal(mem_ctx, domain); } ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx, struct ldb_result *res, struct sysdb_netgroup_ctx ***entries) { errno_t ret; size_t size = 0; size_t c = 0; char *triple_str; TALLOC_CTX *tmp_ctx; struct sysdb_netgroup_ctx **tmp_entry = NULL; struct ldb_message_element *el; int i, j; if(!res || res->count == 0) { return ENOENT; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } for (i=0; i < res->count; i++) { el = ldb_msg_find_element(res->msgs[i], SYSDB_NETGROUP_TRIPLE); if (el != NULL) { size += el->num_values; } el = ldb_msg_find_element(res->msgs[i], SYSDB_NETGROUP_MEMBER); if (el != NULL) { size += el->num_values; } } tmp_entry = talloc_array(tmp_ctx, struct sysdb_netgroup_ctx *, size + 1); if (tmp_entry == NULL) { ret = ENOMEM; goto done; } if (size != 0) { for (i=0; i < res->count; i++) { el = ldb_msg_find_element(res->msgs[i], SYSDB_NETGROUP_TRIPLE); if (el != NULL) { /* Copy in all of the entries */ for(j = 0; j < el->num_values; j++) { triple_str = talloc_strndup(tmp_ctx, (const char *)el->values[j].data, el->values[j].length); if (!triple_str) { ret = ENOMEM; goto done; } tmp_entry[c] = talloc_zero(tmp_entry, struct sysdb_netgroup_ctx); if (!tmp_entry[c]) { ret = ENOMEM; goto done; } tmp_entry[c]->type = SYSDB_NETGROUP_TRIPLE_VAL; ret = sysdb_netgr_split_triple(tmp_entry[c], triple_str, &tmp_entry[c]->value.triple.hostname, &tmp_entry[c]->value.triple.username, &tmp_entry[c]->value.triple.domainname); if (ret != EOK) { DEBUG(SSSDBG_IMPORTANT_INFO, ("Cannot split netgroup triple [%s], " "this attribute will be skipped \n", triple_str)); continue; } c++; } } el = ldb_msg_find_element(res->msgs[i], SYSDB_NETGROUP_MEMBER); if (el != NULL) { for(j = 0; j < el->num_values; j++) { tmp_entry[c] = talloc_zero(tmp_entry, struct sysdb_netgroup_ctx); if (!tmp_entry[c]) { ret = ENOMEM; goto done; } tmp_entry[c]->type = SYSDB_NETGROUP_GROUP_VAL; tmp_entry[c]->value.groupname = talloc_strndup(tmp_entry[c], (const char *)el->values[j].data, el->values[j].length); if (tmp_entry[c]->value.groupname == NULL) { ret = ENOMEM; goto done; } c++; } } } } /* Add NULL terminator */ tmp_entry[c] = NULL; *entries = talloc_steal(mem_ctx, tmp_entry); ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_getnetgr(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *netgroup, struct ldb_result **res) { TALLOC_CTX *tmp_ctx; static const char *attrs[] = SYSDB_NETGR_ATTRS; struct ldb_dn *base_dn; struct ldb_result *result; char *sanitized_netgroup; char *lc_sanitized_netgroup; char *netgroup_dn; int lret; errno_t ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_NETGROUP_BASE, domain->name); if (!base_dn) { ret = ENOMEM; goto done; } ret = sss_filter_sanitize_for_dom(tmp_ctx, netgroup, domain, &sanitized_netgroup, &lc_sanitized_netgroup); if (ret != EOK) { goto done; } netgroup_dn = talloc_asprintf(tmp_ctx, SYSDB_TMPL_NETGROUP, sanitized_netgroup, domain->name); if (!netgroup_dn) { ret = ENOMEM; goto done; } lret = ldb_search(sysdb->ldb, tmp_ctx, &result, base_dn, LDB_SCOPE_SUBTREE, attrs, SYSDB_NETGR_TRIPLES_FILTER, lc_sanitized_netgroup, sanitized_netgroup, sanitized_netgroup, netgroup_dn); ret = sysdb_error_to_errno(lret); if (ret != EOK) { goto done; } *res = talloc_steal(mem_ctx, result); ret = EOK; done: talloc_zfree(tmp_ctx); return ret; } int sysdb_get_netgroup_attr(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *netgrname, const char **attributes, struct ldb_result **res) { TALLOC_CTX *tmp_ctx; struct ldb_dn *base_dn; struct ldb_result *result; char *sanitized_netgroup; char *lc_sanitized_netgroup; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_NETGROUP_BASE, domain->name); if (!base_dn) { ret = ENOMEM; goto done; } ret = sss_filter_sanitize_for_dom(tmp_ctx, netgrname, domain, &sanitized_netgroup, &lc_sanitized_netgroup); if (ret != EOK) { goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &result, base_dn, LDB_SCOPE_SUBTREE, attributes, SYSDB_NETGR_FILTER, lc_sanitized_netgroup, sanitized_netgroup, sanitized_netgroup); if (ret) { ret = sysdb_error_to_errno(ret); goto done; } *res = talloc_steal(mem_ctx, result); done: talloc_zfree(tmp_ctx); return ret; } errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, enum sysdb_member_type mtype, const char *name, char ***_direct_parents) { errno_t ret; const char *dn; char *sanitized_dn; struct ldb_dn *basedn; static const char *group_attrs[] = { SYSDB_NAME, NULL }; const char *member_filter; size_t direct_sysdb_count = 0; struct ldb_message **direct_sysdb_groups = NULL; char **direct_parents = NULL; TALLOC_CTX *tmp_ctx = NULL; int i, pi; const char *tmp_str; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; if (mtype == SYSDB_MEMBER_USER) { dn = sysdb_user_strdn(tmp_ctx, dom->name, name); } else if (mtype == SYSDB_MEMBER_GROUP) { dn = sysdb_group_strdn(tmp_ctx, dom->name, name); } else { DEBUG(1, ("Unknown member type\n")); ret = EINVAL; goto done; } if (!dn) { ret = ENOMEM; goto done; } ret = sss_filter_sanitize(tmp_ctx, dn, &sanitized_dn); if (ret != EOK) { goto done; } member_filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)(%s=%s))", SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS, SYSDB_MEMBER, sanitized_dn); if (!member_filter) { ret = ENOMEM; goto done; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb_ctx_get_ldb(sysdb), SYSDB_TMPL_GROUP_BASE, dom->name); if (!basedn) { ret = ENOMEM; goto done; } DEBUG(8, ("searching sysdb with filter [%s]\n", member_filter)); ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, member_filter, group_attrs, &direct_sysdb_count, &direct_sysdb_groups); if (ret == ENOENT) { direct_sysdb_count = 0; } else if (ret != EOK && ret != ENOENT) { DEBUG(2, ("sysdb_search_entry failed: [%d]: %s\n", ret, strerror(ret))); goto done; } /* EOK */ /* Get the list of sysdb groups by name */ direct_parents = talloc_array(tmp_ctx, char *, direct_sysdb_count+1); if (!direct_parents) { ret = ENOMEM; goto done; } pi = 0; for(i = 0; i < direct_sysdb_count; i++) { tmp_str = ldb_msg_find_attr_as_string(direct_sysdb_groups[i], SYSDB_NAME, NULL); if (!tmp_str) { /* This should never happen, but if it does, just continue */ continue; } direct_parents[pi] = talloc_strdup(direct_parents, tmp_str); if (!direct_parents[pi]) { DEBUG(1, ("A group with no name?\n")); ret = EIO; goto done; } pi++; } direct_parents[pi] = NULL; DEBUG(SSSDBG_TRACE_LIBS, ("%s is a member of %zu sysdb groups\n", name, direct_sysdb_count)); *_direct_parents = talloc_steal(mem_ctx, direct_parents); ret = EOK; done: talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_upgrade.c0000644000000000000000000000007312320753107017725 xustar000000000000000029 atime=1396954939.25489144 30 ctime=1396954961.660874946 sssd-1.11.5/src/db/sysdb_upgrade.c0000664002412700241270000012167712320753107020166 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Simo Sorce Stephen Gallagher Copyright (C) 2008-2011 Simo Sorce Copyright (C) 2008-2011 Stephen Gallagher This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb_private.h" #include "db/sysdb_autofs.h" struct upgrade_ctx { struct ldb_context *ldb; const char *new_version; }; static errno_t commence_upgrade(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const char *new_ver, struct upgrade_ctx **_ctx) { struct upgrade_ctx *ctx; int ret; DEBUG(SSSDBG_CRIT_FAILURE, ("UPGRADING DB TO VERSION %s\n", new_ver)); ctx = talloc(mem_ctx, struct upgrade_ctx); if (!ctx) { return ENOMEM; } ctx->ldb = ldb; ctx->new_version = new_ver; ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } ret = EOK; done: if (ret != EOK) { talloc_free(ctx); } else { *_ctx = ctx; } return ret; } static errno_t update_version(struct upgrade_ctx *ctx) { struct ldb_message *msg = NULL; errno_t ret; msg = ldb_msg_new(ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new(msg, ctx->ldb, SYSDB_BASE); if (!msg->dn) { ret = ENOMEM; goto done; } ret = ldb_msg_add_empty(msg, "version", LDB_FLAG_MOD_REPLACE, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "version", ctx->new_version); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_modify(ctx->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = EOK; done: talloc_free(msg); return ret; } static int finish_upgrade(int ret, struct upgrade_ctx **ctx, const char **ver) { int lret; if (ret == EOK) { lret = ldb_transaction_commit((*ctx)->ldb); ret = sysdb_error_to_errno(lret); if (ret == EOK) { *ver = (*ctx)->new_version; } } if (ret != EOK) { lret = ldb_transaction_cancel((*ctx)->ldb); if (lret != LDB_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction! [%s]\n", ldb_strerror(lret))); /* Do not overwrite ret here, we want to return * the original failure, not the failure of the * transaction cancellation. */ } } talloc_zfree(*ctx); return ret; } /* serach all groups that have a memberUid attribute. * change it into a member attribute for a user of same domain. * remove the memberUid attribute * add the new member attribute * finally stop indexing memberUid * upgrade version to 0.2 */ int sysdb_upgrade_01(struct ldb_context *ldb, const char **ver) { struct ldb_message_element *el; struct ldb_result *res; struct ldb_dn *basedn; struct ldb_dn *mem_dn; struct ldb_message *msg; const struct ldb_val *val; const char *filter = "(&(memberUid=*)(objectclass=group))"; const char *attrs[] = { "memberUid", NULL }; const char *mdn; char *domain; int ret, i, j; TALLOC_CTX *tmp_ctx; struct upgrade_ctx *ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = commence_upgrade(tmp_ctx, ldb, SYSDB_VERSION_0_2, &ctx); if (ret) { talloc_free(tmp_ctx); return ret; } basedn = ldb_dn_new(tmp_ctx, ldb, SYSDB_BASE); if (!basedn) { ret = EIO; goto done; } ret = ldb_search(ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE, attrs, "%s", filter); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } for (i = 0; i < res->count; i++) { el = ldb_msg_find_element(res->msgs[i], "memberUid"); if (!el) { DEBUG(1, ("memberUid is missing from message [%s], skipping\n", ldb_dn_get_linearized(res->msgs[i]->dn))); continue; } /* create modification message */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = res->msgs[i]->dn; ret = ldb_msg_add_empty(msg, "memberUid", LDB_FLAG_MOD_DELETE, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_empty(msg, SYSDB_MEMBER, LDB_FLAG_MOD_ADD, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } /* get domain name component value */ val = ldb_dn_get_component_val(res->msgs[i]->dn, 2); domain = talloc_strndup(tmp_ctx, (const char *)val->data, val->length); if (!domain) { ret = ENOMEM; goto done; } for (j = 0; j < el->num_values; j++) { mem_dn = ldb_dn_new_fmt(tmp_ctx, ldb, SYSDB_TMPL_USER, (const char *)el->values[j].data, domain); if (!mem_dn) { ret = ENOMEM; goto done; } mdn = talloc_strdup(msg, ldb_dn_get_linearized(mem_dn)); if (!mdn) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, SYSDB_MEMBER, mdn); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } talloc_zfree(mem_dn); } /* ok now we are ready to modify the entry */ ret = ldb_modify(ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } talloc_zfree(msg); } /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); talloc_free(tmp_ctx); return ret; } int sysdb_check_upgrade_02(struct sss_domain_info *domains, const char *db_path) { TALLOC_CTX *tmp_ctx = NULL; struct ldb_context *ldb; char *ldb_file; struct sysdb_ctx *sysdb; struct sss_domain_info *dom; struct ldb_message_element *el; struct ldb_message *msg; struct ldb_result *res; struct ldb_dn *verdn; const char *version = NULL; bool do_02_upgrade = false; bool ctx_trans = false; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_get_db_file(tmp_ctx, "local", "UPGRADE", db_path, &ldb_file); if (ret != EOK) { goto exit; } ret = sysdb_ldb_connect(tmp_ctx, ldb_file, &ldb); if (ret != EOK) { DEBUG(1, ("sysdb_ldb_connect failed.\n")); return ret; } verdn = ldb_dn_new(tmp_ctx, ldb, SYSDB_BASE); if (!verdn) { ret = EIO; goto exit; } ret = ldb_search(ldb, tmp_ctx, &res, verdn, LDB_SCOPE_BASE, NULL, NULL); if (ret != LDB_SUCCESS) { ret = EIO; goto exit; } if (res->count > 1) { ret = EIO; goto exit; } if (res->count == 1) { el = ldb_msg_find_element(res->msgs[0], "version"); if (el) { if (el->num_values != 1) { ret = EINVAL; goto exit; } version = talloc_strndup(tmp_ctx, (char *)(el->values[0].data), el->values[0].length); if (!version) { ret = ENOMEM; goto exit; } if (strcmp(version, SYSDB_VERSION) == 0) { /* all fine, return */ ret = EOK; goto exit; } DEBUG(4, ("Upgrading DB from version: %s\n", version)); if (strcmp(version, SYSDB_VERSION_0_1) == 0) { /* convert database */ ret = sysdb_upgrade_01(ldb, &version); if (ret != EOK) goto exit; } if (strcmp(version, SYSDB_VERSION_0_2) == 0) { /* need to convert database to split files */ do_02_upgrade = true; } } } if (!do_02_upgrade) { /* not a v2 upgrade, return and let the normal code take over any * further upgrade */ ret = EOK; goto exit; } /* == V2->V3 UPGRADE == */ DEBUG(0, ("UPGRADING DB TO VERSION %s\n", SYSDB_VERSION_0_3)); /* ldb uses posix locks, * posix is stupid and kills all locks when you close *any* file * descriptor associated to the same file. * Therefore we must close and reopen the ldb file here */ /* == Backup and reopen ldb == */ /* close */ talloc_zfree(ldb); /* backup*/ ret = backup_file(ldb_file, 0); if (ret != EOK) { goto exit; } /* reopen */ ret = sysdb_ldb_connect(tmp_ctx, ldb_file, &ldb); if (ret != EOK) { DEBUG(1, ("sysdb_ldb_connect failed.\n")); return ret; } /* open a transaction */ ret = ldb_transaction_start(ldb); if (ret != LDB_SUCCESS) { DEBUG(1, ("Failed to start ldb transaction! (%d)\n", ret)); ret = EIO; goto exit; } /* == Upgrade contents == */ for (dom = domains; dom; dom = dom->next) { struct ldb_dn *domain_dn; struct ldb_dn *users_dn; struct ldb_dn *groups_dn; int i; /* skip local */ if (strcasecmp(dom->provider, "local") == 0) { continue; } /* create new dom db */ ret = sysdb_domain_init_internal(tmp_ctx, dom, db_path, false, &sysdb); if (ret != EOK) { goto done; } ret = ldb_transaction_start(sysdb->ldb); if (ret != LDB_SUCCESS) { DEBUG(1, ("Failed to start ldb transaction! (%d)\n", ret)); ret = EIO; goto done; } ctx_trans = true; /* search all entries for this domain in local, * copy them all in the new database, * then remove them from local */ domain_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, dom->name); if (!domain_dn) { ret = ENOMEM; goto done; } ret = ldb_search(ldb, tmp_ctx, &res, domain_dn, LDB_SCOPE_SUBTREE, NULL, NULL); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } users_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_USER_BASE, dom->name); if (!users_dn) { ret = ENOMEM; goto done; } groups_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_GROUP_BASE, dom->name); if (!groups_dn) { ret = ENOMEM; goto done; } for (i = 0; i < res->count; i++) { struct ldb_dn *orig_dn; msg = res->msgs[i]; /* skip pre-created congtainers */ if ((ldb_dn_compare(msg->dn, domain_dn) == 0) || (ldb_dn_compare(msg->dn, users_dn) == 0) || (ldb_dn_compare(msg->dn, groups_dn) == 0)) { continue; } /* regenerate the DN against the new ldb as it may have different * casefolding rules (example: name changing from case insensitive * to case sensitive) */ orig_dn = msg->dn; msg->dn = ldb_dn_new(msg, sysdb->ldb, ldb_dn_get_linearized(orig_dn)); if (!msg->dn) { ret = ENOMEM; goto done; } ret = ldb_add(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { DEBUG(0, ("WARNING: Could not add entry %s," " to new ldb file! (%d [%s])\n", ldb_dn_get_linearized(msg->dn), ret, ldb_errstring(sysdb->ldb))); } ret = ldb_delete(ldb, orig_dn); if (ret != LDB_SUCCESS) { DEBUG(0, ("WARNING: Could not remove entry %s," " from old ldb file! (%d [%s])\n", ldb_dn_get_linearized(orig_dn), ret, ldb_errstring(ldb))); } } /* now remove the basic containers from local */ /* these were optional so debug at level 9 in case * of failure just for tracing */ ret = ldb_delete(ldb, groups_dn); if (ret != LDB_SUCCESS) { DEBUG(9, ("WARNING: Could not remove entry %s," " from old ldb file! (%d [%s])\n", ldb_dn_get_linearized(groups_dn), ret, ldb_errstring(ldb))); } ret = ldb_delete(ldb, users_dn); if (ret != LDB_SUCCESS) { DEBUG(9, ("WARNING: Could not remove entry %s," " from old ldb file! (%d [%s])\n", ldb_dn_get_linearized(users_dn), ret, ldb_errstring(ldb))); } ret = ldb_delete(ldb, domain_dn); if (ret != LDB_SUCCESS) { DEBUG(9, ("WARNING: Could not remove entry %s," " from old ldb file! (%d [%s])\n", ldb_dn_get_linearized(domain_dn), ret, ldb_errstring(ldb))); } ret = ldb_transaction_commit(sysdb->ldb); if (ret != LDB_SUCCESS) { DEBUG(1, ("Failed to commit ldb transaction! (%d)\n", ret)); ret = EIO; goto done; } ctx_trans = false; talloc_zfree(domain_dn); talloc_zfree(groups_dn); talloc_zfree(users_dn); talloc_zfree(res); } /* conversion done, upgrade version number */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new(tmp_ctx, ldb, SYSDB_BASE); if (!msg->dn) { ret = ENOMEM; goto done; } ret = ldb_msg_add_empty(msg, "version", LDB_FLAG_MOD_REPLACE, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "version", SYSDB_VERSION_0_3); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_modify(ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } ret = ldb_transaction_commit(ldb); if (ret != LDB_SUCCESS) { DEBUG(1, ("Failed to commit ldb transaction! (%d)\n", ret)); ret = EIO; goto exit; } ret = EOK; done: if (ret != EOK) { if (ctx_trans) { ret = ldb_transaction_cancel(sysdb->ldb); if (ret != LDB_SUCCESS) { DEBUG(1, ("Failed to cancel ldb transaction! (%d)\n", ret)); } } ret = ldb_transaction_cancel(ldb); if (ret != LDB_SUCCESS) { DEBUG(1, ("Failed to cancel ldb transaction! (%d)\n", ret)); } } exit: talloc_free(tmp_ctx); return ret; } int sysdb_upgrade_03(struct sysdb_ctx *sysdb, const char **ver) { TALLOC_CTX *tmp_ctx; int ret; struct ldb_message *msg; struct upgrade_ctx *ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_4, &ctx); if (ret) { return ret; } /* Make this database case-sensitive */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@ATTRIBUTES"); if (!msg->dn) { ret = ENOMEM; goto done; } ret = ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_DELETE, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_modify(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); talloc_free(tmp_ctx); return ret; } int sysdb_upgrade_04(struct sysdb_ctx *sysdb, const char **ver) { TALLOC_CTX *tmp_ctx; int ret; struct ldb_message *msg; struct upgrade_ctx *ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_5, &ctx); if (ret) { return ret; } /* Add new index */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST"); if (!msg->dn) { ret = ENOMEM; goto done; } ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "@IDXATTR", "originalDN"); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_modify(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } /* Rebuild memberuid and memberoif attributes */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@MEMBEROF-REBUILD"); if (!msg->dn) { ret = ENOMEM; goto done; } ret = ldb_add(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); talloc_free(tmp_ctx); return ret; } int sysdb_upgrade_05(struct sysdb_ctx *sysdb, const char **ver) { TALLOC_CTX *tmp_ctx; int ret; struct ldb_message *msg; struct upgrade_ctx *ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_6, &ctx); if (ret) { return ret; } /* Add new indexes */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST"); if (!msg->dn) { ret = ENOMEM; goto done; } /* Add Index for dataExpireTimestamp */ ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "@IDXATTR", "dataExpireTimestamp"); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } /* Add index to speed up ONELEVEL searches */ ret = ldb_msg_add_empty(msg, "@IDXONE", LDB_FLAG_MOD_ADD, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "@IDXONE", "1"); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_modify(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); talloc_free(tmp_ctx); return ret; } int sysdb_upgrade_06(struct sysdb_ctx *sysdb, const char **ver) { TALLOC_CTX *tmp_ctx; int ret; struct ldb_message *msg; struct upgrade_ctx *ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_7, &ctx); if (ret) { return ret; } /* Add new indexes */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@ATTRIBUTES"); if (!msg->dn) { ret = ENOMEM; goto done; } /* Case insensitive search for originalDN */ ret = ldb_msg_add_empty(msg, SYSDB_ORIG_DN, LDB_FLAG_MOD_ADD, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, SYSDB_ORIG_DN, "CASE_INSENSITIVE"); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_modify(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); talloc_free(tmp_ctx); return ret; } int sysdb_upgrade_07(struct sysdb_ctx *sysdb, const char **ver) { TALLOC_CTX *tmp_ctx; int ret; struct ldb_message *msg; struct upgrade_ctx *ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_8, &ctx); if (ret) { return ret; } /* Add new indexes */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST"); if (!msg->dn) { ret = ENOMEM; goto done; } /* Add Index for nameAlias */ ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "@IDXATTR", "nameAlias"); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_modify(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); talloc_free(tmp_ctx); return ret; } int sysdb_upgrade_08(struct sysdb_ctx *sysdb, const char **ver) { TALLOC_CTX *tmp_ctx; int ret; struct ldb_message *msg; struct upgrade_ctx *ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_9, &ctx); if (ret) { return ret; } /* Add new indexes */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST"); if (!msg->dn) { ret = ENOMEM; goto done; } /* Add Index for servicePort and serviceProtocol */ ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "@IDXATTR", "servicePort"); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "@IDXATTR", "serviceProtocol"); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_modify(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); talloc_free(tmp_ctx); return ret; } int sysdb_upgrade_09(struct sysdb_ctx *sysdb, const char **ver) { TALLOC_CTX *tmp_ctx; int ret; struct ldb_message *msg; struct upgrade_ctx *ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_10, &ctx); if (ret) { return ret; } /* Add new indexes */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST"); if (!msg->dn) { ret = ENOMEM; goto done; } /* Add Index for servicePort and serviceProtocol */ ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "@IDXATTR", "sudoUser"); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_modify(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); talloc_free(tmp_ctx); return ret; } int sysdb_upgrade_10(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char **ver) { TALLOC_CTX *tmp_ctx; int ret; struct ldb_result *res; struct ldb_message *msg; struct ldb_message *user; struct ldb_message_element *memberof_el; const char *name; struct ldb_dn *basedn; const char *filter = "(&(objectClass=user)(!(uidNumber=*))(memberOf=*))"; const char *attrs[] = { "name", "memberof", NULL }; struct upgrade_ctx *ctx; int i, j; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_11, &ctx); if (ret) { return ret; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_USER_BASE, domain->name); if (basedn == NULL) { ret = EIO; goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE, attrs, "%s", filter); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } for (i = 0; i < res->count; i++) { user = res->msgs[i]; memberof_el = ldb_msg_find_element(user, "memberof"); name = ldb_msg_find_attr_as_string(user, "name", NULL); if (name == NULL) { ret = EIO; goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("User [%s] is a member of %d groups\n", name, memberof_el->num_values)); for (j = 0; j < memberof_el->num_values; j++) { msg = ldb_msg_new(tmp_ctx); if (msg == NULL) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_from_ldb_val(tmp_ctx, sysdb->ldb, &memberof_el->values[j]); if (msg->dn == NULL) { ret = ENOMEM; goto done; } if (!ldb_dn_validate(msg->dn)) { DEBUG(SSSDBG_MINOR_FAILURE, ("DN validation failed during " "upgrade: [%s]\n", memberof_el->values[j].data)); talloc_zfree(msg); continue; } ret = ldb_msg_add_empty(msg, "ghost", LDB_FLAG_MOD_ADD, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "ghost", name); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Adding ghost [%s] to entry [%s]\n", name, ldb_dn_get_linearized(msg->dn))); ret = sss_ldb_modify_permissive(sysdb->ldb, msg); talloc_zfree(msg); if (ret == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) { /* If we failed adding the ghost user(s) because the values already * exist, they were probably propagated from a parent that was * upgraded before us. Mark the group as expired so that it is * refreshed on next request. */ msg = ldb_msg_new(tmp_ctx); if (msg == NULL) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_from_ldb_val(tmp_ctx, sysdb->ldb, &memberof_el->values[j]); if (msg->dn == NULL) { ret = ENOMEM; goto done; } ret = ldb_msg_add_empty(msg, SYSDB_CACHE_EXPIRE, LDB_FLAG_MOD_REPLACE, NULL); if (ret != LDB_SUCCESS) { goto done; } ret = ldb_msg_add_string(msg, SYSDB_CACHE_EXPIRE, "1"); if (ret != LDB_SUCCESS) { goto done; } ret = sss_ldb_modify_permissive(sysdb->ldb, msg); talloc_zfree(msg); if (ret != LDB_SUCCESS) { goto done; } } else if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } } DEBUG(SSSDBG_TRACE_FUNC, ("Removing fake user [%s]\n", ldb_dn_get_linearized(user->dn))); ret = ldb_delete(sysdb->ldb, user->dn); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } } /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); talloc_free(tmp_ctx); return ret; } int sysdb_upgrade_11(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char **ver) { TALLOC_CTX *tmp_ctx; errno_t ret; struct ldb_result *res; struct ldb_message *entry; const char *key; const char *value; struct ldb_message_element *memberof_el; struct ldb_dn *memberof_dn; struct ldb_dn *basedn; const struct ldb_val *val; const char *attrs[] = { SYSDB_AUTOFS_ENTRY_KEY, SYSDB_AUTOFS_ENTRY_VALUE, SYSDB_MEMBEROF, NULL }; struct upgrade_ctx *ctx; size_t i, j; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_12, &ctx); if (ret) { return ret; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE, AUTOFS_ENTRY_SUBDIR, domain->name); if (basedn == NULL) { ret = ENOMEM; goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE, attrs, "(objectClass=%s)", SYSDB_AUTOFS_ENTRY_OC); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Found %d autofs entries\n", res->count)); for (i = 0; i < res->count; i++) { entry = res->msgs[i]; key = ldb_msg_find_attr_as_string(entry, SYSDB_AUTOFS_ENTRY_KEY, NULL); value = ldb_msg_find_attr_as_string(entry, SYSDB_AUTOFS_ENTRY_VALUE, NULL); memberof_el = ldb_msg_find_element(entry, SYSDB_MEMBEROF); if (key && value && memberof_el) { for (j = 0; j < memberof_el->num_values; j++) { memberof_dn = ldb_dn_from_ldb_val(tmp_ctx, sysdb->ldb, &(memberof_el->values[j])); if (!memberof_dn) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot convert memberof into DN, skipping\n")); continue; } val = ldb_dn_get_rdn_val(memberof_dn); if (!val) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot get map name from map DN\n")); continue; } ret = sysdb_save_autofsentry(sysdb, domain, (const char *) val->data, key, value, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot save autofs entry [%s]-[%s] into map %s\n", key, value, val->data)); continue; } } } /* Delete the old entry if it was either processed or incomplete */ DEBUG(SSSDBG_TRACE_LIBS, ("Deleting [%s]\n", ldb_dn_get_linearized(entry->dn))); ret = ldb_delete(sysdb->ldb, entry->dn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot delete old autofs entry %s\n", ldb_dn_get_linearized(entry->dn))); continue; } } /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); talloc_free(tmp_ctx); return ret; } int sysdb_upgrade_12(struct sysdb_ctx *sysdb, const char **ver) { TALLOC_CTX *tmp_ctx; int ret; struct ldb_message *msg; struct upgrade_ctx *ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_13, &ctx); if (ret) { return ret; } /* add new indexes */ msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST"); if (!msg->dn) { ret = ENOMEM; goto done; } /* add index for sshKnownHostsExpire */ ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "@IDXATTR", "sshKnownHostsExpire"); if (ret != LDB_SUCCESS) { ret = ENOMEM; goto done; } ret = ldb_modify(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); talloc_free(tmp_ctx); return ret; } int sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char **ver) { struct upgrade_ctx *ctx; struct ldb_result *dom_res; struct ldb_result *res; struct ldb_dn *basedn; const char *attrs[] = { "cn", "name", NULL }; const char *tmp_str; errno_t ret; int i, j, l, n; ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_14, &ctx); if (ret) { return ret; } basedn = ldb_dn_new(ctx, sysdb->ldb, SYSDB_BASE); if (!basedn) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to build base dn\n")); ret = EIO; goto done; } ret = ldb_search(sysdb->ldb, ctx, &dom_res, basedn, LDB_SCOPE_ONELEVEL, attrs, "objectclass=%s", SYSDB_SUBDOMAIN_CLASS); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to search subdomains\n")); ret = EIO; goto done; } for (i = 0; i < dom_res->count; i++) { tmp_str = ldb_msg_find_attr_as_string(dom_res->msgs[i], "cn", NULL); if (tmp_str == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("The object [%s] doesn't have a name\n", ldb_dn_get_linearized(dom_res->msgs[i]->dn))); continue; } basedn = ldb_dn_new_fmt(ctx, sysdb->ldb, SYSDB_DOM_BASE, tmp_str); if (!basedn) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to build base dn for subdomain %s\n", tmp_str)); continue; } ret = ldb_search(sysdb->ldb, ctx, &res, basedn, LDB_SCOPE_SUBTREE, attrs, NULL); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to search subdomain %s\n", tmp_str)); talloc_free(basedn); continue; } l = ldb_dn_get_comp_num(basedn); for (j = 0; j < res->count; j++) { n = ldb_dn_get_comp_num(res->msgs[j]->dn); if (n <= l + 1) { /* Do not remove subdomain containers, only their contents */ continue; } ret = ldb_delete(sysdb->ldb, res->msgs[j]->dn); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to delete %s\n", ldb_dn_get_linearized(res->msgs[j]->dn))); continue; } } talloc_free(basedn); talloc_free(res); } talloc_free(dom_res); /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); return ret; } int sysdb_upgrade_14(struct sysdb_ctx *sysdb, const char **ver) { struct upgrade_ctx *ctx; struct ldb_message *msg; struct ldb_result *res; struct ldb_dn *basedn; struct ldb_dn *newdn; const char *attrs[] = { SYSDB_NAME, NULL }; const char *tmp_str; errno_t ret; int i; ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_15, &ctx); if (ret) { return ret; } basedn = ldb_dn_new(ctx, sysdb->ldb, SYSDB_BASE); if (!basedn) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to build base dn\n")); ret = EIO; goto done; } /* create base ranges container */ msg = ldb_msg_new(ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new(msg, sysdb->ldb, SYSDB_TMPL_RANGE_BASE); if (!msg->dn) { ret = ENOMEM; goto done; } ret = ldb_msg_add_string(msg, "cn", "ranges"); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } /* do a synchronous add */ ret = ldb_add(sysdb->ldb, msg); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to upgrade DB (%d, [%s])!\n", ret, ldb_errstring(sysdb->ldb))); ret = EIO; goto done; } talloc_zfree(msg); ret = ldb_search(sysdb->ldb, ctx, &res, basedn, LDB_SCOPE_SUBTREE, attrs, "objectclass=%s", SYSDB_ID_RANGE_CLASS); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to search range objects\n")); ret = EIO; goto done; } /* Failure to convert any range is not fatal. As long as there are no * left-over objects we can fail to move them around, as they will be * recreated on the next online access */ for (i = 0; i < res->count; i++) { tmp_str = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_NAME, NULL); if (tmp_str == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("The object [%s] doesn't have a name\n", ldb_dn_get_linearized(res->msgs[i]->dn))); ret = ldb_delete(sysdb->ldb, res->msgs[i]->dn); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to delete %s\n", ldb_dn_get_linearized(res->msgs[i]->dn))); ret = EIO; goto done; } continue; } newdn = ldb_dn_new_fmt(ctx, sysdb->ldb, SYSDB_TMPL_RANGE, tmp_str); if (!newdn) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create new DN to move [%s]\n", ldb_dn_get_linearized(res->msgs[i]->dn))); ret = ENOMEM; goto done; } ret = ldb_rename(sysdb->ldb, res->msgs[i]->dn, newdn); if (ret != LDB_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to move [%s] to [%s]\n", ldb_dn_get_linearized(res->msgs[i]->dn), ldb_dn_get_linearized(newdn))); ret = ldb_delete(sysdb->ldb, res->msgs[i]->dn); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to delete %s\n", ldb_dn_get_linearized(res->msgs[i]->dn))); ret = EIO; goto done; } } talloc_zfree(newdn); } /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); return ret; } /* * Example template for future upgrades. * Copy and change version numbers as appropriate. */ #if 0 int sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char **ver) { struct upgrade_ctx *ctx; errno_t ret; ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_14, &ctx); if (ret) { return ret; } /* DO STUFF HERE (use ctx, as the local temporary memory context) */ /* conversion done, update version number */ ret = update_version(ctx); done: ret = finish_upgrade(ret, &ctx, ver); return ret; } #endif sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_ssh.h0000644000000000000000000000007312320753107017100 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.458875095 sssd-1.11.5/src/db/sysdb_ssh.h0000664002412700241270000000441012320753107017322 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SYSDB_SSH_H_ #define _SYSDB_SSH_H_ #include "db/sysdb.h" #define SSH_HOSTS_SUBDIR "ssh_hosts" #define SYSDB_SSH_HOST_OC "sshHost" #define SYSDB_SSH_KNOWN_HOSTS_EXPIRE "sshKnownHostsExpire" errno_t sysdb_store_ssh_host(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char *alias, time_t now, struct sysdb_attrs *attrs); errno_t sysdb_update_ssh_known_host_expire(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, time_t now, int known_hosts_timeout); errno_t sysdb_delete_ssh_host(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name); errno_t sysdb_get_ssh_host(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **attrs, struct ldb_message **host); errno_t sysdb_get_ssh_known_hosts(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, time_t now, const char **attrs, struct ldb_message ***hosts, size_t *num_hosts); #endif /* _SYSDB_SSH_H_ */ sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_sudo.h0000644000000000000000000000007312320753107017255 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.454875098 sssd-1.11.5/src/db/sysdb_sudo.h0000664002412700241270000001066712320753107017512 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SYSDB_SUDO_H_ #define _SYSDB_SUDO_H_ #include "db/sysdb.h" /* subdirs in cn=custom in sysdb. We don't store sudo stuff in sysdb directly * b/c it's not name-service-switch data */ #define SUDORULE_SUBDIR "sudorules" /* attribute of SUDORULE_SUBDIR * should be true if we have downloaded all rules atleast once */ #define SYSDB_SUDO_AT_REFRESHED "refreshed" #define SYSDB_SUDO_AT_LAST_FULL_REFRESH "sudoLastFullRefreshTime" /* sysdb attributes */ #define SYSDB_SUDO_CACHE_OC "sudoRule" #define SYSDB_SUDO_CACHE_AT_CN "cn" #define SYSDB_SUDO_CACHE_AT_USER "sudoUser" #define SYSDB_SUDO_CACHE_AT_HOST "sudoHost" #define SYSDB_SUDO_CACHE_AT_COMMAND "sudoCommand" #define SYSDB_SUDO_CACHE_AT_OPTION "sudoOption" #define SYSDB_SUDO_CACHE_AT_RUNASUSER "sudoRunAsUser" #define SYSDB_SUDO_CACHE_AT_RUNASGROUP "sudoRunAsGroup" #define SYSDB_SUDO_CACHE_AT_NOTBEFORE "sudoNotBefore" #define SYSDB_SUDO_CACHE_AT_NOTAFTER "sudoNotAfter" #define SYSDB_SUDO_CACHE_AT_ORDER "sudoOrder" /* When constructing a sysdb filter, OR these values to include.. */ #define SYSDB_SUDO_FILTER_NONE 0x00 /* no additional filter */ #define SYSDB_SUDO_FILTER_USERNAME 0x01 /* username */ #define SYSDB_SUDO_FILTER_UID 0x02 /* uid */ #define SYSDB_SUDO_FILTER_GROUPS 0x04 /* groups */ #define SYSDB_SUDO_FILTER_NGRS 0x08 /* netgroups */ #define SYSDB_SUDO_FILTER_ONLY_EXPIRED 0x10 /* only expired */ #define SYSDB_SUDO_FILTER_INCLUDE_ALL 0x20 /* ALL */ #define SYSDB_SUDO_FILTER_INCLUDE_DFL 0x40 /* include cn=default */ #define SYSDB_SUDO_FILTER_USERINFO SYSDB_SUDO_FILTER_USERNAME \ | SYSDB_SUDO_FILTER_UID \ | SYSDB_SUDO_FILTER_GROUPS \ | SYSDB_SUDO_FILTER_NGRS errno_t sysdb_sudo_filter_rules_by_time(TALLOC_CTX *mem_ctx, uint32_t in_num_rules, struct sysdb_attrs **in_rules, time_t now, uint32_t *_num_rules, struct sysdb_attrs ***_rules); errno_t sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, uid_t uid, char **groupnames, unsigned int flags, char **_filter); errno_t sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *username, uid_t *_uid, char ***groupnames); errno_t sysdb_save_sudorule(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *attrs); errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, time_t value); errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, time_t *value); errno_t sysdb_sudo_purge_byname(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name); errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *filter); #endif /* _SYSDB_SUDO_H_ */ sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_selinux.c0000644000000000000000000000007312320753107017765 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.659874947 sssd-1.11.5/src/db/sysdb_selinux.c0000664002412700241270000002511712320753107020216 0ustar00jhrozekjhrozek00000000000000/* SSSD System Database - SELinux support Copyright (C) Jan Zeleny 2012 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/sss_selinux.h" #include "db/sysdb_selinux.h" #include "db/sysdb_private.h" /* Some generic routines */ static errno_t sysdb_add_selinux_entity(struct sysdb_ctx *sysdb, struct ldb_dn *dn, const char *objectclass, struct sysdb_attrs *attrs, time_t now) { struct ldb_message *msg; TALLOC_CTX *tmp_ctx; errno_t ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS, objectclass); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set map object class [%d]: %s\n", ret, strerror(ret))); return ret; } if (!now) { now = time(NULL); } ret = sysdb_attrs_add_time_t(attrs, SYSDB_CREATE_TIME, now); if (ret) goto done; msg->dn = dn; msg->elements = attrs->a; msg->num_elements = attrs->num; ret = ldb_add(sysdb->ldb, msg); ret = sysdb_error_to_errno(ret); done: if (ret) { DEBUG(SSSDBG_TRACE_LIBS, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } static errno_t sysdb_store_selinux_entity(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sysdb_attrs *attrs, enum selinux_entity_type type) { TALLOC_CTX *tmp_ctx; bool in_transaction = false; const char *objectclass = NULL; const char *name; char *clean_name; struct ldb_dn *dn = NULL; errno_t sret = EOK; errno_t ret; time_t now; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } switch (type) { case SELINUX_USER_MAP: objectclass = SYSDB_SELINUX_USERMAP_CLASS; ret = sysdb_attrs_get_string(attrs, SYSDB_NAME, &name); if (ret != EOK) { goto done; } ret = sysdb_dn_sanitize(tmp_ctx, name, &clean_name); if (ret != EOK) { goto done; } dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_SEUSERMAP, clean_name, domain->name); break; case SELINUX_CONFIG: objectclass = SYSDB_SELINUX_CLASS; dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_SELINUX_BASE, domain->name); break; } if (type != SELINUX_CONFIG && type != SELINUX_USER_MAP) { DEBUG(SSSDBG_CRIT_FAILURE, ("Bad SELinux entity type: [%d]\n", type)); ret = EINVAL; goto done; } if (!dn) { ret = ENOMEM; goto done; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); goto done; } in_transaction = true; now = time(NULL); ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now); if (ret) goto done; ret = sysdb_add_selinux_entity(sysdb, dn, objectclass, attrs, now); if (ret != EOK) { goto done; } ret = sysdb_set_entry_attr(sysdb, dn, attrs, SYSDB_MOD_REP); if (ret != EOK) { goto done; } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n")); goto done; } in_transaction = false; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } errno_t sysdb_store_selinux_usermap(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sysdb_attrs *attrs) { return sysdb_store_selinux_entity(sysdb, domain, attrs, SELINUX_USER_MAP); } errno_t sysdb_store_selinux_config(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *default_user, const char *order) { errno_t ret; struct sysdb_attrs *attrs; attrs = talloc_zero(NULL, struct sysdb_attrs); if (attrs == NULL) { return ENOMEM; } if (!order) { DEBUG(SSSDBG_CRIT_FAILURE, ("The SELinux order is missing\n")); return EINVAL; } if (default_user) { ret = sysdb_attrs_add_string(attrs, SYSDB_SELINUX_DEFAULT_USER, default_user); if (ret != EOK) { goto done; } } ret = sysdb_attrs_add_string(attrs, SYSDB_SELINUX_DEFAULT_ORDER, order); if (ret != EOK) { goto done; } ret = sysdb_store_selinux_entity(sysdb, domain, attrs, SELINUX_CONFIG); done: talloc_free(attrs); return ret; } errno_t sysdb_delete_usermaps(struct sysdb_ctx *sysdb, struct sss_domain_info *domain) { struct ldb_dn *dn = NULL; errno_t ret; dn = ldb_dn_new_fmt(sysdb, sysdb->ldb, SYSDB_TMPL_SELINUX_BASE, domain->name); if (!dn) return ENOMEM; ret = sysdb_delete_recursive(sysdb, dn, true); talloc_free(dn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_delete_recursive failed.\n")); return ret; } return EOK; } /* --- SYSDB SELinux search routines --- */ errno_t sysdb_search_selinux_usermap_by_mapname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **attrs, struct ldb_message **_usermap) { TALLOC_CTX *tmp_ctx; const char *def_attrs[] = { SYSDB_NAME, SYSDB_USER_CATEGORY, SYSDB_HOST_CATEGORY, SYSDB_ORIG_MEMBER_USER, SYSDB_ORIG_MEMBER_HOST, SYSDB_SELINUX_USER, NULL }; struct ldb_message **msgs = NULL; struct ldb_dn *basedn; size_t msgs_count = 0; char *clean_name; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_dn_sanitize(tmp_ctx, name, &clean_name); if (ret != EOK) { goto done; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_SEUSERMAP, clean_name, domain->name); if (!basedn) { ret = ENOMEM; goto done; } ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL, attrs?attrs:def_attrs, &msgs_count, &msgs); if (ret) { goto done; } *_usermap = talloc_steal(mem_ctx, msgs[0]); done: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n")); } else if (ret) { DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } errno_t sysdb_get_selinux_usermaps(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char **attrs, size_t *count, struct ldb_message ***messages) { errno_t ret; char *filter; struct ldb_dn *basedn; basedn = ldb_dn_new_fmt(mem_ctx, sysdb_ctx_get_ldb(sysdb), SYSDB_TMPL_SELINUX_BASE, domain->name); if (!basedn) { return ENOMEM; } filter = talloc_asprintf(mem_ctx, "(%s=%s)", SYSDB_OBJECTCLASS, SYSDB_SELINUX_USERMAP_CLASS); if (filter == NULL) { talloc_free(basedn); return ENOMEM; } ret = sysdb_search_entry(mem_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter, attrs, count, messages); talloc_free(basedn); talloc_free(filter); if (ret == ENOENT) { *count = 0; *messages = NULL; } else if (ret) { return ret; } return EOK; } errno_t sysdb_search_selinux_config(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char **attrs, struct ldb_message **_config) { TALLOC_CTX *tmp_ctx; const char *def_attrs[] = { SYSDB_SELINUX_DEFAULT_USER, SYSDB_SELINUX_DEFAULT_ORDER, NULL }; struct ldb_message **msgs; size_t msgs_count; struct ldb_dn *basedn; errno_t ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_SELINUX_BASE, domain->name); if (!basedn) { ret = ENOMEM; goto done; } ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL, attrs?attrs:def_attrs, &msgs_count, &msgs); if (ret) { goto done; } *_config = talloc_steal(mem_ctx, msgs[0]); done: if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("No SELinux root entry found\n")); } else if (ret) { DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_selinux.h0000644000000000000000000000007312320753107017772 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.456875097 sssd-1.11.5/src/db/sysdb_selinux.h0000664002412700241270000000656412320753107020230 0ustar00jhrozekjhrozek00000000000000/* SSSD System Database Header - SELinux support Copyright (C) Jan Zeleny 2012 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SYS_DB_SELINUX_H__ #define __SYS_DB_SELINUX_H__ #include "db/sysdb.h" #define SYSDB_SELINUX_CONTAINER "cn=selinux" #define SYSDB_TMPL_SELINUX_BASE SYSDB_SELINUX_CONTAINER",cn=%s,"SYSDB_BASE #define SYSDB_TMPL_SEUSERMAP SYSDB_NAME"=%s,"SYSDB_TMPL_SELINUX_BASE #define SYSDB_SELINUX_NAME "config" #define SYSDB_SELINUX_SEEALSO "seeAlso" #define SYSDB_SELINUX_USER "selinuxUser" #define SYSDB_SELINUX_ENABLED "enabled" #define SYSDB_SELINUX_DEFAULT_USER "user" #define SYSDB_SELINUX_DEFAULT_ORDER "order" #define SYSDB_SELINUX_HOST_PRIORITY "hostPriority" enum selinux_entity_type { SELINUX_CONFIG, SELINUX_USER_MAP }; errno_t sysdb_store_selinux_usermap(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sysdb_attrs *attrs); errno_t sysdb_store_selinux_config(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *default_map, const char *order); errno_t sysdb_get_selinux_usermaps(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char **attrs, size_t *count, struct ldb_message ***messages); errno_t sysdb_search_selinux_usermap_by_mapname(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *name, const char **attrs, struct ldb_message **_usermap); errno_t sysdb_search_selinux_usermap_by_username(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char *username, struct ldb_message ***_usermaps); errno_t sysdb_search_selinux_config(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char **attrs, struct ldb_message **_config); errno_t sysdb_delete_usermaps(struct sysdb_ctx *sysdb, struct sss_domain_info *domain); #endif sssd-1.11.5/src/db/PaxHeaders.13173/sysdb_ranges.c0000644000000000000000000000007312320753107017555 xustar000000000000000029 atime=1396954939.25389144 30 ctime=1396954961.663874944 sssd-1.11.5/src/db/sysdb_ranges.c0000664002412700241270000002617012320753107020006 0ustar00jhrozekjhrozek00000000000000/* SSSD System Database - ID ranges related calls Copyright (C) 2012 Sumit Bose This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "db/sysdb_private.h" static errno_t find_attr_as_uint32_t(const struct ldb_message *msg, const char *attr_name, uint32_t *result) { uint64_t val; val = ldb_msg_find_attr_as_uint64(msg, attr_name, UINT64_MAX); if (val == UINT64_MAX) { return ENOENT; } else if (val >= UINT32_MAX) { return EINVAL; } *result = val; return EOK; } errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, size_t *range_count, struct range_info ***range_list) { size_t c; errno_t ret; TALLOC_CTX *tmp_ctx; struct ldb_result *res; const char *attrs[] = {SYSDB_NAME, SYSDB_BASE_ID, SYSDB_ID_RANGE_SIZE, SYSDB_BASE_RID, SYSDB_SECONDARY_BASE_RID, SYSDB_DOMAIN_ID, SYSDB_ID_RANGE_TYPE, NULL}; struct range_info **list; struct ldb_dn *basedn; const char *tmp_str; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } basedn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_TMPL_RANGE_BASE); if (basedn == NULL) { ret = EIO; goto done; } ret = ldb_search(sysdb->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_ONELEVEL, attrs, "objectclass=%s", SYSDB_ID_RANGE_CLASS); if (ret != LDB_SUCCESS) { ret = EIO; goto done; } list = talloc_zero_array(tmp_ctx, struct range_info *, res->count + 1); if (list == NULL) { ret = ENOMEM; goto done; } for (c = 0; c < res->count; c++) { list[c] = talloc_zero(list, struct range_info); if (list[c] == NULL) { ret = ENOMEM; goto done; } tmp_str = ldb_msg_find_attr_as_string(res->msgs[c], SYSDB_NAME, NULL); if (tmp_str == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("The object [%s] doesn't have a name.\n", ldb_dn_get_linearized(res->msgs[c]->dn))); ret = EINVAL; goto done; } list[c]->name = talloc_strdup(list, tmp_str); if (list[c]->name == NULL) { ret = ENOMEM; goto done; } tmp_str = ldb_msg_find_attr_as_string(res->msgs[c], SYSDB_DOMAIN_ID, NULL); if (tmp_str != NULL) { list[c]->trusted_dom_sid = talloc_strdup(list, tmp_str); if (list[c]->trusted_dom_sid == NULL) { ret = ENOMEM; goto done; } } ret = find_attr_as_uint32_t(res->msgs[c], SYSDB_BASE_ID, &list[c]->base_id); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, ("find_attr_as_uint32_t failed.\n")); goto done; } ret = find_attr_as_uint32_t(res->msgs[c], SYSDB_ID_RANGE_SIZE, &list[c]->id_range_size); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, ("find_attr_as_uint32_t failed.\n")); goto done; } ret = find_attr_as_uint32_t(res->msgs[c], SYSDB_BASE_RID, &list[c]->base_rid); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, ("find_attr_as_uint32_t failed.\n")); goto done; } ret = find_attr_as_uint32_t(res->msgs[c], SYSDB_SECONDARY_BASE_RID, &list[c]->secondary_base_rid); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, ("find_attr_as_uint32_t failed.\n")); goto done; } tmp_str = ldb_msg_find_attr_as_string(res->msgs[c], SYSDB_ID_RANGE_TYPE, NULL); if (tmp_str != NULL) { list[c]->range_type = talloc_strdup(list, tmp_str); if (list[c]->range_type == NULL) { ret = ENOMEM; goto done; } } } list[res->count] = NULL; *range_count = res->count; *range_list = talloc_steal(mem_ctx, list); ret = EOK; done: talloc_free(tmp_ctx); return ret; } errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range) { struct ldb_message *msg; int ret; TALLOC_CTX *tmp_ctx; /* if both or none are set, skip */ if ((range->trusted_dom_sid == NULL && range->secondary_base_rid == 0) || (range->trusted_dom_sid != NULL && range->secondary_base_rid != 0)) { DEBUG(SSSDBG_OP_FAILURE, ("Invalid range, skipping. Expected that " "either the secondary base RID or the SID of the trusted " "domain is set, but not both or none of them.\n")); return EOK; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } msg = ldb_msg_new(tmp_ctx); if (!msg) { ret = ENOMEM; goto done; } msg->dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_RANGE, range->name); if (!msg->dn) { ret = ENOMEM; goto done; } ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_ID_RANGE_CLASS); if (ret) goto done; if (range->trusted_dom_sid == NULL && range->secondary_base_rid != 0) { ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_DOMAIN_ID_RANGE_CLASS); if (ret) goto done; ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_SECONDARY_BASE_RID, (unsigned long) range->secondary_base_rid); if (ret) goto done; } else if (range->trusted_dom_sid != NULL && range->secondary_base_rid == 0) { ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_TRUSTED_AD_DOMAIN_RANGE_CLASS); if (ret) goto done; ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_DOMAIN_ID, range->trusted_dom_sid); if (ret) goto done; } ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, range->name); if (ret) goto done; ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_BASE_ID, (unsigned long) range->base_id); if (ret) goto done; ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_ID_RANGE_SIZE, (unsigned long) range->id_range_size); if (ret) goto done; ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_BASE_RID, (unsigned long) range->base_rid); if (ret) goto done; ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME, (unsigned long)time(NULL)); if (ret) goto done; ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_ID_RANGE_TYPE, range->range_type); if (ret) goto done; ret = ldb_add(sysdb->ldb, msg); if (ret) goto done; ret = sysdb_error_to_errno(ret); done: if (ret) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); } talloc_zfree(tmp_ctx); return ret; } errno_t sysdb_update_ranges(struct sysdb_ctx *sysdb, struct range_info **ranges) { int ret; int sret; size_t c; size_t d; TALLOC_CTX *tmp_ctx = NULL; size_t cur_range_count; struct range_info **cur_ranges; struct ldb_dn *dn; bool in_transaction = false; bool *keep_range; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } /* Retrieve all ranges that are currently in sysdb */ ret = sysdb_get_ranges(tmp_ctx, sysdb, &cur_range_count, &cur_ranges); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_get_ranges failed.\n")); goto done; } keep_range = talloc_zero_array(tmp_ctx, bool, cur_range_count); if (keep_range == NULL) { ret = ENOMEM; DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero_array failed.\n")); goto done; } ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_transaction_start failed.\n")); goto done; } in_transaction = true; /* Go through a list of retrieved ranges and: * - if a range already exists in sysdb, mark it for preservation * - if the range doesn't exist in sysdb, create it */ for (c = 0; ranges[c] != NULL; c++) { for (d = 0; d < cur_range_count; d++) { if (strcasecmp(ranges[c]->name, cur_ranges[d]->name) == 0) { keep_range[d] = true; /* range already in cache, nothing to do */ break; } } if (d == cur_range_count) { DEBUG(SSSDBG_TRACE_FUNC, ("Adding range [%s].\n", ranges[c]->name)); ret = sysdb_range_create(sysdb, ranges[c]); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_range_create failed.\n")); goto done; } } } /* Now delete all ranges that have been in sysdb prior to * refreshing the list and are not marked for preservation * (i.e. they are not in the new list of ranges) */ for (d = 0; d < cur_range_count; d++) { if (!keep_range[d]) { DEBUG(SSSDBG_TRACE_FUNC, ("Removing range [%s].\n", cur_ranges[d]->name)); dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_RANGE, cur_ranges[d]->name); if (dn == NULL) { ret = ENOMEM; goto done; } ret = sysdb_delete_entry(sysdb, dn, true); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_delete_entry failed.\n")); goto done; } } } ret = sysdb_transaction_commit(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not commit transaction\n")); goto done; } in_transaction = false; done: if (in_transaction) { sret = sysdb_transaction_cancel(sysdb); if (sret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n")); } } talloc_free(tmp_ctx); return ret; } sssd-1.11.5/src/PaxHeaders.13173/build_macros.m40000644000000000000000000000007412320753107017247 xustar000000000000000030 atime=1396954939.602891184 30 ctime=1396954961.327875192 sssd-1.11.5/src/build_macros.m40000664002412700241270000000346012320753107017474 0ustar00jhrozekjhrozek00000000000000AC_DEFUN([BUILD_WITH_SHARED_BUILD_DIR], [ AC_ARG_WITH([shared-build-dir], [AC_HELP_STRING([--with-shared-build-dir=DIR], [temporary build directory where libraries are installed [$srcdir/sharedbuild]])]) sharedbuilddir="$srcdir/sharedbuild" if test x"$with_shared_build_dir" != x; then sharedbuilddir=$with_shared_build_dir CFLAGS="$CFLAGS -I$with_shared_build_dir/include" CPPFLAGS="$CPPFLAGS -I$with_shared_build_dir/include" LDFLAGS="$LDFLAGS -L$with_shared_build_dir/lib" fi AC_SUBST(sharedbuilddir) ]) AC_DEFUN([BUILD_WITH_AUX_INFO], [ AC_ARG_WITH([aux-info], [AC_HELP_STRING([--with-aux-info], [Build with -aux-info output])]) ]) AM_CONDITIONAL([WANT_AUX_INFO], [test x$with_aux_info = xyes]) dnl AC_CONFIG_FILES conditionalization requires using AM_COND_IF, however dnl dnl AM_COND_IF is new to Automake 1.11. To use it on new Automake without dnl dnl requiring same, a fallback implementation for older Autoconf is provided. dnl dnl Note that disabling of AC_CONFIG_FILES requires Automake 1.11, this code dnl dnl is correct only in terms of m4sh generated script. m4_ifndef([AM_COND_IF], [AC_DEFUN([AM_COND_IF], [ if test -z "$$1_TRUE"; then : m4_n([$2])[]dnl m4_ifval([$3], [else $3 ])dnl fi[]dnl ])]) dnl SSS_AC_EXPAND_LIB_DIR() prepare variable sss_extra_libdir, dnl variable will contain expanded version of string "$libdir" dnl therefore this variable can be safely added to LDFLAGS as dnl "-L$sss_extra_libdir ". AC_DEFUN([SSS_AC_EXPAND_LIB_DIR], [ AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) dnl By default, look in $includedir and $libdir. AC_LIB_WITH_FINAL_PREFIX([ eval additional_libdir=\"$libdir\" ]) sss_extra_libdir="$additional_libdir" ]) sssd-1.11.5/src/PaxHeaders.13173/responder0000644000000000000000000000013212320753521016261 xustar000000000000000030 mtime=1396954961.304875209 30 atime=1396955003.534843847 30 ctime=1396954961.304875209 sssd-1.11.5/src/responder/0000775002412700241270000000000012320753521016565 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/responder/PaxHeaders.13173/pam0000644000000000000000000000013212320753521017036 xustar000000000000000030 mtime=1396954961.771874864 30 atime=1396955003.534843847 30 ctime=1396954961.771874864 sssd-1.11.5/src/responder/pam/0000775002412700241270000000000012320753521017342 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/responder/pam/PaxHeaders.13173/pam_helpers.c0000644000000000000000000000007412320753107021563 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.771874864 sssd-1.11.5/src/responder/pam/pam_helpers.c0000664002412700241270000001020712320753107022005 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "src/responder/pam/pam_helpers.h" struct pam_initgr_table_ctx { hash_table_t *id_table; char *name; }; static void pam_initgr_cache_remove(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt); errno_t pam_initgr_cache_set(struct tevent_context *ev, hash_table_t *id_table, char *name, long timeout) { errno_t ret; hash_key_t key; hash_value_t val; int hret; struct tevent_timer *te; struct timeval tv; struct pam_initgr_table_ctx *table_ctx; table_ctx = talloc_zero(id_table, struct pam_initgr_table_ctx); if (!table_ctx) return ENOMEM; table_ctx->id_table = id_table; table_ctx->name = talloc_strdup(table_ctx, name); if (!table_ctx->name) { ret = ENOMEM; goto done; } key.type = HASH_KEY_STRING; key.str = name; /* The value isn't relevant, since we're using * a timer to remove the entry. */ val.type = HASH_VALUE_UNDEF; hret = hash_enter(id_table, &key, &val); if (hret != HASH_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not update initgr cache for [%s]: [%s]\n", name, hash_error_string(hret))); ret = EIO; goto done; } else { DEBUG(SSSDBG_TRACE_INTERNAL, ("[%s] added to PAM initgroup cache\n", name)); } /* Create a timer event to remove the entry from the cache */ tv = tevent_timeval_current_ofs(timeout, 0); te = tevent_add_timer(ev, table_ctx, tv, pam_initgr_cache_remove, table_ctx); if (!te) { ret = ENOMEM; goto done; } ret = EOK; done: if (ret != EOK) { talloc_free(table_ctx); } return ret; } static void pam_initgr_cache_remove(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { int hret; hash_key_t key; struct pam_initgr_table_ctx *table_ctx = talloc_get_type(pvt, struct pam_initgr_table_ctx); key.type = HASH_KEY_STRING; key.str = table_ctx->name; hret = hash_delete(table_ctx->id_table, &key); if (hret != HASH_SUCCESS && hret != HASH_ERROR_KEY_NOT_FOUND) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not clear [%s] from initgr cache: [%s]\n", table_ctx->name, hash_error_string(hret))); } else { DEBUG(SSSDBG_TRACE_INTERNAL, ("[%s] removed from PAM initgroup cache\n", table_ctx->name)); } talloc_free(table_ctx); } errno_t pam_initgr_check_timeout(hash_table_t *id_table, char *name) { hash_key_t key; hash_value_t val; int hret; key.type = HASH_KEY_STRING; key.str = name; hret = hash_lookup(id_table, &key, &val); if (hret != HASH_SUCCESS && hret != HASH_ERROR_KEY_NOT_FOUND) { return EIO; } else if (hret == HASH_ERROR_KEY_NOT_FOUND) { return ENOENT; } /* If there's a value here, then the cache * entry is still valid. */ return EOK; } sssd-1.11.5/src/responder/pam/PaxHeaders.13173/pamsrv_cmd.c0000644000000000000000000000007412320753107021417 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.769874866 sssd-1.11.5/src/responder/pam/pamsrv_cmd.c0000664002412700241270000011326612320753107021652 0ustar00jhrozekjhrozek00000000000000/* SSSD PAM Responder Copyright (C) Simo Sorce 2009 Copyright (C) Sumit Bose 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "util/auth_utils.h" #include "db/sysdb.h" #include "confdb/confdb.h" #include "responder/common/responder_packet.h" #include "responder/common/responder.h" #include "responder/common/negcache.h" #include "providers/data_provider.h" #include "responder/pam/pamsrv.h" #include "responder/pam/pam_helpers.h" #include "db/sysdb.h" enum pam_verbosity { PAM_VERBOSITY_NO_MESSAGES = 0, PAM_VERBOSITY_IMPORTANT, PAM_VERBOSITY_INFO, PAM_VERBOSITY_DEBUG }; #define DEFAULT_PAM_VERBOSITY PAM_VERBOSITY_IMPORTANT static void pam_reply(struct pam_auth_req *preq); static int extract_authtok_v2(struct sss_auth_token *tok, size_t data_size, uint8_t *body, size_t blen, size_t *c) { uint32_t auth_token_type; uint32_t auth_token_length; uint8_t *auth_token_data; int ret = EOK; if (data_size < sizeof(uint32_t) || *c+data_size > blen || SIZE_T_OVERFLOW(*c, data_size)) return EINVAL; SAFEALIGN_COPY_UINT32_CHECK(&auth_token_type, &body[*c], blen, c); auth_token_length = data_size - sizeof(uint32_t); auth_token_data = body+(*c); switch (auth_token_type) { case SSS_AUTHTOK_TYPE_EMPTY: sss_authtok_set_empty(tok); break; case SSS_AUTHTOK_TYPE_PASSWORD: if (auth_token_length == 0) { sss_authtok_set_empty(tok); } else { ret = sss_authtok_set_password(tok, (const char *)auth_token_data, auth_token_length); } break; default: return EINVAL; } *c += auth_token_length; return ret; } static int extract_string(char **var, size_t size, uint8_t *body, size_t blen, size_t *c) { uint8_t *str; if (*c+size > blen || SIZE_T_OVERFLOW(*c, size)) return EINVAL; str = body+(*c); if (str[size-1]!='\0') return EINVAL; /* If the string isn't valid UTF-8, fail */ if (!sss_utf8_check(str, size-1)) { return EINVAL; } *c += size; *var = (char *) str; return EOK; } static int extract_uint32_t(uint32_t *var, size_t size, uint8_t *body, size_t blen, size_t *c) { if (size != sizeof(uint32_t) || *c+size > blen || SIZE_T_OVERFLOW(*c, size)) return EINVAL; SAFEALIGN_COPY_UINT32_CHECK(var, &body[*c], blen, c); return EOK; } static int pd_set_primary_name(const struct ldb_message *msg,struct pam_data *pd) { const char *name; name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); if (!name) { DEBUG(SSSDBG_CRIT_FAILURE, ("A user with no name?\n")); return EIO; } if (strcmp(pd->user, name)) { DEBUG(SSSDBG_TRACE_FUNC, ("User's primary name is %s\n", name)); talloc_free(pd->user); pd->user = talloc_strdup(pd, name); if (!pd->user) return ENOMEM; } return EOK; } static int pam_parse_in_data_v2(struct sss_domain_info *domains, const char *default_domain, struct pam_data *pd, uint8_t *body, size_t blen) { size_t c; uint32_t type; uint32_t size; char *pam_user; int ret; uint32_t terminator = SSS_END_OF_PAM_REQUEST; if (blen < 4*sizeof(uint32_t)+2 || ((uint32_t *)body)[0] != SSS_START_OF_PAM_REQUEST || memcmp(&body[blen - sizeof(uint32_t)], &terminator, sizeof(uint32_t)) != 0) { DEBUG(1, ("Received data is invalid.\n")); return EINVAL; } c = sizeof(uint32_t); do { SAFEALIGN_COPY_UINT32_CHECK(&type, &body[c], blen, &c); if (type == SSS_END_OF_PAM_REQUEST) { if (c != blen) return EINVAL; } else { SAFEALIGN_COPY_UINT32_CHECK(&size, &body[c], blen, &c); /* the uint32_t end maker SSS_END_OF_PAM_REQUEST does not count to * the remaining buffer */ if (size > (blen - c - sizeof(uint32_t))) { DEBUG(1, ("Invalid data size.\n")); return EINVAL; } switch(type) { case SSS_PAM_ITEM_USER: ret = extract_string(&pam_user, size, body, blen, &c); if (ret != EOK) return ret; ret = sss_parse_name_for_domains(pd, domains, default_domain, pam_user, &pd->domain, &pd->user); if (ret != EOK) return ret; break; case SSS_PAM_ITEM_SERVICE: ret = extract_string(&pd->service, size, body, blen, &c); if (ret != EOK) return ret; break; case SSS_PAM_ITEM_TTY: ret = extract_string(&pd->tty, size, body, blen, &c); if (ret != EOK) return ret; break; case SSS_PAM_ITEM_RUSER: ret = extract_string(&pd->ruser, size, body, blen, &c); if (ret != EOK) return ret; break; case SSS_PAM_ITEM_RHOST: ret = extract_string(&pd->rhost, size, body, blen, &c); if (ret != EOK) return ret; break; case SSS_PAM_ITEM_CLI_PID: ret = extract_uint32_t(&pd->cli_pid, size, body, blen, &c); if (ret != EOK) return ret; break; case SSS_PAM_ITEM_AUTHTOK: ret = extract_authtok_v2(pd->authtok, size, body, blen, &c); if (ret != EOK) return ret; break; case SSS_PAM_ITEM_NEWAUTHTOK: ret = extract_authtok_v2(pd->newauthtok, size, body, blen, &c); if (ret != EOK) return ret; break; default: DEBUG(1,("Ignoring unknown data type [%d].\n", type)); c += size; } } } while(c < blen); if (pd->user == NULL || *pd->user == '\0') return EINVAL; DEBUG_PAM_DATA(4, pd); return EOK; } static int pam_parse_in_data_v3(struct sss_domain_info *domains, const char *default_domain, struct pam_data *pd, uint8_t *body, size_t blen) { int ret; ret = pam_parse_in_data_v2(domains, default_domain, pd, body, blen); if (ret != EOK) { DEBUG(1, ("pam_parse_in_data_v2 failed.\n")); return ret; } if (pd->cli_pid == 0) { DEBUG(1, ("Missing client PID.\n")); return EINVAL; } return EOK; } static int extract_authtok_v1(struct sss_auth_token *tok, uint8_t *body, size_t blen, size_t *c) { uint32_t auth_token_type; uint32_t auth_token_length; uint8_t *auth_token_data; int ret = EOK; SAFEALIGN_COPY_UINT32_CHECK(&auth_token_type, &body[*c], blen, c); SAFEALIGN_COPY_UINT32_CHECK(&auth_token_length, &body[*c], blen, c); auth_token_data = body+(*c); switch (auth_token_type) { case SSS_AUTHTOK_TYPE_EMPTY: sss_authtok_set_empty(tok); break; case SSS_AUTHTOK_TYPE_PASSWORD: ret = sss_authtok_set_password(tok, (const char *)auth_token_data, auth_token_length); break; default: return EINVAL; } *c += auth_token_length; return ret; } static int pam_parse_in_data(struct sss_domain_info *domains, const char *default_domain, struct pam_data *pd, uint8_t *body, size_t blen) { size_t start; size_t end; size_t last; int ret; last = blen - 1; end = 0; /* user name */ for (start = end; end < last; end++) if (body[end] == '\0') break; if (body[end++] != '\0') return EINVAL; ret = sss_parse_name_for_domains(pd, domains, default_domain, (char *)&body[start], &pd->domain, &pd->user); if (ret != EOK) return ret; for (start = end; end < last; end++) if (body[end] == '\0') break; if (body[end++] != '\0') return EINVAL; pd->service = (char *) &body[start]; for (start = end; end < last; end++) if (body[end] == '\0') break; if (body[end++] != '\0') return EINVAL; pd->tty = (char *) &body[start]; for (start = end; end < last; end++) if (body[end] == '\0') break; if (body[end++] != '\0') return EINVAL; pd->ruser = (char *) &body[start]; for (start = end; end < last; end++) if (body[end] == '\0') break; if (body[end++] != '\0') return EINVAL; pd->rhost = (char *) &body[start]; ret = extract_authtok_v1(pd->authtok, body, blen, &end); if (ret) { DEBUG(1, ("Invalid auth token\n")); return ret; } ret = extract_authtok_v1(pd->newauthtok, body, blen, &end); if (ret) { DEBUG(1, ("Invalid new auth token\n")); return ret; } DEBUG_PAM_DATA(4, pd); return EOK; } /*=Save-Last-Login-State===================================================*/ static errno_t set_last_login(struct pam_auth_req *preq) { struct sysdb_attrs *attrs; errno_t ret; attrs = sysdb_new_attrs(preq); if (!attrs) { ret = ENOMEM; goto fail; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_ONLINE_AUTH, time(NULL)); if (ret != EOK) { goto fail; } ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_LOGIN, time(NULL)); if (ret != EOK) { goto fail; } ret = sysdb_set_user_attr(preq->domain->sysdb, preq->domain, preq->pd->user, attrs, SYSDB_MOD_REP); if (ret != EOK) { DEBUG(2, ("set_last_login failed.\n")); preq->pd->pam_status = PAM_SYSTEM_ERR; goto fail; } else { preq->pd->last_auth_saved = true; } preq->callback(preq); return EOK; fail: return ret; } static errno_t filter_responses(struct confdb_ctx *cdb, struct response_data *resp_list) { int ret; struct response_data *resp; uint32_t user_info_type; int64_t expire_date; int pam_verbosity; ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_VERBOSITY, DEFAULT_PAM_VERBOSITY, &pam_verbosity); if (ret != EOK) { DEBUG(1, ("Failed to read PAM verbosity, not fatal.\n")); pam_verbosity = DEFAULT_PAM_VERBOSITY; } resp = resp_list; while(resp != NULL) { if (resp->type == SSS_PAM_USER_INFO) { if (resp->len < sizeof(uint32_t)) { DEBUG(1, ("User info entry is too short.\n")); return EINVAL; } if (pam_verbosity == PAM_VERBOSITY_NO_MESSAGES) { resp->do_not_send_to_client = true; resp = resp->next; continue; } memcpy(&user_info_type, resp->data, sizeof(uint32_t)); resp->do_not_send_to_client = false; switch (user_info_type) { case SSS_PAM_USER_INFO_OFFLINE_AUTH: if (resp->len != sizeof(uint32_t) + sizeof(int64_t)) { DEBUG(1, ("User info offline auth entry is " "too short.\n")); return EINVAL; } memcpy(&expire_date, resp->data + sizeof(uint32_t), sizeof(int64_t)); if ((expire_date == 0 && pam_verbosity < PAM_VERBOSITY_INFO) || (expire_date > 0 && pam_verbosity < PAM_VERBOSITY_IMPORTANT)) { resp->do_not_send_to_client = true; } break; default: DEBUG(SSSDBG_TRACE_LIBS, ("User info type [%d] not filtered.\n", user_info_type)); } } else if (resp->type & SSS_SERVER_INFO) { resp->do_not_send_to_client = true; } resp = resp->next; } return EOK; } static void pam_reply_delay(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { struct pam_auth_req *preq; DEBUG(4, ("pam_reply_delay get called.\n")); preq = talloc_get_type(pvt, struct pam_auth_req); pam_reply(preq); } static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd); static void pam_handle_cached_login(struct pam_auth_req *preq, int ret, time_t expire_date, time_t delayed_until); static void pam_reply(struct pam_auth_req *preq) { struct cli_ctx *cctx; uint8_t *body; size_t blen; int ret; int32_t resp_c; int32_t resp_size; struct response_data *resp; int p; struct timeval tv; struct tevent_timer *te; struct pam_data *pd; struct pam_ctx *pctx; uint32_t user_info_type; time_t exp_date = -1; time_t delay_until = -1; pd = preq->pd; cctx = preq->cctx; pctx = talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx); DEBUG(SSSDBG_FUNC_DATA, ("pam_reply called with result [%d].\n", pd->pam_status)); if (pd->pam_status == PAM_AUTHINFO_UNAVAIL) { switch(pd->cmd) { case SSS_PAM_AUTHENTICATE: if ((preq->domain != NULL) && (preq->domain->cache_credentials == true) && (pd->offline_auth == false)) { const char *password = NULL; /* do auth with offline credentials */ pd->offline_auth = true; if (preq->domain->sysdb == NULL) { DEBUG(0, ("Fatal: Sysdb CTX not found for domain" " [%s]!\n", preq->domain->name)); goto done; } ret = sss_authtok_get_password(pd->authtok, &password, NULL); if (ret) { DEBUG(0, ("Failed to get password.\n")); goto done; } ret = sysdb_cache_auth(preq->domain->sysdb, preq->domain, pd->user, password, pctx->rctx->cdb, false, &exp_date, &delay_until); pam_handle_cached_login(preq, ret, exp_date, delay_until); return; } break; case SSS_PAM_CHAUTHTOK_PRELIM: case SSS_PAM_CHAUTHTOK: DEBUG(5, ("Password change not possible while offline.\n")); pd->pam_status = PAM_AUTHTOK_ERR; user_info_type = SSS_PAM_USER_INFO_OFFLINE_CHPASS; ret = pam_add_response(pd, SSS_PAM_USER_INFO, sizeof(uint32_t), (const uint8_t *) &user_info_type); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); goto done; } break; /* TODO: we need the pam session cookie here to make sure that cached * authentication was successful */ case SSS_PAM_SETCRED: case SSS_PAM_ACCT_MGMT: case SSS_PAM_OPEN_SESSION: case SSS_PAM_CLOSE_SESSION: DEBUG(2, ("Assuming offline authentication setting status for " "pam call %d to PAM_SUCCESS.\n", pd->cmd)); pd->pam_status = PAM_SUCCESS; break; default: DEBUG(1, ("Unknown PAM call [%d].\n", pd->cmd)); pd->pam_status = PAM_MODULE_UNKNOWN; } } if (pd->response_delay > 0) { ret = gettimeofday(&tv, NULL); if (ret != EOK) { DEBUG(1, ("gettimeofday failed [%d][%s].\n", errno, strerror(errno))); goto done; } tv.tv_sec += pd->response_delay; tv.tv_usec = 0; pd->response_delay = 0; te = tevent_add_timer(cctx->ev, cctx, tv, pam_reply_delay, preq); if (te == NULL) { DEBUG(1, ("Failed to add event pam_reply_delay.\n")); goto done; } return; } /* If this was a successful login, save the lastLogin time */ if (pd->cmd == SSS_PAM_AUTHENTICATE && pd->pam_status == PAM_SUCCESS && preq->domain->cache_credentials && !pd->offline_auth && !pd->last_auth_saved && NEED_CHECK_PROVIDER(preq->domain->provider)) { ret = set_last_login(preq); if (ret != EOK) { goto done; } return; } ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { goto done; } ret = filter_responses(pctx->rctx->cdb, pd->resp_list); if (ret != EOK) { DEBUG(1, ("filter_responses failed, not fatal.\n")); } if (pd->domain != NULL) { ret = pam_add_response(pd, SSS_PAM_DOMAIN_NAME, strlen(pd->domain)+1, (uint8_t *) pd->domain); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); goto done; } } resp_c = 0; resp_size = 0; resp = pd->resp_list; while(resp != NULL) { if (!resp->do_not_send_to_client) { resp_c++; resp_size += resp->len; } resp = resp->next; } ret = sss_packet_grow(cctx->creq->out, sizeof(int32_t) + sizeof(int32_t) + resp_c * 2* sizeof(int32_t) + resp_size); if (ret != EOK) { goto done; } sss_packet_get_body(cctx->creq->out, &body, &blen); DEBUG(SSSDBG_FUNC_DATA, ("blen: %zu\n", blen)); p = 0; memcpy(&body[p], &pd->pam_status, sizeof(int32_t)); p += sizeof(int32_t); memcpy(&body[p], &resp_c, sizeof(int32_t)); p += sizeof(int32_t); resp = pd->resp_list; while(resp != NULL) { if (!resp->do_not_send_to_client) { memcpy(&body[p], &resp->type, sizeof(int32_t)); p += sizeof(int32_t); memcpy(&body[p], &resp->len, sizeof(int32_t)); p += sizeof(int32_t); memcpy(&body[p], resp->data, resp->len); p += resp->len; } resp = resp->next; } done: sss_cmd_done(cctx, preq); } static void pam_handle_cached_login(struct pam_auth_req *preq, int ret, time_t expire_date, time_t delayed_until) { uint32_t resp_type; size_t resp_len; uint8_t *resp; int64_t dummy; preq->pd->pam_status = cached_login_pam_status(ret); switch (preq->pd->pam_status) { case PAM_SUCCESS: resp_type = SSS_PAM_USER_INFO_OFFLINE_AUTH; resp_len = sizeof(uint32_t) + sizeof(int64_t); resp = talloc_size(preq->pd, resp_len); if (resp == NULL) { DEBUG(1, ("talloc_size failed, cannot prepare user info.\n")); } else { memcpy(resp, &resp_type, sizeof(uint32_t)); dummy = (int64_t) expire_date; memcpy(resp+sizeof(uint32_t), &dummy, sizeof(int64_t)); ret = pam_add_response(preq->pd, SSS_PAM_USER_INFO, resp_len, (const uint8_t *) resp); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } } break; case PAM_PERM_DENIED: if (delayed_until >= 0) { resp_type = SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED; resp_len = sizeof(uint32_t) + sizeof(int64_t); resp = talloc_size(preq->pd, resp_len); if (resp == NULL) { DEBUG(1, ("talloc_size failed, cannot prepare user info.\n")); } else { memcpy(resp, &resp_type, sizeof(uint32_t)); dummy = (int64_t) delayed_until; memcpy(resp+sizeof(uint32_t), &dummy, sizeof(int64_t)); ret = pam_add_response(preq->pd, SSS_PAM_USER_INFO, resp_len, (const uint8_t *) resp); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); } } } break; default: DEBUG(SSSDBG_TRACE_LIBS, ("cached login returned: %d\n", preq->pd->pam_status)); } pam_reply(preq); return; } static void pam_forwarder_cb(struct tevent_req *req); static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr); static int pam_check_user_search(struct pam_auth_req *preq); static int pam_check_user_done(struct pam_auth_req *preq, int ret); static void pam_dom_forwarder(struct pam_auth_req *preq); /* TODO: we should probably return some sort of cookie that is set in the * PAM_ENVIRONMENT, so that we can save performing some calls and cache * data. */ errno_t pam_forwarder_parse_data(struct cli_ctx *cctx, struct pam_data *pd) { uint8_t *body; size_t blen; errno_t ret; uint32_t terminator = SSS_END_OF_PAM_REQUEST; sss_packet_get_body(cctx->creq->in, &body, &blen); if (blen >= sizeof(uint32_t) && memcmp(&body[blen - sizeof(uint32_t)], &terminator, sizeof(uint32_t)) != 0) { DEBUG(1, ("Received data not terminated.\n")); ret = EINVAL; goto done; } switch (cctx->cli_protocol_version->version) { case 1: ret = pam_parse_in_data(cctx->rctx->domains, cctx->rctx->default_domain, pd, body, blen); break; case 2: ret = pam_parse_in_data_v2(cctx->rctx->domains, cctx->rctx->default_domain, pd, body, blen); break; case 3: ret = pam_parse_in_data_v3(cctx->rctx->domains, cctx->rctx->default_domain, pd, body, blen); break; default: DEBUG(1, ("Illegal protocol version [%d].\n", cctx->cli_protocol_version->version)); ret = EINVAL; } done: return ret; } static int pam_auth_req_destructor(struct pam_auth_req *preq) { if (preq && preq->dpreq_spy) { /* If there is still a request pending, tell the spy * the client is going away */ preq->dpreq_spy->preq = NULL; } return 0; } static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) { struct sss_domain_info *dom; struct pam_auth_req *preq; struct pam_data *pd; int ret; errno_t ncret; struct pam_ctx *pctx = talloc_get_type(cctx->rctx->pvt_ctx, struct pam_ctx); struct tevent_req *req; preq = talloc_zero(cctx, struct pam_auth_req); if (!preq) { return ENOMEM; } talloc_set_destructor(preq, pam_auth_req_destructor); preq->cctx = cctx; preq->pd = create_pam_data(preq); if (!preq->pd) { talloc_free(preq); return ENOMEM; } pd = preq->pd; pd->cmd = pam_cmd; pd->priv = cctx->priv; ret = pam_forwarder_parse_data(cctx, pd); if (ret == EAGAIN) { req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true, pd->domain); if (req == NULL) { ret = ENOMEM; } else { tevent_req_set_callback(req, pam_forwarder_cb, preq); ret = EAGAIN; } goto done; } else if (ret != EOK) { ret = EINVAL; goto done; } /* now check user is valid */ if (pd->domain) { preq->domain = responder_get_domain(cctx->rctx, pd->domain); if (!preq->domain) { ret = ENOENT; goto done; } ncret = sss_ncache_check_user(pctx->ncache, pctx->neg_timeout, preq->domain, pd->user); if (ncret == EEXIST) { /* User found in the negative cache */ ret = ENOENT; goto done; } } else { for (dom = preq->cctx->rctx->domains; dom; dom = get_next_domain(dom, false)) { if (dom->fqnames) continue; ncret = sss_ncache_check_user(pctx->ncache, pctx->neg_timeout, dom, pd->user); if (ncret == ENOENT) { /* User not found in the negative cache * Proceed with PAM actions */ break; } /* Try the next domain */ DEBUG(SSSDBG_TRACE_FUNC, ("User [%s@%s] filtered out (negative cache). " "Trying next domain.\n", pd->user, dom->name)); } if (!dom) { ret = ENOENT; goto done; } preq->domain = dom; } if (preq->domain->provider == NULL) { DEBUG(1, ("Domain [%s] has no auth provider.\n", preq->domain->name)); ret = EINVAL; goto done; } preq->check_provider = NEED_CHECK_PROVIDER(preq->domain->provider); ret = pam_check_user_search(preq); if (ret == EOK) { pam_dom_forwarder(preq); } done: return pam_check_user_done(preq, ret); } static void pam_forwarder_cb(struct tevent_req *req) { struct pam_auth_req *preq = tevent_req_callback_data(req, struct pam_auth_req); struct cli_ctx *cctx = preq->cctx; struct pam_data *pd; errno_t ret = EOK; ret = sss_dp_get_domains_recv(req); talloc_free(req); if (ret != EOK) { goto done; } pd = preq->pd; ret = pam_forwarder_parse_data(cctx, pd); if (ret != EOK) { ret = EINVAL; goto done; } if (preq->pd->domain) { preq->domain = responder_get_domain(cctx->rctx, preq->pd->domain); if (preq->domain == NULL) { ret = ENOENT; goto done; } } ret = pam_check_user_search(preq); if (ret == EOK) { pam_dom_forwarder(preq); } done: pam_check_user_done(preq, ret); } static void pam_dp_send_acct_req_done(struct tevent_req *req); static int pam_check_user_search(struct pam_auth_req *preq) { struct sss_domain_info *dom = preq->domain; char *name = NULL; struct sysdb_ctx *sysdb; time_t cacheExpire; int ret; struct tevent_req *dpreq; struct dp_callback_ctx *cb_ctx; struct pam_ctx *pctx = talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx); while (dom) { /* if it is a domainless search, skip domains that require fully * qualified names instead */ while (dom && !preq->pd->domain && dom->fqnames) { dom = get_next_domain(dom, false); } if (!dom) break; if (dom != preq->domain) { /* make sure we reset the check_provider flag when we check * a new domain */ preq->check_provider = NEED_CHECK_PROVIDER(dom->provider); } /* make sure to update the preq if we changed domain */ preq->domain = dom; talloc_free(name); name = sss_get_cased_name(preq, preq->pd->user, dom->case_sensitive); if (!name) { return ENOMEM; } /* Refresh the user's cache entry on any PAM query * We put a timeout in the client context so that we limit * the number of updates within a reasonable timeout */ if (preq->check_provider) { ret = pam_initgr_check_timeout(pctx->id_table, name); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("Could not look up initgroup timout\n")); return EIO; } else if (ret == ENOENT) { /* Call provider first */ break; } /* Entry is still valid, get it from the sysdb */ } DEBUG(4, ("Requesting info for [%s@%s]\n", name, dom->name)); sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(0, ("Fatal: Sysdb CTX not found for this domain!\n")); preq->pd->pam_status = PAM_SYSTEM_ERR; return EFAULT; } ret = sysdb_getpwnam(preq, sysdb, dom, name, &preq->res); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); return EIO; } if (preq->res->count > 1) { DEBUG(0, ("getpwnam call returned more than one result !?!\n")); return ENOENT; } if (preq->res->count == 0) { if (preq->check_provider == false) { /* set negative cache only if not result of cache check */ ret = sss_ncache_set_user(pctx->ncache, false, dom, name); if (ret != EOK) { /* Should not be fatal, just slower next time */ DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set ncache for [%s@%s]\n", name, dom->name)); } } /* if a multidomain search, try with next */ if (!preq->pd->domain) { dom = get_next_domain(dom, false); continue; } DEBUG(2, ("No results for getpwnam call\n")); /* TODO: store negative cache ? */ return ENOENT; } /* One result found */ /* if we need to check the remote account go on */ if (preq->check_provider) { cacheExpire = ldb_msg_find_attr_as_uint64(preq->res->msgs[0], SYSDB_CACHE_EXPIRE, 0); if (cacheExpire < time(NULL)) { break; } } DEBUG(6, ("Returning info for user [%s@%s]\n", name, dom->name)); /* We might have searched by alias. Pass on the primary name */ ret = pd_set_primary_name(preq->res->msgs[0], preq->pd); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not canonicalize username\n")); return ret; } return EOK; } if (!dom) { /* Ensure that we don't try to check a provider without a domain, * since this will cause a NULL-dereference below. */ preq->check_provider = false; } if (preq->check_provider) { /* dont loop forever :-) */ preq->check_provider = false; dpreq = sss_dp_get_account_send(preq, preq->cctx->rctx, dom, false, SSS_DP_INITGROUPS, name, 0, NULL); if (!dpreq) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory sending data provider request\n")); return ENOMEM; } cb_ctx = talloc_zero(preq, struct dp_callback_ctx); if(!cb_ctx) { talloc_zfree(dpreq); return ENOMEM; } cb_ctx->callback = pam_check_user_dp_callback; cb_ctx->ptr = preq; cb_ctx->cctx = preq->cctx; cb_ctx->mem_ctx = preq; tevent_req_set_callback(dpreq, pam_dp_send_acct_req_done, cb_ctx); /* tell caller we are in an async call */ return EAGAIN; } DEBUG(SSSDBG_MINOR_FAILURE, ("No matching domain found for [%s], fail!\n", preq->pd->user)); return ENOENT; } static void pam_dp_send_acct_req_done(struct tevent_req *req) { struct dp_callback_ctx *cb_ctx = tevent_req_callback_data(req, struct dp_callback_ctx); errno_t ret; dbus_uint16_t err_maj; dbus_uint32_t err_min; char *err_msg; ret = sss_dp_get_account_recv(cb_ctx->mem_ctx, req, &err_maj, &err_min, &err_msg); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Fatal error, killing connection!\n")); talloc_free(cb_ctx->cctx); return; } cb_ctx->callback(err_maj, err_min, err_msg, cb_ctx->ptr); } static int pam_check_user_done(struct pam_auth_req *preq, int ret) { switch (ret) { case EOK: break; case EAGAIN: /* performing async request, just return */ break; case ENOENT: preq->pd->pam_status = PAM_USER_UNKNOWN; pam_reply(preq); break; default: preq->pd->pam_status = PAM_SYSTEM_ERR; pam_reply(preq); break; } return EOK; } static void pam_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr) { struct pam_auth_req *preq = talloc_get_type(ptr, struct pam_auth_req); int ret; struct pam_ctx *pctx = talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx); char *name; if (err_maj) { DEBUG(2, ("Unable to get information from Data Provider\n" "Error: %u, %u, %s\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } ret = pam_check_user_search(preq); if (ret == EOK) { /* Make sure we don't go to the ID provider too often */ name = preq->domain->case_sensitive ? talloc_strdup(preq, preq->pd->user) : sss_tc_utf8_str_tolower(preq, preq->pd->user); if (!name) { ret = ENOMEM; goto done; } ret = pam_initgr_cache_set(pctx->rctx->ev, pctx->id_table, name, pctx->id_timeout); talloc_free(name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not save initgr timestamp. " "Proceeding with PAM actions\n")); /* This is non-fatal, we'll just end up going to the * data provider again next time. */ } pam_dom_forwarder(preq); } ret = pam_check_user_done(preq, ret); done: if (ret) { preq->pd->pam_status = PAM_SYSTEM_ERR; pam_reply(preq); } } static void pam_dom_forwarder(struct pam_auth_req *preq) { int ret; if (!preq->pd->domain) { preq->pd->domain = preq->domain->name; } if (!NEED_CHECK_PROVIDER(preq->domain->provider)) { preq->callback = pam_reply; ret = LOCAL_pam_handler(preq); } else { preq->callback = pam_reply; ret = pam_dp_send_req(preq, SSS_CLI_SOCKET_TIMEOUT/2); DEBUG(4, ("pam_dp_send_req returned %d\n", ret)); } if (ret != EOK) { preq->pd->pam_status = PAM_SYSTEM_ERR; pam_reply(preq); } } static int pam_cmd_authenticate(struct cli_ctx *cctx) { DEBUG(4, ("entering pam_cmd_authenticate\n")); return pam_forwarder(cctx, SSS_PAM_AUTHENTICATE); } static int pam_cmd_setcred(struct cli_ctx *cctx) { DEBUG(4, ("entering pam_cmd_setcred\n")); return pam_forwarder(cctx, SSS_PAM_SETCRED); } static int pam_cmd_acct_mgmt(struct cli_ctx *cctx) { DEBUG(4, ("entering pam_cmd_acct_mgmt\n")); return pam_forwarder(cctx, SSS_PAM_ACCT_MGMT); } static int pam_cmd_open_session(struct cli_ctx *cctx) { DEBUG(4, ("entering pam_cmd_open_session\n")); return pam_forwarder(cctx, SSS_PAM_OPEN_SESSION); } static int pam_cmd_close_session(struct cli_ctx *cctx) { DEBUG(4, ("entering pam_cmd_close_session\n")); return pam_forwarder(cctx, SSS_PAM_CLOSE_SESSION); } static int pam_cmd_chauthtok(struct cli_ctx *cctx) { DEBUG(4, ("entering pam_cmd_chauthtok\n")); return pam_forwarder(cctx, SSS_PAM_CHAUTHTOK); } static int pam_cmd_chauthtok_prelim(struct cli_ctx *cctx) { DEBUG(4, ("entering pam_cmd_chauthtok_prelim\n")); return pam_forwarder(cctx, SSS_PAM_CHAUTHTOK_PRELIM); } struct cli_protocol_version *register_cli_protocol_version(void) { static struct cli_protocol_version pam_cli_protocol_version[] = { {3, "2009-09-14", "make cli_pid mandatory"}, {2, "2009-05-12", "new format "}, {1, "2008-09-05", "initial version, \\0 terminated strings"}, {0, NULL, NULL} }; return pam_cli_protocol_version; } struct sss_cmd_table *get_pam_cmds(void) { static struct sss_cmd_table sss_cmds[] = { {SSS_GET_VERSION, sss_cmd_get_version}, {SSS_PAM_AUTHENTICATE, pam_cmd_authenticate}, {SSS_PAM_SETCRED, pam_cmd_setcred}, {SSS_PAM_ACCT_MGMT, pam_cmd_acct_mgmt}, {SSS_PAM_OPEN_SESSION, pam_cmd_open_session}, {SSS_PAM_CLOSE_SESSION, pam_cmd_close_session}, {SSS_PAM_CHAUTHTOK, pam_cmd_chauthtok}, {SSS_PAM_CHAUTHTOK_PRELIM, pam_cmd_chauthtok_prelim}, {SSS_CLI_NULL, NULL} }; return sss_cmds; } sssd-1.11.5/src/responder/pam/PaxHeaders.13173/pamsrv.c0000644000000000000000000000007412320753107020574 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.768874866 sssd-1.11.5/src/responder/pam/pamsrv.c0000664002412700241270000001724512320753107021027 0ustar00jhrozekjhrozek00000000000000/* SSSD PAM Responder Copyright (C) Simo Sorce 2009 Copyright (C) Sumit Bose 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include #include #include "popt.h" #include "util/util.h" #include "db/sysdb.h" #include "confdb/confdb.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "responder/common/responder_packet.h" #include "providers/data_provider.h" #include "monitor/monitor_interfaces.h" #include "sbus/sbus_client.h" #include "responder/pam/pamsrv.h" #include "responder/common/negcache.h" #include "responder/common/responder_sbus.h" #define DEFAULT_PAM_FD_LIMIT 8192 struct sbus_method monitor_pam_methods[] = { { MON_CLI_METHOD_PING, monitor_common_pong }, { MON_CLI_METHOD_RES_INIT, monitor_common_res_init }, { MON_CLI_METHOD_ROTATE, responder_logrotate }, { NULL, NULL } }; struct sbus_interface monitor_pam_interface = { MONITOR_INTERFACE, MONITOR_PATH, SBUS_DEFAULT_VTABLE, monitor_pam_methods, NULL }; static struct sbus_method pam_dp_methods[] = { { NULL, NULL } }; struct sbus_interface pam_dp_interface = { DP_INTERFACE, DP_PATH, SBUS_DEFAULT_VTABLE, pam_dp_methods, NULL }; static void pam_dp_reconnect_init(struct sbus_connection *conn, int status, void *pvt) { struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn); int ret; /* Did we reconnect successfully? */ if (status == SBUS_RECONNECT_SUCCESS) { DEBUG(1, ("Reconnected to the Data Provider.\n")); /* Identify ourselves to the data provider */ ret = dp_common_send_id(be_conn->conn, DATA_PROVIDER_VERSION, "PAM"); /* all fine */ if (ret == EOK) { handle_requests_after_reconnect(be_conn->rctx); return; } } /* Handle failure */ DEBUG(0, ("Could not reconnect to %s provider.\n", be_conn->domain->name)); /* FIXME: kill the frontend and let the monitor restart it ? */ /* pam_shutdown(rctx); */ } static int pam_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct resp_ctx *rctx; struct sss_cmd_table *pam_cmds; struct be_conn *iter; struct pam_ctx *pctx; int ret, max_retries; int id_timeout; int fd_limit; pam_cmds = get_pam_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, pam_cmds, SSS_PAM_SOCKET_NAME, SSS_PAM_PRIV_SOCKET_NAME, CONFDB_PAM_CONF_ENTRY, SSS_PAM_SBUS_SERVICE_NAME, SSS_PAM_SBUS_SERVICE_VERSION, &monitor_pam_interface, "PAM", &pam_dp_interface, &rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("sss_process_init() failed\n")); return ret; } pctx = talloc_zero(rctx, struct pam_ctx); if (!pctx) { ret = ENOMEM; goto done; } pctx->rctx = rctx; pctx->rctx->pvt_ctx = pctx; /* Enable automatic reconnection to the Data Provider */ /* FIXME: "retries" is too generic, either get it from a global config * or specify these retries are about the sbus connections to DP */ ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(0, ("Failed to set up automatic reconnection\n")); goto done; } for (iter = pctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, pam_dp_reconnect_init, iter); } /* Set up the negative cache */ ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15, &pctx->neg_timeout); if (ret != EOK) goto done; /* Set up the PAM identity timeout */ ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_ID_TIMEOUT, 5, &id_timeout); if (ret != EOK) goto done; pctx->id_timeout = (size_t)id_timeout; ret = sss_ncache_init(pctx, &pctx->ncache); if (ret != EOK) { DEBUG(0, ("fatal error initializing negative cache\n")); goto done; } ret = sss_ncache_prepopulate(pctx->ncache, cdb, pctx->rctx); if (ret != EOK) { goto done; } /* Create table for initgroup lookups */ ret = sss_hash_create(pctx, 10, &pctx->id_table); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not create initgroups hash table: [%s]", strerror(ret))); goto done; } /* Set up file descriptor limits */ ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_SERVICE_FD_LIMIT, DEFAULT_PAM_FD_LIMIT, &fd_limit); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to set up file descriptor limit\n")); goto done; } responder_set_fd_limit(fd_limit); ret = schedule_get_domains_task(rctx, rctx->ev, rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n")); goto done; } ret = EOK; done: if (ret != EOK) { talloc_free(rctx); } return ret; } int main(int argc, const char *argv[]) { int opt; poptContext pc; struct main_context *main_ctx; int ret; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_pam"; ret = server_setup("sssd[pam]", 0, CONFDB_PAM_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ DEBUG(2, ("Could not set up to exit when parent process does\n")); } ret = pam_process_init(main_ctx, main_ctx->event_ctx, main_ctx->confdb_ctx); if (ret != EOK) return 3; /* loop on main */ server_loop(main_ctx); return 0; } sssd-1.11.5/src/responder/pam/PaxHeaders.13173/pam_helpers.h0000644000000000000000000000007412320753107021570 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.442875107 sssd-1.11.5/src/responder/pam/pam_helpers.h0000664002412700241270000000241312320753107022012 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef PAM_HELPERS_H_ #define PAM_HELPERS_H_ errno_t pam_initgr_cache_set(struct tevent_context *ev, hash_table_t *id_table, char *name, long timeout); /* Returns EOK if the cache is still valid * Returns ENOENT if the user is not found or is expired * May report other errors if the hash lookup fails. */ errno_t pam_initgr_check_timeout(hash_table_t *id_table, char *name); #endif /* PAM_HELPERS_H_ */ sssd-1.11.5/src/responder/pam/PaxHeaders.13173/pam_LOCAL_domain.c0000644000000000000000000000007412320753107022302 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.767874867 sssd-1.11.5/src/responder/pam/pam_LOCAL_domain.c0000664002412700241270000002546212320753107022535 0ustar00jhrozekjhrozek00000000000000/* SSSD PAM e credentials Copyright (C) Sumit Bose 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include "util/util.h" #include "db/sysdb.h" #include "util/crypto/sss_crypto.h" #include "providers/data_provider.h" #include "responder/pam/pamsrv.h" #define NULL_CHECK_OR_JUMP(var, msg, ret, err, label) do { \ if (var == NULL) { \ DEBUG(1, (msg)); \ ret = (err); \ goto label; \ } \ } while(0) #define NEQ_CHECK_OR_JUMP(var, val, msg, ret, err, label) do { \ if (var != (val)) { \ DEBUG(1, (msg)); \ ret = (err); \ goto label; \ } \ } while(0) struct LOCAL_request { struct tevent_context *ev; struct sysdb_ctx *dbctx; struct sss_domain_info *domain; struct sysdb_attrs *mod_attrs; struct ldb_result *res; int error; struct pam_auth_req *preq; }; static void prepare_reply(struct LOCAL_request *lreq) { struct pam_data *pd; pd = lreq->preq->pd; if (lreq->error != EOK && pd->pam_status == PAM_SUCCESS) pd->pam_status = PAM_SYSTEM_ERR; lreq->preq->callback(lreq->preq); } static void do_successful_login(struct LOCAL_request *lreq) { int ret; lreq->mod_attrs = sysdb_new_attrs(lreq); NULL_CHECK_OR_JUMP(lreq->mod_attrs, ("sysdb_new_attrs failed.\n"), lreq->error, ENOMEM, done); ret = sysdb_attrs_add_long(lreq->mod_attrs, SYSDB_LAST_LOGIN, (long)time(NULL)); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); ret = sysdb_attrs_add_long(lreq->mod_attrs, SYSDB_FAILED_LOGIN_ATTEMPTS, 0L); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); ret = sysdb_set_user_attr(lreq->dbctx, lreq->domain, lreq->preq->pd->user, lreq->mod_attrs, SYSDB_MOD_REP); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"), lreq->error, ret, done); done: return; } static void do_failed_login(struct LOCAL_request *lreq) { int ret; int failedLoginAttempts; struct pam_data *pd; pd = lreq->preq->pd; pd->pam_status = PAM_AUTH_ERR; /* TODO: maybe add more inteligent delay calculation */ pd->response_delay = 3; lreq->mod_attrs = sysdb_new_attrs(lreq); NULL_CHECK_OR_JUMP(lreq->mod_attrs, ("sysdb_new_attrs failed.\n"), lreq->error, ENOMEM, done); ret = sysdb_attrs_add_long(lreq->mod_attrs, SYSDB_LAST_FAILED_LOGIN, (long)time(NULL)); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); failedLoginAttempts = ldb_msg_find_attr_as_int(lreq->res->msgs[0], SYSDB_FAILED_LOGIN_ATTEMPTS, 0); failedLoginAttempts++; ret = sysdb_attrs_add_long(lreq->mod_attrs, SYSDB_FAILED_LOGIN_ATTEMPTS, (long)failedLoginAttempts); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); ret = sysdb_set_user_attr(lreq->dbctx, lreq->domain, lreq->preq->pd->user, lreq->mod_attrs, SYSDB_MOD_REP); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"), lreq->error, ret, done); done: return; } static void do_pam_acct_mgmt(struct LOCAL_request *lreq) { const char *disabled; struct pam_data *pd; pd = lreq->preq->pd; disabled = ldb_msg_find_attr_as_string(lreq->res->msgs[0], SYSDB_DISABLED, NULL); if ((disabled != NULL) && (strncasecmp(disabled, "false",5) != 0) && (strncasecmp(disabled, "no",2) != 0) ) { pd->pam_status = PAM_PERM_DENIED; } } static void do_pam_chauthtok(struct LOCAL_request *lreq) { int ret; const char *password; char *salt; char *new_hash; struct pam_data *pd; pd = lreq->preq->pd; ret = sss_authtok_get_password(pd->newauthtok, &password, NULL); if (ret) { /* TODO: should we allow null passwords via a config option ? */ if (ret == ENOENT) { DEBUG(1, ("Empty passwords are not allowed!\n")); } lreq->error = EINVAL; goto done; } ret = s3crypt_gen_salt(lreq, &salt); NEQ_CHECK_OR_JUMP(ret, EOK, ("Salt generation failed.\n"), lreq->error, ret, done); DEBUG(4, ("Using salt [%s]\n", salt)); ret = s3crypt_sha512(lreq, password, salt, &new_hash); NEQ_CHECK_OR_JUMP(ret, EOK, ("Hash generation failed.\n"), lreq->error, ret, done); DEBUG(4, ("New hash [%s]\n", new_hash)); lreq->mod_attrs = sysdb_new_attrs(lreq); NULL_CHECK_OR_JUMP(lreq->mod_attrs, ("sysdb_new_attrs failed.\n"), lreq->error, ENOMEM, done); ret = sysdb_attrs_add_string(lreq->mod_attrs, SYSDB_PWD, new_hash); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_string failed.\n"), lreq->error, ret, done); ret = sysdb_attrs_add_long(lreq->mod_attrs, "lastPasswordChange", (long)time(NULL)); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_attrs_add_long failed.\n"), lreq->error, ret, done); ret = sysdb_set_user_attr(lreq->dbctx, lreq->domain, lreq->preq->pd->user, lreq->mod_attrs, SYSDB_MOD_REP); NEQ_CHECK_OR_JUMP(ret, EOK, ("sysdb_set_user_attr failed.\n"), lreq->error, ret, done); done: sss_authtok_set_empty(pd->newauthtok); } int LOCAL_pam_handler(struct pam_auth_req *preq) { struct LOCAL_request *lreq; static const char *attrs[] = {SYSDB_NAME, SYSDB_PWD, SYSDB_DISABLED, SYSDB_LAST_LOGIN, "lastPasswordChange", "accountExpires", SYSDB_FAILED_LOGIN_ATTEMPTS, "passwordHint", "passwordHistory", SYSDB_LAST_FAILED_LOGIN, NULL}; struct ldb_result *res; const char *username = NULL; const char *pwdhash = NULL; char *new_hash = NULL; const char *password; struct pam_data *pd = preq->pd; int ret; DEBUG(4, ("LOCAL pam handler.\n")); lreq = talloc_zero(preq, struct LOCAL_request); if (!lreq) { return ENOMEM; } lreq->dbctx = preq->domain->sysdb; if (lreq->dbctx == NULL) { DEBUG(0, ("Fatal: Sysdb CTX not found for this domain!\n")); talloc_free(lreq); return ENOENT; } lreq->domain = preq->domain; lreq->ev = preq->cctx->ev; lreq->preq = preq; pd->pam_status = PAM_SUCCESS; ret = sysdb_get_user_attr(lreq, lreq->dbctx, preq->domain, preq->pd->user, attrs, &res); if (ret != EOK) { DEBUG(1, ("sysdb_get_user_attr failed.\n")); talloc_free(lreq); return ret; } if (res->count < 1) { DEBUG(4, ("No user found with filter ["SYSDB_PWNAM_FILTER"]\n", pd->user, pd->user, pd->user)); pd->pam_status = PAM_USER_UNKNOWN; goto done; } else if (res->count > 1) { DEBUG(4, ("More than one object found with filter ["SYSDB_PWNAM_FILTER"]\n", pd->user, pd->user, pd->user)); lreq->error = EFAULT; goto done; } username = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); if (strcmp(username, pd->user) != 0) { DEBUG(1, ("Expected username [%s] get [%s].\n", pd->user, username)); lreq->error = EINVAL; goto done; } lreq->res = res; switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: case SSS_PAM_CHAUTHTOK: case SSS_PAM_CHAUTHTOK_PRELIM: if ((pd->cmd == SSS_PAM_CHAUTHTOK || pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) && lreq->preq->cctx->priv == 1) { /* TODO: maybe this is a candiate for an explicit audit message. */ DEBUG(4, ("allowing root to reset a password.\n")); break; } ret = sss_authtok_get_password(pd->authtok, &password, NULL); NEQ_CHECK_OR_JUMP(ret, EOK, ("Failed to get password.\n"), lreq->error, ret, done); pwdhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL); NULL_CHECK_OR_JUMP(pwdhash, ("No password stored.\n"), lreq->error, LDB_ERR_NO_SUCH_ATTRIBUTE, done); DEBUG(4, ("user: [%s], password hash: [%s]\n", username, pwdhash)); ret = s3crypt_sha512(lreq, password, pwdhash, &new_hash); NEQ_CHECK_OR_JUMP(ret, EOK, ("nss_sha512_crypt failed.\n"), lreq->error, ret, done); DEBUG(4, ("user: [%s], new hash: [%s]\n", username, new_hash)); if (strcmp(new_hash, pwdhash) != 0) { DEBUG(1, ("Passwords do not match.\n")); do_failed_login(lreq); goto done; } break; } switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: do_successful_login(lreq); break; case SSS_PAM_CHAUTHTOK: do_pam_chauthtok(lreq); break; case SSS_PAM_ACCT_MGMT: do_pam_acct_mgmt(lreq); break; case SSS_PAM_SETCRED: break; case SSS_PAM_OPEN_SESSION: break; case SSS_PAM_CLOSE_SESSION: break; case SSS_PAM_CHAUTHTOK_PRELIM: break; default: lreq->error = EINVAL; DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown PAM task [%d].\n", pd->cmd)); } done: sss_authtok_set_empty(pd->newauthtok); sss_authtok_set_empty(pd->authtok); prepare_reply(lreq); return EOK; } sssd-1.11.5/src/responder/pam/PaxHeaders.13173/pamsrv.h0000644000000000000000000000007412320753107020601 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.441875108 sssd-1.11.5/src/responder/pam/pamsrv.h0000664002412700241270000000322312320753107021023 0ustar00jhrozekjhrozek00000000000000/* Authors: Simo Sorce Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __PAMSRV_H__ #define __PAMSRV_H__ #include #include "util/util.h" #include "sbus/sssd_dbus.h" #include "responder/common/responder.h" struct pam_auth_req; typedef void (pam_dp_callback_t)(struct pam_auth_req *preq); struct pam_ctx { struct resp_ctx *rctx; struct sss_nc_ctx *ncache; int neg_timeout; time_t id_timeout; hash_table_t *id_table; }; struct pam_auth_dp_req { struct pam_auth_req *preq; }; struct pam_auth_req { struct cli_ctx *cctx; struct sss_domain_info *domain; struct pam_data *pd; pam_dp_callback_t *callback; struct ldb_result *res; bool check_provider; void *data; struct pam_auth_dp_req *dpreq_spy; }; struct sss_cmd_table *get_pam_cmds(void); int pam_dp_send_req(struct pam_auth_req *preq, int timeout); int LOCAL_pam_handler(struct pam_auth_req *preq); #endif /* __PAMSRV_H__ */ sssd-1.11.5/src/responder/pam/PaxHeaders.13173/pamsrv_dp.c0000644000000000000000000000007412320753107021257 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.770874865 sssd-1.11.5/src/responder/pam/pamsrv_dp.c0000664002412700241270000001135612320753107021507 0ustar00jhrozekjhrozek00000000000000/* SSSD NSS Responder - Data Provider Interfaces Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "util/util.h" #include "responder/common/responder_packet.h" #include "providers/data_provider.h" #include "sbus/sbus_client.h" #include "responder/pam/pamsrv.h" static void pam_dp_process_reply(DBusPendingCall *pending, void *ptr) { DBusError dbus_error; DBusMessage* msg; int ret; int type; struct pam_auth_req *preq = NULL; struct pam_auth_dp_req *pdp_req; pdp_req = talloc_get_type(ptr, struct pam_auth_dp_req); preq = pdp_req->preq; talloc_free(pdp_req); dbus_error_init(&dbus_error); msg = dbus_pending_call_steal_reply(pending); /* Check if the client still exists. If not, simply free all the resources * and quit */ if (preq == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("Client already disconnected\n")); dbus_pending_call_unref(pending); dbus_message_unref(msg); return; } /* Sanity-check of message validity */ if (msg == NULL) { DEBUG(0, ("Severe error. A reply callback was called but no reply was" "received and no timeout occurred\n")); preq->pd->pam_status = PAM_SYSTEM_ERR; goto done; } type = dbus_message_get_type(msg); switch (type) { case DBUS_MESSAGE_TYPE_METHOD_RETURN: ret = dp_unpack_pam_response(msg, preq->pd, &dbus_error); if (!ret) { DEBUG(0, ("Failed to parse reply.\n")); preq->pd->pam_status = PAM_SYSTEM_ERR; goto done; } DEBUG(4, ("received: [%d][%s]\n", preq->pd->pam_status, preq->pd->domain)); break; case DBUS_MESSAGE_TYPE_ERROR: DEBUG(0, ("Reply error.\n")); preq->pd->pam_status = PAM_SYSTEM_ERR; break; default: DEBUG(0, ("Default... what now?.\n")); preq->pd->pam_status = PAM_SYSTEM_ERR; } done: dbus_pending_call_unref(pending); dbus_message_unref(msg); preq->callback(preq); } static int pdp_req_destructor(struct pam_auth_dp_req *pdp_req) { if (pdp_req && pdp_req->preq) { /* If there is still a client waiting, reset the * spy */ pdp_req->preq->dpreq_spy = NULL; } return 0; } int pam_dp_send_req(struct pam_auth_req *preq, int timeout) { struct pam_data *pd = preq->pd; struct be_conn *be_conn; DBusMessage *msg; dbus_bool_t ret; int res; struct pam_auth_dp_req *pdp_req; /* double check dp_ctx has actually been initialized. * in some pathological cases it may happen that nss starts up before * dp connection code is actually able to establish a connection. */ res = sss_dp_get_domain_conn(preq->cctx->rctx, preq->domain->conn_name, &be_conn); if (res != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("The Data Provider connection for %s is not available!" " This maybe a bug, it shouldn't happen!\n", preq->domain->conn_name)); return EIO; } msg = dbus_message_new_method_call(NULL, DP_PATH, DP_INTERFACE, DP_METHOD_PAMHANDLER); if (msg == NULL) { DEBUG(0,("Out of memory?!\n")); return ENOMEM; } DEBUG(4, ("Sending request with the following data:\n")); DEBUG_PAM_DATA(4, pd); ret = dp_pack_pam_request(msg, pd); if (!ret) { DEBUG(1,("Failed to build message\n")); return EIO; } pdp_req = talloc(preq->cctx->rctx, struct pam_auth_dp_req); if (pdp_req == NULL) { return ENOMEM; } pdp_req->preq = preq; preq->dpreq_spy = pdp_req; talloc_set_destructor(pdp_req, pdp_req_destructor); res = sbus_conn_send(be_conn->conn, msg, timeout, pam_dp_process_reply, pdp_req, NULL); dbus_message_unref(msg); return res; } sssd-1.11.5/src/responder/PaxHeaders.13173/ssh0000644000000000000000000000013212320753521017056 xustar000000000000000030 mtime=1396954961.774874862 30 atime=1396955003.534843847 30 ctime=1396954961.774874862 sssd-1.11.5/src/responder/ssh/0000775002412700241270000000000012320753521017362 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/responder/ssh/PaxHeaders.13173/sshsrv_cmd.c0000644000000000000000000000007412320753107021457 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.774874862 sssd-1.11.5/src/responder/ssh/sshsrv_cmd.c0000664002412700241270000006442312320753107021712 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include #include #include #include "util/util.h" #include "util/crypto/sss_crypto.h" #include "util/sss_ssh.h" #include "db/sysdb.h" #include "db/sysdb_ssh.h" #include "providers/data_provider.h" #include "responder/common/responder.h" #include "responder/common/responder_packet.h" #include "responder/ssh/sshsrv_private.h" static errno_t ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx); static errno_t ssh_user_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx); static errno_t ssh_cmd_get_user_pubkeys_done(struct ssh_cmd_ctx *cmd_ctx, errno_t ret); int sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx) { errno_t ret; struct ssh_cmd_ctx *cmd_ctx; cmd_ctx = talloc_zero(cctx, struct ssh_cmd_ctx); if (!cmd_ctx) { return ENOMEM; } cmd_ctx->cctx = cctx; cmd_ctx->is_user = true; ret = ssh_cmd_parse_request(cmd_ctx); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Requesting SSH user public keys for [%s] from [%s]\n", cmd_ctx->name, cmd_ctx->domname ? cmd_ctx->domname : "")); if (strcmp(cmd_ctx->name, "root") == 0) { ret = ENOENT; goto done; } if (cmd_ctx->domname) { cmd_ctx->domain = responder_get_domain(cctx->rctx, cmd_ctx->domname); if (!cmd_ctx->domain) { ret = ENOENT; goto done; } } else { cmd_ctx->domain = cctx->rctx->domains; cmd_ctx->check_next = true; } ret = ssh_user_pubkeys_search(cmd_ctx); done: return ssh_cmd_get_user_pubkeys_done(cmd_ctx, ret); } static errno_t ssh_host_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx); static errno_t ssh_cmd_get_host_pubkeys_done(struct ssh_cmd_ctx *cmd_ctx, errno_t ret); static int sss_ssh_cmd_get_host_pubkeys(struct cli_ctx *cctx) { errno_t ret; struct ssh_cmd_ctx *cmd_ctx; cmd_ctx = talloc_zero(cctx, struct ssh_cmd_ctx); if (!cmd_ctx) { return ENOMEM; } cmd_ctx->cctx = cctx; cmd_ctx->is_user = false; ret = ssh_cmd_parse_request(cmd_ctx); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Requesting SSH host public keys for [%s][%s] from [%s]\n", cmd_ctx->name, cmd_ctx->alias ? cmd_ctx->alias : "", cmd_ctx->domname ? cmd_ctx->domname : "")); if (cmd_ctx->domname) { cmd_ctx->domain = responder_get_domain(cctx->rctx, cmd_ctx->domname); if (!cmd_ctx->domain) { ret = ENOENT; goto done; } } else { cmd_ctx->domain = cctx->rctx->domains; cmd_ctx->check_next = true; } ret = ssh_host_pubkeys_search(cmd_ctx); done: return ssh_cmd_get_host_pubkeys_done(cmd_ctx, ret); } static void ssh_dp_send_req_done(struct tevent_req *req) { struct dp_callback_ctx *cb_ctx = tevent_req_callback_data(req, struct dp_callback_ctx); errno_t ret; dbus_uint16_t err_maj; dbus_uint32_t err_min; char *err_msg; ret = sss_dp_get_ssh_host_recv(cb_ctx->mem_ctx, req, &err_maj, &err_min, &err_msg); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Fatal error, killing connection!\n")); talloc_free(cb_ctx->cctx); return; } cb_ctx->callback(err_maj, err_min, err_msg, cb_ctx->ptr); } static errno_t ssh_user_pubkeys_search_next(struct ssh_cmd_ctx *cmd_ctx); static void ssh_user_pubkeys_search_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr); static errno_t ssh_user_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx) { struct tevent_req *req; struct dp_callback_ctx *cb_ctx; /* if it is a domainless search, skip domains that require fully * qualified names instead */ while (cmd_ctx->domain && cmd_ctx->check_next && cmd_ctx->domain->fqnames) { cmd_ctx->domain = get_next_domain(cmd_ctx->domain, false); } if (!cmd_ctx->domain) { DEBUG(SSSDBG_OP_FAILURE, ("No matching domain found for [%s], fail!\n", cmd_ctx->name)); return ENOENT; } /* refresh the user's cache entry */ if (NEED_CHECK_PROVIDER(cmd_ctx->domain->provider)) { req = sss_dp_get_account_send(cmd_ctx, cmd_ctx->cctx->rctx, cmd_ctx->domain, false, SSS_DP_USER, cmd_ctx->name, 0, NULL); if (!req) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory sending data provider request\n")); return ENOMEM; } cb_ctx = talloc_zero(cmd_ctx, struct dp_callback_ctx); if (!cb_ctx) { talloc_zfree(req); return ENOMEM; } cb_ctx->callback = ssh_user_pubkeys_search_dp_callback; cb_ctx->ptr = cmd_ctx; cb_ctx->cctx = cmd_ctx->cctx; cb_ctx->mem_ctx = cmd_ctx; tevent_req_set_callback(req, ssh_dp_send_req_done, cb_ctx); /* tell caller we are in an async call */ return EAGAIN; } return ssh_user_pubkeys_search_next(cmd_ctx); } static errno_t ssh_user_pubkeys_search_next(struct ssh_cmd_ctx *cmd_ctx) { errno_t ret; struct sysdb_ctx *sysdb; const char *attrs[] = { SYSDB_NAME, SYSDB_SSH_PUBKEY, NULL }; struct ldb_result *res; DEBUG(SSSDBG_TRACE_FUNC, ("Requesting SSH user public keys for [%s@%s]\n", cmd_ctx->name, cmd_ctx->domain->name)); sysdb = cmd_ctx->domain->sysdb; if (sysdb == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Fatal: Sysdb CTX not found for this domain!\n")); return EFAULT; } ret = sysdb_get_user_attr(cmd_ctx, sysdb, cmd_ctx->domain, cmd_ctx->name, attrs, &res); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to make request to our cache!\n")); return EIO; } if (res->count > 1) { DEBUG(SSSDBG_FATAL_FAILURE, ("User search by name (%s) returned > 1 results!\n", cmd_ctx->name)); return EINVAL; } if (!res->count) { /* if a multidomain search, try with next */ if (cmd_ctx->check_next) { cmd_ctx->domain = get_next_domain(cmd_ctx->domain, false); return ssh_user_pubkeys_search(cmd_ctx); } DEBUG(SSSDBG_OP_FAILURE, ("No attributes for user [%s] found.\n", cmd_ctx->name)); return ENOENT; } cmd_ctx->result = res->msgs[0]; /* one result found */ return EOK; } static void ssh_user_pubkeys_search_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr) { struct ssh_cmd_ctx *cmd_ctx = talloc_get_type(ptr, struct ssh_cmd_ctx); errno_t ret; if (err_maj) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to get information from Data Provider\n" "Error: %u, %u, %s\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } ret = ssh_user_pubkeys_search_next(cmd_ctx); ssh_cmd_get_user_pubkeys_done(cmd_ctx, ret); } static errno_t ssh_host_pubkeys_search_next(struct ssh_cmd_ctx *cmd_ctx); static void ssh_host_pubkeys_search_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr); static errno_t ssh_host_pubkeys_search(struct ssh_cmd_ctx *cmd_ctx) { struct tevent_req *req; struct dp_callback_ctx *cb_ctx; if (!cmd_ctx->domain) { DEBUG(SSSDBG_OP_FAILURE, ("No matching domain found for [%s], fail!\n", cmd_ctx->name)); return ENOENT; } /* refresh the host's cache entry */ if (NEED_CHECK_PROVIDER(cmd_ctx->domain->provider)) { req = sss_dp_get_ssh_host_send(cmd_ctx, cmd_ctx->cctx->rctx, cmd_ctx->domain, false, cmd_ctx->name, cmd_ctx->alias); if (!req) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory sending data provider request\n")); return ENOMEM; } cb_ctx = talloc_zero(cmd_ctx, struct dp_callback_ctx); if (!cb_ctx) { talloc_zfree(req); return ENOMEM; } cb_ctx->callback = ssh_host_pubkeys_search_dp_callback; cb_ctx->ptr = cmd_ctx; cb_ctx->cctx = cmd_ctx->cctx; cb_ctx->mem_ctx = cmd_ctx; tevent_req_set_callback(req, ssh_dp_send_req_done, cb_ctx); /* tell caller we are in an async call */ return EAGAIN; } return ssh_host_pubkeys_search_next(cmd_ctx); } static errno_t ssh_host_pubkeys_search_next(struct ssh_cmd_ctx *cmd_ctx) { errno_t ret; struct sysdb_ctx *sysdb; const char *attrs[] = { SYSDB_NAME, SYSDB_SSH_PUBKEY, NULL }; DEBUG(SSSDBG_TRACE_FUNC, ("Requesting SSH host public keys for [%s@%s]\n", cmd_ctx->name, cmd_ctx->domain->name)); sysdb = cmd_ctx->domain->sysdb; if (sysdb == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Fatal: Sysdb CTX not found for this domain!\n")); return EFAULT; } ret = sysdb_get_ssh_host(cmd_ctx, sysdb, cmd_ctx->domain, cmd_ctx->name, attrs, &cmd_ctx->result); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to make request to our cache!\n")); return EIO; } if (ret == ENOENT) { /* if a multidomain search, try with next */ if (cmd_ctx->check_next) { cmd_ctx->domain = get_next_domain(cmd_ctx->domain, false); return ssh_host_pubkeys_search(cmd_ctx); } DEBUG(SSSDBG_OP_FAILURE, ("No attributes for host [%s] found.\n", cmd_ctx->name)); return ENOENT; } return EOK; } static void ssh_host_pubkeys_search_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr) { struct ssh_cmd_ctx *cmd_ctx = talloc_get_type(ptr, struct ssh_cmd_ctx); errno_t ret; if (err_maj) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to get information from Data Provider\n" "Error: %u, %u, %s\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } ret = ssh_host_pubkeys_search_next(cmd_ctx); ssh_cmd_get_host_pubkeys_done(cmd_ctx, ret); } static char * ssh_host_pubkeys_format_known_host_plain(TALLOC_CTX *mem_ctx, struct sss_ssh_ent *ent) { TALLOC_CTX *tmp_ctx; errno_t ret; char *name, *pubkey; char *result = NULL; size_t i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return NULL; } name = talloc_strdup(tmp_ctx, ent->name); if (!name) { goto done; } for (i = 0; i < ent->num_aliases; i++) { name = talloc_asprintf_append(name, ",%s", ent->aliases[i]); if (!name) { goto done; } } result = talloc_strdup(tmp_ctx, ""); if (!result) { goto done; } for (i = 0; i < ent->num_pubkeys; i++) { ret = sss_ssh_format_pubkey(tmp_ctx, &ent->pubkeys[i], &pubkey); if (ret != EOK) { result = NULL; goto done; } result = talloc_asprintf_append(result, "%s %s\n", name, pubkey); if (!result) { goto done; } talloc_free(pubkey); } talloc_steal(mem_ctx, result); done: talloc_free(tmp_ctx); return result; } static char * ssh_host_pubkeys_format_known_host_hashed(TALLOC_CTX *mem_ctx, struct sss_ssh_ent *ent) { TALLOC_CTX *tmp_ctx; errno_t ret; char *name, *pubkey, *saltstr, *hashstr, *result; unsigned char salt[SSS_SHA1_LENGTH], hash[SSS_SHA1_LENGTH]; size_t i, j, k; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return NULL; } result = talloc_strdup(tmp_ctx, ""); if (!result) { goto done; } for (i = 0; i < ent->num_pubkeys; i++) { ret = sss_ssh_format_pubkey(tmp_ctx, &ent->pubkeys[i], &pubkey); if (ret != EOK) { result = NULL; goto done; } for (j = 0; j <= ent->num_aliases; j++) { name = (j == 0 ? ent->name : ent->aliases[j-1]); for (k = 0; k < SSS_SHA1_LENGTH; k++) { salt[k] = rand(); } ret = sss_hmac_sha1(salt, SSS_SHA1_LENGTH, (unsigned char *)name, strlen(name), hash); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sss_hmac_sha1() failed (%d): %s\n", ret, strerror(ret))); result = NULL; goto done; } saltstr = sss_base64_encode(tmp_ctx, salt, SSS_SHA1_LENGTH); if (!saltstr) { result = NULL; goto done; } hashstr = sss_base64_encode(tmp_ctx, hash, SSS_SHA1_LENGTH); if (!hashstr) { result = NULL; goto done; } result = talloc_asprintf_append(result, "|1|%s|%s %s\n", saltstr, hashstr, pubkey); if (!result) { goto done; } talloc_free(saltstr); talloc_free(hashstr); } talloc_free(pubkey); } talloc_steal(mem_ctx, result); done: talloc_free(tmp_ctx); return result; } static errno_t ssh_host_pubkeys_update_known_hosts(struct ssh_cmd_ctx *cmd_ctx) { TALLOC_CTX *tmp_ctx; errno_t ret; const char *attrs[] = { SYSDB_NAME, SYSDB_NAME_ALIAS, SYSDB_SSH_PUBKEY, NULL }; struct cli_ctx *cctx = cmd_ctx->cctx; struct sss_domain_info *dom = cctx->rctx->domains; struct ssh_ctx *ssh_ctx = (struct ssh_ctx *)cctx->rctx->pvt_ctx; struct sysdb_ctx *sysdb; time_t now = time(NULL); struct ldb_message **hosts; size_t num_hosts, i; struct sss_ssh_ent *ent; int fd = -1; char *filename = NULL; char *entstr; ssize_t wret; mode_t old_mask; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } if (cmd_ctx->domain) { ret = sysdb_update_ssh_known_host_expire(cmd_ctx->domain->sysdb, cmd_ctx->domain, cmd_ctx->name, now, ssh_ctx->known_hosts_timeout); if (ret != EOK && ret != ENOENT) { goto done; } } /* write known_hosts file */ filename = talloc_strdup(tmp_ctx, SSS_SSH_KNOWN_HOSTS_TEMP_TMPL); if (!filename) { ret = ENOMEM; goto done; } old_mask = umask(0133); fd = mkstemp(filename); umask(old_mask); if (fd == -1) { filename = NULL; ret = errno; goto done; } for (; dom; dom = get_next_domain(dom, false)) { sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Fatal: Sysdb CTX not found for this domain!\n")); ret = EFAULT; goto done; } ret = sysdb_get_ssh_known_hosts(tmp_ctx, sysdb, dom, now, attrs, &hosts, &num_hosts); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("Host search failed for domain [%s]\n", dom->name)); } continue; } for (i = 0; i < num_hosts; i++) { ret = sss_ssh_make_ent(tmp_ctx, hosts[i], &ent); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get SSH host public keys\n")); continue; } if (ssh_ctx->hash_known_hosts) { entstr = ssh_host_pubkeys_format_known_host_hashed(ent, ent); } else { entstr = ssh_host_pubkeys_format_known_host_plain(ent, ent); } if (!entstr) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to format known_hosts data for [%s]\n", ent->name)); continue; } wret = sss_atomic_write_s(fd, entstr, strlen(entstr)); if (wret == -1) { ret = errno; goto done; } talloc_free(ent); } talloc_free(hosts); } ret = fchmod(fd, 0644); if (ret == -1) { ret = errno; goto done; } ret = rename(filename, SSS_SSH_KNOWN_HOSTS_PATH); if (ret == -1) { ret = errno; goto done; } ret = EOK; done: if (fd != -1) close(fd); if (ret != EOK && filename) unlink(filename); talloc_free(tmp_ctx); return ret; } static errno_t ssh_cmd_parse_request(struct ssh_cmd_ctx *cmd_ctx) { struct cli_ctx *cctx = cmd_ctx->cctx; struct ssh_ctx *ssh_ctx = talloc_get_type(cctx->rctx->pvt_ctx, struct ssh_ctx); errno_t ret; uint8_t *body; size_t body_len; size_t c = 0; uint32_t flags; uint32_t name_len; char *name; uint32_t alias_len; char *alias = NULL; uint32_t domain_len; char *domain = cctx->rctx->default_domain; sss_packet_get_body(cctx->creq->in, &body, &body_len); SAFEALIGN_COPY_UINT32_CHECK(&flags, body+c, body_len, &c); if (flags & ~(uint32_t)SSS_SSH_REQ_MASK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid flags received [0x%x]\n", flags)); return EINVAL; } SAFEALIGN_COPY_UINT32_CHECK(&name_len, body+c, body_len, &c); if (name_len == 0 || name_len > body_len - c) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid name length\n")); return EINVAL; } name = (char *)(body+c); if (!sss_utf8_check((const uint8_t *)name, name_len-1) || name[name_len-1] != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Name is not valid UTF-8 string\n")); return EINVAL; } c += name_len; if (flags & SSS_SSH_REQ_ALIAS) { SAFEALIGN_COPY_UINT32_CHECK(&alias_len, body+c, body_len, &c); if (alias_len == 0 || alias_len > body_len - c) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid alias length\n")); return EINVAL; } alias = (char *)(body+c); if (!sss_utf8_check((const uint8_t *)alias, alias_len-1) || alias[alias_len-1] != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Alias is not valid UTF-8 string\n")); return EINVAL; } c += alias_len; } if (flags & SSS_SSH_REQ_DOMAIN) { SAFEALIGN_COPY_UINT32_CHECK(&domain_len, body+c, body_len, &c); if (domain_len > 0) { if (domain_len > body_len - c) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid domain length\n")); return EINVAL; } domain = (char *)(body+c); if (!sss_utf8_check((const uint8_t *)domain, domain_len-1) || domain[domain_len-1] != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Domain is not valid UTF-8 string\n")); return EINVAL; } c += domain_len; } DEBUG(SSSDBG_TRACE_FUNC, ("Requested domain [%s]\n", domain ? domain : "")); } else { DEBUG(SSSDBG_TRACE_FUNC, ("Splitting domain from name [%s]\n", name)); ret = sss_parse_name(cmd_ctx, ssh_ctx->snctx, name, &cmd_ctx->domname, &cmd_ctx->name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Invalid name received [%s]\n", name)); return ENOENT; } name = cmd_ctx->name; } if (cmd_ctx->is_user && cmd_ctx->domname == NULL) { DEBUG(SSSDBG_TRACE_FUNC, ("Parsing name [%s][%s]\n", name, domain ? domain : "")); ret = sss_parse_name_for_domains(cmd_ctx, cctx->rctx->domains, domain, name, &cmd_ctx->domname, &cmd_ctx->name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Invalid name received [%s]\n", name)); return ENOENT; } } else { if (cmd_ctx->name == NULL) { cmd_ctx->name = talloc_strdup(cmd_ctx, name); if (!cmd_ctx->name) return ENOMEM; } if (cmd_ctx->domname == NULL && domain != NULL) { cmd_ctx->domname = talloc_strdup(cmd_ctx, domain); if (!cmd_ctx->domname) return ENOMEM; } } if (alias != NULL && strcmp(cmd_ctx->name, alias) != 0) { cmd_ctx->alias = talloc_strdup(cmd_ctx, alias); if (!cmd_ctx->alias) return ENOMEM; } return EOK; } static errno_t ssh_cmd_build_reply(struct ssh_cmd_ctx *cmd_ctx) { struct cli_ctx *cctx = cmd_ctx->cctx; errno_t ret; uint8_t *body; size_t body_len; size_t c = 0; unsigned int i; struct ldb_message_element *el; uint32_t count = 0; const char *name; char *fqname; uint32_t fqname_len; uint8_t *key; size_t key_len; ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return ret; } el = ldb_msg_find_element(cmd_ctx->result, SYSDB_SSH_PUBKEY); if (el) { count = el->num_values; } ret = sss_packet_grow(cctx->creq->out, 2*sizeof(uint32_t)); if (ret != EOK) { return ret; } sss_packet_get_body(cctx->creq->out, &body, &body_len); SAFEALIGN_SET_UINT32(body+c, count, &c); SAFEALIGN_SET_UINT32(body+c, 0, &c); if (!el) { return EOK; } name = ldb_msg_find_attr_as_string(cmd_ctx->result, SYSDB_NAME, NULL); if (!name) { DEBUG(SSSDBG_OP_FAILURE, ("Got unnamed result for [%s@%s]\n", cmd_ctx->name, cmd_ctx->domain->name)); return ENOENT; } fqname = talloc_asprintf(cmd_ctx, "%s@%s", name, cmd_ctx->domain->name); if (!fqname) { return ENOMEM; } fqname_len = strlen(fqname)+1; for (i = 0; i < el->num_values; i++) { key = sss_base64_decode(cmd_ctx, (const char *)el->values[i].data, &key_len); if (!key) { return ENOMEM; } ret = sss_packet_grow(cctx->creq->out, 3*sizeof(uint32_t) + key_len + fqname_len); if (ret != EOK) { talloc_free(key); return ret; } sss_packet_get_body(cctx->creq->out, &body, &body_len); SAFEALIGN_SET_UINT32(body+c, 0, &c); SAFEALIGN_SET_UINT32(body+c, fqname_len, &c); safealign_memcpy(body+c, fqname, fqname_len, &c); SAFEALIGN_SET_UINT32(body+c, key_len, &c); safealign_memcpy(body+c, key, key_len, &c); talloc_free(key); count++; } return EOK; } static errno_t ssh_cmd_send_error(struct ssh_cmd_ctx *cmd_ctx, errno_t error) { struct cli_ctx *cctx = cmd_ctx->cctx; errno_t ret; ret = sss_cmd_send_error(cctx, error); if (ret != EOK) { return ret; } sss_cmd_done(cctx, cmd_ctx); return EOK; } static errno_t ssh_cmd_send_reply(struct ssh_cmd_ctx *cmd_ctx) { struct cli_ctx *cctx = cmd_ctx->cctx; errno_t ret; /* create response packet */ ret = ssh_cmd_build_reply(cmd_ctx); if (ret != EOK) { return ret; } sss_packet_set_error(cctx->creq->out, EOK); sss_cmd_done(cctx, cmd_ctx); return EOK; } static errno_t ssh_cmd_done(struct ssh_cmd_ctx *cmd_ctx, errno_t ret) { switch (ret) { case EOK: ret = ssh_cmd_send_reply(cmd_ctx); break; case EAGAIN: return EOK; case EFAULT: break; default: ret = ssh_cmd_send_error(cmd_ctx, ret); break; } if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Fatal error, killing connection!\n")); talloc_free(cmd_ctx->cctx); return EFAULT; } return EOK; } static errno_t ssh_cmd_get_user_pubkeys_done(struct ssh_cmd_ctx *cmd_ctx, errno_t ret) { return ssh_cmd_done(cmd_ctx, ret); } static errno_t ssh_cmd_get_host_pubkeys_done(struct ssh_cmd_ctx *cmd_ctx, errno_t ret) { if (ret == EOK || ret == ENOENT) { ssh_host_pubkeys_update_known_hosts(cmd_ctx); } return ssh_cmd_done(cmd_ctx, ret); } struct cli_protocol_version *register_cli_protocol_version(void) { static struct cli_protocol_version ssh_cli_protocol_version[] = { {0, NULL, NULL} }; return ssh_cli_protocol_version; } struct sss_cmd_table *get_ssh_cmds(void) { static struct sss_cmd_table ssh_cmds[] = { {SSS_GET_VERSION, sss_cmd_get_version}, {SSS_SSH_GET_USER_PUBKEYS, sss_ssh_cmd_get_user_pubkeys}, {SSS_SSH_GET_HOST_PUBKEYS, sss_ssh_cmd_get_host_pubkeys}, {SSS_CLI_NULL, NULL} }; return ssh_cmds; } sssd-1.11.5/src/responder/ssh/PaxHeaders.13173/sshsrv_dp.c0000644000000000000000000000007412320753107021317 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.773874863 sssd-1.11.5/src/responder/ssh/sshsrv_dp.c0000664002412700241270000001062512320753107021545 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "sbus/sssd_dbus.h" #include "util/util.h" #include "sbus/sbus_client.h" #include "providers/data_provider.h" #include "responder/common/responder.h" struct sss_dp_get_ssh_host_info { struct sss_domain_info *dom; bool fast_reply; const char *name; const char *alias; }; static DBusMessage * sss_dp_get_ssh_host_msg(void *pvt); struct tevent_req * sss_dp_get_ssh_host_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_domain_info *dom, bool fast_reply, const char *name, const char *alias) { errno_t ret; struct tevent_req *req; struct sss_dp_get_ssh_host_info *info; struct sss_dp_req_state *state; char *key; req = tevent_req_create(mem_ctx, &state, struct sss_dp_req_state); if (!req) { ret = ENOMEM; goto error; } if (!dom) { ret = EINVAL; goto error; } info = talloc_zero(state, struct sss_dp_get_ssh_host_info); info->fast_reply = fast_reply; info->name = name; info->alias = alias; info->dom = dom; if (alias) { key = talloc_asprintf(state, "%s:%s@%s", name, alias, dom->name); } else { key = talloc_asprintf(state, "%s@%s", name, dom->name); } if (!key) { ret = ENOMEM; goto error; } ret = sss_dp_issue_request(state, rctx, key, dom, sss_dp_get_ssh_host_msg, info, req); talloc_free(key); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not issue DP request [%d]: %s\n", ret, strerror(ret))); goto error; } return req; error: tevent_req_error(req, ret); tevent_req_post(req, rctx->ev); return req; } static DBusMessage * sss_dp_get_ssh_host_msg(void *pvt) { DBusMessage *msg; dbus_bool_t dbret; struct sss_dp_get_ssh_host_info *info; uint32_t be_type = 0; char *filter; info = talloc_get_type(pvt, struct sss_dp_get_ssh_host_info); if (info->fast_reply) { be_type |= BE_REQ_FAST; } if (info->alias) { filter = talloc_asprintf(info, "name=%s:%s", info->name, info->alias); } else { filter = talloc_asprintf(info, "name=%s", info->name); } if (!filter) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory?!\n")); return NULL; } msg = dbus_message_new_method_call(NULL, DP_PATH, DP_INTERFACE, DP_METHOD_HOSTHANDLER); if (msg == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory?!\n")); talloc_free(filter); return NULL; } /* create the message */ DEBUG(SSSDBG_TRACE_FUNC, ("Creating SSH host request for [%s][%u][%s]\n", info->dom->name, be_type, filter)); dbret = dbus_message_append_args(msg, DBUS_TYPE_UINT32, &be_type, DBUS_TYPE_STRING, &filter, DBUS_TYPE_INVALID); talloc_free(filter); if (!dbret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build message\n")); dbus_message_unref(msg); return NULL; } return msg; } errno_t sss_dp_get_ssh_host_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, dbus_uint16_t *dp_err, dbus_uint32_t *dp_ret, char **err_msg) { return sss_dp_req_recv(mem_ctx, req, dp_err, dp_ret, err_msg); } sssd-1.11.5/src/responder/ssh/PaxHeaders.13173/sshsrv.c0000644000000000000000000000007412320753107020634 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.772874863 sssd-1.11.5/src/responder/ssh/sshsrv.c0000664002412700241270000001612012320753107021056 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "confdb/confdb.h" #include "monitor/monitor_interfaces.h" #include "responder/common/responder.h" #include "responder/common/responder_sbus.h" #include "responder/ssh/sshsrv_private.h" #include "providers/data_provider.h" struct sbus_method monitor_ssh_methods[] = { { MON_CLI_METHOD_PING, monitor_common_pong }, { MON_CLI_METHOD_RES_INIT, monitor_common_res_init }, { MON_CLI_METHOD_ROTATE, responder_logrotate }, { NULL, NULL } }; struct sbus_interface monitor_ssh_interface = { MONITOR_INTERFACE, MONITOR_PATH, SBUS_DEFAULT_VTABLE, monitor_ssh_methods, NULL }; static struct sbus_method ssh_dp_methods[] = { { NULL, NULL } }; struct sbus_interface ssh_dp_interface = { DP_INTERFACE, DP_PATH, SBUS_DEFAULT_VTABLE, ssh_dp_methods, NULL }; static void ssh_dp_reconnect_init(struct sbus_connection *conn, int status, void *pvt) { struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn); int ret; /* Did we reconnect successfully? */ if (status == SBUS_RECONNECT_SUCCESS) { DEBUG(SSSDBG_TRACE_FUNC, ("Reconnected to the Data Provider.\n")); /* Identify ourselves to the data provider */ ret = dp_common_send_id(be_conn->conn, DATA_PROVIDER_VERSION, "SSH"); /* all fine */ if (ret == EOK) { handle_requests_after_reconnect(be_conn->rctx); return; } } /* Failed to reconnect */ DEBUG(SSSDBG_FATAL_FAILURE, ("Could not reconnect to %s provider.\n", be_conn->domain->name)); } int ssh_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct resp_ctx *rctx; struct sss_cmd_table *ssh_cmds; struct ssh_ctx *ssh_ctx; struct be_conn *iter; int ret; int max_retries; ssh_cmds = get_ssh_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, ssh_cmds, SSS_SSH_SOCKET_NAME, NULL, CONFDB_SSH_CONF_ENTRY, SSS_SSH_SBUS_SERVICE_NAME, SSS_SSH_SBUS_SERVICE_VERSION, &monitor_ssh_interface, "SSH", &ssh_dp_interface, &rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("sss_process_init() failed\n")); return ret; } ssh_ctx = talloc_zero(rctx, struct ssh_ctx); if (!ssh_ctx) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing ssh_ctx\n")); ret = ENOMEM; goto fail; } ssh_ctx->rctx = rctx; ssh_ctx->rctx->pvt_ctx = ssh_ctx; ret = sss_names_init_from_args(ssh_ctx, "(?P[^@]+)@?(?P[^@]*$)", "%1$s@%2$s", &ssh_ctx->snctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing regex data\n")); goto fail; } /* Enable automatic reconnection to the Data Provider */ ret = confdb_get_int(ssh_ctx->rctx->cdb, CONFDB_SSH_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to set up automatic reconnection\n")); goto fail; } for (iter = ssh_ctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, ssh_dp_reconnect_init, iter); } /* Get responder options */ /* Get ssh_hash_known_hosts option */ ret = confdb_get_bool(ssh_ctx->rctx->cdb, CONFDB_SSH_CONF_ENTRY, CONFDB_SSH_HASH_KNOWN_HOSTS, CONFDB_DEFAULT_SSH_HASH_KNOWN_HOSTS, &ssh_ctx->hash_known_hosts); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) [%s]\n", ret, strerror(ret))); goto fail; } /* Get ssh_known_hosts_timeout option */ ret = confdb_get_int(ssh_ctx->rctx->cdb, CONFDB_SSH_CONF_ENTRY, CONFDB_SSH_KNOWN_HOSTS_TIMEOUT, CONFDB_DEFAULT_SSH_KNOWN_HOSTS_TIMEOUT, &ssh_ctx->known_hosts_timeout); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) [%s]\n", ret, strerror(ret))); goto fail; } ret = schedule_get_domains_task(rctx, rctx->ev, rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n")); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, ("SSH Initialization complete\n")); return EOK; fail: talloc_free(rctx); return ret; } int main(int argc, const char *argv[]) { int opt; poptContext pc; struct main_context *main_ctx; int ret; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_ssh"; ret = server_setup("sssd[ssh]", 0, CONFDB_SSH_CONF_ENTRY, &main_ctx); if (ret != EOK) { return 2; } ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ DEBUG(SSSDBG_OP_FAILURE, ("Could not set up to exit " "when parent process does\n")); } ret = ssh_process_init(main_ctx, main_ctx->event_ctx, main_ctx->confdb_ctx); if (ret != EOK) { return 3; } /* loop on main */ server_loop(main_ctx); return 0; } sssd-1.11.5/src/responder/ssh/PaxHeaders.13173/sshsrv_private.h0000644000000000000000000000007412320753107022373 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.450875101 sssd-1.11.5/src/responder/ssh/sshsrv_private.h0000664002412700241270000000363012320753107022617 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Cholasta Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SSHSRV_PRIVATE_H_ #define _SSHSRV_PRIVATE_H_ #include "responder/common/responder.h" #define SSS_SSH_KNOWN_HOSTS_PATH PUBCONF_PATH"/known_hosts" #define SSS_SSH_KNOWN_HOSTS_TEMP_TMPL PUBCONF_PATH"/.known_hosts.XXXXXX" struct ssh_ctx { struct resp_ctx *rctx; struct sss_names_ctx *snctx; bool hash_known_hosts; int known_hosts_timeout; }; struct ssh_cmd_ctx { struct cli_ctx *cctx; char *name; char *alias; char *domname; bool is_user; struct sss_domain_info *domain; bool check_next; struct ldb_message *result; }; struct sss_cmd_table *get_ssh_cmds(void); struct tevent_req * sss_dp_get_ssh_host_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_domain_info *dom, bool fast_reply, const char *name, const char *alias); errno_t sss_dp_get_ssh_host_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, dbus_uint16_t *dp_err, dbus_uint32_t *dp_ret, char **err_msg); #endif /* _SSHSRV_PRIVATE_H_ */ sssd-1.11.5/src/responder/PaxHeaders.13173/autofs0000644000000000000000000000013212320753521017562 xustar000000000000000030 mtime=1396954961.761874872 30 atime=1396955003.534843847 30 ctime=1396954961.761874872 sssd-1.11.5/src/responder/autofs/0000775002412700241270000000000012320753521020066 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/responder/autofs/PaxHeaders.13173/autofssrv.c0000644000000000000000000000007412320753107022044 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.759874873 sssd-1.11.5/src/responder/autofs/autofssrv.c0000664002412700241270000001742012320753107022272 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2012 Red Hat Autofs responder: the responder server This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "confdb/confdb.h" #include "monitor/monitor_interfaces.h" #include "responder/common/responder.h" #include "providers/data_provider.h" #include "responder/autofs/autofs_private.h" static int autofs_clean_hash_table(DBusMessage *message, struct sbus_connection *conn); struct sbus_method monitor_autofs_methods[] = { { MON_CLI_METHOD_PING, monitor_common_pong }, { MON_CLI_METHOD_RES_INIT, monitor_common_res_init }, { MON_CLI_METHOD_ROTATE, responder_logrotate }, { MON_CLI_METHOD_CLEAR_ENUM_CACHE, autofs_clean_hash_table }, { NULL, NULL } }; struct sbus_interface monitor_autofs_interface = { MONITOR_INTERFACE, MONITOR_PATH, SBUS_DEFAULT_VTABLE, monitor_autofs_methods, NULL }; static struct sbus_method autofs_dp_methods[] = { { NULL, NULL } }; struct sbus_interface autofs_dp_interface = { DP_INTERFACE, DP_PATH, SBUS_DEFAULT_VTABLE, autofs_dp_methods, NULL }; static errno_t autofs_get_config(struct autofs_ctx *actx, struct confdb_ctx *cdb) { errno_t ret; ret = confdb_get_int(cdb, CONFDB_AUTOFS_CONF_ENTRY, CONFDB_AUTOFS_MAP_NEG_TIMEOUT, 15, &actx->neg_timeout); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot read %s from configuration [%d]: %s\n", CONFDB_AUTOFS_MAP_NEG_TIMEOUT, ret, strerror(ret))); return ret; } return EOK; } static void autofs_dp_reconnect_init(struct sbus_connection *conn, int status, void *pvt) { struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn); int ret; /* Did we reconnect successfully? */ if (status == SBUS_RECONNECT_SUCCESS) { DEBUG(SSSDBG_TRACE_FUNC, ("Reconnected to the Data Provider.\n")); /* Identify ourselves to the data provider */ ret = dp_common_send_id(be_conn->conn, DATA_PROVIDER_VERSION, "autofs"); /* all fine */ if (ret == EOK) { handle_requests_after_reconnect(be_conn->rctx); return; } } /* Failed to reconnect */ DEBUG(SSSDBG_FATAL_FAILURE, ("Could not reconnect to %s provider.\n", be_conn->domain->name)); } static int autofs_clean_hash_table(DBusMessage *message, struct sbus_connection *conn) { struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn), struct resp_ctx); struct autofs_ctx *actx = talloc_get_type(rctx->pvt_ctx, struct autofs_ctx); errno_t ret; ret = autofs_orphan_maps(actx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not invalidate maps\n")); return ret; } return monitor_common_pong(message, conn); } static int autofs_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct resp_ctx *rctx; struct sss_cmd_table *autofs_cmds; struct autofs_ctx *autofs_ctx; struct be_conn *iter; int ret; int hret; int max_retries; autofs_cmds = get_autofs_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, autofs_cmds, SSS_AUTOFS_SOCKET_NAME, NULL, CONFDB_AUTOFS_CONF_ENTRY, SSS_AUTOFS_SBUS_SERVICE_NAME, SSS_AUTOFS_SBUS_SERVICE_VERSION, &monitor_autofs_interface, "autofs", &autofs_dp_interface, &rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("sss_process_init() failed\n")); return ret; } autofs_ctx = talloc_zero(rctx, struct autofs_ctx); if (!autofs_ctx) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing autofs_ctx\n")); ret = ENOMEM; goto fail; } ret = autofs_get_config(autofs_ctx, cdb); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Cannot read autofs configuration\n")); goto fail; } autofs_ctx->rctx = rctx; autofs_ctx->rctx->pvt_ctx = autofs_ctx; /* Enable automatic reconnection to the Data Provider */ ret = confdb_get_int(autofs_ctx->rctx->cdb, CONFDB_AUTOFS_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to set up automatic reconnection\n")); goto fail; } for (iter = autofs_ctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, autofs_dp_reconnect_init, iter); } /* Create the lookup table for setautomntent results */ hret = sss_hash_create_ex(autofs_ctx, 10, &autofs_ctx->maps, 0, 0, 0, 0, autofs_map_hash_delete_cb, NULL); if (hret != HASH_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to initialize automount maps hash table\n")); ret = EIO; goto fail; } ret = schedule_get_domains_task(rctx, rctx->ev, rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n")); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, ("autofs Initialization complete\n")); return EOK; fail: talloc_free(rctx); return ret; } int main(int argc, const char *argv[]) { int opt; poptContext pc; struct main_context *main_ctx; int ret; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can decide if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_autofs"; ret = server_setup("sssd[autofs]", 0, CONFDB_AUTOFS_CONF_ENTRY, &main_ctx); if (ret != EOK) { return 2; } ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ DEBUG(SSSDBG_OP_FAILURE, ("Could not set up to exit " "when parent process does\n")); } ret = autofs_process_init(main_ctx, main_ctx->event_ctx, main_ctx->confdb_ctx); if (ret != EOK) { return 3; } /* loop on main */ server_loop(main_ctx); return 0; } sssd-1.11.5/src/responder/autofs/PaxHeaders.13173/autofs_private.h0000644000000000000000000000007412320753107023050 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.449875102 sssd-1.11.5/src/responder/autofs/autofs_private.h0000664002412700241270000000501212320753107023270 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _AUTOFSSRV_PRIVATE_H_ #define _AUTOFSSRV_PRIVATE_H_ #include "responder/common/responder_sbus.h" #define SSS_AUTOFS_PROTO_VERSION 0x001 struct autofs_ctx { struct resp_ctx *rctx; int neg_timeout; hash_table_t *maps; }; struct autofs_cmd_ctx { struct cli_ctx *cctx; char *mapname; char *key; uint32_t cursor; uint32_t max_entries; bool check_next; }; struct autofs_dom_ctx { struct autofs_cmd_ctx *cmd_ctx; struct sss_domain_info *domain; bool check_provider; /* cache results */ struct ldb_message *map; size_t entry_count; struct ldb_message **entries; struct autofs_map_ctx *map_ctx; }; struct autofs_map_ctx { /* state of the map entry */ bool ready; bool found; /* requests */ struct setent_req_list *reqs; hash_table_t *map_table; char *mapname; /* map entry */ struct ldb_message *map; size_t entry_count; struct ldb_message **entries; }; struct sss_cmd_table *get_autofs_cmds(void); void autofs_map_hash_delete_cb(hash_entry_t *item, hash_destroy_enum deltype, void *pvt); errno_t autofs_orphan_maps(struct autofs_ctx *actx); enum sss_dp_autofs_type { SSS_DP_AUTOFS }; struct tevent_req * sss_dp_get_autofs_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_domain_info *dom, bool fast_reply, enum sss_dp_autofs_type type, const char *name); errno_t sss_dp_get_autofs_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, dbus_uint16_t *dp_err, dbus_uint32_t *dp_ret, char **err_msg); #endif /* _AUTOFSSRV_PRIVATE_H_ */ sssd-1.11.5/src/responder/autofs/PaxHeaders.13173/autofssrv_dp.c0000644000000000000000000000007412320753107022527 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.761874872 sssd-1.11.5/src/responder/autofs/autofssrv_dp.c0000664002412700241270000001027412320753107022755 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "sbus/sssd_dbus.h" #include "util/util.h" #include "sbus/sbus_client.h" #include "providers/data_provider.h" #include "responder/common/responder.h" #include "responder/autofs/autofs_private.h" struct sss_dp_get_autofs_info { struct sss_domain_info *dom; bool fast_reply; enum sss_dp_autofs_type type; const char *name; }; static DBusMessage * sss_dp_get_autofs_msg(void *pvt); struct tevent_req * sss_dp_get_autofs_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_domain_info *dom, bool fast_reply, enum sss_dp_autofs_type type, const char *name) { struct tevent_req *req; struct sss_dp_req_state *state; struct sss_dp_get_autofs_info *info; errno_t ret; char *key; req = tevent_req_create(mem_ctx, &state, struct sss_dp_req_state); if (!req) { ret = ENOMEM; goto error; } if (!dom) { ret = EINVAL; goto error; } info = talloc_zero(state, struct sss_dp_get_autofs_info); info->fast_reply = fast_reply; info->type = type; info->name = name; info->dom = dom; key = talloc_asprintf(state, "%d:%s@%s", type, name, dom->name); if (!key) { ret = ENOMEM; goto error; } ret = sss_dp_issue_request(state, rctx, key, dom, sss_dp_get_autofs_msg, info, req); talloc_free(key); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not issue DP request [%d]: %s\n", ret, strerror(ret))); goto error; } return req; error: tevent_req_error(req, ret); tevent_req_post(req, rctx->ev); return req; } static DBusMessage * sss_dp_get_autofs_msg(void *pvt) { DBusMessage *msg; dbus_bool_t dbret; struct sss_dp_get_autofs_info *info; uint32_t be_type = BE_REQ_AUTOFS; char *filter; info = talloc_get_type(pvt, struct sss_dp_get_autofs_info); if (info->fast_reply) { be_type |= BE_REQ_FAST; } filter = talloc_asprintf(info, "mapname=%s", info->name); if (!filter) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory?!\n")); return NULL; } msg = dbus_message_new_method_call(NULL, DP_PATH, DP_INTERFACE, DP_METHOD_AUTOFSHANDLER); if (msg == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory?!\n")); return NULL; } /* create the message */ DEBUG(SSSDBG_TRACE_FUNC, ("Creating autofs request for [%s][%u][%s]\n", info->dom->name, be_type, filter)); dbret = dbus_message_append_args(msg, DBUS_TYPE_UINT32, &be_type, DBUS_TYPE_STRING, &filter, DBUS_TYPE_INVALID); talloc_free(filter); if (!dbret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build message\n")); dbus_message_unref(msg); return NULL; } return msg; } errno_t sss_dp_get_autofs_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, dbus_uint16_t *dp_err, dbus_uint32_t *dp_ret, char **err_msg) { return sss_dp_req_recv(mem_ctx, req, dp_err, dp_ret, err_msg); } sssd-1.11.5/src/responder/autofs/PaxHeaders.13173/autofssrv_cmd.c0000644000000000000000000000007412320753107022667 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.760874872 sssd-1.11.5/src/responder/autofs/autofssrv_cmd.c0000664002412700241270000012450012320753107023113 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2012 Red Hat Autofs responder: commands This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "responder/common/responder.h" #include "responder/common/responder_packet.h" #include "responder/autofs/autofs_private.h" #include "db/sysdb.h" #include "db/sysdb_autofs.h" #include "confdb/confdb.h" static int autofs_cmd_send_error(struct autofs_cmd_ctx *cmdctx, int err) { return sss_cmd_send_error(cmdctx->cctx, err); } static int autofs_cmd_send_empty(struct autofs_cmd_ctx *cmdctx) { return sss_cmd_send_empty(cmdctx->cctx, cmdctx); } static int autofs_cmd_done(struct autofs_cmd_ctx *cmdctx, int ret) { switch (ret) { case EOK: /* all fine, just return here */ break; case ENOENT: ret = autofs_cmd_send_empty(cmdctx); if (ret) { return EFAULT; } break; case EAGAIN: /* async processing, just return here */ break; case EFAULT: /* very bad error */ return EFAULT; default: ret = autofs_cmd_send_error(cmdctx, ret); if (ret) { return EFAULT; } sss_cmd_done(cmdctx->cctx, cmdctx); break; } return EOK; } static errno_t autofs_setent_add_ref(TALLOC_CTX *memctx, struct autofs_map_ctx *map_ctx, struct tevent_req *req) { return setent_add_ref(memctx, map_ctx, &map_ctx->reqs, req); } static void autofs_setent_notify(struct autofs_map_ctx *map_ctx, errno_t ret) { setent_notify(&map_ctx->reqs, ret); } errno_t autofs_orphan_maps(struct autofs_ctx *actx) { int hret; unsigned long mcount; unsigned long i; hash_key_t *maps; if (!actx || !actx->maps) { return EINVAL; } hret = hash_keys(actx->maps, &mcount, &maps); if (hret != HASH_SUCCESS) { return EIO; } for (i = 0; i < mcount; i++) { hret = hash_delete(actx->maps, &maps[i]); if (hret != HASH_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not delete key from hash\n")); continue; } } return EOK; } static errno_t get_autofs_map(struct autofs_ctx *actx, char *mapname, struct autofs_map_ctx **map) { hash_key_t key; hash_value_t value; int hret; key.type = HASH_KEY_STRING; key.str = mapname; hret = hash_lookup(actx->maps, &key, &value); if (hret == HASH_SUCCESS) { *map = talloc_get_type(value.ptr, struct autofs_map_ctx); return EOK; } else if (hret == HASH_ERROR_KEY_NOT_FOUND) { return ENOENT; } DEBUG(SSSDBG_CRIT_FAILURE, ("Unexpected error reading from autofs map hash [%d][%s]\n", hret, hash_error_string(hret))); return EIO; } static int autofs_map_hash_remove (TALLOC_CTX *ctx); void autofs_map_hash_delete_cb(hash_entry_t *item, hash_destroy_enum deltype, void *pvt) { struct autofs_map_ctx *map; if (deltype != HASH_ENTRY_DESTROY) { return; } map = talloc_get_type(item->value.ptr, struct autofs_map_ctx); if (!map) { DEBUG(SSSDBG_OP_FAILURE, ("Invalid autofs map\n")); return; } /* So that the destructor wouldn't attempt to remove the map from hash * table */ map->map_table = NULL; } static errno_t set_autofs_map(struct autofs_ctx *actx, struct autofs_map_ctx *map) { hash_key_t key; hash_value_t value; int hret; if (map->mapname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Missing autofs map name.\n")); return EINVAL; } /* Add this entry to the hash table */ key.type = HASH_KEY_STRING; key.str = map->mapname; value.type = HASH_VALUE_PTR; value.ptr = map; hret = hash_enter(actx->maps, &key, &value); if (hret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to add hash table entry for [%s]", key.str)); DEBUG(SSSDBG_MINOR_FAILURE, ("Hash error [%d][%s]", hret, hash_error_string(hret))); return EIO; } talloc_steal(actx->maps, map); talloc_set_destructor((TALLOC_CTX *) map, autofs_map_hash_remove); return EOK; } static int autofs_map_hash_remove(TALLOC_CTX *ctx) { int hret; hash_key_t key; struct autofs_map_ctx *map = talloc_get_type(ctx, struct autofs_map_ctx); if (map->map_table == NULL) { DEBUG(SSSDBG_TRACE_LIBS, ("autofs map [%s] was already removed\n", map->mapname)); return 0; } key.type = HASH_KEY_STRING; key.str = map->mapname; /* Remove the autofs map result object from the lookup table */ hret = hash_delete(map->map_table, &key); if (hret != HASH_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not remove key from table! [%d][%s]\n", hret, hash_error_string(hret))); return -1; } return 0; } static struct tevent_req * setautomntent_send(TALLOC_CTX *mem_ctx, const char *rawname, struct autofs_cmd_ctx *cmdctx); static errno_t setautomntent_recv(struct tevent_req *req); static void sss_autofs_cmd_setautomntent_done(struct tevent_req *req); /* FIXME - file a ticket to have per-responder private * data instead of growing the cli_ctx structure */ static int sss_autofs_cmd_setautomntent(struct cli_ctx *client) { struct autofs_cmd_ctx *cmdctx; uint8_t *body; size_t blen; errno_t ret = EOK; const char *rawname; struct tevent_req *req; DEBUG(SSSDBG_TRACE_INTERNAL, ("sss_autofs_cmd_setautomntent\n")); cmdctx = talloc_zero(client, struct autofs_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = client; sss_packet_get_body(client->creq->in, &body, &blen); /* if not terminated fail */ if (body[blen -1] != '\0') { ret = EINVAL; goto done; } /* If the body isn't valid UTF-8, fail */ if (!sss_utf8_check(body, blen -1)) { ret = EINVAL; goto done; } rawname = (const char *)body; DEBUG(SSSDBG_TRACE_FUNC, ("Got request for automount map named %s\n", rawname)); req = setautomntent_send(cmdctx, rawname, cmdctx); if (!req) { DEBUG(SSSDBG_CRIT_FAILURE, ("Fatal error calling setautomntent_send\n")); ret = EIO; goto done; } tevent_req_set_callback(req, sss_autofs_cmd_setautomntent_done, cmdctx); ret = EOK; done: return autofs_cmd_done(cmdctx, ret); } static void sss_autofs_cmd_setautomntent_done(struct tevent_req *req) { struct autofs_cmd_ctx *cmdctx = tevent_req_callback_data(req, struct autofs_cmd_ctx); errno_t ret; errno_t reqret; struct sss_packet *packet; uint8_t *body; size_t blen; DEBUG(SSSDBG_TRACE_INTERNAL, ("setautomntent done\n")); reqret = setautomntent_recv(req); talloc_zfree(req); if (reqret != EOK && reqret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("setautomntent_recv failed\n")); autofs_cmd_done(cmdctx, reqret); return; } /* Either we succeeded or no domains were eligible */ ret = sss_packet_new(cmdctx->cctx->creq, 0, sss_packet_get_cmd(cmdctx->cctx->creq->in), &cmdctx->cctx->creq->out); if (ret == EOK) { if (reqret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("setautomntent did not find requested map\n")); /* Notify the caller that this entry wasn't found */ sss_cmd_empty_packet(cmdctx->cctx->creq->out); } else { DEBUG(SSSDBG_TRACE_FUNC, ("setautomntent found data\n")); packet = cmdctx->cctx->creq->out; ret = sss_packet_grow(packet, 2*sizeof(uint32_t)); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Couldn't grow the packet\n")); talloc_free(cmdctx); return; } sss_packet_get_body(packet, &body, &blen); ((uint32_t *)body)[0] = 1; /* Got some results */ ((uint32_t *)body)[1] = 0; /* reserved */ } sss_cmd_done(cmdctx->cctx, NULL); return; } DEBUG(SSSDBG_CRIT_FAILURE, ("Error creating packet\n")); return; } struct setautomntent_state { struct autofs_cmd_ctx *cmdctx; struct autofs_dom_ctx *dctx; char *mapname; struct autofs_map_ctx *map; }; struct setautomntent_lookup_ctx { struct autofs_ctx *actx; struct autofs_dom_ctx *dctx; struct resp_ctx *rctx; struct cli_ctx *cctx; bool returned_to_mainloop; char *mapname; struct autofs_map_ctx *map; }; static errno_t lookup_automntmap_step(struct setautomntent_lookup_ctx *lookup_ctx); static void autofs_map_result_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt) { struct autofs_map_ctx *map = talloc_get_type(pvt, struct autofs_map_ctx); /* Free the autofs map result context * The destructor for the autofs map will remove itself * from the hash table */ talloc_free(map); } static void set_autofs_map_lifetime(uint32_t lifetime, struct setautomntent_lookup_ctx *lookup_ctx, struct autofs_map_ctx *map) { struct timeval tv; struct tevent_timer *te; tv = tevent_timeval_current_ofs(lifetime, 0); te = tevent_add_timer(lookup_ctx->rctx->ev, lookup_ctx->rctx, tv, autofs_map_result_timeout, map); if (!te) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not set up life timer for autofs maps. " "Entries may become stale.\n")); } } static errno_t setautomntent_get_autofs_map(struct autofs_ctx *actx, char *mapname, struct autofs_map_ctx **map); static struct tevent_req * setautomntent_send(TALLOC_CTX *mem_ctx, const char *rawname, struct autofs_cmd_ctx *cmdctx) { char *domname; errno_t ret; struct tevent_req *req; struct setautomntent_state *state; struct cli_ctx *client = cmdctx->cctx; struct autofs_dom_ctx *dctx; struct autofs_ctx *actx = talloc_get_type(client->rctx->pvt_ctx, struct autofs_ctx); struct setautomntent_lookup_ctx *lookup_ctx; req = tevent_req_create(mem_ctx, &state, struct setautomntent_state); if (!req) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not create tevent request for setautomntent\n")); return NULL; } state->cmdctx = cmdctx; dctx = talloc_zero(state, struct autofs_dom_ctx); if (!dctx) { DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory\n")); ret = ENOMEM; goto fail; } dctx->cmd_ctx = state->cmdctx; state->dctx = dctx; ret = sss_parse_name_for_domains(state, client->rctx->domains, NULL, rawname, &domname, &state->mapname); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid name received [%s]\n", rawname)); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, ("Requesting info for automount map [%s] from [%s]\n", state->mapname, domname?domname:"")); if (domname) { dctx->domain = responder_get_domain(client->rctx, domname); if (!dctx->domain) { ret = EINVAL; goto fail; } client->automntmap_name = talloc_strdup(client, rawname); if (!client->automntmap_name) { ret = ENOMEM; goto fail; } } else { /* this is a multidomain search */ dctx->domain = client->rctx->domains; cmdctx->check_next = true; client->automntmap_name = talloc_strdup(client, state->mapname); if (!client->automntmap_name) { ret = ENOMEM; goto fail; } } dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); /* Is the result context already available? * Check for existing lookups for this map */ ret = setautomntent_get_autofs_map(actx, state->mapname, &state->map); if (ret == EOK) { /* Another process already requested this map * Check whether it's ready for processing. */ if (state->map->ready) { if (state->map->found) { DEBUG(SSSDBG_TRACE_LIBS, ("Map %s is ready to be processed\n", state->mapname)); tevent_req_done(req); tevent_req_post(req, actx->rctx->ev); return req; } else { DEBUG(SSSDBG_TRACE_LIBS, ("Map %s was marked as nonexistent\n", state->mapname)); tevent_req_error(req, ENOENT); tevent_req_post(req, actx->rctx->ev); return req; } } /* Result object is still being constructed * Register for notification when it's ready */ DEBUG(SSSDBG_TRACE_LIBS, ("Map %s is being looked up, registering for notification\n", state->mapname)); ret = autofs_setent_add_ref(state, state->map, req); if (ret != EOK) { goto fail; } /* Will return control below */ } else if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_LIBS, ("Map %s needs to be looked up\n", state->mapname)); state->map = talloc_zero(actx, struct autofs_map_ctx); if (!state->map) { ret = ENOMEM; goto fail; } dctx->map_ctx = state->map; state->map->mapname = talloc_strdup(state->map, state->mapname); if (!state->map->mapname) { talloc_free(state->map); ret = ENOMEM; goto fail; } state->map->map_table = actx->maps; ret = autofs_setent_add_ref(state, state->map, req); if (ret != EOK) { talloc_free(state->map); goto fail; } ret = set_autofs_map(actx, state->map); if (ret != EOK) { talloc_free(state->map); goto fail; } /* Perform lookup */ lookup_ctx = talloc_zero(state->map, struct setautomntent_lookup_ctx); if (!lookup_ctx) { talloc_free(state->map); ret = ENOMEM; goto fail; } /* Steal the dom_ctx onto the lookup_ctx so it doesn't go out of scope if * this request is canceled while other requests are in-progress. */ lookup_ctx->dctx = talloc_steal(lookup_ctx, state->dctx); lookup_ctx->actx = actx; lookup_ctx->map = state->map; lookup_ctx->rctx = client->rctx; lookup_ctx->mapname = talloc_strdup(lookup_ctx, state->mapname); if (!lookup_ctx->mapname) { talloc_free(state->map); ret = ENOMEM; goto fail; } ret = lookup_automntmap_step(lookup_ctx); if (ret == EAGAIN) { DEBUG(SSSDBG_TRACE_INTERNAL, ("lookup_automntmap_step " "is refreshing the cache, re-entering the mainloop\n")); return req; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not get data from cache\n")); talloc_free(state->map); ret = ENOMEM; goto fail; } tevent_req_done(req); tevent_req_post(req, cmdctx->cctx->ev); return req; } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Unexpected error from get_autofs_map [%d]: %s\n", ret, strerror(ret))); goto fail; } return req; fail: tevent_req_error(req, ret); tevent_req_post(req, actx->rctx->ev); return req; } static errno_t setautomntent_get_autofs_map(struct autofs_ctx *actx, char *mapname, struct autofs_map_ctx **map) { errno_t ret; if (strcmp(mapname, "auto.master") == 0) { /* Iterate over the hash and remove all maps */ ret = autofs_orphan_maps(actx); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not remove existing maps from hash\n")); } return ENOENT; } return get_autofs_map(actx, mapname, map); } static errno_t lookup_automntmap_update_cache(struct setautomntent_lookup_ctx *lookup_ctx); static errno_t lookup_automntmap_step(struct setautomntent_lookup_ctx *lookup_ctx) { errno_t ret; struct sss_domain_info *dom = lookup_ctx->dctx->domain; struct autofs_dom_ctx *dctx = lookup_ctx->dctx; struct sysdb_ctx *sysdb; struct autofs_map_ctx *map; /* Check each domain for this map name */ while (dom) { /* if it is a domainless search, skip domains that require fully * qualified names instead */ while (dom && dctx->cmd_ctx->check_next && dom->fqnames) { dom = get_next_domain(dom, false); } /* No domains left to search */ if (!dom) break; if (dom != dctx->domain) { /* make sure we reset the check_provider flag when we check * a new domain */ dctx->check_provider = NEED_CHECK_PROVIDER(dom->provider); } /* make sure to update the dctx if we changed domain */ dctx->domain = dom; DEBUG(SSSDBG_TRACE_FUNC, ("Requesting info for [%s@%s]\n", lookup_ctx->mapname, dom->name)); sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Fatal: Sysdb CTX not found for this domain!\n")); return EIO; } /* Look into the cache */ talloc_free(dctx->map); ret = sysdb_get_map_byname(dctx, sysdb, dom, lookup_ctx->mapname, &dctx->map); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("Could not check cache\n")); return ret; } else if (ret == ENOENT) { DEBUG(SSSDBG_MINOR_FAILURE, ("No automount map [%s] in cache for domain [%s]\n", lookup_ctx->mapname, dom->name)); if (!dctx->check_provider) { if (dctx->cmd_ctx->check_next) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Moving on to next domain\n")); dom = get_next_domain(dom, false); continue; } else break; } } ret = get_autofs_map(lookup_ctx->actx, lookup_ctx->mapname, &map); if (ret != EOK) { /* Something really bad happened! */ DEBUG(SSSDBG_CRIT_FAILURE, ("Autofs map entry was lost!\n")); return ret; } if (dctx->map == NULL && !dctx->check_provider) { DEBUG(SSSDBG_MINOR_FAILURE, ("Autofs map not found, setting negative cache\n")); map->ready = true; map->found = false; set_autofs_map_lifetime(lookup_ctx->actx->neg_timeout, lookup_ctx, map); return ENOENT; } if (dctx->check_provider) { ret = lookup_automntmap_update_cache(lookup_ctx); if (ret == EAGAIN) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Looking up automount maps from the DP\n")); return EAGAIN; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Error looking up automount maps [%d]: %s\n", ret, strerror(ret))); return ret; } } /* OK, the map is in cache and valid. * Let's get all members and return it */ ret = sysdb_autofs_entries_by_map(map, sysdb, dom, map->mapname, &map->entry_count, &map->entries); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("Error looking automount map entries [%d]: %s\n", ret, strerror(ret))); map->ready = true; map->found = false; set_autofs_map_lifetime(lookup_ctx->actx->neg_timeout, lookup_ctx, map); return EIO; } map->map = talloc_steal(map, dctx->map); DEBUG(SSSDBG_TRACE_FUNC, ("setautomntent done for map %s\n", lookup_ctx->mapname)); map->ready = true; map->found = true; set_autofs_map_lifetime(dom->autofsmap_timeout, lookup_ctx, map); return EOK; } map = talloc_zero(lookup_ctx->actx, struct autofs_map_ctx); if (!map) { return ENOMEM; } map->ready = true; map->found = false; map->map_table = lookup_ctx->actx->maps; map->mapname = talloc_strdup(map, lookup_ctx->mapname); if (!map->mapname) { talloc_free(map); return ENOMEM; } ret = set_autofs_map(lookup_ctx->actx, map); if (ret != EOK) { talloc_free(map); return ENOMEM; } set_autofs_map_lifetime(lookup_ctx->actx->neg_timeout, lookup_ctx, map); /* If we've gotten here, then no domain contained this map */ return ENOENT; } static void lookup_automntmap_cache_updated(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr); static void autofs_dp_send_map_req_done(struct tevent_req *req); static errno_t lookup_automntmap_update_cache(struct setautomntent_lookup_ctx *lookup_ctx) { errno_t ret; uint64_t cache_expire = 0; struct autofs_dom_ctx *dctx = lookup_ctx->dctx; struct tevent_req *req = NULL; struct dp_callback_ctx *cb_ctx = NULL; if (dctx->map != NULL) { if (strcmp(lookup_ctx->mapname, "auto.master") != 0) { cache_expire = ldb_msg_find_attr_as_uint64(dctx->map, SYSDB_CACHE_EXPIRE, 0); } /* if we have any reply let's check cache validity */ ret = sss_cmd_check_cache(dctx->map, 0, cache_expire); if (ret == EOK) { DEBUG(SSSDBG_TRACE_FUNC, ("Cached entry is valid, returning..\n")); return EOK; } else if (ret != EAGAIN && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error checking cache: %d\n", ret)); goto error; } } /* dont loop forever :-) */ dctx->check_provider = false; /* keep around current data in case backend is offline */ /* FIXME - do this by default */ #if 0 if (dctx->res->count) { dctx->res = talloc_steal(dctx, dctx->res); } #endif req = sss_dp_get_autofs_send(lookup_ctx->cctx, lookup_ctx->rctx, lookup_ctx->dctx->domain, true, SSS_DP_AUTOFS, lookup_ctx->mapname); if (!req) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory sending data provider request\n")); ret = ENOMEM; goto error; } cb_ctx = talloc_zero(lookup_ctx->dctx, struct dp_callback_ctx); if(!cb_ctx) { talloc_zfree(req); ret = ENOMEM; goto error; } cb_ctx->callback = lookup_automntmap_cache_updated; cb_ctx->ptr = lookup_ctx; cb_ctx->cctx = lookup_ctx->dctx->cmd_ctx->cctx; cb_ctx->mem_ctx = lookup_ctx->dctx; tevent_req_set_callback(req, autofs_dp_send_map_req_done, cb_ctx); return EAGAIN; error: ret = autofs_cmd_send_error(lookup_ctx->dctx->cmd_ctx, ret); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Fatal error, killing connection!\n")); talloc_free(lookup_ctx->cctx); return ret; } autofs_cmd_done(lookup_ctx->dctx->cmd_ctx, ret); return EOK; } static void autofs_dp_send_map_req_done(struct tevent_req *req) { struct dp_callback_ctx *cb_ctx = tevent_req_callback_data(req, struct dp_callback_ctx); struct setautomntent_lookup_ctx *lookup_ctx = talloc_get_type(cb_ctx->ptr, struct setautomntent_lookup_ctx); errno_t ret; dbus_uint16_t err_maj; dbus_uint32_t err_min; char *err_msg; ret = sss_dp_get_autofs_recv(cb_ctx->mem_ctx, req, &err_maj, &err_min, &err_msg); talloc_free(req); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Fatal error, killing connection!\n")); talloc_free(lookup_ctx->cctx); return; } cb_ctx->callback(err_maj, err_min, err_msg, cb_ctx->ptr); } static void lookup_automntmap_cache_updated(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr) { struct setautomntent_lookup_ctx *lookup_ctx = talloc_get_type(ptr, struct setautomntent_lookup_ctx); struct autofs_dom_ctx *dctx = lookup_ctx->dctx; errno_t ret; if (err_maj) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to get information from Data Provider\n" "Error: %u, %u, %s\n" "Will try to return what we have in cache\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg)); /* Loop to the next domain if possible */ if (dctx->cmd_ctx->check_next && get_next_domain(dctx->domain, false)) { dctx->domain = get_next_domain(dctx->domain, false); dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); } } /* ok the backend returned, search to see if we have updated results */ ret = lookup_automntmap_step(lookup_ctx); if (ret != EOK) { if (ret == EAGAIN) { return; } } /* We have results to return */ autofs_setent_notify(lookup_ctx->map, ret); } static errno_t setautomntent_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static errno_t getautomntent_process(struct autofs_cmd_ctx *cmdctx, struct autofs_map_ctx *map, uint32_t cursor, uint32_t max_entries); static void getautomntent_implicit_done(struct tevent_req *req); static errno_t fill_autofs_entry(struct ldb_message *entry, struct sss_packet *packet, size_t *rp); static int sss_autofs_cmd_getautomntent(struct cli_ctx *client) { struct autofs_cmd_ctx *cmdctx; struct autofs_map_ctx *map; struct autofs_ctx *actx; uint8_t *body; size_t blen; errno_t ret; uint32_t namelen; size_t c = 0; struct tevent_req *req; DEBUG(SSSDBG_TRACE_INTERNAL, ("sss_autofs_cmd_getautomntent\n")); cmdctx = talloc_zero(client, struct autofs_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = client; actx = talloc_get_type(client->rctx->pvt_ctx, struct autofs_ctx); if (!actx) { DEBUG(SSSDBG_CRIT_FAILURE, ("Missing autofs context\n")); return EIO; } /* get autofs map name and index to query */ sss_packet_get_body(client->creq->in, &body, &blen); SAFEALIGN_COPY_UINT32_CHECK(&namelen, body+c, blen, &c); if (namelen == 0 || namelen > blen - c) { ret = EINVAL; goto done; } cmdctx->mapname = (char *) body+c; /* if not null-terminated fail */ if (cmdctx->mapname[namelen] != '\0') { ret = EINVAL; goto done; } /* If the name isn't valid UTF-8, fail */ if (!sss_utf8_check((const uint8_t *) cmdctx->mapname, namelen -1)) { ret = EINVAL; goto done; } SAFEALIGN_COPY_UINT32_CHECK(&cmdctx->cursor, body+c+namelen+1, blen, &c); SAFEALIGN_COPY_UINT32_CHECK(&cmdctx->max_entries, body+c+namelen+1, blen, &c); DEBUG(SSSDBG_TRACE_FUNC, ("Requested data of map %s cursor %d max entries %d\n", cmdctx->mapname, cmdctx->cursor, cmdctx->max_entries)); ret = get_autofs_map(actx, cmdctx->mapname, &map); if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("Performing implicit setautomntent\n")); req = setautomntent_send(cmdctx, cmdctx->mapname, cmdctx); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("setautomntent_send failed\n")); ret = EIO; goto done; } tevent_req_set_callback(req, getautomntent_implicit_done, cmdctx); ret = EOK; goto done; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("An unexpected error occurred: [%d][%s]\n", ret, strerror(ret))); goto done; } if (map->ready == false) { DEBUG(SSSDBG_TRACE_FUNC, ("Performing implicit setautomntent\n")); req = setautomntent_send(cmdctx, cmdctx->mapname, cmdctx); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("setautomntent_send failed\n")); ret = EIO; goto done; } tevent_req_set_callback(req, getautomntent_implicit_done, cmdctx); ret = EOK; goto done; } else if (map->found == false) { DEBUG(SSSDBG_TRACE_FUNC, ("negative cache hit\n")); ret = ENOENT; goto done; } DEBUG(SSSDBG_TRACE_INTERNAL, ("returning entries for [%s]\n", map->mapname)); ret = getautomntent_process(cmdctx, map, cmdctx->cursor, cmdctx->max_entries); done: return autofs_cmd_done(cmdctx, ret); } static void getautomntent_implicit_done(struct tevent_req *req) { errno_t ret; struct autofs_map_ctx *map; struct autofs_cmd_ctx *cmdctx = tevent_req_callback_data(req, struct autofs_cmd_ctx); struct autofs_ctx *actx = talloc_get_type(cmdctx->cctx->rctx->pvt_ctx, struct autofs_ctx); ret = setautomntent_recv(req); talloc_zfree(req); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("setautomntent_recv failed\n")); } else { DEBUG(SSSDBG_MINOR_FAILURE, ("No such map\n")); } goto done; } ret = get_autofs_map(actx, cmdctx->mapname, &map); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get map after setautomntent succeeded?\n")); goto done; } if (map->ready == false) { DEBUG(SSSDBG_CRIT_FAILURE, ("Map not ready after setautomntent succeeded\n")); goto done; } ret = getautomntent_process(cmdctx, map, cmdctx->cursor, cmdctx->max_entries); done: autofs_cmd_done(cmdctx, ret); return; } static errno_t getautomntent_process(struct autofs_cmd_ctx *cmdctx, struct autofs_map_ctx *map, uint32_t cursor, uint32_t max_entries) { struct cli_ctx *client = cmdctx->cctx; errno_t ret; struct ldb_message *entry; size_t rp; uint32_t i, stop, left, nentries; uint8_t *body; size_t blen; /* create response packet */ ret = sss_packet_new(client->creq, 0, sss_packet_get_cmd(client->creq->in), &client->creq->out); if (ret != EOK) { return ret; } if (!map->map || !map->entries || !map->entries[0] || cursor >= map->entry_count) { DEBUG(SSSDBG_MINOR_FAILURE, ("No entries found\n")); ret = sss_cmd_empty_packet(client->creq->out); if (ret != EOK) { return autofs_cmd_done(cmdctx, ret); } goto done; } /* allocate memory for number of entries in the packet */ ret = sss_packet_grow(client->creq->out, sizeof(uint32_t)); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot grow packet\n")); goto done; } rp = sizeof(uint32_t); /* We'll write the number of entries here */ left = map->entry_count - cursor; stop = max_entries < left ? max_entries : left; nentries = 0; for (i=0; i < stop; i++) { entry = map->entries[cursor]; cursor++; ret = fill_autofs_entry(entry, client->creq->out, &rp); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot fill entry %d/%d, skipping\n", i, stop)); continue; } nentries++; } /* packet grows in fill_autofs_entry, body pointer may change, * thus we have to obtain it here */ sss_packet_get_body(client->creq->out, &body, &blen); rp = 0; SAFEALIGN_SET_UINT32(&body[rp], nentries, &rp); ret = EOK; done: sss_packet_set_error(client->creq->out, ret); sss_cmd_done(client, cmdctx); return EOK; } static errno_t fill_autofs_entry(struct ldb_message *entry, struct sss_packet *packet, size_t *rp) { errno_t ret; const char *key; size_t keylen; const char *value; size_t valuelen; uint8_t *body; size_t blen; size_t len; key = ldb_msg_find_attr_as_string(entry, SYSDB_AUTOFS_ENTRY_KEY, NULL); value = ldb_msg_find_attr_as_string(entry, SYSDB_AUTOFS_ENTRY_VALUE, NULL); if (!key || !value) { DEBUG(SSSDBG_MINOR_FAILURE, ("Incomplete entry\n")); return EINVAL; } keylen = 1 + strlen(key); valuelen = 1 + strlen(value); len = sizeof(uint32_t) + sizeof(uint32_t) + keylen + sizeof(uint32_t) + valuelen; ret = sss_packet_grow(packet, len); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot grow packet\n")); return ret; } sss_packet_get_body(packet, &body, &blen); SAFEALIGN_SET_UINT32(&body[*rp], len, rp); SAFEALIGN_SET_UINT32(&body[*rp], keylen, rp); if (keylen == 1) { body[*rp] = '\0'; } else { memcpy(&body[*rp], key, keylen); } *rp += keylen; SAFEALIGN_SET_UINT32(&body[*rp], valuelen, rp); if (valuelen == 1) { body[*rp] = '\0'; } else { memcpy(&body[*rp], value, valuelen); } *rp += valuelen; return EOK; } static errno_t getautomntbyname_process(struct autofs_cmd_ctx *cmdctx, struct autofs_map_ctx *map, const char *key); static void getautomntbyname_implicit_done(struct tevent_req *req); static int sss_autofs_cmd_getautomntbyname(struct cli_ctx *client) { errno_t ret; struct autofs_cmd_ctx *cmdctx; struct autofs_map_ctx *map; struct autofs_ctx *actx; uint8_t *body; size_t blen; uint32_t namelen; uint32_t keylen; size_t c = 0; struct tevent_req *req; DEBUG(SSSDBG_TRACE_INTERNAL, ("sss_autofs_cmd_getautomntbyname\n")); cmdctx = talloc_zero(client, struct autofs_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = client; actx = talloc_get_type(client->rctx->pvt_ctx, struct autofs_ctx); if (!actx) { DEBUG(SSSDBG_CRIT_FAILURE, ("Missing autofs context\n")); return EIO; } /* get autofs map name and index to query */ sss_packet_get_body(client->creq->in, &body, &blen); /* FIXME - split out a function to get string from \0 */ SAFEALIGN_COPY_UINT32_CHECK(&namelen, body+c, blen, &c); if (namelen == 0 || namelen > blen - c) { ret = EINVAL; goto done; } cmdctx->mapname = (char *) body+c; /* if not null-terminated fail */ if (cmdctx->mapname[namelen] != '\0') { ret = EINVAL; goto done; } /* If the name isn't valid UTF-8, fail */ if (!sss_utf8_check((const uint8_t *) cmdctx->mapname, namelen -1)) { ret = EINVAL; goto done; } c += namelen + 1; /* FIXME - split out a function to get string from \0 */ SAFEALIGN_COPY_UINT32_CHECK(&keylen, body+c, blen, &c); if (keylen == 0 || keylen > blen - c) { ret = EINVAL; goto done; } cmdctx->key = (char *) body+c; /* if not null-terminated fail */ if (cmdctx->key[keylen] != '\0') { ret = EINVAL; goto done; } /* If the key isn't valid UTF-8, fail */ if (!sss_utf8_check((const uint8_t *) cmdctx->key, keylen -1)) { ret = EINVAL; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Requested data of map %s key %s\n", cmdctx->mapname, cmdctx->key)); ret = get_autofs_map(actx, cmdctx->mapname, &map); if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("Performing implicit setautomntent\n")); req = setautomntent_send(cmdctx, cmdctx->mapname, cmdctx); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("setautomntent_send failed\n")); ret = EIO; goto done; } tevent_req_set_callback(req, getautomntbyname_implicit_done, cmdctx); ret = EOK; goto done; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("An unexpected error occurred: [%d][%s]\n", ret, strerror(ret))); goto done; } if (map->ready == false) { DEBUG(SSSDBG_TRACE_FUNC, ("Performing implicit setautomntent\n")); req = setautomntent_send(cmdctx, cmdctx->mapname, cmdctx); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("setautomntent_send failed\n")); ret = EIO; goto done; } tevent_req_set_callback(req, getautomntbyname_implicit_done, cmdctx); ret = EOK; goto done; } else if (map->found == false) { DEBUG(SSSDBG_TRACE_FUNC, ("negative cache hit\n")); ret = ENOENT; goto done; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Looking up value for [%s] in [%s]\n", cmdctx->key, map->mapname)); ret = getautomntbyname_process(cmdctx, map, cmdctx->key); done: return autofs_cmd_done(cmdctx, ret); } static void getautomntbyname_implicit_done(struct tevent_req *req) { errno_t ret; struct autofs_map_ctx *map; struct autofs_cmd_ctx *cmdctx = tevent_req_callback_data(req, struct autofs_cmd_ctx); struct autofs_ctx *actx = talloc_get_type(cmdctx->cctx->rctx->pvt_ctx, struct autofs_ctx); ret = setautomntent_recv(req); talloc_zfree(req); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("setautomntent_recv failed\n")); } else { DEBUG(SSSDBG_MINOR_FAILURE, ("No such map\n")); } goto done; } ret = get_autofs_map(actx, cmdctx->mapname, &map); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get map after setautomntent succeeded?\n")); goto done; } if (map->ready == false) { DEBUG(SSSDBG_CRIT_FAILURE, ("Map not ready after setautomntent succeeded\n")); goto done; } ret = getautomntbyname_process(cmdctx, map, cmdctx->key); done: autofs_cmd_done(cmdctx, ret); return; } static errno_t getautomntbyname_process(struct autofs_cmd_ctx *cmdctx, struct autofs_map_ctx *map, const char *key) { struct cli_ctx *client = cmdctx->cctx; errno_t ret; size_t i; const char *k; const char *value; size_t valuelen; size_t len; uint8_t *body; size_t blen, rp; /* create response packet */ ret = sss_packet_new(client->creq, 0, sss_packet_get_cmd(client->creq->in), &client->creq->out); if (ret != EOK) { return ret; } if (!map->map || !map->entries || !map->entries[0]) { DEBUG(SSSDBG_MINOR_FAILURE, ("No entries found\n")); ret = sss_cmd_empty_packet(client->creq->out); if (ret != EOK) { return autofs_cmd_done(cmdctx, ret); } goto done; } for (i=0; i < map->entry_count; i++) { k = ldb_msg_find_attr_as_string(map->entries[i], SYSDB_AUTOFS_ENTRY_KEY, NULL); if (!k) { DEBUG(SSSDBG_MINOR_FAILURE, ("Skipping incomplete entry\n")); continue; } if (strcmp(k, key) == 0) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Found key [%s]\n", key)); break; } } if (i >= map->entry_count) { DEBUG(SSSDBG_MINOR_FAILURE, ("No key named [%s] found\n", key)); ret = sss_cmd_empty_packet(client->creq->out); if (ret != EOK) { return autofs_cmd_done(cmdctx, ret); } goto done; } value = ldb_msg_find_attr_as_string(map->entries[i], SYSDB_AUTOFS_ENTRY_VALUE, NULL); valuelen = 1 + strlen(value); len = sizeof(uint32_t) + sizeof(uint32_t) + valuelen; ret = sss_packet_grow(client->creq->out, len); if (ret != EOK) { goto done; } sss_packet_get_body(client->creq->out, &body, &blen); rp = 0; SAFEALIGN_SET_UINT32(&body[rp], len, &rp); SAFEALIGN_SET_UINT32(&body[rp], valuelen, &rp); if (valuelen == 1) { body[rp] = '\0'; } else { memcpy(&body[rp], value, valuelen); } rp += valuelen; ret = EOK; done: sss_packet_set_error(client->creq->out, ret); sss_cmd_done(client, cmdctx); return EOK; } static int sss_autofs_cmd_endautomntent(struct cli_ctx *client) { errno_t ret; DEBUG(SSSDBG_TRACE_FUNC, ("endautomntent called\n")); /* create response packet */ ret = sss_packet_new(client->creq, 0, sss_packet_get_cmd(client->creq->in), &client->creq->out); if (ret != EOK) { return ret; } sss_cmd_done(client, NULL); return EOK; } struct cli_protocol_version *register_cli_protocol_version(void) { static struct cli_protocol_version autofs_cli_protocol_version[] = { { SSS_AUTOFS_PROTO_VERSION, NULL, NULL } }; return autofs_cli_protocol_version; } struct sss_cmd_table *get_autofs_cmds(void) { static struct sss_cmd_table autofs_cmds[] = { { SSS_GET_VERSION, sss_cmd_get_version }, { SSS_AUTOFS_SETAUTOMNTENT, sss_autofs_cmd_setautomntent }, { SSS_AUTOFS_GETAUTOMNTENT, sss_autofs_cmd_getautomntent }, { SSS_AUTOFS_GETAUTOMNTBYNAME, sss_autofs_cmd_getautomntbyname }, { SSS_AUTOFS_ENDAUTOMNTENT, sss_autofs_cmd_endautomntent }, { SSS_CLI_NULL, NULL} }; return autofs_cmds; } sssd-1.11.5/src/responder/PaxHeaders.13173/nss0000644000000000000000000000013212320753521017064 xustar000000000000000030 mtime=1396954961.764874869 30 atime=1396955003.534843847 30 ctime=1396954961.764874869 sssd-1.11.5/src/responder/nss/0000775002412700241270000000000012320753521017370 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/responder/nss/PaxHeaders.13173/nsssrv_services.c0000644000000000000000000000007412320753107022553 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.732874893 sssd-1.11.5/src/responder/nss/nsssrv_services.c0000664002412700241270000015437012320753107023007 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "responder/nss/nsssrv.h" #include "responder/nss/nsssrv_private.h" #include "responder/nss/nsssrv_services.h" #include "responder/common/negcache.h" #include "confdb/confdb.h" #include "db/sysdb.h" #include "db/sysdb_services.h" struct getserv_ctx { uint16_t port; struct tevent_context *ev; struct nss_dom_ctx *dctx; struct sss_domain_info **domains; size_t dom_idx; char *name; char *cased_name; char *proto; char *cased_proto; struct ldb_result *res; }; static errno_t lookup_service_step(struct tevent_req *req); static void lookup_service_done(struct tevent_req *req); #define SVC_NAME_CASED (dom->case_sensitive ? state->name \ : state->cased_name) #define SVC_PROTO_CASED (dom->case_sensitive ? state->proto \ : state->cased_proto) /* Provider Lookup Logic: * Iterate through the available caches. If the cached entry is * present and not expired, return it immediately(*). If it is * present and expired, add it to a list of domains eligible to * be checked. If it is in the negative cache, skip over it and * do not add it to the eligible domain list. * * Once we have searched all of the caches, if the entry has not * been determined to be available, search all domains in order * to see if any of them contain the requested entry. * * (*) Optionally perform a midpoint cache refresh if appropriate. */ static struct tevent_req * getserv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, uint16_t port, const char *service_name, const char *service_protocol, struct nss_dom_ctx *dctx) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct getserv_ctx *state; struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct cli_ctx *cctx = cmdctx->cctx; struct sss_domain_info *dom; size_t num_domains = 0; size_t dom_idx = 0; struct nss_ctx *nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); struct sysdb_ctx *sysdb; time_t now = time(NULL); uint64_t lastUpdate; uint64_t cacheExpire; uint64_t midpoint_refresh; req = tevent_req_create(mem_ctx, &state, struct getserv_ctx); if (!req) return NULL; state->dctx = dctx; for (dom = cctx->rctx->domains; dom; dom = get_next_domain(dom, false)) { num_domains++; } /* Create an array of domains to check. To save resizes, we'll * assume that all will be checked */ state->domains = talloc_zero_array(state, struct sss_domain_info *, num_domains + 1); if (!state->domains) { ret = ENOMEM; goto immediate; } state->port = port; /* Store both the case-sensitive and lowercased names * in the state object, to avoid recalculating the * lowercase in multiple domains. */ if (service_protocol) { state->proto = talloc_strdup(state, service_protocol); if (!state->proto) { ret = ENOMEM; goto immediate; } state->cased_proto = sss_get_cased_name(state, service_protocol, false); if (!state->cased_proto) { ret = ENOMEM; goto immediate; } } else { state->proto = NULL; state->cased_proto = NULL; } /* If we're looking up by name */ if (service_name) { /* Store both the case-sensitive and lowercased names * in the state object, to avoid recalculating the * lowercase in multiple domains. */ state->name = talloc_strdup(state, service_name); if (!state->name) { ret = ENOMEM; goto immediate; } state->cased_name = sss_get_cased_name(state, service_name, false); if (!state->cased_name) { ret = ENOMEM; goto immediate; } } dom = cctx->rctx->domains; while(dom) { /* if it is a domainless search, skip domains that require fully * qualified names instead */ while (dom && cmdctx->check_next && dom->fqnames) { dom = get_next_domain(dom, false); } if (!dom) break; sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Critical: Sysdb CTX not found for [%s]!\n", dom->name)); ret = EINVAL; goto immediate; } /* If we're looking up by name */ if (service_name) { /* Check the negative cache */ ret = sss_ncache_check_service(nctx->ncache, nctx->neg_timeout, dom, SVC_NAME_CASED, SVC_PROTO_CASED); /* If negatively cached, return we didn't find it */ if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("Service [%s:%s] does not exist in [%s]! " "(negative cache)\n", SVC_NAME_CASED, SVC_PROTO_CASED ? SVC_PROTO_CASED : "", dom->name)); /* If this is a multi-domain search, try the next one */ if (cmdctx->check_next) { dom = get_next_domain(dom, false); } else { /* This was a single-domain search. * exit the loop. Since it was negatively- * cached, don't add it to the eligible * domains list. */ dom = NULL; } continue; } /* Check the cache */ DEBUG(SSSDBG_TRACE_FUNC, ("Checking cache for [%s:%s@%s]\n", SVC_NAME_CASED, SVC_PROTO_CASED ? SVC_PROTO_CASED : "", dom->name)); ret = sysdb_getservbyname(state, sysdb, dom, SVC_NAME_CASED, SVC_PROTO_CASED, &state->res); } else { /* Looking up by port */ /* Check the negative cache */ ret = sss_ncache_check_service_port(nctx->ncache, nctx->neg_timeout, dom, port, SVC_PROTO_CASED); /* If negatively cached, return we didn't find it */ if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("Service [%"PRIu16":%s] does not exist in [%s]! " "(negative cache)\n", port, SVC_PROTO_CASED ? SVC_PROTO_CASED : "", dom->name)); /* If this is a multi-domain search, try the next one */ if (cmdctx->check_next) { dom = get_next_domain(dom, false); } else { /* This was a single-domain search. * exit the loop. Since it was negatively- * cached, don't add it to the eligible * domains list. */ dom = NULL; } continue; } /* Check the cache */ DEBUG(SSSDBG_TRACE_FUNC, ("Checking cache for [%"PRIu16":%s@%s]\n", port, SVC_PROTO_CASED ? SVC_PROTO_CASED : "", dom->name)); ret = sysdb_getservbyport(state, sysdb, dom, port, SVC_PROTO_CASED, &state->res); } if (ret != EOK && ret != ENOENT) goto immediate; if (ret == ENOENT) { /* Not found in the cache. Add this domain to the * list of eligible domains to check the provider. */ if (NEED_CHECK_PROVIDER(dom->provider)) { state->domains[dom_idx] = dom; dom_idx++; } else { /* No provider to check. Set the negative cache here */ if (state->name) { ret = sss_ncache_set_service_name(nctx->ncache, false, dom, SVC_NAME_CASED, SVC_PROTO_CASED); if (ret != EOK) { /* Failure to set the negative cache is non-fatal. * We'll log an error and continue. */ DEBUG(SSSDBG_MINOR_FAILURE, ("Could not set negative cache for [%s][%s]\n", SVC_NAME_CASED, SVC_PROTO_CASED)); } } else { ret = sss_ncache_set_service_port(nctx->ncache, false, dom, state->port, SVC_PROTO_CASED); if (ret != EOK) { /* Failure to set the negative cache is non-fatal. * We'll log an error and continue. */ DEBUG(SSSDBG_MINOR_FAILURE, ("Could not set negative cache for " "[%"PRIu16"][%s]\n", state->port, SVC_PROTO_CASED)); } } } /* If this is a multi-domain search, try the next one */ if (cmdctx->check_next) { dom = get_next_domain(dom, false); } else { /* This was a single-domain search. * exit the loop. */ dom = NULL; } continue; } /* Found a result. Check its validity */ if (state->res->count > 1) { DEBUG(SSSDBG_OP_FAILURE, ("getservby* returned more than one result!\n")); ret = ENOENT; goto immediate; } lastUpdate = ldb_msg_find_attr_as_uint64(state->res->msgs[0], SYSDB_LAST_UPDATE, 0); cacheExpire = ldb_msg_find_attr_as_uint64(state->res->msgs[0], SYSDB_CACHE_EXPIRE, 0); midpoint_refresh = 0; if(nctx->cache_refresh_percent) { midpoint_refresh = lastUpdate + (cacheExpire - lastUpdate)*nctx->cache_refresh_percent/100.0; if (midpoint_refresh - lastUpdate < 10) { /* If the percentage results in an expiration * less than ten seconds after the lastUpdate time, * that's too often we will simply set it to 10s */ midpoint_refresh = lastUpdate+10; } } if (cacheExpire > now) { /* cache still valid */ if (NEED_CHECK_PROVIDER(dom->provider) && midpoint_refresh && midpoint_refresh < now) { /* We're past the cache refresh timeout * We'll return the value from the cache, but we'll also * queue the cache entry for update out-of-band. */ DEBUG(SSSDBG_TRACE_FUNC, ("Performing midpoint cache update\n")); /* Update the cache */ subreq = sss_dp_get_account_send(cctx, cctx->rctx, dom, true, SSS_DP_SERVICES, SVC_NAME_CASED, port, NULL); if (!subreq) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory sending out-of-band data provider " "request\n")); /* This is non-fatal, so we'll continue here */ } /* We don't need to listen for a reply, so we will free the * request here. */ talloc_zfree(subreq); } /* The cache is valid. Return it */ ret = EOK; goto immediate; } else { /* Cache is expired. Add this domain to the * list of eligible domains to check the provider. */ if (NEED_CHECK_PROVIDER(dom->provider)) { state->domains[dom_idx] = dom; dom_idx++; } /* If this is a multi-domain search, try the next one */ if (cmdctx->check_next) { dom = get_next_domain(dom, false); } else { /* This was a single-domain search. * exit the loop. */ dom = NULL; } } } /* No valid cached entries found and * not found in negative caches. * Iterate through the domains and try * to look the data up. */ state->dom_idx = 0; if (!state->domains[state->dom_idx]) { /* No domains to search. Return ENOENT */ ret = ENOENT; goto immediate; } ret = lookup_service_step(req); if (ret != EOK) goto immediate; return req; immediate: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t lookup_service_step(struct tevent_req *req) { struct getserv_ctx *state = tevent_req_data(req, struct getserv_ctx); struct tevent_req *subreq; struct cli_ctx *cctx = state->dctx->cmdctx->cctx; struct sss_domain_info *dom = state->domains[state->dom_idx]; /* Update the cache */ subreq = sss_dp_get_account_send(req, cctx->rctx, dom, true, SSS_DP_SERVICES, SVC_NAME_CASED, state->port, SVC_PROTO_CASED); if (!subreq) return ENOMEM; tevent_req_set_callback(subreq, lookup_service_done, req); return EOK; } static void lookup_service_done(struct tevent_req *subreq) { errno_t ret; dbus_uint16_t err_maj; dbus_uint32_t err_min; char *err_msg; struct sysdb_ctx *sysdb; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct getserv_ctx *state = tevent_req_data(req, struct getserv_ctx); struct cli_ctx *cctx = state->dctx->cmdctx->cctx; struct nss_ctx *nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); struct sss_domain_info *dom = state->domains[state->dom_idx]; ret = sss_dp_get_account_recv(state, subreq, &err_maj, &err_min, &err_msg); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to get information from Data Provider\n" "dp_error: [%u], errno: [%u], error_msg: [%s]\n" "Will try to return what we have in cache\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg ? err_msg : "none")); } /* Recheck the cache after the lookup. * We can ignore the expiration values here, because * either we have just updated it or the provider is * offline. Either way, whatever is in the cache should * be returned, if it exists. Otherwise, move to the * next provider. */ sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Critical: Sysdb CTX not found for [%s]!\n", dom->name)); ret = EINVAL; goto done; } if (state->name) { DEBUG(SSSDBG_TRACE_FUNC, ("Re-checking cache for [%s:%s@%s]\n", SVC_NAME_CASED, SVC_PROTO_CASED ? SVC_PROTO_CASED : "", dom->name)); ret = sysdb_getservbyname(state, sysdb, dom, SVC_NAME_CASED, SVC_PROTO_CASED, &state->res); } else { DEBUG(SSSDBG_TRACE_FUNC, ("Re-checking cache for [%"PRIu16":%s@%s]\n", state->port, SVC_PROTO_CASED ? SVC_PROTO_CASED : "", dom->name)); ret = sysdb_getservbyport(state, sysdb, dom, state->port, SVC_PROTO_CASED, &state->res); } if (ret == ENOENT) { /* Nothing in the cache. * Set the negative cache */ if (state->name) { ret = sss_ncache_set_service_name(nctx->ncache, false, dom, SVC_NAME_CASED, SVC_PROTO_CASED); if (ret != EOK) { /* Failure to set the negative cache is non-fatal. * We'll log an error and continue. */ DEBUG(SSSDBG_MINOR_FAILURE, ("Could not set negative cache for [%s][%s]\n", SVC_NAME_CASED, SVC_PROTO_CASED)); } } else { ret = sss_ncache_set_service_port(nctx->ncache, false, dom, state->port, SVC_PROTO_CASED); if (ret != EOK) { /* Failure to set the negative cache is non-fatal. * We'll log an error and continue. */ DEBUG(SSSDBG_MINOR_FAILURE, ("Could not set negative cache for [%"PRIu16"][%s]\n", state->port, SVC_PROTO_CASED)); } } /* Need to check other domains */ state->dom_idx++; if (!state->domains[state->dom_idx]) { /* No more domains to search. Return ENOENT */ ret = ENOENT; goto done; } ret = lookup_service_step(req); if (ret != EOK) goto done; /* Set EAGAIN so we will re-enter the mainloop */ ret = EAGAIN; } done: if (ret == EOK) { /* Cache contained results. Return them */ tevent_req_done(req); } else if (ret != EAGAIN) { /* An error occurred, fail the request */ tevent_req_error(req, ret); } /* ret == EAGAIN: Reenter mainloop */ return; } static errno_t getserv_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct ldb_result **_res) { struct getserv_ctx *state = tevent_req_data(req, struct getserv_ctx); TEVENT_REQ_RETURN_ON_ERROR(req); *_res = talloc_steal(mem_ctx, state->res); return EOK; } static errno_t fill_service(struct sss_packet *packet, struct sss_domain_info *dom, const char *protocol, struct ldb_message **msgs, unsigned int *count) { errno_t ret; unsigned int msg_count = *count; size_t rzero, rsize, aptr; unsigned int num = 0; unsigned int i, j; uint32_t num_aliases, written_aliases; struct ldb_message *msg; struct ldb_message_element *el; TALLOC_CTX *tmp_ctx = NULL; const char *orig_name; const char *orig_proto; struct sized_string cased_name; struct sized_string cased_proto; uint16_t port; char *tmpstr; uint8_t *body; size_t blen; struct sized_string alias; /* FIXME: Should we account for fully-qualified * service names? */ /* first 2 fields (len and reserved), filled up later */ ret = sss_packet_grow(packet, 2 * sizeof(uint32_t)); if (ret != EOK) goto done; rzero = 2 * sizeof(uint32_t); rsize = 0; for (i = 0; i < msg_count; i++) { talloc_zfree(tmp_ctx); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; msg = msgs[i]; /* new service */ if (!ldb_msg_check_string_attribute(msg, "objectClass", SYSDB_SVC_CLASS)) { DEBUG(1, ("Wrong object (%s) found on stack!\n", ldb_dn_get_linearized(msg->dn))); continue; } /* new result starts at end of previous result */ rzero += rsize; rsize = 0; /* Get the service name */ orig_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); tmpstr = sss_get_cased_name(tmp_ctx, orig_name, dom->case_sensitive); if (tmpstr == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not identify service name, skipping\n")); continue; } to_sized_string(&cased_name, tmpstr); /* Get the port */ port = (uint16_t) ldb_msg_find_attr_as_uint(msg, SYSDB_SVC_PORT, 0); if (!port) { DEBUG(SSSDBG_CRIT_FAILURE, ("No port for service [%s]. Skipping\n", tmpstr)); } /* Get the service protocol. * Use the requested protocol if present, * otherwise take the first protocol returned * by the sysdb. * If more than one is available, select the * first in the message. */ if (protocol) { orig_proto = protocol; } else { el = ldb_msg_find_element(msg, SYSDB_SVC_PROTO); if (el->num_values == 0) { ret = EINVAL; num = 0; goto done; } orig_proto = (const char *)el->values[0].data; } tmpstr = sss_get_cased_name(tmp_ctx, orig_proto, dom->case_sensitive); if (tmpstr == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_get_cased_name failed, skipping\n")); continue; } to_sized_string(&cased_proto, tmpstr); ret = sss_packet_grow(packet, 2 * sizeof(uint16_t) + sizeof(uint32_t) + cased_name.len + cased_proto.len); if (ret != EOK) { num = 0; goto done; } sss_packet_get_body(packet, &body, &blen); /* Store the port number */ SAFEALIGN_SET_UINT32(&body[rzero + rsize], (uint32_t)htons(port), &rsize); /* Get the aliases */ el = ldb_msg_find_element(msg, SYSDB_NAME_ALIAS); if (!el) { /* No aliases for this user */ num_aliases = 0; } else { num_aliases = el->num_values; } /* We'll store the alias count here */ aptr = rzero+rsize; rsize += sizeof(uint32_t); /* Store the primary name */ safealign_memcpy(&body[rzero + rsize], cased_name.str, cased_name.len, &rsize); /* Store the protocol */ safealign_memcpy(&body[rzero + rsize], cased_proto.str, cased_proto.len, &rsize); written_aliases = 0; for (j = 0; j < num_aliases; j++) { if (sss_string_equal(dom->case_sensitive, (const char *)el->values[j].data, cased_name.str)) { continue; } to_sized_string(&alias, (const char *)el->values[j].data); ret = sss_packet_grow(packet, alias.len); if (ret != EOK) { num = 0; goto done; } sss_packet_get_body(packet, &body, &blen); /* Store the alias */ safealign_memcpy(&body[rzero + rsize], alias.str, alias.len, &rsize); written_aliases++; talloc_zfree(tmpstr); } /* We must not advance rsize here, the data has already been * allocated and skipped earlier when aptr was assigned to. */ SAFEALIGN_SET_UINT32(&body[aptr], written_aliases, NULL); num++; } ret = EOK; done: talloc_free(tmp_ctx); if (ret != EOK ||num == 0) { /* if num is 0 most probably something went wrong, * reset packet and return ENOENT */ sss_packet_set_size(packet, 0); return ENOENT; } ((uint32_t *)body)[0] = num; /* num results */ ((uint32_t *)body)[1] = 0; /* reserved */ return ret; } /***************** * getservbyname * *****************/ errno_t parse_getservbyname(TALLOC_CTX *mem_ctx, uint8_t *body, size_t blen, struct sss_domain_info *domains, char *default_domain, char **domain_name, char **service_name, char **service_protocol); static void nss_cmd_getserv_done(struct tevent_req *req); int nss_cmd_getservbyname(struct cli_ctx *cctx) { errno_t ret; struct nss_cmd_ctx *cmdctx; struct nss_dom_ctx *dctx; char *domname; char *service_name; char *service_protocol; uint8_t *body; size_t blen; struct tevent_req *req; cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) return ENOMEM; cmdctx->cctx = cctx; dctx = talloc_zero(cmdctx, struct nss_dom_ctx); if (!dctx) { ret = ENOMEM; goto done; } dctx->cmdctx = cmdctx; /* get service name and protocol */ sss_packet_get_body(cctx->creq->in, &body, &blen); /* if not terminated fail */ if (body[blen -1] != '\0') { ret = EINVAL; goto done; } ret = parse_getservbyname(cmdctx, body, blen, cctx->rctx->domains, cctx->rctx->default_domain, &domname, &service_name, &service_protocol); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not parse request\n")); goto done; } dctx->protocol = service_protocol; DEBUG(SSSDBG_TRACE_FUNC, ("Requesting info for service [%s:%s] from [%s]\n", service_name, service_protocol ? service_protocol : "", domname ? domname : "")); if (domname) { dctx->domain = responder_get_domain(cctx->rctx, domname); if (!dctx->domain) { ret = ENOENT; goto done; } } else { /* this is a multidomain search */ dctx->domain = cctx->rctx->domains; cmdctx->check_next = true; } /* Identify if this backend requires a provider check */ dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); /* Ok, find it! */ req = getserv_send(cmdctx, cctx->ev, 0, service_name, service_protocol, dctx); if (!req) { ret = ENOMEM; goto done; } tevent_req_set_callback(req, nss_cmd_getserv_done, dctx); done: return nss_cmd_done(cmdctx, ret); } errno_t parse_getservbyname(TALLOC_CTX *mem_ctx, uint8_t *body, size_t blen, struct sss_domain_info *domains, char *default_domain, char **domain_name, char **service_name, char **service_protocol) { errno_t ret; size_t i, j, namelen; char *rawname; char *domname; char *svc_name; char *protocol; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; /* The raw name is at most one character shorter * than the body length (if the protocol wasn't * specified). Since this is a common case, we'll * just assume the maximum memory size for the * rawname. */ rawname = talloc_array(tmp_ctx, char, blen - 1); if (!rawname) { ret = ENOMEM; goto done; } i = j = 0; /* Copy in the service name */ while (body[i] && i < (blen - 1)) { rawname[j] = body[i]; i++; j++; } if (body[i] != '\0') { /* blen - 1 was reached without hitting * a NULL-terminator. No protocol field * is possible. */ ret = EINVAL; goto done; } rawname[j] = '\0'; i++; namelen = i; j = 0; /* Copy in the protocol */ if (body[i] == '\0') { /* Zero-length protocol * Just set the protocol to NULL */ protocol = NULL; } else { /* The protocol must be no longer than the remaining * body space, after the name was copied. */ protocol = talloc_array(tmp_ctx, char, blen - i); if (!protocol) { ret = ENOMEM; goto done; } while (body[i] && i < blen) { protocol[j] = body[i]; i++; j++; } if (body[i] != '\0') { /* blen was reached without hitting * a NULL-terminator. */ ret = EINVAL; goto done; } protocol[j] = '\0'; if (j != blen - namelen - 1) { DEBUG(SSSDBG_MINOR_FAILURE, ("Body longer than the name and protocol\n")); ret = EINVAL; goto done; } } ret = sss_parse_name_for_domains(tmp_ctx, domains, default_domain, rawname, &domname, &svc_name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not split name and domain of [%s]\n", rawname)); goto done; } *domain_name = talloc_steal(mem_ctx, domname); *service_name = talloc_steal(mem_ctx, svc_name); *service_protocol = talloc_steal(mem_ctx, protocol); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static void nss_cmd_getserv_done(struct tevent_req *req) { errno_t ret, reqret; unsigned int i; struct nss_dom_ctx *dctx = tevent_req_callback_data(req, struct nss_dom_ctx); struct nss_cmd_ctx *cmdctx = dctx->cmdctx; reqret = getserv_recv(dctx, req, &dctx->res); talloc_zfree(req); if (reqret != EOK && reqret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("getservbyname failed\n")); nss_cmd_done(cmdctx, reqret); return; } /* Either we succeeded or no domains were eligible */ ret = sss_packet_new(cmdctx->cctx->creq, 0, sss_packet_get_cmd(cmdctx->cctx->creq->in), &cmdctx->cctx->creq->out); if (ret == EOK) { if (reqret == ENOENT) { /* Notify the caller that this entry wasn't found */ ret = sss_cmd_empty_packet(cmdctx->cctx->creq->out); } else { i = dctx->res->count; ret = fill_service(cmdctx->cctx->creq->out, dctx->domain, dctx->protocol, dctx->res->msgs, &i); } if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not create response packet: [%s]\n", strerror(ret))); } sss_cmd_done(cmdctx->cctx, cmdctx); return; } DEBUG(SSSDBG_OP_FAILURE, ("Error creating packet\n")); } errno_t parse_getservbyport(TALLOC_CTX *mem_ctx, uint8_t *body, size_t blen, uint16_t *service_port, char **service_protocol) { errno_t ret; size_t i, j; size_t port_and_padding_len; uint16_t c, port; char *protocol; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; /* Copy in the port */ SAFEALIGN_COPY_UINT16(&c, body, NULL); port = ntohs(c); port_and_padding_len = 2 * sizeof(uint16_t) + sizeof(uint32_t); i = port_and_padding_len; j = 0; /* Copy in the protocol */ if (body[i] == '\0') { /* Zero-length protocol * Just set the protocol to NULL */ protocol = NULL; } else { /* The protocol must be no longer than the remaining * body space. */ protocol = talloc_array(tmp_ctx, char, blen - i); if (!protocol) { ret = ENOMEM; goto done; } while (body[i] && i < blen) { protocol[j] = body[i]; i++; j++; } if (body[i] != '\0') { /* blen was reached without hitting * a NULL-terminator. */ ret = EINVAL; goto done; } protocol[j] = '\0'; if (j != blen - port_and_padding_len - 1) { DEBUG(SSSDBG_MINOR_FAILURE, ("Body longer than the name and protocol\n")); ret = EINVAL; goto done; } } *service_port = port; *service_protocol = talloc_steal(mem_ctx, protocol); ret = EOK; done: talloc_free(tmp_ctx); return ret; } /***************** * getservbyport * *****************/ int nss_cmd_getservbyport(struct cli_ctx *cctx) { errno_t ret; struct nss_cmd_ctx *cmdctx; struct nss_dom_ctx *dctx; uint16_t port; char *service_protocol; uint8_t *body; size_t blen; struct tevent_req *req; cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) return ENOMEM; cmdctx->cctx = cctx; dctx = talloc_zero(cmdctx, struct nss_dom_ctx); if (!dctx) { ret = ENOMEM; goto done; } dctx->cmdctx = cmdctx; /* get service port and protocol */ sss_packet_get_body(cctx->creq->in, &body, &blen); /* if not terminated fail */ if (body[blen -1] != '\0') { ret = EINVAL; goto done; } ret = parse_getservbyport(cmdctx, body, blen, &port, &service_protocol); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not parse request\n")); goto done; } dctx->protocol = service_protocol; DEBUG(SSSDBG_TRACE_FUNC, ("Requesting info for service on port [%"PRIu16"/%s]\n", port, service_protocol ? service_protocol : "")); /* All port lookups are multidomain searches */ dctx->domain = cctx->rctx->domains; cmdctx->check_next = true; /* Identify if this backend requires a provider check */ dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); /* Ok, find it! */ req = getserv_send(cmdctx, cctx->ev, port, NULL, service_protocol, dctx); if (!req) { ret = ENOMEM; goto done; } tevent_req_set_callback(req, nss_cmd_getserv_done, dctx); done: return nss_cmd_done(cmdctx, ret); } struct setservent_ctx { struct cli_ctx *cctx; struct nss_ctx *nctx; struct nss_dom_ctx *dctx; struct getent_ctx *getent_ctx; }; static errno_t setservent_step(struct setent_step_ctx *step_ctx); static void setservent_step_done(struct tevent_req *req); static struct tevent_req * lookup_servent_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_domain_info *dom); static struct tevent_req * setservent_send(TALLOC_CTX *mem_ctx, struct cli_ctx *cctx) { errno_t ret; unsigned int num_domains; struct tevent_req *req; struct setservent_ctx *state; struct sss_domain_info *dom; struct setent_step_ctx *step_ctx; struct nss_ctx *nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); DEBUG(SSSDBG_TRACE_FUNC, ("Received setservent request\n")); /* Reset the read pointers */ cctx->svc_dom_idx = 0; cctx->svcent_cur = 0; req = tevent_req_create(mem_ctx, &state, struct setservent_ctx); if (!req) return NULL; state->nctx = nctx; state->cctx = cctx; state->dctx = talloc_zero(state, struct nss_dom_ctx); if (!state->dctx) { ret = ENOMEM; goto immediate; } state->dctx->domain = cctx->rctx->domains; /* Is the result context already available */ if (state->nctx->svcctx) { if (state->nctx->svcctx->ready) { /* All of the necessary data is in place * We can return now, getservent requests will work at this point */ ret = EOK; goto immediate; } else { /* Object is still being constructed * Register for notification when it's * ready. */ ret = nss_setent_add_ref(state, state->nctx->svcctx, req); if (ret != EOK) goto immediate; } return req; } /* Create a new result context * We are creating it on the nss_ctx so that it doesn't * go away if the original request does. We will delete * it when the refcount goes to zero; */ state->nctx->svcctx = talloc_zero(nctx, struct getent_ctx); if (!state->nctx->svcctx) { ret = ENOMEM; goto immediate; } state->getent_ctx = nctx->svcctx; /* Assume that all domains will have results (to avoid having * to reallocate later */ num_domains = 0; for (dom = state->cctx->rctx->domains; dom; dom = get_next_domain(dom, false)) { num_domains++; } state->nctx->svcctx->doms = talloc_zero_array(state->nctx->svcctx, struct dom_ctx, num_domains); if (!state->nctx->svcctx->doms) { ret = ENOMEM; goto immediate; } /* Add a callback reference for ourselves */ ret = nss_setent_add_ref(state, state->nctx->svcctx, req); if (ret != EOK) { goto immediate; } /* ok, start the searches */ step_ctx = talloc_zero(state->getent_ctx, struct setent_step_ctx); if (!step_ctx) { ret = ENOMEM; goto immediate; } /* Steal the dom_ctx onto the step_ctx so it doesn't go out of scope if * this request is canceled while other requests are in-progress. */ step_ctx->dctx = talloc_steal(step_ctx, state->dctx); step_ctx->nctx = state->nctx; step_ctx->getent_ctx = state->getent_ctx; step_ctx->rctx = cctx->rctx; step_ctx->cctx = cctx; step_ctx->returned_to_mainloop = false; while (step_ctx->dctx->domain) { /* There are more domains to check */ ret = setservent_step(step_ctx); if (ret == EOK) { /* Re-enter the mainloop */ return req; } DEBUG(SSSDBG_CRIT_FAILURE, ("Error [%s] requesting info from domain [%s]. Skipping.\n", strerror(ret), step_ctx->dctx->domain->name)); step_ctx->dctx->domain = get_next_domain(step_ctx->dctx->domain, false); } /* All domains failed */ ret = EIO; immediate: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, cctx->rctx->ev); return req; } static errno_t setservent_step(struct setent_step_ctx *step_ctx) { struct tevent_req *req; req = lookup_servent_send(step_ctx, step_ctx->rctx, step_ctx->dctx->domain); if (!req) { return ENOMEM; } tevent_req_set_callback(req, setservent_step_done, step_ctx); return EOK; } struct lookup_servent_ctx { struct resp_ctx *rctx; struct sss_domain_info *dom; struct ldb_result *res; }; static void lookup_servent_done(struct tevent_req *subreq); static void setservent_finalize(struct setent_step_ctx *step_ctx); static struct tevent_req * lookup_servent_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_domain_info *dom) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct lookup_servent_ctx *state; struct sysdb_ctx *sysdb; req = tevent_req_create(mem_ctx, &state, struct lookup_servent_ctx); if (!req) return NULL; state->rctx = rctx; state->dom = dom; if (!dom->enumerate) { ret = ENOENT; goto immediate; } if (!(NEED_CHECK_PROVIDER(dom->name))) { /* No provider check required. Just ask the * sysdb. */ sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Sysdb CTX not found for [%s]!\n", dom->name)); ret = EINVAL; goto immediate; } ret = sysdb_enumservent(state, sysdb, dom, &state->res); /* Whatever the result, we're done, so report it */ goto immediate; } /* We need to ask the provider for an enumeration */ /* Update the cache */ subreq = sss_dp_get_account_send(req, rctx, state->dom, true, SSS_DP_SERVICES, NULL, 0, NULL); if (!subreq) { ret = ENOMEM; goto immediate; } tevent_req_set_callback(subreq, lookup_servent_done, req); return req; immediate: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ENOENT); } tevent_req_post(req, rctx->ev); return req; } static void lookup_servent_done(struct tevent_req *subreq) { errno_t ret; dbus_uint16_t dp_err; dbus_uint32_t dp_ret; char *err_msg; struct sysdb_ctx *sysdb; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct lookup_servent_ctx *state = tevent_req_data(req, struct lookup_servent_ctx); ret = sss_dp_get_account_recv(state, subreq, &dp_err, &dp_ret, &err_msg); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to get information from Data Provider\n" "dp_error: [%u], errno: [%u], error_msg: [%s]\n" "Will try to return what we have in cache\n", (unsigned int)dp_err, (unsigned int)dp_ret, err_msg ? err_msg : "none")); } /* Check the cache now */ sysdb = state->dom->sysdb; if (sysdb == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Sysdb CTX not found for [%s]!\n", state->dom->name)); ret = EINVAL; goto done; } ret = sysdb_enumservent(state, sysdb, state->dom, &state->res); /* Whatever the result, we're done, so report it */ done: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } static errno_t lookup_servent_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct ldb_result **res) { struct lookup_servent_ctx *state = tevent_req_data(req, struct lookup_servent_ctx); TEVENT_REQ_RETURN_ON_ERROR(req); *res = talloc_steal(mem_ctx, state->res); return EOK; } static void setservent_step_done(struct tevent_req *req) { errno_t ret; struct ldb_result *res = NULL; struct setent_step_ctx *step_ctx = tevent_req_callback_data(req, struct setent_step_ctx); struct nss_dom_ctx *dctx = step_ctx->dctx; struct getent_ctx *svcctx = step_ctx->getent_ctx; ret = lookup_servent_recv(step_ctx, req, &res); talloc_zfree(req); if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("Domain [%s] returned no results\n", dctx->domain->name)); } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error [%s] while retrieving info from domain [%s]. " "Skipping.\n", strerror(ret), dctx->domain->name)); /* Continue on */ } else { /* Got some results * Add the retrieved results to the list */ svcctx->doms[svcctx->num].domain = dctx->domain; svcctx->doms[svcctx->num].res = talloc_steal(svcctx->doms, res); svcctx->num++; } step_ctx->dctx->domain = get_next_domain(step_ctx->dctx->domain, false); while (step_ctx->dctx->domain) { /* There are more domains to check */ ret = setservent_step(step_ctx); if (ret == EOK) { /* Re-enter the mainloop */ return; } DEBUG(SSSDBG_CRIT_FAILURE, ("Error [%s] requesting info from domain [%s]. Skipping.\n", strerror(ret), step_ctx->dctx->domain->name)); step_ctx->dctx->domain = get_next_domain(step_ctx->dctx->domain, false); } /* All domains have been checked */ setservent_finalize(step_ctx); } static void setservent_result_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt); static void setservent_finalize(struct setent_step_ctx *step_ctx) { struct nss_ctx *nctx = step_ctx->nctx; struct resp_ctx *rctx = step_ctx->rctx; struct timeval tv; struct tevent_timer *te; /* We've finished all our lookups * The result object is now safe to read. */ nctx->svcctx->ready = true; /* Set up a lifetime timer for this result object * We don't want this result object to outlive the * enum cache refresh timeout */ tv = tevent_timeval_current_ofs(nctx->enum_cache_timeout, 0); te = tevent_add_timer(rctx->ev, nctx->svcctx, tv, setservent_result_timeout, nctx); if (!te) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not set up life timer for setservent result object. " "Entries may become stale.\n")); } nss_setent_notify_done(nctx->svcctx); } static void setservent_result_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt) { struct nss_ctx *nctx = talloc_get_type(pvt, struct nss_ctx); DEBUG(SSSDBG_TRACE_FUNC, ("setservent result object has expired. Cleaning up.\n")); /* Free the service enumeration context. * If additional getservent requests come in, they will invoke * an implicit setservent and refresh the result object. */ talloc_zfree(nctx->svcctx); } static errno_t setservent_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void nss_cmd_setservent_done(struct tevent_req *req); int nss_cmd_setservent(struct cli_ctx *cctx) { struct nss_cmd_ctx *cmdctx; struct tevent_req *req; errno_t ret = EOK; cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = cctx; req = setservent_send(cmdctx, cctx); if (!req) { DEBUG(SSSDBG_CRIT_FAILURE, ("Fatal error calling nss_cmd_setservent_send\n")); ret = EIO; goto done; } tevent_req_set_callback(req, nss_cmd_setservent_done, cmdctx); done: return nss_cmd_done(cmdctx, ret); } static void nss_cmd_setservent_done(struct tevent_req *req) { errno_t ret; struct nss_cmd_ctx *cmdctx = tevent_req_callback_data(req, struct nss_cmd_ctx); ret = setservent_recv(req); talloc_zfree(req); if (ret == EOK || ret == ENOENT) { /* Either we succeeded or no domains * were eligible. * Return an acknowledgment */ ret = sss_packet_new(cmdctx->cctx->creq, 0, sss_packet_get_cmd(cmdctx->cctx->creq->in), &cmdctx->cctx->creq->out); if (ret == EOK) { sss_cmd_done(cmdctx->cctx, cmdctx); return; } } /* Something bad happened. * Return an error */ nss_cmd_done(cmdctx, ret); } static void nss_cmd_implicit_setservent_done(struct tevent_req *req); static errno_t nss_cmd_getservent_immediate(struct nss_cmd_ctx *cmdctx); static errno_t retservent(struct cli_ctx *cctx, int num); int nss_cmd_getservent(struct cli_ctx *cctx) { struct nss_ctx *nctx; struct nss_cmd_ctx *cmdctx; struct tevent_req *req; DEBUG(SSSDBG_TRACE_FUNC, ("Requesting info for all services\n")); cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = cctx; /* Save the current index and cursor locations * If we end up calling setservent implicitly, because the response object * expired and has to be recreated, we want to resume from the same * location. */ cmdctx->saved_dom_idx = cctx->svc_dom_idx; cmdctx->saved_cur = cctx->svcent_cur; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); if(!nctx->svcctx || !nctx->svcctx->ready) { /* Make sure we invoke setservent if it hasn't been run or is still * processing from another client */ req = setservent_send(cmdctx, cctx); if (!req) { return EIO; } tevent_req_set_callback(req, nss_cmd_implicit_setservent_done, cmdctx); return EOK; } return nss_cmd_getservent_immediate(cmdctx); } static void nss_cmd_implicit_setservent_done(struct tevent_req *req) { errno_t ret; struct nss_cmd_ctx *cmdctx = tevent_req_callback_data(req, struct nss_cmd_ctx); ret = setservent_recv(req); talloc_zfree(req); /* ENOENT is acceptable, as it just means that there were no entries * to be returned. This will be handled gracefully in retservent * later. */ if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Implicit setservent failed with unexpected error [%d][%s]\n", ret, strerror(ret))); NSS_CMD_FATAL_ERROR(cmdctx); } /* Restore the saved index and cursor locations */ cmdctx->cctx->svc_dom_idx = cmdctx->saved_dom_idx; cmdctx->cctx->svcent_cur = cmdctx->saved_cur; ret = nss_cmd_getservent_immediate(cmdctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Immediate retrieval failed with unexpected error " "[%d][%s]\n", ret, strerror(ret))); NSS_CMD_FATAL_ERROR(cmdctx); } } static errno_t nss_cmd_getservent_immediate(struct nss_cmd_ctx *cmdctx) { struct cli_ctx *cctx = cmdctx->cctx; uint8_t *body; size_t blen; uint32_t num; int ret; /* get max num of entries to return in one call */ sss_packet_get_body(cctx->creq->in, &body, &blen); if (blen != sizeof(uint32_t)) { return EINVAL; } num = *((uint32_t *)body); /* create response packet */ ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return ret; } ret = retservent(cctx, num); sss_packet_set_error(cctx->creq->out, ret); sss_cmd_done(cctx, cmdctx); return EOK; } static errno_t retservent(struct cli_ctx *cctx, int num) { struct nss_ctx *nctx; struct getent_ctx *svcctx; struct ldb_message **msgs = NULL; struct dom_ctx *pdom = NULL; unsigned int n = 0; int ret = ENOENT; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); if (!nctx->svcctx) goto none; svcctx = nctx->svcctx; while (ret == ENOENT) { if (cctx->svc_dom_idx >= svcctx->num) break; pdom = &svcctx->doms[cctx->svc_dom_idx]; n = pdom->res->count - cctx->svcent_cur; if (n <= 0 && (cctx->svc_dom_idx+1 < svcctx->num)) { cctx->svc_dom_idx++; pdom = &svcctx->doms[cctx->svc_dom_idx]; n = pdom->res->count; cctx->svcent_cur = 0; } if (!n) break; if (n > num) n = num; msgs = &(pdom->res->msgs[cctx->svcent_cur]); ret = fill_service(cctx->creq->out, pdom->domain, NULL, msgs, &n); cctx->svcent_cur += n; } none: if (ret == ENOENT) { ret = sss_cmd_empty_packet(cctx->creq->out); } return ret; } int nss_cmd_endservent(struct cli_ctx *cctx) { struct nss_ctx *nctx; int ret; DEBUG(SSSDBG_TRACE_FUNC, ("Terminating request info for all accounts\n")); nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); /* create response packet */ ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return ret; } if (nctx->svcctx == NULL) goto done; /* Reset the indices so that subsequent requests start at zero */ cctx->svc_dom_idx = 0; cctx->svcent_cur = 0; done: sss_cmd_done(cctx, NULL); return EOK; } sssd-1.11.5/src/responder/nss/PaxHeaders.13173/nsssrv_mmap_cache.c0000644000000000000000000000007412320753107023005 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.733874892 sssd-1.11.5/src/responder/nss/nsssrv_mmap_cache.c0000664002412700241270000011651312320753107023236 0ustar00jhrozekjhrozek00000000000000/* SSSD NSS Responder - Mmap Cache Copyright (C) Simo Sorce 2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "confdb/confdb.h" #include #include #include "util/mmap_cache.h" #include "responder/nss/nsssrv.h" #include "responder/nss/nsssrv_mmap_cache.h" /* arbitrary (avg of my /etc/passwd) */ #define SSS_AVG_PASSWD_PAYLOAD (MC_SLOT_SIZE * 4) /* short group name and no gids (private user group */ #define SSS_AVG_GROUP_PAYLOAD (MC_SLOT_SIZE * 3) #define MC_NEXT_BARRIER(val) ((((val) + 1) & 0x00ffffff) | 0xf0000000) #define MC_RAISE_BARRIER(m) do { \ m->b2 = MC_NEXT_BARRIER(m->b1); \ __sync_synchronize(); \ } while (0) #define MC_LOWER_BARRIER(m) do { \ __sync_synchronize(); \ m->b1 = m->b2; \ } while (0) #define MC_RAISE_INVALID_BARRIER(m) do { \ m->b2 = MC_INVALID_VAL; \ __sync_synchronize(); \ } while (0) struct sss_mc_ctx { char *name; /* mmap cache name */ enum sss_mc_type type; /* mmap cache type */ char *file; /* mmap cache file name */ int fd; /* file descriptor */ uint32_t seed; /* pseudo-random seed to avoid collision attacks */ time_t valid_time_slot; /* maximum time the entry is valid in seconds */ void *mmap_base; /* base address of mmap */ size_t mmap_size; /* total size of mmap */ uint32_t *hash_table; /* hash table address (in mmap) */ uint32_t ht_size; /* size of hash table */ uint8_t *free_table; /* free list bitmaps */ uint32_t ft_size; /* size of free table */ uint32_t next_slot; /* the next slot after last allocation */ uint8_t *data_table; /* data table address (in mmap) */ uint32_t dt_size; /* size of data table */ }; #define MC_FIND_BIT(base, num) \ uint32_t n = (num); \ uint8_t *b = (base) + n / 8; \ uint8_t c = 0x80 >> (n % 8); #define MC_SET_BIT(base, num) do { \ MC_FIND_BIT(base, num) \ *b |= c; \ } while (0) #define MC_CLEAR_BIT(base, num) do { \ MC_FIND_BIT(base, num) \ *b &= ~c; \ } while (0) #define MC_PROBE_BIT(base, num, used) do { \ MC_FIND_BIT(base, num) \ if (*b & c) used = true; \ else used = false; \ } while (0) /* This function will store corrupted memcache to disk for later * analysis. */ static void sss_mc_save_corrupted(struct sss_mc_ctx *mc_ctx) { int err; int fd = -1; ssize_t written = -1; char *file = NULL; TALLOC_CTX *tmp_ctx; if (mc_ctx == NULL) { DEBUG(SSSDBG_TRACE_FUNC, ("Cannot store uninitialized cache. Nothing to do.\n")); return; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory.\n")); return; } file = talloc_asprintf(tmp_ctx, "%s_%s", mc_ctx->file, "corrupted"); if (file == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory.\n")); goto done; } /* We will always store only the last problematic cache state */ fd = creat(file, 0600); if (fd == -1) { err = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to open file '%s' [%d]: %s\n", file, err, strerror(err))); goto done; } written = sss_atomic_write_s(fd, mc_ctx->mmap_base, mc_ctx->mmap_size); if (written != mc_ctx->mmap_size) { if (written == -1) { err = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("write() failed [%d]: %s\n", err, strerror(err))); } else { DEBUG(SSSDBG_CRIT_FAILURE, ("write() returned %zd (expected (%zd))\n", written, mc_ctx->mmap_size)); } goto done; } sss_log(SSS_LOG_NOTICE, "Stored copy of corrupted mmap cache in file '%s\n'", file); done: if (fd != -1) { close(fd); if (written == -1) { err = unlink(file); if (err != 0) { err = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to remove file '%s': %s.\n", file, strerror(err))); } } } talloc_free(tmp_ctx); } static uint32_t sss_mc_hash(struct sss_mc_ctx *mcc, const char *key, size_t len) { return murmurhash3(key, len, mcc->seed) % MC_HT_ELEMS(mcc->ht_size); } static void sss_mc_add_rec_to_chain(struct sss_mc_ctx *mcc, struct sss_mc_rec *rec, uint32_t hash) { struct sss_mc_rec *cur; uint32_t slot; if (hash > MC_HT_ELEMS(mcc->ht_size)) { /* Invalid hash. This should never happen, but better * return than trying to access out of bounds memory */ return; } slot = mcc->hash_table[hash]; if (slot == MC_INVALID_VAL) { /* no previous record/collision, just add to hash table */ mcc->hash_table[hash] = MC_PTR_TO_SLOT(mcc->data_table, rec); return; } do { if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache. Slot number too big.\n")); sss_mmap_cache_reset(mcc); return; } cur = MC_SLOT_TO_PTR(mcc->data_table, slot, struct sss_mc_rec); if (cur == rec) { /* rec already stored in hash chain */ return; } slot = cur->next; } while (slot != MC_INVALID_VAL); /* end of chain, append our record here */ /* changing a single uint32_t is atomic, so there is no * need to use barriers in this case */ cur->next = MC_PTR_TO_SLOT(mcc->data_table, rec); } static inline errno_t sss_mc_get_next_slot_with_hash(struct sss_mc_ctx *mcc, struct sss_mc_rec *start_rec, uint32_t hash, uint32_t *_slot) { struct sss_mc_rec *rec; uint32_t slot; slot = start_rec->next; while (slot != MC_INVALID_VAL) { if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache. Slot number too big.\n")); sss_mmap_cache_reset(mcc); return EINVAL; } rec = MC_SLOT_TO_PTR(mcc->data_table, slot, struct sss_mc_rec); if (rec->hash1 == hash || rec->hash2 == hash) { break; } slot = rec->next; } *_slot = slot; return EOK; } static errno_t sss_mc_rm_rec_from_chain(struct sss_mc_ctx *mcc, struct sss_mc_rec *rec, uint32_t hash) { struct sss_mc_rec *prev = NULL; struct sss_mc_rec *cur = NULL; uint32_t slot; if (hash > MC_HT_ELEMS(mcc->ht_size)) { if (hash == MC_INVALID_VAL) { /* This can happen if rec->hash1 and rec->hash2 was the same. */ return EOK; } /* The hash is invalid. */ return EINVAL; } slot = mcc->hash_table[hash]; if (slot == MC_INVALID_VAL) { /* record has already been removed. It may happen if rec->hash1 and * rec->has2 are the same. (It is not very likely). */ return EOK; } if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache. Slot number too big.\n")); sss_mmap_cache_reset(mcc); return EINVAL; } cur = MC_SLOT_TO_PTR(mcc->data_table, slot, struct sss_mc_rec); if (cur == rec) { /* rec->next can refer to record without matching hashes. * We need to skip this(those) records, because * mcc->hash_table[hash] have to refer to valid start of the chain. */ return sss_mc_get_next_slot_with_hash(mcc, rec, hash, &mcc->hash_table[hash]); } else { slot = cur->next; while (slot != MC_INVALID_VAL) { if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache. Slot number too big.\n")); sss_mmap_cache_reset(mcc); return EINVAL; } prev = cur; cur = MC_SLOT_TO_PTR(mcc->data_table, slot, struct sss_mc_rec); if (cur == rec) { /* changing a single uint32_t is atomic, so there is no * need to use barriers in this case. * * This situation is different to the removing record from * the beggining of the chain. The record have to only be * removed from chain, because this chain can be * subset or supperset of another chain and we don't want * to break another chains. */ prev->next = cur->next; slot = MC_INVALID_VAL; } else { slot = cur->next; } } } return EOK; } static void sss_mc_free_slots(struct sss_mc_ctx *mcc, struct sss_mc_rec *rec) { uint32_t slot; uint32_t num; uint32_t i; slot = MC_PTR_TO_SLOT(mcc->data_table, rec); num = MC_SIZE_TO_SLOTS(rec->len); for (i = 0; i < num; i++) { MC_CLEAR_BIT(mcc->free_table, slot + i); } } static void sss_mc_invalidate_rec(struct sss_mc_ctx *mcc, struct sss_mc_rec *rec) { errno_t ret; if (rec->b1 == MC_INVALID_VAL) { /* record already invalid */ return; } /* Remove from hash chains */ /* hash chain 1 */ ret = sss_mc_rm_rec_from_chain(mcc, rec, rec->hash1); if (ret != EOK) { return; } /* hash chain 2 */ ret = sss_mc_rm_rec_from_chain(mcc, rec, rec->hash2); if (ret != EOK) { return; } /* Clear from free_table */ sss_mc_free_slots(mcc, rec); /* Invalidate record fields */ MC_RAISE_INVALID_BARRIER(rec); memset(rec->data, MC_INVALID_VAL8, ((MC_SLOT_SIZE * MC_SIZE_TO_SLOTS(rec->len)) - sizeof(struct sss_mc_rec))); rec->len = MC_INVALID_VAL32; rec->expire = MC_INVALID_VAL64; rec->next = MC_INVALID_VAL32; rec->hash1 = MC_INVALID_VAL32; rec->hash2 = MC_INVALID_VAL32; MC_LOWER_BARRIER(rec); } static bool sss_mc_is_valid_rec(struct sss_mc_ctx *mcc, struct sss_mc_rec *rec) { struct sss_mc_rec *self; uint32_t slot; if (((uint8_t *)rec < mcc->data_table) || ((uint8_t *)rec > (mcc->data_table + mcc->dt_size - MC_SLOT_SIZE))) { return false; } if ((rec->b1 == MC_INVALID_VAL) || (rec->b1 != rec->b2)) { return false; } if (!MC_CHECK_RECORD_LENGTH(mcc, rec)) { return false; } if (rec->expire == MC_INVALID_VAL64) { return false; } /* rec->next can be invalid if there are no next records */ if (rec->hash1 == MC_INVALID_VAL32) { return false; } else { self = NULL; slot = mcc->hash_table[rec->hash1]; while (slot != MC_INVALID_VAL32 && self != rec) { if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache. Slot number too big.\n")); sss_mmap_cache_reset(mcc); return false; } self = MC_SLOT_TO_PTR(mcc->data_table, slot, struct sss_mc_rec); slot = self->next; } if (self != rec) { return false; } } if (rec->hash2 != MC_INVALID_VAL32) { self = NULL; slot = mcc->hash_table[rec->hash2]; while (slot != MC_INVALID_VAL32 && self != rec) { if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache. Slot number too big.\n")); sss_mmap_cache_reset(mcc); return false; } self = MC_SLOT_TO_PTR(mcc->data_table, slot, struct sss_mc_rec); slot = self->next; } if (self != rec) { return false; } } /* all tests passed */ return true; } /* FIXME: This is a very simplistic, inefficient, memory allocator, * it will just free the oldest entries regardless of expiration if it * cycled the whole freebits map and found no empty slot */ static errno_t sss_mc_find_free_slots(struct sss_mc_ctx *mcc, int num_slots, uint32_t *free_slot) { struct sss_mc_rec *rec; uint32_t tot_slots; uint32_t cur; uint32_t i; uint32_t t; bool used; tot_slots = mcc->ft_size * 8; /* Try to find a free slot w/o removing anything first */ /* FIXME: is it really worth it ? May be it is easier to * just recycle the next set of slots ? */ if ((mcc->next_slot + num_slots) > tot_slots) { cur = 0; } else { cur = mcc->next_slot; } /* search for enough (num_slots) consecutive zero bits, indicating * consecutive empty slots */ for (i = 0; i < mcc->ft_size; i++) { t = cur / 8; /* if all full in this byte skip directly to the next */ if (mcc->free_table[t] == 0xff) { cur = ((cur + 8) & ~7); if (cur >= tot_slots) { cur = 0; } continue; } /* at least one bit in this byte is marked as empty */ for (t = ((cur + 8) & ~7) ; cur < t; cur++) { MC_PROBE_BIT(mcc->free_table, cur, used); if (!used) break; } /* check if we have enough slots before hitting the table end */ if ((cur + num_slots) > tot_slots) { cur = 0; continue; } /* check if we have at least num_slots empty starting from the first * we found in the previous steps */ for (t = cur + num_slots; cur < t; cur++) { MC_PROBE_BIT(mcc->free_table, cur, used); if (used) break; } if (cur == t) { /* ok found num_slots consecutive free bits */ *free_slot = cur - num_slots; return EOK; } } /* no free slots found, free occupied slots after next_slot */ if ((mcc->next_slot + num_slots) > tot_slots) { cur = 0; } else { cur = mcc->next_slot; } for (i = 0; i < num_slots; i++) { MC_PROBE_BIT(mcc->free_table, cur + i, used); if (used) { /* the first used slot should be a record header, however we * carefully check it is a valid header and hardfail if not */ rec = MC_SLOT_TO_PTR(mcc->data_table, cur + i, struct sss_mc_rec); if (!sss_mc_is_valid_rec(mcc, rec)) { /* this is a fatal error, the caller should probaly just * invalidate the whole cache */ return EFAULT; } /* next loop skip the whole record */ i += MC_SIZE_TO_SLOTS(rec->len) - 1; /* finally invalidate record completely */ sss_mc_invalidate_rec(mcc, rec); } } mcc->next_slot = cur + num_slots; *free_slot = cur; return EOK; } static errno_t sss_mc_get_strs_offset(struct sss_mc_ctx *mcc, size_t *_offset) { switch (mcc->type) { case SSS_MC_PASSWD: *_offset = offsetof(struct sss_mc_pwd_data, strs); return EOK; case SSS_MC_GROUP: *_offset = offsetof(struct sss_mc_grp_data, strs); return EOK; default: DEBUG(SSSDBG_FATAL_FAILURE, ("Unknown memory cache type.\n")); return EINVAL; } } static errno_t sss_mc_get_strs_len(struct sss_mc_ctx *mcc, struct sss_mc_rec *rec, size_t *_len) { switch (mcc->type) { case SSS_MC_PASSWD: *_len = ((struct sss_mc_pwd_data *)&rec->data)->strs_len; return EOK; case SSS_MC_GROUP: *_len = ((struct sss_mc_grp_data *)&rec->data)->strs_len; return EOK; default: DEBUG(SSSDBG_FATAL_FAILURE, ("Unknown memory cache type.\n")); return EINVAL; } } static struct sss_mc_rec *sss_mc_find_record(struct sss_mc_ctx *mcc, struct sized_string *key) { struct sss_mc_rec *rec; uint32_t hash; uint32_t slot; rel_ptr_t name_ptr; char *t_key; size_t strs_offset; size_t strs_len; uint8_t *max_addr; errno_t ret; hash = sss_mc_hash(mcc, key->str, key->len); slot = mcc->hash_table[hash]; if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { return NULL; } /* Get max address of data table. */ max_addr = mcc->data_table + mcc->dt_size; ret = sss_mc_get_strs_offset(mcc, &strs_offset); if (ret != EOK) { return NULL; } while (slot != MC_INVALID_VAL) { if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache. Slot number too big.\n")); sss_mc_save_corrupted(mcc); sss_mmap_cache_reset(mcc); return NULL; } rec = MC_SLOT_TO_PTR(mcc->data_table, slot, struct sss_mc_rec); ret = sss_mc_get_strs_len(mcc, rec, &strs_len); if (ret != EOK) { return NULL; } name_ptr = *((rel_ptr_t *)rec->data); if (key->len > strs_len || (name_ptr + key->len) > (strs_offset + strs_len) || (uint8_t *)rec->data + strs_offset + strs_len > max_addr) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache. name_ptr value is %u.\n", name_ptr)); sss_mc_save_corrupted(mcc); sss_mmap_cache_reset(mcc); return NULL; } t_key = (char *)rec->data + name_ptr; if (strcmp(key->str, t_key) == 0) { break; } slot = rec->next; } if (slot == MC_INVALID_VAL) { return NULL; } return rec; } static errno_t sss_mc_get_record(struct sss_mc_ctx **_mcc, size_t rec_len, struct sized_string *key, struct sss_mc_rec **_rec) { struct sss_mc_ctx *mcc = *_mcc; struct sss_mc_rec *old_rec = NULL; struct sss_mc_rec *rec; int old_slots; int num_slots; uint32_t base_slot; errno_t ret; int i; num_slots = MC_SIZE_TO_SLOTS(rec_len); old_rec = sss_mc_find_record(mcc, key); if (old_rec) { old_slots = MC_SIZE_TO_SLOTS(old_rec->len); if (old_slots == num_slots) { *_rec = old_rec; return EOK; } /* slot size changed, invalidate record and fall through to get a * fully new record */ sss_mc_invalidate_rec(mcc, old_rec); } /* we are going to use more space, find enough free slots */ ret = sss_mc_find_free_slots(mcc, num_slots, &base_slot); if (ret != EOK) { if (ret == EFAULT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Fatal internal mmap cache error, invalidating cache!\n")); (void)sss_mmap_cache_reinit(talloc_parent(mcc), -1, -1, _mcc); } return ret; } rec = MC_SLOT_TO_PTR(mcc->data_table, base_slot, struct sss_mc_rec); /* mark as not valid yet */ MC_RAISE_INVALID_BARRIER(rec); rec->len = rec_len; rec->next = MC_INVALID_VAL; MC_LOWER_BARRIER(rec); /* and now mark slots as used */ for (i = 0; i < num_slots; i++) { MC_SET_BIT(mcc->free_table, base_slot + i); } *_rec = rec; return EOK; } static inline void sss_mmap_set_rec_header(struct sss_mc_ctx *mcc, struct sss_mc_rec *rec, size_t len, int ttl, const char *key1, size_t key1_len, const char *key2, size_t key2_len) { rec->len = len; rec->expire = time(NULL) + ttl; rec->hash1 = sss_mc_hash(mcc, key1, key1_len); rec->hash2 = sss_mc_hash(mcc, key2, key2_len); } static inline void sss_mmap_chain_in_rec(struct sss_mc_ctx *mcc, struct sss_mc_rec *rec) { /* name first */ sss_mc_add_rec_to_chain(mcc, rec, rec->hash1); /* then uid/gid */ sss_mc_add_rec_to_chain(mcc, rec, rec->hash2); } /*************************************************************************** * generic invalidation ***************************************************************************/ static errno_t sss_mmap_cache_invalidate(struct sss_mc_ctx *mcc, struct sized_string *key) { struct sss_mc_rec *rec; if (mcc == NULL) { /* cache not initialized ? */ return EINVAL; } rec = sss_mc_find_record(mcc, key); if (rec == NULL) { /* nothing to invalidate */ return ENOENT; } sss_mc_invalidate_rec(mcc, rec); return EOK; } /*************************************************************************** * passwd map ***************************************************************************/ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc, struct sized_string *name, struct sized_string *pw, uid_t uid, gid_t gid, struct sized_string *gecos, struct sized_string *homedir, struct sized_string *shell) { struct sss_mc_ctx *mcc = *_mcc; struct sss_mc_rec *rec; struct sss_mc_pwd_data *data; struct sized_string uidkey; char uidstr[11]; size_t data_len; size_t rec_len; size_t pos; int ret; if (mcc == NULL) { /* cache not initialized ? */ return EINVAL; } ret = snprintf(uidstr, 11, "%ld", (long)uid); if (ret > 10) { return EINVAL; } to_sized_string(&uidkey, uidstr); data_len = name->len + pw->len + gecos->len + homedir->len + shell->len; rec_len = sizeof(struct sss_mc_rec) + sizeof(struct sss_mc_pwd_data) + data_len; if (rec_len > mcc->dt_size) { return ENOMEM; } ret = sss_mc_get_record(_mcc, rec_len, name, &rec); if (ret != EOK) { return ret; } data = (struct sss_mc_pwd_data *)rec->data; pos = 0; MC_RAISE_BARRIER(rec); /* header */ sss_mmap_set_rec_header(mcc, rec, rec_len, mcc->valid_time_slot, name->str, name->len, uidkey.str, uidkey.len); /* passwd struct */ data->name = MC_PTR_DIFF(data->strs, data); data->uid = uid; data->gid = gid; data->strs_len = data_len; memcpy(&data->strs[pos], name->str, name->len); pos += name->len; memcpy(&data->strs[pos], pw->str, pw->len); pos += pw->len; memcpy(&data->strs[pos], gecos->str, gecos->len); pos += gecos->len; memcpy(&data->strs[pos], homedir->str, homedir->len); pos += homedir->len; memcpy(&data->strs[pos], shell->str, shell->len); pos += shell->len; MC_LOWER_BARRIER(rec); /* finally chain the rec in the hash table */ sss_mmap_chain_in_rec(mcc, rec); return EOK; } errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx *mcc, struct sized_string *name) { return sss_mmap_cache_invalidate(mcc, name); } errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid) { struct sss_mc_rec *rec; struct sss_mc_pwd_data *data; uint32_t hash; uint32_t slot; char *uidstr; errno_t ret; if (mcc == NULL) { /* cache not initialized ? */ return EINVAL; } uidstr = talloc_asprintf(NULL, "%ld", (long)uid); if (!uidstr) { return ENOMEM; } hash = sss_mc_hash(mcc, uidstr, strlen(uidstr) + 1); slot = mcc->hash_table[hash]; if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { ret = ENOENT; goto done; } while (slot != MC_INVALID_VAL) { if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache.\n")); sss_mc_save_corrupted(mcc); sss_mmap_cache_reset(mcc); ret = ENOENT; goto done; } rec = MC_SLOT_TO_PTR(mcc->data_table, slot, struct sss_mc_rec); data = (struct sss_mc_pwd_data *)(&rec->data); if (uid == data->uid) { break; } slot = rec->next; } if (slot == MC_INVALID_VAL) { ret = ENOENT; goto done; } sss_mc_invalidate_rec(mcc, rec); ret = EOK; done: talloc_zfree(uidstr); return ret; } /*************************************************************************** * group map ***************************************************************************/ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc, struct sized_string *name, struct sized_string *pw, gid_t gid, size_t memnum, char *membuf, size_t memsize) { struct sss_mc_ctx *mcc = *_mcc; struct sss_mc_rec *rec; struct sss_mc_grp_data *data; struct sized_string gidkey; char gidstr[11]; size_t data_len; size_t rec_len; size_t pos; int ret; if (mcc == NULL) { /* cache not initialized ? */ return EINVAL; } ret = snprintf(gidstr, 11, "%ld", (long)gid); if (ret > 10) { return EINVAL; } to_sized_string(&gidkey, gidstr); data_len = name->len + pw->len + memsize; rec_len = sizeof(struct sss_mc_rec) + sizeof(struct sss_mc_grp_data) + data_len; if (rec_len > mcc->dt_size) { return ENOMEM; } ret = sss_mc_get_record(_mcc, rec_len, name, &rec); if (ret != EOK) { return ret; } data = (struct sss_mc_grp_data *)rec->data; pos = 0; MC_RAISE_BARRIER(rec); /* header */ sss_mmap_set_rec_header(mcc, rec, rec_len, mcc->valid_time_slot, name->str, name->len, gidkey.str, gidkey.len); /* group struct */ data->name = MC_PTR_DIFF(data->strs, data); data->gid = gid; data->members = memnum; data->strs_len = data_len; memcpy(&data->strs[pos], name->str, name->len); pos += name->len; memcpy(&data->strs[pos], pw->str, pw->len); pos += pw->len; memcpy(&data->strs[pos], membuf, memsize); pos += memsize; MC_LOWER_BARRIER(rec); /* finally chain the rec in the hash table */ sss_mmap_chain_in_rec(mcc, rec); return EOK; } errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx *mcc, struct sized_string *name) { return sss_mmap_cache_invalidate(mcc, name); } errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid) { struct sss_mc_rec *rec; struct sss_mc_grp_data *data; uint32_t hash; uint32_t slot; char *gidstr; errno_t ret; if (mcc == NULL) { /* cache not initialized ? */ return EINVAL; } gidstr = talloc_asprintf(NULL, "%ld", (long)gid); if (!gidstr) { return ENOMEM; } hash = sss_mc_hash(mcc, gidstr, strlen(gidstr) + 1); slot = mcc->hash_table[hash]; if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { ret = ENOENT; goto done; } while (slot != MC_INVALID_VAL) { if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache.\n")); sss_mc_save_corrupted(mcc); sss_mmap_cache_reset(mcc); ret = ENOENT; goto done; } rec = MC_SLOT_TO_PTR(mcc->data_table, slot, struct sss_mc_rec); data = (struct sss_mc_grp_data *)(&rec->data); if (gid == data->gid) { break; } slot = rec->next; } if (slot == MC_INVALID_VAL) { ret = ENOENT; goto done; } sss_mc_invalidate_rec(mcc, rec); ret = EOK; done: talloc_zfree(gidstr); return ret; } /*************************************************************************** * initialization ***************************************************************************/ /* Copy of sss_mc_set_recycled is present in the src/tools/tools_mc_util.c. * If you modify this function, you should modify the duplicated function * too. */ static errno_t sss_mc_set_recycled(int fd) { uint32_t w = SSS_MC_HEADER_RECYCLED; struct sss_mc_header h; off_t offset; off_t pos; int ret; offset = MC_PTR_DIFF(&h.status, &h); pos = lseek(fd, offset, SEEK_SET); if (pos == -1) { /* What do we do now ? */ return errno; } errno = 0; ret = sss_atomic_write_s(fd, (uint8_t *)&w, sizeof(h.status)); if (ret == -1) { return errno; } if (ret != sizeof(h.status)) { /* Write error */ return EIO; } return EOK; } /* * When we (re)create a new file we must mark the current file as recycled * so active clients will abandon its use asap. * We unlink the current file and make a new one */ static errno_t sss_mc_create_file(struct sss_mc_ctx *mc_ctx) { mode_t old_mask; int ofd; int ret, uret; useconds_t t = 50000; int retries = 3; ofd = open(mc_ctx->file, O_RDWR); if (ofd != -1) { ret = sss_br_lock_file(ofd, 0, 1, retries, t); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to lock file %s.\n", mc_ctx->file)); } ret = sss_mc_set_recycled(ofd); if (ret) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to mark mmap file %s as" " recycled: %d(%s)\n", mc_ctx->file, ret, strerror(ret))); } close(ofd); } else if (errno != ENOENT) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to open old memory cache file %s: %d(%s).\n", mc_ctx->file, ret, strerror(ret))); } errno = 0; ret = unlink(mc_ctx->file); if (ret == -1 && errno != ENOENT) { ret = errno; DEBUG(SSSDBG_TRACE_FUNC, ("Failed to rm mmap file %s: %d(%s)\n", mc_ctx->file, ret, strerror(ret))); } /* temporarily relax umask as we need the file to be readable * by everyone for now */ old_mask = umask(0022); errno = 0; mc_ctx->fd = open(mc_ctx->file, O_CREAT | O_EXCL | O_RDWR, 0644); umask(old_mask); if (mc_ctx->fd == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to open mmap file %s: %d(%s)\n", mc_ctx->file, ret, strerror(ret))); return ret; } ret = sss_br_lock_file(mc_ctx->fd, 0, 1, retries, t); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to lock file %s.\n", mc_ctx->file)); close(mc_ctx->fd); mc_ctx->fd = -1; /* Report on unlink failures but don't overwrite the errno * from sss_br_lock_file */ errno = 0; uret = unlink(mc_ctx->file); if (uret == -1) { uret = errno; DEBUG(SSSDBG_TRACE_FUNC, ("Failed to rm mmap file %s: %d(%s)\n", mc_ctx->file, uret, strerror(uret))); } return ret; } return ret; } static void sss_mc_header_update(struct sss_mc_ctx *mc_ctx, int status) { struct sss_mc_header *h; /* update header using barriers */ h = (struct sss_mc_header *)mc_ctx->mmap_base; MC_RAISE_BARRIER(h); if (status == SSS_MC_HEADER_ALIVE) { /* no reason to update anything else if the file is recycled or * right before reset */ h->hash_table = MC_PTR_DIFF(mc_ctx->hash_table, mc_ctx->mmap_base); h->free_table = MC_PTR_DIFF(mc_ctx->free_table, mc_ctx->mmap_base); h->data_table = MC_PTR_DIFF(mc_ctx->data_table, mc_ctx->mmap_base); h->ht_size = mc_ctx->ht_size; h->ft_size = mc_ctx->ft_size; h->dt_size = mc_ctx->dt_size; h->major_vno = SSS_MC_MAJOR_VNO; h->minor_vno = SSS_MC_MINOR_VNO; h->seed = mc_ctx->seed; h->reserved = 0; } h->status = status; MC_LOWER_BARRIER(h); } static int mc_ctx_destructor(struct sss_mc_ctx *mc_ctx) { int ret; /* Print debug message to logs if munmap() or close() * fail but always return 0 */ if (mc_ctx->mmap_base != NULL) { ret = munmap(mc_ctx->mmap_base, mc_ctx->mmap_size); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to unmap old memory cache file." "[%d]: %s\n", ret, strerror(ret))); } } if (mc_ctx->fd != -1) { ret = close(mc_ctx->fd); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to close old memory cache file." "[%d]: %s\n", ret, strerror(ret))); } } return 0; } errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name, enum sss_mc_type type, size_t n_elem, time_t timeout, struct sss_mc_ctx **mcc) { struct sss_mc_ctx *mc_ctx = NULL; unsigned int rseed; int payload; int ret, dret; switch (type) { case SSS_MC_PASSWD: payload = SSS_AVG_PASSWD_PAYLOAD; break; case SSS_MC_GROUP: payload = SSS_AVG_GROUP_PAYLOAD; break; default: return EINVAL; } mc_ctx = talloc_zero(mem_ctx, struct sss_mc_ctx); if (!mc_ctx) { return ENOMEM; } mc_ctx->fd = -1; talloc_set_destructor(mc_ctx, mc_ctx_destructor); mc_ctx->name = talloc_strdup(mc_ctx, name); if (!mc_ctx->name) { ret = ENOMEM; goto done; } mc_ctx->type = type; mc_ctx->valid_time_slot = timeout; mc_ctx->file = talloc_asprintf(mc_ctx, "%s/%s", SSS_NSS_MCACHE_DIR, name); if (!mc_ctx->file) { ret = ENOMEM; goto done; } /* elements must always be multiple of 8 to make things easier to handle, * so we increase by the necessary amount if they are not a multiple */ /* We can use MC_ALIGN64 for this */ n_elem = MC_ALIGN64(n_elem); /* hash table is double the size because it will store both forward and * reverse keys (name/uid, name/gid, ..) */ mc_ctx->ht_size = MC_HT_SIZE(n_elem * 2); mc_ctx->dt_size = MC_DT_SIZE(n_elem, payload); mc_ctx->ft_size = MC_FT_SIZE(n_elem); mc_ctx->mmap_size = MC_HEADER_SIZE + MC_ALIGN64(mc_ctx->dt_size) + MC_ALIGN64(mc_ctx->ft_size) + MC_ALIGN64(mc_ctx->ht_size); /* for now ALWAYS create a new file on restart */ ret = sss_mc_create_file(mc_ctx); if (ret) { goto done; } ret = ftruncate(mc_ctx->fd, mc_ctx->mmap_size); if (ret == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to resize file %s: %d(%s)\n", mc_ctx->file, ret, strerror(ret))); goto done; } mc_ctx->mmap_base = mmap(NULL, mc_ctx->mmap_size, PROT_READ | PROT_WRITE, MAP_SHARED, mc_ctx->fd, 0); if (mc_ctx->mmap_base == MAP_FAILED) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to mmap file %s(%zu): %d(%s)\n", mc_ctx->file, mc_ctx->mmap_size, ret, strerror(ret))); goto done; } mc_ctx->data_table = MC_PTR_ADD(mc_ctx->mmap_base, MC_HEADER_SIZE); mc_ctx->free_table = MC_PTR_ADD(mc_ctx->data_table, MC_ALIGN64(mc_ctx->dt_size)); mc_ctx->hash_table = MC_PTR_ADD(mc_ctx->free_table, MC_ALIGN64(mc_ctx->ft_size)); memset(mc_ctx->data_table, 0xff, mc_ctx->dt_size); memset(mc_ctx->free_table, 0x00, mc_ctx->ft_size); memset(mc_ctx->hash_table, 0xff, mc_ctx->ht_size); /* generate a pseudo-random seed. * Needed to fend off dictionary based collision attacks */ rseed = time(NULL) * getpid(); mc_ctx->seed = rand_r(&rseed); sss_mc_header_update(mc_ctx, SSS_MC_HEADER_ALIVE); ret = EOK; done: if (ret) { /* Closing the file descriptor and ummaping the file * from memory is done in the mc_ctx_destructor. */ if (mc_ctx && mc_ctx->file && mc_ctx->fd != -1) { dret = unlink(mc_ctx->file); if (dret == -1) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to rm mmap file %s: %d(%s)\n", mc_ctx->file, dret, strerror(dret))); } } talloc_free(mc_ctx); } else { *mcc = mc_ctx; } return ret; } errno_t sss_mmap_cache_reinit(TALLOC_CTX *mem_ctx, size_t n_elem, time_t timeout, struct sss_mc_ctx **mc_ctx) { errno_t ret; TALLOC_CTX* tmp_ctx = NULL; char *name; enum sss_mc_type type; if (mc_ctx == NULL || (*mc_ctx) == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to re-init unitialized memory cache.\n")); return EINVAL; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory.\n")); return ENOMEM; } name = talloc_strdup(tmp_ctx, (*mc_ctx)->name); if (name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory.\n")); ret = ENOMEM; goto done; } type = (*mc_ctx)->type; if (n_elem == (size_t)-1) { n_elem = (*mc_ctx)->ft_size * 8; } if (timeout == (time_t)-1) { timeout = (*mc_ctx)->valid_time_slot; } talloc_free(*mc_ctx); /* make sure we do not leave a potentially freed pointer around */ *mc_ctx = NULL; ret = sss_mmap_cache_init(mem_ctx, name, type, n_elem, timeout, mc_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to re-initialize mmap cache.\n")); goto done; } done: talloc_free(tmp_ctx); return ret; } /* Erase all contents of the mmap cache. This will bring the cache * to the same state as if it was just initialized. */ void sss_mmap_cache_reset(struct sss_mc_ctx *mc_ctx) { if (mc_ctx == NULL) { DEBUG(SSSDBG_TRACE_FUNC, ("Fastcache not initialized. Nothing to do.\n")); return; } sss_mc_header_update(mc_ctx, SSS_MC_HEADER_UNINIT); /* Reset the mmaped area */ memset(mc_ctx->data_table, 0xff, mc_ctx->dt_size); memset(mc_ctx->free_table, 0x00, mc_ctx->ft_size); memset(mc_ctx->hash_table, 0xff, mc_ctx->ht_size); sss_mc_header_update(mc_ctx, SSS_MC_HEADER_ALIVE); } sssd-1.11.5/src/responder/nss/PaxHeaders.13173/nsssrv_netgroup.c0000644000000000000000000000007412320753107022573 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.731874894 sssd-1.11.5/src/responder/nss/nsssrv_netgroup.c0000664002412700241270000010037512320753107023023 0ustar00jhrozekjhrozek00000000000000/* SSSD nsssrv_netgroup.c Authors: Stephen Gallagher Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "responder/nss/nsssrv.h" #include "responder/nss/nsssrv_private.h" #include "responder/nss/nsssrv_netgroup.h" #include "responder/common/negcache.h" #include "confdb/confdb.h" #include "db/sysdb.h" static errno_t get_netgroup_entry(struct nss_ctx *nctx, char *name, struct getent_ctx **netgr) { hash_key_t key; hash_value_t value; int hret; key.type = HASH_KEY_STRING; key.str = name; hret = hash_lookup(nctx->netgroups, &key, &value); if (hret == HASH_SUCCESS) { *netgr = talloc_get_type(value.ptr, struct getent_ctx); return EOK; } else if (hret == HASH_ERROR_KEY_NOT_FOUND) { return ENOENT; } DEBUG(1, ("Unexpected error reading from netgroup hash [%d][%s]\n", hret, hash_error_string(hret))); return EIO; } static int netgr_hash_remove (TALLOC_CTX *ctx); static errno_t set_netgroup_entry(struct nss_ctx *nctx, struct getent_ctx *netgr) { hash_key_t key; hash_value_t value; int hret; if (netgr->name == NULL) { DEBUG(1, ("Missing netgroup name.\n")); return EINVAL; } /* Add this entry to the hash table */ key.type = HASH_KEY_STRING; key.str = netgr->name; value.type = HASH_VALUE_PTR; value.ptr = netgr; hret = hash_enter(nctx->netgroups, &key, &value); if (hret != EOK) { DEBUG(0, ("Unable to add hash table entry for [%s]", key.str)); DEBUG(4, ("Hash error [%d][%s]", hret, hash_error_string(hret))); return EIO; } talloc_steal(nctx->netgroups, netgr); talloc_set_destructor((TALLOC_CTX *) netgr, netgr_hash_remove); return EOK; } static struct tevent_req *setnetgrent_send(TALLOC_CTX *mem_ctx, const char *rawname, struct nss_cmd_ctx *cmdctx); static void nss_cmd_setnetgrent_done(struct tevent_req *req); int nss_cmd_setnetgrent(struct cli_ctx *client) { struct nss_cmd_ctx *cmdctx; struct tevent_req *req; const char *rawname; uint8_t *body; size_t blen; errno_t ret = EOK; /* Reset the result cursor to zero */ client->netgrent_cur = 0; cmdctx = talloc_zero(client, struct nss_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = client; /* get netgroup name to query */ sss_packet_get_body(client->creq->in, &body, &blen); /* if not terminated fail */ if (body[blen -1] != '\0') { ret = EINVAL; goto done; } /* If the body isn't valid UTF-8, fail */ if (!sss_utf8_check(body, blen -1)) { ret = EINVAL; goto done; } rawname = (const char *)body; req = setnetgrent_send(cmdctx, rawname, cmdctx); if (!req) { DEBUG(0, ("Fatal error calling setnetgrent_send\n")); ret = EIO; goto done; } tevent_req_set_callback(req, nss_cmd_setnetgrent_done, cmdctx); done: return nss_cmd_done(cmdctx, ret); } static int netgr_hash_remove (TALLOC_CTX *ctx) { int hret; hash_key_t key; struct getent_ctx *netgr = talloc_get_type(ctx, struct getent_ctx); if (netgr->lookup_table == NULL) { DEBUG(SSSDBG_TRACE_LIBS, ("netgroup [%s] was already removed\n", netgr->name)); return EOK; } key.type = HASH_KEY_STRING; key.str = netgr->name; /* Remove the netgroup result object from the lookup table */ hret = hash_delete(netgr->lookup_table, &key); if (hret != HASH_SUCCESS) { DEBUG(0, ("Could not remove key [%s] from table! [%d][%s]\n", netgr->name, hret, hash_error_string(hret))); return -1; } return 0; } struct setnetgrent_ctx { struct nss_ctx *nctx; struct nss_cmd_ctx *cmdctx; struct nss_dom_ctx *dctx; char *netgr_shortname; struct getent_ctx *netgr; const char *rawname; }; static errno_t setnetgrent_retry(struct tevent_req *req); static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx); static struct tevent_req *setnetgrent_send(TALLOC_CTX *mem_ctx, const char *rawname, struct nss_cmd_ctx *cmdctx) { char *domname; errno_t ret; struct tevent_req *req; struct setnetgrent_ctx *state; struct nss_dom_ctx *dctx; struct cli_ctx *client = cmdctx->cctx; struct nss_ctx *nctx = talloc_get_type(client->rctx->pvt_ctx, struct nss_ctx); req = tevent_req_create(mem_ctx, &state, struct setnetgrent_ctx); if (!req) { DEBUG(0, ("Could not create tevent request for setnetgrent\n")); return NULL; } state->nctx = nctx; state->cmdctx = cmdctx; state->rawname = rawname; state->dctx = talloc_zero(state, struct nss_dom_ctx); if (!state->dctx) { ret = ENOMEM; goto error; } dctx = state->dctx; dctx->cmdctx = state->cmdctx; ret = sss_parse_name_for_domains(state, client->rctx->domains, client->rctx->default_domain, rawname, &domname, &state->netgr_shortname); if (ret != EOK) { DEBUG(2, ("Invalid name received [%s]\n", rawname)); goto error; } DEBUG(4, ("Requesting info for netgroup [%s] from [%s]\n", state->netgr_shortname, domname?domname:"")); if (domname) { dctx->domain = responder_get_domain(client->rctx, domname); if (!dctx->domain) { ret = EINVAL; goto error; } /* Save the netgroup name for getnetgrent */ client->netgr_name = talloc_strdup(client, state->netgr_shortname); if (!client->netgr_name) { ret = ENOMEM; goto error; } } else { /* this is a multidomain search */ dctx->domain = client->rctx->domains; cmdctx->check_next = true; /* Save the netgroup name for getnetgrent */ client->netgr_name = talloc_strdup(client, rawname); if (!client->netgr_name) { ret = ENOMEM; goto error; } } ret = setnetgrent_retry(req); if (ret != EOK) { if (ret == EAGAIN) { /* We need to reenter the mainloop * We may be refreshing the cache */ return req; } goto error; } return req; error: tevent_req_error(req, ret); tevent_req_post(req, cmdctx->cctx->ev); return req; } static errno_t setnetgrent_retry(struct tevent_req *req) { errno_t ret; struct setent_step_ctx *step_ctx; struct setnetgrent_ctx *state; struct cli_ctx *client; struct nss_ctx *nctx; struct nss_cmd_ctx *cmdctx; struct nss_dom_ctx *dctx; state = tevent_req_data(req, struct setnetgrent_ctx); dctx = state->dctx; cmdctx = state->cmdctx; client = cmdctx->cctx; nctx = talloc_get_type(client->rctx->pvt_ctx, struct nss_ctx); dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); /* Is the result context already available? * Check for existing lookups for this netgroup */ ret = get_netgroup_entry(nctx, client->netgr_name, &state->netgr); if (ret == EOK) { /* Another process already requested this netgroup * Check whether it's ready for processing. */ if (state->netgr->ready) { if (state->netgr->found) { /* Ready to process results */ tevent_req_done(req); } else { tevent_req_error(req, ENOENT); } tevent_req_post(req, nctx->rctx->ev); /* Return EOK, otherwise this will be treated as * an error */ return EOK; } /* Result object is still being constructed * Register for notification when it's ready */ ret = nss_setent_add_ref(state, state->netgr, req); if (ret != EOK) { goto done; } /* Will return control below */ } else if (ret == ENOENT) { /* This is the first attempt to request this netgroup */ state->netgr = talloc_zero(nctx, struct getent_ctx); if (!state->netgr) { ret = ENOMEM; goto done; } dctx->netgr = state->netgr; /* Save the name used for the lookup table * so we can remove it in the destructor */ state->netgr->name = talloc_strdup(state->netgr, client->netgr_name); if (!state->netgr->name) { talloc_free(state->netgr); ret = ENOMEM; goto done; } state->netgr->lookup_table = nctx->netgroups; /* Add a reference for ourselves */ ret = nss_setent_add_ref(state, state->netgr, req); if (ret != EOK) { talloc_free(state->netgr); goto done; } ret = set_netgroup_entry(nctx, state->netgr); if (ret != EOK) { DEBUG(1, ("set_netgroup_entry failed.\n")); talloc_free(state->netgr); goto done; } /* Perform lookup */ step_ctx = talloc_zero(state->netgr, struct setent_step_ctx); if (!step_ctx) { ret = ENOMEM; goto done; } /* Steal the dom_ctx onto the step_ctx so it doesn't go out of scope if * this request is canceled while other requests are in-progress. */ step_ctx->dctx = talloc_steal(step_ctx, state->dctx); step_ctx->nctx = state->nctx; step_ctx->getent_ctx = state->netgr; step_ctx->rctx = client->rctx; step_ctx->check_next = cmdctx->check_next; step_ctx->name = talloc_strdup(step_ctx, state->netgr->name); if (!step_ctx->name) { ret = ENOMEM; goto done; } ret = lookup_netgr_step(step_ctx); switch (ret) { case EOK: break; case EMSGSIZE: state->netgr->ready = true; ret = ENOENT; /* FALLTHROUGH */ default: goto done; } tevent_req_done(req); tevent_req_post(req, cmdctx->cctx->ev); /* Will return control below */ } else { /* Unexpected error from hash_lookup */ goto done; } ret = EOK; done: return ret; } static void lookup_netgr_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr); static void setnetgrent_result_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt); /* Set up a lifetime timer for this result object * We don't want this result object to outlive the * entry cache refresh timeout */ static void set_netgr_lifetime(uint32_t lifetime, struct setent_step_ctx *step_ctx, struct getent_ctx *netgr) { struct timeval tv; struct tevent_timer *te; tv = tevent_timeval_current_ofs(lifetime, 0); te = tevent_add_timer(step_ctx->nctx->rctx->ev, step_ctx->nctx->gctx, tv, setnetgrent_result_timeout, netgr); if (!te) { DEBUG(0, ("Could not set up life timer for setnetgrent result object. " "Entries may become stale.\n")); } } static errno_t lookup_netgr_step(struct setent_step_ctx *step_ctx) { errno_t ret; struct sss_domain_info *dom = step_ctx->dctx->domain; struct getent_ctx *netgr; struct sysdb_ctx *sysdb; char *name = NULL; uint32_t lifetime; /* Check each domain for this netgroup name */ while (dom) { /* Netgroups are a special case. We have to ignore the * fully-qualified name requirement because memberNisNetgroup * entries do not have fully-qualified components and we need * to be able to always check them. So unlike the other * maps, here we avoid skipping over fully-qualified domains. */ if (dom != step_ctx->dctx->domain) { /* make sure we reset the check_provider flag when we check * a new domain */ step_ctx->dctx->check_provider = NEED_CHECK_PROVIDER(dom->provider); } /* make sure to update the dctx if we changed domain */ step_ctx->dctx->domain = dom; talloc_free(name); name = sss_get_cased_name(step_ctx, step_ctx->name, dom->case_sensitive); if (!name) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_get_cased_name failed\n")); return ENOMEM; } DEBUG(4, ("Requesting info for [%s@%s]\n", name, dom->name)); sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(0, ("Fatal: Sysdb CTX not found for this domain!\n")); return EIO; } /* Look up the netgroup in the cache */ ret = sysdb_getnetgr(step_ctx->dctx, sysdb, dom, name, &step_ctx->dctx->res); if (step_ctx->dctx->res->count > 1) { DEBUG(SSSDBG_FATAL_FAILURE, ("getnetgr call returned more than one result !?!\n")); return EMSGSIZE; } if (ret == ENOENT) { /* This netgroup was not found in this domain */ if (!step_ctx->dctx->check_provider) { if (step_ctx->check_next) { dom = get_next_domain(dom, false); continue; } else break; } ret = EOK; } if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); return EIO; } ret = get_netgroup_entry(step_ctx->nctx, step_ctx->name, &netgr); if (ret != EOK) { /* Something really bad happened! */ DEBUG(0, ("Netgroup entry was lost!\n")); return ret; } /* Convert the result to a list of entries */ ret = sysdb_netgr_to_entries(netgr, step_ctx->dctx->res, &netgr->entries); if (ret == ENOENT) { /* This netgroup was not found in this domain */ DEBUG(2, ("No results for netgroup %s (domain %s)\n", name, dom->name)); if (!step_ctx->dctx->check_provider) { if (step_ctx->check_next) { dom = get_next_domain(dom, false); continue; } else break; } ret = EOK; } if (ret != EOK) { DEBUG(1, ("Failed to convert results into entries\n")); netgr->ready = true; netgr->found = false; set_netgr_lifetime(step_ctx->nctx->neg_timeout, step_ctx, netgr); return EIO; } /* if this is a caching provider (or if we haven't checked the cache * yet) then verify that the cache is uptodate */ if (step_ctx->dctx->check_provider) { ret = check_cache(step_ctx->dctx, step_ctx->nctx, step_ctx->dctx->res, SSS_DP_NETGR, name, 0, lookup_netgr_dp_callback, step_ctx); if (ret != EOK) { /* May return EAGAIN legitimately to indicate that * we need to reenter the mainloop */ return ret; } } /* Results found */ DEBUG(6, ("Returning info for netgroup [%s@%s]\n", name, dom->name)); netgr->ready = true; netgr->found = true; if (step_ctx->nctx->cache_refresh_percent) { lifetime = dom->netgroup_timeout * (step_ctx->nctx->cache_refresh_percent / 100.0); } else { lifetime = dom->netgroup_timeout; } if (lifetime < 10) lifetime = 10; set_netgr_lifetime(lifetime, step_ctx, netgr); return EOK; } /* If we've gotten here, then no domain contained this netgroup */ DEBUG(SSSDBG_MINOR_FAILURE, ("No matching domain found for [%s], fail!\n", step_ctx->name)); netgr = talloc_zero(step_ctx->nctx, struct getent_ctx); if (netgr == NULL) { DEBUG(1, ("talloc_zero failed, ignored.\n")); } else { netgr->ready = true; netgr->found = false; netgr->entries = NULL; netgr->lookup_table = step_ctx->nctx->netgroups; netgr->name = talloc_strdup(netgr, step_ctx->name); if (netgr->name == NULL) { DEBUG(1, ("talloc_strdup failed.\n")); talloc_free(netgr); return ENOMEM; } ret = set_netgroup_entry(step_ctx->nctx, netgr); if (ret != EOK) { DEBUG(1, ("set_netgroup_entry failed, ignored.\n")); } set_netgr_lifetime(step_ctx->nctx->neg_timeout, step_ctx, netgr); } return ENOENT; } static void lookup_netgr_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr) { struct setent_step_ctx *step_ctx = talloc_get_type(ptr, struct setent_step_ctx); struct nss_dom_ctx *dctx = step_ctx->dctx; struct nss_cmd_ctx *cmdctx = dctx->cmdctx; int ret; if (err_maj) { DEBUG(2, ("Unable to get information from Data Provider\n" "Error: %u, %u, %s\n" "Will try to return what we have in cache\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg)); /* Loop to the next domain if possible */ if (cmdctx->check_next && get_next_domain(dctx->domain, false)) { dctx->domain = get_next_domain(dctx->domain, false); dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); } } /* ok the backend returned, search to see if we have updated results */ ret = lookup_netgr_step(step_ctx); if (ret != EOK) { if (ret == EAGAIN) { return; } } /* We have results to return */ nss_setent_notify_error(dctx->netgr, ret); } static void setnetgrent_result_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt) { struct getent_ctx *netgr = talloc_get_type(pvt, struct getent_ctx); /* Free the netgroup result context * The destructor for the netgroup will remove itself * from the hash table * * If additional getnetgrent() requests come in, they * will invoke an implicit setnetgrent() call and * refresh the result object */ talloc_free(netgr); } static errno_t setnetgrent_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void nss_cmd_setnetgrent_done(struct tevent_req *req) { errno_t reqret; errno_t ret; struct sss_packet *packet; uint8_t *body; size_t blen; struct nss_cmd_ctx *cmdctx = tevent_req_callback_data(req, struct nss_cmd_ctx); reqret = setnetgrent_recv(req); talloc_zfree(req); if (reqret != EOK && reqret != ENOENT) { DEBUG(1, ("setnetgrent failed\n")); nss_cmd_done(cmdctx, reqret); return; } /* Either we succeeded or no domains were eligible */ ret = sss_packet_new(cmdctx->cctx->creq, 0, sss_packet_get_cmd(cmdctx->cctx->creq->in), &cmdctx->cctx->creq->out); if (ret == EOK) { if (reqret == ENOENT) { /* Notify the caller that this entry wasn't found */ sss_cmd_empty_packet(cmdctx->cctx->creq->out); } else { packet = cmdctx->cctx->creq->out; ret = sss_packet_grow(packet, 2*sizeof(uint32_t)); if (ret != EOK) { DEBUG(1, ("Couldn't grow the packet\n")); NSS_CMD_FATAL_ERROR(cmdctx); } sss_packet_get_body(packet, &body, &blen); ((uint32_t *)body)[0] = 1; /* Got some results */ ((uint32_t *)body)[1] = 0; /* reserved */ } sss_cmd_done(cmdctx->cctx, cmdctx); return; } DEBUG(1, ("Error creating packet\n")); } static void setnetgrent_implicit_done(struct tevent_req *req); static errno_t nss_cmd_getnetgrent_process(struct nss_cmd_ctx *cmdctx, struct getent_ctx *netgr); int nss_cmd_getnetgrent(struct cli_ctx *client) { errno_t ret; struct nss_ctx *nctx; struct nss_cmd_ctx *cmdctx; struct getent_ctx *netgr; struct tevent_req *req; DEBUG(4, ("Requesting netgroup data\n")); cmdctx = talloc_zero(client, struct nss_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = client; nctx = talloc_get_type(client->rctx->pvt_ctx, struct nss_ctx); if (!client->netgr_name) { /* Tried to run getnetgrent without a preceding * setnetgrent. There is no way to determine which * netgroup is being requested. */ return nss_cmd_done(cmdctx, EINVAL); } /* Look up the results from the hash */ ret = get_netgroup_entry(nctx, client->netgr_name, &netgr); if (ret == ENOENT) { /* We need to invoke an implicit setnetgrent() to * wait for the result object to become available. */ req = setnetgrent_send(cmdctx, client->netgr_name, cmdctx); if (!req) { return nss_cmd_done(cmdctx, EIO); } tevent_req_set_callback(req, setnetgrent_implicit_done, cmdctx); return EOK; } else if (ret != EOK) { DEBUG(1, ("An unexpected error occurred: [%d][%s]\n", ret, strerror(ret))); return nss_cmd_done(cmdctx, ret); } /* Hash entry was found. Is it ready? */ if (!netgr->ready) { /* We need to invoke an implicit setnetgrent() to * wait for the result object to become available. */ req = setnetgrent_send(cmdctx, client->netgr_name, cmdctx); if (!req) { return nss_cmd_done(cmdctx, EIO); } tevent_req_set_callback(req, setnetgrent_implicit_done, cmdctx); return EOK; } else if (!netgr->found) { DEBUG(6, ("Results for [%s] not found.\n", client->netgr_name)); return ENOENT; } DEBUG(6, ("Returning results for [%s]\n", client->netgr_name)); /* Read the result strings */ ret = nss_cmd_getnetgrent_process(cmdctx, netgr); if (ret != EOK) { DEBUG(1, ("Failed: [%d][%s]\n", ret, strerror(ret))); } return ret; } static void setnetgrent_implicit_done(struct tevent_req *req) { errno_t ret; struct getent_ctx *netgr; struct nss_cmd_ctx *cmdctx = tevent_req_callback_data(req, struct nss_cmd_ctx); struct nss_ctx *nctx = talloc_get_type(cmdctx->cctx->rctx->pvt_ctx, struct nss_ctx); ret = setnetgrent_recv(req); talloc_zfree(req); /* ENOENT is acceptable, it just means there were no values * to be returned. This will be handled gracefully in * nss_cmd_retnetgrent later */ if (ret != EOK && ret != ENOENT) { DEBUG(0, ("Implicit setnetgrent failed with unexpected error " "[%d][%s]\n", ret, strerror(ret))); NSS_CMD_FATAL_ERROR(cmdctx); } if (ret == ENOENT) { /* No entries found for this netgroup */ nss_cmd_done(cmdctx, ret); return; } /* Look up the results from the hash */ ret = get_netgroup_entry(nctx, cmdctx->cctx->netgr_name, &netgr); if (ret == ENOENT) { /* Critical error. This should never happen */ DEBUG(0, ("Implicit setnetgrent returned success without creating " "result object.\n")); NSS_CMD_FATAL_ERROR(cmdctx); } else if (ret != EOK) { DEBUG(1, ("An unexpected error occurred: [%d][%s]\n", ret, strerror(ret))); NSS_CMD_FATAL_ERROR(cmdctx); } if (!netgr->ready) { /* Critical error. This should never happen */ DEBUG(0, ("Implicit setnetgrent returned success without creating " "result object.\n")); NSS_CMD_FATAL_ERROR(cmdctx); } ret = nss_cmd_getnetgrent_process(cmdctx, netgr); if (ret != EOK) { DEBUG(0, ("Immediate retrieval failed with unexpected error " "[%d][%s]\n", ret, strerror(ret))); NSS_CMD_FATAL_ERROR(cmdctx); } } static errno_t nss_cmd_retnetgrent(struct cli_ctx *client, struct sysdb_netgroup_ctx **entries, int num); static errno_t nss_cmd_getnetgrent_process(struct nss_cmd_ctx *cmdctx, struct getent_ctx *netgr) { struct cli_ctx *client = cmdctx->cctx; uint8_t *body; size_t blen; uint32_t num; errno_t ret; /* get max num of entries to return in one call */ sss_packet_get_body(client->creq->in, &body, &blen); if (blen != sizeof(uint32_t)) { return EINVAL; } num = *((uint32_t *)body); /* create response packet */ ret = sss_packet_new(client->creq, 0, sss_packet_get_cmd(client->creq->in), &client->creq->out); if (ret != EOK) { return ret; } if (!netgr->entries || netgr->entries[0] == NULL) { /* No entries */ DEBUG(5, ("No entries found\n")); ret = sss_cmd_empty_packet(client->creq->out); if (ret != EOK) { return nss_cmd_done(cmdctx, ret); } goto done; } ret = nss_cmd_retnetgrent(client, netgr->entries, num); done: sss_packet_set_error(client->creq->out, ret); sss_cmd_done(client, cmdctx); return EOK; } static errno_t nss_cmd_retnetgrent(struct cli_ctx *client, struct sysdb_netgroup_ctx **entries, int count) { size_t len; size_t hostlen = 0; size_t userlen = 0; size_t domainlen = 0; size_t grouplen = 0; uint8_t *body; size_t blen, rp; errno_t ret; struct sss_packet *packet = client->creq->out; int num, start; /* first 2 fields (len and reserved), filled up later */ rp = 2*sizeof(uint32_t); ret = sss_packet_grow(packet, rp); if (ret != EOK) return ret; start = client->netgrent_cur; num = 0; while (entries[client->netgrent_cur] && (client->netgrent_cur - start) < count) { if (entries[client->netgrent_cur]->type == SYSDB_NETGROUP_TRIPLE_VAL) { hostlen = 1; if (entries[client->netgrent_cur]->value.triple.hostname) { hostlen += strlen(entries[client->netgrent_cur]->value.triple.hostname); } userlen = 1; if (entries[client->netgrent_cur]->value.triple.username) { userlen += strlen(entries[client->netgrent_cur]->value.triple.username); } domainlen = 1; if (entries[client->netgrent_cur]->value.triple.domainname) { domainlen += strlen(entries[client->netgrent_cur]->value.triple.domainname); } len = sizeof(uint32_t) + hostlen + userlen + domainlen; ret = sss_packet_grow(packet, len); if (ret != EOK) { return ret; } sss_packet_get_body(packet, &body, &blen); SAFEALIGN_SET_UINT32(&body[rp], SSS_NETGR_REP_TRIPLE, &rp); if (hostlen == 1) { body[rp] = '\0'; } else { memcpy(&body[rp], entries[client->netgrent_cur]->value.triple.hostname, hostlen); } rp += hostlen; if (userlen == 1) { body[rp] = '\0'; } else { memcpy(&body[rp], entries[client->netgrent_cur]->value.triple.username, userlen); } rp += userlen; if (domainlen == 1) { body[rp] = '\0'; } else { memcpy(&body[rp], entries[client->netgrent_cur]->value.triple.domainname, domainlen); } rp += domainlen; } else if (entries[client->netgrent_cur]->type == SYSDB_NETGROUP_GROUP_VAL) { if (entries[client->netgrent_cur]->value.groupname == NULL || entries[client->netgrent_cur]->value.groupname[0] == '\0') { DEBUG(1, ("Empty netgroup member. Please check your cache.\n")); continue; } grouplen = 1 + strlen(entries[client->netgrent_cur]->value.groupname); len = sizeof(uint32_t) + grouplen; ret = sss_packet_grow(packet, len); if (ret != EOK) { return ret; } sss_packet_get_body(packet, &body, &blen); SAFEALIGN_SET_UINT32(&body[rp], SSS_NETGR_REP_GROUP, &rp); memcpy(&body[rp], entries[client->netgrent_cur]->value.groupname, grouplen); rp += grouplen; } else { DEBUG(1, ("Unexpected value type for netgroup entry. " "Please check your cache.\n")); continue; } num++; client->netgrent_cur++; } sss_packet_get_body(packet, &body, &blen); ((uint32_t *)body)[0] = num; /* num results */ ((uint32_t *)body)[1] = 0; /* reserved */ return EOK; } int nss_cmd_endnetgrent(struct cli_ctx *client) { errno_t ret; /* create response packet */ ret = sss_packet_new(client->creq, 0, sss_packet_get_cmd(client->creq->in), &client->creq->out); if (ret != EOK) { return ret; } /* Reset the indices so that subsequent requests start at zero */ client->netgrent_cur = 0; talloc_zfree(client->netgr_name); sss_cmd_done(client, NULL); return EOK; } void netgroup_hash_delete_cb(hash_entry_t *item, hash_destroy_enum deltype, void *pvt) { struct getent_ctx *netgr; if (deltype != HASH_ENTRY_DESTROY) { return; } netgr = talloc_get_type(item->value.ptr, struct getent_ctx); if (!netgr) { DEBUG(SSSDBG_OP_FAILURE, ("Invalid netgroup\n")); return; } /* So that the destructor wouldn't attempt to remove the netgroup from hash * table */ netgr->lookup_table = NULL; } errno_t nss_orphan_netgroups(struct nss_ctx *nctx) { int hret; unsigned long mcount; unsigned long i; hash_key_t *netgroups; if (!nctx || !nctx->netgroups) { return EINVAL; } hret = hash_keys(nctx->netgroups, &mcount, &netgroups); if (hret != HASH_SUCCESS) { return EIO; } DEBUG(SSSDBG_TRACE_FUNC, ("Removing netgroups from memory cache.\n")); for (i = 0; i < mcount; i++) { /* netgroup entry will be deleted by setnetgrent_result_timeout */ hret = hash_delete(nctx->netgroups, &netgroups[i]); if (hret != HASH_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not delete key from hash\n")); continue; } } return EOK; } sssd-1.11.5/src/responder/nss/PaxHeaders.13173/nsssrv_cmd.c0000644000000000000000000000007412320753107021473 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.730874895 sssd-1.11.5/src/responder/nss/nsssrv_cmd.c0000664002412700241270000042527012320753107021727 0ustar00jhrozekjhrozek00000000000000/* SSSD NSS Responder Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "util/sss_nss.h" #include "responder/nss/nsssrv.h" #include "responder/nss/nsssrv_private.h" #include "responder/nss/nsssrv_netgroup.h" #include "responder/nss/nsssrv_services.h" #include "responder/nss/nsssrv_mmap_cache.h" #include "responder/common/negcache.h" #include "confdb/confdb.h" #include "db/sysdb.h" #include "sss_client/idmap/sss_nss_idmap.h" #include static int nss_cmd_send_error(struct nss_cmd_ctx *cmdctx, int err) { return sss_cmd_send_error(cmdctx->cctx, err); } static int nss_cmd_send_empty(struct nss_cmd_ctx *cmdctx) { struct cli_ctx *cctx = cmdctx->cctx; return sss_cmd_send_empty(cctx, cmdctx); } int nss_cmd_done(struct nss_cmd_ctx *cmdctx, int ret) { switch (ret) { case EOK: /* all fine, just return here */ break; case ENOENT: ret = nss_cmd_send_empty(cmdctx); if (ret) { return EFAULT; } break; case EAGAIN: /* async processing, just return here */ break; case EFAULT: /* very bad error */ return EFAULT; default: ret = nss_cmd_send_error(cmdctx, ret); if (ret) { return EFAULT; } sss_cmd_done(cmdctx->cctx, cmdctx); break; } return EOK; } /*************************** * Enumeration procedures * ***************************/ errno_t nss_setent_add_ref(TALLOC_CTX *memctx, struct getent_ctx *getent_ctx, struct tevent_req *req) { return setent_add_ref(memctx, getent_ctx, &getent_ctx->reqs, req); } void nss_setent_notify_error(struct getent_ctx *getent_ctx, errno_t ret) { return setent_notify(&getent_ctx->reqs, ret); } void nss_setent_notify_done(struct getent_ctx *getent_ctx) { return setent_notify_done(&getent_ctx->reqs); } struct setent_ctx { struct cli_ctx *client; struct nss_ctx *nctx; struct nss_dom_ctx *dctx; struct getent_ctx *getent_ctx; }; /**************************************************************************** * PASSWD db related functions ***************************************************************************/ void nss_update_pw_memcache(struct nss_ctx *nctx) { struct sss_domain_info *dom; struct ldb_result *res; uint64_t exp; struct sized_string key; const char *id; time_t now; int ret; int i; now = time(NULL); for (dom = nctx->rctx->domains; dom; dom = get_next_domain(dom, false)) { ret = sysdb_enumpwent(nctx, dom->sysdb, dom, &res); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to enumerate users for domain [%s]\n", dom->name)); continue; } for (i = 0; i < res->count; i++) { exp = ldb_msg_find_attr_as_uint64(res->msgs[i], SYSDB_CACHE_EXPIRE, 0); if (exp >= now) { continue; } /* names require more manipulation (build up fqname conditionally), * but uidNumber is unique and always resolvable too, so we use * that to update the cache, as it points to the same entry */ id = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_UIDNUM, NULL); if (!id) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to find uidNumber in %s.\n", ldb_dn_get_linearized(res->msgs[i]->dn))); continue; } to_sized_string(&key, id); ret = sss_mmap_cache_pw_invalidate(nctx->pwd_mc_ctx, &key); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Internal failure in memory cache code: %d [%s]\n", ret, strerror(ret))); } } talloc_zfree(res); } } static gid_t get_gid_override(struct ldb_message *msg, struct sss_domain_info *dom) { return dom->override_gid ? dom->override_gid : ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); } static const char *get_homedir_override(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct nss_ctx *nctx, struct sss_domain_info *dom, const char *orig_name, uint32_t uid) { const char *homedir; char *name; char *domname; errno_t ret; homedir = ldb_msg_find_attr_as_string(msg, SYSDB_HOMEDIR, NULL); /* Subdomain users store FQDN in their name attribute */ ret = sss_parse_name(mem_ctx, dom->names, orig_name, &domname, &name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not parse [%s] into " "name-value components.\n", orig_name)); return NULL; } /* Check whether we are unconditionally overriding the server * for home directory locations. */ if (dom->override_homedir) { return expand_homedir_template(mem_ctx, dom->override_homedir, name, uid, homedir, dom->name, NULL); } else if (nctx->override_homedir) { return expand_homedir_template(mem_ctx, nctx->override_homedir, name, uid, homedir, dom->name, NULL); } if (!homedir || *homedir == '\0') { /* In the case of a NULL or empty homedir, check to see if * we have a fallback homedir to use. */ if (dom->fallback_homedir) { return expand_homedir_template(mem_ctx, dom->fallback_homedir, name, uid, homedir, dom->name, NULL); } else if (nctx->fallback_homedir) { return expand_homedir_template(mem_ctx, nctx->fallback_homedir, name, uid, homedir, dom->name, NULL); } } /* Return the value we got from the provider */ return talloc_strdup(mem_ctx, homedir); } static const char *get_shell_override(TALLOC_CTX *mem_ctx, struct ldb_message *msg, struct nss_ctx *nctx, struct sss_domain_info *dom) { const char *user_shell; int i; /* Check whether we are unconditionally overriding the server * for the login shell. */ if (dom->override_shell) { return dom->override_shell; } else if (nctx->override_shell) { return nctx->override_shell; } user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL); if (!user_shell) { /* Check whether there is a default shell specified */ if (dom->default_shell) { return talloc_strdup(mem_ctx, dom->default_shell); } else if (nctx->default_shell) { return talloc_strdup(mem_ctx, nctx->default_shell); } return NULL; } if (!nctx->allowed_shells && !nctx->vetoed_shells) return talloc_strdup(mem_ctx, user_shell); if (nctx->vetoed_shells) { for (i=0; nctx->vetoed_shells[i]; i++) { if (strcmp(nctx->vetoed_shells[i], user_shell) == 0) { DEBUG(5, ("The shell '%s' is vetoed. " "Using fallback\n", user_shell)); return talloc_strdup(mem_ctx, nctx->shell_fallback); } } } if (nctx->etc_shells) { for (i=0; nctx->etc_shells[i]; i++) { if (strcmp(user_shell, nctx->etc_shells[i]) == 0) { DEBUG(9, ("Shell %s found in /etc/shells\n", nctx->etc_shells[i])); break; } } if (nctx->etc_shells[i]) { DEBUG(9, ("Using original shell '%s'\n", user_shell)); return talloc_strdup(mem_ctx, user_shell); } } if (nctx->allowed_shells) { for (i=0; nctx->allowed_shells[i]; i++) { if (strcmp(nctx->allowed_shells[i], user_shell) == 0) { DEBUG(5, ("The shell '%s' is allowed but does not exist. " "Using fallback\n", user_shell)); return talloc_strdup(mem_ctx, nctx->shell_fallback); } } } DEBUG(5, ("The shell '%s' is not allowed and does not exist.\n", user_shell)); return talloc_strdup(mem_ctx, NOLOGIN_SHELL); } static int fill_pwent(struct sss_packet *packet, struct sss_domain_info *dom, struct nss_ctx *nctx, bool filter_users, bool pw_mmap_cache, struct ldb_message **msgs, int *count) { struct ldb_message *msg; uint8_t *body; const char *tmpstr; const char *orig_name; struct sized_string name; struct sized_string gecos; struct sized_string homedir; struct sized_string shell; struct sized_string pwfield; struct sized_string fullname; uint32_t uid; uint32_t gid; size_t rsize, rp, blen; size_t dom_len = 0; int delim = 0; int i, ret, num, t; bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames); const char *domain = dom->name; bool packet_initialized = false; int ncret; TALLOC_CTX *tmp_ctx = NULL; if (add_domain) { delim = 1; dom_len = sss_fqdom_len(dom->names, dom); } to_sized_string(&pwfield, nctx->pwfield); rp = 2*sizeof(uint32_t); num = 0; for (i = 0; i < *count; i++) { talloc_zfree(tmp_ctx); tmp_ctx = talloc_new(NULL); msg = msgs[i]; orig_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); gid = get_gid_override(msg, dom); if (!orig_name || !uid || !gid) { DEBUG(SSSDBG_OP_FAILURE, ("Incomplete user object for %s[%llu]! Skipping\n", orig_name?orig_name:"", (unsigned long long int)uid)); continue; } if (filter_users) { ncret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout, dom, orig_name); if (ncret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("User [%s@%s] filtered out! (negative cache)\n", orig_name, domain)); continue; } } if (!packet_initialized) { /* first 2 fields (len and reserved), filled up later */ ret = sss_packet_grow(packet, 2*sizeof(uint32_t)); if (ret != EOK) return ret; packet_initialized = true; } tmpstr = sss_get_cased_name(tmp_ctx, orig_name, dom->case_sensitive); if (tmpstr == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_get_cased_name failed, skipping\n")); continue; } to_sized_string(&name, tmpstr); tmpstr = ldb_msg_find_attr_as_string(msg, SYSDB_GECOS, NULL); if (!tmpstr) { to_sized_string(&gecos, ""); } else { to_sized_string(&gecos, tmpstr); } tmpstr = get_homedir_override(tmp_ctx, msg, nctx, dom, name.str, uid); if (!tmpstr) { to_sized_string(&homedir, "/"); } else { to_sized_string(&homedir, tmpstr); } tmpstr = get_shell_override(tmp_ctx, msg, nctx, dom); if (!tmpstr) { to_sized_string(&shell, ""); } else { to_sized_string(&shell, tmpstr); } rsize = 2 * sizeof(uint32_t) + name.len + gecos.len + homedir.len + shell.len + pwfield.len; if (add_domain) rsize += delim + dom_len; ret = sss_packet_grow(packet, rsize); if (ret != EOK) { num = 0; goto done; } sss_packet_get_body(packet, &body, &blen); SAFEALIGN_SET_UINT32(&body[rp], uid, &rp); SAFEALIGN_SET_UINT32(&body[rp], gid, &rp); if (add_domain) { ret = sss_fqname((char *) &body[rp], name.len + delim + dom_len, dom->names, dom, name.str); if (ret >= (name.len + delim + dom_len)) { /* need more space, got creative with the print format ? */ t = ret - (name.len + delim + dom_len) + 1; ret = sss_packet_grow(packet, t); if (ret != EOK) { num = 0; goto done; } delim += t; sss_packet_get_body(packet, &body, &blen); /* retry */ ret = sss_fqname((char *) &body[rp], name.len + delim + dom_len, dom->names, dom, name.str); } if (ret != name.len + delim + dom_len - 1) { DEBUG(1, ("Failed to generate a fully qualified name for user " "[%s] in [%s]! Skipping user.\n", name.str, domain)); continue; } } else { memcpy(&body[rp], name.str, name.len); } to_sized_string(&fullname, (const char *)&body[rp]); rp += fullname.len; memcpy(&body[rp], pwfield.str, pwfield.len); rp += pwfield.len; memcpy(&body[rp], gecos.str, gecos.len); rp += gecos.len; memcpy(&body[rp], homedir.str, homedir.len); rp += homedir.len; memcpy(&body[rp], shell.str, shell.len); rp += shell.len; num++; if (pw_mmap_cache && nctx->pwd_mc_ctx) { ret = sss_mmap_cache_pw_store(&nctx->pwd_mc_ctx, &fullname, &pwfield, uid, gid, &gecos, &homedir, &shell); if (ret != EOK && ret != ENOMEM) { DEBUG(1, ("Failed to store user %s(%s) in mmap cache!", name.str, domain)); } } } talloc_zfree(tmp_ctx); done: *count = i; /* if there are no results just return ENOENT, * let the caller decide if this is the last packet or not */ if (!packet_initialized) return ENOENT; sss_packet_get_body(packet, &body, &blen); ((uint32_t *)body)[0] = num; /* num results */ ((uint32_t *)body)[1] = 0; /* reserved */ return EOK; } static int nss_cmd_getpw_send_reply(struct nss_dom_ctx *dctx, bool filter) { struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct cli_ctx *cctx = cmdctx->cctx; struct nss_ctx *nctx; int ret; int i; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return EFAULT; } i = dctx->res->count; ret = fill_pwent(cctx->creq->out, dctx->domain, nctx, filter, true, dctx->res->msgs, &i); if (ret) { return ret; } sss_packet_set_error(cctx->creq->out, EOK); sss_cmd_done(cctx, cmdctx); return EOK; } static void nsssrv_dp_send_acct_req_done(struct tevent_req *req); /* FIXME: do not check res->count, but get in a msgs and check in parent */ errno_t check_cache(struct nss_dom_ctx *dctx, struct nss_ctx *nctx, struct ldb_result *res, int req_type, const char *opt_name, uint32_t opt_id, sss_dp_callback_t callback, void *pvt) { errno_t ret; struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct cli_ctx *cctx = cmdctx->cctx; struct tevent_req *req = NULL; struct dp_callback_ctx *cb_ctx = NULL; uint64_t cacheExpire = 0; /* when searching for a user or netgroup, more than one reply is a * db error */ if ((req_type == SSS_DP_USER || req_type == SSS_DP_NETGR) && (res->count > 1)) { DEBUG(1, ("getpwXXX call returned more than one result!" " DB Corrupted?\n")); return ENOENT; } /* if we have any reply let's check cache validity */ if (res->count > 0) { if (req_type == SSS_DP_INITGROUPS) { cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_INITGR_EXPIRE, 1); } if (cacheExpire == 0) { cacheExpire = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_CACHE_EXPIRE, 0); } /* if we have any reply let's check cache validity */ ret = sss_cmd_check_cache(res->msgs[0], nctx->cache_refresh_percent, cacheExpire); if (ret == EOK) { DEBUG(SSSDBG_TRACE_FUNC, ("Cached entry is valid, returning..\n")); return EOK; } else if (ret != EAGAIN && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error checking cache: %d\n", ret)); goto error; } } else { /* No replies */ ret = ENOENT; } /* EAGAIN (off band) or ENOENT (cache miss) -> check cache */ if (ret == EAGAIN) { /* No callback required * This was an out-of-band update. We'll return EOK * so the calling function can return the cached entry * immediately. */ DEBUG(SSSDBG_TRACE_FUNC, ("Performing midpoint cache update on [%s]\n", opt_name)); req = sss_dp_get_account_send(cctx, cctx->rctx, dctx->domain, true, req_type, opt_name, opt_id, NULL); if (!req) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory sending out-of-band data provider " "request\n")); /* This is non-fatal, so we'll continue here */ } else { DEBUG(SSSDBG_TRACE_FUNC, ("Updating cache out-of-band\n")); } /* We don't need to listen for a reply, so we will free the * request here. */ talloc_zfree(req); } else { /* This is a cache miss. Or the cache is expired. * We need to get the updated user information before returning it. */ /* dont loop forever :-) */ dctx->check_provider = false; /* keep around current data in case backend is offline */ if (res->count) { dctx->res = talloc_steal(dctx, res); } req = sss_dp_get_account_send(cctx, cctx->rctx, dctx->domain, true, req_type, opt_name, opt_id, NULL); if (!req) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory sending data provider request\n")); ret = ENOMEM; goto error; } cb_ctx = talloc_zero(dctx, struct dp_callback_ctx); if(!cb_ctx) { talloc_zfree(req); ret = ENOMEM; goto error; } cb_ctx->callback = callback; cb_ctx->ptr = pvt; cb_ctx->cctx = dctx->cmdctx->cctx; cb_ctx->mem_ctx = dctx; tevent_req_set_callback(req, nsssrv_dp_send_acct_req_done, cb_ctx); return EAGAIN; } return EOK; error: ret = nss_cmd_send_error(cmdctx, ret); if (ret != EOK) { NSS_CMD_FATAL_ERROR_CODE(cctx, ret); } sss_cmd_done(cctx, cmdctx); return EOK; } static void nsssrv_dp_send_acct_req_done(struct tevent_req *req) { struct dp_callback_ctx *cb_ctx = tevent_req_callback_data(req, struct dp_callback_ctx); errno_t ret; dbus_uint16_t err_maj; dbus_uint32_t err_min; char *err_msg; ret = sss_dp_get_account_recv(cb_ctx->mem_ctx, req, &err_maj, &err_min, &err_msg); talloc_zfree(req); if (ret != EOK) { NSS_CMD_FATAL_ERROR(cb_ctx->cctx); } cb_ctx->callback(err_maj, err_min, err_msg, cb_ctx->ptr); } static int delete_entry_from_memcache(struct sss_domain_info *dom, char *name, struct sss_mc_ctx *mc_ctx) { TALLOC_CTX *tmp_ctx = NULL; struct sized_string delete_name; char *fqdn = NULL; int ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory.\n")); return ENOMEM; } if (dom->fqnames) { fqdn = sss_tc_fqname(tmp_ctx, dom->names, dom, name); if (fqdn == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory.\n")); ret = ENOMEM; goto done; } to_sized_string(&delete_name, fqdn); } else { to_sized_string(&delete_name, name); } ret = sss_mmap_cache_pw_invalidate(mc_ctx, &delete_name); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Internal failure in memory cache code: %d [%s]\n", ret, strerror(ret))); goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } static void nss_cmd_getby_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr); /* search for a user. * Returns: * ENOENT, if user is definitely not found * EAGAIN, if user is beeing fetched from backend via async operations * EOK, if found * anything else on a fatal error */ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx) { struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct sss_domain_info *dom = dctx->domain; struct cli_ctx *cctx = cmdctx->cctx; char *name = NULL; struct sysdb_ctx *sysdb; struct nss_ctx *nctx; int ret; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); while (dom) { /* if it is a domainless search, skip domains that require fully * qualified names instead */ while (dom && cmdctx->check_next && dom->fqnames) { dom = get_next_domain(dom, false); } if (!dom) break; if (dom != dctx->domain) { /* make sure we reset the check_provider flag when we check * a new domain */ dctx->check_provider = NEED_CHECK_PROVIDER(dom->provider); } /* make sure to update the dctx if we changed domain */ dctx->domain = dom; talloc_free(name); name = sss_get_cased_name(cmdctx, cmdctx->name, dom->case_sensitive); if (!name) return ENOMEM; /* verify this user has not yet been negatively cached, * or has been permanently filtered */ ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout, dom, name); /* if neg cached, return we didn't find it */ if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("User [%s] does not exist in [%s]! (negative cache)\n", name, dom->name)); /* if a multidomain search, try with next */ if (cmdctx->check_next) { dom = get_next_domain(dom, false); continue; } /* There are no further domains or this was a * fully-qualified user request. */ return ENOENT; } DEBUG(4, ("Requesting info for [%s@%s]\n", name, dom->name)); sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(0, ("Fatal: Sysdb CTX not found for this domain!\n")); return EIO; } ret = sysdb_getpwnam(cmdctx, sysdb, dom, name, &dctx->res); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); return EIO; } if (dctx->res->count > 1) { DEBUG(0, ("getpwnam call returned more than one result !?!\n")); return ENOENT; } if (dctx->res->count == 0 && !dctx->check_provider) { /* set negative cache only if not result of cache check */ ret = sss_ncache_set_user(nctx->ncache, false, dom, name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set negcache for %s@%s\n", name, dom->name)); } /* if a multidomain search, try with next */ if (cmdctx->check_next) { dom = get_next_domain(dom, false); if (dom) continue; } DEBUG(2, ("No results for getpwnam call\n")); /* User not found in ldb -> delete user from memory cache. */ ret = delete_entry_from_memcache(dctx->domain, name, nctx->pwd_mc_ctx); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Deleting user from memcache failed.\n")); } return ENOENT; } /* if this is a caching provider (or if we haven't checked the cache * yet) then verify that the cache is uptodate */ if (dctx->check_provider) { ret = check_cache(dctx, nctx, dctx->res, SSS_DP_USER, name, 0, nss_cmd_getby_dp_callback, dctx); if (ret != EOK) { /* Anything but EOK means we should reenter the mainloop * because we may be refreshing the cache */ return ret; } } /* One result found */ DEBUG(6, ("Returning info for user [%s@%s]\n", name, dom->name)); return EOK; } DEBUG(SSSDBG_MINOR_FAILURE, ("No matching domain found for [%s], fail!\n", cmdctx->name)); return ENOENT; } static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx); static int nss_cmd_getgr_send_reply(struct nss_dom_ctx *dctx, bool filter); static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx); static int nss_cmd_initgr_send_reply(struct nss_dom_ctx *dctx); static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx); static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx); static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx); static errno_t nss_cmd_getbysid_send_reply(struct nss_dom_ctx *dctx); static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx); static void nss_cmd_getby_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr) { struct nss_dom_ctx *dctx = talloc_get_type(ptr, struct nss_dom_ctx); struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct cli_ctx *cctx = cmdctx->cctx; int ret; bool check_subdomains; if (err_maj) { DEBUG(2, ("Unable to get information from Data Provider\n" "Error: %u, %u, %s\n" "Will try to return what we have in cache\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg)); if ((dctx->res && dctx->res->count == 1) || (dctx->cmdctx->cmd == SSS_NSS_INITGR && dctx->res && dctx->res->count != 0)) { switch (dctx->cmdctx->cmd) { case SSS_NSS_GETPWNAM: ret = nss_cmd_getpw_send_reply(dctx, false); break; case SSS_NSS_GETGRNAM: ret = nss_cmd_getgr_send_reply(dctx, false); break; case SSS_NSS_INITGR: ret = nss_cmd_initgr_send_reply(dctx); break; case SSS_NSS_GETPWUID: ret = nss_cmd_getpw_send_reply(dctx, true); break; case SSS_NSS_GETGRGID: ret = nss_cmd_getgr_send_reply(dctx, true); break; case SSS_NSS_GETNAMEBYSID: case SSS_NSS_GETIDBYSID: case SSS_NSS_GETSIDBYNAME: case SSS_NSS_GETSIDBYID: ret = nss_cmd_getbysid_send_reply(dctx); break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid command [%d].\n", dctx->cmdctx->cmd)); ret = EINVAL; } goto done; } /* Since subdomain users and groups are fully qualified they are * typically not subject of multi-domain searches. But since POSIX * ID do not contain a domain name we have to decend to subdomains * here. */ switch (dctx->cmdctx->cmd) { case SSS_NSS_GETPWUID: case SSS_NSS_GETGRGID: case SSS_NSS_GETSIDBYID: check_subdomains = true; break; default: check_subdomains = false; } /* no previous results, just loop to next domain if possible */ if (cmdctx->check_next && get_next_domain(dctx->domain, check_subdomains)) { dctx->domain = get_next_domain(dctx->domain, check_subdomains); dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); } else { /* nothing available */ ret = ENOENT; goto done; } } /* ok the backend returned, search to see if we have updated results */ switch (dctx->cmdctx->cmd) { case SSS_NSS_GETPWNAM: ret = nss_cmd_getpwnam_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_getpw_send_reply(dctx, false); } break; case SSS_NSS_GETGRNAM: ret = nss_cmd_getgrnam_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_getgr_send_reply(dctx, false); } break; case SSS_NSS_INITGR: ret = nss_cmd_initgroups_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_initgr_send_reply(dctx); } break; case SSS_NSS_GETPWUID: ret = nss_cmd_getpwuid_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_getpw_send_reply(dctx, true); } break; case SSS_NSS_GETGRGID: ret = nss_cmd_getgrgid_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_getgr_send_reply(dctx, true); } break; case SSS_NSS_GETNAMEBYSID: case SSS_NSS_GETIDBYSID: ret = nss_cmd_getbysid_search(dctx); if (ret == EOK) { ret = nss_cmd_getbysid_send_reply(dctx); } break; case SSS_NSS_GETSIDBYNAME: ret = nss_cmd_getsidby_search(dctx); if (ret == EOK) { ret = nss_cmd_getbysid_send_reply(dctx); } break; case SSS_NSS_GETSIDBYID: ret = nss_cmd_getsidby_search(dctx); if (ret == EOK) { ret = nss_cmd_getbysid_send_reply(dctx); } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid command [%d].\n", dctx->cmdctx->cmd)); ret = EINVAL; } done: ret = nss_cmd_done(cmdctx, ret); if (ret) { NSS_CMD_FATAL_ERROR(cctx); } } static int nss_cmd_getbynam(enum sss_cli_command cmd, struct cli_ctx *cctx); static void nss_cmd_getbynam_done(struct tevent_req *req); static int nss_cmd_getpwnam(struct cli_ctx *cctx) { return nss_cmd_getbynam(SSS_NSS_GETPWNAM, cctx); } static int nss_cmd_getbynam(enum sss_cli_command cmd, struct cli_ctx *cctx) { struct tevent_req *req; struct nss_cmd_ctx *cmdctx; struct nss_dom_ctx *dctx; const char *rawname; char *domname; uint8_t *body; size_t blen; int ret; switch(cmd) { case SSS_NSS_GETPWNAM: case SSS_NSS_GETGRNAM: case SSS_NSS_INITGR: case SSS_NSS_GETSIDBYNAME: break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid command type [%d].\n", cmd)); return EINVAL; } cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = cctx; cmdctx->cmd = cmd; dctx = talloc_zero(cmdctx, struct nss_dom_ctx); if (!dctx) { ret = ENOMEM; goto done; } dctx->cmdctx = cmdctx; /* get user name to query */ sss_packet_get_body(cctx->creq->in, &body, &blen); /* if not terminated fail */ if (body[blen -1] != '\0') { ret = EINVAL; goto done; } /* If the body isn't valid UTF-8, fail */ if (!sss_utf8_check(body, blen -1)) { ret = EINVAL; goto done; } rawname = (const char *)body; DEBUG(SSSDBG_TRACE_FUNC, ("Running command [%d] with input [%s].\n", dctx->cmdctx->cmd, rawname)); /* We need to attach to subdomain request, if the first one is not * finished yet. We may not be able to lookup object in AD otherwise. */ if (cctx->rctx->get_domains_last_call.tv_sec == 0) { req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true, NULL); if (req == NULL) { ret = ENOMEM; } else { dctx->rawname = rawname; tevent_req_set_callback(req, nss_cmd_getbynam_done, dctx); ret = EAGAIN; } goto done; } domname = NULL; ret = sss_parse_name_for_domains(cmdctx, cctx->rctx->domains, cctx->rctx->default_domain, rawname, &domname, &cmdctx->name); if (ret == EAGAIN) { req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true, domname); if (req == NULL) { ret = ENOMEM; } else { dctx->rawname = rawname; tevent_req_set_callback(req, nss_cmd_getbynam_done, dctx); ret = EAGAIN; } goto done; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Invalid name received [%s]\n", rawname)); ret = ENOENT; goto done; } DEBUG(4, ("Requesting info for [%s] from [%s]\n", cmdctx->name, domname?domname:"")); if (domname) { dctx->domain = responder_get_domain(cctx->rctx, domname); if (!dctx->domain) { ret = ENOENT; goto done; } } else { /* this is a multidomain search */ dctx->rawname = rawname; dctx->domain = cctx->rctx->domains; cmdctx->check_next = true; if (cctx->rctx->get_domains_last_call.tv_sec == 0) { req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, false, NULL); if (req == NULL) { ret = ENOMEM; } else { tevent_req_set_callback(req, nss_cmd_getbynam_done, dctx); ret = EAGAIN; } goto done; } } dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); /* ok, find it ! */ switch (dctx->cmdctx->cmd) { case SSS_NSS_GETPWNAM: ret = nss_cmd_getpwnam_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_getpw_send_reply(dctx, false); } break; case SSS_NSS_GETGRNAM: ret = nss_cmd_getgrnam_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_getgr_send_reply(dctx, false); } break; case SSS_NSS_INITGR: ret = nss_cmd_initgroups_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_initgr_send_reply(dctx); } break; case SSS_NSS_GETSIDBYNAME: ret = nss_cmd_getsidby_search(dctx); if (ret == EOK) { ret = nss_cmd_getbysid_send_reply(dctx); } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid command [%d].\n", dctx->cmdctx->cmd)); ret = EINVAL; } done: return nss_cmd_done(cmdctx, ret); } static void nss_cmd_getbynam_done(struct tevent_req *req) { struct nss_dom_ctx *dctx = tevent_req_callback_data(req, struct nss_dom_ctx); struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct cli_ctx *cctx = cmdctx->cctx; char *domname = NULL; const char *rawname = dctx->rawname; errno_t ret; ret = sss_dp_get_domains_recv(req); talloc_free(req); if (ret != EOK) { goto done; } ret = sss_parse_name_for_domains(cmdctx, cctx->rctx->domains, cctx->rctx->default_domain, rawname, &domname, &cmdctx->name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Invalid name received [%s]\n", rawname)); ret = ENOENT; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Requesting info for [%s] from [%s]\n", cmdctx->name, domname?domname:"")); if (domname) { dctx->domain = responder_get_domain(cctx->rctx, domname); if (dctx->domain == NULL) { ret = ENOENT; goto done; } } else { /* this is a multidomain search */ dctx->domain = cctx->rctx->domains; cmdctx->check_next = true; } dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); /* ok, find it ! */ switch (dctx->cmdctx->cmd) { case SSS_NSS_GETPWNAM: ret = nss_cmd_getpwnam_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_getpw_send_reply(dctx, false); } break; case SSS_NSS_GETGRNAM: ret = nss_cmd_getgrnam_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_getgr_send_reply(dctx, false); } break; case SSS_NSS_INITGR: ret = nss_cmd_initgroups_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_initgr_send_reply(dctx); } break; case SSS_NSS_GETSIDBYNAME: ret = nss_cmd_getsidby_search(dctx); if (ret == EOK) { ret = nss_cmd_getbysid_send_reply(dctx); } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid command [%d].\n", dctx->cmdctx->cmd)); ret = EINVAL; } done: nss_cmd_done(cmdctx, ret); } /* search for a uid. * Returns: * ENOENT, if uid is definitely not found * EAGAIN, if uid is beeing fetched from backend via async operations * EOK, if found * anything else on a fatal error */ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx) { struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct sss_domain_info *dom = dctx->domain; struct cli_ctx *cctx = cmdctx->cctx; struct sysdb_ctx *sysdb; struct nss_ctx *nctx; int ret; int err; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); while (dom) { /* check that the uid is valid for this domain */ if ((dom->id_min && (cmdctx->id < dom->id_min)) || (dom->id_max && (cmdctx->id > dom->id_max))) { DEBUG(4, ("Uid [%lu] does not exist in domain [%s]! " "(id out of range)\n", (unsigned long)cmdctx->id, dom->name)); if (cmdctx->check_next) { dom = get_next_domain(dom, true); continue; } ret = ENOENT; goto done; } if (dom != dctx->domain) { /* make sure we reset the check_provider flag when we check * a new domain */ dctx->check_provider = NEED_CHECK_PROVIDER(dom->provider); } /* make sure to update the dctx if we changed domain */ dctx->domain = dom; DEBUG(4, ("Requesting info for [%d@%s]\n", cmdctx->id, dom->name)); sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(0, ("Fatal: Sysdb CTX not found for this domain!\n")); ret = EIO; goto done; } ret = sysdb_getpwuid(cmdctx, sysdb, dom, cmdctx->id, &dctx->res); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); ret = EIO; goto done; } if (dctx->res->count > 1) { DEBUG(0, ("getpwuid call returned more than one result !?!\n")); ret = ENOENT; goto done; } if (dctx->res->count == 0 && !dctx->check_provider) { /* if a multidomain search, try with next */ if (cmdctx->check_next) { dom = get_next_domain(dom, true); continue; } /* set negative cache only if not result of cache check */ DEBUG(SSSDBG_MINOR_FAILURE, ("No results for getpwuid call\n")); ret = ENOENT; goto done; } /* if this is a caching provider (or if we haven't checked the cache * yet) then verify that the cache is uptodate */ if (dctx->check_provider) { ret = check_cache(dctx, nctx, dctx->res, SSS_DP_USER, NULL, cmdctx->id, nss_cmd_getby_dp_callback, dctx); if (ret != EOK) { /* Anything but EOK means we should reenter the mainloop * because we may be refreshing the cache */ goto done; } } /* One result found */ DEBUG(6, ("Returning info for uid [%d@%s]\n", cmdctx->id, dom->name)); ret = EOK; goto done; } /* All domains were tried and none had the entry. */ ret = ENOENT; done: if (ret == ENOENT) { /* The entry was not found, need to set result in negative cache */ err = sss_ncache_set_uid(nctx->ncache, false, cmdctx->id); if (err != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set negative cache for UID %d\n", cmdctx->id)); } } DEBUG(SSSDBG_MINOR_FAILURE, ("No matching domain found for [%d]\n", cmdctx->id)); return ret; } static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx); static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx); static void nss_cmd_getbyid_done(struct tevent_req *req); static int nss_cmd_getpwuid(struct cli_ctx *cctx) { return nss_cmd_getbyid(SSS_NSS_GETPWUID, cctx); } static int nss_cmd_getbyid(enum sss_cli_command cmd, struct cli_ctx *cctx) { struct nss_cmd_ctx *cmdctx; struct nss_dom_ctx *dctx; struct nss_ctx *nctx; uint8_t *body; size_t blen; int ret; struct tevent_req *req; switch (cmd) { case SSS_NSS_GETPWUID: case SSS_NSS_GETGRGID: case SSS_NSS_GETSIDBYID: break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid command type [%d].\n", cmd)); return EINVAL; } nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = cctx; cmdctx->cmd = cmd; dctx = talloc_zero(cmdctx, struct nss_dom_ctx); if (!dctx) { ret = ENOMEM; goto done; } dctx->cmdctx = cmdctx; /* get id to query */ sss_packet_get_body(cctx->creq->in, &body, &blen); if (blen != sizeof(uint32_t)) { ret = EINVAL; goto done; } cmdctx->id = *((uint32_t *)body); DEBUG(SSSDBG_TRACE_FUNC, ("Running command [%d] with id [%d].\n", dctx->cmdctx->cmd, cmdctx->id)); switch(dctx->cmdctx->cmd) { case SSS_NSS_GETPWUID: ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, cmdctx->id); if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("Uid [%lu] does not exist! (negative cache)\n", (unsigned long)cmdctx->id)); ret = ENOENT; goto done; } break; case SSS_NSS_GETGRGID: ret = sss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, cmdctx->id); if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("Gid [%lu] does not exist! (negative cache)\n", (unsigned long)cmdctx->id)); ret = ENOENT; goto done; } break; case SSS_NSS_GETSIDBYID: ret = sss_ncache_check_uid(nctx->ncache, nctx->neg_timeout, cmdctx->id); if (ret != EEXIST) { ret = sss_ncache_check_gid(nctx->ncache, nctx->neg_timeout, cmdctx->id); } if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("Id [%lu] does not exist! (negative cache)\n", (unsigned long)cmdctx->id)); ret = ENOENT; goto done; } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid command [%d].\n", dctx->cmdctx->cmd)); ret = EINVAL; goto done; } /* id searches are always multidomain */ dctx->domain = cctx->rctx->domains; cmdctx->check_next = true; dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); if (cctx->rctx->get_domains_last_call.tv_sec == 0) { req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, false, NULL); if (req == NULL) { ret = ENOMEM; } else { tevent_req_set_callback(req, nss_cmd_getbyid_done, dctx); ret = EAGAIN; } goto done; } /* ok, find it ! */ switch(dctx->cmdctx->cmd) { case SSS_NSS_GETPWUID: ret = nss_cmd_getpwuid_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_getpw_send_reply(dctx, true); } break; case SSS_NSS_GETGRGID: ret = nss_cmd_getgrgid_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_getgr_send_reply(dctx, true); } break; case SSS_NSS_GETSIDBYID: ret = nss_cmd_getsidby_search(dctx); if (ret == EOK) { ret = nss_cmd_getbysid_send_reply(dctx); } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid command [%d].\n", dctx->cmdctx->cmd)); ret = EINVAL; } done: return nss_cmd_done(cmdctx, ret); } static void nss_cmd_getbyid_done(struct tevent_req *req) { struct nss_dom_ctx *dctx = tevent_req_callback_data(req, struct nss_dom_ctx); struct nss_cmd_ctx *cmdctx = dctx->cmdctx; errno_t ret; ret = sss_dp_get_domains_recv(req); talloc_free(req); if (ret != EOK) { goto done; } /* ok, find it ! */ switch(dctx->cmdctx->cmd) { case SSS_NSS_GETPWUID: ret = nss_cmd_getpwuid_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_getpw_send_reply(dctx, true); } break; case SSS_NSS_GETGRGID: ret = nss_cmd_getgrgid_search(dctx); if (ret == EOK) { /* we have results to return */ ret = nss_cmd_getgr_send_reply(dctx, true); } break; case SSS_NSS_GETNAMEBYSID: case SSS_NSS_GETIDBYSID: ret = responder_get_domain_by_id(cmdctx->cctx->rctx, cmdctx->secid, &dctx->domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot find domain for SID [%s].\n", cmdctx->secid)); ret = ENOENT; goto done; } dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); ret = nss_cmd_getbysid_search(dctx); if (ret == EOK) { ret = nss_cmd_getbysid_send_reply(dctx); } break; case SSS_NSS_GETSIDBYID: ret = nss_cmd_getsidby_search(dctx); if (ret == EOK) { ret = nss_cmd_getbysid_send_reply(dctx); } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid command [%d].\n", dctx->cmdctx->cmd)); ret = EINVAL; } done: nss_cmd_done(cmdctx, ret); } /* to keep it simple at this stage we are retrieving the * full enumeration again for each request for each process * and we also block on setpwent() for the full time needed * to retrieve the data. And endpwent() frees all the data. * Next steps are: * - use an nsssrv wide cache with data already structured * so that it can be immediately returned (see nscd way) * - use mutexes so that setpwent() can return immediately * even if the data is still being fetched * - make getpwent() wait on the mutex * * Alternatively: * - use a smarter search mechanism that keeps track of the * last user searched and return the next X users doing * an alphabetic sort and starting from the user following * the last returned user. */ static int nss_cmd_getpwent_immediate(struct nss_cmd_ctx *cmdctx); struct tevent_req * nss_cmd_setpwent_send(TALLOC_CTX *mem_ctx, struct cli_ctx *client); static void nss_cmd_setpwent_done(struct tevent_req *req); static int nss_cmd_setpwent(struct cli_ctx *cctx) { struct nss_cmd_ctx *cmdctx; struct tevent_req *req; errno_t ret = EOK; cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = cctx; req = nss_cmd_setpwent_send(cmdctx, cctx); if (!req) { DEBUG(0, ("Fatal error calling nss_cmd_setpwent_send\n")); ret = EIO; goto done; } tevent_req_set_callback(req, nss_cmd_setpwent_done, cmdctx); done: return nss_cmd_done(cmdctx, ret); } static errno_t nss_cmd_setpwent_step(struct setent_step_ctx *step_ctx); struct tevent_req *nss_cmd_setpwent_send(TALLOC_CTX *mem_ctx, struct cli_ctx *client) { errno_t ret; struct nss_ctx *nctx; struct tevent_req *req; struct setent_ctx *state; struct sss_domain_info *dom; struct setent_step_ctx *step_ctx; DEBUG(4, ("Received setpwent request\n")); nctx = talloc_get_type(client->rctx->pvt_ctx, struct nss_ctx); /* Reset the read pointers */ client->pwent_dom_idx = 0; client->pwent_cur = 0; req = tevent_req_create(mem_ctx, &state, struct setent_ctx); if (!req) { DEBUG(0, ("Could not create tevent request for setpwent\n")); return NULL; } state->nctx = nctx; state->client = client; state->dctx = talloc_zero(state, struct nss_dom_ctx); if (!state->dctx) { ret = ENOMEM; goto error; } /* check if enumeration is enabled in any domain */ for (dom = client->rctx->domains; dom; dom = get_next_domain(dom, true)) { if (dom->enumerate == true) break; } state->dctx->domain = dom; if (state->dctx->domain == NULL) { DEBUG(2, ("Enumeration disabled on all domains!\n")); ret = ENOENT; goto error; } state->dctx->check_provider = NEED_CHECK_PROVIDER(state->dctx->domain->provider); /* Is the result context already available */ if (state->nctx->pctx) { if (state->nctx->pctx->ready) { /* All of the necessary data is in place * We can return now, getpwent requests will work at this point */ tevent_req_done(req); tevent_req_post(req, state->nctx->rctx->ev); } else { /* Object is still being constructed * Register for notification when it's * ready. */ ret = nss_setent_add_ref(state, state->nctx->pctx, req); if (ret != EOK) { talloc_free(req); return NULL; } } return req; } /* Create a new result context * We are creating it on the nss_ctx so that it doesn't * go away if the original request does. We will delete * it when the refcount goes to zero; */ state->nctx->pctx = talloc_zero(nctx, struct getent_ctx); if (!state->nctx->pctx) { ret = ENOMEM; goto error; } state->getent_ctx = nctx->pctx; /* Add a callback reference for ourselves */ ret = nss_setent_add_ref(state, state->nctx->pctx, req); if (ret) goto error; /* ok, start the searches */ step_ctx = talloc_zero(state->getent_ctx, struct setent_step_ctx); if (!step_ctx) { ret = ENOMEM; goto error; } /* Steal the dom_ctx onto the step_ctx so it doesn't go out of scope if * this request is canceled while other requests are in-progress. */ step_ctx->dctx = talloc_steal(step_ctx, state->dctx); step_ctx->nctx = state->nctx; step_ctx->getent_ctx = state->getent_ctx; step_ctx->rctx = client->rctx; step_ctx->cctx = client; step_ctx->returned_to_mainloop = false; ret = nss_cmd_setpwent_step(step_ctx); if (ret != EOK && ret != EAGAIN) goto error; if (ret == EOK) { tevent_req_post(req, client->rctx->ev); } return req; error: tevent_req_error(req, ret); tevent_req_post(req, client->rctx->ev); return req; } static void nss_cmd_setpwent_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr); static void setpwent_result_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt); /* nss_cmd_setpwent_step returns * EOK if everything is done and the request needs to be posted explicitly * EAGAIN if the caller can safely return to the main loop */ static errno_t nss_cmd_setpwent_step(struct setent_step_ctx *step_ctx) { errno_t ret; struct sss_domain_info *dom = step_ctx->dctx->domain; struct resp_ctx *rctx = step_ctx->rctx; struct nss_dom_ctx *dctx = step_ctx->dctx; struct getent_ctx *pctx = step_ctx->getent_ctx; struct nss_ctx *nctx = step_ctx->nctx; struct sysdb_ctx *sysdb; struct ldb_result *res; struct timeval tv; struct tevent_timer *te; struct tevent_req *dpreq; struct dp_callback_ctx *cb_ctx; while (dom) { while (dom && dom->enumerate == 0) { dom = get_next_domain(dom, true); } if (!dom) break; if (dom != dctx->domain) { /* make sure we reset the check_provider flag when we check * a new domain */ dctx->check_provider = NEED_CHECK_PROVIDER(dom->provider); } /* make sure to update the dctx if we changed domain */ dctx->domain = dom; DEBUG(6, ("Requesting info for domain [%s]\n", dom->name)); sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(0, ("Fatal: Sysdb CTX not found for this domain!\n")); return EIO; } /* if this is a caching provider (or if we haven't checked the cache * yet) then verify that the cache is uptodate */ if (dctx->check_provider) { step_ctx->returned_to_mainloop = true; /* Only do this once per provider */ dctx->check_provider = false; dpreq = sss_dp_get_account_send(step_ctx, rctx, dctx->domain, true, SSS_DP_USER, NULL, 0, NULL); if (!dpreq) { DEBUG(SSSDBG_MINOR_FAILURE, ("Enum Cache refresh for domain [%s] failed." " Trying to return what we have in cache!\n", dom->name)); } else { cb_ctx = talloc_zero(step_ctx, struct dp_callback_ctx); if(!cb_ctx) { talloc_zfree(dpreq); return ENOMEM; } cb_ctx->callback = nss_cmd_setpwent_dp_callback; cb_ctx->ptr = step_ctx; cb_ctx->cctx = step_ctx->cctx; cb_ctx->mem_ctx = step_ctx; tevent_req_set_callback(dpreq, nsssrv_dp_send_acct_req_done, cb_ctx); return EAGAIN; } } ret = sysdb_enumpwent(dctx, sysdb, dom, &res); if (ret != EOK) { DEBUG(1, ("Enum from cache failed, skipping domain [%s]\n", dom->name)); dom = get_next_domain(dom, true); continue; } if (res->count == 0) { DEBUG(4, ("Domain [%s] has no users, skipping.\n", dom->name)); dom = get_next_domain(dom, true); continue; } nctx->pctx->doms = talloc_realloc(pctx, pctx->doms, struct dom_ctx, pctx->num +1); if (!pctx->doms) { talloc_free(pctx); nctx->pctx = NULL; return ENOMEM; } nctx->pctx->doms[pctx->num].domain = dctx->domain; nctx->pctx->doms[pctx->num].res = talloc_steal(pctx->doms, res); nctx->pctx->num++; /* do not reply until all domain searches are done */ dom = get_next_domain(dom, true); } /* We've finished all our lookups * The result object is now safe to read. */ nctx->pctx->ready = true; /* Set up a lifetime timer for this result object * We don't want this result object to outlive the * enum cache refresh timeout */ tv = tevent_timeval_current_ofs(nctx->enum_cache_timeout, 0); te = tevent_add_timer(rctx->ev, nctx->pctx, tv, setpwent_result_timeout, nctx); if (!te) { DEBUG(0, ("Could not set up life timer for setpwent result object. " "Entries may become stale.\n")); } /* Notify the waiting clients */ nss_setent_notify_done(nctx->pctx); if (step_ctx->returned_to_mainloop) { return EAGAIN; } else { return EOK; } } static void setpwent_result_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt) { struct nss_ctx *nctx = talloc_get_type(pvt, struct nss_ctx); DEBUG(1, ("setpwent result object has expired. Cleaning up.\n")); /* Free the passwd enumeration context. * If additional getpwent requests come in, they will invoke * an implicit setpwent and refresh the result object. */ talloc_zfree(nctx->pctx); } static void nss_cmd_setpwent_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr) { struct setent_step_ctx *step_ctx = talloc_get_type(ptr, struct setent_step_ctx); int ret; if (err_maj) { DEBUG(2, ("Unable to get information from Data Provider\n" "Error: %u, %u, %s\n" "Will try to return what we have in cache\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } ret = nss_cmd_setpwent_step(step_ctx); if (ret != EOK && ret != EAGAIN) { /* Notify any waiting processes of failure */ nss_setent_notify_error(step_ctx->nctx->pctx, ret); } } static errno_t nss_cmd_setpwent_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void nss_cmd_setpwent_done(struct tevent_req *req) { errno_t ret; struct nss_cmd_ctx *cmdctx = tevent_req_callback_data(req, struct nss_cmd_ctx); ret = nss_cmd_setpwent_recv(req); talloc_zfree(req); if (ret == EOK || ret == ENOENT) { /* Either we succeeded or no domains were eligible */ ret = sss_packet_new(cmdctx->cctx->creq, 0, sss_packet_get_cmd(cmdctx->cctx->creq->in), &cmdctx->cctx->creq->out); if (ret == EOK) { sss_cmd_done(cmdctx->cctx, cmdctx); return; } } /* Something bad happened */ nss_cmd_done(cmdctx, ret); } static void nss_cmd_implicit_setpwent_done(struct tevent_req *req); static int nss_cmd_getpwent(struct cli_ctx *cctx) { struct nss_ctx *nctx; struct nss_cmd_ctx *cmdctx; struct tevent_req *req; DEBUG(4, ("Requesting info for all accounts\n")); cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = cctx; /* Save the current index and cursor locations * If we end up calling setpwent implicitly, because the response object * expired and has to be recreated, we want to resume from the same * location. */ cmdctx->saved_dom_idx = cctx->pwent_dom_idx; cmdctx->saved_cur = cctx->pwent_cur; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); if(!nctx->pctx || !nctx->pctx->ready) { /* Make sure we invoke setpwent if it hasn't been run or is still * processing from another client */ req = nss_cmd_setpwent_send(cctx, cctx); if (!req) { return EIO; } tevent_req_set_callback(req, nss_cmd_implicit_setpwent_done, cmdctx); return EOK; } return nss_cmd_getpwent_immediate(cmdctx); } static int nss_cmd_retpwent(struct cli_ctx *cctx, int num); static int nss_cmd_getpwent_immediate(struct nss_cmd_ctx *cmdctx) { struct cli_ctx *cctx = cmdctx->cctx; uint8_t *body; size_t blen; uint32_t num; int ret; /* get max num of entries to return in one call */ sss_packet_get_body(cctx->creq->in, &body, &blen); if (blen != sizeof(uint32_t)) { return EINVAL; } num = *((uint32_t *)body); /* create response packet */ ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return ret; } ret = nss_cmd_retpwent(cctx, num); sss_packet_set_error(cctx->creq->out, ret); sss_cmd_done(cctx, cmdctx); return EOK; } static int nss_cmd_retpwent(struct cli_ctx *cctx, int num) { struct nss_ctx *nctx; struct getent_ctx *pctx; struct ldb_message **msgs = NULL; struct dom_ctx *pdom = NULL; int n = 0; int ret = ENOENT; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); if (!nctx->pctx) goto none; pctx = nctx->pctx; while (ret == ENOENT) { if (cctx->pwent_dom_idx >= pctx->num) break; pdom = &pctx->doms[cctx->pwent_dom_idx]; n = pdom->res->count - cctx->pwent_cur; if (n <= 0 && (cctx->pwent_dom_idx+1 < pctx->num)) { cctx->pwent_dom_idx++; pdom = &pctx->doms[cctx->pwent_dom_idx]; n = pdom->res->count; cctx->pwent_cur = 0; } if (!n) break; if (n < 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("BUG: Negative difference" "[%d - %d = %d]\n", pdom->res->count, cctx->pwent_cur, n)); DEBUG(SSSDBG_CRIT_FAILURE, ("Domain: %d (total %d)\n", cctx->pwent_dom_idx, pctx->num)); break; } if (n > num) n = num; msgs = &(pdom->res->msgs[cctx->pwent_cur]); ret = fill_pwent(cctx->creq->out, pdom->domain, nctx, true, false, msgs, &n); cctx->pwent_cur += n; } none: if (ret == ENOENT) { ret = sss_cmd_empty_packet(cctx->creq->out); } return ret; } static void nss_cmd_implicit_setpwent_done(struct tevent_req *req) { errno_t ret; struct nss_cmd_ctx *cmdctx = tevent_req_callback_data(req, struct nss_cmd_ctx); ret = nss_cmd_setpwent_recv(req); talloc_zfree(req); /* ENOENT is acceptable, as it just means that there were no entries * to be returned. This will be handled gracefully in nss_cmd_retpwent * later. */ if (ret != EOK && ret != ENOENT) { DEBUG(0, ("Implicit setpwent failed with unexpected error [%d][%s]\n", ret, strerror(ret))); NSS_CMD_FATAL_ERROR(cmdctx); } /* Restore the saved index and cursor locations */ cmdctx->cctx->pwent_dom_idx = cmdctx->saved_dom_idx; cmdctx->cctx->pwent_cur = cmdctx->saved_cur; ret = nss_cmd_getpwent_immediate(cmdctx); if (ret != EOK) { DEBUG(0, ("Immediate retrieval failed with unexpected error " "[%d][%s]\n", ret, strerror(ret))); NSS_CMD_FATAL_ERROR(cmdctx); } } static int nss_cmd_endpwent(struct cli_ctx *cctx) { struct nss_ctx *nctx; int ret; DEBUG(4, ("Terminating request info for all accounts\n")); nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); /* create response packet */ ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return ret; } if (nctx->pctx == NULL) goto done; /* Reset the indices so that subsequent requests start at zero */ cctx->pwent_dom_idx = 0; cctx->pwent_cur = 0; done: sss_cmd_done(cctx, NULL); return EOK; } /**************************************************************************** * GROUP db related functions ***************************************************************************/ void nss_update_gr_memcache(struct nss_ctx *nctx) { struct sss_domain_info *dom; struct ldb_result *res; uint64_t exp; struct sized_string key; const char *id; time_t now; int ret; int i; now = time(NULL); for (dom = nctx->rctx->domains; dom; dom = get_next_domain(dom, false)) { ret = sysdb_enumgrent(nctx, dom->sysdb, dom, &res); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to enumerate users for domain [%s]\n", dom->name)); continue; } for (i = 0; i < res->count; i++) { exp = ldb_msg_find_attr_as_uint64(res->msgs[i], SYSDB_CACHE_EXPIRE, 0); if (exp >= now) { continue; } /* names require more manipulation (build up fqname conditionally), * but uidNumber is unique and always resolvable too, so we use * that to update the cache, as it points to the same entry */ id = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_GIDNUM, NULL); if (!id) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to find gidNumber in %s.\n", ldb_dn_get_linearized(res->msgs[i]->dn))); continue; } to_sized_string(&key, id); ret = sss_mmap_cache_gr_invalidate(nctx->grp_mc_ctx, &key); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Internal failure in memory cache code: %d [%s]\n", ret, strerror(ret))); } } talloc_zfree(res); } } #define GID_ROFFSET 0 #define MNUM_ROFFSET sizeof(uint32_t) #define STRS_ROFFSET 2*sizeof(uint32_t) static int parse_member(TALLOC_CTX *mem_ctx, struct sss_domain_info *group_dom, const char *member, struct sss_domain_info **_member_dom, struct sized_string *_name, bool *_add_domain) { errno_t ret; char *username; char *domname; const char *use_member; struct sss_domain_info *member_dom; bool add_domain; ret = sss_parse_name(mem_ctx, group_dom->names, member, &domname, &username); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not parse [%s] into " "name-value components.\n", member)); return ret; } add_domain = (!IS_SUBDOMAIN(group_dom) && group_dom->fqnames); use_member = member; member_dom = group_dom; if (IS_SUBDOMAIN(group_dom) == false && domname != NULL) { /* The group is stored in the parent domain, but the member comes from. * a subdomain. No need to add the domain component, it's already * present in the memberuid/ghost attribute */ add_domain = false; } if (IS_SUBDOMAIN(group_dom) == true && domname == NULL) { /* The group is stored in a subdomain, but the member comes * from the parent domain. Need to add the domain component * of the parent domain */ add_domain = true; use_member = username; member_dom = group_dom->parent; } to_sized_string(_name, use_member); *_add_domain = add_domain; *_member_dom = member_dom; return EOK; } static int fill_members(struct sss_packet *packet, struct sss_domain_info *dom, struct nss_ctx *nctx, struct ldb_message_element *el, size_t *_rzero, size_t *_rsize, int *_memnum) { int i, ret = EOK; int memnum = *_memnum; size_t rzero= *_rzero; size_t rsize = *_rsize; char *tmpstr; struct sized_string name; TALLOC_CTX *tmp_ctx = NULL; size_t delim = 0; size_t dom_len = 0; uint8_t *body; size_t blen; const char *domain = dom->name; bool add_domain; struct sss_domain_info *member_dom; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } sss_packet_get_body(packet, &body, &blen); for (i = 0; i < el->num_values; i++) { tmpstr = sss_get_cased_name(tmp_ctx, (char *)el->values[i].data, dom->case_sensitive); if (tmpstr == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_get_cased_name failed, skipping\n")); continue; } if (nctx->filter_users_in_groups) { ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout, dom, tmpstr); if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("Group [%s] member [%s@%s] filtered out!" " (negative cache)\n", (char *)&body[rzero+STRS_ROFFSET], tmpstr, domain)); continue; } } delim = 0; dom_len = 0; ret = parse_member(tmp_ctx, dom, tmpstr, &member_dom, &name, &add_domain); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not process member %s, skipping\n", tmpstr)); continue; } if (add_domain) { delim = 1; dom_len = sss_fqdom_len(member_dom->names, member_dom); } ret = sss_packet_grow(packet, name.len + delim + dom_len); if (ret != EOK) { goto done; } sss_packet_get_body(packet, &body, &blen); if (add_domain) { ret = sss_fqname((char *)&body[rzero + rsize], name.len + delim + dom_len, member_dom->names, member_dom, name.str); if (ret >= (name.len + delim + dom_len)) { /* need more space, * got creative with the print format ? */ int t = ret - (name.len + delim + dom_len) + 1; ret = sss_packet_grow(packet, t); if (ret != EOK) { goto done; } sss_packet_get_body(packet, &body, &blen); delim += t; /* retry */ ret = sss_fqname((char *)&body[rzero + rsize], name.len + delim + dom_len, member_dom->names, member_dom, name.str); } if (ret != name.len + delim + dom_len - 1) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to generate a fully qualified name" " for member [%s@%s] of group [%s]!" " Skipping\n", name.str, domain, (char *)&body[rzero+STRS_ROFFSET])); /* reclaim space */ ret = sss_packet_shrink(packet, name.len + delim + dom_len); if (ret != EOK) { goto done; } continue; } } else { memcpy(&body[rzero + rsize], name.str, name.len); } rsize += name.len + delim + dom_len; memnum++; } ret = 0; done: *_memnum = memnum; *_rzero = rzero; *_rsize = rsize; talloc_zfree(tmp_ctx); return ret; } static int fill_grent(struct sss_packet *packet, struct sss_domain_info *dom, struct nss_ctx *nctx, bool filter_groups, bool gr_mmap_cache, struct ldb_message **msgs, int *count) { struct ldb_message *msg; struct ldb_message_element *el; uint8_t *body; size_t blen; uint32_t gid; const char *tmpstr; const char *orig_name; struct sized_string name; struct sized_string pwfield; struct sized_string fullname; size_t delim = 0; size_t dom_len = 0; int i = 0; int ret, num, memnum; size_t rzero, rsize; bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames); const char *domain = dom->name; TALLOC_CTX *tmp_ctx = NULL; if (add_domain) { delim = 1; dom_len = sss_fqdom_len(dom->names, dom); } to_sized_string(&pwfield, nctx->pwfield); num = 0; /* first 2 fields (len and reserved), filled up later */ ret = sss_packet_grow(packet, 2*sizeof(uint32_t)); if (ret != EOK) { goto done; } sss_packet_get_body(packet, &body, &blen); rzero = 2*sizeof(uint32_t); rsize = 0; for (i = 0; i < *count; i++) { talloc_zfree(tmp_ctx); tmp_ctx = talloc_new(NULL); msg = msgs[i]; /* new group */ if (!ldb_msg_check_string_attribute(msg, "objectClass", SYSDB_GROUP_CLASS)) { DEBUG(1, ("Wrong object (%s) found on stack!\n", ldb_dn_get_linearized(msg->dn))); continue; } /* new result starts at end of previous result */ rzero += rsize; rsize = 0; /* find group name/gid */ orig_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); if (!orig_name || !gid) { DEBUG(2, ("Incomplete group object for %s[%llu]! Skipping\n", orig_name?orig_name:"", (unsigned long long int)gid)); continue; } if (filter_groups) { ret = sss_ncache_check_group(nctx->ncache, nctx->neg_timeout, dom, orig_name); if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("Group [%s@%s] filtered out! (negative cache)\n", orig_name, domain)); continue; } } tmpstr = sss_get_cased_name(tmp_ctx, orig_name, dom->case_sensitive); if (tmpstr == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_get_cased_name failed, skipping\n")); continue; } to_sized_string(&name, tmpstr); /* fill in gid and name and set pointer for number of members */ rsize = STRS_ROFFSET + name.len + pwfield.len; /* name\0x\0 */ if (add_domain) rsize += delim + dom_len; ret = sss_packet_grow(packet, rsize); if (ret != EOK) { num = 0; goto done; } sss_packet_get_body(packet, &body, &blen); /* 0-3: 32bit number gid */ SAFEALIGN_SET_UINT32(&body[rzero+GID_ROFFSET], gid, NULL); /* 4-7: 32bit unsigned number of members */ SAFEALIGN_SET_UINT32(&body[rzero+MNUM_ROFFSET], 0, NULL); /* 8-X: sequence of strings (name, passwd, mem..) */ if (add_domain) { ret = sss_fqname((char *)&body[rzero+STRS_ROFFSET], name.len + delim + dom_len, dom->names, dom, name.str); if (ret >= (name.len + delim + dom_len)) { /* need more space, got creative with the print format ? */ int t = ret - (name.len + delim + dom_len) + 1; ret = sss_packet_grow(packet, t); if (ret != EOK) { num = 0; goto done; } sss_packet_get_body(packet, &body, &blen); rsize += t; delim += t; /* retry */ ret = sss_fqname((char *)&body[rzero+STRS_ROFFSET], name.len + delim + dom_len, dom->names, dom, name.str); } if (ret != name.len + delim + dom_len - 1) { DEBUG(1, ("Failed to generate a fully qualified name for" " group [%s] in [%s]! Skipping\n", name.str, domain)); /* reclaim space */ ret = sss_packet_shrink(packet, rsize); if (ret != EOK) { num = 0; goto done; } rsize = 0; continue; } } else { memcpy(&body[rzero+STRS_ROFFSET], name.str, name.len); } to_sized_string(&fullname, (const char *)&body[rzero+STRS_ROFFSET]); /* group passwd field */ memcpy(&body[rzero+STRS_ROFFSET + fullname.len], pwfield.str, pwfield.len); memnum = 0; if (!dom->ignore_group_members) { el = ldb_msg_find_element(msg, SYSDB_MEMBERUID); if (el) { ret = fill_members(packet, dom, nctx, el, &rzero, &rsize, &memnum); if (ret != EOK) { num = 0; goto done; } sss_packet_get_body(packet, &body, &blen); } el = ldb_msg_find_element(msg, SYSDB_GHOST); if (el) { ret = fill_members(packet, dom, nctx, el, &rzero, &rsize, &memnum); if (ret != EOK) { num = 0; goto done; } sss_packet_get_body(packet, &body, &blen); } } if (memnum) { /* set num of members */ SAFEALIGN_SET_UINT32(&body[rzero+MNUM_ROFFSET], memnum, NULL); } num++; if (gr_mmap_cache && nctx->grp_mc_ctx) { /* body was reallocated, so fullname might be pointing to * where body used to be, not where it is */ to_sized_string(&fullname, (const char *)&body[rzero+STRS_ROFFSET]); ret = sss_mmap_cache_gr_store(&nctx->grp_mc_ctx, &fullname, &pwfield, gid, memnum, (char *)&body[rzero] + STRS_ROFFSET + fullname.len + pwfield.len, rsize - STRS_ROFFSET - fullname.len - pwfield.len); if (ret != EOK && ret != ENOMEM) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to store group %s(%s) in mmap cache!", name.str, domain)); } } continue; } talloc_zfree(tmp_ctx); done: *count = i; if (num == 0) { /* if num is 0 most probably something went wrong, * reset packet and return ENOENT */ ret = sss_packet_set_size(packet, 0); if (ret != EOK) return ret; return ENOENT; } ((uint32_t *)body)[0] = num; /* num results */ ((uint32_t *)body)[1] = 0; /* reserved */ return EOK; } static int nss_cmd_getgr_send_reply(struct nss_dom_ctx *dctx, bool filter) { struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct cli_ctx *cctx = cmdctx->cctx; struct nss_ctx *nctx; int ret; int i; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return EFAULT; } i = dctx->res->count; ret = fill_grent(cctx->creq->out, dctx->domain, nctx, filter, true, dctx->res->msgs, &i); if (ret) { return ret; } sss_packet_set_error(cctx->creq->out, EOK); sss_cmd_done(cctx, cmdctx); return EOK; } /* search for a group. * Returns: * ENOENT, if group is definitely not found * EAGAIN, if group is beeing fetched from backend via async operations * EOK, if found * anything else on a fatal error */ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx) { struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct sss_domain_info *dom = dctx->domain; struct cli_ctx *cctx = cmdctx->cctx; char *name = NULL; struct sysdb_ctx *sysdb; struct nss_ctx *nctx; int ret; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); while (dom) { /* if it is a domainless search, skip domains that require fully * qualified names instead */ while (dom && cmdctx->check_next && dom->fqnames) { dom = get_next_domain(dom, false); } if (!dom) break; if (dom != dctx->domain) { /* make sure we reset the check_provider flag when we check * a new domain */ dctx->check_provider = NEED_CHECK_PROVIDER(dom->provider); } /* make sure to update the dctx if we changed domain */ dctx->domain = dom; talloc_free(name); name = sss_get_cased_name(dctx, cmdctx->name, dom->case_sensitive); if (!name) return ENOMEM; /* verify this group has not yet been negatively cached, * or has been permanently filtered */ ret = sss_ncache_check_group(nctx->ncache, nctx->neg_timeout, dom, name); /* if neg cached, return we didn't find it */ if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("Group [%s] does not exist in [%s]! (negative cache)\n", name, dom->name)); /* if a multidomain search, try with next */ if (cmdctx->check_next) { dom = get_next_domain(dom, false); continue; } /* There are no further domains or this was a * fully-qualified user request. */ return ENOENT; } DEBUG(4, ("Requesting info for [%s@%s]\n", name, dom->name)); sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(0, ("Fatal: Sysdb CTX not found for this domain!\n")); return EIO; } ret = sysdb_getgrnam(cmdctx, sysdb, dom, name, &dctx->res); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); return EIO; } if (dctx->res->count > 1) { DEBUG(0, ("getgrnam call returned more than one result !?!\n")); return ENOENT; } if (dctx->res->count == 0 && !dctx->check_provider) { /* set negative cache only if not result of cache check */ ret = sss_ncache_set_group(nctx->ncache, false, dom, name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set negcache for %s@%s\n", name, dom->name)); } /* if a multidomain search, try with next */ if (cmdctx->check_next) { dom = get_next_domain(dom, false); if (dom) continue; } DEBUG(2, ("No results for getgrnam call\n")); /* Group not found in ldb -> delete group from memory cache. */ ret = delete_entry_from_memcache(dctx->domain, name, nctx->grp_mc_ctx); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Deleting group from memcache failed.\n")); } return ENOENT; } /* if this is a caching provider (or if we haven't checked the cache * yet) then verify that the cache is uptodate */ if (dctx->check_provider) { ret = check_cache(dctx, nctx, dctx->res, SSS_DP_GROUP, name, 0, nss_cmd_getby_dp_callback, dctx); if (ret != EOK) { /* Anything but EOK means we should reenter the mainloop * because we may be refreshing the cache */ return ret; } } /* One result found */ DEBUG(6, ("Returning info for group [%s@%s]\n", name, dom->name)); return EOK; } DEBUG(SSSDBG_MINOR_FAILURE, ("No matching domain found for [%s], fail!\n", cmdctx->name)); return ENOENT; } static int nss_cmd_getgrnam(struct cli_ctx *cctx) { return nss_cmd_getbynam(SSS_NSS_GETGRNAM, cctx); } /* search for a gid. * Returns: * ENOENT, if gid is definitely not found * EAGAIN, if gid is beeing fetched from backend via async operations * EOK, if found * anything else on a fatal error */ static int nss_cmd_getgrgid_search(struct nss_dom_ctx *dctx) { struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct sss_domain_info *dom = dctx->domain; struct cli_ctx *cctx = cmdctx->cctx; struct sysdb_ctx *sysdb; struct nss_ctx *nctx; int ret; int err; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); while (dom) { /* check that the gid is valid for this domain */ if ((dom->id_min && (cmdctx->id < dom->id_min)) || (dom->id_max && (cmdctx->id > dom->id_max))) { DEBUG(4, ("Gid [%lu] does not exist in domain [%s]! " "(id out of range)\n", (unsigned long)cmdctx->id, dom->name)); if (cmdctx->check_next) { dom = get_next_domain(dom, true); continue; } ret = ENOENT; goto done; } if (dom != dctx->domain) { /* make sure we reset the check_provider flag when we check * a new domain */ dctx->check_provider = NEED_CHECK_PROVIDER(dom->provider); } /* make sure to update the dctx if we changed domain */ dctx->domain = dom; DEBUG(4, ("Requesting info for [%d@%s]\n", cmdctx->id, dom->name)); sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(0, ("Fatal: Sysdb CTX not found for this domain!\n")); ret = EIO; goto done; } ret = sysdb_getgrgid(cmdctx, sysdb, dom, cmdctx->id, &dctx->res); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); ret = EIO; goto done; } if (dctx->res->count > 1) { DEBUG(0, ("getgrgid call returned more than one result !?!\n")); ret = ENOENT; goto done; } if (dctx->res->count == 0 && !dctx->check_provider) { /* if a multidomain search, try with next */ if (cmdctx->check_next) { dom = get_next_domain(dom, true); continue; } /* set negative cache only if not result of cache check */ DEBUG(SSSDBG_MINOR_FAILURE, ("No results for getgrgid call\n")); ret = ENOENT; goto done; } /* if this is a caching provider (or if we haven't checked the cache * yet) then verify that the cache is uptodate */ if (dctx->check_provider) { ret = check_cache(dctx, nctx, dctx->res, SSS_DP_GROUP, NULL, cmdctx->id, nss_cmd_getby_dp_callback, dctx); if (ret != EOK) { /* Anything but EOK means we should reenter the mainloop * because we may be refreshing the cache */ goto done; } } /* One result found */ DEBUG(6, ("Returning info for gid [%d@%s]\n", cmdctx->id, dom->name)); /* Success. Break from the loop and return EOK */ ret = EOK; goto done; } /* All domains were tried and none had the entry. */ ret = ENOENT; done: if (ret == ENOENT) { /* The entry was not found, need to set result in negative cache */ err = sss_ncache_set_gid(nctx->ncache, false, cmdctx->id); if (err != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set negative cache for GID %d\n", cmdctx->id)); } } DEBUG(SSSDBG_MINOR_FAILURE, ("No matching domain found for [%d]\n", cmdctx->id)); return ret; } static int nss_cmd_getgrgid(struct cli_ctx *cctx) { return nss_cmd_getbyid(SSS_NSS_GETGRGID, cctx); } /* to keep it simple at this stage we are retrieving the * full enumeration again for each request for each process * and we also block on setgrent() for the full time needed * to retrieve the data. And endgrent() frees all the data. * Next steps are: * - use and nsssrv wide cache with data already structured * so that it can be immediately returned (see nscd way) * - use mutexes so that setgrent() can return immediately * even if the data is still being fetched * - make getgrent() wait on the mutex */ struct tevent_req *nss_cmd_setgrent_send(TALLOC_CTX *mem_ctx, struct cli_ctx *client); static void nss_cmd_setgrent_done(struct tevent_req *req); static int nss_cmd_setgrent(struct cli_ctx *cctx) { struct nss_cmd_ctx *cmdctx; struct tevent_req *req; errno_t ret = EOK; cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = cctx; req = nss_cmd_setgrent_send(cmdctx, cctx); if (!req) { DEBUG(0, ("Fatal error calling nss_cmd_setgrent_send\n")); ret = EIO; goto done; } tevent_req_set_callback(req, nss_cmd_setgrent_done, cmdctx); done: return nss_cmd_done(cmdctx, ret); } static errno_t nss_cmd_setgrent_step(struct setent_step_ctx *step_ctx); struct tevent_req *nss_cmd_setgrent_send(TALLOC_CTX *mem_ctx, struct cli_ctx *client) { errno_t ret; struct nss_ctx *nctx; struct tevent_req *req; struct setent_ctx *state; struct sss_domain_info *dom; struct setent_step_ctx *step_ctx; DEBUG(4, ("Received setgrent request\n")); nctx = talloc_get_type(client->rctx->pvt_ctx, struct nss_ctx); /* Reset the read pointers */ client->grent_dom_idx = 0; client->grent_cur = 0; req = tevent_req_create(mem_ctx, &state, struct setent_ctx); if (!req) { DEBUG(0, ("Could not create tevent request for setgrent\n")); return NULL; } state->nctx = nctx; state->client = client; state->dctx = talloc_zero(state, struct nss_dom_ctx); if (!state->dctx) { ret = ENOMEM; goto error; } /* check if enumeration is enabled in any domain */ for (dom = client->rctx->domains; dom; dom = get_next_domain(dom, true)) { if (dom->enumerate == true) break; } state->dctx->domain = dom; if (state->dctx->domain == NULL) { DEBUG(2, ("Enumeration disabled on all domains!\n")); ret = ENOENT; goto error; } state->dctx->check_provider = NEED_CHECK_PROVIDER(state->dctx->domain->provider); /* Is the result context already available */ if (state->nctx->gctx) { if (state->nctx->gctx->ready) { /* All of the necessary data is in place * We can return now, getgrent requests will work at this point */ tevent_req_done(req); tevent_req_post(req, state->nctx->rctx->ev); } else { /* Object is still being constructed * Register for notification when it's * ready. */ ret = nss_setent_add_ref(state, state->nctx->gctx, req); if (ret != EOK) { talloc_free(req); return NULL; } } return req; } /* Create a new result context * We are creating it on the nss_ctx so that it doesn't * go away if the original request does. We will delete * it when the refcount goes to zero; */ state->nctx->gctx = talloc_zero(nctx, struct getent_ctx); if (!state->nctx->gctx) { ret = ENOMEM; goto error; } state->getent_ctx = nctx->gctx; /* Add a callback reference for ourselves */ ret = nss_setent_add_ref(state, state->nctx->gctx, req); if (ret) goto error; /* ok, start the searches */ step_ctx = talloc_zero(state->getent_ctx, struct setent_step_ctx); if (!step_ctx) { ret = ENOMEM; goto error; } /* Steal the dom_ctx onto the step_ctx so it doesn't go out of scope if * this request is canceled while other requests are in-progress. */ step_ctx->dctx = talloc_steal(step_ctx, state->dctx); step_ctx->nctx = state->nctx; step_ctx->getent_ctx = state->getent_ctx; step_ctx->rctx = client->rctx; step_ctx->cctx = client; step_ctx->returned_to_mainloop = false; ret = nss_cmd_setgrent_step(step_ctx); if (ret != EOK && ret != EAGAIN) goto error; if (ret == EOK) { tevent_req_post(req, client->rctx->ev); } return req; error: tevent_req_error(req, ret); tevent_req_post(req, client->rctx->ev); return req; } static void nss_cmd_setgrent_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr); static void setgrent_result_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt); /* nss_cmd_setgrent_step returns * EOK if everything is done and the request needs to be posted explicitly * EAGAIN if the caller can safely return to the main loop */ static errno_t nss_cmd_setgrent_step(struct setent_step_ctx *step_ctx) { errno_t ret; struct sss_domain_info *dom = step_ctx->dctx->domain; struct resp_ctx *rctx = step_ctx->rctx; struct nss_dom_ctx *dctx = step_ctx->dctx; struct getent_ctx *gctx = step_ctx->getent_ctx; struct nss_ctx *nctx = step_ctx->nctx; struct sysdb_ctx *sysdb; struct ldb_result *res; struct timeval tv; struct tevent_timer *te; struct tevent_req *dpreq; struct dp_callback_ctx *cb_ctx; while (dom) { while (dom && dom->enumerate == 0) { dom = get_next_domain(dom, true); } if (!dom) break; if (dom != dctx->domain) { /* make sure we reset the check_provider flag when we check * a new domain */ dctx->check_provider = NEED_CHECK_PROVIDER(dom->provider); } /* make sure to update the dctx if we changed domain */ dctx->domain = dom; DEBUG(6, ("Requesting info for domain [%s]\n", dom->name)); sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(0, ("Fatal: Sysdb CTX not found for this domain!\n")); return EIO; } /* if this is a caching provider (or if we haven't checked the cache * yet) then verify that the cache is uptodate */ if (dctx->check_provider) { step_ctx->returned_to_mainloop = true; /* Only do this once per provider */ dctx->check_provider = false; dpreq = sss_dp_get_account_send(step_ctx, rctx, dctx->domain, true, SSS_DP_GROUP, NULL, 0, NULL); if (!dpreq) { DEBUG(SSSDBG_MINOR_FAILURE, ("Enum Cache refresh for domain [%s] failed." " Trying to return what we have in cache!\n", dom->name)); } else { cb_ctx = talloc_zero(step_ctx, struct dp_callback_ctx); if(!cb_ctx) { talloc_zfree(dpreq); return ENOMEM; } cb_ctx->callback = nss_cmd_setgrent_dp_callback; cb_ctx->ptr = step_ctx; cb_ctx->cctx = step_ctx->cctx; cb_ctx->mem_ctx = step_ctx; tevent_req_set_callback(dpreq, nsssrv_dp_send_acct_req_done, cb_ctx); return EAGAIN; } } ret = sysdb_enumgrent(dctx, sysdb, dom, &res); if (ret != EOK) { DEBUG(1, ("Enum from cache failed, skipping domain [%s]\n", dom->name)); dom = get_next_domain(dom, true); continue; } if (res->count == 0) { DEBUG(4, ("Domain [%s] has no groups, skipping.\n", dom->name)); dom = get_next_domain(dom, true); continue; } nctx->gctx->doms = talloc_realloc(gctx, gctx->doms, struct dom_ctx, gctx->num +1); if (!gctx->doms) { talloc_free(gctx); nctx->gctx = NULL; return ENOMEM; } nctx->gctx->doms[gctx->num].domain = dctx->domain; nctx->gctx->doms[gctx->num].res = talloc_steal(gctx->doms, res); nctx->gctx->num++; /* do not reply until all domain searches are done */ dom = get_next_domain(dom, true); } /* We've finished all our lookups * The result object is now safe to read. */ nctx->gctx->ready = true; /* Set up a lifetime timer for this result object * We don't want this result object to outlive the * enum cache refresh timeout */ tv = tevent_timeval_current_ofs(nctx->enum_cache_timeout, 0); te = tevent_add_timer(rctx->ev, nctx->gctx, tv, setgrent_result_timeout, nctx); if (!te) { DEBUG(0, ("Could not set up life timer for setgrent result object. " "Entries may become stale.\n")); } /* Notify the waiting clients */ nss_setent_notify_done(nctx->gctx); if (step_ctx->returned_to_mainloop) { return EAGAIN; } else { return EOK; } } static void setgrent_result_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *pvt) { struct nss_ctx *nctx = talloc_get_type(pvt, struct nss_ctx); DEBUG(1, ("setgrent result object has expired. Cleaning up.\n")); /* Free the group enumeration context. * If additional getgrent requests come in, they will invoke * an implicit setgrent and refresh the result object. */ talloc_zfree(nctx->gctx); } static void nss_cmd_setgrent_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr) { struct setent_step_ctx *step_ctx = talloc_get_type(ptr, struct setent_step_ctx); int ret; if (err_maj) { DEBUG(2, ("Unable to get information from Data Provider\n" "Error: %u, %u, %s\n" "Will try to return what we have in cache\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } ret = nss_cmd_setgrent_step(step_ctx); if (ret != EOK && ret != EAGAIN) { /* Notify any waiting processes of failure */ nss_setent_notify_error(step_ctx->nctx->gctx, ret); } } static errno_t nss_cmd_setgrent_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void nss_cmd_setgrent_done(struct tevent_req *req) { errno_t ret; struct nss_cmd_ctx *cmdctx = tevent_req_callback_data(req, struct nss_cmd_ctx); ret = nss_cmd_setgrent_recv(req); talloc_zfree(req); if (ret == EOK || ret == ENOENT) { /* Either we succeeded or no domains were eligible */ ret = sss_packet_new(cmdctx->cctx->creq, 0, sss_packet_get_cmd(cmdctx->cctx->creq->in), &cmdctx->cctx->creq->out); if (ret == EOK) { sss_cmd_done(cmdctx->cctx, cmdctx); return; } } /* Something bad happened */ nss_cmd_done(cmdctx, ret); } static int nss_cmd_retgrent(struct cli_ctx *cctx, int num) { struct nss_ctx *nctx; struct getent_ctx *gctx; struct ldb_message **msgs = NULL; struct dom_ctx *gdom = NULL; int n = 0; int ret = ENOENT; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); if (!nctx->gctx) goto none; gctx = nctx->gctx; while (ret == ENOENT) { if (cctx->grent_dom_idx >= gctx->num) break; gdom = &gctx->doms[cctx->grent_dom_idx]; n = gdom->res->count - cctx->grent_cur; if (n <= 0 && (cctx->grent_dom_idx+1 < gctx->num)) { cctx->grent_dom_idx++; gdom = &gctx->doms[cctx->grent_dom_idx]; n = gdom->res->count; cctx->grent_cur = 0; } if (!n) break; if (n > num) n = num; msgs = &(gdom->res->msgs[cctx->grent_cur]); ret = fill_grent(cctx->creq->out, gdom->domain, nctx, true, false, msgs, &n); cctx->grent_cur += n; } none: if (ret == ENOENT) { ret = sss_cmd_empty_packet(cctx->creq->out); } return ret; } static int nss_cmd_getgrent_immediate(struct nss_cmd_ctx *cmdctx) { struct cli_ctx *cctx = cmdctx->cctx; uint8_t *body; size_t blen; uint32_t num; int ret; /* get max num of entries to return in one call */ sss_packet_get_body(cctx->creq->in, &body, &blen); if (blen != sizeof(uint32_t)) { return EINVAL; } num = *((uint32_t *)body); /* create response packet */ ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return ret; } ret = nss_cmd_retgrent(cctx, num); sss_packet_set_error(cctx->creq->out, ret); sss_cmd_done(cctx, cmdctx); return EOK; } static void nss_cmd_implicit_setgrent_done(struct tevent_req *req); static int nss_cmd_getgrent(struct cli_ctx *cctx) { struct nss_ctx *nctx; struct nss_cmd_ctx *cmdctx; struct tevent_req *req; DEBUG(4, ("Requesting info for all groups\n")); cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = cctx; /* Save the current index and cursor locations * If we end up calling setgrent implicitly, because the response object * expired and has to be recreated, we want to resume from the same * location. */ cmdctx->saved_dom_idx = cctx->grent_dom_idx; cmdctx->saved_cur = cctx->grent_cur; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); if(!nctx->gctx || !nctx->gctx->ready) { /* Make sure we invoke setgrent if it hasn't been run or is still * processing from another client */ req = nss_cmd_setgrent_send(cctx, cctx); if (!req) { return EIO; } tevent_req_set_callback(req, nss_cmd_implicit_setgrent_done, cmdctx); return EOK; } return nss_cmd_getgrent_immediate(cmdctx); } static void nss_cmd_implicit_setgrent_done(struct tevent_req *req) { errno_t ret; struct nss_cmd_ctx *cmdctx = tevent_req_callback_data(req, struct nss_cmd_ctx); ret = nss_cmd_setgrent_recv(req); talloc_zfree(req); /* ENOENT is acceptable, as it just means that there were no entries * to be returned. This will be handled gracefully in nss_cmd_retpwent * later. */ if (ret != EOK && ret != ENOENT) { DEBUG(0, ("Implicit setgrent failed with unexpected error [%d][%s]\n", ret, strerror(ret))); NSS_CMD_FATAL_ERROR(cmdctx); } /* Restore the saved index and cursor locations */ cmdctx->cctx->grent_dom_idx = cmdctx->saved_dom_idx; cmdctx->cctx->grent_cur = cmdctx->saved_cur; ret = nss_cmd_getgrent_immediate(cmdctx); if (ret != EOK) { DEBUG(0, ("Immediate retrieval failed with unexpected error " "[%d][%s]\n", ret, strerror(ret))); NSS_CMD_FATAL_ERROR(cmdctx); } } static int nss_cmd_endgrent(struct cli_ctx *cctx) { struct nss_ctx *nctx; int ret; DEBUG(4, ("Terminating request info for all groups\n")); nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); /* create response packet */ ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return ret; } if (nctx->gctx == NULL) goto done; /* Reset the indices so that subsequent requests start at zero */ cctx->grent_dom_idx = 0; cctx->grent_cur = 0; done: sss_cmd_done(cctx, NULL); return EOK; } void nss_update_initgr_memcache(struct nss_ctx *nctx, const char *name, const char *domain, int gnum, uint32_t *groups) { TALLOC_CTX *tmp_ctx = NULL; struct sss_domain_info *dom; struct ldb_result *res; struct sized_string delete_name; bool changed = false; uint32_t id; uint32_t gids[gnum]; int ret; int i, j; for (dom = nctx->rctx->domains; dom; dom = get_next_domain(dom, false)) { if (strcasecmp(dom->name, domain) == 0) { break; } } if (dom == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Unknown domain (%s) requested by provider\n", domain)); return; } tmp_ctx = talloc_new(NULL); ret = sysdb_initgroups(tmp_ctx, dom->sysdb, dom, name, &res); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to make request to our cache! [%d][%s]\n", ret, strerror(ret))); goto done; } /* copy, we need the original intact in case we need to invalidate * all the original groups */ memcpy(gids, groups, gnum * sizeof(uint32_t)); if (ret == ENOENT || res->count == 0) { /* The user is gone. Invalidate the mc record */ to_sized_string(&delete_name, name); ret = sss_mmap_cache_pw_invalidate(nctx->pwd_mc_ctx, &delete_name); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Internal failure in memory cache code: %d [%s]\n", ret, strerror(ret))); } /* Also invalidate his groups */ changed = true; } else { /* we skip the first entry, it's the user itself */ for (i = 0; i < res->count; i++) { id = ldb_msg_find_attr_as_uint(res->msgs[i], SYSDB_GIDNUM, 0); if (id == 0) { /* probably non-posix group, skip */ continue; } for (j = 0; j < gnum; j++) { if (gids[j] == id) { gids[j] = 0; break; } } if (j >= gnum) { /* we couldn't find a match, this means the groups have * changed after the refresh */ changed = true; break; } } if (!changed) { for (j = 0; j < gnum; j++) { if (gids[j] != 0) { /* we found an un-cleared groups, this means the groups * have changed after the refresh (some got deleted) */ changed = true; break; } } } } if (changed) { for (i = 0; i < gnum; i++) { id = groups[i]; ret = sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, id); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Internal failure in memory cache code: %d [%s]\n", ret, strerror(ret))); } } } done: talloc_free(tmp_ctx); } /* FIXME: what about mpg, should we return the user's GID ? */ /* FIXME: should we filter out GIDs ? */ static int fill_initgr(struct sss_packet *packet, struct ldb_result *res) { uint8_t *body; size_t blen; gid_t gid; int ret, i, num, bindex; int skipped = 0; const char *posix; gid_t orig_primary_gid; if (res->count == 0) { return ENOENT; } /* one less, the first one is the user entry */ num = res->count -1; ret = sss_packet_grow(packet, (2 + res->count) * sizeof(uint32_t)); if (ret != EOK) { return ret; } sss_packet_get_body(packet, &body, &blen); orig_primary_gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_PRIMARY_GROUP_GIDNUM, 0); /* If the GID of the original primary group is available but equal to the * current primary GID it must not be added. */ if (orig_primary_gid != 0) { gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); if (orig_primary_gid == gid) { orig_primary_gid = 0; } } /* skip first entry, it's the user entry */ bindex = 0; for (i = 0; i < num; i++) { gid = ldb_msg_find_attr_as_uint64(res->msgs[i + 1], SYSDB_GIDNUM, 0); posix = ldb_msg_find_attr_as_string(res->msgs[i + 1], SYSDB_POSIX, NULL); if (!gid) { if (posix && strcmp(posix, "FALSE") == 0) { skipped++; continue; } else { DEBUG(1, ("Incomplete group object for initgroups! Aborting\n")); return EFAULT; } } ((uint32_t *)body)[2 + bindex] = gid; bindex++; /* do not add the GID of the original primary group is the user is * already and explicit member of the group. */ if (orig_primary_gid == gid) { orig_primary_gid = 0; } } if (orig_primary_gid != 0) { ((uint32_t *)body)[2 + bindex] = orig_primary_gid; bindex++; num++; } ((uint32_t *)body)[0] = num-skipped; /* num results */ ((uint32_t *)body)[1] = 0; /* reserved */ blen = (2 + bindex) * sizeof(uint32_t); ret = sss_packet_set_size(packet, blen); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not set packet size to value:%zu\n", blen)); return ret; } return EOK; } static int nss_cmd_initgr_send_reply(struct nss_dom_ctx *dctx) { struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct cli_ctx *cctx = cmdctx->cctx; int ret; ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return EFAULT; } ret = fill_initgr(cctx->creq->out, dctx->res); if (ret) { return ret; } sss_packet_set_error(cctx->creq->out, EOK); sss_cmd_done(cctx, cmdctx); return EOK; } static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx) { struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct sss_domain_info *dom = dctx->domain; struct cli_ctx *cctx = cmdctx->cctx; char *name = NULL; struct sysdb_ctx *sysdb; struct nss_ctx *nctx; int ret; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); while (dom) { /* if it is a domainless search, skip domains that require fully * qualified names instead */ while (dom && cmdctx->check_next && dom->fqnames) { dom = get_next_domain(dom, false); } if (!dom) break; if (dom != dctx->domain) { /* make sure we reset the check_provider flag when we check * a new domain */ dctx->check_provider = NEED_CHECK_PROVIDER(dom->provider); } /* make sure to update the dctx if we changed domain */ dctx->domain = dom; talloc_free(name); name = sss_get_cased_name(dctx, cmdctx->name, dom->case_sensitive); if (!name) return ENOMEM; /* verify this user has not yet been negatively cached, * or has been permanently filtered */ ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout, dom, name); /* if neg cached, return we didn't find it */ if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("User [%s] does not exist in [%s]! (negative cache)\n", name, dom->name)); /* if a multidomain search, try with next */ if (cmdctx->check_next) { dom = get_next_domain(dom, false); continue; } /* There are no further domains or this was a * fully-qualified user request. */ return ENOENT; } DEBUG(4, ("Requesting info for [%s@%s]\n", name, dom->name)); sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(0, ("Fatal: Sysdb CTX not found for this domain!\n")); return EIO; } ret = sysdb_initgroups(cmdctx, sysdb, dom, name, &dctx->res); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache! [%d][%s]\n", ret, strerror(ret))); return EIO; } if (dctx->res->count == 0 && !dctx->check_provider) { /* set negative cache only if not result of cache check */ ret = sss_ncache_set_user(nctx->ncache, false, dom, name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set negcache for %s@%s\n", name, dom->name)); } /* if a multidomain search, try with next */ if (cmdctx->check_next) { dom = get_next_domain(dom, false); if (dom) continue; } DEBUG(2, ("No results for initgroups call\n")); return ENOENT; } /* if this is a caching provider (or if we haven't checked the cache * yet) then verify that the cache is uptodate */ if (dctx->check_provider) { ret = check_cache(dctx, nctx, dctx->res, SSS_DP_INITGROUPS, name, 0, nss_cmd_getby_dp_callback, dctx); if (ret != EOK) { /* Anything but EOK means we should reenter the mainloop * because we may be refreshing the cache */ return ret; } } DEBUG(6, ("Initgroups for [%s@%s] completed\n", name, dom->name)); return EOK; } DEBUG(SSSDBG_MINOR_FAILURE, ("No matching domain found for [%s], fail!\n", cmdctx->name)); return ENOENT; } /* for now, if we are online, try to always query the backend */ static int nss_cmd_initgroups(struct cli_ctx *cctx) { return nss_cmd_getbynam(SSS_NSS_INITGR, cctx); } static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx) { struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct sss_domain_info *dom = dctx->domain; struct cli_ctx *cctx = cmdctx->cctx; struct sysdb_ctx *sysdb; struct nss_ctx *nctx; int ret; int err; const char *attrs[] = {SYSDB_NAME, SYSDB_OBJECTCLASS, SYSDB_SID_STR, NULL}; bool user_found = false; bool group_found = false; struct ldb_message *msg = NULL; char *sysdb_name = NULL; char *name = NULL; char *req_name; uint32_t req_id; int req_type; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); while (dom) { if (cmdctx->cmd == SSS_NSS_GETSIDBYID) { /* check that the uid is valid for this domain */ if ((dom->id_min && (cmdctx->id < dom->id_min)) || (dom->id_max && (cmdctx->id > dom->id_max))) { DEBUG(SSSDBG_TRACE_FUNC, ("Uid [%lu] does not exist in domain [%s]! " "(id out of range)\n", (unsigned long)cmdctx->id, dom->name)); if (cmdctx->check_next) { dom = get_next_domain(dom, true); continue; } ret = ENOENT; goto done; } } else { /* if it is a domainless search, skip domains that require fully * qualified names instead */ while (dom && cmdctx->check_next && dom->fqnames) { dom = get_next_domain(dom, false); } if (!dom) break; } if (dom != dctx->domain) { /* make sure we reset the check_provider flag when we check * a new domain */ dctx->check_provider = NEED_CHECK_PROVIDER(dom->provider); } /* make sure to update the dctx if we changed domain */ dctx->domain = dom; if (cmdctx->cmd == SSS_NSS_GETSIDBYID) { DEBUG(SSSDBG_TRACE_FUNC, ("Requesting info for [%d@%s]\n", cmdctx->id, dom->name)); } else { talloc_free(name); talloc_zfree(sysdb_name); name = sss_get_cased_name(cmdctx, cmdctx->name, dom->case_sensitive); if (name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sss_get_cased_name failed.\n")); ret = ENOMEM; goto done; } /* For subdomains a fully qualified name is needed for * sysdb_search_user_by_name and sysdb_search_group_by_name. */ if (IS_SUBDOMAIN(dom)) { sysdb_name = sss_tc_fqname(cmdctx, dom->names, dom, name); if (sysdb_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } } /* verify this user has not yet been negatively cached, * or has been permanently filtered */ ret = sss_ncache_check_user(nctx->ncache, nctx->neg_timeout, dom, name); /* if neg cached, return we didn't find it */ if (ret == EEXIST) { DEBUG(SSSDBG_TRACE_FUNC, ("User [%s] does not exist in [%s]! (negative cache)\n", name, dom->name)); /* if a multidomain search, try with next */ if (cmdctx->check_next) { dom = get_next_domain(dom, false); continue; } /* There are no further domains or this was a * fully-qualified user request. */ ret = ENOENT; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Requesting info for [%s@%s]\n", name, dom->name)); } sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Fatal: Sysdb CTX not found for this domain!\n")); ret = EIO; goto done; } if (cmdctx->cmd == SSS_NSS_GETSIDBYID) { ret = sysdb_search_user_by_uid(cmdctx, sysdb, dom, cmdctx->id, attrs, &msg); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to make request to our cache!\n")); ret = EIO; goto done; } if (ret == EOK) { user_found = true; } else { talloc_free(msg); ret = sysdb_search_group_by_gid(cmdctx, sysdb, dom, cmdctx->id, attrs, &msg); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to make request to our cache!\n")); ret = EIO; goto done; } if (ret == EOK) { group_found = true; } } } else { ret = sysdb_search_user_by_name(cmdctx, sysdb, dom, sysdb_name ? sysdb_name : name, attrs, &msg); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to make request to our cache!\n")); ret = EIO; goto done; } if (ret == EOK) { user_found = true; } else { talloc_free(msg); ret = sysdb_search_group_by_name(cmdctx, sysdb, dom, sysdb_name ? sysdb_name : name, attrs, &msg); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to make request to our cache!\n")); ret = EIO; goto done; } if (ret == EOK) { group_found = true; } } } dctx->res = talloc_zero(cmdctx, struct ldb_result); if (dctx->res == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero failed.\n")); ret = ENOMEM; goto done; } if (user_found || group_found) { dctx->res->count = 1; dctx->res->msgs = talloc_array(dctx->res, struct ldb_message *, 1); if (dctx->res->msgs == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n")); ret = ENOMEM; goto done; } dctx->res->msgs[0] = talloc_steal(dctx->res, msg); } if (dctx->res->count == 0 && !dctx->check_provider) { if (cmdctx->cmd == SSS_NSS_GETSIDBYNAME) { ret = sss_ncache_set_user(nctx->ncache, false, dom, name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set negcache for %s@%s\n", name, dom->name)); } ret = sss_ncache_set_group(nctx->ncache, false, dom, name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set negcache for %s@%s\n", name, dom->name)); } } /* if a multidomain search, try with next */ if (cmdctx->check_next) { dom = get_next_domain(dom, true); continue; } DEBUG(SSSDBG_OP_FAILURE, ("No matching user or group found.\n")); ret = ENOENT; goto done; } /* if this is a caching provider (or if we haven't checked the cache * yet) then verify that the cache is uptodate */ if (dctx->check_provider) { if (cmdctx->cmd == SSS_NSS_GETSIDBYID) { req_name = NULL; req_id = cmdctx->id; } else { req_name = name; req_id = 0; } if (user_found) { req_type = SSS_DP_USER; } else if (group_found) { req_type = SSS_DP_GROUP; } else { req_type = SSS_DP_USER_AND_GROUP; } ret = check_cache(dctx, nctx, dctx->res, req_type, req_name, req_id, nss_cmd_getby_dp_callback, dctx); if (ret != EOK) { /* Anything but EOK means we should reenter the mainloop * because we may be refreshing the cache */ goto done; } } /* One result found */ if (cmdctx->cmd == SSS_NSS_GETSIDBYID) { DEBUG(SSSDBG_TRACE_FUNC, ("Returning info for id [%d@%s]\n", cmdctx->id, dom->name)); } else { DEBUG(SSSDBG_TRACE_FUNC, ("Returning info for user/group [%s@%s]\n", name, dom->name)); } /* Success. Break from the loop and return EOK */ ret = EOK; goto done; } /* All domains were tried and none had the entry. */ ret = ENOENT; done: if (ret == ENOENT) { /* The entry was not found, need to set result in negative cache */ if (cmdctx->cmd == SSS_NSS_GETSIDBYID) { DEBUG(SSSDBG_MINOR_FAILURE, ("No matching domain found for [%d], fail!\n", cmdctx->id)); err = sss_ncache_set_uid(nctx->ncache, false, cmdctx->id); if (err != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set negative cache for UID %d\n", cmdctx->id)); } err = sss_ncache_set_gid(nctx->ncache, false, cmdctx->id); if (err != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set negative cache for GID %d\n", cmdctx->id)); } } else { DEBUG(SSSDBG_MINOR_FAILURE, ("No matching domain found for [%s], fail!\n", cmdctx->name)); } } return ret; } static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx) { struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct sss_domain_info *dom = dctx->domain; struct cli_ctx *cctx = cmdctx->cctx; struct sysdb_ctx *sysdb; struct nss_ctx *nctx; int ret; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); DEBUG(SSSDBG_TRACE_FUNC, ("Requesting info for [%s@%s]\n", cmdctx->secid, dom->name)); sysdb = dom->sysdb; if (sysdb == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Fatal: Sysdb CTX not found for this " \ "domain!\n")); return EIO; } ret = sysdb_search_object_by_sid(cmdctx, sysdb, dom, cmdctx->secid, NULL, &dctx->res); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to make request to our cache!\n")); return EIO; } if (dctx->res->count > 1) { DEBUG(SSSDBG_FATAL_FAILURE, ("getbysid call returned more than one " \ "result !?!\n")); return ENOENT; } if (dctx->res->count == 0 && !dctx->check_provider) { DEBUG(2, ("No results for getbysid call.\n")); /* set negative cache only if not result of cache check */ ret = sss_ncache_set_sid(nctx->ncache, false, cmdctx->secid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot set negative cache for %s\n", cmdctx->secid)); } return ENOENT; } /* if this is a caching provider (or if we haven't checked the cache * yet) then verify that the cache is uptodate */ if (dctx->check_provider) { ret = check_cache(dctx, nctx, dctx->res, SSS_DP_SECID, cmdctx->secid, 0, nss_cmd_getby_dp_callback, dctx); if (ret != EOK) { /* Anything but EOK means we should reenter the mainloop * because we may be refreshing the cache */ return ret; } } /* One result found */ DEBUG(SSSDBG_TRACE_FUNC, ("Returning info for sid [%s@%s]\n", cmdctx->secid, dom->name)); return EOK; } static errno_t find_sss_id_type(struct ldb_message *msg, bool mpg, enum sss_id_type *id_type) { size_t c; struct ldb_message_element *el; struct ldb_val *val = NULL; el = ldb_msg_find_element(msg, SYSDB_OBJECTCLASS); if (el == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Objectclass attribute not found.\n")); return EINVAL; } for (c = 0; c < el->num_values; c++) { val = &(el->values[c]); if (strncasecmp(SYSDB_USER_CLASS, (char *)val->data, val->length) == 0) { break; } } if (c == el->num_values) { *id_type = SSS_ID_TYPE_GID; } else { if (mpg) { *id_type = SSS_ID_TYPE_BOTH; } else { *id_type = SSS_ID_TYPE_UID; } } return EOK; } static errno_t fill_sid(struct sss_packet *packet, enum sss_id_type id_type, struct ldb_message *msg) { int ret; const char *sid_str; struct sized_string sid; uint8_t *body; size_t blen; sid_str = ldb_msg_find_attr_as_string(msg, SYSDB_SID_STR, NULL); if (sid_str == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Missing SID.\n")); return EINVAL; } to_sized_string(&sid, sid_str); ret = sss_packet_grow(packet, sid.len + 3* sizeof(uint32_t)); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sss_packet_grow failed.\n")); return ret; } sss_packet_get_body(packet, &body, &blen); ((uint32_t *)body)[0] = 1; /* num results */ ((uint32_t *)body)[1] = 0; /* reserved */ ((uint32_t *)body)[2] = id_type; memcpy(&body[3*sizeof(uint32_t)], sid.str, sid.len); return EOK; } static errno_t fill_name(struct sss_packet *packet, struct sss_domain_info *dom, enum sss_id_type id_type, struct ldb_message *msg) { int ret; TALLOC_CTX *tmp_ctx = NULL; const char *orig_name; const char *cased_name; const char *fq_name; struct sized_string name; bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames); uint8_t *body; size_t blen; orig_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); if (orig_name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Missing name.\n")); return EINVAL; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } cased_name= sss_get_cased_name(tmp_ctx, orig_name, dom->case_sensitive); if (cased_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sss_get_cased_name failed.\n")); ret = ENOMEM; goto done; } if (add_domain) { fq_name = sss_tc_fqname(tmp_ctx, dom->names, dom, cased_name); if (fq_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } to_sized_string(&name, fq_name); } else { to_sized_string(&name, cased_name); } ret = sss_packet_grow(packet, name.len + 3 * sizeof(uint32_t)); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sss_packet_grow failed.\n")); goto done; } sss_packet_get_body(packet, &body, &blen); ((uint32_t *)body)[0] = 1; /* num results */ ((uint32_t *)body)[1] = 0; /* reserved */ ((uint32_t *)body)[2] = id_type; memcpy(&body[3*sizeof(uint32_t)], name.str, name.len); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static errno_t fill_id(struct sss_packet *packet, enum sss_id_type id_type, struct ldb_message *msg) { int ret; uint8_t *body; size_t blen; uint64_t id; if (id_type == SSS_ID_TYPE_GID) { id = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); } else { id = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); } if (id == 0 || id >= UINT32_MAX) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid POSIX ID.\n")); return EINVAL; } ret = sss_packet_grow(packet, 4 * sizeof(uint32_t)); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sss_packet_grow failed.\n")); return ret; } sss_packet_get_body(packet, &body, &blen); ((uint32_t *)body)[0] = 1; /* num results */ ((uint32_t *)body)[1] = 0; /* reserved */ ((uint32_t *)body)[2] = (uint32_t) id_type; ((uint32_t *)body)[3] = (uint32_t) id; return EOK; } static errno_t nss_cmd_getbysid_send_reply(struct nss_dom_ctx *dctx) { struct nss_cmd_ctx *cmdctx = dctx->cmdctx; struct cli_ctx *cctx = cmdctx->cctx; int ret; enum sss_id_type id_type; if (dctx->res->count > 1) { return EINVAL; } else if (dctx->res->count == 0) { return ENOENT; } ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return EFAULT; } ret = find_sss_id_type(dctx->res->msgs[0], dctx->domain->mpg, &id_type); if (ret != 0) { DEBUG(SSSDBG_OP_FAILURE, ("find_sss_id_type failed.\n")); return ret; } switch(cmdctx->cmd) { case SSS_NSS_GETNAMEBYSID: ret = fill_name(cctx->creq->out, dctx->domain, id_type, dctx->res->msgs[0]); break; case SSS_NSS_GETIDBYSID: ret = fill_id(cctx->creq->out, id_type, dctx->res->msgs[0]); break; case SSS_NSS_GETSIDBYNAME: case SSS_NSS_GETSIDBYID: ret = fill_sid(cctx->creq->out, id_type, dctx->res->msgs[0]); break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unsupported request type.\n")); return EINVAL; } if (ret != EOK) { return ret; } sss_packet_set_error(cctx->creq->out, EOK); sss_cmd_done(cctx, cmdctx); return EOK; } static int nss_cmd_getbysid(enum sss_cli_command cmd, struct cli_ctx *cctx) { struct tevent_req *req; struct nss_cmd_ctx *cmdctx; struct nss_dom_ctx *dctx; const char *sid_str; uint8_t *body; size_t blen; int ret; struct nss_ctx *nctx; enum idmap_error_code err; uint8_t *bin_sid = NULL; size_t bin_sid_length; if (cmd != SSS_NSS_GETNAMEBYSID && cmd != SSS_NSS_GETIDBYSID) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid command type [%d].\n", cmd)); return EINVAL; } cmdctx = talloc_zero(cctx, struct nss_cmd_ctx); if (!cmdctx) { return ENOMEM; } cmdctx->cctx = cctx; cmdctx->cmd = cmd; dctx = talloc_zero(cmdctx, struct nss_dom_ctx); if (!dctx) { ret = ENOMEM; goto done; } dctx->cmdctx = cmdctx; /* get SID to query */ sss_packet_get_body(cctx->creq->in, &body, &blen); /* if not terminated fail */ if (body[blen -1] != '\0') { ret = EINVAL; goto done; } sid_str = (const char *) body; nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx); /* If the body isn't a SID, fail */ err = sss_idmap_sid_to_bin_sid(nctx->idmap_ctx, sid_str, &bin_sid, &bin_sid_length); sss_idmap_free_bin_sid(nctx->idmap_ctx, bin_sid); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_sid_to_bin_sid failed for [%s].\n", body)); ret = EINVAL; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Running command [%d] with SID [%s].\n", dctx->cmdctx->cmd, sid_str)); cmdctx->secid = talloc_strdup(cmdctx, sid_str); if (cmdctx->secid == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } ret = responder_get_domain_by_id(cctx->rctx, cmdctx->secid, &dctx->domain); if (ret == EAGAIN || ret == ENOENT) { req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true, NULL); if (req == NULL) { ret = ENOMEM; } else { dctx->rawname = sid_str; tevent_req_set_callback(req, nss_cmd_getbyid_done, dctx); ret = EAGAIN; } goto done; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("responder_get_domain_by_id failed.\n")); goto done; } DEBUG(4, ("Requesting info for [%s] from [%s]\n", cmdctx->secid, dctx->domain->name)); dctx->check_provider = NEED_CHECK_PROVIDER(dctx->domain->provider); /* ok, find it ! */ ret = nss_cmd_getbysid_search(dctx); if (ret == EOK) { ret = nss_cmd_getbysid_send_reply(dctx); } done: return nss_cmd_done(cmdctx, ret); } static int nss_cmd_getsidbyname(struct cli_ctx *cctx) { return nss_cmd_getbynam(SSS_NSS_GETSIDBYNAME, cctx); } static int nss_cmd_getsidbyid(struct cli_ctx *cctx) { return nss_cmd_getbyid(SSS_NSS_GETSIDBYID, cctx); } static int nss_cmd_getnamebysid(struct cli_ctx *cctx) { return nss_cmd_getbysid(SSS_NSS_GETNAMEBYSID, cctx); } static int nss_cmd_getidbysid(struct cli_ctx *cctx) { return nss_cmd_getbysid(SSS_NSS_GETIDBYSID, cctx); } struct cli_protocol_version *register_cli_protocol_version(void) { static struct cli_protocol_version nss_cli_protocol_version[] = { {1, "2008-09-05", "initial version, \\0 terminated strings"}, {0, NULL, NULL} }; return nss_cli_protocol_version; } static struct sss_cmd_table nss_cmds[] = { {SSS_GET_VERSION, sss_cmd_get_version}, {SSS_NSS_GETPWNAM, nss_cmd_getpwnam}, {SSS_NSS_GETPWUID, nss_cmd_getpwuid}, {SSS_NSS_SETPWENT, nss_cmd_setpwent}, {SSS_NSS_GETPWENT, nss_cmd_getpwent}, {SSS_NSS_ENDPWENT, nss_cmd_endpwent}, {SSS_NSS_GETGRNAM, nss_cmd_getgrnam}, {SSS_NSS_GETGRGID, nss_cmd_getgrgid}, {SSS_NSS_SETGRENT, nss_cmd_setgrent}, {SSS_NSS_GETGRENT, nss_cmd_getgrent}, {SSS_NSS_ENDGRENT, nss_cmd_endgrent}, {SSS_NSS_INITGR, nss_cmd_initgroups}, {SSS_NSS_SETNETGRENT, nss_cmd_setnetgrent}, {SSS_NSS_GETNETGRENT, nss_cmd_getnetgrent}, {SSS_NSS_ENDNETGRENT, nss_cmd_endnetgrent}, {SSS_NSS_GETSERVBYNAME, nss_cmd_getservbyname}, {SSS_NSS_GETSERVBYPORT, nss_cmd_getservbyport}, {SSS_NSS_SETSERVENT, nss_cmd_setservent}, {SSS_NSS_GETSERVENT, nss_cmd_getservent}, {SSS_NSS_ENDSERVENT, nss_cmd_endservent}, {SSS_NSS_GETSIDBYNAME, nss_cmd_getsidbyname}, {SSS_NSS_GETSIDBYID, nss_cmd_getsidbyid}, {SSS_NSS_GETNAMEBYSID, nss_cmd_getnamebysid}, {SSS_NSS_GETIDBYSID, nss_cmd_getidbysid}, {SSS_CLI_NULL, NULL} }; struct sss_cmd_table *get_nss_cmds(void) { return nss_cmds; } sssd-1.11.5/src/responder/nss/PaxHeaders.13173/nsssrv_mmap_cache.h0000644000000000000000000000007412320753107023012 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.446875104 sssd-1.11.5/src/responder/nss/nsssrv_mmap_cache.h0000664002412700241270000000470312320753107023240 0ustar00jhrozekjhrozek00000000000000/* SSSD NSS Responder - Mmap Cache Copyright (C) Simo Sorce 2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _NSSSRV_MMAP_CACHE_H_ #define _NSSSRV_MMAP_CACHE_H_ #define SSS_MC_CACHE_ELEMENTS 50000 struct sss_mc_ctx; enum sss_mc_type { SSS_MC_NONE = 0, SSS_MC_PASSWD, SSS_MC_GROUP, }; errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name, enum sss_mc_type type, size_t n_elem, time_t valid_time, struct sss_mc_ctx **mcc); errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc, struct sized_string *name, struct sized_string *pw, uid_t uid, gid_t gid, struct sized_string *gecos, struct sized_string *homedir, struct sized_string *shell); errno_t sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc, struct sized_string *name, struct sized_string *pw, gid_t gid, size_t memnum, char *membuf, size_t memsize); errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx *mcc, struct sized_string *name); errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid); errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx *mcc, struct sized_string *name); errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid); errno_t sss_mmap_cache_reinit(TALLOC_CTX *mem_ctx, size_t n_elem, time_t timeout, struct sss_mc_ctx **mc_ctx); void sss_mmap_cache_reset(struct sss_mc_ctx *mc_ctx); #endif /* _NSSSRV_MMAP_CACHE_H_ */ sssd-1.11.5/src/responder/nss/PaxHeaders.13173/nsssrv.c0000644000000000000000000000007412320753107020650 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.764874869 sssd-1.11.5/src/responder/nss/nsssrv.c0000664002412700241270000004552312320753107021103 0ustar00jhrozekjhrozek00000000000000/* SSSD NSS Responder Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include #include #include "popt.h" #include "util/util.h" #include "responder/nss/nsssrv.h" #include "responder/nss/nsssrv_private.h" #include "responder/nss/nsssrv_mmap_cache.h" #include "responder/nss/nsssrv_netgroup.h" #include "responder/common/negcache.h" #include "db/sysdb.h" #include "confdb/confdb.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "responder/common/responder_packet.h" #include "responder/common/responder.h" #include "responder/common/responder_sbus.h" #include "providers/data_provider.h" #include "monitor/monitor_interfaces.h" #include "sbus/sbus_client.h" #include "util/util_sss_idmap.h" #define DEFAULT_PWFIELD "*" #define DEFAULT_NSS_FD_LIMIT 8192 #define SHELL_REALLOC_INCREMENT 5 #define SHELL_REALLOC_MAX 50 static int nss_clear_memcache(DBusMessage *message, struct sbus_connection *conn); static int nss_clear_netgroup_hash_table(DBusMessage *message, struct sbus_connection *conn); struct sbus_method monitor_nss_methods[] = { { MON_CLI_METHOD_PING, monitor_common_pong }, { MON_CLI_METHOD_RES_INIT, monitor_common_res_init }, { MON_CLI_METHOD_ROTATE, responder_logrotate }, { MON_CLI_METHOD_CLEAR_MEMCACHE, nss_clear_memcache}, { MON_CLI_METHOD_CLEAR_ENUM_CACHE, nss_clear_netgroup_hash_table}, { NULL, NULL } }; struct sbus_interface monitor_nss_interface = { MONITOR_INTERFACE, MONITOR_PATH, SBUS_DEFAULT_VTABLE, monitor_nss_methods, NULL }; static int nss_clear_memcache(DBusMessage *message, struct sbus_connection *conn) { errno_t ret; int memcache_timeout; struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn), struct resp_ctx); struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx; ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG); if (ret != 0) { ret = errno; if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("CLEAR_MC_FLAG not found. Nothing to do.\n")); goto done; } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to unlink file: %s.\n", strerror(ret))); return ret; } } /* CLEAR_MC_FLAG removed successfully. Clearing memory caches. */ ret = confdb_get_int(rctx->cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_MEMCACHE_TIMEOUT, 300, &memcache_timeout); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to get memory cache entry timeout.\n")); return ret; } /* TODO: read cache sizes from configuration */ DEBUG(SSSDBG_TRACE_FUNC, ("Clearing memory caches.\n")); ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS, (time_t) memcache_timeout, &nctx->pwd_mc_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("passwd mmap cache invalidation failed\n")); return ret; } ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS, (time_t) memcache_timeout, &nctx->grp_mc_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("group mmap cache invalidation failed\n")); return ret; } done: return monitor_common_pong(message, conn); } static int nss_clear_netgroup_hash_table(DBusMessage *message, struct sbus_connection *conn) { errno_t ret; struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn), struct resp_ctx); struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx; ret = nss_orphan_netgroups(nctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not invalidate netgroups\n")); return ret; } return monitor_common_pong(message, conn); } static errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells) { int i = 0; char *sh; char **shells = NULL; TALLOC_CTX *tmp_ctx; errno_t ret; int size; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; shells = talloc_array(tmp_ctx, char *, SHELL_REALLOC_INCREMENT); if (!shells) { ret = ENOMEM; goto done; } size = SHELL_REALLOC_INCREMENT; setusershell(); while ((sh = getusershell())) { shells[i] = talloc_strdup(shells, sh); if (!shells[i]) { endusershell(); ret = ENOMEM; goto done; } DEBUG(6, ("Found shell %s in /etc/shells\n", shells[i])); i++; if (i == size) { size += SHELL_REALLOC_INCREMENT; if (size > SHELL_REALLOC_MAX) { DEBUG(0, ("Reached maximum number of shells [%d]. " "Users may be denied access. " "Please check /etc/shells for sanity\n", SHELL_REALLOC_MAX)); break; } shells = talloc_realloc(NULL, shells, char *, size); if (!shells) { ret = ENOMEM; goto done; } } } endusershell(); if (i + 1 < size) { shells = talloc_realloc(NULL, shells, char *, i + 1); if (!shells) { ret = ENOMEM; goto done; } } shells[i] = NULL; *_shells = talloc_move(mem_ctx, &shells); ret = EOK; done: talloc_zfree(tmp_ctx); return ret; } static int nss_get_config(struct nss_ctx *nctx, struct confdb_ctx *cdb) { int ret; ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_ENUM_CACHE_TIMEOUT, 120, &nctx->enum_cache_timeout); if (ret != EOK) goto done; ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15, &nctx->neg_timeout); if (ret != EOK) goto done; ret = confdb_get_bool(cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_FILTER_USERS_IN_GROUPS, true, &nctx->filter_users_in_groups); if (ret != EOK) goto done; ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_ENTRY_CACHE_NOWAIT_PERCENTAGE, 50, &nctx->cache_refresh_percent); if (ret != EOK) goto done; if (nctx->cache_refresh_percent < 0 || nctx->cache_refresh_percent > 99) { DEBUG(0,("Configuration error: entry_cache_nowait_percentage is " "invalid. Disabling feature.\n")); nctx->cache_refresh_percent = 0; } ret = sss_ncache_prepopulate(nctx->ncache, cdb, nctx->rctx); if (ret != EOK) { goto done; } ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_PWFIELD, DEFAULT_PWFIELD, &nctx->pwfield); if (ret != EOK) goto done; ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_OVERRIDE_HOMEDIR, NULL, &nctx->override_homedir); if (ret != EOK) goto done; ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_FALLBACK_HOMEDIR, NULL, &nctx->fallback_homedir); if (ret != EOK) goto done; ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_OVERRIDE_SHELL, NULL, &nctx->override_shell); if (ret != EOK && ret != ENOENT) goto done; ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_ALLOWED_SHELL, &nctx->allowed_shells); if (ret != EOK && ret != ENOENT) goto done; ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_VETOED_SHELL, &nctx->vetoed_shells); if (ret != EOK && ret != ENOENT) goto done; ret = nss_get_etc_shells(nctx, &nctx->etc_shells); if (ret != EOK) goto done; ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_SHELL_FALLBACK, CONFDB_DEFAULT_SHELL_FALLBACK, &nctx->shell_fallback); if (ret != EOK) goto done; ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_DEFAULT_SHELL, NULL, &nctx->default_shell); if (ret != EOK) goto done; ret = 0; done: return ret; } static int nss_update_memcache(DBusMessage *message, struct sbus_connection *conn) { struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn), struct resp_ctx); struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx); nss_update_pw_memcache(nctx); nss_update_gr_memcache(nctx); return EOK; } static int nss_memcache_initgr_check(DBusMessage *message, struct sbus_connection *conn) { struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn), struct resp_ctx); struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx); DBusError dbus_error; dbus_bool_t dbret; DBusMessage *reply; char *user; char *domain; uint32_t *groups; int gnum; dbus_error_init(&dbus_error); dbret = dbus_message_get_args(message, &dbus_error, DBUS_TYPE_STRING, &user, DBUS_TYPE_STRING, &domain, DBUS_TYPE_ARRAY, DBUS_TYPE_UINT32, &groups, &gnum, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed, to parse message!\n")); if (dbus_error_is_set(&dbus_error)) { dbus_error_free(&dbus_error); } return EIO; } DEBUG(SSSDBG_TRACE_LIBS, ("Got request for [%s@%s]\n", user, domain)); nss_update_initgr_memcache(nctx, user, domain, gnum, groups); reply = dbus_message_new_method_return(message); if (!reply) return ENOMEM; dbret = dbus_message_append_args(reply, DBUS_TYPE_INVALID); if (!dbret) { dbus_message_unref(reply); return EIO; } /* send reply back */ sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); return EOK; } static struct sbus_method nss_dp_methods[] = { { DP_REV_METHOD_UPDATE_CACHE, nss_update_memcache }, { DP_REV_METHOD_INITGR_CHECK, nss_memcache_initgr_check }, { NULL, NULL } }; struct sbus_interface nss_dp_interface = { DP_INTERFACE, DP_PATH, SBUS_DEFAULT_VTABLE, nss_dp_methods, NULL }; static void nss_dp_reconnect_init(struct sbus_connection *conn, int status, void *pvt) { struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn); int ret; /* Did we reconnect successfully? */ if (status == SBUS_RECONNECT_SUCCESS) { DEBUG(1, ("Reconnected to the Data Provider.\n")); /* Identify ourselves to the data provider */ ret = dp_common_send_id(be_conn->conn, DATA_PROVIDER_VERSION, "NSS"); /* all fine */ if (ret == EOK) { handle_requests_after_reconnect(be_conn->rctx); return; } } /* Failed to reconnect */ DEBUG(0, ("Could not reconnect to %s provider.\n", be_conn->domain->name)); /* FIXME: kill the frontend and let the monitor restart it ? */ /* nss_shutdown(rctx); */ } int nss_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct resp_ctx *rctx; struct sss_cmd_table *nss_cmds; struct be_conn *iter; struct nss_ctx *nctx; int memcache_timeout; int ret, max_retries; enum idmap_error_code err; int hret; int fd_limit; nss_cmds = get_nss_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, nss_cmds, SSS_NSS_SOCKET_NAME, NULL, CONFDB_NSS_CONF_ENTRY, NSS_SBUS_SERVICE_NAME, NSS_SBUS_SERVICE_VERSION, &monitor_nss_interface, "NSS", &nss_dp_interface, &rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("sss_process_init() failed\n")); return ret; } nctx = talloc_zero(rctx, struct nss_ctx); if (!nctx) { DEBUG(0, ("fatal error initializing nss_ctx\n")); ret = ENOMEM; goto fail; } ret = sss_ncache_init(rctx, &nctx->ncache); if (ret != EOK) { DEBUG(0, ("fatal error initializing negative cache\n")); goto fail; } nctx->rctx = rctx; nctx->rctx->pvt_ctx = nctx; ret = nss_get_config(nctx, cdb); if (ret != EOK) { DEBUG(0, ("fatal error getting nss config\n")); goto fail; } /* Enable automatic reconnection to the Data Provider */ ret = confdb_get_int(nctx->rctx->cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(0, ("Failed to set up automatic reconnection\n")); goto fail; } for (iter = nctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, nss_dp_reconnect_init, iter); } err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free, &nctx->idmap_ctx); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, ("sss_idmap_init failed.\n")); ret = EFAULT; goto fail; } /* Create the lookup table for netgroup results */ hret = sss_hash_create_ex(nctx, 10, &nctx->netgroups, 0, 0, 0, 0, netgroup_hash_delete_cb, NULL); if (hret != HASH_SUCCESS) { DEBUG(0,("Unable to initialize netgroup hash table\n")); ret = EIO; goto fail; } /* create mmap caches */ /* Remove the CLEAR_MC_FLAG file if exists. */ ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG); if (ret != 0 && errno != ENOENT) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to unlink file [%s]. This can cause memory cache to " "be purged when next log rotation is requested. %d: %s\n", SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG, ret, strerror(ret))); } ret = confdb_get_int(nctx->rctx->cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_MEMCACHE_TIMEOUT, 300, &memcache_timeout); if (ret != EOK) { DEBUG(0, ("Failed to set up automatic reconnection\n")); goto fail; } /* TODO: read cache sizes from configuration */ ret = sss_mmap_cache_init(nctx, "passwd", SSS_MC_PASSWD, SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout, &nctx->pwd_mc_ctx); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("passwd mmap cache is DISABLED\n")); } ret = sss_mmap_cache_init(nctx, "group", SSS_MC_GROUP, SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout, &nctx->grp_mc_ctx); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("group mmap cache is DISABLED\n")); } /* Set up file descriptor limits */ ret = confdb_get_int(nctx->rctx->cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_SERVICE_FD_LIMIT, DEFAULT_NSS_FD_LIMIT, &fd_limit); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to set up file descriptor limit\n")); goto fail; } responder_set_fd_limit(fd_limit); ret = schedule_get_domains_task(rctx, rctx->ev, rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n")); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, ("NSS Initialization complete\n")); return EOK; fail: talloc_free(rctx); return ret; } int main(int argc, const char *argv[]) { int opt; poptContext pc; struct main_context *main_ctx; int ret; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_nss"; ret = server_setup("sssd[nss]", 0, CONFDB_NSS_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ DEBUG(2, ("Could not set up to exit when parent process does\n")); } ret = nss_process_init(main_ctx, main_ctx->event_ctx, main_ctx->confdb_ctx); if (ret != EOK) return 3; /* loop on main */ server_loop(main_ctx); return 0; } sssd-1.11.5/src/responder/nss/PaxHeaders.13173/nsssrv_netgroup.h0000644000000000000000000000007412320753107022600 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.444875106 sssd-1.11.5/src/responder/nss/nsssrv_netgroup.h0000664002412700241270000000227212320753107023025 0ustar00jhrozekjhrozek00000000000000/* SSSD nssrv_netgroup.h Authors: Stephen Gallagher Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef NSSRV_NETGROUP_H_ #define NSSRV_NETGROUP_H_ #define SSS_COL_NETGR 5000 int nss_cmd_setnetgrent(struct cli_ctx *cctx); int nss_cmd_getnetgrent(struct cli_ctx *cctx); int nss_cmd_endnetgrent(struct cli_ctx *cctx); void netgroup_hash_delete_cb(hash_entry_t *item, hash_destroy_enum deltype, void *pvt); errno_t nss_orphan_netgroups(struct nss_ctx *nctx); #endif /* NSSRV_NETGROUP_H_ */ sssd-1.11.5/src/responder/nss/PaxHeaders.13173/nsssrv.h0000644000000000000000000000007412320753107020655 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.443875106 sssd-1.11.5/src/responder/nss/nsssrv.h0000664002412700241270000000355012320753107021102 0ustar00jhrozekjhrozek00000000000000/* SSSD NSS Responder, header file Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __NSSSRV_H__ #define __NSSSRV_H__ #include #include #include "config.h" #include "talloc.h" #include "tevent.h" #include "ldb.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "responder/common/responder_packet.h" #include "responder/common/responder.h" #include "lib/idmap/sss_idmap.h" #define NSS_PACKET_MAX_RECV_SIZE 1024 struct getent_ctx; struct sss_mc_ctx; struct nss_ctx { struct resp_ctx *rctx; int neg_timeout; struct sss_nc_ctx *ncache; int cache_refresh_percent; int enum_cache_timeout; struct getent_ctx *pctx; struct getent_ctx *gctx; struct getent_ctx *svcctx; hash_table_t *netgroups; bool filter_users_in_groups; char *pwfield; char *override_homedir; char *fallback_homedir; char **allowed_shells; char *override_shell; char **vetoed_shells; char **etc_shells; char *shell_fallback; char *default_shell; struct sss_mc_ctx *pwd_mc_ctx; struct sss_mc_ctx *grp_mc_ctx; struct sss_idmap_ctx *idmap_ctx; }; struct nss_packet; struct sss_cmd_table *get_nss_cmds(void); #endif /* __NSSSRV_H__ */ sssd-1.11.5/src/responder/nss/PaxHeaders.13173/nsssrv_services.h0000644000000000000000000000007412320753107022560 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.445875105 sssd-1.11.5/src/responder/nss/nsssrv_services.h0000664002412700241270000000210012320753107022773 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef NSSSRV_SERVICES_H_ #define NSSSRV_SERVICES_H_ int nss_cmd_getservbyname(struct cli_ctx *cctx); int nss_cmd_getservbyport(struct cli_ctx *cctx); int nss_cmd_setservent(struct cli_ctx *cctx); int nss_cmd_getservent(struct cli_ctx *cctx); int nss_cmd_endservent(struct cli_ctx *cctx); #endif /* NSSSRV_SERVICES_H_ */ sssd-1.11.5/src/responder/nss/PaxHeaders.13173/nsssrv_private.h0000644000000000000000000000007412320753107022407 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.443875106 sssd-1.11.5/src/responder/nss/nsssrv_private.h0000664002412700241270000000652312320753107022637 0ustar00jhrozekjhrozek00000000000000/* SSSD nsssrv_private.h Authors: Stephen Gallagher Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef NSSSRV_PRIVATE_H_ #define NSSSRV_PRIVATE_H_ #include "dhash.h" struct nss_cmd_ctx { struct cli_ctx *cctx; enum sss_cli_command cmd; char *name; uint32_t id; char *secid; bool immediate; bool check_next; bool enum_cached; int saved_dom_idx; int saved_cur; }; struct dom_ctx { struct sss_domain_info *domain; struct ldb_result *res; }; struct getent_ctx { struct dom_ctx *doms; int num; bool ready; struct setent_req_list *reqs; /* Netgroup-specific */ hash_table_t *lookup_table; struct sysdb_netgroup_ctx **entries; char *name; char *domain; bool found; }; struct nss_dom_ctx { struct nss_cmd_ctx *cmdctx; struct sss_domain_info *domain; /* For a case when we are discovering subdomains */ const char *rawname; bool check_provider; /* cache results */ struct ldb_result *res; /* Netgroup-specific */ struct getent_ctx *netgr; /* Service-specific */ const char *protocol; }; struct setent_step_ctx { struct nss_ctx *nctx; struct nss_dom_ctx *dctx; struct getent_ctx *getent_ctx; struct resp_ctx *rctx; struct cli_ctx *cctx; bool check_next; bool returned_to_mainloop; /* Netgroup-specific */ char *name; }; #define NSS_CMD_FATAL_ERROR(cctx) do { \ DEBUG(1,("Fatal error, killing connection!\n")); \ talloc_free(cctx); \ return; \ } while(0) #define NSS_CMD_FATAL_ERROR_CODE(cctx, ret) do { \ DEBUG(1,("Fatal error, killing connection!\n")); \ talloc_free(cctx); \ return ret; \ } while(0) /* Finish the request */ int nss_cmd_done(struct nss_cmd_ctx *cmdctx, int ret); errno_t nss_setent_add_ref(TALLOC_CTX *memctx, struct getent_ctx *getent_ctx, struct tevent_req *req); void nss_setent_notify_error(struct getent_ctx *getent_ctx, errno_t ret); void nss_setent_notify_done(struct getent_ctx *getent_ctx); errno_t check_cache(struct nss_dom_ctx *dctx, struct nss_ctx *nctx, struct ldb_result *res, int req_type, const char *opt_name, uint32_t opt_id, sss_dp_callback_t callback, void *pvt); void nss_update_pw_memcache(struct nss_ctx *nctx); void nss_update_gr_memcache(struct nss_ctx *nctx); void nss_update_initgr_memcache(struct nss_ctx *nctx, const char *name, const char *domain, int gnum, uint32_t *groups); #endif /* NSSSRV_PRIVATE_H_ */ sssd-1.11.5/src/responder/PaxHeaders.13173/pac0000644000000000000000000000013212320753521017024 xustar000000000000000030 mtime=1396954961.766874868 30 atime=1396955003.534843847 30 ctime=1396954961.766874868 sssd-1.11.5/src/responder/pac/0000775002412700241270000000000012320753521017330 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/responder/pac/PaxHeaders.13173/pacsrv_cmd.c0000644000000000000000000000007412320753107021373 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.766874868 sssd-1.11.5/src/responder/pac/pacsrv_cmd.c0000664002412700241270000010645512320753107021630 0ustar00jhrozekjhrozek00000000000000/* SSSD PAC Responder Copyright (C) Sumit Bose 2012 Jan Zeleny 2012 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "responder/pac/pacsrv.h" #include "confdb/confdb.h" static errno_t pac_cmd_done(struct cli_ctx *cctx, int cmd_ret) { int ret; if (cmd_ret == EAGAIN) { /* async processing, just return here */ return EOK; } ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sss_packet_new failed [%d][%s].\n", ret, strerror(ret))); return ret; } sss_packet_set_error(cctx->creq->out, cmd_ret); sss_cmd_done(cctx, NULL); return EOK; } struct pac_req_ctx { struct cli_ctx *cctx; struct pac_ctx *pac_ctx; const char *domain_name; const char *user_name; struct sss_domain_info *dom; struct PAC_LOGON_INFO *logon_info; struct dom_sid2 *domain_sid; size_t del_grp_count; struct grp_info *del_grp_list; size_t add_sid_count; char **add_sids; hash_table_t *sid_table; char *user_sid_str; char *user_dom_sid_str; char *primary_group_sid_str; }; static errno_t pac_resolve_sids_next(struct pac_req_ctx *pr_ctx); static void pac_lookup_sids_done(struct tevent_req *req); static struct tevent_req *pac_lookup_sids_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct pac_req_ctx *pr_ctx, struct pac_ctx *pac_ctx, hash_table_t *sid_table); static errno_t pac_lookup_sids_recv(struct tevent_req *req); static void pac_add_user_next(struct pac_req_ctx *pr_ctx); static void pac_get_domains_done(struct tevent_req *req); static errno_t pac_user_get_grp_info(TALLOC_CTX *mem_ctx, struct pac_req_ctx *pr_ctx, size_t *_del_grp_count, struct grp_info **_del_grp_list, size_t *_add_sid_count, char ***_add_sids); static errno_t save_pac_user(struct pac_req_ctx *pr_ctx); static void pac_get_group_done(struct tevent_req *subreq); static errno_t pac_save_memberships_next(struct tevent_req *req); static errno_t pac_store_membership(struct pac_req_ctx *pr_ctx, struct ldb_dn *user_dn, const char *grp_sid_str, struct sss_domain_info *grp_dom); struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx); static void pac_save_memberships_done(struct tevent_req *req); static errno_t pac_add_pac_user(struct cli_ctx *cctx) { int ret; uint8_t *body; size_t blen; struct pac_req_ctx *pr_ctx; struct tevent_req *req; enum idmap_error_code err; sss_packet_get_body(cctx->creq->in, &body, &blen); pr_ctx = talloc_zero(cctx, struct pac_req_ctx); if (pr_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } pr_ctx->cctx = cctx; pr_ctx->pac_ctx = talloc_get_type(cctx->rctx->pvt_ctx, struct pac_ctx); if (pr_ctx->pac_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Cannot find pac responder context.\n")); return EINVAL; } ret = get_data_from_pac(pr_ctx, body, blen, &pr_ctx->logon_info); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("get_data_from_pac failed.\n")); goto done; } pr_ctx->domain_name = pr_ctx->logon_info->info3.base.logon_domain.string; if (pr_ctx->domain_name == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("No domain name in PAC")); ret = EINVAL; goto done; } if (pr_ctx->logon_info->info3.base.account_name.string == NULL) { ret = EINVAL; DEBUG(SSSDBG_FATAL_FAILURE, ("Missing account name in PAC.\n")); goto done; } /* To be compatible with winbind based lookups we have to use lower case * names only, effectively making the domain case-insenvitive. */ pr_ctx->user_name = sss_tc_utf8_str_tolower(pr_ctx, pr_ctx->logon_info->info3.base.account_name.string); if (pr_ctx->user_name == NULL) { ret = ENOMEM; DEBUG(SSSDBG_FATAL_FAILURE, ("sss_tc_utf8_str_tolower failed.\n")); goto done; } err = sss_idmap_smb_sid_to_sid(pr_ctx->pac_ctx->idmap_ctx, pr_ctx->logon_info->info3.base.domain_sid, &pr_ctx->user_dom_sid_str); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_smb_sid_to_sid failed.\n")); ret = EFAULT; goto done; } talloc_steal(pr_ctx, pr_ctx->user_dom_sid_str); ret = responder_get_domain_by_id(cctx->rctx, pr_ctx->user_dom_sid_str, &pr_ctx->dom); if (ret == EAGAIN || ret == ENOENT) { req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true, pr_ctx->domain_name); if (req == NULL) { ret = ENOMEM; } else { tevent_req_set_callback(req, pac_get_domains_done, pr_ctx); ret = EAGAIN; } goto done; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("responder_get_domain_by_id failed.\n")); goto done; } ret = pac_resolve_sids_next(pr_ctx); done: if (ret != EAGAIN) { talloc_free(pr_ctx); } return pac_cmd_done(cctx, ret); } static void pac_get_domains_done(struct tevent_req *req) { struct pac_req_ctx *pr_ctx = tevent_req_callback_data(req, struct pac_req_ctx); struct cli_ctx *cctx = pr_ctx->cctx; int ret; ret = sss_dp_get_domains_recv(req); talloc_free(req); if (ret != EOK) { goto done; } ret = responder_get_domain_by_id(cctx->rctx, pr_ctx->user_dom_sid_str, &pr_ctx->dom); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Corresponding domain [%s] has not been " "found\n", pr_ctx->user_dom_sid_str)); ret = ENOENT; goto done; } ret = pac_resolve_sids_next(pr_ctx); done: if (ret != EAGAIN) { talloc_free(pr_ctx); } pac_cmd_done(cctx, ret); } static errno_t pac_resolve_sids_next(struct pac_req_ctx *pr_ctx) { int ret; struct tevent_req *req; ret = get_sids_from_pac(pr_ctx, pr_ctx->pac_ctx, pr_ctx->logon_info, &pr_ctx->user_sid_str, &pr_ctx->primary_group_sid_str, &pr_ctx->sid_table); if (ret != 0) { DEBUG(SSSDBG_OP_FAILURE, ("get_sids_from_pac failed.\n")); return ret; } req = pac_lookup_sids_send(pr_ctx, pr_ctx->cctx->ev, pr_ctx, pr_ctx->pac_ctx, pr_ctx->sid_table); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("pac_lookup_sids_send failed.\n")); return ENOMEM; } tevent_req_set_callback(req, pac_lookup_sids_done, pr_ctx); ret = EAGAIN; return ret; } static void pac_lookup_sids_done(struct tevent_req *req) { struct pac_req_ctx *pr_ctx = tevent_req_callback_data(req, struct pac_req_ctx); struct cli_ctx *cctx = pr_ctx->cctx; errno_t ret; unsigned long count; hash_entry_t *entries; hash_key_t key; hash_value_t value; size_t c; struct sss_domain_info *dom; uint64_t id; struct ldb_result *msg; ret = pac_lookup_sids_recv(req); talloc_zfree(req); if (ret != EOK) { talloc_free(pr_ctx); pac_cmd_done(cctx, ret); return; } key.type = HASH_KEY_STRING; value.type = HASH_VALUE_ULONG; ret = hash_entries(pr_ctx->sid_table, &count, &entries); for (c = 0; c < count; c++) { if (entries[c].value.ul == 0) { ret =responder_get_domain_by_id(cctx->rctx, entries[c].key.str, &dom); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("No domain found for SID [%s].\n", entries[c].key.str)); continue; } msg = NULL; ret = sysdb_search_object_by_sid(pr_ctx, dom->sysdb, dom, entries[c].key.str, NULL, &msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_object_by_sid " \ "failed.\n")); continue; } if (msg->count == 0) { DEBUG(SSSDBG_OP_FAILURE, ("No entry found for SID [%s].\n", entries[c].key.str)); continue; } else if (msg->count > 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("More then one result returned " \ "for SID [%s].\n", entries[c].key.str)); talloc_free(msg); pac_cmd_done(cctx, EINVAL); return; } id = ldb_msg_find_attr_as_uint64(msg->msgs[0], SYSDB_UIDNUM, 0); if (id == 0) { id = ldb_msg_find_attr_as_uint64(msg->msgs[0], SYSDB_GIDNUM, 0); } if (id == 0) { DEBUG(SSSDBG_OP_FAILURE, ("No ID found in entry.\n")); talloc_free(msg); continue; } key.str = entries[c].key.str; value.ul = id; ret = hash_enter(pr_ctx->sid_table, &key, &value); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("hash_enter failed [%d][%s].\n", ret, hash_error_string(ret))); continue; } talloc_free(msg); } } pac_add_user_next(pr_ctx); } static void pac_add_user_next(struct pac_req_ctx *pr_ctx) { int ret; struct tevent_req *req; struct cli_ctx *cctx = pr_ctx->cctx; ret = save_pac_user(pr_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("save_pac_user failed.\n")); goto done; } ret = pac_user_get_grp_info(pr_ctx, pr_ctx, &pr_ctx->del_grp_count, &pr_ctx->del_grp_list, &pr_ctx->add_sid_count, &pr_ctx->add_sids); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("pac_user_get_grp_info failed.\n")); goto done; } req = pac_save_memberships_send(pr_ctx); if (req == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(req, pac_save_memberships_done, pr_ctx); ret = EAGAIN; done: if (ret != EAGAIN) { talloc_free(pr_ctx); } pac_cmd_done(cctx, ret); } static errno_t pac_user_get_grp_info(TALLOC_CTX *mem_ctx, struct pac_req_ctx *pr_ctx, size_t *_del_grp_count, struct grp_info **_del_grp_list, size_t *_add_sid_count, char ***_add_sids) { struct sysdb_ctx *sysdb; int ret; TALLOC_CTX *tmp_ctx = NULL; struct ldb_result *res = NULL; size_t c; const char *tmp_str; size_t add_sid_count = 0; char **add_sids = NULL; size_t del_idx; size_t del_grp_count = 0; struct grp_info *del_grp_list = NULL; const char *cur_sid; hash_key_t key; hash_value_t value; struct hash_iter_context_t *iter = NULL; hash_entry_t *entry; sysdb = pr_ctx->dom->sysdb; if (sysdb == NULL) { ret = EINVAL; DEBUG(SSSDBG_FATAL_FAILURE, ("Fatal: Sysdb CTX not found for this domain!\n")); goto done; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); goto done; } ret = sysdb_initgroups(tmp_ctx, sysdb, pr_ctx->dom, pr_ctx->user_name, &res); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_initgroups failed.\n")); goto done; } if (res->count == 0) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_initgroups did not found [%s].\n", pr_ctx->user_name)); ret = ENOENT; goto done; } /* First result is the user entry then the groups follow */ if (res->count > 1) { del_grp_count = res->count - 1; del_grp_list = talloc_zero_array(tmp_ctx, struct grp_info, del_grp_count); if (del_grp_list == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n")); ret = ENOMEM; goto done; } del_idx = 0; key.type = HASH_KEY_STRING; for (c = 0; c < (res->count - 1); c++) { cur_sid = ldb_msg_find_attr_as_string(res->msgs[c + 1], SYSDB_SID_STR, NULL); if (cur_sid == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing SID in group entry.\n")); ret = EINVAL; goto done; } key.str = discard_const(cur_sid); ret = hash_lookup(pr_ctx->sid_table, &key, &value); if (ret == HASH_SUCCESS) { DEBUG(SSSDBG_TRACE_ALL, ("User [%s] already member of group " \ "with SID [%s].\n", pr_ctx->user_name, cur_sid)); ret = hash_delete(pr_ctx->sid_table, &key); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to remove hash entry.\n")); ret = EIO; goto done; } } else if (ret == HASH_ERROR_KEY_NOT_FOUND) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Group with SID [%s] is not in " \ "the PAC anymore, membership " \ "must be removed.\n", cur_sid)); tmp_str = ldb_msg_find_attr_as_string(res->msgs[c + 1], SYSDB_ORIG_DN, NULL); if (tmp_str != NULL) { del_grp_list[del_idx].orig_dn = talloc_strdup(del_grp_list, tmp_str); if (del_grp_list[del_idx].orig_dn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } } del_grp_list[del_idx].dn = ldb_dn_copy(del_grp_list, res->msgs[c + 1]->dn); if (del_grp_list[del_idx].dn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ldb_dn_copy failed.\n")); ret = ENOMEM; goto done; } del_idx++; } } del_grp_count = del_idx; } add_sid_count = hash_count(pr_ctx->sid_table); if (add_sid_count > 0) { add_sids = talloc_array(tmp_ctx, char *, add_sid_count); if (add_sids == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n")); ret = ENOMEM; goto done; } iter = new_hash_iter_context(pr_ctx->sid_table); c = 0; while ((entry = iter->next(iter)) != NULL) { if (strcmp(entry->key.str, pr_ctx->user_sid_str) != 0) { add_sids[c] = talloc_strdup(add_sids, entry->key.str); if (add_sids[c] == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } DEBUG(SSSDBG_TRACE_ALL, ("SID [%s] added to add_sids " \ "list.\n", entry->key.str)); c++; } } add_sid_count = c; } *_del_grp_count = del_grp_count; *_del_grp_list = talloc_steal(mem_ctx, del_grp_list); *_add_sid_count = add_sid_count; *_add_sids = talloc_steal(mem_ctx, add_sids); ret = EOK; done: talloc_free(iter); talloc_free(tmp_ctx); return ret; } static errno_t save_pac_user(struct pac_req_ctx *pr_ctx) { struct sysdb_ctx *sysdb; int ret; const char *attrs[] = {SYSDB_NAME, SYSDB_NAME_ALIAS, SYSDB_UIDNUM, SYSDB_GIDNUM, SYSDB_GECOS, SYSDB_HOMEDIR, SYSDB_SHELL, SYSDB_ORIG_DN, SYSDB_CACHEDPWD, NULL}; struct ldb_message *msg; struct passwd *pwd = NULL; TALLOC_CTX *tmp_ctx = NULL; struct sysdb_attrs *user_attrs = NULL; sysdb = pr_ctx->dom->sysdb; if (sysdb == NULL) { ret = EINVAL; DEBUG(SSSDBG_FATAL_FAILURE, ("Fatal: Sysdb CTX not found for this domain!\n")); goto done; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { ret = ENOMEM; DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); goto done; } ret = get_pwd_from_pac(tmp_ctx, pr_ctx->dom, pr_ctx->user_sid_str, pr_ctx->primary_group_sid_str, pr_ctx->sid_table, pr_ctx->logon_info, &pwd, &user_attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("get_pwd_from_pac failed.\n")); goto done; } ret = sysdb_search_user_by_uid(tmp_ctx, sysdb, pr_ctx->dom, pwd->pw_uid, attrs, &msg); if (ret == ENOENT) { if (pwd->pw_gid == 0 && !pr_ctx->dom->mpg) { DEBUG(SSSDBG_CRIT_FAILURE, ("Primary group RID from the PAC " \ "cannot be translated into a GID for " \ "user [%s]. Typically this happens " \ "when UIDs and GIDs are read from AD " \ "and the primary AD group does not " \ "have a GID assigned. Make sure the " \ "user is created by the ID provider " \ "before GSSAPI based authentication " \ "is used in this case.", pwd->pw_name)); ret = EINVAL; goto done; } ret = sysdb_store_user(sysdb, pr_ctx->dom, pwd->pw_name, NULL, pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos, pwd->pw_dir, pwd->pw_shell, NULL, user_attrs, NULL, pr_ctx->dom->user_timeout, 0); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_user failed [%d][%s].\n", ret, strerror(ret))); goto done; } } else if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_user_by_id failed.\n")); goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } struct pac_save_memberships_state { size_t sid_iter; struct ldb_dn *user_dn; struct pac_req_ctx *pr_ctx; }; static errno_t pac_save_memberships_delete(struct pac_save_memberships_state *state); struct tevent_req *pac_save_memberships_send(struct pac_req_ctx *pr_ctx) { struct pac_save_memberships_state *state; struct sss_domain_info *dom = pr_ctx->dom; struct tevent_req *req; errno_t ret; char *dom_name = NULL; struct ldb_message *msg; req = tevent_req_create(pr_ctx, &state, struct pac_save_memberships_state); if (req == NULL) { return NULL; } state->sid_iter = 0; dom_name = sss_get_domain_name(state, pr_ctx->user_name, dom); if (dom_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_sprintf failed.\n")); ret = ENOMEM; goto done; } ret = sysdb_search_user_by_name(state, dom->sysdb, dom, dom_name, NULL, &msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_user_by_name failed " \ "[%d][%s].\n", ret, strerror(ret))); goto done; } state->user_dn = msg->dn; state->pr_ctx = pr_ctx; ret = pac_save_memberships_delete(state); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("pac_save_memberships_delete failed.\n")); goto done; } ret = pac_save_memberships_next(req); if (ret == EOK) { tevent_req_done(req); tevent_req_post(req, pr_ctx->cctx->ev); } done: talloc_free(dom_name); if (ret != EOK && ret != EAGAIN) { tevent_req_error(req, ret); tevent_req_post(req, pr_ctx->cctx->ev); } return req; } static errno_t pac_save_memberships_delete(struct pac_save_memberships_state *state) { int ret; int sret; size_t c; struct pac_req_ctx *pr_ctx; bool in_transaction = false; TALLOC_CTX *tmp_ctx; struct sysdb_attrs *user_attrs = NULL; pr_ctx = state->pr_ctx; if (pr_ctx->del_grp_count == 0) { return EOK; } if (pr_ctx->del_grp_list == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing group list.\n")); return EINVAL; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } ret = sysdb_transaction_start(pr_ctx->dom->sysdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_transaction_start failed.\n")); goto done; } in_transaction = true; for (c = 0; c < pr_ctx->del_grp_count; c++) { /* If there is a failure for one group we still try to remove the * remaining groups. */ ret = sysdb_mod_group_member(pr_ctx->dom->sysdb, state->user_dn, pr_ctx->del_grp_list[c].dn, LDB_FLAG_MOD_DELETE); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_mod_group_member failed for " \ "user [%s] and group[%s].\n", ldb_dn_get_linearized(state->user_dn), ldb_dn_get_linearized( pr_ctx->del_grp_list[c].dn))); continue; } if (pr_ctx->del_grp_list[c].orig_dn != NULL) { user_attrs = sysdb_new_attrs(tmp_ctx); if (user_attrs == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n")); continue; } ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_MEMBEROF, pr_ctx->del_grp_list[c].orig_dn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); continue; } ret = sysdb_set_entry_attr(pr_ctx->dom->sysdb, state->user_dn, user_attrs, LDB_FLAG_MOD_DELETE); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_set_entry_attr failed.\n")); continue; } talloc_free(user_attrs); } } ret = sysdb_transaction_commit(pr_ctx->dom->sysdb); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_transaction_commit failed.\n")); goto done; } in_transaction = false; ret = EOK; done: if (in_transaction) { sret = sysdb_transaction_cancel(pr_ctx->dom->sysdb); if (sret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_transaction_cancel failed.\n")); } } talloc_free(tmp_ctx); return ret; } static errno_t pac_save_memberships_next(struct tevent_req *req) { errno_t ret; char *sid; struct sss_domain_info *grp_dom; struct tevent_req *subreq; struct pac_save_memberships_state *state; struct pac_req_ctx *pr_ctx; state = tevent_req_data(req, struct pac_save_memberships_state); pr_ctx = state->pr_ctx; if (pr_ctx->add_sid_count == 0) { return EOK; } if (pr_ctx->add_sids == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing list of SIDs.\n")); return EINVAL; } while (state->sid_iter < pr_ctx->add_sid_count) { sid = pr_ctx->add_sids[state->sid_iter]; ret = responder_get_domain_by_id(pr_ctx->pac_ctx->rctx, sid, &grp_dom); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("responder_get_domain_by_id failed, " \ "will try next group\n")); state->sid_iter++; continue; } ret = pac_store_membership(state->pr_ctx, state->user_dn, sid, grp_dom); if (ret == EOK) { state->sid_iter++; continue; } else if (ret == ENOENT) { subreq = sss_dp_get_account_send(state, pr_ctx->cctx->rctx, grp_dom, true, SSS_DP_SECID, sid, 0, NULL); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, pac_get_group_done, req); return EAGAIN; } else { DEBUG(SSSDBG_OP_FAILURE, ("pac_store_membership failed, " "trying next group.\n")); state->sid_iter++; continue; } } ret = EOK; done: return ret; } static void pac_get_group_done(struct tevent_req *subreq) { struct tevent_req *req; struct pac_save_memberships_state *state; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct pac_save_memberships_state); errno_t ret; dbus_uint16_t err_maj; dbus_uint32_t err_min; char *err_msg; char *sid; struct sss_domain_info *grp_dom; struct pac_req_ctx *pr_ctx = state->pr_ctx; ret = sss_dp_get_account_recv(req, subreq, &err_maj, &err_min, &err_msg); talloc_zfree(subreq); talloc_zfree(err_msg); if (ret != EOK) { goto error; } sid = pr_ctx->add_sids[state->sid_iter]; ret = responder_get_domain_by_id(pr_ctx->pac_ctx->rctx,sid, &grp_dom); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("responder_get_domain_by_id failed.\n")); goto error; } ret = pac_store_membership(state->pr_ctx, state->user_dn, sid, grp_dom); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("pac_store_membership failed, " "trying next group.\n")); } state->sid_iter++; ret = pac_save_memberships_next(req); if (ret == EOK) { tevent_req_done(req); } else if (ret != EAGAIN) { goto error; } return; error: tevent_req_error(req, ret); } static errno_t pac_store_membership(struct pac_req_ctx *pr_ctx, struct ldb_dn *user_dn, const char *grp_sid_str, struct sss_domain_info *grp_dom) { TALLOC_CTX *tmp_ctx; struct sysdb_attrs *user_attrs; struct ldb_result *group; errno_t ret; const char *orig_group_dn; const char *group_attrs[] = { SYSDB_ORIG_DN, SYSDB_OBJECTCLASS, NULL }; const char *oc; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } ret = sysdb_search_object_by_sid(tmp_ctx, grp_dom->sysdb, grp_dom, grp_sid_str, group_attrs, &group); if (ret != EOK) { DEBUG(SSSDBG_TRACE_INTERNAL, ("sysdb_search_object_by_sid " \ "for SID [%s] failed [%d][%s].\n", grp_sid_str, ret, strerror(ret))); goto done; } if (group->count != 1) { DEBUG(SSSDBG_OP_FAILURE, ("Unexpected number of groups returned.\n")); ret = EINVAL; goto done; } oc = ldb_msg_find_attr_as_string(group->msgs[0], SYSDB_OBJECTCLASS, NULL); if (oc == NULL || strcmp(oc, SYSDB_GROUP_CLASS) != 0) { DEBUG(SSSDBG_OP_FAILURE, ("Return object does not have group " \ "objectclass.\n")); ret = EINVAL; goto done; } DEBUG(SSSDBG_TRACE_ALL, ("Adding user [%s] to group [%s][%s].\n", ldb_dn_get_linearized(user_dn), grp_sid_str, ldb_dn_get_linearized(group->msgs[0]->dn))); ret = sysdb_mod_group_member(grp_dom->sysdb, user_dn, group->msgs[0]->dn, LDB_FLAG_MOD_ADD); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_mod_group_member failed user [%s] " \ "group [%s].\n", ldb_dn_get_linearized(user_dn), ldb_dn_get_linearized(group->msgs[0]->dn))); goto done; } orig_group_dn = ldb_msg_find_attr_as_string(group->msgs[0], SYSDB_ORIG_DN, NULL); if (orig_group_dn != NULL) { DEBUG(SSSDBG_TRACE_ALL, ("Adding original group DN [%s] to user [%s].\n", orig_group_dn, ldb_dn_get_linearized(user_dn))); user_attrs = sysdb_new_attrs(tmp_ctx); if (user_attrs == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n")); ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_MEMBEROF, orig_group_dn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); goto done; } ret = sysdb_set_entry_attr(pr_ctx->dom->sysdb, user_dn, user_attrs, LDB_FLAG_MOD_ADD); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_set_entry_attr failed.\n")); goto done; } } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Original DN not available for group " \ "[%s][%s].\n", grp_sid_str, ldb_dn_get_linearized(group->msgs[0]->dn))); } done: talloc_free(tmp_ctx); return ret; } static errno_t pac_save_memberships_recv(struct tevent_req *subreq) { TEVENT_REQ_RETURN_ON_ERROR(subreq); return EOK; } static void pac_save_memberships_done(struct tevent_req *req) { struct pac_req_ctx *pr_ctx = tevent_req_callback_data(req, struct pac_req_ctx); struct cli_ctx *cctx = pr_ctx->cctx; errno_t ret; ret = pac_save_memberships_recv(req); talloc_zfree(req); talloc_free(pr_ctx); pac_cmd_done(cctx, ret); } struct pac_lookup_sids_state { struct pac_ctx *pac_ctx; struct pac_req_ctx *pr_ctx; hash_table_t *sid_table; struct hash_iter_context_t *iter; }; static errno_t pac_lookup_sids_next(struct tevent_req *req); static void pac_lookup_sids_next_done(struct tevent_req *subreq); static struct tevent_req *pac_lookup_sids_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct pac_req_ctx *pr_ctx, struct pac_ctx *pac_ctx, hash_table_t *sid_table) { struct tevent_req *req; struct pac_lookup_sids_state *state; int ret; req = tevent_req_create(mem_ctx, &state, struct pac_lookup_sids_state); if (req == NULL) { return NULL; } state->pac_ctx = pac_ctx; state->pr_ctx = pr_ctx; state->sid_table = sid_table; state->iter = talloc_steal(state, new_hash_iter_context(state->sid_table)); ret = pac_lookup_sids_next(req); if (ret != EAGAIN) { if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); } return req; } static errno_t pac_lookup_sids_next(struct tevent_req *req) { struct pac_lookup_sids_state *state; state = tevent_req_data(req, struct pac_lookup_sids_state); hash_entry_t *entry; struct tevent_req *subreq; struct sss_domain_info *dom; int ret; while ((entry = state->iter->next(state->iter)) != NULL) { if (entry->value.ul == 0) { ret = responder_get_domain_by_id(state->pac_ctx->rctx, entry->key.str, &dom); if (ret == EOK && dom != NULL) { subreq = sss_dp_get_account_send(state, state->pr_ctx->cctx->rctx, dom, true, SSS_DP_SECID, entry->key.str, 0, NULL); if (subreq == NULL) { return ENOMEM; } tevent_req_set_callback(subreq, pac_lookup_sids_next_done, req); return EAGAIN; } } } return EOK; } static void pac_lookup_sids_next_done(struct tevent_req *subreq) { struct tevent_req *req; req = tevent_req_callback_data(subreq, struct tevent_req); errno_t ret; dbus_uint16_t err_maj; dbus_uint32_t err_min; char *err_msg; ret = sss_dp_get_account_recv(req, subreq, &err_maj, &err_min, &err_msg); talloc_zfree(subreq); talloc_zfree(err_msg); /* Errors during individual lookups are ignored. */ ret = pac_lookup_sids_next(req); if (ret == EOK) { tevent_req_done(req); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } static errno_t pac_lookup_sids_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } struct cli_protocol_version *register_cli_protocol_version(void) { static struct cli_protocol_version pac_cli_protocol_version[] = { {1, "2011-04-12", "initial version"}, {0, NULL, NULL} }; return pac_cli_protocol_version; } static struct sss_cmd_table pac_cmds[] = { {SSS_GET_VERSION, sss_cmd_get_version}, {SSS_PAC_ADD_PAC_USER, pac_add_pac_user}, {SSS_CLI_NULL, NULL} }; struct sss_cmd_table *get_pac_cmds(void) { return pac_cmds; } sssd-1.11.5/src/responder/pac/PaxHeaders.13173/pacsrv.h0000644000000000000000000000007412320753107020555 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.447875104 sssd-1.11.5/src/responder/pac/pacsrv.h0000664002412700241270000000500712320753107021001 0ustar00jhrozekjhrozek00000000000000/* SSSD PAC Responder, header file Copyright (C) Sumit Bose 2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __PACSRV_H__ #define __PACSRV_H__ #include #include #include #include #include #include #include #include "config.h" #include "talloc.h" #include "tevent.h" #include "ldb.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "responder/common/responder_packet.h" #include "responder/common/responder.h" #include "responder/common/responder_sbus.h" #include "lib/idmap/sss_idmap.h" #include "util/sss_nss.h" #include "db/sysdb.h" #define PAC_PACKET_MAX_RECV_SIZE 1024 struct getent_ctx; struct dom_sid; struct pac_ctx { struct resp_ctx *rctx; struct sss_idmap_ctx *idmap_ctx; struct dom_sid *my_dom_sid; struct local_mapping_ranges *range_map; }; struct grp_info { char *orig_dn; struct ldb_dn *dn; }; struct sss_cmd_table *get_pac_cmds(void); errno_t get_sids_from_pac(TALLOC_CTX *mem_ctx, struct pac_ctx *pac_ctx, struct PAC_LOGON_INFO *logon_info, char **_user_sid_str, char **_primary_group_sid_str, hash_table_t **_sid_table); errno_t get_data_from_pac(TALLOC_CTX *mem_ctx, uint8_t *pac_blob, size_t pac_len, struct PAC_LOGON_INFO **_logon_info); errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, char *user_sid_str, char *primary_group_sid_str, hash_table_t *sid_table, struct PAC_LOGON_INFO *logon_info, struct passwd **_pwd, struct sysdb_attrs **_attrs); #endif /* __PACSRV_H__ */ sssd-1.11.5/src/responder/pac/PaxHeaders.13173/pacsrv.c0000644000000000000000000000007412320753107020550 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.765874869 sssd-1.11.5/src/responder/pac/pacsrv.c0000664002412700241270000001730212320753107020775 0ustar00jhrozekjhrozek00000000000000/* SSSD PAC Responder Copyright (C) Sumit Bose 2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include #include #include "popt.h" #include "util/util.h" #include "responder/pac/pacsrv.h" #include "db/sysdb.h" #include "confdb/confdb.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "responder/common/responder_packet.h" #include "responder/common/responder.h" #include "providers/data_provider.h" #include "monitor/monitor_interfaces.h" #include "sbus/sbus_client.h" #include "util/util_sss_idmap.h" #define SSS_PAC_PIPE_NAME "pac" #define DEFAULT_PAC_FD_LIMIT 8192 #define DEFAULT_ALLOWED_UIDS "0" struct sbus_method monitor_pac_methods[] = { { MON_CLI_METHOD_PING, monitor_common_pong }, { MON_CLI_METHOD_RES_INIT, monitor_common_res_init }, { MON_CLI_METHOD_ROTATE, responder_logrotate }, { NULL, NULL } }; struct sbus_interface monitor_pac_interface = { MONITOR_INTERFACE, MONITOR_PATH, SBUS_DEFAULT_VTABLE, monitor_pac_methods, NULL }; static struct sbus_method pac_dp_methods[] = { { NULL, NULL } }; struct sbus_interface pac_dp_interface = { DP_INTERFACE, DP_PATH, SBUS_DEFAULT_VTABLE, pac_dp_methods, NULL }; /* TODO: check if this can be made generic for all responders */ static void pac_dp_reconnect_init(struct sbus_connection *conn, int status, void *pvt) { struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn); int ret; /* Did we reconnect successfully? */ if (status == SBUS_RECONNECT_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("Reconnected to the Data Provider.\n")); /* Identify ourselves to the data provider */ ret = dp_common_send_id(be_conn->conn, DATA_PROVIDER_VERSION, "PAC"); /* all fine */ if (ret == EOK) { handle_requests_after_reconnect(be_conn->rctx); return; } } /* Failed to reconnect */ DEBUG(SSSDBG_FATAL_FAILURE, ("Could not reconnect to %s provider.\n", be_conn->domain->name)); /* FIXME: kill the frontend and let the monitor restart it ? */ /* nss_shutdown(rctx); */ } int pac_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct resp_ctx *rctx; struct sss_cmd_table *pac_cmds; struct be_conn *iter; struct pac_ctx *pac_ctx; int ret, max_retries; enum idmap_error_code err; int fd_limit; char *uid_str; pac_cmds = get_pac_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, pac_cmds, SSS_PAC_SOCKET_NAME, NULL, CONFDB_PAC_CONF_ENTRY, PAC_SBUS_SERVICE_NAME, PAC_SBUS_SERVICE_VERSION, &monitor_pac_interface, "PAC", &pac_dp_interface, &rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("sss_process_init() failed\n")); return ret; } pac_ctx = talloc_zero(rctx, struct pac_ctx); if (!pac_ctx) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing pac_ctx\n")); ret = ENOMEM; goto fail; } pac_ctx->rctx = rctx; pac_ctx->rctx->pvt_ctx = pac_ctx; ret = confdb_get_string(pac_ctx->rctx->cdb, pac_ctx->rctx, CONFDB_PAC_CONF_ENTRY, CONFDB_SERVICE_ALLOWED_UIDS, DEFAULT_ALLOWED_UIDS, &uid_str); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to get allowed UIDs.\n")); goto fail; } ret = csv_string_to_uid_array(pac_ctx->rctx, uid_str, true, &pac_ctx->rctx->allowed_uids_count, &pac_ctx->rctx->allowed_uids); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to set allowed UIDs.\n")); goto fail; } /* Enable automatic reconnection to the Data Provider */ ret = confdb_get_int(pac_ctx->rctx->cdb, CONFDB_PAC_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to set up automatic reconnection\n")); goto fail; } for (iter = pac_ctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, pac_dp_reconnect_init, iter); } err = sss_idmap_init(sss_idmap_talloc, pac_ctx, sss_idmap_talloc_free, &pac_ctx->idmap_ctx); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, ("sss_idmap_init failed.\n")); ret = EFAULT; goto fail; } /* Set up file descriptor limits */ ret = confdb_get_int(pac_ctx->rctx->cdb, CONFDB_PAC_CONF_ENTRY, CONFDB_SERVICE_FD_LIMIT, DEFAULT_PAC_FD_LIMIT, &fd_limit); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to set up file descriptor limit\n")); goto fail; } responder_set_fd_limit(fd_limit); ret = schedule_get_domains_task(rctx, rctx->ev, rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n")); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, ("PAC Initialization complete\n")); return EOK; fail: talloc_free(rctx); return ret; } int main(int argc, const char *argv[]) { int opt; poptContext pc; struct main_context *main_ctx; int ret; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can decide if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_pac"; ret = server_setup("sssd[pac]", 0, CONFDB_PAC_CONF_ENTRY, &main_ctx); if (ret != EOK) return 2; ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ DEBUG(SSSDBG_OP_FAILURE, ("Could not set up to exit when parent process does\n")); } ret = pac_process_init(main_ctx, main_ctx->event_ctx, main_ctx->confdb_ctx); if (ret != EOK) return 3; /* loop on main */ server_loop(main_ctx); return 0; } sssd-1.11.5/src/responder/pac/PaxHeaders.13173/pacsrv_utils.c0000644000000000000000000000007412320753107021770 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.766874868 sssd-1.11.5/src/responder/pac/pacsrv_utils.c0000664002412700241270000003567212320753107022227 0ustar00jhrozekjhrozek00000000000000/* SSSD PAC Responder - utility finctions Copyright (C) Sumit Bose 2012 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "util/util.h" #include "responder/pac/pacsrv.h" /** * Check if a given SID belongs to a domain identified by the domain SID. */ bool dom_sid_in_domain(const struct dom_sid *domain_sid, const struct dom_sid *sid) { size_t c; if (!domain_sid || !sid) { return false; } if (domain_sid->sid_rev_num != sid->sid_rev_num) { return false; } for (c = 0; c < 6; c++) { if (domain_sid->id_auth[c] != sid->id_auth[c]) { return false; } } if (domain_sid->num_auths > sid->num_auths) { return false; } for (c = 0; c < domain_sid->num_auths-1; c++) { if (domain_sid->sub_auths[c] != sid->sub_auths[c]) { return false; } } return true; } errno_t get_sids_from_pac(TALLOC_CTX *mem_ctx, struct pac_ctx *pac_ctx, struct PAC_LOGON_INFO *logon_info, char **_user_sid_str, char **_primary_group_sid_str, hash_table_t **_sid_table) { int ret; size_t s; struct netr_SamInfo3 *info3; struct sss_domain_info *user_dom; struct sss_domain_info *group_dom; char *sid_str = NULL; char *msid_str = NULL; char *user_dom_sid_str = NULL; size_t user_dom_sid_str_len; enum idmap_error_code err; hash_table_t *sid_table = NULL; hash_key_t key; hash_value_t value; char *rid_start; struct ldb_result *msg = NULL; char *user_sid_str = NULL; char *primary_group_sid_str = NULL; if (pac_ctx == NULL || logon_info == NULL || _sid_table == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing parameter.\n")); return EINVAL; } info3 = &logon_info->info3; ret = sss_hash_create(mem_ctx, info3->sidcount + info3->base.groups.count + 2, &sid_table); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sss_hash_create failed.\n")); goto done; } key.type = HASH_KEY_STRING; value.type = HASH_VALUE_ULONG; err = sss_idmap_smb_sid_to_sid(pac_ctx->idmap_ctx, info3->base.domain_sid, &user_dom_sid_str); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_smb_sid_to_sid failed.\n")); ret = EFAULT; goto done; } ret = responder_get_domain_by_id(pac_ctx->rctx, user_dom_sid_str, &user_dom); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("responder_get_domain_by_id failed.\n")); ret = EINVAL; goto done; } user_dom_sid_str_len = strlen(user_dom_sid_str); sid_str = talloc_zero_size(mem_ctx, user_dom_sid_str_len + 12); if (sid_str == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero_size failed.\n")); ret = ENOMEM; goto done; } rid_start = sid_str + user_dom_sid_str_len; memcpy(sid_str, user_dom_sid_str, user_dom_sid_str_len); memset(rid_start, '\0', 12); ret = snprintf(rid_start, 12, "-%lu", (unsigned long) info3->base.rid); if (ret < 0 || ret > 12) { DEBUG(SSSDBG_OP_FAILURE, ("snprintf failed.\n")); ret = EIO; goto done; } user_sid_str = talloc_strdup(mem_ctx, sid_str); if (user_sid_str == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } key.str = sid_str; value.ul = 0; ret = sysdb_search_object_by_sid(mem_ctx, user_dom->sysdb, user_dom, sid_str, NULL, &msg); if (ret == EOK && msg->count == 1) { value.ul = ldb_msg_find_attr_as_uint64(msg->msgs[0], SYSDB_UIDNUM, 0); } talloc_zfree(msg); ret = hash_enter(sid_table, &key, &value); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("hash_enter failed [%d][%s].\n", ret, hash_error_string(ret))); ret = EIO; goto done; } memset(rid_start, '\0', 12); ret = snprintf(rid_start, 12, "-%lu", (unsigned long) info3->base.primary_gid); if (ret < 0 || ret > 12) { DEBUG(SSSDBG_OP_FAILURE, ("snprintf failed.\n")); ret = EIO; goto done; } primary_group_sid_str = talloc_strdup(mem_ctx, sid_str); if (primary_group_sid_str == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } key.str = sid_str; value.ul = 0; ret = sysdb_search_object_by_sid(mem_ctx, user_dom->sysdb, user_dom, sid_str, NULL, &msg); if (ret == EOK && msg->count == 1) { value.ul = ldb_msg_find_attr_as_uint64(msg->msgs[0], SYSDB_GIDNUM, 0); } talloc_zfree(msg); ret = hash_enter(sid_table, &key, &value); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("hash_enter failed [%d][%s].\n", ret, hash_error_string(ret))); ret = EIO; goto done; } for (s = 0; s < info3->base.groups.count; s++) { memset(rid_start, '\0', 12); ret = snprintf(rid_start, 12, "-%lu", (unsigned long) info3->base.groups.rids[s].rid); if (ret < 0 || ret > 12) { DEBUG(SSSDBG_OP_FAILURE, ("snprintf failed.\n")); ret = EIO; goto done; } key.str = sid_str; value.ul = 0; ret = sysdb_search_object_by_sid(mem_ctx, user_dom->sysdb, user_dom, sid_str, NULL, &msg); if (ret == EOK && msg->count == 1) { value.ul = ldb_msg_find_attr_as_uint64(msg->msgs[0], SYSDB_GIDNUM, 0); } talloc_zfree(msg); ret = hash_enter(sid_table, &key, &value); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("hash_enter failed [%d][%s].\n", ret, hash_error_string(ret))); ret = EIO; goto done; } } for(s = 0; s < info3->sidcount; s++) { err = sss_idmap_smb_sid_to_sid(pac_ctx->idmap_ctx, info3->sids[s].sid, &msid_str); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_smb_sid_to_sid failed.\n")); ret = EFAULT; goto done; } key.str = msid_str; value.ul = 0; ret = responder_get_domain_by_id(pac_ctx->rctx, msid_str, &group_dom); if (ret == EOK) { ret = sysdb_search_object_by_sid(mem_ctx, group_dom->sysdb, group_dom, msid_str, NULL, &msg); if (ret == EOK && msg->count == 1 ) { value.ul = ldb_msg_find_attr_as_uint64(msg->msgs[0], SYSDB_GIDNUM, 0); } talloc_zfree(msg); } ret = hash_enter(sid_table, &key, &value); sss_idmap_free_sid(pac_ctx->idmap_ctx, msid_str); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("hash_enter failed [%d][%s].\n", ret, hash_error_string(ret))); ret = EIO; goto done; } } ret = EOK; done: talloc_free(sid_str); sss_idmap_free_sid(pac_ctx->idmap_ctx, user_dom_sid_str); if (ret == EOK) { *_sid_table = sid_table; *_user_sid_str = user_sid_str; *_primary_group_sid_str = primary_group_sid_str; } else { hash_destroy(sid_table); talloc_free(user_sid_str); talloc_free(primary_group_sid_str); } return ret; } /** * Extract the PAC logon data from an NDR blob. */ errno_t get_data_from_pac(TALLOC_CTX *mem_ctx, uint8_t *pac_blob, size_t pac_len, struct PAC_LOGON_INFO **_logon_info) { DATA_BLOB blob; struct ndr_pull *ndr_pull; struct PAC_DATA *pac_data; enum ndr_err_code ndr_err; size_t c; int ret; blob.data = pac_blob; blob.length = pac_len; ndr_pull = ndr_pull_init_blob(&blob, mem_ctx); if (ndr_pull == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_init_blob failed.\n")); return ENOMEM; } ndr_pull->flags |= LIBNDR_FLAG_REF_ALLOC; /* FIXME: is this really needed ? */ pac_data = talloc_zero(mem_ctx, struct PAC_DATA); if (pac_data == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero failed.\n")); return ENOMEM; } ndr_err = ndr_pull_PAC_DATA(ndr_pull, NDR_SCALARS|NDR_BUFFERS, pac_data); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_PAC_DATA failed [%d]\n", ndr_err)); return EBADMSG; } for(c = 0; c < pac_data->num_buffers; c++) { if (pac_data->buffers[c].type == PAC_TYPE_LOGON_INFO) { *_logon_info = pac_data->buffers[c].info->logon_info.info; return EOK; } } ret = EINVAL; talloc_free(pac_data); return ret; } /** * Fill up the passwd struct with data from the PAC logon info */ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, char *user_sid_str, char *primary_group_sid_str, hash_table_t *sid_table, struct PAC_LOGON_INFO *logon_info, struct passwd **_pwd, struct sysdb_attrs **_attrs) { struct passwd *pwd = NULL; struct sysdb_attrs *attrs = NULL; struct netr_SamBaseInfo *base_info; int ret; char *lname; char *uc_realm; char *upn; hash_key_t key; hash_value_t value; pwd = talloc_zero(mem_ctx, struct passwd); if (pwd == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero failed.\n")); return ENOMEM; } base_info = &logon_info->info3.base; if (base_info->account_name.size == 0) { DEBUG(SSSDBG_OP_FAILURE, ("Missing account name in PAC.\n")); ret = EINVAL; goto done; } if (base_info->rid == 0) { DEBUG(SSSDBG_OP_FAILURE, ("Missing user RID in PAC.\n")); ret = EINVAL; goto done; } /* To be compatible with winbind based lookups we have to use lower * case names only, effectively making the domain case-insenvitive. */ lname = sss_tc_utf8_str_tolower(pwd, base_info->account_name.string); if (lname == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sss_tc_utf8_str_tolower failed.\n")); ret = ENOMEM; goto done; } /* Subdomain use fully qualified names */ pwd->pw_name = sss_get_domain_name(pwd, lname, dom); if (!pwd->pw_name) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_sprintf failed.\n")); ret = ENOMEM; goto done; } key.type = HASH_KEY_STRING; key.str = user_sid_str; ret = hash_lookup(sid_table, &key, &value); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("hash_lookup failed.\n")); ret = EIO; goto done; } if (value.type != HASH_VALUE_ULONG) { DEBUG(SSSDBG_OP_FAILURE, ("Wrong value type.\n")); ret = EIO; goto done; } pwd->pw_uid = value.ul; if (IS_SUBDOMAIN(dom) || dom->mpg) { pwd->pw_gid = 0; /* We use MPGs for sub-domains */ } else { key.type = HASH_KEY_STRING; key.str = primary_group_sid_str; ret = hash_lookup(sid_table, &key, &value); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("hash_lookup failed.\n")); ret = EIO; goto done; } if (value.type != HASH_VALUE_ULONG) { DEBUG(SSSDBG_OP_FAILURE, ("Wrong value type.\n")); ret = EIO; goto done; } pwd->pw_gid = value.ul; } if (base_info->full_name.size != 0) { pwd->pw_gecos = talloc_strdup(pwd, base_info->full_name.string); if (pwd->pw_gecos == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; goto done; } } else { DEBUG(SSSDBG_OP_FAILURE, ("Missing full name in PAC, " "gecos field will by empty.\n ")); } /* Check if there is a special homedir template for sub-domains. If not a * fallback will be added by the NSS responder. */ if (IS_SUBDOMAIN(dom) && dom->subdomain_homedir) { pwd->pw_dir = expand_homedir_template(pwd, dom->subdomain_homedir, lname, pwd->pw_uid, NULL, dom->name, dom->flat_name); if (pwd->pw_dir == NULL) { ret = ENOMEM; goto done; } } pwd->pw_shell = NULL; /* Using default */ attrs = sysdb_new_attrs(mem_ctx); if (attrs == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n")); ret = ENOMEM; goto done; } uc_realm = get_uppercase_realm(mem_ctx, dom->name); if (uc_realm == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n")); ret = ENOMEM; goto done; } upn = talloc_asprintf(mem_ctx, "%s@%s", lname, uc_realm); talloc_free(uc_realm); if (upn == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_UPN, upn); talloc_free(upn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); goto done; } ret = sysdb_attrs_add_lc_name_alias(attrs, pwd->pw_name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_lc_name_alias failed.\n")); goto done; } ret = sysdb_attrs_add_string(attrs, SYSDB_SID_STR, user_sid_str); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n")); goto done; } *_pwd = pwd; *_attrs = attrs; ret = EOK; done: if (ret != EOK) { talloc_free(pwd); } return ret; } sssd-1.11.5/src/responder/PaxHeaders.13173/sudo0000644000000000000000000000013212320753521017233 xustar000000000000000030 mtime=1396954961.779874858 30 atime=1396955003.534843847 30 ctime=1396954961.779874858 sssd-1.11.5/src/responder/sudo/0000775002412700241270000000000012320753521017537 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/responder/sudo/PaxHeaders.13173/sudosrv_private.h0000644000000000000000000000007412320753107022725 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.448875103 sssd-1.11.5/src/responder/sudo/sudosrv_private.h0000664002412700241270000000700612320753107023152 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _SUDOSRV_PRIVATE_H_ #define _SUDOSRV_PRIVATE_H_ #include #include #include #include "src/db/sysdb.h" #include "responder/common/responder.h" #define SSS_SUDO_ERROR_OK 0 enum sss_dp_sudo_type { SSS_DP_SUDO_REFRESH_RULES, SSS_DP_SUDO_FULL_REFRESH }; enum sss_sudo_type { SSS_SUDO_DEFAULTS, SSS_SUDO_USER }; struct sudo_ctx { struct resp_ctx *rctx; /* * options */ bool timed; }; struct sudo_cmd_ctx { struct cli_ctx *cli_ctx; struct sudo_ctx *sudo_ctx; enum sss_sudo_type type; /* input data */ uid_t uid; char *username; const char *orig_username; const char *cased_username; struct sss_domain_info *domain; bool check_next; uint32_t expired_rules_num; /* output data */ struct sysdb_attrs **rules; uint32_t num_rules; }; struct sudo_dom_ctx { struct sudo_cmd_ctx *cmd_ctx; struct sss_domain_info *domain; bool check_provider; }; struct sudo_dp_request { struct cli_ctx *cctx; struct sss_domain_info *domain; }; struct sss_cmd_table *get_sudo_cmds(void); errno_t sudosrv_cmd_done(struct sudo_cmd_ctx *cmd_ctx, int ret); errno_t sudosrv_get_sudorules(struct sudo_dom_ctx *dctx); errno_t sudosrv_get_rules(struct sudo_cmd_ctx *cmd_ctx); struct tevent_req *sudosrv_parse_query_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, uint8_t *query_body, size_t query_len); errno_t sudosrv_parse_query_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, uid_t *_uid, char **_username, struct sss_domain_info **_domain); errno_t sudosrv_build_response(TALLOC_CTX *mem_ctx, uint32_t error, uint32_t rules_num, struct sysdb_attrs **rules, uint8_t **_response_body, size_t *_response_len); struct tevent_req * sss_dp_get_sudoers_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_domain_info *dom, bool fast_reply, enum sss_dp_sudo_type type, const char *name, uint32_t num_rules, struct sysdb_attrs **rules); errno_t sss_dp_get_sudoers_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, dbus_uint16_t *err_maj, dbus_uint32_t *err_min, char **err_msg); #endif /* _SUDOSRV_PRIVATE_H_ */ sssd-1.11.5/src/responder/sudo/PaxHeaders.13173/sudosrv_cmd.c0000644000000000000000000000007412320753107022011 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.776874861 sssd-1.11.5/src/responder/sudo/sudosrv_cmd.c0000664002412700241270000002231212320753107022233 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "util/util.h" #include "responder/common/responder.h" #include "responder/common/responder_packet.h" #include "responder/sudo/sudosrv_private.h" #include "db/sysdb_sudo.h" #include "sss_client/sss_cli.h" static errno_t sudosrv_cmd_send_reply(struct sudo_cmd_ctx *cmd_ctx, uint8_t *response_body, size_t response_len) { errno_t ret; uint8_t *packet_body = NULL; size_t packet_len = 0; struct cli_ctx *cli_ctx = cmd_ctx->cli_ctx; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; ret = sss_packet_new(cli_ctx->creq, 0, sss_packet_get_cmd(cli_ctx->creq->in), &cli_ctx->creq->out); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to create a new packet [%d]; %s\n", ret, strerror(ret))); goto done; } ret = sss_packet_grow(cli_ctx->creq->out, response_len); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to create response: %s\n", strerror(ret))); goto done; } sss_packet_get_body(cli_ctx->creq->out, &packet_body, &packet_len); memcpy(packet_body, response_body, response_len); sss_packet_set_error(cli_ctx->creq->out, EOK); sss_cmd_done(cmd_ctx->cli_ctx, cmd_ctx); ret = EOK; done: talloc_zfree(tmp_ctx); return ret; } static errno_t sudosrv_cmd_send_error(TALLOC_CTX *mem_ctx, struct sudo_cmd_ctx *cmd_ctx, uint32_t error) { uint8_t *response_body = NULL; size_t response_len = 0; int ret = EOK; if (error == EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Everything is fine but we are " "returning error?\n")); return EFAULT; } ret = sudosrv_build_response(mem_ctx, error, 0, NULL, &response_body, &response_len); if (ret != EOK) { return ret; } return sudosrv_cmd_send_reply(cmd_ctx, response_body, response_len); } errno_t sudosrv_cmd_done(struct sudo_cmd_ctx *cmd_ctx, int ret) { uint8_t *response_body = NULL; size_t response_len = 0; uint32_t num_rules = cmd_ctx->num_rules; struct sysdb_attrs **rules = cmd_ctx->rules; switch (ret) { case EOK: /* * Parent of cmd_ctx->rules is in-memory cache, we must not talloc_free it! */ if (cmd_ctx->sudo_ctx->timed) { /* filter rules by time */ DEBUG(SSSDBG_TRACE_FUNC, ("Applying time restrictions on" "%u rules\n", cmd_ctx->num_rules)); ret = sysdb_sudo_filter_rules_by_time(cmd_ctx, cmd_ctx->num_rules, cmd_ctx->rules, 0, &num_rules, &rules); if (ret != EOK) { return EFAULT; } DEBUG(SSSDBG_TRACE_FUNC, ("Got %u rules after time filter\n", num_rules)); } /* send result */ ret = sudosrv_build_response(cmd_ctx, SSS_SUDO_ERROR_OK, num_rules, rules, &response_body, &response_len); if (ret != EOK) { return EFAULT; } ret = sudosrv_cmd_send_reply(cmd_ctx, response_body, response_len); break; case EAGAIN: /* async processing, just return here */ return EOK; case EFAULT: /* very bad error */ return EFAULT; /* case ENOENT: * - means user not found * - send error ENOENT */ default: /* send error */ ret = sudosrv_cmd_send_error(cmd_ctx, cmd_ctx, ret); break; } if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Fatal error, killing connection!\n")); talloc_free(cmd_ctx->cli_ctx); return EFAULT; } return EOK; } static void sudosrv_cmd_parse_query_done(struct tevent_req *req); static int sudosrv_cmd(enum sss_sudo_type type, struct cli_ctx *cli_ctx) { struct tevent_req *req = NULL; struct sudo_cmd_ctx *cmd_ctx = NULL; uint8_t *query_body = NULL; size_t query_len = 0; uint32_t protocol = cli_ctx->cli_protocol_version->version; errno_t ret; /* create cmd_ctx */ cmd_ctx = talloc_zero(cli_ctx, struct sudo_cmd_ctx); if (cmd_ctx == NULL) { /* kill the connection here as we have no context for reply */ DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n")); return ENOMEM; } cmd_ctx->domain = NULL; cmd_ctx->cli_ctx = cli_ctx; cmd_ctx->type = type; cmd_ctx->sudo_ctx = talloc_get_type(cli_ctx->rctx->pvt_ctx, struct sudo_ctx); if (cmd_ctx->sudo_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("sudo_ctx not set, killing connection!\n")); return EFAULT; } /* if protocol is invalid return */ switch (protocol) { case 0: DEBUG(SSSDBG_FATAL_FAILURE, ("Protocol [%d] is not secure. " "SSSD does not allow to use this protocol.\n", protocol)); ret = EFAULT; goto done; break; case SSS_SUDO_PROTOCOL_VERSION: DEBUG(SSSDBG_TRACE_INTERNAL, ("Using protocol version [%d]\n", protocol)); break; default: DEBUG(SSSDBG_FATAL_FAILURE, ("Invalid protocol version [%d]!\n", protocol)); ret = EFAULT; goto done; } /* parse query */ sss_packet_get_body(cli_ctx->creq->in, &query_body, &query_len); if (query_len <= 0 || query_body == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Query is empty\n")); ret = EINVAL; goto done; } req = sudosrv_parse_query_send(cmd_ctx, cli_ctx->rctx, query_body, query_len); if (req == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(req, sudosrv_cmd_parse_query_done, cmd_ctx); ret = EAGAIN; done: return sudosrv_cmd_done(cmd_ctx, ret); } static void sudosrv_cmd_parse_query_done(struct tevent_req *req) { struct sudo_cmd_ctx *cmd_ctx = NULL; struct sudo_dom_ctx *dom_ctx = NULL; errno_t ret; cmd_ctx = tevent_req_callback_data(req, struct sudo_cmd_ctx); ret = sudosrv_parse_query_recv(cmd_ctx, req, &cmd_ctx->uid, &cmd_ctx->username, &cmd_ctx->domain); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid query [%d]: %s\n", ret, strerror(ret))); goto done; } cmd_ctx->check_next = cmd_ctx->domain == NULL; switch (cmd_ctx->type) { case SSS_SUDO_DEFAULTS: DEBUG(SSSDBG_FUNC_DATA, ("Requesting default options " "for [%s] from [%s]\n", cmd_ctx->username, cmd_ctx->domain ? cmd_ctx->domain->name : "")); break; case SSS_SUDO_USER: DEBUG(SSSDBG_FUNC_DATA, ("Requesting rules " "for [%s] from [%s]\n", cmd_ctx->username, cmd_ctx->domain ? cmd_ctx->domain->name : "")); break; } /* create domain ctx */ dom_ctx = talloc_zero(cmd_ctx, struct sudo_dom_ctx); if (dom_ctx == NULL) { ret = ENOMEM; goto done; } dom_ctx->cmd_ctx = cmd_ctx; dom_ctx->domain = cmd_ctx->domain != NULL ? cmd_ctx->domain : cmd_ctx->cli_ctx->rctx->domains; ret = sudosrv_get_sudorules(dom_ctx); done: sudosrv_cmd_done(cmd_ctx, ret); } static int sudosrv_cmd_get_sudorules(struct cli_ctx *cli_ctx) { return sudosrv_cmd(SSS_SUDO_USER, cli_ctx); } static int sudosrv_cmd_get_defaults(struct cli_ctx *cli_ctx) { return sudosrv_cmd(SSS_SUDO_DEFAULTS, cli_ctx); } struct cli_protocol_version *register_cli_protocol_version(void) { static struct cli_protocol_version sudo_cli_protocol_version[] = { {1, "2012-05-14", "require uid and domain"}, {0, NULL, NULL} }; return sudo_cli_protocol_version; } struct sss_cmd_table *get_sudo_cmds(void) { static struct sss_cmd_table sudo_cmds[] = { {SSS_GET_VERSION, sss_cmd_get_version}, {SSS_SUDO_GET_SUDORULES, sudosrv_cmd_get_sudorules}, {SSS_SUDO_GET_DEFAULTS, sudosrv_cmd_get_defaults}, {SSS_CLI_NULL, NULL} }; return sudo_cmds; } sssd-1.11.5/src/responder/sudo/PaxHeaders.13173/sudosrv.c0000644000000000000000000000007412320753107021166 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.775874861 sssd-1.11.5/src/responder/sudo/sudosrv.c0000664002412700241270000001457612320753107021425 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/util.h" #include "confdb/confdb.h" #include "monitor/monitor_interfaces.h" #include "responder/common/responder.h" #include "responder/common/responder_sbus.h" #include "responder/sudo/sudosrv_private.h" #include "providers/data_provider.h" struct sbus_method monitor_sudo_methods[] = { { MON_CLI_METHOD_PING, monitor_common_pong }, { MON_CLI_METHOD_RES_INIT, monitor_common_res_init }, { MON_CLI_METHOD_ROTATE, responder_logrotate }, { NULL, NULL } }; struct sbus_interface monitor_sudo_interface = { MONITOR_INTERFACE, MONITOR_PATH, SBUS_DEFAULT_VTABLE, monitor_sudo_methods, NULL }; static struct sbus_method sudo_dp_methods[] = { { NULL, NULL } }; struct sbus_interface sudo_dp_interface = { DP_INTERFACE, DP_PATH, SBUS_DEFAULT_VTABLE, sudo_dp_methods, NULL }; static void sudo_dp_reconnect_init(struct sbus_connection *conn, int status, void *pvt) { struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn); int ret; /* Did we reconnect successfully? */ if (status == SBUS_RECONNECT_SUCCESS) { DEBUG(SSSDBG_TRACE_FUNC, ("Reconnected to the Data Provider.\n")); /* Identify ourselves to the data provider */ ret = dp_common_send_id(be_conn->conn, DATA_PROVIDER_VERSION, "SUDO"); /* all fine */ if (ret == EOK) { handle_requests_after_reconnect(be_conn->rctx); return; } } /* Failed to reconnect */ DEBUG(SSSDBG_FATAL_FAILURE, ("Could not reconnect to %s provider.\n", be_conn->domain->name)); } int sudo_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct resp_ctx *rctx; struct sss_cmd_table *sudo_cmds; struct sudo_ctx *sudo_ctx; struct be_conn *iter; int ret; int max_retries; sudo_cmds = get_sudo_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, sudo_cmds, SSS_SUDO_SOCKET_NAME, NULL, CONFDB_SUDO_CONF_ENTRY, SSS_SUDO_SBUS_SERVICE_NAME, SSS_SUDO_SBUS_SERVICE_VERSION, &monitor_sudo_interface, "SUDO", &sudo_dp_interface, &rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("sss_process_init() failed\n")); return ret; } sudo_ctx = talloc_zero(rctx, struct sudo_ctx); if (!sudo_ctx) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing sudo_ctx\n")); ret = ENOMEM; goto fail; } sudo_ctx->rctx = rctx; sudo_ctx->rctx->pvt_ctx = sudo_ctx; /* Enable automatic reconnection to the Data Provider */ ret = confdb_get_int(sudo_ctx->rctx->cdb, CONFDB_SUDO_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to set up automatic reconnection\n")); goto fail; } for (iter = sudo_ctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, sudo_dp_reconnect_init, iter); } /* Get responder options */ /* Get sudo_timed option */ ret = confdb_get_bool(sudo_ctx->rctx->cdb, CONFDB_SUDO_CONF_ENTRY, CONFDB_SUDO_TIMED, CONFDB_DEFAULT_SUDO_TIMED, &sudo_ctx->timed); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) [%s]\n", ret, strerror(ret))); goto fail; } ret = schedule_get_domains_task(rctx, rctx->ev, rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("schedule_get_domains_tasks failed.\n")); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, ("SUDO Initialization complete\n")); return EOK; fail: talloc_free(rctx); return ret; } int main(int argc, const char *argv[]) { int opt; poptContext pc; struct main_context *main_ctx; int ret; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); /* set up things like debug, signals, daemonization, etc... */ debug_log_file = "sssd_sudo"; ret = server_setup("sssd[sudo]", 0, CONFDB_SUDO_CONF_ENTRY, &main_ctx); if (ret != EOK) { return 2; } ret = die_if_parent_died(); if (ret != EOK) { /* This is not fatal, don't return */ DEBUG(SSSDBG_OP_FAILURE, ("Could not set up to exit " "when parent process does\n")); } ret = sudo_process_init(main_ctx, main_ctx->event_ctx, main_ctx->confdb_ctx); if (ret != EOK) { return 3; } /* loop on main */ server_loop(main_ctx); return 0; } sssd-1.11.5/src/responder/sudo/PaxHeaders.13173/sudosrv_query.c0000644000000000000000000000007412320753107022413 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.778874859 sssd-1.11.5/src/responder/sudo/sudosrv_query.c0000664002412700241270000003147412320753107022646 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "responder/sudo/sudosrv_private.h" static int sudosrv_response_append_string(TALLOC_CTX *mem_ctx, const char *str, size_t str_len, uint8_t **_response_body, size_t *_response_len) { size_t response_len = *_response_len; uint8_t *response_body = *_response_body; response_body = talloc_realloc(mem_ctx, response_body, uint8_t, response_len + (str_len * sizeof(char))); if (response_body == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_realloc() failed\n")); return ENOMEM; } memcpy(response_body + response_len, str, str_len); response_len += str_len; *_response_body = response_body; *_response_len = response_len; return EOK; } static int sudosrv_response_append_uint32(TALLOC_CTX *mem_ctx, uint32_t number, uint8_t **_response_body, size_t *_response_len) { size_t response_len = *_response_len; uint8_t *response_body = *_response_body; response_body = talloc_realloc(mem_ctx, response_body, uint8_t, response_len + sizeof(uint32_t)); if (response_body == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_realloc() failed\n")); return ENOMEM; } SAFEALIGN_SET_UINT32(response_body + response_len, number, &response_len); *_response_body = response_body; *_response_len = response_len; return EOK; } static int sudosrv_response_append_attr(TALLOC_CTX *mem_ctx, const char *name, unsigned int values_num, struct ldb_val *values, uint8_t **_response_body, size_t *_response_len) { uint8_t *response_body = *_response_body; size_t response_len = *_response_len; TALLOC_CTX *tmp_ctx = NULL; int i = 0; int ret = EOK; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } /* attr name */ ret = sudosrv_response_append_string(tmp_ctx, name, strlen(name) + 1, &response_body, &response_len); if (ret != EOK) { goto done; } /* values count */ ret = sudosrv_response_append_uint32(tmp_ctx, values_num, &response_body, &response_len); if (ret != EOK) { goto done; } /* values */ for (i = 0; i < values_num; i++) { if (strlen((char*)(values[i].data)) != values[i].length) { DEBUG(SSSDBG_CRIT_FAILURE, ("value is not a string")); ret = EINVAL; goto done; } ret = sudosrv_response_append_string(tmp_ctx, (const char*)values[i].data, values[i].length + 1, &response_body, &response_len); if (ret != EOK) { goto done; } } *_response_body = talloc_steal(mem_ctx, response_body); *_response_len = response_len; ret = EOK; done: talloc_free(tmp_ctx); return ret; } static int sudosrv_response_append_rule(TALLOC_CTX *mem_ctx, int attrs_num, struct ldb_message_element *attrs, uint8_t **_response_body, size_t *_response_len) { uint8_t *response_body = *_response_body; size_t response_len = *_response_len; TALLOC_CTX *tmp_ctx = NULL; int i = 0; int ret = EOK; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } /* attrs count */ ret = sudosrv_response_append_uint32(tmp_ctx, attrs_num, &response_body, &response_len); if (ret != EOK) { goto done; } /* attrs */ for (i = 0; i < attrs_num; i++) { ret = sudosrv_response_append_attr(tmp_ctx, attrs[i].name, attrs[i].num_values, attrs[i].values, &response_body, &response_len); if (ret != EOK) { goto done; } } *_response_body = talloc_steal(mem_ctx, response_body); *_response_len = response_len; ret = EOK; done: talloc_free(tmp_ctx); return ret; } /* * Response format: * \0... * = ... * = \0\0\0... * * if is not SSS_SUDO_ERROR_OK, the rest of the data is skipped. */ errno_t sudosrv_build_response(TALLOC_CTX *mem_ctx, uint32_t error, uint32_t rules_num, struct sysdb_attrs **rules, uint8_t **_response_body, size_t *_response_len) { uint8_t *response_body = NULL; size_t response_len = 0; TALLOC_CTX *tmp_ctx = NULL; uint32_t i = 0; errno_t ret = EOK; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } /* error code */ ret = sudosrv_response_append_uint32(tmp_ctx, error, &response_body, &response_len); if (ret != EOK) { goto fail; } if (error != SSS_SUDO_ERROR_OK) { goto done; } /* domain name - deprecated * TODO: when possible change the protocol */ ret = sudosrv_response_append_string(tmp_ctx, "\0", 1, &response_body, &response_len); if (ret != EOK) { goto fail; } /* rules count */ ret = sudosrv_response_append_uint32(tmp_ctx, rules_num, &response_body, &response_len); if (ret != EOK) { goto fail; } /* rules */ for (i = 0; i < rules_num; i++) { ret = sudosrv_response_append_rule(tmp_ctx, rules[i]->num, rules[i]->a, &response_body, &response_len); if (ret != EOK) { goto fail; } } done: *_response_body = talloc_steal(mem_ctx, response_body); *_response_len = response_len; ret = EOK; fail: talloc_free(tmp_ctx); return ret; } struct sudosrv_parse_query_state { struct resp_ctx *rctx; uid_t uid; char *rawname; }; static void sudosrv_parse_query_done(struct tevent_req *subreq); struct tevent_req *sudosrv_parse_query_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, uint8_t *query_body, size_t query_len) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; struct sudosrv_parse_query_state *state = NULL; size_t offset = 0; size_t rawname_len = 0; char *rawname = NULL; char *domainname = NULL; errno_t ret; /* create request */ req = tevent_req_create(mem_ctx, &state, struct sudosrv_parse_query_state); if (req == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("tevent_req_create() failed\n")); return NULL; } state->rctx = rctx; /* uid */ if (query_len < sizeof(uid_t)) { DEBUG(SSSDBG_CRIT_FAILURE, ("Query is too small\n")); ret = EINVAL; goto done; } safealign_memcpy(&state->uid, query_body, sizeof(uid_t), &offset); /* username[@domain] */ rawname = (char*)(query_body + offset); rawname_len = query_len - offset; /* strlen + zero */ if (rawname[rawname_len - 1] != '\0') { DEBUG(SSSDBG_CRIT_FAILURE, ("Username is not zero terminated\n")); ret = EINVAL; goto done; } if (rawname_len < 2) { /* at least one character and zero */ DEBUG(SSSDBG_CRIT_FAILURE, ("Query does not contain username\n")); ret = EINVAL; goto done; } if (!sss_utf8_check((uint8_t*)rawname, rawname_len - 1)) { DEBUG(SSSDBG_CRIT_FAILURE, ("Supplied data is not valid UTF-8 string\n")); ret = EINVAL; goto done; } /* parse username */ state->rawname = rawname; ret = sss_parse_name_for_domains(state, rctx->domains, rctx->default_domain, state->rawname, &domainname, NULL); if (ret == EAGAIN) { DEBUG(SSSDBG_TRACE_FUNC, ("Domain [%s] not found, " "sending subdomain request\n", domainname)); subreq = sss_dp_get_domains_send(state, rctx, true, domainname); if (subreq == NULL) { ret = ENOMEM; } else { tevent_req_set_callback(subreq, sudosrv_parse_query_done, req); ret = EAGAIN; } goto done; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid name received [%s]\n", rawname)); goto done; } ret = EOK; done: if (ret != EAGAIN) { if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, rctx->ev); } return req; } static void sudosrv_parse_query_done(struct tevent_req *subreq) { struct tevent_req *req = NULL; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); ret = sss_dp_get_domains_recv(subreq); talloc_free(subreq); if (ret != EOK) { tevent_req_error(req, ret); } tevent_req_done(req); } errno_t sudosrv_parse_query_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, uid_t *_uid, char **_username, struct sss_domain_info **_domain) { struct sudosrv_parse_query_state *state = NULL; struct sss_domain_info *domain = NULL; char *username = NULL; char *domainname = NULL; errno_t ret; state = tevent_req_data(req, struct sudosrv_parse_query_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (state->rawname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No query specified?!\n")); return EINVAL; } /* Try to parse username@domain again because if the first call * returned EAGAIN, then username is unset. If we get EAGAIN again, * we will not search for it again. */ ret = sss_parse_name_for_domains(state, state->rctx->domains, state->rctx->default_domain, state->rawname, &domainname, &username); if (ret != EOK) { DEBUG(SSSDBG_TRACE_FUNC, ("Unable to parse domain [%d]: %s\n", ret, strerror(ret))); return ret; } if (username == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No username specified!\n")); return EINVAL; } if (domainname != NULL) { /* mem_ctx because it duplicates only subdomains not domains * so I cannot easily steal it */ domain = responder_get_domain(state->rctx, domainname); if (domain == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Corresponding domain [%s] has not been " "found\n", domainname)); return ENOENT; } } *_uid = state->uid; *_username = talloc_steal(mem_ctx, username); *_domain = domain; /* do not steal on mem_ctx */ return EOK; } sssd-1.11.5/src/responder/sudo/PaxHeaders.13173/sudosrv_dp.c0000644000000000000000000000007412320753107021651 xustar000000000000000030 atime=1396954939.271891427 30 ctime=1396954961.779874858 sssd-1.11.5/src/responder/sudo/sudosrv_dp.c0000664002412700241270000001316212320753107022076 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Jakub Hrozek Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "sbus/sssd_dbus.h" #include "util/util.h" #include "sbus/sbus_client.h" #include "providers/data_provider.h" #include "responder/common/responder.h" #include "responder/sudo/sudosrv_private.h" #include "db/sysdb.h" struct sss_dp_get_sudoers_info { struct sss_domain_info *dom; bool fast_reply; enum sss_dp_sudo_type type; const char *name; uint32_t num_rules; struct sysdb_attrs **rules; }; static DBusMessage * sss_dp_get_sudoers_msg(void *pvt); struct tevent_req * sss_dp_get_sudoers_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_domain_info *dom, bool fast_reply, enum sss_dp_sudo_type type, const char *name, uint32_t num_rules, struct sysdb_attrs **rules) { struct tevent_req *req; struct sss_dp_req_state *state; struct sss_dp_get_sudoers_info *info; errno_t ret; char *key = NULL; req = tevent_req_create(mem_ctx, &state, struct sss_dp_req_state); if (!req) { ret = ENOMEM; goto error; } if (!dom) { ret = EINVAL; goto error; } info = talloc_zero(state, struct sss_dp_get_sudoers_info); info->fast_reply = fast_reply; info->type = type; info->name = name; info->dom = dom; info->num_rules = num_rules; info->rules = rules; switch (info->type) { case SSS_DP_SUDO_REFRESH_RULES: key = talloc_asprintf(state, "%d:%u:%s@%s", type, num_rules, name, dom->name); break; case SSS_DP_SUDO_FULL_REFRESH: key = talloc_asprintf(state, "%d:%s", type, dom->name); break; } if (!key) { ret = ENOMEM; goto error; } ret = sss_dp_issue_request(state, rctx, key, dom, sss_dp_get_sudoers_msg, info, req); talloc_free(key); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not issue DP request [%d]: %s\n", ret, strerror(ret))); goto error; } return req; error: tevent_req_error(req, ret); tevent_req_post(req, rctx->ev); return req; } static DBusMessage * sss_dp_get_sudoers_msg(void *pvt) { DBusMessage *msg; DBusMessageIter iter; dbus_bool_t dbret; errno_t ret; struct sss_dp_get_sudoers_info *info; uint32_t be_type = 0; const char *rule_name = NULL; uint32_t i; info = talloc_get_type(pvt, struct sss_dp_get_sudoers_info); switch (info->type) { case SSS_DP_SUDO_REFRESH_RULES: be_type = BE_REQ_SUDO_RULES; break; case SSS_DP_SUDO_FULL_REFRESH: be_type = BE_REQ_SUDO_FULL; break; } if (info->fast_reply) { be_type |= BE_REQ_FAST; } msg = dbus_message_new_method_call(NULL, DP_PATH, DP_INTERFACE, DP_METHOD_SUDOHANDLER); if (msg == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory?!\n")); return NULL; } /* create the message */ DEBUG(SSSDBG_TRACE_FUNC, ("Creating SUDOers request for [%s][%u][%s][%u]\n", info->dom->name, be_type, info->name, info->num_rules)); dbus_message_iter_init_append(msg, &iter); /* BE TYPE */ dbret = dbus_message_iter_append_basic(&iter, DBUS_TYPE_UINT32, &be_type); if (dbret == FALSE) { goto fail; } /* BE TYPE SPECIFIC */ if (be_type & BE_REQ_SUDO_RULES) { dbret = dbus_message_iter_append_basic(&iter, DBUS_TYPE_UINT32, &info->num_rules); if (dbret == FALSE) { goto fail; } for (i = 0; i < info->num_rules; i++) { ret = sysdb_attrs_get_string(info->rules[i], SYSDB_NAME, &rule_name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get rule name [%d]: %s\n", ret, strerror(ret))); goto fail; } dbret = dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING, &rule_name); if (dbret == FALSE) { goto fail; } } } return msg; fail: DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build message\n")); dbus_message_unref(msg); return NULL; } errno_t sss_dp_get_sudoers_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, dbus_uint16_t *dp_err, dbus_uint32_t *dp_ret, char **err_msg) { return sss_dp_req_recv(mem_ctx, req, dp_err, dp_ret, err_msg); } sssd-1.11.5/src/responder/sudo/PaxHeaders.13173/sudosrv_get_sudorules.c0000644000000000000000000000007312320753107024131 xustar000000000000000030 atime=1396954939.271891427 29 ctime=1396954961.77787486 sssd-1.11.5/src/responder/sudo/sudosrv_get_sudorules.c0000664002412700241270000006020412320753107024356 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Jakub Hrozek Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include #include #include #include "util/util.h" #include "db/sysdb_sudo.h" #include "responder/sudo/sudosrv_private.h" static errno_t sudosrv_get_user(struct sudo_dom_ctx *dctx); errno_t sudosrv_get_sudorules(struct sudo_dom_ctx *dctx) { errno_t ret; dctx->check_provider = true; ret = sudosrv_get_user(dctx); if (ret == EAGAIN) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Looking up the user info from Data Provider\n")); return EAGAIN; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Error looking up user information [%d]: %s\n", ret, strerror(ret))); return ret; } /* OK, got the user from cache. Try to get the rules. */ ret = sudosrv_get_rules(dctx->cmd_ctx); if (ret == EAGAIN) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Looking up the sudo rules from Data Provider\n")); return EAGAIN; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Error looking up sudo rules [%d]: %s\n", ret, strerror(ret))); return ret; } return EOK; } static void sudosrv_dp_send_acct_req_done(struct tevent_req *req); static void sudosrv_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr); static errno_t sudosrv_get_user(struct sudo_dom_ctx *dctx) { TALLOC_CTX *tmp_ctx = NULL; struct sss_domain_info *dom = dctx->domain; struct sudo_cmd_ctx *cmd_ctx = dctx->cmd_ctx; struct cli_ctx *cli_ctx = dctx->cmd_ctx->cli_ctx; struct ldb_result *user; time_t cache_expire = 0; struct tevent_req *dpreq; struct dp_callback_ctx *cb_ctx; const char *original_name = NULL; char *name = NULL; uid_t uid = 0; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } while (dom) { /* if it is a domainless search, skip domains that require fully * qualified names instead */ while (dom && cmd_ctx->check_next && dom->fqnames) { dom = get_next_domain(dom, false); } if (!dom) break; /* make sure to update the dctx if we changed domain */ dctx->domain = dom; talloc_free(name); name = sss_get_cased_name(tmp_ctx, cmd_ctx->username, dom->case_sensitive); if (name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); ret = ENOMEM; goto done; } DEBUG(SSSDBG_FUNC_DATA, ("Requesting info about [%s@%s]\n", name, dom->name)); ret = sysdb_getpwnam(dctx, dctx->domain->sysdb, dctx->domain, name, &user); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to make request to our cache!\n")); ret = EIO; goto done; } if (user->count > 1) { DEBUG(SSSDBG_CRIT_FAILURE, ("getpwnam call returned more than one result !?!\n")); ret = EIO; goto done; } if (user->count == 0 && !dctx->check_provider) { /* if a multidomain search, try with next */ if (cmd_ctx->check_next) { dctx->check_provider = true; dom = get_next_domain(dom, false); if (dom) continue; } DEBUG(SSSDBG_MINOR_FAILURE, ("No results for getpwnam call\n")); ret = ENOENT; goto done; } /* One result found, check cache expiry */ if (user->count == 1) { cache_expire = ldb_msg_find_attr_as_uint64(user->msgs[0], SYSDB_CACHE_EXPIRE, 0); } /* If cache miss and we haven't checked DP yet OR the entry is * outdated, go to DP */ if ((user->count == 0 || cache_expire < time(NULL)) && dctx->check_provider) { dpreq = sss_dp_get_account_send(cli_ctx, cli_ctx->rctx, dom, false, SSS_DP_INITGROUPS, cmd_ctx->username, 0, NULL); if (!dpreq) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory sending data provider request\n")); ret = ENOMEM; goto done; } cb_ctx = talloc_zero(cli_ctx, struct dp_callback_ctx); if(!cb_ctx) { talloc_zfree(dpreq); ret = ENOMEM; goto done; } cb_ctx->callback = sudosrv_check_user_dp_callback; cb_ctx->ptr = dctx; cb_ctx->cctx = cli_ctx; cb_ctx->mem_ctx = cli_ctx; tevent_req_set_callback(dpreq, sudosrv_dp_send_acct_req_done, cb_ctx); /* tell caller we are in an async call */ ret = EAGAIN; goto done; } /* check uid */ uid = ldb_msg_find_attr_as_int(user->msgs[0], SYSDB_UIDNUM, 0); if (uid != cmd_ctx->uid) { /* if a multidomain search, try with next */ if (cmd_ctx->check_next) { dctx->check_provider = true; dom = get_next_domain(dom, false); if (dom) continue; } DEBUG(SSSDBG_MINOR_FAILURE, ("UID does not match\n")); ret = ENOENT; goto done; } /* user is stored in cache, remember cased and original name */ original_name = ldb_msg_find_attr_as_string(user->msgs[0], SYSDB_NAME, NULL); if (original_name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("A user with no name?\n")); ret = EFAULT; goto done; } cmd_ctx->cased_username = talloc_move(cmd_ctx, &name); cmd_ctx->orig_username = talloc_strdup(cmd_ctx, original_name); if (cmd_ctx->orig_username == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); ret = ENOMEM; goto done; } /* and set domain */ cmd_ctx->domain = dom; DEBUG(SSSDBG_TRACE_FUNC, ("Returning info for user [%s@%s]\n", cmd_ctx->username, dctx->domain->name)); ret = EOK; goto done; } ret = ENOENT; done: talloc_free(tmp_ctx); return ret; } static void sudosrv_dp_send_acct_req_done(struct tevent_req *req) { struct dp_callback_ctx *cb_ctx = tevent_req_callback_data(req, struct dp_callback_ctx); errno_t ret; dbus_uint16_t err_maj; dbus_uint32_t err_min; char *err_msg; ret = sss_dp_get_account_recv(cb_ctx->mem_ctx, req, &err_maj, &err_min, &err_msg); talloc_zfree(req); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Fatal error, killing connection!\n")); talloc_free(cb_ctx->cctx); return; } cb_ctx->callback(err_maj, err_min, err_msg, cb_ctx->ptr); } static void sudosrv_check_user_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr) { errno_t ret; struct sudo_dom_ctx *dctx = talloc_get_type(ptr, struct sudo_dom_ctx); if (err_maj) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to get information from Data Provider\n" "Error: %u, %u, %s\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } DEBUG(SSSDBG_TRACE_INTERNAL, ("Data Provider returned, check the cache again\n")); dctx->check_provider = false; ret = sudosrv_get_user(dctx); if (ret == EAGAIN) { goto done; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not look up the user [%d]: %s\n", ret, strerror(ret))); sudosrv_cmd_done(dctx->cmd_ctx, ret); return; } DEBUG(SSSDBG_TRACE_INTERNAL, ("Looking up sudo rules..\n")); ret = sudosrv_get_rules(dctx->cmd_ctx); if (ret == EAGAIN) { goto done; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Error getting sudo rules [%d]: %s\n", ret, strerror(ret))); sudosrv_cmd_done(dctx->cmd_ctx, EIO); return; } done: sudosrv_cmd_done(dctx->cmd_ctx, ret); } static errno_t sudosrv_get_sudorules_from_cache(TALLOC_CTX *mem_ctx, struct sudo_cmd_ctx *cmd_ctx, struct sysdb_attrs ***_rules, uint32_t *_num_rules); static void sudosrv_get_sudorules_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr); static void sudosrv_dp_req_done(struct tevent_req *req); static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char **attrs, unsigned int flags, const char *username, uid_t uid, char **groupnames, struct sysdb_attrs ***_rules, uint32_t *_count); errno_t sudosrv_get_rules(struct sudo_cmd_ctx *cmd_ctx) { TALLOC_CTX *tmp_ctx = NULL; struct tevent_req *dpreq = NULL; struct dp_callback_ctx *cb_ctx = NULL; char **groupnames = NULL; uint32_t expired_rules_num = 0; struct sysdb_attrs **expired_rules = NULL; errno_t ret; unsigned int flags = SYSDB_SUDO_FILTER_NONE; const char *attrs[] = { SYSDB_NAME, NULL }; if (cmd_ctx->domain == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Domain is not set!\n")); return EFAULT; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } switch (cmd_ctx->type) { case SSS_SUDO_DEFAULTS: DEBUG(SSSDBG_TRACE_FUNC, ("Retrieving default options " "for [%s] from [%s]\n", cmd_ctx->orig_username, cmd_ctx->domain->name)); break; case SSS_SUDO_USER: DEBUG(SSSDBG_TRACE_FUNC, ("Retrieving rules " "for [%s] from [%s]\n", cmd_ctx->orig_username, cmd_ctx->domain->name)); break; } /* Fetch all expired rules: * sudo asks sssd twice - for defaults and for rules. If we refresh all * expired rules for this user and defaults at once we will save one * provider call */ ret = sysdb_get_sudo_user_info(tmp_ctx, cmd_ctx->domain->sysdb, cmd_ctx->domain, cmd_ctx->orig_username, NULL, &groupnames); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve user info [%d]: %s\n", ret, strerror(ret))); goto done; } flags = SYSDB_SUDO_FILTER_INCLUDE_ALL | SYSDB_SUDO_FILTER_INCLUDE_DFL | SYSDB_SUDO_FILTER_ONLY_EXPIRED | SYSDB_SUDO_FILTER_USERINFO; ret = sudosrv_get_sudorules_query_cache(tmp_ctx, cmd_ctx->domain->sysdb, cmd_ctx->domain, attrs, flags, cmd_ctx->orig_username, cmd_ctx->uid, groupnames, &expired_rules, &expired_rules_num); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve expired sudo rules " "[%d]: %s\n", ret, strerror(ret))); goto done; } cmd_ctx->expired_rules_num = expired_rules_num; if (expired_rules_num > 0) { /* refresh expired rules then continue */ DEBUG(SSSDBG_TRACE_INTERNAL, ("Refreshing %d expired rules\n", expired_rules_num)); dpreq = sss_dp_get_sudoers_send(tmp_ctx, cmd_ctx->cli_ctx->rctx, cmd_ctx->domain, false, SSS_DP_SUDO_REFRESH_RULES, cmd_ctx->orig_username, expired_rules_num, expired_rules); if (dpreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot issue DP request.\n")); ret = EIO; goto done; } cb_ctx = talloc_zero(tmp_ctx, struct dp_callback_ctx); if (!cb_ctx) { talloc_zfree(dpreq); ret = ENOMEM; goto done; } cb_ctx->callback = sudosrv_get_sudorules_dp_callback; cb_ctx->ptr = cmd_ctx; cb_ctx->cctx = cmd_ctx->cli_ctx; cb_ctx->mem_ctx = cmd_ctx; tevent_req_set_callback(dpreq, sudosrv_dp_req_done, cb_ctx); ret = EAGAIN; } else { /* nothing is expired return what we have in the cache */ DEBUG(SSSDBG_TRACE_INTERNAL, ("About to get sudo rules from cache\n")); ret = sudosrv_get_sudorules_from_cache(cmd_ctx, cmd_ctx, &cmd_ctx->rules, &cmd_ctx->num_rules); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to make a request to our cache [%d]: %s\n", ret, strerror(ret))); goto done; } } if (dpreq != NULL) { talloc_steal(cmd_ctx->cli_ctx, dpreq); } if (cb_ctx != NULL) { talloc_steal(cmd_ctx, cb_ctx); } done: talloc_free(tmp_ctx); return ret; } static void sudosrv_dp_req_done(struct tevent_req *req) { struct dp_callback_ctx *cb_ctx = tevent_req_callback_data(req, struct dp_callback_ctx); struct cli_ctx *cli_ctx; errno_t ret; dbus_uint16_t err_maj; dbus_uint32_t err_min; char *err_msg; cli_ctx = talloc_get_type(cb_ctx->cctx, struct cli_ctx); ret = sss_dp_get_sudoers_recv(cb_ctx->mem_ctx, req, &err_maj, &err_min, &err_msg); talloc_free(req); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Fatal error, killing connection!\n")); talloc_free(cli_ctx); return; } cb_ctx->callback(err_maj, err_min, err_msg, cb_ctx->ptr); } static void sudosrv_dp_oob_req_done(struct tevent_req *req) { DEBUG(SSSDBG_TRACE_FUNC, ("Out of band refresh finished\n")); talloc_free(req); } static void sudosrv_get_sudorules_dp_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr) { struct sudo_cmd_ctx *cmd_ctx = talloc_get_type(ptr, struct sudo_cmd_ctx); struct tevent_req *dpreq = NULL; errno_t ret; if (err_maj) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to get information from Data Provider\n" "Error: %u, %u, %s\n" "Will try to return what we have in cache\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } DEBUG(SSSDBG_TRACE_INTERNAL, ("About to get sudo rules from cache\n")); ret = sudosrv_get_sudorules_from_cache(cmd_ctx, cmd_ctx, &cmd_ctx->rules, &cmd_ctx->num_rules); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to make a request to our cache [%d]: %s\n", ret, strerror(ret))); sudosrv_cmd_done(cmd_ctx, EIO); return; } if (cmd_ctx->expired_rules_num > 0 && err_min == ENOENT) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Some expired rules were removed from the server, " "scheduling full refresh out of band\n")); dpreq = sss_dp_get_sudoers_send(cmd_ctx->cli_ctx->rctx, cmd_ctx->cli_ctx->rctx, cmd_ctx->domain, false, SSS_DP_SUDO_FULL_REFRESH, cmd_ctx->orig_username, 0, NULL); if (dpreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot issue DP request.\n")); } else { tevent_req_set_callback(dpreq, sudosrv_dp_oob_req_done, NULL); } } sudosrv_cmd_done(cmd_ctx, ret); } static errno_t sudosrv_get_sudorules_from_cache(TALLOC_CTX *mem_ctx, struct sudo_cmd_ctx *cmd_ctx, struct sysdb_attrs ***_rules, uint32_t *_num_rules) { TALLOC_CTX *tmp_ctx; errno_t ret; char **groupnames = NULL; const char *debug_name = NULL; unsigned int flags = SYSDB_SUDO_FILTER_NONE; struct sysdb_attrs **rules = NULL; uint32_t num_rules = 0; const char *attrs[] = { SYSDB_OBJECTCLASS, SYSDB_SUDO_CACHE_AT_CN, SYSDB_SUDO_CACHE_AT_USER, SYSDB_SUDO_CACHE_AT_HOST, SYSDB_SUDO_CACHE_AT_COMMAND, SYSDB_SUDO_CACHE_AT_OPTION, SYSDB_SUDO_CACHE_AT_RUNASUSER, SYSDB_SUDO_CACHE_AT_RUNASGROUP, SYSDB_SUDO_CACHE_AT_NOTBEFORE, SYSDB_SUDO_CACHE_AT_NOTAFTER, SYSDB_SUDO_CACHE_AT_ORDER, NULL }; if (cmd_ctx->domain == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Domain is not set!\n")); return EFAULT; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); return ENOMEM; } switch (cmd_ctx->type) { case SSS_SUDO_USER: debug_name = cmd_ctx->cased_username; ret = sysdb_get_sudo_user_info(tmp_ctx, cmd_ctx->domain->sysdb, cmd_ctx->domain, cmd_ctx->orig_username, NULL, &groupnames); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve user info [%d]: %s\n", ret, strerror(ret))); goto done; } flags = SYSDB_SUDO_FILTER_USERINFO | SYSDB_SUDO_FILTER_INCLUDE_ALL; break; case SSS_SUDO_DEFAULTS: debug_name = ""; flags = SYSDB_SUDO_FILTER_INCLUDE_DFL; break; } ret = sudosrv_get_sudorules_query_cache(tmp_ctx, cmd_ctx->domain->sysdb, cmd_ctx->domain, attrs, flags, cmd_ctx->orig_username, cmd_ctx->uid, groupnames, &rules, &num_rules); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve sudo rules [%d]: %s\n", ret, strerror(ret))); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Returning %d rules for [%s@%s]\n", num_rules, debug_name, cmd_ctx->domain->name)); if (_rules != NULL) { *_rules = talloc_steal(mem_ctx, rules); } if (_num_rules != NULL) { *_num_rules = num_rules; } ret = EOK; done: talloc_free(tmp_ctx); return ret; } static errno_t sort_sudo_rules(struct sysdb_attrs **rules, size_t count); static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, const char **attrs, unsigned int flags, const char *username, uid_t uid, char **groupnames, struct sysdb_attrs ***_rules, uint32_t *_count) { TALLOC_CTX *tmp_ctx; char *filter; errno_t ret; size_t count; struct sysdb_attrs **rules; struct ldb_message **msgs; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) return ENOMEM; ret = sysdb_get_sudo_filter(tmp_ctx, username, uid, groupnames, flags, &filter); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not construct the search filter [%d]: %s\n", ret, strerror(ret))); goto done; } DEBUG(SSSDBG_FUNC_DATA, ("Searching sysdb with [%s]\n", filter)); if (IS_SUBDOMAIN(domain)) { /* rules are stored inside parent domain tree */ domain = domain->parent; } ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, SUDORULE_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up SUDO rules")); goto done; } if (ret == ENOENT) { *_rules = NULL; *_count = 0; ret = EOK; goto done; } ret = sysdb_msg2attrs(tmp_ctx, count, msgs, &rules); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not convert ldb message to sysdb_attrs\n")); goto done; } ret = sort_sudo_rules(rules, count); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not sort rules by sudoOrder\n")); goto done; } *_rules = talloc_steal(mem_ctx, rules); *_count = (uint32_t)count; ret = EOK; done: talloc_free(tmp_ctx); return ret; } static int sudo_order_cmp_fn(const void *a, const void *b) { struct sysdb_attrs *r1, *r2; uint32_t o1, o2; int ret; r1 = * (struct sysdb_attrs * const *) a; r2 = * (struct sysdb_attrs * const *) b; if (!r1 || !r2) { DEBUG(SSSDBG_CRIT_FAILURE, ("BUG: Wrong data?\n")); return 0; } ret = sysdb_attrs_get_uint32_t(r1, SYSDB_SUDO_CACHE_AT_ORDER, &o1); if (ret == ENOENT) { /* man sudoers-ldap: If the sudoOrder attribute is not present, * a value of 0 is assumed */ o1 = 0; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot get sudoOrder value\n")); return 0; } ret = sysdb_attrs_get_uint32_t(r2, SYSDB_SUDO_CACHE_AT_ORDER, &o2); if (ret == ENOENT) { /* man sudoers-ldap: If the sudoOrder attribute is not present, * a value of 0 is assumed */ o2 = 0; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot get sudoOrder value\n")); return 0; } if (o1 > o2) { return 1; } else if (o1 < o2) { return -1; } return 0; } static errno_t sort_sudo_rules(struct sysdb_attrs **rules, size_t count) { qsort(rules, count, sizeof(struct sysdb_attrs *), sudo_order_cmp_fn); return EOK; } sssd-1.11.5/src/responder/PaxHeaders.13173/common0000644000000000000000000000013212320753521017551 xustar000000000000000030 mtime=1396954961.762874871 30 atime=1396955003.534843847 30 ctime=1396954961.762874871 sssd-1.11.5/src/responder/common/0000775002412700241270000000000012320753521020055 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/responder/common/PaxHeaders.13173/responder_common.c0000644000000000000000000000007412320753107023350 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.728874896 sssd-1.11.5/src/responder/common/responder_common.c0000664002412700241270000007351512320753107023605 0ustar00jhrozekjhrozek00000000000000/* SSSD Common Responder methods Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include "util/util.h" #include "util/strtonum.h" #include "db/sysdb.h" #include "confdb/confdb.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "responder/common/responder.h" #include "responder/common/responder_packet.h" #include "providers/data_provider.h" #include "monitor/monitor_interfaces.h" #include "sbus/sbus_client.h" static errno_t set_nonblocking(int fd) { int v; int ferr; errno_t error; /* Get the current flags for this file descriptor */ v = fcntl(fd, F_GETFL, 0); errno = 0; /* Set the non-blocking flag on this fd */ ferr = fcntl(fd, F_SETFL, v | O_NONBLOCK); if (ferr < 0) { error = errno; DEBUG(0, ("Unable to set fd non-blocking: [%d][%s]\n", error, strerror(error))); return error; } return EOK; } static errno_t set_close_on_exec(int fd) { int v; int ferr; errno_t error; /* Get the current flags for this file descriptor */ v = fcntl(fd, F_GETFD, 0); errno = 0; /* Set the close-on-exec flags on this fd */ ferr = fcntl(fd, F_SETFD, v | FD_CLOEXEC); if (ferr < 0) { error = errno; DEBUG(0, ("Unable to set fd close-on-exec: [%d][%s]\n", error, strerror(error))); return error; } return EOK; } static int client_destructor(struct cli_ctx *ctx) { errno_t ret; if ((ctx->cfd > 0) && close(ctx->cfd) < 0) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to close fd [%d]: [%s]\n", ctx->cfd, strerror(ret))); } DEBUG(SSSDBG_TRACE_INTERNAL, ("Terminated client [%p][%d]\n", ctx, ctx->cfd)); return 0; } static errno_t get_client_cred(struct cli_ctx *cctx) { cctx->client_euid = -1; cctx->client_egid = -1; cctx->client_pid = -1; #ifdef HAVE_UCRED int ret; struct ucred client_cred; socklen_t client_cred_len = sizeof(client_cred); ret = getsockopt(cctx->cfd, SOL_SOCKET, SO_PEERCRED, &client_cred, &client_cred_len); if (ret != EOK) { ret = errno; DEBUG(1, ("getsock failed [%d][%s].\n", ret, strerror(ret))); return ret; } if (client_cred_len != sizeof(struct ucred)) { DEBUG(1, ("getsockopt returned unexpected message size.\n")); return ENOMSG; } cctx->client_euid = client_cred.uid; cctx->client_egid = client_cred.gid; cctx->client_pid = client_cred.pid; DEBUG(9, ("Client creds: euid[%d] egid[%d] pid[%d].\n", cctx->client_euid, cctx->client_egid, cctx->client_pid)); #endif return EOK; } errno_t check_allowed_uids(uid_t uid, size_t allowed_uids_count, uid_t *allowed_uids) { size_t c; if (allowed_uids == NULL) { return EINVAL; } for (c = 0; c < allowed_uids_count; c++) { if (uid == allowed_uids[c]) { return EOK; } } return EACCES; } errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *cvs_string, bool allow_sss_loop, size_t *_uid_count, uid_t **_uids) { int ret; size_t c; char **list = NULL; int list_size; uid_t *uids = NULL; char *endptr; struct passwd *pwd; ret = split_on_separator(mem_ctx, cvs_string, ',', true, false, &list, &list_size); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("split_on_separator failed [%d][%s].\n", ret, strerror(ret))); goto done; } uids = talloc_array(mem_ctx, uint32_t, list_size); if (uids == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_array failed.\n")); ret = ENOMEM; goto done; } if (allow_sss_loop) { ret = unsetenv("_SSS_LOOPS"); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to unset _SSS_LOOPS, getpwnam " "might not find sssd users.\n")); } } for (c = 0; c < list_size; c++) { errno = 0; if (*list[c] == '\0') { DEBUG(SSSDBG_OP_FAILURE, ("Empty list item.\n")); ret = EINVAL; goto done; } uids[c] = strtouint32(list[c], &endptr, 10); if (errno != 0 || *endptr != '\0') { ret = errno; if (ret == ERANGE) { DEBUG(SSSDBG_OP_FAILURE, ("List item [%s] is out of range.\n", list[c])); goto done; } errno = 0; pwd = getpwnam(list[c]); if (pwd == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("List item [%s] is neither a valid " "UID nor a user name which cloud be " "resolved by getpwnam().\n", list[c])); ret = EINVAL; goto done; } uids[c] = pwd->pw_uid; } } *_uid_count = list_size; *_uids = uids; ret = EOK; done: if(setenv("_SSS_LOOPS", "NO", 0) != 0) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to set _SSS_LOOPS.\n")); } talloc_free(list); if (ret != EOK) { talloc_free(uids); } return ret; } static void client_send(struct cli_ctx *cctx) { int ret; ret = sss_packet_send(cctx->creq->out, cctx->cfd); if (ret == EAGAIN) { /* not all data was sent, loop again */ return; } if (ret != EOK) { DEBUG(0, ("Failed to send data, aborting client!\n")); talloc_free(cctx); return; } /* ok all sent */ TEVENT_FD_NOT_WRITEABLE(cctx->cfde); TEVENT_FD_READABLE(cctx->cfde); talloc_free(cctx->creq); cctx->creq = NULL; return; } static int client_cmd_execute(struct cli_ctx *cctx, struct sss_cmd_table *sss_cmds) { enum sss_cli_command cmd; cmd = sss_packet_get_cmd(cctx->creq->in); return sss_cmd_execute(cctx, cmd, sss_cmds); } static void client_recv(struct cli_ctx *cctx) { int ret; if (!cctx->creq) { cctx->creq = talloc_zero(cctx, struct cli_request); if (!cctx->creq) { DEBUG(0, ("Failed to alloc request, aborting client!\n")); talloc_free(cctx); return; } } if (!cctx->creq->in) { ret = sss_packet_new(cctx->creq, SSS_PACKET_MAX_RECV_SIZE, 0, &cctx->creq->in); if (ret != EOK) { DEBUG(0, ("Failed to alloc request, aborting client!\n")); talloc_free(cctx); return; } } ret = sss_packet_recv(cctx->creq->in, cctx->cfd); switch (ret) { case EOK: /* do not read anymore */ TEVENT_FD_NOT_READABLE(cctx->cfde); /* execute command */ ret = client_cmd_execute(cctx, cctx->rctx->sss_cmds); if (ret != EOK) { DEBUG(0, ("Failed to execute request, aborting client!\n")); talloc_free(cctx); } /* past this point cctx can be freed at any time by callbacks * in case of error, do not use it */ return; case EAGAIN: /* need to read still some data, loop again */ break; case EINVAL: DEBUG(6, ("Invalid data from client, closing connection!\n")); talloc_free(cctx); break; case ENODATA: DEBUG(5, ("Client disconnected!\n")); talloc_free(cctx); break; default: DEBUG(6, ("Failed to read request, aborting client!\n")); talloc_free(cctx); } return; } static errno_t reset_idle_timer(struct cli_ctx *cctx); static void client_fd_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *ptr) { errno_t ret; struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx); /* Always reset the idle timer on any activity */ ret = reset_idle_timer(cctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not create idle timer for client. " "This connection may not auto-terminate\n")); /* Non-fatal, continue */ } if (flags & TEVENT_FD_READ) { client_recv(cctx); return; } if (flags & TEVENT_FD_WRITE) { client_send(cctx); return; } } struct accept_fd_ctx { struct resp_ctx *rctx; bool is_private; }; static void idle_handler(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *data); static void accept_fd_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *ptr) { /* accept and attach new event handler */ struct accept_fd_ctx *accept_ctx = talloc_get_type(ptr, struct accept_fd_ctx); struct resp_ctx *rctx = accept_ctx->rctx; struct cli_ctx *cctx; socklen_t len; struct stat stat_buf; int ret; int fd = accept_ctx->is_private ? rctx->priv_lfd : rctx->lfd; int client_fd; if (accept_ctx->is_private) { ret = stat(rctx->priv_sock_name, &stat_buf); if (ret == -1) { DEBUG(1, ("stat on privileged pipe failed: [%d][%s].\n", errno, strerror(errno))); return; } if ( ! (stat_buf.st_uid == 0 && stat_buf.st_gid == 0 && (stat_buf.st_mode&(S_IFSOCK|S_IRUSR|S_IWUSR)) == stat_buf.st_mode)) { DEBUG(1, ("privileged pipe has an illegal status.\n")); /* TODO: what is the best response to this condition? Terminate? */ return; } } cctx = talloc_zero(rctx, struct cli_ctx); if (!cctx) { struct sockaddr_un addr; DEBUG(0, ("Out of memory trying to setup client context%s!\n", accept_ctx->is_private ? " on privileged pipe": "")); /* accept and close to signal the client we have a problem */ memset(&addr, 0, sizeof(addr)); len = sizeof(addr); client_fd = accept(fd, (struct sockaddr *)&addr, &len); if (client_fd == -1) { return; } close(client_fd); return; } len = sizeof(cctx->addr); cctx->cfd = accept(fd, (struct sockaddr *)&cctx->addr, &len); if (cctx->cfd == -1) { DEBUG(1, ("Accept failed [%s]\n", strerror(errno))); talloc_free(cctx); return; } cctx->priv = accept_ctx->is_private; ret = get_client_cred(cctx); if (ret != EOK) { DEBUG(2, ("get_client_cred failed, " "client cred may not be available.\n")); } if (rctx->allowed_uids_count != 0) { if (cctx->client_euid == -1) { DEBUG(SSSDBG_CRIT_FAILURE, ("allowed_uids configured, " \ "but platform does not support " \ "reading peer credential from the " \ "socket. Access denied.\n")); close(cctx->cfd); talloc_free(cctx); return; } ret = check_allowed_uids(cctx->client_euid, rctx->allowed_uids_count, rctx->allowed_uids); if (ret != EOK) { if (ret == EACCES) { DEBUG(SSSDBG_CRIT_FAILURE, ("Access denied for uid [%d].\n", cctx->client_euid)); } else { DEBUG(SSSDBG_OP_FAILURE, ("check_allowed_uids failed.\n")); } close(cctx->cfd); talloc_free(cctx); return; } } cctx->cfde = tevent_add_fd(ev, cctx, cctx->cfd, TEVENT_FD_READ, client_fd_handler, cctx); if (!cctx->cfde) { close(cctx->cfd); talloc_free(cctx); DEBUG(SSSDBG_OP_FAILURE, ("Failed to queue client handler%s\n", accept_ctx->is_private ? " on privileged pipe" : "")); return; } cctx->ev = ev; cctx->rctx = rctx; talloc_set_destructor(cctx, client_destructor); /* Set up the idle timer */ ret = reset_idle_timer(cctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not create idle timer for client. " "This connection may not auto-terminate\n")); /* Non-fatal, continue */ } DEBUG(SSSDBG_TRACE_FUNC, ("Client connected%s!\n", accept_ctx->is_private ? " to privileged pipe" : "")); return; } static errno_t reset_idle_timer(struct cli_ctx *cctx) { struct timeval tv = tevent_timeval_current_ofs(cctx->rctx->client_idle_timeout, 0); talloc_zfree(cctx->idle); cctx->idle = tevent_add_timer(cctx->ev, cctx, tv, idle_handler, cctx); if (!cctx->idle) return ENOMEM; DEBUG(SSSDBG_TRACE_ALL, ("Idle timer re-set for client [%p][%d]\n", cctx, cctx->cfd)); return EOK; } static void idle_handler(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *data) { /* This connection is idle. Terminate it */ struct cli_ctx *cctx = talloc_get_type(data, struct cli_ctx); DEBUG(SSSDBG_TRACE_INTERNAL, ("Terminating idle client [%p][%d]\n", cctx, cctx->cfd)); /* The cli_ctx destructor will handle the rest */ talloc_free(cctx); } static int sss_dp_init(struct resp_ctx *rctx, struct sbus_interface *intf, const char *cli_name, struct sss_domain_info *domain) { struct be_conn *be_conn; int ret; be_conn = talloc_zero(rctx, struct be_conn); if (!be_conn) return ENOMEM; be_conn->cli_name = cli_name; be_conn->domain = domain; be_conn->intf = intf; be_conn->rctx = rctx; /* Set up SBUS connection to the monitor */ ret = dp_get_sbus_address(be_conn, &be_conn->sbus_address, domain->name); if (ret != EOK) { DEBUG(0, ("Could not locate DP address.\n")); return ret; } ret = sbus_client_init(rctx, rctx->ev, be_conn->sbus_address, intf, &be_conn->conn, NULL, rctx); if (ret != EOK) { DEBUG(0, ("Failed to connect to monitor services.\n")); return ret; } DLIST_ADD_END(rctx->be_conns, be_conn, struct be_conn *); /* Identify ourselves to the DP */ ret = dp_common_send_id(be_conn->conn, DATA_PROVIDER_VERSION, cli_name); if (ret != EOK) { DEBUG(0, ("Failed to identify to the DP!\n")); return ret; } return EOK; } /* create a unix socket and listen to it */ static int set_unix_socket(struct resp_ctx *rctx) { struct sockaddr_un addr; errno_t ret; struct accept_fd_ctx *accept_ctx; /* for future use */ #if 0 char *default_pipe; int ret; default_pipe = talloc_asprintf(rctx, "%s/%s", PIPE_PATH, rctx->sss_pipe_name); if (!default_pipe) { return ENOMEM; } ret = confdb_get_string(rctx->cdb, rctx, rctx->confdb_socket_path, "unixSocket", default_pipe, &rctx->sock_name); if (ret != EOK) { talloc_free(default_pipe); return ret; } talloc_free(default_pipe); default_pipe = talloc_asprintf(rctx, "%s/private/%s", PIPE_PATH, rctx->sss_pipe_name); if (!default_pipe) { return ENOMEM; } ret = confdb_get_string(rctx->cdb, rctx, rctx->confdb_socket_path, "privUnixSocket", default_pipe, &rctx->priv_sock_name); if (ret != EOK) { talloc_free(default_pipe); return ret; } talloc_free(default_pipe); #endif if (rctx->sock_name != NULL ) { rctx->lfd = socket(AF_UNIX, SOCK_STREAM, 0); if (rctx->lfd == -1) { return EIO; } /* Set the umask so that permissions are set right on the socket. * It must be readable and writable by anybody on the system. */ umask(0111); ret = set_nonblocking(rctx->lfd); if (ret != EOK) { goto failed; } ret = set_close_on_exec(rctx->lfd); if (ret != EOK) { goto failed; } memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; strncpy(addr.sun_path, rctx->sock_name, sizeof(addr.sun_path)-1); addr.sun_path[sizeof(addr.sun_path)-1] = '\0'; /* make sure we have no old sockets around */ unlink(rctx->sock_name); if (bind(rctx->lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) { DEBUG(0,("Unable to bind on socket '%s'\n", rctx->sock_name)); goto failed; } if (listen(rctx->lfd, 10) != 0) { DEBUG(0,("Unable to listen on socket '%s'\n", rctx->sock_name)); goto failed; } accept_ctx = talloc_zero(rctx, struct accept_fd_ctx); if(!accept_ctx) goto failed; accept_ctx->rctx = rctx; accept_ctx->is_private = false; rctx->lfde = tevent_add_fd(rctx->ev, rctx, rctx->lfd, TEVENT_FD_READ, accept_fd_handler, accept_ctx); if (!rctx->lfde) { DEBUG(0, ("Failed to queue handler on pipe\n")); goto failed; } } if (rctx->priv_sock_name != NULL ) { /* create privileged pipe */ rctx->priv_lfd = socket(AF_UNIX, SOCK_STREAM, 0); if (rctx->priv_lfd == -1) { close(rctx->lfd); return EIO; } umask(0177); ret = set_nonblocking(rctx->priv_lfd); if (ret != EOK) { goto failed; } ret = set_close_on_exec(rctx->priv_lfd); if (ret != EOK) { goto failed; } memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; strncpy(addr.sun_path, rctx->priv_sock_name, sizeof(addr.sun_path)-1); addr.sun_path[sizeof(addr.sun_path)-1] = '\0'; unlink(rctx->priv_sock_name); if (bind(rctx->priv_lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) { DEBUG(0,("Unable to bind on socket '%s'\n", rctx->priv_sock_name)); goto failed; } if (listen(rctx->priv_lfd, 10) != 0) { DEBUG(0,("Unable to listen on socket '%s'\n", rctx->priv_sock_name)); goto failed; } accept_ctx = talloc_zero(rctx, struct accept_fd_ctx); if(!accept_ctx) goto failed; accept_ctx->rctx = rctx; accept_ctx->is_private = true; rctx->priv_lfde = tevent_add_fd(rctx->ev, rctx, rctx->priv_lfd, TEVENT_FD_READ, accept_fd_handler, accept_ctx); if (!rctx->priv_lfde) { DEBUG(0, ("Failed to queue handler on privileged pipe\n")); goto failed; } } /* we want default permissions on created files to be very strict, so set our umask to 0177 */ umask(0177); return EOK; failed: /* we want default permissions on created files to be very strict, so set our umask to 0177 */ umask(0177); close(rctx->lfd); close(rctx->priv_lfd); return EIO; } static int sss_responder_ctx_destructor(void *ptr) { struct resp_ctx *rctx = talloc_get_type(ptr, struct resp_ctx); /* mark that we are shutting down the responder, so it is propagated * into underlying contexts that are freed right before rctx */ DEBUG(SSSDBG_TRACE_FUNC, ("Responder is being shut down\n")); rctx->shutting_down = true; return 0; } int sss_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb, struct sss_cmd_table sss_cmds[], const char *sss_pipe_name, const char *sss_priv_pipe_name, const char *confdb_service_path, const char *svc_name, uint16_t svc_version, struct sbus_interface *monitor_intf, const char *cli_name, struct sbus_interface *dp_intf, struct resp_ctx **responder_ctx) { struct resp_ctx *rctx; struct sss_domain_info *dom; int ret; rctx = talloc_zero(mem_ctx, struct resp_ctx); if (!rctx) { DEBUG(0, ("fatal error initializing resp_ctx\n")); return ENOMEM; } rctx->ev = ev; rctx->cdb = cdb; rctx->sss_cmds = sss_cmds; rctx->sock_name = sss_pipe_name; rctx->priv_sock_name = sss_priv_pipe_name; rctx->confdb_service_path = confdb_service_path; rctx->shutting_down = false; talloc_set_destructor((TALLOC_CTX*)rctx, sss_responder_ctx_destructor); ret = confdb_get_int(rctx->cdb, rctx->confdb_service_path, CONFDB_RESPONDER_CLI_IDLE_TIMEOUT, CONFDB_RESPONDER_CLI_IDLE_DEFAULT_TIMEOUT, &rctx->client_idle_timeout); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot get the client idle timeout [%d]: %s\n", ret, strerror(ret))); goto fail; } /* Ensure that the client timeout is at least ten seconds */ if (rctx->client_idle_timeout < 10) { rctx->client_idle_timeout = 10; } ret = confdb_get_int(rctx->cdb, rctx->confdb_service_path, CONFDB_RESPONDER_GET_DOMAINS_TIMEOUT, GET_DOMAINS_DEFAULT_TIMEOUT, &rctx->domains_timeout); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannnot get the default domain timeout [%d]: %s\n", ret, strerror(ret))); goto fail; } if (rctx->domains_timeout < 0) { DEBUG(SSSDBG_CONF_SETTINGS, ("timeout can't be set to negative value, setting default\n")); rctx->domains_timeout = GET_DOMAINS_DEFAULT_TIMEOUT; } ret = confdb_get_domains(rctx->cdb, &rctx->domains); if (ret != EOK) { DEBUG(0, ("fatal error setting up domain map\n")); goto fail; } ret = confdb_get_string(rctx->cdb, rctx, CONFDB_MONITOR_CONF_ENTRY, CONFDB_MONITOR_DEFAULT_DOMAIN, NULL, &rctx->default_domain); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannnot get the default domain [%d]: %s\n", ret, strerror(ret))); goto fail; } ret = sss_monitor_init(rctx, rctx->ev, monitor_intf, svc_name, svc_version, rctx, &rctx->mon_conn); if (ret != EOK) { DEBUG(0, ("fatal error setting up message bus\n")); goto fail; } for (dom = rctx->domains; dom; dom = get_next_domain(dom, false)) { ret = sss_names_init(rctx->cdb, rctx->cdb, dom->name, &dom->names); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing regex data for domain: %s\n", dom->name)); goto fail; } /* skip local domain, it doesn't have a backend */ if (strcasecmp(dom->provider, "local") == 0) { continue; } ret = sss_dp_init(rctx, dp_intf, cli_name, dom); if (ret != EOK) { DEBUG(0, ("fatal error setting up backend connector\n")); goto fail; } } ret = sysdb_init(rctx, rctx->domains, false); if (ret != EOK) { SYSDB_VERSION_ERROR_DAEMON(ret); DEBUG(0, ("fatal error initializing resp_ctx\n")); goto fail; } /* after all initializations we are ready to listen on our socket */ ret = set_unix_socket(rctx); if (ret != EOK) { DEBUG(0, ("fatal error initializing socket\n")); goto fail; } /* Create DP request table */ ret = sss_hash_create(rctx, 30, &rctx->dp_request_table); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not create hash table for the request queue\n")); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, ("Responder Initialization complete\n")); *responder_ctx = rctx; return EOK; fail: talloc_free(rctx); return ret; } int sss_dp_get_domain_conn(struct resp_ctx *rctx, const char *domain, struct be_conn **_conn) { struct be_conn *iter; if (!rctx->be_conns) return ENOENT; for (iter = rctx->be_conns; iter; iter = iter->next) { if (strcasecmp(domain, iter->domain->name) == 0) break; } if (!iter) return ENOENT; *_conn = iter; return EOK; } struct sss_domain_info * responder_get_domain(struct resp_ctx *rctx, const char *name) { struct sss_domain_info *dom; struct sss_domain_info *ret_dom = NULL; for (dom = rctx->domains; dom; dom = get_next_domain(dom, true)) { if (dom->disabled) { continue; } if (strcasecmp(dom->name, name) == 0 || (dom->flat_name != NULL && strcasecmp(dom->flat_name, name) == 0)) { ret_dom = dom; break; } } if (!ret_dom) { DEBUG(SSSDBG_OP_FAILURE, ("Unknown domain [%s], checking for " "possible subdomains!\n", name)); } return ret_dom; } errno_t responder_get_domain_by_id(struct resp_ctx *rctx, const char *id, struct sss_domain_info **_ret_dom) { struct sss_domain_info *dom; struct sss_domain_info *ret_dom = NULL; size_t id_len; size_t dom_id_len; int ret; if (id == NULL || _ret_dom == NULL) { return EINVAL; } id_len = strlen(id); for (dom = rctx->domains; dom; dom = get_next_domain(dom, true)) { if (dom->disabled || dom->domain_id == NULL) { continue; } dom_id_len = strlen(dom->domain_id); if ((id_len >= dom_id_len) && strncasecmp(dom->domain_id, id, dom_id_len) == 0) { if (IS_SUBDOMAIN(dom) && ((time(NULL) - dom->parent->subdomains_last_checked.tv_sec) > rctx->domains_timeout)) { DEBUG(SSSDBG_TRACE_FUNC, ("Domain entry with id [%s] " \ "is expired.\n", id)); ret = EAGAIN; goto done; } ret_dom = dom; break; } } if (ret_dom == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Unknown domain id [%s], checking for " "possible subdomains!\n", id)); ret = ENOENT; } else { *_ret_dom = ret_dom; ret = EOK; } done: return ret; } int responder_logrotate(DBusMessage *message, struct sbus_connection *conn) { errno_t ret; struct resp_ctx *rctx = talloc_get_type(sbus_conn_get_private_data(conn), struct resp_ctx); ret = monitor_common_rotate_logs(rctx->cdb, rctx->confdb_service_path); if (ret != EOK) return ret; return monitor_common_pong(message, conn); } void responder_set_fd_limit(rlim_t fd_limit) { struct rlimit current_limit, new_limit; int limret; /* First, let's see if we have permission to just set * the value as-is. */ new_limit.rlim_cur = fd_limit; new_limit.rlim_max = fd_limit; limret = setrlimit(RLIMIT_NOFILE, &new_limit); if (limret == 0) { DEBUG(SSSDBG_CONF_SETTINGS, ("Maximum file descriptors set to [%"SPRIrlim"]\n", new_limit.rlim_cur)); return; } /* We couldn't set the soft and hard limits to this * value. Let's see how high we CAN set it. */ /* Determine the maximum hard limit */ limret = getrlimit(RLIMIT_NOFILE, ¤t_limit); if (limret == 0) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Current fd limit: [%"SPRIrlim"]\n", current_limit.rlim_cur)); /* Choose the lesser of the requested and the hard limit */ if (current_limit.rlim_max < fd_limit) { new_limit.rlim_cur = current_limit.rlim_max; } else { new_limit.rlim_cur = fd_limit; } new_limit.rlim_max = current_limit.rlim_max; limret = setrlimit(RLIMIT_NOFILE, &new_limit); if (limret == 0) { DEBUG(SSSDBG_CONF_SETTINGS, ("Maximum file descriptors set to [%"SPRIrlim"]\n", new_limit.rlim_cur)); } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not set new fd limits. Proceeding with " "[%"SPRIrlim"]\n", current_limit.rlim_cur)); } } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not determine fd limits. " "Proceeding with system values\n")); } } sssd-1.11.5/src/responder/common/PaxHeaders.13173/responder_packet.h0000644000000000000000000000007412320753107023334 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.439875109 sssd-1.11.5/src/responder/common/responder_packet.h0000664002412700241270000000307512320753107023563 0ustar00jhrozekjhrozek00000000000000/* SSSD SSS Client Responder, header file Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SSSSRV_PACKET_H__ #define __SSSSRV_PACKET_H__ #include "sss_client/sss_cli.h" #define SSS_PACKET_MAX_RECV_SIZE 1024 struct sss_packet; int sss_packet_new(TALLOC_CTX *mem_ctx, size_t size, enum sss_cli_command cmd, struct sss_packet **rpacket); int sss_packet_grow(struct sss_packet *packet, size_t size); int sss_packet_shrink(struct sss_packet *packet, size_t size); int sss_packet_set_size(struct sss_packet *packet, size_t size); int sss_packet_recv(struct sss_packet *packet, int fd); int sss_packet_send(struct sss_packet *packet, int fd); enum sss_cli_command sss_packet_get_cmd(struct sss_packet *packet); void sss_packet_get_body(struct sss_packet *packet, uint8_t **body, size_t *blen); void sss_packet_set_error(struct sss_packet *packet, int error); #endif /* __SSSSRV_PACKET_H__ */ sssd-1.11.5/src/responder/common/PaxHeaders.13173/responder.h0000644000000000000000000000007412320753107022005 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.439875109 sssd-1.11.5/src/responder/common/responder.h0000664002412700241270000002235712320753107022240 0ustar00jhrozekjhrozek00000000000000/* SSSD SSS Client Responder, header file Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SSS_RESPONDER_H__ #define __SSS_RESPONDER_H__ #include #include #include #include #include "config.h" #include "talloc.h" #include "tevent.h" #include "ldb.h" #include "dhash.h" #include "sbus/sssd_dbus.h" #include "sss_client/sss_cli.h" extern hash_table_t *dp_requests; /* if there is a provider other than the special local */ #define NEED_CHECK_PROVIDER(provider) \ (provider != NULL && strcmp(provider, "local") != 0) /* needed until nsssrv.h is updated */ struct cli_request { /* original request from the wire */ struct sss_packet *in; /* reply data */ struct sss_packet *out; }; struct cli_protocol_version { uint32_t version; const char *date; const char *description; }; struct resp_ctx; struct be_conn { struct be_conn *next; struct be_conn *prev; struct resp_ctx *rctx; const char *cli_name; struct sss_domain_info *domain; char *sbus_address; struct sbus_interface *intf; struct sbus_connection *conn; }; struct resp_ctx { struct tevent_context *ev; struct tevent_fd *lfde; int lfd; struct tevent_fd *priv_lfde; int priv_lfd; struct confdb_ctx *cdb; const char *sock_name; const char *priv_sock_name; struct sbus_connection *mon_conn; struct be_conn *be_conns; struct sss_domain_info *domains; int domains_timeout; int client_idle_timeout; struct sss_cmd_table *sss_cmds; const char *sss_pipe_name; const char *confdb_service_path; hash_table_t *dp_request_table; struct timeval get_domains_last_call; size_t allowed_uids_count; uid_t *allowed_uids; char *default_domain; void *pvt_ctx; bool shutting_down; }; struct cli_ctx { struct tevent_context *ev; struct resp_ctx *rctx; int cfd; struct tevent_fd *cfde; struct sockaddr_un addr; struct cli_request *creq; struct cli_protocol_version *cli_protocol_version; int priv; int32_t client_euid; int32_t client_egid; int32_t client_pid; int pwent_dom_idx; int pwent_cur; int grent_dom_idx; int grent_cur; int svc_dom_idx; int svcent_cur; char *netgr_name; int netgrent_cur; char *automntmap_name; struct tevent_timer *idle; }; struct sss_cmd_table { enum sss_cli_command cmd; int (*fn)(struct cli_ctx *cctx); }; /* responder_common.c */ int sss_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb, struct sss_cmd_table sss_cmds[], const char *sss_pipe_name, const char *sss_priv_pipe_name, const char *confdb_service_path, const char *svc_name, uint16_t svc_version, struct sbus_interface *monitor_intf, const char *cli_name, struct sbus_interface *dp_intf, struct resp_ctx **responder_ctx); int sss_parse_name(TALLOC_CTX *memctx, struct sss_names_ctx *snctx, const char *orig, char **domain, char **name); int sss_parse_name_for_domains(TALLOC_CTX *memctx, struct sss_domain_info *domains, const char *default_domain, const char *orig, char **domain, char **name); int sss_dp_get_domain_conn(struct resp_ctx *rctx, const char *domain, struct be_conn **_conn); struct sss_domain_info * responder_get_domain(struct resp_ctx *rctx, const char *domain); errno_t responder_get_domain_by_id(struct resp_ctx *rctx, const char *id, struct sss_domain_info **_ret_dom); /* responder_cmd.c */ int sss_cmd_empty_packet(struct sss_packet *packet); int sss_cmd_send_empty(struct cli_ctx *cctx, TALLOC_CTX *freectx); int sss_cmd_send_error(struct cli_ctx *cctx, int err); void sss_cmd_done(struct cli_ctx *cctx, void *freectx); int sss_cmd_get_version(struct cli_ctx *cctx); int sss_cmd_execute(struct cli_ctx *cctx, enum sss_cli_command cmd, struct sss_cmd_table *sss_cmds); struct cli_protocol_version *register_cli_protocol_version(void); struct setent_req_list; /* A facility for notifying setent requests */ struct tevent_req *setent_get_req(struct setent_req_list *sl); errno_t setent_add_ref(TALLOC_CTX *memctx, void *pvt, struct setent_req_list **list, struct tevent_req *req); void setent_notify(struct setent_req_list **list, errno_t err); void setent_notify_done(struct setent_req_list **list); errno_t sss_cmd_check_cache(struct ldb_message *msg, int cache_refresh_percent, uint64_t cache_expire); typedef void (*sss_dp_callback_t)(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr); struct dp_callback_ctx { sss_dp_callback_t callback; void *ptr; void *mem_ctx; struct cli_ctx *cctx; }; void handle_requests_after_reconnect(struct resp_ctx *rctx); int responder_logrotate(DBusMessage *message, struct sbus_connection *conn); /* Each responder-specific request must create a constructor * function that creates a DBus Message that would be sent to * the back end */ typedef DBusMessage * (dbus_msg_constructor)(void *); /* * This function is indended for consumption by responders to create * responder-specific requests such as sss_dp_get_account_send for * downloading account data. * * Issues a new back end request based on strkey if not already running * or registers a callback that is called when an existing request finishes. */ errno_t sss_dp_issue_request(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, const char *strkey, struct sss_domain_info *dom, dbus_msg_constructor msg_create, void *pvt, struct tevent_req *nreq); /* Every provider specific request uses this structure as the tevent_req * "state" structure. */ struct sss_dp_req_state { dbus_uint16_t dp_err; dbus_uint32_t dp_ret; char *err_msg; }; /* The _recv functions of provider specific requests usually need to * only call sss_dp_req_recv() to get return codes from back end */ errno_t sss_dp_req_recv(TALLOC_CTX *mem_ctx, struct tevent_req *sidereq, dbus_uint16_t *dp_err, dbus_uint32_t *dp_ret, char **err_msg); /* Send a request to the data provider * Once this function is called, the communication * with the data provider will always run to * completion. Freeing the returned tevent_req will * cancel the notification of completion, but not * the data provider action. */ enum sss_dp_acct_type { SSS_DP_USER = 1, SSS_DP_GROUP, SSS_DP_INITGROUPS, SSS_DP_NETGR, SSS_DP_SERVICES, SSS_DP_SECID, SSS_DP_USER_AND_GROUP }; struct tevent_req * sss_dp_get_account_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_domain_info *dom, bool fast_reply, enum sss_dp_acct_type type, const char *opt_name, uint32_t opt_id, const char *extra); errno_t sss_dp_get_account_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, dbus_uint16_t *err_maj, dbus_uint32_t *err_min, char **err_msg); bool sss_utf8_check(const uint8_t *s, size_t n); void responder_set_fd_limit(rlim_t fd_limit); #define GET_DOMAINS_DEFAULT_TIMEOUT 60 struct tevent_req *sss_dp_get_domains_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, bool force, const char *hint); errno_t sss_dp_get_domains_recv(struct tevent_req *req); errno_t schedule_get_domains_task(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx); errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *cvs_string, bool allow_sss_loop, size_t *_uid_count, uid_t **_uids); errno_t check_allowed_uids(uid_t uid, size_t allowed_uids_count, uid_t *allowed_uids); #endif /* __SSS_RESPONDER_H__ */ sssd-1.11.5/src/responder/common/PaxHeaders.13173/responder_cmd.c0000644000000000000000000000007412320753107022623 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.727874897 sssd-1.11.5/src/responder/common/responder_cmd.c0000664002412700241270000001725612320753107023060 0ustar00jhrozekjhrozek00000000000000/* SSSD SSS Client Responder, command parser Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "db/sysdb.h" #include "util/util.h" #include "responder/common/responder.h" #include "responder/common/responder_packet.h" int sss_cmd_send_error(struct cli_ctx *cctx, int err) { int ret; /* create response packet */ ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot create new packet: %d\n", ret)); return ret; } sss_packet_set_error(cctx->creq->out, err); return EOK; } int sss_cmd_empty_packet(struct sss_packet *packet) { uint8_t *body; size_t blen; int ret; ret = sss_packet_grow(packet, 2*sizeof(uint32_t)); if (ret != EOK) return ret; sss_packet_get_body(packet, &body, &blen); ((uint32_t *)body)[0] = 0; /* num results */ ((uint32_t *)body)[1] = 0; /* reserved */ return EOK; } int sss_cmd_send_empty(struct cli_ctx *cctx, TALLOC_CTX *freectx) { int ret; /* create response packet */ ret = sss_packet_new(cctx->creq, 0, sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return ret; } ret = sss_cmd_empty_packet(cctx->creq->out); if (ret != EOK) { return ret; } sss_packet_set_error(cctx->creq->out, EOK); sss_cmd_done(cctx, freectx); return EOK; } void sss_cmd_done(struct cli_ctx *cctx, void *freectx) { /* now that the packet is in place, unlock queue * making the event writable */ TEVENT_FD_WRITEABLE(cctx->cfde); /* free all request related data through the talloc hierarchy */ talloc_free(freectx); } int sss_cmd_get_version(struct cli_ctx *cctx) { uint8_t *req_body; size_t req_blen; uint8_t *body; size_t blen; int ret; uint32_t client_version; int i; static struct cli_protocol_version *cli_protocol_version = NULL; cctx->cli_protocol_version = NULL; if (cli_protocol_version == NULL) { cli_protocol_version = register_cli_protocol_version(); } if (cli_protocol_version != NULL) { cctx->cli_protocol_version = &cli_protocol_version[0]; sss_packet_get_body(cctx->creq->in, &req_body, &req_blen); if (req_blen == sizeof(uint32_t)) { memcpy(&client_version, req_body, sizeof(uint32_t)); DEBUG(5, ("Received client version [%d].\n", client_version)); i=0; while(cli_protocol_version[i].version>0) { if (cli_protocol_version[i].version == client_version) { cctx->cli_protocol_version = &cli_protocol_version[i]; break; } i++; } } } /* create response packet */ ret = sss_packet_new(cctx->creq, sizeof(uint32_t), sss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return ret; } sss_packet_get_body(cctx->creq->out, &body, &blen); ((uint32_t *)body)[0] = cctx->cli_protocol_version!=NULL ? cctx->cli_protocol_version->version : 0; DEBUG(5, ("Offered version [%d].\n", ((uint32_t *)body)[0])); sss_cmd_done(cctx, NULL); return EOK; } int sss_cmd_execute(struct cli_ctx *cctx, enum sss_cli_command cmd, struct sss_cmd_table *sss_cmds) { int i; for (i = 0; sss_cmds[i].cmd != SSS_CLI_NULL; i++) { if (cmd == sss_cmds[i].cmd) { return sss_cmds[i].fn(cctx); } } return EINVAL; } struct setent_req_list { struct setent_req_list *prev; struct setent_req_list *next; /* Need to modify the list from a talloc destructor */ struct setent_req_list **head; void *pvt; struct tevent_req *req; }; struct tevent_req * setent_get_req(struct setent_req_list *sl) { return sl->req; } int setent_remove_ref(TALLOC_CTX *ctx) { struct setent_req_list *entry = talloc_get_type(ctx, struct setent_req_list); DLIST_REMOVE(*(entry->head), entry); return 0; } errno_t setent_add_ref(TALLOC_CTX *memctx, void *pvt, struct setent_req_list **list, struct tevent_req *req) { struct setent_req_list *entry; entry = talloc_zero(memctx, struct setent_req_list); if (!entry) { return ENOMEM; } entry->req = req; entry->pvt = pvt; DLIST_ADD_END(*list, entry, struct setent_req_list *); entry->head = list; talloc_set_destructor((TALLOC_CTX *)entry, setent_remove_ref); return EOK; } void setent_notify(struct setent_req_list **list, errno_t err) { struct setent_req_list *reql; /* Notify the waiting clients */ while ((reql = *list) != NULL) { /* Each tevent_req_done() call will free * the request, removing it from the list. */ if (err == EOK) { tevent_req_done(reql->req); } else { tevent_req_error(reql->req, err); } if (reql == *list) { /* The consumer failed to free the * request. Log a bug and continue. */ DEBUG(SSSDBG_FATAL_FAILURE, ("BUG: a callback did not free its request. " "May leak memory\n")); /* Skip to the next since a memory leak is non-fatal */ *list = (*list)->next; } } } void setent_notify_done(struct setent_req_list **list) { return setent_notify(list, EOK); } /* * Return values: * EOK - cache hit * EAGAIN - cache hit, but schedule off band update * ENOENT - cache miss */ errno_t sss_cmd_check_cache(struct ldb_message *msg, int cache_refresh_percent, uint64_t cache_expire) { uint64_t lastUpdate; uint64_t midpoint_refresh = 0; time_t now; now = time(NULL); lastUpdate = ldb_msg_find_attr_as_uint64(msg, SYSDB_LAST_UPDATE, 0); midpoint_refresh = 0; if(cache_refresh_percent) { midpoint_refresh = lastUpdate + (cache_expire - lastUpdate)*cache_refresh_percent/100.0; if (midpoint_refresh - lastUpdate < 10) { /* If the percentage results in an expiration * less than ten seconds after the lastUpdate time, * that's too often we will simply set it to 10s */ midpoint_refresh = lastUpdate+10; } } if (cache_expire > now) { /* cache still valid */ if (midpoint_refresh && midpoint_refresh < now) { /* We're past the cache refresh timeout * We'll return the value from the cache, but we'll also * queue the cache entry for update out-of-band. */ return EAGAIN; } else { /* Cache is still valid. */ return EOK; } } /* Cache needs to be updated */ return ENOENT; } sssd-1.11.5/src/responder/common/PaxHeaders.13173/responder_sbus.h0000644000000000000000000000007412320753107023041 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.440875109 sssd-1.11.5/src/responder/common/responder_sbus.h0000664002412700241270000000251012320753107023261 0ustar00jhrozekjhrozek00000000000000/* SSSD SSS Client Responder, common header file Copyright (C) Red Hat, 2012 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __SSS_RESPONDER_SBUS_H__ #define __SSS_RESPONDER_SBUS_H__ #define NSS_SBUS_SERVICE_NAME "nss" #define NSS_SBUS_SERVICE_VERSION 0x0001 #define SSS_PAM_SBUS_SERVICE_NAME "pam" #define SSS_PAM_SBUS_SERVICE_VERSION 0x0001 #define SSS_SUDO_SBUS_SERVICE_NAME "sudo" #define SSS_SUDO_SBUS_SERVICE_VERSION 0x0001 #define SSS_AUTOFS_SBUS_SERVICE_NAME "autofs" #define SSS_AUTOFS_SBUS_SERVICE_VERSION 0x0001 #define SSS_SSH_SBUS_SERVICE_NAME "ssh" #define SSS_SSH_SBUS_SERVICE_VERSION 0x0001 #define PAC_SBUS_SERVICE_NAME "pac" #define PAC_SBUS_SERVICE_VERSION 0x0001 #endif /* __SSS_RESPONDER_SBUS_H__ */ sssd-1.11.5/src/responder/common/PaxHeaders.13173/responder_get_domains.c0000644000000000000000000000007412320753107024351 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.762874871 sssd-1.11.5/src/responder/common/responder_get_domains.c0000664002412700241270000002702212320753107024576 0ustar00jhrozekjhrozek00000000000000/* Authors: Jan Zeleny Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "responder/common/responder.h" #include "providers/data_provider.h" #include "db/sysdb.h" /* ========== Get subdomains for a domain ================= */ static DBusMessage *sss_dp_get_domains_msg(void *pvt); struct sss_dp_domains_info { struct sss_domain_info *dom; const char *hint; /* The DBus API expects its own Boolean type when formatting argument * with DBUS_TYPE_BOOLEAN */ dbus_bool_t force; }; static struct tevent_req * get_subdomains_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_domain_info *dom, const bool force, const char *hint) { errno_t ret; struct tevent_req *req; struct sss_dp_req_state *state; struct sss_dp_domains_info *info; char *key; req = tevent_req_create(mem_ctx, &state, struct sss_dp_req_state); if (req == NULL) { return NULL; } info = talloc_zero(state, struct sss_dp_domains_info); if (!info) { ret = ENOMEM; goto fail; } info->hint = hint; info->force = force ? TRUE : FALSE; info->dom = dom; key = talloc_asprintf(state, "domains@%s", dom->name); if (key == NULL) { ret = ENOMEM; goto fail; } ret = sss_dp_issue_request(state, rctx, key, dom, sss_dp_get_domains_msg, info, req); talloc_free(key); if (ret != EOK) { ret = EIO; goto fail; } return req; fail: tevent_req_error(req, ret); tevent_req_post(req, rctx->ev); return req; } static DBusMessage * sss_dp_get_domains_msg(void *pvt) { struct sss_dp_domains_info *info; DBusMessage *msg = NULL; dbus_bool_t dbret; info = talloc_get_type(pvt, struct sss_dp_domains_info); msg = dbus_message_new_method_call(NULL, DP_PATH, DP_INTERFACE, DP_METHOD_GETDOMAINS); if (msg == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory?!\n")); return NULL; } DEBUG(SSSDBG_TRACE_FUNC, ("Sending get domains request for [%s][%sforced][%s]\n", info->dom->name, info->force ? "" : "not ", info->hint)); /* Send the hint argument to provider as well. This will * be useful for some cases of transitional trust where * the server might not know all trusted domains */ dbret = dbus_message_append_args(msg, DBUS_TYPE_BOOLEAN, &info->force, DBUS_TYPE_STRING, &info->hint, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(SSSDBG_OP_FAILURE ,("Failed to build message\n")); dbus_message_unref(msg); return NULL; } return msg; } static errno_t get_next_domain_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, dbus_uint16_t *dp_err, dbus_uint32_t *dp_ret, char **err_msg) { return sss_dp_req_recv(mem_ctx, req, dp_err, dp_ret, err_msg); } /* ====== Iterate over all domains, searching for their subdomains ======= */ static errno_t process_subdomains(struct sss_domain_info *dom); static void set_time_of_last_request(struct resp_ctx *rctx); static errno_t check_last_request(struct resp_ctx *rctx, const char *hint); struct sss_dp_get_domains_state { struct resp_ctx *rctx; struct sss_domain_info *dom; const char *hint; bool force; }; static void sss_dp_get_domains_process(struct tevent_req *subreq); struct tevent_req *sss_dp_get_domains_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, bool force, const char *hint) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct sss_dp_get_domains_state *state; req = tevent_req_create(mem_ctx, &state, struct sss_dp_get_domains_state); if (req == NULL) { return NULL; } if (rctx->domains == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("No domains configured.\n")); ret = EINVAL; goto immediately; } if (!force) { ret = check_last_request(rctx, hint); if (ret == EOK) { DEBUG(SSSDBG_TRACE_FUNC, ("Last call was too recent, nothing to do!\n")); goto immediately; } else if (ret != EAGAIN) { DEBUG(SSSDBG_TRACE_FUNC, ("check_domain_request failed with [%d][%s]\n", ret, strerror(ret))); goto immediately; } } state->rctx = rctx; state->force = force; if (hint != NULL) { state->hint = hint; } else { state->hint = talloc_strdup(state, ""); if (state->hint == NULL) { ret = ENOMEM; goto immediately; } } state->dom = rctx->domains; while(state->dom != NULL && !NEED_CHECK_PROVIDER(state->dom->provider)) { state->dom = get_next_domain(state->dom, false); } if (state->dom == NULL) { /* All domains were local */ ret = EOK; goto immediately; } subreq = get_subdomains_send(req, rctx, state->dom, state->force, state->hint); if (subreq == NULL) { ret = ENOMEM; goto immediately; } tevent_req_set_callback(subreq, sss_dp_get_domains_process, req); return req; immediately: if (ret == EOK) { set_time_of_last_request(rctx); tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, rctx->ev); return req; } static void sss_dp_get_domains_process(struct tevent_req *subreq) { errno_t ret; struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct sss_dp_get_domains_state *state = tevent_req_data(req, struct sss_dp_get_domains_state); dbus_uint16_t dp_err; dbus_uint32_t dp_ret; char *err_msg; ret = get_next_domain_recv(req, subreq, &dp_err, &dp_ret, &err_msg); talloc_zfree(subreq); if (ret != EOK) { goto fail; } ret = process_subdomains(state->dom); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("process_subdomains failed, " "trying next domain.\n")); goto fail; } /* Advance to the next domain */ state->dom = get_next_domain(state->dom, false); /* Skip local domains */ while(state->dom != NULL && !NEED_CHECK_PROVIDER(state->dom->provider)) { state->dom = get_next_domain(state->dom, false); } if (state->dom == NULL) { /* All domains were local */ set_time_of_last_request(state->rctx); tevent_req_done(req); return; } subreq = get_subdomains_send(req, state->rctx, state->dom, state->force, state->hint); if (subreq == NULL) { ret = ENOMEM; goto fail; } tevent_req_set_callback(subreq, sss_dp_get_domains_process, req); return; fail: tevent_req_error(req, ret); return; } static errno_t process_subdomains(struct sss_domain_info *domain) { int ret; if (domain->realm == NULL || domain->flat_name == NULL || domain->domain_id == NULL) { ret = sysdb_master_domain_update(domain); if (ret != EOK) { DEBUG(SSSDBG_FUNC_DATA, ("sysdb_master_domain_get_info " \ "failed.\n")); goto done; } } /* Retrieve all subdomains of this domain from sysdb * and create their struct sss_domain_info representations */ ret = sysdb_update_subdomains(domain); if (ret != EOK) { DEBUG(SSSDBG_FUNC_DATA, ("sysdb_update_subdomains failed.\n")); goto done; } errno = 0; ret = gettimeofday(&domain->subdomains_last_checked, NULL); if (ret == -1) { ret = errno; goto done; } ret = EOK; done: if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to update sub-domains " "of domain [%s].\n", domain->name)); } return ret; } errno_t sss_dp_get_domains_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void set_time_of_last_request(struct resp_ctx *rctx) { int ret; errno = 0; ret = gettimeofday(&rctx->get_domains_last_call, NULL); if (ret == -1) { ret = errno; DEBUG(SSSDBG_TRACE_FUNC, ("gettimeofday failed [%d][%s].\n", ret, strerror(ret))); } } static errno_t check_last_request(struct resp_ctx *rctx, const char *hint) { struct sss_domain_info *dom; time_t now = time(NULL); time_t diff; diff = now - rctx->get_domains_last_call.tv_sec; if (diff >= rctx->domains_timeout) { /* Timeout, expired, fetch domains again */ return EAGAIN; } if (hint != NULL) { for (dom = rctx->domains; dom; dom = get_next_domain(dom, true)) { if (!IS_SUBDOMAIN(dom)) { diff = now - dom->subdomains_last_checked.tv_sec; /* not a subdomain */ continue; } if (strcasecmp(dom->name, hint) == 0) { if (diff >= rctx->domains_timeout) { /* Timeout, expired, fetch domains again */ return EAGAIN; } } } } return EOK; } static void get_domains_at_startup_done(struct tevent_req *req) { int ret; ret = sss_dp_get_domains_recv(req); talloc_free(req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sss_dp_get_domains request failed.\n")); } return; } static void get_domains_at_startup(struct tevent_context *ev, struct tevent_immediate *imm, void *pvt) { struct tevent_req *req; struct resp_ctx *rctx; rctx = talloc_get_type(pvt, struct resp_ctx); req = sss_dp_get_domains_send(rctx, rctx, true, NULL); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("sss_dp_get_domains_send failed.\n")); return; } tevent_req_set_callback(req, get_domains_at_startup_done, NULL); return; } errno_t schedule_get_domains_task(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resp_ctx *rctx) { struct tevent_immediate *imm; imm = tevent_create_immediate(mem_ctx); if (imm == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("tevent_create_immediate failed.\n")); return ENOMEM; } tevent_schedule_immediate(imm, ev, get_domains_at_startup, rctx); return EOK; } sssd-1.11.5/src/responder/common/PaxHeaders.13173/responder_packet.c0000644000000000000000000000007412320753107023327 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.726874898 sssd-1.11.5/src/responder/common/responder_packet.c0000664002412700241270000001412112320753107023550 0ustar00jhrozekjhrozek00000000000000/* SSSD SSS Client Responder, command parser Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "talloc.h" #include "util/util.h" #include "responder/common/responder_packet.h" #define SSSSRV_PACKET_MEM_SIZE 512 struct sss_packet { size_t memsize; uint8_t *buffer; /* header */ uint32_t *len; uint32_t *cmd; uint32_t *status; uint32_t *reserved; uint8_t *body; /* io pointer */ size_t iop; }; /* * Allocate a new packet structure * * - if size is defined use it otherwise the default packet will be * SSSSRV_PACKET_MEM_SIZE bytes. */ int sss_packet_new(TALLOC_CTX *mem_ctx, size_t size, enum sss_cli_command cmd, struct sss_packet **rpacket) { struct sss_packet *packet; packet = talloc(mem_ctx, struct sss_packet); if (!packet) return ENOMEM; if (size) { int n = (size + SSS_NSS_HEADER_SIZE) % SSSSRV_PACKET_MEM_SIZE; packet->memsize = (n + 1) * SSSSRV_PACKET_MEM_SIZE; } else { packet->memsize = SSSSRV_PACKET_MEM_SIZE; } packet->buffer = talloc_size(packet, packet->memsize); if (!packet->buffer) { talloc_free(packet); return ENOMEM; } memset(packet->buffer, 0, SSS_NSS_HEADER_SIZE); packet->len = &((uint32_t *)packet->buffer)[0]; packet->cmd = &((uint32_t *)packet->buffer)[1]; packet->status = &((uint32_t *)packet->buffer)[2]; packet->reserved = &((uint32_t *)packet->buffer)[3]; packet->body = (uint8_t *)&((uint32_t *)packet->buffer)[4]; *(packet->len) = size + SSS_NSS_HEADER_SIZE; *(packet->cmd) = cmd; packet->iop = 0; *rpacket = packet; return EOK; } /* grows a packet size only in SSSSRV_PACKET_MEM_SIZE chunks */ int sss_packet_grow(struct sss_packet *packet, size_t size) { size_t totlen, len; uint8_t *newmem; if (size == 0) { return EOK; } totlen = packet->memsize; len = *packet->len + size; /* make sure we do not overflow */ if (totlen < len) { int n = len / SSSSRV_PACKET_MEM_SIZE + 1; totlen += n * SSSSRV_PACKET_MEM_SIZE; if (totlen < len) { return EINVAL; } } if (totlen > packet->memsize) { newmem = talloc_realloc_size(packet, packet->buffer, totlen); if (!newmem) { return ENOMEM; } packet->memsize = totlen; /* re-set pointers if realloc had to move memory */ if (newmem != packet->buffer) { packet->buffer = newmem; packet->len = &((uint32_t *)packet->buffer)[0]; packet->cmd = &((uint32_t *)packet->buffer)[1]; packet->status = &((uint32_t *)packet->buffer)[2]; packet->reserved = &((uint32_t *)packet->buffer)[3]; packet->body = (uint8_t *)&((uint32_t *)packet->buffer)[4]; } } *(packet->len) += size; return 0; } /* reclaim backet previously resrved space in the packet * usually done in functione recovering from not fatal erros */ int sss_packet_shrink(struct sss_packet *packet, size_t size) { size_t newlen; if (size > *(packet->len)) return EINVAL; newlen = *(packet->len) - size; if (newlen < SSS_NSS_HEADER_SIZE) return EINVAL; *(packet->len) = newlen; return 0; } int sss_packet_set_size(struct sss_packet *packet, size_t size) { size_t newlen; newlen = SSS_NSS_HEADER_SIZE + size; /* make sure we do not overflow */ if (packet->memsize < newlen) return EINVAL; *(packet->len) = newlen; return 0; } int sss_packet_recv(struct sss_packet *packet, int fd) { size_t rb; size_t len; void *buf; buf = packet->buffer + packet->iop; if (packet->iop > 4) len = *packet->len - packet->iop; else len = packet->memsize - packet->iop; /* check for wrapping */ if (len > packet->memsize) { return EINVAL; } errno = 0; rb = recv(fd, buf, len, 0); if (rb == -1) { if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR) { return EAGAIN; } else { return errno; } } if (rb == 0) { return ENODATA; } if (*packet->len > packet->memsize) { return EINVAL; } packet->iop += rb; if (packet->iop < 4) { return EAGAIN; } if (packet->iop < *packet->len) { return EAGAIN; } return EOK; } int sss_packet_send(struct sss_packet *packet, int fd) { size_t rb; size_t len; void *buf; if (!packet) { /* No packet object to write to? */ return EINVAL; } buf = packet->buffer + packet->iop; len = *packet->len - packet->iop; errno = 0; rb = send(fd, buf, len, 0); if (rb == -1) { if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR) { return EAGAIN; } else { return errno; } } if (rb == 0) { return EIO; } packet->iop += rb; if (packet->iop < *packet->len) { return EAGAIN; } return EOK; } enum sss_cli_command sss_packet_get_cmd(struct sss_packet *packet) { return (enum sss_cli_command)(*packet->cmd); } void sss_packet_get_body(struct sss_packet *packet, uint8_t **body, size_t *blen) { *body = packet->body; *blen = *packet->len - SSS_NSS_HEADER_SIZE; } void sss_packet_set_error(struct sss_packet *packet, int error) { *(packet->status) = error; } sssd-1.11.5/src/responder/common/PaxHeaders.13173/negcache.h0000644000000000000000000000007412320753107021541 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.448875103 sssd-1.11.5/src/responder/common/negcache.h0000664002412700241270000000714712320753107021774 0ustar00jhrozekjhrozek00000000000000/* SSSD NSS Responder Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef _NSS_NEG_CACHE_H_ #define _NSS_NEG_CACHE_H_ struct sss_nc_ctx; /* init the in memory negative cache */ int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx); /* check if the user is expired according to the passed in time to live */ int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name); int sss_ncache_check_group(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name); int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, int ttl, const char *domain, const char *name); int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid); int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, gid_t gid); int sss_ncache_check_sid(struct sss_nc_ctx *ctx, int ttl, const char *sid); int sss_ncache_check_service(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name, const char *proto); int sss_ncache_check_service_port(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, uint16_t port, const char *proto); /* add a new neg-cache entry setting the timestamp to "now" unless * "permanent" is set to true, in which case the timestamps is set to 0 * and the negative cache never expires (used to permanently filter out * users and groups) */ int sss_ncache_set_user(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name); int sss_ncache_set_group(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name); int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name); int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid); int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, gid_t gid); int sss_ncache_set_sid(struct sss_nc_ctx *ctx, bool permanent, const char *sid); int sss_ncache_set_service_name(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name, const char *proto); int sss_ncache_set_service_port(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, uint16_t port, const char *proto); int sss_ncache_reset_permament(struct sss_nc_ctx *ctx); /* Set up the negative cache with values from filter_users and * filter_groups in the sssd.conf */ errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, struct confdb_ctx *cdb, struct resp_ctx *rctx); #endif /* _NSS_NEG_CACHE_H_ */ sssd-1.11.5/src/responder/common/PaxHeaders.13173/negcache.c0000644000000000000000000000007412320753107021534 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.728874896 sssd-1.11.5/src/responder/common/negcache.c0000664002412700241270000005703412320753107021767 0ustar00jhrozekjhrozek00000000000000/* SSSD NSS Responder Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "confdb/confdb.h" #include "responder/common/responder.h" #include #include #include "tdb.h" #define NC_ENTRY_PREFIX "NCE/" #define NC_USER_PREFIX NC_ENTRY_PREFIX"USER" #define NC_GROUP_PREFIX NC_ENTRY_PREFIX"GROUP" #define NC_NETGROUP_PREFIX NC_ENTRY_PREFIX"NETGR" #define NC_SERVICE_PREFIX NC_ENTRY_PREFIX"SERVICE" #define NC_UID_PREFIX NC_ENTRY_PREFIX"UID" #define NC_GID_PREFIX NC_ENTRY_PREFIX"GID" #define NC_SID_PREFIX NC_ENTRY_PREFIX"SID" struct sss_nc_ctx { struct tdb_context *tdb; }; typedef int (*ncache_set_byname_fn_t)(struct sss_nc_ctx *, bool, const char *, const char *); static int sss_ncache_set_ent(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name, ncache_set_byname_fn_t setter); static int string_to_tdb_data(char *str, TDB_DATA *ret) { if (!str || !ret) return EINVAL; ret->dptr = (uint8_t *)str; ret->dsize = strlen(str)+1; return EOK; } int sss_ncache_init(TALLOC_CTX *memctx, struct sss_nc_ctx **_ctx) { struct sss_nc_ctx *ctx; ctx = talloc_zero(memctx, struct sss_nc_ctx); if (!ctx) return ENOMEM; errno = 0; /* open a memory only tdb with default hash size */ ctx->tdb = tdb_open("memcache", 0, TDB_INTERNAL, O_RDWR|O_CREAT, 0); if (!ctx->tdb) return errno; *_ctx = ctx; return EOK; }; static int sss_ncache_check_str(struct sss_nc_ctx *ctx, char *str, int ttl) { TDB_DATA key; TDB_DATA data; unsigned long long int timestamp; bool expired = false; char *ep; int ret; DEBUG(8, ("Checking negative cache for [%s]\n", str)); data.dptr = NULL; ret = string_to_tdb_data(str, &key); if (ret != EOK) goto done; data = tdb_fetch(ctx->tdb, key); if (!data.dptr) { ret = ENOENT; goto done; } if (ttl == -1) { /* a negative ttl means: never expires */ ret = EEXIST; goto done; } errno = 0; timestamp = strtoull((const char *)data.dptr, &ep, 10); if (errno != 0 || *ep != '\0') { /* Malformed entry, remove it and return no entry */ expired = true; goto done; } if (timestamp == 0) { /* a 0 timestamp means this is a permanent entry */ ret = EEXIST; goto done; } if (timestamp + ttl > time(NULL)) { /* still valid */ ret = EEXIST; goto done; } expired = true; done: if (expired) { /* expired, remove and return no entry */ tdb_delete(ctx->tdb, key); ret = ENOENT; } free(data.dptr); return ret; } static int sss_ncache_set_str(struct sss_nc_ctx *ctx, char *str, bool permanent) { TDB_DATA key; TDB_DATA data; char *timest; int ret; ret = string_to_tdb_data(str, &key); if (ret != EOK) return ret; if (permanent) { timest = talloc_strdup(ctx, "0"); } else { timest = talloc_asprintf(ctx, "%llu", (unsigned long long int)time(NULL)); } if (!timest) return ENOMEM; ret = string_to_tdb_data(timest, &data); if (ret != EOK) goto done; DEBUG(6, ("Adding [%s] to negative cache%s\n", str, permanent?" permanently":"")); ret = tdb_store(ctx->tdb, key, data, TDB_REPLACE); if (ret != 0) { DEBUG(1, ("Negative cache failed to set entry: [%s]\n", tdb_errorstr(ctx->tdb))); ret = EFAULT; } done: talloc_free(timest); return ret; } static int sss_ncache_check_user_int(struct sss_nc_ctx *ctx, int ttl, const char *domain, const char *name) { char *str; int ret; if (!name || !*name) return EINVAL; str = talloc_asprintf(ctx, "%s/%s/%s", NC_USER_PREFIX, domain, name); if (!str) return ENOMEM; ret = sss_ncache_check_str(ctx, str, ttl); talloc_free(str); return ret; } static int sss_ncache_check_group_int(struct sss_nc_ctx *ctx, int ttl, const char *domain, const char *name) { char *str; int ret; if (!name || !*name) return EINVAL; str = talloc_asprintf(ctx, "%s/%s/%s", NC_GROUP_PREFIX, domain, name); if (!str) return ENOMEM; ret = sss_ncache_check_str(ctx, str, ttl); talloc_free(str); return ret; } static int sss_ncache_check_netgr_int(struct sss_nc_ctx *ctx, int ttl, const char *domain, const char *name) { char *str; int ret; if (!name || !*name) return EINVAL; str = talloc_asprintf(ctx, "%s/%s/%s", NC_NETGROUP_PREFIX, domain, name); if (!str) return ENOMEM; ret = sss_ncache_check_str(ctx, str, ttl); talloc_free(str); return ret; } static int sss_ncache_check_service_int(struct sss_nc_ctx *ctx, int ttl, const char *domain, const char *name) { char *str; int ret; if (!name || !*name) return EINVAL; str = talloc_asprintf(ctx, "%s/%s/%s", NC_SERVICE_PREFIX, domain, name); if (!str) return ENOMEM; ret = sss_ncache_check_str(ctx, str, ttl); talloc_free(str); return ret; } typedef int (*ncache_check_byname_fn_t)(struct sss_nc_ctx *, int, const char *, const char *); static int sss_cache_check_ent(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name, ncache_check_byname_fn_t checker) { char *lower; errno_t ret; if (dom->case_sensitive == false) { lower = sss_tc_utf8_str_tolower(ctx, name); if (!lower) return ENOMEM; ret = checker(ctx, ttl, dom->name, lower); talloc_free(lower); } else { ret = checker(ctx, ttl, dom->name, name); } return ret; } int sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name) { return sss_cache_check_ent(ctx, ttl, dom, name, sss_ncache_check_user_int); } int sss_ncache_check_group(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name) { return sss_cache_check_ent(ctx, ttl, dom, name, sss_ncache_check_group_int); } int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name) { return sss_cache_check_ent(ctx, ttl, dom, name, sss_ncache_check_netgr_int); } static int sss_ncache_set_service_int(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name) { char *str; int ret; if (!name || !*name) return EINVAL; str = talloc_asprintf(ctx, "%s/%s/%s", NC_SERVICE_PREFIX, domain, name); if (!str) return ENOMEM; ret = sss_ncache_set_str(ctx, str, permanent); talloc_free(str); return ret; } int sss_ncache_set_service_name(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name, const char *proto) { int ret; char *service_and_protocol = talloc_asprintf(ctx, "%s:%s", name, proto ? proto : ""); if (!service_and_protocol) return ENOMEM; ret = sss_ncache_set_ent(ctx, permanent, dom, service_and_protocol, sss_ncache_set_service_int); talloc_free(service_and_protocol); return ret; } int sss_ncache_check_service(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name, const char *proto) { int ret; char *service_and_protocol = talloc_asprintf(ctx, "%s:%s", name, proto ? proto : ""); if (!service_and_protocol) return ENOMEM; ret = sss_cache_check_ent(ctx, ttl, dom, service_and_protocol, sss_ncache_check_service_int); talloc_free(service_and_protocol); return ret; } int sss_ncache_set_service_port(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, uint16_t port, const char *proto) { int ret; char *service_and_protocol = talloc_asprintf(ctx, "%ul:%s", port, proto ? proto : ""); if (!service_and_protocol) return ENOMEM; ret = sss_ncache_set_ent(ctx, permanent, dom, service_and_protocol, sss_ncache_set_service_int); talloc_free(service_and_protocol); return ret; } int sss_ncache_check_service_port(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, uint16_t port, const char *proto) { int ret; char *service_and_protocol = talloc_asprintf(ctx, "%ul:%s", port, proto ? proto : ""); if (!service_and_protocol) return ENOMEM; ret = sss_cache_check_ent(ctx, ttl, dom, service_and_protocol, sss_ncache_check_service_int); talloc_free(service_and_protocol); return ret; } int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid) { char *str; int ret; str = talloc_asprintf(ctx, "%s/%"SPRIuid, NC_UID_PREFIX, uid); if (!str) return ENOMEM; ret = sss_ncache_check_str(ctx, str, ttl); talloc_free(str); return ret; } int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, gid_t gid) { char *str; int ret; str = talloc_asprintf(ctx, "%s/%"SPRIgid, NC_GID_PREFIX, gid); if (!str) return ENOMEM; ret = sss_ncache_check_str(ctx, str, ttl); talloc_free(str); return ret; } int sss_ncache_check_sid(struct sss_nc_ctx *ctx, int ttl, const char *sid) { char *str; int ret; str = talloc_asprintf(ctx, "%s/%s", NC_SID_PREFIX, sid); if (!str) return ENOMEM; ret = sss_ncache_check_str(ctx, str, ttl); talloc_free(str); return ret; } static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name) { char *str; int ret; if (!name || !*name) return EINVAL; str = talloc_asprintf(ctx, "%s/%s/%s", NC_USER_PREFIX, domain, name); if (!str) return ENOMEM; ret = sss_ncache_set_str(ctx, str, permanent); talloc_free(str); return ret; } static int sss_ncache_set_group_int(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name) { char *str; int ret; if (!name || !*name) return EINVAL; str = talloc_asprintf(ctx, "%s/%s/%s", NC_GROUP_PREFIX, domain, name); if (!str) return ENOMEM; ret = sss_ncache_set_str(ctx, str, permanent); talloc_free(str); return ret; } static int sss_ncache_set_netgr_int(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name) { char *str; int ret; if (!name || !*name) return EINVAL; str = talloc_asprintf(ctx, "%s/%s/%s", NC_NETGROUP_PREFIX, domain, name); if (!str) return ENOMEM; ret = sss_ncache_set_str(ctx, str, permanent); talloc_free(str); return ret; } static int sss_ncache_set_ent(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name, ncache_set_byname_fn_t setter) { char *lower; errno_t ret; if (dom->case_sensitive == false) { lower = sss_tc_utf8_str_tolower(ctx, name); if (!lower) return ENOMEM; ret = setter(ctx, permanent, dom->name, lower); talloc_free(lower); } else { ret = setter(ctx, permanent, dom->name, name); } return ret; } int sss_ncache_set_user(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name) { return sss_ncache_set_ent(ctx, permanent, dom, name, sss_ncache_set_user_int); } int sss_ncache_set_group(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name) { return sss_ncache_set_ent(ctx, permanent, dom, name, sss_ncache_set_group_int); } int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name) { return sss_ncache_set_ent(ctx, permanent, dom, name, sss_ncache_set_netgr_int); } int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid) { char *str; int ret; str = talloc_asprintf(ctx, "%s/%"SPRIuid, NC_UID_PREFIX, uid); if (!str) return ENOMEM; ret = sss_ncache_set_str(ctx, str, permanent); talloc_free(str); return ret; } int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, gid_t gid) { char *str; int ret; str = talloc_asprintf(ctx, "%s/%"SPRIgid, NC_GID_PREFIX, gid); if (!str) return ENOMEM; ret = sss_ncache_set_str(ctx, str, permanent); talloc_free(str); return ret; } int sss_ncache_set_sid(struct sss_nc_ctx *ctx, bool permanent, const char *sid) { char *str; int ret; str = talloc_asprintf(ctx, "%s/%s", NC_SID_PREFIX, sid); if (!str) return ENOMEM; ret = sss_ncache_set_str(ctx, str, permanent); talloc_free(str); return ret; } static int delete_permanent(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state) { unsigned long long int timestamp; bool remove_key = false; char *ep; if (strncmp((char *)key.dptr, NC_ENTRY_PREFIX, sizeof(NC_ENTRY_PREFIX)) != 0) { /* not interested in this key */ return 0; } errno = 0; timestamp = strtoull((const char *)data.dptr, &ep, 10); if (errno != 0 || *ep != '\0') { /* Malformed entry, remove it */ remove_key = true; goto done; } if (timestamp == 0) { /* a 0 timestamp means this is a permanent entry */ remove_key = true; } done: if (remove_key) { return tdb_delete(tdb, key); } return 0; } int sss_ncache_reset_permament(struct sss_nc_ctx *ctx) { int ret; ret = tdb_traverse(ctx->tdb, delete_permanent, NULL); if (ret < 0) return EIO; return EOK; } errno_t sss_ncache_prepopulate(struct sss_nc_ctx *ncache, struct confdb_ctx *cdb, struct resp_ctx *rctx) { errno_t ret; bool filter_set = false; char **filter_list = NULL; char *name = NULL; struct sss_domain_info *dom = NULL; struct sss_domain_info *domain_list = rctx->domains; char *domainname = NULL; char *conf_path = NULL; TALLOC_CTX *tmpctx = talloc_new(NULL); int i; /* Populate domain-specific negative cache entries */ for (dom = domain_list; dom; dom = get_next_domain(dom, false)) { conf_path = talloc_asprintf(tmpctx, CONFDB_DOMAIN_PATH_TMPL, dom->name); if (!conf_path) { ret = ENOMEM; goto done; } talloc_zfree(filter_list); ret = confdb_get_string_as_list(cdb, tmpctx, conf_path, CONFDB_NSS_FILTER_USERS, &filter_list); if (ret == ENOENT) continue; if (ret != EOK) goto done; filter_set = true; for (i = 0; (filter_list && filter_list[i]); i++) { ret = sss_parse_name_for_domains(tmpctx, domain_list, rctx->default_domain, filter_list[i], &domainname, &name); if (ret != EOK) { DEBUG(1, ("Invalid name in filterUsers list: [%s] (%d)\n", filter_list[i], ret)); continue; } if (domainname && strcmp(domainname, dom->name)) { DEBUG(1, ("Mismatch between domain name (%s) and name " "set in FQN (%s), skipping user %s\n", dom->name, domainname, name)); continue; } ret = sss_ncache_set_user(ncache, true, dom, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent user filter for [%s]" " (%d [%s])\n", filter_list[i], ret, strerror(ret))); continue; } } } ret = confdb_get_string_as_list(cdb, tmpctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_FILTER_USERS, &filter_list); if (ret == ENOENT) { if (!filter_set) { filter_list = talloc_array(tmpctx, char *, 2); if (!filter_list) { ret = ENOMEM; goto done; } filter_list[0] = talloc_strdup(tmpctx, "root"); if (!filter_list[0]) { ret = ENOMEM; goto done; } filter_list[1] = NULL; } } else if (ret != EOK) goto done; for (i = 0; (filter_list && filter_list[i]); i++) { ret = sss_parse_name_for_domains(tmpctx, domain_list, rctx->default_domain, filter_list[i], &domainname, &name); if (ret != EOK) { DEBUG(1, ("Invalid name in filterUsers list: [%s] (%d)\n", filter_list[i], ret)); continue; } if (domainname) { dom = responder_get_domain(rctx, domainname); if (!dom) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid domain name [%s]\n", domainname)); continue; } ret = sss_ncache_set_user(ncache, true, dom, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent user filter for [%s]" " (%d [%s])\n", filter_list[i], ret, strerror(ret))); continue; } } else { for (dom = domain_list; dom; dom = get_next_domain(dom, false)) { ret = sss_ncache_set_user(ncache, true, dom, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent user filter for" " [%s:%s] (%d [%s])\n", dom->name, filter_list[i], ret, strerror(ret))); continue; } } } } filter_set = false; for (dom = domain_list; dom; dom = get_next_domain(dom, false)) { conf_path = talloc_asprintf(tmpctx, CONFDB_DOMAIN_PATH_TMPL, dom->name); if (!conf_path) { ret = ENOMEM; goto done; } talloc_zfree(filter_list); ret = confdb_get_string_as_list(cdb, tmpctx, conf_path, CONFDB_NSS_FILTER_GROUPS, &filter_list); if (ret == ENOENT) continue; if (ret != EOK) goto done; filter_set = true; for (i = 0; (filter_list && filter_list[i]); i++) { ret = sss_parse_name(tmpctx, dom->names, filter_list[i], &domainname, &name); if (ret != EOK) { DEBUG(1, ("Invalid name in filterGroups list: [%s] (%d)\n", filter_list[i], ret)); continue; } if (domainname && strcmp(domainname, dom->name)) { DEBUG(1, ("Mismatch betwen domain name (%s) and name " "set in FQN (%s), skipping group %s\n", dom->name, domainname, name)); continue; } ret = sss_ncache_set_group(ncache, true, dom, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent group filter for [%s]" " (%d [%s])\n", filter_list[i], ret, strerror(ret))); continue; } } } ret = confdb_get_string_as_list(cdb, tmpctx, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_FILTER_GROUPS, &filter_list); if (ret == ENOENT) { if (!filter_set) { filter_list = talloc_array(tmpctx, char *, 2); if (!filter_list) { ret = ENOMEM; goto done; } filter_list[0] = talloc_strdup(tmpctx, "root"); if (!filter_list[0]) { ret = ENOMEM; goto done; } filter_list[1] = NULL; } } else if (ret != EOK) goto done; for (i = 0; (filter_list && filter_list[i]); i++) { ret = sss_parse_name_for_domains(tmpctx, domain_list, rctx->default_domain, filter_list[i], &domainname, &name); if (ret != EOK) { DEBUG(1, ("Invalid name in filterGroups list: [%s] (%d)\n", filter_list[i], ret)); continue; } if (domainname) { dom = responder_get_domain(rctx, domainname); if (!dom) { DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid domain name [%s]\n", domainname)); continue; } ret = sss_ncache_set_group(ncache, true, dom, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent group filter for" " [%s] (%d [%s])\n", filter_list[i], ret, strerror(ret))); continue; } } else { for (dom = domain_list; dom; dom = get_next_domain(dom, false)) { ret = sss_ncache_set_group(ncache, true, dom, name); if (ret != EOK) { DEBUG(1, ("Failed to store permanent group filter for" " [%s:%s] (%d [%s])\n", dom->name, filter_list[i], ret, strerror(ret))); continue; } } } } ret = EOK; done: talloc_free(tmpctx); return ret; } sssd-1.11.5/src/responder/common/PaxHeaders.13173/responder_dp.c0000644000000000000000000000007412320753107022463 xustar000000000000000030 atime=1396954939.270891428 30 ctime=1396954961.762874871 sssd-1.11.5/src/responder/common/responder_dp.c0000664002412700241270000006027512320753107022717 0ustar00jhrozekjhrozek00000000000000/* Authors: Simo Sorce Stephen Gallagher Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include "util/util.h" #include "responder/common/responder_packet.h" #include "responder/common/responder.h" #include "providers/data_provider.h" #include "sbus/sbus_client.h" struct sss_dp_req; struct sss_dp_callback { struct sss_dp_callback *prev; struct sss_dp_callback *next; struct tevent_req *req; struct sss_dp_req *sdp_req; }; struct sss_dp_req { struct resp_ctx *rctx; struct tevent_context *ev; DBusPendingCall *pending_reply; hash_key_t *key; struct sss_dp_callback *cb_list; dbus_uint16_t dp_err; dbus_uint32_t dp_ret; char *err_msg; }; static int sss_dp_callback_destructor(void *ptr) { struct sss_dp_callback *cb = talloc_get_type(ptr, struct sss_dp_callback); DLIST_REMOVE(cb->sdp_req->cb_list, cb); return EOK; } static int sss_dp_req_destructor(void *ptr) { struct sss_dp_callback *cb; struct sss_dp_req *sdp_req = talloc_get_type(ptr, struct sss_dp_req); struct sss_dp_req_state *state; int hret; /* Cancel Dbus pending reply if still pending */ if (sdp_req->pending_reply) { dbus_pending_call_cancel(sdp_req->pending_reply); sdp_req->pending_reply = NULL; } /* Do not call callbacks if the responder is shutting down, because * the top level responder context (pam_ctx, sudo_ctx, ...) may be * already semi-freed and we may end up accessing freed memory. */ if (sdp_req->rctx->shutting_down) { return 0; } /* If there are callbacks that haven't been invoked, return * an error now. */ while ((cb = sdp_req->cb_list) != NULL) { state = tevent_req_data(cb->req, struct sss_dp_req_state); state->dp_err = DP_ERR_FATAL; state->dp_ret = EIO; /* tevent_req_done/error will free cb */ tevent_req_error(cb->req, EIO); /* Freeing the cb removes it from the cb_list. * Therefore, the cb_list should now be pointing * at a new callback. If it's not, it means the * callback handler didn't free cb and may leak * memory. Be paranoid and protect against this * situation. */ if (cb == sdp_req->cb_list) { DEBUG(SSSDBG_FATAL_FAILURE, ("BUG: a callback did not free its request. " "May leak memory\n")); /* Skip to the next since a memory leak is non-fatal */ sdp_req->cb_list = sdp_req->cb_list->next; } } /* Destroy the hash entry */ DEBUG(SSSDBG_TRACE_FUNC, ("Deleting request: [%s]\n", sdp_req->key->str)); hret = hash_delete(sdp_req->rctx->dp_request_table, sdp_req->key); if (hret != HASH_SUCCESS) { /* This should never happen */ DEBUG(SSSDBG_TRACE_INTERNAL, ("BUG: Could not clear [%d:%lu:%s] from request queue: [%s]\n", sdp_req->key->type, sdp_req->key->ul, sdp_req->key->str, hash_error_string(hret))); return -1; } return 0; } static void sss_dp_req_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { /* ptr is a pointer to sidereq */ /* Just free it to kill all waiting requests when the timeout fires */ talloc_zfree(ptr); } void handle_requests_after_reconnect(struct resp_ctx *rctx) { int ret; hash_value_t *values; unsigned long count, i; struct sss_dp_req *sdp_req; if (!rctx->dp_request_table) { DEBUG(7, ("No requests to handle after reconnect\n")); return; } ret = hash_values(rctx->dp_request_table, &count, &values); if (ret != HASH_SUCCESS) { DEBUG(1, ("hash_values failed, " "not all request might be handled after reconnect.\n")); return; } DEBUG(7, ("Will handle %lu requests after reconnect\n", count)); for (i=0; itype = HASH_KEY_STRING; key->str = talloc_asprintf(key, "%p:%s", msg_create, strkey); if (!key->str) { ret = ENOMEM; goto fail; } DEBUG(SSSDBG_TRACE_FUNC, ("Issuing request for [%s]\n", key->str)); /* Check the hash for existing references to this request */ hret = hash_lookup(rctx->dp_request_table, key, &value); switch (hret) { case HASH_SUCCESS: /* Request already in progress */ DEBUG(SSSDBG_TRACE_FUNC, ("Identical request in progress: [%s]\n", key->str)); break; case HASH_ERROR_KEY_NOT_FOUND: /* No such request in progress * Create a new request */ msg = msg_create(pvt); if (!msg) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot create D-Bus message\n")); ret = EIO; goto fail; } value.type = HASH_VALUE_PTR; sidereq = sss_dp_internal_get_send(rctx, key, dom, msg); dbus_message_unref(msg); if (!sidereq) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot send D-Bus message\n")); ret = EIO; goto fail; } tevent_req_set_callback(sidereq, sss_dp_req_done, NULL); /* add timeout handling so we do not hang forever should something * go worng in the provider. Use 2 sec less than the idle timeout to * give it a chance to reply to the client before closing the * connection. */ tv = tevent_timeval_current_ofs(rctx->client_idle_timeout - 2, 0); te = tevent_add_timer(rctx->ev, sidereq, tv, sss_dp_req_timeout, sidereq); if (!te) { /* Nothing much we can do */ DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory?!\n")); ret = ENOMEM; goto fail; } /* We should now be able to find the sdp_req in the hash table */ hret = hash_lookup(rctx->dp_request_table, key, &value); if (hret != HASH_SUCCESS) { /* Something must have gone wrong with creating the request */ DEBUG(SSSDBG_CRIT_FAILURE, ("The request has disappeared?\n")); ret = EIO; goto fail; } break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Could not query request list (%s)\n", hash_error_string(hret))); ret = EIO; goto fail; } /* Register this request for results */ sdp_req = talloc_get_type(value.ptr, struct sss_dp_req); if (!sdp_req) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not retrieve DP request context\n")); ret = EIO; goto fail; } cb = talloc_zero(mem_ctx, struct sss_dp_callback); if (!cb) { ret = ENOMEM; goto fail; } cb->req = nreq; cb->sdp_req = sdp_req; /* Add it to the list of requests to call */ DLIST_ADD_END(sdp_req->cb_list, cb, struct sss_dp_callback *); talloc_set_destructor((TALLOC_CTX *)cb, sss_dp_callback_destructor); ret = EOK; fail: talloc_free(tmp_ctx); return ret; } static void sss_dp_req_done(struct tevent_req *sidereq) { /* Nothing to do here. The callbacks have already been invoked */ talloc_zfree(sidereq); } errno_t sss_dp_req_recv(TALLOC_CTX *mem_ctx, struct tevent_req *sidereq, dbus_uint16_t *dp_err, dbus_uint32_t *dp_ret, char **err_msg) { struct sss_dp_req_state *state = tevent_req_data(sidereq, struct sss_dp_req_state); enum tevent_req_state TRROEstate; uint64_t TRROEerr; *dp_err = state->dp_err; *dp_ret = state->dp_ret; *err_msg = talloc_steal(mem_ctx, state->err_msg); if (tevent_req_is_error(sidereq, &TRROEstate, &TRROEerr)) { if (TRROEstate == TEVENT_REQ_USER_ERROR) { *dp_err = DP_ERR_FATAL; *dp_ret = TRROEerr; } else { return EIO; } } return EOK; } /* Send a request to the data provider * Once this function is called, the communication * with the data provider will always run to * completion. Freeing the returned tevent_req will * cancel the notification of completion, but not * the data provider action. */ static DBusMessage *sss_dp_get_account_msg(void *pvt); struct sss_dp_account_info { struct sss_domain_info *dom; bool fast_reply; enum sss_dp_acct_type type; const char *opt_name; const char *extra; uint32_t opt_id; }; struct tevent_req * sss_dp_get_account_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_domain_info *dom, bool fast_reply, enum sss_dp_acct_type type, const char *opt_name, uint32_t opt_id, const char *extra) { errno_t ret; struct tevent_req *req; struct sss_dp_account_info *info; struct sss_dp_req_state *state; char *key; req = tevent_req_create(mem_ctx, &state, struct sss_dp_req_state); if (!req) { return NULL; } /* either, or, not both */ if (opt_name && opt_id) { ret = EINVAL; goto error; } if (!dom) { ret = EINVAL; goto error; } info = talloc_zero(state, struct sss_dp_account_info); info->fast_reply = fast_reply; info->type = type; info->opt_name = opt_name; info->opt_id = opt_id; info->extra = extra; info->dom = dom; if (opt_name) { if (extra) { key = talloc_asprintf(state, "%d:%s:%s@%s", type, opt_name, extra, dom->name); } else { key = talloc_asprintf(state, "%d:%s@%s", type, opt_name, dom->name); } } else if (opt_id) { if (extra) { key = talloc_asprintf(state, "%d:%d:%s@%s", type, opt_id, extra, dom->name); } else { key = talloc_asprintf(state, "%d:%d@%s", type, opt_id, dom->name); } } else { key = talloc_asprintf(state, "%d:*@%s", type, dom->name); } if (!key) { ret = ENOMEM; goto error; } ret = sss_dp_issue_request(state, rctx, key, dom, sss_dp_get_account_msg, info, req); talloc_free(key); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not issue DP request [%d]: %s\n", ret, strerror(ret))); goto error; } return req; error: tevent_req_error(req, ret); tevent_req_post(req, rctx->ev); return req; } static DBusMessage * sss_dp_get_account_msg(void *pvt) { DBusMessage *msg; dbus_bool_t dbret; struct sss_dp_account_info *info; uint32_t be_type; uint32_t attrs = BE_ATTR_CORE; char *filter; info = talloc_get_type(pvt, struct sss_dp_account_info); switch (info->type) { case SSS_DP_USER: be_type = BE_REQ_USER; break; case SSS_DP_GROUP: be_type = BE_REQ_GROUP; break; case SSS_DP_INITGROUPS: be_type = BE_REQ_INITGROUPS; break; case SSS_DP_NETGR: be_type = BE_REQ_NETGROUP; break; case SSS_DP_SERVICES: be_type = BE_REQ_SERVICES; break; case SSS_DP_SECID: be_type = BE_REQ_BY_SECID; break; case SSS_DP_USER_AND_GROUP: be_type = BE_REQ_USER_AND_GROUP; break; } if (info->fast_reply) { be_type |= BE_REQ_FAST; } if (info->opt_name) { if (info->type == SSS_DP_SECID) { if (info->extra) { filter = talloc_asprintf(info, "%s=%s:%s", DP_SEC_ID, info->opt_name, info->extra); } else { filter = talloc_asprintf(info, "%s=%s", DP_SEC_ID, info->opt_name); } } else { if (info->extra) { filter = talloc_asprintf(info, "name=%s:%s", info->opt_name, info->extra); } else { filter = talloc_asprintf(info, "name=%s", info->opt_name); } } } else if (info->opt_id) { if (info->extra) { filter = talloc_asprintf(info, "idnumber=%u:%s", info->opt_id, info->extra); } else { filter = talloc_asprintf(info, "idnumber=%u", info->opt_id); } } else { filter = talloc_strdup(info, ENUM_INDICATOR); } if (!filter) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory?!\n")); return NULL; } msg = dbus_message_new_method_call(NULL, DP_PATH, DP_INTERFACE, DP_METHOD_GETACCTINFO); if (msg == NULL) { talloc_free(filter); DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory?!\n")); return NULL; } /* create the message */ DEBUG(SSSDBG_TRACE_FUNC, ("Creating request for [%s][%u][%d][%s]\n", info->dom->name, be_type, attrs, filter)); dbret = dbus_message_append_args(msg, DBUS_TYPE_UINT32, &be_type, DBUS_TYPE_UINT32, &attrs, DBUS_TYPE_STRING, &filter, DBUS_TYPE_STRING, &info->dom->name, DBUS_TYPE_INVALID); talloc_free(filter); if (!dbret) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build message\n")); dbus_message_unref(msg); return NULL; } return msg; } errno_t sss_dp_get_account_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, dbus_uint16_t *dp_err, dbus_uint32_t *dp_ret, char **err_msg) { return sss_dp_req_recv(mem_ctx, req, dp_err, dp_ret, err_msg); } struct dp_internal_get_state { struct resp_ctx *rctx; struct sss_domain_info *dom; struct sss_dp_req *sdp_req; DBusPendingCall *pending_reply; }; static void sss_dp_internal_get_done(DBusPendingCall *pending, void *ptr); static struct tevent_req * sss_dp_internal_get_send(struct resp_ctx *rctx, hash_key_t *key, struct sss_domain_info *dom, DBusMessage *msg) { errno_t ret; int hret; struct tevent_req *req; struct dp_internal_get_state *state; struct be_conn *be_conn; hash_value_t value; /* Internal requests need to be allocated on the responder context * so that they don't go away if a client disconnects. The worst- * case scenario here is that the cache is updated without any * client expecting a response. */ req = tevent_req_create(rctx, &state, struct dp_internal_get_state); if (!req) return NULL; state->rctx = rctx; state->dom = dom; state->sdp_req = talloc_zero(state, struct sss_dp_req); if (!state->sdp_req) { ret = ENOMEM; goto error; } state->sdp_req->rctx = rctx; state->sdp_req->ev = rctx->ev; /* Copy the key to use when calling the destructor * It needs to be a copy because the original request * might be freed if it no longer cares about the reply. */ state->sdp_req->key = talloc_steal(state->sdp_req, key); /* double check dp_ctx has actually been initialized. * in some pathological cases it may happen that nss starts up before * dp connection code is actually able to establish a connection. */ ret = sss_dp_get_domain_conn(rctx, dom->conn_name, &be_conn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("BUG: The Data Provider connection for %s is not available!", dom->name)); ret = EIO; goto error; } ret = sbus_conn_send(be_conn->conn, msg, SSS_CLI_SOCKET_TIMEOUT / 2, sss_dp_internal_get_done, req, &state->sdp_req->pending_reply); if (ret != EOK) { /* * Critical Failure * We can't communicate on this connection */ DEBUG(SSSDBG_CRIT_FAILURE, ("D-BUS send failed.\n")); ret = EIO; goto error; } /* Add this sdp_req to the hash table */ value.type = HASH_VALUE_PTR; value.ptr = state->sdp_req; DEBUG(SSSDBG_TRACE_FUNC, ("Entering request [%s]\n", key->str)); hret = hash_enter(rctx->dp_request_table, key, &value); if (hret != HASH_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not store request query (%s)\n", hash_error_string(hret))); ret = EIO; goto error; } talloc_set_destructor((TALLOC_CTX *)state->sdp_req, sss_dp_req_destructor); return req; error: tevent_req_error(req, ret); tevent_req_post(req, rctx->ev); return req; } static void sss_dp_internal_get_done(DBusPendingCall *pending, void *ptr) { int ret; struct tevent_req *req; struct sss_dp_req *sdp_req; struct sss_dp_callback *cb; struct dp_internal_get_state *state; struct sss_dp_req_state *cb_state; req = talloc_get_type(ptr, struct tevent_req); state = tevent_req_data(req, struct dp_internal_get_state); sdp_req = state->sdp_req; /* prevent trying to cancel a reply that we already received */ sdp_req->pending_reply = NULL; ret = sss_dp_get_reply(pending, &sdp_req->dp_err, &sdp_req->dp_ret, &sdp_req->err_msg); if (ret != EOK) { if (ret == ETIME) { sdp_req->dp_err = DP_ERR_TIMEOUT; sdp_req->dp_ret = ret; sdp_req->err_msg = talloc_strdup(sdp_req, "Request timed out"); } else { sdp_req->dp_err = DP_ERR_FATAL; sdp_req->dp_ret = ret; sdp_req->err_msg = talloc_strdup(sdp_req, "Failed to get reply from Data Provider"); } } /* Check whether we need to issue any callbacks */ while ((cb = sdp_req->cb_list) != NULL) { cb_state = tevent_req_data(cb->req, struct sss_dp_req_state); cb_state->dp_err = sdp_req->dp_err; cb_state->dp_ret = sdp_req->dp_ret; cb_state->err_msg = talloc_strdup(cb_state, sdp_req->err_msg); /* Don't bother checking for NULL. If it fails due to ENOMEM, * we can't really handle it anyway. */ /* tevent_req_done/error will free cb */ if (ret == EOK) { tevent_req_done(cb->req); } else { tevent_req_error(cb->req, ret); } /* Freeing the cb removes it from the cb_list. * Therefore, the cb_list should now be pointing * at a new callback. If it's not, it means the * callback handler didn't free cb and may leak * memory. Be paranoid and protect against this * situation. */ if (cb == sdp_req->cb_list) { DEBUG(SSSDBG_FATAL_FAILURE, ("BUG: a callback did not free its request. " "May leak memory\n")); /* Skip to the next since a memory leak is non-fatal */ sdp_req->cb_list = sdp_req->cb_list->next; } } /* We're done with this request. Free the sdp_req * This will clean up the hash table entry as well */ talloc_zfree(sdp_req); /* Free the sidereq to free the rest of the memory allocated with the * internal dp request. */ if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } } sssd-1.11.5/src/PaxHeaders.13173/doxy.config.in0000644000000000000000000000007412320753107017121 xustar000000000000000030 atime=1396954960.292875956 30 ctime=1396954961.359875168 sssd-1.11.5/src/doxy.config.in0000664002412700241270000023522712320753107017356 0ustar00jhrozekjhrozek00000000000000# Doxyfile 1.8.3 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (" "). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all # text before the first occurrence of this tag. Doxygen uses libiconv (or the # iconv built into libc) for the transcoding. See # http://www.gnu.org/software/libiconv for the list of possible encodings. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or sequence of words) that should # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. PROJECT_NAME = @PACKAGE_NAME@ # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or # if some version control system is used. PROJECT_NUMBER = @PACKAGE_VERSION@ # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer # a quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = # With the PROJECT_LOGO tag one can specify an logo or icon that is # included in the documentation. The maximum height of the logo should not # exceed 55 pixels and the maximum width should not exceed 200 pixels. # Doxygen will copy the logo to the output directory. PROJECT_LOGO = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. # If a relative path is entered, it will be relative to the location # where doxygen was started. If left blank the current directory will be used. OUTPUT_DIRECTORY = doc # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create # 4096 sub-directories (in 2 levels) under the output directory of each output # format and will distribute the generated files over these directories. # Enabling this option can be useful when feeding doxygen a huge amount of # source files, where putting all generated files in the same directory would # otherwise cause performance problems for the file system. CREATE_SUBDIRS = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # The default language is English, other supported languages are: # Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, # Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, # Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English # messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, # Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrillic, Slovak, # Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will # include brief member descriptions after the members that are listed in # the file and class documentation (similar to JavaDoc). # Set to NO to disable this. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend # the brief description of a member or function before the detailed description. # Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator # that is used to form the text in various listings. Each string # in this list, if found as the leading text of the brief description, will be # stripped from the text and the result after processing the whole list, is # used as the annotated text. Otherwise, the brief description is used as-is. # If left blank, the following values are used ("$name" is automatically # replaced with the name of the entity): "The $name class" "The $name widget" # "The $name file" "is" "provides" "specifies" "contains" # "represents" "a" "an" "the" ABBREVIATE_BRIEF = "The $name class" \ "The $name widget" \ "The $name file" \ is \ provides \ specifies \ contains \ represents \ a \ an \ the # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # Doxygen will generate a detailed section even if there is only a brief # description. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full # path before files name in the file list and in the header files. If set # to NO the shortest path that makes the file name unique will be used. FULL_PATH_NAMES = YES # If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag # can be used to strip a user-defined part of the path. Stripping is # only done if one of the specified strings matches the left-hand part of # the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the # path to strip. Note that you specify absolute paths here, but also # relative paths, which will be relative from the directory where doxygen is # started. STRIP_FROM_PATH = # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of # the path mentioned in the documentation of a class, which tells # the reader which header file to include in order to use a class. # If left blank only the name of the header file containing the class # definition is used. Otherwise one should specify the include paths that # are normally passed to the compiler using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter # (but less readable) file names. This can be useful if your file system # doesn't support long names like on DOS, Mac, or CD-ROM. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen # will interpret the first line (until the first dot) of a JavaDoc-style # comment as the brief description. If set to NO, the JavaDoc # comments will behave just like regular Qt-style comments # (thus requiring an explicit @brief command for a brief description.) JAVADOC_AUTOBRIEF = YES # If the QT_AUTOBRIEF tag is set to YES then Doxygen will # interpret the first line (until the first dot) of a Qt-style # comment as the brief description. If set to NO, the comments # will behave just like regular Qt-style comments (thus requiring # an explicit \brief command for a brief description.) QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen # treat a multi-line C++ special comment block (i.e. a block of //! or /// # comments) as a brief description. This used to be the default behaviour. # The new default is to treat a multi-line C++ comment block as a detailed # description. Set this tag to YES if you prefer the old behaviour instead. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES (the default) then an undocumented # member inherits the documentation from any documented member that it # re-implements. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce # a new page for each member. If set to NO, the documentation of a member will # be part of the file/class/namespace that contains it. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. # Doxygen uses this value to replace tabs by spaces in code fragments. TAB_SIZE = 8 # This tag can be used to specify a number of aliases that acts # as commands in the documentation. An alias has the form "name=value". # For example adding "sideeffect=\par Side Effects:\n" will allow you to # put the command \sideeffect (or @sideeffect) in the documentation, which # will result in a user-defined paragraph with heading "Side Effects:". # You can put \n's in the value part of an alias to insert newlines. ALIASES = # This tag can be used to specify a number of word-keyword mappings (TCL only). # A mapping has the form "name=value". For example adding # "class=itcl::class" will allow you to use the command class in the # itcl::class meaning. TCL_SUBST = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C # sources only. Doxygen will then generate output that is more tailored for C. # For instance, some of the names that are used will be different. The list # of all members will be omitted, etc. OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java # sources only. Doxygen will then generate output that is more tailored for # Java. For instance, namespaces will be presented as packages, qualified # scopes will look different, etc. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources only. Doxygen will then generate output that is more tailored for # Fortran. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for # VHDL. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, # and language is one of the parsers supported by doxygen: IDL, Java, # Javascript, CSharp, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, # C++. For instance to make doxygen treat .inc files as Fortran files (default # is PHP), and .f files as C (default is Fortran), use: inc=Fortran f=C. Note # that for custom extensions you also need to set FILE_PATTERNS otherwise the # files are not read by doxygen. EXTENSION_MAPPING = # If MARKDOWN_SUPPORT is enabled (the default) then doxygen pre-processes all # comments according to the Markdown format, which allows for more readable # documentation. See http://daringfireball.net/projects/markdown/ for details. # The output of markdown processing is further processed by doxygen, so you # can mix doxygen, HTML, and XML commands with Markdown formatting. # Disable only in case of backward compatibilities issues. MARKDOWN_SUPPORT = YES # When enabled doxygen tries to link words that correspond to documented classes, # or namespaces to their corresponding documentation. Such a link can be # prevented in individual cases by by putting a % sign in front of the word or # globally by setting AUTOLINK_SUPPORT to NO. AUTOLINK_SUPPORT = YES # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should # set this tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); v.s. # func(std::string) {}). This also makes the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. # Doxygen will parse them like normal C++ but will assume all classes use public # instead of private inheritance when no explicit protection keyword is present. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate # getter and setter methods for a property. Setting this option to YES (the # default) will make doxygen replace the get and set methods by a property in # the documentation. This will only work if the methods are indeed getting or # setting a simple type. If this is not the case, or you want to show the # methods anyway, you should set this option to NO. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES, then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. DISTRIBUTE_GROUP_DOC = NO # Set the SUBGROUPING tag to YES (the default) to allow class member groups of # the same type (for instance a group of public functions) to be put as a # subgroup of that type (e.g. under the Public Functions section). Set it to # NO to prevent subgrouping. Alternatively, this can be done per class using # the \nosubgrouping command. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and # unions are shown inside the group in which they are included (e.g. using # @ingroup) instead of on a separate page (for HTML and Man pages) or # section (for LaTeX and RTF). INLINE_GROUPED_CLASSES = NO # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and # unions with only public data fields will be shown inline in the documentation # of the scope in which they are defined (i.e. file, namespace, or group # documentation), provided this scope is documented. If set to NO (the default), # structs, classes, and unions are shown on a separate page (for HTML and Man # pages) or section (for LaTeX and RTF). INLINE_SIMPLE_STRUCTS = NO # When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum # is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically # be useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. TYPEDEF_HIDES_STRUCT = NO # The SYMBOL_CACHE_SIZE determines the size of the internal cache use to # determine which symbols to keep in memory and which to flush to disk. # When the cache is full, less often used symbols will be written to disk. # For small to medium size projects (<1000 input files) the default value is # probably good enough. For larger projects a too small cache size can cause # doxygen to be busy swapping symbols to and from disk most of the time # causing a significant performance penalty. # If the system has enough physical memory increasing the cache will improve the # performance by keeping more symbols in memory. Note that the value works on # a logarithmic scale so increasing the size by one will roughly double the # memory usage. The cache size is given by this formula: # 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, # corresponding to a cache size of 2^16 = 65536 symbols. SYMBOL_CACHE_SIZE = 0 # Similar to the SYMBOL_CACHE_SIZE the size of the symbol lookup cache can be # set using LOOKUP_CACHE_SIZE. This cache is used to resolve symbols given # their name and scope. Since this can be an expensive process and often the # same symbol appear multiple times in the code, doxygen keeps a cache of # pre-resolved symbols. If the cache is too small doxygen will become slower. # If the cache is too large, memory is wasted. The cache size is given by this # formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range is 0..9, the default is 0, # corresponding to a cache size of 2^16 = 65536 symbols. LOOKUP_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in # documentation are documented, even if no documentation was available. # Private class members and static file members will be hidden unless # the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES EXTRACT_ALL = NO # If the EXTRACT_PRIVATE tag is set to YES all private members of a class # will be included in the documentation. EXTRACT_PRIVATE = NO # If the EXTRACT_PACKAGE tag is set to YES all members with package or internal # scope will be included in the documentation. EXTRACT_PACKAGE = NO # If the EXTRACT_STATIC tag is set to YES all static members of a file # will be included in the documentation. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) # defined locally in source files will be included in the documentation. # If set to NO only classes defined in header files are included. EXTRACT_LOCAL_CLASSES = NO # This flag is only useful for Objective-C code. When set to YES local # methods, which are defined in the implementation section but not in # the interface are included in the documentation. # If set to NO (the default) only methods in the interface are included. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base # name of the file that contains the anonymous namespace. By default # anonymous namespaces are hidden. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all # undocumented members of documented classes, files or namespaces. # If set to NO (the default) these members will be included in the # various overviews, but no documentation section is generated. # This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_MEMBERS = YES # If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. # If set to NO (the default) these classes will be included in the various # overviews. This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_CLASSES = YES # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all # friend (class|struct|union) declarations. # If set to NO (the default) these declarations will be included in the # documentation. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any # documentation blocks found inside the body of a function. # If set to NO (the default) these blocks will be appended to the # function's detailed documentation block. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation # that is typed after a \internal command is included. If the tag is set # to NO (the default) then the documentation will be excluded. # Set it to YES to include the internal documentation. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate # file names in lower-case letters. If set to YES upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen # will show members with their full class and namespace scopes in the # documentation. If set to YES the scope will be hidden. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen # will put a list of the files that are included by a file in the documentation # of that file. SHOW_INCLUDE_FILES = YES # If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen # will list include files with double quotes in the documentation # rather than with sharp brackets. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES (the default) then a tag [inline] # is inserted in the documentation for inline members. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen # will sort the (detailed) documentation of file and class members # alphabetically by member name. If set to NO the members will appear in # declaration order. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the # brief documentation of file, namespace and class members alphabetically # by member name. If set to NO (the default) the members will appear in # declaration order. SORT_BRIEF_DOCS = NO # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen # will sort the (brief and detailed) documentation of class members so that # constructors and destructors are listed first. If set to NO (the default) # the constructors will appear in the respective orders defined by # SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. # This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO # and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the # hierarchy of group names into alphabetical order. If set to NO (the default) # the group names will appear in their defined order. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be # sorted by fully-qualified names, including namespaces. If set to # NO (the default), the class list will be sorted only by class name, # not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the # alphabetical list. SORT_BY_SCOPE_NAME = NO # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to # do proper type resolution of all parameters of a function it will reject a # match between the prototype and the implementation of a member function even # if there is only one candidate or it is obvious which candidate to choose # by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen # will still accept a match between prototype and implementation in such cases. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable (YES) or # disable (NO) the todo list. This list is created by putting \todo # commands in the documentation. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or # disable (NO) the test list. This list is created by putting \test # commands in the documentation. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or # disable (NO) the bug list. This list is created by putting \bug # commands in the documentation. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or # disable (NO) the deprecated list. This list is created by putting # \deprecated commands in the documentation. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional # documentation sections, marked by \if section-label ... \endif # and \cond section-label ... \endcond blocks. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines # the initial value of a variable or macro consists of for it to appear in # the documentation. If the initializer consists of more lines than specified # here it will be hidden. Use a value of 0 to hide initializers completely. # The appearance of the initializer of individual variables and macros in the # documentation can be controlled using \showinitializer or \hideinitializer # command in the documentation regardless of this setting. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated # at the bottom of the documentation of classes and structs. If set to YES the # list will mention the files that were used to generate the documentation. SHOW_USED_FILES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. # This will remove the Files entry from the Quick Index and from the # Folder Tree View (if specified). The default is YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the # Namespaces page. # This will remove the Namespaces entry from the Quick Index # and from the Folder Tree View (if specified). The default is YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command , where is the value of # the FILE_VERSION_FILTER tag, and is the name of an input file # provided by doxygen. Whatever the program writes to standard output # is used as the file version. See the manual for examples. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. # You can optionally specify a file name after the option, if omitted # DoxygenLayout.xml will be used as the name of the layout file. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files # containing the references data. This must be a list of .bib files. The # .bib extension is automatically appended if omitted. Using this command # requires the bibtex tool to be installed. See also # http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style # of the bibliography can be controlled using LATEX_BIB_STYLE. To use this # feature you need bibtex and perl available in the search path. Do not use # file names with spaces, bibtex cannot handle them. CITE_BIB_FILES = #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated # by doxygen. Possible values are YES and NO. If left blank NO is used. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated by doxygen. Possible values are YES and NO. If left blank # NO is used. WARNINGS = YES # If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings # for undocumented members. If EXTRACT_ALL is set to YES then this flag will # automatically be disabled. WARN_IF_UNDOCUMENTED = YES # If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some # parameters in a documented function, or documenting parameters that # don't exist or using markup commands wrongly. WARN_IF_DOC_ERROR = YES # The WARN_NO_PARAMDOC option can be enabled to get warnings for # functions that are documented, but have no documentation for their parameters # or return value. If set to NO (the default) doxygen will only warn about # wrong or incomplete parameter documentation, but not about the absence of # documentation. WARN_NO_PARAMDOC = NO # The WARN_FORMAT tag determines the format of the warning messages that # doxygen can produce. The string should contain the $file, $line, and $text # tags, which will be replaced by the file and line number from which the # warning originated and the warning text. Optionally the format may contain # $version, which will be replaced by the version of the file (if it could # be obtained via FILE_VERSION_FILTER) WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning # and error messages should be written. If left blank the output is written # to stderr. WARN_LOGFILE = #--------------------------------------------------------------------------- # configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag can be used to specify the files and/or directories that contain # documented source files. You may enter file names like "myfile.cpp" or # directories like "/usr/src/myproject". Separate the files or directories # with spaces. INPUT = @abs_top_srcdir@/src/confdb/confdb.h \ @abs_top_srcdir@/src/providers/data_provider.h \ @abs_top_srcdir@/src/sss_client/sss_cli.h # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is # also the default input encoding. Doxygen uses libiconv (or the iconv built # into libc) for the transcoding. See http://www.gnu.org/software/libiconv for # the list of possible encodings. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank the following patterns are tested: # *.c *.cc *.cxx *.cpp *.c++ *.d *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh # *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py # *.f90 *.f *.for *.vhd *.vhdl FILE_PATTERNS = *.cpp \ *.cc \ *.c \ *.h \ *.hh \ *.hpp \ *.dox # The RECURSIVE tag can be used to turn specify whether or not subdirectories # should be searched for input files as well. Possible values are YES and NO. # If left blank NO is used. RECURSIVE = NO # The EXCLUDE tag can be used to specify files and/or directories that should be # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # Note that relative paths are relative to the directory from which doxygen is # run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. Note that the wildcards are matched # against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* EXCLUDE_PATTERNS = */.git/* \ */.svn/* \ */cmake/* \ */build/* # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or # directories that contain example code fragments that are included (see # the \include command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank all files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude # commands irrespective of the value of the RECURSIVE tag. # Possible values are YES and NO. If left blank NO is used. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or # directories that contain image that are included in the documentation (see # the \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command , where # is the value of the INPUT_FILTER tag, and is the name of an # input file. Doxygen will then use the output that the filter program writes # to standard output. # If FILTER_PATTERNS is specified, this tag will be # ignored. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. # Doxygen will compare the file name with each pattern and apply the # filter if there is a match. # The filters are a list of the form: # pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further # info on how filters are used. If FILTER_PATTERNS is empty or if # non of the patterns match the file name, INPUT_FILTER is applied. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will be used to filter the input files when producing source # files to browse (i.e. when SOURCE_BROWSER is set to YES). FILTER_SOURCE_FILES = NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) # and it is also possible to disable source filtering for a specific pattern # using *.ext= (so without naming a filter). This option only has effect when # FILTER_SOURCE_FILES is enabled. FILTER_SOURCE_PATTERNS = # If the USE_MD_FILE_AS_MAINPAGE tag refers to the name of a markdown file that # is part of the input, its contents will be placed on the main page (index.html). # This can be useful if you have a project on for instance GitHub and want reuse # the introduction page also for the doxygen output. USE_MDFILE_AS_MAINPAGE = #--------------------------------------------------------------------------- # configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will # be generated. Documented entities will be cross-referenced with these sources. # Note: To get rid of all source code in the generated output, make sure also # VERBATIM_HEADERS is set to NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body # of functions and classes directly in the documentation. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct # doxygen to hide any special comment blocks from generated source code # fragments. Normal C, C++ and Fortran comments will always remain visible. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES # then for each documented function all documented # functions referencing it will be listed. REFERENCED_BY_RELATION = NO # If the REFERENCES_RELATION tag is set to YES # then for each documented function all documented entities # called/used by that function will be listed. REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES (the default) # and SOURCE_BROWSER tag is set to YES, then the hyperlinks from # functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will # link to the source code. # Otherwise they will link to the documentation. REFERENCES_LINK_SOURCE = YES # If the USE_HTAGS tag is set to YES then the references to source code # will point to the HTML generated by the htags(1) tool instead of doxygen # built-in source browser. The htags tool is part of GNU's global source # tagging system (see http://www.gnu.org/software/global/global.html). You # will need version 4.8.6 or higher. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen # will generate a verbatim copy of the header file for each class for # which an include is specified. Set to NO to disable this. VERBATIM_HEADERS = YES #--------------------------------------------------------------------------- # configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index # of all compounds will be generated. Enable this if the project # contains a lot of classes, structs, unions or interfaces. ALPHABETICAL_INDEX = NO # If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then # the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns # in which this list will be split (can be a number in the range [1..20]) COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all # classes will be put under the same header in the alphabetical index. # The IGNORE_PREFIX tag can be used to specify one or more prefixes that # should be ignored while generating the index headers. IGNORE_PREFIX = #--------------------------------------------------------------------------- # configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES (the default) Doxygen will # generate HTML output. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `html' will be used as the default path. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for # each generated HTML page (for example: .htm,.php,.asp). If it is left blank # doxygen will generate files with .html extension. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a personal HTML header for # each generated HTML page. If it is left blank doxygen will generate a # standard header. Note that when using a custom header you are responsible # for the proper inclusion of any scripts and style sheets that doxygen # needs, which is dependent on the configuration options used. # It is advised to generate a default header using "doxygen -w html # header.html footer.html stylesheet.css YourConfigFile" and then modify # that header. Note that the header is subject to change so you typically # have to redo this when upgrading to a newer version of doxygen or when # changing the value of configuration settings such as GENERATE_TREEVIEW! HTML_HEADER = # The HTML_FOOTER tag can be used to specify a personal HTML footer for # each generated HTML page. If it is left blank doxygen will generate a # standard footer. HTML_FOOTER = # The HTML_STYLESHEET tag can be used to specify a user-defined cascading # style sheet that is used by each HTML page. It can be used to # fine-tune the look of the HTML output. If left blank doxygen will # generate a default style sheet. Note that it is recommended to use # HTML_EXTRA_STYLESHEET instead of this one, as it is more robust and this # tag will in the future become obsolete. HTML_STYLESHEET = # The HTML_EXTRA_STYLESHEET tag can be used to specify an additional # user-defined cascading style sheet that is included after the standard # style sheets created by doxygen. Using this option one can overrule # certain style aspects. This is preferred over using HTML_STYLESHEET # since it does not replace the standard style sheet and is therefor more # robust against future updates. Doxygen will copy the style sheet file to # the output directory. HTML_EXTRA_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath$ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that # the files will be copied as-is; there are no commands or markers available. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. # Doxygen will adjust the colors in the style sheet and background images # according to this color. Hue is specified as an angle on a colorwheel, # see http://en.wikipedia.org/wiki/Hue for more information. # For instance the value 0 represents red, 60 is yellow, 120 is green, # 180 is cyan, 240 is blue, 300 purple, and 360 is red again. # The allowed range is 0 to 359. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of # the colors in the HTML output. For a value of 0 the output will use # grayscales only. A value of 255 will produce the most vivid colors. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to # the luminance component of the colors in the HTML output. Values below # 100 gradually make the output lighter, whereas values above 100 make # the output darker. The value divided by 100 is the actual gamma applied, # so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2, # and 100 does not change the gamma. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting # this to NO can help when comparing the output of multiple runs. HTML_TIMESTAMP = NO # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. HTML_DYNAMIC_SECTIONS = NO # With HTML_INDEX_NUM_ENTRIES one can control the preferred number of # entries shown in the various tree structured indices initially; the user # can expand and collapse entries dynamically later on. Doxygen will expand # the tree to such a level that at most the specified number of entries are # visible (unless a fully collapsed tree already exceeds this amount). # So setting the number of entries 1 will produce a full collapsed tree by # default. 0 is a special value representing an infinite number of entries # and will result in a full expanded tree by default. HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files # will be generated that can be used as input for Apple's Xcode 3 # integrated development environment, introduced with OSX 10.5 (Leopard). # To create a documentation set, doxygen will generate a Makefile in the # HTML output directory. Running make will produce the docset in that # directory and running "make install" will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find # it at startup. # See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. GENERATE_DOCSET = NO # When GENERATE_DOCSET tag is set to YES, this tag determines the name of the # feed. A documentation feed provides an umbrella under which multiple # documentation sets from a single provider (such as a company or product suite) # can be grouped. DOCSET_FEEDNAME = "Doxygen generated docs" # When GENERATE_DOCSET tag is set to YES, this tag specifies a string that # should uniquely identify the documentation set bundle. This should be a # reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen # will append .docset to the name. DOCSET_BUNDLE_ID = org.doxygen.Project # When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely # identify the documentation publisher. This should be a reverse domain-name # style string, e.g. com.mycompany.MyDocSet.documentation. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES, additional index files # will be generated that can be used as input for tools like the # Microsoft HTML help workshop to generate a compiled HTML help file (.chm) # of the generated HTML documentation. GENERATE_HTMLHELP = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can # be used to specify the file name of the resulting .chm file. You # can add a path in front of the file if the result should not be # written to the html output directory. CHM_FILE = # If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can # be used to specify the location (absolute path including file name) of # the HTML help compiler (hhc.exe). If non-empty doxygen will try to run # the HTML help compiler on the generated index.hhp. HHC_LOCATION = # If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag # controls if a separate .chi index file is generated (YES) or that # it should be included in the master .chm file (NO). GENERATE_CHI = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING # is used to encode HtmlHelp index (hhk), content (hhc) and project file # content. CHM_INDEX_ENCODING = # If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag # controls whether a binary table of contents is generated (YES) or a # normal table of contents (NO) in the .chm file. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members # to the contents of the HTML help documentation and to the tree view. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated # that can be used as input for Qt's qhelpgenerator to generate a # Qt Compressed Help (.qch) of the generated HTML documentation. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can # be used to specify the file name of the resulting .qch file. # The path specified is relative to the HTML output folder. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#namespace QHP_NAMESPACE = # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#virtual-folders QHP_VIRTUAL_FOLDER = doc # If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to # add. For more information please see # http://doc.trolltech.com/qthelpproject.html#custom-filters QHP_CUST_FILTER_NAME = # The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see # # Qt Help Project / Custom Filters. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's # filter section matches. # # Qt Help Project / Filter Attributes. QHP_SECT_FILTER_ATTRS = # If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can # be used to specify the location of Qt's qhelpgenerator. # If non-empty doxygen will try to run qhelpgenerator on the generated # .qhp file. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files # will be generated, which together with the HTML files, form an Eclipse help # plugin. To install this plugin and make it available under the help contents # menu in Eclipse, the contents of the directory containing the HTML and XML # files needs to be copied into the plugins directory of eclipse. The name of # the directory within the plugins directory should be the same as # the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before # the help appears. GENERATE_ECLIPSEHELP = NO # A unique identifier for the eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have # this name. ECLIPSE_DOC_ID = org.doxygen.Project # The DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) # at top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. Since the tabs have the same information as the # navigation tree you can set this option to NO if you already set # GENERATE_TREEVIEW to YES. DISABLE_INDEX = NO # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. # If the tag value is set to YES, a side panel will be generated # containing a tree-like index structure (just like the one that # is generated for HTML Help). For this to work a browser that supports # JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). # Windows users are probably better off using the HTML help feature. # Since the tree basically has the same information as the tab index you # could consider to set DISABLE_INDEX to NO when enabling this option. GENERATE_TREEVIEW = NONE # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values # (range [0,1..20]) that doxygen will group on one line in the generated HTML # documentation. Note that a value of 0 will completely suppress the enum # values from appearing in the overview section. ENUM_VALUES_PER_LINE = 4 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be # used to set the initial width (in pixels) of the frame in which the tree # is shown. TREEVIEW_WIDTH = 250 # When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open # links to external symbols imported via tag files in a separate window. EXT_LINKS_IN_WINDOW = NO # Use this tag to change the font size of Latex formulas included # as images in the HTML documentation. The default is 10. Note that # when you change the font size after a successful doxygen run you need # to manually remove any form_*.png images from the HTML output directory # to force them to be regenerated. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are # not supported properly for IE 6.0, but are supported on all modern browsers. # Note that when changing this option you need to delete any form_*.png files # in the HTML output before the changes have effect. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax # (see http://www.mathjax.org) which uses client side Javascript for the # rendering instead of using prerendered bitmaps. Use this if you do not # have LaTeX installed or if you want to formulas look prettier in the HTML # output. When enabled you may also need to install MathJax separately and # configure the path to it using the MATHJAX_RELPATH option. USE_MATHJAX = NO # When MathJax is enabled you can set the default output format to be used for # thA MathJax output. Supported types are HTML-CSS, NativeMML (i.e. MathML) and # SVG. The default value is HTML-CSS, which is slower, but has the best # compatibility. MATHJAX_FORMAT = HTML-CSS # When MathJax is enabled you need to specify the location relative to the # HTML output directory using the MATHJAX_RELPATH option. The destination # directory should contain the MathJax.js script. For instance, if the mathjax # directory is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to # the MathJax Content Delivery Network so you can quickly see the result without # installing MathJax. # However, it is strongly recommended to install a local # copy of MathJax from http://www.mathjax.org before deployment. MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest # The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension # names that should be enabled during MathJax rendering. MATHJAX_EXTENSIONS = # When the SEARCHENGINE tag is enabled doxygen will generate a search box # for the HTML output. The underlying search engine uses javascript # and DHTML and should work on any modern browser. Note that when using # HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets # (GENERATE_DOCSET) there is already a search function so this one should # typically be disabled. For large projects the javascript based search engine # can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution. SEARCHENGINE = NO # When the SERVER_BASED_SEARCH tag is enabled the search engine will be # implemented using a web server instead of a web client using Javascript. # There are two flavours of web server based search depending on the # EXTERNAL_SEARCH setting. When disabled, doxygen will generate a PHP script for # searching and an index file used by the script. When EXTERNAL_SEARCH is # enabled the indexing and searching needs to be provided by external tools. # See the manual for details. SERVER_BASED_SEARCH = NO # When EXTERNAL_SEARCH is enabled doxygen will no longer generate the PHP # script for searching. Instead the search results are written to an XML file # which needs to be processed by an external indexer. Doxygen will invoke an # external search engine pointed to by the SEARCHENGINE_URL option to obtain # the search results. Doxygen ships with an example indexer (doxyindexer) and # search engine (doxysearch.cgi) which are based on the open source search engine # library Xapian. See the manual for configuration details. EXTERNAL_SEARCH = NO # The SEARCHENGINE_URL should point to a search engine hosted by a web server # which will returned the search results when EXTERNAL_SEARCH is enabled. # Doxygen ships with an example search engine (doxysearch) which is based on # the open source search engine library Xapian. See the manual for configuration # details. SEARCHENGINE_URL = # When SERVER_BASED_SEARCH and EXTERNAL_SEARCH are both enabled the unindexed # search data is written to a file for indexing by an external tool. With the # SEARCHDATA_FILE tag the name of this file can be specified. SEARCHDATA_FILE = searchdata.xml # The EXTRA_SEARCH_MAPPINGS tag can be used to enable searching through other # doxygen projects that are not otherwise connected via tags files, but are # all added to the same search index. Each project needs to have a tag file set # via GENERATE_TAGFILE. The search mapping then maps the name of the tag file # to a relative location where the documentation can be found, # similar to the # TAGFILES option but without actually processing the tag file. # The format is: EXTRA_SEARCH_MAPPINGS = tagname1=loc1 tagname2=loc2 ... EXTRA_SEARCH_MAPPINGS = #--------------------------------------------------------------------------- # configuration options related to the LaTeX output #--------------------------------------------------------------------------- # If the GENERATE_LATEX tag is set to YES (the default) Doxygen will # generate Latex output. GENERATE_LATEX = NO # The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `latex' will be used as the default path. LATEX_OUTPUT = latex # The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. If left blank `latex' will be used as the default command name. # Note that when enabling USE_PDFLATEX this option is only used for # generating bitmaps for formulas in the HTML output, but not in the # Makefile that is written to the output directory. LATEX_CMD_NAME = latex # The MAKEINDEX_CMD_NAME tag can be used to specify the command name to # generate index for LaTeX. If left blank `makeindex' will be used as the # default command name. MAKEINDEX_CMD_NAME = makeindex # If the COMPACT_LATEX tag is set to YES Doxygen generates more compact # LaTeX documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_LATEX = NO # The PAPER_TYPE tag can be used to set the paper type that is used # by the printer. Possible values are: a4, letter, legal and # executive. If left blank a4wide will be used. PAPER_TYPE = a4wide # The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX # packages that should be included in the LaTeX output. EXTRA_PACKAGES = # The LATEX_HEADER tag can be used to specify a personal LaTeX header for # the generated latex document. The header should contain everything until # the first chapter. If it is left blank doxygen will generate a # standard header. Notice: only use this tag if you know what you are doing! LATEX_HEADER = # The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for # the generated latex document. The footer should contain everything after # the last chapter. If it is left blank doxygen will generate a # standard footer. Notice: only use this tag if you know what you are doing! LATEX_FOOTER = # If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated # is prepared for conversion to pdf (using ps2pdf). The pdf file will # contain links (just like the HTML output) instead of page references # This makes the output suitable for online browsing using a pdf viewer. PDF_HYPERLINKS = YES # If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of # plain latex in the generated Makefile. Set this option to YES to get a # higher quality PDF documentation. USE_PDFLATEX = YES # If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. # command to the generated LaTeX files. This will instruct LaTeX to keep # running if errors occur, instead of asking the user for help. # This option is also used when generating formulas in HTML. LATEX_BATCHMODE = NO # If LATEX_HIDE_INDICES is set to YES then doxygen will not # include the index chapters (such as File Index, Compound Index, etc.) # in the output. LATEX_HIDE_INDICES = NO # If LATEX_SOURCE_CODE is set to YES then doxygen will include # source code with syntax highlighting in the LaTeX output. # Note that which sources are shown also depends on other settings # such as SOURCE_BROWSER. LATEX_SOURCE_CODE = NO # The LATEX_BIB_STYLE tag can be used to specify the style to use for the # bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See # http://en.wikipedia.org/wiki/BibTeX for more info. LATEX_BIB_STYLE = plain #--------------------------------------------------------------------------- # configuration options related to the RTF output #--------------------------------------------------------------------------- # If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output # The RTF output is optimized for Word 97 and may not look very pretty with # other RTF readers or editors. GENERATE_RTF = NO # The RTF_OUTPUT tag is used to specify where the RTF docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `rtf' will be used as the default path. RTF_OUTPUT = rtf # If the COMPACT_RTF tag is set to YES Doxygen generates more compact # RTF documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_RTF = NO # If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated # will contain hyperlink fields. The RTF file will # contain links (just like the HTML output) instead of page references. # This makes the output suitable for online browsing using WORD or other # programs which support those fields. # Note: wordpad (write) and others do not support links. RTF_HYPERLINKS = NO # Load style sheet definitions from file. Syntax is similar to doxygen's # config file, i.e. a series of assignments. You only have to provide # replacements, missing definitions are set to their default value. RTF_STYLESHEET_FILE = # Set optional variables used in the generation of an rtf document. # Syntax is similar to doxygen's config file. RTF_EXTENSIONS_FILE = #--------------------------------------------------------------------------- # configuration options related to the man page output #--------------------------------------------------------------------------- # If the GENERATE_MAN tag is set to YES (the default) Doxygen will # generate man pages GENERATE_MAN = NO # The MAN_OUTPUT tag is used to specify where the man pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `man' will be used as the default path. MAN_OUTPUT = man # The MAN_EXTENSION tag determines the extension that is added to # the generated man pages (default is the subroutine's section .3) MAN_EXTENSION = .3 # If the MAN_LINKS tag is set to YES and Doxygen generates man output, # then it will generate one additional man file for each entity # documented in the real man page(s). These additional files # only source the real man page, but without them the man command # would be unable to find the correct page. The default is NO. MAN_LINKS = NO #--------------------------------------------------------------------------- # configuration options related to the XML output #--------------------------------------------------------------------------- # If the GENERATE_XML tag is set to YES Doxygen will # generate an XML file that captures the structure of # the code including all documentation. GENERATE_XML = NO # The XML_OUTPUT tag is used to specify where the XML pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `xml' will be used as the default path. XML_OUTPUT = xml # The XML_SCHEMA tag can be used to specify an XML schema, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_SCHEMA = # The XML_DTD tag can be used to specify an XML DTD, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_DTD = # If the XML_PROGRAMLISTING tag is set to YES Doxygen will # dump the program listings (including syntax highlighting # and cross-referencing information) to the XML output. Note that # enabling this will significantly increase the size of the XML output. XML_PROGRAMLISTING = YES #--------------------------------------------------------------------------- # configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- # If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will # generate an AutoGen Definitions (see autogen.sf.net) file # that captures the structure of the code including all # documentation. Note that this feature is still experimental # and incomplete at the moment. GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- # configuration options related to the Perl module output #--------------------------------------------------------------------------- # If the GENERATE_PERLMOD tag is set to YES Doxygen will # generate a Perl module file that captures the structure of # the code including all documentation. Note that this # feature is still experimental and incomplete at the # moment. GENERATE_PERLMOD = NO # If the PERLMOD_LATEX tag is set to YES Doxygen will generate # the necessary Makefile rules, Perl scripts and LaTeX code to be able # to generate PDF and DVI output from the Perl module output. PERLMOD_LATEX = NO # If the PERLMOD_PRETTY tag is set to YES the Perl module output will be # nicely formatted so it can be parsed by a human reader. # This is useful # if you want to understand what is going on. # On the other hand, if this # tag is set to NO the size of the Perl module output will be much smaller # and Perl will parse it just the same. PERLMOD_PRETTY = YES # The names of the make variables in the generated doxyrules.make file # are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. # This is useful so different doxyrules.make files included by the same # Makefile don't overwrite each other's variables. PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- # If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will # evaluate all C-preprocessor directives found in the sources and include # files. ENABLE_PREPROCESSING = YES # If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro # names in the source code. If set to NO (the default) only conditional # compilation will be performed. Macro expansion can be done in a controlled # way by setting EXPAND_ONLY_PREDEF to YES. MACRO_EXPANSION = NO # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES # then the macro expansion is limited to the macros specified with the # PREDEFINED and EXPAND_AS_DEFINED tags. EXPAND_ONLY_PREDEF = NO # If the SEARCH_INCLUDES tag is set to YES (the default) the includes files # pointed to by INCLUDE_PATH will be searched when a #include is found. SEARCH_INCLUDES = YES # The INCLUDE_PATH tag can be used to specify one or more directories that # contain include files that are not input files but should be processed by # the preprocessor. INCLUDE_PATH = # You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard # patterns (like *.h and *.hpp) to filter out the header-files in the # directories. If left blank, the patterns specified with FILE_PATTERNS will # be used. INCLUDE_FILE_PATTERNS = # The PREDEFINED tag can be used to specify one or more macro names that # are defined before the preprocessor is started (similar to the -D option of # gcc). The argument of the tag is a list of macros of the form: name # or name=definition (no spaces). If the definition and the = are # omitted =1 is assumed. To prevent a macro definition from being # undefined via #undef or recursively expanded use the := operator # instead of the = operator. PREDEFINED = DOXYGEN # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # this tag can be used to specify a list of macro names that should be expanded. # The macro definition that is found in the sources will be used. # Use the PREDEFINED tag if you want to use a different macro definition that # overrules the definition found in the source code. EXPAND_AS_DEFINED = # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then # doxygen's preprocessor will remove all references to function-like macros # that are alone on a line, have an all uppercase name, and do not end with a # semicolon, because these will confuse the parser if not removed. SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- # Configuration::additions related to external references #--------------------------------------------------------------------------- # The TAGFILES option can be used to specify one or more tagfiles. For each # tag file the location of the external documentation should be added. The # format of a tag file without this location is as follows: # # TAGFILES = file1 file2 ... # Adding location for the tag files is done as follows: # # TAGFILES = file1=loc1 "file2 = loc2" ... # where "loc1" and "loc2" can be relative or absolute paths # or URLs. Note that each tag file must have a unique name (where the name does # NOT include the path). If a tag file is not located in the directory in which # doxygen is run, you must also specify the path to the tagfile here. TAGFILES = # When a file name is specified after GENERATE_TAGFILE, doxygen will create # a tag file that is based on the input files it reads. GENERATE_TAGFILE = # If the ALLEXTERNALS tag is set to YES all external classes will be listed # in the class index. If set to NO only the inherited external classes # will be listed. ALLEXTERNALS = NO # If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed # in the modules index. If set to NO, only the current project's groups will # be listed. EXTERNAL_GROUPS = YES # The PERL_PATH should be the absolute path and name of the perl script # interpreter (i.e. the result of `which perl'). PERL_PATH = /usr/bin/perl #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- # If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will # generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base # or super classes. Setting the tag to NO turns the diagrams off. Note that # this option also works with HAVE_DOT disabled, but it is recommended to # install and use dot, since it yields more powerful graphs. CLASS_DIAGRAMS = YES # You can define message sequence charts within doxygen comments using the \msc # command. Doxygen will then run the mscgen tool (see # http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the # documentation. The MSCGEN_PATH tag allows you to specify the directory where # the mscgen tool resides. If left empty the tool is assumed to be found in the # default search path. MSCGEN_PATH = # If set to YES, the inheritance and collaboration graphs will hide # inheritance and usage relations if the target is undocumented # or is not a class. HIDE_UNDOC_RELATIONS = YES # If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is # available from the path. This tool is part of Graphviz, a graph visualization # toolkit from AT&T and Lucent Bell Labs. The other options in this section # have no effect if this option is set to NO (the default) HAVE_DOT = NO # The DOT_NUM_THREADS specifies the number of dot invocations doxygen is # allowed to run in parallel. When set to 0 (the default) doxygen will # base this on the number of processors available in the system. You can set it # explicitly to a value larger than 0 to get control over the balance # between CPU load and processing speed. DOT_NUM_THREADS = 0 # By default doxygen will use the Helvetica font for all dot files that # doxygen generates. When you want a differently looking font you can specify # the font name using DOT_FONTNAME. You need to make sure dot is able to find # the font, which can be done by putting it in a standard location or by setting # the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the # directory containing the font. DOT_FONTNAME = FreeSans # The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. # The default size is 10pt. DOT_FONTSIZE = 10 # By default doxygen will tell dot to use the Helvetica font. # If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to # set the path where dot can find it. DOT_FONTPATH = # If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect inheritance relations. Setting this tag to YES will force the # CLASS_DIAGRAMS tag to NO. CLASS_GRAPH = YES # If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect implementation dependencies (inheritance, containment, and # class references variables) of the class with other documented classes. COLLABORATION_GRAPH = YES # If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen # will generate a graph for groups, showing the direct groups dependencies GROUP_GRAPHS = YES # If the UML_LOOK tag is set to YES doxygen will generate inheritance and # collaboration diagrams in a style similar to the OMG's Unified Modeling # Language. UML_LOOK = NO # If the UML_LOOK tag is enabled, the fields and methods are shown inside # the class node. If there are many fields or methods and many nodes the # graph may become too big to be useful. The UML_LIMIT_NUM_FIELDS # threshold limits the number of items for each type to make the size more # managable. Set this to 0 for no limit. Note that the threshold may be # exceeded by 50% before the limit is enforced. UML_LIMIT_NUM_FIELDS = 10 # If set to YES, the inheritance and collaboration graphs will show the # relations between templates and their instances. TEMPLATE_RELATIONS = NO # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT # tags are set to YES then doxygen will generate a graph for each documented # file showing the direct and indirect include dependencies of the file with # other documented files. INCLUDE_GRAPH = YES # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and # HAVE_DOT tags are set to YES then doxygen will generate a graph for each # documented header file showing the documented files that directly or # indirectly include this file. INCLUDED_BY_GRAPH = YES # If the CALL_GRAPH and HAVE_DOT options are set to YES then # doxygen will generate a call dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable call graphs # for selected functions only using the \callgraph command. CALL_GRAPH = NO # If the CALLER_GRAPH and HAVE_DOT tags are set to YES then # doxygen will generate a caller dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable caller # graphs for selected functions only using the \callergraph command. CALLER_GRAPH = NO # If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen # will generate a graphical hierarchy of all classes instead of a textual one. GRAPHICAL_HIERARCHY = YES # If the DIRECTORY_GRAPH and HAVE_DOT tags are set to YES # then doxygen will show the dependencies a directory has on other directories # in a graphical way. The dependency relations are determined by the #include # relations between the files in the directories. DIRECTORY_GRAPH = YES # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images # generated by dot. Possible values are svg, png, jpg, or gif. # If left blank png will be used. If you choose svg you need to set # HTML_FILE_EXTENSION to xhtml in order to make the SVG files # visible in IE 9+ (other browsers do not have this requirement). DOT_IMAGE_FORMAT = png # If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to # enable generation of interactive SVG images that allow zooming and panning. # Note that this requires a modern browser other than Internet Explorer. # Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you # need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files # visible. Older versions of IE do not have SVG support. INTERACTIVE_SVG = NO # The tag DOT_PATH can be used to specify the path where the dot tool can be # found. If left blank, it is assumed the dot tool can be found in the path. DOT_PATH = # The DOTFILE_DIRS tag can be used to specify one or more directories that # contain dot files that are included in the documentation (see the # \dotfile command). DOTFILE_DIRS = # The MSCFILE_DIRS tag can be used to specify one or more directories that # contain msc files that are included in the documentation (see the # \mscfile command). MSCFILE_DIRS = # The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of # nodes that will be shown in the graph. If the number of nodes in a graph # becomes larger than this value, doxygen will truncate the graph, which is # visualized by representing a node as a red box. Note that doxygen if the # number of direct children of the root node in a graph is already larger than # DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note # that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. DOT_GRAPH_MAX_NODES = 50 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the # graphs generated by dot. A depth value of 3 means that only nodes reachable # from the root by following a path via at most 3 edges will be shown. Nodes # that lay further from the root node will be omitted. Note that setting this # option to 1 or 2 may greatly reduce the computation time needed for large # code bases. Also note that the size of a graph can be further restricted by # DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. MAX_DOT_GRAPH_DEPTH = 0 # Set the DOT_TRANSPARENT tag to YES to generate images with a transparent # background. This is disabled by default, because dot on Windows does not # seem to support this out of the box. Warning: Depending on the platform used, # enabling this option may lead to badly anti-aliased labels on the edges of # a graph (i.e. they become hard to read). DOT_TRANSPARENT = YES # Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output # files in one run (i.e. multiple -o and -T options on the command line). This # makes dot run faster, but since only newer versions of dot (>1.8.10) # support this, this feature is disabled by default. DOT_MULTI_TARGETS = NO # If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will # generate a legend page explaining the meaning of the various boxes and # arrows in the dot generated graphs. GENERATE_LEGEND = YES # If the DOT_CLEANUP tag is set to YES (the default) Doxygen will # remove the intermediate dot files that are used to generate # the various graphs. DOT_CLEANUP = YES sssd-1.11.5/src/PaxHeaders.13173/python0000644000000000000000000000013212320753521015601 xustar000000000000000030 mtime=1396954961.701874916 30 atime=1396955003.534843847 30 ctime=1396954961.701874916 sssd-1.11.5/src/python/0000775002412700241270000000000012320753521016105 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/python/PaxHeaders.13173/pyhbac.c0000644000000000000000000000007412320753107017275 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.693874922 sssd-1.11.5/src/python/pyhbac.c0000664002412700241270000015244212320753107017527 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include "util/util.h" #include "util/sss_python.h" #include "providers/ipa/ipa_hbac.h" #define PYTHON_MODULE_NAME "pyhbac" #ifndef PYHBAC_ENCODING #define PYHBAC_ENCODING "UTF-8" #endif #define PYHBAC_ENCODING_ERRORS "strict" #define CHECK_ATTRIBUTE_DELETE(attr, attrname) do { \ if (attr == NULL) { \ PyErr_Format(PyExc_TypeError, \ "Cannot delete the %s attribute", \ attrname); \ return -1; \ } \ } while(0) static PyObject *PyExc_HbacError; /* ==================== Utility functions ========================*/ static char * py_strdup(const char *string) { char *copy; copy = PyMem_New(char, strlen(string)+1); if (copy == NULL) { PyErr_NoMemory(); return NULL; } return strcpy(copy, string); } static char * py_strcat_realloc(char *first, const char *second) { char *new_first; new_first = PyMem_Realloc(first, strlen(first) + strlen(second) + 1); if (new_first == NULL) { PyErr_NoMemory(); return NULL; } return strcat(new_first, second); } static PyObject * get_utf8_string(PyObject *obj, const char *attrname) { const char *a = attrname ? attrname : "attribute"; PyObject *obj_utf8 = NULL; if (PyString_Check(obj)) { obj_utf8 = obj; Py_INCREF(obj_utf8); /* Make sure we can DECREF later */ } else if (PyUnicode_Check(obj)) { if ((obj_utf8 = PyUnicode_AsUTF8String(obj)) == NULL) { return NULL; } } else { PyErr_Format(PyExc_TypeError, "%s must be a string", a); return NULL; } return obj_utf8; } static void free_string_list(const char **list) { int i; if (!list) return; for (i=0; list[i]; i++) { PyMem_Free(discard_const_p(char, list[i])); } PyMem_Free(list); } static const char ** sequence_as_string_list(PyObject *seq, const char *paramname) { const char *p = paramname ? paramname : "attribute values"; const char **ret; PyObject *utf_item; int i; Py_ssize_t len; PyObject *item; if (!PySequence_Check(seq)) { PyErr_Format(PyExc_TypeError, "The object must be a sequence\n"); return NULL; } len = PySequence_Size(seq); if (len == -1) return NULL; ret = PyMem_New(const char *, (len+1)); if (!ret) { PyErr_NoMemory(); return NULL; } for (i = 0; i < len; i++) { item = PySequence_GetItem(seq, i); if (item == NULL) { break; } utf_item = get_utf8_string(item, p); if (utf_item == NULL) { return NULL; } ret[i] = py_strdup(PyString_AsString(utf_item)); Py_DECREF(utf_item); if (!ret[i]) { return NULL; } } ret[i] = NULL; return ret; } static bool verify_sequence(PyObject *seq, const char *attrname) { const char *a = attrname ? attrname : "attribute"; if (!PySequence_Check(seq)) { PyErr_Format(PyExc_TypeError, "%s must be a sequence", a); return false; } return true; } static int pyobject_to_category(PyObject *o) { int c; c = PyInt_AsLong(o); if (c == -1 && PyErr_Occurred()) { PyErr_Format(PyExc_TypeError, "Invalid type for category element - must be an int\n"); return -1; } switch (c) { case HBAC_CATEGORY_NULL: case HBAC_CATEGORY_ALL: return c; } PyErr_Format(PyExc_ValueError, "Invalid value %d for category\n", c); return -1; } static uint32_t native_category(PyObject *pycat) { PyObject *iterator; PyObject *item; uint32_t cat; int ret; iterator = PyObject_GetIter(pycat); if (iterator == NULL) { PyErr_Format(PyExc_RuntimeError, "Cannot iterate category\n"); return -1; } cat = 0; while ((item = PyIter_Next(iterator))) { ret = pyobject_to_category(item); Py_DECREF(item); if (ret == -1) { Py_DECREF(iterator); return -1; } cat |= ret; } Py_DECREF(iterator); return cat; } static char * str_concat_sequence(PyObject *seq, const char *delim) { Py_ssize_t size; Py_ssize_t i; PyObject *item; char *s = NULL; char *part; size = PySequence_Size(seq); if (size == 0) { s = py_strdup(""); if (s == NULL) { return NULL; } return s; } for (i=0; i < size; i++) { item = PySequence_GetItem(seq, i); if (item == NULL) goto fail; part = PyString_AsString(item); if (part == NULL) { Py_DECREF(item); goto fail; } if (s) { s = py_strcat_realloc(s, delim); if (s == NULL) goto fail; s = py_strcat_realloc(s, part); if (s == NULL) goto fail; } else { s = py_strdup(part); if (s == NULL) goto fail; } Py_DECREF(item); } return s; fail: PyMem_Free(s); return NULL; } /* ================= HBAC Exception handling =====================*/ static void set_hbac_exception(PyObject *exc, struct hbac_info *error) { PyErr_SetObject(exc, Py_BuildValue(sss_py_const_p(char, "(i,s)"), error->code, error->rule_name ? \ error->rule_name : "no rule")); } /* ==================== HBAC Rule Element ========================*/ typedef struct { PyObject_HEAD PyObject *category; PyObject *names; PyObject *groups; } HbacRuleElement; static PyObject * HbacRuleElement_new(PyTypeObject *type, PyObject *args, PyObject *kwds) { HbacRuleElement *self; self = (HbacRuleElement *) type->tp_alloc(type, 0); if (self == NULL) { PyErr_NoMemory(); return NULL; } self->category = sss_python_set_new(); self->names = PyList_New(0); self->groups = PyList_New(0); if (!self->names || !self->groups || !self->category) { Py_DECREF(self); PyErr_NoMemory(); return NULL; } return (PyObject *) self; } static int HbacRuleElement_clear(HbacRuleElement *self) { Py_CLEAR(self->names); Py_CLEAR(self->groups); Py_CLEAR(self->category); return 0; } static void HbacRuleElement_dealloc(HbacRuleElement *self) { HbacRuleElement_clear(self); self->ob_type->tp_free((PyObject*) self); } static int HbacRuleElement_traverse(HbacRuleElement *self, visitproc visit, void *arg) { Py_VISIT(self->groups); Py_VISIT(self->names); Py_VISIT(self->category); return 0; } static int hbac_rule_element_set_names(HbacRuleElement *self, PyObject *names, void *closure); static int hbac_rule_element_set_groups(HbacRuleElement *self, PyObject *groups, void *closure); static int hbac_rule_element_set_category(HbacRuleElement *self, PyObject *category, void *closure); static int HbacRuleElement_init(HbacRuleElement *self, PyObject *args, PyObject *kwargs) { const char * const kwlist[] = { "names", "groups", "category", NULL }; PyObject *names = NULL; PyObject *groups = NULL; PyObject *category = NULL; PyObject *tmp = NULL; if (!PyArg_ParseTupleAndKeywords(args, kwargs, sss_py_const_p(char, "|OOO"), discard_const_p(char *, kwlist), &names, &groups, &category)) { return -1; } if (names) { if (hbac_rule_element_set_names(self, names, NULL) != 0) { return -1; } } if (groups) { if (hbac_rule_element_set_groups(self, groups, NULL) != 0) { return -1; } } if (category) { if (hbac_rule_element_set_category(self, category, NULL) != 0) { return -1; } } else { tmp = PyInt_FromLong(HBAC_CATEGORY_NULL); if (!tmp) { return -1; } if (sss_python_set_add(self->category, tmp) != 0) { Py_DECREF(tmp); return -1; } } return 0; } static int hbac_rule_element_set_names(HbacRuleElement *self, PyObject *names, void *closure) { CHECK_ATTRIBUTE_DELETE(names, "names"); if (!verify_sequence(names, "names")) { return -1; } SAFE_SET(self->names, names); return 0; } static PyObject * hbac_rule_element_get_names(HbacRuleElement *self, void *closure) { Py_INCREF(self->names); return self->names; } static int hbac_rule_element_set_groups(HbacRuleElement *self, PyObject *groups, void *closure) { CHECK_ATTRIBUTE_DELETE(groups, "groups"); if (!verify_sequence(groups, "groups")) { return -1; } SAFE_SET(self->groups, groups); return 0; } static PyObject * hbac_rule_element_get_groups(HbacRuleElement *self, void *closure) { Py_INCREF(self->groups); return self->groups; } static int hbac_rule_element_set_category(HbacRuleElement *self, PyObject *category, void *closure) { PyObject *iterator; PyObject *item; int ret; CHECK_ATTRIBUTE_DELETE(category, "category"); if (!sss_python_set_check(category)) { PyErr_Format(PyExc_TypeError, "The category must be a set type\n"); return -1; } /* Check the values, too */ iterator = PyObject_GetIter(category); if (iterator == NULL) { PyErr_Format(PyExc_RuntimeError, "Cannot iterate a set?\n"); return -1; } while ((item = PyIter_Next(iterator))) { ret = pyobject_to_category(item); Py_DECREF(item); if (ret == -1) { Py_DECREF(iterator); return -1; } } SAFE_SET(self->category, category); Py_DECREF(iterator); return 0; } static PyObject * hbac_rule_element_get_category(HbacRuleElement *self, void *closure) { Py_INCREF(self->category); return self->category; } static PyObject * HbacRuleElement_repr(HbacRuleElement *self) { char *strnames = NULL; char *strgroups = NULL; uint32_t category; PyObject *o, *format, *args; format = sss_python_unicode_from_string(""); if (format == NULL) { return NULL; } strnames = str_concat_sequence(self->names, discard_const_p(char, ",")); strgroups = str_concat_sequence(self->groups, discard_const_p(char, ",")); category = native_category(self->category); if (strnames == NULL || strgroups == NULL || category == -1) { PyMem_Free(strnames); PyMem_Free(strgroups); Py_DECREF(format); return NULL; } args = Py_BuildValue(sss_py_const_p(char, "Kss"), (unsigned long long ) category, strnames, strgroups); if (args == NULL) { PyMem_Free(strnames); PyMem_Free(strgroups); Py_DECREF(format); return NULL; } o = PyUnicode_Format(format, args); PyMem_Free(strnames); PyMem_Free(strgroups); Py_DECREF(format); Py_DECREF(args); return o; } PyDoc_STRVAR(HbacRuleElement_names__doc__, "(sequence of strings) A list of object names this element applies to"); PyDoc_STRVAR(HbacRuleElement_groups__doc__, "(sequence of strings) A list of group names this element applies to"); PyDoc_STRVAR(HbacRuleElement_category__doc__, "(set) A set of categories this rule falls into"); static PyGetSetDef py_hbac_rule_element_getset[] = { { discard_const_p(char, "names"), (getter) hbac_rule_element_get_names, (setter) hbac_rule_element_set_names, HbacRuleElement_names__doc__, NULL }, { discard_const_p(char, "groups"), (getter) hbac_rule_element_get_groups, (setter) hbac_rule_element_set_groups, HbacRuleElement_groups__doc__, NULL }, { discard_const_p(char, "category"), (getter) hbac_rule_element_get_category, (setter) hbac_rule_element_set_category, HbacRuleElement_category__doc__, NULL }, { NULL, 0, 0, 0, NULL } /* Sentinel */ }; PyDoc_STRVAR(HbacRuleElement__doc__, "IPA HBAC Rule Element\n\n" "HbacRuleElement() -> new empty rule element\n" "HbacRuleElement([names], [groups], [category]) -> optionally, provide\n" "names and/or groups and/or category\n"); static PyTypeObject pyhbac_hbacrule_element_type = { PyObject_HEAD_INIT(NULL) .tp_name = sss_py_const_p(char, "pyhbac.HbacRuleElement"), .tp_basicsize = sizeof(HbacRuleElement), .tp_new = HbacRuleElement_new, .tp_dealloc = (destructor) HbacRuleElement_dealloc, .tp_traverse = (traverseproc) HbacRuleElement_traverse, .tp_clear = (inquiry) HbacRuleElement_clear, .tp_init = (initproc) HbacRuleElement_init, .tp_repr = (reprfunc) HbacRuleElement_repr, .tp_getset = py_hbac_rule_element_getset, .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_HAVE_GC, .tp_doc = HbacRuleElement__doc__ }; static void free_hbac_rule_element(struct hbac_rule_element *el) { if (!el) return; free_string_list(el->names); free_string_list(el->groups); PyMem_Free(el); } struct hbac_rule_element * HbacRuleElement_to_native(HbacRuleElement *pyel) { struct hbac_rule_element *el = NULL; /* check the type, None would wreak havoc here because for some reason * it would pass the sequence check */ if (!PyObject_IsInstance((PyObject *) pyel, (PyObject *) &pyhbac_hbacrule_element_type)) { PyErr_Format(PyExc_TypeError, "The element must be of type HbacRuleElement\n"); goto fail; } el = PyMem_Malloc(sizeof(struct hbac_rule_element)); if (!el) { PyErr_NoMemory(); goto fail; } el->category = native_category(pyel->category); el->names = sequence_as_string_list(pyel->names, "names"); el->groups = sequence_as_string_list(pyel->groups, "groups"); if (!el->names || !el->groups || el->category == -1) { goto fail; } return el; fail: free_hbac_rule_element(el); return NULL; } /* ==================== HBAC Rule ========================*/ typedef struct { PyObject_HEAD PyObject *name; bool enabled; HbacRuleElement *users; HbacRuleElement *services; HbacRuleElement *targethosts; HbacRuleElement *srchosts; } HbacRuleObject; static void free_hbac_rule(struct hbac_rule *rule); static struct hbac_rule * HbacRule_to_native(HbacRuleObject *pyrule); static PyObject * HbacRule_new(PyTypeObject *type, PyObject *args, PyObject *kwds) { HbacRuleObject *self; self = (HbacRuleObject *) type->tp_alloc(type, 0); if (self == NULL) { PyErr_NoMemory(); return NULL; } self->name = sss_python_unicode_from_string(""); if (self->name == NULL) { Py_DECREF(self); PyErr_NoMemory(); return NULL; } self->enabled = false; self->services = (HbacRuleElement *) HbacRuleElement_new( &pyhbac_hbacrule_element_type, NULL, NULL); self->users = (HbacRuleElement *) HbacRuleElement_new( &pyhbac_hbacrule_element_type, NULL, NULL); self->targethosts = (HbacRuleElement *) HbacRuleElement_new( &pyhbac_hbacrule_element_type, NULL, NULL); self->srchosts = (HbacRuleElement *) HbacRuleElement_new( &pyhbac_hbacrule_element_type, NULL, NULL); if (self->services == NULL || self->users == NULL || self->targethosts == NULL || self->srchosts == NULL) { Py_XDECREF(self->services); Py_XDECREF(self->users); Py_XDECREF(self->targethosts); Py_XDECREF(self->srchosts); Py_DECREF(self->name); Py_DECREF(self); PyErr_NoMemory(); return NULL; } return (PyObject *) self; } static int HbacRule_clear(HbacRuleObject *self) { Py_CLEAR(self->name); Py_CLEAR(self->services); Py_CLEAR(self->users); Py_CLEAR(self->targethosts); Py_CLEAR(self->srchosts); return 0; } static void HbacRule_dealloc(HbacRuleObject *self) { HbacRule_clear(self); self->ob_type->tp_free((PyObject*) self); } static int HbacRule_traverse(HbacRuleObject *self, visitproc visit, void *arg) { Py_VISIT((PyObject *) self->name); Py_VISIT((PyObject *) self->services); Py_VISIT((PyObject *) self->users); Py_VISIT((PyObject *) self->targethosts); Py_VISIT((PyObject *) self->srchosts); return 0; } static int hbac_rule_set_enabled(HbacRuleObject *self, PyObject *enabled, void *closure); static int hbac_rule_set_name(HbacRuleObject *self, PyObject *name, void *closure); static int HbacRule_init(HbacRuleObject *self, PyObject *args, PyObject *kwargs) { const char * const kwlist[] = { "name", "enabled", NULL }; PyObject *name = NULL; PyObject *empty_tuple = NULL; PyObject *enabled=NULL; if (!PyArg_ParseTupleAndKeywords(args, kwargs, sss_py_const_p(char, "O|O"), discard_const_p(char *, kwlist), &name, &enabled)) { return -1; } if (enabled) { if (hbac_rule_set_enabled(self, enabled, NULL) == -1) { return -1; } } if (hbac_rule_set_name(self, name, NULL) == -1) { return -1; } empty_tuple = PyTuple_New(0); if (!empty_tuple) { return -1; } if (HbacRuleElement_init(self->users, empty_tuple, NULL) == -1 || HbacRuleElement_init(self->services, empty_tuple, NULL) == -1 || HbacRuleElement_init(self->targethosts, empty_tuple, NULL) == -1 || HbacRuleElement_init(self->srchosts, empty_tuple, NULL) == -1) { Py_DECREF(empty_tuple); return -1; } Py_DECREF(empty_tuple); return 0; } static int hbac_rule_set_enabled(HbacRuleObject *self, PyObject *enabled, void *closure) { CHECK_ATTRIBUTE_DELETE(enabled, "enabled"); if (PyString_Check(enabled) || PyUnicode_Check(enabled)) { PyObject *utf8_str; char *str; utf8_str = get_utf8_string(enabled, "enabled"); if (!utf8_str) return -1; str = PyString_AsString(utf8_str); if (!str) { Py_DECREF(utf8_str); return -1; } if (strcasecmp(str, "true") == 0) { self->enabled = true; } else if (strcasecmp(str, "false") == 0) { self->enabled = false; } else { PyErr_Format(PyExc_ValueError, "enabled only accepts 'true' of 'false' " "string literals"); Py_DECREF(utf8_str); return -1; } Py_DECREF(utf8_str); return 0; } else if (PyBool_Check(enabled)) { self->enabled = (enabled == Py_True); return 0; } else if (PyInt_Check(enabled)) { switch(PyInt_AsLong(enabled)) { case 0: self->enabled = false; break; case 1: self->enabled = true; break; default: PyErr_Format(PyExc_ValueError, "enabled only accepts '0' of '1' " "integer constants"); return -1; } return 0; } PyErr_Format(PyExc_TypeError, "enabled must be a boolean, an integer " "1 or 0 or a string constant true/false"); return -1; } static PyObject * hbac_rule_get_enabled(HbacRuleObject *self, void *closure) { if (self->enabled) { Py_RETURN_TRUE; } Py_RETURN_FALSE; } static int hbac_rule_set_name(HbacRuleObject *self, PyObject *name, void *closure) { CHECK_ATTRIBUTE_DELETE(name, "name"); if (!PyString_Check(name) && !PyUnicode_Check(name)) { PyErr_Format(PyExc_TypeError, "name must be a string or Unicode"); return -1; } SAFE_SET(self->name, name); return 0; } static PyObject * hbac_rule_get_name(HbacRuleObject *self, void *closure) { if (PyUnicode_Check(self->name)) { Py_INCREF(self->name); return self->name; } else if (PyString_Check(self->name)) { return PyUnicode_FromEncodedObject(self->name, PYHBAC_ENCODING, PYHBAC_ENCODING_ERRORS); } /* setter does typechecking but let us be paranoid */ PyErr_Format(PyExc_TypeError, "name must be a string or Unicode"); return NULL; } static PyObject * HbacRule_repr(HbacRuleObject *self) { PyObject *users_repr; PyObject *services_repr; PyObject *targethosts_repr; PyObject *srchosts_repr; PyObject *o, *format, *args; format = sss_python_unicode_from_string(""); if (format == NULL) { return NULL; } users_repr = HbacRuleElement_repr(self->users); services_repr = HbacRuleElement_repr(self->services); targethosts_repr = HbacRuleElement_repr(self->targethosts); srchosts_repr = HbacRuleElement_repr(self->srchosts); if (users_repr == NULL || services_repr == NULL || targethosts_repr == NULL || srchosts_repr == NULL) { Py_XDECREF(users_repr); Py_XDECREF(services_repr); Py_XDECREF(targethosts_repr); Py_XDECREF(srchosts_repr); Py_DECREF(format); return NULL; } args = Py_BuildValue(sss_py_const_p(char, "OiOOOO"), self->name, self->enabled, users_repr, services_repr, targethosts_repr, srchosts_repr); if (args == NULL) { Py_DECREF(users_repr); Py_DECREF(services_repr); Py_DECREF(targethosts_repr); Py_DECREF(srchosts_repr); Py_DECREF(format); return NULL; } o = PyUnicode_Format(format, args); Py_DECREF(users_repr); Py_DECREF(services_repr); Py_DECREF(targethosts_repr); Py_DECREF(srchosts_repr); Py_DECREF(format); Py_DECREF(args); return o; } static PyObject * py_hbac_rule_validate(HbacRuleObject *self, PyObject *args) { struct hbac_rule *rule; bool is_valid; uint32_t missing; uint32_t attr; PyObject *ret = NULL; PyObject *py_is_valid = NULL; PyObject *py_missing = NULL; PyObject *py_attr = NULL; rule = HbacRule_to_native(self); if (!rule) { /* Make sure there is at least a generic exception */ if (!PyErr_Occurred()) { PyErr_Format(PyExc_IOError, "Could not convert HbacRule to native type\n"); } goto fail; } is_valid = hbac_rule_is_complete(rule, &missing); free_hbac_rule(rule); ret = PyTuple_New(2); if (!ret) { PyErr_NoMemory(); goto fail; } py_is_valid = PyBool_FromLong(is_valid); py_missing = sss_python_set_new(); if (!py_missing || !py_is_valid) { PyErr_NoMemory(); goto fail; } for (attr = HBAC_RULE_ELEMENT_USERS; attr <= HBAC_RULE_ELEMENT_SOURCEHOSTS; attr <<= 1) { if (!(missing & attr)) continue; py_attr = PyInt_FromLong(attr); if (!py_attr) { PyErr_NoMemory(); goto fail; } if (sss_python_set_add(py_missing, py_attr) != 0) { /* If the set-add succeeded, it would steal the reference */ Py_DECREF(py_attr); goto fail; } } PyTuple_SET_ITEM(ret, 0, py_is_valid); PyTuple_SET_ITEM(ret, 1, py_missing); return ret; fail: Py_XDECREF(ret); Py_XDECREF(py_missing); Py_XDECREF(py_is_valid); return NULL; } PyDoc_STRVAR(py_hbac_rule_validate__doc__, "validate() -> (valid, missing)\n\n" "Validate an HBAC rule\n" "Returns a tuple of (bool, set). The boolean value describes whether\n" "the rule is valid. If it is False, then the set lists all the missing " "rule elements as HBAC_RULE_ELEMENT_* constants\n"); static PyMethodDef py_hbac_rule_methods[] = { { sss_py_const_p(char, "validate"), (PyCFunction) py_hbac_rule_validate, METH_VARARGS, py_hbac_rule_validate__doc__, }, { NULL, NULL, 0, NULL } /* Sentinel */ }; PyDoc_STRVAR(HbacRuleObject_users__doc__, "(HbacRuleElement) Users and user groups for which this rule applies"); PyDoc_STRVAR(HbacRuleObject_services__doc__, "(HbacRuleElement) Services and service groups for which this rule applies"); PyDoc_STRVAR(HbacRuleObject_targethosts__doc__, "(HbacRuleElement) Target hosts for which this rule applies"); PyDoc_STRVAR(HbacRuleObject_srchosts__doc__, "(HbacRuleElement) Source hosts for which this rule applies"); static PyMemberDef py_hbac_rule_members[] = { { discard_const_p(char, "users"), T_OBJECT_EX, offsetof(HbacRuleObject, users), 0, HbacRuleObject_users__doc__ }, { discard_const_p(char, "services"), T_OBJECT_EX, offsetof(HbacRuleObject, services), 0, HbacRuleObject_services__doc__ }, { discard_const_p(char, "targethosts"), T_OBJECT_EX, offsetof(HbacRuleObject, targethosts), 0, HbacRuleObject_targethosts__doc__}, { discard_const_p(char, "srchosts"), T_OBJECT_EX, offsetof(HbacRuleObject, srchosts), 0, HbacRuleObject_srchosts__doc__}, { NULL, 0, 0, 0, NULL } /* Sentinel */ }; PyDoc_STRVAR(HbacRuleObject_enabled__doc__, "(bool) Is the rule enabled"); PyDoc_STRVAR(HbacRuleObject_name__doc__, "(string) The name of the rule"); static PyGetSetDef py_hbac_rule_getset[] = { { discard_const_p(char, "enabled"), (getter) hbac_rule_get_enabled, (setter) hbac_rule_set_enabled, HbacRuleObject_enabled__doc__, NULL }, { discard_const_p(char, "name"), (getter) hbac_rule_get_name, (setter) hbac_rule_set_name, HbacRuleObject_name__doc__, NULL }, {NULL, 0, 0, 0, NULL} /* Sentinel */ }; PyDoc_STRVAR(HbacRuleObject__doc__, "IPA HBAC Rule\n\n" "HbacRule(name, [enabled]) -> instantiate an empty rule, optionally\n" "specify whether it is enabled. Rules are created disabled by default and\n" "contain empty HbacRuleElement instances in services, users, targethosts\n" "and srchosts attributes.\n"); static PyTypeObject pyhbac_hbacrule_type = { PyObject_HEAD_INIT(NULL) .tp_name = sss_py_const_p(char, "pyhbac.HbacRule"), .tp_basicsize = sizeof(HbacRuleObject), .tp_new = HbacRule_new, .tp_dealloc = (destructor) HbacRule_dealloc, .tp_traverse = (traverseproc) HbacRule_traverse, .tp_clear = (inquiry) HbacRule_clear, .tp_init = (initproc) HbacRule_init, .tp_repr = (reprfunc) HbacRule_repr, .tp_members = py_hbac_rule_members, .tp_methods = py_hbac_rule_methods, .tp_getset = py_hbac_rule_getset, .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_HAVE_GC, .tp_doc = HbacRuleObject__doc__ }; static void free_hbac_rule(struct hbac_rule *rule) { if (!rule) return; free_hbac_rule_element(rule->services); free_hbac_rule_element(rule->users); free_hbac_rule_element(rule->targethosts); free_hbac_rule_element(rule->srchosts); PyMem_Free(discard_const_p(char, rule->name)); PyMem_Free(rule); } static struct hbac_rule * HbacRule_to_native(HbacRuleObject *pyrule) { struct hbac_rule *rule = NULL; PyObject *utf_name; rule = PyMem_Malloc(sizeof(struct hbac_rule)); if (!rule) { PyErr_NoMemory(); goto fail; } if (!PyObject_IsInstance((PyObject *) pyrule, (PyObject *) &pyhbac_hbacrule_type)) { PyErr_Format(PyExc_TypeError, "The rule must be of type HbacRule\n"); goto fail; } utf_name = get_utf8_string(pyrule->name, "name"); if (utf_name == NULL) { return NULL; } rule->name = py_strdup(PyString_AsString(utf_name)); Py_DECREF(utf_name); if (rule->name == NULL) { goto fail; } rule->services = HbacRuleElement_to_native(pyrule->services); rule->users = HbacRuleElement_to_native(pyrule->users); rule->targethosts = HbacRuleElement_to_native(pyrule->targethosts); rule->srchosts = HbacRuleElement_to_native(pyrule->srchosts); if (!rule->services || !rule->users || !rule->targethosts || !rule->srchosts) { goto fail; } rule->enabled = pyrule->enabled; return rule; fail: free_hbac_rule(rule); return NULL; } /* ==================== HBAC Request Element ========================*/ typedef struct { PyObject_HEAD PyObject *name; PyObject *groups; } HbacRequestElement; static PyObject * HbacRequestElement_new(PyTypeObject *type, PyObject *args, PyObject *kwds) { HbacRequestElement *self; self = (HbacRequestElement *) type->tp_alloc(type, 0); if (self == NULL) { PyErr_NoMemory(); return NULL; } self->name = sss_python_unicode_from_string(""); if (self->name == NULL) { PyErr_NoMemory(); Py_DECREF(self); return NULL; } self->groups = PyList_New(0); if (self->groups == NULL) { Py_DECREF(self->name); Py_DECREF(self); PyErr_NoMemory(); return NULL; } return (PyObject *) self; } static int HbacRequestElement_clear(HbacRequestElement *self) { Py_CLEAR(self->name); Py_CLEAR(self->groups); return 0; } static void HbacRequestElement_dealloc(HbacRequestElement *self) { HbacRequestElement_clear(self); self->ob_type->tp_free((PyObject*) self); } static int HbacRequestElement_traverse(HbacRequestElement *self, visitproc visit, void *arg) { Py_VISIT(self->name); Py_VISIT(self->groups); return 0; } static int hbac_request_element_set_groups(HbacRequestElement *self, PyObject *groups, void *closure); static int hbac_request_element_set_name(HbacRequestElement *self, PyObject *name, void *closure); static int HbacRequestElement_init(HbacRequestElement *self, PyObject *args, PyObject *kwargs) { const char * const kwlist[] = { "name", "groups", NULL }; PyObject *name = NULL; PyObject *groups = NULL; if (!PyArg_ParseTupleAndKeywords(args, kwargs, sss_py_const_p(char, "|OO"), discard_const_p(char *, kwlist), &name, &groups)) { return -1; } if (name) { if (hbac_request_element_set_name(self, name, NULL) != 0) { return -1; } } if (groups) { if (hbac_request_element_set_groups(self, groups, NULL) != 0) { return -1; } } return 0; } static int hbac_request_element_set_name(HbacRequestElement *self, PyObject *name, void *closure) { CHECK_ATTRIBUTE_DELETE(name, "name"); if (!PyString_Check(name) && !PyUnicode_Check(name)) { PyErr_Format(PyExc_TypeError, "name must be a string or Unicode"); return -1; } SAFE_SET(self->name, name); return 0; } static PyObject * hbac_request_element_get_name(HbacRequestElement *self, void *closure) { if (PyUnicode_Check(self->name)) { Py_INCREF(self->name); return self->name; } else if (PyString_Check(self->name)) { return PyUnicode_FromEncodedObject(self->name, PYHBAC_ENCODING, PYHBAC_ENCODING_ERRORS); } /* setter does typechecking but let us be paranoid */ PyErr_Format(PyExc_TypeError, "name must be a string or Unicode"); return NULL; } static int hbac_request_element_set_groups(HbacRequestElement *self, PyObject *groups, void *closure) { CHECK_ATTRIBUTE_DELETE(groups, "groups"); if (!verify_sequence(groups, "groups")) { return -1; } SAFE_SET(self->groups, groups); return 0; } static PyObject * hbac_request_element_get_groups(HbacRequestElement *self, void *closure) { Py_INCREF(self->groups); return self->groups; } static PyObject * HbacRequestElement_repr(HbacRequestElement *self) { char *strgroups; PyObject *o, *format, *args; format = sss_python_unicode_from_string(""); if (format == NULL) { return NULL; } strgroups = str_concat_sequence(self->groups, discard_const_p(char, ",")); if (strgroups == NULL) { Py_DECREF(format); return NULL; } args = Py_BuildValue(sss_py_const_p(char, "Os"), self->name, strgroups); if (args == NULL) { PyMem_Free(strgroups); Py_DECREF(format); return NULL; } o = PyUnicode_Format(format, args); PyMem_Free(strgroups); Py_DECREF(format); Py_DECREF(args); return o; } PyDoc_STRVAR(HbacRequestElement_name__doc__, "(string) An object name this element applies to"); PyDoc_STRVAR(HbacRequestElement_groups__doc__, "(list of strings) A list of group names this element applies to"); static PyGetSetDef py_hbac_request_element_getset[] = { { discard_const_p(char, "name"), (getter) hbac_request_element_get_name, (setter) hbac_request_element_set_name, HbacRequestElement_name__doc__, NULL }, { discard_const_p(char, "groups"), (getter) hbac_request_element_get_groups, (setter) hbac_request_element_set_groups, HbacRequestElement_groups__doc__, NULL }, { NULL, 0, 0, 0, NULL } /* Sentinel */ }; PyDoc_STRVAR(HbacRequestElement__doc__, "IPA HBAC Request Element\n\n" "HbacRequestElement() -> new empty request element\n" "HbacRequestElement([name], [groups]) -> optionally, provide name and/or " "groups\n"); static PyTypeObject pyhbac_hbacrequest_element_type = { PyObject_HEAD_INIT(NULL) .tp_name = sss_py_const_p(char, "pyhbac.HbacRequestElement"), .tp_basicsize = sizeof(HbacRequestElement), .tp_new = HbacRequestElement_new, .tp_dealloc = (destructor) HbacRequestElement_dealloc, .tp_traverse = (traverseproc) HbacRequestElement_traverse, .tp_clear = (inquiry) HbacRequestElement_clear, .tp_init = (initproc) HbacRequestElement_init, .tp_repr = (reprfunc) HbacRequestElement_repr, .tp_getset = py_hbac_request_element_getset, .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_HAVE_GC, .tp_doc = HbacRequestElement__doc__ }; static void free_hbac_request_element(struct hbac_request_element *el) { if (!el) return; PyMem_Free(discard_const_p(char, el->name)); free_string_list(el->groups); PyMem_Free(el); } static struct hbac_request_element * HbacRequestElement_to_native(HbacRequestElement *pyel) { struct hbac_request_element *el = NULL; PyObject *utf_name; if (!PyObject_IsInstance((PyObject *) pyel, (PyObject *) &pyhbac_hbacrequest_element_type)) { PyErr_Format(PyExc_TypeError, "The element must be of type HbacRequestElement\n"); goto fail; } el = PyMem_Malloc(sizeof(struct hbac_request_element)); if (!el) { PyErr_NoMemory(); goto fail; } utf_name = get_utf8_string(pyel->name, "name"); if (utf_name == NULL) { return NULL; } el->name = py_strdup(PyString_AsString(utf_name)); Py_DECREF(utf_name); if (!el->name) { goto fail; } el->groups = sequence_as_string_list(pyel->groups, "groups"); if (!el->groups) { goto fail; } return el; fail: free_hbac_request_element(el); return NULL; } /* ==================== HBAC Request ========================*/ typedef struct { PyObject_HEAD HbacRequestElement *service; HbacRequestElement *user; HbacRequestElement *targethost; HbacRequestElement *srchost; PyObject *rule_name; } HbacRequest; static PyObject * HbacRequest_new(PyTypeObject *type, PyObject *args, PyObject *kwds) { HbacRequest *self; self = (HbacRequest *) type->tp_alloc(type, 0); if (self == NULL) { PyErr_NoMemory(); return NULL; } self->service = (HbacRequestElement *) HbacRequestElement_new( &pyhbac_hbacrequest_element_type, NULL, NULL); self->user = (HbacRequestElement *) HbacRequestElement_new( &pyhbac_hbacrequest_element_type, NULL, NULL); self->targethost = (HbacRequestElement *) HbacRequestElement_new( &pyhbac_hbacrequest_element_type, NULL, NULL); self->srchost = (HbacRequestElement *) HbacRequestElement_new( &pyhbac_hbacrequest_element_type, NULL, NULL); if (self->service == NULL || self->user == NULL || self->targethost == NULL || self->srchost == NULL) { Py_XDECREF(self->service); Py_XDECREF(self->user); Py_XDECREF(self->targethost); Py_XDECREF(self->srchost); Py_DECREF(self); PyErr_NoMemory(); return NULL; } return (PyObject *) self; } static int HbacRequest_clear(HbacRequest *self) { Py_CLEAR(self->service); Py_CLEAR(self->user); Py_CLEAR(self->targethost); Py_CLEAR(self->srchost); Py_CLEAR(self->rule_name); return 0; } static void HbacRequest_dealloc(HbacRequest *self) { HbacRequest_clear(self); self->ob_type->tp_free((PyObject*) self); } static int HbacRequest_traverse(HbacRequest *self, visitproc visit, void *arg) { Py_VISIT((PyObject *) self->service); Py_VISIT((PyObject *) self->user); Py_VISIT((PyObject *) self->targethost); Py_VISIT((PyObject *) self->srchost); return 0; } static int HbacRequest_init(HbacRequest *self, PyObject *args, PyObject *kwargs) { PyObject *empty_tuple = NULL; empty_tuple = PyTuple_New(0); if (!empty_tuple) { PyErr_NoMemory(); return -1; } self->rule_name = NULL; if (HbacRequestElement_init(self->user, empty_tuple, NULL) == -1 || HbacRequestElement_init(self->service, empty_tuple, NULL) == -1 || HbacRequestElement_init(self->targethost, empty_tuple, NULL) == -1 || HbacRequestElement_init(self->srchost, empty_tuple, NULL) == -1) { Py_DECREF(empty_tuple); return -1; } Py_DECREF(empty_tuple); return 0; } PyDoc_STRVAR(py_hbac_evaluate__doc__, "evaluate(rules) -> int\n\n" "Evaluate a set of HBAC rules.\n" "rules is a sequence of HbacRule objects. The returned value describes\n" "the result of evaluation and will have one of HBAC_EVAL_* values.\n" "Use hbac_result_string() to get textual representation of the result\n" "On error, HbacError exception is raised.\n" "If HBAC_EVAL_ALLOW is returned, the class attribute rule_name would\n" "contain the name of the rule that matched. Otherwise, the attribute\n" "contains None\n"); static struct hbac_eval_req * HbacRequest_to_native(HbacRequest *pyreq); static void free_hbac_rule_list(struct hbac_rule **rules) { int i; if (!rules) return; for(i=0; rules[i]; i++) { free_hbac_rule(rules[i]); } PyMem_Free(rules); } static void free_hbac_eval_req(struct hbac_eval_req *req); static PyObject * py_hbac_evaluate(HbacRequest *self, PyObject *args) { PyObject *py_rules_list = NULL; PyObject *py_rule = NULL; Py_ssize_t num_rules; struct hbac_rule **rules = NULL; struct hbac_eval_req *hbac_req = NULL; enum hbac_eval_result eres; struct hbac_info *info = NULL; PyObject *ret = NULL; long i; if (!PyArg_ParseTuple(args, sss_py_const_p(char, "O"), &py_rules_list)) { goto fail; } if (!PySequence_Check(py_rules_list)) { PyErr_Format(PyExc_TypeError, "The parameter rules must be a sequence\n"); goto fail; } num_rules = PySequence_Size(py_rules_list); rules = PyMem_New(struct hbac_rule *, num_rules+1); if (!rules) { PyErr_NoMemory(); goto fail; } for (i=0; i < num_rules; i++) { py_rule = PySequence_GetItem(py_rules_list, i); if (!PyObject_IsInstance(py_rule, (PyObject *) &pyhbac_hbacrule_type)) { PyErr_Format(PyExc_TypeError, "A rule must be of type HbacRule\n"); goto fail; } rules[i] = HbacRule_to_native((HbacRuleObject *) py_rule); if (!rules[i]) { /* Make sure there is at least a generic exception */ if (!PyErr_Occurred()) { PyErr_Format(PyExc_IOError, "Could not convert HbacRule to native type\n"); } goto fail; } } rules[num_rules] = NULL; hbac_req = HbacRequest_to_native(self); if (!hbac_req) { if (!PyErr_Occurred()) { PyErr_Format(PyExc_IOError, "Could not convert HbacRequest to native type\n"); } goto fail; } Py_XDECREF(self->rule_name); self->rule_name = NULL; eres = hbac_evaluate(rules, hbac_req, &info); switch (eres) { case HBAC_EVAL_ALLOW: self->rule_name = sss_python_unicode_from_string(info->rule_name); if (!self->rule_name) { PyErr_NoMemory(); goto fail; } /* FALLTHROUGH */ case HBAC_EVAL_DENY: ret = PyInt_FromLong(eres); break; case HBAC_EVAL_ERROR: set_hbac_exception(PyExc_HbacError, info); goto fail; case HBAC_EVAL_OOM: PyErr_NoMemory(); goto fail; } free_hbac_eval_req(hbac_req); free_hbac_rule_list(rules); hbac_free_info(info); return ret; fail: hbac_free_info(info); free_hbac_eval_req(hbac_req); free_hbac_rule_list(rules); return NULL; } static PyObject * hbac_request_element_get_rule_name(HbacRequest *self, void *closure) { if (self->rule_name == NULL) { Py_INCREF(Py_None); return Py_None; } else if (PyUnicode_Check(self->rule_name)) { Py_INCREF(self->rule_name); return self->rule_name; } PyErr_Format(PyExc_TypeError, "rule_name is not Unicode"); return NULL; } static PyObject * HbacRequest_repr(HbacRequest *self) { PyObject *user_repr; PyObject *service_repr; PyObject *targethost_repr; PyObject *srchost_repr; PyObject *o, *format, *args; format = sss_python_unicode_from_string(""); if (format == NULL) { return NULL; } user_repr = HbacRequestElement_repr(self->user); service_repr = HbacRequestElement_repr(self->service); targethost_repr = HbacRequestElement_repr(self->targethost); srchost_repr = HbacRequestElement_repr(self->srchost); if (user_repr == NULL || service_repr == NULL || targethost_repr == NULL || srchost_repr == NULL) { Py_XDECREF(user_repr); Py_XDECREF(service_repr); Py_XDECREF(targethost_repr); Py_XDECREF(srchost_repr); Py_DECREF(format); return NULL; } args = Py_BuildValue(sss_py_const_p(char, "OOOO"), user_repr, service_repr, targethost_repr, srchost_repr); if (args == NULL) { Py_DECREF(user_repr); Py_DECREF(service_repr); Py_DECREF(targethost_repr); Py_DECREF(srchost_repr); Py_DECREF(format); return NULL; } o = PyUnicode_Format(format, args); Py_DECREF(user_repr); Py_DECREF(service_repr); Py_DECREF(targethost_repr); Py_DECREF(srchost_repr); Py_DECREF(format); Py_DECREF(args); return o; } static PyMethodDef py_hbac_request_methods[] = { { sss_py_const_p(char, "evaluate"), (PyCFunction) py_hbac_evaluate, METH_VARARGS, py_hbac_evaluate__doc__ }, { NULL, NULL, 0, NULL } /* Sentinel */ }; PyDoc_STRVAR(HbacRequest_service__doc__, "(HbacRequestElement) This is a list of service DNs to check, it must\n" "consist of the actual service requested, as well as all parent groups\n" "containing that service"); PyDoc_STRVAR(HbacRequest_user__doc__, "(HbacRequestElement) This is a list of user DNs to check, it must consist\n" "of the actual user requested, as well as all parent groups containing\n" "that user."); PyDoc_STRVAR(HbacRequest_targethost__doc__, "(HbacRequestElement) This is a list of target hosts to check, it must\n" "consist of the actual target host requested, as well as all parent groups\n" "containing that target host."); PyDoc_STRVAR(HbacRequest_srchost__doc__, "(HbacRequestElement) This is a list of source hosts to check, it must\n" "consist of the actual source host requested, as well as all parent groups\n" "containing that source host."); static PyMemberDef py_hbac_request_members[] = { { discard_const_p(char, "service"), T_OBJECT_EX, offsetof(HbacRequest, service), 0, HbacRequest_service__doc__ }, { discard_const_p(char, "user"), T_OBJECT_EX, offsetof(HbacRequest, user), 0, HbacRequest_user__doc__ }, { discard_const_p(char, "targethost"), T_OBJECT_EX, offsetof(HbacRequest, targethost), 0, HbacRequest_targethost__doc__ }, { discard_const_p(char, "srchost"), T_OBJECT_EX, offsetof(HbacRequest, srchost), 0, HbacRequest_srchost__doc__ }, { NULL, 0, 0, 0, NULL } /* Sentinel */ }; PyDoc_STRVAR(HbacRequest_rule_name__doc__, "(string) If result of evaluation was to allow access, this member contains\n" "the name of the rule that allowed it. Otherwise, this attribute contains \n" "None. This attribute is read-only.\n"); static PyGetSetDef py_hbac_request_getset[] = { { discard_const_p(char, "rule_name"), (getter) hbac_request_element_get_rule_name, NULL, /* read only */ HbacRequest_rule_name__doc__, NULL }, { NULL, 0, 0, 0, NULL } /* Sentinel */ }; PyDoc_STRVAR(HbacRequest__doc__, "IPA HBAC Request\n\n" "HbacRequest() -> new empty HBAC request"); static PyTypeObject pyhbac_hbacrequest_type = { PyObject_HEAD_INIT(NULL) .tp_name = sss_py_const_p(char, "pyhbac.HbacRequest"), .tp_basicsize = sizeof(HbacRequest), .tp_new = HbacRequest_new, .tp_dealloc = (destructor) HbacRequest_dealloc, .tp_traverse = (traverseproc) HbacRequest_traverse, .tp_clear = (inquiry) HbacRequest_clear, .tp_init = (initproc) HbacRequest_init, .tp_repr = (reprfunc) HbacRequest_repr, .tp_methods = py_hbac_request_methods, .tp_members = py_hbac_request_members, .tp_getset = py_hbac_request_getset, .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, .tp_doc = HbacRequest__doc__ }; static void free_hbac_eval_req(struct hbac_eval_req *req) { if (!req) return; free_hbac_request_element(req->service); free_hbac_request_element(req->user); free_hbac_request_element(req->targethost); free_hbac_request_element(req->srchost); PyMem_Free(req); } static struct hbac_eval_req * HbacRequest_to_native(HbacRequest *pyreq) { struct hbac_eval_req *req = NULL; req = PyMem_Malloc(sizeof(struct hbac_eval_req)); if (!req) { PyErr_NoMemory(); goto fail; } if (!PyObject_IsInstance((PyObject *) pyreq, (PyObject *) &pyhbac_hbacrequest_type)) { PyErr_Format(PyExc_TypeError, "The request must be of type HbacRequest\n"); goto fail; } req->service = HbacRequestElement_to_native(pyreq->service); req->user = HbacRequestElement_to_native(pyreq->user); req->targethost = HbacRequestElement_to_native(pyreq->targethost); req->srchost = HbacRequestElement_to_native(pyreq->srchost); if (!req->service || !req->user || !req->targethost || !req->srchost) { goto fail; } return req; fail: free_hbac_eval_req(req); return NULL; } /* =================== the pyhbac module initialization =====================*/ PyDoc_STRVAR(py_hbac_result_string__doc__, "hbac_result_string(code) -> string\n" "Returns a string representation of the HBAC result code"); static PyObject * py_hbac_result_string(PyObject *module, PyObject *args) { enum hbac_eval_result result; const char *str; if (!PyArg_ParseTuple(args, sss_py_const_p(char, "i"), &result)) { return NULL; } str = hbac_result_string(result); if (str == NULL) { /* None needs to be referenced, too */ Py_INCREF(Py_None); return Py_None; } return sss_python_unicode_from_string(str); } PyDoc_STRVAR(py_hbac_error_string__doc__, "hbac_error_string(code) -> string\n" "Returns a string representation of the HBAC error code"); static PyObject * py_hbac_error_string(PyObject *module, PyObject *args) { enum hbac_error_code code; const char *str; if (!PyArg_ParseTuple(args, sss_py_const_p(char, "i"), &code)) { return NULL; } str = hbac_error_string(code); if (str == NULL) { /* None needs to be referenced, too */ Py_INCREF(Py_None); return Py_None; } return sss_python_unicode_from_string(str); } static PyMethodDef pyhbac_module_methods[] = { { sss_py_const_p(char, "hbac_result_string"), (PyCFunction) py_hbac_result_string, METH_VARARGS, py_hbac_result_string__doc__, }, { sss_py_const_p(char, "hbac_error_string"), (PyCFunction) py_hbac_error_string, METH_VARARGS, py_hbac_error_string__doc__, }, {NULL, NULL, 0, NULL} /* Sentinel */ }; PyDoc_STRVAR(HbacError__doc__, "An HBAC processing exception\n\n" "This exception is raised when there is an internal error during the\n" "HBAC processing, such as an Out-Of-Memory situation or unparseable\n" "rule. HbacError.args argument is a tuple that contains error code and\n" "the name of the rule that was being processed. Use hbac_error_string()\n" "to get the text representation of the HBAC error"); PyMODINIT_FUNC initpyhbac(void) { PyObject *m; int ret; m = Py_InitModule(sss_py_const_p(char, PYTHON_MODULE_NAME), pyhbac_module_methods); if (m == NULL) return; /* The HBAC module exception */ PyExc_HbacError = sss_exception_with_doc( discard_const_p(char, "hbac.HbacError"), HbacError__doc__, PyExc_EnvironmentError, NULL); Py_INCREF(PyExc_HbacError); ret = PyModule_AddObject(m, sss_py_const_p(char, "HbacError"), PyExc_HbacError); if (ret == -1) return; /* HBAC rule categories */ ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_NULL); if (ret == -1) return; ret = PyModule_AddIntMacro(m, HBAC_CATEGORY_ALL); if (ret == -1) return; /* HBAC rule elements */ ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_USERS); if (ret == -1) return; ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SERVICES); if (ret == -1) return; ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_TARGETHOSTS); if (ret == -1) return; ret = PyModule_AddIntMacro(m, HBAC_RULE_ELEMENT_SOURCEHOSTS); if (ret == -1) return; /* enum hbac_eval_result */ ret = PyModule_AddIntMacro(m, HBAC_EVAL_ALLOW); if (ret == -1) return; ret = PyModule_AddIntMacro(m, HBAC_EVAL_DENY); if (ret == -1) return; ret = PyModule_AddIntMacro(m, HBAC_EVAL_ERROR); if (ret == -1) return; /* enum hbac_error_code */ ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNKNOWN); if (ret == -1) return; ret = PyModule_AddIntMacro(m, HBAC_SUCCESS); if (ret == -1) return; ret = PyModule_AddIntMacro(m, HBAC_ERROR_NOT_IMPLEMENTED); if (ret == -1) return; ret = PyModule_AddIntMacro(m, HBAC_ERROR_OUT_OF_MEMORY); if (ret == -1) return; ret = PyModule_AddIntMacro(m, HBAC_ERROR_UNPARSEABLE_RULE); if (ret == -1) return; TYPE_READY(m, pyhbac_hbacrule_type, "HbacRule"); TYPE_READY(m, pyhbac_hbacrule_element_type, "HbacRuleElement"); TYPE_READY(m, pyhbac_hbacrequest_element_type, "HbacRequestElement"); TYPE_READY(m, pyhbac_hbacrequest_type, "HbacRequest"); } sssd-1.11.5/src/python/PaxHeaders.13173/pysss_murmur.c0000644000000000000000000000007412320753107020617 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.700874917 sssd-1.11.5/src/python/pysss_murmur.c0000664002412700241270000000373412320753107021050 0ustar00jhrozekjhrozek00000000000000/* Authors: Sumit Bose Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/sss_python.h" #include "util/murmurhash3.h" PyDoc_STRVAR(murmurhash3_doc, "murmurhash3(key, key_len, seed) -> 32bit integer hash\n\ \n\ Calculate the murmur hash version 3 of the first key_len bytes from key\n\ using the given seed." ); static PyObject * py_murmurhash3(PyObject *module, PyObject *args) { const char *key; long key_len; long long seed; uint32_t hash; if (!PyArg_ParseTuple(args, sss_py_const_p(char, "slL"), &key, &key_len, &seed)) { PyErr_Format(PyExc_ValueError, "Invalid argument\n"); return NULL; } if (seed > UINT32_MAX || key_len > INT_MAX || key_len < 0 || key_len > strlen(key)) { PyErr_Format(PyExc_ValueError, "Invalid value\n"); return NULL; } hash = murmurhash3(key, key_len, seed); return PyLong_FromUnsignedLong((unsigned long) hash); } static PyMethodDef methods[] = { { sss_py_const_p(char, "murmurhash3"), (PyCFunction) py_murmurhash3, METH_VARARGS, murmurhash3_doc }, { NULL,NULL, 0, NULL } }; PyMODINIT_FUNC initpysss_murmur(void) { Py_InitModule3(sss_py_const_p(char, "pysss_murmur"), methods, sss_py_const_p(char, "murmur hash functions")); } sssd-1.11.5/src/python/PaxHeaders.13173/pysss.c0000644000000000000000000000007412320753107017210 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.699874917 sssd-1.11.5/src/python/pysss.c0000664002412700241270000007576712320753107017460 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "util/sss_python.h" #include "db/sysdb.h" #include "tools/tools_util.h" #include "tools/sss_sync_ops.h" #include "util/crypto/sss_crypto.h" /* * function taken from samba sources tree as of Aug 20 2009, * file source4/lib/ldb/pyldb.c */ static char **PyList_AsStringList(TALLOC_CTX *mem_ctx, PyObject *list, const char *paramname) { char **ret; int i; ret = talloc_array(mem_ctx, char *, PyList_Size(list)+1); for (i = 0; i < PyList_Size(list); i++) { PyObject *item = PyList_GetItem(list, i); if (!PyString_Check(item)) { PyErr_Format(PyExc_TypeError, "%s should be strings", paramname); return NULL; } ret[i] = talloc_strndup(ret, PyString_AsString(item), PyString_Size(item)); } ret[i] = NULL; return ret; } /* ======================= sysdb python wrappers ==========================*/ /* * The sss.password object */ typedef struct { PyObject_HEAD TALLOC_CTX *mem_ctx; struct tevent_context *ev; struct sysdb_ctx *sysdb; struct confdb_ctx *confdb; struct sss_domain_info *local; int lock; int unlock; } PySssLocalObject; /* * The transaction object */ struct py_sss_transaction { PySssLocalObject *self; struct ops_ctx *ops; bool transaction_done; int error; }; /* * Error reporting */ static void PyErr_SetSssErrorWithMessage(int ret, const char *message) { PyObject *exc = Py_BuildValue(discard_const_p(char, "(is)"), ret, message); PyErr_SetObject(PyExc_IOError, exc); Py_XDECREF(exc); } static void PyErr_SetSssError(int ret) { PyErr_SetSssErrorWithMessage(ret, strerror(ret)); } /* * Common init of all methods */ static struct tools_ctx *init_ctx(PySssLocalObject *self) { struct ops_ctx *octx = NULL; struct tools_ctx *tctx = NULL; tctx = talloc_zero(self->mem_ctx, struct tools_ctx); if (tctx == NULL) { return NULL; } tctx->confdb = self->confdb; tctx->sysdb = self->sysdb; tctx->local = self->local; /* tctx->nctx is NULL here, which is OK since we don't parse domains * in the python bindings (yet?) */ octx = talloc_zero(tctx, struct ops_ctx); if (octx == NULL) { PyErr_NoMemory(); return NULL; } octx->domain = self->local; tctx->octx = octx; return tctx; } /* * Add a user */ PyDoc_STRVAR(py_sss_useradd__doc__, "Add a user named ``username``.\n\n" ":param username: name of the user\n\n" ":param kwargs: Keyword arguments that customize the operation\n\n" "* useradd can be customized further with keyword arguments:\n" " * ``uid``: The UID of the user\n" " * ``gid``: The GID of the user\n" " * ``gecos``: The comment string\n" " * ``homedir``: Home directory\n" " * ``shell``: Login shell\n" " * ``skel``: Specify an alternative skeleton directory\n" " * ``create_home``: (bool) Force creation of home directory on or off\n" " * ``groups``: List of groups the user is member of\n"); static PyObject *py_sss_useradd(PySssLocalObject *self, PyObject *args, PyObject *kwds) { struct tools_ctx *tctx = NULL; unsigned long uid = 0; unsigned long gid = 0; const char *gecos = NULL; const char *home = NULL; const char *shell = NULL; const char *skel = NULL; char *username = NULL; int ret; const char * const kwlist[] = { "username", "uid", "gid", "gecos", "homedir", "shell", "skel", "create_home", "groups", NULL }; PyObject *py_groups = Py_None; PyObject *py_create_home = Py_None; int create_home = 0; bool in_transaction = false; /* parse arguments */ if (!PyArg_ParseTupleAndKeywords(args, kwds, discard_const_p(char, "s|kkssssO!O!"), discard_const_p(char *, kwlist), &username, &uid, &gid, &gecos, &home, &shell, &skel, &PyBool_Type, &py_create_home, &PyList_Type, &py_groups)) { goto fail; } tctx = init_ctx(self); if (!tctx) { PyErr_NoMemory(); return NULL; } if (py_groups != Py_None) { tctx->octx->addgroups = PyList_AsStringList(tctx, py_groups, "groups"); if (!tctx->octx->addgroups) { PyErr_NoMemory(); return NULL; } } /* user-wise the parameter is only bool - do or don't, * however we must have a third state - undecided, pick default */ if (py_create_home == Py_True) { create_home = DO_CREATE_HOME; } else if (py_create_home == Py_False) { create_home = DO_NOT_CREATE_HOME; } tctx->octx->name = username; tctx->octx->uid = uid; /* fill in defaults */ ret = useradd_defaults(tctx, self->confdb, tctx->octx, gecos, home, shell, create_home, skel); if (ret != EOK) { PyErr_SetSssError(ret); goto fail; } /* Add the user within a transaction */ tctx->error = sysdb_transaction_start(tctx->sysdb); if (tctx->error != EOK) { PyErr_SetSssError(tctx->error); goto fail; } in_transaction = true; /* useradd */ tctx->error = useradd(tctx, tctx->sysdb, tctx->octx); if (tctx->error) { PyErr_SetSssError(tctx->error); goto fail; } tctx->error = sysdb_transaction_commit(tctx->sysdb); if (tctx->error) { PyErr_SetSssError(tctx->error); goto fail; } in_transaction = false; /* Create user's home directory and/or mail spool */ if (tctx->octx->create_homedir) { /* We need to know the UID and GID of the user, if * sysdb did assign it automatically, do a lookup */ if (tctx->octx->uid == 0 || tctx->octx->gid == 0) { ret = sysdb_getpwnam_sync(tctx, tctx->sysdb, tctx->octx->name, tctx->octx); if (ret != EOK) { PyErr_SetSssError(ret); goto fail; } } ret = create_homedir(tctx->octx->skeldir, tctx->octx->home, tctx->octx->uid, tctx->octx->gid, tctx->octx->umask); if (ret != EOK) { PyErr_SetSssError(ret); goto fail; } /* failure here should not be fatal */ create_mail_spool(tctx, tctx->octx->name, tctx->octx->maildir, tctx->octx->uid, tctx->octx->gid); } talloc_zfree(tctx); Py_RETURN_NONE; fail: if (in_transaction) { /* We do not handle return value of sysdb_transaction_cancel() * because we don't want to overwrite previous error code. */ sysdb_transaction_cancel(tctx->sysdb); } talloc_zfree(tctx); return NULL; } /* * Delete a user */ PyDoc_STRVAR(py_sss_userdel__doc__, "Remove the user named ``username``.\n\n" ":param username: Name of user being removed\n" ":param kwargs: Keyword arguments that customize the operation\n\n" "* userdel can be customized further with keyword arguments:\n" " * ``force``: (bool) Force removal of files not owned by the user\n" " * ``remove``: (bool) Toggle removing home directory and mail spool\n"); static PyObject *py_sss_userdel(PySssLocalObject *self, PyObject *args, PyObject *kwds) { struct tools_ctx *tctx = NULL; char *username = NULL; int ret; PyObject *py_remove = Py_None; int remove_home = 0; PyObject *py_force = Py_None; const char * const kwlist[] = { "username", "remove", "force", NULL }; if(!PyArg_ParseTupleAndKeywords(args, kwds, discard_const_p(char, "s|O!O!"), discard_const_p(char *, kwlist), &username, &PyBool_Type, &py_remove, &PyBool_Type, &py_force)) { goto fail; } tctx = init_ctx(self); if (!tctx) { PyErr_NoMemory(); return NULL; } tctx->octx->name = username; if (py_remove == Py_True) { remove_home = DO_REMOVE_HOME; } else if (py_remove == Py_False) { remove_home = DO_NOT_REMOVE_HOME; } /* * Fills in defaults for ops_ctx user did not specify. */ ret = userdel_defaults(tctx, tctx->confdb, tctx->octx, remove_home); if (ret != EOK) { PyErr_SetSssError(ret); goto fail; } ret = run_userdel_cmd(tctx); if (ret != EOK) { PyErr_SetSssError(ret); goto fail; } if (tctx->octx->remove_homedir) { ret = sysdb_getpwnam_sync(tctx, tctx->sysdb, tctx->octx->name, tctx->octx); if (ret != EOK) { PyErr_SetSssError(ret); goto fail; } } /* Delete the user */ ret = userdel(tctx, self->sysdb, tctx->octx); if (ret != EOK) { PyErr_SetSssError(ret); goto fail; } if (tctx->octx->remove_homedir) { ret = remove_homedir(tctx, tctx->octx->home, tctx->octx->maildir, tctx->octx->name, tctx->octx->uid, (py_force == Py_True)); if (ret != EOK) { PyErr_SetSssError(ret); goto fail; } } talloc_zfree(tctx); Py_RETURN_NONE; fail: talloc_zfree(tctx); return NULL; } /* * Modify a user */ PyDoc_STRVAR(py_sss_usermod__doc__, "Modify a user.\n\n" ":param username: Name of user being modified\n\n" ":param kwargs: Keyword arguments that customize the operation\n\n" "* usermod can be customized further with keyword arguments:\n" " * ``uid``: The UID of the user\n" " * ``gid``: The GID of the user\n" " * ``gecos``: The comment string\n" " * ``homedir``: Home directory\n" " * ``shell``: Login shell\n" " * ``addgroups``: List of groups to add the user to\n" " * ``rmgroups``: List of groups to remove the user from\n" " * ``lock``: Lock or unlock the account\n"); static PyObject *py_sss_usermod(PySssLocalObject *self, PyObject *args, PyObject *kwds) { struct tools_ctx *tctx = NULL; PyObject *py_addgroups = Py_None; PyObject *py_rmgroups = Py_None; unsigned long uid = 0; unsigned long gid = 0; char *gecos = NULL; char *home = NULL; char *shell = NULL; char *username = NULL; unsigned long lock = 0; const char * const kwlist[] = { "username", "uid", "gid", "lock", "gecos", "homedir", "shell", "addgroups", "rmgroups", NULL }; bool in_transaction = false; /* parse arguments */ if (!PyArg_ParseTupleAndKeywords(args, kwds, discard_const_p(char, "s|kkksssO!O!"), discard_const_p(char *, kwlist), &username, &uid, &gid, &lock, &gecos, &home, &shell, &PyList_Type, &py_addgroups, &PyList_Type, &py_rmgroups)) { goto fail; } tctx = init_ctx(self); if (!tctx) { PyErr_NoMemory(); return NULL; } if (lock && lock != DO_LOCK && lock != DO_UNLOCK) { PyErr_SetString(PyExc_ValueError, "Unkown value for lock parameter"); goto fail; } if (py_addgroups != Py_None) { tctx->octx->addgroups = PyList_AsStringList(tctx, py_addgroups, "addgroups"); if (!tctx->octx->addgroups) { return NULL; } } if (py_rmgroups != Py_None) { tctx->octx->rmgroups = PyList_AsStringList(tctx, py_rmgroups, "rmgroups"); if (!tctx->octx->rmgroups) { return NULL; } } tctx->octx->name = username; tctx->octx->uid = uid; tctx->octx->gid = gid; tctx->octx->gecos = gecos; tctx->octx->home = home; tctx->octx->shell = shell; tctx->octx->lock = lock; /* Modify the user within a transaction */ tctx->error = sysdb_transaction_start(tctx->sysdb); if (tctx->error != EOK) { PyErr_SetSssError(tctx->error); goto fail; } in_transaction = true; /* usermod */ tctx->error = usermod(tctx, tctx->sysdb, tctx->octx); if (tctx->error) { PyErr_SetSssError(tctx->error); goto fail; } tctx->error = sysdb_transaction_commit(tctx->sysdb); if (tctx->error) { PyErr_SetSssError(tctx->error); goto fail; } in_transaction = false; talloc_zfree(tctx); Py_RETURN_NONE; fail: if (in_transaction) { /* We do not handle return value of sysdb_transaction_cancel() * because we don't want to overwrite previous error code. */ sysdb_transaction_cancel(tctx->sysdb); } talloc_zfree(tctx); return NULL; } /* * Add a group */ PyDoc_STRVAR(py_sss_groupadd__doc__, "Add a group.\n\n" ":param groupname: Name of group being added\n\n" ":param kwargs: Keyword arguments ro customize the operation\n\n" "* groupmod can be customized further with keyword arguments:\n" " * ``gid``: The GID of the group\n"); static PyObject *py_sss_groupadd(PySssLocalObject *self, PyObject *args, PyObject *kwds) { struct tools_ctx *tctx = NULL; char *groupname; unsigned long gid = 0; const char * const kwlist[] = { "groupname", "gid", NULL }; bool in_transaction = false; /* parse arguments */ if (!PyArg_ParseTupleAndKeywords(args, kwds, discard_const_p(char, "s|k"), discard_const_p(char *, kwlist), &groupname, &gid)) { goto fail; } tctx = init_ctx(self); if (!tctx) { PyErr_NoMemory(); return NULL; } tctx->octx->name = groupname; tctx->octx->gid = gid; /* Add the group within a transaction */ tctx->error = sysdb_transaction_start(tctx->sysdb); if (tctx->error != EOK) { PyErr_SetSssError(tctx->error); goto fail; } in_transaction = true; /* groupadd */ tctx->error = groupadd(tctx->sysdb, tctx->octx); if (tctx->error) { PyErr_SetSssError(tctx->error); goto fail; } tctx->error = sysdb_transaction_commit(tctx->sysdb); if (tctx->error) { PyErr_SetSssError(tctx->error); goto fail; } in_transaction = false; talloc_zfree(tctx); Py_RETURN_NONE; fail: if (in_transaction) { /* We do not handle return value of sysdb_transaction_cancel() * because we don't want to overwrite previous error code. */ sysdb_transaction_cancel(tctx->sysdb); } talloc_zfree(tctx); return NULL; } /* * Delete a group */ PyDoc_STRVAR(py_sss_groupdel__doc__, "Remove a group.\n\n" ":param groupname: Name of group being removed\n"); static PyObject *py_sss_groupdel(PySssLocalObject *self, PyObject *args, PyObject *kwds) { struct tools_ctx *tctx = NULL; char *groupname = NULL; int ret; if(!PyArg_ParseTuple(args, discard_const_p(char, "s"), &groupname)) { goto fail; } tctx = init_ctx(self); if (!tctx) { PyErr_NoMemory(); return NULL; } tctx->octx->name = groupname; /* Remove the group */ ret = groupdel(tctx, self->sysdb, tctx->octx); if (ret != EOK) { PyErr_SetSssError(ret); goto fail; } talloc_zfree(tctx); Py_RETURN_NONE; fail: talloc_zfree(tctx); return NULL; } /* * Modify a group */ PyDoc_STRVAR(py_sss_groupmod__doc__, "Modify a group.\n\n" ":param groupname: Name of group being modified\n\n" ":param kwargs: Keyword arguments ro customize the operation\n\n" "* groupmod can be customized further with keyword arguments:\n" " * ``gid``: The GID of the group\n\n" " * ``addgroups``: Groups to add the group to\n\n" " * ``rmgroups``: Groups to remove the group from\n\n"); static PyObject *py_sss_groupmod(PySssLocalObject *self, PyObject *args, PyObject *kwds) { struct tools_ctx *tctx = NULL; PyObject *py_addgroups = Py_None; PyObject *py_rmgroups = Py_None; unsigned long gid = 0; char *groupname = NULL; const char * const kwlist[] = { "groupname", "gid", "addgroups", "rmgroups", NULL }; bool in_transaction = false; /* parse arguments */ if (!PyArg_ParseTupleAndKeywords(args, kwds, discard_const_p(char, "s|kO!O!"), discard_const_p(char *, kwlist), &groupname, &gid, &PyList_Type, &py_addgroups, &PyList_Type, &py_rmgroups)) { goto fail; } tctx = init_ctx(self); if (!tctx) { PyErr_NoMemory(); return NULL; } if (py_addgroups != Py_None) { tctx->octx->addgroups = PyList_AsStringList(tctx, py_addgroups, "addgroups"); if (!tctx->octx->addgroups) { return NULL; } } if (py_rmgroups != Py_None) { tctx->octx->rmgroups = PyList_AsStringList(tctx, py_rmgroups, "rmgroups"); if (!tctx->octx->rmgroups) { return NULL; } } tctx->octx->name = groupname; tctx->octx->gid = gid; /* Modify the group within a transaction */ tctx->error = sysdb_transaction_start(tctx->sysdb); if (tctx->error != EOK) { PyErr_SetSssError(tctx->error); goto fail; } in_transaction = true; /* groupmod */ tctx->error = groupmod(tctx, tctx->sysdb, tctx->octx); if (tctx->error) { PyErr_SetSssError(tctx->error); goto fail; } tctx->error = sysdb_transaction_commit(tctx->sysdb); if (tctx->error) { PyErr_SetSssError(tctx->error); goto fail; } in_transaction = false; talloc_zfree(tctx); Py_RETURN_NONE; fail: if (in_transaction) { /* We do not handle return value of sysdb_transaction_cancel() * because we don't want to overwrite previous error code. */ sysdb_transaction_cancel(tctx->sysdb); } talloc_zfree(tctx); return NULL; } /* * Get list of groups user belongs to */ PyDoc_STRVAR(py_sss_getgrouplist__doc__, "Get list of groups user belongs to.\n\n" "NOTE: The interface uses the system NSS calls and is not limited to " "users served by the SSSD!\n" ":param username: name of user to get list for\n"); static PyObject *py_sss_getgrouplist(PyObject *self, PyObject *args) { char *username = NULL; gid_t *groups = NULL; struct passwd *pw; struct group *gr; int ngroups; int ret; Py_ssize_t i, idx; PyObject *groups_tuple; if(!PyArg_ParseTuple(args, discard_const_p(char, "s"), &username)) { goto fail; } pw = getpwnam(username); if (pw == NULL) { goto fail; } ngroups = 32; groups = malloc(sizeof(gid_t) * ngroups); if (groups == NULL) { goto fail; } do { ret = getgrouplist(username, pw->pw_gid, groups, &ngroups); if (ret < ngroups) { groups = realloc(groups, ngroups * sizeof(gid_t)); } } while (ret != ngroups); groups_tuple = PyTuple_New((Py_ssize_t) ngroups); if (groups_tuple == NULL) { goto fail; } /* Populate a tuple with names of groups * In unlikely case of group not being able to resolve, skip it * We also need to resize resulting tuple to avoid empty elements there */ idx = 0; for (i = 0; i < ngroups; i++) { gr = getgrgid(groups[i]); if (gr) { PyTuple_SetItem(groups_tuple, idx, PyString_FromString(gr->gr_name)); idx++; } } free(groups); groups = NULL; if (i != idx) { _PyTuple_Resize(&groups_tuple, idx); } return groups_tuple; fail: free(groups); return NULL; } /*** python plumbing begins here ***/ /* * The sss.local destructor */ static void PySssLocalObject_dealloc(PySssLocalObject *self) { talloc_free(self->mem_ctx); self->ob_type->tp_free((PyObject*) self); } /* * The sss.local constructor */ static PyObject *PySssLocalObject_new(PyTypeObject *type, PyObject *args, PyObject *kwds) { TALLOC_CTX *mem_ctx; PySssLocalObject *self; char *confdb_path; int ret; mem_ctx = talloc_new(NULL); if (mem_ctx == NULL) { PyErr_NoMemory(); return NULL; } self = (PySssLocalObject *) type->tp_alloc(type, 0); if (self == NULL) { talloc_free(mem_ctx); PyErr_NoMemory(); return NULL; } self->mem_ctx = mem_ctx; confdb_path = talloc_asprintf(self->mem_ctx, "%s/%s", DB_PATH, CONFDB_FILE); if (confdb_path == NULL) { talloc_free(mem_ctx); PyErr_NoMemory(); return NULL; } /* Connect to the conf db */ ret = confdb_init(self->mem_ctx, &self->confdb, confdb_path); if (ret != EOK) { talloc_free(mem_ctx); PyErr_SetSssErrorWithMessage(ret, "Could not initialize connection to the confdb\n"); return NULL; } ret = sssd_domain_init(self->mem_ctx, self->confdb, "local", DB_PATH, &self->local); if (ret != EOK) { talloc_free(mem_ctx); PyErr_SetSssErrorWithMessage(ret, "Could not initialize connection to the sysdb\n"); return NULL; } self->sysdb = self->local->sysdb; self->lock = DO_LOCK; self->unlock = DO_UNLOCK; return (PyObject *) self; } /* * sss.local object methods */ static PyMethodDef sss_local_methods[] = { { sss_py_const_p(char, "useradd"), (PyCFunction) py_sss_useradd, METH_KEYWORDS, py_sss_useradd__doc__ }, { sss_py_const_p(char, "userdel"), (PyCFunction) py_sss_userdel, METH_KEYWORDS, py_sss_userdel__doc__ }, { sss_py_const_p(char, "usermod"), (PyCFunction) py_sss_usermod, METH_KEYWORDS, py_sss_usermod__doc__ }, { sss_py_const_p(char, "groupadd"), (PyCFunction) py_sss_groupadd, METH_KEYWORDS, py_sss_groupadd__doc__ }, { sss_py_const_p(char, "groupdel"), (PyCFunction) py_sss_groupdel, METH_KEYWORDS, py_sss_groupdel__doc__ }, { sss_py_const_p(char, "groupmod"), (PyCFunction) py_sss_groupmod, METH_KEYWORDS, py_sss_groupmod__doc__ }, {NULL, NULL, 0, NULL} /* Sentinel */ }; static PyMemberDef sss_local_members[] = { { discard_const_p(char, "lock"), T_INT, offsetof(PySssLocalObject, lock), RO, NULL}, { discard_const_p(char, "unlock"), T_INT, offsetof(PySssLocalObject, unlock), RO, NULL}, {NULL, 0, 0, 0, NULL} /* Sentinel */ }; /* * sss.local object properties */ static PyTypeObject pysss_local_type = { PyObject_HEAD_INIT(NULL) .tp_name = sss_py_const_p(char, "sss.local"), .tp_basicsize = sizeof(PySssLocalObject), .tp_new = PySssLocalObject_new, .tp_dealloc = (destructor) PySssLocalObject_dealloc, .tp_methods = sss_local_methods, .tp_members = sss_local_members, .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, .tp_doc = sss_py_const_p(char, "SSS DB manipulation"), }; /* ==================== obfuscation python wrappers ========================*/ /* * The sss.local object */ typedef struct { PyObject_HEAD int aes_256; } PySssPasswordObject; PyDoc_STRVAR(py_sss_encrypt__doc__, "Obfuscate a password\n\n" ":param password: The password to obfuscate\n\n" ":param method: The obfuscation method\n\n"); static PyObject *py_sss_encrypt(PySssPasswordObject *self, PyObject *args, PyObject *kwds) { char *password = NULL; int plen; /* may contain NULL bytes */ char *obfpwd = NULL; TALLOC_CTX *tctx = NULL; int ret; int mode; PyObject *retval = NULL; /* parse arguments */ if (!PyArg_ParseTuple(args, discard_const_p(char, "s#i"), &password, &plen, &mode)) { return NULL; } tctx = talloc_new(NULL); if (!tctx) { PyErr_NoMemory(); return NULL; } ret = sss_password_encrypt(tctx, password, plen+1, mode, &obfpwd); if (ret != EOK) { PyErr_SetSssError(ret); goto fail; } retval = Py_BuildValue(sss_py_const_p(char, "s"), obfpwd); if (retval == NULL) { goto fail; } fail: talloc_zfree(tctx); return retval; } #if 0 PyDoc_STRVAR(py_sss_decrypt__doc__, "Deobfuscate a password\n\n" ":param obfpwd: The password to convert back to clear text\n\n"); static PyObject *py_sss_decrypt(PySssPasswordObject *self, PyObject *args, PyObject *kwds) { char *password = NULL; char *obfpwd = NULL; TALLOC_CTX *tctx = NULL; int ret; PyObject *retval = NULL; /* parse arguments */ if (!PyArg_ParseTuple(args, discard_const_p(char, "s"), &obfpwd)) { return NULL; } tctx = talloc_new(NULL); if (!tctx) { PyErr_NoMemory(); return NULL; } ret = sss_password_decrypt(tctx, obfpwd, &password); if (ret != EOK) { PyErr_SetSssError(ret); goto fail; } retval = Py_BuildValue("s", password); if (retval == NULL) { goto fail; } fail: talloc_zfree(tctx); return retval; } #endif /* * The sss.password destructor */ static void PySssPasswordObject_dealloc(PySssPasswordObject *self) { self->ob_type->tp_free((PyObject*) self); } /* * The sss.password constructor */ static PyObject *PySssPasswordObject_new(PyTypeObject *type, PyObject *args, PyObject *kwds) { PySssPasswordObject *self; self = (PySssPasswordObject *) type->tp_alloc(type, 0); if (self == NULL) { PyErr_NoMemory(); return NULL; } self->aes_256 = AES_256; return (PyObject *) self; } /* * sss.password object methods */ static PyMethodDef sss_password_methods[] = { { sss_py_const_p(char, "encrypt"), (PyCFunction) py_sss_encrypt, METH_VARARGS | METH_STATIC, py_sss_encrypt__doc__ }, #if 0 { "decrypt", (PyCFunction) py_sss_decrypt, METH_VARARGS | METH_STATIC, py_sss_decrypt__doc__ }, #endif {NULL, NULL, 0, NULL} /* Sentinel */ }; /* * sss.password object members */ static PyMemberDef sss_password_members[] = { { discard_const_p(char, "AES_256"), T_INT, offsetof(PySssPasswordObject, aes_256), RO, NULL}, {NULL, 0, 0, 0, NULL} /* Sentinel */ }; /* * sss.password object properties */ static PyTypeObject pysss_password_type = { PyObject_HEAD_INIT(NULL) .tp_name = sss_py_const_p(char, "sss.password"), .tp_basicsize = sizeof(PySssPasswordObject), .tp_new = PySssPasswordObject_new, .tp_dealloc = (destructor) PySssPasswordObject_dealloc, .tp_methods = sss_password_methods, .tp_members = sss_password_members, .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, .tp_doc = sss_py_const_p(char, "SSS password obfuscation"), }; /* ==================== the sss module initialization =======================*/ /* * Module methods */ static PyMethodDef module_methods[] = { {"getgrouplist", py_sss_getgrouplist, METH_VARARGS, py_sss_getgrouplist__doc__}, {NULL, NULL, 0, NULL} /* Sentinel */ }; /* * Module initialization */ PyMODINIT_FUNC initpysss(void) { PyObject *m; if (PyType_Ready(&pysss_local_type) < 0) return; if (PyType_Ready(&pysss_password_type) < 0) return; m = Py_InitModule(discard_const_p(char, "pysss"), module_methods); if (m == NULL) return; Py_INCREF(&pysss_local_type); PyModule_AddObject(m, discard_const_p(char, "local"), (PyObject *)&pysss_local_type); Py_INCREF(&pysss_password_type); PyModule_AddObject(m, discard_const_p(char, "password"), (PyObject *)&pysss_password_type); } sssd-1.11.5/src/python/PaxHeaders.13173/pysss_nss_idmap.c0000644000000000000000000000007412320753107021245 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.701874916 sssd-1.11.5/src/python/pysss_nss_idmap.c0000664002412700241270000002454612320753107021502 0ustar00jhrozekjhrozek00000000000000/* Authors: Sumit Bose Alexander Bokovoy Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "util/sss_python.h" #include "sss_client/idmap/sss_nss_idmap.h" #define SSS_NAME_KEY "name" #define SSS_SID_KEY "sid" #define SSS_ID_KEY "id" #define SSS_TYPE_KEY "type" enum lookup_type { SIDBYNAME, SIDBYID, NAMEBYSID, IDBYSID }; static int add_dict(PyObject *py_result, PyObject *key, PyObject *res_type, PyObject *res, PyObject *id_type) { int ret; PyObject *py_dict; py_dict = PyDict_New(); if (py_dict == NULL) { return ENOMEM; } ret = PyDict_SetItem(py_dict, res_type, res); if (ret != 0) { Py_XDECREF(py_dict); return ret; } ret = PyDict_SetItem(py_dict, PyString_FromString(SSS_TYPE_KEY), id_type); if (ret != 0) { Py_XDECREF(py_dict); return ret; } ret = PyDict_SetItem(py_result, key, py_dict); return ret; } static char *py_string_or_unicode_as_string(PyObject *inp) { PyObject *py_str = NULL; if (PyUnicode_Check(inp)) { py_str = PyUnicode_AsUTF8String(inp); } else if (PyString_Check(inp)) { py_str = inp; } else { PyErr_Format(PyExc_TypeError, "input must be unicode or a string"); return NULL; } return PyString_AS_STRING(py_str); } static int do_getsidbyname(PyObject *py_result, PyObject *py_name) { int ret; const char *name; char *sid = NULL; enum sss_id_type id_type; name = py_string_or_unicode_as_string(py_name); if (name == NULL) { return EINVAL; } ret = sss_nss_getsidbyname(name, &sid, &id_type); if (ret == 0) { ret = add_dict(py_result, py_name, PyString_FromString(SSS_SID_KEY), PyUnicode_FromString(sid), PyInt_FromLong(id_type)); } free(sid); return ret; } static int do_getnamebysid(PyObject *py_result, PyObject *py_sid) { int ret; const char *sid; char *name = NULL; enum sss_id_type id_type; sid = py_string_or_unicode_as_string(py_sid); if (sid == NULL) { return EINVAL; } ret = sss_nss_getnamebysid(sid, &name, &id_type); if (ret == 0) { ret = add_dict(py_result, py_sid, PyString_FromString(SSS_NAME_KEY), PyUnicode_FromString(name), PyInt_FromLong(id_type)); } free(name); return ret; } static int do_getsidbyid(PyObject *py_result, PyObject *py_id) { long id; const char *id_str; char *endptr; char *sid = NULL; int ret; enum sss_id_type id_type; if (PyInt_Check(py_id)) { id = PyInt_AS_LONG(py_id); } else if (PyLong_Check(py_id)) { id = PyLong_AsLong(py_id); } else { id_str = py_string_or_unicode_as_string(py_id); if (id_str == NULL) { return EINVAL; } errno = 0; id = strtol(id_str, &endptr, 10); if (errno != 0 || *endptr != '\0') { return EINVAL; } } if (id < 0 || id > UINT32_MAX) { return EINVAL; } ret = sss_nss_getsidbyid((uint32_t) id, &sid, &id_type); if (ret == 0) { ret = add_dict(py_result, py_id, PyString_FromString(SSS_SID_KEY), PyUnicode_FromString(sid), PyInt_FromLong(id_type)); } free(sid); return ret; } static int do_getidbysid(PyObject *py_result, PyObject *py_sid) { const char *sid; uint32_t id; enum sss_id_type id_type; int ret; sid = py_string_or_unicode_as_string(py_sid); if (sid == NULL) { return EINVAL; } ret = sss_nss_getidbysid(sid, &id, &id_type); if (ret == 0) { ret = add_dict(py_result, py_sid, PyString_FromString(SSS_ID_KEY), PyInt_FromLong(id), PyInt_FromLong(id_type)); } return ret; } static int do_lookup(enum lookup_type type, PyObject *py_result, PyObject *py_inp) { switch(type) { case SIDBYNAME: return do_getsidbyname(py_result, py_inp); break; case NAMEBYSID: return do_getnamebysid(py_result, py_inp); break; case SIDBYID: return do_getsidbyid(py_result, py_inp); break; case IDBYSID: return do_getidbysid(py_result, py_inp); break; default: return ENOSYS; } return ENOSYS; } static PyObject *check_args(enum lookup_type type, PyObject *args) { PyObject *obj, *py_value; int ret; Py_ssize_t len, i; PyObject *py_result; if (!PyArg_ParseTuple(args, sss_py_const_p(char, "O"), &obj)) { PyErr_Format(PyExc_ValueError, "Unable to retrieve argument\n"); return NULL; } if (!(PyList_Check(obj) || PyTuple_Check(obj) || PyString_Check(obj) || PyUnicode_Check(obj) || (type == SIDBYID && (PyInt_Check(obj) || PyLong_Check(obj))))) { PyErr_Format(PyExc_ValueError, "Only string, long or list or tuples of them " \ "are accepted\n"); return NULL; } py_result = PyDict_New(); Py_XINCREF(py_result); if (py_result == NULL) { PyErr_Format(PyExc_MemoryError, "Unable to allocate resulting dictionary\n"); return NULL; } if (PyList_Check(obj) || PyTuple_Check(obj)) { len = PySequence_Size(obj); for(i=0; i < len; i++) { py_value = PySequence_GetItem(obj, i); if ((py_value != NULL) && (PyString_Check(py_value) || PyUnicode_Check(py_value) || (type == SIDBYID && (PyInt_Check(py_value) || PyLong_Check(py_value))))) { ret = do_lookup(type, py_result, py_value); if (ret != 0) { /* Skip this name */ continue; } } } } else { ret = do_lookup(type, py_result, obj); switch (ret) { case 0: case ENOENT: /* nothing found, return empty dict */ break; case EINVAL: PyErr_Format(PyExc_ValueError, "Unable to retrieve argument\n"); Py_XDECREF(py_result); return NULL; break; default: PyErr_Format(PyExc_IOError, "Operation not supported\n"); Py_XDECREF(py_result); return NULL; } } Py_XDECREF(py_result); return py_result; } PyDoc_STRVAR(getsidbyname_doc, "getsidbyname(name or list/tuple of names) -> dict(name => dict(results))\n\ \n\ Returns a dictionary with a dictonary of results for each given name.\n\ The result dictonary contain the SID and the type of the object which can be\n\ accessed with the key constants SID_KEY and TYPE_KEY, respectively.\n\ \n\ The return type can be one of the following constants:\n\ - ID_NOT_SPECIFIED\n\ - ID_USER\n\ - ID_GROUP\n\ - ID_BOTH" ); static PyObject * py_getsidbyname(PyObject *module, PyObject *args) { return check_args(SIDBYNAME, args); } PyDoc_STRVAR(getsidbyid_doc, "getsidbyid(id or list/tuple of id) -> dict(id => dict(results))\n\ \n\ Returns a dictionary with a dictonary of results for each given POSIX ID.\n\ The result dictonary contain the SID and the type of the object which can be\n\ accessed with the key constants SID_KEY and TYPE_KEY, respectively." ); static PyObject * py_getsidbyid(PyObject *module, PyObject *args) { return check_args(SIDBYID, args); } PyDoc_STRVAR(getnamebysid_doc, "getnamebysid(sid or list/tuple of sid) -> dict(sid => dict(results))\n\ \n\ Returns a dictionary with a dictonary of results for each given SID.\n\ The result dictonary contain the name and the type of the object which can be\n\ accessed with the key constants NAME_KEY and TYPE_KEY, respectively.\n\ \n\ NOTE: getnamebysid currently works only with id_provider set as \"ad\" or \"ipa\"" ); static PyObject * py_getnamebysid(PyObject *module, PyObject *args) { return check_args(NAMEBYSID, args); } PyDoc_STRVAR(getidbysid_doc, "getidbysid(sid) -> POSIX ID\n\ \n\ Returns the POSIX ID of the object with the given SID." "getidbysid(sid or list/tuple of sid) -> dict(sid => dict(results))\n\ \n\ Returns a dictionary with a dictonary of results for each given SID.\n\ The result dictonary contain the POSIX ID and the type of the object which\n\ can be accessed with the key constants ID_KEY and TYPE_KEY, respectively." ); static PyObject * py_getidbysid(PyObject *module, PyObject *args) { return check_args(IDBYSID, args); } static PyMethodDef methods[] = { { sss_py_const_p(char, "getsidbyname"), (PyCFunction) py_getsidbyname, METH_VARARGS, getsidbyname_doc }, { sss_py_const_p(char, "getsidbyid"), (PyCFunction) py_getsidbyid, METH_VARARGS, getsidbyid_doc }, { sss_py_const_p(char, "getnamebysid"), (PyCFunction) py_getnamebysid, METH_VARARGS, getnamebysid_doc }, { sss_py_const_p(char, "getidbysid"), (PyCFunction) py_getidbysid, METH_VARARGS, getidbysid_doc }, { NULL,NULL, 0, NULL } }; PyMODINIT_FUNC initpysss_nss_idmap(void) { PyObject *module; module = Py_InitModule3(sss_py_const_p(char, "pysss_nss_idmap"), methods, sss_py_const_p(char, "SSSD ID-mapping functions")); PyModule_AddIntConstant(module, "ID_NOT_SPECIFIED", SSS_ID_TYPE_NOT_SPECIFIED); PyModule_AddIntConstant(module, "ID_USER", SSS_ID_TYPE_UID); PyModule_AddIntConstant(module, "ID_GROUP", SSS_ID_TYPE_GID); PyModule_AddIntConstant(module, "ID_BOTH", SSS_ID_TYPE_BOTH); PyModule_AddStringConstant(module, "SID_KEY", SSS_SID_KEY); PyModule_AddStringConstant(module, "NAME_KEY", SSS_NAME_KEY); PyModule_AddStringConstant(module, "ID_KEY", SSS_ID_KEY); PyModule_AddStringConstant(module, "TYPE_KEY", SSS_TYPE_KEY); } sssd-1.11.5/src/PaxHeaders.13173/resolv0000644000000000000000000000013212320753521015572 xustar000000000000000030 mtime=1396954961.530875042 30 atime=1396955003.534843847 30 ctime=1396954961.530875042 sssd-1.11.5/src/resolv/0000775002412700241270000000000012320753521016076 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/resolv/PaxHeaders.13173/ares0000644000000000000000000000013212320753521016524 xustar000000000000000030 mtime=1396954961.737874889 30 atime=1396955003.534843847 30 ctime=1396954961.737874889 sssd-1.11.5/src/resolv/ares/0000775002412700241270000000000012320753521017030 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/resolv/ares/PaxHeaders.13173/ares_parse_srv_reply.c0000644000000000000000000000007412320753107023203 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.531875042 sssd-1.11.5/src/resolv/ares/ares_parse_srv_reply.c0000664002412700241270000001221612320753107023427 0ustar00jhrozekjhrozek00000000000000/* SSSD Async resolver - SRV records parsing Authors: Jakub Hrozek Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* * This code is based on other c-ares parsing licensed as follows: * Copyright 1998 by the Massachusetts Institute of Technology. * * Permission to use, copy, modify, and distribute this * software and its documentation for any purpose and without * fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright * notice and this permission notice appear in supporting * documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" * without express or implied warranty. */ #include #include #include #include #include #include #include #include "ares.h" /* this drags in some private macros c-ares uses */ #include "ares_dns.h" #include "ares_data.h" #include "ares_parse_srv_reply.h" int _ares_parse_srv_reply (const unsigned char *abuf, int alen, struct ares_srv_reply **srv_out) { unsigned int qdcount, ancount, i; const unsigned char *aptr, *vptr; int status, rr_type, rr_class, rr_len; long len; char *hostname = NULL, *rr_name = NULL; struct ares_srv_reply *srv_head = NULL; struct ares_srv_reply *srv_last = NULL; struct ares_srv_reply *srv_curr; /* Set *srv_out to NULL for all failure cases. */ *srv_out = NULL; /* Give up if abuf doesn't have room for a header. */ if (alen < HFIXEDSZ) return ARES_EBADRESP; /* Fetch the question and answer count from the header. */ qdcount = DNS_HEADER_QDCOUNT (abuf); ancount = DNS_HEADER_ANCOUNT (abuf); if (qdcount != 1) return ARES_EBADRESP; if (ancount == 0) return ARES_ENODATA; /* Expand the name from the question, and skip past the question. */ aptr = abuf + HFIXEDSZ; status = ares_expand_name (aptr, abuf, alen, &hostname, &len); if (status != ARES_SUCCESS) return status; if (aptr + len + QFIXEDSZ > abuf + alen) { free (hostname); return ARES_EBADRESP; } aptr += len + QFIXEDSZ; /* Examine each answer resource record (RR) in turn. */ for (i = 0; i < (int) ancount; i++) { /* Decode the RR up to the data field. */ status = ares_expand_name (aptr, abuf, alen, &rr_name, &len); if (status != ARES_SUCCESS) { break; } aptr += len; if (aptr + RRFIXEDSZ > abuf + alen) { status = ARES_EBADRESP; break; } rr_type = DNS_RR_TYPE (aptr); rr_class = DNS_RR_CLASS (aptr); rr_len = DNS_RR_LEN (aptr); aptr += RRFIXEDSZ; /* Check if we are really looking at a SRV record */ if (rr_class == C_IN && rr_type == T_SRV) { /* parse the SRV record itself */ if (rr_len < 6) { status = ARES_EBADRESP; break; } /* Allocate storage for this SRV answer appending it to the list */ srv_curr = _ares_malloc_data(ARES_DATATYPE_SRV_REPLY); if (!srv_curr) { status = ARES_ENOMEM; break; } if (srv_last) { srv_last->next = srv_curr; } else { srv_head = srv_curr; } srv_last = srv_curr; vptr = aptr; srv_curr->priority = DNS__16BIT(vptr); vptr += sizeof(const unsigned short); srv_curr->weight = DNS__16BIT(vptr); vptr += sizeof(const unsigned short); srv_curr->port = DNS__16BIT(vptr); vptr += sizeof(const unsigned short); status = ares_expand_name (vptr, abuf, alen, &srv_curr->host, &len); if (status != ARES_SUCCESS) break; } /* Don't lose memory in the next iteration */ free(rr_name); rr_name = NULL; /* Move on to the next record */ aptr += rr_len; } if (hostname) free (hostname); if (rr_name) free (rr_name); /* clean up on error */ if (status != ARES_SUCCESS) { if (srv_head) _ares_free_data (srv_head); return status; } /* everything looks fine, return the data */ *srv_out = srv_head; return ARES_SUCCESS; } sssd-1.11.5/src/resolv/ares/PaxHeaders.13173/ares_parse_srv_reply.h0000644000000000000000000000007412320753107023210 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.500875064 sssd-1.11.5/src/resolv/ares/ares_parse_srv_reply.h0000664002412700241270000000224412320753107023434 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __ARES_PARSE_SRV_REPLY_H__ #define __ARES_PARSE_SRV_REPLY_H__ struct ares_srv_reply { struct ares_srv_reply *next; char *host; unsigned short priority; unsigned short weight; unsigned short port; }; int _ares_parse_srv_reply (const unsigned char *abuf, int alen, struct ares_srv_reply **srv_out); #endif /* __ARES_PARSE_SRV_REPLY_H__ */ sssd-1.11.5/src/resolv/ares/PaxHeaders.13173/ares_parse_txt_reply.h0000644000000000000000000000007412320753107023215 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.501875064 sssd-1.11.5/src/resolv/ares/ares_parse_txt_reply.h0000664002412700241270000000220112320753107023432 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __ARES_PARSE_TXT_REPLY_H__ #define __ARES_PARSE_TXT_REPLY_H__ struct ares_txt_reply { struct ares_txt_reply *next; unsigned char *txt; size_t length; /* length excludes null termination */ }; int _ares_parse_txt_reply(const unsigned char* abuf, int alen, struct ares_txt_reply **txt_out); #endif /* __ARES_PARSE_TXT_REPLY_H__ */ sssd-1.11.5/src/resolv/ares/PaxHeaders.13173/ares_data.h0000644000000000000000000000007412320753107020702 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.502875063 sssd-1.11.5/src/resolv/ares/ares_data.h0000664002412700241270000000515612320753107021133 0ustar00jhrozekjhrozek00000000000000/* $Id: ares_data.h,v 1.2 2009-11-23 12:03:33 yangtse Exp $ */ /* Copyright (C) 2009 by Daniel Stenberg * * Permission to use, copy, modify, and distribute this * software and its documentation for any purpose and without * fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright * notice and this permission notice appear in supporting * documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" * without express or implied warranty. */ #ifndef HAVE_ARES_DATA #include "resolv/ares/ares_parse_txt_reply.h" #include "resolv/ares/ares_parse_srv_reply.h" #endif /* HAVE_ARES_DATA */ typedef enum { ARES_DATATYPE_UNKNOWN = 1, /* unknown data type - introduced in 1.7.0 */ ARES_DATATYPE_SRV_REPLY, /* struct ares_srv_reply - introduced in 1.7.0 */ ARES_DATATYPE_TXT_REPLY, /* struct ares_txt_reply - introduced in 1.7.0 */ #if 0 ARES_DATATYPE_ADDR6TTL, /* struct ares_addrttl */ ARES_DATATYPE_ADDRTTL, /* struct ares_addr6ttl */ ARES_DATATYPE_HOSTENT, /* struct hostent */ ARES_DATATYPE_OPTIONS, /* struct ares_options */ #endif ARES_DATATYPE_LAST /* not used - introduced in 1.7.0 */ } ares_datatype; #define ARES_DATATYPE_MARK 0xbead /* * ares_data struct definition is internal to c-ares and shall not * be exposed by the public API in order to allow future changes * and extensions to it without breaking ABI. This will be used * internally by c-ares as the container of multiple types of data * dynamically allocated for which a reference will be returned * to the calling application. * * c-ares API functions returning a pointer to c-ares internally * allocated data will actually be returning an interior pointer * into this ares_data struct. * * All this is 'invisible' to the calling application, the only * requirement is that this kind of data must be free'ed by the * calling application using ares_free_data() with the pointer * it has received from a previous c-ares function call. */ struct ares_data { ares_datatype type; /* Actual data type identifier. */ unsigned int mark; /* Private ares_data signature. */ union { struct ares_txt_reply txt_reply; struct ares_srv_reply srv_reply; } data; }; void *_ares_malloc_data(ares_datatype type); void _ares_free_data(void *dataptr); ares_datatype ares_get_datatype(void * dataptr); sssd-1.11.5/src/resolv/ares/PaxHeaders.13173/ares_parse_txt_reply.c0000644000000000000000000000007412320753107023210 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.737874889 sssd-1.11.5/src/resolv/ares/ares_parse_txt_reply.c0000664002412700241270000001373212320753107023440 0ustar00jhrozekjhrozek00000000000000/* SSSD Async resolver - TXT records parsing Authors: Jakub Hrozek Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ /* * This code is based on other c-ares parsing licensed as follows: * Copyright 1998 by the Massachusetts Institute of Technology. * * Permission to use, copy, modify, and distribute this * software and its documentation for any purpose and without * fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright * notice and this permission notice appear in supporting * documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" * without express or implied warranty. */ #include #include #include #include #include #include #include #include "ares.h" /* this drags in some private macros c-ares uses */ #include "ares_dns.h" #include "ares_data.h" #include "ares_parse_txt_reply.h" int _ares_parse_txt_reply (const unsigned char *abuf, int alen, struct ares_txt_reply **txt_out) { size_t substr_len, str_len; unsigned int qdcount, ancount, i; const unsigned char *aptr; const unsigned char *strptr; int status, rr_type, rr_class, rr_len; long len; char *hostname = NULL, *rr_name = NULL; struct ares_txt_reply *txt_head = NULL; struct ares_txt_reply *txt_last = NULL; struct ares_txt_reply *txt_curr; /* Set *txt_out to NULL for all failure cases. */ *txt_out = NULL; /* Give up if abuf doesn't have room for a header. */ if (alen < HFIXEDSZ) return ARES_EBADRESP; /* Fetch the question and answer count from the header. */ qdcount = DNS_HEADER_QDCOUNT(abuf); ancount = DNS_HEADER_ANCOUNT(abuf); if (qdcount != 1) return ARES_EBADRESP; if (ancount == 0) return ARES_ENODATA; /* Expand the name from the question, and skip past the question. */ aptr = abuf + HFIXEDSZ; status = ares_expand_name(aptr, abuf, alen, &hostname, &len); if (status != ARES_SUCCESS) return status; if (aptr + len + QFIXEDSZ > abuf + alen) { free (hostname); return ARES_EBADRESP; } aptr += len + QFIXEDSZ; /* Examine each answer resource record (RR) in turn. */ for (i = 0; i < (int) ancount; i++) { /* Decode the RR up to the data field. */ status = ares_expand_name(aptr, abuf, alen, &rr_name, &len); if (status != ARES_SUCCESS) { break; } aptr += len; if (aptr + RRFIXEDSZ > abuf + alen) { status = ARES_EBADRESP; break; } rr_type = DNS_RR_TYPE(aptr); rr_class = DNS_RR_CLASS(aptr); rr_len = DNS_RR_LEN(aptr); aptr += RRFIXEDSZ; /* Check if we are really looking at a TXT record */ if (rr_class == C_IN && rr_type == T_TXT) { /* Allocate storage for this TXT answer appending it to the list */ txt_curr = _ares_malloc_data(ARES_DATATYPE_TXT_REPLY); if (!txt_curr) { status = ARES_ENOMEM; break; } if (txt_last) { txt_last->next = txt_curr; } else { txt_head = txt_curr; } txt_last = txt_curr; /* * There may be multiple substrings in a single TXT record. Each * substring may be up to 255 characters in length, with a * "length byte" indicating the size of the substring payload. * RDATA contains both the length-bytes and payloads of all * substrings contained therein. */ /* Compute total length to allow a single memory allocation */ strptr = aptr; while (strptr < (aptr + rr_len)) { substr_len = (unsigned char)*strptr; txt_curr->length += substr_len; strptr += substr_len + 1; } /* Including null byte */ txt_curr->txt = malloc (txt_curr->length + 1); if (txt_curr->txt == NULL) { status = ARES_ENOMEM; break; } /* Step through the list of substrings, concatenating them */ str_len = 0; strptr = aptr; while (strptr < (aptr + rr_len)) { substr_len = (unsigned char)*strptr; strptr++; memcpy ((char *) txt_curr->txt + str_len, strptr, substr_len); str_len += substr_len; strptr += substr_len; } /* Make sure we NULL-terminate */ *((char *) txt_curr->txt + txt_curr->length) = '\0'; } /* Don't lose memory in the next iteration */ free(rr_name); rr_name = NULL; /* Move on to the next record */ aptr += rr_len; } if (hostname) free (hostname); if (rr_name) free (rr_name); /* clean up on error */ if (status != ARES_SUCCESS) { if (txt_head) _ares_free_data (txt_head); return status; } /* everything looks fine, return the data */ *txt_out = txt_head; return ARES_SUCCESS; } sssd-1.11.5/src/resolv/ares/PaxHeaders.13173/ares_data.c0000644000000000000000000000007312320753107020674 xustar000000000000000030 atime=1396954939.269891429 29 ctime=1396954961.53387504 sssd-1.11.5/src/resolv/ares/ares_data.c0000664002412700241270000000710712320753107021124 0ustar00jhrozekjhrozek00000000000000/* $Id: ares_data.c,v 1.2 2009-11-20 09:06:33 yangtse Exp $ */ /* Copyright (C) 2009 by Daniel Stenberg * * Permission to use, copy, modify, and distribute this * software and its documentation for any purpose and without * fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright * notice and this permission notice appear in supporting * documentation, and that the name of M.I.T. not be used in * advertising or publicity pertaining to distribution of the * software without specific, written prior permission. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" * without express or implied warranty. */ #include #include #include "ares.h" #include "ares_data.h" /* ** ares_free_data() - c-ares external API function. ** ** This function must be used by the application to free data memory that ** has been internally allocated by some c-ares function and for which a ** pointer has already been returned to the calling application. The list ** of c-ares functions returning pointers that must be free'ed using this ** function is: ** ** ares_parse_srv_reply() ** ares_parse_txt_reply() */ void _ares_free_data(void *dataptr) { struct ares_data *ptr; if (!dataptr) return; ptr = (void *)((char *)dataptr - offsetof(struct ares_data, data)); if (ptr->mark != ARES_DATATYPE_MARK) return; switch (ptr->type) { case ARES_DATATYPE_SRV_REPLY: if (ptr->data.srv_reply.next) _ares_free_data(ptr->data.srv_reply.next); if (ptr->data.srv_reply.host) free(ptr->data.srv_reply.host); break; case ARES_DATATYPE_TXT_REPLY: if (ptr->data.txt_reply.next) _ares_free_data(ptr->data.txt_reply.next); if (ptr->data.txt_reply.txt) free(ptr->data.txt_reply.txt); break; default: return; } free(ptr); } /* ** ares_malloc_data() - c-ares internal helper function. ** ** This function allocates memory for a c-ares private ares_data struct ** for the specified ares_datatype, initializes c-ares private fields ** and zero initializes those which later might be used from the public ** API. It returns an interior pointer which can be passed by c-ares ** functions to the calling application, and that must be free'ed using ** c-ares external API function ares_free_data(). */ void *_ares_malloc_data(ares_datatype type) { struct ares_data *ptr; ptr = malloc(sizeof(struct ares_data)); if (!ptr) return NULL; switch (type) { case ARES_DATATYPE_SRV_REPLY: ptr->data.srv_reply.next = NULL; ptr->data.srv_reply.host = NULL; ptr->data.srv_reply.priority = 0; ptr->data.srv_reply.weight = 0; ptr->data.srv_reply.port = 0; break; case ARES_DATATYPE_TXT_REPLY: ptr->data.txt_reply.next = NULL; ptr->data.txt_reply.txt = NULL; ptr->data.txt_reply.length = 0; break; default: free(ptr); return NULL; } ptr->mark = ARES_DATATYPE_MARK; ptr->type = type; return &ptr->data; } /* ** ares_get_datatype() - c-ares internal helper function. ** ** This function returns the ares_datatype of the data stored in a ** private ares_data struct when given the public API pointer. */ ares_datatype ares_get_datatype(void * dataptr) { struct ares_data *ptr; ptr = (void *)((char *)dataptr - offsetof(struct ares_data, data)); if (ptr->mark == ARES_DATATYPE_MARK) return ptr->type; return ARES_DATATYPE_UNKNOWN; } sssd-1.11.5/src/resolv/PaxHeaders.13173/async_resolv.c0000644000000000000000000000007412320753107020527 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.528875044 sssd-1.11.5/src/resolv/async_resolv.c0000664002412700241270000016756512320753107020775 0ustar00jhrozekjhrozek00000000000000/* SSSD Async resolver Authors: Martin Nagy Jakub Hrozek Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include #include #include #include "config.h" #include "resolv/async_resolv.h" #include "util/dlinklist.h" #include "util/util.h" #ifndef HAVE_ARES_DATA #define ares_parse_srv_reply(abuf, alen, srv_out) \ _ares_parse_srv_reply(abuf, alen, srv_out) #define ares_parse_txt_reply(abuf, alen, txt_out) \ _ares_parse_txt_reply(abuf, alen, txt_out) #define ares_free_data(dataptr) \ _ares_free_data(dataptr) #define ares_malloc_data(data) \ _ares_malloc_data(data) #endif /* HAVE_ARES_DATA */ #ifndef HAVE_STRUCT_ARES_ADDRTTL #define ares_addrttl addrttl #endif #ifndef HAVE_STRUCT_ARES_ADDR6TTL #define ares_addr6ttl addr6ttl #endif #define DNS__16BIT(p) (((p)[0] << 8) | (p)[1]) #define DNS_HEADER_ANCOUNT(h) DNS__16BIT((h) + 6) #define RESOLV_TIMEOUTMS 2000 enum host_database default_host_dbs[] = { DB_FILES, DB_DNS, DB_SENTINEL }; struct fd_watch { struct fd_watch *prev; struct fd_watch *next; int fd; struct resolv_ctx *ctx; struct tevent_fd *fde; }; struct resolv_ctx { struct tevent_context *ev_ctx; ares_channel channel; /* List of file descriptors that are watched by tevent. */ struct fd_watch *fds; /* Time in milliseconds before canceling a DNS request */ int timeout; /* The timeout watcher periodically calls ares_process_fd() to check * if our pending requests didn't timeout. */ int pending_requests; struct tevent_timer *timeout_watcher; }; struct request_watch { struct tevent_req *req; struct resolv_request *rr; }; struct resolv_request { struct resolv_ctx *ctx; struct request_watch *rwatch; struct tevent_timer *request_timeout; }; static int return_code(int ares_code) { switch (ares_code) { case ARES_SUCCESS: return EOK; case ARES_ENOMEM: return ENOMEM; case ARES_EFILE: default: return EIO; } } const char * resolv_strerror(int ares_code) { return ares_strerror(ares_code); } static int fd_watch_destructor(struct fd_watch *f) { DLIST_REMOVE(f->ctx->fds, f); f->fd = -1; return 0; } static void fd_input_available(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *data) { struct fd_watch *watch = talloc_get_type(data, struct fd_watch); if (watch->ctx->channel == NULL) { DEBUG(1, ("Invalid ares channel - this is likely a bug\n")); return; } if (flags & TEVENT_FD_READ) { ares_process_fd(watch->ctx->channel, watch->fd, ARES_SOCKET_BAD); } if (flags & TEVENT_FD_WRITE) { ares_process_fd(watch->ctx->channel, ARES_SOCKET_BAD, watch->fd); } } static void check_fd_timeouts(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *private_data); static void add_timeout_timer(struct tevent_context *ev, struct resolv_ctx *ctx) { struct timeval tv = { 0, 0 }; struct timeval *tvp; if (ctx->timeout_watcher) { return; } tvp = ares_timeout(ctx->channel, NULL, &tv); if (tvp == NULL) { tvp = &tv; } /* Enforce a minimum of 1 second. */ if (tvp->tv_sec < 1) { tv = tevent_timeval_current_ofs(1, 0); } else { tv = tevent_timeval_current_ofs(tvp->tv_sec, tvp->tv_usec); } ctx->timeout_watcher = tevent_add_timer(ev, ctx, tv, check_fd_timeouts, ctx); if (ctx->timeout_watcher == NULL) { DEBUG(1, ("Out of memory\n")); } } static void check_fd_timeouts(struct tevent_context *ev, struct tevent_timer *te, struct timeval current_time, void *private_data) { struct resolv_ctx *ctx = talloc_get_type(private_data, struct resolv_ctx); DEBUG(9, ("Checking for DNS timeouts\n")); /* NULLify the timeout_watcher so we don't * free it in the _done() function if it * gets called. Now that we're already in * the handler, tevent will take care of * freeing it when it returns. */ ctx->timeout_watcher = NULL; ares_process_fd(ctx->channel, ARES_SOCKET_BAD, ARES_SOCKET_BAD); if (ctx->pending_requests > 0) { add_timeout_timer(ev, ctx); } } static void resolv_request_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { struct resolv_request *rreq; DEBUG(SSSDBG_MINOR_FAILURE, ("The resolve request timed out\n")); rreq = talloc_get_type(pvt, struct resolv_request); if (rreq->rwatch == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("The request already completed\n")); return; } tevent_req_error(rreq->rwatch->req, ETIMEDOUT); rreq->rwatch = NULL; } static int request_watch_destructor(struct request_watch *rwatch) { DEBUG(SSSDBG_TRACE_FUNC, ("Deleting request watch\n")); if (rwatch->rr) rwatch->rr->rwatch = NULL; return 0; } static struct resolv_request * schedule_request_timeout(struct tevent_context *ev, struct resolv_ctx *ctx, struct tevent_req *req) { struct resolv_request *rreq; struct timeval tv; DEBUG(SSSDBG_TRACE_INTERNAL, ("Scheduling a timeout of %d seconds\n", ctx->timeout)); tv = tevent_timeval_current_ofs(ctx->timeout, 0); /* Intentionally allocating on ctx, because the request might go away * before c-ares returns */ rreq = talloc(ctx, struct resolv_request); if (!rreq) { talloc_zfree(req); return NULL; } rreq->ctx = ctx; rreq->request_timeout = tevent_add_timer(ev, rreq, tv, resolv_request_timeout, rreq); if (rreq->request_timeout == NULL) { talloc_free(rreq); return NULL; } /* The watch will go away when the request finishes */ rreq->rwatch = talloc(req, struct request_watch); if (!rreq->rwatch) { talloc_zfree(req); return NULL; } rreq->rwatch->req = req; rreq->rwatch->rr = rreq; talloc_set_destructor(rreq->rwatch, request_watch_destructor); return rreq; } static struct resolv_request * schedule_timeout_watcher(struct tevent_context *ev, struct resolv_ctx *ctx, struct tevent_req *req) { struct resolv_request *rreq; rreq = schedule_request_timeout(ev, ctx, req); if (!rreq) return NULL; ctx->pending_requests++; DEBUG(SSSDBG_TRACE_INTERNAL, ("Scheduling DNS timeout watcher\n")); add_timeout_timer(ev, ctx); return rreq; } static void unschedule_timeout_watcher(struct resolv_ctx *ctx, struct resolv_request *rreq) { /* Unlink the watch if the request is still active */ if (rreq->rwatch) { rreq->rwatch->rr = NULL; } talloc_free(rreq); /* Cancels the tevent timeout as well */ if (ctx->pending_requests <= 0) { DEBUG(1, ("Pending DNS requests mismatch\n")); return; } ctx->pending_requests--; if (ctx->pending_requests == 0) { DEBUG(9, ("Unscheduling DNS timeout watcher\n")); talloc_zfree(ctx->timeout_watcher); } } static void fd_event_add(struct resolv_ctx *ctx, int s, int flags); static void fd_event_close(struct resolv_ctx *ctx, int s); /* * When ares is ready to read or write to a file descriptor, it will * call this callback. If both read and write are 0, it means that ares * will soon close the socket. We are mainly using this function to register * new file descriptors with tevent. */ static void fd_event(void *data, int s, int fd_read, int fd_write) { struct resolv_ctx *ctx = talloc_get_type(data, struct resolv_ctx); struct fd_watch *watch; int flags; /* The socket is about to get closed. */ if (fd_read == 0 && fd_write == 0) { fd_event_close(ctx, s); return; } flags = fd_read ? TEVENT_FD_READ : 0; flags |= fd_write ? TEVENT_FD_WRITE : 0; /* Are we already watching this file descriptor? */ watch = ctx->fds; while (watch) { if (watch->fd == s) { tevent_fd_set_flags(watch->fde, flags); return; } watch = watch->next; } fd_event_add(ctx, s, flags); } static void fd_event_add(struct resolv_ctx *ctx, int s, int flags) { struct fd_watch *watch; /* The file descriptor is new, register it with tevent. */ watch = talloc(ctx, struct fd_watch); if (watch == NULL) { DEBUG(1, ("Out of memory allocating fd_watch structure\n")); return; } talloc_set_destructor(watch, fd_watch_destructor); watch->fd = s; watch->ctx = ctx; watch->fde = tevent_add_fd(ctx->ev_ctx, watch, s, flags, fd_input_available, watch); if (watch->fde == NULL) { DEBUG(1, ("tevent_add_fd() failed\n")); talloc_free(watch); return; } DLIST_ADD(ctx->fds, watch); } static void fd_event_close(struct resolv_ctx *ctx, int s) { struct fd_watch *watch; /* Remove the socket from list */ watch = ctx->fds; while (watch) { if (watch->fd == s) { talloc_free(watch); return; } watch = watch->next; } } static int resolv_ctx_destructor(struct resolv_ctx *ctx) { ares_channel channel; if (ctx->channel == NULL) { DEBUG(1, ("Ares channel already destroyed?\n")); return -1; } /* Set ctx->channel to NULL first, so that callbacks that get * ARES_EDESTRUCTION won't retry. */ channel = ctx->channel; ctx->channel = NULL; ares_destroy(channel); return 0; } static int recreate_ares_channel(struct resolv_ctx *ctx) { int ret; ares_channel new_channel; ares_channel old_channel; struct ares_options options; DEBUG(4, ("Initializing new c-ares channel\n")); /* FIXME: the options would contain * the nameservers to contact, the domains * to search... => get from confdb */ options.sock_state_cb = fd_event; options.sock_state_cb_data = ctx; options.timeout = RESOLV_TIMEOUTMS; /* Only affects ares_gethostbyname */ options.lookups = discard_const("f"); options.tries = 1; ret = ares_init_options(&new_channel, &options, ARES_OPT_SOCK_STATE_CB | ARES_OPT_TIMEOUTMS | ARES_OPT_LOOKUPS | ARES_OPT_TRIES); if (ret != ARES_SUCCESS) { DEBUG(1, ("Failed to initialize ares channel: %s\n", resolv_strerror(ret))); return return_code(ret); } old_channel = ctx->channel; ctx->channel = new_channel; if (old_channel != NULL) { DEBUG(4, ("Destroying the old c-ares channel\n")); ares_destroy(old_channel); } return EOK; } int resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, int timeout, struct resolv_ctx **ctxp) { int ret; struct resolv_ctx *ctx; if (timeout < 1) { DEBUG(SSSDBG_MINOR_FAILURE, ("The timeout is too short, DNS operations are going to fail. " "This is a bug outside unit tests\n")); } ctx = talloc_zero(mem_ctx, struct resolv_ctx); if (ctx == NULL) return ENOMEM; ctx->ev_ctx = ev_ctx; ctx->timeout = timeout; ret = recreate_ares_channel(ctx); if (ret != EOK) { goto done; } talloc_set_destructor(ctx, resolv_ctx_destructor); *ctxp = ctx; return EOK; done: talloc_free(ctx); return ret; } void resolv_reread_configuration(struct resolv_ctx *ctx) { recreate_ares_channel(ctx); } static errno_t resolv_copy_in_addr(TALLOC_CTX *mem_ctx, struct resolv_addr *ret, struct ares_addrttl *attl) { ret->ipaddr = talloc_array(mem_ctx, uint8_t, sizeof(struct in_addr)); if (!ret->ipaddr) return ENOMEM; memcpy(ret->ipaddr, &attl->ipaddr, sizeof(struct in_addr)); ret->ttl = attl->ttl; return EOK; } static errno_t resolv_copy_in6_addr(TALLOC_CTX *mem_ctx, struct resolv_addr *ret, struct ares_addr6ttl *a6ttl) { ret->ipaddr = talloc_array(mem_ctx, uint8_t, sizeof(struct in6_addr)); if (!ret->ipaddr) return ENOMEM; memcpy(ret->ipaddr, &a6ttl->ip6addr, sizeof(struct in6_addr)); ret->ttl = a6ttl->ttl; return EOK; } static struct resolv_hostent * resolv_copy_hostent_common(TALLOC_CTX *mem_ctx, struct hostent *src) { struct resolv_hostent *ret; int len; int i; ret = talloc_zero(mem_ctx, struct resolv_hostent); if (ret == NULL) { return NULL; } if (src->h_name != NULL) { ret->name = talloc_strdup(ret, src->h_name); if (ret->name == NULL) { goto fail; } } if (src->h_aliases != NULL) { for (len = 0; src->h_aliases[len] != NULL; len++); ret->aliases = talloc_array(ret, char *, len + 1); if (ret->aliases == NULL) { goto fail; } for (i = 0; i < len; i++) { ret->aliases[i] = talloc_strdup(ret->aliases, src->h_aliases[i]); if (ret->aliases[i] == NULL) { goto fail; } } ret->aliases[len] = NULL; } ret->family = src->h_addrtype; return ret; fail: talloc_free(ret); return NULL; } struct resolv_hostent * resolv_copy_hostent(TALLOC_CTX *mem_ctx, struct hostent *src) { struct resolv_hostent *ret; int len; int i; ret = resolv_copy_hostent_common(mem_ctx, src); if (ret == NULL) { return NULL; } if (src->h_addr_list != NULL) { for (len = 0; src->h_addr_list[len] != NULL; len++); ret->addr_list = talloc_array(ret, struct resolv_addr *, len + 1); if (ret->addr_list == NULL) { goto fail; } for (i = 0; i < len; i++) { ret->addr_list[i] = talloc_zero(ret->addr_list, struct resolv_addr); if (ret->addr_list[i] == NULL) { goto fail; } ret->addr_list[i]->ipaddr = talloc_memdup(ret->addr_list[i], src->h_addr_list[i], src->h_length); if (ret->addr_list[i]->ipaddr == NULL) { goto fail; } ret->addr_list[i]->ttl = RESOLV_DEFAULT_TTL; } ret->addr_list[len] = NULL; } return ret; fail: talloc_free(ret); return NULL; } struct resolv_hostent * resolv_copy_hostent_ares(TALLOC_CTX *mem_ctx, struct hostent *src, int family, void *ares_ttl_data, int num_ares_ttl_data) { struct resolv_hostent *ret; errno_t cret; int i; ret = resolv_copy_hostent_common(mem_ctx, src); if (ret == NULL) { return NULL; } if (num_ares_ttl_data > 0) { ret->addr_list = talloc_array(ret, struct resolv_addr *, num_ares_ttl_data + 1); if (ret->addr_list == NULL) { goto fail; } for (i = 0; i < num_ares_ttl_data; i++) { ret->addr_list[i] = talloc_zero(ret->addr_list, struct resolv_addr); if (ret->addr_list[i] == NULL) { goto fail; } switch (family) { case AF_INET: cret = resolv_copy_in_addr(ret->addr_list, ret->addr_list[i], &((struct ares_addrttl *) ares_ttl_data)[i]); break; case AF_INET6: cret = resolv_copy_in6_addr(ret->addr_list, ret->addr_list[i], &((struct ares_addr6ttl *) ares_ttl_data)[i]); break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family %d\n", family)); goto fail; } if (cret != EOK) { DEBUG(1, ("Could not copy address\n")); goto fail; } } ret->addr_list[num_ares_ttl_data] = NULL; } ret->family = family; return ret; fail: talloc_free(ret); return NULL; } /* =================== Resolve host name in files =========================*/ struct gethostbyname_files_state { struct resolv_ctx *resolv_ctx; /* Part of the query. */ const char *name; int family; /* query result */ struct resolv_hostent *rhostent; /* returned by ares. */ int status; }; /* Fake up an async interface even though files would * always be blocking */ static struct tevent_req * resolv_gethostbyname_files_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *ctx, const char *name, int family) { struct tevent_req *req; struct gethostbyname_files_state *state; struct hostent *hostent = NULL; req = tevent_req_create(mem_ctx, &state, struct gethostbyname_files_state); if (req == NULL) { tevent_req_error(req, ENOMEM); goto done; } state->resolv_ctx = ctx; state->name = name; state->rhostent = NULL; state->family = family; DEBUG(4, ("Trying to resolve %s record of '%s' in files\n", state->family == AF_INET ? "A" : "AAAA", state->name)); state->status = ares_gethostbyname_file(state->resolv_ctx->channel, state->name, state->family, &hostent); if (state->status == ARES_SUCCESS) { state->rhostent = resolv_copy_hostent(state, hostent); if (state->rhostent == NULL) { tevent_req_error(req, ENOMEM); goto done; } } else if (state->status == ARES_ENOTFOUND || state->status == ARES_ENODATA) { /* Just say we didn't find anything and let the caller decide * about retrying */ tevent_req_error(req, ENOENT); goto done; } else { tevent_req_error(req, return_code(state->status)); goto done; } tevent_req_done(req); done: if (hostent) ares_free_hostent(hostent); tevent_req_post(req, ev); return req; } static errno_t resolv_gethostbyname_files_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, int *status, struct resolv_hostent **rhostent) { struct gethostbyname_files_state *state = tevent_req_data(req, struct gethostbyname_files_state); /* Fill in even in case of error as status contains the * c-ares return code */ if (status) { *status = state->status; } if (rhostent) { *rhostent = talloc_steal(mem_ctx, state->rhostent); } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } /* ==================== Resolve host name in DNS =========================*/ struct gethostbyname_dns_state { struct resolv_ctx *resolv_ctx; struct tevent_context *ev; /* Part of the query. */ const char *name; int family; /* query result */ struct resolv_hostent *rhostent; /* These are returned by ares. */ int status; int timeouts; int retrying; }; static void resolv_gethostbyname_dns_wakeup(struct tevent_req *subreq); static void resolv_gethostbyname_dns_query(struct tevent_req *req, struct gethostbyname_dns_state *state); static void resolv_gethostbyname_dns_query_done(void *arg, int status, int timeouts, unsigned char *abuf, int alen); static int resolv_gethostbyname_dns_parse(struct gethostbyname_dns_state *state, int status, int timeouts, unsigned char *abuf, int alen); static struct tevent_req * resolv_gethostbyname_dns_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *ctx, const char *name, int family) { struct tevent_req *req, *subreq; struct gethostbyname_dns_state *state; struct timeval tv = { 0, 0 }; if (ctx->channel == NULL) { DEBUG(1, ("Invalid ares channel - this is likely a bug\n")); return NULL; } req = tevent_req_create(mem_ctx, &state, struct gethostbyname_dns_state); if (req == NULL) { return NULL; } state->resolv_ctx = ctx; state->ev = ev; state->name = name; state->rhostent = NULL; state->status = 0; state->timeouts = 0; state->retrying = 0; state->family = family; /* We need to have a wrapper around ares async calls, because * they can in some cases call it's callback immediately. * This would not let our caller to set a callback for req. */ subreq = tevent_wakeup_send(req, ev, tv); if (subreq == NULL) { DEBUG(1, ("Failed to add critical timer to run next operation!\n")); talloc_zfree(req); return NULL; } tevent_req_set_callback(subreq, resolv_gethostbyname_dns_wakeup, req); return req; } static void resolv_gethostbyname_dns_wakeup(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct gethostbyname_dns_state *state = tevent_req_data(req, struct gethostbyname_dns_state); if (!tevent_wakeup_recv(subreq)) { tevent_req_error(req, EIO); return; } talloc_zfree(subreq); if (state->resolv_ctx->channel == NULL) { DEBUG(1, ("Invalid ares channel - this is likely a bug\n")); tevent_req_error(req, EIO); return; } resolv_gethostbyname_dns_query(req, state); } static void resolv_gethostbyname_dns_query(struct tevent_req *req, struct gethostbyname_dns_state *state) { struct resolv_request *rreq; DEBUG(4, ("Trying to resolve %s record of '%s' in DNS\n", state->family == AF_INET ? "A" : "AAAA", state->name)); rreq = schedule_timeout_watcher(state->ev, state->resolv_ctx, req); if (!rreq) { tevent_req_error(req, ENOMEM); return; } ares_search(state->resolv_ctx->channel, state->name, ns_c_in, (state->family == AF_INET) ? ns_t_a : ns_t_aaaa, resolv_gethostbyname_dns_query_done, rreq); } static void resolv_gethostbyname_dns_query_done(void *arg, int status, int timeouts, unsigned char *abuf, int alen) { errno_t ret; struct gethostbyname_dns_state *state; struct resolv_request *rreq = talloc_get_type(arg, struct resolv_request); struct tevent_req *req; if (rreq->rwatch == NULL) { /* The tevent request was cancelled while the ares call was still in * progress so nobody cares about the result now. Quit. */ unschedule_timeout_watcher(rreq->ctx, rreq); return; } req = rreq->rwatch->req; unschedule_timeout_watcher(rreq->ctx, rreq); state = tevent_req_data(req, struct gethostbyname_dns_state); state->status = status; state->timeouts = timeouts; /* If resolv.conf changed during processing of a request we might * destroy the old channel before the request has a chance to finish. * We must resend the request in this case */ if (state->retrying == 0 && status == ARES_EDESTRUCTION && state->resolv_ctx->channel != NULL) { state->retrying = 1; resolv_gethostbyname_dns_query(req, state); return; } if (status == ARES_ENOTFOUND || status == ARES_ENODATA) { /* Just say we didn't find anything and let the caller decide * about retrying */ tevent_req_error(req, ENOENT); return; } if (status != ARES_SUCCESS) { /* Any other error indicates a server error, * so don't bother trying again */ tevent_req_error(req, return_code(status)); return; } ret = resolv_gethostbyname_dns_parse(state, status, timeouts, abuf, alen); if (ret != EOK) { tevent_req_error(req, ret); return; } tevent_req_done(req); } static int resolv_gethostbyname_dns_parse(struct gethostbyname_dns_state *state, int status, int timeouts, unsigned char *abuf, int alen) { TALLOC_CTX *tmp_ctx; struct hostent *hostent; int naddrttls; errno_t ret; void *addr; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; naddrttls = DNS_HEADER_ANCOUNT(abuf); switch (state->family) { case AF_INET: DEBUG(7, ("Parsing an A reply\n")); addr = talloc_array(state, struct ares_addrttl, naddrttls); if (!addr) { ret = ENOMEM; goto fail; } status = ares_parse_a_reply(abuf, alen, &hostent, (struct ares_addrttl *) addr, &naddrttls); break; case AF_INET6: DEBUG(7, ("Parsing an AAAA reply\n")); addr = talloc_array(state, struct ares_addr6ttl, naddrttls); if (!addr) { ret = ENOMEM; goto fail; } status = ares_parse_aaaa_reply(abuf, alen, &hostent, (struct ares_addr6ttl *) addr, &naddrttls); break; default: DEBUG(1, ("Unknown family %d\n", state->family)); ret = EAFNOSUPPORT; goto fail; } if (hostent != NULL) { state->rhostent = resolv_copy_hostent_ares(state, hostent, state->family, addr, naddrttls); ares_free_hostent(hostent); if (state->rhostent == NULL) { ret = ENOMEM; goto fail; } /* The address list is NULL. This is probably a bug in * c-ares, but we need to handle it gracefully. */ if (state->rhostent->addr_list == NULL) { talloc_zfree(state->rhostent); return ENOENT; } } talloc_free(tmp_ctx); return return_code(status); fail: talloc_free(tmp_ctx); return ret; } static int resolv_gethostbyname_dns_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, int *status, int *timeouts, struct resolv_hostent **rhostent) { struct gethostbyname_dns_state *state = tevent_req_data(req, struct gethostbyname_dns_state); /* Fill in even in case of error as status contains the * c-ares return code */ if (status) { *status = state->status; } if (timeouts) { *timeouts = state->timeouts; } TEVENT_REQ_RETURN_ON_ERROR(req); if (rhostent) { *rhostent = talloc_steal(mem_ctx, state->rhostent); } return EOK; } /******************************************************************* * Get host by name. * *******************************************************************/ struct gethostbyname_state { struct resolv_ctx *resolv_ctx; struct tevent_context *ev; /* Part of the query. */ const char *name; int family; /* In which order to use IPv4, or v6 */ enum restrict_family family_order; /* Known hosts databases and index to the current one */ enum host_database *db; int dbi; /* These are returned by ares. The hostent struct will be freed * when the user callback returns. */ struct resolv_hostent *rhostent; int status; int timeouts; int retrying; }; static errno_t resolv_gethostbyname_address(TALLOC_CTX *mem_ctx, const char *address, struct resolv_hostent **_rhostent); static inline int resolv_gethostbyname_family_init(enum restrict_family family_order); static bool resolv_is_address(const char *name); static errno_t resolv_gethostbyname_step(struct tevent_req *req); struct tevent_req * resolv_gethostbyname_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *ctx, const char *name, enum restrict_family family_order, enum host_database *db) { struct tevent_req *req; struct gethostbyname_state *state; errno_t ret; if (ctx->channel == NULL) { DEBUG(1, ("Invalid ares channel - this is likely a bug\n")); return NULL; } req = tevent_req_create(mem_ctx, &state, struct gethostbyname_state); if (req == NULL) { return NULL; } state->resolv_ctx = ctx; state->ev = ev; state->name = talloc_strdup(state, name); if (state->name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n")); goto fail; } state->rhostent = NULL; state->status = 0; state->timeouts = 0; state->retrying = 0; state->family_order = family_order; state->family = resolv_gethostbyname_family_init(state->family_order); state->db = db; state->dbi = 0; /* Do not attempt to resolve IP addresses */ if (resolv_is_address(state->name)) { ret = resolv_gethostbyname_address(state, state->name, &state->rhostent); if (ret != EOK) { DEBUG(1, ("Canot create a fake hostent structure\n")); goto fail; } tevent_req_done(req); tevent_req_post(req, ev); return req; } ret = resolv_gethostbyname_step(req); if (ret != EOK) { DEBUG(1, ("Cannot start the resolving\n")); goto fail; } return req; fail: talloc_zfree(req); return NULL; } static bool resolv_is_address(const char *name) { struct addrinfo hints; struct addrinfo *res = NULL; int ret; memset((void *) &hints, 0, sizeof(struct addrinfo)); hints.ai_family = AF_UNSPEC; hints.ai_flags = AI_NUMERICHOST; /* No network lookups */ ret = getaddrinfo(name, NULL, &hints, &res); freeaddrinfo(res); if (ret != 0) { if (ret == -2) { DEBUG(9, ("[%s] does not look like an IP address\n", name)); } else { DEBUG(2, ("getaddrinfo failed [%d]: %s\n", ret, gai_strerror(ret))); } } return ret == 0; } static errno_t resolv_gethostbyname_address(TALLOC_CTX *mem_ctx, const char *address, struct resolv_hostent **_rhostent) { struct resolv_hostent *rhostent; TALLOC_CTX *tmp_ctx; errno_t ret; int family; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; rhostent = talloc_zero(tmp_ctx, struct resolv_hostent); if (!rhostent) { ret = ENOMEM; goto done; } rhostent->name = talloc_strdup(rhostent, address); rhostent->addr_list = talloc_array(rhostent, struct resolv_addr *, 2); if (!rhostent->name || !rhostent->addr_list) { ret = ENOMEM; goto done; } rhostent->addr_list[0] = talloc_zero(rhostent->addr_list, struct resolv_addr); if (!rhostent->addr_list[0]) { ret = ENOMEM; goto done; } rhostent->addr_list[0]->ipaddr = talloc_array(rhostent->addr_list[0], uint8_t, sizeof(struct in6_addr)); if (!rhostent->addr_list[0]->ipaddr) { ret = ENOMEM; goto done; } family = AF_INET; ret = inet_pton(family, address, rhostent->addr_list[0]->ipaddr); if (ret != 1) { family = AF_INET6; ret = inet_pton(family, address, rhostent->addr_list[0]->ipaddr); if (ret != 1) { DEBUG(1, ("Could not parse address as neither v4 nor v6\n")); ret = EINVAL; goto done; } } rhostent->addr_list[0]->ttl = RESOLV_DEFAULT_TTL; rhostent->addr_list[1] = NULL; rhostent->family = family; rhostent->aliases = NULL; *_rhostent = talloc_move(mem_ctx, &rhostent); ret = EOK; done: talloc_free(tmp_ctx); return ret; } static inline int resolv_gethostbyname_family_init(enum restrict_family family_order) { switch(family_order) { case IPV4_ONLY: case IPV4_FIRST: return AF_INET; case IPV6_ONLY: case IPV6_FIRST: return AF_INET6; } DEBUG(1, ("Unknown address family order %d\n", family_order)); return -1; } static int resolv_gethostbyname_next(struct gethostbyname_state *state) { if (state->family_order == IPV4_FIRST && state->family == AF_INET) { state->family = AF_INET6; return EOK; } else if (state->family_order == IPV6_FIRST && state->family == AF_INET6) { state->family = AF_INET; return EOK; } else { /* No more address families for this DB, check if * there is another DB to try */ DEBUG(5, ("No more address families to retry\n")); state->dbi++; if (state->db[state->dbi] != DB_SENTINEL) { state->family = resolv_gethostbyname_family_init( state->family_order); return EOK; } } DEBUG(4, ("No more hosts databases to retry\n")); return ENOENT; } static void resolv_gethostbyname_done(struct tevent_req *subreq); static errno_t resolv_gethostbyname_step(struct tevent_req *req) { struct gethostbyname_state *state = tevent_req_data(req, struct gethostbyname_state); struct tevent_req *subreq; switch(state->db[state->dbi]) { case DB_FILES: DEBUG(8, ("Querying files\n")); subreq = resolv_gethostbyname_files_send(state, state->ev, state->resolv_ctx, state->name, state->family); break; case DB_DNS: DEBUG(8, ("Querying DNS\n")); subreq = resolv_gethostbyname_dns_send(state, state->ev, state->resolv_ctx, state->name, state->family); break; default: DEBUG(1, ("Invalid hosts database\n")); return EINVAL; } if (subreq == NULL) { return ENOMEM; } tevent_req_set_callback(subreq, resolv_gethostbyname_done, req); return EOK; } static void resolv_gethostbyname_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct gethostbyname_state *state = tevent_req_data(req, struct gethostbyname_state); errno_t ret; switch(state->db[state->dbi]) { case DB_FILES: ret = resolv_gethostbyname_files_recv(subreq, state, &state->status, &state->rhostent); /* files is synchronous, there can be no timeouts */ state->timeouts = 0; break; case DB_DNS: ret = resolv_gethostbyname_dns_recv(subreq, state, &state->status, &state->timeouts, &state->rhostent); break; default: DEBUG(1, ("Invalid hosts database\n")); tevent_req_error(req, EINVAL); return; } talloc_zfree(subreq); if (ret == ENOENT) { ret = resolv_gethostbyname_next(state); if (ret == EOK) { ret = resolv_gethostbyname_step(req); if (ret != EOK) { tevent_req_error(req, ret); } return; } /* No more databases and/or address families */ tevent_req_error(req, ENOENT); return; } else if (ret == ETIMEDOUT) { /* In case we killed the request before c-ares answered */ state->status = ARES_ETIMEOUT; } if (ret != EOK) { DEBUG(2, ("querying hosts database failed [%d]: %s\n", ret, strerror(ret))); tevent_req_error(req, ret); return; } tevent_req_done(req); } int resolv_gethostbyname_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, int *status, int *timeouts, struct resolv_hostent **rhostent) { struct gethostbyname_state *state = tevent_req_data(req, struct gethostbyname_state); /* Fill in even in case of error as status contains the * c-ares return code */ if (status) { *status = state->status; } if (timeouts) { *timeouts = state->timeouts; } if (rhostent) { *rhostent = talloc_steal(mem_ctx, state->rhostent); } TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } char * resolv_get_string_address_index(TALLOC_CTX *mem_ctx, struct resolv_hostent *hostent, unsigned int addrindex) { char *address; if (!hostent) return NULL; address = talloc_zero_size(mem_ctx, 128); if (address == NULL) { DEBUG(1, ("talloc_zero failed.\n")); return NULL; } errno = 0; if (inet_ntop(hostent->family, hostent->addr_list[addrindex]->ipaddr, address, 128) == NULL) { DEBUG(1, ("inet_ntop failed [%d][%s].\n", errno, strerror(errno))); talloc_free(address); return NULL; } return address; } char * resolv_get_string_ptr_address(TALLOC_CTX *mem_ctx, int family, uint8_t *address) { char *straddr; if (family == AF_INET6) { int i; char hexbyte[3]; straddr = talloc_strdup(mem_ctx, "\0"); if (!straddr) { return NULL; } for (i = 15; i >= 0; i--) { snprintf(hexbyte, 3, "%02x", address[i]); straddr = talloc_asprintf_append(straddr, "%c.%c.", hexbyte[1], hexbyte[0]); } straddr = talloc_asprintf_append(straddr, "ip6.arpa."); } else if (family == AF_INET) { straddr = talloc_asprintf(mem_ctx, "%u.%u.%u.%u.in-addr.arpa.", (address[3]), (address[2]), (address[1]), (address[0])); } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n")); return NULL; } return straddr; } struct sockaddr_storage * resolv_get_sockaddr_address_index(TALLOC_CTX *mem_ctx, struct resolv_hostent *hostent, int port, int addrindex) { struct sockaddr_storage *sockaddr; if (!hostent) return NULL; sockaddr = talloc_zero(mem_ctx, struct sockaddr_storage); if (sockaddr == NULL) { DEBUG(1, ("talloc_zero failed.\n")); return NULL; } switch(hostent->family) { case AF_INET: sockaddr->ss_family = AF_INET; memcpy(&((struct sockaddr_in *) sockaddr)->sin_addr, hostent->addr_list[addrindex]->ipaddr, sizeof(struct in_addr)); ((struct sockaddr_in *) sockaddr)->sin_port = (in_port_t) htons(port); break; case AF_INET6: sockaddr->ss_family = AF_INET6; memcpy(&((struct sockaddr_in6 *) sockaddr)->sin6_addr, hostent->addr_list[addrindex]->ipaddr, sizeof(struct in6_addr)); ((struct sockaddr_in6 *) sockaddr)->sin6_port = (in_port_t) htons(port); break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family %d\n", hostent->family)); return NULL; } return sockaddr; } /* * A simple helper function that will take an array of struct ares_srv_reply that * was allocated by malloc() in c-ares and copies it using talloc. The old one * is freed and the talloc one is put into 'reply_list' instead. */ static int rewrite_talloc_srv_reply(TALLOC_CTX *mem_ctx, struct ares_srv_reply **reply_list) { struct ares_srv_reply *ptr = NULL; struct ares_srv_reply *new_list = NULL; struct ares_srv_reply *old_list = *reply_list; /* Nothing to do, but not an error */ if (!old_list) { return EOK; } /* Copy the linked list */ while (old_list) { /* Special case for the first node */ if (!new_list) { new_list = talloc_zero(mem_ctx, struct ares_srv_reply); if (new_list == NULL) { ares_free_data(*reply_list); return ENOMEM; } ptr = new_list; } else { ptr->next = talloc_zero(new_list, struct ares_srv_reply); if (ptr->next == NULL) { ares_free_data(*reply_list); talloc_free(new_list); return ENOMEM; } ptr = ptr->next; } ptr->weight = old_list->weight; ptr->priority = old_list->priority; ptr->port = old_list->port; ptr->host = talloc_strdup(ptr, old_list->host); if (ptr->host == NULL) { ares_free_data(*reply_list); talloc_free(new_list); return ENOMEM; } old_list = old_list->next; } /* Free the old one (uses malloc). */ ares_free_data(*reply_list); /* And now put our own new_list in place. */ *reply_list = new_list; return EOK; } /******************************************************************* * Get SRV record * *******************************************************************/ struct getsrv_state { struct tevent_context *ev; struct resolv_ctx *resolv_ctx; /* the SRV query - for example _ldap._tcp.example.com */ const char *query; /* parsed data returned by ares */ struct ares_srv_reply *reply_list; int status; int timeouts; int retrying; }; static void ares_getsrv_wakeup(struct tevent_req *subreq); static void resolv_getsrv_query(struct tevent_req *req, struct getsrv_state *state); struct tevent_req * resolv_getsrv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *ctx, const char *query) { struct tevent_req *req, *subreq; struct getsrv_state *state; struct timeval tv = { 0, 0 }; DEBUG(4, ("Trying to resolve SRV record of '%s'\n", query)); if (ctx->channel == NULL) { DEBUG(1, ("Invalid ares channel - this is likely a bug\n")); return NULL; } req = tevent_req_create(mem_ctx, &state, struct getsrv_state); if (req == NULL) return NULL; state->resolv_ctx = ctx; state->query = query; state->reply_list = NULL; state->status = 0; state->timeouts = 0; state->retrying = 0; state->ev = ev; subreq = tevent_wakeup_send(req, ev, tv); if (subreq == NULL) { DEBUG(1, ("Failed to add critical timer to run next operation!\n")); talloc_zfree(req); return NULL; } tevent_req_set_callback(subreq, ares_getsrv_wakeup, req); return req; } static void resolv_getsrv_done(void *arg, int status, int timeouts, unsigned char *abuf, int alen) { struct resolv_request *rreq = talloc_get_type(arg, struct resolv_request); struct tevent_req *req; struct getsrv_state *state; int ret; struct ares_srv_reply *reply_list; if (rreq->rwatch == NULL) { /* The tevent request was cancelled while the ares call was still in * progress so nobody cares about the result now. Quit. */ unschedule_timeout_watcher(rreq->ctx, rreq); return; } req = rreq->rwatch->req; unschedule_timeout_watcher(rreq->ctx, rreq); state = tevent_req_data(req, struct getsrv_state); if (state->retrying == 0 && status == ARES_EDESTRUCTION && state->resolv_ctx->channel != NULL) { state->retrying = 1; resolv_getsrv_query(req, state); return; } state->status = status; state->timeouts = timeouts; if (status != ARES_SUCCESS) { ret = return_code(status); goto fail; } ret = ares_parse_srv_reply(abuf, alen, &reply_list); if (ret != ARES_SUCCESS) { DEBUG(2, ("SRV record parsing failed: %d: %s\n", ret, ares_strerror(ret))); ret = return_code(ret); goto fail; } ret = rewrite_talloc_srv_reply(req, &reply_list); if (ret != EOK) { goto fail; } state->reply_list = reply_list; tevent_req_done(req); return; fail: state->reply_list = NULL; tevent_req_error(req, ret); } int resolv_getsrv_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, int *status, int *timeouts, struct ares_srv_reply **reply_list) { struct getsrv_state *state = tevent_req_data(req, struct getsrv_state); if (status) *status = state->status; if (timeouts) *timeouts = state->timeouts; if (reply_list) *reply_list = talloc_steal(mem_ctx, state->reply_list); TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void ares_getsrv_wakeup(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct getsrv_state *state = tevent_req_data(req, struct getsrv_state); if (!tevent_wakeup_recv(subreq)) { return; } talloc_zfree(subreq); if (state->resolv_ctx->channel == NULL) { DEBUG(1, ("Invalid ares channel - this is likely a bug\n")); tevent_req_error(req, EIO); return; } return resolv_getsrv_query(req, state); } static void resolv_getsrv_query(struct tevent_req *req, struct getsrv_state *state) { struct resolv_request *rreq; rreq = schedule_timeout_watcher(state->ev, state->resolv_ctx, req); if (!rreq) { tevent_req_error(req, ENOMEM); return; } ares_query(state->resolv_ctx->channel, state->query, ns_c_in, ns_t_srv, resolv_getsrv_done, rreq); } /* TXT parsing is not used anywhere in the code yet, so we disable it * for now */ #ifdef BUILD_TXT /* * A simple helper function that will take an array of struct txt_reply that * was allocated by malloc() in c-ares and copies it using talloc. The old one * is freed and the talloc one is put into 'reply_list' instead. */ static int rewrite_talloc_txt_reply(TALLOC_CTX *mem_ctx, struct ares_txt_reply **reply_list) { struct ares_txt_reply *ptr = NULL; struct ares_txt_reply *new_list = NULL; struct ares_txt_reply *old_list = *reply_list; /* Nothing to do, but not an error */ if (!old_list) { return EOK; } /* Copy the linked list */ while (old_list) { /* Special case for the first node */ if (!new_list) { new_list = talloc_zero(mem_ctx, struct ares_txt_reply); if (new_list == NULL) { ares_free_data(*reply_list); talloc_free(new_list); return ENOMEM; } ptr = new_list; } else { ptr->next = talloc_zero(new_list, struct ares_txt_reply); if (ptr->next == NULL) { ares_free_data(*reply_list); talloc_free(new_list); return ENOMEM; } ptr = ptr->next; } ptr->length = old_list->length; ptr->txt = talloc_memdup(ptr, old_list->txt, old_list->length); if (ptr->txt == NULL) { ares_free_data(*reply_list); talloc_free(new_list); return ENOMEM; } old_list = old_list->next; } ares_free_data(*reply_list); /* And now put our own new_list in place. */ *reply_list = new_list; return EOK; } /******************************************************************* * Get TXT record * *******************************************************************/ struct gettxt_state { struct tevent_context *ev; struct resolv_ctx *resolv_ctx; /* the TXT query */ const char *query; /* parsed data returned by ares */ struct ares_txt_reply *reply_list; int status; int timeouts; int retrying; }; static void ares_gettxt_wakeup(struct tevent_req *subreq); static void resolv_gettxt_query(struct tevent_req *req, struct gettxt_state *state); struct tevent_req * resolv_gettxt_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *ctx, const char *query) { struct tevent_req *req, *subreq; struct gettxt_state *state; struct timeval tv = { 0, 0 }; DEBUG(4, ("Trying to resolve TXT record of '%s'\n", query)); if (ctx->channel == NULL) { DEBUG(1, ("Invalid ares channel - this is likely a bug\n")); return NULL; } req = tevent_req_create(mem_ctx, &state, struct gettxt_state); if (req == NULL) return NULL; state->resolv_ctx = ctx; state->query = query; state->reply_list = NULL; state->status = 0; state->timeouts = 0; state->retrying = 0; state->ev = ev; subreq = tevent_wakeup_send(req, ev, tv); if (subreq == NULL) { DEBUG(1, ("Failed to add critical timer to run next operation!\n")); talloc_zfree(req); return NULL; } tevent_req_set_callback(subreq, ares_gettxt_wakeup, req); return req; } static void resolv_gettxt_done(void *arg, int status, int timeouts, unsigned char *abuf, int alen) { struct resolv_request *rreq = talloc_get_type(arg, struct resolv_request); struct tevent_req *req; struct gettxt_state *state; int ret; struct ares_txt_reply *reply_list; if (rreq->rwatch == NULL) { /* The tevent request was cancelled while the ares call was still in * progress so nobody cares about the result now. Quit. */ unschedule_timeout_watcher(rreq->ctx, rreq); return; } req = rreq->rwatch->req; unschedule_timeout_watcher(rreq->ctx, rreq); state = tevent_req_data(req, struct gettxt_state); if (state->retrying == 0 && status == ARES_EDESTRUCTION && state->resolv_ctx->channel != NULL) { state->retrying = 1; ares_query(state->resolv_ctx->channel, state->query, ns_c_in, ns_t_txt, resolv_gettxt_done, req); return; } state->status = status; state->timeouts = timeouts; if (status != ARES_SUCCESS) { ret = return_code(status); goto fail; } ret = ares_parse_txt_reply(abuf, alen, &reply_list); if (status != ARES_SUCCESS) { DEBUG(2, ("TXT record parsing failed: %d: %s\n", ret, ares_strerror(ret))); ret = return_code(ret); goto fail; } ret = rewrite_talloc_txt_reply(req, &reply_list); if (ret != EOK) { goto fail; } state->reply_list = reply_list; tevent_req_done(req); return; fail: state->reply_list = NULL; tevent_req_error(req, ret); } int resolv_gettxt_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, int *status, int *timeouts, struct ares_txt_reply **reply_list) { struct gettxt_state *state = tevent_req_data(req, struct gettxt_state); if (status) *status = state->status; if (timeouts) *timeouts = state->timeouts; if (reply_list) *reply_list = talloc_steal(mem_ctx, state->reply_list); TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } static void ares_gettxt_wakeup(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct gettxt_state *state = tevent_req_data(req, struct gettxt_state); if (!tevent_wakeup_recv(subreq)) { return; } talloc_zfree(subreq); if (state->resolv_ctx->channel == NULL) { DEBUG(1, ("Invalid ares channel - this is likely a bug\n")); tevent_req_error(req, EIO); return; } return resolv_gettxt_query(req, state); } static void resolv_gettxt_query(struct tevent_req *req, struct gettxt_state *state) { struct resolv_request *rreq; rreq = schedule_timeout_watcher(state->ev, state->resolv_ctx, req); if (!rreq) { tevent_req_error(req, ENOMEM); return; } ares_query(state->resolv_ctx->channel, state->query, ns_c_in, ns_t_txt, resolv_gettxt_done, rreq); } #endif static struct ares_srv_reply *split_reply_list(struct ares_srv_reply *list) { struct ares_srv_reply *single_step, *double_step, *prev; if (!list) { return NULL; } prev = list; single_step = list->next; double_step = single_step->next; while (double_step && double_step->next) { prev = single_step; single_step = single_step->next; double_step = double_step->next->next; } prev->next = NULL; return single_step; } static struct ares_srv_reply *merge_reply_list(struct ares_srv_reply *left, struct ares_srv_reply *right) { struct ares_srv_reply *l, *r; struct ares_srv_reply *res, *res_start; if (!left) return right; if (!right) return left; if (left->priority < right->priority) { res_start = left; l = left->next; r = right; } else { res_start = right; l = left; r = right->next; } res = res_start; while(l && r) { if (l->priority < r->priority) { res->next = l; res = l; l = l->next; } else { res->next = r; res = r; r = r->next; } } res->next = l ? l : r; return res_start; } /** * sort linked list of struct ares_srv_reply by priority using merge sort. * * Merge sort is ideal for sorting linked lists as there is no problem * with absence of random access into the list. The complexity is O(n log n) * * For reference, see Robert Sedgewick's "Algorithms in C", Addison-Wesley, * ISBN 0-201-51425 */ static struct ares_srv_reply *reply_priority_sort(struct ares_srv_reply *list) { struct ares_srv_reply *half; if (!list || !list->next) return list; half = split_reply_list(list); list = merge_reply_list(reply_priority_sort(list), reply_priority_sort(half)); return list; } static int reply_weight_rearrange(int len, struct ares_srv_reply **start, struct ares_srv_reply **end) { int i; int total, selected; int *totals; struct ares_srv_reply *r, *prev, *tmp; struct ares_srv_reply *new_start = NULL; struct ares_srv_reply *new_end = NULL; int ret; if (len <= 1) { return EOK; } totals = talloc_array(NULL, int, len); if (!totals) { return ENOMEM; } srand(time(NULL) * getpid()); /* promote all servers with weight==0 to the top */ r = *(start); prev = NULL; while (r != NULL) { if (r->weight == 0) { /* remove from the old list */ if (prev) { prev->next = r->next; } else { *start = r->next; } /* add to the head of the new list */ tmp = r; r = r->next; tmp->next = *start; *start = tmp; } else { prev = r; r = r->next; } } *end = prev ? prev : *start; while (*start != NULL) { /* Commpute the sum of the weights of those RRs, and with each RR * associate the running sum in the selected order. */ total = 0; memset(totals, -1, sizeof(int) * len); for (i = 0, r = *start; r != NULL; r=r->next, ++i) { totals[i] = r->weight + total; total = totals[i]; } /* choose a uniform random number between 0 and the sum computed * (inclusive), and select the RR whose running sum value is the * first in the selected order which is greater than or equal to * the random number selected. */ selected = (int)((total + 1) * (rand()/(RAND_MAX + 1.0))); for (i = 0, r = *start, prev = NULL; r != NULL; r=r->next, ++i) { if (totals[i] >= selected) break; prev = r; } if (r == NULL || totals[i] == -1) { DEBUG(1, ("Bug: did not select any server!\n")); ret = EIO; goto done; } /* remove r from the old list */ if (prev) { prev->next = r->next; } else { *start = r->next; } /* add r to the end of the new list */ if (!new_start) { new_start = r; new_end = r; } else { new_end->next = r; new_end = r; } } new_end->next = NULL; /* return the rearranged list */ *start = new_start; *end = new_end; ret = EOK; done: talloc_free(totals); return ret; } int resolv_sort_srv_reply(struct ares_srv_reply **reply) { int ret; struct ares_srv_reply *pri_start, *pri_end, *next, *prev_end; int len; /* RFC 2782 says: If there is precisely one SRV RR, and its Target is "." * (the root domain), abort. */ if (*reply && !(*reply)->next && strcmp((*reply)->host, ".") == 0) { DEBUG(1, ("DNS returned only the root domain, aborting\n")); return EIO; } /* sort the list by priority */ *reply = reply_priority_sort(*reply); pri_start = *reply; prev_end = NULL; while (pri_start) { pri_end = pri_start; /* Find nodes with the same priority */ len = 1; while (pri_end->next && pri_end->priority == pri_end->next->priority) { pri_end = pri_end->next; len++; } /* rearrange each priority level according to the weight field */ next = pri_end->next; pri_end->next = NULL; ret = reply_weight_rearrange(len, &pri_start, &pri_end); if (ret) { DEBUG(1, ("Error rearranging priority level [%d]: %s\n", ret, strerror(ret))); return ret; } /* Hook the level back into the list */ if (prev_end) { prev_end->next = pri_start; } else { *reply = pri_start; } pri_end->next = next; /* Move on to the next level */ prev_end = pri_end; pri_start = next; } return EOK; } sssd-1.11.5/src/resolv/PaxHeaders.13173/async_resolv.h0000644000000000000000000000007412320753107020534 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.499875065 sssd-1.11.5/src/resolv/async_resolv.h0000664002412700241270000001431412320753107020761 0ustar00jhrozekjhrozek00000000000000/* SSSD Async resolver header Authors: Martin Nagy Jakub Hrozek Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __ASYNC_RESOLV_H__ #define __ASYNC_RESOLV_H__ #include #include #include "config.h" #include "confdb/confdb.h" #ifndef HAVE_ARES_DATA #include "resolv/ares/ares_parse_srv_reply.h" #include "resolv/ares/ares_parse_txt_reply.h" #include "resolv/ares/ares_data.h" #endif /* HAVE_ARES_DATA */ #ifndef RESOLV_DEFAULT_TTL #define RESOLV_DEFAULT_TTL 7200 #endif /* RESOLV_DEFAULT_TTL */ #include "util/util.h" /* * An opaque structure which holds context for a module using the async * resolver. Is should be used as a "local-global" variable - in sssd, * every backend should have its own. * Do NOT free the context until there are any pending resolv_ calls */ struct resolv_ctx; int resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx, int timeout, struct resolv_ctx **ctxp); void resolv_reread_configuration(struct resolv_ctx *ctx); const char *resolv_strerror(int ares_code); struct resolv_hostent * resolv_copy_hostent(TALLOC_CTX *mem_ctx, struct hostent *src); struct resolv_hostent * resolv_copy_hostent_ares(TALLOC_CTX *mem_ctx, struct hostent *src, int family, void *ares_ttl_data, int num_ares_ttl_data); /** Get host by name **/ enum host_database { DB_FILES, DB_DNS, DB_SENTINEL }; enum restrict_family { IPV4_ONLY, IPV4_FIRST, IPV6_ONLY, IPV6_FIRST }; /* If resolv_hostent->family is AF_INET, then ipaddr points to * struct in_addr, else if family is AF_INET6, ipaddr points to * struct in6_addr */ struct resolv_addr { uint8_t *ipaddr; int ttl; }; struct resolv_hostent { char *name; /* official name of host */ char **aliases; /* alias list */ int family; /* host address type */ struct resolv_addr **addr_list; /* list of addresses */ }; /* The default database order */ extern enum host_database default_host_dbs[]; struct tevent_req *resolv_gethostbyname_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *ctx, const char *name, enum restrict_family family_order, enum host_database *db); int resolv_gethostbyname_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, int *status, int *timeouts, struct resolv_hostent **rhostent); char * resolv_get_string_address_index(TALLOC_CTX *mem_ctx, struct resolv_hostent *hostent, unsigned int addrindex); char * resolv_get_string_ptr_address(TALLOC_CTX *mem_ctx, int family, uint8_t *address); #define resolv_get_string_address(mem_ctx, hostent) \ resolv_get_string_address_index(mem_ctx, hostent, 0) struct sockaddr_storage * resolv_get_sockaddr_address_index(TALLOC_CTX *mem_ctx, struct resolv_hostent *hostent, int port, int addrindex); #define resolv_get_sockaddr_address(mem_ctx, rhostent, port) \ resolv_get_sockaddr_address_index(mem_ctx, rhostent, port, 0) /** Get SRV record **/ struct tevent_req *resolv_getsrv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *ctx, const char *query); int resolv_getsrv_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, int *status, int *timeouts, struct ares_srv_reply **reply_list); /* This is an implementation of section "Usage rules" of RFC 2782 */ int resolv_sort_srv_reply(struct ares_srv_reply **reply); /** Get TXT record **/ struct tevent_req *resolv_gettxt_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *ctx, const char *query); int resolv_gettxt_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, int *status, int *timeouts, struct ares_txt_reply **reply_list); /** Utils **/ struct tevent_req * resolv_get_domain_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv_ctx, const char *hostname, enum host_database *host_dbs, enum restrict_family family_order); errno_t resolv_get_domain_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain); struct tevent_req * resolv_discover_srv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv_ctx, const char *service, const char *protocol, const char **discovery_domains); errno_t resolv_discover_srv_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct ares_srv_reply **_reply_list, char **_dns_domain); #endif /* __ASYNC_RESOLV_H__ */ sssd-1.11.5/src/resolv/PaxHeaders.13173/async_resolv_utils.c0000644000000000000000000000007412320753107021747 xustar000000000000000030 atime=1396954939.269891429 30 ctime=1396954961.530875042 sssd-1.11.5/src/resolv/async_resolv_utils.c0000664002412700241270000002267312320753107022203 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Březina Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "util/util.h" #include "resolv/async_resolv.h" struct resolv_get_domain_state { char *fqdn; char *hostname; }; static void resolv_get_domain_done(struct tevent_req *subreq); struct tevent_req * resolv_get_domain_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv_ctx, const char *hostname, enum host_database *host_dbs, enum restrict_family family_order) { struct resolv_get_domain_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; char system_hostname[HOST_NAME_MAX]; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct resolv_get_domain_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } if (hostname == NULL) { /* use system hostname */ ret = gethostname(system_hostname, HOST_NAME_MAX); if (ret) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("gethostname() failed: [%d]: %s\n", ret, strerror(ret))); goto immediately; } system_hostname[HOST_NAME_MAX-1] = '\0'; hostname = system_hostname; } state->fqdn = NULL; state->hostname = talloc_strdup(state, hostname); if (state->hostname == NULL) { ret = ENOMEM; goto immediately; } DEBUG(SSSDBG_TRACE_LIBS, ("Host name is: %s\n", state->hostname)); subreq = resolv_gethostbyname_send(state, ev, resolv_ctx, state->hostname, family_order, host_dbs); if (subreq == NULL) { talloc_zfree(req); return NULL; } tevent_req_set_callback(subreq, resolv_get_domain_done, req); return req; immediately: tevent_req_error(req, ret); tevent_req_post(req, ev); return req; } static void resolv_get_domain_done(struct tevent_req *subreq) { struct resolv_get_domain_state *state = NULL; struct tevent_req *req = NULL; struct resolv_hostent *rhostent; int resolv_status; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct resolv_get_domain_state); ret = resolv_gethostbyname_recv(subreq, req, &resolv_status, NULL, &rhostent); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not get fully qualified name for host name %s " "error [%d]: %s, resolver returned: [%d]: %s\n", state->hostname, ret, strerror(ret), resolv_status, resolv_strerror(resolv_status))); state->fqdn = state->hostname; } else { DEBUG(SSSDBG_TRACE_LIBS, ("The FQDN is: %s\n", rhostent->name)); state->fqdn = talloc_steal(state, rhostent->name); talloc_zfree(rhostent); } tevent_req_done(req); } errno_t resolv_get_domain_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, char **_dns_domain) { struct resolv_get_domain_state *state = NULL; char *dns_domain = NULL; char *domptr = NULL; state = tevent_req_data(req, struct resolv_get_domain_state); TEVENT_REQ_RETURN_ON_ERROR(req); domptr = strchr(state->fqdn, '.'); if (domptr == NULL || (*(domptr+1) == '\0')) { /* If the FQDN did not contain a dot or the dot was the last character * (broken DNS server perhaps) */ dns_domain = state->fqdn; } else { dns_domain = domptr + 1; } *_dns_domain = talloc_strdup(mem_ctx, dns_domain); if (*_dns_domain == NULL) { return ENOMEM; } return EOK; } struct resolv_discover_srv_state { struct tevent_context *ev; struct resolv_ctx *resolv_ctx; const char *service; const char *protocol; const char **discovery_domains; int domain_index; struct ares_srv_reply *reply_list; }; static errno_t resolv_discover_srv_next_domain(struct tevent_req *req); static void resolv_discover_srv_done(struct tevent_req *subreq); struct tevent_req *resolv_discover_srv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct resolv_ctx *resolv_ctx, const char *service, const char *protocol, const char **discovery_domains) { struct resolv_discover_srv_state *state = NULL; struct tevent_req *req = NULL; errno_t ret; req = tevent_req_create(mem_ctx, &state, struct resolv_discover_srv_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_req_create() failed\n")); return NULL; } if (resolv_ctx == NULL || service == NULL || protocol == NULL || discovery_domains == NULL) { ret = EINVAL; goto immediately; } state->ev = ev; state->resolv_ctx = resolv_ctx; state->discovery_domains = discovery_domains; state->service = service; state->protocol = protocol; state->domain_index = 0; ret = resolv_discover_srv_next_domain(req); if (ret != EAGAIN) { goto immediately; } return req; immediately: if (ret == EOK) { tevent_req_done(req); } else { tevent_req_error(req, ret); } tevent_req_post(req, ev); return req; } static errno_t resolv_discover_srv_next_domain(struct tevent_req *req) { struct resolv_discover_srv_state *state = NULL; struct tevent_req *subreq = NULL; const char *domain = NULL; char *query = NULL; errno_t ret; state = tevent_req_data(req, struct resolv_discover_srv_state); domain = state->discovery_domains[state->domain_index]; if (domain == NULL) { ret = EOK; goto done; } query = talloc_asprintf(state, "_%s._%s.%s", state->service, state->protocol, domain); if (query == NULL) { ret = ENOMEM; goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("SRV resolution of service '%s'. Will use DNS " "discovery domain '%s'\n", state->service, domain)); subreq = resolv_getsrv_send(state, state->ev, state->resolv_ctx, query); if (subreq == NULL) { ret = ENOMEM; goto done; } tevent_req_set_callback(subreq, resolv_discover_srv_done, req); state->domain_index++; ret = EAGAIN; done: if (ret != EAGAIN) { talloc_free(query); } return ret; } static void resolv_discover_srv_done(struct tevent_req *subreq) { struct resolv_discover_srv_state *state = NULL; struct tevent_req *req = NULL; int status; errno_t ret; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct resolv_discover_srv_state); ret = resolv_getsrv_recv(state, subreq, &status, NULL, &state->reply_list); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("SRV query failed [%d]: %s\n", status, resolv_strerror(status))); if (status == ARES_ENOTFOUND) { /* continue with next discovery domain */ ret = resolv_discover_srv_next_domain(req); if (ret == EOK) { /* there are no more domains to try */ ret = ENOENT; } goto done; } /* critical error when fetching SRV record */ ret = EIO; goto done; } done: if (ret == EOK) { tevent_req_done(req); } else if (ret != EAGAIN) { tevent_req_error(req, ret); } return; } errno_t resolv_discover_srv_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct ares_srv_reply **_reply_list, char **_dns_domain) { struct resolv_discover_srv_state *state = NULL; char *domain = NULL; state = tevent_req_data(req, struct resolv_discover_srv_state); TEVENT_REQ_RETURN_ON_ERROR(req); if (_dns_domain != NULL) { /* domain_index now points to selected domain + 1 */ domain = talloc_strdup(mem_ctx, state->discovery_domains[state->domain_index - 1]); if (domain == NULL) { return ENOMEM; } *_dns_domain = domain; } if (_reply_list != NULL) { *_reply_list = talloc_steal(mem_ctx, state->reply_list); } return EOK; } sssd-1.11.5/src/PaxHeaders.13173/lib0000644000000000000000000000013212320753521015026 xustar000000000000000030 mtime=1396954961.304875209 30 atime=1396955003.534843847 30 ctime=1396954961.304875209 sssd-1.11.5/src/lib/0000775002412700241270000000000012320753521015332 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/lib/PaxHeaders.13173/idmap0000644000000000000000000000013212320753521016120 xustar000000000000000030 mtime=1396954961.575875009 30 atime=1396955003.534843847 30 ctime=1396954961.575875009 sssd-1.11.5/src/lib/idmap/0000775002412700241270000000000012320753521016424 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/lib/idmap/PaxHeaders.13173/sss_idmap.c0000644000000000000000000000007312320753107020327 xustar000000000000000030 atime=1396954939.255891439 29 ctime=1396954961.57487501 sssd-1.11.5/src/lib/idmap/sss_idmap.c0000664002412700241270000007426712320753107020572 0ustar00jhrozekjhrozek00000000000000/* SSSD ID-mapping library Authors: Sumit Bose Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "lib/idmap/sss_idmap.h" #include "lib/idmap/sss_idmap_private.h" #include "util/murmurhash3.h" #define SID_FMT "%s-%d" #define SID_STR_MAX_LEN 1024 struct idmap_domain_info { char *name; char *sid; struct sss_idmap_range *range; struct idmap_domain_info *next; uint32_t first_rid; char *range_id; bool external_mapping; }; static void *default_alloc(size_t size, void *pvt) { return malloc(size); } static void default_free(void *ptr, void *pvt) { free(ptr); } static char *idmap_strdup(struct sss_idmap_ctx *ctx, const char *str) { char *new = NULL; size_t len; CHECK_IDMAP_CTX(ctx, NULL); len = strlen(str) + 1; new = ctx->alloc_func(len, ctx->alloc_pvt); if (new == NULL) { return NULL; } memcpy(new, str, len); return new; } static struct sss_idmap_range *idmap_range_dup(struct sss_idmap_ctx *ctx, struct sss_idmap_range *range) { struct sss_idmap_range *new = NULL; CHECK_IDMAP_CTX(ctx, NULL); new = ctx->alloc_func(sizeof(struct sss_idmap_range), ctx->alloc_pvt); if (new == NULL) { return NULL; } memset(new, 0, sizeof(struct sss_idmap_range)); new->min = range->min; new->max = range->max; return new; } static bool id_is_in_range(uint32_t id, struct idmap_domain_info *dom, uint32_t *rid) { if (id == 0 || dom == NULL || dom->range == NULL) { return false; } if (id >= dom->range->min && id <= dom->range->max) { if (rid != NULL) { *rid = dom->first_rid + (id - dom->range->min); } return true; } return false; } const char *idmap_error_string(enum idmap_error_code err) { switch (err) { case IDMAP_SUCCESS: return "IDMAP operation successful"; break; case IDMAP_NOT_IMPLEMENTED: return "IDMAP Function is not yet implemented"; break; case IDMAP_ERROR: return "IDMAP general error"; break; case IDMAP_OUT_OF_MEMORY: return "IDMAP operation ran out of memory"; break; case IDMAP_NO_DOMAIN: return "IDMAP domain not found"; break; case IDMAP_CONTEXT_INVALID: return "IDMAP context is invalid"; break; case IDMAP_SID_INVALID: return "IDMAP SID is invalid"; break; case IDMAP_SID_UNKNOWN: return "IDMAP SID not found"; break; case IDMAP_NO_RANGE: return "IDMAP range not found"; default: return "IDMAP unknown error code"; } } bool is_domain_sid(const char *sid) { const char *p; long long a; char *endptr; size_t c; if (sid == NULL || strncmp(sid, DOM_SID_PREFIX, DOM_SID_PREFIX_LEN) != 0) { return false; } p = sid + DOM_SID_PREFIX_LEN; c = 0; do { errno = 0; a = strtoull(p, &endptr, 10); if (errno != 0 || a > UINT32_MAX) { return false; } if (*endptr == '-') { p = endptr + 1; } else if (*endptr != '\0') { return false; } c++; } while(c < 3 && *endptr != '\0'); if (c != 3 || *endptr != '\0') { return false; } return true; } enum idmap_error_code sss_idmap_init(idmap_alloc_func *alloc_func, void *alloc_pvt, idmap_free_func *free_func, struct sss_idmap_ctx **_ctx) { struct sss_idmap_ctx *ctx; if (alloc_func == NULL) { alloc_func = default_alloc; } ctx = alloc_func(sizeof(struct sss_idmap_ctx), alloc_pvt); if (ctx == NULL) { return IDMAP_OUT_OF_MEMORY; } memset(ctx, 0, sizeof(struct sss_idmap_ctx)); ctx->alloc_func = alloc_func; ctx->alloc_pvt = alloc_pvt; ctx->free_func = (free_func == NULL) ? default_free : free_func; /* Set default values. */ ctx->idmap_opts.autorid_mode = SSS_IDMAP_DEFAULT_AUTORID; ctx->idmap_opts.idmap_lower = SSS_IDMAP_DEFAULT_LOWER; ctx->idmap_opts.idmap_upper = SSS_IDMAP_DEFAULT_UPPER; ctx->idmap_opts.rangesize = SSS_IDMAP_DEFAULT_RANGESIZE; *_ctx = ctx; return IDMAP_SUCCESS; } static void sss_idmap_free_domain(struct sss_idmap_ctx *ctx, struct idmap_domain_info *dom) { if (ctx == NULL || dom == NULL) { return; } ctx->free_func(dom->range_id, ctx->alloc_pvt); ctx->free_func(dom->range, ctx->alloc_pvt); ctx->free_func(dom->name, ctx->alloc_pvt); ctx->free_func(dom->sid, ctx->alloc_pvt); ctx->free_func(dom, ctx->alloc_pvt); } enum idmap_error_code sss_idmap_free(struct sss_idmap_ctx *ctx) { struct idmap_domain_info *dom; struct idmap_domain_info *next; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); next = ctx->idmap_domain_info; while (next) { dom = next; next = dom->next; sss_idmap_free_domain(ctx, dom); } ctx->free_func(ctx, ctx->alloc_pvt); return IDMAP_SUCCESS; } static enum idmap_error_code sss_idmap_free_ptr(struct sss_idmap_ctx *ctx, void *ptr) { CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); if (ptr != NULL) { ctx->free_func(ptr, ctx->alloc_pvt); } return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_free_sid(struct sss_idmap_ctx *ctx, char *sid) { return sss_idmap_free_ptr(ctx, sid); } enum idmap_error_code sss_idmap_free_dom_sid(struct sss_idmap_ctx *ctx, struct sss_dom_sid *dom_sid) { return sss_idmap_free_ptr(ctx, dom_sid); } enum idmap_error_code sss_idmap_free_smb_sid(struct sss_idmap_ctx *ctx, struct dom_sid *smb_sid) { return sss_idmap_free_ptr(ctx, smb_sid); } enum idmap_error_code sss_idmap_free_bin_sid(struct sss_idmap_ctx *ctx, uint8_t *bin_sid) { return sss_idmap_free_ptr(ctx, bin_sid); } enum idmap_error_code sss_idmap_calculate_range(struct sss_idmap_ctx *ctx, const char *dom_sid, id_t *slice_num, struct sss_idmap_range *_range) { id_t max_slices; id_t orig_slice; id_t new_slice = 0; id_t min; id_t max; id_t idmap_lower; id_t idmap_upper; id_t rangesize; bool autorid_mode; uint32_t hash_val; struct idmap_domain_info *dom; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); idmap_lower = ctx->idmap_opts.idmap_lower; idmap_upper = ctx->idmap_opts.idmap_upper; rangesize = ctx->idmap_opts.rangesize; autorid_mode = ctx->idmap_opts.autorid_mode; max_slices = (idmap_upper - idmap_lower) / rangesize; if (slice_num && *slice_num != -1) { /* The slice is being set explicitly. * This may happen at system startup when we're loading * previously-determined slices. In the future, we may also * permit configuration to select the slice for a domain * explicitly. */ new_slice = *slice_num; } else { /* If slice is -1, we're being asked to pick a new slice */ if (autorid_mode) { /* In autorid compatibility mode, always start at 0 and find the * first free value. */ orig_slice = 0; } else { /* Hash the domain sid string */ hash_val = murmurhash3(dom_sid, strlen(dom_sid), 0xdeadbeef); /* Now get take the modulus of the hash val and the max_slices * to determine its optimal position in the range. */ new_slice = hash_val % max_slices; orig_slice = new_slice; } min = (rangesize * new_slice) + idmap_lower; max = min + rangesize; /* Verify that this slice is not already in use */ do { for (dom = ctx->idmap_domain_info; dom != NULL; dom = dom->next) { if ((dom->range->min <= min && dom->range->max >= max) || (dom->range->min >= min && dom->range->min <= max) || (dom->range->max >= min && dom->range->max <= max)) { /* This range overlaps one already registered * We'll try the next available slot */ new_slice++; if (new_slice >= max_slices) { /* loop around to the beginning if necessary */ new_slice = 0; } min = (rangesize * new_slice) + idmap_lower; max = min + rangesize; break; } } /* Keep trying until dom is NULL (meaning we got to the end * without matching) or we have run out of slices and gotten * back to the first one we tried. */ } while (dom && new_slice != orig_slice); if (dom) { /* We looped all the way through and found no empty slots */ return IDMAP_OUT_OF_SLICES; } } _range->min = (rangesize * new_slice) + idmap_lower; _range->max = _range->min + rangesize; if (slice_num) { *slice_num = new_slice; } return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_check_collision_ex(const char *o_name, const char *o_sid, struct sss_idmap_range *o_range, uint32_t o_first_rid, const char *o_range_id, bool o_external_mapping, const char *n_name, const char *n_sid, struct sss_idmap_range *n_range, uint32_t n_first_rid, const char *n_range_id, bool n_external_mapping) { bool names_equal; bool sids_equal; /* TODO: if both ranges have the same ID check if an update is * needed. */ /* Check if ID ranges overlap. * ID ranges with external mapping may overlap. */ if ((!n_external_mapping && !o_external_mapping) && ((n_range->min >= o_range->min && n_range->min <= o_range->max) || (n_range->max >= o_range->min && n_range->max <= o_range->max))) { return IDMAP_COLLISION; } names_equal = (strcasecmp(n_name, o_name) == 0); sids_equal = ((n_sid == NULL && o_sid == NULL) || (n_sid != NULL && o_sid != NULL && strcasecmp(n_sid, o_sid) == 0)); /* check if domain name and SID are consistent */ if ((names_equal && !sids_equal) || (!names_equal && sids_equal)) { return IDMAP_COLLISION; } /* check if external_mapping is consistent */ if (names_equal && sids_equal && n_external_mapping != o_external_mapping) { return IDMAP_COLLISION; } /* check if RID ranges overlap */ if (names_equal && sids_equal && n_external_mapping == false && n_first_rid >= o_first_rid && n_first_rid <= o_first_rid + (o_range->max - o_range->min)) { return IDMAP_COLLISION; } return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_check_collision(struct sss_idmap_ctx *ctx, char *n_name, char *n_sid, struct sss_idmap_range *n_range, uint32_t n_first_rid, char *n_range_id, bool n_external_mapping) { struct idmap_domain_info *dom; enum idmap_error_code err; for (dom = ctx->idmap_domain_info; dom != NULL; dom = dom->next) { err = sss_idmap_check_collision_ex(dom->name, dom->sid, dom->range, dom->first_rid, dom->range_id, dom->external_mapping, n_name, n_sid, n_range, n_first_rid, n_range_id, n_external_mapping); if (err != IDMAP_SUCCESS) { return err; } } return IDMAP_SUCCESS; } static enum idmap_error_code dom_check_collision( struct idmap_domain_info *dom_list, struct idmap_domain_info *new_dom) { struct idmap_domain_info *dom; enum idmap_error_code err; for (dom = dom_list; dom != NULL; dom = dom->next) { err = sss_idmap_check_collision_ex(dom->name, dom->sid, dom->range, dom->first_rid, dom->range_id, dom->external_mapping, new_dom->name, new_dom->sid, new_dom->range, new_dom->first_rid, new_dom->range_id, new_dom->external_mapping); if (err != IDMAP_SUCCESS) { return err; } } return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_add_domain_ex(struct sss_idmap_ctx *ctx, const char *domain_name, const char *domain_sid, struct sss_idmap_range *range, const char *range_id, uint32_t rid, bool external_mapping) { struct idmap_domain_info *dom = NULL; enum idmap_error_code err; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); if (domain_name == NULL) { return IDMAP_NO_DOMAIN; } if (range == NULL) { return IDMAP_NO_RANGE; } /* For algorithmic mapping a valid domain SID is required, for external * mapping it may be NULL, but if set it should be valid. */ if ((!external_mapping && !is_domain_sid(domain_sid)) || (external_mapping && domain_sid != NULL && !is_domain_sid(domain_sid))) { return IDMAP_SID_INVALID; } dom = ctx->alloc_func(sizeof(struct idmap_domain_info), ctx->alloc_pvt); if (dom == NULL) { return IDMAP_OUT_OF_MEMORY; } memset(dom, 0, sizeof(struct idmap_domain_info)); dom->name = idmap_strdup(ctx, domain_name); if (dom->name == NULL) { err = IDMAP_OUT_OF_MEMORY; goto fail; } if (domain_sid != NULL) { dom->sid = idmap_strdup(ctx, domain_sid); if (dom->sid == NULL) { err = IDMAP_OUT_OF_MEMORY; goto fail; } } dom->range = idmap_range_dup(ctx, range); if (dom->range == NULL) { err = IDMAP_OUT_OF_MEMORY; goto fail; } if (range_id != NULL) { dom->range_id = idmap_strdup(ctx, range_id); if (dom->range_id == NULL) { err = IDMAP_OUT_OF_MEMORY; goto fail; } } dom->first_rid = rid; dom->external_mapping = external_mapping; err = dom_check_collision(ctx->idmap_domain_info, dom); if (err != IDMAP_SUCCESS) { goto fail; } dom->next = ctx->idmap_domain_info; ctx->idmap_domain_info = dom; return IDMAP_SUCCESS; fail: sss_idmap_free_domain(ctx, dom); return err; } enum idmap_error_code sss_idmap_add_domain(struct sss_idmap_ctx *ctx, const char *domain_name, const char *domain_sid, struct sss_idmap_range *range) { return sss_idmap_add_domain_ex(ctx, domain_name, domain_sid, range, NULL, 0, false); } static bool sss_idmap_sid_is_builtin(const char *sid) { if (strncmp(sid, "S-1-5-32-", 9) == 0) { return true; } return false; } enum idmap_error_code sss_idmap_sid_to_unix(struct sss_idmap_ctx *ctx, const char *sid, uint32_t *_id) { struct idmap_domain_info *idmap_domain_info; size_t dom_len; long long rid; char *endptr; uint32_t id; bool no_range = false; if (sid == NULL || _id == NULL) { return IDMAP_ERROR; } CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); idmap_domain_info = ctx->idmap_domain_info; if (sss_idmap_sid_is_builtin(sid)) { return IDMAP_BUILTIN_SID; } while (idmap_domain_info != NULL) { if (idmap_domain_info->sid != NULL) { dom_len = strlen(idmap_domain_info->sid); if (strlen(sid) > dom_len && sid[dom_len] == '-' && strncmp(sid, idmap_domain_info->sid, dom_len) == 0) { if (idmap_domain_info->external_mapping == true) { return IDMAP_EXTERNAL; } errno = 0; rid = strtoull(sid + dom_len + 1, &endptr, 10); if (errno != 0 || rid > UINT32_MAX || *endptr != '\0') { return IDMAP_SID_INVALID; } if (rid >= idmap_domain_info->first_rid) { id = idmap_domain_info->range->min + (rid - idmap_domain_info->first_rid); if (id <= idmap_domain_info->range->max) { *_id = id; return IDMAP_SUCCESS; } } no_range = true; } } idmap_domain_info = idmap_domain_info->next; } return no_range ? IDMAP_NO_RANGE : IDMAP_NO_DOMAIN; } enum idmap_error_code sss_idmap_check_sid_unix(struct sss_idmap_ctx *ctx, const char *sid, uint32_t id) { struct idmap_domain_info *idmap_domain_info; size_t dom_len; bool no_range = false; if (sid == NULL) { return IDMAP_ERROR; } CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); if (ctx->idmap_domain_info == NULL) { return IDMAP_NO_DOMAIN; } idmap_domain_info = ctx->idmap_domain_info; if (sss_idmap_sid_is_builtin(sid)) { return IDMAP_BUILTIN_SID; } while (idmap_domain_info != NULL) { if (idmap_domain_info->sid != NULL) { dom_len = strlen(idmap_domain_info->sid); if (strlen(sid) > dom_len && sid[dom_len] == '-' && strncmp(sid, idmap_domain_info->sid, dom_len) == 0) { if (id >= idmap_domain_info->range->min && id <= idmap_domain_info->range->max) { return IDMAP_SUCCESS; } no_range = true; } } idmap_domain_info = idmap_domain_info->next; } return no_range ? IDMAP_NO_RANGE : IDMAP_SID_UNKNOWN; } enum idmap_error_code sss_idmap_unix_to_sid(struct sss_idmap_ctx *ctx, uint32_t id, char **_sid) { struct idmap_domain_info *idmap_domain_info; int len; int ret; uint32_t rid; char *sid = NULL; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); idmap_domain_info = ctx->idmap_domain_info; while (idmap_domain_info != NULL) { if (id_is_in_range(id, idmap_domain_info, &rid)) { if (idmap_domain_info->external_mapping == true || idmap_domain_info->sid == NULL) { return IDMAP_EXTERNAL; } len = snprintf(NULL, 0, SID_FMT, idmap_domain_info->sid, rid); if (len <= 0 || len > SID_STR_MAX_LEN) { return IDMAP_ERROR; } sid = ctx->alloc_func(len + 1, ctx->alloc_pvt); if (sid == NULL) { return IDMAP_OUT_OF_MEMORY; } ret = snprintf(sid, len + 1, SID_FMT, idmap_domain_info->sid, rid); if (ret != len) { ctx->free_func(sid, ctx->alloc_pvt); return IDMAP_ERROR; } *_sid = sid; return IDMAP_SUCCESS; } idmap_domain_info = idmap_domain_info->next; } return IDMAP_NO_DOMAIN; } enum idmap_error_code sss_idmap_dom_sid_to_unix(struct sss_idmap_ctx *ctx, struct sss_dom_sid *dom_sid, uint32_t *id) { enum idmap_error_code err; char *sid; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); err = sss_idmap_dom_sid_to_sid(ctx, dom_sid, &sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_sid_to_unix(ctx, sid, id); done: ctx->free_func(sid, ctx->alloc_pvt); return err; } enum idmap_error_code sss_idmap_bin_sid_to_unix(struct sss_idmap_ctx *ctx, uint8_t *bin_sid, size_t length, uint32_t *id) { enum idmap_error_code err; char *sid; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); err = sss_idmap_bin_sid_to_sid(ctx, bin_sid, length, &sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_sid_to_unix(ctx, sid, id); done: ctx->free_func(sid, ctx->alloc_pvt); return err; } enum idmap_error_code sss_idmap_smb_sid_to_unix(struct sss_idmap_ctx *ctx, struct dom_sid *smb_sid, uint32_t *id) { enum idmap_error_code err; char *sid; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); err = sss_idmap_smb_sid_to_sid(ctx, smb_sid, &sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_sid_to_unix(ctx, sid, id); done: ctx->free_func(sid, ctx->alloc_pvt); return err; } enum idmap_error_code sss_idmap_check_dom_sid_to_unix(struct sss_idmap_ctx *ctx, struct sss_dom_sid *dom_sid, uint32_t id) { enum idmap_error_code err; char *sid; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); err = sss_idmap_dom_sid_to_sid(ctx, dom_sid, &sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_check_sid_unix(ctx, sid, id); done: ctx->free_func(sid, ctx->alloc_pvt); return err; } enum idmap_error_code sss_idmap_check_bin_sid_unix(struct sss_idmap_ctx *ctx, uint8_t *bin_sid, size_t length, uint32_t id) { enum idmap_error_code err; char *sid; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); err = sss_idmap_bin_sid_to_sid(ctx, bin_sid, length, &sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_check_sid_unix(ctx, sid, id); done: ctx->free_func(sid, ctx->alloc_pvt); return err; } enum idmap_error_code sss_idmap_check_smb_sid_unix(struct sss_idmap_ctx *ctx, struct dom_sid *smb_sid, uint32_t id) { enum idmap_error_code err; char *sid; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); err = sss_idmap_smb_sid_to_sid(ctx, smb_sid, &sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_check_sid_unix(ctx, sid, id); done: ctx->free_func(sid, ctx->alloc_pvt); return err; } enum idmap_error_code sss_idmap_unix_to_dom_sid(struct sss_idmap_ctx *ctx, uint32_t id, struct sss_dom_sid **_dom_sid) { enum idmap_error_code err; char *sid = NULL; struct sss_dom_sid *dom_sid = NULL; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); err = sss_idmap_unix_to_sid(ctx, id, &sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_sid_to_dom_sid(ctx, sid, &dom_sid); if (err != IDMAP_SUCCESS) { goto done; } *_dom_sid = dom_sid; err = IDMAP_SUCCESS; done: ctx->free_func(sid, ctx->alloc_pvt); if (err != IDMAP_SUCCESS) { ctx->free_func(dom_sid, ctx->alloc_pvt); } return err; } enum idmap_error_code sss_idmap_unix_to_bin_sid(struct sss_idmap_ctx *ctx, uint32_t id, uint8_t **_bin_sid, size_t *_length) { enum idmap_error_code err; char *sid = NULL; uint8_t *bin_sid = NULL; size_t length; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); err = sss_idmap_unix_to_sid(ctx, id, &sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_sid_to_bin_sid(ctx, sid, &bin_sid, &length); if (err != IDMAP_SUCCESS) { goto done; } *_bin_sid = bin_sid; *_length = length; err = IDMAP_SUCCESS; done: ctx->free_func(sid, ctx->alloc_pvt); if (err != IDMAP_SUCCESS) { ctx->free_func(bin_sid, ctx->alloc_pvt); } return err; } enum idmap_error_code sss_idmap_ctx_set_autorid(struct sss_idmap_ctx *ctx, bool use_autorid) { CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); ctx->idmap_opts.autorid_mode = use_autorid; return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_ctx_set_lower(struct sss_idmap_ctx *ctx, id_t lower) { CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); ctx->idmap_opts.idmap_lower = lower; return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_ctx_set_upper(struct sss_idmap_ctx *ctx, id_t upper) { CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); ctx->idmap_opts.idmap_upper = upper; return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_ctx_set_rangesize(struct sss_idmap_ctx *ctx, id_t rangesize) { CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); ctx->idmap_opts.rangesize = rangesize; return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_ctx_get_autorid(struct sss_idmap_ctx *ctx, bool *_autorid) { CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); *_autorid = ctx->idmap_opts.autorid_mode; return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_ctx_get_lower(struct sss_idmap_ctx *ctx, id_t *_lower) { CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); *_lower = ctx->idmap_opts.idmap_lower; return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_ctx_get_upper(struct sss_idmap_ctx *ctx, id_t *_upper) { CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); *_upper = ctx->idmap_opts.idmap_upper; return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_ctx_get_rangesize(struct sss_idmap_ctx *ctx, id_t *_rangesize) { CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); *_rangesize = ctx->idmap_opts.rangesize; return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_domain_has_algorithmic_mapping(struct sss_idmap_ctx *ctx, const char *dom_sid, bool *has_algorithmic_mapping) { struct idmap_domain_info *idmap_domain_info; size_t len; size_t dom_sid_len; if (dom_sid == NULL) { return IDMAP_SID_INVALID; } CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); if (ctx->idmap_domain_info == NULL) { return IDMAP_NO_DOMAIN; } idmap_domain_info = ctx->idmap_domain_info; while (idmap_domain_info != NULL) { if (idmap_domain_info->sid != NULL) { len = strlen(idmap_domain_info->sid); dom_sid_len = strlen(dom_sid); if (((dom_sid_len > len && dom_sid[len] == '-') || dom_sid_len == len) && strncmp(dom_sid, idmap_domain_info->sid, len) == 0) { *has_algorithmic_mapping = !idmap_domain_info->external_mapping; return IDMAP_SUCCESS; } } idmap_domain_info = idmap_domain_info->next; } return IDMAP_SID_UNKNOWN; } enum idmap_error_code sss_idmap_domain_by_name_has_algorithmic_mapping(struct sss_idmap_ctx *ctx, const char *dom_name, bool *has_algorithmic_mapping) { struct idmap_domain_info *idmap_domain_info; if (dom_name == NULL) { return IDMAP_ERROR; } CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); if (ctx->idmap_domain_info == NULL) { return IDMAP_NO_DOMAIN; } idmap_domain_info = ctx->idmap_domain_info; while (idmap_domain_info != NULL) { if (idmap_domain_info->name != NULL && strcmp(dom_name, idmap_domain_info->name) == 0) { *has_algorithmic_mapping = !idmap_domain_info->external_mapping; return IDMAP_SUCCESS; } idmap_domain_info = idmap_domain_info->next; } return IDMAP_NAME_UNKNOWN; } sssd-1.11.5/src/lib/idmap/PaxHeaders.13173/sss_idmap.pc0000644000000000000000000000013112320753520020501 xustar000000000000000029 mtime=1396954960.39587588 30 atime=1396954961.040875404 30 ctime=1396954961.406875134 sssd-1.11.5/src/lib/idmap/sss_idmap.pc0000664002412700241270000000037212320753520020733 0ustar00jhrozekjhrozek00000000000000prefix=/usr/local exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include Name: sss_idmap Description: SSS idmap (SID <-> uid,gid) library Version: 1.11.5 Libs: -L${libdir} -lsss_idmap Cflags: URL: http://fedorahosted.org/sssd/ sssd-1.11.5/src/lib/idmap/PaxHeaders.13173/sss_idmap.doxy.in0000644000000000000000000000007412320753107021476 xustar000000000000000030 atime=1396954960.405875873 30 ctime=1396954961.364875165 sssd-1.11.5/src/lib/idmap/sss_idmap.doxy.in0000664002412700241270000023501712320753107021730 0ustar00jhrozekjhrozek00000000000000# Doxyfile 1.8.3 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (" "). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all # text before the first occurrence of this tag. Doxygen uses libiconv (or the # iconv built into libc) for the transcoding. See # http://www.gnu.org/software/libiconv for the list of possible encodings. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or sequence of words) that should # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. PROJECT_NAME = sss_idmap # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or # if some version control system is used. PROJECT_NUMBER = @PACKAGE_VERSION@ # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer # a quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = # With the PROJECT_LOGO tag one can specify an logo or icon that is # included in the documentation. The maximum height of the logo should not # exceed 55 pixels and the maximum width should not exceed 200 pixels. # Doxygen will copy the logo to the output directory. PROJECT_LOGO = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. # If a relative path is entered, it will be relative to the location # where doxygen was started. If left blank the current directory will be used. OUTPUT_DIRECTORY = idmap_doc # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create # 4096 sub-directories (in 2 levels) under the output directory of each output # format and will distribute the generated files over these directories. # Enabling this option can be useful when feeding doxygen a huge amount of # source files, where putting all generated files in the same directory would # otherwise cause performance problems for the file system. CREATE_SUBDIRS = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # The default language is English, other supported languages are: # Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, # Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, # Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English # messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, # Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrillic, Slovak, # Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will # include brief member descriptions after the members that are listed in # the file and class documentation (similar to JavaDoc). # Set to NO to disable this. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend # the brief description of a member or function before the detailed description. # Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator # that is used to form the text in various listings. Each string # in this list, if found as the leading text of the brief description, will be # stripped from the text and the result after processing the whole list, is # used as the annotated text. Otherwise, the brief description is used as-is. # If left blank, the following values are used ("$name" is automatically # replaced with the name of the entity): "The $name class" "The $name widget" # "The $name file" "is" "provides" "specifies" "contains" # "represents" "a" "an" "the" ABBREVIATE_BRIEF = "The $name class" \ "The $name widget" \ "The $name file" \ is \ provides \ specifies \ contains \ represents \ a \ an \ the # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # Doxygen will generate a detailed section even if there is only a brief # description. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full # path before files name in the file list and in the header files. If set # to NO the shortest path that makes the file name unique will be used. FULL_PATH_NAMES = YES # If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag # can be used to strip a user-defined part of the path. Stripping is # only done if one of the specified strings matches the left-hand part of # the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the # path to strip. Note that you specify absolute paths here, but also # relative paths, which will be relative from the directory where doxygen is # started. STRIP_FROM_PATH = # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of # the path mentioned in the documentation of a class, which tells # the reader which header file to include in order to use a class. # If left blank only the name of the header file containing the class # definition is used. Otherwise one should specify the include paths that # are normally passed to the compiler using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter # (but less readable) file names. This can be useful if your file system # doesn't support long names like on DOS, Mac, or CD-ROM. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen # will interpret the first line (until the first dot) of a JavaDoc-style # comment as the brief description. If set to NO, the JavaDoc # comments will behave just like regular Qt-style comments # (thus requiring an explicit @brief command for a brief description.) JAVADOC_AUTOBRIEF = YES # If the QT_AUTOBRIEF tag is set to YES then Doxygen will # interpret the first line (until the first dot) of a Qt-style # comment as the brief description. If set to NO, the comments # will behave just like regular Qt-style comments (thus requiring # an explicit \brief command for a brief description.) QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen # treat a multi-line C++ special comment block (i.e. a block of //! or /// # comments) as a brief description. This used to be the default behaviour. # The new default is to treat a multi-line C++ comment block as a detailed # description. Set this tag to YES if you prefer the old behaviour instead. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES (the default) then an undocumented # member inherits the documentation from any documented member that it # re-implements. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce # a new page for each member. If set to NO, the documentation of a member will # be part of the file/class/namespace that contains it. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. # Doxygen uses this value to replace tabs by spaces in code fragments. TAB_SIZE = 8 # This tag can be used to specify a number of aliases that acts # as commands in the documentation. An alias has the form "name=value". # For example adding "sideeffect=\par Side Effects:\n" will allow you to # put the command \sideeffect (or @sideeffect) in the documentation, which # will result in a user-defined paragraph with heading "Side Effects:". # You can put \n's in the value part of an alias to insert newlines. ALIASES = # This tag can be used to specify a number of word-keyword mappings (TCL only). # A mapping has the form "name=value". For example adding # "class=itcl::class" will allow you to use the command class in the # itcl::class meaning. TCL_SUBST = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C # sources only. Doxygen will then generate output that is more tailored for C. # For instance, some of the names that are used will be different. The list # of all members will be omitted, etc. OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java # sources only. Doxygen will then generate output that is more tailored for # Java. For instance, namespaces will be presented as packages, qualified # scopes will look different, etc. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources only. Doxygen will then generate output that is more tailored for # Fortran. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for # VHDL. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, # and language is one of the parsers supported by doxygen: IDL, Java, # Javascript, CSharp, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, # C++. For instance to make doxygen treat .inc files as Fortran files (default # is PHP), and .f files as C (default is Fortran), use: inc=Fortran f=C. Note # that for custom extensions you also need to set FILE_PATTERNS otherwise the # files are not read by doxygen. EXTENSION_MAPPING = # If MARKDOWN_SUPPORT is enabled (the default) then doxygen pre-processes all # comments according to the Markdown format, which allows for more readable # documentation. See http://daringfireball.net/projects/markdown/ for details. # The output of markdown processing is further processed by doxygen, so you # can mix doxygen, HTML, and XML commands with Markdown formatting. # Disable only in case of backward compatibilities issues. MARKDOWN_SUPPORT = YES # When enabled doxygen tries to link words that correspond to documented classes, # or namespaces to their corresponding documentation. Such a link can be # prevented in individual cases by by putting a % sign in front of the word or # globally by setting AUTOLINK_SUPPORT to NO. AUTOLINK_SUPPORT = YES # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should # set this tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); v.s. # func(std::string) {}). This also makes the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. # Doxygen will parse them like normal C++ but will assume all classes use public # instead of private inheritance when no explicit protection keyword is present. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate # getter and setter methods for a property. Setting this option to YES (the # default) will make doxygen replace the get and set methods by a property in # the documentation. This will only work if the methods are indeed getting or # setting a simple type. If this is not the case, or you want to show the # methods anyway, you should set this option to NO. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES, then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. DISTRIBUTE_GROUP_DOC = NO # Set the SUBGROUPING tag to YES (the default) to allow class member groups of # the same type (for instance a group of public functions) to be put as a # subgroup of that type (e.g. under the Public Functions section). Set it to # NO to prevent subgrouping. Alternatively, this can be done per class using # the \nosubgrouping command. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and # unions are shown inside the group in which they are included (e.g. using # @ingroup) instead of on a separate page (for HTML and Man pages) or # section (for LaTeX and RTF). INLINE_GROUPED_CLASSES = NO # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and # unions with only public data fields will be shown inline in the documentation # of the scope in which they are defined (i.e. file, namespace, or group # documentation), provided this scope is documented. If set to NO (the default), # structs, classes, and unions are shown on a separate page (for HTML and Man # pages) or section (for LaTeX and RTF). INLINE_SIMPLE_STRUCTS = NO # When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum # is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically # be useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. TYPEDEF_HIDES_STRUCT = NO # The SYMBOL_CACHE_SIZE determines the size of the internal cache use to # determine which symbols to keep in memory and which to flush to disk. # When the cache is full, less often used symbols will be written to disk. # For small to medium size projects (<1000 input files) the default value is # probably good enough. For larger projects a too small cache size can cause # doxygen to be busy swapping symbols to and from disk most of the time # causing a significant performance penalty. # If the system has enough physical memory increasing the cache will improve the # performance by keeping more symbols in memory. Note that the value works on # a logarithmic scale so increasing the size by one will roughly double the # memory usage. The cache size is given by this formula: # 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, # corresponding to a cache size of 2^16 = 65536 symbols. SYMBOL_CACHE_SIZE = 0 # Similar to the SYMBOL_CACHE_SIZE the size of the symbol lookup cache can be # set using LOOKUP_CACHE_SIZE. This cache is used to resolve symbols given # their name and scope. Since this can be an expensive process and often the # same symbol appear multiple times in the code, doxygen keeps a cache of # pre-resolved symbols. If the cache is too small doxygen will become slower. # If the cache is too large, memory is wasted. The cache size is given by this # formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range is 0..9, the default is 0, # corresponding to a cache size of 2^16 = 65536 symbols. LOOKUP_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in # documentation are documented, even if no documentation was available. # Private class members and static file members will be hidden unless # the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES EXTRACT_ALL = NO # If the EXTRACT_PRIVATE tag is set to YES all private members of a class # will be included in the documentation. EXTRACT_PRIVATE = NO # If the EXTRACT_PACKAGE tag is set to YES all members with package or internal # scope will be included in the documentation. EXTRACT_PACKAGE = NO # If the EXTRACT_STATIC tag is set to YES all static members of a file # will be included in the documentation. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) # defined locally in source files will be included in the documentation. # If set to NO only classes defined in header files are included. EXTRACT_LOCAL_CLASSES = NO # This flag is only useful for Objective-C code. When set to YES local # methods, which are defined in the implementation section but not in # the interface are included in the documentation. # If set to NO (the default) only methods in the interface are included. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base # name of the file that contains the anonymous namespace. By default # anonymous namespaces are hidden. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all # undocumented members of documented classes, files or namespaces. # If set to NO (the default) these members will be included in the # various overviews, but no documentation section is generated. # This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_MEMBERS = YES # If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. # If set to NO (the default) these classes will be included in the various # overviews. This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_CLASSES = YES # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all # friend (class|struct|union) declarations. # If set to NO (the default) these declarations will be included in the # documentation. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any # documentation blocks found inside the body of a function. # If set to NO (the default) these blocks will be appended to the # function's detailed documentation block. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation # that is typed after a \internal command is included. If the tag is set # to NO (the default) then the documentation will be excluded. # Set it to YES to include the internal documentation. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate # file names in lower-case letters. If set to YES upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen # will show members with their full class and namespace scopes in the # documentation. If set to YES the scope will be hidden. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen # will put a list of the files that are included by a file in the documentation # of that file. SHOW_INCLUDE_FILES = YES # If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen # will list include files with double quotes in the documentation # rather than with sharp brackets. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES (the default) then a tag [inline] # is inserted in the documentation for inline members. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen # will sort the (detailed) documentation of file and class members # alphabetically by member name. If set to NO the members will appear in # declaration order. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the # brief documentation of file, namespace and class members alphabetically # by member name. If set to NO (the default) the members will appear in # declaration order. SORT_BRIEF_DOCS = NO # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen # will sort the (brief and detailed) documentation of class members so that # constructors and destructors are listed first. If set to NO (the default) # the constructors will appear in the respective orders defined by # SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. # This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO # and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the # hierarchy of group names into alphabetical order. If set to NO (the default) # the group names will appear in their defined order. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be # sorted by fully-qualified names, including namespaces. If set to # NO (the default), the class list will be sorted only by class name, # not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the # alphabetical list. SORT_BY_SCOPE_NAME = NO # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to # do proper type resolution of all parameters of a function it will reject a # match between the prototype and the implementation of a member function even # if there is only one candidate or it is obvious which candidate to choose # by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen # will still accept a match between prototype and implementation in such cases. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable (YES) or # disable (NO) the todo list. This list is created by putting \todo # commands in the documentation. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or # disable (NO) the test list. This list is created by putting \test # commands in the documentation. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or # disable (NO) the bug list. This list is created by putting \bug # commands in the documentation. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or # disable (NO) the deprecated list. This list is created by putting # \deprecated commands in the documentation. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional # documentation sections, marked by \if section-label ... \endif # and \cond section-label ... \endcond blocks. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines # the initial value of a variable or macro consists of for it to appear in # the documentation. If the initializer consists of more lines than specified # here it will be hidden. Use a value of 0 to hide initializers completely. # The appearance of the initializer of individual variables and macros in the # documentation can be controlled using \showinitializer or \hideinitializer # command in the documentation regardless of this setting. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated # at the bottom of the documentation of classes and structs. If set to YES the # list will mention the files that were used to generate the documentation. SHOW_USED_FILES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. # This will remove the Files entry from the Quick Index and from the # Folder Tree View (if specified). The default is YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the # Namespaces page. # This will remove the Namespaces entry from the Quick Index # and from the Folder Tree View (if specified). The default is YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command , where is the value of # the FILE_VERSION_FILTER tag, and is the name of an input file # provided by doxygen. Whatever the program writes to standard output # is used as the file version. See the manual for examples. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. # You can optionally specify a file name after the option, if omitted # DoxygenLayout.xml will be used as the name of the layout file. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files # containing the references data. This must be a list of .bib files. The # .bib extension is automatically appended if omitted. Using this command # requires the bibtex tool to be installed. See also # http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style # of the bibliography can be controlled using LATEX_BIB_STYLE. To use this # feature you need bibtex and perl available in the search path. Do not use # file names with spaces, bibtex cannot handle them. CITE_BIB_FILES = #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated # by doxygen. Possible values are YES and NO. If left blank NO is used. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated by doxygen. Possible values are YES and NO. If left blank # NO is used. WARNINGS = YES # If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings # for undocumented members. If EXTRACT_ALL is set to YES then this flag will # automatically be disabled. WARN_IF_UNDOCUMENTED = YES # If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some # parameters in a documented function, or documenting parameters that # don't exist or using markup commands wrongly. WARN_IF_DOC_ERROR = YES # The WARN_NO_PARAMDOC option can be enabled to get warnings for # functions that are documented, but have no documentation for their parameters # or return value. If set to NO (the default) doxygen will only warn about # wrong or incomplete parameter documentation, but not about the absence of # documentation. WARN_NO_PARAMDOC = NO # The WARN_FORMAT tag determines the format of the warning messages that # doxygen can produce. The string should contain the $file, $line, and $text # tags, which will be replaced by the file and line number from which the # warning originated and the warning text. Optionally the format may contain # $version, which will be replaced by the version of the file (if it could # be obtained via FILE_VERSION_FILTER) WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning # and error messages should be written. If left blank the output is written # to stderr. WARN_LOGFILE = #--------------------------------------------------------------------------- # configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag can be used to specify the files and/or directories that contain # documented source files. You may enter file names like "myfile.cpp" or # directories like "/usr/src/myproject". Separate the files or directories # with spaces. INPUT = @abs_top_srcdir@/src/lib/idmap/sss_idmap.h # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is # also the default input encoding. Doxygen uses libiconv (or the iconv built # into libc) for the transcoding. See http://www.gnu.org/software/libiconv for # the list of possible encodings. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank the following patterns are tested: # *.c *.cc *.cxx *.cpp *.c++ *.d *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh # *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py # *.f90 *.f *.for *.vhd *.vhdl FILE_PATTERNS = *.cpp \ *.cc \ *.c \ *.h \ *.hh \ *.hpp \ *.dox # The RECURSIVE tag can be used to turn specify whether or not subdirectories # should be searched for input files as well. Possible values are YES and NO. # If left blank NO is used. RECURSIVE = NO # The EXCLUDE tag can be used to specify files and/or directories that should be # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # Note that relative paths are relative to the directory from which doxygen is # run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. Note that the wildcards are matched # against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* EXCLUDE_PATTERNS = */.git/* \ */.svn/* \ */cmake/* \ */build/* # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or # directories that contain example code fragments that are included (see # the \include command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank all files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude # commands irrespective of the value of the RECURSIVE tag. # Possible values are YES and NO. If left blank NO is used. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or # directories that contain image that are included in the documentation (see # the \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command , where # is the value of the INPUT_FILTER tag, and is the name of an # input file. Doxygen will then use the output that the filter program writes # to standard output. # If FILTER_PATTERNS is specified, this tag will be # ignored. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. # Doxygen will compare the file name with each pattern and apply the # filter if there is a match. # The filters are a list of the form: # pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further # info on how filters are used. If FILTER_PATTERNS is empty or if # non of the patterns match the file name, INPUT_FILTER is applied. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will be used to filter the input files when producing source # files to browse (i.e. when SOURCE_BROWSER is set to YES). FILTER_SOURCE_FILES = NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) # and it is also possible to disable source filtering for a specific pattern # using *.ext= (so without naming a filter). This option only has effect when # FILTER_SOURCE_FILES is enabled. FILTER_SOURCE_PATTERNS = # If the USE_MD_FILE_AS_MAINPAGE tag refers to the name of a markdown file that # is part of the input, its contents will be placed on the main page (index.html). # This can be useful if you have a project on for instance GitHub and want reuse # the introduction page also for the doxygen output. USE_MDFILE_AS_MAINPAGE = #--------------------------------------------------------------------------- # configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will # be generated. Documented entities will be cross-referenced with these sources. # Note: To get rid of all source code in the generated output, make sure also # VERBATIM_HEADERS is set to NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body # of functions and classes directly in the documentation. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct # doxygen to hide any special comment blocks from generated source code # fragments. Normal C, C++ and Fortran comments will always remain visible. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES # then for each documented function all documented # functions referencing it will be listed. REFERENCED_BY_RELATION = NO # If the REFERENCES_RELATION tag is set to YES # then for each documented function all documented entities # called/used by that function will be listed. REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES (the default) # and SOURCE_BROWSER tag is set to YES, then the hyperlinks from # functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will # link to the source code. # Otherwise they will link to the documentation. REFERENCES_LINK_SOURCE = YES # If the USE_HTAGS tag is set to YES then the references to source code # will point to the HTML generated by the htags(1) tool instead of doxygen # built-in source browser. The htags tool is part of GNU's global source # tagging system (see http://www.gnu.org/software/global/global.html). You # will need version 4.8.6 or higher. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen # will generate a verbatim copy of the header file for each class for # which an include is specified. Set to NO to disable this. VERBATIM_HEADERS = YES #--------------------------------------------------------------------------- # configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index # of all compounds will be generated. Enable this if the project # contains a lot of classes, structs, unions or interfaces. ALPHABETICAL_INDEX = NO # If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then # the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns # in which this list will be split (can be a number in the range [1..20]) COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all # classes will be put under the same header in the alphabetical index. # The IGNORE_PREFIX tag can be used to specify one or more prefixes that # should be ignored while generating the index headers. IGNORE_PREFIX = #--------------------------------------------------------------------------- # configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES (the default) Doxygen will # generate HTML output. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `html' will be used as the default path. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for # each generated HTML page (for example: .htm,.php,.asp). If it is left blank # doxygen will generate files with .html extension. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a personal HTML header for # each generated HTML page. If it is left blank doxygen will generate a # standard header. Note that when using a custom header you are responsible # for the proper inclusion of any scripts and style sheets that doxygen # needs, which is dependent on the configuration options used. # It is advised to generate a default header using "doxygen -w html # header.html footer.html stylesheet.css YourConfigFile" and then modify # that header. Note that the header is subject to change so you typically # have to redo this when upgrading to a newer version of doxygen or when # changing the value of configuration settings such as GENERATE_TREEVIEW! HTML_HEADER = # The HTML_FOOTER tag can be used to specify a personal HTML footer for # each generated HTML page. If it is left blank doxygen will generate a # standard footer. HTML_FOOTER = # The HTML_STYLESHEET tag can be used to specify a user-defined cascading # style sheet that is used by each HTML page. It can be used to # fine-tune the look of the HTML output. If left blank doxygen will # generate a default style sheet. Note that it is recommended to use # HTML_EXTRA_STYLESHEET instead of this one, as it is more robust and this # tag will in the future become obsolete. HTML_STYLESHEET = # The HTML_EXTRA_STYLESHEET tag can be used to specify an additional # user-defined cascading style sheet that is included after the standard # style sheets created by doxygen. Using this option one can overrule # certain style aspects. This is preferred over using HTML_STYLESHEET # since it does not replace the standard style sheet and is therefor more # robust against future updates. Doxygen will copy the style sheet file to # the output directory. HTML_EXTRA_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath$ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that # the files will be copied as-is; there are no commands or markers available. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. # Doxygen will adjust the colors in the style sheet and background images # according to this color. Hue is specified as an angle on a colorwheel, # see http://en.wikipedia.org/wiki/Hue for more information. # For instance the value 0 represents red, 60 is yellow, 120 is green, # 180 is cyan, 240 is blue, 300 purple, and 360 is red again. # The allowed range is 0 to 359. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of # the colors in the HTML output. For a value of 0 the output will use # grayscales only. A value of 255 will produce the most vivid colors. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to # the luminance component of the colors in the HTML output. Values below # 100 gradually make the output lighter, whereas values above 100 make # the output darker. The value divided by 100 is the actual gamma applied, # so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2, # and 100 does not change the gamma. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting # this to NO can help when comparing the output of multiple runs. HTML_TIMESTAMP = NO # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. HTML_DYNAMIC_SECTIONS = NO # With HTML_INDEX_NUM_ENTRIES one can control the preferred number of # entries shown in the various tree structured indices initially; the user # can expand and collapse entries dynamically later on. Doxygen will expand # the tree to such a level that at most the specified number of entries are # visible (unless a fully collapsed tree already exceeds this amount). # So setting the number of entries 1 will produce a full collapsed tree by # default. 0 is a special value representing an infinite number of entries # and will result in a full expanded tree by default. HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files # will be generated that can be used as input for Apple's Xcode 3 # integrated development environment, introduced with OSX 10.5 (Leopard). # To create a documentation set, doxygen will generate a Makefile in the # HTML output directory. Running make will produce the docset in that # directory and running "make install" will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find # it at startup. # See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. GENERATE_DOCSET = NO # When GENERATE_DOCSET tag is set to YES, this tag determines the name of the # feed. A documentation feed provides an umbrella under which multiple # documentation sets from a single provider (such as a company or product suite) # can be grouped. DOCSET_FEEDNAME = "Doxygen generated docs" # When GENERATE_DOCSET tag is set to YES, this tag specifies a string that # should uniquely identify the documentation set bundle. This should be a # reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen # will append .docset to the name. DOCSET_BUNDLE_ID = org.doxygen.Project # When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely # identify the documentation publisher. This should be a reverse domain-name # style string, e.g. com.mycompany.MyDocSet.documentation. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES, additional index files # will be generated that can be used as input for tools like the # Microsoft HTML help workshop to generate a compiled HTML help file (.chm) # of the generated HTML documentation. GENERATE_HTMLHELP = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can # be used to specify the file name of the resulting .chm file. You # can add a path in front of the file if the result should not be # written to the html output directory. CHM_FILE = # If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can # be used to specify the location (absolute path including file name) of # the HTML help compiler (hhc.exe). If non-empty doxygen will try to run # the HTML help compiler on the generated index.hhp. HHC_LOCATION = # If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag # controls if a separate .chi index file is generated (YES) or that # it should be included in the master .chm file (NO). GENERATE_CHI = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING # is used to encode HtmlHelp index (hhk), content (hhc) and project file # content. CHM_INDEX_ENCODING = # If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag # controls whether a binary table of contents is generated (YES) or a # normal table of contents (NO) in the .chm file. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members # to the contents of the HTML help documentation and to the tree view. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated # that can be used as input for Qt's qhelpgenerator to generate a # Qt Compressed Help (.qch) of the generated HTML documentation. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can # be used to specify the file name of the resulting .qch file. # The path specified is relative to the HTML output folder. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#namespace QHP_NAMESPACE = # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#virtual-folders QHP_VIRTUAL_FOLDER = doc # If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to # add. For more information please see # http://doc.trolltech.com/qthelpproject.html#custom-filters QHP_CUST_FILTER_NAME = # The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see # # Qt Help Project / Custom Filters. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's # filter section matches. # # Qt Help Project / Filter Attributes. QHP_SECT_FILTER_ATTRS = # If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can # be used to specify the location of Qt's qhelpgenerator. # If non-empty doxygen will try to run qhelpgenerator on the generated # .qhp file. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files # will be generated, which together with the HTML files, form an Eclipse help # plugin. To install this plugin and make it available under the help contents # menu in Eclipse, the contents of the directory containing the HTML and XML # files needs to be copied into the plugins directory of eclipse. The name of # the directory within the plugins directory should be the same as # the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before # the help appears. GENERATE_ECLIPSEHELP = NO # A unique identifier for the eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have # this name. ECLIPSE_DOC_ID = org.doxygen.Project # The DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) # at top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. Since the tabs have the same information as the # navigation tree you can set this option to NO if you already set # GENERATE_TREEVIEW to YES. DISABLE_INDEX = NO # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. # If the tag value is set to YES, a side panel will be generated # containing a tree-like index structure (just like the one that # is generated for HTML Help). For this to work a browser that supports # JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). # Windows users are probably better off using the HTML help feature. # Since the tree basically has the same information as the tab index you # could consider to set DISABLE_INDEX to NO when enabling this option. GENERATE_TREEVIEW = NONE # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values # (range [0,1..20]) that doxygen will group on one line in the generated HTML # documentation. Note that a value of 0 will completely suppress the enum # values from appearing in the overview section. ENUM_VALUES_PER_LINE = 4 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be # used to set the initial width (in pixels) of the frame in which the tree # is shown. TREEVIEW_WIDTH = 250 # When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open # links to external symbols imported via tag files in a separate window. EXT_LINKS_IN_WINDOW = NO # Use this tag to change the font size of Latex formulas included # as images in the HTML documentation. The default is 10. Note that # when you change the font size after a successful doxygen run you need # to manually remove any form_*.png images from the HTML output directory # to force them to be regenerated. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are # not supported properly for IE 6.0, but are supported on all modern browsers. # Note that when changing this option you need to delete any form_*.png files # in the HTML output before the changes have effect. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax # (see http://www.mathjax.org) which uses client side Javascript for the # rendering instead of using prerendered bitmaps. Use this if you do not # have LaTeX installed or if you want to formulas look prettier in the HTML # output. When enabled you may also need to install MathJax separately and # configure the path to it using the MATHJAX_RELPATH option. USE_MATHJAX = NO # When MathJax is enabled you can set the default output format to be used for # thA MathJax output. Supported types are HTML-CSS, NativeMML (i.e. MathML) and # SVG. The default value is HTML-CSS, which is slower, but has the best # compatibility. MATHJAX_FORMAT = HTML-CSS # When MathJax is enabled you need to specify the location relative to the # HTML output directory using the MATHJAX_RELPATH option. The destination # directory should contain the MathJax.js script. For instance, if the mathjax # directory is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to # the MathJax Content Delivery Network so you can quickly see the result without # installing MathJax. # However, it is strongly recommended to install a local # copy of MathJax from http://www.mathjax.org before deployment. MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest # The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension # names that should be enabled during MathJax rendering. MATHJAX_EXTENSIONS = # When the SEARCHENGINE tag is enabled doxygen will generate a search box # for the HTML output. The underlying search engine uses javascript # and DHTML and should work on any modern browser. Note that when using # HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets # (GENERATE_DOCSET) there is already a search function so this one should # typically be disabled. For large projects the javascript based search engine # can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution. SEARCHENGINE = NO # When the SERVER_BASED_SEARCH tag is enabled the search engine will be # implemented using a web server instead of a web client using Javascript. # There are two flavours of web server based search depending on the # EXTERNAL_SEARCH setting. When disabled, doxygen will generate a PHP script for # searching and an index file used by the script. When EXTERNAL_SEARCH is # enabled the indexing and searching needs to be provided by external tools. # See the manual for details. SERVER_BASED_SEARCH = NO # When EXTERNAL_SEARCH is enabled doxygen will no longer generate the PHP # script for searching. Instead the search results are written to an XML file # which needs to be processed by an external indexer. Doxygen will invoke an # external search engine pointed to by the SEARCHENGINE_URL option to obtain # the search results. Doxygen ships with an example indexer (doxyindexer) and # search engine (doxysearch.cgi) which are based on the open source search engine # library Xapian. See the manual for configuration details. EXTERNAL_SEARCH = NO # The SEARCHENGINE_URL should point to a search engine hosted by a web server # which will returned the search results when EXTERNAL_SEARCH is enabled. # Doxygen ships with an example search engine (doxysearch) which is based on # the open source search engine library Xapian. See the manual for configuration # details. SEARCHENGINE_URL = # When SERVER_BASED_SEARCH and EXTERNAL_SEARCH are both enabled the unindexed # search data is written to a file for indexing by an external tool. With the # SEARCHDATA_FILE tag the name of this file can be specified. SEARCHDATA_FILE = searchdata.xml # The EXTRA_SEARCH_MAPPINGS tag can be used to enable searching through other # doxygen projects that are not otherwise connected via tags files, but are # all added to the same search index. Each project needs to have a tag file set # via GENERATE_TAGFILE. The search mapping then maps the name of the tag file # to a relative location where the documentation can be found, # similar to the # TAGFILES option but without actually processing the tag file. # The format is: EXTRA_SEARCH_MAPPINGS = tagname1=loc1 tagname2=loc2 ... EXTRA_SEARCH_MAPPINGS = #--------------------------------------------------------------------------- # configuration options related to the LaTeX output #--------------------------------------------------------------------------- # If the GENERATE_LATEX tag is set to YES (the default) Doxygen will # generate Latex output. GENERATE_LATEX = NO # The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `latex' will be used as the default path. LATEX_OUTPUT = latex # The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. If left blank `latex' will be used as the default command name. # Note that when enabling USE_PDFLATEX this option is only used for # generating bitmaps for formulas in the HTML output, but not in the # Makefile that is written to the output directory. LATEX_CMD_NAME = latex # The MAKEINDEX_CMD_NAME tag can be used to specify the command name to # generate index for LaTeX. If left blank `makeindex' will be used as the # default command name. MAKEINDEX_CMD_NAME = makeindex # If the COMPACT_LATEX tag is set to YES Doxygen generates more compact # LaTeX documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_LATEX = NO # The PAPER_TYPE tag can be used to set the paper type that is used # by the printer. Possible values are: a4, letter, legal and # executive. If left blank a4wide will be used. PAPER_TYPE = a4wide # The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX # packages that should be included in the LaTeX output. EXTRA_PACKAGES = # The LATEX_HEADER tag can be used to specify a personal LaTeX header for # the generated latex document. The header should contain everything until # the first chapter. If it is left blank doxygen will generate a # standard header. Notice: only use this tag if you know what you are doing! LATEX_HEADER = # The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for # the generated latex document. The footer should contain everything after # the last chapter. If it is left blank doxygen will generate a # standard footer. Notice: only use this tag if you know what you are doing! LATEX_FOOTER = # If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated # is prepared for conversion to pdf (using ps2pdf). The pdf file will # contain links (just like the HTML output) instead of page references # This makes the output suitable for online browsing using a pdf viewer. PDF_HYPERLINKS = YES # If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of # plain latex in the generated Makefile. Set this option to YES to get a # higher quality PDF documentation. USE_PDFLATEX = YES # If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. # command to the generated LaTeX files. This will instruct LaTeX to keep # running if errors occur, instead of asking the user for help. # This option is also used when generating formulas in HTML. LATEX_BATCHMODE = NO # If LATEX_HIDE_INDICES is set to YES then doxygen will not # include the index chapters (such as File Index, Compound Index, etc.) # in the output. LATEX_HIDE_INDICES = NO # If LATEX_SOURCE_CODE is set to YES then doxygen will include # source code with syntax highlighting in the LaTeX output. # Note that which sources are shown also depends on other settings # such as SOURCE_BROWSER. LATEX_SOURCE_CODE = NO # The LATEX_BIB_STYLE tag can be used to specify the style to use for the # bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See # http://en.wikipedia.org/wiki/BibTeX for more info. LATEX_BIB_STYLE = plain #--------------------------------------------------------------------------- # configuration options related to the RTF output #--------------------------------------------------------------------------- # If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output # The RTF output is optimized for Word 97 and may not look very pretty with # other RTF readers or editors. GENERATE_RTF = NO # The RTF_OUTPUT tag is used to specify where the RTF docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `rtf' will be used as the default path. RTF_OUTPUT = rtf # If the COMPACT_RTF tag is set to YES Doxygen generates more compact # RTF documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_RTF = NO # If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated # will contain hyperlink fields. The RTF file will # contain links (just like the HTML output) instead of page references. # This makes the output suitable for online browsing using WORD or other # programs which support those fields. # Note: wordpad (write) and others do not support links. RTF_HYPERLINKS = NO # Load style sheet definitions from file. Syntax is similar to doxygen's # config file, i.e. a series of assignments. You only have to provide # replacements, missing definitions are set to their default value. RTF_STYLESHEET_FILE = # Set optional variables used in the generation of an rtf document. # Syntax is similar to doxygen's config file. RTF_EXTENSIONS_FILE = #--------------------------------------------------------------------------- # configuration options related to the man page output #--------------------------------------------------------------------------- # If the GENERATE_MAN tag is set to YES (the default) Doxygen will # generate man pages GENERATE_MAN = NO # The MAN_OUTPUT tag is used to specify where the man pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `man' will be used as the default path. MAN_OUTPUT = man # The MAN_EXTENSION tag determines the extension that is added to # the generated man pages (default is the subroutine's section .3) MAN_EXTENSION = .3 # If the MAN_LINKS tag is set to YES and Doxygen generates man output, # then it will generate one additional man file for each entity # documented in the real man page(s). These additional files # only source the real man page, but without them the man command # would be unable to find the correct page. The default is NO. MAN_LINKS = NO #--------------------------------------------------------------------------- # configuration options related to the XML output #--------------------------------------------------------------------------- # If the GENERATE_XML tag is set to YES Doxygen will # generate an XML file that captures the structure of # the code including all documentation. GENERATE_XML = NO # The XML_OUTPUT tag is used to specify where the XML pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `xml' will be used as the default path. XML_OUTPUT = xml # The XML_SCHEMA tag can be used to specify an XML schema, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_SCHEMA = # The XML_DTD tag can be used to specify an XML DTD, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_DTD = # If the XML_PROGRAMLISTING tag is set to YES Doxygen will # dump the program listings (including syntax highlighting # and cross-referencing information) to the XML output. Note that # enabling this will significantly increase the size of the XML output. XML_PROGRAMLISTING = YES #--------------------------------------------------------------------------- # configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- # If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will # generate an AutoGen Definitions (see autogen.sf.net) file # that captures the structure of the code including all # documentation. Note that this feature is still experimental # and incomplete at the moment. GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- # configuration options related to the Perl module output #--------------------------------------------------------------------------- # If the GENERATE_PERLMOD tag is set to YES Doxygen will # generate a Perl module file that captures the structure of # the code including all documentation. Note that this # feature is still experimental and incomplete at the # moment. GENERATE_PERLMOD = NO # If the PERLMOD_LATEX tag is set to YES Doxygen will generate # the necessary Makefile rules, Perl scripts and LaTeX code to be able # to generate PDF and DVI output from the Perl module output. PERLMOD_LATEX = NO # If the PERLMOD_PRETTY tag is set to YES the Perl module output will be # nicely formatted so it can be parsed by a human reader. # This is useful # if you want to understand what is going on. # On the other hand, if this # tag is set to NO the size of the Perl module output will be much smaller # and Perl will parse it just the same. PERLMOD_PRETTY = YES # The names of the make variables in the generated doxyrules.make file # are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. # This is useful so different doxyrules.make files included by the same # Makefile don't overwrite each other's variables. PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- # If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will # evaluate all C-preprocessor directives found in the sources and include # files. ENABLE_PREPROCESSING = YES # If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro # names in the source code. If set to NO (the default) only conditional # compilation will be performed. Macro expansion can be done in a controlled # way by setting EXPAND_ONLY_PREDEF to YES. MACRO_EXPANSION = NO # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES # then the macro expansion is limited to the macros specified with the # PREDEFINED and EXPAND_AS_DEFINED tags. EXPAND_ONLY_PREDEF = NO # If the SEARCH_INCLUDES tag is set to YES (the default) the includes files # pointed to by INCLUDE_PATH will be searched when a #include is found. SEARCH_INCLUDES = YES # The INCLUDE_PATH tag can be used to specify one or more directories that # contain include files that are not input files but should be processed by # the preprocessor. INCLUDE_PATH = # You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard # patterns (like *.h and *.hpp) to filter out the header-files in the # directories. If left blank, the patterns specified with FILE_PATTERNS will # be used. INCLUDE_FILE_PATTERNS = # The PREDEFINED tag can be used to specify one or more macro names that # are defined before the preprocessor is started (similar to the -D option of # gcc). The argument of the tag is a list of macros of the form: name # or name=definition (no spaces). If the definition and the = are # omitted =1 is assumed. To prevent a macro definition from being # undefined via #undef or recursively expanded use the := operator # instead of the = operator. PREDEFINED = DOXYGEN # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # this tag can be used to specify a list of macro names that should be expanded. # The macro definition that is found in the sources will be used. # Use the PREDEFINED tag if you want to use a different macro definition that # overrules the definition found in the source code. EXPAND_AS_DEFINED = # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then # doxygen's preprocessor will remove all references to function-like macros # that are alone on a line, have an all uppercase name, and do not end with a # semicolon, because these will confuse the parser if not removed. SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- # Configuration::additions related to external references #--------------------------------------------------------------------------- # The TAGFILES option can be used to specify one or more tagfiles. For each # tag file the location of the external documentation should be added. The # format of a tag file without this location is as follows: # # TAGFILES = file1 file2 ... # Adding location for the tag files is done as follows: # # TAGFILES = file1=loc1 "file2 = loc2" ... # where "loc1" and "loc2" can be relative or absolute paths # or URLs. Note that each tag file must have a unique name (where the name does # NOT include the path). If a tag file is not located in the directory in which # doxygen is run, you must also specify the path to the tagfile here. TAGFILES = # When a file name is specified after GENERATE_TAGFILE, doxygen will create # a tag file that is based on the input files it reads. GENERATE_TAGFILE = # If the ALLEXTERNALS tag is set to YES all external classes will be listed # in the class index. If set to NO only the inherited external classes # will be listed. ALLEXTERNALS = NO # If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed # in the modules index. If set to NO, only the current project's groups will # be listed. EXTERNAL_GROUPS = YES # The PERL_PATH should be the absolute path and name of the perl script # interpreter (i.e. the result of `which perl'). PERL_PATH = /usr/bin/perl #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- # If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will # generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base # or super classes. Setting the tag to NO turns the diagrams off. Note that # this option also works with HAVE_DOT disabled, but it is recommended to # install and use dot, since it yields more powerful graphs. CLASS_DIAGRAMS = YES # You can define message sequence charts within doxygen comments using the \msc # command. Doxygen will then run the mscgen tool (see # http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the # documentation. The MSCGEN_PATH tag allows you to specify the directory where # the mscgen tool resides. If left empty the tool is assumed to be found in the # default search path. MSCGEN_PATH = # If set to YES, the inheritance and collaboration graphs will hide # inheritance and usage relations if the target is undocumented # or is not a class. HIDE_UNDOC_RELATIONS = YES # If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is # available from the path. This tool is part of Graphviz, a graph visualization # toolkit from AT&T and Lucent Bell Labs. The other options in this section # have no effect if this option is set to NO (the default) HAVE_DOT = NO # The DOT_NUM_THREADS specifies the number of dot invocations doxygen is # allowed to run in parallel. When set to 0 (the default) doxygen will # base this on the number of processors available in the system. You can set it # explicitly to a value larger than 0 to get control over the balance # between CPU load and processing speed. DOT_NUM_THREADS = 0 # By default doxygen will use the Helvetica font for all dot files that # doxygen generates. When you want a differently looking font you can specify # the font name using DOT_FONTNAME. You need to make sure dot is able to find # the font, which can be done by putting it in a standard location or by setting # the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the # directory containing the font. DOT_FONTNAME = FreeSans # The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. # The default size is 10pt. DOT_FONTSIZE = 10 # By default doxygen will tell dot to use the Helvetica font. # If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to # set the path where dot can find it. DOT_FONTPATH = # If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect inheritance relations. Setting this tag to YES will force the # CLASS_DIAGRAMS tag to NO. CLASS_GRAPH = YES # If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect implementation dependencies (inheritance, containment, and # class references variables) of the class with other documented classes. COLLABORATION_GRAPH = YES # If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen # will generate a graph for groups, showing the direct groups dependencies GROUP_GRAPHS = YES # If the UML_LOOK tag is set to YES doxygen will generate inheritance and # collaboration diagrams in a style similar to the OMG's Unified Modeling # Language. UML_LOOK = NO # If the UML_LOOK tag is enabled, the fields and methods are shown inside # the class node. If there are many fields or methods and many nodes the # graph may become too big to be useful. The UML_LIMIT_NUM_FIELDS # threshold limits the number of items for each type to make the size more # managable. Set this to 0 for no limit. Note that the threshold may be # exceeded by 50% before the limit is enforced. UML_LIMIT_NUM_FIELDS = 10 # If set to YES, the inheritance and collaboration graphs will show the # relations between templates and their instances. TEMPLATE_RELATIONS = NO # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT # tags are set to YES then doxygen will generate a graph for each documented # file showing the direct and indirect include dependencies of the file with # other documented files. INCLUDE_GRAPH = YES # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and # HAVE_DOT tags are set to YES then doxygen will generate a graph for each # documented header file showing the documented files that directly or # indirectly include this file. INCLUDED_BY_GRAPH = YES # If the CALL_GRAPH and HAVE_DOT options are set to YES then # doxygen will generate a call dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable call graphs # for selected functions only using the \callgraph command. CALL_GRAPH = NO # If the CALLER_GRAPH and HAVE_DOT tags are set to YES then # doxygen will generate a caller dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable caller # graphs for selected functions only using the \callergraph command. CALLER_GRAPH = NO # If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen # will generate a graphical hierarchy of all classes instead of a textual one. GRAPHICAL_HIERARCHY = YES # If the DIRECTORY_GRAPH and HAVE_DOT tags are set to YES # then doxygen will show the dependencies a directory has on other directories # in a graphical way. The dependency relations are determined by the #include # relations between the files in the directories. DIRECTORY_GRAPH = YES # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images # generated by dot. Possible values are svg, png, jpg, or gif. # If left blank png will be used. If you choose svg you need to set # HTML_FILE_EXTENSION to xhtml in order to make the SVG files # visible in IE 9+ (other browsers do not have this requirement). DOT_IMAGE_FORMAT = png # If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to # enable generation of interactive SVG images that allow zooming and panning. # Note that this requires a modern browser other than Internet Explorer. # Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you # need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files # visible. Older versions of IE do not have SVG support. INTERACTIVE_SVG = NO # The tag DOT_PATH can be used to specify the path where the dot tool can be # found. If left blank, it is assumed the dot tool can be found in the path. DOT_PATH = # The DOTFILE_DIRS tag can be used to specify one or more directories that # contain dot files that are included in the documentation (see the # \dotfile command). DOTFILE_DIRS = # The MSCFILE_DIRS tag can be used to specify one or more directories that # contain msc files that are included in the documentation (see the # \mscfile command). MSCFILE_DIRS = # The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of # nodes that will be shown in the graph. If the number of nodes in a graph # becomes larger than this value, doxygen will truncate the graph, which is # visualized by representing a node as a red box. Note that doxygen if the # number of direct children of the root node in a graph is already larger than # DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note # that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. DOT_GRAPH_MAX_NODES = 50 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the # graphs generated by dot. A depth value of 3 means that only nodes reachable # from the root by following a path via at most 3 edges will be shown. Nodes # that lay further from the root node will be omitted. Note that setting this # option to 1 or 2 may greatly reduce the computation time needed for large # code bases. Also note that the size of a graph can be further restricted by # DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. MAX_DOT_GRAPH_DEPTH = 0 # Set the DOT_TRANSPARENT tag to YES to generate images with a transparent # background. This is disabled by default, because dot on Windows does not # seem to support this out of the box. Warning: Depending on the platform used, # enabling this option may lead to badly anti-aliased labels on the edges of # a graph (i.e. they become hard to read). DOT_TRANSPARENT = YES # Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output # files in one run (i.e. multiple -o and -T options on the command line). This # makes dot run faster, but since only newer versions of dot (>1.8.10) # support this, this feature is disabled by default. DOT_MULTI_TARGETS = NO # If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will # generate a legend page explaining the meaning of the various boxes and # arrows in the dot generated graphs. GENERATE_LEGEND = YES # If the DOT_CLEANUP tag is set to YES (the default) Doxygen will # remove the intermediate dot files that are used to generate # the various graphs. DOT_CLEANUP = YES sssd-1.11.5/src/lib/idmap/PaxHeaders.13173/sss_idmap.h0000644000000000000000000000007412320753107020335 xustar000000000000000030 atime=1396954939.255891439 30 ctime=1396954961.510875057 sssd-1.11.5/src/lib/idmap/sss_idmap.h0000664002412700241270000010262612320753107020566 0ustar00jhrozekjhrozek00000000000000/* SSSD ID-mapping library Authors: Sumit Bose Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef SSS_IDMAP_H_ #define SSS_IDMAP_H_ #include #include #include #include #define DOM_SID_PREFIX "S-1-5-21-" #define DOM_SID_PREFIX_LEN (sizeof(DOM_SID_PREFIX) - 1) /** * @defgroup sss_idmap Map Unix UIDs and GIDs to SIDs and back * Libsss_idmap provides a mechanism to translate a SID to a UNIX UID or GID * or the other way round. * @{ */ /** * Error codes used by libsss_idmap */ enum idmap_error_code { /** Success */ IDMAP_SUCCESS = 0, /** Function is not yet implemented */ IDMAP_NOT_IMPLEMENTED, /** General error */ IDMAP_ERROR, /** Ran out of memory during processing */ IDMAP_OUT_OF_MEMORY, /** No domain added */ IDMAP_NO_DOMAIN, /** The provided idmap context is invalid */ IDMAP_CONTEXT_INVALID, /** The provided SID is invalid */ IDMAP_SID_INVALID, /** The provided SID was not found */ IDMAP_SID_UNKNOWN, /** The provided UID or GID could not be mapped */ IDMAP_NO_RANGE, /** The provided SID is a built-in one */ IDMAP_BUILTIN_SID, /** No more free slices */ IDMAP_OUT_OF_SLICES, /** New domain collides with existing one */ IDMAP_COLLISION, /** External source should be consulted for idmapping */ IDMAP_EXTERNAL, /** The provided name was not found */ IDMAP_NAME_UNKNOWN }; /** * Typedef for memory allocation functions */ typedef void *(idmap_alloc_func)(size_t size, void *pvt); typedef void (idmap_free_func)(void *ptr, void *pvt); /** * Structure for id ranges * FIXME: this struct might change when it is clear how ranges are handled on * the server side */ struct sss_idmap_range { uint32_t min; uint32_t max; }; /** * Opaque type for SIDs */ struct sss_dom_sid; /** * Opaque type for the idmap context */ struct sss_idmap_ctx; /** * Placeholder for Samba's struct dom_sid. Consumers of libsss_idmap should * include an appropriate Samba header file to define struct dom_sid. We use * it here to avoid a hard dependency on Samba devel packages. */ struct dom_sid; /** * @brief Initialize idmap context * * @param[in] alloc_func Function to allocate memory for the context, if * NULL malloc() id used * @param[in] alloc_pvt Private data for allocation routine * @param[in] free_func Function to free the memory the context, if * NULL free() id used * @param[out] ctx idmap context * * @return * - #IDMAP_OUT_OF_MEMORY: Insufficient memory to create the context */ enum idmap_error_code sss_idmap_init(idmap_alloc_func *alloc_func, void *alloc_pvt, idmap_free_func *free_func, struct sss_idmap_ctx **ctx); /** * @brief Set/unset autorid compatibility mode * * @param[in] ctx idmap context * @param[in] use_autorid If true, autorid compatibility mode will be used */ enum idmap_error_code sss_idmap_ctx_set_autorid(struct sss_idmap_ctx *ctx, bool use_autorid); /** * @brief Set the lower bound of the range of POSIX IDs * * @param[in] ctx idmap context * @param[in] lower lower bound of the range */ enum idmap_error_code sss_idmap_ctx_set_lower(struct sss_idmap_ctx *ctx, id_t lower); /** * @brief Set the upper bound of the range of POSIX IDs * * @param[in] ctx idmap context * @param[in] upper upper bound of the range */ enum idmap_error_code sss_idmap_ctx_set_upper(struct sss_idmap_ctx *ctx, id_t upper); /** * @brief Set the range size of POSIX IDs available for single domain * * @param[in] ctx idmap context * @param[in] rangesize range size of IDs */ enum idmap_error_code sss_idmap_ctx_set_rangesize(struct sss_idmap_ctx *ctx, id_t rangesize); /** * @brief Check if autorid compatibility mode is set * * @param[in] ctx idmap context * @param[out] _autorid true if autorid is used */ enum idmap_error_code sss_idmap_ctx_get_autorid(struct sss_idmap_ctx *ctx, bool *_autorid); /** * @brief Get the lower bound of the range of POSIX IDs * * @param[in] ctx idmap context * @param[out] _lower returned lower bound */ enum idmap_error_code sss_idmap_ctx_get_lower(struct sss_idmap_ctx *ctx, id_t *_lower); /** * @brief Get the upper bound of the range of POSIX IDs * * @param[in] ctx idmap context * @param[out] _upper returned upper bound */ enum idmap_error_code sss_idmap_ctx_get_upper(struct sss_idmap_ctx *ctx, id_t *_upper); /** * @brief Get the range size of POSIX IDs available for single domain * * @param[in] ctx idmap context * @param[out] rangesize returned range size */ enum idmap_error_code sss_idmap_ctx_get_rangesize(struct sss_idmap_ctx *ctx, id_t *rangesize); /** * @brief Calculate new range of available POSIX IDs * * @param[in] ctx Idmap context * @param[in] dom_sid Zero-terminated string representation of the domain * SID (S-1-15-.....) * @param[in,out] slice_num Slice number to be used. Set this pointer to NULL or * the addressed value to -1 to calculate slice number * automatically. The calculated value will be * returned in this parameter. * @param[out] range Structure containing upper and lower bound of the * range of POSIX IDs * * @return * - #IDMAP_OUT_OF_SLICES: Cannot calculate new range because all slices are * used. */ enum idmap_error_code sss_idmap_calculate_range(struct sss_idmap_ctx *ctx, const char *dom_sid, id_t *slice_num, struct sss_idmap_range *range); /** * @brief Add a domain to the idmap context * * @param[in] ctx Idmap context * @param[in] domain_name Zero-terminated string with the domain name * @param[in] domain_sid Zero-terminated string representation of the domain * SID (S-1-15-.....) * @param[in] range TBD Some information about the id ranges of this * domain * * @return * - #IDMAP_OUT_OF_MEMORY: Insufficient memory to store the data in the idmap * context * - #IDMAP_SID_INVALID: Invalid SID provided * - #IDMAP_NO_DOMAIN: No domain domain name given * - #IDMAP_COLLISION: New domain collides with existing one */ enum idmap_error_code sss_idmap_add_domain(struct sss_idmap_ctx *ctx, const char *domain_name, const char *domain_sid, struct sss_idmap_range *range); /** * @brief Add a domain with the first mappable RID to the idmap context * * @param[in] ctx Idmap context * @param[in] domain_name Zero-terminated string with the domain name * @param[in] domain_sid Zero-terminated string representation of the domain * SID (S-1-15-.....) * @param[in] range TBD Some information about the id ranges of this * domain * @param[in] range_id optional unique identifier of a range, it is needed * to allow updates at runtime * @param[in] rid The RID that should be mapped to the first ID of the * given range. * @param[in] external_mapping If set to true the ID will not be mapped * algorithmically, but the *_to_unix and *_unix_to_* * calls will return IDMAP_EXTERNAL to instruct the * caller to check external sources. For a single * domain all ranges must be of the same type. It is * not possible to mix algorithmic and external * mapping. * * @return * - #IDMAP_OUT_OF_MEMORY: Insufficient memory to store the data in the idmap * context * - #IDMAP_SID_INVALID: Invalid SID provided * - #IDMAP_NO_DOMAIN: No domain domain name given * - #IDMAP_COLLISION: New domain collides with existing one */ enum idmap_error_code sss_idmap_add_domain_ex(struct sss_idmap_ctx *ctx, const char *domain_name, const char *domain_sid, struct sss_idmap_range *range, const char *range_id, uint32_t rid, bool external_mapping); /** * @brief Check if a new range would collide with any existing one * * @param[in] ctx Idmap context * @param[in] n_name Zero-terminated string with the domain name the new * range should belong to * @param[in] n_sid Zero-terminated string representation of the domain * SID (S-1-15-.....) the new range sould belong to * @param[in] n_range The new id range * @param[in] n_range_id unique identifier of the new range, it is needed * to allow updates at runtime, may be NULL * @param[in] n_first_rid The RID that should be mapped to the first ID of the * new range. * @param[in] n_external_mapping Mapping type of the new range * * @return * - #IDMAP_COLLISION: New range collides with existing one */ enum idmap_error_code sss_idmap_check_collision(struct sss_idmap_ctx *ctx, char *n_name, char *n_sid, struct sss_idmap_range *n_range, uint32_t n_first_rid, char *n_range_id, bool n_external_mapping); /** * @brief Check if two ranges would collide * * @param[in] o_name Zero-terminated string with the domain name the * first range should belong to * @param[in] o_sid Zero-terminated string representation of the domain * SID (S-1-15-.....) the first range sould belong to * @param[in] o_range The first id range * @param[in] o_range_id unique identifier of the first range, it is needed * to allow updates at runtime, may be NULL * @param[in] o_first_rid The RID that should be mapped to the first ID of the * first range. * @param[in] o_external_mapping Mapping type of the first range * @param[in] n_name Zero-terminated string with the domain name the * second range should belong to * @param[in] n_sid Zero-terminated string representation of the domain * SID (S-1-15-.....) the second range sould belong to * @param[in] n_range The second id range * @param[in] n_range_id unique identifier of the second range, it is needed * to allow updates at runtime, may be NULL * @param[in] n_first_rid The RID that should be mapped to the first ID of the * second range. * @param[in] n_external_mapping Mapping type of the second range * * @return * - #IDMAP_COLLISION: New range collides with existing one */ enum idmap_error_code sss_idmap_check_collision_ex(const char *o_name, const char *o_sid, struct sss_idmap_range *o_range, uint32_t o_first_rid, const char *o_range_id, bool o_external_mapping, const char *n_name, const char *n_sid, struct sss_idmap_range *n_range, uint32_t n_first_rid, const char *n_range_id, bool n_external_mapping); /** * @brief Translate SID to a unix UID or GID * * @param[in] ctx Idmap context * @param[in] sid Zero-terminated string representation of the SID * @param[out] id Returned unix UID or GID * * @return * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context * - #IDMAP_SID_INVALID: Invalid SID provided * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the * idmap context * - #IDMAP_EXTERNAL: external source is authoritative for mapping */ enum idmap_error_code sss_idmap_sid_to_unix(struct sss_idmap_ctx *ctx, const char *sid, uint32_t *id); /** * @brief Translate a SID stucture to a unix UID or GID * * @param[in] ctx Idmap context * @param[in] dom_sid SID structure * @param[out] id Returned unix UID or GID * * @return * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context * - #IDMAP_SID_INVALID: Invalid SID provided * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the * idmap context * - #IDMAP_EXTERNAL: external source is authoritative for mapping */ enum idmap_error_code sss_idmap_dom_sid_to_unix(struct sss_idmap_ctx *ctx, struct sss_dom_sid *dom_sid, uint32_t *id); /** * @brief Translate a binary SID to a unix UID or GID * * @param[in] ctx Idmap context * @param[in] bin_sid Array with the binary SID * @param[in] length Size of the array containing the binary SID * @param[out] id Returned unix UID or GID * * @return * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context * - #IDMAP_SID_INVALID: Invalid SID provided * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the * idmap context * - #IDMAP_EXTERNAL: external source is authoritative for mapping */ enum idmap_error_code sss_idmap_bin_sid_to_unix(struct sss_idmap_ctx *ctx, uint8_t *bin_sid, size_t length, uint32_t *id); /** * @brief Translate a Samba dom_sid stucture to a unix UID or GID * * @param[in] ctx Idmap context * @param[in] smb_sid Samba dom_sid structure * @param[out] id Returned unix UID or GID * * @return * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context * - #IDMAP_SID_INVALID: Invalid SID provided * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the * idmap context * - #IDMAP_EXTERNAL: external source is authoritative for mapping */ enum idmap_error_code sss_idmap_smb_sid_to_unix(struct sss_idmap_ctx *ctx, struct dom_sid *smb_sid, uint32_t *id); /** * @brief Check if a SID and a unix UID or GID belong to the same range * * @param[in] ctx Idmap context * @param[in] sid Zero-terminated string representation of the SID * @param[in] id Unix UID or GID * * @return * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context * - #IDMAP_SID_INVALID: Invalid SID provided * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the * idmap context * - #IDMAP_NO_RANGE No matching ID range found */ enum idmap_error_code sss_idmap_check_sid_unix(struct sss_idmap_ctx *ctx, const char *sid, uint32_t id); /** * @brief Check if a SID structure and a unix UID or GID belong to the same range * * @param[in] ctx Idmap context * @param[in] dom_sid SID structure * @param[in] id Unix UID or GID * * @return * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context * - #IDMAP_SID_INVALID: Invalid SID provided * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the * idmap context * - #IDMAP_NO_RANGE No matching ID range found */ enum idmap_error_code sss_idmap_check_dom_sid_unix(struct sss_idmap_ctx *ctx, struct sss_dom_sid *dom_sid, uint32_t id); /** * @brief Check if a binary SID and a unix UID or GID belong to the same range * * @param[in] ctx Idmap context * @param[in] bin_sid Array with the binary SID * @param[in] length Size of the array containing the binary SID * @param[in] id Unix UID or GID * * @return * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context * - #IDMAP_SID_INVALID: Invalid SID provided * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the * idmap context * - #IDMAP_NO_RANGE No matching ID range found */ enum idmap_error_code sss_idmap_check_bin_sid_unix(struct sss_idmap_ctx *ctx, uint8_t *bin_sid, size_t length, uint32_t id); /** * @brief Check if a Samba dom_sid structure and a unix UID or GID belong to * the same range * * @param[in] ctx Idmap context * @param[in] smb_sid Samba dom_sid structure * @param[in] id Unix UID or GID * * @return * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context * - #IDMAP_SID_INVALID: Invalid SID provided * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the * idmap context * - #IDMAP_NO_RANGE No matching ID range found */ enum idmap_error_code sss_idmap_check_smb_sid_unix(struct sss_idmap_ctx *ctx, struct dom_sid *smb_sid, uint32_t id); /** * @brief Translate unix UID or GID to a SID * * @param[in] ctx Idmap context * @param[in] id unix UID or GID * @param[out] sid Zero-terminated string representation of the SID, must be * freed if not needed anymore * * @return * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context * - #IDMAP_NO_RANGE: The provided ID cannot be found in the domains added * to the idmap context * - #IDMAP_EXTERNAL: external source is authoritative for mapping */ enum idmap_error_code sss_idmap_unix_to_sid(struct sss_idmap_ctx *ctx, uint32_t id, char **sid); /** * @brief Translate unix UID or GID to a SID structure * * @param[in] ctx Idmap context * @param[in] id unix UID or GID * @param[out] dom_sid SID structure, must be freed if not needed anymore * * @return * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context * - #IDMAP_NO_RANGE: The provided ID cannot be found in the domains added * to the idmap context * - #IDMAP_EXTERNAL: external source is authoritative for mapping */ enum idmap_error_code sss_idmap_unix_to_dom_sid(struct sss_idmap_ctx *ctx, uint32_t id, struct sss_dom_sid **dom_sid); /** * @brief Translate unix UID or GID to a binary SID * * @param[in] ctx Idmap context * @param[in] id unix UID or GID * @param[out] bin_sid Array with the binary SID, * must be freed if not needed anymore * @param[out] length size of the array containing the binary SID * * @return * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context * - #IDMAP_NO_RANGE: The provided ID cannot be found in the domains added * to the idmap context * - #IDMAP_EXTERNAL: external source is authoritative for mapping */ enum idmap_error_code sss_idmap_unix_to_bin_sid(struct sss_idmap_ctx *ctx, uint32_t id, uint8_t **bin_sid, size_t *length); /** * @brief Free all the allocated memory of the idmap context * * @param[in] ctx Idmap context * * @return * - #IDMAP_CONTEXT_INVALID: Provided context is invalid */ enum idmap_error_code sss_idmap_free(struct sss_idmap_ctx *ctx); /** * @brief Free mapped SID. * * @param[in] ctx Idmap context * @param[in] sid SID to be freed. * * @return * - #IDMAP_CONTEXT_INVALID: Provided context is invalid */ enum idmap_error_code sss_idmap_free_sid(struct sss_idmap_ctx *ctx, char *sid); /** * @brief Free mapped domain SID. * * @param[in] ctx Idmap context * @param[in] dom_sid Domain SID to be freed. * * @return * - #IDMAP_CONTEXT_INVALID: Provided context is invalid */ enum idmap_error_code sss_idmap_free_dom_sid(struct sss_idmap_ctx *ctx, struct sss_dom_sid *dom_sid); /** * @brief Free mapped Samba SID. * * @param[in] ctx Idmap context * @param[in] smb_sid Samba SID to be freed. * * @return * - #IDMAP_CONTEXT_INVALID: Provided context is invalid */ enum idmap_error_code sss_idmap_free_smb_sid(struct sss_idmap_ctx *ctx, struct dom_sid *smb_sid); /** * @brief Free mapped binary SID. * * @param[in] ctx Idmap context * @param[in] bin_sid Binary SID to be freed. * * @return * - #IDMAP_CONTEXT_INVALID: Provided context is invalid */ enum idmap_error_code sss_idmap_free_bin_sid(struct sss_idmap_ctx *ctx, uint8_t *bin_sid); /** * @brief Translate error code to a string * * @param[in] err Idmap error code * * @return * - Error description as a zero-terminated string */ const char *idmap_error_string(enum idmap_error_code err); /** * @brief Check if given string can be used as domain SID * * @param[in] str String to check * * @return * - true: String can be used as domain SID * - false: String can not be used as domain SID */ bool is_domain_sid(const char *str); /** * @brief Check if a domain is configured with algorithmic mapping * * @param[in] ctx Idmap context * @param[in] dom_sid SID string, can be either a domain SID * or an object SID * @param[out] has_algorithmic_mapping Boolean value indicating if the given * domain is configured for algorithmic * mapping or not. * * @return * - #IDMAP_SUCCESS: Domain for the given SID was found and * has_algorithmic_mapping is set accordingly * - #IDMAP_SID_INVALID: Provided SID is invalid * - #IDMAP_CONTEXT_INVALID: Provided idmap context is invalid * - #IDMAP_NO_DOMAIN: No domains are available in the idmap context * - #IDMAP_SID_UNKNOWN: No domain with the given SID was found in the * idmap context */ enum idmap_error_code sss_idmap_domain_has_algorithmic_mapping(struct sss_idmap_ctx *ctx, const char *dom_sid, bool *has_algorithmic_mapping); /** * @brief Check if a domain is configured with algorithmic mapping * * @param[in] ctx Idmap context * @param[in] dom_name Name of the domain * @param[out] has_algorithmic_mapping Boolean value indicating if the given * domain is configured for algorithmic * mapping or not. * * @return * - #IDMAP_SUCCESS: Domain for the given name was found and * has_algorithmic_mapping is set accordingly * - #IDMAP_ERROR: Provided name is invalid * - #IDMAP_CONTEXT_INVALID: Provided idmap context is invalid * - #IDMAP_NO_DOMAIN: No domains are available in the idmap context * - #IDMAP_NAME_UNKNOWN: No domain with the given name was found in the * idmap context */ enum idmap_error_code sss_idmap_domain_by_name_has_algorithmic_mapping(struct sss_idmap_ctx *ctx, const char *dom_name, bool *has_algorithmic_mapping); /** * @brief Convert binary SID to SID structure * * @param[in] ctx Idmap context * @param[in] bin_sid Array with the binary SID * @param[in] length Size of the array containing the binary SID * @param[out] dom_sid SID structure, * must be freed if not needed anymore * * @return * - #IDMAP_SID_INVALID: Given SID is invalid * - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result */ enum idmap_error_code sss_idmap_bin_sid_to_dom_sid(struct sss_idmap_ctx *ctx, const uint8_t *bin_sid, size_t length, struct sss_dom_sid **dom_sid); /** * @brief Convert binary SID to SID string * * @param[in] ctx Idmap context * @param[in] bin_sid Array with the binary SID * @param[in] length Size of the array containing the binary SID * @param[out] sid Zero-terminated string representation of the SID, * must be freed if not needed anymore * * @return * - #IDMAP_SID_INVALID: Given SID is invalid * - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result */ enum idmap_error_code sss_idmap_bin_sid_to_sid(struct sss_idmap_ctx *ctx, const uint8_t *bin_sid, size_t length, char **sid); /** * @brief Convert SID structure to binary SID * * @param[in] ctx Idmap context * @param[in] dom_sid SID structure * @param[out] bin_sid Array with the binary SID, * must be freed if not needed anymore * @param[out] length Size of the array containing the binary SID * * @return * - #IDMAP_SID_INVALID: Given SID is invalid * - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result */ enum idmap_error_code sss_idmap_dom_sid_to_bin_sid(struct sss_idmap_ctx *ctx, struct sss_dom_sid *dom_sid, uint8_t **bin_sid, size_t *length); /** * @brief Convert SID string to binary SID * * @param[in] ctx Idmap context * @param[in] sid Zero-terminated string representation of the SID * @param[out] bin_sid Array with the binary SID, * must be freed if not needed anymore * @param[out] length Size of the array containing the binary SID * * @return * - #IDMAP_SID_INVALID: Given SID is invalid * - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result */ enum idmap_error_code sss_idmap_sid_to_bin_sid(struct sss_idmap_ctx *ctx, const char *sid, uint8_t **bin_sid, size_t *length); /** * @brief Convert SID structure to SID string * * @param[in] ctx Idmap context * @param[in] dom_sid SID structure * @param[out] sid Zero-terminated string representation of the SID, * must be freed if not needed anymore * * @return * - #IDMAP_SID_INVALID: Given SID is invalid * - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result */ enum idmap_error_code sss_idmap_dom_sid_to_sid(struct sss_idmap_ctx *ctx, struct sss_dom_sid *dom_sid, char **sid); /** * @brief Convert SID string to SID structure * * @param[in] ctx Idmap context * @param[in] sid Zero-terminated string representation of the SID * @param[out] dom_sid SID structure, * must be freed if not needed anymore * * @return * - #IDMAP_SID_INVALID: Given SID is invalid * - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result */ enum idmap_error_code sss_idmap_sid_to_dom_sid(struct sss_idmap_ctx *ctx, const char *sid, struct sss_dom_sid **dom_sid); /** * @brief Convert SID string to Samba dom_sid structure * * @param[in] ctx Idmap context * @param[in] sid Zero-terminated string representation of the SID * @param[out] smb_sid Samba dom_sid structure, * must be freed if not needed anymore * * @return * - #IDMAP_SID_INVALID: Given SID is invalid * - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result */ enum idmap_error_code sss_idmap_sid_to_smb_sid(struct sss_idmap_ctx *ctx, const char *sid, struct dom_sid **smb_sid); /** * @brief Convert Samba dom_sid structure to SID string * * @param[in] ctx Idmap context * @param[in] smb_sid Samba dom_sid structure * @param[out] sid Zero-terminated string representation of the SID, * must be freed if not needed anymore * * @return * - #IDMAP_SID_INVALID: Given SID is invalid * - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result */ enum idmap_error_code sss_idmap_smb_sid_to_sid(struct sss_idmap_ctx *ctx, struct dom_sid *smb_sid, char **sid); /** * @brief Convert SID stucture to Samba dom_sid structure * * @param[in] ctx Idmap context * @param[in] dom_sid SID structure * @param[out] smb_sid Samba dom_sid structure, * must be freed if not needed anymore * * @return * - #IDMAP_SID_INVALID: Given SID is invalid * - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result */ enum idmap_error_code sss_idmap_dom_sid_to_smb_sid(struct sss_idmap_ctx *ctx, struct sss_dom_sid *dom_sid, struct dom_sid **smb_sid); /** * @brief Convert Samba dom_sid structure to SID structure * * @param[in] ctx Idmap context * @param[in] smb_sid Samba dom_sid structure * @param[out] dom_sid SID structure, * must be freed if not needed anymore * * @return * - #IDMAP_SID_INVALID: Given SID is invalid * - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result */ enum idmap_error_code sss_idmap_smb_sid_to_dom_sid(struct sss_idmap_ctx *ctx, struct dom_sid *smb_sid, struct sss_dom_sid **dom_sid); /** * @brief Convert binary SID to Samba dom_sid structure * * @param[in] ctx Idmap context * @param[in] bin_sid Array with the binary SID * @param[in] length Size of the array containing the binary SID * @param[out] smb_sid Samba dom_sid structure, * must be freed if not needed anymore * * @return * - #IDMAP_SID_INVALID: Given SID is invalid * - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result */ enum idmap_error_code sss_idmap_bin_sid_to_smb_sid(struct sss_idmap_ctx *ctx, const uint8_t *bin_sid, size_t length, struct dom_sid **smb_sid); /** * @brief Convert Samba dom_sid structure to binary SID * * @param[in] ctx Idmap context * @param[in] smb_sid Samba dom_sid structure * @param[out] bin_sid Array with the binary SID, * must be freed if not needed anymore * @param[out] length Size of the array containing the binary SID * * @return * - #IDMAP_SID_INVALID: Given SID is invalid * - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result */ enum idmap_error_code sss_idmap_smb_sid_to_bin_sid(struct sss_idmap_ctx *ctx, struct dom_sid *smb_sid, uint8_t **bin_sid, size_t *length); /** * @} */ #endif /* SSS_IDMAP_H_ */ sssd-1.11.5/src/lib/idmap/PaxHeaders.13173/sss_idmap_conv.c0000644000000000000000000000007412320753107021355 xustar000000000000000030 atime=1396954939.255891439 30 ctime=1396954961.575875009 sssd-1.11.5/src/lib/idmap/sss_idmap_conv.c0000664002412700241270000003617512320753107021613 0ustar00jhrozekjhrozek00000000000000/* SSSD ID-mapping library - conversion utilities Authors: Sumit Bose Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "lib/idmap/sss_idmap.h" #include "lib/idmap/sss_idmap_private.h" #include "util/util.h" #include "util/sss_endian.h" #define SID_ID_AUTHS 6 #define SID_SUB_AUTHS 15 struct sss_dom_sid { uint8_t sid_rev_num; int8_t num_auths; /* [range(0,15)] */ uint8_t id_auth[SID_ID_AUTHS]; /* highest order byte has index 0 */ uint32_t sub_auths[SID_SUB_AUTHS]; /* host byte-order */ }; enum idmap_error_code sss_idmap_bin_sid_to_dom_sid(struct sss_idmap_ctx *ctx, const uint8_t *bin_sid, size_t length, struct sss_dom_sid **_dom_sid) { enum idmap_error_code err; struct sss_dom_sid *dom_sid; size_t i = 0; size_t p = 0; uint32_t val; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); if (length > sizeof(struct sss_dom_sid)) return IDMAP_SID_INVALID; dom_sid = ctx->alloc_func(sizeof(struct sss_dom_sid), ctx->alloc_pvt); if (dom_sid == NULL) { return IDMAP_OUT_OF_MEMORY; } memset(dom_sid, 0, sizeof(struct sss_dom_sid)); /* Safely copy in the SID revision number */ dom_sid->sid_rev_num = (uint8_t) *(bin_sid + p); p++; /* Safely copy in the number of sub auth values */ dom_sid->num_auths = (uint8_t) *(bin_sid + p); p++; /* Make sure we aren't being told to read more bin_sid * than can fit in the structure */ if (dom_sid->num_auths > SID_SUB_AUTHS) { err = IDMAP_SID_INVALID; goto done; } /* Safely copy in the id_auth values */ for (i = 0; i < SID_ID_AUTHS; i++) { dom_sid->id_auth[i] = (uint8_t) *(bin_sid + p); p++; } /* Safely copy in the sub_auths values */ for (i = 0; i < dom_sid->num_auths; i++) { /* SID sub auth values in Active Directory are stored little-endian, * we store them in host order */ SAFEALIGN_COPY_UINT32(&val, bin_sid + p, &p); dom_sid->sub_auths[i] = le32toh(val); } *_dom_sid = dom_sid; err = IDMAP_SUCCESS; done: if (err != IDMAP_SUCCESS) { ctx->free_func(dom_sid, ctx->alloc_pvt); } return err; } enum idmap_error_code sss_idmap_dom_sid_to_bin_sid(struct sss_idmap_ctx *ctx, struct sss_dom_sid *dom_sid, uint8_t **_bin_sid, size_t *_length) { enum idmap_error_code err; uint8_t *bin_sid; size_t length; size_t i = 0; size_t p = 0; uint32_t val; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); if (dom_sid->num_auths > SID_SUB_AUTHS) { return IDMAP_SID_INVALID; } length = 2 + SID_ID_AUTHS + dom_sid->num_auths * 4; bin_sid = ctx->alloc_func(length, ctx->alloc_pvt); if (bin_sid == NULL) { return IDMAP_OUT_OF_MEMORY; } bin_sid[p] = dom_sid->sid_rev_num; p++; bin_sid[p] = dom_sid->num_auths; p++; for (i = 0; i < SID_ID_AUTHS; i++) { bin_sid[p] = dom_sid->id_auth[i]; p++; } for (i = 0; i < dom_sid->num_auths; i++) { if (p + sizeof(uint32_t) > length) { err = IDMAP_SID_INVALID; goto done; } val = htole32(dom_sid->sub_auths[i]); SAFEALIGN_COPY_UINT32(bin_sid + p, &val, &p); } *_bin_sid = bin_sid; *_length = length; err = IDMAP_SUCCESS; done: if (err != IDMAP_SUCCESS) { ctx->free_func(bin_sid, ctx->alloc_pvt); } return err; } enum idmap_error_code sss_idmap_dom_sid_to_sid(struct sss_idmap_ctx *ctx, struct sss_dom_sid *dom_sid, char **_sid) { enum idmap_error_code err; char *sid_buf; size_t sid_buf_len; char *p; int nc; int8_t i; uint32_t id_auth_val = 0; if (dom_sid->num_auths > SID_SUB_AUTHS) { return IDMAP_SID_INVALID; } sid_buf_len = 25 + dom_sid->num_auths * 11; sid_buf = ctx->alloc_func(sid_buf_len, ctx->alloc_pvt); if (sid_buf == NULL) { return IDMAP_OUT_OF_MEMORY; } memset(sid_buf, 0, sid_buf_len); /* Only 32bits are used for the string representation */ id_auth_val = (dom_sid->id_auth[2] << 24) + (dom_sid->id_auth[3] << 16) + (dom_sid->id_auth[4] << 8) + (dom_sid->id_auth[5]); nc = snprintf(sid_buf, sid_buf_len, "S-%u-%lu", dom_sid->sid_rev_num, (unsigned long) id_auth_val); if (nc < 0 || nc >= sid_buf_len) { err = IDMAP_SID_INVALID; goto done; } /* Loop through the sub-auths, if any, prepending a hyphen * for each one. */ p = sid_buf; for (i = 0; i < dom_sid->num_auths ; i++) { p += nc; sid_buf_len -= nc; nc = snprintf(p, sid_buf_len, "-%lu", (unsigned long) dom_sid->sub_auths[i]); if (nc < 0 || nc >= sid_buf_len) { err = IDMAP_SID_INVALID; goto done; } } *_sid = sid_buf; err = IDMAP_SUCCESS; done: if (err != IDMAP_SUCCESS) { ctx->free_func(sid_buf, ctx->alloc_pvt); } return err; } enum idmap_error_code sss_idmap_sid_to_dom_sid(struct sss_idmap_ctx *ctx, const char *sid, struct sss_dom_sid **_dom_sid) { enum idmap_error_code err; unsigned long ul; char *r; char *end; struct sss_dom_sid *dom_sid; CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID); if (sid == NULL || (sid[0] != 'S' && sid[0] != 's') || sid[1] != '-') { return IDMAP_SID_INVALID; } dom_sid = ctx->alloc_func(sizeof(struct sss_dom_sid), ctx->alloc_pvt); if (dom_sid == NULL) { return IDMAP_OUT_OF_MEMORY; } memset(dom_sid, 0, sizeof(struct sss_dom_sid)); if (!isdigit(sid[2])) { err = IDMAP_SID_INVALID; goto done; } errno = 0; ul = strtoul(sid + 2, &r, 10); if (errno != 0 || r == NULL || *r != '-' || ul > UINT8_MAX) { err = IDMAP_SID_INVALID; goto done; } dom_sid->sid_rev_num = (uint8_t) ul; r++; if (!isdigit(*r)) { err = IDMAP_SID_INVALID; goto done; } errno = 0; ul = strtoul(r, &r, 10); if (errno != 0 || r == NULL || ul > UINT32_MAX) { err = IDMAP_SID_INVALID; goto done; } /* id_auth in the string should always be <2^32 in decimal */ /* store values in the same order as the binary representation */ dom_sid->id_auth[0] = 0; dom_sid->id_auth[1] = 0; dom_sid->id_auth[2] = (ul & 0xff000000) >> 24; dom_sid->id_auth[3] = (ul & 0x00ff0000) >> 16; dom_sid->id_auth[4] = (ul & 0x0000ff00) >> 8; dom_sid->id_auth[5] = (ul & 0x000000ff); if (*r == '\0') { /* no sub auths given */ err = IDMAP_SUCCESS; goto done; } if (*r != '-') { err = IDMAP_SID_INVALID; goto done; } do { if (dom_sid->num_auths >= SID_SUB_AUTHS) { err = IDMAP_SID_INVALID; goto done; } r++; if (!isdigit(*r)) { err = IDMAP_SID_INVALID; goto done; } errno = 0; ul = strtoul(r, &end, 10); if (errno != 0 || ul > UINT32_MAX || end == NULL || (*end != '\0' && *end != '-')) { err = IDMAP_SID_INVALID; goto done; } dom_sid->sub_auths[dom_sid->num_auths++] = ul; r = end; } while (*r != '\0'); err = IDMAP_SUCCESS; done: if (err != IDMAP_SUCCESS) { ctx->free_func(dom_sid, ctx->alloc_pvt); } else { *_dom_sid = dom_sid; } return err; } enum idmap_error_code sss_idmap_sid_to_bin_sid(struct sss_idmap_ctx *ctx, const char *sid, uint8_t **_bin_sid, size_t *_length) { enum idmap_error_code err; struct sss_dom_sid *dom_sid = NULL; size_t length; uint8_t *bin_sid = NULL; err = sss_idmap_sid_to_dom_sid(ctx, sid, &dom_sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_dom_sid_to_bin_sid(ctx, dom_sid, &bin_sid, &length); if (err != IDMAP_SUCCESS) { goto done; } *_length = length; *_bin_sid = bin_sid; err = IDMAP_SUCCESS; done: ctx->free_func(dom_sid, ctx->alloc_pvt); if (err != IDMAP_SUCCESS) { ctx->free_func(bin_sid, ctx->alloc_pvt); } return err; } enum idmap_error_code sss_idmap_bin_sid_to_sid(struct sss_idmap_ctx *ctx, const uint8_t *bin_sid, size_t length, char **_sid) { enum idmap_error_code err; struct sss_dom_sid *dom_sid = NULL; char *sid = NULL; err = sss_idmap_bin_sid_to_dom_sid(ctx, bin_sid, length, &dom_sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_dom_sid_to_sid(ctx, dom_sid, &sid); if (err != IDMAP_SUCCESS) { goto done; } *_sid = sid; err = IDMAP_SUCCESS; done: ctx->free_func(dom_sid, ctx->alloc_pvt); if (err != IDMAP_SUCCESS) { ctx->free_func(sid, ctx->alloc_pvt); } return err; } enum idmap_error_code sss_idmap_sid_to_smb_sid(struct sss_idmap_ctx *ctx, const char *sid, struct dom_sid **_smb_sid) { enum idmap_error_code err; struct sss_dom_sid *dom_sid = NULL; struct dom_sid *smb_sid = NULL; err = sss_idmap_sid_to_dom_sid(ctx, sid, &dom_sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_dom_sid_to_smb_sid(ctx, dom_sid, &smb_sid); if (err != IDMAP_SUCCESS) { goto done; } *_smb_sid = smb_sid; err = IDMAP_SUCCESS; done: ctx->free_func(dom_sid, ctx->alloc_pvt); if (err != IDMAP_SUCCESS) { ctx->free_func(smb_sid, ctx->alloc_pvt); } return err; } enum idmap_error_code sss_idmap_smb_sid_to_sid(struct sss_idmap_ctx *ctx, struct dom_sid *smb_sid, char **_sid) { enum idmap_error_code err; struct sss_dom_sid *dom_sid = NULL; char *sid = NULL; err = sss_idmap_smb_sid_to_dom_sid(ctx, smb_sid, &dom_sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_dom_sid_to_sid(ctx, dom_sid, &sid); if (err != IDMAP_SUCCESS) { goto done; } *_sid = sid; err = IDMAP_SUCCESS; done: ctx->free_func(dom_sid, ctx->alloc_pvt); if (err != IDMAP_SUCCESS) { ctx->free_func(sid, ctx->alloc_pvt); } return err; } enum idmap_error_code sss_idmap_dom_sid_to_smb_sid(struct sss_idmap_ctx *ctx, struct sss_dom_sid *dom_sid, struct dom_sid **_smb_sid) { struct dom_sid *smb_sid; size_t c; smb_sid = ctx->alloc_func(sizeof(struct dom_sid), ctx->alloc_pvt); if (smb_sid == NULL) { return IDMAP_OUT_OF_MEMORY; } memset(smb_sid, 0, sizeof(struct dom_sid)); smb_sid->sid_rev_num = dom_sid->sid_rev_num; smb_sid->num_auths = dom_sid->num_auths; for (c = 0; c < SID_ID_AUTHS; c++) { smb_sid->id_auth[c] = dom_sid->id_auth[c]; } for (c = 0; c < SID_SUB_AUTHS; c++) { smb_sid->sub_auths[c] = dom_sid->sub_auths[c]; } *_smb_sid = smb_sid; return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_smb_sid_to_dom_sid(struct sss_idmap_ctx *ctx, struct dom_sid *smb_sid, struct sss_dom_sid **_dom_sid) { struct sss_dom_sid *dom_sid; size_t c; dom_sid = ctx->alloc_func(sizeof(struct sss_dom_sid), ctx->alloc_pvt); if (dom_sid == NULL) { return IDMAP_OUT_OF_MEMORY; } memset(dom_sid, 0, sizeof(struct sss_dom_sid)); dom_sid->sid_rev_num = smb_sid->sid_rev_num; dom_sid->num_auths = smb_sid->num_auths; for (c = 0; c < SID_ID_AUTHS; c++) { dom_sid->id_auth[c] = smb_sid->id_auth[c]; } for (c = 0; c < SID_SUB_AUTHS; c++) { dom_sid->sub_auths[c] = smb_sid->sub_auths[c]; } *_dom_sid = dom_sid; return IDMAP_SUCCESS; } enum idmap_error_code sss_idmap_bin_sid_to_smb_sid(struct sss_idmap_ctx *ctx, const uint8_t *bin_sid, size_t length, struct dom_sid **_smb_sid) { enum idmap_error_code err; struct sss_dom_sid *dom_sid = NULL; struct dom_sid *smb_sid = NULL; err = sss_idmap_bin_sid_to_dom_sid(ctx, bin_sid, length, &dom_sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_dom_sid_to_smb_sid(ctx, dom_sid, &smb_sid); if (err != IDMAP_SUCCESS) { goto done; } *_smb_sid = smb_sid; err = IDMAP_SUCCESS; done: ctx->free_func(dom_sid, ctx->alloc_pvt); if (err != IDMAP_SUCCESS) { ctx->free_func(smb_sid, ctx->alloc_pvt); } return err; } enum idmap_error_code sss_idmap_smb_sid_to_bin_sid(struct sss_idmap_ctx *ctx, struct dom_sid *smb_sid, uint8_t **_bin_sid, size_t *_length) { enum idmap_error_code err; struct sss_dom_sid *dom_sid = NULL; uint8_t *bin_sid = NULL; size_t length; err = sss_idmap_smb_sid_to_dom_sid(ctx, smb_sid, &dom_sid); if (err != IDMAP_SUCCESS) { goto done; } err = sss_idmap_dom_sid_to_bin_sid(ctx, dom_sid, &bin_sid, &length); if (err != IDMAP_SUCCESS) { goto done; } *_bin_sid = bin_sid; *_length = length; err = IDMAP_SUCCESS; done: ctx->free_func(dom_sid, ctx->alloc_pvt); if (err != IDMAP_SUCCESS) { ctx->free_func(bin_sid, ctx->alloc_pvt); } return err; } sssd-1.11.5/src/lib/idmap/PaxHeaders.13173/sss_idmap_private.h0000644000000000000000000000007412320753107022067 xustar000000000000000030 atime=1396954939.255891439 30 ctime=1396954961.507875059 sssd-1.11.5/src/lib/idmap/sss_idmap_private.h0000664002412700241270000000466312320753107022322 0ustar00jhrozekjhrozek00000000000000/* SSSD ID-mapping library - private headers Authors: Sumit Bose Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef SSS_IDMAP_PRIVATE_H_ #define SSS_IDMAP_PRIVATE_H_ #define SSS_IDMAP_DEFAULT_LOWER 200000 #define SSS_IDMAP_DEFAULT_UPPER 2000200000 #define SSS_IDMAP_DEFAULT_RANGESIZE 200000 #define SSS_IDMAP_DEFAULT_AUTORID false #define CHECK_IDMAP_CTX(ctx, ret) do { \ if (ctx == NULL || ctx->alloc_func == NULL || ctx->free_func == NULL) { \ return ret; \ } \ } while(0) struct sss_idmap_opts { /* true if autorid compatibility mode is used */ bool autorid_mode; /* smallest available id (for all domains) */ id_t idmap_lower; /* highest available id (for all domains) */ id_t idmap_upper; /* number of available UIDs (for single domain) */ id_t rangesize; }; struct sss_idmap_ctx { idmap_alloc_func *alloc_func; void *alloc_pvt; idmap_free_func *free_func; struct sss_idmap_opts idmap_opts; struct idmap_domain_info *idmap_domain_info; }; /* This is a copy of the definition in the samba gen_ndr/security.h header * file. We use it here to be able to offer conversions form struct dom_sid to * string or binary representation since those are not made available by * public samba libraries. * * If the definition ever changes on the samba side we have to adopt the * change. But chances are very low that this will ever happen since e.g. this * struct is also defined in public documentation from Microsoft. See e.g. * section 2.4.2.3 of "[MS-DTYP]: Windows Data Types" * http://msdn.microsoft.com/en-us/library/cc230364(v=prot.10) */ struct dom_sid { uint8_t sid_rev_num; int8_t num_auths; uint8_t id_auth[6]; uint32_t sub_auths[15]; }; #endif /* SSS_IDMAP_PRIVATE_H_ */ sssd-1.11.5/src/lib/idmap/PaxHeaders.13173/sss_idmap.pc.in0000644000000000000000000000007412320753107021115 xustar000000000000000030 atime=1396954960.393875882 30 ctime=1396954961.364875165 sssd-1.11.5/src/lib/idmap/sss_idmap.pc.in0000664002412700241270000000036012320753107021336 0ustar00jhrozekjhrozek00000000000000prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ includedir=@includedir@ Name: sss_idmap Description: SSS idmap (SID <-> uid,gid) library Version: @VERSION@ Libs: -L${libdir} -lsss_idmap Cflags: URL: http://fedorahosted.org/sssd/ sssd-1.11.5/src/PaxHeaders.13173/tests0000644000000000000000000000013212320753521015422 xustar000000000000000030 mtime=1396954961.789874851 30 atime=1396955003.534843847 30 ctime=1396954961.789874851 sssd-1.11.5/src/tests/0000775002412700241270000000000012320753521015726 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/tests/PaxHeaders.13173/sysdb_ssh-tests.c0000644000000000000000000000007412320753107021011 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.783874855 sssd-1.11.5/src/tests/sysdb_ssh-tests.c0000664002412700241270000002515612320753107021244 0ustar00jhrozekjhrozek00000000000000/* Authors: Michal Zidek Stephen Gallagher This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include "config.h" #include "tests/common.h" #include "util/util.h" #include "confdb/confdb.h" #include "confdb/confdb_setup.h" #include "db/sysdb.h" #include "db/sysdb_services.h" #include "db/sysdb_ssh.h" #define TESTS_PATH "tests_sysdb_ssh" #define TEST_CONF_FILE "tests_conf.ldb" #define TEST_HOSTNAME "testhost" struct sysdb_test_ctx { struct sysdb_ctx *sysdb; struct confdb_ctx *confdb; struct tevent_context *ev; struct sss_domain_info *domain; }; static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) { struct sysdb_test_ctx *test_ctx; char *conf_db; int ret; const char *val[2]; val[1] = NULL; /* Create tests directory if it doesn't exist */ /* (relative to current dir) */ ret = mkdir(TESTS_PATH, 0775); if (ret == -1 && errno != EEXIST) { fail("Could not create %s directory", TESTS_PATH); return EFAULT; } test_ctx = talloc_zero(NULL, struct sysdb_test_ctx); if (test_ctx == NULL) { fail("Could not allocate memory for test context"); return ENOMEM; } /* Create an event context * It will not be used except in confdb_init and sysdb_init */ test_ctx->ev = tevent_context_init(test_ctx); if (test_ctx->ev == NULL) { fail("Could not create event context"); talloc_free(test_ctx); return EIO; } conf_db = talloc_asprintf(test_ctx, "%s/%s", TESTS_PATH, TEST_CONF_FILE); if (conf_db == NULL) { fail("Out of memory, aborting!"); talloc_free(test_ctx); return ENOMEM; } DEBUG(3, ("CONFDB: %s\n", conf_db)); /* Connect to the conf db */ ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db); if (ret != EOK) { fail("Could not initialize connection to the confdb"); talloc_free(test_ctx); return ret; } val[0] = "LOCAL"; ret = confdb_add_param(test_ctx->confdb, true, "config/sssd", "domains", val); if (ret != EOK) { fail("Could not initialize domains placeholder"); talloc_free(test_ctx); return ret; } val[0] = "local"; ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "id_provider", val); if (ret != EOK) { fail("Could not initialize provider"); talloc_free(test_ctx); return ret; } val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "enumerate", val); if (ret != EOK) { fail("Could not initialize LOCAL domain"); talloc_free(test_ctx); return ret; } val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "cache_credentials", val); if (ret != EOK) { fail("Could not initialize LOCAL domain"); talloc_free(test_ctx); return ret; } ret = sssd_domain_init(test_ctx, test_ctx->confdb, "local", TESTS_PATH, &test_ctx->domain); if (ret != EOK) { fail("Could not initialize connection to the sysdb (%d)", ret); talloc_free(test_ctx); return ret; } test_ctx->sysdb = test_ctx->domain->sysdb; *ctx = test_ctx; return EOK; } static void clean_up(void) { int ret = 0; ret += unlink(TESTS_PATH"/"TEST_CONF_FILE); ret += unlink(TESTS_PATH"/sssd.ldb"); ret += rmdir(TESTS_PATH); if (ret != 0) { fprintf(stderr, "Unable to remove all test files from %s\n",TESTS_PATH); } } struct test_data { struct tevent_context *ev; struct sysdb_test_ctx *ctx; const char *hostname; const char *alias; struct ldb_message *host; struct sysdb_attrs *attrs; }; static int test_sysdb_store_ssh_host(struct test_data *data) { int ret; time_t now = time(NULL); ret = sysdb_store_ssh_host(data->ctx->sysdb, data->ctx->domain, data->hostname, data->alias, now, data->attrs); return ret; } static int test_sysdb_delete_ssh_host(struct test_data *data) { int ret; ret = sysdb_delete_ssh_host(data->ctx->sysdb, data->ctx->domain, data->hostname); return ret; } static int test_sysdb_get_ssh_host(struct test_data *data) { int ret; const char *attrs[] = { SYSDB_NAME, NULL }; ret = sysdb_get_ssh_host(data->ctx, data->ctx->sysdb, data->ctx->domain, data->hostname, attrs, &data->host); return ret; } START_TEST (store_one_host_test) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); if (data == NULL) { fail("Out of memory!"); talloc_free(test_ctx); return; } data->ctx = test_ctx; data->ev = test_ctx->ev; data->hostname = talloc_strdup(test_ctx, TEST_HOSTNAME); if (data->hostname == NULL) { fail("Out of memory!"); talloc_free(test_ctx); return; } data->attrs = sysdb_new_attrs(test_ctx); if (data->attrs == NULL) { fail("Out of memory!"); talloc_free(test_ctx); return; } ret = test_sysdb_store_ssh_host(data); fail_if(ret != EOK, "Could not store host into database"); talloc_free(test_ctx); } END_TEST START_TEST (delete_existing_host_test) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); if (data == NULL) { fail("Out of memory!"); return; } data->ctx = test_ctx; data->ev = test_ctx->ev; data->hostname = talloc_strdup(test_ctx, TEST_HOSTNAME); if (data->hostname == NULL) { fail("Out of memory!"); talloc_free(test_ctx); return; } ret = test_sysdb_delete_ssh_host(data); fail_if(ret != EOK, "Could not delete host from database"); talloc_free(test_ctx); } END_TEST START_TEST (delete_nonexistent_host_test) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); if (data == NULL) { fail("Out of memory!"); talloc_free(test_ctx); return; } data->ctx = test_ctx; data->ev = test_ctx->ev; data->hostname = talloc_strdup(test_ctx, "nonexistent_host"); if (data->hostname == NULL) { fail("Out of memory!"); talloc_free(test_ctx); return; } ret = test_sysdb_delete_ssh_host(data); fail_if(ret != EOK, "Deletion of nonexistent host returned code %d", ret); talloc_free(test_ctx); } END_TEST START_TEST (sysdb_get_ssh_host_test) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up test"); return; } data = talloc_zero(test_ctx, struct test_data); if (data == NULL) { fail("Out of memory!"); talloc_free(test_ctx); return; } data->ctx = test_ctx; data->ev = test_ctx->ev; data->hostname = talloc_strdup(test_ctx, TEST_HOSTNAME); if (data->hostname == NULL) { fail("Out of memory!"); talloc_free(test_ctx); return; } data->attrs = sysdb_new_attrs(test_ctx); if (data->attrs == NULL) { fail("Out of memory!"); talloc_free(test_ctx); return; } ret = test_sysdb_store_ssh_host(data); if (ret != EOK) { fail("Could not store host '%s' to database", TEST_HOSTNAME); talloc_free(test_ctx); return; } ret = test_sysdb_get_ssh_host(data); fail_if(ret != EOK, "Could not find host '%s'",TEST_HOSTNAME); talloc_free(test_ctx); } END_TEST Suite *create_sysdb_ssh_suite(void) { Suite *s = suite_create("sysdb_ssh"); TCase *tc_sysdb_ssh = tcase_create("SYSDB_SSH Tests"); tcase_add_test(tc_sysdb_ssh, store_one_host_test); tcase_add_test(tc_sysdb_ssh, delete_existing_host_test); tcase_add_test(tc_sysdb_ssh, delete_nonexistent_host_test); tcase_add_test(tc_sysdb_ssh, sysdb_get_ssh_host_test); suite_add_tcase(s, tc_sysdb_ssh); return s; } int main(int argc, const char *argv[]) { int failcount; int opt; poptContext pc; Suite* s; SRunner *sr; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, (const char **) argv, long_options, 0); while ((opt = poptGetNextOpt(pc)) != -1) { fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } poptFreeContext(pc); DEBUG_INIT(debug_level); if (!ldb_modules_path_is_set()) { fprintf(stderr, "Warning: LDB_MODULES_PATH is not set, " "will use LDB plugins installed in system paths.\n"); } tests_set_cwd(); s = create_sysdb_ssh_suite(); sr = srunner_create(s); srunner_run_all(sr, CK_ENV); failcount = srunner_ntests_failed(sr); srunner_free(sr); clean_up(); if (failcount != 0) { return EXIT_FAILURE; } return EXIT_SUCCESS; } sssd-1.11.5/src/tests/PaxHeaders.13173/find_uid-tests.c0000644000000000000000000000007412320753107020571 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.717874904 sssd-1.11.5/src/tests/find_uid-tests.c0000664002412700241270000000635412320753107021023 0ustar00jhrozekjhrozek00000000000000/* SSSD find_uid - Utilities tests Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "util/find_uid.h" #include "tests/common.h" START_TEST(test_check_if_uid_is_active_success) { uid_t uid; bool result; int ret; uid = getuid(); ret = check_if_uid_is_active(uid, &result); fail_unless(ret == EOK, "check_if_uid_is_active failed."); fail_unless(result, "check_if_uid_is_active did not found my uid [%d]", uid); } END_TEST START_TEST(test_check_if_uid_is_active_fail) { uid_t uid; bool result; int ret; uid = (uid_t) -4; ret = check_if_uid_is_active(uid, &result); fail_unless(ret == EOK, "check_if_uid_is_active failed."); fail_unless(!result, "check_if_uid_is_active found (hopefully not active) " "uid [%d]", uid); } END_TEST START_TEST(test_get_uid_table) { uid_t uid; int ret; TALLOC_CTX *tmp_ctx; hash_table_t *table; hash_key_t key; hash_value_t value; tmp_ctx = talloc_new(NULL); fail_unless(tmp_ctx != NULL, "talloc_new failed."); ret = get_uid_table(tmp_ctx, &table); fail_unless(ret == EOK, "get_uid_table failed."); uid = getuid(); key.type = HASH_KEY_ULONG; key.ul = (unsigned long) uid; ret = hash_lookup(table, &key, &value); fail_unless(ret == HASH_SUCCESS, "Cannot find my uid [%d] in the table", uid); uid = (uid_t) -4; key.type = HASH_KEY_ULONG; key.ul = (unsigned long) uid; ret = hash_lookup(table, &key, &value); fail_unless(ret == HASH_ERROR_KEY_NOT_FOUND, "Found (hopefully not active) " "uid [%d] in the table", uid); talloc_free(tmp_ctx); } END_TEST Suite *find_uid_suite (void) { Suite *s = suite_create ("find_uid"); TCase *tc_find_uid = tcase_create ("find_uid"); tcase_add_test (tc_find_uid, test_check_if_uid_is_active_success); tcase_add_test (tc_find_uid, test_check_if_uid_is_active_fail); tcase_add_test (tc_find_uid, test_get_uid_table); suite_add_tcase (s, tc_find_uid); return s; } int main(void) { debug_level = SSSDBG_MASK_ALL; int number_failed; tests_set_cwd(); Suite *s = find_uid_suite (); SRunner *sr = srunner_create (s); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); number_failed = srunner_ntests_failed (sr); srunner_free (sr); return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; } sssd-1.11.5/src/tests/PaxHeaders.13173/pysss_murmur-test.py0000644000000000000000000000007412320753107021623 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.380875153 sssd-1.11.5/src/tests/pysss_murmur-test.py0000775002412700241270000000722312320753107022054 0ustar00jhrozekjhrozek00000000000000#!/usr/bin/python # SSSD # # Unit tests for pysss_murmur # # Copyright (C) Sumit Bose 2012 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . import unittest import sys import os import copy srcdir = os.getenv('builddir') if not srcdir: srcdir = "." MODPATH = srcdir + "/.libs" #FIXME - is there a way to get this from libtool? def compat_assertItemsEqual(this, expected_seq, actual_seq, msg=None): return this.assertEqual(sorted(expected_seq), sorted(actual_seq)) def compat_assertIsInstance(this, obj, cls, msg=None): return this.assertTrue(isinstance(obj, cls)) # add compat methods for old unittest.TestCase versions # (python < 2.7, RHEL5 for instance) if not hasattr(unittest.TestCase, "assertItemsEqual"): setattr(unittest.TestCase, "assertItemsEqual", compat_assertItemsEqual) if not hasattr(unittest.TestCase, "assertIsInstance"): setattr(unittest.TestCase, "assertIsInstance", compat_assertIsInstance) class PySssMurmurImport(unittest.TestCase): def setUp(self): " Make sure we load the in-tree module " self.system_path = sys.path[:] sys.path = [ MODPATH ] def tearDown(self): " Restore the system path " sys.path = self.system_path def testImport(self): " Import the module and assert it comes from tree " try: import pysss_murmur except ImportError, e: print >>sys.stderr, "Could not load the pysss_murmur module. Please check if it is compiled" raise e self.assertEqual(pysss_murmur.__file__, MODPATH + "/pysss_murmur.so") class PySssMurmurTest(unittest.TestCase): def testExpectedHash(self): hash = pysss_murmur.murmurhash3("S-1-5-21-2153326666-2176343378-3404031434", 41, 0xdeadbeef) self.assertEqual(hash, 93103853) def testInvalidArguments(self): self.assertRaises(ValueError, pysss_murmur.murmurhash3, 1, 2, 3) self.assertRaises(ValueError, pysss_murmur.murmurhash3, "test", 2) self.assertRaises(ValueError, pysss_murmur.murmurhash3, "test") self.assertRaises(ValueError, pysss_murmur.murmurhash3) self.assertRaises(ValueError, pysss_murmur.murmurhash3, "test", -1, 3) self.assertRaises(ValueError, pysss_murmur.murmurhash3, "test", 2, 0xffffffffff) self.assertRaises(ValueError, pysss_murmur.murmurhash3, "test", 0xffffffffff, 3) if __name__ == "__main__": error = 0 suite = unittest.TestLoader().loadTestsFromTestCase(PySssMurmurImport) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x1 # need to bail out here because pysss_murmur could not be imported sys.exit(error) # import the pysss_murmur module into the global namespace, but make sure # it's the one in tree sys.path.insert(0, MODPATH) import pysss_murmur suite = unittest.TestLoader().loadTestsFromTestCase(PySssMurmurTest) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x2 sys.exit(error) sssd-1.11.5/src/tests/PaxHeaders.13173/ipa_hbac-tests.c0000644000000000000000000000007412320753107020536 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.719874903 sssd-1.11.5/src/tests/ipa_hbac-tests.c0000664002412700241270000006622212320753107020770 0ustar00jhrozekjhrozek00000000000000/* SSSD Authors: Stephen Gallagher Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include "tests/common_check.h" #include "providers/ipa/ipa_hbac.h" #define HBAC_TEST_USER "testuser" #define HBAC_TEST_INVALID_USER "nosuchuser" #define HBAC_TEST_GROUP1 "testgroup1" #define HBAC_TEST_GROUP2 "testgroup2" #define HBAC_TEST_INVALID_GROUP "nosuchgroup" #define HBAC_TEST_SERVICE "testservice" #define HBAC_TEST_INVALID_SERVICE "nosuchservice" #define HBAC_TEST_SERVICEGROUP1 "login_services" #define HBAC_TEST_SERVICEGROUP2 "all_services" #define HBAC_TEST_INVALID_SERVICEGROUP "nosuchservicegroup" #define HBAC_TEST_SRCHOST "client.example.com" #define HBAC_TEST_INVALID_SRCHOST "nosuchsrchost" #define HBAC_TEST_SRCHOSTGROUP1 "site_hosts" #define HBAC_TEST_SRCHOSTGROUP2 "corp_hosts" #define HBAC_TEST_INVALID_SRCHOSTGROUP "nosuchsrchostgroup" /* These don't make sense for a user/group/service but they do the job and * every one is from a different codepage */ /* Latin Extended A - "Czech" */ const uint8_t user_utf8_lowcase[] = { 0xC4, 0x8D, 'e', 'c', 'h', 0x0 }; const uint8_t user_utf8_upcase[] = { 0xC4, 0x8C, 'e', 'c', 'h', 0x0 }; const uint8_t user_utf8_lowcase_neg[] = { 0xC4, 0x8E, 'e', 'c', 'h', 0x0 }; /* Latin 1 Supplement - "Munchen" */ const uint8_t service_utf8_lowcase[] = { 'm', 0xC3, 0xBC, 'n', 'c', 'h', 'e', 'n', 0x0 }; const uint8_t service_utf8_upcase[] = { 'M', 0xC3, 0x9C, 'N', 'C', 'H', 'E', 'N', 0x0 }; /* Greek - "AlphaBetaGamma" */ const uint8_t srchost_utf8_lowcase[] = { 0xCE, 0xB1, 0xCE, 0xB2, 0xCE, 0xB3, 0x0 }; const uint8_t srchost_utf8_upcase[] = { 0xCE, 0x91, 0xCE, 0x92, 0xCE, 0x93, 0x0 }; /* Turkish "capital I" and "dotless i" */ const uint8_t user_lowcase_tr[] = { 0xC4, 0xB1, 0x0 }; const uint8_t user_upcase_tr[] = { 0x49, 0x0 }; static void get_allow_all_rule(TALLOC_CTX *mem_ctx, struct hbac_rule **allow_rule) { struct hbac_rule *rule; /* Create a rule that ALLOWs all services, users and * remote hosts. */ rule = talloc_zero(mem_ctx, struct hbac_rule); fail_if (rule == NULL); rule->enabled = true; rule->services = talloc_zero(rule, struct hbac_rule_element); fail_if (rule->services == NULL); rule->services->category = HBAC_CATEGORY_ALL; rule->services->names = NULL; rule->services->groups = NULL; rule->users = talloc_zero(rule, struct hbac_rule_element); fail_if (rule->users == NULL); rule->users->category = HBAC_CATEGORY_ALL; rule->users->names = NULL; rule->users->groups = NULL; rule->targethosts = talloc_zero(rule, struct hbac_rule_element); fail_if (rule->targethosts == NULL); rule->targethosts->category = HBAC_CATEGORY_ALL; rule->targethosts->names = NULL; rule->targethosts->groups = NULL; rule->srchosts = talloc_zero(rule, struct hbac_rule_element); fail_if (rule->srchosts == NULL); rule->srchosts->category = HBAC_CATEGORY_ALL; rule->srchosts->names = NULL; rule->srchosts->groups = NULL; *allow_rule = rule; } static void get_test_user(TALLOC_CTX *mem_ctx, struct hbac_request_element **user) { struct hbac_request_element *new_user; new_user = talloc_zero(mem_ctx, struct hbac_request_element); fail_if (new_user == NULL); new_user->name = talloc_strdup(new_user, HBAC_TEST_USER); fail_if(new_user->name == NULL); new_user->groups = talloc_array(new_user, const char *, 3); fail_if(new_user->groups == NULL); new_user->groups[0] = talloc_strdup(new_user->groups, HBAC_TEST_GROUP1); fail_if(new_user->groups[0] == NULL); new_user->groups[1] = talloc_strdup(new_user->groups, HBAC_TEST_GROUP2); fail_if(new_user->groups[1] == NULL); new_user->groups[2] = NULL; *user = new_user; } static void get_test_service(TALLOC_CTX *mem_ctx, struct hbac_request_element **service) { struct hbac_request_element *new_service; new_service = talloc_zero(mem_ctx, struct hbac_request_element); fail_if (new_service == NULL); new_service->name = talloc_strdup(new_service, HBAC_TEST_SERVICE); fail_if(new_service->name == NULL); new_service->groups = talloc_array(new_service, const char *, 3); fail_if(new_service->groups == NULL); new_service->groups[0] = talloc_strdup(new_service->groups, HBAC_TEST_SERVICEGROUP1); fail_if(new_service->groups[0] == NULL); new_service->groups[1] = talloc_strdup(new_service->groups, HBAC_TEST_SERVICEGROUP2); fail_if(new_service->groups[1] == NULL); new_service->groups[2] = NULL; *service = new_service; } static void get_test_srchost(TALLOC_CTX *mem_ctx, struct hbac_request_element **srchost) { struct hbac_request_element *new_srchost; new_srchost = talloc_zero(mem_ctx, struct hbac_request_element); fail_if (new_srchost == NULL); new_srchost->name = talloc_strdup(new_srchost, "client.example.com"); fail_if(new_srchost->name == NULL); new_srchost->groups = talloc_array(new_srchost, const char *, 3); fail_if(new_srchost->groups == NULL); new_srchost->groups[0] = talloc_strdup(new_srchost->groups, "site_hosts"); fail_if(new_srchost->groups[0] == NULL); new_srchost->groups[1] = talloc_strdup(new_srchost->groups, "corp_hosts"); fail_if(new_srchost->groups[1] == NULL); new_srchost->groups[2] = NULL; *srchost = new_srchost; } START_TEST(ipa_hbac_test_allow_all) { enum hbac_eval_result result; TALLOC_CTX *test_ctx; struct hbac_rule **rules; struct hbac_eval_req *eval_req; struct hbac_info *info; bool is_valid; uint32_t missing_attrs; test_ctx = talloc_new(global_talloc_context); /* Create a request */ eval_req = talloc_zero(test_ctx, struct hbac_eval_req); fail_if (eval_req == NULL); get_test_user(eval_req, &eval_req->user); get_test_service(eval_req, &eval_req->service); get_test_srchost(eval_req, &eval_req->srchost); /* Create the rules to evaluate against */ rules = talloc_array(test_ctx, struct hbac_rule *, 2); fail_if (rules == NULL); get_allow_all_rule(rules, &rules[0]); rules[0]->name = talloc_strdup(rules[0], "Allow All"); fail_if(rules[0]->name == NULL); rules[1] = NULL; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_ALLOW, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_ALLOW), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); talloc_free(test_ctx); } END_TEST START_TEST(ipa_hbac_test_allow_user) { enum hbac_eval_result result; TALLOC_CTX *test_ctx; struct hbac_rule **rules; struct hbac_eval_req *eval_req; struct hbac_info *info; bool is_valid; uint32_t missing_attrs; test_ctx = talloc_new(global_talloc_context); /* Create a request */ eval_req = talloc_zero(test_ctx, struct hbac_eval_req); fail_if (eval_req == NULL); get_test_user(eval_req, &eval_req->user); get_test_service(eval_req, &eval_req->service); get_test_srchost(eval_req, &eval_req->srchost); /* Create the rules to evaluate against */ rules = talloc_array(test_ctx, struct hbac_rule *, 2); fail_if (rules == NULL); get_allow_all_rule(rules, &rules[0]); /* Modify the rule to allow only a specific user */ rules[0]->name = talloc_strdup(rules[0], "Allow user"); fail_if(rules[0]->name == NULL); rules[0]->users->category = HBAC_CATEGORY_NULL; rules[0]->users->names = talloc_array(rules[0], const char *, 2); fail_if(rules[0]->users->names == NULL); rules[0]->users->names[0] = HBAC_TEST_USER; rules[0]->users->names[1] = NULL; rules[1] = NULL; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_ALLOW, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_ALLOW), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); /* Negative test */ rules[0]->users->names[0] = HBAC_TEST_INVALID_USER; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_DENY, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_DENY), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); talloc_free(test_ctx); } END_TEST START_TEST(ipa_hbac_test_allow_utf8) { enum hbac_eval_result result; TALLOC_CTX *test_ctx; struct hbac_rule **rules; struct hbac_eval_req *eval_req; struct hbac_info *info; bool is_valid; uint32_t missing_attrs; test_ctx = talloc_new(global_talloc_context); /* Create a request */ eval_req = talloc_zero(test_ctx, struct hbac_eval_req); fail_if (eval_req == NULL); get_test_user(eval_req, &eval_req->user); get_test_service(eval_req, &eval_req->service); get_test_srchost(eval_req, &eval_req->srchost); /* Override the with UTF8 values */ eval_req->user->name = (const char *) &user_utf8_lowcase; eval_req->srchost->name = (const char *) &srchost_utf8_lowcase; eval_req->service->name = (const char *) &service_utf8_lowcase; /* Create the rules to evaluate against */ rules = talloc_array(test_ctx, struct hbac_rule *, 2); fail_if (rules == NULL); get_allow_all_rule(rules, &rules[0]); rules[0]->name = talloc_strdup(rules[0], "Allow user"); fail_if(rules[0]->name == NULL); rules[0]->users->category = HBAC_CATEGORY_NULL; /* Modify the rule to allow only a specific user */ rules[0]->users->names = talloc_array(rules[0], const char *, 2); fail_if(rules[0]->users->names == NULL); rules[0]->users->names[0] = (const char *) &user_utf8_upcase; rules[0]->users->names[1] = NULL; /* Modify the rule to allow only a specific service */ rules[0]->services->category = HBAC_CATEGORY_NULL; rules[0]->services->names = talloc_array(rules[0], const char *, 2); fail_if(rules[0]->services->names == NULL); rules[0]->services->names[0] = (const char *) &service_utf8_upcase; rules[0]->services->names[1] = NULL; /* Modify the rule to allow only a specific service */ rules[0]->srchosts->category = HBAC_CATEGORY_NULL; rules[0]->srchosts->names = talloc_array(rules[0], const char *, 2); fail_if(rules[0]->services->names == NULL); rules[0]->srchosts->names[0] = (const char *) &srchost_utf8_upcase; rules[0]->services->names[1] = NULL; rules[1] = NULL; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_ALLOW, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_ALLOW), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); /* Negative test - a different letter */ rules[0]->users->names[0] = (const char *) &user_utf8_lowcase_neg; /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_DENY, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_DENY), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); /* Negative test - Turkish dotless i. We cannot know that capital I * casefolds into dotless i unless we know the language is Turkish */ eval_req->user->name = (const char *) &user_lowcase_tr; rules[0]->users->names[0] = (const char *) &user_upcase_tr; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_DENY, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_DENY), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); talloc_free(test_ctx); } END_TEST START_TEST(ipa_hbac_test_allow_group) { enum hbac_eval_result result; TALLOC_CTX *test_ctx; struct hbac_rule **rules; struct hbac_eval_req *eval_req; struct hbac_info *info; bool is_valid; uint32_t missing_attrs; test_ctx = talloc_new(global_talloc_context); /* Create a request */ eval_req = talloc_zero(test_ctx, struct hbac_eval_req); fail_if (eval_req == NULL); get_test_user(eval_req, &eval_req->user); get_test_service(eval_req, &eval_req->service); get_test_srchost(eval_req, &eval_req->srchost); /* Create the rules to evaluate against */ rules = talloc_array(test_ctx, struct hbac_rule *, 2); fail_if (rules == NULL); get_allow_all_rule(rules, &rules[0]); /* Modify the rule to allow only a group of users */ rules[0]->name = talloc_strdup(rules[0], "Allow group"); fail_if(rules[0]->name == NULL); rules[0]->users->category = HBAC_CATEGORY_NULL; rules[0]->users->names = NULL; rules[0]->users->groups = talloc_array(rules[0], const char *, 2); fail_if(rules[0]->users->groups == NULL); rules[0]->users->groups[0] = HBAC_TEST_GROUP1; rules[0]->users->groups[1] = NULL; rules[1] = NULL; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_ALLOW, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_ALLOW), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); /* Negative test */ rules[0]->users->groups[0] = HBAC_TEST_INVALID_GROUP; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_DENY, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_DENY), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); talloc_free(test_ctx); } END_TEST START_TEST(ipa_hbac_test_allow_svc) { enum hbac_eval_result result; TALLOC_CTX *test_ctx; struct hbac_rule **rules; struct hbac_eval_req *eval_req; struct hbac_info *info; bool is_valid; uint32_t missing_attrs; test_ctx = talloc_new(global_talloc_context); /* Create a request */ eval_req = talloc_zero(test_ctx, struct hbac_eval_req); fail_if (eval_req == NULL); get_test_user(eval_req, &eval_req->user); get_test_service(eval_req, &eval_req->service); get_test_srchost(eval_req, &eval_req->srchost); /* Create the rules to evaluate against */ rules = talloc_array(test_ctx, struct hbac_rule *, 2); fail_if (rules == NULL); get_allow_all_rule(rules, &rules[0]); /* Modify the rule to allow only a specific service */ rules[0]->name = talloc_strdup(rules[0], "Allow service"); fail_if(rules[0]->name == NULL); rules[0]->services->category = HBAC_CATEGORY_NULL; rules[0]->services->names = talloc_array(rules[0], const char *, 2); fail_if(rules[0]->services->names == NULL); rules[0]->services->names[0] = HBAC_TEST_SERVICE; rules[0]->services->names[1] = NULL; rules[1] = NULL; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_ALLOW, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_ALLOW), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); /* Negative test */ rules[0]->services->names[0] = HBAC_TEST_INVALID_SERVICE; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_DENY, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_DENY), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); talloc_free(test_ctx); } END_TEST START_TEST(ipa_hbac_test_allow_svcgroup) { enum hbac_eval_result result; TALLOC_CTX *test_ctx; struct hbac_rule **rules; struct hbac_eval_req *eval_req; struct hbac_info *info; bool is_valid; uint32_t missing_attrs; test_ctx = talloc_new(global_talloc_context); /* Create a request */ eval_req = talloc_zero(test_ctx, struct hbac_eval_req); fail_if (eval_req == NULL); get_test_user(eval_req, &eval_req->user); get_test_service(eval_req, &eval_req->service); get_test_srchost(eval_req, &eval_req->srchost); /* Create the rules to evaluate against */ rules = talloc_array(test_ctx, struct hbac_rule *, 2); fail_if (rules == NULL); get_allow_all_rule(rules, &rules[0]); /* Modify the rule to allow only a group of users */ rules[0]->name = talloc_strdup(rules[0], "Allow servicegroup"); fail_if(rules[0]->name == NULL); rules[0]->services->category = HBAC_CATEGORY_NULL; rules[0]->services->names = NULL; rules[0]->services->groups = talloc_array(rules[0], const char *, 2); fail_if(rules[0]->services->groups == NULL); rules[0]->services->groups[0] = HBAC_TEST_SERVICEGROUP1; rules[0]->services->groups[1] = NULL; rules[1] = NULL; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_ALLOW, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_ALLOW), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); /* Negative test */ rules[0]->services->groups[0] = HBAC_TEST_INVALID_SERVICEGROUP; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_DENY, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_DENY), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); talloc_free(test_ctx); } END_TEST START_TEST(ipa_hbac_test_allow_srchost) { enum hbac_eval_result result; TALLOC_CTX *test_ctx; struct hbac_rule **rules; struct hbac_eval_req *eval_req; struct hbac_info *info; bool is_valid; uint32_t missing_attrs; test_ctx = talloc_new(global_talloc_context); /* Create a request */ eval_req = talloc_zero(test_ctx, struct hbac_eval_req); fail_if (eval_req == NULL); get_test_user(eval_req, &eval_req->user); get_test_service(eval_req, &eval_req->service); get_test_srchost(eval_req, &eval_req->srchost); /* Create the rules to evaluate against */ rules = talloc_array(test_ctx, struct hbac_rule *, 2); fail_if (rules == NULL); get_allow_all_rule(rules, &rules[0]); /* Modify the rule to allow only a specific service */ rules[0]->name = talloc_strdup(rules[0], "Allow srchost"); fail_if(rules[0]->name == NULL); rules[0]->srchosts->category = HBAC_CATEGORY_NULL; rules[0]->srchosts->names = talloc_array(rules[0], const char *, 2); fail_if(rules[0]->srchosts->names == NULL); rules[0]->srchosts->names[0] = HBAC_TEST_SRCHOST; rules[0]->srchosts->names[1] = NULL; rules[1] = NULL; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_ALLOW, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_ALLOW), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); /* Negative test */ rules[0]->srchosts->names[0] = HBAC_TEST_INVALID_SRCHOST; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_DENY, "Expected [%s], got [%s]; " "Error: [%s](%s)", hbac_result_string(HBAC_EVAL_DENY), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); talloc_free(test_ctx); } END_TEST START_TEST(ipa_hbac_test_allow_srchostgroup) { enum hbac_eval_result result; TALLOC_CTX *test_ctx; struct hbac_rule **rules; struct hbac_eval_req *eval_req; struct hbac_info *info; bool is_valid; uint32_t missing_attrs; test_ctx = talloc_new(global_talloc_context); /* Create a request */ eval_req = talloc_zero(test_ctx, struct hbac_eval_req); fail_if (eval_req == NULL); get_test_user(eval_req, &eval_req->user); get_test_service(eval_req, &eval_req->service); get_test_srchost(eval_req, &eval_req->srchost); /* Create the rules to evaluate against */ rules = talloc_array(test_ctx, struct hbac_rule *, 2); fail_if (rules == NULL); get_allow_all_rule(rules, &rules[0]); /* Modify the rule to allow only a group of users */ rules[0]->name = talloc_strdup(rules[0], "Allow srchostgroup"); fail_if(rules[0]->name == NULL); rules[0]->srchosts->category = HBAC_CATEGORY_NULL; rules[0]->srchosts->names = NULL; rules[0]->srchosts->groups = talloc_array(rules[0], const char *, 2); fail_if(rules[0]->srchosts->groups == NULL); rules[0]->srchosts->groups[0] = HBAC_TEST_SRCHOSTGROUP1; rules[0]->srchosts->groups[1] = NULL; rules[1] = NULL; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_ALLOW, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_ALLOW), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); /* Negative test */ rules[0]->srchosts->groups[0] = HBAC_TEST_INVALID_SRCHOSTGROUP; /* Validate this rule */ is_valid = hbac_rule_is_complete(rules[0], &missing_attrs); fail_unless(is_valid); fail_unless(missing_attrs == 0); /* Evaluate the rules */ result = hbac_evaluate(rules, eval_req, &info); fail_unless(result == HBAC_EVAL_DENY, "Expected [%s], got [%s]; " "Error: [%s]", hbac_result_string(HBAC_EVAL_DENY), hbac_result_string(result), info ? hbac_error_string(info->code):"Unknown"); talloc_free(test_ctx); } END_TEST START_TEST(ipa_hbac_test_incomplete) { TALLOC_CTX *test_ctx; struct hbac_rule *rule; bool is_valid; uint32_t missing_attrs; test_ctx = talloc_new(global_talloc_context); rule = talloc_zero(test_ctx, struct hbac_rule); /* Validate this rule */ is_valid = hbac_rule_is_complete(rule, &missing_attrs); fail_if(is_valid); fail_unless(missing_attrs | HBAC_RULE_ELEMENT_USERS); fail_unless(missing_attrs | HBAC_RULE_ELEMENT_SERVICES); fail_unless(missing_attrs | HBAC_RULE_ELEMENT_TARGETHOSTS); fail_unless(missing_attrs | HBAC_RULE_ELEMENT_SOURCEHOSTS); talloc_free(test_ctx); } END_TEST Suite *hbac_test_suite (void) { Suite *s = suite_create ("HBAC"); TCase *tc_hbac = tcase_create("HBAC_rules"); tcase_add_checked_fixture(tc_hbac, ck_leak_check_setup, ck_leak_check_teardown); tcase_add_test(tc_hbac, ipa_hbac_test_allow_all); tcase_add_test(tc_hbac, ipa_hbac_test_allow_user); tcase_add_test(tc_hbac, ipa_hbac_test_allow_group); tcase_add_test(tc_hbac, ipa_hbac_test_allow_svc); tcase_add_test(tc_hbac, ipa_hbac_test_allow_svcgroup); tcase_add_test(tc_hbac, ipa_hbac_test_allow_srchost); tcase_add_test(tc_hbac, ipa_hbac_test_allow_srchostgroup); tcase_add_test(tc_hbac, ipa_hbac_test_allow_utf8); tcase_add_test(tc_hbac, ipa_hbac_test_incomplete); suite_add_tcase(s, tc_hbac); return s; } int main(int argc, const char *argv[]) { int number_failed; tests_set_cwd(); Suite *s = hbac_test_suite(); SRunner *sr = srunner_create(s); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); number_failed = srunner_ntests_failed (sr); srunner_free (sr); return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; } sssd-1.11.5/src/tests/PaxHeaders.13173/ad_ldap_opt-tests.c0000644000000000000000000000007412320753107021256 xustar000000000000000030 atime=1396954939.273891426 30 ctime=1396954961.707874911 sssd-1.11.5/src/tests/ad_ldap_opt-tests.c0000664002412700241270000000636112320753107021506 0ustar00jhrozekjhrozek00000000000000/* SSSD Tests if AD and LDAP backend options are in sync Authors: Jakub Hrozek Stephen Gallagher Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "providers/ad/ad_common.h" #include "providers/ad/ad_opts.h" #include "providers/ldap/sdap.h" #include "providers/ldap/ldap_opts.h" #include "providers/krb5/krb5_opts.h" #include "providers/krb5/krb5_common.h" #include "tests/common.h" START_TEST(test_compare_opts) { errno_t ret; ret = compare_dp_options(default_basic_opts, SDAP_OPTS_BASIC, ad_def_ldap_opts); fail_unless(ret == EOK, "[%s]", strerror(ret)); ret = compare_dp_options(default_krb5_opts, KRB5_OPTS, ad_def_krb5_opts); fail_unless(ret == EOK, "[%s]", strerror(ret)); } END_TEST START_TEST(test_compare_sdap_attrs) { errno_t ret; /* General Attributes */ ret = compare_sdap_attr_maps(generic_attr_map, SDAP_AT_GENERAL, ad_2008r2_attr_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); /* User Attributes */ ret = compare_sdap_attr_maps(rfc2307_user_map, SDAP_OPTS_USER, ad_2008r2_user_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); /* Group Attributes */ ret = compare_sdap_attr_maps(rfc2307_group_map, SDAP_OPTS_GROUP, ad_2008r2_group_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); /* Netgroup Attributes */ ret = compare_sdap_attr_maps(netgroup_map, SDAP_OPTS_NETGROUP, ad_netgroup_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); /* Service Attributes */ ret = compare_sdap_attr_maps(service_map, SDAP_OPTS_SERVICES, ad_service_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); } END_TEST Suite *ad_ldap_opt_suite (void) { Suite *s = suite_create ("ad_ldap_opt"); TCase *tc_ad_ldap_opt = tcase_create ("ad_ldap_opt"); tcase_add_test (tc_ad_ldap_opt, test_compare_opts); tcase_add_test (tc_ad_ldap_opt, test_compare_sdap_attrs); suite_add_tcase (s, tc_ad_ldap_opt); return s; } int main(void) { int number_failed; tests_set_cwd(); Suite *s = ad_ldap_opt_suite (); SRunner *sr = srunner_create (s); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); number_failed = srunner_ntests_failed (sr); srunner_free (sr); return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; } sssd-1.11.5/src/tests/PaxHeaders.13173/pyhbac-test.py0000644000000000000000000000007412320753107020301 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.379875154 sssd-1.11.5/src/tests/pyhbac-test.py0000775002412700241270000004552612320753107020542 0ustar00jhrozekjhrozek00000000000000#!/usr/bin/python import unittest import sys import os import copy srcdir = os.getenv('builddir') if not srcdir: srcdir = "." MODPATH = srcdir + "/.libs" #FIXME - is there a way to get this from libtool? def compat_assertItemsEqual(this, expected_seq, actual_seq, msg=None): return this.assertEqual(sorted(expected_seq), sorted(actual_seq)) def compat_assertIsInstance(this, obj, cls, msg=None): return this.assertTrue(isinstance(obj, cls)) # add compat methods for old unittest.TestCase versions # (python < 2.7, RHEL5 for instance) if not hasattr(unittest.TestCase, "assertItemsEqual"): setattr(unittest.TestCase, "assertItemsEqual", compat_assertItemsEqual) if not hasattr(unittest.TestCase, "assertIsInstance"): setattr(unittest.TestCase, "assertIsInstance", compat_assertIsInstance) class PyHbacImport(unittest.TestCase): def setUp(self): " Make sure we load the in-tree module " self.system_path = sys.path[:] sys.path = [ MODPATH ] def tearDown(self): " Restore the system path " sys.path = self.system_path def testImport(self): " Import the module and assert it comes from tree " try: import pyhbac except ImportError, e: print >>sys.stderr, "Could not load the pyhbac module. Please check if it is compiled" raise e self.assertEqual(pyhbac.__file__, MODPATH + "/pyhbac.so") class PyHbacRuleElementTest(unittest.TestCase): def testInstantiateEmpty(self): el = pyhbac.HbacRuleElement() self.assertItemsEqual(el.names, []) self.assertItemsEqual(el.groups, []) self.assertItemsEqual(el.category, set([pyhbac.HBAC_CATEGORY_NULL])) def testInit(self): names = [ "foo", "bar" ] el = pyhbac.HbacRuleElement(names=names) self.assertItemsEqual(el.names, names) groups = [ "abc", "def" ] el = pyhbac.HbacRuleElement(groups=groups) self.assertItemsEqual(el.groups, groups) def testGetSet(self): names = [ "foo", "bar" ] el = pyhbac.HbacRuleElement() self.assertItemsEqual(el.names, []) el.names = names self.assertItemsEqual(el.names, names) groups = [ "abc", "def" ] el = pyhbac.HbacRuleElement() self.assertItemsEqual(el.groups, []) el.groups = groups self.assertItemsEqual(el.groups, groups) # Test other iterables than list groups = ( "abc", "def" ) el = pyhbac.HbacRuleElement() self.assertItemsEqual(el.groups, []) el.groups = groups self.assertItemsEqual(el.groups, groups) def testCategory(self): el = pyhbac.HbacRuleElement() assert pyhbac.HBAC_CATEGORY_NULL in el.category assert pyhbac.HBAC_CATEGORY_ALL not in el.category el.category.add(pyhbac.HBAC_CATEGORY_ALL) assert pyhbac.HBAC_CATEGORY_ALL in el.category el.category = set([pyhbac.HBAC_CATEGORY_ALL]) assert pyhbac.HBAC_CATEGORY_ALL in el.category # negative tests self.assertRaises(TypeError, el.__setattr__, "category", [pyhbac.HBAC_CATEGORY_ALL]) self.assertRaises(TypeError, el.__setattr__, "category", None) self.assertRaises(TypeError, el.__setattr__, "category", 1) def testNotIterable(self): self.assertRaises(TypeError, pyhbac.HbacRuleElement, names=123) self.assertRaises(TypeError, pyhbac.HbacRuleElement, names=None) def testRuleElementReference(self): def _get_rule(): users = [ "foo", "bar" ] user_groups = [ "abc", "def" ] return pyhbac.HbacRuleElement(names=users, groups=user_groups) el = _get_rule() self.assertItemsEqual(el.names, [ "foo", "bar" ]) self.assertItemsEqual(el.groups, [ "abc", "def" ]) def testRepr(self): el = pyhbac.HbacRuleElement() self.assertEquals(el.__repr__(), u'') el.category.add(pyhbac.HBAC_CATEGORY_ALL) el.names = ['foo'] el.groups = ['bar, baz'] self.assertEquals(el.__repr__(), u'') class PyHbacRuleTest(unittest.TestCase): def testRuleGetSetName(self): name = "testGetRule" new_name = "testGetNewRule" rule = pyhbac.HbacRule(name) self.assertEqual(rule.name, unicode(name)) rule.name = new_name self.assertEqual(rule.name, unicode(new_name)) def testRuleGetSetEnabled(self): rule = pyhbac.HbacRule("testRuleGetSetEnabled") rule.enabled = True self.assertEqual(rule.enabled, True) rule.enabled = False self.assertEqual(rule.enabled, False) rule.enabled = "TRUE" self.assertEqual(rule.enabled, True) rule.enabled = "FALSE" self.assertEqual(rule.enabled, False) rule.enabled = "true" self.assertEqual(rule.enabled, True) rule.enabled = "false" self.assertEqual(rule.enabled, False) rule.enabled = "True" self.assertEqual(rule.enabled, True) rule.enabled = "False" self.assertEqual(rule.enabled, False) rule.enabled = 1 self.assertEqual(rule.enabled, True) rule.enabled = 0 self.assertEqual(rule.enabled, False) # negative test self.assertRaises(TypeError, rule.__setattr__, "enabled", None) self.assertRaises(TypeError, rule.__setattr__, "enabled", []) self.assertRaises(ValueError, rule.__setattr__, "enabled", "foo") self.assertRaises(ValueError, rule.__setattr__, "enabled", 5) def testRuleElementInRule(self): users = [ "foo", "bar" ] user_groups = [ "abc", "def" ] # rule should contain empty elements after instantiation rule = pyhbac.HbacRule("testRuleElement") self.assertIsInstance(rule.users, pyhbac.HbacRuleElement) self.assertIsInstance(rule.services, pyhbac.HbacRuleElement) self.assertIsInstance(rule.targethosts, pyhbac.HbacRuleElement) self.assertIsInstance(rule.srchosts, pyhbac.HbacRuleElement) self.assertIsInstance(rule.users.names, list) self.assertIsInstance(rule.users.groups, list) self.assertItemsEqual(rule.users.names, []) self.assertItemsEqual(rule.users.groups, []) # Assign by copying a HbacRuleElement user_el = pyhbac.HbacRuleElement(names=users, groups=user_groups) rule = pyhbac.HbacRule("testRuleElement") rule.users = user_el self.assertItemsEqual(rule.users.names, users) self.assertItemsEqual(rule.users.groups, user_groups) # Assign directly rule = pyhbac.HbacRule("testRuleElement") rule.users.names = users rule.users.groups = user_groups self.assertItemsEqual(rule.users.names, users) self.assertItemsEqual(rule.users.groups, user_groups) def testRuleElementInRuleReference(self): " Test that references to RuleElement are kept even if element goes out of scope " def _get_rule(): users = [ "foo", "bar" ] user_groups = [ "abc", "def" ] el = pyhbac.HbacRuleElement(names=users, groups=user_groups) rule = pyhbac.HbacRule("testRuleElement") rule.users = el return rule rule = _get_rule() self.assertItemsEqual(rule.users.names, [ "foo", "bar" ]) self.assertItemsEqual(rule.users.groups, [ "abc", "def" ]) def testRepr(self): r = pyhbac.HbacRule('foo') self.assertEqual(r.__repr__(), u" " "services " "targethosts " "srchosts >") name = "someuser" service = "ssh" srchost = "host1" targethost = "host2" r.users.names = [ name ] r.services.names = [ service ] r.srchosts.names = [ srchost ] r.targethosts.names = [ targethost ] self.assertEqual(r.__repr__(), u" " "services " "targethosts " "srchosts >" % (name, service, targethost, srchost)) def testValidate(self): r = pyhbac.HbacRule('valid_rule') valid, missing = r.validate() self.assertEqual(valid, False) self.assertItemsEqual(missing, ( pyhbac.HBAC_RULE_ELEMENT_USERS, pyhbac.HBAC_RULE_ELEMENT_SERVICES, pyhbac.HBAC_RULE_ELEMENT_TARGETHOSTS, pyhbac.HBAC_RULE_ELEMENT_SOURCEHOSTS )) r.users.names = [ "someuser" ] r.services.names = [ "ssh" ] valid, missing = r.validate() self.assertEqual(valid, False) self.assertItemsEqual(missing, ( pyhbac.HBAC_RULE_ELEMENT_TARGETHOSTS, pyhbac.HBAC_RULE_ELEMENT_SOURCEHOSTS )) r.srchosts.names = [ "host1" ] r.targethosts.names = [ "host2" ] valid, missing = r.validate() self.assertEqual(valid, True) class PyHbacRequestElementTest(unittest.TestCase): def testInstantiateEmpty(self): el = pyhbac.HbacRequestElement() self.assertItemsEqual(el.name, "") self.assertItemsEqual(el.groups, []) def testInit(self): name = "foo" el = pyhbac.HbacRequestElement(name=name) self.assertItemsEqual(el.name, name) groups = [ "abc", "def" ] el = pyhbac.HbacRequestElement(groups=groups) self.assertItemsEqual(el.groups, groups) def testGetSet(self): name = "foo" el = pyhbac.HbacRequestElement() self.assertItemsEqual(el.name, "") el.name = name self.assertItemsEqual(el.name, name) groups = [ "abc", "def" ] el = pyhbac.HbacRequestElement() self.assertItemsEqual(el.groups, []) el.groups = groups self.assertItemsEqual(el.groups, groups) # Test other iterables than list groups = ( "abc", "def" ) el = pyhbac.HbacRequestElement() self.assertItemsEqual(el.groups, []) el.groups = groups self.assertItemsEqual(el.groups, groups) def testGroupsNotIterable(self): self.assertRaises(TypeError, pyhbac.HbacRequestElement, groups=None) self.assertRaises(TypeError, pyhbac.HbacRequestElement, groups=123) def testRepr(self): r = pyhbac.HbacRequestElement() self.assertEqual(r.__repr__(), u"") r.name = 'foo' r.groups = ['bar', 'baz'] self.assertEqual(r.__repr__(), u"") class PyHbacRequestTest(unittest.TestCase): def testRequestElementHandling(self): name = "req_name" groups = [ "g1", "g2" ] # The request should be empty after instantiation req = pyhbac.HbacRequest() self.assertIsInstance(req.user, pyhbac.HbacRequestElement) self.assertIsInstance(req.service, pyhbac.HbacRequestElement) self.assertIsInstance(req.targethost, pyhbac.HbacRequestElement) self.assertIsInstance(req.srchost, pyhbac.HbacRequestElement) self.assertEqual(req.user.name, "") self.assertIsInstance(req.user.groups, list) self.assertItemsEqual(req.user.groups, []) # Assign by copying a HbacRequestElement user_el = pyhbac.HbacRequestElement(name=name, groups=groups) req = pyhbac.HbacRequest() req.user = user_el self.assertItemsEqual(req.user.name, name) self.assertItemsEqual(req.user.groups, groups) # Assign directly req = pyhbac.HbacRequest() req.user.name = name req.user.groups = groups self.assertItemsEqual(req.user.name, name) self.assertItemsEqual(req.user.groups, groups) def testRuleName(self): req = pyhbac.HbacRequest() self.assertEqual(req.rule_name, None) # python 2.4 raises TypError, 2.7 raises AttributeError self.assertRaises((TypeError, AttributeError), req.__setattr__, "rule_name", "foo") def testEvaluate(self): name = "someuser" service = "ssh" srchost = "host1" targethost = "host2" allow_rule = pyhbac.HbacRule("allowRule", enabled=True) allow_rule.users.names = [ name ] allow_rule.services.names = [ service ] allow_rule.srchosts.names = [ srchost ] allow_rule.targethosts.names = [ targethost ] req = pyhbac.HbacRequest() req.user.name = name req.service.name = service req.srchost.name = srchost req.targethost.name = targethost # Test that an allow rule on its own allows access res = req.evaluate((allow_rule,)) self.assertEqual(res, pyhbac.HBAC_EVAL_ALLOW) self.assertEqual(req.rule_name, "allowRule") # Test that a user not in the rule is not allowed savename = req.user.name req.user.name = "someotheruser" res = req.evaluate((allow_rule, )) self.assertEqual(res, pyhbac.HBAC_EVAL_DENY) self.assertEqual(req.rule_name, None) # But allows if the rule is an ALL rule allow_rule.users.category.add(pyhbac.HBAC_CATEGORY_ALL) res = req.evaluate((allow_rule, )) self.assertEqual(res, pyhbac.HBAC_EVAL_ALLOW) def testRepr(self): name = "someuser" service = "ssh" srchost = "host1" targethost = "host2" req = pyhbac.HbacRequest() self.assertEqual(req.__repr__(), " " "service " "targethost " "srchost >") req.user.name = name req.service.name = service req.srchost.name = srchost req.targethost.name = targethost self.assertEqual(req.__repr__(), " " "service " "targethost " "srchost >" % (name, service, targethost, srchost)) def testEvaluateNegative(self): name = "someuser" service = "ssh" srchost = "host1" targethost = "host2" allow_rule = pyhbac.HbacRule("allowRule", enabled=True) allow_rule.users.names = [ name ] allow_rule.services.names = [ service ] allow_rule.srchosts.names = [ srchost ] allow_rule.targethosts.names = [ targethost ] req = pyhbac.HbacRequest() req.service.name = service req.srchost.name = srchost req.targethost.name = targethost req.user.name = name saveuser = req.user req.user = None # need to catch this # catch invalid category value savecat = copy.copy(allow_rule.users.category) allow_rule.users.category.add(pyhbac.HBAC_EVAL_ERROR) self.assertRaises(ValueError, req.evaluate, (allow_rule,)) allow_rule.users.category = savecat # Test that invalid type is raised self.assertRaises(TypeError, req.evaluate, (allow_rule,)) req.user = saveuser allow_rule.users = None # need to catch this self.assertRaises(TypeError, req.evaluate, (allow_rule,)) # catch invalid rule type self.assertRaises(TypeError, req.evaluate, (allow_rule, None)) class PyHbacModuleTest(unittest.TestCase): def testHasResultTypes(self): assert hasattr(pyhbac, "HBAC_EVAL_ALLOW") assert hasattr(pyhbac, "HBAC_EVAL_DENY") assert hasattr(pyhbac, "HBAC_EVAL_ERROR") def testHasErrorTypes(self): assert hasattr(pyhbac, "HBAC_ERROR_UNKNOWN") assert hasattr(pyhbac, "HBAC_SUCCESS") assert hasattr(pyhbac, "HBAC_ERROR_NOT_IMPLEMENTED") assert hasattr(pyhbac, "HBAC_ERROR_OUT_OF_MEMORY") assert hasattr(pyhbac, "HBAC_ERROR_UNPARSEABLE_RULE") def testHasCategories(self): assert hasattr(pyhbac, "HBAC_CATEGORY_NULL") assert hasattr(pyhbac, "HBAC_CATEGORY_ALL") def testHasRuleElementTypes(self): assert hasattr(pyhbac, "HBAC_RULE_ELEMENT_USERS") assert hasattr(pyhbac, "HBAC_RULE_ELEMENT_SERVICES") assert hasattr(pyhbac, "HBAC_RULE_ELEMENT_TARGETHOSTS") assert hasattr(pyhbac, "HBAC_RULE_ELEMENT_SOURCEHOSTS") def testHbacResultString(self): results = [ pyhbac.HBAC_EVAL_ALLOW, pyhbac.HBAC_EVAL_DENY, pyhbac.HBAC_EVAL_ERROR ] for r in results: s = pyhbac.hbac_result_string(r) self.assertIsInstance(s, unicode) assert len(s) > 0 def testHbacErrorString(self): errors = [ pyhbac.HBAC_ERROR_UNKNOWN, pyhbac.HBAC_SUCCESS, pyhbac.HBAC_ERROR_NOT_IMPLEMENTED, pyhbac.HBAC_ERROR_OUT_OF_MEMORY, pyhbac.HBAC_ERROR_UNPARSEABLE_RULE ] for e in errors: s = pyhbac.hbac_error_string(e) self.assertIsInstance(s, unicode) assert len(s) > 0 if __name__ == "__main__": error = 0 suite = unittest.TestLoader().loadTestsFromTestCase(PyHbacImport) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x1 # need to bail out here because pyhbac could not be imported sys.exit(error) # import the pyhbac module into the global namespace, but make sure it's # the one in tree sys.path.insert(0, MODPATH) import pyhbac suite = unittest.TestLoader().loadTestsFromTestCase(PyHbacRuleElementTest) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x2 suite = unittest.TestLoader().loadTestsFromTestCase(PyHbacRuleTest) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x3 suite = unittest.TestLoader().loadTestsFromTestCase(PyHbacRequestElementTest) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x4 suite = unittest.TestLoader().loadTestsFromTestCase(PyHbacRequestTest) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x5 suite = unittest.TestLoader().loadTestsFromTestCase(PyHbacModuleTest) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x6 sys.exit(error) sssd-1.11.5/src/tests/PaxHeaders.13173/common_check.h0000644000000000000000000000007412320753107020302 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.503875062 sssd-1.11.5/src/tests/common_check.h0000664002412700241270000000220112320753107020517 0ustar00jhrozekjhrozek00000000000000/* SSSD Memory leak/growth checks for check-based tests using talloc. Authors: Martin Nagy Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __TESTS_COMMON_CHECK_H__ #define __TESTS_COMMON_CHECK_H__ #include "tests/common.h" void ck_leak_check_setup(void); void ck_leak_check_teardown(void); #define ck_leaks_push(ctx) check_leaks_push(ctx) #define ck_leaks_pop(ctx) fail_unless(check_leaks_pop(ctx) == true, check_leaks_err_msg()) #endif /* __TESTS_COMMON_CHECK_H__ */ sssd-1.11.5/src/tests/PaxHeaders.13173/responder_socket_access-tests.c0000644000000000000000000000007412320753107023702 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.738874889 sssd-1.11.5/src/tests/responder_socket_access-tests.c0000664002412700241270000001202112320753107024120 0ustar00jhrozekjhrozek00000000000000/* SSSD - Test for routine to check to access to responder sockets Authors: Sumit Bose Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "tests/common.h" #include "responder/common/responder.h" struct cli_protocol_version *register_cli_protocol_version(void) { static struct cli_protocol_version responder_test_cli_protocol_version[] = { {0, NULL, NULL} }; return responder_test_cli_protocol_version; } struct s2a_data { const char *inp; int exp_ret; size_t exp_count; uid_t *exp_uids; }; struct s2a_data s2a_data[] = { {"1,2,3", 0, 3, (uid_t []){1, 2, 3}}, {"1,2,3, 4,5 , 6 , 7 ", 0, 7, (uid_t []){1, 2, 3, 4, 5, 6, 7}}, {"1", 0, 1, (uid_t []){1}}, {"1, +2,3", 0, 3, (uid_t []){1, 2, 3}}, {"1, -2,3", ERANGE, 0, NULL}, {"1, 2ab, 3, 4", EINVAL, 0, NULL}, {"1,", EINVAL, 0, NULL}, {"", EINVAL, 0, NULL}, {"1, 2, 4294967295", 0, 3, (uid_t []){1, 2, 4294967295U}}, {"1, 2, 4294967296", ERANGE, 0, NULL}, {"1, 2, root, 4, 5", 0, 5, (uid_t []){1, 2, 0, 4, 5}}, {NULL, EINVAL, 0, NULL}, {NULL, -1, 0, NULL} }; START_TEST(resp_str_to_array_test) { int ret; size_t uid_count; uid_t *uids = NULL; size_t c; size_t d; for (c = 0; s2a_data[c].exp_ret != -1; c++) { ret = csv_string_to_uid_array(global_talloc_context, s2a_data[c].inp, true, &uid_count, &uids); fail_unless(ret == s2a_data[c].exp_ret, "csv_string_to_uid_array failed [%d][%s].", ret, strerror(ret)); if (ret == 0) { fail_unless(uid_count == s2a_data[c].exp_count, "Wrong number of values, expected [%d], got [%d].", s2a_data[c].exp_count, uid_count); for (d = 0; d < s2a_data[c].exp_count; d++) { fail_unless(uids[d] == s2a_data[c].exp_uids[d], "Wrong value, expected [%d], got [%d].\n", s2a_data[c].exp_uids[d], uids[d]); } } talloc_free(uids); uids = NULL; } } END_TEST struct uid_check_data { uid_t uid; size_t allowed_uids_count; uid_t *allowed_uids; int exp_ret; }; struct uid_check_data uid_check_data[] = { {1, 3, (uid_t []){1, 2, 3}, 0}, {2, 3, (uid_t []){1, 2, 3}, 0}, {3, 3, (uid_t []){1, 2, 3}, 0}, {4, 3, (uid_t []){1, 2, 3}, EACCES}, {4, 0, NULL, EINVAL}, {0, 0, NULL, -1} }; START_TEST(check_allowed_uids_test) { int ret; size_t c; for (c = 0; uid_check_data[c].exp_ret == -1; c++) { ret = check_allowed_uids(uid_check_data[c].uid, uid_check_data[c].allowed_uids_count, uid_check_data[c].allowed_uids); fail_unless(ret == uid_check_data[c].exp_ret, "check_allowed_uids failed [%d][%s].", ret, strerror(ret)); } } END_TEST Suite *responder_test_suite(void) { Suite *s = suite_create ("Responder socket access"); TCase *tc_utils = tcase_create("Utility test"); tcase_add_test(tc_utils, resp_str_to_array_test); tcase_add_test(tc_utils, check_allowed_uids_test); suite_add_tcase(s, tc_utils); return s; } int main(int argc, const char *argv[]) { int opt; int number_failed; poptContext pc; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); tests_set_cwd(); Suite *s = responder_test_suite(); SRunner *sr = srunner_create(s); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); number_failed = srunner_ntests_failed (sr); srunner_free (sr); return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; } sssd-1.11.5/src/tests/PaxHeaders.13173/check_and_open-tests.c0000644000000000000000000000007412320753107021730 xustar000000000000000030 atime=1396954939.273891426 30 ctime=1396954961.710874909 sssd-1.11.5/src/tests/check_and_open-tests.c0000664002412700241270000001643112320753107022157 0ustar00jhrozekjhrozek00000000000000/* SSSD Utilities tests check_and_open Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "tests/common.h" #define SUFFIX ".symlink" #define FILENAME_TEMPLATE "check_and_open-tests-XXXXXX" char *filename; uid_t uid; gid_t gid; mode_t mode; int fd; void setup_check_and_open(void) { int ret; mode_t old_umask; filename = strdup(FILENAME_TEMPLATE); fail_unless(filename != NULL, "strdup failed"); old_umask = umask(077); ret = mkstemp(filename); umask(old_umask); fail_unless(ret != -1, "mkstemp failed [%d][%s]", errno, strerror(errno)); close(ret); uid = getuid(); gid = getgid(); mode = (S_IRUSR | S_IWUSR); fd = -1; } void teardown_check_and_open(void) { int ret; if (fd != -1) { ret = close(fd); fail_unless(ret == 0, "close failed [%d][%s]", errno, strerror(errno)); } fail_unless(filename != NULL, "unknown filename"); ret = unlink(filename); free(filename); fail_unless(ret == 0, "unlink failed [%d][%s]", errno, strerror(errno)); } START_TEST(test_wrong_filename) { int ret; ret = check_and_open_readonly("/bla/bla/bla", &fd, uid, gid, mode, CHECK_REG); fail_unless(ret == ENOENT, "check_and_open_readonly succeeded on non-existing file"); fail_unless(fd == -1, "check_and_open_readonly file descriptor not -1"); } END_TEST START_TEST(test_symlink) { int ret; char *newpath; size_t newpath_length; newpath_length = strlen(filename) + strlen(SUFFIX) + 1; newpath = malloc((newpath_length) * sizeof(char)); fail_unless(newpath != NULL, "malloc failed"); ret = snprintf(newpath, newpath_length, "%s%s", filename, SUFFIX); fail_unless(ret == newpath_length - 1, "snprintf failed: expected [%d] got [%d]", newpath_length -1, ret); ret = symlink(filename, newpath); fail_unless(ret == 0, "symlink failed [%d][%s]", ret, strerror(errno)); ret = check_file(newpath, uid, gid, mode, CHECK_REG, NULL, false); unlink(newpath); fail_unless(ret == EINVAL, "check_and_open_readonly succeeded on symlink"); } END_TEST START_TEST(test_follow_symlink) { int ret; char *newpath; size_t newpath_length; newpath_length = strlen(filename) + strlen(SUFFIX) + 1; newpath = malloc((newpath_length) * sizeof(char)); fail_unless(newpath != NULL, "malloc failed"); ret = snprintf(newpath, newpath_length, "%s%s", filename, SUFFIX); fail_unless(ret == newpath_length - 1, "snprintf failed: expected [%d] got [%d]", newpath_length -1, ret); ret = symlink(filename, newpath); fail_unless(ret == 0, "symlink failed [%d][%s]", ret, strerror(errno)); ret = check_file(newpath, uid, gid, mode, CHECK_REG, NULL, true); unlink(newpath); fail_unless(ret == EOK, "check_and_open_readonly failed on symlink with follow=true"); } END_TEST START_TEST(test_not_regular_file) { int ret; ret = check_and_open_readonly("/dev/null", &fd, uid, gid, mode, CHECK_REG); fail_unless(ret == EINVAL, "check_and_open_readonly succeeded on non-regular file"); fail_unless(fd == -1, "check_and_open_readonly file descriptor not -1"); } END_TEST START_TEST(test_wrong_uid) { int ret; ret = check_and_open_readonly(filename, &fd, uid+1, gid, mode, CHECK_REG); fail_unless(ret == EINVAL, "check_and_open_readonly succeeded with wrong uid"); fail_unless(fd == -1, "check_and_open_readonly file descriptor not -1"); } END_TEST START_TEST(test_wrong_gid) { int ret; ret = check_and_open_readonly(filename, &fd, uid, gid+1, mode, CHECK_REG); fail_unless(ret == EINVAL, "check_and_open_readonly succeeded with wrong gid"); fail_unless(fd == -1, "check_and_open_readonly file descriptor not -1"); } END_TEST START_TEST(test_wrong_permission) { int ret; ret = check_and_open_readonly(filename, &fd, uid, gid, (mode|S_IWOTH), CHECK_REG); fail_unless(ret == EINVAL, "check_and_open_readonly succeeded with wrong mode"); fail_unless(fd == -1, "check_and_open_readonly file descriptor not -1"); } END_TEST START_TEST(test_ok) { int ret; ret = check_and_open_readonly(filename, &fd, uid, gid, mode, CHECK_REG); fail_unless(ret == EOK, "check_and_open_readonly failed"); fail_unless(fd >= 0, "check_and_open_readonly returned illegal file descriptor"); } END_TEST START_TEST(test_write) { int ret; ssize_t size; errno_t my_errno; ret = check_and_open_readonly(filename, &fd, uid, gid, mode, CHECK_REG); fail_unless(ret == EOK, "check_and_open_readonly failed"); fail_unless(fd >= 0, "check_and_open_readonly returned illegal file descriptor"); size = write(fd, "abc", 3); my_errno = errno; fail_unless(size == -1, "check_and_open_readonly file is not readonly"); fail_unless(my_errno == EBADF, "write failed for other reason than readonly"); } END_TEST Suite *check_and_open_suite (void) { Suite *s = suite_create ("check_and_open"); TCase *tc_check_and_open_readonly = tcase_create ("check_and_open_readonly"); tcase_add_checked_fixture (tc_check_and_open_readonly, setup_check_and_open, teardown_check_and_open); tcase_add_test (tc_check_and_open_readonly, test_wrong_filename); tcase_add_test (tc_check_and_open_readonly, test_not_regular_file); tcase_add_test (tc_check_and_open_readonly, test_symlink); tcase_add_test (tc_check_and_open_readonly, test_follow_symlink); tcase_add_test (tc_check_and_open_readonly, test_wrong_uid); tcase_add_test (tc_check_and_open_readonly, test_wrong_gid); tcase_add_test (tc_check_and_open_readonly, test_wrong_permission); tcase_add_test (tc_check_and_open_readonly, test_ok); tcase_add_test (tc_check_and_open_readonly, test_write); suite_add_tcase (s, tc_check_and_open_readonly); return s; } int main(void) { int number_failed; tests_set_cwd(); Suite *s = check_and_open_suite (); SRunner *sr = srunner_create (s); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); number_failed = srunner_ntests_failed (sr); srunner_free (sr); return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; } sssd-1.11.5/src/tests/PaxHeaders.13173/stress-tests.c0000644000000000000000000000007412320753107020333 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.780874858 sssd-1.11.5/src/tests/stress-tests.c0000664002412700241270000002075612320753107020567 0ustar00jhrozekjhrozek00000000000000/* SSSD Stress tests Copyright (C) Jakub Hrozek 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include #include "util/util.h" #include "tests/common.h" #define DEFAULT_START 10 #define DEFAULT_STOP 20 #define NAME_SIZE 255 #define CHUNK 64 /* How many tests failed */ int failure_count; /* Be chatty */ int verbose; /* * Look up one user. If the user is not found using getpwnam, the success * or failure depends on enoent_fail being set. */ int test_lookup_user(const char *name, int enoent_fail) { struct passwd *pwd = NULL; int ret = 0; int error; errno = 0; pwd = getpwnam(name); error = errno; if (pwd == NULL) { if (error == 0 || error == ENOENT) { ret = (enoent_fail == 1) ? ENOENT : 0; } } if (ret != 0 && verbose) { fprintf(stderr, "getpwnam failed (name: %s): errno = %d, error = %s\n", name, ret, strerror(ret)); } return ret; } /* * Look up one group. If the user is not found using getgrnam, the success * or failure depends on enoent_fail being set. */ int test_lookup_group(const char *name, int enoent_fail) { struct group *grp = NULL; int ret = 0; errno = 0; grp = getgrnam(name); if (grp == NULL) { if (errno == 0 || errno == ENOENT) { ret = enoent_fail ? ENOENT : 0; } } if (ret != 0 && verbose) { fprintf(stderr, "getgrnam failed (name %s): errno = %d, error = %s\n", name, ret, strerror(ret)); } return ret; } int run_one_testcase(const char *name, int group, int enoent_fail) { if (group) { return test_lookup_group(name, enoent_fail); } else { return test_lookup_user(name, enoent_fail); } } /* * Beware, has side-effects: changes global variable failure_count */ void child_handler(int signum) { int status, ret; while ((ret = wait(&status)) > 0) { if (ret == -1) { perror("wait"); exit(EXIT_FAILURE); } if (WIFEXITED(status)) { ret = WEXITSTATUS(status); if (ret) { if (verbose) { fprintf(stderr, "A child exited with error code %d\n", WEXITSTATUS(status)); } ++failure_count; } } else ++failure_count; } } int generate_names(TALLOC_CTX *mem_ctx, const char *prefix, int start, int stop, char ***_out) { char **out; int num_names = stop-start+1; int idx = 0; out = talloc_array(mem_ctx, char *, num_names+1); if (out == NULL) { return ENOMEM; } for (idx = 0; idx < num_names; ++idx) { out[idx] = talloc_asprintf(mem_ctx, "%s%d", prefix, idx); if (out[idx] == NULL) { return ENOMEM; } } out[idx] = NULL; *_out = out; return EOK; } int read_names(TALLOC_CTX *mem_ctx, FILE *stream, char ***_out) { char one_name[NAME_SIZE]; int n = 0; int array_size = CHUNK; int ret; char **out; out = talloc_array(mem_ctx, char *, CHUNK+1); if (out == NULL) { return ENOMEM; } while (fgets(one_name, NAME_SIZE, stream)) { out[n] = talloc_strdup(mem_ctx, one_name); if (out[n] == NULL) { return ENOMEM; } if ((n++ % CHUNK) == 0) { array_size += CHUNK; out = talloc_realloc(mem_ctx, out, char *, array_size); if (out == NULL) { return ENOMEM; } } } if ((ret = ferror(stream))) { return ret; } out[n] = NULL; *_out = out; return EOK; } int main(int argc, const char *argv[]) { int opt; poptContext pc; int pc_start=DEFAULT_START; int pc_stop=DEFAULT_STOP; int pc_enoent_fail=0; int pc_groups=0; int pc_verbosity = 0; char *pc_prefix = NULL; TALLOC_CTX *ctx = NULL; char **names = NULL; int status, idx, ret; pid_t pid; struct sigaction action, old_action; struct poptOption long_options[] = { POPT_AUTOHELP { "groups", 'g', POPT_ARG_NONE, &pc_groups, 0, "Lookup in groups instead of users", NULL }, { "prefix", '\0', POPT_ARG_STRING, &pc_prefix, 0, "The username prefix", NULL }, { "start", '\0', POPT_ARG_INT | POPT_ARGFLAG_SHOW_DEFAULT, &pc_start, 0, "Start value to append to prefix", NULL }, { "stop", '\0', POPT_ARG_INT | POPT_ARGFLAG_SHOW_DEFAULT, &pc_stop, 0, "End value to append to prefix", NULL }, { "enoent-fail", '\0', POPT_ARG_NONE, &pc_enoent_fail, 0, "Fail on not getting the requested NSS data (default: No)", NULL }, { "verbose", 'v', POPT_ARG_NONE, 0, 'v', "Be verbose", NULL }, POPT_TABLEEND }; /* parse the params */ pc = poptGetContext(argv[0], argc, argv, long_options, 0); while ((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { case 'v': pc_verbosity = 1; break; default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); tests_set_cwd(); verbose = pc_verbosity; if (pc_prefix) { ret = generate_names(ctx, pc_prefix, pc_start, pc_stop, &names); if (ret != EOK) { if (verbose) { errno = ret; perror("generate_names"); } exit(EXIT_FAILURE); } } else { ret = read_names(ctx, stdin, &names); if (ret != EOK) { if (verbose) { errno = ret; perror("read_names"); } exit(EXIT_FAILURE); } } /* Reap the children in a handler asynchronously so we can * somehow protect against too many processes */ memset(&action, 0, sizeof(action)); action.sa_handler = child_handler; sigemptyset(&action.sa_mask); sigaddset(&action.sa_mask, SIGCHLD); action.sa_flags = SA_NOCLDSTOP; sigaction(SIGCHLD, &action, &old_action); /* Fire up the child processes */ idx = 0; for (idx=0; names[idx]; idx++) { pid = fork(); if (pid == -1) { /* Try again in hope that some child has exited */ if (errno == EAGAIN) { continue; } perror("fork"); exit(EXIT_FAILURE); } else if ( pid == 0 ) { /* child */ ret = run_one_testcase(names[idx], pc_groups, pc_enoent_fail); exit(ret); } } /* Process the rest of the children here in main */ sigaction(SIGCHLD, &old_action, NULL); while ((ret = wait(&status)) > 0) { if (ret == -1) { perror("wait"); exit(EXIT_FAILURE); } if (WIFEXITED(status)) { ret = WEXITSTATUS(status); if (ret) { if (verbose) { fprintf(stderr, "A child exited with error code %d\n", WEXITSTATUS(status)); } ++failure_count; } } else ++failure_count; } if (pc_verbosity) { fprintf(stderr, "Total tests run: %d\nPassed: %d\nFailed: %d\n", idx, idx - failure_count, failure_count); } return (failure_count==0 ? EXIT_SUCCESS : EXIT_FAILURE); } sssd-1.11.5/src/tests/PaxHeaders.13173/refcount-tests.c0000644000000000000000000000007412320753107020635 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.735874891 sssd-1.11.5/src/tests/refcount-tests.c0000664002412700241270000001450612320753107021065 0ustar00jhrozekjhrozek00000000000000/* SSSD Reference counting tests. Authors: Martin Nagy Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "tests/common_check.h" #include "util/util.h" /* Interface under test */ #include "util/refcount.h" /* Fail the test if object 'obj' does not have 'num' references. */ #define REF_ASSERT(obj, num) \ fail_unless(((obj)->DO_NOT_TOUCH_THIS_MEMBER_refcount == (num)), \ "Reference count of " #obj " should be %d but is %d", \ (num), (obj)->DO_NOT_TOUCH_THIS_MEMBER_refcount) #define FILLER_SIZE 32 struct foo { REFCOUNT_COMMON; char a[FILLER_SIZE]; char b[FILLER_SIZE]; }; struct bar { char a[FILLER_SIZE]; REFCOUNT_COMMON; char b[FILLER_SIZE]; }; struct baz { char a[FILLER_SIZE]; char b[FILLER_SIZE]; REFCOUNT_COMMON; }; #define SET_FILLER(target) do { \ memset((target)->a, 'a', FILLER_SIZE); \ memset((target)->b, 'b', FILLER_SIZE); \ } while (0) #define CHECK_FILLER(target) do { \ int _counter; \ for (_counter = 0; _counter < FILLER_SIZE; _counter++) { \ fail_unless((target)->a[_counter] == 'a', "Corrupted memory in " \ #target "->a[%d] of size %d", _counter, FILLER_SIZE); \ fail_unless((target)->b[_counter] == 'b', "Corrupted memory in " \ #target "->b[%d] of size %d", _counter, FILLER_SIZE); \ } \ } while (0) struct container { struct foo *foo; struct bar *bar; struct baz *baz; }; static struct container *global; START_TEST(test_refcount_basic) { struct container *containers; int i; /* First allocate our global storage place. */ global = talloc(NULL, struct container); fail_if(global == NULL); /* Allocate foo. */ global->foo = rc_alloc(global, struct foo); fail_if(global->foo == NULL); SET_FILLER(global->foo); REF_ASSERT(global->foo, 1); /* Allocate bar. */ global->bar = rc_alloc(global, struct bar); fail_if(global->bar == NULL); SET_FILLER(global->bar); REF_ASSERT(global->bar, 1); /* Allocate baz. */ global->baz = rc_alloc(global, struct baz); fail_if(global->baz == NULL); SET_FILLER(global->baz); REF_ASSERT(global->baz, 1); /* Try multiple attaches. */ containers = talloc_array(NULL, struct container, 100); fail_if(containers == NULL); for (i = 0; i < 100; i++) { containers[i].foo = rc_reference(containers, struct foo, global->foo); containers[i].bar = rc_reference(containers, struct bar, global->bar); containers[i].baz = rc_reference(containers, struct baz, global->baz); REF_ASSERT(containers[i].foo, i + 2); REF_ASSERT(global->foo, i + 2); REF_ASSERT(containers[i].bar, i + 2); REF_ASSERT(global->bar, i + 2); REF_ASSERT(containers[i].baz, i + 2); REF_ASSERT(global->baz, i + 2); } talloc_free(containers); CHECK_FILLER(global->foo); CHECK_FILLER(global->bar); CHECK_FILLER(global->baz); REF_ASSERT(global->foo, 1); REF_ASSERT(global->bar, 1); REF_ASSERT(global->baz, 1); talloc_free(global); } END_TEST START_TEST(test_refcount_swap) { void *tmp_ctx; struct container *container1; struct container *container2; tmp_ctx = talloc_new(NULL); ck_leaks_push(tmp_ctx); container1 = talloc(tmp_ctx, struct container); container2 = talloc(tmp_ctx, struct container); /* Allocate. */ container1->foo = rc_alloc(container1, struct foo); fail_if(container1->foo == NULL); SET_FILLER(container1->foo); /* Reference. */ container2->foo = rc_reference(container2, struct foo, container1->foo); fail_if(container2->foo == NULL); /* Make sure everything is as it should be. */ fail_unless(container1->foo == container2->foo); REF_ASSERT(container1->foo, 2); /* Free in reverse order. */ talloc_free(container1); REF_ASSERT(container2->foo, 1); CHECK_FILLER(container2->foo); talloc_free(container2); ck_leaks_pop(tmp_ctx); talloc_free(tmp_ctx); } END_TEST Suite *create_suite(void) { Suite *s = suite_create("refcount"); TCase *tc = tcase_create("REFCOUNT Tests"); /* Do some testing */ tcase_add_checked_fixture(tc, ck_leak_check_setup, ck_leak_check_teardown); tcase_add_test(tc, test_refcount_basic); tcase_add_test(tc, test_refcount_swap); /* Add all test cases to the test suite */ suite_add_tcase(s, tc); return s; } int main(int argc, const char *argv[]) { int opt; poptContext pc; int failure_count; Suite *suite; SRunner *sr; int debug = 0; struct poptOption long_options[] = { POPT_AUTOHELP { "debug-level", 'd', POPT_ARG_INT, &debug, 0, "Set debug level", NULL }, POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug); tests_set_cwd(); suite = create_suite(); sr = srunner_create(suite); srunner_set_fork_status(sr, CK_FORK); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); failure_count = srunner_ntests_failed(sr); srunner_free(sr); return (failure_count == 0 ? EXIT_SUCCESS : EXIT_FAILURE); } sssd-1.11.5/src/tests/PaxHeaders.13173/files-tests.c0000644000000000000000000000007412320753107020112 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.716874905 sssd-1.11.5/src/tests/files-tests.c0000664002412700241270000002230712320753107020340 0ustar00jhrozekjhrozek00000000000000/* * Authors: * Jakub Hrozek * * Copyright (C) 2008 Red Hat * see file 'COPYING' for use and warranty information * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; version 3 or (at * your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include #include #include "config.h" #include "tools/tools_util.h" #include "util/util.h" #include "tests/common.h" static char tpl_dir[] = "file-tests-dir-XXXXXX"; static char *dir_path; static char *dst_path; static uid_t uid; static gid_t gid; static TALLOC_CTX *test_ctx = NULL; static void setup_files_test(void) { /* create a temporary directory that we fill with stuff later on */ test_ctx = talloc_new(NULL); dir_path = mkdtemp(talloc_strdup(test_ctx, tpl_dir)); dst_path = mkdtemp(talloc_strdup(test_ctx, tpl_dir)); uid = getuid(); gid = getgid(); } static void teardown_files_test(void) { char *cmd = NULL; int ret; /* OK this is crude but since the functions to remove tree are under test.. */ if (dir_path && test_ctx) { cmd = talloc_asprintf(test_ctx, "/bin/rm -rf %s\n", dir_path); ret = system(cmd); if (ret == -1) { DEBUG(1, ("Removing [%s] failed.\n", dir_path)); } } if (dst_path && test_ctx) { cmd = talloc_asprintf(test_ctx, "/bin/rm -rf %s\n", dst_path); ret = system(cmd); if (ret == -1) { DEBUG(1, ("Removing [%s] failed.\n", dst_path)); } } /* clean up */ talloc_zfree(test_ctx); } static int create_simple_file(const char *name, const char *content) { int fd; ssize_t size; int ret; fd = open(name, O_WRONLY | O_CREAT | O_TRUNC, 0700); fail_if(fd == -1, "Cannot create simple file\n"); size = write(fd, "abc", 3); fail_if(size == -1, "Cannot write to file\n"); ret = fsync(fd); fail_if(ret == -1, "Cannot sync file\n"); ret = close(fd); fail_if(ret == -1, "Cannot close file\n"); return ret; } START_TEST(test_remove_tree) { int ret; char origpath[PATH_MAX+1]; errno = 0; fail_unless(getcwd(origpath, PATH_MAX) == origpath, "Cannot getcwd\n"); fail_unless(errno == 0, "Cannot getcwd\n"); DEBUG(5, ("About to delete %s\n", dir_path)); /* create a file */ ret = chdir(dir_path); fail_if(ret == -1, "Cannot chdir1\n"); ret = create_simple_file("bar", "bar"); fail_if(ret == -1, "Cannot create file1\n"); /* create a subdir and file inside it */ ret = mkdir("subdir", 0700); fail_if(ret == -1, "Cannot create subdir\n"); ret = chdir("subdir"); fail_if(ret == -1, "Cannot chdir\n"); ret = create_simple_file("foo", "foo"); fail_if(ret == -1, "Cannot create file\n"); /* create another subdir, empty this time */ ret = mkdir("subdir2", 0700); fail_if(ret == -1, "Cannot create subdir\n"); ret = chdir(origpath); fail_if(ret == -1, "Cannot chdir2\n"); /* go back */ ret = chdir(origpath); fail_if(ret == -1, "Cannot chdir\n"); /* and finally wipe it out.. */ ret = remove_tree(dir_path); fail_unless(ret == EOK, "remove_tree failed\n"); /* check if really gone */ ret = access(dir_path, F_OK); fail_unless(ret == -1, "directory still there after remove_tree\n"); } END_TEST START_TEST(test_simple_copy) { int ret; char origpath[PATH_MAX+1]; char *tmp; int fd = -1; errno = 0; fail_unless(getcwd(origpath, PATH_MAX) == origpath, "Cannot getcwd\n"); fail_unless(errno == 0, "Cannot getcwd\n"); /* create a file */ ret = chdir(dir_path); fail_if(ret == -1, "Cannot chdir1\n"); ret = create_simple_file("bar", "bar"); fail_if(ret == -1, "Cannot create file1\n"); /* create a subdir and file inside it */ ret = mkdir("subdir", 0700); fail_if(ret == -1, "Cannot create subdir\n"); ret = chdir("subdir"); fail_if(ret == -1, "Cannot chdir\n"); ret = create_simple_file("foo", "foo"); fail_if(ret == -1, "Cannot create file\n"); /* go back */ ret = chdir(origpath); fail_if(ret == -1, "Cannot chdir\n"); /* and finally copy.. */ DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path)); ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); /* check if really copied */ ret = access(dst_path, F_OK); fail_unless(ret == 0, "destination directory not there\n"); tmp = talloc_asprintf(test_ctx, "%s/bar", dst_path); ret = check_and_open_readonly(tmp, &fd, uid, gid, 0700, CHECK_REG); fail_unless(ret == EOK, "Cannot open %s\n"); close(fd); talloc_free(tmp); } END_TEST START_TEST(test_copy_symlink) { int ret; char origpath[PATH_MAX+1]; char *tmp; struct stat statbuf; errno = 0; fail_unless(getcwd(origpath, PATH_MAX) == origpath, "Cannot getcwd\n"); fail_unless(errno == 0, "Cannot getcwd\n"); /* create a subdir */ ret = chdir(dir_path); fail_if(ret == -1, "Cannot chdir\n"); ret = create_simple_file("footarget", "foo"); fail_if(ret == -1, "Cannot create file\n"); ret = symlink("footarget", "foolink"); fail_if(ret == -1, "Cannot create symlink\n"); /* go back */ ret = chdir(origpath); fail_if(ret == -1, "Cannot chdir\n"); /* and finally copy.. */ DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path)); ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); /* check if really copied */ ret = access(dst_path, F_OK); fail_unless(ret == 0, "destination directory not there\n"); tmp = talloc_asprintf(test_ctx, "%s/foolink", dst_path); ret = lstat(tmp, &statbuf); fail_unless(ret == 0, "cannot stat the symlink %s\n", tmp); fail_unless(S_ISLNK(statbuf.st_mode), "%s not a symlink?\n", tmp); talloc_free(tmp); } END_TEST START_TEST(test_copy_node) { int ret; char origpath[PATH_MAX+1]; char *tmp; errno = 0; fail_unless(getcwd(origpath, PATH_MAX) == origpath, "Cannot getcwd\n"); fail_unless(errno == 0, "Cannot getcwd\n"); /* create a node */ ret = chdir(dir_path); fail_if(ret == -1, "Cannot chdir\n"); ret = mknod("testnode", S_IFIFO | S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH, 0); fail_unless(ret == 0, "cannot stat /dev/null: %s", strerror(errno)); /* go back */ ret = chdir(origpath); fail_if(ret == -1, "Cannot chdir\n"); /* and finally copy.. */ DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path)); ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); /* check if really copied and without special files */ ret = access(dst_path, F_OK); fail_unless(ret == 0, "destination directory not there\n"); tmp = talloc_asprintf(test_ctx, "%s/testnode", dst_path); ret = access(tmp, F_OK); fail_unless(ret == -1, "special file %s exists, it shouldn't\n", tmp); talloc_free(tmp); } END_TEST static Suite *files_suite(void) { Suite *s = suite_create("files_suite"); TCase *tc_files = tcase_create("files"); tcase_add_checked_fixture(tc_files, setup_files_test, teardown_files_test); tcase_add_test(tc_files, test_remove_tree); tcase_add_test(tc_files, test_simple_copy); tcase_add_test(tc_files, test_copy_symlink); tcase_add_test(tc_files, test_copy_node); suite_add_tcase(s, tc_files); return s; } int main(int argc, const char *argv[]) { int number_failed; int opt; poptContext pc; int debug = 0; struct poptOption long_options[] = { POPT_AUTOHELP { "debug-level", 'd', POPT_ARG_INT, &debug, 0, "Set debug level", NULL }, POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, (const char **) argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } poptFreeContext(pc); DEBUG_INIT(debug); tests_set_cwd(); Suite *s = files_suite(); SRunner *sr = srunner_create(s); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); number_failed = srunner_ntests_failed(sr); srunner_free(sr); return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; } sssd-1.11.5/src/tests/PaxHeaders.13173/sss_idmap-tests.c0000644000000000000000000000007412320753107020772 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.747874882 sssd-1.11.5/src/tests/sss_idmap-tests.c0000664002412700241270000005341012320753107021217 0ustar00jhrozekjhrozek00000000000000/* SSSD - Test for idmap library Authors: Sumit Bose Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "lib/idmap/sss_idmap.h" #include "lib/idmap/sss_idmap_private.h" #include "tests/common_check.h" #define IDMAP_RANGE_MIN 1234 #define IDMAP_RANGE_MAX 9876 #define IDMAP_RANGE_MIN2 11234 #define IDMAP_RANGE_MAX2 19876 const char test_sid[] = "S-1-5-21-2127521184-1604012920-1887927527-72713"; uint8_t test_bin_sid[] = {0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xA0, 0x65, 0xCF, 0x7E, 0x78, 0x4B, 0x9B, 0x5F, 0xE7, 0x7C, 0x87, 0x70, 0x09, 0x1C, 0x01, 0x00}; size_t test_bin_sid_length = sizeof(test_bin_sid); struct dom_sid test_smb_sid = {1, 5, {0, 0, 0, 0, 0, 5}, {21, 2127521184, 1604012920, 1887927527, 72713, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}}; const char large_sid[] = "S-1-5-21-1-2-4294967295-1000"; const char too_large_sid[] = "S-1-5-21-1-2-4294967296-1000"; struct sss_idmap_ctx *idmap_ctx; static void *idmap_talloc(size_t size, void *pvt) { return talloc_size(pvt, size); } static void idmap_talloc_free(void *ptr, void *pvt) { talloc_free(ptr); } void idmap_ctx_setup(void) { enum idmap_error_code err; err = sss_idmap_init(idmap_talloc, global_talloc_context, idmap_talloc_free, &idmap_ctx); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_init failed."); fail_unless(idmap_ctx != NULL, "sss_idmap_init returned NULL."); } void idmap_ctx_teardown(void) { enum idmap_error_code err; err = sss_idmap_free(idmap_ctx); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_free failed."); } void idmap_add_domain_setup(void) { enum idmap_error_code err; struct sss_idmap_range range = {IDMAP_RANGE_MIN, IDMAP_RANGE_MAX}; err = sss_idmap_add_domain(idmap_ctx, "test.dom", "S-1-5-21-1-2-3", &range); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_add_domain failed."); } START_TEST(idmap_test_is_domain_sid) { size_t c; const char *invalid[] = { "abc", "S-1-2-3-4-5-6", "S-1-5-21-1", "S-1-5-21-1-2-123456789012345678", "S-1-5-21-1+2+3", "S-1-5-21-a-b-c", "S-1-5-21-1-2-3-4", NULL }; fail_if(is_domain_sid(NULL), "is_domain_sid() returned true for [NULL]"); for (c = 0; invalid[c] != NULL; c++) { fail_if(is_domain_sid(invalid[c]), "is_domain_sid() returned true for [%s]", invalid[c]); } fail_unless(is_domain_sid("S-1-5-21-1-2-3"), "is_domain_sid() returned true for [S-1-5-21-1-2-3]"); } END_TEST START_TEST(idmap_test_init_malloc) { enum idmap_error_code err; struct sss_idmap_ctx *ctx = NULL; err = sss_idmap_init(NULL, NULL, NULL, &ctx); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_init failed."); fail_unless(ctx != NULL, "sss_idmap_init returned NULL."); err = sss_idmap_free(ctx); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_free failed."); } END_TEST START_TEST(idmap_test_init_talloc) { enum idmap_error_code err; struct sss_idmap_ctx *ctx = NULL; err = sss_idmap_init(idmap_talloc, global_talloc_context, idmap_talloc_free, &ctx); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_init failed."); fail_unless(ctx != NULL, "sss_idmap_init returned NULL."); err = sss_idmap_free(ctx); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_free failed."); } END_TEST START_TEST(idmap_test_add_domain) { idmap_add_domain_setup(); } END_TEST START_TEST(idmap_test_add_domain_collisions) { enum idmap_error_code err; struct sss_idmap_range range = {IDMAP_RANGE_MIN, IDMAP_RANGE_MAX}; struct sss_idmap_range range2 = {IDMAP_RANGE_MIN2, IDMAP_RANGE_MAX2}; err = sss_idmap_add_domain(idmap_ctx, "test.dom", "S-1-5-21-1-2-3", &range); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_add_domain failed."); err = sss_idmap_add_domain(idmap_ctx, "test.dom", "S-1-5-21-1-2-4", &range2); fail_unless(err == IDMAP_COLLISION, "sss_idmap_add_domain added domain with the same name."); err = sss_idmap_add_domain(idmap_ctx, "test.dom2", "S-1-5-21-1-2-3", &range2); fail_unless(err == IDMAP_COLLISION, "sss_idmap_add_domain added domain with the same SID."); err = sss_idmap_add_domain(idmap_ctx, "test.dom2", "S-1-5-21-1-2-4", &range); fail_unless(err == IDMAP_COLLISION, "sss_idmap_add_domain added domain with the same range."); err = sss_idmap_add_domain(idmap_ctx, "test.dom2", "S-1-5-21-1-2-4", &range2); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_add_domain failed to add second domain."); } END_TEST START_TEST(idmap_test_add_domain_collisions_ext_mapping) { enum idmap_error_code err; struct sss_idmap_range range = {IDMAP_RANGE_MIN, IDMAP_RANGE_MAX}; struct sss_idmap_range range2 = {IDMAP_RANGE_MIN2, IDMAP_RANGE_MAX2}; err = sss_idmap_add_domain_ex(idmap_ctx, "test.dom", "S-1-5-21-1-2-3", &range, NULL, 0, true); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_add_domain failed."); err = sss_idmap_add_domain_ex(idmap_ctx, "test.dom", "S-1-5-21-1-2-4", &range2, NULL, 0, true); fail_unless(err == IDMAP_COLLISION, "sss_idmap_add_domain added domain with the same name."); err = sss_idmap_add_domain_ex(idmap_ctx, "test.dom2", "S-1-5-21-1-2-3", &range2, NULL, 0, true); fail_unless(err == IDMAP_COLLISION, "sss_idmap_add_domain added domain with the same SID."); err = sss_idmap_add_domain_ex(idmap_ctx, "test.dom2", "S-1-5-21-1-2-4", &range, NULL, 0, true); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_add_domain failed to add second domain with " \ "external mapping and the same range."); } END_TEST START_TEST(idmap_test_sid2uid) { enum idmap_error_code err; uint32_t id; err = sss_idmap_sid_to_unix(idmap_ctx, "S-1-5-21-1-2-3333-1000", &id); fail_unless(err == IDMAP_NO_DOMAIN, "sss_idmap_sid_to_unix did not detect " "unknown domain"); err = sss_idmap_sid_to_unix(idmap_ctx, "S-1-5-21-1-2-3-10000", &id); fail_unless(err == IDMAP_NO_RANGE, "sss_idmap_sid_to_unix did not detect " "RID out of range"); err = sss_idmap_sid_to_unix(idmap_ctx, "S-1-5-21-1-2-3-1000", &id); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_sid_to_unix failed."); fail_unless(id == (1000 + IDMAP_RANGE_MIN), "sss_idmap_sid_to_unix returned wrong id, " "got [%d], expected [%d].", id, 1000 + IDMAP_RANGE_MIN); } END_TEST START_TEST(idmap_test_bin_sid2uid) { enum idmap_error_code err; uint32_t id; uint8_t *bin_sid = NULL; size_t length; err = sss_idmap_sid_to_bin_sid(idmap_ctx, "S-1-5-21-1-2-3-1000", &bin_sid, &length); fail_unless(err == IDMAP_SUCCESS, "Failed to convert SID to binary SID"); err = sss_idmap_bin_sid_to_unix(idmap_ctx, bin_sid, length , &id); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_bin_sid_to_unix failed."); fail_unless(id == (1000 + IDMAP_RANGE_MIN), "sss_idmap_bin_sid_to_unix returned wrong id, " "got [%d], expected [%d].", id, 1000 + IDMAP_RANGE_MIN); sss_idmap_free_bin_sid(idmap_ctx, bin_sid); } END_TEST START_TEST(idmap_test_dom_sid2uid) { enum idmap_error_code err; uint32_t id; struct sss_dom_sid *dom_sid = NULL; err = sss_idmap_sid_to_dom_sid(idmap_ctx, "S-1-5-21-1-2-3-1000", &dom_sid); fail_unless(err == IDMAP_SUCCESS, "Failed to convert SID to SID structure"); err = sss_idmap_dom_sid_to_unix(idmap_ctx, dom_sid, &id); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_dom_sid_to_unix failed."); fail_unless(id == (1000 + IDMAP_RANGE_MIN), "sss_idmap_dom_sid_to_unix returned wrong id, " "got [%d], expected [%d].", id, 1000 + IDMAP_RANGE_MIN); sss_idmap_free_dom_sid(idmap_ctx, dom_sid); } END_TEST START_TEST(idmap_test_uid2sid) { enum idmap_error_code err; char *sid; err = sss_idmap_unix_to_sid(idmap_ctx, 10000, &sid); fail_unless(err == IDMAP_NO_DOMAIN, "sss_idmap_unix_to_sid did not detect " "id out of range"); err = sss_idmap_unix_to_sid(idmap_ctx, 2234, &sid); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_unix_to_sid failed."); fail_unless(strcmp(sid, "S-1-5-21-1-2-3-1000") == 0, "sss_idmap_unix_to_sid returned wrong SID, " "expected [%s], got [%s].", "S-1-5-21-1-2-3-1000", sid); sss_idmap_free_sid(idmap_ctx, sid); } END_TEST START_TEST(idmap_test_uid2dom_sid) { enum idmap_error_code err; struct sss_dom_sid *dom_sid = NULL; char *sid = NULL; err = sss_idmap_unix_to_dom_sid(idmap_ctx, 10000, &dom_sid); fail_unless(err == IDMAP_NO_DOMAIN, "sss_idmap_unix_to_dom_sid did not detect " "id out of range"); err = sss_idmap_unix_to_dom_sid(idmap_ctx, 2234, &dom_sid); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_unix_to_dom_sid failed."); err = sss_idmap_dom_sid_to_sid(idmap_ctx, dom_sid, &sid); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_dom_sid_to_sid failed."); fail_unless(strcmp(sid, "S-1-5-21-1-2-3-1000") == 0, "sss_idmap_unix_to_dom_sid returned wrong SID, " "expected [%s], got [%s].", "S-1-5-21-1-2-3-1000", sid); sss_idmap_free_sid(idmap_ctx, sid); sss_idmap_free_dom_sid(idmap_ctx, dom_sid); } END_TEST START_TEST(idmap_test_uid2bin_sid) { enum idmap_error_code err; uint8_t *bin_sid = NULL; size_t length; char *sid = NULL; err = sss_idmap_unix_to_bin_sid(idmap_ctx, 10000, &bin_sid, &length); fail_unless(err == IDMAP_NO_DOMAIN, "sss_idmap_unix_to_bin_sid did not detect " "id out of range"); err = sss_idmap_unix_to_bin_sid(idmap_ctx, 2234, &bin_sid, &length); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_unix_to_bin_sid failed."); err = sss_idmap_bin_sid_to_sid(idmap_ctx, bin_sid, length, &sid); fail_unless(err == IDMAP_SUCCESS, "sss_idmap_bin_sid_to_sid failed."); fail_unless(strcmp(sid, "S-1-5-21-1-2-3-1000") == 0, "sss_idmap_unix_to_bin_sid returned wrong SID, " "expected [%s], got [%s].", "S-1-5-21-1-2-3-1000", sid); sss_idmap_free_sid(idmap_ctx, sid); sss_idmap_free_bin_sid(idmap_ctx, bin_sid); } END_TEST START_TEST(idmap_test_bin_sid2dom_sid) { struct sss_dom_sid *dom_sid = NULL; enum idmap_error_code err; uint8_t *new_bin_sid = NULL; size_t new_bin_sid_length; err = sss_idmap_bin_sid_to_dom_sid(idmap_ctx, test_bin_sid, test_bin_sid_length, &dom_sid); fail_unless(err == IDMAP_SUCCESS, "Failed to convert binary SID to struct sss_dom_sid."); err = sss_idmap_dom_sid_to_bin_sid(idmap_ctx, dom_sid, &new_bin_sid, &new_bin_sid_length); fail_unless(err == IDMAP_SUCCESS, "Failed to convert struct sss_dom_sid to binary SID."); fail_unless(new_bin_sid_length == test_bin_sid_length, "Length of binary SIDs do not match."); fail_unless(memcmp(test_bin_sid, new_bin_sid, test_bin_sid_length) == 0, "Binary SIDs do not match."); sss_idmap_free_dom_sid(idmap_ctx, dom_sid); sss_idmap_free_bin_sid(idmap_ctx, new_bin_sid); } END_TEST START_TEST(idmap_test_sid2dom_sid) { struct sss_dom_sid *dom_sid = NULL; enum idmap_error_code err; char *new_sid = NULL; err = sss_idmap_sid_to_dom_sid(idmap_ctx, "S-1-5-21-1-2-3-1000", &dom_sid); fail_unless(err == IDMAP_SUCCESS, "Failed to convert SID string to struct sss_dom_sid."); err = sss_idmap_dom_sid_to_sid(idmap_ctx, dom_sid, &new_sid); fail_unless(err == IDMAP_SUCCESS, "Failed to convert struct sss_dom_sid to SID string."); fail_unless(new_sid != NULL, "SID string not set"); fail_unless(strlen("S-1-5-21-1-2-3-1000") == strlen(new_sid), "Length of SID strings do not match."); fail_unless(strcmp("S-1-5-21-1-2-3-1000", new_sid) == 0, "SID strings do not match."); sss_idmap_free_dom_sid(idmap_ctx, dom_sid); sss_idmap_free_sid(idmap_ctx, new_sid); } END_TEST START_TEST(idmap_test_large_and_too_large_sid) { struct sss_dom_sid *dom_sid = NULL; enum idmap_error_code err; char *new_sid = NULL; err = sss_idmap_sid_to_dom_sid(idmap_ctx, large_sid, &dom_sid); fail_unless(err == IDMAP_SUCCESS, "Failed to convert SID string with a UINT32_MAX component " "to struct sss_dom_sid."); err = sss_idmap_dom_sid_to_sid(idmap_ctx, dom_sid, &new_sid); fail_unless(err == IDMAP_SUCCESS, "Failed to convert struct sss_dom_sid to SID string."); fail_unless(new_sid != NULL, "SID string not set"); fail_unless(strlen(large_sid) == strlen(new_sid), "Length of SID strings do not match."); fail_unless(strcmp(large_sid, new_sid) == 0, "SID strings do not match, expected [%s], got [%s]", large_sid, new_sid); err = sss_idmap_sid_to_dom_sid(idmap_ctx, too_large_sid, &dom_sid); fail_unless(err == IDMAP_SID_INVALID, "Trying to convert a SID with a too large component " "did not return IDMAP_SID_INVALID"); sss_idmap_free_dom_sid(idmap_ctx, dom_sid); sss_idmap_free_sid(idmap_ctx, new_sid); } END_TEST START_TEST(idmap_test_sid2bin_sid) { enum idmap_error_code err; size_t length; uint8_t *bin_sid = NULL; err = sss_idmap_sid_to_bin_sid(idmap_ctx, test_sid, &bin_sid, &length); fail_unless(err == IDMAP_SUCCESS, "Failed to convert SID string to binary sid."); fail_unless(length == test_bin_sid_length, "Size of binary SIDs do not match, got [%d], expected [%d]", length, test_bin_sid_length); fail_unless(memcmp(bin_sid, test_bin_sid, test_bin_sid_length) == 0, "Binary SIDs do not match"); sss_idmap_free_bin_sid(idmap_ctx, bin_sid); } END_TEST START_TEST(idmap_test_bin_sid2sid) { enum idmap_error_code err; char *sid = NULL; err = sss_idmap_bin_sid_to_sid(idmap_ctx, test_bin_sid, test_bin_sid_length, &sid); fail_unless(err == IDMAP_SUCCESS, "Failed to convert binary SID to SID string."); fail_unless(strcmp(sid, test_sid) == 0, "SID strings do not match, " "expected [%s], get [%s]", test_sid, sid); sss_idmap_free_sid(idmap_ctx, sid); } END_TEST START_TEST(idmap_test_smb_sid2dom_sid) { struct sss_dom_sid *dom_sid = NULL; enum idmap_error_code err; struct dom_sid *new_smb_sid = NULL; err = sss_idmap_smb_sid_to_dom_sid(idmap_ctx, &test_smb_sid, &dom_sid); fail_unless(err == IDMAP_SUCCESS, "Failed to convert samba dom_sid to struct sss_dom_sid."); err = sss_idmap_dom_sid_to_smb_sid(idmap_ctx, dom_sid, &new_smb_sid); fail_unless(err == IDMAP_SUCCESS, "Failed to convert struct sss_dom_sid to samba dom_sid."); fail_unless(memcmp(&test_smb_sid, new_smb_sid, sizeof(struct dom_sid)) == 0, "Samba dom_sid-s do not match."); sss_idmap_free_dom_sid(idmap_ctx, dom_sid); sss_idmap_free_smb_sid(idmap_ctx, new_smb_sid); } END_TEST START_TEST(idmap_test_smb_sid2bin_sid) { enum idmap_error_code err; size_t length; uint8_t *bin_sid = NULL; err = sss_idmap_smb_sid_to_bin_sid(idmap_ctx, &test_smb_sid, &bin_sid, &length); fail_unless(err == IDMAP_SUCCESS, "Failed to convert samba dom_sid to binary sid."); fail_unless(length == test_bin_sid_length, "Size of binary SIDs do not match, got [%d], expected [%d]", length, test_bin_sid_length); fail_unless(memcmp(bin_sid, test_bin_sid, test_bin_sid_length) == 0, "Binary SIDs do not match."); sss_idmap_free_bin_sid(idmap_ctx, bin_sid); } END_TEST START_TEST(idmap_test_bin_sid2smb_sid) { enum idmap_error_code err; struct dom_sid *smb_sid = NULL; err = sss_idmap_bin_sid_to_smb_sid(idmap_ctx, test_bin_sid, test_bin_sid_length, &smb_sid); fail_unless(err == IDMAP_SUCCESS, "Failed to convert binary sid to samba dom_sid."); fail_unless(memcmp(&test_smb_sid, smb_sid, sizeof(struct dom_sid)) == 0, "Samba dom_sid structs do not match."); sss_idmap_free_smb_sid(idmap_ctx, smb_sid); } END_TEST START_TEST(idmap_test_smb_sid2sid) { enum idmap_error_code err; char *sid = NULL; err = sss_idmap_smb_sid_to_sid(idmap_ctx, &test_smb_sid, &sid); fail_unless(err == IDMAP_SUCCESS, "Failed to convert samba dom_sid to sid string."); fail_unless(strcmp(sid, test_sid) == 0, "SID strings do not match, " "expected [%s], get [%s]", test_sid, sid); sss_idmap_free_sid(idmap_ctx, sid); } END_TEST START_TEST(idmap_test_sid2smb_sid) { enum idmap_error_code err; struct dom_sid *smb_sid = NULL; err = sss_idmap_sid_to_smb_sid(idmap_ctx, test_sid, &smb_sid); fail_unless(err == IDMAP_SUCCESS, "Failed to convert binary sid to samba dom_sid."); fail_unless(memcmp(&test_smb_sid, smb_sid, sizeof(struct dom_sid)) == 0, "Samba dom_sid structs do not match."); sss_idmap_free_smb_sid(idmap_ctx, smb_sid); } END_TEST Suite *idmap_test_suite (void) { Suite *s = suite_create ("IDMAP"); TCase *tc_init = tcase_create("IDMAP init tests"); tcase_add_checked_fixture(tc_init, ck_leak_check_setup, ck_leak_check_teardown); tcase_add_test(tc_init, idmap_test_init_malloc); tcase_add_test(tc_init, idmap_test_init_talloc); tcase_add_test(tc_init, idmap_test_is_domain_sid); suite_add_tcase(s, tc_init); TCase *tc_dom = tcase_create("IDMAP domain tests"); tcase_add_checked_fixture(tc_dom, ck_leak_check_setup, ck_leak_check_teardown); tcase_add_checked_fixture(tc_dom, idmap_ctx_setup, idmap_ctx_teardown); tcase_add_test(tc_dom, idmap_test_add_domain); tcase_add_test(tc_dom, idmap_test_add_domain_collisions); tcase_add_test(tc_dom, idmap_test_add_domain_collisions_ext_mapping); suite_add_tcase(s, tc_dom); TCase *tc_conv = tcase_create("IDMAP SID conversion tests"); tcase_add_checked_fixture(tc_conv, ck_leak_check_setup, ck_leak_check_teardown); tcase_add_checked_fixture(tc_conv, idmap_ctx_setup, idmap_ctx_teardown); tcase_add_test(tc_conv, idmap_test_bin_sid2dom_sid); tcase_add_test(tc_conv, idmap_test_sid2dom_sid); tcase_add_test(tc_conv, idmap_test_sid2bin_sid); tcase_add_test(tc_conv, idmap_test_bin_sid2sid); tcase_add_test(tc_conv, idmap_test_smb_sid2dom_sid); tcase_add_test(tc_conv, idmap_test_smb_sid2bin_sid); tcase_add_test(tc_conv, idmap_test_bin_sid2smb_sid); tcase_add_test(tc_conv, idmap_test_smb_sid2sid); tcase_add_test(tc_conv, idmap_test_sid2smb_sid); tcase_add_test(tc_conv, idmap_test_large_and_too_large_sid); suite_add_tcase(s, tc_conv); TCase *tc_map = tcase_create("IDMAP mapping tests"); tcase_add_checked_fixture(tc_map, ck_leak_check_setup, ck_leak_check_teardown); tcase_add_checked_fixture(tc_map, idmap_ctx_setup, idmap_ctx_teardown); tcase_add_checked_fixture(tc_map, idmap_add_domain_setup, NULL); tcase_add_test(tc_map, idmap_test_sid2uid); tcase_add_test(tc_map, idmap_test_bin_sid2uid); tcase_add_test(tc_map, idmap_test_dom_sid2uid); tcase_add_test(tc_map, idmap_test_uid2sid); tcase_add_test(tc_map, idmap_test_uid2dom_sid); tcase_add_test(tc_map, idmap_test_uid2bin_sid); suite_add_tcase(s, tc_map); return s; } int main(int argc, const char *argv[]) { int number_failed; tests_set_cwd(); Suite *s = idmap_test_suite(); SRunner *sr = srunner_create(s); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); number_failed = srunner_ntests_failed (sr); srunner_free (sr); return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; } sssd-1.11.5/src/tests/PaxHeaders.13173/sysdb-tests.c0000644000000000000000000000007412320753107020134 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.782874856 sssd-1.11.5/src/tests/sysdb-tests.c0000664002412700241270000053763312320753107020377 0ustar00jhrozekjhrozek00000000000000/* SSSD System Database Copyright (C) Stephen Gallagher 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include "util/util.h" #include "confdb/confdb_setup.h" #include "db/sysdb_private.h" #include "db/sysdb_services.h" #include "db/sysdb_autofs.h" #include "tests/common.h" #define TESTS_PATH "tests_sysdb" #define TEST_CONF_FILE "tests_conf.ldb" #define TEST_ATTR_NAME "test_attr_name" #define TEST_ATTR_VALUE "test_attr_value" #define TEST_ATTR_UPDATE_VALUE "test_attr_update_value" #define TEST_ATTR_ADD_NAME "test_attr_add_name" #define TEST_ATTR_ADD_VALUE "test_attr_add_value" #define CUSTOM_TEST_CONTAINER "custom_test_container" #define CUSTOM_TEST_OBJECT "custom_test_object" #define ASQ_TEST_USER "testuser27010" #define ASQ_TEST_USER_UID 27010 #define MBO_USER_BASE 27500 #define MBO_GROUP_BASE 28500 #define NUM_GHOSTS 10 #define TEST_AUTOFS_MAP_BASE 29500 struct sysdb_test_ctx { struct sysdb_ctx *sysdb; struct confdb_ctx *confdb; struct tevent_context *ev; struct sss_domain_info *domain; }; static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate) { struct sysdb_test_ctx *test_ctx; char *conf_db; int ret; const char *val[2]; val[1] = NULL; /* Create tests directory if it doesn't exist */ /* (relative to current dir) */ ret = mkdir(TESTS_PATH, 0775); if (ret == -1 && errno != EEXIST) { fail("Could not create %s directory", TESTS_PATH); return EFAULT; } test_ctx = talloc_zero(NULL, struct sysdb_test_ctx); if (test_ctx == NULL) { fail("Could not allocate memory for test context"); return ENOMEM; } /* Create an event context * It will not be used except in confdb_init and sysdb_init */ test_ctx->ev = tevent_context_init(test_ctx); if (test_ctx->ev == NULL) { fail("Could not create event context"); talloc_free(test_ctx); return EIO; } conf_db = talloc_asprintf(test_ctx, "%s/%s", TESTS_PATH, TEST_CONF_FILE); if (conf_db == NULL) { fail("Out of memory, aborting!"); talloc_free(test_ctx); return ENOMEM; } DEBUG(3, ("CONFDB: %s\n", conf_db)); /* Connect to the conf db */ ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db); if (ret != EOK) { fail("Could not initialize connection to the confdb"); talloc_free(test_ctx); return ret; } val[0] = "LOCAL"; ret = confdb_add_param(test_ctx->confdb, true, "config/sssd", "domains", val); if (ret != EOK) { fail("Could not initialize domains placeholder"); talloc_free(test_ctx); return ret; } val[0] = "local"; ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "id_provider", val); if (ret != EOK) { fail("Could not initialize provider"); talloc_free(test_ctx); return ret; } val[0] = enumerate ? "TRUE" : "FALSE"; ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "enumerate", val); if (ret != EOK) { fail("Could not initialize LOCAL domain"); talloc_free(test_ctx); return ret; } val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "cache_credentials", val); if (ret != EOK) { fail("Could not initialize LOCAL domain"); talloc_free(test_ctx); return ret; } ret = sssd_domain_init(test_ctx, test_ctx->confdb, "local", TESTS_PATH, &test_ctx->domain); if (ret != EOK) { fail("Could not initialize connection to the sysdb (%d)", ret); talloc_free(test_ctx); return ret; } test_ctx->sysdb = test_ctx->domain->sysdb; *ctx = test_ctx; return EOK; } #define setup_sysdb_tests(ctx) _setup_sysdb_tests((ctx), false) struct test_data { struct tevent_context *ev; struct sysdb_test_ctx *ctx; const char *username; const char *groupname; const char *netgrname; const char *autofsmapname; uid_t uid; gid_t gid; const char *shell; bool finished; int error; struct sysdb_attrs *attrs; const char **attrlist; char **memberlist; struct ldb_message *msg; size_t msgs_count; struct ldb_message **msgs; }; static int test_add_user(struct test_data *data) { char *homedir; char *gecos; int ret; homedir = talloc_asprintf(data, "/home/testuser%d", data->uid); gecos = talloc_asprintf(data, "Test User %d", data->uid); ret = sysdb_add_user(data->ctx->sysdb, data->ctx->domain, data->username, data->uid, 0, gecos, homedir, "/bin/bash", NULL, NULL, 0, 0); return ret; } static int test_store_user(struct test_data *data) { char *homedir; char *gecos; int ret; homedir = talloc_asprintf(data, "/home/testuser%d", data->uid); gecos = talloc_asprintf(data, "Test User %d", data->uid); ret = sysdb_store_user(data->ctx->sysdb, data->ctx->domain, data->username, "x", data->uid, 0, gecos, homedir, data->shell ? data->shell : "/bin/bash", NULL, NULL, NULL, -1, 0); return ret; } static int test_remove_user(struct test_data *data) { struct ldb_dn *user_dn; int ret; user_dn = sysdb_user_dn(data->ctx->sysdb, data, data->ctx->domain, data->username); if (!user_dn) return ENOMEM; ret = sysdb_delete_entry(data->ctx->sysdb, user_dn, true); return ret; } static int test_remove_user_by_uid(struct test_data *data) { int ret; ret = sysdb_delete_user(data->ctx->sysdb, data->ctx->domain, NULL, data->uid); return ret; } static int test_remove_nonexistent_group(struct test_data *data) { int ret; ret = sysdb_delete_group(data->ctx->sysdb, data->ctx->domain, NULL, data->uid); return ret; } static int test_remove_nonexistent_user(struct test_data *data) { int ret; ret = sysdb_delete_user(data->ctx->sysdb, data->ctx->domain, NULL, data->uid); return ret; } static int test_add_group(struct test_data *data) { int ret; ret = sysdb_add_group(data->ctx->sysdb, data->ctx->domain, data->groupname, data->gid, data->attrs, 0, 0); return ret; } static int test_add_incomplete_group(struct test_data *data) { int ret; ret = sysdb_add_incomplete_group(data->ctx->sysdb, data->ctx->domain, data->groupname, data->gid, NULL, NULL, true, 0); return ret; } static int test_store_group(struct test_data *data) { int ret; ret = sysdb_store_group(data->ctx->sysdb, data->ctx->domain, data->groupname, data->gid, data->attrs, -1, 0); return ret; } static int test_remove_group(struct test_data *data) { struct ldb_dn *group_dn; int ret; group_dn = sysdb_group_dn(data->ctx->sysdb, data, data->ctx->domain, data->groupname); if (!group_dn) return ENOMEM; ret = sysdb_delete_entry(data->ctx->sysdb, group_dn, true); return ret; } static int test_remove_group_by_gid(struct test_data *data) { int ret; ret = sysdb_delete_group(data->ctx->sysdb, data->ctx->domain, NULL, data->gid); if (ret == ENOENT) { ret = EOK; } return ret; } static int test_set_user_attr(struct test_data *data) { int ret; ret = sysdb_set_user_attr(data->ctx->sysdb, data->ctx->domain, data->username, data->attrs, SYSDB_MOD_REP); return ret; } static int test_add_group_member(struct test_data *data) { const char *username; int ret; username = talloc_asprintf(data, "testuser%d", data->uid); if (username == NULL) { return ENOMEM; } ret = sysdb_add_group_member(data->ctx->sysdb, data->ctx->domain, data->groupname, username, SYSDB_MEMBER_USER, false); return ret; } static int test_remove_group_member(struct test_data *data) { const char *username; int ret; username = talloc_asprintf(data, "testuser%d", data->uid); if (username == NULL) { return ENOMEM; } ret = sysdb_remove_group_member(data->ctx->sysdb, data->ctx->domain, data->groupname, username, SYSDB_MEMBER_USER, false); return ret; } static int test_store_custom(struct test_data *data) { char *object_name; int ret; object_name = talloc_asprintf(data, "%s_%d", CUSTOM_TEST_OBJECT, data->uid); if (!object_name) { return ENOMEM; } ret = sysdb_store_custom(data->ctx->sysdb, data->ctx->domain, object_name, CUSTOM_TEST_CONTAINER, data->attrs); return ret; } static int test_delete_custom(struct test_data *data) { int ret; ret = sysdb_delete_custom(data->ctx->sysdb, data->ctx->domain, CUSTOM_TEST_OBJECT, CUSTOM_TEST_CONTAINER); return ret; } static int test_search_all_users(struct test_data *data) { struct ldb_dn *base_dn; int ret; base_dn = ldb_dn_new_fmt(data, data->ctx->sysdb->ldb, SYSDB_TMPL_USER_BASE, "LOCAL"); if (base_dn == NULL) { return ENOMEM; } ret = sysdb_search_entry(data, data->ctx->sysdb, base_dn, LDB_SCOPE_SUBTREE, "objectClass=user", data->attrlist, &data->msgs_count, &data->msgs); return ret; } static int test_delete_recursive(struct test_data *data) { struct ldb_dn *dn; int ret; dn = ldb_dn_new_fmt(data, data->ctx->sysdb->ldb, SYSDB_DOM_BASE, "LOCAL"); if (!dn) { return ENOMEM; } ret = sysdb_delete_recursive(data->ctx->sysdb, dn, false); fail_unless(ret == EOK, "sysdb_delete_recursive returned [%d]", ret); return ret; } static int test_memberof_store_group(struct test_data *data) { int ret; struct sysdb_attrs *attrs = NULL; char *member; int i; attrs = sysdb_new_attrs(data); if (!attrs) { return ENOMEM; } for (i = 0; data->attrlist && data->attrlist[i]; i++) { member = sysdb_group_strdn(data, data->ctx->domain->name, data->attrlist[i]); if (!member) { return ENOMEM; } ret = sysdb_attrs_steal_string(attrs, SYSDB_MEMBER, member); if (ret != EOK) { return ret; } } ret = sysdb_store_group(data->ctx->sysdb, data->ctx->domain, data->groupname, data->gid, attrs, -1, 0); return ret; } static int test_memberof_store_group_with_ghosts(struct test_data *data) { int ret; struct sysdb_attrs *attrs = NULL; char *member; int i; attrs = sysdb_new_attrs(data); if (!attrs) { return ENOMEM; } for (i = 0; data->attrlist && data->attrlist[i]; i++) { member = sysdb_group_strdn(data, data->ctx->domain->name, data->attrlist[i]); if (!member) { return ENOMEM; } ret = sysdb_attrs_steal_string(attrs, SYSDB_MEMBER, member); if (ret != EOK) { return ret; } } for (i = 0; data->memberlist && data->memberlist[i]; i++) { ret = sysdb_attrs_steal_string(attrs, SYSDB_GHOST, data->memberlist[i]); if (ret != EOK) { return ret; } } ret = sysdb_store_group(data->ctx->sysdb, data->ctx->domain, data->groupname, data->gid, attrs, -1, 0); return ret; } static int test_add_basic_netgroup(struct test_data *data) { const char *description; int ret; description = talloc_asprintf(data, "Test Netgroup %d", data->uid); ret = sysdb_add_basic_netgroup(data->ctx->sysdb, data->ctx->domain, data->netgrname, description); return ret; } static int test_remove_netgroup_entry(struct test_data *data) { struct ldb_dn *netgroup_dn; int ret; netgroup_dn = sysdb_netgroup_dn(data->ctx->sysdb, data, data->ctx->domain, data->netgrname); if (!netgroup_dn) return ENOMEM; ret = sysdb_delete_entry(data->ctx->sysdb, netgroup_dn, true); return ret; } static int test_remove_netgroup_by_name(struct test_data *data) { int ret; ret = sysdb_delete_netgroup(data->ctx->sysdb, data->ctx->domain, data->netgrname); return ret; } static int test_set_netgroup_attr(struct test_data *data) { int ret; const char *description; struct sysdb_attrs *attrs = NULL; description = talloc_asprintf(data, "Sysdb Netgroup %d", data->uid); attrs = sysdb_new_attrs(data); if (!attrs) { return ENOMEM; } ret = sysdb_attrs_add_string(attrs, SYSDB_DESCRIPTION, description); if (ret) { return ret; } ret = sysdb_set_netgroup_attr(data->ctx->sysdb, data->ctx->domain, data->netgrname, attrs, SYSDB_MOD_REP); return ret; } START_TEST (test_sysdb_store_user) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; data->username = talloc_asprintf(data, "testuser%d", _i); ret = test_store_user(data); fail_if(ret != EOK, "Could not store user %s", data->username); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_store_user_existing) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; data->username = talloc_asprintf(data, "testuser%d", _i); data->shell = talloc_asprintf(data, "/bin/ksh"); ret = test_store_user(data); fail_if(ret != EOK, "Could not store user %s", data->username); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_store_group) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", _i); ret = test_store_group(data); fail_if(ret != EOK, "Could not store POSIX group #%d", _i); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_remove_local_user) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->username = talloc_asprintf(data, "testuser%d", _i); ret = test_remove_user(data); fail_if(ret != EOK, "Could not remove user %s", data->username); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_remove_local_user_by_uid) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = _i; ret = test_remove_user_by_uid(data); fail_if(ret != EOK, "Could not remove user with uid %d", _i); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_remove_local_group) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->groupname = talloc_asprintf(data, "testgroup%d", _i); ret = test_remove_group(data); fail_if(ret != EOK, "Could not remove group %s", data->groupname); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_remove_local_group_by_gid) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; ret = test_remove_group_by_gid(data); fail_if(ret != EOK, "Could not remove group with gid %d", _i); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_add_user) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; data->username = talloc_asprintf(data, "testuser%d", _i); ret = test_add_user(data); fail_if(ret != EOK, "Could not add user %s", data->username); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_add_group) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", _i); ret = test_add_group(data); fail_if(ret != EOK, "Could not add group %s", data->groupname); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_add_group_with_ghosts) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; char *membername; int j; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", _i); fail_unless(data->groupname != NULL, "Out of memory\n"); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { fail("Could not create the changeset"); return; } for (j = MBO_GROUP_BASE; j < _i; j++) { membername = talloc_asprintf(data, "testghost%d", j); fail_unless(membername != NULL, "Out of memory\n"); ret = sysdb_attrs_steal_string(data->attrs, SYSDB_GHOST, membername); if (ret != EOK) { fail_unless(ret == EOK, "Cannot add attr\n"); } } ret = test_store_group(data); fail_if(ret != EOK, "Could not add group %s", data->groupname); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_add_incomplete_group) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = _i; data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", _i); ret = test_add_incomplete_group(data); fail_if(ret != EOK, "Could not add incomplete group %s", data->groupname); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_getpwnam) { struct sysdb_test_ctx *test_ctx; struct ldb_result *res; const char *username; uid_t uid; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } username = talloc_asprintf(test_ctx, "testuser%d", _i); ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, test_ctx->domain, username, &res); if (ret) { fail("sysdb_getpwnam failed for username %s (%d: %s)", username, ret, strerror(ret)); goto done; } if (res->count != 1) { fail("Invalid number of replies. Expected 1, got %d", res->count); goto done; } uid = ldb_msg_find_attr_as_uint(res->msgs[0], SYSDB_UIDNUM, 0); fail_unless(uid == _i, "Did not find the expected UID"); /* Search for the user with the wrong case */ username = talloc_asprintf(test_ctx, "TESTUSER%d", _i); ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, test_ctx->domain, username, &res); if (ret) { fail("sysdb_getpwnam failed for username %s (%d: %s)", username, ret, strerror(ret)); goto done; } if (res->count != 0) { fail("The upper-case username search should fail."); } done: talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_getgrnam) { struct sysdb_test_ctx *test_ctx; struct ldb_result *res; const char *groupname; gid_t gid; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } groupname = talloc_asprintf(test_ctx, "testgroup%d", _i); ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, test_ctx->domain, groupname, &res); if (ret) { fail("sysdb_getgrnam failed for groupname %s (%d: %s)", groupname, ret, strerror(ret)); goto done; } if (res->count != 1) { fail("Invalid number of replies. Expected 1, got %d", res->count); goto done; } gid = ldb_msg_find_attr_as_uint(res->msgs[0], SYSDB_GIDNUM, 0); fail_unless(gid == _i, "Did not find the expected GID (found %d expected %d)", gid, _i); /* Search for the group with the wrong case */ groupname = talloc_asprintf(test_ctx, "TESTGROUP%d", _i); ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, test_ctx->domain, groupname, &res); if (ret) { fail("sysdb_getgrnam failed for groupname %s (%d: %s)", groupname, ret, strerror(ret)); goto done; } if (res->count != 0) { fail("The upper-case groupname search should fail."); } done: talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_getgrgid) { struct sysdb_test_ctx *test_ctx; struct ldb_result *res; const char *e_groupname; const char *groupname; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } ret = sysdb_getgrgid(test_ctx, test_ctx->sysdb, test_ctx->domain, _i, &res); if (ret) { fail("sysdb_getgrgid failed for gid %d (%d: %s)", _i, ret, strerror(ret)); goto done; } groupname = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, 0); e_groupname = talloc_asprintf(test_ctx, "testgroup%d", _i); if (e_groupname == NULL) { fail("Cannot allocate memory"); goto done; } fail_unless(strcmp(groupname, e_groupname) == 0, "Did not find the expected groupname (found %s expected %s)", groupname, e_groupname); done: talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_search_groups) { struct sysdb_test_ctx *test_ctx; int ret; const char *attrs[] = { SYSDB_NAME, NULL }; char *filter; size_t count; struct ldb_message **msgs; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); filter = talloc_asprintf(test_ctx, "("SYSDB_GIDNUM"=%d)", _i); fail_if(filter == NULL, "OOM"); ret = sysdb_search_groups(test_ctx, test_ctx->sysdb, test_ctx->domain, filter, attrs, &count, &msgs); talloc_free(filter); fail_if(ret != EOK, "Search failed: %d", ret); fail_if(count != 1, "Did not find the expected group\n"); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_getpwuid) { struct sysdb_test_ctx *test_ctx; struct ldb_result *res; const char *e_username; const char *username; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } ret = sysdb_getpwuid(test_ctx, test_ctx->sysdb, test_ctx->domain, _i, &res); if (ret) { fail("sysdb_getpwuid failed for uid %d (%d: %s)", _i, ret, strerror(ret)); goto done; } fail_unless(res->count == 1, "Expected 1 user entry, found %d\n", res->count); username = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, 0); e_username = talloc_asprintf(test_ctx, "testuser%d", _i); if (username == NULL) { fail("Cannot allocate memory"); goto done; } fail_unless(strcmp(username, e_username) == 0, "Did not find the expected username (found %s expected %s)", username, e_username); done: talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_enumgrent) { struct sysdb_test_ctx *test_ctx; struct ldb_result *res; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } ret = sysdb_enumgrent(test_ctx, test_ctx->sysdb, test_ctx->domain, &res); fail_unless(ret == EOK, "sysdb_enumgrent failed (%d: %s)", ret, strerror(ret)); /* 10 groups + 10 users (we're MPG) */ fail_if(res->count != 20, "Expected 20 users, got %d", res->count); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_enumpwent) { struct sysdb_test_ctx *test_ctx; struct ldb_result *res; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } ret = sysdb_enumpwent(test_ctx, test_ctx->sysdb, test_ctx->domain, &res); fail_unless(ret == EOK, "sysdb_enumpwent failed (%d: %s)", ret, strerror(ret)); fail_if(res->count != 10, "Expected 10 users, got %d", res->count); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_set_user_attr) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->username = talloc_asprintf(data, "testuser%d", _i); data->attrs = sysdb_new_attrs(test_ctx); if (ret != EOK) { fail("Could not create the changeset"); return; } ret = sysdb_attrs_add_string(data->attrs, SYSDB_SHELL, "/bin/ksh"); if (ret != EOK) { fail("Could not create the changeset"); return; } ret = test_set_user_attr(data); fail_if(ret != EOK, "Could not modify user %s", data->username); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_search_users) { struct sysdb_test_ctx *test_ctx; int ret; const char *attrs[] = { SYSDB_NAME, NULL }; char *filter; size_t count; struct ldb_message **msgs; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); filter = talloc_asprintf(test_ctx, "(&("SYSDB_UIDNUM"=%d)("SYSDB_SHELL"=/bin/ksh))", _i); fail_if(filter == NULL, "OOM"); ret = sysdb_search_users(test_ctx, test_ctx->sysdb, test_ctx->domain, filter, attrs, &count, &msgs); talloc_free(filter); fail_if(ret != EOK, "Search failed: %d", ret); fail_if(count != 1, "Did not find the expected user\n"); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_remove_attrs) { struct sysdb_test_ctx *test_ctx; int ret; char *rmattrs[2]; char *username; struct ldb_result *res; const char *shell; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); username = talloc_asprintf(test_ctx, "testuser%d", _i); fail_if(username == NULL, "OOM"); ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, test_ctx->domain, username, &res); fail_if(ret != EOK, "sysdb_getpwnam failed for username %s (%d: %s)", username, ret, strerror(ret)); shell = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SHELL, NULL); fail_unless(shell != NULL, "Did not find user shell before removal"); rmattrs[0] = discard_const(SYSDB_SHELL); rmattrs[1] = NULL; ret = sysdb_remove_attrs(test_ctx->sysdb, test_ctx->domain, username, SYSDB_MEMBER_USER, rmattrs); fail_if(ret != EOK, "Removing attributes failed: %d", ret); ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, test_ctx->domain, username, &res); fail_if(ret != EOK, "sysdb_getpwnam failed for username %s (%d: %s)", username, ret, strerror(ret)); shell = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SHELL, NULL); fail_unless(shell == NULL, "Found user shell after removal"); } END_TEST START_TEST (test_sysdb_get_user_attr) { struct sysdb_test_ctx *test_ctx; const char *attrs[] = { SYSDB_SHELL, NULL }; struct ldb_result *res; const char *attrval; char *username; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } username = talloc_asprintf(test_ctx, "testuser%d", _i); ret = sysdb_get_user_attr(test_ctx, test_ctx->sysdb, test_ctx->domain, username, attrs, &res); if (ret) { fail("Could not get attributes for user %s", username); goto done; } fail_if(res->count != 1, "Invalid number of entries, expected 1, got %d", res->count); attrval = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SHELL, 0); fail_if(strcmp(attrval, "/bin/ksh"), "Got bad attribute value for user %s", username); done: talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_add_group_member) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->groupname = talloc_asprintf(data, "testgroup%d", _i); data->uid = _i - 1000; /* the UID of user to add */ ret = test_add_group_member(data); fail_if(ret != EOK, "Could not modify group %s", data->groupname); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_initgroups) { struct sysdb_test_ctx *test_ctx; int ret; const char *username; struct ldb_result *res; struct ldb_message *user; struct ldb_message *group; gid_t gid; uid_t uid; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } username = talloc_asprintf(test_ctx, "testuser%d", _i); ret = sysdb_initgroups(test_ctx, test_ctx->sysdb, test_ctx->domain, username, &res); fail_if(ret != EOK, "sysdb_initgroups failed\n"); /* result should contain 2 messages - user and his group */ fail_if(res->count != 2, "expected 2 groups, got %d\n", res->count); /* check if it's the expected user and expected group */ user = res->msgs[0]; group = res->msgs[1]; uid = ldb_msg_find_attr_as_uint(user, SYSDB_UIDNUM, 0); fail_unless(uid == _i, "Did not find the expected UID (found %d expected %d)", uid, _i); gid = ldb_msg_find_attr_as_uint(group, SYSDB_GIDNUM, 0); fail_unless(gid == _i + 1000, "Did not find the expected GID (found %d expected %d)", gid, _i); } END_TEST START_TEST (test_sysdb_remove_group_member) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->groupname = talloc_asprintf(data, "testgroup%d", _i); data->uid = _i - 1000; /* the UID of user to add */ ret = test_remove_group_member(data); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_remove_nonexistent_user) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = 12345; ret = test_remove_nonexistent_user(data); fail_if(ret != ENOENT, "Unexpected return code %d, expected ENOENT", ret); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_remove_nonexistent_group) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = 12345; ret = test_remove_nonexistent_group(data); fail_if(ret != ENOENT, "Unexpected return code %d, expected ENOENT", ret); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_get_new_id) { struct sysdb_test_ctx *test_ctx; int ret; uint32_t id; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Cannot setup sysdb tests\n"); ret = sysdb_get_new_id(test_ctx->sysdb, test_ctx->domain, &id); fail_if(ret != EOK, "Cannot get new ID\n"); fail_if(id != test_ctx->domain->id_min); } END_TEST START_TEST (test_sysdb_store_custom) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = _i; data->attrs = sysdb_new_attrs(test_ctx); if (ret != EOK) { fail("Could not create attribute list"); return; } ret = sysdb_attrs_add_string(data->attrs, TEST_ATTR_NAME, TEST_ATTR_VALUE); if (ret != EOK) { fail("Could not add attribute"); return; } ret = test_store_custom(data); fail_if(ret != EOK, "Could not add custom object"); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_search_custom_by_name) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; char *object_name; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); fail_unless(data != NULL, "talloc_zero failed"); data->ctx = test_ctx; data->ev = test_ctx->ev; data->attrlist = talloc_array(test_ctx, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed"); data->attrlist[0] = TEST_ATTR_NAME; data->attrlist[1] = NULL; object_name = talloc_asprintf(data, "%s_%d", CUSTOM_TEST_OBJECT, 29010); fail_unless(object_name != NULL, "talloc_asprintf failed"); ret = sysdb_search_custom_by_name(data, data->ctx->sysdb, data->ctx->domain, object_name, CUSTOM_TEST_CONTAINER, data->attrlist, &data->msgs_count, &data->msgs); fail_if(ret != EOK, "Could not search custom object"); fail_unless(data->msgs_count == 1, "Wrong number of objects, exptected [1] got [%d]", data->msgs_count); fail_unless(data->msgs[0]->num_elements == 1, "Wrong number of results, expected [1] got [%d]", data->msgs[0]->num_elements); fail_unless(strcmp(data->msgs[0]->elements[0].name, TEST_ATTR_NAME) == 0, "Wrong attribute name"); fail_unless(data->msgs[0]->elements[0].num_values == 1, "Wrong number of attribute values"); fail_unless(strncmp((const char *)data->msgs[0]->elements[0].values[0].data, TEST_ATTR_VALUE, data->msgs[0]->elements[0].values[0].length) == 0, "Wrong attribute value"); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_update_custom) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = 29010; data->attrs = sysdb_new_attrs(test_ctx); if (ret != EOK) { fail("Could not create attribute list"); return; } ret = sysdb_attrs_add_string(data->attrs, TEST_ATTR_NAME, TEST_ATTR_UPDATE_VALUE); if (ret != EOK) { fail("Could not add attribute"); return; } ret = sysdb_attrs_add_string(data->attrs, TEST_ATTR_ADD_NAME, TEST_ATTR_ADD_VALUE); if (ret != EOK) { fail("Could not add attribute"); return; } ret = test_store_custom(data); fail_if(ret != EOK, "Could not add custom object"); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_search_custom_update) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; char *object_name; struct ldb_message_element *el; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); fail_unless(data != NULL, "talloc_zero failed"); data->ctx = test_ctx; data->ev = test_ctx->ev; data->attrlist = talloc_array(test_ctx, const char *, 3); fail_unless(data->attrlist != NULL, "talloc_array failed"); data->attrlist[0] = TEST_ATTR_NAME; data->attrlist[1] = TEST_ATTR_ADD_NAME; data->attrlist[2] = NULL; object_name = talloc_asprintf(data, "%s_%d", CUSTOM_TEST_OBJECT, 29010); fail_unless(object_name != NULL, "talloc_asprintf failed"); ret = sysdb_search_custom_by_name(data, data->ctx->sysdb, data->ctx->domain, object_name, CUSTOM_TEST_CONTAINER, data->attrlist, &data->msgs_count, &data->msgs); fail_if(ret != EOK, "Could not search custom object"); fail_unless(data->msgs_count == 1, "Wrong number of objects, exptected [1] got [%d]", data->msgs_count); fail_unless(data->msgs[0]->num_elements == 2, "Wrong number of results, expected [2] got [%d]", data->msgs[0]->num_elements); el = ldb_msg_find_element(data->msgs[0], TEST_ATTR_NAME); fail_unless(el != NULL, "Attribute [%s] not found", TEST_ATTR_NAME); fail_unless(el->num_values == 1, "Wrong number ([%d] instead of 1) " "of attribute values for [%s]", el->num_values, TEST_ATTR_NAME); fail_unless(strncmp((const char *) el->values[0].data, TEST_ATTR_UPDATE_VALUE, el->values[0].length) == 0, "Wrong attribute value"); el = ldb_msg_find_element(data->msgs[0], TEST_ATTR_ADD_NAME); fail_unless(el != NULL, "Attribute [%s] not found", TEST_ATTR_ADD_NAME); fail_unless(el->num_values == 1, "Wrong number ([%d] instead of 1) " "of attribute values for [%s]", el->num_values, TEST_ATTR_ADD_NAME); fail_unless(strncmp((const char *) el->values[0].data, TEST_ATTR_ADD_VALUE, el->values[0].length) == 0, "Wrong attribute value"); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_search_custom) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; const char *filter = "(distinguishedName=*)"; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); fail_unless(data != NULL, "talloc_zero failed"); data->ctx = test_ctx; data->ev = test_ctx->ev; data->attrlist = talloc_array(test_ctx, const char *, 3); fail_unless(data->attrlist != NULL, "talloc_array failed"); data->attrlist[0] = TEST_ATTR_NAME; data->attrlist[1] = TEST_ATTR_ADD_NAME; data->attrlist[2] = NULL; ret = sysdb_search_custom(data, data->ctx->sysdb, data->ctx->domain, filter, CUSTOM_TEST_CONTAINER, data->attrlist, &data->msgs_count, &data->msgs); fail_if(ret != EOK, "Could not search custom object"); fail_unless(data->msgs_count == 10, "Wrong number of objects, exptected [10] got [%d]", data->msgs_count); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_delete_custom) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; ret = test_delete_custom(data); fail_if(ret != EOK, "Could not delete custom object"); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_cache_password) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->username = talloc_asprintf(data, "testuser%d", _i); ret = sysdb_cache_password(test_ctx->sysdb, test_ctx->domain, data->username, data->username); fail_unless(ret == EOK, "sysdb_cache_password request failed [%d].", ret); talloc_free(test_ctx); } END_TEST static void cached_authentication_without_expiration(const char *username, const char *password, int expected_result) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; time_t expire_date = -1; time_t delayed_until = -1; const char *val[2]; val[1] = NULL; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->username = username; val[0] = "0"; ret = confdb_add_param(test_ctx->confdb, true, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_CRED_TIMEOUT, val); if (ret != EOK) { fail("Could not initialize provider"); talloc_free(test_ctx); return; } ret = sysdb_cache_auth(test_ctx->sysdb, test_ctx->domain, data->username, password, test_ctx->confdb, false, &expire_date, &delayed_until); fail_unless(ret == expected_result, "sysdb_cache_auth request does not " "return expected result [%d].", expected_result); fail_unless(expire_date == 0, "Wrong expire date, expected [%d], got [%d]", 0, expire_date); fail_unless(delayed_until == -1, "Wrong delay, expected [%d], got [%d]", -1, delayed_until); talloc_free(test_ctx); } static void cached_authentication_with_expiration(const char *username, const char *password, int expected_result) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; time_t expire_date = -1; const char *val[2]; val[1] = NULL; time_t now; time_t expected_expire_date; time_t delayed_until = -1; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->username = username; val[0] = "1"; ret = confdb_add_param(test_ctx->confdb, true, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_CRED_TIMEOUT, val); if (ret != EOK) { fail("Could not initialize provider"); talloc_free(test_ctx); return; } now = time(NULL); expected_expire_date = now + (24 * 60 * 60); DEBUG(9, ("Setting SYSDB_LAST_ONLINE_AUTH to [%lld].\n", (long long) now)); data->attrs = sysdb_new_attrs(data); ret = sysdb_attrs_add_time_t(data->attrs, SYSDB_LAST_ONLINE_AUTH, now); ret = sysdb_set_user_attr(data->ctx->sysdb, data->ctx->domain, data->username, data->attrs, SYSDB_MOD_REP); fail_unless(ret == EOK, "Could not modify user %s", data->username); ret = sysdb_cache_auth(test_ctx->sysdb, data->ctx->domain, data->username, password, test_ctx->confdb, false, &expire_date, &delayed_until); fail_unless(ret == expected_result, "sysdb_cache_auth request does not return expected " "result [%d], got [%d].", expected_result, ret); fail_unless(expire_date == expected_expire_date, "Wrong expire date, expected [%d], got [%d]", expected_expire_date, expire_date); fail_unless(delayed_until == -1, "Wrong delay, expected [%d], got [%d]", -1, delayed_until); talloc_free(test_ctx); } START_TEST (test_sysdb_cached_authentication_missing_password) { TALLOC_CTX *tmp_ctx; char *username; tmp_ctx = talloc_new(NULL); fail_unless(tmp_ctx != NULL, "talloc_new failed."); username = talloc_asprintf(tmp_ctx, "testuser%d", _i); fail_unless(username != NULL, "talloc_asprintf failed."); cached_authentication_without_expiration(username, "abc", ERR_NO_CACHED_CREDS); cached_authentication_with_expiration(username, "abc", ERR_NO_CACHED_CREDS); talloc_free(tmp_ctx); } END_TEST START_TEST (test_sysdb_cached_authentication_wrong_password) { TALLOC_CTX *tmp_ctx; char *username; tmp_ctx = talloc_new(NULL); fail_unless(tmp_ctx != NULL, "talloc_new failed."); username = talloc_asprintf(tmp_ctx, "testuser%d", _i); fail_unless(username != NULL, "talloc_asprintf failed."); cached_authentication_without_expiration(username, "abc", ERR_AUTH_FAILED); cached_authentication_with_expiration(username, "abc", ERR_AUTH_FAILED); talloc_free(tmp_ctx); } END_TEST START_TEST (test_sysdb_cached_authentication) { TALLOC_CTX *tmp_ctx; char *username; tmp_ctx = talloc_new(NULL); fail_unless(tmp_ctx != NULL, "talloc_new failed."); username = talloc_asprintf(tmp_ctx, "testuser%d", _i); fail_unless(username != NULL, "talloc_asprintf failed."); cached_authentication_without_expiration(username, username, EOK); cached_authentication_with_expiration(username, username, EOK); talloc_free(tmp_ctx); } END_TEST START_TEST (test_sysdb_prepare_asq_test_user) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->groupname = talloc_asprintf(data, "testgroup%d", _i); data->uid = ASQ_TEST_USER_UID; ret = test_add_group_member(data); fail_if(ret != EOK, "Could not modify group %s", data->groupname); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_asq_search) { struct sysdb_test_ctx *test_ctx; struct test_data *data; struct ldb_dn *user_dn; int ret; size_t msgs_count; struct ldb_message **msgs; int i; char *gid_str; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed"); data->attrlist[0] = "gidNumber"; data->attrlist[1] = NULL; user_dn = sysdb_user_dn(data->ctx->sysdb, data, data->ctx->domain, ASQ_TEST_USER); fail_unless(user_dn != NULL, "sysdb_user_dn failed"); ret = sysdb_asq_search(data, test_ctx->sysdb, user_dn, NULL, "memberof", data->attrlist, &msgs_count, &msgs); fail_if(ret != EOK, "Failed to send ASQ search request.\n"); fail_unless(msgs_count == 10, "wrong number of results, " "found [%d] expected [10]", msgs_count); for (i = 0; i < msgs_count; i++) { fail_unless(msgs[i]->num_elements == 1, "wrong number of elements, " "found [%d] expected [1]", msgs[i]->num_elements); fail_unless(msgs[i]->elements[0].num_values == 1, "wrong number of values, found [%d] expected [1]", msgs[i]->elements[0].num_values); gid_str = talloc_asprintf(data, "%d", 28010 + i); fail_unless(gid_str != NULL, "talloc_asprintf failed."); fail_unless(strncmp(gid_str, (const char *) msgs[i]->elements[0].values[0].data, msgs[i]->elements[0].values[0].length) == 0, "wrong value, found [%.*s] expected [%s]", msgs[i]->elements[0].values[0].length, msgs[i]->elements[0].values[0].data, gid_str); } talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_search_all_users) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; int i; char *uid_str; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed"); data->attrlist[0] = "uidNumber"; data->attrlist[1] = NULL; ret = test_search_all_users(data); fail_if(ret != EOK, "Search failed"); fail_unless(data->msgs_count == 10, "wrong number of results, found [%d] expected [10]", data->msgs_count); for (i = 0; i < data->msgs_count; i++) { fail_unless(data->msgs[i]->num_elements == 1, "wrong number of elements, found [%d] expected [1]", data->msgs[i]->num_elements); fail_unless(data->msgs[i]->elements[0].num_values == 1, "wrong number of values, found [%d] expected [1]", data->msgs[i]->elements[0].num_values); uid_str = talloc_asprintf(data, "%d", 27010 + i); fail_unless(uid_str != NULL, "talloc_asprintf failed."); fail_unless(strncmp(uid_str, (char *) data->msgs[i]->elements[0].values[0].data, data->msgs[i]->elements[0].values[0].length) == 0, "wrong value, found [%.*s] expected [%s]", data->msgs[i]->elements[0].values[0].length, data->msgs[i]->elements[0].values[0].data, uid_str); } talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_delete_recursive) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; ret = test_delete_recursive(data); fail_if(ret != EOK, "Recursive delete failed"); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_attrs_replace_name) { struct sysdb_attrs *attrs; struct ldb_message_element *el; int ret; attrs = sysdb_new_attrs(NULL); fail_unless(attrs != NULL, "sysdb_new_attrs failed"); ret = sysdb_attrs_add_string(attrs, "foo", "bar"); fail_unless(ret == EOK, "sysdb_attrs_add_string failed"); ret = sysdb_attrs_add_string(attrs, "fool", "bool"); fail_unless(ret == EOK, "sysdb_attrs_add_string failed"); ret = sysdb_attrs_add_string(attrs, "foot", "boot"); fail_unless(ret == EOK, "sysdb_attrs_add_string failed"); ret = sysdb_attrs_replace_name(attrs, "foo", "foot"); fail_unless(ret == EEXIST, "sysdb_attrs_replace overwrites existing attribute"); ret = sysdb_attrs_replace_name(attrs, "foo", "oof"); fail_unless(ret == EOK, "sysdb_attrs_replace failed"); ret = sysdb_attrs_get_el(attrs, "foo", &el); fail_unless(ret == EOK, "sysdb_attrs_get_el failed"); fail_unless(el->num_values == 0, "Attribute foo is not empty."); ret = sysdb_attrs_get_el(attrs, "oof", &el); fail_unless(ret == EOK, "sysdb_attrs_get_el failed"); fail_unless(el->num_values == 1, "Wrong number of values for attribute oof, " "expected [1] got [%d].", el->num_values); fail_unless(strncmp("bar", (char *) el->values[0].data, el->values[0].length) == 0, "Wrong value, expected [bar] got [%.*s]", el->values[0].length, el->values[0].data); talloc_free(attrs); } END_TEST START_TEST (test_sysdb_memberof_store_group) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = MBO_GROUP_BASE + _i; data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); if (_i == 0) { data->attrlist = NULL; } else { data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = talloc_asprintf(data, "testgroup%d", data->gid - 1); data->attrlist[1] = NULL; } ret = test_memberof_store_group(data); fail_if(ret != EOK, "Could not store POSIX group #%d", data->gid); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_store_group_with_ghosts) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); if (_i == 0) { data->attrlist = NULL; } else { data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = talloc_asprintf(data, "testgroup%d", data->gid - 1); data->attrlist[1] = NULL; } data->memberlist = talloc_array(data, char *, 2); fail_unless(data->memberlist != NULL, "talloc_array failed."); data->memberlist[0] = talloc_asprintf(data, "testuser%d", data->gid); data->memberlist[1] = NULL; ret = test_memberof_store_group_with_ghosts(data); fail_if(ret != EOK, "Could not store POSIX group #%d", data->gid); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_store_group_with_double_ghosts) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); if (_i == 0) { data->attrlist = NULL; } else { data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = talloc_asprintf(data, "testgroup%d", data->gid - 1); data->attrlist[1] = NULL; } data->memberlist = talloc_array(data, char *, 3); fail_unless(data->memberlist != NULL, "talloc_array failed."); data->memberlist[0] = talloc_asprintf(data, "testusera%d", data->gid); data->memberlist[1] = talloc_asprintf(data, "testuserb%d", data->gid); data->memberlist[2] = NULL; ret = test_memberof_store_group_with_ghosts(data); fail_if(ret != EOK, "Could not store POSIX group #%d", data->gid); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_mod_add) { struct sysdb_test_ctx *test_ctx; struct test_data *data; char *ghostname; int ret; struct ldb_message_element *el; struct ldb_val gv, *test_gv; gid_t itergid; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { fail("Could not create the changeset"); return; } ghostname = talloc_asprintf(data, "testghost%d", _i); fail_unless(ghostname != NULL, "Out of memory\n"); ret = sysdb_attrs_steal_string(data->attrs, SYSDB_GHOST, ghostname); fail_unless(ret == EOK, "Cannot add attr\n"); data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = SYSDB_GHOST; data->attrlist[1] = NULL; /* Before the add, the groups should not contain the ghost attribute */ for (itergid = data->gid ; itergid < MBO_GROUP_BASE + NUM_GHOSTS; itergid++) { ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, itergid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); gv.data = (uint8_t *) ghostname; gv.length = strlen(ghostname); el = ldb_msg_find_element(data->msg, SYSDB_GHOST); if (data->gid > MBO_GROUP_BASE) { /* The first group would have the ghost attribute gone completely */ fail_if(el == NULL, "Cannot find ghost element\n"); test_gv = ldb_msg_find_val(el, &gv); fail_unless(test_gv == NULL, "Ghost user %s unexpectedly found\n", ghostname); } else { fail_unless(el == NULL, "Stray values in ghost element?\n"); } } /* Perform the add operation */ ret = sysdb_set_group_attr(test_ctx->sysdb, test_ctx->domain, data->groupname, data->attrs, SYSDB_MOD_ADD); fail_unless(ret == EOK, "Cannot set group attrs\n"); /* Before the delete, all groups with gid >= _i have the testuser%_i * as a member */ for (itergid = data->gid ; itergid < MBO_GROUP_BASE + NUM_GHOSTS; itergid++) { ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, itergid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); gv.data = (uint8_t *) ghostname; gv.length = strlen(ghostname); el = ldb_msg_find_element(data->msg, SYSDB_GHOST); fail_if(el == NULL, "Cannot find ghost element\n"); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find ghost user %s\n", ghostname); } talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_mod_replace) { struct sysdb_test_ctx *test_ctx; struct test_data *data; char *ghostname_del; char *ghostname_add; int ret; struct ldb_message_element *el; struct ldb_val gv, *test_gv; gid_t itergid; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { fail("Could not create the changeset"); return; } /* The test replaces the testuser%i attribute with testghost%i */ ghostname_del = talloc_asprintf(data, "testuser%d", _i); fail_unless(ghostname_del != NULL, "Out of memory\n"); ghostname_add = talloc_asprintf(data, "testghost%d", _i); fail_unless(ghostname_add != NULL, "Out of memory\n"); ret = sysdb_attrs_steal_string(data->attrs, SYSDB_GHOST, ghostname_add); fail_unless(ret == EOK, "Cannot add attr\n"); data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = SYSDB_GHOST; data->attrlist[1] = NULL; /* Before the replace, all groups with gid >= _i have the testuser%_i * as a member */ for (itergid = data->gid ; itergid < MBO_GROUP_BASE + NUM_GHOSTS; itergid++) { ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, itergid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); gv.data = (uint8_t *) ghostname_del; gv.length = strlen(ghostname_del); el = ldb_msg_find_element(data->msg, SYSDB_GHOST); fail_if(el == NULL, "Cannot find ghost element\n"); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find ghost user %s\n", ghostname_del); } /* Perform the replace operation */ ret = sysdb_set_group_attr(test_ctx->sysdb, test_ctx->domain, data->groupname, data->attrs, SYSDB_MOD_REP); fail_unless(ret == EOK, "Cannot set group attrs\n"); /* After the replace, all groups with gid >= _i have the testghost%_i * as a member */ for (itergid = data->gid ; itergid < MBO_GROUP_BASE + NUM_GHOSTS; itergid++) { ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, itergid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); gv.data = (uint8_t *) ghostname_add; gv.length = strlen(ghostname_add); el = ldb_msg_find_element(data->msg, SYSDB_GHOST); fail_if(el == NULL, "Cannot find ghost element\n"); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find ghost user %s\n", ghostname_add); } talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_mod_replace_keep) { struct sysdb_test_ctx *test_ctx; struct test_data *data; char *ghostname_rep; char *ghostname_del; char *ghostname_check; int ret; struct ldb_message_element *el; struct ldb_val gv, *test_gv; gid_t itergid; uid_t iteruid; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = MBO_GROUP_BASE + 10 - _i; data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { fail("Could not create the changeset"); return; } /* The test replaces the attributes (testusera$gid, testuserb$gid) with * just testusera$gid. The result should be not only testusera, but also * all ghost users inherited from child groups */ ghostname_rep = talloc_asprintf(data, "testusera%d", data->gid); fail_unless(ghostname_rep != NULL, "Out of memory\n"); ret = sysdb_attrs_steal_string(data->attrs, SYSDB_GHOST, ghostname_rep); fail_unless(ret == EOK, "Cannot add attr\n"); ghostname_del = talloc_asprintf(data, "testuserb%d", data->gid); fail_unless(ghostname_del != NULL, "Out of memory\n"); data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = SYSDB_GHOST; data->attrlist[1] = NULL; /* Before the replace, all groups with gid >= _i have both testuser a * and testuserb as a member */ for (itergid = data->gid ; itergid < MBO_GROUP_BASE + NUM_GHOSTS; itergid++) { ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, itergid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); gv.data = (uint8_t *) ghostname_rep; gv.length = strlen(ghostname_rep); el = ldb_msg_find_element(data->msg, SYSDB_GHOST); fail_if(el == NULL, "Cannot find ghost element\n"); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find ghost user %s\n", ghostname_rep); gv.data = (uint8_t *) ghostname_del; gv.length = strlen(ghostname_rep); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find ghost user %s\n", ghostname_del); /* inherited users must be there */ for (iteruid = MBO_GROUP_BASE ; iteruid < itergid ; iteruid++) { ghostname_check = talloc_asprintf(data, "testusera%d", iteruid); gv.data = (uint8_t *) ghostname_check; gv.length = strlen(ghostname_check); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find inherited ghost user %s\n", ghostname_check); if (iteruid < data->gid) { /* Also check the B user if it hasn't been deleted yet */ ghostname_check = talloc_asprintf(data, "testuserb%d", iteruid); gv.data = (uint8_t *) ghostname_check; gv.length = strlen(ghostname_check); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find inherited ghost user %s\n", ghostname_check); } talloc_zfree(ghostname_check); } } /* Perform the replace operation */ ret = sysdb_set_group_attr(test_ctx->sysdb, test_ctx->domain, data->groupname, data->attrs, SYSDB_MOD_REP); fail_unless(ret == EOK, "Cannot set group attrs\n"); /* After the replace, testusera should still be there, but we also need * to keep ghost users inherited from other groups */ for (itergid = data->gid ; itergid < MBO_GROUP_BASE + NUM_GHOSTS; itergid++) { ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, itergid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); gv.data = (uint8_t *) ghostname_rep; gv.length = strlen(ghostname_rep); /* testusera must still be there */ el = ldb_msg_find_element(data->msg, SYSDB_GHOST); fail_if(el == NULL, "Cannot find ghost element\n"); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find ghost user %s\n", ghostname_rep); /* testuserb must be gone */ gv.data = (uint8_t *) ghostname_del; gv.length = strlen(ghostname_rep); test_gv = ldb_msg_find_val(el, &gv); fail_unless(test_gv == NULL, "Cannot find ghost user %s\n", ghostname_del); /* inherited users must still be there */ for (iteruid = MBO_GROUP_BASE ; iteruid < itergid ; iteruid++) { ghostname_check = talloc_asprintf(data, "testusera%d", iteruid); gv.data = (uint8_t *) ghostname_check; gv.length = strlen(ghostname_check); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find inherited ghost user %s\n", ghostname_check); if (iteruid < data->gid) { /* Also check the B user if it hasn't been deleted yet */ ghostname_check = talloc_asprintf(data, "testuserb%d", iteruid); gv.data = (uint8_t *) ghostname_check; gv.length = strlen(ghostname_check); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find inherited ghost user %s\n", ghostname_check); } talloc_zfree(ghostname_check); } } talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_close_loop) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = MBO_GROUP_BASE; data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = talloc_asprintf(data, "testgroup%d", data->gid + 9); data->attrlist[1] = NULL; ret = test_memberof_store_group(data); fail_if(ret != EOK, "Could not store POSIX group #%d", data->gid); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_store_user) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = MBO_USER_BASE + _i; data->gid = 0; /* MPG domain */ data->username = talloc_asprintf(data, "testuser%d", data->uid); ret = test_store_user(data); fail_if(ret != EOK, "Could not store user %s", data->username); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_add_group_member) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->groupname = talloc_asprintf(data, "testgroup%d", _i + MBO_GROUP_BASE); data->uid = MBO_USER_BASE + _i; ret = test_add_group_member(data); fail_if(ret != EOK, "Could not modify group %s", data->groupname); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_check_memberuid_without_group_5) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i + MBO_GROUP_BASE; data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "tallo_array failed."); data->attrlist[0] = "memberuid"; data->attrlist[1] = NULL; ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, _i + MBO_GROUP_BASE, data->attrlist, &data->msg); if (_i == 5) { fail_unless(ret == ENOENT, "sysdb_search_group_by_gid found " "already deleted group"); if (ret == ENOENT) ret = EOK; fail_if(ret != EOK, "Could not check group %d", data->gid); } else { fail_if(ret != EOK, "Could not check group %d", data->gid); fail_unless(data->msg->num_elements == 1, "Wrong number of results, expected [1] got [%d]", data->msg->num_elements); fail_unless(strcmp(data->msg->elements[0].name, "memberuid") == 0, "Wrong attribute name"); fail_unless(data->msg->elements[0].num_values == ((_i + 1) % 6), "Wrong number of attribute values, " "expected [%d] got [%d]", ((_i + 1) % 6), data->msg->elements[0].num_values); } talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_check_memberuid) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i + MBO_GROUP_BASE; data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "tallo_array failed."); data->attrlist[0] = "memberuid"; data->attrlist[1] = NULL; ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, _i + MBO_GROUP_BASE, data->attrlist, &data->msg); fail_if(ret != EOK, "Could not check group %d", data->gid); fail_unless(data->msg->num_elements == 1, "Wrong number of results, expected [1] got [%d]", data->msg->num_elements); fail_unless(strcmp(data->msg->elements[0].name, "memberuid") == 0, "Wrong attribute name"); fail_unless(data->msg->elements[0].num_values == _i + 1, "Wrong number of attribute values, expected [%d] got [%d]", _i + 1, data->msg->elements[0].num_values); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_check_memberuid_loop) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i + MBO_GROUP_BASE; data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "tallo_array failed."); data->attrlist[0] = "memberuid"; data->attrlist[1] = NULL; ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, _i + MBO_GROUP_BASE, data->attrlist, &data->msg); fail_if(ret != EOK, "Could not check group %d", data->gid); fail_unless(data->msg->num_elements == 1, "Wrong number of results, expected [1] got [%d]", data->msg->num_elements); fail_unless(strcmp(data->msg->elements[0].name, "memberuid") == 0, "Wrong attribute name"); fail_unless(data->msg->elements[0].num_values == 10, "Wrong number of attribute values, expected [%d] got [%d]", 10, data->msg->elements[0].num_values); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_check_memberuid_loop_without_group_5) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i + MBO_GROUP_BASE; data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "tallo_array failed."); data->attrlist[0] = "memberuid"; data->attrlist[1] = NULL; ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, _i + MBO_GROUP_BASE, data->attrlist, &data->msg); if (_i == 5) { fail_unless(ret == ENOENT, "sysdb_search_group_by_gid_send found " "already deleted group"); if (ret == ENOENT) ret = EOK; fail_if(ret != EOK, "Could not check group %d", data->gid); } else { fail_if(ret != EOK, "Could not check group %d", data->gid); fail_unless(data->msg->num_elements == 1, "Wrong number of results, expected [1] got [%d]", data->msg->num_elements); fail_unless(strcmp(data->msg->elements[0].name, "memberuid") == 0, "Wrong attribute name"); fail_unless(data->msg->elements[0].num_values == ((_i + 5) % 10), "Wrong number of attribute values, expected [%d] got [%d]", ((_i + 5) % 10), data->msg->elements[0].num_values); } talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_check_nested_ghosts) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = SYSDB_GHOST; data->attrlist[1] = NULL; ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, data->gid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); fail_unless(strcmp(data->msg->elements[0].name, SYSDB_GHOST) == 0, "Wrong attribute name"); fail_unless(data->msg->elements[0].num_values == _i - MBO_GROUP_BASE + 1, "Wrong number of attribute values, expected [%d] got [%d]", _i + 1, data->msg->elements[0].num_values); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_check_nested_double_ghosts) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = SYSDB_GHOST; data->attrlist[1] = NULL; ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, data->gid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); fail_unless(strcmp(data->msg->elements[0].name, SYSDB_GHOST) == 0, "Wrong attribute name"); fail_unless(data->msg->elements[0].num_values == (_i - MBO_GROUP_BASE + 1)*2, "Wrong number of attribute values, expected [%d] got [%d]", (_i - MBO_GROUP_BASE + 1)*2, data->msg->elements[0].num_values); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_remove_child_group_and_check_ghost) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; gid_t delgid; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; delgid = data->gid - 1; data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = SYSDB_GHOST; data->attrlist[1] = NULL; ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, data->gid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); fail_unless(strcmp(data->msg->elements[0].name, SYSDB_GHOST) == 0, "Wrong attribute name"); /* Expect our own and our parent's */ fail_unless(data->msg->elements[0].num_values == 2, "Wrong number of attribute values, expected [%d] got [%d]", 2, data->msg->elements[0].num_values); /* Remove the parent */ ret = sysdb_delete_group(data->ctx->sysdb, data->ctx->domain, NULL, delgid); fail_if(ret != EOK, "Cannot delete group %llu [%d]: %s\n", (unsigned long long) data->gid, ret, strerror(ret)); talloc_free(data->msg); /* Check the parent again. The inherited ghost user should be gone. */ ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, data->gid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); fail_unless(strcmp(data->msg->elements[0].name, SYSDB_GHOST) == 0, "Wrong attribute name"); /* Expect our own now only */ fail_unless(data->msg->elements[0].num_values == 1, "Wrong number of attribute values, expected [%d] got [%d]", 1, data->msg->elements[0].num_values); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_mod_del) { struct sysdb_test_ctx *test_ctx; struct test_data *data; char *ghostname; int ret; struct ldb_message_element *el; struct ldb_val gv, *test_gv; gid_t itergid; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { fail("Could not create the changeset"); return; } ghostname = talloc_asprintf(data, "testuser%d", _i); fail_unless(ghostname != NULL, "Out of memory\n"); ret = sysdb_attrs_steal_string(data->attrs, SYSDB_GHOST, ghostname); fail_unless(ret == EOK, "Cannot add attr\n"); data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = SYSDB_GHOST; data->attrlist[1] = NULL; /* Before the delete, all groups with gid >= _i have the testuser%_i * as a member */ for (itergid = data->gid ; itergid < MBO_GROUP_BASE + NUM_GHOSTS; itergid++) { ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, itergid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); gv.data = (uint8_t *) ghostname; gv.length = strlen(ghostname); el = ldb_msg_find_element(data->msg, SYSDB_GHOST); fail_if(el == NULL, "Cannot find ghost element\n"); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find ghost user %s\n", ghostname); } /* Delete the attribute */ ret = sysdb_set_group_attr(test_ctx->sysdb, test_ctx->domain, data->groupname, data->attrs, SYSDB_MOD_DEL); fail_unless(ret == EOK, "Cannot set group attrs\n"); /* After the delete, we shouldn't be able to find the ghost attribute */ for (itergid = data->gid ; itergid < MBO_GROUP_BASE + NUM_GHOSTS; itergid++) { ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, itergid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); gv.data = (uint8_t *) ghostname; gv.length = strlen(ghostname); el = ldb_msg_find_element(data->msg, SYSDB_GHOST); if (itergid > data->gid) { /* The first group would have the ghost attribute gone completely */ fail_if(el == NULL, "Cannot find ghost element\n"); test_gv = ldb_msg_find_val(el, &gv); fail_unless(test_gv == NULL, "Ghost user %s unexpectedly found\n", ghostname); } else { fail_unless(el == NULL, "Stray values in ghost element?\n"); } } talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_check_ghost) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret, j; char *expected; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = SYSDB_GHOST; data->attrlist[1] = NULL; ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, data->gid, data->attrlist, &data->msg); fail_if(ret != EOK, "Could not check group %d", data->gid); if (_i > MBO_GROUP_BASE) { /* After the previous test, the first group (gid == MBO_GROUP_BASE) * has no ghost users. That's a legitimate test case we need to account * for now. */ fail_unless(data->msg->num_elements == 1, "Wrong number of results, expected [1] got [%d] for %d", data->msg->num_elements, data->gid); } if (data->msg->num_elements == 0) { talloc_free(test_ctx); return; } fail_unless(strcmp(data->msg->elements[0].name, SYSDB_GHOST) == 0, "Wrong attribute name"); fail_unless(data->msg->elements[0].num_values == _i - MBO_GROUP_BASE, "Wrong number of attribute values, expected [%d] got [%d]", _i + 1, data->msg->elements[0].num_values); for (j = MBO_GROUP_BASE; j < _i; j++) { expected = talloc_asprintf(data, "testghost%d", j); fail_if(expected == NULL, "OOM\n"); fail_unless(strcmp(expected, (const char *) data->msg->elements[0].values[j-MBO_GROUP_BASE].data) == 0); talloc_free(expected); } talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_convert_to_real_users) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = _i * 2; data->gid = _i * 2; data->username = talloc_asprintf(data, "testghost%d", _i); ret = test_store_user(data); fail_if(ret != EOK, "Cannot add user %s\n", data->username); } END_TEST START_TEST (test_sysdb_memberof_check_convert) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; struct ldb_message_element *ghosts; struct ldb_message_element *members; int exp_mem, exp_gh; /* Eplicitly disable enumeration during setup as converting the ghost * users into real ones work only when enumeration is disabled */ ret = _setup_sysdb_tests(&test_ctx, false); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; data->attrlist = talloc_array(data, const char *, 3); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = SYSDB_GHOST; data->attrlist[1] = SYSDB_MEMBER; data->attrlist[2] = NULL; ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, data->gid, data->attrlist, &data->msg); fail_if(ret != EOK, "Could not check group %d", data->gid); fail_unless(data->msg->num_elements == (_i == MBO_GROUP_BASE) ? 0 : 1, "Wrong number of results, expected [1] got [%d] for %d", data->msg->num_elements, data->gid); if (data->msg->num_elements == 0) { talloc_free(test_ctx); return; } members = ldb_msg_find_element(data->msg, SYSDB_MEMBER); exp_mem = _i - MBO_GROUP_BASE; if (exp_mem > NUM_GHOSTS/2) { exp_mem = NUM_GHOSTS/2; } ghosts = ldb_msg_find_element(data->msg, SYSDB_GHOST); exp_gh = _i - MBO_GROUP_BASE - 5; if (exp_gh < 0) { exp_gh = 0; } fail_if(exp_mem != members->num_values, "Expected %d members, found %d\n", exp_mem, members->num_values); if (exp_gh) { fail_if(exp_gh != ghosts->num_values, "Expected %d members, found %d\n", exp_gh, ghosts->num_values); } talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_memberof_ghost_replace) { struct sysdb_test_ctx *test_ctx; struct test_data *data; char *ghostname_del; char *ghostname_add; int ret; struct ldb_message_element *el; struct ldb_val gv, *test_gv; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { fail("Could not create the changeset"); return; } /* The test replaces the testghost%i attribute with testuser%i */ ghostname_del = talloc_asprintf(data, "testghost%d", _i - 1); fail_unless(ghostname_del != NULL, "Out of memory\n"); ghostname_add = talloc_asprintf(data, "testuser%d", _i - 1); fail_unless(ghostname_add != NULL, "Out of memory\n"); ret = sysdb_attrs_steal_string(data->attrs, SYSDB_GHOST, ghostname_add); fail_unless(ret == EOK, "Cannot add attr\n"); data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = SYSDB_GHOST; data->attrlist[1] = NULL; /* Before the replace, the group has the testghost%_i as a member */ ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, data->gid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); gv.data = (uint8_t *) ghostname_del; gv.length = strlen(ghostname_del); el = ldb_msg_find_element(data->msg, SYSDB_GHOST); fail_if(el == NULL, "Cannot find ghost element\n"); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find ghost user %s\n", ghostname_del); /* Perform the replace operation */ ret = sysdb_set_group_attr(test_ctx->sysdb, test_ctx->domain, data->groupname, data->attrs, SYSDB_MOD_REP); fail_unless(ret == EOK, "Cannot set group attrs\n"); /* After the replace, the group has the testghost%_i as a member */ ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, data->gid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); gv.data = (uint8_t *) ghostname_add; gv.length = strlen(ghostname_add); el = ldb_msg_find_element(data->msg, SYSDB_GHOST); fail_if(el == NULL, "Cannot find ghost element\n"); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find ghost user %s\n", ghostname_add); } END_TEST START_TEST (test_sysdb_memberof_ghost_replace_noop) { struct sysdb_test_ctx *test_ctx; struct test_data *data; char *ghostname_del; char *ghostname_add; int ret; struct ldb_message_element *el; struct ldb_val gv, *test_gv; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->gid = _i; data->groupname = talloc_asprintf(data, "testgroup%d", data->gid); data->attrs = sysdb_new_attrs(data); if (ret != EOK) { fail("Could not create the changeset"); return; } /* The test replaces the testghost%i attribute with testuser%i */ ghostname_del = talloc_asprintf(data, "testuser%d", _i - 1); fail_unless(ghostname_del != NULL, "Out of memory\n"); ghostname_add = talloc_asprintf(data, "testuser%d", _i - 1); fail_unless(ghostname_add != NULL, "Out of memory\n"); ret = sysdb_attrs_steal_string(data->attrs, SYSDB_GHOST, ghostname_add); fail_unless(ret == EOK, "Cannot add attr\n"); data->attrlist = talloc_array(data, const char *, 2); fail_unless(data->attrlist != NULL, "talloc_array failed."); data->attrlist[0] = SYSDB_GHOST; data->attrlist[1] = NULL; /* Before the replace, the group has the testghost%_i as a member */ ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, data->gid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); gv.data = (uint8_t *) ghostname_del; gv.length = strlen(ghostname_del); el = ldb_msg_find_element(data->msg, SYSDB_GHOST); fail_if(el == NULL, "Cannot find ghost element\n"); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find ghost user %s\n", ghostname_del); /* Perform the replace operation */ ret = sysdb_set_group_attr(test_ctx->sysdb, test_ctx->domain, data->groupname, data->attrs, SYSDB_MOD_REP); fail_unless(ret == EOK, "Cannot set group attrs\n"); /* After the replace, the group has the testghost%_i as a member */ ret = sysdb_search_group_by_gid(data, test_ctx->sysdb, test_ctx->domain, data->gid, data->attrlist, &data->msg); fail_if(ret != EOK, "Cannot retrieve group %llu\n", (unsigned long long) data->gid); gv.data = (uint8_t *) ghostname_add; gv.length = strlen(ghostname_add); el = ldb_msg_find_element(data->msg, SYSDB_GHOST); fail_if(el == NULL, "Cannot find ghost element\n"); test_gv = ldb_msg_find_val(el, &gv); fail_if(test_gv == NULL, "Cannot find ghost user %s\n", ghostname_add); } END_TEST START_TEST (test_sysdb_memberof_user_cleanup) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = _i * 2; ret = test_remove_user_by_uid(data); fail_if(ret != EOK, "Could not remove user with uid %d", _i); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_attrs_to_list) { struct sysdb_attrs *attrs_list[3]; char **list; errno_t ret; TALLOC_CTX *test_ctx = talloc_new(NULL); attrs_list[0] = sysdb_new_attrs(test_ctx); ret = sysdb_attrs_add_string(attrs_list[0], "test_attr", "attr1"); fail_if(ret, "Add string failed"); attrs_list[1] = sysdb_new_attrs(test_ctx); ret = sysdb_attrs_add_string(attrs_list[1], "test_attr", "attr2"); fail_if(ret, "Add string failed"); attrs_list[2] = sysdb_new_attrs(test_ctx); ret = sysdb_attrs_add_string(attrs_list[2], "nottest_attr", "attr3"); fail_if(ret, "Add string failed"); ret = sysdb_attrs_to_list(test_ctx, attrs_list, 3, "test_attr", &list); fail_unless(ret == EOK, "sysdb_attrs_to_list failed with code %d", ret); fail_unless(strcmp(list[0],"attr1") == 0, "Expected [attr1], got [%s]", list[0]); fail_unless(strcmp(list[1],"attr2") == 0, "Expected [attr2], got [%s]", list[1]); fail_unless(list[2] == NULL, "List should be NULL-terminated"); talloc_free(test_ctx); } END_TEST START_TEST(test_group_rename) { struct sysdb_test_ctx *test_ctx; errno_t ret; gid_t gid; const gid_t grgid = 38001; const char *name; const char *fromname = "fromgroup"; const char *toname = "togroup"; struct ldb_result *res; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); /* Store and verify the first group */ ret = sysdb_store_group(test_ctx->sysdb, test_ctx->domain, fromname, grgid, NULL, 0, 0); fail_unless(ret == EOK, "Could not add first group"); ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, test_ctx->domain, fromname, &res); fail_unless(ret == EOK, "Could not retrieve the group from cache\n"); if (res->count != 1) { fail("Invalid number of replies. Expected 1, got %d", res->count); goto done; } gid = ldb_msg_find_attr_as_uint(res->msgs[0], SYSDB_GIDNUM, 0); fail_unless(gid == grgid, "Did not find the expected GID (found %llu expected %llu)", (unsigned long long) gid, (unsigned long long) grgid); name = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); fail_unless(strcmp(fromname, name) == 0, "Did not find the expected name (found %s expected %s)", name, fromname); /* Perform rename and check that GID is the same, but name changed */ ret = sysdb_add_group(test_ctx->sysdb, test_ctx->domain, toname, grgid, NULL, 0, 0); fail_unless(ret == EEXIST, "Group renamed with a low level call?"); ret = sysdb_store_group(test_ctx->sysdb, test_ctx->domain, toname, grgid, NULL, 0, 0); fail_unless(ret == EOK, "Could not add first group"); ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, test_ctx->domain, toname, &res); fail_unless(ret == EOK, "Could not retrieve the group from cache\n"); if (res->count != 1) { fail("Invalid number of replies. Expected 1, got %d", res->count); goto done; } gid = ldb_msg_find_attr_as_uint(res->msgs[0], SYSDB_GIDNUM, 0); fail_unless(gid == grgid, "Did not find the expected GID (found %llu expected %llu)", (unsigned long long) gid, (unsigned long long) grgid); name = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); fail_unless(strcmp(toname, name) == 0, "Did not find the expected GID (found %s expected %s)", name, toname); /* Verify the first name is gone */ ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, test_ctx->domain, fromname, &res); fail_unless(ret == EOK, "Could not retrieve the group from cache\n"); fail_unless(res->count == 0, "Unexpectedly found the original user\n"); done: talloc_free(test_ctx); } END_TEST START_TEST(test_user_rename) { struct sysdb_test_ctx *test_ctx; errno_t ret; uid_t uid; const uid_t userid = 38002; const char *name; const char *fromname = "fromuser"; const char *toname = "touser"; struct ldb_result *res; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); /* Store and verify the first user */ ret = sysdb_store_user(test_ctx->sysdb, test_ctx->domain, fromname, NULL, userid, 0, fromname, "/", "/bin/sh", NULL, NULL, NULL, 0, 0); fail_unless(ret == EOK, "Could not add first user"); ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, test_ctx->domain, fromname, &res); fail_unless(ret == EOK, "Could not retrieve the user from cache\n"); if (res->count != 1) { fail("Invalid number of replies. Expected 1, got %d", res->count); goto done; } uid = ldb_msg_find_attr_as_uint(res->msgs[0], SYSDB_UIDNUM, 0); fail_unless(uid == userid, "Did not find the expected UID (found %llu expected %llu)", (unsigned long long) uid, (unsigned long long) userid); name = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); fail_unless(strcmp(fromname, name) == 0, "Did not find the expected name (found %s expected %s)", name, fromname); /* Perform rename and check that GID is the same, but name changed */ ret = sysdb_add_user(test_ctx->sysdb, test_ctx->domain, toname, userid, 0, fromname, "/", "/bin/sh", NULL, NULL, 0, 0); fail_unless(ret == EEXIST, "A second user added with low level call?"); ret = sysdb_store_user(test_ctx->sysdb, test_ctx->domain, toname, NULL, userid, 0, fromname, "/", "/bin/sh", NULL, NULL, NULL, 0, 0); fail_unless(ret == EOK, "Could not add second user"); ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, test_ctx->domain, toname, &res); fail_unless(ret == EOK, "Could not retrieve the user from cache\n"); if (res->count != 1) { fail("Invalid number of replies. Expected 1, got %d", res->count); goto done; } uid = ldb_msg_find_attr_as_uint(res->msgs[0], SYSDB_UIDNUM, 0); fail_unless(uid == userid, "Did not find the expected UID (found %llu expected %llu)", (unsigned long long) uid, (unsigned long long) userid); name = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); fail_unless(strcmp(toname, name) == 0, "Did not find the expected name (found %s expected %s)", name, fromname); /* Verify the first name is gone */ ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, test_ctx->domain, fromname, &res); fail_unless(ret == EOK, "Could not retrieve the user from cache\n"); fail_unless(res->count == 0, "Unexpectedly found the original user\n"); done: talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_update_members) { struct sysdb_test_ctx *test_ctx; char **add_groups; char **del_groups; const char *user = "testuser27000"; errno_t ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); /* Add a user to two groups */ add_groups = talloc_array(test_ctx, char *, 3); add_groups[0] = talloc_strdup(add_groups, "testgroup28001"); add_groups[1] = talloc_strdup(add_groups, "testgroup28002"); add_groups[2] = NULL; ret = sysdb_update_members(test_ctx->sysdb, test_ctx->domain, user, SYSDB_MEMBER_USER, (const char *const *)add_groups, NULL); fail_unless(ret == EOK, "Could not add groups"); talloc_zfree(add_groups); /* Remove a user from one group and add to another */ del_groups = talloc_array(test_ctx, char *, 2); del_groups[0] = talloc_strdup(del_groups, "testgroup28001"); del_groups[1] = NULL; add_groups = talloc_array(test_ctx, char *, 2); add_groups[0] = talloc_strdup(add_groups, "testgroup28003"); add_groups[1] = NULL; ret = sysdb_update_members(test_ctx->sysdb, test_ctx->domain, user, SYSDB_MEMBER_USER, (const char *const *)add_groups, (const char *const *)del_groups); fail_unless(ret == EOK, "Group replace failed"); talloc_zfree(add_groups); talloc_zfree(del_groups); /* Remove a user from two groups */ del_groups = talloc_array(test_ctx, char *, 3); del_groups[0] = talloc_strdup(del_groups, "testgroup28002"); del_groups[1] = talloc_strdup(del_groups, "testgroup28003"); del_groups[2] = NULL; ret = sysdb_update_members(test_ctx->sysdb, test_ctx->domain, user, SYSDB_MEMBER_USER, NULL, (const char *const *)del_groups); fail_unless(ret == EOK, "Could not remove groups"); talloc_zfree(test_ctx); } END_TEST START_TEST (test_sysdb_group_dn_name) { struct sysdb_test_ctx *test_ctx; int ret; struct ldb_dn *group_dn; const char *groupname; char *parsed; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } groupname = talloc_asprintf(test_ctx, "testgroup%d", _i); group_dn = sysdb_group_dn(test_ctx->sysdb, test_ctx, test_ctx->domain, groupname); if (!group_dn || !groupname) { fail("Out of memory"); return; } ret = sysdb_group_dn_name(test_ctx->sysdb, test_ctx, ldb_dn_get_linearized(group_dn), &parsed); fail_if(ret != EOK, "Cannot get the group name from DN"); fail_if(strcmp(groupname, parsed) != 0, "Names don't match (got %s)", parsed); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_add_basic_netgroup) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = _i; /* This is kinda abuse of uid, though */ data->netgrname = talloc_asprintf(data, "testnetgr%d", _i); ret = test_add_basic_netgroup(data); fail_if(ret != EOK, "Could not add netgroup %s", data->netgrname); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_search_netgroup_by_name) { struct sysdb_test_ctx *test_ctx; int ret; const char *netgrname; struct ldb_message *msg; struct ldb_dn *netgroup_dn; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } netgrname = talloc_asprintf(test_ctx, "testnetgr%d", _i); ret = sysdb_search_netgroup_by_name(test_ctx, test_ctx->sysdb, test_ctx->domain, netgrname, NULL, &msg); fail_if(ret != EOK, "Could not find netgroup with name %s", netgrname); netgroup_dn = sysdb_netgroup_dn(test_ctx->sysdb, test_ctx, test_ctx->domain, netgrname); fail_if(netgroup_dn == NULL); fail_if(ldb_dn_compare(msg->dn, netgroup_dn) != 0, "Found wrong netgroup!\n"); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_remove_netgroup_entry) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->netgrname = talloc_asprintf(data, "testnetgr%d", _i); ret = test_remove_netgroup_entry(data); fail_if(ret != EOK, "Could not remove netgroup %s", data->netgrname); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_remove_netgroup_by_name) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->netgrname = talloc_asprintf(data, "testnetgr%d", _i); ret = test_remove_netgroup_by_name(data); fail_if(ret != EOK, "Could not remove netgroup with name %s", data->netgrname); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_set_netgroup_attr) { struct sysdb_test_ctx *test_ctx; struct test_data *data; int ret; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } data = talloc_zero(test_ctx, struct test_data); data->ctx = test_ctx; data->ev = test_ctx->ev; data->uid = _i; /* This is kinda abuse of uid, though */ data->netgrname = talloc_asprintf(data, "testnetgr%d", _i); ret = test_set_netgroup_attr(data); fail_if(ret != EOK, "Could not set netgroup attribute %s", data->netgrname); talloc_free(test_ctx); } END_TEST START_TEST (test_sysdb_get_netgroup_attr) { struct sysdb_test_ctx *test_ctx; int ret; const char *description; const char *netgrname; struct ldb_result *res; const char *attrs[] = { SYSDB_DESCRIPTION, NULL }; const char *attrval; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } description = talloc_asprintf(test_ctx, "Sysdb Netgroup %d", _i); netgrname = talloc_asprintf(test_ctx, "testnetgr%d", _i); ret = sysdb_get_netgroup_attr(test_ctx, test_ctx->sysdb, test_ctx->domain, netgrname, attrs, &res); fail_if(ret != EOK, "Could not get netgroup attributes"); fail_if(res->count != 1, "Invalid number of entries, expected 1, got %d", res->count); attrval = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_DESCRIPTION, 0); fail_if(strcmp(attrval, description), "Got bad attribute value for netgroup %s", netgrname); talloc_free(test_ctx); } END_TEST START_TEST (test_netgroup_base_dn) { errno_t ret; struct sysdb_test_ctx *test_ctx; struct ldb_dn *base_dn; const char *strdn; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); base_dn = sysdb_netgroup_base_dn(test_ctx->sysdb, test_ctx, test_ctx->domain); fail_if(base_dn == NULL, "Could not get netgroup base DN"); strdn = ldb_dn_get_linearized(base_dn); fail_if(strdn == NULL, "Could not get string netgroup base DN"); fail_if(strstr(strdn, SYSDB_NETGROUP_CONTAINER) != strdn, "Malformed netgroup baseDN"); } END_TEST START_TEST(test_odd_characters) { errno_t ret; struct sysdb_test_ctx *test_ctx; struct ldb_result *res; struct ldb_message *msg; const struct ldb_val *val; const char odd_username[] = "*(odd)\\user,name"; const char odd_username_orig_dn[] = "\\2a\\28odd\\29\\5cuser,name,cn=users,dc=example,dc=com"; const char odd_groupname[] = "*(odd\\*)\\group,name"; const char odd_netgroupname[] = "*(odd\\*)\\netgroup,name"; const char *received_user; const char *received_group; static const char *user_attrs[] = SYSDB_PW_ATTRS; static const char *netgr_attrs[] = SYSDB_NETGR_ATTRS; /* Setup */ ret = setup_sysdb_tests(&test_ctx); if (ret != EOK) { fail("Could not set up the test"); return; } /* ===== Groups ===== */ /* Add */ ret = sysdb_add_incomplete_group(test_ctx->sysdb, test_ctx->domain, odd_groupname, 20000, NULL, NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); /* Retrieve */ ret = sysdb_search_group_by_name(test_ctx, test_ctx->sysdb, test_ctx->domain, odd_groupname, NULL, &msg); fail_unless(ret == EOK, "sysdb_search_group_by_name error [%d][%s]", ret, strerror(ret)); talloc_zfree(msg); ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, test_ctx->domain, odd_groupname, &res); fail_unless(ret == EOK, "sysdb_getgrnam error [%d][%s]", ret, strerror(ret)); fail_unless(res->count == 1, "Received [%d] responses", res->count); received_group = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); fail_unless(strcmp(received_group, odd_groupname) == 0, "Expected [%s], got [%s]", odd_groupname, received_group); talloc_free(res); /* ===== Users ===== */ /* Add */ ret = sysdb_add_basic_user(test_ctx->sysdb, test_ctx->domain, odd_username, 10000, 10000, "","",""); fail_unless(ret == EOK, "sysdb_add_basic_user error [%d][%s]", ret, strerror(ret)); /* Retrieve */ ret = sysdb_search_user_by_name(test_ctx, test_ctx->sysdb, test_ctx->domain, odd_username, NULL, &msg); fail_unless(ret == EOK, "sysdb_search_user_by_name error [%d][%s]", ret, strerror(ret)); val = ldb_dn_get_component_val(msg->dn, 0); fail_unless(strcmp((char *)val->data, odd_username)==0, "Expected [%s] got [%s]\n", odd_username, (char *)val->data); talloc_zfree(msg); /* Add to the group */ ret = sysdb_add_group_member(test_ctx->sysdb, test_ctx->domain, odd_groupname, odd_username, SYSDB_MEMBER_USER, false); fail_unless(ret == EOK, "sysdb_add_group_member error [%d][%s]", ret, strerror(ret)); ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, test_ctx->domain, odd_username, &res); fail_unless(ret == EOK, "sysdb_getpwnam error [%d][%s]", ret, strerror(ret)); fail_unless(res->count == 1, "Received [%d] responses", res->count); received_user = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL); fail_unless(strcmp(received_user, odd_username) == 0, "Expected [%s], got [%s]", odd_username, received_user); talloc_zfree(res); /* Attributes */ ret = sysdb_get_user_attr(test_ctx, test_ctx->sysdb, test_ctx->domain, odd_username, user_attrs, &res); fail_unless(ret == EOK, "sysdb_get_user_attr error [%d][%s]", ret, strerror(ret)); talloc_free(res); /* Delete User */ ret = sysdb_delete_user(test_ctx->sysdb, test_ctx->domain, odd_username, 10000); fail_unless(ret == EOK, "sysdb_delete_user error [%d][%s]", ret, strerror(ret)); /* Delete non existing User */ ret = sysdb_delete_user(test_ctx->sysdb, test_ctx->domain, odd_username, 10000); fail_unless(ret == ENOENT, "sysdb_delete_user error [%d][%s]", ret, strerror(ret)); /* Delete Group */ ret = sysdb_delete_group(test_ctx->sysdb, test_ctx->domain, odd_groupname, 20000); fail_unless(ret == EOK, "sysdb_delete_group error [%d][%s]", ret, strerror(ret)); /* Add */ ret = sysdb_add_user(test_ctx->sysdb, test_ctx->domain, odd_username, 10000, 0, "","","", odd_username_orig_dn, NULL, 5400, 0); fail_unless(ret == EOK, "sysdb_add_user error [%d][%s]", ret, strerror(ret)); /* Delete User */ ret = sysdb_delete_user(test_ctx->sysdb, test_ctx->domain, odd_username, 10000); fail_unless(ret == EOK, "sysdb_delete_user error [%d][%s]", ret, strerror(ret)); /* ===== Netgroups ===== */ /* Add */ ret = sysdb_add_netgroup(test_ctx->sysdb, test_ctx->domain, odd_netgroupname, "No description", NULL, NULL, 30, 0); fail_unless(ret == EOK, "sysdb_add_netgroup error [%d][%s]", ret, strerror(ret)); /* Retrieve */ ret = sysdb_getnetgr(test_ctx, test_ctx->sysdb, test_ctx->domain, odd_netgroupname, &res); fail_unless(ret == EOK, "sysdb_getnetgr error [%d][%s]", ret, strerror(ret)); fail_unless(res->count == 1, "Received [%d] responses", res->count); talloc_zfree(res); ret = sysdb_get_netgroup_attr(test_ctx, test_ctx->sysdb, test_ctx->domain, odd_netgroupname, netgr_attrs, &res); fail_unless(ret == EOK, "sysdb_get_netgroup_attr error [%d][%s]", ret, strerror(ret)); fail_unless(res->count == 1, "Received [%d] responses", res->count); talloc_zfree(res); /* ===== Arbitrary Entries ===== */ talloc_free(test_ctx); } END_TEST /* == SERVICE TESTS == */ void services_check_match(struct sysdb_test_ctx *test_ctx, bool by_name, const char *primary_name, int port, const char **aliases, const char **protocols) { errno_t ret; unsigned int i, j; bool matched; const char *ret_name; int ret_port; struct ldb_result *res; struct ldb_message *msg; struct ldb_message_element *el; if (by_name) { /* Look up the service by name */ ret = sysdb_getservbyname(test_ctx, test_ctx->sysdb, test_ctx->domain, primary_name, NULL, &res); fail_if(ret != EOK, "sysdb_getservbyname error [%s]\n", strerror(ret)); } else { /* Look up the newly-added service by port */ ret = sysdb_getservbyport(test_ctx, test_ctx->sysdb, test_ctx->domain, port, NULL, &res); fail_if(ret != EOK, "sysdb_getservbyport error [%s]\n", strerror(ret)); } fail_if(res == NULL, "ENOMEM"); fail_if(res->count != 1); /* Make sure the returned entry matches */ msg = res->msgs[0]; ret_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); fail_if(ret_name == NULL); fail_unless(strcmp(ret_name, primary_name) == 0); ret_port = ldb_msg_find_attr_as_int(msg, SYSDB_SVC_PORT, 0); fail_if (ret_port != port); el = ldb_msg_find_element(msg, SYSDB_NAME_ALIAS); for (i = 0; i < el->num_values; i++) { matched = false; for (j = 0; aliases[j]; j++) { if (strcmp(aliases[j], (const char *)el->values[i].data) == 0) { matched = true; } } fail_if(!matched, "Unexpected value in LDB entry: [%s]", (const char *)el->values[i].data); } el = ldb_msg_find_element(msg, SYSDB_SVC_PROTO); for (i = 0; i < el->num_values; i++) { matched = false; for (j = 0; protocols[j]; j++) { if (strcmp(protocols[j], (const char *)el->values[i].data) == 0) { matched = true; } } fail_if(!matched, "Unexpected value in LDB entry: [%s]", (const char *)el->values[i].data); } } #define services_check_match_name(test_ctx, primary_name, port, aliases, protocols) \ do { \ services_check_match(test_ctx, true, primary_name, port, aliases, protocols); \ } while(0); #define services_check_match_port(test_ctx, primary_name, port, aliases, protocols) \ do { \ services_check_match(test_ctx, false, primary_name, port, aliases, protocols); \ } while(0); START_TEST(test_sysdb_add_services) { errno_t ret; struct sysdb_test_ctx *test_ctx; char *primary_name; const char **aliases; const char **protocols; int port = 3890; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); primary_name = talloc_asprintf(test_ctx, "test_service"); fail_if(primary_name == NULL); aliases = talloc_array(test_ctx, const char *, 3); fail_if(aliases == NULL); aliases[0] = talloc_asprintf(aliases, "test_service_alias1"); fail_if(aliases[0] == NULL); aliases[1] = talloc_asprintf(aliases, "test_service_alias2"); fail_if(aliases[1] == NULL); aliases[2] = NULL; protocols = talloc_array(test_ctx, const char *, 3); fail_if(protocols == NULL); protocols[0] = talloc_asprintf(protocols, "tcp"); fail_if(protocols[0] == NULL); protocols[1] = talloc_asprintf(protocols, "udp"); fail_if(protocols[1] == NULL); protocols[2] = NULL; ret = sysdb_transaction_start(test_ctx->sysdb); fail_if(ret != EOK, "[%s]", strerror(ret)); ret = sysdb_svc_add(NULL, test_ctx->sysdb, test_ctx->domain, primary_name, port, aliases, protocols, NULL); fail_unless(ret == EOK, "sysdb_svc_add error [%s]\n", strerror(ret)); /* Search by name and make sure the results match */ services_check_match_name(test_ctx, primary_name, port, aliases, protocols); /* Search by port and make sure the results match */ services_check_match_port(test_ctx, primary_name, port, aliases, protocols); ret = sysdb_transaction_commit(test_ctx->sysdb); fail_if(ret != EOK, "[%s]", strerror(ret)); /* Clean up after ourselves (and test deleting by name) * * We have to do this after the transaction, because LDB * doesn't like adding and deleting the same entry in a * single transaction. */ ret = sysdb_svc_delete(test_ctx->sysdb, test_ctx->domain, primary_name, 0, NULL); fail_if(ret != EOK, "[%s]", strerror(ret)); talloc_free(test_ctx); } END_TEST START_TEST(test_sysdb_store_services) { errno_t ret; struct sysdb_test_ctx *test_ctx; const char *primary_name = "test_store_service"; const char *alt_primary_name = "alt_test_store_service"; const char **aliases; const char **protocols; int port = 3890; int altport = 3891; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); aliases = talloc_array(test_ctx, const char *, 3); fail_if(aliases == NULL); aliases[0] = talloc_asprintf(aliases, "test_service_alias1"); fail_if(aliases[0] == NULL); aliases[1] = talloc_asprintf(aliases, "test_service_alias2"); fail_if(aliases[1] == NULL); aliases[2] = NULL; protocols = talloc_array(test_ctx, const char *, 3); fail_if(protocols == NULL); protocols[0] = talloc_asprintf(protocols, "tcp"); fail_if(protocols[0] == NULL); protocols[1] = talloc_asprintf(protocols, "udp"); fail_if(protocols[1] == NULL); protocols[2] = NULL; ret = sysdb_transaction_start(test_ctx->sysdb); fail_if(ret != EOK, "[%s]", strerror(ret)); /* Store this group (which will add it) */ ret = sysdb_store_service(test_ctx->sysdb, test_ctx->domain, primary_name, port, aliases, protocols, NULL, NULL, 1, 1); fail_if(ret != EOK, "[%s]", strerror(ret)); /* Search by name and make sure the results match */ services_check_match_name(test_ctx, primary_name, port, aliases, protocols); /* Search by port and make sure the results match */ services_check_match_port(test_ctx, primary_name, port, aliases, protocols); /* Change the service name */ ret = sysdb_store_service(test_ctx->sysdb, test_ctx->domain, alt_primary_name, port, aliases, protocols, NULL, NULL, 1, 1); fail_if (ret != EOK, "[%s]", strerror(ret)); services_check_match_name(test_ctx, alt_primary_name, port, aliases, protocols); /* Search by port and make sure the results match */ services_check_match_port(test_ctx, alt_primary_name, port, aliases, protocols); /* Change it back */ ret = sysdb_store_service(test_ctx->sysdb, test_ctx->domain, primary_name, port, aliases, protocols, NULL, NULL, 1, 1); fail_if (ret != EOK, "[%s]", strerror(ret)); /* Change the port number */ ret = sysdb_store_service(test_ctx->sysdb, test_ctx->domain, primary_name, altport, aliases, protocols, NULL, NULL, 1, 1); fail_if (ret != EOK, "[%s]", strerror(ret)); /* Search by name and make sure the results match */ services_check_match_name(test_ctx, primary_name, altport, aliases, protocols); /* Search by port and make sure the results match */ services_check_match_port(test_ctx, primary_name, altport, aliases, protocols); /* TODO: Test changing aliases and protocols */ ret = sysdb_transaction_commit(test_ctx->sysdb); fail_if(ret != EOK, "[%s]", strerror(ret)); /* Clean up after ourselves (and test deleting by port) * * We have to do this after the transaction, because LDB * doesn't like adding and deleting the same entry in a * single transaction. */ ret = sysdb_svc_delete(test_ctx->sysdb, test_ctx->domain, NULL, altport, NULL); fail_if(ret != EOK, "[%s]", strerror(ret)); talloc_free(test_ctx); } END_TEST errno_t sysdb_svc_remove_alias(struct sysdb_ctx *sysdb, struct ldb_dn *dn, const char *alias); START_TEST(test_sysdb_svc_remove_alias) { errno_t ret; struct sysdb_test_ctx *test_ctx; const char *primary_name = "remove_alias_test"; const char **aliases; const char **protocols; int port = 3990; struct ldb_dn *dn; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); aliases = talloc_array(test_ctx, const char *, 3); fail_if(aliases == NULL); aliases[0] = talloc_asprintf(aliases, "remove_alias_alias1"); fail_if(aliases[0] == NULL); aliases[1] = talloc_asprintf(aliases, "remove_alias_alias2"); fail_if(aliases[1] == NULL); aliases[2] = NULL; protocols = talloc_array(test_ctx, const char *, 3); fail_if(protocols == NULL); protocols[0] = talloc_asprintf(protocols, "tcp"); fail_if(protocols[0] == NULL); protocols[1] = talloc_asprintf(protocols, "udp"); fail_if(protocols[1] == NULL); protocols[2] = NULL; ret = sysdb_transaction_start(test_ctx->sysdb); fail_if(ret != EOK, "[%s]", strerror(ret)); ret = sysdb_svc_add(NULL, test_ctx->sysdb, test_ctx->domain, primary_name, port, aliases, protocols, NULL); fail_unless(ret == EOK, "sysdb_svc_add error [%s]\n", strerror(ret)); /* Search by name and make sure the results match */ services_check_match_name(test_ctx, primary_name, port, aliases, protocols); /* Search by port and make sure the results match */ services_check_match_port(test_ctx, primary_name, port, aliases, protocols); /* Now remove an alias */ dn = sysdb_svc_dn(test_ctx->sysdb, test_ctx, test_ctx->domain->name, primary_name); fail_if (dn == NULL); ret = sysdb_svc_remove_alias(test_ctx->sysdb, dn, aliases[1]); fail_if (ret != EOK, "[%s]", strerror(ret)); ret = sysdb_transaction_commit(test_ctx->sysdb); fail_if(ret != EOK); ret = sysdb_transaction_start(test_ctx->sysdb); fail_if(ret != EOK); /* Set aliases[1] to NULL to perform validation checks */ aliases[1] = NULL; /* Search by name and make sure the results match */ services_check_match_name(test_ctx, primary_name, port, aliases, protocols); /* Search by port and make sure the results match */ services_check_match_port(test_ctx, primary_name, port, aliases, protocols); ret = sysdb_transaction_commit(test_ctx->sysdb); fail_if(ret != EOK, "[%s]", strerror(ret)); talloc_free(test_ctx); } END_TEST #define LC_NAME_ALIAS_TEST_VAL "TeSt VaLuE" #define LC_NAME_ALIAS_CHECK_VAL "test value" START_TEST(test_sysdb_attrs_add_lc_name_alias) { int ret; struct sysdb_attrs *attrs; const char *str; ret = sysdb_attrs_add_lc_name_alias(NULL, NULL); fail_unless(ret == EINVAL, "EINVAL not returned for NULL input"); attrs = sysdb_new_attrs(NULL); fail_unless(attrs != NULL, "sysdb_new_attrs failed"); ret = sysdb_attrs_add_lc_name_alias(attrs, LC_NAME_ALIAS_TEST_VAL); fail_unless(ret == EOK, "sysdb_attrs_add_lc_name_alias failed"); ret = sysdb_attrs_get_string(attrs, SYSDB_NAME_ALIAS, &str); fail_unless(ret == EOK, "sysdb_attrs_get_string failed"); fail_unless(strcmp(str, LC_NAME_ALIAS_CHECK_VAL) == 0, "Unexpected value, expected [%s], got [%s]", LC_NAME_ALIAS_CHECK_VAL, str); talloc_free(attrs); } END_TEST START_TEST(test_sysdb_attrs_get_string_array) { int ret; struct sysdb_attrs *attrs; const char **list; const char *attrname = "test_attr"; TALLOC_CTX *tmp_ctx; struct ldb_message_element *el = NULL; tmp_ctx = talloc_new(NULL); fail_unless(tmp_ctx != NULL, "talloc_new failed"); attrs = sysdb_new_attrs(NULL); fail_unless(attrs != NULL, "sysdb_new_attrs failed"); ret = sysdb_attrs_add_string(attrs, attrname, "val1"); fail_unless(ret == EOK, "sysdb_attrs_add_string failed"); ret = sysdb_attrs_add_string(attrs, attrname, "val2"); fail_unless(ret == EOK, "sysdb_attrs_add_string failed"); ret = sysdb_attrs_get_el_ext(attrs, attrname, false, &el); fail_unless(ret == EOK, "sysdb_attrs_get_el_ext failed"); list = sss_ldb_el_to_string_list(tmp_ctx, el); fail_if(list == NULL, ("sss_ldb_el_to_string_list failed\n")); ck_assert_str_eq(list[0], "val1"); ck_assert_str_eq(list[1], "val2"); fail_unless(list[2] == NULL, "Expected terminated list"); talloc_free(list); ret = sysdb_attrs_get_string_array(attrs, attrname, tmp_ctx, &list); fail_unless(ret == EOK, "sysdb_attrs_get_string_array failed"); /* This test relies on values keeping the same order. It is the case * with LDB, but if we ever switch from LDB, we need to amend the test */ ck_assert_str_eq(list[0], "val1"); ck_assert_str_eq(list[1], "val2"); fail_unless(list[2] == NULL, "Expected terminated list"); talloc_free(tmp_ctx); } END_TEST START_TEST(test_sysdb_has_enumerated) { errno_t ret; struct sysdb_test_ctx *test_ctx; bool enumerated; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); ret = sysdb_has_enumerated(test_ctx->sysdb, test_ctx->domain, &enumerated); fail_if(ret != EOK, "Error [%d][%s] checking enumeration", ret, strerror(ret)); fail_if(enumerated, "Enumeration should default to false"); ret = sysdb_set_enumerated(test_ctx->sysdb, test_ctx->domain, true); fail_if(ret != EOK, "Error [%d][%s] setting enumeration", ret, strerror(ret)); /* Recheck enumeration status */ ret = sysdb_has_enumerated(test_ctx->sysdb, test_ctx->domain, &enumerated); fail_if(ret != EOK, "Error [%d][%s] checking enumeration", ret, strerror(ret)); fail_unless(enumerated, "Enumeration should have been set to true"); talloc_free(test_ctx); } END_TEST START_TEST(test_sysdb_original_dn_case_insensitive) { errno_t ret; struct sysdb_test_ctx *test_ctx; const char *filter; struct ldb_dn *base_dn; const char *no_attrs[] = { NULL }; struct ldb_message **msgs; size_t num_msgs; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); ret = sysdb_add_incomplete_group(test_ctx->sysdb, test_ctx->domain, "case_sensitive_group1", 29000, "cn=case_sensitive_group1,cn=example,cn=com", NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); ret = sysdb_add_incomplete_group(test_ctx->sysdb, test_ctx->domain, "case_sensitive_group2", 29001, "cn=CASE_SENSITIVE_GROUP1,cn=EXAMPLE,cn=COM", NULL, true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); /* Search by originalDN should yield 2 entries */ filter = talloc_asprintf(test_ctx, "%s=%s", SYSDB_ORIG_DN, "cn=case_sensitive_group1,cn=example,cn=com"); fail_if(filter == NULL, "Cannot construct filter\n"); base_dn = sysdb_domain_dn(test_ctx->sysdb, test_ctx, test_ctx->domain); fail_if(base_dn == NULL, "Cannot construct basedn\n"); ret = sysdb_search_entry(test_ctx, test_ctx->sysdb, base_dn, LDB_SCOPE_SUBTREE, filter, no_attrs, &num_msgs, &msgs); fail_unless(ret == EOK, "cache search error [%d][%s]", ret, strerror(ret)); fail_unless(num_msgs == 2, "Did not find the expected number of entries using " "case insensitive originalDN search"); } END_TEST START_TEST(test_sysdb_search_sid_str) { errno_t ret; struct sysdb_test_ctx *test_ctx; struct ldb_message *msg; struct sysdb_attrs *attrs = NULL; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); ret = sysdb_add_incomplete_group(test_ctx->sysdb, test_ctx->domain, "group", 29000, "cn=group,cn=example,cn=com", "S-1-2-3-4", true, 0); fail_unless(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); ret = sysdb_search_group_by_sid_str(test_ctx, test_ctx->sysdb, test_ctx->domain, "S-1-2-3-4", NULL, &msg); fail_unless(ret == EOK, "sysdb_search_group_by_sid_str failed with [%d][%s].", ret, strerror(ret)); /* Delete the group by SID */ ret = sysdb_delete_by_sid(test_ctx->sysdb, test_ctx->domain, "S-1-2-3-4"); fail_unless(ret == EOK, "sysdb_delete_by_sid failed with [%d][%s].", ret, strerror(ret)); /* Verify it's gone */ ret = sysdb_search_group_by_sid_str(test_ctx, test_ctx->sysdb, test_ctx->domain, "S-1-2-3-4", NULL, &msg); fail_unless(ret == ENOENT, "sysdb_search_group_by_sid_str failed with [%d][%s].", ret, strerror(ret)); talloc_free(msg); msg = NULL; attrs = sysdb_new_attrs(test_ctx); fail_unless(attrs != NULL, "sysdb_new_attrs failed"); ret = sysdb_attrs_add_string(attrs, SYSDB_SID_STR, "S-1-2-3-4-5"); fail_unless(ret == EOK, "sysdb_attrs_add_string failed with [%d][%s].", ret, strerror(ret)); ret = sysdb_add_user(test_ctx->sysdb, test_ctx->domain, "SIDuser", 12345, 0, "SID user", "/home/siduser", "/bin/bash", NULL, attrs, 0, 0); fail_unless(ret == EOK, "sysdb_add_user failed with [%d][%s].", ret, strerror(ret)); ret = sysdb_search_user_by_sid_str(test_ctx, test_ctx->sysdb, test_ctx->domain, "S-1-2-3-4-5", NULL, &msg); fail_unless(ret == EOK, "sysdb_search_user_by_sid_str failed with [%d][%s].", ret, strerror(ret)); talloc_free(test_ctx); } END_TEST START_TEST(test_sysdb_subdomain_create) { struct sysdb_test_ctx *test_ctx; errno_t ret; const char *const dom1[4] = { "dom1.sub", "DOM1.SUB", "dom1", "S-1" }; const char *const dom2[4] = { "dom2.sub", "DOM2.SUB", "dom2", "S-2" }; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); ret = sysdb_subdomain_store(test_ctx->sysdb, dom1[0], dom1[1], dom1[2], dom1[3], false, false, NULL); fail_if(ret != EOK, "Could not set up the test (dom1)"); ret = sysdb_update_subdomains(test_ctx->domain); fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", ret, strerror(ret)); fail_if(test_ctx->domain->subdomains == NULL, "Empyt sub-domain list."); fail_if(strcmp(test_ctx->domain->subdomains->name, dom1[0]) != 0, "Unexpected sub-domain found, expected [%s], got [%s]", dom1[0], test_ctx->domain->subdomains->name); ret = sysdb_subdomain_store(test_ctx->sysdb, dom2[0], dom2[1], dom2[2], dom2[3], false, false, NULL); fail_if(ret != EOK, "Could not set up the test (dom2)"); ret = sysdb_update_subdomains(test_ctx->domain); fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", ret, strerror(ret)); fail_if(test_ctx->domain->subdomains->next == NULL, "Missing sub-domain"); fail_if(strcmp(test_ctx->domain->subdomains->next->name, dom2[0]) != 0, "Unexpected sub-domain found, expected [%s], got [%s]", dom2[0], test_ctx->domain->subdomains->next->name); ret = sysdb_subdomain_delete(test_ctx->sysdb, dom2[0]); fail_if(ret != EOK, "Could not delete subdomain"); ret = sysdb_subdomain_delete(test_ctx->sysdb, dom1[0]); fail_if(ret != EOK, "Could not delete subdomain"); ret = sysdb_update_subdomains(test_ctx->domain); fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", ret, strerror(ret)); fail_unless(test_ctx->domain->subdomains->disabled, "Subdomain not disabled."); } END_TEST const char *const testdom[4] = { "test.sub", "TEST.SUB", "test", "S-3" }; START_TEST(test_sysdb_subdomain_store_user) { struct sysdb_test_ctx *test_ctx; errno_t ret; struct sss_domain_info *subdomain = NULL; struct ldb_result *results = NULL; struct ldb_dn *base_dn = NULL; struct ldb_dn *check_dn = NULL; const char *attrs[] = { SYSDB_NAME, SYSDB_NAME_ALIAS, NULL }; struct sysdb_attrs *user_attrs; struct ldb_message *msg; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); subdomain = new_subdomain(test_ctx, test_ctx->domain, testdom[0], testdom[1], testdom[2], testdom[3], false, false, NULL); fail_unless(subdomain != NULL, "Failed to create new subdomin."); ret = sysdb_subdomain_store(test_ctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], false, false, NULL); fail_if(ret != EOK, "Could not set up the test (test subdom)"); ret = sysdb_update_subdomains(test_ctx->domain); fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", ret, strerror(ret)); user_attrs = sysdb_new_attrs(test_ctx); fail_unless(user_attrs != NULL, "sysdb_new_attrs failed"); ret = sysdb_attrs_add_string(user_attrs, SYSDB_NAME_ALIAS, "subdomuser"); fail_unless(ret == EOK, "sysdb_store_user failed."); ret = sysdb_store_user(subdomain->sysdb, subdomain, "SubDomUser", NULL, 12345, 0, "Sub Domain User", "/home/subdomuser", "/bin/bash", NULL, user_attrs, NULL, -1, 0); fail_unless(ret == EOK, "sysdb_store_user failed."); base_dn =ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, "cn=sysdb"); fail_unless(base_dn != NULL); check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, "name=SubDomUser,cn=users,cn=test.sub,cn=sysdb"); fail_unless(check_dn != NULL); ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn, LDB_SCOPE_SUBTREE, NULL, "name=SubDomUser"); fail_unless(ret == EOK, "ldb_search failed."); fail_unless(results->count == 1, "Unexpected number of results, " "expected [%d], got [%d]", 1, results->count); fail_unless(ldb_dn_compare(results->msgs[0]->dn, check_dn) == 0, "Unexpedted DN returned"); /* Subdomains are case-insensitive. Test that the lowercased name * can be found, too */ ret = sysdb_search_user_by_name(test_ctx, test_ctx->sysdb, subdomain, "subdomuser", attrs, &msg); fail_unless(ret == EOK, "sysdb_search_user_by_name failed."); ret = sysdb_delete_user(subdomain->sysdb, subdomain, "subdomuser", 0); fail_unless(ret == EOK, "sysdb_delete_user failed [%d][%s].", ret, strerror(ret)); ret = ldb_search(test_ctx->sysdb->ldb, test_ctx, &results, base_dn, LDB_SCOPE_SUBTREE, NULL, "name=subdomuser"); fail_unless(ret == EOK, "ldb_search failed."); fail_unless(results->count == 0, "Unexpected number of results, " "expected [%d], got [%d]", 0, results->count); } END_TEST START_TEST(test_sysdb_subdomain_user_ops) { struct sysdb_test_ctx *test_ctx; errno_t ret; struct sss_domain_info *subdomain = NULL; struct ldb_message *msg = NULL; struct ldb_dn *check_dn = NULL; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); subdomain = new_subdomain(test_ctx, test_ctx->domain, testdom[0], testdom[1], testdom[2], testdom[3], false, false, NULL); fail_unless(subdomain != NULL, "Failed to create new subdomin."); ret = sysdb_subdomain_store(test_ctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], false, false, NULL); fail_if(ret != EOK, "Could not set up the test (test subdom)"); ret = sysdb_update_subdomains(test_ctx->domain); fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", ret, strerror(ret)); ret = sysdb_store_user(subdomain->sysdb, subdomain, "subdomuser", NULL, 12345, 0, "Sub Domain User", "/home/subdomuser", "/bin/bash", NULL, NULL, NULL, -1, 0); fail_unless(ret == EOK, "sysdb_store_domuser failed."); check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, "name=subdomuser,cn=users,cn=test.sub,cn=sysdb"); fail_unless(check_dn != NULL); ret = sysdb_search_user_by_name(test_ctx, subdomain->sysdb, subdomain, "subdomuser", NULL, &msg); fail_unless(ret == EOK, "sysdb_search_user_by_name failed with [%d][%s].", ret, strerror(ret)); fail_unless(ldb_dn_compare(msg->dn, check_dn) == 0, "Unexpedted DN returned"); ret = sysdb_search_user_by_uid(test_ctx, subdomain->sysdb, subdomain, 12345, NULL, &msg); fail_unless(ret == EOK, "sysdb_search_domuser_by_uid failed with [%d][%s].", ret, strerror(ret)); fail_unless(ldb_dn_compare(msg->dn, check_dn) == 0, "Unexpedted DN returned"); ret = sysdb_delete_user(subdomain->sysdb, subdomain, "subdomuser", 12345); fail_unless(ret == EOK, "sysdb_delete_domuser failed with [%d][%s].", ret, strerror(ret)); } END_TEST START_TEST(test_sysdb_subdomain_group_ops) { struct sysdb_test_ctx *test_ctx; errno_t ret; struct sss_domain_info *subdomain = NULL; struct ldb_message *msg = NULL; struct ldb_dn *check_dn = NULL; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); subdomain = new_subdomain(test_ctx, test_ctx->domain, testdom[0], testdom[1], testdom[2], testdom[3], false, false, NULL); fail_unless(subdomain != NULL, "Failed to create new subdomin."); ret = sysdb_subdomain_store(test_ctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], false, false, NULL); fail_if(ret != EOK, "Could not set up the test (test subdom)"); ret = sysdb_update_subdomains(test_ctx->domain); fail_unless(ret == EOK, "sysdb_update_subdomains failed with [%d][%s]", ret, strerror(ret)); ret = sysdb_store_group(subdomain->sysdb, subdomain, "subdomgroup", 12345, NULL, -1, 0); fail_unless(ret == EOK, "sysdb_store_domgroup failed."); check_dn = ldb_dn_new(test_ctx, test_ctx->sysdb->ldb, "name=subdomgroup,cn=groups,cn=test.sub,cn=sysdb"); fail_unless(check_dn != NULL); ret = sysdb_search_group_by_name(test_ctx, subdomain->sysdb, subdomain, "subdomgroup", NULL, &msg); fail_unless(ret == EOK, "sysdb_search_domgroup_by_name failed with [%d][%s].", ret, strerror(ret)); fail_unless(ldb_dn_compare(msg->dn, check_dn) == 0, "Unexpedted DN returned"); ret = sysdb_search_group_by_gid(test_ctx, subdomain->sysdb, subdomain, 12345, NULL, &msg); fail_unless(ret == EOK, "sysdb_search_domgroup_by_gid failed with [%d][%s].", ret, strerror(ret)); fail_unless(ldb_dn_compare(msg->dn, check_dn) == 0, "Unexpedted DN returned"); ret = sysdb_delete_group(subdomain->sysdb, subdomain, "subdomgroup", 12345); fail_unless(ret == EOK, "sysdb_delete_domgroup failed with [%d][%s].", ret, strerror(ret)); } END_TEST #ifdef BUILD_AUTOFS START_TEST(test_autofs_create_map) { struct sysdb_test_ctx *test_ctx; const char *autofsmapname; errno_t ret; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); autofsmapname = talloc_asprintf(test_ctx, "testmap%d", _i); fail_if(autofsmapname == NULL, "Out of memory\n"); ret = sysdb_save_autofsmap(test_ctx->sysdb, test_ctx->domain, autofsmapname, autofsmapname, NULL, 0, 0); fail_if(ret != EOK, "Could not store autofs map %s", autofsmapname); talloc_free(test_ctx); } END_TEST START_TEST(test_autofs_retrieve_map) { struct sysdb_test_ctx *test_ctx; const char *autofsmapname; errno_t ret; struct ldb_message *map = NULL; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); autofsmapname = talloc_asprintf(test_ctx, "testmap%d", _i); fail_if(autofsmapname == NULL, "Out of memory\n"); ret = sysdb_get_map_byname(test_ctx, test_ctx->sysdb, test_ctx->domain, autofsmapname, &map); fail_if(ret != EOK, "Could not retrieve autofs map %s", autofsmapname); fail_if(map == NULL, "No map retrieved?\n"); talloc_free(test_ctx); } END_TEST START_TEST(test_autofs_delete_map) { struct sysdb_test_ctx *test_ctx; const char *autofsmapname; errno_t ret; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); autofsmapname = talloc_asprintf(test_ctx, "testmap%d", _i); fail_if(autofsmapname == NULL, "Out of memory\n"); ret = sysdb_delete_autofsmap(test_ctx->sysdb, test_ctx->domain, autofsmapname); fail_if(ret != EOK, "Could not retrieve autofs map %s", autofsmapname); talloc_free(test_ctx); } END_TEST START_TEST(test_autofs_retrieve_map_neg) { struct sysdb_test_ctx *test_ctx; const char *autofsmapname; errno_t ret; struct ldb_message *map = NULL; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); autofsmapname = talloc_asprintf(test_ctx, "testmap%d", _i); fail_if(autofsmapname == NULL, "Out of memory\n"); ret = sysdb_get_map_byname(test_ctx, test_ctx->sysdb, test_ctx->domain, autofsmapname, &map); fail_if(ret != ENOENT, "Expected ENOENT, got %d instead\n", ret); fail_if(map != NULL, "Unexpected map found\n"); talloc_free(test_ctx); } END_TEST START_TEST(test_autofs_store_entry_in_map) { struct sysdb_test_ctx *test_ctx; const char *autofsmapname; const char *autofskey; const char *autofsval; errno_t ret; int ii; const int limit = 10; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); autofsmapname = talloc_asprintf(test_ctx, "testmap%d", _i); fail_if(autofsmapname == NULL, "Out of memory\n"); for (ii=0; ii < limit; ii++) { autofskey = talloc_asprintf(test_ctx, "%s_testkey%d", autofsmapname, ii); fail_if(autofskey == NULL, "Out of memory\n"); autofsval = talloc_asprintf(test_ctx, "testserver:/testval%d", ii); fail_if(autofsval == NULL, "Out of memory\n"); ret = sysdb_save_autofsentry(test_ctx->sysdb, test_ctx->domain, autofsmapname, autofskey, autofsval, NULL); fail_if(ret != EOK, "Could not save autofs entry %s", autofskey); } talloc_free(test_ctx); } END_TEST START_TEST(test_autofs_retrieve_keys_by_map) { struct sysdb_test_ctx *test_ctx; const char *autofsmapname; errno_t ret; size_t count; struct ldb_message **entries; const int expected = 10; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); autofsmapname = talloc_asprintf(test_ctx, "testmap%d", _i); fail_if(autofsmapname == NULL, "Out of memory\n"); ret = sysdb_autofs_entries_by_map(test_ctx, test_ctx->sysdb, test_ctx->domain, autofsmapname, &count, &entries); fail_if(ret != EOK, "Cannot get autofs entries for map %s\n", autofsmapname); fail_if(count != expected, "Expected to find %d entries, got %d\n", expected, count); talloc_free(test_ctx); } END_TEST START_TEST(test_autofs_key_duplicate) { struct sysdb_test_ctx *test_ctx; const char *autofsmapname; const char *autofskey; const char *autofsval; errno_t ret; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); autofsmapname = talloc_asprintf(test_ctx, "testmap%d", _i); fail_if(autofsmapname == NULL, "Out of memory\n"); autofskey = talloc_asprintf(test_ctx, "testkey"); fail_if(autofskey == NULL, "Out of memory\n"); autofsval = talloc_asprintf(test_ctx, "testserver:/testval%d", _i); fail_if(autofsval == NULL, "Out of memory\n"); ret = sysdb_save_autofsentry(test_ctx->sysdb, test_ctx->domain, autofsmapname, autofskey, autofsval, NULL); fail_if(ret != EOK, "Could not save autofs entry %s", autofskey); talloc_free(test_ctx); } END_TEST START_TEST(test_autofs_get_duplicate_keys) { struct sysdb_test_ctx *test_ctx; const char *autofskey; errno_t ret; const char *attrs[] = { SYSDB_AUTOFS_ENTRY_KEY, SYSDB_AUTOFS_ENTRY_VALUE, NULL }; size_t count; struct ldb_message **msgs; struct ldb_dn *dn; const char *filter; const int expected = 10; ret = setup_sysdb_tests(&test_ctx); fail_if(ret != EOK, "Could not set up the test"); autofskey = talloc_asprintf(test_ctx, "testkey"); fail_if(autofskey == NULL, "Out of memory\n"); filter = talloc_asprintf(test_ctx, "(&(objectclass=%s)(%s=%s))", SYSDB_AUTOFS_ENTRY_OC, SYSDB_AUTOFS_ENTRY_KEY, autofskey); fail_if(filter == NULL, "Out of memory\n"); dn = ldb_dn_new_fmt(test_ctx, test_ctx->sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE, AUTOFS_MAP_SUBDIR, test_ctx->domain->name); fail_if(dn == NULL, "Out of memory\n"); ret = sysdb_search_entry(test_ctx, test_ctx->sysdb, dn, LDB_SCOPE_SUBTREE, filter, attrs, &count, &msgs); fail_if(count != expected, "Found %d entries with name %s, expected %d\n", count, autofskey, expected); talloc_free(test_ctx); } END_TEST #endif /* BUILD_AUTOFS */ Suite *create_sysdb_suite(void) { Suite *s = suite_create("sysdb"); TCase *tc_sysdb = tcase_create("SYSDB Tests"); /* test getting next id works */ tcase_add_test(tc_sysdb, test_sysdb_get_new_id); /* Create a new user */ tcase_add_loop_test(tc_sysdb, test_sysdb_add_user,27000,27010); /* Verify the users were added */ tcase_add_loop_test(tc_sysdb, test_sysdb_getpwnam, 27000, 27010); /* Create a new group */ tcase_add_loop_test(tc_sysdb, test_sysdb_add_group, 28000, 28010); /* Verify the groups were added */ tcase_add_loop_test(tc_sysdb, test_sysdb_getgrnam, 28000, 28010); /* sysdb_group_dn_name returns the name of the group in question */ tcase_add_loop_test(tc_sysdb, test_sysdb_group_dn_name, 28000, 28010); /* sysdb_store_user allows setting attributes for existing users */ tcase_add_loop_test(tc_sysdb, test_sysdb_store_user_existing, 27000, 27010); /* test the change */ tcase_add_loop_test(tc_sysdb, test_sysdb_get_user_attr, 27000, 27010); /* Add and remove users in a group with sysdb_update_members */ tcase_add_test(tc_sysdb, test_sysdb_update_members); /* Remove the other half by gid */ tcase_add_loop_test(tc_sysdb, test_sysdb_remove_local_group_by_gid, 28000, 28010); /* Remove the other half by uid */ tcase_add_loop_test(tc_sysdb, test_sysdb_remove_local_user_by_uid, 27000, 27010); /* Create a new user */ tcase_add_loop_test(tc_sysdb, test_sysdb_store_user, 27010, 27020); /* Verify the users were added */ tcase_add_loop_test(tc_sysdb, test_sysdb_getpwnam, 27010, 27020); /* Verify the users can be queried by UID */ tcase_add_loop_test(tc_sysdb, test_sysdb_getpwuid, 27010, 27020); /* Enumerate the users */ tcase_add_test(tc_sysdb, test_sysdb_enumpwent); /* Change their attribute */ tcase_add_loop_test(tc_sysdb, test_sysdb_set_user_attr, 27010, 27020); /* Find the users by their new attribute */ tcase_add_loop_test(tc_sysdb, test_sysdb_search_users, 27010, 27020); /* Verify the change */ tcase_add_loop_test(tc_sysdb, test_sysdb_get_user_attr, 27010, 27020); /* Remove the attribute */ tcase_add_loop_test(tc_sysdb, test_sysdb_remove_attrs, 27010, 27020); /* Create a new group */ tcase_add_loop_test(tc_sysdb, test_sysdb_store_group, 28010, 28020); /* Verify the groups were added */ /* Verify the groups can be queried by GID */ tcase_add_loop_test(tc_sysdb, test_sysdb_getgrgid, 28010, 28020); /* Find the users by GID using a filter */ tcase_add_loop_test(tc_sysdb, test_sysdb_search_groups, 28010, 28020); /* Enumerate the groups */ tcase_add_test(tc_sysdb, test_sysdb_enumgrent); /* Add some members to the groups */ tcase_add_loop_test(tc_sysdb, test_sysdb_add_group_member, 28010, 28020); /* Test that sysdb_initgroups() works */ tcase_add_loop_test(tc_sysdb, test_sysdb_initgroups, 27010, 27020); /* Authenticate with missing cached password */ tcase_add_loop_test(tc_sysdb, test_sysdb_cached_authentication_missing_password, 27010, 27011); /* Add a cached password */ tcase_add_loop_test(tc_sysdb, test_sysdb_cache_password, 27010, 27011); /* Authenticate against cached password */ tcase_add_loop_test(tc_sysdb, test_sysdb_cached_authentication_wrong_password, 27010, 27011); tcase_add_loop_test(tc_sysdb, test_sysdb_cached_authentication, 27010, 27011); /* ASQ search test */ tcase_add_loop_test(tc_sysdb, test_sysdb_prepare_asq_test_user, 28011, 28020); tcase_add_test(tc_sysdb, test_sysdb_asq_search); /* Test search with more than one result */ tcase_add_test(tc_sysdb, test_sysdb_search_all_users); /* Remove the members from the groups */ tcase_add_loop_test(tc_sysdb, test_sysdb_remove_group_member, 28010, 28020); /* Remove the users by name */ tcase_add_loop_test(tc_sysdb, test_sysdb_remove_local_user, 27010, 27020); /* Remove the groups by name */ tcase_add_loop_test(tc_sysdb, test_sysdb_remove_local_group, 28010, 28020); /* test the ignore_not_found parameter for users */ tcase_add_test(tc_sysdb, test_sysdb_remove_nonexistent_user); /* test the ignore_not_found parameter for groups */ tcase_add_test(tc_sysdb, test_sysdb_remove_nonexistent_group); /* Create incomplete groups - remove will fail if the LDB objects don't exist */ tcase_add_loop_test(tc_sysdb, test_sysdb_add_incomplete_group, 28000, 28010); tcase_add_loop_test(tc_sysdb, test_sysdb_remove_local_group_by_gid, 28000, 28010); /* test custom operations */ tcase_add_loop_test(tc_sysdb, test_sysdb_store_custom, 29010, 29020); tcase_add_test(tc_sysdb, test_sysdb_search_custom_by_name); tcase_add_test(tc_sysdb, test_sysdb_update_custom); tcase_add_test(tc_sysdb, test_sysdb_search_custom_update); tcase_add_test(tc_sysdb, test_sysdb_search_custom); tcase_add_test(tc_sysdb, test_sysdb_delete_custom); /* test recursive delete */ tcase_add_test(tc_sysdb, test_sysdb_delete_recursive); tcase_add_test(tc_sysdb, test_sysdb_attrs_replace_name); tcase_add_test(tc_sysdb, test_sysdb_attrs_to_list); /* Test unusual characters */ tcase_add_test(tc_sysdb, test_odd_characters); /* Test sysdb enumerated flag */ tcase_add_test(tc_sysdb, test_sysdb_has_enumerated); /* Test originalDN searches */ tcase_add_test(tc_sysdb, test_sysdb_original_dn_case_insensitive); /* Test SID string searches */ tcase_add_test(tc_sysdb, test_sysdb_search_sid_str); /* Test user and group renames */ tcase_add_test(tc_sysdb, test_group_rename); tcase_add_test(tc_sysdb, test_user_rename); /* ===== NETGROUP TESTS ===== */ /* Create a new netgroup */ tcase_add_loop_test(tc_sysdb, test_sysdb_add_basic_netgroup, 27000, 27010); /* Verify the netgroups were added */ tcase_add_loop_test(tc_sysdb, test_sysdb_search_netgroup_by_name, 27000, 27010); /* Test setting attributes */ tcase_add_loop_test(tc_sysdb, test_sysdb_set_netgroup_attr, 27000, 27010); /* Verify they have been changed */ tcase_add_loop_test(tc_sysdb, test_sysdb_get_netgroup_attr, 27000, 27010); /* Remove half of them by name */ tcase_add_loop_test(tc_sysdb, test_sysdb_remove_netgroup_by_name, 27000, 27005); /* Remove the other half by DN */ tcase_add_loop_test(tc_sysdb, test_sysdb_remove_netgroup_entry, 27005, 27010); tcase_add_test(tc_sysdb, test_netgroup_base_dn); /* ===== SERVICE TESTS ===== */ /* Create a new service */ tcase_add_test(tc_sysdb, test_sysdb_add_services); tcase_add_test(tc_sysdb, test_sysdb_store_services); tcase_add_test(tc_sysdb, test_sysdb_svc_remove_alias); tcase_add_test(tc_sysdb, test_sysdb_attrs_add_lc_name_alias); /* ===== UTIL TESTS ===== */ tcase_add_test(tc_sysdb, test_sysdb_attrs_get_string_array); /* Add all test cases to the test suite */ suite_add_tcase(s, tc_sysdb); TCase *tc_memberof = tcase_create("SYSDB member/memberof/memberuid Tests"); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_store_group, 0, 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_store_user, 0, 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_add_group_member, 0, 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_check_memberuid, 0, 10); tcase_add_loop_test(tc_memberof, test_sysdb_remove_local_group_by_gid, MBO_GROUP_BASE + 5, MBO_GROUP_BASE + 6); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_check_memberuid_without_group_5, 0, 10); tcase_add_loop_test(tc_memberof, test_sysdb_remove_local_group_by_gid, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_store_group, 0, 10); tcase_add_test(tc_memberof, test_sysdb_memberof_close_loop); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_store_user, 0, 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_add_group_member, 0, 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_check_memberuid_loop, 0, 10); tcase_add_loop_test(tc_memberof, test_sysdb_remove_local_group_by_gid, MBO_GROUP_BASE + 5, MBO_GROUP_BASE + 6); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_check_memberuid_loop_without_group_5, 0, 10); tcase_add_loop_test(tc_memberof, test_sysdb_remove_local_group_by_gid, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); /* Ghost users tests */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_store_group_with_ghosts, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_check_nested_ghosts, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_remove_child_group_and_check_ghost, MBO_GROUP_BASE + 1, MBO_GROUP_BASE + 10); /* Only one group should be left now */ tcase_add_loop_test(tc_memberof, test_sysdb_remove_local_group_by_gid, MBO_GROUP_BASE + 9 , MBO_GROUP_BASE + 10); /* ghost users - RFC2307 */ /* Add groups with ghost users */ tcase_add_loop_test(tc_memberof, test_sysdb_add_group_with_ghosts, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); /* Check the ghost user attribute */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_check_ghost, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); /* Add user entries, converting the ghost attributes to member attributes */ /* We only convert half of the users and keep the ghost attributes for the * other half as we also want to test if we don't delete any ghost users * by accident */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_convert_to_real_users, MBO_GROUP_BASE , MBO_GROUP_BASE + NUM_GHOSTS/2); /* Check the members and ghosts are there as appropriate */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_check_convert, MBO_GROUP_BASE , MBO_GROUP_BASE + NUM_GHOSTS); /* Rename the other half */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_ghost_replace, MBO_GROUP_BASE + NUM_GHOSTS/2 + 1, MBO_GROUP_BASE + NUM_GHOSTS); /* Attempt to replace with the same data to check if noop works correctly */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_ghost_replace_noop, MBO_GROUP_BASE + NUM_GHOSTS/2 + 1, MBO_GROUP_BASE + NUM_GHOSTS); /* Remove the real users */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_user_cleanup, MBO_GROUP_BASE , MBO_GROUP_BASE + NUM_GHOSTS/2); tcase_add_loop_test(tc_memberof, test_sysdb_remove_local_group_by_gid, MBO_GROUP_BASE , MBO_GROUP_BASE + NUM_GHOSTS); /* ghost users - memberof mod_del */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_store_group_with_ghosts, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_check_nested_ghosts, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_mod_del, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); tcase_add_loop_test(tc_memberof, test_sysdb_remove_local_group_by_gid, MBO_GROUP_BASE , MBO_GROUP_BASE + NUM_GHOSTS); /* ghost users - memberof mod_add */ /* Add groups without ghosts first */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_store_group, 0, 10); /* Add ghosts to groups so that they propagate */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_mod_add, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); /* Check if the ghosts in fact propagated */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_check_nested_ghosts, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); /* Clean up */ tcase_add_loop_test(tc_memberof, test_sysdb_remove_local_group_by_gid, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); /* ghost users - replace */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_store_group_with_ghosts, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_check_nested_ghosts, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_mod_replace, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); tcase_add_loop_test(tc_memberof, test_sysdb_remove_local_group_by_gid, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); /* ghost users - replace but retain inherited */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_store_group_with_double_ghosts, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); tcase_add_loop_test(tc_memberof, test_sysdb_memberof_check_nested_double_ghosts, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); /* This loop counts backwards so the indexing is a little odd */ tcase_add_loop_test(tc_memberof, test_sysdb_memberof_mod_replace_keep, 1 , 11); tcase_add_loop_test(tc_memberof, test_sysdb_remove_local_group_by_gid, MBO_GROUP_BASE , MBO_GROUP_BASE + 10); suite_add_tcase(s, tc_memberof); TCase *tc_subdomain = tcase_create("SYSDB sub-domain Tests"); tcase_add_test(tc_subdomain, test_sysdb_subdomain_create); tcase_add_test(tc_subdomain, test_sysdb_subdomain_store_user); tcase_add_test(tc_subdomain, test_sysdb_subdomain_user_ops); tcase_add_test(tc_subdomain, test_sysdb_subdomain_group_ops); suite_add_tcase(s, tc_subdomain); #ifdef BUILD_AUTOFS TCase *tc_autofs = tcase_create("SYSDB autofs Tests"); tcase_add_loop_test(tc_subdomain, test_autofs_create_map, TEST_AUTOFS_MAP_BASE, TEST_AUTOFS_MAP_BASE+10); tcase_add_loop_test(tc_subdomain, test_autofs_retrieve_map, TEST_AUTOFS_MAP_BASE, TEST_AUTOFS_MAP_BASE+10); tcase_add_loop_test(tc_subdomain, test_autofs_store_entry_in_map, TEST_AUTOFS_MAP_BASE, TEST_AUTOFS_MAP_BASE+10); tcase_add_loop_test(tc_subdomain, test_autofs_retrieve_keys_by_map, TEST_AUTOFS_MAP_BASE, TEST_AUTOFS_MAP_BASE+10); tcase_add_loop_test(tc_subdomain, test_autofs_delete_map, TEST_AUTOFS_MAP_BASE, TEST_AUTOFS_MAP_BASE+10); tcase_add_loop_test(tc_subdomain, test_autofs_retrieve_map_neg, TEST_AUTOFS_MAP_BASE, TEST_AUTOFS_MAP_BASE+10); tcase_add_loop_test(tc_subdomain, test_autofs_key_duplicate, TEST_AUTOFS_MAP_BASE, TEST_AUTOFS_MAP_BASE+10); tcase_add_test(tc_subdomain, test_autofs_get_duplicate_keys); suite_add_tcase(s, tc_autofs); #endif return s; } int main(int argc, const char *argv[]) { int opt; int ret; poptContext pc; int failure_count; int no_cleanup = 0; Suite *sysdb_suite; SRunner *sr; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS {"no-cleanup", 'n', POPT_ARG_NONE, &no_cleanup, 0, _("Do not delete the test database after a test run"), NULL }, POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); if (!ldb_modules_path_is_set()) { fprintf(stderr, "Warning: LDB_MODULES_PATH is not set, " "will use LDB plugins installed in system paths.\n"); } tests_set_cwd(); ret = unlink(TESTS_PATH"/"LOCAL_SYSDB_FILE); if (ret != EOK && errno != ENOENT) { fprintf(stderr, "Could not delete the test ldb file (%d) (%s)\n", errno, strerror(errno)); return EXIT_FAILURE; } sysdb_suite = create_sysdb_suite(); sr = srunner_create(sysdb_suite); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); failure_count = srunner_ntests_failed(sr); srunner_free(sr); if (failure_count == 0 && !no_cleanup) { test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, LOCAL_SYSDB_FILE); } return (failure_count==0 ? EXIT_SUCCESS : EXIT_FAILURE); } sssd-1.11.5/src/tests/PaxHeaders.13173/auth-tests.c0000644000000000000000000000007412320753107017751 xustar000000000000000030 atime=1396954939.273891426 30 ctime=1396954961.708874911 sssd-1.11.5/src/tests/auth-tests.c0000664002412700241270000002526312320753107020203 0ustar00jhrozekjhrozek00000000000000/* SSSD Test for local authentication utilities Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include #include #include "util/util.h" #include "confdb/confdb.h" #include "db/sysdb.h" #include "tests/common.h" #define TESTS_PATH "tests_auth" #define TEST_CONF_FILE "tests_conf.ldb" struct sysdb_test_ctx { struct sysdb_ctx *sysdb; struct confdb_ctx *confdb; struct tevent_context *ev; struct sss_domain_info *domain; }; static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) { struct sysdb_test_ctx *test_ctx; char *conf_db; int ret; const char *val[2]; val[1] = NULL; /* Create tests directory if it doesn't exist */ /* (relative to current dir) */ ret = mkdir(TESTS_PATH, 0775); if (ret == -1 && errno != EEXIST) { fail("Could not create %s directory", TESTS_PATH); return EFAULT; } test_ctx = talloc_zero(NULL, struct sysdb_test_ctx); if (test_ctx == NULL) { fail("Could not allocate memory for test context"); return ENOMEM; } /* Create an event context * It will not be used except in confdb_init and sysdb_init */ test_ctx->ev = tevent_context_init(test_ctx); if (test_ctx->ev == NULL) { fail("Could not create event context"); talloc_free(test_ctx); return EIO; } conf_db = talloc_asprintf(test_ctx, "%s/%s", TESTS_PATH, TEST_CONF_FILE); if (conf_db == NULL) { fail("Out of memory, aborting!"); talloc_free(test_ctx); return ENOMEM; } DEBUG(3, ("CONFDB: %s\n", conf_db)); /* Connect to the conf db */ ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db); if (ret != EOK) { fail("Could not initialize connection to the confdb"); talloc_free(test_ctx); return ret; } val[0] = "LOCAL"; ret = confdb_add_param(test_ctx->confdb, true, "config/sssd", "domains", val); if (ret != EOK) { fail("Could not initialize domains placeholder"); talloc_free(test_ctx); return ret; } val[0] = "local"; ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "id_provider", val); if (ret != EOK) { fail("Could not initialize provider"); talloc_free(test_ctx); return ret; } val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "enumerate", val); if (ret != EOK) { fail("Could not initialize LOCAL domain"); talloc_free(test_ctx); return ret; } val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "cache_credentials", val); if (ret != EOK) { fail("Could not initialize LOCAL domain"); talloc_free(test_ctx); return ret; } ret = sssd_domain_init(test_ctx, test_ctx->confdb, "local", TESTS_PATH, &test_ctx->domain); if (ret != EOK) { fail("Could not initialize connection to the sysdb (%d)", ret); talloc_free(test_ctx); return ret; } test_ctx->sysdb = test_ctx->domain->sysdb; *ctx = test_ctx; return EOK; } static void do_failed_login_test(uint32_t failed_login_attempts, time_t last_failed_login, int offline_failed_login_attempts, int offline_failed_login_delay, int expected_result, int expected_counter, time_t expected_delay) { struct sysdb_test_ctx *test_ctx = NULL; int ret; const char *val[2]; val[1] = NULL; struct ldb_message *ldb_msg; uint32_t returned_failed_login_attempts; time_t delayed_until; /* Setup */ ret = setup_sysdb_tests(&test_ctx); fail_unless(ret == EOK, "Could not set up the test"); val[0] = talloc_asprintf(test_ctx, "%u", offline_failed_login_attempts); fail_unless(val[0] != NULL, "talloc_sprintf failed"); ret = confdb_add_param(test_ctx->confdb, true, "config/pam", CONFDB_PAM_FAILED_LOGIN_ATTEMPTS, val); fail_unless(ret == EOK, "Could not set offline_failed_login_attempts"); val[0] = talloc_asprintf(test_ctx, "%u", offline_failed_login_delay); ret = confdb_add_param(test_ctx->confdb, true, "config/pam", CONFDB_PAM_FAILED_LOGIN_DELAY, val); fail_unless(ret == EOK, "Could not set offline_failed_login_delay"); ldb_msg = ldb_msg_new(test_ctx); fail_unless(ldb_msg != NULL, "ldb_msg_new failed"); ret = ldb_msg_add_fmt(ldb_msg, SYSDB_FAILED_LOGIN_ATTEMPTS, "%u", failed_login_attempts); fail_unless(ret == EOK, "ldb_msg_add_string failed"); ret = ldb_msg_add_fmt(ldb_msg, SYSDB_LAST_FAILED_LOGIN, "%lld", (long long) last_failed_login); fail_unless(ret == EOK, "ldb_msg_add_string failed"); ret = check_failed_login_attempts(test_ctx->confdb, ldb_msg, &returned_failed_login_attempts, &delayed_until); fail_unless(ret == expected_result, "check_failed_login_attempts returned wrong error code, " "expected [%d], got [%d]", expected_result, ret); fail_unless(returned_failed_login_attempts == expected_counter, "check_failed_login_attempts returned wrong number of failed " "login attempts, expected [%d], got [%d]", expected_counter, failed_login_attempts); fail_unless(delayed_until == expected_delay, "check_failed_login_attempts wrong delay, " "expected [%d], got [%d]", expected_delay, delayed_until); talloc_free(test_ctx); } START_TEST(test_failed_login_attempts) { time_t now; /* if offline_failed_login_attempts == 0 a login is never denied */ do_failed_login_test(0, 0, 0, 5, EOK, 0, -1); do_failed_login_test(0, time(NULL), 0, 5, EOK, 0, -1); do_failed_login_test(2, 0, 0, 5, EOK, 2, -1); do_failed_login_test(2, time(NULL), 0, 5, EOK, 2, -1); do_failed_login_test(0, 0, 0, 0, EOK, 0, -1); do_failed_login_test(0, time(NULL), 0, 0, EOK, 0, -1); do_failed_login_test(2, 0, 0, 0, EOK, 2, -1); do_failed_login_test(2, time(NULL), 0, 0, EOK, 2, -1); /* if offline_failed_login_attempts != 0 and * offline_failed_login_delay == 0 a login is denied if the number of * failed attempts >= offline_failed_login_attempts */ do_failed_login_test(0, 0, 2, 0, EOK, 0, -1); do_failed_login_test(0, time(NULL), 2, 0, EOK, 0, -1); do_failed_login_test(2, 0, 2, 0, ERR_AUTH_DENIED, 2, -1); do_failed_login_test(2, time(NULL), 2, 0, ERR_AUTH_DENIED, 2, -1); /* if offline_failed_login_attempts != 0 and * offline_failed_login_delay != 0 a login is denied only if the number of * failed attempts >= offline_failed_login_attempts AND the last failed * login attempt is not longer than offline_failed_login_delay ago */ do_failed_login_test(0, 0, 2, 5, EOK, 0, -1); do_failed_login_test(0, time(NULL), 2, 5, EOK, 0, -1); do_failed_login_test(2, 0, 2, 5, EOK, 0, -1); now = time(NULL); do_failed_login_test(2, now, 2, 5, ERR_AUTH_DENIED, 2, (now + 5 * 60)); } END_TEST Suite *auth_suite (void) { Suite *s = suite_create ("auth"); TCase *tc_auth = tcase_create ("auth"); tcase_add_test (tc_auth, test_failed_login_attempts); tcase_set_timeout(tc_auth, 60); suite_add_tcase (s, tc_auth); return s; } static int clean_db_dir(void) { int ret; ret = unlink(TESTS_PATH"/"TEST_CONF_FILE); if (ret != EOK && errno != ENOENT) { fprintf(stderr, "Could not delete the test config ldb file (%d) (%s)\n", errno, strerror(errno)); return ret; } ret = unlink(TESTS_PATH"/"LOCAL_SYSDB_FILE); if (ret != EOK && errno != ENOENT) { fprintf(stderr, "Could not delete the test config ldb file (%d) (%s)\n", errno, strerror(errno)); return ret; } ret = rmdir(TESTS_PATH); if (ret != EOK && errno != ENOENT) { fprintf(stderr, "Could not delete the test directory (%d) (%s)\n", errno, strerror(errno)); return ret; } return EOK; } int main(int argc, const char *argv[]) { int ret; int opt; int failure_count; poptContext pc; Suite *s = auth_suite (); SRunner *sr = srunner_create (s); struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); tests_set_cwd(); ret = clean_db_dir(); if (ret != EOK) { fprintf(stderr, "Could not delete the db directory (%d) (%s)\n", errno, strerror(errno)); return EXIT_FAILURE; } srunner_run_all(sr, CK_ENV); failure_count = srunner_ntests_failed (sr); srunner_free (sr); if (failure_count == 0) { ret = clean_db_dir(); if (ret != EOK) { fprintf(stderr, "Could not delete the db directory (%d) (%s)\n", errno, strerror(errno)); return EXIT_FAILURE; } return EXIT_SUCCESS; } return EXIT_FAILURE; } sssd-1.11.5/src/tests/PaxHeaders.13173/resolv-tests.c0000644000000000000000000000007312320753107020321 xustar000000000000000030 atime=1396954939.275891424 29 ctime=1396954961.73687489 sssd-1.11.5/src/tests/resolv-tests.c0000664002412700241270000006710412320753107020554 0ustar00jhrozekjhrozek00000000000000/* SSSD Async resolver tests Authors: Martin Nagy Jakub Hrozek Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include "tests/common.h" #include "util/util.h" #include "tests/common_check.h" /* Interface under test */ #include "resolv/async_resolv.h" #define RESOLV_DEFAULT_TIMEOUT 6 static int use_net_test; static char *txt_host; static char *srv_host; struct resolv_test_ctx { struct tevent_context *ev; struct resolv_ctx *resolv; enum { TESTING_HOSTNAME, TESTING_TXT, TESTING_SRV, } tested_function; int error; bool done; }; static int setup_resolv_test(int timeout, struct resolv_test_ctx **ctx) { struct resolv_test_ctx *test_ctx; int ret; test_ctx = talloc_zero(global_talloc_context, struct resolv_test_ctx); if (test_ctx == NULL) { fail("Could not allocate memory for test context"); return ENOMEM; } test_ctx->ev = tevent_context_init(test_ctx); if (test_ctx->ev == NULL) { fail("Could not init tevent context"); talloc_free(test_ctx); return EFAULT; } ret = resolv_init(test_ctx, test_ctx->ev, timeout, &test_ctx->resolv); if (ret != EOK) { fail("Could not init resolv context"); talloc_free(test_ctx); return ret; } *ctx = test_ctx; return EOK; } static int test_loop(struct resolv_test_ctx *data) { while (!data->done) tevent_loop_once(data->ev); return data->error; } struct resolv_hostent * test_create_rhostent(TALLOC_CTX *mem_ctx, const char *hostname, const char *address) { struct resolv_hostent *rhostent; int ret; int family; rhostent = talloc_zero(mem_ctx, struct resolv_hostent); if (!rhostent) { return NULL; } rhostent->name = talloc_strdup(rhostent, hostname); rhostent->addr_list = talloc_array(rhostent, struct resolv_addr *, 2); if (!rhostent->name || !rhostent->addr_list) { goto fail; } rhostent->addr_list[0] = talloc_zero(rhostent->addr_list, struct resolv_addr); if (!rhostent->addr_list[0]) { goto fail; } rhostent->addr_list[0]->ipaddr = talloc_array(rhostent->addr_list[0], uint8_t, sizeof(struct in6_addr)); if (!rhostent->addr_list[0]->ipaddr) { goto fail; } family = AF_INET; ret = inet_pton(family, address, rhostent->addr_list[0]->ipaddr); if (ret != 1) { family = AF_INET6; ret = inet_pton(family, address, rhostent->addr_list[0]->ipaddr); if (ret != 1) { goto fail; } } rhostent->addr_list[0]->ttl = RESOLV_DEFAULT_TTL; rhostent->addr_list[1] = NULL; rhostent->family = family; rhostent->aliases = NULL; return rhostent; fail: talloc_free(rhostent); return NULL; } START_TEST(test_copy_hostent) { void *ctx; struct resolv_hostent *rhe; char name[] = "foo.example.com"; char alias_1[] = "bar.example.com"; char alias_2[] = "baz.example.com"; char *aliases[] = { alias_1, alias_2, NULL }; struct in_addr addr_1 = { 1234 }; struct in_addr addr_2 = { 5678 }; int ttl_1 = 12; int ttl_2 = 34; char *addr_list[] = { (char *) &addr_2, (char *) &addr_1, NULL }; struct hostent he = { name, aliases, AF_INET, sizeof(addr_1), addr_list }; struct ares_addrttl attl[] = { { addr_1, ttl_1 }, { addr_2, ttl_2 } }; ctx = talloc_new(global_talloc_context); fail_if(ctx == NULL); ck_leaks_push(ctx); rhe = resolv_copy_hostent_ares(ctx, &he, AF_INET, &attl, 2); fail_if(rhe == NULL); fail_if(strcmp(rhe->name, name)); fail_if(strcmp(rhe->aliases[0], alias_1)); fail_if(strcmp(rhe->aliases[1], alias_2)); fail_if(rhe->aliases[2] != NULL); fail_if(rhe->family != AF_INET); fail_if(memcmp(rhe->addr_list[0]->ipaddr, &addr_1, sizeof(addr_1))); fail_if(rhe->addr_list[0]->ttl != ttl_1); fail_if(memcmp(rhe->addr_list[1]->ipaddr, &addr_2, sizeof(addr_2))); fail_if(rhe->addr_list[1]->ttl != ttl_2); fail_if(rhe->addr_list[2] != NULL); talloc_zfree(rhe); rhe = resolv_copy_hostent(ctx, &he); fail_if(rhe == NULL); fail_if(strcmp(rhe->name, name)); fail_if(strcmp(rhe->aliases[0], alias_1)); fail_if(strcmp(rhe->aliases[1], alias_2)); fail_if(rhe->aliases[2] != NULL); fail_if(rhe->family != AF_INET); fail_if(memcmp(rhe->addr_list[0]->ipaddr, &addr_2, sizeof(addr_1))); fail_if(rhe->addr_list[0]->ttl != RESOLV_DEFAULT_TTL); fail_if(memcmp(rhe->addr_list[1]->ipaddr, &addr_1, sizeof(addr_2))); fail_if(rhe->addr_list[1]->ttl != RESOLV_DEFAULT_TTL); fail_if(rhe->addr_list[2] != NULL); talloc_free(rhe); ck_leaks_pop(ctx); } END_TEST START_TEST(test_address_to_string) { void *ctx; struct resolv_hostent *rhe; char *str_addr; char *ptr_addr; ctx = talloc_new(global_talloc_context); fail_if(ctx == NULL); ck_leaks_push(ctx); rhe = test_create_rhostent(ctx, "www.example.com", "1.2.3.4"); fail_if(rhe == NULL); str_addr = resolv_get_string_address_index(ctx, rhe, 0); fail_if(str_addr == NULL); fail_unless(strcmp(str_addr, "1.2.3.4") == 0, "Unexpected address\n"); talloc_free(str_addr); ptr_addr = resolv_get_string_ptr_address(ctx, rhe->family, rhe->addr_list[0]->ipaddr); fail_if(ptr_addr == NULL); fail_unless(strcmp(ptr_addr, "4.3.2.1.in-addr.arpa.") == 0, "Unexpected PTR address\n"); talloc_free(ptr_addr); talloc_free(rhe); rhe = test_create_rhostent(ctx, "www6.example.com", "2607:f8b0:400c:c03::6a"); fail_if(rhe == NULL); str_addr = resolv_get_string_address_index(ctx, rhe, 0); fail_if(str_addr == NULL); fail_unless(strcmp(str_addr, "2607:f8b0:400c:c03::6a") == 0, "Unexpected address\n"); talloc_free(str_addr); ptr_addr = resolv_get_string_ptr_address(ctx, rhe->family, rhe->addr_list[0]->ipaddr); fail_if(ptr_addr == NULL); fail_unless(strcmp(ptr_addr, "a.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.c.0.c.0.0.4.0.b.8.f.7.0.6.2.ip6.arpa.") == 0, "Unexpected PTR address\n"); talloc_free(ptr_addr); talloc_free(rhe); ck_leaks_pop(ctx); } END_TEST static void test_ip_addr(struct tevent_req *req) { int recv_status; int status; struct resolv_hostent *rhostent; int i; struct resolv_test_ctx *test_ctx = tevent_req_callback_data(req, struct resolv_test_ctx); test_ctx->done = true; recv_status = resolv_gethostbyname_recv(req, test_ctx, &status, NULL, &rhostent); talloc_zfree(req); if (recv_status != EOK) { DEBUG(2, ("resolv_gethostbyname_recv failed: %d\n", recv_status)); test_ctx->error = recv_status; return; } DEBUG(7, ("resolv_gethostbyname_recv status: %d\n", status)); test_ctx->error = ENOENT; for (i = 0; rhostent->addr_list[i]; i++) { char addr_buf[256]; inet_ntop(rhostent->family, rhostent->addr_list[i]->ipaddr, addr_buf, sizeof(addr_buf)); if (strcmp(addr_buf, "127.0.0.1") == 0) { test_ctx->error = EOK; } } talloc_free(rhostent); } START_TEST(test_resolv_ip_addr) { struct resolv_test_ctx *test_ctx; int ret = EOK; struct tevent_req *req; const char *hostname = "127.0.0.1"; ret = setup_resolv_test(RESOLV_DEFAULT_TIMEOUT, &test_ctx); if (ret != EOK) { fail("Could not set up test"); return; } ck_leaks_push(test_ctx); req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_ONLY, default_host_dbs); DEBUG(7, ("Sent resolv_gethostbyname\n")); if (req == NULL) { ret = ENOMEM; } if (ret == EOK) { tevent_req_set_callback(req, test_ip_addr, test_ctx); ret = test_loop(test_ctx); } ck_leaks_pop(test_ctx); fail_unless(ret == EOK); talloc_zfree(test_ctx); } END_TEST static void test_localhost(struct tevent_req *req) { int recv_status; int status; struct resolv_hostent *rhostent; int i; struct resolv_test_ctx *test_ctx = tevent_req_callback_data(req, struct resolv_test_ctx); test_ctx->done = true; recv_status = resolv_gethostbyname_recv(req, test_ctx, &status, NULL, &rhostent); talloc_zfree(req); if (recv_status != EOK) { DEBUG(2, ("resolv_gethostbyname_recv failed: %d\n", recv_status)); test_ctx->error = recv_status; return; } DEBUG(7, ("resolv_gethostbyname_recv status: %d\n", status)); test_ctx->error = ENOENT; for (i = 0; rhostent->addr_list[i]; i++) { char addr_buf[256]; inet_ntop(rhostent->family, rhostent->addr_list[i]->ipaddr, addr_buf, sizeof(addr_buf)); /* test that localhost resolves to 127.0.0.1 or ::1 */ if (strcmp(addr_buf, "127.0.0.1") == 0 || strcmp(addr_buf, "::1") == 0) { test_ctx->error = EOK; } } talloc_free(rhostent); } START_TEST(test_resolv_localhost) { struct resolv_test_ctx *test_ctx; int ret = EOK; struct tevent_req *req; const char *hostname = "localhost.localdomain"; ret = setup_resolv_test(RESOLV_DEFAULT_TIMEOUT, &test_ctx); if (ret != EOK) { fail("Could not set up test"); return; } ck_leaks_push(test_ctx); req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_FIRST, default_host_dbs); DEBUG(7, ("Sent resolv_gethostbyname\n")); if (req == NULL) { ret = ENOMEM; } if (ret == EOK) { tevent_req_set_callback(req, test_localhost, test_ctx); ret = test_loop(test_ctx); } ck_leaks_pop(test_ctx); fail_unless(ret == EOK); talloc_zfree(test_ctx); } END_TEST static void test_negative(struct tevent_req *req) { int recv_status; int status; struct resolv_hostent *hostent; struct resolv_test_ctx *test_ctx; test_ctx = tevent_req_callback_data(req, struct resolv_test_ctx); test_ctx->done = true; recv_status = resolv_gethostbyname_recv(req, test_ctx, &status, NULL, &hostent); talloc_zfree(req); if (recv_status == EOK) { DEBUG(7, ("resolv_gethostbyname_recv succeeded in a negative test\n")); return; } test_ctx->error = status; DEBUG(2, ("resolv_gethostbyname_recv status: %d: %s\n", status, resolv_strerror(status))); } START_TEST(test_resolv_negative) { int ret = EOK; struct tevent_req *req; const char *hostname = "sssd.foo"; struct resolv_test_ctx *test_ctx; ret = setup_resolv_test(RESOLV_DEFAULT_TIMEOUT, &test_ctx); if (ret != EOK) { fail("Could not set up test"); return; } ck_leaks_push(test_ctx); req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_FIRST, default_host_dbs); DEBUG(7, ("Sent resolv_gethostbyname\n")); if (req == NULL) { ret = ENOMEM; } if (ret == EOK) { tevent_req_set_callback(req, test_negative, test_ctx); ret = test_loop(test_ctx); } ck_leaks_pop(test_ctx); fail_unless(ret != EOK); fail_unless(test_ctx->error == ARES_ENOTFOUND); talloc_zfree(test_ctx); } END_TEST static void test_internet(struct tevent_req *req) { int recv_status; int status; struct resolv_test_ctx *test_ctx; void *tmp_ctx; struct resolv_hostent *rhostent = NULL; struct ares_txt_reply *txt_replies = NULL, *txtptr; struct ares_srv_reply *srv_replies = NULL, *srvptr; int i; test_ctx = tevent_req_callback_data(req, struct resolv_test_ctx); test_ctx->done = true; tmp_ctx = talloc_new(test_ctx); ck_leaks_push(tmp_ctx); switch (test_ctx->tested_function) { case TESTING_HOSTNAME: recv_status = resolv_gethostbyname_recv(req, tmp_ctx, &status, NULL, &rhostent); test_ctx->error = (rhostent->name == NULL) ? ENOENT : EOK; if (test_ctx->error == EOK) { char addr_buf[256]; for (i=0; rhostent->addr_list[i]; i++) { inet_ntop(rhostent->family, rhostent->addr_list[i]->ipaddr, addr_buf, sizeof(addr_buf)); DEBUG(2, ("Found address %s with TTL %d\n", addr_buf, rhostent->addr_list[i]->ttl)); } } break; case TESTING_TXT: recv_status = resolv_gettxt_recv(tmp_ctx, req, &status, NULL, &txt_replies); test_ctx->error = (txt_replies == NULL) ? ENOENT : EOK; for (txtptr = txt_replies; txtptr != NULL; txtptr = txtptr->next) { DEBUG(2, ("TXT Record: %s\n", txtptr->txt)); } break; case TESTING_SRV: recv_status = resolv_getsrv_recv(tmp_ctx, req, &status, NULL, &srv_replies); test_ctx->error = (srv_replies == NULL) ? ENOENT : EOK; for (srvptr = srv_replies; srvptr != NULL; srvptr = srvptr->next) { DEBUG(2, ("SRV Record: %d %d %d %s\n", srvptr->weight, srvptr->priority, srvptr->port, srvptr->host)); } break; default: recv_status = EINVAL; break; } talloc_zfree(req); fail_if(recv_status != EOK, "The recv function failed: %d", recv_status); DEBUG(7, ("recv status: %d\n", status)); if (rhostent != NULL) { talloc_free(rhostent); } else if (txt_replies != NULL) { talloc_free(txt_replies); } else if (srv_replies != NULL) { talloc_free(srv_replies); } ck_leaks_pop(tmp_ctx); } START_TEST(test_resolv_internet) { int ret = EOK; struct tevent_req *req; const char *hostname = "redhat.com"; struct resolv_test_ctx *test_ctx; ret = setup_resolv_test(RESOLV_DEFAULT_TIMEOUT, &test_ctx); if (ret != EOK) { fail("Could not set up test"); return; } test_ctx->tested_function = TESTING_HOSTNAME; ck_leaks_push(test_ctx); req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_FIRST, default_host_dbs); DEBUG(7, ("Sent resolv_gethostbyname\n")); if (req == NULL) { ret = ENOMEM; } if (ret == EOK) { tevent_req_set_callback(req, test_internet, test_ctx); ret = test_loop(test_ctx); } fail_unless(ret == EOK); ck_leaks_pop(test_ctx); talloc_zfree(test_ctx); } END_TEST START_TEST(test_resolv_internet_txt) { int ret; struct tevent_req *req; struct resolv_test_ctx *test_ctx; ret = setup_resolv_test(RESOLV_DEFAULT_TIMEOUT, &test_ctx); fail_if(ret != EOK, "Could not set up test"); test_ctx->tested_function = TESTING_TXT; ck_leaks_push(test_ctx); req = resolv_gettxt_send(test_ctx, test_ctx->ev, test_ctx->resolv, txt_host); fail_if(req == NULL, "Function resolv_gettxt_send failed"); tevent_req_set_callback(req, test_internet, test_ctx); ret = test_loop(test_ctx); fail_unless(ret == EOK); ck_leaks_pop(test_ctx); talloc_zfree(test_ctx); } END_TEST START_TEST(test_resolv_internet_srv) { int ret; struct tevent_req *req; struct resolv_test_ctx *test_ctx; ret = setup_resolv_test(RESOLV_DEFAULT_TIMEOUT, &test_ctx); fail_if(ret != EOK, "Could not set up test"); test_ctx->tested_function = TESTING_SRV; ck_leaks_push(test_ctx); req = resolv_getsrv_send(test_ctx, test_ctx->ev, test_ctx->resolv, srv_host); fail_if(req == NULL, "Function resolv_getsrv_send failed"); tevent_req_set_callback(req, test_internet, test_ctx); ret = test_loop(test_ctx); fail_unless(ret == EOK); ck_leaks_pop(test_ctx); talloc_zfree(test_ctx); } END_TEST static void resolv_free_context(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { struct resolv_ctx *rctx = talloc_get_type(ptr, struct resolv_ctx); DEBUG(7, ("freeing the context\n")); talloc_free(rctx); } static void resolv_free_done(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { struct resolv_test_ctx *tctx = talloc_get_type(ptr, struct resolv_test_ctx); DEBUG(7, ("marking test as done\n")); tctx->error = EOK; tctx->done = true; } START_TEST(test_resolv_free_context) { int ret = EOK; struct tevent_req *req; const char *hostname = "redhat.com"; struct resolv_test_ctx *test_ctx; struct tevent_timer *free_timer, *terminate_timer; struct timeval free_tv, terminate_tv; ret = setup_resolv_test(RESOLV_DEFAULT_TIMEOUT, &test_ctx); if (ret != EOK) { fail("Could not set up test"); return; } req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_FIRST, default_host_dbs); DEBUG(7, ("Sent resolv_gethostbyname\n")); if (req == NULL) { fail("Error calling resolv_gethostbyname_send"); goto done; } gettimeofday(&free_tv, NULL); free_tv.tv_sec += 1; free_tv.tv_usec = 0; terminate_tv.tv_sec = free_tv.tv_sec + 1; terminate_tv.tv_usec = 0; free_timer = tevent_add_timer(test_ctx->ev, test_ctx, free_tv, resolv_free_context, test_ctx->resolv); if (free_timer == NULL) { fail("Error calling tevent_add_timer"); goto done; } terminate_timer = tevent_add_timer(test_ctx->ev, test_ctx, terminate_tv, resolv_free_done, test_ctx); if (terminate_timer == NULL) { fail("Error calling tevent_add_timer"); goto done; } ret = test_loop(test_ctx); fail_unless(ret == EOK); done: talloc_zfree(test_ctx); } END_TEST static void resolv_free_req(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { struct tevent_req *req = talloc_get_type(ptr, struct tevent_req); DEBUG(7, ("freeing the request\n")); talloc_free(req); } START_TEST(test_resolv_sort_srv_reply) { int ret; struct ares_srv_reply *replies = NULL; struct ares_srv_reply *r, *prev = NULL; struct resolv_test_ctx *test_ctx; int num_replies = 3; int i; ret = setup_resolv_test(RESOLV_DEFAULT_TIMEOUT, &test_ctx); if (ret != EOK) { fail("Could not set up test"); return; } ck_leaks_push(test_ctx); /* prepare linked list with reversed values */ for (i = 0; ipriority = num_replies-i; r->weight = i; if (!replies) { replies = r; prev = r; } else { prev->next = r; prev = prev->next; } } /* do the sort */ ret = resolv_sort_srv_reply(&replies); fail_if(ret != EOK); /* check if the list is sorted */ prev = NULL; for (i = 1, r = replies; r; r=r->next, i++) { talloc_zfree(prev); prev = r; fail_unless(r->priority == i); } talloc_zfree(prev); /* check if the list is complete */ fail_unless(i-1 == num_replies); /* test if the weighting algorithm runs..not much do * deterministically test here since it is based on * random weight-selection */ replies = NULL; for (i = 0; ipriority = i % 2 + 1; r->weight = i; if (!replies) { replies = r; prev = r; } else { prev->next = r; prev = prev->next; } } /* do the sort */ ret = resolv_sort_srv_reply(&replies); fail_if(ret != EOK); /* clean up */ prev = NULL; for (i = 1, r = replies; r; r=r->next, i++) { talloc_zfree(prev); prev = r; } talloc_zfree(prev); /* check for leaks */ ck_leaks_pop(test_ctx); talloc_zfree(test_ctx); } END_TEST START_TEST(test_resolv_free_req) { int ret = EOK; struct tevent_req *req; const char *hostname = "redhat.com"; struct resolv_test_ctx *test_ctx; struct tevent_timer *free_timer, *terminate_timer; struct timeval free_tv, terminate_tv; ret = setup_resolv_test(RESOLV_DEFAULT_TIMEOUT, &test_ctx); if (ret != EOK) { fail("Could not set up test"); return; } ck_leaks_push(test_ctx); req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_FIRST, default_host_dbs); DEBUG(7, ("Sent resolv_gethostbyname\n")); if (req == NULL) { fail("Error calling resolv_gethostbyname_send"); goto done; } gettimeofday(&free_tv, NULL); free_tv.tv_sec += 1; free_tv.tv_usec = 0; /* Give enought time for c-ares request to terminate */ terminate_tv.tv_sec = free_tv.tv_sec + 6; terminate_tv.tv_usec = 0; free_timer = tevent_add_timer(test_ctx->ev, test_ctx, free_tv, resolv_free_req, req); if (free_timer == NULL) { fail("Error calling tevent_add_timer"); goto done; } terminate_timer = tevent_add_timer(test_ctx->ev, test_ctx, terminate_tv, resolv_free_done, test_ctx); if (terminate_timer == NULL) { fail("Error calling tevent_add_timer"); goto done; } ret = test_loop(test_ctx); ck_leaks_pop(test_ctx); fail_unless(ret == EOK); done: talloc_zfree(test_ctx); } END_TEST static void test_timeout(struct tevent_req *req) { int recv_status; int status; struct resolv_test_ctx *test_ctx; TALLOC_CTX *tmp_ctx; struct resolv_hostent *rhostent = NULL; test_ctx = tevent_req_callback_data(req, struct resolv_test_ctx); test_ctx->done = true; tmp_ctx = talloc_new(test_ctx); ck_leaks_push(tmp_ctx); fail_unless(test_ctx->tested_function == TESTING_HOSTNAME); recv_status = resolv_gethostbyname_recv(req, tmp_ctx, &status, NULL, &rhostent); talloc_zfree(req); fail_unless(recv_status == ETIMEDOUT); fail_unless(status == ARES_ETIMEOUT); ck_leaks_pop(tmp_ctx); talloc_free(tmp_ctx); } START_TEST(test_resolv_timeout) { struct resolv_test_ctx *test_ctx; errno_t ret; struct tevent_req *req; const char *hostname = "redhat.com"; ret = setup_resolv_test(0, &test_ctx); if (ret != EOK) { fail("Could not set up test"); return; } test_ctx->tested_function = TESTING_HOSTNAME; req = resolv_gethostbyname_send(test_ctx, test_ctx->ev, test_ctx->resolv, hostname, IPV4_FIRST, default_host_dbs); DEBUG(7, ("Sent resolv_gethostbyname\n")); if (req == NULL) { ret = ENOMEM; } if (ret == EOK) { tevent_req_set_callback(req, test_timeout, test_ctx); ret = test_loop(test_ctx); } fail_unless(ret == EOK); talloc_zfree(test_ctx); } END_TEST Suite *create_resolv_suite(void) { Suite *s = suite_create("resolv"); TCase *tc_resolv = tcase_create("RESOLV Tests"); tcase_set_timeout(tc_resolv, 8); tcase_add_checked_fixture(tc_resolv, ck_leak_check_setup, ck_leak_check_teardown); /* Do some testing */ tcase_add_test(tc_resolv, test_copy_hostent); tcase_add_test(tc_resolv, test_address_to_string); tcase_add_test(tc_resolv, test_resolv_ip_addr); tcase_add_test(tc_resolv, test_resolv_sort_srv_reply); if (use_net_test) { tcase_add_test(tc_resolv, test_resolv_internet); tcase_add_test(tc_resolv, test_resolv_negative); tcase_add_test(tc_resolv, test_resolv_localhost); tcase_add_test(tc_resolv, test_resolv_timeout); if (txt_host != NULL) { tcase_add_test(tc_resolv, test_resolv_internet_txt); } if (srv_host != NULL) { tcase_add_test(tc_resolv, test_resolv_internet_srv); } } tcase_add_test(tc_resolv, test_resolv_free_context); tcase_add_test(tc_resolv, test_resolv_free_req); /* Add all test cases to the test suite */ suite_add_tcase(s, tc_resolv); return s; } int main(int argc, const char *argv[]) { int opt; poptContext pc; int failure_count; Suite *resolv_suite; SRunner *sr; int debug = 0; struct poptOption long_options[] = { POPT_AUTOHELP { "debug-level", 'd', POPT_ARG_INT, &debug, 0, "Set debug level", NULL }, { "use-net-test", 'n', POPT_ARG_NONE, 0, 'n', "Run tests that need an active internet connection", NULL }, { "txt-host", 't', POPT_ARG_STRING, 0, 't', "Specify the host used for TXT record testing", NULL }, { "srv-host", 's', POPT_ARG_STRING, 0, 's', "Specify the host used for SRV record testing", NULL }, POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { case 'n': use_net_test = 1; break; case 't': txt_host = poptGetOptArg(pc); break; case 's': srv_host = poptGetOptArg(pc); break; default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug); if (!use_net_test) { printf("Network tests disabled. Rerun with the \"-n\" " "option to run the full suite of tests\n"); } tests_set_cwd(); resolv_suite = create_resolv_suite(); sr = srunner_create(resolv_suite); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); failure_count = srunner_ntests_failed(sr); srunner_free(sr); return (failure_count==0 ? EXIT_SUCCESS : EXIT_FAILURE); } sssd-1.11.5/src/tests/PaxHeaders.13173/debug-tests.c0000644000000000000000000000007412320753107020076 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.711874908 sssd-1.11.5/src/tests/debug-tests.c0000664002412700241270000006722312320753107020332 0ustar00jhrozekjhrozek00000000000000/* SSSD debug-tests.c Authors: Pavel Březina Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "tests/common.h" #define DEBUG_TEST_ERROR -1 #define DEBUG_TEST_NOK 1 #define DEBUG_TEST_NOK_TS 2 START_TEST(test_debug_convert_old_level_old_format) { int expected_level = 0x0000; int old_level; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; for (old_level = 0; old_level <= 9; old_level++) { expected_level |= levels[old_level]; char *msg = NULL; msg = talloc_asprintf(NULL, "Invalid conversion of %d", old_level); fail_unless(debug_convert_old_level(old_level) == expected_level, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_convert_old_level_new_format) { fail_unless( debug_convert_old_level(SSSDBG_UNRESOLVED) == SSSDBG_FATAL_FAILURE, "Invalid conversion of SSSDBG_UNRESOLVED" ); fail_unless( debug_convert_old_level(SSSDBG_FATAL_FAILURE) == SSSDBG_FATAL_FAILURE, "Invalid conversion of SSSDBG_FATAL_FAILURE" ); fail_unless( debug_convert_old_level(SSSDBG_CRIT_FAILURE) == SSSDBG_CRIT_FAILURE, "Invalid conversion of SSSDBG_CRIT_FAILURE" ); fail_unless( debug_convert_old_level(SSSDBG_OP_FAILURE) == SSSDBG_OP_FAILURE, "Invalid conversion of SSSDBG_OP_FAILURE" ); fail_unless( debug_convert_old_level(SSSDBG_MINOR_FAILURE) == SSSDBG_MINOR_FAILURE, "Invalid conversion of SSSDBG_MINOR_FAILURE" ); fail_unless( debug_convert_old_level(SSSDBG_CONF_SETTINGS) == SSSDBG_CONF_SETTINGS, "Invalid conversion of SSSDBG_CONF_SETTINGS" ); fail_unless( debug_convert_old_level(SSSDBG_FUNC_DATA) == SSSDBG_FUNC_DATA, "Invalid conversion of SSSDBG_FUNC_DATA" ); fail_unless( debug_convert_old_level(SSSDBG_TRACE_FUNC) == SSSDBG_TRACE_FUNC, "Invalid conversion of SSSDBG_TRACE_FUNC" ); fail_unless( debug_convert_old_level(SSSDBG_TRACE_LIBS) == SSSDBG_TRACE_LIBS, "Invalid conversion of SSSDBG_TRACE_LIBS" ); fail_unless( debug_convert_old_level(SSSDBG_TRACE_INTERNAL) == SSSDBG_TRACE_INTERNAL, "Invalid conversion of SSSDBG_TRACE_INTERNAL" ); fail_unless( debug_convert_old_level(SSSDBG_TRACE_ALL) == SSSDBG_TRACE_ALL, "Invalid conversion of SSSDBG_TRACE_ALL" ); fail_unless( debug_convert_old_level(SSSDBG_MASK_ALL) == SSSDBG_MASK_ALL, "Invalid conversion of SSSDBG_MASK_ALL" ); } END_TEST START_TEST(test_debug_get_level_old_format) { fail_unless(debug_get_level(0) == SSSDBG_FATAL_FAILURE, "Invalid conversion of 0"); fail_unless(debug_get_level(1) == SSSDBG_CRIT_FAILURE, "Invalid conversion of 1"); fail_unless(debug_get_level(2) == SSSDBG_OP_FAILURE, "Invalid conversion of 2"); fail_unless(debug_get_level(3) == SSSDBG_MINOR_FAILURE, "Invalid conversion of 3"); fail_unless(debug_get_level(4) == SSSDBG_CONF_SETTINGS, "Invalid conversion of 4"); fail_unless(debug_get_level(5) == SSSDBG_FUNC_DATA, "Invalid conversion of 5"); fail_unless(debug_get_level(6) == SSSDBG_TRACE_FUNC, "Invalid conversion of 6"); fail_unless(debug_get_level(7) == SSSDBG_TRACE_LIBS, "Invalid conversion of 7"); fail_unless(debug_get_level(8) == SSSDBG_TRACE_INTERNAL, "Invalid conversion of 8"); fail_unless(debug_get_level(9) == SSSDBG_TRACE_ALL, "Invalid conversion of 9"); } END_TEST START_TEST(test_debug_get_level_new_format) { fail_unless( debug_get_level(SSSDBG_UNRESOLVED) == SSSDBG_FATAL_FAILURE, "Invalid conversion of SSSDBG_UNRESOLVED" ); fail_unless( debug_get_level(SSSDBG_FATAL_FAILURE) == SSSDBG_FATAL_FAILURE, "Invalid conversion of SSSDBG_FATAL_FAILURE" ); fail_unless( debug_get_level(SSSDBG_CRIT_FAILURE) == SSSDBG_CRIT_FAILURE, "Invalid conversion of SSSDBG_CRIT_FAILURE" ); fail_unless( debug_get_level(SSSDBG_OP_FAILURE) == SSSDBG_OP_FAILURE, "Invalid conversion of SSSDBG_OP_FAILURE" ); fail_unless( debug_get_level(SSSDBG_MINOR_FAILURE) == SSSDBG_MINOR_FAILURE, "Invalid conversion of SSSDBG_MINOR_FAILURE" ); fail_unless( debug_get_level(SSSDBG_CONF_SETTINGS) == SSSDBG_CONF_SETTINGS, "Invalid conversion of SSSDBG_CONF_SETTINGS" ); fail_unless( debug_get_level(SSSDBG_FUNC_DATA) == SSSDBG_FUNC_DATA, "Invalid conversion of SSSDBG_FUNC_DATA" ); fail_unless( debug_get_level(SSSDBG_TRACE_FUNC) == SSSDBG_TRACE_FUNC, "Invalid conversion of SSSDBG_TRACE_FUNC" ); fail_unless( debug_get_level(SSSDBG_TRACE_LIBS) == SSSDBG_TRACE_LIBS, "Invalid conversion of SSSDBG_TRACE_LIBS" ); fail_unless( debug_get_level(SSSDBG_TRACE_INTERNAL) == SSSDBG_TRACE_INTERNAL, "Invalid conversion of SSSDBG_TRACE_INTERNAL" ); fail_unless( debug_get_level(SSSDBG_TRACE_ALL) == SSSDBG_TRACE_ALL, "Invalid conversion of SSSDBG_TRACE_ALL" ); } END_TEST int test_helper_debug_check_message(int level, int msgmode) { TALLOC_CTX *ctx = talloc_new(NULL); char filename[24] = {'\0'}; char *msg = NULL; char *compare_to = NULL; const char *function = __FUNCTION__; const char *body = "some error\n"; int filesize; int fsize; int fd; int ret; int _errno = 0; mode_t old_umask; FILE *file = NULL; strncpy(filename, "sssd_debug_tests.XXXXXX", 24); old_umask = umask(077); fd = mkstemp(filename); umask(old_umask); if (fd == -1) { _errno = errno; talloc_free(ctx); errno = _errno; return DEBUG_TEST_ERROR; } file = fdopen(fd, "r"); if (file == NULL) { _errno = errno; ret = DEBUG_TEST_ERROR; goto done; } ret = set_debug_file_from_fd(fd); if (ret != EOK) { _errno = ret; ret = DEBUG_TEST_ERROR; goto done; } if (msgmode == 0) { DEBUG(level, ("%s", body)); } else { DEBUG_MSG(level, __FUNCTION__, "some error"); } ret = fseek(file, 0, SEEK_END); if (ret == -1) { _errno = errno; ret = DEBUG_TEST_ERROR; goto done; } filesize = ftell(file); if (filesize == -1) { _errno = errno; ret = DEBUG_TEST_ERROR; goto done; } rewind(file); msg = talloc_array(ctx, char, filesize+1); if (msg == NULL) { _errno = ENOMEM; ret = DEBUG_TEST_ERROR; goto done; } fsize = fread(msg, sizeof(char), filesize, file); if (fsize != filesize) { _errno = EIO; ret = DEBUG_TEST_ERROR; goto done; } msg[fsize] = '\0'; if (debug_timestamps == 1) { char time_day[4] = {'\0', '\0', '\0', '\0'}; char time_month[4] = {'\0', '\0', '\0', '\0'}; int time_day_num = 0; int time_hour = 0; int time_min = 0; int time_sec = 0; int time_usec = 0; int time_year = 0; int scan_return = 0; if (debug_microseconds == 0) { scan_return = sscanf(msg, "(%s %s %d %d:%d:%d %d)", time_day, time_month, &time_day_num, &time_hour, &time_min, &time_sec, &time_year); if (scan_return != 7) { ret = DEBUG_TEST_NOK_TS; goto done; } compare_to = talloc_asprintf(ctx, "(%s %s %2d %.2d:%.2d:%.2d %.4d) " "[%s] [%s] (%#.4x): %s", time_day, time_month, time_day_num, time_hour, time_min, time_sec, time_year, debug_prg_name, function, level, body); if (compare_to == NULL) { _errno = ENOMEM; ret = DEBUG_TEST_ERROR; goto done; } } else { scan_return = sscanf(msg, "(%s %s %d %d:%d:%d:%d %d)", time_day, time_month, &time_day_num, &time_hour, &time_min, &time_sec, &time_usec, &time_year); if (scan_return != 8) { ret = DEBUG_TEST_NOK_TS; goto done; } compare_to = talloc_asprintf(ctx, "(%s %s %2d %.2d:%.2d:%.2d:%.6d %.4d) " "[%s] [%s] (%#.4x): %s", time_day, time_month, time_day_num, time_hour, time_min, time_sec, time_usec, time_year, debug_prg_name, function, level, body); if (compare_to == NULL) { _errno = ENOMEM; ret = DEBUG_TEST_ERROR; goto done; } } } else { compare_to = talloc_asprintf(ctx, "[%s] [%s] (%#.4x): %s", debug_prg_name, function, level, body); if (compare_to == NULL) { _errno = ENOMEM; ret = DEBUG_TEST_ERROR; goto done; } } ret = strncmp(msg, compare_to, filesize) == 0 ? EOK : DEBUG_TEST_NOK; done: talloc_free(ctx); if (file != NULL) { fclose(file); } remove(filename); errno = _errno; return ret; } int test_helper_debug_is_empty_message(int level, int msgmode) { char filename[24] = {'\0'}; int fd; int filesize; int ret; int _errno = 0; mode_t old_umask; FILE *file; strncpy(filename, "sssd_debug_tests.XXXXXX", 24); old_umask = umask(077); fd = mkstemp(filename); umask(old_umask); if (fd == -1) { return DEBUG_TEST_ERROR; } file = fdopen(fd, "r"); if (file == NULL) { _errno = errno; ret = DEBUG_TEST_ERROR; goto done; } ret = set_debug_file_from_fd(fd); if (ret != EOK) { _errno = ret; ret = DEBUG_TEST_ERROR; goto done; } if (msgmode == 0) { DEBUG(level, ("some error\n")); } else { DEBUG_MSG(level, __FUNCTION__, "some error"); } ret = fseek(file, 0, SEEK_END); if (ret == -1) { _errno = errno; ret = DEBUG_TEST_ERROR; goto done; } filesize = ftell(file); if (filesize == -1) { _errno = errno; ret = DEBUG_TEST_ERROR; goto done; } ret = filesize == 0 ? EOK : DEBUG_TEST_NOK; done: if (file != NULL) { fclose(file); } remove(filename); errno = _errno; return ret; } START_TEST(test_debug_is_set_single_no_timestamp) { int i; int result; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; char *error_msg; debug_timestamps = 0; debug_microseconds = 0; debug_to_file = 1; debug_prg_name = "sssd"; for (i = 0; i <= 9; i++) { debug_level = levels[i]; errno = 0; result = test_helper_debug_check_message(levels[i], 0); if (result == DEBUG_TEST_ERROR) { error_msg = strerror(errno); fail(error_msg); } char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message don't match", levels[i]); fail_unless(result == EOK, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_is_set_single_timestamp) { int i; int result; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; char *error_msg; debug_timestamps = 1; debug_microseconds = 0; debug_to_file = 1; debug_prg_name = "sssd"; for (i = 0; i <= 9; i++) { debug_level = levels[i]; errno = 0; result = test_helper_debug_check_message(levels[i], 0); if (result == DEBUG_TEST_ERROR) { error_msg = strerror(errno); fail(error_msg); } char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - invalid timestamp", levels[i]); fail_if(result == DEBUG_TEST_NOK_TS, msg); talloc_free(msg); msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message don't match", levels[i]); fail_unless(result == EOK, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_is_set_single_timestamp_microseconds) { int i; int result; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; char *error_msg; debug_timestamps = 1; debug_microseconds = 1; debug_to_file = 1; debug_prg_name = "sssd"; for (i = 0; i <= 9; i++) { debug_level = levels[i]; errno = 0; result = test_helper_debug_check_message(levels[i], 0); if (result == DEBUG_TEST_ERROR) { error_msg = strerror(errno); fail(error_msg); } char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - invalid timestamp", levels[i]); fail_if(result == DEBUG_TEST_NOK_TS, msg); talloc_free(msg); msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message don't match", levels[i]); fail_unless(result == EOK, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_is_notset_no_timestamp) { int i; int result; int all_set = SSSDBG_MASK_ALL; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; char *error_msg; debug_timestamps = 0; debug_microseconds = 0; debug_to_file = 1; debug_prg_name = "sssd"; for (i = 0; i <= 9; i++) { debug_level = all_set & ~levels[i]; errno = 0; result = test_helper_debug_is_empty_message(levels[i], 0); if (result == DEBUG_TEST_ERROR) { error_msg = strerror(errno); fail(error_msg); } char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message has been written", levels[i]); fail_unless(result == EOK, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_is_notset_timestamp) { int i; int result; int all_set = SSSDBG_MASK_ALL; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; char *error_msg; debug_timestamps = 0; debug_microseconds = 0; debug_to_file = 1; debug_prg_name = "sssd"; for (i = 0; i <= 9; i++) { debug_level = all_set & ~levels[i]; errno = 0; result = test_helper_debug_is_empty_message(levels[i], 0); if (result == DEBUG_TEST_ERROR) { error_msg = strerror(errno); fail(error_msg); } char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message has been written", levels[i]); fail_unless(result == EOK, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_is_notset_timestamp_microseconds) { int i; int result; int all_set = SSSDBG_MASK_ALL; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; char *error_msg; debug_timestamps = 0; debug_microseconds = 1; debug_to_file = 1; debug_prg_name = "sssd"; for (i = 0; i <= 9; i++) { debug_level = all_set & ~levels[i]; errno = 0; result = test_helper_debug_is_empty_message(levels[i], 0); if (result == DEBUG_TEST_ERROR) { error_msg = strerror(errno); fail(error_msg); } char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message has been written", levels[i]); fail_unless(result == EOK, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_msg_is_set_single_no_timestamp) { int i; int result; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; char *error_msg; debug_timestamps = 0; debug_microseconds = 0; debug_to_file = 1; debug_prg_name = "sssd"; for (i = 0; i <= 9; i++) { debug_level = levels[i]; errno = 0; result = test_helper_debug_check_message(levels[i], 1); if (result == DEBUG_TEST_ERROR) { error_msg = strerror(errno); fail(error_msg); } char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message don't match", levels[i]); fail_unless(result == EOK, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_msg_is_set_single_timestamp) { int i; int result; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; char *error_msg; debug_timestamps = 1; debug_microseconds = 0; debug_to_file = 1; debug_prg_name = "sssd"; for (i = 0; i <= 9; i++) { debug_level = levels[i]; errno = 0; result = test_helper_debug_check_message(levels[i], 1); if (result == DEBUG_TEST_ERROR) { error_msg = strerror(errno); fail(error_msg); } char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - invalid timestamp", levels[i]); fail_if(result == DEBUG_TEST_NOK_TS, msg); talloc_free(msg); msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message don't match", levels[i]); fail_unless(result == EOK, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_msg_is_set_single_timestamp_microseconds) { int i; int result; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; char *error_msg; debug_timestamps = 1; debug_microseconds = 1; debug_to_file = 1; debug_prg_name = "sssd"; for (i = 0; i <= 9; i++) { debug_level = levels[i]; errno = 0; result = test_helper_debug_check_message(levels[i], 1); if (result == DEBUG_TEST_ERROR) { error_msg = strerror(errno); fail(error_msg); } char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - invalid timestamp", levels[i]); fail_if(result == DEBUG_TEST_NOK_TS, msg); talloc_free(msg); msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message don't match", levels[i]); fail_unless(result == EOK, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_msg_is_notset_no_timestamp) { int i; int result; int all_set = SSSDBG_MASK_ALL; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; char *error_msg; debug_timestamps = 0; debug_microseconds = 0; debug_to_file = 1; debug_prg_name = "sssd"; for (i = 0; i <= 9; i++) { debug_level = all_set & ~levels[i]; errno = 0; result = test_helper_debug_is_empty_message(levels[i], 1); if (result == DEBUG_TEST_ERROR) { error_msg = strerror(errno); fail(error_msg); } char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message has been written", levels[i]); fail_unless(result == EOK, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_msg_is_notset_timestamp) { int i; int result; int all_set = SSSDBG_MASK_ALL; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; char *error_msg; debug_timestamps = 0; debug_microseconds = 0; debug_to_file = 1; debug_prg_name = "sssd"; for (i = 0; i <= 9; i++) { debug_level = all_set & ~levels[i]; errno = 0; result = test_helper_debug_is_empty_message(levels[i], 1); if (result == DEBUG_TEST_ERROR) { error_msg = strerror(errno); fail(error_msg); } char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message has been written", levels[i]); fail_unless(result == EOK, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_msg_is_notset_timestamp_microseconds) { int i; int result; int all_set = SSSDBG_MASK_ALL; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; char *error_msg; debug_timestamps = 0; debug_microseconds = 1; debug_to_file = 1; debug_prg_name = "sssd"; for (i = 0; i <= 9; i++) { debug_level = all_set & ~levels[i]; errno = 0; result = test_helper_debug_is_empty_message(levels[i], 1); if (result == DEBUG_TEST_ERROR) { error_msg = strerror(errno); fail(error_msg); } char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - message has been written", levels[i]); fail_unless(result == EOK, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_is_set_true) { int i; int result; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; debug_level = SSSDBG_MASK_ALL; for (i = 0; i <= 9; i++) { result = DEBUG_IS_SET(levels[i]); char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - result is 0x%.4x", levels[i], result); fail_unless(result > 0, msg); talloc_free(msg); } } END_TEST START_TEST(test_debug_is_set_false) { int i; int result; int all_set = SSSDBG_MASK_ALL; int levels[] = { SSSDBG_FATAL_FAILURE, SSSDBG_CRIT_FAILURE, SSSDBG_OP_FAILURE, SSSDBG_MINOR_FAILURE, SSSDBG_CONF_SETTINGS, SSSDBG_FUNC_DATA, SSSDBG_TRACE_FUNC, SSSDBG_TRACE_LIBS, SSSDBG_TRACE_INTERNAL, SSSDBG_TRACE_ALL }; for (i = 0; i <= 9; i++) { debug_level = all_set & ~levels[i]; result = DEBUG_IS_SET(levels[i]); char *msg = NULL; msg = talloc_asprintf(NULL, "Test of level %#.4x failed - result is 0x%.4x", levels[i], result); fail_unless(result == 0, msg); talloc_free(msg); } } END_TEST Suite *debug_suite(void) { Suite *s = suite_create("debug"); TCase *tc_debug = tcase_create("debug"); tcase_add_test(tc_debug, test_debug_convert_old_level_old_format); tcase_add_test(tc_debug, test_debug_convert_old_level_new_format); tcase_add_test(tc_debug, test_debug_get_level_old_format); tcase_add_test(tc_debug, test_debug_get_level_new_format); tcase_add_test(tc_debug, test_debug_is_set_single_no_timestamp); tcase_add_test(tc_debug, test_debug_is_set_single_timestamp); tcase_add_test(tc_debug, test_debug_is_set_single_timestamp_microseconds); tcase_add_test(tc_debug, test_debug_is_notset_no_timestamp); tcase_add_test(tc_debug, test_debug_is_notset_timestamp); tcase_add_test(tc_debug, test_debug_is_notset_timestamp_microseconds); tcase_add_test(tc_debug, test_debug_msg_is_set_single_no_timestamp); tcase_add_test(tc_debug, test_debug_msg_is_set_single_timestamp); tcase_add_test(tc_debug, test_debug_msg_is_set_single_timestamp_microseconds); tcase_add_test(tc_debug, test_debug_msg_is_notset_no_timestamp); tcase_add_test(tc_debug, test_debug_msg_is_notset_timestamp); tcase_add_test(tc_debug, test_debug_msg_is_notset_timestamp_microseconds); tcase_add_test(tc_debug, test_debug_is_set_true); tcase_add_test(tc_debug, test_debug_is_set_false); tcase_set_timeout(tc_debug, 60); suite_add_tcase(s, tc_debug); return s; } int main(int argc, const char *argv[]) { int number_failed; tests_set_cwd(); Suite *s = debug_suite(); SRunner *sr = srunner_create(s); srunner_run_all(sr, CK_NORMAL); number_failed = srunner_ntests_failed(sr); srunner_free(sr); if (number_failed == 0) return EXIT_SUCCESS; return EXIT_FAILURE; } sssd-1.11.5/src/tests/PaxHeaders.13173/common_check.c0000644000000000000000000000007312320753107020274 xustar000000000000000030 atime=1396954939.274891425 29 ctime=1396954961.65587495 sssd-1.11.5/src/tests/common_check.c0000664002412700241270000000222712320753107020522 0ustar00jhrozekjhrozek00000000000000/* SSSD Memory leak/growth checks for check-based tests using talloc. Authors: Martin Nagy Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "tests/common.h" void ck_leak_check_setup(void) { fail_unless(leak_check_setup() == true, "Cannot set up leaks test: %s\n", check_leaks_err_msg()); } void ck_leak_check_teardown(void) { fail_unless(leak_check_teardown() == true, "Cannot tear down leaks test: %s\n", check_leaks_err_msg()); } sssd-1.11.5/src/tests/PaxHeaders.13173/krb5_child-test.c0000644000000000000000000000007412320753107020633 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.720874902 sssd-1.11.5/src/tests/krb5_child-test.c0000664002412700241270000003653312320753107021067 0ustar00jhrozekjhrozek00000000000000/* SSSD Unit tests - exercise the krb5 child Authors: Jakub Hrozek Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include "util/util.h" #include "src/tools/tools_util.h" /* Interfaces being tested */ #include "providers/krb5/krb5_auth.h" #include "providers/krb5/krb5_common.h" #include "providers/krb5/krb5_utils.h" extern struct dp_option default_krb5_opts[]; static krb5_context krb5_error_ctx; #define KRB5_CHILD_TEST_DEBUG(level, error) KRB5_DEBUG(level, krb5_error_ctx, error) #define CHECK_KRET(kret, err) do { \ if (kret) { \ KRB5_CHILD_TEST_DEBUG(SSSDBG_OP_FAILURE, kret); \ return err; \ } \ } while(0) \ #define CHECK_KRET_L(kret, err, label) do { \ if (kret) { \ KRB5_CHILD_TEST_DEBUG(SSSDBG_OP_FAILURE, kret); \ goto label; \ } \ } while(0) \ struct krb5_child_test_ctx { struct tevent_context *ev; struct krb5child_req *kr; bool done; errno_t child_ret; uint8_t *buf; ssize_t len; struct krb5_child_response *res; }; static errno_t setup_krb5_child_test(TALLOC_CTX *mem_ctx, struct krb5_child_test_ctx **_ctx) { struct krb5_child_test_ctx *ctx; ctx = talloc_zero(mem_ctx, struct krb5_child_test_ctx); if (!ctx) return ENOMEM; ctx->ev = tevent_context_init(ctx); if (ctx->ev == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not init tevent context")); talloc_free(ctx); return EFAULT; } *_ctx = ctx; return EOK; } int re_destructor(void *memctx) { struct krb5_ctx *ctx = (struct krb5_ctx *) memctx; if (ctx->illegal_path_re) { pcre_free(ctx->illegal_path_re); ctx->illegal_path_re = NULL; } return 0; } static struct krb5_ctx * create_dummy_krb5_ctx(TALLOC_CTX *mem_ctx, const char *realm) { struct krb5_ctx *krb5_ctx; const char *errstr; int errval; int errpos; int i; errno_t ret; krb5_ctx = talloc_zero(mem_ctx, struct krb5_ctx); if (!krb5_ctx) return NULL; krb5_ctx->illegal_path_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0, &errval, &errstr, &errpos, NULL); if (krb5_ctx->illegal_path_re == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Invalid Regular Expression pattern at position %d. " "(Error: %d [%s])\n", errpos, errval, errstr)); goto fail; } talloc_set_destructor((TALLOC_CTX *) krb5_ctx, re_destructor); /* Kerberos options */ krb5_ctx->opts = talloc_zero_array(krb5_ctx, struct dp_option, KRB5_OPTS); if (!krb5_ctx->opts) goto fail; for (i = 0; i < KRB5_OPTS; i++) { krb5_ctx->opts[i].opt_name = default_krb5_opts[i].opt_name; krb5_ctx->opts[i].type = default_krb5_opts[i].type; krb5_ctx->opts[i].def_val = default_krb5_opts[i].def_val; switch (krb5_ctx->opts[i].type) { case DP_OPT_STRING: ret = dp_opt_set_string(krb5_ctx->opts, i, default_krb5_opts[i].def_val.string); break; case DP_OPT_BLOB: ret = dp_opt_set_blob(krb5_ctx->opts, i, default_krb5_opts[i].def_val.blob); break; case DP_OPT_NUMBER: ret = dp_opt_set_int(krb5_ctx->opts, i, default_krb5_opts[i].def_val.number); break; case DP_OPT_BOOL: ret = dp_opt_set_bool(krb5_ctx->opts, i, default_krb5_opts[i].def_val.boolean); break; } if (ret) goto fail; } ret = dp_opt_set_string(krb5_ctx->opts, KRB5_REALM, realm); if (ret) goto fail; return krb5_ctx; fail: talloc_free(krb5_ctx); return NULL; } static struct pam_data * create_dummy_pam_data(TALLOC_CTX *mem_ctx, const char *user, const char *password) { struct pam_data *pd; const char *authtok; size_t authtok_len; errno_t ret; pd = create_pam_data(mem_ctx); if (!pd) goto fail; pd->cmd = SSS_PAM_AUTHENTICATE; pd->user = talloc_strdup(pd, user); if (!pd->user) goto fail; ret = sss_authtok_set_password(pd->authtok, password, 0); if (ret) goto fail; (void)sss_authtok_get_password(pd->authtok, &authtok, &authtok_len); DEBUG(SSSDBG_FUNC_DATA, ("Authtok [%s] len [%d]\n", authtok, (int)authtok_len)); return pd; fail: talloc_free(pd); return NULL; } static struct krb5child_req * create_dummy_req(TALLOC_CTX *mem_ctx, const char *user, const char *password, const char *realm, const char *ccname, const char *ccname_template, int timeout) { struct krb5child_req *kr; struct passwd *pwd; errno_t ret; /* The top level child request */ kr = talloc_zero(mem_ctx, struct krb5child_req); if (!kr) return NULL; pwd = getpwnam(user); if (!pwd) { DEBUG(SSSDBG_FATAL_FAILURE, ("Cannot get info on user [%s]\n", user)); goto fail; } kr->uid = pwd->pw_uid; kr->gid = pwd->pw_gid; /* The Kerberos context */ kr->krb5_ctx = create_dummy_krb5_ctx(kr, realm); /* PAM Data structure */ kr->pd = create_dummy_pam_data(kr, user, password); ret = krb5_get_simple_upn(kr, kr->krb5_ctx, NULL, kr->pd->user, NULL, &kr->upn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("krb5_get_simple_upn failed.\n")); goto fail; } /* Override options with what was provided by the user */ if (ccname_template) { ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL, ccname_template); if (ret != EOK) goto fail; } if (timeout) { ret = dp_opt_set_int(kr->krb5_ctx->opts, KRB5_AUTH_TIMEOUT, timeout); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to set value for krb5_auth_timeout\n")); goto fail; } } if (!ccname) { kr->ccname = expand_ccname_template(kr, kr, dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL), true, true); if (!kr->ccname) goto fail; DEBUG(SSSDBG_FUNC_DATA, ("ccname [%s] uid [%llu] gid [%llu]\n", kr->ccname, (unsigned long long) kr->uid, (unsigned long long) kr->gid)); } else { kr->ccname = talloc_strdup(kr, ccname); } if (!kr->ccname) goto fail; DEBUG(SSSDBG_FUNC_DATA, ("ccname [%s] uid [%u] gid [%u]\n", kr->ccname, kr->uid, kr->gid)); ret = sss_krb5_precreate_ccache(kr->ccname, kr->krb5_ctx->illegal_path_re, kr->uid, kr->gid); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("create_ccache_dir failed.\n")); goto fail; } return kr; fail: talloc_free(kr); return NULL; } static void child_done(struct tevent_req *req) { struct krb5_child_test_ctx *ctx = tevent_req_callback_data(req, struct krb5_child_test_ctx); errno_t ret; ret = handle_child_recv(req, ctx, &ctx->buf, &ctx->len); talloc_free(req); ctx->done = true; ctx->child_ret = ret; } static void printtime(krb5_timestamp ts) { krb5_error_code kret; char timestring[BUFSIZ]; char fill = '\0'; #ifdef HAVE_KRB5_TIMESTAMP_TO_SFSTRING kret = krb5_timestamp_to_sfstring(ts, timestring, BUFSIZ, &fill); if (kret) { KRB5_CHILD_TEST_DEBUG(SSSDBG_OP_FAILURE, kret); } printf("%s", timestring); #else printf("%s", ctime(&ts)); #endif /* HAVE_KRB5_TIMESTAMP_TO_SFSTRING */ } static void print_creds(krb5_context kcontext, krb5_creds *cred, const char *defname) { krb5_error_code kret; char *name = NULL; char *sname = NULL; kret = krb5_unparse_name(kcontext, cred->client, &name); CHECK_KRET_L(kret, EIO, done); kret = krb5_unparse_name(kcontext, cred->server, &sname); CHECK_KRET_L(kret, EIO, done); if (!cred->times.starttime) { cred->times.starttime = cred->times.authtime; } printf("\t\t%s\n", sname); printf("\t\tValid from\t"); printtime(cred->times.starttime); printf("\n\t\tValid until\t"); printtime(cred->times.endtime); printf("\n"); if (strcmp(name, defname)) { printf("\t\tfor client %s", name); } done: krb5_free_unparsed_name(kcontext, name); krb5_free_unparsed_name(kcontext, sname); } static errno_t print_ccache(const char *cc) { krb5_cc_cursor cur; krb5_ccache cache = NULL; krb5_error_code kret; krb5_context kcontext = NULL; krb5_principal_data *princ = NULL; krb5_creds creds; char *defname = NULL; int i = 1; errno_t ret = EIO; kret = krb5_init_context(&kcontext); CHECK_KRET_L(kret, EIO, done); kret = krb5_cc_resolve(kcontext, cc, &cache); CHECK_KRET_L(kret, EIO, done); kret = krb5_cc_get_principal(kcontext, cache, &princ); CHECK_KRET_L(kret, EIO, done); kret = krb5_unparse_name(kcontext, princ, &defname); CHECK_KRET_L(kret, EIO, done); printf("\nTicket cache: %s:%s\nDefault principal: %s\n\n", krb5_cc_get_type(kcontext, cache), krb5_cc_get_name(kcontext, cache), defname); kret = krb5_cc_start_seq_get(kcontext, cache, &cur); CHECK_KRET_L(kret, EIO, done); while (!(kret = krb5_cc_next_cred(kcontext, cache, &cur, &creds))) { printf("Ticket #%d:\n", i); print_creds(kcontext, &creds, defname); krb5_free_cred_contents(kcontext, &creds); } kret = krb5_cc_end_seq_get(kcontext, cache, &cur); CHECK_KRET_L(kret, EIO, done); ret = EOK; done: krb5_cc_close(kcontext, cache); krb5_free_unparsed_name(kcontext, defname); krb5_free_principal(kcontext, princ); krb5_free_context(kcontext); return ret; } int main(int argc, const char *argv[]) { int opt; errno_t ret; struct krb5_child_test_ctx *ctx = NULL; struct tevent_req *req; int pc_debug = 0; int pc_timeout = 0; const char *pc_user = NULL;; const char *pc_passwd = NULL;; const char *pc_realm = NULL;; const char *pc_ccname = NULL;; const char *pc_ccname_tp = NULL;; char *password = NULL; bool rm_ccache = true; poptContext pc; struct poptOption long_options[] = { POPT_AUTOHELP { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, "The debug level to run with", NULL }, { "user", 'u', POPT_ARG_STRING, &pc_user, 0, "The user to log in as", NULL }, { "password", 'w', POPT_ARG_STRING, &pc_passwd, 0, "The authtok to use", NULL }, { "ask-password", 'W', POPT_ARG_NONE, NULL, 'W', "Ask interactively for authtok", NULL }, { "ccname", 'c', POPT_ARG_STRING, &pc_ccname, 0, "Force usage of a certain credential cache", NULL }, { "ccname-template", 't', POPT_ARG_STRING, &pc_ccname_tp, 0, "Specify the credential cache template", NULL }, { "realm", 'r', POPT_ARG_STRING, &pc_realm, 0, "The Kerberos realm to use", NULL }, { "keep-ccache", 'k', POPT_ARG_NONE, NULL, 'k', "Do not delete the ccache when the tool finishes", NULL }, { "timeout", '\0', POPT_ARG_INT, &pc_timeout, 0, "The timeout for the child, in seconds", NULL }, POPT_TABLEEND }; debug_prg_name = argv[0]; pc = poptGetContext(NULL, argc, argv, long_options, 0); while ((opt = poptGetNextOpt(pc)) > 0) { switch(opt) { case 'W': errno = 0; password = getpass("Enter password:"); if (!password) { return 1; } break; case 'k': rm_ccache = false; break; default: DEBUG(SSSDBG_FATAL_FAILURE, ("Unexpected option\n")); return 1; } } DEBUG_INIT(pc_debug); if (opt != -1) { poptPrintUsage(pc, stderr, 0); fprintf(stderr, "%s", poptStrerror(opt)); return 1; } if (!pc_user) { DEBUG(SSSDBG_FATAL_FAILURE, ("Please specify the user\n")); poptPrintUsage(pc, stderr, 0); return 1; } if (!pc_realm) { DEBUG(SSSDBG_FATAL_FAILURE, ("Please specify the realm\n")); poptPrintUsage(pc, stderr, 0); return 1; } if (!password && !pc_passwd) { DEBUG(SSSDBG_FATAL_FAILURE, ("Password was not provided or asked for\n")); poptPrintUsage(pc, stderr, 0); return 1; } if (pc_ccname && pc_ccname_tp) { DEBUG(SSSDBG_MINOR_FAILURE, ("Both ccname and ccname template specified, " "will prefer ccname\n")); } ret = setup_krb5_child_test(NULL, &ctx); if (ret != EOK) { poptPrintUsage(pc, stderr, 0); fprintf(stderr, "%s", poptStrerror(opt)); return 3; } ctx->kr = create_dummy_req(ctx, pc_user, password ? password : pc_passwd, pc_realm, pc_ccname, pc_ccname_tp, pc_timeout); if (!ctx->kr) { DEBUG(SSSDBG_FATAL_FAILURE, ("Cannot create Kerberos request\n")); ret = 4; goto done; } req = handle_child_send(ctx, ctx->ev, ctx->kr); if (!req) { DEBUG(SSSDBG_FATAL_FAILURE, ("Cannot create child request\n")); ret = 4; goto done; } tevent_req_set_callback(req, child_done, ctx); while (ctx->done == false) { tevent_loop_once(ctx->ev); } printf("Child returned %d\n", ctx->child_ret); ret = parse_krb5_child_response(ctx, ctx->buf, ctx->len, ctx->kr->pd, 0, &ctx->res); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not parse child response\n")); ret = 5; goto done; } if (!ctx->res->ccname) { fprintf(stderr, "No ccname returned\n"); ret = 6; goto done; } print_ccache(ctx->res->ccname); ret = 0; done: if (rm_ccache && ctx->res && ctx->res->ccname && ctx->kr) { sss_krb5_cc_destroy(ctx->res->ccname, ctx->kr->uid, ctx->kr->gid); } free(password); talloc_free(ctx); poptFreeContext(pc); return ret; } sssd-1.11.5/src/tests/PaxHeaders.13173/dlopen-tests.c0000644000000000000000000000007412320753107020271 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.712874908 sssd-1.11.5/src/tests/dlopen-tests.c0000664002412700241270000001142612320753107020517 0ustar00jhrozekjhrozek00000000000000/* SSSD debug-tests.c Authors: Simo Sorce Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #define _GNU_SOURCE #include #include #include #include #include #include #include "tests/common.h" #define LIBPFX ABS_BUILD_DIR"/.libs/" struct so { const char *name; const char *libs[6]; } so[] = { { "libsss_debug.so", { LIBPFX"libsss_debug.so", NULL } }, { "libipa_hbac.so", { LIBPFX"libipa_hbac.so", NULL } }, { "libsss_idmap.so", { LIBPFX"libsss_idmap.so", NULL } }, { "libsss_nss_idmap.so", { LIBPFX"libsss_nss_idmap.so", NULL } }, { "libnss_sss.so", { LIBPFX"libnss_sss.so", NULL } }, { "pam_sss.so", { LIBPFX"pam_sss.so", NULL } }, #ifdef BUILD_SUDO { "libsss_sudo.so", { LIBPFX"libsss_sudo.so", NULL } }, #endif #ifdef BUILD_AUTOFS { "libsss_autofs.so", { LIBPFX"libsss_autofs.so", NULL } }, #endif #ifdef HAVE_KRB5_LOCATOR_PLUGIN { "sssd_krb5_locator_plugin.so", { LIBPFX"sssd_krb5_locator_plugin.so", NULL } }, #endif #ifdef HAVE_PAC_RESPONDER { "sssd_pac_plugin.so", { LIBPFX"sssd_pac_plugin.so", NULL } }, #endif { "memberof.so", { LIBPFX"memberof.so", NULL } }, { "libsss_child.so", { "libtevent.so", LIBPFX"libsss_debug.so", LIBPFX"libsss_crypt.so", LIBPFX"libsss_util.so", LIBPFX"libsss_child.so", NULL } }, { "libsss_crypt.so", { "libtalloc.so", LIBPFX"libsss_debug.so", LIBPFX"libsss_crypt.so", NULL } }, { "libsss_util.so", { "libtalloc.so", LIBPFX"libsss_debug.so", LIBPFX"libsss_crypt.so", LIBPFX"libsss_util.so", NULL } }, { "libsss_simple.so", { LIBPFX"libdlopen_test_providers.so", LIBPFX"libsss_simple.so", NULL } }, { "libsss_ad.so", { LIBPFX"libdlopen_test_providers.so", LIBPFX"libsss_ad.so", NULL } }, { "libsss_ipa.so", { LIBPFX"libdlopen_test_providers.so", LIBPFX"libsss_ipa.so", NULL } }, { "libsss_krb5.so", { LIBPFX"libdlopen_test_providers.so", LIBPFX"libsss_krb5.so", NULL } }, { "libsss_ldap.so", { LIBPFX"libdlopen_test_providers.so", LIBPFX"libsss_ldap.so", NULL } }, { "libsss_proxy.so", { LIBPFX"libdlopen_test_providers.so", LIBPFX"libsss_proxy.so", NULL } }, #ifdef HAVE_PYTHON_BINDINGS { "pyhbac.so", { LIBPFX"pyhbac.so", NULL } }, { "pysss.so", { LIBPFX"pysss.so", NULL } }, { "pysss_murmur.so", { LIBPFX"pysss_murmur.so", NULL } }, { "pysss_nss_idmap.so", { LIBPFX"pysss_nss_idmap.so", NULL } }, #endif { NULL } }; static bool recursive_dlopen(const char **name, int round, char **errmsg) { void *handle; bool ok; *errmsg = NULL; handle = dlopen(name[round], RTLD_GLOBAL|RTLD_NOW); if (!handle) { if (asprintf(errmsg, "dlopen() failed: %s", dlerror()) == -1) *errmsg = NULL; return false; } round++; if (name[round]) { ok = recursive_dlopen(name, round, errmsg); } else { ok = true; } dlclose(handle); return ok; } START_TEST(test_dlopen_base) { char *errmsg; bool ok; int i; for (i = 0; so[i].name != NULL; i++) { ok = recursive_dlopen(so[i].libs, 0, &errmsg); fail_unless(ok, "Error opening %s: [%s]", so[i].name, errmsg); } } END_TEST Suite *dlopen_suite(void) { Suite *s = suite_create("dlopen"); TCase *tc_dlopen = tcase_create("dlopen"); tcase_add_test(tc_dlopen, test_dlopen_base); tcase_set_timeout(tc_dlopen, 10); suite_add_tcase(s, tc_dlopen); return s; } int main(int argc, const char *argv[]) { int number_failed; Suite *s = dlopen_suite(); SRunner *sr = srunner_create(s); srunner_run_all(sr, CK_NORMAL); number_failed = srunner_ntests_failed(sr); srunner_free(sr); if (number_failed == 0) return EXIT_SUCCESS; return EXIT_FAILURE; } sssd-1.11.5/src/tests/PaxHeaders.13173/crypto-tests.c0000644000000000000000000000007412320753107020330 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.711874908 sssd-1.11.5/src/tests/crypto-tests.c0000664002412700241270000001356512320753107020564 0ustar00jhrozekjhrozek00000000000000/* SSSD Crypto tests Author: Jakub Hrozek Copyright (C) Red Hat, Inc 2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "util/util.h" #include "tests/common_check.h" /* interfaces under test */ #include "util/crypto/sss_crypto.h" #include "util/crypto/nss/nss_util.h" static TALLOC_CTX *test_ctx = NULL; #ifdef HAVE_NSS START_TEST(test_nss_init) { int ret; ret = nspr_nss_init(); fail_if(ret != EOK); ret = nspr_nss_cleanup(); fail_if(ret != EOK); } END_TEST #endif START_TEST(test_encrypt_decrypt) { const char *password[] = { "test123", /* general */ "12345678901234567", /* just above blocksize */ "", /* empty */ NULL}; /* sentinel */ int i; char *obfpwd = NULL; char *ctpwd = NULL; int ret; int expected; #if defined(HAVE_NSS) || defined(HAVE_LIBCRYPTO) expected = EOK; #else #error Unknown crypto back end #endif test_ctx = talloc_new(NULL); fail_if(test_ctx == NULL); ck_leaks_push(test_ctx); for (i=0; password[i]; i++) { ret = sss_password_encrypt(test_ctx, password[i], strlen(password[i])+1, AES_256, &obfpwd); fail_if(ret != expected); ret = sss_password_decrypt(test_ctx, obfpwd, &ctpwd); fail_if(ret != expected); fail_if(ctpwd && strcmp(password[i], ctpwd) != 0); talloc_free(obfpwd); talloc_free(ctpwd); } ck_leaks_pop(test_ctx); talloc_free(test_ctx); } END_TEST START_TEST(test_hmac_sha1) { const char *message = "test message"; const char *keys[] = { "short", "proper6789012345678901234567890123456789012345678901234567890123", "longlonglonglonglonglonglonglonglonglonglonglonglonglonglonglonglong", NULL }; const char *results[] = { "\x2b\x27\x53\x07\x17\xd8\xc0\x8f\x97\x27\xdd\xb3\xec\x41\xd8\xa3\x94\x97\xaa\x35", "\x37\xe7\x0a\x6f\x71\x0b\xa9\x93\x81\x53\x8f\x5c\x06\x83\x44\x2f\xc9\x41\xe3\xed", "\xbd\x99\xa7\x7f\xfc\x5e\xde\x04\x32\x7f\x7b\x71\x4d\xc0\x3f\x51\x2d\x25\x01\x28", NULL }; unsigned char out[SSS_SHA1_LENGTH]; int ret, expected; int i; #if defined(HAVE_NSS) || defined(HAVE_LIBCRYPTO) expected = EOK; #else #error Unknown crypto back end #endif for (i = 0; keys[i]; i++) { ret = sss_hmac_sha1((const unsigned char *)keys[i], strlen(keys[i]), (const unsigned char *)message, strlen(message), out); fail_if(ret != expected); fail_if(ret == EOK && memcmp(out, results[i], SSS_SHA1_LENGTH) != 0); } } END_TEST START_TEST(test_base64_encode) { const unsigned char obfbuf[] = "test"; const char expected[] = "dGVzdA=="; char *obfpwd = NULL; test_ctx = talloc_new(NULL); fail_if(test_ctx == NULL); /* Base64 encode the buffer */ obfpwd = sss_base64_encode(test_ctx, obfbuf, strlen((const char*)obfbuf)); fail_if(obfpwd == NULL); fail_if(strcmp(obfpwd,expected) != 0); talloc_free(test_ctx); } END_TEST START_TEST(test_base64_decode) { unsigned char *obfbuf = NULL; size_t obflen; const char b64encoded[] = "dGVzdA=="; const unsigned char expected[] = "test"; test_ctx = talloc_new(NULL); fail_if(test_ctx == NULL); /* Base64 decode the buffer */ obfbuf = sss_base64_decode(test_ctx, b64encoded, &obflen); fail_if(!obfbuf); fail_if(obflen != strlen((const char*)expected)); fail_if(memcmp(obfbuf, expected, obflen) != 0); talloc_free(test_ctx); } END_TEST Suite *crypto_suite(void) { Suite *s = suite_create("sss_crypto"); TCase *tc = tcase_create("sss crypto tests"); tcase_add_checked_fixture(tc, ck_leak_check_setup, ck_leak_check_teardown); /* Do some testing */ #ifdef HAVE_NSS tcase_add_test(tc, test_nss_init); #endif tcase_add_test(tc, test_encrypt_decrypt); tcase_add_test(tc, test_hmac_sha1); tcase_add_test(tc, test_base64_encode); tcase_add_test(tc, test_base64_decode); /* Add all test cases to the test suite */ suite_add_tcase(s, tc); return s; } int main(int argc, const char *argv[]) { int opt; poptContext pc; int number_failed; struct poptOption long_options[] = { POPT_AUTOHELP { "debug-level", 'd', POPT_ARG_INT, &debug_level, 0, "Set debug level", NULL }, POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); tests_set_cwd(); Suite *s = crypto_suite(); SRunner *sr = srunner_create(s); srunner_run_all(sr, CK_ENV); number_failed = srunner_ntests_failed(sr); srunner_free(sr); return (number_failed == 0 ? EXIT_SUCCESS : EXIT_FAILURE); } sssd-1.11.5/src/tests/PaxHeaders.13173/common.c0000644000000000000000000000007412320753107017140 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.654874951 sssd-1.11.5/src/tests/common.c0000664002412700241270000000555012320753107017367 0ustar00jhrozekjhrozek00000000000000/* SSSD Common utilities for check-based tests using talloc. Authors: Martin Nagy Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "tests/common.h" #include "util/util.h" void tests_set_cwd(void) { int ret; ret = chdir(TEST_DIR); if (ret == -1) { fprintf(stderr, "Could not chdir to [%s].\n" "Attempting to continue with current dir\n", TEST_DIR); } } /* Check that the option names of the two maps are the same * and appear in the same order. */ errno_t compare_dp_options(struct dp_option *map1, size_t size1, struct dp_option *map2) { size_t i; for (i = 0; i < size1; i++) { /* Check for a valid option */ if (map1[i].opt_name == NULL) return EINVAL; /* Check whether we've gone past the end of map2 */ if (map2[i].opt_name == NULL) return ERANGE; /* Ensure that the option names are the same */ if(strcmp(map1[i].opt_name, map2[i].opt_name) != 0) { fprintf(stderr, "Expected [%s], got [%s]\n", map1[i].opt_name, map2[i].opt_name); return EINVAL; } } /* Leftover options in map2 */ if (map2[i].opt_name != NULL) return ERANGE; return EOK; } /* Check that the option names of the two maps are the same * and appear in the same order. */ errno_t compare_sdap_attr_maps(struct sdap_attr_map *map1, size_t size1, struct sdap_attr_map *map2) { size_t i; for (i = 0; i < size1; i++) { /* Check for a valid option */ if (map1[i].opt_name == NULL) return EINVAL; /* Check whether we've gone past the end of map2 */ if (map2[i].opt_name == NULL) return ERANGE; /* Ensure that the option names are the same */ if(strcmp(map1[i].opt_name, map2[i].opt_name) != 0) { fprintf(stderr, "Expected [%s], got [%s]\n", map1[i].opt_name, map2[i].opt_name); return EINVAL; } } /* Leftover options in map2 */ if (map2[i].opt_name != NULL) return ERANGE; return EOK; } bool ldb_modules_path_is_set(void) { if (getenv("LDB_MODULES_PATH")) { return true; } return false; } sssd-1.11.5/src/tests/PaxHeaders.13173/common_tev.c0000644000000000000000000000007412320753107020016 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.652874952 sssd-1.11.5/src/tests/common_tev.c0000664002412700241270000000404412320753107020242 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2013 Red Hat SSSD tests: Common utilities for tests that exercise domains This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "tests/common.h" struct sss_test_ctx * create_ev_test_ctx(TALLOC_CTX *mem_ctx) { struct sss_test_ctx *test_ctx; test_ctx = talloc_zero(mem_ctx, struct sss_test_ctx); if (test_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed\n")); goto fail; } /* Create an event context */ test_ctx->ev = tevent_context_init(test_ctx); if (test_ctx->ev == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("tevent_context_init failed\n")); goto fail; } return test_ctx; fail: talloc_free(test_ctx); return NULL; } struct tevent_req * test_request_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, errno_t err) { struct tevent_req *req; int *state; req = tevent_req_create(mem_ctx, &state, int); if (!req) return NULL; if (err == EOK) { tevent_req_done(req); } else { tevent_req_error(req, err); } tevent_req_post(req, ev); return req; } errno_t test_request_recv(struct tevent_req *req) { TEVENT_REQ_RETURN_ON_ERROR(req); return EOK; } int test_ev_loop(struct sss_test_ctx *tctx) { while (!tctx->done) tevent_loop_once(tctx->ev); return tctx->error; } sssd-1.11.5/src/tests/PaxHeaders.13173/ipa_ldap_opt-tests.c0000644000000000000000000000007412320753107021443 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.719874903 sssd-1.11.5/src/tests/ipa_ldap_opt-tests.c0000664002412700241270000002010612320753107021664 0ustar00jhrozekjhrozek00000000000000/* SSSD Tests if IPA and LDAP backend options are in sync Authors: Jakub Hrozek Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_opts.h" #include "providers/ldap/sdap.h" #include "providers/ldap/ldap_opts.h" #include "providers/krb5/krb5_opts.h" #include "providers/krb5/krb5_common.h" #include "providers/ad/ad_opts.h" #include "providers/dp_dyndns.h" #include "tests/common.h" struct test_domain { const char *domain; const char *basedn; }; struct test_domain test_domains[] = { { "abc", "dc=abc"}, { "a.b.c", "dc=a,dc=b,dc=c"}, { "A.B.C", "dc=a,dc=b,dc=c"}, { NULL, NULL} }; START_TEST(test_domain_to_basedn) { int ret; int i; TALLOC_CTX *tmp_ctx; char *basedn; tmp_ctx = talloc_new(NULL); fail_unless(tmp_ctx != NULL, "talloc_new failed"); ret = domain_to_basedn(tmp_ctx, NULL, &basedn); fail_unless(ret == EINVAL, "domain_to_basedn does not fail with EINVAL if domain is NULL"); ret = domain_to_basedn(tmp_ctx, "abc", NULL); fail_unless(ret == EINVAL, "domain_to_basedn does not fail with EINVAL if basedn is NULL"); for(i=0; test_domains[i].domain != NULL; i++) { ret = domain_to_basedn(tmp_ctx, test_domains[i].domain, &basedn); fail_unless(ret == EOK, "domain_to_basedn failed"); fail_unless(strcmp(basedn, test_domains[i].basedn) == 0, "domain_to_basedn returned wrong basedn, " "get [%s], expected [%s]", basedn, test_domains[i].basedn); talloc_free(basedn); } talloc_free(tmp_ctx); } END_TEST START_TEST(test_compare_opts) { errno_t ret; ret = compare_dp_options(default_basic_opts, SDAP_OPTS_BASIC, ipa_def_ldap_opts); fail_unless(ret == EOK, "[%s]", strerror(ret)); ret = compare_dp_options(default_krb5_opts, KRB5_OPTS, ipa_def_krb5_opts); fail_unless(ret == EOK, "[%s]", strerror(ret)); ret = compare_dp_options(ipa_dyndns_opts, DP_OPT_DYNDNS, ad_dyndns_opts); fail_unless(ret == EOK, "[%s]", strerror(ret)); } END_TEST START_TEST(test_compare_sdap_attrs) { errno_t ret; /* General Attributes */ ret = compare_sdap_attr_maps(generic_attr_map, SDAP_AT_GENERAL, ipa_attr_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); /* User Attributes */ ret = compare_sdap_attr_maps(rfc2307_user_map, SDAP_OPTS_USER, ipa_user_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); /* Group Attributes */ ret = compare_sdap_attr_maps(rfc2307_group_map, SDAP_OPTS_GROUP, ipa_group_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); /* Service Attributes */ ret = compare_sdap_attr_maps(service_map, SDAP_OPTS_SERVICES, ipa_service_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); /* AutoFS Attributes */ ret = compare_sdap_attr_maps(rfc2307_autofs_mobject_map, SDAP_OPTS_AUTOFS_MAP, ipa_autofs_mobject_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); ret = compare_sdap_attr_maps(rfc2307_autofs_entry_map, SDAP_OPTS_AUTOFS_ENTRY, ipa_autofs_entry_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); } END_TEST START_TEST(test_compare_2307_with_2307bis) { errno_t ret; /* User Attributes */ ret = compare_sdap_attr_maps(rfc2307_user_map, SDAP_OPTS_USER, rfc2307bis_user_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); /* Group Attributes */ ret = compare_sdap_attr_maps(rfc2307_group_map, SDAP_OPTS_GROUP, rfc2307bis_group_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); /* AutoFS Attributes */ ret = compare_sdap_attr_maps(rfc2307_autofs_mobject_map, SDAP_OPTS_AUTOFS_MAP, rfc2307bis_autofs_mobject_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); ret = compare_sdap_attr_maps(rfc2307_autofs_entry_map, SDAP_OPTS_AUTOFS_ENTRY, rfc2307bis_autofs_entry_map); fail_unless(ret == EOK, "[%s]", strerror(ret)); } END_TEST START_TEST(test_copy_opts) { errno_t ret; TALLOC_CTX *tmp_ctx; struct dp_option *opts; tmp_ctx = talloc_new(NULL); fail_unless(tmp_ctx != NULL, "talloc_new failed"); ret = dp_copy_defaults(tmp_ctx, ad_def_ldap_opts, SDAP_OPTS_BASIC, &opts); fail_unless(ret == EOK, "[%s]", strerror(ret)); for (int i=0; i < SDAP_OPTS_BASIC; i++) { char *s1, *s2; bool b1, b2; int i1, i2; struct dp_opt_blob bl1, bl2; switch (opts[i].type) { case DP_OPT_STRING: s1 = dp_opt_get_string(opts, i); s2 = opts[i].def_val.string; if (s1 != NULL || s2 != NULL) { fail_unless(strcmp(s1, s2) == 0, "Option %s does not have default value after copy\n", opts[i].opt_name); } break; case DP_OPT_NUMBER: i1 = dp_opt_get_int(opts, i); i2 = opts[i].def_val.number; fail_unless(i1 == i2, "Option %s does not have default value after copy\n", opts[i].opt_name); break; case DP_OPT_BOOL: b1 = dp_opt_get_bool(opts, i); b2 = opts[i].def_val.boolean; fail_unless(b1 == b2, "Option %s does not have default value after copy\n", opts[i].opt_name); break; case DP_OPT_BLOB: bl1 = dp_opt_get_blob(opts, i); bl2 = opts[i].def_val.blob; fail_unless(bl1.length == bl2.length, "Blobs differ in size for option %s\n", opts[i].opt_name); fail_unless(memcmp(bl1.data, bl2.data, bl1.length) == 0, "Blobs differ in value for option %s\n", opts[i].opt_name); } } talloc_free(tmp_ctx); } END_TEST Suite *ipa_ldap_opt_suite (void) { Suite *s = suite_create ("ipa_ldap_opt"); TCase *tc_ipa_ldap_opt = tcase_create ("ipa_ldap_opt"); tcase_add_test (tc_ipa_ldap_opt, test_compare_opts); tcase_add_test (tc_ipa_ldap_opt, test_compare_sdap_attrs); tcase_add_test (tc_ipa_ldap_opt, test_compare_2307_with_2307bis); suite_add_tcase (s, tc_ipa_ldap_opt); TCase *tc_ipa_utils = tcase_create ("ipa_utils"); tcase_add_test (tc_ipa_utils, test_domain_to_basedn); suite_add_tcase (s, tc_ipa_utils); TCase *tc_dp_opts = tcase_create ("dp_opts"); tcase_add_test (tc_dp_opts, test_copy_opts); suite_add_tcase (s, tc_dp_opts); return s; } int main(void) { int number_failed; tests_set_cwd(); Suite *s = ipa_ldap_opt_suite (); SRunner *sr = srunner_create (s); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); number_failed = srunner_ntests_failed (sr); srunner_free (sr); return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; } sssd-1.11.5/src/tests/PaxHeaders.13173/util-tests.c0000644000000000000000000000007412320753107017765 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.789874851 sssd-1.11.5/src/tests/util-tests.c0000664002412700241270000007266412320753107020226 0ustar00jhrozekjhrozek00000000000000/* SSSD util-tests.c Authors: Stephen Gallagher Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include "util/util.h" #include "util/sss_utf8.h" #include "util/murmurhash3.h" #include "tests/common_check.h" #define FILENAME_TEMPLATE "tests-atomicio-XXXXXX" char *filename; int atio_fd; START_TEST(test_add_string_to_list) { int ret; char **list = NULL; ret = add_string_to_list(NULL, NULL, NULL); fail_unless(ret == EINVAL, "NULL input accepted"); ret = add_string_to_list(global_talloc_context, "ABC", &list); fail_unless(ret == EOK, "Adding string to non-existing list failed."); fail_unless(list != NULL, "No new list created."); fail_unless(list[0] != NULL, "String not added to new list."); fail_unless(strcmp(list[0], "ABC") == 0, "Wrong string added to newly created list."); fail_unless(list[1] == NULL, "Missing terminating NULL in newly created list."); ret = add_string_to_list(global_talloc_context, "DEF", &list); fail_unless(ret == EOK, "Adding string to list failed."); fail_unless(list != NULL, "No list returned."); fail_unless(strcmp(list[0], "ABC") == 0, "Wrong first string in new list."); fail_unless(strcmp(list[1], "DEF") == 0, "Wrong string added to list."); fail_unless(list[2] == NULL, "Missing terminating NULL."); list[0] = NULL; ret = add_string_to_list(global_talloc_context, "ABC", &list); fail_unless(ret == EOK, "Adding string to empty list failed."); fail_unless(list != NULL, "No list returned."); fail_unless(list[0] != NULL, "String not added to empty list."); fail_unless(strcmp(list[0], "ABC") == 0, "Wrong string added to empty list."); fail_unless(list[1] == NULL, "Missing terminating NULL in newly created list."); talloc_free(list); } END_TEST START_TEST(test_string_in_list) { bool is_in; char *empty_list[] = {NULL}; char *list[] = {discard_const("ABC"), discard_const("DEF"), discard_const("GHI"), NULL}; is_in = string_in_list(NULL, NULL, false); fail_unless(!is_in, "NULL string is in NULL list."); is_in = string_in_list(NULL, empty_list, false); fail_unless(!is_in, "NULL string is in empty list."); is_in = string_in_list(NULL, list, false); fail_unless(!is_in, "NULL string is in list."); is_in = string_in_list("ABC", NULL, false); fail_unless(!is_in, "String is in NULL list."); is_in = string_in_list("ABC", empty_list, false); fail_unless(!is_in, "String is in empty list."); is_in = string_in_list("ABC", list, false); fail_unless(is_in, "String is not list."); is_in = string_in_list("abc", list, false); fail_unless(is_in, "String is not case in-sensitive list."); is_in = string_in_list("abc", list, true); fail_unless(!is_in, "Wrong string found in case sensitive list."); is_in = string_in_list("123", list, false); fail_unless(!is_in, "Wrong string found in list."); } END_TEST START_TEST(test_parse_args) { struct pa_testcase { const char *argstr; const char **parsed; }; TALLOC_CTX *test_ctx; int i, ii; int ret; char **parsed; char **only_ret; char **only_exp; char **both; test_ctx = talloc_new(NULL); /* Positive tests */ const char *parsed1[] = { "foo", NULL }; const char *parsed2[] = { "foo", "a", NULL }; const char *parsed3[] = { "foo", "b", NULL }; const char *parsed4[] = { "foo", "a c", NULL }; const char *parsed5[] = { "foo", "a", "d", NULL }; const char *parsed6[] = { "foo", "a", "e", NULL }; const char *parsed7[] = { "foo", "a", "f", NULL }; const char *parsed8[] = { "foo", "a\tg", NULL }; struct pa_testcase tc[] = { { "foo", parsed1 }, { "foo a", parsed2 }, { "foo b", parsed3 }, { "foo a\\ c", parsed4 }, { "foo a d ", parsed5 }, { "foo a e ", parsed6 }, { "foo a f ", parsed7 }, { "foo a\\\tg", parsed8 }, { NULL, NULL } }; for (i=0; tc[i].argstr != NULL; i++) { parsed = parse_args(tc[i].argstr); fail_if(parsed == NULL && tc[i].parsed != NULL, "Could not parse correct argument string '%s'\n"); ret = diff_string_lists(test_ctx, parsed, discard_const(tc[i].parsed), &only_ret, &only_exp, &both); fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret); fail_unless(only_ret[0] == NULL, "The parser returned more data than expected\n"); fail_unless(only_exp[0] == NULL, "The parser returned less data than expected\n"); for (ii = 0; parsed[ii]; ii++) free(parsed[ii]); free(parsed); } talloc_free(test_ctx); } END_TEST START_TEST(test_diff_string_lists) { TALLOC_CTX *test_ctx; char **l1; char **l2; char **l3; char **only_l1; char **only_l2; char **both; int ret; test_ctx = talloc_new(NULL); /* Test with all values returned */ l1 = talloc_array(test_ctx, char *, 4); l1[0] = talloc_strdup(l1, "a"); l1[1] = talloc_strdup(l1, "b"); l1[2] = talloc_strdup(l1, "c"); l1[3] = NULL; l2 = talloc_array(test_ctx, char *, 4); l2[0] = talloc_strdup(l1, "d"); l2[1] = talloc_strdup(l1, "c"); l2[2] = talloc_strdup(l1, "b"); l2[3] = NULL; ret = diff_string_lists(test_ctx, l1, l2, &only_l1, &only_l2, &both); fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret); fail_unless(strcmp(only_l1[0], "a") == 0, "Missing \"a\" from only_l1"); fail_unless(only_l1[1] == NULL, "only_l1 not NULL-terminated"); fail_unless(strcmp(only_l2[0], "d") == 0, "Missing \"d\" from only_l2"); fail_unless(only_l2[1] == NULL, "only_l2 not NULL-terminated"); fail_unless(strcmp(both[0], "c") == 0, "Missing \"c\" from both"); fail_unless(strcmp(both[1], "b") == 0, "Missing \"b\" from both"); fail_unless(both[2] == NULL, "both not NULL-terminated"); talloc_zfree(only_l1); talloc_zfree(only_l2); talloc_zfree(both); /* Test with restricted return values */ ret = diff_string_lists(test_ctx, l1, l2, &only_l1, &only_l2, NULL); fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret); fail_unless(strcmp(only_l1[0], "a") == 0, "Missing \"a\" from only_l1"); fail_unless(only_l1[1] == NULL, "only_l1 not NULL-terminated"); fail_unless(strcmp(only_l2[0], "d") == 0, "Missing \"d\" from only_l2"); fail_unless(only_l2[1] == NULL, "only_l2 not NULL-terminated"); fail_unless(both == NULL, "Nothing returned to both"); talloc_zfree(only_l1); talloc_zfree(only_l2); talloc_zfree(both); ret = diff_string_lists(test_ctx, l1, l2, &only_l1, NULL, NULL); fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret); fail_unless(strcmp(only_l1[0], "a") == 0, "Missing \"a\" from only_l1"); fail_unless(only_l1[1] == NULL, "only_l1 not NULL-terminated"); fail_unless(only_l2 == NULL, "Nothing returned to only_l2"); fail_unless(both == NULL, "Nothing returned to both"); talloc_zfree(only_l1); talloc_zfree(only_l2); talloc_zfree(both); ret = diff_string_lists(test_ctx, l1, l2, NULL, &only_l2, NULL); fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret); fail_unless(strcmp(only_l2[0], "d") == 0, "Missing \"d\" from only_l2"); fail_unless(only_l2[1] == NULL, "only_l2 not NULL-terminated"); fail_unless(only_l1 == NULL, "Nothing returned to only_l1"); fail_unless(both == NULL, "Nothing returned to both"); talloc_zfree(only_l1); talloc_zfree(only_l2); talloc_zfree(both); /* Test with no overlap */ l3 = talloc_array(test_ctx, char *, 4); l3[0] = talloc_strdup(l1, "d"); l3[1] = talloc_strdup(l1, "e"); l3[2] = talloc_strdup(l1, "f"); l3[3] = NULL; ret = diff_string_lists(test_ctx, l1, l3, &only_l1, &only_l2, &both); fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret); fail_unless(strcmp(only_l1[0], "a") == 0, "Missing \"a\" from only_l1"); fail_unless(strcmp(only_l1[1], "b") == 0, "Missing \"b\" from only_l1"); fail_unless(strcmp(only_l1[2], "c") == 0, "Missing \"c\" from only_l1"); fail_unless(only_l1[3] == NULL, "only_l1 not NULL-terminated"); fail_unless(strcmp(only_l2[0], "d") == 0, "Missing \"f\" from only_l2"); fail_unless(strcmp(only_l2[1], "e") == 0, "Missing \"e\" from only_l2"); fail_unless(strcmp(only_l2[2], "f") == 0, "Missing \"d\" from only_l2"); fail_unless(only_l2[3] == NULL, "only_l2 not NULL-terminated"); fail_unless(both[0] == NULL, "both should have zero entries"); talloc_zfree(only_l1); talloc_zfree(only_l2); talloc_zfree(both); /* Test with 100% overlap */ ret = diff_string_lists(test_ctx, l1, l1, &only_l1, &only_l2, &both); fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret); fail_unless(only_l1[0] == NULL, "only_l1 should have zero entries"); fail_unless(only_l2[0] == NULL, "only_l2 should have zero entries"); fail_unless(strcmp(both[0], "a") == 0, "Missing \"a\" from both"); fail_unless(strcmp(both[1], "b") == 0, "Missing \"b\" from both"); fail_unless(strcmp(both[2], "c") == 0, "Missing \"c\" from both"); fail_unless(both[3] == NULL, "both is not NULL-terminated"); talloc_zfree(only_l1); talloc_zfree(only_l2); talloc_zfree(both); /* Test with no second list */ ret = diff_string_lists(test_ctx, l1, NULL, &only_l1, &only_l2, &both); fail_unless(ret == EOK, "diff_string_lists returned error [%d]", ret); fail_unless(strcmp(only_l1[0], "a") == 0, "Missing \"a\" from only_l1"); fail_unless(strcmp(only_l1[1], "b") == 0, "Missing \"b\" from only_l1"); fail_unless(strcmp(only_l1[2], "c") == 0, "Missing \"c\" from only_l1"); fail_unless(only_l1[3] == NULL, "only_l1 not NULL-terminated"); fail_unless(only_l2[0] == NULL, "only_l2 should have zero entries"); fail_unless(both[0] == NULL, "both should have zero entries"); talloc_free(test_ctx); } END_TEST START_TEST(test_sss_filter_sanitize) { errno_t ret; char *sanitized = NULL; TALLOC_CTX *test_ctx = talloc_new(NULL); fail_if (test_ctx == NULL, "Out of memory"); const char no_specials[] = "username"; ret = sss_filter_sanitize(test_ctx, no_specials, &sanitized); fail_unless(ret == EOK, "no_specials error [%d][%s]", ret, strerror(ret)); fail_unless(strcmp(no_specials, sanitized)==0, "Expected [%s], got [%s]", no_specials, sanitized); const char has_asterisk[] = "*username"; const char has_asterisk_expected[] = "\\2ausername"; ret = sss_filter_sanitize(test_ctx, has_asterisk, &sanitized); fail_unless(ret == EOK, "has_asterisk error [%d][%s]", ret, strerror(ret)); fail_unless(strcmp(has_asterisk_expected, sanitized)==0, "Expected [%s], got [%s]", has_asterisk_expected, sanitized); const char has_lparen[] = "user(name"; const char has_lparen_expected[] = "user\\28name"; ret = sss_filter_sanitize(test_ctx, has_lparen, &sanitized); fail_unless(ret == EOK, "has_lparen error [%d][%s]", ret, strerror(ret)); fail_unless(strcmp(has_lparen_expected, sanitized)==0, "Expected [%s], got [%s]", has_lparen_expected, sanitized); const char has_rparen[] = "user)name"; const char has_rparen_expected[] = "user\\29name"; ret = sss_filter_sanitize(test_ctx, has_rparen, &sanitized); fail_unless(ret == EOK, "has_rparen error [%d][%s]", ret, strerror(ret)); fail_unless(strcmp(has_rparen_expected, sanitized)==0, "Expected [%s], got [%s]", has_rparen_expected, sanitized); const char has_backslash[] = "username\\"; const char has_backslash_expected[] = "username\\5c"; ret = sss_filter_sanitize(test_ctx, has_backslash, &sanitized); fail_unless(ret == EOK, "has_backslash error [%d][%s]", ret, strerror(ret)); fail_unless(strcmp(has_backslash_expected, sanitized)==0, "Expected [%s], got [%s]", has_backslash_expected, sanitized); const char has_all[] = "\\(user)*name"; const char has_all_expected[] = "\\5c\\28user\\29\\2aname"; ret = sss_filter_sanitize(test_ctx, has_all, &sanitized); fail_unless(ret == EOK, "has_all error [%d][%s]", ret, strerror(ret)); fail_unless(strcmp(has_all_expected, sanitized)==0, "Expected [%s], got [%s]", has_all_expected, sanitized); talloc_free(test_ctx); } END_TEST START_TEST(test_size_t_overflow) { fail_unless(!SIZE_T_OVERFLOW(1, 1), "unexpected overflow"); fail_unless(!SIZE_T_OVERFLOW(SIZE_MAX, 0), "unexpected overflow"); fail_unless(!SIZE_T_OVERFLOW(SIZE_MAX-10, 10), "unexpected overflow"); fail_unless(SIZE_T_OVERFLOW(SIZE_MAX, 1), "overflow not detected"); fail_unless(SIZE_T_OVERFLOW(SIZE_MAX, SIZE_MAX), "overflow not detected"); fail_unless(SIZE_T_OVERFLOW(SIZE_MAX, ULLONG_MAX), "overflow not detected"); fail_unless(SIZE_T_OVERFLOW(SIZE_MAX, -10), "overflow not detected"); } END_TEST START_TEST(test_utf8_lowercase) { const uint8_t munchen_utf8_upcase[] = { 'M', 0xC3, 0x9C, 'N', 'C', 'H', 'E', 'N', 0x0 }; const uint8_t munchen_utf8_lowcase[] = { 'm', 0xC3, 0xBC, 'n', 'c', 'h', 'e', 'n', 0x0 }; uint8_t *lcase; size_t nlen; lcase = sss_utf8_tolower(munchen_utf8_upcase, strlen((const char *)munchen_utf8_upcase), &nlen); fail_if(strlen((const char *) munchen_utf8_upcase) != nlen); /* This is not true for utf8 strings in general */ fail_if(memcmp(lcase, munchen_utf8_lowcase, nlen)); sss_utf8_free(lcase); } END_TEST START_TEST(test_utf8_talloc_lowercase) { const uint8_t munchen_utf8_upcase[] = { 'M', 0xC3, 0x9C, 'N', 'C', 'H', 'E', 'N', 0x0 }; const uint8_t munchen_utf8_lowcase[] = { 'm', 0xC3, 0xBC, 'n', 'c', 'h', 'e', 'n', 0x0 }; uint8_t *lcase; size_t nsize; TALLOC_CTX *test_ctx; test_ctx = talloc_new(NULL); fail_if(test_ctx == NULL); lcase = sss_tc_utf8_tolower(test_ctx, munchen_utf8_upcase, strlen((const char *) munchen_utf8_upcase), &nsize); fail_if(memcmp(lcase, munchen_utf8_lowcase, nsize)); talloc_free(test_ctx); } END_TEST START_TEST(test_utf8_talloc_str_lowercase) { const uint8_t munchen_utf8_upcase[] = { 'M', 0xC3, 0x9C, 'N', 'C', 'H', 'E', 'N', 0x0 }; const uint8_t munchen_utf8_lowcase[] = { 'm', 0xC3, 0xBC, 'n', 'c', 'h', 'e', 'n', 0x0 }; char *lcase; TALLOC_CTX *test_ctx; test_ctx = talloc_new(NULL); fail_if(test_ctx == NULL); lcase = sss_tc_utf8_str_tolower(test_ctx, (const char *) munchen_utf8_upcase); fail_if(memcmp(lcase, munchen_utf8_lowcase, strlen(lcase))); talloc_free(test_ctx); } END_TEST START_TEST(test_utf8_caseeq) { const uint8_t munchen_utf8_upcase[] = { 'M', 0xC3, 0x9C, 'N', 'C', 'H', 'E', 'N', 0x0 }; const uint8_t munchen_utf8_lowcase[] = { 'm', 0xC3, 0xBC, 'n', 'c', 'h', 'e', 'n', 0x0 }; const uint8_t czech_utf8_lowcase[] = { 0xC4, 0x8D, 'e', 'c', 'h', 0x0 }; const uint8_t czech_utf8_upcase[] = { 0xC4, 0x8C, 'e', 'c', 'h', 0x0 }; const uint8_t czech_utf8_lowcase_neg[] = { 0xC4, 0x8E, 'e', 'c', 'h', 0x0 }; errno_t ret; ret = sss_utf8_case_eq(munchen_utf8_upcase, munchen_utf8_lowcase); fail_unless(ret == EOK, "Latin 1 Supplement comparison failed\n"); ret = sss_utf8_case_eq(czech_utf8_upcase, czech_utf8_lowcase); fail_unless(ret == EOK, "Latin Extended A comparison failed\n"); ret = sss_utf8_case_eq(czech_utf8_upcase, czech_utf8_lowcase_neg); fail_if(ret == EOK, "Negative test succeeded\n"); } END_TEST START_TEST(test_utf8_check) { const char *invalid = "ad\351la\357d"; const uint8_t valid[] = { 'M', 0xC3, 0x9C, 'N', 'C', 'H', 'E', 'N', 0x0 }; bool ret; ret = sss_utf8_check(valid, strlen((const char *) valid)); fail_unless(ret == true, "Positive test failed\n"); ret = sss_utf8_check((const uint8_t *) invalid, strlen(invalid)); fail_unless(ret == false, "Negative test succeeded\n"); } END_TEST START_TEST(test_murmurhash3_check) { const char *tests[6] = { "1052800007", "1052800008", "1052800000", "abcdefghijk", "abcdefghili", "abcdefgh000" }; uint32_t results[6]; int i, j; for (i = 0; i< 6; i++) { results[i] = murmurhash3(tests[i], strlen(tests[i]), 0xdeadbeef); for (j = 0; j < i; j++) { fail_if(results[i] == results[j]); } } } END_TEST START_TEST(test_murmurhash3_random) { char test[16]; uint32_t result1; uint32_t result2; unsigned int init_seed; unsigned int seed; size_t len; int i; /* generate a random string so each time we test with different values */ init_seed = time(0); seed = init_seed; /* use also random length (min len = 1) */ len = 1 + rand_r(&seed) % 14; for (i = 0; i < len; i++) { test[i] = 1 + rand_r(&seed) % 254; } test[len] = '\0'; /* null terminate */ fprintf(stdout, "test_murmurhash3_random seed: %d\n", init_seed); result1 = murmurhash3(test, len + 1, init_seed); result2 = murmurhash3(test, len + 1, init_seed); fail_if(result1 != result2); } END_TEST void setup_atomicio(void) { int ret; mode_t old_umask; filename = strdup(FILENAME_TEMPLATE); fail_unless(filename != NULL, "strdup failed"); atio_fd = -1; old_umask = umask(077); ret = mkstemp(filename); umask(old_umask); fail_unless(ret != -1, "mkstemp failed [%d][%s]", errno, strerror(errno)); atio_fd = ret; } void teardown_atomicio(void) { int ret; if (atio_fd != -1) { ret = close(atio_fd); fail_unless(ret == 0, "close failed [%d][%s]", errno, strerror(errno)); } fail_unless(filename != NULL, "unknown filename"); ret = unlink(filename); free(filename); fail_unless(ret == 0, "unlink failed [%d][%s]", errno, strerror(errno)); } START_TEST(test_atomicio_read_from_file) { const ssize_t bufsize = 64; char buf[64]; int fd; ssize_t numread; errno_t ret; fd = open("/dev/zero", O_RDONLY); fail_if(fd == -1, "Cannot open /dev/zero"); errno = 0; numread = sss_atomic_read_s(fd, buf, bufsize); ret = errno; fail_unless(ret == 0, "Error %d while reading\n", ret); fail_unless(numread == bufsize, "Read %d bytes expected %d\n", numread, bufsize); close(fd); } END_TEST START_TEST(test_atomicio_read_from_small_file) { char wbuf[] = "foobar"; ssize_t wsize = strlen(wbuf)+1; ssize_t numwritten; char rbuf[64]; ssize_t numread; errno_t ret; fail_if(atio_fd < 0, "No fd to test?\n"); errno = 0; numwritten = sss_atomic_write_s(atio_fd, wbuf, wsize); ret = errno; fail_unless(ret == 0, "Error %d while writing\n", ret); fail_unless(numwritten == wsize, "Wrote %d bytes expected %d\n", numwritten, wsize); fsync(atio_fd); lseek(atio_fd, 0, SEEK_SET); errno = 0; numread = sss_atomic_read_s(atio_fd, rbuf, 64); ret = errno; fail_unless(ret == 0, "Error %d while reading\n", ret); fail_unless(numread == numwritten, "Read %d bytes expected %d\n", numread, numwritten); } END_TEST START_TEST(test_atomicio_read_from_large_file) { char wbuf[] = "123456781234567812345678"; ssize_t wsize = strlen(wbuf)+1; ssize_t numwritten; char rbuf[8]; ssize_t numread; ssize_t total; errno_t ret; fail_if(atio_fd < 0, "No fd to test?\n"); errno = 0; numwritten = sss_atomic_write_s(atio_fd, wbuf, wsize); ret = errno; fail_unless(ret == 0, "Error %d while writing\n", ret); fail_unless(numwritten == wsize, "Wrote %d bytes expected %d\n", numwritten, wsize); fsync(atio_fd); lseek(atio_fd, 0, SEEK_SET); total = 0; do { errno = 0; numread = sss_atomic_read_s(atio_fd, rbuf, 8); ret = errno; fail_if(numread == -1, "Read error %d: %s\n", ret, strerror(ret)); total += numread; } while (numread != 0); fail_unless(ret == 0, "Error %d while reading\n", ret); fail_unless(total == numwritten, "Read %d bytes expected %d\n", numread, numwritten); } END_TEST START_TEST(test_atomicio_read_exact_sized_file) { char wbuf[] = "12345678"; ssize_t wsize = strlen(wbuf)+1; ssize_t numwritten; char rbuf[9]; ssize_t numread; errno_t ret; fail_if(atio_fd < 0, "No fd to test?\n"); errno = 0; numwritten = sss_atomic_write_s(atio_fd, wbuf, wsize); ret = errno; fail_unless(ret == 0, "Error %d while writing\n", ret); fail_unless(numwritten == wsize, "Wrote %d bytes expected %d\n", numwritten, wsize); fsync(atio_fd); lseek(atio_fd, 0, SEEK_SET); errno = 0; numread = sss_atomic_read_s(atio_fd, rbuf, 9); ret = errno; fail_unless(ret == 0, "Error %d while reading\n", ret); fail_unless(numread == numwritten, "Read %d bytes expected %d\n", numread, numwritten); fail_unless(rbuf[8] == '\0', "String not NULL terminated?"); fail_unless(strcmp(wbuf, rbuf) == 0, "Read something else than wrote?"); /* We've reached end-of-file, next read must return 0 */ errno = 0; numread = sss_atomic_read_s(atio_fd, rbuf, 9); ret = errno; fail_unless(ret == 0, "Error %d while reading\n", ret); fail_unless(numread == 0, "More data to read?"); } END_TEST START_TEST(test_atomicio_read_from_empty_file) { char buf[64]; int fd; ssize_t numread; errno_t ret; fd = open("/dev/null", O_RDONLY); fail_if(fd == -1, "Cannot open /dev/null"); errno = 0; numread = sss_atomic_read_s(fd, buf, 64); ret = errno; fail_unless(ret == 0, "Error %d while reading\n", ret); fail_unless(numread == 0, "Read %d bytes expected 0\n", numread); close(fd); } END_TEST struct split_data { const char *input; const char **expected_list; bool trim; bool skip_empty; int expected_size; int expected_ret; }; START_TEST(test_split_on_separator) { TALLOC_CTX *mem = global_talloc_context; errno_t ret; char **list = NULL; int size; const char *str_ref; const char *str_out; int i; int a; int num_of_tests; struct split_data sts[] = { { "one,two,three", /* input string */ (const char *[]){"one", "two", "three", NULL}, /* expec. output list */ false, false, /* trim, skip_empty */ 3, 0 /* expec. size, expec. retval */ }, { "one,two,three", (const char *[]){"one", "two", "three", NULL}, true, true, 3, 0 }, { " one, two ,three ", (const char*[]){"one", "two", "three", NULL}, true, true, 3, 0 }, { /* If skip empty is false, single comma means "empty,empty" */ ",", (const char*[]){"", "", NULL, NULL}, false, false, 2, 0 }, { "one, ,", (const char*[]){"one", " ", "NULL", "NULL"}, false, true, 2, 0 }, { ", ,,", (const char*[]){NULL}, true, true, 0, 0 }, { NULL, NULL, false, false, 0, EINVAL }, }; num_of_tests = sizeof(sts) / sizeof(struct split_data); for (a = 0; a < num_of_tests; a++) { ret = split_on_separator(mem, sts[a].input, ',', sts[a].trim, sts[a].skip_empty, &list, &size); fail_unless(ret == sts[a].expected_ret, "split_on_separator failed [%d]: %s\n", ret, strerror(ret)); if (ret) { continue; } fail_unless(size == sts[a].expected_size, "Returned wrong size %d " "(expected %d).\n", size, sts[a].expected_size); for (i = 0; str_ref = sts[a].expected_list[i], str_out = list[i]; i++) { fail_unless(strcmp(str_ref, str_out) == 0, "Expected:%s Got:%s\n", str_ref, str_out); } talloc_free(list); list = NULL; } } END_TEST START_TEST(test_is_host_in_domain) { struct { const char *host; const char *domain; bool expected; } data[] = {{"example.com", "example.com", true}, {"client.example.com", "example.com", true}, {"client.child.example.com", "example.com", true}, {"example.com", "child.example.com", false}, {"client.example.com", "child.example.com", false}, {"client.child.example.com", "child.example.com", true}, {"my.com", "example.com", false}, {"myexample.com", "example.com", false}, {NULL, NULL, false}}; bool ret; int i; for (i = 0; data[i].host != NULL; i++) { ret = is_host_in_domain(data[i].host, data[i].domain); fail_if(ret != data[i].expected, "Host: %s, Domain: %s, Expected: %d, " "Got: %d\n", data[i].host, data[i].domain, data[i].expected, ret); } } END_TEST Suite *util_suite(void) { Suite *s = suite_create("util"); TCase *tc_util = tcase_create("util"); tcase_add_checked_fixture(tc_util, ck_leak_check_setup, ck_leak_check_teardown); tcase_add_test (tc_util, test_diff_string_lists); tcase_add_test (tc_util, test_sss_filter_sanitize); tcase_add_test (tc_util, test_size_t_overflow); tcase_add_test (tc_util, test_parse_args); tcase_add_test (tc_util, test_add_string_to_list); tcase_add_test (tc_util, test_string_in_list); tcase_add_test (tc_util, test_split_on_separator); tcase_add_test (tc_util, test_is_host_in_domain); tcase_set_timeout(tc_util, 60); TCase *tc_utf8 = tcase_create("utf8"); tcase_add_test (tc_utf8, test_utf8_lowercase); tcase_add_test (tc_utf8, test_utf8_talloc_lowercase); tcase_add_test (tc_utf8, test_utf8_talloc_str_lowercase); tcase_add_test (tc_utf8, test_utf8_caseeq); tcase_add_test (tc_utf8, test_utf8_check); tcase_set_timeout(tc_utf8, 60); TCase *tc_mh3 = tcase_create("murmurhash3"); tcase_add_test (tc_mh3, test_murmurhash3_check); tcase_add_test (tc_mh3, test_murmurhash3_random); tcase_set_timeout(tc_mh3, 60); TCase *tc_atomicio = tcase_create("atomicio"); tcase_add_checked_fixture (tc_atomicio, setup_atomicio, teardown_atomicio); tcase_add_test(tc_atomicio, test_atomicio_read_from_file); tcase_add_test(tc_atomicio, test_atomicio_read_from_small_file); tcase_add_test(tc_atomicio, test_atomicio_read_from_large_file); tcase_add_test(tc_atomicio, test_atomicio_read_exact_sized_file); tcase_add_test(tc_atomicio, test_atomicio_read_from_empty_file); suite_add_tcase (s, tc_util); suite_add_tcase (s, tc_utf8); suite_add_tcase (s, tc_mh3); suite_add_tcase (s, tc_atomicio); return s; } int main(int argc, const char *argv[]) { int opt; int failure_count; poptContext pc; Suite *s = util_suite(); SRunner *sr = srunner_create (s); struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); tests_set_cwd(); srunner_run_all(sr, CK_ENV); failure_count = srunner_ntests_failed (sr); srunner_free (sr); if (failure_count == 0) { return EXIT_SUCCESS; } return EXIT_FAILURE; } sssd-1.11.5/src/tests/PaxHeaders.13173/leak_check.c0000644000000000000000000000007412320753107017721 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.653874951 sssd-1.11.5/src/tests/leak_check.c0000664002412700241270000000637112320753107020152 0ustar00jhrozekjhrozek00000000000000/* SSSD Common utilities for check-based tests using talloc. Authors: Martin Nagy Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "tests/common.h" #include "util/util.h" #include "util/dlinklist.h" TALLOC_CTX *global_talloc_context = NULL; char leak_err_msg[256]; struct size_snapshot { struct size_snapshot *prev; struct size_snapshot *next; TALLOC_CTX *ctx; size_t bytes_allocated; }; static struct size_snapshot *snapshot_stack; #define _set_leak_err_msg(fmt, ...) do { \ snprintf(leak_err_msg, sizeof(leak_err_msg), \ fmt, ##__VA_ARGS__); \ } while(0); const char *check_leaks_err_msg(void) { return leak_err_msg; } bool _check_leaks(TALLOC_CTX *ctx, size_t bytes, const char *location) { size_t bytes_allocated; bytes_allocated = talloc_total_size(ctx); if (bytes_allocated != bytes) { fprintf(stderr, "Leak report for %s:\n", location); talloc_report_full(ctx, stderr); _set_leak_err_msg("%s: memory leaks detected, %zd bytes still allocated", location, bytes_allocated - bytes); return false; } return true; } void check_leaks_push(TALLOC_CTX *ctx) { struct size_snapshot *snapshot; snapshot = talloc(NULL, struct size_snapshot); snapshot->ctx = ctx; snapshot->bytes_allocated = talloc_total_size(ctx); DLIST_ADD(snapshot_stack, snapshot); } bool _check_leaks_pop(TALLOC_CTX *ctx, const char *location) { struct size_snapshot *snapshot; TALLOC_CTX *old_ctx; size_t bytes_allocated; if (snapshot_stack == NULL) { _set_leak_err_msg("%s: trying to pop an empty stack", location); return false; } snapshot = snapshot_stack; DLIST_REMOVE(snapshot_stack, snapshot); old_ctx = snapshot->ctx; bytes_allocated = snapshot->bytes_allocated; if (old_ctx != ctx) { _set_leak_err_msg("Bad push/pop order"); return false; } talloc_zfree(snapshot); return _check_leaks(old_ctx, bytes_allocated, location); } bool leak_check_setup(void) { talloc_enable_null_tracking(); global_talloc_context = talloc_new(NULL); if (global_talloc_context == NULL) { _set_leak_err_msg("talloc_new failed"); return false; } check_leaks_push(global_talloc_context); return true; } bool leak_check_teardown(void) { check_leaks_pop(global_talloc_context); if (snapshot_stack != NULL) { _set_leak_err_msg("Exiting with a non-empty stack"); return false; } return check_leaks(global_talloc_context, 0); } sssd-1.11.5/src/tests/PaxHeaders.13173/common.h0000644000000000000000000000007412320753107017145 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.502875063 sssd-1.11.5/src/tests/common.h0000664002412700241270000000573112320753107017375 0ustar00jhrozekjhrozek00000000000000/* SSSD Common utilities for check-based tests using talloc. Authors: Martin Nagy Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __TESTS_COMMON_H__ #define __TESTS_COMMON_H__ #include #include "util/util.h" #include "providers/data_provider.h" #include "providers/ldap/sdap.h" extern TALLOC_CTX *global_talloc_context; #define check_leaks(ctx, bytes) _check_leaks((ctx), (bytes), __location__) bool _check_leaks(TALLOC_CTX *ctx, size_t bytes, const char *location); void check_leaks_push(TALLOC_CTX *ctx); #define check_leaks_pop(ctx) _check_leaks_pop((ctx), __location__) bool _check_leaks_pop(TALLOC_CTX *ctx, const char *location); bool leak_check_setup(void); bool leak_check_teardown(void); const char *check_leaks_err_msg(void); void tests_set_cwd(void); errno_t compare_dp_options(struct dp_option *map1, size_t size1, struct dp_option *map2); errno_t compare_sdap_attr_maps(struct sdap_attr_map *map1, size_t size1, struct sdap_attr_map *map2); /* A common test structure for tests that require a domain to be set up. */ struct sss_test_ctx { struct sysdb_ctx *sysdb; struct confdb_ctx *confdb; struct tevent_context *ev; struct sss_domain_info *dom; bool done; int error; }; struct sss_test_conf_param { const char *key; const char *value; }; struct sss_test_ctx *create_ev_test_ctx(TALLOC_CTX *mem_ctx); struct sss_test_ctx * create_dom_test_ctx(TALLOC_CTX *mem_ctx, const char *tests_path, const char *confdb_path, const char *sysdb_path, const char *domain_name, const char *id_provider, struct sss_test_conf_param *params); void test_dom_suite_setup(const char *tests_path); void test_dom_suite_cleanup(const char *tests_path, const char *confdb_path, const char *sysdb_path); struct tevent_req * test_request_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, errno_t err); #define test_req_succeed_send(mem_ctx, ev) test_request_send(mem_ctx, ev, 0) errno_t test_request_recv(struct tevent_req *req); int test_ev_loop(struct sss_test_ctx *tctx); bool ldb_modules_path_is_set(void); #endif /* !__TESTS_COMMON_H__ */ sssd-1.11.5/src/tests/PaxHeaders.13173/common_dom.c0000644000000000000000000000007412320753107017777 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.652874952 sssd-1.11.5/src/tests/common_dom.c0000664002412700241270000001226412320753107020226 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2013 Red Hat SSSD tests: Common utilities for tests that exercise domains This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include "tests/common.h" struct sss_test_ctx * create_dom_test_ctx(TALLOC_CTX *mem_ctx, const char *tests_path, const char *confdb_path, const char *sysdb_path, const char *domain_name, const char *id_provider, struct sss_test_conf_param *params) { struct sss_test_ctx *test_ctx; char *conf_db; size_t i; const char *val[2]; val[1] = NULL; errno_t ret; char *dompath; test_ctx = create_ev_test_ctx(mem_ctx); if (test_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed\n")); goto fail; } conf_db = talloc_asprintf(test_ctx, "%s/%s", tests_path, confdb_path); if (conf_db == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_asprintf failed\n")); goto fail; } /* Connect to the conf db */ ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("confdb_init failed: %d\n", ret)); goto fail; } val[0] = domain_name; ret = confdb_add_param(test_ctx->confdb, true, "config/sssd", "domains", val); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("cannot add domain: %d\n", ret)); goto fail; } dompath = talloc_asprintf(test_ctx, "config/domain/%s", domain_name); if (dompath == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_asprintf failed\n")); goto fail; } val[0] = id_provider; ret = confdb_add_param(test_ctx->confdb, true, dompath, "id_provider", val); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("cannot add id_provider: %d\n", ret)); goto fail; } if (params) { for (i=0; params[i].key; i++) { val[0] = params[i].value; ret = confdb_add_param(test_ctx->confdb, true, dompath, params[i].key, val); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("cannot add parameter %s: %d\n", params[i].key, ret)); goto fail; } } } ret = sssd_domain_init(test_ctx, test_ctx->confdb, domain_name, tests_path, &test_ctx->dom); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("cannot add id_provider: %d\n", ret)); goto fail; } test_ctx->sysdb = test_ctx->dom->sysdb; return test_ctx; fail: talloc_free(test_ctx); return NULL; } void test_dom_suite_setup(const char *tests_path) { errno_t ret; /* Create tests directory if it doesn't exist */ /* (relative to current dir) */ ret = mkdir(tests_path, 0775); if (ret != 0 && errno != EEXIST) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not create test directory\n")); } } void test_dom_suite_cleanup(const char *tests_path, const char *confdb_path, const char *sysdb_path) { errno_t ret; char *conf_db; char *sys_db; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new failed\n")); return; } conf_db = talloc_asprintf(tmp_ctx, "%s/%s", tests_path, confdb_path); if (!conf_db) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not construct conf_db path\n")); goto done; } errno = 0; ret = unlink(conf_db); if (ret != 0 && errno != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not delete the test config ldb file (%d) (%s)\n", errno, strerror(errno))); } sys_db = talloc_asprintf(tmp_ctx, "%s/%s", tests_path, sysdb_path); if (!sys_db) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not construct sys_db path\n")); goto done; } errno = 0; ret = unlink(sys_db); if (ret != 0 && errno != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not delete the test ldb file (%d) (%s)\n", errno, strerror(errno))); } errno = 0; ret = rmdir(tests_path); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not delete the test dir (%d) (%s)\n", errno, strerror(errno))); } done: talloc_free(tmp_ctx); } sssd-1.11.5/src/tests/PaxHeaders.13173/fail_over-tests.c0000644000000000000000000000007412320753107020756 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.715874906 sssd-1.11.5/src/tests/fail_over-tests.c0000664002412700241270000002144112320753107021202 0ustar00jhrozekjhrozek00000000000000/* SSSD Fail over tests. Authors: Martin Nagy Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include "resolv/async_resolv.h" #include "tests/common_check.h" #include "util/util.h" /* Interface under test */ #include "providers/fail_over.h" int use_net_test; struct test_ctx { struct tevent_context *ev; struct resolv_ctx *resolv; struct fo_ctx *fo_ctx; int tasks; }; struct task { struct test_ctx *test_ctx; const char *location; int recv; int port; int new_server_status; int new_port_status; }; static struct test_ctx * setup_test(void) { struct test_ctx *ctx; struct fo_options fopts; int ret; ctx = talloc_zero(global_talloc_context, struct test_ctx); fail_if(ctx == NULL, "Could not allocate memory for test context"); ctx->ev = tevent_context_init(ctx); if (ctx->ev == NULL) { talloc_free(ctx); fail("Could not init tevent context"); } ret = resolv_init(ctx, ctx->ev, 5, &ctx->resolv); if (ret != EOK) { talloc_free(ctx); fail("Could not init resolv context"); } memset(&fopts, 0, sizeof(fopts)); fopts.retry_timeout = 30; fopts.family_order = IPV4_FIRST; ctx->fo_ctx = fo_context_init(ctx, &fopts); if (ctx->fo_ctx == NULL) { talloc_free(ctx); fail("Could not init fail over context"); } return ctx; } static void test_loop(struct test_ctx *data) { while (data->tasks != 0) tevent_loop_once(data->ev); } START_TEST(test_fo_new_service) { int i; int ret; struct test_ctx *ctx; struct fo_service *service; struct fo_service *services[10]; ctx = setup_test(); ck_leaks_push(ctx); for (i = 0; i < 10; i++) { char buf[16]; sprintf(buf, "service_%d", i); ck_leaks_push(ctx); ret = fo_new_service(ctx->fo_ctx, buf, NULL, &services[i]); fail_if(ret != EOK); } ret = fo_new_service(ctx->fo_ctx, "service_3", NULL, &service); fail_if(ret != EEXIST); for (i = 9; i >= 0; i--) { char buf[16]; sprintf(buf, "service_%d", i); ret = fo_get_service(ctx->fo_ctx, buf, &service); fail_if(ret != EOK); fail_if(service != services[i]); talloc_free(service); ck_leaks_pop(ctx); ret = fo_get_service(ctx->fo_ctx, buf, &service); fail_if(ret != ENOENT); } ck_leaks_pop(ctx); talloc_free(ctx); } END_TEST static void test_resolve_service_callback(struct tevent_req *req) { uint64_t recv_status; int port; struct task *task; struct fo_server *server = NULL; struct resolv_hostent *he; int i; task = tevent_req_callback_data(req, struct task); task->test_ctx->tasks--; recv_status = fo_resolve_service_recv(req, &server); talloc_free(req); fail_if(recv_status != task->recv, "%s: Expected return of %d, got %d", task->location, task->recv, recv_status); if (recv_status != EOK) return; fail_if(server == NULL); port = fo_get_server_port(server); fail_if(port != task->port, "%s: Expected port %d, got %d", task->location, task->port, port); if (task->new_port_status >= 0) fo_set_port_status(server, task->new_port_status); if (task->new_server_status >= 0) fo_set_server_status(server, task->new_server_status); if (fo_get_server_name(server) != NULL) { he = fo_get_server_hostent(server); fail_if(he == NULL, "%s: fo_get_server_hostent() returned NULL"); for (i = 0; he->addr_list[i]; i++) { char buf[256]; inet_ntop(he->family, he->addr_list[i]->ipaddr, buf, sizeof(buf)); fail_if(strcmp(buf, "127.0.0.1") != 0 && strcmp(buf, "::1") != 0); } } } #define get_request(a, b, c, d, e, f) \ _get_request(a, b, c, d, e, f, __location__) static void _get_request(struct test_ctx *test_ctx, struct fo_service *service, int expected_recv, int expected_port, int new_port_status, int new_server_status, const char *location) { struct tevent_req *req; struct task *task; task = talloc(test_ctx, struct task); fail_if(task == NULL); task->test_ctx = test_ctx; task->recv = expected_recv; task->port = expected_port; task->new_port_status = new_port_status; task->new_server_status = new_server_status; task->location = location; test_ctx->tasks++; req = fo_resolve_service_send(test_ctx, test_ctx->ev, test_ctx->resolv, test_ctx->fo_ctx, service); fail_if(req == NULL, "%s: fo_resolve_service_send() failed", location); tevent_req_set_callback(req, test_resolve_service_callback, task); test_loop(test_ctx); } START_TEST(test_fo_resolve_service) { struct test_ctx *ctx; struct fo_service *service[3]; ctx = setup_test(); fail_if(ctx == NULL); /* Add service. */ fail_if(fo_new_service(ctx->fo_ctx, "http", NULL, &service[0]) != EOK); fail_if(fo_new_service(ctx->fo_ctx, "ldap", NULL, &service[1]) != EOK); fail_if(fo_new_service(ctx->fo_ctx, "ntp", NULL, &service[2]) != EOK); /* Add servers. */ fail_if(fo_add_server(service[0], "localhost", 20, NULL, true) != EOK); fail_if(fo_add_server(service[0], "127.0.0.1", 80, NULL, false) != EOK); fail_if(fo_add_server(service[1], "localhost", 30, NULL, false) != EOK); fail_if(fo_add_server(service[1], "127.0.0.1", 389, NULL, true) != EOK); fail_if(fo_add_server(service[1], "127.0.0.1", 389, NULL, true) != EEXIST); fail_if(fo_add_server(service[1], "127.0.0.1", 389, NULL, false) != EEXIST); fail_if(fo_add_server(service[2], NULL, 123, NULL, true) != EOK); /* Make requests. */ get_request(ctx, service[0], EOK, 20, PORT_WORKING, -1); get_request(ctx, service[0], EOK, 20, -1, SERVER_NOT_WORKING); get_request(ctx, service[0], EOK, 80, PORT_WORKING, -1); get_request(ctx, service[0], EOK, 80, PORT_NOT_WORKING, -1); get_request(ctx, service[0], ENOENT, 0, -1, -1); get_request(ctx, service[1], EOK, 389, PORT_WORKING, -1); get_request(ctx, service[1], EOK, 389, -1, SERVER_NOT_WORKING); get_request(ctx, service[1], ENOENT, 0, -1, -1); get_request(ctx, service[2], EOK, 123, -1, -1); talloc_free(ctx); } END_TEST Suite * create_suite(void) { Suite *s = suite_create("fail_over"); TCase *tc = tcase_create("FAIL_OVER Tests"); tcase_add_checked_fixture(tc, ck_leak_check_setup, ck_leak_check_teardown); /* Do some testing */ tcase_add_test(tc, test_fo_new_service); tcase_add_test(tc, test_fo_resolve_service); if (use_net_test) { } /* Add all test cases to the test suite */ suite_add_tcase(s, tc); return s; } int main(int argc, const char *argv[]) { int opt; poptContext pc; int failure_count; Suite *suite; SRunner *sr; struct poptOption long_options[] = { POPT_AUTOHELP { "debug-level", 'd', POPT_ARG_INT, &debug_level, 0, "Set debug level", NULL }, { "use-net-test", 'n', POPT_ARG_NONE, 0, 'n', "Run tests that need an active internet connection", NULL }, POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { case 'n': use_net_test = 1; break; default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); tests_set_cwd(); suite = create_suite(); sr = srunner_create(suite); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); failure_count = srunner_ntests_failed(sr); srunner_free(sr); return (failure_count == 0 ? EXIT_SUCCESS : EXIT_FAILURE); } sssd-1.11.5/src/tests/PaxHeaders.13173/simple_access-tests.c0000644000000000000000000000007412320753107021622 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.739874888 sssd-1.11.5/src/tests/simple_access-tests.c0000664002412700241270000005530212320753107022051 0ustar00jhrozekjhrozek00000000000000/* SSSD Simple access module -- Tests Authors: Sumit Bose Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "confdb/confdb.h" #include "providers/simple/simple_access.h" #include "tests/common.h" #define TESTS_PATH "tests_simple_access" #define TEST_CONF_FILE "tests_conf.ldb" const char *ulist_1[] = {"u1", "u2", NULL}; const char *glist_1[] = {"g1", "g2", NULL}; const char *glist_1_case[] = {"G1", "G2", NULL}; struct simple_test_ctx *test_ctx = NULL; struct simple_test_ctx { struct sysdb_ctx *sysdb; struct confdb_ctx *confdb; struct tevent_context *ev; struct be_ctx *be_ctx; bool done; int error; bool access_granted; struct simple_ctx *ctx; }; static int test_loop(struct simple_test_ctx *tctx) { while (!tctx->done) tevent_loop_once(tctx->ev); return tctx->error; } static void simple_access_check_done(struct tevent_req *req) { struct simple_test_ctx *tctx = tevent_req_callback_data(req, struct simple_test_ctx); tctx->error = simple_access_check_recv(req, &tctx->access_granted); talloc_free(req); tctx->done = true; } void setup_simple(void) { errno_t ret; char *conf_db; const char *val[2]; val[1] = NULL; fail_unless(test_ctx == NULL, "Simple context already initialized."); test_ctx = talloc_zero(NULL, struct simple_test_ctx); fail_unless(test_ctx != NULL, "Cannot create simple test context."); test_ctx->ev = tevent_context_init(test_ctx); fail_unless(test_ctx->ev != NULL, "Cannot create tevent context."); test_ctx->ctx = talloc_zero(test_ctx, struct simple_ctx); fail_unless(test_ctx->ctx != NULL, "Cannot create simple context."); /* Create tests directory if it doesn't exist */ /* (relative to current dir) */ ret = mkdir(TESTS_PATH, 0775); fail_if(ret == -1 && errno != EEXIST, "Could not create %s directory", TESTS_PATH); conf_db = talloc_asprintf(test_ctx, "%s/%s", TESTS_PATH, TEST_CONF_FILE); fail_if(conf_db == NULL, "Out of memory, aborting!"); DEBUG(SSSDBG_TRACE_LIBS, ("CONFDB: %s\n", conf_db)); /* Connect to the conf db */ ret = confdb_init(test_ctx, &test_ctx->confdb, conf_db); fail_if(ret != EOK, "Could not initialize connection to the confdb"); val[0] = "LOCAL"; ret = confdb_add_param(test_ctx->confdb, true, "config/sssd", "domains", val); fail_if(ret != EOK, "Could not initialize domains placeholder"); val[0] = "local"; ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "id_provider", val); fail_if(ret != EOK, "Could not initialize provider"); val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "enumerate", val); fail_if(ret != EOK, "Could not initialize LOCAL domain"); val[0] = "TRUE"; ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "cache_credentials", val); fail_if(ret != EOK, "Could not initialize LOCAL domain"); ret = sssd_domain_init(test_ctx, test_ctx->confdb, "local", TESTS_PATH, &test_ctx->ctx->domain); fail_if(ret != EOK, "Could not initialize connection to the sysdb (%d)", ret); test_ctx->sysdb = test_ctx->ctx->domain->sysdb; test_ctx->ctx->domain->case_sensitive = true; test_ctx->ctx->domain->mpg = false; /* Simulate an LDAP domain better */ /* be_ctx */ test_ctx->be_ctx = talloc_zero(test_ctx, struct be_ctx); fail_if(test_ctx->be_ctx == NULL, "Unable to setup be_ctx"); test_ctx->be_ctx->cdb = test_ctx->confdb; test_ctx->be_ctx->ev = test_ctx->ev; test_ctx->be_ctx->conf_path = "config/domain/LOCAL"; test_ctx->be_ctx->domain = test_ctx->ctx->domain; test_ctx->ctx->be_ctx = test_ctx->be_ctx; ret = sss_names_init(test_ctx->ctx->domain, test_ctx->confdb, "LOCAL", &test_ctx->be_ctx->domain->names); fail_if(ret != EOK, "Unable to setup domain names (%d)", ret); } void teardown_simple(void) { int ret; fail_unless(test_ctx != NULL, "Simple context already freed."); ret = talloc_free(test_ctx); test_ctx = NULL; fail_unless(ret == 0, "Cannot free simple context."); } void setup_simple_group(void) { errno_t ret; setup_simple(); /* Add test users u1 and u2 that would be members of test groups * g1 and g2 respectively */ ret = sysdb_add_group(test_ctx->sysdb, test_ctx->ctx->domain, "pvt", 999, NULL, 0, 0); fail_if(ret != EOK, "Could not add private group %s", strerror(ret)); ret = sysdb_store_user(test_ctx->sysdb, test_ctx->ctx->domain, "u1", NULL, 123, 999, "u1", "/home/u1", "/bin/bash", NULL, NULL, NULL, -1, 0); fail_if(ret != EOK, "Could not add u1"); ret = sysdb_store_user(test_ctx->sysdb, test_ctx->ctx->domain, "u2", NULL, 456, 999, "u1", "/home/u1", "/bin/bash", NULL, NULL, NULL, -1, 0); fail_if(ret != EOK, "Could not add u2"); ret = sysdb_store_user(test_ctx->sysdb, test_ctx->ctx->domain, "u3", NULL, 789, 999, "u1", "/home/u1", "/bin/bash", NULL, NULL, NULL, -1, 0); fail_if(ret != EOK, "Could not add u3"); ret = sysdb_add_group(test_ctx->sysdb, test_ctx->ctx->domain, "g1", 321, NULL, 0, 0); fail_if(ret != EOK, "Could not add g1"); ret = sysdb_add_group(test_ctx->sysdb, test_ctx->ctx->domain, "g2", 654, NULL, 0, 0); fail_if(ret != EOK, "Could not add g2"); ret = sysdb_add_group_member(test_ctx->sysdb, test_ctx->ctx->domain, "g1", "u1", SYSDB_MEMBER_USER, false); fail_if(ret != EOK, "Could not add u1 to g1"); ret = sysdb_add_group_member(test_ctx->sysdb, test_ctx->ctx->domain, "g2", "u2", SYSDB_MEMBER_USER, false); fail_if(ret != EOK, "Could not add u2 to g2"); } void teardown_simple_group(void) { errno_t ret; ret = sysdb_delete_user(test_ctx->sysdb, test_ctx->ctx->domain, "u1", 0); fail_if(ret != EOK, "Could not delete u1"); ret = sysdb_delete_user(test_ctx->sysdb, test_ctx->ctx->domain, "u2", 0); fail_if(ret != EOK, "Could not delete u2"); ret = sysdb_delete_user(test_ctx->sysdb, test_ctx->ctx->domain, "u3", 0); fail_if(ret != EOK, "Could not delete u3"); ret = sysdb_delete_group(test_ctx->sysdb, test_ctx->ctx->domain, "g1", 0); fail_if(ret != EOK, "Could not delete g1"); ret = sysdb_delete_group(test_ctx->sysdb, test_ctx->ctx->domain, "g2", 0); fail_if(ret != EOK, "Could not delete g2"); ret = sysdb_delete_group(test_ctx->sysdb, test_ctx->ctx->domain, "pvt", 0); fail_if(ret != EOK, "Could not delete pvt"); teardown_simple(); } void setup_simple_init(void) { setup_simple(); } void teardown_simple_init(void) { teardown_simple(); } START_TEST(test_both_empty) { struct tevent_req *req; test_ctx->ctx->allow_users = NULL; test_ctx->ctx->deny_users = NULL; req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u1"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == true, "Access denied while both lists are empty."); } END_TEST START_TEST(test_allow_empty) { struct tevent_req *req; test_ctx->ctx->allow_users = NULL; test_ctx->ctx->deny_users = discard_const(ulist_1); req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u1"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); test_ctx->done = false; fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == false, "Access granted while user is in deny list."); req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u3"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == true, "Access denied while user is not in deny list."); } END_TEST START_TEST(test_deny_empty) { struct tevent_req *req; test_ctx->ctx->allow_users = discard_const(ulist_1); test_ctx->ctx->deny_users = NULL; req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u1"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); test_ctx->done = false; fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == true, "Access denied while user is in allow list."); req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u3"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == false, "Access granted while user is not in allow list."); } END_TEST START_TEST(test_both_set) { struct tevent_req *req; test_ctx->ctx->allow_users = discard_const(ulist_1); test_ctx->ctx->deny_users = discard_const(ulist_1); req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u1"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); test_ctx->done = false; fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == false, "Access granted while user is in deny list."); req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u3"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == false, "Access granted while user is not in allow list."); } END_TEST START_TEST(test_case) { struct tevent_req *req; test_ctx->ctx->allow_users = discard_const(ulist_1); test_ctx->ctx->deny_users = NULL; req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "U1"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); test_ctx->done = false; fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == false, "Access granted for user with different case " "in case-sensitive domain"); test_ctx->ctx->domain->case_sensitive = false; req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "U1"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); test_ctx->done = false; fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == true, "Access denied for user with different case " "in case-sensitive domain"); } END_TEST START_TEST(test_unknown_user) { struct tevent_req *req; test_ctx->ctx->allow_users = discard_const(ulist_1); test_ctx->ctx->deny_users = NULL; req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "foo"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); test_ctx->done = false; fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == false, "Access granted for user not present in domain"); } END_TEST START_TEST(test_group_allow_empty) { struct tevent_req *req; test_ctx->ctx->allow_groups = NULL; test_ctx->ctx->deny_groups = discard_const(glist_1); req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u1"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); test_ctx->done = false; fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == false, "Access granted while group is in deny list."); req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u3"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == true, "Access denied while group is not in deny list."); } END_TEST START_TEST(test_group_deny_empty) { struct tevent_req *req; test_ctx->ctx->allow_groups = discard_const(glist_1); test_ctx->ctx->deny_groups = NULL; req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u1"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); test_ctx->done = false; fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == true, "Access denied while user is in allow list."); req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u3"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == false, "Access granted while user is not in allow list."); } END_TEST START_TEST(test_group_both_set) { struct tevent_req *req; test_ctx->ctx->allow_groups = discard_const(ulist_1); test_ctx->ctx->deny_groups = discard_const(ulist_1); req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u1"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); test_ctx->done = false; fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == false, "Access granted while user is in deny list."); req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u3"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == false, "Access granted while user is not in allow list."); } END_TEST START_TEST(test_group_case) { struct tevent_req *req; test_ctx->ctx->allow_groups = discard_const(glist_1_case); test_ctx->ctx->deny_groups = NULL; req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u1"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); test_ctx->done = false; fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == false, "Access granted for user with different case " "in case-sensitive domain"); test_ctx->ctx->domain->case_sensitive = false; req = simple_access_check_send(test_ctx, test_ctx->ev, test_ctx->ctx, "u1"); fail_unless(test_ctx != NULL, "Cannot create request\n"); tevent_req_set_callback(req, simple_access_check_done, test_ctx); test_loop(test_ctx); test_ctx->done = false; fail_unless(test_ctx->error == EOK, "access_simple_check failed."); fail_unless(test_ctx->access_granted == true, "Access denied for user with different case " "in case-sensitive domain"); } END_TEST static void check_access_list(char **list, const char **values) { int i; if (list == NULL) { fail_if(values != NULL, "List is empty, but it shouldn't be"); } for (i = 0; list[i] != NULL; i++) { fail_if(values[i] == NULL, "List contains too many entries"); fail_if(strcmp(list[i], values[i]) != 0, "%s != %s", list[i], values[i]); } fail_if(values[i] != NULL, "List contains fewer entries than expected"); } int sssm_simple_access_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data); START_TEST(test_provider_init) { struct bet_ops *bet_ops = NULL; struct simple_ctx *ctx = NULL; errno_t ret; const char *val[2] = {"user-1, user-2@LOCAL, user with space, " "another space@LOCAL", NULL}; const char *correct[] = {"user-1", "user-2", "user with space", "another space", NULL}; /* allow users */ ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "simple_allow_users", val); fail_if(ret != EOK, "Could not setup allow users list"); /* deny users */ ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "simple_deny_users", val); fail_if(ret != EOK, "Could not setup deny users list"); /* allow groups */ ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "simple_allow_groups", val); fail_if(ret != EOK, "Could not setup allow groups list"); /* deny groups */ ret = confdb_add_param(test_ctx->confdb, true, "config/domain/LOCAL", "simple_deny_groups", val); fail_if(ret != EOK, "Could not setup deny groups list"); ret = sssm_simple_access_init(test_ctx->be_ctx, &bet_ops, (void**)&ctx); fail_if(ret != EOK); DEBUG(SSSDBG_TRACE_FUNC, ("Checking allow users list\n")); check_access_list(ctx->allow_users, correct); DEBUG(SSSDBG_TRACE_FUNC, ("Checking deny users list\n")); check_access_list(ctx->deny_users, correct); DEBUG(SSSDBG_TRACE_FUNC, ("Checking allow groups list\n")); check_access_list(ctx->allow_groups, correct); DEBUG(SSSDBG_TRACE_FUNC, ("Checking deny groups list\n")); check_access_list(ctx->deny_groups, correct); } END_TEST Suite *access_simple_suite (void) { Suite *s = suite_create("access_simple"); TCase *tc_allow_deny = tcase_create("user allow/deny"); tcase_add_checked_fixture(tc_allow_deny, setup_simple, teardown_simple); tcase_add_test(tc_allow_deny, test_both_empty); tcase_add_test(tc_allow_deny, test_allow_empty); tcase_add_test(tc_allow_deny, test_deny_empty); tcase_add_test(tc_allow_deny, test_both_set); tcase_add_test(tc_allow_deny, test_case); tcase_add_test(tc_allow_deny, test_unknown_user); suite_add_tcase(s, tc_allow_deny); TCase *tc_grp_allow_deny = tcase_create("group allow/deny"); tcase_add_checked_fixture(tc_grp_allow_deny, setup_simple_group, teardown_simple_group); tcase_add_test(tc_grp_allow_deny, test_group_allow_empty); tcase_add_test(tc_grp_allow_deny, test_group_deny_empty); tcase_add_test(tc_grp_allow_deny, test_group_both_set); tcase_add_test(tc_grp_allow_deny, test_group_case); suite_add_tcase(s, tc_grp_allow_deny); TCase *tc_init = tcase_create("provider init"); tcase_add_checked_fixture(tc_init, setup_simple_init, teardown_simple_init); tcase_add_test(tc_init, test_provider_init); suite_add_tcase(s, tc_init); return s; } int main(int argc, const char *argv[]) { int opt; poptContext pc; int number_failed; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); tests_set_cwd(); Suite *s = access_simple_suite(); SRunner *sr = srunner_create(s); srunner_run_all(sr, CK_ENV); number_failed = srunner_ntests_failed(sr); srunner_free(sr); if (number_failed == 0) { test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_FILE, LOCAL_SYSDB_FILE); } return (number_failed==0 ? EXIT_SUCCESS : EXIT_FAILURE); } sssd-1.11.5/src/tests/PaxHeaders.13173/cmocka0000644000000000000000000000013212320753521016657 xustar000000000000000030 mtime=1396954961.788874852 30 atime=1396955003.534843847 30 ctime=1396954961.788874852 sssd-1.11.5/src/tests/cmocka/0000775002412700241270000000000012320753521017163 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/test_utils.c0000644000000000000000000000007412320753107021304 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.788874852 sssd-1.11.5/src/tests/cmocka/test_utils.c0000664002412700241270000001726212320753107021536 0ustar00jhrozekjhrozek00000000000000/* Authors: Sumit Bose Copyright (C) 2013 Red Hat SSSD tests: Tests for utility functions This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "tests/cmocka/common_mock.h" #define DOM_COUNT 10 #define DOMNAME_TMPL "name_%zu.dom" #define FLATNAME_TMPL "name_%zu" #define SID_TMPL "S-1-5-21-1-2-%zu" struct dom_list_test_ctx { size_t dom_count; struct sss_domain_info *dom_list; }; void setup_dom_list(void **state) { struct dom_list_test_ctx *test_ctx; struct sss_domain_info *dom = NULL; size_t c; assert_true(leak_check_setup()); test_ctx = talloc_zero(global_talloc_context, struct dom_list_test_ctx); assert_non_null(test_ctx); test_ctx->dom_count = DOM_COUNT; for (c = 0; c < test_ctx->dom_count; c++) { dom = talloc_zero(test_ctx, struct sss_domain_info); assert_non_null(dom); dom->name = talloc_asprintf(dom, DOMNAME_TMPL, c); assert_non_null(dom->name); dom->flat_name = talloc_asprintf(dom, FLATNAME_TMPL, c); assert_non_null(dom->flat_name); dom->domain_id = talloc_asprintf(dom, SID_TMPL, c); assert_non_null(dom->domain_id); DLIST_ADD(test_ctx->dom_list, dom); } check_leaks_push(test_ctx); *state = test_ctx; } void teardown_dom_list(void **state) { struct dom_list_test_ctx *test_ctx = talloc_get_type(*state, struct dom_list_test_ctx); if (test_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); return; } assert_true(check_leaks_pop(test_ctx) == true); talloc_free(test_ctx); assert_true(leak_check_teardown()); } void test_find_subdomain_by_sid_null(void **state) { struct dom_list_test_ctx *test_ctx = talloc_get_type(*state, struct dom_list_test_ctx); struct sss_domain_info *dom; dom = find_subdomain_by_sid(NULL, NULL); assert_null(dom); dom = find_subdomain_by_sid(test_ctx->dom_list, NULL); assert_null(dom); dom = find_subdomain_by_sid(NULL, "S-1-5-21-1-2-3"); assert_null(dom); } void test_find_subdomain_by_sid(void **state) { struct dom_list_test_ctx *test_ctx = talloc_get_type(*state, struct dom_list_test_ctx); struct sss_domain_info *dom; size_t c; char *name; char *flat_name; char *sid; for (c = 0; c < test_ctx->dom_count; c++) { name = talloc_asprintf(global_talloc_context, DOMNAME_TMPL, c); assert_non_null(name); flat_name = talloc_asprintf(global_talloc_context, FLATNAME_TMPL, c); assert_non_null(flat_name); sid = talloc_asprintf(global_talloc_context, SID_TMPL, c); assert_non_null(sid); dom = find_subdomain_by_sid(test_ctx->dom_list, sid); assert_non_null(dom); assert_string_equal(name, dom->name); assert_string_equal(flat_name, dom->flat_name); assert_string_equal(sid, dom->domain_id); talloc_free(name); talloc_free(flat_name); talloc_free(sid); } } void test_find_subdomain_by_sid_missing_sid(void **state) { struct dom_list_test_ctx *test_ctx = talloc_get_type(*state, struct dom_list_test_ctx); struct sss_domain_info *dom; size_t c; char *name; char *flat_name; char *sid; size_t mis; mis = test_ctx->dom_count/2; assert_true((mis >= 1 && mis < test_ctx->dom_count)); dom = test_ctx->dom_list; for (c = 0; c < mis; c++) { assert_non_null(dom); dom = dom->next; } assert_non_null(dom); dom->domain_id = NULL; for (c = 0; c < test_ctx->dom_count; c++) { name = talloc_asprintf(global_talloc_context, DOMNAME_TMPL, c); assert_non_null(name); flat_name = talloc_asprintf(global_talloc_context, FLATNAME_TMPL, c); assert_non_null(flat_name); sid = talloc_asprintf(global_talloc_context, SID_TMPL, c); assert_non_null(sid); dom = find_subdomain_by_sid(test_ctx->dom_list, sid); if (c == mis - 1) { assert_null(dom); } else { assert_non_null(dom); assert_string_equal(name, dom->name); assert_string_equal(flat_name, dom->flat_name); assert_string_equal(sid, dom->domain_id); } talloc_free(name); talloc_free(flat_name); talloc_free(sid); } } #define TEST_SANITIZE_INPUT "TestUser@Test.Domain" #define TEST_SANITIZE_LC_INPUT "testuser@test.domain" void test_sss_filter_sanitize_for_dom(void **state) { struct dom_list_test_ctx *test_ctx; int ret; char *sanitized; char *lc_sanitized; struct sss_domain_info *dom; test_ctx = talloc_get_type(*state, struct dom_list_test_ctx); dom = test_ctx->dom_list; dom->case_sensitive = true; ret = sss_filter_sanitize_for_dom(test_ctx, TEST_SANITIZE_INPUT, dom, &sanitized, &lc_sanitized); assert_int_equal(ret, EOK); assert_string_equal(sanitized, TEST_SANITIZE_INPUT); assert_string_equal(lc_sanitized, TEST_SANITIZE_INPUT); talloc_free(sanitized); talloc_free(lc_sanitized); dom->case_sensitive = false; ret = sss_filter_sanitize_for_dom(test_ctx, TEST_SANITIZE_INPUT, dom, &sanitized, &lc_sanitized); assert_int_equal(ret, EOK); assert_string_equal(sanitized, TEST_SANITIZE_INPUT); assert_string_equal(lc_sanitized, TEST_SANITIZE_LC_INPUT); talloc_free(sanitized); talloc_free(lc_sanitized); } int main(int argc, const char *argv[]) { poptContext pc; int opt; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_DEBUG_OPTS POPT_TABLEEND }; const UnitTest tests[] = { unit_test_setup_teardown(test_find_subdomain_by_sid_null, setup_dom_list, teardown_dom_list), unit_test_setup_teardown(test_find_subdomain_by_sid, setup_dom_list, teardown_dom_list), unit_test_setup_teardown(test_find_subdomain_by_sid_missing_sid, setup_dom_list, teardown_dom_list), unit_test_setup_teardown(test_sss_filter_sanitize_for_dom, setup_dom_list, teardown_dom_list), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); /* Even though normally the tests should clean up after themselves * they might not after a failed run. Remove the old db to be sure */ tests_set_cwd(); return run_tests(tests); } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/test_ipa_idmap.c0000644000000000000000000000007412320753107022067 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.785874854 sssd-1.11.5/src/tests/cmocka/test_ipa_idmap.c0000664002412700241270000002103212320753107022307 0ustar00jhrozekjhrozek00000000000000/* Authors: Sumit Bose Copyright (C) 2014 Red Hat SSSD tests: Unit tests for id-mapping in the IPA provider This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "tests/cmocka/common_mock.h" #include "lib/idmap/sss_idmap.h" #include "providers/ipa/ipa_common.h" #include "providers/ldap/sdap_idmap.h" #define RANGE_NAME discard_const("range1") #define DOMAIN_SID discard_const("S-1-5-21-2-3-4") #define DOMAIN_NAME discard_const("dom.test") #define BASE_RID 111 #define SECONDARY_BASE_RID 11223344 #define BASE_ID 123456 #define RANGE_SIZE 222222 #define RANGE_MAX (BASE_ID + RANGE_SIZE - 1) void test_get_idmap_data_from_range(void **state) { char *dom_name; char *sid; uint32_t rid; struct sss_idmap_range range; bool external_mapping; size_t c; errno_t ret; struct test_data { struct range_info r; errno_t exp_ret; char *exp_dom_name; char *exp_sid; uint32_t exp_rid; struct sss_idmap_range exp_range; bool exp_external_mapping; } d[] = { /* working IPA_RANGE_LOCAL range */ {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, SECONDARY_BASE_RID, NULL, discard_const(IPA_RANGE_LOCAL)}, EOK, DOMAIN_NAME, NULL, 0, {BASE_ID, RANGE_MAX}, true}, /* working old-style IPA_RANGE_LOCAL range without range type */ {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, SECONDARY_BASE_RID, NULL, NULL}, EOK, DOMAIN_NAME, NULL, 0, {BASE_ID, RANGE_MAX}, true}, /* old-style IPA_RANGE_LOCAL without SID and secondary base rid */ {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, 0, NULL, NULL}, EINVAL, NULL, NULL, 0, {0, 0}, false}, /* old-style range with SID and secondary base rid */ {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, SECONDARY_BASE_RID, DOMAIN_SID, NULL}, EINVAL, NULL, NULL, 0, {0, 0}, false}, /* working IPA_RANGE_AD_TRUST range */ {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, 0, DOMAIN_SID, discard_const(IPA_RANGE_AD_TRUST)}, EOK, DOMAIN_SID, DOMAIN_SID, BASE_RID, {BASE_ID, RANGE_MAX}, false}, /* working old-style IPA_RANGE_AD_TRUST range without range type */ {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, 0, DOMAIN_SID, NULL}, EOK, DOMAIN_SID, DOMAIN_SID, BASE_RID, {BASE_ID, RANGE_MAX}, false}, /* working IPA_RANGE_AD_TRUST_POSIX range */ {{RANGE_NAME, BASE_ID, RANGE_SIZE, BASE_RID, 0, DOMAIN_SID, discard_const(IPA_RANGE_AD_TRUST_POSIX)}, EOK, DOMAIN_SID, DOMAIN_SID, 0, {BASE_ID, RANGE_MAX}, true}, {{0}, 0, NULL, NULL, 0, {0, 0}, false} }; for (c = 0; d[c].exp_dom_name != NULL; c++) { ret = get_idmap_data_from_range(&d[c].r, DOMAIN_NAME, &dom_name, &sid, &rid, &range, &external_mapping); assert_int_equal(ret, d[c].exp_ret); assert_string_equal(dom_name, d[c].exp_dom_name); if (d[c].exp_sid == NULL) { assert_null(sid); } else { assert_string_equal(sid, d[c].exp_sid); } assert_int_equal(rid, d[c].exp_rid); assert_int_equal(range.min, d[c].exp_range.min); assert_int_equal(range.max, d[c].exp_range.max); assert_true(external_mapping == d[c].exp_external_mapping); } } errno_t __wrap_sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, size_t *range_count, struct range_info ***range_list) { *range_count = sss_mock_type(size_t); *range_list = talloc_steal(mem_ctx, sss_mock_ptr_type(struct range_info **)); return EOK; } struct test_ctx { struct sdap_idmap_ctx *idmap_ctx; struct sdap_id_ctx *sdap_id_ctx; }; static struct range_info **get_range_list(TALLOC_CTX *mem_ctx) { struct range_info **range_list; range_list = talloc_array(mem_ctx, struct range_info *, 2); assert_non_null(range_list); range_list[0] = talloc_zero(range_list, struct range_info); assert_non_null(range_list[0]); range_list[0]->name = talloc_strdup(range_list[0], RANGE_NAME); assert_non_null( range_list[0]->name); range_list[0]->base_id = BASE_ID; range_list[0]->id_range_size = RANGE_SIZE; range_list[0]->base_rid = BASE_RID; range_list[0]->secondary_base_rid = 0; range_list[0]->trusted_dom_sid = talloc_strdup(range_list[0], DOMAIN_SID); assert_non_null(range_list[0]->trusted_dom_sid); range_list[0]->range_type = talloc_strdup(range_list[0], IPA_RANGE_AD_TRUST); assert_non_null(range_list[0]->range_type); return range_list; } void setup_idmap_ctx(void **state) { int ret; struct test_ctx *test_ctx; assert_true(leak_check_setup()); test_ctx = talloc_zero(global_talloc_context, struct test_ctx); assert_non_null(test_ctx); test_ctx->sdap_id_ctx = talloc_zero(test_ctx, struct sdap_id_ctx); assert_non_null(test_ctx->sdap_id_ctx); test_ctx->sdap_id_ctx->be = talloc_zero(test_ctx->sdap_id_ctx, struct be_ctx); assert_non_null(test_ctx->sdap_id_ctx->be); test_ctx->sdap_id_ctx->be->domain = talloc_zero(test_ctx->sdap_id_ctx->be, struct sss_domain_info); assert_non_null(test_ctx->sdap_id_ctx->be->domain); test_ctx->sdap_id_ctx->be->domain->name = talloc_strdup(test_ctx->sdap_id_ctx->be->domain, DOMAIN_NAME); assert_non_null(test_ctx->sdap_id_ctx->be->domain->name); will_return(__wrap_sysdb_get_ranges, 1); will_return(__wrap_sysdb_get_ranges, get_range_list(global_talloc_context)); ret = ipa_idmap_init(test_ctx, test_ctx->sdap_id_ctx, &test_ctx->idmap_ctx); assert_int_equal(ret, EOK); check_leaks_push(test_ctx); *state = test_ctx; } void teardown_idmap_ctx(void **state) { struct test_ctx *test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); assert_true(check_leaks_pop(test_ctx) == true); talloc_free(test_ctx); assert_true(leak_check_teardown()); } void test_ipa_idmap_get_ranges_from_sysdb(void **state) { int ret; struct test_ctx *test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); will_return(__wrap_sysdb_get_ranges, 1); will_return(__wrap_sysdb_get_ranges, get_range_list(test_ctx->idmap_ctx)); ret = ipa_idmap_get_ranges_from_sysdb(test_ctx->idmap_ctx, DOMAIN_NAME, DOMAIN_SID, true); assert_int_equal(ret, EOK); will_return(__wrap_sysdb_get_ranges, 1); will_return(__wrap_sysdb_get_ranges, get_range_list(global_talloc_context)); ret = ipa_idmap_get_ranges_from_sysdb(test_ctx->idmap_ctx, DOMAIN_NAME, DOMAIN_SID, false); assert_int_equal(ret, EIO); } int main(int argc, const char *argv[]) { poptContext pc; int opt; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_DEBUG_OPTS POPT_TABLEEND }; const UnitTest tests[] = { unit_test(test_get_idmap_data_from_range), unit_test_setup_teardown(test_ipa_idmap_get_ranges_from_sysdb, setup_idmap_ctx, teardown_idmap_ctx), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); tests_set_cwd(); return run_tests(tests); } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/test_io.c0000644000000000000000000000007412320753107020553 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.784874855 sssd-1.11.5/src/tests/cmocka/test_io.c0000664002412700241270000000762512320753107021007 0ustar00jhrozekjhrozek00000000000000/* SSSD find_uid - Utilities tests Authors: Abhishek Singh Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include #include #include #include #include "limits.h" #include "util/io.h" #include "util/util.h" #include "tests/common.h" #define FILE_PATH TEST_DIR"/test_io.XXXXXX" #define NON_EX_PATH "non-existent-path" /* Creates a unique temporary file inside TEST_DIR and returns its path*/ static char *get_filepath(char path[]) { int ret; strncpy(path, FILE_PATH, PATH_MAX-1); ret = mkstemp(path); if (ret == -1) { int err = errno; fprintf(stderr, "mkstemp failed with path:'%s' [%s]\n", path, strerror(err)); } assert_false(ret == -1); return path; } void setup_dirp(void **state) { DIR *dirp = opendir(TEST_DIR); if (dirp == NULL) { int err = errno; fprintf(stderr, "Could not open directory:'%s' [%s]\n", TEST_DIR, strerror(err)); } assert_non_null(dirp); *state = (void *)dirp; } void teardown_dirp(void **state) { closedir((DIR *)*state); } void test_sss_open_cloexec_success(void **state) { int fd; int ret; int ret_flag; int expec_flag; int flags = O_RDWR; char path[PATH_MAX] = {'\0'}; fd = sss_open_cloexec(get_filepath(path), flags, &ret); assert_true(fd != -1); ret_flag = fcntl(fd, F_GETFD, 0); expec_flag = FD_CLOEXEC; assert_true(ret_flag & expec_flag); close(fd); unlink(path); } void test_sss_open_cloexec_fail(void **state) { int fd; int ret; int flags = O_RDWR; fd = sss_open_cloexec(NON_EX_PATH, flags, &ret); assert_true(fd == -1); assert_int_not_equal(ret, 0); close(fd); } void test_sss_openat_cloexec_success(void **state) { int fd; int ret; int ret_flag; int expec_flag; int dir_fd; int flags = O_RDWR; char path[PATH_MAX] = {'\0'}; char *basec; const char *relativepath; dir_fd = dirfd((DIR *)*state); basec = strdup(get_filepath(path)); assert_non_null(basec); relativepath = basename(basec); fd = sss_openat_cloexec(dir_fd, relativepath, flags, &ret); free(basec); assert_true(fd != -1); ret_flag = fcntl(fd, F_GETFD, 0); expec_flag = FD_CLOEXEC; assert_true(ret_flag & expec_flag); close(fd); unlink(path); } void test_sss_openat_cloexec_fail(void **state) { int fd; int ret; int dir_fd; int flags = O_RDWR; dir_fd = dirfd((DIR *)*state); fd = sss_openat_cloexec(dir_fd, NON_EX_PATH, flags, &ret); assert_true(fd == -1); assert_int_not_equal(ret, 0); close(fd); } int main(void) { const UnitTest tests[] = { unit_test(test_sss_open_cloexec_success), unit_test(test_sss_open_cloexec_fail), unit_test_setup_teardown(test_sss_openat_cloexec_success, setup_dirp, teardown_dirp), unit_test_setup_teardown(test_sss_openat_cloexec_fail, setup_dirp, teardown_dirp) }; tests_set_cwd(); return run_tests(tests); } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/common_mock_resp.c0000644000000000000000000000007412320753107022437 xustar000000000000000030 atime=1396954939.273891426 30 ctime=1396954961.725874898 sssd-1.11.5/src/tests/cmocka/common_mock_resp.c0000664002412700241270000000730312320753107022664 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2013 Red Hat SSSD tests: Common utilities for tests that exercise domains This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "util/util.h" #include "tests/cmocka/common_mock_resp.h" /* Mock a responder context */ struct resp_ctx * mock_rctx(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sss_domain_info *domains, void *pvt_ctx) { struct resp_ctx *rctx; errno_t ret; rctx = talloc_zero(mem_ctx, struct resp_ctx); if (!rctx) return NULL; ret = sss_hash_create(rctx, 30, &rctx->dp_request_table); if (ret != EOK) { talloc_free(rctx); return NULL; } rctx->ev = ev; rctx->domains = domains; rctx->pvt_ctx = pvt_ctx; return rctx; } /* Mock a client context */ struct cli_ctx * mock_cctx(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx) { struct cli_ctx *cctx; cctx = talloc_zero(mem_ctx, struct cli_ctx); if (!cctx) return NULL; cctx->creq = talloc_zero(cctx, struct cli_request); if (cctx->creq == NULL) { talloc_free(cctx); return NULL; } cctx->rctx = rctx; return cctx; } /* Mock DP requests that finish immediatelly and return * mocked values as per previous set by mock_account_recv */ struct tevent_req * sss_dp_get_account_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_domain_info *dom, bool fast_reply, enum sss_dp_acct_type type, const char *opt_name, uint32_t opt_id, const char *extra) { return test_req_succeed_send(mem_ctx, rctx->ev); } errno_t sss_dp_get_account_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, dbus_uint16_t *dp_err, dbus_uint32_t *dp_ret, char **err_msg) { acct_cb_t cb; *dp_err = sss_mock_type(dbus_uint16_t); *dp_ret = sss_mock_type(dbus_uint32_t); *dp_ret = sss_mock_type(dbus_uint32_t); cb = sss_mock_ptr_type(acct_cb_t); if (cb) { (cb)(sss_mock_ptr_type(void *)); } return test_request_recv(req); } void mock_account_recv(uint16_t dp_err, uint32_t dp_ret, char *msg, acct_cb_t acct_cb, void *pvt) { will_return(sss_dp_get_account_recv, dp_err); will_return(sss_dp_get_account_recv, dp_ret); will_return(sss_dp_get_account_recv, msg); will_return(sss_dp_get_account_recv, acct_cb); if (acct_cb) { will_return(sss_dp_get_account_recv, pvt); } } void mock_account_recv_simple(void) { return mock_account_recv(0, 0, NULL, NULL, NULL); } /* Mock subdomain requests */ struct tevent_req * sss_dp_get_domains_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, bool force, const char *hint) { return test_req_succeed_send(mem_ctx, rctx->ev); } errno_t sss_dp_get_domains_recv(struct tevent_req *req) { return test_request_recv(req); } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/test_search_bases.c0000644000000000000000000000007412320753107022566 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.787874852 sssd-1.11.5/src/tests/cmocka/test_search_bases.c0000664002412700241270000001244212320753107023013 0ustar00jhrozekjhrozek00000000000000/* Authors: Pavel Reichl Copyright (C) 2013 Red Hat SSSD tests - Search bases This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include #include "util/find_uid.h" #include "util/sss_ldap.h" #include "tests/common.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap.h" #include "dhash.h" #include "tests/common_check.h" enum sss_test_get_by_dn { DN_NOT_IN_DOMS, /* dn is not in any domain */ DN_IN_DOM1, /* dn is in the domain based on dns */ DN_IN_DOM2, /* dn is in the domain based on dns2 */ }; static struct sdap_search_base** generate_bases(TALLOC_CTX *mem_ctx, const char** dns, size_t n) { struct sdap_search_base **search_bases; errno_t err; int i; search_bases = talloc_array(mem_ctx, struct sdap_search_base *, n + 1); assert_non_null(search_bases); for (i=0; i < n; ++i) { err = sdap_create_search_base(mem_ctx, dns[i], LDAP_SCOPE_SUBTREE, NULL, &search_bases[i]); if (err != EOK) { fprintf(stderr, "Failed to create search base\n"); } assert_int_equal(err, EOK); } search_bases[n] = NULL; return search_bases; } static bool do_test_search_bases(const char* dn, const char** dns, size_t n) { TALLOC_CTX *tmp_ctx; struct sdap_search_base **search_bases; bool ret; tmp_ctx = talloc_new(NULL); assert_non_null(tmp_ctx); search_bases = generate_bases(tmp_ctx, dns, n); check_leaks_push(tmp_ctx); ret = sss_ldap_dn_in_search_bases(tmp_ctx, dn, search_bases, NULL); assert_true(check_leaks_pop(tmp_ctx) == true); talloc_free(tmp_ctx); return ret; } void test_search_bases_fail(void **state) { const char *dn = "cn=user, dc=sub, dc=ad, dc=pb"; const char *dns[] = {"dc=example, dc=com", "dc=subdom, dc=ad, dc=pb"}; bool ret; ret = do_test_search_bases(dn, dns, 2); assert_false(ret); } void test_search_bases_success(void **state) { const char *dn = "cn=user, dc=sub, dc=ad, dc=pb"; const char *dns[] = {"", "dc=ad, dc=pb", "dc=sub, dc=ad, dc=pb"}; bool ret; ret = do_test_search_bases(dn, dns, 3); assert_true(ret); } static void do_test_get_by_dn(const char *dn, const char **dns, size_t n, const char **dns2, size_t n2, int expected_result) { TALLOC_CTX *tmp_ctx; struct sdap_options *opts; struct sdap_domain *sdom; struct sdap_domain *sdom2; struct sdap_domain *res_sdom; struct sdap_search_base **search_bases; struct sdap_search_base **search_bases2; tmp_ctx = talloc_new(NULL); assert_non_null(tmp_ctx); search_bases = generate_bases(tmp_ctx, dns, n); search_bases2 = generate_bases(tmp_ctx, dns2, n2); sdom = talloc_zero(tmp_ctx, struct sdap_domain); assert_non_null(sdom); sdom2 = talloc_zero(tmp_ctx, struct sdap_domain); assert_non_null(sdom2); sdom->search_bases = search_bases; sdom->next = sdom2; sdom->prev = NULL; sdom2->search_bases = search_bases2; sdom2->next = NULL; sdom2->prev = sdom; opts = talloc(tmp_ctx, struct sdap_options); assert_non_null(opts); opts->sdom = sdom; res_sdom = sdap_domain_get_by_dn(opts, dn); switch (expected_result) { case DN_NOT_IN_DOMS: assert_null(res_sdom); break; case DN_IN_DOM1: assert_true(res_sdom == sdom); break; case DN_IN_DOM2: assert_true(res_sdom == sdom2); break; } talloc_free(tmp_ctx); } void test_get_by_dn(void **state) { const char *dn = "cn=user, dc=sub, dc=ad, dc=pb"; const char *dns[] = {"dc=ad, dc=pb"}; const char *dns2[] = {"dc=sub, dc=ad, dc=pb"}; do_test_get_by_dn(dn, dns, 1, dns2, 1, DN_IN_DOM2); } void test_get_by_dn2(void **state) { const char *dn = "cn=user, dc=ad, dc=com"; const char *dns[] = {"dc=ad, dc=com"}; const char *dns2[] = {"dc=sub, dc=ad, dc=pb"}; do_test_get_by_dn(dn, dns, 1, dns2, 1, DN_IN_DOM1); } void test_get_by_dn_fail(void **state) { const char *dn = "cn=user, dc=sub, dc=example, dc=com"; const char *dns[] = {"dc=ad, dc=pb"}; const char *dns2[] = {"dc=sub, dc=ad, dc=pb"}; do_test_get_by_dn(dn, dns, 1, dns2, 1, DN_NOT_IN_DOMS); } int main(void) { const UnitTest tests[] = { unit_test(test_search_bases_fail), unit_test(test_search_bases_success), unit_test(test_get_by_dn_fail), unit_test(test_get_by_dn), unit_test(test_get_by_dn2) }; return run_tests(tests); } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/test_sss_idmap.c0000644000000000000000000000007412320753107022126 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.787874852 sssd-1.11.5/src/tests/cmocka/test_sss_idmap.c0000664002412700241270000004751612320753107022365 0ustar00jhrozekjhrozek00000000000000/* Authors: Sumit Bose Copyright (C) 2013 Red Hat SSSD tests: Unit tests for libsss_idmap This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "tests/cmocka/common_mock.h" #include "lib/idmap/sss_idmap.h" #define TEST_RANGE_MIN 200000 #define TEST_RANGE_MAX 399999 #define TEST_DOM_NAME "test.dom" #define TEST_DOM_SID "S-1-5-21-123-456-789" #define TEST_FIRST_RID 0 #define TEST_EXT_MAPPING true #define TEST_2_RANGE_MIN 600000 #define TEST_2_RANGE_MAX 799999 #define TEST_2_DOM_NAME "test2.dom" #define TEST_2_DOM_SID "S-1-5-21-987-654-321" #define TEST_2_FIRST_RID 1000000 #define TEST_2_EXT_MAPPING true #define TEST_OFFSET 1000000 #define TEST_OFFSET_STR "1000000" struct test_ctx { TALLOC_CTX *mem_idmap; struct sss_idmap_ctx *idmap_ctx; }; static void *idmap_talloc(size_t size, void *pvt) { return talloc_size(pvt, size); } static void idmap_free(void *ptr, void *pvt) { talloc_free(ptr); } void test_sss_idmap_setup(void **state) { struct test_ctx *test_ctx; enum idmap_error_code err; assert_true(leak_check_setup()); test_ctx = talloc_zero(global_talloc_context, struct test_ctx); assert_non_null(test_ctx); check_leaks_push(test_ctx); test_ctx->mem_idmap = talloc_new(test_ctx); assert_non_null(test_ctx->mem_idmap); err = sss_idmap_init(idmap_talloc, test_ctx->mem_idmap, idmap_free, &test_ctx->idmap_ctx); assert_int_equal(err, IDMAP_SUCCESS); *state = test_ctx; } void setup_ranges(struct test_ctx *test_ctx, bool external_mapping, bool second_domain) { struct sss_idmap_range range; enum idmap_error_code err; const char *name; const char *sid; assert_non_null(test_ctx); if (second_domain) { range.min = TEST_2_RANGE_MIN; range.max = TEST_2_RANGE_MAX; name = TEST_2_DOM_NAME; sid = TEST_2_DOM_SID; } else { range.min = TEST_RANGE_MIN; range.max = TEST_RANGE_MAX; name = TEST_DOM_NAME; sid = TEST_DOM_SID; } err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, name, sid, &range, NULL, 0, external_mapping); assert_int_equal(err, IDMAP_SUCCESS); range.min += TEST_OFFSET; range.max += TEST_OFFSET; err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, name, sid, &range, NULL, TEST_OFFSET, external_mapping); assert_int_equal(err, IDMAP_SUCCESS); } void test_sss_idmap_setup_with_domains(void **state) { struct test_ctx *test_ctx; test_sss_idmap_setup(state); test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); setup_ranges(test_ctx, false, false); } void test_sss_idmap_setup_with_external_mappings(void **state) { struct test_ctx *test_ctx; test_sss_idmap_setup(state); test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); setup_ranges(test_ctx, true, false); } void test_sss_idmap_setup_with_both(void **state) { struct test_ctx *test_ctx; test_sss_idmap_setup(state); test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); setup_ranges(test_ctx, false, false); setup_ranges(test_ctx, true, true); } void test_sss_idmap_teardown(void **state) { struct test_ctx *test_ctx; test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); talloc_free(test_ctx->idmap_ctx); talloc_free(test_ctx->mem_idmap); assert_true(check_leaks_pop(test_ctx) == true); talloc_free(test_ctx); assert_true(leak_check_teardown()); } void test_add_domain(void **state) { struct test_ctx *test_ctx; enum idmap_error_code err; struct sss_idmap_range range; test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); range.min = TEST_RANGE_MIN; range.max = TEST_RANGE_MAX; err = sss_idmap_add_domain(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID, &range); assert_int_equal(err, IDMAP_SUCCESS); err = sss_idmap_add_domain(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID, &range); assert_int_equal(err, IDMAP_COLLISION); err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID, &range, NULL, 0, false); assert_int_equal(err, IDMAP_COLLISION); range.min = TEST_RANGE_MIN + TEST_OFFSET; range.max = TEST_RANGE_MAX + TEST_OFFSET; err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID, &range, NULL, 0, false); assert_int_equal(err, IDMAP_COLLISION); err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME"X", TEST_DOM_SID, &range, NULL, TEST_OFFSET, false); assert_int_equal(err, IDMAP_COLLISION); err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID"1", &range, NULL, TEST_OFFSET, false); assert_int_equal(err, IDMAP_COLLISION); err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID, &range, NULL, TEST_OFFSET, true); assert_int_equal(err, IDMAP_COLLISION); err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID, &range, NULL, TEST_OFFSET, false); assert_int_equal(err, IDMAP_SUCCESS); range.min = TEST_RANGE_MIN + 2 * TEST_OFFSET; range.max = TEST_RANGE_MAX + 2 * TEST_OFFSET; err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME"-nosid", NULL, &range, NULL, TEST_OFFSET, false); assert_int_equal(err, IDMAP_SID_INVALID); err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME"-nosid", NULL, &range, NULL, TEST_OFFSET, true); assert_int_equal(err, IDMAP_SUCCESS); } void test_map_id(void **state) { struct test_ctx *test_ctx; enum idmap_error_code err; uint32_t id; char *sid = NULL; test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"1-1", &id); assert_int_equal(err, IDMAP_NO_DOMAIN); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-400000", &id); assert_int_equal(err, IDMAP_NO_RANGE); err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_OFFSET - 1, &sid); assert_int_equal(err, IDMAP_NO_DOMAIN); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-0", &id); assert_int_equal(err, IDMAP_SUCCESS); assert_int_equal(id, TEST_RANGE_MIN); err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, id, &sid); assert_int_equal(err, IDMAP_SUCCESS); assert_string_equal(sid, TEST_DOM_SID"-0"); sss_idmap_free_sid(test_ctx->idmap_ctx, sid); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-"TEST_OFFSET_STR, &id); assert_int_equal(err, IDMAP_SUCCESS); assert_int_equal(id, TEST_RANGE_MIN+TEST_OFFSET); err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, id, &sid); assert_int_equal(err, IDMAP_SUCCESS); assert_string_equal(sid, TEST_DOM_SID"-"TEST_OFFSET_STR); sss_idmap_free_sid(test_ctx->idmap_ctx, sid); } void test_map_id_external(void **state) { struct test_ctx *test_ctx; enum idmap_error_code err; uint32_t id; char *sid = NULL; test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"1-1", &id); assert_int_equal(err, IDMAP_NO_DOMAIN); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-400000", &id); assert_int_equal(err, IDMAP_EXTERNAL); err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_OFFSET - 1, &sid); assert_int_equal(err, IDMAP_NO_DOMAIN); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-0", &id); assert_int_equal(err, IDMAP_EXTERNAL); err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_RANGE_MIN, &sid); assert_int_equal(err, IDMAP_EXTERNAL); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-"TEST_OFFSET_STR, &id); assert_int_equal(err, IDMAP_EXTERNAL); err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_RANGE_MIN + TEST_OFFSET, &sid); assert_int_equal(err, IDMAP_EXTERNAL); } void test_check_sid_id(void **state) { struct test_ctx *test_ctx; enum idmap_error_code err; test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); err = sss_idmap_check_sid_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-400000", TEST_RANGE_MIN-1); assert_int_equal(err, IDMAP_NO_RANGE); err = sss_idmap_check_sid_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-400000", TEST_RANGE_MIN); assert_int_equal(err, IDMAP_SUCCESS); err = sss_idmap_check_sid_unix(test_ctx->idmap_ctx, TEST_DOM_SID"1-400000", TEST_RANGE_MIN); assert_int_equal(err, IDMAP_SID_UNKNOWN); err = sss_idmap_check_sid_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-400000", TEST_RANGE_MAX + TEST_OFFSET); assert_int_equal(err, IDMAP_SUCCESS); err = sss_idmap_check_sid_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-400000", TEST_RANGE_MAX + TEST_OFFSET + 1); assert_int_equal(err, IDMAP_NO_RANGE); } void test_has_algorithmic(void **state) { struct test_ctx *test_ctx; bool use_id_mapping; enum idmap_error_code err; test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); err = sss_idmap_domain_has_algorithmic_mapping(NULL, NULL, &use_id_mapping); assert_int_equal(err, IDMAP_SID_INVALID); err = sss_idmap_domain_has_algorithmic_mapping(NULL, TEST_DOM_SID, &use_id_mapping); assert_int_equal(err, IDMAP_CONTEXT_INVALID); err = sss_idmap_domain_has_algorithmic_mapping(test_ctx->idmap_ctx, NULL, &use_id_mapping); assert_int_equal(err, IDMAP_SID_INVALID); err = sss_idmap_domain_has_algorithmic_mapping(test_ctx->idmap_ctx, TEST_DOM_SID"1", &use_id_mapping); assert_int_equal(err, IDMAP_SID_UNKNOWN); err = sss_idmap_domain_has_algorithmic_mapping(test_ctx->idmap_ctx, TEST_DOM_SID, &use_id_mapping); assert_int_equal(err, IDMAP_SUCCESS); assert_true(use_id_mapping); err = sss_idmap_domain_has_algorithmic_mapping(test_ctx->idmap_ctx, TEST_2_DOM_SID, &use_id_mapping); assert_int_equal(err, IDMAP_SUCCESS); assert_false(use_id_mapping); } void test_has_algorithmic_by_name(void **state) { struct test_ctx *test_ctx; bool use_id_mapping; enum idmap_error_code err; test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); err = sss_idmap_domain_by_name_has_algorithmic_mapping(NULL, NULL, &use_id_mapping); assert_int_equal(err, IDMAP_ERROR); err = sss_idmap_domain_by_name_has_algorithmic_mapping(NULL, TEST_DOM_SID, &use_id_mapping); assert_int_equal(err, IDMAP_CONTEXT_INVALID); err = sss_idmap_domain_by_name_has_algorithmic_mapping(test_ctx->idmap_ctx, NULL, &use_id_mapping); assert_int_equal(err, IDMAP_ERROR); err = sss_idmap_domain_by_name_has_algorithmic_mapping(test_ctx->idmap_ctx, TEST_DOM_NAME"1", &use_id_mapping); assert_int_equal(err, IDMAP_NAME_UNKNOWN); err = sss_idmap_domain_by_name_has_algorithmic_mapping(test_ctx->idmap_ctx, TEST_DOM_NAME, &use_id_mapping); assert_int_equal(err, IDMAP_SUCCESS); assert_true(use_id_mapping); err = sss_idmap_domain_by_name_has_algorithmic_mapping(test_ctx->idmap_ctx, TEST_2_DOM_NAME, &use_id_mapping); assert_int_equal(err, IDMAP_SUCCESS); assert_false(use_id_mapping); } void test_sss_idmap_check_collision_ex(void **state) { enum idmap_error_code err; struct sss_idmap_range r1 = {TEST_RANGE_MIN, TEST_RANGE_MAX}; struct sss_idmap_range r2 = {TEST_2_RANGE_MIN, TEST_2_RANGE_MAX}; err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1, TEST_FIRST_RID, NULL, TEST_EXT_MAPPING, TEST_2_DOM_NAME, TEST_2_DOM_SID, &r2, TEST_2_FIRST_RID, NULL, TEST_2_EXT_MAPPING); assert_int_equal(err, IDMAP_SUCCESS); /* Same name, different SID */ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1, TEST_FIRST_RID, NULL, TEST_EXT_MAPPING, TEST_DOM_NAME, TEST_2_DOM_SID, &r2, TEST_2_FIRST_RID, NULL, TEST_2_EXT_MAPPING); assert_int_equal(err, IDMAP_COLLISION); /* Same SID, different name */ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1, TEST_FIRST_RID, NULL, TEST_EXT_MAPPING, TEST_2_DOM_NAME, TEST_DOM_SID, &r2, TEST_2_FIRST_RID, NULL, TEST_2_EXT_MAPPING); assert_int_equal(err, IDMAP_COLLISION); /* Same SID and name, no overlaps */ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1, TEST_FIRST_RID, NULL, TEST_EXT_MAPPING, TEST_DOM_NAME, TEST_DOM_SID, &r2, TEST_2_FIRST_RID, NULL, TEST_2_EXT_MAPPING); assert_int_equal(err, IDMAP_SUCCESS); /* Same SID and name, different mappings */ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1, TEST_FIRST_RID, NULL, TEST_EXT_MAPPING, TEST_DOM_NAME, TEST_DOM_SID, &r2, TEST_2_FIRST_RID, NULL, !TEST_EXT_MAPPING); assert_int_equal(err, IDMAP_COLLISION); /* Same SID and name, Overlapping RID range */ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1, TEST_FIRST_RID, NULL, false, TEST_DOM_NAME, TEST_DOM_SID, &r2, TEST_FIRST_RID, NULL, false); assert_int_equal(err, IDMAP_COLLISION); /* Different SID and name, Overlapping RID range */ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1, TEST_FIRST_RID, NULL, false, TEST_2_DOM_NAME, TEST_2_DOM_SID, &r2, TEST_FIRST_RID, NULL, false); assert_int_equal(err, IDMAP_SUCCESS); /* Overlapping ranges with no external mapping */ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1, TEST_FIRST_RID, NULL, false, TEST_2_DOM_NAME, TEST_2_DOM_SID, &r1, TEST_2_FIRST_RID, NULL, false); assert_int_equal(err, IDMAP_COLLISION); /* Overlapping ranges with external mapping */ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1, TEST_FIRST_RID, NULL, true, TEST_2_DOM_NAME, TEST_2_DOM_SID, &r1, TEST_2_FIRST_RID, NULL, true); assert_int_equal(err, IDMAP_SUCCESS); } int main(int argc, const char *argv[]) { poptContext pc; int opt; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_DEBUG_OPTS POPT_TABLEEND }; const UnitTest tests[] = { unit_test_setup_teardown(test_add_domain, test_sss_idmap_setup, test_sss_idmap_teardown), unit_test_setup_teardown(test_map_id, test_sss_idmap_setup_with_domains, test_sss_idmap_teardown), unit_test_setup_teardown(test_map_id_external, test_sss_idmap_setup_with_external_mappings, test_sss_idmap_teardown), unit_test_setup_teardown(test_check_sid_id, test_sss_idmap_setup_with_domains, test_sss_idmap_teardown), unit_test_setup_teardown(test_check_sid_id, test_sss_idmap_setup_with_external_mappings, test_sss_idmap_teardown), unit_test_setup_teardown(test_has_algorithmic, test_sss_idmap_setup_with_both, test_sss_idmap_teardown), unit_test_setup_teardown(test_has_algorithmic_by_name, test_sss_idmap_setup_with_both, test_sss_idmap_teardown), unit_test(test_sss_idmap_check_collision_ex), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); tests_set_cwd(); return run_tests(tests); } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/test_fqnames.c0000644000000000000000000000007412320753107021576 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.718874903 sssd-1.11.5/src/tests/cmocka/test_fqnames.c0000664002412700241270000002153012320753107022021 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2013 Red Hat SSSD tests: Fully Qualified Names Tests This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "tests/cmocka/common_mock.h" #define NAME "name" #define DOMNAME "domname" #define FLATNAME "flatname" struct fqdn_test_ctx { struct sss_domain_info *dom; struct sss_names_ctx *nctx; }; void fqdn_test_setup(void **state) { struct fqdn_test_ctx *test_ctx; assert_true(leak_check_setup()); test_ctx = talloc_zero(global_talloc_context, struct fqdn_test_ctx); assert_non_null(test_ctx); test_ctx->dom = talloc_zero(test_ctx, struct sss_domain_info); assert_non_null(test_ctx->dom); test_ctx->dom->name = discard_const(DOMNAME); test_ctx->dom->flat_name = discard_const(FLATNAME); check_leaks_push(test_ctx); *state = test_ctx; } void fqdn_test_teardown(void **state) { struct fqdn_test_ctx *test_ctx = talloc_get_type(*state, struct fqdn_test_ctx); if (test_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); return; } assert_true(check_leaks_pop(test_ctx) == true); talloc_free(test_ctx); assert_true(leak_check_teardown()); } void test_default(void **state) { struct fqdn_test_ctx *test_ctx = talloc_get_type(*state, struct fqdn_test_ctx); errno_t ret; char *fqdn; const int fqdn_size = 255; char fqdn_s[fqdn_size]; size_t domsize; if (test_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); return; } ret = sss_names_init_from_args(test_ctx, "(?P[^@]+)@?(?P[^@]*$)", "%1$s@%2$s", &test_ctx->nctx); assert_int_equal(ret, EOK); assert_int_equal(test_ctx->nctx->fq_flags, FQ_FMT_NAME | FQ_FMT_DOMAIN); fqdn = sss_tc_fqname(test_ctx, test_ctx->nctx, test_ctx->dom, NAME); assert_non_null(fqdn); assert_string_equal(fqdn, NAME"@"DOMNAME); talloc_free(fqdn); ret = sss_fqname(fqdn_s, fqdn_size, test_ctx->nctx, test_ctx->dom, NAME); assert_int_equal(ret + 1, sizeof(NAME"@"DOMNAME)); assert_string_equal(fqdn_s, NAME"@"DOMNAME); domsize = sss_fqdom_len(test_ctx->nctx, test_ctx->dom); assert_int_equal(domsize, sizeof(DOMNAME)-1); talloc_free(test_ctx->nctx); } void test_all(void **state) { struct fqdn_test_ctx *test_ctx = talloc_get_type(*state, struct fqdn_test_ctx); errno_t ret; char *fqdn; const int fqdn_size = 255; char fqdn_s[fqdn_size]; size_t domsize; if (test_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); return; } ret = sss_names_init_from_args(test_ctx, "(?P[^@]+)@?(?P[^@]*$)", "%1$s@%2$s@%3$s", &test_ctx->nctx); assert_int_equal(ret, EOK); assert_int_equal(test_ctx->nctx->fq_flags, FQ_FMT_NAME | FQ_FMT_DOMAIN | FQ_FMT_FLAT_NAME); fqdn = sss_tc_fqname(test_ctx, test_ctx->nctx, test_ctx->dom, NAME); assert_non_null(fqdn); assert_string_equal(fqdn, NAME"@"DOMNAME"@"FLATNAME); talloc_free(fqdn); ret = sss_fqname(fqdn_s, fqdn_size, test_ctx->nctx, test_ctx->dom, NAME); assert_int_equal(ret + 1, sizeof(NAME"@"DOMNAME"@"FLATNAME)); assert_string_equal(fqdn_s, NAME"@"DOMNAME"@"FLATNAME); domsize = sss_fqdom_len(test_ctx->nctx, test_ctx->dom); assert_int_equal(domsize, sizeof(DOMNAME)-1 + sizeof(FLATNAME)-1); talloc_free(test_ctx->nctx); } void test_flat(void **state) { struct fqdn_test_ctx *test_ctx = talloc_get_type(*state, struct fqdn_test_ctx); errno_t ret; char *fqdn; const int fqdn_size = 255; char fqdn_s[fqdn_size]; size_t domsize; if (test_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); return; } ret = sss_names_init_from_args(test_ctx, "(?P[^@]+)@?(?P[^@]*$)", "%1$s@%3$s", &test_ctx->nctx); assert_int_equal(ret, EOK); assert_int_equal(test_ctx->nctx->fq_flags, FQ_FMT_NAME | FQ_FMT_FLAT_NAME); fqdn = sss_tc_fqname(test_ctx, test_ctx->nctx, test_ctx->dom, NAME); assert_non_null(fqdn); assert_string_equal(fqdn, NAME"@"FLATNAME); talloc_free(fqdn); ret = sss_fqname(fqdn_s, fqdn_size, test_ctx->nctx, test_ctx->dom, NAME); assert_int_equal(ret + 1, sizeof(NAME"@"FLATNAME)); assert_string_equal(fqdn_s, NAME"@"FLATNAME); domsize = sss_fqdom_len(test_ctx->nctx, test_ctx->dom); assert_int_equal(domsize, sizeof(FLATNAME)-1); talloc_free(test_ctx->nctx); } void test_flat_fallback(void **state) { struct fqdn_test_ctx *test_ctx = talloc_get_type(*state, struct fqdn_test_ctx); errno_t ret; char *fqdn; const int fqdn_size = 255; char fqdn_s[fqdn_size]; size_t domsize; if (test_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); return; } ret = sss_names_init_from_args(test_ctx, "(?P[^@]+)@?(?P[^@]*$)", "%1$s@%3$s", &test_ctx->nctx); assert_int_equal(ret, EOK); assert_int_equal(test_ctx->nctx->fq_flags, FQ_FMT_NAME | FQ_FMT_FLAT_NAME); test_ctx->dom->flat_name = NULL; /* If flat name is requested but does not exist, the code falls back to domain * name */ fqdn = sss_tc_fqname(test_ctx, test_ctx->nctx, test_ctx->dom, NAME); assert_non_null(fqdn); assert_string_equal(fqdn, NAME"@"DOMNAME); talloc_free(fqdn); ret = sss_fqname(fqdn_s, fqdn_size, test_ctx->nctx, test_ctx->dom, NAME); assert_int_equal(ret + 1, sizeof(NAME"@"DOMNAME)); assert_string_equal(fqdn_s, NAME"@"DOMNAME); domsize = sss_fqdom_len(test_ctx->nctx, test_ctx->dom); assert_int_equal(domsize, sizeof(DOMNAME)-1); talloc_free(test_ctx->nctx); } void test_init_nouser(void **state) { struct fqdn_test_ctx *test_ctx = talloc_get_type(*state, struct fqdn_test_ctx); errno_t ret; if (test_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Type mismatch\n")); return; } ret = sss_names_init_from_args(test_ctx, "(?P[^@]+)@?(?P[^@]*$)", "%2$s@%3$s", &test_ctx->nctx); /* Initialization with no user name must fail */ assert_int_not_equal(ret, EOK); } int main(int argc, const char *argv[]) { poptContext pc; int opt; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_DEBUG_OPTS POPT_TABLEEND }; const UnitTest tests[] = { unit_test_setup_teardown(test_default, fqdn_test_setup, fqdn_test_teardown), unit_test_setup_teardown(test_all, fqdn_test_setup, fqdn_test_teardown), unit_test_setup_teardown(test_flat, fqdn_test_setup, fqdn_test_teardown), unit_test_setup_teardown(test_flat_fallback, fqdn_test_setup, fqdn_test_teardown), unit_test_setup_teardown(test_init_nouser, fqdn_test_setup, fqdn_test_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); /* Even though normally the tests should clean up after themselves * they might not after a failed run. Remove the old db to be sure */ tests_set_cwd(); return run_tests(tests); } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/common_mock_resp.h0000644000000000000000000000007412320753107022444 xustar000000000000000030 atime=1396954939.273891426 30 ctime=1396954961.505875061 sssd-1.11.5/src/tests/cmocka/common_mock_resp.h0000664002412700241270000000423412320753107022671 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2013 Red Hat SSSD tests: Common utilities for tests that exercise domains This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __COMMON_MOCK_RESP_H_ #define __COMMON_MOCK_RESP_H_ #include "util/util.h" #include "responder/common/responder.h" #include "tests/cmocka/common_mock.h" /* Mock a responder context */ struct resp_ctx * mock_rctx(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sss_domain_info *domains, void *pvt_ctx); /* Mock a client context */ struct cli_ctx * mock_cctx(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx); /* When mocking a module that calls sss_dp_get_account_{send,recv} * requests, your test, when linked against this module, will call * the mock functions instead. Then you can simulate results of the * sss_dp_get_account_recv call by calling mock_account_recv. * * The mocked sss_sp_get_account_recv shall return the return values * given with parameters dp_err, dp_ret and msg and optionally also call * the acct_cb_t callback, if given with the pvt pointer as user data. * The callback can for instance populate the cache, thus simulating * Data Provider lookup. * * There is also even simpler wrapper called mock_account_recv_simple * that just finishes the account request with a success. */ typedef int (*acct_cb_t)(void *); void mock_account_recv(uint16_t dp_err, uint32_t dp_ret, char *msg, acct_cb_t acct_cb, void *pvt); void mock_account_recv_simple(void); #endif /* __COMMON_MOCK_RESP_H_ */ sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/common_mock.h0000644000000000000000000000007412320753107021413 xustar000000000000000030 atime=1396954939.273891426 30 ctime=1396954961.504875061 sssd-1.11.5/src/tests/cmocka/common_mock.h0000664002412700241270000000271712320753107021644 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2013 Red Hat SSSD tests: Common utilities for tests that exercise domains This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #ifndef __COMMON_MOCK_H_ #define __COMMON_MOCK_H_ /* * from cmocka.c: * These headers or their equivalents should be included prior to * including * this header file. * * #include * #include * #include * * This allows test applications to use custom definitions of C standard * library functions and types. */ #include #include #include #include #include "tests/common.h" #define sss_mock_type(type) ((type) mock()) #define sss_mock_ptr_type(type) ((type) (uintptr_t) mock()) enum sss_test_wrapper_call { WRAP_CALL_WRAPPER, WRAP_CALL_REAL }; #endif /* __COMMON_MOCK_H_ */ sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/test_ad_access_filter.c0000644000000000000000000000007412320753107023416 xustar000000000000000030 atime=1396954939.273891426 30 ctime=1396954961.705874913 sssd-1.11.5/src/tests/cmocka/test_ad_access_filter.c0000664002412700241270000002264012320753107023644 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2013 Red Hat SSSD tests: AD access control filter tests This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include /* In order to access opaque types */ #include "providers/ad/ad_access.c" #include "tests/cmocka/common_mock.h" #define DOM_NAME "parent_dom" struct ad_access_test_ctx { struct sss_domain_info *dom; }; static struct ad_access_test_ctx *test_ctx; void ad_access_filter_test_setup(void **state) { assert_true(leak_check_setup()); test_ctx = talloc_zero(global_talloc_context, struct ad_access_test_ctx); assert_non_null(test_ctx); test_ctx->dom = talloc_zero(test_ctx, struct sss_domain_info); assert_non_null(test_ctx->dom); test_ctx->dom->name = talloc_strdup(test_ctx->dom, DOM_NAME); assert_non_null(test_ctx->dom->name); } void ad_access_filter_test_teardown(void **state) { talloc_free(test_ctx); assert_true(leak_check_teardown()); } struct filter_parse_result { const int result; const char *best_match; }; static void test_parse_filter_generic(const char *filter_in, struct filter_parse_result *expected) { errno_t ret; TALLOC_CTX *tmp_ctx; char *best_match; assert_non_null(expected); tmp_ctx = talloc_new(global_talloc_context); assert_non_null(tmp_ctx); check_leaks_push(tmp_ctx); ret = ad_parse_access_filter(tmp_ctx, test_ctx->dom, filter_in, &best_match); assert_int_equal(ret, expected->result); if (expected->result != EOK) { goto done; } if (expected->best_match != NULL) { assert_string_equal(best_match, expected->best_match); } else { assert_true(best_match == NULL); } talloc_free(best_match); done: assert_true(check_leaks_pop(tmp_ctx) == true); talloc_free(tmp_ctx); } /* Test that setting no filter lets all access through */ void test_no_filter(void **state) { struct filter_parse_result expected = { .result = EOK, .best_match = NULL }; test_parse_filter_generic(NULL, &expected); } /* Test that if one filter is provided, it is returned as-is */ void test_single_filter(void **state) { struct filter_parse_result expected = { .result = EOK, .best_match = "(name=foo)" }; test_parse_filter_generic("name=foo", &expected); test_parse_filter_generic("(name=foo)", &expected); test_parse_filter_generic(DOM_NAME":(name=foo)", &expected); test_parse_filter_generic("DOM:"DOM_NAME":(name=foo)", &expected); } /* Test that if more filters are provided, the best match is returned */ void test_filter_order(void **state) { struct filter_parse_result expected = { .result = EOK, .best_match = "(name=foo)" }; test_parse_filter_generic("name=foo?name=bar", &expected); test_parse_filter_generic(DOM_NAME":(name=foo)?name=bar", &expected); test_parse_filter_generic("name=bla?"DOM_NAME":(name=foo)?name=bar", &expected); /* Test that another foreign domain wouldn't match */ test_parse_filter_generic("anotherdom:(name=bla)?"DOM_NAME":(name=foo)", &expected); test_parse_filter_generic("anotherdom:(name=bla)?(name=foo)", &expected); } void test_filter_no_match(void **state) { struct filter_parse_result expected = { .result = EOK, .best_match = NULL }; test_parse_filter_generic("anotherdom:(name=bla)?yetanother:(name=foo)", &expected); } void parse_test_setup(void **state) { assert_true(leak_check_setup()); } void parse_test_teardown(void **state) { assert_true(leak_check_teardown()); } struct parse_result { const int result; const char *filter; const char *spec; const int flags; }; static void test_parse_generic(const char *filter_in, struct parse_result *expected) { errno_t ret; TALLOC_CTX *tmp_ctx; char *filter; char *spec; int flags; assert_non_null(expected); tmp_ctx = talloc_new(global_talloc_context); assert_non_null(tmp_ctx); check_leaks_push(tmp_ctx); ret = parse_filter(tmp_ctx, filter_in, &filter, &spec, &flags); assert_int_equal(ret, expected->result); if (expected->result != EOK) { goto done; } if (expected->filter != NULL) { assert_string_equal(filter, expected->filter); } else { assert_true(filter == NULL); } talloc_free(filter); if (expected->spec != NULL) { assert_string_equal(spec, expected->spec); } else { assert_true(spec == NULL); } talloc_free(spec); assert_int_equal(flags, expected->flags); done: assert_true(check_leaks_pop(tmp_ctx) == true); talloc_free(tmp_ctx); } void test_parse_plain(void **state) { struct parse_result expected = { .result = EOK, .filter = "name=foo", .spec = NULL, .flags = AD_FILTER_GENERIC }; test_parse_generic("name=foo", &expected); } void test_parse_dom_without_kw(void **state) { struct parse_result expected = { .result = EOK, .filter = "(name=foo)", .spec = "mydom", .flags = AD_FILTER_DOMAIN }; test_parse_generic("mydom:(name=foo)", &expected); /* Check we can handle domain called DOM */ struct parse_result expected2 = { .result = EOK, .filter = "(name=foo)", .spec = "DOM", .flags = AD_FILTER_DOMAIN }; test_parse_generic("DOM:(name=foo)", &expected2); } void test_parse_dom_kw(void **state) { struct parse_result expected = { .result = EOK, .filter = "(name=foo)", .spec = "mydom", .flags = AD_FILTER_DOMAIN }; test_parse_generic("DOM:mydom:(name=foo)", &expected); } void test_parse_forest_kw(void **state) { struct parse_result expected = { .result = EOK, .filter = "(name=foo)", .spec = "myforest", .flags = AD_FILTER_FOREST }; test_parse_generic("FOREST:myforest:(name=foo)", &expected); } void test_parse_malformed(void **state) { struct parse_result expected = { .result = EINVAL, }; test_parse_generic("DOM:", &expected); test_parse_generic("DOM::", &expected); test_parse_generic("DOM:mydom:", &expected); test_parse_generic("DOM:mydom:name=foo", &expected); test_parse_generic("DOM::(name=foo)", &expected); test_parse_generic("BLABLABLA:mydom:name=foo", &expected); } int main(int argc, const char *argv[]) { poptContext pc; int opt; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_DEBUG_OPTS POPT_TABLEEND }; const UnitTest tests[] = { unit_test_setup_teardown(test_parse_plain, parse_test_setup, parse_test_teardown), unit_test_setup_teardown(test_parse_dom_without_kw, parse_test_setup, parse_test_teardown), unit_test_setup_teardown(test_parse_dom_kw, parse_test_setup, parse_test_teardown), unit_test_setup_teardown(test_parse_forest_kw, parse_test_setup, parse_test_teardown), unit_test_setup_teardown(test_parse_malformed, parse_test_setup, parse_test_teardown), unit_test_setup_teardown(test_no_filter, ad_access_filter_test_setup, ad_access_filter_test_teardown), unit_test_setup_teardown(test_single_filter, ad_access_filter_test_setup, ad_access_filter_test_teardown), unit_test_setup_teardown(test_filter_order, ad_access_filter_test_setup, ad_access_filter_test_teardown), unit_test_setup_teardown(test_filter_no_match, ad_access_filter_test_setup, ad_access_filter_test_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); tests_set_cwd(); return run_tests(tests); } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/sss_nss_idmap-tests.c0000644000000000000000000000007412320753107023112 xustar000000000000000030 atime=1396954939.273891426 30 ctime=1396954961.748874881 sssd-1.11.5/src/tests/cmocka/sss_nss_idmap-tests.c0000664002412700241270000000675712320753107023353 0ustar00jhrozekjhrozek00000000000000/* Authors: Sumit Bose Copyright (C) 2013 Red Hat Test for the NSS Responder ID-SID mapping interface This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "sss_client/idmap/sss_nss_idmap.h" #include "tests/cmocka/common_mock.h" #include #include "sss_client/sss_cli.h" struct sss_nss_make_request_test_data { uint8_t *repbuf; size_t replen; int errnop; enum nss_status nss_status; }; uint8_t buf1[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 0x00}; uint8_t buf2[] = {0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 0x00}; uint8_t buf3[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 0x00}; uint8_t buf4[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 'x'}; enum nss_status sss_nss_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop) { struct sss_nss_make_request_test_data *d; d = sss_mock_ptr_type(struct sss_nss_make_request_test_data *); *replen = d->replen; *errnop = d->errnop; /* the caller must be able to free repbuf. */ if (*replen != 0 && d->repbuf != NULL) { *repbuf = malloc(*replen); assert_non_null(*repbuf); memcpy(*repbuf, d->repbuf, *replen); } return d->nss_status; } void test_getsidbyname(void **state) { int ret; char *sid; size_t c; enum sss_id_type type; struct test_data { struct sss_nss_make_request_test_data d; int ret; const char *str; } d[] = { {{buf1, sizeof(buf1), 0, NSS_STATUS_SUCCESS}, EOK, "test"}, {{buf2, sizeof(buf2), 0, NSS_STATUS_SUCCESS}, EBADMSG, NULL}, {{buf3, sizeof(buf3), 0, NSS_STATUS_SUCCESS}, ENOENT, NULL}, {{buf4, sizeof(buf4), 0, NSS_STATUS_SUCCESS}, EBADMSG, NULL}, {{NULL, 0, 0, 0}, 0, NULL} }; ret = sss_nss_getsidbyname(NULL, NULL, NULL); assert_int_equal(ret, EINVAL); ret = sss_nss_getsidbyname("", NULL, NULL); assert_int_equal(ret, EINVAL); ret = sss_nss_getsidbyname("", &sid, NULL); assert_int_equal(ret, EINVAL); for (c = 0; d[c].d.repbuf != NULL; c++) { will_return(sss_nss_make_request, &d[0].d); ret = sss_nss_getsidbyname("test", &sid, &type); assert_int_equal(ret, d[0].ret); if (ret == EOK) { assert_string_equal(sid, d[0].str); assert_int_equal(type, 0); } } } int main(int argc, const char *argv[]) { const UnitTest tests[] = { unit_test(test_getsidbyname), }; return run_tests(tests); } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/test_find_uid.c0000644000000000000000000000007412320753107021725 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.784874855 sssd-1.11.5/src/tests/cmocka/test_find_uid.c0000664002412700241270000000463012320753107022152 0ustar00jhrozekjhrozek00000000000000/* SSSD find_uid - Utilities tests Authors: Abhishek Singh Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include "util/find_uid.h" #include "tests/common.h" #include "dhash.h" void test_check_if_uid_is_active_success(void **state) { int ret; uid_t uid; bool result; uid = getuid(); ret = check_if_uid_is_active(uid, &result); assert_true(ret == EOK); assert_true(result); } void test_check_if_uid_is_active_fail(void **state) { int ret; uid_t uid; bool result; uid = (uid_t) -7; ret = check_if_uid_is_active(uid, &result); assert_true(ret == EOK); assert_true(!result); } void test_get_uid_table(void **state) { int ret; uid_t uid; TALLOC_CTX *tmp_ctx; hash_table_t *table; hash_key_t key; hash_value_t value; tmp_ctx = talloc_new(NULL); assert_true(tmp_ctx != NULL); ret = get_uid_table(tmp_ctx, &table); assert_true(ret == EOK); uid = getuid(); key.type = HASH_KEY_ULONG; key.ul = (unsigned long) uid; ret = hash_lookup(table, &key, &value); assert_true(ret == HASH_SUCCESS); assert_true(hash_delete(table, &key) == HASH_SUCCESS); uid = (uid_t) -7; key.type = HASH_KEY_ULONG; key.ul = (unsigned long) uid; ret = hash_lookup(table, &key, &value); assert_true(ret == HASH_ERROR_KEY_NOT_FOUND); talloc_free(tmp_ctx); } int main(void) { const UnitTest tests[] = { unit_test(test_check_if_uid_is_active_success), unit_test(test_check_if_uid_is_active_fail), unit_test(test_get_uid_table) }; return run_tests(tests); } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/test_dyndns.c0000644000000000000000000000007412320753107021443 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.714874906 sssd-1.11.5/src/tests/cmocka/test_dyndns.c0000664002412700241270000003225112320753107021670 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2013 Red Hat SSSD tests: Dynamic DNS tests This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include /* In order to access opaque types */ #include "providers/dp_dyndns.c" #include "tests/cmocka/common_mock.h" #include "src/providers/dp_dyndns.h" #define TESTS_PATH "tests_dyndns" #define TEST_CONF_DB "test_dyndns_conf.ldb" #define TEST_SYSDB_FILE "cache_dyndns_test.ldb" #define TEST_DOM_NAME "dyndns_test" #define TEST_ID_PROVIDER "ldap" enum mock_nsupdate_states { MOCK_NSUPDATE_OK, MOCK_NSUPDATE_ERR, MOCK_NSUPDATE_TIMEOUT, }; struct dyndns_test_ctx { struct sss_test_ctx *tctx; struct be_ctx *be_ctx; struct be_nsupdate_ctx *update_ctx; enum mock_nsupdate_states state; int child_status; int child_retval; }; static struct dyndns_test_ctx *dyndns_test_ctx; void __wrap_execv(const char *path, char *const argv[]) { int err; switch (dyndns_test_ctx->state) { case MOCK_NSUPDATE_OK: DEBUG(SSSDBG_FUNC_DATA, ("nsupdate success test case\n")); err = 0; break; case MOCK_NSUPDATE_ERR: DEBUG(SSSDBG_FUNC_DATA, ("nsupdate error test case\n")); err = 1; break; case MOCK_NSUPDATE_TIMEOUT: DEBUG(SSSDBG_FUNC_DATA, ("nsupdate timeout test case\n")); err = 2; sleep(3); break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("unknown test case\n")); err = 255; break; } DEBUG(SSSDBG_TRACE_LIBS, ("Child exiting with status %d\n", err)); _exit(err); } int __wrap_getifaddrs(struct ifaddrs **_ifap) { struct ifaddrs *ifap = NULL; struct ifaddrs *ifap_prev = NULL; struct ifaddrs *ifap_head = NULL; char *name; char *straddr; while ((name = sss_mock_ptr_type(char *)) != NULL) { straddr = sss_mock_ptr_type(char *); if (straddr == NULL) { errno = EINVAL; goto fail; } ifap = talloc_zero(global_talloc_context, struct ifaddrs); if (ifap == NULL) { errno = ENOMEM; /* getifaddrs sets errno, too */ goto fail; } if (ifap_prev) { ifap_prev->ifa_next = ifap; } else { ifap_head = ifap; } ifap_prev = ifap; ifap->ifa_name = talloc_strdup(ifap, name); if (ifap == NULL) { errno = ENOMEM; goto fail; } ifap->ifa_addr = (struct sockaddr *) talloc(ifap, struct sockaddr_in); if (ifap->ifa_addr == NULL) { errno = ENOMEM; goto fail; } ((struct sockaddr_in *) ifap->ifa_addr)->sin_family = AF_INET; /* convert straddr into ifa_addr */ if (inet_pton(AF_INET, straddr, &(((struct sockaddr_in *) ifap->ifa_addr)->sin_addr)) != 1) { goto fail; } } *_ifap = ifap_head; return 0; fail: talloc_free(ifap); return -1; } void __wrap_freeifaddrs(struct ifaddrs *ifap) { talloc_free(ifap); } static void dyndns_test_done(struct tevent_req *req) { struct dyndns_test_ctx *ctx = tevent_req_callback_data(req, struct dyndns_test_ctx); ctx->child_retval = -1; ctx->tctx->error = be_nsupdate_recv(req, &ctx->child_status); talloc_zfree(req); ctx->tctx->done = true; } void will_return_getifaddrs(const char *ifname, const char *straddr) { will_return(__wrap_getifaddrs, ifname); if (ifname) { will_return(__wrap_getifaddrs, straddr); } } void dyndns_test_get_ifaddr(void **state) { errno_t ret; struct sss_iface_addr *addrlist; char straddr[128]; check_leaks_push(dyndns_test_ctx); will_return_getifaddrs("eth0", "192.168.0.1"); will_return_getifaddrs("eth1", "192.168.0.2"); will_return_getifaddrs(NULL, NULL); /* sentinel */ ret = sss_iface_addr_list_get(dyndns_test_ctx, "eth0", &addrlist); assert_int_equal(ret, EOK); /* There must be only one address with the correct value */ assert_non_null(addrlist); assert_non_null(addrlist->addr); assert_null(addrlist->next); assert_null(addrlist->prev); assert_non_null(inet_ntop(AF_INET, &((struct sockaddr_in *) addrlist->addr)->sin_addr, straddr, INET6_ADDRSTRLEN)); assert_string_equal(straddr, "192.168.0.1"); talloc_free(addrlist); assert_true(check_leaks_pop(dyndns_test_ctx) == true); } void dyndns_test_ok(void **state) { struct tevent_req *req; errno_t ret; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(global_talloc_context); assert_non_null(tmp_ctx); check_leaks_push(tmp_ctx); dyndns_test_ctx->state = MOCK_NSUPDATE_OK; req = be_nsupdate_send(tmp_ctx, dyndns_test_ctx->tctx->ev, BE_NSUPDATE_AUTH_GSS_TSIG, discard_const("test message"), false); assert_non_null(req); tevent_req_set_callback(req, dyndns_test_done, dyndns_test_ctx); /* Wait until the test finishes with EOK */ ret = test_ev_loop(dyndns_test_ctx->tctx); DEBUG(SSSDBG_TRACE_LIBS, ("Child request returned [%d]: %s\n", ret, strerror(ret))); assert_int_equal(ret, EOK); assert_true(WIFEXITED(dyndns_test_ctx->child_status)); assert_int_equal(WEXITSTATUS(dyndns_test_ctx->child_status), 0); assert_true(check_leaks_pop(tmp_ctx) == true); talloc_free(tmp_ctx); } void dyndns_test_error(void **state) { struct tevent_req *req; errno_t ret; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(global_talloc_context); assert_non_null(tmp_ctx); check_leaks_push(tmp_ctx); dyndns_test_ctx->state = MOCK_NSUPDATE_ERR; req = be_nsupdate_send(tmp_ctx, dyndns_test_ctx->tctx->ev, BE_NSUPDATE_AUTH_GSS_TSIG, discard_const("test message"), false); assert_non_null(req); tevent_req_set_callback(req, dyndns_test_done, dyndns_test_ctx); /* Wait until the test finishes with EIO (child error) */ ret = test_ev_loop(dyndns_test_ctx->tctx); DEBUG(SSSDBG_TRACE_LIBS, ("Child request returned [%d]: %s\n", ret, strerror(ret))); assert_int_equal(ret, ERR_DYNDNS_FAILED); assert_true(WIFEXITED(dyndns_test_ctx->child_status)); assert_int_equal(WEXITSTATUS(dyndns_test_ctx->child_status), 1); assert_true(check_leaks_pop(tmp_ctx) == true); talloc_free(tmp_ctx); } void dyndns_test_timeout(void **state) { struct tevent_req *req; errno_t ret; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(global_talloc_context); assert_non_null(tmp_ctx); check_leaks_push(tmp_ctx); dyndns_test_ctx->state = MOCK_NSUPDATE_TIMEOUT; req = be_nsupdate_send(tmp_ctx, dyndns_test_ctx->tctx->ev, BE_NSUPDATE_AUTH_GSS_TSIG, discard_const("test message"), false); assert_non_null(req); tevent_req_set_callback(req, dyndns_test_done, dyndns_test_ctx); /* Wait until the test finishes with EIO (child error) */ ret = test_ev_loop(dyndns_test_ctx->tctx); /* The event queue may not be empty. We need to make sure that all events * are processed. Unfortunately, tevent_loop_wait() contains a bug that * prevents exiting the loop even if there are no remaining events, thus * we have to use tevent_loop_once(). * * FIXME: use tevent_loop_wait() when the bug is fixed * https://bugzilla.samba.org/show_bug.cgi?id=10012 */ tevent_loop_once(dyndns_test_ctx->tctx->ev); /* SIGCHLD handler */ tevent_loop_once(dyndns_test_ctx->tctx->ev); /* nsupdate_child_handler */ DEBUG(SSSDBG_TRACE_LIBS, ("Child request returned [%d]: %s\n", ret, strerror(ret))); assert_int_equal(ret, ERR_DYNDNS_TIMEOUT); assert_true(check_leaks_pop(tmp_ctx) == true); talloc_free(tmp_ctx); } void dyndns_test_timer(void *pvt) { struct dyndns_test_ctx *ctx = talloc_get_type(pvt, struct dyndns_test_ctx); static int ncalls = 0; ncalls++; if (ncalls == 1) { be_nsupdate_timer_schedule(ctx->tctx->ev, ctx->update_ctx); } else if (ncalls == 2) { ctx->tctx->done = true; } ctx->tctx->error = ERR_OK; } void dyndns_test_interval(void **state) { errno_t ret; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(global_talloc_context); assert_non_null(tmp_ctx); check_leaks_push(tmp_ctx); ret = be_nsupdate_init(tmp_ctx, dyndns_test_ctx->be_ctx, NULL, &dyndns_test_ctx->update_ctx); assert_int_equal(ret, EOK); ret = be_nsupdate_init_timer(dyndns_test_ctx->update_ctx, dyndns_test_ctx->be_ctx->ev, dyndns_test_timer, dyndns_test_ctx); assert_int_equal(ret, EOK); /* Wait until the timer hits */ ret = test_ev_loop(dyndns_test_ctx->tctx); DEBUG(SSSDBG_TRACE_LIBS, ("Child request returned [%d]: %s\n", ret, strerror(ret))); assert_int_equal(ret, ERR_OK); talloc_free(dyndns_test_ctx->update_ctx); assert_true(check_leaks_pop(tmp_ctx) == true); talloc_free(tmp_ctx); } /* Testsuite setup and teardown */ void dyndns_test_setup(void **state) { struct sss_test_conf_param params[] = { { "dyndns_update", "true" }, { "dyndns_refresh_interval", "2" }, { NULL, NULL }, /* Sentinel */ }; assert_true(leak_check_setup()); dyndns_test_ctx = talloc_zero(global_talloc_context, struct dyndns_test_ctx); assert_non_null(dyndns_test_ctx); dyndns_test_ctx->tctx = create_dom_test_ctx(dyndns_test_ctx, TESTS_PATH, TEST_CONF_DB, TEST_SYSDB_FILE, TEST_DOM_NAME, TEST_ID_PROVIDER, params); assert_non_null(dyndns_test_ctx->tctx); dyndns_test_ctx->be_ctx = talloc_zero(dyndns_test_ctx, struct be_ctx); assert_non_null(dyndns_test_ctx->be_ctx); dyndns_test_ctx->be_ctx->cdb = dyndns_test_ctx->tctx->confdb; dyndns_test_ctx->be_ctx->ev = dyndns_test_ctx->tctx->ev; dyndns_test_ctx->be_ctx->conf_path = talloc_asprintf(dyndns_test_ctx, CONFDB_DOMAIN_PATH_TMPL, TEST_DOM_NAME); assert_non_null(dyndns_test_ctx->be_ctx->conf_path); } void dyndns_test_teardown(void **state) { talloc_free(dyndns_test_ctx); assert_true(leak_check_teardown()); } int main(int argc, const char *argv[]) { int rv; int no_cleanup = 0; poptContext pc; int opt; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_DEBUG_OPTS {"no-cleanup", 'n', POPT_ARG_NONE, &no_cleanup, 0, _("Do not delete the test database after a test run"), NULL }, POPT_TABLEEND }; const UnitTest tests[] = { /* Utility functions unit test */ unit_test(dyndns_test_get_ifaddr), /* Dynamic DNS update unit tests*/ unit_test_setup_teardown(dyndns_test_ok, dyndns_test_setup, dyndns_test_teardown), unit_test_setup_teardown(dyndns_test_error, dyndns_test_setup, dyndns_test_teardown), unit_test_setup_teardown(dyndns_test_timeout, dyndns_test_setup, dyndns_test_teardown), unit_test_setup_teardown(dyndns_test_interval, dyndns_test_setup, dyndns_test_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); /* Even though normally the tests should clean up after themselves * they might not after a failed run. Remove the old db to be sure */ tests_set_cwd(); test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_SYSDB_FILE); test_dom_suite_setup(TESTS_PATH); rv = run_tests(tests); if (rv == 0 && !no_cleanup) { test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_SYSDB_FILE); } return rv; } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/test_dp_opts.c0000644000000000000000000000007412320753107021614 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.713874907 sssd-1.11.5/src/tests/cmocka/test_dp_opts.c0000664002412700241270000003072412320753107022044 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2014 Red Hat SSSD tests: Data Provider Option Tests This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "providers/data_provider.h" #include "tests/cmocka/common_mock.h" #define STRING_DEFAULT "stringval" #define BLOB_DEFAULT "blobval" #define INT_DEFAULT 123 #define TESTS_PATH "tests_opts" #define TEST_CONF_DB "test_opt_conf.ldb" #define TEST_SYSDB_FILE "cache_opt_test.ldb" #define TEST_DOM_NAME "opt_test" #define TEST_ID_PROVIDER "ldap" enum test_opts { OPT_STRING_NODEFAULT, OPT_STRING_DEFAULT, OPT_BLOB_NODEFAULT, OPT_BLOB_DEFAULT, OPT_INT_NODEFAULT, OPT_INT_DEFAULT, OPT_BOOL_TRUE, OPT_BOOL_FALSE, OPT_NUM_OPTS }; struct dp_option test_def_opts[] = { { "string_nodefault", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "string_default", DP_OPT_STRING, { STRING_DEFAULT }, NULL_STRING}, { "blob_nodefault", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB }, { "blob_default", DP_OPT_BLOB, { .blob = { discard_const(BLOB_DEFAULT), sizeof(BLOB_DEFAULT) - 1 } }, NULL_BLOB }, { "int_nodefault", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER }, { "int_default", DP_OPT_NUMBER, { .number = INT_DEFAULT }, NULL_NUMBER }, { "bool_true", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "bool_false", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, DP_OPTION_TERMINATOR }; static void assert_defaults(struct dp_option *opts) { char *s; struct dp_opt_blob b; int i; bool bo; s = dp_opt_get_string(opts, OPT_STRING_NODEFAULT); assert_null(s); s = dp_opt_get_string(opts, OPT_STRING_DEFAULT); assert_non_null(s); assert_string_equal(s, STRING_DEFAULT); b = dp_opt_get_blob(opts, OPT_BLOB_NODEFAULT); assert_null(b.data); assert_int_equal(b.length, 0); b = dp_opt_get_blob(opts, OPT_BLOB_DEFAULT); assert_non_null(b.data); assert_int_equal(b.length, strlen(BLOB_DEFAULT)); assert_memory_equal(b.data, BLOB_DEFAULT, strlen(BLOB_DEFAULT)); i = dp_opt_get_int(opts, OPT_INT_NODEFAULT); assert_int_equal(i, 0); i = dp_opt_get_int(opts, OPT_INT_DEFAULT); assert_int_equal(i, INT_DEFAULT); bo = dp_opt_get_bool(opts, OPT_BOOL_TRUE); assert_true(bo == true); bo = dp_opt_get_bool(opts, OPT_BOOL_FALSE); assert_true(bo == false); } void opt_test_copy_default(void **state) { int ret; TALLOC_CTX *mem_ctx; struct dp_option *opts; struct dp_opt_blob b; mem_ctx = talloc_new(global_talloc_context); assert_non_null(mem_ctx); ret = dp_copy_defaults(mem_ctx, test_def_opts, OPT_NUM_OPTS, &opts); assert_int_equal(ret, EOK); assert_defaults(opts); /* Test that copy_defaults would still copy defaults even if we * change the values */ ret = dp_opt_set_string(opts, OPT_STRING_NODEFAULT, "str1"); assert_int_equal(ret, EOK); ret = dp_opt_set_string(opts, OPT_STRING_DEFAULT, "str2"); assert_int_equal(ret, EOK); b.data = discard_const_p(uint8_t, "blob1"); b.length = strlen("blob1"); ret = dp_opt_set_blob(opts, OPT_BLOB_NODEFAULT, b); assert_int_equal(ret, EOK); ret = dp_opt_set_blob(opts, OPT_BLOB_DEFAULT, b); b.data = discard_const_p(uint8_t, "blob2"); b.length = strlen("blob2"); assert_int_equal(ret, EOK); ret = dp_opt_set_int(opts, OPT_INT_NODEFAULT, 456); assert_int_equal(ret, EOK); ret = dp_opt_set_int(opts, OPT_INT_DEFAULT, 789); assert_int_equal(ret, EOK); ret = dp_opt_set_bool(opts, OPT_BOOL_TRUE, false); assert_int_equal(ret, EOK); ret = dp_opt_set_bool(opts, OPT_BOOL_FALSE, true); assert_int_equal(ret, EOK); talloc_free(opts); ret = dp_copy_defaults(mem_ctx, test_def_opts, OPT_NUM_OPTS, &opts); assert_int_equal(ret, EOK); assert_defaults(opts); } void opt_test_copy_options(void **state) { int ret; TALLOC_CTX *mem_ctx; struct dp_option *opts; char *s; struct dp_opt_blob b; int i; bool bo; mem_ctx = talloc_new(global_talloc_context); assert_non_null(mem_ctx); ret = dp_copy_options(mem_ctx, test_def_opts, OPT_NUM_OPTS, &opts); assert_int_equal(ret, EOK); assert_int_equal(ret, EOK); ret = dp_opt_set_string(opts, OPT_STRING_NODEFAULT, "str1"); assert_int_equal(ret, EOK); b.data = discard_const_p(uint8_t, "blob1"); b.length = strlen("blob1"); ret = dp_opt_set_blob(opts, OPT_BLOB_NODEFAULT, b); assert_int_equal(ret, EOK); ret = dp_opt_set_int(opts, OPT_INT_NODEFAULT, 456); assert_int_equal(ret, EOK); ret = dp_opt_set_bool(opts, OPT_BOOL_TRUE, false); assert_int_equal(ret, EOK); /* Test that options set to an explicit value retain * the value and even options with default value * do not return the default unless explicitly set */ s = dp_opt_get_string(opts, OPT_STRING_NODEFAULT); assert_string_equal(s, "str1"); s = dp_opt_get_string(opts, OPT_STRING_DEFAULT); assert_null(s); b = dp_opt_get_blob(opts, OPT_BLOB_NODEFAULT); assert_non_null(b.data); assert_int_equal(b.length, strlen("blob1")); assert_memory_equal(b.data, "blob1", strlen("blob1")); b = dp_opt_get_blob(opts, OPT_BLOB_DEFAULT); assert_null(b.data); assert_int_equal(b.length, 0); i = dp_opt_get_int(opts, OPT_INT_NODEFAULT); assert_int_equal(i, 456); i = dp_opt_get_int(opts, OPT_INT_DEFAULT); assert_int_equal(i, 0); bo = dp_opt_get_bool(opts, OPT_BOOL_TRUE); assert_false(bo == true); } void opt_test_get(void **state) { int ret; struct sss_test_ctx *tctx; struct dp_option *opts; char *dompath; struct sss_test_conf_param params[] = { { "string_nodefault", "stringval2" }, { "blob_nodefault", "blobval2" }, { "int_nodefault", "456" }, { "bool_true", "false" }, { NULL, NULL }, /* Sentinel */ }; char *s; struct dp_opt_blob b; int i; bool bo; tctx = create_dom_test_ctx(global_talloc_context, TESTS_PATH, TEST_CONF_DB, TEST_SYSDB_FILE, TEST_DOM_NAME, TEST_ID_PROVIDER, params); assert_non_null(tctx); dompath = talloc_asprintf(tctx, "config/domain/%s", TEST_DOM_NAME); assert_non_null(dompath); ret = dp_get_options(global_talloc_context, tctx->confdb, dompath, test_def_opts, OPT_NUM_OPTS, &opts); assert_int_equal(ret, EOK); /* Options that were not specified explicitly should only have the default * value, those that have been specified explicitly should carry that * value */ s = dp_opt_get_string(opts, OPT_STRING_NODEFAULT); assert_non_null(s); assert_string_equal(s, "stringval2"); s = dp_opt_get_string(opts, OPT_STRING_DEFAULT); assert_non_null(s); assert_string_equal(s, STRING_DEFAULT); b = dp_opt_get_blob(opts, OPT_BLOB_NODEFAULT); assert_non_null(b.data); assert_int_equal(b.length, strlen("blobval2")); assert_memory_equal(b.data, "blobval2", strlen("blobval2")); b = dp_opt_get_blob(opts, OPT_BLOB_DEFAULT); assert_non_null(b.data); assert_int_equal(b.length, strlen(BLOB_DEFAULT)); assert_memory_equal(b.data, BLOB_DEFAULT, strlen(BLOB_DEFAULT)); i = dp_opt_get_int(opts, OPT_INT_NODEFAULT); assert_int_equal(i, 456); i = dp_opt_get_int(opts, OPT_INT_DEFAULT); assert_int_equal(i, INT_DEFAULT); bo = dp_opt_get_bool(opts, OPT_BOOL_TRUE); assert_true(bo == false); bo = dp_opt_get_bool(opts, OPT_BOOL_FALSE); assert_true(bo == false); } void opt_test_getset_setup(void **state) { int ret; struct dp_option *opts; ret = dp_copy_defaults(global_talloc_context, test_def_opts, OPT_NUM_OPTS, &opts); assert_int_equal(ret, EOK); assert_defaults(opts); *state = opts; } void opt_test_getset_teardown(void **state) { struct dp_option *opts = talloc_get_type(*state, struct dp_option); talloc_free(opts); } void opt_test_getset_string(void **state) { struct dp_option *opts = talloc_get_type(*state, struct dp_option); int ret; char *s; s = dp_opt_get_string(opts, OPT_STRING_NODEFAULT); assert_null(s); ret = dp_opt_set_string(opts, OPT_STRING_NODEFAULT, "str1"); assert_int_equal(ret, EOK); s = dp_opt_get_string(opts, OPT_STRING_NODEFAULT); assert_non_null(s); assert_string_equal(s, "str1"); } void opt_test_getset_blob(void **state) { struct dp_option *opts = talloc_get_type(*state, struct dp_option); int ret; struct dp_opt_blob b; b = dp_opt_get_blob(opts, OPT_BLOB_NODEFAULT); assert_null(b.data); assert_int_equal(b.length, 0); b.data = discard_const_p(uint8_t, "blob2"); b.length = strlen("blob2"); ret = dp_opt_set_blob(opts, OPT_BLOB_NODEFAULT, b); assert_int_equal(ret, EOK); b = dp_opt_get_blob(opts, OPT_BLOB_NODEFAULT); assert_non_null(b.data); assert_int_equal(b.length, strlen("blob2")); assert_memory_equal(b.data, "blob2", strlen("blob2")); } void opt_test_getset_int(void **state) { struct dp_option *opts = talloc_get_type(*state, struct dp_option); int ret; int i; i = dp_opt_get_int(opts, OPT_INT_NODEFAULT); assert_int_equal(i, 0); ret = dp_opt_set_int(opts, OPT_INT_NODEFAULT, 456); assert_int_equal(ret, EOK); i = dp_opt_get_int(opts, OPT_INT_NODEFAULT); assert_int_equal(i, 456); } void opt_test_getset_bool(void **state) { struct dp_option *opts = talloc_get_type(*state, struct dp_option); int ret; bool b; b = dp_opt_get_bool(opts, OPT_BOOL_TRUE); assert_true(b == true); ret = dp_opt_set_bool(opts, OPT_BOOL_TRUE, false); assert_int_equal(ret, EOK); b = dp_opt_get_bool(opts, OPT_BOOL_TRUE); assert_false(b == true); } int main(int argc, const char *argv[]) { int no_cleanup = 0; poptContext pc; int opt; int ret; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_DEBUG_OPTS {"no-cleanup", 'n', POPT_ARG_NONE, &no_cleanup, 0, _("Do not delete the test database after a test run"), NULL }, POPT_TABLEEND }; const UnitTest tests[] = { unit_test_setup_teardown(opt_test_getset_string, opt_test_getset_setup, opt_test_getset_teardown), unit_test_setup_teardown(opt_test_getset_int, opt_test_getset_setup, opt_test_getset_teardown), unit_test_setup_teardown(opt_test_getset_bool, opt_test_getset_setup, opt_test_getset_teardown), unit_test_setup_teardown(opt_test_getset_blob, opt_test_getset_setup, opt_test_getset_teardown), unit_test(opt_test_copy_default), unit_test(opt_test_copy_options), unit_test(opt_test_get) }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); /* Even though normally the tests should clean up after themselves * they might not after a failed run. Remove the old db to be sure */ tests_set_cwd(); test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_SYSDB_FILE); test_dom_suite_setup(TESTS_PATH); ret = run_tests(tests); if (ret == 0 && !no_cleanup) { test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_SYSDB_FILE); } return ret; } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/test_nss_srv.c0000644000000000000000000000007412320753107021641 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.729874895 sssd-1.11.5/src/tests/cmocka/test_nss_srv.c0000664002412700241270000011420712320753107022070 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2013 Red Hat SSSD tests: Common utilities for tests that exercise domains This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "tests/cmocka/common_mock.h" #include "tests/cmocka/common_mock_resp.h" #include "responder/common/negcache.h" #include "responder/nss/nsssrv.h" #include "responder/nss/nsssrv_private.h" #define TESTS_PATH "tests_nss" #define TEST_CONF_DB "test_nss_conf.ldb" #define TEST_SYSDB_FILE "cache_nss_test.ldb" #define TEST_DOM_NAME "nss_test" #define TEST_SUBDOM_NAME "test.sub" #define TEST_ID_PROVIDER "ldap" struct nss_test_ctx { struct sss_test_ctx *tctx; struct sss_domain_info *subdom; struct resp_ctx *rctx; struct cli_ctx *cctx; struct sss_cmd_table *nss_cmds; struct nss_ctx *nctx; bool ncache_hit; }; struct nss_test_ctx *nss_test_ctx; /* Mock NSS structure */ struct nss_ctx * mock_nctx(TALLOC_CTX *mem_ctx) { struct nss_ctx *nctx; errno_t ret; nctx = talloc_zero(mem_ctx, struct nss_ctx); if (!nctx) { return NULL; } ret = sss_ncache_init(nctx, &nctx->ncache); if (ret != EOK) { talloc_free(nctx); return NULL; } nctx->neg_timeout = 10; nctx->pwfield = discard_const("*"); return nctx; } /* Mock reading requests from a client. Use values passed from mock * instead */ void __real_sss_packet_get_body(struct sss_packet *packet, uint8_t **body, size_t *blen); void __wrap_sss_packet_get_body(struct sss_packet *packet, uint8_t **body, size_t *blen) { enum sss_test_wrapper_call wtype = sss_mock_type(enum sss_test_wrapper_call); if (wtype == WRAP_CALL_REAL) { return __real_sss_packet_get_body(packet, body, blen); } *body = sss_mock_ptr_type(uint8_t *); *blen = strlen((const char *) *body)+1; return; } /* Mock returning result to client. Terminate the unit test instead. */ typedef int (*cmd_cb_fn_t)(uint8_t *, size_t ); static void set_cmd_cb(cmd_cb_fn_t fn) { will_return(__wrap_sss_cmd_done, fn); } void __wrap_sss_cmd_done(struct cli_ctx *cctx, void *freectx) { struct sss_packet *packet = cctx->creq->out; uint8_t *body; size_t blen; cmd_cb_fn_t check_cb; check_cb = sss_mock_ptr_type(cmd_cb_fn_t); __real_sss_packet_get_body(packet, &body, &blen); nss_test_ctx->tctx->error = check_cb(body, blen); nss_test_ctx->tctx->done = true; } enum sss_cli_command __wrap_sss_packet_get_cmd(struct sss_packet *packet) { return sss_mock_type(enum sss_cli_command); } int __wrap_sss_cmd_send_empty(struct cli_ctx *cctx, TALLOC_CTX *freectx) { nss_test_ctx->tctx->done = true; nss_test_ctx->tctx->error = ENOENT; return EOK; } /* Intercept negative cache lookups */ int __real_sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name); int __wrap_sss_ncache_check_user(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, const char *name) { int ret; ret = __real_sss_ncache_check_user(ctx, ttl, dom, name); if (ret == EEXIST) { nss_test_ctx->ncache_hit = true; } return ret; } /* Mock input from the client library */ static void mock_input_user_or_group(const char *username) { will_return(__wrap_sss_packet_get_body, WRAP_CALL_WRAPPER); will_return(__wrap_sss_packet_get_body, username); } static void mock_fill_user(void) { /* One packet for the entry and one for num entries */ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); } static void mock_fill_group_with_members(unsigned members) { unsigned i; will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); if (members == 0) return; will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); /* Member header , one per member */ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); for (i=0; ipw_uid, body+rp, &rp); SAFEALIGN_COPY_UINT32(&pwd->pw_gid, body+rp, &rp); /* Sequence of null terminated strings (name, passwd, gecos, dir, shell) */ pwd->pw_name = (char *) body+rp; rp += strlen(pwd->pw_name) + 1; if (rp >= blen) return EINVAL; pwd->pw_passwd = (char *) body+rp; rp += strlen(pwd->pw_passwd) + 1; if (rp >= blen) return EINVAL; pwd->pw_gecos = (char *) body+rp; rp += strlen(pwd->pw_gecos) + 1; if (rp >= blen) return EINVAL; pwd->pw_dir = (char *) body+rp; rp += strlen(pwd->pw_dir) + 1; if (rp >= blen) return EINVAL; pwd->pw_shell = (char *) body+rp; rp += strlen(pwd->pw_shell) + 1; if (rp != blen) return EINVAL; return EOK; } static int parse_group_packet(uint8_t *body, size_t blen, struct group *gr, uint32_t *nmem) { size_t rp = 2 * sizeof(uint32_t); /* Len and reserved */ unsigned i; SAFEALIGN_COPY_UINT32(&gr->gr_gid, body+rp, &rp); SAFEALIGN_COPY_UINT32(nmem, body+rp, &rp); gr->gr_name = (char *) body+rp; rp += strlen(gr->gr_name) + 1; if (rp >= blen) return EINVAL; gr->gr_passwd = (char *) body+rp; rp += strlen(gr->gr_passwd) + 1; if (*nmem > 0) { gr->gr_mem = talloc_zero_array(nss_test_ctx, char *, *nmem); if (gr->gr_mem == NULL) return ENOMEM; for (i = 0; i < *nmem; i++) { if (rp >= blen) return EINVAL; gr->gr_mem[i] = talloc_strdup(gr->gr_mem, (char *) body+rp); rp += strlen(gr->gr_mem[i]) + 1; } } /* Make sure we exactly matched the end of the packet */ if (rp != blen) return EINVAL; return EOK; } /* ====================== The tests =============================== */ /* Check getting cached and valid user from cache. Account callback will * not be called and test_nss_getpwnam_check will make sure the user is * the same as the test entered before starting */ static int test_nss_getpwnam_check(uint8_t *body, size_t blen) { struct passwd pwd; errno_t ret; ret = parse_user_packet(body, blen, &pwd); assert_int_equal(ret, EOK); assert_int_equal(pwd.pw_uid, 123); assert_int_equal(pwd.pw_gid, 456); assert_string_equal(pwd.pw_name, "testuser"); assert_string_equal(pwd.pw_shell, "/bin/sh"); assert_string_equal(pwd.pw_passwd, "*"); return EOK; } void test_nss_getpwnam(void **state) { errno_t ret; /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testuser", 123, 456, "test user", "/home/testuser", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); mock_input_user_or_group("testuser"); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETPWNAM); mock_fill_user(); /* Query for that user, call a callback when command finishes */ set_cmd_cb(test_nss_getpwnam_check); ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETPWNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with EOK */ ret = test_ev_loop(nss_test_ctx->tctx); assert_int_equal(ret, EOK); } /* Test that searching for a nonexistant user yields ENOENT. * Account callback will be called */ void test_nss_getpwnam_neg(void **state) { errno_t ret; mock_input_user_or_group("testuser_neg"); mock_account_recv_simple(); assert_true(nss_test_ctx->ncache_hit == false); ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETPWNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with ENOENT */ ret = test_ev_loop(nss_test_ctx->tctx); assert_int_equal(ret, ENOENT); assert_true(nss_test_ctx->ncache_hit == false); /* Test that subsequent search for a nonexistent user yields * ENOENT and Account callback is not called, on the other hand * the ncache functions will be called */ nss_test_ctx->tctx->done = false; mock_input_user_or_group("testuser_neg"); ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETPWNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with ENOENT */ ret = test_ev_loop(nss_test_ctx->tctx); assert_int_equal(ret, ENOENT); /* Negative cache was hit this time */ assert_true(nss_test_ctx->ncache_hit == true); } static int test_nss_getpwnam_search_acct_cb(void *pvt) { errno_t ret; struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx); ret = sysdb_add_user(ctx->tctx->sysdb, ctx->tctx->dom, "testuser_search", 567, 890, "test search", "/home/testsearch", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); return EOK; } static int test_nss_getpwnam_search_check(uint8_t *body, size_t blen) { struct passwd pwd; errno_t ret; ret = parse_user_packet(body, blen, &pwd); assert_int_equal(ret, EOK); assert_int_equal(pwd.pw_uid, 567); assert_int_equal(pwd.pw_gid, 890); assert_string_equal(pwd.pw_name, "testuser_search"); assert_string_equal(pwd.pw_shell, "/bin/sh"); return EOK; } void test_nss_getpwnam_search(void **state) { errno_t ret; struct ldb_result *res; mock_input_user_or_group("testuser_search"); mock_account_recv(0, 0, NULL, test_nss_getpwnam_search_acct_cb, nss_test_ctx); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETPWNAM); mock_fill_user(); set_cmd_cb(test_nss_getpwnam_search_check); ret = sysdb_getpwnam(nss_test_ctx, nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testuser_search", &res); assert_int_equal(ret, EOK); assert_int_equal(res->count, 0); ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETPWNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with EOK */ ret = test_ev_loop(nss_test_ctx->tctx); assert_int_equal(ret, EOK); /* test_nss_getpwnam_search_check will check the user attributes */ ret = sysdb_getpwnam(nss_test_ctx, nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testuser_search", &res); assert_int_equal(ret, EOK); assert_int_equal(res->count, 1); } /* Test that searching for a user that is expired in the cache goes to the DP * which updates the record and the NSS responder returns the updated record * * The user's shell attribute is updated. */ static int test_nss_getpwnam_update_acct_cb(void *pvt) { errno_t ret; struct nss_test_ctx *ctx = talloc_get_type(pvt, struct nss_test_ctx); ret = sysdb_store_user(ctx->tctx->sysdb, ctx->tctx->dom, "testuser_update", NULL, 10, 11, "test user", "/home/testuser", "/bin/ksh", NULL, NULL, NULL, 300, 0); assert_int_equal(ret, EOK); return EOK; } static int test_nss_getpwnam_update_check(uint8_t *body, size_t blen) { struct passwd pwd; errno_t ret; ret = parse_user_packet(body, blen, &pwd); assert_int_equal(ret, EOK); assert_int_equal(pwd.pw_uid, 10); assert_int_equal(pwd.pw_gid, 11); assert_string_equal(pwd.pw_name, "testuser_update"); assert_string_equal(pwd.pw_shell, "/bin/ksh"); return EOK; } void test_nss_getpwnam_update(void **state) { errno_t ret; struct ldb_result *res; const char *shell; /* Prime the cache with a valid but expired user */ ret = sysdb_add_user(nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testuser_update", 10, 11, "test user", "/home/testuser", "/bin/sh", NULL, NULL, 1, 1); assert_int_equal(ret, EOK); /* Mock client input */ mock_input_user_or_group("testuser_update"); /* Mock client command */ will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETPWNAM); /* Call this function when user is updated by the mock DP request */ mock_account_recv(0, 0, NULL, test_nss_getpwnam_update_acct_cb, nss_test_ctx); /* Call this function to check what the responder returned to the client */ set_cmd_cb(test_nss_getpwnam_update_check); /* Mock output buffer */ mock_fill_user(); /* Fire the command */ ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETPWNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with EOK */ ret = test_ev_loop(nss_test_ctx->tctx); assert_int_equal(ret, EOK); /* Check the user was updated in the cache */ ret = sysdb_getpwnam(nss_test_ctx, nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testuser_update", &res); assert_int_equal(ret, EOK); assert_int_equal(res->count, 1); shell = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SHELL, NULL); assert_string_equal(shell, "/bin/ksh"); } /* Check that a FQDN is returned if the domain is FQDN-only and a * FQDN is requested */ static int test_nss_getpwnam_check_fqdn(uint8_t *body, size_t blen) { struct passwd pwd; errno_t ret; nss_test_ctx->cctx->rctx->domains[0].fqnames = false; ret = parse_user_packet(body, blen, &pwd); assert_int_equal(ret, EOK); assert_int_equal(pwd.pw_uid, 124); assert_int_equal(pwd.pw_gid, 457); assert_string_equal(pwd.pw_name, "testuser_fqdn@"TEST_DOM_NAME); assert_string_equal(pwd.pw_shell, "/bin/sh"); return EOK; } void test_nss_getpwnam_fqdn(void **state) { errno_t ret; /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testuser_fqdn", 124, 457, "test user", "/home/testuser", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); mock_input_user_or_group("testuser_fqdn@"TEST_DOM_NAME); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETPWNAM); mock_fill_user(); /* Query for that user, call a callback when command finishes */ set_cmd_cb(test_nss_getpwnam_check_fqdn); nss_test_ctx->cctx->rctx->domains[0].fqnames = true; ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETPWNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with EOK */ ret = test_ev_loop(nss_test_ctx->tctx); assert_int_equal(ret, EOK); } /* * Check that FQDN processing is able to handle arbitrarily sized * delimeter */ static int test_nss_getpwnam_check_resize_fqdn(uint8_t *body, size_t blen) { struct passwd pwd; errno_t ret; nss_test_ctx->cctx->rctx->domains[0].fqnames = false; ret = parse_user_packet(body, blen, &pwd); assert_int_equal(ret, EOK); assert_int_equal(pwd.pw_uid, 125); assert_int_equal(pwd.pw_gid, 458); assert_string_equal(pwd.pw_name, "testuser_fqdn_resize@@@@@"TEST_DOM_NAME); assert_string_equal(pwd.pw_shell, "/bin/sh"); return EOK; } void test_nss_getpwnam_fqdn_resize(void **state) { errno_t ret; /* Prime the cache with a valid user */ ret = sysdb_add_user(nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testuser_fqdn_resize", 125, 458, "test user", "/home/testuser", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); mock_input_user_or_group("testuser_fqdn_resize@"TEST_DOM_NAME); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETPWNAM); mock_fill_user(); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); /* Query for that user, call a callback when command finishes */ set_cmd_cb(test_nss_getpwnam_check_resize_fqdn); nss_test_ctx->cctx->rctx->domains[0].fqnames = true; ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETPWNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with EOK */ ret = test_ev_loop(nss_test_ctx->tctx); assert_int_equal(ret, EOK); } /* Testsuite setup and teardown */ void test_nss_setup(struct sss_test_conf_param params[], void **state) { errno_t ret; nss_test_ctx = talloc_zero(NULL, struct nss_test_ctx); assert_non_null(nss_test_ctx); nss_test_ctx->tctx = create_dom_test_ctx(nss_test_ctx, TESTS_PATH, TEST_CONF_DB, TEST_SYSDB_FILE, TEST_DOM_NAME, TEST_ID_PROVIDER, params); assert_non_null(nss_test_ctx->tctx); nss_test_ctx->nss_cmds = get_nss_cmds(); assert_non_null(nss_test_ctx->nss_cmds); /* FIXME - perhaps this should be folded into sssd_domain_init or stricty * used together */ ret = sss_names_init(nss_test_ctx, nss_test_ctx->tctx->confdb, TEST_DOM_NAME, &nss_test_ctx->tctx->dom->names); assert_int_equal(ret, EOK); /* Initialize the NSS responder */ nss_test_ctx->nctx = mock_nctx(nss_test_ctx); assert_non_null(nss_test_ctx->nctx); nss_test_ctx->rctx = mock_rctx(nss_test_ctx, nss_test_ctx->tctx->ev, nss_test_ctx->tctx->dom, nss_test_ctx->nctx); assert_non_null(nss_test_ctx->rctx); /* Create client context */ nss_test_ctx->cctx = mock_cctx(nss_test_ctx, nss_test_ctx->rctx); assert_non_null(nss_test_ctx->cctx); } static int test_nss_getgrnam_check(struct group *expected, struct group *gr, const int nmem) { int i; assert_int_equal(gr->gr_gid, expected->gr_gid); assert_string_equal(gr->gr_name, expected->gr_name); assert_string_equal(gr->gr_passwd, expected->gr_passwd); for (i = 0; i < nmem; i++) { assert_string_equal(gr->gr_mem[i], expected->gr_mem[i]); } return EOK; } static int test_nss_getgrnam_no_members_check(uint8_t *body, size_t blen) { int ret; uint32_t nmem; struct group gr; struct group expected = { .gr_gid = 1123, .gr_name = discard_const("testgroup"), .gr_passwd = discard_const("*"), .gr_mem = NULL, }; ret = parse_group_packet(body, blen, &gr, &nmem); assert_int_equal(ret, EOK); assert_int_equal(nmem, 0); ret = test_nss_getgrnam_check(&expected, &gr, nmem); assert_int_equal(ret, EOK); return EOK; } /* Test that requesting a valid, cached group with no members returns a valid * group structure */ void test_nss_getgrnam_no_members(void **state) { errno_t ret; /* Prime the cache with a valid group */ ret = sysdb_add_group(nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testgroup", 1123, NULL, 300, 0); assert_int_equal(ret, EOK); mock_input_user_or_group("testgroup"); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETGRNAM); mock_fill_group_with_members(0); /* Query for that group, call a callback when command finishes */ set_cmd_cb(test_nss_getgrnam_no_members_check); ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETGRNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with EOK */ ret = test_ev_loop(nss_test_ctx->tctx); assert_int_equal(ret, EOK); } static int test_nss_getgrnam_members_check(uint8_t *body, size_t blen) { int ret; uint32_t nmem; struct group gr; const char *exp_members[] = { "testmember1", "testmember2" }; struct group expected = { .gr_gid = 1124, .gr_name = discard_const("testgroup_members"), .gr_passwd = discard_const("*"), .gr_mem = discard_const(exp_members) }; ret = parse_group_packet(body, blen, &gr, &nmem); assert_int_equal(ret, EOK); assert_int_equal(nmem, 2); ret = test_nss_getgrnam_check(&expected, &gr, nmem); assert_int_equal(ret, EOK); return EOK; } /* Test that requesting a valid, cached group with some members returns a valid * group structure with those members present */ void test_nss_getgrnam_members(void **state) { errno_t ret; /* Prime the cache with a valid group and some members */ ret = sysdb_add_group(nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testgroup_members", 1124, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testmember1", 2001, 456, "test member1", "/home/testmember2", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testmember2", 2002, 456, "test member2", "/home/testmember2", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testgroup_members", "testmember1", SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testgroup_members", "testmember2", SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); mock_input_user_or_group("testgroup_members"); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETGRNAM); mock_fill_group_with_members(2); /* Query for that group, call a callback when command finishes */ set_cmd_cb(test_nss_getgrnam_members_check); ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETGRNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with EOK */ ret = test_ev_loop(nss_test_ctx->tctx); assert_int_equal(ret, EOK); } static int test_nss_getgrnam_members_check_fqdn(uint8_t *body, size_t blen) { int ret; uint32_t nmem; struct group gr; const char *exp_members[] = { "testmember1@"TEST_DOM_NAME, "testmember2@"TEST_DOM_NAME }; struct group expected = { .gr_gid = 1124, .gr_name = discard_const("testgroup_members@"TEST_DOM_NAME), .gr_passwd = discard_const("*"), .gr_mem = discard_const(exp_members) }; ret = parse_group_packet(body, blen, &gr, &nmem); assert_int_equal(ret, EOK); assert_int_equal(nmem, 2); ret = test_nss_getgrnam_check(&expected, &gr, nmem); assert_int_equal(ret, EOK); return EOK; } /* Test that requesting a valid, cached group with some members returns a valid * group structure with those members present as fully qualified names */ void test_nss_getgrnam_members_fqdn(void **state) { errno_t ret; nss_test_ctx->tctx->dom->fqnames = true; mock_input_user_or_group("testgroup_members@"TEST_DOM_NAME); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETGRNAM); mock_fill_group_with_members(2); /* Query for that group, call a callback when command finishes */ set_cmd_cb(test_nss_getgrnam_members_check_fqdn); ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETGRNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with EOK */ ret = test_ev_loop(nss_test_ctx->tctx); /* Restore FQDN settings */ nss_test_ctx->tctx->dom->fqnames = false; assert_int_equal(ret, EOK); } static int test_nss_getgrnam_members_check_subdom(uint8_t *body, size_t blen) { int ret; uint32_t nmem; struct group gr; const char *exp_members[] = { "submember1@"TEST_SUBDOM_NAME, "submember2@"TEST_SUBDOM_NAME }; struct group expected = { .gr_gid = 2124, .gr_name = discard_const("testsubdomgroup@"TEST_SUBDOM_NAME), .gr_passwd = discard_const("*"), .gr_mem = discard_const(exp_members) }; ret = parse_group_packet(body, blen, &gr, &nmem); assert_int_equal(ret, EOK); assert_int_equal(nmem, 2); ret = test_nss_getgrnam_check(&expected, &gr, nmem); assert_int_equal(ret, EOK); return EOK; } /* Test that requesting a valid, cached group with some members returns a valid * group structure with those members present as fully qualified names */ void test_nss_getgrnam_members_subdom(void **state) { errno_t ret; nss_test_ctx->tctx->dom->fqnames = true; /* Add a group from a subdomain and two members from the same subdomain */ ret = sysdb_add_group(nss_test_ctx->tctx->sysdb, nss_test_ctx->subdom, "testsubdomgroup@"TEST_SUBDOM_NAME, 2124, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->sysdb, nss_test_ctx->subdom, "submember1@"TEST_SUBDOM_NAME, 4001, 456, "test subdomain member1", "/home/submember1", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_user(nss_test_ctx->tctx->sysdb, nss_test_ctx->subdom, "submember2@"TEST_SUBDOM_NAME, 2002, 456, "test subdomain member2", "/home/submember2", "/bin/sh", NULL, NULL, 300, 0); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->sysdb, nss_test_ctx->subdom, "testsubdomgroup@"TEST_SUBDOM_NAME, "submember1@"TEST_SUBDOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); ret = sysdb_add_group_member(nss_test_ctx->tctx->sysdb, nss_test_ctx->subdom, "testsubdomgroup@"TEST_SUBDOM_NAME, "submember2@"TEST_SUBDOM_NAME, SYSDB_MEMBER_USER, false); assert_int_equal(ret, EOK); mock_input_user_or_group("testsubdomgroup@"TEST_SUBDOM_NAME); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETGRNAM); mock_fill_group_with_members(2); /* Query for that group, call a callback when command finishes */ set_cmd_cb(test_nss_getgrnam_members_check_subdom); ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETGRNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with EOK */ ret = test_ev_loop(nss_test_ctx->tctx); /* Restore FQDN settings */ nss_test_ctx->tctx->dom->fqnames = false; assert_int_equal(ret, EOK); } static int test_nss_getgrnam_check_mix_dom(uint8_t *body, size_t blen) { int ret; uint32_t nmem; struct group gr; const char *exp_members[] = { "testmember1", "testmember2", "submember1@"TEST_SUBDOM_NAME }; struct group expected = { .gr_gid = 1124, .gr_name = discard_const("testgroup_members"), .gr_passwd = discard_const("*"), .gr_mem = discard_const(exp_members) }; ret = parse_group_packet(body, blen, &gr, &nmem); assert_int_equal(ret, EOK); assert_int_equal(nmem, 3); ret = test_nss_getgrnam_check(&expected, &gr, nmem); assert_int_equal(ret, EOK); return EOK; } void test_nss_getgrnam_mix_dom(void **state) { errno_t ret; const char *group_strdn = NULL; const char *add_groups[] = { NULL, NULL }; /* Add a subdomain user to a parent domain group */ group_strdn = sysdb_group_strdn(nss_test_ctx, nss_test_ctx->tctx->dom->name, "testgroup_members"); assert_non_null(group_strdn); add_groups[0] = group_strdn; ret = sysdb_update_members_dn(nss_test_ctx->tctx->sysdb, nss_test_ctx->subdom, "submember1@"TEST_SUBDOM_NAME, SYSDB_MEMBER_USER, add_groups, NULL); assert_int_equal(ret, EOK); mock_input_user_or_group("testgroup_members"); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETGRNAM); mock_fill_group_with_members(3); /* Query for that group, call a callback when command finishes */ set_cmd_cb(test_nss_getgrnam_check_mix_dom); ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETGRNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with EOK */ ret = test_ev_loop(nss_test_ctx->tctx); assert_int_equal(ret, EOK); } static int test_nss_getgrnam_check_mix_dom_fqdn(uint8_t *body, size_t blen) { int ret; uint32_t nmem; struct group gr; const char *exp_members[] = { "testmember1@"TEST_DOM_NAME, "testmember2@"TEST_DOM_NAME, "submember1@"TEST_SUBDOM_NAME }; struct group expected = { .gr_gid = 1124, .gr_name = discard_const("testgroup_members@"TEST_DOM_NAME), .gr_passwd = discard_const("*"), .gr_mem = discard_const(exp_members) }; ret = parse_group_packet(body, blen, &gr, &nmem); assert_int_equal(ret, EOK); assert_int_equal(nmem, 3); ret = test_nss_getgrnam_check(&expected, &gr, nmem); assert_int_equal(ret, EOK); return EOK; } void test_nss_getgrnam_mix_dom_fqdn(void **state) { errno_t ret; nss_test_ctx->tctx->dom->fqnames = true; mock_input_user_or_group("testgroup_members@"TEST_DOM_NAME); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETGRNAM); mock_fill_group_with_members(3); /* Query for that group, call a callback when command finishes */ set_cmd_cb(test_nss_getgrnam_check_mix_dom_fqdn); ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETGRNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with EOK */ ret = test_ev_loop(nss_test_ctx->tctx); /* Restore FQDN settings */ nss_test_ctx->tctx->dom->fqnames = false; assert_int_equal(ret, EOK); } static int test_nss_getgrnam_check_mix_subdom(uint8_t *body, size_t blen) { int ret; uint32_t nmem; struct group gr; const char *exp_members[] = { "submember1@"TEST_SUBDOM_NAME, "submember2@"TEST_SUBDOM_NAME, "testmember1@"TEST_DOM_NAME }; struct group expected = { .gr_gid = 2124, .gr_name = discard_const("testsubdomgroup@"TEST_SUBDOM_NAME), .gr_passwd = discard_const("*"), .gr_mem = discard_const(exp_members) }; ret = parse_group_packet(body, blen, &gr, &nmem); assert_int_equal(ret, EOK); assert_int_equal(nmem, 3); ret = test_nss_getgrnam_check(&expected, &gr, nmem); assert_int_equal(ret, EOK); return EOK; } void test_nss_getgrnam_mix_subdom(void **state) { errno_t ret; const char *group_strdn = NULL; const char *add_groups[] = { NULL, NULL }; /* Add a subdomain user to a parent domain group */ group_strdn = sysdb_group_strdn(nss_test_ctx, nss_test_ctx->subdom->name, "testsubdomgroup@"TEST_SUBDOM_NAME); assert_non_null(group_strdn); add_groups[0] = group_strdn; ret = sysdb_update_members_dn(nss_test_ctx->tctx->sysdb, nss_test_ctx->tctx->dom, "testmember1", SYSDB_MEMBER_USER, add_groups, NULL); assert_int_equal(ret, EOK); mock_input_user_or_group("testsubdomgroup@"TEST_SUBDOM_NAME); will_return(__wrap_sss_packet_get_cmd, SSS_NSS_GETGRNAM); mock_fill_group_with_members(3); /* Query for that group, call a callback when command finishes */ set_cmd_cb(test_nss_getgrnam_check_mix_subdom); ret = sss_cmd_execute(nss_test_ctx->cctx, SSS_NSS_GETGRNAM, nss_test_ctx->nss_cmds); assert_int_equal(ret, EOK); /* Wait until the test finishes with EOK */ ret = test_ev_loop(nss_test_ctx->tctx); assert_int_equal(ret, EOK); } void nss_test_setup(void **state) { struct sss_test_conf_param params[] = { { "enumerate", "false" }, { NULL, NULL }, /* Sentinel */ }; test_nss_setup(params, state); } void nss_fqdn_test_setup(void **state) { struct sss_test_conf_param params[] = { { "enumerate", "false" }, { "full_name_format", "%1$s@%2$s" }, { NULL, NULL }, /* Sentinel */ }; test_nss_setup(params, state); } void nss_subdom_test_setup(void **state) { const char *const testdom[4] = { TEST_SUBDOM_NAME, "TEST.SUB", "test", "S-3" }; struct sss_domain_info *subdomain; errno_t ret; nss_test_setup(state); subdomain = new_subdomain(nss_test_ctx, nss_test_ctx->tctx->dom, testdom[0], testdom[1], testdom[2], testdom[3], false, false, NULL); assert_non_null(subdomain); ret = sysdb_subdomain_store(nss_test_ctx->tctx->sysdb, testdom[0], testdom[1], testdom[2], testdom[3], false, false, NULL); assert_int_equal(ret, EOK); ret = sysdb_update_subdomains(nss_test_ctx->tctx->dom); assert_int_equal(ret, EOK); nss_test_ctx->subdom = subdomain; } void nss_fqdn_resize_test_setup(void **state) { struct sss_test_conf_param params[] = { { "enumerate", "false" }, { "full_name_format", "%1$s@@@@@%2$s" }, { NULL, NULL }, /* Sentinel */ }; test_nss_setup(params, state); } void nss_test_teardown(void **state) { talloc_free(nss_test_ctx); } int main(int argc, const char *argv[]) { int rv; int no_cleanup = 0; poptContext pc; int opt; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_DEBUG_OPTS {"no-cleanup", 'n', POPT_ARG_NONE, &no_cleanup, 0, _("Do not delete the test database after a test run"), NULL }, POPT_TABLEEND }; const UnitTest tests[] = { unit_test_setup_teardown(test_nss_getpwnam, nss_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getpwnam_neg, nss_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getpwnam_search, nss_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getpwnam_update, nss_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getpwnam_fqdn, nss_fqdn_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getpwnam_fqdn_resize, nss_fqdn_resize_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getgrnam_no_members, nss_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getgrnam_members, nss_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getgrnam_members_fqdn, nss_fqdn_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getgrnam_members_subdom, nss_subdom_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getgrnam_mix_dom, nss_subdom_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getgrnam_mix_dom_fqdn, nss_subdom_test_setup, nss_test_teardown), unit_test_setup_teardown(test_nss_getgrnam_mix_subdom, nss_subdom_test_setup, nss_test_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); /* Even though normally the tests should clean up after themselves * they might not after a failed run. Remove the old db to be sure */ tests_set_cwd(); test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_SYSDB_FILE); test_dom_suite_setup(TESTS_PATH); rv = run_tests(tests); if (rv == 0 && !no_cleanup) { test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_SYSDB_FILE); } return rv; } sssd-1.11.5/src/tests/cmocka/PaxHeaders.13173/test_ad_common.c0000644000000000000000000000007412320753107022100 xustar000000000000000030 atime=1396954939.274891425 30 ctime=1396954961.706874912 sssd-1.11.5/src/tests/cmocka/test_ad_common.c0000664002412700241270000001721712320753107022332 0ustar00jhrozekjhrozek00000000000000/* Authors: Jakub Hrozek Copyright (C) 2013 Red Hat SSSD tests: AD access control filter tests This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include #include #include /* In order to access opaque types */ #include "providers/ad/ad_common.c" #include "tests/cmocka/common_mock.h" #define DOMNAME "domname" #define SUBDOMNAME "sub."DOMNAME #define REALMNAME DOMNAME #define HOST_NAME "ad."REALMNAME struct ad_common_test_ctx { struct ad_id_ctx *ad_ctx; struct ad_id_ctx *subdom_ad_ctx; struct sss_domain_info *dom; struct sss_domain_info *subdom; }; static void ad_common_test_setup(void **state) { struct ad_common_test_ctx *test_ctx; errno_t ret; struct sdap_domain *sdom; struct ad_id_ctx *ad_ctx; struct ad_id_ctx *subdom_ad_ctx; struct sdap_id_conn_ctx *subdom_ldap_ctx; assert_true(leak_check_setup()); check_leaks_push(global_talloc_context); test_ctx = talloc_zero(global_talloc_context, struct ad_common_test_ctx); assert_non_null(test_ctx); test_ctx->dom = talloc_zero(test_ctx, struct sss_domain_info); assert_non_null(test_ctx->dom); test_ctx->dom->name = discard_const(DOMNAME); test_ctx->subdom = talloc_zero(test_ctx, struct sss_domain_info); assert_non_null(test_ctx->subdom); test_ctx->subdom->name = discard_const(SUBDOMNAME); test_ctx->subdom->parent = test_ctx->dom; ad_ctx = talloc_zero(test_ctx, struct ad_id_ctx); assert_non_null(ad_ctx); ad_ctx->ad_options = ad_create_default_options(ad_ctx, REALMNAME, HOST_NAME); assert_non_null(ad_ctx->ad_options); ad_ctx->gc_ctx = talloc_zero(ad_ctx, struct sdap_id_conn_ctx); assert_non_null(ad_ctx->gc_ctx); ad_ctx->ldap_ctx = talloc_zero(ad_ctx, struct sdap_id_conn_ctx); assert_non_null(ad_ctx->ldap_ctx); ad_ctx->sdap_id_ctx = talloc_zero(ad_ctx, struct sdap_id_ctx); assert_non_null(ad_ctx->sdap_id_ctx); ad_ctx->sdap_id_ctx->opts = talloc_zero(ad_ctx->sdap_id_ctx, struct sdap_options); assert_non_null(ad_ctx->sdap_id_ctx->opts); ret = sdap_domain_add(ad_ctx->sdap_id_ctx->opts, test_ctx->dom, &sdom); assert_int_equal(ret, EOK); subdom_ad_ctx = talloc_zero(test_ctx, struct ad_id_ctx); assert_non_null(subdom_ad_ctx); subdom_ldap_ctx = talloc_zero(subdom_ad_ctx, struct sdap_id_conn_ctx); assert_non_null(subdom_ldap_ctx); subdom_ad_ctx->ldap_ctx = subdom_ldap_ctx; ret = sdap_domain_add(ad_ctx->sdap_id_ctx->opts, test_ctx->subdom, &sdom); assert_int_equal(ret, EOK); sdom->pvt = subdom_ad_ctx; test_ctx->ad_ctx = ad_ctx; test_ctx->subdom_ad_ctx = subdom_ad_ctx; check_leaks_push(test_ctx); *state = test_ctx; } static void ad_common_test_teardown(void **state) { struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); assert_non_null(test_ctx); assert_true(check_leaks_pop(test_ctx) == true); talloc_free(test_ctx); assert_true(check_leaks_pop(global_talloc_context) == true); assert_true(leak_check_teardown()); } errno_t __wrap_sdap_set_sasl_options(struct sdap_options *id_opts, char *default_primary, char *default_realm, const char *keytab_path) { /* Pretend SASL is fine */ return EOK; } void test_ldap_conn_list(void **state) { struct sdap_id_conn_ctx *conn; struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); assert_non_null(test_ctx); conn = ad_get_dom_ldap_conn(test_ctx->ad_ctx, test_ctx->dom); assert_true(conn == test_ctx->ad_ctx->ldap_ctx); conn = ad_get_dom_ldap_conn(test_ctx->ad_ctx, test_ctx->subdom); assert_true(conn == test_ctx->subdom_ad_ctx->ldap_ctx); } void test_conn_list(void **state) { struct sdap_id_conn_ctx **conn_list; struct ad_common_test_ctx *test_ctx = talloc_get_type(*state, struct ad_common_test_ctx); assert_non_null(test_ctx); assert_true(dp_opt_get_bool(test_ctx->ad_ctx->ad_options->basic, AD_ENABLE_GC)); conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->dom); assert_non_null(conn_list); assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx); /* If there is a fallback, we should ignore the offline mode */ assert_true(conn_list[0]->ignore_mark_offline); assert_true(conn_list[1] == test_ctx->ad_ctx->ldap_ctx); assert_false(conn_list[1]->ignore_mark_offline); assert_null(conn_list[2]); talloc_free(conn_list); conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->subdom); assert_non_null(conn_list); assert_true(conn_list[0] == test_ctx->ad_ctx->gc_ctx); assert_true(conn_list[0]->ignore_mark_offline); assert_true(conn_list[1] == test_ctx->subdom_ad_ctx->ldap_ctx); assert_false(conn_list[1]->ignore_mark_offline); talloc_free(conn_list); dp_opt_set_bool(test_ctx->ad_ctx->ad_options->basic, AD_ENABLE_GC, false); assert_false(dp_opt_get_bool(test_ctx->ad_ctx->ad_options->basic, AD_ENABLE_GC)); conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->dom); assert_non_null(conn_list); assert_true(conn_list[0] == test_ctx->ad_ctx->ldap_ctx); assert_false(conn_list[0]->ignore_mark_offline); assert_null(conn_list[1]); talloc_free(conn_list); conn_list = ad_gc_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->subdom); assert_non_null(conn_list); assert_true(conn_list[0] == test_ctx->subdom_ad_ctx->ldap_ctx); talloc_free(conn_list); } int main(int argc, const char *argv[]) { poptContext pc; int opt; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_DEBUG_OPTS POPT_TABLEEND }; const UnitTest tests[] = { unit_test_setup_teardown(test_ldap_conn_list, ad_common_test_setup, ad_common_test_teardown), unit_test_setup_teardown(test_conn_list, ad_common_test_setup, ad_common_test_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); tests_set_cwd(); return run_tests(tests); } sssd-1.11.5/src/tests/PaxHeaders.13173/strtonum-tests.c0000644000000000000000000000007412320753107020703 xustar000000000000000030 atime=1396954939.275891424 30 ctime=1396954961.781874857 sssd-1.11.5/src/tests/strtonum-tests.c0000664002412700241270000002675312320753107021142 0ustar00jhrozekjhrozek00000000000000/* SSSD InfoPipe Copyright (C) Stephen Gallagher 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include "util/util.h" #include "util/strtonum.h" #include "tests/common.h" /******************** * Utility routines * ********************/ #define EXPECT_UNSET_ERRNO(error) \ do { \ fail_unless(error == 0, "errno unexpectedly set to %d[%s]", \ error, strerror(error)); \ } while(0) #define CHECK_RESULT(expected, actual) \ do { \ fail_unless(actual == expected, "Expected %ld, got %ld", \ expected, actual); \ } while(0) #define CHECK_ERRNO(expected, actual) \ do { \ fail_unless(actual == expected, "Expected errno %d[%s], got %d[%s]", \ expected, strerror(expected), \ actual, strerror(actual)); \ } while(0) #define CHECK_ENDPTR(expected, actual) \ do { \ fail_unless(actual == expected, "Expected endptr %p, got %p", \ expected, actual); \ } while(0) #define CHECK_ZERO_ENDPTR(endptr) \ do { \ fail_unless(endptr && *endptr == '\0', "Invalid endptr"); \ } while(0) /****************** * strtoint tests * ******************/ /* Base-10 */ START_TEST (test_strtoint32_pos_integer_base_10) { int32_t result; const char *input = "123"; int32_t expected = 123; char *endptr; errno_t error; result = strtoint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ZERO_ENDPTR(endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtoint32_neg_integer_base_10) { int32_t result; const char *input = "-123"; int32_t expected = -123; char *endptr; errno_t error; result = strtoint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ZERO_ENDPTR(endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtoint32_pos_integer_intmax_base_10) { int32_t result; const char *input = "2147483647"; int32_t expected = INT32_MAX; char *endptr; errno_t error; result = strtoint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ZERO_ENDPTR(endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtoint32_neg_integer_intmin_base_10) { int32_t result; const char *input = "-2147483648"; int32_t expected = INT32_MIN; char *endptr; errno_t error; result = strtoint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ZERO_ENDPTR(endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtoint32_pos_integer_overflow_base_10) { int32_t result; const char *input = "8589934592"; int32_t expected = INT32_MAX; char *endptr; errno_t error; result = strtoint32(input, &endptr, 10); error = errno; CHECK_ERRNO(ERANGE, error); CHECK_ZERO_ENDPTR(endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtoint32_pos_integer_underflow_base_10) { int32_t result; const char *input = "-8589934592"; int32_t expected = INT32_MIN; char *endptr; errno_t error; result = strtoint32(input, &endptr, 10); error = errno; CHECK_ERRNO(ERANGE, error); CHECK_ZERO_ENDPTR(endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtoint32_mixed_alphanumeric_base_10) { int32_t result; const char *input = "12b13"; int32_t expected = 12; char *endptr; const char *expected_endptr = input+2; errno_t error; result = strtoint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ENDPTR(expected_endptr, endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtoint32_alphaonly_base_10) { int32_t result; const char *input = "alpha"; int32_t expected = 0; char *endptr; const char *expected_endptr = input; errno_t error; result = strtoint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ENDPTR(expected_endptr, endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtoint32_alphastart_base_10) { int32_t result; const char *input = "alpha12345"; int32_t expected = 0; char *endptr; const char *expected_endptr = input; errno_t error; result = strtoint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ENDPTR(expected_endptr, endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtoint32_emptystring_base_10) { int32_t result; const char *input = ""; int32_t expected = 0; char *endptr; const char *expected_endptr = input; errno_t error; result = strtoint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ENDPTR(expected_endptr, endptr); CHECK_RESULT(expected, result); } END_TEST /******************* * strtouint tests * *******************/ /* Base-10 */ START_TEST (test_strtouint32_pos_integer_base_10) { uint32_t result; const char *input = "123"; uint32_t expected = 123; char *endptr; errno_t error; result = strtouint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ZERO_ENDPTR(endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtouint32_neg_integer_base_10) { uint32_t result; const char *input = "-123"; uint32_t expected = UINT32_MAX; char *endptr; errno_t error; result = strtouint32(input, &endptr, 10); error = errno; CHECK_ERRNO(ERANGE, error); CHECK_ZERO_ENDPTR(endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtouint32_pos_integer_uintmax_base_10) { uint32_t result; const char *input = "4294967295"; uint32_t expected = UINT32_MAX; char *endptr; errno_t error; result = strtouint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ZERO_ENDPTR(endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtouint32_pos_integer_overflow_base_10) { uint32_t result; const char *input = "8589934592"; uint32_t expected = UINT32_MAX; char *endptr; errno_t error; result = strtouint32(input, &endptr, 10); error = errno; CHECK_ERRNO(ERANGE, error); CHECK_ZERO_ENDPTR(endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtouint32_mixed_alphanumeric_base_10) { uint32_t result; const char *input = "12b13"; uint32_t expected = 12; char *endptr; const char *expected_endptr = input+2; errno_t error; result = strtouint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ENDPTR(expected_endptr, endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtouint32_alphaonly_base_10) { uint32_t result; const char *input = "alpha"; uint32_t expected = 0; char *endptr; const char *expected_endptr = input; errno_t error; result = strtouint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ENDPTR(expected_endptr, endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtouint32_alphastart_base_10) { uint32_t result; const char *input = "alpha12345"; uint32_t expected = 0; char *endptr; const char *expected_endptr = input; errno_t error; result = strtouint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ENDPTR(expected_endptr, endptr); CHECK_RESULT(expected, result); } END_TEST START_TEST (test_strtouint32_emptystring_base_10) { uint32_t result; const char *input = ""; uint32_t expected = 0; char *endptr; const char *expected_endptr = input; errno_t error; result = strtouint32(input, &endptr, 10); error = errno; EXPECT_UNSET_ERRNO(error); CHECK_ENDPTR(expected_endptr, endptr); CHECK_RESULT(expected, result); } END_TEST Suite *create_strtonum_suite(void) { Suite *s = suite_create("strtonum"); TCase *tc_strtoint32 = tcase_create("strtoint32 Tests"); tcase_add_test(tc_strtoint32, test_strtoint32_pos_integer_base_10); tcase_add_test(tc_strtoint32, test_strtoint32_neg_integer_base_10); tcase_add_test(tc_strtoint32, test_strtoint32_pos_integer_intmax_base_10); tcase_add_test(tc_strtoint32, test_strtoint32_neg_integer_intmin_base_10); tcase_add_test(tc_strtoint32, test_strtoint32_pos_integer_overflow_base_10); tcase_add_test(tc_strtoint32, test_strtoint32_pos_integer_underflow_base_10); tcase_add_test(tc_strtoint32, test_strtoint32_mixed_alphanumeric_base_10); tcase_add_test(tc_strtoint32, test_strtoint32_alphaonly_base_10); tcase_add_test(tc_strtoint32, test_strtoint32_alphastart_base_10); tcase_add_test(tc_strtoint32, test_strtoint32_emptystring_base_10); TCase *tc_strtouint32 = tcase_create("strtouint32 Tests"); tcase_add_test(tc_strtouint32, test_strtouint32_pos_integer_base_10); tcase_add_test(tc_strtouint32, test_strtouint32_neg_integer_base_10); tcase_add_test(tc_strtouint32, test_strtouint32_pos_integer_uintmax_base_10); tcase_add_test(tc_strtouint32, test_strtouint32_pos_integer_overflow_base_10); tcase_add_test(tc_strtouint32, test_strtouint32_mixed_alphanumeric_base_10); tcase_add_test(tc_strtouint32, test_strtouint32_alphaonly_base_10); tcase_add_test(tc_strtouint32, test_strtouint32_alphastart_base_10); tcase_add_test(tc_strtouint32, test_strtouint32_emptystring_base_10); /* Add all test cases to the suite */ suite_add_tcase(s, tc_strtoint32); suite_add_tcase(s, tc_strtouint32); return s; } int main(int argc, const char *argv[]) { int opt; poptContext pc; int failure_count; Suite *strtonum_suite; SRunner *sr; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); tests_set_cwd(); strtonum_suite = create_strtonum_suite(); sr = srunner_create(strtonum_suite); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); failure_count = srunner_ntests_failed(sr); srunner_free(sr); return (failure_count==0 ? EXIT_SUCCESS : EXIT_FAILURE); } sssd-1.11.5/src/tests/PaxHeaders.13173/krb5_utils-tests.c0000644000000000000000000000007212320753107021071 xustar000000000000000030 atime=1396954939.274891425 28 ctime=1396954961.7228749 sssd-1.11.5/src/tests/krb5_utils-tests.c0000664002412700241270000005512012320753107021320 0ustar00jhrozekjhrozek00000000000000/* SSSD Kerberos 5 Backend Module -- Utilities tests Authors: Sumit Bose Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include "providers/krb5/krb5_utils.h" #include "providers/krb5/krb5_auth.h" #include "tests/common.h" #define TESTS_PATH "tests_krb5_utils" #define BASE "/abc/def" #define FILENAME "ghi" #define USERNAME "testuser" #define UID "12345" #define PRINCIPAL_NAME "testuser@EXAMPLE.COM" #define REALM "REALM.ORG" #define HOME_DIRECTORY "/home/testuser" #define CCACHE_DIR "/var/tmp" #define PID "4321" extern struct dp_option default_krb5_opts[]; TALLOC_CTX *tmp_ctx = NULL; struct krb5child_req *kr; #define RMDIR(__dir__) do { \ ret = rmdir(__dir__); \ fail_unless(ret == EOK, "rmdir [%s] failed, [%d][%s].", __dir__, \ errno, strerror(errno)); \ } while(0) void setup_create_dir(void) { fail_unless(tmp_ctx == NULL, "Talloc context already initialized."); tmp_ctx = talloc_new(NULL); fail_unless(tmp_ctx != NULL, "Cannot create talloc context."); } void teardown_create_dir(void) { int ret; fail_unless(tmp_ctx != NULL, "Talloc context already freed."); ret = talloc_free(tmp_ctx); tmp_ctx = NULL; fail_unless(ret == 0, "Cannot free talloc context."); } static void check_dir(const char *dirname, uid_t uid, gid_t gid, mode_t mode) { struct stat stat_buf; int ret; ret = stat(dirname, &stat_buf); fail_unless(ret == EOK, "stat failed [%d][%s].", errno, strerror(errno)); fail_unless(S_ISDIR(stat_buf.st_mode), "[%s] is not a directory.", dirname); fail_unless(stat_buf.st_uid == uid, "uid does not match, " "expected [%d], got [%d].", uid, stat_buf.st_uid); fail_unless(stat_buf.st_gid == gid, "gid does not match, " "expected [%d], got [%d].", gid, stat_buf.st_gid); fail_unless((stat_buf.st_mode & ~S_IFMT) == mode, "mode of [%s] does not match, " "expected [%o], got [%o].", dirname, mode, (stat_buf.st_mode & ~S_IFMT)); } START_TEST(test_private_ccache_dir_in_user_dir) { int ret; char *cwd; char *user_dir; char *dn1; char *dn2; char *dn3; char *filename; uid_t uid = getuid(); gid_t gid = getgid(); if (uid == 0) { uid = 12345; gid = 12345; } cwd = getcwd(NULL, 0); fail_unless(cwd != NULL, "getcwd failed."); user_dir = talloc_asprintf(tmp_ctx, "%s/%s/user", cwd, TESTS_PATH); free(cwd); fail_unless(user_dir != NULL, "talloc_asprintf failed."); ret = mkdir(user_dir, 0700); fail_unless(ret == EOK, "mkdir failed."); ret = chown(user_dir, uid, gid); fail_unless(ret == EOK, "chown failed."); dn1 = talloc_asprintf(tmp_ctx, "%s/a", user_dir); fail_unless(dn1 != NULL, "talloc_asprintf failed."); dn2 = talloc_asprintf(tmp_ctx, "%s/b", dn1); fail_unless(dn2 != NULL, "talloc_asprintf failed."); dn3 = talloc_asprintf(tmp_ctx, "%s/c", dn2); fail_unless(dn3 != NULL, "talloc_asprintf failed."); filename = talloc_asprintf(tmp_ctx, "%s/ccfile", dn3); fail_unless(filename != NULL, "talloc_asprintf failed."); ret = chmod(user_dir, 0600); fail_unless(ret == EOK, "chmod failed."); ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid); fail_unless(ret == EINVAL, "sss_krb5_precreate_ccache does not return EINVAL " "while x-bit is missing."); ret = chmod(user_dir, 0700); fail_unless(ret == EOK, "chmod failed."); ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid); fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed."); check_dir(dn3, uid, gid, 0700); RMDIR(dn3); check_dir(dn2, uid, gid, 0700); RMDIR(dn2); check_dir(dn1, uid, gid, 0700); RMDIR(dn1); RMDIR(user_dir); } END_TEST START_TEST(test_private_ccache_dir_in_wrong_user_dir) { int ret; char *cwd; char *dirname; char *subdirname; char *filename; fail_unless(getuid() == 0, "This test must be run as root."); cwd = getcwd(NULL, 0); fail_unless(cwd != NULL, "getcwd failed."); dirname = talloc_asprintf(tmp_ctx, "%s/%s/priv_ccdir", cwd, TESTS_PATH); free(cwd); fail_unless(dirname != NULL, "talloc_asprintf failed."); ret = mkdir(dirname, 0700); fail_unless(ret == EOK, "mkdir failed.\n"); ret = chown(dirname, 12346, 12346); fail_unless(ret == EOK, "chown failed.\n"); subdirname = talloc_asprintf(tmp_ctx, "%s/subdir", dirname); fail_unless(subdirname != NULL, "talloc_asprintf failed."); filename = talloc_asprintf(tmp_ctx, "%s/ccfile", subdirname); fail_unless(filename != NULL, "talloc_asprintf failed."); ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345); fail_unless(ret == EINVAL, "Creating private ccache dir in wrong user " "dir does not failed with EINVAL."); RMDIR(dirname); } END_TEST START_TEST(test_illegal_patterns) { int ret; char *cwd; char *dirname; char *filename; uid_t uid = getuid(); gid_t gid = getgid(); pcre *illegal_re; const char *errstr; int errval; int errpos; illegal_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0, &errval, &errstr, &errpos, NULL); fail_unless(illegal_re != NULL, "Invalid Regular Expression pattern at " " position %d. (Error: %d [%s])\n", errpos, errval, errstr); cwd = getcwd(NULL, 0); fail_unless(cwd != NULL, "getcwd failed."); dirname = talloc_asprintf(tmp_ctx, "%s/%s/priv_ccdir", cwd, TESTS_PATH); free(cwd); fail_unless(dirname != NULL, "talloc_asprintf failed."); filename = talloc_asprintf(tmp_ctx, "abc/./ccfile"); fail_unless(filename != NULL, "talloc_asprintf failed."); ret = create_ccache_dir(filename, illegal_re, uid, gid); fail_unless(ret == EINVAL, "create_ccache_dir allowed relative path [%s].", filename); filename = talloc_asprintf(tmp_ctx, "%s/abc/./ccfile", dirname); fail_unless(filename != NULL, "talloc_asprintf failed."); ret = create_ccache_dir(filename, illegal_re, uid, gid); fail_unless(ret == EINVAL, "create_ccache_dir allowed " "illegal pattern '/./' in filename [%s].", filename); filename = talloc_asprintf(tmp_ctx, "%s/abc/../ccfile", dirname); fail_unless(filename != NULL, "talloc_asprintf failed."); ret = create_ccache_dir(filename, illegal_re, uid, gid); fail_unless(ret == EINVAL, "create_ccache_dir allowed " "illegal pattern '/../' in filename [%s].", filename); filename = talloc_asprintf(tmp_ctx, "%s/abc//ccfile", dirname); fail_unless(filename != NULL, "talloc_asprintf failed."); ret = create_ccache_dir(filename, illegal_re, uid, gid); fail_unless(ret == EINVAL, "create_ccache_dir allowed " "illegal pattern '//' in filename [%s].", filename); } END_TEST START_TEST(test_cc_dir_create) { char *residual; char *dirname; char *cwd; uid_t uid = getuid(); gid_t gid = getgid(); pcre *illegal_re; errno_t ret; const char *errstr; int errval; int errpos; illegal_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0, &errval, &errstr, &errpos, NULL); fail_unless(illegal_re != NULL, "Invalid Regular Expression pattern at " " position %d. (Error: %d [%s])\n", errpos, errval, errstr); cwd = getcwd(NULL, 0); fail_unless(cwd != NULL, "getcwd failed."); dirname = talloc_asprintf(tmp_ctx, "%s/%s/user_dir", cwd, TESTS_PATH); fail_unless(dirname != NULL, "talloc_asprintf failed."); residual = talloc_asprintf(tmp_ctx, "DIR:%s/%s", dirname, "ccdir"); fail_unless(residual != NULL, "talloc_asprintf failed."); ret = sss_krb5_precreate_ccache(residual, illegal_re, uid, gid); fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed\n"); ret = rmdir(dirname); if (ret < 0) ret = errno; fail_unless(ret == 0, "Cannot remove %s: %s\n", dirname, strerror(ret)); talloc_free(residual); dirname = talloc_asprintf(tmp_ctx, "%s/%s/user_dir2", cwd, TESTS_PATH); fail_unless(dirname != NULL, "talloc_asprintf failed."); residual = talloc_asprintf(tmp_ctx, "DIR:%s/%s", dirname, "ccdir/"); fail_unless(residual != NULL, "talloc_asprintf failed."); ret = sss_krb5_precreate_ccache(residual, illegal_re, uid, gid); fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed\n"); ret = rmdir(dirname); if (ret < 0) ret = errno; fail_unless(ret == 0, "Cannot remove %s: %s\n", dirname, strerror(ret)); talloc_free(residual); free(cwd); } END_TEST void setup_talloc_context(void) { int ret; int i; struct pam_data *pd; struct krb5_ctx *krb5_ctx; fail_unless(tmp_ctx == NULL, "Talloc context already initialized."); tmp_ctx = talloc_new(NULL); fail_unless(tmp_ctx != NULL, "Cannot create talloc context."); kr = talloc_zero(tmp_ctx, struct krb5child_req); fail_unless(kr != NULL, "Cannot create krb5child_req structure."); pd = create_pam_data(tmp_ctx); fail_unless(pd != NULL, "Cannot create pam_data structure."); krb5_ctx = talloc_zero(tmp_ctx, struct krb5_ctx); fail_unless(pd != NULL, "Cannot create krb5_ctx structure."); pd->user = discard_const(USERNAME); kr->uid = atoi(UID); kr->upn = discard_const(PRINCIPAL_NAME); pd->cli_pid = atoi(PID); krb5_ctx->opts = talloc_zero_array(tmp_ctx, struct dp_option, KRB5_OPTS); fail_unless(krb5_ctx->opts != NULL, "Cannot created options."); for (i = 0; i < KRB5_OPTS; i++) { krb5_ctx->opts[i].opt_name = default_krb5_opts[i].opt_name; krb5_ctx->opts[i].type = default_krb5_opts[i].type; krb5_ctx->opts[i].def_val = default_krb5_opts[i].def_val; } ret = dp_opt_set_string(krb5_ctx->opts, KRB5_REALM, REALM); fail_unless(ret == EOK, "Failed to set Realm"); ret = dp_opt_set_string(krb5_ctx->opts, KRB5_CCACHEDIR, CCACHE_DIR); fail_unless(ret == EOK, "Failed to set Ccache dir"); kr->homedir = HOME_DIRECTORY; kr->pd = pd; kr->krb5_ctx = krb5_ctx; } void free_talloc_context(void) { int ret; fail_unless(tmp_ctx != NULL, "Talloc context already freed."); ret = talloc_free(tmp_ctx); tmp_ctx = NULL; fail_unless(ret == 0, "Cannot free talloc context."); } static void do_test(const char *file_template, const char *dir_template, const char *expected) { char *result; int ret; ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, dir_template); fail_unless(ret == EOK, "Failed to set Ccache dir"); result = expand_ccname_template(tmp_ctx, kr, file_template, true, true); fail_unless(result != NULL, "Cannot expand template [%s].", file_template); fail_unless(strcmp(result, expected) == 0, "Expansion failed, result [%s], expected [%s].", result, expected); } START_TEST(test_multiple_substitutions) { do_test(BASE"_%u_%U_%u", CCACHE_DIR, BASE"_"USERNAME"_"UID"_"USERNAME); do_test("%d/"FILENAME, BASE"_%u_%U_%u", BASE"_"USERNAME"_"UID"_"USERNAME"/"FILENAME); } END_TEST START_TEST(test_username) { do_test(BASE"_%u", CCACHE_DIR, BASE"_"USERNAME); do_test("%d/"FILENAME, BASE"_%u", BASE"_"USERNAME"/"FILENAME); } END_TEST START_TEST(test_case_sensitive) { char *result; int ret; const char *file_template = BASE"_%u"; const char *expected_cs = BASE"_TestUser"; const char *expected_ci = BASE"_testuser"; kr->pd->user = discard_const("TestUser"); ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, CCACHE_DIR); fail_unless(ret == EOK, "Failed to set Ccache dir"); result = expand_ccname_template(tmp_ctx, kr, file_template, true, true); fail_unless(result != NULL, "Cannot expand template [%s].", file_template); fail_unless(strcmp(result, expected_cs) == 0, "Expansion failed, result [%s], expected [%s].", result, expected_cs); result = expand_ccname_template(tmp_ctx, kr, file_template, true, false); fail_unless(result != NULL, "Cannot expand template [%s].", file_template); fail_unless(strcmp(result, expected_ci) == 0, "Expansion failed, result [%s], expected [%s].", result, expected_ci); } END_TEST START_TEST(test_uid) { do_test(BASE"_%U", CCACHE_DIR, BASE"_"UID); do_test("%d/"FILENAME, BASE"_%U", BASE"_"UID"/"FILENAME); } END_TEST START_TEST(test_upn) { do_test(BASE"_%p", CCACHE_DIR, BASE"_"PRINCIPAL_NAME); do_test("%d/"FILENAME, BASE"_%p", BASE"_"PRINCIPAL_NAME"/"FILENAME); } END_TEST START_TEST(test_realm) { do_test(BASE"_%r", CCACHE_DIR, BASE"_"REALM); do_test("%d/"FILENAME, BASE"_%r", BASE"_"REALM"/"FILENAME); } END_TEST START_TEST(test_home) { do_test(BASE"_%h", CCACHE_DIR, BASE"_"HOME_DIRECTORY); do_test("%d/"FILENAME, BASE"_%h", BASE"_"HOME_DIRECTORY"/"FILENAME); } END_TEST START_TEST(test_ccache_dir) { char *result; int ret; do_test(BASE"_%d", CCACHE_DIR, BASE"_"CCACHE_DIR); ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%d"); fail_unless(ret == EOK, "Failed to set Ccache dir"); result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true, true); fail_unless(result == NULL, "Using %%d in ccache dir should fail."); } END_TEST START_TEST(test_pid) { char *result; int ret; do_test(BASE"_%P", CCACHE_DIR, BASE"_"PID); ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%P"); fail_unless(ret == EOK, "Failed to set Ccache dir"); result = expand_ccname_template(tmp_ctx, kr, "%d/"FILENAME, true, true); fail_unless(result == NULL, "Using %%P in ccache dir should fail."); } END_TEST START_TEST(test_percent) { do_test(BASE"_%%", CCACHE_DIR, BASE"_%"); do_test("%d/"FILENAME, BASE"_%%", BASE"_%/"FILENAME); } END_TEST START_TEST(test_unknown_template) { const char *test_template = BASE"_%X"; char *result; int ret; result = expand_ccname_template(tmp_ctx, kr, test_template, true, true); fail_unless(result == NULL, "Unknown template [%s] should fail.", test_template); ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCACHEDIR, BASE"_%X"); fail_unless(ret == EOK, "Failed to set Ccache dir"); test_template = "%d/"FILENAME; result = expand_ccname_template(tmp_ctx, kr, test_template, true, true); fail_unless(result == NULL, "Unknown template [%s] should fail.", test_template); } END_TEST START_TEST(test_NULL) { char *test_template = NULL; char *result; result = expand_ccname_template(tmp_ctx, kr, test_template, true, true); fail_unless(result == NULL, "Expected NULL as a result for an empty input.", test_template); } END_TEST START_TEST(test_no_substitution) { const char *test_template = BASE; char *result; result = expand_ccname_template(tmp_ctx, kr, test_template, true, true); fail_unless(result != NULL, "Cannot expand template [%s].", test_template); fail_unless(strcmp(result, test_template) == 0, "Expansion failed, result [%s], expected [%s].", result, test_template); } END_TEST START_TEST(test_krb5_style_expansion) { char *result; const char *file_template; const char *expected; file_template = BASE"/%{uid}/%{USERID}/%{euid}/%{username}"; expected = BASE"/"UID"/"UID"/"UID"/"USERNAME; result = expand_ccname_template(tmp_ctx, kr, file_template, true, true); fail_unless(result != NULL, "Cannot expand template [%s].", file_template); fail_unless(strcmp(result, expected) == 0, "Expansion failed, result [%s], expected [%s].", result, expected); file_template = BASE"/%{unknown}"; expected = BASE"/%{unknown}"; result = expand_ccname_template(tmp_ctx, kr, file_template, true, false); fail_unless(result != NULL, "Cannot expand template [%s].", file_template); fail_unless(strcmp(result, expected) == 0, "Expansion failed, result [%s], expected [%s].", result, expected); } END_TEST START_TEST(test_compare_principal_realm) { int ret; bool different_realm; ret = compare_principal_realm(NULL, "a", &different_realm); fail_unless(ret == EINVAL, "NULL upn does not cause EINVAL."); ret = compare_principal_realm("a", NULL, &different_realm); fail_unless(ret == EINVAL, "NULL realm does not cause EINVAL."); ret = compare_principal_realm("a", "b", NULL); fail_unless(ret == EINVAL, "NULL different_realmbool " \ "does not cause EINVAL."); ret = compare_principal_realm("", "a", &different_realm); fail_unless(ret == EINVAL, "Empty upn does not cause EINVAL."); ret = compare_principal_realm("a", "", &different_realm); fail_unless(ret == EINVAL, "Empty realm does not cause EINVAL."); ret = compare_principal_realm("ABC", "ABC", &different_realm); fail_unless(ret == EINVAL, "Short UPN does not cause EINVAL."); ret = compare_principal_realm("userABC", "ABC", &different_realm); fail_unless(ret == EINVAL, "Missing '@' does not cause EINVAL."); ret = compare_principal_realm("user@ABC", "ABC", &different_realm); fail_unless(ret == EOK, "Failure with same realm"); fail_unless(different_realm == false, "Same realm but " \ "different_realm is not false."); ret = compare_principal_realm("user@ABC", "DEF", &different_realm); fail_unless(ret == EOK, "Failure with different realm"); fail_unless(different_realm == true, "Different realm but " \ "different_realm is not true."); ret = compare_principal_realm("user@ABC", "REALMNAMELONGERTHANUPN", &different_realm); fail_unless(ret == EOK, "Failure with long realm name."); fail_unless(different_realm == true, "Realm name longer than UPN but " "different_realm is not true."); } END_TEST Suite *krb5_utils_suite (void) { Suite *s = suite_create ("krb5_utils"); TCase *tc_ccname_template = tcase_create ("ccname_template"); tcase_add_checked_fixture (tc_ccname_template, setup_talloc_context, free_talloc_context); tcase_add_test (tc_ccname_template, test_no_substitution); tcase_add_test (tc_ccname_template, test_NULL); tcase_add_test (tc_ccname_template, test_unknown_template); tcase_add_test (tc_ccname_template, test_username); tcase_add_test (tc_ccname_template, test_case_sensitive); tcase_add_test (tc_ccname_template, test_uid); tcase_add_test (tc_ccname_template, test_upn); tcase_add_test (tc_ccname_template, test_realm); tcase_add_test (tc_ccname_template, test_home); tcase_add_test (tc_ccname_template, test_ccache_dir); tcase_add_test (tc_ccname_template, test_pid); tcase_add_test (tc_ccname_template, test_percent); tcase_add_test (tc_ccname_template, test_multiple_substitutions); tcase_add_test (tc_ccname_template, test_krb5_style_expansion); suite_add_tcase (s, tc_ccname_template); TCase *tc_create_dir = tcase_create("create_dir"); tcase_add_checked_fixture (tc_create_dir, setup_create_dir, teardown_create_dir); tcase_add_test (tc_create_dir, test_illegal_patterns); tcase_add_test (tc_create_dir, test_cc_dir_create); if (getuid() == 0) { tcase_add_test (tc_create_dir, test_private_ccache_dir_in_user_dir); tcase_add_test (tc_create_dir, test_private_ccache_dir_in_wrong_user_dir); } else { printf("Run as root to enable more tests.\n"); } suite_add_tcase (s, tc_create_dir); TCase *tc_krb5_helpers = tcase_create("Helper functions"); tcase_add_test(tc_krb5_helpers, test_compare_principal_realm); suite_add_tcase(s, tc_krb5_helpers); return s; } int main(int argc, const char *argv[]) { int ret; int opt; poptContext pc; int number_failed; tests_set_cwd(); struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } poptFreeContext(pc); DEBUG_INIT(debug_level); ret = mkdir(TESTS_PATH, 0775); if (ret != EOK) { fprintf(stderr, "Could not create empty directory [%s]. ", TESTS_PATH); if (errno == EEXIST) { fprintf(stderr, "Please remove [%s].\n", TESTS_PATH); } else { fprintf(stderr, "[%d][%s].\n", errno, strerror(errno)); } return 1; } Suite *s = krb5_utils_suite (); SRunner *sr = srunner_create (s); /* If CK_VERBOSITY is set, use that, otherwise it defaults to CK_NORMAL */ srunner_run_all(sr, CK_ENV); number_failed = srunner_ntests_failed (sr); srunner_free (sr); if (number_failed == 0) { ret = rmdir(TESTS_PATH); if (ret != EOK) { fprintf(stderr, "Cannot remove [%s]: [%d][%s].\n", TESTS_PATH, errno, strerror(errno)); return EXIT_FAILURE; } return EXIT_SUCCESS; } return EXIT_FAILURE; } sssd-1.11.5/src/PaxHeaders.13173/ldb_modules0000644000000000000000000000013212320753521016551 xustar000000000000000030 mtime=1396954961.690874924 30 atime=1396955003.534843847 30 ctime=1396954961.690874924 sssd-1.11.5/src/ldb_modules/0000775002412700241270000000000012320753521017055 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/ldb_modules/PaxHeaders.13173/memberof.c0000644000000000000000000000007412320753107020573 xustar000000000000000030 atime=1396954939.255891439 30 ctime=1396954961.690874924 sssd-1.11.5/src/ldb_modules/memberof.c0000664002412700241270000042705512320753107021032 0ustar00jhrozekjhrozek00000000000000/* SSSD memberof module Copyright (C) Simo Sorce 2008-2011 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "ldb_module.h" #include "util/util.h" #include "dhash.h" #define DB_MEMBER "member" #define DB_GHOST "ghost" #define DB_MEMBEROF "memberof" #define DB_MEMBERUID "memberuid" #define DB_NAME "name" #define DB_USER_CLASS "user" #define DB_GROUP_CLASS "group" #define DB_CACHE_EXPIRE "dataExpireTimestamp" #define DB_OC "objectClass" #ifndef MAX #define MAX(a,b) (((a) > (b)) ? (a) : (b)) #endif struct mbof_val_array { struct ldb_val *vals; int num; }; struct mbof_dn_array { struct ldb_dn **dns; int num; }; struct mbof_dn { struct mbof_dn *next; struct ldb_dn *dn; }; struct mbof_ctx { struct ldb_module *module; struct ldb_request *req; struct ldb_control **ret_ctrls; struct ldb_extended *ret_resp; }; struct mbof_add_operation { struct mbof_add_ctx *add_ctx; struct mbof_add_operation *next; struct mbof_dn_array *parents; struct ldb_dn *entry_dn; struct ldb_message *entry; }; struct mbof_memberuid_op { struct ldb_dn *dn; struct ldb_message_element *el; }; struct mbof_add_ctx { struct mbof_ctx *ctx; struct mbof_add_operation *add_list; struct mbof_add_operation *current_op; struct ldb_message *msg; struct ldb_dn *msg_dn; bool terminate; struct mbof_dn *missing; struct mbof_memberuid_op *muops; int num_muops; int cur_muop; }; struct mbof_del_ancestors_ctx { struct mbof_dn_array *new_list; int num_direct; int cur; struct ldb_message *entry; }; struct mbof_del_operation { struct mbof_del_ctx *del_ctx; struct mbof_del_operation *parent; struct mbof_del_operation **children; int num_children; int next_child; struct ldb_dn *entry_dn; struct ldb_message *entry; struct ldb_message **parents; int num_parents; int cur_parent; struct mbof_del_ancestors_ctx *anc_ctx; }; struct mbof_mod_ctx; struct mbof_del_ctx { struct mbof_ctx *ctx; struct mbof_del_operation *first; struct mbof_dn *history; struct ldb_message **mus; int num_mus; struct mbof_memberuid_op *muops; int num_muops; int cur_muop; struct mbof_memberuid_op *ghops; int num_ghops; int cur_ghop; struct mbof_mod_ctx *follow_mod; bool is_mod; }; struct mbof_mod_del_op { struct mbof_mod_ctx *mod_ctx; struct ldb_message *mod_msg; struct ldb_message_element *el; hash_table_t *inherited_gh; }; struct mbof_mod_ctx { struct mbof_ctx *ctx; const struct ldb_message_element *membel; const struct ldb_message_element *ghel; struct ldb_message *entry; struct mbof_dn_array *mb_add; struct mbof_dn_array *mb_remove; struct mbof_val_array *gh_add; struct mbof_val_array *gh_remove; struct mbof_mod_del_op *igh; struct ldb_message *msg; bool terminate; }; static struct mbof_ctx *mbof_init(struct ldb_module *module, struct ldb_request *req) { struct mbof_ctx *ctx; ctx = talloc_zero(req, struct mbof_ctx); if (!ctx) { return NULL; } ctx->module = module; ctx->req = req; return ctx; } static void *hash_alloc(const size_t size, void *pvt) { return talloc_size(pvt, size); } static void hash_free(void *ptr, void *pvt) { talloc_free(ptr); } static int entry_has_objectclass(struct ldb_message *entry, const char *objectclass) { struct ldb_message_element *el; struct ldb_val *val; int i; el = ldb_msg_find_element(entry, DB_OC); if (!el) { return LDB_ERR_OPERATIONS_ERROR; } /* see if this is a user */ for (i = 0; i < el->num_values; i++) { val = &(el->values[i]); if (strncasecmp(objectclass, (char *)val->data, val->length) == 0) { return LDB_SUCCESS; } } return LDB_ERR_NO_SUCH_ATTRIBUTE; } static int entry_is_user_object(struct ldb_message *entry) { return entry_has_objectclass(entry, DB_USER_CLASS); } static int entry_is_group_object(struct ldb_message *entry) { return entry_has_objectclass(entry, DB_GROUP_CLASS); } static int mbof_append_muop(TALLOC_CTX *memctx, struct mbof_memberuid_op **_muops, int *_num_muops, int flags, struct ldb_dn *parent, const char *name, const char *element_name) { struct mbof_memberuid_op *muops = *_muops; int num_muops = *_num_muops; struct mbof_memberuid_op *op; struct ldb_val *val; int i; op = NULL; if (muops) { for (i = 0; i < num_muops; i++) { if (ldb_dn_compare(parent, muops[i].dn) == 0) { op = &muops[i]; break; } } } if (!op) { muops = talloc_realloc(memctx, muops, struct mbof_memberuid_op, num_muops + 1); if (!muops) { return LDB_ERR_OPERATIONS_ERROR; } op = &muops[num_muops]; num_muops++; *_muops = muops; *_num_muops = num_muops; op->dn = parent; op->el = NULL; } if (!op->el) { op->el = talloc_zero(muops, struct ldb_message_element); if (!op->el) { return LDB_ERR_OPERATIONS_ERROR; } op->el->name = talloc_strdup(op->el, element_name); if (!op->el->name) { return LDB_ERR_OPERATIONS_ERROR; } op->el->flags = flags; } for (i = 0; i < op->el->num_values; i++) { if (strcmp((char *)op->el->values[i].data, name) == 0) { /* we already have this value, get out*/ return LDB_SUCCESS; } } val = talloc_realloc(op->el, op->el->values, struct ldb_val, op->el->num_values + 1); if (!val) { return LDB_ERR_OPERATIONS_ERROR; } val[op->el->num_values].data = (uint8_t *)talloc_strdup(val, name); if (!val[op->el->num_values].data) { return LDB_ERR_OPERATIONS_ERROR; } val[op->el->num_values].length = strlen(name); op->el->values = val; op->el->num_values++; return LDB_SUCCESS; } /* add operation */ /* An add operation is quite simple. * First of all a new object cannot yet have parents, so the only memberof * attribute that can be added to any member contains just one object DN. * * The real add operation is done first, to assure nothing else fails. * Then we list all members of the object just created, and for each member * we create an "add operation" and we pass it a parent list of one member * (the object we just added again). * * For each add operation we lookup the object we want to operate on. * We take the list of memberof attributes and sort out which parents are * still missing from the parent list we have provided. * We modify the object memberof attributes to reflect the new memberships. * Then we list all members of this object, and for each once again we create * an "add operation" as we did in the initial object. * * Processing stops when the target object does not have members or when it * already has all the parents (can happen if nested groups create loops). * * Group cache unrolling: * Every time we add a memberof attribute to an actual user object, * we proceed to store the user name. * * At the end we will add a memberuid attribute to our new object that * includes all direct and indirect user members names. * * Group objects can also contain a "ghost" attribute. A ghost attribute * represents a user that is a member of the group but has not yet been * looked up so there is no real user entry with member/memberof links. * * If an object being added contains a "ghost" attribute, the ghost attribute * is in turn copied to all parents of that object so that retrieving a * group returns both its direct and indirect members. The ghost attribute is * similar to the memberuid attribute in many respects. One difference is that * the memberuid attribute is completely generated and managed by the memberof * plugin - in contrast, the ghost attribute is added to the entry that "owns" * it and only propagated to parent groups. */ static int mbof_append_addop(struct mbof_add_ctx *add_ctx, struct mbof_dn_array *parents, struct ldb_dn *entry_dn) { struct mbof_add_operation *lastop = NULL; struct mbof_add_operation *addop; /* test if this is a duplicate */ /* FIXME: this is not efficient */ if (add_ctx->add_list) { do { if (lastop) { lastop = lastop->next; } else { lastop = add_ctx->add_list; } /* FIXME: check if this is right, might have to compare parents */ if (ldb_dn_compare(lastop->entry_dn, entry_dn) == 0) { /* duplicate found */ return LDB_SUCCESS; } } while (lastop->next); } addop = talloc_zero(add_ctx, struct mbof_add_operation); if (!addop) { return LDB_ERR_OPERATIONS_ERROR; } addop->add_ctx = add_ctx; addop->parents = parents; addop->entry_dn = entry_dn; if (add_ctx->add_list) { lastop->next = addop; } else { add_ctx->add_list = addop; } return LDB_SUCCESS; } static int mbof_add_fill_ghop_ex(struct mbof_add_ctx *add_ctx, struct ldb_message *entry, struct mbof_dn_array *parents, struct ldb_val *ghvals, unsigned int num_gh_vals) { int ret; int i, j; if (!parents || parents->num == 0) { /* no parents attributes ... */ return LDB_SUCCESS; } ret = entry_is_group_object(entry); switch (ret) { case LDB_SUCCESS: /* it's a group object, continue */ break; case LDB_ERR_NO_SUCH_ATTRIBUTE: /* it is not a group object, just return */ return LDB_SUCCESS; default: /* an error occured, return */ return ret; } ldb_debug(ldb_module_get_ctx(add_ctx->ctx->module), LDB_DEBUG_TRACE, "will add %d ghost users to %d parents\n", num_gh_vals, parents->num); for (i = 0; i < parents->num; i++) { for (j = 0; j < num_gh_vals; j++) { ret = mbof_append_muop(add_ctx, &add_ctx->muops, &add_ctx->num_muops, LDB_FLAG_MOD_ADD, parents->dns[i], (const char *) ghvals[j].data, DB_GHOST); if (ret != LDB_SUCCESS) { return ret; } } } return LDB_SUCCESS; } static int memberof_recompute_task(struct ldb_module *module, struct ldb_request *req); static int mbof_add_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_next_add(struct mbof_add_operation *addop); static int mbof_next_add_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_add_operation(struct mbof_add_operation *addop); static int mbof_add_fill_ghop(struct mbof_add_ctx *add_ctx, struct ldb_message *entry, struct mbof_dn_array *parents); static int mbof_add_missing(struct mbof_add_ctx *add_ctx, struct ldb_dn *dn); static int mbof_add_cleanup(struct mbof_add_ctx *add_ctx); static int mbof_add_cleanup_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_add_muop(struct mbof_add_ctx *add_ctx); static int mbof_add_muop_callback(struct ldb_request *req, struct ldb_reply *ares); static int memberof_add(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb = ldb_module_get_ctx(module); struct mbof_add_ctx *add_ctx; struct mbof_ctx *ctx; struct ldb_request *add_req; struct ldb_message_element *el; struct mbof_dn_array *parents; struct ldb_dn *valdn; int i, ret; if (ldb_dn_is_special(req->op.add.message->dn)) { if (strcmp("@MEMBEROF-REBUILD", ldb_dn_get_linearized(req->op.add.message->dn)) == 0) { return memberof_recompute_task(module, req); } /* do not manipulate other control entries */ return ldb_next_request(module, req); } /* check if memberof is specified */ el = ldb_msg_find_element(req->op.add.message, DB_MEMBEROF); if (el) { ldb_debug(ldb, LDB_DEBUG_ERROR, "Error: the memberof attribute is readonly."); return LDB_ERR_UNWILLING_TO_PERFORM; } /* check if memberuid is specified */ el = ldb_msg_find_element(req->op.add.message, DB_MEMBERUID); if (el) { ldb_debug(ldb, LDB_DEBUG_ERROR, "Error: the memberuid attribute is readonly."); return LDB_ERR_UNWILLING_TO_PERFORM; } ctx = mbof_init(module, req); if (!ctx) { return LDB_ERR_OPERATIONS_ERROR; } add_ctx = talloc_zero(ctx, struct mbof_add_ctx); if (!add_ctx) { return LDB_ERR_OPERATIONS_ERROR; } add_ctx->ctx = ctx; add_ctx->msg = ldb_msg_copy(add_ctx, req->op.add.message); if (!add_ctx->msg) { return LDB_ERR_OPERATIONS_ERROR; } add_ctx->msg_dn = add_ctx->msg->dn; /* continue with normal ops if there are no members */ el = ldb_msg_find_element(add_ctx->msg, DB_MEMBER); if (!el) { add_ctx->terminate = true; goto done; } parents = talloc_zero(add_ctx, struct mbof_dn_array); if (!parents) { return LDB_ERR_OPERATIONS_ERROR; } parents->dns = talloc_array(parents, struct ldb_dn *, 1); if (!parents->dns) { return LDB_ERR_OPERATIONS_ERROR; } parents->dns[0] = add_ctx->msg_dn; parents->num = 1; /* process new members */ /* check we are not adding ourselves as member as well */ for (i = 0; i < el->num_values; i++) { valdn = ldb_dn_from_ldb_val(add_ctx, ldb, &el->values[i]); if (!valdn || !ldb_dn_validate(valdn)) { ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid dn value: [%s]", (const char *)el->values[i].data); return LDB_ERR_INVALID_DN_SYNTAX; } if (ldb_dn_compare(valdn, req->op.add.message->dn) == 0) { ldb_debug(ldb, LDB_DEBUG_ERROR, "Adding self as member is not permitted! Skipping"); continue; } ret = mbof_append_addop(add_ctx, parents, valdn); if (ret != LDB_SUCCESS) { return ret; } } done: /* add original object */ ret = ldb_build_add_req(&add_req, ldb, add_ctx, add_ctx->msg, req->controls, add_ctx, mbof_add_callback, req); if (ret != LDB_SUCCESS) { return ret; } return ldb_next_request(module, add_req); } static int mbof_add_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_add_ctx *add_ctx; struct mbof_ctx *ctx; int ret; add_ctx = talloc_get_type(req->context, struct mbof_add_ctx); ctx = add_ctx->ctx; if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: /* shouldn't happen */ talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: if (add_ctx->terminate) { return ldb_module_done(ctx->req, ctx->ret_ctrls, ctx->ret_resp, LDB_SUCCESS); } if (add_ctx->current_op == NULL) { /* first operation */ ctx->ret_ctrls = talloc_steal(ctx, ares->controls); ctx->ret_resp = talloc_steal(ctx, ares->response); ret = mbof_next_add(add_ctx->add_list); } else if (add_ctx->current_op->next) { /* next operation */ ret = mbof_next_add(add_ctx->current_op->next); } else { /* no more operations */ if (add_ctx->missing) { ret = mbof_add_cleanup(add_ctx); } else if (add_ctx->muops) { ret = mbof_add_muop(add_ctx); } else { return ldb_module_done(ctx->req, ctx->ret_ctrls, ctx->ret_resp, LDB_SUCCESS); } } if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } } talloc_zfree(ares); return LDB_SUCCESS; } static int mbof_next_add(struct mbof_add_operation *addop) { static const char *attrs[] = { DB_OC, DB_NAME, DB_MEMBER, DB_GHOST, DB_MEMBEROF, NULL }; struct ldb_context *ldb; struct ldb_request *req; struct mbof_add_ctx *add_ctx; struct mbof_ctx *ctx; int ret; add_ctx = addop->add_ctx; ctx = add_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); /* mark the operation as being handled */ add_ctx->current_op = addop; ret = ldb_build_search_req(&req, ldb, ctx, addop->entry_dn, LDB_SCOPE_BASE, NULL, attrs, NULL, addop, mbof_next_add_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } return ldb_request(ldb, req); } static int mbof_next_add_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_add_operation *addop; struct mbof_add_ctx *add_ctx; struct ldb_context *ldb; struct mbof_ctx *ctx; int ret; addop = talloc_get_type(req->context, struct mbof_add_operation); add_ctx = addop->add_ctx; ctx = add_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: if (addop->entry != NULL) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Found multiple entries for (%s)", ldb_dn_get_linearized(addop->entry_dn)); /* more than one entry per dn ?? db corrupted ? */ return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } addop->entry = talloc_steal(addop, ares->message); if (addop->entry == NULL) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } break; case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: talloc_zfree(ares); if (addop->entry == NULL) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Entry not found (%s)", ldb_dn_get_linearized(addop->entry_dn)); /* this target does not exists, save as missing */ ret = mbof_add_missing(add_ctx, addop->entry_dn); if (ret != LDB_SUCCESS) { return ldb_module_done(ctx->req, NULL, NULL, ret); } /* now try the next operation */ if (add_ctx->current_op->next) { ret = mbof_next_add(add_ctx->current_op->next); } else { /* no more operations */ if (add_ctx->missing) { ret = mbof_add_cleanup(add_ctx); } else if (add_ctx->muops) { ret = mbof_add_muop(add_ctx); } else { return ldb_module_done(ctx->req, ctx->ret_ctrls, ctx->ret_resp, LDB_SUCCESS); } } if (ret != LDB_SUCCESS) { return ldb_module_done(ctx->req, NULL, NULL, ret); } } else { ret = mbof_add_operation(addop); if (ret != LDB_SUCCESS) { return ldb_module_done(ctx->req, NULL, NULL, ret); } } return LDB_SUCCESS; } talloc_zfree(ares); return LDB_SUCCESS; } /* if it is a group, add all members for cascade effect * add memberof attribute to this entry */ static int mbof_add_operation(struct mbof_add_operation *addop) { TALLOC_CTX *tmp_ctx; struct mbof_ctx *ctx; struct mbof_add_ctx *add_ctx; struct ldb_context *ldb; struct ldb_message_element *el; struct ldb_request *mod_req; struct ldb_message *msg; struct ldb_dn *elval_dn; struct ldb_dn *valdn; struct mbof_dn_array *parents; int i, j, ret; const char *val; const char *name; add_ctx = addop->add_ctx; ctx = add_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); parents = talloc_zero(add_ctx, struct mbof_dn_array); if (!parents) { return LDB_ERR_OPERATIONS_ERROR; } /* can't be more than the immediate parent */ parents->dns = talloc_array(parents, struct ldb_dn *, addop->parents->num); if (!parents->dns) { return LDB_ERR_OPERATIONS_ERROR; } /* create new parent set for this entry */ for (i = 0; i < addop->parents->num; i++) { /* never add yourself as memberof */ if (ldb_dn_compare(addop->parents->dns[i], addop->entry_dn) == 0) { continue; } parents->dns[parents->num] = addop->parents->dns[i]; parents->num++; } /* remove entries that are already there */ el = ldb_msg_find_element(addop->entry, DB_MEMBEROF); if (el) { tmp_ctx = talloc_new(addop); if (!tmp_ctx) return LDB_ERR_OPERATIONS_ERROR; for (i = 0; i < el->num_values; i++) { elval_dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &el->values[i]); if (!elval_dn) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Invalid DN in memberof [%s]", (const char *)el->values[i].data); talloc_free(tmp_ctx); return LDB_ERR_OPERATIONS_ERROR; } for (j = 0; j < parents->num; j++) { if (ldb_dn_compare(parents->dns[j], elval_dn) == 0) { /* duplicate found */ break; } } if (j < parents->num) { /* remove duplicate */ for (;j+1 < parents->num; j++) { parents->dns[j] = parents->dns[j+1]; } parents->num--; } } if (parents->num == 0) { /* already contains all parents as memberof, skip to next */ talloc_free(tmp_ctx); talloc_free(addop->entry); addop->entry = NULL; if (addop->next) { return mbof_next_add(addop->next); } else if (add_ctx->muops) { return mbof_add_muop(add_ctx); } else { /* that was the last entry, get out */ return ldb_module_done(ctx->req, ctx->ret_ctrls, ctx->ret_resp, LDB_SUCCESS); } } talloc_free(tmp_ctx); } /* if it is a group add all members */ el = ldb_msg_find_element(addop->entry, DB_MEMBER); if (el) { for (i = 0; i < el->num_values; i++) { valdn = ldb_dn_from_ldb_val(add_ctx, ldb, &el->values[i]); if (!valdn) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Invalid DN in member [%s]", (const char *)el->values[i].data); return LDB_ERR_OPERATIONS_ERROR; } if (!ldb_dn_validate(valdn)) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Invalid DN syntax for member [%s]", (const char *)el->values[i].data); return LDB_ERR_INVALID_DN_SYNTAX; } ret = mbof_append_addop(add_ctx, parents, valdn); if (ret != LDB_SUCCESS) { return ret; } } } /* check if we need to store memberuid ops for this entry */ ret = entry_is_user_object(addop->entry); switch (ret) { case LDB_SUCCESS: /* it's a user object */ name = ldb_msg_find_attr_as_string(addop->entry, DB_NAME, NULL); if (!name) { return LDB_ERR_OPERATIONS_ERROR; } for (i = 0; i < parents->num; i++) { ret = mbof_append_muop(add_ctx, &add_ctx->muops, &add_ctx->num_muops, LDB_FLAG_MOD_ADD, parents->dns[i], name, DB_MEMBERUID); if (ret != LDB_SUCCESS) { return ret; } } break; case LDB_ERR_NO_SUCH_ATTRIBUTE: /* it is not a user object, continue */ break; default: /* an error occured, return */ return ret; } ret = mbof_add_fill_ghop(add_ctx, addop->entry, parents); if (ret != LDB_SUCCESS) { return ret; } /* we are done with the entry now */ talloc_free(addop->entry); addop->entry = NULL; /* add memberof to entry */ msg = ldb_msg_new(addop); if (!msg) return LDB_ERR_OPERATIONS_ERROR; msg->dn = addop->entry_dn; ret = ldb_msg_add_empty(msg, DB_MEMBEROF, LDB_FLAG_MOD_ADD, &el); if (ret != LDB_SUCCESS) { return ret; } el->values = talloc_array(msg, struct ldb_val, parents->num); if (!el->values) { return LDB_ERR_OPERATIONS_ERROR; } for (i = 0, j = 0; i < parents->num; i++) { if (ldb_dn_compare(parents->dns[i], msg->dn) == 0) continue; val = ldb_dn_get_linearized(parents->dns[i]); el->values[j].length = strlen(val); el->values[j].data = (uint8_t *)talloc_strdup(el->values, val); if (!el->values[j].data) { return LDB_ERR_OPERATIONS_ERROR; } j++; } el->num_values = j; ret = ldb_build_mod_req(&mod_req, ldb, add_ctx, msg, NULL, add_ctx, mbof_add_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } talloc_steal(mod_req, msg); return ldb_next_request(ctx->module, mod_req); } static int mbof_add_fill_ghop(struct mbof_add_ctx *add_ctx, struct ldb_message *entry, struct mbof_dn_array *parents) { struct ldb_message_element *ghel; ghel = ldb_msg_find_element(entry, DB_GHOST); if (ghel == NULL || ghel->num_values == 0) { /* No ghel attribute, just return success */ return LDB_SUCCESS; } return mbof_add_fill_ghop_ex(add_ctx, entry, parents, ghel->values, ghel->num_values); } static int mbof_add_missing(struct mbof_add_ctx *add_ctx, struct ldb_dn *dn) { struct mbof_dn *mdn; mdn = talloc(add_ctx, struct mbof_dn); if (!mdn) { return LDB_ERR_OPERATIONS_ERROR; } mdn->dn = talloc_steal(mdn, dn); /* add to the list */ mdn->next = add_ctx->missing; add_ctx->missing = mdn; return LDB_SUCCESS; } /* remove unexisting members and add memberuid attribute */ static int mbof_add_cleanup(struct mbof_add_ctx *add_ctx) { struct ldb_context *ldb; struct ldb_message *msg; struct ldb_request *mod_req; struct ldb_message_element *el; struct mbof_ctx *ctx; struct mbof_dn *iter; const char *val; int ret, i, num; ctx = add_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); num = 0; for (iter = add_ctx->missing; iter; iter = iter->next) { num++; } if (num == 0) { return LDB_ERR_OPERATIONS_ERROR; } msg = ldb_msg_new(add_ctx); if (!msg) return LDB_ERR_OPERATIONS_ERROR; msg->dn = add_ctx->msg_dn; ret = ldb_msg_add_empty(msg, DB_MEMBER, LDB_FLAG_MOD_DELETE, &el); if (ret != LDB_SUCCESS) { return ret; } el->values = talloc_array(msg, struct ldb_val, num); if (!el->values) { return LDB_ERR_OPERATIONS_ERROR; } el->num_values = num; for (i = 0, iter = add_ctx->missing; iter; iter = iter->next, i++) { val = ldb_dn_get_linearized(iter->dn); el->values[i].length = strlen(val); el->values[i].data = (uint8_t *)talloc_strdup(el->values, val); if (!el->values[i].data) { return LDB_ERR_OPERATIONS_ERROR; } } ret = ldb_build_mod_req(&mod_req, ldb, add_ctx, msg, NULL, add_ctx, mbof_add_cleanup_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } return ldb_next_request(ctx->module, mod_req); } static int mbof_add_cleanup_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_add_ctx *add_ctx; struct mbof_ctx *ctx; int ret; add_ctx = talloc_get_type(req->context, struct mbof_add_ctx); ctx = add_ctx->ctx; if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: /* shouldn't happen */ talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: if (add_ctx->muops) { ret = mbof_add_muop(add_ctx); } else { return ldb_module_done(ctx->req, ctx->ret_ctrls, ctx->ret_resp, LDB_SUCCESS); } if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } } talloc_zfree(ares); return LDB_SUCCESS; } /* add memberuid attributes to parent groups */ static int mbof_add_muop(struct mbof_add_ctx *add_ctx) { struct ldb_context *ldb; struct ldb_message *msg; struct ldb_request *mod_req; struct mbof_ctx *ctx; int ret; ctx = add_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); msg = ldb_msg_new(add_ctx); if (!msg) return LDB_ERR_OPERATIONS_ERROR; msg->dn = add_ctx->muops[add_ctx->cur_muop].dn; msg->elements = add_ctx->muops[add_ctx->cur_muop].el; msg->num_elements = 1; ret = ldb_build_mod_req(&mod_req, ldb, add_ctx, msg, NULL, add_ctx, mbof_add_muop_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } ret = ldb_request_add_control(mod_req, LDB_CONTROL_PERMISSIVE_MODIFY_OID, false, NULL); if (ret != LDB_SUCCESS) { talloc_free(mod_req); return ret; } return ldb_next_request(ctx->module, mod_req); } static int mbof_add_muop_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_add_ctx *add_ctx; struct mbof_ctx *ctx; int ret; add_ctx = talloc_get_type(req->context, struct mbof_add_ctx); ctx = add_ctx->ctx; if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: /* shouldn't happen */ talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: add_ctx->cur_muop++; if (add_ctx->cur_muop < add_ctx->num_muops) { ret = mbof_add_muop(add_ctx); } else { return ldb_module_done(ctx->req, ctx->ret_ctrls, ctx->ret_resp, LDB_SUCCESS); } if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } } talloc_zfree(ares); return LDB_SUCCESS; } /* delete operations */ /* The implementation of delete operations is a bit more complex than an add * operation. This is because we need to recompute memberships of potentially * quite far descendants and we also have to account for loops and how to * break them without ending in an endless loop ourselves. * The difficulty is in the fact that while the member -> memberof link is * direct, memberof -> member is not as membership is transitive. * * Ok, first of all, contrary to the add operation, a delete operation * involves an existing object that may have existing parents. So, first, we * search the object itself to get the original membership lists (member and * memberof) for this object, and we also search for any object that has it as * one of its members. * Once we have the results, we store object and parents and proceed with the * original operation to make sure it is valid. * * Once the original op returns we proceed fixing parents (parents being each * object that has the delete operation target object as member), if any. * * For each parent we retrieved we proceed to delete the member attribute that * points to the object we just deleted. Once done for all parents (or if no * parents exists), we proceed with the children and descendants. * * To handle the children we create a first ancestor operation that reflects * the delete we just made. We set as parents of this object the parents just * retrieved with the first search. Then we create a remove list. * * The remove list contains all objects in the original memberof list and the * object dn itself of the original delete operation target object (the first * ancestor). * * An operation is identified by an object that contains a tree of * descendants: * The remove list for the children, the immediate parent, and the dn and * entry of the object this operation is about. * * We now proceed with adding a new operation for each original member of the * first ancestor. * * In each operation we must first lookup the target object and each immediate * parent (all the objects in the tree that have target as a "member"). * * Then we proceed to calculate the new memberof list that we are going to set * on the target object. * The new memberof list starts with including all the objects that have the * target as their direct member. * Finally for each entry in this provisional new memberof list we add all its * memberof elements to the new memberof list (taking care of excluding * duplicates). This way we are certain all direct and indirect membership are * accounted for. * * At this point we have the final new memberof list for this operation and we * can proceed to modify the entry. * * Once the entry has been modified we proceed again to check if there are any * children of this entry (the entry has "member"s). * We create a new remove list that is the difference between the original * entry memberof list and the new memberof list we just stored back in the * object. * Then for each member we create a new operation. * * We continue to process operations until no new operations need to be * performed. * * Ordering is important here, se the mbof_del_get_next() function to * understand how we proceed to select which new operation to process. * * As a final operation remove any memberuid corresponding to a removal of * a memberof field from a user entry. Also if the original entry had a ghost * attribute, we need to remove that attribute from all its parents as well. * * There is one catch though - at the memberof level, we can't know if the * attribute being removed from a parent group is just inherited from the group * being removed or also a direct member of the parent group. To make sure * that the attribute is displayed next time the group is requested, we also * set expire the parent group at the same time. */ static int mbof_del_search_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_orig_del(struct mbof_del_ctx *ctx); static int mbof_orig_del_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_del_cleanup_parents(struct mbof_del_ctx *del_ctx); static int mbof_del_clean_par_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_del_cleanup_children(struct mbof_del_ctx *del_ctx); static int mbof_append_delop(struct mbof_del_operation *parent, struct ldb_dn *entry_dn); static int mbof_del_execute_op(struct mbof_del_operation *delop); static int mbof_del_exop_search_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_del_execute_cont(struct mbof_del_operation *delop); static int mbof_del_ancestors(struct mbof_del_operation *delop); static int mbof_del_anc_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_del_mod_entry(struct mbof_del_operation *delop); static int mbof_del_mod_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_del_progeny(struct mbof_del_operation *delop); static int mbof_del_get_next(struct mbof_del_operation *delop, struct mbof_del_operation **nextop); static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx, struct ldb_message *entry); static int mbof_del_fill_ghop(struct mbof_del_ctx *del_ctx, struct ldb_message *entry); static int mbof_del_muop(struct mbof_del_ctx *ctx); static int mbof_del_muop_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_del_ghop(struct mbof_del_ctx *del_ctx); static int mbof_del_ghop_callback(struct ldb_request *req, struct ldb_reply *ares); static void free_delop_contents(struct mbof_del_operation *delop); static int memberof_del(struct ldb_module *module, struct ldb_request *req) { static const char *attrs[] = { DB_OC, DB_NAME, DB_MEMBER, DB_MEMBEROF, DB_GHOST, NULL }; struct ldb_context *ldb = ldb_module_get_ctx(module); struct mbof_del_operation *first; struct ldb_request *search; char *expression; const char *dn; char *clean_dn; struct mbof_del_ctx *del_ctx; struct mbof_ctx *ctx; int ret; errno_t sret; if (ldb_dn_is_special(req->op.del.dn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } ctx = mbof_init(module, req); if (!ctx) { return LDB_ERR_OPERATIONS_ERROR; } del_ctx = talloc_zero(ctx, struct mbof_del_ctx); if (!del_ctx) { talloc_free(ctx); return LDB_ERR_OPERATIONS_ERROR; } del_ctx->ctx = ctx; /* create first entry */ /* the first entry is the parent of all entries and the one where we remove * member from, it does not get the same treatment as others */ first = talloc_zero(del_ctx, struct mbof_del_operation); if (!first) { talloc_free(ctx); return LDB_ERR_OPERATIONS_ERROR; } del_ctx->first = first; first->del_ctx = del_ctx; first->entry_dn = req->op.del.dn; dn = ldb_dn_get_linearized(req->op.del.dn); if (!dn) { talloc_free(ctx); return LDB_ERR_OPERATIONS_ERROR; } sret = sss_filter_sanitize(del_ctx, dn, &clean_dn); if (sret != 0) { talloc_free(ctx); return LDB_ERR_OPERATIONS_ERROR; } expression = talloc_asprintf(del_ctx, "(|(distinguishedName=%s)(%s=%s))", clean_dn, DB_MEMBER, clean_dn); if (!expression) { talloc_free(ctx); return LDB_ERR_OPERATIONS_ERROR; } talloc_zfree(clean_dn); ret = ldb_build_search_req(&search, ldb, del_ctx, NULL, LDB_SCOPE_SUBTREE, expression, attrs, NULL, first, mbof_del_search_callback, req); if (ret != LDB_SUCCESS) { talloc_free(ctx); return ret; } return ldb_request(ldb, search); } static int mbof_del_search_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_del_operation *first; struct ldb_context *ldb; struct ldb_message *msg; struct mbof_del_ctx *del_ctx; struct mbof_ctx *ctx; int ret; first = talloc_get_type(req->context, struct mbof_del_operation); del_ctx = first->del_ctx; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: msg = ares->message; if (ldb_dn_compare(msg->dn, ctx->req->op.del.dn) == 0) { if (first->entry != NULL) { /* more than one entry per dn ?? db corrupted ? */ return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } first->entry = talloc_steal(first, msg); if (first->entry == NULL) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } } else { first->parents = talloc_realloc(first, first->parents, struct ldb_message *, first->num_parents + 1); if (!first->parents) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } msg = talloc_steal(first->parents, ares->message); if (!msg) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } first->parents[first->num_parents] = msg; first->num_parents++; } break; case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: if (first->entry == NULL) { /* this target does not exists, too bad! */ ldb_debug(ldb, LDB_DEBUG_TRACE, "Target entry (%s) not found", ldb_dn_get_linearized(first->entry_dn)); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_NO_SUCH_OBJECT); } /* now perform the requested delete, before proceeding further */ ret = mbof_orig_del(del_ctx); if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } } talloc_zfree(ares); return LDB_SUCCESS; } static int mbof_orig_del(struct mbof_del_ctx *del_ctx) { struct ldb_request *del_req; struct mbof_ctx *ctx; int ret; ctx = del_ctx->ctx; ret = ldb_build_del_req(&del_req, ldb_module_get_ctx(ctx->module), ctx->req, ctx->req->op.del.dn, NULL, del_ctx, mbof_orig_del_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } return ldb_next_request(ctx->module, del_req); } static int mbof_orig_del_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ldb_context *ldb; struct mbof_del_ctx *del_ctx; struct mbof_ctx *ctx; int ret; del_ctx = talloc_get_type(req->context, struct mbof_del_ctx); ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } if (ares->type != LDB_REPLY_DONE) { talloc_zfree(ares); ldb_set_errstring(ldb, "Invalid reply type!"); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } /* save real call stuff */ ctx->ret_ctrls = talloc_steal(ctx, ares->controls); ctx->ret_resp = talloc_steal(ctx, ares->response); /* prep following clean ops */ if (del_ctx->first->num_parents) { /* if there are parents there may be memberuids to remove */ ret = mbof_del_fill_muop(del_ctx, del_ctx->first->entry); if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } /* ..or ghost attributes to remove */ ret = mbof_del_fill_ghop(del_ctx, del_ctx->first->entry); if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } /* if there are any parents, fire a removal sequence */ ret = mbof_del_cleanup_parents(del_ctx); } else if (ldb_msg_find_element(del_ctx->first->entry, DB_MEMBER)) { /* if there are any children, fire a removal sequence */ ret = mbof_del_cleanup_children(del_ctx); } /* see if there are memberuid operations to perform */ else if (del_ctx->muops) { return mbof_del_muop(del_ctx); } /* see if we need to remove some ghost users */ else if (del_ctx->ghops) { return mbof_del_ghop(del_ctx); } else { /* no parents nor children, end ops */ return ldb_module_done(ctx->req, ares->controls, ares->response, LDB_SUCCESS); } if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } talloc_zfree(ares); return LDB_SUCCESS; } static int mbof_del_cleanup_parents(struct mbof_del_ctx *del_ctx) { struct mbof_del_operation *first; struct mbof_ctx *ctx; struct ldb_context *ldb; struct ldb_request *mod_req; struct ldb_message *msg; struct ldb_message_element *el; const char *val; int ret; first = del_ctx->first; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); msg = ldb_msg_new(first->parents); if (!msg) return LDB_ERR_OPERATIONS_ERROR; msg->dn = first->parents[first->cur_parent]->dn; first->cur_parent++; ret = ldb_msg_add_empty(msg, DB_MEMBER, LDB_FLAG_MOD_DELETE, &el); if (ret != LDB_SUCCESS) { return ret; } el->values = talloc_array(msg, struct ldb_val, 1); if (!el->values) { return LDB_ERR_OPERATIONS_ERROR; } val = ldb_dn_get_linearized(first->entry_dn); el->values[0].length = strlen(val); el->values[0].data = (uint8_t *)talloc_strdup(el->values, val); if (!el->values[0].data) { return LDB_ERR_OPERATIONS_ERROR; } el->num_values = 1; ret = ldb_build_mod_req(&mod_req, ldb, first->parents, msg, NULL, del_ctx, mbof_del_clean_par_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } return ldb_next_request(ctx->module, mod_req); } static int mbof_del_clean_par_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_del_operation *first; struct ldb_context *ldb; struct mbof_del_ctx *del_ctx; struct mbof_ctx *ctx; int ret; del_ctx = talloc_get_type(req->context, struct mbof_del_ctx); first = del_ctx->first; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } if (ares->type != LDB_REPLY_DONE) { talloc_zfree(ares); ldb_set_errstring(ldb, "Invalid reply type!"); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (first->num_parents > first->cur_parent) { /* still parents to cleanup, go on */ ret = mbof_del_cleanup_parents(del_ctx); } else { /* continue */ if (ldb_msg_find_element(first->entry, DB_MEMBER)) { /* if there are any children, fire a removal sequence */ ret = mbof_del_cleanup_children(del_ctx); } /* see if there are memberuid operations to perform */ else if (del_ctx->muops) { return mbof_del_muop(del_ctx); } /* see if we need to remove some ghost users */ else if (del_ctx->ghops) { return mbof_del_ghop(del_ctx); } else { /* no children, end ops */ return ldb_module_done(ctx->req, ctx->ret_ctrls, ctx->ret_resp, LDB_SUCCESS); } } if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } talloc_zfree(ares); return LDB_SUCCESS; } static int mbof_del_cleanup_children(struct mbof_del_ctx *del_ctx) { struct mbof_del_operation *first; struct mbof_ctx *ctx; struct ldb_context *ldb; const struct ldb_message_element *el; struct ldb_dn *valdn; int i, ret; first = del_ctx->first; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); el = ldb_msg_find_element(first->entry, DB_MEMBER); /* prepare del sets */ for (i = 0; i < el->num_values; i++) { valdn = ldb_dn_from_ldb_val(first, ldb, &el->values[i]); if (!valdn || !ldb_dn_validate(valdn)) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Invalid dn syntax for member [%s]", (const char *)el->values[i].data); return LDB_ERR_INVALID_DN_SYNTAX; } ret = mbof_append_delop(first, valdn); if (ret != LDB_SUCCESS) { return ret; } } /* now that sets are built, start processing */ return mbof_del_execute_op(first->children[0]); } static int mbof_append_delop(struct mbof_del_operation *parent, struct ldb_dn *entry_dn) { struct mbof_del_operation *delop; delop = talloc_zero(parent, struct mbof_del_operation); if (!delop) { return LDB_ERR_OPERATIONS_ERROR; } delop->del_ctx = parent->del_ctx; delop->parent = parent; delop->entry_dn = entry_dn; parent->children = talloc_realloc(parent, parent->children, struct mbof_del_operation *, parent->num_children +1); if (!parent->children) { talloc_free(delop); return LDB_ERR_OPERATIONS_ERROR; } parent->children[parent->num_children] = delop; parent->num_children++; return LDB_SUCCESS; } static int mbof_del_execute_op(struct mbof_del_operation *delop) { struct mbof_del_ctx *del_ctx; struct mbof_ctx *ctx; struct ldb_context *ldb; struct ldb_request *search; char *expression; const char *dn; char *clean_dn; static const char *attrs[] = { DB_OC, DB_NAME, DB_MEMBER, DB_MEMBEROF, NULL }; int ret; del_ctx = delop->del_ctx; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); /* load entry */ dn = ldb_dn_get_linearized(delop->entry_dn); if (!dn) { return LDB_ERR_OPERATIONS_ERROR; } ret = sss_filter_sanitize(del_ctx, dn, &clean_dn); if (ret != 0) { return LDB_ERR_OPERATIONS_ERROR; } expression = talloc_asprintf(del_ctx, "(|(distinguishedName=%s)(%s=%s))", clean_dn, DB_MEMBER, clean_dn); if (!expression) { return LDB_ERR_OPERATIONS_ERROR; } talloc_zfree(clean_dn); ret = ldb_build_search_req(&search, ldb, delop, NULL, LDB_SCOPE_SUBTREE, expression, attrs, NULL, delop, mbof_del_exop_search_callback, ctx->req); if (ret != LDB_SUCCESS) { talloc_free(ctx); return ret; } return ldb_request(ldb, search); } static int mbof_del_exop_search_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_del_operation *delop; struct mbof_del_ctx *del_ctx; struct ldb_context *ldb; struct mbof_ctx *ctx; struct ldb_message *msg; int ret; delop = talloc_get_type(req->context, struct mbof_del_operation); del_ctx = delop->del_ctx; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: msg = ares->message; if (ldb_dn_compare(msg->dn, delop->entry_dn) == 0) { if (delop->entry != NULL) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Found multiple entries for (%s)", ldb_dn_get_linearized(delop->entry_dn)); /* more than one entry per dn ?? db corrupted ? */ return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } delop->entry = talloc_steal(delop, msg); if (delop->entry == NULL) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } } else { delop->parents = talloc_realloc(delop, delop->parents, struct ldb_message *, delop->num_parents + 1); if (!delop->parents) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } msg = talloc_steal(delop->parents, msg); if (!msg) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } delop->parents[delop->num_parents] = msg; delop->num_parents++; } break; case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: if (delop->entry == NULL) { /* no target, no party! */ return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } /* ok process the entry */ ret = mbof_del_execute_cont(delop); if (ret != LDB_SUCCESS) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } } talloc_zfree(ares); return LDB_SUCCESS; } static int mbof_del_execute_cont(struct mbof_del_operation *delop) { struct mbof_del_ancestors_ctx *anc_ctx; struct mbof_dn_array *new_list; int i; anc_ctx = talloc_zero(delop, struct mbof_del_ancestors_ctx); if (!anc_ctx) { return LDB_ERR_OPERATIONS_ERROR; } delop->anc_ctx = anc_ctx; new_list = talloc_zero(anc_ctx, struct mbof_dn_array); if (!new_list) { return LDB_ERR_OPERATIONS_ERROR; } /* at the very least we have a number of memberof elements * equal to the number of objects that have this entry as * direct member */ new_list->num = delop->num_parents; /* attach the list to the operation */ delop->anc_ctx->new_list = new_list; delop->anc_ctx->num_direct = new_list->num; /* do we have any direct parent at all ? */ if (new_list->num == 0) { /* no entries at all, entry ended up being orphaned */ /* skip to directly set the new memberof list for this entry */ return mbof_del_mod_entry(delop); } /* fill in the list if we have parents */ new_list->dns = talloc_zero_array(new_list, struct ldb_dn *, new_list->num); if (!new_list->dns) { return LDB_ERR_OPERATIONS_ERROR; } for (i = 0; i < delop->num_parents; i++) { new_list->dns[i] = delop->parents[i]->dn; } /* before proceeding we also need to fetch the ancestors (anew as some may * have changed by preceeding operations) */ return mbof_del_ancestors(delop); } static int mbof_del_ancestors(struct mbof_del_operation *delop) { struct mbof_del_ancestors_ctx *anc_ctx; struct mbof_del_ctx *del_ctx; struct mbof_ctx *ctx; struct ldb_context *ldb; struct mbof_dn_array *new_list; static const char *attrs[] = { DB_MEMBEROF, NULL }; struct ldb_request *search; int ret; del_ctx = delop->del_ctx; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); anc_ctx = delop->anc_ctx; new_list = anc_ctx->new_list; ret = ldb_build_search_req(&search, ldb, anc_ctx, new_list->dns[anc_ctx->cur], LDB_SCOPE_BASE, NULL, attrs, NULL, delop, mbof_del_anc_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } return ldb_request(ldb, search); } static int mbof_del_anc_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_del_ancestors_ctx *anc_ctx; struct mbof_del_operation *delop; struct mbof_del_ctx *del_ctx; struct mbof_ctx *ctx; struct ldb_context *ldb; struct ldb_message *msg; const struct ldb_message_element *el; struct mbof_dn_array *new_list; struct ldb_dn *valdn; int i, j, ret; delop = talloc_get_type(req->context, struct mbof_del_operation); del_ctx = delop->del_ctx; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); anc_ctx = delop->anc_ctx; new_list = anc_ctx->new_list; if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: msg = ares->message; if (anc_ctx->entry != NULL) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Found multiple entries for (%s)", ldb_dn_get_linearized(anc_ctx->entry->dn)); /* more than one entry per dn ?? db corrupted ? */ return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } anc_ctx->entry = talloc_steal(anc_ctx, msg); if (anc_ctx->entry == NULL) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } break; case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: if (anc_ctx->entry == NULL) { /* no target, no party! */ return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } /* check entry */ el = ldb_msg_find_element(anc_ctx->entry, DB_MEMBEROF); if (el) { for (i = 0; i < el->num_values; i++) { valdn = ldb_dn_from_ldb_val(new_list, ldb, &el->values[i]); if (!valdn) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Invalid dn for memberof: (%s)", (const char *)el->values[i].data); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } for (j = 0; j < new_list->num; j++) { if (ldb_dn_compare(valdn, new_list->dns[j]) == 0) break; } if (j < new_list->num) { talloc_free(valdn); continue; } /* do not re-add the original deleted entry by mistake */ if (ldb_dn_compare(valdn, del_ctx->first->entry_dn) == 0) { talloc_free(valdn); continue; } new_list->dns = talloc_realloc(new_list, new_list->dns, struct ldb_dn *, new_list->num + 1); if (!new_list->dns) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } new_list->dns[new_list->num] = valdn; new_list->num++; } } /* done with this one */ talloc_free(anc_ctx->entry); anc_ctx->entry = NULL; anc_ctx->cur++; /* check if we need to process any more */ if (anc_ctx->cur < anc_ctx->num_direct) { /* ok process the next one */ ret = mbof_del_ancestors(delop); } else { /* ok, end of the story, proceed to modify the entry */ ret = mbof_del_mod_entry(delop); } if (ret != LDB_SUCCESS) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } } talloc_zfree(ares); return LDB_SUCCESS; } static int mbof_del_mod_entry(struct mbof_del_operation *delop) { struct mbof_del_ctx *del_ctx; struct mbof_ctx *ctx; struct ldb_context *ldb; struct mbof_dn_array *new_list; struct ldb_request *mod_req; struct ldb_message *msg; struct ldb_message_element *el; struct ldb_dn **diff = NULL; const char *name; const char *val; int i, j, k; bool is_user; int ret; del_ctx = delop->del_ctx; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); new_list = delop->anc_ctx->new_list; /* if this is a user we need to find out which entries have been * removed so that we can later schedule removal of memberuid * attributes from these entries */ ret = entry_is_user_object(delop->entry); switch (ret) { case LDB_SUCCESS: /* it's a user object */ is_user = true; break; case LDB_ERR_NO_SUCH_ATTRIBUTE: /* it is not a user object, continue */ is_user = false; break; default: /* an error occured, return */ return ret; } if (is_user) { /* prepare memberuid delete list */ /* copy all original memberof entries, and then later remove * the ones that will survive in the entry */ el = ldb_msg_find_element(delop->entry, DB_MEMBEROF); if (!el || !el->num_values) { return LDB_ERR_OPERATIONS_ERROR; } diff = talloc_array(del_ctx->muops, struct ldb_dn *, el->num_values + 1); if (!diff) { return LDB_ERR_OPERATIONS_ERROR; } for (i = 0, j = 0; i < el->num_values; i++) { diff[j] = ldb_dn_from_ldb_val(diff, ldb, &el->values[i]); if (!diff[j]) { return LDB_ERR_OPERATIONS_ERROR; } /* skip the deleted entry if this is a delete op */ if (!del_ctx->is_mod) { if (ldb_dn_compare(del_ctx->first->entry_dn, diff[j]) == 0) { continue; } } j++; } /* zero terminate array */ diff[j] = NULL; } /* change memberof on entry */ msg = ldb_msg_new(delop); if (!msg) return LDB_ERR_OPERATIONS_ERROR; msg->dn = delop->entry_dn; if (new_list->num) { ret = ldb_msg_add_empty(msg, DB_MEMBEROF, LDB_FLAG_MOD_REPLACE, &el); if (ret != LDB_SUCCESS) { return ret; } el->values = talloc_array(el, struct ldb_val, new_list->num); if (!el->values) { return LDB_ERR_OPERATIONS_ERROR; } for (i = 0, j = 0; i < new_list->num; i++) { if (ldb_dn_compare(new_list->dns[i], msg->dn) == 0) continue; val = ldb_dn_get_linearized(new_list->dns[i]); if (!val) { return LDB_ERR_OPERATIONS_ERROR; } el->values[j].length = strlen(val); el->values[j].data = (uint8_t *)talloc_strdup(el->values, val); if (!el->values[j].data) { return LDB_ERR_OPERATIONS_ERROR; } j++; if (is_user) { /* compare the entry's original memberof list with the new * one and for each missing entry add a memberuid removal * operation */ for (k = 0; diff[k]; k++) { if (ldb_dn_compare(new_list->dns[i], diff[k]) == 0) { break; } } if (diff[k]) { talloc_zfree(diff[k]); for (; diff[k + 1]; k++) { diff[k] = diff[k + 1]; } diff[k] = NULL; } } } el->num_values = j; } else { ret = ldb_msg_add_empty(msg, DB_MEMBEROF, LDB_FLAG_MOD_DELETE, &el); if (ret != LDB_SUCCESS) { return ret; } } if (is_user && diff[0]) { /* file memberuid removal operations */ name = ldb_msg_find_attr_as_string(delop->entry, DB_NAME, NULL); if (!name) { return LDB_ERR_OPERATIONS_ERROR; } for (i = 0; diff[i]; i++) { ret = mbof_append_muop(del_ctx, &del_ctx->muops, &del_ctx->num_muops, LDB_FLAG_MOD_DELETE, diff[i], name, DB_MEMBERUID); if (ret != LDB_SUCCESS) { return ret; } } } ret = ldb_build_mod_req(&mod_req, ldb, delop, msg, NULL, delop, mbof_del_mod_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } talloc_steal(mod_req, msg); return ldb_next_request(ctx->module, mod_req); } static int mbof_del_mod_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_del_operation *delop; struct mbof_del_ctx *del_ctx; struct ldb_context *ldb; struct mbof_ctx *ctx; int ret; delop = talloc_get_type(req->context, struct mbof_del_operation); del_ctx = delop->del_ctx; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: ldb_debug(ldb, LDB_DEBUG_TRACE, "Got an entry on a non search op ?!"); /* shouldn't happen */ talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); case LDB_REPLY_REFERRAL: /* ignore */ talloc_zfree(ares); break; case LDB_REPLY_DONE: ret = mbof_del_progeny(delop); if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } } return LDB_SUCCESS; } static int mbof_mod_add(struct mbof_mod_ctx *mod_ctx, struct mbof_dn_array *ael, struct mbof_val_array *addgh); static int mbof_del_progeny(struct mbof_del_operation *delop) { struct mbof_ctx *ctx; struct mbof_del_ctx *del_ctx; struct mbof_del_operation *nextop; const struct ldb_message_element *el; struct ldb_context *ldb; struct ldb_dn *valdn; int i, ret; del_ctx = delop->del_ctx; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); /* now verify if this entry is a group and members need to be processed as * well */ el = ldb_msg_find_element(delop->entry, DB_MEMBER); if (el) { for (i = 0; i < el->num_values; i++) { valdn = ldb_dn_from_ldb_val(delop, ldb, &el->values[i]); if (!valdn || !ldb_dn_validate(valdn)) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Invalid DN for member: (%s)", (const char *)el->values[i].data); return LDB_ERR_INVALID_DN_SYNTAX; } ret = mbof_append_delop(delop, valdn); if (ret != LDB_SUCCESS) { return ret; } } } /* finally find the next entry to handle */ ret = mbof_del_get_next(delop, &nextop); if (ret != LDB_SUCCESS) { return ret; } free_delop_contents(delop); if (nextop) { return mbof_del_execute_op(nextop); } /* see if there are memberuid operations to perform */ if (del_ctx->muops) { return mbof_del_muop(del_ctx); } /* see if we need to remove some ghost users */ else if (del_ctx->ghops) { return mbof_del_ghop(del_ctx); } /* see if there are follow functions to run */ if (del_ctx->follow_mod) { return mbof_mod_add(del_ctx->follow_mod, del_ctx->follow_mod->mb_add, del_ctx->follow_mod->gh_add); } /* ok, no more ops, this means our job is done */ return ldb_module_done(ctx->req, ctx->ret_ctrls, ctx->ret_resp, LDB_SUCCESS); } static int mbof_del_get_next(struct mbof_del_operation *delop, struct mbof_del_operation **nextop) { struct mbof_del_operation *top, *cop; struct mbof_del_ctx *del_ctx; struct mbof_dn *save, *tmp; del_ctx = delop->del_ctx; /* first of all, save the current delop in the history */ save = talloc_zero(del_ctx, struct mbof_dn); if (!save) { return LDB_ERR_OPERATIONS_ERROR; } save->dn = delop->entry_dn; if (del_ctx->history) { tmp = del_ctx->history; while (tmp->next) tmp = tmp->next; tmp->next = save; } else { del_ctx->history = save; } /* Find next one */ for (top = delop; top; top = top->parent) { if (top->num_children == 0 || top->next_child >= top->num_children) { /* no children, go for next one */ continue; } while (top->next_child < top->num_children) { cop = top->children[top->next_child]; top->next_child++; /* verify this operation has not already been performed */ for (tmp = del_ctx->history; tmp; tmp = tmp->next) { if (ldb_dn_compare(tmp->dn, cop->entry_dn) == 0) { break; } } if (tmp == NULL) { /* and return the current one */ *nextop = cop; return LDB_SUCCESS; } } } /* we have no more ops */ *nextop = NULL; return LDB_SUCCESS; } static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx, struct ldb_message *entry) { struct ldb_message_element *el; char *name; int ret; int i; el = ldb_msg_find_element(entry, DB_MEMBEROF); if (!el || el->num_values == 0) { /* no memberof attributes ... */ return LDB_SUCCESS; } ret = entry_is_user_object(entry); switch (ret) { case LDB_SUCCESS: /* it's a user object, continue */ break; case LDB_ERR_NO_SUCH_ATTRIBUTE: /* it is not a user object, just return */ return LDB_SUCCESS; default: /* an error occured, return */ return ret; } name = talloc_strdup(del_ctx, ldb_msg_find_attr_as_string(entry, DB_NAME, NULL)); if (!name) { return LDB_ERR_OPERATIONS_ERROR; } for (i = 0; i < el->num_values; i++) { struct ldb_dn *valdn; valdn = ldb_dn_from_ldb_val(del_ctx->muops, ldb_module_get_ctx(del_ctx->ctx->module), &el->values[i]); if (!valdn || !ldb_dn_validate(valdn)) { ldb_debug(ldb_module_get_ctx(del_ctx->ctx->module), LDB_DEBUG_ERROR, "Invalid dn value: [%s]", (const char *)el->values[i].data); } ret = mbof_append_muop(del_ctx, &del_ctx->muops, &del_ctx->num_muops, LDB_FLAG_MOD_DELETE, valdn, name, DB_MEMBERUID); if (ret != LDB_SUCCESS) { return ret; } } return LDB_SUCCESS; } static int mbof_del_fill_ghop_ex(struct mbof_del_ctx *del_ctx, struct ldb_message *entry, struct ldb_val *ghvals, unsigned int num_gh_vals) { struct ldb_message_element *mbof; struct ldb_dn *valdn; int ret; int i, j; mbof = ldb_msg_find_element(entry, DB_MEMBEROF); if (!mbof || mbof->num_values == 0) { /* no memberof attributes ... */ return LDB_SUCCESS; } ret = entry_is_group_object(entry); switch (ret) { case LDB_SUCCESS: /* it's a group object, continue */ break; case LDB_ERR_NO_SUCH_ATTRIBUTE: /* it is not a group object, just return */ return LDB_SUCCESS; default: /* an error occured, return */ return ret; } ldb_debug(ldb_module_get_ctx(del_ctx->ctx->module), LDB_DEBUG_TRACE, "will delete %d ghost users from %d parents\n", num_gh_vals, mbof->num_values); for (i = 0; i < mbof->num_values; i++) { valdn = ldb_dn_from_ldb_val(del_ctx->ghops, ldb_module_get_ctx(del_ctx->ctx->module), &mbof->values[i]); if (!valdn || !ldb_dn_validate(valdn)) { ldb_debug(ldb_module_get_ctx(del_ctx->ctx->module), LDB_DEBUG_ERROR, "Invalid dn value: [%s]", (const char *)mbof->values[i].data); } ldb_debug(ldb_module_get_ctx(del_ctx->ctx->module), LDB_DEBUG_TRACE, "processing ghosts in parent [%s]\n", (const char *) mbof->values[i].data); for (j = 0; j < num_gh_vals; j++) { ret = mbof_append_muop(del_ctx, &del_ctx->ghops, &del_ctx->num_ghops, LDB_FLAG_MOD_DELETE, valdn, (const char *) ghvals[j].data, DB_GHOST); if (ret != LDB_SUCCESS) { return ret; } } } return LDB_SUCCESS; } static int mbof_del_fill_ghop(struct mbof_del_ctx *del_ctx, struct ldb_message *entry) { struct ldb_message_element *ghel; ghel = ldb_msg_find_element(entry, DB_GHOST); if (ghel == NULL || ghel->num_values == 0) { /* No ghel attribute, just return success */ return LDB_SUCCESS; } return mbof_del_fill_ghop_ex(del_ctx, entry, ghel->values, ghel->num_values); } /* del memberuid attributes from parent groups */ static int mbof_del_muop(struct mbof_del_ctx *del_ctx) { struct ldb_context *ldb; struct ldb_message *msg; struct ldb_request *mod_req; struct mbof_ctx *ctx; int ret; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); msg = ldb_msg_new(del_ctx); if (!msg) return LDB_ERR_OPERATIONS_ERROR; msg->dn = del_ctx->muops[del_ctx->cur_muop].dn; msg->elements = del_ctx->muops[del_ctx->cur_muop].el; msg->num_elements = 1; ret = ldb_build_mod_req(&mod_req, ldb, del_ctx, msg, NULL, del_ctx, mbof_del_muop_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } return ldb_next_request(ctx->module, mod_req); } static int mbof_del_muop_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_del_ctx *del_ctx; struct mbof_ctx *ctx; int ret; del_ctx = talloc_get_type(req->context, struct mbof_del_ctx); ctx = del_ctx->ctx; if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } /* if the attribute was not present it means the db is not * perfectly consistent but failing here is not useful * anyway and missing entries cause no harm if we are trying * to remove them anyway */ if (ares->error != LDB_SUCCESS && ares->error != LDB_ERR_NO_SUCH_ATTRIBUTE) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: /* shouldn't happen */ talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: del_ctx->cur_muop++; if (del_ctx->cur_muop < del_ctx->num_muops) { ret = mbof_del_muop(del_ctx); } /* see if we need to remove some ghost users */ else if (del_ctx->ghops) { return mbof_del_ghop(del_ctx); } /* see if there are follow functions to run */ else if (del_ctx->follow_mod) { return mbof_mod_add(del_ctx->follow_mod, del_ctx->follow_mod->mb_add, del_ctx->follow_mod->gh_add); } else { return ldb_module_done(ctx->req, ctx->ret_ctrls, ctx->ret_resp, LDB_SUCCESS); } if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } } talloc_zfree(ares); return LDB_SUCCESS; } /* del ghost attributes from parent groups */ static int mbof_del_ghop(struct mbof_del_ctx *del_ctx) { struct ldb_context *ldb; struct ldb_message *msg; struct ldb_request *mod_req; struct mbof_ctx *ctx; int ret; ctx = del_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); msg = ldb_msg_new(del_ctx); if (!msg) return LDB_ERR_OPERATIONS_ERROR; msg->dn = del_ctx->ghops[del_ctx->cur_ghop].dn; ret = ldb_msg_add(msg, del_ctx->ghops[del_ctx->cur_ghop].el, LDB_FLAG_MOD_DELETE); if (ret != LDB_SUCCESS) { return ret; } /* Also expire any parent groups to force reloading direct members in * case the ghost users we remove now were actually *also* direct members * of the parent groups */ ret = ldb_msg_add_empty(msg, DB_CACHE_EXPIRE, LDB_FLAG_MOD_REPLACE, NULL); if (ret != LDB_SUCCESS) { return ret; } ret = ldb_msg_add_string(msg, DB_CACHE_EXPIRE, "1"); if (ret != LDB_SUCCESS) { return ret; } ret = ldb_build_mod_req(&mod_req, ldb, del_ctx, msg, NULL, del_ctx, mbof_del_ghop_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } return ldb_next_request(ctx->module, mod_req); } static int mbof_del_ghop_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_del_ctx *del_ctx; struct mbof_ctx *ctx; int ret; del_ctx = talloc_get_type(req->context, struct mbof_del_ctx); ctx = del_ctx->ctx; if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } /* We must treat no such attribute as non-fatal b/c the entry * might have been directly nested in the parent as well and * updated with another replace operation. */ if (ares->error != LDB_SUCCESS && ares->error != LDB_ERR_NO_SUCH_ATTRIBUTE) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: /* shouldn't happen */ talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: del_ctx->cur_ghop++; if (del_ctx->cur_ghop < del_ctx->num_ghops) { ret = mbof_del_ghop(del_ctx); } /* see if there are follow functions to run */ else if (del_ctx->follow_mod) { return mbof_mod_add(del_ctx->follow_mod, del_ctx->follow_mod->mb_add, del_ctx->follow_mod->gh_add); } else { return ldb_module_done(ctx->req, ctx->ret_ctrls, ctx->ret_resp, LDB_SUCCESS); } if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } } talloc_zfree(ares); return LDB_SUCCESS; } /* delop may carry on a lot of memory, so we need a function to clean up * the payload without breaking the delop chain */ static void free_delop_contents(struct mbof_del_operation *delop) { talloc_zfree(delop->entry); talloc_zfree(delop->parents); talloc_zfree(delop->anc_ctx); delop->num_parents = 0; delop->cur_parent = 0; } /* mod operation */ /* A modify operation just implements either an add operation, or a delete * operation or both (replace) in turn. * One difference between a modify and a pure add or a pure delete is that * the object is not created a new or not completely removed, but the setup just * treats it in the same way children objects are treated in a pure add or delete * operation. A list of appropriate parents and objects to modify is built, then * we jump directly in the add or delete code. * If both add and delete are necessary, delete operations are performed first * and then a followup add operation is concatenated * * Another difference is the ghost users. Because of its semi-managed nature, * the ghost attribute requires some special care. During a modify operation, the * ghost attribute can be set to a new list. That list coming, from an * application, would typically only include the direct ghost * members. However, we want to keep both direct and indirect ghost members * in the cache to be able to return them all in a single call. To solve * that problem, we also iterate over members of the group being modified, * collect all ghost entries and add them back in case the original modify * operation wiped them out. */ static int mbof_mod_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_collect_child_ghosts(struct mbof_mod_ctx *mod_ctx); static int mbof_get_ghost_from_parent(struct mbof_mod_del_op *igh); static int mbof_get_ghost_from_parent_cb(struct ldb_request *req, struct ldb_reply *ares); static int mbof_orig_mod(struct mbof_mod_ctx *mod_ctx); static int mbof_orig_mod_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_inherited_mod(struct mbof_mod_ctx *mod_ctx); static int mbof_inherited_mod_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_mod_process(struct mbof_mod_ctx *mod_ctx, bool *done); static int mbof_mod_process_membel(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldb_message *entry, const struct ldb_message_element *membel, struct mbof_dn_array **_added, struct mbof_dn_array **_removed); static int mbof_mod_process_ghel(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldb_message *entry, const struct ldb_message_element *ghel, const struct ldb_message_element *inherited, struct mbof_val_array **_added, struct mbof_val_array **_removed); static int mbof_mod_delete(struct mbof_mod_ctx *mod_ctx, struct mbof_dn_array *del, struct mbof_val_array *delgh); static int mbof_fill_dn_array(TALLOC_CTX *memctx, struct ldb_context *ldb, const struct ldb_message_element *el, struct mbof_dn_array **dn_array); static int mbof_fill_vals_array(TALLOC_CTX *memctx, struct ldb_context *ldb, unsigned int num_values, struct ldb_val *values, struct mbof_val_array **val_array); static int mbof_fill_vals_array_el(TALLOC_CTX *memctx, struct ldb_context *ldb, const struct ldb_message_element *el, struct mbof_val_array **val_array); static int memberof_mod(struct ldb_module *module, struct ldb_request *req) { struct ldb_message_element *el; struct mbof_mod_ctx *mod_ctx; struct mbof_ctx *ctx; static const char *attrs[] = { DB_OC, DB_GHOST, DB_MEMBER, DB_MEMBEROF, NULL}; struct ldb_context *ldb = ldb_module_get_ctx(module); struct ldb_request *search; int ret; if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } /* check if memberof is specified */ el = ldb_msg_find_element(req->op.mod.message, DB_MEMBEROF); if (el) { ldb_debug(ldb, LDB_DEBUG_ERROR, "Error: the memberof attribute is readonly."); return LDB_ERR_UNWILLING_TO_PERFORM; } /* check if memberuid is specified */ el = ldb_msg_find_element(req->op.mod.message, DB_MEMBERUID); if (el) { ldb_debug(ldb, LDB_DEBUG_ERROR, "Error: the memberuid attribute is readonly."); return LDB_ERR_UNWILLING_TO_PERFORM; } ctx = mbof_init(module, req); if (!ctx) { return LDB_ERR_OPERATIONS_ERROR; } mod_ctx = talloc_zero(ctx, struct mbof_mod_ctx); if (!mod_ctx) { talloc_free(ctx); return LDB_ERR_OPERATIONS_ERROR; } mod_ctx->ctx = ctx; mod_ctx->msg = ldb_msg_copy(mod_ctx, req->op.mod.message); if (!mod_ctx->msg) { return LDB_ERR_OPERATIONS_ERROR; } mod_ctx->membel = ldb_msg_find_element(mod_ctx->msg, DB_MEMBER); mod_ctx->ghel = ldb_msg_find_element(mod_ctx->msg, DB_GHOST); /* continue with normal ops if there are no members and no ghosts */ if (mod_ctx->membel == NULL && mod_ctx->ghel == NULL) { mod_ctx->terminate = true; return mbof_orig_mod(mod_ctx); } /* can't do anything, * must check first what's on the entry */ ret = ldb_build_search_req(&search, ldb, mod_ctx, mod_ctx->msg->dn, LDB_SCOPE_BASE, NULL, attrs, NULL, mod_ctx, mbof_mod_callback, req); if (ret != LDB_SUCCESS) { talloc_free(ctx); return ret; } return ldb_request(ldb, search); } static int mbof_mod_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_mod_ctx *mod_ctx; struct ldb_context *ldb; struct mbof_ctx *ctx; int ret; mod_ctx = talloc_get_type(req->context, struct mbof_mod_ctx); ctx = mod_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: if (mod_ctx->entry != NULL) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Found multiple entries for (%s)", ldb_dn_get_linearized(mod_ctx->msg->dn)); /* more than one entry per dn ?? db corrupted ? */ return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } mod_ctx->entry = talloc_steal(mod_ctx, ares->message); if (mod_ctx->entry == NULL) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } break; case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: if (mod_ctx->entry == NULL) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Entry not found (%s)", ldb_dn_get_linearized(mod_ctx->msg->dn)); /* this target does not exists, too bad! */ return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_NO_SUCH_OBJECT); } ret = mbof_collect_child_ghosts(mod_ctx); if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } } talloc_zfree(ares); return LDB_SUCCESS; } static int mbof_collect_child_ghosts(struct mbof_mod_ctx *mod_ctx) { int ret; const struct ldb_message_element *member; member = ldb_msg_find_element(mod_ctx->entry, DB_MEMBER); if (member == NULL || member->num_values == 0 || mod_ctx->ghel == NULL || mod_ctx->ghel->flags != LDB_FLAG_MOD_REPLACE) { ret = mbof_orig_mod(mod_ctx); if (ret != LDB_SUCCESS) { return ret; } return LDB_SUCCESS; } mod_ctx->igh = talloc_zero(mod_ctx, struct mbof_mod_del_op); if (mod_ctx->igh == NULL) { return LDB_ERR_OPERATIONS_ERROR; } mod_ctx->igh->mod_ctx = mod_ctx; ret = hash_create_ex(1024, &mod_ctx->igh->inherited_gh, 0, 0, 0, 0, hash_alloc, hash_free, mod_ctx, NULL, NULL); if (ret != HASH_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } return mbof_get_ghost_from_parent(mod_ctx->igh); } static int mbof_get_ghost_from_parent(struct mbof_mod_del_op *igh) { struct ldb_request *search; struct ldb_context *ldb; struct mbof_ctx *ctx; int ret; static const char *attrs[] = { DB_GHOST, NULL }; char *expression; char *clean_dn; const char *dn; ctx = igh->mod_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); dn = ldb_dn_get_linearized(igh->mod_ctx->entry->dn); if (!dn) { talloc_free(ctx); return LDB_ERR_OPERATIONS_ERROR; } ret = sss_filter_sanitize(igh, dn, &clean_dn); if (ret != 0) { return LDB_ERR_OPERATIONS_ERROR; } expression = talloc_asprintf(igh, "(&(%s=%s)(%s=%s))", DB_OC, DB_GROUP_CLASS, DB_MEMBEROF, clean_dn); if (!expression) { return LDB_ERR_OPERATIONS_ERROR; } talloc_zfree(clean_dn); ret = ldb_build_search_req(&search, ldb, igh, NULL, LDB_SCOPE_SUBTREE, expression, attrs, NULL, igh, mbof_get_ghost_from_parent_cb, ctx->req); if (ret != LDB_SUCCESS) { return ret; } return ldb_request(ldb, search); } static int mbof_get_ghost_from_parent_cb(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_mod_del_op *igh; struct mbof_ctx *ctx; struct ldb_message_element *el; struct ldb_val *dupval; int ret; hash_value_t value; hash_key_t key; int i; igh = talloc_get_type(req->context, struct mbof_mod_del_op); ctx = igh->mod_ctx->ctx; if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: el = ldb_msg_find_element(ares->message, DB_GHOST); if (!el) { break; } for (i=0; i < el->num_values; i++) { key.type = HASH_KEY_STRING; key.str = (char *) el->values[i].data; if (hash_has_key(igh->inherited_gh, &key)) { /* We already have this user. Don't re-add him */ continue; } dupval = talloc_zero(igh->inherited_gh, struct ldb_val); if (dupval == NULL) { return LDB_ERR_OPERATIONS_ERROR; } *dupval = ldb_val_dup(igh->inherited_gh, &el->values[i]); if (dupval->data == NULL) { return LDB_ERR_OPERATIONS_ERROR; } value.type = HASH_VALUE_PTR; value.ptr = dupval; ret = hash_enter(igh->inherited_gh, &key, &value); if (ret != HASH_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } } break; case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: /* All the children are gathered, let's do the real * modify operation */ ret = mbof_orig_mod(igh->mod_ctx); if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } break; } talloc_zfree(ares); return LDB_SUCCESS; } static int mbof_orig_mod(struct mbof_mod_ctx *mod_ctx) { struct ldb_request *mod_req; struct ldb_context *ldb; struct mbof_ctx *ctx; int ret; ctx = mod_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); ret = ldb_build_mod_req(&mod_req, ldb, ctx->req, mod_ctx->msg, ctx->req->controls, mod_ctx, mbof_orig_mod_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } return ldb_next_request(ctx->module, mod_req); } static int mbof_orig_mod_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ldb_context *ldb; struct mbof_mod_ctx *mod_ctx; struct mbof_ctx *ctx; int ret; mod_ctx = talloc_get_type(req->context, struct mbof_mod_ctx); ctx = mod_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } if (ares->type != LDB_REPLY_DONE) { talloc_zfree(ares); ldb_debug(ldb, LDB_DEBUG_TRACE, "Invalid reply type!"); ldb_set_errstring(ldb, "Invalid reply type!"); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } /* save real call stuff */ ctx->ret_ctrls = talloc_steal(ctx, ares->controls); ctx->ret_resp = talloc_steal(ctx, ares->response); if (!mod_ctx->terminate) { /* next step */ if (mod_ctx->igh && mod_ctx->igh->inherited_gh && hash_count(mod_ctx->igh->inherited_gh) > 0) { ret = mbof_inherited_mod(mod_ctx); } else { ret = mbof_mod_process(mod_ctx, &mod_ctx->terminate); } if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } } if (mod_ctx->terminate) { talloc_zfree(ares); return ldb_module_done(ctx->req, ctx->ret_ctrls, ctx->ret_resp, LDB_SUCCESS); } talloc_zfree(ares); return LDB_SUCCESS; } static int mbof_inherited_mod(struct mbof_mod_ctx *mod_ctx) { struct ldb_request *mod_req; struct ldb_context *ldb; struct mbof_ctx *ctx; int ret; struct ldb_message_element *el; struct ldb_message *msg; struct ldb_val *val; struct ldb_val *dupval; hash_value_t *values; unsigned long num_values; int i, j; ctx = mod_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); /* add back the inherited children to entry */ msg = ldb_msg_new(mod_ctx); if (!msg) return LDB_ERR_OPERATIONS_ERROR; msg->dn = mod_ctx->entry->dn; /* We only inherit during replaces, so it's safe to only look * at the replaced set */ ret = ldb_msg_add_empty(msg, DB_GHOST, LDB_FLAG_MOD_ADD, &el); if (ret != LDB_SUCCESS) { return ret; } ret = hash_values(mod_ctx->igh->inherited_gh, &num_values, &values); if (ret != HASH_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } el->values = talloc_array(msg, struct ldb_val, num_values); if (!el->values) { return LDB_ERR_OPERATIONS_ERROR; } for (i = 0, j = 0; i < num_values; i++) { val = talloc_get_type(values[i].ptr, struct ldb_val); dupval = ldb_msg_find_val(mod_ctx->ghel, val); if (dupval) { continue; } el->values[j].length = strlen((const char *) val->data); el->values[j].data = (uint8_t *) talloc_strdup(el->values, (const char *) val->data); if (!el->values[j].data) { return LDB_ERR_OPERATIONS_ERROR; } j++; } el->num_values = j; mod_ctx->igh->mod_msg = msg; mod_ctx->igh->el = el; ret = ldb_build_mod_req(&mod_req, ldb, ctx->req, msg, ctx->req->controls, mod_ctx, mbof_inherited_mod_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } return ldb_next_request(ctx->module, mod_req); } static int mbof_inherited_mod_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ldb_context *ldb; struct mbof_mod_ctx *mod_ctx; struct mbof_ctx *ctx; int ret; mod_ctx = talloc_get_type(req->context, struct mbof_mod_ctx); ctx = mod_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } if (ares->type != LDB_REPLY_DONE) { talloc_zfree(ares); ldb_debug(ldb, LDB_DEBUG_TRACE, "Invalid reply type!"); ldb_set_errstring(ldb, "Invalid reply type!"); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } ret = mbof_mod_process(mod_ctx, &mod_ctx->terminate); if (ret != LDB_SUCCESS) { talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, ret); } if (mod_ctx->terminate) { talloc_zfree(ares); return ldb_module_done(ctx->req, ctx->ret_ctrls, ctx->ret_resp, LDB_SUCCESS); } talloc_zfree(ares); return LDB_SUCCESS; } static int mbof_mod_process(struct mbof_mod_ctx *mod_ctx, bool *done) { struct ldb_context *ldb; struct mbof_ctx *ctx; int ret; ctx = mod_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); ret = mbof_mod_process_membel(mod_ctx, ldb, mod_ctx->entry, mod_ctx->membel, &mod_ctx->mb_add, &mod_ctx->mb_remove); if (ret != LDB_SUCCESS) { return ret; } ret = mbof_mod_process_ghel(mod_ctx, ldb, mod_ctx->entry, mod_ctx->ghel, mod_ctx->igh ? mod_ctx->igh->el : NULL, &mod_ctx->gh_add, &mod_ctx->gh_remove); if (ret != LDB_SUCCESS) { return ret; } /* Process the operations */ /* if we have something to remove do it first */ if ((mod_ctx->mb_remove && mod_ctx->mb_remove->num) || (mod_ctx->gh_remove && mod_ctx->gh_remove->num)) { return mbof_mod_delete(mod_ctx, mod_ctx->mb_remove, mod_ctx->gh_remove); } /* if there is nothing to remove and we have stuff to add * do it right away */ if ((mod_ctx->mb_add && mod_ctx->mb_add->num) || (mod_ctx->gh_add && mod_ctx->gh_add->num)) { return mbof_mod_add(mod_ctx, mod_ctx->mb_add, mod_ctx->gh_add); } /* the replacement function resulted in a null op, * nothing to do, return happily */ *done = true; return LDB_SUCCESS; } static int mbof_mod_process_membel(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldb_message *entry, const struct ldb_message_element *membel, struct mbof_dn_array **_added, struct mbof_dn_array **_removed) { const struct ldb_message_element *el; struct mbof_dn_array *removed = NULL; struct mbof_dn_array *added = NULL; int i, j, ret; if (!membel) { /* Nothing to do.. */ return LDB_SUCCESS; } switch (membel->flags) { case LDB_FLAG_MOD_ADD: ret = mbof_fill_dn_array(mem_ctx, ldb, membel, &added); if (ret != LDB_SUCCESS) { return ret; } break; case LDB_FLAG_MOD_DELETE: if (membel->num_values == 0) { el = ldb_msg_find_element(entry, DB_MEMBER); } else { el = membel; } if (!el) { /* nothing to do really */ break; } ret = mbof_fill_dn_array(mem_ctx, ldb, el, &removed); if (ret != LDB_SUCCESS) { return ret; } break; case LDB_FLAG_MOD_REPLACE: removed = NULL; el = ldb_msg_find_element(entry, DB_MEMBER); if (el) { ret = mbof_fill_dn_array(mem_ctx, ldb, el, &removed); if (ret != LDB_SUCCESS) { return ret; } } added = NULL; el = membel; if (el) { ret = mbof_fill_dn_array(mem_ctx, ldb, el, &added); if (ret != LDB_SUCCESS) { talloc_free(removed); return ret; } } /* remove from arrays values that ended up unchanged */ if (removed && removed->num && added && added->num) { for (i = 0; i < added->num; i++) { for (j = 0; j < removed->num; j++) { if (ldb_dn_compare(added->dns[i], removed->dns[j]) == 0) { break; } } if (j < removed->num) { /* preexisting one, not removed, nor added */ for (; j+1 < removed->num; j++) { removed->dns[j] = removed->dns[j+1]; } removed->num--; for (j = i; j+1 < added->num; j++) { added->dns[j] = added->dns[j+1]; } added->num--; i--; } } } break; default: return LDB_ERR_OPERATIONS_ERROR; } *_added = added; *_removed = removed; return LDB_SUCCESS; } static int mbof_mod_process_ghel(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct ldb_message *entry, const struct ldb_message_element *ghel, const struct ldb_message_element *inherited, struct mbof_val_array **_added, struct mbof_val_array **_removed) { const struct ldb_message_element *el; struct mbof_val_array *removed = NULL; struct mbof_val_array *added = NULL; int i, j, ret; if (!ghel) { /* Nothing to do.. */ return LDB_SUCCESS; } el = ldb_msg_find_element(entry, DB_MEMBEROF); if (!el || el->num_values == 0) { /* no memberof attributes ... */ return LDB_SUCCESS; } switch (ghel->flags) { case LDB_FLAG_MOD_ADD: ret = mbof_fill_vals_array_el(mem_ctx, ldb, ghel, &added); if (ret != LDB_SUCCESS) { return ret; } break; case LDB_FLAG_MOD_DELETE: if (ghel->num_values == 0) { el = ldb_msg_find_element(entry, DB_GHOST); } else { el = ghel; } if (!el) { /* nothing to do really */ break; } ret = mbof_fill_vals_array_el(mem_ctx, ldb, ghel, &removed); if (ret != LDB_SUCCESS) { return ret; } break; case LDB_FLAG_MOD_REPLACE: el = ldb_msg_find_element(entry, DB_GHOST); if (el) { ret = mbof_fill_vals_array_el(mem_ctx, ldb, el, &removed); if (ret != LDB_SUCCESS) { return ret; } } el = ghel; if (el) { ret = mbof_fill_vals_array_el(mem_ctx, ldb, el, &added); if (ret != LDB_SUCCESS) { talloc_free(removed); return ret; } } if (inherited) { ret = mbof_fill_vals_array_el(mem_ctx, ldb, inherited, &added); if (ret != LDB_SUCCESS) { talloc_free(added); talloc_free(removed); return ret; } } /* remove from arrays values that ended up unchanged */ if (removed && removed->num && added && added->num) { for (i = 0; i < added->num; i++) { for (j = 0; j < removed->num; j++) { if (strcmp((const char *) added->vals[i].data, (const char *) removed->vals[j].data) == 0) { break; } } if (j < removed->num) { /* preexisting one, not removed, nor added */ for (; j+1 < removed->num; j++) { removed->vals[j] = removed->vals[j+1]; } removed->num--; for (j = i; j+1 < added->num; j++) { added->vals[j] = added->vals[j+1]; } added->num--; i--; } } } break; default: return LDB_ERR_OPERATIONS_ERROR; } *_added = added; *_removed = removed; return LDB_SUCCESS; } static int mbof_mod_add(struct mbof_mod_ctx *mod_ctx, struct mbof_dn_array *ael, struct mbof_val_array *addgh) { const struct ldb_message_element *el; struct mbof_dn_array *parents; struct mbof_add_ctx *add_ctx; struct ldb_context *ldb; struct mbof_ctx *ctx; int i, ret; ctx = mod_ctx->ctx; ldb = ldb_module_get_ctx(ctx->module); el = ldb_msg_find_element(mod_ctx->entry, DB_MEMBEROF); /* all the parents + itself */ ret = mbof_fill_dn_array(mod_ctx, ldb, el, &parents); if (ret != LDB_SUCCESS) { return ret; } add_ctx = talloc_zero(mod_ctx, struct mbof_add_ctx); if (!add_ctx) { return LDB_ERR_OPERATIONS_ERROR; } add_ctx->ctx = ctx; add_ctx->msg_dn = mod_ctx->msg->dn; if (addgh != NULL) { /* Build the memberuid add op */ ret = mbof_add_fill_ghop_ex(add_ctx, mod_ctx->entry, parents, addgh->vals, addgh->num); if (ret != LDB_SUCCESS) { return ret; } } if (ael != NULL) { /* Add itself to the list of the parents to also get the memberuid */ parents->dns = talloc_realloc(parents, parents->dns, struct ldb_dn *, parents->num + 1); if (!parents->dns) { return LDB_ERR_OPERATIONS_ERROR; } parents->dns[parents->num] = mod_ctx->entry->dn; parents->num++; /* Build the member-add array */ for (i = 0; i < ael->num; i++) { ret = mbof_append_addop(add_ctx, parents, ael->dns[i]); if (ret != LDB_SUCCESS) { return ret; } } return mbof_next_add(add_ctx->add_list); } return mbof_add_muop(add_ctx); } static int mbof_mod_delete(struct mbof_mod_ctx *mod_ctx, struct mbof_dn_array *del, struct mbof_val_array *delgh) { struct mbof_del_operation *first; struct mbof_del_ctx *del_ctx; struct mbof_ctx *ctx; int i, ret; ctx = mod_ctx->ctx; del_ctx = talloc_zero(mod_ctx, struct mbof_del_ctx); if (!del_ctx) { return LDB_ERR_OPERATIONS_ERROR; } del_ctx->ctx = ctx; del_ctx->is_mod = true; /* create first entry */ /* the first entry is the parent of all entries and the one where we * remove member from, it does not get the same treatment as others */ first = talloc_zero(del_ctx, struct mbof_del_operation); if (!first) { return LDB_ERR_OPERATIONS_ERROR; } del_ctx->first = first; /* add followup function if we also have stuff to add */ if ((mod_ctx->mb_add && mod_ctx->mb_add->num > 0) || (mod_ctx->gh_add && mod_ctx->gh_add->num > 0)) { del_ctx->follow_mod = mod_ctx; } first->del_ctx = del_ctx; first->entry = mod_ctx->entry; first->entry_dn = mod_ctx->entry->dn; if (delgh != NULL) { ret = mbof_del_fill_ghop_ex(del_ctx, del_ctx->first->entry, delgh->vals, delgh->num); if (ret != LDB_SUCCESS) { return ret; } } /* prepare del sets */ if (del != NULL) { for (i = 0; i < del->num; i++) { ret = mbof_append_delop(first, del->dns[i]); if (ret != LDB_SUCCESS) { return ret; } } /* now that sets are built, start processing */ return mbof_del_execute_op(first->children[0]); } /* No member processing, just delete ghosts */ return mbof_del_ghop(del_ctx); } static int mbof_fill_dn_array(TALLOC_CTX *memctx, struct ldb_context *ldb, const struct ldb_message_element *el, struct mbof_dn_array **dn_array) { struct mbof_dn_array *ar; struct ldb_dn *valdn; int i; ar = talloc_zero(memctx, struct mbof_dn_array); if (!ar) { return LDB_ERR_OPERATIONS_ERROR; } *dn_array = ar; if (!el || el->num_values == 0) { return LDB_SUCCESS; } ar->dns = talloc_array(ar, struct ldb_dn *, el->num_values); if (!ar->dns) { return LDB_ERR_OPERATIONS_ERROR; } ar->num = el->num_values; for (i = 0; i < ar->num; i++) { valdn = ldb_dn_from_ldb_val(ar, ldb, &el->values[i]); if (!valdn || !ldb_dn_validate(valdn)) { ldb_debug(ldb, LDB_DEBUG_TRACE, "Invalid dn value: [%s]", (const char *)el->values[i].data); return LDB_ERR_INVALID_DN_SYNTAX; } ar->dns[i] = valdn; } return LDB_SUCCESS; } static int mbof_fill_vals_array(TALLOC_CTX *memctx, struct ldb_context *ldb, unsigned int num_values, struct ldb_val *values, struct mbof_val_array **val_array) { struct mbof_val_array *var = *val_array; int i, vi; if (var == NULL) { var = talloc_zero(memctx, struct mbof_val_array); if (!var) { return LDB_ERR_OPERATIONS_ERROR; } *val_array = var; } if (values == NULL || num_values == 0) { return LDB_SUCCESS; } /* We do not care about duplicate values now. * They will be filtered later */ vi = var->num; var->num += num_values; var->vals = talloc_realloc(memctx, var->vals, struct ldb_val, var->num); if (!var->vals) { return LDB_ERR_OPERATIONS_ERROR; } /* FIXME - use ldb_val_dup() */ for (i = 0; i < num_values; i++) { var->vals[vi].length = strlen((const char *) values[i].data); var->vals[vi].data = (uint8_t *) talloc_strdup(var, (const char *) values[i].data); if (var->vals[vi].data == NULL) { return LDB_ERR_OPERATIONS_ERROR; } vi++; } return LDB_SUCCESS; } static int mbof_fill_vals_array_el(TALLOC_CTX *memctx, struct ldb_context *ldb, const struct ldb_message_element *el, struct mbof_val_array **val_array) { if (el == NULL) { return LDB_SUCCESS; } return mbof_fill_vals_array(memctx, ldb, el->num_values, el->values, val_array); } /************************* * Cleanup task routines * *************************/ struct mbof_member { struct mbof_member *prev; struct mbof_member *next; struct ldb_dn *dn; const char *name; bool orig_has_memberof; bool orig_has_memberuid; struct ldb_message_element *orig_members; struct mbof_member **members; hash_table_t *memberofs; struct ldb_message_element *memuids; enum { MBOF_GROUP_TO_DO = 0, MBOF_GROUP_DONE, MBOF_USER, MBOF_ITER_ERROR } status; }; struct mbof_rcmp_context { struct ldb_module *module; struct ldb_request *req; struct mbof_member *user_list; hash_table_t *user_table; struct mbof_member *group_list; hash_table_t *group_table; }; static int mbof_steal_msg_el(TALLOC_CTX *memctx, const char *name, struct ldb_message *msg, struct ldb_message_element **_dest) { struct ldb_message_element *src; struct ldb_message_element *dest; src = ldb_msg_find_element(msg, name); if (!src) { return LDB_ERR_NO_SUCH_ATTRIBUTE; } dest = talloc_zero(memctx, struct ldb_message_element); if (!dest) { return LDB_ERR_OPERATIONS_ERROR; } *dest = *src; talloc_steal(dest, dest->name); talloc_steal(dest, dest->values); *_dest = dest; return LDB_SUCCESS; } static int mbof_rcmp_usr_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_rcmp_search_groups(struct mbof_rcmp_context *ctx); static int mbof_rcmp_grp_callback(struct ldb_request *req, struct ldb_reply *ares); static int mbof_member_update(struct mbof_rcmp_context *ctx, struct mbof_member *parent, struct mbof_member *mem); static bool mbof_member_iter(hash_entry_t *item, void *user_data); static int mbof_add_memuid(struct mbof_member *grp, const char *user); static int mbof_rcmp_update(struct mbof_rcmp_context *ctx); static int mbof_rcmp_mod_callback(struct ldb_request *req, struct ldb_reply *ares); static int memberof_recompute_task(struct ldb_module *module, struct ldb_request *req) { struct ldb_context *ldb = ldb_module_get_ctx(module); static const char *attrs[] = { DB_NAME, DB_MEMBEROF, NULL }; static const char *filter = "(objectclass=user)"; struct mbof_rcmp_context *ctx; struct ldb_request *src_req; int ret; ctx = talloc_zero(req, struct mbof_rcmp_context); if (!ctx) { return LDB_ERR_OPERATIONS_ERROR; } ctx->module = module; ctx->req = req; ret = hash_create_ex(1024, &ctx->user_table, 0, 0, 0, 0, hash_alloc, hash_free, ctx, NULL, NULL); if (ret != HASH_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } ret = ldb_build_search_req(&src_req, ldb, ctx, NULL, LDB_SCOPE_SUBTREE, filter, attrs, NULL, ctx, mbof_rcmp_usr_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } return ldb_request(ldb, src_req); } static int mbof_rcmp_usr_callback(struct ldb_request *req, struct ldb_reply *ares) { struct mbof_rcmp_context *ctx; struct mbof_member *usr; hash_value_t value; hash_key_t key; const char *name; int ret; ctx = talloc_get_type(req->context, struct mbof_rcmp_context); if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: usr = talloc_zero(ctx, struct mbof_member); if (!usr) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } usr->status = MBOF_USER; usr->dn = talloc_steal(usr, ares->message->dn); name = ldb_msg_find_attr_as_string(ares->message, DB_NAME, NULL); if (name) { usr->name = talloc_steal(usr, name); } if (ldb_msg_find_element(ares->message, DB_MEMBEROF)) { usr->orig_has_memberof = true; } DLIST_ADD(ctx->user_list, usr); key.type = HASH_KEY_STRING; key.str = discard_const(ldb_dn_get_linearized(usr->dn)); value.type = HASH_VALUE_PTR; value.ptr = usr; ret = hash_enter(ctx->user_table, &key, &value); if (ret != HASH_SUCCESS) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } break; case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: talloc_zfree(ares); /* and now search groups */ return mbof_rcmp_search_groups(ctx); } talloc_zfree(ares); return LDB_SUCCESS; } static int mbof_rcmp_search_groups(struct mbof_rcmp_context *ctx) { struct ldb_context *ldb = ldb_module_get_ctx(ctx->module); static const char *attrs[] = { DB_MEMBEROF, DB_MEMBERUID, DB_NAME, DB_MEMBER, NULL }; static const char *filter = "(objectclass=group)"; struct ldb_request *req; int ret; ret = hash_create_ex(1024, &ctx->group_table, 0, 0, 0, 0, hash_alloc, hash_free, ctx, NULL, NULL); if (ret != HASH_SUCCESS) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } ret = ldb_build_search_req(&req, ldb, ctx, NULL, LDB_SCOPE_SUBTREE, filter, attrs, NULL, ctx, mbof_rcmp_grp_callback, ctx->req); if (ret != LDB_SUCCESS) { return ret; } return ldb_request(ldb, req); } static int mbof_rcmp_grp_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ldb_context *ldb; struct mbof_rcmp_context *ctx; struct ldb_message_element *el; struct mbof_member *iter; struct mbof_member *grp; hash_value_t value; hash_key_t key; const char *name; int i, j; int ret; ctx = talloc_get_type(req->context, struct mbof_rcmp_context); ldb = ldb_module_get_ctx(ctx->module); if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: grp = talloc_zero(ctx, struct mbof_member); if (!grp) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } grp->status = MBOF_GROUP_TO_DO; grp->dn = talloc_steal(grp, ares->message->dn); grp->name = ldb_msg_find_attr_as_string(ares->message, DB_NAME, NULL); name = ldb_msg_find_attr_as_string(ares->message, DB_NAME, NULL); if (name) { grp->name = talloc_steal(grp, name); } if (ldb_msg_find_element(ares->message, DB_MEMBEROF)) { grp->orig_has_memberof = true; } if (ldb_msg_find_element(ares->message, DB_MEMBERUID)) { grp->orig_has_memberuid = true; } ret = mbof_steal_msg_el(grp, DB_MEMBER, ares->message, &grp->orig_members); if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_ATTRIBUTE) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } DLIST_ADD(ctx->group_list, grp); key.type = HASH_KEY_STRING; key.str = discard_const(ldb_dn_get_linearized(grp->dn)); value.type = HASH_VALUE_PTR; value.ptr = grp; ret = hash_enter(ctx->group_table, &key, &value); if (ret != HASH_SUCCESS) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } break; case LDB_REPLY_REFERRAL: /* ignore */ break; case LDB_REPLY_DONE: talloc_zfree(ares); if (!ctx->group_list) { /* no groups ? */ return ldb_module_done(ctx->req, NULL, NULL, LDB_SUCCESS); } /* for each group compute the members list */ for (iter = ctx->group_list; iter; iter = iter->next) { el = iter->orig_members; if (!el || el->num_values == 0) { /* no members */ continue; } /* we have at most num_values group members */ iter->members = talloc_array(iter, struct mbof_member *, el->num_values +1); if (!iter->members) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } for (i = 0, j = 0; i < el->num_values; i++) { key.type = HASH_KEY_STRING; key.str = (char *)el->values[i].data; ret = hash_lookup(ctx->user_table, &key, &value); switch (ret) { case HASH_SUCCESS: iter->members[j] = (struct mbof_member *)value.ptr; j++; break; case HASH_ERROR_KEY_NOT_FOUND: /* not a user, see if it is a group */ ret = hash_lookup(ctx->group_table, &key, &value); if (ret != HASH_SUCCESS) { if (ret != HASH_ERROR_KEY_NOT_FOUND) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } } if (ret == HASH_ERROR_KEY_NOT_FOUND) { /* not a known user, nor a known group ? give a warning an continue */ ldb_debug(ldb, LDB_DEBUG_ERROR, "member attribute [%s] has no corresponding" " entry!", key.str); break; } iter->members[j] = (struct mbof_member *)value.ptr; j++; break; default: return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } } /* terminate */ iter->members[j] = NULL; talloc_zfree(iter->orig_members); } /* now generate correct memberof tables */ while (ctx->group_list->status == MBOF_GROUP_TO_DO) { grp = ctx->group_list; /* move to end of list and mark as done. * NOTE: this is not efficient, but will do for now */ DLIST_DEMOTE(ctx->group_list, grp, struct mbof_member *); grp->status = MBOF_GROUP_DONE; /* verify if members need updating */ if (!grp->members) { continue; } for (i = 0; grp->members[i]; i++) { ret = mbof_member_update(ctx, grp, grp->members[i]); if (ret != LDB_SUCCESS) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } } } /* ok all done, now go on and modify the tree */ return mbof_rcmp_update(ctx); } talloc_zfree(ares); return LDB_SUCCESS; } static int mbof_member_update(struct mbof_rcmp_context *ctx, struct mbof_member *parent, struct mbof_member *mem) { hash_value_t value; hash_key_t key; int ret; /* ignore loops */ if (parent == mem) return LDB_SUCCESS; key.type = HASH_KEY_STRING; key.str = discard_const(ldb_dn_get_linearized(parent->dn)); if (!mem->memberofs) { ret = hash_create_ex(32, &mem->memberofs, 0, 0, 0, 0, hash_alloc, hash_free, mem, NULL, NULL); if (ret != HASH_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } ret = HASH_ERROR_KEY_NOT_FOUND; } else { ret = hash_lookup(mem->memberofs, &key, &value); if (ret != HASH_SUCCESS) { if (ret != HASH_ERROR_KEY_NOT_FOUND) { /* fatal error */ return LDB_ERR_OPERATIONS_ERROR; } } } if (ret == HASH_ERROR_KEY_NOT_FOUND) { /* it's missing, update member */ value.type = HASH_VALUE_PTR; value.ptr = parent; ret = hash_enter(mem->memberofs, &key, &value); if (ret != HASH_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } if (mem->status == MBOF_USER) { /* add corresponding memuid to the group */ ret = mbof_add_memuid(parent, mem->name); if (ret != LDB_SUCCESS) { return ret; } } /* if we updated a group, mark it as TO DO again */ if (mem->status == MBOF_GROUP_DONE) { mem->status = MBOF_GROUP_TO_DO; } } /* now see if the parent has memberofs to pass down */ if (parent->memberofs) { ret = hash_iterate(parent->memberofs, mbof_member_iter, mem); if (ret != HASH_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } if (mem->status == MBOF_ITER_ERROR) { return LDB_ERR_OPERATIONS_ERROR; } } /* finally, if it was made TO DO move it to the head */ if (mem->status == MBOF_GROUP_TO_DO) { DLIST_PROMOTE(ctx->group_list, mem); } return LDB_SUCCESS; } static bool mbof_member_iter(hash_entry_t *item, void *user_data) { struct mbof_member *parent; struct mbof_member *mem; hash_value_t value; int ret; mem = talloc_get_type(user_data, struct mbof_member); /* exclude self */ if (strcmp(item->key.str, ldb_dn_get_linearized(mem->dn)) == 0) { return true; } /* check if we already have it */ ret = hash_lookup(mem->memberofs, &item->key, &value); if (ret != HASH_SUCCESS) { if (ret != HASH_ERROR_KEY_NOT_FOUND) { /* fatal error */ mem->status = MBOF_ITER_ERROR; return false; } /* was not already here, add it and mark group as TO DO */ ret = hash_enter(mem->memberofs, &item->key, &item->value); if (ret != HASH_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } if (mem->status == MBOF_GROUP_DONE) { mem->status = MBOF_GROUP_TO_DO; } if (mem->status == MBOF_USER) { /* add corresponding memuid to the group */ parent = (struct mbof_member *)item->value.ptr; ret = mbof_add_memuid(parent, mem->name); if (ret != LDB_SUCCESS) { mem->status = MBOF_ITER_ERROR; return false; } } } return true; } static int mbof_add_memuid(struct mbof_member *grp, const char *user) { struct ldb_val *vals; int n; if (!grp->memuids) { grp->memuids = talloc_zero(grp, struct ldb_message_element); if (!grp->memuids) { return LDB_ERR_OPERATIONS_ERROR; } grp->memuids->name = talloc_strdup(grp->memuids, DB_MEMBERUID); if (!grp->memuids->name) { return LDB_ERR_OPERATIONS_ERROR; } } n = grp->memuids->num_values; vals = talloc_realloc(grp->memuids, grp->memuids->values, struct ldb_val, n + 1); if (!vals) { return LDB_ERR_OPERATIONS_ERROR; } vals[n].data = (uint8_t *)talloc_strdup(vals, user); vals[n].length = strlen(user); grp->memuids->values = vals; grp->memuids->num_values = n + 1; return LDB_SUCCESS; } static int mbof_rcmp_update(struct mbof_rcmp_context *ctx) { struct ldb_context *ldb = ldb_module_get_ctx(ctx->module); struct ldb_message_element *el; struct ldb_message *msg = NULL; struct ldb_request *req; struct mbof_member *x = NULL; hash_key_t *keys; unsigned long count; int flags; int ret, i; /* we process all users first and then all groups */ if (ctx->user_list) { /* take the next entry and remove it from the list */ x = ctx->user_list; DLIST_REMOVE(ctx->user_list, x); } else if (ctx->group_list) { /* take the next entry and remove it from the list */ x = ctx->group_list; DLIST_REMOVE(ctx->group_list, x); } else { /* processing terminated, return */ ret = LDB_SUCCESS; goto done; } msg = ldb_msg_new(ctx); if (!msg) { ret = LDB_ERR_OPERATIONS_ERROR; goto done; } msg->dn = x->dn; /* process memberof */ if (x->memberofs) { ret = hash_keys(x->memberofs, &count, &keys); if (ret != HASH_SUCCESS) { ret = LDB_ERR_OPERATIONS_ERROR; goto done; } if (x->orig_has_memberof) { flags = LDB_FLAG_MOD_REPLACE; } else { flags = LDB_FLAG_MOD_ADD; } ret = ldb_msg_add_empty(msg, DB_MEMBEROF, flags, &el); if (ret != LDB_SUCCESS) { goto done; } el->values = talloc_array(el, struct ldb_val, count); if (!el->values) { ret = LDB_ERR_OPERATIONS_ERROR; goto done; } el->num_values = count; for (i = 0; i < count; i++) { el->values[i].data = (uint8_t *)keys[i].str; el->values[i].length = strlen(keys[i].str); } } else if (x->orig_has_memberof) { ret = ldb_msg_add_empty(msg, DB_MEMBEROF, LDB_FLAG_MOD_DELETE, NULL); if (ret != LDB_SUCCESS) { goto done; } } /* process memberuid */ if (x->memuids) { if (x->orig_has_memberuid) { flags = LDB_FLAG_MOD_REPLACE; } else { flags = LDB_FLAG_MOD_ADD; } ret = ldb_msg_add(msg, x->memuids, flags); if (ret != LDB_SUCCESS) { goto done; } } else if (x->orig_has_memberuid) { ret = ldb_msg_add_empty(msg, DB_MEMBERUID, LDB_FLAG_MOD_DELETE, NULL); if (ret != LDB_SUCCESS) { goto done; } } ret = ldb_build_mod_req(&req, ldb, ctx, msg, NULL, ctx, mbof_rcmp_mod_callback, ctx->req); if (ret != LDB_SUCCESS) { goto done; } talloc_steal(req, msg); /* fire next call */ return ldb_next_request(ctx->module, req); done: /* all users and groups have been processed */ return ldb_module_done(ctx->req, NULL, NULL, ret); } static int mbof_rcmp_mod_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ldb_context *ldb; struct mbof_rcmp_context *ctx; ctx = talloc_get_type(req->context, struct mbof_rcmp_context); ldb = ldb_module_get_ctx(ctx->module); if (!ares) { return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } if (ares->error != LDB_SUCCESS) { return ldb_module_done(ctx->req, ares->controls, ares->response, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: ldb_debug(ldb, LDB_DEBUG_TRACE, "Got an entry on a non search op ?!"); /* shouldn't happen */ talloc_zfree(ares); return ldb_module_done(ctx->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); case LDB_REPLY_REFERRAL: /* ignore */ talloc_zfree(ares); break; case LDB_REPLY_DONE: talloc_zfree(ares); /* update the next one */ return mbof_rcmp_update(ctx); } return LDB_SUCCESS; } /* module init code */ static int memberof_init(struct ldb_module *module) { struct ldb_context *ldb = ldb_module_get_ctx(module); int ret; /* set syntaxes for member and memberof so that comparisons in filters and * such are done right */ ret = ldb_schema_attribute_add(ldb, DB_MEMBER, 0, LDB_SYNTAX_DN); if (ret != 0) return LDB_ERR_OPERATIONS_ERROR; ret = ldb_schema_attribute_add(ldb, DB_MEMBEROF, 0, LDB_SYNTAX_DN); if (ret != 0) return LDB_ERR_OPERATIONS_ERROR; return ldb_next_init(module); } const struct ldb_module_ops ldb_memberof_module_ops = { .name = "memberof", .init_context = memberof_init, .add = memberof_add, .modify = memberof_mod, .del = memberof_del, }; int ldb_init_module(const char *version) { #if defined(SSS_LDB_VERSION_CHECK) && defined(LDB_MODULE_CHECK_VERSION) LDB_MODULE_CHECK_VERSION(version); #endif /* SSS_LDB_VERSION_CHECK && LDB_MODULE_CHECK_VERSION */ return ldb_register_module(&ldb_memberof_module_ops); } sssd-1.11.5/src/PaxHeaders.13173/man0000644000000000000000000000013212320753573015042 xustar000000000000000030 mtime=1396955003.528843851 30 atime=1396955003.534843847 30 ctime=1396955003.528843851 sssd-1.11.5/src/man/0000775002412700241270000000000012320753573015346 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/PaxHeaders.13173/nl0000644000000000000000000000013212320753573015453 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.534843847 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/0000775002412700241270000000000012320753573015757 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/nl/PaxHeaders.13173/sss_groupmod.8.xml0000644000000000000000000000013212320753573021144 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.512843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/sss_groupmod.8.xml0000664002412700241270000000462612320753573021403 0ustar00jhrozekjhrozek00000000000000 SSSD handleiding sss_groupmod 8 sss_groupmod muteer een groep sss_groupmod opties GROEP OMSCHRIJVING sss_groupmod muteert de groep en maakt de aanpassingen die via de opdrachtregel ingegeven zijn. OPTIES , GROEPEN Voeg deze groep toe aan de groepen opgegeven met de GROEPEN parameter. De GROEPEN parameter is een kommagescheiden lijst van groepnamen. , GROEPEN Verwijder deze groep uit de groepen opgegeven in de GROEPEN parameter. sssd-1.11.5/src/man/nl/PaxHeaders.13173/include0000644000000000000000000000013212320753573017076 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.534843847 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/0000755002412700241270000000000012320753573017400 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000013212320753573023317 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/ldap_search_bases.xml0000664002412700241270000000165112320753573023551 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000013212320753573022005 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/param_help.xml0000664002412700241270000000032312320753573022232 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/failover.xml0000644000000000000000000000013212320753573021504 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/failover.xml0000664002412700241270000000425312320753573021737 0ustar00jhrozekjhrozek00000000000000 FAILOVER The failover feature allows back ends to automatically switch to a different server if the current server fails. Failover Syntax The list of servers is given as a comma-separated list; any number of spaces is allowed around the comma. The servers are listed in order of preference. The list can contain any number of servers. For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. The Failover Mechanism The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other service. If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service. The machine is still considered online and might still be tried for another service. Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded to 30 seconds. If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds. sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000013212320753573022335 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/debug_levels.xml0000664002412700241270000000506612320753573022573 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Currently supported debug levels: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: To log fatal failures, critical failures, serious failures and function data use 0x0270. Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000013212320753573021330 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/seealso.xml0000664002412700241270000000467712320753573021575 0ustar00jhrozekjhrozek00000000000000 ZIE OOK sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000013212320753573021535 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/upstream.xml0000664002412700241270000000020212320753573021756 0ustar00jhrozekjhrozek00000000000000 SSSD The SSSD upstream - http://fedorahosted.org/sssd sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000013212320753573022515 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/param_help_py.xml0000664002412700241270000000032312320753573022742 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000013212320753573022742 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/autofs_restart.xml0000664002412700241270000000035312320753573023172 0ustar00jhrozekjhrozek00000000000000 Please note that the automounter only reads the master map on startup, so if any autofs-related changes are made to the sssd.conf, you typically also need to restart the automounter daemon after restarting the SSSD. sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000013212320753573022372 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/experimental.xml0000664002412700241270000000016712320753573022625 0ustar00jhrozekjhrozek00000000000000 This is an experimental feature, please use http://fedorahosted.org/sssd to report any issues. sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000013212320753573023004 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/ldap_id_mapping.xml0000664002412700241270000002227712320753573023245 0ustar00jhrozekjhrozek00000000000000 ID MAPPING The ID-mapping feature allows SSSD to act as a client of Active Directory without requiring administrators to extend user attributes to support POSIX attributes for user and group identifiers. NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are ignored. This is to avoid the possibility of conflicts between automatically-assigned and manually-assigned values. If you need to use manually-assigned values, ALL values must be manually-assigned. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Mapping Algorithm Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object. The SSSD ID-mapping algorithm takes a range of available UIDs and divides it into equally-sized component sections - called "slices"-. Each slice represents the space available to an Active Directory domain. When a user or group entry for a particular domain is encountered for the first time, the SSSD allocates one of the available slices for that domain. In order to make this slice-assignment repeatable on different client machines, we select the slice based on the following algorithm: The SID string is passed through the murmurhash3 algorithm to convert it to a 32-bit hashed value. We then take the modulus of this value with the total number of available slices to pick the slice. NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice). In this situation, it is recommended to either switch to using explicit POSIX attributes in Active Directory (disabling ID-mapping) or configure a default domain to guarantee that at least one is always consistent. See Configuration for details. Configuration Minimum configuration (in the [domain/DOMAINNAME] section): ldap_id_mapping = True ldap_schema = ad The default configuration results in configuring 10,000 slices, each capable of holding up to 200,000 IDs, starting from 10,001 and going up to 2,000,100,000. This should be sufficient for most deployments. Advanced Configuration ldap_idmap_range_min (integer) Specifies the lower bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from min_id in that min_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have min_id be less-than or equal to ldap_idmap_range_min Default: 200000 ldap_idmap_range_max (integer) Specifies the upper bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from max_id in that max_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have max_id be greater-than or equal to ldap_idmap_range_max Default: 2000200000 ldap_idmap_range_size (integer) Specifies the number of IDs available for each slice. If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can. Default: 200000 ldap_idmap_default_domain_sid (string) Specify the domain SID of the default domain. This will guarantee that this domain will always be assigned to slice zero in the ID map, bypassing the murmurhash algorithm described above. Default: not set ldap_idmap_default_domain (string) Specify the name of the default domain. Default: not set ldap_idmap_autorid_compat (boolean) Changes the behavior of the ID-mapping algorithm to behave more similarly to winbind's idmap_autorid algorithm. When this option is configured, domains will be allocated starting with slice zero and increasing monatomically with each additional domain. NOTE: This algorithm is non-deterministic (it depends on the order that users and groups are requested). If this mode is required for compatibility with machines running winbind, it is recommended to also use the ldap_idmap_default_domain_sid option to guarantee that at least one domain is consistently allocated to slice zero. Default: False sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000013212320753573026074 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/ldap_search_bases_experimental.xml0000664002412700241270000000203612320753573026324 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000013212320753573023424 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/service_discovery.xml0000664002412700241270000000322712320753573023657 0ustar00jhrozekjhrozek00000000000000 SERVICE DISCOVERY The service discovery feature allows back ends to automatically find the appropriate servers to connect to using a special DNS query. This feature is not supported for backup servers. Configuration If no servers are specified, the back end automatically uses service discovery to try to find a server. Optionally, the user may choose to use both fixed server addresses and service discovery by inserting a special keyword, _srv_, in the list of servers. The order of preference is maintained. This feature is useful if, for example, the user prefers to use service discovery whenever possible, and fall back to a specific server when no servers can be discovered using DNS. The domain name Please refer to the dns_discovery_domain parameter in the sssd.conf 5 manual page for more details. The protocol The queries usually specify _tcp as the protocol. Exceptions are documented in respective option description. See Also For more information on the service discovery mechanism, refer to RFC 2782. sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/local.xml0000644000000000000000000000013212320753573020767 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/local.xml0000664002412700241270000000134512320753573021221 0ustar00jhrozekjhrozek00000000000000 THE LOCAL DOMAIN In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd 8 ) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. sssd-1.11.5/src/man/nl/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000013212320753573023223 xustar000000000000000030 mtime=1396955003.513843863 30 atime=1396955003.513843863 30 ctime=1396955003.513843863 sssd-1.11.5/src/man/nl/include/override_homedir.xml0000664002412700241270000000313012320753573023447 0ustar00jhrozekjhrozek00000000000000 override_homedir (string) Override the user's home directory. You can either provide an absolute value or a template. In the template, the following sequences are substituted: %u login name %U UID number %d domain name %f fully qualified user name (user@domain) %o The original home directory retrieved from the identity provider. %% a literal '%' This option can also be set per-domain. example: override_homedir = /home/%u Default: Not set (SSSD will use the value retrieved from LDAP) sssd-1.11.5/src/man/PaxHeaders.13173/ja0000644000000000000000000000013212320753573015434 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.534843847 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/0000775002412700241270000000000012320753573015740 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/ja/PaxHeaders.13173/sssd-ipa.5.xml0000644000000000000000000000012712320753573020125 xustar000000000000000029 mtime=1396955003.50384387 29 atime=1396955003.50384387 29 ctime=1396955003.50384387 sssd-1.11.5/src/man/ja/sssd-ipa.5.xml0000664002412700241270000010207212320753573020352 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sssd-ipa 5 ファイル形式および変換 sssd-ipa SSSD の設定ファイル 概要 このマニュアルページは sssd 8 に対する IPA プロバイダーの設定を説明しています。詳細な構文の参考資料は sssd.conf 5 マニュアルページの ファイル形式 を参照してください。 IPA プロバイダーは IPA サーバーに接続するために使用されるバックエンドです。(IPA サーバーに関する詳細は freeipa.org のウェブサイトを参照してください。)このプロバイダーは、マシンが IPA ドメインに参加していて、設定がすでに全体的に自己検索され、サーバーから直接取得されている必要があります。 IPA プロバイダーは sssd-ldap 5 識別プロバイダーおよび sssd-krb5 5 認証プロバイダーにより使用されるものと同じオプションを受け付けます。いくつかの例外は以下に説明されています。 しかし、これらのオプションを設定することは必要ありません、また推奨もされません。IPA プロバイダーはアクセスプロバイダーおよびパスワード変更プロバイダーとしても使用できます。アクセスプロバイダーとしては、HBAC (ホストベースアクセス制御) ルールを使用します。HBAC の詳細は freeipa.org を参照してください。アクセスプロバイダーが設定されていなければ、クライアント側において必要になります。 The IPA provider will use the PAC responder if the Kerberos tickets of users from trusted realms contain a PAC. To make configuration easier the PAC responder is started automatically if the IPA ID provider is configured. 設定オプション SSSD ドメインの設定に関する詳細は sssd.conf 5 マニュアルページの ドメインセクション のセクションを参照してください。 ipa_domain (文字列) IPA ドメインの名前を指定します。これはオプションです。提供されなければ、設定ドメイン名が使用されます。 ipa_server, ipa_backup_server (文字列) The comma-separated list of IP addresses or hostnames of the IPA servers to which SSSD should connect in the order of preference. For more information on failover and server redundancy, see the FAILOVER section. This is optional if autodiscovery is enabled. For more information on service discovery, refer to the SERVICE DISCOVERY section. ipa_hostname (文字列) オプションです。hostname(5) がこのホストを識別するために IPA ドメインにおいて使用される完全修飾名を反映しないマシンにおいて設定されます。 dyndns_update (論理値) Optional. This option tells SSSD to automatically update the DNS server built into FreeIPA v2 with the IP address of this client. The update is secured using GSS-TSIG. The IP address of the IPA LDAP connection is used for the updates, if it is not otherwise specified by using the dyndns_iface option. 注: (RHEL5 のような) 古いシステムにおいて、この動作が正しく機能するためには、デフォルトの Kerberos レルムが /etc/krb5.conf において正しく設定されている必要があります NOTE: While it is still possible to use the old ipa_dyndns_update option, users should migrate to using dyndns_update in their config file. 初期値: false dyndns_ttl (整数) The TTL to apply to the client DNS record when updating it. If dyndns_update is false this has no effect. This will override the TTL serverside if set by an administrator. NOTE: While it is still possible to use the old ipa_dyndns_ttl option, users should migrate to using dyndns_ttl in their config file. 初期値: 1200 (秒) dyndns_iface (文字列) Optional. Applicable only when dyndns_update is true. Choose the interface whose IP address should be used for dynamic DNS updates. NOTE: While it is still possible to use the old ipa_dyndns_iface option, users should migrate to using dyndns_iface in their config file. 初期値: IPA LDAP 接続の IP アドレスを使用します ipa_enable_dns_sites (論理値) DNS サイトの有効化 - 位置情報に基づいたサービス探索。 If true and service discovery (see Service Discovery paragraph at the bottom of the man page) is enabled, then the SSSD will first attempt location based discovery using a query that contains "_location.hostname.example.com" and then fall back to traditional SRV discovery. If the location based discovery succeeds, the IPA servers located with the location based discovery are treated as primary servers and the IPA servers located using the traditional SRV discovery are used as back up servers 初期値: false dyndns_refresh_interval (整数) How often should the back end perform periodic DNS update in addition to the automatic update performed when the back end goes online. This option is optional and applicable only when dyndns_update is true. 初期値: 0 (無効) dyndns_update_ptr (論理値) Whether the PTR record should also be explicitly updated when updating the client's DNS records. Applicable only when dyndns_update is true. This option should be False in most IPA deployments as the IPA server generates the PTR records automatically when forward records are changed. 初期値: False (無効) dyndns_force_tcp (論理値) nsupdate ユーティリティが DNS サーバーと通信するために TCP を標準で使用するかどうか。 Default: False (let nsupdate choose the protocol) ipa_hbac_search_base (文字列) オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースとして使用します。 初期値: ベース DN を使用します ipa_host_search_base (文字列) オプションです。ホストオブジェクトの検索ベースとして与えられた文字列を使用します。 複数の検索ベースを設定することの詳細は ldap_search_base を参照してください。 フィルターがすべての検索ベースに与えられ、かつ ipa_hbac_support_srchost が偽(False)に設定されていると、フィルターは無視されます。 初期値: ldap_search_base の値 ipa_selinux_search_base (文字列) オプションです。与えられた文字列を SELinux ユーザーマップに対する検索ベースとして使用します。 複数の検索ベースを設定することの詳細は ldap_search_base を参照してください。 初期値: ldap_search_base の値 ipa_subdomains_search_base (文字列) オプションです。信頼されたドメインに対する検索ベースとして、与えられた文字列を使用します。 複数の検索ベースを設定することの詳細は ldap_search_base を参照してください。 初期値: cn=trusts,%basedn の値 ipa_master_domain_search_base (文字列) Optional. Use the given string as search base for master domain object. 複数の検索ベースを設定することの詳細は ldap_search_base を参照してください。 初期値: cn=ad,cn=etc,%basedn の値 krb5_validate (論理値) 取得された TGT が改ざんされていないかを krb5_keytab の支援で確認します。 初期値: true この初期値は伝統的な Kerberos プロバイダーのバックエンドとは異なることに注意してください。 krb5_realm (文字列) Kerberos レルムの名前です。これはオプションで、初期値は ipa_domain の値です。 IPA において特別な意味を持つ Kerberos レルムの名前です。LDAP 操作を実行するために使用するベース DN に変換されます。 krb5_canonicalize (論理値) IPA LDAP と AS 要求に対して接続するとき、ホストとユーザープリンシパルを正規化するかを指定します。この機能は MIT Kerberos >= 1.7 で利用可能です。 初期値: true krb5_use_fast (文字列) Kerberos の事前認証のために flexible authentication secure tunneling (FAST) を有効化します。以下のオプションがサポートされます: never use FAST. try to use FAST. If the server does not support FAST, continue the authentication without it. This is equivalent to not setting this option at all. demand は FAST を使用します。サーバーが FAST を要求しなければ、認証が失敗します。 Default: try 注: SSSD は MIT Kerberos バージョン 1.8 およびそれ以降のみで FAST をサポートします。SSSD が古いバージョンの MIT Kerberos を使用している場合、このオプションを使用すると設定エラーになります。 ipa_hbac_refresh (整数) The amount of time between lookups of the HBAC rules against the IPA server. This will reduce the latency and load on the IPA server if there are many access-control requests made in a short period. 初期値: 5 (秒) ipa_hbac_selinux (整数) The amount of time between lookups of the SELinux maps against the IPA server. This will reduce the latency and load on the IPA server if there are many user login requests made in a short period. 初期値: 5 (秒) ipa_hbac_treat_deny_as (文字列) このオプションは推奨されない DENY 形式の HBAC ルールをどのように取り扱うかを指定します。FreeIPA v2.1 現在、DENY ルールはもはやサーバーにおいてサポートされません。すべての FreeIPA のユーザーはそれらのルールを ALLOW ルールのみを使用するよう移行する必要があります。クライアントはこの移行期間中 2 つのモードの操作をサポートします: DENY_ALL: すべての HBAC DENY ルールが検知されると、すべてのユーザーがアクセスを拒否されます。 IGNORE: SSSD がすべての DENY ルールを無視されます。意図しないアクセスが開かれる可能性があるので、このオプションを用いるときは非常に注意してください。 初期値: DENY_ALL ipa_hbac_support_srchost (論理値) これが偽に設定されていると、PAM により SSSD に与えられる srchost が無視されます。 False に設定されていると、このオプションは ipa_host_search_base に与えられたフィルターが無視されるようになることに注意してください。 初期値: false ipa_server_mode (論理値) This option should only be set by the IPA installer. The option denotes that the SSSD is running on IPA server and should perform lookups of users and groups from trusted domains differently. 初期値: false ipa_automount_location (文字列) この IPA クライアントが使用する automounter の場所です 初期値: "default" という名前の場所 ipa_netgroup_member_of (文字列) ネットワークグループのメンバーを一覧にする LDAP 属性です。 初期値: memberOf ipa_netgroup_member_user (文字列) ネットワークグループの直接メンバーであるシステムユーザーとグループを一覧化する LDAP 属性です。 初期値: memberUser ipa_netgroup_member_host (文字列) ネットワークグループの直接メンバーであるホストとホストグループを一覧化する LDAP 属性です。 初期値: memberHost ipa_netgroup_member_ext_host (文字列) ネットワークグループのメンバーであるホストとホストグループの FQDN を一覧化する LDAP 属性です。 初期値: externalHost ipa_netgroup_domain (文字列) ネットワークグループの NIS ドメイン名を含む LDAP 属性です。 初期値: nisDomainName ipa_host_object_class (文字列) LDAP にあるホストエントリーのオブジェクトクラスです。 初期値: ipaHost ipa_host_fqdn (文字列) ホストの FQDN を含む LDAP 属性です。 初期値: fqdn ipa_selinux_usermap_object_class (文字列) LDAP にあるホストエントリーのオブジェクトクラスです。 初期値: ipaHost ipa_selinux_usermap_name (文字列) SELinux ユーザーマップの名前を含む LDAP 属性です。 初期値: cn ipa_selinux_usermap_member_user (文字列) このルールが一致するすべてのユーザー・グループを含む LDAP 属性です。 初期値: memberUser ipa_selinux_usermap_member_host (文字列) このルールが一致するホスト・ホストグループを含む LDAP 属性です。 初期値: memberHost ipa_selinux_usermap_see_also (文字列) memberUser と memberHost の代わりにマッチに使用される HBAC ルールの DN を含む LDAP 属性です。 初期値: seeAlso ipa_selinux_usermap_selinux_user (文字列) SELinux ユーザー文字列自身を含む LDAP 属性です。 初期値: ipaSELinuxUser ipa_selinux_usermap_enabled (文字列) ユーザーマップが使用するために有効化されているかどうかを含む LDAP 属性です。 初期値: ipaEnabledFlag ipa_selinux_usermap_user_category (文字列) 'all' のようなユーザーカテゴリーを含む LDAP 属性です。 初期値: userCategory ipa_selinux_usermap_host_category (文字列) 'all' のようなホストカテゴリーを含む LDAP 属性です。 初期値: hostCategory ipa_selinux_usermap_uuid (文字列) ユーザーマップの一意な ID を含む LDAP 属性です。 初期値: ipaUniqueID ipa_host_ssh_public_key (文字列) ホストの SSH 公開鍵を含む LDAP 属性です。 初期値: ipaSshPubKey SUBDOMAINS PROVIDER The IPA subdomains provider behaves slightly differently if it is configured explicitly or implicitly. 'subdomains_provider = ipa' オプションが sssd.conf のドメインのセクションに見つかれば、IPA サブドメインプロバイダーが明示的に設定されます。すべてのサブドメインのリクエストが必要に応じて IPA サーバーに送られます。 If the option 'subdomains_provider' is not set in the domain section of sssd.conf but there is the option 'id_provider = ipa', the IPA subdomains provider is configured implicitly. In this case, if a subdomain request fails and indicates that the server does not support subdomains, i.e. is not configured for trusts, the IPA subdomains provider is disabled. After an hour or after the IPA provider goes online, the subdomains provider is enabled again. 以下の例は、SSSD が正しく設定され、example.com が [sssd] セクションにあるドメインの 1 つであることを仮定しています。この例は IPA プロバイダー固有のオプションのみを示しています。 [domain/example.com] id_provider = ipa ipa_server = ipaserver.example.com ipa_hostname = myhost.example.com sssd-1.11.5/src/man/ja/PaxHeaders.13173/pam_sss.8.xml0000644000000000000000000000013212320753573020046 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/pam_sss.8.xml0000664002412700241270000001364512320753573020306 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ SSSD The SSSD upstream - http://fedorahosted.org/sssd pam_sss 8 pam_sss SSSD の PAM モジュール pam_sss.so quiet forward_pass use_first_pass use_authtok retry=N ignore_unknown_user 概要 pam_sss.so は System Security Services daemon (SSSD) への PAM インターフェースです。エラーと結果は syslog(3) を通して LOG_AUTHPRIV ファシリティでログ記録されます。 オプション 不明なユーザーのログメッセージを抑制します。 が設定されていると、他の PAM モジュールが使用するために、入力されたパスワードがスタックに置かれます。 引数 use_first_pass は強制的にモジュールが前にスタックされたモジュールのパスワードを使用して、ユーザーに入力させません。パスワードが何も利用可能ではない、またはパスワードが適切でなければ、ユーザーがアクセスを拒否されます。 パスワードを変更するとき、モジュールが強制的に新しいパスワードを、前にスタックされたパスワードモジュールに設定します。 指定されていると、認証に失敗した場合にパスワードをあと N 回ユーザーに問い合わせます。初期値は 0 です。 このオプションは、アプリケーションが呼び出す PAM が自身においてユーザーダイアログを処理すると仮定して動作しません。典型的な例は を用いた sshd です。 If this option is specified and the user does not exist, the PAM module will return PAM_IGNORE. This causes the PAM framework to ignore this module. 提供されるモジュール形式 すべてのモジュール形式 (, , および ) が提供されます。 ファイル 対応する SSSD プロバイダーがパスワードリセットをサポートしないため、root によるパスワードリセットが失敗すると、それぞれのメッセージが表示されます。たとえば、このメッセージはパスワードをリセットする方法に関する説明があります。 The message is read from the file pam_sss_pw_reset_message.LOC where LOC stands for a locale string returned by setlocale3 . If there is no matching file the content of pam_sss_pw_reset_message.txt is displayed. Root must be the owner of the files and only root may have read and write permissions while all other users must have only read permissions. これらのファイルがディレクトリー /etc/sssd/customize/DOMAIN_NAME/ において検索されます。一致するファイルがなければ、一般的なメッセージが表示されます。 sssd-1.11.5/src/man/ja/PaxHeaders.13173/sss_cache.8.xml0000644000000000000000000000013212320753573020334 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/sss_cache.8.xml0000664002412700241270000001513712320753573020572 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sss_cache 8 sss_cache キャッシュクリーンアップを実行する sss_cache options 概要 sss_cache は SSSD キャッシュにあるレコードを無効にします。無効化されたレコードは、関連する SSSD バックエンドがオンラインになるとすぐに、サーバーから強制的に再読み込みされます。 オプション , sudo ルール以外のすべてのキャッシュ項目を無効化します。 , login 特定のユーザーを無効にします。 , すべてのユーザーレコードを無効にします。このオプションも設定されていると、これが特定のユーザーの無効化を上書きします。 , group 特定のグループを無効にします。 , すべてのグループレコードを無効にします。このオプションも設定されていると、これが特定のグループの無効化を上書きします。 , netgroup 特定のネットワークグループを無効にします。 , すべてのネットワークグループレコードを無効にします。このオプションが設定されていると、これが特定のネットワークグループの無効化を上書きします。 , service 特定のサービスを無効化します。 , すべてのサービスレコードを無効にします。このオプションも設定されていると、これが特定のサービスの無効化を上書きします。 , autofs-map 特定の autofs マップを無効化します。 , すべての autofs マップを無効化します。このオプションは特定のマップが設定されていても、その無効化を上書きします。 , domain 無効化プロセスを特定のドメインのみに制限します。 sssd-1.11.5/src/man/ja/PaxHeaders.13173/sssd-krb5.5.xml0000644000000000000000000000013212320753573020213 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/sssd-krb5.5.xml0000664002412700241270000005647412320753573020462 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sssd-krb5 5 ファイル形式および変換 sssd-krb5 SSSD の設定ファイル 概要 このマニュアルは sssd 8 に対する Kerberos 5 認証バックエンドの設定を説明しています。詳細な構文の参考資料は、 sssd.conf 5 マニュアルページの ファイル形式 セクションを参照してください。 Kerberos 5 認証バックエンドは認証プロバイダーおよびパスワード変更プロバイダーを含みます。正しく機能するためには識別プロダイバーと組み合わせて使用する必要があります (たとえば、id_provider = ldap)。Kerberos 5 認証バックエンドにより必要とされるいくつかの情報は、ユーザーの Kerberos プリンシパル名 (UPN) のような、識別プロバイダーにより提供される必要があります。識別プロバイダーの設定は UPN を指定するためのエントリーがある必要があります。これを設定する方法に関する詳細は適用可能な識別プロバイダーのマニュアルページを参照してください。 このバックエンドは、ユーザーのホームディレクトリーにある .k5login ファイルに基づいたアクセス制御を提供します。詳細は .k5login5 を参照してください。空の .k5login ファイルがあると、このユーザーに対するすべてのアクセスが拒否されます。この機能を有効にするには、SSSD 設定において 'access_provider = krb5' を使用します。 UPN が識別バックエンド sssd において利用できない場合は、形式 username@krb5_realm を使用して UPN を構築します。 設定オプション 認証モジュール krb5 が SSSD ドメインにおいて使用されていると、以下のオプションを使用する必要があります。 SSSD ドメインの設定における詳細は sssd.conf 5 マニュアルページの ドメインセクション を参照してください。 krb5_server, krb5_backup_server (文字列) SSSD が接続したい AD サーバー(優先順)の IP アドレスまたはホスト名のカンマ区切り一覧を指定します。フェールオーバーおよびサーバー冗長化に関する詳細は FAILOVER セクションを参照してください。ポート番号(コロンの後ろ)をオプションとして、アドレスやホスト名の後ろに付けることもできます。これが無ければ、サービス探索が有効になっています。詳細は サービス探索 のセクションを参照してください。 KDC または kpasswd サーバーに対してサービス検索を使用するとき、SSSD はまずプロトコルとして _udp を指定する DNS エントリーを検索して、何も見つからなければ _tcp にフォールバックします。 このオプションは以前の SSSD において krb5_kdcip という名前でした。古い名前がしばらく認められる間、ユーザーは代わりに krb5_server を使用するよう設定ファイルを移行することが推奨されます。 krb5_realm (文字列) Kerberos レルムの名前です。このオプションは指定する必要があります。 krb5_kpasswd, krb5_backup_kpasswd (文字列) パスワード変更サービスが KDC において実行されていなければ、代替サーバーがここで指定できます。オプションのポート番号が(コロンに続けて)アドレスまたはホスト名に追加できます。 フェイルオーバーとサーバー冗長性に関する詳細は、フェイルオーバーのセクションを参照してください。注:KDC に対する認証がまだ可能であるならば、たとえすべての kpasswd サーバーがなかったとしても、バックエンドをオフラインに切り替えないことに注意してください。 初期値: KDC を使用します krb5_ccachedir (文字列) Directory to store credential caches. All the substitution sequences of krb5_ccname_template can be used here, too, except %d and %P. The directory is created as private and owned by the user, with permissions set to 0700. 初期値: /tmp krb5_ccname_template (文字列) Location of the user's credential cache. Three credential cache types are currently supported: FILE, DIR and KEYRING:persistent. The cache can be specified either as TYPE:RESIDUAL, or as an absolute path, which implies the FILE type. In the template, the following sequences are substituted: %u ログイン名 %U ログイン UID %p プリンシパル名 %r レルム名 %h ホームディレクトリー %d krb5ccache_dir の値 %P SSSD クライアントのプロセス ID %% 文字 '%' If the template ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe way. When using KEYRING types, the only supported mechanism is KEYRING:persistent:%U, which uses the Linux kernel keyring to store credentials on a per-UID basis. This is also the recommended choice, as it is the most secure and predictable method. The default value for the credential cache name is sourced from the profile stored in the system wide krb5.conf configuration file in the [libdefaults] section. The option name is default_ccache_name. See krb5.conf(5)'s PARAMETER EXPANSION paragraph for additional information on the expansion format defined by krb5.conf. Default: (from libkrb5) krb5_auth_timeout (整数) オンライン認証またはパスワード変更要求が中止された後の秒単位のタイムアウトです。可能ならば、認証要求がオフラインで継続されます。 初期値: 6 krb5_validate (論理値) Verify with the help of krb5_keytab that the TGT obtained has not been spoofed. The keytab is checked for entries sequentially, and the first entry with a matching realm is used for validation. If no entry matches the realm, the last entry in the keytab is used. This process can be used to validate environments using cross-realm trust by placing the appropriate keytab entry as the last entry or the only entry in the keytab file. 初期値: false krb5_keytab (文字列) KDC から取得したクレディンシャルを検証するときに使用されるキーテーブルの場所です。 初期値: /etc/krb5.keytab krb5_store_password_if_offline (論理値) Store the password of the user if the provider is offline and use it to request a TGT when the provider comes online again. NOTE: this feature is only available on Linux. Passwords stored in this way are kept in plaintext in the kernel keyring and are potentially accessible by the root user (with difficulty). 初期値: false krb5_renewable_lifetime (文字列) Request a renewable ticket with a total lifetime, given as an integer immediately followed by a time unit: 秒は s 分は m 時間は h 日は d 単位が指定されていないと、s と仮定されます。 注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に指定したい場合、'1h30m' の代わりに '90m' を使用します。 初期値: 設定されません、つまり TGT は更新可能ではありません krb5_lifetime (文字列) Request ticket with a lifetime, given as an integer immediately followed by a time unit: 秒は s 分は m 時間は h 日は d 単位が指定されていないと、s と仮定されます。 注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に指定したい場合、'1h30m' の代わりに '90m' を使用してください。 初期値: 設定されません、つまり KDC において設定されているチケット有効期間の初期値です。 krb5_renew_interval (文字列) The time in seconds between two checks if the TGT should be renewed. TGTs are renewed if about half of their lifetime is exceeded, given as an integer immediately followed by a time unit: 秒は s 分は m 時間は h 日は d 単位が指定されていないと、s と仮定されます。 注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に指定したい場合、'1h30m' の代わりに '90m' を使用します。 このオプションが設定されていない場合、または 0 に設定されている場合、自動更新は無効になります。 初期値: 設定されません krb5_use_fast (文字列) Kerberos の事前認証のために flexible authentication secure tunneling (FAST) を有効化します。以下のオプションがサポートされます: never は FAST を使用します。このオプションを何も設定しないことと同等です。 try は FAST を使用します。サーバーが FAST をサポートしていなければ、FAST を使用せずに認証を続行します。 demand は FAST を使用します。サーバーが FAST を要求しなければ、認証が失敗します。 初期値: 設定されません、つまり FAST が使用されません。 注: キーテーブルは FAST を使用する必要があります。 注: SSSD は MIT Kerberos バージョン 1.8 およびそれ以降のみで FAST をサポートします。SSSD が古いバージョンの MIT Kerberos を使用している場合、このオプションを使用すると設定エラーになります。 krb5_fast_principal (文字列) FAST に対して使用するサーバープリンシパルを指定します。 krb5_canonicalize (論理値) ホストとユーザーのプリンシパルが正規化されるかどうかを指定します。この機能は MIT Kerberos 1.7 およびそれ以降で利用可能です。 初期値: false krb5_use_kdcinfo (論理値) Specifies if the SSSD should instruct the Kerberos libraries what realm and which KDCs to use. This option is on by default, if you disable it, you need to configure the Kerberos library using the krb5.conf 5 configuration file. 位置情報プラグインの詳細は sssd_krb5_locator_plugin 8 マニュアルページを参照ください。 初期値: true krb5_use_enterprise_principal (論理値) ユーザープリンシパルをエンタープライズプリンシパルとして取り扱うかどうかを指定します。エンタープライズプリンシパルの詳細は RFC 6806 のセクション 5 を参照してください。 Default: false (AD provider: true) 以下の例は、SSSD が正しく設定され、FOO が [sssd] セクションにあるドメインの 1 つであると仮定しています。この例は Kerberos 認証の設定のみを示し、識別プロバイダーを何も含みません。 [domain/FOO] auth_provider = krb5 krb5_server = 192.168.1.1 krb5_realm = EXAMPLE.COM sssd-1.11.5/src/man/ja/PaxHeaders.13173/sss_ssh_knownhostsproxy.1.xml0000644000000000000000000000013212320753573023456 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/sss_ssh_knownhostsproxy.1.xml0000664002412700241270000000732612320753573023715 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sss_ssh_knownhostsproxy 1 sss_ssh_knownhostsproxy OpenSSH ホストキーを取得します sss_ssh_knownhostsproxy options HOST PROXY_COMMAND 概要 sss_ssh_knownhostsproxy はホスト HOST の SSH ホスト鍵を取得して、個別の OpenSSH known_hosts ファイル (詳細は sshd 8SSH_KNOWN_HOSTS FILE FORMAT セクションを参照してください) /var/lib/sss/pubconf/known_hosts に保存して、ホストへの接続を確立します。 PROXY_COMMAND が指定されていると、ソケットを開く代わりにホストへの接続を作成するために使用されます。 ssh 1ssh 1 設定に対して以下のディレクティブを使用することにより、ホストキー認証に sss_ssh_knownhostsproxy を使用するために設定できます: ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts オプション , PORT ホストに接続するためにポート PORT を使用します。初期値ではポート 22 が使用されます。 , DOMAIN SSSD ドメイン DOMAIN においてホスト公開鍵を検索します。 終了コード In case of success, an exit value of 0 is returned. Otherwise, 1 is returned. sssd-1.11.5/src/man/ja/PaxHeaders.13173/sssd.conf.5.xml0000644000000000000000000000013212320753573020276 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/sssd.conf.5.xml0000664002412700241270000025276212320753573020543 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sssd.conf 5 ファイル形式および変換 sssd.conf SSSD の設定ファイル ファイルフォーマット ファイルは ini 形式の構文を持ち、セクションとパラメーターから構成されます。セクションは角括弧にあるセクション名から始まり、次のセクションが始まるまで続きます。 1 つセクションと複数の値を持つパラメーターの例: [section] key = value key2 = value2,value3 使用されるデータ形式は、文字列(引用符は不要)、整数および論理値(TRUE/FALSE の値)です。 A line comment starts with a hash sign (#) or a semicolon (;). Inline comments are not supported. すべてのセクションはオプションの description パラメーターを持てます。その機能はセクションのラベルとしてのみです。 sssd.conf は、root により所有され、root のみが読み書きできる、通常のファイルである必要があります。 特別セクション [sssd] セクション SSSD の機能の各部分は SSSD と一緒に開始および停止される特別な SSSD サービスにより提供されます。特別なサービスにより管理されるサービスはよくモニターと呼ばれます。[sssd] セクションは、モニターだけでなく、識別ドメインのような他の重要なオプションを設定するために使用されます。 セクションのパラメーター config_file_version (整数) 設定ファイルの構文が何であるカを指示します。SSSD 0.6.0 およびそれ以降はバージョン 2 を使用します。 services sssd 自身が開始するときに開始されるサービスのカンマ区切り一覧です。 サポートされるサービス: nss, pam , sudo , autofs , ssh , pac reconnection_retries (整数) データプロバイダーがクラッシュまたは再起動した場合、サービスが再接続をあきらめる前に試行する回数です。 初期値: 3 domains ドメインはユーザー情報を含むデータベースです。SSSD は同時に複数のドメインを使用できますが、少なくとも一つを設定する必要があります。さもなければ SSSD は開始できません。このパラメーターは検索したいドメインの一覧を表します。ドメイン名は ASCII 英数字、ダッシュ (-) およびアンダースコア (_) のみを使用できます。 re_expression (文字列) Default regular expression that describes how to parse the string containing user name and domain into these components. Each domain can have an individual regular expression configured. For some ID providers there are also default regular expressions. See DOMAIN SECTIONS for more info on these regular expressions. full_name_format (文字列) ユーザー名とドメイン名のコンポーネントから完全修飾名を表現する方法を表す printf 3 互換形式。 以下の拡張モジュールがサポートされます: %1$s ユーザー名 %2$s SSSD 設定ファイルにおいて指定されるドメイン名。 %3$s domain flat name. Mostly usable for Active Directory domains, both directly configured or discovered via IPA trusts. Each domain can have an individual format string configured. see DOMAIN SECTIONS for more info on this option. try_inotify (論理値) SSSD は、内部 DNS リゾルバーを更新する必要となるときを認識するために、resolv.conf の状態を監視します。初期状態では、このために inotify を使用しようとします。inotify が使用できない場合 5 秒ごとに resolv.conf をポーリングするようフォールバックします。 inotify を使用することをスキップすることが望ましい、いくつかの制限された状況があります。これらの珍しい場合では、このオプションが 'false' に設定されるべきです 初期値: inotify がサポートされるプラットフォームにおいては真です。他のプラットフォームにおいては偽です。 注: このオプションは inotify が利用不可能なプラットフォームにおいて効果がありません。これらのプラットフォームにおいては、ポーリングが常に使用されます。 krb5_rcache_dir (文字列) SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレクトリーです。 このオプションは、libkrb5 がリプレイキャッシュに対する適切な場所を決められるよう SSSD に指示する、特別な値 __LIBKRB5_DEFAULTS__ を受け付けます。 初期値: ディストリビューション固有かつ構築時に指定されます。 (設定されていなければ __LIBKRB5_DEFAULTS__ です) default_domain_suffix (文字列) This string will be used as a default domain name for all names without a domain name component. The main use case is environments where the primary domain is intended for managing host policies and all users are located in a trusted domain. The option allows those users to log in just with their user name without giving a domain name as well. Please note that if this option is set all users from the primary domain have to use their fully qualified name, e.g. user@domain.name, to log in. 初期値: 設定されません サービスセクション 異なるサービスを設定するために使用される設定がこのセクションに記述されます。それらは [$NAME] セクションに置かれます。たとえば、NSS サービスは [nss] セクションです サービス設定の全体オプション これらのオプションはすべてのサービスを設定するために使用できます。 debug_level (整数) debug_timestamps (論理値) デバッグメッセージに日時を追加します 初期値: true debug_microseconds (論理値) デバッグメッセージの日時にマイクロ秒を追加します 初期値: false timeout (整数) Timeout in seconds between heartbeats for this service. This is used to ensure that the process is alive and capable of answering requests. 初期値: 10 reconnection_retries (整数) データプロバイダーがクラッシュまたは再起動した場合、サービスが再接続をあきらめる前に試行する回数です。 初期値: 3 fd_limit This option specifies the maximum number of file descriptors that may be opened at one time by this SSSD process. On systems where SSSD is granted the CAP_SYS_RESOURCE capability, this will be an absolute setting. On systems without this capability, the resulting value will be the lower value of this or the limits.conf "hard" limit. Default: 8192 (or limits.conf "hard" limit) client_idle_timeout このオプションは、SSSD プロセスのクライアントがそれとコミュニケーションなしでファイル記述子に保持できる秒数を指定します。この値はシステムのリソース枯渇を避けるために制限されます。 初期値: 60 force_timeout (整数) If a service is not responding to ping checks (see the timeout option), it is first sent the SIGTERM signal that instructs it to quit gracefully. If the service does not terminate after force_timeout seconds, the monitor will forcibly shut it down by sending a SIGKILL signal. 初期値: 60 NSS 設定オプション これらのオプションは Name Service Switch (NSS) サービスを設定するために使用できます。 enum_cache_timeout (整数) nss_sss が列挙をキャッシュする秒数です(すべてのユーザーに関する情報に対する要求)。 初期値: 120 entry_cache_nowait_percentage (整数) エントリーキャッシュは、ドメインに対して entry_cache_timeout の値を超えて要求された場合に、バックグラウンドでエントリーを自動的に更新するよう設定できます。 たとえば、ドメインの entry_cache_timeout が 30s に設定され、entry_cache_nowait_percentage が 50 (%) に設定されていると、エントリーが 15 秒経過後にきて、最新の更新キャッシュが直ちに返されます。しかし、SSSD が自身にキャッシュされ、更新されます。そのため、その先の要求はキャッシュ更新を待つことをブロックする必要がありません。 このオプションに対して有効な値は 0-99 です。各ドメインに対する entry_cache_timeout のパーセンテージを表します。性能上の理由から、このパーセンテージは 10 秒よりも小さく nowait タイムアウトを減らすべきではありません。(0 はこの機能を無効にします) 初期値: 50 entry_negative_timeout (整数) nss_sss が再びバックエンドに問い合わせる前にネガティブキャッシュヒット(つまり、存在しないドメインのように、無効なデータベースエントリーに対する問い合わせ)をキャッシュする秒数を指定します。 初期値: 15 filter_users, filter_groups (文字列) sss NSS データベースから取り出されたものから特定のユーザーを除外します。これはとくにシステムアカウントに対して有効です。このオプションはドメインごとに設定できます。または特定のドメインからユーザーのみをフィルターするために完全修飾名を含めることができます。 初期値: root filter_users_in_groups (論理値) フィルターされたユーザーがまだグループメンバーのままにしたいならば、このオプションを偽に設定します。 初期値: true fallback_homedir (文字列) ドメインのデータプロバイダーにより明示的に指定されていない場合に、ユーザーのホームディレクトリーの標準テンプレートを設定します。 このオプションに対して利用可能なオプションは override_homedir に対するものと同じです。 例: fallback_homedir = /home/%u 初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし) override_shell (文字列) Override the login shell for all users. This option supersedes any other shell options if it takes effect and can be set either in the [nss] section or per-domain. 初期値: 設定なし (SSSD は LDAP から取得された値を使用します) allowed_shells (文字列) ユーザーのシェルを一覧にある値のどれかに制限します。評価の順番は次のとおりです: 1. シェルが /etc/shells に存在すると、それが使用されます。 2. シェルが allowed_shells 一覧にあるが、/etc/shells になければ、shell_fallback パラメーターの値を使用します。 3. シェルが allowed_shells 一覧になく、/etc/shells にもなければ、nologin シェルが使用されます。 シェルの空文字列は libc にそのまま渡されます。 /etc/shells は SSSD が開始されるときにのみ読み込まれます。これは新しいシェルがインストールされた場合 SSSD の再起動が必要になることを意味します。 初期値: 設定されません。ユーザーシェルが自動的に使用されます。 vetoed_shells (文字列) これらのシェルのインスタンスをすべて shell_fallback に置き換えます shell_fallback (文字列) 許可されたシェルがマシンにインストールされていない場合に使用する標準シェルです。 初期値: /bin/sh default_shell The default shell to use if the provider does not return one during lookup. This option can be specified globally in the [nss] section or per-domain. Default: not set (Return NULL if no shell is specified and rely on libc to substitute something sensible when necessary, usually /bin/sh) get_domains_timeout (整数) Specifies time in seconds for which the list of subdomains will be considered valid. 初期値: 60 memcache_timeout (整数) Specifies time in seconds for which records in the in-memory cache will be valid 初期値: 300 PAM 設定オプション これらのオプションは Pluggable Authentication Module (PAM) サービスを設定するために使用できます。 offline_credentials_expiration (整数) 認証プロバイダーがオフラインの場合に、キャッシュログインを許可する時間(オンラインログインの最終成功からの日数)です。 初期値: 0 (無制限) offline_failed_login_attempts (整数) 認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。 初期値: 0 (無制限) offline_failed_login_delay (整数) 新しいログイン試行が可能になる前に offline_failed_login_attempts に達した後に渡される分単位の時間です。 0 に設定されていると、offline_failed_login_attempts に達した場合、ユーザーがオフライン認証できません。オンライン認証に成功すると、再びオフライン認証を有効にできます。 初期値: 5 pam_verbosity (整数) 認証中にユーザーに表示されるメッセージの種類を制御します。数字が大きければ大きいほどメッセージが表示されます。 現在 sssd は以下の値をサポートします: 0: 何もメッセージを表示しない 1: 重要なメッセージのみを表示する 2: 情報レベルのメッセージを表示する 3: すべてのメッセージとデバッグ情報を表示する 初期値: 1 pam_id_timeout (整数) SSSD がオンラインの間はすべての PAM 要求に対して、ユーザーが最新の情報で認証されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。 完全な PAM のやりとりは、アカウント管理やセッション開始のように、複数の PAM 要求を実行できます。このオプションは、識別プロバイダーに対する過剰なラウンドトリップを避けるために識別情報をキャッシュできる時間(秒数)を(クライアントアプリケーションごとに)制御します。 初期値: 5 pam_pwd_expiration_warning (整数) パスワードの期限が切れる前に N 日間警告を表示します。 バックエンドのサーバーがパスワードの有効期間に関する情報を提供する必要があることに注意してください。この情報がなければ、sssd は警告を表示します。 If zero is set, then this filter is not applied, i.e. if the expiration warning was received from backend server, it will automatically be displayed. This setting can be overridden by setting pwd_expiration_warning for a particular domain. 初期値: 0 get_domains_timeout (整数) Specifies time in seconds for which the list of subdomains will be considered valid. 初期値: 60 SUDO 設定オプション これらのオプションは sudo サービスを設定するために使用されます。 sudo_timed (論理値) 時間依存の sudoers エントリーを実装する sudoNotBefore と sudoNotAfter の属性を評価するかしないかです。 初期値: false Autofs 設定オプション これらのオプションが autofs サービスを設定するために使用されます。 autofs_negative_timeout (整数) autofs レスポンダーのネガティブキャッシュ(つまり、存在しないもののように、無効なマップエントリーに対する問い合わせ)が再びバックエンドに問い合わせる前にヒットする秒数を指定します。 初期値: 15 SSH 設定オプション これらのオプションは SSH サービスを設定するために使用されます。 ssh_hash_known_hosts (論理値) Whether or not to hash host names and addresses in the managed known_hosts file. 初期値: true ssh_known_hosts_timeout (整数) How many seconds to keep a host in the managed known_hosts file after its host keys were requested. 初期値: 180 PAC responder configuration options The PAC responder works together with the authorization data plugin for MIT Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the PAC data during a GSSAPI authentication to the PAC responder. The sub-domain provider collects domain SID and ID ranges of the domain the client is joined to and of remote trusted domains from the local domain controller. If the PAC is decoded and evaluated some of the following operations are done: If the remote user does not exist in the cache, it is created. The uid is determined with the help of the SID, trusted domains will have UPGs and the gid will have the same value as the uid. The home directory is set based on the subdomain_homedir parameter. The shell will be empty by default, i.e. the system defaults are used, but can be overwritten with the default_shell parameter. If there are SIDs of groups from domains sssd knows about, the user will be added to those groups. These options can be used to configure the PAC responder. allowed_uids (文字列) Specifies the comma-separated list of UID values or user names that are allowed to access the PAC responder. User names are resolved to UIDs at startup. Default: 0 (only the root user is allowed to access the PAC responder) Please note that although the UID 0 is used as the default it will be overwritten with this option. If you still want to allow the root user to access the PAC responder, which would be the typical case, you have to add 0 to the list of allowed UIDs as well. ドメインセクション これらの設定オプションはドメイン設定のセクション、つまり [domain/NAME] に存在します min_id,max_id (整数) ドメインに対する UID と GID の制限です。ドメインがこれらの制限の外にあるエントリーを含む場合、それは無視されます。 ユーザーに対して、これはプライマリー GID 制限に影響します。 UID またはプライマリー GID が範囲外ならば、ユーザーは NSS に返されません。非プライマリーメンバーに対して、範囲内にあるものは予期されたものとして報告されます。 These ID limits affect even saving entries to cache, not only returning them by name or ID. 初期値: min_id は 1, max_id は 0 (無制限) enumerate (論理値) ドメインが列挙できるかを決定します。このパラメーターは以下の値のどれかである必要があります: TRUE = ユーザーとグループが列挙されます FALSE = このドメインに対して列挙しません 初期値: FALSE Note: Enabling enumeration has a moderate performance impact on SSSD while enumeration is running. It may take up to several minutes after SSSD startup to fully complete enumerations. During this time, individual requests for information will go directly to LDAP, though it may be slow, due to the heavy enumeration processing. Saving a large number of entries to cache after the enumeration completes might also be CPU intensive as the memberships have to be recomputed. 最初の列挙が実行中の間、完全なユーザーまたはグループの一覧に対する要求は、それが完了するまで結果を返しません。 さらに、列挙を有効にすることにより、挙の検索が確実に正しく完了するよりも長くする必要があるので、ネットワーク切断を検知するために必要な時間が増える可能性があります。詳細は使用している具体的な id_provider のマニュアルページを参照してください。 For the reasons cited above, enabling enumeration is not recommended, especially in large environments. subdomain_enumerate (string) Whether any of autodetected trusted domains should be enumerated. The supported values are: all All discovered trusted domains will be enumerated none No discovered trusted domains will be enumerated Optionally, a list of one or more domain names can enable enumeration just for these trusted domains. 初期値: none force_timeout (整数) If a service is not responding to ping checks (see the timeout option), it is first sent the SIGTERM signal that instructs it to quit gracefully. If the service does not terminate after force_timeout seconds, the monitor will forcibly shut it down by sending a SIGKILL signal. 初期値: 60 entry_cache_timeout (整数) nss_sss が再びバックエンドに問い合わせる前にエントリーを有効であると考える秒数です。 The cache expiration timestamps are stored as attributes of individual objects in the cache. Therefore, changing the cache timeout only has effect for newly added or expired entries. You should run the sss_cache 8 tool in order to force refresh of entries that have already been cached. 初期値: 5400 entry_cache_user_timeout (整数) nss_sss が再びバックエンドに問い合わせる前にユーザーエントリーを有効であると考える秒数です。 初期値: entry_cache_timeout entry_cache_group_timeout (整数) nss_sss が再びバックエンドに問い合わせる前にグループエントリーを有効であると考える秒数です。 初期値: entry_cache_timeout entry_cache_netgroup_timeout (整数) nss_sss が再びバックエンドに問い合わせる前にネットワークグループエントリーを有効であると考える秒数です。 初期値: entry_cache_timeout entry_cache_service_timeout (整数) nss_sss が再びバックエンドに問い合わせる前にサービスエントリーを有効であると考える秒数です。 初期値: entry_cache_timeout entry_cache_sudo_timeout (integer) How many seconds should sudo consider rules valid before asking the backend again 初期値: entry_cache_timeout entry_cache_autofs_timeout (整数) How many seconds should the autofs service consider automounter maps valid before asking the backend again 初期値: entry_cache_timeout refresh_expired_interval (整数) Specifies how many seconds SSSD has to wait before refreshing expired records. Currently only refreshing expired netgroups is supported. You can consider setting this value to 3/4 * entry_cache_timeout. 初期値: 0 (無効) cache_credentials (論理値) ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうかを決めます ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます 初期値: FALSE account_cache_expiration (整数) 正常にログイン後、キャッシュのクリーンアップ中にエントリーが削除される前の日数です。 0 は永久に保持することを意味します。このパラメーターの値は offline_credentials_expiration と同等以上でなければいけません。 初期値: 0 (無制限) pwd_expiration_warning (整数) パスワードの期限が切れる前に N 日間警告を表示します。 If zero is set, then this filter is not applied, i.e. if the expiration warning was received from backend server, it will automatically be displayed. Please note that the backend server has to provide information about the expiration time of the password. If this information is missing, sssd cannot display a warning. Also an auth provider has to be configured for the backend. 初期値: 7 (Kerberos), 0 (LDAP) id_provider (文字列) ドメインに対して使用される識別子プロバイダーです。サポートされる ID プロバイダーは次のとおりです: proxy: レガシーな NSS プロバイダーのサポート local: ローカルユーザー向け SSSD 内部プロバイダー ldap: LDAP プロバイダー。LDAP の設定に関する詳細は sssd-ldap 5 を参照してください。 ipa: FreeIPA および Red Hat Enterprise Identity Management プロバイダー。FreeIPA の設定に関する詳細は sssd-ipa 5 を参照してください。 ad: Active Directory プロバイダー。Active Directory の設定に関する詳細は sssd-ad 5 を参照してください。 use_fully_qualified_names (論理値) NSS に報告するユーザーのログイン名としてフルネームとドメイン (ドメインの完全名形式により整形されたように) を使用します。 TRUE に設定されていると、このドメインへのすべての要求は完全修飾名を使用する必要があります。たとえば、 "test" ユーザーを含む LOCAL ドメインにおいて使用されていると、getent passwd test はユーザーを見つけられませんが、getent passwd test@LOCAL は見つけられます。 NOTE: This option has no effect on netgroup lookups due to their tendency to include nested netgroups without qualified names. For netgroups, all domains will be searched when an unqualified name is requested. 初期値: FALSE ignore_group_members (論理値) Do not return group members for group lookups. If set to TRUE, the group membership attribute is not requested from the ldap server, and group members are not returned when processing group lookup calls. 初期値: FALSE auth_provider (文字列) ドメインに対して使用される認証プロバイダーです。サポートされる認証プロバイダーは次のとおりです: ldap は本来の LDAP 認証向けです。LDAP の設定に関する詳細は sssd-ldap 5 を参照してください。 krb5 は Kerberos 認証向けです。Kerberos の設定に関する詳細は sssd-krb5 5 を参照してください。 ipa: FreeIPA および Red Hat Enterprise Identity Management プロバイダー。FreeIPA の設定に関する詳細は sssd-ipa 5 を参照してください。 ad: Active Directory プロバイダー。Active Directory の設定に関する詳細は sssd-ad 5 を参照してください。 proxy はいくつかの他の PAM ターゲットに認証を中継します。 none は明示的に認証を無効化します。 初期値: id_provider が設定され、認証要求を取り扱うことができるならば、それが使用されます。 access_provider (文字列) ドメインに対して使用されるアクセス制御プロバイダーです。 2 つの組み込みアクセスプロバイダーがあります(インストールされたバックエンドに含まれるすべてを加えます)。内部の特別プロバイダーは次のとおりです: permit は常にアクセスを許可します。ローカルドメインに対するプロバイダーのみアクセスが許可されます。 deny は常にアクセスを拒否します。 ldap は本来の LDAP 認証向けです。LDAP の設定に関する詳細は sssd-ldap 5 を参照してください。 ipa: FreeIPA および Red Hat Enterprise Identity Management プロバイダー。FreeIPA の設定に関する詳細は sssd-ipa 5 を参照してください。 ad: Active Directory プロバイダー。Active Directory の設定に関する詳細は sssd-ad 5 を参照してください。 simple アクセス制御はアクセスまたは拒否の一覧に基づきます。simple アクセスモジュールの設定に関する詳細は sssd-simple 5 を参照してください。 初期値: permit chpass_provider (文字列) ドメインに対するパスワード変更操作を取り扱うプロバイダーです。サポートされるパスワード変更プロバイダーは次のとおりです: ldap は LDAP サーバーに保存されているパスワードを変更します。 LDAP の設定に関する詳細は sssd-ldap 5 を参照してください。 krb5 は Kerberos のパスワードを変更します。 Kerberos の設定に関する詳細は sssd-krb5 5 を参照してください。 ipa: FreeIPA および Red Hat Enterprise Identity Management プロバイダー。FreeIPA の設定に関する詳細は sssd-ipa 5 を参照してください。 ad: Active Directory プロバイダー。Active Directory の設定に関する詳細は sssd-ad 5 を参照してください。 proxy はいくつかの他の PAM ターゲットにパスワードの変更を中継します。 none は明示的にパスワードの変更を無効化します。 初期値: auth_provider が設定され、パスワードの変更要求を取り扱うことができるならば、それが使用されます。 sudo_provider (文字列) ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダーは次のとおりです: ldap は LDAP に保存されているルールのためです。LDAP の設定に関する詳細は sssd-ldap 5 を参照します。 ipa the same as ldap but with IPA default settings. ad the same as ldap but with AD default settings. none は SUDO を明示的に無効化します。 初期値: id_provider の値が設定されていると使用されます。 selinux_provider (文字列) The provider which should handle loading of selinux settings. Note that this provider will be called right after access provider ends. Supported selinux providers are: ipa to load selinux settings from an IPA server. See sssd-ipa 5 for more information on configuring IPA. none disallows fetching selinux settings explicitly. Default: id_provider is used if it is set and can handle selinux loading requests. subdomains_provider (文字列) The provider which should handle fetching of subdomains. This value should be always the same as id_provider. Supported subdomain providers are: ipa to load a list of subdomains from an IPA server. See sssd-ipa 5 for more information on configuring IPA. none はサブドメインの取り出しを明示的に無効化します。 初期値: id_provider の値が設定されていると使用されます。 autofs_provider (文字列) ドメインに対して使用される autofs プロバイダーです。 サポートされる autofs プロバイダーは次のとおりです: ldap は LDAP に保存されているマップを読み込みます。LDAP の設定に関する詳細は sssd-ldap 5 を参照してください。 ipa は IPA サーバーに保存されているマップを読み込みます。IPA の設定に関する詳細は sssd-ipa 5 を参照してください。 none は明示的に autofs を無効にします。 初期値: id_provider の値が設定されていると使用されます。 hostid_provider (文字列) ホスト識別情報を取得するために使用されるプロバイダーです。 サポートされる hostid プロバイダーは次のとおりです: ipa は IPA サーバーに保存されているホスト識別子を読み込みます。IPA の設定に関する詳細は sssd-ipa 5 を参照してください。 none は明示的に hostid を無効にします。 初期値: id_provider の値が設定されていると使用されます。 re_expression (文字列) Regular expression for this domain that describes how to parse the string containing user name and domain into these components. The "domain" can match either the SSSD configuration domain name, or, in the case of IPA trust subdomains and Active Directory domains, the flat (NetBIOS) name of the domain. Default for the AD and IPA provider: (((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$)) which allows three different styles for user names: username username@domain.name domain\username While the first two correspond to the general default the third one is introduced to allow easy integration of users from Windows domains. 初期値: (?P<name>[^@]+)@?(?P<domain>[^@]*$) です。"the name is everything up to the @ sign, the domain everything after that" に解釈されます。 PLEASE NOTE: the support for non-unique named subpatterns is not available on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre version 7 or higher can support non-unique named subpatterns. 関連注記: 古いバージョンの libpcre はサブパターンをラベル付けするために Python 構文 (?P<name>) のみをサポートします。 full_name_format (文字列) ユーザー名とドメイン名のコンポーネントから完全修飾名を表現する方法を表す printf 3 互換形式。 以下の拡張モジュールがサポートされます: %1$s ユーザー名 %2$s SSSD 設定ファイルにおいて指定されるドメイン名。 %3$s domain flat name. Mostly usable for Active Directory domains, both directly configured or discovered via IPA trusts. 初期値: %1$s@%2$s. lookup_family_order (文字列) DNS 検索を実行するときに使用する、優先アドレスファミリーを選択する機能を提供します。 サポートする値: ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。 ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。 ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。 ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。 初期値: ipv4_first dns_resolver_timeout (整数) DNS リゾルバーが到達不可能であると仮定するまでに、そこからの応答を待つ時間(秒単位)を定義します。このタイムアウトに達すると、ドメインはオフラインモードにて操作を継続します。 初期値: 6 dns_discovery_domain (文字列) サービス検索がバックエンドで使用されていると、サービス検索 DNS クエリーのドメイン部分を指定します。 初期値: マシンのホスト名のドメイン部分を使用します override_gid (整数) プライマリー GID の値を指定されたもので上書きします。 case_sensitive (論理値) ユーザー名とグループ名が大文字小文字を区別するよう取り扱います。今のところ、このオプションはローカルプロバイダーにおいてサポートされません。 初期値: True proxy_fast_alias (論理値) When a user or group is looked up by name in the proxy provider, a second lookup by ID is performed to "canonicalize" the name in case the requested name was an alias. Setting this option to true would cause the SSSD to perform the ID lookup from cache for performance reasons. 初期値: false subdomain_homedir (文字列) Use this homedir as default value for all subdomains within this domain in IPA AD trust. See override_homedir for info about possible values. In addition to those, the expansion below can only be used with subdomain_homedir. %F サブドメインのフラット (NetBIOS) 名。 値は override_homedir オプションにより上書きできます。 初期値: /home/%d/%u realmd_tags (文字列) Various tags stored by the realmd configuration service for this domain. プロキシドメインに対して有効なオプションです。 proxy_pam_target (文字列) 中継するプロキシターゲット PAM です。 初期値: 設定されません。既存の PAM 設定を使用するか、新しく作成してサービス名をここに追加する必要があります。 proxy_lib_name (文字列) プロキシードメインにおいて使用する NSS ライブラリーの名前です。ライブラリーにおいて検索する NSS 関数は _nss_$(libName)_$(function) の形式です。たとえば _nss_files_getpwent です。 ローカルドメインのセクション このセクションは、ユーザーとグループを SSSD ネイティブデータベースに保存するドメイン、つまり、 id_provider=local を使用するドメインに対する設定を含みます。 セクションのパラメーター default_shell (文字列) SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。 初期値: /bin/bash base_directory (文字列) ツールがログイン名を base_directory に追加して、ホームディレクトリーとして使用します。 初期値: /home create_homedir (論理値) 初期状態で新規ユーザーに対するホームディレクトリーが作成されるかを指示します。コマンドラインにおいて上書きできます。 初期値: TRUE remove_homedir (論理値) 初期状態で新規ユーザーに対するホームディレクトリーが削除されるかを指示します。コマンドラインにおいて上書きできます。 初期値: TRUE homedir_umask (整数) 新規に作成されるホームディレクトリーにパーミッションの初期値を指定するために sss_useradd 8 により使用されます。 初期値: 077 skel_dir (文字列) ホームディレクトリーが sss_useradd 8 により作成されるとき、ユーザーのホームディレクトリーにコピーされるファイルおよびディレクトリーを含む、スケルトンディレクトリーです。 初期値: /etc/skel mail_dir (文字列) メールスプールディレクトリーです。これに対応するユーザーアカウントが変更または削除されたとき、これを操作する必要があります。指定されていなければ、初期値が使用されます。 初期値: /var/mail userdel_cmd (文字列) ユーザーの削除後に実行されるコマンドです。コマンドは最初の唯一のパラメーターとして削除されるユーザーのユーザー名を渡します。コマンドの返り値は考慮されません。 初期値: なし、コマンドを実行しません 以下の例は SSSD の一般的な設定を示します。ドメイン自身の設定を説明していません - ドメインの設定に関する詳細はドキュメントを参照してください。 [sssd] domains = LDAP services = nss, pam config_file_version = 2 [nss] filter_groups = root filter_users = root [pam] [domain/LDAP] id_provider = ldap ldap_uri = ldap://ldap.example.com ldap_search_base = dc=example,dc=com auth_provider = krb5 krb5_server = kerberos.example.com krb5_realm = EXAMPLE.COM cache_credentials = true min_id = 10000 max_id = 20000 enumerate = False sssd-1.11.5/src/man/ja/PaxHeaders.13173/sss_ssh_authorizedkeys.1.xml0000644000000000000000000000013212320753573023211 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/sss_ssh_authorizedkeys.1.xml0000664002412700241270000000744512320753573023452 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sss_ssh_authorizedkeys 1 sss_ssh_authorizedkeys OpenSSH 認可キーを取得する sss_ssh_authorizedkeys options USER 概要 sss_ssh_authorizedkeys はユーザー USER の SSH 公開鍵を取得して、 OpenSSH authorized_keys 形式に出力します (詳細は sshd 8AUTHORIZED_KEYS FILE FORMAT セクションを参照してください)。 sshd 8 は、 AuthorizedKeysCommand または PubkeyAgent sshd_config 5 オプションのサポート付きでコンパイルされていると、公開鍵ユーザー認証のために sss_ssh_authorizedkeys を使用するために設定できます。 AuthorizedKeysCommand がサポートされていると、 sshd 8 sshd_config 5 に以下のディレクティブを置くことにより、これを使用するために設定できます: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys PubkeyAgent がサポートされていると、 sshd 8 sshd 8 設定に以下のディレクティブを置くことにより、これを使用するために設定できます: PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u オプション , DOMAIN SSSD ドメイン DOMAIN にあるユーザーの公開鍵を検索します。 終了コード In case of success, an exit value of 0 is returned. Otherwise, 1 is returned. sssd-1.11.5/src/man/ja/PaxHeaders.13173/sss_groupmod.8.xml0000644000000000000000000000013212320753573021125 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/sss_groupmod.8.xml0000664002412700241270000000505012320753573021354 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sss_groupmod 8 sss_groupmod グループを変更します。 sss_groupmod options GROUP 概要 sss_groupmod はコマンドラインにおいて指定された変更を反映するようグループを変更します。 オプション , GROUPS このグループを GROUPS パラメーターにより指定されたグループに追加します。 GROUPS パラメーターはグループ名のカンマ区切り一覧です。 , GROUPS このグループを GROUPS パラメーターにより指定されたグループから削除します。 sssd-1.11.5/src/man/ja/PaxHeaders.13173/sss_usermod.8.xml0000644000000000000000000000013212320753573020747 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/sss_usermod.8.xml0000664002412700241270000001165312320753573021204 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sss_usermod 8 sss_usermod ユーザーアカウントを修正します sss_usermod options LOGIN 概要 sss_usermod は、コマンドラインにおいて指定された変更を反映するために、 LOGIN により指定されたアカウントを変更します。 オプション , COMMENT ユーザーを説明している任意のテキスト文字列です。しばしばユーザーの完全名の項目として使用されます。 , HOME_DIR ユーザーアカウントのホームディレクトリーです。 , SHELL ユーザーのログインシェルです。 , GROUPS このユーザーを GROUPS パラメーターにより指定されたグループに追加します。 GROUPS パラメーターはグループ名のカンマ区切り一覧です。 , GROUPS GROUPS , ユーザーアカウントをロックします。ユーザーはログインできなくなります。 , ユーザーアカウントのロックを解除します。 , SELINUX_USER ユーザーのログインのための SELinux ユーザーです。 sssd-1.11.5/src/man/ja/PaxHeaders.13173/sssd-simple.5.xml0000644000000000000000000000013212320753573020641 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/sssd-simple.5.xml0000664002412700241270000001340112320753573021067 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sssd-simple 5 ファイル形式および変換 sssd-simple SSSD の 'simple' アクセス制御プロバイダーの設定ファイルです。 概要 このマニュアルは sssd 8 に対して簡単なアクセス制御の設定を説明しています。詳細は sssd.conf 5 マニュアルページの ファイル形式 セクションを参照してください。 シンプルアクセスプロバイダーは、ユーザー名またはグループ名のアクセスまたは拒否の一覧に基づいてアクセスを許可または拒否します。以下の例を適用します: すべての一覧が空白ならば、アクセスが認められます 何らかの一覧が提供されていると、許可(allow)、拒否(deny)の順に評価されます。拒否ルールに一致するすべてのものは、許可ルールに一致するすべてのものを更新することを意味します。 "allow" 一覧が提供されていると、すべてのユーザーはこの一覧に表れなければ拒否されます。 "deny" 一覧のみが提供されていると、ユーザーがこの一覧に表れない限り、すべてのユーザーがアクセスを許可されます。 設定オプション SSSD ドメインの設定に関する詳細は sssd.conf 5 マニュアルページの ドメインセクション のセクションを参照してください。 simple_allow_users (文字列) ログインが許可されたユーザーのカンマ区切り一覧です。 simple_deny_users (文字列) アクセスが明示的に拒否されたユーザーのカンマ区切り一覧です。 simple_allow_groups (文字列) ログインが許可されたグループのカンマ区切り一覧です。この SSSD ドメインの中のグループのみに適用されます。ローカルグループは評価されません。 simple_deny_groups (文字列) アクセスが明示的に拒否されたグループのカンマ区切り一覧です。この SSSD ドメインの中のグループのみに適用されます。ローカルグループは評価されません。 Specifying no values for any of the lists is equivalent to skipping it entirely. Beware of this while generating parameters for the simple provider using automated scripts. simple_allow_users と simple_deny_users がどちらも定義されると、設定エラーになることに注意してください。 以下の例は、SSSD が正しく設定され、example.com が [sssd] セクションにあるドメインの 1 つであると仮定します。この例はアクセスプロバイダー固有の簡単なオプションのみを示します。 [domain/example.com] access_provider = simple simple_allow_users = user1, user2 sssd-1.11.5/src/man/ja/PaxHeaders.13173/sss_obfuscate.8.xml0000644000000000000000000000013212320753573021244 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/sss_obfuscate.8.xml0000664002412700241270000000756312320753573021506 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sss_obfuscate 8 sss_obfuscate 平文パスワードをわかりにくくする sss_obfuscate options [PASSWORD] 概要 sss_obfuscate は、与えられたパスワードを人間が読みにくい形式に変換して、SSSD 設定ファイルの適切なドメインセクションに置きます。 平文のパスワードは、標準入力から読み込まれます、または対話的に入力されます。解読しにくくされたパスワードが指定された SSSD ドメインの ldap_default_authtok パラメータに置かれます。また ldap_default_authtok_type パラメーターが obfuscated_password に設定されます。これらのパラメーターの詳細は sssd-ldap 5 を参照してください。 パスワードをわかりにくくすることは、攻撃者がパスワードをリバースエンジニアリングできるので 実際にセキュリティの便益 は提供されません。クライアントサイド証明書や GSSAPI のようなより良い認証機構を使用することを 強く 推奨します。 オプション , 解読しにくくするパスワードが標準入力から読み込まれます。 , DOMAIN パスワードに使用する SSSD ドメインです。名前の初期値は default です。 , FILE 位置パラメーターにより指定された設定ファイルを読み込みます。 初期値: /etc/sssd/sssd.conf sssd-1.11.5/src/man/ja/PaxHeaders.13173/include0000644000000000000000000000013212320753573017057 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.534843847 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/include/0000755002412700241270000000000012320753573017361 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000013212320753573023300 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/include/ldap_search_bases.xml0000664002412700241270000000171612320753573023534 0ustar00jhrozekjhrozek00000000000000 オプションのベース DN。この属性の種別に対する LDAP 検索を制限する、検索範囲および LDAP フィルター。 構文: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. 初期値: ldap_search_base の値 Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000013212320753573021766 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/include/param_help.xml0000664002412700241270000000035612320753573022221 0ustar00jhrozekjhrozek00000000000000 , ヘルプメッセージを表示して終了します。 sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/failover.xml0000644000000000000000000000013212320753573021465 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/include/failover.xml0000664002412700241270000000443712320753573021724 0ustar00jhrozekjhrozek00000000000000 フェイルオーバー The failover feature allows back ends to automatically switch to a different server if the current server fails. フェイルオーバーの構文 サーバーの一覧がカンマ区切り一覧として与えられます。カンマの前後で空白はいくつでも許されます。サーバーは性能の順番で一覧化されます。一覧はサーバーをいくつでも含められます。 For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. フェイルオーバーのメカニズム The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other service. If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service. The machine is still considered online and might still be tried for another service. Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded to 30 seconds. If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds. sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000013212320753573022316 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/include/debug_levels.xml0000664002412700241270000000525312320753573022552 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). 現在サポートされるデバッグレベル: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: : 致命的なエラー、重大なエラー、深刻なエラーおよび関数データをログに取得するには 0x0270 を使用します。 : 致命的なエラー、設定値の設定、関数データ、内部制御関数のトレースメッセージをログに取得するには 0x1310 を使用します。 Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000013212320753573021311 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/include/seealso.xml0000664002412700241270000000470412320753573021545 0ustar00jhrozekjhrozek00000000000000 関連項目 sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000013212320753573021516 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/include/upstream.xml0000664002412700241270000000020212320753573021737 0ustar00jhrozekjhrozek00000000000000 SSSD The SSSD upstream - http://fedorahosted.org/sssd sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000013212320753573022476 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/include/param_help_py.xml0000664002412700241270000000035612320753573022731 0ustar00jhrozekjhrozek00000000000000 , ヘルプメッセージを表示して終了します。 sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000013212320753573022723 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/include/autofs_restart.xml0000664002412700241270000000035312320753573023153 0ustar00jhrozekjhrozek00000000000000 Please note that the automounter only reads the master map on startup, so if any autofs-related changes are made to the sssd.conf, you typically also need to restart the automounter daemon after restarting the SSSD. sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000013212320753573022353 xustar000000000000000030 mtime=1396955003.504843869 30 atime=1396955003.504843869 30 ctime=1396955003.504843869 sssd-1.11.5/src/man/ja/include/experimental.xml0000664002412700241270000000023712320753573022604 0ustar00jhrozekjhrozek00000000000000 これは実験的な機能です、何らかの問題を報告するには http://fedorahosted.org/sssd を使用してください。 sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000013212320753573022765 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/include/ldap_id_mapping.xml0000664002412700241270000002310312320753573023213 0ustar00jhrozekjhrozek00000000000000 ID マッピング The ID-mapping feature allows SSSD to act as a client of Active Directory without requiring administrators to extend user attributes to support POSIX attributes for user and group identifiers. NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are ignored. This is to avoid the possibility of conflicts between automatically-assigned and manually-assigned values. If you need to use manually-assigned values, ALL values must be manually-assigned. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. マッピング・アルゴリズム Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object. The SSSD ID-mapping algorithm takes a range of available UIDs and divides it into equally-sized component sections - called "slices"-. Each slice represents the space available to an Active Directory domain. When a user or group entry for a particular domain is encountered for the first time, the SSSD allocates one of the available slices for that domain. In order to make this slice-assignment repeatable on different client machines, we select the slice based on the following algorithm: The SID string is passed through the murmurhash3 algorithm to convert it to a 32-bit hashed value. We then take the modulus of this value with the total number of available slices to pick the slice. NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice). In this situation, it is recommended to either switch to using explicit POSIX attributes in Active Directory (disabling ID-mapping) or configure a default domain to guarantee that at least one is always consistent. See Configuration for details. 設定 最小の設定 ([domain/DOMAINNAME] セクションにおいて): ldap_id_mapping = True ldap_schema = ad The default configuration results in configuring 10,000 slices, each capable of holding up to 200,000 IDs, starting from 10,001 and going up to 2,000,100,000. This should be sufficient for most deployments. 高度な設定 ldap_idmap_range_min (整数) Active Directory ユーザーとグループの SID をマッピングするために使用する POSIX ID の範囲の下限を指定します。 NOTE: This option is different from min_id in that min_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have min_id be less-than or equal to ldap_idmap_range_min 初期値: 200000 ldap_idmap_range_max (整数) Active Directory ユーザーとグループ SID をマッピングするために使用する POSIX ID の範囲の上限を指定します。 NOTE: This option is different from max_id in that max_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have max_id be greater-than or equal to ldap_idmap_range_max 初期値: 2000200000 ldap_idmap_range_size (整数) 各スライスに利用可能な ID 番号を指定します。範囲の大きさが最小値、最大値の中にうまく分けられなければ、できる限り多くの完全なスライスとして作成されます。 初期値: 200000 ldap_idmap_default_domain_sid (文字列) Specify the domain SID of the default domain. This will guarantee that this domain will always be assigned to slice zero in the ID map, bypassing the murmurhash algorithm described above. 初期値: 設定されません ldap_idmap_default_domain (文字列) 初期ドメインの名前を指定します。 初期値: 設定されません ldap_idmap_autorid_compat (論理値) winbind の idmap_autorid アルゴリズムとより同じように振る舞うために ID マッピングのアルゴリズムの振る舞いを変更します。 このオプションが設定されるとき、ドメインはスライス 0 から始まり、各追加ドメインに単原子的に増加するよう割り当てられます。 注記: このアルゴリズムは非決定的です (ユーザーとグループが要求された順番に依存します)。このモードはマシンが実行中の winbind と互換性が必要ならば、少なくとも一つのドメインが一貫してスライス 0 に割り当てられることを保証するために、ldap_idmap_default_domain_sid オプションも使用することが推奨されます。 初期値: 偽 sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000013212320753573026055 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/include/ldap_search_bases_experimental.xml0000664002412700241270000000210312320753573026300 0ustar00jhrozekjhrozek00000000000000 オプションのベース DN。この属性の種別に対する LDAP 検索を制限する、検索範囲および LDAP フィルター。 構文: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. 初期値: ldap_search_base の値 Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000013212320753573023405 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/include/service_discovery.xml0000664002412700241270000000374512320753573023645 0ustar00jhrozekjhrozek00000000000000 サービス探索 The service discovery feature allows back ends to automatically find the appropriate servers to connect to using a special DNS query. This feature is not supported for backup servers. 設定 何もサーバーが指定されていなければ、バックエンドがサーバーを見つけようとするために、サービス探索を自動的に使用します。オプションとして、サーバーの一覧に特別なキーワード _srv_ を挿入することにより、ユーザーが固定サーバーアドレスおよびサービス探索のどちらも使用することを選択できます。これは設定の順番が維持されます。たとえば、ユーザーができる限りサービス探索を使用し、DNS を使用してサーバーを探索できないときに特定のサーバーにフォールバックしたい場合、この機能は有用です。 ドメイン名 詳細は sssd.conf 5 マニュアルページにある dns_discovery_domain パラメーターを参照してください。 プロトコル 問い合わせは通常プロトコルとして _tcp を指定します。その他はそれぞれのオプションの説明にドキュメント化されています。 関連項目 サービス検索メカニズムに関する詳細は RFC 2782 を参照してください。 sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/local.xml0000644000000000000000000000013212320753573020750 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/include/local.xml0000664002412700241270000000135512320753573021203 0ustar00jhrozekjhrozek00000000000000 ローカルドメイン In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd 8 ) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. sssd-1.11.5/src/man/ja/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000013212320753573023204 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/include/override_homedir.xml0000664002412700241270000000330612320753573023435 0ustar00jhrozekjhrozek00000000000000 override_homedir (文字列) ユーザーのホームディレクトリーを上書きします。絶対パスまたはテンプレートを提供できます。テンプレートでは、以下のシーケンスが置換されます: %u ログイン名 %U UID 番号 %d ドメイン名 %f 完全修飾ユーザー名 (user@domain) %o The original home directory retrieved from the identity provider. %% 文字 '%' このオプションはドメインごとに設定できます。 例: override_homedir = /home/%u 初期値: 設定なし (SSSD は LDAP から取得された値を使用します) sssd-1.11.5/src/man/ja/PaxHeaders.13173/sssd.8.xml0000644000000000000000000000013212320753573017355 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/sssd.8.xml0000664002412700241270000001722112320753573017607 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sssd 8 sssd System Security Services Daemon sssd options 概要 SSSD はリモートディレクトリーへのアクセスと認証メカニズムを管理するための一組のデーモンを提供します。システムへの NSS と PAM インターフェースを提供します。また、D-Bus インターフェースのように複数の異なるアカウントソースに接続するための取り外し可能なバックエンドシステムを提供します。クライアント監査、およびFreeIPA のようなプロジェクトに対するポリシーサービスを提供する基礎となります。ローカルユーザーだけでなく拡張ユーザーデータを保存するためのより強靭なデータベースを提供します。 オプション , LEVEL mode 1: デバッグメッセージに日時を追加します 0: デバッグメッセージで日時を無効にします 初期値: 1 mode 1: デバッグメッセージにミリ秒をタイムスタンプに追加します 0: 日時でマイクロ秒を無効にします 初期値: 0 , デバッグ出力を標準エラーの代わりにファイルに送信します。初期状態で、ログファイルは /var/log/sssd に保存され、すべての SSSD サービスとドメインに対して別々のログファイルがあります。 , 起動後にデーモンになります。 , フォアグラウンドで実行して、デーモンになりません。 , 非標準の設定ファイルを指定します。初期値は /etc/sssd/sssd.conf です。設定ファイルの構文とオプションは sssd.conf 5 マニュアルページを参照してください。 バージョン番号を表示して終了します。 シグナル SIGTERM/SIGINT SSSD にすべての子プロセスを穏やかに停止するよう通知して、モニターをシャットダウンします。 SIGHUP SSSD が現在のデバッグファイルディスクリプターに書き込むことを止めて、それらを閉じてから開きなおすよう指示します。これは logrotate のようなプログラムを用いてログローテーションを促進することを意味します。 SIGUSR1 SSSD に 1 分間オフライン操作をシミュレーションするよう指示します。テスト目的のためにほぼ有用です。 SIGUSR2 SSSD に直ちにオンラインになるよう指示します。テスト目的のためにほぼ有用です。 注記 If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO", client applications will not use the fast in memory cache. sssd-1.11.5/src/man/ja/PaxHeaders.13173/sss_groupdel.8.xml0000644000000000000000000000013212320753573021112 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/sss_groupdel.8.xml0000664002412700241270000000300712320753573021341 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sss_groupdel 8 sss_groupdel グループを削除する sss_groupdel options GROUP 概要 sss_groupdel は名前 GROUP により識別されるグループをシステムから削除します。 オプション sssd-1.11.5/src/man/ja/PaxHeaders.13173/sss_useradd.8.xml0000644000000000000000000000013212320753573020720 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/sss_useradd.8.xml0000664002412700241270000001536412320753573021160 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sss_useradd 8 sss_useradd 新しいユーザーを作成する sss_useradd options LOGIN 概要 sss_useradd は、コマンドラインにおいて指定された値とシステムの初期値を使用して、新しいユーザーを作成します。 オプション , UID ユーザーの UID を UID の値を設定します。与えられないと、自動的に選択されます。 , COMMENT ユーザーを説明している任意のテキスト文字列です。しばしばユーザーの完全名の項目として使用されます。 , HOME_DIR ユーザーアカウントのホームディレクトリーです。初期値は /homeLOGIN の名前を追加して、ホームディレクトリーとして使用します。 LOGIN の前につけるベースは sssd.conf において user_defaults/baseDirectory 設定で変更できます。 , SHELL ユーザーのログインシェルです。初期値は現在 /bin/bash です。初期値は sssd.conf において user_defaults/defaultShell で変更できます。 , GROUPS このユーザーがメンバーである既存のユーザーの一覧です。 , ユーザーのホームディレクトリーが存在しなければ、それを作成します。(-k オプションまたは設定ファイルで定義できる)スケルトンディレクトリーにあるファイルとディレクトリーがホームディレクトリーにコピーされます。 , ユーザーのホームディレクトリーを作成しません。設定を上書きします。 , SKELDIR スケルトンディレクトリーです。ホームディレクトリーが sss_useradd により作成されるとき、ユーザーのホームディレクトリーにコピーされるファイルとディレクトリーを含みます。 特殊ファイル (ブロックデバイス、キャラクターデバイス、名前付きパイプおよび UNIX ソケット) はコピーされません。 (または ) オプションが指定されたとき、またはホームディレクトリーの作成が設定において TRUE に設定されている場合のみ、このオプションが有効です。 , SELINUX_USER ユーザーがログインする際の SELinux ユーザーです。未指定の場合、システムの初期値を使います。 sssd-1.11.5/src/man/ja/PaxHeaders.13173/sss_userdel.8.xml0000644000000000000000000000013212320753573020734 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/sss_userdel.8.xml0000664002412700241270000000674712320753573021201 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sss_userdel 8 sss_userdel ユーザーアカウントを削除する sss_userdel options LOGIN 概要 sss_userdel はログイン名 LOGIN により識別されるユーザーをシステムから削除します。 オプション , ユーザーのホームディレクトリーにあるファイルは、それ自身のホームディレクトリーとユーザーのメールスプールとともに削除されます。設定が上書きされます。 , ユーザーのホームディレクトリーにあるファイルは、それ自身のホームディレクトリーとユーザーのメールスプールとともに削除されません。設定が上書きされます。 , このオプションは、指定されたユーザーにより所有されていないものさえ、sss_userdel がユーザーのホームディレクトリーとメールスプールを削除するよう強制します。 , 実際にユーザーを削除する前に、そのプロセスをすべて停止します。 sssd-1.11.5/src/man/ja/PaxHeaders.13173/sssd-ldap.5.xml0000644000000000000000000000013212320753573020270 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/sssd-ldap.5.xml0000664002412700241270000030374212320753573020530 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sssd-ldap 5 ファイル形式および変換 sssd-ldap SSSD の設定ファイル 概要 このマニュアルページは sssd 8 向けの LDAP ドメインの設定を説明しています。詳細な構文については sssd.conf 5 マニュアルページの ファイル形式 セクションを参照してください。 SSSD が複数の LDAP ドメインを使用するよう設定できます。 LDAP バックエンドは id, auth, access および chpass プロバイダーをサポートします。 LDAP サーバーに対して認証したければ、 TLS/SSL または LDAPS のどちらかが必要になります。 sssd は暗号化されないチャネルにおける認証はサポートされません。 LDAP サーバーが識別プロバイダーとしてのみ使用されるならば、暗号化チャネルは必要ありません。アクセスプロバイダーとして LDAP を使用することの詳細は ldap_access_filter 設定オプションを参照してください。 設定オプション SSSD ドメインに適用するすべての全体設定オプションを LDAP ドメインに適用します。完全な詳細は sssd.conf 5 マニュアルページの ドメインセクション を参照してください。 ldap_uri, ldap_backup_uri (文字列) Specifies the comma-separated list of URIs of the LDAP servers to which SSSD should connect in the order of preference. Refer to the FAILOVER section for more information on failover and server redundancy. If neither option is specified, service discovery is enabled. For more information, refer to the SERVICE DISCOVERY section. URI の形式は RFC 2732 に決められている形式と一致しなければいけません: ldap[s]://<host>[:port] IPv6 アドレスを明示するために、<host> を角括弧 [] でくくる必要があります。 例: ldap://[fc00::126:25]:389 ldap_chpass_uri, ldap_chpass_backup_uri (文字列) Specifies the comma-separated list of URIs of the LDAP servers to which SSSD should connect in the order of preference to change the password of a user. Refer to the FAILOVER section for more information on failover and server redundancy. サービス discovery ldap_chpass_dns_service_name を有効にするには、設定する必要があります。 初期値: 空、つまり ldap_uri が使用されます。 ldap_search_base (文字列) LDAP ユーザー操作を実行するために使用される初期ベース DN です。 SSSD 1.7.0 以降、SSSD は次の構文を使用して複数の検索ベースをサポートします: search_base[?scope?[filter][?search_base?scope?[filter]]*] 範囲は "base", "onelevel" または "subtree" のどれかです。 フィルターは http://www.ietf.org/rfc/rfc2254.txt により指定されたような有効な LDAP 検索フィルターである必要があります。 例: ldap_search_base = dc=example,dc=com (which is equivalent to) ldap_search_base = dc=example,dc=com?subtree? ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? Note: It is unsupported to have multiple search bases which reference identically-named objects (for example, groups with the same name in two different search bases). This will lead to unpredictable behavior on client machines. Default: If not set, the value of the defaultNamingContext or namingContexts attribute from the RootDSE of the LDAP server is used. If defaultNamingContext does not exist or has an empty value namingContexts is used. The namingContexts attribute must have a single value with the DN of the search base of the LDAP server to make this work. Multiple values are are not supported. ldap_schema (文字列) Specifies the Schema Type in use on the target LDAP server. Depending on the selected schema, the default attribute names retrieved from the servers may vary. The way that some attributes are handled may also differ. Four schema types are currently supported: rfc2307 rfc2307bis IPA AD The main difference between these schema types is how group memberships are recorded in the server. With rfc2307, group members are listed by name in the memberUid attribute. With rfc2307bis and IPA, group members are listed by DN and stored in the member attribute. The AD schema type sets the attributes to correspond with Active Directory 2008r2 values. 初期値: rfc2307 ldap_default_bind_dn (文字列) LDAP ユーザー操作を実行するために使用される初期バインド DN です。 ldap_default_authtok_type (文字列) 初期バインド DN の認証トークンの形式です。 現在 2 つのメカニズムがサポートされます: password obfuscated_password 初期値: password ldap_default_authtok (文字列) デフォルトのバインド DN の認証トークンです。平文テキストのパスワードのみが現在サポートされます。 ldap_user_object_class (文字列) LDAP にあるユーザーエントリーのオブジェクトクラスです。 初期値: posixAccount ldap_user_name (文字列) ユーザーのログイン名に対応する LDAP の属性です。 初期値: uid ldap_user_uid_number (文字列) ユーザーの ID に対応する LDAP の属性です。 初期値: uidNumber ldap_user_gid_number (文字列) ユーザーのプライマリーグループ ID に対応する LDAP の属性です。 初期値: gidNumber ldap_user_gecos (文字列) ユーザーの gecos 項目に対応する LDAP の属性です。 初期値: gecos ldap_user_home_directory (文字列) ユーザーのホームディレクトリーの名前を含む LDAP の属性です。 初期値: homeDirectory ldap_user_shell (文字列) ユーザーの初期シェルのパスを含む LDAP の属性です。 初期値: loginShell ldap_user_uuid (文字列) LDAP ユーザーオブジェクトの UUID/GUID を含む LDAP 属性です。 初期値: nsUniqueId ldap_user_objectsid (文字列) LDAP ユーザーオブジェクトの objectSID を含む LDAP 属性です。これは通常 ActiveDirectory サーバーに対してのみ必要です。 初期値: ActiveDirectory の objectSid です、他のサーバーに対して設定sれません。 ldap_user_modify_timestamp (文字列) 親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。 初期値: modifyTimestamp ldap_user_shadow_last_change (文字列) ldap_pwd_policy=shadow を使用するとき、このパラメーターは shadow 5 の対応部分(最終パスワード変更日)に対応する LDAP 属性の名前を含みます。 初期値: shadowLastChange ldap_user_shadow_min (文字列) ldap_pwd_policy=shadow を使用するとき、このパラメーターは shadow 5 の対応部分(最小パスワード期限)に対応する LDAP 属性の名前を含みます。 初期値: shadowMin ldap_user_shadow_max (文字列) ldap_pwd_policy=shadow を使用するとき、このパラメーターは shadow 5 の対応部分(最大パスワード期限)に対応する LDAP 属性の名前を含みます。 初期値: shadowMax ldap_user_shadow_warning (文字列) ldap_pwd_policy=shadow を使用するとき、このパラメーターは shadow 5 の対応部分(パスワード警告期間)に対応する LDAP 属性の名前を含みます。 初期値: shadowWarning ldap_user_shadow_inactive (文字列) ldap_pwd_policy=shadow を使用するとき、このパラメーターは shadow 5 の対応部分(パスワード無効期間)に対応する LDAP 属性の名前を含みます。 初期値: shadowInactive ldap_user_shadow_expire (文字列) ldap_pwd_policy=shadow を使用するとき、このパラメーターは shadow 5 の対応部分(アカウント失効日)に対応する LDAP 属性の名前を含みます。 初期値: shadowExpire ldap_user_krb_last_pwd_change (文字列) ldap_pwd_policy=mit_kerberos を使用しているとき、このパラメーターは Kerberos の最終パスワード変更日時を保存する LDAP 属性の名前を含みます。 初期値: krbLastPwdChange ldap_user_krb_password_expiration (文字列) ldap_pwd_policy=mit_kerberos を使用しているとき、このパラメーターは現在のパスワード失効日時を保存する LDAP 属性の名前を含みます。 初期値: krbPasswordExpiration ldap_user_ad_account_expires (文字列) ldap_account_expire_policy=ad を使用するとき、このパラメーターはアカウントの失効日時を保存する LDAP 属性の名前を含みます。 初期値: accountExpires ldap_user_ad_user_account_control (文字列) ldap_account_expire_policy=ad を使用するとき、このパラメーターはユーザーアカウントの制御ビット項目を保存する LDAP 属性の名前を含みます。 初期値: userAccountControl ldap_ns_account_lock (文字列) ldap_account_expire_policy=rhds または同等のものを使用するとき、このパラメーターがアクセスが許可されるかされないかを決定します。 初期値: nsAccountLock ldap_user_nds_login_disabled (文字列) ldap_account_expire_policy=nds を使用するとき、アクセスが許可されるかされないかをこの属性が決定します。 初期値: loginDisabled ldap_user_nds_login_expiration_time (文字列) ldap_account_expire_policy=nds を使用しているとき、この属性はデータアクセスがいつまで許可されるのかを決定します。 初期値: loginDisabled ldap_user_nds_login_allowed_time_map (文字列) ldap_account_expire_policy=nds を使用しているとき、この属性はアクセスが許可されるときの一週間の日の時間を決定します。 初期値: loginAllowedTimeMap ldap_user_principal (文字列) ユーザーの Kerberos User Principal Name (UPN) を含む LDAP 属性です。 初期値: krbPrincipalName ldap_user_ssh_public_key (文字列) ユーザーの SSH 公開鍵を含む LDAP 属性です。 ldap_force_upper_case_realm (論理値) いくつかのディレクトリーサーバー、たとえば Active Directory、は小文字のレルムを転送しません。それにより、認証が失敗します。もし大文字のレルムを使用したい場合、このオプションを 0 以外に設定します。 初期値: false ldap_enumeration_refresh_timeout (整数) SSSD が列挙レコードのキャッシュを更新する前に待つ必要がある秒数を指定します。 初期値: 300 ldap_purge_cache_timeout (整数) 使用していないエントリー(メンバーのいないグループやログインしたことがないユーザーなど)に対してキャッシュを確認して、保存領域を節約するためにそれらを削除する間隔を決めます。 キャッシュ削除操作を無効にする 0 をこのオプションを設定する方法です。 初期値: 10800 (12 時間) ldap_user_fullname (文字列) ユーザーの完全名に対応する LDAP 属性です。 初期値: cn ldap_user_member_of (文字列) ユーザーのグループメンバーを一覧にする LDAP 属性です。 初期値: memberOf ldap_user_authorized_service (文字列) もし access_provider=ldap かつ ldap_access_order=authorized_service ならば、SSSD はアクセス権限を決定するために、ユーザーの LDAP エントリーにある authorizedService 属性を使用します。 明示的な拒否 (!svc) が始めに解決されます。次に SSSD は明示的な許可 (svc) を検索します。最後にすべて許可 (*) を検索します。 Please note that the ldap_access_order configuration option must include authorized_service in order for the ldap_user_authorized_service option to work. 初期値: authorizedService ldap_user_authorized_host (文字列) access_provider=ldap かつ ldap_access_order=host ならば、 SSSD はアクセス権限を決めるために、ユーザーの LDAP エントリーにあるホスト属性の存在を使用します。 明示的な拒否 (!host) がまず解決されます。次に SSSD が明示的な許可 (host) を検索します。最後にすべて許可 (*) が検索されます。 Please note that the ldap_access_order configuration option must include host in order for the ldap_user_authorized_host option to work. 初期値: host ldap_group_object_class (文字列) LDAP にあるグループエントリーのオブジェクトクラスです。 初期値: posixGroup ldap_group_name (文字列) グループ名に対応する LDAP 属性です。 初期値: cn ldap_group_gid_number (文字列) グループの ID に対応する LDAP 属性です。 初期値: gidNumber ldap_group_member (文字列) グループのメンバーの名前を含む LDAP の属性です。 初期値: memberuid (rfc2307) / member (rfc2307bis) ldap_group_uuid (文字列) LDAP グループオブジェクトの UUID/GUID を含む LDAP の属性です。 初期値: nsUniqueId ldap_group_objectsid (文字列) LDAP グループオブジェクトの objectSID を含む LDAP 属性です。これは通常 ActiveDirectory サーバーに対してのみ必要です。 初期値: ActiveDirectory の objectSid です、他のサーバーに対して設定sれません。 ldap_group_modify_timestamp (文字列) 親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。 初期値: modifyTimestamp ldap_group_type (integer) The LDAP attribute that contains an integer value indicating the type of the group and maybe other flags. This attribute is currently only used by the AD provider to determine if a group is a domain local groups and has to be filtered out for trusted domains. Default: groupType in the AD provider, othewise not set ldap_group_nesting_level (整数) ldap_schema が入れ子グループ (例: RFC2307bis) をサポートするスキーマ形式に設定されていると、このオプションが入れ子 SSSD がしたがうレベルを制御します。このオプションは RFC2307 スキーマにおいて効果がありません。 初期値: 2 ldap_groups_use_matching_rule_in_chain This option tells SSSD to take advantage of an Active Directory-specific feature which may speed up group lookup operations on deployments with complex or deep nested groups. In most common cases, it is best to leave this option disabled. It generally only provides a performance increase on very complex nestings. If this option is enabled, SSSD will use it if it detects that the server supports it during initial connection. So "True" here essentially means "auto-detect". Note: This feature is currently known to work only with Active Directory 2008 R1 and later. See MSDN(TM) documentation for more details. 初期値: 偽 ldap_initgroups_use_matching_rule_in_chain This option tells SSSD to take advantage of an Active Directory-specific feature which might speed up initgroups operations (most notably when dealing with complex or deep nested groups). If this option is enabled, SSSD will use it if it detects that the server supports it during initial connection. So "True" here essentially means "auto-detect". Note: This feature is currently known to work only with Active Directory 2008 R1 and later. See MSDN(TM) documentation for more details. 初期値: 偽 ldap_netgroup_object_class (文字列) LDAP にあるネットワークグループエントリーのオブジェクトクラスです。 IPA プロバイダーにおいては ipa_netgroup_object_class が代わりに使用されます。 初期値: nisNetgroup ldap_netgroup_name (文字列) ネットワークグループ名に対応する LDAP 属性です。 IPA プロバイダーにおいては ipa_netgroup_name が代わりに使用されます。 初期値: cn ldap_netgroup_member (文字列) ネットワークグループのメンバーの名前を含む LDAP 属性です。 IPA プロバイダーにおいては ipa_netgroup_member が代わりに使用されます。 初期値: memberNisNetgroup ldap_netgroup_triple (文字列) ネットワークグループの三つ組(ホスト、ユーザー、ドメイン)を含む LDAP 属性です。 このオプションは IPA プロバイダーにおいて利用可能ではありません。 初期値: nisNetgroupTriple ldap_netgroup_uuid (文字列) LDAP ネットワークグループオブジェクトの UUID/GUID を含む LDAP 属性です。 IPA プロバイダーにおいては ipa_netgroup_uuid が代わりに使用されます。 初期値: nsUniqueId ldap_netgroup_modify_timestamp (文字列) 親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。 このオプションは IPA プロバイダーにおいて利用可能ではありません。 初期値: modifyTimestamp ldap_service_object_class (文字列) LDAP にあるサービスエントリーのオブジェクトクラスです。 初期値: ipService ldap_service_name (文字列) サービス属性の名前とそのエイリアスを含む LDAP 属性です。 初期値: cn ldap_service_port (文字列) このサービスにより管理されるポートを含む LDAP 属性です。 初期値: ipServicePort ldap_service_proto (文字列) このサービスにより認識されるプロトコルを含む LDAP 属性です。 初期値: ipServiceProtocol ldap_service_search_base (文字列) ldap_search_timeout (整数) Specifies the timeout (in seconds) that ldap searches are allowed to run before they are cancelled and cached results are returned (and offline mode is entered) 注: このオプションは SSSD の将来のバージョンにおいて変更される可能性があります。特定の種類の検索のために一連のタイムアウトによりある時点に置き換えられるかもしれません。 初期値: 6 ldap_enumeration_search_timeout (整数) Specifies the timeout (in seconds) that ldap searches for user and group enumerations are allowed to run before they are cancelled and cached results are returned (and offline mode is entered) 初期値: 60 ldap_network_timeout (整数) connect 2 に続けて poll 2 / select 2 が未使用を返した後のタイムアウト(秒単位)を指定します。 初期値: 6 ldap_opt_timeout (整数) 同期 LDAP API を呼び出しが未応答の場合に中止された後のタイムアウト(秒単位)を指定します。 初期値: 6 ldap_connection_expire_timeout (整数) Specifies a timeout (in seconds) that a connection to an LDAP server will be maintained. After this time, the connection will be re-established. If used in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. the TGT lifetime) will be used. 初期値: 900 (15 分) ldap_page_size (整数) 1 回の要求で LDAP から取得するレコード数を指定します。いくつかの LDAP サーバーは 1 要求あたりの最大数の制限を強制します。 初期値: 1000 ldap_disable_paging (論理値) LDAP ページング制御を無効にします。LDAP サーバーがその RootDSE において LDAP ページング制御をサポートするが、有効化されていない、もしくは正しく動作しないことを報告する場合に、このオプションが使用されます。 例: サーバーにページング制御モジュールがインストールされているが、RootDSE において有効化されていないと報告され、それを使用できない OpenLDAP サーバーです。 例: 389 DS は単一の接続において同時に 1 つのページ制御のみをサポートします。負荷の高いクライアントにおいては、いくつかの要求が拒否される結果になる可能性があります。 初期値: 偽 ldap_disable_range_retrieval (論理値) Active Directory の範囲の取得を無効化します。 Active Directory limits the number of members to be retrieved in a single lookup using the MaxValRange policy (which defaults to 1500 members). If a group contains more members, the reply would include an AD-specific range extension. This option disables parsing of the range extension, therefore large groups will appear as having no members. 初期値: 偽 ldap_sasl_minssf (整数) When communicating with an LDAP server using SASL, specify the minimum security level necessary to establish the connection. The values of this option are defined by OpenLDAP. Default: Use the system default (usually specified by ldap.conf) ldap_deref_threshold (整数) Specify the number of group members that must be missing from the internal cache in order to trigger a dereference lookup. If less members are missing, they are looked up individually. You can turn off dereference lookups completely by setting the value to 0. A dereference lookup is a means of fetching all group members in a single LDAP call. Different LDAP servers may implement different dereference methods. The currently supported servers are 389/RHDS, OpenLDAP and Active Directory. Note: If any of the search bases specifies a search filter, then the dereference lookup performance enhancement will be disabled regardless of this setting. 初期値: 10 ldap_tls_reqcert (文字列) もしあれば、 TLS セッションにおいてサーバー証明書において実行するためにチェックするものを指定します。以下の値のうち 1 つを指定できます: never = クライアントがすべてのサーバー証明書を要求または確認しません。 allow = サーバー証明書が要求されます。証明書が提供されなければ、セッションが通常通り進められます。不正な証明書が提供されると、それは無視され、セッションが通常通り進められます。 try = サーバー証明書が要求されます。証明書が提供されなければ、セッションが通常通り進められます。不正な証明書が提供されると、セッションが直ちに終了します。 demand = サーバー証明書が要求されます。証明書が提供されなければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。 hard = demand と同じです 初期値: hard ldap_tls_cacert (文字列) Specifies the file that contains certificates for all of the Certificate Authorities that sssd が認識するすべての認証局に対する証明書を含むファイルを指定します。 初期値: OpenLDAP の初期値の使用、一般的に /etc/openldap/ldap.conf にあります ldap_tls_cacertdir (文字列) 個別のファイルに CA 証明書を含むディレクトリーのパスを指定します。一般的にファイル名は '.0' で終わる証明書のハッシュである必要があります。利用可能ならば、cacertdir_rehash は正しい名前を作成するために使用できます。 初期値: OpenLDAP の初期値の使用、一般的に /etc/openldap/ldap.conf にあります ldap_tls_cert (文字列) クライアントのキーに対する証明書を含むファイルを指定します。 初期値: 設定されません ldap_tls_key (文字列) クライアントのキーを含むファイルを指定します。 初期値: 設定されません ldap_tls_cipher_suite (文字列) 利用可能な暗号機能を指定します。これは一般的にコロン区切りの一覧です。形式については ldap.conf 5 を参照してください。 初期値: OpenLDAP の初期値の使用、一般的に /etc/openldap/ldap.conf にあります ldap_id_use_start_tls (論理値) チャネルを保護するために tls も使用する必要がある id_provider 接続を指定します。 初期値: false ldap_id_mapping (論理値) Specifies that SSSD should attempt to map user and group IDs from the ldap_user_objectsid and ldap_group_objectsid attributes instead of relying on ldap_user_uid_number and ldap_group_gid_number. この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。 初期値: false ldap_min_id, ldap_max_id (整数) In contrast to the SID based ID mapping which is used if ldap_id_mapping is set to true the allowed ID range for ldap_user_uid_number and ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id can be set to restrict the allowed range for the IDs which are read directly from the server. Sub-domains can then pick other ranges to map IDs. Default: not set (both options are set to 0) ldap_sasl_mech (文字列) 使用する SASL メカニズムを指定します。現在 GSSAPI のみがテストされサポートされます。 初期値: 設定されません ldap_sasl_authid (文字列) Specify the SASL authorization id to use. When GSSAPI is used, this represents the Kerberos principal used for authentication to the directory. This option can either contain the full principal (for example host/myhost@EXAMPLE.COM) or just the principal name (for example host/myhost). 初期値: host/hostname@REALM ldap_sasl_realm (文字列) Specify the SASL realm to use. When not specified, this option defaults to the value of krb5_realm. If the ldap_sasl_authid contains the realm as well, this option is ignored. 初期値: krb5_realm の値 ldap_sasl_canonicalize (論理値) 真に設定されていると、 LDAP ライブラリーは SASL バインド中にホスト名を正規化するために逆引きを実行します。 初期値: false; ldap_krb5_keytab (文字列) SASL/GSSAPI を使用するときに使用するキーテーブルを指定します。 初期値: システムのキーテーブル、通常 /etc/krb5.keytab ldap_krb5_init_creds (論理値) Kerberos クレディンシャル (TGT) を初期化する id_provider を指定します。この操作は、 SASL が使用され、選択されたメカニズムが GSSAPI である場合のみ実行されます。 初期値: true ldap_krb5_ticket_lifetime (整数) GSSAPI が使用されている場合、TGT の有効期間を秒単位で指定します。 初期値: 86400 (24 時間) krb5_server, krb5_backup_server (文字列) Specifies the comma-separated list of IP addresses or hostnames of the Kerberos servers to which SSSD should connect in the order of preference. For more information on failover and server redundancy, see the FAILOVER section. An optional port number (preceded by a colon) may be appended to the addresses or hostnames. If empty, service discovery is enabled - for more information, refer to the SERVICE DISCOVERY section. KDC または kpasswd サーバーに対してサービス検索を使用するとき、SSSD はまずプロトコルとして _udp を指定する DNS エントリーを検索して、何も見つからなければ _tcp にフォールバックします。 このオプションは以前の SSSD において krb5_kdcip という名前でした。古い名前がしばらく認められる間、ユーザーは代わりに krb5_server を使用するよう設定ファイルを移行することが推奨されます。 krb5_realm (文字列) (SASL/GSSAPI 認証向け) Kerberos レルムを指定します。 初期値: システムの初期値、/etc/krb5.conf 参照。 krb5_canonicalize (論理値) LDAP サーバーに接続するとき、ホストのプリンシパルが正規化されるかどうかを指定します。この機能は MIT Kerberos >= 1.7 で利用可能です。 初期値: false krb5_use_kdcinfo (論理値) Specifies if the SSSD should instruct the Kerberos libraries what realm and which KDCs to use. This option is on by default, if you disable it, you need to configure the Kerberos library using the krb5.conf 5 configuration file. 位置情報プラグインの詳細は sssd_krb5_locator_plugin 8 マニュアルページを参照ください。 初期値: true ldap_pwd_policy (文字列) クライアント側においてパスワード期限切れを評価するためのポリシーを選択します。以下の値が許容されます: none - クライアント側において評価しません。このオプションはサーバー側のパスワードポリシーを無効にできません。 shadow - パスワードが失効したかを評価するために shadow 5 形式の属性を使用します。 mit_kerberos - パスワードが期限切れしているかを決定するために MIT Kerberos により使用される属性を使用します。パスワードが変更されるとき、これらの属性を更新するために chpass_provider=krb5 を使用します。 初期値: none Note: if a password policy is configured on server side, it always takes precedence over policy set with this option. ldap_referrals (論理値) 自動参照追跡が有効化されるかを指定します。 OpenLDAP バージョン 2.4.13 およびそれ以降とともにコンパイルされているとき、 sssd のみが参照追跡をサポートすることに注意してください。 Chasing referrals may incur a performance penalty in environments that use them heavily, a notable example is Microsoft Active Directory. If your setup does not in fact require the use of referrals, setting this option to false might bring a noticeable performance improvement. 初期値: true ldap_dns_service_name (文字列) サービス検索が有効にされているときに使用するサービスの名前を指定します。 初期値: ldap ldap_chpass_dns_service_name (文字列) サービス検索が有効にされているときに、パスワード変更を許可する LDAP サーバーを検索するために使用するサービスの名前を指定します。 初期値: 設定されていません、つまりサービス検索が無効にされています ldap_chpass_update_last_change (論理値) Specifies whether to update the ldap_user_shadow_last_change attribute with days since the Epoch after a password change operation. 初期値: 偽 ldap_access_filter (文字列) If using access_provider = ldap and ldap_access_order = filter (default), this option is mandatory. It specifies an LDAP search filter criteria that must be met for the user to be granted access on this host. If access_provider = ldap, ldap_access_order = filter and this option is not set, it will result in all users being denied access. Use access_provider = permit to change this default behavior. Please note that this filter is applied on the LDAP user entry only. 例: access_provider = ldap ldap_access_filter = (employeeType=admin) This example means that access to this host is restricted to users whose employeeType attribute is set to "admin". この機能に対するオフラインキャッシュは、ユーザーの最終オンラインログインがアクセス権を許可されたかどうかを決めることに制限されます。採集ログインの間にアクセスが許可されていると、オフラインの間にアクセスが許可され続けます。逆もまた同様です。 初期値: 空白 ldap_account_expire_policy (文字列) このオプションを使用すると、アクセス制御属性のクライアント側評価が有効になります。 必ずサーバー側のアクセス制御を使用することが推奨されることに注意してください。つまり、パスワードが正しいときさえ、適切なエラーコードでバインド要求を拒否します。 以下の値が許可されます: shadow: アカウントが失効しているかを決めるために ldap_user_shadow_expire の値を使用します。 ad: use the value of the 32bit field ldap_user_ad_user_account_control and allow access if the second bit is not set. If the attribute is missing access is granted. Also the expiration time of the account is checked. rhds, ipa, 389ds: アクセスが許可されるかされないかを確認するために ldap_ns_account_lock の値を使用します。 nds: アクセスが許可されるかを確認するために the values of ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled および ldap_user_nds_login_expiration_time の値が使用されます。どの値もなければ、アクセスが許可されます。 Please note that the ldap_access_order configuration option must include expire in order for the ldap_account_expire_policy option to work. 初期値: 空白 ldap_access_order (文字列) アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです: filter: ldap_access_filter を使用します expire: ldap_account_expire_policy を使用します authorized_service: アクセス権を決定するために authorizedService 属性を使用します host: アクセス権を決めるために host 属性を使用します 初期値: filter 値が複数使用されていると設定エラーになることに注意してください。 ldap_deref (文字列) 検索を実行するときにどのように参照解決を実行するかを指定します。以下のオプションが許容されます: never: エイリアスが参照解決されません。 searching: エイリアスはベースオブジェクトの下位に参照解決されますが、検索のベースオブジェクトの位置を探すときはされません。 finding: エイリアスは検索のベースオブジェクトの位置を探すときのみ参照解決されます。 always: エイリアスは検索のベースオブジェクトを検索するときも位置を検索するときも参照解決されます。 初期値: 空白(LDAP クライアントライブラリにより never として取り扱われます) ldap_rfc2307_fallback_to_local_users (論理値) Allows to retain local users as members of an LDAP group for servers that use the RFC2307 schema. In some environments where the RFC2307 schema is used, local users are made members of LDAP groups by adding their names to the memberUid attribute. The self-consistency of the domain is compromised when this is done, so SSSD would normally remove the "missing" users from the cached group memberships as soon as nsswitch tries to fetch information about the user via getpw*() or initgroups() calls. This option falls back to checking if local users are referenced, and caches them so that later initgroups() calls will augment the local users with the additional LDAP groups. 初期値: false SUDO オプション ldap_sudorule_object_class (文字列) LDAP にある sudo ルールエントリーのオブジェクトクラスです。 初期値: sudoRole ldap_sudorule_name (文字列) sudo ルール名に対応する LDAP 属性です。 初期値: cn ldap_sudorule_command (文字列) コマンド名に対応する LDAP 属性です。 初期値: sudoCommand ldap_sudorule_host (文字列) ホスト名(またはホスト IP アドレス、ホスト IP ネットワーク、ホストネットワークグループ)に対応する LDAP 属性です。 初期値: sudoHost ldap_sudorule_user (文字列) ユーザー名(または UID、グループ名、ユーザーのネットワークグループ)に対応する LDAP 属性です。 初期値: sudoUser ldap_sudorule_option (文字列) sudo オプションに対応する LDAP 属性です。 初期値: sudoOption ldap_sudorule_runasuser (文字列) コマンドを実行するユーザー名に対応する LDAP 属性です。 初期値: sudoRunAsUser ldap_sudorule_runasgroup (文字列) コマンドを実行するグループ名またはグループの GID に対応する LDAP 属性です。 初期値: sudoRunAsGroup ldap_sudorule_notbefore (文字列) sudo ルールが有効になる開始日時に対応する LDAP 属性です。 初期値: sudoNotBefore ldap_sudorule_notafter (文字列) sudo ルールが有効ではなくなった後に、期限切れとなる日時に対応する LDAP 属性です。 初期値: sudoNotAfter ldap_sudorule_order (文字列) ルールの並び替えインデックスに対応する LDAP 属性です。 初期値: sudoOrder ldap_sudo_full_refresh_interval (整数) How many seconds SSSD will wait between executing a full refresh of sudo rules (which downloads all rules that are stored on the server). 値は ldap_sudo_smart_refresh_interval より大きい必要があります 初期値: 21600 (6 時間) ldap_sudo_smart_refresh_interval (整数) How many seconds SSSD has to wait before executing a smart refresh of sudo rules (which downloads all rules that have USN higher than the highest USN of cached rules). If USN attributes are not supported by the server, the modifyTimestamp attribute is used instead. 初期値: 900 (15 分) ldap_sudo_use_host_filter (論理値) If true, SSSD will download only rules that are applicable to this machine (using the IPv4 or IPv6 host/network addresses and hostnames). 初期値: true ldap_sudo_hostnames (文字列) ルールをフィルターするために使用されるホスト名または完全修飾ドメイン名の空白区切り一覧です。 If this option is empty, SSSD will try to discover the hostname and the fully qualified domain name automatically. ldap_sudo_use_host_filterfalse ならば、このオプションは効果を持ちません。 初期値: 指定なし ldap_sudo_ip (文字列) ルールをフィルターするために使用される、IPv4 または IPv6 ホスト/ネットワークアドレスの空白区切り一覧です。 このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。 ldap_sudo_use_host_filterfalse ならば、このオプションは効果を持ちません。 初期値: 指定なし ldap_sudo_include_netgroups (論理値) If true then SSSD will download every rule that contains a netgroup in sudoHost attribute. ldap_sudo_use_host_filterfalse ならば、このオプションは効果を持ちません。 初期値: true ldap_sudo_include_regexp (論理値) If true then SSSD will download every rule that contains a wildcard in sudoHost attribute. ldap_sudo_use_host_filterfalse ならば、このオプションは効果を持ちません。 初期値: true このマニュアルページは属性名マッピングのみを説明します。 sudo に関連する属性セマンティックの詳細な説明は sudoers.ldap5 を参照してください AUTOFS オプション 初期値は RFC2307 の標準スキーマに対応することに注意してください。 ldap_autofs_map_object_class (文字列) LDAP にある automount マップエントリーのオブジェクトクラスです。 初期値: automountMap ldap_autofs_map_name (文字列) LDAP における automount のマップエントリーの名前です。 初期値: ou ldap_autofs_entry_object_class (文字列) LDAP にある automount マップエントリーのオブジェクトクラスです。 初期値: automountMap ldap_autofs_entry_key (文字列) LDAP にある automount エントリーのキーです。エントリーは一般的にマウントポイントと対応します。 初期値: cn ldap_autofs_entry_value (文字列) LDAP にある automount エントリーのキーです。エントリーは一般的にマウントポイントと対応します。 初期値: automountInformation 高度なオプション これらのオプションは LDAP ドメインによりサポートされますが、注意して使用する必要があります。自分が何をしているかを理解している場合のみ、設定に含めてください。 ldap_netgroup_search_base (文字列) ldap_user_search_base (文字列) ldap_group_search_base (文字列) ldap_user_search_filter (文字列) このオプションは、ユーザー検索を制限する、追加の LDAP 検索フィルター基準を指定します。 このオプションは ldap_user_search_base により使用される構文のほうを選んで廃止されます 初期値: 設定されません 例: ldap_user_search_filter = (loginShell=/bin/tcsh) このフィルターは、ユーザー検索をシェルが /bin/tcsh に設定されているユーザーに制限されます。 ldap_group_search_filter (文字列) このオプションは、グループ検索を制限する、追加の LDAP 検索フィルター基準を指定します。 このオプションは ldap_group_search_base により使用される構文のほうを選んで廃止されます 初期値: 設定されません ldap_sudo_search_base (文字列) ldap_autofs_search_base (文字列) 以下の例は、SSSD が正しく設定され、LDAP が [domains] セクションにあるドメインのどれかに設定されていると仮定しています。 [domain/LDAP] id_provider = ldap auth_provider = ldap ldap_uri = ldap://ldap.mydomain.org ldap_search_base = dc=mydomain,dc=org ldap_tls_reqcert = demand cache_credentials = true 注記 このマニュアルページにある設定オプションのいくつかの説明は、OpenLDAP 2.4 ディストリビューションから ldap.conf 5 マニュアルページに基づいています。 sssd-1.11.5/src/man/ja/PaxHeaders.13173/sssd_krb5_locator_plugin.8.xml0000644000000000000000000000013212320753573023401 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/sssd_krb5_locator_plugin.8.xml0000664002412700241270000000514512320753573023635 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sssd_krb5_locator_plugin 8 sssd_krb5_locator_plugin SSSD の設定ファイル 概要 The Kerberos locator plugin sssd_krb5_locator_plugin is used by the Kerberos provider of sssd 8 to tell the Kerberos libraries what Realm and which KDC to use. Typically this is done in krb5.conf 5 which is always read by the Kerberos libraries. To simplify the configuration the Realm and the KDC can be defined in sssd.conf 5 as described in sssd-krb5 5 sssd 8 は、レルム、および KDC の名前または IP アドレスを、それぞれ SSSD_KRB5_REALM および SSSD_KRB5_KDC の中に置きます。sssd_krb5_locator_plugin が Kerberos ライブラリーにより呼び出されるとき、それがこれらの変数を読み込み、評価し、ライブラリーに返します。 注記 すべての Kerberos 実装がプラグインの使用をサポートしているとは限りません。 sssd_krb5_locator_plugin がシステムにおいて利用可能でなければ、Kerberos の構築を反映するように /etc/krb5.conf を編集する必要があります。 環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッセージが標準エラーに送られます。 sssd-1.11.5/src/man/ja/PaxHeaders.13173/sss_debuglevel.8.xml0000644000000000000000000000013212320753573021407 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/sss_debuglevel.8.xml0000664002412700241270000000442712320753573021645 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sss_debuglevel 8 sss_debuglevel SSSD が実行中にデバッグレベルを変更する sss_debuglevel options NEW_DEBUG_LEVEL 概要 sss_debuglevel は SSSD が実行中に SSSD モニターとプロバイダーのデバッグレベルを NEW_DEBUG_LEVEL に変更します。 オプション , 非標準の設定ファイルを指定します。初期値は /etc/sssd/sssd.conf です。設定ファイルの構文とオプションは sssd.conf 5 マニュアルページを参照してください。 NEW_DEBUG_LEVEL sssd-1.11.5/src/man/ja/PaxHeaders.13173/sss_groupshow.8.xml0000644000000000000000000000013212320753573021326 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/sss_groupshow.8.xml0000664002412700241270000000430512320753573021557 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sss_groupshow 8 sss_groupshow グループのプロパティーを表示します sss_groupshow options GROUP 概要 sss_groupshow はその名前 GROUP により識別されるグループに関する情報を表示します。情報はグループ ID 番号、グループのメンバーおよび親グループを含みます。 オプション , ツリー階層形式で間接的なグループメンバーも表示します。これは親グループの表示にも影響を与えることに注意してください - を指定しないと、直接の親のみが表示されます。 sssd-1.11.5/src/man/ja/PaxHeaders.13173/sss_groupadd.8.xml0000644000000000000000000000013212320753573021076 xustar000000000000000030 mtime=1396955003.505843869 30 atime=1396955003.505843869 30 ctime=1396955003.505843869 sssd-1.11.5/src/man/ja/sss_groupadd.8.xml0000664002412700241270000000410612320753573021326 0ustar00jhrozekjhrozek00000000000000 SSSD マニュアル ページ sss_groupadd 8 sss_groupadd 新しいグループを作成する sss_groupadd options GROUP 概要 sss_groupadd が新しいグループを作成します。これらのグループは POSIX グループと互換性があり、他のグループをメンバーとして含められる追加機能と互換性があります。 オプション , GID グループの GID を GID の値に設定します。与えられないと、自動的に選択されます。 sssd-1.11.5/src/man/PaxHeaders.13173/cs0000644000000000000000000000013012320753573015445 xustar000000000000000029 mtime=1396955003.48984388 30 atime=1396955003.534843847 29 ctime=1396955003.48984388 sssd-1.11.5/src/man/cs/0000775002412700241270000000000012320753573015753 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/cs/PaxHeaders.13173/include0000644000000000000000000000013012320753573017070 xustar000000000000000029 mtime=1396955003.48984388 30 atime=1396955003.534843847 29 ctime=1396955003.48984388 sssd-1.11.5/src/man/cs/include/0000755002412700241270000000000012320753573017374 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000013212320753573023313 xustar000000000000000030 mtime=1396955003.488843881 30 atime=1396955003.488843881 30 ctime=1396955003.488843881 sssd-1.11.5/src/man/cs/include/ldap_search_bases.xml0000664002412700241270000000165112320753573023545 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000013212320753573022001 xustar000000000000000030 mtime=1396955003.488843881 30 atime=1396955003.488843881 30 ctime=1396955003.488843881 sssd-1.11.5/src/man/cs/include/param_help.xml0000664002412700241270000000033112320753573022225 0ustar00jhrozekjhrozek00000000000000 , Zobraz nápovědu a ukonči program. sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/failover.xml0000644000000000000000000000013212320753573021500 xustar000000000000000030 mtime=1396955003.488843881 30 atime=1396955003.488843881 30 ctime=1396955003.488843881 sssd-1.11.5/src/man/cs/include/failover.xml0000664002412700241270000000425312320753573021733 0ustar00jhrozekjhrozek00000000000000 FAILOVER The failover feature allows back ends to automatically switch to a different server if the current server fails. Failover Syntax The list of servers is given as a comma-separated list; any number of spaces is allowed around the comma. The servers are listed in order of preference. The list can contain any number of servers. For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. The Failover Mechanism The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other service. If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service. The machine is still considered online and might still be tried for another service. Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded to 30 seconds. If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds. sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000013212320753573022331 xustar000000000000000030 mtime=1396955003.488843881 30 atime=1396955003.488843881 30 ctime=1396955003.488843881 sssd-1.11.5/src/man/cs/include/debug_levels.xml0000664002412700241270000000506612320753573022567 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Currently supported debug levels: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: To log fatal failures, critical failures, serious failures and function data use 0x0270. Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000013212320753573021324 xustar000000000000000030 mtime=1396955003.488843881 30 atime=1396955003.488843881 30 ctime=1396955003.488843881 sssd-1.11.5/src/man/cs/include/seealso.xml0000664002412700241270000000470112320753573021555 0ustar00jhrozekjhrozek00000000000000 VIZ TAKÉ sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000013212320753573021531 xustar000000000000000030 mtime=1396955003.488843881 30 atime=1396955003.488843881 30 ctime=1396955003.488843881 sssd-1.11.5/src/man/cs/include/upstream.xml0000664002412700241270000000020112320753573021751 0ustar00jhrozekjhrozek00000000000000 SSSD Vývojáři SSSD - http://fedorahosted.org/sssd sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000012712320753573022515 xustar000000000000000029 mtime=1396955003.48984388 29 atime=1396955003.48984388 29 ctime=1396955003.48984388 sssd-1.11.5/src/man/cs/include/param_help_py.xml0000664002412700241270000000033112320753573022735 0ustar00jhrozekjhrozek00000000000000 , Zobraz nápovědu a ukonči program. sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000012712320753573022742 xustar000000000000000029 mtime=1396955003.48984388 29 atime=1396955003.48984388 29 ctime=1396955003.48984388 sssd-1.11.5/src/man/cs/include/autofs_restart.xml0000664002412700241270000000035312320753573023166 0ustar00jhrozekjhrozek00000000000000 Please note that the automounter only reads the master map on startup, so if any autofs-related changes are made to the sssd.conf, you typically also need to restart the automounter daemon after restarting the SSSD. sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000012712320753573022372 xustar000000000000000029 mtime=1396955003.48984388 29 atime=1396955003.48984388 29 ctime=1396955003.48984388 sssd-1.11.5/src/man/cs/include/experimental.xml0000664002412700241270000000016712320753573022621 0ustar00jhrozekjhrozek00000000000000 This is an experimental feature, please use http://fedorahosted.org/sssd to report any issues. sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000012712320753573023004 xustar000000000000000029 mtime=1396955003.48984388 29 atime=1396955003.48984388 29 ctime=1396955003.48984388 sssd-1.11.5/src/man/cs/include/ldap_id_mapping.xml0000664002412700241270000002227712320753573023241 0ustar00jhrozekjhrozek00000000000000 ID MAPPING The ID-mapping feature allows SSSD to act as a client of Active Directory without requiring administrators to extend user attributes to support POSIX attributes for user and group identifiers. NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are ignored. This is to avoid the possibility of conflicts between automatically-assigned and manually-assigned values. If you need to use manually-assigned values, ALL values must be manually-assigned. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Mapping Algorithm Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object. The SSSD ID-mapping algorithm takes a range of available UIDs and divides it into equally-sized component sections - called "slices"-. Each slice represents the space available to an Active Directory domain. When a user or group entry for a particular domain is encountered for the first time, the SSSD allocates one of the available slices for that domain. In order to make this slice-assignment repeatable on different client machines, we select the slice based on the following algorithm: The SID string is passed through the murmurhash3 algorithm to convert it to a 32-bit hashed value. We then take the modulus of this value with the total number of available slices to pick the slice. NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice). In this situation, it is recommended to either switch to using explicit POSIX attributes in Active Directory (disabling ID-mapping) or configure a default domain to guarantee that at least one is always consistent. See Configuration for details. Configuration Minimum configuration (in the [domain/DOMAINNAME] section): ldap_id_mapping = True ldap_schema = ad The default configuration results in configuring 10,000 slices, each capable of holding up to 200,000 IDs, starting from 10,001 and going up to 2,000,100,000. This should be sufficient for most deployments. Advanced Configuration ldap_idmap_range_min (integer) Specifies the lower bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from min_id in that min_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have min_id be less-than or equal to ldap_idmap_range_min Default: 200000 ldap_idmap_range_max (integer) Specifies the upper bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from max_id in that max_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have max_id be greater-than or equal to ldap_idmap_range_max Default: 2000200000 ldap_idmap_range_size (integer) Specifies the number of IDs available for each slice. If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can. Default: 200000 ldap_idmap_default_domain_sid (string) Specify the domain SID of the default domain. This will guarantee that this domain will always be assigned to slice zero in the ID map, bypassing the murmurhash algorithm described above. Default: not set ldap_idmap_default_domain (string) Specify the name of the default domain. Default: not set ldap_idmap_autorid_compat (boolean) Changes the behavior of the ID-mapping algorithm to behave more similarly to winbind's idmap_autorid algorithm. When this option is configured, domains will be allocated starting with slice zero and increasing monatomically with each additional domain. NOTE: This algorithm is non-deterministic (it depends on the order that users and groups are requested). If this mode is required for compatibility with machines running winbind, it is recommended to also use the ldap_idmap_default_domain_sid option to guarantee that at least one domain is consistently allocated to slice zero. Default: False sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000012712320753573026074 xustar000000000000000029 mtime=1396955003.48984388 29 atime=1396955003.48984388 29 ctime=1396955003.48984388 sssd-1.11.5/src/man/cs/include/ldap_search_bases_experimental.xml0000664002412700241270000000203612320753573026320 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000012712320753573023424 xustar000000000000000029 mtime=1396955003.48984388 29 atime=1396955003.48984388 29 ctime=1396955003.48984388 sssd-1.11.5/src/man/cs/include/service_discovery.xml0000664002412700241270000000322712320753573023653 0ustar00jhrozekjhrozek00000000000000 SERVICE DISCOVERY The service discovery feature allows back ends to automatically find the appropriate servers to connect to using a special DNS query. This feature is not supported for backup servers. Configuration If no servers are specified, the back end automatically uses service discovery to try to find a server. Optionally, the user may choose to use both fixed server addresses and service discovery by inserting a special keyword, _srv_, in the list of servers. The order of preference is maintained. This feature is useful if, for example, the user prefers to use service discovery whenever possible, and fall back to a specific server when no servers can be discovered using DNS. The domain name Please refer to the dns_discovery_domain parameter in the sssd.conf 5 manual page for more details. The protocol The queries usually specify _tcp as the protocol. Exceptions are documented in respective option description. See Also For more information on the service discovery mechanism, refer to RFC 2782. sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/local.xml0000644000000000000000000000012712320753573020767 xustar000000000000000029 mtime=1396955003.48984388 29 atime=1396955003.48984388 29 ctime=1396955003.48984388 sssd-1.11.5/src/man/cs/include/local.xml0000664002412700241270000000134512320753573021215 0ustar00jhrozekjhrozek00000000000000 THE LOCAL DOMAIN In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd 8 ) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. sssd-1.11.5/src/man/cs/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000012712320753573023223 xustar000000000000000029 mtime=1396955003.48984388 29 atime=1396955003.48984388 29 ctime=1396955003.48984388 sssd-1.11.5/src/man/cs/include/override_homedir.xml0000664002412700241270000000313012320753573023443 0ustar00jhrozekjhrozek00000000000000 override_homedir (string) Override the user's home directory. You can either provide an absolute value or a template. In the template, the following sequences are substituted: %u login name %U UID number %d domain name %f fully qualified user name (user@domain) %o The original home directory retrieved from the identity provider. %% a literal '%' This option can also be set per-domain. example: override_homedir = /home/%u Default: Not set (SSSD will use the value retrieved from LDAP) sssd-1.11.5/src/man/cs/PaxHeaders.13173/sss_groupdel.8.xml0000644000000000000000000000012712320753573021131 xustar000000000000000029 mtime=1396955003.48984388 29 atime=1396955003.48984388 29 ctime=1396955003.48984388 sssd-1.11.5/src/man/cs/sss_groupdel.8.xml0000664002412700241270000000271512320753573021361 0ustar00jhrozekjhrozek00000000000000 Manuálové stránky SSSD sss_groupdel 8 sss_groupdel vymazat skupinu sss_groupdel volby SKUPINA POPIS sss_groupdel odstraní ze systému skupinu určenou jejím jménemSKUPINA. VOLBY sssd-1.11.5/src/man/PaxHeaders.13173/sssd-ipa.5.xml0000644000000000000000000000007412320753107017525 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.613874242 sssd-1.11.5/src/man/sssd-ipa.5.xml0000664002412700241270000010524312320753107017754 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sssd-ipa 5 File Formats and Conventions sssd-ipa the configuration file for SSSD DESCRIPTION This manual page describes the configuration of the IPA provider for sssd 8 . For a detailed syntax reference, refer to the FILE FORMAT section of the sssd.conf 5 manual page. The IPA provider is a back end used to connect to an IPA server. (Refer to the freeipa.org web site for information about IPA servers.) This provider requires that the machine be joined to the IPA domain; configuration is almost entirely self-discovered and obtained directly from the server. The IPA provider accepts the same options used by the sssd-ldap 5 identity provider and the sssd-krb5 5 authentication provider with some exceptions described below. However, it is neither necessary nor recommended to set these options. IPA provider can also be used as an access and chpass provider. As an access provider it uses HBAC (host-based access control) rules. Please refer to freeipa.org for more information about HBAC. No configuration of access provider is required on the client side. The IPA provider will use the PAC responder if the Kerberos tickets of users from trusted realms contain a PAC. To make configuration easier the PAC responder is started automatically if the IPA ID provider is configured. CONFIGURATION OPTIONS Refer to the section DOMAIN SECTIONS of the sssd.conf 5 manual page for details on the configuration of an SSSD domain. ipa_domain (string) Specifies the name of the IPA domain. This is optional. If not provided, the configuration domain name is used. ipa_server, ipa_backup_server (string) The comma-separated list of IP addresses or hostnames of the IPA servers to which SSSD should connect in the order of preference. For more information on failover and server redundancy, see the FAILOVER section. This is optional if autodiscovery is enabled. For more information on service discovery, refer to the SERVICE DISCOVERY section. ipa_hostname (string) Optional. May be set on machines where the hostname(5) does not reflect the fully qualified name used in the IPA domain to identify this host. dyndns_update (boolean) Optional. This option tells SSSD to automatically update the DNS server built into FreeIPA v2 with the IP address of this client. The update is secured using GSS-TSIG. The IP address of the IPA LDAP connection is used for the updates, if it is not otherwise specified by using the dyndns_iface option. NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, the default Kerberos realm must be set properly in /etc/krb5.conf NOTE: While it is still possible to use the old ipa_dyndns_update option, users should migrate to using dyndns_update in their config file. Default: false dyndns_ttl (integer) The TTL to apply to the client DNS record when updating it. If dyndns_update is false this has no effect. This will override the TTL serverside if set by an administrator. NOTE: While it is still possible to use the old ipa_dyndns_ttl option, users should migrate to using dyndns_ttl in their config file. Default: 1200 (seconds) dyndns_iface (string) Optional. Applicable only when dyndns_update is true. Choose the interface whose IP address should be used for dynamic DNS updates. NOTE: While it is still possible to use the old ipa_dyndns_iface option, users should migrate to using dyndns_iface in their config file. Default: Use the IP address of the IPA LDAP connection ipa_enable_dns_sites (boolean) Enables DNS sites - location based service discovery. If true and service discovery (see Service Discovery paragraph at the bottom of the man page) is enabled, then the SSSD will first attempt location based discovery using a query that contains "_location.hostname.example.com" and then fall back to traditional SRV discovery. If the location based discovery succeeds, the IPA servers located with the location based discovery are treated as primary servers and the IPA servers located using the traditional SRV discovery are used as back up servers Default: false dyndns_refresh_interval (integer) How often should the back end perform periodic DNS update in addition to the automatic update performed when the back end goes online. This option is optional and applicable only when dyndns_update is true. Default: 0 (disabled) dyndns_update_ptr (bool) Whether the PTR record should also be explicitly updated when updating the client's DNS records. Applicable only when dyndns_update is true. This option should be False in most IPA deployments as the IPA server generates the PTR records automatically when forward records are changed. Default: False (disabled) dyndns_force_tcp (bool) Whether the nsupdate utility should default to using TCP for communicating with the DNS server. Default: False (let nsupdate choose the protocol) ipa_hbac_search_base (string) Optional. Use the given string as search base for HBAC related objects. Default: Use base DN ipa_host_search_base (string) Optional. Use the given string as search base for host objects. See ldap_search_base for information about configuring multiple search bases. If filter is given in any of search bases and ipa_hbac_support_srchost is set to False, the filter will be ignored. Default: the value of ldap_search_base ipa_selinux_search_base (string) Optional. Use the given string as search base for SELinux user maps. See ldap_search_base for information about configuring multiple search bases. Default: the value of ldap_search_base ipa_subdomains_search_base (string) Optional. Use the given string as search base for trusted domains. See ldap_search_base for information about configuring multiple search bases. Default: the value of cn=trusts,%basedn ipa_master_domain_search_base (string) Optional. Use the given string as search base for master domain object. See ldap_search_base for information about configuring multiple search bases. Default: the value of cn=ad,cn=etc,%basedn krb5_validate (boolean) Verify with the help of krb5_keytab that the TGT obtained has not been spoofed. Default: true Note that this default differs from the traditional Kerberos provider back end. krb5_realm (string) The name of the Kerberos realm. This is optional and defaults to the value of ipa_domain. The name of the Kerberos realm has a special meaning in IPA - it is converted into the base DN to use for performing LDAP operations. krb5_canonicalize (boolean) Specifies if the host and user principal should be canonicalized when connecting to IPA LDAP and also for AS requests. This feature is available with MIT Kerberos >= 1.7 Default: true krb5_use_fast (string) Enables flexible authentication secure tunneling (FAST) for Kerberos pre-authentication. The following options are supported: never use FAST. try to use FAST. If the server does not support FAST, continue the authentication without it. This is equivalent to not setting this option at all. demand to use FAST. The authentication fails if the server does not require fast. Default: try NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If SSSD is used with an older version of MIT Kerberos, using this option is a configuration error. ipa_hbac_refresh (integer) The amount of time between lookups of the HBAC rules against the IPA server. This will reduce the latency and load on the IPA server if there are many access-control requests made in a short period. Default: 5 (seconds) ipa_hbac_selinux (integer) The amount of time between lookups of the SELinux maps against the IPA server. This will reduce the latency and load on the IPA server if there are many user login requests made in a short period. Default: 5 (seconds) ipa_hbac_treat_deny_as (string) This option specifies how to treat the deprecated DENY-type HBAC rules. As of FreeIPA v2.1, DENY rules are no longer supported on the server. All users of FreeIPA will need to migrate their rules to use only the ALLOW rules. The client will support two modes of operation during this transition period: DENY_ALL: If any HBAC DENY rules are detected, all users will be denied access. IGNORE: SSSD will ignore any DENY rules. Be very careful with this option, as it may result in opening unintended access. Default: DENY_ALL ipa_hbac_support_srchost (boolean) If this is set to false, then srchost as given to SSSD by PAM will be ignored. Note that if set to False, this option casuses filters given in ipa_host_search_base to be ignored; Default: false ipa_server_mode (boolean) This option should only be set by the IPA installer. The option denotes that the SSSD is running on IPA server and should perform lookups of users and groups from trusted domains differently. Default: false ipa_automount_location (string) The automounter location this IPA client will be using Default: The location named "default" ipa_netgroup_member_of (string) The LDAP attribute that lists netgroup's memberships. Default: memberOf ipa_netgroup_member_user (string) The LDAP attribute that lists system users and groups that are direct members of the netgroup. Default: memberUser ipa_netgroup_member_host (string) The LDAP attribute that lists hosts and host groups that are direct members of the netgroup. Default: memberHost ipa_netgroup_member_ext_host (string) The LDAP attribute that lists FQDNs of hosts and host groups that are members of the netgroup. Default: externalHost ipa_netgroup_domain (string) The LDAP attribute that contains NIS domain name of the netgroup. Default: nisDomainName ipa_host_object_class (string) The object class of a host entry in LDAP. Default: ipaHost ipa_host_fqdn (string) The LDAP attribute that contains FQDN of the host. Default: fqdn ipa_selinux_usermap_object_class (string) The object class of a host entry in LDAP. Default: ipaHost ipa_selinux_usermap_name (string) The LDAP attribute that contains the name of SELinux usermap. Default: cn ipa_selinux_usermap_member_user (string) The LDAP attribute that contains all users / groups this rule match against. Default: memberUser ipa_selinux_usermap_member_host (string) The LDAP attribute that contains all hosts / hostgroups this rule match against. Default: memberHost ipa_selinux_usermap_see_also (string) The LDAP attribute that contains DN of HBAC rule which can be used for matching instead of memberUser and memberHost Default: seeAlso ipa_selinux_usermap_selinux_user (string) The LDAP attribute that contains SELinux user string itself. Default: ipaSELinuxUser ipa_selinux_usermap_enabled (string) The LDAP attribute that contains whether or not is user map enabled for usage. Default: ipaEnabledFlag ipa_selinux_usermap_user_category (string) The LDAP attribute that contains user category such as 'all'. Default: userCategory ipa_selinux_usermap_host_category (string) The LDAP attribute that contains host category such as 'all'. Default: hostCategory ipa_selinux_usermap_uuid (string) The LDAP attribute that contains unique ID of the user map. Default: ipaUniqueID ipa_host_ssh_public_key (string) The LDAP attribute that contains the host's SSH public keys. Default: ipaSshPubKey SUBDOMAINS PROVIDER The IPA subdomains provider behaves slightly differently if it is configured explicitly or implicitly. If the option 'subdomains_provider = ipa' is found in the domain section of sssd.conf, the IPA subdomains provider is configured explicitly, and all subdomain requests are sent to the IPA server if necessary. If the option 'subdomains_provider' is not set in the domain section of sssd.conf but there is the option 'id_provider = ipa', the IPA subdomains provider is configured implicitly. In this case, if a subdomain request fails and indicates that the server does not support subdomains, i.e. is not configured for trusts, the IPA subdomains provider is disabled. After an hour or after the IPA provider goes online, the subdomains provider is enabled again. EXAMPLE The following example assumes that SSSD is correctly configured and example.com is one of the domains in the [sssd] section. This examples shows only the ipa provider-specific options. [domain/example.com] id_provider = ipa ipa_server = ipaserver.example.com ipa_hostname = myhost.example.com sssd-1.11.5/src/man/PaxHeaders.13173/eu0000644000000000000000000000013212320753573015453 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.534843847 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/0000775002412700241270000000000012320753573015757 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/eu/PaxHeaders.13173/include0000644000000000000000000000013212320753573017076 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.534843847 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/0000755002412700241270000000000012320753573017400 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000013212320753573023317 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/ldap_search_bases.xml0000664002412700241270000000165112320753573023551 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000013212320753573022005 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/param_help.xml0000664002412700241270000000032312320753573022232 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/failover.xml0000644000000000000000000000013212320753573021504 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/failover.xml0000664002412700241270000000425312320753573021737 0ustar00jhrozekjhrozek00000000000000 FAILOVER The failover feature allows back ends to automatically switch to a different server if the current server fails. Failover Syntax The list of servers is given as a comma-separated list; any number of spaces is allowed around the comma. The servers are listed in order of preference. The list can contain any number of servers. For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. The Failover Mechanism The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other service. If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service. The machine is still considered online and might still be tried for another service. Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded to 30 seconds. If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds. sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000013212320753573022335 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/debug_levels.xml0000664002412700241270000000506612320753573022573 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Currently supported debug levels: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: To log fatal failures, critical failures, serious failures and function data use 0x0270. Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000013212320753573021330 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/seealso.xml0000664002412700241270000000470012320753573021560 0ustar00jhrozekjhrozek00000000000000 SEE ALSO sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000013212320753573021535 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/upstream.xml0000664002412700241270000000020212320753573021756 0ustar00jhrozekjhrozek00000000000000 SSSD The SSSD upstream - http://fedorahosted.org/sssd sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000013212320753573022515 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/param_help_py.xml0000664002412700241270000000032312320753573022742 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000013212320753573022742 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/autofs_restart.xml0000664002412700241270000000035312320753573023172 0ustar00jhrozekjhrozek00000000000000 Please note that the automounter only reads the master map on startup, so if any autofs-related changes are made to the sssd.conf, you typically also need to restart the automounter daemon after restarting the SSSD. sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000013212320753573022372 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/experimental.xml0000664002412700241270000000016712320753573022625 0ustar00jhrozekjhrozek00000000000000 This is an experimental feature, please use http://fedorahosted.org/sssd to report any issues. sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000013212320753573023004 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/ldap_id_mapping.xml0000664002412700241270000002227712320753573023245 0ustar00jhrozekjhrozek00000000000000 ID MAPPING The ID-mapping feature allows SSSD to act as a client of Active Directory without requiring administrators to extend user attributes to support POSIX attributes for user and group identifiers. NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are ignored. This is to avoid the possibility of conflicts between automatically-assigned and manually-assigned values. If you need to use manually-assigned values, ALL values must be manually-assigned. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Mapping Algorithm Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object. The SSSD ID-mapping algorithm takes a range of available UIDs and divides it into equally-sized component sections - called "slices"-. Each slice represents the space available to an Active Directory domain. When a user or group entry for a particular domain is encountered for the first time, the SSSD allocates one of the available slices for that domain. In order to make this slice-assignment repeatable on different client machines, we select the slice based on the following algorithm: The SID string is passed through the murmurhash3 algorithm to convert it to a 32-bit hashed value. We then take the modulus of this value with the total number of available slices to pick the slice. NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice). In this situation, it is recommended to either switch to using explicit POSIX attributes in Active Directory (disabling ID-mapping) or configure a default domain to guarantee that at least one is always consistent. See Configuration for details. Configuration Minimum configuration (in the [domain/DOMAINNAME] section): ldap_id_mapping = True ldap_schema = ad The default configuration results in configuring 10,000 slices, each capable of holding up to 200,000 IDs, starting from 10,001 and going up to 2,000,100,000. This should be sufficient for most deployments. Advanced Configuration ldap_idmap_range_min (integer) Specifies the lower bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from min_id in that min_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have min_id be less-than or equal to ldap_idmap_range_min Default: 200000 ldap_idmap_range_max (integer) Specifies the upper bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from max_id in that max_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have max_id be greater-than or equal to ldap_idmap_range_max Default: 2000200000 ldap_idmap_range_size (integer) Specifies the number of IDs available for each slice. If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can. Default: 200000 ldap_idmap_default_domain_sid (string) Specify the domain SID of the default domain. This will guarantee that this domain will always be assigned to slice zero in the ID map, bypassing the murmurhash algorithm described above. Default: not set ldap_idmap_default_domain (string) Specify the name of the default domain. Default: not set ldap_idmap_autorid_compat (boolean) Changes the behavior of the ID-mapping algorithm to behave more similarly to winbind's idmap_autorid algorithm. When this option is configured, domains will be allocated starting with slice zero and increasing monatomically with each additional domain. NOTE: This algorithm is non-deterministic (it depends on the order that users and groups are requested). If this mode is required for compatibility with machines running winbind, it is recommended to also use the ldap_idmap_default_domain_sid option to guarantee that at least one domain is consistently allocated to slice zero. Default: False sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000013212320753573026074 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/ldap_search_bases_experimental.xml0000664002412700241270000000203612320753573026324 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000013212320753573023424 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/service_discovery.xml0000664002412700241270000000322712320753573023657 0ustar00jhrozekjhrozek00000000000000 SERVICE DISCOVERY The service discovery feature allows back ends to automatically find the appropriate servers to connect to using a special DNS query. This feature is not supported for backup servers. Configuration If no servers are specified, the back end automatically uses service discovery to try to find a server. Optionally, the user may choose to use both fixed server addresses and service discovery by inserting a special keyword, _srv_, in the list of servers. The order of preference is maintained. This feature is useful if, for example, the user prefers to use service discovery whenever possible, and fall back to a specific server when no servers can be discovered using DNS. The domain name Please refer to the dns_discovery_domain parameter in the sssd.conf 5 manual page for more details. The protocol The queries usually specify _tcp as the protocol. Exceptions are documented in respective option description. See Also For more information on the service discovery mechanism, refer to RFC 2782. sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/local.xml0000644000000000000000000000013212320753573020767 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/local.xml0000664002412700241270000000134512320753573021221 0ustar00jhrozekjhrozek00000000000000 THE LOCAL DOMAIN In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd 8 ) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. sssd-1.11.5/src/man/eu/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000013212320753573023223 xustar000000000000000030 mtime=1396955003.492843878 30 atime=1396955003.492843878 30 ctime=1396955003.492843878 sssd-1.11.5/src/man/eu/include/override_homedir.xml0000664002412700241270000000313012320753573023447 0ustar00jhrozekjhrozek00000000000000 override_homedir (string) Override the user's home directory. You can either provide an absolute value or a template. In the template, the following sequences are substituted: %u login name %U UID number %d domain name %f fully qualified user name (user@domain) %o The original home directory retrieved from the identity provider. %% a literal '%' This option can also be set per-domain. example: override_homedir = /home/%u Default: Not set (SSSD will use the value retrieved from LDAP) sssd-1.11.5/src/man/PaxHeaders.13173/pam_sss.8.xml0000644000000000000000000000007412320753107017452 xustar000000000000000030 atime=1396954939.256891438 30 ctime=1396954962.607874247 sssd-1.11.5/src/man/pam_sss.8.xml0000664002412700241270000001364212320753107017702 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages SSSD The SSSD upstream - http://fedorahosted.org/sssd pam_sss 8 pam_sss PAM module for SSSD pam_sss.so quiet forward_pass use_first_pass use_authtok retry=N ignore_unknown_user DESCRIPTION pam_sss.so is the PAM interface to the System Security Services daemon (SSSD). Errors and results are logged through syslog(3) with the LOG_AUTHPRIV facility. OPTIONS Suppress log messages for unknown users. If is set the entered password is put on the stack for other PAM modules to use. The argument use_first_pass forces the module to use a previous stacked modules password and will never prompt the user - if no password is available or the password is not appropriate, the user will be denied access. When password changing enforce the module to set the new password to the one provided by a previously stacked password module. If specified the user is asked another N times for a password if authentication fails. Default is 0. Please note that this option might not work as expected if the application calling PAM handles the user dialog on its own. A typical example is sshd with . If this option is specified and the user does not exist, the PAM module will return PAM_IGNORE. This causes the PAM framework to ignore this module. MODULE TYPES PROVIDED All module types (, , and ) are provided. FILES If a password reset by root fails, because the corresponding SSSD provider does not support password resets, an individual message can be displayed. This message can e.g. contain instructions about how to reset a password. The message is read from the file pam_sss_pw_reset_message.LOC where LOC stands for a locale string returned by setlocale3 . If there is no matching file the content of pam_sss_pw_reset_message.txt is displayed. Root must be the owner of the files and only root may have read and write permissions while all other users must have only read permissions. These files are searched in the directory /etc/sssd/customize/DOMAIN_NAME/. If no matching file is present a generic message is displayed. sssd-1.11.5/src/man/PaxHeaders.13173/uk0000644000000000000000000000013212320753573015461 xustar000000000000000030 mtime=1396955003.527843852 30 atime=1396955003.534843847 30 ctime=1396955003.527843852 sssd-1.11.5/src/man/uk/0000775002412700241270000000000012320753573015765 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/uk/PaxHeaders.13173/sssd-ipa.5.xml0000644000000000000000000000013212320753573020146 xustar000000000000000030 mtime=1396955003.525843854 30 atime=1396955003.525843854 30 ctime=1396955003.525843854 sssd-1.11.5/src/man/uk/sssd-ipa.5.xml0000664002412700241270000012211712320753573020401 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sssd-ipa 5 Формати файлів та правила sssd-ipa файл налаштування SSSD ОПИС На цій сторінці довідника описано налаштування засобу керування доступом IPA для sssd 8 . Щоб дізнатися більше про синтаксис налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника sssd.conf 5 . Інструмент надання даних IPA — модуль, який використовується для встановлення з’єднання з сервером IPA. (Інформацію щодо серверів IPA можна знайти на сайті freeipa.org.) Цей інструмент надання доступу потребує включення комп’ютера до домену IPA. Налаштування майже повністю автоматизовано, дані для нього отримуються безпосередньо з сервера. Інструментом надання даних IPA використовуються ті самі параметри, що використовуються надавачем даних профілів sssd-ldap 5 та надавачем даних для розпізнавання sssd-krb5 5 з певними винятками, описаними нижче. Потреби у встановленні або використанні цих параметрів виникнути не повинно. Інструментом надання даних IPA також можна скористатися для перевірки прав доступу та зміни паролів. Для керування доступом використовуються правила HBAC (host-based access control або керування доступом на основі даних щодо вузлів). Докладнішу інформацію щодо HBAC можна отримати на сайті freeipa.org. У налаштуванні керування доступом на боці клієнта немає потреби. Інструмент надання даних IPA використовуватиме відповідач PAC, якщо квитки Kerberos користувачів з довірених областей містять PAC. Для полегшення налаштовування відповідач PAC запускається автоматично, якщо налаштовано інструмент надання даних ідентифікаторів IPA. ПАРАМЕТРИ НАЛАШТУВАННЯ Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки довідника (man) sssd.conf 5 , щоб дізнатися більше про налаштування домену SSSD. ipa_domain (рядок) Визначає назву домену IPA. Є необов’язковим. Якщо не вказано, буде використано назву домену з налаштувань. ipa_server, ipa_backup_server (рядок) Впорядкований за пріоритетом список IP-адрес або назв вузлів, відокремлених комами, серверів IPA, з якими має встановити з’єднання SSSD. Докладніші відомості щодо резервних серверів викладено у розділі «РЕЗЕРВ». Цей список є необов’язковим, якщо увімкнено автоматичне виявлення служб. Докладніші відомості щодо автоматичного виявлення служб наведено у розділі «ПОШУК СЛУЖБ». ipa_hostname (рядок) Необов’язковий. Може бути встановлено на комп’ютерах, де hostname(5) не відповідає повній назві, що використовується доменом IPA для розпізнавання цього вузла. dyndns_update (булеве значення) Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично оновити на сервері DNS, вбудованому до FreeIPA v2, IP-адресу клієнта. Захист оновлення буде забезпечено за допомогою GSS-TSIG. Для оновлення буде використано IP-адресу з’єднання LDAP IPA, якщо не вказано іншу адресу за допомогою параметра «dyndns_iface». ЗАУВАЖЕННЯ: на застарілих системах (зокрема RHEL 5) для надійної роботи у цьому режимі типову область дії Kerberos має бути належним чином визначено у /etc/krb5.conf ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, ipa_dyndns_update, користувачам слід переходити на нову назву, dyndns_update, у файлі налаштувань. Типове значення: false dyndns_ttl (ціле число) TTL, до якого буде застосовано клієнтський запис DNS під час його оновлення. Якщо dyndns_update має значення false, цей параметр буде проігноровано. Перевизначає TTL на боці сервера, якщо встановлено адміністратором. ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, ipa_dyndns_ttl, користувачам слід переходити на нову назву, dyndns_ttl, у файлі налаштувань. Типове значення: 1200 (секунд) dyndns_iface (рядок) Необов’язковий. Застосовний лише тоді, коли dyndns_update має значення true. Визначити інтерфейс, чию адресу IP має бути використано для динамічних оновлень DNS. ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, ipa_dyndns_iface, користувачам слід переходити на нову назву, dyndns_iface, у файлі налаштувань. Типове значення: використовувати IP-адресу з’єднання LDAP IPA ipa_enable_dns_sites (булеве значення) Вмикає сайти DNS — визначення служб на основі адрес. Якщо вказано значення true і увімкнено визначення служб (див. розділ щодо пошуку служб у нижній частині сторінки підручника (man)), SSSD спочатку спробує визначення на основі адрес за допомогою запиту, що містить "_location.hostname.example.com", а потім повертається до традиційного визначення SRV. Якщо визначення на основі адреси буде успішним, сервери IPA, виявлені на основі визначення за адресою, вважатимуться основним серверами, а сервери IPA, виявлені за допомогою традиційного визначення SRV, вважатимуться резервними серверами. Типове значення: false dyndns_refresh_interval (ціле число) Визначає, наскільки часто серверний модуль має виконувати періодичні оновлення DNS на додачу до автоматичного оновлення, яке виконується під час кожного встановлення з’єднання серверного модуля з мережею. Цей параметр не є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true. Типове значення: 0 (вимкнено) dyndns_update_ptr (булеве значення) Визначає, чи слід явним чином оновлювати запис PTR під час оновлення записів DNS клієнта. Застосовується, лише якщо значенням dyndns_update буде true. Значенням цього параметра у більшості розгорнутих систем IPA має бути False, оскільки сервер IPA створює записи PTR автоматично після зміни у записах переспрямовування. Типове значення: False (вимкнено) dyndns_force_tcp (булеве значення) Визначає, чи слід у програмі nsupdate типово використовувати TCP для обміну даними з сервером DNS. Типове значення: False (надати змогу nsupdate вибирати протокол) ipa_hbac_search_base (рядок) Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з HBAC об’єктів. Типове значення: використання базової назви домену ipa_host_search_base (рядок) Необов’язковий. Використати вказаний рядок як основу пошуку об’єктів вузлів. Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про налаштування декількох основ пошуку. Якщо вказано фільтрування за довільною базою пошуку і встановлено значення False для ipa_hbac_support_srchost, фільтр буде проігноровано. Типове значення: значення ldap_search_base ipa_selinux_search_base (рядок) Необов’язковий. Використати вказаний рядок як основу пошуку карт користувачів SELinux. Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про налаштування декількох основ пошуку. Типове значення: значення ldap_search_base ipa_subdomains_search_base (рядок) Необов’язковий. Використати вказаний рядок як основу пошуку надійних доменів. Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про налаштування декількох основ пошуку. Типове значення: значення cn=trusts,%basedn ipa_master_domain_search_base (рядок) Необов’язковий. Використати вказаний рядок як основу пошуку основного об’єкта домену. Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про налаштування декількох основ пошуку. Типове значення: значення виразу cn=ad,cn=etc,%basedn krb5_validate (булеве значення) Перевірити за допомогою krb5_keytab, чи не було підмінено отриманий TGT. Типове значення: true Зауважте, що це типове значення не збігається з типовим значенням засобу модуля Kerberos. krb5_realm (рядок) Назва області дії Kerberos. Є необов’язковою, типовим значенням є значення «ipa_domain». Назва області дії Kerberos має особливе значення у IPA: цю назву буде перетворено у основний DN для виконання дій LDAP. krb5_canonicalize (булеве значення) Визначає, чи слід перетворювати реєстраційний запис вузла і користувача у канонічну форм під час встановлення з’єднання з LDAP IPA, а також для запитів AS. Цю можливість передбачено з версії MIT Kerberos >= 1.7 Типове значення: true krb5_use_fast (рядок) Вмикає безпечне тунелювання для гнучкого розпізнавання (flexible authentication secure tunneling або FAST) для попереднього розпізнавання у Kerberos. Передбачено такі варіанти: never use FAST. try to use FAST. If the server does not support FAST, continue the authentication without it. This is equivalent to not setting this option at all. demand — використовувати FAST. Якщо на сервері не передбачено підтримки FAST, спроба розпізнавання зазнає невдачі. Default: try Зауваження: у SSSD передбачено підтримку FAST лише у разі використання MIT Kerberos версії 1.8 або новішої. Якщо SSSD буде використано зі старішою версією MIT Kerberos і цим параметром, буде повідомлено про помилку у налаштуваннях. ipa_hbac_refresh (ціле число) Проміжок часу між послідовними пошуками правил HBAC щодо сервера IPA. Зміна може зменшити час затримки та навантаження на сервер IPA, якщо протягом короткого періоду часу надходить багато запитів щодо керування доступом. Типове значення: 5 (секунд) ipa_hbac_selinux (ціле число) Проміжок часу між послідовними пошуками у картах SELinux щодо сервера IPA. Зміна може зменшити час затримки та навантаження на сервер IPA, якщо протягом короткого періоду часу надходить багато запитів щодо входу користувача до системи. Типове значення: 5 (секунд) ipa_hbac_treat_deny_as (рядок) За допомогою цього параметра можна визначити спосіб обробки застарілих правил HBAC типу DENY. З версії FreeIPA 2.1 на сервері більше не передбачено підтримки правил DENY. Всім користувачам FreeIPA слід перетворити правила так, щоб у них було використано лише правила ALLOW. На час перехідного періоду передбачено два режими обробки таких правил: DENY_ALL: якщо буде виявлено хоч одне правило HBAC DENY, всім користувачам доступ буде заборонено. IGNORE: SSSD буде ігнорувати всі правила DENY. Будьте дуже обережні з цим варіантом, оскільки він може відкрити доступ до системи небажаним користувачам. Типове значення: DENY_ALL ipa_hbac_support_srchost (булеве значення) Якщо встановлено значення «false», значення srchost, вказане SSSD на основі даних PAM, буде проігноровано. Зауважте, що якщо встановлено значення False, фільтри, вказані за допомогою параметра ipa_host_search_base, буде проігноровано; Типове значення: false ipa_server_mode (булеве значення) This option should only be set by the IPA installer. За допомогою цього параметра можна визначити, чи працює SSSD на сервері IPA і має виконувати пошуки користувачів і груп з довірених доменів окремо. Типове значення: false ipa_automount_location (рядок) Адреса автоматичного монтування, яку буде використовувати цей клієнт IPA Типове значення: адреса з назвою "default" ipa_netgroup_member_of (рядок) Атрибут LDAP зі списком учасників мережевої групи. Типове значення: memberOf ipa_netgroup_member_user (рядок) Атрибут LDAP зі списком користувачів та груп системи, які є безпосередніми учасниками мережевої групи. Типове значення: memberUser ipa_netgroup_member_host (рядок) Атрибут LDAP зі списком вузлів та груп вузлів, які є безпосередніми учасниками мережевої групи. Типове значення: memberHost ipa_netgroup_member_ext_host (рядок) Атрибут LDAP зі списком FQDN вузлів та груп вузлів, які є учасниками мережевої групи. Типове значення: externalHost ipa_netgroup_domain (рядок) Атрибут LDAP, у якому міститься доменна назва NIS мережевої групи (netgroup). Типове значення: nisDomainName ipa_host_object_class (рядок) Клас об’єктів запису вузла у LDAP. Типове значення: ipaHost ipa_host_fqdn (рядок) Атрибут LDAP, що містить FQDN вузла. Типове значення: fqdn ipa_selinux_usermap_object_class (рядок) Клас об’єктів запису вузла у LDAP. Типове значення: ipaHost ipa_selinux_usermap_name (рядок) Атрибут LDAP, що містить назву карти користувачів SELinux. Типове значення: cn ipa_selinux_usermap_member_user (рядок) Атрибут LDAP, що містить список всіх користувачів і груп, яких стосується це правило. Типове значення: memberUser ipa_selinux_usermap_member_host (рядок) Атрибут LDAP, що містить список всіх вузлів і груп вузлів, яких стосується це правило. Типове значення: memberHost ipa_selinux_usermap_see_also (рядок) Атрибут LDAP, що містить назву домену правила HBAC, яким можна користуватися для встановлення відповідності замість memberUser і memberHost. Типове значення: seeAlso ipa_selinux_usermap_selinux_user (рядок) Атрибут LDAP, який містить сам рядок користувача SELinux. Типове значення: ipaSELinuxUser ipa_selinux_usermap_enabled (рядок) Атрибут LDAP, що містить дані щодо того, чи можна користуватися картою користувачів. Типове значення: ipaEnabledFlag ipa_selinux_usermap_user_category (рядок) Атрибут LDAP, що містить категорію користувачів, зокрема 'all'. Типове значення: userCategory ipa_selinux_usermap_host_category (рядок) Атрибут LDAP, що містить категорію вузлів, зокрема 'all'. Типове значення: hostCategory ipa_selinux_usermap_uuid (рядок) Атрибут LDAP, що містить унікальний ідентифікатор карти користувачів. Типове значення: ipaUniqueID ipa_host_ssh_public_key (рядок) Атрибут LDAP, який містить відкриті ключі SSH вузла. Типове значення: ipaSshPubKey СЛУЖБА ПІДДОМЕНІВ Поведінка інструмента надання даних піддоменів IPA залежить від того, у який спосіб його налаштовано: явний чи неявний. Якщо у розділі домену sssd.conf буде знайдено запис параметра «subdomains_provider = ipa», інструмент надання даних піддоменів IPA налаштовано явно, отже всі запити піддоменів надсилатимуться серверу IPA, якщо це потрібно. Якщо у розділі домену sssdconf не встановлено параметр «subdomains_provider», але встановлено параметр «id_provider = ipa», інструмент надання даних піддоменів IPA налаштовано неявним чином. У цьому випадку спроба запиту щодо піддомену зазнає невдачі і вказуватиме на те, що на сервері не передбачено піддоменів, тобто його не налаштовано на довіру, отже інструмент надання даних піддоменів IPA вимкнено. Щойно мине година або відкриється доступ до інструмента надання даних IPA, інструмент надання даних піддоменів буде знову увімкнено. ПРИКЛАД У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, а example.com є одним з доменів у розділі [sssd]. У прикладі продемонстровано лише параметри доступу, специфічні для засобу ipa. [domain/example.com] id_provider = ipa ipa_server = ipaserver.example.com ipa_hostname = myhost.example.com sssd-1.11.5/src/man/uk/PaxHeaders.13173/pam_sss.8.xml0000644000000000000000000000013212320753573020073 xustar000000000000000030 mtime=1396955003.525843854 30 atime=1396955003.525843854 30 ctime=1396955003.525843854 sssd-1.11.5/src/man/uk/pam_sss.8.xml0000664002412700241270000001627312320753573020333 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD SSSD Основна гілка розробки SSSD — http://fedorahosted.org/sssd pam_sss 8 pam_sss модуль PAM для SSSD pam_sss.so quiet forward_pass use_first_pass use_authtok retry=N ignore_unknown_user ОПИС pam_sss.so — інтерфейс PAM до System Security Services daemon (SSSD). Помилки та результати роботи записуються за допомогою syslog(3) до запису LOG_AUTHPRIV. ПАРАМЕТРИ Не показувати у журналі повідомлень для невідомих користувачів. Якщо встановлено значення , введений пароль буде збережено у стосі паролів для використання іншими модулями PAM. Використання аргументу use_first_pass примушує модуль до використання пароля з модулів попереднього рівня. Ніяких запитів до користувача не надсилатиметься, — якщо пароль не буде виявлено або пароль виявиться непридатним, доступ користувачеві буде заборонено. Визначає ситуацію, коли зміна пароля примушує модуль встановлювати новий пароль на основі пароля, наданого попереднім модулем обробки паролів зі стосу модулів. Якщо вказано, користувача запитуватимуть про пароль ще N разів, якщо перший раз розпізнавання зазнає невдачі. Типовим значенням є 0. Будь ласка, зауважте, що цей параметр може працювати не так, як очікується, якщо програма, яка викликає PAM, має власний обробник діалогових вікон взаємодії з користувачем. Типовим прикладом є sshd з . If this option is specified and the user does not exist, the PAM module will return PAM_IGNORE. This causes the PAM framework to ignore this module. ПЕРЕДБАЧЕНІ ТИПИ МОДУЛІВ Передбачено всі типи модулів (, , і ). ФАЙЛИ Якщо спроба скидання пароля від імені адміністративного користувача (root) зазнає невдачі, оскільки у відповідному засобі обробки SSSD не передбачено скидання паролів, може бути показано певне повідомлення. У цьому повідомленні, наприклад, можуть міститися настанови щодо скидання пароля. Текст повідомлення буде прочитано з файла pam_sss_pw_reset_message.LOC, де «LOC» — рядок локалі у форматі, повернутому setlocale3 . Якщо відповідного файла знайдено не буде, буде показано вміст файла pam_sss_pw_reset_message.txt. Власником файлів має бути адміністративний користувач (root). Доступ до запису файлів також повинен мати лише адміністративний користувач. Всім іншим користувачам може бути надано лише право читання файлів. Пошук цих файлів виконуватиметься у каталозі /etc/sssd/customize/НАЗВА_ДОМЕНУ/. Якщо відповідний файл не буде знайдено, буде показано типове повідомлення. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sssd-ad.5.xml0000644000000000000000000000013212320753573017761 xustar000000000000000030 mtime=1396955003.525843854 30 atime=1396955003.525843854 30 ctime=1396955003.525843854 sssd-1.11.5/src/man/uk/sssd-ad.5.xml0000664002412700241270000005041712320753573020217 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sssd-ad 5 Формати файлів та правила sssd-ad файл налаштування SSSD ОПИС На цій сторінці довідника описано налаштування засобу керування доступом AD для sssd 8 . Щоб дізнатися більше про синтаксис налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника sssd.conf 5 . Засіб надання даних AD — це модуль, що використовується для встановлення з’єднання з сервером Active Directory. Цей засіб потребує долучення комп’ютера до домену AD та доступності таблиці ключів. У засобі надання даних AD передбачено підтримку встановлення з’єднання з Active Directory 2008 R2 або пізнішою версією. Робота з попередніми версіями можлива, але не підтримується. The AD provider is able to provide identity information and authentication for entities from trusted domains as well. Currently only trusted domains in the same forest are recognized. Інструментом надання даних AD використовуються ті самі параметри, що використовуються надавачем даних профілів sssd-ldap 5 та надавачем даних для розпізнавання sssd-krb5 5 з певними винятками, описаними нижче. However, it is neither necessary nor recommended to set these options. The AD provider can also be used as an access, chpass and sudo provider. No configuration of the access provider is required on the client side. By default, the AD provider will map UID and GID values from the objectSID parameter in Active Directory. For details on this, see the ID MAPPING section below. If you want to disable ID mapping and instead rely on POSIX attributes defined in Active Directory, you should set ldap_id_mapping = False In order to retrieve users and groups using POSIX attributes from trusted domains, the AD administrator must make sure that the POSIX attributes are replicated to the Global Catalog. Users, groups and other entities served by SSSD are always treated as case-insensitive in the AD provider for compatibility with Active Directory's LDAP implementation. ПАРАМЕТРИ НАЛАШТУВАННЯ Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки довідника (man) sssd.conf 5 , щоб дізнатися більше про налаштування домену SSSD. ad_domain (рядок) Визначає назву домену Active Directory. Є необов’язковим. Якщо не вказано, буде використано назву домену з налаштувань. Для забезпечення належної роботи цей параметр слід вказати у форматі запису малими літерами повної версії назви домену Active Directory. Скорочена назва домену (також відома як назва NetBIOS або проста назва) автоматично визначається засобами SSSD. ad_server, ad_backup_server (рядок) Впорядкований за пріоритетом список назв вузлів, відокремлених комами, серверів AD, з якими має встановити з’єднання SSSD. Докладніші відомості щодо резервних серверів викладено у розділі «РЕЗЕРВ». Цей список є необов’язковим, якщо увімкнено автоматичне виявлення служб. Докладніші відомості щодо автоматичного виявлення служб наведено у розділі «ПОШУК СЛУЖБ». ad_hostname (рядок) Необов’язковий. Може бути встановлено на комп’ютерах, де hostname(5) не відповідає повній назві, що використовується доменом Active Directory для розпізнавання цього вузла. Це поле використовується для визначення основної назви вузла, яка використовуватиметься у таблиці ключів. Ця назва має відповідати назві вузла, для якого випущено таблицю ключів. ad_enable_dns_sites (булеве значення) Вмикає сайти DNS — визначення служб на основі адрес. Якщо вказано значення true і увімкнено визначення служб (див. розділ щодо пошуку служб у нижній частині сторінки підручника (man)), SSSD спочатку спробує визначити сервер Active Directory для встановлення з’єднання на основі використання визначення сайтів Active Directory і повертається до визначення за записами SRV DNS, якщо сайт AD не буде знайдено. Налаштування SRV DNS, зокрема домен пошуку, використовуються також під час визначення сайтів. Типове значення: true ad_access_filter (boolean) This option specifies LDAP access control filter that the user must match in order to be allowed access. Please note that the access_provider option must be explicitly set to ad in order for this option to have an effect. The option also supports specifying different filters per domain or forest. This extended filter would consist of: KEYWORD:NAME:FILTER. The keyword can be either DOM, FOREST or missing. If the keyword equals to DOM or is missing, then NAME specifies the domain or subdomain the filter applies to. If the keyword equals to FOREST, then the filter equals to all domains from the forest specified by NAME. Multiple filters can be separated with the ? character, similarly to how search bases work. The most specific match is always used. For example, if the option specified filter for a domain the user is a member of and a global filter, the per-domain filter would be applied. If there are more matches with the same specification, the first one is used. Приклади: # apply filter on domain called dom1 only: dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com) # apply filter on domain called dom2 only: DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com) # apply filter on forest called EXAMPLE.COM only: FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) Default: Not set ad_enable_gc (boolean) By default, the SSSD connects to the Global Catalog first to retrieve users from trusted domains and uses the LDAP port to retrieve group memberships or as a fallback. Disabling this option makes the SSSD only connect to the LDAP port of the current AD server. Please note that disabling Global Catalog support does not disable retrieving users from trusted domains. The SSSD would connect to the LDAP port of trusted domains instead. However, Global Catalog must be used in order to resolve cross-domain group memberships. Типове значення: true dyndns_update (булеве значення) Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично оновити IP-адресу цього клієнта на сервері DNS Active Directory. Захист оновлення буде забезпечено за допомогою GSS-TSIG. Як наслідок, адміністраторові Active Directory достатньо буде дозволити оновлення безпеки для зони DNS. Для оновлення буде використано IP-адресу з’єднання LDAP AD, якщо цю адресу не було змінено за допомогою параметра «dyndns_iface». ЗАУВАЖЕННЯ: на застарілих системах (зокрема RHEL 5) для надійної роботи у цьому режимі типову область дії Kerberos має бути належним чином визначено у /etc/krb5.conf Типове значення: true dyndns_ttl (ціле число) TTL, до якого буде застосовано клієнтський запис DNS під час його оновлення. Якщо dyndns_update має значення false, цей параметр буде проігноровано. Перевизначає TTL на боці сервера, якщо встановлено адміністратором. Типове значення: 3600 (секунд) dyndns_iface (рядок) Необов’язковий. Застосовний лише тоді, коли dyndns_update має значення true. Визначити інтерфейс, чию адресу IP має бути використано для динамічних оновлень DNS. Типове значення: використовувати IP-адресу з’єднання LDAP AD dyndns_refresh_interval (ціле число) Визначає, наскільки часто серверний модуль має виконувати періодичні оновлення DNS на додачу до автоматичного оновлення, яке виконується під час кожного встановлення з’єднання серверного модуля з мережею. Цей параметр не є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true. Типове значення: 86400 (24 години) dyndns_update_ptr (булеве значення) Визначає, чи слід явним чином оновлювати запис PTR під час оновлення записів DNS клієнта. Застосовується, лише якщо значенням dyndns_update буде true. Типове значення: True dyndns_force_tcp (булеве значення) Визначає, чи слід у програмі nsupdate типово використовувати TCP для обміну даними з сервером DNS. Типове значення: False (надати змогу nsupdate вибирати протокол) krb5_use_enterprise_principal (булеве значення) Визначає, чи слід вважати реєстраційні дані користувача даними промислового рівня. Див. розділ 5 RFC 6806, щоб дізнатися більше про промислові реєстраційні дані. Типове значення: true Зауважте, що це типове значення не збігається з типовим значенням засобу модуля Kerberos. ПРИКЛАД У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, а example.com є одним з доменів у розділі [sssd]. У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD. [domain/EXAMPLE] id_provider = ad auth_provider = ad access_provider = ad chpass_provider = ad ad_server = dc1.example.com ad_hostname = client.example.com ad_domain = example.com ЗАУВАЖЕННЯ Інструмент керування доступом AD перевіряє, чи не завершено строк дії облікового запису. Дає той самий результат, що і ось таке налаштовування інструмента надання даних LDAP: access_provider = ldap ldap_access_order = expire ldap_account_expire_policy = ad Втім, якщо інструмент керування наданням доступу «ad» не налаштовано явно, типовим інструментом надання доступу є «permit». sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_cache.8.xml0000644000000000000000000000013212320753573020361 xustar000000000000000030 mtime=1396955003.525843854 30 atime=1396955003.525843854 30 ctime=1396955003.525843854 sssd-1.11.5/src/man/uk/sss_cache.8.xml0000664002412700241270000001707012320753573020615 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_cache 8 sss_cache виконати спорожнення кешу sss_cache параметри ОПИС sss_cache скасовує визначення записів у кеші SSSD. Дані записів зі скасованими визначеннями буде перезавантажено з сервера у примусовому порядку, щойно відповідний модуль SSSD отримає до них доступ. ПАРАМЕТРИ , Скасувати чинність усіх кешованих записів, окрім правил sudo. , реєстраційні дані Скасувати визначення вказаного користувача. , Скасувати визначення всіх записів. Цей параметр має вищий пріоритет за параметр скасування визначення для будь-якого користувача, якщо такий параметр вказано. , група Скасувати визначення вказаної групи. , Скасувати визначення записів для всіх груп. Цей параметр має вищий пріоритет за параметр скасування визначення для будь-якої групи, якщо такий параметр вказано. , мережева група Скасувати визначення вказаної мережевої групи. , Скасувати визначення всіх записів мережевих груп. Цей параметр має вищий пріоритет за параметр скасування визначення для будь-якої мережевої групи, якщо такий параметр вказано. , служба Скасувати визначення вказаної служби. , Скасувати визначення всіх записів служб. Цей параметр має вищий пріоритет за параметр скасування визначення для будь-якої служби, якщо такий параметр вказано. , карта autofs Скасувати визначення певної карти autofs. , Скасувати визначення всіх записів карт autofs. Цей параметр має вищий пріоритет за параметр скасування визначення для будь-якої карти, якщо такий параметр вказано. , домен Обмежити процедуру скасування визначення лише певним доменом. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sssd-krb5.5.xml0000644000000000000000000000013212320753573020240 xustar000000000000000030 mtime=1396955003.525843854 30 atime=1396955003.525843854 30 ctime=1396955003.525843854 sssd-1.11.5/src/man/uk/sssd-krb5.5.xml0000664002412700241270000007200712320753573020475 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sssd-krb5 5 Формати файлів та правила sssd-krb5 файл налаштування SSSD ОПИС На цій сторінці довідника описано налаштування засобу розпізнавання Kerberos 5 для sssd 8 . Щоб дізнатися більше про синтаксис налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника sssd.conf 5 . Модуль розпізнавання Kerberos 5 містити засоби розпізнавання та зміни паролів. З метою отримання належних результатів його слід використовувати разом з інструментом обробки профілів (наприклад, id_provider = ldap). Деякі з даних, потрібних для роботи модуля розпізнавання Kerberos 5, має бути надано інструментом обробки профілів, серед цих даних Kerberos Principal Name (UPN) або реєстраційне ім’я користувача. У налаштуваннях інструменту обробки профілів має бути запис з визначенням UPN. Докладні настанови щодо визначення такого UPN має бути викладено на сторінці довідника (man) відповідного інструменту обробки профілів. У цьому інструменті керування даними також передбачено можливості керування доступом, засновані на даних з файла .k5login у домашньому каталозі користувача. Докладніші відомості можна отримати з підручника до .k5login5 . Зауважте, що якщо файл .k5login виявиться порожнім, доступ користувачеві буде заборонено. Щоб задіяти можливість керування доступом, додайте рядок «access_provider = krb5» до ваших налаштувань SSSD. У випадку, коли доступу до UPN у модулі профілів не передбачено, sssd побудує UPN у форматі ім’я_користувача@область_krb5. ПАРАМЕТРИ НАЛАШТУВАННЯ Якщо у домені SSSD використано auth-module krb5, має бути використано вказані нижче параметри. Зверніться до сторінки довідника (man) sssd.conf 5 , розділ «РОЗДІЛИ ДОМЕНІВ», щоб дізнатися більше про налаштування домену SSSD. krb5_server, krb5_backup_server (рядок) Визначає список IP-адрес або назв вузлів, відокремлених комами, серверів Kerberos, з якими SSSD має встановлювати з’єднання. Список має бути впорядковано за пріоритетом. Докладніше про резервування та додаткові сервери можна дізнатися з розділу «РЕЗЕРВ». До адрес або назв вузлів може бути додано номер порту (перед номером слід вписати двокрапку). Якщо параметр матиме порожнє значення, буде увімкнено виявлення служб. Докладніше про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ». Під час використання виявлення служб для серверів KDC або kpasswd SSSD спочатку намагається знайти записи DNS, у яких визначається протокол _udp. Використання протоколу _tcp відбувається, лише якщо таких записів не вдасться знайти. У попередніх випусках SSSD цей параметр мав назву «krb5_kdcip». У поточній версії передбачено розпізнавання цієї застарілої назви, але користувачам варто перейти на використання «krb5_server» у файлах налаштувань. krb5_realm (рядок) Назва області Kerberos. Цей параметр є обов’язковим, його неодмінно слід вказати. krb5_kpasswd, krb5_backup_kpasswd (рядок) Якщо службу зміни паролів не запущено на KDC, тут можна визначити альтернативні сервери. До адрес або назв вузлів можна додати номер порту (перед яким слід вписати двокрапку). Додаткові відомості щодо резервних серверів можна знайти у розділі «РЕЗЕРВ». Зауваження: навіть якщо список всіх серверів kpasswd буде вичерпано, модуль не перемкнеться у автономний режим роботи, якщо розпізнавання за KDC залишатиметься можливим. Типове значення: використання KDC krb5_ccachedir (рядок) Directory to store credential caches. All the substitution sequences of krb5_ccname_template can be used here, too, except %d and %P. The directory is created as private and owned by the user, with permissions set to 0700. Типове значення: /tmp krb5_ccname_template (рядок) Location of the user's credential cache. Three credential cache types are currently supported: FILE, DIR and KEYRING:persistent. The cache can be specified either as TYPE:RESIDUAL, or as an absolute path, which implies the FILE type. In the template, the following sequences are substituted: %u ім'я користувача %U ідентифікатор користувача %p назва реєстраційного запису %r назва області %h домашній каталог %d значення krb5ccache_dir %P ідентифікатор процесу клієнтської частини SSSD %% символ відсотків («%») If the template ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe way. When using KEYRING types, the only supported mechanism is KEYRING:persistent:%U, which uses the Linux kernel keyring to store credentials on a per-UID basis. This is also the recommended choice, as it is the most secure and predictable method. The default value for the credential cache name is sourced from the profile stored in the system wide krb5.conf configuration file in the [libdefaults] section. The option name is default_ccache_name. See krb5.conf(5)'s PARAMETER EXPANSION paragraph for additional information on the expansion format defined by krb5.conf. Default: (from libkrb5) krb5_auth_timeout (ціле число) Час очікування, по завершенню якого буде перервано запит щодо розпізнавання або зміни пароля у мережі. Якщо це можливо, обробку запиту щодо розпізнавання буде продовжено у автономному режимі. Типове значення: 6 krb5_validate (булеве значення) Перевірити за допомогою krb5_keytab, чи отриманий TGT не було підмінено. Перевірка записів у таблиці ключів виконується послідовно. Для перевірки використовується перший запис з відповідним значенням області. Якщо не буде знайдено жодного відповідного області запису, буде використано останній запис з таблиці ключів. Цим процесом можна скористатися для перевірки середовищ за допомогою зв’язків довіри між записами областей: достатньо розташувати відповідний запис таблиці ключів на останньому місці або зробити його єдиним записом у файлі таблиці ключів. Типове значення: false krb5_keytab (рядок) Розташування таблиці ключів, якою слід скористатися під час перевірки реєстраційних даних, отриманих від KDC. Типове значення: /etc/krb5.keytab krb5_store_password_if_offline (булівське значення) Зберігати пароль користувача, якщо засіб перевірки перебуває поза мережею, і використовувати його для запитів TGT після встановлення з’єднання з засобом перевірки. Зауваження: ця можливість у поточній версії доступна лише на платформі Linux. Паролі зберігатимуться у форматі звичайного тексту (без шифрування) у сховищі ключів ядра, потенційно до них може отримати доступ адміністративний користувач (root), але йому для цього слід буде подолати деякі перешкоди. Типове значення: false krb5_renewable_lifetime (рядок) Надіслати запит щодо поновлюваного квитка з загальним строком дії, вказаним за допомогою цілого числа, за яким одразу вказано одиницю часу: s — секунди m — хвилини h — години d — дні. Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю s. Зауваження: не можна використовувати одразу декілька одиниць. Якщо вам потрібно встановити строк дії у півтори години, слід вказати «90m», а не «1h30m». Типове значення: не встановлено, тобто TGT не є оновлюваним krb5_lifetime (рядок) Надіслати запит щодо квитка з загальним строком дії, вказаним за допомогою цілого числа, за яким одразу вказано одиницю часу: s — секунди m — хвилини h — години d — дні. Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю s. Зауваження: не можна використовувати одразу декілька одиниць. Якщо вам потрібно встановити строк дії у півтори години, слід вказати «90m», а не «1h30m». Типове значення: не встановлено, тобто типовий строк дії квитка визначатиметься у налаштуваннях KDC. krb5_renew_interval (рядок) Час у секундах між двома послідовними перевірками того, чи слід оновлювати записи TGT. Записи TGT оновлюються після завершення приблизно половини їхнього строку дії, що задається як ціле число з наступним позначенням одиниці часу: s — секунди m — хвилини h — години d — дні. Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю s. Зауваження: не можна використовувати одразу декілька одиниць. Якщо вам потрібно встановити строк дії у півтори години, слід вказати «90m», а не «1h30m». Якщо значення для цього параметра встановлено не буде або буде встановлено значення 0, автоматичного оновлення не відбуватиметься. Типове значення: not set krb5_use_fast (рядок) Вмикає безпечне тунелювання для гнучкого розпізнавання (flexible authentication secure tunneling або FAST) для попереднього розпізнавання у Kerberos. Передбачено такі варіанти: never використовувати FAST, рівнозначний варіанту, за якого значення цього параметра взагалі не задається. try — використовувати FAST. Якщо на сервері не передбачено підтримки FAST, продовжити розпізнавання без FAST. demand — використовувати FAST. Якщо на сервері не передбачено підтримки FAST, спроба розпізнавання зазнає невдачі. Типове значення: не встановлено, тобто FAST не використовується. Зауваження: будь ласка, зауважте, що для використання FAST потрібна таблиця ключів. Зауваження: у SSSD передбачено підтримку FAST лише у разі використання MIT Kerberos версії 1.8 або новішої. Якщо SSSD буде використано зі старішою версією MIT Kerberos і цим параметром, буде повідомлено про помилку у налаштуваннях. krb5_fast_principal (рядок) Визначає реєстраційний запис сервера, який слід використовувати для FAST. krb5_canonicalize (булеве значення) Визначає, чи слід перетворювати реєстраційний запис вузла і користувача у канонічну форму. Цю можливість передбачено з версії MIT Kerberos 1.7. Типове значення: false krb5_use_kdcinfo (булеве значення) Визначає, чи слід SSSD вказувати бібліотекам Kerberos, яку область і які значення KDC слід використовувати. Типово, дію параметра увімкнено. Якщо ви вимкнете його, вам слід налаштувати бібліотеку Kerberos за допомогою файла налаштувань krb5.conf 5 . Див. сторінку підручника (man) sssd_krb5_locator_plugin 8 , щоб дізнатися більше про додаток пошуку. Типове значення: true krb5_use_enterprise_principal (булеве значення) Визначає, чи слід вважати реєстраційні дані користувача даними промислового рівня. Див. розділ 5 RFC 6806, щоб дізнатися більше про промислові реєстраційні дані. Default: false (AD provider: true) ПРИКЛАД У наведеному нижче прикладі припускається, що SSSD налаштовано належним чином, а FOO є одним з доменів у розділі [sssd]. У прикладі продемонстровано лише налаштування розпізнавання аз допомогою Kerberos, там не вказано інструменту обробки профілів. [domain/FOO] auth_provider = krb5 krb5_server = 192.168.1.1 krb5_realm = EXAMPLE.COM sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_ssh_knownhostsproxy.1.xml0000644000000000000000000000013212320753573023503 xustar000000000000000030 mtime=1396955003.525843854 30 atime=1396955003.525843854 30 ctime=1396955003.525843854 sssd-1.11.5/src/man/uk/sss_ssh_knownhostsproxy.1.xml0000664002412700241270000001035112320753573023732 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_ssh_knownhostsproxy 1 sss_ssh_knownhostsproxy отримати ключі вузла OpenSSH sss_ssh_knownhostsproxy параметри ВУЗОЛ КОМАНДА_ПРОКСІ ОПИС sss_ssh_knownhostsproxy отримує відкриті ключі вузла SSH для вузла ВУЗОЛ, зберігає їх до нетипового файла OpenSSH known_hosts (щоб дізнатися більше, ознайомтеся з розділом ФОРМАТ ФАЙЛІВ SSH_KNOWN_HOSTS сторінки підручника (man) sshd 8) за адресою /var/lib/sss/pubconf/known_hosts і встановлює з’єднання з вузлом. Якщо вказано параметр КОМАНДА_ПРОКСІ, замість відкриття сокета для створення з’єднання буде використано відповідну команду. ssh 1 можна налаштувати на використання sss_ssh_knownhostsproxy для розпізнавання вузлів за ключами за допомогою таких інструкцій у налаштуваннях ssh 1: ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts ПАРАМЕТРИ , ПОРТ Використовувати для встановлення з’єднання з вузлом порт ПОРТ. Типовим портом є порт 22. , ДОМЕН Шукати відкриті ключі вузлів у домені SSSD ДОМЕН. СТАН ВИХОДУ У випадку успіху значення стану виходу дорівнює 0. У всіх інших випадках програма повертає 1. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sssd.conf.5.xml0000644000000000000000000000013212320753573020323 xustar000000000000000030 mtime=1396955003.525843854 30 atime=1396955003.525843854 30 ctime=1396955003.525843854 sssd-1.11.5/src/man/uk/sssd.conf.5.xml0000664002412700241270000032645212320753573020566 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sssd.conf 5 Формати файлів та правила sssd.conf файл налаштування SSSD ФОРМАТ ФАЙЛА Файл складено з використанням синтаксичний конструкцій у стилі ini, він складається з розділів і окремих записів параметрів. Розділ починається з рядка назви розділу у квадратних дужках і продовжується до початку нового розділу. Приклад розділу з параметрами, які мають єдине і декілька значень: [розділ] ключ = значення ключ2 = значення2,значення3 Типами даних є рядок (без символів лапок), ціле число і булеве значення (можливі два значення — TRUE і FALSE). Рядок коментаря починається з символу решітки (#) або крапки з комою (;). Підтримки вбудованих коментарів не передбачено. Для всіх розділів передбачено додатковий параметр description. Його призначено лише для позначення розділу. sssd.conf має бути звичайним файлом, власником якого є користувач root. Права на читання та запис до цього файла повинен мати лише користувач root. ОСОБЛИВІ РОЗДІЛИ Розділ [sssd] Окремі функції у SSSD виконуються особливими службами SSSD, які запускаються і зупиняються разом SSSD. Ці служби керуються окремою службою, яку часто називають «монітором». Розділ [sssd] використовується для налаштування монітора та деяких інших важливих параметрів, зокрема доменів профілів. Параметри розділу config_file_version (ціле число) Визначає версію синтаксичних конструкцій файла налаштування. Для версій SSSD 0.6.0 та пізніших слід використовувати версію 2. services Список служб, записи якого відокремлено комами, які слід запускати у разі запуску sssd. Підтримувані служби: nss, pam , sudo , autofs , ssh , pac reconnection_retries (ціле число) Кількість повторних спроб встановлення зв’язку зі службами або їх перезапуску у разі аварійного завершення роботи інструменту надання даних до визнання подальших спроб безнадійними. Типове значення: 3 domains Домен — це база даних, у якій містяться дані щодо користувачів. SSSD може одночасно використовувати декілька доменів. Вам слід вказати принаймні один домен, інакше SSSD просто не запуститься. За допомогою цього параметра можна вказати список доменів, впорядкованих за пріоритетністю під час надсилання до них запитів щодо даних. Назва домену має складатися лише з літер і цифр ASCII, дефісів та знаків підкреслювання. re_expression (рядок) Типовий формальний вираз, який описує спосіб поділу рядка з іменем користувача і доменом на його частини. Для кожного з доменів можна налаштувати окремий формальний вираз. Для деяких з засобів надання ідентифікаторів передбачено типові формальні вирази. Докладніше про ці формальні вирази можна дізнатися з довідки до РОЗДІЛІВ ДОМЕНІВ. full_name_format (рядок) Сумісний з printf 3 формат, який описує спосіб створення повного імені на основі імені користувача та компонентів назви домену. Передбачено використання таких замінників: %1$s ім’я користувача %2$s назва домену у форматі, вказаному у файлі налаштувань SSSD. %3$s проста назва домену. Здебільшого використовується для доменів Active Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA. Для кожного з доменів можна налаштувати окремий рядок формату. Докладніше про ці рядки можна дізнатися з довідки до РОЗДІЛІВ ДОМЕНІВ. try_inotify (булеве значення) SSSD спостерігає за станом resolv.conf для визначення моменту, коли слід оновити дані вбудованого інструменту визначення DNS. Типово, з цією метою використовується inotify. У разі неможливості використання inotify, виконуватиметься опитування resolv.conf кожні п’ять секунд. Зрідка бажано не вдаватися навіть до спроб скористатися inotify. У цих рідкісних випадках слід встановити для цього параметра значення «false». Типове значення: «true» на платформах, де підтримується inotify. «false» на інших платформах. Зауваження: цей параметр ні на що не вплине на платформах, де inotify недоступний. На цих платформах завжди використовуватиметься безпосереднє опитування файла. krb5_rcache_dir (рядок) Каталог у файловій системі, де SSSD має зберігати файли кешу відтворення Kerberos. Цей параметр приймає особливе значення __LIBKRB5_DEFAULTS__, за допомогою якого можна наказати SSSD надати змогу libkrb5 визначити відповідну адресу для кешу відтворення. Типове значення: визначається дистрибутивом та вказується під час збирання. (__LIBKRB5_DEFAULTS__, якщо не вказано) default_domain_suffix (рядок) Цей рядок буде використано як типову назву домену для всіх назв без компонента назви домену. Основним призначенням використання цього рядка є середовища, де основний домен призначено для керування правилами вузлів та всіма користувачами, розташованими на надійному (довіреному) домені. За допомогою цього параметра користувачі можуть входити до системи за допомогою лише імені користувача без додавання до нього назви домену. Будь ласка, зауважте, що якщо цей параметр встановлено, всім користувачам основного домену доведеться використовувати повні імена користувачів, тобто користувач@назва.домену, для входу до системи. Типове значення: not set РОЗДІЛИ СЛУЖБ У цьому розділі описано параметри, якими можна скористатися для налаштування різноманітних служб. Ці параметри має бути зібрано у розділах з назвами [$NAME]. Наприклад, параметри служби NSS зібрано у розділі [nss] Загальні параметри налаштування служб Цими параметрами можна скористатися для налаштування будь-яких служб. debug_level (ціле число) debug_timestamps (булеве значення) Додати часову позначку до діагностичних повідомлень. Типове значення: true debug_microseconds (булеве значення) Додати значення мікросекунд до часової позначки у діагностичних повідомленнях Типове значення: false timeout (ціле число) Проміжок у секундах між циклами роботи цієї служби. Використовується для перевірки працездатності процесу та його змоги відповідати на запити. Типове значення: 10 reconnection_retries (ціле число) Кількість повторних спроб встановлення зв’язку зі службами або їх перезапуску у разі аварійного завершення роботи інструменту надання даних до визнання подальших спроб безнадійними. Типове значення: 3 fd_limit За допомогою цього параметра можна визначити максимальну кількість дескрипторів файлів, які одночасно може бути відкрито цим процесом SSSD. У системах, де SSSD надано можливості CAP_SYS_RESOURCE, цей параметр використовуватиметься незалежно від інших параметрів системи. У системах без цієї можливості, кількість дескрипторів визначатиметься найменшим зі значень цього параметра і обмеженням "hard" у limits.conf. Типове значення: 8192 (або обмеження у limits.conf "hard") client_idle_timeout За допомогою цього параметра можна визначити кількість секунд, протягом яких клієнтська частина SSSD може утримувати дескриптор файла без здійснення за його допомогою обміну даними. Таке обмеження потрібне для того, щоб уникнути вичерпання ресурсів системи. Типове значення: 60 force_timeout (ціле число) Якщо служба не відповідає на перевірки луна-імпульсом (пінгом) (див. параметр timeout), система спочатку надсилає сигнал SIGTERM, яким наказує службі завершити роботу у штатному режимі. Якщо служба не завершить роботу протягом часу, визначено параметром force_timeout у секундах, монітор примусово завершить роботу служби надсиланням сигналу SIGKILL. Типове значення: 60 Параметри налаштування NSS Цими параметрами можна скористатися для налаштування служби Name Service Switch (NSS або перемикання служби визначення назв). enum_cache_timeout (ціле число) Тривалість зберігання переліків (запитів щодо даних всіх користувачів) у кеші nss_sss у секундах Типове значення: 120 entry_cache_nowait_percentage (ціле число) Можна встановити кеш записів для автоматичного оновлення записів у фоновому режимі, якщо запит щодо них надходить у визначений у відсотках від entry_cache_timeout для домену період часу. Наприклад, якщо entry_cache_timeout домену встановлено у значення 30s, а entry_cache_nowait_percentage — у значення 50 (у відсотках), записи, які надійдуть за 15 секунд після останнього оновлення кешу, буде повернуто одразу, але SSSD оновить власний кеш, отже наступні запити очікуватимуть на розблокування після оновлення кешу. Коректними значеннями цього параметра є 0-99. Ці значення відповідають відсоткам entry_cache_timeout для кожного з доменів. З міркувань покращення швидкодії це відсоткове значення ніколи не зменшуватиме час очікування nowait до значення, меншого за 10 секунд. Визначення значення 0 вимкне цю можливість. Типове значення: 50 entry_negative_timeout (ціле число) Визначає кількість секунд, протягом яких nss_sss має кешувати негативні результати пошуку у кеші (тобто запити щодо некоректних записів у базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки. Типове значення: 15 filter_users, filter_groups (рядок) Виключити певних користувачів зі списку отримання даних з бази даних NSS sss. Таке виключення може бути корисним для облікових записів керування системою. Цей параметр також можна встановлювати для кожного з доменів окремо або включити до нього імена користувачів повністю для обмеження списку користувачами лише з певного домену. Типове значення: root filter_users_in_groups (булеве значення) Якщо ви хочете, щоб фільтровані користувачі залишалися учасниками груп, встановіть для цього параметра значення «false». Типове значення: true fallback_homedir (рядок) Встановити типовий шаблон назви домашнього каталогу користувача, якщо цей каталог не вказано явним чином засобом надання даних домену. Можливі варіанти значень для цього параметра збігаються з варіантами значень для параметра override_homedir. приклад: fallback_homedir = /home/%u Типове значення: не встановлено (без замін для невстановлених домашніх каталогів) override_shell (рядок) Override the login shell for all users. This option supersedes any other shell options if it takes effect and can be set either in the [nss] section or per-domain. Типове значення: не встановлено (SSSD використовуватиме значення, отримане від LDAP) allowed_shells (рядок) Обмежити перелік можливих командних оболонок користувачів вказаними. Порядок визначення оболонки є таким: 1. Якщо оболонку вказано у /etc/shells, її буде використано. 2. Якщо оболонку вказано у списку allowed_shells, але її немає у списку /etc/shells, буде використано значення параметра shell_fallback. 3. Якщо оболонку не вказано у списку allowed_shells і її немає у списку /etc/shells, буде використано оболонку nologin. Порожній рядок оболонки буде передано без обробки до libc. Читання /etc/shells виконується лише під час запуску SSSD, тобто у разі встановлення нової оболонки слід перезапустити SSSD. Типове значення: не встановлено. Автоматично використовується оболонка користувача. vetoed_shells (рядок) Замінити всі записи цих оболонок на shell_fallback shell_fallback (рядок) Типова оболонка, яку слід використовувати, якщо дозволеної оболонки у системі не встановлено. Типове значення: /bin/sh default_shell The default shell to use if the provider does not return one during lookup. This option can be specified globally in the [nss] section or per-domain. Типове значення: не встановлено (повернути NULL, якщо оболонку не встановлено і покластися на libc у визначенні потрібного програмі значення, зазвичай /bin/sh) get_domains_timeout (ціле число) Визначає час у секундах, протягом якого список піддоменів вважатиметься чинним. Типове значення: 60 memcache_timeout (ціле число) Визначає час у секундах, протягом якого список піддоменів вважатиметься чинним. Типове значення: 300 Параметри налаштування PAM Цими параметрами можна скористатися для налаштування служби Pluggable Authentication Module (PAM або блокового модуля розпізнавання). offline_credentials_expiration (ціле число) У разі неможливості встановлення з’єднання з сервером розпізнавання визначає тривалість зберігання кешованих входів (у днях з часу останнього успішного входу до системи). Типове значення: 0 (без обмежень) offline_failed_login_attempts (ціле число) У разі неможливості встановлення з’єднання з сервером розпізнавання визначає дозволену кількість спроб входу з визначенням помилкового пароля. Типове значення: 0 (без обмежень) offline_failed_login_delay (ціле число) Час у хвилинах, який має пройти між досягненням значення offline_failed_login_attempts і повторним вмиканням можливості входу до системи. Якщо встановлено значення 0, користувач не зможе пройти розпізнавання у автономному режимі, якщо буде досягнуто значення offline_failed_login_attempts. Лише успішне розпізнавання може знову увімкнути можливість автономного розпізнавання. Типове значення: 5 pam_verbosity (ціле число) Керує типами повідомлень, які буде показано користувачеві під час розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано. У поточній версії sssd передбачено підтримку таких значень: 0: не показувати жодних повідомлень 1: показувати лише важливі повідомлення 2: показувати всі інформаційні повідомлення 3: показувати всі повідомлення та діагностичні дані Типове значення: 1 pam_id_timeout (ціле число) Для кожного з запитів PAM під час роботи SSSD система SSSD зробить спробу негайно оновити кешовані дані щодо профілю користувача з метою переконатися, що розпізнавання виконується на основі найсвіжіших даних. Повний обмін даними сеансу PAM може включати декілька запитів PAM, зокрема для керування обліковими записами та відкриття сеансів. За допомогою цього параметра можна керувати (для окремих клієнтів-програм) тривалістю (у секундах) кешування даних профілю з метою уникнути повторних викликів засобу надання даних профілів. Типове значення: 5 pam_pwd_expiration_warning (ціле число) Показати попередження за вказану кількість днів перед завершенням дії пароля. Будь ласка, зауважте, що сервер обробки має надати дані щодо часу завершення дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати попередження. Якщо встановлено нульове значення, цей фільтр не застосовуватиметься, тобто якщо з сервера обробки надійде попередження щодо завершення строку дії, його буде автоматично показано. Цей параметр може бути перевизначено встановленням параметра pwd_expiration_warning для окремого домену. Типове значення: 0 get_domains_timeout (ціле число) Визначає час у секундах, протягом якого список піддоменів вважатиметься чинним. Типове значення: 60 Параметри налаштування SUDO Цими параметрами можна скористатися для налаштування служби sudo. sudo_timed (булеве значення) Визначає, чи слід обробляти атрибути sudoNotBefore і sudoNotAfter, призначені для визначення часових обмежень для записів sudoers. Типове значення: false Параметри налаштування AUTOFS Цими параметрами можна скористатися для налаштування служби autofs. autofs_negative_timeout (ціле число) Визначає кількість секунд, протягом яких відповідач autofs має кешувати негативні результати пошуку у кеші (тобто запити щодо некоректних записів у базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки. Типове значення: 15 Параметри налаштувань SSH Цими параметрами можна скористатися для налаштування служби SSH. ssh_hash_known_hosts (булеве значення) Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts. Типове значення: true ssh_known_hosts_timeout (ціле число) Кількість секунд, протягом яких запису вузла зберігатиметься у керованому файлі known_hosts після надсилання запиту щодо ключів вузла. Типове значення: 180 Параметри налаштування відповідача PAC Відповідач PAC працює разом з додатком даних уповноваження для sssd_pac_plugin.so зі складу MIT Kerberos та засобу надання даних піддоменів. Цей додаток надсилає до відповідача PAC дані PAC під час розпізнавання за допомогою GSSAPI. Засіб надання даних піддоменів збирає дані щодо діапазонів SID і ID домену, до якого долучено клієнт, та віддалених надійних доменів з локального контролера доменів. Якщо PAC декодовано і визначено, виконуються деякі з таких дій: Якщо у кеші немає даних віддаленого користувача, запис цих даних буде створено. UID буде визначено за допомогою SID, надійні домени матимуть UPG, а gid матиме те саме значення, що і UID. Дані домашнього каталогу буде засновано на значенні параметра subdomain_homedir. Типово, для командної оболонки буде вибрано порожнє значення, тобто використовуватимуться типові параметри системи. Значення для оболонки можна змінити за допомогою параметра default_shell. Якщо існують SID груп з доменів, про які відомо SSSD, запис користувача буде додано до цих груп. Цими параметрами можна скористатися для налаштовування відповідача PAC. allowed_uids (рядок) Визначає список значень UID або імен користувачів, відокремлених комами. Користувачам з цього списку буде дозволено доступ до відповідача PAC. UID за іменами користувачів визначатимуться під час запуску. Типове значення: 0 (доступ до відповідача PAC має лише адміністративний користувач (root)) Будь ласка, зауважте, що хоча типово використовується UID 0, значення UID буде перевизначено на основі цього параметра. Якщо ви хочете надати адміністративному користувачеві (root) доступ до відповідача PAC, що може бути типовим варіантом, вам слід додати до списку UID з правами доступу запис 0. РОЗДІЛИ ДОМЕНІВ Ці параметри налаштування може бути вказано у розділі налаштування домену, тобто у розділі з назвою [domain/НАЗВА] min_id,max_id (ціле значення) Обмеження UID і GID для домену. Якщо у домені міститься запис, що не відповідає цим обмеженням, його буде проігноровано. Для користувачів зміна цього параметра вплине на основне обмеження GID. Запис користувача не буде повернуто до NSS, якщо UID або основний GID не належать вказаному діапазону. Записи користувачів, які не є учасниками основної групи і належать діапазону, буде виведено у звичайному режимі. Ці обмеження на ідентифікатори стосуються і збереження записів до кешу, не лише повернення записів за назвою або ідентифікатором. Типові значення: 1 для min_id, 0 (без обмежень) для max_id enumerate (булеве значення) Визначає, чи можна нумерувати домен. Цей параметр може мати одне з таких значень: TRUE = користувачі і групи нумеруються FALSE = не використовувати нумерацію для цього домену Типове значення: FALSE Зауваження: вмикання нумерації помірно знизить швидкодію SSSD на час виконання нумерації. Нумерація може тривати до декількох хвилин після запуску SSSD. Протягом виконання нумерації окремі запити щодо даних буде надіслано безпосередньо до LDAP, хоча і з уповільненням через навантаження системи виконанням нумерації. Збереження великої кількості записів до кешу після завершення нумерації може також значно навантажити процесор, оскільки повторне визначення параметрів участі також іноді є складним завданням. Під час першого виконання нумерації запити щодо повних списків користувачів та груп можуть не повертати жодних результатів, аж доки нумерацію не буде завершено. Крім того, вмикання нумерації може збільшити час, потрібний для виявлення того, що мережеве з’єднання розірвано, оскільки потрібне буде збільшення часу очікування для забезпечення успішного завершення пошуків нумерації. Щоб отримати додаткову інформацію, зверніться до сторінок довідника (man) відповідного використаного засобу обробки ідентифікаторів (id_provider). З вказаних вище причин не рекомендуємо вам вмикати нумерацію, особливо у об’ємних середовищах. subdomain_enumerate (string) Whether any of autodetected trusted domains should be enumerated. The supported values are: all All discovered trusted domains will be enumerated none No discovered trusted domains will be enumerated Optionally, a list of one or more domain names can enable enumeration just for these trusted domains. Типове значення: none force_timeout (ціле число) Якщо служба не відповідає на перевірки луна-імпульсом (пінгом) (див. параметр timeout), система спочатку надсилає сигнал SIGTERM, яким наказує службі завершити роботу у штатному режимі. Якщо служба не завершить роботу протягом часу, визначено параметром force_timeout у секундах, монітор примусово завершить роботу служби надсиланням сигналу SIGKILL. Типове значення: 60 entry_cache_timeout (ціле число) Кількість секунд, протягом яких nss_sss вважатиме записи чинними, перш ніж надсилати повторний запит до сервера The cache expiration timestamps are stored as attributes of individual objects in the cache. Therefore, changing the cache timeout only has effect for newly added or expired entries. You should run the sss_cache 8 tool in order to force refresh of entries that have already been cached. Типове значення: 5400 entry_cache_user_timeout (ціле число) Кількість секунд, протягом яких nss_sss вважатиме записи користувачів чинними, перш ніж надсилати повторний запит до сервера Типове значення: entry_cache_timeout entry_cache_group_timeout (ціле число) Кількість секунд, протягом яких nss_sss вважатиме записи груп чинними, перш ніж надсилати повторний запит до сервера Типове значення: entry_cache_timeout entry_cache_netgroup_timeout (ціле число) Кількість секунд, протягом яких nss_sss вважатиме записи мережевих груп чинними, перш ніж надсилати повторний запит до сервера Типове значення: entry_cache_timeout entry_cache_service_timeout (ціле число) Кількість секунд, протягом яких nss_sss вважатиме записи служб чинними, перш ніж надсилати повторний запит до сервера Типове значення: entry_cache_timeout entry_cache_sudo_timeout (ціле число) Кількість секунд, протягом яких sudo вважатиме правила чинними, перш ніж надсилати повторний запит до сервера Типове значення: entry_cache_timeout entry_cache_autofs_timeout (ціле число) Кількість секунд, протягом яких служба autofs вважатиме карти автомонтування чинними, перш ніж надсилати повторний запит до сервера Типове значення: entry_cache_timeout refresh_expired_interval (ціле число) Визначає кількість секунд, протягом яких SSSD має очікувати до оновлення застаріших записів. У поточній версії передбачено підтримку оновлення лише застарілих записів мережевих груп. Варто визначити для цього параметра значення 3/4 * entry_cache_timeout. Типове значення: 0 (вимкнено) cache_credentials (булеве значення) Визначає, чи слід також кешувати реєстраційні дані користувача у локальному кеші LDB Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у форматі звичайного тексту Типове значення: FALSE account_cache_expiration (ціле число) Кількість днів, протягом яких записи залишатимуться у кеші після успішного входу до системи до вилучення під час спорожнення кешу. 0 — не вилучати записи. Значення цього параметра має бути більшим або рівним значенню offline_credentials_expiration. Типове значення: 0 (без обмежень) pwd_expiration_warning (ціле число) Показати попередження за вказану кількість днів перед завершенням дії пароля. Якщо встановлено нульове значення, цей фільтр не застосовуватиметься, тобто якщо з сервера обробки надійде попередження щодо завершення строку дії, його буде автоматично показано. Будь ласка, зауважте, що сервер обробки має надати дані щодо часу завершення дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати попередження. Крім того для цього сервера може бути вказано службу надання даних розпізнавання. Типове значення: 7 (Kerberos), 0 (LDAP) id_provider (рядок) Засіб надання даних ідентифікації, який використовується для цього домену. Серед підтримуваних засобів такі: «proxy»: підтримка застарілого модуля надання даних NSS local: вбудований засіб SSSD для локальних користувачів ldap: засіб LDAP. Докладніше про налаштовування LDAP можна дізнатися з довідки до sssd-ldap 5 . ipa: засіб FreeIPA та керування профілями Red Hat Enterprise. Докладніші відомості щодо налаштовування IPA викладено у довіднику з sssd-ipa . ad: засіб Active Directory. Докладніші відомості щодо налаштовування Active Directory викладено у довіднику з sssd-ad 5 . use_fully_qualified_names (булеве значення) Використовувати ім’я та домен повністю (у форматі, визначеному full_name_format домену) як ім’я користувача у системі, що повідомляється NSS. Якщо встановлено значення TRUE, всі запити до цього домену мають використовувати повні назви. Наприклад, якщо використано домен LOCAL, який містить запис користувача «test» user, getent passwd test не покаже користувача, а getent passwd test@LOCAL покаже. NOTE: This option has no effect on netgroup lookups due to their tendency to include nested netgroups without qualified names. For netgroups, all domains will be searched when an unqualified name is requested. Типове значення: FALSE ignore_group_members (булеве значення) Не повертати записи учасників груп для пошуків груп. Якщо встановлено значення TRUE, сервер LDAP не запитуватиме дані щодо атрибутів участі у групах, а списки учасників груп не повертаються під час обробки запитів щодо пошуку груп. Типове значення: FALSE auth_provider (рядок) Служба розпізнавання, яку використано для цього домену. Серед підтримуваних служб розпізнавання: ldap — вбудоване розпізнавання LDAP. Докладніші відомості щодо налаштовування LDAP викладено у довіднику з sssd-ldap 5 . krb5 — вбудоване розпізнавання Kerberos. Докладніші відомості щодо налаштовування Kerberos викладено у довіднику з sssd-krb5 . ipa: засіб FreeIPA та керування профілями Red Hat Enterprise. Докладніші відомості щодо налаштовування IPA викладено у довіднику з sssd-ipa . ad: засіб Active Directory. Докладніші відомості щодо налаштовування Active Directory викладено у довіднику з sssd-ad 5 . proxy — трансльоване розпізнавання у іншій системі PAM. none — вимкнути розпізнавання повністю. Типове значення: буде використано id_provider, якщо цей спосіб встановлено і можлива обробка запитів щодо розпізнавання. access_provider (рядок) Програма керування доступом для домену. Передбачено дві вбудованих програми керування доступом (окрім всіх встановлених додаткових серверів). Вбудованими програмами є: permit дозволяти доступ завжди. Єдиний дозволений засіб доступу для локального домену. deny — завжди забороняти доступ. ldap — вбудоване розпізнавання LDAP. Докладніші відомості щодо налаштовування LDAP викладено у довіднику з sssd-ldap 5 . ipa: засіб FreeIPA та керування профілями Red Hat Enterprise. Докладніші відомості щодо налаштовування IPA викладено у довіднику з sssd-ipa . ad: засіб Active Directory. Докладніші відомості щодо налаштовування Active Directory викладено у довіднику з sssd-ad 5 . simple — керування доступом на основі списків дозволу або заборони. Докладніші відомості щодо налаштовування модуля доступу simple можна знайти у довідці до sssd-simple 5. Типове значення: permit chpass_provider (рядок) Система, яка має обробляти дії зі зміни паролів для домену. Передбачено підтримку таких систем зміни паролів: ldap — змінити пароль, що зберігається на сервері LDAP. Докладніші відомості щодо налаштовування LDAP викладено у довіднику з sssd-ldap 5 . krb5 — змінити пароль Kerberos. Докладніші відомості щодо налаштовування Kerberos викладено у довіднику з sssd-krb5 . ipa: засіб FreeIPA та керування профілями Red Hat Enterprise. Докладніші відомості щодо налаштовування IPA викладено у довіднику з sssd-ipa . ad: засіб Active Directory. Докладніші відомості щодо налаштовування Active Directory викладено у довіднику з sssd-ad 5 . proxy — трансльована зміна пароля у іншій системі PAM. none — явно вимкнути можливість зміни пароля. Типове значення: використовується «auth_provider», якщо встановлено значення цього параметра і якщо система здатна обробляти запити щодо паролів. sudo_provider (рядок) Служба SUDO, яку використано для цього домену. Серед підтримуваних служб SUDO: ldap для правил, що зберігаються у LDAP. Докладніше про налаштовування LDAP можна дізнатися з довідки до sssd-ldap 5 . ipa the same as ldap but with IPA default settings. ad the same as ldap but with AD default settings. none явним чином вимикає SUDO. Типове значення: використовується значення id_provider, якщо його встановлено. selinux_provider (рядок) Засіб, який має відповідати за завантаження параметрів SELinux. Зауважте, що цей засіб буде викликано одразу після завершення роботи служби надання доступу. Передбачено підтримку таких засобів надання даних SELinux: ipa для завантаження параметрів selinux з сервера IPA. Докладніші відомості щодо налаштовування IPA викладено у довіднику з sssd-ipa 5 . none явним чином забороняє отримання даних щодо параметрів SELinux. Типове значення: буде використано id_provider, якщо цей спосіб встановлено і можлива обробка запитів щодо завантаження SELinux. subdomains_provider (рядок) Засіб надання даних, який має обробляти отримання даних піддоменів. Це значення має завжди збігатися зі значенням id_provider. Передбачено підтримку таких засобів надання даних піддоменів: ipa для завантаження списку піддоменів з сервера IPA. Докладніші відомості щодо налаштовування IPA викладено у довіднику з sssd-ipa 5 . none забороняє ячним чином отримання даних піддоменів. Типове значення: використовується значення id_provider, якщо його встановлено. autofs_provider (рядок) Служба autofs, яку використано для цього домену. Серед підтримуваних служб autofs: ldap — завантажити карти, що зберігаються у LDAP. Докладніше про налаштовування LDAP можна дізнатися з довідки до sssd-ldap 5 . ipa — завантажити карти, що зберігається на сервері IPA. Докладніші відомості щодо налаштовування IPA викладено у довіднику з sssd-ipa . none вимикає autofs повністю. Типове значення: використовується значення id_provider, якщо його встановлено. hostid_provider (рядок) Засіб надання даних, який використовується для отримання даних щодо профілю вузла. Серед підтримуваних засобів надання hostid: ipa — завантажити профіль системи, що зберігається на сервері IPA. Докладніші відомості щодо налаштовування IPA викладено у довіднику з sssd-ipa . none вимикає hostid повністю. Типове значення: використовується значення id_provider, якщо його встановлено. re_expression (рядок) Формальний вираз для цього домену, який описує спосіб поділи рядка, що містить ім’я користувача та назву домену на ці компоненти. «Домен» може відповідати назві домену налаштувань SSSD або, у випадку піддоменів довіри IPA та доменів Active Directory, простій назві (NetBIOS) домену. Типовий для засобів надання AD і IPA: (((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$)) За його допомогою можна визначати три різні стилі запису імен користувачів: користувач користувач@назва.домену домен\користувач Перші два стилі відповідають загальним типовим стилям, а третій введено для того, щоб полегшити інтеграцію користувачів з доменів Windows. Типове значення: (?P<name>[^@]+)@?(?P<domain>[^@]*$), можна висловити так: іменем користувача є все до символу «@», назвою домену — все після цього символу. Будь ласка, зауважте: підтримку неунікальних назв підшаблонів передбачено не для всіх платформ (наприклад, нею не можна скористатися у RHEL5 і SLES10). Підтримкою неунікальних назв підшаблонів можна скористатися лише на платформах з версією libpcre 7. Додаткове зауваження: у застарілих версіях libpcre передбачено підтримку лише синтаксичних конструкцій Python (?P<name>) для позначення підшаблонів. full_name_format (рядок) Сумісний з printf 3 формат, який описує спосіб створення повного імені на основі імені користувача та компонентів назви домену. Передбачено використання таких замінників: %1$s ім’я користувача %2$s назва домену у форматі, вказаному у файлі налаштувань SSSD. %3$s проста назва домену. Здебільшого використовується для доменів Active Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA. Типове значення: %1$s@%2$s. lookup_family_order (рядок) Надає можливість вибрати бажане сімейство адрес, яке слід використовувати під час виконання пошуків у DNS. Передбачено підтримку таких значень: ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі спробувати формат IPv6 ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4. ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі спробувати формат IPv4 ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6. Типове значення: ipv4_first dns_resolver_timeout (ціле число) Визначає кількість часу (у секундах) очікування відповіді від засобу визначення адрес DNS, перш ніж засіб буде визначено недоступним. Якщо час очікування буде перевищено, домен продовжуватиме роботу у автономному режимі. Типове значення: 6 dns_discovery_domain (рядок) Якщо у модулі обробки використовується визначення служб, вказує доменну частину запиту визначення служб DNS. Типова поведінка: використовувати назву домену з назви вузла комп’ютера. override_gid (ціле число) Замірити значення основного GID на вказане. case_sensitive (булеве значення) Враховувати регістр записів імен користувачів та назв груп. У поточній версії підтримку передбачено лише для локальних надавачів даних. Типове значення: True proxy_fast_alias (булеве значення) Під час пошуку запису користувача чи групи за назвою у системі надання даних переадресації виконується вторинний пошук за ідентифікатором з метою визначення «канонічної» форми назви, якщо результат знайдено за альтернативною назвою (псевдонімом). Встановлення для цього параметра значення «true» призведе до того, що SSSD виконуватиме пошук ідентифікатора у кеші, щоб пришвидшити надання результатів. Типове значення: false subdomain_homedir (рядок) Use this homedir as default value for all subdomains within this domain in IPA AD trust. See override_homedir for info about possible values. In addition to those, the expansion below can only be used with subdomain_homedir. %F спрощена (NetBIOS) назва піддомену. Це значення може бути перевизначено параметром override_homedir. Типове значення: /home/%d/%u realmd_tags (рядок) Різноманітні теґи, що зберігаються службою налаштовування realmd для цього домену. Параметри, які є чинними для доменів проксі. proxy_pam_target (рядок) Комп’ютер, для якого виконує проксі-сервер PAM. Типове значення: типово не встановлено, вам слід скористатися вже створеними налаштуваннями pam або створити нові і тут додати назву служби. proxy_lib_name (рядок) Назва бібліотеки NSS для використання у доменах з проксі-серверами. Функції NSS шукаються у бібліотеці у форматі _nss_$(назва_бібліотеки)_$(функція), наприклад _nss_files_getpwent. Розділ локального домену У цьому розділі містяться параметри для домену, який зберігає записи користувачів і груп у вбудованій базі даних SSSD, тобто домену, який використовує id_provider=local. Параметри розділу default_shell (рядок) Типова оболонка для записів користувачів, створених за допомогою інструментів простору користувачів SSSD. Типове значення: /bin/bash base_directory (рядок) Інструменти додають ім’я користувача до base_directory і використовують отриману адресу як адресу домашнього каталогу. Типове значення: /home create_homedir (булеве значення) Визначає, чи слід типово створювати домашній каталог для нових користувачів. Може бути перевизначено з командного рядка. Типове значення: TRUE remove_homedir (булівське значення) Визначає, чи слід вилучати домашній каталог для вилучених записів користувачів. Може бути перевизначено з командного рядка. Типове значення: TRUE homedir_umask (ціле число) Використовується sss_useradd 8 для визначення типових прав доступу до щойно створеного домашнього каталогу. Типове значення: 077 skel_dir (рядок) Каркасний каталог, який містить файли і каталоги, які буде скопійовано до домашнього каталогу користувача, коли такий домашній каталог створюється командою sss_useradd 8 Типове значення: /etc/skel mail_dir (рядок) Каталог буфера пошти. Цей каталог потрібен для обробки поштової скриньки, якщо відповідний обліковий запис користувача змінено або вилучено. Якщо каталог не вказано, буде використано типове значення. Типове значення: /var/mail userdel_cmd (рядок) Команда, яку буде виконано після вилучення запису користувача. Команді, як перший і єдиний параметр, передається ім’я користувача, запис якого вилучається. Код виконання, повернутий програмою не обробляється. Типове значення: None, не виконувати жодних команд ПРИКЛАД Нижче наведено приклад типових налаштувань SSSD. Налаштування самого домену не наведено, — щоб дізнатися більше про неї, ознайомтеся з документацією щодо налаштовування доменів. [sssd] domains = LDAP services = nss, pam config_file_version = 2 [nss] filter_groups = root filter_users = root [pam] [domain/LDAP] id_provider = ldap ldap_uri = ldap://ldap.example.com ldap_search_base = dc=example,dc=com auth_provider = krb5 krb5_server = kerberos.example.com krb5_realm = EXAMPLE.COM cache_credentials = true min_id = 10000 max_id = 20000 enumerate = False sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_ssh_authorizedkeys.1.xml0000644000000000000000000000013212320753573023236 xustar000000000000000030 mtime=1396955003.525843854 30 atime=1396955003.525843854 30 ctime=1396955003.525843854 sssd-1.11.5/src/man/uk/sss_ssh_authorizedkeys.1.xml0000664002412700241270000001037112320753573023467 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_ssh_authorizedkeys 1 sss_ssh_authorizedkeys отримати уповноважені ключі OpenSSH sss_ssh_authorizedkeys параметри КОРИСТУВАЧ ОПИС sss_ssh_authorizedkeys отримує відкриті ключі SSH для користувача КОРИСТУВАЧ і виводить їх у форматі authorized_keys OpenSSH (щоб дізнатися більше, див. розділ ФОРМАТ ФАЙЛІВ AUTHORIZED_KEYS на сторінці підручника (man) з sshd 8). sshd 8 можна налаштувати на використання sss_ssh_authorizedkeys для розпізнавання користувачів за відкритими ключами, якщо програму зібрано з підтримкою параметра sshd_config 5 AuthorizedKeysCommand або PubkeyAgent. Якщо передбачено підтримку AuthorizedKeysCommand, sshd 8 можна налаштувати на використання ключів за допомогою такої інструкції у sshd_config 5: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys Якщо передбачено підтримку PubkeyAgent, sshd 8 може бути налаштовано на використання ключів за допомогою такої інструкції sshd 8: PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u ПАРАМЕТРИ , ДОМЕН Шукати відкриті ключі користувачів у домені SSSD ДОМЕН. СТАН ВИХОДУ У випадку успіху значення стану виходу дорівнює 0. У всіх інших випадках програма повертає 1. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_groupmod.8.xml0000644000000000000000000000013212320753573021152 xustar000000000000000030 mtime=1396955003.525843854 30 atime=1396955003.525843854 30 ctime=1396955003.525843854 sssd-1.11.5/src/man/uk/sss_groupmod.8.xml0000664002412700241270000000520012320753573021376 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_groupmod 8 sss_groupmod зміна групи sss_groupmod параметри ГРУПА ОПИС sss_groupmod змінює назву групи відповідно до змін, внесених за допомогою командного рядка. ПАРАМЕТРИ , ГРУПИ Додати групу до груп, вказаних за допомогою параметра ГРУПИ. Параметр ГРУПИ є списком груп, відокремлених комами. , ГРУПИ Вилучає групу з груп, вказаних за допомогою параметра ГРУПИ. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_usermod.8.xml0000644000000000000000000000013212320753573020774 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/sss_usermod.8.xml0000664002412700241270000001301512320753573021223 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_usermod 8 sss_usermod зміна облікового запису користувача sss_usermod параметри ІМ’Я_КОРИСТУВАЧА ОПИС sss_usermod змінює параметри облікового запису ІМ’Я_КОРИСТУВАЧА відповідно до значень, вказаних у командному рядку. ПАРАМЕТРИ , КОМЕНТАР Будь-який рядок тексту, що описує користувача. Часто використовується для зберігання паспортного імені користувача. , ДОМАШНІЙ_КАТАЛОГ Домашній каталог облікового запису користувача. , ОБОЛОНКА Оболонка для входу користувача до системи. , ГРУПИ Додати запис користувача до груп, вказаних за допомогою параметра ГРУПИ. Параметр ГРУПИ є списком груп, відокремлених комами. , ГРУПИ Вилучає запис користувача з груп, вказаних за допомогою параметра ГРУПИ. , Заблокувати обліковий запис користувача. Заблокований користувач не зможе входити до системи. , Розблокувати обліковий запис користувача. , КОРИСТУВАЧ_SELINUX Ім’я користувача SELinux, що відповідає імені для входу до системи. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_seed.8.xml0000644000000000000000000000013212320753573020236 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/sss_seed.8.xml0000664002412700241270000001647612320753573020503 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_seed 8 sss_seed надсилає дані кешу SSSD щодо користувача sss_seed параметри -D ДОМЕН -n КОРИСТУВАЧ ОПИС sss_seed розповсюджує кеш SSSD з записом користувача і тимчасовим паролем. Якщо запис користувача вже є у кеші SSSD, запис буде оновлено зі встановленням тимчасового пароля. ПАРАМЕТРИ , ДОМЕН Визначає назву домену, учасником якого є користувач. Домен використовується для отримання даних щодо користувачів. Домен має бути налаштовано у sssd.conf. Має бути надано аргумент ДОМЕН. Дані, отримані з домену, матимуть вищий пріоритет за дані, вказані за допомогою параметрів. , КОРИСТУВАЧ Ім’я користувача, запис якого слід створити або змінити у кеші. Має бути вказано аргумент КОРИСТУВАЧ. , ідентифікатор користувача Встановити UID користувача у значення UID. , GID Встановити GID користувача у значення GID. , КОМЕНТАР Будь-який рядок тексту, що описує користувача. Часто використовується для зберігання паспортного імені користувача. , ДОМАШНІЙ_КАТАЛОГ Встановити домашній каталог користувача у значення ДОМАШНІЙ_КАТАЛОГ. , ОБОЛОНКА Встановити оболонку реєстрації користувача у значення ОБОЛОНКА. , Інтерактивний режим для введення даних користувача. У разі використання цього параметра програма надсилатиме запит лише щодо даних, які не було отримано з параметрів команди або домену. , ФАЙЛ_ПАРОЛІВ Вказати файл, звідки слід читати дані щодо паролів користувачів. Якщо пароль не буде знайдено, програма надішле запит на його введення. ЗАУВАЖЕННЯ Довжина пароля (або розмір файла, визначеного за допомогою параметра -p або --password-file) має бути меншою або рівною PASS_MAX байтів (64 байти у системах без визначеного на загальному рівні значення PASS_MAX). sssd-1.11.5/src/man/uk/PaxHeaders.13173/sssd-simple.5.xml0000644000000000000000000000013212320753573020666 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/sssd-simple.5.xml0000664002412700241270000001576112320753573021127 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sssd-simple 5 Формати файлів та правила sssd-simple файл налаштувань інструмента керування доступом «simple» SSSD ОПИС На цій сторінці довідника описано налаштування простого засобу керування доступом для sssd 8 . Щоб дізнатися більше про синтаксис налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника sssd.conf 5 . Простий засіб керування доступом надає або забороняє доступ на основі списку допуску або заборони, складеного за назвами облікових записів користувачів та групами. Використовуються такі правила: Якщо всі списки є порожніми, доступ буде надано. Якщо вказано будь-який зі списків, обробка виконуватиметься за послідовністю «допуск, потім заборона» (allow,deny). Це означає, що будь-яке з правил заборони матиме пріоритет над будь-яким правилом допуску. Якщо буде вказано один або обидва списки допуску («allow»), всім користувачам поза цими списками доступ буде заборонено. Якщо буде вказано лише списки заборони («deny»), всі користувачам поза цими списками доступ буде надано. ПАРАМЕТРИ НАЛАШТУВАННЯ Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки довідника (man) sssd.conf 5 , щоб дізнатися більше про налаштування домену SSSD. simple_allow_users (рядок) Відокремлений комами список користувачів, яким дозволено вхід до системи. simple_deny_users (рядок) Список користувачів, яким явно заборонено доступ; записи відокремлюються комами. simple_allow_groups (рядок) Відокремлений комами список груп, користувачам яких дозволено вхід до системи. Стосується лише груп у межах цього домену SSSD. Локальні групи не обробляються. simple_deny_groups (рядок) Відокремлений комами список груп, користувачам яких явно заборонено доступ. Стосується лише груп у межах цього домену SSSD. Локальні групи не обробляються. Якщо не вказувати значень для жодного зі списків, вважатиметься, що параметр не визначено. Пам’ятайте про це, якщо захочете створити параметри для простого надавача автоматизованими скриптами. Будь ласка, зауважте, що визначення обох параметрів, simple_allow_users і simple_deny_users, є помилкою у налаштуванні. ПРИКЛАД У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, а example.com є одним з доменів у розділі [sssd]. У прикладі продемонстровано лише параметри, специфічні для простого засобу доступу. [domain/example.com] access_provider = simple simple_allow_users = user1, user2 sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_obfuscate.8.xml0000644000000000000000000000013212320753573021271 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/sss_obfuscate.8.xml0000664002412700241270000001077512320753573021532 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_obfuscate 8 sss_obfuscate заплутування пароля у форматі звичайного тексту sss_obfuscate параметри [ПАРОЛЬ] ОПИС sss_obfuscate перетворює вказаний пароль на пароль у форматі зручному для читання і розташовує його у розділі відповідного домену файла налаштувань SSSD. Пароль у форматі звичайного тексту буде прочитано зі стандартного джерела вхідних даних або введено інтерактивно. Заплутану версію пароля буде збережено у параметрі з назвою «ldap_default_authtok» вказаного домену SSSD, параметру «ldap_default_authtok_type» буде надано значення «obfuscated_password». Докладніший опис цих параметрів можна знайти на сторінці підручника (man) sssd-ldap 5 . Будь ласка, зауважте, що заплутування паролів не є справжнім захистом, оскільки зловмисник може визначити алгоритм заплутування за кодом програми. Наполегливо радимо вам скористатися кращими механізмами захисту даних розпізнавання, зокрема клієнтськими сертифікатами або GSSAPI. ПАРАМЕТРИ , Пароль для заплутування буде прочитано зі стандартного джерела вхідних даних. , ДОМЕН Домен SSSD, для якого буде використано пароль. Типовою назвою є default. , ФАЙЛ Прочитати дані з файла налаштувань, вказаного позиційним параметром. Типове значення: /etc/sssd/sssd.conf sssd-1.11.5/src/man/uk/PaxHeaders.13173/include0000644000000000000000000000013212320753573017104 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.534843847 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/0000755002412700241270000000000012320753573017406 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000013212320753573023325 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/ldap_search_bases.xml0000664002412700241270000000273512320753573023563 0ustar00jhrozekjhrozek00000000000000 Додатковий основний DN, область пошуку і фільтр LDAP для обмеження пошуків LDAP цим типом атрибутів. синтаксис: search_base[?scope?[filter][?search_base?scope?[filter]]*] Областю може бути одне зі значень: «base», «onelevel» або «subtree». Фільтром має бути коректний запис фільтрування LDAP, відповідно до специфікації http://www.ietf.org/rfc/rfc2254.txt Приклади використання цих синтаксичних конструкцій можна знайти у розділі прикладів «ldap_search_base». Типове значення: значення ldap_search_base Будь ласка, зауважте, що підтримки визначення області або фільтра для пошуків на сервері Active Directory не передбачено. Це може призвести до отримання значної кількості результатів і викликати реакцію з боку розширення діапазону отримання (Range Retrieval). sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000013212320753573022013 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/param_help.xml0000664002412700241270000000042512320753573022243 0ustar00jhrozekjhrozek00000000000000 , Показати довідкове повідомлення і завершити роботу. sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/failover.xml0000644000000000000000000000013212320753573021512 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/failover.xml0000664002412700241270000001056112320753573021744 0ustar00jhrozekjhrozek00000000000000 РЕЗЕРВ Можливість резервування надає змогу модулям обробки автоматично перемикатися на інші сервери, якщо спроба встановлення з’єднання з поточним сервером зазнає невдачі. Синтаксичні конструкції визначення резервного сервера Список записів серверів, відокремлених комами. Між комами можна використовувати довільну кількість пробілів. Порядок у списку визначає пріоритет. У списку може бути будь-яка кількість записів серверів. Для кожного з параметрів налаштування з увімкненим резервним отриманням існує два варіанти: основний і резервний. Ідея полягає у тому, що сервери з основного списку мають вищий пріоритет за резервні сервери, пошук же на резервних серверах виконується, лише якщо не вдасться з’єднатися з жодним з основних серверів. Якщо буде вибрано резервний сервер, встановлюється час очікування у 31 секунду. Після завершення часу очікування SSSD періодично намагатиметься повторно встановити з’єднання з основними серверами. Якщо спроба буде успішною, поточний активний резервний сервер буде замінено на основний. Механізм визначення резервного сервера Механізмом резервного використання розрізняються окремі комп’ютери і служби. Спочатку модуль намагається визначити назву вузла вказаного комп’ютера. Якщо спроби визначення зазнають невдачі, комп’ютер вважатиметься від’єднаним від мережі. Подальших спроб встановити з’єднання з цим комп’ютером для всіх інших служб не виконуватиметься. Якщо вдасться виконати визначення, модуль зробити спробу встановити з’єднання зі службою на визначеному комп’ютері. Якщо спроба з’єднання зі службою не призведе до успіху, непрацездатною вважатиметься лише служба, модуль автоматично перемкнеться на наступну службу. Комп’ютер служби вважатиметься з’єднаним з мережею, можливі подальші спроби використання інших служб. Подальші спроби встановлення з’єднання з комп’ютерами або службами, позначеними як такі, що перебувають поза мережею, буде виконано за певний проміжок часу. У поточній версії цей проміжок є незмінним і дорівнює 30 секундам. Якщо список комп’ютерів буде вичерпано, основний модуль перейде у режим автономної роботи і повторюватиме спроби з’єднання кожні 30 секунд. sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000013212320753573022343 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/debug_levels.xml0000664002412700241270000000615712320753573022603 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Рівні діагностики, передбачені у поточній версії: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: щоб до журналу було записано дані щодо критичних помилок з аварійним завершенням роботи, критичних помилок, серйозних помилок та дані функцій, скористайтеся рівнем діагностики 0x0270. Приклад: щоб до журналу було записано критичні помилки з аварійним завершенням роботи, параметри налаштування, дані функцій та повідомлення трасування для функцій внутрішнього керування, скористайтеся рівнем 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000013212320753573021336 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/seealso.xml0000664002412700241270000000473112320753573021572 0ustar00jhrozekjhrozek00000000000000 ТАКОЖ ПЕРЕГЛЯНЬТЕ sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000013212320753573021543 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/upstream.xml0000664002412700241270000000024212320753573021770 0ustar00jhrozekjhrozek00000000000000 SSSD Основна гілка розробки SSSD — http://fedorahosted.org/sssd sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000013212320753573022523 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/param_help_py.xml0000664002412700241270000000042512320753573022753 0ustar00jhrozekjhrozek00000000000000 , Показати довідкове повідомлення і завершити роботу. sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000013212320753573022750 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/autofs_restart.xml0000664002412700241270000000072212320753573023200 0ustar00jhrozekjhrozek00000000000000 Будь ласка, зауважте, що засіб автоматичного монтування читає основну карту лише під час запуску, отже якщо до ssd.conf внесено будь-які пов’язані з autofs зміни, типово слід перезапустити фонову службу автоматичного монтування після перезапуску SSSD. sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000013212320753573022400 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/experimental.xml0000664002412700241270000000046212320753573022631 0ustar00jhrozekjhrozek00000000000000 Цю можливість ще не перевірено достатнім чином. Будь ласка, якщо помітите якісь вади, повідомте про них за допомогою настанов на сторінці http://fedorahosted.org/sssd. sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000013212320753573023012 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/ldap_id_mapping.xml0000664002412700241270000003245012320753573023245 0ustar00jhrozekjhrozek00000000000000 ВСТАНОВЛЕННЯ ВІДПОВІДНОСТІ ІДЕНТИФІКАТОРІВ Можливість встановлення відповідності ідентифікаторів надає SSSD змогу працювати у режимі клієнта Active Directory без потреби для адміністраторів розширювати атрибути користувача з метою підтримки атрибутів POSIX для ідентифікаторів користувачів та груп. Зауваження: якщо увімкнено встановлення відповідності ідентифікаторів, атрибути uidNumber та gidNumber буде проігноровано. Так зроблено з метою уникання конфліктів між автоматично визначеними та визначеними вручну значеннями. Якщо вам потрібно призначити певні значення вручну, вручну доведеться призначати ВСІ значення. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Алгоритм встановлення відповідності Active Directory надає значення objectSID для всіх об’єктів користувачів і груп у каталозі. Таке значення objectSID можна розбити на компоненти, які відповідають профілю домену Active Directory та відносному ідентифікатору (RID) об’єкта користувача або групи. Алгоритмом встановлення відповідності ідентифікаторів SSSD передбачено поділ діапазону доступних UID на розділи однакових розмірів, які називаються «зрізами». Кожен зріз відповідає простору, доступному певному домену Active Directory. Коли SSSD вперше зустрічає запис користувача або групи певного домену, SSSD віддає один з доступних зрізів під цей домен. З метою уможливлення відтворення такого призначення зрізів на різних клієнтських системах, зріз вибирається за таким алгоритмом: Рядок SID передається алгоритмові murmurhash3 з метою перетворення його на хешоване 32-бітове значення. Для вибору зрізу використовується ціла частина від ділення цього значення на загальну кількість доступних зрізів. Зауваження: за такого алгоритму можливі збіги за хешем та відповідною цілою частиною від ділення. У разі виявлення таких збігів буде вибрано наступний доступних зріз, але це може призвести до неможливості відтворити точно такий самий набір зрізів на інших комп’ютерах (оскільки в такому разі на вибір зрізів може вплинути порядок, у якому виконується обробка даних). Якщо ви зіткнулися з подібною ситуацією, рекомендуємо вам або перейти на використання явних атрибутів POSIX у Active Directory (вимкнути встановлення відповідності ідентифікаторів) або налаштувати типовий домен з метою гарантування того, що принаймні цей домен матиме еталонні дані. Докладніше про це у розділі «Налаштування». Налаштування Мінімальне налаштовування (у розділі [domain/НАЗВА_ДОМЕНУ]): ldap_id_mapping = True ldap_schema = ad За типових налаштувань буде створено 10000 зрізів, кожен з яких може містити до 200000 ідентифікаторів, починаючи з 10001 і аж до 2000100000. Цього має вистачити для більшості розгорнутих середовищ. Додаткові налаштування ldap_idmap_range_min (ціле число) Визначає нижню межу діапазону ідентифікаторів POSIX, які слід використовувати для встановлення відповідності SID користувачів і груп Active Directory. Зауваження: цей параметр відрізняється від min_id тим, що min_id працює як фільтр відповідей на запити щодо цього домену, а цей параметр керує діапазоном призначення ідентифікаторів. Ця відмінність є мінімальною, але загалом варто визначати min_id меншим або рівним ldap_idmap_range_min Типове значення: 200000 ldap_idmap_range_max (ціле число) Визначає верхню межу діапазону ідентифікаторів POSIX, які слід використовувати для встановлення відповідності SID користувачів і груп Active Directory. Зауваження: цей параметр відрізняється від max_id тим, що max_id працює як фільтр відповідей на запити щодо цього домену, а цей параметр керує діапазоном призначення ідентифікаторів. Ця відмінність є мінімальною, але загалом варто визначати max_id більшим або рівним ldap_idmap_range_max Типове значення: 2000200000 ldap_idmap_range_size (ціле число) Визначає кількість ідентифікаторів доступних на кожному зі зрізів. Якщо розмір діапазону не ділиться націло на мінімальне і максимальне значення, буде створено якомога більше повних зрізів. Типове значення: 200000 ldap_idmap_default_domain_sid (рядок) Визначає SID типового домену. За допомогою цього параметра можна гарантувати те, що цей домен буде завжди призначено до нульового зрізу у карті ідентифікаторів без використання алгоритму murmurhash описаного вище. Типове значення: not set ldap_idmap_default_domain (рядок) Вказати назву типового домену. Типове значення: not set ldap_idmap_autorid_compat (булеве значення) Змінює поведінку алгоритму встановлення відповідності ідентифікаторів так, щоб обчислення відбувалися за алгоритмом подібним до алгоритму idmap_autorid winbind. Якщо встановлено цей параметр, домени призначатимуться, починаючи з нульового зрізу з поступовим зростанням номерів на кожен додатковий домен. Зауваження: цей алгоритм є недетерміністичним (залежить від порядку записів користувачів та груп). Якщо з метою сумісності з системою, у якій запущено winbind, буде використано цей алгоритм, варто також скористатися параметром ldap_idmap_default_domain_sid з метою гарантування послідовного призначення принаймні одного домену до нульового зрізу. Типове значення: False sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000013212320753573026102 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/ldap_search_bases_experimental.xml0000664002412700241270000000312212320753573026327 0ustar00jhrozekjhrozek00000000000000 Додатковий основний DN, область пошуку і фільтр LDAP для обмеження пошуків LDAP цим типом атрибутів. синтаксис: search_base[?scope?[filter][?search_base?scope?[filter]]*] Областю може бути одне зі значень: «base», «onelevel» або «subtree». Фільтром має бути коректний запис фільтрування LDAP, відповідно до специфікації http://www.ietf.org/rfc/rfc2254.txt Приклади використання цих синтаксичних конструкцій можна знайти у розділі прикладів «ldap_search_base». Типове значення: значення ldap_search_base Будь ласка, зауважте, що підтримки визначення області або фільтра для пошуків на сервері Active Directory не передбачено. Це може призвести до отримання значної кількості результатів і викликати реакцію з боку розширення діапазону отримання (Range Retrieval). sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000013212320753573023432 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/service_discovery.xml0000664002412700241270000000530512320753573023664 0ustar00jhrozekjhrozek00000000000000 ПОШУК СЛУЖБ За допомогою можливості виявлення служб основні модулі мають змогу автоматично визначати відповідні сервери для встановлення з’єднання на основі даних, отриманих у відповідь на спеціальний запит до DNS. Підтримки цієї можливості для резервних серверів не передбачено. Налаштування Якщо серверів не буде вказано, модуль автоматично використає визначення служб для пошуку сервера. Крім того, користувач може використовувати і фіксовані адреси серверів і виявлення служб. Для цього слід вставити особливе ключове слово, «_srv_», до списку серверів. Пріоритет визначається за вказаним порядком. Ця можливість є корисною, якщо, наприклад, користувач надає перевагу використанню виявлення служб, якщо це можливо, з поверненням до використання певного сервера, якщо за допомогою DNS не вдасться виявити жодного сервера. Назва домену З докладнішими відомостями щодо параметра «dns_discovery_domain» можна ознайомитися на сторінці підручника (man) sssd.conf 5 . Протокол Запитами зазвичай визначається протокол _tcp. Виключення документовано у описі відповідного параметра. Також прочитайте Докладніші відомості щодо механізмів визначення служб можна знайти у RFC 2782. sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/local.xml0000644000000000000000000000013212320753573020775 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/local.xml0000664002412700241270000000250512320753573021226 0ustar00jhrozekjhrozek00000000000000 ЛОКАЛЬНИЙ ДОМЕН З метою забезпечення належної роботи слід створити домен з id_provider=local та запустити SSSD. Адміністратор може надати перевагу використанню локальних записів користувачів SSSD замість традиційних записів користувачів UNIX, якщо для роботи потрібна вкладеність груп (див. sss_groupadd 8 ). Використання локальних записів може також бути корисним для тестування та розробки програмного забезпечення з підтримкою SSSD (у такому разі не потрібно розгортати повноцінний віддалений сервер). Інструменти sss_user* та sss_group* використовують для зберігання записів користувачів і груп локальне сховище даних LDB. sssd-1.11.5/src/man/uk/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000013212320753573023231 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/include/override_homedir.xml0000664002412700241270000000402612320753573023462 0ustar00jhrozekjhrozek00000000000000 override_homedir (рядок) Перевизначити домашній каталог користувача. Ви можете вказати абсолютне значення або шаблон. У шаблоні можна використовувати такі замінники: %u ім'я користувача %U номер UID %d назва домену %f ім’я користувача повністю (користувач@домен) %o Початкова домашня тека, отримана від служби профілів. %% символ відсотків («%») Значення цього параметра можна встановлювати для кожного з доменів окремо. приклад: override_homedir = /home/%u Типове значення: не встановлено (SSSD використовуватиме значення, отримане від LDAP) sssd-1.11.5/src/man/uk/PaxHeaders.13173/sssd.8.xml0000644000000000000000000000013212320753573017402 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/sssd.8.xml0000664002412700241270000002176512320753573017644 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sssd 8 sssd Фонова служба безпеки системи sssd параметри ОПИС У SSSD передбачено набір фонових служб для керування доступом до віддалених каталогів та механізмами розпізнавання. SSSD надає операційній системі інтерфейси NSS і PAM, а також систему придатних для під’єднання модулів для встановлення з’єднання з декількома різними джерелами даних щодо облікових записів та інтерфейс D-Bus. SSSD також є основою для систем перевірки клієнтських систем та служб обслуговування правил доступу для проектів, подібних до FreeIPA. SSSD надає стійкішу базу даних для збереження записів локальних користувачів, а також додаткових даних щодо користувачів. ПАРАМЕТРИ , РІВЕНЬ режим 1: додати часову позначку до діагностичних повідомлень. 0: вимкнути часову позначку у діагностичних повідомленнях Типове значення: 1 режим 1: додати значення мікросекунд до часової позначки у діагностичних повідомленнях 0: вимкнути додавання мікросекунд до часової позначки Типове значення: 0 , Надіслати діагностичні дані до файлів, а не до stderr. Типово файли журналів зберігаються у /var/log/sssd, передбачено також окремий журнал для кожної служби і домену SSSD. , Перейти у режим фонової служби після запуску. , Запустити програму у звичайному режимі, не створювати фонової служби. , Визначити нетиповий файл налаштувань. Типовим файлом налаштувань є /etc/sssd/sssd.conf. Довідку щодо синтаксису та параметрів файла налаштувань можна знайти на сторінці довідника (man) sssd.conf 5 . Вивести номер версії і завершити роботу. Сигнали SIGTERM/SIGINT Повідомляє SSSD, що слід поступово завершити роботу всіх дочірніх процесів, а потім завершити роботу монітора. SIGHUP Повідомляє SSSD, що слід припинити запис до файлів діагностичних даних з поточними дескрипторами, закрити і повторно відкрити ці файли. Цей сигнал призначено для полегшення процедури архівування журналів за допомогою програм, подібних до logrotate. SIGUSR1 Наказує SSSD імітувати роботу у автономному режимі протягом однієї хвилини. Найкориснішим застосуванням є тестування служби. SIGUSR2 Наказує SSSD перейти у режим роботи у мережі негайно. Найкориснішим застосуванням є тестування служби. ЗАУВАЖЕННЯ If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO", client applications will not use the fast in memory cache. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_groupdel.8.xml0000644000000000000000000000013212320753573021137 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/sss_groupdel.8.xml0000664002412700241270000000310212320753573021362 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_groupdel 8 sss_groupdel вилучення групи sss_groupdel параметри ГРУПА ОПИС sss_groupdel вилучає групу, вказану за допомогою аргументу ГРУПА, з системи. ПАРАМЕТРИ sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_useradd.8.xml0000644000000000000000000000013212320753573020745 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/sss_useradd.8.xml0000664002412700241270000001763412320753573021207 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_useradd 8 sss_useradd створення нового запису користувача sss_useradd параметри НАЗВА_ОБЛІКОВОГО_ЗАПИСУ ОПИС sss_useradd створює обліковий запис користувача на основі значень, вказаних у командному рядку та типових значень системи. ПАРАМЕТРИ , ідентифікатор користувача Встановити для параметра ідентифікатора користувача (UID) значення UID. Якщо таке значення не буде вказано, програма вибере його автоматично. , КОМЕНТАР Будь-який рядок тексту, що описує користувача. Часто використовується для зберігання паспортного імені користувача. , ДОМАШНІЙ_КАТАЛОГ Домашній каталог облікового запису користувача. Типовою назвою такого каталогу є назва, що утворюється додаванням ІМЕНІ_КОРИСТУВАЧА до запису /home. Рядок, який буде додано перед ІМЕНЕМ_КОРИСТУВАЧА, можна визначити за допомогою параметра «user_defaults/baseDirectory» у sssd.conf. , ОБОЛОНКА Командна оболонка реєстрації користувача. У поточній версії типовою оболонкою є /bin/bash. Типову оболонку можна змінити за допомогою параметра «user_defaults/defaultShell» у sssd.conf. , ГРУПИ Список груп, учасником яких є користувач. , Створити домашній каталог користувача, якщо такого ще не існує. До такого домашнього каталогу буде скопійовано файли і каталоги з каркасного каталогу (який можна визначити за допомогою параметра -k або запису у файлі налаштувань). , Не створювати домашнього каталогу користувача. Має пріоритет над іншими параметрами налаштування. , КАТАЛОГ_SKEL Каркасний каталог, який містить файли і каталоги, які буде скопійовано до домашнього каталогу користувача, коли такий домашній каталог створюється командою sss_useradd. Спеціальні файли (блокові пристрої, символьні пристрої, іменовані канали та сокети UNIX) скопійовано не буде. Цей параметр набуде чинності, лише якщо вказано параметр (або ) або для створення домашніх каталогів вказано TRUE у налаштуваннях. , КОРИСТУВАЧ_SELINUX Користувач SELinux, що відповідає користувачеві, який увійшов до системи. Якщо не вказано, буде використано типового користувача системи. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_userdel.8.xml0000644000000000000000000000013212320753573020761 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/sss_userdel.8.xml0000664002412700241270000000762212320753573021217 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_userdel 8 sss_userdel вилучення облікового запису користувача sss_userdel параметри НАЗВА_ОБЛІКОВОГО_ЗАПИСУ ОПИС sss_userdel вилучає обліковий запис користувача ІМ’Я_КОРИСТУВАЧА з системи. ПАРАМЕТРИ , Файли у домашньому каталозі користувача буде вилучено разом з самим домашнім каталогом та поштовим буфером користувача. Може бути перевизначено у налаштуваннях. , Файли у домашньому каталозі користувача НЕ буде вилучено разом з самим домашнім каталогом та поштовим буфером користувача. Може бути перевизначено у налаштуваннях. , За допомогою цього параметра можна примусити sss_userdel вилучати домашній каталог користувача та буфер пошти, навіть якщо їхнім власником не є вказаний користувач. , До вилучення запису користувача завершити роботу всіх процесів, власником яких є цей користувач. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sssd-sudo.5.xml0000644000000000000000000000013212320753573020347 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/sssd-sudo.5.xml0000664002412700241270000002353012320753573020601 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sssd-sudo 5 Формати файлів та правила sssd-sudo Налаштовування sudo за допомогою модуля SSSD ОПИС На цій сторінці підручника описано способи налаштовування sudo 8 на роботу у комплексі з sssd 8 та способи кешування правил sudo у SSSD. Налаштовування sudo на співпрацю з SSSD Щоб увімкнути SSSD як джерело правил sudo, додайте sss до запису sudoers у файлі nsswitch.conf 5 . Наприклад, щоб налаштувати sudo на першочерговий пошук правил у стандартному файлі sudoers 5 (цей файл має містити правила, що стосуються локальних користувачів), а потім у SSSD, у файлі nsswitch.conf слід вказати такий рядок: sudoers: files sss Докладніші дані щодо налаштовування порядку пошуку у sudoers за допомогою файла nsswitch.conf, а також дані щодо бази даних LDAP, у якій зберігаються правила sudo каталогу, можна знайти на сторінці підручника sudoers.ldap 5 . Note: in order to use netgroups or IPA hostgroups in sudo rules, you also need to correctly set nisdomainname 1 to your NIS domain name (which equals to IPA domain name when using hostgroups). Налаштовування SSSD на отримання правил sudo All configuration that is needed on SSSD side is to extend the list of services with "sudo" in [sssd] section of sssd.conf 5 . To speed up the LDAP lookups, you can also set search base for sudo rules using ldap_sudo_search_base option. У наведеному нижче прикладі показано, як налаштувати SSSD на отримання правил sudo з сервера LDAP. [sssd] config_file_version = 2 services = nss, pam, sudo domains = EXAMPLE [domain/EXAMPLE] id_provider = ldap sudo_provider = ldap ldap_uri = ldap://example.com ldap_sudo_search_base = ou=sudoers,dc=example,dc=com When the SSSD is configured to use IPA as the ID provider, the sudo provider is automatically enabled. The sudo search base is configured to use the compat tree (ou=sudoers,$DC). Механізм кешування правил SUDO Найбільшою складністю під час розробки підтримки sudo у SSSD було забезпечення роботи sudo з SSSD так, щоб для користувача джерело даних надавало дані у один спосіб та з тією самою швидкістю, що і sudo, надаючи при цьому якомога свіжіший набір правил. Щоб виконати ці умови, SSSD використовує оновлення трьох типів. Будемо називати ці тип повним оновленням, інтелектуальним оновленням та оновленням правил. Використання типу інтелектуального оновлення полягає у отриманні правил, які було додано або змінено з часу попереднього оновлення. Основним призначенням оновлення такого типу є підтримання актуального стану бази даних невеличкими порціями, які не спричиняють значного навантаження на мережу. У разі використання повного оновлення всі правила sudo, що зберігаються у кеші, буде вилучено і замінено на всі правила, які зберігаються на сервері. Таким чином, кеш буде узгоджено шляхом вилучення всіх правил, які було вилучено на сервері. Втім, повне оновлення може значно навантажувати канал з’єднання, а отже його варто використовувати лише іноді. Проміжок між сеансами повного оновлення має залежати від розміру і стабільності правил sudo. У разі використання типу оновлення правил забезпечується ненадання користувачам ширших дозволів, ніж це було визначено на сервері. Оновлення цього типу виконується під час кожного запуску користувачем sudo. Під час оновлення буде виявлено всі правила, які стосуються користувача, перевірено, чи не завершено строк дії цих правил, і повторно отримано правила, якщо строк дії правил завершено. Якщо якихось з правил не буде виявлено на сервері, SSSD виконає позачергове повне оновлення, оскільки може виявитися, що було вилучено набагато більше правил (які стосуються інших користувачів). Якщо увімкнено, SSSD зберігатиме лише правила, які можна застосувати до цього комп’ютера. Це означає, що зберігатимуться правила, що містять у атрибуті sudoHost одне з таких значень: ключове слово ALL шаблон заміни мережеву групу (у форматі «+мережева група») назву вузла або повну назву у домені цього комп’ютера одну з IP-адрес цього комп’ютера одну з IP-адрес мережі (у форматі «адреса/маска») Для точного налаштовування поведінки передбачено доволі багато параметрів Будь ласка, зверніться до розділу «ldap_sudo_*» у sssd-ldap 5 та «sudo_*» у sssd.conf 5 , щоб ознайомитися з докладним описом. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sssd-ldap.5.xml0000644000000000000000000000013212320753573020315 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/sssd-ldap.5.xml0000664002412700241270000036036412320753573020560 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sssd-ldap 5 Формати файлів та правила sssd-ldap файл налаштування SSSD ОПИС На цій сторінці довідника описано налаштування доменів LDAP для sssd 8 . Щоб дізнатися більше про синтаксис налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника sssd.conf 5 . Ви можете налаштувати SSSD на використання декількох доменів LDAP. У основному модулі LDAP передбачено підтримку засобів надання ідентифікатора (id), уповноважень (auth), доступу (access) та зміни паролів (chpass). Якщо ви бажаєте виконувати розпізнавання на сервері LDAP, потрібен TLS/SSL або LDAPS. У sssd не передбачено підтримки розпізнавання за допомогою шифрованого каналу обміну даними. Якщо сервер LDAP використовується лише для надання даних профілів, потреби у шифруванні каналу обміну даними немає. Будь ласка, зверніться до опису параметра налаштування ldap_access_filter, щоб дізнатися більше про використання LDAP, як засобу керування доступом. ПАРАМЕТРИ НАЛАШТУВАННЯ Всі загальні параметри налаштування, які стосуються доменів SSSD, також стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки підручника sssd.conf 5 , щоб дізнатися більше. ldap_uri, ldap_backup_uri (рядок) Визначає список адрес серверів LDAP, відокремлених комами, з якими SSSD має встановлювати з’єднання у порядку пріоритету. Зверніться до розділу «РЕЗЕРВ», щоб дізнатися більше про перемикання на резервні ресурси та додаткові сервери. Якщо не вказано, буде використано автоматичне виявлення служб. Докладніші відомості можна знайти у розділі «ПОШУК СЛУЖБ». Формат адреси має відповідати формату, що визначається RFC 2732: ldap[s]://<вузол>[:порт] У явних адресах IPv6 <вузол> має бути вказано у квадратних дужках, [] приклад: ldap://[fc00::126:25]:389 ldap_chpass_uri, ldap_chpass_backup_uri (рядок) Визначає список адрес серверів LDAP, відокремлених комами, з якими SSSD має встановлювати з’єднання у порядку пріоритету для зміни пароля користувача. Зверніться до розділу «РЕЗЕРВ», щоб дізнатися більше про перемикання на резервні ресурси та додаткові сервери. Для того, щоб уможливити визначення служб, слід встановити значення параметра ldap_chpass_dns_service_name. Типове значення: порожнє, тобто використовується ldap_uri. ldap_search_base (рядок) Типова базова назва домену, яку слід використовувати для виконання дій від імені користувача LDAP. Починаючи з SSSD 1.7.0, у SSSD передбачено підтримку визначення декількох основ для пошуку за допомогою таких синтаксичних конструкцій: основа_пошуку[?діапазон?[фільтр][?основа_пошуку?діапазон?[фільтр]]*] Діапазоном може бути одне зі значень, «base» (основа), «onelevel» (окремий рівень) або «subtree» (піддерево). Фільтром має бути коректний запис фільтрування LDAP, відповідно до специфікації http://www.ietf.org/rfc/rfc2254.txt Приклади: ldap_search_base = dc=example,dc=com (еквівалентне до) ldap_search_base = dc=example,dc=com?subtree? ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? Зауваження: підтримки визначення декількох основ пошуку з посиланням на об’єкти з однаковими назвами (наприклад груп з однаковою назвою у двох різних основах пошуку) не передбачено. Такі визначення можуть призвести до непередбачуваних результатів на клієнтських комп’ютерах. Типове значення: якщо значення не встановлено, буде використано значення атрибута defaultNamingContext або namingContexts з RootDSE сервера LDAP. Якщо запису defaultNamingContext не існує або цей запис має порожнє значення, буде використано namingContexts. Для роботи системи потрібно, щоб атрибут namingContexts має єдине значення DN бази пошуку сервера LDAP. Підтримки визначення декількох значень не передбачено. ldap_schema (рядок) Визначає тип схеми, що використовується на сервері LDAP призначення. Відповідно до вибраної схеми, типові назви атрибутів, отриманих з сервера, можуть бути різними. Спосіб обробки атрибутів також може бути різним. У поточній версії передбачено підтримку чотирьох типів схем: rfc2307 rfc2307bis IPA AD Основною відмінністю між цими типами схем є спосіб запису даних щодо участі у групах на сервері. Відповідно до rfc2307, список учасників груп впорядковується за користувачами у атрибуті memberUid. Відповідно до rfc2307bis і IPA, список учасників груп впорядковується за назвою домену (DN) і зберігається у атрибуті member. Відповідно до типу схеми AD, встановлюється відповідність зі значеннями Active Directory 2008r2. Типове значення: rfc2307 ldap_default_bind_dn (рядок) Типова назва домену прив’язки, яку слід використовувати для виконання дій LDAP. ldap_default_authtok_type (рядок) Тип розпізнавання для типової назви сервера прив’язки. У поточній версії передбачено підтримку двох механізмів: password obfuscated_password Типове значення: password ldap_default_authtok (рядок) Лексема розпізнавання типової назви сервера прив’язки. У поточній версії передбачено підтримку лише паролів у форматі звичайного тексту. ldap_user_object_class (рядок) Клас об’єктів запису користувача у LDAP. Типове значення: posixAccount ldap_user_name (рядок) Атрибут LDAP, що відповідає назві облікового запису користувача. Типове значення: uid ldap_user_uid_number (рядок) Атрибут LDAP, що відповідає ідентифікатору користувача. Типове значення: uidNumber ldap_user_gid_number (рядок) Атрибут LDAP, що відповідає ідентифікатору основної групи користувача. Типове значення: gidNumber ldap_user_gecos (рядок) Атрибут LDAP, що відповідає полю gecos користувача. Типове значення: gecos ldap_user_home_directory (рядок) Атрибут LDAP, що містить назву домашнього каталогу користувача. Типове значення: homeDirectory ldap_user_shell (рядок) Атрибут LDAP, що містить шлях до типової командної оболонки користувача. Типове значення: loginShell ldap_user_uuid (рядок) Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP. Типове значення: nsUniqueId ldap_user_objectsid (рядок) Атрибут LDAP, що містить objectSID об’єкта користувача LDAP. Зазвичай, потрібен лише для серверів ActiveDirectory. Типове значення: objectSid для ActiveDirectory, не встановлено для інших серверів. ldap_user_modify_timestamp (рядок) Атрибут LDAP, що містить часову позначку останньої зміни батьківського об’єкта. Типове значення: modifyTimestamp ldap_user_shadow_last_change (рядок) У разі використання ldap_pwd_policy=shadow цей параметр містить назву атрибута LDAP, який є відповідником параметра shadow 5 (дати останньої зміни пароля). Типове значення: shadowLastChange ldap_user_shadow_min (рядок) У разі використання ldap_pwd_policy=shadow цей параметр містить назву атрибута LDAP, який є відповідником параметра shadow 5 (мінімального віку пароля). Типове значення: shadowMin ldap_user_shadow_max (рядок) У разі використання ldap_pwd_policy=shadow цей параметр містить назву атрибута LDAP, який є відповідником параметра shadow 5 (максимального віку пароля). Типове значення: shadowMax ldap_user_shadow_warning (рядок) У разі використання ldap_pwd_policy=shadow цей параметр містить назву атрибута LDAP, який є відповідником параметра shadow 5 (проміжку попередження щодо пароля). Типове значення: shadowWarning ldap_user_shadow_inactive (рядок) У разі використання ldap_pwd_policy=shadow цей параметр містить назву атрибута LDAP, який є відповідником параметра shadow 5 (тривалості періоду невикористання пароля). Типове значення: shadowInactive ldap_user_shadow_expire (рядок) У разі використання ldap_pwd_policy=shadow або ldap_account_expire_policy=shadow цей параметр містить назву атрибута LDAP, який є відповідником параметра shadow 5 (дати завершення строку дії пароля). Типове значення: shadowExpire ldap_user_krb_last_pwd_change (рядок) Якщо використано значення ldap_pwd_policy=mit_kerberos, цей параметр містить назву атрибута LDAP, у якому зберігається дата і час останньої зміни пароля у kerberos. Типове значення: krbLastPwdChange ldap_user_krb_password_expiration (рядок) Якщо використано значення ldap_pwd_policy=mit_kerberos, цей параметр містить назву атрибута LDAP, у якому зберігається дата і час завершення строку дії поточного пароля. Типове значення: krbPasswordExpiration ldap_user_ad_account_expires (рядок) Якщо вказано ldap_account_expire_policy=ad, цей параметр містить назву атрибута LDAP, у якому зберігаються дані щодо строку завершення дії облікового запису. Типове значення: accountExpires ldap_user_ad_user_account_control (рядок) Якщо вказано ldap_account_expire_policy=ad, цей параметр містить назву атрибута LDAP, у якому зберігаються дані щодо поля контрольного біта облікового запису користувача. Типове значення: userAccountControl ldap_ns_account_lock (рядок) Якщо вказано ldap_account_expire_policy=rhds або еквівалентне налаштування, цей параметр визначає, заборонено чи дозволено доступ. Типове значення: nsAccountLock ldap_user_nds_login_disabled (рядок) Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає, дозволено чи заборонено доступ. Типове значення: loginDisabled ldap_user_nds_login_expiration_time (рядок) Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає дату, до якої надано доступ. Типове значення: loginDisabled ldap_user_nds_login_allowed_time_map (рядок) Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає годити дня тижня, коли надається доступ. Типове значення: loginAllowedTimeMap ldap_user_principal (рядок) Атрибут LDAP, що містить Kerberos User Principal Name (UPN) користувача. Типове значення: krbPrincipalName ldap_user_ssh_public_key (рядок) Атрибут LDAP, який містить відкриті ключі SSH користувача. ldap_force_upper_case_realm (булеве значення) Деякі з серверів каталогів, наприклад Active Directory, можуть надавати частину області адреси UPN лише малими літерами (літерами нижнього регістру), що може призвести до невдалої спроби розпізнавання. Встановіть ненульове значення цього параметра, якщо ви бажаєте використовувати назву області у верхньому регістрі. Типове значення: false ldap_enumeration_refresh_timeout (ціле число) Визначає кількість секунд, протягом яких SSSD має очікувати до оновлення свого кешу нумерованих записів. Типове значення: 300 ldap_purge_cache_timeout (ціле число) Визначає частоту пошуків у кеші неактивних записів (зокрема груп без учасників та користувачів, які ніколи не входили до системи) та вилучення цих записів з метою економії місця. Встановлення нульового значення цього параметра вимкне дію з очищення кешу. Типове значення: 10800 (12 годин) ldap_user_fullname (рядок) Атрибут LDAP, що відповідає повному імені користувача. Типове значення: cn ldap_user_member_of (рядок) Атрибут LDAP зі списком груп, у яких бере участь користувач. Типове значення: memberOf ldap_user_authorized_service (рядок) Якщо access_provider=ldap і ldap_access_order=authorized_service, SSSD використовуватиме наявність атрибута authorizedService у записі користувача LDAP для визначення прав доступу. Спочатку визначаються явні заборони (!svc). Далі SSSD шукає явні дозволи (svc) і нарешті загальні дозволи або allow_all (*). Будь ласка, зауважте, що параметр налаштування ldap_access_order має включати authorized_service, щоб система змогла скористатися параметром ldap_user_authorized_service. Типове значення: authorizedService ldap_user_authorized_host (рядок) Якщо access_provider=ldap і ldap_access_order=host, SSSD використовуватиме наявність атрибута host у записі користувача LDAP для визначення прав доступу. Спочатку визначаються явні заборони (!host). Далі SSSD шукає явні дозволи (host) і нарешті загальні дозволи або allow_all (*). Будь ласка, зауважте, що параметр налаштування ldap_access_order має включати host, щоб можна було скористатися параметром ldap_user_authorized_host. Типове значення: host ldap_group_object_class (рядок) Клас об’єктів запису групи у LDAP. Типове значення: posixGroup ldap_group_name (рядок) Атрибут LDAP, що відповідає назві групи. Типове значення: cn ldap_group_gid_number (рядок) Атрибут LDAP, що відповідає ідентифікатору групи. Типове значення: gidNumber ldap_group_member (рядок) Атрибут LDAP, у якому містяться імена учасників групи. Типове значення: memberuid (rfc2307) / member (rfc2307bis) ldap_group_uuid (рядок) Атрибут LDAP, що містить UUID/GUID об’єкта групи LDAP. Типове значення: nsUniqueId ldap_group_objectsid (рядок) Атрибут LDAP, що містить objectSID об’єкта групи LDAP. Зазвичай, потрібен лише для серверів ActiveDirectory. Типове значення: objectSid для ActiveDirectory, не встановлено для інших серверів. ldap_group_modify_timestamp (рядок) Атрибут LDAP, що містить часову позначку останньої зміни батьківського об’єкта. Типове значення: modifyTimestamp ldap_group_type (integer) The LDAP attribute that contains an integer value indicating the type of the group and maybe other flags. This attribute is currently only used by the AD provider to determine if a group is a domain local groups and has to be filtered out for trusted domains. Default: groupType in the AD provider, othewise not set ldap_group_nesting_level (ціле число) Якщо ldap_schema встановлено у значення формату схеми, у якому передбачено підтримку вкладеності груп (наприклад RFC2307bis), цей параметр визначає кількість рівнів вкладеності, які оброблятимуться SSSD. Значення цього параметра буде проігноровано, якщо використано схему RFC2307. Типове значення: 2 ldap_groups_use_matching_rule_in_chain За допомогою цього параметра можна наказати SSSD скористатися перевагами специфічної для Active Directory можливості, яка надає змогу пришвидшити дії з пошуку груп у мережах зі складною системою груп або системою груп з високим рівнем вкладеності. Здебільшого, не варто вмикати цю можливість. Пришвидшення за її допомогою можна буде спостерігати лише у дуже складних випадках вкладеності груп. Якщо увімкнено цей параметр, SSSD використовуватиме можливість, якщо під час початкового сеансу з’єднання виявить, що на сервері передбачено підтримку можливості. Отже, насправді значення «True» означає «визначити автоматично». Зауваження: відомо, що у поточній версії цією можливістю можна скористатися лише для Active Directory 2008 R1 та пізніших версій. Докладніше про це можна дізнатися з документації MSDN(TM). Типове значення: False ldap_initgroups_use_matching_rule_in_chain За допомогою цього параметра можна наказати SSSD скористатися перевагами специфічної для Active Directory можливості, яка може пришвидшити дії з початковими групами (initgroups). Особливо помітним таке пришвидшення є у системах зі складною системою груп або системою груп з високим рівнем вкладеності. Якщо увімкнено цей параметр, SSSD використовуватиме можливість, якщо під час початкового сеансу з’єднання виявить, що на сервері передбачено підтримку можливості. Отже, насправді значення «True» означає «визначити автоматично». Зауваження: відомо, що у поточній версії цією можливістю можна скористатися лише для Active Directory 2008 R1 та пізніших версій. Докладніше про це можна дізнатися з документації MSDN(TM). Типове значення: False ldap_netgroup_object_class (рядок) Клас об’єктів запису мережевої групи (netgroup) у LDAP. У надавачі даних IPA має бути використано ipa_netgroup_object_class. Типове значення: nisNetgroup ldap_netgroup_name (рядок) Атрибут LDAP, що відповідає назві мережевої групи (netgroup). У надавачі даних IPA має бути використано ipa_netgroup_name. Типове значення: cn ldap_netgroup_member (рядок) Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup). У надавачі даних IPA має бути використано ipa_netgroup_member. Типове значення: memberNisNetgroup ldap_netgroup_triple (рядок) Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен). Цим параметром не можна скористатися у надавачі даних IPA. Типове значення: nisNetgroupTriple ldap_netgroup_uuid (рядок) Атрибут LDAP, що містить UUID/GUID об’єкта мережевої групи LDAP. У надавачі даних IPA має бути використано ipa_netgroup_uuid. Типове значення: nsUniqueId ldap_netgroup_modify_timestamp (рядок) Атрибут LDAP, що містить часову позначку останньої зміни батьківського об’єкта. Цим параметром не можна скористатися у надавачі даних IPA. Типове значення: modifyTimestamp ldap_service_object_class (рядок) Клас об’єктів запису служби у LDAP. Типове значення: ipService ldap_service_name (рядок) Атрибут LDAP, що містить назву атрибутів служби та замінників цих атрибутів. Типове значення: cn ldap_service_port (рядок) Атрибут LDAP, що містить номер порту, яким керує ця служба. Типове значення: ipServicePort ldap_service_proto (рядок) Атрибут LDAP, що містить протоколи, за яким може працювати ця служба. Типове значення: ipServiceProtocol ldap_service_search_base (рядок) ldap_search_timeout (ціле число) Визначає час очікування на дані (у секундах) для виконання пошуків ldap, перш ніж пошук буде скасовано з поверненням кешованих даних (і переходом до автономного режиму роботи) Зауваження: роботу цього параметра буде змінено у наступних версіях SSSD. Ймовірно, його буде колись замінено на послідовність часів очікування для окремих типів пошуків. Типове значення: 6 ldap_enumeration_search_timeout (ціле число) Визначає час очікування на дані (у секундах) для виконання пошуків номерів користувачів та груп у ldap, перш ніж пошук буде скасовано з поверненням кешованих даних (і переходом до автономного режиму роботи) Типове значення: 60 ldap_network_timeout (ціле число) Визначає час очікування (у секундах), після завершення якого poll 2 / select 2 з наступним connect 2 повертається до стану бездіяльності. Типове значення: 6 ldap_opt_timeout (ціле число) Визначає час очікування (у секундах), після завершення якого виклики до синхронних програмних інтерфейсів LDAP буде перервано, якщо не буде отримано відповіді. Також керує часом очікування під час обміну даними з KDC у випадку прив’язки SASL. Типове значення: 6 ldap_connection_expire_timeout (ціле значення) Визначає час очікування (у секундах), протягом якого підтримуватиметься з’єднання з сервером LDAP. По завершенню цього часу буде зроблено спробу повторно встановити з’єднання. У разі використання паралельно до SASL/GSSAPI буде використано перше за часом значення (це значення або значення строку дії TGT). Типове значення: 900 (15 хвилин) ldap_page_size (ціле число) Визначити кількість записів, які слід отримати з LDAP у відповідь на один запит. На деяких серверах LDAP визначено обмеження максимальної кількості на один запит. Типове значення: 1000 ldap_disable_paging (булеве значення) Вимикає контроль сторінок LDAP. Цим параметром слід скористатися, якщо сервер LDAP повідомляє про підтримку контролю сторінок LDAP у своєму RootDSE, але цю підтримку не увімкнено або вона не працює належним чином. Приклад: сервери OpenLDAP з модулем контролю сторінок, встановленим на сервері, але не увімкненим, повідомляють про підтримку у RootDSE, але цією підтримкою не можна скористатися. Приклад: 389 DS має ваду, пов’язану з тим, що здатен підтримувати лише один процес контролю сторінок для одного з’єднання. У разі значного навантаження це може призвести до відмови у виконанні запитів. Типове значення: False ldap_disable_range_retrieval (булеве значення) Вимкнути отримання діапазону Active Directory. У Active Directory за допомогою правила MaxValRange (типове значення 1500 записів) обмежується кількість записів, які може бути отримано під час пошуку. Якщо у певній групі міститься більше записів учасників, до відповіді буде включено специфічне для AD розширення діапазону. За допомогою цього параметра можна вимкнути обробку розширення діапазону, отже великі групи буде представлено як такі, у яких немає учасників. Типове значення: False ldap_sasl_minssf (ціле значення) Під час обміну даними з сервером LDAP за допомогою SASL визначає мінімальний рівень захисту, потрібний для встановлення з’єднання. Значення цього параметра визначається OpenLDAP. Типове значення: типове для системи значення (зазвичай, визначається у ldap.conf) ldap_deref_threshold (ціле число) Вказує кількість учасників групи, записів яких має не вистачати у зовнішньому кеші для запуску загального пошуку з розіменуванням. Якщо пропущених записів буде менше за вказану кількість, пошук для них виконуватиметься окремо. Ви можете повністю вимкнути пошуки з отриманням значення об’єкта (розіменуванням), якщо вкажете значення 0. Пошук з розіменуванням — це отримання всіх записів учасників групи за одним викликом LDAP. У різних серверах LDAP може бути передбачено різні способи розіменування. У поточній версії передбачено підтримку серверів 389/RHDS, OpenLDAP та Active Directory. Зауваження: якщо у одній з основ пошуку визначається фільтр пошуку, покращення швидкодії фільтрів розіменування буде вимкнено, незалежно від використання цього параметра. Типове значення: 10 ldap_tls_reqcert (рядок) Визначає перелік перевірок, які слід виконати для сертифікатів серверів у сеансі TLS, якщо такі перевірки слід виконувати. Може бути визначено одне з таких значень: never = клієнт не надсилатиме запиту і не перевірятиме жодних сертифікатів сервера. allow = надіслати запит щодо сертифіката сервера. Якщо сертифікат не буде надано, продовжити сеанс у звичайному режимі. Якщо буде надано помилковий сертифікат, ігнорувати і продовжити сеанс у звичайному режимі. try = надіслати запит щодо сертифіката сервера. Якщо сертифікат не буде надано, продовжити сеанс у звичайному режимі. Якщо буде надано помилковий сертифікат, негайно перервати сеанс. demand = надіслати запит щодо сертифіката сервера. Якщо сертифікат не буде надано або буде надано помилковий сертифікат, негайно перервати сеанс. hard = те саме, що і demand Типове значення: hard ldap_tls_cacert (рядок) Визначає файл, який містить сертифікати для всіх служб сертифікації, які розпізнаються sssd. Типове значення: використовувати типові параметри OpenLDAP, що зберігаються у /etc/openldap/ldap.conf ldap_tls_cacertdir (рядок) Визначає шлях до каталогу, де у окремих файлах містяться сертифікати служб сертифікації (CA). Типовими назвами файлів є хеші сертифікатів з додаванням «.0». Для створення відповідних назв можна скористатися cacertdir_rehash, якщо ця програма є доступною. Типове значення: використовувати типові параметри OpenLDAP, що зберігаються у /etc/openldap/ldap.conf ldap_tls_cert (рядок) Визначає файл, який містить сертифікат для ключа клієнта. Типове значення: not set ldap_tls_key (рядок) Визначає файл, у якому міститься ключ клієнта. Типове значення: not set ldap_tls_cipher_suite (рядок) Визначає прийнятні комплекти програм для шифрування. Записи у типовому списку слід відокремлювати комами. З форматом можна ознайомитися на сторінці довідника до ldap.conf 5. Типове значення: використовувати типові параметри OpenLDAP, що зберігаються у /etc/openldap/ldap.conf ldap_id_use_start_tls (булеве значення) Визначає, що з’єднання id_provider має також використовувати tls для захисту каналу. Типове значення: false ldap_id_mapping (булеве значення) Визначає, що SSSD має намагатися встановити відповідність ідентифікаторів користувача і групи на основі атрибутів ldap_user_objectsid та ldap_group_objectsid, замість атрибутів ldap_user_uid_number та ldap_group_gid_number. У поточній версії у цій можливості передбачено підтримку лише встановлення відповідності objectSID у ActiveDirectory. Типове значення: false ldap_min_id, ldap_max_id (ціле число) На відміну від прив’язування ідентифікаторів на основі SID, яке використовується, якщо параметр ldap_id_mapping має значення true, діапазон дозволених ідентифікаторів для ldap_user_uid_number і ldap_group_gid_number є необмеженим. У конфігураціях з піддоменами та довіреними доменами це може призвести до конфліктів ідентифікаторів. Щоб уникнути конфліктів, можна встановити значення ldap_min_id і ldap_max_id для обмеження дозволеного діапазону ідентифікаторів, які буде прочитано безпосередньо з сервера. Після цього піддомени можуть вибирати інші діапазони для прив’язування ідентифікаторів. Типове значення: не встановлено (обидва параметри встановлено у значення 0) ldap_sasl_mech (рядок) Визначає механізм SASL, який слід використовувати. У поточній версії перевірено і підтримується лише механізм GSSAPI. Типове значення: not set ldap_sasl_authid (рядок) Визначає ідентифікатор уповноваження SASL, який слід використовувати. Якщо використано GSSAPI, відповідає реєстраційному запису Kerberos, який використовується для розпізнавання під час доступу до каталогу. У цьому параметрів можуть зберігатися або реєстраційні дані повністю (наприклад host/myhost@EXAMPLE.COM) або лише назва реєстраційного запису (наприклад host/myhost). Типове значення: вузол/назва_вузла@ОБЛАСТЬ ldap_sasl_realm (рядок) Визначає область SASL, яку слід використовувати. Якщо не вказано значення, типовим значенням цього параметра є значення krb5_realm. Якщо ldap_sasl_authid також містить запис області, цей параметр буде проігноровано. Типове значення: значення krb5_realm. ldap_sasl_canonicalize (булеве значення) Якщо встановлено значення true (1), бібліотека LDAP виконувати зворотній пошук з метою переведення назв вузлів у канонічну форму під час прив’язки до SASL. Типове значення: false; ldap_krb5_keytab (рядок) Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI. Типове значення: системна таблиця ключів, зазвичай /etc/krb5.keytab ldap_krb5_init_creds (булеве значення) Визначає, що id_provider має ініціалізувати реєстраційні дані Kerberos (TGT). Цю дію буде виконано, лише якщо використовується SASL і вибрано механізм GSSAPI. Типове значення: true ldap_krb5_ticket_lifetime (ціле число) Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI. Типове значення: 86400 (24 години) krb5_server, krb5_backup_server (рядок) Визначає список IP-адрес або назв вузлів, відокремлених комами, серверів Kerberos, з якими SSSD має встановлювати з’єднання. Список має бути впорядковано за пріоритетом. Докладніше про резервування та додаткові сервери можна дізнатися з розділу «РЕЗЕРВ». До адрес або назв вузлів може бути додано номер порту (перед номером слід вписати двокрапку). Якщо параметр матиме порожнє значення, буде увімкнено виявлення служб. Докладніше про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ». Під час використання виявлення служб для серверів KDC або kpasswd SSSD спочатку намагається знайти записи DNS, у яких визначається протокол _udp. Використання протоколу _tcp відбувається, лише якщо таких записів не вдасться знайти. У попередніх випусках SSSD цей параметр мав назву «krb5_kdcip». У поточній версії передбачено розпізнавання цієї застарілої назви, але користувачам варто перейти на використання «krb5_server» у файлах налаштувань. krb5_realm (рядок) Вказати область Kerberos (для розпізнавання за SASL/GSSAPI). Типове значення: типове значення системи, див. /etc/krb5.conf krb5_canonicalize (булеве значення) Визначає, чи слід перетворювати реєстраційний запис вузла у канонічну форму під час встановлення з’єднання з сервером LDAP. Цю можливість передбачено з версії MIT Kerberos >= 1.7 Типове значення: false krb5_use_kdcinfo (булеве значення) Визначає, чи слід SSSD вказувати бібліотекам Kerberos, яку область і які значення KDC слід використовувати. Типово, дію параметра увімкнено. Якщо ви вимкнете його, вам слід налаштувати бібліотеку Kerberos за допомогою файла налаштувань krb5.conf 5 . Див. сторінку підручника (man) sssd_krb5_locator_plugin 8 , щоб дізнатися більше про додаток пошуку. Типове значення: true ldap_pwd_policy (рядок) Визначає правил оцінки строку дії пароля на боці клієнта. Можна використовувати такі значення: none — не використовувати перевірки на боці клієнта. У разі використання цього варіанта перевірку на боці сервера вимкнено не буде. shadow — використовувати атрибути у стилі shadow 5 для визначення того, чи чинним є пароль. mit_kerberos — використовувати атрибути MIT Kerberos для визначення завершення строку дії пароля. У разі зміни пароля скористайтеся chpass_provider=krb5 для оновлення цих атрибутів. Типове значення: none Note: if a password policy is configured on server side, it always takes precedence over policy set with this option. ldap_referrals (булеве значення) Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку. Зауважте, що sssd підтримує визначення напрямків, лише якщо систему зібрано з версією OpenLDAP 2.4.13 або новішою версією. Перехід за спрямуваннями може призвести до значних втрат швидкодії у середовищах, де такі спрямування використовуються широко. Прикладом такого середовища може бути Microsoft Active Directory. Якщо у вашому середовищі спрямування не є обов’язковими, встановлення для цього параметра значення «false» може значно пришвидшити роботу. Типове значення: true ldap_dns_service_name (рядок) Визначає назву служби, яку буде використано у разі вмикання визначення служб. Типове значення: ldap ldap_chpass_dns_service_name (рядок) Визначає назву служби, яку буде використано для пошуку сервера LDAP, який уможливлює зміну паролів, у разі вмикання визначення служб. Типове значення: не встановлено, тобто пошук служб вимкнено ldap_chpass_update_last_change (булеве значення) Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change даними щодо кількості днів з часу виконання дії зі зміни пароля. Типове значення: False ldap_access_filter (рядок) If using access_provider = ldap and ldap_access_order = filter (default), this option is mandatory. It specifies an LDAP search filter criteria that must be met for the user to be granted access on this host. If access_provider = ldap, ldap_access_order = filter and this option is not set, it will result in all users being denied access. Use access_provider = permit to change this default behavior. Please note that this filter is applied on the LDAP user entry only. Приклад: access_provider = ldap ldap_access_filter = (employeeType=admin) This example means that access to this host is restricted to users whose employeeType attribute is set to "admin". Автономне кешування для цієї можливості обмежено визначенням того, чи було надано користувачеві під час попередньої спроби увійти до системи з мережі права доступу. Якщо під час останньої спроби увійти такі права було надано, система продовжуватиме надавати права доступу у автономному режимі. Якщо ж таких прав не було надано, у автономному режимі їх також не буде надано. Типове значення: порожній рядок ldap_account_expire_policy (рядок) За допомогою цього параметра може бути увімкнено визначення атрибутів керування доступом на боці клієнта. Будь ласка, зауважте, що завжди варто використовувати керування доступом на боці сервера, тобто сервер LDAP має відмовляти у запитах щодо прив’язування з відповідним кодом помилки, навіть якщо вказано правильний пароль. Можна використовувати такі значення: shadow: це значення ldap_user_shadow_expire допомагає визначити, чи завершено строк дії облікового запису. ad: скористатися значенням 32-бітового поля ldap_user_ad_user_account_control і дозволити доступ, якщо другий біт має нульове значення. Якщо атрибут не буде знайдено, доступ буде дозволено. Також буде перевірено, чи не вичерпано строк дії облікового запису. rhds, ipa, 389ds: використовувати для перевірки доступу значення ldap_ns_account_lock. nds: для перевірки доступу використовувати значення ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled і ldap_user_nds_login_expiration_time. Якщо не буде виявлено жодного з цих атрибутів, надати доступ. Будь ласка, зауважте, що параметр налаштування ldap_access_order має включати expire, щоб можна було користуватися параметром ldap_account_expire_policy. Типове значення: порожній рядок ldap_access_order (рядок) Список відокремлених комами параметрів керування доступом. Можливі значення списку: filter: використовувати ldap_access_filter expire: використовувати ldap_account_expire_policy authorized_service: використовувати для визначення можливості доступу атрибут authorizedService host: за допомогою цього атрибута вузла можна визначити права доступу Типове значення: filter Зауважте, що програма повідомить про помилку, якщо одне значення було використано декілька разів. ldap_deref (рядок) Визначає спосіб виконання розіменовування псевдонімів під час виконання пошуку. Можливі такі варіанти: never: ніколи не виконувати розіменування псевдонімів. searching: розіменування псевдонімів відбувається у межах основного об’єкта, а не на основі визначення місця основного об’єкта пошуку. finding: розіменування псевдонімів відбувається лише під час визначення місця основного об’єкта пошуку. always: розіменування псевдонімів відбувається як під час пошуку, так і під час визначення місця основного об’єкта пошуку. Типове значення: не встановлено (обробка бібліотеками LDAP клієнта за сценарієм never) ldap_rfc2307_fallback_to_local_users (булеве значення) Надає змогу зберігати локальних користувачів як учасників групи LDAP для серверів, у яких використовується схема RFC2307. У деяких середовищах, де використовується схема RFC2307, локальних користувачів можна зробити учасниками груп LDAP додаванням імен цих користувачів до атрибута memberUid. Узгодженість домену може бути скомпрометовано, якщо буде виконано подібне додавання учасника, тому SSSD за звичайних умов вилучає записи користувачів, яких «не вистачає», з кешованих даних щодо участі у групах, щойно nsswitch спробує отримати дані щодо користувачів за допомогою виклику getpw*() або initgroups(). У разі використання цього параметра програма повертається до перевірки посилань на локальних користувачів і кешує їх так, що наступні виклики initgroups() розширюватимуть список локальних користувачів додатковими групами LDAP. Типове значення: false ПАРАМЕТРИ SUDO ldap_sudorule_object_class (рядок) Клас об’єктів запису правила sudo у LDAP. Типове значення: sudoRole ldap_sudorule_name (рядок) Атрибут LDAP, що відповідає назві правила sudo. Типове значення: cn ldap_sudorule_command (рядок) Атрибут LDAP, що відповідає назві команди. Типове значення: sudoCommand ldap_sudorule_host (рядок) Атрибут LDAP, який відповідає назві вузла (або IP-адресі вузла, IP-мережі вузла, мережевій групі вузла) Типове значення: sudoHost ldap_sudorule_user (рядок) Атрибут LDAP, що відповідає назві імені користувача (або UID, назві групи або назві мережевої групи користувача) Типове значення: sudoUser ldap_sudorule_option (рядок) Атрибут LDAP, що відповідає параметрам sudo. Типове значення: sudoOption ldap_sudorule_runasuser (рядок) Атрибут LDAP, що відповідає користувачеві, від імені якого можна виконувати команди. Типове значення: sudoRunAsUser ldap_sudorule_runasgroup (рядок) Атрибут LDAP, що відповідає назві групи або GID, від імені якої можна виконувати команди. Типове значення: sudoRunAsGroup ldap_sudorule_notbefore (рядок) Атрибут LDAP, що відповідає даті і часу набуття чинності правилом sudo. Типове значення: sudoNotBefore ldap_sudorule_notafter (рядок) Атрибут LDAP, що відповідає даті і часу втрати чинності правилом sudo. Типове значення: sudoNotAfter ldap_sudorule_order (рядок) Атрибут LDAP, що відповідає порядковому номеру правила. Типове значення: sudoOrder ldap_sudo_full_refresh_interval (ціле число) Проміжок часу у секундах між послідовними повними оновленнями правил sudo SSSD у автоматичному режимі. Під час таких оновлень буде отримано повний набір правил, що зберігаються на сервері. Це значення має перевищувати значення ldap_sudo_smart_refresh_interval Типове значення: 21600 (6 годин) ldap_sudo_smart_refresh_interval (ціле число) Проміжок часу у секундах між послідовними кмітливими оновленнями правил sudo SSSD у автоматичному режимі. Під час таких оновлень буде отримано всі дані правил, USN яких перевищує найбільше значення USN у кешованих правилах. Якщо підтримки атрибутів USN на сервері не передбачено, буде використано дані атрибута modifyTimestamp. Типове значення: 900 (15 хвилин) ldap_sudo_use_host_filter (булеве значення) Якщо визначено значення true, SSSD отримуватиме лише правила, що стосуються цього комп’ютера (на основі адрес вузла або мережі у форматах IPv4 і IPv6 та назв вузлів). Типове значення: true ldap_sudo_hostnames (рядок) Список назв вузлів або повних доменних назв, відокремлених пробілами, для фільтрування списку правил. Якщо значення цього параметра є порожнім, SSSD намагатиметься визначити назву вузла та повну назву комп’ютера у домені у автоматичному режимі. Якщо для ldap_sudo_use_host_filter встановлено значення false, цей параметр ні на що не впливатиме. Типове значення: не вказано ldap_sudo_ip (рядок) Список адрес вузлів або мереж у форматах IPv4 і IPv6 для фільтрування списку правил. Якщо значення цього параметра є порожнім, SSSD намагатиметься визначити адресу у автоматичному режимі. Якщо для ldap_sudo_use_host_filter встановлено значення false, цей параметр ні на що не впливатиме. Типове значення: не вказано ldap_sudo_include_netgroups (булеве значення) Якщо вказано значення true, SSSD отримуватиме всі правила, що містять мережеву групу (netgroup) у атрибуті sudoHost. Якщо для ldap_sudo_use_host_filter встановлено значення false, цей параметр ні на що не впливатиме. Типове значення: true ldap_sudo_include_regexp (булеве значення) Якщо вказано значення true, SSSD отримуватиме всі правила, що містять шаблон заміни у атрибуті sudoHost. Якщо для ldap_sudo_use_host_filter встановлено значення false, цей параметр ні на що не впливатиме. Типове значення: true На цій сторінці довідника наведено дані щодо відповідності назв атрибутів. Докладний опис семантики атрибутів, пов’язаних з sudo, можна знайти у довідці з sudoers.ldap5 . ПАРАМЕТРИ AUTOFS Будь ласка, зауважте, що типові значення відповідають типовій схемі, яку визначено у RFC2307. ldap_autofs_map_object_class (рядок) Клас об’єктів запису карти автоматичного монтування у LDAP. Типове значення: automountMap ldap_autofs_map_name (рядок) Назва запису карти автоматичного монтування у LDAP. Типове значення: ou ldap_autofs_entry_object_class (рядок) Клас об’єктів запису карти автоматичного монтування у LDAP. Типове значення: automountMap ldap_autofs_entry_key (рядок) Ключ запису автоматичного монтування LDAP. Цей запис зазвичай відповідає точні монтування. Типове значення: cn ldap_autofs_entry_value (рядок) Ключ запису автоматичного монтування LDAP. Цей запис зазвичай відповідає точні монтування. Типове значення: automountInformation ДОДАТКОВІ ПАРАМЕТРИ Підтримку цих параметрів передбачено доменами LDAP, але користуватися ними слід обережно. Будь ласка, використовуйте їх у налаштуваннях, лише якщо вам відомі наслідки ваших дій. ldap_netgroup_search_base (рядок) ldap_user_search_base (рядок) ldap_group_search_base (рядок) ldap_user_search_filter (рядок) За допомогою цього параметра можна визначити додатковий критерій фільтрування LDAP, яким буде обмежено пошук користувачів. Цей параметр вважається застарілим. Варто використовувати синтаксичні конструкції з ldap_user_search_base. Типове значення: not set Приклад: ldap_user_search_filter = (loginShell=/bin/tcsh) За допомогою цього фільтра можна обмежити пошук користувачів, лише тими, для яких встановлено командну оболонку /bin/tcsh. ldap_group_search_filter (рядок) За допомогою цього параметра можна визначити додатковий критерій фільтрування LDAP, яким буде обмежено пошук груп. Цей параметр вважається застарілим. Варто використовувати синтаксичні конструкції з ldap_group_search_base. Типове значення: not set ldap_sudo_search_base (рядок) ldap_autofs_search_base (рядок) ПРИКЛАД У наведеному нижче прикладі припускається, що SSSD налаштовано належним чином, а LDAP встановлено на один з доменів з розділу [domains]. [domain/LDAP] id_provider = ldap auth_provider = ldap ldap_uri = ldap://ldap.mydomain.org ldap_search_base = dc=mydomain,dc=org ldap_tls_reqcert = demand cache_credentials = true ЗАУВАЖЕННЯ Описи деяких з параметрів налаштування на цій сторінці підручника засновано на даних сторінки підручника (man) ldap.conf 5 з пакунка OpenLDAP 2.4. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sssd_krb5_locator_plugin.8.xml0000644000000000000000000000013212320753573023426 xustar000000000000000030 mtime=1396955003.526843853 30 atime=1396955003.526843853 30 ctime=1396955003.526843853 sssd-1.11.5/src/man/uk/sssd_krb5_locator_plugin.8.xml0000664002412700241270000000553512320753573023665 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sssd_krb5_locator_plugin 8 sssd_krb5_locator_plugin файл налаштування SSSD ОПИС The Kerberos locator plugin sssd_krb5_locator_plugin is used by the Kerberos provider of sssd 8 to tell the Kerberos libraries what Realm and which KDC to use. Typically this is done in krb5.conf 5 which is always read by the Kerberos libraries. To simplify the configuration the Realm and the KDC can be defined in sssd.conf 5 as described in sssd-krb5 5 sssd 8 зберігає область і назву або IP-адресу KDC у змінних середовища SSSD_KRB5_REALM і SSSD_KRB5_KDC, відповідно. Якщо програма sssd_krb5_locator_plugin викликається бібліотеками kerberos, ця програма читає і визначає ці змінні і повертає їхні значення бібліотекам. ЗАУВАЖЕННЯ Підтримку використання додатків передбачено не у всіх реалізаціях Kerberos. Якщо у вашій системі немає sssd_krb5_locator_plugin, вам слід внести зміни до /etc/krb5.conf, які відповідатимуть вашій версії Kerberos. Якщо встановлено будь-яке значення змінної середовища SSSD_KRB5_LOCATOR_DEBUG, діагностичні повідомлення надсилатимуться до stderr. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_debuglevel.8.xml0000644000000000000000000000013212320753573021434 xustar000000000000000030 mtime=1396955003.527843852 30 atime=1396955003.527843852 30 ctime=1396955003.527843852 sssd-1.11.5/src/man/uk/sss_debuglevel.8.xml0000664002412700241270000000520612320753573021666 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_debuglevel 8 sss_debuglevel змінити рівень діагностики протягом сеансу роботи з SSSD sss_debuglevel options НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ ОПИС sss_debuglevel змінює рівень діагностики засобу спостереження та надавачів даних SSSD на вказане значення НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ під час роботи SSSD. ПАРАМЕТРИ , Визначити нетиповий файл налаштувань. Типовим файлом налаштувань є /etc/sssd/sssd.conf. Довідку щодо синтаксису та параметрів файла налаштувань можна знайти на сторінці довідника (man) sssd.conf 5 . НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_groupshow.8.xml0000644000000000000000000000013212320753573021353 xustar000000000000000030 mtime=1396955003.527843852 30 atime=1396955003.527843852 30 ctime=1396955003.527843852 sssd-1.11.5/src/man/uk/sss_groupshow.8.xml0000664002412700241270000000473712320753573021615 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_groupshow 8 sss_groupshow показ параметрів групи sss_groupshow параметри ГРУПА ОПИС sss_groupshow показує дані щодо групи, вказаної за назвою, ГРУПА. Серед даних буде ідентифікаційний номер групи, кількість учасників групи та назва батьківської групи. ПАРАМЕТРИ , Вивести також список непрямих учасників групи у форматі деревоподібної ієрархії. Зауважте, що використання параметра також вплине на виведення батьківських груп: без буде виведено список лише безпосередніх батьківських груп. sssd-1.11.5/src/man/uk/PaxHeaders.13173/sss_groupadd.8.xml0000644000000000000000000000013212320753573021123 xustar000000000000000030 mtime=1396955003.527843852 30 atime=1396955003.527843852 30 ctime=1396955003.527843852 sssd-1.11.5/src/man/uk/sss_groupadd.8.xml0000664002412700241270000000437412320753573021362 0ustar00jhrozekjhrozek00000000000000 Сторінки підручника SSSD sss_groupadd 8 sss_groupadd створення нової групи sss_groupadd параметри ГРУПА ОПИС sss_groupadd створює групу. Такі групи є сумісними з групами POSIX. Додатковою можливістю цих груп є те, що учасниками можуть бути інші групи. ПАРАМЕТРИ , GID Встановити для параметра ідентифікатора групи (GID) значення GID. Якщо таке значення не буде вказано, програма вибере його автоматично. sssd-1.11.5/src/man/PaxHeaders.13173/sssd-ad.5.xml0000644000000000000000000000007412320753107017340 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.605874248 sssd-1.11.5/src/man/sssd-ad.5.xml0000664002412700241270000004504312320753107017570 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sssd-ad 5 File Formats and Conventions sssd-ad the configuration file for SSSD DESCRIPTION This manual page describes the configuration of the AD provider for sssd 8 . For a detailed syntax reference, refer to the FILE FORMAT section of the sssd.conf 5 manual page. The AD provider is a back end used to connect to an Active Directory server. This provider requires that the machine be joined to the AD domain and a keytab is available. The AD provider supports connecting to Active Directory 2008 R2 or later. Earlier versions may work, but are unsupported. The AD provider is able to provide identity information and authentication for entities from trusted domains as well. Currently only trusted domains in the same forest are recognized. The AD provider accepts the same options used by the sssd-ldap 5 identity provider and the sssd-krb5 5 authentication provider with some exceptions described below. However, it is neither necessary nor recommended to set these options. The AD provider can also be used as an access, chpass and sudo provider. No configuration of the access provider is required on the client side. By default, the AD provider will map UID and GID values from the objectSID parameter in Active Directory. For details on this, see the ID MAPPING section below. If you want to disable ID mapping and instead rely on POSIX attributes defined in Active Directory, you should set ldap_id_mapping = False In order to retrieve users and groups using POSIX attributes from trusted domains, the AD administrator must make sure that the POSIX attributes are replicated to the Global Catalog. Users, groups and other entities served by SSSD are always treated as case-insensitive in the AD provider for compatibility with Active Directory's LDAP implementation. CONFIGURATION OPTIONS Refer to the section DOMAIN SECTIONS of the sssd.conf 5 manual page for details on the configuration of an SSSD domain. ad_domain (string) Specifies the name of the Active Directory domain. This is optional. If not provided, the configuration domain name is used. For proper operation, this option should be specified as the lower-case version of the long version of the Active Directory domain. The short domain name (also known as the NetBIOS or the flat name) is autodetected by the SSSD. ad_server, ad_backup_server (string) The comma-separated list of hostnames of the AD servers to which SSSD should connect in order of preference. For more information on failover and server redundancy, see the FAILOVER section. This is optional if autodiscovery is enabled. For more information on service discovery, refer to the SERVICE DISCOVERY section. ad_hostname (string) Optional. May be set on machines where the hostname(5) does not reflect the fully qualified name used in the Active Directory domain to identify this host. This field is used to determine the host principal in use in the keytab. It must match the hostname for which the keytab was issued. ad_enable_dns_sites (boolean) Enables DNS sites - location based service discovery. If true and service discovery (see Service Discovery paragraph at the bottom of the man page) is enabled, the SSSD will first attempt to discover the Active Directory server to connect to using the Active Directory Site Discovery and fall back to the DNS SRV records if no AD site is found. The DNS SRV configuration, including the discovery domain, is used during site discovery as well. Default: true ad_access_filter (boolean) This option specifies LDAP access control filter that the user must match in order to be allowed access. Please note that the access_provider option must be explicitly set to ad in order for this option to have an effect. The option also supports specifying different filters per domain or forest. This extended filter would consist of: KEYWORD:NAME:FILTER. The keyword can be either DOM, FOREST or missing. If the keyword equals to DOM or is missing, then NAME specifies the domain or subdomain the filter applies to. If the keyword equals to FOREST, then the filter equals to all domains from the forest specified by NAME. Multiple filters can be separated with the ? character, similarly to how search bases work. The most specific match is always used. For example, if the option specified filter for a domain the user is a member of and a global filter, the per-domain filter would be applied. If there are more matches with the same specification, the first one is used. Examples: # apply filter on domain called dom1 only: dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com) # apply filter on domain called dom2 only: DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com) # apply filter on forest called EXAMPLE.COM only: FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) Default: Not set ad_enable_gc (boolean) By default, the SSSD connects to the Global Catalog first to retrieve users from trusted domains and uses the LDAP port to retrieve group memberships or as a fallback. Disabling this option makes the SSSD only connect to the LDAP port of the current AD server. Please note that disabling Global Catalog support does not disable retrieving users from trusted domains. The SSSD would connect to the LDAP port of trusted domains instead. However, Global Catalog must be used in order to resolve cross-domain group memberships. Default: true dyndns_update (boolean) Optional. This option tells SSSD to automatically update the Active Directory DNS server with the IP address of this client. The update is secured using GSS-TSIG. As a consequence, the Active Directory administrator only needs to allow secure updates for the DNS zone. The IP address of the AD LDAP connection is used for the updates, if it is not otherwise specified by using the dyndns_iface option. NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, the default Kerberos realm must be set properly in /etc/krb5.conf Default: true dyndns_ttl (integer) The TTL to apply to the client DNS record when updating it. If dyndns_update is false this has no effect. This will override the TTL serverside if set by an administrator. Default: 3600 (seconds) dyndns_iface (string) Optional. Applicable only when dyndns_update is true. Choose the interface whose IP address should be used for dynamic DNS updates. Default: Use the IP address of the AD LDAP connection dyndns_refresh_interval (integer) How often should the back end perform periodic DNS update in addition to the automatic update performed when the back end goes online. This option is optional and applicable only when dyndns_update is true. Default: 86400 (24 hours) dyndns_update_ptr (bool) Whether the PTR record should also be explicitly updated when updating the client's DNS records. Applicable only when dyndns_update is true. Default: True dyndns_force_tcp (bool) Whether the nsupdate utility should default to using TCP for communicating with the DNS server. Default: False (let nsupdate choose the protocol) krb5_use_enterprise_principal (boolean) Specifies if the user principal should be treated as enterprise principal. See section 5 of RFC 6806 for more details about enterprise principals. Default: true Note that this default differs from the traditional Kerberos provider back end. EXAMPLE The following example assumes that SSSD is correctly configured and example.com is one of the domains in the [sssd] section. This example shows only the AD provider-specific options. [domain/EXAMPLE] id_provider = ad auth_provider = ad access_provider = ad chpass_provider = ad ad_server = dc1.example.com ad_hostname = client.example.com ad_domain = example.com NOTES The AD access control provider checks if the account is expired. It has the same effect as the following configuration of the LDAP provider: access_provider = ldap ldap_access_order = expire ldap_account_expire_policy = ad However, unless the ad access control provider is explicitly configured, the default access provider is permit. sssd-1.11.5/src/man/PaxHeaders.13173/pt0000644000000000000000000000013012320753573015463 xustar000000000000000029 mtime=1396955003.51784386 30 atime=1396955003.534843847 29 ctime=1396955003.51784386 sssd-1.11.5/src/man/pt/0000775002412700241270000000000012320753573015771 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/pt/PaxHeaders.13173/sss_groupmod.8.xml0000644000000000000000000000012712320753573021162 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/sss_groupmod.8.xml0000664002412700241270000000467112320753573021415 0ustar00jhrozekjhrozek00000000000000 Páginas de Manual de SSSD sss_groupmod 8 sss_groupmod modificar um grupo sss_groupmod Opções grupo DESCRIÇÃO sss_groupmod modifica o grupo para refletir as alterações que são especificadas na linha de comando. Opções , GROUPS Acrescente este grupo para grupos especificados pelo parâmetro de GROUPS. O parâmetro de GROUPS é uma lista separada por vírgulas de nomes de grupo. , GROUPS Remova este grupo de grupos especificados pelo parâmetro de GROUPS. sssd-1.11.5/src/man/pt/PaxHeaders.13173/include0000644000000000000000000000013012320753573017106 xustar000000000000000029 mtime=1396955003.51684386 30 atime=1396955003.534843847 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/0000755002412700241270000000000012320753573017412 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000012712320753573023335 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/ldap_search_bases.xml0000664002412700241270000000165112320753573023563 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000012712320753573022023 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/param_help.xml0000664002412700241270000000032512320753573022246 0ustar00jhrozekjhrozek00000000000000 , Exibe a mensagem de ajuda e sai. sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/failover.xml0000644000000000000000000000012712320753573021522 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/failover.xml0000664002412700241270000000425312320753573021751 0ustar00jhrozekjhrozek00000000000000 FAILOVER The failover feature allows back ends to automatically switch to a different server if the current server fails. Failover Syntax The list of servers is given as a comma-separated list; any number of spaces is allowed around the comma. The servers are listed in order of preference. The list can contain any number of servers. For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. The Failover Mechanism The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other service. If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service. The machine is still considered online and might still be tried for another service. Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded to 30 seconds. If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds. sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000012712320753573022353 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/debug_levels.xml0000664002412700241270000000506612320753573022605 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Currently supported debug levels: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: To log fatal failures, critical failures, serious failures and function data use 0x0270. Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000012712320753573021346 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/seealso.xml0000664002412700241270000000470312320753573021575 0ustar00jhrozekjhrozek00000000000000 VER TAMBÉM sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000012712320753573021553 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/upstream.xml0000664002412700241270000000020212320753573021770 0ustar00jhrozekjhrozek00000000000000 SSSD The SSSD upstream - http://fedorahosted.org/sssd sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000012712320753573022533 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/param_help_py.xml0000664002412700241270000000032512320753573022756 0ustar00jhrozekjhrozek00000000000000 , Exibe a mensagem de ajuda e sai. sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000012712320753573022760 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/autofs_restart.xml0000664002412700241270000000035312320753573023204 0ustar00jhrozekjhrozek00000000000000 Please note that the automounter only reads the master map on startup, so if any autofs-related changes are made to the sssd.conf, you typically also need to restart the automounter daemon after restarting the SSSD. sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000012712320753573022410 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/experimental.xml0000664002412700241270000000016712320753573022637 0ustar00jhrozekjhrozek00000000000000 This is an experimental feature, please use http://fedorahosted.org/sssd to report any issues. sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000012712320753573023022 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/ldap_id_mapping.xml0000664002412700241270000002230012320753573023242 0ustar00jhrozekjhrozek00000000000000 ID MAPPING The ID-mapping feature allows SSSD to act as a client of Active Directory without requiring administrators to extend user attributes to support POSIX attributes for user and group identifiers. NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are ignored. This is to avoid the possibility of conflicts between automatically-assigned and manually-assigned values. If you need to use manually-assigned values, ALL values must be manually-assigned. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Mapping Algorithm Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object. The SSSD ID-mapping algorithm takes a range of available UIDs and divides it into equally-sized component sections - called "slices"-. Each slice represents the space available to an Active Directory domain. When a user or group entry for a particular domain is encountered for the first time, the SSSD allocates one of the available slices for that domain. In order to make this slice-assignment repeatable on different client machines, we select the slice based on the following algorithm: The SID string is passed through the murmurhash3 algorithm to convert it to a 32-bit hashed value. We then take the modulus of this value with the total number of available slices to pick the slice. NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice). In this situation, it is recommended to either switch to using explicit POSIX attributes in Active Directory (disabling ID-mapping) or configure a default domain to guarantee that at least one is always consistent. See Configuration for details. Configuração Minimum configuration (in the [domain/DOMAINNAME] section): ldap_id_mapping = True ldap_schema = ad The default configuration results in configuring 10,000 slices, each capable of holding up to 200,000 IDs, starting from 10,001 and going up to 2,000,100,000. This should be sufficient for most deployments. Advanced Configuration ldap_idmap_range_min (integer) Specifies the lower bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from min_id in that min_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have min_id be less-than or equal to ldap_idmap_range_min Default: 200000 ldap_idmap_range_max (integer) Specifies the upper bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from max_id in that max_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have max_id be greater-than or equal to ldap_idmap_range_max Default: 2000200000 ldap_idmap_range_size (integer) Specifies the number of IDs available for each slice. If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can. Default: 200000 ldap_idmap_default_domain_sid (string) Specify the domain SID of the default domain. This will guarantee that this domain will always be assigned to slice zero in the ID map, bypassing the murmurhash algorithm described above. Default: not set ldap_idmap_default_domain (string) Specify the name of the default domain. Default: not set ldap_idmap_autorid_compat (boolean) Changes the behavior of the ID-mapping algorithm to behave more similarly to winbind's idmap_autorid algorithm. When this option is configured, domains will be allocated starting with slice zero and increasing monatomically with each additional domain. NOTE: This algorithm is non-deterministic (it depends on the order that users and groups are requested). If this mode is required for compatibility with machines running winbind, it is recommended to also use the ldap_idmap_default_domain_sid option to guarantee that at least one domain is consistently allocated to slice zero. Default: False sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000012712320753573026112 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/ldap_search_bases_experimental.xml0000664002412700241270000000203612320753573026336 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000012712320753573023442 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/service_discovery.xml0000664002412700241270000000324312320753573023667 0ustar00jhrozekjhrozek00000000000000 DESCOBERTA DE SERVIÇOS The service discovery feature allows back ends to automatically find the appropriate servers to connect to using a special DNS query. This feature is not supported for backup servers. Configuração If no servers are specified, the back end automatically uses service discovery to try to find a server. Optionally, the user may choose to use both fixed server addresses and service discovery by inserting a special keyword, _srv_, in the list of servers. The order of preference is maintained. This feature is useful if, for example, the user prefers to use service discovery whenever possible, and fall back to a specific server when no servers can be discovered using DNS. O nome de domínio Please refer to the dns_discovery_domain parameter in the sssd.conf 5 manual page for more details. O protocolo The queries usually specify _tcp as the protocol. Exceptions are documented in respective option description. Ver também For more information on the service discovery mechanism, refer to RFC 2782. sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/local.xml0000644000000000000000000000012712320753573021005 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/local.xml0000664002412700241270000000134512320753573021233 0ustar00jhrozekjhrozek00000000000000 THE LOCAL DOMAIN In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd 8 ) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. sssd-1.11.5/src/man/pt/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000012712320753573023241 xustar000000000000000029 mtime=1396955003.51684386 29 atime=1396955003.51684386 29 ctime=1396955003.51684386 sssd-1.11.5/src/man/pt/include/override_homedir.xml0000664002412700241270000000317212320753573023467 0ustar00jhrozekjhrozek00000000000000 override_homedir (string) Override the user's home directory. You can either provide an absolute value or a template. In the template, the following sequences are substituted: %u nome de login %U Número UID %d nome de domínio %f nome totalmente qualificado do utilizador (utilizador@domínio) %o The original home directory retrieved from the identity provider. %% um literal '%' This option can also be set per-domain. example: override_homedir = /home/%u Default: Not set (SSSD will use the value retrieved from LDAP) sssd-1.11.5/src/man/pt/PaxHeaders.13173/sss_groupdel.8.xml0000644000000000000000000000012712320753573021147 xustar000000000000000029 mtime=1396955003.51784386 29 atime=1396955003.51784386 29 ctime=1396955003.51784386 sssd-1.11.5/src/man/pt/sss_groupdel.8.xml0000664002412700241270000000273012320753573021374 0ustar00jhrozekjhrozek00000000000000 Páginas de Manual de SSSD sss_groupdel 8 sss_groupdel excluir um grupo sss_groupdel options GROUP DESCRIÇÃO sss_groupdel deletes a group identified by its name GROUP from the system. Opções sssd-1.11.5/src/man/PaxHeaders.13173/Makefile.in0000644000000000000000000000013212320753510017153 xustar000000000000000030 mtime=1396954952.467881726 30 atime=1396954960.352875912 30 ctime=1396954962.601874251 sssd-1.11.5/src/man/Makefile.in0000664002412700241270000007232712320753510017415 0ustar00jhrozekjhrozek00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_PROFILE_CATALOGS_TRUE@am__append_1 = --stringparam profile.condition "$(CONDS)" @BUILD_SSH_TRUE@am__append_2 = sss_ssh_authorizedkeys.1 sss_ssh_knownhostsproxy.1 @BUILD_SUDO_TRUE@am__append_3 = sssd-sudo.5 subdir = src/man DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/build/mkinstalldirs ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ $(top_srcdir)/version.m4 $(top_srcdir)/src/build_macros.m4 \ $(top_srcdir)/src/external/platform.m4 \ $(top_srcdir)/src/conf_macros.m4 \ $(top_srcdir)/src/external/pkg.m4 \ $(top_srcdir)/src/external/libpopt.m4 \ $(top_srcdir)/src/external/libtalloc.m4 \ $(top_srcdir)/src/external/libtdb.m4 \ $(top_srcdir)/src/external/libtevent.m4 \ $(top_srcdir)/src/external/libldb.m4 \ $(top_srcdir)/src/external/libdhash.m4 \ $(top_srcdir)/src/external/libcollection.m4 \ $(top_srcdir)/src/external/libini_config.m4 \ $(top_srcdir)/src/external/pam.m4 \ $(top_srcdir)/src/external/ldap.m4 \ $(top_srcdir)/src/external/libpcre.m4 \ $(top_srcdir)/src/external/krb5.m4 \ $(top_srcdir)/src/external/libcares.m4 \ $(top_srcdir)/src/external/libcmocka.m4 \ $(top_srcdir)/src/external/docbook.m4 \ $(top_srcdir)/src/external/sizes.m4 \ $(top_srcdir)/src/external/python.m4 \ $(top_srcdir)/src/external/selinux.m4 \ $(top_srcdir)/src/external/crypto.m4 \ $(top_srcdir)/src/external/nscd.m4 \ $(top_srcdir)/src/external/nsupdate.m4 \ $(top_srcdir)/src/external/libkeyutils.m4 \ $(top_srcdir)/src/external/libnl.m4 \ $(top_srcdir)/src/external/systemd.m4 \ $(top_srcdir)/src/external/pac_responder.m4 \ $(top_srcdir)/src/external/signal.m4 \ $(top_srcdir)/src/external/inotify.m4 \ $(top_srcdir)/src/external/libndr_nbt.m4 \ $(top_srcdir)/src/external/libunistring.m4 \ $(top_srcdir)/src/external/glib.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } man1dir = $(mandir)/man1 am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ CARES_CFLAGS = @CARES_CFLAGS@ CARES_LIBS = @CARES_LIBS@ CARES_OBJ = @CARES_OBJ@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CHECK_CFLAGS = @CHECK_CFLAGS@ CHECK_LIBS = @CHECK_LIBS@ CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ CMOCKA_LIBS = @CMOCKA_LIBS@ COLLECTION_CFLAGS = @COLLECTION_CFLAGS@ COLLECTION_LIBS = @COLLECTION_LIBS@ COLLECTION_OBJ = @COLLECTION_OBJ@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ CRYPTO_LIBS = @CRYPTO_LIBS@ CYGPATH_W = @CYGPATH_W@ DBUS_CFLAGS = @DBUS_CFLAGS@ DBUS_LIBS = @DBUS_LIBS@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DHASH_CFLAGS = @DHASH_CFLAGS@ DHASH_LIBS = @DHASH_LIBS@ DHASH_OBJ = @DHASH_OBJ@ DLLTOOL = @DLLTOOL@ DOCBOOK_XSLT = @DOCBOOK_XSLT@ DOXYGEN = @DOXYGEN@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GLIB2_CFLAGS = @GLIB2_CFLAGS@ GLIB2_LIBS = @GLIB2_LIBS@ GMSGFMT = @GMSGFMT@ GREP = @GREP@ HAVE_MANPAGES = @HAVE_MANPAGES@ HAVE_PYTHON_BINDINGS = @HAVE_PYTHON_BINDINGS@ HAVE_SELINUX = @HAVE_SELINUX@ HAVE_SEMANAGE = @HAVE_SEMANAGE@ HAVE_SYSTEMD = @HAVE_SYSTEMD@ INI_CONFIG_CFLAGS = @INI_CONFIG_CFLAGS@ INI_CONFIG_LIBS = @INI_CONFIG_LIBS@ INI_CONFIG_OBJ = @INI_CONFIG_OBJ@ INOTIFY_LIBS = @INOTIFY_LIBS@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ KEYUTILS_LIBS = @KEYUTILS_LIBS@ KRB5_CFLAGS = @KRB5_CFLAGS@ KRB5_CONFIG = @KRB5_CONFIG@ KRB5_LIBS = @KRB5_LIBS@ LD = @LD@ LDB_CFLAGS = @LDB_CFLAGS@ LDB_LIBS = @LDB_LIBS@ LDB_OBJ = @LDB_OBJ@ LDFLAGS = @LDFLAGS@ LIBADD_DL = @LIBADD_DL@ LIBADD_DLD_LINK = @LIBADD_DLD_LINK@ LIBADD_DLOPEN = @LIBADD_DLOPEN@ LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBNL_CFLAGS = @LIBNL_CFLAGS@ LIBNL_LIBS = @LIBNL_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ LT_DLLOADERS = @LT_DLLOADERS@ LT_DLPREOPEN = @LT_DLPREOPEN@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MKINSTALLDIRS = @MKINSTALLDIRS@ MSGFMT = @MSGFMT@ MSGMERGE = @MSGMERGE@ NDR_KRB5PAC_CFLAGS = @NDR_KRB5PAC_CFLAGS@ NDR_KRB5PAC_LIBS = @NDR_KRB5PAC_LIBS@ NDR_NBT_CFLAGS = @NDR_NBT_CFLAGS@ NDR_NBT_LIBS = @NDR_NBT_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ NSCD = @NSCD@ NSCD_PATH = @NSCD_PATH@ NSS_CFLAGS = @NSS_CFLAGS@ NSS_LIBS = @NSS_LIBS@ NSUPDATE = @NSUPDATE@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENLDAP_CFLAGS = @OPENLDAP_CFLAGS@ OPENLDAP_LIBS = @OPENLDAP_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_LIBS = @PAM_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PCRE_CFLAGS = @PCRE_CFLAGS@ PCRE_LIBS = @PCRE_LIBS@ PCRE_OBJ = @PCRE_OBJ@ PKG_CONFIG = @PKG_CONFIG@ ######################## # MANPAGE TRANSLATIONS # ######################## PO4A = @PO4A@ POPT_CFLAGS = @POPT_CFLAGS@ POPT_LIBS = @POPT_LIBS@ POPT_OBJ = @POPT_OBJ@ POSUB = @POSUB@ PRERELEASE_VERSION = @PRERELEASE_VERSION@ PYTHON = @PYTHON@ PYTHON_CFLAGS = @PYTHON_CFLAGS@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_INCLUDES = @PYTHON_INCLUDES@ PYTHON_LIBS = @PYTHON_LIBS@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ SED = @SED@ SELINUX_LIBS = @SELINUX_LIBS@ SEMANAGE_LIBS = @SEMANAGE_LIBS@ SET_MAKE = @SET_MAKE@ SGML_CATALOG_FILES = @SGML_CATALOG_FILES@ SHELL = @SHELL@ STRIP = @STRIP@ TALLOC_CFLAGS = @TALLOC_CFLAGS@ TALLOC_LIBS = @TALLOC_LIBS@ TALLOC_OBJ = @TALLOC_OBJ@ TDB_CFLAGS = @TDB_CFLAGS@ TDB_LIBS = @TDB_LIBS@ TDB_OBJ = @TDB_OBJ@ TEST_DIR = @TEST_DIR@ TEVENT_CFLAGS = @TEVENT_CFLAGS@ TEVENT_LIBS = @TEVENT_LIBS@ TEVENT_OBJ = @TEVENT_OBJ@ UNICODE_LIBS = @UNICODE_LIBS@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XMLLINT = @XMLLINT@ XSLTPROC = @XSLTPROC@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ appmodpath = @appmodpath@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ config_def_ccache_dir = @config_def_ccache_dir@ config_def_ccname_template = @config_def_ccname_template@ datadir = @datadir@ datarootdir = @datarootdir@ dbpath = @dbpath@ docdir = @docdir@ dvidir = @dvidir@ environment_file = @environment_file@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ initdir = @initdir@ install_sh = @install_sh@ krb5authdatapluginpath = @krb5authdatapluginpath@ krb5pluginpath = @krb5pluginpath@ krb5rcachedir = @krb5rcachedir@ ldblibdir = @ldblibdir@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ logpath = @logpath@ mandir = @mandir@ mcpath = @mcpath@ mkdir_p = @mkdir_p@ nsslibdir = @nsslibdir@ oldincludedir = @oldincludedir@ pammoddir = @pammoddir@ pdfdir = @pdfdir@ pidpath = @pidpath@ pipepath = @pipepath@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ pluginpath = @pluginpath@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pubconfpath = @pubconfpath@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedbuilddir = @sharedbuilddir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sudolibpath = @sudolibpath@ sysconfdir = @sysconfdir@ systemdunitdir = @systemdunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ # The following variable is dependent on placement of this file top_builddir = ../.. top_srcdir = @top_srcdir@ ############ # MANPAGES # ############ # If no conditions are given, *all* conditionals are expanded. We don't want # to include any conditions by default, so we need to pass a phony conditional # conditionals are delimeted with a semicolon @BUILD_SUDO_TRUE@SUDO_CONDS = ;with_sudo @BUILD_AUTOFS_TRUE@AUTOFS_CONDS = ;with_autofs @BUILD_SSH_TRUE@SSH_CONDS = ;with_ssh @BUILD_PAC_RESPONDER_TRUE@PAC_RESPONDER_CONDS = ;with_pac_responder CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS) XMLLINT_FLAGS = --catalogs --postvalid --nonet --xinclude --noout XSLTPROC_FLAGS = --catalogs --xinclude --nonet $(am__append_1) EXTRA_DIST = $(wildcard $(srcdir)/*.xml) $(wildcard \ $(srcdir)/include/*.xml) $(POTFILE) $(PO4A_CONFIG) man_MANS = sss_useradd.8 sss_userdel.8 sss_usermod.8 sss_groupadd.8 \ sss_groupdel.8 sss_groupmod.8 sssd.8 sssd.conf.5 sssd-ldap.5 \ sssd-krb5.5 sssd-ipa.5 sssd-simple.5 sssd-ad.5 \ sssd_krb5_locator_plugin.8 sss_groupshow.8 pam_sss.8 \ sss_obfuscate.8 sss_cache.8 sss_debuglevel.8 sss_seed.8 \ $(am__append_2) $(am__append_3) SUFFIXES = .1.xml .1 .3.xml .3 .5.xml .5 .8.xml .8 PACKAGE_DOC = sssd-docs POTFILE = po/$(PACKAGE_DOC).pot PO4A_CONFIG = po/po4a.cfg # Extract the list of languages from the po4a config file. LINGUAS_DIST = `$(SED) -ne 's/^.*\[po4a_langs\] \(.*\)$$/\1/p' $(srcdir)/$(PO4A_CONFIG)` PO4A_COMMON_OPTS = --option doctype=docbook \ --package-name $(PACKAGE_DOC) \ --variable builddir=$(CURDIR) \ --package-version $(PACKAGE_VERSION) \ --msgid-bugs-address sssd-devel@redhat.com \ --copyright-holder "Red Hat" PO4A_BUILD_OPTS = $(PO4A_COMMON_OPTS) --no-backups XML_DOC = $(wildcard $(srcdir)/*.xml) $(wildcard $(srcdir)/include/*.xml) @HAVE_PO4A_TRUE@CFG_PAGES = $(addprefix $(srcdir)/, $(shell grep '\[type:docbook\]' $(PO4A_CONFIG) | awk '{print $$2}' | tr '\n' ' ')) @HAVE_PO4A_TRUE@NONTRANSLATED_PAGES = $(filter-out $(CFG_PAGES), $(XML_DOC)) all: all-am .SUFFIXES: .SUFFIXES: .1.xml .1 .3.xml .3 .5.xml .5 .8.xml .8 $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/man/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/man/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man1: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man1dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.1[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ done; } uninstall-man1: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man1dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.1[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) install-man5: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man5dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.5[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) install-man8: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man8dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.8[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: @HAVE_PO4A_FALSE@dist-hook: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$(top_distdir)" distdir="$(distdir)" \ dist-hook check-am: all-am check: check-am all-am: Makefile $(MANS) all-local installdirs: for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic distclean-local dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-data-local install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man1 install-man5 install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic \ maintainer-clean-local mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool \ mostlyclean-local pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-local uninstall-man uninstall-man: uninstall-man1 uninstall-man5 uninstall-man8 .MAKE: install-am install-strip .PHONY: all all-am all-local check check-am clean clean-generic \ clean-libtool clean-local cscopelist-am ctags-am dist-hook \ distclean distclean-generic distclean-libtool distclean-local \ distdir dvi dvi-am html html-am info info-am install \ install-am install-data install-data-am install-data-local \ install-dvi install-dvi-am install-exec install-exec-am \ install-html install-html-am install-info install-info-am \ install-man install-man1 install-man5 install-man8 install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic maintainer-clean-local mostlyclean \ mostlyclean-generic mostlyclean-libtool mostlyclean-local pdf \ pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-local \ uninstall-man uninstall-man1 uninstall-man5 uninstall-man8 #Special Rules: export SGML_CATALOG_FILES DOCBOOK_XSLT ?= http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl .1.xml.1: $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< .3.xml.3: $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< .5.xml.5: $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< .8.xml.8: $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< # If the user has not defined it let's use the default. LINGUAS ?= $(LINGUAS_DIST) # FIXME: Use a stamp file until po4a supports them internally. @HAVE_PO4A_TRUE@man.stamp: $(XML_DOC) $(POTFILE) $(PO4A_CONFIG) @HAVE_PO4A_TRUE@ cd $(srcdir) && \ @HAVE_PO4A_TRUE@ $(PO4A) $(PO4A_BUILD_OPTS) $(PO4A_CONFIG) @HAVE_PO4A_TRUE@ touch $@ @HAVE_PO4A_TRUE@update-po: @HAVE_PO4A_TRUE@ @if test x"$(NONTRANSLATED_PAGES)" != "x"; then \ @HAVE_PO4A_TRUE@ echo "The following pages are not translated" $(NONTRANSLATED_PAGES); \ @HAVE_PO4A_TRUE@ exit 1; \ @HAVE_PO4A_TRUE@ fi @HAVE_PO4A_TRUE@ cd $(srcdir) && \ @HAVE_PO4A_TRUE@ $(PO4A) $(PO4A_BUILD_OPTS) --force $(PO4A_CONFIG) @HAVE_PO4A_TRUE@dist-hook: man.stamp @HAVE_PO4A_TRUE@ if [ -f man.stamp ]; then \ @HAVE_PO4A_TRUE@ cp man.stamp $(distdir); \ @HAVE_PO4A_TRUE@ for lang in $(LINGUAS_DIST); do \ @HAVE_PO4A_TRUE@ cp $(srcdir)/po/$$lang.po $(distdir)/po; \ @HAVE_PO4A_TRUE@ $(mkdir_p) $(distdir)/$$lang; \ @HAVE_PO4A_TRUE@ cp -r $(builddir)/$$lang $(distdir)/; \ @HAVE_PO4A_TRUE@ done; \ @HAVE_PO4A_TRUE@ else \ @HAVE_PO4A_TRUE@ cp $(srcdir)/man.stamp $(distdir); \ @HAVE_PO4A_TRUE@ for lang in $(LINGUAS_DIST); do \ @HAVE_PO4A_TRUE@ cp $(srcdir)/po/$$lang.po $(distdir)/po; \ @HAVE_PO4A_TRUE@ $(mkdir_p) $(distdir)/$$lang; \ @HAVE_PO4A_TRUE@ cp -r $(srcdir)/$$lang $(distdir)/; \ @HAVE_PO4A_TRUE@ done; \ @HAVE_PO4A_TRUE@ fi @HAVE_PO4A_TRUE@clean-local-no: @HAVE_PO4A_TRUE@clean-local-yes: @HAVE_PO4A_TRUE@ for lang in $(LINGUAS); do \ @HAVE_PO4A_TRUE@ if [ -d $$lang ]; then \ @HAVE_PO4A_TRUE@ rm -rf $$lang; \ @HAVE_PO4A_TRUE@ fi \ @HAVE_PO4A_TRUE@ done @HAVE_PO4A_TRUE@ rm -f $(man_MANS) @HAVE_PO4A_TRUE@ rm -f man.stamp @HAVE_PO4A_FALSE@man.stamp: $(XML_DOC) @HAVE_PO4A_FALSE@ touch $@ @HAVE_PO4A_FALSE@clean-local-no: @HAVE_PO4A_FALSE@clean-local-yes: @HAVE_PO4A_FALSE@ rm -f $(man_MANS) @HAVE_PO4A_FALSE@ rm -f man.stamp clean-local: clean-local-@USE_NLS@ distclean-local: clean-local-@USE_NLS@ mostlyclean-local: clean-local-@USE_NLS@ maintainer-clean-local: clean-local-@USE_NLS@ # Generate translated manual pages all-local: all-local-@USE_NLS@ all-local-no: all-local-yes: man.stamp if [ -z $$recursion ]; then \ for lang in $(LINGUAS); do \ if [ -d $$lang ]; then \ sources=$$(ls -1 $$lang/*.xml); \ manpages=$$(echo $$sources | $(SED) 's/\.xml//g'); \ $(MAKE) recursion=1 man_MANS="$$manpages"; \ fi \ done \ fi install-data-local: install-data-local-@USE_NLS@ install-data-local-no: install-data-local-yes: for lang in $(LINGUAS); do \ if [ -d $$lang ]; then \ sources=$$(ls -1 $$lang/*.xml); \ manpages=$$(echo $$sources | $(SED) 's/\.xml//g'); \ $(MAKE) install-man \ mandir="$(mandir)/$$lang" \ man_MANS="$$manpages"; \ fi \ done uninstall-local: uninstall-local-@USE_NLS@ uninstall-local-no: uninstall-local-yes: for lang in $(LINGUAS); do \ if [ -d $$lang ]; then \ sources=$$(ls -1 $$lang/*.xml); \ manpages=$$(echo $$sources | $(SED) 's/\.xml//g'); \ $(MAKE) uninstall-man \ mandir="$(mandir)/$$lang" \ man_MANS="$$manpages"; \ fi \ done # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: sssd-1.11.5/src/man/PaxHeaders.13173/sss_cache.8.xml0000644000000000000000000000007412320753107017740 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.609874245 sssd-1.11.5/src/man/sss_cache.8.xml0000664002412700241270000001440212320753107020163 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_cache 8 sss_cache perform cache cleanup sss_cache options DESCRIPTION sss_cache invalidates records in SSSD cache. Invalidated records are forced to be reloaded from server as soon as related SSSD backend is online. OPTIONS , Invalidate all cached entries except for sudo rules. , login Invalidate specific user. , Invalidate all user records. This option overrides invalidation of specific user if it was also set. , group Invalidate specific group. , Invalidate all group records. This option overrides invalidation of specific group if it was also set. , netgroup Invalidate specific netgroup. , Invalidate all netgroup records. This option overrides invalidation of specific netgroup if it was also set. , service Invalidate specific service. , Invalidate all service records. This option overrides invalidation of specific service if it was also set. , autofs-map Invalidate specific autofs maps. , Invalidate all autofs maps. This option overrides invalidation of specific map if it was also set. , domain Restrict invalidation process only to a particular domain. sssd-1.11.5/src/man/PaxHeaders.13173/man.stamp0000644000000000000000000000013212320753573016740 xustar000000000000000030 mtime=1396955003.478843889 30 atime=1396955003.478843889 30 ctime=1396955003.478843889 sssd-1.11.5/src/man/man.stamp0000664002412700241270000000000012320753573017155 0ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/PaxHeaders.13173/sssd-krb5.5.xml0000644000000000000000000000007312320753107017616 xustar000000000000000030 atime=1396954939.262891434 29 ctime=1396954962.61687424 sssd-1.11.5/src/man/sssd-krb5.5.xml0000664002412700241270000006111212320753107020042 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sssd-krb5 5 File Formats and Conventions sssd-krb5 the configuration file for SSSD DESCRIPTION This manual page describes the configuration of the Kerberos 5 authentication backend for sssd 8 . For a detailed syntax reference, please refer to the FILE FORMAT section of the sssd.conf 5 manual page. The Kerberos 5 authentication backend contains auth and chpass providers. It must be paired with an identity provider in order to function properly (for example, id_provider = ldap). Some information required by the Kerberos 5 authentication backend must be provided by the identity provider, such as the user's Kerberos Principal Name (UPN). The configuration of the identity provider should have an entry to specify the UPN. Please refer to the man page for the applicable identity provider for details on how to configure this. This backend also provides access control based on the .k5login file in the home directory of the user. See .k5login5 for more details. Please note that an empty .k5login file will deny all access to this user. To activate this feature, use 'access_provider = krb5' in your SSSD configuration. In the case where the UPN is not available in the identity backend, sssd will construct a UPN using the format username@krb5_realm. CONFIGURATION OPTIONS If the auth-module krb5 is used in an SSSD domain, the following options must be used. See the sssd.conf 5 manual page, section DOMAIN SECTIONS, for details on the configuration of an SSSD domain. krb5_server, krb5_backup_server (string) Specifies the comma-separated list of IP addresses or hostnames of the Kerberos servers to which SSSD should connect, in the order of preference. For more information on failover and server redundancy, see the FAILOVER section. An optional port number (preceded by a colon) may be appended to the addresses or hostnames. If empty, service discovery is enabled; for more information, refer to the SERVICE DISCOVERY section. When using service discovery for KDC or kpasswd servers, SSSD first searches for DNS entries that specify _udp as the protocol and falls back to _tcp if none are found. This option was named krb5_kdcip in earlier releases of SSSD. While the legacy name is recognized for the time being, users are advised to migrate their config files to use krb5_server instead. krb5_realm (string) The name of the Kerberos realm. This option is required and must be specified. krb5_kpasswd, krb5_backup_kpasswd (string) If the change password service is not running on the KDC, alternative servers can be defined here. An optional port number (preceded by a colon) may be appended to the addresses or hostnames. For more information on failover and server redundancy, see the FAILOVER section. NOTE: Even if there are no more kpasswd servers to try, the backend is not switched to operate offline if authentication against the KDC is still possible. Default: Use the KDC krb5_ccachedir (string) Directory to store credential caches. All the substitution sequences of krb5_ccname_template can be used here, too, except %d and %P. The directory is created as private and owned by the user, with permissions set to 0700. Default: /tmp krb5_ccname_template (string) Location of the user's credential cache. Three credential cache types are currently supported: FILE, DIR and KEYRING:persistent. The cache can be specified either as TYPE:RESIDUAL, or as an absolute path, which implies the FILE type. In the template, the following sequences are substituted: %u login name %U login UID %p principal name %r realm name %h home directory %d value of krb5ccache_dir %P the process ID of the SSSD client %% a literal '%' If the template ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe way. When using KEYRING types, the only supported mechanism is KEYRING:persistent:%U, which uses the Linux kernel keyring to store credentials on a per-UID basis. This is also the recommended choice, as it is the most secure and predictable method. The default value for the credential cache name is sourced from the profile stored in the system wide krb5.conf configuration file in the [libdefaults] section. The option name is default_ccache_name. See krb5.conf(5)'s PARAMETER EXPANSION paragraph for additional information on the expansion format defined by krb5.conf. Default: (from libkrb5) krb5_auth_timeout (integer) Timeout in seconds after an online authentication request or change password request is aborted. If possible, the authentication request is continued offline. Default: 6 krb5_validate (boolean) Verify with the help of krb5_keytab that the TGT obtained has not been spoofed. The keytab is checked for entries sequentially, and the first entry with a matching realm is used for validation. If no entry matches the realm, the last entry in the keytab is used. This process can be used to validate environments using cross-realm trust by placing the appropriate keytab entry as the last entry or the only entry in the keytab file. Default: false krb5_keytab (string) The location of the keytab to use when validating credentials obtained from KDCs. Default: /etc/krb5.keytab krb5_store_password_if_offline (boolean) Store the password of the user if the provider is offline and use it to request a TGT when the provider comes online again. NOTE: this feature is only available on Linux. Passwords stored in this way are kept in plaintext in the kernel keyring and are potentially accessible by the root user (with difficulty). Default: false krb5_renewable_lifetime (string) Request a renewable ticket with a total lifetime, given as an integer immediately followed by a time unit: s for seconds m for minutes h for hours d for days. If there is no unit given, s is assumed. NOTE: It is not possible to mix units. To set the renewable lifetime to one and a half hours, use '90m' instead of '1h30m'. Default: not set, i.e. the TGT is not renewable krb5_lifetime (string) Request ticket with a lifetime, given as an integer immediately followed by a time unit: s for seconds m for minutes h for hours d for days. If there is no unit given s is assumed. NOTE: It is not possible to mix units. To set the lifetime to one and a half hours please use '90m' instead of '1h30m'. Default: not set, i.e. the default ticket lifetime configured on the KDC. krb5_renew_interval (string) The time in seconds between two checks if the TGT should be renewed. TGTs are renewed if about half of their lifetime is exceeded, given as an integer immediately followed by a time unit: s for seconds m for minutes h for hours d for days. If there is no unit given, s is assumed. NOTE: It is not possible to mix units. To set the renewable lifetime to one and a half hours, use '90m' instead of '1h30m'. If this option is not set or is 0 the automatic renewal is disabled. Default: not set krb5_use_fast (string) Enables flexible authentication secure tunneling (FAST) for Kerberos pre-authentication. The following options are supported: never use FAST. This is equivalent to not setting this option at all. try to use FAST. If the server does not support FAST, continue the authentication without it. demand to use FAST. The authentication fails if the server does not require fast. Default: not set, i.e. FAST is not used. NOTE: a keytab is required to use FAST. NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If SSSD is used with an older version of MIT Kerberos, using this option is a configuration error. krb5_fast_principal (string) Specifies the server principal to use for FAST. krb5_canonicalize (boolean) Specifies if the host and user principal should be canonicalized. This feature is available with MIT Kerberos 1.7 and later versions. Default: false krb5_use_kdcinfo (boolean) Specifies if the SSSD should instruct the Kerberos libraries what realm and which KDCs to use. This option is on by default, if you disable it, you need to configure the Kerberos library using the krb5.conf 5 configuration file. See the sssd_krb5_locator_plugin 8 manual page for more information on the locator plugin. Default: true krb5_use_enterprise_principal (boolean) Specifies if the user principal should be treated as enterprise principal. See section 5 of RFC 6806 for more details about enterprise principals. Default: false (AD provider: true) EXAMPLE The following example assumes that SSSD is correctly configured and FOO is one of the domains in the [sssd] section. This example shows only configuration of Kerberos authentication; it does not include any identity provider. [domain/FOO] auth_provider = krb5 krb5_server = 192.168.1.1 krb5_realm = EXAMPLE.COM sssd-1.11.5/src/man/PaxHeaders.13173/sss_ssh_knownhostsproxy.1.xml0000644000000000000000000000007412320753107023062 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.622874236 sssd-1.11.5/src/man/sss_ssh_knownhostsproxy.1.xml0000664002412700241270000000744712320753107023320 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_ssh_knownhostsproxy 1 sss_ssh_knownhostsproxy get OpenSSH host keys sss_ssh_knownhostsproxy options HOST PROXY_COMMAND DESCRIPTION sss_ssh_knownhostsproxy acquires SSH host public keys for host HOST, stores them in a custom OpenSSH known_hosts file (see the SSH_KNOWN_HOSTS FILE FORMAT section of sshd 8 for more information) /var/lib/sss/pubconf/known_hosts and estabilishes connection to the host. If PROXY_COMMAND is specified, it is used to create the connection to the host instead of opening a socket. ssh 1 can be configured to use sss_ssh_knownhostsproxy for host key authentication by using the following directives for ssh 1 configuration: ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts OPTIONS , PORT Use port PORT to connect to the host. By default, port 22 is used. , DOMAIN Search for host public keys in SSSD domain DOMAIN. EXIT STATUS In case of success, an exit value of 0 is returned. Otherwise, 1 is returned. sssd-1.11.5/src/man/PaxHeaders.13173/sssd.conf.5.xml0000644000000000000000000000007312320753107017701 xustar000000000000000030 atime=1396954939.262891434 29 ctime=1396954962.60387425 sssd-1.11.5/src/man/sssd.conf.5.xml0000664002412700241270000026754012320753107020142 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sssd.conf 5 File Formats and Conventions sssd.conf the configuration file for SSSD FILE FORMAT The file has an ini-style syntax and consists of sections and parameters. A section begins with the name of the section in square brackets and continues until the next section begins. An example of section with single and multi-valued parameters: [section] key = value key2 = value2,value3 The data types used are string (no quotes needed), integer and bool (with values of TRUE/FALSE). A line comment starts with a hash sign (#) or a semicolon (;). Inline comments are not supported. All sections can have an optional description parameter. Its function is only as a label for the section. sssd.conf must be a regular file, owned by root and only root may read from or write to the file. SPECIAL SECTIONS The [sssd] section Individual pieces of SSSD functionality are provided by special SSSD services that are started and stopped together with SSSD. The services are managed by a special service frequently called monitor. The [sssd] section is used to configure the monitor as well as some other important options like the identity domains. Section parameters config_file_version (integer) Indicates what is the syntax of the config file. SSSD 0.6.0 and later use version 2. services Comma separated list of services that are started when sssd itself starts. Supported services: nss, pam , sudo , autofs , ssh , pac reconnection_retries (integer) Number of times services should attempt to reconnect in the event of a Data Provider crash or restart before they give up Default: 3 domains A domain is a database containing user information. SSSD can use more domains at the same time, but at least one must be configured or SSSD won't start. This parameter described the list of domains in the order you want them to be queried. A domain name should only consist of alphanumeric ASCII characters, dashes and underscores. re_expression (string) Default regular expression that describes how to parse the string containing user name and domain into these components. Each domain can have an individual regular expression configured. For some ID providers there are also default regular expressions. See DOMAIN SECTIONS for more info on these regular expressions. full_name_format (string) A printf 3 -compatible format that describes how to compose a fully qualified name from user name and domain name components. The following expansions are supported: %1$s user name %2$s domain name as specified in the SSSD config file. %3$s domain flat name. Mostly usable for Active Directory domains, both directly configured or discovered via IPA trusts. Each domain can have an individual format string configured. see DOMAIN SECTIONS for more info on this option. try_inotify (boolean) SSSD monitors the state of resolv.conf to identify when it needs to update its internal DNS resolver. By default, we will attempt to use inotify for this, and will fall back to polling resolv.conf every five seconds if inotify cannot be used. There are some limited situations where it is preferred that we should skip even trying to use inotify. In these rare cases, this option should be set to 'false' Default: true on platforms where inotify is supported. False on other platforms. Note: this option will have no effect on platforms where inotify is unavailable. On these platforms, polling will always be used. krb5_rcache_dir (string) Directory on the filesystem where SSSD should store Kerberos replay cache files. This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct SSSD to let libkrb5 decide the appropriate location for the replay cache. Default: Distribution-specific and specified at build-time. (__LIBKRB5_DEFAULTS__ if not configured) default_domain_suffix (string) This string will be used as a default domain name for all names without a domain name component. The main use case is environments where the primary domain is intended for managing host policies and all users are located in a trusted domain. The option allows those users to log in just with their user name without giving a domain name as well. Please note that if this option is set all users from the primary domain have to use their fully qualified name, e.g. user@domain.name, to log in. Default: not set SERVICES SECTIONS Settings that can be used to configure different services are described in this section. They should reside in the [$NAME] section, for example, for NSS service, the section would be [nss] General service configuration options These options can be used to configure any service. debug_level (integer) debug_timestamps (bool) Add a timestamp to the debug messages Default: true debug_microseconds (bool) Add microseconds to the timestamp in debug messages Default: false timeout (integer) Timeout in seconds between heartbeats for this service. This is used to ensure that the process is alive and capable of answering requests. Default: 10 reconnection_retries (integer) Number of times services should attempt to reconnect in the event of a Data Provider crash or restart before they give up Default: 3 fd_limit This option specifies the maximum number of file descriptors that may be opened at one time by this SSSD process. On systems where SSSD is granted the CAP_SYS_RESOURCE capability, this will be an absolute setting. On systems without this capability, the resulting value will be the lower value of this or the limits.conf "hard" limit. Default: 8192 (or limits.conf "hard" limit) client_idle_timeout This option specifies the number of seconds that a client of an SSSD process can hold onto a file descriptor without communicating on it. This value is limited in order to avoid resource exhaustion on the system. Default: 60 force_timeout (integer) If a service is not responding to ping checks (see the timeout option), it is first sent the SIGTERM signal that instructs it to quit gracefully. If the service does not terminate after force_timeout seconds, the monitor will forcibly shut it down by sending a SIGKILL signal. Default: 60 NSS configuration options These options can be used to configure the Name Service Switch (NSS) service. enum_cache_timeout (integer) How many seconds should nss_sss cache enumerations (requests for info about all users) Default: 120 entry_cache_nowait_percentage (integer) The entry cache can be set to automatically update entries in the background if they are requested beyond a percentage of the entry_cache_timeout value for the domain. For example, if the domain's entry_cache_timeout is set to 30s and entry_cache_nowait_percentage is set to 50 (percent), entries that come in after 15 seconds past the last cache update will be returned immediately, but the SSSD will go and update the cache on its own, so that future requests will not need to block waiting for a cache update. Valid values for this option are 0-99 and represent a percentage of the entry_cache_timeout for each domain. For performance reasons, this percentage will never reduce the nowait timeout to less than 10 seconds. (0 disables this feature) Default: 50 entry_negative_timeout (integer) Specifies for how many seconds nss_sss should cache negative cache hits (that is, queries for invalid database entries, like nonexistent ones) before asking the back end again. Default: 15 filter_users, filter_groups (string) Exclude certain users from being fetched from the sss NSS database. This is particularly useful for system accounts. This option can also be set per-domain or include fully-qualified names to filter only users from the particular domain. Default: root filter_users_in_groups (bool) If you want filtered user still be group members set this option to false. Default: true fallback_homedir (string) Set a default template for a user's home directory if one is not specified explicitly by the domain's data provider. The available values for this option are the same as for override_homedir. example: fallback_homedir = /home/%u Default: not set (no substitution for unset home directories) override_shell (string) Override the login shell for all users. This option supersedes any other shell options if it takes effect and can be set either in the [nss] section or per-domain. Default: not set (SSSD will use the value retrieved from LDAP) allowed_shells (string) Restrict user shell to one of the listed values. The order of evaluation is: 1. If the shell is present in /etc/shells, it is used. 2. If the shell is in the allowed_shells list but not in /etc/shells, use the value of the shell_fallback parameter. 3. If the shell is not in the allowed_shells list and not in /etc/shells, a nologin shell is used. An empty string for shell is passed as-is to libc. The /etc/shells is only read on SSSD start up, which means that a restart of the SSSD is required in case a new shell is installed. Default: Not set. The user shell is automatically used. vetoed_shells (string) Replace any instance of these shells with the shell_fallback shell_fallback (string) The default shell to use if an allowed shell is not installed on the machine. Default: /bin/sh default_shell The default shell to use if the provider does not return one during lookup. This option can be specified globally in the [nss] section or per-domain. Default: not set (Return NULL if no shell is specified and rely on libc to substitute something sensible when necessary, usually /bin/sh) get_domains_timeout (int) Specifies time in seconds for which the list of subdomains will be considered valid. Default: 60 memcache_timeout (int) Specifies time in seconds for which records in the in-memory cache will be valid Default: 300 PAM configuration options These options can be used to configure the Pluggable Authentication Module (PAM) service. offline_credentials_expiration (integer) If the authentication provider is offline, how long should we allow cached logins (in days since the last successful online login). Default: 0 (No limit) offline_failed_login_attempts (integer) If the authentication provider is offline, how many failed login attempts are allowed. Default: 0 (No limit) offline_failed_login_delay (integer) The time in minutes which has to pass after offline_failed_login_attempts has been reached before a new login attempt is possible. If set to 0 the user cannot authenticate offline if offline_failed_login_attempts has been reached. Only a successful online authentication can enable offline authentication again. Default: 5 pam_verbosity (integer) Controls what kind of messages are shown to the user during authentication. The higher the number to more messages are displayed. Currently sssd supports the following values: 0: do not show any message 1: show only important messages 2: show informational messages 3: show all messages and debug information Default: 1 pam_id_timeout (integer) For any PAM request while SSSD is online, the SSSD will attempt to immediately update the cached identity information for the user in order to ensure that authentication takes place with the latest information. A complete PAM conversation may perform multiple PAM requests, such as account management and session opening. This option controls (on a per-client-application basis) how long (in seconds) we can cache the identity information to avoid excessive round-trips to the identity provider. Default: 5 pam_pwd_expiration_warning (integer) Display a warning N days before the password expires. Please note that the backend server has to provide information about the expiration time of the password. If this information is missing, sssd cannot display a warning. If zero is set, then this filter is not applied, i.e. if the expiration warning was received from backend server, it will automatically be displayed. This setting can be overridden by setting pwd_expiration_warning for a particular domain. Default: 0 get_domains_timeout (int) Specifies time in seconds for which the list of subdomains will be considered valid. Default: 60 SUDO configuration options These options can be used to configure the sudo service. sudo_timed (bool) Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes that implement time-dependent sudoers entries. Default: false AUTOFS configuration options These options can be used to configure the autofs service. autofs_negative_timeout (integer) Specifies for how many seconds should the autofs responder negative cache hits (that is, queries for invalid map entries, like nonexistent ones) before asking the back end again. Default: 15 SSH configuration options These options can be used to configure the SSH service. ssh_hash_known_hosts (bool) Whether or not to hash host names and addresses in the managed known_hosts file. Default: true ssh_known_hosts_timeout (integer) How many seconds to keep a host in the managed known_hosts file after its host keys were requested. Default: 180 PAC responder configuration options The PAC responder works together with the authorization data plugin for MIT Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the PAC data during a GSSAPI authentication to the PAC responder. The sub-domain provider collects domain SID and ID ranges of the domain the client is joined to and of remote trusted domains from the local domain controller. If the PAC is decoded and evaluated some of the following operations are done: If the remote user does not exist in the cache, it is created. The uid is determined with the help of the SID, trusted domains will have UPGs and the gid will have the same value as the uid. The home directory is set based on the subdomain_homedir parameter. The shell will be empty by default, i.e. the system defaults are used, but can be overwritten with the default_shell parameter. If there are SIDs of groups from domains sssd knows about, the user will be added to those groups. These options can be used to configure the PAC responder. allowed_uids (string) Specifies the comma-separated list of UID values or user names that are allowed to access the PAC responder. User names are resolved to UIDs at startup. Default: 0 (only the root user is allowed to access the PAC responder) Please note that although the UID 0 is used as the default it will be overwritten with this option. If you still want to allow the root user to access the PAC responder, which would be the typical case, you have to add 0 to the list of allowed UIDs as well. DOMAIN SECTIONS These configuration options can be present in a domain configuration section, that is, in a section called [domain/NAME] min_id,max_id (integer) UID and GID limits for the domain. If a domain contains an entry that is outside these limits, it is ignored. For users, this affects the primary GID limit. The user will not be returned to NSS if either the UID or the primary GID is outside the range. For non-primary group memberships, those that are in range will be reported as expected. These ID limits affect even saving entries to cache, not only returning them by name or ID. Default: 1 for min_id, 0 (no limit) for max_id enumerate (bool) Determines if a domain can be enumerated. This parameter can have one of the following values: TRUE = Users and groups are enumerated FALSE = No enumerations for this domain Default: FALSE Note: Enabling enumeration has a moderate performance impact on SSSD while enumeration is running. It may take up to several minutes after SSSD startup to fully complete enumerations. During this time, individual requests for information will go directly to LDAP, though it may be slow, due to the heavy enumeration processing. Saving a large number of entries to cache after the enumeration completes might also be CPU intensive as the memberships have to be recomputed. While the first enumeration is running, requests for the complete user or group lists may return no results until it completes. Further, enabling enumeration may increase the time necessary to detect network disconnection, as longer timeouts are required to ensure that enumeration lookups are completed successfully. For more information, refer to the man pages for the specific id_provider in use. For the reasons cited above, enabling enumeration is not recommended, especially in large environments. subdomain_enumerate (string) Whether any of autodetected trusted domains should be enumerated. The supported values are: all All discovered trusted domains will be enumerated none No discovered trusted domains will be enumerated Optionally, a list of one or more domain names can enable enumeration just for these trusted domains. Default: none force_timeout (integer) If a service is not responding to ping checks (see the timeout option), it is first sent the SIGTERM signal that instructs it to quit gracefully. If the service does not terminate after force_timeout seconds, the monitor will forcibly shut it down by sending a SIGKILL signal. Default: 60 entry_cache_timeout (integer) How many seconds should nss_sss consider entries valid before asking the backend again The cache expiration timestamps are stored as attributes of individual objects in the cache. Therefore, changing the cache timeout only has effect for newly added or expired entries. You should run the sss_cache 8 tool in order to force refresh of entries that have already been cached. Default: 5400 entry_cache_user_timeout (integer) How many seconds should nss_sss consider user entries valid before asking the backend again Default: entry_cache_timeout entry_cache_group_timeout (integer) How many seconds should nss_sss consider group entries valid before asking the backend again Default: entry_cache_timeout entry_cache_netgroup_timeout (integer) How many seconds should nss_sss consider netgroup entries valid before asking the backend again Default: entry_cache_timeout entry_cache_service_timeout (integer) How many seconds should nss_sss consider service entries valid before asking the backend again Default: entry_cache_timeout entry_cache_sudo_timeout (integer) How many seconds should sudo consider rules valid before asking the backend again Default: entry_cache_timeout entry_cache_autofs_timeout (integer) How many seconds should the autofs service consider automounter maps valid before asking the backend again Default: entry_cache_timeout refresh_expired_interval (integer) Specifies how many seconds SSSD has to wait before refreshing expired records. Currently only refreshing expired netgroups is supported. You can consider setting this value to 3/4 * entry_cache_timeout. Default: 0 (disabled) cache_credentials (bool) Determines if user credentials are also cached in the local LDB cache User credentials are stored in a SHA512 hash, not in plaintext Default: FALSE account_cache_expiration (integer) Number of days entries are left in cache after last successful login before being removed during a cleanup of the cache. 0 means keep forever. The value of this parameter must be greater than or equal to offline_credentials_expiration. Default: 0 (unlimited) pwd_expiration_warning (integer) Display a warning N days before the password expires. If zero is set, then this filter is not applied, i.e. if the expiration warning was received from backend server, it will automatically be displayed. Please note that the backend server has to provide information about the expiration time of the password. If this information is missing, sssd cannot display a warning. Also an auth provider has to be configured for the backend. Default: 7 (Kerberos), 0 (LDAP) id_provider (string) The identification provider used for the domain. Supported ID providers are: proxy: Support a legacy NSS provider local: SSSD internal provider for local users ldap: LDAP provider. See sssd-ldap 5 for more information on configuring LDAP. ipa: FreeIPA and Red Hat Enterprise Identity Management provider. See sssd-ipa 5 for more information on configuring FreeIPA. ad: Active Directory provider. See sssd-ad 5 for more information on configuring Active Directory. use_fully_qualified_names (bool) Use the full name and domain (as formatted by the domain's full_name_format) as the user's login name reported to NSS. If set to TRUE, all requests to this domain must use fully qualified names. For example, if used in LOCAL domain that contains a "test" user, getent passwd test wouldn't find the user while getent passwd test@LOCAL would. NOTE: This option has no effect on netgroup lookups due to their tendency to include nested netgroups without qualified names. For netgroups, all domains will be searched when an unqualified name is requested. Default: FALSE ignore_group_members (bool) Do not return group members for group lookups. If set to TRUE, the group membership attribute is not requested from the ldap server, and group members are not returned when processing group lookup calls. Default: FALSE auth_provider (string) The authentication provider used for the domain. Supported auth providers are: ldap for native LDAP authentication. See sssd-ldap 5 for more information on configuring LDAP. krb5 for Kerberos authentication. See sssd-krb5 5 for more information on configuring Kerberos. ipa: FreeIPA and Red Hat Enterprise Identity Management provider. See sssd-ipa 5 for more information on configuring FreeIPA. ad: Active Directory provider. See sssd-ad 5 for more information on configuring Active Directory. proxy for relaying authentication to some other PAM target. none disables authentication explicitly. Default: id_provider is used if it is set and can handle authentication requests. access_provider (string) The access control provider used for the domain. There are two built-in access providers (in addition to any included in installed backends) Internal special providers are: permit always allow access. It's the only permitted access provider for a local domain. deny always deny access. ldap for native LDAP authentication. See sssd-ldap 5 for more information on configuring LDAP. ipa: FreeIPA and Red Hat Enterprise Identity Management provider. See sssd-ipa 5 for more information on configuring FreeIPA. ad: Active Directory provider. See sssd-ad 5 for more information on configuring Active Directory. simple access control based on access or deny lists. See sssd-simple 5 for more information on configuring the simple access module. Default: permit chpass_provider (string) The provider which should handle change password operations for the domain. Supported change password providers are: ldap to change a password stored in a LDAP server. See sssd-ldap 5 for more information on configuring LDAP. krb5 to change the Kerberos password. See sssd-krb5 5 for more information on configuring Kerberos. ipa: FreeIPA and Red Hat Enterprise Identity Management provider. See sssd-ipa 5 for more information on configuring FreeIPA. ad: Active Directory provider. See sssd-ad 5 for more information on configuring Active Directory. proxy for relaying password changes to some other PAM target. none disallows password changes explicitly. Default: auth_provider is used if it is set and can handle change password requests. sudo_provider (string) The SUDO provider used for the domain. Supported SUDO providers are: ldap for rules stored in LDAP. See sssd-ldap 5 for more information on configuring LDAP. ipa the same as ldap but with IPA default settings. ad the same as ldap but with AD default settings. none disables SUDO explicitly. Default: The value of id_provider is used if it is set. selinux_provider (string) The provider which should handle loading of selinux settings. Note that this provider will be called right after access provider ends. Supported selinux providers are: ipa to load selinux settings from an IPA server. See sssd-ipa 5 for more information on configuring IPA. none disallows fetching selinux settings explicitly. Default: id_provider is used if it is set and can handle selinux loading requests. subdomains_provider (string) The provider which should handle fetching of subdomains. This value should be always the same as id_provider. Supported subdomain providers are: ipa to load a list of subdomains from an IPA server. See sssd-ipa 5 for more information on configuring IPA. none disallows fetching subdomains explicitly. Default: The value of id_provider is used if it is set. autofs_provider (string) The autofs provider used for the domain. Supported autofs providers are: ldap to load maps stored in LDAP. See sssd-ldap 5 for more information on configuring LDAP. ipa to load maps stored in an IPA server. See sssd-ipa 5 for more information on configuring IPA. none disables autofs explicitly. Default: The value of id_provider is used if it is set. hostid_provider (string) The provider used for retrieving host identity information. Supported hostid providers are: ipa to load host identity stored in an IPA server. See sssd-ipa 5 for more information on configuring IPA. none disables hostid explicitly. Default: The value of id_provider is used if it is set. re_expression (string) Regular expression for this domain that describes how to parse the string containing user name and domain into these components. The "domain" can match either the SSSD configuration domain name, or, in the case of IPA trust subdomains and Active Directory domains, the flat (NetBIOS) name of the domain. Default for the AD and IPA provider: (((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$)) which allows three different styles for user names: username username@domain.name domain\username While the first two correspond to the general default the third one is introduced to allow easy integration of users from Windows domains. Default: (?P<name>[^@]+)@?(?P<domain>[^@]*$) which translates to "the name is everything up to the @ sign, the domain everything after that" PLEASE NOTE: the support for non-unique named subpatterns is not available on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre version 7 or higher can support non-unique named subpatterns. PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?P<name>) to label subpatterns. full_name_format (string) A printf 3 -compatible format that describes how to compose a fully qualified name from user name and domain name components. The following expansions are supported: %1$s user name %2$s domain name as specified in the SSSD config file. %3$s domain flat name. Mostly usable for Active Directory domains, both directly configured or discovered via IPA trusts. Default: %1$s@%2$s. lookup_family_order (string) Provides the ability to select preferred address family to use when performing DNS lookups. Supported values: ipv4_first: Try looking up IPv4 address, if that fails, try IPv6 ipv4_only: Only attempt to resolve hostnames to IPv4 addresses. ipv6_first: Try looking up IPv6 address, if that fails, try IPv4 ipv6_only: Only attempt to resolve hostnames to IPv6 addresses. Default: ipv4_first dns_resolver_timeout (integer) Defines the amount of time (in seconds) to wait for a reply from the DNS resolver before assuming that it is unreachable. If this timeout is reached, the domain will continue to operate in offline mode. Default: 6 dns_discovery_domain (string) If service discovery is used in the back end, specifies the domain part of the service discovery DNS query. Default: Use the domain part of machine's hostname override_gid (integer) Override the primary GID value with the one specified. case_sensitive (boolean) Treat user and group names as case sensitive. At the moment, this option is not supported in the local provider. Default: True proxy_fast_alias (boolean) When a user or group is looked up by name in the proxy provider, a second lookup by ID is performed to "canonicalize" the name in case the requested name was an alias. Setting this option to true would cause the SSSD to perform the ID lookup from cache for performance reasons. Default: false subdomain_homedir (string) Use this homedir as default value for all subdomains within this domain in IPA AD trust. See override_homedir for info about possible values. In addition to those, the expansion below can only be used with subdomain_homedir. %F flat (NetBIOS) name of a subdomain. The value can be overridden by override_homedir option. Default: /home/%d/%u realmd_tags (string) Various tags stored by the realmd configuration service for this domain. Options valid for proxy domains. proxy_pam_target (string) The proxy target PAM proxies to. Default: not set by default, you have to take an existing pam configuration or create a new one and add the service name here. proxy_lib_name (string) The name of the NSS library to use in proxy domains. The NSS functions searched for in the library are in the form of _nss_$(libName)_$(function), for example _nss_files_getpwent. The local domain section This section contains settings for domain that stores users and groups in SSSD native database, that is, a domain that uses id_provider=local. Section parameters default_shell (string) The default shell for users created with SSSD userspace tools. Default: /bin/bash base_directory (string) The tools append the login name to base_directory and use that as the home directory. Default: /home create_homedir (bool) Indicate if a home directory should be created by default for new users. Can be overridden on command line. Default: TRUE remove_homedir (bool) Indicate if a home directory should be removed by default for deleted users. Can be overridden on command line. Default: TRUE homedir_umask (integer) Used by sss_useradd 8 to specify the default permissions on a newly created home directory. Default: 077 skel_dir (string) The skeleton directory, which contains files and directories to be copied in the user's home directory, when the home directory is created by sss_useradd 8 Default: /etc/skel mail_dir (string) The mail spool directory. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted. If not specified, a default value is used. Default: /var/mail userdel_cmd (string) The command that is run after a user is removed. The command us passed the username of the user being removed as the first and only parameter. The return code of the command is not taken into account. Default: None, no command is run EXAMPLE The following example shows a typical SSSD config. It does not describe configuration of the domains themselves - refer to documentation on configuring domains for more details. [sssd] domains = LDAP services = nss, pam config_file_version = 2 [nss] filter_groups = root filter_users = root [pam] [domain/LDAP] id_provider = ldap ldap_uri = ldap://ldap.example.com ldap_search_base = dc=example,dc=com auth_provider = krb5 krb5_server = kerberos.example.com krb5_realm = EXAMPLE.COM cache_credentials = true min_id = 10000 max_id = 20000 enumerate = False sssd-1.11.5/src/man/PaxHeaders.13173/sss_ssh_authorizedkeys.1.xml0000644000000000000000000000007412320753107022615 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.618874239 sssd-1.11.5/src/man/sss_ssh_authorizedkeys.1.xml0000664002412700241270000000760612320753107023050 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_ssh_authorizedkeys 1 sss_ssh_authorizedkeys get OpenSSH authorized keys sss_ssh_authorizedkeys options USER DESCRIPTION sss_ssh_authorizedkeys acquires SSH public keys for user USER and outputs them in OpenSSH authorized_keys format (see the AUTHORIZED_KEYS FILE FORMAT section of sshd 8 for more information). sshd 8 can be configured to use sss_ssh_authorizedkeys for public key user authentication if it is compiled with support for either AuthorizedKeysCommand or PubkeyAgent sshd_config 5 options. If AuthorizedKeysCommand is supported, sshd 8 can be configured to use it by putting the following directive in sshd_config 5: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys If PubkeyAgent is supported, sshd 8 can be configured to use it by using the following directive for sshd 8 configuration: PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u OPTIONS , DOMAIN Search for user public keys in SSSD domain DOMAIN. EXIT STATUS In case of success, an exit value of 0 is returned. Otherwise, 1 is returned. sssd-1.11.5/src/man/PaxHeaders.13173/sss_groupmod.8.xml0000644000000000000000000000007312320753107020530 xustar000000000000000030 atime=1396954939.261891434 29 ctime=1396954962.60387425 sssd-1.11.5/src/man/sss_groupmod.8.xml0000664002412700241270000000515212320753107020756 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_groupmod 8 sss_groupmod modify a group sss_groupmod options GROUP DESCRIPTION sss_groupmod modifies the group to reflect the changes that are specified on the command line. OPTIONS , GROUPS Append this group to groups specified by the GROUPS parameter. The GROUPS parameter is a comma separated list of group names. , GROUPS Remove this group from groups specified by the GROUPS parameter. sssd-1.11.5/src/man/PaxHeaders.13173/sss_usermod.8.xml0000644000000000000000000000007412320753107020353 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.621874236 sssd-1.11.5/src/man/sss_usermod.8.xml0000664002412700241270000001171712320753107020604 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_usermod 8 sss_usermod modify a user account sss_usermod options LOGIN DESCRIPTION sss_usermod modifies the account specified by LOGIN to reflect the changes that are specified on the command line. OPTIONS , COMMENT Any text string describing the user. Often used as the field for the user's full name. , HOME_DIR The home directory of the user account. , SHELL The user's login shell. , GROUPS Append this user to groups specified by the GROUPS parameter. The GROUPS parameter is a comma separated list of group names. , GROUPS Remove this user from groups specified by the GROUPS parameter. , Lock the user account. The user won't be able to log in. , Unlock the user account. , SELINUX_USER The SELinux user for the user's login. sssd-1.11.5/src/man/PaxHeaders.13173/Makefile.am0000644000000000000000000000007412320753107017151 xustar000000000000000030 atime=1396954952.426881756 30 ctime=1396954962.602874251 sssd-1.11.5/src/man/Makefile.am0000664002412700241270000001235512320753107017401 0ustar00jhrozekjhrozek00000000000000# The following variable is dependent on placement of this file top_builddir = ../.. ############ # MANPAGES # ############ # If no conditions are given, *all* conditionals are expanded. We don't want # to include any conditions by default, so we need to pass a phony conditional if BUILD_SUDO # conditionals are delimeted with a semicolon SUDO_CONDS = ;with_sudo endif if BUILD_AUTOFS AUTOFS_CONDS = ;with_autofs endif if BUILD_SSH SSH_CONDS = ;with_ssh endif if BUILD_PAC_RESPONDER PAC_RESPONDER_CONDS = ;with_pac_responder endif CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS) #Special Rules: export SGML_CATALOG_FILES DOCBOOK_XSLT = @DOCBOOK_XSLT@ DOCBOOK_XSLT ?= http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl XMLLINT_FLAGS = --catalogs --postvalid --nonet --xinclude --noout XSLTPROC_FLAGS = --catalogs --xinclude --nonet if HAVE_PROFILE_CATALOGS XSLTPROC_FLAGS += --stringparam profile.condition "$(CONDS)" endif EXTRA_DIST = $(wildcard $(srcdir)/*.xml) $(wildcard $(srcdir)/include/*.xml) man_MANS = \ sss_useradd.8 sss_userdel.8 sss_usermod.8 \ sss_groupadd.8 sss_groupdel.8 sss_groupmod.8 \ sssd.8 sssd.conf.5 sssd-ldap.5 \ sssd-krb5.5 sssd-ipa.5 sssd-simple.5 sssd-ad.5 \ sssd_krb5_locator_plugin.8 sss_groupshow.8 \ pam_sss.8 sss_obfuscate.8 sss_cache.8 sss_debuglevel.8 sss_seed.8 if BUILD_SSH man_MANS += sss_ssh_authorizedkeys.1 sss_ssh_knownhostsproxy.1 endif if BUILD_SUDO man_MANS += sssd-sudo.5 endif SUFFIXES = .1.xml .1 .3.xml .3 .5.xml .5 .8.xml .8 .1.xml.1: $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< .3.xml.3: $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< .5.xml.5: $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< .8.xml.8: $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< ######################## # MANPAGE TRANSLATIONS # ######################## PO4A=@PO4A@ SED=@SED@ PACKAGE_DOC=sssd-docs POTFILE = po/$(PACKAGE_DOC).pot PO4A_CONFIG = po/po4a.cfg # Extract the list of languages from the po4a config file. LINGUAS_DIST = `$(SED) -ne 's/^.*\[po4a_langs\] \(.*\)$$/\1/p' $(srcdir)/$(PO4A_CONFIG)` # If the user has not defined it let's use the default. LINGUAS ?= $(LINGUAS_DIST) PO4A_COMMON_OPTS = --option doctype=docbook \ --package-name $(PACKAGE_DOC) \ --variable builddir=$(CURDIR) \ --package-version $(PACKAGE_VERSION) \ --msgid-bugs-address sssd-devel@redhat.com \ --copyright-holder "Red Hat" PO4A_BUILD_OPTS = $(PO4A_COMMON_OPTS) --no-backups EXTRA_DIST += \ $(POTFILE)\ $(PO4A_CONFIG) XML_DOC = $(wildcard $(srcdir)/*.xml) $(wildcard $(srcdir)/include/*.xml) if HAVE_PO4A CFG_PAGES = $(addprefix $(srcdir)/, $(shell grep '\[type:docbook\]' $(PO4A_CONFIG) | awk '{print $$2}' | tr '\n' ' ')) NONTRANSLATED_PAGES = $(filter-out $(CFG_PAGES), $(XML_DOC)) # FIXME: Use a stamp file until po4a supports them internally. man.stamp: $(XML_DOC) $(POTFILE) $(PO4A_CONFIG) cd $(srcdir) && \ $(PO4A) $(PO4A_BUILD_OPTS) $(PO4A_CONFIG) touch $@ update-po: @if test x"$(NONTRANSLATED_PAGES)" != "x"; then \ echo "The following pages are not translated" $(NONTRANSLATED_PAGES); \ exit 1; \ fi cd $(srcdir) && \ $(PO4A) $(PO4A_BUILD_OPTS) --force $(PO4A_CONFIG) dist-hook: man.stamp if [ -f man.stamp ]; then \ cp man.stamp $(distdir); \ for lang in $(LINGUAS_DIST); do \ cp $(srcdir)/po/$$lang.po $(distdir)/po; \ $(mkdir_p) $(distdir)/$$lang; \ cp -r $(builddir)/$$lang $(distdir)/; \ done; \ else \ cp $(srcdir)/man.stamp $(distdir); \ for lang in $(LINGUAS_DIST); do \ cp $(srcdir)/po/$$lang.po $(distdir)/po; \ $(mkdir_p) $(distdir)/$$lang; \ cp -r $(srcdir)/$$lang $(distdir)/; \ done; \ fi clean-local-no: clean-local-yes: for lang in $(LINGUAS); do \ if [ -d $$lang ]; then \ rm -rf $$lang; \ fi \ done rm -f $(man_MANS) rm -f man.stamp else man.stamp: $(XML_DOC) touch $@ clean-local-no: clean-local-yes: rm -f $(man_MANS) rm -f man.stamp endif clean-local: clean-local-@USE_NLS@ distclean-local: clean-local-@USE_NLS@ mostlyclean-local: clean-local-@USE_NLS@ maintainer-clean-local: clean-local-@USE_NLS@ # Generate translated manual pages all-local: all-local-@USE_NLS@ all-local-no: all-local-yes: man.stamp if [ -z $$recursion ]; then \ for lang in $(LINGUAS); do \ if [ -d $$lang ]; then \ sources=$$(ls -1 $$lang/*.xml); \ manpages=$$(echo $$sources | $(SED) 's/\.xml//g'); \ $(MAKE) recursion=1 man_MANS="$$manpages"; \ fi \ done \ fi install-data-local: install-data-local-@USE_NLS@ install-data-local-no: install-data-local-yes: for lang in $(LINGUAS); do \ if [ -d $$lang ]; then \ sources=$$(ls -1 $$lang/*.xml); \ manpages=$$(echo $$sources | $(SED) 's/\.xml//g'); \ $(MAKE) install-man \ mandir="$(mandir)/$$lang" \ man_MANS="$$manpages"; \ fi \ done uninstall-local: uninstall-local-@USE_NLS@ uninstall-local-no: uninstall-local-yes: for lang in $(LINGUAS); do \ if [ -d $$lang ]; then \ sources=$$(ls -1 $$lang/*.xml); \ manpages=$$(echo $$sources | $(SED) 's/\.xml//g'); \ $(MAKE) uninstall-man \ mandir="$(mandir)/$$lang" \ man_MANS="$$manpages"; \ fi \ done sssd-1.11.5/src/man/PaxHeaders.13173/sss_seed.8.xml0000644000000000000000000000007412320753107017615 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.608874246 sssd-1.11.5/src/man/sss_seed.8.xml0000664002412700241270000001472312320753107020046 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_seed 8 sss_seed seed the SSSD cache with a user sss_seed options -D DOMAIN -n USER DESCRIPTION sss_seed seeds the SSSD cache with a user entry and temporary password. If a user entry is already present in the SSSD cache then the entry is updated with the temporary password. OPTIONS , DOMAIN Provide the name of the domain in which the user is a member of. The domain is also used to retrieve user information. The domain must be configured in sssd.conf. The DOMAIN option must be provided. Information retrieved from the domain overrides what is provided in the options. , USER The username of the entry to be created or modified in the cache. The USER option must be provided. , UID Set the UID of the user to UID. , GID Set the GID of the user to GID. , COMMENT Any text string describing the user. Often used as the field for the user's full name. , HOME_DIR Set the home directory of the user to HOME_DIR. , SHELL Set the login shell of the user to SHELL. , Interactive mode for entering user information. This option will only prompt for information not provided in the options or retrieved from the domain. , PASS_FILE Specify file to read user's password from. (if not specified password is prompted for) NOTES The length of the password (or the size of file specified with -p or --password-file option) must be less than or equal to PASS_MAX bytes (64 bytes on systems with no globally-defined PASS_MAX value). sssd-1.11.5/src/man/PaxHeaders.13173/sssd-simple.5.xml0000644000000000000000000000007412320753107020245 xustar000000000000000030 atime=1396954939.262891434 30 ctime=1396954962.610874245 sssd-1.11.5/src/man/sssd-simple.5.xml0000664002412700241270000001323412320753107020472 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sssd-simple 5 File Formats and Conventions sssd-simple the configuration file for SSSD's 'simple' access-control provider DESCRIPTION This manual page describes the configuration of the simple access-control provider for sssd 8 . For a detailed syntax reference, refer to the FILE FORMAT section of the sssd.conf 5 manual page. The simple access provider grants or denies access based on an access or deny list of user or group names. The following rules apply: If all lists are empty, access is granted If any list is provided, the order of evaluation is allow,deny. This means that any matching deny rule will supersede any matched allow rule. If either or both "allow" lists are provided, all users are denied unless they appear in the list. If only "deny" lists are provided, all users are granted access unless they appear in the list. CONFIGURATION OPTIONS Refer to the section DOMAIN SECTIONS of the sssd.conf 5 manual page for details on the configuration of an SSSD domain. simple_allow_users (string) Comma separated list of users who are allowed to log in. simple_deny_users (string) Comma separated list of users who are explicitly denied access. simple_allow_groups (string) Comma separated list of groups that are allowed to log in. This applies only to groups within this SSSD domain. Local groups are not evaluated. simple_deny_groups (string) Comma separated list of groups that are explicitly denied access. This applies only to groups within this SSSD domain. Local groups are not evaluated. Specifying no values for any of the lists is equivalent to skipping it entirely. Beware of this while generating parameters for the simple provider using automated scripts. Please note that it is an configuration error if both, simple_allow_users and simple_deny_users, are defined. EXAMPLE The following example assumes that SSSD is correctly configured and example.com is one of the domains in the [sssd] section. This examples shows only the simple access provider-specific options. [domain/example.com] access_provider = simple simple_allow_users = user1, user2 sssd-1.11.5/src/man/PaxHeaders.13173/sss_obfuscate.8.xml0000644000000000000000000000007412320753107020650 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.614874242 sssd-1.11.5/src/man/sss_obfuscate.8.xml0000664002412700241270000000756212320753107021104 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_obfuscate 8 sss_obfuscate obfuscate a clear text password sss_obfuscate options [PASSWORD] DESCRIPTION sss_obfuscate converts a given password into human-unreadable format and places it into appropriate domain section of the SSSD config file. The cleartext password is read from standard input or entered interactively. The obfuscated password is put into ldap_default_authtok parameter of a given SSSD domain and the ldap_default_authtok_type parameter is set to obfuscated_password. Refer to sssd-ldap 5 for more details on these parameters. Please note that obfuscating the password provides no real security benefit as it is still possible for an attacker to reverse-engineer the password back. Using better authentication mechanisms such as client side certificates or GSSAPI is strongly advised. OPTIONS , The password to obfuscate will be read from standard input. , DOMAIN The SSSD domain to use the password in. The default name is default. , FILE Read the config file specified by the positional parameter. Default: /etc/sssd/sssd.conf sssd-1.11.5/src/man/PaxHeaders.13173/include0000644000000000000000000000013212320753522016457 xustar000000000000000030 mtime=1396954962.633874228 30 atime=1396955003.534843847 30 ctime=1396954962.633874228 sssd-1.11.5/src/man/include/0000775002412700241270000000000012320753522016763 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000007412320753107022704 xustar000000000000000030 atime=1396954939.256891438 30 ctime=1396954962.627874232 sssd-1.11.5/src/man/include/ldap_search_bases.xml0000664002412700241270000000176112320753107023133 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000007412320753107021372 xustar000000000000000030 atime=1396954939.256891438 30 ctime=1396954962.631874229 sssd-1.11.5/src/man/include/param_help.xml0000664002412700241270000000032312320753107021612 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/include/PaxHeaders.13173/failover.xml0000644000000000000000000000007412320753107021071 xustar000000000000000030 atime=1396954939.255891439 30 ctime=1396954962.627874232 sssd-1.11.5/src/man/include/failover.xml0000664002412700241270000000472112320753107021317 0ustar00jhrozekjhrozek00000000000000 FAILOVER The failover feature allows back ends to automatically switch to a different server if the current server fails. Failover Syntax The list of servers is given as a comma-separated list; any number of spaces is allowed around the comma. The servers are listed in order of preference. The list can contain any number of servers. For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. The Failover Mechanism The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other service. If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service. The machine is still considered online and might still be tried for another service. Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded to 30 seconds. If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds. sssd-1.11.5/src/man/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000007412320753107021722 xustar000000000000000030 atime=1396954939.255891439 30 ctime=1396954962.629874231 sssd-1.11.5/src/man/include/debug_levels.xml0000664002412700241270000000545112320753107022151 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Currently supported debug levels: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: To log fatal failures, critical failures, serious failures and function data use 0x0270. Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000007412320753107020715 xustar000000000000000030 atime=1396954939.256891438 30 ctime=1396954962.632874229 sssd-1.11.5/src/man/include/seealso.xml0000664002412700241270000000673412320753107021151 0ustar00jhrozekjhrozek00000000000000 SEE ALSO sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000007412320753107021122 xustar000000000000000030 atime=1396954939.256891438 30 ctime=1396954962.625874234 sssd-1.11.5/src/man/include/upstream.xml0000664002412700241270000000021312320753107021340 0ustar00jhrozekjhrozek00000000000000 SSSD The SSSD upstream - http://fedorahosted.org/sssd sssd-1.11.5/src/man/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000007412320753107022102 xustar000000000000000030 atime=1396954939.256891438 30 ctime=1396954962.622874236 sssd-1.11.5/src/man/include/param_help_py.xml0000664002412700241270000000032312320753107022322 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000007412320753107022327 xustar000000000000000030 atime=1396954939.255891439 30 ctime=1396954962.624874234 sssd-1.11.5/src/man/include/autofs_restart.xml0000664002412700241270000000036712320753107022557 0ustar00jhrozekjhrozek00000000000000 Please note that the automounter only reads the master map on startup, so if any autofs-related changes are made to the sssd.conf, you typically also need to restart the automounter daemon after restarting the SSSD. sssd-1.11.5/src/man/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000007412320753107021757 xustar000000000000000030 atime=1396954939.255891439 30 ctime=1396954962.626874233 sssd-1.11.5/src/man/include/experimental.xml0000664002412700241270000000016612320753107022204 0ustar00jhrozekjhrozek00000000000000 This is an experimental feature, please use http://fedorahosted.org/sssd to report any issues. sssd-1.11.5/src/man/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000007412320753107022371 xustar000000000000000030 atime=1396954939.256891438 30 ctime=1396954962.633874228 sssd-1.11.5/src/man/include/ldap_id_mapping.xml0000664002412700241270000002507612320753107022625 0ustar00jhrozekjhrozek00000000000000 ID MAPPING The ID-mapping feature allows SSSD to act as a client of Active Directory without requiring administrators to extend user attributes to support POSIX attributes for user and group identifiers. NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are ignored. This is to avoid the possibility of conflicts between automatically-assigned and manually-assigned values. If you need to use manually-assigned values, ALL values must be manually-assigned. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Mapping Algorithm Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object. The SSSD ID-mapping algorithm takes a range of available UIDs and divides it into equally-sized component sections - called "slices"-. Each slice represents the space available to an Active Directory domain. When a user or group entry for a particular domain is encountered for the first time, the SSSD allocates one of the available slices for that domain. In order to make this slice-assignment repeatable on different client machines, we select the slice based on the following algorithm: The SID string is passed through the murmurhash3 algorithm to convert it to a 32-bit hashed value. We then take the modulus of this value with the total number of available slices to pick the slice. NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice). In this situation, it is recommended to either switch to using explicit POSIX attributes in Active Directory (disabling ID-mapping) or configure a default domain to guarantee that at least one is always consistent. See Configuration for details. Configuration Minimum configuration (in the [domain/DOMAINNAME] section): ldap_id_mapping = True ldap_schema = ad The default configuration results in configuring 10,000 slices, each capable of holding up to 200,000 IDs, starting from 10,001 and going up to 2,000,100,000. This should be sufficient for most deployments. Advanced Configuration ldap_idmap_range_min (integer) Specifies the lower bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from min_id in that min_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have min_id be less-than or equal to ldap_idmap_range_min Default: 200000 ldap_idmap_range_max (integer) Specifies the upper bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from max_id in that max_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have max_id be greater-than or equal to ldap_idmap_range_max Default: 2000200000 ldap_idmap_range_size (integer) Specifies the number of IDs available for each slice. If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can. Default: 200000 ldap_idmap_default_domain_sid (string) Specify the domain SID of the default domain. This will guarantee that this domain will always be assigned to slice zero in the ID map, bypassing the murmurhash algorithm described above. Default: not set ldap_idmap_default_domain (string) Specify the name of the default domain. Default: not set ldap_idmap_autorid_compat (boolean) Changes the behavior of the ID-mapping algorithm to behave more similarly to winbind's idmap_autorid algorithm. When this option is configured, domains will be allocated starting with slice zero and increasing monatomically with each additional domain. NOTE: This algorithm is non-deterministic (it depends on the order that users and groups are requested). If this mode is required for compatibility with machines running winbind, it is recommended to also use the ldap_idmap_default_domain_sid option to guarantee that at least one domain is consistently allocated to slice zero. Default: False sssd-1.11.5/src/man/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000007312320753107025460 xustar000000000000000030 atime=1396954939.256891438 29 ctime=1396954962.63087423 sssd-1.11.5/src/man/include/ldap_search_bases_experimental.xml0000664002412700241270000000214612320753107025706 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000007412320753107023011 xustar000000000000000030 atime=1396954939.256891438 30 ctime=1396954962.623874235 sssd-1.11.5/src/man/include/service_discovery.xml0000664002412700241270000000355712320753107023245 0ustar00jhrozekjhrozek00000000000000 SERVICE DISCOVERY The service discovery feature allows back ends to automatically find the appropriate servers to connect to using a special DNS query. This feature is not supported for backup servers. Configuration If no servers are specified, the back end automatically uses service discovery to try to find a server. Optionally, the user may choose to use both fixed server addresses and service discovery by inserting a special keyword, _srv_, in the list of servers. The order of preference is maintained. This feature is useful if, for example, the user prefers to use service discovery whenever possible, and fall back to a specific server when no servers can be discovered using DNS. The domain name Please refer to the dns_discovery_domain parameter in the sssd.conf 5 manual page for more details. The protocol The queries usually specify _tcp as the protocol. Exceptions are documented in respective option description. See Also For more information on the service discovery mechanism, refer to RFC 2782. sssd-1.11.5/src/man/include/PaxHeaders.13173/local.xml0000644000000000000000000000007412320753107020354 xustar000000000000000030 atime=1396954939.256891438 30 ctime=1396954962.631874229 sssd-1.11.5/src/man/include/local.xml0000664002412700241270000000150512320753107020577 0ustar00jhrozekjhrozek00000000000000 THE LOCAL DOMAIN In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd 8 ) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. sssd-1.11.5/src/man/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000007412320753107022610 xustar000000000000000030 atime=1396954939.256891438 30 ctime=1396954962.628874231 sssd-1.11.5/src/man/include/override_homedir.xml0000664002412700241270000000323412320753107023034 0ustar00jhrozekjhrozek00000000000000 override_homedir (string) Override the user's home directory. You can either provide an absolute value or a template. In the template, the following sequences are substituted: %u login name %U UID number %d domain name %f fully qualified user name (user@domain) %o The original home directory retrieved from the identity provider. %% a literal '%' This option can also be set per-domain. example: override_homedir = /home/%u Default: Not set (SSSD will use the value retrieved from LDAP) sssd-1.11.5/src/man/PaxHeaders.13173/sssd.8.xml0000644000000000000000000000007412320753107016761 xustar000000000000000030 atime=1396954939.262891434 30 ctime=1396954962.613874242 sssd-1.11.5/src/man/sssd.8.xml0000664002412700241270000001662112320753107017211 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sssd 8 sssd System Security Services Daemon sssd options DESCRIPTION SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources as well as D-Bus interface. It is also the basis to provide client auditing and policy services for projects like FreeIPA. It provides a more robust database to store local users as well as extended user data. OPTIONS , LEVEL mode 1: Add a timestamp to the debug messages 0: Disable timestamp in the debug messages Default: 1 mode 1: Add microseconds to the timestamp in debug messages 0: Disable microseconds in timestamp Default: 0 , Send the debug output to files instead of stderr. By default, the log files are stored in /var/log/sssd and there are separate log files for every SSSD service and domain. , Become a daemon after starting up. , Run in the foreground, don't become a daemon. , Specify a non-default config file. The default is /etc/sssd/sssd.conf. For reference on the config file syntax and options, consult the sssd.conf 5 manual page. Print version number and exit. Signals SIGTERM/SIGINT Informs the SSSD to gracefully terminate all of its child processes and then shut down the monitor. SIGHUP Tells the SSSD to stop writing to its current debug file descriptors and to close and reopen them. This is meant to facilitate log rolling with programs like logrotate. SIGUSR1 Tells the SSSD to simulate offline operation for one minute. This is mostly useful for testing purposes. SIGUSR2 Tells the SSSD to go online immediately. This is mostly useful for testing purposes. NOTES If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO", client applications will not use the fast in memory cache. sssd-1.11.5/src/man/PaxHeaders.13173/sss_groupdel.8.xml0000644000000000000000000000007412320753107020516 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.620874237 sssd-1.11.5/src/man/sss_groupdel.8.xml0000664002412700241270000000305512320753107020743 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_groupdel 8 sss_groupdel delete a group sss_groupdel options GROUP DESCRIPTION sss_groupdel deletes a group identified by its name GROUP from the system. OPTIONS sssd-1.11.5/src/man/PaxHeaders.13173/ca0000644000000000000000000000013212320753573015425 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.534843847 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/0000775002412700241270000000000012320753573015731 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/ca/PaxHeaders.13173/sss_groupmod.8.xml0000644000000000000000000000013212320753573021116 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/sss_groupmod.8.xml0000664002412700241270000000464412320753573021355 0ustar00jhrozekjhrozek00000000000000 Pàgines de manual de l'SSSD sss_groupmod 8 sss_groupmod modifica un grup sss_groupmod opcions GRUP DESCRIPCIÓ sss_groupmod modifica el grup per reflectir els canvis que s'especifiquen a la línia d'ordres. OPCIONS , GRUPS Afegiu aquest grup als grups especificats pel paràmetre de GRUPS . El paràmetre de GRUPS és una llista delimitada per comes dels noms de grup. , GRUPS Suprimeix aquest grup dels grups especificats pel paràmetre GRUPS. sssd-1.11.5/src/man/ca/PaxHeaders.13173/sssd-simple.5.xml0000644000000000000000000000013212320753573020632 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/sssd-simple.5.xml0000664002412700241270000001253712320753573021071 0ustar00jhrozekjhrozek00000000000000 Pàgines de manual de l'SSSD sssd-simple 5 Formats de fitxer i convencions sssd-simple el fitxer de configuració per al proveïdor 'simple' de control d'accés d'SSSD DESCRIPCIÓ Aquesta pàgina del manual descriu la configuració del proveïdor senzill de control d'accés per sssd 8. Per una referència detallada de la sintaxi, aneu a la secció de FORMAT DE FITXER de la pàgina del manual sssd.conf 5 . El proveïdor d'accés simple accepta o nega l'accés basat en una llista d'accés o denegació de noms d'usuari grups. S'apliquen les regles següents: Si totes les llistes estan buides, s'accepta l'accés Si es proporciona alguna llista, l'ordre d'avaluació és accpetar, denegar. Això significa que qualsevol regla de denegació explícita substituirà qualsevol regla d'accés. Si es proporcionen una o ambdues llistes d'acceptació tots els usuaris són denegats excepte els que apareixen a la llista. Si només es proporcionen llistes de "denegació" tots els usuaris tenen accés excepte els que apareixen a la llista. OPCIONS DE CONFIGURACIÓ Consulteu la secció SECCIONS DE DOMINI de la pàgina del manual sssd.conf 5 per a més informació sobre la configuració d'un domini SSSD. simple_allow_users (cadena) Llista separada per comes d'usuaris amb permís per iniciar sessió. simple_deny_users (cadena) Llista separada per comes d'usuaris amb denegació explícita per iniciar sessió. simple_allow_groups (cadena) Llista separada per comes de grups que se'ls permet l'entrada. Això s'aplica només a grups d'aquest domini SSSD. No s'avaluen els grups locals. simple_deny_groups (cadena) Llista separada per comes de grups que tenen l'accés explícitament denegat. Això s'aplica només a grups d'aquest domini SSSD. No s'avaluen els grups locals. Specifying no values for any of the lists is equivalent to skipping it entirely. Beware of this while generating parameters for the simple provider using automated scripts. Si us plau, tingueu en compte que és un error de configuració si es defineixen alhora simple_allow_users i simple_deny_users. EXEMPLE L'exemple següent pressuposa que l'SSSD està configurat correctament i example.com és un dels dominis de la secció [sssd]. Aquest exemple mostra només les opcions d'accés simple específiques del proveïdor. [domain/example.com] access_provider = simple simple_allow_users = user1, user2 sssd-1.11.5/src/man/ca/PaxHeaders.13173/sss_obfuscate.8.xml0000644000000000000000000000013212320753573021235 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/sss_obfuscate.8.xml0000664002412700241270000000713712320753573021474 0ustar00jhrozekjhrozek00000000000000 Pàgines de manual de l'SSSD sss_obfuscate 8 sss_obfuscate ofusca una contrasenya de text clar sss_obfuscate opcions [PASSWORD] DESCRIPCIÓ sss_obfuscate converteix una contrasenya especificada en un format illegible per humans i la col·loca a la secció de domini adequada de l'arxiu de configuració d'SSSD. The cleartext password is read from standard input or entered interactively. The obfuscated password is put into ldap_default_authtok parameter of a given SSSD domain and the ldap_default_authtok_type parameter is set to obfuscated_password. Refer to sssd-ldap 5 for more details on these parameters. Si us plau fixi's que ofuscar contrasenyes no proporciona cap benefici real de seguretat ja que un atacant encara podria extreure la contrasenya amb enginyeria inversa. Es recomana aferrissadament l'ús de mecanismes d'autenticació millors com certificats de client o GSSAPI. OPCIONS , La contrasenya per ofuscar es llegirà de l'entrada estàndard. , DOMINI El domini SSSD on utilitzar la contrasenya. El nom per defecte és default. , FITXER Llegeix el fitxer de configuració especificat pel paràmetre de posició. Per defecte: /etc/sssd/sssd.conf sssd-1.11.5/src/man/ca/PaxHeaders.13173/include0000644000000000000000000000013212320753573017050 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.534843847 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/0000755002412700241270000000000012320753573017352 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000013212320753573023271 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/ldap_search_bases.xml0000664002412700241270000000165412320753573023526 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Per defecte: el valor de ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000013212320753573021757 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/param_help.xml0000664002412700241270000000032312320753573022204 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/failover.xml0000644000000000000000000000013212320753573021456 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/failover.xml0000664002412700241270000000425312320753573021711 0ustar00jhrozekjhrozek00000000000000 FAILOVER The failover feature allows back ends to automatically switch to a different server if the current server fails. Failover Syntax The list of servers is given as a comma-separated list; any number of spaces is allowed around the comma. The servers are listed in order of preference. The list can contain any number of servers. For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. The Failover Mechanism The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other service. If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service. The machine is still considered online and might still be tried for another service. Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded to 30 seconds. If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds. sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000013212320753573022307 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/debug_levels.xml0000664002412700241270000000506612320753573022545 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Currently supported debug levels: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: To log fatal failures, critical failures, serious failures and function data use 0x0270. Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000013212320753573021302 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/seealso.xml0000664002412700241270000000470412320753573021536 0ustar00jhrozekjhrozek00000000000000 VEGEU TAMBÉ sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000013212320753573021507 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/upstream.xml0000664002412700241270000000020212320753573021730 0ustar00jhrozekjhrozek00000000000000 SSSD La font de l'SSSD - http://fedorahosted.org/sssd sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000013212320753573022467 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/param_help_py.xml0000664002412700241270000000032312320753573022714 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000013212320753573022714 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/autofs_restart.xml0000664002412700241270000000035312320753573023144 0ustar00jhrozekjhrozek00000000000000 Please note that the automounter only reads the master map on startup, so if any autofs-related changes are made to the sssd.conf, you typically also need to restart the automounter daemon after restarting the SSSD. sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000013212320753573022344 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/experimental.xml0000664002412700241270000000016712320753573022577 0ustar00jhrozekjhrozek00000000000000 This is an experimental feature, please use http://fedorahosted.org/sssd to report any issues. sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000013212320753573022756 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/ldap_id_mapping.xml0000664002412700241270000002227712320753573023217 0ustar00jhrozekjhrozek00000000000000 ID MAPPING The ID-mapping feature allows SSSD to act as a client of Active Directory without requiring administrators to extend user attributes to support POSIX attributes for user and group identifiers. NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are ignored. This is to avoid the possibility of conflicts between automatically-assigned and manually-assigned values. If you need to use manually-assigned values, ALL values must be manually-assigned. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Mapping Algorithm Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object. The SSSD ID-mapping algorithm takes a range of available UIDs and divides it into equally-sized component sections - called "slices"-. Each slice represents the space available to an Active Directory domain. When a user or group entry for a particular domain is encountered for the first time, the SSSD allocates one of the available slices for that domain. In order to make this slice-assignment repeatable on different client machines, we select the slice based on the following algorithm: The SID string is passed through the murmurhash3 algorithm to convert it to a 32-bit hashed value. We then take the modulus of this value with the total number of available slices to pick the slice. NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice). In this situation, it is recommended to either switch to using explicit POSIX attributes in Active Directory (disabling ID-mapping) or configure a default domain to guarantee that at least one is always consistent. See Configuration for details. Configuration Minimum configuration (in the [domain/DOMAINNAME] section): ldap_id_mapping = True ldap_schema = ad The default configuration results in configuring 10,000 slices, each capable of holding up to 200,000 IDs, starting from 10,001 and going up to 2,000,100,000. This should be sufficient for most deployments. Advanced Configuration ldap_idmap_range_min (integer) Specifies the lower bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from min_id in that min_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have min_id be less-than or equal to ldap_idmap_range_min Default: 200000 ldap_idmap_range_max (integer) Specifies the upper bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from max_id in that max_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have max_id be greater-than or equal to ldap_idmap_range_max Default: 2000200000 ldap_idmap_range_size (integer) Specifies the number of IDs available for each slice. If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can. Default: 200000 ldap_idmap_default_domain_sid (string) Specify the domain SID of the default domain. This will guarantee that this domain will always be assigned to slice zero in the ID map, bypassing the murmurhash algorithm described above. Default: not set ldap_idmap_default_domain (string) Specify the name of the default domain. Default: not set ldap_idmap_autorid_compat (boolean) Changes the behavior of the ID-mapping algorithm to behave more similarly to winbind's idmap_autorid algorithm. When this option is configured, domains will be allocated starting with slice zero and increasing monatomically with each additional domain. NOTE: This algorithm is non-deterministic (it depends on the order that users and groups are requested). If this mode is required for compatibility with machines running winbind, it is recommended to also use the ldap_idmap_default_domain_sid option to guarantee that at least one domain is consistently allocated to slice zero. Default: False sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000013212320753573026046 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/ldap_search_bases_experimental.xml0000664002412700241270000000204112320753573026272 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Per defecte: el valor de ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000013212320753573023376 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/service_discovery.xml0000664002412700241270000000322712320753573023631 0ustar00jhrozekjhrozek00000000000000 SERVICE DISCOVERY The service discovery feature allows back ends to automatically find the appropriate servers to connect to using a special DNS query. This feature is not supported for backup servers. Configuration If no servers are specified, the back end automatically uses service discovery to try to find a server. Optionally, the user may choose to use both fixed server addresses and service discovery by inserting a special keyword, _srv_, in the list of servers. The order of preference is maintained. This feature is useful if, for example, the user prefers to use service discovery whenever possible, and fall back to a specific server when no servers can be discovered using DNS. The domain name Please refer to the dns_discovery_domain parameter in the sssd.conf 5 manual page for more details. The protocol The queries usually specify _tcp as the protocol. Exceptions are documented in respective option description. See Also For more information on the service discovery mechanism, refer to RFC 2782. sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/local.xml0000644000000000000000000000013212320753573020741 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/local.xml0000664002412700241270000000134512320753573021173 0ustar00jhrozekjhrozek00000000000000 THE LOCAL DOMAIN In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd 8 ) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. sssd-1.11.5/src/man/ca/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000013212320753573023175 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/include/override_homedir.xml0000664002412700241270000000313012320753573023421 0ustar00jhrozekjhrozek00000000000000 override_homedir (string) Override the user's home directory. You can either provide an absolute value or a template. In the template, the following sequences are substituted: %u login name %U UID number %d domain name %f fully qualified user name (user@domain) %o The original home directory retrieved from the identity provider. %% a literal '%' This option can also be set per-domain. example: override_homedir = /home/%u Default: Not set (SSSD will use the value retrieved from LDAP) sssd-1.11.5/src/man/ca/PaxHeaders.13173/sss_useradd.8.xml0000644000000000000000000000013212320753573020711 xustar000000000000000030 mtime=1396955003.485843884 30 atime=1396955003.485843884 30 ctime=1396955003.485843884 sssd-1.11.5/src/man/ca/sss_useradd.8.xml0000664002412700241270000001440012320753573021137 0ustar00jhrozekjhrozek00000000000000 Pàgines de manual de l'SSSD sss_useradd 8 sss_useradd crea un usuari nou sss_useradd OPCIONS INICI DE SESSIÓ DESCRIPCIÓ sss_useradd crea un nou compte d'usuari utilitzant els valors especificats a la línia d'ordres més els valors per defecte del sistema. OPCIONS , UID Especifica l'UID de l'usuari al valor d'UID. Si no es dóna, és seleccionat automàticament. , COMMENTARI Qualsevol cadena de text que descriu a l'usuari. Sovint s'utilitza com el camp pel nom i cognoms de l'usuari. , HOME_DIR El directori personal del compte d'usuari. Per defecte s'afegeix el NOM D'USUARI a / home i s'utilitza allò com el directori personal. La base que s'afegeix abans del NOM D'USUARI és personalitzable amb el paràmetre user_defaults/baseDirectory de l'sssd.conf. , INTÈRPRET D'ORDRES L'intèrpret d'ordres de l'usuari. Per defecte és /bin/bash. Es pot canviar el valor per defecte amb el paràmetre user_defaults/defaultShell de l'sssd.conf. , GRUPS Una llista dels grups existents on n'és també membre aquest usuari. , Crea el directori personal de l'usuari si no existeix. Al directori personal es copiaran els fitxers i directoris continguts en el directori esquelet (que es pot definir amb l'opció -k o en el fitxer de configuració). , No crea el directori personal de l'usuari. Invalida els paràmetres de configuració. , DIRECTORI ESQUELET The skeleton directory, which contains files and directories to be copied in the user's home directory, when the home directory is created by sss_useradd. Special files (block devices, character devices, named pipes and unix sockets) will not be copied. This option is only valid if the (or ) option is specified, or creation of home directories is set to TRUE in the configuration. , SELINUX_USER The SELinux user for the user's login. If not specified, the system default will be used. sssd-1.11.5/src/man/PaxHeaders.13173/sss_useradd.8.xml0000644000000000000000000000007412320753107020324 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.615874241 sssd-1.11.5/src/man/sss_useradd.8.xml0000664002412700241270000001552412320753107020555 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_useradd 8 sss_useradd create a new user sss_useradd options LOGIN DESCRIPTION sss_useradd creates a new user account using the values specified on the command line plus the default values from the system. OPTIONS , UID Set the UID of the user to the value of UID. If not given, it is chosen automatically. , COMMENT Any text string describing the user. Often used as the field for the user's full name. , HOME_DIR The home directory of the user account. The default is to append the LOGIN name to /home and use that as the home directory. The base that is prepended before LOGIN is tunable with user_defaults/baseDirectory setting in sssd.conf. , SHELL The user's login shell. The default is currently /bin/bash. The default can be changed with user_defaults/defaultShell setting in sssd.conf. , GROUPS A list of existing groups this user is also a member of. , Create the user's home directory if it does not exist. The files and directories contained in the skeleton directory (which can be defined with the -k option or in the config file) will be copied to the home directory. , Do not create the user's home directory. Overrides configuration settings. , SKELDIR The skeleton directory, which contains files and directories to be copied in the user's home directory, when the home directory is created by sss_useradd. Special files (block devices, character devices, named pipes and unix sockets) will not be copied. This option is only valid if the (or ) option is specified, or creation of home directories is set to TRUE in the configuration. , SELINUX_USER The SELinux user for the user's login. If not specified, the system default will be used. sssd-1.11.5/src/man/PaxHeaders.13173/sss_userdel.8.xml0000644000000000000000000000007412320753107020340 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.618874239 sssd-1.11.5/src/man/sss_userdel.8.xml0000664002412700241270000000661512320753107020572 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_userdel 8 sss_userdel delete a user account sss_userdel options LOGIN DESCRIPTION sss_userdel deletes a user identified by login name LOGIN from the system. OPTIONS , Files in the user's home directory will be removed along with the home directory itself and the user's mail spool. Overrides the configuration. , Files in the user's home directory will NOT be removed along with the home directory itself and the user's mail spool. Overrides the configuration. , This option forces sss_userdel to remove the user's home directory and mail spool, even if they are not owned by the specified user. , Before actually deleting the user, terminate all his processes. sssd-1.11.5/src/man/PaxHeaders.13173/es0000644000000000000000000000013212320753573015451 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.535843846 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/0000775002412700241270000000000012320753573015755 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/es/PaxHeaders.13173/sssd-ipa.5.xml0000644000000000000000000000013212320753573020136 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/sssd-ipa.5.xml0000664002412700241270000007673712320753573020411 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sssd-ipa 5 Formatos de archivo y convenciones sssd-ipa El archivo de configuración de SSSD DESCRIPCION Este página de manual describe la configuración del proveedor IPA para sssd 8 . Para una referencia de sintaxis detalladas, vea la sección FILE FORMAT de la página de manual sssd.conf 5 . El proveedor IPA es un back end usado para conectar a un servidor IPA. (Vea el sitio web freeipa.org para información sobre los servidores IPA). Este proveedor requiere que la máquina este unido al dominio IPA; la configuración es casi enteramente auto descubierta y obtenida directamente del servidor. El proveedor IPA acepta las mismas opciones usadas por el proveedor de identidad sssd-ldap 5 y el proveedor de autenticación sssd-krb5 5 con algunas excepciones descritas abajo. Sin embargo, ni es necesario ni está recomendado fijar estas opciones. El proveedor IPA también puede ser usado como proveedor de acceso y cambio de contraseña. Como proveedor de acceso usa reglas HBAC (control de acceso basado en el host). Por favor vea freeipa.org para más información sobre HBAC. No se requiere configuración del proveedor de acceso en el lado cliente. El porveedor IPA usara el respondedor PAC si las entradas Kerberos de los usuario de reinos confiables contienen un PAC. Para hacer la configuración más fácil el respondedor PAC es iniciado automáticamente si la ID del proveedor IPA está configurada. OPCIONES DE CONFIGURACIÓN Vea la sección DOMAIN SECTIONS de la página de manual sssd.conf 5 para detalles sobre la configuración de un dominio SSSD. ipa_domain (cadena) Especifica el nombre del dominio IPA. Esto es opcional. Si no se suministra, se usa el nombre de configuración del dominio. ipa_server, ipa_backup_server (cadena) La lista separada por comas de direcciones IP o nombres de host de los servidores IPA a los que SSSD se conectaría en orden de preferencia. Para más información sobre conmutación en error y redundancia de servidores, vea la sección FAILOVER. Esto es opcional si autodiscovery está habilitado. Para más información sobre el servicio descubridor, vea la sección SERVICE DISCOVERY. ipa_hostname (cadena) Opcional. Puede ser fijado en máquinas donde hostname(5) no refleja el nombre totalmente cualificado usado en el dominio IPA para identificar este host. dyndns_update (boolean) Optional. This option tells SSSD to automatically update the DNS server built into FreeIPA v2 with the IP address of this client. The update is secured using GSS-TSIG. The IP address of the IPA LDAP connection is used for the updates, if it is not otherwise specified by using the dyndns_iface option. NOTA: Sobre sistemas más antiguos (como RHEL 5), para que este comportamiento trabaje fiablemente, el reino por defecto Kerberos debe ser fijado apropiadamente en /etc/krb5.conf NOTE: While it is still possible to use the old ipa_dyndns_update option, users should migrate to using dyndns_update in their config file. Predeterminado: false dyndns_ttl (integer) The TTL to apply to the client DNS record when updating it. If dyndns_update is false this has no effect. This will override the TTL serverside if set by an administrator. NOTE: While it is still possible to use the old ipa_dyndns_ttl option, users should migrate to using dyndns_ttl in their config file. Por defecto: 1200 (segundos) dyndns_iface (string) Optional. Applicable only when dyndns_update is true. Choose the interface whose IP address should be used for dynamic DNS updates. NOTE: While it is still possible to use the old ipa_dyndns_iface option, users should migrate to using dyndns_iface in their config file. Predeterminado: Utilizar la dirección IP de la conexión IPA LDAP ipa_enable_dns_sites (boolean) Enables DNS sites - location based service discovery. If true and service discovery (see Service Discovery paragraph at the bottom of the man page) is enabled, then the SSSD will first attempt location based discovery using a query that contains "_location.hostname.example.com" and then fall back to traditional SRV discovery. If the location based discovery succeeds, the IPA servers located with the location based discovery are treated as primary servers and the IPA servers located using the traditional SRV discovery are used as back up servers Predeterminado: false dyndns_refresh_interval (integer) How often should the back end perform periodic DNS update in addition to the automatic update performed when the back end goes online. This option is optional and applicable only when dyndns_update is true. Default: 0 (disabled) dyndns_update_ptr (bool) Whether the PTR record should also be explicitly updated when updating the client's DNS records. Applicable only when dyndns_update is true. This option should be False in most IPA deployments as the IPA server generates the PTR records automatically when forward records are changed. Default: False (disabled) dyndns_force_tcp (bool) Whether the nsupdate utility should default to using TCP for communicating with the DNS server. Default: False (let nsupdate choose the protocol) ipa_hbac_search_base (cadena) Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC relacionados. Predeterminado: Utilizar DN base ipa_host_search_base (cadena) Opcional. Usa la cadena dada como base de búsqueda para objetos host. Vea ldap_search_base para información sobre la configuración de múltiples bases de búsqueda. Si se dan filtros en alguna base de búsqueda y ipa_hbac_support_srchost está fijado a False, el filtro será ingnorado. Predeterminado: el valor de ldap_search_base ipa_selinux_search_base (cadena)Opcional. Opcional. Usa la cadena dada como base de búsqueda para los mapas de usuario SELinux. Vea ldap_search_base para información sobre la configuración de múltiples bases de búsqueda. Predeterminado: el valor de ldap_search_base ipa_subdomains_search_base (cadena) Opcional: Usa la cadena dada como base de búsqueda de dominios de confianza. Vea ldap_search_base para información sobre la configuración de múltiples bases de búsqueda. Por defecto: el valor de cn=trusts,%basedn ipa_master_domain_search_base (cadena) Opcional: Usa la cadena dada como base de búsqueda para el objeto maestro de dominio. Vea ldap_search_base para información sobre la configuración de múltiples bases de búsqueda. Por defecto: el valor de cn=ad,cn=etc,%basedn krb5_validate (boolean) Verifica con la ayuda de krb5_keytab que el TGT obtenido no ha sido burlado. Predeterminado: true Advierta que este valor por defecto difiere del proveedor back end tradicional de Kerberos. krb5_realm (cadena) El nombre del reino Kerberos. Esto es opcional y por defecto está al valor de ipa_domain. El nombre del reino Kerberos tiene un significado especial en IPA – es convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP. krb5_canonicalize (boolean) Especifica si el host y el usuario principal deberían ser estandarizados cuando se conecten a IPA LDAP y también para peticiones AS. Esta función está disponible con MIT Kerberos >= 1.7 Predeterminado: true krb5_use_fast (cadena) Habilita la autenticación segura flexible de los túneles (FSAT) para la pre-autenticación Kerberos. Se soportan las siguientes opciones: never use FAST. try to use FAST. If the server does not support FAST, continue the authentication without it. This is equivalent to not setting this option at all. demand to use FAST. The authentication fails if the server does not require fast. Default: try NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If SSSD is used with an older version of MIT Kerberos, using this option is a configuration error. ipa_hbac_refresh (entero) La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay muchas peticiones de control de acceso hechas en un corto período. Predeterminado: 5 (segundos) ipa_hbac_selinux (entero) La cantidad de tiempo entre búsquedas de los mapas SELinux contra el servidor IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay muchas peticiones de acceso de usuario hechas en un corto período. Predeterminado: 5 (segundos) ipa_hbac_treat_deny_as (cadena) Esta opción especifica cómo tratar las reglas HBAC tipo DENY obsoletas. A partir de FreeIPA v2.1, las reglas DENY no están soportadas en el servidor. Todos los usuario de FreeIPA necesitarán migrar sus reglas para usar sólo las reglas ALLOW. El cliente soportará dos modos de operación durante este período de transición: DENY_ALL: Si se detecta cualquier regla HBAC DENY, se les denegará el acceso a todos los usuarios. IGNORE: SSSD ignorará cualquier regla DENY. Sea muy cuidadoso con este opción, puesto que pueden abrirse accesos no pretendidos. Predeterminado: DENY_ALL ipa_hbac_support_srchost (boolean) Si se fija a false, el host fuente dado a SSSD por PAM será ignorado. Advierta que si la fija a False, esta opción causa que los filtros dados en ipa_host_search_base sean ignorados; Predeterminado: false ipa_server_mode (boolean) This option should only be set by the IPA installer. The option denotes that the SSSD is running on IPA server and should perform lookups of users and groups from trusted domains differently. Predeterminado: false ipa_automount_location (cadena) La localización del automontador de este cliente IPA que será usada Por defecto: La localización llamada “default” ipa_netgroup_member_of (cadena) El atributo LDAP que lista los afiliados del grupo de red. Predeterminado: memberOf ipa_netgroup_member_user (cadena) El atributo LDAP que lista los usuarios del sistema y grupos que son miembros directos del grupo de red. Predeterminado: memberUser ipa_netgroup_member_host (cadena) El atributo LDAP que lista los host y grupos de host que son miembros directos del grupo de red. Predeterminado: memberHost ipa_netgroup_member_ext_host (cadena) El atributo LDAP que lista los FQDNs de host y grupos de host que son miembros del grupo de red. Predeterminado: externalHost ipa_netgroup_domain (cadena) El atributo LDAP que contiene el nombre de dominio NIS del grupo de red. Predeterminado: nisDomainName ipa_host_object_class (cadena) El objeto clase de una entrada host en LDAP. Predeterminado: ipaHost ipa_host_fqdn (cadena) El atributo LDAP que contiene el FQDN del host. Por defecto: fqdn ipa_selinux_usermap_object_class (cadena) El objeto clase de una entrada host en LDAP. Predeterminado: ipaHost ipa_selinux_usermap_name (cadena) El atributo LDAP que contiene el nombre del mapa de usuario SELinux. Predeterminado: cn ipa_selinux_usermap_member_user (cadena) El atributo LDAP que contiene todos los usuarios / grupos contra los que esta regla coincide. Predeterminado: memberUser ipa_selinux_usermap_member_host (cadena) El atributo LDAP que contiene todos los hosts /grupos de hosts contra los que esta regla coincide. Predeterminado: memberHost ipa_selinux_usermap_see_also (cadena) El atributo LDAP que contiene la regla DN de HBAC que puede ser usada en lugar de memberUser o memberHost Por defecto: seeAlso ipa_selinux_usermap_selinux_user (cadena) El atributo LDAP que contiene la cadena de usuario SELinux mismo. Por defecto: ipaSELinuxUser ipa_selinux_usermap_enabled (cadena) El atributo LDAP que contiene si el mapa de usuario está o no habilitado para utilización. Por defecto: ipaEnabledFlag ipa_selinux_usermap_user_category (cadena) El atributo LDAP que contiene la categoría del usuario como ‘all’. Por defecto: userCategory ipa_selinux_usermap_host_category (cadena) El atributo LDAP que contiene la categoría del host como ‘all’. Por defecto: hostCategory ipa_selinux_usermap_uuid (cadena) El atributo LDAP que contiene la ID única del mapa de usuario. Por defecto: ipaUniqueID ipa_host_ssh_public_key (cadena) El atributo LDAP que contiene las claves públicas SSH del host. Por defecto: ipaSshPubKey PROVEEDOR DE SUBDOMINIOS El proveedor de subdominios IPA se comporta de forma ligeramente diferente si está configurado explícitamente o implícitamente. Si la opción ' subdomains_provider = ipa' se encuentra en la sección de dominio de sssd.conf, el proveedor de subdominios de IPA se configura explícitamente, y todas las peticiones de subdominio se envían al servidor de IPA si es necesario. If the option 'subdomains_provider' is not set in the domain section of sssd.conf but there is the option 'id_provider = ipa', the IPA subdomains provider is configured implicitly. In this case, if a subdomain request fails and indicates that the server does not support subdomains, i.e. is not configured for trusts, the IPA subdomains provider is disabled. After an hour or after the IPA provider goes online, the subdomains provider is enabled again. EJEMPLO El siguiente ejemplo asume que SSSD está correctamente configurado y example.com es uno de los dominios en la sección [sssd]. Este ejemplo muestra sólo las opciones específicas del proveedor ipa. [domain/example.com] id_provider = ipa ipa_server = ipaserver.example.com ipa_hostname = myhost.example.com sssd-1.11.5/src/man/es/PaxHeaders.13173/pam_sss.8.xml0000644000000000000000000000013212320753573020063 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/pam_sss.8.xml0000664002412700241270000001271212320753573020315 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD SSSD The SSSD upstream - http://fedorahosted.org/sssd pam_sss 8 pam_sss Módulo PAM para SSSD pam_sss.so quiet forward_pass use_first_pass use_authtok retry=N ignore_unknown_user DESCRIPCION pam_sss.so es la interfaz PAM para el demonio Servicios de Seguridad de Sistema (SSSD). Los errores y resultados son registrados a través de syslog(3) con la facilidad LOG_AUTHPRIV. OPCIONES Suprime el registro de mensajes de usuarios desconocidos. Si está fijada el password introducido se pone en la pila para que lo usen otros módulos PAM. El argumento use_first_pass fuerza al módulo a usar un módulo de password apilado previamente y nunca preguntará al usuario - si no hay password disponible o el password no es apropiado, se denegará el acceso al usuario. Cuando cambia el password fuerza al módulo a fijar el nuevo password a uno suministrado por un módulo de password previamente apilado. Si el usuario especificado es preguntado N veces por un password si la autenticación falla. Por defecto es 0. Por favor advierta que esta opción puede no trabajar como se espera llamando PAM a manejar el diálogo de usuario por el mismo. Un ejecplo típico es sshd con . If this option is specified and the user does not exist, the PAM module will return PAM_IGNORE. This causes the PAM framework to ignore this module. TIPOS DE MÓDULOS SUMINISTRADOS Todos los tipos de módulos (, , y ) son suministrados. ARCHIVOS Si un password se resetea por un fallo de root, como el correspondiente proveedor SSSD no soporta el reseteo de password, se puede mostrar un mensaje individual. Este mensaje puede, por ejemplo, contener instrucciones sobre como resetear un password. El mensaje se lee desde el fichero pam_sss_pw_reset_message.LOC donde LOC destaca una cadena de lugar devuelta por setlocale3 . Si no hay fichero coincidente se muestra el contenido de pam_sss_pw_reset_message.txt. Root debe ser el propietario de los ficheros y sólo root puede tener permisos de lectura y escritura mientras que todos los demás usuarios sólo tienen permisos de lectura. Estos ficheros son buscados en el directorio /etc/sssd/customize/DOMAIN_NAME/. Si no hay archivos coincidentes se muestra un mensaje genérico. sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_cache.8.xml0000644000000000000000000000013212320753573020351 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/sss_cache.8.xml0000664002412700241270000001414212320753573020602 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_cache 8 sss_cache lleva a cabo la limpieza del escondrijo sss_cache options DESCRIPCION sss_cache invalida resgistros en el escondrijo SSSD. Los registros invalidados son forzados a recargarse desde el servidor tan pronto como el punto final SSSD relacionado está en línea. OPCIONES , Invalidate all cached entries except for sudo rules. , login Invalida el usuario específico. , Invalida todos los registros de usuario. Esta opción anula la invalidación de usuario específico si también está fijada. , group Invalida grupo específico. , Invalida todos los registros de grupo. Esta opción anula la invalidación de grupo específico si también está fijada. , netgroup Invalida grupo de red específico. , Invalida todos los registros de grupo de red. Esta opción anula la invalidación de grupo de red específico si también está fijada. , service Invalida servicio específico , Invalida todos los archivos de servicio. Esta opción anula la invalidación de servicio específico si también fue fijada. , autofs-map Invalida mapas específicos autofs. , Invalida todos los mapas autofs. Esta opción anula la invalidación de mapa específico si fue fijada. , domain Restringe el proceso de invalidación sólo a un dominio concreto. sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_ssh_knownhostsproxy.1.xml0000644000000000000000000000013212320753573023473 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/sss_ssh_knownhostsproxy.1.xml0000664002412700241270000000706512320753573023732 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_ssh_knownhostsproxy 1 sss_ssh_knownhostsproxy obtiene las claves OpenSSH del host sss_ssh_knownhostsproxy options HOST PROXY_COMMAND DESCRIPCION sss_ssh_knownhostsproxy adquiere las claves públicas SSH del host para el host HOST, las almacena en un fichero personal OpenSSH conocido por el host (vea la sección SSH_KNOWN_HOSTS FILE FORMAT de sshd 8 para más información) /var/lib/sss/pubconf/known_hosts y establece la conexión al host. Si se especifica PROXY_COMMAND, se usa para crear la conexión al host en lugar de abrir un socket. ssh 1 puede ser configurado para usar sss_ssh_knownhostsproxy para autenticación de la clave del host usando las siguientes directivas ssh 1 configuration: ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts OPCIONES , PORT Usa el puerto PORT para conectar al host. Por defecto, el puerto usado es el 22. , DOMINIO Busca las claves públicas del host en el dominio SSSD DOMAIN. EXIT STATUS In case of success, an exit value of 0 is returned. Otherwise, 1 is returned. sssd-1.11.5/src/man/es/PaxHeaders.13173/sssd.conf.5.xml0000644000000000000000000000013212320753573020313 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/sssd.conf.5.xml0000664002412700241270000024431312320753573020551 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sssd.conf 5 Formatos de archivo y convenciones sssd.conf El archivo de configuración de SSSD Formato de archivo El archivo posee una sintaxis de tipo ini consistente de secciones y parámetros. Una sección comienza con el nombre de dicha sección colocado entre corchetes, y continua hasta que comienza la próxima sección. Este es un ejemplo de una sección con parámetros de valores simples y múltiples: [section] key = value key2 = value2,value3 Los tipos de datos utilizados son cadenas (no es necesario ingresarlos entre comillas), enteros o booleanos (cuyos valores son TRUE/FALSE). Una línea de comentario comienza con una almohadilla (#) o un punto y coma (;). No se soportan los comentarios en línea. Todas las secciones pueden tener un parámetro opcional de descripción. Su función es solo la de servir como etiqueta a tal sección. sssd.conf debe ser un archivo regular, cuyo dueño sea el usuario root, y sólo este usuario podrá tener permisos de lectura y escritura sobre él. SECCIONES ESPECIALES La sección [sssd] Trozos individuales de funcionalidad SSSD son suministrados por servicios especiales SSSD que se inician y parar junto a SSSD. Los servicios son gestionados por un servicio especial frecuentemente llamado monitor. La sección [sssd] se usa para configurar el monitor así como algunas otras opciones importantes como la identidad de dominios. Parámetros de sección config_file_version (entero) Indica cuál es la sintaxis del archivo de configuración. SSSD 0.6.0 y posteriores utilizan una versión 2. servicios Una lista separadas por comas de los servicios que son iniciados cuando se enciende sssd. Servicios soportados: nss, pam , sudo , autofs , ssh , pac reconnection_retries (entero) Cantidad de intentos de reconexión de los servicios ante una eventual caída de datos del proveedor, o de reiniciarse antes de abandonar Predeterminado: 3 dominios A domain is a database containing user information. SSSD can use more domains at the same time, but at least one must be configured or SSSD won't start. This parameter described the list of domains in the order you want them to be queried. A domain name should only consist of alphanumeric ASCII characters, dashes and underscores. re_expression (cadena) Expresión regular por defecto que describe como analizar la cadena que contiene el nombre de usuario y el dominio en estos componentes. Cada dominio puede tener una expresión regular individual configurada. Para algunos proveedores de ID hay también expresiones regulares por defecto. Vea DOMAIN SECTIONS para más información sobre estas expresiones regulares. full_name_format (cadena) A printf 3 -compatible format that describes how to compose a fully qualified name from user name and domain name components. The following expansions are supported: %1$s user name %2$s domain name as specified in the SSSD config file. %3$s domain flat name. Mostly usable for Active Directory domains, both directly configured or discovered via IPA trusts. Cada dominio puede tener una cadena de formato individual configurar. Vea SECCIONES DOMINIO para más información sobre esta opción. try_inotify (boolean) SSSD monitorea el estado de resolv.conf para saber cuando es necesario actualizar su resolutor DNS interno. Por defecto, intentaremos utilizar para ello la herramienta inotify, quien consultará a resolv.conf cada cinco segundos en caso que inotify no pueda ser utilizado. Existen algunas pocas situaciones en donde lo preferible es evitar el uso de inotify. En estas raras excepciones, la opción debería ser definida en 'false' Predeterminado: 'true' en plataformas donde inotify tenga soporte. 'False' en el resto de las plataformas. Nota: esta opción no tendrá efecto en plataformas donde inotify no se encuenytre disponible. En estas plataformas, la consulta (polling) será utilizada siempre. krb5_rcache_dir (cadena) Directorio en el sistema de archivos donde SSSD debería guardar fichero de reproducción de cache de Kerberos. Esta opción acepta un valor especial __LIBKRB5_DEFAULTS__ que instruirá a SSSD para dejar a libkrb5 decidir la localización apropiada del escondrijo de respuesta. Por defecto: Distribución específica y especificado en la acumulación de tiempo. (si no se configura __LIBKRB5_DEFAULTS__) default_domain_suffix (cadena) Esta cadena será usada como nombre de dominio por defecto para todos los nombre sin un componente de nombre de dominio. El principal caso de uso es en entornos donde el dominio principal está dirigido a gestionar las políticas de host y todos los usuarios están localizados en un dominio confiable. La opción permite a esos usuarios acceder sólo con su nombre de usuario sin dar también un nombre de dominio. Por favor advierta si esta opción está fijada en todos los usuarios del dominio primaria que tengan que usar su nombre cualificado completo, esto es user@domain.name, para acceder. Predeterminado: no definido SECCIONES DE SERVICIOS Los ajustes que pueden ser utilizados para configurar diferentes servicios se describe en esta sección. Ellos deben residir en la sección [$NAME], por ejemplo, para el servicio NSS, la sección sería [nss] Opciones de configuración de servicios generales Estas opciones pueden usarse para configurar cualquier servicio. debug_level (entero) debug_timestamps (bool) Agregar una marca de tiempo a los mensajes de depuración Predeterminado: true debug_microseconds (bool) Agregar microsegundos a la marca de tiempo en mensajes de depuración Predeterminado: false timeout (entero) Tiempo de espera en segundos entre latidos para este servicio. Esto se usa para asegurar que el proceso está vivo y capaz de responder peticiones. Predeterminado: 10 reconnection_retries (entero) Cantidad de intentos de reconexión de los servicios ante una eventual caída de datos del proveedor, o de reiniciarse antes de abandonar Predeterminado: 3 fd_limit Esta opción especifica el número máximo de descriptores de ficheros que pueden ser abiertos a la vez por este proceso SSSD. Sobre sistemas donde SSSD ha alcanzado la capacidad CAP_SYS_RESOURCE, este será un ajuste absoluto. Sobre sistemas sin esta capacidad, el valor resultante será el valor más bajo de este o de limite “hard” en limits.conf. Por defecto: 8192 (o limite “hard” en limits.conf) client_idle_timeout Esta opción especifica el número de segundos que un cliente de un proceso SSSD puede retener un desciptor de fichero sin comunicarlo. Este valor está limitado con el objetivo de evitar un agotamiento de los recursos del sistema. Predeterminado: 60 force_timeout (entero) Si un servicio no está respondiendo a las comprobaciones ping (vea la opción timeout), primero enviará la señal SIGTERM que le instruye a salir amigablemente. Si el servicio no termina después de force_timeout segundos, el monitor le forzara a caer enviando una señal SIGKILL. Predeterminado: 60 Opciones de configuración de NSS Estas opciones pueden ser usadas para configurar el servicio Name Service Switch (NSS). enum_cache_timeout (entero) Cuantos segundos ocultaría enumeraciones nss_sss (peticiones de información sobre todos los usuarios) Predeterminado: 120 entry_cache_nowait_percentage (entero) La entrada a la cache puede ser fijada automáticamente para actualizar entradas en segundo plano si hay peticiones más allá de un porcentanje del valor de entry_cache_timeout para el dominio. Por ejemplo, si entry_cache_timeout del dominio está fijado a 30 y entry_cache_nowait_percentage está fijado a 50 (por ciento), las entradas que vengan después de 15 segundos pasado el último cache serán devueltas inmediatamente, pero SSSD irá y actualizará el cache por el mismo, de modo que las futuras peticiones no necesitarán bloquearse a la espera de una actualización del cache. Los valores válidos para esta opción son 0-99 y representan un porcentaje de entry_cache_timeout para cada dominio. Por razones de rendimiento, este porcentaje nunca reducirá el tiempo de salida de no espera a menos de 10 segundos. (0 deshabilita esta función). Predeterminado: 50 entry_negative_timeout (entero) Especifica por cuantos segundos nss_sss escondería golpes negativos al cache (esto es, consultas para entradas no válidas a la base de datos, como entradas no existentes) antes de preguntar al punto final otra vez. Predeterminado: 15 filter_users, filter_groups (cadena) Excluye ciertos usuarios de ser exagerados por la base de datos sss NSS. Esto es particularmente útil para cuentas de sistema. Esta opción puede ser también fijada por dominio o incluir nombres totalmente cualificados para filtrar sólo usuario de un dominio concreto. Predeterminado: root filter_users_in_groups (bool) Si usted desea filtrar usuarios aunque sean miembros del grupo, fije esta opción a false. Predeterminado: true fallback_homedir (cadena) Fija la plantilla por defecto para el direcorio home del usuario si no se ha especificado una explícitamente por el proveedor de datos del dominio. Los valores disponibles para esta opción son los mismos que para override_homedir. ejemplo: fallback_homedir = /home/%u Por defecto: no fijado (sin sustitución para los directorios home no fijados) override_shell (cadena) Override the login shell for all users. This option supersedes any other shell options if it takes effect and can be set either in the [nss] section or per-domain. Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP) allowed_shells (cadena) Restringe la shell de usuario a uno de los valores listados. El orden de evaluación es: 1. Si el shell está presente en /etc/shells, se usa. 2. Si el shell está en la lista allowed_shells pero no en /etc/shells, usa el valor del parámetro shell_fallback. 3. Si el shell no está en la lista allowed_shells y tampoco en /etc/shells, se usará un shell de no acceso. Una cadena vacía para el shell se pasa como-es a libc. /etc/shells es de sólo lectura en el inicio SSSD, lo que significa que se requiere el reinicio del SSSD en el caso de que se instale una nueva shell. Por defecto: No fijado. La shell del usuario se usa automáticamente. vetoed_shells (cadena) Reemplaza cualquier instancia de estos shells con shell_fallback shell_fallback (cadena) La shell por defecto a usar si una shell permitida no está instalada en la máquina. Predeterminado: /bin/sh default_shell The default shell to use if the provider does not return one during lookup. This option can be specified globally in the [nss] section or per-domain. Por defecto: no fijado (Devuelve NULL si no se ha especificado una shell y confía en libc para sustituir algo sensible cuando sea necesario, normalmente /bin/sh) get_domains_timeout (entero) Especifica el tiempo en segundos por los cuales la lista de subdominios será considerada válida. Predeterminado: 60 memcache_timeout (entero) Especifica el tiempo en segundos durante el cual los archivos en el escondrijo en memoria serán válidos. Predeterminado: 300 Opciones de configuración PAM Estas opciones pueden ser usadas para configurar el servicio Pluggable Authentication Module (PAM) offline_credentials_expiration (entero) Si la autenticación del proveedor es fuera de línea, cuanto permitiríamos los accesos escondidos (en días desde el último login en línea con éxito). Predeterminado: 0 (Sin límite) offline_failed_login_attempts (entero) Si la autenticación del proveedor es fuera de línea, cuantos intentos de login fallados están permitidos. Predeterminado: 0 (Sin límite) offline_failed_login_delay (entero) El tiempo en minutos que ha de pasar después de que offline_failed_login_attempts ha sido alcanzado antes de que un nuevo intento de login sea posible. Si se fija en 0 el usuario no puede autenticarse fuerta de línea si se ha alcanzado offline_failed_login_attempts. Sólo una autenticación en línea con éxito puede habilitar otra vez la autenticación fuera de línea. Predeterminado: 5 pam_verbosity (entero) Controla qué tipo de mensajes se muestra al usuario durante la autenticación. Cuanto mayor sea el número de mensajes más aparecen. Actualmente sssd soporta los siguientes valores: 0: no mostrar ningún mensaje 1: mostrar sólo mensajes importantes 2: mostrar mensajes informativos 3: mostrar todos los mensajes e información de depuración Predeterminado: 1 pam_id_timeout (entero) Para cualquier petición PAM mientras SSSD está en línea, SSSD intentará inmediatamente actualizar la información de identidad escondida por el usuario con el objetivo de asegurar que la autenticación tiene lugar con la información más actual. Una conversación PAM completa puede llevar a cabo múltiples peticiones PAM, como gestión de cuenta y apertura de sesión. Esta opción controla (sobre una base de por cliente-aplicación) cuanto (en segundos) podemos esconder la información de identidad para evitar excesivos viajes de ida y vuelata al proveedor de identidad. Predeterminado: 5 pam_pwd_expiration_warning (entero) Mostrar una advertencia N días antes que la contraseña caduque. Por favor advierta que el servidor de punto final tiene que suministrar información sobre el tiempo de expiración de la contraseña. Si esta información desaparece, sssd no podrá mostrar un aviso. Si está fijado cero, no se aplicará el filtro, esto es si se recibe una advertencia de expiración desde el servidor final, se mostrará automáticamente. Este ajuste puede ser anulado por el ajuste pwd_expiration_warning para un dominio concreto. Predeterminado: 0 get_domains_timeout (entero) Especifica el tiempo en segundos por los cuales la lista de subdominios será considerada válida. Predeterminado: 60 SUDO opciones de configuración Estas opciones pueden ser usadas para configurar el servicio sudo. sudo_timed (booleano) Si se evalúan o no los atributos sudoNotBefore y sudoNotAfter que implementa entradas de sudoers dependientes del tiempo. Predeterminado: false Opciones de configuración AUTOFS Estas opciones pueden ser usadas para configurar el servicio autofs. autofs_negative_timeout (entero) Especifica cuantos segundos debería el respondedor negativo autofs esconder golpes (esto es, consultas a entradas de mapa no válidad, como las no existentes) antes de preguntar al punto final otra vez. Predeterminado: 15 Opciones de configuración SSH Estas opciones se pueden usar para configurar el servicio SSH. ssh_hash_known_hosts (booleano) Si se pican o no los nombres y las direcciones de host en fichero gestionado known_host. Predeterminado: true ssh_known_hosts_timeout (entero) Cuantos segundos se mantiene un host en el fichero known_hosts gestionados después de que se hayan pedido sus claves de host. Por defecto: 180 Opciones de configuración del respondedor PAC El respondedor PAC trabaja junto el plugin de datos de autorización para MIT Kerberos sssd_pac_plugin.so y un proveedor de subdominio. El plugin envía el dato PAC durante una autenticación GSSAPI al respondedor PAC. El proveedor de subdominio recoge los rangos SID e ID del dominio a los que se une el cliente y de los dominio remotos de confianza desde el controlador de dominio local. Si el PAC es descodificado y evaluado se hacen alguna de las siguientes operaciones: If the remote user does not exist in the cache, it is created. The uid is determined with the help of the SID, trusted domains will have UPGs and the gid will have the same value as the uid. The home directory is set based on the subdomain_homedir parameter. The shell will be empty by default, i.e. the system defaults are used, but can be overwritten with the default_shell parameter. If there are SIDs of groups from domains sssd knows about, the user will be added to those groups. Estas opciones pueden ser usadas para configurar el respondedor PAC. allowed_uids (cadena) Especifica la lista separada por comas de los valores UID o nombres de usuario que tiene el acceso permitido al respondedor PAC. Por defecto: 0 (sólo el usuario root tiene permitido el acceso al respondedor PAC) Por favor advierta que aunque la UID 0 se usa por defecto será anulada con esta opción. Si usted deses todavía permitir al usuario root acceder al respondedor PAC, que sería el caso típico, usted tiene que añadir 0 a la lista de UIDs permitidas también. SECCIONES DE DOMINIO Estas opciones de configuración pueden estar presentes en la sección configuración de dominio, esto es, en una sección llamada [domain/NAME] min_id, max_id (entero) Límites de UID y GID para el dominio. Si un dominio contiene una entrada que está fuera de estos límites, ésta es ignorada. Para usuarios, esto afecta al límite primario GID. El usuario no será devuelto a NSS si bien la UID o el GID primario está fuera de rango. Para los miembros de grupos no primarios, aquellos que estén en rango serán reportados como en espera. These ID limits affect even saving entries to cache, not only returning them by name or ID. Predeterminado: 1 para min_id, 0 (sin límite) para max_id enumerar (bool) Determina si un dominio puede ser enumerado. Este parámetro puede tener uno de los siguientes valores: TRUE = Usuarios y grupos son enumerados FALSE = Sin enumeraciones para este dominio Predeterminado: FALSE Nota: Habilitar la enumeración tiene un impacto en el rendimiento moderado sobre SSSD mientras la enumeración está corriendo. Puede tomar varios minutos desde que SSSD ha arrancado hasta completar todas las enumeraciones. Durante este tiempo, las peticiones de información individuales irán directamente a LDAP, aunque puede ser lento, debido al pesado proceso de enumeración. Guardar un gran número de entradas en la cache después de completar la enumeración puede también ser intenso para la CPU puesto que las afiliaciones deben ser recalculadas. Mientras está corriendo la primera enumeración, peticiones para el usuario completo o listas de grupo pueden no devolver resultados hasta que se completen. Adicionalmente, la habilitación de la enumeración puede incrementar el tiempo necesario para detectar la desconexión de red, tanto como los tiempos de espera necesarios para asegurar que las búsquedas de enumeración se han completado. Para más información vea las páginas de manual para el específico id_provider en uso. Por las razones citadas arriba, no se recomienda habilitar la enumeración, especialmente en entornos grandes. subdomain_enumerate (string) Whether any of autodetected trusted domains should be enumerated. The supported values are: all All discovered trusted domains will be enumerated none No discovered trusted domains will be enumerated Optionally, a list of one or more domain names can enable enumeration just for these trusted domains. Predeterminado: none force_timeout (entero) Si un servicio no está respondiendo a las comprobaciones ping (vea la opción timeout), primero enviará la señal SIGTERM que le instruye a salir amigablemente. Si el servicio no termina después de force_timeout segundos, el monitor le forzara a caer enviando una señal SIGKILL. Predeterminado: 60 entry_cache_timeout (entero) Cuántos segundos debe considerar nss_sss como válidas las entradas antes de volver a consultar al backend The cache expiration timestamps are stored as attributes of individual objects in the cache. Therefore, changing the cache timeout only has effect for newly added or expired entries. You should run the sss_cache 8 tool in order to force refresh of entries that have already been cached. Predeterminado: 5400 entry_cache_user_timeout (entero) Cuantos segundos debería nss_sss considerar las entradas de usuario válidas antes de preguntar al punto final otra vez. Por defecto: entry_cache_timeout entry_cache_group_timeout (entero) Cuantos segundos debería nss_sss considerar las entradas de grupo válidas antes de preguntar al punto final otra vez. Por defecto: entry_cache_timeout entry_cache_netgroup_timeout (entero) Cuantos segundos debería nss_sss considerar las entradas de grupo de red válidas antes de preguntar al punto final otra vez. Por defecto: entry_cache_timeout entry_cache_service_timeout (entero) Cuantos segundos debería nss_sss considerar las entradas de servicio válidas antes de preguntar al punto final otra vez. Por defecto: entry_cache_timeout entry_cache_sudo_timeout (entero) Cuantos segundos debería considerar las regulas sudo válidas antes de preguntar al backend otra vez. Por defecto: entry_cache_timeout entry_cache_autofs_timeout (entero) Cuantos segundos deberá considerar el servicio autofs los mapas de automontaje válidos antes de preguntar al punto final otra vez. Por defecto: entry_cache_timeout refresh_expired_interval (integer) Specifies how many seconds SSSD has to wait before refreshing expired records. Currently only refreshing expired netgroups is supported. You can consider setting this value to 3/4 * entry_cache_timeout. Default: 0 (disabled) cache_credentials (bool) Determina si las credenciales del usuario están también escondidas en el cache LDB local Las credenciales de usuario son almacenadas en un hash SHA512, no en texto plano Predeterminado: FALSE account_cache_expiration (entero) Entradas de números de días que son dejadas en el cache después del último login con éxito antes de ser borrado durante la limpieza de la cache. 0 significa mantener para siempre. El valor de este parámetro debe ser más grande o igual que offline_credentials_expiration. Predeterminado: 0 (ilimitado) pwd_expiration_warning (entero) Mostrar una advertencia N días antes que la contraseña caduque. Si está fijado cero, no se aplicará el filtro, esto es si se recibe una advertencia de expiración desde el servidor final, se mostrará automáticamente. Por favor advierta que el servidor de backend tiene que suministrar información sobre la hora expiración de la contraseña. Si esta información está desaparecida, sssd no puede mostrar un aviso. También se tiene que configurar un proveedor de autorización para el backend. Por defecto: 7 (Kerberos), 0 (LDAP) id_provider (cadena) El proveedor de identificación usado por el dominio. Los proveedores de ID soportados son: proxy: Soporta un proveedor NSS legado local: Proveedor interno SSSD para usuarios locales ldap: Proveedor LDAP. Vea sssd-ldap 5 para más información sobre la configuración de LDAP. ipa: Proveedor FreeIPA y Red Hat Enterprise Identity Management. Vea sssd-ipa 5 para más información sobre la configuración de FreeIPA. ad: Proveedor Active Directory. Vea sssd-ad 5 para más información sobre la configuración de Active Directory. use_fully_qualified_names (bool) Utiliza el nombre completo y el dominio (formateado en el formato nombre_completo de dominio) como el nombre de acceso del usuario reportado a NSS. Si es TRUE, todas las peticiones a este dominio deben usar nombres totalmente cualificados. Por ejemplo, si se usa en el dominio LOCAL que contiene un usuario “test”, getent passwd test no encontraría al usuario mientras que getent passwd test@LOCAL lo haría. NOTE: This option has no effect on netgroup lookups due to their tendency to include nested netgroups without qualified names. For netgroups, all domains will be searched when an unqualified name is requested. Predeterminado: FALSE ignore_group_members (bool) No devuelve miembros de grupo para búsquedas de grupo. Si se fija a TRUE, el atributo de afiliación al grupo no es pedido desde el servidor ldap, y los miembros del grupo no son devueltos cuando procesa llamadas de búsqueda de grupo. Predeterminado: FALSE auth_provider (cadena) El proveedor de autenticación usado por el dominio. Los proveedores de autenticación soportados son: ldap para autenticación nativa LDAP. Vea sssd-ldap 5 para más información sobre la configuración LDAP. krb5 para autenticación Kerberos. Vea sssd-krb5 5 para más información sobre la configuración de Kerberos. ipa: Proveedor FreeIPA y Red Hat Enterprise Identity Management. Vea sssd-ipa 5 para más información sobre la configuración de FreeIPA. ad: Proveedor Active Directory. Vea sssd-ad 5 para más información sobre la configuración de Active Directory. proxy para la reinstalación de la autenticación a algún otro objetivo PAM. none deshabilita la autenticación explícitamente. Por defecto: id_provider se usa si se ha fijado y puede manejar las peticiones de autenticación. access_provider (cadena) El proveedor de control de acceso usado por el dominio. Hay dos provedores de acceso integrados (además de cualquiera instalado en los finales). Los proveedores especiales internos son: permit siempre permite el acceso. Es el proveedor de acceso sólo permitido para un dominio local. deny siempre niega el acceso. ldap para autenticación nativa LDAP. Vea sssd-ldap 5 para más información sobre la configuración LDAP. ipa: Proveedor FreeIPA y Red Hat Enterprise Identity Management. Vea sssd-ipa 5 para más información sobre la configuración de FreeIPA. ad: Proveedor Active Directory. Vea sssd-ad 5 para más información sobre la configuración de Active Directory. simple control de acceso basado en listas de acceso o denegación. Vea sssd-simple 5 para más información sobre la configuración del módulo de acceso sencillo. Predeterminado: permit chpass_provider (cadena) El proveedor que debería manejar las operaciones de cambio de password para el dominio. Los proveedores de cambio de passweord soportados son: ldap para cambiar una contraseña almacenada en un servidor LDAP. Vea sssd-ldap 5 para más información sobre configurar LDAP. krb5 para cambiar una contraseña Kerberos. Vea sssd-krb5 5 para más información sobre configurar Kerberos. ipa: Proveedor FreeIPA y Red Hat Enterprise Identity Management. Vea sssd-ipa 5 para más información sobre la configuración de FreeIPA. ad: Proveedor Active Directory. Vea sssd-ad 5 para más información sobre la configuración de Active Directory. proxy para la reinstalación de cambios de password en algunos otros objetivos PAM. none deniega explícitamente los cambios en la contraseña. Por defecto: auth_provider se utiliza si se ha fijado y se puede manejar las peticiones de cambio de password. sudo_provider (cadena) El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son: ldap para reglas almacenadas en LDAP. Vea sssd-ldap 5 para más información sobre la configuración LDAP. ipa the same as ldap but with IPA default settings. ad the same as ldap but with AD default settings. nonedeshabilita SUDO explícitamente. Por defecto: el valor de id_provider se usa si está fijado. selinux_provider (cadena) El proveedor que manejaría la carga de los ajustes selinux. Advierta que este proveedor será llamado justo después de que el proveedor de acceso finalice. Los proveedores selinux soportados son: ipa para cargar ajustes selinux desde un servidor IPA. Vea sssd-ipa 5 para más información sobre la configuración de IPA. none deshabilita ir a buscar los ajustes selinux explícitamente. Por defecto: id_provider se usa si está fijado y puede manejar las peticiones de carga selinux. subdomains_provider (cadena) El proveedor que debería manejar el atractivo de subdominios. Este valor debería ser siempre el mismo que id_provider. Los proveedores de subdominio soportados son: ipa para cargar una lista de subdominios desde un servidor IPA. Vea sssd-ipa 5 para más información sobre la configuración de IPA. none deshabilita el buscador de subdominios explícitamente. Por defecto: el valor de id_provider se usa si está fijado. autofs_provider (cadena) El proveedor autofs usado por el dominio. Los proveedores autofs soportados son: ldap para cargar mapas almacenados en LDAP. Vea sssd-ldap 5 para más información sobre la configuración de LDAP. ipa para cargar mapas almacenados en un servidor IPA. Vea sssd-ipa 5 para más información sobre la configuración de IPA. none deshabilita autofs explícitamente. Por defecto: el valor de id_provider se usa si está fijado. hostid_provider (cadena) El proveedor usado para recuperar información de identidad de host. Los proveedores de hostid soportados son: ipa para cargar la identidad del equipo almacenada en un servidor IPA. Vea sssd-ipa 5 para más información sobre la configuración de IPA. none deshabilita hostid explícitamente. Por defecto: el valor de id_provider se usa si está fijado. re_expression (cadena) Regular expression for this domain that describes how to parse the string containing user name and domain into these components. The "domain" can match either the SSSD configuration domain name, or, in the case of IPA trust subdomains and Active Directory domains, the flat (NetBIOS) name of the domain. Por defecto para el proveedor AD e IPA: (((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$)) que permite tres estilos diferentes de nombres de usuario: nombre de usuario username@domain.name dominio/nombre_de_usuario Mientras los primeros dos corresponden al valor por defecto general el tercero se introduce para permitir una fácil integración de usuarios desde dominios Windows. Predeterminado: (?P<name>[^@]+)@?(?P<domain>[^@]*$) que traduce al "todo lo que hay hasta el signo @ es el nombre, el dominio es el resto detrás de este signo" POR FAVOR ADVIERTA: el soporte para subplantillas sin nombre único no está disponible en todas las plataformas (por ejemplo, RHEL5 y SLES10). Sólo las plataformas con la versión de libpcre 7 o superior pueden soportar las subplantillas sin nombre único. POR FAVOR TENGA EN CUENTA ADEMAS: Versiones anteriores de libpcre sólo soportan la sintaxis Python (?P<name>) para identificar subpatrones. full_name_format (cadena) A printf 3 -compatible format that describes how to compose a fully qualified name from user name and domain name components. The following expansions are supported: %1$s user name %2$s domain name as specified in the SSSD config file. %3$s domain flat name. Mostly usable for Active Directory domains, both directly configured or discovered via IPA trusts. Predeterminado: %1$s@%2$s. lookup_family_order (cadena) Suministra la capacidad para seleccionar la familia de dirección preferente a usar cuando se lleven a cabo búsquedas DNS. Valores soportados: ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6 ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4. ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4 ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6. Predeterminado: ipv4_first dns_resolver_timeout (entero) Define la cantidad de tiempo (en segundos) para esperar una respuesta desde el DNS antes de asumir que es inalcanzable. Si se alcanza este tiempo de espera, el dominio continuará operativo en modo fuera de línea. Predeterminado: 6 dns_discovery_domain (cadena) Si el descubridor de servicio se usa en el punto final, especifica la parte de dominio de la pregunta al descubridor de servicio DNS. Predeterminado: Utilizar la parte del dominio del nombre de host del equipo override_gid (entero) Anula el valor primario GID con el especificado. case_sensitive (boolean) Trata a los nombres de usuario y grupo como sensibles al teclado. En este momento, esta opción no está soportada en el proveedor local. Predeterminado: True proxy_fast_alias (booleano) Cuando un usuario o grupo es buscado por nombre en el proveedor proxy, una segunda búsqueda por ID es llevada a cabo para “estandarizar” el nombre en el caso de que el nombre pedido fuera un alias. Fijando esta opción a true se causaría que SSSD lleve a cabo una búsqueda de ID desde el escondrijo por razones de rendimiento. Predeterminado: false subdomain_homedir (cadena) Use this homedir as default value for all subdomains within this domain in IPA AD trust. See override_homedir for info about possible values. In addition to those, the expansion below can only be used with subdomain_homedir. %F flat (NetBIOS) name of a subdomain. Este valor puede ser anulado por la opción override_homedir. Por defecto: /home/%d/%u realmd_tags (string) Various tags stored by the realmd configuration service for this domain. Opciones válidas para dominios proxy. proxy_pam_target (cadena) El proxy de destino PAM próximo a. Por defecto: no se fija por defecto, usted tiene que coger una configuración pam existente o crear una nueva y añadir el nombre de servicio aquí. proxy_lib_name (cadena) El nombre de la librería NSS para usar en los dominios proxy. Las funciones NSS buscadas dentro de la librería están el formato de _nss_$(libName)_$(function), por ejemplo _nss_files_getpwent. La sección de dominio local Esta sección contiene la configuración para dominio que almacena los usuarios y grupos en la base de datos SSSD nativa, es decir, un dominio que utiliza id_provider=local. Parámetros de sección default_shell (cadena) El shell predeterminado para los usuarios creados con herramientas de espacio de usuario SSSD. Predeterminado: /bin/bash base_directory (cadena) Las herramientas anexan el nombre de inicio de sesión para base_directory y utilizan éste como el directorio de inicio. Predeterminado: /home create_homedir (bool) Indica si se creará un directorio home por defecto para los nuevos usuarios. Puede ser anulado desde la línea de comando. Predeterminado: TRUE remove_homedir (bool) Indica si el directorio home será borrado por defecto para los usuarios borrados. Puede ser anulado desde la línea de comando. Predeterminado: TRUE homedir_umask (entero) Utilizado por sss_useradd 8 para especificar los permisos predeterminados en un directorio de inicio recién creado. Predeterminado: 077 skel_dir (cadena) El directorio esqueleto, el cual contiene archivos y directorios a copiarse en el directorio principal del usuario, cuando se crea el directorio principal de sss_useradd 8 Predeterminado: /etc/skel mail_dir (cadena) El directorio carreta de correo. Es necesario para manipular el buzón de correo cuando la cuenta de usuario correspondiente es modificada o borrada. Si no se especifica, se utiliza un valor por defecto. Predeterminado: /var/mail userdel_cmd (cadena) El comando que está corriendo después de que un usuario es borrado. El comando us para el nombre de usuario que está siendo borrado como primer y único parámetro. El código de retorno del comando no es tenido en cuenta. Predeterminado: None, no se ejecuta comando EJEMPLO El siguiente ejemplo muestra una configuración SSSD típica. No describe la configuración de los dominios en si mismos – vea la documentación sobre la configuración de dominios para más detalles. [sssd] domains = LDAP services = nss, pam config_file_version = 2 [nss] filter_groups = root filter_users = root [pam] [domain/LDAP] id_provider = ldap ldap_uri = ldap://ldap.example.com ldap_search_base = dc=example,dc=com auth_provider = krb5 krb5_server = kerberos.example.com krb5_realm = EXAMPLE.COM cache_credentials = true min_id = 10000 max_id = 20000 enumerate = False sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_ssh_authorizedkeys.1.xml0000644000000000000000000000013212320753573023226 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/sss_ssh_authorizedkeys.1.xml0000664002412700241270000000713112320753573023457 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_ssh_authorizedkeys 1 sss_ssh_authorizedkeys obtiene las claves OpenSSH autorizadas sss_ssh_authorizedkeys options USER DESCRIPCION sss_ssh_authorizedkeys adquiere la clave pública SSH para el usuario USER y las saca en formato de claves autorizadas OpenSSH (vea la sección AUTHORIZED_KEYS FILE FORMAT de sshd 8 para más información). sshd 8 puede ser configurado para usar sss_ssh_authorizedkeys para autenticación de la clave pública del usuario si está compilado para soporte de AuthorizedKeysCommand o de PubkeyAgent sshd_config 5 options. Si se soporta AuthorizedKeysCommand, sshd 8 puede ser configurado para usarlo poniendo la siguiente directiva en sshd_config 5: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys Si se soporta PubkeyAgent, sshd 8 puede ser configurado para usarlo utilizando la siguiente directiva para sshd 8 configuration: PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u OPCIONES , DOMINIO Busca las claves públicas del usuario en el dominio SSSD DOMAIN. EXIT STATUS In case of success, an exit value of 0 is returned. Otherwise, 1 is returned. sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_groupmod.8.xml0000644000000000000000000000013212320753573021142 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/sss_groupmod.8.xml0000664002412700241270000000466612320753573021405 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_groupmod 8 sss_groupmod modifica un grupo sss_groupmod options GROUP DESCRIPCION sss_groupmod modifica el grupo para reflejar los cambios indicados en la línea de comandos. OPCIONES , GROUPS Agrega este grupo a otros grupos que hayan sido indicados con el parámetro GROUPS. El parámetros GROUPS es una lista de nombres de grupos separados por comas. , GROUPS Elimina este grupo de los grupos especificados con el parámetro GROUPS sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_usermod.8.xml0000644000000000000000000000013212320753573020764 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/sss_usermod.8.xml0000664002412700241270000001140312320753573021212 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_usermod 8 sss_usermod Modifica una cuenta de usuario sss_usermod options LOGIN DESCRIPCION sss_usermod modifica la cuenta especificada por LOGIN para reflejar los cambios que se han especificado en la línea de comando. OPCIONES , COMENTARIO Cualquier cadena de texto describiendo al usuario. Frecuentemente se usa como el campo para el nombre completo del usuario. , HOME_DIR El directorio principal de la cuenta de usuario. , SHELL Shell de inicio de sesión del usuario. , GROUPS Añade este usuario a los grupos especificados por el parámetro GROUPS. El parámetro GROUPS es una lista separada por comas de nombres de grupo. , GROUPS Borrar este usuario de los grupos especificados por el parámetro GROUPS. , Bloquea la cuenta de usuario. El usuario no será capaz de acceder. , Desbloquea la cuenta de usuario. , SELINUX_USER El usuario SELinux para el acceso del usuario. sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_seed.8.xml0000644000000000000000000000013212320753573020226 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/sss_seed.8.xml0000664002412700241270000001372312320753573020463 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_seed 8 sss_seed alimenta el cache SSSD con un usuario sss_seed options -D DOMAIN -n USER DESCRIPCION sss_seed alimenta el cache SSSD con una entrada de usuario y una contresañe temporal. Si una entrada de usuario está ya presente en el cache SSSD la entrada se actualiza con la contraseña temporal OPCIONES , DOMAIN Suministra el nombre del dominio del que el usuario es miembro. El dominio también se usa para recuperar información del usuario. El dominio debe estar configurado en sssd.conf. La opción DOMAIN debe ser suministrada. La información recuperada del dominio anula la que se ha suministrado en las opciones. , USER El nombre de usuario de la entrada a ser creado o modificado en el cache. Se debe suministrar la opción USER. , UID Fija la UID del usuario a UID. , GID Fija la GID del usuario a GID. , COMENTARIO Cualquier cadena de texto describiendo al usuario. Frecuentemente se usa como el campo para el nombre completo del usuario. , HOME_DIR Fija el directorio home del usuario a HOME_DIR. , SHELL Fija la shell de acceso del usuario a SHELL. , Modo interactivo de introducir información del usuario. Esta opción sólo preguntará por la información no suministrada en las opciones o recuperada del dominio. , PASS_FILE Especifica el fichero desde donde leer la contraseña del usuario (si no se especifica se pregunta por la contraseña) NOTAS La longitud de la contraseña (o el tamaño especificado con la opción -p or --password-file) debe ser menos o igual a PASS_MAX bytes ( 64 bytes en sistemas sin valor PASS_MAX globalmente definido). sssd-1.11.5/src/man/es/PaxHeaders.13173/sssd-simple.5.xml0000644000000000000000000000013212320753573020656 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/sssd-simple.5.xml0000664002412700241270000001266612320753573021120 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sssd-simple 5 Formatos de archivo y convenciones sssd-simple el fichero de configuración para en proveedor de control de acceso 'simple' de SSSD DESCRIPCION Esta página de manual describe la configuración del proveedor de control de acceso simple para sssd 8 . Para una referencia detallada de sintaxis, vea la sección FILE FORMAT de la página de manual sssd.conf 5 . El proveedor de acceso simple otorga o deniega el acceso en base a una lista de acceso o denegación de usuarios o grupo de nombres. Se aplican las siguientes reglas: Si todas las listas están vacías, se concede acceso Si se ha suministrado alguna lista, el orden de evaluación es permitir,denegar. Esto significa que cualquier regla de denegación será saltada por cualquier regla de permiso coincidente. Si una o ambas listas de "permiso" se suministran, todos los usuarios serán denegados a no ser que aparezcan en la lista. Si sólo se suministran listas de "denegación", todos los usuarios obtendran acceso a no ser que aparezcan en la lista. OPCIONES DE CONFIGURACIÓN Vea la sección DOMAIN SECTIONS de la página de manual sssd.conf 5 para detalles sobre la configuración de un dominio SSSD. simple_allow_users (cadena) Lista separada por comas de usuarios a los está permitido el acceso. simple_deny_users (cadena) Lista separada por comas de usuarios a los que explicítamente se les deniega el acceso. simple_allow_groups (cadena) Lista separada por comas de grupos que tienen permitido el acceso. Esto se aplica sólo a los grupos dentro del dominio SSSD. Los grupos locales no serán evaluados. simple_deny_groups (cadena) Lista separada por comas de grupos a los que explicítamente se les deniega el acceso. Esto se aplica sólo a los grupos dentro del dominio SSSD. Los grupos locales no serán evaluados. No especificando valores para ninguna de las listas es equivalente a saltarle totalmente. Tenga cuidado de esto mientras genera parámetros para el simple proveedor usando secuencias de comandos automatizadas. Por favor advierta que es un error de configuración si tanto, simple_allow_users como simple_deny_user, están definidos. EJEMPLO El siguiente ejemplo asume que SSSD está correctamente configurado y example.com es uno de los dominios en la sección [sssd]. Este ejemplo muestra sólo las opciones específicas del proveedor de acceso simple. [domain/example.com] access_provider = simple simple_allow_users = user1, user2 sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_obfuscate.8.xml0000644000000000000000000000013212320753573021261 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/sss_obfuscate.8.xml0000664002412700241270000000722112320753573021512 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_obfuscate 8 sss_obfuscate oscurecer un password en texto claro sss_obfuscate options [CONTRASEÑA] DESCRIPCION sss_obfuscate convierte una contraseña dada en un formato no legible y la sitúa en la sección apropiada del dominio del fichero de configuración SSSD. La contraseña en texto claro es leída desde la entrada estándar e introducida interactivamente. La contraseña ofuscada se pone en el parámetro ldap_default_authtok de un dominio SSSD dado y el parámetro ldap_default_authtok_type se fija a obfuscated_password. Vea sssd-ldap 5 para más detalles sobre estos parámetros. Por favor advierta que oscurecer la contraseña no suministra un beneficio real de seguridad y es posible para un atacante mediante ingeniería inversa volver atrás la contraseña. Se recomienda firmemente el uso de mejores mecanismos de autenticación como certificados en el lado cliente o GSSAPI. OPCIONES , La contraseña a oscurecer será leída desde la entrada estándar. , DOMINIO El dominio SSSD en el que usar la contraseña. El nombre por defecto es default. , ARCHIVO Lee el fichero de configuración especificado por el parámetro posicional. Predeterminado: /etc/sssd/sssd.conf sssd-1.11.5/src/man/es/PaxHeaders.13173/include0000644000000000000000000000013212320753573017074 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.535843846 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/include/0000755002412700241270000000000012320753573017376 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/es/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000013212320753573023315 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/include/ldap_search_bases.xml0000664002412700241270000000174412320753573023552 0ustar00jhrozekjhrozek00000000000000 Una base DN opcional, alcance de la búsqueda y filtro LDAP para búsquedas LDAP de este tipo de atributo. sintaxis: search_base[?scope?[filter][?search_base?scope?[filter]]*] El alcance puede ser uno de "base", "onelevel" o "subtree". El filtro debe ser un filtro de búsqueda válido LDAP como se especifica en http://www.ietf.org/rfc/rfc2254.txt Para ejemplos de esta sintaxis, por favor vea la sección de ejemplos de ldap_search_base Predeterminado: el valor de ldap_search_base Por favor advierta que especificar el alcance o el filtro no está soportado para búsquedas contra un Active Directory Server que puede ceder un gran número de resultados y disparar la extensión Range Retrieval en la respuesta. sssd-1.11.5/src/man/es/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000013212320753573022003 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/include/param_help.xml0000664002412700241270000000032512320753573022232 0ustar00jhrozekjhrozek00000000000000 , Muestra mensaje de ayuda y sale. sssd-1.11.5/src/man/es/include/PaxHeaders.13173/failover.xml0000644000000000000000000000013212320753573021502 xustar000000000000000030 mtime=1396955003.495843876 30 atime=1396955003.495843876 30 ctime=1396955003.495843876 sssd-1.11.5/src/man/es/include/failover.xml0000664002412700241270000000616412320753573021740 0ustar00jhrozekjhrozek00000000000000 CONMUTACIÓN POR ERROR La función conmutación en error permite a los finales conmutar automáticamente a un servidor diferente si el servidor actual falla. Sintaxis de conmutación por error La lista de servidores se da como una lista separada por comas; se permite cualquier número de espacios a los lados de la coma. Los servidores son listados en orden de preferencia. La lista puede contener cualquier número de servidores. For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. El mecanismo de conmutación por errorEl mecanismo de failover distingue entre una máquina y un servicio. El punto final intenta primero resolver el nombre de host de una máquina dada; si el intento de resolución falla, la máquina es considerada fuera de línea. No se harán más intentos de conexión con esta máquina para ningún otro servicio. Si el intento de resolución tiene éxito, el punto final intenta conectar a un servicio en esa máquina. Si el intento de conexión al servicio falla, entonces sólo se considera fuera de línea este servicio concreto y el punto final conmutará automáticamente sobre el siguientes servicio. La máquina se considera que sigue en línea y se puede intentar el acceso a otros servicios. El mecanismo de conmutación por error distingue entre una máquina y un servicio. El punto final intenta primero resolver el nombre de host de una máquina dada; si el intento de resolución falla, la máquina es considerada fuera de línea. No se harán más intentos de conexión con esta máquina para ningún otro servicio. Si el intento de resolución tiene éxito, el punto final intenta conectar a un servicio en esa máquina. Si el intento de conexión al servicio falla, entonces sólo se considera fuera de línea este servicio concreto y el punto final conmutará automáticamente sobre el siguientes servicio. La máquina se considera que sigue en línea y se puede intentar el acceso a otros servicios. Los intentos de conexión adicionales son hechos a máquinas o servicios marcaros como fuera de línea después de un período de tiempo especificado; esto está codificado a fuego actualmente en 30 segundos. Si no hay más máquinas para intentarlo, el punto final al completo conmutará al modo fuera de línea y después intentará reconectar cada 30 segundo. sssd-1.11.5/src/man/es/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000013212320753573022333 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/include/debug_levels.xml0000664002412700241270000000512112320753573022561 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Niveles de depuración actualmente soportados: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Ejemplo: Para registrar fallos fatales, críticos y serios y datos de función use 0x0270. Example: Para registrar fallos fatales, ajustes de configuración, datos de función, mensajes de traza para funciones de control interno use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/es/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000013212320753573021326 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/include/seealso.xml0000664002412700241270000000470312320753573021561 0ustar00jhrozekjhrozek00000000000000 VEA TAMBIEN sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/es/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000013212320753573021533 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/include/upstream.xml0000664002412700241270000000020212320753573021754 0ustar00jhrozekjhrozek00000000000000 SSSD The SSSD upstream - http://fedorahosted.org/sssd sssd-1.11.5/src/man/es/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000013212320753573022513 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/include/param_help_py.xml0000664002412700241270000000032512320753573022742 0ustar00jhrozekjhrozek00000000000000 , Muestra mensaje de ayuda y sale. sssd-1.11.5/src/man/es/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000013212320753573022740 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/include/autofs_restart.xml0000664002412700241270000000043112320753573023165 0ustar00jhrozekjhrozek00000000000000 Por favor advierta que el automontador sólo lee el mapa maestro en el arranque, se modo que si se hace cualquier cambio relacionado con autofs al sssd.conf, usted normalmente también necesitará reiniciar el demonio automontador después de reiniciar el SSSD. sssd-1.11.5/src/man/es/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000013212320753573022370 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/include/experimental.xml0000664002412700241270000000021412320753573022614 0ustar00jhrozekjhrozek00000000000000 Este es una función experimental, por favor utilice http://fedorahosted.org/sssd para reportar cualquier cuestión. sssd-1.11.5/src/man/es/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000013212320753573023002 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/include/ldap_id_mapping.xml0000664002412700241270000002325412320753573023237 0ustar00jhrozekjhrozek00000000000000 ASIGNACIÓN DE ID La función asignación de ID permite a SSSD actuar como un cliente de Active Directory sin requerir de administradores para extender los atributos de usuario para soportar atributos POSIX para los identificadores de usuario y grupo. NOTA: Cuando asignación de ID está habilitado, los atributos uidNumber y gidNumber son ignorados. Esto es para evitar la posibilidad de conflictos entre los valores automáticamente asignados y los asignados manualmente. Si usted necesita usar los valore asignados manualmente, TODOS los valores deben ser asignados manualmente. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Algoritmo de asignación Active Directory suministra un objectSID para cada objeto usuario y grupo en el directorio. El objectSID puede ser dividido en componente que representan la identidad del dominio Active Directory y le identificador relativo (RID) del objeto usuario y grupo. El algoritmo de asignación de ID de SSSD tiene un rango de UIDs disponibles y lo divide en secciones componente de igual tamaño – llamadas “rebanadas” -. Cada rebanada representa el espacio disponible para un dominio Active Directory. Cuando se encuentra por primera vez una entrada de usuario o grupo para un dominio concreto, SSSD asigna una de las rebanadas disponibles para ese dominio. Con el objetivo de hacer esta asignación de rebanadas repetible sobre diferentes máquinas clientes, seleccionamos la rebanada en base al siguiente algoritmo: La cadena SID pasada a través del algoritmo murmurhash3 para convertirlo en un valor picado de 32 bit. Después tomamos los módulos de este valor con el número total de rebanadas disponibles para recoger la rebanada. NOTA: Es posible encontrar colisiones en el picadillo y los módulos subsiguientes. En estas situaciones, seleccionaremos la siguiente rebanada disponible, pero puede no ser posible reproducir los mismos conjuntos exactos de rebanadas sobre otras máquinas (puesto que el orden en que se encuentren desterminará sus rebanadas). En esta situación, se recomienda o bien conmutar para usar los atributos explícitos POSIX en Active Directory (deshabilitando la asignación de ID) o configurar un dominio por defecto para garantizar que al menos uno sea siempre consistente. Vea Configuración para detalles. Configuración Configuración mínima (en la sección [domain/DOMAINNAME]): ldap_id_mapping = True ldap_schema = ad La configuración por defecto resulta en la configuración de 10.000 rebanadas, cada una capaz de sostener 200.000 IDs empezando por 10.001 y yendo hasta 2.000.100.000. Esto debería ser suficiente para la mayoría de los despliegues. Configuración Avanzada ldap_idmap_range_min (entero) Especifica el límite inferior del rango de IDs POXIS a usar para la asignación de SIDs de usuario y grupo de Active Directory. NOTA: Esta opción es diferente de min_id en esta min_id actúa para filtrar la salida de las peticiones a este dominio, mientras esta opción controla el rango de la asignación de ID. Esto es una sutil diferencia, pero el buen consejo general sería que min_id fuera menor o igual que ldap_idmap_range_min Por defecto: 200000 ldap_idmap_range_max (entero) Especifica el límite superior del rango de IDs POXIS a usar para la asignación de SIDs de usuario y grupo por Active Directory. NOTA: Esta opción es diferente de max_id en esta max_id actúa para filtrar la salida de las peticiones a este dominio, mientras esta opción controla el rango de la asignación de ID. Esto es una sutil diferencia, pero el buen consejo general sería que max_id fuera menor o igual que ldap_idmap_range_max Por defecto: 2000200000 ldap_idmap_range_size (entero) Especifica el número de IDs disponibles para cada rebanada. Si el rango no se divide de forma igual entre los valores mínimo y máximo, creará tantas rebanadas completas como sea posible. Por defecto: 200000 ldap_idmap_default_domain_sid (cadena) Especifica el SID de dominio del dominio por defecto. Esto garantizará que este dominio será asignado siempre a la rebanada cero en el mapa de ID, sobrepasando el algoritmo murmurhash descrito arriba. Predeterminado: no definido ldap_idmap_default_domain (cadena) Especifica el nombre del dominio por defecto. Predeterminado: no definido ldap_idmap_autorid_compat (booleano) Cambia el comportamiento del algoritmo de asignación de id para que se comporte de un modo más similar al algoritmo idmap_autorid de winbind. Cuando esta opción está configurada, los dominios serán asignados empezando con la rebanada cero e incrementándose de uno en uno con cada dominio adicional. NOTA: Este algoritmo no es determinista (depende del orden en que usuario y grupos son pedidos). Si se requiere este modo para compatibilidad con máquinas que ejecutan winbind, se recomienda que también use la opción ldap_idmap_default_domain_sid para garantizar que al menos un dominio está asignado consistentemente a la rebanada cero. Por defecto: False sssd-1.11.5/src/man/es/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000013212320753573026072 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/include/ldap_search_bases_experimental.xml0000664002412700241270000000213112320753573026316 0ustar00jhrozekjhrozek00000000000000 Una base DN opcional, alcance de la búsqueda y filtro LDAP para búsquedas LDAP de este tipo de atributo. sintaxis: search_base[?scope?[filter][?search_base?scope?[filter]]*] El alcance puede ser uno de "base", "onelevel" o "subtree". El filtro debe ser un filtro de búsqueda válido LDAP como se especifica en http://www.ietf.org/rfc/rfc2254.txt Para ejemplos de esta sintaxis, por favor vea la sección de ejemplos de ldap_search_base Predeterminado: el valor de ldap_search_base Por favor advierta que especificar el alcance o el filtro no está soportado para búsquedas contra un Active Directory Server que puede ceder un gran número de resultados y disparar la extensión Range Retrieval en la respuesta. sssd-1.11.5/src/man/es/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000013212320753573023422 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/include/service_discovery.xml0000664002412700241270000000353212320753573023654 0ustar00jhrozekjhrozek00000000000000 SERVICIO DE DESCUBRIMIENTO La función servicio descubridor permite a los puntos finales encontrar automáticamente los servidores apropiados a conectar para usar una pregunta especial al DNS. Esta función no está soportada por los servidores de respaldo. Configuración Si no se especifican servidores, el punto final usar automáticamente el servicio descubridor para intentar encontrar un servidor. Opcionalmente, el usuario puede elegir utilizar tanto las direcciones de servidor fijadas como el servicio descubridor para insertar una palabra clave especial, _srv_, en la lista de servidores. El orden de preferencia se mantiene. Esta función es útil sí, por ejemplo, el usuario prefiere usar el servicio descubridor siempre que sea posible, el volver a un servidor específico cuando no se pueden descubrir servidores usando DNS. El nombre de dominio Por favor vea el parámetro dns_discovery_domain en la página de manual sssd.conf 5 para más detalles. El protocolo Las consultas normalmente especifican _tcp como protocolo. Las excepciones se documentan en la descripción de la opción respectiva. Vea también Para más información sobre el mecanismo del servicio descubridor, vea el RFC 2782. sssd-1.11.5/src/man/es/include/PaxHeaders.13173/local.xml0000644000000000000000000000013212320753573020765 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/include/local.xml0000664002412700241270000000146412320753573021221 0ustar00jhrozekjhrozek00000000000000 EL DOMINIO LOCAL Con el objetivo de que funcione correctamente, se debe crear un dominio con id_provider=local y el SSSD debe estar corriendo. El administrador puede desear usar los usuarios locales SSSD en lugar de los usuarios tradicionales UNIX en los casos donde los grupos anidados (vea sss_groupadd 8 ) sean necesarios. Los usuarios locales son también útiles para la prueba y el desarrollo del SSSD sin tener que desplegar un servidor remoto completo. Las herramientas sss_user* y sss_group* usan un almacenamiento LDB local para almacenar usuarios y grupos. sssd-1.11.5/src/man/es/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000013212320753573023221 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/include/override_homedir.xml0000664002412700241270000000323312320753573023451 0ustar00jhrozekjhrozek00000000000000 override_homedir (cadena) Anula el directorio home del usuario. Usted puede suministras bien un valor absoluto o una plantilla. En la plantilla, serán sustituidas las siguientes secuencias: %u nombre de acceso %U número UID %d nombre de dominio %f nombre totalmente cualificado del usuario (user@domain) %o El directorio home original recuperado del proveedor de identidad. %% un literal ‘%’ Esta opción puede ser también fijada por dominio. ejemplo: override_homedir = /home/%u Por defecto: No fijado (SSSD usará el valor recuperado desde LDAP) sssd-1.11.5/src/man/es/PaxHeaders.13173/sssd.8.xml0000644000000000000000000000013212320753573017372 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/sssd.8.xml0000664002412700241270000001633512320753573017631 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sssd 8 sssd System Security Services Daemon sssd options DESCRIPCION SSSD suministra un conjunto de demonios para gestionar el acceso a directorios remotos y mecanismos de autenticación. Suministra una interfaz NSS y PAM hacia el sistema y un sistema de parte trasera conectable para conectar múltiples fuentes de cuentas diferentes así como interfaz D-Bus. Es también la base para suministrar servicios de auditoría y política a los clientes para proyectos como FreeIPA. Suministra una base de datos más robusta para almacenar los usuarios locales así como datos de usuario extendidos. OPCIONES , NIVEL mode 1: Agregar marca de tiempo a mensajes de depuración 0: Desactiva marca de tiempo en mensajes de depuración Predeterminado: 1 mode 1: Agregar microsegundos a la marca de tiempo en mensajes de depuración 0: Desactiva microsegundos en marcas de tiempo Predeterminado: 0 , Envía la salida de depuración a ficheros en lugar de a stderr. Por defecto, los ficheros de registro se almacenan en /var/log/sssd y hay ficheros de registro separados para cada servicio y dominio SSSD. , Convertido en un demonio después de la puesta en marcha. , Ejecutar en primer plano, no convertirse en un demonio. , Especifica un fichero de configuración distinto al de por defecto. El por defecto es /etc/sssd/sssd.conf. Para referencia sobre las opciones y sintaxis del fichero de configuración, consulta la página de manual sssd.conf 5 . Imprimir número de versión y salir. Señales SIGTERM/SIGINT Informa a SSSD para terminar graciosamente todos sus procesos hijos y después para el monitor. SIGHUP Le dice a SSSD que pare de escribir en su fichero descriptor de depuración actual y cerrar y reabrirlo. Esto significa facilitar la circulación de registro con programas como logrotate. SIGUSR1 Le dice a SSSD que simule la operación fuera de línea por un minuto. Esto es mayormente útil para propósitos de prueba. SIGUSR2 Le dice a SSD que se ponga en línea inmediatamente. Esto es mayormente útil para propósitos de prueba. NOTAS If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO", client applications will not use the fast in memory cache. sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_groupdel.8.xml0000644000000000000000000000013212320753573021127 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/sss_groupdel.8.xml0000664002412700241270000000273012320753573021360 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_groupdel 8 sss_groupdel eliminar un grupo sss_groupdel options GRUPO DESCRIPCION sss_groupdel borra del sistema un grupo identificado por su nombre GROUP. OPCIONES sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_useradd.8.xml0000644000000000000000000000013212320753573020735 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/sss_useradd.8.xml0000664002412700241270000001442412320753573021171 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_useradd 8 sss_useradd Crea un nuevo usuario sss_useradd options LOGIN DESCRIPCION sss_useradd crea una nueva cuenta de usuario usando los valores especificados en la línea de comandos más los valores por defecto del sistema. OPCIONES , UID Fija la UID del usuario al valor de UID. Si no se da, se elige automáticamente. , COMENTARIO Cualquier cadena de texto describiendo al usuario. Frecuentemente se usa como el campo para el nombre completo del usuario. , HOME_DIR El directorio home de la cuenta de usuario. Por defecto se añade el nombre LOGIN a /home y utiliza esto como directorio home. La base de que se antepondrá antes LOGIN es sintonizable con el ajuste user_defaults/baseDirectory en sssd.conf. , SHELL La shell de acceso del usuario. Por defecto es actualmente /bin/bash. El valor por defecto puede ser cambiado con el ajuste user_defaults/defaultShell en sssd.conf. , GRUPOS Una lista de grupos existentes de los que el usuario también es miembro. , Crea el directorio home del usuario si no existe. Los ficheros y directorios contenidos en el directorio esqueleto (que pueden ser definidos con la opción –k o en el fichero de configuración) serán copiados en el directorio home. , No se crear el directorio principal del usuario. Reemplaza los valores de configuración. , SKELDIR El directorio esqueleto, que contiene ficheros y directorios a copiar en el directorio home del usuario, cuando el directorio home es creado por sss_useradd. Special files (block devices, character devices, named pipes and unix sockets) will not be copied. Esta opción sólo es válida si se ha especificado la opción (o ), o la creación de directorios home está fijada a TRUE en la configuración. , SELINUX_USER El usuario SELinux para el acceso de usuario. Si no se especifica, se usará el valor por defecto del sistema. sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_userdel.8.xml0000644000000000000000000000013212320753573020751 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/sss_userdel.8.xml0000664002412700241270000000632712320753573021210 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_userdel 8 sss_userdel eliminar una cuenta de usuario sss_userdel options LOGIN DESCRIPCION sss_userdel borra del sistema un usuario identificado por su nombre de acceso LOGIN. OPCIONES , Los ficheros en el directorio home del usuario serán borrados así como el directorio home mismo y el buzón de correo del usuario. Reescribe la configuración. , Los ficheros en el directorio home del usuario NO serán borrados así como el directorio home mismo y el buzón de correo del usuario. Reescribe la configuración. , Esta opción fuerza a sss_userdel a borrar el directorio home del usuario y el buzón de correo, aunque no sea propiedad del usuario especificado. , Antes de realmente eliminar al usuario, terminar todos sus procesos. sssd-1.11.5/src/man/es/PaxHeaders.13173/sssd-sudo.5.xml0000644000000000000000000000013212320753573020337 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/sssd-sudo.5.xml0000664002412700241270000001653412320753573020577 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sssd-sudo 5 Formatos de archivo y convenciones sssd-sudo Configuración de sudo con el motor de SSSD DESCRIPCION Esta página de manual describe como configurar sudo 8 para trabajar con sssd 8 y como SSSD esconde reglas sudo. Configurando sudo para cooperar con SSSD Para habilitar SSSD como una fuente de reglas sudo, añada sss a la entrada sudoers en nsswitch.conf 5 . Por ejemplo, para configurar sudo para primero buscar reglas en el fichero sudoers 5 estándar (que contendría reglas para aplicar al usuario local) y después en SSSD, el fichero nsswitch.conf contiene la siguiente línea: sudoers: files sss Más información sobre la configuración del orden de búsqueda de sudoers desde el fichero nsswuitch.conf así información sobre el esquema LDAP que se usa para almacenar reglas sudo en el directorio se puede encontrar en sudoers.ldap 5 . Note: in order to use netgroups or IPA hostgroups in sudo rules, you also need to correctly set nisdomainname 1 to your NIS domain name (which equals to IPA domain name when using hostgroups). Configurando SSSD para ir a buscar reglas sudo All configuration that is needed on SSSD side is to extend the list of services with "sudo" in [sssd] section of sssd.conf 5 . To speed up the LDAP lookups, you can also set search base for sudo rules using ldap_sudo_search_base option. El siguiente ejemplo muestra como configurar SSSD para descargar reglas sudo desde un servidor LDAP. [sssd] config_file_version = 2 services = nss, pam, sudo domains = EXAMPLE [domain/EXAMPLE] id_provider = ldap sudo_provider = ldap ldap_uri = ldap://example.com ldap_sudo_search_base = ou=sudoers,dc=example,dc=com When the SSSD is configured to use IPA as the ID provider, the sudo provider is automatically enabled. The sudo search base is configured to use the compat tree (ou=sudoers,$DC). El mecanismo de almacenamiento en cache de regla SUDO El mayor desafío, cuando se desarrolla soporte sudo en SSSD, fue asegurar que ejecutando sudo con SSSD como la fuente de datos suministre la misma experiencia de usuario y sea tan rápido como sudo pero se mantenga proporcionando el conjunto más actual de reglas como sea posible. Para satisfacer estos requisitos, SSSD usa tres clases de actualizaciones. A ellas nos referimos como refresco total, refresco inteligente y refresco de reglas. El refresco inteligente periódicamente descarga reglas que son nuevas o fueron modificadas desde la última actualización. Su objetivo principal es mantener la base de datos creciendo mediante la atracción de pequeños incrementos que no generen grandes cantidades de tráfico de red. full refresh simplemente refresca todas las reglas sudo almacenadas en el cache y las reemplaza con las reglas que están almacenadas en el servidor. Esto se usa para mantener el cache consistente borrando cada regla que fue borrada del servidor. Sin embargo, un refresco total puede producir gran cantidad de tráfico y por lo tanto debería ser ejecutado sólo ocasionalmente dependiendo del tamaño y de la estabilidad de las reglas sudo. El refresco de reglas asegura que no concedamos más permisos al usuario que los definidos. Se dispara cada vez que el usuario ejecuta sudo. El refresco de reglas encontrará todas las reglas que se apliquen a ese usuario, comprobará su tiempo de expiración y las recargará si han expirado. En el caso de que alguna de esas reglas estén desaparecidas del servidor, SSSD hará un refresco total fuera de banda puesto que más reglas (que apliquen a otros usuarios) pueden haber sido borradas. Si está habilitado, SSSD almacenará sólo las reglas que pueden ser aplicadas a esa máquina. Esto indica reglas que contienen uno de los siguientes valores en el atributo sudoHost: keyword ALL comodines netgroup (en la forma "+netgroup") nombre de host o nombre de dominio totalmente cualificado de esta máquina una de las direcciones IP de esta máquina una de las direcciones IP de la red (en la forma "dirección/máscara") Hay muchas opciones de configuración que pueden ser usadas para ajustar el comportamiento. Por favor vea "ldap_sudo_*" en sssd-ldap 5 y "sudo_*" en sssd.conf 5 . sssd-1.11.5/src/man/es/PaxHeaders.13173/sssd-ldap.5.xml0000644000000000000000000000013212320753573020305 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/sssd-ldap.5.xml0000664002412700241270000027655112320753573020554 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sssd-ldap 5 Formatos de archivo y convenciones sssd-ldap El archivo de configuración de SSSD DESCRIPCION Esta página de manual describe la configuración de dominios LDAP para sssd 8 . Vea la sección FILE FORMAT de la página de manual sssd.conf 5 para información detallada de la sintáxis. Puede configurar SSSD para usar más de un dominio LDAP. El punto final de LDAP soporta proveedores de id, auth, acceso y chpass. Si usted desea autenticarse contra un servidor LDAP se requiere bien TLS/SSL o LDAPS. sssd no soporta autenticación sobre un canal no esncriptado. Si el servidor LDAP se usa sólo como un proveedor de identidad, no se necesita un canal encriptado. Por favor vea la opción de configuración ldap_access_filter para más información sobre la utilización de LDAP como proveedor de acceso. OPCIONES DE CONFIGURACIÓN Todas las opciones de configuración comunes que se aplican a los dominios SSSD también se aplican a los dominios LDAP. Vea la sección DOMAIN SECTIONS de la página de manual sssd.conf 5 para detalles completos. ldap_uri, ldap_backup_uri (string) Especifica una lista separada por comas de URIs del servidor LDAP al que SSSD se conectaría en orden de preferencia. Vea la sección CONMUTACIÓN EN ERROR para más información sobre la conmutación en error y la redundancia de servidor. Si no hay opción especificada, se habilita el descubridor de servicio. Para más información, vea la sección DESCUBRIDOR DE SERVICIOS El formato de la URI debe coincidir con el formato definido en RFC 2732: ldap[s]://<host>[:port] Para direcciones IPv6 explícitas, <host> debe estar entre corchetes [] ejemplo: ldap://[fc00::126:25]:389 ldap_chpass_uri, ldap_chpass_backup_uri (cadena) Especifica la lista separada por comas de URIs de los servidores LDAP a los que SSSD se conectaría con el objetivo preferente de cambiar la contraseña de un usuario. Vea la sección FAILOVER para más información sobre failover y redundancia de servidor. Para habilitar el servicio descubrimiento ldap_chpass_dns_service_name debe ser establecido. Por defecto: vacio, esto es ldap_uri se está usando. ldap_search_base (cadena) El DN base por defecto que se usará para realizar operaciones LDAP de usuario. Desde SSSD 1.7.0, SSSD soporta múltiples bases de búsqueda usando la sintaxis: search_base[?scope?[filter][?search_base?scope?[filter]]*] El alcance puede ser uno de “base”, “onlevel” o “subtree”. El filtro debe ser un filtro de búsqueda LDAP válido como se especifica en http://www.ietf.org/rfc/rfc2254.txt Ejemplos: ldap_search_base = dc=example,dc=com (que es equivalente a) ldap_search_base = dc=example,dc=com?subtree? ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? Nota: No está soportado tener múltiples bases de búsqueda que se referencien a objetos nombrados idénticamente (por ejemplo, grupos con el mismo nombre en dos bases de búsqueda diferentes). Esto llevara a comportamientos impredecibles sobre máquinas cliente. Por defecto: no se fija, se usa el valor de los atributos defaultNamingContext o namingContexts de RootDSE del servidor LDAP usado. Si defaultNamingContext no existe o tiene un valor vacío se usa namingContexts. El atributo namingContexts debe tener un único valor con el DN de la base de búsqueda del servidor LDAP para hacer este trabajo. No se soportan múltiples valores. ldap_schema (cadena) Especifica el Tipo de Esquema en uso en el servidor LDAP objetivo. Dependiendo del esquema seleccionado, los nombres de atributos por defecto que se recuperan de los servidores pueden variar. La manera en que algunos atributos son manejados puede también diferir. Cuatro tipos de esquema son actualmente soportados: rfc2307 rfc2307bis IPA AD La principal diferencia entre estos tipos de esquemas es como las afiliaciones de grupo son grabadas en el servidor. Con rfc2307, los miembros de grupos son listados por nombre en el atributo memberUid. Con rfc2307bis e IPA, los miembros de grupo son listados por DN y almacenados en el atributo member. El tipo de esquema AD fija los atributos para corresponderse con los valores Active Directory 2008r2. Predeterminado: rfc2307 ldap_default_bind_dn (cadena) El enlazador DN por defecto a usar para llevar a cabo operaciones LDAP. ldap_default_authtok_type (cadena) El tipo de ficha de autenticación del enlazador DN por defecto. Los dos mecanismos actualmente soportados son: contraseña obfuscated_password Por defecto: contraseña ldap_default_authtok (cadena) La ficha de autenticación del enlazador DN por defecto. Sólo se soportan actualmente password de texto claro. ldap_user_object_class (cadena) La clase de objeto de una entrada de usuario en LDAP. Predeterminado: posixAccount ldap_user_name (cadena) El atributo LDAP que corresponde al nombre de inicio de sesión del usuario. Predeterminado: uid ldap_user_uid_number (cadena) El atributo LDAP que corresponde al id de usuario. Predeterminado: uidNumber ldap_user_gid_number (cadena) El atributo LDAP que corresponde al id del grupo primario del usuario. Predeterminado: gidNumber ldap_user_gecos (cadena) El atributo LDAP que corresponde al campo de gecos del usuario. Predeterminado: gecos ldap_user_home_directory (cadena) El atributo LDAP que contiene el nombre del directorio principal del usuario. Predeterminado: homeDirectory ldap_user_shell (cadena) El atributo LDAP que contiene la ruta de acceso a la shell predeterminada del usuario. Predeterminado: loginShell ldap_user_uuid (cadena) El atributo LDAP que contiene el GUID/UUID de un objeto de usuario LDAP. Predeterminado: nsUniqueId ldap_user_objectsid (cadena) El atributo LDAP que contiene el objectSID de un objeto usuario LDAP. Esto es normalmente sólo necesario para servidores ActiveDirectory. Por defecto: objectSid para ActiveDirectory, no fijado para otros servidores. ldap_user_modify_timestamp (cadena) El atributo LDAP que contiene la fecha y hora de la última modificación del objeto primario. Predeterminado: modifyTimestamp ldap_user_shadow_last_change (cadena) Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre de un atributo LDAP correspondiente a su shadow 5 homologo (fecha del último cambio de password). Predeterminado: shadowLastChange ldap_user_shadow_min (cadena) Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre de un atributo LDAP correspondiente a su shadow 5 homologo (edad mínima del password). Predeterminado: shadowMin ldap_user_shadow_max (cadena) Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre de un atributo LDAP correspondiente a su shadow 5 homologo (edad máxima del password). Predeterminado: shadowMax ldap_user_shadow_warning (cadena) Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre de un atributo LDAP correspondiente a su shadow 5 homologo (período de aviso de password). Predeterminado: shadowWarning ldap_user_shadow_inactive (cadena) Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre de un atributo LDAP correspondiente a su shadow 5 homologo (período de inactividad de password). Predeterminado: shadowInactive ldap_user_shadow_expire (cadena) Cuando se utiliza ldap_pwd_policy=shadow o ldap_account_expire_policy=shadow, este parámetro contiene el nombre de un atributo correspondiente con su shadow 5 homólogo (fecha de expiración de la cuenta). Predeterminado: shadowExpire ldap_user_krb_last_pwd_change (cadena) Cuando se utiliza ldap_pwd_policy=mit_kerberos, este parámetro contiene el nombre de un atributo LDAP que almacena la fecha y la hora del último cambio de password en kerberos. Predeterminado: krbLastPwdChange ldap_user_krb_password_expiration (cadena) Cuando se utiliza ldap_pwd_policy=mit_kerberos, este parámetro contiene el nombre de un atributo LDAP que almacena la fecha y la hora en la que expira el password actual. Predeterminado: krbPasswordExpiration ldap_user_ad_account_expires (cadena) Cuando se utiliza ldap_account_expire_policy=ad, este parámetro contiene el nombre de un atributo LDAP que almacena el tiempo de expiración de la cuenta. Predeterminado: accountExpires ldap_user_ad_user_account_control (cadena) Cuando se usa ldap_account_expire_policy=ad, este parámetro contiene el nombre de un atributo LDAP que almacena el campo bit de control de la cuenta de usuario. Predeterminado: userAccountControl ldap_ns_account_lock (cadena) Cuando se usa ldap_account_expire_policy=rhds o esquivalente, este parámetro determina si el acceso está permitido o no. Predeterminado: nsAccountLock ldap_user_nds_login_disabled (cadena) Cuando se usa ldap_account_expire_policy=nds, este atributo determina si el acceso está permitido o no. Predeterminado: loginDisabled ldap_user_nds_login_expiration_time (cadena) Cuando se usa ldap_account_expire_policy=nds, este atributo determina hasta que fecha se concede el acceso. Predeterminado: loginDisabled ldap_user_nds_login_allowed_time_map (cadena) Cuando se utiliza ldap_account_expire_policy=nds, este atributo determina la hora de un día en la semana cuando se concede el acceso. Predeterminado: loginAllowedTimeMap ldap_user_principal (cadena) El atributo LDAP que contiene le Nombre Principal de Usuario Kerberos (UPN) del usuario. Predeterminado: krbPrincipalName ldap_user_ssh_public_key (cadena) El atributo LDAP que contiene las claves públicas SSH del usuario. ldap_force_upper_case_realm (boolean) Algunos servidores de directorio, por ejemplo Active Directory, pueden entregar la parte real del UPN en minúsculas, lo que puede causar fallos de autenticación. Fije esta opción en un valor distinto de cero si usted desea usar mayúsculas reales. Predeterminado: false ldap_enumeration_refresh_timeout (entero) Especifica cuantos segundos SSSD tiene que esperar antes de refrescar su escondrijo de los registros enumerados. Predeterminado: 300 ldap_purge_cache_timeout (entero) Determina la frecuencia de comprobación del cache para entradas inactivas (como grupos sin miembros y usuarios que nunca han accedido) y borrarlos para guardar espacio. Establecer esta opción en cero desactivará la operación de limpieza de la caché. Predeterminado: 10800 (12 horas) ldap_user_fullname (cadena) El atributo LDAP que corresponde al nombre completo del usuario. Predeterminado: cn ldap_user_member_of (cadena) El atributo LDAP que lista los afiliación a grupo de usario. Predeterminado: memberOf ldap_user_authorized_service (cadena) Si access_provider=ldap y ldap_access_order=authorized_service, SSSD utilizará la presencia del atributo authorizedService en la entrada LDAP del usuario para determinar el privilegio de acceso. Una denegación explícita (¡svc) se resuelve primero. Segundo, SSSD busca permiso explícito (svc) y finalmente permitir todo (*). Please note that the ldap_access_order configuration option must include authorized_service in order for the ldap_user_authorized_service option to work. Predeterminado: iluminada ldap_user_authorized_host (cadena) Si access_provider=ldap y ldap_access_order=host, SSSD utilizará la presencia del atributo host en la entrada LDAP del usuario para determinar el privilegio de acceso. Una denegación explícita (¡host) se resuelve primero. Segundo, la búsqueda SSSD para permiso explícito (host) y finalmente permitir todo (*). Please note that the ldap_access_order configuration option must include host in order for the ldap_user_authorized_host option to work. Default: host ldap_group_object_class (cadena) La clase de objeto de una entrada de grupo LDAP. Por defecto: posixGroup ldap_group_name (cadena) El atributo LDAP que corresponde al nombre de grupo. Predeterminado: cn ldap_group_gid_number (cadena) El atributo LDAP que corresponde al id del grupo. Predeterminado: gidNumber ldap_group_member (cadena) El atributo LDAP que contiene los nombres de los miembros del grupo. Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis) ldap_group_uuid (cadena) El atributo LDAP que contiene el UUID/GUID de un objeto de grupo LDAP. Predeterminado: nsUniqueId ldap_group_objectsid (cadena) El atributo LDAP que contiene el objectSID de un objeto grupo LDAP. Esto es normalmente sólo necesario para servidores ActiveDirectory. Por defecto: objectSid para ActiveDirectory, no fijado para otros servidores. ldap_group_modify_timestamp (cadena) El atributo LDAP que contiene la fecha y hora de la última modificación del objeto primario. Predeterminado: modifyTimestamp ldap_group_type (integer) The LDAP attribute that contains an integer value indicating the type of the group and maybe other flags. This attribute is currently only used by the AD provider to determine if a group is a domain local groups and has to be filtered out for trusted domains. Default: groupType in the AD provider, othewise not set ldap_group_nesting_level (entero) Si ldap_schema está fijado en un formato de esquema que soporte los grupos anidados (por ejemplo, RFC2307bis), entonces esta opción controla cuantos niveles de anidamiento seguirá SSSD. Este opción no tiene efecto en el esquema RFC2307. Predeterminado: 2 ldap_groups_use_matching_rule_in_chain Esta opción le dice a SSSD como tomar ventajar de una función específica de Active Directory que puede acelerar las operaciones de búsqueda de grupo son despliegues con grupos complejos o profundamente anidados. En los casos más comunes, es mejor dejar esta opción deshabilitada. Generalmente sólo suministra un incremento de rendimiento en anidamientos muy complejos. Si esta opción está habilitada, SSSD la usará si detecta que el servidor la soporta durante la conexión inicial. De modo que “True” aquí significa esencialmente “auto-detect”. Nota: Esta función se sabe que actualmente trabajo sólo con Active Directory 2008 R1 y posteriores. Vea MSDN(TM) documentation para más detalles. Por defecto: False ldap_initgroups_use_matching_rule_in_chain Esta opción le dice a SSSD que tome ventaja de una función específica de Active Directory que puede acelerar las operaciones de inicio de grupo (más notable cuando se trata con grupos complejos o profundamente anidados). Si esta opción está habilitada, SSSD la usará si detecta que el servidor la soporta durante la conexión inicial. De modo que “True” aquí significa esencialmente “auto-detect”. Nota: Esta función se sabe que actualmente trabajo sólo con Active Directory 2008 R1 y posteriores. Vea MSDN(TM) documentation para más detalles. Por defecto: False ldap_netgroup_object_class (cadena) La clase de objeto de una entrada netgroup en LDAP. En proveedor IPA, ipa_netgroup_object_class, se usaría en su lugar. Predeterminado: nisNetgroup ldap_netgroup_name (cadena) El atributo LDAP que corresponde al nombre del netgroup. Un proveedor IPA, ipa_netgroup_name sería usado en su lugar. Predeterminado: cn ldap_netgroup_member (cadena) El atributo LDAP que contiene los nombres de los miembros de grupo de red. Un proveedor IPA, ipa_netgroup_member sería usado en su lugar. Predeterminado: memberNisNetgroup ldap_netgroup_triple (cadena) El atributo LDAP que contiene los (host, usuario, dominio) triples de grupo de red. Esta opción no está disponible en el proveedor IPA. Predeterminado: nisNetgroupTriple ldap_netgroup_uuid (cadena) El atributo LDAP que contiene el UUID/GUID de un objeto de grupo de red LDAP. Un proveedor IPA ipa_netgroup_uuid sería usado en su lugar. Predeterminado: nsUniqueId ldap_netgroup_modify_timestamp (cadena) El atributo LDAP que contiene la fecha y hora de la última modificación del objeto primario. Esta opción no está disponible en el proveedor IPA. Predeterminado: modifyTimestamp ldap_service_object_class (cadena) La clase objeto de una entrada de servicio en LDAP. Por defecto: ipService ldap_service_name (cadena) El atributo LDAP que contiene el nombre de servicio de atributos y sus alias. Predeterminado: cn ldap_service_port (cadena) El atributo LDAP que contiene el puerto manejado por este servicio. Por defecto: ipServicePort ldap_service_proto (cadena) El atributo LDAP que contiene los protocolos entendidos por este servicio. Por defecto: ipServiceProtocol ldap_service_search_base (cadena) ldap_search_timeout (entero) Especifica el tiempo de salida (en segundos) que la búsqueda ldap está permitida para correr antes que de quea cancelada y los resultados escondidos devueltos (y se entra en modo fuera de línea) Nota: esta opción será sujeto de cambios en las futuras versiones del SSSD. Probablemente será sustituido en algunos puntos por una serie de tiempos de espera para tipos específicos de búsqueda. Predeterminado: 6 ldap_enumeration_search_timeout (entero) Especifica el tiempo de espera (en segundos) en los que las búsquedas ldap de enumeraciones de usuario y grupo están permitidas de correr antes de que sean canceladas y devueltos los resultados escondidos (y se entra en modo fuera de línea) Predeterminado: 60 ldap_network_timeout (entero) Especifica el tiempo de salida (en segudos) después del cual poll 2 / select 2 siguiendo un connect 2 vuelve en caso de no actividad. Predeterminado: 6 ldap_opt_timeout (entero) Especifica un tiempo de salida (en segundos) después del cual las llamadas a APIs síncronos LDAP se abortarán si no se recibe respuesta. También controla el tiempo de salida cuando se está comunicando con el KDC en el caso del enlazador SASL. Predeterminado: 6 ldap_connection_expire_timeout (entero) Especifica un tiempo de espera (en segundos) en el que se mantendrá una conexión a un servidor LDAP. Después de este tiempo, la conexión será restablecida. Si su usa en paralelo con SASL/GSSAPI, se usará el valor más temprano (este valor contra el tiempo de vida TGT). Predeterminado: 900 (15 minutos) ldap_page_size (entero) Especifica el número de registros a recuperar desde una única petición LDAP. Algunos servidores LDAP hacen cumplir un límite máximo por petición. Predeterminado: 1000 ldap_disable_paging (booleano) Deshabilita el control de paginación LDAP. Esta opción se debería usar si el servidor LDAP reporta que soporta el control de paginación LDAP en sus RootDSE pero no está habilitado o no se comporta apropiadamente. Ejemplo: los servidores OpenLDAP con el módulo de control de paginación instalado sobre el servidor pero no habilitado lo reportarán en el RootDSE pero es incapaz de usarlo. Ejemplo: 389 DS tiene un bug donde puede sólo soportar un control de paginación a la vez en una única conexión. Sobre clientes ocupados, esto puede ocasionar que algunas peticiones sean denegadas. Por defecto: False ldap_disable_range_retrieval (boolean) Disable Active Directory range retrieval. Active Directory limits the number of members to be retrieved in a single lookup using the MaxValRange policy (which defaults to 1500 members). If a group contains more members, the reply would include an AD-specific range extension. This option disables parsing of the range extension, therefore large groups will appear as having no members. Por defecto: False ldap_sasl_minssf (entero) Cuando se está comunicando con un servidor LDAP usando SASL, especifica el nivel de seguridad mínimo necesario para establecer la conexión. Los valores de esta opción son definidos por OpenLDAP. Por defecto: Usa el sistema por defecto (normalmente especificado por ldap.conf) ldap_deref_threshold (entero) Especifica el número de miembros del grupo que deben estar desaparecidos desde el escondrijo interno con el objetivo de disparar una búsqueda deference. Si hay menos miembros desaparecidos, se buscarán individualmente. Usted puede quitar las búsquedas dereference completamente fijando el valor a 0. Una búsqueda dereference es un medio de descargar todos los miembros del grupo en una única llamada LDAP. Servidores diferentes LDAP pueden implementar diferentes métodos dereference. Los servidores actualmente soportados son 389/RHDS, OpenLDAP y Active Directory. Nota: Si alguna de las bases de búsqueda especifica un filtro de búsqueda, la mejora del rendimiento de la búsqueda dereference será deshabilitado sin tener en cuenta este ajuste. Predeterminado: 10 ldap_tls_reqcert (cadena) Especifica que comprobaciones llevar a cabo sobre los certificados del servidor en una sesión TLS, si las hay. Puede ser especificado como uno de los siguientes valores: never = El cliente no pedirá o comprobará ningún certificado de servidor. allow = Se pide el certificado del servidor. Si no se suministra certificado, la sesión sigue normalmente. Si se suministra un certificado malo, será ignorado y la sesión continua normalmente. try = Se pide el certificado del servidor. Si no se suministra certificado, la sesión continua normalmente. Si se suministra un certificado malo, la sesión se termina inmediatamente. demand = Se pide el certificado del servidor. Si no se suministra certificado, o se suministra un certificado malo, la sesión se termina inmediatamente. hard = Igual que demand Predeterminado: hard ldap_tls_cacert (cadena) Especifica el fichero que contiene los certificados de todas las Autoridades de Certificación que sssd reconocerá. Por defecto: use los valores por defecto OpenLDAP, normalmente en /etc/openldap/ldap.conf ldap_tls_cacertdir (cadena) Especifica la ruta de un directorio que contiene los certificados de las Autoridades de Certificación en ficheros individuales separados. Normalmente los nombres de fichero necesita ser el hash del certificado seguido por ‘.0’. si esta disponible cacertdir_rehash puede ser usado para crear los nombres correctos. Por defecto: use los valores por defecto OpenLDAP, normalmente en /etc/openldap/ldap.conf ldap_tls_cert (cadena) Especifica el fichero que contiene el certificado para la clave del cliente. Predeterminado: no definido ldap_tls_key (cadena) Especifica el archivo que contiene la clave del cliente. Predeterminado: no definido ldap_tls_cipher_suite (cadena) Especifica los conjuntos aceptables de cifrado. Normalmente es una lista separada por dos puntos. Vea el formato en ldap.conf 5. Por defecto: use los valores por defecto OpenLDAP, normalmente en /etc/openldap/ldap.conf ldap_id_use_start_tls (booleano) Especifica que la id_de proveedor de la conexión debe también utilizar tls para proteger el canal. Predeterminado: false ldap_id_mapping (booleano) Especifica que SSSD intentaría mapear las IDs de usuario y grupo desde los atributos ldap_user_objectsid y ldap_group_objectsid en lugar de apoyarse en ldap_user_uid_number y ldap_group_gid_number. Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory. Predeterminado: false ldap_min_id, ldap_max_id (interger) In contrast to the SID based ID mapping which is used if ldap_id_mapping is set to true the allowed ID range for ldap_user_uid_number and ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id can be set to restrict the allowed range for the IDs which are read directly from the server. Sub-domains can then pick other ranges to map IDs. Default: not set (both options are set to 0) ldap_sasl_mech (cadena) Especifica el mecanismo SASL a emplear. Actualmente sólo GSSAPI está probado y soportado. Predeterminado: no definido ldap_sasl_authid (cadena) Especifica la id de autorización SASL a usar. Cuando se usa GSSAPI, esto representa el Kerberos principal usado para autenticación al directorio. Esta opción puede contener el principal completo (por ejemplo host/myhost@EXAMPLE.COM) o sólo en nombre principal (por ejemplo host/myhost). Por defecto: host/nombre_de_host@REALM ldap_sasl_realm (string) Especifica el reino SASL a usar. Cuando no se especifica, esta opción se pone por defecto al valor de krb5_realm. Si ldap_sasl_authid contiene el reino también, esta opción se ignora. Por defecto: el valor de krb5_realm. ldap_sasl_canonicalize (boolean) Si se fija en true, la librería LDAP llevaría a cabo una búsqueda inversa para para canocalizar el nombre de host durante una unión SASL. Predeterminado: false; ldap_krb5_keytab (cadena) Especifica la keytab a usar cuando se utilice SASL/GSSAPI. Por defecto: Keytab del sistema, normalmente /etc/krb5.keytab ldap_krb5_init_creds (booleano) Especifica la id de proveedor que iniciaría las credenciales Kerberos (TGT). Esta acción se lleva a cabo sólo si SASL se usa y el mecanismo seleccionado es GSSAPI. Predeterminado: true ldap_krb5_ticket_lifetime (entero) Especifica el tiempo de vida en segundos del TGT si se usa GSSAPI. Predeterminado: 86400 (24 horas) krb5_server, krb5_backup_server (cadena) Especifica una lista separada por comas de direcciones IP o nombres de host de los servidores Kerberos a los cuales se conectaría SSSD en orden de preferencia. Para más información sobre failover y redundancia de servidor, vea la sección FAILOVER. Un número de puerto opcional (precedido de dos puntos) puede ser añadido a las direcciones o nombres de host. Si está vacío, el servicio descubridor está habilitado – para más información, vea la sección SERVICE DISCOVERY. Cuando se utiliza el servicio descubiertos para servidores KDC o kpasswd, SSSD primero busca entradas DNS que especifiquen _udop como protocolo y regresa a _tcp si no se encuentra nada. Este opción se llamaba krb5_kdcip en las revisiones más tempranas de SSSD. Mientras el legado de nombre se reconoce por el tiempo que sea, los usuarios son advertidos para migrar sus ficheros de configuración para usar krb5_server en su lugar. krb5_realm (cadena) Especifica el REALM Kerberos (para autorización SASL/GSSAPI). Predeterminado: Predeterminados del sistema, vea /etc/krb5.conf krb5_canonicalize (boolean) Especifica si el host principal sería estandarizado cuando se conecte a un servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7 Predeterminado: false krb5_use_kdcinfo (boolean) Specifies if the SSSD should instruct the Kerberos libraries what realm and which KDCs to use. This option is on by default, if you disable it, you need to configure the Kerberos library using the krb5.conf 5 configuration file. See the sssd_krb5_locator_plugin 8 manual page for more information on the locator plugin. Predeterminado: true ldap_pwd_policy (cadena) Seleccione la política para evaluar la caducidad de la contraseña en el lado del cliente. Los siguientes valores son permitidos: none - Sin evaluación en el lado cliente. Esta opción no puede deshabilitar las políticas de password en el lado servidor. shadow - Usa los atributos de estilo shadow 5 para evaluar si la contraseña ha expirado. mit_kerberos - Usa los atributos utilizados por MIT Kerberos para determinar si el password ha expirado. Use chpass_provider=krb5 para actualizar estos atributos cuando se cambia el password. Predeterminado: none Note: if a password policy is configured on server side, it always takes precedence over policy set with this option. ldap_referrals (boolean) Especifica si el seguimiento de referencias automático debería ser habilitado. Por favor advierta que sssd sólo soporta seguimiento de referencias cuando está compilado con OpenLDAP versión 2.4.13 o más alta. Al perseguir referencia se puede incurrir en una penalización de rendimiento en entornos que lo usen pesadamente, un ejemplo notable es Microsoft Active Directory. Si su ajuste no requieren de hecho el uso de referencias, fijar esta opción a false le llevará a una notable mejora de rendimiento. Predeterminado: true ldap_dns_service_name (cadena) Especifica el nombre del servicio para utilizar cuando está habilitado el servicio de descubrimiento. Predeterminado: ldap ldap_chpass_dns_service_name (cadena) Especifica el nombre del servicio para utilizar al buscar un servidor LDAP que permita cambios de contraseña cuando está habilitado el servicio de descubrimiento. Por defecto: no fijado, esto es servicio descubridor deshabilitado. ldap_chpass_update_last_change (booleano) Especifica si actualizar el atributo ldap_user_shadow_last_change con días desde el Epoch después de una operación de cambio de contraseña. Por defecto: False ldap_access_filter (cadena) If using access_provider = ldap and ldap_access_order = filter (default), this option is mandatory. It specifies an LDAP search filter criteria that must be met for the user to be granted access on this host. If access_provider = ldap, ldap_access_order = filter and this option is not set, it will result in all users being denied access. Use access_provider = permit to change this default behavior. Please note that this filter is applied on the LDAP user entry only. Ejemplo: access_provider = ldap ldap_access_filter = (employeeType=admin) This example means that access to this host is restricted to users whose employeeType attribute is set to "admin". El escondrijo fuera de línea para esta característica está limitado a determinar si el último login en línea del usuario alcanzó permiso de acceso. Si les fue concedido acceso durante su último login, continuará obteniendo acceso mientras esté fuera de línea y viceversa. Predeterminado: vacío ldap_account_expire_policy (cadena) Con esta opción pueden ser habilitados los atributos de evaluación de control de acceso del lado cliente. Por favor advierta que siempre se recomienda utilizar el control de acceso del lado servidor, esto es el servidor LDAP denegaría petición de enlace con una código de error definible aunque el password sea correcto. Los siguientes valores están permitidos: shadow: usa el valor de ldap_user_shadow_expire para determinar si la cuenta ha expirado. ad: usa el valor del campo de 32 bit ldap_user_ad_user_account_control y permite el acceso si el segundo bit no está fijado. Si el atributo está desaparecido se concede el acceso. También se comprueba el tiempo de expiración de la cuenta. rhds, ipa, 389ds: usa el valor de ldap_ns_account_lock para comprobar si se permite el acceso o no. nds: los valores de ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled y ldap_user_nds_login_expiration_time se usan para comprobar si el acceso está permitido. Si ambos atributos están desaparecidos se concede el acceso. Please note that the ldap_access_order configuration option must include expire in order for the ldap_account_expire_policy option to work. Predeterminado: vacío ldap_access_order (cadena) Lista separada por coma de opciones de control de acceso. Los valores permitidos son: filtro: utilizar ldap_access_filter caducar: utilizar ldap_account_expire_policy authorized_service: utilizar el atributo autorizedService para determinar el acceso host: usa el atributo host para determinar el acceso Predeterminado: filter Tenga en cuenta que es un error de configuración si un valor es usado más de una vez. ldap_deref (cadena) Especifica cómo se hace la eliminación de referencias al alias cuando se lleva a cabo una búsqueda. Están permitidas las siguientes opciones: never: Nunca serán eliminadas las referencias al alias. searching: Las referencias al alias son eliminadas en subordinadas del objeto base, pero no en localización del objeto base de la búsqueda. finding: Sólo se eliminarán las referencias a alias cuando se localice el objeto base de la búsqueda. always: Las referencias al alias se eliminarán tanto para la búsqueda como en la localización del objeto base de la búsqueda. Por defecto: Vacío (esto es manejado como nunca por las librerías cliente LDAP) ldap_rfc2307_fallback_to_local_users (boolean) Permite retener los usuarios locales como miembros de un grupo LDAP para servidores que usan el esquema RFC2307. En algunos entornos donde se usa el esquema RFC2307, los usuarios locales son hechos miembros de los grupos LDAP añadiendo sus nombres al atributo memberUid. La autoconsistencia del dominio se ve comprometida cuando se hace esto, de modo que SSSD debería normalmente quitar los usuarios “desparecidos” de las afiliaciones a grupos escondidas tan pronto como nsswitch intenta ir a buscar información del usuario por medio de las llamadas getpw*() o initgroups(). Esta opción cae de nuevo en comprobar si los usuarios locales están referenciados, y los almacena en caché de manera que más tarde las llamadas initgroups() aumentará los usuarios locales con los grupos LDAP adicionales. Predeterminado: false OPCIONES SUDO ldap_sudorule_object_class (cadena) El objeto clase de una regla de entrada sudo en LDAP. Por defecto: sudoRole ldap_sudorule_name (cadena) El atributo LDAP que corresponde a la regla nombre de sudo. Predeterminado: cn ldap_sudorule_command (cadena) El atributo LDAP que corresponde al nombre de comando. Por defecto: sudoCommand ldap_sudorule_host (cadena) El atributo LDAP que corresponde al nombre de host (o dirección IP del host, red IP del host o grupo de red del host) Por defecto: sudoHost ldap_sudorule_user (cadena) El atributo LDAP que corresponde al nombre de usuario (o UID. nombre de grupo o grupo de red del usuario) Por defecto: sudoUser ldap_sudorule_option (cadena) El atributo LDAP que corresponde a las opciones sudo. Por defecto: sudoOption ldap_sudorule_runasuser (cadena) El atributo LDAP que corresponde al nombre de usuario que los comandos pueden ejecutar como. Por defectot: sudoRunAsUser ldap_sudorule_runasgroup (cadena) El atributo LDAP que corresponde al nombre de grupo o GID de grupo que puede ejecutar comandos como. Por defecto: sudoRunAsGroup ldap_sudorule_notbefore (cadena) El atributo LDAP que corresponde al inicio de fecha/hora para cuando la regla sudo es válida. Por defecto: sudoNotBefore ldap_sudorule_notafter (cadena) El atributo LDAP que corresponde a la fecha/hora final, después de la cual la regla sudo dejará de ser válida. Por defecto: sudoNotAfter ldap_sudorule_order (cadena) El atributo LDAP que corresponde al índice de ordenación de la regla. Por defecto: sudoOrder ldap_sudo_full_refresh_interval (entero) Cuantos segundos esperará SSSD entre ejecutar un refresco total de las reglas sudo (que descarga todas las reglas que están almacenadas en el servidor). El valor debe ser mayor que ldap_sudo_smart_refresh_interval Por defecto: 21600 (6 horas) ldap_sudo_smart_refresh_interval (entero) Cuantos segundos tiene que esperar SSSD antes de ejecutar una actualización inteligente de las reglas sudo (que descarga todas las reglas que tienen USBN más alto que el USN más alto de las reglas escondidas). Si los atributos USN no se soportan por el servidor, se usa en su lugar el atributo modifyTimestamp. Predeterminado: 900 (15 minutos) ldap_sudo_use_host_filter (booleano) Si es true, SSSD descargará sólo las reglas que son aplicables a esta máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6). Predeterminado: true ldap_sudo_hostnames (cadena) Lista separada por espacios de nombres de host o nombres de dominio totalmente cualificados que sería usada para filtrar las reglas. Si esta opción está vacía, SSSD intentará descubrir el nombre de host y el nombre de dominio totalmente cualificado automáticamente. Si ldap_sudo_use_host_filter es false esta opción no tiene efecto. Por defecto: no especificado ldap_sudo_ip (cadena) Lista separada por espacios de direcciones de host/red IPv4 o IPv6 que sería usada para filtrar las reglas. esta opción está vacía, SSSD intentará descrubrir las direcciones automáticamente. Si ldap_sudo_use_host_filter es false esta opción no tiene efecto. Por defecto: no especificado sudo_include_netgroups (booleano) Si está a true SSSD descargará cada regla que contenga un grupo de red en el atributo sudoHost. Si ldap_sudo_use_host_filter es false esta opción no tiene efecto. Predeterminado: true ldap_sudo_include_regexp (booleano) Si es verdad SSSD descargará cada regla que contenga un comodín en el atributo sudoHost. Si ldap_sudo_use_host_filter es false esta opción no tiene efecto. Predeterminado: true Esta página de manual sólo describe el atributo de nombre mapping. Para una explicación detallada de la semántica del atributo relacionada con sudo, vea sudoers.ldap5 OPCIONES AUTOFS Por favor advierta que los valores por defecto corresponden al esquema por defecto del RFC2307. ldap_autofs_map_object_class (cadena) El objeto clase de una entrada de mapa de automontaje en LDAP. Por defecto: automountMap ldap_autofs_map_name (cadena) El nombre de una entrada de mapa de automontaje en LDAP. Por defecto: ou ldap_autofs_entry_object_class (cadena) El objeto clase de una entrada de mapa de automontaje en LDAP. Por defecto: automountMap ldap_autofs_entry_key (cadena) La clave de una entrada de automontaje en LDAP. La entrada corresponde normalmente a un punto de montaje. Predeterminado: cn ldap_autofs_entry_value (cadena) La clave de una entrada de automontaje en LDAP. La entrada corresponde normalmente a un punto de montaje. Por defecto: automountInformation OPCIONES AVANZADAS Estas opciones son soportadas por los dominios LDAP, pero sólo deberían ser utilizadas con precaución. Por favor inclúyalas en su configuración sólo si usted sabe lo que está haciendo. ldap_netgroup_search_base (cadena) ldap_user_search_base (cadena) ldap_group_search_base (cadena) ldap_user_search_filter (cadena) Esta opción especifica un criterio de filtro de búsqueda LDAP adicional que restringe las búsquedas del usuario. Esta opción está obsoleta en favor de la sintaxis utilizada por ldap_user_search_base. Predeterminado: no definido Ejemplo: ldap_user_search_filter = (loginShell=/bin/tcsh) Este filtro restringiría las búsquedas del usuario a los usuario que tengan su shell fijado en /bin/tcsh. ldap_group_search_filter (cadena) Esta opción especifica un criterio de filtro de búsqueda LDAP adicional que restringe las búsquedas de grupo. Esta opción está obsoleta en favor de la sintaxis utilizada por ldap_user_search_base. Predeterminado: no definido ldap_sudo_search_base (cadena) ldap_autofs_search_base (cadena) EJEMPLO El siguiente ejemplo asume que SSSS está configurado correctamente y LDAP está fijado a uno de los dominios de la sección [domains]. [domain/LDAP] id_provider = ldap auth_provider = ldap ldap_uri = ldap://ldap.mydomain.org ldap_search_base = dc=mydomain,dc=org ldap_tls_reqcert = demand cache_credentials = true NOTAS Las descripciones de algunas de las opciones de configuración en esta página de manual están basadas en la página de manual ldap.conf 5 de la distribución OpenLDAP 2.4. sssd-1.11.5/src/man/es/PaxHeaders.13173/sssd_krb5_locator_plugin.8.xml0000644000000000000000000000013212320753573023416 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/sssd_krb5_locator_plugin.8.xml0000664002412700241270000000470012320753573023646 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sssd_krb5_locator_plugin 8 sssd_krb5_locator_plugin El archivo de configuración de SSSD DESCRIPCION The Kerberos locator plugin sssd_krb5_locator_plugin is used by the Kerberos provider of sssd 8 to tell the Kerberos libraries what Realm and which KDC to use. Typically this is done in krb5.conf 5 which is always read by the Kerberos libraries. To simplify the configuration the Realm and the KDC can be defined in sssd.conf 5 as described in sssd-krb5 5 sssd 8 pone el Reino y el nombre o dirección IP del KDC en las variables de entorno SSSD_KRB5_REALM y SSSD_KRB5_KDC respectivamente. Cuando sssd_krb5_locator_plugin es llamado por las librerías kerberos lee y evalúa estas variables y se las devuelve a las librerías. NOTAS No todas las implementaciones Kerberos soportan el uso de plugins. Si sssd_krb5_locator_plugin no está disponible en su sistema usted tiene que editar /etc/krb5.conf para reflejar sus ajustes Kerberos. Si la variable de entorno SSSD_KRB5_LOCATOR_DEBUR está fijada a cualquier valor los mensajes de depuración se enviarán a stderr. sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_debuglevel.8.xml0000644000000000000000000000013212320753573021424 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/sss_debuglevel.8.xml0000664002412700241270000000442512320753573021660 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_debuglevel 8 sss_debuglevel cambia el nivel de depuración mientras SSSD está corriendo sss_debuglevel options NEW_DEBUG_LEVEL DESCRIPCION sss_debuglevel cambia el nivel de depuración del monitor y proveedores SSSD a NEW_DEBUG_LEVEL mientras SSSD está corriendo. OPCIONES , Especifica un fichero de configuración distinto al de por defecto. El por defecto es /etc/sssd/sssd.conf. Para referencia sobre las opciones y sintaxis del fichero de configuración, consulta la página de manual sssd.conf 5 . NEW_DEBUG_LEVEL sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_groupshow.8.xml0000644000000000000000000000013212320753573021343 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/sss_groupshow.8.xml0000664002412700241270000000413412320753573021574 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_groupshow 8 sss_groupshow imprime las propiedades de un grupo sss_groupshow options GRUPO DESCRIPCION sss_groupshow muestra información sobre un grupo identificado por su nombre GROUP. La información incluye el número de ID del grupo, miembros del grupo y padres del grupo. OPCIONES , También imprime miembros indirectos del grupo en una jerarquía de árbol. Advierta que esto también afecta a la impresión de los grupos padres – sin ,, sólo se imprimirá los padres directos. sssd-1.11.5/src/man/es/PaxHeaders.13173/sss_groupadd.8.xml0000644000000000000000000000013212320753573021113 xustar000000000000000030 mtime=1396955003.496843875 30 atime=1396955003.496843875 30 ctime=1396955003.496843875 sssd-1.11.5/src/man/es/sss_groupadd.8.xml0000664002412700241270000000371212320753573021345 0ustar00jhrozekjhrozek00000000000000 Páginas de manual de SSSD sss_groupadd 8 sss_groupadd Crea un nuevo grupo sss_groupadd options GRUPO DESCRIPCION sss_groupadd cre un nuevo grupo. Estos grupos son compatibles con grupos POXIS, con la característica adicional que pueden contener otros grupos como miembros. OPCIONES , GID Fija el GID del grupo al valor de GID. Si no se da, se elige automáticamente. sssd-1.11.5/src/man/PaxHeaders.13173/zh_CN0000644000000000000000000000013212320753573016043 xustar000000000000000030 mtime=1396955003.529843851 30 atime=1396955003.535843846 30 ctime=1396955003.529843851 sssd-1.11.5/src/man/zh_CN/0000775002412700241270000000000012320753573016347 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/zh_CN/PaxHeaders.13173/include0000644000000000000000000000013012320753573017464 xustar000000000000000029 mtime=1396955003.53084385 30 atime=1396955003.535843846 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/0000755002412700241270000000000012320753573017770 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000012712320753573023713 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/ldap_search_bases.xml0000664002412700241270000000165112320753573024141 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000012712320753573022401 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/param_help.xml0000664002412700241270000000032312320753573022622 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/failover.xml0000644000000000000000000000012712320753573022100 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/failover.xml0000664002412700241270000000425312320753573022327 0ustar00jhrozekjhrozek00000000000000 FAILOVER The failover feature allows back ends to automatically switch to a different server if the current server fails. Failover Syntax The list of servers is given as a comma-separated list; any number of spaces is allowed around the comma. The servers are listed in order of preference. The list can contain any number of servers. For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. The Failover Mechanism The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other service. If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service. The machine is still considered online and might still be tried for another service. Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded to 30 seconds. If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds. sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000012712320753573022731 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/debug_levels.xml0000664002412700241270000000506612320753573023163 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Currently supported debug levels: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: To log fatal failures, critical failures, serious failures and function data use 0x0270. Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000012712320753573021724 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/seealso.xml0000664002412700241270000000467612320753573022164 0ustar00jhrozekjhrozek00000000000000 另见 sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000012712320753573022131 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/upstream.xml0000664002412700241270000000020212320753573022346 0ustar00jhrozekjhrozek00000000000000 SSSD The SSSD upstream - http://fedorahosted.org/sssd sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000012712320753573023111 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/param_help_py.xml0000664002412700241270000000032312320753573023332 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000012712320753573023336 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/autofs_restart.xml0000664002412700241270000000035312320753573023562 0ustar00jhrozekjhrozek00000000000000 Please note that the automounter only reads the master map on startup, so if any autofs-related changes are made to the sssd.conf, you typically also need to restart the automounter daemon after restarting the SSSD. sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000012712320753573022766 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/experimental.xml0000664002412700241270000000016712320753573023215 0ustar00jhrozekjhrozek00000000000000 This is an experimental feature, please use http://fedorahosted.org/sssd to report any issues. sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000012712320753573023400 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/ldap_id_mapping.xml0000664002412700241270000002227712320753573023635 0ustar00jhrozekjhrozek00000000000000 ID MAPPING The ID-mapping feature allows SSSD to act as a client of Active Directory without requiring administrators to extend user attributes to support POSIX attributes for user and group identifiers. NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are ignored. This is to avoid the possibility of conflicts between automatically-assigned and manually-assigned values. If you need to use manually-assigned values, ALL values must be manually-assigned. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Mapping Algorithm Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object. The SSSD ID-mapping algorithm takes a range of available UIDs and divides it into equally-sized component sections - called "slices"-. Each slice represents the space available to an Active Directory domain. When a user or group entry for a particular domain is encountered for the first time, the SSSD allocates one of the available slices for that domain. In order to make this slice-assignment repeatable on different client machines, we select the slice based on the following algorithm: The SID string is passed through the murmurhash3 algorithm to convert it to a 32-bit hashed value. We then take the modulus of this value with the total number of available slices to pick the slice. NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice). In this situation, it is recommended to either switch to using explicit POSIX attributes in Active Directory (disabling ID-mapping) or configure a default domain to guarantee that at least one is always consistent. See Configuration for details. Configuration Minimum configuration (in the [domain/DOMAINNAME] section): ldap_id_mapping = True ldap_schema = ad The default configuration results in configuring 10,000 slices, each capable of holding up to 200,000 IDs, starting from 10,001 and going up to 2,000,100,000. This should be sufficient for most deployments. Advanced Configuration ldap_idmap_range_min (integer) Specifies the lower bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from min_id in that min_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have min_id be less-than or equal to ldap_idmap_range_min Default: 200000 ldap_idmap_range_max (integer) Specifies the upper bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from max_id in that max_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have max_id be greater-than or equal to ldap_idmap_range_max Default: 2000200000 ldap_idmap_range_size (integer) Specifies the number of IDs available for each slice. If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can. Default: 200000 ldap_idmap_default_domain_sid (string) Specify the domain SID of the default domain. This will guarantee that this domain will always be assigned to slice zero in the ID map, bypassing the murmurhash algorithm described above. Default: not set ldap_idmap_default_domain (string) Specify the name of the default domain. Default: not set ldap_idmap_autorid_compat (boolean) Changes the behavior of the ID-mapping algorithm to behave more similarly to winbind's idmap_autorid algorithm. When this option is configured, domains will be allocated starting with slice zero and increasing monatomically with each additional domain. NOTE: This algorithm is non-deterministic (it depends on the order that users and groups are requested). If this mode is required for compatibility with machines running winbind, it is recommended to also use the ldap_idmap_default_domain_sid option to guarantee that at least one domain is consistently allocated to slice zero. Default: False sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000012712320753573026470 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/ldap_search_bases_experimental.xml0000664002412700241270000000203612320753573026714 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000012712320753573024020 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/service_discovery.xml0000664002412700241270000000322712320753573024247 0ustar00jhrozekjhrozek00000000000000 SERVICE DISCOVERY The service discovery feature allows back ends to automatically find the appropriate servers to connect to using a special DNS query. This feature is not supported for backup servers. Configuration If no servers are specified, the back end automatically uses service discovery to try to find a server. Optionally, the user may choose to use both fixed server addresses and service discovery by inserting a special keyword, _srv_, in the list of servers. The order of preference is maintained. This feature is useful if, for example, the user prefers to use service discovery whenever possible, and fall back to a specific server when no servers can be discovered using DNS. The domain name Please refer to the dns_discovery_domain parameter in the sssd.conf 5 manual page for more details. The protocol The queries usually specify _tcp as the protocol. Exceptions are documented in respective option description. See Also For more information on the service discovery mechanism, refer to RFC 2782. sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/local.xml0000644000000000000000000000012712320753573021363 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/local.xml0000664002412700241270000000134512320753573021611 0ustar00jhrozekjhrozek00000000000000 THE LOCAL DOMAIN In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd 8 ) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. sssd-1.11.5/src/man/zh_CN/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000012712320753573023617 xustar000000000000000029 mtime=1396955003.53084385 29 atime=1396955003.53084385 29 ctime=1396955003.53084385 sssd-1.11.5/src/man/zh_CN/include/override_homedir.xml0000664002412700241270000000313012320753573024037 0ustar00jhrozekjhrozek00000000000000 override_homedir (string) Override the user's home directory. You can either provide an absolute value or a template. In the template, the following sequences are substituted: %u login name %U UID number %d domain name %f fully qualified user name (user@domain) %o The original home directory retrieved from the identity provider. %% a literal '%' This option can also be set per-domain. example: override_homedir = /home/%u Default: Not set (SSSD will use the value retrieved from LDAP) sssd-1.11.5/src/man/PaxHeaders.13173/fr0000644000000000000000000000013212320753573015451 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.535843846 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/0000775002412700241270000000000012320753573015755 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/fr/PaxHeaders.13173/sssd-ipa.5.xml0000644000000000000000000000013212320753573020136 xustar000000000000000030 mtime=1396955003.499843873 30 atime=1396955003.499843873 30 ctime=1396955003.499843873 sssd-1.11.5/src/man/fr/sssd-ipa.5.xml0000664002412700241270000010110112320753573020357 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sssd-ipa 5 Formats de fichier et conventions sssd-ipa Le fichier de configuration pour SSSD DESCRIPTION Cette page de manuel décrit la configuration du fournisseur IPA pour sssd 8 . Pour une référence détaillée sur la syntaxe, veuillez regarder la section FORMAT DE FICHIER de la page de manuel sssd.conf 5 . Le fournisseur IPA est le moteur pour se connecter à un serveur IPA. (Cf. le site freeipa.org pour plus d'informations sur les serveurs IPA). Ce fournisseur nécessite que la machine soit joignable pour le domaine IPA ; la configuration est presque entièrement obtenue et auto-découverte à partir du serveur. Le fournisseur IPA accepte les mêmes options utilisées par le fournisseur d'identité sssd-ldap 5 et le fournisseur d'authentification sssd-krb5 5 avec les quelques exceptions décrites ci-dessous. Toutefois, il n'est ni nécessaire ni recommandé de définir ces options. Le fournisseur IPA peut également servir comme fournisseur d'accès et chpass. En tant que fournisseur d'accès, il utilise des règles HBAC (host-based access control). Veuillez consulter freeipa.org pour plus d'informations sur HBAC. Aucune configuration de fournisseur d'accès n'est requise côté client. Le fournisseur IPA utilisera le répondeur PAC si les tickets Kerberos d'utilisateurs de domaines Kerberos approuvés contiennent un PAC. Pour rendre la configuration plus facile, le répondeur PAC est démarré automatiquement si le fournisseur d'ID de IPA est configuré. OPTIONS DE CONFIGURATION Se référer à la section SECTIONS DE DOMAINE de la page de manuel sssd.conf 5 pour les détails sur la configuration d'un domaine SSSD. ipa_domain (chaîne) Définit le nom du domaine IPA. Facultatif, s'il n'est pas fourni, le nom de domaine de la configuration est utilisé. ipa_server, ipa_backup_server (string) La liste par ordre de préférence séparée par des virgules des adresses IP ou des noms de systèmes des serveurs IPA auxquels SSSD doit se connecter . Pour plus d'informations sur la redondance de serveurs et le basculement, consulter la section de BASCULEMENT. Ceci est facultatif si la découverte automatique est activée. Pour plus d'informations sur la découverte de services, se reporter à la section de DÉCOUVERTE DE SERVICE. ipa_hostname (chaîne) Facultatif. Peut être défini pour des machines dont le hostname(5) ne reflète pas le nom de domaine pleinement qualifié du domaine IPA pour identifier l'hôte. dyndns_update (booléen) Facultatif. Cette option indique à SSSD de mettre à jour automatiquement le serveur DNS intégré à IPA v2 avec l'adresse IP de ce client. La mise à jour est sécurisée avec GSS-TSIG. L'adresse IP de la connexion LDAP IPA est utilisée pour les mises à jour, à moins qu'elle ne soit spécifiée par l'utilisation de l'option dyndns_iface. NOTE : Sur les systèmes plus anciens (tels que RHEL 5), afin que ce comportement fonctionne de façon fiable, le domaine Kerberos par défaut doit être défini correctement dans /etc/krb5.conf REMARQUE : Bien qu'il soit toujours possible d'utiliser l'ancienne option ipa_dyndns_update, les utilisateurs doivent maintenant utiliser dyndns_update dans leur fichier de configuration. Par défaut : false dyndns_ttl (entier) Le TTL à appliquer à l'enregistrement du client DNS lors de sa mise à jour. Si dyndns_update a la valeur false, cela n'a aucun effet. Cela remplacera le TTL côté serveur s'il est défini par un administrateur. REMARQUE : Bien qu'il soit toujours possible d'utiliser l'ancienne option ipa_dyndns_ttl, les utilisateurs doivent maintenant utiliser dyndns_ttl dans leur fichier de configuration. Par défaut : 1200 (secondes) dyndns_iface (chaîne) Facultatif. Applicable seulement quand dyndns_update est vrai. Choisit l'interface dont l'adresse IP sera utilisée pour les mises à jour dynamiques du DNS. REMARQUE : Bien qu'il soit toujours possible d'utiliser l'ancienne option ipa_dyndns_iface, les utilisateurs doivent maintenant utiliser dyndns_iface dans leur fichier de configuration. Par défaut : utilise l'adresse IP de la connexion IPA LDAP ipa_enable_dns_sites (booléen) Active les sites DNS - découverte de service basée sur l'emplacement Si true et que la découverte de service (cf. le paragraphe Découverte de service au bas de la page de manuel) est activée, alors SSSD tentera d'abord une découverte basée sur l'emplacement en utilisant une requête contenant « _location.hostname.example.com », puis reviendra à une découverte SRV traditionnelle. Si la découverte basée sur l'emplacement réussit, les serveurs IPA ainsi découverts sont traités comme serveurs primaires, et les serveurs identifiés via la découverte basée sur les enregistrements SRV seront utilisés comme serveurs de repli Par défaut : false dyndns_refresh_interval (entier) Fréquence de mise à jour des DNS par le moteur en plus des mises à jour automatiques effectuées lorsque le moteur arrive en ligne. Cette option est facultative, et n'est applicable que lorsque l'option dyndns_update est configurée à true. Par défaut : 0 (désactivé) dyndns_update_ptr (booléen) Selon que l'enregistrement PTR doit être explicitement mis à jour lors de la mise à jour des enregistrements DNS du client. Applicable uniquement lorsque l'option dyndns_update est configurée à true. Cette option doit être positionnée à False pour la plupart des déploiements IPA, puisque le serveur IPA crée les enregistrements PTR automatiquement quand les enregistrements directs sont modifiés. Par défaut : False (désactivé) dyndns_force_tcp (booléen) Selon que l'utilitaire nsupdate doit utiliser TCP par défaut pour la communication avec le serveur DNS. Par défaut : False (laisser nsupdate choisir le protocole) ipa_hbac_search_base (chaîne) Facultatif. Utilise la chaîne donnée comme base de recherche pour les objets HBAC associés. Par défaut : utilise le DN de base ipa_host_search_base (string) Facultatif. Utiliser la chaîne donnée comme base de recherche pour héberger des objets. Cf. ldap_search_base pour plus d'informations sur la configuration des bases de recherche multiples. Si le filtre est donné dans l'une des bases de recherche et ipa_hbac_support_srchost a la valeur False, le filtre sera ignoré. Par défaut : la valeur de ldap_search_base ipa_selinux_search_base (string) Facultatif. Utiliser la chaîne donnée comme base de recherche pour les mappages utilisateur SELinux. Cf. ldap_search_base pour plus d'informations sur la configuration des bases de recherche multiples. Par défaut : la valeur de ldap_search_base ipa_subdomains_search_base (string) Facultatif. Utiliser la chaîne donnée comme base de recherche pour les domaines approuvés. Cf. ldap_search_base pour plus d'informations sur la configuration des bases de recherche multiples. Par défaut : la valeur de cn=trusts,%basedn ipa_master_domain_search_base (string) Facultatif. Utiliser la chaîne donnée comme base de recherche objet de domaine maître. Cf. ldap_search_base pour plus d'informations sur la configuration des bases de recherche multiples. Par défaut : la valeur de cn=ad,cn=etc,%basedn krb5_validate (booléen) Vérifie avec l'aide de krb5_keytab que le TGT obtenu n'est pas usurpé. Par défaut : true Noter que cette valeur par défaut diffère du moteur de traitement Kerberos original. krb5_realm (chaîne) Le nom du domaine Kerberos. Facultatif, prend comme valeur par défaut la valeur de ipa_domain. Le nom du domaine Kerberos a une signification spéciale dans IPA. Il est convertit en DN de base pour effectuer les opérations LDAP. krb5_canonicalize (booléen) Spécifie si l'hôte et l'utilisateur principal doivent être rendus canoniques lors des connexions au serveur LDAP de IPA, mais aussi pour les requêtes AS. Cette fonctionnalité est disponible avec MIT Kerberos > = 1.7 Par défaut : true krb5_use_fast (chaîne) Active le flexible authentication secure tunneling (FAST) pour la pré-authentification Kerberos. Les options suivantes sont supportées : never use FAST. try to use FAST. If the server does not support FAST, continue the authentication without it. This is equivalent to not setting this option at all. imposer d'utiliser FAST. L'authentification échoue si le serveur ne requiert pas FAST. Default: try NOTE : SSSD prend en charge le paramètre FAST uniquement avec MIT Kerberos version 1.8 et au-delà. L'utilisation de SSSD avec une version antérieure de MIT Kerberos avec cette option est une erreur de configuration. ipa_hbac_refresh (entier) Le temps entre deux recherches de règles HBAC sur un serveur IPA. Cela permet de réduire le temps de latence et la charge du serveur IPA si il y a beaucoup de requêtes de contrôle d'accès sur une courte période. Par défaut : 5 (secondes) ipa_hbac_selinux (entier) Le temps entre les recherches de cartes SELinux sur un serveur IPA. Cela réduit le temps de latence et la charge du serveur IPA s'il y a beaucoup de requêtes de connexions utilisateurs sur une courte période. Par défaut : 5 (secondes) ipa_hbac_treat_deny_as (chaîne) Cette option indique comment utiliser les règles HBAC obsolètes de type DENY. À partir de FreeIPA v2.1, les règles DENY ne sont plus prises en charge sur le serveur. Tous les utilisateurs de FreeIPA doivent modifier leurs règles pour utiliser uniquement les règles ALLOW. Le client prendra en charge les deux modes opératoires pendant cette période de transition : DENY_ALL : si une règle DENY HBAC est détectée, aucun utilisateur ne pourra se connecter. IGNORE : SSSD ignorera toutes les règles DENY. Attention avec cette option, elle peut ouvrir des accès imprévus. Par défaut : DENY_ALL ipa_hbac_support_srchost (booléen) Si false, srchost tel qu'il figure à SSSD par PAM sera ignoré. Noter que si la valeur False, cette option implique que les filtres donnés en ipa_host_search_base seront ignorés ; Par défaut : false ipa_server_mode (booléen) This option should only be set by the IPA installer. Cette option indique que SSSD fonctionne sur un serveur IPA et doit effectuer différemment ses recherches d'utilisateurs et groupes depuis les domaines approuvés. Par défaut : false ipa_automount_location (string) L'emplacement à automonter qu'utilisera ce client IPA Par défaut : Le lieu nommé « default » ipa_netgroup_member_of (chaîne) L'attribut LDAP qui répertorie les appartenances aux netgroups. Par défaut : memberOf ipa_netgroup_member_user (chaîne) L'attribut LDAP qui répertorie les utilisateurs et les groupes qui sont membres directs du netgroup. Par défaut : memberUser ipa_netgroup_member_host (chaîne) L'attribut LDAP qui répertorie les systèmes et les groupes de systèmes qui sont membres directs du netgroup. Par défaut : memberHost ipa_netgroup_member_ext_host (chaîne) L'attribut LDAP qui répertorie les noms de domaines complets des systèmes et des groupes de systèmes qui appartiennent au groupe réseau. Par défaut : externalHost ipa_netgroup_domain (chaîne) L'attribut LDAP qui contient le nom de domaine NIS du netgroup. Par défaut : nisDomainName ipa_host_object_class (chaîne) La classe de l'objet d'une entrée d'hôte dans l'annuaire LDAP. Par défaut : ipaHost ipa_host_fqdn (chaîne) L'attribut LDAP qui contient le nom de domaine complet du système. Par défaut : nom de domaine complet ipa_selinux_usermap_object_class (string) La classe de l'objet d'une entrée d'hôte dans l'annuaire LDAP. Par défaut : ipaHost ipa_selinux_usermap_name (string) L'attribut LDAP qui contient le nom de SELinux usermap. Par défaut : cn ipa_selinux_usermap_member_user (string) L'attribut LDAP qui contient tous les utilisateurs / groupes correspondant à cette règle. Par défaut : memberUser ipa_selinux_usermap_member_host (string) L'attribut LDAP qui contient tous les hôtes / hostgroups correspondant à cette règle. Par défaut : memberHost ipa_selinux_usermap_see_also (string) L'attribut LDAP qui contient le DN de la règle de HBAC qui peut être utilisé pour la correspondance au lieu de memberUser et memberHost Par défaut : seeAlso ipa_selinux_usermap_selinux_user (string) L'attribut LDAP qui contient la chaîne utilisateur SELinux. Par défaut : ipaSELinuxUser ipa_selinux_usermap_enabled (string) L'attribut LDAP qui contient le fait que la carte utilisateur est activée pour utilisation ou non. Par défaut : ipaEnabledFlag ipa_selinux_usermap_user_category (string) L'attribut LDAP qui contient la catégorie utilisateur tels que « all ». Par défaut : userCategory ipa_selinux_usermap_host_category (string) L'attribut LDAP qui contient la catégorie hôte tels que « all ». Par défaut : hostCategory ipa_selinux_usermap_uuid (string) L'attribut LDAP qui contient l'ID unique de la carte de l'utilisateur. Par défaut : ipaUniqueID ipa_host_ssh_public_key (string) L'attribut LDAP qui contient les clés publiques SSH de l'hôte. Par défaut : ipaSshPubKey FOURNISSEURS DE SOUS-DOMAINES Le fournisseur de sous-domaines IPA se comporte un peu différemment s'il est configuré explicitement ou implicitement. Si l'option « subdomains_provider = ipa » se trouve dans la section domaine de sssd.conf, le fournisseur de sous-domaines d'IPA est configuré explicitement, et toutes les demandes de sous-domaines sont envoyées au serveur IPA si nécessaire. Si l'option « subdomains_provider » n'est pas définie dans la section domaine de sssd.conf, mais qu'il y a l'option « id_provider = ipa », le fournisseur de sous-domaines IPA est configuré implicitement. Dans ce cas, si une demande de sous-domaine échoue et indique que le serveur ne prend pas en charge les sous-domaines, c'est-à-dire qu'il n'est pas configuré pour les relations d'approbations, le fournisseur de sous-domaines IPA est désactivé. Après une heure ou après que le fournisseur IPA arrive en ligne, le fournisseur de sous-domaines est à nouveau activé. EXEMPLE L'exemple suivant suppose que SSSD est correctement configuré et example.com est un des domaines de la section [sssd]. Ces exemples montrent seulement les options spécifiques au fournisseur IPA. [domain/example.com] id_provider = ipa ipa_server = ipaserver.example.com ipa_hostname = myhost.example.com sssd-1.11.5/src/man/fr/PaxHeaders.13173/pam_sss.8.xml0000644000000000000000000000013212320753573020063 xustar000000000000000030 mtime=1396955003.499843873 30 atime=1396955003.499843873 30 ctime=1396955003.499843873 sssd-1.11.5/src/man/fr/pam_sss.8.xml0000664002412700241270000001325412320753573020317 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD SSSD Le projet SSSD - http://fedorahosted.org/sssd pam_sss 8 pam_sss Module PAM pour SSSD pam_sss.so quiet forward_pass use_first_pass use_authtok retry=N ignore_unknown_user DESCRIPTION pam_sss.so est l'interface PAM pour le démon des services de sécurité système (SSSD). Les erreurs et résultats sont journalisés par syslog(3) avec l'argument LOG_AUTHPRIV. OPTIONS Supprimer les messages de journal pour les utilisateurs inconnus. Si est défini, le mot de passe saisi est inséré en mémoire pour les autres modules PAM utilisés. L'argument use_first_pass force le module à utliser un module de mot de passe déjà en mémoire et n'en fera jamais la demande à l'utilisateur. Si aucun mot de passe n'est disponible ou que celui-ci n'est pas approprié, l'utilisateur verra son accès refusé. Lorsque le changement de mot de passe force le module à modifier le mot de passe par celui fourni par un module de mot de passe déjà chargé en mémoire. Si définit, on demande le mot de passe à l'utilisateur encore N fois si l'authentification échoue. Par défaut : 0. Veuillez noter que cette option peut ne pas fonctionner comme attendu si l'application qui appelle PAM gère lui-même les dialogues avec l'utilisateur. Un exemple typique est sshd avec . If this option is specified and the user does not exist, the PAM module will return PAM_IGNORE. This causes the PAM framework to ignore this module. TYPES DE MODULES FOURNIS Tous les types de module (, , et ) sont fournis. FICHIERS Si une réinitialisation par root d'un mot de passe échoue parce que le fournisseur SSSD correspondant ne prend pas en charge la réinitialisation de mot de passe, un message spécifique peut être affiché. Ce message peut, par exemple, contenir les instructions permettant la réinitialisation. Le message est lu depuis le fichier pam_sss_pw_reset_message.LOC où LOC représente une chaîne de paramètres régionaux retournée par setlocale 3. Si il n'y a aucun fichier correspondant, le contenu de pam_sss_pw_reset_message.txt est affiché. L'utilisateur root doit être le propriétaire des fichiers et seul root peut avoir les autorisations en lecture et en écriture alors que tous les autres utilisateurs doivent avoir les autorisations en lecture seule. Ces fichiers sont recherchés dans le dossier /etc/sssd/customize/NOM_DE_DOMAINE/. Si aucun fichier correspondant n'est présent, un message spécifique est affiché. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sssd-ad.5.xml0000644000000000000000000000013212320753573017751 xustar000000000000000030 mtime=1396955003.499843873 30 atime=1396955003.499843873 30 ctime=1396955003.499843873 sssd-1.11.5/src/man/fr/sssd-ad.5.xml0000664002412700241270000004114112320753573020201 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sssd-ad 5 Formats de fichier et conventions sssd-ad Le fichier de configuration pour SSSD DESCRIPTION Cette page de manuel décrit la configuration du fournisseur AD pour sssd 8 . Pour une référence détaillée sur la syntaxe, cf. la section FORMAT DE FICHIER de la page de manuel sssd.conf 5 . Le fournisseur AD est un moteur utilisé pour se connecter à un serveur Active Directory. Ce fournisseur exige que la machine soit jointe au domaine AD et qu'un fichier keytab soit disponible. Le fournisseur AD prend en charge la connexion à Active Directory 2008 R2 ou ultérieures. Les versions antérieures peuvent fonctionner, mais ne sont pas supportées. The AD provider is able to provide identity information and authentication for entities from trusted domains as well. Currently only trusted domains in the same forest are recognized. Le fournisseur AD accepte les mêmes options utilisées par le fournisseur d'identité sssd-ldap 5 et le fournisseur d'authentification sssd-krb5 5 avec les quelques exceptions décrites ci-dessous. However, it is neither necessary nor recommended to set these options. The AD provider can also be used as an access, chpass and sudo provider. No configuration of the access provider is required on the client side. By default, the AD provider will map UID and GID values from the objectSID parameter in Active Directory. For details on this, see the ID MAPPING section below. If you want to disable ID mapping and instead rely on POSIX attributes defined in Active Directory, you should set ldap_id_mapping = False In order to retrieve users and groups using POSIX attributes from trusted domains, the AD administrator must make sure that the POSIX attributes are replicated to the Global Catalog. Users, groups and other entities served by SSSD are always treated as case-insensitive in the AD provider for compatibility with Active Directory's LDAP implementation. OPTIONS DE CONFIGURATION Se référer à la section SECTIONS DE DOMAINE de la page de manuel sssd.conf 5 pour les détails sur la configuration d'un domaine SSSD. ad_domain (string) Spécifie le nom du domaine Active Directory. Ceci est facultatif. S'il n'est pas fourni, le nom de domaine de la configuration est utilisé. Pour un fonctionnement correct, cette option doit être le nom long du domaine Active Directory, spécifié en minuscules. Le nom de domaine court (aussi connu comme le nom NetBIOS ou nom plat) est autodétecté par SSSD. ad_server, ad_backup_server (string) La liste par ordre de préférence séparée par des virgules des noms de systèmes des serveurs AD auquel SSSD doit se connecter. Pour plus d'informations sur la redondance de serveurs et le basculement, consulter la section BASCULEMENT. Ceci est optionnel si la découverte automatique est activée. Pour plus d'informations sur la découverte de services, se reporter à la section de DÉCOUVERTE DE SERVICE. ad_hostname (string) Facultatif. Peut être défini sur les machines où le hostname(5) ne reflète pas le nom pleinenent qualifié utilisé dans le domaine Active Directory pour identifier ce système. Ce champ est utilisé pour déterminer le principal d'hôte utilisé dans un fichier keytab. Elle doit correspondre au nom du système pour lequel a été publié un fichier keytab. ad_enable_dns_sites (booléen) Active les sites DNS - découverte de service basée sur l'emplacement Si configuré à true et que la découverte de service (cf. le paragraphe Découverte de service au bas de la page de manuel) est activée, SSSD tentera d'abord de découvrir le serveur Active Directory auquel se connecter en utilisant Active Directory Site Discovery, puis se repliera sur l'utilisation des enregistrements DNS SRV si aucun site AD n'est trouvé. La configuration SRV du DNS, incluant la découverte de domaine, est aussi utilisée pendant la découverte de site. Par défaut : true ad_access_filter (boolean) This option specifies LDAP access control filter that the user must match in order to be allowed access. Please note that the access_provider option must be explicitly set to ad in order for this option to have an effect. The option also supports specifying different filters per domain or forest. This extended filter would consist of: KEYWORD:NAME:FILTER. The keyword can be either DOM, FOREST or missing. If the keyword equals to DOM or is missing, then NAME specifies the domain or subdomain the filter applies to. If the keyword equals to FOREST, then the filter equals to all domains from the forest specified by NAME. Multiple filters can be separated with the ? character, similarly to how search bases work. The most specific match is always used. For example, if the option specified filter for a domain the user is a member of and a global filter, the per-domain filter would be applied. If there are more matches with the same specification, the first one is used. Exemples : # apply filter on domain called dom1 only: dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com) # apply filter on domain called dom2 only: DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com) # apply filter on forest called EXAMPLE.COM only: FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com) Default: Not set ad_enable_gc (boolean) By default, the SSSD connects to the Global Catalog first to retrieve users from trusted domains and uses the LDAP port to retrieve group memberships or as a fallback. Disabling this option makes the SSSD only connect to the LDAP port of the current AD server. Please note that disabling Global Catalog support does not disable retrieving users from trusted domains. The SSSD would connect to the LDAP port of trusted domains instead. However, Global Catalog must be used in order to resolve cross-domain group memberships. Par défaut : true dyndns_update (booléen) Facultatif. Cette option indique à SSSD de mettre à jour automatiquement le serveur DNS intégré à IPA v2 avec l'adresse IP de ce client. La mise à jour est sécurisée avec GSS-TSIG. Ainsi, l'administrateur Active Directory a uniquement besoin d'activer les mises à jour sécurisées pour la zone DNS. L'adresse IP de la connexion LDAP AD est utilisée pour les mises à jour, à moins qu'elle ne soit spécifiée par l'utilisation de l'option dyndns_iface. NOTE : Sur les systèmes plus anciens (tels que RHEL 5), afin que ce comportement fonctionne de façon fiable, le domaine Kerberos par défaut doit être défini correctement dans /etc/krb5.conf Par défaut : true dyndns_ttl (entier) Le TTL à appliquer à l'enregistrement du client DNS lors de sa mise à jour. Si dyndns_update a la valeur false, cela n'a aucun effet. Cela remplacera le TTL côté serveur s'il est défini par un administrateur. Par défaut : 3600 (secondes) dyndns_iface (chaîne) Facultatif. Applicable seulement quand dyndns_update est vrai. Choisit l'interface dont l'adresse IP sera utilisée pour les mises à jour dynamiques du DNS. Par défaut : utilise l'adresse IP de la connexion LDAP AD dyndns_refresh_interval (entier) Fréquence de mise à jour des DNS par le moteur en plus des mises à jour automatiques effectuées lorsque le moteur arrive en ligne. Cette option est facultative, et n'est applicable que lorsque l'option dyndns_update est configurée à true. Par défaut : 86400 (24 heures) dyndns_update_ptr (booléen) Selon que l'enregistrement PTR doit être explicitement mis à jour lors de la mise à jour des enregistrements DNS du client. Applicable uniquement lorsque l'option dyndns_update est configurée à true. Par défaut : True dyndns_force_tcp (booléen) Selon que l'utilitaire nsupdate doit utiliser TCP par défaut pour la communication avec le serveur DNS. Par défaut : False (laisser nsupdate choisir le protocole) krb5_use_enterprise_principal (booléen) Indique si le principal de l'utilisateur doit être traité comme un principal d'entreprise. Cf. la section 5 de la RFC 6806 pour plus de détails sur les principals d'entreprise. Par défaut : true Noter que cette valeur par défaut diffère du moteur de traitement Kerberos original. EXEMPLE L'exemple suivant suppose que SSSD est correctement configuré et example.com est un des domaines de la section [sssd]. Ces exemples montrent seulement les options spécifiques au fournisseur AD. [domain/EXAMPLE] id_provider = ad auth_provider = ad access_provider = ad chpass_provider = ad ad_server = dc1.example.com ad_hostname = client.example.com ad_domain = example.com NOTES Le fournisseur de contrôle d'accès AD vérifie si le compte a expiré. Cela a le même effet que la configuration suivante du fournisseur LDAP : access_provider = ldap ldap_access_order = expire ldap_account_expire_policy = ad Cependant, à moins que le fournisseur de contrôle d'accès ad soit explicitement configué, le fournisseur de contrôle d'accès par défaut est permit. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_cache.8.xml0000644000000000000000000000013212320753573020351 xustar000000000000000030 mtime=1396955003.499843873 30 atime=1396955003.499843873 30 ctime=1396955003.499843873 sssd-1.11.5/src/man/fr/sss_cache.8.xml0000664002412700241270000001442512320753573020606 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_cache 8 sss_cache effectue le nettoyage du cache sss_cache options DESCRIPTION sss_cache invalide les enregistrements en cache de SSSD. Les documents invalidés sont obligés d'être rechargés à partir de leur serveur d'origine dès que le moteur SSSD redevient disponible en ligne. OPTIONS , Invalider toutes les entrées en cache hors règles sudo. , login Invalider un utilisateur spécifique. , L'annulation de tous les enregistrements d'utilisateur. Cette option prend le pas sur l'invalidation d'un utilisateur spécifique, si elle a été également configuré. , group L'annulation de groupe spécifique. , L'annulation de tous les enregistrements de groupe. Cette option prend le pas sur l'invalidation d'un groupe spécifique si elle a été également définie. , netgroup Invalide un netgroup spécifique. , Invalider tous les enregistrements de netgroup. Cette option prend le pas sur l'invalidation de netgroup spécifiques s'il a été également définie. , service Invalider le service spécifique. , Invalider tous les enregistrements de service. Cette option se substitue à l'invalidation de service spécifique s'elle a également été définie. , autofs-map Invalider des cartes autofs spécifiques. , Invalider toutes les cartes autofs. Cette option remplace l'invalidation de carte spécifique s'elle a également été définie. , domain Restreindre le processus d'invalidation à un domaine particulier. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sssd-krb5.5.xml0000644000000000000000000000013212320753573020230 xustar000000000000000030 mtime=1396955003.499843873 30 atime=1396955003.499843873 30 ctime=1396955003.499843873 sssd-1.11.5/src/man/fr/sssd-krb5.5.xml0000664002412700241270000005530012320753573020462 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sssd-krb5 5 Formats de fichier et conventions sssd-krb5 Le fichier de configuration pour SSSD DESCRIPTION Cette page de manuel décrit la configuration du moteur d'authentification de Kerberos 5 pour sssd 8 . Pour une référence détaillée sur la syntaex, veuillez vous référer à la section FORMAT DE FICHIER du manuel de sssd.conf 5 . Le moteur d'authentification Kerberos 5 contient les fournisseurs d'authentification et de changement de mot de passe. Il doit être couplé avec un fournisseur d'identité de manière à fonctionner proprement (par exemple, id_provider = ldap). Plusieurs informations requises par le moteur d'authentification Kerberos 5 doivent être fournies par le fournisseur d'identité, telles que le nom du principal de l'utilisateur Kerberos (UPN). La configuration du fournisseur d'identité doit avoir une entrée pour spécifier l'UPN. Veuillez vous référer aux pages du manuel du fournisseur d'identité ad-hoc pour pouvoir le configurer. Ce moteur fournit aussi un contrôle d'accès sur le fichier .k5login dans le répertoire personnel de l'utilisateur. Voir .k5login5 pour plus de détails. Veuillez noter qu'un fichier .k5login vide interdira tout accès pour cet utilisateur. Pour activer cette option, utilisez « access_provider = krb5 » dans votre configuration de SSSD. Dans le cas où l'UPN n'est pas valide dans le moteur d'identité, sssd construira un UPN en utilisant le format utilisateur@krb5_realm. OPTIONS DE CONFIGURATION Si le module auth krb5 est utilisé dans un domaine SSSD, les options suivantes doivent être utilisées. Cf. la page de manuel sssd.conf 5, section SECTIONS DOMAINE pour plus de détails sur la configuration d'un domaine SSSD. krb5_server, krb5_backup_server (string) Spécifie la liste séparée par des virgules des adresses IP ou des noms de systèmes des serveurs Kerberos auquel SSSD doit se connecter, par ordre de préférence. Pour plus d'informations sur la redondance de basculement et le serveur, consultez la section de BASCULEMENT. Un numéro de port facultatif (précédé de deux-points) peut être ajouté aux adresses ou aux noms de systèmes. Si vide, le service de découverte est activé - pour plus d'informations, se reporter à la section DÉCOUVERTE DE SERVICE. Lors de l'utilisation de découverte de services pour le KDC ou les serveurs kpasswd, SSSD recherche en premier les entrées DNS qui définissent _udp comme protocole, et passe sur _tcp si aucune entrée n'est trouvée. Cette option s'appelait krb5_kdcip dans les versions précédentes de SSSD. Bien que ce nom soit toujours reconnu à l'heure actuelle, il est conseillé de migrer les fichiers de configuration vers l'utilisation de krb5_server. krb5_realm (chaîne) Le nom du domaine Kerberos. Cette option est nécessaire et doit être renseignée. krb5_kpasswd, krb5_backup_kpasswd (string) Si le service de changement de mot de passe ne fonctionne pas sur le KDC, des serveurs de secours peuvent être définis ici. Un numéro de port facultatif (précédé par un signe deux-points) peut-être être suffixé aux adresses ou aux noms de systèmes. Pour plus d'information sur le basculement et la redondance de serveurs, voir la section BASCULEMENT. Noter que même si il n'y a plus de serveurs kpasswd à essayer, le moteur ne passe pas en mode hors-ligne si l'authentification KDC est toujours possible. Par défaut : utiliser le KDC krb5_ccachedir (chaîne) Directory to store credential caches. All the substitution sequences of krb5_ccname_template can be used here, too, except %d and %P. The directory is created as private and owned by the user, with permissions set to 0700. Par défaut : /tmp krb5_ccname_template (chaîne) Location of the user's credential cache. Three credential cache types are currently supported: FILE, DIR and KEYRING:persistent. The cache can be specified either as TYPE:RESIDUAL, or as an absolute path, which implies the FILE type. In the template, the following sequences are substituted: %u identifiant de connexion %U UID de l'utilisateur %p nom du principal %r nom de domaine %h répertoire personnel %d valeur de krb5ccache_dir %P l'ID de processus du client SSSD %% un « % » littéral If the template ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe way. When using KEYRING types, the only supported mechanism is KEYRING:persistent:%U, which uses the Linux kernel keyring to store credentials on a per-UID basis. This is also the recommended choice, as it is the most secure and predictable method. The default value for the credential cache name is sourced from the profile stored in the system wide krb5.conf configuration file in the [libdefaults] section. The option name is default_ccache_name. See krb5.conf(5)'s PARAMETER EXPANSION paragraph for additional information on the expansion format defined by krb5.conf. Default: (from libkrb5) krb5_auth_timeout (entier) Délai d'attente, en secondes, après l'annulation d'une requête d'authentification en ligne ou de changement de mot de passe. La requête d'authentification sera effectuée hors-ligne si cela est possible. Par défaut : 6 krb5_validate (booléen) Vérifie à l'aide de krb5_keytab que le TGT obtenu n'a pas été usurpé. Les entrées d'un fichier keytab sont vérifiées dans l'ordre, et la première entrée avec un domaine correspondant est utilisée pour la validation. Si aucune entrée ne correspond au domaine, la dernière entrée dans le fichier keytab est utilisée. Ce processus peut être utilisé pour valider des environnements utilisant l'approbation entre domaines en plaçant l'entrée keytab appropriée comme dernière ou comme seule entrée dans le fichier keytab. Par défaut : false krb5_keytab (chaîne) L'emplacement du fichier keytab à utiliser pour valider les données d'identification obtenues à partir de KDC. Par défaut : /etc/krb5.keytab krb5_store_password_if_offline (booléen) Stocke le mot de passe de l'utilisateur si le fournisseur est hors-ligne, puis l'utilise pour obtenir un TGT lorsque le fournisseur redevient disponible en ligne. NOTE : cette fonctionnalité n'est actuellement disponible que sur les plates-formes Linux. Les mots de passe stockés de cette manière sont conservés en texte brut dans le trousseau de clés du noyau et sont potentiellement accessibles à l'utilisateur root (avec difficulté). Par défaut : false krb5_renewable_lifetime (chaîne) Demande un ticket renouvelable avec une durée de vie totale, donnée par un entier immédiatement suivi par une unité de temps : s pour secondes m pour minutes h pour heures d pour jours. Si aucune unité n'est spécifiée, s est utilisé. NOTE : il n'est pas possible de mélanger les unités. Pour indiquer une durée de vie renouvelable de une heure et trente minutes, utiliser « 90m » au lieu de « 1h30m ». Par défaut : non défini, c'est-à-dire que le TGT n'est pas renouvelable krb5_lifetime (chaîne) Demande un ticket avec une durée de vie, donnée par un entier immédiatement suivi par une unité de temps : s pour secondes m pour minutes h pour heures d pour jours. Si aucune unité n'est spécifiée, s est utilisé. NOTE : il n'est pas possible de mélanger les unités. Pour indiquer une durée de vie de une heure et trente minutes, utiliser « 90m » au lieu de « 1h30m ». Par défaut : non défini, c'est-à-dire la durée de vie par défaut configurée dans le KDC. krb5_renew_interval (chaîne) La durée, en secondes, entre deux vérifications pour savoir si le TGT doit être renouvelé. Les TGT sont renouvelés si environ la moitié de leur durée de vie est dépassée. Indiquée par un entier immédiatement suivi d'une unité de temps : s pour secondes m pour minutes h pour heures d pour jours. Si aucune unité n'est spécifiée, s est utilisé. NOTE : il n'est pas possible de mélanger les unités. Pour indiquer une durée de vie renouvelable de une heure et trente minutes, utiliser « 90m » au lieu de « 1h30m ». Si cette option n'est pas définie ou définie à 0, le renouvellement automatique est désactivé. Par défaut : non défini krb5_use_fast (chaîne) Active le flexible authentication secure tunneling (FAST) pour la pré-authentification Kerberos. Les options suivantes sont supportées : ne jamais utiliser FAST. Ceci équivaut à ne pas définir cette option. essayer d'utiliser FAST. Si le serveur ne prend pas en charge FAST, continuer l'authentification sans. imposer d'utiliser FAST. L'authentification échoue si le serveur ne requiert pas FAST. Par défaut : non défini, i.e. FAST n'est pas utilisé. NOTE : un fichier keytab est requis pour utiliser FAST. NOTE : SSSD prend en charge le paramètre FAST uniquement avec MIT Kerberos version 1.8 et au-delà. L'utilisation de SSSD avec une version antérieure de MIT Kerberos avec cette option est une erreur de configuration. krb5_fast_principal (chaîne) Spécifie le principal de serveur afin d'utiliser FAST. krb5_canonicalize (booléen) Spécifie si les principaux du système et de l'utilisateur doivent être rendus canoniques. Cette fonctionnalité est disponible avec MIT Kerberos 1.7 et versions suivantes. Par défaut : false krb5_use_kdcinfo (booléen) Indique si SSSD doit préciser aux bibliothèques Kerberos quels domaine et KDC utiliser. Cette option est activée par défaut, si elle est désactivée, la bibliothèque Kerberos doit être configurée à l'aide du fichier de configuration krb5.conf 5 . Consulter la page de manuel de sssd_krb5_locator_plugin 8 pour plus d'informations sur le greffon de localisation. Par défaut : true krb5_use_enterprise_principal (booléen) Indique si le principal de l'utilisateur doit être traité comme un principal d'entreprise. Cf. la section 5 de la RFC 6806 pour plus de détails sur les principals d'entreprise. Default: false (AD provider: true) EXEMPLE L'exemple suivant suppose que SSSD est correctement configuré et que FOO est l'un des domaines de la section [sssd]. Cet exemple montre uniquement la configuration de l'authentification Kerberos, et n'inclut aucun fournisseur d'identité. [domain/FOO] auth_provider = krb5 krb5_server = 192.168.1.1 krb5_realm = EXAMPLE.COM sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_ssh_knownhostsproxy.1.xml0000644000000000000000000000013212320753573023473 xustar000000000000000030 mtime=1396955003.499843873 30 atime=1396955003.499843873 30 ctime=1396955003.499843873 sssd-1.11.5/src/man/fr/sss_ssh_knownhostsproxy.1.xml0000664002412700241270000000724212320753573023727 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_ssh_knownhostsproxy 1 sss_ssh_knownhostsproxy obtenir les clés d'hôtes OpenSSH sss_ssh_knownhostsproxy options HOST PROXY_COMMAND DESCRIPTION sss_ssh_knownhostsproxy récupère les clés publiques pour le système HOST, les stocke dans un fichier OpenSSH known_hosts spécifique (cf. la section FORMAT DU FICHIER SSH_KNOWN_HOSTS de sshd 8 pour plus d'informations) /var/lib/sss/pubconf/known_hosts puis établit la connexion vers le système. Si PROXY_COMMAND est indiqué, elle est alors utilisée pour établier la connexion vers le système au lieu d'ouvrir une socket. ssh 1 peut être configuré pour utiliser sss_ssh_knownhostsproxy pour l'authentication par clés en utilisant les directives suivantes pour la configuration de ssh 1 : ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts OPTIONS , PORT Utiliser le port PORT pour se connecter au système. Par défaut, le port 22 est utilisé. , DOMAINE Rechercher les clés publiques dans le domaine SSSD DOMAINE hôte. CODE RETOUR Dans le cas d'un opération achevée avec succès, une valeur de retour de 0 est renvoyée. Dans le cas contraire, 1 est renvoyé. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sssd.conf.5.xml0000644000000000000000000000013212320753573020313 xustar000000000000000030 mtime=1396955003.499843873 30 atime=1396955003.499843873 30 ctime=1396955003.499843873 sssd-1.11.5/src/man/fr/sssd.conf.5.xml0000664002412700241270000025041412320753573020550 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sssd.conf 5 Formats de fichier et conventions sssd.conf Le fichier de configuration pour SSSD FORMAT DE FICHIER Ce fichier utilise la syntaxe de style « .ini » et est constituée de sections et de paramètres. Une section commence par le nom de la section entre crochets et continue jusqu'à la section suivante. Un exemple de section avec des paramètres mono et multi-valués : [section] key = value key2 = value2,value3 Les types de données utilisées sont des chaînes (pas de guillemets nécessaires), des entiers et des booléens (ayant pour valeur TRUE/FALSE). Un commentaire de ligne commence par un octothorpe (#) ou un point-virgule (;). Les commentaires au sein d'une ligne ne sont pas pris en charge. Toutes les sections peuvent avoir un paramètre facultatif de description. Sa fonction ne sert qu'à nommer la section. sssd.conf doit être un fichier normal, appartenant à root, et seul root doit pouvoir écrire et lire ce fichier. SECTIONS SPÉCIALES La section [sssd] Les fonctionnalités propres à SSSD sont fournies par des services spécifiques SSSD, qui sont démarrés et arrêtés en même temps que SSSD. Les services sont gérés par un service spécifique souvent appelé le moniteur. La section [sssd] est utilisée pour configurer le moniteur ainsi que certaines options importantes comme l'identité des domaines. Paramètres de sections config_file_version (entier) Indique la syntaxe du fichier de configuration. Pour SSSD 0.6.0 ou supérieure utiliser la version 2. services Liste des services séparés par des virgules qui sont démarrés quand sssd se lance. Les services pris en charge : nss, pam , sudo autofs , ssh , pac reconnection_retries (entier) Nombre d'essais de reconnection ou de redémarrage que les services doivent effectuer dans le cas d'un plantage du fournisseur de données avant d'abandonner Par défaut : 3 domaines Un domaine est une base de données contenant les informations utilisateurs. SSSD peut utiliser plusieurs domaines en même temps, au moins un doit être configuré ou SSSD ne démarrera pas. Ce paramètre décrit la liste des domaines dans l'ordre où ils doivent être requêtés. Un nom de domaine ne doit comprendre que des caractères ASCII alphanumériques, des tirets et caractères soulignés. re_expression (chaîne) L'expression régulière par défaut qui décrit la manière d'analyser la chaîne contenant le nom d'utilisateur et de domaine dans ces composants. Chaque domaine peut avoir une expression régulière individuelle configurée. Pour certains fournisseurs ID, il y a aussi des expressions régulières par défaut. Voir les SECTIONS DOMAINE pour plus d'informations sur ces expressions régulières. full_name_format (chaîne) Un format compatible avec printf 3 décrivant comment composer un domaine pleinement qualifé à partir des noms d'utilisateur et de domaine. Les expansions suivantes sont prises en charge : %1$s nom d'utilisateur %2$s nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD. %3$s nom de domaine à plat. Utilisable principalement pour les domaines Active Directory, configurés directement ou découverts via les relations d'approbation IPA. Chaque domaine peut avoir une chaîne de format individuelle configurée. Voir les SECTIONS DOMAINE pour plus d'informations sur cette option. try_inotify (booléen) SSSD gère l'état de resolv.conf pour identifier les besoins de mise à jour des résolutions DNS internes. Par défaut, l'utilisation de inotify sera tentée, et reviendra à une interrogation de resolv.conf toutes les cinq secondes si inotify échoue. Il existe quelques cas spécifiques où l'utilisation de inotify n'est pas conseillée. Dans ces rares cas, cette option devrait être définie à « false » Par défaut : true sur les plates-formes où inotify est pris en charge. False sur les autres plates-formes. Note : cette option n'aura aucun effet sur les plateformes où inotify n'est pas disponible. Sur celles-ci, l'interrogation régulière sera toujours utilisée. krb5_rcache_dir (chaîne) Répertoire du système de fichiers où SSSD doit stocker les fichiers de cache de rejeu Kerberos. Cette option accepte une valeur spéciale __LIBKRB5_DEFAULTS__ qui indiquera à SSSD de laisser libkrb5 décider l'emplacement approprié pour le cache de relecture. Par défaut : paramètre spécifique à la distribution et spécifié au moment de la construction du logiciel. (__LIBKRB5_DEFAULTS__ si non configuré) default_domain_suffix (string) Cette chaîne servira comme nom de domaine par défaut pour tous les noms sans composant de nom de domaine. Les principaux cas d'utilisation sont les environnements où le domaine principal va permettre de gérer les politiques de systèmes ainsi que tous les utilisateur provenant d'un domaine approuvé. L'option permet à ces utilisateurs de se connecter sans fournir un nom de domaine. Noter que, si cette option est définie, tous les utilisateurs du domaine principal doivent utiliser leur nom pleinement qualifié, par exemple user@domain.name, pour se connecter. Par défaut : non défini SECTIONS DE SERVICES Les options utilisables pour configurer les différents services sont décrites dans cette section. Ils doivent être situés dans la section [$NAME], par exemple pour le service NSS, la section doit être [nss] Options générales de configuration de service Ces options peuvent être utilisées pour configurer les services. debug_level (entier) debug_timestamps (booléen) Ajoute un horodatage aux messages de débogage Par défaut : true debug_microseconds (booléen) Ajouter les microsecondes à l'horodatage dans les messages de débogage Par défaut : false timeout (entier) Délai d'attente entre deux requêtes pour ce domaine. Ceci est utilisé pour s'assurer que le processus est toujours actif et capable de répondre. Par défaut : 10 reconnection_retries (entier) Nombre d'essais de reconnection ou de redémarrage que les services doivent effectuer dans le cas d'un plantage du fournisseur de données avant d'abandonner Par défaut : 3 fd_limit Cette option spécifie le nombre maximal de descripteurs de fichiers qui peuvent être ouverts en même temps par ce processus SSSD. Sur les systèmes où SSSD se voit accorder la capacité CAP_SYS_RESOURCE, ce sera une limite absolue. Sur les systèmes sans cette capacité, la valeur résultante sera la valeur inférieure ou la limite « hard » de limits.conf. Par défault : 8192 (ou la limite « hard » de limits.conf) client_idle_timeout Cette option spécifie la durée en secondes pendant laquelle un client d'un processus SSSD peut maintenir un descripteur de fichier ouvert sans communiquer avec. Cette valeur est limitée afin d'éviter l'épuisement des ressources sur le système. Par défaut : 60 force_timeout (integer) Si un service ne répond pas aux vérifications par ping (Cf. l'option timeout), le signal SIGTERM est d'abord envoyé de façon à l'arrêter proprement. Si le service ne se termine pas après force_timeout secondes, le moniteur sera arrêté violemment à l'aide d'un signal SIGKILL. Par défaut : 60 Options de configuration NSS Ces options peuvent être utilisées pour configurer le service Name Service Switch (NSS). enum_cache_timeout (entier) La durée en secondes pendant laquelle nss_sss doit mettre en cache les énumérations (requêtes sur les informations de tous les utilisateurs) Par défaut : 120 entry_cache_nowait_percentage (entier) La valeur du cache peut être définie pour mettre à jour automatiquement les entrées en arrière plan si la requête ne dépasse pas un pourcentage de la valeur de entry_cache_timeout pour le domaine. Par exemple, si la valeur entry_cache_timeout du domaine est à 30 secondes et que entry_cache_nowait_percentage est à 50 (%), les entrées qui veulent mettre à jour le cache après 15 secondes seront renvoyées immédiatement, mais SSSD continuera et mettra à jour le cache de lui-même. Ainsi, les prochaines requêtes ne seront pas bloquées en attendant une mise à jour du cache. Les valeurs autorisées pour cette option vont de 0 à 99 et représentent un pourcentage de la valeur entry_cache_timeout pour chaque domaine. Pour des raisons de performance, ce pourcentage ne réduira jamais le délai d'attente de non réponse à moins de 10 secondes (0 pour désactiver l'option). Par défaut : 50 entry_negative_timeout (entier) Spécifie le temps, en secondes, pendant lequel nss_sss doit mettre en cache les résultats négatifs du cache (c'est-à-dire les requêtes pour les bases de données invalides, comme celles qui n'existent pas) avant de faire à nouveau appel au moteur. Par défaut : 15 filter_users, filter_groups (chaîne) Exclue certains utilisateurs de la recherche à partir de la base de données sss NSS. Ceci est particulièrement utile pour les comptes système. Cette option peut aussi être définie pour chaque domaine ou inclure des noms de domaines pleinement qualifiés pour filtrer seulement les utilisateurs d'un certain domaine. Par défaut : root filter_users_in_groups (booléen) Mettre cette option à « false » si les utilisateurs filtrés doivent rester membres de groupes. Par défaut : true fallback_homedir (string) Définir un modèle par défaut pour un répertoire utilisateur si aucun n'est explicitement spécifié par le fournisseur de données du domaine. Les valeurs disponibles pour cette option sont les mêmes que pour override_homedir. exemple : fallback_homedir = /home/%u Par défaut : non défini (aucune substitution pour les répertoires d'accueil non définis) override_shell (string) Override the login shell for all users. This option supersedes any other shell options if it takes effect and can be set either in the [nss] section or per-domain. Par défaut : indéfini (SSSD utilisera la valeur récupérée de LDAP) allowed_shells (chaîne) Restreindre l'interpréteur de commandes de l'utilisateur à l'une des valeurs indiquées. L'ordre d'évaluation est : 1. Si l'interpréteur de commandes est présent dans /etc/shells, il est utilisé. 2. Si l'interpréteur de commandes est dans la liste « allowed_shells » mais n'est pas dans /etc/shells, la valeur de repli de « shell_fallback » sera utilisée. 3. Si l'interpréteur de commandes n'est ni dans la liste « allowed_shells » ni dans /etc/shells, une connexion sans shell est utilisée. Une chaîne vide pour l'interpréteur de commandes est passée telle quelle est à la libc. Le fichier /etc/shells n'est lu qu'au démarrage de SSSD. Un redémarrage de SSSD est nécessaire si un nouvel interpréteur de commandes est installé. Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est utilisé automatiquement. vetoed_shells (chaîne) Remplace toutes les occurences de ces interpréteurs de commandes par l'interpréteur de commandes par défaut shell_fallback (chaîne) L'interpréteur de commandes par défaut à utiliser si un interpréteur de commandes autorisé n'est pas installé sur la machine. Par défaut : /bin/sh default_shell The default shell to use if the provider does not return one during lookup. This option can be specified globally in the [nss] section or per-domain. Par défaut : non défini (retourne NULL si aucun shell n'est spécifié et s'appuyer sur la libc pour remplacer par quelque chose de sensé lorsque nécessaire, habituellement /bin/sh) get_domains_timeout (int) Spécifie la durée en secondes pendant laquelle la liste de sous-domaines est jugée valide. Par défaut : 60 memcache_timeout (int) Spécifie la durée en secondes, pour laquelle les enregistrements du cache en mémoire seront valides Par défaut : 300 Options de configuration de PAM Ces options permettent de configurer le service Pluggable Authentication Module (PAM). offline_credentials_expiration (entier) Si le fournisseur d'authentification est déconnecté, combien de temps autoriser les connexions à partir du cache (en jours depuis la dernière connexion réussie). Par défaut : 0 (pas de limite) offline_failed_login_attempts (entier) Si le fournisseur d'authentification est déconnecté, combien de connexions échouées sont autorisées. Par défaut : 0 (pas de limite) offline_failed_login_delay (entier) Le temps en minutes à attendre après avoir atteint offline_failed_login_attempts avant qu'une nouvelle tentative de connexion soit possible. Si la valeur est à 0, l'utilisateur ne peut s'authentifier en mode déconnecté si offline_failed_login_attempts est atteint. Seulement une connexion réussie en ligne peut réactiver l'authentification. Par défaut : 5 pam_verbosity (entier) Contrôle le type de messages affichés à l'utilisateur pendant le processus d'authentification. Plus le nombre est grand, plus le nombre de messages affichés sera important. Actuellement sssd supporte les valeurs suivantes : 0 : ne pas afficher de message 1 : afficher seulement les messages importants 2 : afficher les messages d'information 3 : afficher tous les messages et informations de débogage Par défaut : 1 pam_id_timeout (entier) Lors de chaque requête PAM quand SSSD est en mode connecté, SSSD tentera de mettre à jour immédiatement les informations d'identité mises en cache pour l'utilisateur de manière à s'assurer que l'authentification se fasse avec les dernières informations. Une conversation PAM complète peut effectuer plusieurs requêtes PAM, comme la gestion de compte et l'ouverture de session. Cette option contrôle (par client et par application) la durée (en secondes) de mise en cache des informations d'identité afin d'éviter de nombreux aller-retour avec le fournisseur d'identité. Par défaut : 5 pam_pwd_expiration_warning (entier) Afficher une alerte N jours avant l'expiration du mot de passe. Noter que le moteur du service doit fournir des informations à propos du délai d'expiration du mot de passe. Si cette information est manquante, sssd ne peut afficher de message d'alerte. Si la valeur est zéro, ce filtre n'est pas appliqué, c'est-à-dire que si l'avertissement d'expiration est reçu de la part du moteur du serveur, il sera automatiquement affiché. Ce paramètre peut être surchargé par le paramètre pwd_expiration_warning pour un domaine particulier. Par défaut : 0 get_domains_timeout (int) Spécifie la durée en secondes pendant laquelle la liste de sous-domaines est jugée valide. Par défaut : 60 Options de configuration de SUDO Les options suivantes peuvent être utilisées pour configurer le service sudo. sudo_timed (booléen) Évaluation ou non des attributs sudoNotBefore et sudoNotAfter qui utilisent les entrées sudoers sensibles au temps. Par défaut : false Options de configuration AUTOFS Ces options peuvent être utilisées pour configurer le service autofs. autofs_negative_timeout (entier) Spécifie le délai en secondes pendant lequel le répondeur autofs stocke les réponses négatives (autrement dit, les requêtes pour les entrées de mappage non valide, comme celles qui n'existent pas) avant de demander à nouveau au moteur. Par défaut : 15 Options de configuration SSH Les options suivantes peuvent être utilisées pour configurer le service SSH. ssh_hash_known_hosts (bool) Condenser ou non les noms de systèmes et adresses du fichier known_hosts Par défaut : true ssh_known_hosts_timeout (integer) La durée en secondes pendant laquelle conserver un système dans le fichier known_hosts géré après que ses clés de système ont été demandés. Par défaut : 180 Options de configuration du répondeur PAC Le répondeur PAC fonctionne avec le greffon de données d'autorisation pour sssd_pac_plugin.so MIT Kerberos et un fournisseur de sous-domaine. Le greffon envoie les données PAC au cours d'une authentification GSSAPI au répondeur PAC. Le fournisseur de sous-domaine recueille le SID du domaine et les plages d'ID du domaine auquel le client est lié au et des domaines approuvés distants du contrôleur de domaine local. Si les données PAC sont décodées et évaluées, les opérations suivantes sont effectuées : Si l'utilisateur distant n'existe pas dans le cache, il est créé. L'uid est calculé en fonction du SID, les domaines de confiance auront des groupes d'utilisateurs privés, et le gid aura la même valeur que l'uid. Le répertoire utilisateur est défini en fonction du paramètre subdomain_homedir. Le shell sera vide par défaut, permettant l'utilisation de la valeur par défaut du système, mais peut être remplacé par le paramètre default_shell. S'il y a des SID de groupes des domaines connus de sssd, l'utilisateur sera ajouté à ces groupes. Les options suivantes peuvent être utilisées pour configurer le répondeur PAC. allowed_uids (string) Spécifie la liste séparée par des virgules des UID ou noms d'utilisateurs qui sont autorisés à accéder au répondeur PAC. Les noms d'utilisateurs seront résolus en UID au démarrage. Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur PAC) Noter que bien que l'UID 0 est utilisé par défaut, il sera remplacé par cette option. Si vous voulez continuer à permettre à l'utilisateur root à accéder au répondeur PAC, ce qui serait un cas habituel, vous devez ajouter 0 à la liste des UID d'utilisateurs autorisés. SECTIONS DOMAINES Ces options de configuration peuvent être présentes dans la section de configuration du domaine, c'est-à-dire dans la section nommée [domain/NAME] min_id,max_id (entier) Limites UID et GID pour le domaine. Si un domaine contient une entrée en dehors de ces limites, elle est ignorée. Pour les utilisateurs, cela affecte la limite des GID primaires. L'utilisateur ne sera pas renvoyé vers NSS si l'UID ou le GID primaire sont en dehors de la plage. Pour l'appartenance à un groupe non primaire, ceux qui sont dans la plage seront rapportés comme prévu. Ces limites d'identifiants affecte aussi les mises en cache des entrées, et pas seulement leur recherche par nom ou identifiant. Default: 1 for min_id, 0 (no limit) for max_id enumerate (booléen) Détermine si un domaine peut être énuméré. Ce paramètre peut avoir une des valeurs suivantes : TRUE = utilisateurs et groupes sont énumérés FALSE = aucune énumération pour ce domaine Par défaut : FALSE Note : activer l'énumération a un impact modéré sur les performances de SSSD lorsque l'énumération est en cours. Plusieurs minutes peuvent être nécessaires après le démarrage de SSSD pour terminer l'énumération complète. Pendant ce temps, les requêtes individuelles pour des informations iront directement vers LDAP, bien que plus lent et ce à cause de la charge importante liée au processus d'énumération. Le fait de mettre un grand nombre d'entrées en cache lorsque l'énumération est terminée peut être également intensif pour le CPU, car les appartenances aux groupes doivent être recalculées. Lorsque la première énumération est en cours, les requêtes pour des listes utilisateurs ou de groupes peuvent retourner des résultats vides avant que l'énumération ne se termine. De plus, activer l'énumération peut augmenter le temps nécessaire pour détecter la déconnexion d'un réseau, puisque des délais d'attente supérieurs sont nécessaires pour s'assurer que les requêtes d'énumération se terminent avec succès. Pour plus d'informations, se référer au manuel pour le fournisseur d'identité spécifique utilisé. Pour les raisons citées plus haut, l'activation de l'énumération est déconseillée, surtout dans les environnements de grande taille. subdomain_enumerate (string) Whether any of autodetected trusted domains should be enumerated. The supported values are: all All discovered trusted domains will be enumerated none No discovered trusted domains will be enumerated Optionally, a list of one or more domain names can enable enumeration just for these trusted domains. Par défaut : aucun force_timeout (integer) Si un service ne répond pas aux vérifications par ping (Cf. l'option timeout), le signal SIGTERM est d'abord envoyé de façon à l'arrêter proprement. Si le service ne se termine pas après force_timeout secondes, le moniteur sera arrêté violemment à l'aide d'un signal SIGKILL. Par défaut : 60 entry_cache_timeout (entier) La durée en secondes pendant laquelle nss_sss doit considérer les entrées comme valides avant de les redemander au moteur The cache expiration timestamps are stored as attributes of individual objects in the cache. Therefore, changing the cache timeout only has effect for newly added or expired entries. You should run the sss_cache 8 tool in order to force refresh of entries that have already been cached. Par défaut : 5400 entry_cache_user_timeout (entier) La durée en secondes pendant laquelle nss_sss doit considérer les entrées d'utilisateurs comme valides avant de les redemander au moteur. Par défaut : entry_cache_timeout entry_cache_group_timeout (entier) La durée en secondes pendant laquelle nss_sss doit considérer les entrées de groupes comme valides avant de les redemander au moteur. Par défaut : entry_cache_timeout entry_cache_netgroup_timeout (entier) La durée en secondes pendant laquelle nss_sss doit considérer les entrées de netgroup comme valides avant de les redemander au moteur. Par défaut : entry_cache_timeout entry_cache_service_timeout (entier) La durée en secondes pendant laquelle nss_sss doit considérer les entrées de service valides avant de les redemander au moteur Par défaut : entry_cache_timeout entry_cache_sudo_timeout (integer) La durée en secondes pendant laquelle sudo doit considérer les règles comme valides avant de les redemander au moteur Par défaut : entry_cache_timeout entry_cache_autofs_timeout (integer) La durée en secondes pendant laquelle le service autofs doit considérer les cartes d'automontage comme valides avant de les redemander au moteur Par défaut : entry_cache_timeout refresh_expired_interval (entier) Spécifie la durée en secondes pendant laquelle SSSD doit attendre avant d'actualiser les enregistrements expirés. Seuls les netgroup expirés sont actuellement pris en charge. Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout. Par défaut : 0 (désactivé) cache_credentials (booléen) Détermine si les données d'identification de l'utilisateur sont aussi mis en cache dans le cache LDB local Les informations d'identification utilisateur sont stockées dans une table de hachage SHA512, et non en texte brut Par défaut : FALSE account_cache_expiration (entier) Durée en jours pendant laquelle les entrées sont stockées dans le cache après la dernière connexion réussie, avant d'être enlevées lors du nettoyage du cache. 0 signifie qu'elles sont conservées indéfiniment. La valeur de ce paramètre doit être supérieur ou égal à offline_credentials_expiration. Par défaut : 0 (illimité) pwd_expiration_warning (integer) Afficher une alerte N jours avant l'expiration du mot de passe. Si la valeur est zéro, ce filtre n'est pas appliqué, c'est-à-dire que si l'avertissement d'expiration est reçu de la part du moteur du serveur, il sera automatiquement affiché. Veuillez noter que le moteur du service doit fournir des informations à propos du délai d'expiration du mot de passe. Si cette information est manquante, sssd ne peut afficher de message d'alerte. De plus, un fournisseur oauth doit être configuré pour le moteur. Par défaut : 7 (Kerberos), 0 (LDAP) id_provider (chaîne) Le fournisseur d'identification utilisé pour le domaine. Les fournisseurs d'identification pris en charge sont : proxy : prise en charge de l'ancien fournisseur NSS local : Fournisseur interne SSSD pour les utilisateurs locaux ldap : fournisseur LDAP. Cf. sssd-ldap 5 pour plus d'informations sur la configuration de LDAP. ipa : fournisseur FreeIPA et Red Hat Enterprise Identity Management. Cf. sssd-ipa 5 pour plus d'informations sur la configuration de FreeIPA. ad : fournisseur Active Directory. Cf. sssd-ad 5 pour plus d'informations sur la configuration d'Active Directory. use_fully_qualified_names (booléen) Utiliser le nom complet et le domaine (comme formaté par le paramètre full_name_format du domaine) comme nom de connexion de l'utilisateur communiqué à NSS. Si défini à TRUE, toutes les requêtes pour ce domaine doivent utiliser des noms pleinement qualifiés. Par exemple, pour un utilisateur « test » dans un domaine LOCAL, getent passwd test ne trouvera pas l'utilisateur avant que getent passwd test@LOCAL ne le trouve. NOTE: This option has no effect on netgroup lookups due to their tendency to include nested netgroups without qualified names. For netgroups, all domains will be searched when an unqualified name is requested. Par défaut : FALSE ignore_group_members (booléen) Ne pas envoyer les membres des groupes sur les recherches de groupes. Si positionné à TRUE, l'attribut de membre de groupe n'est pas demandé au serveur ldap, et les membres du groupe ne sont pas renvoyés lors du traitement des appels de recherche de groupes. Par défaut : FALSE auth_provider (chaîne) Le fournisseur d'authentification utilisé pour le domaine. Les fournisseurs pris en charge sont : ldap pour une authentification LDAP native. Cf. sssd-ldap 5 pour plus d'informations sur la configuration de LDAP. krb5 pour une authentification Kerberos. Cf. sssd-krb5 5 pour plus d'informations sur la configuration de Kerberos. ipa : fournisseur FreeIPA et Red Hat Enterprise Identity Management. Cf. sssd-ipa 5 pour plus d'informations sur la configuration de FreeIPA. ad : fournisseur Active Directory. Cf. sssd-ad 5 pour plus d'informations sur la configuration d'Active Directory. proxy pour relayer l'authentification vers d'autres cibles PAM. none désactive l'authentification explicitement. Par défaut : id_provider est utilisé s'il est défini et peut gérer les requêtes d'authentification. access_provider (chaîne) Le fournisseur de contrôle d'accès utilisé pour le domaine. Il y a deux fournisseurs d'accès natifs (en plus de ceux disponibles dans les moteurs installés). Les fournisseurs internes spécifiques sont : permit toujours autoriser l'accès. C'est le seul fournisseur d'accès autorisé pour un domaine local. deny toujours refuser les accès. ldap pour une authentification LDAP native. Cf. sssd-ldap 5 pour plus d'informations sur la configuration de LDAP. ipa : fournisseur FreeIPA et Red Hat Enterprise Identity Management. Cf. sssd-ipa 5 pour plus d'informations sur la configuration de FreeIPA. ad : fournisseur Active Directory. Cf. sssd-ad 5 pour plus d'informations sur la configuration d'Active Directory. Contrôle d'accès simple basé sur des listes d'autorisations ou de refus d'accès. Cf. sssd-simple 5 pour plus d'informations sur la configuration du module d'accès simple. Par défaut : permit chpass_provider (chaîne) Le fournisseur qui doit gérer le changement des mots de passe pour le domaine. Les fournisseurs pris en charge sont : ldap pour modifier un mot de passe stocké sur un serveur LDAP. Cf. sssd-ldap 5 pour plus d'informations sur la configuration LDAP. krb5 pour changer le mot de passe Kerberos. Cf. sssd-krb5 5 pour plus d'informations sur la configuration de Kerberos. ipa : fournisseur FreeIPA et Red Hat Enterprise Identity Management. Cf. sssd-ipa 5 pour plus d'informations sur la configuration de FreeIPA. ad : fournisseur Active Directory. Cf. sssd-ad 5 pour plus d'informations sur la configuration d'Active Directory. proxy pour relayer le changement de mot de passe vers une autre cible PAM. none pour désactiver explicitement le changement de mot de passe. Par défaut : auth_provider est utilisé si il est défini et peut gérer les changements de mot de passe. sudo_provider (chaîne) Le fournisseur SUDO, utilisé pour le domaine. Les fournisseurs SUDO pris en charge sont : ldap pour les règles stockés dans LDAP. Voir sssd-ldap 5 pour plus d'informations sur la configuration de LDAP. ipa the same as ldap but with IPA default settings. ad the same as ldap but with AD default settings. none désactive explicitement SUDO. Par défaut : La valeur de id_provider est utilisée si elle est définie. selinux_provider (string) Le fournisseur qui doit gérer le chargement des paramètres de selinux. Remarque : ce fournisseur sera appelé juste après la fin de l'appel au fournisseur d'accès. Les fournisseurs selinux pris en charge sont : ipa pour charger les paramètres selinux depuis un serveur IPA. Cf. sssd-ipa 5 pour plus d'informations sur la configuration de IPA. none n'autorise pas la récupération explicite des paramètres selinux. Par défaut : id_provider est utilisé s'il est défini et peut gérer le chargement selinux subdomains_provider (string) Le fournisseur doit être capable de gérer la récupération des sous-domaines. Cette valeur doit être toujours identique à id_provider. Les fournisseurs de sous-domaine pris en charge sont : ipa pour charger une liste de sous-domaines depuis un serveur IPA. Cf. sssd-ipa 5 pour plus d'informations sur la configuration de IPA. none désactive la récupération explicite des sous-domaines. Par défaut : La valeur de id_provider est utilisée si elle est définie. autofs_provider (string) Le fournisseur autofs utilisé pour le domaine. Les fournisseurs autofs pris en charge sont : ldap pour charger les cartes stockées dans LDAP. Cf. sssd-ldap 5 pour plus d'informations sur la configuration de LDAP. ipa pour charger les cartes stockées sur un serveur IPA. Cf. sssd-ipa 5 pour plus d'information sur la configuration de IPA. none désactive explicitement autofs. Par défaut : La valeur de id_provider est utilisée si elle est définie. hostid_provider (string) Le fournisseur utilisé pour récupérer les informations d'identité des systèmes. Les fournisseurs de hostid pris en charge sont : ipa pour charge l'identité du système stockée sur un serveur IPA. Cf. sssd-ipa 5 pour plus d'informations sur la configuration de IPA. none désactive explicitement hostid. Par défaut : La valeur de id_provider est utilisée si elle est définie. re_expression (chaîne) L'expression rationnelle pour ce domaine qui décrit comment analyser la chaîne contenant le nom d'utilisateur et domaine et en extraire ces composants. Le « domaine » peut correspondre à soit au nom de domaine de la configuration SSSD, ou, dans le cas de relations d'approbations avec des sous-domaines IPA ou des domaines Active Directory, le nom plat (NetBIOS) du domaine. Valeur par défaut pour les fournisseurs AD et IPA : (((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$)) qui utilisent trois styles différents pour les noms d'utilisateurs : username username@domain.name domain\username Bien que les deux premiers correspondent à la valeur par défaut en général le troisième est introduit pour permettre une intégration facile des utilisateurs de domaines Windows. Par défaut : (?P<name>[^@]+)@?(?P<domain>[^@]*$) qui se traduit par « peu importe le nom jusqu'au @, peu importe le domaine après » REMARQUE : la prise en charge de sous-motifs nommés multiples n'est pas disponible sur certaines plates-formes (par exemple, RHEL5 et SLES10). Seules les plates-formes avec libpcre version 7 ou supérieure peuvent prendre en charge les sous-motifs nommés multiples. REMARQUE ADDITIONNELLE : les anciennes versions de libpcre ne supportent que la syntaxe Python (?P<name>) pour nommer les sous-motifs. full_name_format (chaîne) Un format compatible avec printf 3 décrivant comment composer un domaine pleinement qualifé à partir des noms d'utilisateur et de domaine. Les expansions suivantes sont prises en charge : %1$s nom d'utilisateur %2$s nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD. %3$s nom de domaine à plat. Utilisable principalement pour les domaines Active Directory, configurés directement ou découverts via les relations d'approbation IPA. Par défaut : %1$s@%2$s. lookup_family_order (chaîne) Fournit la possibilité de sélectionner la famille d'adresse préférée à utiliser pour effectuer les requêtes DNS. Valeurs prises en charge : ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, essayer IPv6. ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4. ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter IPv4. ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6. Par défaut : ipv4_first dns_resolver_timeout (entier) Délai (en secondes) d'attente de la réponse du résolveur DNS avant de considérer qu'il est injoignable. Si ce délai maximum est atteint, le domaine continuera à opérer en mode déconnecté. Par défaut : 6 dns_discovery_domain (chaîne) Si la découverte de services est utilisé par le moteur, spécifie la partie du domaine faisant partie de la requête DNS de découverte de services. Par défaut : utiliser la partie du domaine qui est dans le nom de système de la machine. override_gid (entier) Redéfinit le GID primaire avec la valeur spécifiée. case_sensitive (booléen) Traiter les utilisateur et les noms de groupes comme sensible à la casse. Actuellement, cette option n'est pas supportée dans le fournisseur local. Par défaut : True proxy_fast_alias (boolean) Quand un utilisateur ou un groupe est recherché par son nom dans le fournisseur proxy, une deuxième recherche par ID est effectuée pour récupérer le nom canonique, dans le cas où le nom demandé serait un alias. Cette option positionnée à true active la recherche par l'ID dans le cache afin d'améliorer les performances. Par défaut : false subdomain_homedir (string) Use this homedir as default value for all subdomains within this domain in IPA AD trust. See override_homedir for info about possible values. In addition to those, the expansion below can only be used with subdomain_homedir. %F nom plat (NetBIOS) d'un sous-domaine. La valeur peut être surchargée par l'option override_homedir. Par défaut : /home/%d/%u realmd_tags (chaîne) Étiquettes diverses stockées par le service de configuration de realmd pour ce domaine. Options valides pour les domaines proxy. proxy_pam_target (chaîne) Le proxy cible duquel PAM devient mandataire. Par défaut : non défini, il faut utiliser une configuration de pam existante ou en créer une nouvelle et ajouter le nom de service ici. proxy_lib_name (chaîne) Le nom de la bibliothèque NSS à utiliser dans les domaines proxy. Les recherches de fonctions NSS dans la bibliothèque sont sous la forme _nss_$(libName)_$(function), par exemple _nss_files_getpwent. La section du domaine local Cette section contient les paramètres pour le domaine qui stocke les utilisateurs et les groupes dans la base de données native SSSD, c'est-à-dire un domaine qui utilise id_provider=local. Paramètres de sections default_shell (chaîne) L'interpréteur de commandes par défaut pour les utilisateurs créés avec les outils en espace utilisateur SSSD. Par défaut : /bin/bash base_directory (chaîne) Les outils ajoutent le nom d'utilisateur à base_directory et l'utilisent comme dossier personnel. Par défaut : /home create_homedir (booléen) Indique si un dossier personnel doit être créé par défaut pour les nouveaux utilisateurs. Peut être outrepassé par la ligne de commande. Par défaut : TRUE remove_homedir (booléen) Indiquer si un dossier personnel doit par défaut être supprimé à la suppression des utilisateurs. Peut être outrepassé par la ligne de commande. Par défaut : TRUE homedir_umask (entier) Utilisé par sss_useradd 8 pour spécifier les permissions par défaut sur un répertoire personnel nouvellement créé. Par défaut : 077 skel_dir (chaîne) Le répertoire squelette contenant les fichiers et répertoires à copier dans le répertoire personnel de l'utilisateur une fois ce répertoire créé par sss_useradd 8 Par défaut : /etc/skel mail_dir (chaîne) Le répertoire de gestion des e-mails. Nécessaire pour manipuler les boîtes e-mail quand les comptes utilisateurs sont modifiés ou supprimés. Si non précisé, la valeur par défaut est utilisée. Par défaut : /var/mail userdel_cmd (chaîne) La commande qui est exécutée quand un utilisateur est supprimé. La commande a comme seul argument le nom de l'utilisateur qui doit être supprimé. Le code en retour de la commande n'est pas pris en compte. Par défaut : None, aucune commande lancée EXEMPLE L'exemple suivant montre une configuration SSSD classique. Il ne décrit pas la configuration des domaines. Se référer à la documentation sur la configuration des domaines pour plus de détails. [sssd] domains = LDAP services = nss, pam config_file_version = 2 [nss] filter_groups = root filter_users = root [pam] [domain/LDAP] id_provider = ldap ldap_uri = ldap://ldap.example.com ldap_search_base = dc=example,dc=com auth_provider = krb5 krb5_server = kerberos.example.com krb5_realm = EXAMPLE.COM cache_credentials = true min_id = 10000 max_id = 20000 enumerate = False sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_ssh_authorizedkeys.1.xml0000644000000000000000000000013212320753573023226 xustar000000000000000030 mtime=1396955003.499843873 30 atime=1396955003.499843873 30 ctime=1396955003.499843873 sssd-1.11.5/src/man/fr/sss_ssh_authorizedkeys.1.xml0000664002412700241270000000727212320753573023465 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_ssh_authorizedkeys 1 sss_ssh_authorizedkeys obtient les clés OpenSSH autorisées sss_ssh_authorizedkeys options USER DESCRIPTION sss_ssh_authorizedkeys acquiert les clés publiques SSH pour USER et les renvoie dans le format authorized_keys de OpenSSH (cf. la section FORMAT DE FICHIER AUTHORIZED_KEYS de sshd 8 pour plus d'informations). sshd 8 peut être configuré pour utiliser sss_ssh_authorizedkeys pour l'authentification d'utilisateur par clé publique s'il est compilé avec la prise en compte des options AuthorizedKeysCommand ou PubkeyAgent de sshd_config 5. Si AuthorizedKeysCommand est pris en charge, sshd 8 peut être configuré pour l'utiliser en mettant la directive suivante dans sshd_config 5 : AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys Si PubkeyAgent est pris en charge, sshd 8 peut être configuré pour l'utiliser en utilisant la directive suivante de la configuration de sshd 8 : PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u OPTIONS , DOMAINE Rechercher des clés publiques dans le domaine SSSD DOMAIN. CODE RETOUR Dans le cas d'un opération achevée avec succès, une valeur de retour de 0 est renvoyée. Dans le cas contraire, 1 est renvoyé. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_groupmod.8.xml0000644000000000000000000000013212320753573021142 xustar000000000000000030 mtime=1396955003.499843873 30 atime=1396955003.499843873 30 ctime=1396955003.499843873 sssd-1.11.5/src/man/fr/sss_groupmod.8.xml0000664002412700241270000000465312320753573021401 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_groupmod 8 sss_groupmod modifier un groupe sss_groupmod options GROUP DESCRIPTION sss_groupmod modifie le groupe pour refléter les changements spécifiés sur la ligne de commande. OPTIONS , GROUPS Ajouter ce groupe aux groupes spécifiés par le paramètre GROUPS. Le paramètre GROUPS est une liste séparée par des virgules de noms de groupe. , GROUPS Supprime ce groupe des groupes spécifiés par le paramètre GROUPS. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_usermod.8.xml0000644000000000000000000000013212320753573020764 xustar000000000000000030 mtime=1396955003.499843873 30 atime=1396955003.499843873 30 ctime=1396955003.499843873 sssd-1.11.5/src/man/fr/sss_usermod.8.xml0000664002412700241270000001143612320753573021220 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_usermod 8 sss_usermod modifier un compte utilisateur sss_usermod options LOGIN DESCRIPTION sss_usermod modifie le compte défini par LOGIN pour refléter les modifications fournies en ligne de commande. OPTIONS , COMMENTAIRE Toute chaîne de caractère décrivant l'utilisateur. Souvent utilisé comme champ pour le nom entier de l'utilisateur. , HOME_DIR Le répertoire personnel du compte utilisateur. , SHELL L'interpréteur de commandes de l'utilisateur. , GROUPS Ajouter cet utilisateur aux groupes spécifiés par le paramètre GROUPS. Le paramètre GROUPS est une liste séparée par des virgules de noms de groupes. , GROUPS Retirer cet utilisateur de groupes spécifiés par le paramètre GROUPS. , Verrouiller le compte utilisateur. Il ne pourra plus se connecter. , Déverrouiller le compte utilisateur. , UTILISATEUR_SELINUX L'utilisateur SELinux pour l'identifiant de connexion de l'utilisateur. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_seed.8.xml0000644000000000000000000000013212320753573020226 xustar000000000000000030 mtime=1396955003.499843873 30 atime=1396955003.499843873 30 ctime=1396955003.499843873 sssd-1.11.5/src/man/fr/sss_seed.8.xml0000664002412700241270000001420212320753573020454 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_seed 8 sss_seed initialise le cache SSSD avec un utilisateur sss_seed options -D DOMAIN -n USER DESCRIPTION sss_seed initialise le cache SSSD avec une entrée d'utilisateur et le mot de passe temporaire. Si une entrée d'utilisateur est déjà présente dans le cache de SSSD, l'entrée est mise à jour avec le mot de passe temporaire. OPTIONS , DOMAIN Indique le nom de domaine duquel l'utilisateur est membre. Le domaine est également utilisé pour récupérer les informations sur l'utilisateur. Le domaine doit être configuré dans sssd.conf. L'option DOMAIN doit être fournie. Les informations récupérées depuis le domaine prennent le pas sur ce qui est fourni dans les options. , USER Le nom d'utilisateur de l'entrée devant être créée ou modifiée dans le cache. L'option USER doit être fournie. , UID Définit l'UID de l'utilisateur à UID. , GID Définit le GID de l'utilisateur à GID. , COMMENTAIRE Toute chaîne de caractère décrivant l'utilisateur. Souvent utilisé comme champ pour le nom entier de l'utilisateur. , HOME_DIR Définit le répertoire de l'utilisateur à HOME_DIR. , SHELL Définit l'interpréteur de commande de l'utilisateur à SHELL. , Mode interactif pour la saisie des informations de l'utilisateur. Cette option invite uniquement à la saisir des renseignements non fournis dans les options ou non récupérés à partir du domaine. , PASS_FILE Spécifie le fichier dans lequel lire le mot de passe de l'utilisateur. (si aucun mot de passe n'est spécifié, il sera demandé) NOTES La taille du mot de passe (ou la taille du fichier spécifié avec l'option -p ou --password-file) doit être inférieure ou égale à PASS_MAX octets (64 octets sur les systèmes sans valeur globale définie de PASS_MAX). sssd-1.11.5/src/man/fr/PaxHeaders.13173/sssd-simple.5.xml0000644000000000000000000000013212320753573020656 xustar000000000000000030 mtime=1396955003.499843873 30 atime=1396955003.499843873 30 ctime=1396955003.499843873 sssd-1.11.5/src/man/fr/sssd-simple.5.xml0000664002412700241270000001265312320753573021114 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sssd-simple 5 Formats de fichier et conventions sssd-simple le fichier de configuration pour le fournisseur de contrôle d'accès « simple » de SSSD. DESCRIPTION Cette page de manuel décrit la configuration du fournisseur de contrôle d'accès simple de sssd 8 . Pour plus de détails sur la syntaxe, cf. la section FORMAT DE FICHIER de la page de manuel sssd.conf 5 . Le fournisseur d'accès simple autorise les accès à partir de listes d'autorisation ou de refus de noms d'utilisateurs ou de groupes. Les règles suivantes s'appliquent : Si toutes les listes sont vides, l'accès est autorisé Si une liste est fournie, quelle qu'elle soit, l'ordre d'évaluation est allow,deny. Autrement dit une règle de refus écrasera une règle d'autorisation. Si la ou les listes fournies sont seulement de type « allow », tous les utilisateurs sont refusés à moins qu'ils ne soient dans la liste. Si seulement les listes « deny » sont utilisées, tous les utlisateurs sont autorisés à moins qu'ils ne soient dans la liste. OPTIONS DE CONFIGURATION Se référer à la section SECTIONS DE DOMAINE de la page de manuel sssd.conf 5 pour les détails sur la configuration d'un domaine SSSD. simple_allow_users (chaîne) Liste séparée par des virgules d'utilisateurs autorisés à se connecter. simple_deny_users (chaîne) Liste séparée par des virgules d'utilisateurs dont l'accès sera refusé. simple_allow_groups (chaîne) Liste séparée par des virgules de groupes autorisés à se connecter. Ceci ne s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont pas pris en compte. simple_deny_groups (chaîne) Liste séparée par des virgules de groupes dont l'accès sera refusé. Ceci ne s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont pas pris en compte. Ne spécifier aucune valeur pour aucune des listes revient à l'ignorer complètement. Se méfier de ceci lors de la création des paramètres pour le fournisseur simple à l'aide automatique de scripts. Veuillez noter que la configuration simultanée de simple_allow_users et simple_deny_users est une erreur. EXEMPLE L'exemple suivant suppose que SSSD est correctement configuré et que example.com est un des domaines dans la section [sssd]. Ces exemples montrent seulement les options spécifiques du fournisseur d'accès simple. [domain/example.com] access_provider = simple simple_allow_users = user1, user2 sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_obfuscate.8.xml0000644000000000000000000000013212320753573021261 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.499843873 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/sss_obfuscate.8.xml0000664002412700241270000000716412320753573021520 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_obfuscate 8 sss_obfuscate obscurcir un mot de passe en clair sss_obfuscate options [PASSWORD] DESCRIPTION sss_obfuscate convertit un mot de passe donné en un format illisible par un humain et le place dans la section de domaine appropriée du fichier de configuration SSSD. Le mot de passe en clair est lu dans l'entrée standard ou entré interactivement. Les mots de passes chiffrés sont mis dans ldap_default_authtok pour un domaine SSSD donné et le paramètre ldap_default_authtok_type est défini à obfuscated_password. Cf. sssd-ldap 5 pour plus de détails sur ces paramètres. Veuillez noter que les mots de passe chiffrés ne fournissent aucun réel bénéfice de sécurité étant donné qu'il est possible de retrouver le mot de passe par ingénierie-inverse. Utiliser un meilleur mécanisme d'authentification tel que les certificats côté client ou GSSAPI est très conseillé. OPTIONS , Le mot de passe chiffré sera lu sur l'entrée standard. , DOMAINE Le domaine SSSD auquel est lié le mot de passe. Le nom par défaut est default. , FICHIER Lit le fichier de configuration spécifié par le paramètre. Par défaut : /etc/sssd/sssd.conf sssd-1.11.5/src/man/fr/PaxHeaders.13173/include0000644000000000000000000000013212320753573017074 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.535843846 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/0000755002412700241270000000000012320753573017376 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000013212320753573023315 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/ldap_search_bases.xml0000664002412700241270000000206112320753573023543 0ustar00jhrozekjhrozek00000000000000 Un DN de base facultatif, une étendue de recherche et un filtre LDAP afin de restreindre les recherches LDAP pour ce type d'attribut. syntaxe : search_base[?scope?[filter][?search_base?scope?[filter]]*] La portée peut être « base », un « onelevel » ou « subtree ». Le filtre doit être un filtre de recherche LDAP valide tel que spécifié par http://www.ietf.org/rfc/rfc2254.txt Pour obtenir des exemples de cette syntaxe, reportez-vous à la section d'exemples ldap_search_base. Par défaut : la valeur de ldap_search_base Noter que la spécification de portée ou de filtre n'est pas prise en charge pour les recherches sur un serveur Active Directory qui serait susceptible de produire un grand nombre de résultats et de déclencher l'extension Range Retrieval dans sa réponse. sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000013212320753573022003 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/param_help.xml0000664002412700241270000000031612320753573022232 0ustar00jhrozekjhrozek00000000000000 , Affiche l'aide et quitte. sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/failover.xml0000644000000000000000000000013212320753573021502 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/failover.xml0000664002412700241270000000515112320753573021733 0ustar00jhrozekjhrozek00000000000000 BASCULEMENT La fonctionnalité de basculement autorise le moteur à basculer automatiquement sur un serveur différent si le serveur actuel est défaillant. Syntaxe de basculement La liste des serveurs est donnée sous forme de liste séparée par des virgules ; un nombre quelconque d'espaces est autorisé autour de la virgule. Les serveurs sont répertoriés par ordre de préférence. La liste peut contenir un nombre quelconque de serveurs. Pour chaque option de configuration alors que le basculement est activé, il existe deux variantes : primary et backup. L'idée est que les serveurs dans la liste principale sont préférés et les serveurs de secours sont interrogés uniquement si aucun serveur primaire ne peut être atteint. Si un serveur de secours est sélectionné, un délai d'attente de 31 secondes est défini. Après ce délai d'attente, SSSD tentera périodiquement de se reconnecter à un des serveurs primaires. S'il réussit, il remplacera l'actuel serveur (de secours) actif. Mécanisme de basculement Le mécanisme de basculement fait la distinction entre une machine et d'un service. Le moteur tente d'abord de résoudre le nom d'hôte d'un ordinateur donné ; en cas d'échec de cette tentative de résolution, la machine est considérée comme hors ligne. Aucune autre tentative n'est faite pour se connecter à cette machine pour tout autre service. Si la tentative de résolution réussit, le serveur principal tente de se connecter à un service sur cette machine. Si la tentative de connexion de service échoue, alors ce seul service est considéré comme hors ligne et le moteur passe automatiquement au service suivant. La machine est toujours considérée en ligne et peut toujours être considérée pour une tentative d'accès à un autre service. Les tentatives de connexion ultérieures sont faites vers des machines ou des services marqués comme hors connexion après un délai spécifié ; ce délai est actuellement spécifié en dur à 30 secondes. S'il n'y a plus aucune machine à essayer, le moteur dans son ensemble bascule dans le mode hors connexion et tente ensuite de se reconnecter toutes les 30 secondes. sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000013212320753573022333 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/debug_levels.xml0000664002412700241270000000520712320753573022566 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Niveaux de débogage actuellement pris en charge : 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Exemple : pour suivre erreurs fatales, critiques, graves et les données de fonction, utiliser 0x0270. Exemple : pour consigner les erreurs fatales, les paramètres de configuration, les données de fonction, les messages de trace pour les fonctions de contrôle interne, utiliser 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000013212320753573021326 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/seealso.xml0000664002412700241270000000470212320753573021560 0ustar00jhrozekjhrozek00000000000000 VOIR AUSSI sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000013212320753573021533 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/upstream.xml0000664002412700241270000000017712320753573021767 0ustar00jhrozekjhrozek00000000000000 SSSD Le projet SSSD - http://fedorahosted.org/sssd sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000013212320753573022513 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/param_help_py.xml0000664002412700241270000000031612320753573022742 0ustar00jhrozekjhrozek00000000000000 , Affiche l'aide et quitte. sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000013212320753573022740 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/autofs_restart.xml0000664002412700241270000000041112320753573023163 0ustar00jhrozekjhrozek00000000000000 Veuillez noter que l'automounter ne lit que la carte maîtresse au démarrage. Ainsi, si des modifications liées à autofs sont apportées à sssd.conf, vous devrez généralement redémarrer le démon automounter après le redémarrage de SSSD sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000013212320753573022370 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/experimental.xml0000664002412700241270000000021112320753573022611 0ustar00jhrozekjhrozek00000000000000Il s'agit d'une fonctionnalité expérimentale, utiliser http://fedorahosted.org/sssd pour signaler les problèmes. sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000013212320753573023002 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/ldap_id_mapping.xml0000664002412700241270000002403012320753573023230 0ustar00jhrozekjhrozek00000000000000 CORRESPONDANCE D'IDENTIFIANTS La fonctionnalité de correspondance d'ID permet à SSSD d'agir comme un client de Active Directory sans demander aux administrateurs d'étendre les attributs utilisateur pour prendre en charge les attributs POSIX pour les identifiants d'utilisateur et de groupe. Remarque : Lorsque la mise en correspondance des ID est activée, les attributs uidNumber et gidNumber sont ignorés. Ceci afin d'éviter les risques de conflit entre les valeurs attribuées automatiquement et assignées manuellement. Si vous avez besoin d'utiliser des valeurs attribuées manuellement, TOUTES les valeurs doivent être assignées manuellement. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Algorithme de correspondance Active Directory fournit un objectSID pour chaque objet d'utilisateur et de groupe dans l'annuaire. Cet objectSID peut être divisé en composants qui représentent l'identité de domaine Active Directory et l'identificateur relatif (RID) de l'objet utilisateur ou groupe. L'algorithme de mise en correspondance des ID de SSSD tient un éventail d'uid disponibles et le divise en sections de même taille, appelées « tranches ». Chaque tranche représente l'espace disponible dans un domaine Active Directory. Lorsqu'une entrée d'utilisateur ou de groupe pour un domaine particulier est rencontrée pour la première fois, SSSD alloue une des plages disponibles pour ce domaine. Afin de rendre cette affectation de plage reproductible sur les ordinateurs clients différents, l'algorithme de sélection de plage suivant est utilisé : La chaîne du SID est passée par l'intermédiaire de l'algorithme murmurhash3 pour le convertir en une valeur de hachage de 32 bits. Nous prenons ensuite le modulo de cette valeur avec le nombre total des tranches disponibles pour prendre la tranche. Remarque : Il est possible de rencontrer les collisions dans le hachage et le modulo en découlant. Dans ces situations, la tranche suivante disponible sera sélectionnée, mais il n'est pas possible de reproduire le même jeu exact des tranches sur d'autres machines (puisque l'ordre dans lequel elles sont rencontrées déterminera leur tranche). Dans ce cas, il est recommandé de passer à l'utilisation des attributs POSIX explicites dans Active Directory (en désactivant la correspondance d'ID) ou configurer un domaine par défaut afin de garantir qu'au moins un est toujours cohérent. Pour plus d'informations, voir Configuration. Configuration Configuration minimale (dans la section [domain/DOMAINNAME]) : ldap_id_mapping = True ldap_schema = ad La configuration par défaut active 10 000 tranches, chacune pouvant contenir jusqu'à 200 000 identifiants, démarrant à 10 001 et allant jusqu'à 2 000 100 000. Cela devrait être suffisant pour la plupart des déploiements. Configuration avancée ldap_idmap_range_min (integer) Spécifie la limite inférieure de la plage d'ID POSIX à utiliser pour la mise en correspondance d'identifiants utilisateurs et groupes Active Directory. NOTE : Cette option est différente de min_id en ce sens que min_id agit comme filtre sur le résultat des requêtes vers ce domaine, alors que cette option contrôle les plages de correspondance d'ID. Il s'agit d'une distinction subtile, mais les bonnes pratiques conseillent d'avoir min_id inférieur ou égal à ldap_idmap_range_min Par défaut : 200000 ldap_idmap_range_max (integer) Spécifie la limite supérieure de la plage d'ID POSIX à utiliser pour la mise en correspondance d'identifiants utilisateurs et groupes Active Directory. NOTE : Cette option est différente de max_id en ce sens que max_id agit comme filtre sur le résultat des requêtes vers ce domaine, alors que cette option contrôle les plages de correspondance d'ID. Il s'agit d'une distinction subtile, mais les bonnes pratiques conseillent d'avoir max_id supérieur ou égal à ldap_idmap_range_max Par défaut : 2000200000 ldap_idmap_range_size (integer) Spécifie le nombre d'identifiants pour chaque tranche. Si la taille de la plage ne divise pas uniformément dans les valeurs minimale et maximale, des tranches complètes seront créées autant que possible. Par défaut : 200000 ldap_idmap_default_domain_sid (chaîne) Spécifier le SID de domaine du domaine par défaut. Cela garantira que ce domaine est toujours affecté à la tranche zéro dans la carte d'ID, sans passer par l'algorithme murmurhash décrit ci-dessus. Par défaut : non défini ldap_idmap_default_domain (chaîne) Spécifier le nom de domaine par défaut. Par défaut : non défini ldap_idmap_autorid_compat (boolean) Modifie le comportement de l'algorithme de mise en correspondance des ID afin qu'il se comporte de manière identique à celui idmap_autorid de winbind. Lorsque cette option est configurée, les domaines seront alloués en commençant par la tranche zéro et augmentant de manière monotone pour chaque domaine supplémentaire. Remarque : Cet algorithme n'est pas déterministe (il dépend de l'ordre dans lequel utilisateurs et groupes sont invités). Si ce mode est nécessaire pour assurer la compatibilité avec les ordinateurs qui utilisent winbind, il est recommandé d'utiliser également l'option ldap_idmap_default_domain_sid pour garantir qu'au moins un domaine est systématiquement alloué à la tranche zéro. Par défaut : False sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000013212320753573026072 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/ldap_search_bases_experimental.xml0000664002412700241270000000224612320753573026325 0ustar00jhrozekjhrozek00000000000000 Un DN de base facultatif, une étendue de recherche et un filtre LDAP afin de restreindre les recherches LDAP pour ce type d'attribut. syntaxe : search_base[?scope?[filter][?search_base?scope?[filter]]*] La portée peut être « base », un « onelevel » ou « subtree ». Le filtre doit être un filtre de recherche LDAP valide tel que spécifié par http://www.ietf.org/rfc/rfc2254.txt Pour obtenir des exemples de cette syntaxe, reportez-vous à la section d'exemples ldap_search_base. Par défaut : la valeur de ldap_search_base Noter que la spécification de portée ou de filtre n'est pas prise en charge pour les recherches sur un serveur Active Directory qui serait susceptible de produire un grand nombre de résultats et de déclencher l'extension Range Retrieval dans sa réponse. sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000013212320753573023422 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/service_discovery.xml0000664002412700241270000000362312320753573023655 0ustar00jhrozekjhrozek00000000000000 DÉCOUVERTE DE SERVICE La fonctionnalité de découverte de services permet aux moteurs de trouver automatiquement les serveurs appropriés auxquels se connecter à l'aide d'une requête DNS spéciale. Cette fonctionnalité n'est pas pris en charge pour sur les serveurs secondaires. Configuration Si aucun serveur n'est spécifié, le moteur utilise automatiquement la découverte de services pour tenter de trouver un serveur. L'utilisateur peut aussi choisir d'utiliser des adresses de serveur et de découverte de services fixes en insérant un mot-clé spécial, _srv_, dans la liste des serveurs. L'ordre de préférence est maintenu. Cette fonctionnalité est utile si, par exemple, l'utilisateur préfère utiliser la découverte de services chaque fois que possible et se replier vers un serveur spécifique lorsqu'aucun serveur ne peut être découvert à l'aide du DNS. Le nom de domaine Se reporter au paramètre dns_discovery_domain dans la page de manuel sssd.conf 5 pour plus de détails. Le protocole Les requêtes spécifient généralement _tcp comme protocole. Les exceptions sont documentées dans les descriptions respectives des options. Voir aussi Pour plus d'informations sur le mécanisme de découverte de services, se reporter à la RFC 2782. sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/local.xml0000644000000000000000000000013212320753573020765 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/local.xml0000664002412700241270000000150312320753573021213 0ustar00jhrozekjhrozek00000000000000 LE DOMAINE LOCAL Pour fonctionner correctement, un domaine avec id_provider = local doit être créé et SSSD doit s'exécuter. L'administrateur peut vouloir utiliser les utilisateurs locaux SSSD au lieu des utilisateurs UNIX traditionnels dans les cas où l'imbrication de groupes (cf. sss_groupadd 8) est nécessaire. Les utilisateurs locaux sont également utiles pour les tests et le développement de SSSD sans avoir à déployer un serveur distant complet. Les outils sss_user * et sss_group * utilisent alors un stockage local de type LDB pour les utilisateurs et les groupes. sssd-1.11.5/src/man/fr/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000013212320753573023221 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/include/override_homedir.xml0000664002412700241270000000331712320753573023454 0ustar00jhrozekjhrozek00000000000000 override_homedir (chaîne) Réécrit le répertoire personnel de l'utilisateur. Il est possible de fournir une valeur absolue ou un patron. Dans le cas d'un patron, les séquences suivantes sont substituées : %u identifiant de connexion %U numéro d'UID %d nom de domaine %f nom d'utilisateur pleinement qualifié (utilisateur@domaine) %o Le répertoire utilisateur original provenant du fournisseur d'identité. %% un « % » littéral Cette option peut aussi être définie pour chaque domaine. exemple : override_homedir = /home/%u Par défaut : Indéfini (SSSD utilisera la valeur récupérée de LDAP) sssd-1.11.5/src/man/fr/PaxHeaders.13173/sssd.8.xml0000644000000000000000000000013212320753573017372 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/sssd.8.xml0000664002412700241270000001643412320753573017631 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sssd 8 sssd System Security Services Daemon sssd options DESCRIPTION SSSD fournit un jeu de démons pour gérer l'accès à des dossiers distants et les mécanismes d'authentification. Il fournit une interface NSS et PAM au travers du système et un moteur système extensible par greffons pour se connecter à de multiples comptes de sources différentes en plus d'une interface D-Bus. C'est aussi un moyen de fournir un moyen d'audit client et une politique de services pour les projets tels que FreeIPA. Il fournit une base de donnée plus robuste pour stocker les utilisateurs locaux ainsi que les données étendues des utilisateurs. OPTIONS , LEVEL mode 1 : Ajouter un horodatage aux messages de débogage 0 : Désactiver l'horodatage dans les messages de débogage Par défaut : 1 mode 1 : Ajouter les microsecondes à l'horodatage dans les messages de débogage 0 : Désactiver les microsecondes dans l'horodatage Par défaut : 0 , Envoie la sortie de débogage vers des fichiers plutôt que vers la sortie d'erreur standard. Par défaut, les fichiers de sortie sont stockés dans /var/log/sssd et des fichiers différents sont créés pour chaque service et domaine SSSD. , Devenir un démon après le démarrage. , Tourner en avant-plan et ne pas devenir un démon. , Définit un fichier de configuration autre que celui par défaut (/etc/sssd/sssd.conf). Pour obtenir des informations sur la syntaxe et les options du fichier de configuration, consulter les pages de manuel de sssd.conf 5 . Afficher le numéro de version et quitter. Signaux SIGTERM/SIGINT Indique à SSSD de fermer normalement tous ses processus fils puis d'arrêter le moniteur. SIGHUP Précise à SSSD de ne plus écrire vers son fichier de débogage actuel, de le fermer et de le rouvrir. Cela permet de faciliter les rotations de fichiers de sortie avec des programmes tels que logrotate. SIGUSR1 Précise à SSSD de simuler une opération hors-ligne pendant une minute. C'est surtout utile pour faire des tests. SIGUSR2 Précise à SSSD de passer en mode hors-ligne immédiatement. C'est surtout utile pour faire des tests. NOTES If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO", client applications will not use the fast in memory cache. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_groupdel.8.xml0000644000000000000000000000013212320753573021127 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/sss_groupdel.8.xml0000664002412700241270000000274212320753573021363 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_groupdel 8 sss_groupdel supprimer un groupe sss_groupdel options GROUPE DESCRIPTION sss_groupdel supprime du système un groupe identifié par son nom de groupe GROUPE. OPTIONS sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_useradd.8.xml0000644000000000000000000000013212320753573020735 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/sss_useradd.8.xml0000664002412700241270000001457712320753573021202 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_useradd 8 sss_useradd créer un utilisateur sss_useradd options UTILISATEUR DESCRIPTION sss_useradd crée un nouveau compte utilisateur en utilisant les valeurs spécifiées en ligne de commande auquelles sont ajoutées les valeurs par défaut du système. OPTIONS , UID Définit l'UID de l'utilisateur à la valeur UID. Si non précisé, il est choisit automatiquement. , COMMENTAIRE Toute chaîne de caractère décrivant l'utilisateur. Souvent utilisé comme champ pour le nom entier de l'utilisateur. , HOME_DIR Le répertoire personnel du compte utilisateur. Par défaut, on ajoute LOGIN à /home et on utilise cela comme dossier personnel. La base précédent LOGIN est modifiable avec le paramètre user_defaults/baseDirectory de sssd.conf. , SHELL L'interpréteur de commande de l'utilisateur. La valeur par défaut actuelle, /bin/bash, peut être modifiée avec le paramètre user_defaults/defaultShell dans sssd.conf. , GROUPES Une liste de groupes existants dont l'utilisateur est aussi membre. , Crée le répertoire personnel de l'utilisateur s'il n'existe pas. Les fichiers et répertoires inclus dans le répertoire squelette (pouvant être définis avec l'option -k ou dans le fichier de configuration) sont copiés dans le dossier personnel. , Ne pas créer de dossier personnel pour l'utilisateur. Écrase les paramètres de configuration. , SKELDIR Le répertoire squelette, contenant les fichiers et répertoires à copier dans le répertoire personnel de l'utilisateur, quand le répertoire personnel est créé par sss_useradd. Les fichiers spéciaux (périphériques blocs, caractères, tubes nommés et sockets unix) ne seront pas copiés. L'option n'est valide que si l'option (ou ) est utilisée ou si la création de répertoires personnels est à TRUE dans la configuration. , UTILISATEUR_SELINUX L'utilisateur SELinux pour la connexion utilisateur. Si non spécifié, la valeur par défaut du système est utilisée. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_userdel.8.xml0000644000000000000000000000013212320753573020751 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/sss_userdel.8.xml0000664002412700241270000000635212320753573021206 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_userdel 8 sss_userdel Supprimer un compte utilisateur sss_userdel options LOGIN DESCRIPTION sss_userdel supprime du système un utilisateur identifié par son identifiant de connexion LOGIN. OPTIONS , Les fichiers dans le répertoire ainsi que le répertoire lui-même de l'utilisateur et sa messagerie seront supprimés. Outrepasse la configuration. , Les fichiers dans le répertoire ainsi que le répertoire lui-même de l'utilisateur et sa messagerie ne seront PAS supprimés. Outrepasse la configuration. , Cette option oblige sss_userdel à supprimer le répertoire home de l'utilisateur et sa messagerie, même si ils ne sont pas détenus par l'utilisateur spécifié. , Avant de réellement supprimer l'utilisateur, mettre fin à tous ses processus. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sssd-sudo.5.xml0000644000000000000000000000013212320753573020337 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/sssd-sudo.5.xml0000664002412700241270000001724312320753573020575 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sssd-sudo 5 Formats de fichier et conventions sssd-sudo Configuration de sudo avec le moteur SSSD DESCRIPTION Cette page de manuel décrit comment configurer sudo 8 pour travailler avec sssd 8 et comment SSSD met en cache les règles sudo. Configuration de sudo pour coopérer avec SSSD Pour activer SSSD comme source pour les règles de sudo, ajouter sss à l'entrée sudoers dans nsswitch.conf 5. Par exemple, pour configurer sudo pour rechercher d'abord les règles dans le fichier standard sudoers 5 (qui doit contenir les règles qui s'appliquent aux utilisateurs locaux) et ensuite dans SSSD, le fichier nsswitch.conf doit contenir la ligne suivante : sudoers: files sss Plus d'informations sur la configuration de l'ordre de recherche de sudoers depuis le fichier nsswitch.conf, mais aussi les informations sur le schéma LDAP qui est utilisé pour stocker les règles sudo dans l'annuaire sont disponibles dans sudoers.ldap 5. Note: in order to use netgroups or IPA hostgroups in sudo rules, you also need to correctly set nisdomainname 1 to your NIS domain name (which equals to IPA domain name when using hostgroups). Configuration de SSSD pour aller chercher les règles de sudo All configuration that is needed on SSSD side is to extend the list of services with "sudo" in [sssd] section of sssd.conf 5 . To speed up the LDAP lookups, you can also set search base for sudo rules using ldap_sudo_search_base option. L'exemple suivant montre comment configurer SSSD pour télécharger les règles sudo à partir d'un serveur LDAP. [sssd] config_file_version = 2 services = nss, pam, sudo domains = EXAMPLE [domain/EXAMPLE] id_provider = ldap sudo_provider = ldap ldap_uri = ldap://example.com ldap_sudo_search_base = ou=sudoers,dc=example,dc=com When the SSSD is configured to use IPA as the ID provider, the sudo provider is automatically enabled. The sudo search base is configured to use the compat tree (ou=sudoers,$DC). Le mécanisme de mise en cache de règles SUDO Le plus grand défi lors du développement de la prise en charge de sudo dans SSSD était de de s'assurer que l'utilisation d'un sudo exploitant SSSD comme source de données fournissait la même expérience utilisateur et était aussi rapide que sudo, tout en conservant le jeu de règles le plus à jour possible. Pour satisfaire ces exigences, SSSD utilise trois types de mises à jour. Elles sont appelées actualisation complète, rafraîchissement intelligent et rafraîchissement des règles. Le rafraîchissement intelligent télécharge périodiquement les règles qui sont nouvelles ou qui ont été modifiées après la dernière mise à jour. Son but premier est d'éviter à la base de données de grossir en allant chercher de petits incréments qui ne génèrent pas de gros de trafic réseau. Le rafracîchissement complèt supprime simplement toutes les règles sudo stockées dans le cache et les remplace par toutes les règles qui sont stockées sur le serveur. Ceci est utilisé pour assurer la cohérence de cache en supprimant toutes les règles qui ont été supprimées du serveur. Cependant, un rafraîchissement complet peut produire beaucoup de trafic et doit n'être exécuté qu'occasionnellement selon la taille et de la stabilité des règles sudo. Le rafraîchissement des règles fait en sorte de ne pas accorder à l'utilisateur plus d'autorisations que défini. Il est déclenché chaque fois que l'utilisateur exécute sudo. L'actualisation des règles trouvera toutes les règles qui s'appliquent à cet utilisateur, vérifie leur date d'expiration et les retéléchargera si elles ont expiré. Dans le cas où l'une de ces règles est manquante sur le serveur, SSSD programmera en parallèle un rafraîchissement complet hors ligne car d'autres règles (s'appliquant à d'autres utilisateurs) peuvent avoir été supprimées. Si activé, SSSD stocke uniquement les règles qui peuvent être appliquées à cette machine. En d'autres termes, ce sont les règles qui contiennent une des valeurs suivantes dans l'attribut de sudoHost : mot-clé ALL joker netgroup (sous la forme « +netgroup ») nom de système ou le nom de domaine pleinement qualifié de cette machine une des adresses IP de cette machine une des adresses IP du réseau (sous la forme « adresse/masque ») Il existe de nombreuses options de configuration qui peuvent être utilisées pour ajuster le comportement. Consulter « ldap_sudo_ * » dans sssd-ldap 5 et « sudo_ * » dans sssd.conf 5. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sssd-ldap.5.xml0000644000000000000000000000013212320753573020305 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/sssd-ldap.5.xml0000664002412700241270000030167512320753573020550 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sssd-ldap 5 Formats de fichier et conventions sssd-ldap Le fichier de configuration pour SSSD DESCRIPTION Ce manuel décrit la configuration des domaines LDAP pour sssd 8 . Se référer à la section FILE FORMAT du manuel sssd.conf 5 pour des informations sur la syntaxe détaillée. Il est possible de configurer SSSD pour utiliser plus d'un domaine LDAP. Le moteur de traitement LDAP prend en charge les fournisseurs id, auth, access et chpass. Si vous voulez vous authentifier sur un serveur LDAP, il vous faut utiliser TLS/SSL ou LDAPS. sssd ne prend pas en charge l'authentification sur un canal non chiffré. Si le serveur LDAP est utilisé seulement comme fournisseur d'identité, un canal crypté n'est pas nécessaire. Se référer aux options de configurations ldap_access_filter pour plus d'information sur l'utilisation en tant que fournisseur d'accès. OPTIONS DE CONFIGURATION Toutes les options de configuration communes appliquées aux domaines SSSD s'appliquent aussi aux domaines LDAP. Voir la section des SECTIONS DE DOMAINE dans la page de manuel sssd.conf 5 pour plus de détails. ldap_uri, ldap_backup_uri (string) Spécifie par ordre de préférence la liste séparée par des virgules d'URI des serveurs LDAP auquel doit se connecter SSSD. Se reporter à la section de BASCULEMENT pour plus d'informations sur le basculement et la redondance de serveurs. Si aucune de ces options n'est spécifiée, la découverte d'un service est activé. Pour plus d'informations, se reporter à la section de DÉCOUVERTE DE SERVICE. Le format de l'URI doit correspondre au format définit dans la RFC 2732 : ldap[s]://<host>[:port] Pour les adresses explicitement en IPv6, le composant <host> doit être entre crochets [] exemple : ldap://[fc00::126:25]:389 ldap_chpass_uri, ldap_chpass_backup_uri (string) Spécifie la liste d'URI séparée par des virgules des serveurs LDAP auquel doit se connecter DSSD par ordre de préférence pour changer le mot de passe d'un utilisateur. Reportez-vous à la section de basculement pour plus d'informations sur le repli et la redondance de serveurs. Pour activer la découverte de services, ldap_chpass_dns_service_name doit être défini. Par défaut : vide, ldap_uri est donc utilisé. ldap_search_base (chaîne) Le DN de base par défaut à utiliser pour effectuer les opérations LDAP sur les utilisateurs. À partir de SSSD 1.7.0, SSSD prend en charge plusieurs bases de recherche à l'aide de la syntaxe : search_base[?scope?[filter][?search_base?scope?[filter]]*] La portée peut être l'une des « base », « onelevel » ou « subtree ». Le filtre doit être un filtre de recherche LDAP valide tel que spécifié par http://www.ietf.org/rfc/rfc2254.txt Exemples : ldap_search_base = dc=example,dc=com (ce qui équivaut à) ldap_search_base = dc=example,dc=com?subtree? ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? Remarque : Il est n'est pas possible d'avoir plusieurs bases de recherche qui référencent des objets portant le même nom (par exemple, les groupes portant le même nom dans deux bases de recherche différents). Cela conduira à un comportement imprévisible sur les ordinateurs clients. Par défaut : si non définie, les valeurs des attributs defaultNamingContext ou namingContexts du RootDSE du serveur LDAP sont utilisées. Si defaultNamingContext n'existe pas ou a une valeur vide, namingContexts est utilisé. Les attributs namingContexts doivent avoir une seule valeur avec un DN de base de recherche pour le serveur LDAP pour que cela fonctionne. Des valeurs multiples ne sont pas permises. ldap_schema (chaîne) Spécifie le type de schéma utilisé sur le serveur LDAP cible. Selon le schéma sélectionné, les noms d'attributs par défaut provenant des serveurs peuvent varier. La manière dont certains attributs sont traités peut-être également différer. Quatre types de schéma sont actuellement pris en charge : rfc2307 rfc2307bis IPA AD La principale différence entre ces types de schéma est la façon dont les appartenances aux groupes sont enregistrés dans le serveur. Avec rfc2307, les membres du groupe sont répertoriées par nom dans l'attribut memberUid. Avec rfc2307bis et IPA, les membres du groupe sont répertoriés par DN et stockées dans l'attribut de member. Le type de schéma AD définit les attributs correspondant aux valeurs d'Active Directory 2008r2. Par défaut : rfc2307 ldap_default_bind_dn (chaîne) Le DN de connexion par défaut à utiliser pour effectuer les opérations LDAP. ldap_default_authtok_type (chaîne) Le type de jeton d'authentification pour le DN de connexion par défaut. Les deux mécanismes actuellement pris en charge sont : password obfuscated_password Par défaut : password ldap_default_authtok (chaîne) Le jeton d'authentification pour le DN de connexion par défaut. Seuls les mots de passe en clair sont actuellement pris en charge. ldap_user_object_class (chaîne) La classe d'objet d'une entrée utilisateur dans LDAP. Par défaut : posixAccount ldap_user_name (chaîne) L'attribut LDAP correspondant à l'identifiant de connexion de l'utilisateur. Par défaut : uid ldap_user_uid_number (chaîne) L'attribut LDAP correspondant à l'id de l'utilisateur. par défaut : uidNumber ldap_user_gid_number (chaîne) L'attribut LDAP correspondant à l'id du groupe primaire de l'utilisateur. Par défaut : gidNumber ldap_user_gecos (chaîne) L'attribut LDAP correspondant au champ gecos de l'utilisateur. Par défaut : gecos ldap_user_home_directory (chaîne) L'attribut LDAP qui contient le nom du répertoire personnel de l'utilisateur. Par défaut : homeDirectory ldap_user_shell (chaîne) L'attribut LDAP qui contient le chemin vers l'interpréteur de commandes de l'utilisateur. Par défaut : loginShell ldap_user_uuid (chaîne) L'attribut LDAP qui contient les UUID/GUID d'un objet LDAP utilisateur. Par défaut : nsUniqueId ldap_user_objectsid (string) L'attribut LDAP qui contient l'objectSID d'un objet d'utilisateur LDAP. Ceci n'est habituellement nécessaire que pour les serveurs Active Directory. Par défaut : objectSid pour ActiveDirectory, indéfini pour les autres serveurs. ldap_user_modify_timestamp (chaîne) L'attribut LDAP qui contient l'horodatage de la dernière modification de l'objet parent. Par défaut : modifyTimestamp ldap_user_shadow_last_change (chaîne) Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le nom de l'attribut LDAP correspondant à sa contrepartie shadow 5 (date de changement du dernier mot de passe). Par défaut : shadowLastChange ldap_user_shadow_min (chaîne) Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le nom de l'attribut LDAP correspondant à sa contrepartie shadow 5 (durée de validité minimum du mot de passe). Par défaut : shadowMin ldap_user_shadow_max (chaîne) Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le nom de l'attribut LDAP correspondant à sa contrepartie shadow 5 (âge maximum du mot de passe). Par défaut : shadowMax ldap_user_shadow_warning (chaîne) Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le nom de l'attribut LDAP correspondant à sa contrepartie shadow 5 (période d'avertissement du mot de passe). Par défaut : shadowWarning ldap_user_shadow_inactive (chaîne) Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le nom de l'attribut LDAP correspondant à sa contrepartie shadow 5 (période d'inactivité du mot de passe). Par défaut : shadowInactive ldap_user_shadow_expire (chaîne) Lors de l'utilisation de ldap_pwd_policy=shadow ou ldap_account_expire_policy=shadow, ce paramètre contient le nom de l'attribut LDAP correspondant à sa contrepartie shadow 5 (date d'expiration du compte). Par défaut : shadowExpire ldap_user_krb_last_pwd_change (chaîne) Lors de l'utilisation de ldap_pwd_policy=mit_kerberos, ce paramètre contient le nom de l'attribut LDAP stockant la date et l'heure du dernier changement de mot de passe dans kerberos. Par défaut : krbLastPwdChange ldap_user_krb_password_expiration (chaîne) Lors de l'utilisation de ldap_pwd_policy=mit_kerberos, ce paramètre contient le nom de l'attribut LDAP stockant la date et l'heure d'expiration du mot de passe actuel. Par défaut : krbPasswordExpiration ldap_user_ad_account_expires (chaîne) Lors de l'utilisation de ldap_account_expire_policy=ad, ce paramètre contient le nom d'un attribut LDAP stockant la date d'expiration du compte. Par défaut : accountExpires ldap_user_ad_user_account_control (chaîne) Lors de l'utilisation de ldap_account_expire_policy=ad, ce paramètre contient le nom d'un attribut LDAP stockant le champ de bits de contrôle du compte utilisateur. Par défaut : userAccountControl ldap_ns_account_lock (chaîne) Lors de l'utilisation de ldap_account_expire_policy=rhds ou équivalent, ce paramètre détermine si l'accès est autorisé ou non. Par défaut : nsAccountLock ldap_user_nds_login_disabled (chaîne) Lors de l'utilisation de ldap_account_expire_policy=nds, cet attribut détermine si l'accès est autorisé ou non. Par défaut : loginDisabled ldap_user_nds_login_expiration_time (chaîne) Lors de l'utilisation de ldap_account_expire_policy=nds, cet attribut détermine jusqu'à quand l'accès est autorisé. Par défaut : loginDisabled ldap_user_nds_login_allowed_time_map (chaîne) Lors de l'utilisation de ldap_account_expire_policy=nds, cet attribut détermine les heures des jours dans la semaine pendant lesquelles l'accès est autorisé. Par défaut : loginAllowedTimeMap ldap_user_principal (chaîne) L'attribut LDAP contenant le nom du principal d'utilisateur (UPN) Kerberos de l'utilisateur. Par défaut : krbPrincipalName ldap_user_ssh_public_key (chaîne) L'attribut LDAP qui contient les clés publiques SSH de l'utilisateur. ldap_force_upper_case_realm (booléen) Certains serveurs d'annuaire, comme par exemple Active Directory, peuvent délivrer la partie domaine de l'UPN en minuscules, ce qui peut faire échouer l'authentification. Définir cette option à une valeur non nulle pour utiliser un nom de domaine en majuscules. Par défaut : false ldap_enumeration_refresh_timeout (entier) Spécifie la durée en secondes pendant laquelle SSSD doit attendre avant d'actualiser son cache d"énumération d'enregistrements. Par défaut : 300 ldap_purge_cache_timeout (entier) Détermine la fréquence de vérification de la présence d'entrées inactives dans le cache (telles que groupes sans membres et utilisateurs ne s'étant jamais connectés) et de suppression pour économiser de l'espace. Mettre cette option à zéro désactive l'opération de nettoyage du cache. Par défaut : 1800 (12 heures) ldap_user_fullname (chaîne) L'attribut LDAP correspondant au nom complet de l'utilisateur. Par défaut : cn ldap_user_member_of (chaîne) L'attribut LDAP énumérant les groupes auquel appartient un utilisateur. Par défaut : memberOf ldap_user_authorized_service (chaîne) Lorsque access_provider=ldap et ldap_access_order=authorized_service, SSSD utilise la présence de l'attribut authorizedService dans l'entrée LDAP de l'utilisateur pour déterminer les autorisations d'accès. Le refus explicite (!svc) est résolu en premier. Ensuite, SSSD cherche une autorisation explicite (svc) et enfin allow_all (*). Noter que l'option de configuration ldap_access_order doit inclure authorized_service de façon à permettre à l'option ldap_user_authorized_service de fonctionner. Par défaut : authorizedService ldap_user_authorized_host (chaîne) Si access_provider=ldap et ldap_access_order=host, SSSD va utiliser la présence de l'attribut host dans l'entrée LDAP de l'utilisateur pour déterminer les autorisations d'accès. Le refus explicite (!host) est résolu en premier. SSSD recherche ensuite les autorisations explicites (host) et enfin toutes les autorisations (*). Noter que l'option de configuration ldap_access_order doit inclure host de façon à permettre à l'option ldap_user_authorized_host de fonctionner. Par défaut : host ldap_group_object_class (chaîne) La classe d'objet d'une entrée de groupe dans LDAP. Par défaut : posixGroup ldap_group_name (chaîne) L'attribut LDAP correspondant au nom du groupe. Par défaut : cn ldap_group_gid_number (chaîne) L'attribut LDAP correspondant à l'identifiant de groupe. Par défaut : gidNumber ldap_group_member (chaîne) L'attribut LDAP contenant les noms des membres du groupe. Par défaut : memberuid (rfc2307) / member (rfc2307bis) ldap_group_uuid (chaîne) L'attribut LDAP contenant les UUID/GUID d'un objet groupe LDAP. Par défaut : nsUniqueId ldap_group_objectsid (string) L'attribut LDAP qui contient l'objectSID d'un objet de groupe LDAP. Ceci n'est habituellement nécessaire que pour les serveurs Active Directory. Par défaut : objectSid pour ActiveDirectory, indéfini pour les autres serveurs. ldap_group_modify_timestamp (chaîne) L'attribut LDAP qui contient l'horodatage de la dernière modification de l'objet parent. Par défaut : modifyTimestamp ldap_group_type (integer) The LDAP attribute that contains an integer value indicating the type of the group and maybe other flags. This attribute is currently only used by the AD provider to determine if a group is a domain local groups and has to be filtered out for trusted domains. Default: groupType in the AD provider, othewise not set ldap_group_nesting_level (entier) Si ldap_schema est défini comme un format prenant en charge les groupes imbriqués (par exemple RFC2307bis), alors cette option contrôle le nombre de niveaux d'imbrication que SSSD suivra. Cette option n'a pas d'effet sur le schéma RFC2307. Par défaut : 2 ldap_groups_use_matching_rule_in_chain Cette option indique à SSSD de tirer parti d'une fonctionnalité Active Directory spécifique qui peut accélérer les opérations de recherche de groupe sur les déploiements utilisant des groupes profondément imbriqués et complexes. Dans la plupart des cas, il est préférable de laisser cette option désactivée. Elle ne fournit une augmentation des performances que sur les imbrications très complexes. Si cette option est activée, SSSD l'utilisera s'il détecte que le serveur la prend en charge au cours de la connexion initiale. Ainsi, « true » signifie essentiellement « auto-detect ». Remarque : Cette fonctionnalité fonctionne uniquement avec Active Directory 2008 R1 et versions suivantes. Consulter la documentation de MSDN(TM) pour plus de détails. Par défaut : False ldap_initgroups_use_matching_rule_in_chain Cette option indique à SSSD de tirer parti d'une fonctionnalité Active Directory spécifique qui peut accélérer les opérations initgroups (le plus souvent lors de l'utilisation de groupes profondément imbriqués ou complexes). Si cette option est activée, SSSD l'utilisera s'il détecte que le serveur la prend en charge au cours de la connexion initiale. Ainsi, « true » signifie essentiellement « auto-detect ». Remarque : Cette fonctionnalité fonctionne uniquement avec Active Directory 2008 R1 et versions suivantes. Consulter la documentation de MSDN(TM) pour plus de détails. Par défaut : False ldap_netgroup_object_class (chaîne) La classe d'objet d'une entrée de netgroup dans LDAP. Pour un fournisseur IPA, ipa_netgroup_object_class doit être utilisé à la place. Par défaut : nisNetgroup ldap_netgroup_name (chaîne) L'attribut LDAP correspondant au nom du netgroup. Dans le fournisseur IPA, ipa_netgroup_name doit être utilisé à la place. Par défaut : cn ldap_netgroup_member (chaîne) L'attribut LDAP contenant les noms des membres du netgroup. Dans le fournisseur IPA, ipa_netgroup_member doit être utilisé à la place. Par défaut : memberNisNetgroup ldap_netgroup_triple (chaîne) L'attribut LDAP contenant les triplets (hôte, utilisateur, domaine) d'un netgroup. Cette option n'est pas disponible dans le fournisseur IPA. Par défaut : nisNetgroupTriple ldap_netgroup_uuid (chaîne) L'attribut LDAP contenant les UUID/GUID d'un objet netgroup LDAP. Dans le fournisseur IPA, ipa_netgroup_uuid doit être utilisé à la place. Par défaut : nsUniqueId ldap_netgroup_modify_timestamp (chaîne) L'attribut LDAP qui contient l'horodatage de la dernière modification de l'objet parent. Cette option n'est pas disponible dans le fournisseur IPA. Par défaut : modifyTimestamp ldap_service_object_class (chaîne) La classe d'objet d'une entrée de service LDAP. Par défaut : ipService ldap_service_name (string) L'attribut LDAP qui contient le nom des attributs de service et de leurs alias. Par défaut : cn ldap_service_port (string) L'attribut LDAP qui contient le port géré par ce service. Par défaut : ipServicePort ldap_service_proto (string) L'attribut LDAP qui contient les protocoles compris par ce service. Par défaut : ipServiceProtocol ldap_service_search_base (string) ldap_search_timeout (entier) Définit le délai d'attente (en secondes) autorisé pour les recherches LDAP avant annulation et utilisation des résultats contenus dans le cache (et activation du mode hors ligne) Note : cette option est susceptible de changer dans les prochaines version de SSSD. Elle sera sûrement remplacée par une série de délais d'attente pour différents types de recherches. Par défaut : 6 ldap_enumeration_search_timeout (entier) Définit le délai d'attente (en secondes) autorisé pour les recherches LDAP sur les utilisateurs et groupes avant annulation et utilisation des résultats mis en cache (et activation du mode hors ligne) Par défaut : 60 ldap_network_timeout (entier) Définit le délai d'attente (en secondes) après lequel les fonctions poll 2 / select 2 suivant un connect 2 rendent la main en cas d'inactivité. Par défaut : 6 ldap_opt_timeout (entier) Définit le délai d'attente (en secondes) après lequel les appels synchrones à l'API LDAP échouent si aucune réponse n'est obtenue. Permet aussi de contrôler le délai de communication avec le KDC dans le cas d'un appel SASL. Par défaut : 6 ldap_connection_expire_timeout (entier) Spécifie un délai d'attente (en secondes) pendant laquelle une connexion à un serveur LDAP est maintenue. Passé ce délai, la connexion devra être rétablie. Si ce paramètre est utilisé en parallèle avec SASL/GSSAPI, la plus courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée. Par défaut : 900 (15 minutes) ldap_page_size (entier) Définit le nombre d'enregistrements à récupérer lors d'une requête LDAP. Certains serveurs LDAP imposent une limite maximale par requête. Par défaut : 1000 ldap_disable_paging (boolean) Désactiver le contrôle de pagination LDAP. Cette option doit être utilisée si le serveur LDAP signale qu'il prend en charge le contrôle de pagination LDAP de l'objet RootDSE, mais qu'il n'est pas activé ou ne se comporte pas correctement. Exemple : le serveurs OpenLDAP avec le module de contrôle de pagination installé sur le serveur mais non activé le signaleront dans RootDSE mais il sera impossible de l'utiliser. Exemple : 389 DS a un bogue où il ne peut que soutenir qu'un seul contrôle de pagination à la fois sur une connexion donnée. Sur les clients chargés, cela peut entraîner l'échec de certaines demandes. Par défaut : False ldap_disable_range_retrieval (booléen) Désactiver la récupération de plage Active Directory. Active Directory limite le nombre de membres à récupérer par recherche à l'aide de la stratégie MaxValRange (qui prend la valeur par défaut de 1500 membres). Si un groupe contient plus de membres, la réponse inclura une extension de plage spécifique à Active Directory. Cette option désactive l'analyse de cette extension de plage, les groupes de grande taille apparaissant ainsi sans aucun membre. Par défaut : False ldap_sasl_minssf (integer) Lors de la communication avec un serveur LDAP en utilisant SASL, spécifie le niveau de sécurité minimal nécessaire pour établir la connexion. Les valeurs de cette option sont définies par OpenLDAP. Par défaut : Utiliser la valeur par défaut du système (généralement spécifié par ldap.conf) ldap_deref_threshold (entier) Définit le nombre de membres du groupe qui doivent manquer au sein du cache interne afin de déclencher une recherche de déréférencement. Si le nombre de membres manquants est inférieur, ils sont recherchés individuellement. Vous pouvez désactiver complètement les recherches de déréférencement en affectant la valeur 0. Une recherche de déréférencement est un moyen pour récupérer tous les membres d'un groupe avec un seul appel LDAP. Plusieurs serveurs LDAP peuvent avoir différentes méthodes de déréférencement. Les serveurs actuellement acceptés sont 389/RHDS, OpenLDAP et Active Directory. Remarque : Si l'une des bases de recherche spécifie un filtre de recherche, alors l'amélioration de la performance de recherche de déréférencement est désactivée indépendamment de ce paramètre. Par défaut : 10 ldap_tls_reqcert (chaîne) Définit les vérifications à effectuer sur les certificats serveur sur une session TLS, si elle existe. Une des valeurs suivantes est utilisable : never : le client ne demandera ni ne vérifiera un quelconque certificat du serveur. allow : le certificat serveur est demandé. Si aucun certificat n'est fournit, la session continue normalement. Si un mauvais certificat est fourni, il est ignoré et la session continue normalement. try : le certificat serveur est demandé. Si aucun certificat n'est fourni, la session continue normalement. Si un mauvais certificat est fourni, la session se termine immédiatement. demand : le certificat serveur est demandé. Si aucun certificat ou un mauvais certificat est fourni, la session se termine immédiatement. hard : identique à demand Par défaut : hard ldap_tls_cacert (chaîne) Définit le fichier qui contient les certificats pour toutes les autorités de certification que sssd reconnaîtra. Par défaut : utilise les paramètres par défaut de OpenLDAP, en général dans /etc/openldap/ldap.conf ldap_tls_cacertdir (chaîne) Spécifie le chemin d'un dossier qui contient les certificats de l'autorité de certificats dans des fichiers séparés. Usuellement, les noms de fichiers sont la somme de contrôle du certificat suivi de « .0 ». Si disponible, cacertdir_rehash peut être utilisé pour créer les noms corrects. Par défaut : utilise les paramètres par défaut de OpenLDAP, en général dans /etc/openldap/ldap.conf ldap_tls_cert (chaîne) Définit le fichier qui contient le certificat pour la clef du client. Par défaut : non défini ldap_tls_key (chaîne) Définit le fichier qui contient la clef du client. Par défaut : non défini ldap_tls_cipher_suite (chaîne) Définit les algorithmes de chiffrement acceptables. Généralement sous la forme d'une liste séparée par des deux-points. Cf. ldap.conf 5 pour le format. Par défaut : utilise les paramètres par défaut de OpenLDAP, en général dans /etc/openldap/ldap.conf ldap_id_use_start_tls (booléen) Définit le fait que le fournisseur d'identité de connexion doit aussi utiliser tls pour protéger le canal. Par défaut : false ldap_id_mapping (boolean) Indique que SSSD doit tenter de trouver les correspondances des ID d'utilisateur et de groupe dans les attributs ldap_user_objectsid et ldap_group_objectsid au lieu d'utiliser ldap_user_uid_number et ldap_group_gid_number. Cette fonctionnalité ne prend actuellement en charge que la correspondance par objectSID avec Active Directory. Par défaut : false ldap_min_id, ldap_max_id (entiers) Au contraire de la mise en correspondance d'identifiants s'appuyant sur les SID utilisée si ldap_id_mapping est positionné à true, les plages d'identifiants autorisés pour ldap_user_uid_number et ldap_group_gid_number n'ont pas de limite. Dans une configuration avec des sous-domaines ou des domaines approuvés, cela peut engendrer des collisions. Pour les éviter, ldap_min_id et ldap_max_id peuvent être configurés afin de restreindre les plages d'identifiants autorisées lues directement depuis le serveur. Les sous-domaines peuvent ensuite choisir d'autres plages pour leurs propres identifiants. Par défaut : non indiqué (les deux options sont à 0) ldap_sasl_mech (chaîne) Définit le mécanisme SASL à utiliser. Actuellement, seul GSSAPI est testé et pris en charge. Par défaut : non défini ldap_sasl_authid (chaîne) Définit l'identité à utiliser pour l'autorisation SASL. Lorsque GSSAPI est utilisé, c'est l'identifiant Kerberos principal utilisé pour s'authentifier à l'annuaire. Cette option peut soit contenir le principal complet (par exemple host/myhost@EXAMPLE.COM), soit juste le nom du principal (par exemple host/myhost). Par défaut : host/hostname@REALM ldap_sasl_realm (chaîne) Spécifie le domaine SASL à utiliser. Si non spécifié, cette option prend par défaut la valeur de krb5_realm. Si le ldap_sasl_authid contient aussi le domaine, cette option est ignorée. Par défaut : la valeur de krb5_realm. ldap_sasl_canonicalize (booléen) Si true, la bibliothèque LDAP effectue une recherche inversée pour canoniser le nom de l'hôte au cours d'une liaison SASL. Défaut : false; ldap_krb5_keytab (chaîne) Définit le fichier keytab à utiliser pour utiliser SASL/GSSAPI. Par défaut : le fichier keytab du système, normalement /etc/krb5.keytab ldap_krb5_init_creds (booléen) Définit le fait que le fournisseur d'identité doit initialiser les données d'identification Kerberos (TGT). Cette action est effectuée seulement si SASL est utilisé et que le mécanisme choisi est GSSAPI. Par défaut : true ldap_krb5_ticket_lifetime (entier) Définit la durée de vie, en secondes, des TGT si GSSAPI est utilisé. Par défaut : 86400 (24 heures) krb5_server, krb5_backup_server (string) Spécifie par ordre de préférence la liste séparée par des virgules des adresses IP ou des noms de systèmes des serveurs Kerberos auquel SSSD doit se connecter. Pour plus d'informations sur la redondance de basculement et le serveur, consulter la section BASCULEMENT. Un numéro de port facultatif (précédé de deux-points) peut être ajouté aux adresses ou aux noms de systèmes. Si vide, la découverte de services est activée - pour plus d'informations, se reporter à la section de DÉCOUVERTE DE SERVICES. Lors de l'utilisation de découverte de services pour le KDC ou les serveurs kpasswd, SSSD recherche en premier les entrées DNS qui définissent _udp comme protocole, et passe sur _tcp si aucune entrée n'est trouvée. Cette option s'appelait krb5_kdcip dans les versions précédentes de SSSD. Bien que ce nom soit toujours reconnu à l'heure actuelle, il est conseillé de migrer les fichiers de configuration vers l'utilisation de krb5_server. krb5_realm (chaîne) Définit le DOMAINE de Kerberos (pour l'authentification SASL/GSSAPI). Par défaut : valeur par défaut du système, voir /etc/krb5.conf krb5_canonicalize (booléen) Spécifie si le principal de l'hôte doit être rendu canonique lors de la connexion au serveur LDAP. Cette fonctionnalité est disponible avec MIT Kerberos > = 1.7 Par défaut : false krb5_use_kdcinfo (booléen) Indique si SSSD doit préciser aux bibliothèques Kerberos quels domaine et KDC utiliser. Cette option est activée par défaut, si elle est désactivée, la bibliothèque Kerberos doit être configurée à l'aide du fichier de configuration krb5.conf 5 . Consulter la page de manuel de sssd_krb5_locator_plugin 8 pour plus d'informations sur le greffon de localisation. Par défaut : true ldap_pwd_policy (chaîne) Détermine la politique d'expiration des mots de passe côté client. Les valeurs suivantes sont acceptées : none : aucun évaluation du côté client. Cette option ne peut pas désactiver la politique sur les mots de passe du côté serveur. shadow - Utiliser les attributs de style shadow 5 pour évaluer si le mot de passe a expiré. mit_kerberos : utilise les attributs utilisés par MIT Kerberos pour déterminer si le mot de passe a expiré. Utiliser chpass_provider=krb5 afin de modifier ces attributs lorsque le mot de passe est changé. Par défaut : aucun Note: if a password policy is configured on server side, it always takes precedence over policy set with this option. ldap_referrals (booléen) Définit si le déréférencement automatique doit être activé. Veuillez noter que sssd ne supporte que le déréférencement que lorsqu'il est compilé avec OpenLDAP version 2.4.13 ou supérieur. La déréférenciation de références peut subir une altération notable des performances dans les environnements qui les utilisent fortement, un exemple notable étant Microsoft Active Directory. Si votre installation ne nécessite pas l'utilisation des références, affecter false à cette option devrait permettre d'améliorer de façon notable les performances. Par défaut : true ldap_dns_service_name (chaîne) Définit le nom de service à utiliser quand la découverte de services est activée. Par défaut : ldap ldap_chpass_dns_service_name (chaîne) Définit le nom de service à utiliser pour trouver un serveur LDAP autorisant un changement de mot de passe quand la découverte de services est activée. Par défaut : non défini, c'est-à-dire que le service de découverte est désactivé. ldap_chpass_update_last_change (bool) Spécifie s'il faut mettre à jour l'attribut ldap_user_shadow_last_change avec le nombre de jours depuis Epoch après l'opération de changement de mot de passe. Par défaut : False ldap_access_filter (chaîne) If using access_provider = ldap and ldap_access_order = filter (default), this option is mandatory. It specifies an LDAP search filter criteria that must be met for the user to be granted access on this host. If access_provider = ldap, ldap_access_order = filter and this option is not set, it will result in all users being denied access. Use access_provider = permit to change this default behavior. Please note that this filter is applied on the LDAP user entry only. Exemple: access_provider = ldap ldap_access_filter = (employeeType=admin) This example means that access to this host is restricted to users whose employeeType attribute is set to "admin". Le cache hors-ligne pour cette fonctionnalité est limité à la détermination du fait que la dernière connexion en ligne de l'utilisateur a été autorisée. Si tel était le cas, l'accès sera conservé en mode hors-ligne et vice-versa. Par défaut : vide ldap_account_expire_policy (chaîne) Avec cette option une évaluation du côté client des contrôles d'accès peut être activée. Veuillez noter qu'il est toujours recommandé d'utiliser un contrôle d'accès du côté serveur, c'est-à-dire que le serveur LDAP doit refuser une requête de connexion avec un code erreur approprié même si le mot de passe est correct. Les valeurs suivantes sont autorisées : shadow : utiliser la valeur de ldap_user_shadow_expire pour déterminer si le compte a expiré. ad : utilise la valeur du champ 32 bits ldap_user_ad_user_account_control et autorise l'accès si le deuxième bit n'est pas défini. Si l'attribut est manquant, l'accès est autorisé. La date d'expiration du compte est aussi vérifiée. rhds, ipa, 389ds : utilise la valeur de ldap_ns_account_lock afin de vérifier si l'accès est autorisé ou non. nds : les valeurs de ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled et ldap_user_nds_login_expiration_time sont utilisées pour vérifier si l'accès est autorisé. Si les deux attributs sont manquants, l'accès est autorisé. Noter que l'option de configuration ldap_access_order doit inclure expire de façon à permettre à l'option ldap_account_expire_policy de fonctionner. Par défaut : vide ldap_access_order (chaîne) Liste séparées par des virgules des options de contrôles d'accès. Les valeurs autorisées sont : filter : utiliser ldap_access_filter expire: utiliser ldap_account_expire_policy authorized_service : utiliser l'attribut authorizedService pour déterminer l'accès host : utilise l'attribut host pour déterminer l'accès Par défaut : filter Veuillez noter qu'une valeur utilisée plusieurs fois résulte en une erreur de configuration. ldap_deref (chaînes) Définit comment le déréférencement de l'alias est effectué lors d'une recherche. Les options suivantes sont autorisées : never : les alias ne sont jamais déréférencés. searching : Les alias sont déréférencés comme des subordonnés de l'objet de base, mais pas en localisant l'objet de base de la recherche. finding : les alias sont seulement déréférencés lors de la localisation de l'objet de base de la recherche. always : les alias sont déréférencés à la fois pour la recherche et et la localisation de l'objet de base de la recherche. Par défaut : vide (ceci est traité comme never par les bibliothèques clientes LDAP) ldap_rfc2307_fallback_to_local_users (booléen) Permet de conserver les utilisateurs locaux en tant que membres d'un groupe LDAP pour les serveurs qui utilisent le schéma RFC2307. Dans certains environnements où le schéma RFC2307 est utilisé, les utilisateurs locaux deviennent membres du groupes LDAP en ajoutant leurs noms à l'attribut memberUid. La cohérence du domaine est compromise quand cela est fait, SSSD supprimerait normalement les utilisateurs « disparus » des appartenances aux groupes mises en cache dès que nsswitch essaie de récupérer des informations sur l'utilisateur via des appels à getpw*() ou initgoups(). Cette option vérifie en dernier recours si les utilisateurs locaux sont référencés et les met en cache afin que des appels ultérieurs à initgoups() ajoutent les utilisateurs locaux aux groupes LDAP. Par défaut : false OPTIONS DE SUDO ldap_sudorule_object_class (string) La classe d'objet d'une entrée de règle de sudo dans LDAP. Par défaut : sudoRole ldap_sudorule_name (string) L'attribut LDAP qui correspond au nom de la règle de sudo. Par défaut : cn ldap_sudorule_command (string) L'attribut LDAP qui correspond au nom de la commande. Par défaut : sudoCommand ldap_sudorule_host (string) L'attribut LDAP qui correspond au nom d'hôte (ou adresse IP de l'hôte, réseau IP de l'hôte ou netgroup de l'hôte) Par défaut : sudoHost ldap_sudorule_user (string) L'attribut LDAP qui correspond au nom d'utilisateur (ou UID, le nom du groupe ou netgroup de l'utilisateur) Par défaut : sudoUser ldap_sudorule_option (string) L'attribut LDAP qui correspond aux options sudo. Par défaut : sudoOption ldap_sudorule_runasuser (string) L'attribut LDAP qui correspond aux commandes peuvent être exécutées sous le nom d'utilisateur. Par défaut : sudoRunAsUser ldap_sudorule_runasgroup (string) L'attribut LDAP qui correspond au nom du groupe ou GID du groupe sous lequel les commandes seront être exécutées. Par défaut : sudoRunAsGroup ldap_sudorule_notbefore (string) L'attribut LDAP qui correspond à la date/heure de début pour laquelle la règle sudo est valide. Par défaut : sudoNotBefore ldap_sudorule_notafter (string) L'attribut LDAP qui correspond à la date/heure d'expiration, après quoi la règle sudo ne sera plus valide. Par défaut : sudoNotAfter ldap_sudorule_order (string) L'attribut LDAP qui correspond à l'index de tri de la règle. Par défaut : sudoOrder ldap_sudo_full_refresh_interval (integer) La durée en secondes pendant laquelle SSSD va attendre entre deux actualisations complètes des règles de sudo (qui téléchargent toutes les règles qui sont stockées sur le serveur). La valeur doit être supérieure à ldap_sudo_smart_refresh_interval Par défaut : 21600 (6 heures) ldap_sudo_smart_refresh_interval (integer) La durée en secondes pendant laquelle SSSD doit attendre avant d'exécuter une actualisation intelligente des règles sudo (qui télécharge toutes les règles qui ont un USN supérieur à l'USN le plus élevé des règles mises en cache). Si les attributs USN ne sont pas pris en charge par le serveur, l'attribut modifyTimestamp est utilisé à la place. Par défaut : 900 (15 minutes) ldap_sudo_use_host_filter (boolean) Si true, SSSD téléchargera les seules règles qui s'appliquent à cette machine (à l'aide de l'adresse de système ou de réseau IPv4 ou IPv6 et des noms de systèmes). Par défaut : true ldap_sudo_hostnames (string) Liste séparés par des espaces des noms de systèmes ou de domaines qui doivent être utilisés pour filtrer les règles. Si cette option est vide, SSSD va essayer de découvrir automatiquement le nom de système et le nom de domaine pleinement qualifié. Si ldap_sudo_use_host_filter est false, alors cette option n'a aucun effet. Par défaut : non spécifié ldap_sudo_ip (string) Liste séparés par des espaces d'adresses de système ou de réseaux IPv4 ou IPv6 qui doivent être utilisés pour filtrer les règles. Si cette option est vide, SSSD va essayer de découvrir les adresses automatiquement. Si ldap_sudo_use_host_filter est false, alors cette option n'a aucun effet. Par défaut : non spécifié ldap_sudo_include_netgroups (boolean) Si elle est vraie alors SSSD téléchargera toutes les règles qui contient un netgroup dans l'attribut sudoHost. Si ldap_sudo_use_host_filter est false, alors cette option n'a aucun effet. Par défaut : true ldap_sudo_include_regexp (boolean) Si positionnée à true, SSSD téléchargera toutes les règles qui contiennent un joker dans l'attribut sudoHost. Si ldap_sudo_use_host_filter est false, alors cette option n'a aucun effet. Par défaut : true Cette page de manuel décrit uniquement le mappage de noms d'attribut. Pour une explication détaillée des sémantiques d'attributs relatives à sudo, cf. sudoers.ldap 5 OPTIONS AUTOFS Veuillez noter que les valeurs par défaut correspondent au schéma par défaut qui est RFC2307. ldap_autofs_map_object_class (string) La classe d'objet d'une entrée de table de montage automatique dans LDAP. Par défaut : automountMap ldap_autofs_map_name (string) Le nom d'une entrée de table de montage automatique dans LDAP. Par défaut : ou ldap_autofs_entry_object_class (string) La classe d'objet d'une entrée de table de montage automatique dans LDAP. Par défaut : automountMap ldap_autofs_entry_key (string) La clé d'une entrée de montage automatique dans LDAP. L'entrée correspond généralement à un point de montage. Par défaut : cn ldap_autofs_entry_value (string) La clé d'une entrée de montage automatique dans LDAP. L'entrée correspond généralement à un point de montage. Par défaut : automountInformation OPTIONS AVANCÉES Ces options sont prises en charge par les domaines LDAP, mais ils doivent être utilisés avec précaution. Veuillez les inclure dans votre configuration seulement si vous savez ce que vous faites. ldap_netgroup_search_base (chaînes) ldap_user_search_base (chaînes) ldap_group_search_base (chaînes) ldap_user_search_filter (chaînes) Cette option définit un filtre de recherche LDAP supplémentaire qui restreint les recherches utilisateur. Cette option est déconseillée en faveur de la syntaxe utilisée par ldap_user_search_base. Par défaut : non défini Exemple: ldap_user_search_filter = (loginShell=/bin/tcsh) Ce filtre restreindrait les recherches aux seuls utilisateurs qui ont leur interpréteur de commande défini en /bin/tcsh. ldap_group_search_filter (chaînes) Cette option définit un filtre de recherche LDAP supplémentaire qui restreint les recherches de groupe. Cette option est déconseillée en faveur de la syntaxe utilisée par ldap_group_search_base. Par défaut : non défini ldap_sudo_search_base (string) ldap_autofs_search_base (string) EXEMPLE L'exemple suivant suppose que SSSD est correctement configuré et que LDAP pointe sur un des domaines de la section [domains]. [domain/LDAP] id_provider = ldap auth_provider = ldap ldap_uri = ldap://ldap.mydomain.org ldap_search_base = dc=mydomain,dc=org ldap_tls_reqcert = demand cache_credentials = true NOTES Les descriptions de quelques unes des options de configuration des pages de manuel sont basées sur le manuel de ldap.conf 5 de la distribution de OpenLDAP 2.4. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sssd_krb5_locator_plugin.8.xml0000644000000000000000000000013212320753573023416 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/sssd_krb5_locator_plugin.8.xml0000664002412700241270000000500312320753573023643 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sssd_krb5_locator_plugin 8 sssd_krb5_locator_plugin Le fichier de configuration pour SSSD DESCRIPTION The Kerberos locator plugin sssd_krb5_locator_plugin is used by the Kerberos provider of sssd 8 to tell the Kerberos libraries what Realm and which KDC to use. Typically this is done in krb5.conf 5 which is always read by the Kerberos libraries. To simplify the configuration the Realm and the KDC can be defined in sssd.conf 5 as described in sssd-krb5 5 SSSD 8 met le nom de domaine et le nom ou adresse IP du KDC dans les variables d'environnement SSSD_KRB5_REALM et SSSD_KRB5_KDC respectivement. Lorsque sssd_krb5_locator_plugin est appelé par les bibliothèques de kerberos, il lit et évalue ces variables et les transmet aux bibliothèques. NOTES Toutes les versions de Kerberos ne prennent en charge l'utilisation de greffons. Si sssd_krb5_locator_plugin n'est pas présent sur votre système, il faut modifier /etc/krb5.conf pour s'adapter à la configuration de Kerberos. Si la variable d'environnement SSSD_KRB5_LOCATOR_DEBUG a une valeur quelconque, des messages de débogage seront envoyés sur la sortie standard d'erreur. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_debuglevel.8.xml0000644000000000000000000000013212320753573021424 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/sss_debuglevel.8.xml0000664002412700241270000000442512320753573021660 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_debuglevel 8 sss_debuglevel modifie le niveau de débogage pendant l'exécution de SSSD sss_debuglevel options NEW_DEBUG_LEVEL DESCRIPTION sss_debuglevel positionne le niveau de débogage du moniteur et des fournisseurs SSSD à NEW_DEBUG_LEVEL pendant l'exécution de SSSD. OPTIONS , Définit un fichier de configuration autre que celui par défaut (/etc/sssd/sssd.conf). Pour obtenir des informations sur la syntaxe et les options du fichier de configuration, consulter les pages de manuel de sssd.conf 5 . NEW_DEBUG_LEVEL sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_groupshow.8.xml0000644000000000000000000000013212320753573021343 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/sss_groupshow.8.xml0000664002412700241270000000414212320753573021573 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_groupshow 8 sss_groupshow affiche les propriétés d'un groupe sss_groupshow options GROUPE DESCRIPTION sss_groupshow affiche des informations sur un groupe identifié par son nom GROUPE. Les informations incluent l'ID de groupe, les membres du groupe ainsi que le groupe parent. OPTIONS , Affiche aussi les membres indirects de groupe dans une hiérarchie arborescente. Noter que cela affecte également les affichages de groupes parents - sans l'option , seul le parent direct sera affiché. sssd-1.11.5/src/man/fr/PaxHeaders.13173/sss_groupadd.8.xml0000644000000000000000000000013212320753573021113 xustar000000000000000030 mtime=1396955003.500843872 30 atime=1396955003.500843872 30 ctime=1396955003.500843872 sssd-1.11.5/src/man/fr/sss_groupadd.8.xml0000664002412700241270000000377012320753573021351 0ustar00jhrozekjhrozek00000000000000 Pages de manuel de SSSD sss_groupadd 8 sss_groupadd Créer un nouveau groupe sss_groupadd options GROUPE DESCRIPTION sss_groupadd crée un nouveau groupe. Ces groupes sont compatibles avec les groupes POSIX, avec la caractéristique supplémentaire qu'ils peuvent contenir d'autres groupes comme membres. OPTIONS , GID Positionne le GID du groupe à la valeur GID. Si non spécifié, il est choisi automatiquement. sssd-1.11.5/src/man/PaxHeaders.13173/sssd-sudo.5.xml0000644000000000000000000000007412320753107017726 xustar000000000000000030 atime=1396954939.262891434 30 ctime=1396954962.619874238 sssd-1.11.5/src/man/sssd-sudo.5.xml0000664002412700241270000001757312320753107020165 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sssd-sudo 5 File Formats and Conventions sssd-sudo Configuring sudo with the SSSD back end DESCRIPTION This manual page describes how to configure sudo 8 to work with sssd 8 and how SSSD caches sudo rules. Configuring sudo to cooperate with SSSD To enable SSSD as a source for sudo rules, add sss to the sudoers entry in nsswitch.conf 5 . For example, to configure sudo to first lookup rules in the standard sudoers 5 file (which should contain rules that apply to local users) and then in SSSD, the nsswitch.conf file should contain the following line: sudoers: files sss More information about configuring the sudoers search order from the nsswitch.conf file as well as information about the LDAP schema that is used to store sudo rules in the directory can be found in sudoers.ldap 5 . Note: in order to use netgroups or IPA hostgroups in sudo rules, you also need to correctly set nisdomainname 1 to your NIS domain name (which equals to IPA domain name when using hostgroups). Configuring SSSD to fetch sudo rules All configuration that is needed on SSSD side is to extend the list of services with "sudo" in [sssd] section of sssd.conf 5 . To speed up the LDAP lookups, you can also set search base for sudo rules using ldap_sudo_search_base option. The following example shows how to configure SSSD to download sudo rules from an LDAP server. [sssd] config_file_version = 2 services = nss, pam, sudo domains = EXAMPLE [domain/EXAMPLE] id_provider = ldap sudo_provider = ldap ldap_uri = ldap://example.com ldap_sudo_search_base = ou=sudoers,dc=example,dc=com When the SSSD is configured to use IPA as the ID provider, the sudo provider is automatically enabled. The sudo search base is configured to use the compat tree (ou=sudoers,$DC). The SUDO rule caching mechanism The biggest challenge, when developing sudo support in SSSD, was to ensure that running sudo with SSSD as the data source provides the same user experience and is as fast as sudo but keeps providing the most current set of rules as possible. To satisfy these requirements, SSSD uses three kinds of updates. They are referred to as full refresh, smart refresh and rules refresh. The smart refresh periodically downloads rules that are new or were modified after the last update. Its primary goal is to keep the database growing by fetching only small increments that do not generate large amounts of network traffic. The full refresh simply deletes all sudo rules stored in the cache and replaces them with all rules that are stored on the server. This is used to keep the cache consistent by removing every rule which was deleted from the server. However, full refresh may produce a lot of traffic and thus it should be run only occasionally depending on the size and stability of the sudo rules. The rules refresh ensures that we do not grant the user more permission than defined. It is triggered each time the user runs sudo. Rules refresh will find all rules that apply to this user, check their expiration time and redownload them if expired. In the case that any of these rules are missing on the server, the SSSD will do an out of band full refresh because more rules (that apply to other users) may have been deleted. If enabled, SSSD will store only rules that can be applied to this machine. This means rules that contain one of the following values in sudoHost attribute: keyword ALL wildcard netgroup (in the form "+netgroup") hostname or fully qualified domain name of this machine one of the IP addresses of this machine one of the IP addresses of the network (in the form "address/mask") There are many configuration options that can be used to adjust the behavior. Please refer to "ldap_sudo_*" in sssd-ldap 5 and "sudo_*" in sssd.conf 5 . sssd-1.11.5/src/man/PaxHeaders.13173/lv0000644000000000000000000000013212320753573015463 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.535843846 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/0000775002412700241270000000000012320753573015767 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/lv/PaxHeaders.13173/include0000644000000000000000000000013212320753573017106 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.535843846 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/0000755002412700241270000000000012320753573017410 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000013212320753573023327 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/ldap_search_bases.xml0000664002412700241270000000165112320753573023561 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000013212320753573022015 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/param_help.xml0000664002412700241270000000032312320753573022242 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/failover.xml0000644000000000000000000000013212320753573021514 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/failover.xml0000664002412700241270000000425312320753573021747 0ustar00jhrozekjhrozek00000000000000 FAILOVER The failover feature allows back ends to automatically switch to a different server if the current server fails. Failover Syntax The list of servers is given as a comma-separated list; any number of spaces is allowed around the comma. The servers are listed in order of preference. The list can contain any number of servers. For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. The Failover Mechanism The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other service. If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service. The machine is still considered online and might still be tried for another service. Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded to 30 seconds. If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds. sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000013212320753573022345 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/debug_levels.xml0000664002412700241270000000506612320753573022603 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Currently supported debug levels: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: To log fatal failures, critical failures, serious failures and function data use 0x0270. Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000013212320753573021340 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/seealso.xml0000664002412700241270000000470412320753573021574 0ustar00jhrozekjhrozek00000000000000 SKATĪT ARĪ sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000013212320753573021545 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/upstream.xml0000664002412700241270000000020212320753573021766 0ustar00jhrozekjhrozek00000000000000 SSSD The SSSD upstream - http://fedorahosted.org/sssd sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000013212320753573022525 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/param_help_py.xml0000664002412700241270000000032312320753573022752 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000013212320753573022752 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/autofs_restart.xml0000664002412700241270000000035312320753573023202 0ustar00jhrozekjhrozek00000000000000 Please note that the automounter only reads the master map on startup, so if any autofs-related changes are made to the sssd.conf, you typically also need to restart the automounter daemon after restarting the SSSD. sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000013212320753573022402 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/experimental.xml0000664002412700241270000000016712320753573022635 0ustar00jhrozekjhrozek00000000000000 This is an experimental feature, please use http://fedorahosted.org/sssd to report any issues. sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000013212320753573023014 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/ldap_id_mapping.xml0000664002412700241270000002227712320753573023255 0ustar00jhrozekjhrozek00000000000000 ID MAPPING The ID-mapping feature allows SSSD to act as a client of Active Directory without requiring administrators to extend user attributes to support POSIX attributes for user and group identifiers. NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are ignored. This is to avoid the possibility of conflicts between automatically-assigned and manually-assigned values. If you need to use manually-assigned values, ALL values must be manually-assigned. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Mapping Algorithm Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object. The SSSD ID-mapping algorithm takes a range of available UIDs and divides it into equally-sized component sections - called "slices"-. Each slice represents the space available to an Active Directory domain. When a user or group entry for a particular domain is encountered for the first time, the SSSD allocates one of the available slices for that domain. In order to make this slice-assignment repeatable on different client machines, we select the slice based on the following algorithm: The SID string is passed through the murmurhash3 algorithm to convert it to a 32-bit hashed value. We then take the modulus of this value with the total number of available slices to pick the slice. NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice). In this situation, it is recommended to either switch to using explicit POSIX attributes in Active Directory (disabling ID-mapping) or configure a default domain to guarantee that at least one is always consistent. See Configuration for details. Configuration Minimum configuration (in the [domain/DOMAINNAME] section): ldap_id_mapping = True ldap_schema = ad The default configuration results in configuring 10,000 slices, each capable of holding up to 200,000 IDs, starting from 10,001 and going up to 2,000,100,000. This should be sufficient for most deployments. Advanced Configuration ldap_idmap_range_min (integer) Specifies the lower bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from min_id in that min_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have min_id be less-than or equal to ldap_idmap_range_min Default: 200000 ldap_idmap_range_max (integer) Specifies the upper bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from max_id in that max_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have max_id be greater-than or equal to ldap_idmap_range_max Default: 2000200000 ldap_idmap_range_size (integer) Specifies the number of IDs available for each slice. If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can. Default: 200000 ldap_idmap_default_domain_sid (string) Specify the domain SID of the default domain. This will guarantee that this domain will always be assigned to slice zero in the ID map, bypassing the murmurhash algorithm described above. Default: not set ldap_idmap_default_domain (string) Specify the name of the default domain. Default: not set ldap_idmap_autorid_compat (boolean) Changes the behavior of the ID-mapping algorithm to behave more similarly to winbind's idmap_autorid algorithm. When this option is configured, domains will be allocated starting with slice zero and increasing monatomically with each additional domain. NOTE: This algorithm is non-deterministic (it depends on the order that users and groups are requested). If this mode is required for compatibility with machines running winbind, it is recommended to also use the ldap_idmap_default_domain_sid option to guarantee that at least one domain is consistently allocated to slice zero. Default: False sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000013212320753573026104 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/ldap_search_bases_experimental.xml0000664002412700241270000000203612320753573026334 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000013212320753573023434 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/service_discovery.xml0000664002412700241270000000322712320753573023667 0ustar00jhrozekjhrozek00000000000000 SERVICE DISCOVERY The service discovery feature allows back ends to automatically find the appropriate servers to connect to using a special DNS query. This feature is not supported for backup servers. Configuration If no servers are specified, the back end automatically uses service discovery to try to find a server. Optionally, the user may choose to use both fixed server addresses and service discovery by inserting a special keyword, _srv_, in the list of servers. The order of preference is maintained. This feature is useful if, for example, the user prefers to use service discovery whenever possible, and fall back to a specific server when no servers can be discovered using DNS. The domain name Please refer to the dns_discovery_domain parameter in the sssd.conf 5 manual page for more details. The protocol The queries usually specify _tcp as the protocol. Exceptions are documented in respective option description. See Also For more information on the service discovery mechanism, refer to RFC 2782. sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/local.xml0000644000000000000000000000013212320753573020777 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/local.xml0000664002412700241270000000134512320753573021231 0ustar00jhrozekjhrozek00000000000000 THE LOCAL DOMAIN In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd 8 ) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. sssd-1.11.5/src/man/lv/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000013212320753573023233 xustar000000000000000030 mtime=1396955003.509843866 30 atime=1396955003.509843866 30 ctime=1396955003.509843866 sssd-1.11.5/src/man/lv/include/override_homedir.xml0000664002412700241270000000313012320753573023457 0ustar00jhrozekjhrozek00000000000000 override_homedir (string) Override the user's home directory. You can either provide an absolute value or a template. In the template, the following sequences are substituted: %u login name %U UID number %d domain name %f fully qualified user name (user@domain) %o The original home directory retrieved from the identity provider. %% a literal '%' This option can also be set per-domain. example: override_homedir = /home/%u Default: Not set (SSSD will use the value retrieved from LDAP) sssd-1.11.5/src/man/PaxHeaders.13173/sssd-ldap.5.xml0000644000000000000000000000007412320753107017674 xustar000000000000000030 atime=1396954939.262891434 30 ctime=1396954962.606874247 sssd-1.11.5/src/man/sssd-ldap.5.xml0000664002412700241270000032263212320753107020126 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sssd-ldap 5 File Formats and Conventions sssd-ldap the configuration file for SSSD DESCRIPTION This manual page describes the configuration of LDAP domains for sssd 8 . Refer to the FILE FORMAT section of the sssd.conf 5 manual page for detailed syntax information. You can configure SSSD to use more than one LDAP domain. LDAP back end supports id, auth, access and chpass providers. If you want to authenticate against an LDAP server either TLS/SSL or LDAPS is required. sssd does not support authentication over an unencrypted channel. If the LDAP server is used only as an identity provider, an encrypted channel is not needed. Please refer to ldap_access_filter config option for more information about using LDAP as an access provider. CONFIGURATION OPTIONS All of the common configuration options that apply to SSSD domains also apply to LDAP domains. Refer to the DOMAIN SECTIONS section of the sssd.conf 5 manual page for full details. ldap_uri, ldap_backup_uri (string) Specifies the comma-separated list of URIs of the LDAP servers to which SSSD should connect in the order of preference. Refer to the FAILOVER section for more information on failover and server redundancy. If neither option is specified, service discovery is enabled. For more information, refer to the SERVICE DISCOVERY section. The format of the URI must match the format defined in RFC 2732: ldap[s]://<host>[:port] For explicit IPv6 addresses, <host> must be enclosed in brackets [] example: ldap://[fc00::126:25]:389 ldap_chpass_uri, ldap_chpass_backup_uri (string) Specifies the comma-separated list of URIs of the LDAP servers to which SSSD should connect in the order of preference to change the password of a user. Refer to the FAILOVER section for more information on failover and server redundancy. To enable service discovery ldap_chpass_dns_service_name must be set. Default: empty, i.e. ldap_uri is used. ldap_search_base (string) The default base DN to use for performing LDAP user operations. Starting with SSSD 1.7.0, SSSD supports multiple search bases using the syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt Examples: ldap_search_base = dc=example,dc=com (which is equivalent to) ldap_search_base = dc=example,dc=com?subtree? ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree? Note: It is unsupported to have multiple search bases which reference identically-named objects (for example, groups with the same name in two different search bases). This will lead to unpredictable behavior on client machines. Default: If not set, the value of the defaultNamingContext or namingContexts attribute from the RootDSE of the LDAP server is used. If defaultNamingContext does not exist or has an empty value namingContexts is used. The namingContexts attribute must have a single value with the DN of the search base of the LDAP server to make this work. Multiple values are are not supported. ldap_schema (string) Specifies the Schema Type in use on the target LDAP server. Depending on the selected schema, the default attribute names retrieved from the servers may vary. The way that some attributes are handled may also differ. Four schema types are currently supported: rfc2307 rfc2307bis IPA AD The main difference between these schema types is how group memberships are recorded in the server. With rfc2307, group members are listed by name in the memberUid attribute. With rfc2307bis and IPA, group members are listed by DN and stored in the member attribute. The AD schema type sets the attributes to correspond with Active Directory 2008r2 values. Default: rfc2307 ldap_default_bind_dn (string) The default bind DN to use for performing LDAP operations. ldap_default_authtok_type (string) The type of the authentication token of the default bind DN. The two mechanisms currently supported are: password obfuscated_password Default: password ldap_default_authtok (string) The authentication token of the default bind DN. Only clear text passwords are currently supported. ldap_user_object_class (string) The object class of a user entry in LDAP. Default: posixAccount ldap_user_name (string) The LDAP attribute that corresponds to the user's login name. Default: uid ldap_user_uid_number (string) The LDAP attribute that corresponds to the user's id. Default: uidNumber ldap_user_gid_number (string) The LDAP attribute that corresponds to the user's primary group id. Default: gidNumber ldap_user_gecos (string) The LDAP attribute that corresponds to the user's gecos field. Default: gecos ldap_user_home_directory (string) The LDAP attribute that contains the name of the user's home directory. Default: homeDirectory ldap_user_shell (string) The LDAP attribute that contains the path to the user's default shell. Default: loginShell ldap_user_uuid (string) The LDAP attribute that contains the UUID/GUID of an LDAP user object. Default: nsUniqueId ldap_user_objectsid (string) The LDAP attribute that contains the objectSID of an LDAP user object. This is usually only necessary for ActiveDirectory servers. Default: objectSid for ActiveDirectory, not set for other servers. ldap_user_modify_timestamp (string) The LDAP attribute that contains timestamp of the last modification of the parent object. Default: modifyTimestamp ldap_user_shadow_last_change (string) When using ldap_pwd_policy=shadow, this parameter contains the name of an LDAP attribute corresponding to its shadow 5 counterpart (date of the last password change). Default: shadowLastChange ldap_user_shadow_min (string) When using ldap_pwd_policy=shadow, this parameter contains the name of an LDAP attribute corresponding to its shadow 5 counterpart (minimum password age). Default: shadowMin ldap_user_shadow_max (string) When using ldap_pwd_policy=shadow, this parameter contains the name of an LDAP attribute corresponding to its shadow 5 counterpart (maximum password age). Default: shadowMax ldap_user_shadow_warning (string) When using ldap_pwd_policy=shadow, this parameter contains the name of an LDAP attribute corresponding to its shadow 5 counterpart (password warning period). Default: shadowWarning ldap_user_shadow_inactive (string) When using ldap_pwd_policy=shadow, this parameter contains the name of an LDAP attribute corresponding to its shadow 5 counterpart (password inactivity period). Default: shadowInactive ldap_user_shadow_expire (string) When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this parameter contains the name of an LDAP attribute corresponding to its shadow 5 counterpart (account expiration date). Default: shadowExpire ldap_user_krb_last_pwd_change (string) When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of an LDAP attribute storing the date and time of last password change in kerberos. Default: krbLastPwdChange ldap_user_krb_password_expiration (string) When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of an LDAP attribute storing the date and time when current password expires. Default: krbPasswordExpiration ldap_user_ad_account_expires (string) When using ldap_account_expire_policy=ad, this parameter contains the name of an LDAP attribute storing the expiration time of the account. Default: accountExpires ldap_user_ad_user_account_control (string) When using ldap_account_expire_policy=ad, this parameter contains the name of an LDAP attribute storing the user account control bit field. Default: userAccountControl ldap_ns_account_lock (string) When using ldap_account_expire_policy=rhds or equivalent, this parameter determines if access is allowed or not. Default: nsAccountLock ldap_user_nds_login_disabled (string) When using ldap_account_expire_policy=nds, this attribute determines if access is allowed or not. Default: loginDisabled ldap_user_nds_login_expiration_time (string) When using ldap_account_expire_policy=nds, this attribute determines until which date access is granted. Default: loginDisabled ldap_user_nds_login_allowed_time_map (string) When using ldap_account_expire_policy=nds, this attribute determines the hours of a day in a week when access is granted. Default: loginAllowedTimeMap ldap_user_principal (string) The LDAP attribute that contains the user's Kerberos User Principal Name (UPN). Default: krbPrincipalName ldap_user_ssh_public_key (string) The LDAP attribute that contains the user's SSH public keys. ldap_force_upper_case_realm (boolean) Some directory servers, for example Active Directory, might deliver the realm part of the UPN in lower case, which might cause the authentication to fail. Set this option to a non-zero value if you want to use an upper-case realm. Default: false ldap_enumeration_refresh_timeout (integer) Specifies how many seconds SSSD has to wait before refreshing its cache of enumerated records. Default: 300 ldap_purge_cache_timeout (integer) Determine how often to check the cache for inactive entries (such as groups with no members and users who have never logged in) and remove them to save space. Setting this option to zero will disable the cache cleanup operation. Default: 10800 (12 hours) ldap_user_fullname (string) The LDAP attribute that corresponds to the user's full name. Default: cn ldap_user_member_of (string) The LDAP attribute that lists the user's group memberships. Default: memberOf ldap_user_authorized_service (string) If access_provider=ldap and ldap_access_order=authorized_service, SSSD will use the presence of the authorizedService attribute in the user's LDAP entry to determine access privilege. An explicit deny (!svc) is resolved first. Second, SSSD searches for explicit allow (svc) and finally for allow_all (*). Please note that the ldap_access_order configuration option must include authorized_service in order for the ldap_user_authorized_service option to work. Default: authorizedService ldap_user_authorized_host (string) If access_provider=ldap and ldap_access_order=host, SSSD will use the presence of the host attribute in the user's LDAP entry to determine access privilege. An explicit deny (!host) is resolved first. Second, SSSD searches for explicit allow (host) and finally for allow_all (*). Please note that the ldap_access_order configuration option must include host in order for the ldap_user_authorized_host option to work. Default: host ldap_group_object_class (string) The object class of a group entry in LDAP. Default: posixGroup ldap_group_name (string) The LDAP attribute that corresponds to the group name. Default: cn ldap_group_gid_number (string) The LDAP attribute that corresponds to the group's id. Default: gidNumber ldap_group_member (string) The LDAP attribute that contains the names of the group's members. Default: memberuid (rfc2307) / member (rfc2307bis) ldap_group_uuid (string) The LDAP attribute that contains the UUID/GUID of an LDAP group object. Default: nsUniqueId ldap_group_objectsid (string) The LDAP attribute that contains the objectSID of an LDAP group object. This is usually only necessary for ActiveDirectory servers. Default: objectSid for ActiveDirectory, not set for other servers. ldap_group_modify_timestamp (string) The LDAP attribute that contains timestamp of the last modification of the parent object. Default: modifyTimestamp ldap_group_type (integer) The LDAP attribute that contains an integer value indicating the type of the group and maybe other flags. This attribute is currently only used by the AD provider to determine if a group is a domain local groups and has to be filtered out for trusted domains. Default: groupType in the AD provider, othewise not set ldap_group_nesting_level (integer) If ldap_schema is set to a schema format that supports nested groups (e.g. RFC2307bis), then this option controls how many levels of nesting SSSD will follow. This option has no effect on the RFC2307 schema. Default: 2 ldap_groups_use_matching_rule_in_chain This option tells SSSD to take advantage of an Active Directory-specific feature which may speed up group lookup operations on deployments with complex or deep nested groups. In most common cases, it is best to leave this option disabled. It generally only provides a performance increase on very complex nestings. If this option is enabled, SSSD will use it if it detects that the server supports it during initial connection. So "True" here essentially means "auto-detect". Note: This feature is currently known to work only with Active Directory 2008 R1 and later. See MSDN(TM) documentation for more details. Default: False ldap_initgroups_use_matching_rule_in_chain This option tells SSSD to take advantage of an Active Directory-specific feature which might speed up initgroups operations (most notably when dealing with complex or deep nested groups). If this option is enabled, SSSD will use it if it detects that the server supports it during initial connection. So "True" here essentially means "auto-detect". Note: This feature is currently known to work only with Active Directory 2008 R1 and later. See MSDN(TM) documentation for more details. Default: False ldap_netgroup_object_class (string) The object class of a netgroup entry in LDAP. In IPA provider, ipa_netgroup_object_class should be used instead. Default: nisNetgroup ldap_netgroup_name (string) The LDAP attribute that corresponds to the netgroup name. In IPA provider, ipa_netgroup_name should be used instead. Default: cn ldap_netgroup_member (string) The LDAP attribute that contains the names of the netgroup's members. In IPA provider, ipa_netgroup_member should be used instead. Default: memberNisNetgroup ldap_netgroup_triple (string) The LDAP attribute that contains the (host, user, domain) netgroup triples. This option is not available in IPA provider. Default: nisNetgroupTriple ldap_netgroup_uuid (string) The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object. In IPA provider, ipa_netgroup_uuid should be used instead. Default: nsUniqueId ldap_netgroup_modify_timestamp (string) The LDAP attribute that contains timestamp of the last modification of the parent object. This option is not available in IPA provider. Default: modifyTimestamp ldap_service_object_class (string) The object class of a service entry in LDAP. Default: ipService ldap_service_name (string) The LDAP attribute that contains the name of service attributes and their aliases. Default: cn ldap_service_port (string) The LDAP attribute that contains the port managed by this service. Default: ipServicePort ldap_service_proto (string) The LDAP attribute that contains the protocols understood by this service. Default: ipServiceProtocol ldap_service_search_base (string) ldap_search_timeout (integer) Specifies the timeout (in seconds) that ldap searches are allowed to run before they are cancelled and cached results are returned (and offline mode is entered) Note: this option is subject to change in future versions of the SSSD. It will likely be replaced at some point by a series of timeouts for specific lookup types. Default: 6 ldap_enumeration_search_timeout (integer) Specifies the timeout (in seconds) that ldap searches for user and group enumerations are allowed to run before they are cancelled and cached results are returned (and offline mode is entered) Default: 60 ldap_network_timeout (integer) Specifies the timeout (in seconds) after which the poll 2 / select 2 following a connect 2 returns in case of no activity. Default: 6 ldap_opt_timeout (integer) Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs will abort if no response is received. Also controls the timeout when communicating with the KDC in case of SASL bind. Default: 6 ldap_connection_expire_timeout (integer) Specifies a timeout (in seconds) that a connection to an LDAP server will be maintained. After this time, the connection will be re-established. If used in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. the TGT lifetime) will be used. Default: 900 (15 minutes) ldap_page_size (integer) Specify the number of records to retrieve from LDAP in a single request. Some LDAP servers enforce a maximum limit per-request. Default: 1000 ldap_disable_paging (boolean) Disable the LDAP paging control. This option should be used if the LDAP server reports that it supports the LDAP paging control in its RootDSE but it is not enabled or does not behave properly. Example: OpenLDAP servers with the paging control module installed on the server but not enabled will report it in the RootDSE but be unable to use it. Example: 389 DS has a bug where it can only support a one paging control at a time on a single connection. On busy clients, this can result in some requests being denied. Default: False ldap_disable_range_retrieval (boolean) Disable Active Directory range retrieval. Active Directory limits the number of members to be retrieved in a single lookup using the MaxValRange policy (which defaults to 1500 members). If a group contains more members, the reply would include an AD-specific range extension. This option disables parsing of the range extension, therefore large groups will appear as having no members. Default: False ldap_sasl_minssf (integer) When communicating with an LDAP server using SASL, specify the minimum security level necessary to establish the connection. The values of this option are defined by OpenLDAP. Default: Use the system default (usually specified by ldap.conf) ldap_deref_threshold (integer) Specify the number of group members that must be missing from the internal cache in order to trigger a dereference lookup. If less members are missing, they are looked up individually. You can turn off dereference lookups completely by setting the value to 0. A dereference lookup is a means of fetching all group members in a single LDAP call. Different LDAP servers may implement different dereference methods. The currently supported servers are 389/RHDS, OpenLDAP and Active Directory. Note: If any of the search bases specifies a search filter, then the dereference lookup performance enhancement will be disabled regardless of this setting. Default: 10 ldap_tls_reqcert (string) Specifies what checks to perform on server certificates in a TLS session, if any. It can be specified as one of the following values: never = The client will not request or check any server certificate. allow = The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, it will be ignored and the session proceeds normally. try = The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, the session is immediately terminated. demand = The server certificate is requested. If no certificate is provided, or a bad certificate is provided, the session is immediately terminated. hard = Same as demand Default: hard ldap_tls_cacert (string) Specifies the file that contains certificates for all of the Certificate Authorities that sssd will recognize. Default: use OpenLDAP defaults, typically in /etc/openldap/ldap.conf ldap_tls_cacertdir (string) Specifies the path of a directory that contains Certificate Authority certificates in separate individual files. Typically the file names need to be the hash of the certificate followed by '.0'. If available, cacertdir_rehash can be used to create the correct names. Default: use OpenLDAP defaults, typically in /etc/openldap/ldap.conf ldap_tls_cert (string) Specifies the file that contains the certificate for the client's key. Default: not set ldap_tls_key (string) Specifies the file that contains the client's key. Default: not set ldap_tls_cipher_suite (string) Specifies acceptable cipher suites. Typically this is a colon sperated list. See ldap.conf 5 for format. Default: use OpenLDAP defaults, typically in /etc/openldap/ldap.conf ldap_id_use_start_tls (boolean) Specifies that the id_provider connection must also use tls to protect the channel. Default: false ldap_id_mapping (boolean) Specifies that SSSD should attempt to map user and group IDs from the ldap_user_objectsid and ldap_group_objectsid attributes instead of relying on ldap_user_uid_number and ldap_group_gid_number. Currently this feature supports only ActiveDirectory objectSID mapping. Default: false ldap_min_id, ldap_max_id (interger) In contrast to the SID based ID mapping which is used if ldap_id_mapping is set to true the allowed ID range for ldap_user_uid_number and ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id can be set to restrict the allowed range for the IDs which are read directly from the server. Sub-domains can then pick other ranges to map IDs. Default: not set (both options are set to 0) ldap_sasl_mech (string) Specify the SASL mechanism to use. Currently only GSSAPI is tested and supported. Default: not set ldap_sasl_authid (string) Specify the SASL authorization id to use. When GSSAPI is used, this represents the Kerberos principal used for authentication to the directory. This option can either contain the full principal (for example host/myhost@EXAMPLE.COM) or just the principal name (for example host/myhost). Default: host/hostname@REALM ldap_sasl_realm (string) Specify the SASL realm to use. When not specified, this option defaults to the value of krb5_realm. If the ldap_sasl_authid contains the realm as well, this option is ignored. Default: the value of krb5_realm. ldap_sasl_canonicalize (boolean) If set to true, the LDAP library would perform a reverse lookup to canonicalize the host name during a SASL bind. Default: false; ldap_krb5_keytab (string) Specify the keytab to use when using SASL/GSSAPI. Default: System keytab, normally /etc/krb5.keytab ldap_krb5_init_creds (boolean) Specifies that the id_provider should init Kerberos credentials (TGT). This action is performed only if SASL is used and the mechanism selected is GSSAPI. Default: true ldap_krb5_ticket_lifetime (integer) Specifies the lifetime in seconds of the TGT if GSSAPI is used. Default: 86400 (24 hours) krb5_server, krb5_backup_server (string) Specifies the comma-separated list of IP addresses or hostnames of the Kerberos servers to which SSSD should connect in the order of preference. For more information on failover and server redundancy, see the FAILOVER section. An optional port number (preceded by a colon) may be appended to the addresses or hostnames. If empty, service discovery is enabled - for more information, refer to the SERVICE DISCOVERY section. When using service discovery for KDC or kpasswd servers, SSSD first searches for DNS entries that specify _udp as the protocol and falls back to _tcp if none are found. This option was named krb5_kdcip in earlier releases of SSSD. While the legacy name is recognized for the time being, users are advised to migrate their config files to use krb5_server instead. krb5_realm (string) Specify the Kerberos REALM (for SASL/GSSAPI auth). Default: System defaults, see /etc/krb5.conf krb5_canonicalize (boolean) Specifies if the host principal should be canonicalized when connecting to LDAP server. This feature is available with MIT Kerberos >= 1.7 Default: false krb5_use_kdcinfo (boolean) Specifies if the SSSD should instruct the Kerberos libraries what realm and which KDCs to use. This option is on by default, if you disable it, you need to configure the Kerberos library using the krb5.conf 5 configuration file. See the sssd_krb5_locator_plugin 8 manual page for more information on the locator plugin. Default: true ldap_pwd_policy (string) Select the policy to evaluate the password expiration on the client side. The following values are allowed: none - No evaluation on the client side. This option cannot disable server-side password policies. shadow - Use shadow 5 style attributes to evaluate if the password has expired. mit_kerberos - Use the attributes used by MIT Kerberos to determine if the password has expired. Use chpass_provider=krb5 to update these attributes when the password is changed. Default: none Note: if a password policy is configured on server side, it always takes precedence over policy set with this option. ldap_referrals (boolean) Specifies whether automatic referral chasing should be enabled. Please note that sssd only supports referral chasing when it is compiled with OpenLDAP version 2.4.13 or higher. Chasing referrals may incur a performance penalty in environments that use them heavily, a notable example is Microsoft Active Directory. If your setup does not in fact require the use of referrals, setting this option to false might bring a noticeable performance improvement. Default: true ldap_dns_service_name (string) Specifies the service name to use when service discovery is enabled. Default: ldap ldap_chpass_dns_service_name (string) Specifies the service name to use to find an LDAP server which allows password changes when service discovery is enabled. Default: not set, i.e. service discovery is disabled ldap_chpass_update_last_change (bool) Specifies whether to update the ldap_user_shadow_last_change attribute with days since the Epoch after a password change operation. Default: False ldap_access_filter (string) If using access_provider = ldap and ldap_access_order = filter (default), this option is mandatory. It specifies an LDAP search filter criteria that must be met for the user to be granted access on this host. If access_provider = ldap, ldap_access_order = filter and this option is not set, it will result in all users being denied access. Use access_provider = permit to change this default behavior. Please note that this filter is applied on the LDAP user entry only. Example: access_provider = ldap ldap_access_filter = (employeeType=admin) This example means that access to this host is restricted to users whose employeeType attribute is set to "admin". Offline caching for this feature is limited to determining whether the user's last online login was granted access permission. If they were granted access during their last login, they will continue to be granted access while offline and vice-versa. Default: Empty ldap_account_expire_policy (string) With this option a client side evaluation of access control attributes can be enabled. Please note that it is always recommended to use server side access control, i.e. the LDAP server should deny the bind request with a suitable error code even if the password is correct. The following values are allowed: shadow: use the value of ldap_user_shadow_expire to determine if the account is expired. ad: use the value of the 32bit field ldap_user_ad_user_account_control and allow access if the second bit is not set. If the attribute is missing access is granted. Also the expiration time of the account is checked. rhds, ipa, 389ds: use the value of ldap_ns_account_lock to check if access is allowed or not. nds: the values of ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and ldap_user_nds_login_expiration_time are used to check if access is allowed. If both attributes are missing access is granted. Please note that the ldap_access_order configuration option must include expire in order for the ldap_account_expire_policy option to work. Default: Empty ldap_access_order (string) Comma separated list of access control options. Allowed values are: filter: use ldap_access_filter expire: use ldap_account_expire_policy authorized_service: use the authorizedService attribute to determine access host: use the host attribute to determine access Default: filter Please note that it is a configuration error if a value is used more than once. ldap_deref (string) Specifies how alias dereferencing is done when performing a search. The following options are allowed: never: Aliases are never dereferenced. searching: Aliases are dereferenced in subordinates of the base object, but not in locating the base object of the search. finding: Aliases are only dereferenced when locating the base object of the search. always: Aliases are dereferenced both in searching and in locating the base object of the search. Default: Empty (this is handled as never by the LDAP client libraries) ldap_rfc2307_fallback_to_local_users (boolean) Allows to retain local users as members of an LDAP group for servers that use the RFC2307 schema. In some environments where the RFC2307 schema is used, local users are made members of LDAP groups by adding their names to the memberUid attribute. The self-consistency of the domain is compromised when this is done, so SSSD would normally remove the "missing" users from the cached group memberships as soon as nsswitch tries to fetch information about the user via getpw*() or initgroups() calls. This option falls back to checking if local users are referenced, and caches them so that later initgroups() calls will augment the local users with the additional LDAP groups. Default: false SUDO OPTIONS ldap_sudorule_object_class (string) The object class of a sudo rule entry in LDAP. Default: sudoRole ldap_sudorule_name (string) The LDAP attribute that corresponds to the sudo rule name. Default: cn ldap_sudorule_command (string) The LDAP attribute that corresponds to the command name. Default: sudoCommand ldap_sudorule_host (string) The LDAP attribute that corresponds to the host name (or host IP address, host IP network, or host netgroup) Default: sudoHost ldap_sudorule_user (string) The LDAP attribute that corresponds to the user name (or UID, group name or user's netgroup) Default: sudoUser ldap_sudorule_option (string) The LDAP attribute that corresponds to the sudo options. Default: sudoOption ldap_sudorule_runasuser (string) The LDAP attribute that corresponds to the user name that commands may be run as. Default: sudoRunAsUser ldap_sudorule_runasgroup (string) The LDAP attribute that corresponds to the group name or group GID that commands may be run as. Default: sudoRunAsGroup ldap_sudorule_notbefore (string) The LDAP attribute that corresponds to the start date/time for when the sudo rule is valid. Default: sudoNotBefore ldap_sudorule_notafter (string) The LDAP attribute that corresponds to the expiration date/time, after which the sudo rule will no longer be valid. Default: sudoNotAfter ldap_sudorule_order (string) The LDAP attribute that corresponds to the ordering index of the rule. Default: sudoOrder ldap_sudo_full_refresh_interval (integer) How many seconds SSSD will wait between executing a full refresh of sudo rules (which downloads all rules that are stored on the server). The value must be greater than ldap_sudo_smart_refresh_interval Default: 21600 (6 hours) ldap_sudo_smart_refresh_interval (integer) How many seconds SSSD has to wait before executing a smart refresh of sudo rules (which downloads all rules that have USN higher than the highest USN of cached rules). If USN attributes are not supported by the server, the modifyTimestamp attribute is used instead. Default: 900 (15 minutes) ldap_sudo_use_host_filter (boolean) If true, SSSD will download only rules that are applicable to this machine (using the IPv4 or IPv6 host/network addresses and hostnames). Default: true ldap_sudo_hostnames (string) Space separated list of hostnames or fully qualified domain names that should be used to filter the rules. If this option is empty, SSSD will try to discover the hostname and the fully qualified domain name automatically. If ldap_sudo_use_host_filter is false then this option has no effect. Default: not specified ldap_sudo_ip (string) Space separated list of IPv4 or IPv6 host/network addresses that should be used to filter the rules. If this option is empty, SSSD will try to discover the addresses automatically. If ldap_sudo_use_host_filter is false then this option has no effect. Default: not specified ldap_sudo_include_netgroups (boolean) If true then SSSD will download every rule that contains a netgroup in sudoHost attribute. If ldap_sudo_use_host_filter is false then this option has no effect. Default: true ldap_sudo_include_regexp (boolean) If true then SSSD will download every rule that contains a wildcard in sudoHost attribute. If ldap_sudo_use_host_filter is false then this option has no effect. Default: true This manual page only describes attribute name mapping. For detailed explanation of sudo related attribute semantics, see sudoers.ldap5 AUTOFS OPTIONS Please note that the default values correspond to the default schema which is RFC2307. ldap_autofs_map_object_class (string) The object class of an automount map entry in LDAP. Default: automountMap ldap_autofs_map_name (string) The name of an automount map entry in LDAP. Default: ou ldap_autofs_entry_object_class (string) The object class of an automount map entry in LDAP. Default: automountMap ldap_autofs_entry_key (string) The key of an automount entry in LDAP. The entry usually corresponds to a mount point. Default: cn ldap_autofs_entry_value (string) The key of an automount entry in LDAP. The entry usually corresponds to a mount point. Default: automountInformation ADVANCED OPTIONS These options are supported by LDAP domains, but they should be used with caution. Please include them in your configuration only if you know what you are doing. ldap_netgroup_search_base (string) ldap_user_search_base (string) ldap_group_search_base (string) ldap_user_search_filter (string) This option specifies an additional LDAP search filter criteria that restrict user searches. This option is deprecated in favor of the syntax used by ldap_user_search_base. Default: not set Example: ldap_user_search_filter = (loginShell=/bin/tcsh) This filter would restrict user searches to users that have their shell set to /bin/tcsh. ldap_group_search_filter (string) This option specifies an additional LDAP search filter criteria that restrict group searches. This option is deprecated in favor of the syntax used by ldap_group_search_base. Default: not set ldap_sudo_search_base (string) ldap_autofs_search_base (string) EXAMPLE The following example assumes that SSSD is correctly configured and LDAP is set to one of the domains in the [domains] section. [domain/LDAP] id_provider = ldap auth_provider = ldap ldap_uri = ldap://ldap.mydomain.org ldap_search_base = dc=mydomain,dc=org ldap_tls_reqcert = demand cache_credentials = true NOTES The descriptions of some of the configuration options in this manual page are based on the ldap.conf 5 manual page from the OpenLDAP 2.4 distribution. sssd-1.11.5/src/man/PaxHeaders.13173/br0000644000000000000000000000013212320753573015445 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.535843846 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/0000775002412700241270000000000012320753573015751 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/br/PaxHeaders.13173/include0000644000000000000000000000013212320753573017070 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.535843846 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/0000755002412700241270000000000012320753573017372 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/br/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000013212320753573023311 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/ldap_search_bases.xml0000664002412700241270000000165112320753573023543 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/br/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000013212320753573021777 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/param_help.xml0000664002412700241270000000032312320753573022224 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/br/include/PaxHeaders.13173/failover.xml0000644000000000000000000000013212320753573021476 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/failover.xml0000664002412700241270000000425312320753573021731 0ustar00jhrozekjhrozek00000000000000 FAILOVER The failover feature allows back ends to automatically switch to a different server if the current server fails. Failover Syntax The list of servers is given as a comma-separated list; any number of spaces is allowed around the comma. The servers are listed in order of preference. The list can contain any number of servers. For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. The Failover Mechanism The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other service. If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service. The machine is still considered online and might still be tried for another service. Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded to 30 seconds. If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds. sssd-1.11.5/src/man/br/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000013212320753573022327 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/debug_levels.xml0000664002412700241270000000506612320753573022565 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Currently supported debug levels: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: To log fatal failures, critical failures, serious failures and function data use 0x0270. Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/br/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000013212320753573021322 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/seealso.xml0000664002412700241270000000470312320753573021555 0ustar00jhrozekjhrozek00000000000000 GWELET IVEZ sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/br/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000013212320753573021527 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/upstream.xml0000664002412700241270000000020212320753573021750 0ustar00jhrozekjhrozek00000000000000 SSSD The SSSD upstream - http://fedorahosted.org/sssd sssd-1.11.5/src/man/br/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000013212320753573022507 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/param_help_py.xml0000664002412700241270000000032312320753573022734 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/br/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000013212320753573022734 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/autofs_restart.xml0000664002412700241270000000035312320753573023164 0ustar00jhrozekjhrozek00000000000000 Please note that the automounter only reads the master map on startup, so if any autofs-related changes are made to the sssd.conf, you typically also need to restart the automounter daemon after restarting the SSSD. sssd-1.11.5/src/man/br/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000013212320753573022364 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/experimental.xml0000664002412700241270000000016712320753573022617 0ustar00jhrozekjhrozek00000000000000 This is an experimental feature, please use http://fedorahosted.org/sssd to report any issues. sssd-1.11.5/src/man/br/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000013212320753573022776 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/ldap_id_mapping.xml0000664002412700241270000002227712320753573023237 0ustar00jhrozekjhrozek00000000000000 ID MAPPING The ID-mapping feature allows SSSD to act as a client of Active Directory without requiring administrators to extend user attributes to support POSIX attributes for user and group identifiers. NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are ignored. This is to avoid the possibility of conflicts between automatically-assigned and manually-assigned values. If you need to use manually-assigned values, ALL values must be manually-assigned. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Mapping Algorithm Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object. The SSSD ID-mapping algorithm takes a range of available UIDs and divides it into equally-sized component sections - called "slices"-. Each slice represents the space available to an Active Directory domain. When a user or group entry for a particular domain is encountered for the first time, the SSSD allocates one of the available slices for that domain. In order to make this slice-assignment repeatable on different client machines, we select the slice based on the following algorithm: The SID string is passed through the murmurhash3 algorithm to convert it to a 32-bit hashed value. We then take the modulus of this value with the total number of available slices to pick the slice. NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice). In this situation, it is recommended to either switch to using explicit POSIX attributes in Active Directory (disabling ID-mapping) or configure a default domain to guarantee that at least one is always consistent. See Configuration for details. Configuration Minimum configuration (in the [domain/DOMAINNAME] section): ldap_id_mapping = True ldap_schema = ad The default configuration results in configuring 10,000 slices, each capable of holding up to 200,000 IDs, starting from 10,001 and going up to 2,000,100,000. This should be sufficient for most deployments. Advanced Configuration ldap_idmap_range_min (integer) Specifies the lower bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from min_id in that min_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have min_id be less-than or equal to ldap_idmap_range_min Default: 200000 ldap_idmap_range_max (integer) Specifies the upper bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from max_id in that max_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have max_id be greater-than or equal to ldap_idmap_range_max Default: 2000200000 ldap_idmap_range_size (integer) Specifies the number of IDs available for each slice. If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can. Default: 200000 ldap_idmap_default_domain_sid (string) Specify the domain SID of the default domain. This will guarantee that this domain will always be assigned to slice zero in the ID map, bypassing the murmurhash algorithm described above. Default: not set ldap_idmap_default_domain (string) Specify the name of the default domain. Default: not set ldap_idmap_autorid_compat (boolean) Changes the behavior of the ID-mapping algorithm to behave more similarly to winbind's idmap_autorid algorithm. When this option is configured, domains will be allocated starting with slice zero and increasing monatomically with each additional domain. NOTE: This algorithm is non-deterministic (it depends on the order that users and groups are requested). If this mode is required for compatibility with machines running winbind, it is recommended to also use the ldap_idmap_default_domain_sid option to guarantee that at least one domain is consistently allocated to slice zero. Default: False sssd-1.11.5/src/man/br/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000013212320753573026066 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/ldap_search_bases_experimental.xml0000664002412700241270000000203612320753573026316 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/br/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000013212320753573023416 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/service_discovery.xml0000664002412700241270000000322712320753573023651 0ustar00jhrozekjhrozek00000000000000 SERVICE DISCOVERY The service discovery feature allows back ends to automatically find the appropriate servers to connect to using a special DNS query. This feature is not supported for backup servers. Configuration If no servers are specified, the back end automatically uses service discovery to try to find a server. Optionally, the user may choose to use both fixed server addresses and service discovery by inserting a special keyword, _srv_, in the list of servers. The order of preference is maintained. This feature is useful if, for example, the user prefers to use service discovery whenever possible, and fall back to a specific server when no servers can be discovered using DNS. The domain name Please refer to the dns_discovery_domain parameter in the sssd.conf 5 manual page for more details. The protocol The queries usually specify _tcp as the protocol. Exceptions are documented in respective option description. See Also For more information on the service discovery mechanism, refer to RFC 2782. sssd-1.11.5/src/man/br/include/PaxHeaders.13173/local.xml0000644000000000000000000000013212320753573020761 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/local.xml0000664002412700241270000000134512320753573021213 0ustar00jhrozekjhrozek00000000000000 THE LOCAL DOMAIN In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd 8 ) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. sssd-1.11.5/src/man/br/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000013212320753573023215 xustar000000000000000030 mtime=1396955003.482843886 30 atime=1396955003.482843886 30 ctime=1396955003.482843886 sssd-1.11.5/src/man/br/include/override_homedir.xml0000664002412700241270000000313012320753573023441 0ustar00jhrozekjhrozek00000000000000 override_homedir (string) Override the user's home directory. You can either provide an absolute value or a template. In the template, the following sequences are substituted: %u login name %U UID number %d domain name %f fully qualified user name (user@domain) %o The original home directory retrieved from the identity provider. %% a literal '%' This option can also be set per-domain. example: override_homedir = /home/%u Default: Not set (SSSD will use the value retrieved from LDAP) sssd-1.11.5/src/man/PaxHeaders.13173/tg0000644000000000000000000000013212320753573015454 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.535843846 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/0000775002412700241270000000000012320753573015760 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/tg/PaxHeaders.13173/include0000644000000000000000000000013212320753573017077 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.535843846 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/0000755002412700241270000000000012320753573017401 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000013212320753573023320 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/ldap_search_bases.xml0000664002412700241270000000165112320753573023552 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000013212320753573022006 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/param_help.xml0000664002412700241270000000032312320753573022233 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/failover.xml0000644000000000000000000000013212320753573021505 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/failover.xml0000664002412700241270000000425312320753573021740 0ustar00jhrozekjhrozek00000000000000 FAILOVER The failover feature allows back ends to automatically switch to a different server if the current server fails. Failover Syntax The list of servers is given as a comma-separated list; any number of spaces is allowed around the comma. The servers are listed in order of preference. The list can contain any number of servers. For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. The Failover Mechanism The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other service. If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service. The machine is still considered online and might still be tried for another service. Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded to 30 seconds. If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds. sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000013212320753573022336 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/debug_levels.xml0000664002412700241270000000506612320753573022574 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Currently supported debug levels: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: To log fatal failures, critical failures, serious failures and function data use 0x0270. Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000013212320753573021331 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/seealso.xml0000664002412700241270000000470012320753573021561 0ustar00jhrozekjhrozek00000000000000 SEE ALSO sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000013212320753573021536 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/upstream.xml0000664002412700241270000000020212320753573021757 0ustar00jhrozekjhrozek00000000000000 SSSD The SSSD upstream - http://fedorahosted.org/sssd sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000013212320753573022516 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/param_help_py.xml0000664002412700241270000000032312320753573022743 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000013212320753573022743 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/autofs_restart.xml0000664002412700241270000000035312320753573023173 0ustar00jhrozekjhrozek00000000000000 Please note that the automounter only reads the master map on startup, so if any autofs-related changes are made to the sssd.conf, you typically also need to restart the automounter daemon after restarting the SSSD. sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000013212320753573022373 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/experimental.xml0000664002412700241270000000016712320753573022626 0ustar00jhrozekjhrozek00000000000000 This is an experimental feature, please use http://fedorahosted.org/sssd to report any issues. sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000013212320753573023005 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/ldap_id_mapping.xml0000664002412700241270000002230012320753573023231 0ustar00jhrozekjhrozek00000000000000 ID MAPPING The ID-mapping feature allows SSSD to act as a client of Active Directory without requiring administrators to extend user attributes to support POSIX attributes for user and group identifiers. NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are ignored. This is to avoid the possibility of conflicts between automatically-assigned and manually-assigned values. If you need to use manually-assigned values, ALL values must be manually-assigned. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Mapping Algorithm Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object. The SSSD ID-mapping algorithm takes a range of available UIDs and divides it into equally-sized component sections - called "slices"-. Each slice represents the space available to an Active Directory domain. When a user or group entry for a particular domain is encountered for the first time, the SSSD allocates one of the available slices for that domain. In order to make this slice-assignment repeatable on different client machines, we select the slice based on the following algorithm: The SID string is passed through the murmurhash3 algorithm to convert it to a 32-bit hashed value. We then take the modulus of this value with the total number of available slices to pick the slice. NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice). In this situation, it is recommended to either switch to using explicit POSIX attributes in Active Directory (disabling ID-mapping) or configure a default domain to guarantee that at least one is always consistent. See Configuration for details. Ҷӯрсозӣ Minimum configuration (in the [domain/DOMAINNAME] section): ldap_id_mapping = True ldap_schema = ad The default configuration results in configuring 10,000 slices, each capable of holding up to 200,000 IDs, starting from 10,001 and going up to 2,000,100,000. This should be sufficient for most deployments. Advanced Configuration ldap_idmap_range_min (integer) Specifies the lower bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from min_id in that min_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have min_id be less-than or equal to ldap_idmap_range_min Default: 200000 ldap_idmap_range_max (integer) Specifies the upper bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from max_id in that max_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have max_id be greater-than or equal to ldap_idmap_range_max Default: 2000200000 ldap_idmap_range_size (integer) Specifies the number of IDs available for each slice. If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can. Default: 200000 ldap_idmap_default_domain_sid (string) Specify the domain SID of the default domain. This will guarantee that this domain will always be assigned to slice zero in the ID map, bypassing the murmurhash algorithm described above. Default: not set ldap_idmap_default_domain (string) Specify the name of the default domain. Default: not set ldap_idmap_autorid_compat (boolean) Changes the behavior of the ID-mapping algorithm to behave more similarly to winbind's idmap_autorid algorithm. When this option is configured, domains will be allocated starting with slice zero and increasing monatomically with each additional domain. NOTE: This algorithm is non-deterministic (it depends on the order that users and groups are requested). If this mode is required for compatibility with machines running winbind, it is recommended to also use the ldap_idmap_default_domain_sid option to guarantee that at least one domain is consistently allocated to slice zero. Default: False sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000013212320753573026075 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/ldap_search_bases_experimental.xml0000664002412700241270000000203612320753573026325 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000013212320753573023425 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/service_discovery.xml0000664002412700241270000000323012320753573023652 0ustar00jhrozekjhrozek00000000000000 SERVICE DISCOVERY The service discovery feature allows back ends to automatically find the appropriate servers to connect to using a special DNS query. This feature is not supported for backup servers. Ҷӯрсозӣ If no servers are specified, the back end automatically uses service discovery to try to find a server. Optionally, the user may choose to use both fixed server addresses and service discovery by inserting a special keyword, _srv_, in the list of servers. The order of preference is maintained. This feature is useful if, for example, the user prefers to use service discovery whenever possible, and fall back to a specific server when no servers can be discovered using DNS. The domain name Please refer to the dns_discovery_domain parameter in the sssd.conf 5 manual page for more details. The protocol The queries usually specify _tcp as the protocol. Exceptions are documented in respective option description. See Also For more information on the service discovery mechanism, refer to RFC 2782. sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/local.xml0000644000000000000000000000013212320753573020770 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/local.xml0000664002412700241270000000134512320753573021222 0ustar00jhrozekjhrozek00000000000000 THE LOCAL DOMAIN In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd 8 ) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. sssd-1.11.5/src/man/tg/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000013212320753573023224 xustar000000000000000030 mtime=1396955003.522843856 30 atime=1396955003.522843856 30 ctime=1396955003.522843856 sssd-1.11.5/src/man/tg/include/override_homedir.xml0000664002412700241270000000314712320753573023460 0ustar00jhrozekjhrozek00000000000000 override_homedir (string) Override the user's home directory. You can either provide an absolute value or a template. In the template, the following sequences are substituted: %u Номи логин %U Рақами UID %d domain name %f fully qualified user name (user@domain) %o The original home directory retrieved from the identity provider. %% a literal '%' This option can also be set per-domain. example: override_homedir = /home/%u Default: Not set (SSSD will use the value retrieved from LDAP) sssd-1.11.5/src/man/PaxHeaders.13173/sssd_krb5_locator_plugin.8.xml0000644000000000000000000000007412320753107023005 xustar000000000000000030 atime=1396954939.262891434 30 ctime=1396954962.608874246 sssd-1.11.5/src/man/sssd_krb5_locator_plugin.8.xml0000664002412700241270000000553612320753107023240 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sssd_krb5_locator_plugin 8 sssd_krb5_locator_plugin the configuration file for SSSD DESCRIPTION The Kerberos locator plugin sssd_krb5_locator_plugin is used by the Kerberos provider of sssd 8 to tell the Kerberos libraries what Realm and which KDC to use. Typically this is done in krb5.conf 5 which is always read by the Kerberos libraries. To simplify the configuration the Realm and the KDC can be defined in sssd.conf 5 as described in sssd-krb5 5 sssd 8 puts the Realm and the name or IP address of the KDC into the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. When sssd_krb5_locator_plugin is called by the kerberos libraries it reads and evaluates these variables and returns them to the libraries. NOTES Not all Kerberos implementations support the use of plugins. If sssd_krb5_locator_plugin is not available on your system you have to edit /etc/krb5.conf to reflect your Kerberos setup. If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value debug messages will be sent to stderr. sssd-1.11.5/src/man/PaxHeaders.13173/sss_debuglevel.8.xml0000644000000000000000000000007412320753107021013 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.611874244 sssd-1.11.5/src/man/sss_debuglevel.8.xml0000664002412700241270000000464712320753107021250 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_debuglevel 8 sss_debuglevel change debug level while SSSD is running sss_debuglevel options NEW_DEBUG_LEVEL DESCRIPTION sss_debuglevel changes debug level of SSSD monitor and providers to NEW_DEBUG_LEVEL while SSSD is running. OPTIONS , Specify a non-default config file. The default is /etc/sssd/sssd.conf. For reference on the config file syntax and options, consult the sssd.conf 5 manual page. NEW_DEBUG_LEVEL sssd-1.11.5/src/man/PaxHeaders.13173/sss_groupshow.8.xml0000644000000000000000000000007412320753107020732 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.604874249 sssd-1.11.5/src/man/sss_groupshow.8.xml0000664002412700241270000000426012320753107021156 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_groupshow 8 sss_groupshow print properties of a group sss_groupshow options GROUP DESCRIPTION sss_groupshow displays information about a group identified by its name GROUP. The information includes the group ID number, members of the group and the parent group. OPTIONS , Also print indirect group members in a tree-like hierarchy. Note that this also affects printing parent groups - without , only the direct parent will be printed. sssd-1.11.5/src/man/PaxHeaders.13173/ru0000644000000000000000000000013212320753573015470 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.535843846 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/0000775002412700241270000000000012320753573015774 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/ru/PaxHeaders.13173/include0000644000000000000000000000013212320753573017113 xustar000000000000000030 mtime=1396955003.520843857 30 atime=1396955003.535843846 30 ctime=1396955003.520843857 sssd-1.11.5/src/man/ru/include/0000755002412700241270000000000012320753573017415 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/ldap_search_bases.xml0000644000000000000000000000013212320753573023334 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/ldap_search_bases.xml0000664002412700241270000000165112320753573023566 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/param_help.xml0000644000000000000000000000013212320753573022022 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/param_help.xml0000664002412700241270000000032312320753573022247 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/failover.xml0000644000000000000000000000013212320753573021521 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/failover.xml0000664002412700241270000000425312320753573021754 0ustar00jhrozekjhrozek00000000000000 FAILOVER The failover feature allows back ends to automatically switch to a different server if the current server fails. Failover Syntax The list of servers is given as a comma-separated list; any number of spaces is allowed around the comma. The servers are listed in order of preference. The list can contain any number of servers. For each failover-enabled config option, two variants exist: primary and backup. The idea is that servers in the primary list are preferred and backup servers are only searched if no primary servers can be reached. If a backup server is selected, a timeout of 31 seconds is set. After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server. The Failover Mechanism The failover mechanism distinguishes between a machine and a service. The back end first tries to resolve the hostname of a given machine; if this resolution attempt fails, the machine is considered offline. No further attempts are made to connect to this machine for any other service. If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service. The machine is still considered online and might still be tried for another service. Further connection attempts are made to machines or services marked as offline after a specified period of time; this is currently hard coded to 30 seconds. If there are no more machines to try, the back end as a whole switches to offline mode, and then attempts to reconnect every 30 seconds. sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/debug_levels.xml0000644000000000000000000000013212320753573022352 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/debug_levels.xml0000664002412700241270000000506612320753573022610 0ustar00jhrozekjhrozek00000000000000 SSSD supports two representations for specifying the debug level. The simplest is to specify a decimal value from 0-9, which represents enabling that level and all lower-level debug messages. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level). Currently supported debug levels: 0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running. 1, 0x0020: Critical failures. An error that doesn't kill the SSSD, but one that indicates that at least one major feature is not going to work properly. 2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed. 3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2. 4, 0x0100: Configuration settings. 5, 0x0200: Function data. 6, 0x0400: Trace messages for operation functions. 7, 0x1000: Trace messages for internal control functions. 8, 0x2000: Contents of function-internal variables that may be interesting. 9, 0x4000: Extremely low-level tracing information. To log required bitmask debug levels, simply add their numbers together as shown in following examples: Example: To log fatal failures, critical failures, serious failures and function data use 0x0270. Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310. Note: The bitmask format of debug levels was introduced in 1.7.0. Default: 0 sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/seealso.xml0000644000000000000000000000013212320753573021345 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/seealso.xml0000664002412700241270000000471012320753573021576 0ustar00jhrozekjhrozek00000000000000 СМ. ТАКЖЕ sssd8 , sssd.conf5 , sssd-ldap5 , sssd-krb55 , sssd-simple5 , sssd-ipa5 , sssd-ad5 , sssd-sudo 5 , sss_cache8 , sss_debuglevel8 , sss_groupadd8 , sss_groupdel8 , sss_groupshow8 , sss_groupmod8 , sss_useradd8 , sss_userdel8 , sss_usermod8 , sss_obfuscate8 , sss_seed8 , sssd_krb5_locator_plugin8 , sss_ssh_authorizedkeys 8 , sss_ssh_knownhostsproxy 8 , pam_sss8 . sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/upstream.xml0000644000000000000000000000013212320753573021552 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/upstream.xml0000664002412700241270000000020212320753573021773 0ustar00jhrozekjhrozek00000000000000 SSSD The SSSD upstream - http://fedorahosted.org/sssd sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/param_help_py.xml0000644000000000000000000000013212320753573022532 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/param_help_py.xml0000664002412700241270000000032312320753573022757 0ustar00jhrozekjhrozek00000000000000 , Display help message and exit. sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/autofs_restart.xml0000644000000000000000000000013212320753573022757 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/autofs_restart.xml0000664002412700241270000000035312320753573023207 0ustar00jhrozekjhrozek00000000000000 Please note that the automounter only reads the master map on startup, so if any autofs-related changes are made to the sssd.conf, you typically also need to restart the automounter daemon after restarting the SSSD. sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/experimental.xml0000644000000000000000000000013212320753573022407 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/experimental.xml0000664002412700241270000000016712320753573022642 0ustar00jhrozekjhrozek00000000000000 This is an experimental feature, please use http://fedorahosted.org/sssd to report any issues. sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/ldap_id_mapping.xml0000644000000000000000000000013212320753573023021 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/ldap_id_mapping.xml0000664002412700241270000002227712320753573023262 0ustar00jhrozekjhrozek00000000000000 ID MAPPING The ID-mapping feature allows SSSD to act as a client of Active Directory without requiring administrators to extend user attributes to support POSIX attributes for user and group identifiers. NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are ignored. This is to avoid the possibility of conflicts between automatically-assigned and manually-assigned values. If you need to use manually-assigned values, ALL values must be manually-assigned. Please note that changing the ID mapping related configuration options will cause user and group IDs to change. At the moment, SSSD does not support changing IDs, so the SSSD database must be removed. Because cached passwords are also stored in the database, removing the database should only be performed while the authentication servers are reachable, otherwise users might get locked out. In order to cache the password, an authentication must be performed. It is not sufficient to use sss_cache 8 to remove the database, rather the process consists of: Making sure the remote servers are reachable Stopping the SSSD service Removing the database Starting the SSSD service Moreover, as the change of IDs might necessitate the adjustment of other system properties such as file and directory ownership, it's advisable to plan ahead and test the ID mapping configuration thoroughly. Mapping Algorithm Active Directory provides an objectSID for every user and group object in the directory. This objectSID can be broken up into components that represent the Active Directory domain identity and the relative identifier (RID) of the user or group object. The SSSD ID-mapping algorithm takes a range of available UIDs and divides it into equally-sized component sections - called "slices"-. Each slice represents the space available to an Active Directory domain. When a user or group entry for a particular domain is encountered for the first time, the SSSD allocates one of the available slices for that domain. In order to make this slice-assignment repeatable on different client machines, we select the slice based on the following algorithm: The SID string is passed through the murmurhash3 algorithm to convert it to a 32-bit hashed value. We then take the modulus of this value with the total number of available slices to pick the slice. NOTE: It is possible to encounter collisions in the hash and subsequent modulus. In these situations, we will select the next available slice, but it may not be possible to reproduce the same exact set of slices on other machines (since the order that they are encountered will determine their slice). In this situation, it is recommended to either switch to using explicit POSIX attributes in Active Directory (disabling ID-mapping) or configure a default domain to guarantee that at least one is always consistent. See Configuration for details. Configuration Minimum configuration (in the [domain/DOMAINNAME] section): ldap_id_mapping = True ldap_schema = ad The default configuration results in configuring 10,000 slices, each capable of holding up to 200,000 IDs, starting from 10,001 and going up to 2,000,100,000. This should be sufficient for most deployments. Advanced Configuration ldap_idmap_range_min (integer) Specifies the lower bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from min_id in that min_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have min_id be less-than or equal to ldap_idmap_range_min Default: 200000 ldap_idmap_range_max (integer) Specifies the upper bound of the range of POSIX IDs to use for mapping Active Directory user and group SIDs. NOTE: This option is different from max_id in that max_id acts to filter the output of requests to this domain, whereas this option controls the range of ID assignment. This is a subtle distinction, but the good general advice would be to have max_id be greater-than or equal to ldap_idmap_range_max Default: 2000200000 ldap_idmap_range_size (integer) Specifies the number of IDs available for each slice. If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can. Default: 200000 ldap_idmap_default_domain_sid (string) Specify the domain SID of the default domain. This will guarantee that this domain will always be assigned to slice zero in the ID map, bypassing the murmurhash algorithm described above. Default: not set ldap_idmap_default_domain (string) Specify the name of the default domain. Default: not set ldap_idmap_autorid_compat (boolean) Changes the behavior of the ID-mapping algorithm to behave more similarly to winbind's idmap_autorid algorithm. When this option is configured, domains will be allocated starting with slice zero and increasing monatomically with each additional domain. NOTE: This algorithm is non-deterministic (it depends on the order that users and groups are requested). If this mode is required for compatibility with machines running winbind, it is recommended to also use the ldap_idmap_default_domain_sid option to guarantee that at least one domain is consistently allocated to slice zero. Default: False sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/ldap_search_bases_experimental.xml0000644000000000000000000000013212320753573026111 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/ldap_search_bases_experimental.xml0000664002412700241270000000203612320753573026341 0ustar00jhrozekjhrozek00000000000000 An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type. syntax: search_base[?scope?[filter][?search_base?scope?[filter]]*] The scope can be one of "base", "onelevel" or "subtree". The filter must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/rfc2254.txt For examples of this syntax, please refer to the ldap_search_base examples section. Default: the value of ldap_search_base Please note that specifying scope or filter is not supported for searches against an Active Directory Server that might yield a large number of results and trigger the Range Retrieval extension in the response. sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/service_discovery.xml0000644000000000000000000000013212320753573023441 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/service_discovery.xml0000664002412700241270000000322712320753573023674 0ustar00jhrozekjhrozek00000000000000 SERVICE DISCOVERY The service discovery feature allows back ends to automatically find the appropriate servers to connect to using a special DNS query. This feature is not supported for backup servers. Configuration If no servers are specified, the back end automatically uses service discovery to try to find a server. Optionally, the user may choose to use both fixed server addresses and service discovery by inserting a special keyword, _srv_, in the list of servers. The order of preference is maintained. This feature is useful if, for example, the user prefers to use service discovery whenever possible, and fall back to a specific server when no servers can be discovered using DNS. The domain name Please refer to the dns_discovery_domain parameter in the sssd.conf 5 manual page for more details. The protocol The queries usually specify _tcp as the protocol. Exceptions are documented in respective option description. See Also For more information on the service discovery mechanism, refer to RFC 2782. sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/local.xml0000644000000000000000000000013212320753573021004 xustar000000000000000030 mtime=1396955003.519843858 30 atime=1396955003.519843858 30 ctime=1396955003.519843858 sssd-1.11.5/src/man/ru/include/local.xml0000664002412700241270000000134512320753573021236 0ustar00jhrozekjhrozek00000000000000 THE LOCAL DOMAIN In order to function correctly, a domain with id_provider=local must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd 8 ) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. sssd-1.11.5/src/man/ru/include/PaxHeaders.13173/override_homedir.xml0000644000000000000000000000013212320753573023240 xustar000000000000000030 mtime=1396955003.520843857 30 atime=1396955003.520843857 30 ctime=1396955003.520843857 sssd-1.11.5/src/man/ru/include/override_homedir.xml0000664002412700241270000000313012320753573023464 0ustar00jhrozekjhrozek00000000000000 override_homedir (string) Override the user's home directory. You can either provide an absolute value or a template. In the template, the following sequences are substituted: %u login name %U UID number %d domain name %f fully qualified user name (user@domain) %o The original home directory retrieved from the identity provider. %% a literal '%' This option can also be set per-domain. example: override_homedir = /home/%u Default: Not set (SSSD will use the value retrieved from LDAP) sssd-1.11.5/src/man/PaxHeaders.13173/sss_groupadd.8.xml0000644000000000000000000000007412320753107020502 xustar000000000000000030 atime=1396954939.261891434 30 ctime=1396954962.617874239 sssd-1.11.5/src/man/sss_groupadd.8.xml0000664002412700241270000000412012320753107020721 0ustar00jhrozekjhrozek00000000000000 SSSD Manual pages sss_groupadd 8 sss_groupadd create a new group sss_groupadd options GROUP DESCRIPTION sss_groupadd creates a new group. These groups are compatible with POSIX groups, with the additional feature that they can contain other groups as members. OPTIONS , GID Set the GID of the group to the value of GID. If not given, it is chosen automatically. sssd-1.11.5/src/man/PaxHeaders.13173/po0000644000000000000000000000013212320753573015460 xustar000000000000000030 mtime=1396955003.527843852 30 atime=1396955003.535843846 30 ctime=1396955003.527843852 sssd-1.11.5/src/man/po/0000775002412700241270000000000012320753573015764 5ustar00jhrozekjhrozek00000000000000sssd-1.11.5/src/man/po/PaxHeaders.13173/br.po0000644000000000000000000000013212320753573016500 xustar000000000000000030 mtime=1396955003.480843887 30 atime=1396955003.480843887 30 ctime=1396955003.480843887 sssd-1.11.5/src/man/po/br.po0000664002412700241270000124511112320753573016734 0ustar00jhrozekjhrozek00000000000000# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: # Fulup , 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2013-11-19 16:29+0000\n" "Last-Translator: jhrozek \n" "Language-Team: Breton (http://www.transifex.com/projects/p/fedora/language/" "br/)\n" "Language: br\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" #. type: Content of: #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "Dornlevr SSSD" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "sss_groupmod" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "8" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "Kemmañur strollad" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "DESKRIVADUR" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "DIBARZHIOÙ" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "sssd.conf" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "Ar restr gefluniañ evit SSSD" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "FURMAD RESTR" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "RANNOÙ DIBAR" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "Ar rann [sssd]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "Arventennoù ar rann" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "Dre ziouer : 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "domanioù" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "re_expression (neudennad)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "full_name_format (neudennad)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "RANNOÙ SERVIJOÙ" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "Dre ziouer : true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "Dre ziouer : 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "Dre ziouer : 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (neudennad)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "Dre zoiuer : root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "Dre zoiuer : 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "Dre ziouer : 0" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "RANNOÙ DOMANI" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 #, fuzzy #| msgid "full_name_format (string)" msgid "subdomain_enumerate (string)" msgstr "full_name_format (neudennad)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 msgid "ldap_group_type (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 msgid "<option>ignore_unknown_user</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 msgid "<emphasis>never</emphasis> use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 #, fuzzy #| msgid "Default: true" msgid "Default: try" msgstr "Dre ziouer : true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 msgid "This option should only be set by the IPA installer." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 msgid "ad_access_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 #, fuzzy #| msgid "Default: true" msgid "Default: Not set" msgstr "Dre ziouer : true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 msgid "ad_enable_gc (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 #, fuzzy #| msgid "Default: root" msgid "Default: (from libkrb5)" msgstr "Dre zoiuer : root" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 msgid "Default: false (AD provider: true)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 msgid "<emphasis>Default</emphasis>: 0" msgstr "" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "GWELET IVEZ" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "" �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/nl.po�������������������������������������������������������0000644�0000000�0000000�00000000132�12320753573�016506� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396955003.510843865 30 atime=1396955003.510843865 30 ctime=1396955003.510843865 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/nl.po������������������������������������������������������������������������0000664�0024127�0024127�00001254027�12320753573�016750� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: # Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2013-11-19 16:29+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Dutch (http://www.transifex.com/projects/p/fedora/language/" "nl/)\n" "Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "SSSD handleiding" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "sss_groupmod" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "8" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "muteer een groep" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opties</" "replaceable> </arg> <arg choice='plain'><replaceable>GROEP</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "OMSCHRIJVING" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" "<command>sss_groupmod</command> muteert de groep en maakt de aanpassingen " "die via de opdrachtregel ingegeven zijn." #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "OPTIES" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" "Voeg deze groep toe aan de groepen opgegeven met de <replaceable>GROEPEN</" "replaceable> parameter. De <replaceable>GROEPEN</replaceable> parameter is " "een kommagescheiden lijst van groepnamen." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" "Verwijder deze groep uit de groepen opgegeven in de <replaceable>GROEPEN</" "replaceable> parameter." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "sssd.conf" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "Bestandsformaten en conventies" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "het configuratiebestand voor SSSD" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "BESTANDSFORMAAT" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" " <replaceable>[sectie]</replaceable>\n" " <replaceable>sleutel</replaceable> = <replaceable>waarde</replaceable>\n" " <replaceable>sleutel2</replaceable> = <replaceable>waarde2,waarde3</replaceable>\n" " " #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "Het bestand heeft een ini-stijl syntaxis en bestaat uit secties en " "parameters. Een sectie begint met de naam van de sectie in rechte haken en " "gaat verder totdat de volgende sectie begint. Een voorbeeld van een sectie " "met een enkele en een meervoudige parameter: <placeholder type=" "\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" "De datatypes gebruikt zijn tekst (geen quotes vereisd), numeriek en " "booleaans (met de waardes <quote>TRUE/FALSE</quote>)." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" "Alle secties kunnen een optionele <replaceable>description</replaceable> " "parameter bevatten. Dit fungeert slechts als label voor de sectie." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" "<filename>sssd.conf</filename> moet een standaardbestand zijn, de eigenaar " "moet root zijn en alleen root mag hem lezen en schrijven." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "SPECIALE SECTIES" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "De [sssd] sectie" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "Sectie parameters" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "config_file_version (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" "Geeft aan welke syntaxis de configuratie gebruikt. SSSD 0.6.0 en hoger " "gebruiken versie 2." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "diensten" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" "Kommagescheiden lijst van diensten die gestart worden als sssd zelf start." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" "Aantal keer dat de service moet proberen om opnieuw te verbinden indien een " "Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "domeinen" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "full_name_format (tekst)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "try_inotify (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" "SSSD houdt de stat van resolv.conf in de gaten om te zien wanneer de interne " "DNS-resolver bijgewerkt moet worden. Standaard wordt er geprobeerd om " "inotify te gebruiken en er wordt teruggevallen op iedere vijf seconden " "kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" "Er zijn een aantal situaties waarin het de voorkeur heeft dat we het gebruik " "van inotify uitschakelen. In deze zeldzame gevallen kan de optie op 'false' " "gezet worden" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" "Standaard: true op systemen waar inotify is ondersteund. False op andere " "systemen." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" "Merk op: deze optie heeft geen effect op systemen waar inotify niet " "beschikbaar is. Op deze systemen wordt altijd periodiek gekeken naar resolv." "conf." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "Map in het bestandssysteem waarin SSSD Kerberos replay cache bestanden moet " "opslaan." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "SERVICES SECTIE" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "Algemene service configuratie-opties" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "Deze opties kunnen gebruikt worden om services te configureren." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "debug_level (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "debug_timestamps (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "Voeg een tijdstempel toe aan de debugberichten" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "Standaard: true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "NSS configuratie-opties" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" "Deze opties kunnen worden gebruikt om de Name Serice Switch (NSS) service te " "configurere." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" "Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie " "over alle gebruikers)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "Standaard: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "Standaard: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 #, fuzzy #| msgid "full_name_format (string)" msgid "subdomain_enumerate (string)" msgstr "full_name_format (tekst)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" "Standaard: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "wat zich vertaalt tot \"de gebruikersnaam is alles tot <quote>@</quote> , " "het domein alles daarna\"" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" "MER OOK OP: oudere versies van libpcre ondersteunen alleen de Pyton syntaxis " "(?P<name>) om subpatronen aan te geven." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Standaard: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_group_type (integer)" msgstr "debug_level (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 msgid "<option>ignore_unknown_user</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 msgid "<emphasis>never</emphasis> use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 #, fuzzy #| msgid "Default: true" msgid "Default: try" msgstr "Standaard: true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 msgid "This option should only be set by the IPA installer." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 msgid "ad_access_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 #, fuzzy #| msgid "Default: true" msgid "Default: Not set" msgstr "Standaard: true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 msgid "ad_enable_gc (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 msgid "Default: (from libkrb5)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 msgid "Default: false (AD provider: true)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 msgid "<emphasis>Default</emphasis>: 0" msgstr "" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "ZIE OOK" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "" ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/zh_CN.po����������������������������������������������������0000644�0000000�0000000�00000000132�12320753573�017076� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396955003.528843851 30 atime=1396955003.527843852 30 ctime=1396955003.528843851 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/zh_CN.po���������������������������������������������������������������������0000664�0024127�0024127�00001244372�12320753573�017342� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: # Christopher Meng <cickumqt@gmail.com>, 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2013-11-19 16:29+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/fedora/" "language/zh_CN/)\n" "Language: zh_CN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "SSSD 手册页面" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "sss_groupmod" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "8" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "变更一个组" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "选项" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "sssd.conf" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "文件格式" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "服务" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "服务部分" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "基本服务配置选项" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "这些选项可被用于配置任何服务。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 msgid "ldap_group_type (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 msgid "<option>ignore_unknown_user</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 msgid "<emphasis>never</emphasis> use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 #, fuzzy #| msgid "Default: 3" msgid "Default: try" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 msgid "This option should only be set by the IPA installer." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 msgid "ad_access_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 #, fuzzy #| msgid "Default: 3" msgid "Default: Not set" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 msgid "ad_enable_gc (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 msgid "Default: (from libkrb5)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 msgid "Default: false (AD provider: true)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 msgid "<emphasis>Default</emphasis>: 0" msgstr "" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "另见" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "" ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/tg.po�������������������������������������������������������0000644�0000000�0000000�00000000132�12320753573�016507� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396955003.521843857 30 atime=1396955003.520843857 30 ctime=1396955003.521843857 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/tg.po������������������������������������������������������������������������0000664�0024127�0024127�00001244740�12320753573�016752� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2013-11-19 16:29+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Tajik (http://www.transifex.com/projects/p/fedora/language/" "tg/)\n" "Language: tg\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "8" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "ШАРҲ" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "ИМКОНОТҲО" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "Формати файл" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "Пешфарз: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "Пешфарз: true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "Пешфарз: false" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "Пешфарз: 10" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "Пешфарз: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "Пешфарз: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "Пешфарз: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "Пешфарз: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "Пешфарз: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "Пешфарз: 0 (Номаҳдуд)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "Пешфарз: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "Пешфарз: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "Пешфарз: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "Пешфарз: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "Пешфарз: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "Пешфарз: 0 (номаҳдуд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "Пешфарз: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "Пешфарз: TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "НАМУНА" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "Намунаҳо:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "Пешфарз: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "парол" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "Пешфарз: парол" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 msgid "ldap_group_type (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "Пешфарз: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "Пешфарз: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "Намуна:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "ЭЗОҲҲО" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 msgid "<option>ignore_unknown_user</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "ФАЙЛҲО" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 msgid "<emphasis>never</emphasis> use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 #, fuzzy #| msgid "Default: true" msgid "Default: try" msgstr "Пешфарз: true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 msgid "This option should only be set by the IPA installer." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 msgid "ad_access_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 #, fuzzy #| msgid "Default: true" msgid "Default: Not set" msgstr "Пешфарз: true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 msgid "ad_enable_gc (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "Номи логин" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 #, fuzzy #| msgid "Default: 0 (No limit)" msgid "Default: (from libkrb5)" msgstr "Пешфарз: 0 (Номаҳдуд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 msgid "Default: false (AD provider: true)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "Ҷӯрсозӣ" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 msgid "<emphasis>Default</emphasis>: 0" msgstr "" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "Рақами UID" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "" ��������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/cs.po�������������������������������������������������������0000644�0000000�0000000�00000000132�12320753573�016502� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396955003.486843883 30 atime=1396955003.486843883 30 ctime=1396955003.486843883 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/cs.po������������������������������������������������������������������������0000664�0024127�0024127�00001251200�12320753573�016732� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: # sgallagh <sgallagh@redhat.com>, 2011. msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2012-05-22 13:44+0000\n" "Last-Translator: sgallagh <sgallagh@redhat.com>\n" "Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/" "cs/)\n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "Manuálové stránky SSSD" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "8" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "POPIS" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "VOLBY" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 msgid "ldap_group_type (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" "<productname>SSSD</productname> <orgname>Vývojáři SSSD - http://fedorahosted." "org/sssd</orgname>" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 #, fuzzy #| msgid "" #| "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" #| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" #| "arg>" msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>volby</" "replaceable> </arg> <arg choice='plain'><replaceable>SKUPINA</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 msgid "<option>ignore_unknown_user</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 #, fuzzy #| msgid "" #| "<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</" #| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</" #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " #| "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </" #| "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " #| "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" #| "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" #| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" "<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 msgid "<emphasis>never</emphasis> use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 msgid "Default: try" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 msgid "This option should only be set by the IPA installer." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 msgid "ad_access_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 msgid "Default: Not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 msgid "ad_enable_gc (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 msgid "Default: (from libkrb5)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 msgid "Default: false (AD provider: true)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "sss_groupdel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "vymazat skupinu" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>volby</" "replaceable> </arg> <arg choice='plain'><replaceable>SKUPINA</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" "<command>sss_groupdel</command> odstraní ze systému skupinu určenou jejím " "jménem<replaceable>SKUPINA</replaceable>." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 #, fuzzy #| msgid "<option>-h</option>,<option>--help</option>" msgid "<option>-E</option>,<option>--everything</option>" msgstr "<option>-h</option>,<option>--help</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 #, fuzzy #| msgid "" #| "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" #| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" #| "arg>" msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>volby</" "replaceable> </arg> <arg choice='plain'><replaceable>SKUPINA</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 #, fuzzy #| msgid "<option>-h</option>,<option>--help</option>" msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "<option>-h</option>,<option>--help</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 #, fuzzy #| msgid "<option>-h</option>,<option>--help</option>" msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "<option>-h</option>,<option>--help</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 #, fuzzy #| msgid "<option>-h</option>,<option>--help</option>" msgid "<option>-?</option>,<option>--help</option>" msgstr "<option>-h</option>,<option>--help</option>" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "Zobraz nápovědu a ukonči program." #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "<option>-h</option>,<option>--help</option>" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 msgid "<emphasis>Default</emphasis>: 0" msgstr "" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "VIZ TAKÉ" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "" ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/pt.po�������������������������������������������������������0000644�0000000�0000000�00000000132�12320753573�016520� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396955003.514843862 30 atime=1396955003.514843862 30 ctime=1396955003.514843862 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/pt.po������������������������������������������������������������������������0000664�0024127�0024127�00001271134�12320753573�016760� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: # Miguel Sousa <migueljorgesousa@sapo.pt>, 2011 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2013-11-19 16:29+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/fedora/" "language/pt/)\n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "Páginas de Manual de SSSD" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "sss_groupmod" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "8" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "modificar um grupo" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>Opções</" "replaceable></arg> <arg choice='plain'> <replaceable>grupo</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "DESCRIÇÃO" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" "<command>sss_groupmod</command> modifica o grupo para refletir as alterações " "que são especificadas na linha de comando." #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "Opções" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" "Acrescente este grupo para grupos especificados pelo parâmetro de " "<replaceable>GROUPS</replaceable>. O parâmetro de <replaceable>GROUPS</" "replaceable> é uma lista separada por vírgulas de nomes de grupo." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" "Remova este grupo de grupos especificados pelo parâmetro de " "<replaceable>GROUPS</replaceable>." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "sssd.conf" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "Formatos de ficheiros e convenções" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "o ficheiro de configuração para SSSD" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "FORMATAR FICHEIRO" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" "Os tipos de dados usados são cadeia de caracteres (sem aspas necessárias), " "inteiro e bool (com valores de <quote>TRUE/FALSE</quote>)." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" "Todas as seções podem ter um parâmetro opcional <replaceable>description</" "replaceable>. Sua função é apenas como um rótulo para a secção." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" "<filename>sssd.conf</filename> deve ser um ficheiro regular, pertencente a " "raiz e somente raiz pode ler ou gravar o arquivo." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "SECÇÕES ESPECIAIS" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "A seção [SSSD]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "Parâmetros de secção" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "config_file_version (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" "Indica qual é a sintaxe do arquivo config. SSSD 0.6.0 e posterior utilização " "versão 2." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "serviços" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" "Lista de serviços que são iniciados quando SSSD propriamente dito começa " "separados por vírgulas." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" "Número de vezes que os serviços devem tentar reconectar-se no caso de uma " "falha do provedor de dados ou reiniciar antes de eles desistirem" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "Padrão: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "domínios" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "re_expression (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "full_name_format (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "try_inotify (boolean)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "krb5_rcache_dir (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "debug_microseconds (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "Padrão: false" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "Padrão: 10" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "Padrão: 60" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "Padrão: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "allowed_shells (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "vetoed_shells (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "shell_fallback (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "Padrão: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "Padrão: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "Padrão: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "SECÇÕES DE DOMÍNIO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "enumerate (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "Padrão: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 #, fuzzy #| msgid "full_name_format (string)" msgid "subdomain_enumerate (string)" msgstr "full_name_format (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "Padrão: none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "Padrão: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "Padrão: 0 (ilimitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "id_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "auth_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "access_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Default: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "Default: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "Padrão: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "override_gid (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "case_sensitive (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "Padrão: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "A secção de domínio local" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "default_shell (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "Padrão: <filename>bash/bin/bash</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "base_directory (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "Padrão: <filename>/ home</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "create_homedir (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "Padrão: TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "remove_homedir (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "homedir_umask (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "Padrão: 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "skel_dir (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "Padrão: <filename>skel/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "mail_dir (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "Padrão: <filename>mail/var/mail</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "userdel_cmd (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "Padrão: None, nenhum comando é executado" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "EXEMPLO" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "sssd-ldap" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "OPÇÕES DE CONFIGURAÇÃO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Padrão: empty, ou seja, ldap_uri é usado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "ldap_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "Exemplos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "Padrão: homeDirectory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "ldap_user_shell (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "Padrão: diret" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "ldap_user_uuid (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "Padrão: nsUniqueId" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "ldap_user_modify_timestamp (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "Padrão: modifyTimestamp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "ldap_user_shadow_last_change (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "Padrão: shadowLastChange" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "ldap_user_shadow_min (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "Padrão: shadowMin" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "ldap_user_shadow_max (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "Padrão: shadowMax" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "ldap_user_shadow_warning (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "Padrão: shadowWarning" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "ldap_user_shadow_inactive (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "Padrão: shadowInactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "ldap_user_shadow_expire (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "Padrão: shadowExpire" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "ldap_user_krb_last_pwd_change (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "Padrão: krbLastPwdChange" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "ldap_user_krb_password_expiration (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "Padrão: krbPasswordExpiration" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "ldap_user_principal (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "Padrão: krbPrincipalName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "Padrão: 10800 (12 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "ldap_user_fullname (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "Padrão: NC" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "ldap_user_authorized_host (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "Padrão: host" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_group_type (integer)" msgstr "ldap_opt_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "Padrão: nisNetgroupTriple" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "ldap_netgroup_uuid (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "ldap_netgroup_modify_timestamp (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "Padrão: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" "<emphasis>never</emphasis> = O cliente não irá solicitar ou verificar " "qualquer certificado de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "Padrão: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "Padrão: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "Padrão: 86400 (24 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "Padrão: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "ldap_deref (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "OPÇÕES AVANÇADAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "ldap_user_search_filter (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "ldap_group_search_filter (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTAS" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "pam_sss" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "Módulo PAM para SSSD" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 #, fuzzy #| msgid "" #| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> " #| "</arg>" msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "<option>quiet</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "<option>use_first_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "<option>use_authtok</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "<option>retry=N</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 #, fuzzy #| msgid "<option>forward_pass</option>" msgid "<option>ignore_unknown_user</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "MÓDULOS TIPO FORNECIDOS" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "FICHEIROS" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "sssd_krb5_locator_plugin" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "sssd-simple" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "ipa_domain (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "ipa_hostname (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "Default: Use base DN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "krb5_validate (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 msgid "<emphasis>never</emphasis> use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 #, fuzzy #| msgid "Default: 3" msgid "Default: try" msgstr "Padrão: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "Padrão: DENY_ALL" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 msgid "This option should only be set by the IPA installer." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "Padrão: memberUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "ipa_netgroup_member_host (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "Padrão: memberHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "ipa_netgroup_member_ext_host (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "Padrão: externalHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "ipa_netgroup_domain (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "Padrão: nisDomainName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "ipa_host_object_class (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "Padrão: ipaHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "ipa_host_fqdn (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "Padrão: fqdn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 #, fuzzy #| msgid "case_sensitive (boolean)" msgid "ad_access_filter (boolean)" msgstr "case_sensitive (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 #, fuzzy #| msgid "Default: host" msgid "Default: Not set" msgstr "Padrão: host" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 #, fuzzy #| msgid "case_sensitive (boolean)" msgid "ad_enable_gc (boolean)" msgstr "case_sensitive (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "sssd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "Daemon de serviços de segurança do sistema" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "<option>-f</option>,<option>--debug-to-files</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "<option>-D</option>,<option>--daemon</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "Tornar-se um daemon após a instalação." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "<option>-i</option>,<option>--interactive</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "Executar em primeiro plano, não se torne um daemon." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "<option>-c</option>,<option>--config</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "<option>--version</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "Imprimir o número da versão e sair." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "Sinais" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "SIGTERM/SIGINT" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "SIGHUP" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "SIGUSR1" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "SIGUSR2" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "sss_obfuscate" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "ofuscar uma senha de texto não criptografado" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "<option>-s</option>,<option>--stdin</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "Padrão: Usar o KDC" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "krb5_ccachedir (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "Padrão: /tmp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "krb5_ccname_template (string)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "%u" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "nome de login" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "%U" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "%p" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "nome principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "%r" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "nome de território" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "%h" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "%d" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "valor de krb5ccache_dir" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "%P" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "%%" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "um literal '%'" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 #, fuzzy #| msgid "Default: filter" msgid "Default: (from libkrb5)" msgstr "Padrão: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "krb5_auth_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "krb5_keytab (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "Padrão: /etc/krb5.keytab" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "krb5_store_password_if_offline (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "krb5_renewable_lifetime (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "Padrão: não definido, ou seja, o TGT não é renovável" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "krb5_lifetime (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "krb5_fast_principal (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 msgid "Default: false (AD provider: true)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "sss_groupdel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "excluir um grupo" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "sss_groupshow" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "<option>-R</option>,<option>--recursive</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "sss_usermod" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "modificar uma conta de utilizador" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "<option>-l</option>,<option>--lock</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "" "Bloquear a conta do utilizador. O utilizador não será capaz de efetuar login." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "<option>-u</option>,<option>--unlock</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "Desbloquear a conta de utilizador." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "DESCOBERTA DE SERVIÇOS" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "Configuração" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "O nome de domínio" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "O protocolo" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "Ver também" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "Exibe a mensagem de ajuda e sai." #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "<option>-h</option>,<option>--help</option>" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 msgid "<emphasis>Default</emphasis>: 0" msgstr "" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "VER TAMBÉM" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "override_homedir (string)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "Número UID" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "nome de domínio" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "%f" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "nome totalmente qualificado do utilizador (utilizador@domínio)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "" #~ msgid "Default: FILE:%d/krb5cc_%U_XXXXXX" #~ msgstr "Padrão: FILE:%d/krb5cc_%U_XXXXXX" ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/ca.po�������������������������������������������������������0000644�0000000�0000000�00000000132�12320753573�016460� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396955003.483843885 30 atime=1396955003.483843885 30 ctime=1396955003.483843885 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/ca.po������������������������������������������������������������������������0000664�0024127�0024127�00001400065�12320753573�016715� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: # jordimash <jmas@softcatala.org>, 2012 # jordimash <jmas@softcatala.org>, 2012 # jordimash <jmas@softcatala.org>, 2014 # muzzol mussol <muzzol@gmail.com>, 2012 # muzzol mussol <muzzol@gmail.com>, 2012 # Robert Antoni Buj i Gelonch <robert.buj@gmail.com>, 2013 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2014-04-05 19:10+0000\n" "Last-Translator: jordimash <jmas@softcatala.org>\n" "Language-Team: Catalan (http://www.transifex.com/projects/p/fedora/language/" "ca/)\n" "Language: ca\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "Pàgines de manual de l'SSSD" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "sss_groupmod" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "8" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "modifica un grup" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>opcions</" "replaceable></arg> <arg choice='plain'> <replaceable>GRUP</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "DESCRIPCIÓ" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" "<command>sss_groupmod</command> modifica el grup per reflectir els canvis " "que s'especifiquen a la línia d'ordres." #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "OPCIONS" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-a</option>,<option>--append-group</option> <replaceable>GRUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" "Afegiu aquest grup als grups especificats pel paràmetre de " "<replaceable>GRUPS</replaceable> . El paràmetre de <replaceable>GRUPS</" "replaceable> és una llista delimitada per comes dels noms de grup." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GRUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" "Suprimeix aquest grup dels grups especificats pel paràmetre " "<replaceable>GRUPS</replaceable>." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "sssd.conf" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "Formats de fitxer i convencions" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "l'arxiu de configuració per a SSSD" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "FORMAT DE FITXER" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" " <replaceable>[secció]</replaceable>\n" " <replaceable>clau</replaceable> = <replaceable>valor</replaceable>\n" " <replaceable>clau2</replaceable> = <replaceable>valor2,valor3</replaceable>\n" " " #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "El fitxer utilitza un estil de sintaxi del tipu ini i consisteix en seccions " "i paràmetres.\n" "Una secció comença amb el nom de la secció entre claudàtors i continua fins " "que comença la següent secció. Un exemple de secció amb paràmetres simples i " "múltiples: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" "Els tipus de dades utilitzats són cadenes (no es necessiten cometes), enters " "i booleans (amb valors de <quote>TRUE/FALSE</quote>)." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" "Totes les seccions poden tenir un paràmetre opcional de " "<replaceable>descripció</replaceable>. Serveix només per etiquetar la secció." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" "<filename>sssd.conf</filename> ha de ser un fitxer normal, amb propietat de " "root i només l'usuari root ha de poder llegir o escriure a l'arxiu." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "SECCIONS ESPECIALS" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "La secció [sssd]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "Paràmetres de la secció" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "config_file_version (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" "Indica quina és la sintaxi de l'arxiu de configuració. L'SSSD 0.6.0 i " "posteriors fan servir la versió 2." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "serveis" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" "Llista de serveis separats per comes que s'inicien quan s'inicia el propi " "sssd." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (Enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" "Nombre de vegades que els serveis haurien d'intentar reconnectar en cas de " "caiguda del Proveïdor de Dades o reiniciar abans de donar-se per vençuts" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "Per defecte: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "dominis" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "re_expression (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "full_name_format (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "try_inotify (booleà)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" "L'SSSD controla l'estat de resolv.conf per a identificar quan cal " "actualitzar el seu traductor intern de DNS. Per defecte, s'intentarà " "utilitzar inotify per a això i recaurà en sondejar el resolv.conf cada cinc " "segons si inotify no es pot utilitzar." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" "Hi ha algunes situacions limitades on és preferit ometre fins i tot " "d'intentar utilitzar inotify. En aquests casos rars, s'hauria d'establir " "aquesta opció a 'false'" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" "Per defecte: true en plataformes on està suportat inotify. Fals en altres " "plataformes." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" "Nota: aquesta opció no afectarà a plataformes on inotify no està disponible. " "En aquestes plataformes, sempre s'utilitzarà el sondeig." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "Directori al sistema de fitxers on el SSSD ha d'emmagatzemar els fitxers cau " "de Kerberos" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" "Parts concretes de la funcionalitat de l'SSSD les proveeixen serveis " "especials que s'inicien i s'aturen juntament amb l'SSSD. Els serveis es " "gestionen amb un servei especial anomenat <quote>monitor</quote>. La secció " "<quote>[sssd]</quote> s'utilitza per configurar el monitor així com altres " "opcions importants com les identitats de dominies. <placeholder type=" "\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "SECCIONS DE SERVEIS" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" "Ajustos que es poden utilitzar per configurar diferents serveis que es " "descriuen en aquesta secció. Han de residir a la secció [<replaceable>$Nom</" "replaceable>], per exemple, per a servei NSS, la secció seria <quote>[nss]</" "quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "Opcions de configuració del servei general" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "Aquestes opcions es poden utilitzar per a configurar qualsevol servei." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "debug_level (Enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "debug_timestamps (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "Afegir una marca de temps als missatges de depuració" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "Per defecte: true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "Per defecte: false" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "timeout (Enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "Per defecte: 10" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "Per defecte: 60" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "Opcions de configuració d'NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" "Aquestes opcions es poden utilitzar per a configurar el servei de canvi de " "servei de nom (NSS)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (Enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" "El número de segons que nss_sss emmagatzema a la meòria cau les enumeracions " "(peticions d'informació sobre tots els usuaris)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "Per defecte: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (Enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" "El valor de la memòria cau es pot establir per actualitzar a automàticament " "les entrades en rerefons, si se sol·liciten més enllà d'un percentatge del " "valor entry_cache_timeout per al domini." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" "Per exemple, si s'estableix entry_cache_timeout del domini a 30s i " "entry_cache_nowait_percentage està establert a 50 (per cent), les entrades " "que arriben després de 15 segons més enllà de l'última actualització de la " "memòria cau es retornaran immediatament, però l'SSSD anirà actualitzant la " "memòria cau pel seu propi compte, de manera que no caldrà bloquejar les " "peticions que esperen per a una actualització de la memòria cau." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" "Els valors vàlids per a aquesta opció són 0-99 i representen un percentatge " "de la entry_cache_timeout per a cada domini. Per raons de rendiment, aquest " "percentatge mai reduirà el temps d'espera de nowait a menys de 10 segons. " "(0 desactiva aquesta característica)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (Enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" "Especifica quants segons nss_sss hauria d'emmagatzemar els intents de la " "memòria cau negatius (és a dir, consultes per a les entrades incorrectes de " "la base de dades, com les inexistents) abans de preguntar al rerefons una " "altra vegada." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "Per defecte: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "Per defecte: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (booleà)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" "Si voleu que els usuaris filtrats encara siguin membres del grup establiu " "aquesta opció a false." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "Per defecte: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "Opcions de configuració de PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" "Aquestes opcions s'utilitzen per configurar el servei de Pluggable " "Authentication Module (PAM)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (Enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" "Si el proveïdor d'autenticació està fora de línia, quant de temps s'haurien " "de permetre inicis de sessió de la memòria cau (en dies des de l'últim inici " "de sessió)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "Per defecte: 0 (sense límit)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (Enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" "Si el proveïdor d'autenticació està fora de línia, quants intents d'accés " "fallits es permet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (Enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" "El temps en minuts que ha de passar després que s'ha assolit " "offline_failed_login_attempts abans que un nou intent de connexió sigui " "possible." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "Per defecte: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (Enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" "Controla quin tipus de missatges es mostren a l'usuari durant la " "autenticació. Com més gran sigui el nombre més missatges es mostren." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "L'Sssd suporta actualment els següents valors:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: no mostris cap missatge" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: Mostra només missatges importants" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: Mostra missatges informatius" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: Mostra tots els missatges i informació de depuració" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "Per defecte: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (Enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" "Per a qualsevol petició de PAM mentre és en línia, l'SSSD intentarà " "actualitzar immediatament la informació d'identitat en memòria cau per a " "l'usuari per tal de garantir que l'autenticació es porta a terme amb " "l'última informació." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" "Una conversa completa de PAM pot realitzar múltiples peticions de PAM, com " "ara la gestió del compte i la sessió d'inici. Aquesta opció controla (en " "base a aplicació per client) quant de temps (en segons) es pot emmagatzemar " "en memòria cau la informació d'identitat per evitar excessives peticions al " "proveïdor d'identitat." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "Per defecte: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "SECCIONS DE DOMINI" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "min_id, max_id (Enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" "Els límits UID i GID per al domini. Si un domini conté una entrada que està " "fora d'aquests límits, s'ignora." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" "Per a usuaris, això afecta el límit del GID primari. L'usuari no es " "retornarà a l'NSS si l'UID o el GID primari és fora de l'interval. Per als " "membres dels grups secundaris, els que estan dins l'interval es comunicaran " "com s'esperava." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Per defecte: 1 per a min_id, 0 (sense límit) per a max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "enumerate (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" "Determina si un domini pot ser enumerat. Aquest paràmetre pot tenir un dels " "valors següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = Els usuaris i grups s'enumeren" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = Cap enumeració per a aquest domini" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "Per defecte: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" "Mentre s'està executant la primera enumeració, les peticions de llistes " "completes d'usuaris o grups poden no retornar cap resultat fins que aquest " "finalitzi." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" "A més a més, permetre l'enumeració pot augmentar el temps necessari detectar " "desconnexions de xarxa, ja que temps d'espera més llargs són necessaris per " "assegurar-se que les cerques de l'enumeració s'han completat amb èxit. Per " "a més informació, aneu a les pàgines de manual de l'id_provider específic en " "ús." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 #, fuzzy #| msgid "ldap_user_name (string)" msgid "subdomain_enumerate (string)" msgstr "ldap_user_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "Per defecte: none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (Enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" "Quants segons l'nss_sss hauria de considerar les entrades vàlides abans de " "demanar al rerefons una altra vegada" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "Per defecte: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" "Determina si les credencials d'usuari també són emmagatzemades en la memòria " "cau local de LDB" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (Enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" "Nombre de dies que les entrades es queden a la memòria cau després del " "darrer inici de sessió vàlid abans de ser eliminat durant una neteja de la " "memòria cau. 0 significa mantenir per sempre. El valor d'aquest paràmetre " "ha de ser superior o igual a offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "Per defecte: 0 (sense límit)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "id_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" "Si s'estableix a TRUE, totes les peticions a aquest domini han d'utilitzar " "noms de domini qualificats. Per exemples, si s'utilitza a un domini LOCAL " "que conté un usuari \"test\", <command>getent passwd test</command> no " "trobaria l'usuari mentre que <command>getent passwd test@LOCAL</command> si." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "auth_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" "El proveïdor d'autenticació utilitzat per al domini. Els proveïdors " "d'autenticació suportats són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> per autenticació nativa LDAP. Vegeu " "<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> per a més informació sobre configuració d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" "<quote>krb5</quote> per a l'autenticació Kerberos. Vegeu " "<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> per a més informació sobre configurar Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" "<quote>proxy</quote> per a la autenticació re-enviada a algun altre objectiu " "de PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> impossibilita l'autenticació explícitament." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" "Per defecte: <quote>id_provider</quote> s'utilitza si s'ha establert i pot " "gestionar les sol·licituds d'autenticació." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "access_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" "El proveïdor d'accés de control utilitzat per al domini. Hi ha dos " "proveïdors d'accés incorporats (a més de qualsevol dels rerefons " "instal·lats) Els proveïdors especials interns són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> sempre denega l'accés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" "<quote>simple</quote> control d'accés basat en llistes d'acceptació o " "denegació. Vegeu <citerefentry><refentrytitle>sssd-simple</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> per a més informació sobre la " "configuració del mòdul d'accés simple." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "Per defecte: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "chpass_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" "El proveïdor que hauria de gestionar les operacions de canvi contrasenya per " "al domini. Els proveïdors de canvi de contrasenya compatibles són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> per canviar una contrasenya emmagatzemada en un servidor " "LDAP. Vegeu <citerefentry><refentrytitle>sssd-ldap</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> per a més informació sobre " "configuració d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" "<quote>krb5</quote> per canviar la contrasenya Kerberos. Vegeu " "<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> per a més informació sobre configurar Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" "<quote>proxy</quote> per al canvi de contrasenya re-enviat a algun altre " "objectiu de PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> rebutja els canvis de contrasenya explícitament." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" "Per defecte: <quote>auth_provider</quote> s'utilitza si s'ha establert i pot " "gestionar peticions de canvi de contrasenya." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" "Per defecte: <quote>(?P<nom>[^@]+)@?(?P<domini>[^@]*$)</quote> " "que es tradueix per \"el nom és qualsevol cosa fins el símbol <quote>@</" "quote> , el domini tot el que ve després\"" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" "ATENCIÓ SI US PLAU: una versió més antiga de libpcre només suporta la " "sintaxi Python (?P <name>) a l'etiqueta subpatterns." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Per defecte: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "lookup_family_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" "Proporciona la capacitat de seleccionar la família d'adreces preferida en " "realitzar cerques de DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "Valors admesos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "ipv4_first: Intenta resoldre l'adreça IPv4, si falla, intenta IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: Intenta resoldre només noms màquina a adreces IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "ipv6_first: Intenta resoldre l'adreça IPv6, si falla, intenta IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: Intenta resoldre només noms màquina a adreces IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "Per defecte: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" "Defineix la quantitat de temps (en segons) per esperar per una resposta de " "la resolució de DNS abans d'assumir que és inaccessible. Si s'arriba a " "aquest temps d'espera, el domini seguirà operant en el mode fora de línia." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "Per defecte: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" "Si el servei de descobriment s'utilitza en el rerefons, especifica la part " "del domini de la consulta DNS del servei de descobriment." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "Per defecte: Utilitza la part del domini del nom de màquina" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Aquestes opcions de configuració poden ser presents a una secció de " "configuració de domini anomenada <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "El servidor intermediari on re-envia PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" "Per defecte: No està establit per defecte, heu de prendre una configuració " "de pam existent o crear-ne una de nova i afegir aquí el nom del servei." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" "El nom de la biblioteca NSS per utilitzar en els servidors intermediaris de " "domini. Les funcions NSS buscades a la biblioteca tenen el format _nss_" "$(libName)_$(function), per exemple _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" "Opcions vàlides per a servidors intermediaris de domini. <placeholder type=" "\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "La secció de domini local" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" "Aquesta secció conté paràmetres per a dominis que emmagatzemen els usuaris i " "grups a la base de dades SSSD nadiu de, és a dir, un domini que utilitza " "<replaceable>id_provider = local</replaceable>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "default_shell (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" "L'intèrpret d'ordres per defecte per als usuaris creats amb eines SSSD " "d'espai d'usuari." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "Per defecte: <filename>/bin/bash</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "base_directory (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" "Les eines afegeixen el nom d'usuari a <replaceable>base_directory</" "replaceable> i utilitzen això com el directori d'usuari." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "Per defecte: <filename>/home</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "create_homedir (booleà)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "Per defecte: TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "remove_homedir (booleà)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "homedir_umask (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" "Utilitzat per <citerefentry><refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry> per especificar els permisos per " "defecte en un directori personal acabat de crear." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "Per defecte: 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "skel_dir (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" "El directori d'esquelet que conté fitxers i directoris per copiar al " "directori de personal, quan el directori personal és creat per " "<citerefentry><refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "Per defecte: <filename>/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "mail_dir (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" "El directori de cua de correu. Això és necessari per manipular la bústia de " "correu quan el compte d'usuari corresponent és modificat o suprimit. Si no " "s'especifica, s'utilitzarà un valor per defecte." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "Per defecte: <filename>/var/correu</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "userdel_cmd (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" "L'ordre que s'executa després d'eliminar un usuari. L'ordre passa el nom " "d'usuari com el primer i únic paràmetre. El codi de retorn de l'ordre no es " "té en compte." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "Per defecte: Cap, no s'executa cap comanda" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "EXEMPLE" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" "\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" "El següent exemple mostra una configuració típica d'SSSD. No descriu la " "configuració dels mateixos dominis - referiu-vos a la documentació de " "configuració de dominis per a més detalls. <placeholder type=" "\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "sssd-ldap" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" "Aquesta pàgina del manual descriu la configuració de dominis LDAP per a " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</quote> de la " "pàgina del manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> per obtenir informació detallada de " "la sintaxi." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "Podeu configurar SSSD per utilitzar més d'un domini d'LDAP." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" "El rerefons LDAP suporta proveïdors d'identificació, autenticació, accés i " "canvi de contrasenya. Si voleu autenticar contra un servidor LDAP s'exigeix " "TLS/SSL o LDAPS. L'<command>sssd</command> <emphasis>no</emphasis> suporta " "autenticació sobre un canal sense xifrar. Si el servidor de LDAP s'utilitza " "només com a un proveïdor d'identitats, no és necessari un canal xifrat. Si " "us plau refereiu-vos a l'opció <quote>ldap_access_filter</quote> per a més " "informació sobre l'ús d'LDAP com un proveïdor d'accés." #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "OPCIONS DE CONFIGURACIÓ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Per habilitar el servei descobriment s'ha d'establir " "ldap_chpass_dns_service_name." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "ldap_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "El DN base per defecte a utilitzar per realitzar operacions d'usuari d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "ldap_schema (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "Per defecte: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "El vincle DN per defecte per utilitzar en realitzar les operacions d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "El tipus de testimoni d'autenticació del vincle DN per defecte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "Els dos mecanismes suportats actualment són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "contrasenya" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" "El testimoni de l'autenticació de l'omissió s'uneixen DN. Només aclarir " "text contrasenyes estan suportats actualment." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "ldap_user_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "La classe d'objecte d'una entrada d'usuari a LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "Per defecte: posixAccount" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "ldap_user_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "L'atribut LDAP que correspon al nom de compte de l'usuari." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "Per defecte: uid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "ldap_user_uid_number (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "" "L'atribut LDAP que correspon al númerdo de l'identificador de l'usuari." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "Per defecte: uidNumber" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "ldap_user_gid_number (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" "L'atribut LDAP que correspon a l'identificador del grup primari de l'usuari." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "Per defecte: gidNumber" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "ldap_user_gecos (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "L'atribut LDAP que correspon al camp gecos de l'usuari." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "Per defecte: gecos" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "ldap_user_home_directory (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "L'atribut LDAP que conté el nom del directori personal de l'usuari." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "Per defecte: homeDirectory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "ldap_user_shell (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" "L'atribut LDAP que conté la ruta a l'intèrpret d'ordres per defecte de " "l'usuari." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "Per defecte: loginShell" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "ldap_user_uuid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "L'atribut LDAP que conté el UUID/GUID d'un objecte d'usuari d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "Per defecte: nsUniqueId" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "ldap_user_modify_timestamp (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" "L'atribut LDAP que conté la data i hora de l'última modificació de l'objecte " "pare." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "Per defecte: modifyTimestamp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "ldap_user_shadow_last_change (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" "En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " "atribut d'LDAP corresponent al seu homòleg " "<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> (data de l'últim canvi de contrasenya)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "Per defecte: shadowLastChange" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "ldap_user_shadow_min (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" "En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " "atribut d'LDAP corresponent al seu homòleg " "<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> (edat mínima de la contrasenya)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "Per defecte: shadowMin" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "ldap_user_shadow_max (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" "En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " "atribut d'LDAP corresponent al seu homòleg " "<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> (edat màxima de la contrasenya)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "Per defecte: shadowMax" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "ldap_user_shadow_warning (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" "En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " "atribut d'LDAP corresponent al seu homòleg " "<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> (període d'advertència de contrasenya)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "Per defecte: shadowWarning" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "ldap_user_shadow_inactive (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" "En utilitzar ldap_pwd_policy=shadow, aquest paràmetre conté el nom d'un " "atribut d'LDAP corresponent al seu homòleg " "<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> (període d'inactivitat de contrasenya)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "Per defecte: shadowInactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "ldap_user_shadow_expire (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" "En utilitzar ldap_pwd_policy=shadow o ldap_account_expire_policy=shadow, " "aquest paràmetre conté el nom d'un atribut d'LDAP corresponent al seu " "homòleg <citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> (data de caducitat del compte)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "Per defecte: shadowExpire" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "ldap_user_krb_last_pwd_change (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" "En utilitzar ldap_pwd_policy=mit_kerberos, aquest paràmetre conté el nom " "d'un atribut d'LDAP que emmagatzema la data i hora del darrer canvi de " "contrasenya en kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "Per defecte: krbLastPwdChange" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "ldap_user_krb_password_expiration (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" "En utilitzar ldap_pwd_policy=mit_kerberos, aquest paràmetre conté el nom " "d'un atribut d'LDAP que emmagatzema la data i hora d'expiració de la " "contrasenya actual." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "Per defecte: krbPasswordExpiration" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "ldap_user_principal (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" "L'atribut LDAP que conté el Nom Principal d'Usuari (UPN) de l'usuari de " "Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "Per defecte: krbPrincipalName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" "Alguns servidors de directori, per exemple Active Directory, podria entregar " "la part de l'àmbit de l'UPN en minúscules, que podria provocar que " "l'autenticació fallàs. Definiu aquesta opció a un valor diferent de zero si " "voleu utilitzar un àmbit en majúscules." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" "Determina la freqüència en comprovar la memòria cau per a entrades inactives " "(grups sense membres i usuaris que mai no han iniciat una sessió) i eliminar-" "los per estalviar espai." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "A zero, aquesta opció desactivarà l'operació de neteja de memòria cau." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "Per defecte: 10800 (12 hores)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "ldap_user_fullname (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "L'atribut LDAP que correspon al nom complet de l'usuari." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "Per defecte: cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "ldap_user_member_of (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "L'atribut LDAP que llista la pertanença a grups de l'usuari." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "Per defecte: memberOf" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "ldap_user_authorized_service (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" "Si access_provider=ldap i ldap_access_order=authorized_service, l'SSSD farà " "servir la presència de l'atribut authorizedService a l'entrada LDAP de " "l'usuari per determinar els privilegis d'accés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" "Una denegació explícita (! svc) es resol en primer lloc. En segon lloc, " "l'SSSD cerca autoritzacions explícites (svc) i, finalment, allow_all (*)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "Per defecte: authorizedService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "ldap_group_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "La classe d'objecte d'una entrada de grup a LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "Per defecte: posixGroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "ldap_group_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "L'atribut LDAP que es correspon amb el nom del grup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "ldap_group_gid_number (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "L'atribut LDAP que correspon a l'identificador del grup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "ldap_group_member (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "L'atribut LDAP que conté els noms dels membres del grup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "ldap_group_uuid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "L'atribut LDAP que conté el UUID/GUID d'objecte de grup LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "ldap_group_modify_timestamp (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_group_type (integer)" msgstr "ldap_opt_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 #, fuzzy #| msgid "The LDAP attribute that contains the names of the group's members." msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "L'atribut LDAP que conté els noms dels membres del grup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" "Si ldap_schema s'estableix a un format d'esquema que suporta grups niats (p. " "ex. RFC2307bis), llavors aquest opció controla quants nivells de nidificació " "seguirà l'SSSD. Aquesta opció no té cap efecte sobre l'esquema RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "Per defecte: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "ldap_netgroup_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "La classe d'objecte d'una entrada de netgroup a LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "Per defecte: nisNetgroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "ldap_netgroup_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "L'atribut LDAP que es correspon amb el nom del netgroup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "ldap_netgroup_member (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "L'atribut LDAP que conté els noms dels membres del netgroup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "Per defecte: memberNisNetgroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "ldap_netgroup_triple (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" "L'atribut LDAP que conté les tripletes netgroup (maquina, usuari, domini)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "Per defecte: nisNetgroupTriple" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "ldap_netgroup_uuid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "L'atribut LDAP que conté el UUID/GUID d'un objecte de netgroup d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "ldap_netgroup_modify_timestamp (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" "Especifica el temps d'espera (en segons) després que el " "<citerefentry><refentrytitle>sondeig</refentrytitle> <manvolnum>2</" "manvolnum></citerefentry>/<citerefentry><refentrytitle>selecció</" "refentrytitle> <manvolnum>2</manvolnum></citerefentry> seguit d'una " "<citerefentry><refentrytitle>connexió</refentrytitle> <manvolnum>2</" "manvolnum></citerefentry> retorna en cas de cap activitat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" "Especifica un temps d'espera (en segons) després que les trucades a les API " "síncrones de LDAP s'abandonaran si no es rep cap resposta. També controla el " "temps d'espera en comunicar amb el KDC en cas d'un vincle SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" "Especifica quines comprovacions s'han de realitzar sobre els certificats de " "servidor en una sessió TLS, si s'escau. Es pot especificar com un dels " "valors següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" "<emphasis>never</emphasis> = El client no demanarà o comprovarà cap " "certificat del servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" "<emphasis>allow</emphasis> = El certificat del servidor es sol·licitatarà. " "Si no es proporciona cap certificat, la sessió avança normalment. Si es " "proporciona un certificat dolent, s'ignorarà i la sessió procedirà " "normalment." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" "<emphasis>try</emphasis> = El certificat del servidor es sol·licitatarà. Si " "no es proporciona cap certificat, la sessió avança normalment. Si es " "proporciona un certificat dolent, immediatament s'acaba la sessió." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" "<emphasis>demand</emphasis> = El certificat del servidor es sol·licitatarà. " "Si no es proporciona cap certificat, o se'n proporciona un de dolent, " "immediatament s'acaba la sessió." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "Per defecte: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" "Especifica el fitxer que conté els certificats per a totes les Autoritats de " "Certificació que reconeixerà l'<command>sssd</command>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" "Per defecte: Utilitza els valors per defecte d'OpenLDAP, normalment a " "<filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" "Especifica la ruta d'un directori que conté els certificats d'Entitat " "Certificadora en arxius separats independents. Normalment els noms de fitxer " "són el hash del certificat seguit de '. 0 \". Si està disponible, " "<command>cacertdir_rehash</command> pot ser utilitzat per crear els noms " "correctes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" "Especifica que la connexió id_provider també ha d'utilitzar <systemitem " "class=\"protocol\">tls</systemitem> per a protegir el canal." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" "Especifica el mecanisme SASL a utilitzar. Actualment només GSSAPI és provat " "i suportat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "Especifica el fitxer keytab a utilitzar quan s'utilitza SASL/GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5." "keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" "Especifica que el id_provider hauria d'iniciar les credencials del Kerberos " "(TGT). Aquesta acció es realitza només si s'utilitza SASL i el mecanisme " "seleccionat és GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "Especifica el temps de vida en segons de la TGT si s'utilitza GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "Per defecte: 86400 (24 hores)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" "En utilitzar el servei de descobriment per a servidors KDC o kpasswd, l'SSSD " "primer cerca les entrades DNS que especifiquen _udp com el protocol i " "retorna a _tcp si no se'n troba cap." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" "Aquesta opció s'anomenava <quote>krb5_kdcip</quote> en les primeres versions " "d'SSSD. Mentre que el nom antic és reconegut de moment, s'aconsella als " "usuaris que migrain els seus fitxers de configuració per utilitzar " "<quote>krb5_server</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "Especifica l'àmbit KERBEROS (per a autenticació SASL/GSSAPI)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/" "krb5.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" "Selecciona la política per avaluar la caducitat de la contrasenya en el " "costat del client. S'admeten els valors següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" "<emphasis>none</emphasis> - Cap avaluació del costat del client. Aquesta " "opció no inhabilita les polítiques de contrasenya de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" "<emphasis>mit_kerberos</emphasis> - Usa els atributs utilitzats per MIT " "Kerberos per determinar si la contrasenya ha caducat. Utilitza " "chpass_provider=krb5 per actualitzar aquests atributs quan es canvia la " "contrasenya." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" "Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" "Si us plau fixi's que l'sssd només suporta el seguiment del referenciador " "quan és compilat amb la versió d'OpenLDAP 2.4.13 o superior." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Especifica el nom de servei per utilitzar quan està habilitada la detecció " "de serveis." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "Per defecte: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" "Especifica el nom de servei a utilitzar per trobar un servidor LDAP que " "permet canvis de contrasenya quan està habilitada la detecció de serveis." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" "Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "Exemple:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, fuzzy, no-wrap #| msgid "" #| "access_provider = ldap\n" #| "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n" #| " " msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" "access_provider = ldap\n" "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 #, fuzzy #| msgid "" #| "This example means that access to this host is restricted to members of " #| "the \"allowedusers\" group in ldap." msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" "Aquest exemple significa que l'accés a aquesta màquina està restringit als " "membres del grup d'ldap \"allowedusers\"." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" "La memòria cau fora de línia per a aquesta característica es limita a " "determinar si el darrer inici de sessió d'usuari va concedir permís d'accés. " "Si es var concedir accés durant el seu últim inici de sessió, es continuarà " "concedint accés en estar fora de línia i viceversa." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "Per defecte: Buit" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" "Amb aquesta opció es pot habilitar una avaluació del costat de client " "d'atributs de control d'accés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" "Si us plau, tingueu en compte que sempre és recomanable utilitzar el control " "d'accés del costat de servidor, és a dir, el servidor d'LDAP hauria de " "denegar la petició de vincle amb un codi d'error adequat fins i tot si la " "contrasenya és correcta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "S'admeten els valors següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" "<emphasis>shadow</emphasis>: utilitza el valor ldap_user_shadow_expire per " "determinar si el compte ha caducat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "ldap_access_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Llista separada per comes d'opcions de control d'accés. Els valors permesos " "són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" "<emphasis>authorized_service</emphasis>: utilitza l'atribut " "authorizedService per determinar l'accés" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "Per defecte: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" "Si us plau, tingueu en compte que és un error de configuració si un valor " "s'utilitza més d'una vegada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "ldap_deref (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" "Especifica com la eliminació de referències d'àlies es fa en realitzar una " "cerca. S'admeten les opcions següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" "<emphasis>never</emphasis>: les referències dels àlies mai són eliminades." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" "<emphasis>searching</emphasis>: les referències dels àlies són eliminades en " "subordinats de l'objecte base, però no en la localització de l'objecte base " "de la cerca." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" "<emphasis>finding</emphasis>: les referències dels àlies són eliminades " "només en localitzar l'objecte base de la cerca." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" "<emphasis>always</emphasis>: les referències dels àlies són eliminades tant " "en la recerca i en la localització de l'objecte base de la cerca." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" "Per defecte: Buit (això es tractarà com <emphasis>never</emphasis> per les " "llibreries client d'LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" "Totes les opcions comunes de configuració que s'apliquen als dominis SSD " "també s'apliquen als dominis LDAP. Referiu-vos a la secció <quote>SECCIONS " "DE DOMINI</quote> de la pàgina de manual de <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> per a tots els detalls. <placeholder type=\"variablelist\" id=" "\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "OPCIONS AVANÇADES" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Aquestes opcions són suportades pels dominis LDAP però s'haurien de fer " "servir amb cura. Si us plau, afegiu-les a la vostra configuració només si " "sabeu el que estau fent. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" "L'exemple següent presuposa que l'SSSD està correctament configurat i l'LDAP " "està definit com a un dels dominis a la secció <replaceable>[domains]</" "replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTES" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" "Les descripcions d'algunes de les opcions de configuració en aquesta pàgina " "del manual es basen en la pàgina del manual <citerefentry>de " "<refentrytitle>ldap.conf</refentrytitle> <manvolnum>5</manvolnum></" "citerefentry> de la distribució de OpenLDAP 2.4." #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" "<productname>SSSD</productname> <orgname>La font de l'SSSD - http://" "fedorahosted.org/sssd</orgname>" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "pam_sss" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "Mòdul de PAM per SSSD" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" "<command>pam_sss.so</command> és la interfície PAM pel System Security " "Services daemon (SSSD). Els errors i els resultats es registren a través de " "<command>syslog(3)</command> amb el canal LOG_AUTHPRIV." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" "Si s'estableix <option>forward_pass</option> contrasenya introduïda és posa " "a la pila per tal que altres mòduls PAM l'utilitzin." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "<option>use_first_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" "L'argument use_first_pass força al mòdul a utilitzar una contrasenya apliada " "als mòduls anteriors i mai demanarà l'usuari - si no hi ha cap contrasenya o " "la contrasenya no és correcte, se li negarà l'accés a l'usuari." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "<option>use_authtok</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" "Quan el canvi de contrasenya força al mòdul a establir la contrasenya nova a " "la proporcionada per un mòdul de contrasenya prèviament apilat." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "<option>retry=N</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" "Si s'especifica l'usuari serà demanat N vegades més per una contrasenya en " "cas de fallar l'autenticació. Per defecte és 0." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" "Si us plau, tingueu en compte que aquesta opció podria no funcionar com " "s'espera si l'aplicació que crida PAM gestiona pel seu compte el diàleg amb " "l'usuari. Un exemple típic és <command>sshd</command> amb " "<option>PasswordAuthentication</option>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 #, fuzzy #| msgid "<option>forward_pass</option>" msgid "<option>ignore_unknown_user</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "MÒDUL TIPUS PROPORCIONATS" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" "S'ofereixen tots els tipus de mòdul (<option>compte</option>, <option>auth</" "option>, <option>contrasenya</option> i <option>sessió</option>)." #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "FITXERS" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" "Si una contrasenya reinicialitzada per root falla, degut a que el proveïdor " "SSSD corresponent no suporta reinicialitzar contrasenyes, es pot mostrar un " "missatge concret. Aquest missatge pot contenir, per exemple, instruccions " "sobre com restaurar una contrasenya." #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" "Aquests fitxers són buscat al directori <filename>/etc/sssd/customize/" "NOM_DE_DOMINI/</filename>. Si no es troba cap fitxer coincident es mostrarà " "un missatge genèric." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "sssd_krb5_locator_plugin" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" "No totes les implementacions Kerberos suporten l'ús d'afegitons. Si " "<command>sssd_krb5_locator_plugin</command> no està disponible al seu " "sistema heu d'editar /etc/krb5.conf per reflectir la seva configuració de " "Kerberos." #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "sssd-simple" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" "el fitxer de configuració per al proveïdor 'simple' de control d'accés d'SSSD" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" "Aquesta pàgina del manual descriu la configuració del proveïdor senzill de " "control d'accés per <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry>. Per una referència detallada de la " "sintaxi, aneu a la secció de <quote>FORMAT DE FITXER</quote> de la pàgina " "del manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" "El proveïdor d'accés simple accepta o nega l'accés basat en una llista " "d'accés o denegació de noms d'usuari grups. S'apliquen les regles següents:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "Si totes les llistes estan buides, s'accepta l'accés" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" "Si es proporciona alguna llista, l'ordre d'avaluació és accpetar, denegar. " "Això significa que qualsevol regla de denegació explícita substituirà " "qualsevol regla d'accés." #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" "Si es proporcionen una o ambdues llistes d'acceptació tots els usuaris són " "denegats excepte els que apareixen a la llista." #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" "Si només es proporcionen llistes de \"denegació\" tots els usuaris tenen " "accés excepte els que apareixen a la llista." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "simple_allow_users (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "Llista separada per comes d'usuaris amb permís per iniciar sessió." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "simple_deny_users (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" "Llista separada per comes d'usuaris amb denegació explícita per iniciar " "sessió." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "simple_allow_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" "Llista separada per comes de grups que se'ls permet l'entrada. Això s'aplica " "només a grups d'aquest domini SSSD. No s'avaluen els grups locals." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "simple_deny_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" "Llista separada per comes de grups que tenen l'accés explícitament denegat. " "Això s'aplica només a grups d'aquest domini SSSD. No s'avaluen els grups " "locals." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Consulteu la secció <quote>SECCIONS DE DOMINI</quote> de la pàgina del " "manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> per a més informació sobre la configuració d'un " "domini SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" "Si us plau, tingueu en compte que és un error de configuració si es " "defineixen alhora simple_allow_users i simple_deny_users." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" "L'exemple següent pressuposa que l'SSSD està configurat correctament i " "example.com és un dels dominis de la secció <replaceable>[sssd]</" "replaceable>. Aquest exemple mostra només les opcions d'accés simple " "específiques del proveïdor." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "sssd-ipa" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "Aquesta pàgina del manual descriu la configuració del proveïdor IPA per " "<citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry>. Per una referència detallada sintaxi, aneu a la secció de " "<quote>FORMAT DE FITXER</quote> de la pàgina del manual " "<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" "El proveïdor d'IPA és un back-end utilitzat per connectar a un servidor " "d'IPA. (Consuleteu el lloc web freeipa.org per obtenir informació sobre " "servidors IPA). Aquest proveïdor requereix afegir la màquina al domini " "d'IPA; la configuració s'auto-detecta gairebé totalment i s'obté directament " "des del servidor." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "ipa_domain (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" "Especifica el nom del domini IPA. Això és opcional. Si no s'especifica " "s'utilitza el nom de domini de la configuració." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "ipa_hostname (cadeba)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" "Opcional. Es pot definir en màquines on el hostname(5) no reflecteix el nom " "complet utilitzat en el domini d'IPA per identificar aquest amfitrió." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "Per defecte: Utilitzar l'adreça IP de la connexió LDAP d'IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "krb5_validate (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" "Comproveu amb l'ajuda de krb5_keytab que la TGT obtinguda no ha sigut " "suplantada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" "Tingueu en compte que aquesta opció per defecte difereix del tradicional " "proveïdor Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 #, fuzzy #| msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgid "<emphasis>never</emphasis> use FAST." msgstr "" "<emphasis>never</emphasis>: les referències dels àlies mai són eliminades." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 #, fuzzy #| msgid "Default: true" msgid "Default: try" msgstr "Per defecte: true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 msgid "This option should only be set by the IPA installer." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" "L'exemple següent pressuposa que l'SSD està configurat correctament i " "example.com és un dels dominis de la secció <replaceable>[sssd]</" "replaceable>. Aquest exemple mostra només opcions específiques del proveïdor " "IPA." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 #, fuzzy #| msgid "ldap_access_filter (string)" msgid "ad_access_filter (boolean)" msgstr "ldap_access_filter (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 #, fuzzy #| msgid "Default: true" msgid "Default: Not set" msgstr "Per defecte: true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 #, fuzzy #| msgid "ldap_referrals (boolean)" msgid "ad_enable_gc (boolean)" msgstr "ldap_referrals (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "sssd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "Dimoni de Serveis de Seguretat de Sistema" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" "L'<command>SSSD</command> proporciona un conjunt de dimonis per gestionar " "l'accés a directoris remots i mecanismes d'autenticació. Proporciona una " "interfície NSS i PAM cap el sistema i un mètode d'afegitons per connectar a " "múltiples fonts de comptes diferents així com a l'interfície D-Bus. També és " "la base per proporcionar auditació de clients i polítiques de serveis per a " "projectes com FreeIPA. Proporciona una base de dades més robusta on " "emmagatzemar usuaris locals, així com dades addicionals d'usuari." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" "<option>-d</option>,<option>--debug-level</option> <replaceable>NIVELL</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "<option>-f</option>,<option>--debug-to-files</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" "Envia la sortida de depuració a fitxers en comptes d'stderr. Per defecte els " "fitxers de registre s'emmagatzemen a <filename>/var/log/sssd</filename> i hi " "ha fitxers de registre separats per a cada servei d'SSSD i domini." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "<option>-D</option>,<option>--daemon</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "Esdevé un dimoni després d'iniciar-se." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "<option>-i</option>,<option>--interactive</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "Executa en primer pla, no esdevenir un dimoni." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "<option>-c</option>,<option>--config</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "Especifi un fitxer de configuració direfent al per defecte. Per defecte és " "<filename>/etc/sssd/sssd.conf</filename>. Per consultar a la sintaxi del " "fitxer de configuració i les opcions, aneu a la pàgina del manual " "<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "Senyals" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "SIGTERM/SIGINT" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" "Informa l'SSSD per finalitzar elegantment tots els seus processos fil i " "llavors apagar el monitor." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "SIGHUP" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" "Diu a l'SSSD que deixi d'escriure als actual descriptors de fitxers de " "depuració i que els tanqui i els reobri. Això intenta facilitar la rotació " "dels registres amb programes com logrotate." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "SIGUSR1" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" "Demana a l'SSSD d'operar de manera simulada fora de línia durant un minut. " "Això principalment és útil per a propòsits de comprovacions." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "SIGUSR2" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" "Demana a l'SSSD d'anar immediatament en línia. Això és útil principalment " "per a propòsits de comprovacions." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "sss_obfuscate" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "ofusca una contrasenya de text clar" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>opcions</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" "<command>sss_obfuscate</command> converteix una contrasenya especificada en " "un format illegible per humans i la col·loca a la secció de domini adequada " "de l'arxiu de configuració d'SSSD." #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" "Si us plau fixi's que ofuscar contrasenyes <emphasis>no proporciona cap " "benefici real de seguretat</emphasis> ja que un atacant encara podria " "extreure la contrasenya amb enginyeria inversa. Es recomana " "<emphasis>aferrissadament</emphasis> l'ús de mecanismes d'autenticació " "millors com certificats de client o GSSAPI." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "<option>-s</option>,<option>--stdin</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "La contrasenya per ofuscar es llegirà de l'entrada estàndard." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMINI</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" "El domini SSSD on utilitzar la contrasenya. El nom per defecte és " "<quote>default</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" "<option>-f</option>,<option>--file</option> <replaceable>FITXER</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "" "Llegeix el fitxer de configuració especificat pel paràmetre de posició." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "Per defecte: <filename>/etc/sssd/sssd.conf</filename>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "sss_useradd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "crea un usuari nou" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>OPCIONS</" "replaceable></arg> <arg choice='plain'> <replaceable>INICI DE SESSIÓ</" "replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" "<command>sss_useradd</command> crea un nou compte d'usuari utilitzant els " "valors especificats a la línia d'ordres més els valors per defecte del " "sistema." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" "Especifica l'UID de l'usuari al valor d'<replaceable>UID</replaceable>. Si " "no es dóna, és seleccionat automàticament." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENTARI</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" "Qualsevol cadena de text que descriu a l'usuari. Sovint s'utilitza com el " "camp pel nom i cognoms de l'usuari." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" "El directori personal del compte d'usuari. Per defecte s'afegeix el " "<replaceable>NOM D'USUARI</replaceable> a <filename>/ home</filename> i " "s'utilitza allò com el directori personal. La base que s'afegeix abans del " "<replaceable>NOM D'USUARI</replaceable> és personalitzable amb el paràmetre " "<quote>user_defaults/baseDirectory</quote> de l'sssd.conf." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" "<option>-s</option>,<option>--shell</option> <replaceable>INTÈRPRET " "D'ORDRES</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" "L'intèrpret d'ordres de l'usuari. Per defecte és <filename>/bin/bash</" "filename>. Es pot canviar el valor per defecte amb el paràmetre " "<quote>user_defaults/defaultShell</quote> de l'sssd.conf." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-G</option>,<option>--groups</option> <replaceable>GRUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "Una llista dels grups existents on n'és també membre aquest usuari." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "<option>-m</option>,<option>--create-home</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" "Crea el directori personal de l'usuari si no existeix. Al directori personal " "es copiaran els fitxers i directoris continguts en el directori esquelet " "(que es pot definir amb l'opció -k o en el fitxer de configuració)." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "<option>-M</option>,<option>--no-create-home</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" "No crea el directori personal de l'usuari. Invalida els paràmetres de " "configuració." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" "<option>-k</option>,<option>--skel</option> <replaceable>DIRECTORI ESQUELET</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 #, fuzzy #| msgid "Default: 0 (No limit)" msgid "Default: (from libkrb5)" msgstr "Per defecte: 0 (sense límit)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 msgid "Default: false (AD provider: true)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 #, fuzzy #| msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgid "<emphasis>Default</emphasis>: 0" msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "VEGEU TAMBÉ" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "" ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/fr.po�������������������������������������������������������0000644�0000000�0000000�00000000132�12320753573�016504� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396955003.497843875 30 atime=1396955003.497843875 30 ctime=1396955003.497843875 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/fr.po������������������������������������������������������������������������0000664�0024127�0024127�00001754615�12320753573�016756� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: # MarbolanGos Fabien <marbolangos@gmail.com>, 2012 # Jérôme Fenal <jfenal@gmail.com>, 2012-2013 # MarbolanGos Fabien <marbolangos@gmail.com>, 2012 # sgallagh <sgallagh@redhat.com>, 2012 # sgallagh <sgallagh@redhat.com>, 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2013-11-19 16:29+0000\n" "Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n" "Language-Team: French (http://www.transifex.com/projects/p/fedora/language/" "fr/)\n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "Pages de manuel de SSSD" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "sss_groupmod" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "8" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "modifier un groupe" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "DESCRIPTION" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" "<command>sss_groupmod</command> modifie le groupe pour refléter les " "changements spécifiés sur la ligne de commande." #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "OPTIONS" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" "Ajouter ce groupe aux groupes spécifiés par le paramètre " "<replaceable>GROUPS</replaceable>. Le paramètre <replaceable>GROUPS</" "replaceable> est une liste séparée par des virgules de noms de groupe." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" "Supprime ce groupe des groupes spécifiés par le paramètre " "<replaceable>GROUPS</replaceable>." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "sssd.conf" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "Formats de fichier et conventions" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "Le fichier de configuration pour SSSD" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "FORMAT DE FICHIER" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "Ce fichier utilise la syntaxe de style « .ini » et est constituée de " "sections et de paramètres. Une section commence par le nom de la section " "entre crochets et continue jusqu'à la section suivante. Un exemple de " "section avec des paramètres mono et multi-valués : <placeholder type=" "\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" "Les types de données utilisées sont des chaînes (pas de guillemets " "nécessaires), des entiers et des booléens (ayant pour valeur <quote>TRUE/" "FALSE</quote>)." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" "Un commentaire de ligne commence par un octothorpe (<quote>#</quote>) ou un " "point-virgule (<quote>;</quote>). Les commentaires au sein d'une ligne ne " "sont pas pris en charge." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" "Toutes les sections peuvent avoir un paramètre facultatif de " "<replaceable>description</replaceable>. Sa fonction ne sert qu'à nommer la " "section." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" "<filename>sssd.conf</filename> doit être un fichier normal, appartenant à " "root, et seul root doit pouvoir écrire et lire ce fichier." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "SECTIONS SPÉCIALES" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "La section [sssd]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "Paramètres de sections" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "config_file_version (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" "Indique la syntaxe du fichier de configuration. Pour SSSD 0.6.0 ou " "supérieure utiliser la version 2." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "services" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" "Liste des services séparés par des virgules qui sont démarrés quand sssd se " "lance." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" "Les services pris en charge : nss, pam <phrase condition=\"with_sudo\">, " "sudo</phrase> <phrase condition=\"with_autofs\"> autofs</phrase> <phrase " "condition=\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder" "\">, pac</phrase>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" "Nombre d'essais de reconnection ou de redémarrage que les services doivent " "effectuer dans le cas d'un plantage du fournisseur de données avant " "d'abandonner" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "Par défaut : 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "domaines" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" "Un domaine est une base de données contenant les informations utilisateurs. " "SSSD peut utiliser plusieurs domaines en même temps, au moins un doit être " "configuré ou SSSD ne démarrera pas. Ce paramètre décrit la liste des " "domaines dans l'ordre où ils doivent être requêtés. Un nom de domaine ne " "doit comprendre que des caractères ASCII alphanumériques, des tirets et " "caractères soulignés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "re_expression (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" "L'expression régulière par défaut qui décrit la manière d'analyser la chaîne " "contenant le nom d'utilisateur et de domaine dans ces composants." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" "Chaque domaine peut avoir une expression régulière individuelle configurée. " "Pour certains fournisseurs ID, il y a aussi des expressions régulières par " "défaut. Voir les SECTIONS DOMAINE pour plus d'informations sur ces " "expressions régulières." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "full_name_format (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" "Un format compatible avec<citerefentry> <refentrytitle>printf</" "refentrytitle> <manvolnum>3</manvolnum> </citerefentry> décrivant comment " "composer un domaine pleinement qualifé à partir des noms d'utilisateur et de " "domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "nom d'utilisateur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" "nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" "nom de domaine à plat. Utilisable principalement pour les domaines Active " "Directory, configurés directement ou découverts via les relations " "d'approbation IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" "Les expansions suivantes sont prises en charge : <placeholder type=" "\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" "Chaque domaine peut avoir une chaîne de format individuelle configurée. " "Voir les SECTIONS DOMAINE pour plus d'informations sur cette option." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "try_inotify (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" "SSSD gère l'état de resolv.conf pour identifier les besoins de mise à jour " "des résolutions DNS internes. Par défaut, l'utilisation de inotify sera " "tentée, et reviendra à une interrogation de resolv.conf toutes les cinq " "secondes si inotify échoue." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" "Il existe quelques cas spécifiques où l'utilisation de inotify n'est pas " "conseillée. Dans ces rares cas, cette option devrait être définie à « false »" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" "Par défaut : true sur les plates-formes où inotify est pris en charge. False " "sur les autres plates-formes." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" "Note : cette option n'aura aucun effet sur les plateformes où inotify n'est " "pas disponible. Sur celles-ci, l'interrogation régulière sera toujours " "utilisée." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "krb5_rcache_dir (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "Répertoire du système de fichiers où SSSD doit stocker les fichiers de cache " "de rejeu Kerberos." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" "Cette option accepte une valeur spéciale __LIBKRB5_DEFAULTS__ qui indiquera " "à SSSD de laisser libkrb5 décider l'emplacement approprié pour le cache de " "relecture." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" "Par défaut : paramètre spécifique à la distribution et spécifié au moment de " "la construction du logiciel. (__LIBKRB5_DEFAULTS__ si non configuré)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "default_domain_suffix (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" "Cette chaîne servira comme nom de domaine par défaut pour tous les noms sans " "composant de nom de domaine. Les principaux cas d'utilisation sont les " "environnements où le domaine principal va permettre de gérer les politiques " "de systèmes ainsi que tous les utilisateur provenant d'un domaine approuvé. " "L'option permet à ces utilisateurs de se connecter sans fournir un nom de " "domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" "Noter que, si cette option est définie, tous les utilisateurs du domaine " "principal doivent utiliser leur nom pleinement qualifié, par exemple " "user@domain.name, pour se connecter." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "Par défaut : non défini" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" "Les fonctionnalités propres à SSSD sont fournies par des services " "spécifiques SSSD, qui sont démarrés et arrêtés en même temps que SSSD. Les " "services sont gérés par un service spécifique souvent appelé le " "<quote>moniteur</quote>. La section <quote>[sssd]</quote> est utilisée pour " "configurer le moniteur ainsi que certaines options importantes comme " "l'identité des domaines. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "SECTIONS DE SERVICES" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" "Les options utilisables pour configurer les différents services sont " "décrites dans cette section. Ils doivent être situés dans la section " "[<replaceable>$NAME</replaceable>], par exemple pour le service NSS, la " "section doit être <quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "Options générales de configuration de service" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "Ces options peuvent être utilisées pour configurer les services." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "debug_level (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "debug_timestamps (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "Ajoute un horodatage aux messages de débogage" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "Par défaut : true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "debug_microseconds (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "Ajouter les microsecondes à l'horodatage dans les messages de débogage" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "Par défaut : false" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" "Délai d'attente entre deux requêtes pour ce domaine. Ceci est utilisé pour " "s'assurer que le processus est toujours actif et capable de répondre." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "Par défaut : 10" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" "Cette option spécifie le nombre maximal de descripteurs de fichiers qui " "peuvent être ouverts en même temps par ce processus SSSD. Sur les systèmes " "où SSSD se voit accorder la capacité CAP_SYS_RESOURCE, ce sera une limite " "absolue. Sur les systèmes sans cette capacité, la valeur résultante sera la " "valeur inférieure ou la limite « hard » de limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Par défault : 8192 (ou la limite « hard » de limits.conf)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" "Cette option spécifie la durée en secondes pendant laquelle un client d'un " "processus SSSD peut maintenir un descripteur de fichier ouvert sans " "communiquer avec. Cette valeur est limitée afin d'éviter l'épuisement des " "ressources sur le système." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "Par défaut : 60" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "force_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" "Si un service ne répond pas aux vérifications par ping (Cf. l'option " "<quote>timeout</quote>), le signal SIGTERM est d'abord envoyé de façon à " "l'arrêter proprement. Si le service ne se termine pas après " "<quote>force_timeout</quote> secondes, le moniteur sera arrêté violemment à " "l'aide d'un signal SIGKILL." #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "Options de configuration NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" "Ces options peuvent être utilisées pour configurer le service Name Service " "Switch (NSS)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" "La durée en secondes pendant laquelle nss_sss doit mettre en cache les " "énumérations (requêtes sur les informations de tous les utilisateurs)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "Par défaut : 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" "La valeur du cache peut être définie pour mettre à jour automatiquement les " "entrées en arrière plan si la requête ne dépasse pas un pourcentage de la " "valeur de entry_cache_timeout pour le domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" "Par exemple, si la valeur entry_cache_timeout du domaine est à 30 secondes " "et que entry_cache_nowait_percentage est à 50 (%), les entrées qui veulent " "mettre à jour le cache après 15 secondes seront renvoyées immédiatement, " "mais SSSD continuera et mettra à jour le cache de lui-même. Ainsi, les " "prochaines requêtes ne seront pas bloquées en attendant une mise à jour du " "cache." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" "Les valeurs autorisées pour cette option vont de 0 à 99 et représentent un " "pourcentage de la valeur entry_cache_timeout pour chaque domaine. Pour des " "raisons de performance, ce pourcentage ne réduira jamais le délai d'attente " "de non réponse à moins de 10 secondes (0 pour désactiver l'option)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "Par défaut : 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" "Spécifie le temps, en secondes, pendant lequel nss_sss doit mettre en cache " "les résultats négatifs du cache (c'est-à-dire les requêtes pour les bases de " "données invalides, comme celles qui n'existent pas) avant de faire à nouveau " "appel au moteur." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "Par défaut : 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" "Exclue certains utilisateurs de la recherche à partir de la base de données " "sss NSS. Ceci est particulièrement utile pour les comptes système. Cette " "option peut aussi être définie pour chaque domaine ou inclure des noms de " "domaines pleinement qualifiés pour filtrer seulement les utilisateurs d'un " "certain domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "Par défaut : root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" "Mettre cette option à « false » si les utilisateurs filtrés doivent rester " "membres de groupes." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "fallback_homedir (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" "Définir un modèle par défaut pour un répertoire utilisateur si aucun n'est " "explicitement spécifié par le fournisseur de données du domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" "Les valeurs disponibles pour cette option sont les mêmes que pour " "override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, fuzzy, no-wrap #| msgid "" #| "override_homedir = /home/%u\n" #| " " msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" "override_homedir = /home/%u\n" " " #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "exemple : <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Par défaut : non défini (aucune substitution pour les répertoires d'accueil " "non définis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "override_shell (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 #, fuzzy #| msgid "" #| "The default shell to use if the provider does not return one during " #| "lookup. This option supersedes any other shell options if it takes effect " #| "and can be set either in the [nss] section or per-domain." msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" "L'interpréteur de commande par défaut à utiliser si le fournisseur n'en " "donne pas un lors de la recherche. Cette option prend le pas sur toutes les " "autres options de shell si elle prend effet, et peut être positionnée soit " "dans la section [nss], soit par domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "Par défaut : indéfini (SSSD utilisera la valeur récupérée de LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "allowed_shells (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" "Restreindre l'interpréteur de commandes de l'utilisateur à l'une des valeurs " "indiquées. L'ordre d'évaluation est :" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</" "quote>, il est utilisé." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" "2. Si l'interpréteur de commandes est dans la liste « allowed_shells » mais " "n'est pas dans <quote>/etc/shells</quote>, la valeur de repli de « " "shell_fallback » sera utilisée." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" "3. Si l'interpréteur de commandes n'est ni dans la liste « allowed_shells » " "ni dans <quote>/etc/shells</quote>, une connexion sans shell est utilisée." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "" "Une chaîne vide pour l'interpréteur de commandes est passée telle quelle est " "à la libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" "Le fichier <quote>/etc/shells</quote> n'est lu qu'au démarrage de SSSD. Un " "redémarrage de SSSD est nécessaire si un nouvel interpréteur de commandes " "est installé." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" "Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est " "utilisé automatiquement." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "vetoed_shells (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" "Remplace toutes les occurences de ces interpréteurs de commandes par " "l'interpréteur de commandes par défaut" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "shell_fallback (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" "L'interpréteur de commandes par défaut à utiliser si un interpréteur de " "commandes autorisé n'est pas installé sur la machine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "Par défaut : /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 #, fuzzy #| msgid "" #| "The default shell to use if the provider does not return one during " #| "lookup. This option supersedes any other shell options if it takes effect " #| "and can be set either in the [nss] section or per-domain." msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" "L'interpréteur de commande par défaut à utiliser si le fournisseur n'en " "donne pas un lors de la recherche. Cette option prend le pas sur toutes les " "autres options de shell si elle prend effet, et peut être positionnée soit " "dans la section [nss], soit par domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" "Par défaut : non défini (retourne NULL si aucun shell n'est spécifié et " "s'appuyer sur la libc pour remplacer par quelque chose de sensé lorsque " "nécessaire, habituellement /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (int)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" "Spécifie la durée en secondes pendant laquelle la liste de sous-domaines est " "jugée valide." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "memcache_timeout (int)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" "Spécifie la durée en secondes, pour laquelle les enregistrements du cache en " "mémoire seront valides" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "Par défaut : 300" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "Options de configuration de PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" "Ces options permettent de configurer le service Pluggable Authentication " "Module (PAM)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" "Si le fournisseur d'authentification est déconnecté, combien de temps " "autoriser les connexions à partir du cache (en jours depuis la dernière " "connexion réussie)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "Par défaut : 0 (pas de limite)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" "Si le fournisseur d'authentification est déconnecté, combien de connexions " "échouées sont autorisées." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" "Le temps en minutes à attendre après avoir atteint " "offline_failed_login_attempts avant qu'une nouvelle tentative de connexion " "soit possible." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" "Si la valeur est à 0, l'utilisateur ne peut s'authentifier en mode " "déconnecté si offline_failed_login_attempts est atteint. Seulement une " "connexion réussie en ligne peut réactiver l'authentification." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "Par défaut : 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" "Contrôle le type de messages affichés à l'utilisateur pendant le processus " "d'authentification. Plus le nombre est grand, plus le nombre de messages " "affichés sera important." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "Actuellement sssd supporte les valeurs suivantes :" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis> : ne pas afficher de message" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis> : afficher les messages d'information" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis> : afficher tous les messages et informations de " "débogage" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "Par défaut : 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" "Lors de chaque requête PAM quand SSSD est en mode connecté, SSSD tentera de " "mettre à jour immédiatement les informations d'identité mises en cache pour " "l'utilisateur de manière à s'assurer que l'authentification se fasse avec " "les dernières informations." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" "Une conversation PAM complète peut effectuer plusieurs requêtes PAM, comme " "la gestion de compte et l'ouverture de session. Cette option contrôle (par " "client et par application) la durée (en secondes) de mise en cache des " "informations d'identité afin d'éviter de nombreux aller-retour avec le " "fournisseur d'identité." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "Afficher une alerte N jours avant l'expiration du mot de passe." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" "Noter que le moteur du service doit fournir des informations à propos du " "délai d'expiration du mot de passe. Si cette information est manquante, sssd " "ne peut afficher de message d'alerte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" "Si la valeur est zéro, ce filtre n'est pas appliqué, c'est-à-dire que si " "l'avertissement d'expiration est reçu de la part du moteur du serveur, il " "sera automatiquement affiché." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" "Ce paramètre peut être surchargé par le paramètre " "<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "Par défaut : 0" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "Options de configuration de SUDO" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "" "Les options suivantes peuvent être utilisées pour configurer le service sudo." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "sudo_timed (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" "Évaluation ou non des attributs sudoNotBefore et sudoNotAfter qui utilisent " "les entrées sudoers sensibles au temps." #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "Options de configuration AUTOFS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "Ces options peuvent être utilisées pour configurer le service autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" "Spécifie le délai en secondes pendant lequel le répondeur autofs stocke les " "réponses négatives (autrement dit, les requêtes pour les entrées de mappage " "non valide, comme celles qui n'existent pas) avant de demander à nouveau au " "moteur." #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "Options de configuration SSH" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "" "Les options suivantes peuvent être utilisées pour configurer le service SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" "Condenser ou non les noms de systèmes et adresses du fichier known_hosts" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" "La durée en secondes pendant laquelle conserver un système dans le fichier " "known_hosts géré après que ses clés de système ont été demandés." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "Par défaut : 180" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "Options de configuration du répondeur PAC" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" "Le répondeur PAC fonctionne avec le greffon de données d'autorisation pour " "sssd_pac_plugin.so MIT Kerberos et un fournisseur de sous-domaine. Le " "greffon envoie les données PAC au cours d'une authentification GSSAPI au " "répondeur PAC. Le fournisseur de sous-domaine recueille le SID du domaine et " "les plages d'ID du domaine auquel le client est lié au et des domaines " "approuvés distants du contrôleur de domaine local. Si les données PAC sont " "décodées et évaluées, les opérations suivantes sont effectuées :" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" "Si l'utilisateur distant n'existe pas dans le cache, il est créé. L'uid est " "calculé en fonction du SID, les domaines de confiance auront des groupes " "d'utilisateurs privés, et le gid aura la même valeur que l'uid. Le " "répertoire utilisateur est défini en fonction du paramètre " "subdomain_homedir. Le shell sera vide par défaut, permettant l'utilisation " "de la valeur par défaut du système, mais peut être remplacé par le paramètre " "default_shell." #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" "S'il y a des SID de groupes des domaines connus de sssd, l'utilisateur sera " "ajouté à ces groupes." #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" "Les options suivantes peuvent être utilisées pour configurer le répondeur " "PAC." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "allowed_uids (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" "Spécifie la liste séparée par des virgules des UID ou noms d'utilisateurs " "qui sont autorisés à accéder au répondeur PAC. Les noms d'utilisateurs " "seront résolus en UID au démarrage." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur " "PAC)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" "Noter que bien que l'UID 0 est utilisé par défaut, il sera remplacé par " "cette option. Si vous voulez continuer à permettre à l'utilisateur root à " "accéder au répondeur PAC, ce qui serait un cas habituel, vous devez ajouter " "0 à la liste des UID d'utilisateurs autorisés." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "SECTIONS DOMAINES" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" "Limites UID et GID pour le domaine. Si un domaine contient une entrée en " "dehors de ces limites, elle est ignorée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" "Pour les utilisateurs, cela affecte la limite des GID primaires. " "L'utilisateur ne sera pas renvoyé vers NSS si l'UID ou le GID primaire sont " "en dehors de la plage. Pour l'appartenance à un groupe non primaire, ceux " "qui sont dans la plage seront rapportés comme prévu." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" "Ces limites d'identifiants affecte aussi les mises en cache des entrées, et " "pas seulement leur recherche par nom ou identifiant." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Default: 1 for min_id, 0 (no limit) for max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "enumerate (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" "Détermine si un domaine peut être énuméré. Ce paramètre peut avoir une des " "valeurs suivantes :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = utilisateurs et groupes sont énumérés" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = aucune énumération pour ce domaine" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "Par défaut : FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" "Note : activer l'énumération a un impact modéré sur les performances de SSSD " "lorsque l'énumération est en cours. Plusieurs minutes peuvent être " "nécessaires après le démarrage de SSSD pour terminer l'énumération complète. " "Pendant ce temps, les requêtes individuelles pour des informations iront " "directement vers LDAP, bien que plus lent et ce à cause de la charge " "importante liée au processus d'énumération. Le fait de mettre un grand " "nombre d'entrées en cache lorsque l'énumération est terminée peut être " "également intensif pour le CPU, car les appartenances aux groupes doivent " "être recalculées." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" "Lorsque la première énumération est en cours, les requêtes pour des listes " "utilisateurs ou de groupes peuvent retourner des résultats vides avant que " "l'énumération ne se termine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" "De plus, activer l'énumération peut augmenter le temps nécessaire pour " "détecter la déconnexion d'un réseau, puisque des délais d'attente supérieurs " "sont nécessaires pour s'assurer que les requêtes d'énumération se terminent " "avec succès. Pour plus d'informations, se référer au manuel pour le " "fournisseur d'identité spécifique utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" "Pour les raisons citées plus haut, l'activation de l'énumération est " "déconseillée, surtout dans les environnements de grande taille." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 #, fuzzy #| msgid "subdomain_homedir (string)" msgid "subdomain_enumerate (string)" msgstr "subdomain_homedir (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "Par défaut : aucun" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" "La durée en secondes pendant laquelle nss_sss doit considérer les entrées " "comme valides avant de les redemander au moteur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "Par défaut : 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" "La durée en secondes pendant laquelle nss_sss doit considérer les entrées " "d'utilisateurs comme valides avant de les redemander au moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "Par défaut : entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" "La durée en secondes pendant laquelle nss_sss doit considérer les entrées de " "groupes comme valides avant de les redemander au moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" "La durée en secondes pendant laquelle nss_sss doit considérer les entrées de " "netgroup comme valides avant de les redemander au moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" "La durée en secondes pendant laquelle nss_sss doit considérer les entrées de " "service valides avant de les redemander au moteur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" "La durée en secondes pendant laquelle sudo doit considérer les règles comme " "valides avant de les redemander au moteur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" "La durée en secondes pendant laquelle le service autofs doit considérer les " "cartes d'automontage comme valides avant de les redemander au moteur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" "Spécifie la durée en secondes pendant laquelle SSSD doit attendre avant " "d'actualiser les enregistrements expirés. Seuls les netgroup expirés sont " "actuellement pris en charge." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" "Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "Par défaut : 0 (désactivé)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "cache_credentials (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" "Détermine si les données d'identification de l'utilisateur sont aussi mis en " "cache dans le cache LDB local" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" "Les informations d'identification utilisateur sont stockées dans une table " "de hachage SHA512, et non en texte brut" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" "Durée en jours pendant laquelle les entrées sont stockées dans le cache " "après la dernière connexion réussie, avant d'être enlevées lors du nettoyage " "du cache. 0 signifie qu'elles sont conservées indéfiniment. La valeur de ce " "paramètre doit être supérieur ou égal à offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "Par défaut : 0 (illimité)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" "Veuillez noter que le moteur du service doit fournir des informations à " "propos du délai d'expiration du mot de passe. Si cette information est " "manquante, sssd ne peut afficher de message d'alerte. De plus, un " "fournisseur oauth doit être configuré pour le moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Par défaut : 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "id_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" "Le fournisseur d'identification utilisé pour le domaine. Les fournisseurs " "d'identification pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "<quote>proxy</quote> : prise en charge de l'ancien fournisseur NSS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" "<quote>local</quote> : Fournisseur interne SSSD pour les utilisateurs locaux" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" "<quote>ldap</quote> : fournisseur LDAP. Cf. " "<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> pour plus d'informations sur la configuration de " "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" "<quote>ipa</quote> : fournisseur FreeIPA et Red Hat Enterprise Identity " "Management. Cf. <citerefentry><refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> pour plus d'informations sur la " "configuration de FreeIPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" "<quote>ad</quote> : fournisseur Active Directory. Cf. " "<citerefentry><refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> pour plus d'informations sur la configuration " "d'Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" "Utiliser le nom complet et le domaine (comme formaté par le paramètre " "full_name_format du domaine) comme nom de connexion de l'utilisateur " "communiqué à NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" "Si défini à TRUE, toutes les requêtes pour ce domaine doivent utiliser des " "noms pleinement qualifiés. Par exemple, pour un utilisateur « test » dans un " "domaine LOCAL, <command>getent passwd test</command> ne trouvera pas " "l'utilisateur avant que <command>getent passwd test@LOCAL</command> ne le " "trouve." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "Ne pas envoyer les membres des groupes sur les recherches de groupes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" "Si positionné à TRUE, l'attribut de membre de groupe n'est pas demandé au " "serveur ldap, et les membres du groupe ne sont pas renvoyés lors du " "traitement des appels de recherche de groupes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "auth_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" "Le fournisseur d'authentification utilisé pour le domaine. Les fournisseurs " "pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> pour une authentification LDAP native. Cf. " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> pour plus d'informations sur la configuration de " "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" "<quote>krb5</quote> pour une authentification Kerberos. Cf. <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> pour plus d'informations sur la configuration de Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" "<quote>proxy</quote> pour relayer l'authentification vers d'autres cibles " "PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> désactive l'authentification explicitement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" "Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut " "gérer les requêtes d'authentification." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "access_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" "Le fournisseur de contrôle d'accès utilisé pour le domaine. Il y a deux " "fournisseurs d'accès natifs (en plus de ceux disponibles dans les moteurs " "installés). Les fournisseurs internes spécifiques sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" "<quote>permit</quote> toujours autoriser l'accès. C'est le seul fournisseur " "d'accès autorisé pour un domaine local." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> toujours refuser les accès." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" "Contrôle d'accès <quote>simple</quote> basé sur des listes d'autorisations " "ou de refus d'accès. Cf. <citerefentry> <refentrytitle>sssd-simple</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> pour plus " "d'informations sur la configuration du module d'accès simple." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "Par défaut : <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "chpass_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" "Le fournisseur qui doit gérer le changement des mots de passe pour le " "domaine. Les fournisseurs pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> pour modifier un mot de passe stocké sur un serveur " "LDAP. Cf. <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> pour plus d'informations sur la " "configuration LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" "<quote>krb5</quote> pour changer le mot de passe Kerberos. Cf. " "<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> pour plus d'informations sur la configuration de " "Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" "<quote>proxy</quote> pour relayer le changement de mot de passe vers une " "autre cible PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" "<quote>none</quote> pour désactiver explicitement le changement de mot de " "passe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" "Par défaut : <quote>auth_provider</quote> est utilisé si il est défini et " "peut gérer les changements de mot de passe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "sudo_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "Le fournisseur SUDO, utilisé pour le domaine. Les fournisseurs SUDO pris en " "charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> pour les règles stockés dans LDAP. Voir " "<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> pour plus d'informations sur la configuration de " "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> désactive explicitement SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Par défaut : La valeur de <quote>id_provider</quote> est utilisée si elle " "est définie." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "selinux_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" "Le fournisseur qui doit gérer le chargement des paramètres de selinux. " "Remarque : ce fournisseur sera appelé juste après la fin de l'appel au " "fournisseur d'accès. Les fournisseurs selinux pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> pour charger les paramètres selinux depuis un serveur " "IPA. Cf. <citerefentry><refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> pour plus d'informations sur la configuration de " "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> n'autorise pas la récupération explicite des paramètres " "selinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" "Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut " "gérer le chargement selinux" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "subdomains_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" "Le fournisseur doit être capable de gérer la récupération des sous-" "domaines. Cette valeur doit être toujours identique à id_provider. Les " "fournisseurs de sous-domaine pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> pour charger une liste de sous-domaines depuis un serveur " "IPA. Cf. <citerefentry><refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> pour plus d'informations sur la configuration de " "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" "<quote>none</quote> désactive la récupération explicite des sous-domaines." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "autofs_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" "Le fournisseur autofs utilisé pour le domaine. Les fournisseurs autofs pris " "en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> pour charger les cartes stockées dans LDAP. Cf. " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> pour plus d'informations sur la configuration de " "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> pour charger les cartes stockées sur un serveur IPA. Cf. " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> pour plus d'information sur la configuration de " "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> désactive explicitement autofs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "hostid_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" "Le fournisseur utilisé pour récupérer les informations d'identité des " "systèmes. Les fournisseurs de hostid pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> pour charge l'identité du système stockée sur un serveur " "IPA. Cf. <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> pour plus d'informations sur la " "configuration de IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> désactive explicitement hostid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" "L'expression rationnelle pour ce domaine qui décrit comment analyser la " "chaîne contenant le nom d'utilisateur et domaine et en extraire ces " "composants. Le « domaine » peut correspondre à soit au nom de domaine de la " "configuration SSSD, ou, dans le cas de relations d'approbations avec des " "sous-domaines IPA ou des domaines Active Directory, le nom plat (NetBIOS) du " "domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" "Valeur par défaut pour les fournisseurs AD et IPA : <quote>(((?P<" "domain>[^\\\\]+)\\\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<" "domain>.+$))|(^(?P<name>[^@\\\\]+)$))</quote> qui utilisent trois " "styles différents pour les noms d'utilisateurs :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "domain\\username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" "Bien que les deux premiers correspondent à la valeur par défaut en général " "le troisième est introduit pour permettre une intégration facile des " "utilisateurs de domaines Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" "Par défaut : <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "qui se traduit par « peu importe le nom jusqu'au <quote>@</quote>, peu " "importe le domaine après »" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" "REMARQUE : la prise en charge de sous-motifs nommés multiples n'est pas " "disponible sur certaines plates-formes (par exemple, RHEL5 et SLES10). " "Seules les plates-formes avec libpcre version 7 ou supérieure peuvent " "prendre en charge les sous-motifs nommés multiples." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" "REMARQUE ADDITIONNELLE : les anciennes versions de libpcre ne supportent que " "la syntaxe Python (?P<name>) pour nommer les sous-motifs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Par défaut : <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "lookup_family_order (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" "Fournit la possibilité de sélectionner la famille d'adresse préférée à " "utiliser pour effectuer les requêtes DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "Valeurs prises en charge :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, " "essayer IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter " "IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "Par défaut : ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" "Délai (en secondes) d'attente de la réponse du résolveur DNS avant de " "considérer qu'il est injoignable. Si ce délai maximum est atteint, le " "domaine continuera à opérer en mode déconnecté." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "Par défaut : 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" "Si la découverte de services est utilisé par le moteur, spécifie la partie " "du domaine faisant partie de la requête DNS de découverte de services." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Par défaut : utiliser la partie du domaine qui est dans le nom de système de " "la machine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "override_gid (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "Redéfinit le GID primaire avec la valeur spécifiée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "case_sensitive (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" "Traiter les utilisateur et les noms de groupes comme sensible à la casse. " "Actuellement, cette option n'est pas supportée dans le fournisseur local." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "Par défaut : True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" "Quand un utilisateur ou un groupe est recherché par son nom dans le " "fournisseur proxy, une deuxième recherche par ID est effectuée pour " "récupérer le nom canonique, dans le cas où le nom demandé serait un alias. " "Cette option positionnée à true active la recherche par l'ID dans le cache " "afin d'améliorer les performances." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "nom plat (NetBIOS) d'un sous-domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 #, fuzzy #| msgid "" #| "Use this homedir as default value for all subdomains within this domain. " #| "See <emphasis>override_homedir</emphasis> for info about possible values. " #| "In addition to those, the expansion below can only be used with " #| "<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist" #| "\" id=\"0\"/>" msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" "Utiliser ce répertoire utilisateur comme valeur par défaut pour tous les " "sous-domaines dans ce domaine. Voir <emphasis>override_homedir</emphasis> " "pour des informations sur les valeurs possibles. En plus de celles-ci, le " "remplacement ci-dessous ne peut être utilisé qu'avec " "<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" " "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" "La valeur peut être surchargée par l'option <emphasis>override_homedir</" "emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Par défaut : <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "realmd_tags (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" "Étiquettes diverses stockées par le service de configuration de realmd pour " "ce domaine." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Ces options de configuration peuvent être présentes dans la section de " "configuration du domaine, c'est-à-dire dans la section nommée <quote>[domain/" "<replaceable>NAME</replaceable>]</quote> <placeholder type=\"variablelist\" " "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "Le proxy cible duquel PAM devient mandataire." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" "Par défaut : non défini, il faut utiliser une configuration de pam existante " "ou en créer une nouvelle et ajouter le nom de service ici." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" "Le nom de la bibliothèque NSS à utiliser dans les domaines proxy. Les " "recherches de fonctions NSS dans la bibliothèque sont sous la forme _nss_" "$(libName)_$(function), par exemple _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" "Options valides pour les domaines proxy. <placeholder type=\"variablelist\" " "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "La section du domaine local" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" "Cette section contient les paramètres pour le domaine qui stocke les " "utilisateurs et les groupes dans la base de données native SSSD, c'est-à-" "dire un domaine qui utilise <replaceable>id_provider=local</replaceable>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "default_shell (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" "L'interpréteur de commandes par défaut pour les utilisateurs créés avec les " "outils en espace utilisateur SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "Par défaut : <filename>/bin/bash</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "base_directory (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" "Les outils ajoutent le nom d'utilisateur à <replaceable>base_directory</" "replaceable> et l'utilisent comme dossier personnel." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "Par défaut : <filename>/home</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "create_homedir (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" "Indique si un dossier personnel doit être créé par défaut pour les nouveaux " "utilisateurs. Peut être outrepassé par la ligne de commande." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "Par défaut : TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "remove_homedir (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" "Indiquer si un dossier personnel doit par défaut être supprimé à la " "suppression des utilisateurs. Peut être outrepassé par la ligne de commande." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "homedir_umask (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" "Utilisé par <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> pour spécifier les permissions par " "défaut sur un répertoire personnel nouvellement créé." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "Par défaut : 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "skel_dir (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" "Le répertoire squelette contenant les fichiers et répertoires à copier dans " "le répertoire personnel de l'utilisateur une fois ce répertoire créé par " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "Par défaut : <filename>/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "mail_dir (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" "Le répertoire de gestion des e-mails. Nécessaire pour manipuler les boîtes e-" "mail quand les comptes utilisateurs sont modifiés ou supprimés. Si non " "précisé, la valeur par défaut est utilisée." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "Par défaut : <filename>/var/mail</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "userdel_cmd (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" "La commande qui est exécutée quand un utilisateur est supprimé. La commande " "a comme seul argument le nom de l'utilisateur qui doit être supprimé. Le " "code en retour de la commande n'est pas pris en compte." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "Par défaut : None, aucune commande lancée" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "EXEMPLE" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" "L'exemple suivant montre une configuration SSSD classique. Il ne décrit pas " "la configuration des domaines. Se référer à la documentation sur la " "configuration des domaines pour plus de détails. <placeholder type=" "\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "sssd-ldap" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" "Ce manuel décrit la configuration des domaines LDAP pour <citerefentry> " "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>. Se référer à la section <quote>FILE FORMAT</quote> du manuel " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> pour des informations sur la syntaxe détaillée." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "" "Il est possible de configurer SSSD pour utiliser plus d'un domaine LDAP." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" "Le moteur de traitement LDAP prend en charge les fournisseurs id, auth, " "access et chpass. Si vous voulez vous authentifier sur un serveur LDAP, il " "vous faut utiliser TLS/SSL ou LDAPS. <command>sssd</command> <emphasis>ne " "prend pas en charge</emphasis> l'authentification sur un canal non chiffré. " "Si le serveur LDAP est utilisé seulement comme fournisseur d'identité, un " "canal crypté n'est pas nécessaire. Se référer aux options de configurations " "<quote>ldap_access_filter</quote> pour plus d'information sur l'utilisation " "en tant que fournisseur d'accès." #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "OPTIONS DE CONFIGURATION" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" "Spécifie par ordre de préférence la liste séparée par des virgules d'URI des " "serveurs LDAP auquel doit se connecter SSSD. Se reporter à la section de " "<quote>BASCULEMENT</quote> pour plus d'informations sur le basculement et la " "redondance de serveurs. Si aucune de ces options n'est spécifiée, la " "découverte d'un service est activé. Pour plus d'informations, se reporter à " "la section de <quote>DÉCOUVERTE DE SERVICE</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" "Le format de l'URI doit correspondre au format définit dans la RFC 2732 :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" "Pour les adresses explicitement en IPv6, le composant <host> doit être " "entre crochets []" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "exemple : ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" "Spécifie la liste d'URI séparée par des virgules des serveurs LDAP auquel " "doit se connecter DSSD par ordre de préférence pour changer le mot de passe " "d'un utilisateur. Reportez-vous à la section de <quote>basculement</quote> " "pour plus d'informations sur le repli et la redondance de serveurs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Pour activer la découverte de services, ldap_chpass_dns_service_name doit " "être défini." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Par défaut : vide, ldap_uri est donc utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "ldap_search_base (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "Le DN de base par défaut à utiliser pour effectuer les opérations LDAP sur " "les utilisateurs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" "À partir de SSSD 1.7.0, SSSD prend en charge plusieurs bases de recherche à " "l'aide de la syntaxe :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "La portée peut être l'une des « base », « onelevel » ou « subtree »." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" "Le filtre doit être un filtre de recherche LDAP valide tel que spécifié par " "http://www.ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "Exemples :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" "ldap_search_base = dc=example,dc=com (ce qui équivaut à) ldap_search_base = " "dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" "Remarque : Il est n'est pas possible d'avoir plusieurs bases de recherche " "qui référencent des objets portant le même nom (par exemple, les groupes " "portant le même nom dans deux bases de recherche différents). Cela conduira " "à un comportement imprévisible sur les ordinateurs clients." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" "Par défaut : si non définie, les valeurs des attributs defaultNamingContext " "ou namingContexts du RootDSE du serveur LDAP sont utilisées. Si " "defaultNamingContext n'existe pas ou a une valeur vide, namingContexts est " "utilisé. Les attributs namingContexts doivent avoir une seule valeur avec un " "DN de base de recherche pour le serveur LDAP pour que cela fonctionne. Des " "valeurs multiples ne sont pas permises." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "ldap_schema (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" "Spécifie le type de schéma utilisé sur le serveur LDAP cible. Selon le " "schéma sélectionné, les noms d'attributs par défaut provenant des serveurs " "peuvent varier. La manière dont certains attributs sont traités peut-être " "également différer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "Quatre types de schéma sont actuellement pris en charge :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" "La principale différence entre ces types de schéma est la façon dont les " "appartenances aux groupes sont enregistrés dans le serveur. Avec rfc2307, " "les membres du groupe sont répertoriées par nom dans l'attribut " "<emphasis>memberUid</emphasis>. Avec rfc2307bis et IPA, les membres du " "groupe sont répertoriés par DN et stockées dans l'attribut de " "<emphasis>member</emphasis>. Le type de schéma AD définit les attributs " "correspondant aux valeurs d'Active Directory 2008r2." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "Par défaut : rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "Le DN de connexion par défaut à utiliser pour effectuer les opérations LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "" "Le type de jeton d'authentification pour le DN de connexion par défaut." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "Les deux mécanismes actuellement pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "Par défaut : password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" "Le jeton d'authentification pour le DN de connexion par défaut. Seuls les " "mots de passe en clair sont actuellement pris en charge." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "ldap_user_object_class (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "La classe d'objet d'une entrée utilisateur dans LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "Par défaut : posixAccount" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "ldap_user_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "" "L'attribut LDAP correspondant à l'identifiant de connexion de l'utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "Par défaut : uid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "ldap_user_uid_number (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "L'attribut LDAP correspondant à l'id de l'utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "par défaut : uidNumber" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "ldap_user_gid_number (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" "L'attribut LDAP correspondant à l'id du groupe primaire de l'utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "Par défaut : gidNumber" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "ldap_user_gecos (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "L'attribut LDAP correspondant au champ gecos de l'utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "Par défaut : gecos" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "ldap_user_home_directory (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "" "L'attribut LDAP qui contient le nom du répertoire personnel de l'utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "Par défaut : homeDirectory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "ldap_user_shell (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" "L'attribut LDAP qui contient le chemin vers l'interpréteur de commandes de " "l'utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "Par défaut : loginShell" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "ldap_user_uuid (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" "L'attribut LDAP qui contient les UUID/GUID d'un objet LDAP utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "Par défaut : nsUniqueId" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "ldap_user_objectsid (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" "L'attribut LDAP qui contient l'objectSID d'un objet d'utilisateur LDAP. Ceci " "n'est habituellement nécessaire que pour les serveurs Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" "Par défaut : objectSid pour ActiveDirectory, indéfini pour les autres " "serveurs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "ldap_user_modify_timestamp (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" "L'attribut LDAP qui contient l'horodatage de la dernière modification de " "l'objet parent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "Par défaut : modifyTimestamp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "ldap_user_shadow_last_change (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" "Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " "nom de l'attribut LDAP correspondant à sa contrepartie <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> (date de changement du dernier mot de passe)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "Par défaut : shadowLastChange" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "ldap_user_shadow_min (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" "Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " "nom de l'attribut LDAP correspondant à sa contrepartie<citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> (durée de validité minimum du mot de passe)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "Par défaut : shadowMin" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "ldap_user_shadow_max (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" "Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " "nom de l'attribut LDAP correspondant à sa contrepartie <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> (âge maximum du mot de passe)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "Par défaut : shadowMax" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "ldap_user_shadow_warning (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" "Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " "nom de l'attribut LDAP correspondant à sa contrepartie <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> (période d'avertissement du mot de passe)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "Par défaut : shadowWarning" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "ldap_user_shadow_inactive (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" "Lors de l'utilisation de ldap_pwd_policy=shadow, ce paramètre contient le " "nom de l'attribut LDAP correspondant à sa contrepartie <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> (période d'inactivité du mot de passe)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "Par défaut : shadowInactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "ldap_user_shadow_expire (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" "Lors de l'utilisation de ldap_pwd_policy=shadow ou " "ldap_account_expire_policy=shadow, ce paramètre contient le nom de " "l'attribut LDAP correspondant à sa contrepartie <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> (date d'expiration du compte)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "Par défaut : shadowExpire" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "ldap_user_krb_last_pwd_change (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" "Lors de l'utilisation de ldap_pwd_policy=mit_kerberos, ce paramètre contient " "le nom de l'attribut LDAP stockant la date et l'heure du dernier changement " "de mot de passe dans kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "Par défaut : krbLastPwdChange" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "ldap_user_krb_password_expiration (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" "Lors de l'utilisation de ldap_pwd_policy=mit_kerberos, ce paramètre contient " "le nom de l'attribut LDAP stockant la date et l'heure d'expiration du mot de " "passe actuel." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "Par défaut : krbPasswordExpiration" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "ldap_user_ad_account_expires (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" "Lors de l'utilisation de ldap_account_expire_policy=ad, ce paramètre " "contient le nom d'un attribut LDAP stockant la date d'expiration du compte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "Par défaut : accountExpires" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "ldap_user_ad_user_account_control (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" "Lors de l'utilisation de ldap_account_expire_policy=ad, ce paramètre " "contient le nom d'un attribut LDAP stockant le champ de bits de contrôle du " "compte utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "Par défaut : userAccountControl" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "ldap_ns_account_lock (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" "Lors de l'utilisation de ldap_account_expire_policy=rhds ou équivalent, ce " "paramètre détermine si l'accès est autorisé ou non." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "Par défaut : nsAccountLock" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "ldap_user_nds_login_disabled (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" "Lors de l'utilisation de ldap_account_expire_policy=nds, cet attribut " "détermine si l'accès est autorisé ou non." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "Par défaut : loginDisabled" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "ldap_user_nds_login_expiration_time (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" "Lors de l'utilisation de ldap_account_expire_policy=nds, cet attribut " "détermine jusqu'à quand l'accès est autorisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "ldap_user_nds_login_allowed_time_map (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" "Lors de l'utilisation de ldap_account_expire_policy=nds, cet attribut " "détermine les heures des jours dans la semaine pendant lesquelles l'accès " "est autorisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "Par défaut : loginAllowedTimeMap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "ldap_user_principal (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" "L'attribut LDAP contenant le nom du principal d'utilisateur (UPN) Kerberos " "de l'utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "Par défaut : krbPrincipalName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "ldap_user_ssh_public_key (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "L'attribut LDAP qui contient les clés publiques SSH de l'utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" "Certains serveurs d'annuaire, comme par exemple Active Directory, peuvent " "délivrer la partie domaine de l'UPN en minuscules, ce qui peut faire échouer " "l'authentification. Définir cette option à une valeur non nulle pour " "utiliser un nom de domaine en majuscules." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" "Spécifie la durée en secondes pendant laquelle SSSD doit attendre avant " "d'actualiser son cache d\"énumération d'enregistrements." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" "Détermine la fréquence de vérification de la présence d'entrées inactives " "dans le cache (telles que groupes sans membres et utilisateurs ne s'étant " "jamais connectés) et de suppression pour économiser de l'espace." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" "Mettre cette option à zéro désactive l'opération de nettoyage du cache." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "Par défaut : 1800 (12 heures)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "ldap_user_fullname (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "L'attribut LDAP correspondant au nom complet de l'utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "Par défaut : cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "ldap_user_member_of (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" "L'attribut LDAP énumérant les groupes auquel appartient un utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "Par défaut : memberOf" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "ldap_user_authorized_service (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" "Lorsque access_provider=ldap et ldap_access_order=authorized_service, SSSD " "utilise la présence de l'attribut authorizedService dans l'entrée LDAP de " "l'utilisateur pour déterminer les autorisations d'accès." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" "Le refus explicite (!svc) est résolu en premier. Ensuite, SSSD cherche une " "autorisation explicite (svc) et enfin allow_all (*)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" "Noter que l'option de configuration ldap_access_order <emphasis>doit</" "emphasis> inclure <quote>authorized_service</quote> de façon à permettre à " "l'option ldap_user_authorized_service de fonctionner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "Par défaut : authorizedService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "ldap_user_authorized_host (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" "Si access_provider=ldap et ldap_access_order=host, SSSD va utiliser la " "présence de l'attribut host dans l'entrée LDAP de l'utilisateur pour " "déterminer les autorisations d'accès." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" "Le refus explicite (!host) est résolu en premier. SSSD recherche ensuite les " "autorisations explicites (host) et enfin toutes les autorisations (*)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" "Noter que l'option de configuration ldap_access_order <emphasis>doit</" "emphasis> inclure <quote>host</quote> de façon à permettre à l'option " "ldap_user_authorized_host de fonctionner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "Par défaut : host" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "ldap_group_object_class (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "La classe d'objet d'une entrée de groupe dans LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "Par défaut : posixGroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "ldap_group_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "L'attribut LDAP correspondant au nom du groupe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "ldap_group_gid_number (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "L'attribut LDAP correspondant à l'identifiant de groupe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "ldap_group_member (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "L'attribut LDAP contenant les noms des membres du groupe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "Par défaut : memberuid (rfc2307) / member (rfc2307bis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "ldap_group_uuid (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "L'attribut LDAP contenant les UUID/GUID d'un objet groupe LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "ldap_group_objectsid (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" "L'attribut LDAP qui contient l'objectSID d'un objet de groupe LDAP. Ceci " "n'est habituellement nécessaire que pour les serveurs Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "ldap_group_modify_timestamp (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_group_type (integer)" msgstr "ldap_opt_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 #, fuzzy #| msgid "The LDAP attribute that contains the names of the group's members." msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "L'attribut LDAP contenant les noms des membres du groupe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" "Si ldap_schema est défini comme un format prenant en charge les groupes " "imbriqués (par exemple RFC2307bis), alors cette option contrôle le nombre de " "niveaux d'imbrication que SSSD suivra. Cette option n'a pas d'effet sur le " "schéma RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "Par défaut : 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "ldap_groups_use_matching_rule_in_chain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" "Cette option indique à SSSD de tirer parti d'une fonctionnalité Active " "Directory spécifique qui peut accélérer les opérations de recherche de " "groupe sur les déploiements utilisant des groupes profondément imbriqués et " "complexes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" "Dans la plupart des cas, il est préférable de laisser cette option " "désactivée. Elle ne fournit une augmentation des performances que sur les " "imbrications très complexes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" "Si cette option est activée, SSSD l'utilisera s'il détecte que le serveur la " "prend en charge au cours de la connexion initiale. Ainsi, « true » signifie " "essentiellement « auto-detect »." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" "Remarque : Cette fonctionnalité fonctionne uniquement avec Active Directory " "2008 R1 et versions suivantes. Consulter <ulink url=\"http://msdn.microsoft." "com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx\">la " "documentation de MSDN(TM)</ulink> pour plus de détails." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "Par défaut : False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "ldap_initgroups_use_matching_rule_in_chain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" "Cette option indique à SSSD de tirer parti d'une fonctionnalité Active " "Directory spécifique qui peut accélérer les opérations initgroups (le plus " "souvent lors de l'utilisation de groupes profondément imbriqués ou " "complexes)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "ldap_netgroup_object_class (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "La classe d'objet d'une entrée de netgroup dans LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" "Pour un fournisseur IPA, ipa_netgroup_object_class doit être utilisé à la " "place." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "Par défaut : nisNetgroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "ldap_netgroup_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "L'attribut LDAP correspondant au nom du netgroup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" "Dans le fournisseur IPA, ipa_netgroup_name doit être utilisé à la place." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "ldap_netgroup_member (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "L'attribut LDAP contenant les noms des membres du netgroup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" "Dans le fournisseur IPA, ipa_netgroup_member doit être utilisé à la place." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "Par défaut : memberNisNetgroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "ldap_netgroup_triple (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" "L'attribut LDAP contenant les triplets (hôte, utilisateur, domaine) d'un " "netgroup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "Cette option n'est pas disponible dans le fournisseur IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "Par défaut : nisNetgroupTriple" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "ldap_netgroup_uuid (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "L'attribut LDAP contenant les UUID/GUID d'un objet netgroup LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" "Dans le fournisseur IPA, ipa_netgroup_uuid doit être utilisé à la place." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "ldap_netgroup_modify_timestamp (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "ldap_service_object_class (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "La classe d'objet d'une entrée de service LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "Par défaut : ipService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "ldap_service_name (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" "L'attribut LDAP qui contient le nom des attributs de service et de leurs " "alias." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "ldap_service_port (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "L'attribut LDAP qui contient le port géré par ce service." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "Par défaut : ipServicePort" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "ldap_service_proto (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "L'attribut LDAP qui contient les protocoles compris par ce service." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "Par défaut : ipServiceProtocol" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" "Définit le délai d'attente (en secondes) autorisé pour les recherches LDAP " "avant annulation et utilisation des résultats contenus dans le cache (et " "activation du mode hors ligne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" "Note : cette option est susceptible de changer dans les prochaines version " "de SSSD. Elle sera sûrement remplacée par une série de délais d'attente pour " "différents types de recherches." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" "Définit le délai d'attente (en secondes) autorisé pour les recherches LDAP " "sur les utilisateurs et groupes avant annulation et utilisation des " "résultats mis en cache (et activation du mode hors ligne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" "Définit le délai d'attente (en secondes) après lequel les fonctions " "<citerefentry> <refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> " "</citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> " "<manvolnum>2</manvolnum> </citerefentry> suivant un <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> rendent la main en cas d'inactivité." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" "Définit le délai d'attente (en secondes) après lequel les appels synchrones " "à l'API LDAP échouent si aucune réponse n'est obtenue. Permet aussi de " "contrôler le délai de communication avec le KDC dans le cas d'un appel SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" "Spécifie un délai d'attente (en secondes) pendant laquelle une connexion à " "un serveur LDAP est maintenue. Passé ce délai, la connexion devra être " "rétablie. Si ce paramètre est utilisé en parallèle avec SASL/GSSAPI, la plus " "courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "Par défaut : 900 (15 minutes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" "Définit le nombre d'enregistrements à récupérer lors d'une requête LDAP. " "Certains serveurs LDAP imposent une limite maximale par requête." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "Par défaut : 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" "Désactiver le contrôle de pagination LDAP. Cette option doit être utilisée " "si le serveur LDAP signale qu'il prend en charge le contrôle de pagination " "LDAP de l'objet RootDSE, mais qu'il n'est pas activé ou ne se comporte pas " "correctement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" "Exemple : le serveurs OpenLDAP avec le module de contrôle de pagination " "installé sur le serveur mais non activé le signaleront dans RootDSE mais il " "sera impossible de l'utiliser." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" "Exemple : 389 DS a un bogue où il ne peut que soutenir qu'un seul contrôle " "de pagination à la fois sur une connexion donnée. Sur les clients chargés, " "cela peut entraîner l'échec de certaines demandes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "Désactiver la récupération de plage Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" "Active Directory limite le nombre de membres à récupérer par recherche à " "l'aide de la stratégie MaxValRange (qui prend la valeur par défaut de 1500 " "membres). Si un groupe contient plus de membres, la réponse inclura une " "extension de plage spécifique à Active Directory. Cette option désactive " "l'analyse de cette extension de plage, les groupes de grande taille " "apparaissant ainsi sans aucun membre." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" "Lors de la communication avec un serveur LDAP en utilisant SASL, spécifie le " "niveau de sécurité minimal nécessaire pour établir la connexion. Les valeurs " "de cette option sont définies par OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "Par défaut : Utiliser la valeur par défaut du système (généralement spécifié " "par ldap.conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" "Définit le nombre de membres du groupe qui doivent manquer au sein du cache " "interne afin de déclencher une recherche de déréférencement. Si le nombre de " "membres manquants est inférieur, ils sont recherchés individuellement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" "Vous pouvez désactiver complètement les recherches de déréférencement en " "affectant la valeur 0." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" "Une recherche de déréférencement est un moyen pour récupérer tous les " "membres d'un groupe avec un seul appel LDAP. Plusieurs serveurs LDAP peuvent " "avoir différentes méthodes de déréférencement. Les serveurs actuellement " "acceptés sont 389/RHDS, OpenLDAP et Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" "<emphasis>Remarque :</emphasis> Si l'une des bases de recherche spécifie un " "filtre de recherche, alors l'amélioration de la performance de recherche de " "déréférencement est désactivée indépendamment de ce paramètre." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" "Définit les vérifications à effectuer sur les certificats serveur sur une " "session TLS, si elle existe. Une des valeurs suivantes est utilisable :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" "<emphasis>never</emphasis> : le client ne demandera ni ne vérifiera un " "quelconque certificat du serveur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" "<emphasis>allow</emphasis> : le certificat serveur est demandé. Si aucun " "certificat n'est fournit, la session continue normalement. Si un mauvais " "certificat est fourni, il est ignoré et la session continue normalement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" "<emphasis>try</emphasis> : le certificat serveur est demandé. Si aucun " "certificat n'est fourni, la session continue normalement. Si un mauvais " "certificat est fourni, la session se termine immédiatement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" "<emphasis>demand</emphasis> : le certificat serveur est demandé. Si aucun " "certificat ou un mauvais certificat est fourni, la session se termine " "immédiatement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "Par défaut : hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" "Définit le fichier qui contient les certificats pour toutes les autorités de " "certification que <command>sssd</command> reconnaîtra." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" "Par défaut : utilise les paramètres par défaut de OpenLDAP, en général dans " "<filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" "Spécifie le chemin d'un dossier qui contient les certificats de l'autorité " "de certificats dans des fichiers séparés. Usuellement, les noms de fichiers " "sont la somme de contrôle du certificat suivi de « .0 ». Si disponible, " "<command>cacertdir_rehash</command> peut être utilisé pour créer les noms " "corrects." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "Définit le fichier qui contient le certificat pour la clef du client." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "Définit le fichier qui contient la clef du client." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" "Définit les algorithmes de chiffrement acceptables. Généralement sous la " "forme d'une liste séparée par des deux-points. Cf. " "<citerefentry><refentrytitle>ldap.conf</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> pour le format." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" "Définit le fait que le fournisseur d'identité de connexion doit aussi " "utiliser <systemitem class=\"protocol\">tls</systemitem> pour protéger le " "canal." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" "Indique que SSSD doit tenter de trouver les correspondances des ID " "d'utilisateur et de groupe dans les attributs ldap_user_objectsid et " "ldap_group_objectsid au lieu d'utiliser ldap_user_uid_number et " "ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "Cette fonctionnalité ne prend actuellement en charge que la correspondance " "par objectSID avec Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "ldap_min_id, ldap_max_id (entiers)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" "Au contraire de la mise en correspondance d'identifiants s'appuyant sur les " "SID utilisée si ldap_id_mapping est positionné à true, les plages " "d'identifiants autorisés pour ldap_user_uid_number et ldap_group_gid_number " "n'ont pas de limite. Dans une configuration avec des sous-domaines ou des " "domaines approuvés, cela peut engendrer des collisions. Pour les éviter, " "ldap_min_id et ldap_max_id peuvent être configurés afin de restreindre les " "plages d'identifiants autorisées lues directement depuis le serveur. Les " "sous-domaines peuvent ensuite choisir d'autres plages pour leurs propres " "identifiants." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "Par défaut : non indiqué (les deux options sont à 0)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" "Définit le mécanisme SASL à utiliser. Actuellement, seul GSSAPI est testé et " "pris en charge." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" "Définit l'identité à utiliser pour l'autorisation SASL. Lorsque GSSAPI est " "utilisé, c'est l'identifiant Kerberos principal utilisé pour s'authentifier " "à l'annuaire. Cette option peut soit contenir le principal complet (par " "exemple host/myhost@EXAMPLE.COM), soit juste le nom du principal (par " "exemple host/myhost)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "Par défaut : host/hostname@REALM" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" "Spécifie le domaine SASL à utiliser. Si non spécifié, cette option prend par " "défaut la valeur de krb5_realm. Si le ldap_sasl_authid contient aussi le " "domaine, cette option est ignorée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "Par défaut : la valeur de krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" "Si true, la bibliothèque LDAP effectue une recherche inversée pour canoniser " "le nom de l'hôte au cours d'une liaison SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "Défaut : false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "Définit le fichier keytab à utiliser pour utiliser SASL/GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5." "keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" "Définit le fait que le fournisseur d'identité doit initialiser les données " "d'identification Kerberos (TGT). Cette action est effectuée seulement si " "SASL est utilisé et que le mécanisme choisi est GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "Définit la durée de vie, en secondes, des TGT si GSSAPI est utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "Par défaut : 86400 (24 heures)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" "Spécifie par ordre de préférence la liste séparée par des virgules des " "adresses IP ou des noms de systèmes des serveurs Kerberos auquel SSSD doit " "se connecter. Pour plus d'informations sur la redondance de basculement et " "le serveur, consulter la section <quote>BASCULEMENT</quote>. Un numéro de " "port facultatif (précédé de deux-points) peut être ajouté aux adresses ou " "aux noms de systèmes. Si vide, la découverte de services est activée - pour " "plus d'informations, se reporter à la section de <quote>DÉCOUVERTE DE " "SERVICES</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" "Lors de l'utilisation de découverte de services pour le KDC ou les serveurs " "kpasswd, SSSD recherche en premier les entrées DNS qui définissent _udp " "comme protocole, et passe sur _tcp si aucune entrée n'est trouvée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" "Cette option s'appelait <quote>krb5_kdcip</quote> dans les versions " "précédentes de SSSD. Bien que ce nom soit toujours reconnu à l'heure " "actuelle, il est conseillé de migrer les fichiers de configuration vers " "l'utilisation de <quote>krb5_server</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "Définit le DOMAINE de Kerberos (pour l'authentification SASL/GSSAPI)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" "Spécifie si le principal de l'hôte doit être rendu canonique lors de la " "connexion au serveur LDAP. Cette fonctionnalité est disponible avec MIT " "Kerberos > = 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" "Indique si SSSD doit préciser aux bibliothèques Kerberos quels domaine et " "KDC utiliser. Cette option est activée par défaut, si elle est désactivée, " "la bibliothèque Kerberos doit être configurée à l'aide du fichier de " "configuration <citerefentry> <refentrytitle>krb5.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" "Consulter la page de manuel de <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry> pour plus d'informations sur le greffon de " "localisation." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" "Détermine la politique d'expiration des mots de passe côté client. Les " "valeurs suivantes sont acceptées :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" "<emphasis>none</emphasis> : aucun évaluation du côté client. Cette option ne " "peut pas désactiver la politique sur les mots de passe du côté serveur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" "<emphasis>shadow</emphasis> - Utiliser les attributs de style " "<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> pour évaluer si le mot de passe a expiré." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" "<emphasis>mit_kerberos</emphasis> : utilise les attributs utilisés par MIT " "Kerberos pour déterminer si le mot de passe a expiré. Utiliser " "chpass_provider=krb5 afin de modifier ces attributs lorsque le mot de passe " "est changé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "Définit si le déréférencement automatique doit être activé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" "Veuillez noter que sssd ne supporte que le déréférencement que lorsqu'il est " "compilé avec OpenLDAP version 2.4.13 ou supérieur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" "La déréférenciation de références peut subir une altération notable des " "performances dans les environnements qui les utilisent fortement, un exemple " "notable étant Microsoft Active Directory. Si votre installation ne nécessite " "pas l'utilisation des références, affecter false à cette option devrait " "permettre d'améliorer de façon notable les performances." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Définit le nom de service à utiliser quand la découverte de services est " "activée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "Par défaut : ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" "Définit le nom de service à utiliser pour trouver un serveur LDAP autorisant " "un changement de mot de passe quand la découverte de services est activée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" "Par défaut : non défini, c'est-à-dire que le service de découverte est " "désactivé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" "Spécifie s'il faut mettre à jour l'attribut ldap_user_shadow_last_change " "avec le nombre de jours depuis Epoch après l'opération de changement de mot " "de passe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 #, fuzzy #| msgid "" #| "If using access_provider = ldap and ldap_access_order = filter (default), " #| "this option is mandatory. It specifies an LDAP search filter criteria " #| "that must be met for the user to be granted access on this host. If " #| "access_provider = ldap, ldap_access_order = filter and this option is not " #| "set, it will result in all users being denied access. Use " #| "access_provider = permit to change this default behavior." msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" "Cette option est obligatoire lors de l'utilisation de access_provider = ldap " "et ldap_access_order = filter (qui sont les valeurs par défaut). Elle " "spécifie un critère de filtre de recherche LDAP qui doit être satisfaite " "pour que l'utilisateur ait accès à ce système. Si access_provider = ldap, " "ldap_access_order = filter et que cette option n'est pas définie, tous les " "utilisateurs se verront refuser leurs accès. Utiliser access_provider = " "permit de changer ce comportement par défaut." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "Exemple:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, fuzzy, no-wrap #| msgid "" #| "access_provider = ldap\n" #| "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n" #| " " msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" "access_provider = ldap\n" "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 #, fuzzy #| msgid "" #| "This example means that access to this host is restricted to members of " #| "the \"allowedusers\" group in ldap." msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" "Cet exemple montre un accès à l'hôte restreint aux membres du groupe LDAP « " "allowedusers »." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" "Le cache hors-ligne pour cette fonctionnalité est limité à la détermination " "du fait que la dernière connexion en ligne de l'utilisateur a été autorisée. " "Si tel était le cas, l'accès sera conservé en mode hors-ligne et vice-versa." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "Par défaut : vide" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" "Avec cette option une évaluation du côté client des contrôles d'accès peut " "être activée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" "Veuillez noter qu'il est toujours recommandé d'utiliser un contrôle d'accès " "du côté serveur, c'est-à-dire que le serveur LDAP doit refuser une requête " "de connexion avec un code erreur approprié même si le mot de passe est " "correct." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "Les valeurs suivantes sont autorisées :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" "<emphasis>shadow</emphasis> : utiliser la valeur de ldap_user_shadow_expire " "pour déterminer si le compte a expiré." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" "<emphasis>ad</emphasis> : utilise la valeur du champ 32 bits " "ldap_user_ad_user_account_control et autorise l'accès si le deuxième bit " "n'est pas défini. Si l'attribut est manquant, l'accès est autorisé. La date " "d'expiration du compte est aussi vérifiée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis> : utilise la valeur de ldap_ns_account_lock afin de vérifier si " "l'accès est autorisé ou non." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" "<emphasis>nds</emphasis> : les valeurs de " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled et " "ldap_user_nds_login_expiration_time sont utilisées pour vérifier si l'accès " "est autorisé. Si les deux attributs sont manquants, l'accès est autorisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" "Noter que l'option de configuration ldap_access_order <emphasis>doit</" "emphasis> inclure <quote>expire</quote> de façon à permettre à l'option " "ldap_account_expire_policy de fonctionner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "ldap_access_order (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Liste séparées par des virgules des options de contrôles d'accès. Les " "valeurs autorisées sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" "<emphasis>authorized_service</emphasis> : utiliser l'attribut " "authorizedService pour déterminer l'accès" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "Par défaut : filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" "Veuillez noter qu'une valeur utilisée plusieurs fois résulte en une erreur " "de configuration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "ldap_deref (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" "Définit comment le déréférencement de l'alias est effectué lors d'une " "recherche. Les options suivantes sont autorisées :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" "<emphasis>searching</emphasis> : Les alias sont déréférencés comme des " "subordonnés de l'objet de base, mais pas en localisant l'objet de base de la " "recherche." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" "<emphasis>finding</emphasis> : les alias sont seulement déréférencés lors de " "la localisation de l'objet de base de la recherche." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" "<emphasis>always</emphasis> : les alias sont déréférencés à la fois pour la " "recherche et et la localisation de l'objet de base de la recherche." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" "Par défaut : vide (ceci est traité comme <emphasis>never</emphasis> par les " "bibliothèques clientes LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" "Permet de conserver les utilisateurs locaux en tant que membres d'un groupe " "LDAP pour les serveurs qui utilisent le schéma RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" "Dans certains environnements où le schéma RFC2307 est utilisé, les " "utilisateurs locaux deviennent membres du groupes LDAP en ajoutant leurs " "noms à l'attribut memberUid. La cohérence du domaine est compromise quand " "cela est fait, SSSD supprimerait normalement les utilisateurs « disparus » " "des appartenances aux groupes mises en cache dès que nsswitch essaie de " "récupérer des informations sur l'utilisateur via des appels à getpw*() ou " "initgoups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" "Cette option vérifie en dernier recours si les utilisateurs locaux sont " "référencés et les met en cache afin que des appels ultérieurs à initgoups() " "ajoutent les utilisateurs locaux aux groupes LDAP." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" "Toutes les options de configuration communes appliquées aux domaines SSSD " "s'appliquent aussi aux domaines LDAP. Voir la section des <quote>SECTIONS DE " "DOMAINE</quote> dans la page de manuel <citerefentry> <refentrytitle>sssd." "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de " "détails. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "OPTIONS DE SUDO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "ldap_sudorule_object_class (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "La classe d'objet d'une entrée de règle de sudo dans LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "Par défaut : sudoRole" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "ldap_sudorule_name (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "L'attribut LDAP qui correspond au nom de la règle de sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "ldap_sudorule_command (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "L'attribut LDAP qui correspond au nom de la commande." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "Par défaut : sudoCommand" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "ldap_sudorule_host (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" "L'attribut LDAP qui correspond au nom d'hôte (ou adresse IP de l'hôte, " "réseau IP de l'hôte ou netgroup de l'hôte)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "Par défaut : sudoHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "ldap_sudorule_user (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" "L'attribut LDAP qui correspond au nom d'utilisateur (ou UID, le nom du " "groupe ou netgroup de l'utilisateur)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "Par défaut : sudoUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "ldap_sudorule_option (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "L'attribut LDAP qui correspond aux options sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "Par défaut : sudoOption" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "ldap_sudorule_runasuser (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" "L'attribut LDAP qui correspond aux commandes peuvent être exécutées sous le " "nom d'utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "Par défaut : sudoRunAsUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "ldap_sudorule_runasgroup (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" "L'attribut LDAP qui correspond au nom du groupe ou GID du groupe sous lequel " "les commandes seront être exécutées." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "Par défaut : sudoRunAsGroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "ldap_sudorule_notbefore (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" "L'attribut LDAP qui correspond à la date/heure de début pour laquelle la " "règle sudo est valide." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "Par défaut : sudoNotBefore" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "ldap_sudorule_notafter (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" "L'attribut LDAP qui correspond à la date/heure d'expiration, après quoi la " "règle sudo ne sera plus valide." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "Par défaut : sudoNotAfter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "ldap_sudorule_order (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "L'attribut LDAP qui correspond à l'index de tri de la règle." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "Par défaut : sudoOrder" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" "La durée en secondes pendant laquelle SSSD va attendre entre deux " "actualisations complètes des règles de sudo (qui téléchargent toutes les " "règles qui sont stockées sur le serveur)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" "La valeur doit être supérieure à <emphasis>ldap_sudo_smart_refresh_interval</" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "Par défaut : 21600 (6 heures)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" "La durée en secondes pendant laquelle SSSD doit attendre avant d'exécuter " "une actualisation intelligente des règles sudo (qui télécharge toutes les " "règles qui ont un USN supérieur à l'USN le plus élevé des règles mises en " "cache)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" "Si les attributs USN ne sont pas pris en charge par le serveur, l'attribut " "modifyTimestamp est utilisé à la place." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" "Si true, SSSD téléchargera les seules règles qui s'appliquent à cette " "machine (à l'aide de l'adresse de système ou de réseau IPv4 ou IPv6 et des " "noms de systèmes)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" "Liste séparés par des espaces des noms de systèmes ou de domaines qui " "doivent être utilisés pour filtrer les règles." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" "Si cette option est vide, SSSD va essayer de découvrir automatiquement le " "nom de système et le nom de domaine pleinement qualifié." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" "Si <emphasis>ldap_sudo_use_host_filter</emphasis> est <emphasis>false</" "emphasis>, alors cette option n'a aucun effet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "Par défaut : non spécifié" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" "Liste séparés par des espaces d'adresses de système ou de réseaux IPv4 ou " "IPv6 qui doivent être utilisés pour filtrer les règles." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" "Si cette option est vide, SSSD va essayer de découvrir les adresses " "automatiquement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" "Si elle est vraie alors SSSD téléchargera toutes les règles qui contient un " "netgroup dans l'attribut sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" "Si positionnée à true, SSSD téléchargera toutes les règles qui contiennent " "un joker dans l'attribut sudoHost." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" "Cette page de manuel décrit uniquement le mappage de noms d'attribut. Pour " "une explication détaillée des sémantiques d'attributs relatives à sudo, cf. " "<citerefentry><refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "OPTIONS AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" "Veuillez noter que les valeurs par défaut correspondent au schéma par défaut " "qui est RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "ldap_autofs_map_object_class (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "" "La classe d'objet d'une entrée de table de montage automatique dans LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "Par défaut : automountMap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "ldap_autofs_map_name (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "Le nom d'une entrée de table de montage automatique dans LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "Par défaut : ou" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "ldap_autofs_entry_object_class (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "ldap_autofs_entry_key (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" "La clé d'une entrée de montage automatique dans LDAP. L'entrée correspond " "généralement à un point de montage." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "ldap_autofs_entry_value (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "Par défaut : automountInformation" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "OPTIONS AVANCÉES" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "ldap_user_search_filter (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" "Cette option définit un filtre de recherche LDAP supplémentaire qui " "restreint les recherches utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" "Cette option est <emphasis>déconseillée</emphasis> en faveur de la syntaxe " "utilisée par ldap_user_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" "Ce filtre restreindrait les recherches aux seuls utilisateurs qui ont leur " "interpréteur de commande défini en /bin/tcsh." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "ldap_group_search_filter (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" "Cette option définit un filtre de recherche LDAP supplémentaire qui " "restreint les recherches de groupe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" "Cette option est <emphasis>déconseillée</emphasis> en faveur de la syntaxe " "utilisée par ldap_group_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Ces options sont prises en charge par les domaines LDAP, mais ils doivent " "être utilisés avec précaution. Veuillez les inclure dans votre configuration " "seulement si vous savez ce que vous faites. <placeholder type=\"variablelist" "\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" "L'exemple suivant suppose que SSSD est correctement configuré et que LDAP " "pointe sur un des domaines de la section <replaceable>[domains]</" "replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTES" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" "Les descriptions de quelques unes des options de configuration des pages de " "manuel sont basées sur le manuel de <citerefentry> <refentrytitle>ldap.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> de la distribution " "de OpenLDAP 2.4." #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" "<productname>SSSD</productname> <orgname>Le projet SSSD - http://" "fedorahosted.org/sssd</orgname>" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "pam_sss" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "Module PAM pour SSSD" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 #, fuzzy #| msgid "" #| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> " #| "</arg>" msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" "<command>pam_sss.so</command> est l'interface PAM pour le démon des services " "de sécurité système (SSSD). Les erreurs et résultats sont journalisés par " "<command>syslog(3)</command> avec l'argument LOG_AUTHPRIV." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "<option>quiet</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "Supprimer les messages de journal pour les utilisateurs inconnus." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" "Si <option>forward_pass</option> est défini, le mot de passe saisi est " "inséré en mémoire pour les autres modules PAM utilisés." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "<option>use_first_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" "L'argument use_first_pass force le module à utliser un module de mot de " "passe déjà en mémoire et n'en fera jamais la demande à l'utilisateur. Si " "aucun mot de passe n'est disponible ou que celui-ci n'est pas approprié, " "l'utilisateur verra son accès refusé." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "<option>use_authtok</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" "Lorsque le changement de mot de passe force le module à modifier le mot de " "passe par celui fourni par un module de mot de passe déjà chargé en mémoire." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "<option>retry=N</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" "Si définit, on demande le mot de passe à l'utilisateur encore N fois si " "l'authentification échoue. Par défaut : 0." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" "Veuillez noter que cette option peut ne pas fonctionner comme attendu si " "l'application qui appelle PAM gère lui-même les dialogues avec " "l'utilisateur. Un exemple typique est <command>sshd</command> avec " "<option>PasswordAuthentication</option>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 #, fuzzy #| msgid "<option>forward_pass</option>" msgid "<option>ignore_unknown_user</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "TYPES DE MODULES FOURNIS" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" "Tous les types de module (<option>account</option>, <option>auth</option>, " "<option>password</option> et <option>session</option>) sont fournis." #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "FICHIERS" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" "Si une réinitialisation par root d'un mot de passe échoue parce que le " "fournisseur SSSD correspondant ne prend pas en charge la réinitialisation de " "mot de passe, un message spécifique peut être affiché. Ce message peut, par " "exemple, contenir les instructions permettant la réinitialisation." #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" "Le message est lu depuis le fichier <filename>pam_sss_pw_reset_message.LOC</" "filename> où LOC représente une chaîne de paramètres régionaux retournée par " "<citerefentry><refentrytitle>setlocale</refentrytitle> <manvolnum>3</" "manvolnum></citerefentry>. Si il n'y a aucun fichier correspondant, le " "contenu de <filename>pam_sss_pw_reset_message.txt</filename> est affiché. " "L'utilisateur root doit être le propriétaire des fichiers et seul root peut " "avoir les autorisations en lecture et en écriture alors que tous les autres " "utilisateurs doivent avoir les autorisations en lecture seule." #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" "Ces fichiers sont recherchés dans le dossier <filename>/etc/sssd/customize/" "NOM_DE_DOMAINE/</filename>. Si aucun fichier correspondant n'est présent, un " "message spécifique est affiché." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "sssd_krb5_locator_plugin" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 #, fuzzy #| msgid "" #| "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> " #| "is used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" #| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the " #| "Kerberos libraries what Realm and which KDC to use. Typically this is " #| "done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> " #| "<manvolnum>5</manvolnum> </citerefentry> which is always read by the " #| "Kerberos libraries. To simplify the configuration the Realm and the KDC " #| "can be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " #| "<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> " #| "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" #| "citerefentry>" msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" "Le greffon de localisation Kerberos <command>sssd_krb5_locator_plugin</" "command> est utilisé par le fournisseur Kerberos de " "<citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> pour indiquer aux bibliothèques Kerberos quel domaine et quel " "KDC à utiliser. En général, cela se fait en " "<citerefentry><refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> qui est toujours lu par les bibliothèques de " "Kerberos. Pour simplifier la configuration, le Domaine et le KDC peuvent " "être définis dans <citerefentry><refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> comme indiqué dans " "<citerefentry><refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" "<citerefentry><refentrytitle>SSSD</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> met le nom de domaine et le nom ou adresse IP du KDC dans les " "variables d'environnement SSSD_KRB5_REALM et SSSD_KRB5_KDC respectivement. " "Lorsque <command>sssd_krb5_locator_plugin</command> est appelé par les " "bibliothèques de kerberos, il lit et évalue ces variables et les transmet " "aux bibliothèques." #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" "Toutes les versions de Kerberos ne prennent en charge l'utilisation de " "greffons. Si <command>sssd_krb5_locator_plugin</command> n'est pas présent " "sur votre système, il faut modifier /etc/krb5.conf pour s'adapter à la " "configuration de Kerberos." #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" "Si la variable d'environnement SSSD_KRB5_LOCATOR_DEBUG a une valeur " "quelconque, des messages de débogage seront envoyés sur la sortie standard " "d'erreur." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "sssd-simple" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" "le fichier de configuration pour le fournisseur de contrôle d'accès « " "simple » de SSSD." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" "Cette page de manuel décrit la configuration du fournisseur de contrôle " "d'accès simple de <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. Pour plus de détails sur la " "syntaxe, cf. la section <quote>FORMAT DE FICHIER</quote> de la page de " "manuel <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" "Le fournisseur d'accès simple autorise les accès à partir de listes " "d'autorisation ou de refus de noms d'utilisateurs ou de groupes. Les règles " "suivantes s'appliquent :" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "Si toutes les listes sont vides, l'accès est autorisé" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" "Si une liste est fournie, quelle qu'elle soit, l'ordre d'évaluation est " "allow,deny. Autrement dit une règle de refus écrasera une règle " "d'autorisation." #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" "Si la ou les listes fournies sont seulement de type « allow », tous les " "utilisateurs sont refusés à moins qu'ils ne soient dans la liste." #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" "Si seulement les listes « deny » sont utilisées, tous les utlisateurs sont " "autorisés à moins qu'ils ne soient dans la liste." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "simple_allow_users (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "" "Liste séparée par des virgules d'utilisateurs autorisés à se connecter." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "simple_deny_users (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" "Liste séparée par des virgules d'utilisateurs dont l'accès sera refusé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "simple_allow_groups (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" "Liste séparée par des virgules de groupes autorisés à se connecter. Ceci ne " "s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont " "pas pris en compte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "simple_deny_groups (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" "Liste séparée par des virgules de groupes dont l'accès sera refusé. Ceci ne " "s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont " "pas pris en compte." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Se référer à la section <quote>SECTIONS DE DOMAINE</quote> de la page de " "manuel <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> pour les détails sur la configuration d'un " "domaine SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" "Ne spécifier aucune valeur pour aucune des listes revient à l'ignorer " "complètement. Se méfier de ceci lors de la création des paramètres pour le " "fournisseur simple à l'aide automatique de scripts." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" "Veuillez noter que la configuration simultanée de simple_allow_users et " "simple_deny_users est une erreur." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" "L'exemple suivant suppose que SSSD est correctement configuré et que example." "com est un des domaines dans la section <replaceable>[sssd]</replaceable>. " "Ces exemples montrent seulement les options spécifiques du fournisseur " "d'accès simple." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "sssd-ipa" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "Cette page de manuel décrit la configuration du fournisseur IPA pour " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Pour une référence détaillée sur la syntaxe, veuillez " "regarder la section <quote>FORMAT DE FICHIER</quote> de la page de manuel " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" "Le fournisseur IPA est le moteur pour se connecter à un serveur IPA. (Cf. le " "site freeipa.org pour plus d'informations sur les serveurs IPA). Ce " "fournisseur nécessite que la machine soit joignable pour le domaine IPA ; la " "configuration est presque entièrement obtenue et auto-découverte à partir du " "serveur." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" "Le fournisseur IPA accepte les mêmes options utilisées par le fournisseur " "d'identité <citerefentry><refentrytitle>sssd-ldap</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> et le fournisseur d'authentification " "<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> avec les quelques exceptions décrites ci-dessous." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" "Toutefois, il n'est ni nécessaire ni recommandé de définir ces options. Le " "fournisseur IPA peut également servir comme fournisseur d'accès et chpass. " "En tant que fournisseur d'accès, il utilise des règles HBAC (host-based " "access control). Veuillez consulter freeipa.org pour plus d'informations sur " "HBAC. Aucune configuration de fournisseur d'accès n'est requise côté client." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" "Le fournisseur IPA utilisera le répondeur PAC si les tickets Kerberos " "d'utilisateurs de domaines Kerberos approuvés contiennent un PAC. Pour " "rendre la configuration plus facile, le répondeur PAC est démarré " "automatiquement si le fournisseur d'ID de IPA est configuré." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "ipa_domain (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" "Définit le nom du domaine IPA. Facultatif, s'il n'est pas fourni, le nom de " "domaine de la configuration est utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "ipa_server, ipa_backup_server (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" "La liste par ordre de préférence séparée par des virgules des adresses IP ou " "des noms de systèmes des serveurs IPA auxquels SSSD doit se connecter . Pour " "plus d'informations sur la redondance de serveurs et le basculement, " "consulter la section de <quote>BASCULEMENT</quote>. Ceci est facultatif si " "la découverte automatique est activée. Pour plus d'informations sur la " "découverte de services, se reporter à la section de <quote>DÉCOUVERTE DE " "SERVICE</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "ipa_hostname (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" "Facultatif. Peut être défini pour des machines dont le hostname(5) ne " "reflète pas le nom de domaine pleinement qualifié du domaine IPA pour " "identifier l'hôte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "dyndns_update (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" "Facultatif. Cette option indique à SSSD de mettre à jour automatiquement le " "serveur DNS intégré à IPA v2 avec l'adresse IP de ce client. La mise à jour " "est sécurisée avec GSS-TSIG. L'adresse IP de la connexion LDAP IPA est " "utilisée pour les mises à jour, à moins qu'elle ne soit spécifiée par " "l'utilisation de l'option <quote>dyndns_iface</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" "NOTE : Sur les systèmes plus anciens (tels que RHEL 5), afin que ce " "comportement fonctionne de façon fiable, le domaine Kerberos par défaut doit " "être défini correctement dans /etc/krb5.conf" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" "REMARQUE : Bien qu'il soit toujours possible d'utiliser l'ancienne option " "<emphasis>ipa_dyndns_update</emphasis>, les utilisateurs doivent maintenant " "utiliser <emphasis>dyndns_update</emphasis> dans leur fichier de " "configuration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "dyndns_ttl (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" "Le TTL à appliquer à l'enregistrement du client DNS lors de sa mise à jour. " "Si dyndns_update a la valeur false, cela n'a aucun effet. Cela remplacera le " "TTL côté serveur s'il est défini par un administrateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" "REMARQUE : Bien qu'il soit toujours possible d'utiliser l'ancienne option " "<emphasis>ipa_dyndns_ttl</emphasis>, les utilisateurs doivent maintenant " "utiliser <emphasis>dyndns_ttl</emphasis> dans leur fichier de configuration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "Par défaut : 1200 (secondes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "dyndns_iface (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" "Facultatif. Applicable seulement quand dyndns_update est vrai. Choisit " "l'interface dont l'adresse IP sera utilisée pour les mises à jour dynamiques " "du DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" "REMARQUE : Bien qu'il soit toujours possible d'utiliser l'ancienne option " "<emphasis>ipa_dyndns_iface</emphasis>, les utilisateurs doivent maintenant " "utiliser <emphasis>dyndns_iface</emphasis> dans leur fichier de " "configuration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "Par défaut : utilise l'adresse IP de la connexion IPA LDAP" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "ipa_enable_dns_sites (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "Active les sites DNS - découverte de service basée sur l'emplacement" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" "Si true et que la découverte de service (cf. le paragraphe Découverte de " "service au bas de la page de manuel) est activée, alors SSSD tentera d'abord " "une découverte basée sur l'emplacement en utilisant une requête contenant " "« _location.hostname.example.com », puis reviendra à une découverte SRV " "traditionnelle. Si la découverte basée sur l'emplacement réussit, les " "serveurs IPA ainsi découverts sont traités comme serveurs primaires, et les " "serveurs identifiés via la découverte basée sur les enregistrements SRV " "seront utilisés comme serveurs de repli" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "dyndns_refresh_interval (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" "Fréquence de mise à jour des DNS par le moteur en plus des mises à jour " "automatiques effectuées lorsque le moteur arrive en ligne. Cette option est " "facultative, et n'est applicable que lorsque l'option dyndns_update est " "configurée à true." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "dyndns_update_ptr (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" "Selon que l'enregistrement PTR doit être explicitement mis à jour lors de la " "mise à jour des enregistrements DNS du client. Applicable uniquement lorsque " "l'option dyndns_update est configurée à true." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" "Cette option doit être positionnée à False pour la plupart des déploiements " "IPA, puisque le serveur IPA crée les enregistrements PTR automatiquement " "quand les enregistrements directs sont modifiés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "Par défaut : False (désactivé)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" "Selon que l'utilitaire nsupdate doit utiliser TCP par défaut pour la " "communication avec le serveur DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "Par défaut : False (laisser nsupdate choisir le protocole)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Facultatif. Utilise la chaîne donnée comme base de recherche pour les objets " "HBAC associés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "Par défaut : utilise le DN de base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" "Facultatif. Utiliser la chaîne donnée comme base de recherche pour héberger " "des objets." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" "Cf. <quote>ldap_search_base</quote> pour plus d'informations sur la " "configuration des bases de recherche multiples." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" "Si le filtre est donné dans l'une des bases de recherche et " "<emphasis>ipa_hbac_support_srchost</emphasis> a la valeur False, le filtre " "sera ignoré." #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Facultatif. Utiliser la chaîne donnée comme base de recherche pour les " "mappages utilisateur SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Facultatif. Utiliser la chaîne donnée comme base de recherche pour les " "domaines approuvés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Par défaut : la valeur de <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Facultatif. Utiliser la chaîne donnée comme base de recherche objet de " "domaine maître." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "Par défaut : la valeur de <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "krb5_validate (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "Vérifie avec l'aide de krb5_keytab que le TGT obtenu n'est pas usurpé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" "Noter que cette valeur par défaut diffère du moteur de traitement Kerberos " "original." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" "Le nom du domaine Kerberos. Facultatif, prend comme valeur par défaut la " "valeur de <quote>ipa_domain</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" "Le nom du domaine Kerberos a une signification spéciale dans IPA. Il est " "convertit en DN de base pour effectuer les opérations LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" "Spécifie si l'hôte et l'utilisateur principal doivent être rendus canoniques " "lors des connexions au serveur LDAP de IPA, mais aussi pour les requêtes AS. " "Cette fonctionnalité est disponible avec MIT Kerberos > = 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "krb5_use_fast (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" "Active le flexible authentication secure tunneling (FAST) pour la pré-" "authentification Kerberos. Les options suivantes sont supportées :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 #, fuzzy #| msgid "<emphasis>h</emphasis> for hours" msgid "<emphasis>never</emphasis> use FAST." msgstr "<emphasis>h</emphasis> pour heures" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 #, fuzzy #| msgid "" #| "<emphasis>try</emphasis> to use FAST. If the server does not support " #| "FAST, continue the authentication without it." msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" "<emphasis>essayer</emphasis> d'utiliser FAST. Si le serveur ne prend pas en " "charge FAST, continuer l'authentification sans." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" "<emphasis>imposer</emphasis> d'utiliser FAST. L'authentification échoue si " "le serveur ne requiert pas FAST." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 #, fuzzy #| msgid "Default: true" msgid "Default: try" msgstr "Par défaut : true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" "NOTE : SSSD prend en charge le paramètre FAST uniquement avec MIT Kerberos " "version 1.8 et au-delà. L'utilisation de SSSD avec une version antérieure de " "MIT Kerberos avec cette option est une erreur de configuration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" "Le temps entre deux recherches de règles HBAC sur un serveur IPA. Cela " "permet de réduire le temps de latence et la charge du serveur IPA si il y a " "beaucoup de requêtes de contrôle d'accès sur une courte période." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "Par défaut : 5 (secondes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" "Le temps entre les recherches de cartes SELinux sur un serveur IPA. Cela " "réduit le temps de latence et la charge du serveur IPA s'il y a beaucoup de " "requêtes de connexions utilisateurs sur une courte période." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "ipa_hbac_treat_deny_as (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" "Cette option indique comment utiliser les règles HBAC obsolètes de type " "DENY. À partir de FreeIPA v2.1, les règles DENY ne sont plus prises en " "charge sur le serveur. Tous les utilisateurs de FreeIPA doivent modifier " "leurs règles pour utiliser uniquement les règles ALLOW. Le client prendra en " "charge les deux modes opératoires pendant cette période de transition :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" "<emphasis>DENY_ALL</emphasis> : si une règle DENY HBAC est détectée, aucun " "utilisateur ne pourra se connecter." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" "<emphasis>IGNORE</emphasis> : SSSD ignorera toutes les règles DENY. " "Attention avec cette option, elle peut ouvrir des accès imprévus." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "Par défaut : DENY_ALL" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "ipa_hbac_support_srchost (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "Si false, srchost tel qu'il figure à SSSD par PAM sera ignoré." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" "Noter que si la valeur <emphasis>False</emphasis>, cette option implique que " "les filtres donnés en <emphasis>ipa_host_search_base</emphasis> seront " "ignorés ;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 #, fuzzy #| msgid "This options should only be set by the IPA installer." msgid "This option should only be set by the IPA installer." msgstr "" "Cette option ne doit être utilisée que par le programme d'installation IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" "Cette option indique que SSSD fonctionne sur un serveur IPA et doit " "effectuer différemment ses recherches d'utilisateurs et groupes depuis les " "domaines approuvés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "L'emplacement à automonter qu'utilisera ce client IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "Par défaut : Le lieu nommé « default »" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "ipa_netgroup_member_of (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "L'attribut LDAP qui répertorie les appartenances aux netgroups." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "ipa_netgroup_member_user (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" "L'attribut LDAP qui répertorie les utilisateurs et les groupes qui sont " "membres directs du netgroup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "Par défaut : memberUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "ipa_netgroup_member_host (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" "L'attribut LDAP qui répertorie les systèmes et les groupes de systèmes qui " "sont membres directs du netgroup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "Par défaut : memberHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "ipa_netgroup_member_ext_host (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" "L'attribut LDAP qui répertorie les noms de domaines complets des systèmes et " "des groupes de systèmes qui appartiennent au groupe réseau." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "Par défaut : externalHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "ipa_netgroup_domain (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "L'attribut LDAP qui contient le nom de domaine NIS du netgroup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "Par défaut : nisDomainName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "ipa_host_object_class (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "La classe de l'objet d'une entrée d'hôte dans l'annuaire LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "Par défaut : ipaHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "ipa_host_fqdn (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "L'attribut LDAP qui contient le nom de domaine complet du système." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "Par défaut : nom de domaine complet" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "ipa_selinux_usermap_object_class (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "ipa_selinux_usermap_name (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "L'attribut LDAP qui contient le nom de SELinux usermap." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "ipa_selinux_usermap_member_user (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" "L'attribut LDAP qui contient tous les utilisateurs / groupes correspondant à " "cette règle." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "ipa_selinux_usermap_member_host (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" "L'attribut LDAP qui contient tous les hôtes / hostgroups correspondant à " "cette règle." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "ipa_selinux_usermap_see_also (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" "L'attribut LDAP qui contient le DN de la règle de HBAC qui peut être utilisé " "pour la correspondance au lieu de memberUser et memberHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "Par défaut : seeAlso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "ipa_selinux_usermap_selinux_user (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "L'attribut LDAP qui contient la chaîne utilisateur SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "Par défaut : ipaSELinuxUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "ipa_selinux_usermap_enabled (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" "L'attribut LDAP qui contient le fait que la carte utilisateur est activée " "pour utilisation ou non." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "Par défaut : ipaEnabledFlag" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "ipa_selinux_usermap_user_category (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" "L'attribut LDAP qui contient la catégorie utilisateur tels que « all »." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "Par défaut : userCategory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "ipa_selinux_usermap_host_category (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "L'attribut LDAP qui contient la catégorie hôte tels que « all »." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "Par défaut : hostCategory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "ipa_selinux_usermap_uuid (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "L'attribut LDAP qui contient l'ID unique de la carte de l'utilisateur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "Par défaut : ipaUniqueID" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "ipa_host_ssh_public_key (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "L'attribut LDAP qui contient les clés publiques SSH de l'hôte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "Par défaut : ipaSshPubKey" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "FOURNISSEURS DE SOUS-DOMAINES" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" "Le fournisseur de sous-domaines IPA se comporte un peu différemment s'il est " "configuré explicitement ou implicitement." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" "Si l'option « subdomains_provider = ipa » se trouve dans la section domaine " "de sssd.conf, le fournisseur de sous-domaines d'IPA est configuré " "explicitement, et toutes les demandes de sous-domaines sont envoyées au " "serveur IPA si nécessaire." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" "Si l'option « subdomains_provider » n'est pas définie dans la section " "domaine de sssd.conf, mais qu'il y a l'option « id_provider = ipa », le " "fournisseur de sous-domaines IPA est configuré implicitement. Dans ce cas, " "si une demande de sous-domaine échoue et indique que le serveur ne prend pas " "en charge les sous-domaines, c'est-à-dire qu'il n'est pas configuré pour les " "relations d'approbations, le fournisseur de sous-domaines IPA est désactivé. " "Après une heure ou après que le fournisseur IPA arrive en ligne, le " "fournisseur de sous-domaines est à nouveau activé." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" "L'exemple suivant suppose que SSSD est correctement configuré et example.com " "est un des domaines de la section <replaceable>[sssd]</replaceable>. Ces " "exemples montrent seulement les options spécifiques au fournisseur IPA." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "sssd-ad" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "Cette page de manuel décrit la configuration du fournisseur AD pour " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Pour une référence détaillée sur la syntaxe, cf. la section " "<quote>FORMAT DE FICHIER</quote> de la page de manuel <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" "Le fournisseur AD est un moteur utilisé pour se connecter à un serveur " "Active Directory. Ce fournisseur exige que la machine soit jointe au domaine " "AD et qu'un fichier keytab soit disponible." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" "Le fournisseur AD prend en charge la connexion à Active Directory 2008 R2 ou " "ultérieures. Les versions antérieures peuvent fonctionner, mais ne sont pas " "supportées." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" "Le fournisseur AD accepte les mêmes options utilisées par le fournisseur " "d'identité <citerefentry><refentrytitle>sssd-ldap</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> et le fournisseur d'authentification " "<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> avec les quelques exceptions décrites ci-dessous." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 #, fuzzy #| msgid "" #| "However, it is neither necessary nor recommended to set these options. " #| "The AD provider can also be used as an access and chpass provider. No " #| "configuration of the access provider is required on the client side." msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" "Toutefois, il n'est ni nécessaire ni recommandé de définir ces options. Le " "fournisseur AD peut également être utilisé comme fournisseur d'accès et " "fournisseur chpass. Aucune configuration du fournisseur d'accès n'est " "requise côté client." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" "ldap_id_mapping = False\n" " " #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 #, fuzzy #| msgid "" #| "By default, the AD provider will map UID and GID values from the " #| "objectSID parameter in Active Directory. For details on this, see the " #| "<quote>ID MAPPING</quote> section below. If you want to disable ID " #| "mapping and instead rely on POSIX attributes defined in Active Directory, " #| "you should set <placeholder type=\"programlisting\" id=\"0\"/> Users, " #| "groups and other entities served by SSSD are always treated as case-" #| "insensitive in the AD provider for compatibility with Active Directory's " #| "LDAP implementation." msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" "Dans son comportement par défaut, le fournisseur AD associera les valeurs " "UID et GID à partir du paramètre objectSID dans Active Directory. Pour plus " "d'informations sur le sujet, voir la section <quote>CORRESPONDANCES " "D'IDENTIFIANTS</quote> ci-dessous. Si vous souhaitez désactiver la " "correspondance d'ID et vous appuyer plutôt sur les attributs POSIX définis " "dans Active Directory, il faut définir <placeholder type=\"programlisting\" " "id=\"0\"/> Les utilisateurs, les groupes et autres objets servis par SSSD " "sont toujours traités comme étant insensibles à la casse dans le fournisseur " "AD de manière à rester compatible avec la mise en œuvre de LDAP dans Active " "Directory." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "ad_domain (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" "Spécifie le nom du domaine Active Directory. Ceci est facultatif. S'il " "n'est pas fourni, le nom de domaine de la configuration est utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" "Pour un fonctionnement correct, cette option doit être le nom long du " "domaine Active Directory, spécifié en minuscules." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" "Le nom de domaine court (aussi connu comme le nom NetBIOS ou nom plat) est " "autodétecté par SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "ad_server, ad_backup_server (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" "La liste par ordre de préférence séparée par des virgules des noms de " "systèmes des serveurs AD auquel SSSD doit se connecter. Pour plus " "d'informations sur la redondance de serveurs et le basculement, consulter la " "section <quote>BASCULEMENT</quote>. Ceci est optionnel si la découverte " "automatique est activée. Pour plus d'informations sur la découverte de " "services, se reporter à la section de <quote>DÉCOUVERTE DE SERVICE</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "ad_hostname (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" "Facultatif. Peut être défini sur les machines où le hostname(5) ne reflète " "pas le nom pleinenent qualifié utilisé dans le domaine Active Directory pour " "identifier ce système." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" "Ce champ est utilisé pour déterminer le principal d'hôte utilisé dans un " "fichier keytab. Elle doit correspondre au nom du système pour lequel a été " "publié un fichier keytab." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "ad_enable_dns_sites (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" "Si configuré à true et que la découverte de service (cf. le paragraphe " "Découverte de service au bas de la page de manuel) est activée, SSSD tentera " "d'abord de découvrir le serveur Active Directory auquel se connecter en " "utilisant Active Directory Site Discovery, puis se repliera sur " "l'utilisation des enregistrements DNS SRV si aucun site AD n'est trouvé. La " "configuration SRV du DNS, incluant la découverte de domaine, est aussi " "utilisée pendant la découverte de site." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 #, fuzzy #| msgid "ad_enable_dns_sites (boolean)" msgid "ad_access_filter (boolean)" msgstr "ad_enable_dns_sites (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 #, fuzzy #| msgid "Default: not set" msgid "Default: Not set" msgstr "Par défaut : non défini" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 #, fuzzy #| msgid "ad_enable_dns_sites (boolean)" msgid "ad_enable_gc (boolean)" msgstr "ad_enable_dns_sites (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" "Facultatif. Cette option indique à SSSD de mettre à jour automatiquement le " "serveur DNS intégré à IPA v2 avec l'adresse IP de ce client. La mise à jour " "est sécurisée avec GSS-TSIG. Ainsi, l'administrateur Active Directory a " "uniquement besoin d'activer les mises à jour sécurisées pour la zone DNS. " "L'adresse IP de la connexion LDAP AD est utilisée pour les mises à jour, à " "moins qu'elle ne soit spécifiée par l'utilisation de l'option " "<quote>dyndns_iface</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "Par défaut : 3600 (secondes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "Par défaut : utilise l'adresse IP de la connexion LDAP AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "krb5_use_enterprise_principal (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" "Indique si le principal de l'utilisateur doit être traité comme un principal " "d'entreprise. Cf. la section 5 de la RFC 6806 pour plus de détails sur les " "principals d'entreprise." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" "L'exemple suivant suppose que SSSD est correctement configuré et example.com " "est un des domaines de la section <replaceable>[sssd]</replaceable>. Ces " "exemples montrent seulement les options spécifiques au fournisseur AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "Le fournisseur de contrôle d'accès AD vérifie si le compte a expiré. Cela a " "le même effet que la configuration suivante du fournisseur LDAP : " "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" "Cependant, à moins que le fournisseur de contrôle d'accès <quote>ad</quote> " "soit explicitement configué, le fournisseur de contrôle d'accès par défaut " "est <quote>permit</quote>." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "sssd-sudo" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "Configuration de sudo avec le moteur SSSD" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" "Cette page de manuel décrit comment configurer " "<citerefentry><refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> pour travailler avec <citerefentry><refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum></citerefentry> et comment SSSD met " "en cache les règles sudo." #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "Configuration de sudo pour coopérer avec SSSD" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" "Pour activer SSSD comme source pour les règles de sudo, ajouter " "<emphasis>sss</emphasis> à l'entrée <emphasis>sudoers</emphasis> dans " "<citerefentry><refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" "Par exemple, pour configurer sudo pour rechercher d'abord les règles dans le " "fichier standard <citerefentry><refentrytitle>sudoers</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> (qui doit contenir les règles qui " "s'appliquent aux utilisateurs locaux) et ensuite dans SSSD, le fichier " "nsswitch.conf doit contenir la ligne suivante :" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "sudoers: files sss\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" "Plus d'informations sur la configuration de l'ordre de recherche de sudoers " "depuis le fichier nsswitch.conf, mais aussi les informations sur le schéma " "LDAP qui est utilisé pour stocker les règles sudo dans l'annuaire sont " "disponibles dans <citerefentry><refentrytitle>sudoers.ldap</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "Configuration de SSSD pour aller chercher les règles de sudo" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" "L'exemple suivant montre comment configurer SSSD pour télécharger les règles " "sudo à partir d'un serveur LDAP." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 #, fuzzy #| msgid "" #| "When the SSSD is configured to use the IPA provider, the sudo provider is " #| "automatically enabled. The sudo search base is configured to use the " #| "compat tree (ou=sudoers,$DC)." msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" "Lorsque SSSD est configuré pour utiliser le fournisseur IPA, le fournisseur " "sudo est ajouté automatiquement. La base de recherche de sudo est alors " "configurée pour utiliser la branche de compatibilité (ou=sudoers,$DC)." #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "Le mécanisme de mise en cache de règles SUDO" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" "Le plus grand défi lors du développement de la prise en charge de sudo dans " "SSSD était de de s'assurer que l'utilisation d'un sudo exploitant SSSD comme " "source de données fournissait la même expérience utilisateur et était aussi " "rapide que sudo, tout en conservant le jeu de règles le plus à jour " "possible. Pour satisfaire ces exigences, SSSD utilise trois types de mises à " "jour. Elles sont appelées actualisation complète, rafraîchissement " "intelligent et rafraîchissement des règles." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" "Le <emphasis>rafraîchissement intelligent</emphasis> télécharge " "périodiquement les règles qui sont nouvelles ou qui ont été modifiées après " "la dernière mise à jour. Son but premier est d'éviter à la base de données " "de grossir en allant chercher de petits incréments qui ne génèrent pas de " "gros de trafic réseau." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" "Le <emphasis>rafracîchissement complèt</emphasis> supprime simplement toutes " "les règles sudo stockées dans le cache et les remplace par toutes les règles " "qui sont stockées sur le serveur. Ceci est utilisé pour assurer la cohérence " "de cache en supprimant toutes les règles qui ont été supprimées du serveur. " "Cependant, un rafraîchissement complet peut produire beaucoup de trafic et " "doit n'être exécuté qu'occasionnellement selon la taille et de la stabilité " "des règles sudo." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" "Le <emphasis>rafraîchissement des règles</emphasis> fait en sorte de ne pas " "accorder à l'utilisateur plus d'autorisations que défini. Il est déclenché " "chaque fois que l'utilisateur exécute sudo. L'actualisation des règles " "trouvera toutes les règles qui s'appliquent à cet utilisateur, vérifie leur " "date d'expiration et les retéléchargera si elles ont expiré. Dans le cas où " "l'une de ces règles est manquante sur le serveur, SSSD programmera en " "parallèle un rafraîchissement complet hors ligne car d'autres règles " "(s'appliquant à d'autres utilisateurs) peuvent avoir été supprimées." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" "Si activé, SSSD stocke uniquement les règles qui peuvent être appliquées à " "cette machine. En d'autres termes, ce sont les règles qui contiennent une " "des valeurs suivantes dans l'attribut de <emphasis>sudoHost</emphasis> :" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "mot-clé ALL" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "joker" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "netgroup (sous la forme « +netgroup »)" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" "nom de système ou le nom de domaine pleinement qualifié de cette machine" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "une des adresses IP de cette machine" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "une des adresses IP du réseau (sous la forme « adresse/masque »)" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" "Il existe de nombreuses options de configuration qui peuvent être utilisées " "pour ajuster le comportement. Consulter « ldap_sudo_ * » dans " "<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> et « sudo_ * » dans " "<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "sssd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "System Security Services Daemon" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" "<command>SSSD</command> fournit un jeu de démons pour gérer l'accès à des " "dossiers distants et les mécanismes d'authentification. Il fournit une " "interface NSS et PAM au travers du système et un moteur système extensible " "par greffons pour se connecter à de multiples comptes de sources différentes " "en plus d'une interface D-Bus. C'est aussi un moyen de fournir un moyen " "d'audit client et une politique de services pour les projets tels que " "FreeIPA. Il fournit une base de donnée plus robuste pour stocker les " "utilisateurs locaux ainsi que les données étendues des utilisateurs." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" "<emphasis>1</emphasis> : Ajouter un horodatage aux messages de débogage" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" "<emphasis>0</emphasis> : Désactiver l'horodatage dans les messages de " "débogage" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" "<emphasis>1</emphasis> : Ajouter les microsecondes à l'horodatage dans les " "messages de débogage" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" "<emphasis>0</emphasis> : Désactiver les microsecondes dans l'horodatage" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "<option>-f</option>,<option>--debug-to-files</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" "Envoie la sortie de débogage vers des fichiers plutôt que vers la sortie " "d'erreur standard. Par défaut, les fichiers de sortie sont stockés dans " "<filename>/var/log/sssd</filename> et des fichiers différents sont créés " "pour chaque service et domaine SSSD." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "<option>-D</option>,<option>--daemon</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "Devenir un démon après le démarrage." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "<option>-i</option>,<option>--interactive</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "Tourner en avant-plan et ne pas devenir un démon." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "<option>-c</option>,<option>--config</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "Définit un fichier de configuration autre que celui par défaut (<filename>/" "etc/sssd/sssd.conf</filename>). Pour obtenir des informations sur la syntaxe " "et les options du fichier de configuration, consulter les pages de manuel de " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "<option>--version</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "Afficher le numéro de version et quitter." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "Signaux" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "SIGTERM/SIGINT" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" "Indique à SSSD de fermer normalement tous ses processus fils puis d'arrêter " "le moniteur." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "SIGHUP" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" "Précise à SSSD de ne plus écrire vers son fichier de débogage actuel, de le " "fermer et de le rouvrir. Cela permet de faciliter les rotations de fichiers " "de sortie avec des programmes tels que logrotate." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "SIGUSR1" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" "Précise à SSSD de simuler une opération hors-ligne pendant une minute. C'est " "surtout utile pour faire des tests." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "SIGUSR2" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" "Précise à SSSD de passer en mode hors-ligne immédiatement. C'est surtout " "utile pour faire des tests." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 #, fuzzy #| msgid "" #| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " #| "debug messages will be sent to stderr." msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" "Si la variable d'environnement SSSD_KRB5_LOCATOR_DEBUG a une valeur " "quelconque, des messages de débogage seront envoyés sur la sortie standard " "d'erreur." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "sss_obfuscate" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "obscurcir un mot de passe en clair" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" "<command>sss_obfuscate</command> convertit un mot de passe donné en un " "format illisible par un humain et le place dans la section de domaine " "appropriée du fichier de configuration SSSD." #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" "Le mot de passe en clair est lu dans l'entrée standard ou entré " "interactivement. Les mots de passes chiffrés sont mis dans " "<quote>ldap_default_authtok</quote> pour un domaine SSSD donné et le " "paramètre <quote>ldap_default_authtok_type</quote> est défini à " "<quote>obfuscated_password</quote>. Cf. <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de " "détails sur ces paramètres." #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" "Veuillez noter que les mots de passe chiffrés ne fournissent <emphasis>aucun " "réel bénéfice de sécurité</emphasis> étant donné qu'il est possible de " "retrouver le mot de passe par ingénierie-inverse. Utiliser un meilleur " "mécanisme d'authentification tel que les certificats côté client ou GSSAPI " "est <emphasis>très</emphasis> conseillé." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "<option>-s</option>,<option>--stdin</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "Le mot de passe chiffré sera lu sur l'entrée standard." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAINE</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" "Le domaine SSSD auquel est lié le mot de passe. Le nom par défaut est " "<quote>default</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" "<option>-f</option>,<option>--file</option> <replaceable>FICHIER</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "Lit le fichier de configuration spécifié par le paramètre." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "Par défaut : <filename>/etc/sssd/sssd.conf</filename>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "sss_useradd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "créer un utilisateur" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>UTILISATEUR</" "replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" "<command>sss_useradd</command> crée un nouveau compte utilisateur en " "utilisant les valeurs spécifiées en ligne de commande auquelles sont " "ajoutées les valeurs par défaut du système." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" "Définit l'UID de l'utilisateur à la valeur <replaceable>UID</replaceable>. " "Si non précisé, il est choisit automatiquement." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENTAIRE</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" "Toute chaîne de caractère décrivant l'utilisateur. Souvent utilisé comme " "champ pour le nom entier de l'utilisateur." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" "Le répertoire personnel du compte utilisateur. Par défaut, on ajoute " "<replaceable>LOGIN</replaceable> à <filename>/home</filename> et on utilise " "cela comme dossier personnel. La base précédent <replaceable>LOGIN</" "replaceable> est modifiable avec le paramètre <quote>user_defaults/" "baseDirectory</quote> de sssd.conf." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" "L'interpréteur de commande de l'utilisateur. La valeur par défaut actuelle, " "<filename>/bin/bash</filename>, peut être modifiée avec le paramètre " "<quote>user_defaults/defaultShell</quote> dans sssd.conf." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPES</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "Une liste de groupes existants dont l'utilisateur est aussi membre." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "<option>-m</option>,<option>--create-home</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" "Crée le répertoire personnel de l'utilisateur s'il n'existe pas. Les " "fichiers et répertoires inclus dans le répertoire squelette (pouvant être " "définis avec l'option -k ou dans le fichier de configuration) sont copiés " "dans le dossier personnel." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "<option>-M</option>,<option>--no-create-home</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" "Ne pas créer de dossier personnel pour l'utilisateur. Écrase les paramètres " "de configuration." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" "Le répertoire squelette, contenant les fichiers et répertoires à copier dans " "le répertoire personnel de l'utilisateur, quand le répertoire personnel est " "créé par <command>sss_useradd</command>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" "Les fichiers spéciaux (périphériques blocs, caractères, tubes nommés et " "sockets unix) ne seront pas copiés." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" "L'option n'est valide que si l'option <option>-m</option> (ou <option>--" "create-home</option>) est utilisée ou si la création de répertoires " "personnels est à TRUE dans la configuration." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>UTILISATEUR_SELINUX</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" "L'utilisateur SELinux pour la connexion utilisateur. Si non spécifié, la " "valeur par défaut du système est utilisée." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "sssd-krb5" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" "Cette page de manuel décrit la configuration du moteur d'authentification de " "Kerberos 5 pour <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. Pour une référence détaillée sur " "la syntaex, veuillez vous référer à la section <quote>FORMAT DE FICHIER</" "quote> du manuel de <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" "Le moteur d'authentification Kerberos 5 contient les fournisseurs " "d'authentification et de changement de mot de passe. Il doit être couplé " "avec un fournisseur d'identité de manière à fonctionner proprement (par " "exemple, id_provider = ldap). Plusieurs informations requises par le moteur " "d'authentification Kerberos 5 doivent être fournies par le fournisseur " "d'identité, telles que le nom du principal de l'utilisateur Kerberos (UPN). " "La configuration du fournisseur d'identité doit avoir une entrée pour " "spécifier l'UPN. Veuillez vous référer aux pages du manuel du fournisseur " "d'identité ad-hoc pour pouvoir le configurer." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" "Ce moteur fournit aussi un contrôle d'accès sur le fichier .k5login dans le " "répertoire personnel de l'utilisateur. Voir <citerefentry> <refentrytitle>." "k5login</refentrytitle><manvolnum>5</manvolnum> </citerefentry> pour plus de " "détails. Veuillez noter qu'un fichier .k5login vide interdira tout accès " "pour cet utilisateur. Pour activer cette option, utilisez « access_provider " "= krb5 » dans votre configuration de SSSD." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" "Dans le cas où l'UPN n'est pas valide dans le moteur d'identité, " "<command>sssd</command> construira un UPN en utilisant le format " "<replaceable>utilisateur</replaceable>@<replaceable>krb5_realm</replaceable>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" "Spécifie la liste séparée par des virgules des adresses IP ou des noms de " "systèmes des serveurs Kerberos auquel SSSD doit se connecter, par ordre de " "préférence. Pour plus d'informations sur la redondance de basculement et le " "serveur, consultez la section de <quote>BASCULEMENT</quote>. Un numéro de " "port facultatif (précédé de deux-points) peut être ajouté aux adresses ou " "aux noms de systèmes. Si vide, le service de découverte est activé - pour " "plus d'informations, se reporter à la section <quote>DÉCOUVERTE DE SERVICE</" "quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" "Le nom du domaine Kerberos. Cette option est nécessaire et doit être " "renseignée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "krb5_kpasswd, krb5_backup_kpasswd (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" "Si le service de changement de mot de passe ne fonctionne pas sur le KDC, " "des serveurs de secours peuvent être définis ici. Un numéro de port " "facultatif (précédé par un signe deux-points) peut-être être suffixé aux " "adresses ou aux noms de systèmes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" "Pour plus d'information sur le basculement et la redondance de serveurs, " "voir la section <quote>BASCULEMENT</quote>. Noter que même si il n'y a plus " "de serveurs kpasswd à essayer, le moteur ne passe pas en mode hors-ligne si " "l'authentification KDC est toujours possible." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "Par défaut : utiliser le KDC" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "krb5_ccachedir (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "Par défaut : /tmp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "krb5_ccname_template (chaîne)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "%u" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "identifiant de connexion" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "%U" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "UID de l'utilisateur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "%p" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "nom du principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "%r" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "nom de domaine" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "%h" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "répertoire personnel" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "%d" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "valeur de krb5ccache_dir" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "%P" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "l'ID de processus du client SSSD" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "%%" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "un « % » littéral" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 #, fuzzy #| msgid "" #| "Location of the user's credential cache. Two credential cache types are " #| "currently supported: <quote>FILE</quote> and <quote>DIR</quote>. The " #| "cache can be specified either as <replaceable>TYPE:RESIDUAL</" #| "replaceable>, or as an absolute path, which implies the <quote>FILE</" #| "quote> type. In the template, the following sequences are substituted: " #| "<placeholder type=\"variablelist\" id=\"0\"/> If the template ends with " #| "'XXXXXX' mkstemp(3) is used to create a unique filename in a safe way." msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" "Emplacement du cache d'informations d'identification de l'utilisateur. Deux " "types de cache sont actuellement pris en charge : <quote>FILE</quote> et " "<quote>DIR</quote>. Le cache peut soit être spécifié comme <replaceable>TYPE:" "RESIDUAL</replaceable>, ou comme chemin d'accès absolu, ce qui implique le " "type <quote>FILE</quote>. Dans le modèle, les séquences suivantes sont " "substituées : <placeholder type=\"variablelist\" id=\"0\"/>. Si le modèle se " "termine par « XXXXXX », mkstemp (3) est utilisé pour créer un nom de fichier " "unique en toute sécurité." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 #, fuzzy #| msgid "Default: 0 (No limit)" msgid "Default: (from libkrb5)" msgstr "Par défaut : 0 (pas de limite)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "krb5_auth_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" "Délai d'attente, en secondes, après l'annulation d'une requête " "d'authentification en ligne ou de changement de mot de passe. La requête " "d'authentification sera effectuée hors-ligne si cela est possible." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" "Vérifie à l'aide de krb5_keytab que le TGT obtenu n'a pas été usurpé. Les " "entrées d'un fichier keytab sont vérifiées dans l'ordre, et la première " "entrée avec un domaine correspondant est utilisée pour la validation. Si " "aucune entrée ne correspond au domaine, la dernière entrée dans le fichier " "keytab est utilisée. Ce processus peut être utilisé pour valider des " "environnements utilisant l'approbation entre domaines en plaçant l'entrée " "keytab appropriée comme dernière ou comme seule entrée dans le fichier " "keytab." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "krb5_keytab (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" "L'emplacement du fichier keytab à utiliser pour valider les données " "d'identification obtenues à partir de KDC." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "Par défaut : /etc/krb5.keytab" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "krb5_store_password_if_offline (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" "Stocke le mot de passe de l'utilisateur si le fournisseur est hors-ligne, " "puis l'utilise pour obtenir un TGT lorsque le fournisseur redevient " "disponible en ligne." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" "NOTE : cette fonctionnalité n'est actuellement disponible que sur les plates-" "formes Linux. Les mots de passe stockés de cette manière sont conservés en " "texte brut dans le trousseau de clés du noyau et sont potentiellement " "accessibles à l'utilisateur root (avec difficulté)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "krb5_renewable_lifetime (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" "Demande un ticket renouvelable avec une durée de vie totale, donnée par un " "entier immédiatement suivi par une unité de temps :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "<emphasis>s</emphasis> pour secondes" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "<emphasis>m</emphasis> pour minutes" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "<emphasis>h</emphasis> pour heures" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "<emphasis>d</emphasis> pour jours." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "Si aucune unité n'est spécifiée, <emphasis>s</emphasis> est utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" "NOTE : il n'est pas possible de mélanger les unités. Pour indiquer une durée " "de vie renouvelable de une heure et trente minutes, utiliser « 90m » au lieu " "de « 1h30m »." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "" "Par défaut : non défini, c'est-à-dire que le TGT n'est pas renouvelable" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "krb5_lifetime (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" "Demande un ticket avec une durée de vie, donnée par un entier immédiatement " "suivi par une unité de temps :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "Si aucune unité n'est spécifiée, <emphasis>s</emphasis> est utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" "NOTE : il n'est pas possible de mélanger les unités. Pour indiquer une durée " "de vie de une heure et trente minutes, utiliser « 90m » au lieu de « 1h30m »." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" "Par défaut : non défini, c'est-à-dire la durée de vie par défaut configurée " "dans le KDC." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "krb5_renew_interval (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" "La durée, en secondes, entre deux vérifications pour savoir si le TGT doit " "être renouvelé. Les TGT sont renouvelés si environ la moitié de leur durée " "de vie est dépassée. Indiquée par un entier immédiatement suivi d'une unité " "de temps :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" "Si cette option n'est pas définie ou définie à 0, le renouvellement " "automatique est désactivé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" "ne <emphasis>jamais</emphasis> utiliser FAST. Ceci équivaut à ne pas définir " "cette option." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" "<emphasis>essayer</emphasis> d'utiliser FAST. Si le serveur ne prend pas en " "charge FAST, continuer l'authentification sans." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "Par défaut : non défini, i.e. FAST n'est pas utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "NOTE : un fichier keytab est requis pour utiliser FAST." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "krb5_fast_principal (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "Spécifie le principal de serveur afin d'utiliser FAST." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" "Spécifie si les principaux du système et de l'utilisateur doivent être " "rendus canoniques. Cette fonctionnalité est disponible avec MIT Kerberos 1.7 " "et versions suivantes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 #, fuzzy #| msgid "Default: false (AD provide: true)" msgid "Default: false (AD provider: true)" msgstr "Par défaut : false (AD provide: true)" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Si le module auth krb5 est utilisé dans un domaine SSSD, les options " "suivantes doivent être utilisées. Cf. la page de manuel " "<citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>, section <quote>SECTIONS DOMAINE</quote> pour plus " "de détails sur la configuration d'un domaine SSSD. <placeholder type=" "\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" "L'exemple suivant suppose que SSSD est correctement configuré et que FOO est " "l'un des domaines de la section <replaceable>[sssd]</replaceable>. Cet " "exemple montre uniquement la configuration de l'authentification Kerberos, " "et n'inclut aucun fournisseur d'identité." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "sss_groupadd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "Créer un nouveau groupe" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUPE</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" "<command>sss_groupadd</command> crée un nouveau groupe. Ces groupes sont " "compatibles avec les groupes POSIX, avec la caractéristique supplémentaire " "qu'ils peuvent contenir d'autres groupes comme membres." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" "Positionne le GID du groupe à la valeur <replaceable>GID</replaceable>. Si " "non spécifié, il est choisi automatiquement." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "sss_userdel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "Supprimer un compte utilisateur" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" "<command>sss_userdel</command> supprime du système un utilisateur identifié " "par son identifiant de connexion <replaceable>LOGIN</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "<option>-r</option>,<option>--remove</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" "Les fichiers dans le répertoire ainsi que le répertoire lui-même de " "l'utilisateur et sa messagerie seront supprimés. Outrepasse la configuration." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "<option>-R</option>,<option>--no-remove</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" "Les fichiers dans le répertoire ainsi que le répertoire lui-même de " "l'utilisateur et sa messagerie ne seront PAS supprimés. Outrepasse la " "configuration." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "<option>-f</option>,<option>--force</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" "Cette option oblige <command>sss_userdel</command> à supprimer le répertoire " "home de l'utilisateur et sa messagerie, même si ils ne sont pas détenus par " "l'utilisateur spécifié." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "<option>-k</option>,<option>--kick</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" "Avant de réellement supprimer l'utilisateur, mettre fin à tous ses processus." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "sss_groupdel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "supprimer un groupe" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUPE</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" "<command>sss_groupdel</command> supprime du système un groupe identifié par " "son nom de groupe <replaceable>GROUPE</replaceable>." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "sss_groupshow" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "affiche les propriétés d'un groupe" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUPE</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" "<command>sss_groupshow</command> affiche des informations sur un groupe " "identifié par son nom <replaceable>GROUPE</replaceable>. Les informations " "incluent l'ID de groupe, les membres du groupe ainsi que le groupe parent." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "<option>-R</option>,<option>--recursive</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" "Affiche aussi les membres indirects de groupe dans une hiérarchie " "arborescente. Noter que cela affecte également les affichages de groupes " "parents - sans l'option <option>R</option>, seul le parent direct sera " "affiché." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "sss_usermod" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "modifier un compte utilisateur" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" "<command>sss_usermod</command> modifie le compte défini par " "<replaceable>LOGIN</replaceable> pour refléter les modifications fournies en " "ligne de commande." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "Le répertoire personnel du compte utilisateur." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "L'interpréteur de commandes de l'utilisateur." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" "Ajouter cet utilisateur aux groupes spécifiés par le paramètre " "<replaceable>GROUPS</replaceable>. Le paramètre <replaceable>GROUPS</" "replaceable> est une liste séparée par des virgules de noms de groupes." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" "Retirer cet utilisateur de groupes spécifiés par le paramètre " "<replaceable>GROUPS</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "<option>-l</option>,<option>--lock</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "Verrouiller le compte utilisateur. Il ne pourra plus se connecter." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "<option>-u</option>,<option>--unlock</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "Déverrouiller le compte utilisateur." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "" "L'utilisateur SELinux pour l'identifiant de connexion de l'utilisateur." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "sss_cache" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "effectue le nettoyage du cache" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" "<command>sss_cache</command> invalide les enregistrements en cache de SSSD. " "Les documents invalidés sont obligés d'être rechargés à partir de leur " "serveur d'origine dès que le moteur SSSD redevient disponible en ligne." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "<option>-E</option>,<option>--everything</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "Invalider toutes les entrées en cache hors règles sudo." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "Invalider un utilisateur spécifique." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "<option>-U</option>,<option>--users</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" "L'annulation de tous les enregistrements d'utilisateur. Cette option prend " "le pas sur l'invalidation d'un utilisateur spécifique, si elle a été " "également configuré." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "L'annulation de groupe spécifique." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "<option>-G</option>,<option>--groups</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" "L'annulation de tous les enregistrements de groupe. Cette option prend le " "pas sur l'invalidation d'un groupe spécifique si elle a été également " "définie." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "Invalide un netgroup spécifique." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "<option>-N</option>,<option>--netgroups</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" "Invalider tous les enregistrements de netgroup. Cette option prend le pas " "sur l'invalidation de netgroup spécifiques s'il a été également définie." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "Invalider le service spécifique." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "<option>-S</option>,<option>--services</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" "Invalider tous les enregistrements de service. Cette option se substitue à " "l'invalidation de service spécifique s'elle a également été définie." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "Invalider des cartes autofs spécifiques." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "<option>-A</option>,<option>--autofs-maps</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" "Invalider toutes les cartes autofs. Cette option remplace l'invalidation de " "carte spécifique s'elle a également été définie." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "Restreindre le processus d'invalidation à un domaine particulier." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "sss_debuglevel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "modifie le niveau de débogage pendant l'exécution de SSSD" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" "<command>sss_debuglevel</command> positionne le niveau de débogage du " "moniteur et des fournisseurs SSSD à <replaceable>NEW_DEBUG_LEVEL</" "replaceable> pendant l'exécution de SSSD." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "sss_seed" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "initialise le cache SSSD avec un utilisateur" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" "<command>sss_seed</command> initialise le cache SSSD avec une entrée " "d'utilisateur et le mot de passe temporaire. Si une entrée d'utilisateur est " "déjà présente dans le cache de SSSD, l'entrée est mise à jour avec le mot de " "passe temporaire." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" "Indique le nom de domaine duquel l'utilisateur est membre. Le domaine est " "également utilisé pour récupérer les informations sur l'utilisateur. Le " "domaine doit être configuré dans sssd.conf. L'option <replaceable>DOMAIN</" "replaceable> doit être fournie. Les informations récupérées depuis le " "domaine prennent le pas sur ce qui est fourni dans les options." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" "Le nom d'utilisateur de l'entrée devant être créée ou modifiée dans le " "cache. L'option <replaceable>USER</replaceable> doit être fournie." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "Définit l'UID de l'utilisateur à <replaceable>UID</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "Définit le GID de l'utilisateur à <replaceable>GID</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" "Définit le répertoire de l'utilisateur à <replaceable>HOME_DIR</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" "Définit l'interpréteur de commande de l'utilisateur à <replaceable>SHELL</" "replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" "Mode interactif pour la saisie des informations de l'utilisateur. Cette " "option invite uniquement à la saisir des renseignements non fournis dans les " "options ou non récupérés à partir du domaine." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" "Spécifie le fichier dans lequel lire le mot de passe de l'utilisateur. (si " "aucun mot de passe n'est spécifié, il sera demandé)" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" "La taille du mot de passe (ou la taille du fichier spécifié avec l'option -p " "ou --password-file) doit être inférieure ou égale à PASS_MAX octets (64 " "octets sur les systèmes sans valeur globale définie de PASS_MAX)." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "sss_ssh_authorizedkeys" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "1" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "obtient les clés OpenSSH autorisées" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" "<command>sss_ssh_authorizedkeys</command> acquiert les clés publiques SSH " "pour <replaceable>USER</replaceable> et les renvoie dans le format " "authorized_keys de OpenSSH (cf. la section <quote>FORMAT DE FICHIER " "AUTHORIZED_KEYS</quote> de <citerefentry><refentrytitle>sshd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry> pour plus d'informations)." #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> peut être configuré pour utiliser " "<command>sss_ssh_authorizedkeys</command> pour l'authentification " "d'utilisateur par clé publique s'il est compilé avec la prise en compte des " "options <quote>AuthorizedKeysCommand</quote> ou <quote>PubkeyAgent</quote> " "de <citerefentry><refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "Si <quote>AuthorizedKeysCommand</quote> est pris en charge, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> peut être configuré pour l'utiliser en mettant la directive " "suivante dans <citerefentry><refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> : <placeholder type=\"programlisting" "\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" "Si <quote>PubkeyAgent</quote> est pris en charge, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> peut être configuré pour l'utiliser en utilisant la directive " "suivante de la configuration de <citerefentry><refentrytitle>sshd</" "refentrytitle> <manvolnum>8</manvolnum></citerefentry> : <placeholder type=" "\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" "Rechercher des clés publiques dans le domaine SSSD <replaceable>DOMAIN</" "replaceable>." #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "CODE RETOUR" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" "Dans le cas d'un opération achevée avec succès, une valeur de retour de 0 " "est renvoyée. Dans le cas contraire, 1 est renvoyé." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "sss_ssh_knownhostsproxy" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "obtenir les clés d'hôtes OpenSSH" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" "<command>sss_ssh_knownhostsproxy</command> récupère les clés publiques pour " "le système <replaceable>HOST</replaceable>, les stocke dans un fichier " "OpenSSH known_hosts spécifique (cf. la section <quote>FORMAT DU FICHIER " "SSH_KNOWN_HOSTS</quote> de <citerefentry><refentrytitle>sshd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry> pour plus d'informations) " "<filename>/var/lib/sss/pubconf/known_hosts</filename> puis établit la " "connexion vers le système." #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" "Si <replaceable>PROXY_COMMAND</replaceable> est indiqué, elle est alors " "utilisée pour établier la connexion vers le système au lieu d'ouvrir une " "socket." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> peut être configuré pour utiliser " "<command>sss_ssh_knownhostsproxy</command> pour l'authentication par clés en " "utilisant les directives suivantes pour la configuration de " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> : <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" "Utiliser le port <replaceable>PORT</replaceable> pour se connecter au " "système. Par défaut, le port 22 est utilisé." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" "Rechercher les clés publiques dans le domaine SSSD <replaceable>DOMAINE</" "replaceable> hôte." #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "DÉCOUVERTE DE SERVICE" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" "La fonctionnalité de découverte de services permet aux moteurs de trouver " "automatiquement les serveurs appropriés auxquels se connecter à l'aide d'une " "requête DNS spéciale. Cette fonctionnalité n'est pas pris en charge pour sur " "les serveurs secondaires." #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "Configuration" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" "Si aucun serveur n'est spécifié, le moteur utilise automatiquement la " "découverte de services pour tenter de trouver un serveur. L'utilisateur peut " "aussi choisir d'utiliser des adresses de serveur et de découverte de " "services fixes en insérant un mot-clé spécial, <quote>_srv_</quote>, dans la " "liste des serveurs. L'ordre de préférence est maintenu. Cette fonctionnalité " "est utile si, par exemple, l'utilisateur préfère utiliser la découverte de " "services chaque fois que possible et se replier vers un serveur spécifique " "lorsqu'aucun serveur ne peut être découvert à l'aide du DNS." #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "Le nom de domaine" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" "Se reporter au paramètre <quote>dns_discovery_domain</quote> dans la page de " "manuel <citerefentry><refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> pour plus de détails." #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "Le protocole" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" "Les requêtes spécifient généralement _tcp comme protocole. Les exceptions " "sont documentées dans les descriptions respectives des options." #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "Voir aussi" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" "Pour plus d'informations sur le mécanisme de découverte de services, se " "reporter à la RFC 2782." #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "BASCULEMENT" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" "La fonctionnalité de basculement autorise le moteur à basculer " "automatiquement sur un serveur différent si le serveur actuel est défaillant." #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "Syntaxe de basculement" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" "La liste des serveurs est donnée sous forme de liste séparée par des " "virgules ; un nombre quelconque d'espaces est autorisé autour de la virgule. " "Les serveurs sont répertoriés par ordre de préférence. La liste peut " "contenir un nombre quelconque de serveurs." #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" "Pour chaque option de configuration alors que le basculement est activé, il " "existe deux variantes : <emphasis>primary</emphasis> et <emphasis>backup</" "emphasis>. L'idée est que les serveurs dans la liste principale sont " "préférés et les serveurs de secours sont interrogés uniquement si aucun " "serveur primaire ne peut être atteint. Si un serveur de secours est " "sélectionné, un délai d'attente de 31 secondes est défini. Après ce délai " "d'attente, SSSD tentera périodiquement de se reconnecter à un des serveurs " "primaires. S'il réussit, il remplacera l'actuel serveur (de secours) actif." #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "Mécanisme de basculement" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" "Le mécanisme de basculement fait la distinction entre une machine et d'un " "service. Le moteur tente d'abord de résoudre le nom d'hôte d'un ordinateur " "donné ; en cas d'échec de cette tentative de résolution, la machine est " "considérée comme hors ligne. Aucune autre tentative n'est faite pour se " "connecter à cette machine pour tout autre service. Si la tentative de " "résolution réussit, le serveur principal tente de se connecter à un service " "sur cette machine. Si la tentative de connexion de service échoue, alors ce " "seul service est considéré comme hors ligne et le moteur passe " "automatiquement au service suivant. La machine est toujours considérée en " "ligne et peut toujours être considérée pour une tentative d'accès à un autre " "service." #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" "Les tentatives de connexion ultérieures sont faites vers des machines ou des " "services marqués comme hors connexion après un délai spécifié ; ce délai est " "actuellement spécifié en dur à 30 secondes." #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" "S'il n'y a plus aucune machine à essayer, le moteur dans son ensemble " "bascule dans le mode hors connexion et tente ensuite de se reconnecter " "toutes les 30 secondes." #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "CORRESPONDANCE D'IDENTIFIANTS" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" "La fonctionnalité de correspondance d'ID permet à SSSD d'agir comme un " "client de Active Directory sans demander aux administrateurs d'étendre les " "attributs utilisateur pour prendre en charge les attributs POSIX pour les " "identifiants d'utilisateur et de groupe." #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" "Remarque : Lorsque la mise en correspondance des ID est activée, les " "attributs uidNumber et gidNumber sont ignorés. Ceci afin d'éviter les " "risques de conflit entre les valeurs attribuées automatiquement et assignées " "manuellement. Si vous avez besoin d'utiliser des valeurs attribuées " "manuellement, TOUTES les valeurs doivent être assignées manuellement." #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "Algorithme de correspondance" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" "Active Directory fournit un objectSID pour chaque objet d'utilisateur et de " "groupe dans l'annuaire. Cet objectSID peut être divisé en composants qui " "représentent l'identité de domaine Active Directory et l'identificateur " "relatif (RID) de l'objet utilisateur ou groupe." #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" "L'algorithme de mise en correspondance des ID de SSSD tient un éventail " "d'uid disponibles et le divise en sections de même taille, appelées « " "tranches ». Chaque tranche représente l'espace disponible dans un domaine " "Active Directory." #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" "Lorsqu'une entrée d'utilisateur ou de groupe pour un domaine particulier est " "rencontrée pour la première fois, SSSD alloue une des plages disponibles " "pour ce domaine. Afin de rendre cette affectation de plage reproductible sur " "les ordinateurs clients différents, l'algorithme de sélection de plage " "suivant est utilisé :" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" "La chaîne du SID est passée par l'intermédiaire de l'algorithme murmurhash3 " "pour le convertir en une valeur de hachage de 32 bits. Nous prenons ensuite " "le modulo de cette valeur avec le nombre total des tranches disponibles pour " "prendre la tranche." #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" "Remarque : Il est possible de rencontrer les collisions dans le hachage et " "le modulo en découlant. Dans ces situations, la tranche suivante disponible " "sera sélectionnée, mais il n'est pas possible de reproduire le même jeu " "exact des tranches sur d'autres machines (puisque l'ordre dans lequel elles " "sont rencontrées déterminera leur tranche). Dans ce cas, il est recommandé " "de passer à l'utilisation des attributs POSIX explicites dans Active " "Directory (en désactivant la correspondance d'ID) ou configurer un domaine " "par défaut afin de garantir qu'au moins un est toujours cohérent. Pour plus " "d'informations, voir <quote>Configuration</quote>." #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" "Configuration minimale (dans la section <quote>[domain/DOMAINNAME]</" "quote>) :" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" "La configuration par défaut active 10 000 tranches, chacune pouvant contenir " "jusqu'à 200 000 identifiants, démarrant à 10 001 et allant jusqu'à " "2 000 100 000. Cela devrait être suffisant pour la plupart des déploiements." #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "Configuration avancée" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "ldap_idmap_range_min (integer)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" "Spécifie la limite inférieure de la plage d'ID POSIX à utiliser pour la mise " "en correspondance d'identifiants utilisateurs et groupes Active Directory." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" "NOTE : Cette option est différente de <quote>min_id</quote> en ce sens que " "<quote>min_id</quote> agit comme filtre sur le résultat des requêtes vers ce " "domaine, alors que cette option contrôle les plages de correspondance d'ID. " "Il s'agit d'une distinction subtile, mais les bonnes pratiques conseillent " "d'avoir <quote>min_id</quote> inférieur ou égal à " "<quote>ldap_idmap_range_min</quote>" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "Par défaut : 200000" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "ldap_idmap_range_max (integer)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" "Spécifie la limite supérieure de la plage d'ID POSIX à utiliser pour la mise " "en correspondance d'identifiants utilisateurs et groupes Active Directory." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" "NOTE : Cette option est différente de <quote>max_id</quote> en ce sens que " "<quote>max_id</quote> agit comme filtre sur le résultat des requêtes vers ce " "domaine, alors que cette option contrôle les plages de correspondance d'ID. " "Il s'agit d'une distinction subtile, mais les bonnes pratiques conseillent " "d'avoir <quote>max_id</quote> supérieur ou égal à " "<quote>ldap_idmap_range_max</quote>" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "Par défaut : 2000200000" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "ldap_idmap_range_size (integer)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" "Spécifie le nombre d'identifiants pour chaque tranche. Si la taille de la " "plage ne divise pas uniformément dans les valeurs minimale et maximale, des " "tranches complètes seront créées autant que possible." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "ldap_idmap_default_domain_sid (chaîne)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" "Spécifier le SID de domaine du domaine par défaut. Cela garantira que ce " "domaine est toujours affecté à la tranche zéro dans la carte d'ID, sans " "passer par l'algorithme murmurhash décrit ci-dessus." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "ldap_idmap_default_domain (chaîne)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "Spécifier le nom de domaine par défaut." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "ldap_idmap_autorid_compat (boolean)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" "Modifie le comportement de l'algorithme de mise en correspondance des ID " "afin qu'il se comporte de manière identique à celui <quote>idmap_autorid</" "quote> de winbind." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" "Lorsque cette option est configurée, les domaines seront alloués en " "commençant par la tranche zéro et augmentant de manière monotone pour chaque " "domaine supplémentaire." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" "Remarque : Cet algorithme n'est pas déterministe (il dépend de l'ordre dans " "lequel utilisateurs et groupes sont invités). Si ce mode est nécessaire pour " "assurer la compatibilité avec les ordinateurs qui utilisent winbind, il est " "recommandé d'utiliser également l'option " "<quote>ldap_idmap_default_domain_sid</quote> pour garantir qu'au moins un " "domaine est systématiquement alloué à la tranche zéro." #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "<option>-?</option>,<option>--help</option>" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "Affiche l'aide et quitte." #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "<option>-h</option>,<option>--help</option>" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "Niveaux de débogage actuellement pris en charge :" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 #, fuzzy #| msgid "" #| "<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent " #| "SSSD from starting up or causes it to cease running." msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" "<emphasis>0x0010</emphasis> : défaillances fatales. Tout ce qui empêcherait " "SSSD de démarrer ou provoquerait son arrêt." #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 #, fuzzy #| msgid "" #| "<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't " #| "kill the SSSD, but one that indicates that at least one major feature is " #| "not going to work properly." msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" "<emphasis>0x0020</emphasis> : échecs critiques. Une erreur qui ne tue pas " "SSSD, mais qui indique qu'au moins une caractéristique majeure ne pourra pas " "fonctionner correctement." #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 #, fuzzy #| msgid "" #| "<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a " #| "particular request or operation has failed." msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" "<emphasis>0x0040</emphasis> : défaillances graves. Une erreur qui annonce " "qu'une requête particulière ou une opération a échoué." #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 #, fuzzy #| msgid "" #| "<emphasis>0x0080</emphasis>: Minor failures. These are the errors that " #| "would percolate down to cause the operation failure of 2." msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" "<emphasis>0x0080</emphasis> : erreurs mineures. Ce sont les erreurs qui " "seraient susceptibles d'empirer pour provoquer l'erreur en 2." #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 #, fuzzy #| msgid "<emphasis>0x0100</emphasis>: Configuration settings." msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "<emphasis>0x0100</emphasis> : paramètres de configuration." #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 #, fuzzy #| msgid "<emphasis>0x0200</emphasis>: Function data." msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "<emphasis>0x0200</emphasis> : données de fonctionnement." #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 #, fuzzy #| msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions." msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "<emphasis>0x0400</emphasis> : traçage des fonctions opérationnelles." #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 #, fuzzy #| msgid "" #| "<emphasis>0x1000</emphasis>: Trace messages for internal control " #| "functions." msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" "<emphasis>0x1000</emphasis> : traçage des fonctions de contrôles internes." #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 #, fuzzy #| msgid "" #| "<emphasis>0x2000</emphasis>: Contents of function-internal variables that " #| "may be interesting." msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" "<emphasis>0x2000</emphasis> : contenu des variables internes de fonctions " "pouvent être intéressantes." #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 #, fuzzy #| msgid "" #| "<emphasis>0x4000</emphasis>: Extremely low-level tracing information." msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "<emphasis>0x4000</emphasis> : informations de traçage de bas niveau." #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 #, fuzzy #| msgid "" #| "To log required debug levels, simply add their numbers together as shown " #| "in following examples:" msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" "Pour activer les niveaux de débogage requis, il suffit de faire la somme de " "l'ensemble des numéros tel qu'illustré dans les exemples suivants :" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" "<emphasis>Exemple</emphasis> : pour suivre erreurs fatales, critiques, " "graves et les données de fonction, utiliser 0x0270." #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" "<emphasis>Exemple</emphasis> : pour consigner les erreurs fatales, les " "paramètres de configuration, les données de fonction, les messages de trace " "pour les fonctions de contrôle interne, utiliser 0x1310." #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 #, fuzzy #| msgid "" #| "<emphasis>Note</emphasis>: This is new format of debug levels introduced " #| "in 1.7.0. Older format (numbers from 0-10) is compatible but deprecated." msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" "<emphasis>Note</emphasis> : il s'agit d'un nouveau format des niveaux de " "débogage introduit dans la version 1.7.0. L'ancien format (nombres de 0 à " "10) est compatible mais déconseillé et voué à disparaître." #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 #, fuzzy #| msgid "<emphasis>h</emphasis> for hours" msgid "<emphasis>Default</emphasis>: 0" msgstr "<emphasis>h</emphasis> pour heures" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" "<emphasis>Il s'agit d'une fonctionnalité expérimentale, utiliser http://" "fedorahosted.org/sssd pour signaler les problèmes.</emphasis>" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "LE DOMAINE LOCAL" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" "Pour fonctionner correctement, un domaine avec <quote>id_provider = local</" "quote> doit être créé et SSSD doit s'exécuter." #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" "L'administrateur peut vouloir utiliser les utilisateurs locaux SSSD au lieu " "des utilisateurs UNIX traditionnels dans les cas où l'imbrication de groupes " "(cf. <citerefentry><refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry>) est nécessaire. Les utilisateurs locaux sont " "également utiles pour les tests et le développement de SSSD sans avoir à " "déployer un serveur distant complet. Les outils <command>sss_user *</" "command> et <command>sss_group *</command> utilisent alors un stockage local " "de type LDB pour les utilisateurs et les groupes." #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "VOIR AUSSI" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" "Un DN de base facultatif, une étendue de recherche et un filtre LDAP afin de " "restreindre les recherches LDAP pour ce type d'attribut." #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "syntaxe : <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" "La portée peut être « base », un « onelevel » ou « subtree ». Le filtre doit " "être un filtre de recherche LDAP valide tel que spécifié par http://www.ietf." "org/rfc/rfc2254.txt" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" "Pour obtenir des exemples de cette syntaxe, reportez-vous à la section " "d'exemples <quote>ldap_search_base</quote>." #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" "Noter que la spécification de portée ou de filtre n'est pas prise en charge " "pour les recherches sur un serveur Active Directory qui serait susceptible " "de produire un grand nombre de résultats et de déclencher l'extension Range " "Retrieval dans sa réponse." #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" "Veuillez noter que l'automounter ne lit que la carte maîtresse au démarrage. " "Ainsi, si des modifications liées à autofs sont apportées à sssd.conf, vous " "devrez généralement redémarrer le démon automounter après le redémarrage de " "SSSD" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "override_homedir (chaîne)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "numéro d'UID" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "nom de domaine" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "%f" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "nom d'utilisateur pleinement qualifié (utilisateur@domaine)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "%o" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" "Le répertoire utilisateur original provenant du fournisseur d'identité." #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Réécrit le répertoire personnel de l'utilisateur. Il est possible de fournir " "une valeur absolue ou un patron. Dans le cas d'un patron, les séquences " "suivantes sont substituées :<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "Cette option peut aussi être définie pour chaque domaine." #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" "override_homedir = /home/%u\n" " " #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "Par défaut : Indéfini (SSSD utilisera la valeur récupérée de LDAP)" #~ msgid "" #~ "Override the login shell for all users. This option can be specified " #~ "globally in the [nss] section or per-domain." #~ msgstr "" #~ "Substitue l'interpréteur de commandes pour tous les utilisateurs. Cette " #~ "option peut être spécifiée à l'échelle globale dans la section [nss] ou " #~ "par domaine." #~ msgid "" #~ "Directory to store credential caches. All the substitution sequences of " #~ "krb5_ccname_template can be used here, too, except %d and %P. If the " #~ "directory does not exist, it will be created. If %u, %U, %p or %h are " #~ "used, a private directory belonging to the user is created. Otherwise, a " #~ "public directory with restricted deletion flag (aka sticky bit, as " #~ "described in <citerefentry> <refentrytitle>chmod</refentrytitle> " #~ "<manvolnum>1</manvolnum> </citerefentry> for details) is created." #~ msgstr "" #~ "Répertoire pour stocker les caches crédits. Toutes les séquences de " #~ "substitution de krb5_ccname_template peuvent être utilisée ici, hormis %d " #~ "et %P. Si le dossier n'existe pas, il sera créé. Si %u, %U, %p ou %h sont " #~ "utilisés, un répertoire privé appartenant à l'utilisateur est créé. Sinon " #~ "un répertoire public avec un drapeau de restriction à la suppression " #~ "(aussi appelé « sticky bit », cf. <citerefentry> <refentrytitle>chmod</" #~ "refentrytitle> <manvolnum>1</manvolnum> </citerefentry> pour plus de " #~ "détails) est créé." #~ msgid "Default: FILE:%d/krb5cc_%U_XXXXXX" #~ msgstr "Par défaut : FICHIER:%d/krb5cc_%U_XXXXXX" #~ msgid "" #~ "Bit mask that indicates which debug levels will be visible. 0x0010 is the " #~ "default value as well as the lowest allowed value, 0xFFF0 is the most " #~ "verbose mode. This setting overrides the settings from config file." #~ msgstr "" #~ "Un masque de bits qui indique quels niveaux de débogage seront visibles. " #~ "0 x 0010 est la valeur par défaut ainsi que la plus basse autorisée, " #~ "0xFFF0 est le mode le plus détaillé. Ce paramètre prend le pas sur les " #~ "paramètres du fichier de configuration." �������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/po4a.cfg����������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�017057� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.259891436 30 ctime=1396954962.635874226 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/po4a.cfg���������������������������������������������������������������������0000664�0024127�0024127�00000006335�12320753107�017310� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[po4a_langs] br ca cs eu es fr ja lv nl pt ru tg uk zh_CN [po4a_paths] po/sssd-docs.pot $lang:po/$lang.po [type:docbook] sss_groupmod.8.xml $lang:$(builddir)/$lang/sss_groupmod.8.xml [type:docbook] sssd.conf.5.xml $lang:$(builddir)/$lang/sssd.conf.5.xml [type:docbook] sssd-ldap.5.xml $lang:$(builddir)/$lang/sssd-ldap.5.xml [type:docbook] pam_sss.8.xml $lang:$(builddir)/$lang/pam_sss.8.xml [type:docbook] sssd_krb5_locator_plugin.8.xml $lang:$(builddir)/$lang/sssd_krb5_locator_plugin.8.xml [type:docbook] sssd-simple.5.xml $lang:$(builddir)/$lang/sssd-simple.5.xml [type:docbook] sssd-ipa.5.xml $lang:$(builddir)/$lang/sssd-ipa.5.xml [type:docbook] sssd-ad.5.xml $lang:$(builddir)/$lang/sssd-ad.5.xml [type:docbook] sssd-sudo.5.xml $lang:$(builddir)/$lang/sssd-sudo.5.xml [type:docbook] sssd.8.xml $lang:$(builddir)/$lang/sssd.8.xml [type:docbook] sss_obfuscate.8.xml $lang:$(builddir)/$lang/sss_obfuscate.8.xml [type:docbook] sss_useradd.8.xml $lang:$(builddir)/$lang/sss_useradd.8.xml [type:docbook] sssd-krb5.5.xml $lang:$(builddir)/$lang/sssd-krb5.5.xml [type:docbook] sss_groupadd.8.xml $lang:$(builddir)/$lang/sss_groupadd.8.xml [type:docbook] sss_userdel.8.xml $lang:$(builddir)/$lang/sss_userdel.8.xml [type:docbook] sss_groupdel.8.xml $lang:$(builddir)/$lang/sss_groupdel.8.xml [type:docbook] sss_groupshow.8.xml $lang:$(builddir)/$lang/sss_groupshow.8.xml [type:docbook] sss_usermod.8.xml $lang:$(builddir)/$lang/sss_usermod.8.xml [type:docbook] sss_cache.8.xml $lang:$(builddir)/$lang/sss_cache.8.xml [type:docbook] sss_debuglevel.8.xml $lang:$(builddir)/$lang/sss_debuglevel.8.xml [type:docbook] sss_seed.8.xml $lang:$(builddir)/$lang/sss_seed.8.xml [type:docbook] sss_ssh_authorizedkeys.1.xml $lang:$(builddir)/$lang/sss_ssh_authorizedkeys.1.xml [type:docbook] sss_ssh_knownhostsproxy.1.xml $lang:$(builddir)/$lang/sss_ssh_knownhostsproxy.1.xml [type:docbook] include/service_discovery.xml $lang:$(builddir)/$lang/include/service_discovery.xml opt:"-k 0" [type:docbook] include/upstream.xml $lang:$(builddir)/$lang/include/upstream.xml opt:"-k 0" [type:docbook] include/failover.xml $lang:$(builddir)/$lang/include/failover.xml opt:"-k 0" [type:docbook] include/ldap_id_mapping.xml $lang:$(builddir)/$lang/include/ldap_id_mapping.xml opt:"-k 0" [type:docbook] include/param_help.xml $lang:$(builddir)/$lang/include/param_help.xml opt:"-k 0" [type:docbook] include/param_help_py.xml $lang:$(builddir)/$lang/include/param_help_py.xml opt:"-k 0" [type:docbook] include/debug_levels.xml $lang:$(builddir)/$lang/include/debug_levels.xml opt:"-k 0" [type:docbook] include/experimental.xml $lang:$(builddir)/$lang/include/experimental.xml opt:"-k 0" [type:docbook] include/local.xml $lang:$(builddir)/$lang/include/local.xml opt:"-k 0" [type:docbook] include/seealso.xml $lang:$(builddir)/$lang/include/seealso.xml opt:"-k 0" [type:docbook] include/ldap_search_bases.xml $lang:$(builddir)/$lang/include/ldap_search_bases.xml opt:"-k 0" [type:docbook] include/ldap_search_bases_experimental.xml $lang:$(builddir)/$lang/include/ldap_search_bases_experimental.xml opt:"-k 0" [type:docbook] include/autofs_restart.xml $lang:$(builddir)/$lang/include/autofs_restart.xml opt:"-k 0" [type:docbook] include/override_homedir.xml $lang:$(builddir)/$lang/include/override_homedir.xml opt:"-k 0" ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/es.po�������������������������������������������������������0000644�0000000�0000000�00000000132�12320753573�016504� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396955003.493843878 30 atime=1396955003.493843878 30 ctime=1396955003.493843878 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/es.po������������������������������������������������������������������������0000664�0024127�0024127�00001664466�12320753573�016762� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: # Adolfo Jayme Barrientos <fitoschido@ubuntu.com>, 2012 # Gumbo72 <carlosantolin@hotmail.es>, 2012 # Domingo Becker <domingobecker@gmail.com>, 2013 # Eduardo Villagrán M <gotencool@gmail.com>, 2011 # Eduardo Villagrán M <gotencool@gmail.com>, 2011 # vareli <ehespinosa@ya.com>, 2013 # vareli <ehespinosa@ya.com>, 2013 # Daniel Cabrera <logan@fedoraproject.org>, 2011 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2014-01-22 10:10+0000\n" "Last-Translator: vareli <ehespinosa@ya.com>\n" "Language-Team: Spanish (http://www.transifex.com/projects/p/fedora/language/" "es/)\n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "Páginas de manual de SSSD" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "sss_groupmod" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "8" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "modifica un grupo" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "DESCRIPCION" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" "<command>sss_groupmod</command> modifica el grupo para reflejar los cambios " "indicados en la línea de comandos." #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "OPCIONES" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" "Agrega este grupo a otros grupos que hayan sido indicados con el parámetro " "<replaceable>GROUPS</replaceable>. El parámetros <replaceable>GROUPS</" "replaceable> es una lista de nombres de grupos separados por comas." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" "Elimina este grupo de los grupos especificados con el parámetro " "<replaceable>GROUPS</replaceable>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "sssd.conf" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "Formatos de archivo y convenciones" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "El archivo de configuración de SSSD" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "Formato de archivo" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "El archivo posee una sintaxis de tipo ini consistente de secciones y " "parámetros. Una sección comienza con el nombre de dicha sección colocado " "entre corchetes, y continua hasta que comienza la próxima sección. Este es " "un ejemplo de una sección con parámetros de valores simples y múltiples: " "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" "Los tipos de datos utilizados son cadenas (no es necesario ingresarlos entre " "comillas), enteros o booleanos (cuyos valores son <quote>TRUE/FALSE</quote>)." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" "Una línea de comentario comienza con una almohadilla (<quote>#</quote>) o un " "punto y coma (<quote>;</quote>). No se soportan los comentarios en línea." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" "Todas las secciones pueden tener un parámetro opcional de " "<replaceable>descripción</replaceable>. Su función es solo la de servir como " "etiqueta a tal sección." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" "<filename>sssd.conf</filename> debe ser un archivo regular, cuyo dueño sea " "el usuario root, y sólo este usuario podrá tener permisos de lectura y " "escritura sobre él." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "SECCIONES ESPECIALES" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "La sección [sssd]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "Parámetros de sección" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "config_file_version (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" "Indica cuál es la sintaxis del archivo de configuración. SSSD 0.6.0 y " "posteriores utilizan una versión 2." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "servicios" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" "Una lista separadas por comas de los servicios que son iniciados cuando se " "enciende sssd." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" "Servicios soportados: nss, pam <phrase condition=\"with_sudo\">, sudo</" "phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase " "condition=\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder" "\">, pac</phrase>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" "Cantidad de intentos de reconexión de los servicios ante una eventual caída " "de datos del proveedor, o de reiniciarse antes de abandonar" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "Predeterminado: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "dominios" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "re_expression (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" "Expresión regular por defecto que describe como analizar la cadena que " "contiene el nombre de usuario y el dominio en estos componentes." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" "Cada dominio puede tener una expresión regular individual configurada. Para " "algunos proveedores de ID hay también expresiones regulares por defecto. Vea " "DOMAIN SECTIONS para más información sobre estas expresiones regulares." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "full_name_format (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" "Cada dominio puede tener una cadena de formato individual configurar. Vea " "SECCIONES DOMINIO para más información sobre esta opción." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "try_inotify (boolean)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" "SSSD monitorea el estado de resolv.conf para saber cuando es necesario " "actualizar su resolutor DNS interno. Por defecto, intentaremos utilizar para " "ello la herramienta inotify, quien consultará a resolv.conf cada cinco " "segundos en caso que inotify no pueda ser utilizado." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" "Existen algunas pocas situaciones en donde lo preferible es evitar el uso de " "inotify. En estas raras excepciones, la opción debería ser definida en " "'false' " #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" "Predeterminado: 'true' en plataformas donde inotify tenga soporte. 'False' " "en el resto de las plataformas." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" "Nota: esta opción no tendrá efecto en plataformas donde inotify no se " "encuenytre disponible. En estas plataformas, la consulta (polling) será " "utilizada siempre." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "krb5_rcache_dir (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "Directorio en el sistema de archivos donde SSSD debería guardar fichero de " "reproducción de cache de Kerberos." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" "Esta opción acepta un valor especial __LIBKRB5_DEFAULTS__ que instruirá a " "SSSD para dejar a libkrb5 decidir la localización apropiada del escondrijo " "de respuesta." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" "Por defecto: Distribución específica y especificado en la acumulación de " "tiempo. (si no se configura __LIBKRB5_DEFAULTS__)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "default_domain_suffix (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" "Esta cadena será usada como nombre de dominio por defecto para todos los " "nombre sin un componente de nombre de dominio. El principal caso de uso es " "en entornos donde el dominio principal está dirigido a gestionar las " "políticas de host y todos los usuarios están localizados en un dominio " "confiable. La opción permite a esos usuarios acceder sólo con su nombre de " "usuario sin dar también un nombre de dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" "Por favor advierta si esta opción está fijada en todos los usuarios del " "dominio primaria que tengan que usar su nombre cualificado completo, esto es " "user@domain.name, para acceder." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "Predeterminado: no definido" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" "Trozos individuales de funcionalidad SSSD son suministrados por servicios " "especiales SSSD que se inician y parar junto a SSSD. Los servicios son " "gestionados por un servicio especial frecuentemente llamado <quote>monitor</" "quote>. La sección <quote>[sssd]</quote> se usa para configurar el monitor " "así como algunas otras opciones importantes como la identidad de dominios. " "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "SECCIONES DE SERVICIOS" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" "Los ajustes que pueden ser utilizados para configurar diferentes servicios " "se describe en esta sección. Ellos deben residir en la sección [<replaceable>" "$NAME</replaceable>], por ejemplo, para el servicio NSS, la sección sería " "<quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "Opciones de configuración de servicios generales" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "Estas opciones pueden usarse para configurar cualquier servicio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "debug_level (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "debug_timestamps (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "Agregar una marca de tiempo a los mensajes de depuración" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "Predeterminado: true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "debug_microseconds (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "Agregar microsegundos a la marca de tiempo en mensajes de depuración" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "Predeterminado: false" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" "Tiempo de espera en segundos entre latidos para este servicio. Esto se usa " "para asegurar que el proceso está vivo y capaz de responder peticiones." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "Predeterminado: 10" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" "Esta opción especifica el número máximo de descriptores de ficheros que " "pueden ser abiertos a la vez por este proceso SSSD. Sobre sistemas donde " "SSSD ha alcanzado la capacidad CAP_SYS_RESOURCE, este será un ajuste " "absoluto. Sobre sistemas sin esta capacidad, el valor resultante será el " "valor más bajo de este o de limite “hard” en limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Por defecto: 8192 (o limite “hard” en limits.conf)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" "Esta opción especifica el número de segundos que un cliente de un proceso " "SSSD puede retener un desciptor de fichero sin comunicarlo. Este valor está " "limitado con el objetivo de evitar un agotamiento de los recursos del " "sistema." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "Predeterminado: 60" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "force_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" "Si un servicio no está respondiendo a las comprobaciones ping (vea la opción " "<quote>timeout</quote>), primero enviará la señal SIGTERM que le instruye a " "salir amigablemente. Si el servicio no termina después de " "<quote>force_timeout</quote> segundos, el monitor le forzara a caer enviando " "una señal SIGKILL." #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "Opciones de configuración de NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" "Estas opciones pueden ser usadas para configurar el servicio Name Service " "Switch (NSS)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" "Cuantos segundos ocultaría enumeraciones nss_sss (peticiones de información " "sobre todos los usuarios)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "Predeterminado: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" "La entrada a la cache puede ser fijada automáticamente para actualizar " "entradas en segundo plano si hay peticiones más allá de un porcentanje del " "valor de entry_cache_timeout para el dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" "Por ejemplo, si entry_cache_timeout del dominio está fijado a 30 y " "entry_cache_nowait_percentage está fijado a 50 (por ciento), las entradas " "que vengan después de 15 segundos pasado el último cache serán devueltas " "inmediatamente, pero SSSD irá y actualizará el cache por el mismo, de modo " "que las futuras peticiones no necesitarán bloquearse a la espera de una " "actualización del cache." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" "Los valores válidos para esta opción son 0-99 y representan un porcentaje de " "entry_cache_timeout para cada dominio. Por razones de rendimiento, este " "porcentaje nunca reducirá el tiempo de salida de no espera a menos de 10 " "segundos. (0 deshabilita esta función)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "Predeterminado: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" "Especifica por cuantos segundos nss_sss escondería golpes negativos al cache " "(esto es, consultas para entradas no válidas a la base de datos, como " "entradas no existentes) antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "Predeterminado: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" "Excluye ciertos usuarios de ser exagerados por la base de datos sss NSS. " "Esto es particularmente útil para cuentas de sistema. Esta opción puede ser " "también fijada por dominio o incluir nombres totalmente cualificados para " "filtrar sólo usuario de un dominio concreto." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "Predeterminado: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" "Si usted desea filtrar usuarios aunque sean miembros del grupo, fije esta " "opción a false." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "fallback_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" "Fija la plantilla por defecto para el direcorio home del usuario si no se ha " "especificado una explícitamente por el proveedor de datos del dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" "Los valores disponibles para esta opción son los mismos que para " "override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, fuzzy, no-wrap #| msgid "" #| "override_homedir = /home/%u\n" #| " " msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" "override_homedir = /home/%u\n" " " #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Por defecto: no fijado (sin sustitución para los directorios home no fijados)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "override_shell (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 #, fuzzy #| msgid "" #| "The default shell to use if the provider does not return one during " #| "lookup. This option supersedes any other shell options if it takes effect " #| "and can be set either in the [nss] section or per-domain." msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" "La shell por defecto a usar si el proveedor no devuelve una durante la " "búsqueda. Esta opción reemplaza cualquier otra opción de shell si toman " "efecto y puede fijada en la sección [nss] o por dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "allowed_shells (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" "Restringe la shell de usuario a uno de los valores listados. El orden de " "evaluación es:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "1. Si el shell está presente en <quote>/etc/shells</quote>, se usa." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" "2. Si el shell está en la lista allowed_shells pero no en <quote>/etc/" "shells</quote>, usa el valor del parámetro shell_fallback." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" "3. Si el shell no está en la lista allowed_shells y tampoco en <quote>/etc/" "shells</quote>, se usará un shell de no acceso." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "Una cadena vacía para el shell se pasa como-es a libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" "<quote>/etc/shells</quote> es de sólo lectura en el inicio SSSD, lo que " "significa que se requiere el reinicio del SSSD en el caso de que se instale " "una nueva shell." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "Por defecto: No fijado. La shell del usuario se usa automáticamente." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "vetoed_shells (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "Reemplaza cualquier instancia de estos shells con shell_fallback" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "shell_fallback (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" "La shell por defecto a usar si una shell permitida no está instalada en la " "máquina." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "Predeterminado: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 #, fuzzy #| msgid "" #| "The default shell to use if the provider does not return one during " #| "lookup. This option supersedes any other shell options if it takes effect " #| "and can be set either in the [nss] section or per-domain." msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" "La shell por defecto a usar si el proveedor no devuelve una durante la " "búsqueda. Esta opción reemplaza cualquier otra opción de shell si toman " "efecto y puede fijada en la sección [nss] o por dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" "Por defecto: no fijado (Devuelve NULL si no se ha especificado una shell y " "confía en libc para sustituir algo sensible cuando sea necesario, " "normalmente /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" "Especifica el tiempo en segundos por los cuales la lista de subdominios será " "considerada válida." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "memcache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" "Especifica el tiempo en segundos durante el cual los archivos en el " "escondrijo en memoria serán válidos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "Predeterminado: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "Opciones de configuración PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" "Estas opciones pueden ser usadas para configurar el servicio Pluggable " "Authentication Module (PAM)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" "Si la autenticación del proveedor es fuera de línea, cuanto permitiríamos " "los accesos escondidos (en días desde el último login en línea con éxito)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "Predeterminado: 0 (Sin límite)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" "Si la autenticación del proveedor es fuera de línea, cuantos intentos de " "login fallados están permitidos." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" "El tiempo en minutos que ha de pasar después de que " "offline_failed_login_attempts ha sido alcanzado antes de que un nuevo " "intento de login sea posible." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" "Si se fija en 0 el usuario no puede autenticarse fuerta de línea si se ha " "alcanzado offline_failed_login_attempts. Sólo una autenticación en línea con " "éxito puede habilitar otra vez la autenticación fuera de línea." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "Predeterminado: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" "Controla qué tipo de mensajes se muestra al usuario durante la " "autenticación. Cuanto mayor sea el número de mensajes más aparecen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "Actualmente sssd soporta los siguientes valores:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: mostrar todos los mensajes e información de " "depuración" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "Predeterminado: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" "Para cualquier petición PAM mientras SSSD está en línea, SSSD intentará " "inmediatamente actualizar la información de identidad escondida por el " "usuario con el objetivo de asegurar que la autenticación tiene lugar con la " "información más actual." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" "Una conversación PAM completa puede llevar a cabo múltiples peticiones PAM, " "como gestión de cuenta y apertura de sesión. Esta opción controla (sobre una " "base de por cliente-aplicación) cuanto (en segundos) podemos esconder la " "información de identidad para evitar excesivos viajes de ida y vuelata al " "proveedor de identidad." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "Mostrar una advertencia N días antes que la contraseña caduque." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" "Por favor advierta que el servidor de punto final tiene que suministrar " "información sobre el tiempo de expiración de la contraseña. Si esta " "información desaparece, sssd no podrá mostrar un aviso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" "Si está fijado cero, no se aplicará el filtro, esto es si se recibe una " "advertencia de expiración desde el servidor final, se mostrará " "automáticamente." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" "Este ajuste puede ser anulado por el ajuste " "<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "Predeterminado: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "SUDO opciones de configuración" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "Estas opciones pueden ser usadas para configurar el servicio sudo." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "sudo_timed (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" "Si se evalúan o no los atributos sudoNotBefore y sudoNotAfter que implementa " "entradas de sudoers dependientes del tiempo." #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "Opciones de configuración AUTOFS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "Estas opciones pueden ser usadas para configurar el servicio autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" "Especifica cuantos segundos debería el respondedor negativo autofs esconder " "golpes (esto es, consultas a entradas de mapa no válidad, como las no " "existentes) antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "Opciones de configuración SSH" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "Estas opciones se pueden usar para configurar el servicio SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" "Si se pican o no los nombres y las direcciones de host en fichero gestionado " "known_host. " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" "Cuantos segundos se mantiene un host en el fichero known_hosts gestionados " "después de que se hayan pedido sus claves de host." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "Por defecto: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "Opciones de configuración del respondedor PAC" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" "El respondedor PAC trabaja junto el plugin de datos de autorización para MIT " "Kerberos sssd_pac_plugin.so y un proveedor de subdominio. El plugin envía el " "dato PAC durante una autenticación GSSAPI al respondedor PAC. El proveedor " "de subdominio recoge los rangos SID e ID del dominio a los que se une el " "cliente y de los dominio remotos de confianza desde el controlador de " "dominio local. Si el PAC es descodificado y evaluado se hacen alguna de las " "siguientes operaciones:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "allowed_uids (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" "Especifica la lista separada por comas de los valores UID o nombres de " "usuario que tiene el acceso permitido al respondedor PAC." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "Por defecto: 0 (sólo el usuario root tiene permitido el acceso al " "respondedor PAC)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" "Por favor advierta que aunque la UID 0 se usa por defecto será anulada con " "esta opción. Si usted deses todavía permitir al usuario root acceder al " "respondedor PAC, que sería el caso típico, usted tiene que añadir 0 a la " "lista de UIDs permitidas también." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "SECCIONES DE DOMINIO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "min_id, max_id (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" "Límites de UID y GID para el dominio. Si un dominio contiene una entrada que " "está fuera de estos límites, ésta es ignorada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" "Para usuarios, esto afecta al límite primario GID. El usuario no será " "devuelto a NSS si bien la UID o el GID primario está fuera de rango. Para " "los miembros de grupos no primarios, aquellos que estén en rango serán " "reportados como en espera." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "enumerar (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" "Determina si un dominio puede ser enumerado. Este parámetro puede tener uno " "de los siguientes valores:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = Usuarios y grupos son enumerados" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = Sin enumeraciones para este dominio" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "Predeterminado: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" "Nota: Habilitar la enumeración tiene un impacto en el rendimiento moderado " "sobre SSSD mientras la enumeración está corriendo. Puede tomar varios " "minutos desde que SSSD ha arrancado hasta completar todas las enumeraciones. " "Durante este tiempo, las peticiones de información individuales irán " "directamente a LDAP, aunque puede ser lento, debido al pesado proceso de " "enumeración. Guardar un gran número de entradas en la cache después de " "completar la enumeración puede también ser intenso para la CPU puesto que " "las afiliaciones deben ser recalculadas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" "Mientras está corriendo la primera enumeración, peticiones para el usuario " "completo o listas de grupo pueden no devolver resultados hasta que se " "completen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" "Adicionalmente, la habilitación de la enumeración puede incrementar el " "tiempo necesario para detectar la desconexión de red, tanto como los tiempos " "de espera necesarios para asegurar que las búsquedas de enumeración se han " "completado. Para más información vea las páginas de manual para el " "específico id_provider en uso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" "Por las razones citadas arriba, no se recomienda habilitar la enumeración, " "especialmente en entornos grandes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 #, fuzzy #| msgid "subdomain_homedir (string)" msgid "subdomain_enumerate (string)" msgstr "subdomain_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "Predeterminado: none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" "Cuántos segundos debe considerar nss_sss como válidas las entradas antes de " "volver a consultar al backend" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "Predeterminado: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" "Cuantos segundos debería nss_sss considerar las entradas de usuario válidas " "antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "Por defecto: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" "Cuantos segundos debería nss_sss considerar las entradas de grupo válidas " "antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" "Cuantos segundos debería nss_sss considerar las entradas de grupo de red " "válidas antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" "Cuantos segundos debería nss_sss considerar las entradas de servicio válidas " "antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" "Cuantos segundos debería considerar las regulas sudo válidas antes de " "preguntar al backend otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" "Cuantos segundos deberá considerar el servicio autofs los mapas de " "automontaje válidos antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" "Determina si las credenciales del usuario están también escondidas en el " "cache LDB local" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" "Las credenciales de usuario son almacenadas en un hash SHA512, no en texto " "plano" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" "Entradas de números de días que son dejadas en el cache después del último " "login con éxito antes de ser borrado durante la limpieza de la cache. 0 " "significa mantener para siempre. El valor de este parámetro debe ser más " "grande o igual que offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "Predeterminado: 0 (ilimitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" "Por favor advierta que el servidor de backend tiene que suministrar " "información sobre la hora expiración de la contraseña. Si esta información " "está desaparecida, sssd no puede mostrar un aviso. También se tiene que " "configurar un proveedor de autorización para el backend." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "id_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" "El proveedor de identificación usado por el dominio. Los proveedores de ID " "soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "<quote>proxy</quote>: Soporta un proveedor NSS legado" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "<quote>local</quote>: Proveedor interno SSSD para usuarios locales" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" "<quote>ldap</quote>: Proveedor LDAP. Vea <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para más " "información sobre la configuración de LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" "<quote>ipa</quote>: Proveedor FreeIPA y Red Hat Enterprise Identity " "Management. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> para más información sobre la " "configuración de FreeIPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" "<quote>ad</quote>: Proveedor Active Directory. Vea <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> para más información sobre la configuración de Active " "Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" "Utiliza el nombre completo y el dominio (formateado en el formato " "nombre_completo de dominio) como el nombre de acceso del usuario reportado a " "NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" "Si es TRUE, todas las peticiones a este dominio deben usar nombres " "totalmente cualificados. Por ejemplo, si se usa en el dominio LOCAL que " "contiene un usuario “test”, <command>getent passwd test</command> no " "encontraría al usuario mientras que <command>getent passwd test@LOCAL</" "command> lo haría." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "No devuelve miembros de grupo para búsquedas de grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" "Si se fija a TRUE, el atributo de afiliación al grupo no es pedido desde el " "servidor ldap, y los miembros del grupo no son devueltos cuando procesa " "llamadas de búsqueda de grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "auth_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" "El proveedor de autenticación usado por el dominio. Los proveedores de " "autenticación soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> para autenticación nativa LDAP. Vea <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> para más información sobre la configuración LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" "<quote>krb5</quote> para autenticación Kerberos. Vea <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> para más información sobre la configuración de Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" "<quote>proxy</quote> para la reinstalación de la autenticación a algún otro " "objetivo PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> deshabilita la autenticación explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" "Por defecto: <quote>id_provider</quote> se usa si se ha fijado y puede " "manejar las peticiones de autenticación." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "access_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" "El proveedor de control de acceso usado por el dominio. Hay dos provedores " "de acceso integrados (además de cualquiera instalado en los finales). Los " "proveedores especiales internos son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" "<quote>permit</quote> siempre permite el acceso. Es el proveedor de acceso " "sólo permitido para un dominio local." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> siempre niega el acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" "<quote>simple</quote> control de acceso basado en listas de acceso o " "denegación. Vea <citerefentry> <refentrytitle>sssd-simple</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> para más información sobre la " "configuración del módulo de acceso sencillo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "Predeterminado: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "chpass_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" "El proveedor que debería manejar las operaciones de cambio de password para " "el dominio. Los proveedores de cambio de passweord soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> para cambiar una contraseña almacenada en un servidor " "LDAP. Vea <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> para más información sobre " "configurar LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" "<quote>krb5</quote> para cambiar una contraseña Kerberos. Vea <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> para más información sobre configurar Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" "<quote>proxy</quote> para la reinstalación de cambios de password en algunos " "otros objetivos PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" "<quote>none</quote> deniega explícitamente los cambios en la contraseña." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" "Por defecto: <quote>auth_provider</quote> se utiliza si se ha fijado y se " "puede manejar las peticiones de cambio de password." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "sudo_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> para reglas almacenadas en LDAP. Vea <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> para más información sobre la configuración LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote>deshabilita SUDO explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "selinux_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" "El proveedor que manejaría la carga de los ajustes selinux. Advierta que " "este proveedor será llamado justo después de que el proveedor de acceso " "finalice. Los proveedores selinux soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> para cargar ajustes selinux desde un servidor IPA. Vea " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> para más información sobre la configuración de " "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> deshabilita ir a buscar los ajustes selinux " "explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" "Por defecto: <quote>id_provider</quote> se usa si está fijado y puede " "manejar las peticiones de carga selinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "subdomains_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" "El proveedor que debería manejar el atractivo de subdominios. Este valor " "debería ser siempre el mismo que id_provider. Los proveedores de subdominio " "soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> para cargar una lista de subdominios desde un servidor " "IPA. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> para más información sobre la " "configuración de IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" "<quote>none</quote> deshabilita el buscador de subdominios explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "autofs_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" "El proveedor autofs usado por el dominio. Los proveedores autofs soportados " "son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> para cargar mapas almacenados en LDAP. Vea " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> para más información sobre la configuración de " "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> para cargar mapas almacenados en un servidor IPA. Vea " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> para más información sobre la configuración de " "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> deshabilita autofs explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "hostid_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" "El proveedor usado para recuperar información de identidad de host. Los " "proveedores de hostid soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> para cargar la identidad del equipo almacenada en un " "servidor IPA. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> para más información sobre la " "configuración de IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> deshabilita hostid explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" "Por defecto para el proveedor AD e IPA: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> que permite tres estilos diferentes de " "nombres de usuario:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "nombre de usuario" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "dominio/nombre_de_usuario" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" "Mientras los primeros dos corresponden al valor por defecto general el " "tercero se introduce para permitir una fácil integración de usuarios desde " "dominios Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" "Predeterminado: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</" "quote> que traduce al \"todo lo que hay hasta el signo <quote>@</quote> es " "el nombre, el dominio es el resto detrás de este signo\"" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" "POR FAVOR ADVIERTA: el soporte para subplantillas sin nombre único no está " "disponible en todas las plataformas (por ejemplo, RHEL5 y SLES10). Sólo las " "plataformas con la versión de libpcre 7 o superior pueden soportar las " "subplantillas sin nombre único." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" "POR FAVOR TENGA EN CUENTA ADEMAS: Versiones anteriores de libpcre sólo " "soportan la sintaxis Python (?P<name>) para identificar subpatrones." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Predeterminado: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "lookup_family_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" "Suministra la capacidad para seleccionar la familia de dirección preferente " "a usar cuando se lleven a cabo búsquedas DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "Valores soportados:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "Predeterminado: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" "Define la cantidad de tiempo (en segundos) para esperar una respuesta desde " "el DNS antes de asumir que es inalcanzable. Si se alcanza este tiempo de " "espera, el dominio continuará operativo en modo fuera de línea." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "Predeterminado: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" "Si el descubridor de servicio se usa en el punto final, especifica la parte " "de dominio de la pregunta al descubridor de servicio DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Predeterminado: Utilizar la parte del dominio del nombre de host del equipo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "override_gid (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "Anula el valor primario GID con el especificado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "case_sensitive (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" "Trata a los nombres de usuario y grupo como sensibles al teclado. En este " "momento, esta opción no está soportada en el proveedor local." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "Predeterminado: True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" "Cuando un usuario o grupo es buscado por nombre en el proveedor proxy, una " "segunda búsqueda por ID es llevada a cabo para “estandarizar” el nombre en " "el caso de que el nombre pedido fuera un alias. Fijando esta opción a true " "se causaría que SSSD lleve a cabo una búsqueda de ID desde el escondrijo por " "razones de rendimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" "Este valor puede ser anulado por la opción <emphasis>override_homedir</" "emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Por defecto: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Estas opciones de configuración pueden estar presentes en la sección " "configuración de dominio, esto es, en una sección llamada <quote>[domain/" "<replaceable>NAME</replaceable>]</quote> <placeholder type=\"variablelist\" " "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "El proxy de destino PAM próximo a." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" "Por defecto: no se fija por defecto, usted tiene que coger una configuración " "pam existente o crear una nueva y añadir el nombre de servicio aquí." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" "El nombre de la librería NSS para usar en los dominios proxy. Las funciones " "NSS buscadas dentro de la librería están el formato de _nss_$(libName)_" "$(function), por ejemplo _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" "Opciones válidas para dominios proxy. <placeholder type=\"variablelist\" id=" "\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "La sección de dominio local" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" "Esta sección contiene la configuración para dominio que almacena los " "usuarios y grupos en la base de datos SSSD nativa, es decir, un dominio que " "utiliza <replaceable>id_provider=local</replaceable>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "default_shell (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" "El shell predeterminado para los usuarios creados con herramientas de " "espacio de usuario SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "Predeterminado: <filename>/bin/bash</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "base_directory (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" "Las herramientas anexan el nombre de inicio de sesión para " "<replaceable>base_directory</replaceable> y utilizan éste como el directorio " "de inicio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "Predeterminado: <filename>/home</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "create_homedir (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" "Indica si se creará un directorio home por defecto para los nuevos usuarios. " "Puede ser anulado desde la línea de comando." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "Predeterminado: TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "remove_homedir (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" "Indica si el directorio home será borrado por defecto para los usuarios " "borrados. Puede ser anulado desde la línea de comando." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "homedir_umask (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" "Utilizado por <citerefentry><refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry> para especificar los permisos " "predeterminados en un directorio de inicio recién creado." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "Predeterminado: 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "skel_dir (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" "El directorio esqueleto, el cual contiene archivos y directorios a copiarse " "en el directorio principal del usuario, cuando se crea el directorio " "principal de <citerefentry><refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "Predeterminado: <filename>/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "mail_dir (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" "El directorio carreta de correo. Es necesario para manipular el buzón de " "correo cuando la cuenta de usuario correspondiente es modificada o borrada. " "Si no se especifica, se utiliza un valor por defecto." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "Predeterminado: <filename>/var/mail</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "userdel_cmd (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" "El comando que está corriendo después de que un usuario es borrado. El " "comando us para el nombre de usuario que está siendo borrado como primer y " "único parámetro. El código de retorno del comando no es tenido en cuenta." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "Predeterminado: None, no se ejecuta comando" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "EJEMPLO" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" "El siguiente ejemplo muestra una configuración SSSD típica. No describe la " "configuración de los dominios en si mismos – vea la documentación sobre la " "configuración de dominios para más detalles. <placeholder type=" "\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "sssd-ldap" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" "Esta página de manual describe la configuración de dominios LDAP para " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Vea la sección <quote>FILE FORMAT</quote> de la página de " "manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> para información detallada de la sintáxis." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "Puede configurar SSSD para usar más de un dominio LDAP." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" "El punto final de LDAP soporta proveedores de id, auth, acceso y chpass. Si " "usted desea autenticarse contra un servidor LDAP se requiere bien TLS/SSL o " "LDAPS. <command>sssd</command> <emphasis>no</emphasis> soporta autenticación " "sobre un canal no esncriptado. Si el servidor LDAP se usa sólo como un " "proveedor de identidad, no se necesita un canal encriptado. Por favor vea la " "opción de configuración <quote>ldap_access_filter</quote> para más " "información sobre la utilización de LDAP como proveedor de acceso." #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "OPCIONES DE CONFIGURACIÓN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" "Especifica una lista separada por comas de URIs del servidor LDAP al que " "SSSD se conectaría en orden de preferencia. Vea la sección " "<quote>CONMUTACIÓN EN ERROR</quote> para más información sobre la " "conmutación en error y la redundancia de servidor. Si no hay opción " "especificada, se habilita el descubridor de servicio. Para más información, " "vea la sección <quote>DESCUBRIDOR DE SERVICIOS</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" "El formato de la URI debe coincidir con el formato definido en RFC 2732:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" "Para direcciones IPv6 explícitas, <host> debe estar entre corchetes []" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "ejemplo: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" "Especifica la lista separada por comas de URIs de los servidores LDAP a los " "que SSSD se conectaría con el objetivo preferente de cambiar la contraseña " "de un usuario. Vea la sección <quote>FAILOVER</quote> para más información " "sobre failover y redundancia de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Para habilitar el servicio descubrimiento ldap_chpass_dns_service_name debe " "ser establecido." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Por defecto: vacio, esto es ldap_uri se está usando." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "ldap_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "El DN base por defecto que se usará para realizar operaciones LDAP de " "usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" "Desde SSSD 1.7.0, SSSD soporta múltiples bases de búsqueda usando la " "sintaxis:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "El alcance puede ser uno de “base”, “onlevel” o “subtree”." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" "El filtro debe ser un filtro de búsqueda LDAP válido como se especifica en " "http://www.ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "Ejemplos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" "ldap_search_base = dc=example,dc=com (que es equivalente a) ldap_search_base " "= dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" "Nota: No está soportado tener múltiples bases de búsqueda que se referencien " "a objetos nombrados idénticamente (por ejemplo, grupos con el mismo nombre " "en dos bases de búsqueda diferentes). Esto llevara a comportamientos " "impredecibles sobre máquinas cliente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" "Por defecto: no se fija, se usa el valor de los atributos " "defaultNamingContext o namingContexts de RootDSE del servidor LDAP usado. " "Si defaultNamingContext no existe o tiene un valor vacío se usa " "namingContexts. El atributo namingContexts debe tener un único valor con el " "DN de la base de búsqueda del servidor LDAP para hacer este trabajo. No se " "soportan múltiples valores." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "ldap_schema (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" "Especifica el Tipo de Esquema en uso en el servidor LDAP objetivo. " "Dependiendo del esquema seleccionado, los nombres de atributos por defecto " "que se recuperan de los servidores pueden variar. La manera en que algunos " "atributos son manejados puede también diferir." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "Cuatro tipos de esquema son actualmente soportados:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" "La principal diferencia entre estos tipos de esquemas es como las " "afiliaciones de grupo son grabadas en el servidor. Con rfc2307, los miembros " "de grupos son listados por nombre en el atributo <emphasis>memberUid</" "emphasis>. Con rfc2307bis e IPA, los miembros de grupo son listados por DN y " "almacenados en el atributo <emphasis>member</emphasis>. El tipo de esquema " "AD fija los atributos para corresponderse con los valores Active Directory " "2008r2." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "Predeterminado: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "El enlazador DN por defecto a usar para llevar a cabo operaciones LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "El tipo de ficha de autenticación del enlazador DN por defecto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "Los dos mecanismos actualmente soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "Por defecto: contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" "La ficha de autenticación del enlazador DN por defecto. Sólo se soportan " "actualmente password de texto claro." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "ldap_user_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "La clase de objeto de una entrada de usuario en LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "Predeterminado: posixAccount" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "ldap_user_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "" "El atributo LDAP que corresponde al nombre de inicio de sesión del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "Predeterminado: uid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "ldap_user_uid_number (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "El atributo LDAP que corresponde al id de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "Predeterminado: uidNumber" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "ldap_user_gid_number (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "El atributo LDAP que corresponde al id del grupo primario del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "Predeterminado: gidNumber" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "ldap_user_gecos (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "El atributo LDAP que corresponde al campo de gecos del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "Predeterminado: gecos" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "ldap_user_home_directory (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "" "El atributo LDAP que contiene el nombre del directorio principal del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "Predeterminado: homeDirectory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "ldap_user_shell (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" "El atributo LDAP que contiene la ruta de acceso a la shell predeterminada " "del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "Predeterminado: loginShell" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "ldap_user_uuid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" "El atributo LDAP que contiene el GUID/UUID de un objeto de usuario LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "Predeterminado: nsUniqueId" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "ldap_user_objectsid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" "El atributo LDAP que contiene el objectSID de un objeto usuario LDAP. Esto " "es normalmente sólo necesario para servidores ActiveDirectory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" "Por defecto: objectSid para ActiveDirectory, no fijado para otros servidores." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "ldap_user_modify_timestamp (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" "El atributo LDAP que contiene la fecha y hora de la última modificación del " "objeto primario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "Predeterminado: modifyTimestamp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "ldap_user_shadow_last_change (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" "Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " "de un atributo LDAP correspondiente a su <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> homologo (fecha del último cambio de password)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "Predeterminado: shadowLastChange" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "ldap_user_shadow_min (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" "Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " "de un atributo LDAP correspondiente a su <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> homologo (edad mínima del password)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "Predeterminado: shadowMin" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "ldap_user_shadow_max (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" "Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " "de un atributo LDAP correspondiente a su <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> homologo (edad máxima del password)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "Predeterminado: shadowMax" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "ldap_user_shadow_warning (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" "Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " "de un atributo LDAP correspondiente a su <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> homologo (período de aviso de password)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "Predeterminado: shadowWarning" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "ldap_user_shadow_inactive (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" "Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre " "de un atributo LDAP correspondiente a su <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> homologo (período de inactividad de password)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "Predeterminado: shadowInactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "ldap_user_shadow_expire (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" "Cuando se utiliza ldap_pwd_policy=shadow o " "ldap_account_expire_policy=shadow, este parámetro contiene el nombre de un " "atributo correspondiente con su <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> homólogo (fecha de " "expiración de la cuenta)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "Predeterminado: shadowExpire" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "ldap_user_krb_last_pwd_change (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" "Cuando se utiliza ldap_pwd_policy=mit_kerberos, este parámetro contiene el " "nombre de un atributo LDAP que almacena la fecha y la hora del último cambio " "de password en kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "Predeterminado: krbLastPwdChange" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "ldap_user_krb_password_expiration (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" "Cuando se utiliza ldap_pwd_policy=mit_kerberos, este parámetro contiene el " "nombre de un atributo LDAP que almacena la fecha y la hora en la que expira " "el password actual." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "Predeterminado: krbPasswordExpiration" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "ldap_user_ad_account_expires (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" "Cuando se utiliza ldap_account_expire_policy=ad, este parámetro contiene el " "nombre de un atributo LDAP que almacena el tiempo de expiración de la cuenta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "Predeterminado: accountExpires" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "ldap_user_ad_user_account_control (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" "Cuando se usa ldap_account_expire_policy=ad, este parámetro contiene el " "nombre de un atributo LDAP que almacena el campo bit de control de la cuenta " "de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "Predeterminado: userAccountControl" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "ldap_ns_account_lock (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" "Cuando se usa ldap_account_expire_policy=rhds o esquivalente, este parámetro " "determina si el acceso está permitido o no." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "Predeterminado: nsAccountLock" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "ldap_user_nds_login_disabled (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" "Cuando se usa ldap_account_expire_policy=nds, este atributo determina si el " "acceso está permitido o no." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "Predeterminado: loginDisabled" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "ldap_user_nds_login_expiration_time (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" "Cuando se usa ldap_account_expire_policy=nds, este atributo determina hasta " "que fecha se concede el acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "ldap_user_nds_login_allowed_time_map (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" "Cuando se utiliza ldap_account_expire_policy=nds, este atributo determina la " "hora de un día en la semana cuando se concede el acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "Predeterminado: loginAllowedTimeMap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "ldap_user_principal (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" "El atributo LDAP que contiene le Nombre Principal de Usuario Kerberos (UPN) " "del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "Predeterminado: krbPrincipalName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "ldap_user_ssh_public_key (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "El atributo LDAP que contiene las claves públicas SSH del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" "Algunos servidores de directorio, por ejemplo Active Directory, pueden " "entregar la parte real del UPN en minúsculas, lo que puede causar fallos de " "autenticación. Fije esta opción en un valor distinto de cero si usted desea " "usar mayúsculas reales." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" "Especifica cuantos segundos SSSD tiene que esperar antes de refrescar su " "escondrijo de los registros enumerados." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" "Determina la frecuencia de comprobación del cache para entradas inactivas " "(como grupos sin miembros y usuarios que nunca han accedido) y borrarlos " "para guardar espacio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" "Establecer esta opción en cero desactivará la operación de limpieza de la " "caché." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "Predeterminado: 10800 (12 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "ldap_user_fullname (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "El atributo LDAP que corresponde al nombre completo del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "Predeterminado: cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "ldap_user_member_of (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "El atributo LDAP que lista los afiliación a grupo de usario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "Predeterminado: memberOf" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "ldap_user_authorized_service (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" "Si access_provider=ldap y ldap_access_order=authorized_service, SSSD " "utilizará la presencia del atributo authorizedService en la entrada LDAP del " "usuario para determinar el privilegio de acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" "Una denegación explícita (¡svc) se resuelve primero. Segundo, SSSD busca " "permiso explícito (svc) y finalmente permitir todo (*)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "Predeterminado: iluminada" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "ldap_user_authorized_host (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" "Si access_provider=ldap y ldap_access_order=host, SSSD utilizará la " "presencia del atributo host en la entrada LDAP del usuario para determinar " "el privilegio de acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" "Una denegación explícita (¡host) se resuelve primero. Segundo, la búsqueda " "SSSD para permiso explícito (host) y finalmente permitir todo (*)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "Default: host" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "ldap_group_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "La clase de objeto de una entrada de grupo LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "Por defecto: posixGroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "ldap_group_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "El atributo LDAP que corresponde al nombre de grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "ldap_group_gid_number (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "El atributo LDAP que corresponde al id del grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "ldap_group_member (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "El atributo LDAP que contiene los nombres de los miembros del grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "ldap_group_uuid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "El atributo LDAP que contiene el UUID/GUID de un objeto de grupo LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "ldap_group_objectsid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" "El atributo LDAP que contiene el objectSID de un objeto grupo LDAP. Esto es " "normalmente sólo necesario para servidores ActiveDirectory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "ldap_group_modify_timestamp (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_group_type (integer)" msgstr "ldap_opt_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 #, fuzzy #| msgid "The LDAP attribute that contains the names of the group's members." msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "El atributo LDAP que contiene los nombres de los miembros del grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" "Si ldap_schema está fijado en un formato de esquema que soporte los grupos " "anidados (por ejemplo, RFC2307bis), entonces esta opción controla cuantos " "niveles de anidamiento seguirá SSSD. Este opción no tiene efecto en el " "esquema RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "Predeterminado: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "ldap_groups_use_matching_rule_in_chain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" "Esta opción le dice a SSSD como tomar ventajar de una función específica de " "Active Directory que puede acelerar las operaciones de búsqueda de grupo son " "despliegues con grupos complejos o profundamente anidados." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" "En los casos más comunes, es mejor dejar esta opción deshabilitada. " "Generalmente sólo suministra un incremento de rendimiento en anidamientos " "muy complejos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" "Si esta opción está habilitada, SSSD la usará si detecta que el servidor la " "soporta durante la conexión inicial. De modo que “True” aquí significa " "esencialmente “auto-detect”." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" "Nota: Esta función se sabe que actualmente trabajo sólo con Active Directory " "2008 R1 y posteriores. Vea <ulink url=\"http://msdn.microsoft.com/en-us/" "library/windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) " "documentation</ulink> para más detalles." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "Por defecto: False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "ldap_initgroups_use_matching_rule_in_chain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" "Esta opción le dice a SSSD que tome ventaja de una función específica de " "Active Directory que puede acelerar las operaciones de inicio de grupo (más " "notable cuando se trata con grupos complejos o profundamente anidados)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "ldap_netgroup_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "La clase de objeto de una entrada netgroup en LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "En proveedor IPA, ipa_netgroup_object_class, se usaría en su lugar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "Predeterminado: nisNetgroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "ldap_netgroup_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "El atributo LDAP que corresponde al nombre del netgroup." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "Un proveedor IPA, ipa_netgroup_name sería usado en su lugar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "ldap_netgroup_member (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" "El atributo LDAP que contiene los nombres de los miembros de grupo de red." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "Un proveedor IPA, ipa_netgroup_member sería usado en su lugar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "Predeterminado: memberNisNetgroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "ldap_netgroup_triple (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" "El atributo LDAP que contiene los (host, usuario, dominio) triples de grupo " "de red." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "Esta opción no está disponible en el proveedor IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "Predeterminado: nisNetgroupTriple" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "ldap_netgroup_uuid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" "El atributo LDAP que contiene el UUID/GUID de un objeto de grupo de red LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "Un proveedor IPA ipa_netgroup_uuid sería usado en su lugar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "ldap_netgroup_modify_timestamp (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "ldap_service_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "La clase objeto de una entrada de servicio en LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "Por defecto: ipService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "ldap_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" "El atributo LDAP que contiene el nombre de servicio de atributos y sus alias." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "ldap_service_port (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "El atributo LDAP que contiene el puerto manejado por este servicio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "Por defecto: ipServicePort" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "ldap_service_proto (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "" "El atributo LDAP que contiene los protocolos entendidos por este servicio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "Por defecto: ipServiceProtocol" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" "Especifica el tiempo de salida (en segundos) que la búsqueda ldap está " "permitida para correr antes que de quea cancelada y los resultados " "escondidos devueltos (y se entra en modo fuera de línea)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" "Nota: esta opción será sujeto de cambios en las futuras versiones del SSSD. " "Probablemente será sustituido en algunos puntos por una serie de tiempos de " "espera para tipos específicos de búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" "Especifica el tiempo de espera (en segundos) en los que las búsquedas ldap " "de enumeraciones de usuario y grupo están permitidas de correr antes de que " "sean canceladas y devueltos los resultados escondidos (y se entra en modo " "fuera de línea)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" "Especifica el tiempo de salida (en segudos) después del cual <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> siguiendo un <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> vuelve en caso de no actividad." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" "Especifica un tiempo de salida (en segundos) después del cual las llamadas a " "APIs síncronos LDAP se abortarán si no se recibe respuesta. También controla " "el tiempo de salida cuando se está comunicando con el KDC en el caso del " "enlazador SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" "Especifica un tiempo de espera (en segundos) en el que se mantendrá una " "conexión a un servidor LDAP. Después de este tiempo, la conexión será " "restablecida. Si su usa en paralelo con SASL/GSSAPI, se usará el valor más " "temprano (este valor contra el tiempo de vida TGT)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "Predeterminado: 900 (15 minutos)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" "Especifica el número de registros a recuperar desde una única petición LDAP. " "Algunos servidores LDAP hacen cumplir un límite máximo por petición." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "Predeterminado: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" "Deshabilita el control de paginación LDAP. Esta opción se debería usar si el " "servidor LDAP reporta que soporta el control de paginación LDAP en sus " "RootDSE pero no está habilitado o no se comporta apropiadamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" "Ejemplo: los servidores OpenLDAP con el módulo de control de paginación " "instalado sobre el servidor pero no habilitado lo reportarán en el RootDSE " "pero es incapaz de usarlo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" "Ejemplo: 389 DS tiene un bug donde puede sólo soportar un control de " "paginación a la vez en una única conexión. Sobre clientes ocupados, esto " "puede ocasionar que algunas peticiones sean denegadas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" "Cuando se está comunicando con un servidor LDAP usando SASL, especifica el " "nivel de seguridad mínimo necesario para establecer la conexión. Los valores " "de esta opción son definidos por OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "Por defecto: Usa el sistema por defecto (normalmente especificado por ldap." "conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" "Especifica el número de miembros del grupo que deben estar desaparecidos " "desde el escondrijo interno con el objetivo de disparar una búsqueda " "deference. Si hay menos miembros desaparecidos, se buscarán individualmente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" "Usted puede quitar las búsquedas dereference completamente fijando el valor " "a 0." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" "Una búsqueda dereference es un medio de descargar todos los miembros del " "grupo en una única llamada LDAP. Servidores diferentes LDAP pueden " "implementar diferentes métodos dereference. Los servidores actualmente " "soportados son 389/RHDS, OpenLDAP y Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" "<emphasis>Nota:</emphasis> Si alguna de las bases de búsqueda especifica un " "filtro de búsqueda, la mejora del rendimiento de la búsqueda dereference " "será deshabilitado sin tener en cuenta este ajuste." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" "Especifica que comprobaciones llevar a cabo sobre los certificados del " "servidor en una sesión TLS, si las hay. Puede ser especificado como uno de " "los siguientes valores:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" "<emphasis>never</emphasis> = El cliente no pedirá o comprobará ningún " "certificado de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" "<emphasis>allow</emphasis> = Se pide el certificado del servidor. Si no se " "suministra certificado, la sesión sigue normalmente. Si se suministra un " "certificado malo, será ignorado y la sesión continua normalmente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" "<emphasis>try</emphasis> = Se pide el certificado del servidor. Si no se " "suministra certificado, la sesión continua normalmente. Si se suministra un " "certificado malo, la sesión se termina inmediatamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" "<emphasis>demand</emphasis> = Se pide el certificado del servidor. Si no se " "suministra certificado, o se suministra un certificado malo, la sesión se " "termina inmediatamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "Predeterminado: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" "Especifica el fichero que contiene los certificados de todas las Autoridades " "de Certificación que <command>sssd</command> reconocerá." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" "Por defecto: use los valores por defecto OpenLDAP, normalmente en <filename>/" "etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" "Especifica la ruta de un directorio que contiene los certificados de las " "Autoridades de Certificación en ficheros individuales separados. Normalmente " "los nombres de fichero necesita ser el hash del certificado seguido por " "‘.0’. si esta disponible <command>cacertdir_rehash</command> puede ser usado " "para crear los nombres correctos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" "Especifica el fichero que contiene el certificado para la clave del cliente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "Especifica el archivo que contiene la clave del cliente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" "Especifica los conjuntos aceptables de cifrado. Normalmente es una lista " "separada por dos puntos. Vea el formato en <citerefentry><refentrytitle>ldap." "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" "Especifica que la id_de proveedor de la conexión debe también utilizar " "<systemitem class=\"protocol\">tls</systemitem> para proteger el canal." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" "Especifica que SSSD intentaría mapear las IDs de usuario y grupo desde los " "atributos ldap_user_objectsid y ldap_group_objectsid en lugar de apoyarse en " "ldap_user_uid_number y ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" "Especifica el mecanismo SASL a emplear. Actualmente sólo GSSAPI está " "probado y soportado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" "Especifica la id de autorización SASL a usar. Cuando se usa GSSAPI, esto " "representa el Kerberos principal usado para autenticación al directorio. " "Esta opción puede contener el principal completo (por ejemplo host/" "myhost@EXAMPLE.COM) o sólo en nombre principal (por ejemplo host/myhost)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "Por defecto: host/nombre_de_host@REALM" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" "Especifica el reino SASL a usar. Cuando no se especifica, esta opción se " "pone por defecto al valor de krb5_realm. Si ldap_sasl_authid contiene el " "reino también, esta opción se ignora." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "Por defecto: el valor de krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" "Si se fija en true, la librería LDAP llevaría a cabo una búsqueda inversa " "para para canocalizar el nombre de host durante una unión SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "Predeterminado: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "Especifica la keytab a usar cuando se utilice SASL/GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</" "filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" "Especifica la id de proveedor que iniciaría las credenciales Kerberos (TGT). " "Esta acción se lleva a cabo sólo si SASL se usa y el mecanismo seleccionado " "es GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "Especifica el tiempo de vida en segundos del TGT si se usa GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "Predeterminado: 86400 (24 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" "Especifica una lista separada por comas de direcciones IP o nombres de host " "de los servidores Kerberos a los cuales se conectaría SSSD en orden de " "preferencia. Para más información sobre failover y redundancia de servidor, " "vea la sección <quote>FAILOVER</quote>. Un número de puerto opcional " "(precedido de dos puntos) puede ser añadido a las direcciones o nombres de " "host. Si está vacío, el servicio descubridor está habilitado – para más " "información, vea la sección <quote>SERVICE DISCOVERY</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" "Cuando se utiliza el servicio descubiertos para servidores KDC o kpasswd, " "SSSD primero busca entradas DNS que especifiquen _udop como protocolo y " "regresa a _tcp si no se encuentra nada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" "Este opción se llamaba <quote>krb5_kdcip</quote> en las revisiones más " "tempranas de SSSD. Mientras el legado de nombre se reconoce por el tiempo " "que sea, los usuarios son advertidos para migrar sus ficheros de " "configuración para usar <quote>krb5_server</quote> en su lugar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "Especifica el REALM Kerberos (para autorización SASL/GSSAPI)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" "Especifica si el host principal sería estandarizado cuando se conecte a un " "servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" "Seleccione la política para evaluar la caducidad de la contraseña en el lado " "del cliente. Los siguientes valores son permitidos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" "<emphasis>none</emphasis> - Sin evaluación en el lado cliente. Esta opción " "no puede deshabilitar las políticas de password en el lado servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" "<emphasis>shadow</emphasis> - Usa los atributos de estilo " "<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> para evaluar si la contraseña ha expirado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" "<emphasis>mit_kerberos</emphasis> - Usa los atributos utilizados por MIT " "Kerberos para determinar si el password ha expirado. Use " "chpass_provider=krb5 para actualizar estos atributos cuando se cambia el " "password." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" "Especifica si el seguimiento de referencias automático debería ser " "habilitado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" "Por favor advierta que sssd sólo soporta seguimiento de referencias cuando " "está compilado con OpenLDAP versión 2.4.13 o más alta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" "Al perseguir referencia se puede incurrir en una penalización de rendimiento " "en entornos que lo usen pesadamente, un ejemplo notable es Microsoft Active " "Directory. Si su ajuste no requieren de hecho el uso de referencias, fijar " "esta opción a false le llevará a una notable mejora de rendimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Especifica el nombre del servicio para utilizar cuando está habilitado el " "servicio de descubrimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "Predeterminado: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" "Especifica el nombre del servicio para utilizar al buscar un servidor LDAP " "que permita cambios de contraseña cuando está habilitado el servicio de " "descubrimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" "Especifica si actualizar el atributo ldap_user_shadow_last_change con días " "desde el Epoch después de una operación de cambio de contraseña." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 #, fuzzy #| msgid "" #| "If using access_provider = ldap and ldap_access_order = filter (default), " #| "this option is mandatory. It specifies an LDAP search filter criteria " #| "that must be met for the user to be granted access on this host. If " #| "access_provider = ldap, ldap_access_order = filter and this option is not " #| "set, it will result in all users being denied access. Use " #| "access_provider = permit to change this default behavior." msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" "Si se usa access_provider = ldap and ldap_access_order = filter (por " "defecto), esta opción es obligatoria. Especifica un criterio de filtro de " "búsqueda LDAP que debe ser encontrado para que el usuario obtenga acceso en " "este host. Si access_provider = ldap, ldap_access_order = filter y esta " "opción no está fijada, resultará que se denegará el acceso a todos los " "usuarios. Use access_provider = permit para cambiar este comportamiento por " "defecto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "Ejemplo:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, fuzzy, no-wrap #| msgid "" #| "access_provider = ldap\n" #| "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n" #| " " msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" "access_provider = ldap\n" "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 #, fuzzy #| msgid "" #| "This example means that access to this host is restricted to members of " #| "the \"allowedusers\" group in ldap." msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" "Este ejemplo significa que el acceso a este host está restringido a miembros " "del grupo “allowedusers” en ldap." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" "El escondrijo fuera de línea para esta característica está limitado a " "determinar si el último login en línea del usuario alcanzó permiso de " "acceso. Si les fue concedido acceso durante su último login, continuará " "obteniendo acceso mientras esté fuera de línea y viceversa." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "Predeterminado: vacío" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" "Con esta opción pueden ser habilitados los atributos de evaluación de " "control de acceso del lado cliente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" "Por favor advierta que siempre se recomienda utilizar el control de acceso " "del lado servidor, esto es el servidor LDAP denegaría petición de enlace con " "una código de error definible aunque el password sea correcto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "Los siguientes valores están permitidos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" "<emphasis>shadow</emphasis>: usa el valor de ldap_user_shadow_expire para " "determinar si la cuenta ha expirado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" "<emphasis>ad</emphasis>: usa el valor del campo de 32 bit " "ldap_user_ad_user_account_control y permite el acceso si el segundo bit no " "está fijado. Si el atributo está desaparecido se concede el acceso. También " "se comprueba el tiempo de expiración de la cuenta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: usa el valor de ldap_ns_account_lock para comprobar si se permite " "el acceso o no." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" "<emphasis>nds</emphasis>: los valores de " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled y " "ldap_user_nds_login_expiration_time se usan para comprobar si el acceso está " "permitido. Si ambos atributos están desaparecidos se concede el acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "ldap_access_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Lista separada por coma de opciones de control de acceso. Los valores " "permitidos son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" "<emphasis>authorized_service</emphasis>: utilizar el atributo " "autorizedService para determinar el acceso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: usa el atributo host para determinar el acceso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "Predeterminado: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" "Tenga en cuenta que es un error de configuración si un valor es usado más de " "una vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "ldap_deref (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" "Especifica cómo se hace la eliminación de referencias al alias cuando se " "lleva a cabo una búsqueda. Están permitidas las siguientes opciones:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" "<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" "<emphasis>searching</emphasis>: Las referencias al alias son eliminadas en " "subordinadas del objeto base, pero no en localización del objeto base de la " "búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" "<emphasis>finding</emphasis>: Sólo se eliminarán las referencias a alias " "cuando se localice el objeto base de la búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" "<emphasis>always</emphasis>: Las referencias al alias se eliminarán tanto " "para la búsqueda como en la localización del objeto base de la búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" "Por defecto: Vacío (esto es manejado como <emphasis>nunca</emphasis> por las " "librerías cliente LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" "Permite retener los usuarios locales como miembros de un grupo LDAP para " "servidores que usan el esquema RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" "En algunos entornos donde se usa el esquema RFC2307, los usuarios locales " "son hechos miembros de los grupos LDAP añadiendo sus nombres al atributo " "memberUid. La autoconsistencia del dominio se ve comprometida cuando se hace " "esto, de modo que SSSD debería normalmente quitar los usuarios " "“desparecidos” de las afiliaciones a grupos escondidas tan pronto como " "nsswitch intenta ir a buscar información del usuario por medio de las " "llamadas getpw*() o initgroups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" "Esta opción cae de nuevo en comprobar si los usuarios locales están " "referenciados, y los almacena en caché de manera que más tarde las llamadas " "initgroups() aumentará los usuarios locales con los grupos LDAP adicionales." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" "Todas las opciones de configuración comunes que se aplican a los dominios " "SSSD también se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN " "SECTIONS</quote> de la página de manual <citerefentry> <refentrytitle>sssd." "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para detalles " "completos. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "OPCIONES SUDO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "ldap_sudorule_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "El objeto clase de una regla de entrada sudo en LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "Por defecto: sudoRole" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "ldap_sudorule_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "El atributo LDAP que corresponde a la regla nombre de sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "ldap_sudorule_command (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "El atributo LDAP que corresponde al nombre de comando." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "Por defecto: sudoCommand" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "ldap_sudorule_host (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" "El atributo LDAP que corresponde al nombre de host (o dirección IP del host, " "red IP del host o grupo de red del host)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "Por defecto: sudoHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "ldap_sudorule_user (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" "El atributo LDAP que corresponde al nombre de usuario (o UID. nombre de " "grupo o grupo de red del usuario)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "Por defecto: sudoUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "ldap_sudorule_option (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "El atributo LDAP que corresponde a las opciones sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "Por defecto: sudoOption" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "ldap_sudorule_runasuser (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" "El atributo LDAP que corresponde al nombre de usuario que los comandos " "pueden ejecutar como." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "Por defectot: sudoRunAsUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "ldap_sudorule_runasgroup (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" "El atributo LDAP que corresponde al nombre de grupo o GID de grupo que puede " "ejecutar comandos como." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "Por defecto: sudoRunAsGroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "ldap_sudorule_notbefore (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" "El atributo LDAP que corresponde al inicio de fecha/hora para cuando la " "regla sudo es válida." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "Por defecto: sudoNotBefore" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "ldap_sudorule_notafter (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" "El atributo LDAP que corresponde a la fecha/hora final, después de la cual " "la regla sudo dejará de ser válida." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "Por defecto: sudoNotAfter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "ldap_sudorule_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "El atributo LDAP que corresponde al índice de ordenación de la regla." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "Por defecto: sudoOrder" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" "Cuantos segundos esperará SSSD entre ejecutar un refresco total de las " "reglas sudo (que descarga todas las reglas que están almacenadas en el " "servidor)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" "El valor debe ser mayor que <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "Por defecto: 21600 (6 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" "Cuantos segundos tiene que esperar SSSD antes de ejecutar una actualización " "inteligente de las reglas sudo (que descarga todas las reglas que tienen " "USBN más alto que el USN más alto de las reglas escondidas)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" "Si los atributos USN no se soportan por el servidor, se usa en su lugar el " "atributo modifyTimestamp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" "Si es true, SSSD descargará sólo las reglas que son aplicables a esta " "máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" "Lista separada por espacios de nombres de host o nombres de dominio " "totalmente cualificados que sería usada para filtrar las reglas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" "Si esta opción está vacía, SSSD intentará descubrir el nombre de host y el " "nombre de dominio totalmente cualificado automáticamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" "Si <emphasis>ldap_sudo_use_host_filter</emphasis> es <emphasis>false</" "emphasis> esta opción no tiene efecto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "Por defecto: no especificado" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" "Lista separada por espacios de direcciones de host/red IPv4 o IPv6 que sería " "usada para filtrar las reglas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" "esta opción está vacía, SSSD intentará descrubrir las direcciones " "automáticamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "sudo_include_netgroups (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" "Si está a true SSSD descargará cada regla que contenga un grupo de red en el " "atributo sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" "Si es verdad SSSD descargará cada regla que contenga un comodín en el " "atributo sudoHost." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" "Esta página de manual sólo describe el atributo de nombre mapping. Para una " "explicación detallada de la semántica del atributo relacionada con sudo, vea " "<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "OPCIONES AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" "Por favor advierta que los valores por defecto corresponden al esquema por " "defecto del RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "ldap_autofs_map_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "El objeto clase de una entrada de mapa de automontaje en LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "Por defecto: automountMap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "ldap_autofs_map_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "El nombre de una entrada de mapa de automontaje en LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "Por defecto: ou" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "ldap_autofs_entry_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "ldap_autofs_entry_key (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" "La clave de una entrada de automontaje en LDAP. La entrada corresponde " "normalmente a un punto de montaje." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "ldap_autofs_entry_value (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "Por defecto: automountInformation" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "OPCIONES AVANZADAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "ldap_user_search_filter (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" "Esta opción especifica un criterio de filtro de búsqueda LDAP adicional que " "restringe las búsquedas del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" "Esta opción está <emphasis>obsoleta</emphasis> en favor de la sintaxis " "utilizada por ldap_user_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" "Este filtro restringiría las búsquedas del usuario a los usuario que tengan " "su shell fijado en /bin/tcsh." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "ldap_group_search_filter (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" "Esta opción especifica un criterio de filtro de búsqueda LDAP adicional que " "restringe las búsquedas de grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" "Esta opción está <emphasis>obsoleta</emphasis> en favor de la sintaxis " "utilizada por ldap_user_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Estas opciones son soportadas por los dominios LDAP, pero sólo deberían ser " "utilizadas con precaución. Por favor inclúyalas en su configuración sólo si " "usted sabe lo que está haciendo. <placeholder type=\"variablelist\" id=\"0\"/" ">" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" "El siguiente ejemplo asume que SSSS está configurado correctamente y LDAP " "está fijado a uno de los dominios de la sección <replaceable>[domains]</" "replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTAS" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" "Las descripciones de algunas de las opciones de configuración en esta página " "de manual están basadas en la página de manual <citerefentry> " "<refentrytitle>ldap.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> de la distribución OpenLDAP 2.4." #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "pam_sss" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "Módulo PAM para SSSD" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 #, fuzzy #| msgid "" #| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> " #| "</arg>" msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" "<command>pam_sss.so</command> es la interfaz PAM para el demonio Servicios " "de Seguridad de Sistema (SSSD). Los errores y resultados son registrados a " "través de <command>syslog(3)</command> con la facilidad LOG_AUTHPRIV." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "<option>quiet</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "Suprime el registro de mensajes de usuarios desconocidos." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" "Si <option>forward_pass</option> está fijada el password introducido se pone " "en la pila para que lo usen otros módulos PAM." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "<option>use_first_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" "El argumento use_first_pass fuerza al módulo a usar un módulo de password " "apilado previamente y nunca preguntará al usuario - si no hay password " "disponible o el password no es apropiado, se denegará el acceso al usuario." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "<option>use_authtok</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" "Cuando cambia el password fuerza al módulo a fijar el nuevo password a uno " "suministrado por un módulo de password previamente apilado." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "<option>retry=N</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" "Si el usuario especificado es preguntado N veces por un password si la " "autenticación falla. Por defecto es 0." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" "Por favor advierta que esta opción puede no trabajar como se espera llamando " "PAM a manejar el diálogo de usuario por el mismo. Un ejecplo típico es " "<command>sshd</command> con <option>PasswordAuthentication</option>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 #, fuzzy #| msgid "<option>forward_pass</option>" msgid "<option>ignore_unknown_user</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "TIPOS DE MÓDULOS SUMINISTRADOS" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" "Todos los tipos de módulos (<option>account</option>, <option>auth</option>, " "<option>password</option> y <option>session</option>) son suministrados." #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "ARCHIVOS" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" "Si un password se resetea por un fallo de root, como el correspondiente " "proveedor SSSD no soporta el reseteo de password, se puede mostrar un " "mensaje individual. Este mensaje puede, por ejemplo, contener instrucciones " "sobre como resetear un password." #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" "El mensaje se lee desde el fichero <filename>pam_sss_pw_reset_message.LOC</" "filename> donde LOC destaca una cadena de lugar devuelta por <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. Si no hay fichero coincidente se muestra el contenido de " "<filename>pam_sss_pw_reset_message.txt</filename>. Root debe ser el " "propietario de los ficheros y sólo root puede tener permisos de lectura y " "escritura mientras que todos los demás usuarios sólo tienen permisos de " "lectura." #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" "Estos ficheros son buscados en el directorio <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. Si no hay archivos coincidentes se muestra un " "mensaje genérico." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "sssd_krb5_locator_plugin" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 #, fuzzy #| msgid "" #| "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> " #| "is used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" #| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the " #| "Kerberos libraries what Realm and which KDC to use. Typically this is " #| "done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> " #| "<manvolnum>5</manvolnum> </citerefentry> which is always read by the " #| "Kerberos libraries. To simplify the configuration the Realm and the KDC " #| "can be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " #| "<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> " #| "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" #| "citerefentry>" msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" "El plugin localizador Kerberos <command>sssd_krb5_locator_plugin</command> " "se usa por el proveedor Kerberos de <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> para decir a las " "librerías Kerberos que Reino y que KDC usar. Normalmente esto se hace en " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> que es siempre leído por las librerías Kerberos. " "Para simplificar la configuración del Reino y el KDC puede ser definido en " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> como se describe en <citerefentry> " "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> pone el Reino y el nombre o dirección IP del KDC en las " "variables de entorno SSSD_KRB5_REALM y SSSD_KRB5_KDC respectivamente. Cuando " "<command>sssd_krb5_locator_plugin</command> es llamado por las librerías " "kerberos lee y evalúa estas variables y se las devuelve a las librerías." #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" "No todas las implementaciones Kerberos soportan el uso de plugins. Si " "<command>sssd_krb5_locator_plugin</command> no está disponible en su sistema " "usted tiene que editar /etc/krb5.conf para reflejar sus ajustes Kerberos." #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" "Si la variable de entorno SSSD_KRB5_LOCATOR_DEBUR está fijada a cualquier " "valor los mensajes de depuración se enviarán a stderr." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "sssd-simple" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" "el fichero de configuración para en proveedor de control de acceso 'simple' " "de SSSD" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" "Esta página de manual describe la configuración del proveedor de control de " "acceso simple para <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. Para una referencia detallada de " "sintaxis, vea la sección <quote>FILE FORMAT</quote> de la página de manual " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" "El proveedor de acceso simple otorga o deniega el acceso en base a una lista " "de acceso o denegación de usuarios o grupo de nombres. Se aplican las " "siguientes reglas:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "Si todas las listas están vacías, se concede acceso" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" "Si se ha suministrado alguna lista, el orden de evaluación es permitir," "denegar. Esto significa que cualquier regla de denegación será saltada por " "cualquier regla de permiso coincidente." #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" "Si una o ambas listas de \"permiso\" se suministran, todos los usuarios " "serán denegados a no ser que aparezcan en la lista." #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" "Si sólo se suministran listas de \"denegación\", todos los usuarios " "obtendran acceso a no ser que aparezcan en la lista." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "simple_allow_users (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "Lista separada por comas de usuarios a los está permitido el acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "simple_deny_users (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" "Lista separada por comas de usuarios a los que explicítamente se les deniega " "el acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "simple_allow_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" "Lista separada por comas de grupos que tienen permitido el acceso. Esto se " "aplica sólo a los grupos dentro del dominio SSSD. Los grupos locales no " "serán evaluados." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "simple_deny_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" "Lista separada por comas de grupos a los que explicítamente se les deniega " "el acceso. Esto se aplica sólo a los grupos dentro del dominio SSSD. Los " "grupos locales no serán evaluados." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Vea la sección <quote>DOMAIN SECTIONS</quote> de la página de manual " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> para detalles sobre la configuración de un " "dominio SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" "No especificando valores para ninguna de las listas es equivalente a " "saltarle totalmente. Tenga cuidado de esto mientras genera parámetros para " "el simple proveedor usando secuencias de comandos automatizadas." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" "Por favor advierta que es un error de configuración si tanto, " "simple_allow_users como simple_deny_user, están definidos." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" "El siguiente ejemplo asume que SSSD está correctamente configurado y example." "com es uno de los dominios en la sección <replaceable>[sssd]</replaceable>. " "Este ejemplo muestra sólo las opciones específicas del proveedor de acceso " "simple." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "sssd-ipa" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "Este página de manual describe la configuración del proveedor IPA para " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Para una referencia de sintaxis detalladas, vea la sección " "<quote>FILE FORMAT</quote> de la página de manual <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" "El proveedor IPA es un back end usado para conectar a un servidor IPA. (Vea " "el sitio web freeipa.org para información sobre los servidores IPA). Este " "proveedor requiere que la máquina este unido al dominio IPA; la " "configuración es casi enteramente auto descubierta y obtenida directamente " "del servidor." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" "El proveedor IPA acepta las mismas opciones usadas por el proveedor de " "identidad <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> y el proveedor de autenticación " "<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> con algunas excepciones descritas abajo." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" "Sin embargo, ni es necesario ni está recomendado fijar estas opciones. El " "proveedor IPA también puede ser usado como proveedor de acceso y cambio de " "contraseña. Como proveedor de acceso usa reglas HBAC (control de acceso " "basado en el host). Por favor vea freeipa.org para más información sobre " "HBAC. No se requiere configuración del proveedor de acceso en el lado " "cliente." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" "El porveedor IPA usara el respondedor PAC si las entradas Kerberos de los " "usuario de reinos confiables contienen un PAC. Para hacer la configuración " "más fácil el respondedor PAC es iniciado automáticamente si la ID del " "proveedor IPA está configurada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "ipa_domain (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" "Especifica el nombre del dominio IPA. Esto es opcional. Si no se suministra, " "se usa el nombre de configuración del dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "ipa_server, ipa_backup_server (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" "La lista separada por comas de direcciones IP o nombres de host de los " "servidores IPA a los que SSSD se conectaría en orden de preferencia. Para " "más información sobre conmutación en error y redundancia de servidores, vea " "la sección <quote>FAILOVER</quote>. Esto es opcional si autodiscovery está " "habilitado. Para más información sobre el servicio descubridor, vea la " "sección <quote>SERVICE DISCOVERY</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "ipa_hostname (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" "Opcional. Puede ser fijado en máquinas donde hostname(5) no refleja el " "nombre totalmente cualificado usado en el dominio IPA para identificar este " "host." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" "NOTA: Sobre sistemas más antiguos (como RHEL 5), para que este " "comportamiento trabaje fiablemente, el reino por defecto Kerberos debe ser " "fijado apropiadamente en /etc/krb5.conf" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "Por defecto: 1200 (segundos)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "Predeterminado: Utilizar la dirección IP de la conexión IPA LDAP" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC " "relacionados." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "Predeterminado: Utilizar DN base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "Opcional. Usa la cadena dada como base de búsqueda para objetos host." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" "Vea <quote>ldap_search_base</quote> para información sobre la configuración " "de múltiples bases de búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" "Si se dan filtros en alguna base de búsqueda y " "<emphasis>ipa_hbac_support_srchost</emphasis> está fijado a False, el filtro " "será ingnorado." #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (cadena)Opcional. " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Opcional. Usa la cadena dada como base de búsqueda para los mapas de usuario " "SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Opcional: Usa la cadena dada como base de búsqueda de dominios de confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Por defecto: el valor de <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Opcional: Usa la cadena dada como base de búsqueda para el objeto maestro de " "dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "Por defecto: el valor de <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "krb5_validate (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" "Verifica con la ayuda de krb5_keytab que el TGT obtenido no ha sido burlado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" "Advierta que este valor por defecto difiere del proveedor back end " "tradicional de Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" "El nombre del reino Kerberos. Esto es opcional y por defecto está al valor " "de <quote>ipa_domain</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" "El nombre del reino Kerberos tiene un significado especial en IPA – es " "convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" "Especifica si el host y el usuario principal deberían ser estandarizados " "cuando se conecten a IPA LDAP y también para peticiones AS. Esta función " "está disponible con MIT Kerberos >= 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "krb5_use_fast (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" "Habilita la autenticación segura flexible de los túneles (FSAT) para la pre-" "autenticación Kerberos. Se soportan las siguientes opciones:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 #, fuzzy #| msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgid "<emphasis>never</emphasis> use FAST." msgstr "" "<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 #, fuzzy #| msgid "Default: true" msgid "Default: try" msgstr "Predeterminado: true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" "La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor " "IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay " "muchas peticiones de control de acceso hechas en un corto período." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "Predeterminado: 5 (segundos)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" "La cantidad de tiempo entre búsquedas de los mapas SELinux contra el " "servidor IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si " "hay muchas peticiones de acceso de usuario hechas en un corto período." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "ipa_hbac_treat_deny_as (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" "Esta opción especifica cómo tratar las reglas HBAC tipo DENY obsoletas. A " "partir de FreeIPA v2.1, las reglas DENY no están soportadas en el servidor. " "Todos los usuario de FreeIPA necesitarán migrar sus reglas para usar sólo " "las reglas ALLOW. El cliente soportará dos modos de operación durante este " "período de transición:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" "<emphasis>DENY_ALL</emphasis>: Si se detecta cualquier regla HBAC DENY, se " "les denegará el acceso a todos los usuarios." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" "<emphasis>IGNORE</emphasis>: SSSD ignorará cualquier regla DENY. Sea muy " "cuidadoso con este opción, puesto que pueden abrirse accesos no pretendidos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "Predeterminado: DENY_ALL" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "ipa_hbac_support_srchost (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "Si se fija a false, el host fuente dado a SSSD por PAM será ignorado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" "Advierta que si la fija a <emphasis>False</emphasis>, esta opción causa que " "los filtros dados en <emphasis>ipa_host_search_base</emphasis> sean " "ignorados;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 #, fuzzy #| msgid "These options can be used to configure the PAC responder." msgid "This option should only be set by the IPA installer." msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "La localización del automontador de este cliente IPA que será usada" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "Por defecto: La localización llamada “default”" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "ipa_netgroup_member_of (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "El atributo LDAP que lista los afiliados del grupo de red." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "ipa_netgroup_member_user (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" "El atributo LDAP que lista los usuarios del sistema y grupos que son " "miembros directos del grupo de red." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "Predeterminado: memberUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "ipa_netgroup_member_host (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" "El atributo LDAP que lista los host y grupos de host que son miembros " "directos del grupo de red." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "Predeterminado: memberHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "ipa_netgroup_member_ext_host (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" "El atributo LDAP que lista los FQDNs de host y grupos de host que son " "miembros del grupo de red." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "Predeterminado: externalHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "ipa_netgroup_domain (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" "El atributo LDAP que contiene el nombre de dominio NIS del grupo de red." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "Predeterminado: nisDomainName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "ipa_host_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "El objeto clase de una entrada host en LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "Predeterminado: ipaHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "ipa_host_fqdn (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "El atributo LDAP que contiene el FQDN del host." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "Por defecto: fqdn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "ipa_selinux_usermap_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "ipa_selinux_usermap_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "El atributo LDAP que contiene el nombre del mapa de usuario SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "ipa_selinux_usermap_member_user (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" "El atributo LDAP que contiene todos los usuarios / grupos contra los que " "esta regla coincide." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "ipa_selinux_usermap_member_host (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" "El atributo LDAP que contiene todos los hosts /grupos de hosts contra los " "que esta regla coincide." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "ipa_selinux_usermap_see_also (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" "El atributo LDAP que contiene la regla DN de HBAC que puede ser usada en " "lugar de memberUser o memberHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "Por defecto: seeAlso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "ipa_selinux_usermap_selinux_user (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "El atributo LDAP que contiene la cadena de usuario SELinux mismo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "Por defecto: ipaSELinuxUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "ipa_selinux_usermap_enabled (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" "El atributo LDAP que contiene si el mapa de usuario está o no habilitado " "para utilización." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "Por defecto: ipaEnabledFlag" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "ipa_selinux_usermap_user_category (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "El atributo LDAP que contiene la categoría del usuario como ‘all’." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "Por defecto: userCategory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "ipa_selinux_usermap_host_category (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "El atributo LDAP que contiene la categoría del host como ‘all’." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "Por defecto: hostCategory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "ipa_selinux_usermap_uuid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "El atributo LDAP que contiene la ID única del mapa de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "Por defecto: ipaUniqueID" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "ipa_host_ssh_public_key (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "El atributo LDAP que contiene las claves públicas SSH del host." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "Por defecto: ipaSshPubKey" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "PROVEEDOR DE SUBDOMINIOS" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" "El proveedor de subdominios IPA se comporta de forma ligeramente diferente " "si está configurado explícitamente o implícitamente." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" "Si la opción ' subdomains_provider = ipa' se encuentra en la sección de " "dominio de sssd.conf, el proveedor de subdominios de IPA se configura " "explícitamente, y todas las peticiones de subdominio se envían al servidor " "de IPA si es necesario." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" "El siguiente ejemplo asume que SSSD está correctamente configurado y example." "com es uno de los dominios en la sección <replaceable>[sssd]</replaceable>. " "Este ejemplo muestra sólo las opciones específicas del proveedor ipa." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "sssd-ad" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "Esta página de manual describe la configuración del proveedor AD para " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Para una referencia detallada de sintaxis, vea la sección " "<quote>FILE FORMAT</quote> de la página de manual <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" "El proveedor AD es el punto final usado para conectar a un servidor Active " "Directory. Este proveedor requiere que la máquina se una al dominio AD y " "esté disponible una keytab." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" "El proveedor AD soporta la conexión a Active Directory 2008 R2 o " "posteriores. Las versiones anteriores pueden trabajar, pero no está " "soportadas." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" "El proveedor de AD acepta las mismas opciones usadas por el proveedor de " "identidad <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> y el proveedor de autenticación " "<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> con algunas excepciones descritas abajo." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 #, fuzzy #| msgid "" #| "However, it is neither necessary nor recommended to set these options. " #| "The AD provider can also be used as an access and chpass provider. No " #| "configuration of the access provider is required on the client side." msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" "Sin embargo, no es necesario ni recomendable establecer estas opciones. El " "proveedor AD puede ser también usado como un proveedor de acceso y cambio de " "contraseña. No se requiere configuración del proveedor de acceso en el lado " "cliente." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" "ldap_id_mapping = False\n" " " #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "ad_domain (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" "Especifica el nombre del dominio Active Directory. Esto es opcional. Si no " "se suministra, se usa la configuración del nombre de dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" "Para una operativa apropiada, esta opción sería especificada en la versión " "minúscula de la versión larga del dominio Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "ad_server, ad_backup_server (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "ad_hostname (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" "Opcional. Puede ser fijada en máquinas donde el hostname(5) no refleja el " "nombre totalmente cualificado usaro en el dominio Active Directory para " "identificar este host." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" "Este campo se usa para determinar el host principal en uso en la keytab. " "Debe coincidir con el nombre del host desde que se envío la keytab." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 #, fuzzy #| msgid "ldap_sudo_use_host_filter (boolean)" msgid "ad_access_filter (boolean)" msgstr "ldap_sudo_use_host_filter (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 #, fuzzy #| msgid "Default: not set" msgid "Default: Not set" msgstr "Predeterminado: no definido" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 #, fuzzy #| msgid "ldap_disable_paging (boolean)" msgid "ad_enable_gc (boolean)" msgstr "ldap_disable_paging (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" "El siguiente ejemplo asume que SSSD está correctamente configurado y example." "com es uno de los dominios en la sección <replaceable>[sssd]</replaceable>. " "Este ejemplo muestra sólo las opciones específicas del proveedor AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "El proveedor de control de acceso AD comprueba si la cuenta está expirada. " "Tiene el mismo efecto que la siguiente configuración del proveedor LDAP: " "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "sssd-sudo" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "Configuración de sudo con el motor de SSSD" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" "Esta página de manual describe como configurar <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "para trabajar con <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> y como SSSD esconde reglas sudo." #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "Configurando sudo para cooperar con SSSD" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" "Para habilitar SSSD como una fuente de reglas sudo, añada <emphasis>sss</" "emphasis> a la entrada <emphasis>sudoers</emphasis> en <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" "Por ejemplo, para configurar sudo para primero buscar reglas en el fichero " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> estándar (que contendría reglas para aplicar al " "usuario local) y después en SSSD, el fichero nsswitch.conf contiene la " "siguiente línea:" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "sudoers: files sss\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" "Más información sobre la configuración del orden de búsqueda de sudoers " "desde el fichero nsswuitch.conf así información sobre el esquema LDAP que se " "usa para almacenar reglas sudo en el directorio se puede encontrar en " "<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "Configurando SSSD para ir a buscar reglas sudo" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" "El siguiente ejemplo muestra como configurar SSSD para descargar reglas sudo " "desde un servidor LDAP." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "El mecanismo de almacenamiento en cache de regla SUDO" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" "El mayor desafío, cuando se desarrolla soporte sudo en SSSD, fue asegurar " "que ejecutando sudo con SSSD como la fuente de datos suministre la misma " "experiencia de usuario y sea tan rápido como sudo pero se mantenga " "proporcionando el conjunto más actual de reglas como sea posible. Para " "satisfacer estos requisitos, SSSD usa tres clases de actualizaciones. A " "ellas nos referimos como refresco total, refresco inteligente y refresco de " "reglas." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" "El <emphasis>refresco inteligente</emphasis> periódicamente descarga reglas " "que son nuevas o fueron modificadas desde la última actualización. Su " "objetivo principal es mantener la base de datos creciendo mediante la " "atracción de pequeños incrementos que no generen grandes cantidades de " "tráfico de red." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" "<emphasis>full refresh</emphasis> simplemente refresca todas las reglas sudo " "almacenadas en el cache y las reemplaza con las reglas que están almacenadas " "en el servidor. Esto se usa para mantener el cache consistente borrando cada " "regla que fue borrada del servidor. Sin embargo, un refresco total puede " "producir gran cantidad de tráfico y por lo tanto debería ser ejecutado sólo " "ocasionalmente dependiendo del tamaño y de la estabilidad de las reglas sudo." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" "El <emphasis>refresco de reglas</emphasis> asegura que no concedamos más " "permisos al usuario que los definidos. Se dispara cada vez que el usuario " "ejecuta sudo. El refresco de reglas encontrará todas las reglas que se " "apliquen a ese usuario, comprobará su tiempo de expiración y las recargará " "si han expirado. En el caso de que alguna de esas reglas estén desaparecidas " "del servidor, SSSD hará un refresco total fuera de banda puesto que más " "reglas (que apliquen a otros usuarios) pueden haber sido borradas." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" "Si está habilitado, SSSD almacenará sólo las reglas que pueden ser aplicadas " "a esa máquina. Esto indica reglas que contienen uno de los siguientes " "valores en el atributo <emphasis>sudoHost</emphasis>:" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "keyword ALL" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "comodines" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "netgroup (en la forma \"+netgroup\")" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" "nombre de host o nombre de dominio totalmente cualificado de esta máquina" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "una de las direcciones IP de esta máquina" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "" "una de las direcciones IP de la red (en la forma \"dirección/máscara\")" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" "Hay muchas opciones de configuración que pueden ser usadas para ajustar el " "comportamiento. Por favor vea \"ldap_sudo_*\" en <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> y \"sudo_*\" en <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "sssd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "System Security Services Daemon" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" "<command>SSSD</command> suministra un conjunto de demonios para gestionar el " "acceso a directorios remotos y mecanismos de autenticación. Suministra una " "interfaz NSS y PAM hacia el sistema y un sistema de parte trasera conectable " "para conectar múltiples fuentes de cuentas diferentes así como interfaz D-" "Bus. Es también la base para suministrar servicios de auditoría y política a " "los clientes para proyectos como FreeIPA. Suministra una base de datos más " "robusta para almacenar los usuarios locales así como datos de usuario " "extendidos." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" "<option>-d</option>,<option>--debug-level</option> <replaceable>NIVEL</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" "<emphasis>1</emphasis>: Agregar marca de tiempo a mensajes de depuración " #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" "<emphasis>0</emphasis>: Desactiva marca de tiempo en mensajes de depuración" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" "<emphasis>1</emphasis>: Agregar microsegundos a la marca de tiempo en " "mensajes de depuración" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "<emphasis>0</emphasis>: Desactiva microsegundos en marcas de tiempo" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "<option>-f</option>,<option>--debug-to-files</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" "Envía la salida de depuración a ficheros en lugar de a stderr. Por defecto, " "los ficheros de registro se almacenan en <filename>/var/log/sssd</filename> " "y hay ficheros de registro separados para cada servicio y dominio SSSD." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "<option>-D</option>,<option>--daemon</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "Convertido en un demonio después de la puesta en marcha." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "<option>-i</option>,<option>--interactive</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "Ejecutar en primer plano, no convertirse en un demonio." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "<option>-c</option>,<option>--config</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "Especifica un fichero de configuración distinto al de por defecto. El por " "defecto es <filename>/etc/sssd/sssd.conf</filename>. Para referencia sobre " "las opciones y sintaxis del fichero de configuración, consulta la página de " "manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "<option>--version</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "Imprimir número de versión y salir." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "Señales" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "SIGTERM/SIGINT" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" "Informa a SSSD para terminar graciosamente todos sus procesos hijos y " "después para el monitor." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "SIGHUP" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" "Le dice a SSSD que pare de escribir en su fichero descriptor de depuración " "actual y cerrar y reabrirlo. Esto significa facilitar la circulación de " "registro con programas como logrotate." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "SIGUSR1" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" "Le dice a SSSD que simule la operación fuera de línea por un minuto. Esto es " "mayormente útil para propósitos de prueba." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "SIGUSR2" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" "Le dice a SSD que se ponga en línea inmediatamente. Esto es mayormente útil " "para propósitos de prueba." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 #, fuzzy #| msgid "" #| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " #| "debug messages will be sent to stderr." msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" "Si la variable de entorno SSSD_KRB5_LOCATOR_DEBUR está fijada a cualquier " "valor los mensajes de depuración se enviarán a stderr." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "sss_obfuscate" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "oscurecer un password en texto claro" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[CONTRASEÑA]</" "replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" "<command>sss_obfuscate</command> convierte una contraseña dada en un formato " "no legible y la sitúa en la sección apropiada del dominio del fichero de " "configuración SSSD." #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" "La contraseña en texto claro es leída desde la entrada estándar e " "introducida interactivamente. La contraseña ofuscada se pone en el parámetro " "<quote>ldap_default_authtok</quote> de un dominio SSSD dado y el parámetro " "<quote>ldap_default_authtok_type</quote> se fija a " "<quote>obfuscated_password</quote>. Vea <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para más " "detalles sobre estos parámetros." #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" "Por favor advierta que oscurecer la contraseña <emphasis>no suministra un " "beneficio real de seguridad</emphasis> y es posible para un atacante " "mediante ingeniería inversa volver atrás la contraseña. Se recomienda " "<emphasis>firmemente</emphasis> el uso de mejores mecanismos de " "autenticación como certificados en el lado cliente o GSSAPI." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "<option>-s</option>,<option>--stdin</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "La contraseña a oscurecer será leída desde la entrada estándar." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" "El dominio SSSD en el que usar la contraseña. El nombre por defecto es " "<quote>default</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" "<option>-f</option>,<option>--file</option> <replaceable>ARCHIVO</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "" "Lee el fichero de configuración especificado por el parámetro posicional." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "Predeterminado: <filename>/etc/sssd/sssd.conf</filename>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "sss_useradd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "Crea un nuevo usuario" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" "<command>sss_useradd</command> crea una nueva cuenta de usuario usando los " "valores especificados en la línea de comandos más los valores por defecto " "del sistema." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" "Fija la UID del usuario al valor de <replaceable>UID</replaceable>. Si no se " "da, se elige automáticamente." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMENTARIO</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" "Cualquier cadena de texto describiendo al usuario. Frecuentemente se usa " "como el campo para el nombre completo del usuario." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" "El directorio home de la cuenta de usuario. Por defecto se añade el nombre " "<replaceable>LOGIN</replaceable> a <filename>/home</filename> y utiliza esto " "como directorio home. La base de que se antepondrá antes <replaceable>LOGIN</" "replaceable> es sintonizable con el ajuste <quote>user_defaults/" "baseDirectory</quote> en sssd.conf." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" "La shell de acceso del usuario. Por defecto es actualmente <filename>/bin/" "bash</filename>. El valor por defecto puede ser cambiado con el ajuste " "<quote>user_defaults/defaultShell</quote> en sssd.conf." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-G</option>,<option>--groups</option> <replaceable>GRUPOS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "" "Una lista de grupos existentes de los que el usuario también es miembro." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "<option>-m</option>,<option>--create-home</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" "Crea el directorio home del usuario si no existe. Los ficheros y directorios " "contenidos en el directorio esqueleto (que pueden ser definidos con la " "opción –k o en el fichero de configuración) serán copiados en el directorio " "home." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "<option>-M</option>,<option>--no-create-home</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" "No se crear el directorio principal del usuario. Reemplaza los valores de " "configuración." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" "El directorio esqueleto, que contiene ficheros y directorios a copiar en el " "directorio home del usuario, cuando el directorio home es creado por " "<command>sss_useradd</command>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" "Esta opción sólo es válida si se ha especificado la opción <option>-m</" "option> (o <option>--create-home</option>), o la creación de directorios " "home está fijada a TRUE en la configuración." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" "El usuario SELinux para el acceso de usuario. Si no se especifica, se usará " "el valor por defecto del sistema." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "sssd-krb5" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" "Esta página de manual describe la configuración del motor de autenticación " "de Kerberos 5 para <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. Para una referencia detallada de " "la sintaxis, por favor vea la sección <quote>FORMATO DE ARCHIVO</quote> de " "la página de manual de <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" "El motor de autenticaciónd e Kerberos 5 contiene proveedores auth y chpass. " "Debe ir junto con un proveedor de identidad para que funcione adecuadamente " "(por ejemplo, id_provider = ldap). Algo de información requerida por el " "motor de autenticación de Kerberos 5 debe ser provista por el proveedor de " "identidad, tal como el Nombre Principal del usuario de Kerberos (NPU). La " "configuración del proveedor de identidad debe tener una entrada específica " "para el NPU. Por favor, vea la página del manual para el proveedor de " "identidad aplicable, para más detalles sobre cómo configurar esto." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" "Este motor también provee control de acceso basado en el archivo .k5login en " "el directorio de inicio del usuario. Vea <citerefentry> <refentrytitle>." "k5login</refentrytitle><manvolnum>5</manvolnum> </citerefentry> para más " "detalles. Por favor, observe que un archivo .k5login vacío negará todo el " "acceso a este usaurio. Para activar esta característica, use " "'access_provider = krb5' en su configuración de SSSD." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" "En el caso de que el NPU no esté disponible en el motor de identidad, " "<command>sssd</command> construirá un NPU usando el formato " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" "Especifica una lista separada por comas de direcciones IP o nombres de host " "de los servidores Kerberos a los cuales se conectaría SSSD en orden de " "preferencia. Para más información sobre failover y redundancia de servidor, " "vea la sección <quote>FAILOVER</quote>. Un número de puerto opcional " "(precedido de dos puntos) puede ser añadido a las direcciones o nombres de " "host. Si está vacío, el servicio descubridor está habilitado; para más " "información, vea la sección <quote>SERVICE DISCOVERY</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" "El nombre del reino Kerberos. Esta opción se requiere y debe ser " "especificada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "krb5_kpasswd, krb5_backup_kpasswd (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" "Si el servicio de cambio de contraseña no está corriendo en el KDC, se " "pueden definir aquí servidores alternativos. Un número de puerto opcional " "(precedido de dos puntos) debe ser añadido a las direcciones o nombres de " "host." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" "Para más información sobre recuperación de fallos y redundancia de servidor, " "consulte la sección de <quote>conmutación por error</quote>. Nota: incluso " "si no hay más servidores kpasswd para intentar, y el punto final no está " "conmutado para trabajar fuera de línea la autenticación contra el KDC es " "todavía posible." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "Predeterminado: Use the KDC" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "krb5_ccachedir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "Predeterminado: /tmp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "krb5_ccname_template (string)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "%u" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "nombre de acceso" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "%U" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "UID de acceso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "%p" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "nombre principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "%r" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "nombre de reino" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "%h" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "directorio home" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "%d" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "valor de krb5ccache_dir" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "%P" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "%%" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "un literal ‘%’" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 #, fuzzy #| msgid "Default: 0 (No limit)" msgid "Default: (from libkrb5)" msgstr "Predeterminado: 0 (Sin límite)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "krb5_auth_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "krb5_keytab (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" "La localización de la keytab a usar cuando son obtenidas credenciales " "validadas desde KDCs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "Predeterminado: /etc/krb5.keytab" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "krb5_store_password_if_offline (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "krb5_renewable_lifetime (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "Por defecto: no fijado, esto es el TGT no es renovable" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "krb5_lifetime (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" "Por defecto: no fijado, esto es el tiempo de vida de la entrada por defecto " "configurado en el KDC." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "Por defecto: no fijado, esto es no se usa FAST." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "krb5_fast_principal (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "Especifica el servidor principal para usar por FAST." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 msgid "Default: false (AD provider: true)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "sss_groupadd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "Crea un nuevo grupo" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" "<command>sss_groupadd</command> cre un nuevo grupo. Estos grupos son " "compatibles con grupos POXIS, con la característica adicional que pueden " "contener otros grupos como miembros." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" "Fija el GID del grupo al valor de <replaceable>GID</replaceable>. Si no se " "da, se elige automáticamente." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "sss_userdel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "eliminar una cuenta de usuario" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" "<command>sss_userdel</command> borra del sistema un usuario identificado por " "su nombre de acceso <replaceable>LOGIN</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "<option>-r</option>,<option>--remove</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" "Los ficheros en el directorio home del usuario serán borrados así como el " "directorio home mismo y el buzón de correo del usuario. Reescribe la " "configuración." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "<option>-R</option>,<option>--no-remove</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" "Los ficheros en el directorio home del usuario NO serán borrados así como el " "directorio home mismo y el buzón de correo del usuario. Reescribe la " "configuración." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "<option>-f</option>,<option>--force</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" "Esta opción fuerza a <command>sss_userdel</command> a borrar el directorio " "home del usuario y el buzón de correo, aunque no sea propiedad del usuario " "especificado." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "<option>-k</option>,<option>--kick</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "Antes de realmente eliminar al usuario, terminar todos sus procesos." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "sss_groupdel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "eliminar un grupo" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" "<command>sss_groupdel</command> borra del sistema un grupo identificado por " "su nombre <replaceable>GROUP</replaceable>." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "sss_groupshow" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "imprime las propiedades de un grupo" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" "<command>sss_groupshow</command> muestra información sobre un grupo " "identificado por su nombre <replaceable>GROUP</replaceable>. La información " "incluye el número de ID del grupo, miembros del grupo y padres del grupo." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "<option>-R</option>,<option>--recursive</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" "También imprime miembros indirectos del grupo en una jerarquía de árbol. " "Advierta que esto también afecta a la impresión de los grupos padres – sin " "<option>R</option>,, sólo se imprimirá los padres directos." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "sss_usermod" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "Modifica una cuenta de usuario" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" "<command>sss_usermod</command> modifica la cuenta especificada por " "<replaceable>LOGIN</replaceable> para reflejar los cambios que se han " "especificado en la línea de comando." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "El directorio principal de la cuenta de usuario." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "Shell de inicio de sesión del usuario." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" "Añade este usuario a los grupos especificados por el parámetro " "<replaceable>GROUPS</replaceable>. El parámetro <replaceable>GROUPS</" "replaceable> es una lista separada por comas de nombres de grupo." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" "Borrar este usuario de los grupos especificados por el parámetro " "<replaceable>GROUPS</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "<option>-l</option>,<option>--lock</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "Bloquea la cuenta de usuario. El usuario no será capaz de acceder." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "<option>-u</option>,<option>--unlock</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "Desbloquea la cuenta de usuario." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "El usuario SELinux para el acceso del usuario." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "sss_cache" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "lleva a cabo la limpieza del escondrijo" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" "<command>sss_cache</command> invalida resgistros en el escondrijo SSSD. Los " "registros invalidados son forzados a recargarse desde el servidor tan pronto " "como el punto final SSSD relacionado está en línea." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "Invalida el usuario específico." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "<option>-U</option>,<option>--users</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" "Invalida todos los registros de usuario. Esta opción anula la invalidación " "de usuario específico si también está fijada." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "Invalida grupo específico." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "<option>-G</option>,<option>--groups</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" "Invalida todos los registros de grupo. Esta opción anula la invalidación de " "grupo específico si también está fijada." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "Invalida grupo de red específico." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "<option>-N</option>,<option>--netgroups</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" "Invalida todos los registros de grupo de red. Esta opción anula la " "invalidación de grupo de red específico si también está fijada." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "Invalida servicio específico" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "<option>-S</option>,<option>--services</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" "Invalida todos los archivos de servicio. Esta opción anula la invalidación " "de servicio específico si también fue fijada." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "Invalida mapas específicos autofs." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "<option>-A</option>,<option>--autofs-maps</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" "Invalida todos los mapas autofs. Esta opción anula la invalidación de mapa " "específico si fue fijada." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "Restringe el proceso de invalidación sólo a un dominio concreto." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "sss_debuglevel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "cambia el nivel de depuración mientras SSSD está corriendo" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" "<command>sss_debuglevel</command> cambia el nivel de depuración del monitor " "y proveedores SSSD a <replaceable>NEW_DEBUG_LEVEL</replaceable> mientras " "SSSD está corriendo." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "sss_seed" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "alimenta el cache SSSD con un usuario" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" "<command>sss_seed</command> alimenta el cache SSSD con una entrada de " "usuario y una contresañe temporal. Si una entrada de usuario está ya " "presente en el cache SSSD la entrada se actualiza con la contraseña temporal" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" "Suministra el nombre del dominio del que el usuario es miembro. El dominio " "también se usa para recuperar información del usuario. El dominio debe estar " "configurado en sssd.conf. La opción <replaceable>DOMAIN</replaceable> debe " "ser suministrada. La información recuperada del dominio anula la que se ha " "suministrado en las opciones." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" "El nombre de usuario de la entrada a ser creado o modificado en el cache. Se " "debe suministrar la opción <replaceable>USER</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "Fija la UID del usuario a <replaceable>UID</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "Fija la GID del usuario a <replaceable>GID</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" "Fija el directorio home del usuario a <replaceable>HOME_DIR</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" "Fija la shell de acceso del usuario a <replaceable>SHELL</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" "Modo interactivo de introducir información del usuario. Esta opción sólo " "preguntará por la información no suministrada en las opciones o recuperada " "del dominio." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" "Especifica el fichero desde donde leer la contraseña del usuario (si no se " "especifica se pregunta por la contraseña)" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" "La longitud de la contraseña (o el tamaño especificado con la opción -p or --" "password-file) debe ser menos o igual a PASS_MAX bytes ( 64 bytes en " "sistemas sin valor PASS_MAX globalmente definido)." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "sss_ssh_authorizedkeys" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "1" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "obtiene las claves OpenSSH autorizadas" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" "<command>sss_ssh_authorizedkeys</command> adquiere la clave pública SSH para " "el usuario <replaceable>USER</replaceable> y las saca en formato de claves " "autorizadas OpenSSH (vea la sección <quote>AUTHORIZED_KEYS FILE FORMAT</" "quote> de <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> para más información)." #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> puede ser configurado para usar " "<command>sss_ssh_authorizedkeys</command> para autenticación de la clave " "pública del usuario si está compilado para soporte de " "<quote>AuthorizedKeysCommand</quote> o de <quote>PubkeyAgent</quote> " "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> options." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "Si se soporta <quote>AuthorizedKeysCommand</quote>, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> puede ser configurado para usarlo poniendo la siguiente " "directiva en <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" "\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" "Si se soporta <quote>PubkeyAgent</quote>, <citerefentry><refentrytitle>sshd</" "refentrytitle> <manvolnum>8</manvolnum></citerefentry> puede ser configurado " "para usarlo utilizando la siguiente directiva para <citerefentry> " "<refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> " "configuration: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" "Busca las claves públicas del usuario en el dominio SSSD " "<replaceable>DOMAIN</replaceable>." #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "sss_ssh_knownhostsproxy" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "obtiene las claves OpenSSH del host" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" "<command>sss_ssh_knownhostsproxy</command> adquiere las claves públicas SSH " "del host para el host <replaceable>HOST</replaceable>, las almacena en un " "fichero personal OpenSSH conocido por el host (vea la sección " "<quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> de " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> para más información) <filename>/var/lib/sss/pubconf/" "known_hosts</filename> y establece la conexión al host." #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" "Si se especifica <replaceable>PROXY_COMMAND</replaceable>, se usa para crear " "la conexión al host en lugar de abrir un socket." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> puede ser configurado para usar " "<command>sss_ssh_knownhostsproxy</command> para autenticación de la clave " "del host usando las siguientes directivas <citerefentry><refentrytitle>ssh</" "refentrytitle> <manvolnum>1</manvolnum></citerefentry> configuration: " "<placeholder type=\"programlisting\" id=\"0\"/> " #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" "Usa el puerto <replaceable>PORT</replaceable> para conectar al host. Por " "defecto, el puerto usado es el 22." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" "Busca las claves públicas del host en el dominio SSSD <replaceable>DOMAIN</" "replaceable>." #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "SERVICIO DE DESCUBRIMIENTO" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" "La función servicio descubridor permite a los puntos finales encontrar " "automáticamente los servidores apropiados a conectar para usar una pregunta " "especial al DNS. Esta función no está soportada por los servidores de " "respaldo." #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "Configuración" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" "Si no se especifican servidores, el punto final usar automáticamente el " "servicio descubridor para intentar encontrar un servidor. Opcionalmente, el " "usuario puede elegir utilizar tanto las direcciones de servidor fijadas como " "el servicio descubridor para insertar una palabra clave especial, " "<quote>_srv_</quote>, en la lista de servidores. El orden de preferencia se " "mantiene. Esta función es útil sí, por ejemplo, el usuario prefiere usar el " "servicio descubridor siempre que sea posible, el volver a un servidor " "específico cuando no se pueden descubrir servidores usando DNS." #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "El nombre de dominio" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" "Por favor vea el parámetro <quote>dns_discovery_domain</quote> en la página " "de manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> para más detalles." #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "El protocolo" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" "Las consultas normalmente especifican _tcp como protocolo. Las excepciones " "se documentan en la descripción de la opción respectiva." #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "Vea también" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" "Para más información sobre el mecanismo del servicio descubridor, vea el RFC " "2782." #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "CONMUTACIÓN POR ERROR" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" "La función conmutación en error permite a los finales conmutar " "automáticamente a un servidor diferente si el servidor actual falla." #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "Sintaxis de conmutación por error" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" "La lista de servidores se da como una lista separada por comas; se permite " "cualquier número de espacios a los lados de la coma. Los servidores son " "listados en orden de preferencia. La lista puede contener cualquier número " "de servidores." #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "" "El mecanismo de conmutación por errorEl mecanismo de failover distingue " "entre una máquina y un servicio. El punto final intenta primero resolver el " "nombre de host de una máquina dada; si el intento de resolución falla, la " "máquina es considerada fuera de línea. No se harán más intentos de conexión " "con esta máquina para ningún otro servicio. Si el intento de resolución " "tiene éxito, el punto final intenta conectar a un servicio en esa máquina. " "Si el intento de conexión al servicio falla, entonces sólo se considera " "fuera de línea este servicio concreto y el punto final conmutará " "automáticamente sobre el siguientes servicio. La máquina se considera que " "sigue en línea y se puede intentar el acceso a otros servicios." #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" "El mecanismo de conmutación por error distingue entre una máquina y un " "servicio. El punto final intenta primero resolver el nombre de host de una " "máquina dada; si el intento de resolución falla, la máquina es considerada " "fuera de línea. No se harán más intentos de conexión con esta máquina para " "ningún otro servicio. Si el intento de resolución tiene éxito, el punto " "final intenta conectar a un servicio en esa máquina. Si el intento de " "conexión al servicio falla, entonces sólo se considera fuera de línea este " "servicio concreto y el punto final conmutará automáticamente sobre el " "siguientes servicio. La máquina se considera que sigue en línea y se puede " "intentar el acceso a otros servicios." #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" "Los intentos de conexión adicionales son hechos a máquinas o servicios " "marcaros como fuera de línea después de un período de tiempo especificado; " "esto está codificado a fuego actualmente en 30 segundos." #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" "Si no hay más máquinas para intentarlo, el punto final al completo conmutará " "al modo fuera de línea y después intentará reconectar cada 30 segundo." #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "ASIGNACIÓN DE ID" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" "La función asignación de ID permite a SSSD actuar como un cliente de Active " "Directory sin requerir de administradores para extender los atributos de " "usuario para soportar atributos POSIX para los identificadores de usuario y " "grupo." #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" "NOTA: Cuando asignación de ID está habilitado, los atributos uidNumber y " "gidNumber son ignorados. Esto es para evitar la posibilidad de conflictos " "entre los valores automáticamente asignados y los asignados manualmente. Si " "usted necesita usar los valore asignados manualmente, TODOS los valores " "deben ser asignados manualmente." #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "Algoritmo de asignación" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" "Active Directory suministra un objectSID para cada objeto usuario y grupo en " "el directorio. El objectSID puede ser dividido en componente que representan " "la identidad del dominio Active Directory y le identificador relativo (RID) " "del objeto usuario y grupo." #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" "El algoritmo de asignación de ID de SSSD tiene un rango de UIDs disponibles " "y lo divide en secciones componente de igual tamaño – llamadas “rebanadas” " "-. Cada rebanada representa el espacio disponible para un dominio Active " "Directory." #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" "Cuando se encuentra por primera vez una entrada de usuario o grupo para un " "dominio concreto, SSSD asigna una de las rebanadas disponibles para ese " "dominio. Con el objetivo de hacer esta asignación de rebanadas repetible " "sobre diferentes máquinas clientes, seleccionamos la rebanada en base al " "siguiente algoritmo:" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" "La cadena SID pasada a través del algoritmo murmurhash3 para convertirlo en " "un valor picado de 32 bit. Después tomamos los módulos de este valor con el " "número total de rebanadas disponibles para recoger la rebanada." #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" "NOTA: Es posible encontrar colisiones en el picadillo y los módulos " "subsiguientes. En estas situaciones, seleccionaremos la siguiente rebanada " "disponible, pero puede no ser posible reproducir los mismos conjuntos " "exactos de rebanadas sobre otras máquinas (puesto que el orden en que se " "encuentren desterminará sus rebanadas). En esta situación, se recomienda o " "bien conmutar para usar los atributos explícitos POSIX en Active Directory " "(deshabilitando la asignación de ID) o configurar un dominio por defecto " "para garantizar que al menos uno sea siempre consistente. Vea " "<quote>Configuración</quote> para detalles." #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" "Configuración mínima (en la sección <quote>[domain/DOMAINNAME]</quote>):" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "ldap_id_mapping = True ldap_schema = ad \n" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" "La configuración por defecto resulta en la configuración de 10.000 " "rebanadas, cada una capaz de sostener 200.000 IDs empezando por 10.001 y " "yendo hasta 2.000.100.000. Esto debería ser suficiente para la mayoría de " "los despliegues." #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "Configuración Avanzada" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "ldap_idmap_range_min (entero)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" "Especifica el límite inferior del rango de IDs POXIS a usar para la " "asignación de SIDs de usuario y grupo de Active Directory." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" "NOTA: Esta opción es diferente de <quote>min_id</quote> en esta " "<quote>min_id</quote> actúa para filtrar la salida de las peticiones a este " "dominio, mientras esta opción controla el rango de la asignación de ID. Esto " "es una sutil diferencia, pero el buen consejo general sería que " "<quote>min_id</quote> fuera menor o igual que <quote>ldap_idmap_range_min</" "quote>" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "Por defecto: 200000" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "ldap_idmap_range_max (entero)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" "Especifica el límite superior del rango de IDs POXIS a usar para la " "asignación de SIDs de usuario y grupo por Active Directory." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" "NOTA: Esta opción es diferente de <quote>max_id</quote> en esta " "<quote>max_id</quote> actúa para filtrar la salida de las peticiones a este " "dominio, mientras esta opción controla el rango de la asignación de ID. Esto " "es una sutil diferencia, pero el buen consejo general sería que " "<quote>max_id</quote> fuera menor o igual que <quote>ldap_idmap_range_max</" "quote>" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "Por defecto: 2000200000" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "ldap_idmap_range_size (entero)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" "Especifica el número de IDs disponibles para cada rebanada. Si el rango no " "se divide de forma igual entre los valores mínimo y máximo, creará tantas " "rebanadas completas como sea posible." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "ldap_idmap_default_domain_sid (cadena)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" "Especifica el SID de dominio del dominio por defecto. Esto garantizará que " "este dominio será asignado siempre a la rebanada cero en el mapa de ID, " "sobrepasando el algoritmo murmurhash descrito arriba." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "ldap_idmap_default_domain (cadena)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "Especifica el nombre del dominio por defecto." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "ldap_idmap_autorid_compat (booleano)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" "Cambia el comportamiento del algoritmo de asignación de id para que se " "comporte de un modo más similar al algoritmo <quote>idmap_autorid</quote> de " "winbind." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" "Cuando esta opción está configurada, los dominios serán asignados empezando " "con la rebanada cero e incrementándose de uno en uno con cada dominio " "adicional." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" "NOTA: Este algoritmo no es determinista (depende del orden en que usuario y " "grupos son pedidos). Si se requiere este modo para compatibilidad con " "máquinas que ejecutan winbind, se recomienda que también use la opción " "<quote>ldap_idmap_default_domain_sid</quote> para garantizar que al menos un " "dominio está asignado consistentemente a la rebanada cero." #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "<option>-?</option>,<option>--help</option>" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "Muestra mensaje de ayuda y sale." #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "<option>-h</option>,<option>--help</option>" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "Niveles de depuración actualmente soportados:" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 #, fuzzy #| msgid "" #| "<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent " #| "SSSD from starting up or causes it to cease running." msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" "<emphasis>0x0010</emphasis>: Fallos fatales. Cualquier cosa que evitaría que " "SSSD arrancara u origine el cese de la ejecución." #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 #, fuzzy #| msgid "" #| "<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't " #| "kill the SSSD, but one that indicates that at least one major feature is " #| "not going to work properly." msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" "<emphasis>0x0020</emphasis>: Fallos críticos. Un error que no matará SSSD, " "pero que indica que al menos una de las funciones principales no está " "trabajando apropiadamente." #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 #, fuzzy #| msgid "" #| "<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a " #| "particular request or operation has failed." msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" "<emphasis>0x0040</emphasis>: Fallos serios. Un error anunciando que una " "petición u operación concreta ha fallado." #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 #, fuzzy #| msgid "" #| "<emphasis>0x0080</emphasis>: Minor failures. These are the errors that " #| "would percolate down to cause the operation failure of 2." msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" "<emphasis>0x0080</emphasis>: Fallos menores. Estos son errores que podrían " "filtrarse hacia abajo para causar fallos en la operación de 2." #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 #, fuzzy #| msgid "<emphasis>0x0100</emphasis>: Configuration settings." msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "<emphasis>0x0100</emphasis>: Ajustes de configuración." #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 #, fuzzy #| msgid "<emphasis>0x0200</emphasis>: Function data." msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "<emphasis>0x0200</emphasis>: Datos de función." #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 #, fuzzy #| msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions." msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "" "<emphasis>0x0400</emphasis>: Traza de mensajes para funciones de operación." #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 #, fuzzy #| msgid "" #| "<emphasis>0x1000</emphasis>: Trace messages for internal control " #| "functions." msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" "<emphasis>0x1000</emphasis>: Traza de mensajes para funciones de control " "interno." #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 #, fuzzy #| msgid "" #| "<emphasis>0x2000</emphasis>: Contents of function-internal variables that " #| "may be interesting." msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" "<emphasis>0x2000</emphasis>: Contenidos de variables de función interna que " "pueden ser interesantes." #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 #, fuzzy #| msgid "" #| "<emphasis>0x4000</emphasis>: Extremely low-level tracing information." msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "" "<emphasis>0x4000</emphasis>: Información de trazado de nivel extremadamente " "bajo." #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 #, fuzzy #| msgid "" #| "To log required debug levels, simply add their numbers together as shown " #| "in following examples:" msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" "Para registrar los niveles de depuración requeridos, simplemente añada sus " "números juntos como se muestra en los siguientes ejemplos:" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" "<emphasis>Ejemplo</emphasis>: Para registrar fallos fatales, críticos y " "serios y datos de función use 0x0270." #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" "<emphasis>Example</emphasis>: Para registrar fallos fatales, ajustes de " "configuración, datos de función, mensajes de traza para funciones de control " "interno use 0x1310." #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 #, fuzzy #| msgid "" #| "<emphasis>Note</emphasis>: This is new format of debug levels introduced " #| "in 1.7.0. Older format (numbers from 0-10) is compatible but deprecated." msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" "<emphasis>Nota</emphasis>: Este es un nuevo formato de niveles de depuración " "introducido en 1.7.0. El formato más antiguo (números de 0-10) es compatible " "pero obsoleto." #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 #, fuzzy #| msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgid "<emphasis>Default</emphasis>: 0" msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" "<emphasis> Este es una función experimental, por favor utilice http://" "fedorahosted.org/sssd para reportar cualquier cuestión. </emphasis>" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "EL DOMINIO LOCAL" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" "Con el objetivo de que funcione correctamente, se debe crear un dominio con " "<quote>id_provider=local</quote> y el SSSD debe estar corriendo." #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" "El administrador puede desear usar los usuarios locales SSSD en lugar de los " "usuarios tradicionales UNIX en los casos donde los grupos anidados (vea " "<citerefentry> <refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>) sean necesarios. Los usuarios locales son " "también útiles para la prueba y el desarrollo del SSSD sin tener que " "desplegar un servidor remoto completo. Las herramientas <command>sss_user*</" "command> y <command>sss_group*</command> usan un almacenamiento LDB local " "para almacenar usuarios y grupos." #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "VEA TAMBIEN" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" "Una base DN opcional, alcance de la búsqueda y filtro LDAP para búsquedas " "LDAP de este tipo de atributo." #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "" "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" "\n" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "sintaxis: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" "El alcance puede ser uno de \"base\", \"onelevel\" o \"subtree\". El filtro " "debe ser un filtro de búsqueda válido LDAP como se especifica en http://www." "ietf.org/rfc/rfc2254.txt" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" "Para ejemplos de esta sintaxis, por favor vea la sección de ejemplos de " "<quote>ldap_search_base</quote>" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" "Por favor advierta que especificar el alcance o el filtro no está soportado " "para búsquedas contra un Active Directory Server que puede ceder un gran " "número de resultados y disparar la extensión Range Retrieval en la respuesta." #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" "Por favor advierta que el automontador sólo lee el mapa maestro en el " "arranque, se modo que si se hace cualquier cambio relacionado con autofs al " "sssd.conf, usted normalmente también necesitará reiniciar el demonio " "automontador después de reiniciar el SSSD." #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "override_homedir (cadena)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "número UID" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "nombre de dominio" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "%f" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "nombre totalmente cualificado del usuario (user@domain)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "%o" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "El directorio home original recuperado del proveedor de identidad." #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Anula el directorio home del usuario. Usted puede suministras bien un valor " "absoluto o una plantilla. En la plantilla, serán sustituidas las siguientes " "secuencias: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "Esta opción puede ser también fijada por dominio." #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "Por defecto: No fijado (SSSD usará el valor recuperado desde LDAP)" #~ msgid "" #~ "Override the login shell for all users. This option can be specified " #~ "globally in the [nss] section or per-domain." #~ msgstr "" #~ "Anula la shell de acceso de todos los usuarios. Esta opción puede ser " #~ "especificada globalmente en la sección [nss] o por dominio." #~ msgid "Default: FILE:%d/krb5cc_%U_XXXXXX" #~ msgstr "Predeterminado: FILE:%d/krb5cc_%U_XXXXXX" #~ msgid "" #~ "Bit mask that indicates which debug levels will be visible. 0x0010 is the " #~ "default value as well as the lowest allowed value, 0xFFF0 is the most " #~ "verbose mode. This setting overrides the settings from config file." #~ msgstr "" #~ "Bit de máscara que indica que niveles de depuración serán visibles. " #~ "0x0010 es el valor por defecto así como el valor más bajo permitido, " #~ "0xFFF0 es el modo más verboso. Este ajuste anula los ajustes del fichero " #~ "de configuración." ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/ja.po�������������������������������������������������������0000644�0000000�0000000�00000000132�12320753573�016467� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396955003.502843871 30 atime=1396955003.501843871 30 ctime=1396955003.502843871 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/ja.po������������������������������������������������������������������������0000664�0024127�0024127�00001641030�12320753573�016723� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: # Tadashi "ELF" Jokagi <elf@poyo.jp>, 2012 # Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013 # 高一人参 @欠陥遺伝子 <www.carrotsoft@gmail.com>, 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2013-11-19 16:29+0000\n" "Last-Translator: Tomoyuki KATO <tomo@dream.daynight.jp>\n" "Language-Team: Japanese (http://www.transifex.com/projects/p/fedora/language/" "ja/)\n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "SSSD マニュアル ページ" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "sss_groupmod" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "8" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "グループを変更します。" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "概要" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" "<command>sss_groupmod</command> はコマンドラインにおいて指定された変更を反映" "するようグループを変更します。" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "オプション" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" "このグループを <replaceable>GROUPS</replaceable> パラメーターにより指定された" "グループに追加します。 <replaceable>GROUPS</replaceable> パラメーターはグルー" "プ名のカンマ区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" "このグループを <replaceable>GROUPS</replaceable> パラメーターにより指定された" "グループから削除します。" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "sssd.conf" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "ファイル形式および変換" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "SSSD の設定ファイル" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "ファイルフォーマット" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "ファイルは ini 形式の構文を持ち、セクションとパラメーターから構成されます。セ" "クションは角括弧にあるセクション名から始まり、次のセクションが始まるまで続き" "ます。 1 つセクションと複数の値を持つパラメーターの例: <placeholder type=" "\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" "使用されるデータ形式は、文字列(引用符は不要)、整数および論理値" "(<quote>TRUE/FALSE</quote> の値)です。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" "すべてのセクションはオプションの <replaceable>description</replaceable> パラ" "メーターを持てます。その機能はセクションのラベルとしてのみです。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" "<filename>sssd.conf</filename> は、root により所有され、root のみが読み書きで" "きる、通常のファイルである必要があります。" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "特別セクション" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "[sssd] セクション" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "セクションのパラメーター" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "config_file_version (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" "設定ファイルの構文が何であるカを指示します。SSSD 0.6.0 およびそれ以降はバー" "ジョン 2 を使用します。" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "services" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "sssd 自身が開始するときに開始されるサービスのカンマ区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" "サポートされるサービス: nss, pam <phrase condition=\"with_sudo\">, sudo</" "phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase " "condition=\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder" "\">, pac</phrase>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" "データプロバイダーがクラッシュまたは再起動した場合、サービスが再接続をあきら" "める前に試行する回数です。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "初期値: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "domains" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" "ドメインはユーザー情報を含むデータベースです。SSSD は同時に複数のドメインを使" "用できますが、少なくとも一つを設定する必要があります。さもなければ SSSD は開" "始できません。このパラメーターは検索したいドメインの一覧を表します。ドメイン" "名は ASCII 英数字、ダッシュ (-) およびアンダースコア (_) のみを使用できます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "re_expression (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "full_name_format (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" "ユーザー名とドメイン名のコンポーネントから完全修飾名を表現する方法を表す " "<citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry> 互換形式。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "ユーザー名" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "SSSD 設定ファイルにおいて指定されるドメイン名。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" "以下の拡張モジュールがサポートされます: <placeholder type=\"variablelist\" " "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "try_inotify (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" "SSSD は、内部 DNS リゾルバーを更新する必要となるときを認識するために、resolv." "conf の状態を監視します。初期状態では、このために inotify を使用しようとしま" "す。inotify が使用できない場合 5 秒ごとに resolv.conf をポーリングするよう" "フォールバックします。" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" "inotify を使用することをスキップすることが望ましい、いくつかの制限された状況" "があります。これらの珍しい場合では、このオプションが 'false' に設定されるべき" "です" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" "初期値: inotify がサポートされるプラットフォームにおいては真です。他のプラッ" "トフォームにおいては偽です。" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" "注: このオプションは inotify が利用不可能なプラットフォームにおいて効果があり" "ません。これらのプラットフォームにおいては、ポーリングが常に使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "krb5_rcache_dir (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ" "クトリーです。" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" "このオプションは、libkrb5 がリプレイキャッシュに対する適切な場所を決められる" "よう SSSD に指示する、特別な値 __LIBKRB5_DEFAULTS__ を受け付けます。" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" "初期値: ディストリビューション固有かつ構築時に指定されます。 (設定されていな" "ければ __LIBKRB5_DEFAULTS__ です)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "default_domain_suffix (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "初期値: 設定されません" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" "SSSD の機能の各部分は SSSD と一緒に開始および停止される特別な SSSD サービスに" "より提供されます。特別なサービスにより管理されるサービスはよく<quote>モニター" "</quote>と呼ばれます。<quote>[sssd]</quote> セクションは、モニターだけでな" "く、識別ドメインのような他の重要なオプションを設定するために使用されます。 " "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "サービスセクション" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" "異なるサービスを設定するために使用される設定がこのセクションに記述されます。" "それらは [<replaceable>$NAME</replaceable>] セクションに置かれます。たとえ" "ば、NSS サービスは <quote>[nss]</quote> セクションです" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "サービス設定の全体オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "これらのオプションはすべてのサービスを設定するために使用できます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "debug_level (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "debug_timestamps (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "デバッグメッセージに日時を追加します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "初期値: true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "debug_microseconds (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "デバッグメッセージの日時にマイクロ秒を追加します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "初期値: false" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "初期値: 10" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" "このオプションは、SSSD プロセスのクライアントがそれとコミュニケーションなしで" "ファイル記述子に保持できる秒数を指定します。この値はシステムのリソース枯渇を" "避けるために制限されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "初期値: 60" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "force_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "NSS 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" "これらのオプションは Name Service Switch (NSS) サービスを設定するために使用で" "きます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" "nss_sss が列挙をキャッシュする秒数です(すべてのユーザーに関する情報に対する" "要求)。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "初期値: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" "エントリーキャッシュは、ドメインに対して entry_cache_timeout の値を超えて要求" "された場合に、バックグラウンドでエントリーを自動的に更新するよう設定できま" "す。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" "たとえば、ドメインの entry_cache_timeout が 30s に設定され、" "entry_cache_nowait_percentage が 50 (%) に設定されていると、エントリーが 15 " "秒経過後にきて、最新の更新キャッシュが直ちに返されます。しかし、SSSD が自身に" "キャッシュされ、更新されます。そのため、その先の要求はキャッシュ更新を待つこ" "とをブロックする必要がありません。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" "このオプションに対して有効な値は 0-99 です。各ドメインに対する " "entry_cache_timeout のパーセンテージを表します。性能上の理由から、このパーセ" "ンテージは 10 秒よりも小さく nowait タイムアウトを減らすべきではありません。" "(0 はこの機能を無効にします)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "初期値: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" "nss_sss が再びバックエンドに問い合わせる前にネガティブキャッシュヒット(つま" "り、存在しないドメインのように、無効なデータベースエントリーに対する問い合わ" "せ)をキャッシュする秒数を指定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "初期値: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" "sss NSS データベースから取り出されたものから特定のユーザーを除外します。これ" "はとくにシステムアカウントに対して有効です。このオプションはドメインごとに設" "定できます。または特定のドメインからユーザーのみをフィルターするために完全修" "飾名を含めることができます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "初期値: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" "フィルターされたユーザーがまだグループメンバーのままにしたいならば、このオプ" "ションを偽に設定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "fallback_homedir (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" "ドメインのデータプロバイダーにより明示的に指定されていない場合に、ユーザーの" "ホームディレクトリーの標準テンプレートを設定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" "このオプションに対して利用可能なオプションは override_homedir に対するものと" "同じです。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, fuzzy, no-wrap #| msgid "" #| "override_homedir = /home/%u\n" #| " " msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" "override_homedir = /home/%u\n" " " #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "override_shell (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 #, fuzzy #| msgid "" #| "Override the login shell for all users. This option can be specified " #| "globally in the [nss] section or per-domain." msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" "すべてのユーザーに対するログインシェルを上書きします。このオプションは [nss] " "において全体的またはドメインごとに指定できます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "allowed_shells (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" "ユーザーのシェルを一覧にある値のどれかに制限します。評価の順番は次のとおりで" "す:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" "2. シェルが allowed_shells 一覧にあるが、<quote>/etc/shells</quote> になけれ" "ば、shell_fallback パラメーターの値を使用します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" "3. シェルが allowed_shells 一覧になく、<quote>/etc/shells</quote> にもなけれ" "ば、nologin シェルが使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "シェルの空文字列は libc にそのまま渡されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" "<quote>/etc/shells</quote> は SSSD が開始されるときにのみ読み込まれます。これ" "は新しいシェルがインストールされた場合 SSSD の再起動が必要になることを意味し" "ます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "vetoed_shells (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "shell_fallback (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" "許可されたシェルがマシンにインストールされていない場合に使用する標準シェルで" "す。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "初期値: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 #, fuzzy #| msgid "" #| "Override the login shell for all users. This option can be specified " #| "globally in the [nss] section or per-domain." msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" "すべてのユーザーに対するログインシェルを上書きします。このオプションは [nss] " "において全体的またはドメインごとに指定できます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "memcache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "初期値: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "PAM 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" "これらのオプションは Pluggable Authentication Module (PAM) サービスを設定する" "ために使用できます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" "認証プロバイダーがオフラインの場合に、キャッシュログインを許可する時間(オン" "ラインログインの最終成功からの日数)です。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "初期値: 0 (無制限)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" "認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" "新しいログイン試行が可能になる前に offline_failed_login_attempts に達した後に" "渡される分単位の時間です。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" "0 に設定されていると、offline_failed_login_attempts に達した場合、ユーザーが" "オフライン認証できません。オンライン認証に成功すると、再びオフライン認証を有" "効にできます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "初期値: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" "認証中にユーザーに表示されるメッセージの種類を制御します。数字が大きければ大" "きいほどメッセージが表示されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "現在 sssd は以下の値をサポートします:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "初期値: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" "SSSD がオンラインの間はすべての PAM 要求に対して、ユーザーが最新の情報で認証" "されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" "完全な PAM のやりとりは、アカウント管理やセッション開始のように、複数の PAM " "要求を実行できます。このオプションは、識別プロバイダーに対する過剰なラウンド" "トリップを避けるために識別情報をキャッシュできる時間(秒数)を(クライアント" "アプリケーションごとに)制御します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "パスワードの期限が切れる前に N 日間警告を表示します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" "バックエンドのサーバーがパスワードの有効期間に関する情報を提供する必要がある" "ことに注意してください。この情報がなければ、sssd は警告を表示します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "初期値: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "SUDO 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "これらのオプションは sudo サービスを設定するために使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "sudo_timed (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" "時間依存の sudoers エントリーを実装する sudoNotBefore と sudoNotAfter の属性" "を評価するかしないかです。" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "Autofs 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "これらのオプションが autofs サービスを設定するために使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" "autofs レスポンダーのネガティブキャッシュ(つまり、存在しないもののように、無" "効なマップエントリーに対する問い合わせ)が再びバックエンドに問い合わせる前に" "ヒットする秒数を指定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "SSH 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "これらのオプションは SSH サービスを設定するために使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "初期値: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "allowed_uids (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "ドメインセクション" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" "ドメインに対する UID と GID の制限です。ドメインがこれらの制限の外にあるエン" "トリーを含む場合、それは無視されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" "ユーザーに対して、これはプライマリー GID 制限に影響します。 UID またはプライ" "マリー GID が範囲外ならば、ユーザーは NSS に返されません。非プライマリーメン" "バーに対して、範囲内にあるものは予期されたものとして報告されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "初期値: min_id は 1, max_id は 0 (無制限)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "enumerate (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" "ドメインが列挙できるかを決定します。このパラメーターは以下の値のどれかである" "必要があります:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = ユーザーとグループが列挙されます" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = このドメインに対して列挙しません" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "初期値: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" "最初の列挙が実行中の間、完全なユーザーまたはグループの一覧に対する要求は、そ" "れが完了するまで結果を返しません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" "さらに、列挙を有効にすることにより、挙の検索が確実に正しく完了するよりも長く" "する必要があるので、ネットワーク切断を検知するために必要な時間が増える可能性" "があります。詳細は使用している具体的な id_provider のマニュアルページを参照し" "てください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 #, fuzzy #| msgid "subdomain_homedir (string)" msgid "subdomain_enumerate (string)" msgstr "subdomain_homedir (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "初期値: none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" "nss_sss が再びバックエンドに問い合わせる前にエントリーを有効であると考える秒" "数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "初期値: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" "nss_sss が再びバックエンドに問い合わせる前にユーザーエントリーを有効であると" "考える秒数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "初期値: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" "nss_sss が再びバックエンドに問い合わせる前にグループエントリーを有効であると" "考える秒数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" "nss_sss が再びバックエンドに問い合わせる前にネットワークグループエントリーを" "有効であると考える秒数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" "nss_sss が再びバックエンドに問い合わせる前にサービスエントリーを有効であると" "考える秒数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "初期値: 0 (無効)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "cache_credentials (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" "ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうか" "を決めます" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" "ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" "正常にログイン後、キャッシュのクリーンアップ中にエントリーが削除される前の日" "数です。 0 は永久に保持することを意味します。このパラメーターの値は " "offline_credentials_expiration と同等以上でなければいけません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "初期値: 0 (無制限)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "初期値: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "id_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" "ドメインに対して使用される識別子プロバイダーです。サポートされる ID プロバイ" "ダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "<quote>proxy</quote>: レガシーな NSS プロバイダーのサポート" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "<quote>local</quote>: ローカルユーザー向け SSSD 内部プロバイダー" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" "<quote>ldap</quote>: LDAP プロバイダー。LDAP の設定に関する詳細は " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" "<quote>ipa</quote>: FreeIPA および Red Hat Enterprise Identity Management プ" "ロバイダー。FreeIPA の設定に関する詳細は <citerefentry> <refentrytitle>sssd-" "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してくださ" "い。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" "<quote>ad</quote>: Active Directory プロバイダー。Active Directory の設定に関" "する詳細は <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" "NSS に報告するユーザーのログイン名としてフルネームとドメイン (ドメインの完全" "名形式により整形されたように) を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" "TRUE に設定されていると、このドメインへのすべての要求は完全修飾名を使用する必" "要があります。たとえば、 \"test\" ユーザーを含む LOCAL ドメインにおいて使用さ" "れていると、<command>getent passwd test</command> はユーザーを見つけられませ" "んが、<command>getent passwd test@LOCAL</command> は見つけられます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "auth_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" "ドメインに対して使用される認証プロバイダーです。サポートされる認証プロバイ" "ダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> は本来の LDAP 認証向けです。LDAP の設定に関する詳細は " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" "<quote>krb5</quote> は Kerberos 認証向けです。Kerberos の設定に関する詳細は " "<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" "<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> は明示的に認証を無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" "初期値: <quote>id_provider</quote> が設定され、認証要求を取り扱うことができる" "ならば、それが使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "access_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" "ドメインに対して使用されるアクセス制御プロバイダーです。 2 つの組み込みアクセ" "スプロバイダーがあります(インストールされたバックエンドに含まれるすべてを加" "えます)。内部の特別プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" "<quote>permit</quote> は常にアクセスを許可します。ローカルドメインに対するプ" "ロバイダーのみアクセスが許可されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> は常にアクセスを拒否します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" "<quote>simple</quote> アクセス制御はアクセスまたは拒否の一覧に基づきます。" "simple アクセスモジュールの設定に関する詳細は <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</manvolnum></" "citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "初期値: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "chpass_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" "ドメインに対するパスワード変更操作を取り扱うプロバイダーです。サポートされる" "パスワード変更プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> は LDAP サーバーに保存されているパスワードを変更します。 " "LDAP の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ldap</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" "<quote>krb5</quote> は Kerberos のパスワードを変更します。 Kerberos の設定に" "関する詳細は <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" "<quote>proxy</quote> はいくつかの他の PAM ターゲットにパスワードの変更を中継" "します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" "初期値: <quote>auth_provider</quote> が設定され、パスワードの変更要求を取り扱" "うことができるならば、それが使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "sudo_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー" "は次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> は LDAP に保存されているルールのためです。LDAP の設定に関" "する詳細は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> を参照します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> は SUDO を明示的に無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "初期値: <quote>id_provider</quote> の値が設定されていると使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "selinux_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "subdomains_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "autofs_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" "ドメインに対して使用される autofs プロバイダーです。 サポートされる autofs " "プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> は LDAP に保存されているマップを読み込みます。LDAP の設定" "に関する詳細は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> は IPA サーバーに保存されているマップを読み込みます。IPA " "の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> は明示的に autofs を無効にします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "hostid_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" "ホスト識別情報を取得するために使用されるプロバイダーです。 サポートされる " "hostid プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> は IPA サーバーに保存されているホスト識別子を読み込みま" "す。IPA の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> は明示的に hostid を無効にします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "domain\\username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" "初期値: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> で" "す。\"the name is everything up to the <quote>@</quote> sign, the domain " "everything after that\" に解釈されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" "関連注記: 古いバージョンの libpcre はサブパターンをラベル付けするために " "Python 構文 (?P<name>) のみをサポートします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "初期値: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "lookup_family_order (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" "DNS 検索を実行するときに使用する、優先アドレスファミリーを選択する機能を提供" "します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "サポートする値:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "初期値: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" "DNS リゾルバーが到達不可能であると仮定するまでに、そこからの応答を待つ時間" "(秒単位)を定義します。このタイムアウトに達すると、ドメインはオフラインモー" "ドにて操作を継続します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "初期値: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" "サービス検索がバックエンドで使用されていると、サービス検索 DNS クエリーのドメ" "イン部分を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "初期値: マシンのホスト名のドメイン部分を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "override_gid (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "プライマリー GID の値を指定されたもので上書きします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "case_sensitive (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" "ユーザー名とグループ名が大文字小文字を区別するよう取り扱います。今のところ、" "このオプションはローカルプロバイダーにおいてサポートされません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "初期値: True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "サブドメインのフラット (NetBIOS) 名。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" "値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "初期値: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "realmd_tags (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "これらの設定オプションはドメイン設定のセクション、つまり <quote>[domain/" "<replaceable>NAME</replaceable>]</quote> に存在します <placeholder type=" "\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "中継するプロキシターゲット PAM です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" "初期値: 設定されません。既存の PAM 設定を使用するか、新しく作成してサービス名" "をここに追加する必要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" "プロキシードメインにおいて使用する NSS ライブラリーの名前です。ライブラリーに" "おいて検索する NSS 関数は _nss_$(libName)_$(function) の形式です。たとえば " "_nss_files_getpwent です。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" "プロキシドメインに対して有効なオプションです。 <placeholder type=" "\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "ローカルドメインのセクション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" "このセクションは、ユーザーとグループを SSSD ネイティブデータベースに保存する" "ドメイン、つまり、 <replaceable>id_provider=local</replaceable> を使用するド" "メインに対する設定を含みます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "default_shell (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "初期値: <filename>/bin/bash</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "base_directory (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" "ツールがログイン名を <replaceable>base_directory</replaceable> に追加して、" "ホームディレクトリーとして使用します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "初期値: <filename>/home</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "create_homedir (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" "初期状態で新規ユーザーに対するホームディレクトリーが作成されるかを指示しま" "す。コマンドラインにおいて上書きできます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "初期値: TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "remove_homedir (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" "初期状態で新規ユーザーに対するホームディレクトリーが削除されるかを指示しま" "す。コマンドラインにおいて上書きできます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "homedir_umask (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" "新規に作成されるホームディレクトリーにパーミッションの初期値を指定するために " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry> により使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "初期値: 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "skel_dir (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" "ホームディレクトリーが <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> により作成されると" "き、ユーザーのホームディレクトリーにコピーされるファイルおよびディレクトリー" "を含む、スケルトンディレクトリーです。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "初期値: <filename>/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "mail_dir (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" "メールスプールディレクトリーです。これに対応するユーザーアカウントが変更また" "は削除されたとき、これを操作する必要があります。指定されていなければ、初期値" "が使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "初期値: <filename>/var/mail</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "userdel_cmd (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" "ユーザーの削除後に実行されるコマンドです。コマンドは最初の唯一のパラメーター" "として削除されるユーザーのユーザー名を渡します。コマンドの返り値は考慮されま" "せん。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "初期値: なし、コマンドを実行しません" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "例" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" "以下の例は SSSD の一般的な設定を示します。ドメイン自身の設定を説明していませ" "ん - ドメインの設定に関する詳細はドキュメントを参照してください。 " "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "sssd-ldap" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" "このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> 向けの LDAP ドメインの設定を説明して" "います。詳細な構文については <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの " "<quote>ファイル形式</quote> セクションを参照してください。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "SSSD が複数の LDAP ドメインを使用するよう設定できます。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" "LDAP バックエンドは id, auth, access および chpass プロバイダーをサポートしま" "す。 LDAP サーバーに対して認証したければ、 TLS/SSL または LDAPS のどちらかが" "必要になります。 <command>sssd</command> は暗号化されないチャネルにおける認証" "はサポート<emphasis>されません</emphasis>。 LDAP サーバーが識別プロバイダーと" "してのみ使用されるならば、暗号化チャネルは必要ありません。アクセスプロバイ" "ダーとして LDAP を使用することの詳細は <quote>ldap_access_filter</quote> 設定" "オプションを参照してください。" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "設定オプション" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "URI の形式は RFC 2732 に決められている形式と一致しなければいけません:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" "IPv6 アドレスを明示するために、<host> を角括弧 [] でくくる必要がありま" "す。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "例: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "サービス discovery ldap_chpass_dns_service_name を有効にするには、設定する必" "要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "初期値: 空、つまり ldap_uri が使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "ldap_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "LDAP ユーザー操作を実行するために使用される初期ベース DN です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" "SSSD 1.7.0 以降、SSSD は次の構文を使用して複数の検索ベースをサポートします:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "範囲は \"base\", \"onelevel\" または \"subtree\" のどれかです。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" "フィルターは http://www.ietf.org/rfc/rfc2254.txt により指定されたような有効" "な LDAP 検索フィルターである必要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "例:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "ldap_schema (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "初期値: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "LDAP ユーザー操作を実行するために使用される初期バインド DN です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "初期バインド DN の認証トークンの形式です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "現在 2 つのメカニズムがサポートされます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "初期値: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" "デフォルトのバインド DN の認証トークンです。平文テキストのパスワードのみが現" "在サポートされます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "ldap_user_object_class (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "LDAP にあるユーザーエントリーのオブジェクトクラスです。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "初期値: posixAccount" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "ldap_user_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "ユーザーのログイン名に対応する LDAP の属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "初期値: uid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "ldap_user_uid_number (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "ユーザーの ID に対応する LDAP の属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "初期値: uidNumber" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "ldap_user_gid_number (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "ユーザーのプライマリーグループ ID に対応する LDAP の属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "初期値: gidNumber" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "ldap_user_gecos (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "ユーザーの gecos 項目に対応する LDAP の属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "初期値: gecos" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "ldap_user_home_directory (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "ユーザーのホームディレクトリーの名前を含む LDAP の属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "初期値: homeDirectory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "ldap_user_shell (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "ユーザーの初期シェルのパスを含む LDAP の属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "初期値: loginShell" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "ldap_user_uuid (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "LDAP ユーザーオブジェクトの UUID/GUID を含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "初期値: nsUniqueId" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "ldap_user_objectsid (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" "LDAP ユーザーオブジェクトの objectSID を含む LDAP 属性です。これは通常 " "ActiveDirectory サーバーに対してのみ必要です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" "初期値: ActiveDirectory の objectSid です、他のサーバーに対して設定sれませ" "ん。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "ldap_user_modify_timestamp (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "初期値: modifyTimestamp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "ldap_user_shadow_last_change (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" "ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> の対応部分(最終パスワード変更日)に対応する LDAP 属性の名前を" "含みます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "初期値: shadowLastChange" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "ldap_user_shadow_min (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" "ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> の対応部分(最小パスワード期限)に対応する LDAP 属性の名前を含" "みます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "初期値: shadowMin" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "ldap_user_shadow_max (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" "ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> の対応部分(最大パスワード期限)に対応する LDAP 属性の名前を含" "みます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "初期値: shadowMax" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "ldap_user_shadow_warning (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" "ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> の対応部分(パスワード警告期間)に対応する LDAP 属性の名前を含" "みます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "初期値: shadowWarning" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "ldap_user_shadow_inactive (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" "ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> の対応部分(パスワード無効期間)に対応する LDAP 属性の名前を含" "みます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "初期値: shadowInactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "ldap_user_shadow_expire (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" "ldap_pwd_policy=shadow を使用するとき、このパラメーターは <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> の対応部分(アカウント失効日)に対応する LDAP 属性の名前を含み" "ます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "初期値: shadowExpire" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "ldap_user_krb_last_pwd_change (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" "ldap_pwd_policy=mit_kerberos を使用しているとき、このパラメーターは Kerberos " "の最終パスワード変更日時を保存する LDAP 属性の名前を含みます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "初期値: krbLastPwdChange" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "ldap_user_krb_password_expiration (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" "ldap_pwd_policy=mit_kerberos を使用しているとき、このパラメーターは現在のパス" "ワード失効日時を保存する LDAP 属性の名前を含みます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "初期値: krbPasswordExpiration" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "ldap_user_ad_account_expires (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" "ldap_account_expire_policy=ad を使用するとき、このパラメーターはアカウントの" "失効日時を保存する LDAP 属性の名前を含みます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "初期値: accountExpires" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "ldap_user_ad_user_account_control (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" "ldap_account_expire_policy=ad を使用するとき、このパラメーターはユーザーアカ" "ウントの制御ビット項目を保存する LDAP 属性の名前を含みます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "初期値: userAccountControl" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "ldap_ns_account_lock (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" "ldap_account_expire_policy=rhds または同等のものを使用するとき、このパラメー" "ターがアクセスが許可されるかされないかを決定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "初期値: nsAccountLock" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "ldap_user_nds_login_disabled (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" "ldap_account_expire_policy=nds を使用するとき、アクセスが許可されるかされない" "かをこの属性が決定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "初期値: loginDisabled" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "ldap_user_nds_login_expiration_time (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" "ldap_account_expire_policy=nds を使用しているとき、この属性はデータアクセスが" "いつまで許可されるのかを決定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "ldap_user_nds_login_allowed_time_map (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" "ldap_account_expire_policy=nds を使用しているとき、この属性はアクセスが許可さ" "れるときの一週間の日の時間を決定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "初期値: loginAllowedTimeMap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "ldap_user_principal (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "ユーザーの Kerberos User Principal Name (UPN) を含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "初期値: krbPrincipalName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "ldap_user_ssh_public_key (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "ユーザーの SSH 公開鍵を含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" "いくつかのディレクトリーサーバー、たとえば Active Directory、は小文字のレルム" "を転送しません。それにより、認証が失敗します。もし大文字のレルムを使用したい" "場合、このオプションを 0 以外に設定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" "SSSD が列挙レコードのキャッシュを更新する前に待つ必要がある秒数を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" "使用していないエントリー(メンバーのいないグループやログインしたことがない" "ユーザーなど)に対してキャッシュを確認して、保存領域を節約するためにそれらを" "削除する間隔を決めます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "キャッシュ削除操作を無効にする 0 をこのオプションを設定する方法です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "初期値: 10800 (12 時間)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "ldap_user_fullname (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "ユーザーの完全名に対応する LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "初期値: cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "ldap_user_member_of (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "ユーザーのグループメンバーを一覧にする LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "初期値: memberOf" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "ldap_user_authorized_service (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" "もし access_provider=ldap かつ ldap_access_order=authorized_service ならば、" "SSSD はアクセス権限を決定するために、ユーザーの LDAP エントリーにある " "authorizedService 属性を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" "明示的な拒否 (!svc) が始めに解決されます。次に SSSD は明示的な許可 (svc) を検" "索します。最後にすべて許可 (*) を検索します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "初期値: authorizedService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "ldap_user_authorized_host (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" "access_provider=ldap かつ ldap_access_order=host ならば、 SSSD はアクセス権限" "を決めるために、ユーザーの LDAP エントリーにあるホスト属性の存在を使用しま" "す。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" "明示的な拒否 (!host) がまず解決されます。次に SSSD が明示的な許可 (host) を検" "索します。最後にすべて許可 (*) が検索されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "初期値: host" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "ldap_group_object_class (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "LDAP にあるグループエントリーのオブジェクトクラスです。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "初期値: posixGroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "ldap_group_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "グループ名に対応する LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "ldap_group_gid_number (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "グループの ID に対応する LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "ldap_group_member (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "グループのメンバーの名前を含む LDAP の属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "ldap_group_uuid (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "LDAP グループオブジェクトの UUID/GUID を含む LDAP の属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "ldap_group_objectsid (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" "LDAP グループオブジェクトの objectSID を含む LDAP 属性です。これは通常 " "ActiveDirectory サーバーに対してのみ必要です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "ldap_group_modify_timestamp (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_group_type (integer)" msgstr "ldap_opt_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 #, fuzzy #| msgid "The LDAP attribute that contains the names of the group's members." msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "グループのメンバーの名前を含む LDAP の属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" "ldap_schema が入れ子グループ (例: RFC2307bis) をサポートするスキーマ形式に設" "定されていると、このオプションが入れ子 SSSD がしたがうレベルを制御します。こ" "のオプションは RFC2307 スキーマにおいて効果がありません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "初期値: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "ldap_groups_use_matching_rule_in_chain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "初期値: 偽" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "ldap_initgroups_use_matching_rule_in_chain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "ldap_netgroup_object_class (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" "IPA プロバイダーにおいては ipa_netgroup_object_class が代わりに使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "初期値: nisNetgroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "ldap_netgroup_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "ネットワークグループ名に対応する LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "IPA プロバイダーにおいては ipa_netgroup_name が代わりに使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "ldap_netgroup_member (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "ネットワークグループのメンバーの名前を含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" "IPA プロバイダーにおいては ipa_netgroup_member が代わりに使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "初期値: memberNisNetgroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "ldap_netgroup_triple (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" "ネットワークグループの三つ組(ホスト、ユーザー、ドメイン)を含む LDAP 属性で" "す。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "初期値: nisNetgroupTriple" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "ldap_netgroup_uuid (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" "LDAP ネットワークグループオブジェクトの UUID/GUID を含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "IPA プロバイダーにおいては ipa_netgroup_uuid が代わりに使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "ldap_netgroup_modify_timestamp (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "ldap_service_object_class (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "LDAP にあるサービスエントリーのオブジェクトクラスです。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "初期値: ipService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "ldap_service_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "サービス属性の名前とそのエイリアスを含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "ldap_service_port (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "このサービスにより管理されるポートを含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "初期値: ipServicePort" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "ldap_service_proto (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "このサービスにより認識されるプロトコルを含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "初期値: ipServiceProtocol" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" "注: このオプションは SSSD の将来のバージョンにおいて変更される可能性がありま" "す。特定の種類の検索のために一連のタイムアウトによりある時点に置き換えられる" "かもしれません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" "<citerefentry> <refentrytitle>connect</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> に続けて <citerefentry> <refentrytitle>poll</" "refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/<citerefentry> " "<refentrytitle>select</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> が未使用を返した後のタイムアウト(秒単位)を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" "同期 LDAP API を呼び出しが未応答の場合に中止された後のタイムアウト(秒単位)" "を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "初期値: 900 (15 分)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" "1 回の要求で LDAP から取得するレコード数を指定します。いくつかの LDAP サー" "バーは 1 要求あたりの最大数の制限を強制します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "初期値: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" "LDAP ページング制御を無効にします。LDAP サーバーがその RootDSE において LDAP " "ページング制御をサポートするが、有効化されていない、もしくは正しく動作しない" "ことを報告する場合に、このオプションが使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" "例: サーバーにページング制御モジュールがインストールされているが、RootDSE に" "おいて有効化されていないと報告され、それを使用できない OpenLDAP サーバーで" "す。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" "例: 389 DS は単一の接続において同時に 1 つのページ制御のみをサポートします。" "負荷の高いクライアントにおいては、いくつかの要求が拒否される結果になる可能性" "があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "Active Directory の範囲の取得を無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" "もしあれば、 TLS セッションにおいてサーバー証明書において実行するためにチェッ" "クするものを指定します。以下の値のうち 1 つを指定できます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" "<emphasis>never</emphasis> = クライアントがすべてのサーバー証明書を要求または" "確認しません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" "<emphasis>allow</emphasis> = サーバー証明書が要求されます。証明書が提供されな" "ければ、セッションが通常通り進められます。不正な証明書が提供されると、それは" "無視され、セッションが通常通り進められます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" "<emphasis>try</emphasis> = サーバー証明書が要求されます。証明書が提供されなけ" "れば、セッションが通常通り進められます。不正な証明書が提供されると、セッショ" "ンが直ちに終了します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" "<emphasis>demand</emphasis> = サーバー証明書が要求されます。証明書が提供され" "なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "初期値: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> が認識するすべての認証局に対する証明" "書を含むファイルを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" "初期値: OpenLDAP の初期値の使用、一般的に <filename>/etc/openldap/ldap.conf</" "filename> にあります" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" "個別のファイルに CA 証明書を含むディレクトリーのパスを指定します。一般的に" "ファイル名は '.0' で終わる証明書のハッシュである必要があります。利用可能なら" "ば、<command>cacertdir_rehash</command> は正しい名前を作成するために使用でき" "ます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "クライアントのキーに対する証明書を含むファイルを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "クライアントのキーを含むファイルを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" "利用可能な暗号機能を指定します。これは一般的にコロン区切りの一覧です。形式に" "ついては <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" "チャネルを保護するために <systemitem class=\"protocol\">tls</systemitem> も使" "用する必要がある id_provider 接続を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "ldap_min_id, ldap_max_id (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" "使用する SASL メカニズムを指定します。現在 GSSAPI のみがテストされサポートさ" "れます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "初期値: host/hostname@REALM" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "初期値: krb5_realm の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" "真に設定されていると、 LDAP ライブラリーは SASL バインド中にホスト名を正規化" "するために逆引きを実行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "初期値: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "SASL/GSSAPI を使用するときに使用するキーテーブルを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" "Kerberos クレディンシャル (TGT) を初期化する id_provider を指定します。この操" "作は、 SASL が使用され、選択されたメカニズムが GSSAPI である場合のみ実行され" "ます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "GSSAPI が使用されている場合、TGT の有効期間を秒単位で指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "初期値: 86400 (24 時間)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" "KDC または kpasswd サーバーに対してサービス検索を使用するとき、SSSD はまずプ" "ロトコルとして _udp を指定する DNS エントリーを検索して、何も見つからなけれ" "ば _tcp にフォールバックします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" "このオプションは以前の SSSD において <quote>krb5_kdcip</quote> という名前でし" "た。古い名前がしばらく認められる間、ユーザーは代わりに <quote>krb5_server</" "quote> を使用するよう設定ファイルを移行することが推奨されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "(SASL/GSSAPI 認証向け) Kerberos レルムを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" "LDAP サーバーに接続するとき、ホストのプリンシパルが正規化されるかどうかを指定" "します。この機能は MIT Kerberos >= 1.7 で利用可能です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" "位置情報プラグインの詳細は <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry> マニュアルページを参照ください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" "クライアント側においてパスワード期限切れを評価するためのポリシーを選択しま" "す。以下の値が許容されます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" "<emphasis>none</emphasis> - クライアント側において評価しません。このオプショ" "ンはサーバー側のパスワードポリシーを無効にできません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" "<emphasis>shadow</emphasis> - パスワードが失効したかを評価するために " "<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> 形式の属性を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" "<emphasis>mit_kerberos</emphasis> - パスワードが期限切れしているかを決定する" "ために MIT Kerberos により使用される属性を使用します。パスワードが変更される" "とき、これらの属性を更新するために chpass_provider=krb5 を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "自動参照追跡が有効化されるかを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" "OpenLDAP バージョン 2.4.13 およびそれ以降とともにコンパイルされているとき、 " "sssd のみが参照追跡をサポートすることに注意してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "サービス検索が有効にされているときに使用するサービスの名前を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "初期値: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" "サービス検索が有効にされているときに、パスワード変更を許可する LDAP サーバー" "を検索するために使用するサービスの名前を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "例:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, fuzzy, no-wrap #| msgid "" #| "access_provider = ldap\n" #| "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n" #| " " msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" "access_provider = ldap\n" "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 #, fuzzy #| msgid "" #| "This example means that access to this host is restricted to members of " #| "the \"allowedusers\" group in ldap." msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" "この例は、このホストへのアクセスが LDAP にある \"allowedusers\" グループのメ" "ンバーに制限されることを意味します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" "この機能に対するオフラインキャッシュは、ユーザーの最終オンラインログインがア" "クセス権を許可されたかどうかを決めることに制限されます。採集ログインの間にア" "クセスが許可されていると、オフラインの間にアクセスが許可され続けます。逆もま" "た同様です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "初期値: 空白" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" "このオプションを使用すると、アクセス制御属性のクライアント側評価が有効になり" "ます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" "必ずサーバー側のアクセス制御を使用することが推奨されることに注意してくださ" "い。つまり、パスワードが正しいときさえ、適切なエラーコードでバインド要求を拒" "否します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "以下の値が許可されます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" "<emphasis>shadow</emphasis>: アカウントが失効しているかを決めるために " "ldap_user_shadow_expire の値を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: アクセスが許可されるかされないかを確認するために " "ldap_ns_account_lock の値を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" "<emphasis>nds</emphasis>: アクセスが許可されるかを確認するために the values " "of ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled および " "ldap_user_nds_login_expiration_time の値が使用されます。どの値もなければ、ア" "クセスが許可されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "ldap_access_order (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" "<emphasis>authorized_service</emphasis>: アクセス権を決定するために " "authorizedService 属性を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "初期値: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "値が複数使用されていると設定エラーになることに注意してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "ldap_deref (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" "検索を実行するときにどのように参照解決を実行するかを指定します。以下のオプ" "ションが許容されます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" "<emphasis>searching</emphasis>: エイリアスはベースオブジェクトの下位に参照解" "決されますが、検索のベースオブジェクトの位置を探すときはされません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" "<emphasis>finding</emphasis>: エイリアスは検索のベースオブジェクトの位置を探" "すときのみ参照解決されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" "<emphasis>always</emphasis>: エイリアスは検索のベースオブジェクトを検索すると" "きも位置を検索するときも参照解決されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" "初期値: 空白(LDAP クライアントライブラリにより <emphasis>never</emphasis> と" "して取り扱われます)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" "SSSD ドメインに適用するすべての全体設定オプションを LDAP ドメインに適用しま" "す。完全な詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ドメインセ" "クション</quote> を参照してください。 <placeholder type=\"variablelist\" id=" "\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "SUDO オプション" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "ldap_sudorule_object_class (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "LDAP にある sudo ルールエントリーのオブジェクトクラスです。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "初期値: sudoRole" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "ldap_sudorule_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "sudo ルール名に対応する LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "ldap_sudorule_command (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "コマンド名に対応する LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "初期値: sudoCommand" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "ldap_sudorule_host (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" "ホスト名(またはホスト IP アドレス、ホスト IP ネットワーク、ホストネットワー" "クグループ)に対応する LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "初期値: sudoHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "ldap_sudorule_user (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" "ユーザー名(または UID、グループ名、ユーザーのネットワークグループ)に対応す" "る LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "初期値: sudoUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "ldap_sudorule_option (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "sudo オプションに対応する LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "初期値: sudoOption" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "ldap_sudorule_runasuser (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "コマンドを実行するユーザー名に対応する LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "初期値: sudoRunAsUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "ldap_sudorule_runasgroup (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" "コマンドを実行するグループ名またはグループの GID に対応する LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "初期値: sudoRunAsGroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "ldap_sudorule_notbefore (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "sudo ルールが有効になる開始日時に対応する LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "初期値: sudoNotBefore" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "ldap_sudorule_notafter (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" "sudo ルールが有効ではなくなった後に、期限切れとなる日時に対応する LDAP 属性で" "す。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "初期値: sudoNotAfter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "ldap_sudorule_order (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "ルールの並び替えインデックスに対応する LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "初期値: sudoOrder" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" "値は <emphasis>ldap_sudo_smart_refresh_interval</emphasis> より大きい必要があ" "ります" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "初期値: 21600 (6 時間)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" "ルールをフィルターするために使用されるホスト名または完全修飾ドメイン名の空白" "区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" "<emphasis>ldap_sudo_use_host_filter</emphasis> が <emphasis>false</emphasis> " "ならば、このオプションは効果を持ちません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "初期値: 指定なし" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" "ルールをフィルターするために使用される、IPv4 または IPv6 ホスト/ネットワーク" "アドレスの空白区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" "このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" "このマニュアルページは属性名マッピングのみを説明します。 sudo に関連する属性" "セマンティックの詳細な説明は <citerefentry> <refentrytitle>sudoers.ldap</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "AUTOFS オプション" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "初期値は RFC2307 の標準スキーマに対応することに注意してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "ldap_autofs_map_object_class (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "LDAP にある automount マップエントリーのオブジェクトクラスです。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "初期値: automountMap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "ldap_autofs_map_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "LDAP における automount のマップエントリーの名前です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "初期値: ou" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "ldap_autofs_entry_object_class (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "ldap_autofs_entry_key (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" "LDAP にある automount エントリーのキーです。エントリーは一般的にマウントポイ" "ントと対応します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "ldap_autofs_entry_value (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "初期値: automountInformation" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "高度なオプション" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "ldap_user_search_filter (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" "このオプションは、ユーザー検索を制限する、追加の LDAP 検索フィルター基準を指" "定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" "このオプションは ldap_user_search_base により使用される構文のほうを選んで" "<emphasis>廃止されます</emphasis>。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" "このフィルターは、ユーザー検索をシェルが /bin/tcsh に設定されているユーザーに" "制限されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "ldap_group_search_filter (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" "このオプションは、グループ検索を制限する、追加の LDAP 検索フィルター基準を指" "定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" "このオプションは ldap_group_search_base により使用される構文のほうを選んで" "<emphasis>廃止されます</emphasis>。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "これらのオプションは LDAP ドメインによりサポートされますが、注意して使用する" "必要があります。自分が何をしているかを理解している場合のみ、設定に含めてくだ" "さい。 <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" "以下の例は、SSSD が正しく設定され、LDAP が <replaceable>[domains]</" "replaceable> セクションにあるドメインのどれかに設定されていると仮定していま" "す。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "注記" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" "このマニュアルページにある設定オプションのいくつかの説明は、OpenLDAP 2.4 ディ" "ストリビューションから <citerefentry> <refentrytitle>ldap.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページに基" "づいています。" #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "pam_sss" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "SSSD の PAM モジュール" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 #, fuzzy #| msgid "" #| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> " #| "</arg>" msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" "<command>pam_sss.so</command> は System Security Services daemon (SSSD) への " "PAM インターフェースです。エラーと結果は <command>syslog(3)</command> を通し" "て LOG_AUTHPRIV ファシリティでログ記録されます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "<option>quiet</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "不明なユーザーのログメッセージを抑制します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" "<option>forward_pass</option> が設定されていると、他の PAM モジュールが使用す" "るために、入力されたパスワードがスタックに置かれます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "<option>use_first_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" "引数 use_first_pass は強制的にモジュールが前にスタックされたモジュールのパス" "ワードを使用して、ユーザーに入力させません。パスワードが何も利用可能ではな" "い、またはパスワードが適切でなければ、ユーザーがアクセスを拒否されます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "<option>use_authtok</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" "パスワードを変更するとき、モジュールが強制的に新しいパスワードを、前にスタッ" "クされたパスワードモジュールに設定します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "<option>retry=N</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" "指定されていると、認証に失敗した場合にパスワードをあと N 回ユーザーに問い合わ" "せます。初期値は 0 です。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" "このオプションは、アプリケーションが呼び出す PAM が自身においてユーザーダイア" "ログを処理すると仮定して動作しません。典型的な例は " "<option>PasswordAuthentication</option> を用いた <command>sshd</command> で" "す。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 #, fuzzy #| msgid "<option>forward_pass</option>" msgid "<option>ignore_unknown_user</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "提供されるモジュール形式" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" "すべてのモジュール形式 (<option>account</option>, <option>auth</option>, " "<option>password</option> および <option>session</option>) が提供されます。" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "ファイル" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" "対応する SSSD プロバイダーがパスワードリセットをサポートしないため、root によ" "るパスワードリセットが失敗すると、それぞれのメッセージが表示されます。たとえ" "ば、このメッセージはパスワードをリセットする方法に関する説明があります。" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" "これらのファイルがディレクトリー <filename>/etc/sssd/customize/DOMAIN_NAME/</" "filename> において検索されます。一致するファイルがなければ、一般的なメッセー" "ジが表示されます。" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "sssd_krb5_locator_plugin" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> は、レルム、および KDC の名前または IP アドレスを、それぞれ " "SSSD_KRB5_REALM および SSSD_KRB5_KDC の中に置きます。" "<command>sssd_krb5_locator_plugin</command> が Kerberos ライブラリーにより呼" "び出されるとき、それがこれらの変数を読み込み、評価し、ライブラリーに返しま" "す。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" "すべての Kerberos 実装がプラグインの使用をサポートしているとは限りません。 " "<command>sssd_krb5_locator_plugin</command> がシステムにおいて利用可能でなけ" "れば、Kerberos の構築を反映するように /etc/krb5.conf を編集する必要がありま" "す。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" "環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッ" "セージが標準エラーに送られます。" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "sssd-simple" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "SSSD の 'simple' アクセス制御プロバイダーの設定ファイルです。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" "このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> に対して簡単なアクセス制御の設定を説" "明しています。詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ファイル形" "式</quote> セクションを参照してください。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" "シンプルアクセスプロバイダーは、ユーザー名またはグループ名のアクセスまたは拒" "否の一覧に基づいてアクセスを許可または拒否します。以下の例を適用します:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "すべての一覧が空白ならば、アクセスが認められます" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" "何らかの一覧が提供されていると、許可(allow)、拒否(deny)の順に評価されま" "す。拒否ルールに一致するすべてのものは、許可ルールに一致するすべてのものを更" "新することを意味します。" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" "\"allow\" 一覧が提供されていると、すべてのユーザーはこの一覧に表れなければ拒" "否されます。" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" "\"deny\" 一覧のみが提供されていると、ユーザーがこの一覧に表れない限り、すべて" "のユーザーがアクセスを許可されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "simple_allow_users (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "ログインが許可されたユーザーのカンマ区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "simple_deny_users (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "アクセスが明示的に拒否されたユーザーのカンマ区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "simple_allow_groups (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" "ログインが許可されたグループのカンマ区切り一覧です。この SSSD ドメインの中の" "グループのみに適用されます。ローカルグループは評価されません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "simple_deny_groups (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" "アクセスが明示的に拒否されたグループのカンマ区切り一覧です。この SSSD ドメイ" "ンの中のグループのみに適用されます。ローカルグループは評価されません。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "SSSD ドメインの設定に関する詳細は <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの " "<quote>ドメインセクション</quote> のセクションを参照してください。 " "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" "simple_allow_users と simple_deny_users がどちらも定義されると、設定エラーに" "なることに注意してください。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" "以下の例は、SSSD が正しく設定され、example.com が <replaceable>[sssd]</" "replaceable> セクションにあるドメインの 1 つであると仮定します。この例はアク" "セスプロバイダー固有の簡単なオプションのみを示します。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "sssd-ipa" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説" "明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd." "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー" "ジの <quote>ファイル形式</quote> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" "IPA プロバイダーは IPA サーバーに接続するために使用されるバックエンドです。" "(IPA サーバーに関する詳細は freeipa.org のウェブサイトを参照してください。)" "このプロバイダーは、マシンが IPA ドメインに参加していて、設定がすでに全体的に" "自己検索され、サーバーから直接取得されている必要があります。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" "IPA プロバイダーは <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> 識別プロバイダーおよび " "<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> 認証プロバイダーにより使用されるものと同じオプショ" "ンを受け付けます。いくつかの例外は以下に説明されています。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" "しかし、これらのオプションを設定することは必要ありません、また推奨もされませ" "ん。IPA プロバイダーはアクセスプロバイダーおよびパスワード変更プロバイダーと" "しても使用できます。アクセスプロバイダーとしては、HBAC (ホストベースアクセス" "制御) ルールを使用します。HBAC の詳細は freeipa.org を参照してください。アク" "セスプロバイダーが設定されていなければ、クライアント側において必要になりま" "す。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "ipa_domain (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" "IPA ドメインの名前を指定します。これはオプションです。提供されなければ、設定" "ドメイン名が使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "ipa_server, ipa_backup_server (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "ipa_hostname (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" "オプションです。hostname(5) がこのホストを識別するために IPA ドメインにおいて" "使用される完全修飾名を反映しないマシンにおいて設定されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "dyndns_update (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" "注: (RHEL5 のような) 古いシステムにおいて、この動作が正しく機能するためには、" "デフォルトの Kerberos レルムが /etc/krb5.conf において正しく設定されている必" "要があります" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "dyndns_ttl (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "初期値: 1200 (秒)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "dyndns_iface (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "初期値: IPA LDAP 接続の IP アドレスを使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "ipa_enable_dns_sites (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "DNS サイトの有効化 - 位置情報に基づいたサービス探索。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "dyndns_refresh_interval (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "dyndns_update_ptr (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "初期値: False (無効)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" "nsupdate ユーティリティが DNS サーバーと通信するために TCP を標準で使用するか" "どうか。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと" "して使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "初期値: ベース DN を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" "オプションです。ホストオブジェクトの検索ベースとして与えられた文字列を使用し" "ます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" "複数の検索ベースを設定することの詳細は <quote>ldap_search_base</quote> を参照" "してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" "フィルターがすべての検索ベースに与えられ、かつ " "<emphasis>ipa_hbac_support_srchost</emphasis> が偽(False)に設定されている" "と、フィルターは無視されます。" #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "オプションです。与えられた文字列を SELinux ユーザーマップに対する検索ベースと" "して使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "オプションです。信頼されたドメインに対する検索ベースとして、与えられた文字列" "を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "初期値: <emphasis>cn=ad,cn=etc,%basedn</emphasis> の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "krb5_validate (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" "取得された TGT が改ざんされていないかを krb5_keytab の支援で確認します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" "この初期値は伝統的な Kerberos プロバイダーのバックエンドとは異なることに注意" "してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" "Kerberos レルムの名前です。これはオプションで、初期値は <quote>ipa_domain</" "quote> の値です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" "IPA において特別な意味を持つ Kerberos レルムの名前です。LDAP 操作を実行するた" "めに使用するベース DN に変換されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" "IPA LDAP と AS 要求に対して接続するとき、ホストとユーザープリンシパルを正規化" "するかを指定します。この機能は MIT Kerberos >= 1.7 で利用可能です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "krb5_use_fast (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" "Kerberos の事前認証のために flexible authentication secure tunneling (FAST) " "を有効化します。以下のオプションがサポートされます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 #, fuzzy #| msgid "<emphasis>h</emphasis> for hours" msgid "<emphasis>never</emphasis> use FAST." msgstr "時間は <emphasis>h</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 #, fuzzy #| msgid "" #| "<emphasis>try</emphasis> to use FAST. If the server does not support " #| "FAST, continue the authentication without it." msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" "<emphasis>try</emphasis> は FAST を使用します。サーバーが FAST をサポートして" "いなければ、FAST を使用せずに認証を続行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" "<emphasis>demand</emphasis> は FAST を使用します。サーバーが FAST を要求しな" "ければ、認証が失敗します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 #, fuzzy #| msgid "Default: true" msgid "Default: try" msgstr "初期値: true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" "注: SSSD は MIT Kerberos バージョン 1.8 およびそれ以降のみで FAST をサポート" "します。SSSD が古いバージョンの MIT Kerberos を使用している場合、このオプショ" "ンを使用すると設定エラーになります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "初期値: 5 (秒)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "ipa_hbac_treat_deny_as (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" "このオプションは推奨されない DENY 形式の HBAC ルールをどのように取り扱うかを" "指定します。FreeIPA v2.1 現在、DENY ルールはもはやサーバーにおいてサポートさ" "れません。すべての FreeIPA のユーザーはそれらのルールを ALLOW ルールのみを使" "用するよう移行する必要があります。クライアントはこの移行期間中 2 つのモードの" "操作をサポートします:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" "<emphasis>DENY_ALL</emphasis>: すべての HBAC DENY ルールが検知されると、すべ" "てのユーザーがアクセスを拒否されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" "<emphasis>IGNORE</emphasis>: SSSD がすべての DENY ルールを無視されます。意図" "しないアクセスが開かれる可能性があるので、このオプションを用いるときは非常に" "注意してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "初期値: DENY_ALL" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "ipa_hbac_support_srchost (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" "これが偽に設定されていると、PAM により SSSD に与えられる srchost が無視されま" "す。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" "<emphasis>False</emphasis> に設定されていると、このオプションは " "<emphasis>ipa_host_search_base</emphasis> に与えられたフィルターが無視される" "ようになることに注意してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 #, fuzzy #| msgid "This options should only be set by the IPA installer." msgid "This option should only be set by the IPA installer." msgstr "このオプションは IPA インストーラーによってのみ設定されるべきです。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "この IPA クライアントが使用する automounter の場所です" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "初期値: \"default\" という名前の場所" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "ipa_netgroup_member_of (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "ネットワークグループのメンバーを一覧にする LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "ipa_netgroup_member_user (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" "ネットワークグループの直接メンバーであるシステムユーザーとグループを一覧化す" "る LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "初期値: memberUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "ipa_netgroup_member_host (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" "ネットワークグループの直接メンバーであるホストとホストグループを一覧化する " "LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "初期値: memberHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "ipa_netgroup_member_ext_host (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" "ネットワークグループのメンバーであるホストとホストグループの FQDN を一覧化す" "る LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "初期値: externalHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "ipa_netgroup_domain (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "ネットワークグループの NIS ドメイン名を含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "初期値: nisDomainName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "ipa_host_object_class (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "LDAP にあるホストエントリーのオブジェクトクラスです。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "初期値: ipaHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "ipa_host_fqdn (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "ホストの FQDN を含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "初期値: fqdn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "ipa_selinux_usermap_object_class (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "ipa_selinux_usermap_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "SELinux ユーザーマップの名前を含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "ipa_selinux_usermap_member_user (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "このルールが一致するすべてのユーザー・グループを含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "ipa_selinux_usermap_member_host (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "このルールが一致するホスト・ホストグループを含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "ipa_selinux_usermap_see_also (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" "memberUser と memberHost の代わりにマッチに使用される HBAC ルールの DN を含" "む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "初期値: seeAlso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "ipa_selinux_usermap_selinux_user (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "SELinux ユーザー文字列自身を含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "初期値: ipaSELinuxUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "ipa_selinux_usermap_enabled (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" "ユーザーマップが使用するために有効化されているかどうかを含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "初期値: ipaEnabledFlag" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "ipa_selinux_usermap_user_category (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "'all' のようなユーザーカテゴリーを含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "初期値: userCategory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "ipa_selinux_usermap_host_category (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "'all' のようなホストカテゴリーを含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "初期値: hostCategory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "ipa_selinux_usermap_uuid (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "ユーザーマップの一意な ID を含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "初期値: ipaUniqueID" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "ipa_host_ssh_public_key (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "ホストの SSH 公開鍵を含む LDAP 属性です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "初期値: ipaSshPubKey" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" "'subdomains_provider = ipa' オプションが sssd.conf のドメインのセクションに見" "つかれば、IPA サブドメインプロバイダーが明示的に設定されます。すべてのサブド" "メインのリクエストが必要に応じて IPA サーバーに送られます。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" "以下の例は、SSSD が正しく設定され、example.com が <replaceable>[sssd]</" "replaceable> セクションにあるドメインの 1 つであることを仮定しています。この" "例は IPA プロバイダー固有のオプションのみを示しています。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "sssd-ad" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 #, fuzzy #| msgid "" #| "However, it is neither necessary nor recommended to set these options. " #| "IPA provider can also be used as an access and chpass provider. As an " #| "access provider it uses HBAC (host-based access control) rules. Please " #| "refer to freeipa.org for more information about HBAC. No configuration of " #| "access provider is required on the client side." msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" "しかし、これらのオプションを設定することは必要ありません、また推奨もされませ" "ん。IPA プロバイダーはアクセスプロバイダーおよびパスワード変更プロバイダーと" "しても使用できます。アクセスプロバイダーとしては、HBAC (ホストベースアクセス" "制御) ルールを使用します。HBAC の詳細は freeipa.org を参照してください。アク" "セスプロバイダーが設定されていなければ、クライアント側において必要になりま" "す。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" "ldap_id_mapping = False\n" " " #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "ad_domain (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" "Active Directory ドメインの名前を指定します。これはオプションです。指定されな" "ければ、設定のドメイン名が使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" "正しい動作のために、このオプションは Active Directory ドメインの長いバージョ" "ンの小文字バージョンとして指定されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "ad_server, ad_backup_server (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" "SSSD が接続したい AD サーバー(優先順)のホスト名のカンマ区切り一覧です。" "フェールオーバーおよびサーバー冗長化に関する詳細は <quote>FAILOVER</quote> セ" "クションを参照してください。自動探索が有効になっていると、これはオプションで" "す。サービス探索の詳細は <quote>SERVICE DISCOVERY</quote> セクションを参照し" "てください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "ad_hostname (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" "オプションです。hostname(5) が Active Directory ドメインにおいて使用される完" "全修飾名を反映しないマシンにおいてマシンに設定されるかもしれません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" "この項目はキーテーブルにおいて使用中のホストプリンシパルを決定するために使用" "されます。キーテーブルが発行されたホスト名と一致する必要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "ad_enable_dns_sites (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 #, fuzzy #| msgid "ad_enable_dns_sites (boolean)" msgid "ad_access_filter (boolean)" msgstr "ad_enable_dns_sites (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 #, fuzzy #| msgid "Default: not set" msgid "Default: Not set" msgstr "初期値: 設定されません" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 #, fuzzy #| msgid "ad_enable_dns_sites (boolean)" msgid "ad_enable_gc (boolean)" msgstr "ad_enable_dns_sites (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "初期値: 3600 (秒)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "初期値: AD の LDAP 接続の IP アドレスを使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "krb5_use_enterprise_principal (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" "ユーザープリンシパルをエンタープライズプリンシパルとして取り扱うかどうかを指" "定します。エンタープライズプリンシパルの詳細は RFC 6806 のセクション 5 を参照" "してください。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" "以下の例は SSSD が正しく設定され、example.com が <replaceable>[sssd]</" "replaceable> セクションにあるドメインの一つであると仮定しています。この例は " "AD プロバイダー固有のオプションのみ示してします。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "sssd-sudo" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "SSSD バックエンドを用いた sudo の設定法" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "sudoers: files sss\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "sudo ルールを取得するよう SSSD を設定する方法" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "SUDO ルールキャッシュメカニズム" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "keyword ALL" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "ワイルドカード" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "netgroup (\"+netgroup\" の形式)" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "このマシンのホスト名または完全修飾ドメイン名" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "このマシンの IP アドレスのどれか" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "ネットワークの IP アドレスのどれか (\"address/mask\" 形式)" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "sssd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "System Security Services Daemon" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" "<command>SSSD</command> はリモートディレクトリーへのアクセスと認証メカニズム" "を管理するための一組のデーモンを提供します。システムへの NSS と PAM インター" "フェースを提供します。また、D-Bus インターフェースのように複数の異なるアカウ" "ントソースに接続するための取り外し可能なバックエンドシステムを提供します。ク" "ライアント監査、およびFreeIPA のようなプロジェクトに対するポリシーサービスを" "提供する基礎となります。ローカルユーザーだけでなく拡張ユーザーデータを保存す" "るためのより強靭なデータベースを提供します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "<emphasis>1</emphasis>: デバッグメッセージに日時を追加します" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "<emphasis>0</emphasis>: デバッグメッセージで日時を無効にします" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" "<emphasis>1</emphasis>: デバッグメッセージにミリ秒をタイムスタンプに追加しま" "す" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "<emphasis>0</emphasis>: 日時でマイクロ秒を無効にします" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "<option>-f</option>,<option>--debug-to-files</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" "デバッグ出力を標準エラーの代わりにファイルに送信します。初期状態で、ログファ" "イルは <filename>/var/log/sssd</filename> に保存され、すべての SSSD サービス" "とドメインに対して別々のログファイルがあります。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "<option>-D</option>,<option>--daemon</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "起動後にデーモンになります。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "<option>-i</option>,<option>--interactive</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "フォアグラウンドで実行して、デーモンになりません。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "<option>-c</option>,<option>--config</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "非標準の設定ファイルを指定します。初期値は <filename>/etc/sssd/sssd.conf</" "filename> です。設定ファイルの構文とオプションは <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> マニュアルページを参照してください。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "<option>--version</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "バージョン番号を表示して終了します。" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "シグナル" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "SIGTERM/SIGINT" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" "SSSD にすべての子プロセスを穏やかに停止するよう通知して、モニターをシャットダ" "ウンします。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "SIGHUP" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" "SSSD が現在のデバッグファイルディスクリプターに書き込むことを止めて、それらを" "閉じてから開きなおすよう指示します。これは logrotate のようなプログラムを用い" "てログローテーションを促進することを意味します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "SIGUSR1" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" "SSSD に 1 分間オフライン操作をシミュレーションするよう指示します。テスト目的" "のためにほぼ有用です。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "SIGUSR2" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" "SSSD に直ちにオンラインになるよう指示します。テスト目的のためにほぼ有用です。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 #, fuzzy #| msgid "" #| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " #| "debug messages will be sent to stderr." msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" "環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッ" "セージが標準エラーに送られます。" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "sss_obfuscate" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "平文パスワードをわかりにくくする" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" "<command>sss_obfuscate</command> は、与えられたパスワードを人間が読みにくい形" "式に変換して、SSSD 設定ファイルの適切なドメインセクションに置きます。" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" "平文のパスワードは、標準入力から読み込まれます、または対話的に入力されます。" "解読しにくくされたパスワードが指定された SSSD ドメインの " "<quote>ldap_default_authtok</quote> パラメータに置かれます。また " "<quote>ldap_default_authtok_type</quote> パラメーターが " "<quote>obfuscated_password</quote> に設定されます。これらのパラメーターの詳細" "は <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" "パスワードをわかりにくくすることは、攻撃者がパスワードをリバースエンジニアリ" "ングできるので <emphasis>実際にセキュリティの便益</emphasis> は提供されませ" "ん。クライアントサイド証明書や GSSAPI のようなより良い認証機構を使用すること" "を <emphasis>強く</emphasis> 推奨します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "<option>-s</option>,<option>--stdin</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "解読しにくくするパスワードが標準入力から読み込まれます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" "パスワードに使用する SSSD ドメインです。名前の初期値は <quote>default</" "quote> です。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "位置パラメーターにより指定された設定ファイルを読み込みます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "初期値: <filename>/etc/sssd/sssd.conf</filename>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "sss_useradd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "新しいユーザーを作成する" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" "<command>sss_useradd</command> は、コマンドラインにおいて指定された値とシステ" "ムの初期値を使用して、新しいユーザーを作成します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" "ユーザーの UID を <replaceable>UID</replaceable> の値を設定します。与えられな" "いと、自動的に選択されます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" "ユーザーを説明している任意のテキスト文字列です。しばしばユーザーの完全名の項" "目として使用されます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" "ユーザーアカウントのホームディレクトリーです。初期値は <filename>/home</" "filename> に <replaceable>LOGIN</replaceable> の名前を追加して、ホームディレ" "クトリーとして使用します。 <replaceable>LOGIN</replaceable> の前につけるベー" "スは sssd.conf において <quote>user_defaults/baseDirectory</quote> 設定で変更" "できます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" "ユーザーのログインシェルです。初期値は現在 <filename>/bin/bash</filename> で" "す。初期値は sssd.conf において <quote>user_defaults/defaultShell</quote> で" "変更できます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "このユーザーがメンバーである既存のユーザーの一覧です。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "<option>-m</option>,<option>--create-home</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" "ユーザーのホームディレクトリーが存在しなければ、それを作成します。(-k オプ" "ションまたは設定ファイルで定義できる)スケルトンディレクトリーにあるファイル" "とディレクトリーがホームディレクトリーにコピーされます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "<option>-M</option>,<option>--no-create-home</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "ユーザーのホームディレクトリーを作成しません。設定を上書きします。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" "スケルトンディレクトリーです。ホームディレクトリーが <command>sss_useradd</" "command> により作成されるとき、ユーザーのホームディレクトリーにコピーされる" "ファイルとディレクトリーを含みます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" "特殊ファイル (ブロックデバイス、キャラクターデバイス、名前付きパイプおよび " "UNIX ソケット) はコピーされません。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" "<option>-m</option> (または <option>--create-home</option>) オプションが指定" "されたとき、またはホームディレクトリーの作成が設定において TRUE に設定されて" "いる場合のみ、このオプションが有効です。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" "ユーザーがログインする際の SELinux ユーザーです。未指定の場合、システムの初期" "値を使います。" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "sssd-krb5" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" "このマニュアルは <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> に対する Kerberos 5 認証バックエンド" "の設定を説明しています。詳細な構文の参考資料は、<citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> マニュアルページの <quote>ファイル形式</quote> セクションを参照" "してください。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" "Kerberos 5 認証バックエンドは認証プロバイダーおよびパスワード変更プロバイダー" "を含みます。正しく機能するためには識別プロダイバーと組み合わせて使用する必要" "があります (たとえば、id_provider = ldap)。Kerberos 5 認証バックエンドにより" "必要とされるいくつかの情報は、ユーザーの Kerberos プリンシパル名 (UPN) のよう" "な、識別プロバイダーにより提供される必要があります。識別プロバイダーの設定は " "UPN を指定するためのエントリーがある必要があります。これを設定する方法に関す" "る詳細は適用可能な識別プロバイダーのマニュアルページを参照してください。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" "このバックエンドは、ユーザーのホームディレクトリーにある .k5login ファイルに" "基づいたアクセス制御を提供します。詳細は <citerefentry> <refentrytitle>." "k5login</refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してく" "ださい。空の .k5login ファイルがあると、このユーザーに対するすべてのアクセス" "が拒否されます。この機能を有効にするには、SSSD 設定において 'access_provider " "= krb5' を使用します。" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" "UPN が識別バックエンド <command>sssd</command> において利用できない場合は、形" "式 <replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable> " "を使用して UPN を構築します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" "SSSD が接続したい AD サーバー(優先順)の IP アドレスまたはホスト名のカンマ区" "切り一覧を指定します。フェールオーバーおよびサーバー冗長化に関する詳細は " "<quote>FAILOVER</quote> セクションを参照してください。ポート番号(コロンの後" "ろ)をオプションとして、アドレスやホスト名の後ろに付けることもできます。これ" "が無ければ、サービス探索が有効になっています。詳細は <quote>サービス探索</" "quote> のセクションを参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "Kerberos レルムの名前です。このオプションは指定する必要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "krb5_kpasswd, krb5_backup_kpasswd (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" "パスワード変更サービスが KDC において実行されていなければ、代替サーバーがここ" "で指定できます。オプションのポート番号が(コロンに続けて)アドレスまたはホス" "ト名に追加できます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" "フェイルオーバーとサーバー冗長性に関する詳細は、<quote>フェイルオーバー</" "quote>のセクションを参照してください。注:KDC に対する認証がまだ可能であるな" "らば、たとえすべての kpasswd サーバーがなかったとしても、バックエンドをオフラ" "インに切り替えないことに注意してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "初期値: KDC を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "krb5_ccachedir (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "初期値: /tmp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "krb5_ccname_template (文字列)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "%u" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "ログイン名" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "%U" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "ログイン UID" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "%p" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "プリンシパル名" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "%r" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "レルム名" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "%h" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "ホームディレクトリー" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "%d" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "krb5ccache_dir の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "%P" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "SSSD クライアントのプロセス ID" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "%%" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "文字 '%'" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 #, fuzzy #| msgid "" #| "Location of the user's credential cache. Two credential cache types are " #| "currently supported: <quote>FILE</quote> and <quote>DIR</quote>. The " #| "cache can be specified either as <replaceable>TYPE:RESIDUAL</" #| "replaceable>, or as an absolute path, which implies the <quote>FILE</" #| "quote> type. In the template, the following sequences are substituted: " #| "<placeholder type=\"variablelist\" id=\"0\"/> If the template ends with " #| "'XXXXXX' mkstemp(3) is used to create a unique filename in a safe way." msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" "ユーザーのクレディンシャルキャッシュの場所です。二つのクレディンシャルキャッ" "シュ形式が現在サポートされます。<quote>FILE</quote> および <quote>DIR</" "quote>。キャッシュは <replaceable>TYPE:RESIDUAL</replaceable> または絶対パス" "(<quote>FILE</quote> 形式を意味します)のどちらかとして指定できます。テンプ" "レートにおいて以下の部分が置換されます: <placeholder type=\"variablelist\" " "id=\"0\"/> テンプレートが 'XXXXXX' で終わると、mkstemp(3) が安全な方法で一意" "なファイル名を作成するために使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 #, fuzzy #| msgid "Default: 0 (No limit)" msgid "Default: (from libkrb5)" msgstr "初期値: 0 (無制限)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "krb5_auth_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" "オンライン認証またはパスワード変更要求が中止された後の秒単位のタイムアウトで" "す。可能ならば、認証要求がオフラインで継続されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "krb5_keytab (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" "KDC から取得したクレディンシャルを検証するときに使用されるキーテーブルの場所" "です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "初期値: /etc/krb5.keytab" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "krb5_store_password_if_offline (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "krb5_renewable_lifetime (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "秒は <emphasis>s</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "分は <emphasis>m</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "時間は <emphasis>h</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "日は <emphasis>d</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "単位が指定されていないと、<emphasis>s</emphasis> と仮定されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" "注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に" "指定したい場合、'1h30m' の代わりに '90m' を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "初期値: 設定されません、つまり TGT は更新可能ではありません" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "krb5_lifetime (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "単位が指定されていないと、<emphasis>s</emphasis> と仮定されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" "注: 単位を混在できないことに注意してください。更新可能な生存期間を1時間30分に" "指定したい場合、'1h30m' の代わりに '90m' を使用してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" "初期値: 設定されません、つまり KDC において設定されているチケット有効期間の初" "期値です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "krb5_renew_interval (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" "このオプションが設定されていない場合、または 0 に設定されている場合、自動更新" "は無効になります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" "<emphasis>never</emphasis> は FAST を使用します。このオプションを何も設定しな" "いことと同等です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" "<emphasis>try</emphasis> は FAST を使用します。サーバーが FAST をサポートして" "いなければ、FAST を使用せずに認証を続行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "初期値: 設定されません、つまり FAST が使用されません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "注: キーテーブルは FAST を使用する必要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "krb5_fast_principal (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "FAST に対して使用するサーバープリンシパルを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" "ホストとユーザーのプリンシパルが正規化されるかどうかを指定します。この機能は " "MIT Kerberos 1.7 およびそれ以降で利用可能です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 #, fuzzy #| msgid "Default: False (disabled)" msgid "Default: false (AD provider: true)" msgstr "初期値: False (無効)" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "認証モジュール krb5 が SSSD ドメインにおいて使用されていると、以下のオプショ" "ンを使用する必要があります。 SSSD ドメインの設定における詳細は " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> マニュアルページの <quote>ドメインセクション</" "quote> を参照してください。 <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" "以下の例は、SSSD が正しく設定され、FOO が <replaceable>[sssd]</replaceable> " "セクションにあるドメインの 1 つであると仮定しています。この例は Kerberos 認証" "の設定のみを示し、識別プロバイダーを何も含みません。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "sss_groupadd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "新しいグループを作成する" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" "<command>sss_groupadd</command> が新しいグループを作成します。これらのグルー" "プは POSIX グループと互換性があり、他のグループをメンバーとして含められる追加" "機能と互換性があります。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" "グループの GID を <replaceable>GID</replaceable> の値に設定します。与えられな" "いと、自動的に選択されます。" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "sss_userdel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "ユーザーアカウントを削除する" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" "<command>sss_userdel</command> はログイン名 <replaceable>LOGIN</replaceable> " "により識別されるユーザーをシステムから削除します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "<option>-r</option>,<option>--remove</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" "ユーザーのホームディレクトリーにあるファイルは、それ自身のホームディレクト" "リーとユーザーのメールスプールとともに削除されます。設定が上書きされます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "<option>-R</option>,<option>--no-remove</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" "ユーザーのホームディレクトリーにあるファイルは、それ自身のホームディレクト" "リーとユーザーのメールスプールとともに削除されません。設定が上書きされます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "<option>-f</option>,<option>--force</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" "このオプションは、指定されたユーザーにより所有されていないものさえ、" "<command>sss_userdel</command> がユーザーのホームディレクトリーとメールスプー" "ルを削除するよう強制します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "<option>-k</option>,<option>--kick</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "実際にユーザーを削除する前に、そのプロセスをすべて停止します。" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "sss_groupdel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "グループを削除する" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" "<command>sss_groupdel</command> は名前 <replaceable>GROUP</replaceable> によ" "り識別されるグループをシステムから削除します。" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "sss_groupshow" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "グループのプロパティーを表示します" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" "<command>sss_groupshow</command> はその名前 <replaceable>GROUP</replaceable> " "により識別されるグループに関する情報を表示します。情報はグループ ID 番号、グ" "ループのメンバーおよび親グループを含みます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "<option>-R</option>,<option>--recursive</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" "ツリー階層形式で間接的なグループメンバーも表示します。これは親グループの表示" "にも影響を与えることに注意してください - <option>R</option> を指定しないと、" "直接の親のみが表示されます。" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "sss_usermod" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "ユーザーアカウントを修正します" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" "<command>sss_usermod</command> は、コマンドラインにおいて指定された変更を反映" "するために、 <replaceable>LOGIN</replaceable> により指定されたアカウントを変" "更します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "ユーザーアカウントのホームディレクトリーです。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "ユーザーのログインシェルです。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" "このユーザーを <replaceable>GROUPS</replaceable> パラメーターにより指定された" "グループに追加します。 <replaceable>GROUPS</replaceable> パラメーターはグルー" "プ名のカンマ区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "<replaceable>GROUPS</replaceable> " #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "<option>-l</option>,<option>--lock</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "ユーザーアカウントをロックします。ユーザーはログインできなくなります。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "<option>-u</option>,<option>--unlock</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "ユーザーアカウントのロックを解除します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "ユーザーのログインのための SELinux ユーザーです。" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "sss_cache" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "キャッシュクリーンアップを実行する" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" "<command>sss_cache</command> は SSSD キャッシュにあるレコードを無効にします。" "無効化されたレコードは、関連する SSSD バックエンドがオンラインになるとすぐ" "に、サーバーから強制的に再読み込みされます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "<option>-E</option>,<option>--everything</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "sudo ルール以外のすべてのキャッシュ項目を無効化します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "特定のユーザーを無効にします。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "<option>-U</option>,<option>--users</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" "すべてのユーザーレコードを無効にします。このオプションも設定されていると、こ" "れが特定のユーザーの無効化を上書きします。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "特定のグループを無効にします。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "<option>-G</option>,<option>--groups</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" "すべてのグループレコードを無効にします。このオプションも設定されていると、こ" "れが特定のグループの無効化を上書きします。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "特定のネットワークグループを無効にします。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "<option>-N</option>,<option>--netgroups</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" "すべてのネットワークグループレコードを無効にします。このオプションが設定され" "ていると、これが特定のネットワークグループの無効化を上書きします。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "特定のサービスを無効化します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "<option>-S</option>,<option>--services</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" "すべてのサービスレコードを無効にします。このオプションも設定されていると、こ" "れが特定のサービスの無効化を上書きします。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "特定の autofs マップを無効化します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "<option>-A</option>,<option>--autofs-maps</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" "すべての autofs マップを無効化します。このオプションは特定のマップが設定され" "ていても、その無効化を上書きします。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "無効化プロセスを特定のドメインのみに制限します。" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "sss_debuglevel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "SSSD が実行中にデバッグレベルを変更する" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" "<command>sss_debuglevel</command> は SSSD が実行中に SSSD モニターとプロバイ" "ダーのデバッグレベルを <replaceable>NEW_DEBUG_LEVEL</replaceable> に変更しま" "す。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "sss_seed" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "ユーザーの UID を <replaceable>UID</replaceable> に設定します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "ユーザーの GID を <replaceable>GID</replaceable> に設定します。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" "ユーザーのホームディレクトリーを <replaceable>HOME_DIR</replaceable> に設定し" "ます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "sss_ssh_authorizedkeys" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "1" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "OpenSSH 認可キーを取得する" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" "<command>sss_ssh_authorizedkeys</command> はユーザー <replaceable>USER</" "replaceable> の SSH 公開鍵を取得して、 OpenSSH authorized_keys 形式に出力しま" "す (詳細は <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> の <quote>AUTHORIZED_KEYS FILE FORMAT</quote> セク" "ションを参照してください)。" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> は、 <quote>AuthorizedKeysCommand</quote> または " "<quote>PubkeyAgent</quote> <citerefentry> <refentrytitle>sshd_config</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> オプションのサポート付" "きでコンパイルされていると、公開鍵ユーザー認証のために " "<command>sss_ssh_authorizedkeys</command> を使用するために設定できます。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "<quote>AuthorizedKeysCommand</quote> がサポートされていると、 " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> は <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> に以下のディレクティブを置くことによ" "り、これを使用するために設定できます: <placeholder type=\"programlisting\" " "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" "<quote>PubkeyAgent</quote> がサポートされていると、 " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> は <citerefentry> <refentrytitle>sshd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry> 設定に以下のディレクティブを置くこと" "により、これを使用するために設定できます: <placeholder type=\"programlisting" "\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" "SSSD ドメイン <replaceable>DOMAIN</replaceable> にあるユーザーの公開鍵を検索" "します。" #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "終了コード" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "sss_ssh_knownhostsproxy" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "OpenSSH ホストキーを取得します" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" "<command>sss_ssh_knownhostsproxy</command> はホスト <replaceable>HOST</" "replaceable> の SSH ホスト鍵を取得して、個別の OpenSSH known_hosts ファイル " "(詳細は <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> の <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> セク" "ションを参照してください) <filename>/var/lib/sss/pubconf/known_hosts</" "filename> に保存して、ホストへの接続を確立します。" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" "<replaceable>PROXY_COMMAND</replaceable> が指定されていると、ソケットを開く代" "わりにホストへの接続を作成するために使用されます。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> は <citerefentry><refentrytitle>ssh</refentrytitle> " "<manvolnum>1</manvolnum></citerefentry> 設定に対して以下のディレクティブを使" "用することにより、ホストキー認証に <command>sss_ssh_knownhostsproxy</" "command> を使用するために設定できます: <placeholder type=\"programlisting\" " "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" "ホストに接続するためにポート <replaceable>PORT</replaceable> を使用します。初" "期値ではポート 22 が使用されます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" "SSSD ドメイン <replaceable>DOMAIN</replaceable> においてホスト公開鍵を検索し" "ます。" #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "サービス探索" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "設定" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" "何もサーバーが指定されていなければ、バックエンドがサーバーを見つけようとする" "ために、サービス探索を自動的に使用します。オプションとして、サーバーの一覧に" "特別なキーワード <quote>_srv_</quote> を挿入することにより、ユーザーが固定" "サーバーアドレスおよびサービス探索のどちらも使用することを選択できます。これ" "は設定の順番が維持されます。たとえば、ユーザーができる限りサービス探索を使用" "し、DNS を使用してサーバーを探索できないときに特定のサーバーにフォールバック" "したい場合、この機能は有用です。" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "ドメイン名" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" "詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> マニュアルページにある " "<quote>dns_discovery_domain</quote> パラメーターを参照してください。" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "プロトコル" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" "問い合わせは通常プロトコルとして _tcp を指定します。その他はそれぞれのオプ" "ションの説明にドキュメント化されています。" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "関連項目" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "サービス検索メカニズムに関する詳細は RFC 2782 を参照してください。" #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "フェイルオーバー" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "フェイルオーバーの構文" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" "サーバーの一覧がカンマ区切り一覧として与えられます。カンマの前後で空白はいく" "つでも許されます。サーバーは性能の順番で一覧化されます。一覧はサーバーをいく" "つでも含められます。" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "フェイルオーバーのメカニズム" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "ID マッピング" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "マッピング・アルゴリズム" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "最小の設定 (<quote>[domain/DOMAINNAME]</quote> セクションにおいて):" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "高度な設定" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "ldap_idmap_range_min (整数)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" "Active Directory ユーザーとグループの SID をマッピングするために使用する " "POSIX ID の範囲の下限を指定します。" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "初期値: 200000" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "ldap_idmap_range_max (整数)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" "Active Directory ユーザーとグループ SID をマッピングするために使用する POSIX " "ID の範囲の上限を指定します。" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "初期値: 2000200000" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "ldap_idmap_range_size (整数)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" "各スライスに利用可能な ID 番号を指定します。範囲の大きさが最小値、最大値の中" "にうまく分けられなければ、できる限り多くの完全なスライスとして作成されます。" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "ldap_idmap_default_domain_sid (文字列)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "ldap_idmap_default_domain (文字列)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "初期ドメインの名前を指定します。" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "ldap_idmap_autorid_compat (論理値)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" "winbind の <quote>idmap_autorid</quote> アルゴリズムとより同じように振る舞う" "ために ID マッピングのアルゴリズムの振る舞いを変更します。" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" "このオプションが設定されるとき、ドメインはスライス 0 から始まり、各追加ドメイ" "ンに単原子的に増加するよう割り当てられます。" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" "注記: このアルゴリズムは非決定的です (ユーザーとグループが要求された順番に依" "存します)。このモードはマシンが実行中の winbind と互換性が必要ならば、少なく" "とも一つのドメインが一貫してスライス 0 に割り当てられることを保証するために、" "<quote>ldap_idmap_default_domain_sid</quote> オプションも使用することが推奨さ" "れます。" #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "<option>-?</option>,<option>--help</option>" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "ヘルプメッセージを表示して終了します。" #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "<option>-h</option>,<option>--help</option>" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "現在サポートされるデバッグレベル:" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 #, fuzzy #| msgid "" #| "<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent " #| "SSSD from starting up or causes it to cease running." msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" "<emphasis>0x0010</emphasis>: 致命的なエラー。 SSSD が開始するのを妨げる、また" "は実行を中断させることすべてです。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 #, fuzzy #| msgid "" #| "<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't " #| "kill the SSSD, but one that indicates that at least one major feature is " #| "not going to work properly." msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" "<emphasis>0x0020</emphasis>: 重大なエラー。 SSSD が強制停止しないが、複数の機" "能が正しく動作しないエラーです。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 #, fuzzy #| msgid "" #| "<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a " #| "particular request or operation has failed." msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" "<emphasis>0x0040</emphasis>: 深刻なエラー。特定の要求や操作が失敗したことを通" "知するエラーです。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 #, fuzzy #| msgid "" #| "<emphasis>0x0080</emphasis>: Minor failures. These are the errors that " #| "would percolate down to cause the operation failure of 2." msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" "<emphasis>0x0080</emphasis>: 軽微なエラー。これらは 2 の操作失敗を引き起こす" "よう下にしみだすエラーです。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 #, fuzzy #| msgid "<emphasis>0x0100</emphasis>: Configuration settings." msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "<emphasis>0x0100</emphasis>: 設定値の設定です。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 #, fuzzy #| msgid "<emphasis>0x0200</emphasis>: Function data." msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "<emphasis>0x0200</emphasis>: 関数のデータです。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 #, fuzzy #| msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions." msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "<emphasis>0x0400</emphasis>: 操作関数のトレースメッセージです。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 #, fuzzy #| msgid "" #| "<emphasis>0x1000</emphasis>: Trace messages for internal control " #| "functions." msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "<emphasis>0x1000</emphasis>: 内部制御関数のトレースメッセージです。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 #, fuzzy #| msgid "" #| "<emphasis>0x2000</emphasis>: Contents of function-internal variables that " #| "may be interesting." msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" "<emphasis>0x2000</emphasis>: 興味があるかもしれない関数の内部変数の内容です。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 #, fuzzy #| msgid "" #| "<emphasis>0x4000</emphasis>: Extremely low-level tracing information." msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "<emphasis>0x4000</emphasis>: 極めて低レベルのトレース情報です。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 #, fuzzy #| msgid "" #| "To log required debug levels, simply add their numbers together as shown " #| "in following examples:" msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" "必要となるデバッグレベルをログに取得するには、以下の例に示されるようにこれら" "の数字を単に追加します:" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" "<emphasis>例</emphasis>: 致命的なエラー、重大なエラー、深刻なエラーおよび関数" "データをログに取得するには 0x0270 を使用します。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" "<emphasis>例</emphasis>: 致命的なエラー、設定値の設定、関数データ、内部制御関" "数のトレースメッセージをログに取得するには 0x1310 を使用します。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 #, fuzzy #| msgid "" #| "<emphasis>Note</emphasis>: This is new format of debug levels introduced " #| "in 1.7.0. Older format (numbers from 0-10) is compatible but deprecated." msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" "<emphasis>注</emphasis>: これは 1.7.0 において導入されたデバッグレベルの新し" "い形式です。古い形式(0-10 の数字)は互換性がありますが、推奨されません。" #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 #, fuzzy #| msgid "<emphasis>h</emphasis> for hours" msgid "<emphasis>Default</emphasis>: 0" msgstr "時間は <emphasis>h</emphasis>" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" "<emphasis> これは実験的な機能です、何らかの問題を報告するには http://" "fedorahosted.org/sssd を使用してください。 </emphasis>" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "ローカルドメイン" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "関連項目" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" "オプションのベース DN。この属性の種別に対する LDAP 検索を制限する、検索範囲お" "よび LDAP フィルター。" #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "構文: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "override_homedir (文字列)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "UID 番号" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "ドメイン名" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "%f" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "完全修飾ユーザー名 (user@domain)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "%o" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "ユーザーのホームディレクトリーを上書きします。絶対パスまたはテンプレートを提" "供できます。テンプレートでは、以下のシーケンスが置換されます: <placeholder " "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "このオプションはドメインごとに設定できます。" #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" "override_homedir = /home/%u\n" " " #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)" #~ msgid "" #~ "Directory to store credential caches. All the substitution sequences of " #~ "krb5_ccname_template can be used here, too, except %d and %P. If the " #~ "directory does not exist, it will be created. If %u, %U, %p or %h are " #~ "used, a private directory belonging to the user is created. Otherwise, a " #~ "public directory with restricted deletion flag (aka sticky bit, as " #~ "described in <citerefentry> <refentrytitle>chmod</refentrytitle> " #~ "<manvolnum>1</manvolnum> </citerefentry> for details) is created." #~ msgstr "" #~ "クレディンシャルキャッシュを保存するディレクトリーです。すべての " #~ "krb5_ccname_template の置換シーケンスが、%d と %P を除き、ここで使用できま" #~ "す。ディレクトリーが存在しなければ、作成されます。%u, %U, %p または %h が" #~ "使用されていると、ユーザーが所属するプライベートディレクトリーが作成されま" #~ "す。そうでなければ、削除制限フラグ(つまり、詳細が <citerefentry> " #~ "<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </" #~ "citerefentry> に記載されているとおり、スティッキービットです)を持つ公開" #~ "ディレクトリーが作成されます。" #~ msgid "Default: FILE:%d/krb5cc_%U_XXXXXX" #~ msgstr "初期値: FILE:%d/krb5cc_%U_XXXXXX" #~ msgid "" #~ "Bit mask that indicates which debug levels will be visible. 0x0010 is the " #~ "default value as well as the lowest allowed value, 0xFFF0 is the most " #~ "verbose mode. This setting overrides the settings from config file." #~ msgstr "" #~ "デバッグレベルを指示するビットマスクは見ることができます。 0x0010 は初期値" #~ "であり、利用できる最小値です。 0xFFF0 は最も冗長なモードです。この設定は設" #~ "定ファイルの設定により上書きされます。" ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/sssd-docs.pot�����������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020161� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.260891435 30 ctime=1396954962.634874227 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/sssd-docs.pot����������������������������������������������������������������0000664�0024127�0024127�00001243057�12320753107�020417� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: sssd-docs 1.11.5\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>GROUP</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> " "<replaceable>GROUPS</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the " "<replaceable>GROUPS</replaceable> parameter. The " "<replaceable>GROUPS</replaceable> parameter is a comma separated list of " "group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> " "<replaceable>GROUPS</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the " "<replaceable>GROUPS</replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = " "<replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = " "<replaceable>value2,value3</replaceable>\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and " "multi-valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "Comma separated list of services that are started when sssd itself starts." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase " "condition=\"with_ssh\">, ssh</phrase> <phrase " "condition=\"with_pac_responder\">, pac</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> " "<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes " "how to compose a fully qualified name from user name and domain name " "components." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at " "build-time. (__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be " "<quote>[nss]</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the " "<quote>timeout</quote> option), it is first sent the SIGTERM signal that " "instructs it to quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) " "service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set " "per-domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in " "<quote>/etc/shells</quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in " "<quote>/etc/shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the " "machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 msgid "" "The default shell to use if the provider does not return one during " "lookup. This option can be specified globally in the [nss] section or " "per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during " "authentication. The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a " "per-client-application basis) how long (in seconds) we can cache the " "identity information to avoid excessive round-trips to the identity " "provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be " "displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting " "<emphasis>pwd_expiration_warning</emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, " "i.e. the system defaults are used, but can be overwritten with the " "default_shell parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For " "non-primary group memberships, those that are in range will be reported as " "expected." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> for more information on configuring Active Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified " "names. For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for more information on configuring " "the simple access module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: " "<quote>(((?P<domain>[^\\\\]+)\\\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\\\]+)$))</quote> " "which allows three different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax " "(?P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called " "<quote>[domain/<replaceable>NAME</replaceable>]</quote> <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax " "information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is " "required. <command>sssd</command> <emphasis>does not</emphasis> support " "authentication over an unencrypted channel. If the LDAP server is used only " "as an identity provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the " "<quote>FAILOVER</quote> section for more information on failover and server " "redundancy. If neither option is specified, service discovery is " "enabled. For more information, refer to the <quote>SERVICE DISCOVERY</quote> " "section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a " "user. Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by " "http://www.ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = " "cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> counterpart (date of the last password change)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> counterpart (minimum password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> counterpart (maximum password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> counterpart (password warning period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> counterpart (password inactivity period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> counterpart (account expiration " "date)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option " "<emphasis>must</emphasis> include <quote>authorized_service</quote> in order " "for the ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option " "<emphasis>must</emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 msgid "ldap_group_type (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups " "(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD " "will follow. This option has no effect on the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink " "url=\"http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx\"> " "MSDN(TM) documentation</ulink> for more details." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "The LDAP attribute that contains the protocols understood by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> " "</citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> " "<manvolnum>2</manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> " "</citerefentry> returns in case of no activity." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value " "vs. the TGT lifetime) will be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single " "request. Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use " "it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in " "<filename>/etc/openldap/ldap.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem " "class=\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example " "host/myhost@EXAMPLE.COM) or just the principal name (for example " "host/myhost)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of " "preference. For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of " "SSSD. While the legacy name is recognized for the time being, users are " "advised to migrate their config files to use <quote>krb5_server</quote> " "instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information on " "the locator plugin." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client " "side. The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use " "<citerefentry><refentrytitle>shadow</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> style attributes to evaluate if the " "password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, " "<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check " "if access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is " "allowed. If both attributes are missing access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option " "<emphasis>must</emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval " "</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is " "<emphasis>false</emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> " "</citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder " "type=\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" " "id=\"2\"/> <placeholder type=\"variablelist\" id=\"3\"/> <placeholder " "type=\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = " "(loginShell=/bin/tcsh)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - " "http://fedorahosted.org/sssd</orgname>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 msgid "" "<command>pam_sss.so</command> <arg choice='opt'> " "<replaceable>quiet</replaceable> </arg> <arg choice='opt'> " "<replaceable>forward_pass</replaceable> </arg> <arg choice='opt'> " "<replaceable>use_first_pass</replaceable> </arg> <arg choice='opt'> " "<replaceable>use_authtok</replaceable> </arg> <arg choice='opt'> " "<replaceable>retry=N</replaceable> </arg> <arg choice='opt'> " "<replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied " "access." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 msgid "<option>ignore_unknown_user</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be " "displayed. This message can e.g. contain instructions about how to reset a " "password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file " "<filename>pam_sss_pw_reset_message.LOC</filename> where LOC stands for a " "locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> " "</citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory " "<filename>/etc/sssd/customize/DOMAIN_NAME/</filename>. If no matching file " "is present a generic message is displayed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> " "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to tell the Kerberos libraries what Realm and which KDC to use. Typically " "this is done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> which is always read by the " "Kerberos libraries. To simplify the configuration the Realm and the KDC can " "be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and " "example.com is one of the domains in the <replaceable>[sssd]</replaceable> " "section. This examples shows only the simple access provider-specific " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> identity provider and the <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> authentication provider with some exceptions described " "below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old " "<emphasis>ipa_dyndns_update</emphasis> option, users should migrate to using " "<emphasis>dyndns_update</emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old " "<emphasis>ipa_dyndns_ttl</emphasis> option, users should migrate to using " "<emphasis>dyndns_ttl</emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old " "<emphasis>ipa_dyndns_iface</emphasis> option, users should migrate to using " "<emphasis>dyndns_iface</emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains " "\"_location.hostname.example.com\" and then fall back to traditional SRV " "discovery. If the location based discovery succeeds, the IPA servers located " "with the location based discovery are treated as primary servers and the IPA " "servers located using the traditional SRV discovery are used as back up " "servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos " "pre-authentication. The following options are supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 msgid "<emphasis>never</emphasis> use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 msgid "Default: try" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many access-control requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 msgid "This option should only be set by the IPA installer." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "The LDAP attribute that contains all users / groups this rule match against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of " "sssd.conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and " "example.com is one of the domains in the <replaceable>[sssd]</replaceable> " "section. This examples shows only the ipa provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory " "server. This provider requires that the machine be joined to the AD domain " "and a keytab is available." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or " "later. Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> identity provider and the <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> authentication provider with some exceptions described " "below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as " "case-insensitive in the AD provider for compatibility with Active " "Directory's LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 msgid "ad_access_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the " "<quote>access_provider</quote> option must be explicitly set to " "<quote>ad</quote> in order for this option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or " "forest. This extended filter would consist of: " "<quote>KEYWORD:NAME:FILTER</quote>. The keyword can be either " "<quote>DOM</quote>, <quote>FOREST</quote> or missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then " "<quote>NAME</quote> specifies the domain or subdomain the filter applies " "to. If the keyword equals to <quote>FOREST</quote>, then the filter equals " "to all domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the " "per-domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 msgid "Default: Not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 msgid "ad_enable_gc (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise " "principal. See section 5 of RFC 6806 for more details about enterprise " "principals." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and " "example.com is one of the domains in the <replaceable>[sssd]</replaceable> " "section. This example shows only the AD provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> file (which should contain rules " "that apply to local users) and then in SSSD, the nsswitch.conf file should " "contain the following line:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> " "</citerefentry> to your NIS domain name (which equals to IPA domain name " "when using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry>. To speed up the LDAP lookups, you " "can also set search base for sudo rules using " "<emphasis>ldap_sudo_search_base</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the " "server. This is used to keep the cache consistent by removing every rule " "which was deleted from the server. However, full refresh may produce a lot " "of traffic and thus it should be run only occasionally depending on the size " "and stability of the sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs " "sudo. Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been " "deleted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this " "machine. This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> and \"sudo_*\" in <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> " "<replaceable>LEVEL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is " "<filename>/etc/sssd/sssd.conf</filename>. For reference on the config file " "syntax and options, consult the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>[PASSWORD]</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into " "human-unreadable format and places it into appropriate domain section of the " "SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> for more details on these parameters." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> " "<replaceable>DOMAIN</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is " "<quote>default</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>LOGIN</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> " "<replaceable>COMMENT</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> " "<replaceable>HOME_DIR</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with " "<quote>user_defaults/baseDirectory</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> " "<replaceable>SHELL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently " "<filename>/bin/bash</filename>. The default can be changed with " "<quote>user_defaults/defaultShell</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> " "<replaceable>GROUPS</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "Do not create the user's home directory. Overrides configuration settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> " "<replaceable>SKELDIR</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or " "<option>--create-home</option>) option is specified, or creation of home " "directories is set to TRUE in the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> " "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, please refer to the " "<quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> " "<refentrytitle>.k5login</refentrytitle><manvolnum>5</manvolnum> " "</citerefentry> for more details. Please note that an empty .k5login file " "will deny all access to this user. To activate this feature, use " "'access_provider = krb5' in your SSSD configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of " "preference. For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is " "<quote>KEYRING:persistent:%U</quote>, which uses the Linux kernel keyring to " "store credentials on a per-UID basis. This is also the recommended choice, " "as it is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 msgid "Default: (from libkrb5)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 msgid "Default: false (AD provider: true)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> manual page, section <quote>DOMAIN SECTIONS</quote>, for " "details on the configuration of an SSSD domain. <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>GROUP</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>LOGIN</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>GROUP</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>GROUP</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>LOGIN</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the " "<replaceable>GROUPS</replaceable> parameter. The " "<replaceable>GROUPS</replaceable> parameter is a comma separated list of " "group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the " "<replaceable>GROUPS</replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> " "<replaceable>group</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> " "<replaceable>netgroup</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> " "<replaceable>service</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> " "<replaceable>autofs-map</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> " "<replaceable>domain</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>NEW_DEBUG_LEVEL</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg choice='plain'>-D " "<replaceable>DOMAIN</replaceable></arg> <arg choice='plain'>-n " "<replaceable>USER</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> " "<replaceable>DOMAIN</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> " "<replaceable>USER</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> " "<replaceable>PASS_FILE</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or " "--password-file option) must be less than or equal to PASS_MAX bytes (64 " "bytes on systems with no globally-defined PASS_MAX value)." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry> for more information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry> can be configured to use " "<command>sss_ssh_authorizedkeys</command> for public key user authentication " "if it is compiled with support for either " "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> " "<citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry> can be configured to use it by " "putting the following directive in <citerefentry> " "<refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry>: <placeholder " "type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry> can be configured to use it by using " "the following directive for <citerefentry> " "<refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> " "configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain " "<replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is " "returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry> for more information) " "<filename>/var/lib/sss/pubconf/known_hosts</filename> and estabilishes " "connection to the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> " "<manvolnum>1</manvolnum></citerefentry> can be configured to use " "<command>sss_ssh_knownhostsproxy</command> for host key authentication by " "using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> " "<manvolnum>1</manvolnum></citerefentry> configuration: <placeholder " "type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain " "<replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page for more details." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of " "preference. The list can contain any number of servers." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between " "automatically-assigned and manually-assigned values. If you need to use " "manually-assigned values, ALL values must be manually-assigned." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that " "domain. In order to make this slice-assignment repeatable on different " "client machines, we select the slice based on the following algorithm:" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have " "<quote>min_id</quote> be less-than or equal to " "<quote>ldap_idmap_range_min</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have " "<quote>max_id</quote> be greater-than or equal to " "<quote>ldap_idmap_range_max</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal " "failures. Anything that would prevent SSSD from starting up or causes it to " "cease running." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of " "2." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 msgid "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of " "function-internal variables that may be interesting." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 msgid "<emphasis>Default</emphasis>: 0" msgstr "" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use " "http://fedorahosted.org/sssd to report any issues. </emphasis>" msgstr "" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with " "<quote>id_provider=local</quote> must be created and the SSSD must be " "running." msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle><manvolnum>5</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> " "</citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry>, </phrase> <citerefentry> " "<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>, </phrase> <citerefentry> " "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> " "</citerefentry>." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by " "http://www.ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the " "<quote>ldap_search_base</quote> examples section." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "" ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/eu.po�������������������������������������������������������0000644�0000000�0000000�00000000127�12320753573�016512� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 mtime=1396955003.49084388 29 atime=1396955003.49084388 29 ctime=1396955003.49084388 �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/eu.po������������������������������������������������������������������������0000664�0024127�0024127�00001243146�12320753573�016750� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Basque translations for sssd-docs package # Copyright (C) 2012 Red Hat # This file is distributed under the same license as the sssd-docs package. # Automatically generated, 2012. # msgid "" msgstr "" "Project-Id-Version: sssd-docs 1.8.95\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2012-07-18 21:31+0300\n" "Last-Translator: Automatically generated\n" "Language-Team: none\n" "Language: eu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 msgid "ldap_group_type (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 msgid "<option>ignore_unknown_user</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 msgid "<emphasis>never</emphasis> use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 msgid "Default: try" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 msgid "This option should only be set by the IPA installer." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 msgid "ad_access_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 msgid "Default: Not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 msgid "ad_enable_gc (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 msgid "Default: (from libkrb5)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 msgid "Default: false (AD provider: true)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 msgid "<emphasis>Default</emphasis>: 0" msgstr "" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "" ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/ru.po�������������������������������������������������������0000644�0000000�0000000�00000000131�12320753573�016522� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396955003.518843859 29 atime=1396955003.51784386 30 ctime=1396955003.518843859 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/ru.po������������������������������������������������������������������������0000664�0024127�0024127�00001246640�12320753573�016767� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: # Artyom Kunyov <artkun@guitarplayer.ru>, 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2013-11-19 16:29+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Russian (http://www.transifex.com/projects/p/fedora/language/" "ru/)\n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "Справка по SSSD" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "изменить группу" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "ОПИСАНИЕ" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "ОПЦИИ" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "sssd.CONF" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "Файл конфигурации SSSD" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "ФОРМАТ ФАЙЛА" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "службы" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "попыток_соединения (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "По умолчанию: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "домены" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "По умолчанию: false" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "По умолчанию: 10" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "По умолчанию: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "По умолчанию: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "По умолчанию: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "По умолчанию: 0 (неограничено)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "По умолчанию: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "В настоящее время sssd поддерживает следующие значения:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "По умолчанию: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "По умолчанию: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "По умолчанию: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "Поддерживаемые значения:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "По умолчанию: использовать доменное имя из hostname" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "По умолчанию: <filename>/home</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "По умолчанию: TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "По умолчанию: 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "По умолчанию: <filename>/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "По умолчанию: <filename>/var/mail</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "ПРИМЕР" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "По умолчанию: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "пароль" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "По умолчанию: posixAccount" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "По умолчанию: gecos" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "По умолчанию: homeDirectory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "По умолчанию: loginShell" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "По умолчанию: modifyTimestamp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "По умолчанию: shadowWarning" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "По умолчанию: shadowInactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "По умолчанию: shadowExpire" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 msgid "ldap_group_type (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 msgid "<option>ignore_unknown_user</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 msgid "<emphasis>never</emphasis> use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 #, fuzzy #| msgid "Default: 3" msgid "Default: try" msgstr "По умолчанию: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 msgid "This option should only be set by the IPA installer." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 msgid "ad_access_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 #, fuzzy #| msgid "Default: root" msgid "Default: Not set" msgstr "По умолчанию: root" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 msgid "ad_enable_gc (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 #, fuzzy #| msgid "Default: 0 (No limit)" msgid "Default: (from libkrb5)" msgstr "По умолчанию: 0 (неограничено)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 msgid "Default: false (AD provider: true)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 msgid "<emphasis>Default</emphasis>: 0" msgstr "" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "СМ. ТАКЖЕ" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "" ������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/lv.po�������������������������������������������������������0000644�0000000�0000000�00000000132�12320753573�016516� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396955003.507843867 30 atime=1396955003.507843867 30 ctime=1396955003.507843867 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/lv.po������������������������������������������������������������������������0000664�0024127�0024127�00001246341�12320753573�016760� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: # Kristaps, 2012 # Kristaps, 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2013-11-19 16:29+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Latvian (http://www.transifex.com/projects/p/fedora/language/" "lv/)\n" "Language: lv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : " "2);\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "8" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "APRAKSTS" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "IESPĒJAS" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "sssd.conf" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "pakalpojumi" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "domēni" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "Noklusējuma: 10" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "Noklusējuma: 60" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "Noklusējuma: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "Noklusējuma: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "Noklusējuma: 0 (bez ierobežojuma)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "Noklusējuma: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "Noklusējuma: 0 (neierobežots)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "Noklusējuma: <quote>atļaut</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Noklusējuma: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "Atbalstītās vērtības:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "Noklusējuma: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "Noklusējuma: <filename>/bin/bash</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "Noklusējuma: 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "Noklusējuma: <filename>/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "Noklusējuma: <filename>/var/mail</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "PIEMĒRS" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "sssd-ldap" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "KONFIGURĒŠANAS IESPĒJAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "Noklusējuma: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "Divi pašlaik atbalstītie mehānismi ir:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "parole" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "Noklusējuma: posixAccount" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "Noklusējuma: uid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "Noklusējuma: shadowMin" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "Noklusējuma: shadowMax" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "Noklusējuma: 10800 (12 stundas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "Noklusējuma: posixGroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_group_type (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "Noklusējuma: 86400 (24 stundas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "Noklusējuma: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "Piemērs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "Atļautas šādas vērtības:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "Noklusējuma: filtrēt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "PAPLAŠINĀTĀS IESPĒJAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "PIEZĪMES" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "<option>use_first_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "<option>use_authtok</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "<option>retry=N</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 #, fuzzy #| msgid "<option>forward_pass</option>" msgid "<option>ignore_unknown_user</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "sssd-simple" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "sssd-ipa" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 msgid "<emphasis>never</emphasis> use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 #, fuzzy #| msgid "Default: 1" msgid "Default: try" msgstr "Noklusējuma: 1" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 msgid "This option should only be set by the IPA installer." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 msgid "ad_access_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 #, fuzzy #| msgid "Default: filter" msgid "Default: Not set" msgstr "Noklusējuma: filtrēt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 msgid "ad_enable_gc (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "sssd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "create a new user" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "sssd-krb5" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "Noklusējuma: / tmp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "%u" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "%U" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 #, fuzzy #| msgid "Default: 0 (No limit)" msgid "Default: (from libkrb5)" msgstr "Noklusējuma: 0 (bez ierobežojuma)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "Noklusējuma: /etc/krb5.keytab" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 msgid "Default: false (AD provider: true)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "izveidot jaunu grupu" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "sss_userdel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "dzēst lietotāja kontu" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "dzēst grupu" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "sss_groupshow" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "sss_usermod" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "" #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 msgid "<emphasis>Default</emphasis>: 0" msgstr "" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "SKATĪT ARĪ" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "" �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/PaxHeaders.13173/uk.po�������������������������������������������������������0000644�0000000�0000000�00000000132�12320753573�016514� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396955003.524843854 30 atime=1396955003.523843855 30 ctime=1396955003.524843854 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/man/po/uk.po������������������������������������������������������������������������0000664�0024127�0024127�00002225513�12320753573�016755� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Red Hat # This file is distributed under the same license as the sssd-docs package. # # Translators: # sgallagh <sgallagh@redhat.com>, 2011 # Yuri Chornoivan <yurchor@ukr.net>, 2011-2013 # Yuri Chornoivan <yurchor@ukr.net>, 2013 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" "POT-Creation-Date: 2014-04-08 12:55+0300\n" "PO-Revision-Date: 2013-11-19 16:29+0000\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian (http://www.transifex.com/projects/p/fedora/" "language/uk/)\n" "Language: uk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #. type: Content of: <reference><title> #: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 #: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 #: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 #: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 #: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 #: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 #: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 msgid "SSSD Manual pages" msgstr "Сторінки підручника SSSD" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15 msgid "sss_groupmod" msgstr "sss_groupmod" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11 #: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11 #: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11 #: sss_groupshow.8.xml:11 sss_usermod.8.xml:11 sss_cache.8.xml:11 #: sss_debuglevel.8.xml:11 sss_seed.8.xml:11 msgid "8" msgstr "8" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupmod.8.xml:16 msgid "modify a group" msgstr "зміна групи" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupmod.8.xml:21 msgid "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupmod</command> <arg choice='opt'> <replaceable>параметри</" "replaceable> </arg> <arg choice='plain'><replaceable>ГРУПА</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 #: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 #: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 #: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 #: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 #: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 #: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 msgid "DESCRIPTION" msgstr "ОПИС" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupmod.8.xml:32 msgid "" "<command>sss_groupmod</command> modifies the group to reflect the changes " "that are specified on the command line." msgstr "" "<command>sss_groupmod</command> змінює назву групи відповідно до змін, " "внесених за допомогою командного рядка." #. type: Content of: <reference><refentry><refsect1><title> #: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 #: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 #: sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "ПАРАМЕТРИ" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:43 sss_usermod.8.xml:77 msgid "" "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-a</option>,<option>--append-group</option> <replaceable>ГРУПИ</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:48 msgid "" "Append this group to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" "Додати групу до груп, вказаних за допомогою параметра <replaceable>ГРУПИ</" "replaceable>. Параметр <replaceable>ГРУПИ</replaceable> є списком груп, " "відокремлених комами." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupmod.8.xml:57 sss_usermod.8.xml:91 msgid "" "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-r</option>,<option>--remove-group</option> <replaceable>ГРУПИ</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupmod.8.xml:62 msgid "" "Remove this group from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" "Вилучає групу з груп, вказаних за допомогою параметра <replaceable>ГРУПИ</" "replaceable>." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.conf.5.xml:10 sssd.conf.5.xml:16 msgid "sssd.conf" msgstr "sssd.conf" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 msgid "5" msgstr "5" #. type: Content of: <reference><refentry><refmeta><refmiscinfo> #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 msgid "File Formats and Conventions" msgstr "Формати файлів та правила" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 #: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17 msgid "the configuration file for SSSD" msgstr "файл налаштування SSSD" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:21 msgid "FILE FORMAT" msgstr "ФОРМАТ ФАЙЛА" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:29 #, no-wrap msgid "" " <replaceable>[section]</replaceable>\n" " <replaceable>key</replaceable> = <replaceable>value</replaceable>\n" " <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n" " " msgstr "" " <replaceable>[розділ]</replaceable>\n" " <replaceable>ключ</replaceable> = <replaceable>значення</replaceable>\n" " <replaceable>ключ2</replaceable> = <replaceable>значення2,значення3</replaceable>\n" " " #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:24 msgid "" "The file has an ini-style syntax and consists of sections and parameters. A " "section begins with the name of the section in square brackets and continues " "until the next section begins. An example of section with single and multi-" "valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "Файл складено з використанням синтаксичний конструкцій у стилі ini, він " "складається з розділів і окремих записів параметрів. Розділ починається з " "рядка назви розділу у квадратних дужках і продовжується до початку нового " "розділу. Приклад розділу з параметрами, які мають єдине і декілька значень: " "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:36 msgid "" "The data types used are string (no quotes needed), integer and bool (with " "values of <quote>TRUE/FALSE</quote>)." msgstr "" "Типами даних є рядок (без символів лапок), ціле число і булеве значення " "(можливі два значення — <quote>TRUE</quote> і <quote>FALSE</quote>)." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:41 msgid "" "A line comment starts with a hash sign (<quote>#</quote>) or a semicolon " "(<quote>;</quote>). Inline comments are not supported." msgstr "" "Рядок коментаря починається з символу решітки (<quote>#</quote>) або крапки " "з комою (<quote>;</quote>). Підтримки вбудованих коментарів не передбачено." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:47 msgid "" "All sections can have an optional <replaceable>description</replaceable> " "parameter. Its function is only as a label for the section." msgstr "" "Для всіх розділів передбачено додатковий параметр <replaceable>description</" "replaceable>. Його призначено лише для позначення розділу." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:53 msgid "" "<filename>sssd.conf</filename> must be a regular file, owned by root and " "only root may read from or write to the file." msgstr "" "<filename>sssd.conf</filename> має бути звичайним файлом, власником якого є " "користувач root. Права на читання та запис до цього файла повинен мати лише " "користувач root." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:59 msgid "SPECIAL SECTIONS" msgstr "ОСОБЛИВІ РОЗДІЛИ" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:62 msgid "The [sssd] section" msgstr "Розділ [sssd]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #: sssd.conf.5.xml:71 sssd.conf.5.xml:1857 msgid "Section parameters" msgstr "Параметри розділу" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:73 msgid "config_file_version (integer)" msgstr "config_file_version (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:76 msgid "" "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use " "version 2." msgstr "" "Визначає версію синтаксичних конструкцій файла налаштування. Для версій SSSD " "0.6.0 та пізніших слід використовувати версію 2." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:82 msgid "services" msgstr "services" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:85 msgid "" "Comma separated list of services that are started when sssd itself starts." msgstr "" "Список служб, записи якого відокремлено комами, які слід запускати у разі " "запуску sssd." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:89 msgid "" "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> " "<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition=" "\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</" "phrase>" msgstr "" "Підтримувані служби: nss, pam <phrase condition=\"with_sudo\">, sudo</" "phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase " "condition=\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder" "\">, pac</phrase>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:98 sssd.conf.5.xml:321 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:101 sssd.conf.5.xml:324 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" "Кількість повторних спроб встановлення зв’язку зі службами або їх " "перезапуску у разі аварійного завершення роботи інструменту надання даних до " "визнання подальших спроб безнадійними." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:106 sssd.conf.5.xml:329 msgid "Default: 3" msgstr "Типове значення: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:111 msgid "domains" msgstr "domains" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:114 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " "start. This parameter described the list of domains in the order you want " "them to be queried. A domain name should only consist of alphanumeric ASCII " "characters, dashes and underscores." msgstr "" "Домен — це база даних, у якій містяться дані щодо користувачів. SSSD може " "одночасно використовувати декілька доменів. Вам слід вказати принаймні один " "домен, інакше SSSD просто не запуститься. За допомогою цього параметра можна " "вказати список доменів, впорядкованих за пріоритетністю під час надсилання " "до них запитів щодо даних. Назва домену має складатися лише з літер і цифр " "ASCII, дефісів та знаків підкреслювання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:126 sssd.conf.5.xml:1586 msgid "re_expression (string)" msgstr "re_expression (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:129 msgid "" "Default regular expression that describes how to parse the string containing " "user name and domain into these components." msgstr "" "Типовий формальний вираз, який описує спосіб поділу рядка з іменем " "користувача і доменом на його частини." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:134 msgid "" "Each domain can have an individual regular expression configured. For some " "ID providers there are also default regular expressions. See DOMAIN " "SECTIONS for more info on these regular expressions." msgstr "" "Для кожного з доменів можна налаштувати окремий формальний вираз. Для деяких " "з засобів надання ідентифікаторів передбачено типові формальні вирази. " "Докладніше про ці формальні вирази можна дізнатися з довідки до РОЗДІЛІВ " "ДОМЕНІВ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:143 sssd.conf.5.xml:1637 msgid "full_name_format (string)" msgstr "full_name_format (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:146 sssd.conf.5.xml:1640 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " "fully qualified name from user name and domain name components." msgstr "" "Сумісний з <citerefentry> <refentrytitle>printf</refentrytitle> " "<manvolnum>3</manvolnum> </citerefentry> формат, який описує спосіб " "створення повного імені на основі імені користувача та компонентів назви " "домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:157 sssd.conf.5.xml:1651 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:158 sssd.conf.5.xml:1652 msgid "user name" msgstr "ім’я користувача" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:161 sssd.conf.5.xml:1655 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:164 sssd.conf.5.xml:1658 msgid "domain name as specified in the SSSD config file." msgstr "назва домену у форматі, вказаному у файлі налаштувань SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:170 sssd.conf.5.xml:1664 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:173 sssd.conf.5.xml:1667 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" "проста назва домену. Здебільшого використовується для доменів Active " "Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:154 sssd.conf.5.xml:1648 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" "Передбачено використання таких замінників: <placeholder type=\"variablelist" "\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:183 msgid "" "Each domain can have an individual format string configured. see DOMAIN " "SECTIONS for more info on this option." msgstr "" "Для кожного з доменів можна налаштувати окремий рядок формату. Докладніше " "про ці рядки можна дізнатися з довідки до РОЗДІЛІВ ДОМЕНІВ." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:189 msgid "try_inotify (boolean)" msgstr "try_inotify (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:192 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " "this, and will fall back to polling resolv.conf every five seconds if " "inotify cannot be used." msgstr "" "SSSD спостерігає за станом resolv.conf для визначення моменту, коли слід " "оновити дані вбудованого інструменту визначення DNS. Типово, з цією метою " "використовується inotify. У разі неможливості використання inotify, " "виконуватиметься опитування resolv.conf кожні п’ять секунд." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:200 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " "to 'false'" msgstr "" "Зрідка бажано не вдаватися навіть до спроб скористатися inotify. У цих " "рідкісних випадках слід встановити для цього параметра значення «false»." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:206 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" "Типове значення: «true» на платформах, де підтримується inotify. «false» на " "інших платформах." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:210 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" "Зауваження: цей параметр ні на що не вплине на платформах, де inotify " "недоступний. На цих платформах завжди використовуватиметься безпосереднє " "опитування файла." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:217 msgid "krb5_rcache_dir (string)" msgstr "krb5_rcache_dir (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:220 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "Каталог у файловій системі, де SSSD має зберігати файли кешу відтворення " "Kerberos." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:224 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" "Цей параметр приймає особливе значення __LIBKRB5_DEFAULTS__, за допомогою " "якого можна наказати SSSD надати змогу libkrb5 визначити відповідну адресу " "для кешу відтворення." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:230 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" msgstr "" "Типове значення: визначається дистрибутивом та вказується під час збирання. " "(__LIBKRB5_DEFAULTS__, якщо не вказано)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:237 msgid "default_domain_suffix (string)" msgstr "default_domain_suffix (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:240 msgid "" "This string will be used as a default domain name for all names without a " "domain name component. The main use case is environments where the primary " "domain is intended for managing host policies and all users are located in a " "trusted domain. The option allows those users to log in just with their " "user name without giving a domain name as well." msgstr "" "Цей рядок буде використано як типову назву домену для всіх назв без " "компонента назви домену. Основним призначенням використання цього рядка є " "середовища, де основний домен призначено для керування правилами вузлів та " "всіма користувачами, розташованими на надійному (довіреному) домені. За " "допомогою цього параметра користувачі можуть входити до системи за допомогою " "лише імені користувача без додавання до нього назви домену." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:250 msgid "" "Please note that if this option is set all users from the primary domain " "have to use their fully qualified name, e.g. user@domain.name, to log in." msgstr "" "Будь ласка, зауважте, що якщо цей параметр встановлено, всім користувачам " "основного домену доведеться використовувати повні імена користувачів, тобто " "користувач@назва.домену, для входу до системи." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:256 sssd-ldap.5.xml:1392 sssd-ldap.5.xml:1404 #: sssd-ldap.5.xml:1486 sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2400 #: sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:187 #: include/ldap_id_mapping.xml:198 msgid "Default: not set" msgstr "Типове значення: not set" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:64 msgid "" "Individual pieces of SSSD functionality are provided by special SSSD " "services that are started and stopped together with SSSD. The services are " "managed by a special service frequently called <quote>monitor</quote>. The " "<quote>[sssd]</quote> section is used to configure the monitor as well as " "some other important options like the identity domains. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" "Окремі функції у SSSD виконуються особливими службами SSSD, які запускаються " "і зупиняються разом SSSD. Ці служби керуються окремою службою, яку часто " "називають «монітором». Розділ <quote>[sssd]</quote> використовується для " "налаштування монітора та деяких інших важливих параметрів, зокрема доменів " "профілів. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:267 msgid "SERVICES SECTIONS" msgstr "РОЗДІЛИ СЛУЖБ" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:269 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " "section, for example, for NSS service, the section would be <quote>[nss]</" "quote>" msgstr "" "У цьому розділі описано параметри, якими можна скористатися для налаштування " "різноманітних служб. Ці параметри має бути зібрано у розділах з назвами " "[<replaceable>$NAME</replaceable>]. Наприклад, параметри служби NSS зібрано " "у розділі <quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:276 msgid "General service configuration options" msgstr "Загальні параметри налаштування служб" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:278 msgid "These options can be used to configure any service." msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:282 msgid "debug_level (integer)" msgstr "debug_level (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:286 msgid "debug_timestamps (bool)" msgstr "debug_timestamps (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:289 msgid "Add a timestamp to the debug messages" msgstr "Додати часову позначку до діагностичних повідомлень." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:820 #: sssd-ldap.5.xml:1559 sssd-ldap.5.xml:1656 sssd-ldap.5.xml:1718 #: sssd-ldap.5.xml:2161 sssd-ldap.5.xml:2226 sssd-ldap.5.xml:2244 #: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:166 sssd-ad.5.xml:250 #: sssd-ad.5.xml:275 sssd-ad.5.xml:363 sssd-krb5.5.xml:490 msgid "Default: true" msgstr "Типове значення: true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:297 msgid "debug_microseconds (bool)" msgstr "debug_microseconds (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:300 msgid "Add microseconds to the timestamp in debug messages" msgstr "" "Додати значення мікросекунд до часової позначки у діагностичних повідомленнях" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:303 sssd.conf.5.xml:774 sssd.conf.5.xml:1773 #: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1433 sssd-ldap.5.xml:1452 #: sssd-ldap.5.xml:1628 sssd-ldap.5.xml:1957 sssd-ipa.5.xml:139 #: sssd-ipa.5.xml:205 sssd-ipa.5.xml:508 sssd-ipa.5.xml:526 #: sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462 msgid "Default: false" msgstr "Типове значення: false" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:308 msgid "timeout (integer)" msgstr "timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:311 msgid "" "Timeout in seconds between heartbeats for this service. This is used to " "ensure that the process is alive and capable of answering requests." msgstr "" "Проміжок у секундах між циклами роботи цієї служби. Використовується для " "перевірки працездатності процесу та його змоги відповідати на запити." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:316 sssd-ldap.5.xml:1304 msgid "Default: 10" msgstr "Типове значення: 10" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:334 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:337 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " "the CAP_SYS_RESOURCE capability, this will be an absolute setting. On " "systems without this capability, the resulting value will be the lower value " "of this or the limits.conf \"hard\" limit." msgstr "" "За допомогою цього параметра можна визначити максимальну кількість " "дескрипторів файлів, які одночасно може бути відкрито цим процесом SSSD. У " "системах, де SSSD надано можливості CAP_SYS_RESOURCE, цей параметр " "використовуватиметься незалежно від інших параметрів системи. У системах без " "цієї можливості, кількість дескрипторів визначатиметься найменшим зі значень " "цього параметра і обмеженням \"hard\" у limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:346 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Типове значення: 8192 (або обмеження у limits.conf \"hard\")" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:351 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:354 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " "limited in order to avoid resource exhaustion on the system." msgstr "" "За допомогою цього параметра можна визначити кількість секунд, протягом яких " "клієнтська частина SSSD може утримувати дескриптор файла без здійснення за " "його допомогою обміну даними. Таке обмеження потрібне для того, щоб уникнути " "вичерпання ресурсів системи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:592 #: sssd.conf.5.xml:752 sssd.conf.5.xml:1015 sssd-ldap.5.xml:1134 msgid "Default: 60" msgstr "Типове значення: 60" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:366 sssd.conf.5.xml:1004 msgid "force_timeout (integer)" msgstr "force_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:369 sssd.conf.5.xml:1007 msgid "" "If a service is not responding to ping checks (see the <quote>timeout</" "quote> option), it is first sent the SIGTERM signal that instructs it to " "quit gracefully. If the service does not terminate after " "<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down " "by sending a SIGKILL signal." msgstr "" "Якщо служба не відповідає на перевірки луна-імпульсом (пінгом) (див. " "параметр <quote>timeout</quote>), система спочатку надсилає сигнал SIGTERM, " "яким наказує службі завершити роботу у штатному режимі. Якщо служба не " "завершить роботу протягом часу, визначено параметром <quote>force_timeout</" "quote> у секундах, монітор примусово завершить роботу служби надсиланням " "сигналу SIGKILL." #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:385 msgid "NSS configuration options" msgstr "Параметри налаштування NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:387 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" "Цими параметрами можна скористатися для налаштування служби Name Service " "Switch (NSS або перемикання служби визначення назв)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:392 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:395 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" "Тривалість зберігання переліків (запитів щодо даних всіх користувачів) у " "кеші nss_sss у секундах" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:399 msgid "Default: 120" msgstr "Типове значення: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:404 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:407 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " "for the domain." msgstr "" "Можна встановити кеш записів для автоматичного оновлення записів у фоновому " "режимі, якщо запит щодо них надходить у визначений у відсотках від " "entry_cache_timeout для домену період часу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:413 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " "after 15 seconds past the last cache update will be returned immediately, " "but the SSSD will go and update the cache on its own, so that future " "requests will not need to block waiting for a cache update." msgstr "" "Наприклад, якщо entry_cache_timeout домену встановлено у значення 30s, а " "entry_cache_nowait_percentage — у значення 50 (у відсотках), записи, які " "надійдуть за 15 секунд після останнього оновлення кешу, буде повернуто " "одразу, але SSSD оновить власний кеш, отже наступні запити очікуватимуть на " "розблокування після оновлення кешу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:423 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " "percentage will never reduce the nowait timeout to less than 10 seconds. (0 " "disables this feature)" msgstr "" "Коректними значеннями цього параметра є 0-99. Ці значення відповідають " "відсоткам entry_cache_timeout для кожного з доменів. З міркувань покращення " "швидкодії це відсоткове значення ніколи не зменшуватиме час очікування " "nowait до значення, меншого за 10 секунд. Визначення значення 0 вимкне цю " "можливість." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:431 msgid "Default: 50" msgstr "Типове значення: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:436 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:439 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " "before asking the back end again." msgstr "" "Визначає кількість секунд, протягом яких nss_sss має кешувати негативні " "результати пошуку у кеші (тобто запити щодо некоректних записів у базі " "даних, зокрема неіснуючих) перед повторним запитом до сервера обробки." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:445 sssd.conf.5.xml:798 msgid "Default: 15" msgstr "Типове значення: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:450 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:453 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" "domain or include fully-qualified names to filter only users from the " "particular domain." msgstr "" "Виключити певних користувачів зі списку отримання даних з бази даних NSS " "sss. Таке виключення може бути корисним для облікових записів керування " "системою. Цей параметр також можна встановлювати для кожного з доменів " "окремо або включити до нього імена користувачів повністю для обмеження " "списку користувачами лише з певного домену." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:460 msgid "Default: root" msgstr "Типове значення: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:465 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:468 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" "Якщо ви хочете, щоб фільтровані користувачі залишалися учасниками груп, " "встановіть для цього параметра значення «false»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:478 msgid "fallback_homedir (string)" msgstr "fallback_homedir (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:481 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" "Встановити типовий шаблон назви домашнього каталогу користувача, якщо цей " "каталог не вказано явним чином засобом надання даних домену." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:486 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" "Можливі варіанти значень для цього параметра збігаються з варіантами значень " "для параметра override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> #: sssd.conf.5.xml:492 #, fuzzy, no-wrap #| msgid "" #| "override_homedir = /home/%u\n" #| " " msgid "" "fallback_homedir = /home/%u\n" " " msgstr "" "override_homedir = /home/%u\n" " " #. type: Content of: <varlistentry><listitem><para> #: sssd.conf.5.xml:490 include/override_homedir.xml:44 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "приклад: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:496 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Типове значення: не встановлено (без замін для невстановлених домашніх " "каталогів)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:502 msgid "override_shell (string)" msgstr "override_shell (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:505 #, fuzzy #| msgid "" #| "The default shell to use if the provider does not return one during " #| "lookup. This option supersedes any other shell options if it takes effect " #| "and can be set either in the [nss] section or per-domain." msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " "or per-domain." msgstr "" "Типова командна оболонка, яку слід використовувати, якщо засобом надання " "даних не повернуто даних оболонки під час пошуку. Якщо буде використано цей " "параметр, він матиме пріоритет над будь-якими іншими параметрами визначення " "командної оболонки. Його можна визначити або у розділі [nss] або для " "окремого домену." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:511 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" "Типове значення: не встановлено (SSSD використовуватиме значення, отримане " "від LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:517 msgid "allowed_shells (string)" msgstr "allowed_shells (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:520 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" "Обмежити перелік можливих командних оболонок користувачів вказаними. Порядок " "визначення оболонки є таким:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:523 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:527 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" "2. Якщо оболонку вказано у списку allowed_shells, але її немає у списку " "<quote>/etc/shells</quote>, буде використано значення параметра " "shell_fallback." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:532 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" "3. Якщо оболонку не вказано у списку allowed_shells і її немає у списку " "<quote>/etc/shells</quote>, буде використано оболонку nologin." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:537 msgid "An empty string for shell is passed as-is to libc." msgstr "Порожній рядок оболонки буде передано без обробки до libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:540 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" "Читання <quote>/etc/shells</quote> виконується лише під час запуску SSSD, " "тобто у разі встановлення нової оболонки слід перезапустити SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:544 msgid "Default: Not set. The user shell is automatically used." msgstr "" "Типове значення: не встановлено. Автоматично використовується оболонка " "користувача." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:549 msgid "vetoed_shells (string)" msgstr "vetoed_shells (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:552 msgid "Replace any instance of these shells with the shell_fallback" msgstr "Замінити всі записи цих оболонок на shell_fallback" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:557 msgid "shell_fallback (string)" msgstr "shell_fallback (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:560 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" "Типова оболонка, яку слід використовувати, якщо дозволеної оболонки у " "системі не встановлено." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:564 msgid "Default: /bin/sh" msgstr "Типове значення: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:569 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:572 #, fuzzy #| msgid "" #| "The default shell to use if the provider does not return one during " #| "lookup. This option supersedes any other shell options if it takes effect " #| "and can be set either in the [nss] section or per-domain." msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" "Типова командна оболонка, яку слід використовувати, якщо засобом надання " "даних не повернуто даних оболонки під час пошуку. Якщо буде використано цей " "параметр, він матиме пріоритет над будь-якими іншими параметрами визначення " "командної оболонки. Його можна визначити або у розділі [nss] або для " "окремого домену." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:578 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" "Типове значення: не встановлено (повернути NULL, якщо оболонку не " "встановлено і покластися на libc у визначенні потрібного програмі значення, " "зазвичай /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:585 sssd.conf.5.xml:745 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:588 sssd.conf.5.xml:748 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" "Визначає час у секундах, протягом якого список піддоменів вважатиметься " "чинним." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:597 msgid "memcache_timeout (int)" msgstr "memcache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:600 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid" msgstr "" "Визначає час у секундах, протягом якого список піддоменів вважатиметься " "чинним." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:604 sssd-ldap.5.xml:654 msgid "Default: 300" msgstr "Типове значення: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:611 msgid "PAM configuration options" msgstr "Параметри налаштування PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:613 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" "Цими параметрами можна скористатися для налаштування служби Pluggable " "Authentication Module (PAM або блокового модуля розпізнавання)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:618 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:621 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" "У разі неможливості встановлення з’єднання з сервером розпізнавання визначає " "тривалість зберігання кешованих входів (у днях з часу останнього успішного " "входу до системи)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:626 sssd.conf.5.xml:639 msgid "Default: 0 (No limit)" msgstr "Типове значення: 0 (без обмежень)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:632 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:635 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" "У разі неможливості встановлення з’єднання з сервером розпізнавання визначає " "дозволену кількість спроб входу з визначенням помилкового пароля." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:645 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:648 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" "Час у хвилинах, який має пройти між досягненням значення " "offline_failed_login_attempts і повторним вмиканням можливості входу до " "системи." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:653 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " "authentication can enable offline authentication again." msgstr "" "Якщо встановлено значення 0, користувач не зможе пройти розпізнавання у " "автономному режимі, якщо буде досягнуто значення " "offline_failed_login_attempts. Лише успішне розпізнавання може знову " "увімкнути можливість автономного розпізнавання." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:659 sssd.conf.5.xml:712 msgid "Default: 5" msgstr "Типове значення: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:665 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:668 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" "Керує типами повідомлень, які буде показано користувачеві під час " "розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:673 msgid "Currently sssd supports the following values:" msgstr "У поточній версії sssd передбачено підтримку таких значень:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:676 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:679 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:683 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:686 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:690 sssd.8.xml:63 msgid "Default: 1" msgstr "Типове значення: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:695 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:698 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " "ensure that authentication takes place with the latest information." msgstr "" "Для кожного з запитів PAM під час роботи SSSD система SSSD зробить спробу " "негайно оновити кешовані дані щодо профілю користувача з метою переконатися, " "що розпізнавання виконується на основі найсвіжіших даних." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:704 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" "client-application basis) how long (in seconds) we can cache the identity " "information to avoid excessive round-trips to the identity provider." msgstr "" "Повний обмін даними сеансу PAM може включати декілька запитів PAM, зокрема " "для керування обліковими записами та відкриття сеансів. За допомогою цього " "параметра можна керувати (для окремих клієнтів-програм) тривалістю (у " "секундах) кешування даних профілю з метою уникнути повторних викликів засобу " "надання даних профілів." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:718 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:721 sssd.conf.5.xml:1178 msgid "Display a warning N days before the password expires." msgstr "" "Показати попередження за вказану кількість днів перед завершенням дії пароля." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:724 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning." msgstr "" "Будь ласка, зауважте, що сервер обробки має надати дані щодо часу завершення " "дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати " "попередження." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:730 sssd.conf.5.xml:1181 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" "Якщо встановлено нульове значення, цей фільтр не застосовуватиметься, тобто " "якщо з сервера обробки надійде попередження щодо завершення строку дії, його " "буде автоматично показано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:735 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" "Цей параметр може бути перевизначено встановленням параметра " "<emphasis>pwd_expiration_warning</emphasis> для окремого домену." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:740 sssd.8.xml:79 msgid "Default: 0" msgstr "Типове значення: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:760 msgid "SUDO configuration options" msgstr "Параметри налаштування SUDO" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:762 msgid "These options can be used to configure the sudo service." msgstr "Цими параметрами можна скористатися для налаштування служби sudo." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:766 msgid "sudo_timed (bool)" msgstr "sudo_timed (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:769 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" "Визначає, чи слід обробляти атрибути sudoNotBefore і sudoNotAfter, " "призначені для визначення часових обмежень для записів sudoers." #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:782 msgid "AUTOFS configuration options" msgstr "Параметри налаштування AUTOFS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:784 msgid "These options can be used to configure the autofs service." msgstr "Цими параметрами можна скористатися для налаштування служби autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:788 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:791 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " "before asking the back end again." msgstr "" "Визначає кількість секунд, протягом яких відповідач autofs має кешувати " "негативні результати пошуку у кеші (тобто запити щодо некоректних записів у " "базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки." #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:807 msgid "SSH configuration options" msgstr "Параметри налаштувань SSH" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:809 msgid "These options can be used to configure the SSH service." msgstr "Цими параметрами можна скористатися для налаштування служби SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:813 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:816 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" "Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:825 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:828 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" "Кількість секунд, протягом яких запису вузла зберігатиметься у керованому " "файлі known_hosts після надсилання запиту щодо ключів вузла." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:832 msgid "Default: 180" msgstr "Типове значення: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:840 msgid "PAC responder configuration options" msgstr "Параметри налаштування відповідача PAC" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:842 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " "PAC data during a GSSAPI authentication to the PAC responder. The sub-domain " "provider collects domain SID and ID ranges of the domain the client is " "joined to and of remote trusted domains from the local domain controller. " "If the PAC is decoded and evaluated some of the following operations are " "done:" msgstr "" "Відповідач PAC працює разом з додатком даних уповноваження для " "sssd_pac_plugin.so зі складу MIT Kerberos та засобу надання даних " "піддоменів. Цей додаток надсилає до відповідача PAC дані PAC під час " "розпізнавання за допомогою GSSAPI. Засіб надання даних піддоменів збирає " "дані щодо діапазонів SID і ID домену, до якого долучено клієнт, та " "віддалених надійних доменів з локального контролера доменів. Якщо PAC " "декодовано і визначено, виконуються деякі з таких дій:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:851 msgid "" "If the remote user does not exist in the cache, it is created. The uid is " "determined with the help of the SID, trusted domains will have UPGs and the " "gid will have the same value as the uid. The home directory is set based on " "the subdomain_homedir parameter. The shell will be empty by default, i.e. " "the system defaults are used, but can be overwritten with the default_shell " "parameter." msgstr "" "Якщо у кеші немає даних віддаленого користувача, запис цих даних буде " "створено. UID буде визначено за допомогою SID, надійні домени матимуть UPG, " "а gid матиме те саме значення, що і UID. Дані домашнього каталогу буде " "засновано на значенні параметра subdomain_homedir. Типово, для командної " "оболонки буде вибрано порожнє значення, тобто використовуватимуться типові " "параметри системи. Значення для оболонки можна змінити за допомогою " "параметра default_shell." #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:859 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" "Якщо існують SID груп з доменів, про які відомо SSSD, запис користувача буде " "додано до цих груп." #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:865 msgid "These options can be used to configure the PAC responder." msgstr "" "Цими параметрами можна скористатися для налаштовування відповідача PAC." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:869 msgid "allowed_uids (string)" msgstr "allowed_uids (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:872 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " "startup." msgstr "" "Визначає список значень UID або імен користувачів, відокремлених комами. " "Користувачам з цього списку буде дозволено доступ до відповідача PAC. UID за " "іменами користувачів визначатимуться під час запуску." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:878 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "Типове значення: 0 (доступ до відповідача PAC має лише адміністративний " "користувач (root))" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:882 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " "access the PAC responder, which would be the typical case, you have to add 0 " "to the list of allowed UIDs as well." msgstr "" "Будь ласка, зауважте, що хоча типово використовується UID 0, значення UID " "буде перевизначено на основі цього параметра. Якщо ви хочете надати " "адміністративному користувачеві (root) доступ до відповідача PAC, що може " "бути типовим варіантом, вам слід додати до списку UID з правами доступу " "запис 0." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:896 msgid "DOMAIN SECTIONS" msgstr "РОЗДІЛИ ДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:903 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:906 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" "Обмеження UID і GID для домену. Якщо у домені міститься запис, що не " "відповідає цим обмеженням, його буде проігноровано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:911 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" "primary group memberships, those that are in range will be reported as " "expected." msgstr "" "Для користувачів зміна цього параметра вплине на основне обмеження GID. " "Запис користувача не буде повернуто до NSS, якщо UID або основний GID не " "належать вказаному діапазону. Записи користувачів, які не є учасниками " "основної групи і належать діапазону, буде виведено у звичайному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:918 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" "Ці обмеження на ідентифікатори стосуються і збереження записів до кешу, не " "лише повернення записів за назвою або ідентифікатором." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:922 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:928 msgid "enumerate (bool)" msgstr "enumerate (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:931 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" "Визначає, чи можна нумерувати домен. Цей параметр може мати одне з таких " "значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:935 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = користувачі і групи нумеруються" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:938 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = не використовувати нумерацію для цього домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:941 sssd.conf.5.xml:1155 sssd.conf.5.xml:1264 #: sssd.conf.5.xml:1281 msgid "Default: FALSE" msgstr "Типове значення: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:944 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " "to fully complete enumerations. During this time, individual requests for " "information will go directly to LDAP, though it may be slow, due to the " "heavy enumeration processing. Saving a large number of entries to cache " "after the enumeration completes might also be CPU intensive as the " "memberships have to be recomputed." msgstr "" "Зауваження: вмикання нумерації помірно знизить швидкодію SSSD на час " "виконання нумерації. Нумерація може тривати до декількох хвилин після " "запуску SSSD. Протягом виконання нумерації окремі запити щодо даних буде " "надіслано безпосередньо до LDAP, хоча і з уповільненням через навантаження " "системи виконанням нумерації. Збереження великої кількості записів до кешу " "після завершення нумерації може також значно навантажити процесор, оскільки " "повторне визначення параметрів участі також іноді є складним завданням." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:957 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" "Під час першого виконання нумерації запити щодо повних списків користувачів " "та груп можуть не повертати жодних результатів, аж доки нумерацію не буде " "завершено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:962 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " "enumeration lookups are completed successfully. For more information, refer " "to the man pages for the specific id_provider in use." msgstr "" "Крім того, вмикання нумерації може збільшити час, потрібний для виявлення " "того, що мережеве з’єднання розірвано, оскільки потрібне буде збільшення " "часу очікування для забезпечення успішного завершення пошуків нумерації. Щоб " "отримати додаткову інформацію, зверніться до сторінок довідника (man) " "відповідного використаного засобу обробки ідентифікаторів (id_provider)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:970 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" "З вказаних вище причин не рекомендуємо вам вмикати нумерацію, особливо у " "об’ємних середовищах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:978 #, fuzzy #| msgid "subdomain_homedir (string)" msgid "subdomain_enumerate (string)" msgstr "subdomain_homedir (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:985 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:986 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:989 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:990 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:981 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " "Optionally, a list of one or more domain names can enable enumeration just " "for these trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:998 sssd-ldap.5.xml:1687 msgid "Default: none" msgstr "Типове значення: none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1021 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1024 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" "Кількість секунд, протягом яких nss_sss вважатиме записи чинними, перш ніж " "надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1028 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " "for newly added or expired entries. You should run the <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> tool in order to force refresh of entries that have already " "been cached." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1041 msgid "Default: 5400" msgstr "Типове значення: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1047 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1050 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" "Кількість секунд, протягом яких nss_sss вважатиме записи користувачів " "чинними, перш ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1054 sssd.conf.5.xml:1067 sssd.conf.5.xml:1080 #: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1120 msgid "Default: entry_cache_timeout" msgstr "Типове значення: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1060 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1063 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" "Кількість секунд, протягом яких nss_sss вважатиме записи груп чинними, перш " "ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1073 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1076 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" "Кількість секунд, протягом яких nss_sss вважатиме записи мережевих груп " "чинними, перш ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1086 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1089 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" "Кількість секунд, протягом яких nss_sss вважатиме записи служб чинними, перш " "ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1099 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1102 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" "Кількість секунд, протягом яких sudo вважатиме правила чинними, перш ніж " "надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1112 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1115 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" "Кількість секунд, протягом яких служба autofs вважатиме карти автомонтування " "чинними, перш ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1126 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1129 msgid "" "Specifies how many seconds SSSD has to wait before refreshing expired " "records. Currently only refreshing expired netgroups is supported." msgstr "" "Визначає кількість секунд, протягом яких SSSD має очікувати до оновлення " "застаріших записів. У поточній версії передбачено підтримку оновлення лише " "застарілих записів мережевих груп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1134 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" "Варто визначити для цього параметра значення 3/4 * entry_cache_timeout." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1138 sssd-ipa.5.xml:221 msgid "Default: 0 (disabled)" msgstr "Типове значення: 0 (вимкнено)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1144 msgid "cache_credentials (bool)" msgstr "cache_credentials (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1147 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" "Визначає, чи слід також кешувати реєстраційні дані користувача у локальному " "кеші LDB" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1151 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" "Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у " "форматі звичайного тексту" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1160 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1163 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " "value of this parameter must be greater than or equal to " "offline_credentials_expiration." msgstr "" "Кількість днів, протягом яких записи залишатимуться у кеші після успішного " "входу до системи до вилучення під час спорожнення кешу. 0 — не вилучати " "записи. Значення цього параметра має бути більшим або рівним значенню " "offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1170 msgid "Default: 0 (unlimited)" msgstr "Типове значення: 0 (без обмежень)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1175 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1186 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " "cannot display a warning. Also an auth provider has to be configured for the " "backend." msgstr "" "Будь ласка, зауважте, що сервер обробки має надати дані щодо часу завершення " "дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати " "попередження. Крім того для цього сервера може бути вказано службу надання " "даних розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1193 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Типове значення: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1199 msgid "id_provider (string)" msgstr "id_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1202 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" "Засіб надання даних ідентифікації, який використовується для цього домену. " "Серед підтримуваних засобів такі:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1206 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "«proxy»: підтримка застарілого модуля надання даних NSS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1209 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "<quote>local</quote>: вбудований засіб SSSD для локальних користувачів" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1213 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " "information on configuring LDAP." msgstr "" "<quote>ldap</quote>: засіб LDAP. Докладніше про налаштовування LDAP можна " "дізнатися з довідки до <citerefentry> <refentrytitle>sssd-ldap</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1221 sssd.conf.5.xml:1307 sssd.conf.5.xml:1358 #: sssd.conf.5.xml:1411 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" "<quote>ipa</quote>: засіб FreeIPA та керування профілями Red Hat Enterprise. " "Докладніші відомості щодо налаштовування IPA викладено у довіднику з " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1230 sssd.conf.5.xml:1316 sssd.conf.5.xml:1367 #: sssd.conf.5.xml:1420 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Active Directory." msgstr "" "<quote>ad</quote>: засіб Active Directory. Докладніші відомості щодо " "налаштовування Active Directory викладено у довіднику з <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1241 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1244 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" "Використовувати ім’я та домен повністю (у форматі, визначеному " "full_name_format домену) як ім’я користувача у системі, що повідомляється " "NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1249 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " "<command>getent passwd test</command> wouldn't find the user while " "<command>getent passwd test@LOCAL</command> would." msgstr "" "Якщо встановлено значення TRUE, всі запити до цього домену мають " "використовувати повні назви. Наприклад, якщо використано домен LOCAL, який " "містить запис користувача «test» user, <command>getent passwd test</command> " "не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1257 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " "will be searched when an unqualified name is requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1269 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1272 msgid "Do not return group members for group lookups." msgstr "Не повертати записи учасників груп для пошуків груп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1275 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " "calls." msgstr "" "Якщо встановлено значення TRUE, сервер LDAP не запитуватиме дані щодо " "атрибутів участі у групах, а списки учасників груп не повертаються під час " "обробки запитів щодо пошуку груп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1286 msgid "auth_provider (string)" msgstr "auth_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1289 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" "Служба розпізнавання, яку використано для цього домену. Серед підтримуваних " "служб розпізнавання:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1293 sssd.conf.5.xml:1351 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> — вбудоване розпізнавання LDAP. Докладніші відомості " "щодо налаштовування LDAP викладено у довіднику з <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1300 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" "<quote>krb5</quote> — вбудоване розпізнавання Kerberos. Докладніші відомості " "щодо налаштовування Kerberos викладено у довіднику з <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum></manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1324 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1327 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> — вимкнути розпізнавання повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1330 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" "Типове значення: буде використано <quote>id_provider</quote>, якщо цей " "спосіб встановлено і можлива обробка запитів щодо розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1336 msgid "access_provider (string)" msgstr "access_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1339 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " "Internal special providers are:" msgstr "" "Програма керування доступом для домену. Передбачено дві вбудованих програми " "керування доступом (окрім всіх встановлених додаткових серверів). " "Вбудованими програмами є:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1345 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" "<quote>permit</quote> дозволяти доступ завжди. Єдиний дозволений засіб " "доступу для локального домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1348 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> — завжди забороняти доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1375 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> for more information on configuring the simple " "access module." msgstr "" "<quote>simple</quote> — керування доступом на основі списків дозволу або " "заборони. Докладніші відомості щодо налаштовування модуля доступу simple " "можна знайти у довідці до <citerefentry> <refentrytitle>sssd-simple</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1382 msgid "Default: <quote>permit</quote>" msgstr "Типове значення: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1387 msgid "chpass_provider (string)" msgstr "chpass_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1390 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" "Система, яка має обробляти дії зі зміни паролів для домену. Передбачено " "підтримку таких систем зміни паролів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1395 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> — змінити пароль, що зберігається на сервері LDAP. " "Докладніші відомості щодо налаштовування LDAP викладено у довіднику з " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1403 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring Kerberos." msgstr "" "<quote>krb5</quote> — змінити пароль Kerberos. Докладніші відомості щодо " "налаштовування Kerberos викладено у довіднику з <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum></manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1428 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1432 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1435 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" "Типове значення: використовується «auth_provider», якщо встановлено значення " "цього параметра і якщо система здатна обробляти запити щодо паролів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1442 msgid "sudo_provider (string)" msgstr "sudo_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1445 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "Служба SUDO, яку використано для цього домену. Серед підтримуваних служб " "SUDO:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1449 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> для правил, що зберігаються у LDAP. Докладніше про " "налаштовування LDAP можна дізнатися з довідки до <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1457 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1461 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1465 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> явним чином вимикає SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1468 sssd.conf.5.xml:1522 sssd.conf.5.xml:1554 #: sssd.conf.5.xml:1579 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Типове значення: використовується значення <quote>id_provider</quote>, якщо " "його встановлено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1474 msgid "selinux_provider (string)" msgstr "selinux_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1477 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " "providers are:" msgstr "" "Засіб, який має відповідати за завантаження параметрів SELinux. Зауважте, що " "цей засіб буде викликано одразу після завершення роботи служби надання " "доступу. Передбачено підтримку таких засобів надання даних SELinux:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1483 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> для завантаження параметрів selinux з сервера IPA. " "Докладніші відомості щодо налаштовування IPA викладено у довіднику з " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1491 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> явним чином забороняє отримання даних щодо параметрів " "SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1494 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" "Типове значення: буде використано <quote>id_provider</quote>, якщо цей " "спосіб встановлено і можлива обробка запитів щодо завантаження SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1500 msgid "subdomains_provider (string)" msgstr "subdomains_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1503 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" "Засіб надання даних, який має обробляти отримання даних піддоменів. Це " "значення має завжди збігатися зі значенням id_provider. Передбачено " "підтримку таких засобів надання даних піддоменів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1509 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> для завантаження списку піддоменів з сервера IPA. " "Докладніші відомості щодо налаштовування IPA викладено у довіднику з " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1518 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> забороняє ячним чином отримання даних піддоменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1529 msgid "autofs_provider (string)" msgstr "autofs_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1532 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" "Служба autofs, яку використано для цього домену. Серед підтримуваних служб " "autofs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1536 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring LDAP." msgstr "" "<quote>ldap</quote> — завантажити карти, що зберігаються у LDAP. Докладніше " "про налаштовування LDAP можна дізнатися з довідки до <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1543 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> — завантажити карти, що зберігається на сервері IPA. " "Докладніші відомості щодо налаштовування IPA викладено у довіднику з " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1551 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> вимикає autofs повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1561 msgid "hostid_provider (string)" msgstr "hostid_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1564 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" "Засіб надання даних, який використовується для отримання даних щодо профілю " "вузла. Серед підтримуваних засобів надання hostid:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1568 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> for more information on configuring IPA." msgstr "" "<quote>ipa</quote> — завантажити профіль системи, що зберігається на сервері " "IPA. Докладніші відомості щодо налаштовування IPA викладено у довіднику з " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1576 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> вимикає hostid повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1589 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " "match either the SSSD configuration domain name, or, in the case of IPA " "trust subdomains and Active Directory domains, the flat (NetBIOS) name of " "the domain." msgstr "" "Формальний вираз для цього домену, який описує спосіб поділи рядка, що " "містить ім’я користувача та назву домену на ці компоненти. «Домен» може " "відповідати назві домену налаштувань SSSD або, у випадку піддоменів довіри " "IPA та доменів Active Directory, простій назві (NetBIOS) домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1598 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> which allows three different styles for " "user names:" msgstr "" "Типовий для засобів надання AD і IPA: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" "P<name>[^@\\\\]+)$))</quote> За його допомогою можна визначати три " "різні стилі запису імен користувачів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1603 msgid "username" msgstr "користувач" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1606 msgid "username@domain.name" msgstr "користувач@назва.домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd.conf.5.xml:1609 msgid "domain\\username" msgstr "домен\\користувач" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1612 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" "Перші два стилі відповідають загальним типовим стилям, а третій введено для " "того, щоб полегшити інтеграцію користувачів з доменів Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1617 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " "sign, the domain everything after that\"" msgstr "" "Типове значення: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</" "quote>, можна висловити так: іменем користувача є все до символу «@», назвою " "домену — все після цього символу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1623 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " "version 7 or higher can support non-unique named subpatterns." msgstr "" "Будь ласка, зауважте: підтримку неунікальних назв підшаблонів передбачено не " "для всіх платформ (наприклад, нею не можна скористатися у RHEL5 і SLES10). " "Підтримкою неунікальних назв підшаблонів можна скористатися лише на " "платформах з версією libpcre 7." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1630 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" "Додаткове зауваження: у застарілих версіях libpcre передбачено підтримку " "лише синтаксичних конструкцій Python (?P<name>) для позначення " "підшаблонів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1677 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Типове значення: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1683 msgid "lookup_family_order (string)" msgstr "lookup_family_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1686 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" "Надає можливість вибрати бажане сімейство адрес, яке слід використовувати " "під час виконання пошуків у DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1690 msgid "Supported values:" msgstr "Передбачено підтримку таких значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1693 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі " "спробувати формат IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1696 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1699 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі " "спробувати формат IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1702 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1705 msgid "Default: ipv4_first" msgstr "Типове значення: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1711 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1714 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " "the domain will continue to operate in offline mode." msgstr "" "Визначає кількість часу (у секундах) очікування відповіді від засобу " "визначення адрес DNS, перш ніж засіб буде визначено недоступним. Якщо час " "очікування буде перевищено, домен продовжуватиме роботу у автономному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1720 sssd-ldap.5.xml:1118 sssd-ldap.5.xml:1160 #: sssd-ldap.5.xml:1175 sssd-krb5.5.xml:239 msgid "Default: 6" msgstr "Типове значення: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1726 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1729 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" "Якщо у модулі обробки використовується визначення служб, вказує доменну " "частину запиту визначення служб DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1733 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Типова поведінка: використовувати назву домену з назви вузла комп’ютера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1739 msgid "override_gid (integer)" msgstr "override_gid (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1742 msgid "Override the primary GID value with the one specified." msgstr "Замірити значення основного GID на вказане." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1748 msgid "case_sensitive (boolean)" msgstr "case_sensitive (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1751 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" "Враховувати регістр записів імен користувачів та назв груп. У поточній " "версії підтримку передбачено лише для локальних надавачів даних." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1756 sssd-ad.5.xml:333 msgid "Default: True" msgstr "Типове значення: True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1762 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1765 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " "name was an alias. Setting this option to true would cause the SSSD to " "perform the ID lookup from cache for performance reasons." msgstr "" "Під час пошуку запису користувача чи групи за назвою у системі надання даних " "переадресації виконується вторинний пошук за ідентифікатором з метою " "визначення «канонічної» форми назви, якщо результат знайдено за " "альтернативною назвою (псевдонімом). Встановлення для цього параметра " "значення «true» призведе до того, що SSSD виконуватиме пошук ідентифікатора " "у кеші, щоб пришвидшити надання результатів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1779 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1790 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1791 msgid "flat (NetBIOS) name of a subdomain." msgstr "спрощена (NetBIOS) назва піддомену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1782 #, fuzzy #| msgid "" #| "Use this homedir as default value for all subdomains within this domain. " #| "See <emphasis>override_homedir</emphasis> for info about possible values. " #| "In addition to those, the expansion below can only be used with " #| "<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist" #| "\" id=\"0\"/>" msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " "possible values. In addition to those, the expansion below can only be used " "with <emphasis>subdomain_homedir</emphasis>. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" "Використовувати вказаний домашній каталог як типовий для всіх піддоменів у " "цьому домені. Дані щодо можливих значень наведено у описі параметра " "<emphasis>override_homedir</emphasis>. Крім того, розгортання можна " "використовувати лише з <emphasis>subdomain_homedir</emphasis>. <placeholder " "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1796 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" "Це значення може бути перевизначено параметром <emphasis>override_homedir</" "emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1800 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Типове значення: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1805 msgid "realmd_tags (string)" msgstr "realmd_tags (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1808 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" "Різноманітні теґи, що зберігаються службою налаштовування realmd для цього " "домену." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:898 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Ці параметри налаштування може бути вказано у розділі налаштування домену, " "тобто у розділі з назвою <quote>[domain/<replaceable>НАЗВА</replaceable>]</" "quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1821 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1824 msgid "The proxy target PAM proxies to." msgstr "Комп’ютер, для якого виконує проксі-сервер PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1827 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" "Типове значення: типово не встановлено, вам слід скористатися вже створеними " "налаштуваннями pam або створити нові і тут додати назву служби." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd.conf.5.xml:1835 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1838 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " "for example _nss_files_getpwent." msgstr "" "Назва бібліотеки NSS для використання у доменах з проксі-серверами. Функції " "NSS шукаються у бібліотеці у форматі _nss_$(назва_бібліотеки)_$(функція), " "наприклад _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1817 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" "Параметри, які є чинними для доменів проксі. <placeholder type=" "\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:1850 msgid "The local domain section" msgstr "Розділ локального домену" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sssd.conf.5.xml:1852 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " "<replaceable>id_provider=local</replaceable>." msgstr "" "У цьому розділі містяться параметри для домену, який зберігає записи " "користувачів і груп у вбудованій базі даних SSSD, тобто домену, який " "використовує <replaceable>id_provider=local</replaceable>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1859 msgid "default_shell (string)" msgstr "default_shell (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1862 msgid "The default shell for users created with SSSD userspace tools." msgstr "" "Типова оболонка для записів користувачів, створених за допомогою " "інструментів простору користувачів SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1866 msgid "Default: <filename>/bin/bash</filename>" msgstr "Типове значення: <filename>/bin/bash</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1871 msgid "base_directory (string)" msgstr "base_directory (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1874 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" "Інструменти додають ім’я користувача до <replaceable>base_directory</" "replaceable> і використовують отриману адресу як адресу домашнього каталогу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1879 msgid "Default: <filename>/home</filename>" msgstr "Типове значення: <filename>/home</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1884 msgid "create_homedir (bool)" msgstr "create_homedir (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1887 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" "Визначає, чи слід типово створювати домашній каталог для нових користувачів. " "Може бути перевизначено з командного рядка." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1891 sssd.conf.5.xml:1903 msgid "Default: TRUE" msgstr "Типове значення: TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1896 msgid "remove_homedir (bool)" msgstr "remove_homedir (булівське значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1899 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" "Визначає, чи слід вилучати домашній каталог для вилучених записів " "користувачів. Може бути перевизначено з командного рядка." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1908 msgid "homedir_umask (integer)" msgstr "homedir_umask (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1911 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " "on a newly created home directory." msgstr "" "Використовується <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> для визначення типових прав доступу " "до щойно створеного домашнього каталогу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1919 msgid "Default: 077" msgstr "Типове значення: 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1924 msgid "skel_dir (string)" msgstr "skel_dir (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1927 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>" msgstr "" "Каркасний каталог, який містить файли і каталоги, які буде скопійовано до " "домашнього каталогу користувача, коли такий домашній каталог створюється " "командою <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1937 msgid "Default: <filename>/etc/skel</filename>" msgstr "Типове значення: <filename>/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1942 msgid "mail_dir (string)" msgstr "mail_dir (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1945 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " "default value is used." msgstr "" "Каталог буфера пошти. Цей каталог потрібен для обробки поштової скриньки, " "якщо відповідний обліковий запис користувача змінено або вилучено. Якщо " "каталог не вказано, буде використано типове значення." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1952 msgid "Default: <filename>/var/mail</filename>" msgstr "Типове значення: <filename>/var/mail</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #: sssd.conf.5.xml:1957 msgid "userdel_cmd (string)" msgstr "userdel_cmd (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1960 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " "return code of the command is not taken into account." msgstr "" "Команда, яку буде виконано після вилучення запису користувача. Команді, як " "перший і єдиний параметр, передається ім’я користувача, запис якого " "вилучається. Код виконання, повернутий програмою не обробляється." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1966 msgid "Default: None, no command is run" msgstr "Типове значення: None, не виконувати жодних команд" #. type: Content of: <reference><refentry><refsect1><title> #: sssd.conf.5.xml:1976 sssd-ldap.5.xml:2426 sssd-simple.5.xml:131 #: sssd-ipa.5.xml:793 sssd-ad.5.xml:382 sssd-krb5.5.xml:519 msgid "EXAMPLE" msgstr "ПРИКЛАД" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd.conf.5.xml:1982 #, no-wrap msgid "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" msgstr "" "[sssd]\n" "domains = LDAP\n" "services = nss, pam\n" "config_file_version = 2\n" "\n" "[nss]\n" "filter_groups = root\n" "filter_users = root\n" "\n" "[pam]\n" "\n" "[domain/LDAP]\n" "id_provider = ldap\n" "ldap_uri = ldap://ldap.example.com\n" "ldap_search_base = dc=example,dc=com\n" "\n" "auth_provider = krb5\n" "krb5_server = kerberos.example.com\n" "krb5_realm = EXAMPLE.COM\n" "cache_credentials = true\n" "\n" "min_id = 10000\n" "max_id = 20000\n" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.conf.5.xml:1978 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" "Нижче наведено приклад типових налаштувань SSSD. Налаштування самого домену " "не наведено, — щоб дізнатися більше про неї, ознайомтеся з документацією " "щодо налаштовування доменів. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 msgid "sssd-ldap" msgstr "sssd-ldap" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:23 msgid "" "This manual page describes the configuration of LDAP domains for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for detailed syntax information." msgstr "" "На цій сторінці довідника описано налаштування доменів LDAP для " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться " "до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:35 msgid "You can configure SSSD to use more than one LDAP domain." msgstr "Ви можете налаштувати SSSD на використання декількох доменів LDAP." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " "over an unencrypted channel. If the LDAP server is used only as an identity " "provider, an encrypted channel is not needed. Please refer to " "<quote>ldap_access_filter</quote> config option for more information about " "using LDAP as an access provider." msgstr "" "У основному модулі LDAP передбачено підтримку засобів надання ідентифікатора " "(id), уповноважень (auth), доступу (access) та зміни паролів (chpass). Якщо " "ви бажаєте виконувати розпізнавання на сервері LDAP, потрібен TLS/SSL або " "LDAPS. У <command>sssd</command> <emphasis>не передбачено</emphasis> " "підтримки розпізнавання за допомогою шифрованого каналу обміну даними. Якщо " "сервер LDAP використовується лише для надання даних профілів, потреби у " "шифруванні каналу обміну даними немає. Будь ласка, зверніться до опису " "параметра налаштування <quote>ldap_access_filter</quote>, щоб дізнатися " "більше про використання LDAP, як засобу керування доступом." #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 #: sssd-krb5.5.xml:63 msgid "CONFIGURATION OPTIONS" msgstr "ПАРАМЕТРИ НАЛАШТУВАННЯ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:60 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:63 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" "quote> section for more information on failover and server redundancy. If " "neither option is specified, service discovery is enabled. For more " "information, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" "Визначає список адрес серверів LDAP, відокремлених комами, з якими SSSD має " "встановлювати з’єднання у порядку пріоритету. Зверніться до розділу " "«РЕЗЕРВ», щоб дізнатися більше про перемикання на резервні ресурси та " "додаткові сервери. Якщо не вказано, буде використано автоматичне виявлення " "служб. Докладніші відомості можна знайти у розділі «ПОШУК СЛУЖБ»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:70 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "Формат адреси має відповідати формату, що визначається RFC 2732:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:73 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<вузол>[:порт]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:76 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" "У явних адресах IPv6 <вузол> має бути вказано у квадратних дужках, []" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:79 msgid "example: ldap://[fc00::126:25]:389" msgstr "приклад: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:85 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:88 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " "Refer to the <quote>FAILOVER</quote> section for more information on " "failover and server redundancy." msgstr "" "Визначає список адрес серверів LDAP, відокремлених комами, з якими SSSD має " "встановлювати з’єднання у порядку пріоритету для зміни пароля користувача. " "Зверніться до розділу «РЕЗЕРВ», щоб дізнатися більше про перемикання на " "резервні ресурси та додаткові сервери." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:95 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Для того, щоб уможливити визначення служб, слід встановити значення " "параметра ldap_chpass_dns_service_name." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:99 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Типове значення: порожнє, тобто використовується ldap_uri." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:105 msgid "ldap_search_base (string)" msgstr "ldap_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:108 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "Типова базова назва домену, яку слід використовувати для виконання дій від " "імені користувача LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:112 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" "Починаючи з SSSD 1.7.0, у SSSD передбачено підтримку визначення декількох " "основ для пошуку за допомогою таких синтаксичних конструкцій:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:116 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "основа_пошуку[?діапазон?[фільтр][?основа_пошуку?діапазон?[фільтр]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:119 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" "Діапазоном може бути одне зі значень, «base» (основа), «onelevel» (окремий " "рівень) або «subtree» (піддерево)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:122 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" "Фільтром має бути коректний запис фільтрування LDAP, відповідно до " "специфікації http://www.ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:126 sssd-ad.5.xml:212 msgid "Examples:" msgstr "Приклади:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:129 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" "ldap_search_base = dc=example,dc=com (еквівалентне до) ldap_search_base = " "dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:134 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:137 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " "different search bases). This will lead to unpredictable behavior on client " "machines." msgstr "" "Зауваження: підтримки визначення декількох основ пошуку з посиланням на " "об’єкти з однаковими назвами (наприклад груп з однаковою назвою у двох " "різних основах пошуку) не передбачено. Такі визначення можуть призвести до " "непередбачуваних результатів на клієнтських комп’ютерах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:144 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " "defaultNamingContext does not exist or has an empty value namingContexts is " "used. The namingContexts attribute must have a single value with the DN of " "the search base of the LDAP server to make this work. Multiple values are " "are not supported." msgstr "" "Типове значення: якщо значення не встановлено, буде використано значення " "атрибута defaultNamingContext або namingContexts з RootDSE сервера LDAP. " "Якщо запису defaultNamingContext не існує або цей запис має порожнє " "значення, буде використано namingContexts. Для роботи системи потрібно, щоб " "атрибут namingContexts має єдине значення DN бази пошуку сервера LDAP. " "Підтримки визначення декількох значень не передбачено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:158 msgid "ldap_schema (string)" msgstr "ldap_schema (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:161 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " "may vary. The way that some attributes are handled may also differ." msgstr "" "Визначає тип схеми, що використовується на сервері LDAP призначення. " "Відповідно до вибраної схеми, типові назви атрибутів, отриманих з сервера, " "можуть бути різними. Спосіб обробки атрибутів також може бути різним." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:168 msgid "Four schema types are currently supported:" msgstr "У поточній версії передбачено підтримку чотирьох типів схем:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:172 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:177 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:182 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> #: sssd-ldap.5.xml:187 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:193 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " "the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, " "group members are listed by DN and stored in the <emphasis>member</emphasis> " "attribute. The AD schema type sets the attributes to correspond with Active " "Directory 2008r2 values." msgstr "" "Основною відмінністю між цими типами схем є спосіб запису даних щодо участі " "у групах на сервері. Відповідно до rfc2307, список учасників груп " "впорядковується за користувачами у атрибуті <emphasis>memberUid</emphasis>. " "Відповідно до rfc2307bis і IPA, список учасників груп впорядковується за " "назвою домену (DN) і зберігається у атрибуті <emphasis>member</emphasis>. " "Відповідно до типу схеми AD, встановлюється відповідність зі значеннями " "Active Directory 2008r2." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:203 msgid "Default: rfc2307" msgstr "Типове значення: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:209 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:212 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "Типова назва домену прив’язки, яку слід використовувати для виконання дій " "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:219 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:222 msgid "The type of the authentication token of the default bind DN." msgstr "Тип розпізнавання для типової назви сервера прив’язки." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:226 msgid "The two mechanisms currently supported are:" msgstr "У поточній версії передбачено підтримку двох механізмів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:229 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:232 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:235 msgid "Default: password" msgstr "Типове значення: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:241 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:244 msgid "" "The authentication token of the default bind DN. Only clear text passwords " "are currently supported." msgstr "" "Лексема розпізнавання типової назви сервера прив’язки. У поточній версії " "передбачено підтримку лише паролів у форматі звичайного тексту." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:251 msgid "ldap_user_object_class (string)" msgstr "ldap_user_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:254 msgid "The object class of a user entry in LDAP." msgstr "Клас об’єктів запису користувача у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:257 msgid "Default: posixAccount" msgstr "Типове значення: posixAccount" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:263 msgid "ldap_user_name (string)" msgstr "ldap_user_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:266 msgid "The LDAP attribute that corresponds to the user's login name." msgstr "Атрибут LDAP, що відповідає назві облікового запису користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:270 msgid "Default: uid" msgstr "Типове значення: uid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:276 msgid "ldap_user_uid_number (string)" msgstr "ldap_user_uid_number (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:279 msgid "The LDAP attribute that corresponds to the user's id." msgstr "Атрибут LDAP, що відповідає ідентифікатору користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:283 msgid "Default: uidNumber" msgstr "Типове значення: uidNumber" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:289 msgid "ldap_user_gid_number (string)" msgstr "ldap_user_gid_number (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:292 msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "Атрибут LDAP, що відповідає ідентифікатору основної групи користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792 msgid "Default: gidNumber" msgstr "Типове значення: gidNumber" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:302 msgid "ldap_user_gecos (string)" msgstr "ldap_user_gecos (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:305 msgid "The LDAP attribute that corresponds to the user's gecos field." msgstr "Атрибут LDAP, що відповідає полю gecos користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:309 msgid "Default: gecos" msgstr "Типове значення: gecos" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:315 msgid "ldap_user_home_directory (string)" msgstr "ldap_user_home_directory (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:318 msgid "The LDAP attribute that contains the name of the user's home directory." msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:322 msgid "Default: homeDirectory" msgstr "Типове значення: homeDirectory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:328 msgid "ldap_user_shell (string)" msgstr "ldap_user_shell (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:331 msgid "The LDAP attribute that contains the path to the user's default shell." msgstr "" "Атрибут LDAP, що містить шлях до типової командної оболонки користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:335 msgid "Default: loginShell" msgstr "Типове значення: loginShell" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:341 msgid "ldap_user_uuid (string)" msgstr "ldap_user_uuid (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:344 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1025 msgid "Default: nsUniqueId" msgstr "Типове значення: nsUniqueId" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:354 msgid "ldap_user_objectsid (string)" msgstr "ldap_user_objectsid (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:357 msgid "" "The LDAP attribute that contains the objectSID of an LDAP user object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" "Атрибут LDAP, що містить objectSID об’єкта користувача LDAP. Зазвичай, " "потрібен лише для серверів ActiveDirectory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" "Типове значення: objectSid для ActiveDirectory, не встановлено для інших " "серверів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:369 msgid "ldap_user_modify_timestamp (string)" msgstr "ldap_user_modify_timestamp (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1034 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" "Атрибут LDAP, що містить часову позначку останньої зміни батьківського " "об’єкта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1041 msgid "Default: modifyTimestamp" msgstr "Типове значення: modifyTimestamp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:382 msgid "ldap_user_shadow_last_change (string)" msgstr "ldap_user_shadow_last_change (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:385 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of " "the last password change)." msgstr "" "У разі використання ldap_pwd_policy=shadow цей параметр містить назву " "атрибута LDAP, який є відповідником параметра <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> (дати останньої зміни пароля)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:395 msgid "Default: shadowLastChange" msgstr "Типове значення: shadowLastChange" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:401 msgid "ldap_user_shadow_min (string)" msgstr "ldap_user_shadow_min (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:404 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum " "password age)." msgstr "" "У разі використання ldap_pwd_policy=shadow цей параметр містить назву " "атрибута LDAP, який є відповідником параметра <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> (мінімального віку пароля)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:413 msgid "Default: shadowMin" msgstr "Типове значення: shadowMin" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:419 msgid "ldap_user_shadow_max (string)" msgstr "ldap_user_shadow_max (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:422 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum " "password age)." msgstr "" "У разі використання ldap_pwd_policy=shadow цей параметр містить назву " "атрибута LDAP, який є відповідником параметра <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> (максимального віку пароля)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:431 msgid "Default: shadowMax" msgstr "Типове значення: shadowMax" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:437 msgid "ldap_user_shadow_warning (string)" msgstr "ldap_user_shadow_warning (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:440 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password warning period)." msgstr "" "У разі використання ldap_pwd_policy=shadow цей параметр містить назву " "атрибута LDAP, який є відповідником параметра <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> (проміжку попередження щодо пароля)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:450 msgid "Default: shadowWarning" msgstr "Типове значення: shadowWarning" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:456 msgid "ldap_user_shadow_inactive (string)" msgstr "ldap_user_shadow_inactive (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:459 msgid "" "When using ldap_pwd_policy=shadow, this parameter contains the name of an " "LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart " "(password inactivity period)." msgstr "" "У разі використання ldap_pwd_policy=shadow цей параметр містить назву " "атрибута LDAP, який є відповідником параметра <citerefentry> " "<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> (тривалості періоду невикористання пароля)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:469 msgid "Default: shadowInactive" msgstr "Типове значення: shadowInactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:475 msgid "ldap_user_shadow_expire (string)" msgstr "ldap_user_shadow_expire (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:478 msgid "" "When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this " "parameter contains the name of an LDAP attribute corresponding to its " "<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> counterpart (account expiration date)." msgstr "" "У разі використання ldap_pwd_policy=shadow або " "ldap_account_expire_policy=shadow цей параметр містить назву атрибута LDAP, " "який є відповідником параметра <citerefentry> <refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> (дати завершення " "строку дії пароля)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:488 msgid "Default: shadowExpire" msgstr "Типове значення: shadowExpire" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:494 msgid "ldap_user_krb_last_pwd_change (string)" msgstr "ldap_user_krb_last_pwd_change (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:497 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time of last password change in " "kerberos." msgstr "" "Якщо використано значення ldap_pwd_policy=mit_kerberos, цей параметр містить " "назву атрибута LDAP, у якому зберігається дата і час останньої зміни пароля " "у kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:503 msgid "Default: krbLastPwdChange" msgstr "Типове значення: krbLastPwdChange" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:509 msgid "ldap_user_krb_password_expiration (string)" msgstr "ldap_user_krb_password_expiration (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:512 msgid "" "When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of " "an LDAP attribute storing the date and time when current password expires." msgstr "" "Якщо використано значення ldap_pwd_policy=mit_kerberos, цей параметр містить " "назву атрибута LDAP, у якому зберігається дата і час завершення строку дії " "поточного пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:518 msgid "Default: krbPasswordExpiration" msgstr "Типове значення: krbPasswordExpiration" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:524 msgid "ldap_user_ad_account_expires (string)" msgstr "ldap_user_ad_account_expires (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:527 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the expiration time of the account." msgstr "" "Якщо вказано ldap_account_expire_policy=ad, цей параметр містить назву " "атрибута LDAP, у якому зберігаються дані щодо строку завершення дії " "облікового запису." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:532 msgid "Default: accountExpires" msgstr "Типове значення: accountExpires" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:538 msgid "ldap_user_ad_user_account_control (string)" msgstr "ldap_user_ad_user_account_control (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:541 msgid "" "When using ldap_account_expire_policy=ad, this parameter contains the name " "of an LDAP attribute storing the user account control bit field." msgstr "" "Якщо вказано ldap_account_expire_policy=ad, цей параметр містить назву " "атрибута LDAP, у якому зберігаються дані щодо поля контрольного біта " "облікового запису користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:546 msgid "Default: userAccountControl" msgstr "Типове значення: userAccountControl" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:552 msgid "ldap_ns_account_lock (string)" msgstr "ldap_ns_account_lock (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:555 msgid "" "When using ldap_account_expire_policy=rhds or equivalent, this parameter " "determines if access is allowed or not." msgstr "" "Якщо вказано ldap_account_expire_policy=rhds або еквівалентне налаштування, " "цей параметр визначає, заборонено чи дозволено доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:560 msgid "Default: nsAccountLock" msgstr "Типове значення: nsAccountLock" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:566 msgid "ldap_user_nds_login_disabled (string)" msgstr "ldap_user_nds_login_disabled (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:569 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines if " "access is allowed or not." msgstr "" "Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає, дозволено " "чи заборонено доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:573 sssd-ldap.5.xml:587 msgid "Default: loginDisabled" msgstr "Типове значення: loginDisabled" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:579 msgid "ldap_user_nds_login_expiration_time (string)" msgstr "ldap_user_nds_login_expiration_time (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:582 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines until " "which date access is granted." msgstr "" "Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає дату, до " "якої надано доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:593 msgid "ldap_user_nds_login_allowed_time_map (string)" msgstr "ldap_user_nds_login_allowed_time_map (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:596 msgid "" "When using ldap_account_expire_policy=nds, this attribute determines the " "hours of a day in a week when access is granted." msgstr "" "Якщо вказано ldap_account_expire_policy=nds, цей атрибут визначає годити дня " "тижня, коли надається доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:601 msgid "Default: loginAllowedTimeMap" msgstr "Типове значення: loginAllowedTimeMap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:607 msgid "ldap_user_principal (string)" msgstr "ldap_user_principal (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:610 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" "Атрибут LDAP, що містить Kerberos User Principal Name (UPN) користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:614 msgid "Default: krbPrincipalName" msgstr "Типове значення: krbPrincipalName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:620 msgid "ldap_user_ssh_public_key (string)" msgstr "ldap_user_ssh_public_key (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:623 msgid "The LDAP attribute that contains the user's SSH public keys." msgstr "Атрибут LDAP, який містить відкриті ключі SSH користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:630 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:633 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " "fail. Set this option to a non-zero value if you want to use an upper-case " "realm." msgstr "" "Деякі з серверів каталогів, наприклад Active Directory, можуть надавати " "частину області адреси UPN лише малими літерами (літерами нижнього " "регістру), що може призвести до невдалої спроби розпізнавання. Встановіть " "ненульове значення цього параметра, якщо ви бажаєте використовувати назву " "області у верхньому регістрі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:646 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:649 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" "Визначає кількість секунд, протягом яких SSSD має очікувати до оновлення " "свого кешу нумерованих записів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:660 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:663 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " "space." msgstr "" "Визначає частоту пошуків у кеші неактивних записів (зокрема груп без " "учасників та користувачів, які ніколи не входили до системи) та вилучення " "цих записів з метою економії місця." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:669 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" "Встановлення нульового значення цього параметра вимкне дію з очищення кешу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:673 msgid "Default: 10800 (12 hours)" msgstr "Типове значення: 10800 (12 годин)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:679 msgid "ldap_user_fullname (string)" msgstr "ldap_user_fullname (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:682 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "Атрибут LDAP, що відповідає повному імені користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:975 #: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1990 sssd-ldap.5.xml:2316 #: sssd-ipa.5.xml:648 msgid "Default: cn" msgstr "Типове значення: cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:692 msgid "ldap_user_member_of (string)" msgstr "ldap_user_member_of (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:695 msgid "The LDAP attribute that lists the user's group memberships." msgstr "Атрибут LDAP зі списком груп, у яких бере участь користувач." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:699 sssd-ipa.5.xml:552 msgid "Default: memberOf" msgstr "Типове значення: memberOf" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:705 msgid "ldap_user_authorized_service (string)" msgstr "ldap_user_authorized_service (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:708 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " "to determine access privilege." msgstr "" "Якщо access_provider=ldap і ldap_access_order=authorized_service, SSSD " "використовуватиме наявність атрибута authorizedService у записі користувача " "LDAP для визначення прав доступу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:715 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" "Спочатку визначаються явні заборони (!svc). Далі SSSD шукає явні дозволи " "(svc) і нарешті загальні дозволи або allow_all (*)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:720 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>authorized_service</quote> in order for the " "ldap_user_authorized_service option to work." msgstr "" "Будь ласка, зауважте, що параметр налаштування ldap_access_order " "<emphasis>має</emphasis> включати <quote>authorized_service</quote>, щоб " "система змогла скористатися параметром ldap_user_authorized_service." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:727 msgid "Default: authorizedService" msgstr "Типове значення: authorizedService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:733 msgid "ldap_user_authorized_host (string)" msgstr "ldap_user_authorized_host (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:736 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " "privilege." msgstr "" "Якщо access_provider=ldap і ldap_access_order=host, SSSD використовуватиме " "наявність атрибута host у записі користувача LDAP для визначення прав " "доступу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:742 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" "Спочатку визначаються явні заборони (!host). Далі SSSD шукає явні дозволи " "(host) і нарешті загальні дозволи або allow_all (*)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:747 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>host</quote> in order for the " "ldap_user_authorized_host option to work." msgstr "" "Будь ласка, зауважте, що параметр налаштування ldap_access_order " "<emphasis>має</emphasis> включати <quote>host</quote>, щоб можна було " "скористатися параметром ldap_user_authorized_host." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:754 msgid "Default: host" msgstr "Типове значення: host" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:760 msgid "ldap_group_object_class (string)" msgstr "ldap_group_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:763 msgid "The object class of a group entry in LDAP." msgstr "Клас об’єктів запису групи у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:766 msgid "Default: posixGroup" msgstr "Типове значення: posixGroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:772 msgid "ldap_group_name (string)" msgstr "ldap_group_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:775 msgid "The LDAP attribute that corresponds to the group name." msgstr "Атрибут LDAP, що відповідає назві групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:785 msgid "ldap_group_gid_number (string)" msgstr "ldap_group_gid_number (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:788 msgid "The LDAP attribute that corresponds to the group's id." msgstr "Атрибут LDAP, що відповідає ідентифікатору групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:798 msgid "ldap_group_member (string)" msgstr "ldap_group_member (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:801 msgid "The LDAP attribute that contains the names of the group's members." msgstr "Атрибут LDAP, у якому містяться імена учасників групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:805 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:811 msgid "ldap_group_uuid (string)" msgstr "ldap_group_uuid (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:814 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта групи LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:824 msgid "ldap_group_objectsid (string)" msgstr "ldap_group_objectsid (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:827 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" "Атрибут LDAP, що містить objectSID об’єкта групи LDAP. Зазвичай, потрібен " "лише для серверів ActiveDirectory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:839 msgid "ldap_group_modify_timestamp (string)" msgstr "ldap_group_modify_timestamp (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:852 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_group_type (integer)" msgstr "ldap_opt_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:855 #, fuzzy #| msgid "The LDAP attribute that contains the names of the group's members." msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "Атрибут LDAP, у якому містяться імена учасників групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:860 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " "domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:866 msgid "Default: groupType in the AD provider, othewise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:873 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:876 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " "follow. This option has no effect on the RFC2307 schema." msgstr "" "Якщо ldap_schema встановлено у значення формату схеми, у якому передбачено " "підтримку вкладеності груп (наприклад RFC2307bis), цей параметр визначає " "кількість рівнів вкладеності, які оброблятимуться SSSD. Значення цього " "параметра буде проігноровано, якщо використано схему RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:883 msgid "Default: 2" msgstr "Типове значення: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:889 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "ldap_groups_use_matching_rule_in_chain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:892 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " "complex or deep nested groups." msgstr "" "За допомогою цього параметра можна наказати SSSD скористатися перевагами " "специфічної для Active Directory можливості, яка надає змогу пришвидшити дії " "з пошуку груп у мережах зі складною системою груп або системою груп з " "високим рівнем вкладеності." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:898 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" "Здебільшого, не варто вмикати цю можливість. Пришвидшення за її допомогою " "можна буде спостерігати лише у дуже складних випадках вкладеності груп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:903 sssd-ldap.5.xml:930 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " "\"auto-detect\"." msgstr "" "Якщо увімкнено цей параметр, SSSD використовуватиме можливість, якщо під час " "початкового сеансу з’єднання виявить, що на сервері передбачено підтримку " "можливості. Отже, насправді значення «True» означає «визначити автоматично»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:909 sssd-ldap.5.xml:936 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> " "for more details." msgstr "" "Зауваження: відомо, що у поточній версії цією можливістю можна скористатися " "лише для Active Directory 2008 R1 та пізніших версій. Докладніше про це " "можна дізнатися з <ulink url=\"http://msdn.microsoft.com/en-us/library/" "windows/desktop/aa746475%28v=vs.85%29.aspx\">документації MSDN(TM)</ulink>." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:915 sssd-ldap.5.xml:942 sssd-ldap.5.xml:1233 #: sssd-ldap.5.xml:1254 sssd-ldap.5.xml:1760 include/ldap_id_mapping.xml:226 msgid "Default: False" msgstr "Типове значення: False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:921 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "ldap_initgroups_use_matching_rule_in_chain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:924 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " "dealing with complex or deep nested groups)." msgstr "" "За допомогою цього параметра можна наказати SSSD скористатися перевагами " "специфічної для Active Directory можливості, яка може пришвидшити дії з " "початковими групами (initgroups). Особливо помітним таке пришвидшення є у " "системах зі складною системою груп або системою груп з високим рівнем " "вкладеності." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:948 msgid "ldap_netgroup_object_class (string)" msgstr "ldap_netgroup_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:951 msgid "The object class of a netgroup entry in LDAP." msgstr "Клас об’єктів запису мережевої групи (netgroup) у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:954 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "У надавачі даних IPA має бути використано ipa_netgroup_object_class." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:958 msgid "Default: nisNetgroup" msgstr "Типове значення: nisNetgroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:964 msgid "ldap_netgroup_name (string)" msgstr "ldap_netgroup_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:967 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "Атрибут LDAP, що відповідає назві мережевої групи (netgroup)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:971 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "У надавачі даних IPA має бути використано ipa_netgroup_name." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:981 msgid "ldap_netgroup_member (string)" msgstr "ldap_netgroup_member (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:984 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" "Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:988 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "У надавачі даних IPA має бути використано ipa_netgroup_member." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:992 msgid "Default: memberNisNetgroup" msgstr "Типове значення: memberNisNetgroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:998 msgid "ldap_netgroup_triple (string)" msgstr "ldap_netgroup_triple (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1001 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" "Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1005 sssd-ldap.5.xml:1038 msgid "This option is not available in IPA provider." msgstr "Цим параметром не можна скористатися у надавачі даних IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1008 msgid "Default: nisNetgroupTriple" msgstr "Типове значення: nisNetgroupTriple" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1014 msgid "ldap_netgroup_uuid (string)" msgstr "ldap_netgroup_uuid (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1017 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта мережевої групи LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1021 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "У надавачі даних IPA має бути використано ipa_netgroup_uuid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1031 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "ldap_netgroup_modify_timestamp (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1047 msgid "ldap_service_object_class (string)" msgstr "ldap_service_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1050 msgid "The object class of a service entry in LDAP." msgstr "Клас об’єктів запису служби у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1053 msgid "Default: ipService" msgstr "Типове значення: ipService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1059 msgid "ldap_service_name (string)" msgstr "ldap_service_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1062 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" "Атрибут LDAP, що містить назву атрибутів служби та замінників цих атрибутів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1072 msgid "ldap_service_port (string)" msgstr "ldap_service_port (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1075 msgid "The LDAP attribute that contains the port managed by this service." msgstr "Атрибут LDAP, що містить номер порту, яким керує ця служба." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1079 msgid "Default: ipServicePort" msgstr "Типове значення: ipServicePort" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1085 msgid "ldap_service_proto (string)" msgstr "ldap_service_proto (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1088 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "Атрибут LDAP, що містить протоколи, за яким може працювати ця служба." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1092 msgid "Default: ipServiceProtocol" msgstr "Типове значення: ipServiceProtocol" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1098 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1103 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1106 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " "is entered)" msgstr "" "Визначає час очікування на дані (у секундах) для виконання пошуків ldap, " "перш ніж пошук буде скасовано з поверненням кешованих даних (і переходом до " "автономного режиму роботи)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1112 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " "lookup types." msgstr "" "Зауваження: роботу цього параметра буде змінено у наступних версіях SSSD. " "Ймовірно, його буде колись замінено на послідовність часів очікування для " "окремих типів пошуків." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1124 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1127 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " "are returned (and offline mode is entered)" msgstr "" "Визначає час очікування на дані (у секундах) для виконання пошуків номерів " "користувачів та груп у ldap, перш ніж пошук буде скасовано з поверненням " "кешованих даних (і переходом до автономного режиму роботи)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1140 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1143 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> following a <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> returns in case of no activity." msgstr "" "Визначає час очікування (у секундах), після завершення якого <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" "<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</" "manvolnum> </citerefentry> з наступним <citerefentry> " "<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </" "citerefentry> повертається до стану бездіяльності." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1166 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1169 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " "communicating with the KDC in case of SASL bind." msgstr "" "Визначає час очікування (у секундах), після завершення якого виклики до " "синхронних програмних інтерфейсів LDAP буде перервано, якщо не буде отримано " "відповіді. Також керує часом очікування під час обміну даними з KDC у " "випадку прив’язки SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1181 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1184 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " "in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. " "the TGT lifetime) will be used." msgstr "" "Визначає час очікування (у секундах), протягом якого підтримуватиметься " "з’єднання з сервером LDAP. По завершенню цього часу буде зроблено спробу " "повторно встановити з’єднання. У разі використання паралельно до SASL/GSSAPI " "буде використано перше за часом значення (це значення або значення строку " "дії TGT)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1192 sssd-ldap.5.xml:2147 msgid "Default: 900 (15 minutes)" msgstr "Типове значення: 900 (15 хвилин)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1198 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1201 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" "Визначити кількість записів, які слід отримати з LDAP у відповідь на один " "запит. На деяких серверах LDAP визначено обмеження максимальної кількості на " "один запит." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1206 msgid "Default: 1000" msgstr "Типове значення: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1212 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1215 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " "it is not enabled or does not behave properly." msgstr "" "Вимикає контроль сторінок LDAP. Цим параметром слід скористатися, якщо " "сервер LDAP повідомляє про підтримку контролю сторінок LDAP у своєму " "RootDSE, але цю підтримку не увімкнено або вона не працює належним чином." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1221 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" "Приклад: сервери OpenLDAP з модулем контролю сторінок, встановленим на " "сервері, але не увімкненим, повідомляють про підтримку у RootDSE, але цією " "підтримкою не можна скористатися." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1227 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " "requests being denied." msgstr "" "Приклад: 389 DS має ваду, пов’язану з тим, що здатен підтримувати лише один " "процес контролю сторінок для одного з’єднання. У разі значного навантаження " "це може призвести до відмови у виконанні запитів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1239 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1242 msgid "Disable Active Directory range retrieval." msgstr "Вимкнути отримання діапазону Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1245 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " "group contains more members, the reply would include an AD-specific range " "extension. This option disables parsing of the range extension, therefore " "large groups will appear as having no members." msgstr "" "У Active Directory за допомогою правила MaxValRange (типове значення 1500 " "записів) обмежується кількість записів, які може бути отримано під час " "пошуку. Якщо у певній групі міститься більше записів учасників, до відповіді " "буде включено специфічне для AD розширення діапазону. За допомогою цього " "параметра можна вимкнути обробку розширення діапазону, отже великі групи " "буде представлено як такі, у яких немає учасників." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1260 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1263 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " "option are defined by OpenLDAP." msgstr "" "Під час обміну даними з сервером LDAP за допомогою SASL визначає мінімальний " "рівень захисту, потрібний для встановлення з’єднання. Значення цього " "параметра визначається OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1269 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "Типове значення: типове для системи значення (зазвичай, визначається у ldap." "conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1276 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1279 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " "they are looked up individually." msgstr "" "Вказує кількість учасників групи, записів яких має не вистачати у " "зовнішньому кеші для запуску загального пошуку з розіменуванням. Якщо " "пропущених записів буде менше за вказану кількість, пошук для них " "виконуватиметься окремо." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1285 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" "Ви можете повністю вимкнути пошуки з отриманням значення об’єкта " "(розіменуванням), якщо вкажете значення 0." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1289 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " "methods. The currently supported servers are 389/RHDS, OpenLDAP and Active " "Directory." msgstr "" "Пошук з розіменуванням — це отримання всіх записів учасників групи за одним " "викликом LDAP. У різних серверах LDAP може бути передбачено різні способи " "розіменування. У поточній версії передбачено підтримку серверів 389/RHDS, " "OpenLDAP та Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1297 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " "regardless of this setting." msgstr "" "<emphasis>Зауваження:</emphasis> якщо у одній з основ пошуку визначається " "фільтр пошуку, покращення швидкодії фільтрів розіменування буде вимкнено, " "незалежно від використання цього параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1310 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1313 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" "Визначає перелік перевірок, які слід виконати для сертифікатів серверів у " "сеансі TLS, якщо такі перевірки слід виконувати. Може бути визначено одне з " "таких значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1319 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" "<emphasis>never</emphasis> = клієнт не надсилатиме запиту і не перевірятиме " "жодних сертифікатів сервера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1323 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, it will be ignored and the session proceeds normally." msgstr "" "<emphasis>allow</emphasis> = надіслати запит щодо сертифіката сервера. Якщо " "сертифікат не буде надано, продовжити сеанс у звичайному режимі. Якщо буде " "надано помилковий сертифікат, ігнорувати і продовжити сеанс у звичайному " "режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1330 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " "is provided, the session is immediately terminated." msgstr "" "<emphasis>try</emphasis> = надіслати запит щодо сертифіката сервера. Якщо " "сертифікат не буде надано, продовжити сеанс у звичайному режимі. Якщо буде " "надано помилковий сертифікат, негайно перервати сеанс." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1336 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " "immediately terminated." msgstr "" "<emphasis>demand</emphasis> = надіслати запит щодо сертифіката сервера. Якщо " "сертифікат не буде надано або буде надано помилковий сертифікат, негайно " "перервати сеанс." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1342 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1346 msgid "Default: hard" msgstr "Типове значення: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1352 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1355 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" "Визначає файл, який містить сертифікати для всіх служб сертифікації, які " "розпізнаються <command>sssd</command>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1378 sssd-ldap.5.xml:1419 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" "Типове значення: використовувати типові параметри OpenLDAP, що зберігаються " "у <filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1367 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1370 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " "be the hash of the certificate followed by '.0'. If available, " "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" "Визначає шлях до каталогу, де у окремих файлах містяться сертифікати служб " "сертифікації (CA). Типовими назвами файлів є хеші сертифікатів з додаванням " "«.0». Для створення відповідних назв можна скористатися " "<command>cacertdir_rehash</command>, якщо ця програма є доступною." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1385 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1388 msgid "Specifies the file that contains the certificate for the client's key." msgstr "Визначає файл, який містить сертифікат для ключа клієнта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1398 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1401 msgid "Specifies the file that contains the client's key." msgstr "Визначає файл, у якому міститься ключ клієнта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1410 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1413 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> for format." msgstr "" "Визначає прийнятні комплекти програм для шифрування. Записи у типовому " "списку слід відокремлювати комами. З форматом можна ознайомитися на сторінці " "довідника до <citerefentry><refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1426 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1429 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" "Визначає, що з’єднання id_provider має також використовувати <systemitem " "class=\"protocol\">tls</systemitem> для захисту каналу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1439 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1442 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " "on ldap_user_uid_number and ldap_group_gid_number." msgstr "" "Визначає, що SSSD має намагатися встановити відповідність ідентифікаторів " "користувача і групи на основі атрибутів ldap_user_objectsid та " "ldap_group_objectsid, замість атрибутів ldap_user_uid_number та " "ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1448 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "У поточній версії у цій можливості передбачено підтримку лише встановлення " "відповідності objectSID у ActiveDirectory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1458 msgid "ldap_min_id, ldap_max_id (interger)" msgstr "ldap_min_id, ldap_max_id (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1461 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " "ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this " "might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id " "can be set to restrict the allowed range for the IDs which are read directly " "from the server. Sub-domains can then pick other ranges to map IDs." msgstr "" "На відміну від прив’язування ідентифікаторів на основі SID, яке " "використовується, якщо параметр ldap_id_mapping має значення true, діапазон " "дозволених ідентифікаторів для ldap_user_uid_number і ldap_group_gid_number " "є необмеженим. У конфігураціях з піддоменами та довіреними доменами це може " "призвести до конфліктів ідентифікаторів. Щоб уникнути конфліктів, можна " "встановити значення ldap_min_id і ldap_max_id для обмеження дозволеного " "діапазону ідентифікаторів, які буде прочитано безпосередньо з сервера. Після " "цього піддомени можуть вибирати інші діапазони для прив’язування " "ідентифікаторів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1473 msgid "Default: not set (both options are set to 0)" msgstr "" "Типове значення: не встановлено (обидва параметри встановлено у значення 0)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1479 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1482 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" "Визначає механізм SASL, який слід використовувати. У поточній версії " "перевірено і підтримується лише механізм GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1492 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1495 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " "This option can either contain the full principal (for example host/" "myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)." msgstr "" "Визначає ідентифікатор уповноваження SASL, який слід використовувати. Якщо " "використано GSSAPI, відповідає реєстраційному запису Kerberos, який " "використовується для розпізнавання під час доступу до каталогу. У цьому " "параметрів можуть зберігатися або реєстраційні дані повністю (наприклад host/" "myhost@EXAMPLE.COM) або лише назва реєстраційного запису (наприклад host/" "myhost)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1503 msgid "Default: host/hostname@REALM" msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1509 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1512 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " "well, this option is ignored." msgstr "" "Визначає область SASL, яку слід використовувати. Якщо не вказано значення, " "типовим значенням цього параметра є значення krb5_realm. Якщо " "ldap_sasl_authid також містить запис області, цей параметр буде " "проігноровано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1518 msgid "Default: the value of krb5_realm." msgstr "Типове значення: значення krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1524 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1527 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" "Якщо встановлено значення true (1), бібліотека LDAP виконувати зворотній " "пошук з метою переведення назв вузлів у канонічну форму під час прив’язки до " "SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1532 msgid "Default: false;" msgstr "Типове значення: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1538 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1541 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1544 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5." "keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1550 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1553 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " "GSSAPI." msgstr "" "Визначає, що id_provider має ініціалізувати реєстраційні дані Kerberos " "(TGT). Цю дію буде виконано, лише якщо використовується SASL і вибрано " "механізм GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1565 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1568 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1572 sssd-ad.5.xml:319 msgid "Default: 86400 (24 hours)" msgstr "Типове значення: 86400 (24 години)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1578 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1581 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled - for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" "Визначає список IP-адрес або назв вузлів, відокремлених комами, серверів " "Kerberos, з якими SSSD має встановлювати з’єднання. Список має бути " "впорядковано за пріоритетом. Докладніше про резервування та додаткові " "сервери можна дізнатися з розділу «РЕЗЕРВ». До адрес або назв вузлів може " "бути додано номер порту (перед номером слід вписати двокрапку). Якщо " "параметр матиме порожнє значення, буде увімкнено виявлення служб. Докладніше " "про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1593 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " "none are found." msgstr "" "Під час використання виявлення служб для серверів KDC або kpasswd SSSD " "спочатку намагається знайти записи DNS, у яких визначається протокол _udp. " "Використання протоколу _tcp відбувається, лише якщо таких записів не " "вдасться знайти." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1598 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " "migrate their config files to use <quote>krb5_server</quote> instead." msgstr "" "У попередніх випусках SSSD цей параметр мав назву «krb5_kdcip». У поточній " "версії передбачено розпізнавання цієї застарілої назви, але користувачам " "варто перейти на використання «krb5_server» у файлах налаштувань." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1607 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1610 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1613 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1619 sssd-ipa.5.xml:386 sssd-krb5.5.xml:453 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1622 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" "Визначає, чи слід перетворювати реєстраційний запис вузла у канонічну форму " "під час встановлення з’єднання з сервером LDAP. Цю можливість передбачено з " "версії MIT Kerberos >= 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1634 sssd-krb5.5.xml:468 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1637 sssd-krb5.5.xml:471 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " "to configure the Kerberos library using the <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> configuration file." msgstr "" "Визначає, чи слід SSSD вказувати бібліотекам Kerberos, яку область і які " "значення KDC слід використовувати. Типово, дію параметра увімкнено. Якщо ви " "вимкнете його, вам слід налаштувати бібліотеку Kerberos за допомогою файла " "налаштувань <citerefentry> <refentrytitle>krb5.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1648 sssd-krb5.5.xml:482 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " "information on the locator plugin." msgstr "" "Див. сторінку підручника (man) <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1662 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1665 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" "Визначає правил оцінки строку дії пароля на боці клієнта. Можна " "використовувати такі значення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1670 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" "<emphasis>none</emphasis> — не використовувати перевірки на боці клієнта. У " "разі використання цього варіанта перевірку на боці сервера вимкнено не буде." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1675 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " "evaluate if the password has expired." msgstr "" "<emphasis>shadow</emphasis> — використовувати атрибути у стилі " "<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> для визначення того, чи чинним є пароль." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1681 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " "these attributes when the password is changed." msgstr "" "<emphasis>mit_kerberos</emphasis> — використовувати атрибути MIT Kerberos " "для визначення завершення строку дії пароля. У разі зміни пароля " "скористайтеся chpass_provider=krb5 для оновлення цих атрибутів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1690 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1698 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1701 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" "Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1705 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" "Зауважте, що sssd підтримує визначення напрямків, лише якщо систему зібрано " "з версією OpenLDAP 2.4.13 або новішою версією." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1710 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " "does not in fact require the use of referrals, setting this option to false " "might bring a noticeable performance improvement." msgstr "" "Перехід за спрямуваннями може призвести до значних втрат швидкодії у " "середовищах, де такі спрямування використовуються широко. Прикладом такого " "середовища може бути Microsoft Active Directory. Якщо у вашому середовищі " "спрямування не є обов’язковими, встановлення для цього параметра значення " "«false» може значно пришвидшити роботу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1724 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1727 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Визначає назву служби, яку буде використано у разі вмикання визначення служб." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1731 msgid "Default: ldap" msgstr "Типове значення: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1737 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1740 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" "Визначає назву служби, яку буде використано для пошуку сервера LDAP, який " "уможливлює зміну паролів, у разі вмикання визначення служб." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1745 msgid "Default: not set, i.e. service discovery is disabled" msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1751 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1754 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" "Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change даними " "щодо кількості днів з часу виконання дії зі зміни пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1766 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1769 #, fuzzy #| msgid "" #| "If using access_provider = ldap and ldap_access_order = filter (default), " #| "this option is mandatory. It specifies an LDAP search filter criteria " #| "that must be met for the user to be granted access on this host. If " #| "access_provider = ldap, ldap_access_order = filter and this option is not " #| "set, it will result in all users being denied access. Use " #| "access_provider = permit to change this default behavior." msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " "must be met for the user to be granted access on this host. If " "access_provider = ldap, ldap_access_order = filter and this option is not " "set, it will result in all users being denied access. Use access_provider = " "permit to change this default behavior. Please note that this filter is " "applied on the LDAP user entry only." msgstr "" "Якщо використовується access_provider = ldap та ldap_access_order = filter " "(типова поведінка), цей параметр є обов’язковим. Він вказує критерії " "фільтрування LDAP, яким має задовольняти запис користувача для надання " "доступу до цього вузла. Якщо визначено access_provider = ldap та " "ldap_access_order = filter, а цей параметр не встановлено, доступ буде " "заборонено всім користувачам. Щоб змінити таку типову поведінку системи, " "скористайтеся параметром access_provider = permit" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1782 sssd-ldap.5.xml:2376 msgid "Example:" msgstr "Приклад:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:1785 #, fuzzy, no-wrap #| msgid "" #| "access_provider = ldap\n" #| "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n" #| " " msgid "" "access_provider = ldap\n" "ldap_access_filter = (employeeType=admin)\n" " " msgstr "" "access_provider = ldap\n" "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1789 #, fuzzy #| msgid "" #| "This example means that access to this host is restricted to members of " #| "the \"allowedusers\" group in ldap." msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" "У прикладі доступ до вузла обмежено учасниками групи «allowedusers» у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1794 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " "access during their last login, they will continue to be granted access " "while offline and vice-versa." msgstr "" "Автономне кешування для цієї можливості обмежено визначенням того, чи було " "надано користувачеві під час попередньої спроби увійти до системи з мережі " "права доступу. Якщо під час останньої спроби увійти такі права було надано, " "система продовжуватиме надавати права доступу у автономному режимі. Якщо ж " "таких прав не було надано, у автономному режимі їх також не буде надано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1802 sssd-ldap.5.xml:1859 msgid "Default: Empty" msgstr "Типове значення: порожній рядок" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1808 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1811 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" "За допомогою цього параметра може бути увімкнено визначення атрибутів " "керування доступом на боці клієнта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1815 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " "even if the password is correct." msgstr "" "Будь ласка, зауважте, що завжди варто використовувати керування доступом на " "боці сервера, тобто сервер LDAP має відмовляти у запитах щодо прив’язування " "з відповідним кодом помилки, навіть якщо вказано правильний пароль." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1822 msgid "The following values are allowed:" msgstr "Можна використовувати такі значення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1825 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" "<emphasis>shadow</emphasis>: це значення ldap_user_shadow_expire допомагає " "визначити, чи завершено строк дії облікового запису." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1830 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " "set. If the attribute is missing access is granted. Also the expiration time " "of the account is checked." msgstr "" "<emphasis>ad</emphasis>: скористатися значенням 32-бітового поля " "ldap_user_ad_user_account_control і дозволити доступ, якщо другий біт має " "нульове значення. Якщо атрибут не буде знайдено, доступ буде дозволено. " "Також буде перевірено, чи не вичерпано строк дії облікового запису." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1837 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " "allowed or not." msgstr "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: використовувати для перевірки доступу значення " "ldap_ns_account_lock." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1843 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " "ldap_user_nds_login_expiration_time are used to check if access is allowed. " "If both attributes are missing access is granted." msgstr "" "<emphasis>nds</emphasis>: для перевірки доступу використовувати значення " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled і " "ldap_user_nds_login_expiration_time. Якщо не буде виявлено жодного з цих " "атрибутів, надати доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1852 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " "ldap_account_expire_policy option to work." msgstr "" "Будь ласка, зауважте, що параметр налаштування ldap_access_order " "<emphasis>має</emphasis> включати <quote>expire</quote>, щоб можна було " "користуватися параметром ldap_account_expire_policy." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1865 msgid "ldap_access_order (string)" msgstr "ldap_access_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1868 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Список відокремлених комами параметрів керування доступом. Можливі значення " "списку:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1872 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1875 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1879 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" "<emphasis>authorized_service</emphasis>: використовувати для визначення " "можливості доступу атрибут authorizedService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1884 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити " "права доступу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1888 msgid "Default: filter" msgstr "Типове значення: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1891 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" "Зауважте, що програма повідомить про помилку, якщо одне значення було " "використано декілька разів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1898 msgid "ldap_deref (string)" msgstr "ldap_deref (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1901 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" "Визначає спосіб виконання розіменовування псевдонімів під час виконання " "пошуку. Можливі такі варіанти:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1906 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" "<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1910 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" "<emphasis>searching</emphasis>: розіменування псевдонімів відбувається у " "межах основного об’єкта, а не на основі визначення місця основного об’єкта " "пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1915 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" "<emphasis>finding</emphasis>: розіменування псевдонімів відбувається лише " "під час визначення місця основного об’єкта пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1920 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" "<emphasis>always</emphasis>: розіменування псевдонімів відбувається як під " "час пошуку, так і під час визначення місця основного об’єкта пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1925 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" "Типове значення: не встановлено (обробка бібліотеками LDAP клієнта за " "сценарієм <emphasis>never</emphasis>)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1933 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1936 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" "Надає змогу зберігати локальних користувачів як учасників групи LDAP для " "серверів, у яких використовується схема RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1940 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " "The self-consistency of the domain is compromised when this is done, so SSSD " "would normally remove the \"missing\" users from the cached group " "memberships as soon as nsswitch tries to fetch information about the user " "via getpw*() or initgroups() calls." msgstr "" "У деяких середовищах, де використовується схема RFC2307, локальних " "користувачів можна зробити учасниками груп LDAP додаванням імен цих " "користувачів до атрибута memberUid. Узгодженість домену може бути " "скомпрометовано, якщо буде виконано подібне додавання учасника, тому SSSD за " "звичайних умов вилучає записи користувачів, яких «не вистачає», з кешованих " "даних щодо участі у групах, щойно nsswitch спробує отримати дані щодо " "користувачів за допомогою виклику getpw*() або initgroups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1951 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " "additional LDAP groups." msgstr "" "У разі використання цього параметра програма повертається до перевірки " "посилань на локальних користувачів і кешує їх так, що наступні виклики " "initgroups() розширюватимуть список локальних користувачів додатковими " "групами LDAP." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:51 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " "of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for full details. <placeholder type=" "\"variablelist\" id=\"0\"/>" msgstr "" "Всі загальні параметри налаштування, які стосуються доменів SSSD, також " "стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки " "підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. " "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:1967 msgid "SUDO OPTIONS" msgstr "ПАРАМЕТРИ SUDO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1971 msgid "ldap_sudorule_object_class (string)" msgstr "ldap_sudorule_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1974 msgid "The object class of a sudo rule entry in LDAP." msgstr "Клас об’єктів запису правила sudo у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1977 msgid "Default: sudoRole" msgstr "Типове значення: sudoRole" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1983 msgid "ldap_sudorule_name (string)" msgstr "ldap_sudorule_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1986 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "Атрибут LDAP, що відповідає назві правила sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:1996 msgid "ldap_sudorule_command (string)" msgstr "ldap_sudorule_command (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:1999 msgid "The LDAP attribute that corresponds to the command name." msgstr "Атрибут LDAP, що відповідає назві команди." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2003 msgid "Default: sudoCommand" msgstr "Типове значення: sudoCommand" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2009 msgid "ldap_sudorule_host (string)" msgstr "ldap_sudorule_host (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2012 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" "Атрибут LDAP, який відповідає назві вузла (або IP-адресі вузла, IP-мережі " "вузла, мережевій групі вузла)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2017 msgid "Default: sudoHost" msgstr "Типове значення: sudoHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2023 msgid "ldap_sudorule_user (string)" msgstr "ldap_sudorule_user (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2026 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" "Атрибут LDAP, що відповідає назві імені користувача (або UID, назві групи " "або назві мережевої групи користувача)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2030 msgid "Default: sudoUser" msgstr "Типове значення: sudoUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2036 msgid "ldap_sudorule_option (string)" msgstr "ldap_sudorule_option (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2039 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "Атрибут LDAP, що відповідає параметрам sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2043 msgid "Default: sudoOption" msgstr "Типове значення: sudoOption" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2049 msgid "ldap_sudorule_runasuser (string)" msgstr "ldap_sudorule_runasuser (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2052 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" "Атрибут LDAP, що відповідає користувачеві, від імені якого можна виконувати " "команди." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2056 msgid "Default: sudoRunAsUser" msgstr "Типове значення: sudoRunAsUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2062 msgid "ldap_sudorule_runasgroup (string)" msgstr "ldap_sudorule_runasgroup (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2065 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" "Атрибут LDAP, що відповідає назві групи або GID, від імені якої можна " "виконувати команди." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2069 msgid "Default: sudoRunAsGroup" msgstr "Типове значення: sudoRunAsGroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2075 msgid "ldap_sudorule_notbefore (string)" msgstr "ldap_sudorule_notbefore (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2078 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" "Атрибут LDAP, що відповідає даті і часу набуття чинності правилом sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2082 msgid "Default: sudoNotBefore" msgstr "Типове значення: sudoNotBefore" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2088 msgid "ldap_sudorule_notafter (string)" msgstr "ldap_sudorule_notafter (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2091 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "Атрибут LDAP, що відповідає даті і часу втрати чинності правилом sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2096 msgid "Default: sudoNotAfter" msgstr "Типове значення: sudoNotAfter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2102 msgid "ldap_sudorule_order (string)" msgstr "ldap_sudorule_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2105 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "Атрибут LDAP, що відповідає порядковому номеру правила." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2109 msgid "Default: sudoOrder" msgstr "Типове значення: sudoOrder" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2115 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2118 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" "Проміжок часу у секундах між послідовними повними оновленнями правил sudo " "SSSD у автоматичному режимі. Під час таких оновлень буде отримано повний " "набір правил, що зберігаються на сервері." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2123 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" "Це значення має перевищувати значення " "<emphasis>ldap_sudo_smart_refresh_interval </emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2128 msgid "Default: 21600 (6 hours)" msgstr "Типове значення: 21600 (6 годин)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2134 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2137 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " "of cached rules)." msgstr "" "Проміжок часу у секундах між послідовними кмітливими оновленнями правил sudo " "SSSD у автоматичному режимі. Під час таких оновлень буде отримано всі дані " "правил, USN яких перевищує найбільше значення USN у кешованих правилах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2143 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" "Якщо підтримки атрибутів USN на сервері не передбачено, буде використано " "дані атрибута modifyTimestamp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2153 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2156 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" "Якщо визначено значення true, SSSD отримуватиме лише правила, що стосуються " "цього комп’ютера (на основі адрес вузла або мережі у форматах IPv4 і IPv6 та " "назв вузлів)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2167 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2170 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" "Список назв вузлів або повних доменних назв, відокремлених пробілами, для " "фільтрування списку правил." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2175 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" "Якщо значення цього параметра є порожнім, SSSD намагатиметься визначити " "назву вузла та повну назву комп’ютера у домені у автоматичному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2180 sssd-ldap.5.xml:2203 sssd-ldap.5.xml:2221 #: sssd-ldap.5.xml:2239 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" "Якщо для <emphasis>ldap_sudo_use_host_filter</emphasis> встановлено значення " "<emphasis>false</emphasis>, цей параметр ні на що не впливатиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2185 sssd-ldap.5.xml:2208 msgid "Default: not specified" msgstr "Типове значення: не вказано" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2191 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2194 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" "Список адрес вузлів або мереж у форматах IPv4 і IPv6 для фільтрування списку " "правил." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2199 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" "Якщо значення цього параметра є порожнім, SSSD намагатиметься визначити " "адресу у автоматичному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2214 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2217 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" "Якщо вказано значення true, SSSD отримуватиме всі правила, що містять " "мережеву групу (netgroup) у атрибуті sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2232 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2235 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" "Якщо вказано значення true, SSSD отримуватиме всі правила, що містять шаблон " "заміни у атрибуті sudoHost." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:1969 msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2251 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" "На цій сторінці довідника наведено дані щодо відповідності назв атрибутів. " "Докладний опис семантики атрибутів, пов’язаних з sudo, можна знайти у " "довідці з <citerefentry> <refentrytitle>sudoers.ldap</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2261 msgid "AUTOFS OPTIONS" msgstr "ПАРАМЕТРИ AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2263 msgid "" "Please note that the default values correspond to the default schema which " "is RFC2307." msgstr "" "Будь ласка, зауважте, що типові значення відповідають типовій схемі, яку " "визначено у RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2269 msgid "ldap_autofs_map_object_class (string)" msgstr "ldap_autofs_map_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2272 sssd-ldap.5.xml:2298 msgid "The object class of an automount map entry in LDAP." msgstr "Клас об’єктів запису карти автоматичного монтування у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2275 sssd-ldap.5.xml:2302 msgid "Default: automountMap" msgstr "Типове значення: automountMap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2282 msgid "ldap_autofs_map_name (string)" msgstr "ldap_autofs_map_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2285 msgid "The name of an automount map entry in LDAP." msgstr "Назва запису карти автоматичного монтування у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2288 msgid "Default: ou" msgstr "Типове значення: ou" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2295 msgid "ldap_autofs_entry_object_class (string)" msgstr "ldap_autofs_entry_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2309 msgid "ldap_autofs_entry_key (string)" msgstr "ldap_autofs_entry_key (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2312 sssd-ldap.5.xml:2326 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" "Ключ запису автоматичного монтування LDAP. Цей запис зазвичай відповідає " "точні монтування." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2323 msgid "ldap_autofs_entry_value (string)" msgstr "ldap_autofs_entry_value (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2330 msgid "Default: automountInformation" msgstr "Типове значення: automountInformation" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2267 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" "\"variablelist\" id=\"4\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2340 msgid "ADVANCED OPTIONS" msgstr "ДОДАТКОВІ ПАРАМЕТРИ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2347 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2352 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2357 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2362 msgid "ldap_user_search_filter (string)" msgstr "ldap_user_search_filter (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2365 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" "За допомогою цього параметра можна визначити додатковий критерій " "фільтрування LDAP, яким буде обмежено пошук користувачів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2369 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" "Цей параметр вважається <emphasis>застарілим</emphasis>. Варто " "використовувати синтаксичні конструкції з ldap_user_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ldap.5.xml:2379 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " msgstr "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2382 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" "За допомогою цього фільтра можна обмежити пошук користувачів, лише тими, для " "яких встановлено командну оболонку /bin/tcsh." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2389 msgid "ldap_group_search_filter (string)" msgstr "ldap_group_search_filter (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2392 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" "За допомогою цього параметра можна визначити додатковий критерій " "фільтрування LDAP, яким буде обмежено пошук груп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:2396 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" "Цей параметр вважається <emphasis>застарілим</emphasis>. Варто " "використовувати синтаксичні конструкції з ldap_group_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2406 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:2411 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2342 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " "are doing. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Підтримку цих параметрів передбачено доменами LDAP, але користуватися ними " "слід обережно. Будь ласка, використовуйте їх у налаштуваннях, лише якщо вам " "відомі наслідки ваших дій. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2428 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " "section." msgstr "" "У наведеному нижче прикладі припускається, що SSSD налаштовано належним " "чином, а LDAP встановлено на один з доменів з розділу " "<replaceable>[domains]</replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ldap.5.xml:2434 #, no-wrap msgid "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" msgstr "" " [domain/LDAP]\n" " id_provider = ldap\n" " auth_provider = ldap\n" " ldap_uri = ldap://ldap.mydomain.org\n" " ldap_search_base = dc=mydomain,dc=org\n" " ldap_tls_reqcert = demand\n" " cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> #: sssd-ldap.5.xml:2433 sssd-simple.5.xml:139 sssd-ipa.5.xml:801 #: sssd-ad.5.xml:390 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:2446 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:405 #: sssd.8.xml:191 sss_seed.8.xml:163 msgid "NOTES" msgstr "ЗАУВАЖЕННЯ" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:2448 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 " "distribution." msgstr "" "Описи деяких з параметрів налаштування на цій сторінці підручника засновано " "на даних сторінки підручника (man) <citerefentry> <refentrytitle>ldap.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> з пакунка OpenLDAP " "2.4." #. type: Content of: <refentryinfo> #: pam_sss.8.xml:8 include/upstream.xml:2 msgid "" "<productname>SSSD</productname> <orgname>The SSSD upstream - http://" "fedorahosted.org/sssd</orgname>" msgstr "" "<productname>SSSD</productname> <orgname>Основна гілка розробки SSSD — " "http://fedorahosted.org/sssd</orgname>" #. type: Content of: <reference><refentry><refnamediv><refname> #: pam_sss.8.xml:13 pam_sss.8.xml:18 msgid "pam_sss" msgstr "pam_sss" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: pam_sss.8.xml:19 msgid "PAM module for SSSD" msgstr "модуль PAM для SSSD" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: pam_sss.8.xml:24 #, fuzzy #| msgid "" #| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" #| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> " #| "</arg>" msgid "" "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</" "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>" msgstr "" "<command>pam_sss.so</command> <arg choice='opt'> <arg choice='opt'> " "<replaceable>quiet</replaceable> </arg> <replaceable>forward_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</" "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</" "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:48 msgid "" "<command>pam_sss.so</command> is the PAM interface to the System Security " "Services daemon (SSSD). Errors and results are logged through " "<command>syslog(3)</command> with the LOG_AUTHPRIV facility." msgstr "" "<command>pam_sss.so</command> — інтерфейс PAM до System Security Services " "daemon (SSSD). Помилки та результати роботи записуються за допомогою " "<command>syslog(3)</command> до запису LOG_AUTHPRIV." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:58 msgid "<option>quiet</option>" msgstr "<option>quiet</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:61 msgid "Suppress log messages for unknown users." msgstr "Не показувати у журналі повідомлень для невідомих користувачів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:66 msgid "<option>forward_pass</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:69 msgid "" "If <option>forward_pass</option> is set the entered password is put on the " "stack for other PAM modules to use." msgstr "" "Якщо встановлено значення <option>forward_pass</option>, введений пароль " "буде збережено у стосі паролів для використання іншими модулями PAM." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:76 msgid "<option>use_first_pass</option>" msgstr "<option>use_first_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:79 msgid "" "The argument use_first_pass forces the module to use a previous stacked " "modules password and will never prompt the user - if no password is " "available or the password is not appropriate, the user will be denied access." msgstr "" "Використання аргументу use_first_pass примушує модуль до використання пароля " "з модулів попереднього рівня. Ніяких запитів до користувача не " "надсилатиметься, — якщо пароль не буде виявлено або пароль виявиться " "непридатним, доступ користувачеві буде заборонено." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:87 msgid "<option>use_authtok</option>" msgstr "<option>use_authtok</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:90 msgid "" "When password changing enforce the module to set the new password to the one " "provided by a previously stacked password module." msgstr "" "Визначає ситуацію, коли зміна пароля примушує модуль встановлювати новий " "пароль на основі пароля, наданого попереднім модулем обробки паролів зі " "стосу модулів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:97 msgid "<option>retry=N</option>" msgstr "<option>retry=N</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:100 msgid "" "If specified the user is asked another N times for a password if " "authentication fails. Default is 0." msgstr "" "Якщо вказано, користувача запитуватимуть про пароль ще N разів, якщо перший " "раз розпізнавання зазнає невдачі. Типовим значенням є 0." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:102 msgid "" "Please note that this option might not work as expected if the application " "calling PAM handles the user dialog on its own. A typical example is " "<command>sshd</command> with <option>PasswordAuthentication</option>." msgstr "" "Будь ласка, зауважте, що цей параметр може працювати не так, як очікується, " "якщо програма, яка викликає PAM, має власний обробник діалогових вікон " "взаємодії з користувачем. Типовим прикладом є <command>sshd</command> з " "<option>PasswordAuthentication</option>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: pam_sss.8.xml:111 #, fuzzy #| msgid "<option>forward_pass</option>" msgid "<option>ignore_unknown_user</option>" msgstr "<option>forward_pass</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: pam_sss.8.xml:114 msgid "" "If this option is specified and the user does not exist, the PAM module will " "return PAM_IGNORE. This causes the PAM framework to ignore this module." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:123 msgid "MODULE TYPES PROVIDED" msgstr "ПЕРЕДБАЧЕНІ ТИПИ МОДУЛІВ" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:124 msgid "" "All module types (<option>account</option>, <option>auth</option>, " "<option>password</option> and <option>session</option>) are provided." msgstr "" "Передбачено всі типи модулів (<option>account</option>, <option>auth</" "option>, <option>password</option> і <option>session</option>)." #. type: Content of: <reference><refentry><refsect1><title> #: pam_sss.8.xml:130 msgid "FILES" msgstr "ФАЙЛИ" #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:131 msgid "" "If a password reset by root fails, because the corresponding SSSD provider " "does not support password resets, an individual message can be displayed. " "This message can e.g. contain instructions about how to reset a password." msgstr "" "Якщо спроба скидання пароля від імені адміністративного користувача (root) " "зазнає невдачі, оскільки у відповідному засобі обробки SSSD не передбачено " "скидання паролів, може бути показано певне повідомлення. У цьому " "повідомленні, наприклад, можуть міститися настанови щодо скидання пароля." #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:136 msgid "" "The message is read from the file <filename>pam_sss_pw_reset_message.LOC</" "filename> where LOC stands for a locale string returned by <citerefentry> " "<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </" "citerefentry>. If there is no matching file the content of " "<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be " "the owner of the files and only root may have read and write permissions " "while all other users must have only read permissions." msgstr "" "Текст повідомлення буде прочитано з файла <filename>pam_sss_pw_reset_message." "LOC</filename>, де «LOC» — рядок локалі у форматі, повернутому " "<citerefentry> <refentrytitle>setlocale</refentrytitle><manvolnum>3</" "manvolnum> </citerefentry>. Якщо відповідного файла знайдено не буде, буде " "показано вміст файла <filename>pam_sss_pw_reset_message.txt</filename>. " "Власником файлів має бути адміністративний користувач (root). Доступ до " "запису файлів також повинен мати лише адміністративний користувач. Всім " "іншим користувачам може бути надано лише право читання файлів." #. type: Content of: <reference><refentry><refsect1><para> #: pam_sss.8.xml:146 msgid "" "These files are searched in the directory <filename>/etc/sssd/customize/" "DOMAIN_NAME/</filename>. If no matching file is present a generic message is " "displayed." msgstr "" "Пошук цих файлів виконуватиметься у каталозі <filename>/etc/sssd/customize/" "НАЗВА_ДОМЕНУ/</filename>. Якщо відповідний файл не буде знайдено, буде " "показано типове повідомлення." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15 msgid "sssd_krb5_locator_plugin" msgstr "sssd_krb5_locator_plugin" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:22 #, fuzzy #| msgid "" #| "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> " #| "is used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" #| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the " #| "Kerberos libraries what Realm and which KDC to use. Typically this is " #| "done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> " #| "<manvolnum>5</manvolnum> </citerefentry> which is always read by the " #| "Kerberos libraries. To simplify the configuration the Realm and the KDC " #| "can be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " #| "<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> " #| "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" #| "citerefentry>" msgid "" "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is " "used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos " "libraries what Realm and which KDC to use. Typically this is done in " "<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> which is always read by the Kerberos libraries. " "To simplify the configuration the Realm and the KDC can be defined in " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> as described in <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>" msgstr "" "Додаток пошуку Kerberos <command>sssd_krb5_locator_plugin</command> " "використовується засобом обробки Kerberos <citerefentry> " "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "для сповіщення бібліотек Kerberos яку область і KDC слід використовувати. " "Типово, таке сповіщення виконується за допомогою <citerefentry> " "<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, файла, читання якого завжди виконується бібліотеками " "Kerberos. Щоб спростити налаштування, область та KDC можна визначити у " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> у спосіб, описаний на сторінці довідки " "<citerefentry> <refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:48 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> puts the Realm and the name or IP address of the KDC into " "the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. " "When <command>sssd_krb5_locator_plugin</command> is called by the kerberos " "libraries it reads and evaluates these variables and returns them to the " "libraries." msgstr "" "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry> зберігає область і назву або IP-адресу KDC у змінних " "середовища SSSD_KRB5_REALM і SSSD_KRB5_KDC, відповідно. Якщо програма " "<command>sssd_krb5_locator_plugin</command> викликається бібліотеками " "kerberos, ця програма читає і визначає ці змінні і повертає їхні значення " "бібліотекам." #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:63 msgid "" "Not all Kerberos implementations support the use of plugins. If " "<command>sssd_krb5_locator_plugin</command> is not available on your system " "you have to edit /etc/krb5.conf to reflect your Kerberos setup." msgstr "" "Підтримку використання додатків передбачено не у всіх реалізаціях Kerberos. " "Якщо у вашій системі немає <command>sssd_krb5_locator_plugin</command>, вам " "слід внести зміни до /etc/krb5.conf, які відповідатимуть вашій версії " "Kerberos." #. type: Content of: <reference><refentry><refsect1><para> #: sssd_krb5_locator_plugin.8.xml:69 msgid "" "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " "debug messages will be sent to stderr." msgstr "" "Якщо встановлено будь-яке значення змінної середовища " "SSSD_KRB5_LOCATOR_DEBUG, діагностичні повідомлення надсилатимуться до stderr." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-simple.5.xml:10 sssd-simple.5.xml:16 msgid "sssd-simple" msgstr "sssd-simple" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-simple.5.xml:17 msgid "the configuration file for SSSD's 'simple' access-control provider" msgstr "файл налаштувань інструмента керування доступом «simple» SSSD" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:24 msgid "" "This manual page describes the configuration of the simple access-control " "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, " "refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page." msgstr "" "На цій сторінці довідника описано налаштування простого засобу керування " "доступом для <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис " "налаштування, зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:38 msgid "" "The simple access provider grants or denies access based on an access or " "deny list of user or group names. The following rules apply:" msgstr "" "Простий засіб керування доступом надає або забороняє доступ на основі списку " "допуску або заборони, складеного за назвами облікових записів користувачів " "та групами. Використовуються такі правила:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:43 msgid "If all lists are empty, access is granted" msgstr "Якщо всі списки є порожніми, доступ буде надано." #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:47 msgid "" "If any list is provided, the order of evaluation is allow,deny. This means " "that any matching deny rule will supersede any matched allow rule." msgstr "" "Якщо вказано будь-який зі списків, обробка виконуватиметься за послідовністю " "«допуск, потім заборона» (allow,deny). Це означає, що будь-яке з правил " "заборони матиме пріоритет над будь-яким правилом допуску." #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:54 msgid "" "If either or both \"allow\" lists are provided, all users are denied unless " "they appear in the list." msgstr "" "Якщо буде вказано один або обидва списки допуску («allow»), всім " "користувачам поза цими списками доступ буде заборонено." #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> #: sssd-simple.5.xml:60 msgid "" "If only \"deny\" lists are provided, all users are granted access unless " "they appear in the list." msgstr "" "Якщо буде вказано лише списки заборони («deny»), всі користувачам поза цими " "списками доступ буде надано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:78 msgid "simple_allow_users (string)" msgstr "simple_allow_users (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:81 msgid "Comma separated list of users who are allowed to log in." msgstr "" "Відокремлений комами список користувачів, яким дозволено вхід до системи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:88 msgid "simple_deny_users (string)" msgstr "simple_deny_users (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:91 msgid "Comma separated list of users who are explicitly denied access." msgstr "" "Список користувачів, яким явно заборонено доступ; записи відокремлюються " "комами." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:97 msgid "simple_allow_groups (string)" msgstr "simple_allow_groups (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:100 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" "Відокремлений комами список груп, користувачам яких дозволено вхід до " "системи. Стосується лише груп у межах цього домену SSSD. Локальні групи не " "обробляються." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-simple.5.xml:108 msgid "simple_deny_groups (string)" msgstr "simple_deny_groups (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-simple.5.xml:111 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" "Відокремлений комами список груп, користувачам яких явно заборонено доступ. " "Стосується лише груп у межах цього домену SSSD. Локальні групи не " "обробляються." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89 msgid "" "Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> manual page for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки довідника (man) " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>, щоб дізнатися більше про налаштування домену " "SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:120 msgid "" "Specifying no values for any of the lists is equivalent to skipping it " "entirely. Beware of this while generating parameters for the simple provider " "using automated scripts." msgstr "" "Якщо не вказувати значень для жодного зі списків, вважатиметься, що параметр " "не визначено. Пам’ятайте про це, якщо захочете створити параметри для " "простого надавача автоматизованими скриптами." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:125 msgid "" "Please note that it is an configuration error if both, simple_allow_users " "and simple_deny_users, are defined." msgstr "" "Будь ласка, зауважте, що визначення обох параметрів, simple_allow_users і " "simple_deny_users, є помилкою у налаштуванні." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-simple.5.xml:133 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the simple access provider-specific options." msgstr "" "У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, " "а example.com є одним з доменів у розділі <replaceable>[sssd]</replaceable>. " "У прикладі продемонстровано лише параметри, специфічні для простого засобу " "доступу." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-simple.5.xml:140 #, no-wrap msgid "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" msgstr "" " [domain/example.com]\n" " access_provider = simple\n" " simple_allow_users = user1, user2\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16 msgid "sssd-ipa" msgstr "sssd-ipa" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:23 msgid "" "This manual page describes the configuration of the IPA provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "На цій сторінці довідника описано налаштування засобу керування доступом IPA " "для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, " "зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:36 msgid "" "The IPA provider is a back end used to connect to an IPA server. (Refer to " "the freeipa.org web site for information about IPA servers.) This provider " "requires that the machine be joined to the IPA domain; configuration is " "almost entirely self-discovered and obtained directly from the server." msgstr "" "Інструмент надання даних IPA — модуль, який використовується для " "встановлення з’єднання з сервером IPA. (Інформацію щодо серверів IPA можна " "знайти на сайті freeipa.org.) Цей інструмент надання доступу потребує " "включення комп’ютера до домену IPA. Налаштування майже повністю " "автоматизовано, дані для нього отримуються безпосередньо з сервера." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:43 msgid "" "The IPA provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" "Інструментом надання даних IPA використовуються ті самі параметри, що " "використовуються надавачем даних профілів <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> та надавачем " "даних для розпізнавання <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> з певними винятками, " "описаними нижче." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:55 msgid "" "However, it is neither necessary nor recommended to set these options. IPA " "provider can also be used as an access and chpass provider. As an access " "provider it uses HBAC (host-based access control) rules. Please refer to " "freeipa.org for more information about HBAC. No configuration of access " "provider is required on the client side." msgstr "" "Потреби у встановленні або використанні цих параметрів виникнути не повинно. " "Інструментом надання даних IPA також можна скористатися для перевірки прав " "доступу та зміни паролів. Для керування доступом використовуються правила " "HBAC (host-based access control або керування доступом на основі даних щодо " "вузлів). Докладнішу інформацію щодо HBAC можна отримати на сайті freeipa." "org. У налаштуванні керування доступом на боці клієнта немає потреби." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:62 msgid "" "The IPA provider will use the PAC responder if the Kerberos tickets of users " "from trusted realms contain a PAC. To make configuration easier the PAC " "responder is started automatically if the IPA ID provider is configured." msgstr "" "Інструмент надання даних IPA використовуватиме відповідач PAC, якщо квитки " "Kerberos користувачів з довірених областей містять PAC. Для полегшення " "налаштовування відповідач PAC запускається автоматично, якщо налаштовано " "інструмент надання даних ідентифікаторів IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:78 msgid "ipa_domain (string)" msgstr "ipa_domain (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:81 msgid "" "Specifies the name of the IPA domain. This is optional. If not provided, " "the configuration domain name is used." msgstr "" "Визначає назву домену IPA. Є необов’язковим. Якщо не вказано, буде " "використано назву домену з налаштувань." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:89 msgid "ipa_server, ipa_backup_server (string)" msgstr "ipa_server, ipa_backup_server (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:92 msgid "" "The comma-separated list of IP addresses or hostnames of the IPA servers to " "which SSSD should connect in the order of preference. For more information " "on failover and server redundancy, see the <quote>FAILOVER</quote> section. " "This is optional if autodiscovery is enabled. For more information on " "service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" "Впорядкований за пріоритетом список IP-адрес або назв вузлів, відокремлених " "комами, серверів IPA, з якими має встановити з’єднання SSSD. Докладніші " "відомості щодо резервних серверів викладено у розділі «РЕЗЕРВ». Цей список є " "необов’язковим, якщо увімкнено автоматичне виявлення служб. Докладніші " "відомості щодо автоматичного виявлення служб наведено у розділі «ПОШУК " "СЛУЖБ»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:105 msgid "ipa_hostname (string)" msgstr "ipa_hostname (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:108 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the IPA domain to identify this host." msgstr "" "Необов’язковий. Може бути встановлено на комп’ютерах, де hostname(5) не " "відповідає повній назві, що використовується доменом IPA для розпізнавання " "цього вузла." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:116 sssd-ad.5.xml:256 msgid "dyndns_update (boolean)" msgstr "dyndns_update (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:119 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA v2 with the IP address of this client. The update is " "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used " "for the updates, if it is not otherwise specified by using the " "<quote>dyndns_iface</quote> option." msgstr "" "Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично " "оновити на сервері DNS, вбудованому до FreeIPA v2, IP-адресу клієнта. Захист " "оновлення буде забезпечено за допомогою GSS-TSIG. Для оновлення буде " "використано IP-адресу з’єднання LDAP IPA, якщо не вказано іншу адресу за " "допомогою параметра «dyndns_iface»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:128 sssd-ad.5.xml:270 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" "ЗАУВАЖЕННЯ: на застарілих системах (зокрема RHEL 5) для надійної роботи у " "цьому режимі типову область дії Kerberos має бути належним чином визначено " "у /etc/krb5.conf" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:133 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" "emphasis> in their config file." msgstr "" "ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, " "<emphasis>ipa_dyndns_update</emphasis>, користувачам слід переходити на нову " "назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:145 sssd-ad.5.xml:281 msgid "dyndns_ttl (integer)" msgstr "dyndns_ttl (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:148 sssd-ad.5.xml:284 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " "serverside if set by an administrator." msgstr "" "TTL, до якого буде застосовано клієнтський запис DNS під час його оновлення. " "Якщо dyndns_update має значення false, цей параметр буде проігноровано. " "Перевизначає TTL на боці сервера, якщо встановлено адміністратором." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:153 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" "emphasis> in their config file." msgstr "" "ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, " "<emphasis>ipa_dyndns_ttl</emphasis>, користувачам слід переходити на нову " "назву, <emphasis>dyndns_ttl</emphasis>, у файлі налаштувань." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:159 msgid "Default: 1200 (seconds)" msgstr "Типове значення: 1200 (секунд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:165 sssd-ad.5.xml:295 msgid "dyndns_iface (string)" msgstr "dyndns_iface (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:168 sssd-ad.5.xml:298 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "whose IP address should be used for dynamic DNS updates." msgstr "" "Необов’язковий. Застосовний лише тоді, коли dyndns_update має значення true. " "Визначити інтерфейс, чию адресу IP має бути використано для динамічних " "оновлень DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:173 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" "emphasis> in their config file." msgstr "" "ЗАУВАЖЕННЯ: хоча можна використовувати і попередню назву параметра, " "<emphasis>ipa_dyndns_iface</emphasis>, користувачам слід переходити на нову " "назву, <emphasis>dyndns_iface</emphasis>, у файлі налаштувань." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:179 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:185 msgid "ipa_enable_dns_sites (boolean)" msgstr "ipa_enable_dns_sites (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:188 sssd-ad.5.xml:152 msgid "Enables DNS sites - location based service discovery." msgstr "Вмикає сайти DNS — визначення служб на основі адрес." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:192 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " "based discovery using a query that contains \"_location.hostname.example.com" "\" and then fall back to traditional SRV discovery. If the location based " "discovery succeeds, the IPA servers located with the location based " "discovery are treated as primary servers and the IPA servers located using " "the traditional SRV discovery are used as back up servers" msgstr "" "Якщо вказано значення true і увімкнено визначення служб (див. розділ щодо " "пошуку служб у нижній частині сторінки підручника (man)), SSSD спочатку " "спробує визначення на основі адрес за допомогою запиту, що містить " "\"_location.hostname.example.com\", а потім повертається до традиційного " "визначення SRV. Якщо визначення на основі адреси буде успішним, сервери IPA, " "виявлені на основі визначення за адресою, вважатимуться основним серверами, " "а сервери IPA, виявлені за допомогою традиційного визначення SRV, " "вважатимуться резервними серверами." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:211 sssd-ad.5.xml:309 msgid "dyndns_refresh_interval (integer)" msgstr "dyndns_refresh_interval (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:214 sssd-ad.5.xml:312 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " "optional and applicable only when dyndns_update is true." msgstr "" "Визначає, наскільки часто серверний модуль має виконувати періодичні " "оновлення DNS на додачу до автоматичного оновлення, яке виконується під час " "кожного встановлення з’єднання серверного модуля з мережею. Цей параметр не " "є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:227 sssd-ad.5.xml:325 msgid "dyndns_update_ptr (bool)" msgstr "dyndns_update_ptr (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:230 sssd-ad.5.xml:328 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" "Визначає, чи слід явним чином оновлювати запис PTR під час оновлення записів " "DNS клієнта. Застосовується, лише якщо значенням dyndns_update буде true." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:235 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" "Значенням цього параметра у більшості розгорнутих систем IPA має бути False, " "оскільки сервер IPA створює записи PTR автоматично після зміни у записах " "переспрямовування." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:241 msgid "Default: False (disabled)" msgstr "Типове значення: False (вимкнено)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:247 sssd-ad.5.xml:339 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:250 sssd-ad.5.xml:342 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" "Визначає, чи слід у програмі nsupdate типово використовувати TCP для обміну " "даними з сервером DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:254 sssd-ad.5.xml:346 msgid "Default: False (let nsupdate choose the protocol)" msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:260 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:263 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з " "HBAC об’єктів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:267 msgid "Default: Use base DN" msgstr "Типове значення: використання базової назви домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:273 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:276 msgid "Optional. Use the given string as search base for host objects." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку об’єктів вузлів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" "Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про " "налаштування декількох основ пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:285 msgid "" "If filter is given in any of search bases and " "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " "will be ignored." msgstr "" "Якщо вказано фільтрування за довільною базою пошуку і встановлено значення " "False для <emphasis>ipa_hbac_support_srchost</emphasis>, фільтр буде " "проігноровано." #. type: Content of: <listitem><para> #: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 #: include/ldap_search_bases_experimental.xml:23 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:297 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:300 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку карт " "користувачів SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:316 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:319 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку надійних доменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:328 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Типове значення: значення <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:335 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:338 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку основного " "об’єкта домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:347 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" "Типове значення: значення виразу <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:354 sssd-krb5.5.xml:245 msgid "krb5_validate (boolean)" msgstr "krb5_validate (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:357 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" "Перевірити за допомогою krb5_keytab, чи не було підмінено отриманий TGT." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:364 sssd-ad.5.xml:366 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" "Зауважте, що це типове значення не збігається з типовим значенням засобу " "модуля Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:374 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" "Назва області дії Kerberos. Є необов’язковою, типовим значенням є значення " "«ipa_domain»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:378 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" "Назва області дії Kerberos має особливе значення у IPA: цю назву буде " "перетворено у основний DN для виконання дій LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:389 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " "with MIT Kerberos >= 1.7" msgstr "" "Визначає, чи слід перетворювати реєстраційний запис вузла і користувача у " "канонічну форм під час встановлення з’єднання з LDAP IPA, а також для " "запитів AS. Цю можливість передбачено з версії MIT Kerberos >= 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:402 sssd-krb5.5.xml:407 msgid "krb5_use_fast (string)" msgstr "krb5_use_fast (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:405 sssd-krb5.5.xml:410 msgid "" "Enables flexible authentication secure tunneling (FAST) for Kerberos pre-" "authentication. The following options are supported:" msgstr "" "Вмикає безпечне тунелювання для гнучкого розпізнавання (flexible " "authentication secure tunneling або FAST) для попереднього розпізнавання у " "Kerberos. Передбачено такі варіанти:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:410 #, fuzzy #| msgid "<emphasis>h</emphasis> for hours" msgid "<emphasis>never</emphasis> use FAST." msgstr "<emphasis>h</emphasis> — години" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:413 #, fuzzy #| msgid "" #| "<emphasis>try</emphasis> to use FAST. If the server does not support " #| "FAST, continue the authentication without it." msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it. This is equivalent to not setting " "this option at all." msgstr "" "<emphasis>try</emphasis> — використовувати FAST. Якщо на сервері не " "передбачено підтримки FAST, продовжити розпізнавання без FAST." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:419 sssd-krb5.5.xml:424 msgid "" "<emphasis>demand</emphasis> to use FAST. The authentication fails if the " "server does not require fast." msgstr "" "<emphasis>demand</emphasis> — використовувати FAST. Якщо на сервері не " "передбачено підтримки FAST, спроба розпізнавання зазнає невдачі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:424 #, fuzzy #| msgid "Default: true" msgid "Default: try" msgstr "Типове значення: true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:427 sssd-krb5.5.xml:435 msgid "" "NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If " "SSSD is used with an older version of MIT Kerberos, using this option is a " "configuration error." msgstr "" "Зауваження: у SSSD передбачено підтримку FAST лише у разі використання MIT " "Kerberos версії 1.8 або новішої. Якщо SSSD буде використано зі старішою " "версією MIT Kerberos і цим параметром, буде повідомлено про помилку у " "налаштуваннях." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:436 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:439 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " "access-control requests made in a short period." msgstr "" "Проміжок часу між послідовними пошуками правил HBAC щодо сервера IPA. Зміна " "може зменшити час затримки та навантаження на сервер IPA, якщо протягом " "короткого періоду часу надходить багато запитів щодо керування доступом." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:446 sssd-ipa.5.xml:462 msgid "Default: 5 (seconds)" msgstr "Типове значення: 5 (секунд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:452 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:455 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " "many user login requests made in a short period." msgstr "" "Проміжок часу між послідовними пошуками у картах SELinux щодо сервера IPA. " "Зміна може зменшити час затримки та навантаження на сервер IPA, якщо " "протягом короткого періоду часу надходить багато запитів щодо входу " "користувача до системи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:468 msgid "ipa_hbac_treat_deny_as (string)" msgstr "ipa_hbac_treat_deny_as (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:471 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " "of FreeIPA will need to migrate their rules to use only the ALLOW rules. The " "client will support two modes of operation during this transition period:" msgstr "" "За допомогою цього параметра можна визначити спосіб обробки застарілих " "правил HBAC типу DENY. З версії FreeIPA 2.1 на сервері більше не передбачено " "підтримки правил DENY. Всім користувачам FreeIPA слід перетворити правила " "так, щоб у них було використано лише правила ALLOW. На час перехідного " "періоду передбачено два режими обробки таких правил:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:480 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" "<emphasis>DENY_ALL</emphasis>: якщо буде виявлено хоч одне правило HBAC " "DENY, всім користувачам доступ буде заборонено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:485 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" "<emphasis>IGNORE</emphasis>: SSSD буде ігнорувати всі правила DENY. Будьте " "дуже обережні з цим варіантом, оскільки він може відкрити доступ до системи " "небажаним користувачам." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:490 msgid "Default: DENY_ALL" msgstr "Типове значення: DENY_ALL" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:496 msgid "ipa_hbac_support_srchost (boolean)" msgstr "ipa_hbac_support_srchost (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:499 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" "Якщо встановлено значення «false», значення srchost, вказане SSSD на основі " "даних PAM, буде проігноровано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:503 msgid "" "Note that if set to <emphasis>False</emphasis>, this option casuses filters " "given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" msgstr "" "Зауважте, що якщо встановлено значення <emphasis>False</emphasis>, фільтри, " "вказані за допомогою параметра <emphasis>ipa_host_search_base</emphasis>, " "буде проігноровано;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:514 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:517 #, fuzzy #| msgid "This options should only be set by the IPA installer." msgid "This option should only be set by the IPA installer." msgstr "Цей параметр має встановлюватися лише засобом встановлення IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:521 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" "За допомогою цього параметра можна визначити, чи працює SSSD на сервері IPA " "і має виконувати пошуки користувачів і груп з довірених доменів окремо." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:532 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:535 msgid "The automounter location this IPA client will be using" msgstr "" "Адреса автоматичного монтування, яку буде використовувати цей клієнт IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:538 msgid "Default: The location named \"default\"" msgstr "Типове значення: адреса з назвою \"default\"" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:545 msgid "ipa_netgroup_member_of (string)" msgstr "ipa_netgroup_member_of (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:548 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "Атрибут LDAP зі списком учасників мережевої групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:557 msgid "ipa_netgroup_member_user (string)" msgstr "ipa_netgroup_member_user (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:560 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" "Атрибут LDAP зі списком користувачів та груп системи, які є безпосередніми " "учасниками мережевої групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:565 sssd-ipa.5.xml:660 msgid "Default: memberUser" msgstr "Типове значення: memberUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:570 msgid "ipa_netgroup_member_host (string)" msgstr "ipa_netgroup_member_host (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:573 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" "Атрибут LDAP зі списком вузлів та груп вузлів, які є безпосередніми " "учасниками мережевої групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:577 sssd-ipa.5.xml:672 msgid "Default: memberHost" msgstr "Типове значення: memberHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:582 msgid "ipa_netgroup_member_ext_host (string)" msgstr "ipa_netgroup_member_ext_host (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:585 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" "Атрибут LDAP зі списком FQDN вузлів та груп вузлів, які є учасниками " "мережевої групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:589 msgid "Default: externalHost" msgstr "Типове значення: externalHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:594 msgid "ipa_netgroup_domain (string)" msgstr "ipa_netgroup_domain (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:597 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" "Атрибут LDAP, у якому міститься доменна назва NIS мережевої групи (netgroup)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:601 msgid "Default: nisDomainName" msgstr "Типове значення: nisDomainName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:607 msgid "ipa_host_object_class (string)" msgstr "ipa_host_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:610 sssd-ipa.5.xml:633 msgid "The object class of a host entry in LDAP." msgstr "Клас об’єктів запису вузла у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:613 sssd-ipa.5.xml:636 msgid "Default: ipaHost" msgstr "Типове значення: ipaHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:618 msgid "ipa_host_fqdn (string)" msgstr "ipa_host_fqdn (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:621 msgid "The LDAP attribute that contains FQDN of the host." msgstr "Атрибут LDAP, що містить FQDN вузла." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:624 msgid "Default: fqdn" msgstr "Типове значення: fqdn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:630 msgid "ipa_selinux_usermap_object_class (string)" msgstr "ipa_selinux_usermap_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:641 msgid "ipa_selinux_usermap_name (string)" msgstr "ipa_selinux_usermap_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:644 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "Атрибут LDAP, що містить назву карти користувачів SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:653 msgid "ipa_selinux_usermap_member_user (string)" msgstr "ipa_selinux_usermap_member_user (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:656 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" "Атрибут LDAP, що містить список всіх користувачів і груп, яких стосується це " "правило." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:665 msgid "ipa_selinux_usermap_member_host (string)" msgstr "ipa_selinux_usermap_member_host (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:668 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" "Атрибут LDAP, що містить список всіх вузлів і груп вузлів, яких стосується " "це правило." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:677 msgid "ipa_selinux_usermap_see_also (string)" msgstr "ipa_selinux_usermap_see_also (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:680 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost" msgstr "" "Атрибут LDAP, що містить назву домену правила HBAC, яким можна користуватися " "для встановлення відповідності замість memberUser і memberHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:685 msgid "Default: seeAlso" msgstr "Типове значення: seeAlso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:690 msgid "ipa_selinux_usermap_selinux_user (string)" msgstr "ipa_selinux_usermap_selinux_user (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:693 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "Атрибут LDAP, який містить сам рядок користувача SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:697 msgid "Default: ipaSELinuxUser" msgstr "Типове значення: ipaSELinuxUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:702 msgid "ipa_selinux_usermap_enabled (string)" msgstr "ipa_selinux_usermap_enabled (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:705 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" "Атрибут LDAP, що містить дані щодо того, чи можна користуватися картою " "користувачів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:709 msgid "Default: ipaEnabledFlag" msgstr "Типове значення: ipaEnabledFlag" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:714 msgid "ipa_selinux_usermap_user_category (string)" msgstr "ipa_selinux_usermap_user_category (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:717 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "Атрибут LDAP, що містить категорію користувачів, зокрема 'all'." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:721 msgid "Default: userCategory" msgstr "Типове значення: userCategory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:726 msgid "ipa_selinux_usermap_host_category (string)" msgstr "ipa_selinux_usermap_host_category (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:729 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "Атрибут LDAP, що містить категорію вузлів, зокрема 'all'." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:733 msgid "Default: hostCategory" msgstr "Типове значення: hostCategory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:738 msgid "ipa_selinux_usermap_uuid (string)" msgstr "ipa_selinux_usermap_uuid (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:741 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "Атрибут LDAP, що містить унікальний ідентифікатор карти користувачів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:745 msgid "Default: ipaUniqueID" msgstr "Типове значення: ipaUniqueID" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ipa.5.xml:750 msgid "ipa_host_ssh_public_key (string)" msgstr "ipa_host_ssh_public_key (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:753 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "Атрибут LDAP, який містить відкриті ключі SSH вузла." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ipa.5.xml:757 msgid "Default: ipaSshPubKey" msgstr "Типове значення: ipaSshPubKey" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ipa.5.xml:766 msgid "SUBDOMAINS PROVIDER" msgstr "СЛУЖБА ПІДДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:768 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" "Поведінка інструмента надання даних піддоменів IPA залежить від того, у який " "спосіб його налаштовано: явний чи неявний." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:772 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " "subdomain requests are sent to the IPA server if necessary." msgstr "" "Якщо у розділі домену sssd.conf буде знайдено запис параметра " "«subdomains_provider = ipa», інструмент надання даних піддоменів IPA " "налаштовано явно, отже всі запити піддоменів надсилатимуться серверу IPA, " "якщо це потрібно." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:778 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " "provider is configured implicitly. In this case, if a subdomain request " "fails and indicates that the server does not support subdomains, i.e. is not " "configured for trusts, the IPA subdomains provider is disabled. After an " "hour or after the IPA provider goes online, the subdomains provider is " "enabled again." msgstr "" "Якщо у розділі домену sssdconf не встановлено параметр " "«subdomains_provider», але встановлено параметр «id_provider = ipa», " "інструмент надання даних піддоменів IPA налаштовано неявним чином. У цьому " "випадку спроба запиту щодо піддомену зазнає невдачі і вказуватиме на те, що " "на сервері не передбачено піддоменів, тобто його не налаштовано на довіру, " "отже інструмент надання даних піддоменів IPA вимкнено. Щойно мине година або " "відкриється доступ до інструмента надання даних IPA, інструмент надання " "даних піддоменів буде знову увімкнено." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ipa.5.xml:795 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This examples shows only the ipa provider-specific options." msgstr "" "У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, " "а example.com є одним з доменів у розділі <replaceable>[sssd]</replaceable>. " "У прикладі продемонстровано лише параметри доступу, специфічні для засобу " "ipa." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ipa.5.xml:802 #, no-wrap msgid "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" msgstr "" " [domain/example.com]\n" " id_provider = ipa\n" " ipa_server = ipaserver.example.com\n" " ipa_hostname = myhost.example.com\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-ad.5.xml:10 sssd-ad.5.xml:16 msgid "sssd-ad" msgstr "sssd-ad" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:23 msgid "" "This manual page describes the configuration of the AD provider for " "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " "</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE " "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "На цій сторінці довідника описано налаштування засобу керування доступом AD " "для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, " "зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:36 msgid "" "The AD provider is a back end used to connect to an Active Directory server. " "This provider requires that the machine be joined to the AD domain and a " "keytab is available." msgstr "" "Засіб надання даних AD — це модуль, що використовується для встановлення " "з’єднання з сервером Active Directory. Цей засіб потребує долучення " "комп’ютера до домену AD та доступності таблиці ключів." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:41 msgid "" "The AD provider supports connecting to Active Directory 2008 R2 or later. " "Earlier versions may work, but are unsupported." msgstr "" "У засобі надання даних AD передбачено підтримку встановлення з’єднання з " "Active Directory 2008 R2 або пізнішою версією. Робота з попередніми версіями " "можлива, але не підтримується." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:45 msgid "" "The AD provider is able to provide identity information and authentication " "for entities from trusted domains as well. Currently only trusted domains in " "the same forest are recognized." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:50 msgid "" "The AD provider accepts the same options used by the <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-" "krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication " "provider with some exceptions described below." msgstr "" "Інструментом надання даних AD використовуються ті самі параметри, що " "використовуються надавачем даних профілів <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> та надавачем " "даних для розпізнавання <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> з певними винятками, " "описаними нижче." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:62 #, fuzzy #| msgid "" #| "However, it is neither necessary nor recommended to set these options. " #| "The AD provider can also be used as an access and chpass provider. No " #| "configuration of the access provider is required on the client side." msgid "" "However, it is neither necessary nor recommended to set these options. The " "AD provider can also be used as an access, chpass and sudo provider. No " "configuration of the access provider is required on the client side." msgstr "" "Потреби у встановленні або використанні цих параметрів виникнути не повинно " "Інструментом надання даних AD також можна скористатися для перевірки прав " "доступу та зміни паролів. У налаштовуванні керування доступом на боці " "клієнта немає потреби." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:74 #, no-wrap msgid "" "ldap_id_mapping = False\n" " " msgstr "" "ldap_id_mapping = False\n" " " #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:68 #, fuzzy #| msgid "" #| "By default, the AD provider will map UID and GID values from the " #| "objectSID parameter in Active Directory. For details on this, see the " #| "<quote>ID MAPPING</quote> section below. If you want to disable ID " #| "mapping and instead rely on POSIX attributes defined in Active Directory, " #| "you should set <placeholder type=\"programlisting\" id=\"0\"/> Users, " #| "groups and other entities served by SSSD are always treated as case-" #| "insensitive in the AD provider for compatibility with Active Directory's " #| "LDAP implementation." msgid "" "By default, the AD provider will map UID and GID values from the objectSID " "parameter in Active Directory. For details on this, see the <quote>ID " "MAPPING</quote> section below. If you want to disable ID mapping and instead " "rely on POSIX attributes defined in Active Directory, you should set " "<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users " "and groups using POSIX attributes from trusted domains, the AD administrator " "must make sure that the POSIX attributes are replicated to the Global " "Catalog." msgstr "" "Типово засіб надання даних AD виконує прив’язку значень UID і GID з " "параметра objectSID у Active Directory. Докладніше про це можна дізнатися з " "розділу «ВСТАНОВЛЕННЯ ВІДПОВІДНОСТІ ІДЕНТИФІКАТОРІВ», наведеного нижче. Якщо " "ви хочете вимкнути прив’язку ідентифікаторів і замість цього використати " "атрибути POSIX, визначені у Active Directory, вам слід встановити " "<placeholder type=\"programlisting\" id=\"0\"/> Записи користувачів, груп та " "інші записи, що обслуговуються SSSD, завжди оброблятимуться у засобі надання " "даних AD з врахуванням регістру для сумісності з реалізацією Active " "Directory у LDAP." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:81 msgid "" "Users, groups and other entities served by SSSD are always treated as case-" "insensitive in the AD provider for compatibility with Active Directory's " "LDAP implementation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:96 msgid "ad_domain (string)" msgstr "ad_domain (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:99 msgid "" "Specifies the name of the Active Directory domain. This is optional. If not " "provided, the configuration domain name is used." msgstr "" "Визначає назву домену Active Directory. Є необов’язковим. Якщо не вказано, " "буде використано назву домену з налаштувань." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:104 msgid "" "For proper operation, this option should be specified as the lower-case " "version of the long version of the Active Directory domain." msgstr "" "Для забезпечення належної роботи цей параметр слід вказати у форматі запису " "малими літерами повної версії назви домену Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:109 msgid "" "The short domain name (also known as the NetBIOS or the flat name) is " "autodetected by the SSSD." msgstr "" "Скорочена назва домену (також відома як назва NetBIOS або проста назва) " "автоматично визначається засобами SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:116 msgid "ad_server, ad_backup_server (string)" msgstr "ad_server, ad_backup_server (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:119 msgid "" "The comma-separated list of hostnames of the AD servers to which SSSD should " "connect in order of preference. For more information on failover and server " "redundancy, see the <quote>FAILOVER</quote> section. This is optional if " "autodiscovery is enabled. For more information on service discovery, refer " "to the <quote>SERVICE DISCOVERY</quote> section." msgstr "" "Впорядкований за пріоритетом список назв вузлів, відокремлених комами, " "серверів AD, з якими має встановити з’єднання SSSD. Докладніші відомості " "щодо резервних серверів викладено у розділі «РЕЗЕРВ». Цей список є " "необов’язковим, якщо увімкнено автоматичне виявлення служб. Докладніші " "відомості щодо автоматичного виявлення служб наведено у розділі «ПОШУК " "СЛУЖБ»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:132 msgid "ad_hostname (string)" msgstr "ad_hostname (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:135 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " "fully qualified name used in the Active Directory domain to identify this " "host." msgstr "" "Необов’язковий. Може бути встановлено на комп’ютерах, де hostname(5) не " "відповідає повній назві, що використовується доменом Active Directory для " "розпізнавання цього вузла." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:141 msgid "" "This field is used to determine the host principal in use in the keytab. It " "must match the hostname for which the keytab was issued." msgstr "" "Це поле використовується для визначення основної назви вузла, яка " "використовуватиметься у таблиці ключів. Ця назва має відповідати назві " "вузла, для якого випущено таблицю ключів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:149 msgid "ad_enable_dns_sites (boolean)" msgstr "ad_enable_dns_sites (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:156 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, the SSSD will first attempt to discover the " "Active Directory server to connect to using the Active Directory Site " "Discovery and fall back to the DNS SRV records if no AD site is found. The " "DNS SRV configuration, including the discovery domain, is used during site " "discovery as well." msgstr "" "Якщо вказано значення true і увімкнено визначення служб (див. розділ щодо " "пошуку служб у нижній частині сторінки підручника (man)), SSSD спочатку " "спробує визначити сервер Active Directory для встановлення з’єднання на " "основі використання визначення сайтів Active Directory і повертається до " "визначення за записами SRV DNS, якщо сайт AD не буде знайдено. Налаштування " "SRV DNS, зокрема домен пошуку, використовуються також під час визначення " "сайтів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:172 #, fuzzy #| msgid "ad_enable_dns_sites (boolean)" msgid "ad_access_filter (boolean)" msgstr "ad_enable_dns_sites (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:175 msgid "" "This option specifies LDAP access control filter that the user must match in " "order to be allowed access. Please note that the <quote>access_provider</" "quote> option must be explicitly set to <quote>ad</quote> in order for this " "option to have an effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:183 msgid "" "The option also supports specifying different filters per domain or forest. " "This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. " "The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or " "missing." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:191 msgid "" "If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</" "quote> specifies the domain or subdomain the filter applies to. If the " "keyword equals to <quote>FOREST</quote>, then the filter equals to all " "domains from the forest specified by <quote>NAME</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:199 msgid "" "Multiple filters can be separated with the <quote>?</quote> character, " "similarly to how search bases work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:204 msgid "" "The most specific match is always used. For example, if the option specified " "filter for a domain the user is a member of and a global filter, the per-" "domain filter would be applied. If there are more matches with the same " "specification, the first one is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #: sssd-ad.5.xml:215 #, no-wrap msgid "" "# apply filter on domain called dom1 only:\n" "dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n" "\n" "# apply filter on domain called dom2 only:\n" "DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n" "\n" "# apply filter on forest called EXAMPLE.COM only:\n" "FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n" " " msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:225 #, fuzzy #| msgid "Default: not set" msgid "Default: Not set" msgstr "Типове значення: not set" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:231 #, fuzzy #| msgid "ad_enable_dns_sites (boolean)" msgid "ad_enable_gc (boolean)" msgstr "ad_enable_dns_sites (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:234 msgid "" "By default, the SSSD connects to the Global Catalog first to retrieve users " "from trusted domains and uses the LDAP port to retrieve group memberships or " "as a fallback. Disabling this option makes the SSSD only connect to the LDAP " "port of the current AD server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:242 msgid "" "Please note that disabling Global Catalog support does not disable " "retrieving users from trusted domains. The SSSD would connect to the LDAP " "port of trusted domains instead. However, Global Catalog must be used in " "order to resolve cross-domain group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:259 msgid "" "Optional. This option tells SSSD to automatically update the Active " "Directory DNS server with the IP address of this client. The update is " "secured using GSS-TSIG. As a consequence, the Active Directory administrator " "only needs to allow secure updates for the DNS zone. The IP address of the " "AD LDAP connection is used for the updates, if it is not otherwise specified " "by using the <quote>dyndns_iface</quote> option." msgstr "" "Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично " "оновити IP-адресу цього клієнта на сервері DNS Active Directory. Захист " "оновлення буде забезпечено за допомогою GSS-TSIG. Як наслідок, " "адміністраторові Active Directory достатньо буде дозволити оновлення безпеки " "для зони DNS. Для оновлення буде використано IP-адресу з’єднання LDAP AD, " "якщо цю адресу не було змінено за допомогою параметра «dyndns_iface»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:289 msgid "Default: 3600 (seconds)" msgstr "Типове значення: 3600 (секунд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:303 msgid "Default: Use the IP address of the AD LDAP connection" msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:354 sssd-krb5.5.xml:496 msgid "krb5_use_enterprise_principal (boolean)" msgstr "krb5_use_enterprise_principal (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:357 sssd-krb5.5.xml:499 msgid "" "Specifies if the user principal should be treated as enterprise principal. " "See section 5 of RFC 6806 for more details about enterprise principals." msgstr "" "Визначає, чи слід вважати реєстраційні дані користувача даними промислового " "рівня. Див. розділ 5 RFC 6806, щоб дізнатися більше про промислові " "реєстраційні дані." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:384 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " "This example shows only the AD provider-specific options." msgstr "" "У наведеному нижче прикладі припускаємо, що SSSD налаштовано належним чином, " "а example.com є одним з доменів у розділі <replaceable>[sssd]</replaceable>. " "У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:391 #, no-wrap msgid "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" msgstr "" "[domain/EXAMPLE]\n" "id_provider = ad\n" "auth_provider = ad\n" "access_provider = ad\n" "chpass_provider = ad\n" "\n" "ad_server = dc1.example.com\n" "ad_hostname = client.example.com\n" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-ad.5.xml:411 #, no-wrap msgid "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" msgstr "" "access_provider = ldap\n" "ldap_access_order = expire\n" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:407 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "Інструмент керування доступом AD перевіряє, чи не завершено строк дії " "облікового запису. Дає той самий результат, що і ось таке налаштовування " "інструмента надання даних LDAP: <placeholder type=\"programlisting\" id=" "\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ad.5.xml:417 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>." msgstr "" "Втім, якщо інструмент керування наданням доступу «ad» не налаштовано явно, " "типовим інструментом надання доступу є «permit»." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 msgid "sssd-sudo" msgstr "sssd-sudo" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd-sudo.5.xml:17 msgid "Configuring sudo with the SSSD back end" msgstr "Налаштовування sudo за допомогою модуля SSSD" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:23 msgid "" "This manual page describes how to configure <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "to work with <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules." msgstr "" "На цій сторінці підручника описано способи налаштовування <citerefentry> " "<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " "на роботу у комплексі з <citerefentry> <refentrytitle>sssd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> та способи кешування правил sudo у " "SSSD." #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:36 msgid "Configuring sudo to cooperate with SSSD" msgstr "Налаштовування sudo на співпрацю з SSSD" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:38 msgid "" "To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to " "the <emphasis>sudoers</emphasis> entry in <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" "Щоб увімкнути SSSD як джерело правил sudo, додайте <emphasis>sss</emphasis> " "до запису <emphasis>sudoers</emphasis> у файлі <citerefentry> " "<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:47 msgid "" "For example, to configure sudo to first lookup rules in the standard " "<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> file (which should contain rules that apply to " "local users) and then in SSSD, the nsswitch.conf file should contain the " "following line:" msgstr "" "Наприклад, щоб налаштувати sudo на першочерговий пошук правил у стандартному " "файлі <citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> (цей файл має містити правила, що стосуються " "локальних користувачів), а потім у SSSD, у файлі nsswitch.conf слід вказати " "такий рядок:" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:57 #, no-wrap msgid "sudoers: files sss\n" msgstr "sudoers: files sss\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:61 msgid "" "More information about configuring the sudoers search order from the " "nsswitch.conf file as well as information about the LDAP schema that is used " "to store sudo rules in the directory can be found in <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." msgstr "" "Докладніші дані щодо налаштовування порядку пошуку у sudoers за допомогою " "файла nsswitch.conf, а також дані щодо бази даних LDAP, у якій зберігаються " "правила sudo каталогу, можна знайти на сторінці підручника <citerefentry> " "<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:70 msgid "" "<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in " "sudo rules, you also need to correctly set <citerefentry> " "<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </" "citerefentry> to your NIS domain name (which equals to IPA domain name when " "using hostgroups)." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:82 msgid "Configuring SSSD to fetch sudo rules" msgstr "Налаштовування SSSD на отримання правил sudo" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:84 msgid "" "All configuration that is needed on SSSD side is to extend the list of " "<emphasis>services</emphasis> with \"sudo\" in [sssd] section of " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set " "search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> " "option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:94 msgid "" "The following example shows how to configure SSSD to download sudo rules " "from an LDAP server." msgstr "" "У наведеному нижче прикладі показано, як налаштувати SSSD на отримання " "правил sudo з сервера LDAP." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-sudo.5.xml:99 #, no-wrap msgid "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" msgstr "" "[sssd]\n" "config_file_version = 2\n" "services = nss, pam, sudo\n" "domains = EXAMPLE\n" "\n" "[domain/EXAMPLE]\n" "id_provider = ldap\n" "sudo_provider = ldap\n" "ldap_uri = ldap://example.com\n" "ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:112 #, fuzzy #| msgid "" #| "When the SSSD is configured to use the IPA provider, the sudo provider is " #| "automatically enabled. The sudo search base is configured to use the " #| "compat tree (ou=sudoers,$DC)." msgid "" "When the SSSD is configured to use IPA as the ID provider, the sudo provider " "is automatically enabled. The sudo search base is configured to use the " "compat tree (ou=sudoers,$DC)." msgstr "" "Якщо SSSD налаштовано на використання надавача даних IPA, автоматично " "вмикається модуль надавача даних sudo. Базу пошуку sudo налаштовано на " "використання ієрархії даних compat (ou=sudoers,$DC)." #. type: Content of: <reference><refentry><refsect1><title> #: sssd-sudo.5.xml:119 msgid "The SUDO rule caching mechanism" msgstr "Механізм кешування правил SUDO" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:121 msgid "" "The biggest challenge, when developing sudo support in SSSD, was to ensure " "that running sudo with SSSD as the data source provides the same user " "experience and is as fast as sudo but keeps providing the most current set " "of rules as possible. To satisfy these requirements, SSSD uses three kinds " "of updates. They are referred to as full refresh, smart refresh and rules " "refresh." msgstr "" "Найбільшою складністю під час розробки підтримки sudo у SSSD було " "забезпечення роботи sudo з SSSD так, щоб для користувача джерело даних " "надавало дані у один спосіб та з тією самою швидкістю, що і sudo, надаючи " "при цьому якомога свіжіший набір правил. Щоб виконати ці умови, SSSD " "використовує оновлення трьох типів. Будемо називати ці тип повним " "оновленням, інтелектуальним оновленням та оновленням правил." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:129 msgid "" "The <emphasis>smart refresh</emphasis> periodically downloads rules that are " "new or were modified after the last update. Its primary goal is to keep the " "database growing by fetching only small increments that do not generate " "large amounts of network traffic." msgstr "" "Використання типу <emphasis>інтелектуального оновлення</emphasis> полягає у " "отриманні правил, які було додано або змінено з часу попереднього оновлення. " "Основним призначенням оновлення такого типу є підтримання актуального стану " "бази даних невеличкими порціями, які не спричиняють значного навантаження на " "мережу." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:135 msgid "" "The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored " "in the cache and replaces them with all rules that are stored on the server. " "This is used to keep the cache consistent by removing every rule which was " "deleted from the server. However, full refresh may produce a lot of traffic " "and thus it should be run only occasionally depending on the size and " "stability of the sudo rules." msgstr "" "У разі використання <emphasis>повного оновлення</emphasis> всі правила sudo, " "що зберігаються у кеші, буде вилучено і замінено на всі правила, які " "зберігаються на сервері. Таким чином, кеш буде узгоджено шляхом вилучення " "всіх правил, які було вилучено на сервері. Втім, повне оновлення може значно " "навантажувати канал з’єднання, а отже його варто використовувати лише іноді. " "Проміжок між сеансами повного оновлення має залежати від розміру і " "стабільності правил sudo." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:143 msgid "" "The <emphasis>rules refresh</emphasis> ensures that we do not grant the user " "more permission than defined. It is triggered each time the user runs sudo. " "Rules refresh will find all rules that apply to this user, check their " "expiration time and redownload them if expired. In the case that any of " "these rules are missing on the server, the SSSD will do an out of band full " "refresh because more rules (that apply to other users) may have been deleted." msgstr "" "У разі використання типу <emphasis>оновлення правил</emphasis> " "забезпечується ненадання користувачам ширших дозволів, ніж це було визначено " "на сервері. Оновлення цього типу виконується під час кожного запуску " "користувачем sudo. Під час оновлення буде виявлено всі правила, які " "стосуються користувача, перевірено, чи не завершено строк дії цих правил, і " "повторно отримано правила, якщо строк дії правил завершено. Якщо якихось з " "правил не буде виявлено на сервері, SSSD виконає позачергове повне " "оновлення, оскільки може виявитися, що було вилучено набагато більше правил " "(які стосуються інших користувачів)." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:152 msgid "" "If enabled, SSSD will store only rules that can be applied to this machine. " "This means rules that contain one of the following values in " "<emphasis>sudoHost</emphasis> attribute:" msgstr "" "Якщо увімкнено, SSSD зберігатиме лише правила, які можна застосувати до " "цього комп’ютера. Це означає, що зберігатимуться правила, що містять у " "атрибуті <emphasis>sudoHost</emphasis> одне з таких значень:" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:159 msgid "keyword ALL" msgstr "ключове слово ALL" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:164 msgid "wildcard" msgstr "шаблон заміни" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:169 msgid "netgroup (in the form \"+netgroup\")" msgstr "мережеву групу (у форматі «+мережева група»)" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:174 msgid "hostname or fully qualified domain name of this machine" msgstr "назву вузла або повну назву у домені цього комп’ютера" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:179 msgid "one of the IP addresses of this machine" msgstr "одну з IP-адрес цього комп’ютера" #. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para> #: sssd-sudo.5.xml:184 msgid "one of the IP addresses of the network (in the form \"address/mask\")" msgstr "одну з IP-адрес мережі (у форматі «адреса/маска»)" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-sudo.5.xml:190 msgid "" "There are many configuration options that can be used to adjust the " "behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." msgstr "" "Для точного налаштовування поведінки передбачено доволі багато параметрів " "Будь ласка, зверніться до розділу «ldap_sudo_*» у <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> та «sudo_*» у <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, щоб ознайомитися з " "докладним описом." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd.8.xml:10 sssd.8.xml:15 msgid "sssd" msgstr "sssd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sssd.8.xml:16 msgid "System Security Services Daemon" msgstr "Фонова служба безпеки системи" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sssd.8.xml:21 msgid "" "<command>sssd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" "<command>sssd</command> <arg choice='opt'> <replaceable>параметри</" "replaceable> </arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:31 msgid "" "<command>SSSD</command> provides a set of daemons to manage access to remote " "directories and authentication mechanisms. It provides an NSS and PAM " "interface toward the system and a pluggable backend system to connect to " "multiple different account sources as well as D-Bus interface. It is also " "the basis to provide client auditing and policy services for projects like " "FreeIPA. It provides a more robust database to store local users as well as " "extended user data." msgstr "" "У <command>SSSD</command> передбачено набір фонових служб для керування " "доступом до віддалених каталогів та механізмами розпізнавання. " "<command>SSSD</command> надає операційній системі інтерфейси NSS і PAM, а " "також систему придатних для під’єднання модулів для встановлення з’єднання з " "декількома різними джерелами даних щодо облікових записів та інтерфейс D-" "Bus. <command>SSSD</command> також є основою для систем перевірки " "клієнтських систем та служб обслуговування правил доступу для проектів, " "подібних до FreeIPA. <command>SSSD</command> надає стійкішу базу даних для " "збереження записів локальних користувачів, а також додаткових даних щодо " "користувачів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:46 msgid "" "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</" "replaceable>" msgstr "" "<option>-d</option>,<option>--debug-level</option> <replaceable>РІВЕНЬ</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:53 msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>" msgstr "<option>--debug-timestamps=</option><replaceable>режим</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:57 msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages" msgstr "" "<emphasis>1</emphasis>: додати часову позначку до діагностичних повідомлень." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:60 msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages" msgstr "" "<emphasis>0</emphasis>: вимкнути часову позначку у діагностичних " "повідомленнях" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:69 msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>" msgstr "<option>--debug-microseconds=</option><replaceable>режим</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:73 msgid "" "<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages" msgstr "" "<emphasis>1</emphasis>: додати значення мікросекунд до часової позначки у " "діагностичних повідомленнях" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:76 msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp" msgstr "" "<emphasis>0</emphasis>: вимкнути додавання мікросекунд до часової позначки" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:85 msgid "<option>-f</option>,<option>--debug-to-files</option>" msgstr "<option>-f</option>,<option>--debug-to-files</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:89 msgid "" "Send the debug output to files instead of stderr. By default, the log files " "are stored in <filename>/var/log/sssd</filename> and there are separate log " "files for every SSSD service and domain." msgstr "" "Надіслати діагностичні дані до файлів, а не до stderr. Типово файли журналів " "зберігаються у <filename>/var/log/sssd</filename>, передбачено також окремий " "журнал для кожної служби і домену SSSD." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:97 msgid "<option>-D</option>,<option>--daemon</option>" msgstr "<option>-D</option>,<option>--daemon</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:101 msgid "Become a daemon after starting up." msgstr "Перейти у режим фонової служби після запуску." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:107 sss_seed.8.xml:136 msgid "<option>-i</option>,<option>--interactive</option>" msgstr "<option>-i</option>,<option>--interactive</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:111 msgid "Run in the foreground, don't become a daemon." msgstr "Запустити програму у звичайному режимі, не створювати фонової служби." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:117 sss_debuglevel.8.xml:42 msgid "<option>-c</option>,<option>--config</option>" msgstr "<option>-c</option>,<option>--config</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:121 sss_debuglevel.8.xml:46 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " "consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" "Визначити нетиповий файл налаштувань. Типовим файлом налаштувань є " "<filename>/etc/sssd/sssd.conf</filename>. Довідку щодо синтаксису та " "параметрів файла налаштувань можна знайти на сторінці довідника (man) " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:135 msgid "<option>--version</option>" msgstr "<option>--version</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:139 msgid "Print version number and exit." msgstr "Вивести номер версії і завершити роботу." #. type: Content of: <reference><refentry><refsect1><title> #: sssd.8.xml:147 msgid "Signals" msgstr "Сигнали" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:150 msgid "SIGTERM/SIGINT" msgstr "SIGTERM/SIGINT" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:153 msgid "" "Informs the SSSD to gracefully terminate all of its child processes and then " "shut down the monitor." msgstr "" "Повідомляє SSSD, що слід поступово завершити роботу всіх дочірніх процесів, " "а потім завершити роботу монітора." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:159 msgid "SIGHUP" msgstr "SIGHUP" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:162 msgid "" "Tells the SSSD to stop writing to its current debug file descriptors and to " "close and reopen them. This is meant to facilitate log rolling with programs " "like logrotate." msgstr "" "Повідомляє SSSD, що слід припинити запис до файлів діагностичних даних з " "поточними дескрипторами, закрити і повторно відкрити ці файли. Цей сигнал " "призначено для полегшення процедури архівування журналів за допомогою " "програм, подібних до logrotate." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:170 msgid "SIGUSR1" msgstr "SIGUSR1" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:173 msgid "" "Tells the SSSD to simulate offline operation for one minute. This is mostly " "useful for testing purposes." msgstr "" "Наказує SSSD імітувати роботу у автономному режимі протягом однієї хвилини. " "Найкориснішим застосуванням є тестування служби." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sssd.8.xml:179 msgid "SIGUSR2" msgstr "SIGUSR2" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sssd.8.xml:182 msgid "" "Tells the SSSD to go online immediately. This is mostly useful for testing " "purposes." msgstr "" "Наказує SSSD перейти у режим роботи у мережі негайно. Найкориснішим " "застосуванням є тестування служби." #. type: Content of: <reference><refentry><refsect1><para> #: sssd.8.xml:193 #, fuzzy #| msgid "" #| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value " #| "debug messages will be sent to stderr." msgid "" "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client " "applications will not use the fast in memory cache." msgstr "" "Якщо встановлено будь-яке значення змінної середовища " "SSSD_KRB5_LOCATOR_DEBUG, діагностичні повідомлення надсилатимуться до stderr." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15 msgid "sss_obfuscate" msgstr "sss_obfuscate" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_obfuscate.8.xml:16 msgid "obfuscate a clear text password" msgstr "заплутування пароля у форматі звичайного тексту" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_obfuscate.8.xml:21 msgid "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</" "replaceable></arg>" msgstr "" "<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>параметри</" "replaceable> </arg> <arg choice='plain'><replaceable>[ПАРОЛЬ]</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:32 msgid "" "<command>sss_obfuscate</command> converts a given password into human-" "unreadable format and places it into appropriate domain section of the SSSD " "config file." msgstr "" "<command>sss_obfuscate</command> перетворює вказаний пароль на пароль у " "форматі зручному для читання і розташовує його у розділі відповідного домену " "файла налаштувань SSSD." #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" "The cleartext password is read from standard input or entered " "interactively. The obfuscated password is put into " "<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " "<quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." msgstr "" "Пароль у форматі звичайного тексту буде прочитано зі стандартного джерела " "вхідних даних або введено інтерактивно. Заплутану версію пароля буде " "збережено у параметрі з назвою «ldap_default_authtok» вказаного домену SSSD, " "параметру «ldap_default_authtok_type» буде надано значення " "«obfuscated_password». Докладніший опис цих параметрів можна знайти на " "сторінці підручника (man) <citerefentry> <refentrytitle>sssd-ldap</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:49 msgid "" "Please note that obfuscating the password provides <emphasis>no real " "security benefit</emphasis> as it is still possible for an attacker to " "reverse-engineer the password back. Using better authentication mechanisms " "such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> " "advised." msgstr "" "Будь ласка, зауважте, що заплутування паролів <emphasis>не є справжнім " "захистом</emphasis>, оскільки зловмисник може визначити алгоритм " "заплутування за кодом програми. <emphasis>Наполегливо</emphasis> радимо вам " "скористатися кращими механізмами захисту даних розпізнавання, зокрема " "клієнтськими сертифікатами або GSSAPI." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:63 msgid "<option>-s</option>,<option>--stdin</option>" msgstr "<option>-s</option>,<option>--stdin</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:67 msgid "The password to obfuscate will be read from standard input." msgstr "" "Пароль для заплутування буде прочитано зі стандартного джерела вхідних даних." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:79 #: sss_ssh_knownhostsproxy.1.xml:78 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" "<option>-d</option>,<option>--domain</option> <replaceable>ДОМЕН</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:79 msgid "" "The SSSD domain to use the password in. The default name is <quote>default</" "quote>." msgstr "" "Домен SSSD, для якого буде використано пароль. Типовою назвою є " "<quote>default</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_obfuscate.8.xml:86 msgid "" "<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>" msgstr "" "<option>-f</option>,<option>--file</option> <replaceable>ФАЙЛ</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:91 msgid "Read the config file specified by the positional parameter." msgstr "Прочитати дані з файла налаштувань, вказаного позиційним параметром." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_obfuscate.8.xml:95 msgid "Default: <filename>/etc/sssd/sssd.conf</filename>" msgstr "Типове значення: <filename>/etc/sssd/sssd.conf</filename>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_useradd.8.xml:10 sss_useradd.8.xml:15 msgid "sss_useradd" msgstr "sss_useradd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_useradd.8.xml:16 msgid "create a new user" msgstr "створення нового запису користувача" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_useradd.8.xml:21 msgid "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_useradd</command> <arg choice='opt'> <replaceable>параметри</" "replaceable> </arg> <arg " "choice='plain'><replaceable>НАЗВА_ОБЛІКОВОГО_ЗАПИСУ</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_useradd.8.xml:32 msgid "" "<command>sss_useradd</command> creates a new user account using the values " "specified on the command line plus the default values from the system." msgstr "" "<command>sss_useradd</command> створює обліковий запис користувача на основі " "значень, вказаних у командному рядку та типових значень системи." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:43 sss_seed.8.xml:76 msgid "" "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>" msgstr "" "<option>-u</option>,<option>--uid</option> <replaceable>ідентифікатор " "користувача</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:48 msgid "" "Set the UID of the user to the value of <replaceable>UID</replaceable>. If " "not given, it is chosen automatically." msgstr "" "Встановити для параметра ідентифікатора користувача (UID) значення " "<replaceable>UID</replaceable>. Якщо таке значення не буде вказано, програма " "вибере його автоматично." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100 msgid "" "<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</" "replaceable>" msgstr "" "<option>-c</option>,<option>--gecos</option> <replaceable>КОМЕНТАР</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105 msgid "" "Any text string describing the user. Often used as the field for the user's " "full name." msgstr "" "Будь-який рядок тексту, що описує користувача. Часто використовується для " "зберігання паспортного імені користувача." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112 msgid "" "<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</" "replaceable>" msgstr "" "<option>-h</option>,<option>--home</option> <replaceable>ДОМАШНІЙ_КАТАЛОГ</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:72 msgid "" "The home directory of the user account. The default is to append the " "<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use " "that as the home directory. The base that is prepended before " "<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/" "baseDirectory</quote> setting in sssd.conf." msgstr "" "Домашній каталог облікового запису користувача. Типовою назвою такого " "каталогу є назва, що утворюється додаванням <replaceable>ІМЕНІ_КОРИСТУВАЧА</" "replaceable> до запису <filename>/home</filename>. Рядок, який буде додано " "перед <replaceable>ІМЕНЕМ_КОРИСТУВАЧА</replaceable>, можна визначити за " "допомогою параметра «user_defaults/baseDirectory» у sssd.conf." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124 msgid "" "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>" msgstr "" "<option>-s</option>,<option>--shell</option> <replaceable>ОБОЛОНКА</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:87 msgid "" "The user's login shell. The default is currently <filename>/bin/bash</" "filename>. The default can be changed with <quote>user_defaults/" "defaultShell</quote> setting in sssd.conf." msgstr "" "Командна оболонка реєстрації користувача. У поточній версії типовою " "оболонкою є <filename>/bin/bash</filename>. Типову оболонку можна змінити за " "допомогою параметра «user_defaults/defaultShell» у sssd.conf." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:96 msgid "" "<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</" "replaceable>" msgstr "" "<option>-G</option>,<option>--groups</option> <replaceable>ГРУПИ</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:101 msgid "A list of existing groups this user is also a member of." msgstr "Список груп, учасником яких є користувач." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:107 msgid "<option>-m</option>,<option>--create-home</option>" msgstr "<option>-m</option>,<option>--create-home</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:111 msgid "" "Create the user's home directory if it does not exist. The files and " "directories contained in the skeleton directory (which can be defined with " "the -k option or in the config file) will be copied to the home directory." msgstr "" "Створити домашній каталог користувача, якщо такого ще не існує. До такого " "домашнього каталогу буде скопійовано файли і каталоги з каркасного каталогу " "(який можна визначити за допомогою параметра -k або запису у файлі " "налаштувань)." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:121 msgid "<option>-M</option>,<option>--no-create-home</option>" msgstr "<option>-M</option>,<option>--no-create-home</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:125 msgid "" "Do not create the user's home directory. Overrides configuration settings." msgstr "" "Не створювати домашнього каталогу користувача. Має пріоритет над іншими " "параметрами налаштування." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:132 msgid "" "<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</" "replaceable>" msgstr "" "<option>-k</option>,<option>--skel</option> <replaceable>КАТАЛОГ_SKEL</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:137 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " "<command>sss_useradd</command>." msgstr "" "Каркасний каталог, який містить файли і каталоги, які буде скопійовано до " "домашнього каталогу користувача, коли такий домашній каталог створюється " "командою <command>sss_useradd</command>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:143 msgid "" "Special files (block devices, character devices, named pipes and unix " "sockets) will not be copied." msgstr "" "Спеціальні файли (блокові пристрої, символьні пристрої, іменовані канали та " "сокети UNIX) скопійовано не буде." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:147 msgid "" "This option is only valid if the <option>-m</option> (or <option>--create-" "home</option>) option is specified, or creation of home directories is set " "to TRUE in the configuration." msgstr "" "Цей параметр набуде чинності, лише якщо вказано параметр <option>-m</option> " "(або <option>--create-home</option>) або для створення домашніх каталогів " "вказано TRUE у налаштуваннях." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_useradd.8.xml:156 sss_usermod.8.xml:124 msgid "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>SELINUX_USER</replaceable>" msgstr "" "<option>-Z</option>,<option>--selinux-user</option> " "<replaceable>КОРИСТУВАЧ_SELINUX</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_useradd.8.xml:161 msgid "" "The SELinux user for the user's login. If not specified, the system default " "will be used." msgstr "" "Користувач SELinux, що відповідає користувачеві, який увійшов до системи. " "Якщо не вказано, буде використано типового користувача системи." #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16 msgid "sssd-krb5" msgstr "sssd-krb5" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:23 msgid "" "This manual page describes the configuration of the Kerberos 5 " "authentication backend for <citerefentry> <refentrytitle>sssd</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed " "syntax reference, please refer to the <quote>FILE FORMAT</quote> section of " "the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page." msgstr "" "На цій сторінці довідника описано налаштування засобу розпізнавання Kerberos " "5 для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, " "зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:36 msgid "" "The Kerberos 5 authentication backend contains auth and chpass providers. It " "must be paired with an identity provider in order to function properly (for " "example, id_provider = ldap). Some information required by the Kerberos 5 " "authentication backend must be provided by the identity provider, such as " "the user's Kerberos Principal Name (UPN). The configuration of the identity " "provider should have an entry to specify the UPN. Please refer to the man " "page for the applicable identity provider for details on how to configure " "this." msgstr "" "Модуль розпізнавання Kerberos 5 містити засоби розпізнавання та зміни " "паролів. З метою отримання належних результатів його слід використовувати " "разом з інструментом обробки профілів (наприклад, id_provider = ldap). Деякі " "з даних, потрібних для роботи модуля розпізнавання Kerberos 5, має бути " "надано інструментом обробки профілів, серед цих даних Kerberos Principal " "Name (UPN) або реєстраційне ім’я користувача. У налаштуваннях інструменту " "обробки профілів має бути запис з визначенням UPN. Докладні настанови щодо " "визначення такого UPN має бути викладено на сторінці довідника (man) " "відповідного інструменту обробки профілів." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:47 msgid "" "This backend also provides access control based on the .k5login file in the " "home directory of the user. See <citerefentry> <refentrytitle>.k5login</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. " "Please note that an empty .k5login file will deny all access to this user. " "To activate this feature, use 'access_provider = krb5' in your SSSD " "configuration." msgstr "" "У цьому інструменті керування даними також передбачено можливості керування " "доступом, засновані на даних з файла .k5login у домашньому каталозі " "користувача. Докладніші відомості можна отримати з підручника до " "<citerefentry> <refentrytitle>.k5login</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>. Зауважте, що якщо файл .k5login виявиться " "порожнім, доступ користувачеві буде заборонено. Щоб задіяти можливість " "керування доступом, додайте рядок «access_provider = krb5» до ваших " "налаштувань SSSD." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:55 msgid "" "In the case where the UPN is not available in the identity backend, " "<command>sssd</command> will construct a UPN using the format " "<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>." msgstr "" "У випадку, коли доступу до UPN у модулі профілів не передбачено, " "<command>sssd</command> побудує UPN у форматі <replaceable>ім’я_користувача</" "replaceable>@<replaceable>область_krb5</replaceable>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect, in the order of preference. " "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. An optional port number (preceded by a " "colon) may be appended to the addresses or hostnames. If empty, service " "discovery is enabled; for more information, refer to the <quote>SERVICE " "DISCOVERY</quote> section." msgstr "" "Визначає список IP-адрес або назв вузлів, відокремлених комами, серверів " "Kerberos, з якими SSSD має встановлювати з’єднання. Список має бути " "впорядковано за пріоритетом. Докладніше про резервування та додаткові " "сервери можна дізнатися з розділу «РЕЗЕРВ». До адрес або назв вузлів може " "бути додано номер порту (перед номером слід вписати двокрапку). Якщо " "параметр матиме порожнє значення, буде увімкнено виявлення служб. Докладніше " "про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:106 msgid "" "The name of the Kerberos realm. This option is required and must be " "specified." msgstr "" "Назва області Kerberos. Цей параметр є обов’язковим, його неодмінно слід " "вказати." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:113 msgid "krb5_kpasswd, krb5_backup_kpasswd (string)" msgstr "krb5_kpasswd, krb5_backup_kpasswd (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:116 msgid "" "If the change password service is not running on the KDC, alternative " "servers can be defined here. An optional port number (preceded by a colon) " "may be appended to the addresses or hostnames." msgstr "" "Якщо службу зміни паролів не запущено на KDC, тут можна визначити " "альтернативні сервери. До адрес або назв вузлів можна додати номер порту " "(перед яким слід вписати двокрапку)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:122 msgid "" "For more information on failover and server redundancy, see the " "<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd " "servers to try, the backend is not switched to operate offline if " "authentication against the KDC is still possible." msgstr "" "Додаткові відомості щодо резервних серверів можна знайти у розділі «РЕЗЕРВ». " "Зауваження: навіть якщо список всіх серверів kpasswd буде вичерпано, модуль " "не перемкнеться у автономний режим роботи, якщо розпізнавання за KDC " "залишатиметься можливим." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:129 msgid "Default: Use the KDC" msgstr "Типове значення: використання KDC" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:135 msgid "krb5_ccachedir (string)" msgstr "krb5_ccachedir (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:138 msgid "" "Directory to store credential caches. All the substitution sequences of " "krb5_ccname_template can be used here, too, except %d and %P. The directory " "is created as private and owned by the user, with permissions set to 0700." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:145 msgid "Default: /tmp" msgstr "Типове значення: /tmp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:151 msgid "krb5_ccname_template (string)" msgstr "krb5_ccname_template (рядок)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:165 include/override_homedir.xml:11 msgid "%u" msgstr "%u" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:166 include/override_homedir.xml:12 msgid "login name" msgstr "ім'я користувача" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:169 include/override_homedir.xml:15 msgid "%U" msgstr "%U" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:170 msgid "login UID" msgstr "ідентифікатор користувача" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:173 msgid "%p" msgstr "%p" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:174 msgid "principal name" msgstr "назва реєстраційного запису" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:178 msgid "%r" msgstr "%r" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:179 msgid "realm name" msgstr "назва області" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:182 msgid "%h" msgstr "%h" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:183 msgid "home directory" msgstr "домашній каталог" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:187 include/override_homedir.xml:19 msgid "%d" msgstr "%d" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:188 msgid "value of krb5ccache_dir" msgstr "значення krb5ccache_dir" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:193 msgid "%P" msgstr "%P" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:194 msgid "the process ID of the SSSD client" msgstr "ідентифікатор процесу клієнтської частини SSSD" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:199 include/override_homedir.xml:34 msgid "%%" msgstr "%%" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:200 include/override_homedir.xml:35 msgid "a literal '%'" msgstr "символ відсотків («%»)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:154 #, fuzzy #| msgid "" #| "Location of the user's credential cache. Two credential cache types are " #| "currently supported: <quote>FILE</quote> and <quote>DIR</quote>. The " #| "cache can be specified either as <replaceable>TYPE:RESIDUAL</" #| "replaceable>, or as an absolute path, which implies the <quote>FILE</" #| "quote> type. In the template, the following sequences are substituted: " #| "<placeholder type=\"variablelist\" id=\"0\"/> If the template ends with " #| "'XXXXXX' mkstemp(3) is used to create a unique filename in a safe way." msgid "" "Location of the user's credential cache. Three credential cache types are " "currently supported: <quote>FILE</quote>, <quote>DIR</quote> and " "<quote>KEYRING:persistent</quote>. The cache can be specified either as " "<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which " "implies the <quote>FILE</quote> type. In the template, the following " "sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If " "the template ends with 'XXXXXX' mkstemp(3) is used to create a unique " "filename in a safe way." msgstr "" "Розташування кешу з реєстраційними даними користувача. У поточній версії " "передбачено підтримку двох типів кешу реєстраційних даних: <quote>FILE</" "quote> та <quote>DIR</quote>. Теш може бути вказано або у форматі " "<replaceable>ТИП:РЕШТА</replaceable>, або у форматі абсолютного шляху (тоді " "вважається, що типом кешу є <quote>FILE</quote>). У шаблоні передбачено " "можливість використання таких послідовностей-замінників: <placeholder type=" "\"variablelist\" id=\"0\"/> Якщо шаблон завершується послідовністю «XXXXXX», " "для безпечного створення назви файла використовується mkstemp(3)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:208 msgid "" "When using KEYRING types, the only supported mechanism is <quote>KEYRING:" "persistent:%U</quote>, which uses the Linux kernel keyring to store " "credentials on a per-UID basis. This is also the recommended choice, as it " "is the most secure and predictable method." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:216 msgid "" "The default value for the credential cache name is sourced from the profile " "stored in the system wide krb5.conf configuration file in the [libdefaults] " "section. The option name is default_ccache_name. See krb5.conf(5)'s " "PARAMETER EXPANSION paragraph for additional information on the expansion " "format defined by krb5.conf." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:225 #, fuzzy #| msgid "Default: 0 (No limit)" msgid "Default: (from libkrb5)" msgstr "Типове значення: 0 (без обмежень)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:231 msgid "krb5_auth_timeout (integer)" msgstr "krb5_auth_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:234 msgid "" "Timeout in seconds after an online authentication request or change password " "request is aborted. If possible, the authentication request is continued " "offline." msgstr "" "Час очікування, по завершенню якого буде перервано запит щодо розпізнавання " "або зміни пароля у мережі. Якщо це можливо, обробку запиту щодо " "розпізнавання буде продовжено у автономному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:248 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed. The keytab is checked for entries sequentially, and the first entry " "with a matching realm is used for validation. If no entry matches the realm, " "the last entry in the keytab is used. This process can be used to validate " "environments using cross-realm trust by placing the appropriate keytab entry " "as the last entry or the only entry in the keytab file." msgstr "" "Перевірити за допомогою krb5_keytab, чи отриманий TGT не було підмінено. " "Перевірка записів у таблиці ключів виконується послідовно. Для перевірки " "використовується перший запис з відповідним значенням області. Якщо не буде " "знайдено жодного відповідного області запису, буде використано останній " "запис з таблиці ключів. Цим процесом можна скористатися для перевірки " "середовищ за допомогою зв’язків довіри між записами областей: достатньо " "розташувати відповідний запис таблиці ключів на останньому місці або зробити " "його єдиним записом у файлі таблиці ключів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:263 msgid "krb5_keytab (string)" msgstr "krb5_keytab (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:266 msgid "" "The location of the keytab to use when validating credentials obtained from " "KDCs." msgstr "" "Розташування таблиці ключів, якою слід скористатися під час перевірки " "реєстраційних даних, отриманих від KDC." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:270 msgid "Default: /etc/krb5.keytab" msgstr "Типове значення: /etc/krb5.keytab" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:276 msgid "krb5_store_password_if_offline (boolean)" msgstr "krb5_store_password_if_offline (булівське значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:279 msgid "" "Store the password of the user if the provider is offline and use it to " "request a TGT when the provider comes online again." msgstr "" "Зберігати пароль користувача, якщо засіб перевірки перебуває поза мережею, і " "використовувати його для запитів TGT після встановлення з’єднання з засобом " "перевірки." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:284 msgid "" "NOTE: this feature is only available on Linux. Passwords stored in this way " "are kept in plaintext in the kernel keyring and are potentially accessible " "by the root user (with difficulty)." msgstr "" "Зауваження: ця можливість у поточній версії доступна лише на платформі " "Linux. Паролі зберігатимуться у форматі звичайного тексту (без шифрування) у " "сховищі ключів ядра, потенційно до них може отримати доступ адміністративний " "користувач (root), але йому для цього слід буде подолати деякі перешкоди." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:297 msgid "krb5_renewable_lifetime (string)" msgstr "krb5_renewable_lifetime (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:300 msgid "" "Request a renewable ticket with a total lifetime, given as an integer " "immediately followed by a time unit:" msgstr "" "Надіслати запит щодо поновлюваного квитка з загальним строком дії, вказаним " "за допомогою цілого числа, за яким одразу вказано одиницю часу:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376 msgid "<emphasis>s</emphasis> for seconds" msgstr "<emphasis>s</emphasis> — секунди" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379 msgid "<emphasis>m</emphasis> for minutes" msgstr "<emphasis>m</emphasis> — хвилини" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382 msgid "<emphasis>h</emphasis> for hours" msgstr "<emphasis>h</emphasis> — години" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385 msgid "<emphasis>d</emphasis> for days." msgstr "<emphasis>d</emphasis> — дні." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388 msgid "If there is no unit given, <emphasis>s</emphasis> is assumed." msgstr "" "Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю " "<emphasis>s</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392 msgid "" "NOTE: It is not possible to mix units. To set the renewable lifetime to one " "and a half hours, use '90m' instead of '1h30m'." msgstr "" "Зауваження: не можна використовувати одразу декілька одиниць. Якщо вам " "потрібно встановити строк дії у півтори години, слід вказати «90m», а не " "«1h30m»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:326 msgid "Default: not set, i.e. the TGT is not renewable" msgstr "Типове значення: не встановлено, тобто TGT не є оновлюваним" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:332 msgid "krb5_lifetime (string)" msgstr "krb5_lifetime (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:335 msgid "" "Request ticket with a lifetime, given as an integer immediately followed by " "a time unit:" msgstr "" "Надіслати запит щодо квитка з загальним строком дії, вказаним за допомогою " "цілого числа, за яким одразу вказано одиницю часу:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:351 msgid "If there is no unit given <emphasis>s</emphasis> is assumed." msgstr "" "Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю " "<emphasis>s</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:355 msgid "" "NOTE: It is not possible to mix units. To set the lifetime to one and a " "half hours please use '90m' instead of '1h30m'." msgstr "" "Зауваження: не можна використовувати одразу декілька одиниць. Якщо вам " "потрібно встановити строк дії у півтори години, слід вказати «90m», а не " "«1h30m»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:360 msgid "" "Default: not set, i.e. the default ticket lifetime configured on the KDC." msgstr "" "Типове значення: не встановлено, тобто типовий строк дії квитка " "визначатиметься у налаштуваннях KDC." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:367 msgid "krb5_renew_interval (string)" msgstr "krb5_renew_interval (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:370 msgid "" "The time in seconds between two checks if the TGT should be renewed. TGTs " "are renewed if about half of their lifetime is exceeded, given as an integer " "immediately followed by a time unit:" msgstr "" "Час у секундах між двома послідовними перевірками того, чи слід оновлювати " "записи TGT. Записи TGT оновлюються після завершення приблизно половини " "їхнього строку дії, що задається як ціле число з наступним позначенням " "одиниці часу:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:397 msgid "If this option is not set or is 0 the automatic renewal is disabled." msgstr "" "Якщо значення для цього параметра встановлено не буде або буде встановлено " "значення 0, автоматичного оновлення не відбуватиметься." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:415 msgid "" "<emphasis>never</emphasis> use FAST. This is equivalent to not setting this " "option at all." msgstr "" "<emphasis>never</emphasis> використовувати FAST, рівнозначний варіанту, за " "якого значення цього параметра взагалі не задається." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:419 msgid "" "<emphasis>try</emphasis> to use FAST. If the server does not support FAST, " "continue the authentication without it." msgstr "" "<emphasis>try</emphasis> — використовувати FAST. Якщо на сервері не " "передбачено підтримки FAST, продовжити розпізнавання без FAST." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:429 msgid "Default: not set, i.e. FAST is not used." msgstr "Типове значення: не встановлено, тобто FAST не використовується." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:432 msgid "NOTE: a keytab is required to use FAST." msgstr "" "Зауваження: будь ласка, зауважте, що для використання FAST потрібна таблиця " "ключів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:444 msgid "krb5_fast_principal (string)" msgstr "krb5_fast_principal (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:447 msgid "Specifies the server principal to use for FAST." msgstr "" "Визначає реєстраційний запис сервера, який слід використовувати для FAST." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:456 msgid "" "Specifies if the host and user principal should be canonicalized. This " "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" "Визначає, чи слід перетворювати реєстраційний запис вузла і користувача у " "канонічну форму. Цю можливість передбачено з версії MIT Kerberos 1.7." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-krb5.5.xml:505 #, fuzzy #| msgid "Default: false (AD provide: true)" msgid "Default: false (AD provider: true)" msgstr "Типове значення: false (надається AD: true)" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:65 msgid "" "If the auth-module krb5 is used in an SSSD domain, the following options " "must be used. See the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section " "<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD " "domain. <placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Якщо у домені SSSD використано auth-module krb5, має бути використано " "вказані нижче параметри. Зверніться до сторінки довідника (man) " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>, розділ «РОЗДІЛИ ДОМЕНІВ», щоб дізнатися більше " "про налаштування домену SSSD. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-krb5.5.xml:521 msgid "" "The following example assumes that SSSD is correctly configured and FOO is " "one of the domains in the <replaceable>[sssd]</replaceable> section. This " "example shows only configuration of Kerberos authentication; it does not " "include any identity provider." msgstr "" "У наведеному нижче прикладі припускається, що SSSD налаштовано належним " "чином, а FOO є одним з доменів у розділі <replaceable>[sssd]</replaceable>. " "У прикладі продемонстровано лише налаштування розпізнавання аз допомогою " "Kerberos, там не вказано інструменту обробки профілів." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sssd-krb5.5.xml:529 #, no-wrap msgid "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" msgstr "" " [domain/FOO]\n" " auth_provider = krb5\n" " krb5_server = 192.168.1.1\n" " krb5_realm = EXAMPLE.COM\n" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15 msgid "sss_groupadd" msgstr "sss_groupadd" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupadd.8.xml:16 msgid "create a new group" msgstr "створення нової групи" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupadd.8.xml:21 msgid "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupadd</command> <arg choice='opt'> <replaceable>параметри</" "replaceable> </arg> <arg choice='plain'><replaceable>ГРУПА</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupadd.8.xml:32 msgid "" "<command>sss_groupadd</command> creates a new group. These groups are " "compatible with POSIX groups, with the additional feature that they can " "contain other groups as members." msgstr "" "<command>sss_groupadd</command> створює групу. Такі групи є сумісними з " "групами POSIX. Додатковою можливістю цих груп є те, що учасниками можуть " "бути інші групи." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupadd.8.xml:43 sss_seed.8.xml:88 msgid "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" msgstr "" "<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupadd.8.xml:48 msgid "" "Set the GID of the group to the value of <replaceable>GID</replaceable>. If " "not given, it is chosen automatically." msgstr "" "Встановити для параметра ідентифікатора групи (GID) значення " "<replaceable>GID</replaceable>. Якщо таке значення не буде вказано, програма " "вибере його автоматично." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_userdel.8.xml:10 sss_userdel.8.xml:15 msgid "sss_userdel" msgstr "sss_userdel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_userdel.8.xml:16 msgid "delete a user account" msgstr "вилучення облікового запису користувача" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_userdel.8.xml:21 msgid "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_userdel</command> <arg choice='opt'> <replaceable>параметри</" "replaceable> </arg> <arg " "choice='plain'><replaceable>НАЗВА_ОБЛІКОВОГО_ЗАПИСУ</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_userdel.8.xml:32 msgid "" "<command>sss_userdel</command> deletes a user identified by login name " "<replaceable>LOGIN</replaceable> from the system." msgstr "" "<command>sss_userdel</command> вилучає обліковий запис користувача " "<replaceable>ІМ’Я_КОРИСТУВАЧА</replaceable> з системи." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:44 msgid "<option>-r</option>,<option>--remove</option>" msgstr "<option>-r</option>,<option>--remove</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:48 msgid "" "Files in the user's home directory will be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" "Файли у домашньому каталозі користувача буде вилучено разом з самим домашнім " "каталогом та поштовим буфером користувача. Може бути перевизначено у " "налаштуваннях." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:56 msgid "<option>-R</option>,<option>--no-remove</option>" msgstr "<option>-R</option>,<option>--no-remove</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:60 msgid "" "Files in the user's home directory will NOT be removed along with the home " "directory itself and the user's mail spool. Overrides the configuration." msgstr "" "Файли у домашньому каталозі користувача НЕ буде вилучено разом з самим " "домашнім каталогом та поштовим буфером користувача. Може бути перевизначено " "у налаштуваннях." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:68 msgid "<option>-f</option>,<option>--force</option>" msgstr "<option>-f</option>,<option>--force</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:72 msgid "" "This option forces <command>sss_userdel</command> to remove the user's home " "directory and mail spool, even if they are not owned by the specified user." msgstr "" "За допомогою цього параметра можна примусити <command>sss_userdel</command> " "вилучати домашній каталог користувача та буфер пошти, навіть якщо їхнім " "власником не є вказаний користувач." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_userdel.8.xml:80 msgid "<option>-k</option>,<option>--kick</option>" msgstr "<option>-k</option>,<option>--kick</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_userdel.8.xml:84 msgid "Before actually deleting the user, terminate all his processes." msgstr "" "До вилучення запису користувача завершити роботу всіх процесів, власником " "яких є цей користувач." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15 msgid "sss_groupdel" msgstr "sss_groupdel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupdel.8.xml:16 msgid "delete a group" msgstr "вилучення групи" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupdel.8.xml:21 msgid "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>параметри</" "replaceable> </arg> <arg choice='plain'><replaceable>ГРУПА</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupdel.8.xml:32 msgid "" "<command>sss_groupdel</command> deletes a group identified by its name " "<replaceable>GROUP</replaceable> from the system." msgstr "" "<command>sss_groupdel</command> вилучає групу, вказану за допомогою " "аргументу <replaceable>ГРУПА</replaceable>, з системи." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15 msgid "sss_groupshow" msgstr "sss_groupshow" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_groupshow.8.xml:16 msgid "print properties of a group" msgstr "показ параметрів групи" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_groupshow.8.xml:21 msgid "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></" "arg>" msgstr "" "<command>sss_groupshow</command> <arg choice='opt'> <replaceable>параметри</" "replaceable> </arg> <arg choice='plain'><replaceable>ГРУПА</replaceable></" "arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_groupshow.8.xml:32 msgid "" "<command>sss_groupshow</command> displays information about a group " "identified by its name <replaceable>GROUP</replaceable>. The information " "includes the group ID number, members of the group and the parent group." msgstr "" "<command>sss_groupshow</command> показує дані щодо групи, вказаної за " "назвою, <replaceable>ГРУПА</replaceable>. Серед даних буде ідентифікаційний " "номер групи, кількість учасників групи та назва батьківської групи." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_groupshow.8.xml:43 msgid "<option>-R</option>,<option>--recursive</option>" msgstr "<option>-R</option>,<option>--recursive</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_groupshow.8.xml:47 msgid "" "Also print indirect group members in a tree-like hierarchy. Note that this " "also affects printing parent groups - without <option>R</option>, only the " "direct parent will be printed." msgstr "" "Вивести також список непрямих учасників групи у форматі деревоподібної " "ієрархії. Зауважте, що використання параметра також вплине на виведення " "батьківських груп: без <option>R</option> буде виведено список лише " "безпосередніх батьківських груп." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_usermod.8.xml:10 sss_usermod.8.xml:15 msgid "sss_usermod" msgstr "sss_usermod" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_usermod.8.xml:16 msgid "modify a user account" msgstr "зміна облікового запису користувача" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_usermod.8.xml:21 msgid "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></" "arg>" msgstr "" "<command>sss_usermod</command> <arg choice='opt'> <replaceable>параметри</" "replaceable> </arg> <arg choice='plain'><replaceable>ІМ’Я_КОРИСТУВАЧА</" "replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_usermod.8.xml:32 msgid "" "<command>sss_usermod</command> modifies the account specified by " "<replaceable>LOGIN</replaceable> to reflect the changes that are specified " "on the command line." msgstr "" "<command>sss_usermod</command> змінює параметри облікового запису " "<replaceable>ІМ’Я_КОРИСТУВАЧА</replaceable> відповідно до значень, вказаних " "у командному рядку." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:60 msgid "The home directory of the user account." msgstr "Домашній каталог облікового запису користувача." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:71 msgid "The user's login shell." msgstr "Оболонка для входу користувача до системи." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:82 msgid "" "Append this user to groups specified by the <replaceable>GROUPS</" "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is " "a comma separated list of group names." msgstr "" "Додати запис користувача до груп, вказаних за допомогою параметра " "<replaceable>ГРУПИ</replaceable>. Параметр <replaceable>ГРУПИ</replaceable> " "є списком груп, відокремлених комами." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:96 msgid "" "Remove this user from groups specified by the <replaceable>GROUPS</" "replaceable> parameter." msgstr "" "Вилучає запис користувача з груп, вказаних за допомогою параметра " "<replaceable>ГРУПИ</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:103 msgid "<option>-l</option>,<option>--lock</option>" msgstr "<option>-l</option>,<option>--lock</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:107 msgid "Lock the user account. The user won't be able to log in." msgstr "" "Заблокувати обліковий запис користувача. Заблокований користувач не зможе " "входити до системи." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_usermod.8.xml:114 msgid "<option>-u</option>,<option>--unlock</option>" msgstr "<option>-u</option>,<option>--unlock</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:118 msgid "Unlock the user account." msgstr "Розблокувати обліковий запис користувача." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_usermod.8.xml:129 msgid "The SELinux user for the user's login." msgstr "Ім’я користувача SELinux, що відповідає імені для входу до системи." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_cache.8.xml:10 sss_cache.8.xml:15 msgid "sss_cache" msgstr "sss_cache" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_cache.8.xml:16 msgid "perform cache cleanup" msgstr "виконати спорожнення кешу" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_cache.8.xml:21 msgid "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg>" msgstr "" "<command>sss_cache</command> <arg choice='opt'> <replaceable>параметри</" "replaceable> </arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_cache.8.xml:31 msgid "" "<command>sss_cache</command> invalidates records in SSSD cache. Invalidated " "records are forced to be reloaded from server as soon as related SSSD " "backend is online." msgstr "" "<command>sss_cache</command> скасовує визначення записів у кеші SSSD. Дані " "записів зі скасованими визначеннями буде перезавантажено з сервера у " "примусовому порядку, щойно відповідний модуль SSSD отримає до них доступ." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:42 msgid "<option>-E</option>,<option>--everything</option>" msgstr "<option>-E</option>,<option>--everything</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:46 msgid "Invalidate all cached entries except for sudo rules." msgstr "Скасувати чинність усіх кешованих записів, окрім правил sudo." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:52 msgid "" "<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>" msgstr "" "<option>-u</option>,<option>--user</option> <replaceable>реєстраційні дані</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:57 msgid "Invalidate specific user." msgstr "Скасувати визначення вказаного користувача." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:63 msgid "<option>-U</option>,<option>--users</option>" msgstr "<option>-U</option>,<option>--users</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:67 msgid "" "Invalidate all user records. This option overrides invalidation of specific " "user if it was also set." msgstr "" "Скасувати визначення всіх записів. Цей параметр має вищий пріоритет за " "параметр скасування визначення для будь-якого користувача, якщо такий " "параметр вказано." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:74 msgid "" "<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>" msgstr "" "<option>-g</option>,<option>--group</option> <replaceable>група</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:79 msgid "Invalidate specific group." msgstr "Скасувати визначення вказаної групи." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:85 msgid "<option>-G</option>,<option>--groups</option>" msgstr "<option>-G</option>,<option>--groups</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:89 msgid "" "Invalidate all group records. This option overrides invalidation of specific " "group if it was also set." msgstr "" "Скасувати визначення записів для всіх груп. Цей параметр має вищий пріоритет " "за параметр скасування визначення для будь-якої групи, якщо такий параметр " "вказано." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:96 msgid "" "<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</" "replaceable>" msgstr "" "<option>-n</option>,<option>--netgroup</option> <replaceable>мережева група</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:101 msgid "Invalidate specific netgroup." msgstr "Скасувати визначення вказаної мережевої групи." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:107 msgid "<option>-N</option>,<option>--netgroups</option>" msgstr "<option>-N</option>,<option>--netgroups</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:111 msgid "" "Invalidate all netgroup records. This option overrides invalidation of " "specific netgroup if it was also set." msgstr "" "Скасувати визначення всіх записів мережевих груп. Цей параметр має вищий " "пріоритет за параметр скасування визначення для будь-якої мережевої групи, " "якщо такий параметр вказано." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:118 msgid "" "<option>-s</option>,<option>--service</option> <replaceable>service</" "replaceable>" msgstr "" "<option>-s</option>,<option>--service</option> <replaceable>служба</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:123 msgid "Invalidate specific service." msgstr "Скасувати визначення вказаної служби." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:129 msgid "<option>-S</option>,<option>--services</option>" msgstr "<option>-S</option>,<option>--services</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:133 msgid "" "Invalidate all service records. This option overrides invalidation of " "specific service if it was also set." msgstr "" "Скасувати визначення всіх записів служб. Цей параметр має вищий пріоритет за " "параметр скасування визначення для будь-якої служби, якщо такий параметр " "вказано." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:140 msgid "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</" "replaceable>" msgstr "" "<option>-a</option>,<option>--autofs-map</option> <replaceable>карта autofs</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:145 msgid "Invalidate specific autofs maps." msgstr "Скасувати визначення певної карти autofs." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:151 msgid "<option>-A</option>,<option>--autofs-maps</option>" msgstr "<option>-A</option>,<option>--autofs-maps</option>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:155 msgid "" "Invalidate all autofs maps. This option overrides invalidation of specific " "map if it was also set." msgstr "" "Скасувати визначення всіх записів карт autofs. Цей параметр має вищий " "пріоритет за параметр скасування визначення для будь-якої карти, якщо такий " "параметр вказано." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_cache.8.xml:162 msgid "" "<option>-d</option>,<option>--domain</option> <replaceable>domain</" "replaceable>" msgstr "" "<option>-d</option>,<option>--domain</option> <replaceable>домен</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_cache.8.xml:167 msgid "Restrict invalidation process only to a particular domain." msgstr "Обмежити процедуру скасування визначення лише певним доменом." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15 msgid "sss_debuglevel" msgstr "sss_debuglevel" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 msgid "change debug level while SSSD is running" msgstr "змінити рівень діагностики протягом сеансу роботи з SSSD" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_debuglevel.8.xml:21 msgid "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</" "replaceable></arg>" msgstr "" "<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg " "choice='plain'><replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" "<command>sss_debuglevel</command> changes debug level of SSSD monitor and " "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " "running." msgstr "" "<command>sss_debuglevel</command> змінює рівень діагностики засобу " "спостереження та надавачів даних SSSD на вказане значення " "<replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable> під час роботи SSSD." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_debuglevel.8.xml:59 msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" msgstr "<replaceable>НОВИЙ_РІВЕНЬ_ДІАГНОСТИКИ</replaceable>" #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_seed.8.xml:10 sss_seed.8.xml:15 msgid "sss_seed" msgstr "sss_seed" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_seed.8.xml:16 msgid "seed the SSSD cache with a user" msgstr "надсилає дані кешу SSSD щодо користувача" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_seed.8.xml:21 msgid "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>options</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</" "replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></" "arg>" msgstr "" "<command>sss_seed</command> <arg choice='opt'> <replaceable>параметри</" "replaceable> </arg> <arg choice='plain'>-D <replaceable>ДОМЕН</replaceable></" "arg> <arg choice='plain'>-n <replaceable>КОРИСТУВАЧ</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:33 msgid "" "<command>sss_seed</command> seeds the SSSD cache with a user entry and " "temporary password. If a user entry is already present in the SSSD cache " "then the entry is updated with the temporary password." msgstr "" "<command>sss_seed</command> розповсюджує кеш SSSD з записом користувача і " "тимчасовим паролем. Якщо запис користувача вже є у кеші SSSD, запис буде " "оновлено зі встановленням тимчасового пароля." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:46 msgid "" "<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</" "replaceable>" msgstr "" "<option>-D</option>,<option>--domain</option> <replaceable>ДОМЕН</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:51 msgid "" "Provide the name of the domain in which the user is a member of. The domain " "is also used to retrieve user information. The domain must be configured in " "sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. " "Information retrieved from the domain overrides what is provided in the " "options." msgstr "" "Визначає назву домену, учасником якого є користувач. Домен використовується " "для отримання даних щодо користувачів. Домен має бути налаштовано у sssd." "conf. Має бути надано аргумент <replaceable>ДОМЕН</replaceable>. Дані, " "отримані з домену, матимуть вищий пріоритет за дані, вказані за допомогою " "параметрів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:63 msgid "" "<option>-n</option>,<option>--username</option> <replaceable>USER</" "replaceable>" msgstr "" "<option>-n</option>,<option>--username</option> <replaceable>КОРИСТУВАЧ</" "replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:68 msgid "" "The username of the entry to be created or modified in the cache. The " "<replaceable>USER</replaceable> option must be provided." msgstr "" "Ім’я користувача, запис якого слід створити або змінити у кеші. Має бути " "вказано аргумент <replaceable>КОРИСТУВАЧ</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:81 msgid "Set the UID of the user to <replaceable>UID</replaceable>." msgstr "Встановити UID користувача у значення <replaceable>UID</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:93 msgid "Set the GID of the user to <replaceable>GID</replaceable>." msgstr "Встановити GID користувача у значення <replaceable>GID</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:117 msgid "" "Set the home directory of the user to <replaceable>HOME_DIR</replaceable>." msgstr "" "Встановити домашній каталог користувача у значення " "<replaceable>ДОМАШНІЙ_КАТАЛОГ</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:129 msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>." msgstr "" "Встановити оболонку реєстрації користувача у значення <replaceable>ОБОЛОНКА</" "replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:140 msgid "" "Interactive mode for entering user information. This option will only prompt " "for information not provided in the options or retrieved from the domain." msgstr "" "Інтерактивний режим для введення даних користувача. У разі використання " "цього параметра програма надсилатиме запит лише щодо даних, які не було " "отримано з параметрів команди або домену." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_seed.8.xml:148 msgid "" "<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</" "replaceable>" msgstr "" "<option>-p</option>,<option>--password-file</option> " "<replaceable>ФАЙЛ_ПАРОЛІВ</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_seed.8.xml:153 msgid "" "Specify file to read user's password from. (if not specified password is " "prompted for)" msgstr "" "Вказати файл, звідки слід читати дані щодо паролів користувачів. Якщо пароль " "не буде знайдено, програма надішле запит на його введення." #. type: Content of: <reference><refentry><refsect1><para> #: sss_seed.8.xml:165 msgid "" "The length of the password (or the size of file specified with -p or --" "password-file option) must be less than or equal to PASS_MAX bytes (64 bytes " "on systems with no globally-defined PASS_MAX value)." msgstr "" "Довжина пароля (або розмір файла, визначеного за допомогою параметра -p або " "--password-file) має бути меншою або рівною PASS_MAX байтів (64 байти у " "системах без визначеного на загальному рівні значення PASS_MAX)." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15 msgid "sss_ssh_authorizedkeys" msgstr "sss_ssh_authorizedkeys" #. type: Content of: <reference><refentry><refmeta><manvolnum> #: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11 msgid "1" msgstr "1" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_authorizedkeys.1.xml:16 msgid "get OpenSSH authorized keys" msgstr "отримати уповноважені ключі OpenSSH" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_authorizedkeys.1.xml:21 msgid "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>USER</replaceable></arg>" msgstr "" "<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> " "<replaceable>параметри</replaceable> </arg> <arg " "choice='plain'><replaceable>КОРИСТУВАЧ</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:32 msgid "" "<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user " "<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys " "format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> for more information)." msgstr "" "<command>sss_ssh_authorizedkeys</command> отримує відкриті ключі SSH для " "користувача <replaceable>КОРИСТУВАЧ</replaceable> і виводить їх у форматі " "authorized_keys OpenSSH (щоб дізнатися більше, див. розділ <quote>ФОРМАТ " "ФАЙЛІВ AUTHORIZED_KEYS</quote> на сторінці підручника (man) з " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:41 msgid "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</" "command> for public key user authentication if it is compiled with support " "for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</" "quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> options." msgstr "" "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> можна налаштувати на використання " "<command>sss_ssh_authorizedkeys</command> для розпізнавання користувачів за " "відкритими ключами, якщо програму зібрано з підтримкою параметра " "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry> <quote>AuthorizedKeysCommand</quote> або " "<quote>PubkeyAgent</quote>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:58 #, no-wrap msgid "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" msgstr "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:51 msgid "" "If <quote>AuthorizedKeysCommand</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by putting the following directive " "in <citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</" "manvolnum></citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "Якщо передбачено підтримку <quote>AuthorizedKeysCommand</quote>, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> можна налаштувати на використання ключів за допомогою такої " "інструкції у <citerefentry> <refentrytitle>sshd_config</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting" "\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_authorizedkeys.1.xml:69 #, no-wrap msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:62 msgid "" "If <quote>PubkeyAgent</quote> is supported, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> can be configured to use it by using the following directive " "for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> configuration: <placeholder type=\"programlisting" "\" id=\"0\"/>" msgstr "" "Якщо передбачено підтримку <quote>PubkeyAgent</quote>, " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry> може бути налаштовано на використання ключів за допомогою " "такої інструкції <citerefentry> <refentrytitle>sshd</refentrytitle> " "<manvolnum>8</manvolnum></citerefentry>: <placeholder type=\"programlisting" "\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_authorizedkeys.1.xml:84 msgid "" "Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" "Шукати відкриті ключі користувачів у домені SSSD <replaceable>ДОМЕН</" "replaceable>." #. type: Content of: <reference><refentry><refsect1><title> #: sss_ssh_authorizedkeys.1.xml:93 sss_ssh_knownhostsproxy.1.xml:92 msgid "EXIT STATUS" msgstr "СТАН ВИХОДУ" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_authorizedkeys.1.xml:95 sss_ssh_knownhostsproxy.1.xml:94 msgid "" "In case of success, an exit value of 0 is returned. Otherwise, 1 is returned." msgstr "" "У випадку успіху значення стану виходу дорівнює 0. У всіх інших випадках " "програма повертає 1." #. type: Content of: <reference><refentry><refnamediv><refname> #: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15 msgid "sss_ssh_knownhostsproxy" msgstr "sss_ssh_knownhostsproxy" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_ssh_knownhostsproxy.1.xml:16 msgid "get OpenSSH host keys" msgstr "отримати ключі вузла OpenSSH" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> #: sss_ssh_knownhostsproxy.1.xml:21 msgid "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>options</replaceable> </arg> <arg " "choice='plain'><replaceable>HOST</replaceable></arg> <arg " "choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>" msgstr "" "<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> " "<replaceable>параметри</replaceable> </arg> <arg " "choice='plain'><replaceable>ВУЗОЛ</replaceable></arg> <arg " "choice='opt'><replaceable>КОМАНДА_ПРОКСІ</replaceable></arg>" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:33 msgid "" "<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for " "host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH " "known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section " "of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</" "manvolnum></citerefentry> for more information) <filename>/var/lib/sss/" "pubconf/known_hosts</filename> and estabilishes connection to the host." msgstr "" "<command>sss_ssh_knownhostsproxy</command> отримує відкриті ключі вузла SSH " "для вузла <replaceable>ВУЗОЛ</replaceable>, зберігає їх до нетипового файла " "OpenSSH known_hosts (щоб дізнатися більше, ознайомтеся з розділом " "<quote>ФОРМАТ ФАЙЛІВ SSH_KNOWN_HOSTS</quote> сторінки підручника (man) " "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></" "citerefentry>) за адресою <filename>/var/lib/sss/pubconf/known_hosts</" "filename> і встановлює з’єднання з вузлом." #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:43 msgid "" "If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to " "create the connection to the host instead of opening a socket." msgstr "" "Якщо вказано параметр <replaceable>КОМАНДА_ПРОКСІ</replaceable>, замість " "відкриття сокета для створення з’єднання буде використано відповідну команду." #. type: Content of: <reference><refentry><refsect1><para><programlisting> #: sss_ssh_knownhostsproxy.1.xml:55 #, no-wrap msgid "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" msgstr "" "ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n" "GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n" #. type: Content of: <reference><refentry><refsect1><para> #: sss_ssh_knownhostsproxy.1.xml:48 msgid "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</" "command> for host key authentication by using the following directives for " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry> можна налаштувати на використання " "<command>sss_ssh_knownhostsproxy</command> для розпізнавання вузлів за " "ключами за допомогою таких інструкцій у налаштуваннях " "<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></" "citerefentry>: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: sss_ssh_knownhostsproxy.1.xml:66 msgid "" "<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>" msgstr "" "<option>-p</option>,<option>--port</option> <replaceable>ПОРТ</replaceable>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:71 msgid "" "Use port <replaceable>PORT</replaceable> to connect to the host. By " "default, port 22 is used." msgstr "" "Використовувати для встановлення з’єднання з вузлом порт <replaceable>ПОРТ</" "replaceable>. Типовим портом є порт 22." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> #: sss_ssh_knownhostsproxy.1.xml:83 msgid "" "Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>." msgstr "" "Шукати відкриті ключі вузлів у домені SSSD <replaceable>ДОМЕН</replaceable>." #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" msgstr "ПОШУК СЛУЖБ" #. type: Content of: <refsect1><para> #: include/service_discovery.xml:4 msgid "" "The service discovery feature allows back ends to automatically find the " "appropriate servers to connect to using a special DNS query. This feature is " "not supported for backup servers." msgstr "" "За допомогою можливості виявлення служб основні модулі мають змогу " "автоматично визначати відповідні сервери для встановлення з’єднання на " "основі даних, отриманих у відповідь на спеціальний запит до DNS. Підтримки " "цієї можливості для резервних серверів не передбачено." #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99 msgid "Configuration" msgstr "Налаштування" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:11 msgid "" "If no servers are specified, the back end automatically uses service " "discovery to try to find a server. Optionally, the user may choose to use " "both fixed server addresses and service discovery by inserting a special " "keyword, <quote>_srv_</quote>, in the list of servers. The order of " "preference is maintained. This feature is useful if, for example, the user " "prefers to use service discovery whenever possible, and fall back to a " "specific server when no servers can be discovered using DNS." msgstr "" "Якщо серверів не буде вказано, модуль автоматично використає визначення " "служб для пошуку сервера. Крім того, користувач може використовувати і " "фіксовані адреси серверів і виявлення служб. Для цього слід вставити " "особливе ключове слово, «_srv_», до списку серверів. Пріоритет визначається " "за вказаним порядком. Ця можливість є корисною, якщо, наприклад, користувач " "надає перевагу використанню виявлення служб, якщо це можливо, з поверненням " "до використання певного сервера, якщо за допомогою DNS не вдасться виявити " "жодного сервера." #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:23 msgid "The domain name" msgstr "Назва домену" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:25 msgid "" "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry> manual page for more details." msgstr "" "З докладнішими відомостями щодо параметра «dns_discovery_domain» можна " "ознайомитися на сторінці підручника (man) <citerefentry> <refentrytitle>sssd." "conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:35 msgid "The protocol" msgstr "Протокол" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:37 msgid "" "The queries usually specify _tcp as the protocol. Exceptions are documented " "in respective option description." msgstr "" "Запитами зазвичай визначається протокол _tcp. Виключення документовано у " "описі відповідного параметра." #. type: Content of: <refsect1><refsect2><title> #: include/service_discovery.xml:42 msgid "See Also" msgstr "Також прочитайте" #. type: Content of: <refsect1><refsect2><para> #: include/service_discovery.xml:44 msgid "" "For more information on the service discovery mechanism, refer to RFC 2782." msgstr "" "Докладніші відомості щодо механізмів визначення служб можна знайти у RFC " "2782." #. type: Content of: outside any tag (error?) #: include/upstream.xml:1 msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" #. type: Content of: <refsect1><title> #: include/failover.xml:2 msgid "FAILOVER" msgstr "РЕЗЕРВ" #. type: Content of: <refsect1><para> #: include/failover.xml:4 msgid "" "The failover feature allows back ends to automatically switch to a different " "server if the current server fails." msgstr "" "Можливість резервування надає змогу модулям обробки автоматично перемикатися " "на інші сервери, якщо спроба встановлення з’єднання з поточним сервером " "зазнає невдачі." #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:8 msgid "Failover Syntax" msgstr "Синтаксичні конструкції визначення резервного сервера" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:10 msgid "" "The list of servers is given as a comma-separated list; any number of spaces " "is allowed around the comma. The servers are listed in order of preference. " "The list can contain any number of servers." msgstr "" "Список записів серверів, відокремлених комами. Між комами можна " "використовувати довільну кількість пробілів. Порядок у списку визначає " "пріоритет. У списку може бути будь-яка кількість записів серверів." #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:16 msgid "" "For each failover-enabled config option, two variants exist: " "<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is " "that servers in the primary list are preferred and backup servers are only " "searched if no primary servers can be reached. If a backup server is " "selected, a timeout of 31 seconds is set. After this timeout SSSD will " "periodically try to reconnect to one of the primary servers. If it succeeds, " "it will replace the current active (backup) server." msgstr "" "Для кожного з параметрів налаштування з увімкненим резервним отриманням " "існує два варіанти: <emphasis>основний</emphasis> і <emphasis>резервний</" "emphasis>. Ідея полягає у тому, що сервери з основного списку мають вищий " "пріоритет за резервні сервери, пошук же на резервних серверах виконується, " "лише якщо не вдасться з’єднатися з жодним з основних серверів. Якщо буде " "вибрано резервний сервер, встановлюється час очікування у 31 секунду. Після " "завершення часу очікування SSSD періодично намагатиметься повторно " "встановити з’єднання з основними серверами. Якщо спроба буде успішною, " "поточний активний резервний сервер буде замінено на основний." #. type: Content of: <refsect1><refsect2><title> #: include/failover.xml:27 msgid "The Failover Mechanism" msgstr "Механізм визначення резервного сервера" #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:29 msgid "" "The failover mechanism distinguishes between a machine and a service. The " "back end first tries to resolve the hostname of a given machine; if this " "resolution attempt fails, the machine is considered offline. No further " "attempts are made to connect to this machine for any other service. If the " "resolution attempt succeeds, the back end tries to connect to a service on " "this machine. If the service connection attempt fails, then only this " "particular service is considered offline and the back end automatically " "switches over to the next service. The machine is still considered online " "and might still be tried for another service." msgstr "" "Механізмом резервного використання розрізняються окремі комп’ютери і служби. " "Спочатку модуль намагається визначити назву вузла вказаного комп’ютера. Якщо " "спроби визначення зазнають невдачі, комп’ютер вважатиметься від’єднаним від " "мережі. Подальших спроб встановити з’єднання з цим комп’ютером для всіх " "інших служб не виконуватиметься. Якщо вдасться виконати визначення, модуль " "зробити спробу встановити з’єднання зі службою на визначеному комп’ютері. " "Якщо спроба з’єднання зі службою не призведе до успіху, непрацездатною " "вважатиметься лише служба, модуль автоматично перемкнеться на наступну " "службу. Комп’ютер служби вважатиметься з’єднаним з мережею, можливі подальші " "спроби використання інших служб." #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:42 msgid "" "Further connection attempts are made to machines or services marked as " "offline after a specified period of time; this is currently hard coded to 30 " "seconds." msgstr "" "Подальші спроби встановлення з’єднання з комп’ютерами або службами, " "позначеними як такі, що перебувають поза мережею, буде виконано за певний " "проміжок часу. У поточній версії цей проміжок є незмінним і дорівнює 30 " "секундам." #. type: Content of: <refsect1><refsect2><para> #: include/failover.xml:47 msgid "" "If there are no more machines to try, the back end as a whole switches to " "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" "Якщо список комп’ютерів буде вичерпано, основний модуль перейде у режим " "автономної роботи і повторюватиме спроби з’єднання кожні 30 секунд." #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" msgstr "ВСТАНОВЛЕННЯ ВІДПОВІДНОСТІ ІДЕНТИФІКАТОРІВ" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:4 msgid "" "The ID-mapping feature allows SSSD to act as a client of Active Directory " "without requiring administrators to extend user attributes to support POSIX " "attributes for user and group identifiers." msgstr "" "Можливість встановлення відповідності ідентифікаторів надає SSSD змогу " "працювати у режимі клієнта Active Directory без потреби для адміністраторів " "розширювати атрибути користувача з метою підтримки атрибутів POSIX для " "ідентифікаторів користувачів та груп." #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:9 msgid "" "NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are " "ignored. This is to avoid the possibility of conflicts between automatically-" "assigned and manually-assigned values. If you need to use manually-assigned " "values, ALL values must be manually-assigned." msgstr "" "Зауваження: якщо увімкнено встановлення відповідності ідентифікаторів, " "атрибути uidNumber та gidNumber буде проігноровано. Так зроблено з метою " "уникання конфліктів між автоматично визначеними та визначеними вручну " "значеннями. Якщо вам потрібно призначити певні значення вручну, вручну " "доведеться призначати ВСІ значення." #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:16 msgid "" "Please note that changing the ID mapping related configuration options will " "cause user and group IDs to change. At the moment, SSSD does not support " "changing IDs, so the SSSD database must be removed. Because cached passwords " "are also stored in the database, removing the database should only be " "performed while the authentication servers are reachable, otherwise users " "might get locked out. In order to cache the password, an authentication must " "be performed. It is not sufficient to use <citerefentry> " "<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry> to remove the database, rather the process consists of:" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:33 msgid "Making sure the remote servers are reachable" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:38 msgid "Stopping the SSSD service" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:43 msgid "Removing the database" msgstr "" #. type: Content of: <refsect1><para><itemizedlist><listitem><para> #: include/ldap_id_mapping.xml:48 msgid "Starting the SSSD service" msgstr "" #. type: Content of: <refsect1><para> #: include/ldap_id_mapping.xml:52 msgid "" "Moreover, as the change of IDs might necessitate the adjustment of other " "system properties such as file and directory ownership, it's advisable to " "plan ahead and test the ID mapping configuration thoroughly." msgstr "" #. type: Content of: <refsect1><refsect2><title> #: include/ldap_id_mapping.xml:59 msgid "Mapping Algorithm" msgstr "Алгоритм встановлення відповідності" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:61 msgid "" "Active Directory provides an objectSID for every user and group object in " "the directory. This objectSID can be broken up into components that " "represent the Active Directory domain identity and the relative identifier " "(RID) of the user or group object." msgstr "" "Active Directory надає значення objectSID для всіх об’єктів користувачів і " "груп у каталозі. Таке значення objectSID можна розбити на компоненти, які " "відповідають профілю домену Active Directory та відносному ідентифікатору " "(RID) об’єкта користувача або групи." #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:67 msgid "" "The SSSD ID-mapping algorithm takes a range of available UIDs and divides it " "into equally-sized component sections - called \"slices\"-. Each slice " "represents the space available to an Active Directory domain." msgstr "" "Алгоритмом встановлення відповідності ідентифікаторів SSSD передбачено поділ " "діапазону доступних UID на розділи однакових розмірів, які називаються " "«зрізами». Кожен зріз відповідає простору, доступному певному домену Active " "Directory." #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:73 msgid "" "When a user or group entry for a particular domain is encountered for the " "first time, the SSSD allocates one of the available slices for that domain. " "In order to make this slice-assignment repeatable on different client " "machines, we select the slice based on the following algorithm:" msgstr "" "Коли SSSD вперше зустрічає запис користувача або групи певного домену, SSSD " "віддає один з доступних зрізів під цей домен. З метою уможливлення " "відтворення такого призначення зрізів на різних клієнтських системах, зріз " "вибирається за таким алгоритмом:" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:80 msgid "" "The SID string is passed through the murmurhash3 algorithm to convert it to " "a 32-bit hashed value. We then take the modulus of this value with the total " "number of available slices to pick the slice." msgstr "" "Рядок SID передається алгоритмові murmurhash3 з метою перетворення його на " "хешоване 32-бітове значення. Для вибору зрізу використовується ціла частина " "від ділення цього значення на загальну кількість доступних зрізів." #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:86 msgid "" "NOTE: It is possible to encounter collisions in the hash and subsequent " "modulus. In these situations, we will select the next available slice, but " "it may not be possible to reproduce the same exact set of slices on other " "machines (since the order that they are encountered will determine their " "slice). In this situation, it is recommended to either switch to using " "explicit POSIX attributes in Active Directory (disabling ID-mapping) or " "configure a default domain to guarantee that at least one is always " "consistent. See <quote>Configuration</quote> for details." msgstr "" "Зауваження: за такого алгоритму можливі збіги за хешем та відповідною цілою " "частиною від ділення. У разі виявлення таких збігів буде вибрано наступний " "доступних зріз, але це може призвести до неможливості відтворити точно такий " "самий набір зрізів на інших комп’ютерах (оскільки в такому разі на вибір " "зрізів може вплинути порядок, у якому виконується обробка даних). Якщо ви " "зіткнулися з подібною ситуацією, рекомендуємо вам або перейти на " "використання явних атрибутів POSIX у Active Directory (вимкнути встановлення " "відповідності ідентифікаторів) або налаштувати типовий домен з метою " "гарантування того, що принаймні цей домен матиме еталонні дані. Докладніше " "про це у розділі «Налаштування»." #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:101 msgid "" "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):" msgstr "" "Мінімальне налаштовування (у розділі <quote>[domain/НАЗВА_ДОМЕНУ]</quote>):" #. type: Content of: <refsect1><refsect2><para><programlisting> #: include/ldap_id_mapping.xml:106 #, no-wrap msgid "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" msgstr "" "ldap_id_mapping = True\n" "ldap_schema = ad\n" #. type: Content of: <refsect1><refsect2><para> #: include/ldap_id_mapping.xml:111 msgid "" "The default configuration results in configuring 10,000 slices, each capable " "of holding up to 200,000 IDs, starting from 10,001 and going up to " "2,000,100,000. This should be sufficient for most deployments." msgstr "" "За типових налаштувань буде створено 10000 зрізів, кожен з яких може містити " "до 200000 ідентифікаторів, починаючи з 10001 і аж до 2000100000. Цього має " "вистачити для більшості розгорнутих середовищ." #. type: Content of: <refsect1><refsect2><refsect3><title> #: include/ldap_id_mapping.xml:117 msgid "Advanced Configuration" msgstr "Додаткові налаштування" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:120 msgid "ldap_idmap_range_min (integer)" msgstr "ldap_idmap_range_min (ціле число)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:123 msgid "" "Specifies the lower bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" "Визначає нижню межу діапазону ідентифікаторів POSIX, які слід " "використовувати для встановлення відповідності SID користувачів і груп " "Active Directory." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:127 msgid "" "NOTE: This option is different from <quote>min_id</quote> in that " "<quote>min_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>min_id</" "quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>" msgstr "" "Зауваження: цей параметр відрізняється від <quote>min_id</quote> тим, що " "<quote>min_id</quote> працює як фільтр відповідей на запити щодо цього " "домену, а цей параметр керує діапазоном призначення ідентифікаторів. Ця " "відмінність є мінімальною, але загалом варто визначати <quote>min_id</quote> " "меншим або рівним <quote>ldap_idmap_range_min</quote>" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:173 msgid "Default: 200000" msgstr "Типове значення: 200000" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:142 msgid "ldap_idmap_range_max (integer)" msgstr "ldap_idmap_range_max (ціле число)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:145 msgid "" "Specifies the upper bound of the range of POSIX IDs to use for mapping " "Active Directory user and group SIDs." msgstr "" "Визначає верхню межу діапазону ідентифікаторів POSIX, які слід " "використовувати для встановлення відповідності SID користувачів і груп " "Active Directory." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:149 msgid "" "NOTE: This option is different from <quote>max_id</quote> in that " "<quote>max_id</quote> acts to filter the output of requests to this domain, " "whereas this option controls the range of ID assignment. This is a subtle " "distinction, but the good general advice would be to have <quote>max_id</" "quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>" msgstr "" "Зауваження: цей параметр відрізняється від <quote>max_id</quote> тим, що " "<quote>max_id</quote> працює як фільтр відповідей на запити щодо цього " "домену, а цей параметр керує діапазоном призначення ідентифікаторів. Ця " "відмінність є мінімальною, але загалом варто визначати <quote>max_id</quote> " "більшим або рівним <quote>ldap_idmap_range_max</quote>" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:159 msgid "Default: 2000200000" msgstr "Типове значення: 2000200000" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:164 msgid "ldap_idmap_range_size (integer)" msgstr "ldap_idmap_range_size (ціле число)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:167 msgid "" "Specifies the number of IDs available for each slice. If the range size " "does not divide evenly into the min and max values, it will create as many " "complete slices as it can." msgstr "" "Визначає кількість ідентифікаторів доступних на кожному зі зрізів. Якщо " "розмір діапазону не ділиться націло на мінімальне і максимальне значення, " "буде створено якомога більше повних зрізів." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:178 msgid "ldap_idmap_default_domain_sid (string)" msgstr "ldap_idmap_default_domain_sid (рядок)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:181 msgid "" "Specify the domain SID of the default domain. This will guarantee that this " "domain will always be assigned to slice zero in the ID map, bypassing the " "murmurhash algorithm described above." msgstr "" "Визначає SID типового домену. За допомогою цього параметра можна гарантувати " "те, що цей домен буде завжди призначено до нульового зрізу у карті " "ідентифікаторів без використання алгоритму murmurhash описаного вище." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:192 msgid "ldap_idmap_default_domain (string)" msgstr "ldap_idmap_default_domain (рядок)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:195 msgid "Specify the name of the default domain." msgstr "Вказати назву типового домену." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term> #: include/ldap_id_mapping.xml:203 msgid "ldap_idmap_autorid_compat (boolean)" msgstr "ldap_idmap_autorid_compat (булеве значення)" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:206 msgid "" "Changes the behavior of the ID-mapping algorithm to behave more similarly to " "winbind's <quote>idmap_autorid</quote> algorithm." msgstr "" "Змінює поведінку алгоритму встановлення відповідності ідентифікаторів так, " "щоб обчислення відбувалися за алгоритмом подібним до алгоритму " "<quote>idmap_autorid</quote> winbind." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:211 msgid "" "When this option is configured, domains will be allocated starting with " "slice zero and increasing monatomically with each additional domain." msgstr "" "Якщо встановлено цей параметр, домени призначатимуться, починаючи з " "нульового зрізу з поступовим зростанням номерів на кожен додатковий домен." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:216 msgid "" "NOTE: This algorithm is non-deterministic (it depends on the order that " "users and groups are requested). If this mode is required for compatibility " "with machines running winbind, it is recommended to also use the " "<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at " "least one domain is consistently allocated to slice zero." msgstr "" "Зауваження: цей алгоритм є недетерміністичним (залежить від порядку записів " "користувачів та груп). Якщо з метою сумісності з системою, у якій запущено " "winbind, буде використано цей алгоритм, варто також скористатися параметром " "<quote>ldap_idmap_default_domain_sid</quote> з метою гарантування " "послідовного призначення принаймні одного домену до нульового зрізу." #. type: Content of: <varlistentry><term> #: include/param_help.xml:3 msgid "<option>-?</option>,<option>--help</option>" msgstr "<option>-?</option>,<option>--help</option>" #. type: Content of: <varlistentry><listitem><para> #: include/param_help.xml:7 include/param_help_py.xml:7 msgid "Display help message and exit." msgstr "Показати довідкове повідомлення і завершити роботу." #. type: Content of: <varlistentry><term> #: include/param_help_py.xml:3 msgid "<option>-h</option>,<option>--help</option>" msgstr "<option>-h</option>,<option>--help</option>" #. type: Content of: <listitem><para> #: include/debug_levels.xml:3 msgid "" "SSSD supports two representations for specifying the debug level. The " "simplest is to specify a decimal value from 0-9, which represents enabling " "that level and all lower-level debug messages. The more comprehensive option " "is to specify a hexadecimal bitmask to enable or disable specific levels " "(such as if you wish to suppress a level)." msgstr "" #. type: Content of: <listitem><para> #: include/debug_levels.xml:10 msgid "Currently supported debug levels:" msgstr "Рівні діагностики, передбачені у поточній версії:" #. type: Content of: <listitem><para> #: include/debug_levels.xml:13 #, fuzzy #| msgid "" #| "<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent " #| "SSSD from starting up or causes it to cease running." msgid "" "<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. " "Anything that would prevent SSSD from starting up or causes it to cease " "running." msgstr "" "<emphasis>0x0010</emphasis>: критичні помилки з аварійним завершенням " "роботи. Всі помилки, які не дають SSSD змоги розпочати або продовжувати " "роботу." #. type: Content of: <listitem><para> #: include/debug_levels.xml:19 #, fuzzy #| msgid "" #| "<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't " #| "kill the SSSD, but one that indicates that at least one major feature is " #| "not going to work properly." msgid "" "<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An " "error that doesn't kill the SSSD, but one that indicates that at least one " "major feature is not going to work properly." msgstr "" "<emphasis>0x0020</emphasis>: критичні помилки. Помилки, які не призводять до " "аварійного завершення роботи SSSD, але означають, що одна з основних " "можливостей не працює належним чином." #. type: Content of: <listitem><para> #: include/debug_levels.xml:26 #, fuzzy #| msgid "" #| "<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a " #| "particular request or operation has failed." msgid "" "<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An " "error announcing that a particular request or operation has failed." msgstr "" "<emphasis>0x0040</emphasis>: серйозні помилки. Повідомлення про такі помилки " "означають, що не вдалося виконати певний запит або дію." #. type: Content of: <listitem><para> #: include/debug_levels.xml:31 #, fuzzy #| msgid "" #| "<emphasis>0x0080</emphasis>: Minor failures. These are the errors that " #| "would percolate down to cause the operation failure of 2." msgid "" "<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These " "are the errors that would percolate down to cause the operation failure of 2." msgstr "" "<emphasis>0x0080</emphasis>: незначні помилки. Це помилки які можуть " "призвести до помилок під час виконання дій." #. type: Content of: <listitem><para> #: include/debug_levels.xml:36 #, fuzzy #| msgid "<emphasis>0x0100</emphasis>: Configuration settings." msgid "" "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings." msgstr "<emphasis>0x0100</emphasis>: параметри налаштування." #. type: Content of: <listitem><para> #: include/debug_levels.xml:40 #, fuzzy #| msgid "<emphasis>0x0200</emphasis>: Function data." msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data." msgstr "<emphasis>0x0200</emphasis>: дані функцій." #. type: Content of: <listitem><para> #: include/debug_levels.xml:44 #, fuzzy #| msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions." msgid "" "<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for " "operation functions." msgstr "<emphasis>0x0400</emphasis>: повідомлення трасування для функцій дій." #. type: Content of: <listitem><para> #: include/debug_levels.xml:48 #, fuzzy #| msgid "" #| "<emphasis>0x1000</emphasis>: Trace messages for internal control " #| "functions." msgid "" "<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for " "internal control functions." msgstr "" "<emphasis>0x1000</emphasis>: повідомлення трасування для функцій " "внутрішнього трасування." #. type: Content of: <listitem><para> #: include/debug_levels.xml:53 #, fuzzy #| msgid "" #| "<emphasis>0x2000</emphasis>: Contents of function-internal variables that " #| "may be interesting." msgid "" "<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-" "internal variables that may be interesting." msgstr "" "<emphasis>0x2000</emphasis>: вміст внутрішніх змінних функцій, який може " "бути цікавим." #. type: Content of: <listitem><para> #: include/debug_levels.xml:58 #, fuzzy #| msgid "" #| "<emphasis>0x4000</emphasis>: Extremely low-level tracing information." msgid "" "<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level " "tracing information." msgstr "<emphasis>0x4000</emphasis>: дані трасування найнижчого рівня." #. type: Content of: <listitem><para> #: include/debug_levels.xml:62 #, fuzzy #| msgid "" #| "To log required debug levels, simply add their numbers together as shown " #| "in following examples:" msgid "" "To log required bitmask debug levels, simply add their numbers together as " "shown in following examples:" msgstr "" "Щоб до журналу було записано дані потрібних рівнів діагностики, просто " "додайте відповідні числа, як це показано у наведених нижче прикладах:" #. type: Content of: <listitem><para> #: include/debug_levels.xml:66 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, critical failures, " "serious failures and function data use 0x0270." msgstr "" "<emphasis>Example</emphasis>: щоб до журналу було записано дані щодо " "критичних помилок з аварійним завершенням роботи, критичних помилок, " "серйозних помилок та дані функцій, скористайтеся рівнем діагностики 0x0270." #. type: Content of: <listitem><para> #: include/debug_levels.xml:70 msgid "" "<emphasis>Example</emphasis>: To log fatal failures, configuration settings, " "function data, trace messages for internal control functions use 0x1310." msgstr "" "<emphasis>Приклад</emphasis>: щоб до журналу було записано критичні помилки " "з аварійним завершенням роботи, параметри налаштування, дані функцій та " "повідомлення трасування для функцій внутрішнього керування, скористайтеся " "рівнем 0x1310." #. type: Content of: <listitem><para> #: include/debug_levels.xml:75 #, fuzzy #| msgid "" #| "<emphasis>Note</emphasis>: This is new format of debug levels introduced " #| "in 1.7.0. Older format (numbers from 0-10) is compatible but deprecated." msgid "" "<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced " "in 1.7.0." msgstr "" "<emphasis>Зауваження</emphasis>: цей новий формат визначення рівнів " "діагностики впроваджено у версії 1.7.0. Визначення у форматах попередніх " "версій (числа від 0 до 10) сумісні сз поточною версією, але вважаються " "застарілими." #. type: Content of: <listitem><para> #: include/debug_levels.xml:79 #, fuzzy #| msgid "<emphasis>h</emphasis> for hours" msgid "<emphasis>Default</emphasis>: 0" msgstr "<emphasis>h</emphasis> — години" #. type: Content of: outside any tag (error?) #: include/experimental.xml:1 msgid "" "<emphasis> This is an experimental feature, please use http://fedorahosted." "org/sssd to report any issues. </emphasis>" msgstr "" "<emphasis> Цю можливість ще не перевірено достатнім чином. Будь ласка, якщо " "помітите якісь вади, повідомте про них за допомогою настанов на сторінці " "http://fedorahosted.org/sssd. </emphasis>" #. type: Content of: <refsect1><title> #: include/local.xml:2 msgid "THE LOCAL DOMAIN" msgstr "ЛОКАЛЬНИЙ ДОМЕН" #. type: Content of: <refsect1><para> #: include/local.xml:4 msgid "" "In order to function correctly, a domain with <quote>id_provider=local</" "quote> must be created and the SSSD must be running." msgstr "" "З метою забезпечення належної роботи слід створити домен з " "<quote>id_provider=local</quote> та запустити SSSD." #. type: Content of: <refsect1><para> #: include/local.xml:9 msgid "" "The administrator might want to use the SSSD local users instead of " "traditional UNIX users in cases where the group nesting (see <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>) is needed. The local users are also useful for testing and " "development of the SSSD without having to deploy a full remote server. The " "<command>sss_user*</command> and <command>sss_group*</command> tools use a " "local LDB storage to store users and groups." msgstr "" "Адміністратор може надати перевагу використанню локальних записів " "користувачів SSSD замість традиційних записів користувачів UNIX, якщо для " "роботи потрібна вкладеність груп (див. <citerefentry> " "<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </" "citerefentry>). Використання локальних записів може також бути корисним для " "тестування та розробки програмного забезпечення з підтримкою SSSD (у такому " "разі не потрібно розгортати повноцінний віддалений сервер). Інструменти " "<command>sss_user*</command> та <command>sss_group*</command> використовують " "для зберігання записів користувачів і груп локальне сховище даних LDB." #. type: Content of: <refsect1><title> #: include/seealso.xml:2 msgid "SEE ALSO" msgstr "ТАКОЖ ПЕРЕГЛЯНЬТЕ" #. type: Content of: <refsect1><para> #: include/seealso.xml:4 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." msgstr "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </" "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> " "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sss_seed</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " "<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:3 #: include/ldap_search_bases_experimental.xml:3 msgid "" "An optional base DN, search scope and LDAP filter to restrict LDAP searches " "for this attribute type." msgstr "" "Додатковий основний DN, область пошуку і фільтр LDAP для обмеження пошуків " "LDAP цим типом атрибутів." #. type: Content of: <listitem><para><programlisting> #: include/ldap_search_bases.xml:9 #: include/ldap_search_bases_experimental.xml:9 #, no-wrap msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:7 #: include/ldap_search_bases_experimental.xml:7 msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "синтаксис: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:13 #: include/ldap_search_bases_experimental.xml:13 msgid "" "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter " "must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/" "rfc2254.txt" msgstr "" "Областю може бути одне зі значень: «base», «onelevel» або «subtree». " "Фільтром має бути коректний запис фільтрування LDAP, відповідно до " "специфікації http://www.ietf.org/rfc/rfc2254.txt" #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:19 #: include/ldap_search_bases_experimental.xml:19 msgid "" "For examples of this syntax, please refer to the <quote>ldap_search_base</" "quote> examples section." msgstr "" "Приклади використання цих синтаксичних конструкцій можна знайти у розділі " "прикладів «ldap_search_base»." #. type: Content of: <listitem><para> #: include/ldap_search_bases.xml:27 #: include/ldap_search_bases_experimental.xml:27 msgid "" "Please note that specifying scope or filter is not supported for searches " "against an Active Directory Server that might yield a large number of " "results and trigger the Range Retrieval extension in the response." msgstr "" "Будь ласка, зауважте, що підтримки визначення області або фільтра для " "пошуків на сервері Active Directory не передбачено. Це може призвести до " "отримання значної кількості результатів і викликати реакцію з боку " "розширення діапазону отримання (Range Retrieval)." #. type: Content of: <para> #: include/autofs_restart.xml:2 msgid "" "Please note that the automounter only reads the master map on startup, so if " "any autofs-related changes are made to the sssd.conf, you typically also " "need to restart the automounter daemon after restarting the SSSD." msgstr "" "Будь ласка, зауважте, що засіб автоматичного монтування читає основну карту " "лише під час запуску, отже якщо до ssd.conf внесено будь-які пов’язані з " "autofs зміни, типово слід перезапустити фонову службу автоматичного " "монтування після перезапуску SSSD." #. type: Content of: <varlistentry><term> #: include/override_homedir.xml:2 msgid "override_homedir (string)" msgstr "override_homedir (рядок)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:16 msgid "UID number" msgstr "номер UID" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:20 msgid "domain name" msgstr "назва домену" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:23 msgid "%f" msgstr "%f" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:24 msgid "fully qualified user name (user@domain)" msgstr "ім’я користувача повністю (користувач@домен)" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term> #: include/override_homedir.xml:27 msgid "%o" msgstr "%o" #. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para> #: include/override_homedir.xml:29 msgid "The original home directory retrieved from the identity provider." msgstr "Початкова домашня тека, отримана від служби профілів." #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:5 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" "Перевизначити домашній каталог користувача. Ви можете вказати абсолютне " "значення або шаблон. У шаблоні можна використовувати такі замінники: " "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:41 msgid "This option can also be set per-domain." msgstr "" "Значення цього параметра можна встановлювати для кожного з доменів окремо." #. type: Content of: <varlistentry><listitem><para><programlisting> #: include/override_homedir.xml:46 #, no-wrap msgid "" "override_homedir = /home/%u\n" " " msgstr "" "override_homedir = /home/%u\n" " " #. type: Content of: <varlistentry><listitem><para> #: include/override_homedir.xml:50 msgid "Default: Not set (SSSD will use the value retrieved from LDAP)" msgstr "" "Типове значення: не встановлено (SSSD використовуватиме значення, отримане " "від LDAP)" #~ msgid "" #~ "Override the login shell for all users. This option can be specified " #~ "globally in the [nss] section or per-domain." #~ msgstr "" #~ "Перевизначити оболонку реєстрації для всіх користувачів. Цей параметр " #~ "можна вказати на загальному рівні у розділі [nss] або для кожного з " #~ "доменів окремо." #~ msgid "" #~ "Directory to store credential caches. All the substitution sequences of " #~ "krb5_ccname_template can be used here, too, except %d and %P. If the " #~ "directory does not exist, it will be created. If %u, %U, %p or %h are " #~ "used, a private directory belonging to the user is created. Otherwise, a " #~ "public directory with restricted deletion flag (aka sticky bit, as " #~ "described in <citerefentry> <refentrytitle>chmod</refentrytitle> " #~ "<manvolnum>1</manvolnum> </citerefentry> for details) is created." #~ msgstr "" #~ "Каталог для зберігання кешу реєстраційних даних. Тут можна " #~ "використовувати всі послідовності-замінники krb5_ccname_template, окрім " #~ "%d і %P. Якщо каталогу не існує, його буде створено. Якщо використано %u, " #~ "%U, %p або %h, буде створено особистий каталог, власником якого буде " #~ "користувач. Якщо цих замінників не буде використано, буде створено " #~ "відкритий каталог з обмеженням на вилучення (або липким бітом, докладніші " #~ "відомості викладено у довіднику (man) з <citerefentry> " #~ "<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </" #~ "citerefentry>)." #~ msgid "Default: FILE:%d/krb5cc_%U_XXXXXX" #~ msgstr "Типове значення: FILE:%d/krb5cc_%U_XXXXXX" #~ msgid "" #~ "Bit mask that indicates which debug levels will be visible. 0x0010 is the " #~ "default value as well as the lowest allowed value, 0xFFF0 is the most " #~ "verbose mode. This setting overrides the settings from config file." #~ msgstr "" #~ "Бітова маска, яка визначає рівні діагностики, дані яких буде показано. " #~ "0x0010 — типове і найменше можливе значення. 0xFFF0 — найдокладніший " #~ "режим. Визначення цього параметра має пріоритет над визначенням у файлі " #~ "налаштувань." �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/PaxHeaders.13173/sysv���������������������������������������������������������������0000644�0000000�0000000�00000000130�12320753521�015262� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 mtime=1396954961.37187516 30 atime=1396955003.535843846 29 ctime=1396954961.37187516 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/�������������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�015570� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/PaxHeaders.13173/sssd����������������������������������������������������������0000644�0000000�0000000�00000000130�12320753520�016235� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954960.310875943 29 atime=1396954961.01987542 29 ctime=1396954961.37187516 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/sssd���������������������������������������������������������������������������0000664�0024127�0024127�00000005260�12320753520�016471� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh # # # chkconfig: - 12 88 # description: Provides a set of daemons to manage access to remote directories # and authentication mechanisms. It provides an NSS and PAM # interface toward the system and a pluggable backend system to # connect to multiple different account sources. It is also the # basis to provide client auditing and policy services for projects # like FreeIPA. # ### BEGIN INIT INFO # Provides: sssd # Required-Start: $remote_fs $time # Should-Start: $syslog # Should-Stop: $null # Required-Stop: $null # Default-Stop: 0 1 6 # Short-Description: System Security Services Daemon # Description: Provides a set of daemons to manage access to remote directories # and authentication mechanisms. It provides an NSS and PAM # interface toward the system and a pluggable backend system to # connect to multiple different account sources. It is also the # basis to provide client auditing and policy services for projects # like FreeIPA. ### END INIT INFO RETVAL=0 prog="sssd" # Source function library. . /etc/init.d/functions if [ -f ${prefix}/etc/sysconfig/sssd ]; then . ${prefix}/etc/sysconfig/sssd fi SSSD=${exec_prefix}/sbin/sssd LOCK_FILE=${prefix}/var/lock/subsys/sssd PID_FILE=${prefix}/var/run/sssd.pid start() { [ -x $SSSD ] || exit 5 echo -n $"Starting $prog: " daemon $SSSD -f -D RETVAL=$? echo [ "$RETVAL" = 0 ] && touch $LOCK_FILE return $RETVAL } stop() { echo -n $"Stopping $prog: " pid=`cat $PID_FILE` killproc -p $PID_FILE $SSSD -TERM RETVAL=$? # Wait until the monitor exits while (checkpid $pid) do usleep 100000 done echo [ "$RETVAL" = 0 ] && rm -f $LOCK_FILE return $RETVAL } reload() { echo -n $"Reloading $prog: " killproc $SSSD -HUP RETVAL=$? echo return $RETVAL } restart() { stop start } force_reload() { restart } rh_status() { # run checks to determine if the service is running or use generic status status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 restart ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" exit 2 esac exit $? ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/PaxHeaders.13173/systemd�������������������������������������������������������0000644�0000000�0000000�00000000130�12320753521�016752� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 mtime=1396954961.79087485 30 atime=1396955003.535843846 29 ctime=1396954961.79087485 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/systemd/�����������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�017260� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/systemd/PaxHeaders.13173/sssd.service������������������������������������������0000644�0000000�0000000�00000000132�12320753521�021367� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.258875243 30 atime=1396954961.257875244 30 ctime=1396954961.414875128 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/systemd/sssd.service�����������������������������������������������������������0000664�0024127�0024127�00000000627�12320753521�021623� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[Unit] Description=System Security Services Daemon # SSSD will not be started until syslog is After=syslog.target [Service] EnvironmentFile=-/usr/local/etc/sysconfig/sssd ExecStart=/usr/local/sbin/sssd -D -f # These two should be used with traditional UNIX forking daemons # consult systemd.service(5) for more details Type=forking PIDFile=/usr/local/var/run/sssd.pid [Install] WantedBy=multi-user.target ���������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/systemd/PaxHeaders.13173/sssd.service.in���������������������������������������0000644�0000000�0000000�00000000073�12320753107�022000� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954961.258875243 29 ctime=1396954961.79087485 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/systemd/sssd.service.in��������������������������������������������������������0000664�0024127�0024127�00000000607�12320753107�022226� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[Unit] Description=System Security Services Daemon # SSSD will not be started until syslog is After=syslog.target [Service] EnvironmentFile=-@environment_file@ ExecStart=@sbindir@/sssd -D -f # These two should be used with traditional UNIX forking daemons # consult systemd.service(5) for more details Type=forking PIDFile=@localstatedir@/run/sssd.pid [Install] WantedBy=multi-user.target �������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/PaxHeaders.13173/sssd.in�������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�016652� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954960.308875944 30 ctime=1396954961.360875168 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/sssd.in������������������������������������������������������������������������0000664�0024127�0024127�00000005226�12320753107�017101� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh # # # chkconfig: - 12 88 # description: Provides a set of daemons to manage access to remote directories # and authentication mechanisms. It provides an NSS and PAM # interface toward the system and a pluggable backend system to # connect to multiple different account sources. It is also the # basis to provide client auditing and policy services for projects # like FreeIPA. # ### BEGIN INIT INFO # Provides: sssd # Required-Start: $remote_fs $time # Should-Start: $syslog # Should-Stop: $null # Required-Stop: $null # Default-Stop: 0 1 6 # Short-Description: System Security Services Daemon # Description: Provides a set of daemons to manage access to remote directories # and authentication mechanisms. It provides an NSS and PAM # interface toward the system and a pluggable backend system to # connect to multiple different account sources. It is also the # basis to provide client auditing and policy services for projects # like FreeIPA. ### END INIT INFO RETVAL=0 prog="sssd" # Source function library. . /etc/init.d/functions if [ -f @environment_file@ ]; then . @environment_file@ fi SSSD=@sbindir@/sssd LOCK_FILE=@localstatedir@/lock/subsys/sssd PID_FILE=@localstatedir@/run/sssd.pid start() { [ -x $SSSD ] || exit 5 echo -n $"Starting $prog: " daemon $SSSD -f -D RETVAL=$? echo [ "$RETVAL" = 0 ] && touch $LOCK_FILE return $RETVAL } stop() { echo -n $"Stopping $prog: " pid=`cat $PID_FILE` killproc -p $PID_FILE $SSSD -TERM RETVAL=$? # Wait until the monitor exits while (checkpid $pid) do usleep 100000 done echo [ "$RETVAL" = 0 ] && rm -f $LOCK_FILE return $RETVAL } reload() { echo -n $"Reloading $prog: " killproc $SSSD -HUP RETVAL=$? echo return $RETVAL } restart() { stop start } force_reload() { restart } rh_status() { # run checks to determine if the service is running or use generic status status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 restart ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" exit 2 esac exit $? ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/PaxHeaders.13173/SUSE����������������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�016043� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.369875161 30 atime=1396955003.535843846 30 ctime=1396954961.369875161 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/SUSE/��������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�016347� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/SUSE/PaxHeaders.13173/sssd�����������������������������������������������������0000644�0000000�0000000�00000000131�12320753520�017015� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954960.334875925 30 atime=1396954961.023875417 29 ctime=1396954961.37087516 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/SUSE/sssd����������������������������������������������������������������������0000664�0024127�0024127�00000003413�12320753520�017246� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh ### BEGIN INIT INFO # Provides: sssd # Required-Start: $remote_fs $time # Should-Start: $syslog # Should-Stop: $syslog # Required-Stop: $remote_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 4 6 # Short-Description: System Security Services Daemon # Description: Provides a set of daemons to manage access to remote directories # and authentication mechanisms. It provides an NSS and PAM # interface toward the system and a pluggable backend system to # connect to multiple different account sources. It is also the # basis to provide client auditing and policy services for projects # like FreeIPA. ### END INIT INFO RETVAL=0 prog="sssd" # Source function library. . /etc/rc.status rc_reset SSSD=${exec_prefix}/sbin/sssd PID_FILE=${prefix}/var/run/sssd.pid case "$1" in start) echo -n "Starting $prog " /sbin/startproc $SSSD -f -D 2>/dev/null rc_status -v ;; stop) echo -n "Shutting down $prog " /sbin/killproc -p $PID_FILE $SSSD -TERM rc_status -v ;; restart) $0 stop $0 start rc_status ;; reload) echo -n "Reload service $prog " killproc $SSSD -HUP rc_status -v ;; force-reload) $0 reload ;; status) echo -n "Checking for service $prog" /sbin/checkproc $SSSD rc_status -v ;; condrestart|try-restart) $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi rc_status ;; *) echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" exit 1 esac rc_exit �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/SUSE/PaxHeaders.13173/sssd.in��������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�017431� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954960.330875928 30 ctime=1396954961.361875167 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/SUSE/sssd.in�������������������������������������������������������������������0000664�0024127�0024127�00000003403�12320753107�017653� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh ### BEGIN INIT INFO # Provides: sssd # Required-Start: $remote_fs $time # Should-Start: $syslog # Should-Stop: $syslog # Required-Stop: $remote_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 4 6 # Short-Description: System Security Services Daemon # Description: Provides a set of daemons to manage access to remote directories # and authentication mechanisms. It provides an NSS and PAM # interface toward the system and a pluggable backend system to # connect to multiple different account sources. It is also the # basis to provide client auditing and policy services for projects # like FreeIPA. ### END INIT INFO RETVAL=0 prog="sssd" # Source function library. . /etc/rc.status rc_reset SSSD=@sbindir@/sssd PID_FILE=@localstatedir@/run/sssd.pid case "$1" in start) echo -n "Starting $prog " /sbin/startproc $SSSD -f -D 2>/dev/null rc_status -v ;; stop) echo -n "Shutting down $prog " /sbin/killproc -p $PID_FILE $SSSD -TERM rc_status -v ;; restart) $0 stop $0 start rc_status ;; reload) echo -n "Reload service $prog " killproc $SSSD -HUP rc_status -v ;; force-reload) $0 reload ;; status) echo -n "Checking for service $prog" /sbin/checkproc $SSSD rc_status -v ;; condrestart|try-restart) $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi rc_status ;; *) echo "Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" exit 1 esac rc_exit �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/PaxHeaders.13173/gentoo��������������������������������������������������������0000644�0000000�0000000�00000000130�12320753521�016555� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 mtime=1396954961.37087516 30 atime=1396955003.535843846 29 ctime=1396954961.37087516 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/gentoo/������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�017063� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/gentoo/PaxHeaders.13173/sssd���������������������������������������������������0000644�0000000�0000000�00000000131�12320753520�017531� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954960.320875935 30 atime=1396954961.021875418 29 ctime=1396954961.37087516 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/gentoo/sssd��������������������������������������������������������������������0000664�0024127�0024127�00000000505�12320753520�017761� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/sbin/runscript depend(){ need localmount netmount clock use syslog xdm } start(){ ebegin "Starting sssd" start-stop-daemon --start --exec ${exec_prefix}/sbin/sssd -- -Df eend ${?} } stop(){ ebegin "Stopping sssd" start-stop-daemon --stop --pidfile ${prefix}/var/run/sssd.pid eend ${?} } �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/gentoo/PaxHeaders.13173/sssd.in������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020145� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954960.318875937 30 ctime=1396954961.360875168 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sysv/gentoo/sssd.in�����������������������������������������������������������������0000664�0024127�0024127�00000000475�12320753107�020375� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/sbin/runscript depend(){ need localmount netmount clock use syslog xdm } start(){ ebegin "Starting sssd" start-stop-daemon --start --exec @sbindir@/sssd -- -Df eend ${?} } stop(){ ebegin "Stopping sssd" start-stop-daemon --stop --pidfile @localstatedir@/run/sssd.pid eend ${?} } ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/PaxHeaders.13173/conf_macros.m4�����������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�017075� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.616891174 30 ctime=1396954961.328875191 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/conf_macros.m4����������������������������������������������������������������������0000664�0024127�0024127�00000047631�12320753107�017332� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������AC_DEFUN([WITH_DISTRO_VERSION], [ AC_ARG_WITH([distro-version], [AC_HELP_STRING([--with-distro-version=VERSION], [Distro version number []] ) ] ) AC_DEFINE_UNQUOTED(DISTRO_VERSION, "$with_distro_version", [Distro version number]) ]) AC_DEFUN([WITH_DB_PATH], [ AC_ARG_WITH([db-path], [AC_HELP_STRING([--with-db-path=PATH], [Path to the SSSD databases [/var/lib/sss/db]] ) ] ) config_dbpath="\"VARDIR\"/lib/sss/db" dbpath="${localstatedir}/lib/sss/db" if test x"$with_db_path" != x; then config_dbpath=$with_db_path dbpath=$with_db_path fi AC_SUBST(dbpath) AC_DEFINE_UNQUOTED(DB_PATH, "$config_dbpath", [Path to the SSSD databases]) ]) AC_DEFUN([WITH_PLUGIN_PATH], [ AC_ARG_WITH([plugin-path], [AC_HELP_STRING([--with-plugin-path=PATH], [Path to the SSSD data provider plugins [/usr/lib/sssd]] ) ] ) pluginpath="${libdir}/sssd" config_pluginpath="\"LIBDIR\"/sssd" if test x"$with_plugin_path" != x; then pluginpath=$with_plugin_path config_pluginpath=$with_plugin_path fi AC_SUBST(pluginpath) AC_DEFINE_UNQUOTED(DATA_PROVIDER_PLUGINS_PATH, "$config_pluginpath", [Path to the SSSD data provider plugins]) ]) AC_DEFUN([WITH_PID_PATH], [ AC_ARG_WITH([pid-path], [AC_HELP_STRING([--with-pid-path=PATH], [Where to store pid files for the SSSD [/var/run]] ) ] ) config_pidpath="\"VARDIR\"/run" pidpath="${localstatedir}/run" if test x"$with_pid_path" != x; then config_pidpath=$with_pid_path pidpath=$with_pid_path fi AC_SUBST(pidpath) AC_DEFINE_UNQUOTED(PID_PATH, "$config_pidpath", [Where to store pid files for the SSSD]) ]) AC_DEFUN([WITH_LOG_PATH], [ AC_ARG_WITH([log-path], [AC_HELP_STRING([--with-log-path=PATH], [Where to store log files for the SSSD [/var/log/sssd]] ) ] ) config_logpath="\"VARDIR\"/log/sssd" logpath="${localstatedir}/log/sssd" if test x"$with_log_path" != x; then config_logpath=$with_log_path logpath=$with_log_path fi AC_SUBST(logpath) AC_DEFINE_UNQUOTED(LOG_PATH, "$config_logpath", [Where to store log files for the SSSD]) ]) AC_DEFUN([WITH_PUBCONF_PATH], [ AC_ARG_WITH([pubconf-path], [AC_HELP_STRING([--with-pubconf-path=PATH], [Where to store pubconf files for the SSSD [/var/lib/sss/pubconf]] ) ] ) config_pubconfpath="\"VARDIR\"/lib/sss/pubconf" pubconfpath="${localstatedir}/lib/sss/pubconf" if test x"$with_pubconf_path" != x; then config_pubconfpath=$with_pubconf_path pubconfpath=$with_pubconf_path fi AC_SUBST(pubconfpath) AC_DEFINE_UNQUOTED(PUBCONF_PATH, "$config_pubconfpath", [Where to store pubconf files for the SSSD]) ]) AC_DEFUN([WITH_PIPE_PATH], [ AC_ARG_WITH([pipe-path], [AC_HELP_STRING([--with-pipe-path=PATH], [Where to store pipe files for the SSSD interconnects [/var/lib/sss/pipes]] ) ] ) config_pipepath="\"VARDIR\"/lib/sss/pipes" pipepath="${localstatedir}/lib/sss/pipes" if test x"$with_pipe_path" != x; then config_pipepath=$with_pipe_path pipepath=$with_pipe_path fi AC_SUBST(pipepath) AC_DEFINE_UNQUOTED(PIPE_PATH, "$config_pipepath", [Where to store pipe files for the SSSD interconnects]) ]) AC_DEFUN([WITH_MCACHE_PATH], [ AC_ARG_WITH([mcache-path], [AC_HELP_STRING([--with-mcache-path=PATH], [Where to store mmap cache files for the SSSD interconnects [/var/lib/sss/mc]] ) ] ) config_mcpath="\"VARDIR\"/lib/sss/mc" mcpath="${localstatedir}/lib/sss/mc" if test x"$with_mcache_path" != x; then config_mcpath=$with_mcache_path mcpath=$with_mcache_path fi AC_SUBST(mcpath) AC_DEFINE_UNQUOTED(MCACHE_PATH, "$config_mcpath", [Where to store mmap cache files for the SSSD interconnects]) ]) AC_DEFUN([WITH_INITSCRIPT], [ AC_ARG_WITH([initscript], [AC_HELP_STRING([--with-initscript=INITSCRIPT_TYPE], [Type of your init script (sysv|systemd). [sysv]] ) ] ) default_initscript=sysv if test x"$with_initscript" = x; then with_initscript=$default_initscript fi if test x"$with_initscript" = xsysv || \ test x"$with_initscript" = xsystemd; then initscript=$with_initscript else AC_MSG_ERROR([Illegal value -$with_initscript- for option --with-initscript]) fi AM_CONDITIONAL([HAVE_SYSV], [test x"$initscript" = xsysv]) AM_CONDITIONAL([HAVE_SYSTEMD_UNIT], [test x"$initscript" = xsystemd]) AC_MSG_NOTICE([Will use init script type: $initscript]) ]) AC_DEFUN([WITH_ENVIRONMENT_FILE], [ AC_ARG_WITH([environment_file], [AC_HELP_STRING([--with-environment-file=PATH], [Path to environment file [/etc/sysconfig/sssd]]) ] ) ENVIRONMENT_FILE_PATH="${sysconfdir}/sysconfig/sssd" if test x"$with_environment_file" != x; then ENVIRONMENT_FILE_PATH=$with_environment_file fi AC_SUBST(environment_file, [$ENVIRONMENT_FILE_PATH]) ]) AC_DEFUN([WITH_INIT_DIR], [ AC_ARG_WITH([init-dir], [AC_HELP_STRING([--with-init-dir=DIR], [Where to store init script for sssd [/etc/rc.d/init.d]] ) ] ) initdir="${sysconfdir}/rc.d/init.d" if test x$osname == xgentoo; then initdir="${sysconfdir}/init.d" fi if test x"$with_init_dir" != x; then initdir=$with_init_dir fi AC_SUBST(initdir) ]) dnl A macro to configure the directory to install the systemd unit files to AC_DEFUN([WITH_SYSTEMD_UNIT_DIR], [ AC_ARG_WITH([systemdunitdir], [ AC_HELP_STRING([--with-systemdunitdir=DIR], [Directory for systemd service files [Auto]] ), ], ) if test x"$with_systemdunitdir" != x; then systemdunitdir=$with_systemdunitdir else systemdunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd) if test x"$systemdunitdir" = x; then AC_MSG_ERROR([Could not detect systemd unit directory]) fi fi AC_SUBST(systemdunitdir) ]) AC_DEFUN([WITH_MANPAGES], [ AC_ARG_WITH([manpages], [AC_HELP_STRING([--with-manpages], [Whether to regenerate man pages from DocBook sources [yes]] ) ], [], with_manpages=yes ) if test x"$with_manpages" = xyes; then HAVE_MANPAGES=1 AC_SUBST(HAVE_MANPAGES) fi ]) AM_CONDITIONAL([BUILD_MANPAGES], [test x$with_manpages = xyes]) AC_DEFUN([WITH_XML_CATALOG], [ AC_ARG_WITH([xml-catalog-path], [AC_HELP_STRING([--with-xml-catalog-path=PATH], [Where to look for XML catalog [/etc/xml/catalog]] ) ] ) SGML_CATALOG_FILES="/etc/xml/catalog" if test x"$with_xml_catalog_path" != x; then SGML_CATALOG_FILES="$with_xml_catalog_path" fi AC_SUBST([SGML_CATALOG_FILES]) ]) AC_DEFUN([WITH_KRB5_PLUGIN_PATH], [ AC_ARG_WITH([krb5-plugin-path], [AC_HELP_STRING([--with-krb5-plugin-path=PATH], [Path to kerberos plugin store [/usr/lib/krb5/plugins/libkrb5]] ) ] ) krb5pluginpath="${libdir}/krb5/plugins/libkrb5" if test x"$with_krb5_plugin_path" != x; then krb5pluginpath=$with_krb5_plugin_path fi AC_SUBST(krb5pluginpath) ]) AC_DEFUN([WITH_KRB5_RCACHE_DIR], [ AC_ARG_WITH([krb5-rcache-dir], [AC_HELP_STRING([--with-krb5-rcache-dir=PATH], [Path to store Kerberos replay caches [__LIBKRB5_DEFAULTS__]] ) ] ) krb5rcachedir="__LIBKRB5_DEFAULTS__" if test x"$with_krb5_rcache_dir" != x; then krb5rcachedir=$with_krb5_rcache_dir fi AC_SUBST(krb5rcachedir) AC_DEFINE_UNQUOTED(KRB5_RCACHE_DIR, "$krb5rcachedir", [Directory used for storing Kerberos replay caches]) ]) AC_DEFUN([WITH_DEFAULT_CCACHE_DIR], [ AC_ARG_WITH([default-ccache-dir], [AC_HELP_STRING([--with-default-ccache-dir=CCACHEDIR], [The default value of krb5_ccachedir [/tmp]] ) ] ) config_def_ccache_dir="/tmp" if test x"$with_default_ccache_dir" != x; then config_def_ccache_dir=$with_default_ccache_dir fi AC_SUBST(config_def_ccache_dir) AC_DEFINE_UNQUOTED(DEFAULT_CCACHE_DIR, "$config_def_ccache_dir", [The default value of krb5_ccachedir]) ]) AC_DEFUN([WITH_DEFAULT_CCNAME_TEMPLATE], [ AC_ARG_WITH([default-ccname-template], [AC_HELP_STRING([--with-default-ccname-template=CCACHE], [The default fallback value of krb5_ccname_template [FILE:%d/krb5cc_%U_XXXXXX]] ) ] ) config_def_ccname_template="FILE:%d/krb5cc_%U_XXXXXX" if test x"$with_default_ccname_template" != x; then config_def_ccname_template=$with_default_ccname_template fi AC_SUBST(config_def_ccname_template) AC_DEFINE_UNQUOTED(DEFAULT_CCNAME_TEMPLATE, "$config_def_ccname_template", [The default value of krb5_ccname_template]) ]) AC_DEFUN([WITH_KRB5AUTHDATA_PLUGIN_PATH], [ AC_ARG_WITH([krb5authdata-plugin-path], [AC_HELP_STRING([--with-krb5authdata-plugin-path=PATH], [Path to kerberos authdata plugin store [/usr/lib/krb5/plugins/authdata]] ) ] ) krb5authdatapluginpath="${libdir}/krb5/plugins/authdata" if test x"$with_krb5authdata_plugin_path" != x; then krb5authdatapluginpath=$with_krb5authdata_plugin_path fi AC_SUBST(krb5authdatapluginpath) ]) AC_DEFUN([WITH_KRB5_CONF], [ AC_ARG_WITH([krb5_conf], [AC_HELP_STRING([--with-krb5-conf=PATH], [Path to krb5.conf file [/etc/krb5.conf]]) ] ) KRB5_CONF_PATH="${sysconfdir}/krb5.conf" if test x"$with_krb5_conf" != x; then KRB5_CONF_PATH=$with_krb5_conf fi AC_DEFINE_UNQUOTED([KRB5_CONF_PATH], ["$KRB5_CONF_PATH"], [KRB5 configuration file]) ]) AC_DEFUN([WITH_PYTHON_BINDINGS], [ AC_ARG_WITH([python-bindings], [AC_HELP_STRING([--with-python-bindings], [Whether to build python bindings [yes]] ) ], [], with_python_bindings=yes ) if test x"$with_python_bindings" = xyes; then HAVE_PYTHON_BINDINGS=1 AC_SUBST(HAVE_PYTHON_BINDINGS) AC_DEFINE_UNQUOTED(HAVE_PYTHON_BINDINGS, 1, [Build with python bindings]) fi AM_CONDITIONAL([BUILD_PYTHON_BINDINGS], [test x"$with_python_bindings" = xyes]) ]) AC_DEFUN([WITH_SELINUX], [ AC_ARG_WITH([selinux], [AC_HELP_STRING([--with-selinux], [Whether to build with SELinux support [yes]] ) ], [], with_selinux=yes ) if test x"$with_selinux" = xyes; then HAVE_SELINUX=1 AC_SUBST(HAVE_SELINUX) AC_DEFINE_UNQUOTED(HAVE_SELINUX, 1, [Build with SELinux support]) fi AM_CONDITIONAL([BUILD_SELINUX], [test x"$with_selinux" = xyes]) ]) AC_DEFUN([WITH_TEST_DIR], [ AC_ARG_WITH([test-dir], [AC_HELP_STRING([--with-test-dir=PATH], [Directory used for make check temporary files [$builddir]] ) ], [TEST_DIR=$withval], [TEST_DIR="."] ) AC_SUBST(TEST_DIR) AC_DEFINE_UNQUOTED(TEST_DIR, "$TEST_DIR", [Directory used for 'make check' temporary files]) ]) AC_DEFUN([WITH_NSCD], [ AC_ARG_WITH([nscd], [AC_HELP_STRING([--with-nscd=PATH], [Path to nscd binary to attempt to flush nscd cache after local domain operations [/usr/sbin/nscd]] ) ] ) NSCD_PATH="/usr/sbin/nscd" if test x"$with_nscd" != x; then NSCD_PATH=$with_nscd AC_SUBST(NSCD_PATH) fi AC_DEFINE_UNQUOTED(HAVE_NSCD, $NSCD_PATH, [flush nscd cache after local domain operations]) ]) AC_DEFUN([WITH_NSCD_CONF], [ AC_ARG_WITH([nscd_conf], [AC_HELP_STRING([--with-nscd-conf=PATH], [Path to nscd.conf file [/etc/nscd.conf]]) ] ) NSCD_CONF_PATH="/etc/nscd.conf" if test x"$with_nscd_conf" != x; then NSCD_CONF_PATH=$with_nscd_conf fi AC_DEFINE_UNQUOTED([NSCD_CONF_PATH], ["$NSCD_CONF_PATH"], [NSCD configuration file]) ]) AC_DEFUN([WITH_SEMANAGE], [ AC_ARG_WITH([semanage], [AC_HELP_STRING([--with-semanage], [Whether to build with SELinux user management support [yes]] ) ], [], with_semanage=yes ) if test x"$with_semanage" = xyes; then HAVE_SEMANAGE=1 AC_SUBST(HAVE_SEMANAGE) AC_DEFINE_UNQUOTED(HAVE_SEMANAGE, 1, [Build with SELinux support]) fi AM_CONDITIONAL([BUILD_SEMANAGE], [test x"$with_semanage" = xyes]) ]) AC_DEFUN([WITH_LIBNL], [ AC_ARG_WITH([libnl], [AC_HELP_STRING([--with-libnl], [Whether to build with libnetlink support (libnl3, libnl1, no) [auto]] ) ], [], with_libnl=yes ) if test x"$with_libnl" = xyes; then AM_CHECK_LIBNL3 if test x"$HAVE_LIBNL" != x1; then AM_CHECK_LIBNL1 fi if test x"$HAVE_LIBNL" != x1; then AC_MSG_WARN([Building without netlink]) fi elif test x"$with_libnl" = xlibnl3; then AM_CHECK_LIBNL3 if test x"$HAVE_LIBNL" != x1; then AC_MSG_ERROR([Libnl3 required, but not available]) fi elif test x"$with_libnl" = xlibnl1; then AM_CHECK_LIBNL1 if test x"$HAVE_LIBNL" != x1; then AC_MSG_ERROR([Libnl required, but not available]) fi fi ]) AC_DEFUN([WITH_CRYPTO], [ AC_ARG_WITH([crypto], [AC_HELP_STRING([--with-crypto=CRYPTO_LIB], [The cryptographic library to use (nss|libcrypto). The default is nss.] ) ], [], with_crypto=nss ) cryptolib="" if test x"$with_crypto" != x; then if test x"$with_crypto" = xnss || \ test x"$with_crypto" = xlibcrypto; then cryptolib="$with_crypto"; else AC_MSG_ERROR([Illegal value -$with_crypto- for option --with-crypto]) fi fi AM_CONDITIONAL([HAVE_NSS], [test x"$cryptolib" = xnss]) AM_CONDITIONAL([HAVE_LIBCRYPTO], [test x"$cryptolib" = xlibcrypto]) ]) AC_DEFUN([WITH_NOLOGIN_SHELL], [ AC_ARG_WITH([nologin-shell], [AC_HELP_STRING([--with-nologin-shell=PATH], [The shell used to deny access to users [/sbin/nologin]] ) ] ) nologin_shell="/sbin/nologin" if test x"$with_nologin_shell" != x; then nologin_shell=$with_nologin_shell fi AC_DEFINE_UNQUOTED(NOLOGIN_SHELL, "$nologin_shell", [The shell used to deny access to users]) ]) AC_ARG_ENABLE([all-experimental-features], [AS_HELP_STRING([--enable-all-experimental-features], [build all experimental features])], [build_all_experimental_features=$enableval], [build_all_experimental_features=no]) AC_DEFUN([WITH_UNICODE_LIB], [ AC_ARG_WITH([unicode-lib], [AC_HELP_STRING([--with-unicode-lib=<library>], [Which library to use for unicode processing (libunistring, glib2) [glib2]] ) ] ) unicode_lib="glib2" if test x"$with_unicode_lib" != x; then unicode_lib=$with_unicode_lib fi if test x"$unicode_lib" != x"libunistring" -a x"$unicode_lib" != x"glib2"; then AC_MSG_ERROR([Unsupported unicode library]) fi AM_CONDITIONAL([WITH_LIBUNISTRING], test x"$unicode_lib" = x"libunistring") AM_CONDITIONAL([WITH_GLIB], test x"$unicode_lib" = x"glib2") ]) AC_DEFUN([WITH_APP_LIBS], [ AC_ARG_WITH([app-libs], [AC_HELP_STRING([--with-app-libs=<path>], [Path to the 3rd party application plugins [/usr/lib/sssd/modules]] ) ] ) appmodpath="${libdir}/sssd/modules" config_appmodpath="\"LIBDIR\"/sssd/modules" if test x"$with_app_libs" != x; then appmodpath=$with_app_libs config_appmodpath=$with_app_libs fi AC_SUBST(appmodpath) AC_DEFINE_UNQUOTED(APP_MODULES_PATH, "$config_appmodpath", [Path to the 3rd party modules]) ]) AC_DEFUN([WITH_SUDO], [ AC_ARG_WITH([sudo], [AC_HELP_STRING([--with-sudo], [Whether to build with sudo support [yes]] ) ], [with_sudo=$withval], with_sudo=yes ) if test x"$with_sudo" = xyes; then AC_DEFINE(BUILD_SUDO, 1, [whether to build with SUDO support]) fi AM_CONDITIONAL([BUILD_SUDO], [test x"$with_sudo" = xyes]) ]) AC_DEFUN([WITH_SUDO_LIB_PATH], [ AC_ARG_WITH([sudo-lib-path], [AC_HELP_STRING([--with-sudo-lib-path=<path>], [Path to the sudo library [/usr/lib/]] ) ] ) sudolibpath="${libdir}" if test x"$with_sudo_lib_path" != x; then sudolibpath=$with_sudo_lib_path fi AC_SUBST(sudolibpath) ]) AC_DEFUN([WITH_AUTOFS], [ AC_ARG_WITH([autofs], [AC_HELP_STRING([--with-autofs], [Whether to build with autofs support [yes]] ) ], [with_autofs=$withval], with_autofs=yes ) if test x"$with_autofs" = xyes; then AC_DEFINE(BUILD_AUTOFS, 1, [whether to build with AUTOFS support]) fi AM_CONDITIONAL([BUILD_AUTOFS], [test x"$with_autofs" = xyes]) ]) AC_DEFUN([WITH_SSH], [ AC_ARG_WITH([ssh], [AC_HELP_STRING([--with-ssh], [Whether to build with SSH support [yes]] ) ], [with_ssh=$withval], with_ssh=yes ) if test x"$with_ssh" = xyes; then AC_DEFINE(BUILD_SSH, 1, [whether to build with SSH support]) fi AM_CONDITIONAL([BUILD_SSH], [test x"$with_ssh" = xyes]) ]) �������������������������������������������������������������������������������������������������������sssd-1.11.5/src/PaxHeaders.13173/config�������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�015525� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.374875157 30 atime=1396955003.535843846 30 ctime=1396954961.374875157 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/�����������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�016031� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/PaxHeaders.13173/setup.py.in�������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�017726� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954960.461875831 30 ctime=1396954961.368875162 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/setup.py.in������������������������������������������������������������������0000664�0024127�0024127�00000001765�12320753107�020161� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Authors: # Stephen Gallagher <sgallagh@redhat.com> # # Copyright (C) 2009 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; version 2 only # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA """ Python-level packaging using distutils. """ from distutils.core import setup setup( name='SSSDConfig', version='@VERSION@', license='GPLv3+', url='http://fedorahosted.org/sssd', packages=['SSSDConfig'], ) �����������sssd-1.11.5/src/config/PaxHeaders.13173/setup.py����������������������������������������������������0000644�0000000�0000000�00000000132�12320753520�017313� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954960.462875831 30 atime=1396954961.051875396 30 ctime=1396954961.372875159 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/setup.py���������������������������������������������������������������������0000664�0024127�0024127�00000001762�12320753520�017550� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Authors: # Stephen Gallagher <sgallagh@redhat.com> # # Copyright (C) 2009 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; version 2 only # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA """ Python-level packaging using distutils. """ from distutils.core import setup setup( name='SSSDConfig', version='1.11.5', license='GPLv3+', url='http://fedorahosted.org/sssd', packages=['SSSDConfig'], ) ��������������sssd-1.11.5/src/config/PaxHeaders.13173/SSSDConfig��������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�017427� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.375875157 30 atime=1396955003.535843846 30 ctime=1396954961.375875157 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/SSSDConfig/������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�017733� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/SSSDConfig/PaxHeaders.13173/__init__.py.in�����������������������������������0000644�0000000�0000000�00000000074�12320753107�022227� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954960.472875823 30 ctime=1396954961.369875161 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/SSSDConfig/__init__.py.in����������������������������������������������������0000664�0024127�0024127�00000230675�12320753107�022466� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������''' Created on Sep 18, 2009 @author: sgallagh ''' import os import gettext import exceptions from ipachangeconf import SSSDChangeConf # Exceptions class SSSDConfigException(Exception): pass class ParsingError(Exception): pass class AlreadyInitializedError(SSSDConfigException): pass class NotInitializedError(SSSDConfigException): pass class NoOutputFileError(SSSDConfigException): pass class NoServiceError(SSSDConfigException): pass class NoSectionError(SSSDConfigException): pass class NoOptionError(SSSDConfigException): pass class ServiceNotRecognizedError(SSSDConfigException): pass class ServiceAlreadyExists(SSSDConfigException): pass class NoDomainError(SSSDConfigException): pass class DomainNotRecognized(SSSDConfigException): pass class DomainAlreadyExistsError(SSSDConfigException): pass class NoSuchProviderError(SSSDConfigException): pass class NoSuchProviderSubtypeError(SSSDConfigException): pass class ProviderSubtypeInUse(SSSDConfigException): pass PACKAGE = 'sss_daemon' LOCALEDIR = '/usr/share/locale' translation = gettext.translation(PACKAGE, LOCALEDIR, fallback=True) _ = translation.ugettext # TODO: This needs to be made external option_strings = { # [service] 'debug_level' : _('Set the verbosity of the debug logging'), 'debug_timestamps' : _('Include timestamps in debug logs'), 'debug_microseconds' : _('Include microseconds in timestamps in debug logs'), 'debug_to_files' : _('Write debug messages to logfiles'), 'timeout' : _('Ping timeout before restarting service'), 'force_timeout' : _('Timeout between three failed ping checks and forcibly killing the service'), 'command' : _('Command to start service'), 'reconnection_retries' : _('Number of times to attempt connection to Data Providers'), 'fd_limit' : _('The number of file descriptors that may be opened by this responder'), 'client_idle_timeout' : _('Idle time before automatic disconnection of a client'), # [sssd] 'services' : _('SSSD Services to start'), 'domains' : _('SSSD Domains to start'), 'sbus_timeout' : _('Timeout for messages sent over the SBUS'), 're_expression' : _('Regex to parse username and domain'), 'full_name_format' : _('Printf-compatible format for displaying fully-qualified names'), 'krb5_rcache_dir' : _('Directory on the filesystem where SSSD should store Kerberos replay cache files.'), 'default_domain_suffix' : _('Domain to add to names without a domain component.'), # [nss] 'enum_cache_timeout' : _('Enumeration cache timeout length (seconds)'), 'entry_cache_no_wait_timeout' : _('Entry cache background update timeout length (seconds)'), 'entry_negative_timeout' : _('Negative cache timeout length (seconds)'), 'filter_users' : _('Users that SSSD should explicitly ignore'), 'filter_groups' : _('Groups that SSSD should explicitly ignore'), 'filter_users_in_groups' : _('Should filtered users appear in groups'), 'pwfield' : _('The value of the password field the NSS provider should return'), 'override_homedir' : _('Override homedir value from the identity provider with this value'), 'fallback_homedir' : _('Substitute empty homedir value from the identity provider with this value'), 'override_shell': _('Override shell value from the identity provider with this value'), 'allowed_shells' : _('The list of shells users are allowed to log in with'), 'vetoed_shells' : _('The list of shells that will be vetoed, and replaced with the fallback shell'), 'shell_fallback' : _('If a shell stored in central directory is allowed but not available, use this fallback'), 'default_shell': _('Shell to use if the provider does not list one'), 'memcache_timeout': _('How long will be in-memory cache records valid'), # [pam] 'offline_credentials_expiration' : _('How long to allow cached logins between online logins (days)'), 'offline_failed_login_attempts' : _('How many failed logins attempts are allowed when offline'), 'offline_failed_login_delay' : _('How long (minutes) to deny login after offline_failed_login_attempts has been reached'), 'pam_verbosity' : _('What kind of messages are displayed to the user during authentication'), 'pam_id_timeout' : _('How many seconds to keep identity information cached for PAM requests'), 'pam_pwd_expiration_warning' : _('How many days before password expiration a warning should be displayed'), # [sudo] 'sudo_timed' : _('Whether to evaluate the time-based attributes in sudo rules'), # [autofs] 'autofs_negative_timeout' : _('Negative cache timeout length (seconds)'), # [ssh] 'ssh_hash_known_hosts': _('Whether to hash host names and addresses in the known_hosts file'), 'ssh_known_hosts_timeout': _('How many seconds to keep a host in the known_hosts file after its host keys were requested'), # [pac] 'allowed_uids': _('List of UIDs or user names allowed to access the PAC responder'), # [provider] 'id_provider' : _('Identity provider'), 'auth_provider' : _('Authentication provider'), 'access_provider' : _('Access control provider'), 'chpass_provider' : _('Password change provider'), 'sudo_provider' : _('SUDO provider'), 'autofs_provider' : _('Autofs provider'), 'session_provider' : _('Session-loading provider'), 'hostid_provider' : _('Host identity provider'), # [domain] 'min_id' : _('Minimum user ID'), 'max_id' : _('Maximum user ID'), 'enumerate' : _('Enable enumerating all users/groups'), 'cache_credentials' : _('Cache credentials for offline login'), 'store_legacy_passwords' : _('Store password hashes'), 'use_fully_qualified_names' : _('Display users/groups in fully-qualified form'), 'ignore_group_members' : _('Don\'t include group members in group lookups'), 'entry_cache_timeout' : _('Entry cache timeout length (seconds)'), 'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'), 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'), 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'), 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), 'override_gid' : _('Override GID value from the identity provider with this value'), 'case_sensitive' : _('Treat usernames as case sensitive'), 'entry_cache_user_timeout' : _('Entry cache timeout length (seconds)'), 'entry_cache_group_timeout' : _('Entry cache timeout length (seconds)'), 'entry_cache_netgroup_timeout' : _('Entry cache timeout length (seconds)'), 'entry_cache_service_timeout' : _('Entry cache timeout length (seconds)'), 'entry_cache_autofs_timeout' : _('Entry cache timeout length (seconds)'), 'entry_cache_sudo_timeout' : _('Entry cache timeout length (seconds)'), 'refresh_expired_interval' : _('How often should expired entries be refreshed in background'), 'dyndns_update' : _("Whether to automatically update the client's DNS entry"), 'dyndns_ttl' : _("The TTL to apply to the client's DNS entry after updating it"), 'dyndns_iface' : _("The interface whose IP should be used for dynamic DNS updates"), 'dyndns_refresh_interval' : _("How often to periodically update the client's DNS entry"), 'dyndns_update_ptr' : _("Whether the provider should explicitly update the PTR record as well"), 'dyndns_force_tcp' : _("Whether the nsupdate utility should default to using TCP"), 'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"), 'subdomain_enumerate' : _('Control enumeration of trusted domains'), 'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), 'ipa_server' : _('IPA server address'), 'ipa_backup_server' : _('Address of backup IPA server'), 'ipa_hostname' : _('IPA client hostname'), 'ipa_dyndns_update' : _("Whether to automatically update the client's DNS entry in FreeIPA"), 'ipa_dyndns_ttl' : _("The TTL to apply to the client's DNS entry after updating it"), 'ipa_dyndns_iface' : _("The interface whose IP should be used for dynamic DNS updates"), 'ipa_hbac_search_base' : _("Search base for HBAC related objects"), 'ipa_hbac_refresh' : _("The amount of time between lookups of the HBAC rules against the IPA server"), 'ipa_selinux_refresh' : _("The amount of time in seconds between lookups of the SELinux maps against the IPA server"), 'ipa_hbac_treat_deny_as' : _("If DENY rules are present, either DENY_ALL or IGNORE"), 'ipa_hbac_support_srchost' : _("If set to false, host argument given by PAM will be ignored"), 'ipa_automount_location' : _("The automounter location this IPA client is using"), 'ipa_master_domain_search_base': _("Search base for object containing info about IPA domain"), 'ipa_ranges_search_base': _("Search base for objects containing info about ID ranges"), 'ipa_enable_dns_sites': _("Enable DNS sites - location based service discovery"), # [provider/ad] 'ad_domain' : _('Active Directory domain'), 'ad_server' : _('Active Directory server address'), 'ad_backup_server' : _('Active Directory backup server address'), 'ad_hostname' : _('Active Directory client hostname'), 'ad_enable_dns_sites' : _('Enable DNS sites - location based service discovery'), # [provider/krb5] 'krb5_kdcip' : _('Kerberos server address'), 'krb5_server' : _('Kerberos server address'), 'krb5_backup_server' : _('Kerberos backup server address'), 'krb5_realm' : _('Kerberos realm'), 'krb5_auth_timeout' : _('Authentication timeout'), 'krb5_use_kdcinfo' : _('Whether to create kdcinfo files'), # [provider/krb5/auth] 'krb5_ccachedir' : _('Directory to store credential caches'), 'krb5_ccname_template' : _("Location of the user's credential cache"), 'krb5_keytab' : _("Location of the keytab to validate credentials"), 'krb5_validate' : _("Enable credential validation"), 'krb5_store_password_if_offline' : _("Store password if offline for later online authentication"), 'krb5_renewable_lifetime' : _("Renewable lifetime of the TGT"), 'krb5_lifetime' : _("Lifetime of the TGT"), 'krb5_renew_interval' : _("Time between two checks for renewal"), 'krb5_use_fast' : _("Enables FAST"), 'krb5_fast_principal' : _("Selects the principal to use for FAST"), 'krb5_canonicalize' : _("Enables principal canonicalization"), 'krb5_use_enterprise_principal' : _("Enables enterprise principals"), # [provider/krb5/chpass] 'krb5_kpasswd' : _('Server where the change password service is running if not on the KDC'), 'krb5_backup_kpasswd' : _('Server where the change password service is running if not on the KDC'), # [provider/ldap] 'ldap_uri' : _('ldap_uri, The URI of the LDAP server'), 'ldap_backup_uri' : _('ldap_backup_uri, The URI of the LDAP server'), 'ldap_search_base' : _('The default base DN'), 'ldap_schema' : _('The Schema Type in use on the LDAP server, rfc2307'), 'ldap_default_bind_dn' : _('The default bind DN'), 'ldap_default_authtok_type' : _('The type of the authentication token of the default bind DN'), 'ldap_default_authtok' : _('The authentication token of the default bind DN'), 'ldap_network_timeout' : _('Length of time to attempt connection'), 'ldap_opt_timeout' : _('Length of time to attempt synchronous LDAP operations'), 'ldap_offline_timeout' : _('Length of time between attempts to reconnect while offline'), 'ldap_force_upper_case_realm' : _('Use only the upper case for realm names'), 'ldap_tls_cacert' : _('File that contains CA certificates'), 'ldap_tls_cacertdir' : _('Path to CA certificate directory'), 'ldap_tls_cert' : _('File that contains the client certificate'), 'ldap_tls_key' :_('File that contains the client key'), 'ldap_tls_cipher_suite' :_('List of possible ciphers suites'), 'ldap_tls_reqcert' : _('Require TLS certificate verification'), 'ldap_sasl_mech' : _('Specify the sasl mechanism to use'), 'ldap_sasl_authid' : _('Specify the sasl authorization id to use'), 'ldap_sasl_realm' : _('Specify the sasl authorization realm to use'), 'ldap_sasl_minssf' : _('Specify the minimal SSF for LDAP sasl authorization'), 'ldap_krb5_keytab' : _('Kerberos service keytab'), 'ldap_krb5_init_creds' : _('Use Kerberos auth for LDAP connection'), 'ldap_referrals' : _('Follow LDAP referrals'), 'ldap_krb5_ticket_lifetime' : _('Lifetime of TGT for LDAP connection'), 'ldap_deref' : _('How to dereference aliases'), 'ldap_dns_service_name' : _('Service name for DNS service lookups'), 'ldap_page_size' : _('The number of records to retrieve in a single LDAP query'), 'ldap_deref_threshold' : _('The number of members that must be missing to trigger a full deref'), 'ldap_sasl_canonicalize' : _('Whether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bind'), 'ldap_entry_usn' : _('entryUSN attribute'), 'ldap_rootdse_last_usn' : _('lastUSN attribute'), 'ldap_connection_expiration_timeout' : _('How long to retain a connection to the LDAP server before disconnecting'), 'ldap_disable_paging' : _('Disable the LDAP paging control'), 'ldap_disable_range_retrieval' : _('Disable Active Directory range retrieval'), # [provider/ldap/id] 'ldap_search_timeout' : _('Length of time to wait for a search request'), 'ldap_enumeration_search_timeout' : _('Length of time to wait for a enumeration request'), 'ldap_enumeration_refresh_timeout' : _('Length of time between enumeration updates'), 'ldap_purge_cache_timeout' : _('Length of time between cache cleanups'), 'ldap_id_use_start_tls' : _('Require TLS for ID lookups'), 'ldap_id_mapping' : _('Use ID-mapping of objectSID instead of pre-set IDs'), 'ldap_user_search_base' : _('Base DN for user lookups'), 'ldap_user_search_scope' : _('Scope of user lookups'), 'ldap_user_search_filter' : _('Filter for user lookups'), 'ldap_user_object_class' : _('Objectclass for users'), 'ldap_user_name' : _('Username attribute'), #not used # 'ldap_user_pwd' :_('Password attribute'), 'ldap_user_uid_number' : _('UID attribute'), 'ldap_user_gid_number' : _('Primary GID attribute'), 'ldap_user_gecos' : _('GECOS attribute'), 'ldap_user_home_directory' : _('Home directory attribute'), 'ldap_user_shell' : _('Shell attribute'), 'ldap_user_uuid' : _('UUID attribute'), 'ldap_user_objectsid' : _("objectSID attribute"), 'ldap_user_primary_group' : _('Active Directory primary group attribute for ID-mapping'), 'ldap_user_principal' : _('User principal attribute (for Kerberos)'), 'ldap_user_fullname' : _('Full Name'), 'ldap_user_member_of' : _('memberOf attribute'), 'ldap_user_modify_timestamp' : _('Modification time attribute'), #replaced by ldap_entry_usn# 'ldap_user_entry_usn' : _('entryUSN attribute'), 'ldap_user_shadow_last_change' : _('shadowLastChange attribute'), 'ldap_user_shadow_min' : _('shadowMin attribute'), 'ldap_user_shadow_max' : _('shadowMax attribute'), 'ldap_user_shadow_warning' : _('shadowWarning attribute'), 'ldap_user_shadow_inactive' : _('shadowInactive attribute'), 'ldap_user_shadow_expire' : _('shadowExpire attribute'), 'ldap_user_shadow_flag' : _('shadowFlag attribute'), 'ldap_user_authorized_service' : _('Attribute listing authorized PAM services'), 'ldap_user_authorized_host' : _('Attribute listing authorized server hosts'), 'ldap_user_krb_last_pwd_change' : _('krbLastPwdChange attribute'), 'ldap_user_krb_password_expiration' : _('krbPasswordExpiration attribute'), 'ldap_pwd_attribute' : _('Attribute indicating that server side password policies are active'), 'ldap_user_ad_account_expires' : _('accountExpires attribute of AD'), 'ldap_user_ad_user_account_control' : _('userAccountControl attribute of AD'), 'ldap_ns_account_lock' : _('nsAccountLock attribute'), 'ldap_user_nds_login_disabled' : _('loginDisabled attribute of NDS'), 'ldap_user_nds_login_expiration_time' : _('loginExpirationTime attribute of NDS'), 'ldap_user_nds_login_allowed_time_map' : _('loginAllowedTimeMap attribute of NDS'), 'ldap_user_ssh_public_key' : _('SSH public key attribute'), 'ldap_group_search_base' : _('Base DN for group lookups'), # not used # 'ldap_group_search_scope' : _('Scope of group lookups'), # not used # 'ldap_group_search_filter' : _('Filter for group lookups'), 'ldap_group_object_class' : _('Objectclass for groups'), 'ldap_group_name' : _('Group name'), 'ldap_group_pwd' : _('Group password'), 'ldap_group_gid_number' : _('GID attribute'), 'ldap_group_member' : _('Group member attribute'), 'ldap_group_uuid' : _('Group UUID attribute'), 'ldap_group_objectsid' : _("objectSID attribute"), 'ldap_group_modify_timestamp' : _('Modification time attribute for groups'), 'ldap_group_type' : _('Type of the group and other flags'), #replaced by ldap_entry_usn# 'ldap_group_entry_usn' : _('entryUSN attribute'), 'ldap_group_nesting_level' : _('Maximum nesting level SSSd will follow'), 'ldap_netgroup_search_base' : _('Base DN for netgroup lookups'), 'ldap_netgroup_object_class' : _('Objectclass for netgroups'), 'ldap_netgroup_name' : _('Netgroup name'), 'ldap_netgroup_member' : _('Netgroups members attribute'), 'ldap_netgroup_triple' : _('Netgroup triple attribute'), 'ldap_netgroup_uuid' : _('Netgroup UUID attribute'), 'ldap_netgroup_modify_timestamp' : _('Modification time attribute for netgroups'), 'ldap_service_search_base' : _('Base DN for service lookups'), 'ldap_service_object_class' : _('Objectclass for services'), 'ldap_service_name' : _('Service name attribute'), 'ldap_service_port' : _('Service port attribute'), 'ldap_service_proto' : _('Service protocol attribute'), #replaced by ldap_entry_usn# 'ldap_service_entry_usn' : _('Service entryUSN attribute'), 'ldap_idmap_range_min' : _('Lower bound for ID-mapping'), 'ldap_idmap_range_max' : _('Upper bound for ID-mapping'), 'ldap_idmap_range_size' : _('Number of IDs for each slice when ID-mapping'), 'ldap_idmap_autorid_compat' : _('Use autorid-compatible algorithm for ID-mapping'), 'ldap_idmap_default_domain' : _('Name of the default domain for ID-mapping'), 'ldap_idmap_default_domain_sid' : _('SID of the default domain for ID-mapping'), 'ldap_groups_use_matching_rule_in_chain' : _('Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups'), 'ldap_initgroups_use_matching_rule_in_chain' : _('Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups'), 'ldap_min_id' : _('Set lower boundary for allowed IDs from the LDAP server'), 'ldap_max_id' : _('Set upper boundary for allowed IDs from the LDAP server'), # [provider/ldap/auth] 'ldap_pwd_policy' : _('Policy to evaluate the password expiration'), # [provider/ldap/access] 'ldap_access_filter' : _('LDAP filter to determine access privileges'), 'ldap_account_expire_policy' : _('Which attributes shall be used to evaluate if an account is expired'), 'ldap_access_order' : _('Which rules should be used to evaluate access control'), # [provider/ldap/chpass] 'ldap_chpass_uri' : _('URI of an LDAP server where password changes are allowed'), 'ldap_chpass_backup_uri' : _('URI of a backup LDAP server where password changes are allowed'), 'ldap_chpass_dns_service_name' : _('DNS service name for LDAP password change server'), 'ldap_chpass_update_last_change' : _('Whether to update the ldap_user_shadow_last_change attribute after a password change'), # [provider/ldap/sudo] 'ldap_sudo_search_base' : _('Base DN for sudo rules lookups'), 'ldap_sudo_full_refresh_interval' : _('Automatic full refresh period'), 'ldap_sudo_smart_refresh_interval' : _('Automatic smart refresh period'), 'ldap_sudo_use_host_filter' : _('Whether to filter rules by hostname, IP addresses and network'), 'ldap_sudo_hostnames' : _('Hostnames and/or fully qualified domain names of this machine to filter sudo rules'), 'ldap_sudo_ip' : _('IPv4 or IPv6 addresses or network of this machine to filter sudo rules'), 'ldap_sudo_include_netgroups' : _('Whether to include rules that contains netgroup in host attribute'), 'ldap_sudo_include_regexp' : _('Whether to include rules that contains regular expression in host attribute'), 'ldap_sudorule_object_class' : _('Object class for sudo rules'), 'ldap_sudorule_name' : _('Sudo rule name'), 'ldap_sudorule_command' : _('Sudo rule command attribute'), 'ldap_sudorule_host' : _('Sudo rule host attribute'), 'ldap_sudorule_user' : _('Sudo rule user attribute'), 'ldap_sudorule_option' : _('Sudo rule option attribute'), 'ldap_sudorule_runasuser' : _('Sudo rule runasuser attribute'), 'ldap_sudorule_runasgroup' : _('Sudo rule runasgroup attribute'), 'ldap_sudorule_notbefore' : _('Sudo rule notbefore attribute'), 'ldap_sudorule_notafter' : _('Sudo rule notafter attribute'), 'ldap_sudorule_order' : _('Sudo rule order attribute'), # [provider/ldap/autofs] 'ldap_autofs_map_object_class' : _('Object class for automounter maps'), 'ldap_autofs_map_name' : _('Automounter map name attribute'), 'ldap_autofs_entry_object_class' : _('Object class for automounter map entries'), 'ldap_autofs_entry_key' : _('Automounter map entry key attribute'), 'ldap_autofs_entry_value' : _('Automounter map entry value attribute'), 'ldap_autofs_search_base' : _('Base DN for automounter map lookups'), # [provider/simple/access] 'simple_allow_users' : _('Comma separated list of allowed users'), 'simple_deny_users' : _('Comma separated list of prohibited users'), # [provider/local/id] 'default_shell' : _('Default shell, /bin/bash'), 'base_directory' : _('Base for home directories'), # [provider/proxy/id] 'proxy_lib_name' : _('The name of the NSS library to use'), 'proxy_fast_alias' : _('Whether to look up canonical group name from cache if possible'), # [provider/proxy/auth] 'proxy_pam_target' : _('PAM stack to use') } def striplist(l): return([x.strip() for x in l]) def options_overlap(options1, options2): overlap = [] for option in options1: if option in options2: overlap.append(option) return overlap class SSSDConfigSchema(SSSDChangeConf): def __init__(self, schemafile, schemaplugindir): SSSDChangeConf.__init__(self) #TODO: get these from a global setting if not schemafile: schemafile = '@datadir@/sssd/sssd.api.conf' if not schemaplugindir: schemaplugindir = '@datadir@/sssd/sssd.api.d' try: #Read the primary config file fd = open(schemafile, 'r') self.readfp(fd) fd.close() # Read in the provider files for file in os.listdir(schemaplugindir): fd = open(schemaplugindir+ "/" + file) self.readfp(fd) fd.close() except IOError: raise except SyntaxError: # can be raised with readfp raise ParsingError # Set up lookup table for types self.type_lookup = { 'bool' : bool, 'int' : int, 'long' : long, 'float': float, 'str' : str, 'list' : list, 'None' : None } # Lookup table for acceptable boolean values self.bool_lookup = { 'false' : False, 'true' : True, } def get_options(self, section): if not self.has_section(section): raise NoSectionError options = self.options(section) # Indexes PRIMARY_TYPE = 0 SUBTYPE = 1 MANDATORY = 2 DEFAULT = 3 # Parse values parsed_options = {} for option in self.strip_comments_empty(options): unparsed_option = option['value'] split_option = striplist(unparsed_option.split(',')) optionlen = len(split_option) primarytype = self.type_lookup[split_option[PRIMARY_TYPE]] subtype = self.type_lookup[split_option[SUBTYPE]] mandatory = self.bool_lookup[split_option[MANDATORY]] if option_strings.has_key(option['name']): desc = option_strings[option['name']] else: desc = None if optionlen == 3: # This option has no defaults parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, None) elif optionlen == 4: if type(split_option[DEFAULT]) == primarytype: parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, split_option[DEFAULT]) elif primarytype == list: if (type(split_option[DEFAULT]) == subtype): parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, [split_option[DEFAULT]]) else: try: if subtype == bool and \ type(split_option[DEFAULT]) == str: parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, [self.bool_lookup[split_option[DEFAULT].lower()]]) else: parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, [subtype(split_option[DEFAULT])]) except ValueError, KeyError: raise ParsingError else: try: if primarytype == bool and \ type(split_option[DEFAULT]) == str: parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, self.bool_lookup[split_option[DEFAULT].lower()]) else: parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, primarytype(split_option[DEFAULT])) except ValueError, KeyError: raise ParsingError elif optionlen > 4: if (primarytype != list): raise ParsingError fixed_options = [] for x in split_option[DEFAULT:]: if type(x) != subtype: try: if (subtype == bool and type(x) == str): newvalue = self.bool_lookup[x.lower()] else: newvalue = subtype(x) fixed_options.extend([newvalue]) except ValueError, KeyError: raise ParsingError else: fixed_options.extend([x]) parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, fixed_options) else: # Bad config file raise ParsingError return parsed_options def get_option(self, section, option): if not self.has_section(section): raise NoSectionError(section) if not self.has_option(section, option): raise NoOptionError("Section [%s] has no option [%s]" % (section, option)) return self.get_options(section)[option] def get_defaults(self, section): if not self.has_section(section): raise NoSectionError(section) schema_options = self.get_options(section) defaults = dict([(x,schema_options[x][4]) for x in schema_options.keys() if schema_options[x][4] != None]) return defaults def get_services(self): service_list = [x['name'] for x in self.sections() if x['name'] != 'service' and not x['name'].startswith('domain') and not x['name'].startswith('provider')] return service_list def get_providers(self): providers = {} for section in self.sections(): splitsection = section['name'].split('/') if (splitsection[0] == 'provider'): if(len(splitsection) == 3): if not providers.has_key(splitsection[1]): providers[splitsection[1]] = [] providers[splitsection[1]].extend([splitsection[2]]) for key in providers.keys(): providers[key] = tuple(providers[key]) return providers class SSSDConfigObject(object): def __init__(self): self.name = None self.options = {} def get_name(self): """ Return the name of the this object === Returns === The domain name === Errors === No errors """ return self.name def get_option(self, optionname): """ Return the value of an service option optionname: The option to get. === Returns === The value for the requested option. === Errors === NoOptionError: The specified option was not listed in the service """ if optionname in self.options.keys(): return self.options[optionname] raise NoOptionError(optionname) def get_all_options(self): """ Return a dictionary of name/value pairs for this object === Returns === A dictionary of name/value pairs currently in use for this object === Errors === No errors """ return self.options def remove_option(self, optionname): """ Remove an option from the object. If the option does not exist, it is ignored. === Returns === No return value. === Errors === No errors """ if self.options.has_key(optionname): del self.options[optionname] class SSSDService(SSSDConfigObject): ''' Object to manipulate SSSD service options ''' def __init__(self, servicename, apischema): """ Create a new SSSDService, setting its defaults to those found in the schema. This constructor should not be used directly. Use SSSDConfig.new_service() instead. name: The service name apischema: An SSSDConfigSchema? object created by SSSDConfig.__init__() === Returns === The newly-created SSSDService object. === Errors === TypeError: The API schema passed in was unusable or the name was not a string. ServiceNotRecognizedError: The service was not listed in the schema """ SSSDConfigObject.__init__(self) if not isinstance(apischema, SSSDConfigSchema) or type(servicename) != str: raise TypeError if not apischema.has_section(servicename): raise ServiceNotRecognizedError(servicename) self.name = servicename self.schema = apischema # Set up the service object with any known defaults self.options = {} # Include a list of hidden options self.hidden_options = [] # Set up default options for all services self.options.update(self.schema.get_defaults('service')) # Set up default options for this service self.options.update(self.schema.get_defaults(self.name)) # For the [sssd] service, force the config file version if servicename == 'sssd': self.options['config_file_version'] = 2 self.hidden_options.append('config_file_version') def list_options_with_mandatory(self): """ List options for the service, including the mandatory flag. === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), whether it is mandatory, the translated option description, and the default value (or 'None') as the value. Example: { 'enumerate' : (bool, None, False, u'Enable enumerating all users/groups', True) } === Errors === No errors """ options = {} # Get the list of available options for all services schema_options = self.schema.get_options('service') options.update(schema_options) schema_options = self.schema.get_options(self.name) options.update(schema_options) return options def list_options(self): """ List all options that apply to this service === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), the translated option description, and the default value (or 'None') as the value. Example: { 'services' : (list, str, u'SSSD Services to start', ['nss', 'pam']) } === Errors === No Errors """ options = self.list_options_with_mandatory() # Filter out the mandatory field to maintain compatibility # with older versions of the API filtered_options = {} for key in options.keys(): filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4]) return filtered_options def list_mandatory_options(self): """ List all mandatory options that apply to this service === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), the translated option description, and the default value (or 'None') as the value. Example: { 'services' : (list, str, u'SSSD Services to start', ['nss', 'pam']) } === Errors === No Errors """ options = self.list_options_with_mandatory() # Filter out the mandatory field to maintain compatibility # with older versions of the API filtered_options = {} for key in options.keys(): if options[key][2]: filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4]) return filtered_options def set_option(self, optionname, value): """ Set a service option to the specified value (or values) optionname: The option to change value: The value to set. This may be a single value or a list of values. If it is set to None, it resets the option to its default. === Returns === No return value === Errors === NoOptionError: The specified option is not listed in the schema TypeError: The value specified was not of the expected type """ if self.schema.has_option(self.name, optionname): option_schema = self.schema.get_option(self.name, optionname) elif self.schema.has_option('service', optionname): option_schema = self.schema.get_option('service', optionname) elif optionname in self.hidden_options: # Set this option and do not add it to the list of changeable values self.options[optionname] = value return else: raise NoOptionError('Section [%s] has no option [%s]' % (self.name, optionname)) if value == None: self.remove_option(optionname) return raise_error = False # If we were expecting a list and didn't get one, # Create a list with a single entry. If it's the # wrong subtype, it will fail below if option_schema[0] == list and type(value) != list: if type(value) == str: value = striplist(value.split(',')) else: value = [value] if type(value) != option_schema[0]: # If it's possible to convert it, do so try: if option_schema[0] == bool and \ type(value) == str: value = self.schema.bool_lookup[value.lower()] else: value = option_schema[0](value) except ValueError: raise_error = True except KeyError: raise_error = True if raise_error: raise TypeError('Expected %s for %s, received %s' % (option_schema[0], optionname, type(value))) if type(value) == list: # Iterate through the list an ensure that all members # are of the appropriate subtype try: newvalue = [] for x in value: if option_schema[1] == bool and \ type(x) == str: newvalue.extend([self.schema.bool_lookup[x.lower()]]) else: newvalue.extend([option_schema[1](x)]) except ValueError: raise_error = True except KeyError: raise_error = True if raise_error: raise TypeError('Expected %s' % option_schema[1]) value = newvalue self.options[optionname] = value class SSSDDomain(SSSDConfigObject): """ Object to manipulate SSSD domain options """ def __init__(self, domainname, apischema): """ Creates a new, empty SSSDDomain. This domain is inactive by default. This constructor should not be used directly. Use SSSDConfig.new_domain() instead. name: The domain name. apischema: An SSSDConfigSchema object created by SSSDConfig.__init__() === Returns === The newly-created SSSDDomain object. === Errors === TypeError: apischema was not an SSSDConfigSchema object or domainname was not a string """ SSSDConfigObject.__init__(self) if not isinstance(apischema, SSSDConfigSchema) or type(domainname) != str: raise TypeError self.name = domainname self.schema = apischema self.active = False self.oldname = None self.providers = [] # Set up the domain object with any known defaults self.options = {} # Set up default options for all domains self.options.update(self.schema.get_defaults('provider')) self.options.update(self.schema.get_defaults('domain')) def set_active(self, active): """ Enable or disable this domain active: Boolean value. If True, this domain will be added to the active domains list when it is saved. If False, it will be removed from the active domains list when it is saved. === Returns === No return value === Errors === No errors """ self.active = bool(active) def list_options_with_mandatory(self): """ List options for the currently-configured providers, including the mandatory flag === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), whether it is mandatory, the translated option description, and the default value (or 'None') as the value. Example: { 'enumerate' : (bool, None, False, u'Enable enumerating all users/groups', True) } === Errors === No errors """ options = {} # Get the list of available options for all domains options.update(self.schema.get_options('provider')) options.update(self.schema.get_options('domain')) # Candidate for future optimization: will update primary type # for each subtype for (provider, providertype) in self.providers: schema_options = self.schema.get_options('provider/%s' % provider) options.update(schema_options) schema_options = self.schema.get_options('provider/%s/%s' % (provider, providertype)) options.update(schema_options) return options def list_options(self): """ List options available for the currently-configured providers. === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), the translated option description, and the default value (or 'None') as the value. Example: { 'enumerate' : (bool, None, u'Enable enumerating all users/groups', True) } === Errors === No errors """ options = self.list_options_with_mandatory() # Filter out the mandatory field to maintain compatibility # with older versions of the API filtered_options = {} for key in options.keys(): filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4]) return filtered_options def list_mandatory_options(self): """ List mandatory options for the currently-configured providers. === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), the translated option description, and the default value (or 'None') as the value. Example: { 'enumerate' : (bool, None, u'Enable enumerating all users/groups', True) } === Errors === No errors """ options = self.list_options_with_mandatory() # Filter out the mandatory field to maintain compatibility # with older versions of the API filtered_options = {} for key in options.keys(): if options[key][2]: filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4]) return filtered_options def list_provider_options(self, provider, provider_type=None): """ If provider_type is specified, list all options applicable to that target, otherwise list all possible options available for a provider. type: Provider backend type. (e.g. local, ldap, krb5, etc.) provider_type: Subtype of the backend type. (e.g. id, auth, access, chpass) === Returns === A dictionary of configurable options for the specified provider type. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), the translated option description, and the default value (or 'None') as the value. === Errors === NoSuchProviderError: The specified provider is not listed in the schema or plugins NoSuchProviderSubtypeError: The specified provider subtype is not listed in the schema """ #TODO section checking options = self.schema.get_options('provider/%s' % provider) if(provider_type): options.update(self.schema.get_options('provider/%s/%s' % (provider, provider_type))) else: # Add options from all provider subtypes known_providers = self.list_providers() for provider_type in known_providers[provider]: options.update(self.list_provider_options(provider, provider_type)) return options def list_providers(self): """ Return a dictionary of providers. === Returns === Returns a dictionary of providers, keyed on the primary type, with the value being a tuple of the subtypes it supports. Example: { 'ldap' : ('id', 'auth', 'chpass') } === Errors === No Errors """ return self.schema.get_providers() def set_option(self, option, value): """ Set a domain option to the specified value (or values) option: The option to change. value: The value to set. This may be a single value or a list of values. If it is set to None, it resets the option to its default. === Returns === No return value. === Errors === NoOptionError: The specified option is not listed in the schema TypeError: The value specified was not of the expected type """ options = self.list_options() if (option not in options.keys()): raise NoOptionError('Section [%s] has no option [%s]' % (self.name, option)) if value == None: self.remove_option(option) return option_schema = options[option] raise_error = False # If we were expecting a list and didn't get one, # Create a list with a single entry. If it's the # wrong subtype, it will fail below if option_schema[0] == list and type(value) != list: if type(value) == str: value = striplist(value.split(',')) else: value = [value] if type(value) != option_schema[0]: # If it's possible to convert it, do so try: if option_schema[0] == bool and \ type(value) == str: value = self.schema.bool_lookup[value.lower()] elif option_schema[0] == int and type(value) == str: # Make sure we handle any reasonable base value = int(value, 0) else: value = option_schema[0](value) except ValueError: raise_error = True except KeyError: raise_error = True if raise_error: raise TypeError('Expected %s for %s, received %s' % (option_schema[0], option, type(value))) if type(value) == list: # Iterate through the list an ensure that all members # are of the appropriate subtype try: newvalue = [] for x in value: if option_schema[1] == bool and \ type(x) == str: newvalue.extend([self.schema.bool_lookup[x.lower()]]) else: newvalue.extend([option_schema[1](x)]) except ValueError: raise_error = True except KeyError: raise_error = True if raise_error: raise TypeError('Expected %s' % option_schema[1]) value = newvalue # Check whether we're adding a provider entry. is_provider = option.rfind('_provider') if (is_provider > 0): provider = option[:is_provider] try: self.add_provider(value, provider) except NoSuchProviderError: raise NoOptionError else: self.options[option] = value def set_name(self, newname): """ Change the name of the domain newname: New name for this domain === Returns === No return value. === Errors === TypeError: newname was not a string """ if type(newname) != str: raise TypeError if not self.oldname: # Only set the oldname once self.oldname = self.name self.name = newname def add_provider(self, provider, provider_type): """ Add a new provider type to the domain type: Provider backend type. (e.g. local, ldap, krb5, etc.) subtype: Subtype of the backend type. (e.g. id, auth, chpass) === Returns === No return value. === Errors === ProviderSubtypeInUse: Another backend is already providing this subtype NoSuchProviderError: The specified provider is not listed in the schema or plugins NoSuchProviderSubtypeError: The specified provider subtype is not listed in the schema """ # Check that provider and provider_type are valid configured_providers = self.list_providers() if provider in configured_providers.keys(): if provider_type not in configured_providers[provider]: raise NoSuchProviderSubtypeError(provider_type) else: raise NoSuchProviderError # Don't add a provider twice with_this_type = [x for x in self.providers if x[1] == provider_type] if len(with_this_type) > 1: # This should never happen! raise ProviderSubtypeInUse if len(with_this_type) == 1: if with_this_type[0][0] != provider: raise ProviderSubtypeInUse(with_this_type[0][0]) else: self.providers.extend([(provider, provider_type)]) option_name = '%s_provider' % provider_type self.options[option_name] = provider # Add defaults for this provider self.options.update(self.schema.get_defaults('provider/%s' % provider)) self.options.update(self.schema.get_defaults('provider/%s/%s' % (provider, provider_type))) def remove_provider(self, provider_type): """ Remove a provider from the domain. If the provider is not present, it is ignored. provider_type: Subtype of the backend type. (e.g. id, auth, chpass) === Returns === No return value. === Errors === No Errors """ provider = None for (provider, ptype) in self.providers: if ptype == provider_type: break provider = None # Check whether the provider_type was found if not provider: return # Remove any unused options when removing the provider. options = self.list_provider_options(provider, provider_type) # Trim any options that are used by other providers, # if that provider is in use for (prov, ptype) in self.providers: # Ignore the one being removed if (prov, ptype) == (provider, provider_type): continue provider_options = self.list_provider_options(prov, ptype) overlap = options_overlap(options.keys(), provider_options.keys()) for opt in overlap: del options[opt] # We should now have a list of options used only by this # provider. So we remove them. for option in options: if self.options.has_key(option): del self.options[option] # Remove this provider from the option list option = '%s_provider' % provider_type if self.options.has_key(option): del self.options[option] self.providers.remove((provider, provider_type)) class SSSDConfig(SSSDChangeConf): """ class SSSDConfig Primary class for operating on SSSD configurations """ def __init__(self, schemafile=None, schemaplugindir=None): """ Initialize the SSSD config parser/editor. This constructor does not open or create a config file. If the schemafile and schemaplugindir are not passed, it will use the system defaults. schemafile: The path to the api schema config file. Usually @datadir@/sssd/sssd.api.conf schemaplugindir: The path the directory containing the provider schema config files. Usually @datadir@/sssd/sssd.api.d === Returns === The newly-created SSSDConfig object. === Errors === IOError: Exception raised when the schema file could not be opened for reading. ParsingError: The main schema file or one of those in the plugin directory could not be parsed. """ SSSDChangeConf.__init__(self) self.schema = SSSDConfigSchema(schemafile, schemaplugindir) self.configfile = None self.initialized = False self.API_VERSION = 2 def import_config(self,configfile=None): """ Read in a config file, populating all of the service and domain objects with the read values. configfile: The path to the SSSD config file. If not specified, use the system default, usually @sysconfdir@/sssd.conf === Returns === No return value === Errors === IOError: Exception raised when the file could not be opened for reading ParsingError: Exception raised when errors occur attempting to parse a file. AlreadyInitializedError: This SSSDConfig object was already initialized by a call to import_config() or new_config() """ if self.initialized: raise AlreadyInitializedError if not configfile: #TODO: get this from a global setting configfile = '@sysconfdir@/sssd/sssd.conf' # open will raise an IOError if it fails fd = open(configfile, 'r') try: self.readfp(fd) except: raise ParsingError fd.close() self.configfile = configfile self.initialized = True try: if int(self.get('sssd', 'config_file_version')) != self.API_VERSION: raise ParsingError("Wrong config_file_version") except: # Either the 'sssd' section or the 'config_file_version' was not # present in the config file raise ParsingError("File contains no config_file_version") def new_config(self): """ Initialize the SSSDConfig object with the defaults from the schema. === Returns === No return value === Errors === AlreadyInitializedError: This SSSDConfig object was already initialized by a call to import_config() or new_config() """ if self.initialized: raise AlreadyInitializedError self.initialized = True #Initialize all services for servicename in self.schema.get_services(): service = self.new_service(servicename) def write(self, outputfile=None): """ Write out the configuration to a file. outputfile: The path to write the new config file. If it is not specified, it will use the path specified by the import() call. === Returns === No return value === Errors === IOError: Exception raised when the file could not be opened for writing NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoOutputFileError: No outputfile was specified and this SSSDConfig object was not initialized by import() """ if not self.initialized: raise NotInitializedError if outputfile == None: if(self.configfile == None): raise NoOutputFileError outputfile = self.configfile # open() will raise IOError if it fails old_umask = os.umask(0177) of = open(outputfile, "wb") output = self.dump(self.opts) of.write(output) of.close() os.umask(old_umask) def list_active_services(self): """ Return a list of all active services. === Returns === The list of active services. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if (self.has_option('sssd', 'services')): active_services = striplist(self.get('sssd', 'services').split(',')) service_dict = dict.fromkeys(active_services) if service_dict.has_key(''): del service_dict[''] # Remove any entries in this list that don't # correspond to an active service, for integrity configured_services = self.list_services() for srv in service_dict.keys(): if srv not in configured_services: del service_dict[srv] active_services = service_dict.keys() else: active_services = [] return active_services def list_inactive_services(self): """ Return a list of all disabled services. === Returns === The list of inactive services. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if (self.has_option('sssd', 'services')): active_services = striplist(self.get('sssd', 'services').split(',')) else: active_services = [] services = [x for x in self.list_services() if x not in active_services] return services def list_services(self): """ Retrieve a list of known services. === Returns === The list of known services. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError service_list = [x['name'] for x in self.sections() if not x['name'].startswith('domain') ] return service_list def get_service(self, name): """ Get an SSSDService object to edit a service. name: The name of the service to return. === Returns === An SSSDService instance containing the current state of a service in the SSSDConfig === Errors === NoServiceError: There is no such service with the specified name in the SSSDConfig. NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if not self.has_section(name): raise NoServiceError service = SSSDService(name, self.schema) for opt in self.strip_comments_empty(self.options(name)): try: service.set_option(opt['name'], opt['value']) except NoOptionError: # If we come across an option that we don't recognize, # we should just ignore it and continue pass return service def new_service(self, name): """ Create a new service from the defaults and return the SSSDService object for it. This function will also add this service to the list of active services in the [SSSD] section. name: The name of the service to create and return. === Returns === The newly-created SSSDService object === Errors === ServiceNotRecognizedError: There is no such service in the schema. ServiceAlreadyExistsError: The service being created already exists in the SSSDConfig object. NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if (self.has_section(name)): raise ServiceAlreadyExists(name) service = SSSDService(name, self.schema) self.save_service(service) return service def activate_service(self, name): """ Activate a service name: The name of the service to activate === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoServiceError: There is no such service with the specified name in the SSSDConfig. """ if not self.initialized: raise NotInitializedError if name not in self.list_services(): raise NoServiceError item = self.get_option_index('sssd', 'services')[1] if not item: self.set('sssd','services', name) return # Turn the items into a set of dictionary keys # This guarantees uniqueness and makes it easy # to add a new value service_dict = dict.fromkeys(striplist(item['value'].split(','))) if service_dict.has_key(''): del service_dict[''] # Add a new key for the service being activated service_dict[name] = None # Write out the joined keys self.set('sssd','services', ", ".join(service_dict.keys())) def deactivate_service(self, name): """ Deactivate a service name: The name of the service to deactivate === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoServiceError: There is no such service with the specified name in the SSSDConfig. """ if not self.initialized: raise NotInitializedError if name not in self.list_services(): raise NoServiceError item = self.get_option_index('sssd', 'services')[1] if not item: self.set('sssd','services', '') return # Turn the items into a set of dictionary keys # This guarantees uniqueness and makes it easy # to remove the one unwanted value. service_dict = dict.fromkeys(striplist(item['value'].split(','))) if service_dict.has_key(''): del service_dict[''] # Remove the unwanted service from the lest if service_dict.has_key(name): del service_dict[name] # Write out the joined keys self.set('sssd','services', ", ".join(service_dict.keys())) def delete_service(self, name): """ Remove a service from the SSSDConfig object. This function will also remove this service from the list of active services in the [SSSD] section. Has no effect if the service does not exist. === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError self.delete_option('section', name) def save_service(self, service): """ Save the changes made to the service object back to the SSSDConfig object. service_object: The SSSDService object to save to the configuration. === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. TypeError: service_object was not of the type SSSDService """ if not self.initialized: raise NotInitializedError if not isinstance(service, SSSDService): raise TypeError name = service.get_name() # Ensure that the existing section is removed # This way we ensure that we are getting a # complete copy of the service. # delete_option() is a noop if the section # does not exist. index = self.delete_option('section', name) addkw = [] for option,value in service.get_all_options().items(): if (type(value) == list): value = ', '.join(value) addkw.append( { 'type' : 'option', 'name' : option, 'value' : str(value) } ) self.add_section(name, addkw, index) def list_active_domains(self): """ Return a list of all active domains. === Returns === The list of configured, active domains. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if (self.has_option('sssd', 'domains')): active_domains = striplist(self.get('sssd', 'domains').split(',')) domain_dict = dict.fromkeys(active_domains) if domain_dict.has_key(''): del domain_dict[''] # Remove any entries in this list that don't # correspond to an active domain, for integrity configured_domains = self.list_domains() for dom in domain_dict.keys(): if dom not in configured_domains: del domain_dict[dom] active_domains = domain_dict.keys() else: active_domains = [] return active_domains def list_inactive_domains(self): """ Return a list of all configured, but disabled domains. === Returns === The list of configured, inactive domains. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if (self.has_option('sssd', 'domains')): active_domains = striplist(self.get('sssd', 'domains').split(',')) else: active_domains = [] domains = [x for x in self.list_domains() if x not in active_domains] return domains def list_domains(self): """ Return a list of all configured domains, including inactive domains. === Returns === The list of configured domains, both active and inactive. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError domains = [x['name'][7:] for x in self.sections() if x['name'].startswith('domain/')] return domains def get_domain(self, name): """ Get an SSSDDomain object to edit a domain. name: The name of the domain to return. === Returns === An SSSDDomain instance containing the current state of a domain in the SSSDConfig === Errors === NoDomainError: There is no such domain with the specified name in the SSSDConfig. NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if not self.has_section('domain/%s' % name): raise NoDomainError(name) domain = SSSDDomain(name, self.schema) # Read in the providers first or we may have type # errors trying to read in their options providers = [ (x['name'],x['value']) for x in self.strip_comments_empty(self.options('domain/%s' % name)) if x['name'].rfind('_provider') > 0] for (option, value) in providers: try: domain.set_option(option, value) except NoOptionError: # If we come across an option that we don't recognize, # we should just ignore it and continue pass # Read in all the options from the configuration for opt in self.strip_comments_empty(self.options('domain/%s' % name)): if (opt['name'], opt['value']) not in providers: try: domain.set_option(opt['name'], opt['value']) except NoOptionError: # If we come across an option that we don't recognize, # we should just ignore it and continue pass # Determine if this domain is currently active domain.active = self.is_domain_active(name) return domain def new_domain(self, name): """ Create a new, empty domain and return the SSSDDomain object for it. name: The name of the domain to create and return. === Returns === The newly-created SSSDDomain object === Errors === DomainAlreadyExistsError: The service being created already exists in the SSSDConfig object. NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if self.has_section('domain/%s' % name): raise DomainAlreadyExistsError domain = SSSDDomain(name, self.schema) self.save_domain(domain) return domain def is_domain_active(self, name): """ Is a particular domain set active name: The name of the configured domain to check === Returns === True if the domain is active, False if it is inactive === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoDomainError: No domain by this name is configured """ if not self.initialized: raise NotInitializedError if name not in self.list_domains(): raise NoDomainError return name in self.list_active_domains() def activate_domain(self, name): """ Activate a configured domain name: The name of the configured domain to activate === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoDomainError: No domain by this name is configured """ if not self.initialized: raise NotInitializedError if name not in self.list_domains(): raise NoDomainError item = self.get_option_index('sssd', 'domains')[1] if not item: self.set('sssd','domains', name) return # Turn the items into a set of dictionary keys # This guarantees uniqueness and makes it easy # to add a new value domain_dict = dict.fromkeys(striplist(item['value'].split(','))) if domain_dict.has_key(''): del domain_dict[''] # Add a new key for the domain being activated domain_dict[name] = None # Write out the joined keys self.set('sssd','domains', ", ".join(domain_dict.keys())) def deactivate_domain(self, name): """ Deactivate a configured domain name: The name of the configured domain to deactivate === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoDomainError: No domain by this name is configured """ if not self.initialized: raise NotInitializedError if name not in self.list_domains(): raise NoDomainError item = self.get_option_index('sssd', 'domains')[1] if not item: self.set('sssd','domains', '') return # Turn the items into a set of dictionary keys # This guarantees uniqueness and makes it easy # to remove the one unwanted value. domain_dict = dict.fromkeys(striplist(item['value'].split(','))) if domain_dict.has_key(''): del domain_dict[''] # Remove the unwanted domain from the lest if domain_dict.has_key(name): del domain_dict[name] # Write out the joined keys self.set('sssd','domains', ", ".join(domain_dict.keys())) def delete_domain(self, name): """ Remove a domain from the SSSDConfig object. This function will also remove this domain from the list of active domains in the [SSSD] section, if it is there. === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError # Remove the domain from the active domains list if applicable self.deactivate_domain(name) self.delete_option('section', 'domain/%s' % name) def save_domain(self, domain): """ Save the changes made to the domain object back to the SSSDConfig object. If this domain is marked active, ensure it is present in the active domain list in the [SSSD] section domain_object: The SSSDDomain object to save to the configuration. === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. TypeError: domain_object was not of type SSSDDomain """ if not self.initialized: raise NotInitializedError if not isinstance(domain, SSSDDomain): raise TypeError name = domain.get_name() oldindex = None if domain.oldname and domain.oldname != name: # We are renaming this domain # Remove the old section self.deactivate_domain(domain.oldname) oldindex = self.delete_option('section', 'domain/%s' % domain.oldname) # Reset the oldname, in case we're not done with # this domain object. domain.oldname = None; sectionname = 'domain/%s' % name (no, section_subtree) = self.findOpts(self.opts, 'section', sectionname) if name not in self.list_domains(): self.add_section(sectionname, []); for option in self.options(sectionname): if option['type'] == 'option': if option['name'] not in domain.get_all_options(): self.delete_option_subtree(section_subtree['value'], 'option', option['name'], True) for option,value in domain.get_all_options().items(): if (type(value) == list): value = ', '.join(value) self.set(sectionname, option, str(value)) if domain.active: self.activate_domain(name) else: self.deactivate_domain(name) �������������������������������������������������������������������sssd-1.11.5/src/config/SSSDConfig/PaxHeaders.13173/__init__.py��������������������������������������0000644�0000000�0000000�00000000132�12320753520�021614� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954960.480875817 30 atime=1396954961.053875394 30 ctime=1396954961.374875157 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/SSSDConfig/__init__.py�������������������������������������������������������0000664�0024127�0024127�00000230727�12320753520�022056� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������''' Created on Sep 18, 2009 @author: sgallagh ''' import os import gettext import exceptions from ipachangeconf import SSSDChangeConf # Exceptions class SSSDConfigException(Exception): pass class ParsingError(Exception): pass class AlreadyInitializedError(SSSDConfigException): pass class NotInitializedError(SSSDConfigException): pass class NoOutputFileError(SSSDConfigException): pass class NoServiceError(SSSDConfigException): pass class NoSectionError(SSSDConfigException): pass class NoOptionError(SSSDConfigException): pass class ServiceNotRecognizedError(SSSDConfigException): pass class ServiceAlreadyExists(SSSDConfigException): pass class NoDomainError(SSSDConfigException): pass class DomainNotRecognized(SSSDConfigException): pass class DomainAlreadyExistsError(SSSDConfigException): pass class NoSuchProviderError(SSSDConfigException): pass class NoSuchProviderSubtypeError(SSSDConfigException): pass class ProviderSubtypeInUse(SSSDConfigException): pass PACKAGE = 'sss_daemon' LOCALEDIR = '/usr/share/locale' translation = gettext.translation(PACKAGE, LOCALEDIR, fallback=True) _ = translation.ugettext # TODO: This needs to be made external option_strings = { # [service] 'debug_level' : _('Set the verbosity of the debug logging'), 'debug_timestamps' : _('Include timestamps in debug logs'), 'debug_microseconds' : _('Include microseconds in timestamps in debug logs'), 'debug_to_files' : _('Write debug messages to logfiles'), 'timeout' : _('Ping timeout before restarting service'), 'force_timeout' : _('Timeout between three failed ping checks and forcibly killing the service'), 'command' : _('Command to start service'), 'reconnection_retries' : _('Number of times to attempt connection to Data Providers'), 'fd_limit' : _('The number of file descriptors that may be opened by this responder'), 'client_idle_timeout' : _('Idle time before automatic disconnection of a client'), # [sssd] 'services' : _('SSSD Services to start'), 'domains' : _('SSSD Domains to start'), 'sbus_timeout' : _('Timeout for messages sent over the SBUS'), 're_expression' : _('Regex to parse username and domain'), 'full_name_format' : _('Printf-compatible format for displaying fully-qualified names'), 'krb5_rcache_dir' : _('Directory on the filesystem where SSSD should store Kerberos replay cache files.'), 'default_domain_suffix' : _('Domain to add to names without a domain component.'), # [nss] 'enum_cache_timeout' : _('Enumeration cache timeout length (seconds)'), 'entry_cache_no_wait_timeout' : _('Entry cache background update timeout length (seconds)'), 'entry_negative_timeout' : _('Negative cache timeout length (seconds)'), 'filter_users' : _('Users that SSSD should explicitly ignore'), 'filter_groups' : _('Groups that SSSD should explicitly ignore'), 'filter_users_in_groups' : _('Should filtered users appear in groups'), 'pwfield' : _('The value of the password field the NSS provider should return'), 'override_homedir' : _('Override homedir value from the identity provider with this value'), 'fallback_homedir' : _('Substitute empty homedir value from the identity provider with this value'), 'override_shell': _('Override shell value from the identity provider with this value'), 'allowed_shells' : _('The list of shells users are allowed to log in with'), 'vetoed_shells' : _('The list of shells that will be vetoed, and replaced with the fallback shell'), 'shell_fallback' : _('If a shell stored in central directory is allowed but not available, use this fallback'), 'default_shell': _('Shell to use if the provider does not list one'), 'memcache_timeout': _('How long will be in-memory cache records valid'), # [pam] 'offline_credentials_expiration' : _('How long to allow cached logins between online logins (days)'), 'offline_failed_login_attempts' : _('How many failed logins attempts are allowed when offline'), 'offline_failed_login_delay' : _('How long (minutes) to deny login after offline_failed_login_attempts has been reached'), 'pam_verbosity' : _('What kind of messages are displayed to the user during authentication'), 'pam_id_timeout' : _('How many seconds to keep identity information cached for PAM requests'), 'pam_pwd_expiration_warning' : _('How many days before password expiration a warning should be displayed'), # [sudo] 'sudo_timed' : _('Whether to evaluate the time-based attributes in sudo rules'), # [autofs] 'autofs_negative_timeout' : _('Negative cache timeout length (seconds)'), # [ssh] 'ssh_hash_known_hosts': _('Whether to hash host names and addresses in the known_hosts file'), 'ssh_known_hosts_timeout': _('How many seconds to keep a host in the known_hosts file after its host keys were requested'), # [pac] 'allowed_uids': _('List of UIDs or user names allowed to access the PAC responder'), # [provider] 'id_provider' : _('Identity provider'), 'auth_provider' : _('Authentication provider'), 'access_provider' : _('Access control provider'), 'chpass_provider' : _('Password change provider'), 'sudo_provider' : _('SUDO provider'), 'autofs_provider' : _('Autofs provider'), 'session_provider' : _('Session-loading provider'), 'hostid_provider' : _('Host identity provider'), # [domain] 'min_id' : _('Minimum user ID'), 'max_id' : _('Maximum user ID'), 'enumerate' : _('Enable enumerating all users/groups'), 'cache_credentials' : _('Cache credentials for offline login'), 'store_legacy_passwords' : _('Store password hashes'), 'use_fully_qualified_names' : _('Display users/groups in fully-qualified form'), 'ignore_group_members' : _('Don\'t include group members in group lookups'), 'entry_cache_timeout' : _('Entry cache timeout length (seconds)'), 'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'), 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'), 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'), 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), 'override_gid' : _('Override GID value from the identity provider with this value'), 'case_sensitive' : _('Treat usernames as case sensitive'), 'entry_cache_user_timeout' : _('Entry cache timeout length (seconds)'), 'entry_cache_group_timeout' : _('Entry cache timeout length (seconds)'), 'entry_cache_netgroup_timeout' : _('Entry cache timeout length (seconds)'), 'entry_cache_service_timeout' : _('Entry cache timeout length (seconds)'), 'entry_cache_autofs_timeout' : _('Entry cache timeout length (seconds)'), 'entry_cache_sudo_timeout' : _('Entry cache timeout length (seconds)'), 'refresh_expired_interval' : _('How often should expired entries be refreshed in background'), 'dyndns_update' : _("Whether to automatically update the client's DNS entry"), 'dyndns_ttl' : _("The TTL to apply to the client's DNS entry after updating it"), 'dyndns_iface' : _("The interface whose IP should be used for dynamic DNS updates"), 'dyndns_refresh_interval' : _("How often to periodically update the client's DNS entry"), 'dyndns_update_ptr' : _("Whether the provider should explicitly update the PTR record as well"), 'dyndns_force_tcp' : _("Whether the nsupdate utility should default to using TCP"), 'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"), 'subdomain_enumerate' : _('Control enumeration of trusted domains'), 'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), 'ipa_server' : _('IPA server address'), 'ipa_backup_server' : _('Address of backup IPA server'), 'ipa_hostname' : _('IPA client hostname'), 'ipa_dyndns_update' : _("Whether to automatically update the client's DNS entry in FreeIPA"), 'ipa_dyndns_ttl' : _("The TTL to apply to the client's DNS entry after updating it"), 'ipa_dyndns_iface' : _("The interface whose IP should be used for dynamic DNS updates"), 'ipa_hbac_search_base' : _("Search base for HBAC related objects"), 'ipa_hbac_refresh' : _("The amount of time between lookups of the HBAC rules against the IPA server"), 'ipa_selinux_refresh' : _("The amount of time in seconds between lookups of the SELinux maps against the IPA server"), 'ipa_hbac_treat_deny_as' : _("If DENY rules are present, either DENY_ALL or IGNORE"), 'ipa_hbac_support_srchost' : _("If set to false, host argument given by PAM will be ignored"), 'ipa_automount_location' : _("The automounter location this IPA client is using"), 'ipa_master_domain_search_base': _("Search base for object containing info about IPA domain"), 'ipa_ranges_search_base': _("Search base for objects containing info about ID ranges"), 'ipa_enable_dns_sites': _("Enable DNS sites - location based service discovery"), # [provider/ad] 'ad_domain' : _('Active Directory domain'), 'ad_server' : _('Active Directory server address'), 'ad_backup_server' : _('Active Directory backup server address'), 'ad_hostname' : _('Active Directory client hostname'), 'ad_enable_dns_sites' : _('Enable DNS sites - location based service discovery'), # [provider/krb5] 'krb5_kdcip' : _('Kerberos server address'), 'krb5_server' : _('Kerberos server address'), 'krb5_backup_server' : _('Kerberos backup server address'), 'krb5_realm' : _('Kerberos realm'), 'krb5_auth_timeout' : _('Authentication timeout'), 'krb5_use_kdcinfo' : _('Whether to create kdcinfo files'), # [provider/krb5/auth] 'krb5_ccachedir' : _('Directory to store credential caches'), 'krb5_ccname_template' : _("Location of the user's credential cache"), 'krb5_keytab' : _("Location of the keytab to validate credentials"), 'krb5_validate' : _("Enable credential validation"), 'krb5_store_password_if_offline' : _("Store password if offline for later online authentication"), 'krb5_renewable_lifetime' : _("Renewable lifetime of the TGT"), 'krb5_lifetime' : _("Lifetime of the TGT"), 'krb5_renew_interval' : _("Time between two checks for renewal"), 'krb5_use_fast' : _("Enables FAST"), 'krb5_fast_principal' : _("Selects the principal to use for FAST"), 'krb5_canonicalize' : _("Enables principal canonicalization"), 'krb5_use_enterprise_principal' : _("Enables enterprise principals"), # [provider/krb5/chpass] 'krb5_kpasswd' : _('Server where the change password service is running if not on the KDC'), 'krb5_backup_kpasswd' : _('Server where the change password service is running if not on the KDC'), # [provider/ldap] 'ldap_uri' : _('ldap_uri, The URI of the LDAP server'), 'ldap_backup_uri' : _('ldap_backup_uri, The URI of the LDAP server'), 'ldap_search_base' : _('The default base DN'), 'ldap_schema' : _('The Schema Type in use on the LDAP server, rfc2307'), 'ldap_default_bind_dn' : _('The default bind DN'), 'ldap_default_authtok_type' : _('The type of the authentication token of the default bind DN'), 'ldap_default_authtok' : _('The authentication token of the default bind DN'), 'ldap_network_timeout' : _('Length of time to attempt connection'), 'ldap_opt_timeout' : _('Length of time to attempt synchronous LDAP operations'), 'ldap_offline_timeout' : _('Length of time between attempts to reconnect while offline'), 'ldap_force_upper_case_realm' : _('Use only the upper case for realm names'), 'ldap_tls_cacert' : _('File that contains CA certificates'), 'ldap_tls_cacertdir' : _('Path to CA certificate directory'), 'ldap_tls_cert' : _('File that contains the client certificate'), 'ldap_tls_key' :_('File that contains the client key'), 'ldap_tls_cipher_suite' :_('List of possible ciphers suites'), 'ldap_tls_reqcert' : _('Require TLS certificate verification'), 'ldap_sasl_mech' : _('Specify the sasl mechanism to use'), 'ldap_sasl_authid' : _('Specify the sasl authorization id to use'), 'ldap_sasl_realm' : _('Specify the sasl authorization realm to use'), 'ldap_sasl_minssf' : _('Specify the minimal SSF for LDAP sasl authorization'), 'ldap_krb5_keytab' : _('Kerberos service keytab'), 'ldap_krb5_init_creds' : _('Use Kerberos auth for LDAP connection'), 'ldap_referrals' : _('Follow LDAP referrals'), 'ldap_krb5_ticket_lifetime' : _('Lifetime of TGT for LDAP connection'), 'ldap_deref' : _('How to dereference aliases'), 'ldap_dns_service_name' : _('Service name for DNS service lookups'), 'ldap_page_size' : _('The number of records to retrieve in a single LDAP query'), 'ldap_deref_threshold' : _('The number of members that must be missing to trigger a full deref'), 'ldap_sasl_canonicalize' : _('Whether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bind'), 'ldap_entry_usn' : _('entryUSN attribute'), 'ldap_rootdse_last_usn' : _('lastUSN attribute'), 'ldap_connection_expiration_timeout' : _('How long to retain a connection to the LDAP server before disconnecting'), 'ldap_disable_paging' : _('Disable the LDAP paging control'), 'ldap_disable_range_retrieval' : _('Disable Active Directory range retrieval'), # [provider/ldap/id] 'ldap_search_timeout' : _('Length of time to wait for a search request'), 'ldap_enumeration_search_timeout' : _('Length of time to wait for a enumeration request'), 'ldap_enumeration_refresh_timeout' : _('Length of time between enumeration updates'), 'ldap_purge_cache_timeout' : _('Length of time between cache cleanups'), 'ldap_id_use_start_tls' : _('Require TLS for ID lookups'), 'ldap_id_mapping' : _('Use ID-mapping of objectSID instead of pre-set IDs'), 'ldap_user_search_base' : _('Base DN for user lookups'), 'ldap_user_search_scope' : _('Scope of user lookups'), 'ldap_user_search_filter' : _('Filter for user lookups'), 'ldap_user_object_class' : _('Objectclass for users'), 'ldap_user_name' : _('Username attribute'), #not used # 'ldap_user_pwd' :_('Password attribute'), 'ldap_user_uid_number' : _('UID attribute'), 'ldap_user_gid_number' : _('Primary GID attribute'), 'ldap_user_gecos' : _('GECOS attribute'), 'ldap_user_home_directory' : _('Home directory attribute'), 'ldap_user_shell' : _('Shell attribute'), 'ldap_user_uuid' : _('UUID attribute'), 'ldap_user_objectsid' : _("objectSID attribute"), 'ldap_user_primary_group' : _('Active Directory primary group attribute for ID-mapping'), 'ldap_user_principal' : _('User principal attribute (for Kerberos)'), 'ldap_user_fullname' : _('Full Name'), 'ldap_user_member_of' : _('memberOf attribute'), 'ldap_user_modify_timestamp' : _('Modification time attribute'), #replaced by ldap_entry_usn# 'ldap_user_entry_usn' : _('entryUSN attribute'), 'ldap_user_shadow_last_change' : _('shadowLastChange attribute'), 'ldap_user_shadow_min' : _('shadowMin attribute'), 'ldap_user_shadow_max' : _('shadowMax attribute'), 'ldap_user_shadow_warning' : _('shadowWarning attribute'), 'ldap_user_shadow_inactive' : _('shadowInactive attribute'), 'ldap_user_shadow_expire' : _('shadowExpire attribute'), 'ldap_user_shadow_flag' : _('shadowFlag attribute'), 'ldap_user_authorized_service' : _('Attribute listing authorized PAM services'), 'ldap_user_authorized_host' : _('Attribute listing authorized server hosts'), 'ldap_user_krb_last_pwd_change' : _('krbLastPwdChange attribute'), 'ldap_user_krb_password_expiration' : _('krbPasswordExpiration attribute'), 'ldap_pwd_attribute' : _('Attribute indicating that server side password policies are active'), 'ldap_user_ad_account_expires' : _('accountExpires attribute of AD'), 'ldap_user_ad_user_account_control' : _('userAccountControl attribute of AD'), 'ldap_ns_account_lock' : _('nsAccountLock attribute'), 'ldap_user_nds_login_disabled' : _('loginDisabled attribute of NDS'), 'ldap_user_nds_login_expiration_time' : _('loginExpirationTime attribute of NDS'), 'ldap_user_nds_login_allowed_time_map' : _('loginAllowedTimeMap attribute of NDS'), 'ldap_user_ssh_public_key' : _('SSH public key attribute'), 'ldap_group_search_base' : _('Base DN for group lookups'), # not used # 'ldap_group_search_scope' : _('Scope of group lookups'), # not used # 'ldap_group_search_filter' : _('Filter for group lookups'), 'ldap_group_object_class' : _('Objectclass for groups'), 'ldap_group_name' : _('Group name'), 'ldap_group_pwd' : _('Group password'), 'ldap_group_gid_number' : _('GID attribute'), 'ldap_group_member' : _('Group member attribute'), 'ldap_group_uuid' : _('Group UUID attribute'), 'ldap_group_objectsid' : _("objectSID attribute"), 'ldap_group_modify_timestamp' : _('Modification time attribute for groups'), 'ldap_group_type' : _('Type of the group and other flags'), #replaced by ldap_entry_usn# 'ldap_group_entry_usn' : _('entryUSN attribute'), 'ldap_group_nesting_level' : _('Maximum nesting level SSSd will follow'), 'ldap_netgroup_search_base' : _('Base DN for netgroup lookups'), 'ldap_netgroup_object_class' : _('Objectclass for netgroups'), 'ldap_netgroup_name' : _('Netgroup name'), 'ldap_netgroup_member' : _('Netgroups members attribute'), 'ldap_netgroup_triple' : _('Netgroup triple attribute'), 'ldap_netgroup_uuid' : _('Netgroup UUID attribute'), 'ldap_netgroup_modify_timestamp' : _('Modification time attribute for netgroups'), 'ldap_service_search_base' : _('Base DN for service lookups'), 'ldap_service_object_class' : _('Objectclass for services'), 'ldap_service_name' : _('Service name attribute'), 'ldap_service_port' : _('Service port attribute'), 'ldap_service_proto' : _('Service protocol attribute'), #replaced by ldap_entry_usn# 'ldap_service_entry_usn' : _('Service entryUSN attribute'), 'ldap_idmap_range_min' : _('Lower bound for ID-mapping'), 'ldap_idmap_range_max' : _('Upper bound for ID-mapping'), 'ldap_idmap_range_size' : _('Number of IDs for each slice when ID-mapping'), 'ldap_idmap_autorid_compat' : _('Use autorid-compatible algorithm for ID-mapping'), 'ldap_idmap_default_domain' : _('Name of the default domain for ID-mapping'), 'ldap_idmap_default_domain_sid' : _('SID of the default domain for ID-mapping'), 'ldap_groups_use_matching_rule_in_chain' : _('Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups'), 'ldap_initgroups_use_matching_rule_in_chain' : _('Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups'), 'ldap_min_id' : _('Set lower boundary for allowed IDs from the LDAP server'), 'ldap_max_id' : _('Set upper boundary for allowed IDs from the LDAP server'), # [provider/ldap/auth] 'ldap_pwd_policy' : _('Policy to evaluate the password expiration'), # [provider/ldap/access] 'ldap_access_filter' : _('LDAP filter to determine access privileges'), 'ldap_account_expire_policy' : _('Which attributes shall be used to evaluate if an account is expired'), 'ldap_access_order' : _('Which rules should be used to evaluate access control'), # [provider/ldap/chpass] 'ldap_chpass_uri' : _('URI of an LDAP server where password changes are allowed'), 'ldap_chpass_backup_uri' : _('URI of a backup LDAP server where password changes are allowed'), 'ldap_chpass_dns_service_name' : _('DNS service name for LDAP password change server'), 'ldap_chpass_update_last_change' : _('Whether to update the ldap_user_shadow_last_change attribute after a password change'), # [provider/ldap/sudo] 'ldap_sudo_search_base' : _('Base DN for sudo rules lookups'), 'ldap_sudo_full_refresh_interval' : _('Automatic full refresh period'), 'ldap_sudo_smart_refresh_interval' : _('Automatic smart refresh period'), 'ldap_sudo_use_host_filter' : _('Whether to filter rules by hostname, IP addresses and network'), 'ldap_sudo_hostnames' : _('Hostnames and/or fully qualified domain names of this machine to filter sudo rules'), 'ldap_sudo_ip' : _('IPv4 or IPv6 addresses or network of this machine to filter sudo rules'), 'ldap_sudo_include_netgroups' : _('Whether to include rules that contains netgroup in host attribute'), 'ldap_sudo_include_regexp' : _('Whether to include rules that contains regular expression in host attribute'), 'ldap_sudorule_object_class' : _('Object class for sudo rules'), 'ldap_sudorule_name' : _('Sudo rule name'), 'ldap_sudorule_command' : _('Sudo rule command attribute'), 'ldap_sudorule_host' : _('Sudo rule host attribute'), 'ldap_sudorule_user' : _('Sudo rule user attribute'), 'ldap_sudorule_option' : _('Sudo rule option attribute'), 'ldap_sudorule_runasuser' : _('Sudo rule runasuser attribute'), 'ldap_sudorule_runasgroup' : _('Sudo rule runasgroup attribute'), 'ldap_sudorule_notbefore' : _('Sudo rule notbefore attribute'), 'ldap_sudorule_notafter' : _('Sudo rule notafter attribute'), 'ldap_sudorule_order' : _('Sudo rule order attribute'), # [provider/ldap/autofs] 'ldap_autofs_map_object_class' : _('Object class for automounter maps'), 'ldap_autofs_map_name' : _('Automounter map name attribute'), 'ldap_autofs_entry_object_class' : _('Object class for automounter map entries'), 'ldap_autofs_entry_key' : _('Automounter map entry key attribute'), 'ldap_autofs_entry_value' : _('Automounter map entry value attribute'), 'ldap_autofs_search_base' : _('Base DN for automounter map lookups'), # [provider/simple/access] 'simple_allow_users' : _('Comma separated list of allowed users'), 'simple_deny_users' : _('Comma separated list of prohibited users'), # [provider/local/id] 'default_shell' : _('Default shell, /bin/bash'), 'base_directory' : _('Base for home directories'), # [provider/proxy/id] 'proxy_lib_name' : _('The name of the NSS library to use'), 'proxy_fast_alias' : _('Whether to look up canonical group name from cache if possible'), # [provider/proxy/auth] 'proxy_pam_target' : _('PAM stack to use') } def striplist(l): return([x.strip() for x in l]) def options_overlap(options1, options2): overlap = [] for option in options1: if option in options2: overlap.append(option) return overlap class SSSDConfigSchema(SSSDChangeConf): def __init__(self, schemafile, schemaplugindir): SSSDChangeConf.__init__(self) #TODO: get these from a global setting if not schemafile: schemafile = '${prefix}/share/sssd/sssd.api.conf' if not schemaplugindir: schemaplugindir = '${prefix}/share/sssd/sssd.api.d' try: #Read the primary config file fd = open(schemafile, 'r') self.readfp(fd) fd.close() # Read in the provider files for file in os.listdir(schemaplugindir): fd = open(schemaplugindir+ "/" + file) self.readfp(fd) fd.close() except IOError: raise except SyntaxError: # can be raised with readfp raise ParsingError # Set up lookup table for types self.type_lookup = { 'bool' : bool, 'int' : int, 'long' : long, 'float': float, 'str' : str, 'list' : list, 'None' : None } # Lookup table for acceptable boolean values self.bool_lookup = { 'false' : False, 'true' : True, } def get_options(self, section): if not self.has_section(section): raise NoSectionError options = self.options(section) # Indexes PRIMARY_TYPE = 0 SUBTYPE = 1 MANDATORY = 2 DEFAULT = 3 # Parse values parsed_options = {} for option in self.strip_comments_empty(options): unparsed_option = option['value'] split_option = striplist(unparsed_option.split(',')) optionlen = len(split_option) primarytype = self.type_lookup[split_option[PRIMARY_TYPE]] subtype = self.type_lookup[split_option[SUBTYPE]] mandatory = self.bool_lookup[split_option[MANDATORY]] if option_strings.has_key(option['name']): desc = option_strings[option['name']] else: desc = None if optionlen == 3: # This option has no defaults parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, None) elif optionlen == 4: if type(split_option[DEFAULT]) == primarytype: parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, split_option[DEFAULT]) elif primarytype == list: if (type(split_option[DEFAULT]) == subtype): parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, [split_option[DEFAULT]]) else: try: if subtype == bool and \ type(split_option[DEFAULT]) == str: parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, [self.bool_lookup[split_option[DEFAULT].lower()]]) else: parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, [subtype(split_option[DEFAULT])]) except ValueError, KeyError: raise ParsingError else: try: if primarytype == bool and \ type(split_option[DEFAULT]) == str: parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, self.bool_lookup[split_option[DEFAULT].lower()]) else: parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, primarytype(split_option[DEFAULT])) except ValueError, KeyError: raise ParsingError elif optionlen > 4: if (primarytype != list): raise ParsingError fixed_options = [] for x in split_option[DEFAULT:]: if type(x) != subtype: try: if (subtype == bool and type(x) == str): newvalue = self.bool_lookup[x.lower()] else: newvalue = subtype(x) fixed_options.extend([newvalue]) except ValueError, KeyError: raise ParsingError else: fixed_options.extend([x]) parsed_options[option['name']] = \ (primarytype, subtype, mandatory, desc, fixed_options) else: # Bad config file raise ParsingError return parsed_options def get_option(self, section, option): if not self.has_section(section): raise NoSectionError(section) if not self.has_option(section, option): raise NoOptionError("Section [%s] has no option [%s]" % (section, option)) return self.get_options(section)[option] def get_defaults(self, section): if not self.has_section(section): raise NoSectionError(section) schema_options = self.get_options(section) defaults = dict([(x,schema_options[x][4]) for x in schema_options.keys() if schema_options[x][4] != None]) return defaults def get_services(self): service_list = [x['name'] for x in self.sections() if x['name'] != 'service' and not x['name'].startswith('domain') and not x['name'].startswith('provider')] return service_list def get_providers(self): providers = {} for section in self.sections(): splitsection = section['name'].split('/') if (splitsection[0] == 'provider'): if(len(splitsection) == 3): if not providers.has_key(splitsection[1]): providers[splitsection[1]] = [] providers[splitsection[1]].extend([splitsection[2]]) for key in providers.keys(): providers[key] = tuple(providers[key]) return providers class SSSDConfigObject(object): def __init__(self): self.name = None self.options = {} def get_name(self): """ Return the name of the this object === Returns === The domain name === Errors === No errors """ return self.name def get_option(self, optionname): """ Return the value of an service option optionname: The option to get. === Returns === The value for the requested option. === Errors === NoOptionError: The specified option was not listed in the service """ if optionname in self.options.keys(): return self.options[optionname] raise NoOptionError(optionname) def get_all_options(self): """ Return a dictionary of name/value pairs for this object === Returns === A dictionary of name/value pairs currently in use for this object === Errors === No errors """ return self.options def remove_option(self, optionname): """ Remove an option from the object. If the option does not exist, it is ignored. === Returns === No return value. === Errors === No errors """ if self.options.has_key(optionname): del self.options[optionname] class SSSDService(SSSDConfigObject): ''' Object to manipulate SSSD service options ''' def __init__(self, servicename, apischema): """ Create a new SSSDService, setting its defaults to those found in the schema. This constructor should not be used directly. Use SSSDConfig.new_service() instead. name: The service name apischema: An SSSDConfigSchema? object created by SSSDConfig.__init__() === Returns === The newly-created SSSDService object. === Errors === TypeError: The API schema passed in was unusable or the name was not a string. ServiceNotRecognizedError: The service was not listed in the schema """ SSSDConfigObject.__init__(self) if not isinstance(apischema, SSSDConfigSchema) or type(servicename) != str: raise TypeError if not apischema.has_section(servicename): raise ServiceNotRecognizedError(servicename) self.name = servicename self.schema = apischema # Set up the service object with any known defaults self.options = {} # Include a list of hidden options self.hidden_options = [] # Set up default options for all services self.options.update(self.schema.get_defaults('service')) # Set up default options for this service self.options.update(self.schema.get_defaults(self.name)) # For the [sssd] service, force the config file version if servicename == 'sssd': self.options['config_file_version'] = 2 self.hidden_options.append('config_file_version') def list_options_with_mandatory(self): """ List options for the service, including the mandatory flag. === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), whether it is mandatory, the translated option description, and the default value (or 'None') as the value. Example: { 'enumerate' : (bool, None, False, u'Enable enumerating all users/groups', True) } === Errors === No errors """ options = {} # Get the list of available options for all services schema_options = self.schema.get_options('service') options.update(schema_options) schema_options = self.schema.get_options(self.name) options.update(schema_options) return options def list_options(self): """ List all options that apply to this service === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), the translated option description, and the default value (or 'None') as the value. Example: { 'services' : (list, str, u'SSSD Services to start', ['nss', 'pam']) } === Errors === No Errors """ options = self.list_options_with_mandatory() # Filter out the mandatory field to maintain compatibility # with older versions of the API filtered_options = {} for key in options.keys(): filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4]) return filtered_options def list_mandatory_options(self): """ List all mandatory options that apply to this service === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), the translated option description, and the default value (or 'None') as the value. Example: { 'services' : (list, str, u'SSSD Services to start', ['nss', 'pam']) } === Errors === No Errors """ options = self.list_options_with_mandatory() # Filter out the mandatory field to maintain compatibility # with older versions of the API filtered_options = {} for key in options.keys(): if options[key][2]: filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4]) return filtered_options def set_option(self, optionname, value): """ Set a service option to the specified value (or values) optionname: The option to change value: The value to set. This may be a single value or a list of values. If it is set to None, it resets the option to its default. === Returns === No return value === Errors === NoOptionError: The specified option is not listed in the schema TypeError: The value specified was not of the expected type """ if self.schema.has_option(self.name, optionname): option_schema = self.schema.get_option(self.name, optionname) elif self.schema.has_option('service', optionname): option_schema = self.schema.get_option('service', optionname) elif optionname in self.hidden_options: # Set this option and do not add it to the list of changeable values self.options[optionname] = value return else: raise NoOptionError('Section [%s] has no option [%s]' % (self.name, optionname)) if value == None: self.remove_option(optionname) return raise_error = False # If we were expecting a list and didn't get one, # Create a list with a single entry. If it's the # wrong subtype, it will fail below if option_schema[0] == list and type(value) != list: if type(value) == str: value = striplist(value.split(',')) else: value = [value] if type(value) != option_schema[0]: # If it's possible to convert it, do so try: if option_schema[0] == bool and \ type(value) == str: value = self.schema.bool_lookup[value.lower()] else: value = option_schema[0](value) except ValueError: raise_error = True except KeyError: raise_error = True if raise_error: raise TypeError('Expected %s for %s, received %s' % (option_schema[0], optionname, type(value))) if type(value) == list: # Iterate through the list an ensure that all members # are of the appropriate subtype try: newvalue = [] for x in value: if option_schema[1] == bool and \ type(x) == str: newvalue.extend([self.schema.bool_lookup[x.lower()]]) else: newvalue.extend([option_schema[1](x)]) except ValueError: raise_error = True except KeyError: raise_error = True if raise_error: raise TypeError('Expected %s' % option_schema[1]) value = newvalue self.options[optionname] = value class SSSDDomain(SSSDConfigObject): """ Object to manipulate SSSD domain options """ def __init__(self, domainname, apischema): """ Creates a new, empty SSSDDomain. This domain is inactive by default. This constructor should not be used directly. Use SSSDConfig.new_domain() instead. name: The domain name. apischema: An SSSDConfigSchema object created by SSSDConfig.__init__() === Returns === The newly-created SSSDDomain object. === Errors === TypeError: apischema was not an SSSDConfigSchema object or domainname was not a string """ SSSDConfigObject.__init__(self) if not isinstance(apischema, SSSDConfigSchema) or type(domainname) != str: raise TypeError self.name = domainname self.schema = apischema self.active = False self.oldname = None self.providers = [] # Set up the domain object with any known defaults self.options = {} # Set up default options for all domains self.options.update(self.schema.get_defaults('provider')) self.options.update(self.schema.get_defaults('domain')) def set_active(self, active): """ Enable or disable this domain active: Boolean value. If True, this domain will be added to the active domains list when it is saved. If False, it will be removed from the active domains list when it is saved. === Returns === No return value === Errors === No errors """ self.active = bool(active) def list_options_with_mandatory(self): """ List options for the currently-configured providers, including the mandatory flag === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), whether it is mandatory, the translated option description, and the default value (or 'None') as the value. Example: { 'enumerate' : (bool, None, False, u'Enable enumerating all users/groups', True) } === Errors === No errors """ options = {} # Get the list of available options for all domains options.update(self.schema.get_options('provider')) options.update(self.schema.get_options('domain')) # Candidate for future optimization: will update primary type # for each subtype for (provider, providertype) in self.providers: schema_options = self.schema.get_options('provider/%s' % provider) options.update(schema_options) schema_options = self.schema.get_options('provider/%s/%s' % (provider, providertype)) options.update(schema_options) return options def list_options(self): """ List options available for the currently-configured providers. === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), the translated option description, and the default value (or 'None') as the value. Example: { 'enumerate' : (bool, None, u'Enable enumerating all users/groups', True) } === Errors === No errors """ options = self.list_options_with_mandatory() # Filter out the mandatory field to maintain compatibility # with older versions of the API filtered_options = {} for key in options.keys(): filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4]) return filtered_options def list_mandatory_options(self): """ List mandatory options for the currently-configured providers. === Returns === A dictionary of configurable options. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), the translated option description, and the default value (or 'None') as the value. Example: { 'enumerate' : (bool, None, u'Enable enumerating all users/groups', True) } === Errors === No errors """ options = self.list_options_with_mandatory() # Filter out the mandatory field to maintain compatibility # with older versions of the API filtered_options = {} for key in options.keys(): if options[key][2]: filtered_options[key] = (options[key][0], options[key][1], options[key][3], options[key][4]) return filtered_options def list_provider_options(self, provider, provider_type=None): """ If provider_type is specified, list all options applicable to that target, otherwise list all possible options available for a provider. type: Provider backend type. (e.g. local, ldap, krb5, etc.) provider_type: Subtype of the backend type. (e.g. id, auth, access, chpass) === Returns === A dictionary of configurable options for the specified provider type. This dictionary is keyed on the option name with a tuple of the variable type, subtype ('None' if the type is not a collection type), the translated option description, and the default value (or 'None') as the value. === Errors === NoSuchProviderError: The specified provider is not listed in the schema or plugins NoSuchProviderSubtypeError: The specified provider subtype is not listed in the schema """ #TODO section checking options = self.schema.get_options('provider/%s' % provider) if(provider_type): options.update(self.schema.get_options('provider/%s/%s' % (provider, provider_type))) else: # Add options from all provider subtypes known_providers = self.list_providers() for provider_type in known_providers[provider]: options.update(self.list_provider_options(provider, provider_type)) return options def list_providers(self): """ Return a dictionary of providers. === Returns === Returns a dictionary of providers, keyed on the primary type, with the value being a tuple of the subtypes it supports. Example: { 'ldap' : ('id', 'auth', 'chpass') } === Errors === No Errors """ return self.schema.get_providers() def set_option(self, option, value): """ Set a domain option to the specified value (or values) option: The option to change. value: The value to set. This may be a single value or a list of values. If it is set to None, it resets the option to its default. === Returns === No return value. === Errors === NoOptionError: The specified option is not listed in the schema TypeError: The value specified was not of the expected type """ options = self.list_options() if (option not in options.keys()): raise NoOptionError('Section [%s] has no option [%s]' % (self.name, option)) if value == None: self.remove_option(option) return option_schema = options[option] raise_error = False # If we were expecting a list and didn't get one, # Create a list with a single entry. If it's the # wrong subtype, it will fail below if option_schema[0] == list and type(value) != list: if type(value) == str: value = striplist(value.split(',')) else: value = [value] if type(value) != option_schema[0]: # If it's possible to convert it, do so try: if option_schema[0] == bool and \ type(value) == str: value = self.schema.bool_lookup[value.lower()] elif option_schema[0] == int and type(value) == str: # Make sure we handle any reasonable base value = int(value, 0) else: value = option_schema[0](value) except ValueError: raise_error = True except KeyError: raise_error = True if raise_error: raise TypeError('Expected %s for %s, received %s' % (option_schema[0], option, type(value))) if type(value) == list: # Iterate through the list an ensure that all members # are of the appropriate subtype try: newvalue = [] for x in value: if option_schema[1] == bool and \ type(x) == str: newvalue.extend([self.schema.bool_lookup[x.lower()]]) else: newvalue.extend([option_schema[1](x)]) except ValueError: raise_error = True except KeyError: raise_error = True if raise_error: raise TypeError('Expected %s' % option_schema[1]) value = newvalue # Check whether we're adding a provider entry. is_provider = option.rfind('_provider') if (is_provider > 0): provider = option[:is_provider] try: self.add_provider(value, provider) except NoSuchProviderError: raise NoOptionError else: self.options[option] = value def set_name(self, newname): """ Change the name of the domain newname: New name for this domain === Returns === No return value. === Errors === TypeError: newname was not a string """ if type(newname) != str: raise TypeError if not self.oldname: # Only set the oldname once self.oldname = self.name self.name = newname def add_provider(self, provider, provider_type): """ Add a new provider type to the domain type: Provider backend type. (e.g. local, ldap, krb5, etc.) subtype: Subtype of the backend type. (e.g. id, auth, chpass) === Returns === No return value. === Errors === ProviderSubtypeInUse: Another backend is already providing this subtype NoSuchProviderError: The specified provider is not listed in the schema or plugins NoSuchProviderSubtypeError: The specified provider subtype is not listed in the schema """ # Check that provider and provider_type are valid configured_providers = self.list_providers() if provider in configured_providers.keys(): if provider_type not in configured_providers[provider]: raise NoSuchProviderSubtypeError(provider_type) else: raise NoSuchProviderError # Don't add a provider twice with_this_type = [x for x in self.providers if x[1] == provider_type] if len(with_this_type) > 1: # This should never happen! raise ProviderSubtypeInUse if len(with_this_type) == 1: if with_this_type[0][0] != provider: raise ProviderSubtypeInUse(with_this_type[0][0]) else: self.providers.extend([(provider, provider_type)]) option_name = '%s_provider' % provider_type self.options[option_name] = provider # Add defaults for this provider self.options.update(self.schema.get_defaults('provider/%s' % provider)) self.options.update(self.schema.get_defaults('provider/%s/%s' % (provider, provider_type))) def remove_provider(self, provider_type): """ Remove a provider from the domain. If the provider is not present, it is ignored. provider_type: Subtype of the backend type. (e.g. id, auth, chpass) === Returns === No return value. === Errors === No Errors """ provider = None for (provider, ptype) in self.providers: if ptype == provider_type: break provider = None # Check whether the provider_type was found if not provider: return # Remove any unused options when removing the provider. options = self.list_provider_options(provider, provider_type) # Trim any options that are used by other providers, # if that provider is in use for (prov, ptype) in self.providers: # Ignore the one being removed if (prov, ptype) == (provider, provider_type): continue provider_options = self.list_provider_options(prov, ptype) overlap = options_overlap(options.keys(), provider_options.keys()) for opt in overlap: del options[opt] # We should now have a list of options used only by this # provider. So we remove them. for option in options: if self.options.has_key(option): del self.options[option] # Remove this provider from the option list option = '%s_provider' % provider_type if self.options.has_key(option): del self.options[option] self.providers.remove((provider, provider_type)) class SSSDConfig(SSSDChangeConf): """ class SSSDConfig Primary class for operating on SSSD configurations """ def __init__(self, schemafile=None, schemaplugindir=None): """ Initialize the SSSD config parser/editor. This constructor does not open or create a config file. If the schemafile and schemaplugindir are not passed, it will use the system defaults. schemafile: The path to the api schema config file. Usually ${prefix}/share/sssd/sssd.api.conf schemaplugindir: The path the directory containing the provider schema config files. Usually ${prefix}/share/sssd/sssd.api.d === Returns === The newly-created SSSDConfig object. === Errors === IOError: Exception raised when the schema file could not be opened for reading. ParsingError: The main schema file or one of those in the plugin directory could not be parsed. """ SSSDChangeConf.__init__(self) self.schema = SSSDConfigSchema(schemafile, schemaplugindir) self.configfile = None self.initialized = False self.API_VERSION = 2 def import_config(self,configfile=None): """ Read in a config file, populating all of the service and domain objects with the read values. configfile: The path to the SSSD config file. If not specified, use the system default, usually ${prefix}/etc/sssd.conf === Returns === No return value === Errors === IOError: Exception raised when the file could not be opened for reading ParsingError: Exception raised when errors occur attempting to parse a file. AlreadyInitializedError: This SSSDConfig object was already initialized by a call to import_config() or new_config() """ if self.initialized: raise AlreadyInitializedError if not configfile: #TODO: get this from a global setting configfile = '${prefix}/etc/sssd/sssd.conf' # open will raise an IOError if it fails fd = open(configfile, 'r') try: self.readfp(fd) except: raise ParsingError fd.close() self.configfile = configfile self.initialized = True try: if int(self.get('sssd', 'config_file_version')) != self.API_VERSION: raise ParsingError("Wrong config_file_version") except: # Either the 'sssd' section or the 'config_file_version' was not # present in the config file raise ParsingError("File contains no config_file_version") def new_config(self): """ Initialize the SSSDConfig object with the defaults from the schema. === Returns === No return value === Errors === AlreadyInitializedError: This SSSDConfig object was already initialized by a call to import_config() or new_config() """ if self.initialized: raise AlreadyInitializedError self.initialized = True #Initialize all services for servicename in self.schema.get_services(): service = self.new_service(servicename) def write(self, outputfile=None): """ Write out the configuration to a file. outputfile: The path to write the new config file. If it is not specified, it will use the path specified by the import() call. === Returns === No return value === Errors === IOError: Exception raised when the file could not be opened for writing NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoOutputFileError: No outputfile was specified and this SSSDConfig object was not initialized by import() """ if not self.initialized: raise NotInitializedError if outputfile == None: if(self.configfile == None): raise NoOutputFileError outputfile = self.configfile # open() will raise IOError if it fails old_umask = os.umask(0177) of = open(outputfile, "wb") output = self.dump(self.opts) of.write(output) of.close() os.umask(old_umask) def list_active_services(self): """ Return a list of all active services. === Returns === The list of active services. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if (self.has_option('sssd', 'services')): active_services = striplist(self.get('sssd', 'services').split(',')) service_dict = dict.fromkeys(active_services) if service_dict.has_key(''): del service_dict[''] # Remove any entries in this list that don't # correspond to an active service, for integrity configured_services = self.list_services() for srv in service_dict.keys(): if srv not in configured_services: del service_dict[srv] active_services = service_dict.keys() else: active_services = [] return active_services def list_inactive_services(self): """ Return a list of all disabled services. === Returns === The list of inactive services. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if (self.has_option('sssd', 'services')): active_services = striplist(self.get('sssd', 'services').split(',')) else: active_services = [] services = [x for x in self.list_services() if x not in active_services] return services def list_services(self): """ Retrieve a list of known services. === Returns === The list of known services. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError service_list = [x['name'] for x in self.sections() if not x['name'].startswith('domain') ] return service_list def get_service(self, name): """ Get an SSSDService object to edit a service. name: The name of the service to return. === Returns === An SSSDService instance containing the current state of a service in the SSSDConfig === Errors === NoServiceError: There is no such service with the specified name in the SSSDConfig. NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if not self.has_section(name): raise NoServiceError service = SSSDService(name, self.schema) for opt in self.strip_comments_empty(self.options(name)): try: service.set_option(opt['name'], opt['value']) except NoOptionError: # If we come across an option that we don't recognize, # we should just ignore it and continue pass return service def new_service(self, name): """ Create a new service from the defaults and return the SSSDService object for it. This function will also add this service to the list of active services in the [SSSD] section. name: The name of the service to create and return. === Returns === The newly-created SSSDService object === Errors === ServiceNotRecognizedError: There is no such service in the schema. ServiceAlreadyExistsError: The service being created already exists in the SSSDConfig object. NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if (self.has_section(name)): raise ServiceAlreadyExists(name) service = SSSDService(name, self.schema) self.save_service(service) return service def activate_service(self, name): """ Activate a service name: The name of the service to activate === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoServiceError: There is no such service with the specified name in the SSSDConfig. """ if not self.initialized: raise NotInitializedError if name not in self.list_services(): raise NoServiceError item = self.get_option_index('sssd', 'services')[1] if not item: self.set('sssd','services', name) return # Turn the items into a set of dictionary keys # This guarantees uniqueness and makes it easy # to add a new value service_dict = dict.fromkeys(striplist(item['value'].split(','))) if service_dict.has_key(''): del service_dict[''] # Add a new key for the service being activated service_dict[name] = None # Write out the joined keys self.set('sssd','services', ", ".join(service_dict.keys())) def deactivate_service(self, name): """ Deactivate a service name: The name of the service to deactivate === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoServiceError: There is no such service with the specified name in the SSSDConfig. """ if not self.initialized: raise NotInitializedError if name not in self.list_services(): raise NoServiceError item = self.get_option_index('sssd', 'services')[1] if not item: self.set('sssd','services', '') return # Turn the items into a set of dictionary keys # This guarantees uniqueness and makes it easy # to remove the one unwanted value. service_dict = dict.fromkeys(striplist(item['value'].split(','))) if service_dict.has_key(''): del service_dict[''] # Remove the unwanted service from the lest if service_dict.has_key(name): del service_dict[name] # Write out the joined keys self.set('sssd','services', ", ".join(service_dict.keys())) def delete_service(self, name): """ Remove a service from the SSSDConfig object. This function will also remove this service from the list of active services in the [SSSD] section. Has no effect if the service does not exist. === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError self.delete_option('section', name) def save_service(self, service): """ Save the changes made to the service object back to the SSSDConfig object. service_object: The SSSDService object to save to the configuration. === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. TypeError: service_object was not of the type SSSDService """ if not self.initialized: raise NotInitializedError if not isinstance(service, SSSDService): raise TypeError name = service.get_name() # Ensure that the existing section is removed # This way we ensure that we are getting a # complete copy of the service. # delete_option() is a noop if the section # does not exist. index = self.delete_option('section', name) addkw = [] for option,value in service.get_all_options().items(): if (type(value) == list): value = ', '.join(value) addkw.append( { 'type' : 'option', 'name' : option, 'value' : str(value) } ) self.add_section(name, addkw, index) def list_active_domains(self): """ Return a list of all active domains. === Returns === The list of configured, active domains. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if (self.has_option('sssd', 'domains')): active_domains = striplist(self.get('sssd', 'domains').split(',')) domain_dict = dict.fromkeys(active_domains) if domain_dict.has_key(''): del domain_dict[''] # Remove any entries in this list that don't # correspond to an active domain, for integrity configured_domains = self.list_domains() for dom in domain_dict.keys(): if dom not in configured_domains: del domain_dict[dom] active_domains = domain_dict.keys() else: active_domains = [] return active_domains def list_inactive_domains(self): """ Return a list of all configured, but disabled domains. === Returns === The list of configured, inactive domains. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if (self.has_option('sssd', 'domains')): active_domains = striplist(self.get('sssd', 'domains').split(',')) else: active_domains = [] domains = [x for x in self.list_domains() if x not in active_domains] return domains def list_domains(self): """ Return a list of all configured domains, including inactive domains. === Returns === The list of configured domains, both active and inactive. === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError domains = [x['name'][7:] for x in self.sections() if x['name'].startswith('domain/')] return domains def get_domain(self, name): """ Get an SSSDDomain object to edit a domain. name: The name of the domain to return. === Returns === An SSSDDomain instance containing the current state of a domain in the SSSDConfig === Errors === NoDomainError: There is no such domain with the specified name in the SSSDConfig. NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if not self.has_section('domain/%s' % name): raise NoDomainError(name) domain = SSSDDomain(name, self.schema) # Read in the providers first or we may have type # errors trying to read in their options providers = [ (x['name'],x['value']) for x in self.strip_comments_empty(self.options('domain/%s' % name)) if x['name'].rfind('_provider') > 0] for (option, value) in providers: try: domain.set_option(option, value) except NoOptionError: # If we come across an option that we don't recognize, # we should just ignore it and continue pass # Read in all the options from the configuration for opt in self.strip_comments_empty(self.options('domain/%s' % name)): if (opt['name'], opt['value']) not in providers: try: domain.set_option(opt['name'], opt['value']) except NoOptionError: # If we come across an option that we don't recognize, # we should just ignore it and continue pass # Determine if this domain is currently active domain.active = self.is_domain_active(name) return domain def new_domain(self, name): """ Create a new, empty domain and return the SSSDDomain object for it. name: The name of the domain to create and return. === Returns === The newly-created SSSDDomain object === Errors === DomainAlreadyExistsError: The service being created already exists in the SSSDConfig object. NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError if self.has_section('domain/%s' % name): raise DomainAlreadyExistsError domain = SSSDDomain(name, self.schema) self.save_domain(domain) return domain def is_domain_active(self, name): """ Is a particular domain set active name: The name of the configured domain to check === Returns === True if the domain is active, False if it is inactive === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoDomainError: No domain by this name is configured """ if not self.initialized: raise NotInitializedError if name not in self.list_domains(): raise NoDomainError return name in self.list_active_domains() def activate_domain(self, name): """ Activate a configured domain name: The name of the configured domain to activate === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoDomainError: No domain by this name is configured """ if not self.initialized: raise NotInitializedError if name not in self.list_domains(): raise NoDomainError item = self.get_option_index('sssd', 'domains')[1] if not item: self.set('sssd','domains', name) return # Turn the items into a set of dictionary keys # This guarantees uniqueness and makes it easy # to add a new value domain_dict = dict.fromkeys(striplist(item['value'].split(','))) if domain_dict.has_key(''): del domain_dict[''] # Add a new key for the domain being activated domain_dict[name] = None # Write out the joined keys self.set('sssd','domains', ", ".join(domain_dict.keys())) def deactivate_domain(self, name): """ Deactivate a configured domain name: The name of the configured domain to deactivate === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. NoDomainError: No domain by this name is configured """ if not self.initialized: raise NotInitializedError if name not in self.list_domains(): raise NoDomainError item = self.get_option_index('sssd', 'domains')[1] if not item: self.set('sssd','domains', '') return # Turn the items into a set of dictionary keys # This guarantees uniqueness and makes it easy # to remove the one unwanted value. domain_dict = dict.fromkeys(striplist(item['value'].split(','))) if domain_dict.has_key(''): del domain_dict[''] # Remove the unwanted domain from the lest if domain_dict.has_key(name): del domain_dict[name] # Write out the joined keys self.set('sssd','domains', ", ".join(domain_dict.keys())) def delete_domain(self, name): """ Remove a domain from the SSSDConfig object. This function will also remove this domain from the list of active domains in the [SSSD] section, if it is there. === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. """ if not self.initialized: raise NotInitializedError # Remove the domain from the active domains list if applicable self.deactivate_domain(name) self.delete_option('section', 'domain/%s' % name) def save_domain(self, domain): """ Save the changes made to the domain object back to the SSSDConfig object. If this domain is marked active, ensure it is present in the active domain list in the [SSSD] section domain_object: The SSSDDomain object to save to the configuration. === Returns === No return value === Errors === NotInitializedError: This SSSDConfig object has not had import_config() or new_config() run on it yet. TypeError: domain_object was not of type SSSDDomain """ if not self.initialized: raise NotInitializedError if not isinstance(domain, SSSDDomain): raise TypeError name = domain.get_name() oldindex = None if domain.oldname and domain.oldname != name: # We are renaming this domain # Remove the old section self.deactivate_domain(domain.oldname) oldindex = self.delete_option('section', 'domain/%s' % domain.oldname) # Reset the oldname, in case we're not done with # this domain object. domain.oldname = None; sectionname = 'domain/%s' % name (no, section_subtree) = self.findOpts(self.opts, 'section', sectionname) if name not in self.list_domains(): self.add_section(sectionname, []); for option in self.options(sectionname): if option['type'] == 'option': if option['name'] not in domain.get_all_options(): self.delete_option_subtree(section_subtree['value'], 'option', option['name'], True) for option,value in domain.get_all_options().items(): if (type(value) == list): value = ', '.join(value) self.set(sectionname, option, str(value)) if domain.active: self.activate_domain(name) else: self.deactivate_domain(name) �����������������������������������������sssd-1.11.5/src/config/SSSDConfig/PaxHeaders.13173/sssd_upgrade_config.py���������������������������0000644�0000000�0000000�00000000074�12320753107�024073� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.252891441 30 ctime=1396954961.375875157 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/SSSDConfig/sssd_upgrade_config.py��������������������������������������������0000664�0024127�0024127�00000044347�12320753107�024331� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#coding=utf-8 # SSSD # # upgrade_config.py # # Copyright (C) Jakub Hrozek <jhrozek@redhat.com> 2009 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import os import sys import shutil import traceback from optparse import OptionParser from ipachangeconf import openLocked from ipachangeconf import SSSDChangeConf class SSSDConfigFile(SSSDChangeConf): def __init__(self, filename): SSSDChangeConf.__init__(self) self.filename = filename f = openLocked(self.filename, 0600, False) self.opts = self.parse(f) f.close() def _backup_file(self, file_name): " Copy the file we operate on to a backup location " shutil.copy(file_name, file_name + self.backup_suffix) # make sure we don't leak data, force permissions on the backup os.chmod(file_name + self.backup_suffix, 0600) def get_version(self): ver = self.get_option_index('sssd', 'config_file_version')[1] if not ver: return 1 try: return int(ver['value']) except ValueError: raise SyntaxError, 'config_file_version not an integer' def rename_opts(self, parent_name, rename_kw, type='option'): for new_name, old_name in rename_kw.items(): index, item = self.get_option_index(parent_name, old_name, type) if item: item['name'] = new_name def _add_dns_domain_name(self, domain): id_provider = self.findOpts(domain['value'], 'option', 'id_provider')[1] dns_domain_name = { 'type' : 'option', 'name' : 'dns_discovery_domain', 'value' : domain['name'].lstrip('domain/') } if id_provider['value'] == 'ldap': server = self.findOpts(domain['value'], 'option', 'ldap_uri')[1] if not server or "__srv__" in server['value']: domain['value'].insert(0, dns_domain_name) return elif id_provider['value'] == 'ipa': server = self.findOpts(domain['value'], 'option', 'ipa_server')[1] if not server or "__srv__" in server['value']: domain['value'].insert(0, dns_domain_name) return auth_provider = self.findOpts(domain['value'], 'option', 'auth_provider')[1] if auth_provider and auth_provider['value'] == 'krb5': server = self.findOpts(domain['value'], 'option', 'krb5_server')[1] if not server or "__srv__" in server['value']: domain['value'].insert(0, dns_domain_name) def _do_v2_changes(self): # remove Data Provider srvlist = self.get_option_index('sssd', 'services')[1] if srvlist: services = [ srv.strip() for srv in srvlist['value'].split(',') ] if 'dp' in services: services.remove('dp') srvlist['value'] = ", ".join([srv for srv in services]) self.delete_option('section', 'dp') for domain in [ s for s in self.sections() if s['name'].startswith("domain/") ]: # remove magic_private_groups from all domains self.delete_option_subtree(domain['value'], 'option', 'magic_private_groups') # check if we need to add dns_domain self._add_dns_domain_name(domain) def _update_option(self, to_section_name, from_section_name, opts): to_section = [ s for s in self.sections() if s['name'].strip() == to_section_name ] from_section = [ s for s in self.sections() if s['name'].strip() == from_section_name ] if len(to_section) > 0 and len(from_section) > 0: vals = to_section[0]['value'] for o in [one_opt for one_opt in from_section[0]['value'] if one_opt['name'] in opts]: updated = False for v in vals: if v['type'] == 'empty': continue # if already in list, just update if o['name'] == v['name']: o['value'] = v['value'] updated = True # not in list, add there if not updated: vals.insert(0, { 'name' : o['name'], 'type' : o['type'], 'value' : o['value'] }) def _migrate_enumerate(self, domain): " Enumerate was special as it turned into bool from (0,1,2,3) enum " enum = self.findOpts(domain, 'option', 'enumerate')[1] if enum: if enum['value'].upper() not in ['TRUE', 'FALSE']: try: enum['value'] = int(enum['value']) except ValueError: raise ValueError('Cannot convert value %s in domain %s' % (enum['value'], domain['name'])) if enum['value'] == 0: enum['value'] = 'FALSE' elif enum['value'] > 0: enum['value'] = 'TRUE' else: raise ValueError('Cannot convert value %s in domain %s' % (enum['value'], domain['name'])) def _migrate_domain(self, domain): # rename the section domain['name'] = domain['name'].strip().replace('domains', 'domain') # Generic options - new:old generic_kw = { 'min_id' : 'minId', 'max_id': 'maxId', 'timeout': 'timeout', 'magic_private_groups' : 'magicPrivateGroups', 'cache_credentials' : 'cache-credentials', 'id_provider' : 'provider', 'auth_provider' : 'auth-module', 'access_provider' : 'access-module', 'chpass_provider' : 'chpass-module', 'use_fully_qualified_names' : 'useFullyQualifiedNames', 'store_legacy_passwords' : 'store-legacy-passwords', } # Proxy options proxy_kw = { 'proxy_pam_target' : 'pam-target', 'proxy_lib_name' : 'libName', } # LDAP options - new:old ldap_kw = { 'ldap_uri' : 'ldapUri', 'ldap_schema' : 'ldapSchema', 'ldap_default_bind_dn' : 'defaultBindDn', 'ldap_default_authtok_type' : 'defaultAuthtokType', 'ldap_default_authtok' : 'defaultAuthtok', 'ldap_user_search_base' : 'userSearchBase', 'ldap_user_search_scope' : 'userSearchScope', 'ldap_user_search_filter' : 'userSearchFilter', 'ldap_user_object_class' : 'userObjectClass', 'ldap_user_name' : 'userName', 'ldap_user_pwd' : 'userPassword', 'ldap_user_uid_number' : 'userUidNumber', 'ldap_user_gid_number' : 'userGidNumber', 'ldap_user_gecos' : 'userGecos', 'ldap_user_home_directory' : 'userHomeDirectory', 'ldap_user_shell' : 'userShell', 'ldap_user_uuid' : 'userUUID', 'ldap_user_principal' : 'userPrincipal', 'ldap_force_upper_case_realm' : 'force_upper_case_realm', 'ldap_user_fullname' : 'userFullname', 'ldap_user_member_of' : 'userMemberOf', 'ldap_user_modify_timestamp' : 'modifyTimestamp', 'ldap_group_search_base' : 'groupSearchBase', 'ldap_group_search_scope' : 'groupSearchScope', 'ldap_group_search_filter' : 'groupSearchFilter', 'ldap_group_object_class' : 'groupObjectClass', 'ldap_group_name' : 'groupName', 'ldap_group_pwd' : 'userPassword', 'ldap_group_gid_number' : 'groupGidNumber', 'ldap_group_member' : 'groupMember', 'ldap_group_uuid' : 'groupUUID', 'ldap_group_modify_timestamp' : 'modifyTimestamp', 'ldap_network_timeout' : 'network_timeout', 'ldap_offline_timeout' : 'offline_timeout', 'ldap_enumeration_refresh_timeout' : 'enumeration_refresh_timeout', 'ldap_stale_time' : 'stale_time', 'ldap_opt_timeout' : 'opt_timeout', 'ldap_tls_reqcert' : 'tls_reqcert', 'ldap_netgroup_search_base' : 'netgroupSearchBase', 'ldap_netgroup_object_class' : 'netgroupObjectClass', 'ldap_netgroup_name' : 'netgroupName', 'ldap_netgroup_member' : 'netgroupMember', 'ldap_netgroup_triple' : 'netgroupTriple', 'ldap_netgroup_uuid' : 'netgroupUUID', 'ldap_netgroup_modify_timestamp' : 'netgroupModifyTimestamp', } krb5_kw = { 'krb5_server' : 'krb5KDCIP', 'krb5_realm' : 'krb5REALM', 'krb5_try_simple_upn' : 'krb5try_simple_upn', 'krb5_changepw_principal' : 'krb5changepw_principle', 'krb5_ccachedir' : 'krb5ccache_dir', 'krb5_auth_timeout' : 'krb5auth_timeout', 'krb5_ccname_template' : 'krb5ccname_template', } user_defaults_kw = { 'default_shell' : 'defaultShell', 'base_directory' : 'baseDirectory', } self._migrate_enumerate(domain['value']) self.rename_opts(domain['name'], generic_kw) self.rename_opts(domain['name'], proxy_kw) self.rename_opts(domain['name'], ldap_kw) self.rename_opts(domain['name'], krb5_kw) # remove obsolete libPath option self.delete_option_subtree(domain['value'], 'option', 'libPath') # configuration files before 0.5.0 did not enforce provider= in local domains # it did special-case by domain name (LOCAL) prvindex, prv = self.findOpts(domain['value'], 'option', 'id_provider') if not prv and domain['name'] == 'domain/LOCAL': prv = { 'type' : 'option', 'name' : 'id_provider', 'value' : 'local', } domain['value'].insert(0, prv) # if domain was local, update with parameters from [user_defaults] if prv['value'] == 'local': self._update_option(domain['name'], 'user_defaults', user_defaults_kw.values()) self.delete_option('section', 'user_defaults') self.rename_opts(domain['name'], user_defaults_kw) # if domain had provider = files, unroll that into provider=proxy, proxy_lib_name=files if prv['value'] == 'files': prv['value'] = 'proxy' libkw = { 'type' : 'option', 'name' : 'proxy_lib_name', 'value' : 'files', } domain['value'].insert(prvindex+1, libkw) def _migrate_domains(self): for domain in [ s for s in self.sections() if s['name'].startswith("domains/") ]: self._migrate_domain(domain) def _update_if_exists(self, opt, to_name, from_section, from_name): index, item = self.get_option_index(from_section, from_name) if item: item['name'] = to_name opt.append(item) def _migrate_services(self): # [service] - options common to all services, no section as in v1 service_kw = { 'reconnection_retries' : 'reconnection_retries', 'debug_level' : 'debug-level', 'debug_timestamps' : 'debug-timestamps', 'command' : 'command', 'timeout' : 'timeout', } # rename services sections names_kw = { 'nss' : 'services/nss', 'pam' : 'services/pam', 'dp' : 'services/dp', } self.rename_opts(None, names_kw, 'section') # [sssd] - monitor service sssd_kw = [ { 'type' : 'option', 'name' : 'config_file_version', 'value' : '2', 'action': 'set', } ] self._update_if_exists(sssd_kw, 'domains', 'domains', 'domains') self._update_if_exists(sssd_kw, 'services', 'services', 'activeServices') self._update_if_exists(sssd_kw, 'sbus_timeout', 'services/monitor', 'sbusTimeout') self._update_if_exists(sssd_kw, 're_expression', 'names', 're-expression') self._update_if_exists(sssd_kw, 're_expression', 'names', 'full-name-format') self.add_section('sssd', sssd_kw) # update from general services section and monitor self._update_option('sssd', 'services', service_kw.values()) self._update_option('sssd', 'services/monitor', service_kw.values()) # [nss] - Name service nss_kw = { 'enum_cache_timeout' : 'EnumCacheTimeout', 'entry_cache_timeout' : 'EntryCacheTimeout', 'entry_cache_nowait_timeout' : 'EntryCacheNoWaitRefreshTimeout', 'entry_negative_timeout ' : 'EntryNegativeTimeout', 'filter_users' : 'filterUsers', 'filter_groups' : 'filterGroups', 'filter_users_in_groups' : 'filterUsersInGroups', } nss_kw.update(service_kw) self._update_option('nss', 'services', service_kw.values()) self.rename_opts('nss', nss_kw) # [pam] - Authentication service pam_kw = {} pam_kw.update(service_kw) self._update_option('pam', 'services', service_kw.values()) self.rename_opts('pam', pam_kw) # remove obsolete sections self.delete_option('section', 'services') self.delete_option('section', 'names') self.delete_option('section', 'domains') self.delete_option('section', 'services/monitor') def v2_changes(self, out_file_name, backup=True): # read in the old file, make backup if needed if backup: self._backup_file(self.filename) self._do_v2_changes() # all done, write the file of = open(out_file_name, "wb") output = self.dump(self.opts) of.write(output) of.close() # make sure it has the right permissions too os.chmod(out_file_name, 0600) def upgrade_v2(self, out_file_name, backup=True): # read in the old file, make backup if needed if backup: self._backup_file(self.filename) # do the migration to v2 format # do the upgrade self._migrate_services() self._migrate_domains() # also include any changes in the v2 format self._do_v2_changes() # all done, write the file of = open(out_file_name, "wb") output = self.dump(self.opts) of.write(output) of.close() # make sure it has the right permissions too os.chmod(out_file_name, 0600) def parse_options(): parser = OptionParser() parser.add_option("-f", "--file", dest="filename", default="/etc/sssd/sssd.conf", help="Set input file to FILE", metavar="FILE") parser.add_option("-o", "--outfile", dest="outfile", default=None, help="Set output file to OUTFILE", metavar="OUTFILE") parser.add_option("", "--no-backup", action="store_false", dest="backup", default=True, help="""Do not provide backup file after conversion. The script copies the original file with the suffix .bak by default""") parser.add_option("-v", "--verbose", action="store_true", dest="verbose", default=False, help="Be verbose") (options, args) = parser.parse_args() if len(args) > 0: print >>sys.stderr, "Stray arguments: %s" % ' '.join([a for a in args]) return None # do the conversion in place by default if not options.outfile: options.outfile = options.filename return options def verbose(msg, verbose): if verbose: print msg def main(): options = parse_options() if not options: print >>sys.stderr, "Cannot parse options" return 1 try: config = SSSDConfigFile(options.filename) except SyntaxError: verbose(traceback.format_exc(), options.verbose) print >>sys.stderr, "Cannot parse config file %s" % options.filename return 1 except Exception, e: print "ERROR: %s" % e verbose(traceback.format_exc(), options.verbose) return 1 # make sure we keep strict settings when creating new files os.umask(0077) version = config.get_version() if version == 2: verbose("Looks like v2, only checking changes", options.verbose) try: config.v2_changes(options.outfile, options.backup) except Exception, e: print "ERROR: %s" % e verbose(traceback.format_exc(), options.verbose) return 1 elif version == 1: verbose("Looks like v1, performing full upgrade", options.verbose) try: config.upgrade_v2(options.outfile, options.backup) except Exception, e: print "ERROR: %s" % e verbose(traceback.format_exc(), options.verbose) return 1 else: print >>sys.stderr, "Can only upgrade from v1 to v2, file %s looks like version %d" % (options.filename, config.get_version()) return 1 return 0 if __name__ == "__main__": ret = main() sys.exit(ret) �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/SSSDConfig/PaxHeaders.13173/ipachangeconf.py���������������������������������0000644�0000000�0000000�00000000074�12320753107�022650� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.252891441 30 ctime=1396954961.373875158 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/SSSDConfig/ipachangeconf.py��������������������������������������������������0000664�0024127�0024127�00000045366�12320753107�023110� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# # ipachangeconf - configuration file manipulation classes and functions # partially based on authconfig code # Copyright (c) 1999-2007 Red Hat, Inc. # Author: Simo Sorce <ssorce@redhat.com> # # This is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; version 2 only # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # import fcntl import os import string import time import shutil import re def openLocked(filename, perms, create = True): fd = -1 flags = os.O_RDWR if create: flags = flags | os.O_CREAT try: fd = os.open(filename, flags, perms) fcntl.lockf(fd, fcntl.LOCK_EX) except OSError, (errno, strerr): if fd != -1: try: os.close(fd) except OSError: pass raise IOError(errno, strerr) return os.fdopen(fd, "r+") #TODO: add subsection as a concept # (ex. REALM.NAME = { foo = x bar = y } ) #TODO: put section delimiters as separating element of the list # so that we can process multiple sections in one go #TODO: add a comment all but provided options as a section option class IPAChangeConf: def __init__(self, name): self.progname = name self.indent = ("","","") self.assign = (" = ","=") self.dassign = self.assign[0] self.comment = ("#",) self.dcomment = self.comment[0] self.eol = ("\n",) self.deol = self.eol[0] self.sectnamdel = ("[","]") self.subsectdel = ("{","}") self.backup_suffix = ".ipabkp" def setProgName(self, name): self.progname = name def setIndent(self, indent): if type(indent) is tuple: self.indent = indent elif type(indent) is str: self.indent = (indent, ) else: raise ValueError, 'Indent must be a list of strings' def setOptionAssignment(self, assign): if type(assign) is tuple: self.assign = assign else: self.assign = (assign, ) self.dassign = self.assign[0] def setCommentPrefix(self, comment): if type(comment) is tuple: self.comment = comment else: self.comment = (comment, ) self.dcomment = self.comment[0] def setEndLine(self, eol): if type(eol) is tuple: self.eol = eol else: self.eol = (eol, ) self.deol = self.eol[0] def setSectionNameDelimiters(self, delims): self.sectnamdel = delims def setSubSectionDelimiters(self, delims): self.subsectdel = delims def matchComment(self, line): for v in self.comment: if line.lstrip().startswith(v): return line.lstrip()[len(v):] return False def matchEmpty(self, line): if line.strip() == "": return True return False def matchSection(self, line): cl = "".join(line.strip().split()) if len(self.sectnamdel) != 2: return False if not cl.startswith(self.sectnamdel[0]): return False if not cl.endswith(self.sectnamdel[1]): return False return cl[len(self.sectnamdel[0]):-len(self.sectnamdel[1])] def matchSubSection(self, line): if self.matchComment(line): return False parts = line.split(self.dassign, 1) if len(parts) < 2: return False if parts[1].strip() == self.subsectdel[0]: return parts[0].strip() return False def matchSubSectionEnd(self, line): if self.matchComment(line): return False if line.strip() == self.subsectdel[1]: return True return False def getSectionLine(self, section): if len(self.sectnamdel) != 2: return section return self.sectnamdel[0]+section+self.sectnamdel[1]+self.deol def dump(self, options, level=0): output = "" if level >= len(self.indent): level = len(self.indent)-1 for o in options: if o['type'] == "section": output += self.sectnamdel[0]+o['name']+self.sectnamdel[1]+self.deol output += self.dump(o['value'], level+1) continue if o['type'] == "subsection": output += self.indent[level]+o['name']+self.dassign+self.subsectdel[0]+self.deol output += self.dump(o['value'], level+1) output += self.indent[level]+self.subsectdel[1]+self.deol continue if o['type'] == "option": output += self.indent[level]+o['name']+self.dassign+o['value']+self.deol continue if o['type'] == "comment": output += self.dcomment+o['value']+self.deol continue if o['type'] == "empty": output += self.deol continue raise SyntaxError, 'Unknown type: ['+o['type']+']' return output def parseLine(self, line): if self.matchEmpty(line): return {'name':'empty', 'type':'empty'} value = self.matchComment(line) if value: return {'name':'comment', 'type':'comment', 'value':value.rstrip()} parts = line.split(self.dassign, 1) if len(parts) < 2: raise SyntaxError, 'Syntax Error: Unknown line format' return {'name':parts[0].strip(), 'type':'option', 'value':parts[1].rstrip()} def findOpts(self, opts, type, name, exclude_sections=False): num = 0 for o in opts: if o['type'] == type and o['name'] == name: return (num, o) if exclude_sections and (o['type'] == "section" or o['type'] == "subsection"): return (num, None) num += 1 return (num, None) def commentOpts(self, inopts, level = 0): opts = [] if level >= len(self.indent): level = len(self.indent)-1 for o in inopts: if o['type'] == 'section': no = self.commentOpts(o['value'], level+1) val = self.dcomment+self.sectnamdel[0]+o['name']+self.sectnamdel[1] opts.append({'name':'comment', 'type':'comment', 'value':val}) for n in no: opts.append(n) continue if o['type'] == 'subsection': no = self.commentOpts(o['value'], level+1) val = self.indent[level]+o['name']+self.dassign+self.subsectdel[0] opts.append({'name':'comment', 'type':'comment', 'value':val}) for n in no: opts.append(n) val = self.indent[level]+self.subsectdel[1] opts.append({'name':'comment', 'type':'comment', 'value':val}) continue if o['type'] == 'option': val = self.indent[level]+o['name']+self.dassign+o['value'] opts.append({'name':'comment', 'type':'comment', 'value':val}) continue if o['type'] == 'comment': opts.append(o) continue if o['type'] == 'empty': opts.append({'name':'comment', 'type':'comment', 'value':''}) continue raise SyntaxError, 'Unknown type: ['+o['type']+']' return opts def mergeOld(self, oldopts, newopts): opts = [] for o in oldopts: if o['type'] == "section" or o['type'] == "subsection": (num, no) = self.findOpts(newopts, o['type'], o['name']) if not no: opts.append(o) continue if no['action'] == "set": mo = self.mergeOld(o['value'], no['value']) opts.append({'name':o['name'], 'type':o['type'], 'value':mo}) continue if no['action'] == "comment": co = self.commentOpts(o['value']) for c in co: opts.append(c) continue if no['action'] == "remove": continue raise SyntaxError, 'Unknown action: ['+no['action']+']' if o['type'] == "comment" or o['type'] == "empty": opts.append(o) continue if o['type'] == "option": (num, no) = self.findOpts(newopts, 'option', o['name'], True) if not no: opts.append(o) continue if no['action'] == 'comment' or no['action'] == 'remove': if no['value'] != None and o['value'] != no['value']: opts.append(o) continue if no['action'] == 'comment': opts.append({'name':'comment', 'type':'comment', 'value':self.dcomment+o['name']+self.dassign+o['value']}) continue if no['action'] == 'set': opts.append(no) continue raise SyntaxError, 'Unknown action: ['+o['action']+']' raise SyntaxError, 'Unknown type: ['+o['type']+']' return opts def mergeNew(self, opts, newopts): cline = 0 for no in newopts: if no['type'] == "section" or no['type'] == "subsection": (num, o) = self.findOpts(opts, no['type'], no['name']) if not o: if no['action'] == 'set': opts.append(no) continue if no['action'] == "set": self.mergeNew(o['value'], no['value']) continue cline = num+1 continue if no['type'] == "option": (num, o) = self.findOpts(opts, no['type'], no['name'], True) if not o: if no['action'] == 'set': opts.append(no) continue cline = num+1 continue if no['type'] == "comment" or no['type'] == "empty": opts.insert(cline, no) cline += 1 continue raise SyntaxError, 'Unknown type: ['+no['type']+']' def merge(self, oldopts, newopts): #Use a two pass strategy #First we create a new opts tree from oldopts removing/commenting # the options as indicated by the contents of newopts #Second we fill in the new opts tree with options as indicated # in the newopts tree (this is becaus eentire (sub)sections may # exist in the newopts that do not exist in oldopts) opts = self.mergeOld(oldopts, newopts) self.mergeNew(opts, newopts) return opts #TODO: Make parse() recursive? def parse(self, f): opts = [] sectopts = [] section = None subsectopts = [] subsection = None curopts = opts fatheropts = opts # Read in the old file. for line in f: # It's a section start. value = self.matchSection(line) if value: if section is not None: opts.append({'name':section, 'type':'section', 'value':sectopts}) sectopts = [] curopts = sectopts fatheropts = sectopts section = value continue # It's a subsection start. value = self.matchSubSection(line) if value: if subsection is not None: raise SyntaxError, 'nested subsections are not supported yet' subsectopts = [] curopts = subsectopts subsection = value continue value = self.matchSubSectionEnd(line) if value: if subsection is None: raise SyntaxError, 'Unmatched end subsection terminator found' fatheropts.append({'name':subsection, 'type':'subsection', 'value':subsectopts}) subsection = None curopts = fatheropts continue # Copy anything else as is. curopts.append(self.parseLine(line)) #Add last section if any if len(sectopts) is not 0: opts.append({'name':section, 'type':'section', 'value':sectopts}) return opts # Write settings to configuration file # file is a path # options is a set of dictionaries in the form: # [{'name': 'foo', 'value': 'bar', 'action': 'set/comment'}] # section is a section name like 'global' def changeConf(self, file, newopts): autosection = False savedsection = None done = False output = "" f = None try: #Do not catch an unexisting file error, we want to fail in that case shutil.copy2(file, file+self.backup_suffix) f = openLocked(file, 0644) oldopts = self.parse(f) options = self.merge(oldopts, newopts) output = self.dump(options) # Write it out and close it. f.seek(0) f.truncate(0) f.write(output) finally: try: if f: f.close() except IOError: pass return True # Write settings to new file, backup old # file is a path # options is a set of dictionaries in the form: # [{'name': 'foo', 'value': 'bar', 'action': 'set/comment'}] # section is a section name like 'global' def newConf(self, file, options): autosection = False savedsection = None done = False output = "" f = None try: try: shutil.copy2(file, file+self.backup_suffix) except IOError, err: if err.errno == 2: # The orign file did not exist pass f = openLocked(file, 0644) # Trunkate f.seek(0) f.truncate(0) output = self.dump(options) f.write(output) finally: try: if f: f.close() except IOError: pass return True # A SSSD-specific subclass of IPAChangeConf class SSSDChangeConf(IPAChangeConf): OPTCRE = re.compile( r'(?P<option>[^:=\s][^:=]*)' # very permissive! r'\s*=\s*' # any number of space/tab, # followed by separator # followed by any # space/tab r'(?P<value>.*)$' # everything up to eol ) def __init__(self): IPAChangeConf.__init__(self, "SSSD") self.comment = ("#",";") self.backup_suffix = ".bak" self.opts = [] def parseLine(self, line): """ Overrides IPAChangeConf parseLine so that lines are splitted using any separator in self.assign, not just the default one """ if self.matchEmpty(line): return {'name':'empty', 'type':'empty'} value = self.matchComment(line) if value: return {'name':'comment', 'type':'comment', 'value':value.rstrip()} mo = self.OPTCRE.match(line) if not mo: raise SyntaxError, 'Syntax Error: Unknown line format' try: name, value = mo.group('option', 'value') except IndexError: raise SyntaxError, 'Syntax Error: Unknown line format' return {'name':name.strip(), 'type':'option', 'value':value.strip()} def readfp(self, fd): self.opts.extend(self.parse(fd)) def read(self, filename): fd = open(filename, 'r') self.readfp(fd) fd.close() def get(self, section, name): index, item = self.get_option_index(section, name) if item: return item['value'] def set(self, section, name, value): modkw = { 'type' : 'section', 'name' : section, 'value' : [{ 'type' : 'option', 'name' : name, 'value' : value, 'action': 'set', }], 'action': 'set', } self.opts = self.merge(self.opts, [ modkw ]) def add_section(self, name, optkw, index=0): optkw.append({'type':'empty', 'value':'empty'}) addkw = { 'type' : 'section', 'name' : name, 'value' : optkw, } self.opts.insert(index, addkw) def delete_section(self, name): self.delete_option('section', name) def sections(self): return [ o for o in self.opts if o['type'] == 'section' ] def has_section(self, section): return len([ o for o in self.opts if o['type'] == 'section' if o['name'] == section ]) > 0 def options(self, section): for opt in self.opts: if opt['type'] == 'section' and opt['name'] == section: return opt['value'] def delete_option(self, type, name, exclude_sections=False): return self.delete_option_subtree(self.opts, type, name) def delete_option_subtree(self, subtree, type, name, exclude_sections=False): index, item = self.findOpts(subtree, type, name, exclude_sections) if item: del subtree[index] return index def has_option(self, section, name): index, item = self.get_option_index(section, name) if index != -1 and item != None: return True return False def strip_comments_empty(self, optlist): retlist = [] for opt in optlist: if opt['type'] in ('comment', 'empty'): continue retlist.append(opt) return retlist def get_option_index(self, parent_name, name, type='option'): subtree = None if parent_name: pindex, pdata = self.findOpts(self.opts, 'section', parent_name) if not pdata: return (-1, None) subtree = pdata['value'] else: subtree = self.opts return self.findOpts(subtree, type, name) ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/PaxHeaders.13173/etc���������������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�016300� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.414875128 30 atime=1396955003.535843846 30 ctime=1396954961.414875128 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/�������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�016604� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/PaxHeaders.13173/sssd.api.conf�������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020755� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.252891441 30 ctime=1396954961.414875128 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.conf������������������������������������������������������������0000664�0024127�0024127�00000010137�12320753107�021201� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Format: # option = type, subtype, mandatory[, default] [service] # Options available to all services debug_level = int, None, false debug_timestamps = bool, None, false debug_microseconds = bool, None, false debug_to_files = bool, None, false command = str, None, false reconnection_retries = int, None, false fd_limit = int, None, false client_idle_timeout = int, None, false force_timeout = int, None, false description = str, None, false [sssd] # Monitor service services = list, str, true, nss, pam domains = list, str, true timeout = int, None, false sbus_timeout = int, None, false re_expression = str, None, false full_name_format = str, None, false krb5_rcache_dir = str, None, false default_domain_suffix = str, None, false [nss] # Name service enum_cache_timeout = int, None, false entry_cache_nowait_percentage = int, None, false entry_negative_timeout = int, None, false filter_users = list, str, false filter_groups = list, str, false filter_users_in_groups = bool, None, false pwfield = str, None, false override_homedir = str, None, false fallback_homedir = str, None, false override_shell = str, None, false allowed_shells = list, str, false vetoed_shells = list, str, false shell_fallback = str, None, false default_shell = str, None, false get_domains_timeout = int, None, false memcache_timeout = int, None, false [pam] # Authentication service offline_credentials_expiration = int, None, false offline_failed_login_attempts = int, None, false offline_failed_login_delay = int, None, false pam_verbosity = int, None, false pam_id_timeout = int, None, false pam_pwd_expiration_warning = int, None, false get_domains_timeout = int, None, false [sudo] # sudo service sudo_timed = bool, None, false [autofs] # autofs service autofs_negative_timeout = int, None, false [ssh] # ssh service ssh_hash_known_hosts = bool, None, false ssh_known_hosts_timeout = int, None, false [pac] # PAC responder allowed_uids = str, None, false [provider] #Available provider types id_provider = str, None, true auth_provider = str, None, false access_provider = str, None, false chpass_provider = str, None, false sudo_provider = str, None, false autofs_provider = str, None, false session_provider = str, None, false hostid_provider = str, None, false subdomains_provider = str, None, false [domain] # Options available to all domains description = str, None, false debug_level = int, None, false debug_timestamps = bool, None, false command = str, None, false min_id = int, None, false max_id = int, None, false timeout = int, None, false try_inotify = bool, None, false enumerate = bool, None, false subdomain_enumerate = str, None, false force_timeout = int, None, false cache_credentials = bool, None, false store_legacy_passwords = bool, None, false use_fully_qualified_names = bool, None, false ignore_group_members = bool, None, false entry_cache_timeout = int, None, false lookup_family_order = str, None, false account_cache_expiration = int, None, false pwd_expiration_warning = int, None, false filter_users = list, str, false filter_groups = list, str, false dns_resolver_timeout = int, None, false dns_discovery_domain = str, None, false override_gid = int, None, false case_sensitive = bool, None, false override_homedir = str, None, false fallback_homedir = str, None, false override_shell = str, None, false default_shell = str, None, false description = str, None, false realmd_tags = str, None, false subdomain_refresh_interval = int, None, false #Entry cache timeouts entry_cache_user_timeout = int, None, false entry_cache_group_timeout = int, None, false entry_cache_netgroup_timeout = int, None, false entry_cache_service_timeout = int, None, false entry_cache_autofs_timeout = int, None, false entry_cache_sudo_timeout = int, None, false refresh_expired_interval = int, None, false # Dynamic DNS updates dyndns_update = bool, None, false dyndns_ttl = int, None, false dyndns_iface = str, None, false dyndns_refresh_interval = int, None, false dyndns_update_ptr = bool, None, false dyndns_force_tcp = bool, None, false dyndns_auth = str, None, false # Special providers [provider/permit] [provider/permit/access] [provider/deny] [provider/deny/access] ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/PaxHeaders.13173/sssd.api.d����������������������������������������������0000644�0000000�0000000�00000000132�12320753521�020246� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.413875129 30 atime=1396955003.535843846 30 ctime=1396954961.413875129 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/��������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�020552� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/PaxHeaders.13173/sssd-ipa.conf��������������������������������0000644�0000000�0000000�00000000074�12320753107�022722� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.252891441 30 ctime=1396954961.408875132 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/sssd-ipa.conf�������������������������������������������������0000664�0024127�0024127�00000020305�12320753107�023144� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[provider/ipa] ipa_domain = str, None, false ipa_server = str, None, false ipa_backup_server = str, None, false ipa_hostname = str, None, false ipa_dyndns_update = bool, None, false ipa_dyndns_ttl = int, None, false ipa_dyndns_iface = str, None, false ipa_hbac_search_base = str, None, false ipa_host_search_base = str, None, false ipa_master_domain_search_base = str, None, false ipa_ranges_search_base = str, None, false ipa_enable_dns_sites = bool, None, false ldap_uri = str, None, false ldap_backup_uri = str, None, false ldap_search_base = str, None, false ldap_schema = str, None, false ldap_default_bind_dn = str, None, false ldap_default_authtok_type = str, None, false ldap_default_authtok = str, None, false ldap_network_timeout = int, None, false ldap_opt_timeout = int, None, false ldap_offline_timeout = int, None, false ldap_tls_cacert = str, None, false ldap_tls_cacertdir = str, None, false ldap_tls_cert = str, None, false ldap_tls_key = str, None, false ldap_tls_cipher_suite = str, None, false ldap_tls_reqcert = str, None, false ldap_sasl_mech = str, None, false ldap_sasl_authid = str, None, false ldap_sasl_minssf = int, None, false krb5_kdcip = str, None, false krb5_server = str, None, false krb5_backup_server = str, None, false krb5_realm = str, None, false krb5_auth_timeout = int, None, false krb5_use_kdcinfo = bool, None, false krb5_kpasswd = str, None, false krb5_backup_kpasswd = str, None, false krb5_canonicalize = bool, None, false ldap_krb5_keytab = str, None, false ldap_krb5_init_creds = bool, None, false ldap_entry_usn = str, None, false ldap_rootdse_last_usn = str, None, false ldap_referrals = bool, None, false ldap_krb5_ticket_lifetime = int, None, false ldap_dns_service_name = str, None, false ldap_deref = str, None, false ldap_page_size = int, None, false ldap_deref_threshold = int, None, false ldap_connection_expire_timeout = int, None, false ldap_disable_paging = bool, None, false [provider/ipa/id] ldap_search_timeout = int, None, false ldap_enumeration_refresh_timeout = int, None, false ldap_purge_cache_timeout = int, None, false ldap_id_use_start_tls = bool, None, false ldap_id_mapping = bool, None, false ldap_user_search_base = str, None, false ldap_user_search_scope = str, None, false ldap_user_search_filter = str, None, false ldap_user_object_class = str, None, false ldap_user_name = str, None, false ldap_user_uid_number = str, None, false ldap_user_gid_number = str, None, false ldap_user_gecos = str, None, false ldap_user_home_directory = str, None, false ldap_user_shell = str, None, false ldap_user_uuid = str, None, false ldap_user_objectsid = str, None, false ldap_user_primary_group = str, None, false ldap_user_principal = str, None, false ldap_user_fullname = str, None, false ldap_user_member_of = str, None, false ldap_user_modify_timestamp = str, None, false ldap_user_entry_usn = str, None, false ldap_user_shadow_last_change = str, None, false ldap_user_shadow_min = str, None, false ldap_user_shadow_max = str, None, false ldap_user_shadow_warning = str, None, false ldap_user_shadow_inactive = str, None, false ldap_user_shadow_expire = str, None, false ldap_user_shadow_flag = str, None, false ldap_user_krb_last_pwd_change = str, None, false ldap_user_krb_password_expiration = str, None, false ldap_pwd_attribute = str, None, false ldap_user_ssh_public_key = str, None, false ldap_group_search_base = str, None, false ldap_group_search_scope = str, None, false ldap_group_search_filter = str, None, false ldap_group_object_class = str, None, false ldap_group_name = str, None, false ldap_group_gid_number = str, None, false ldap_group_member = str, None, false ldap_group_uuid = str, None, false ldap_group_objectsid = str, None, false ldap_group_modify_timestamp = str, None, false ldap_group_entry_usn = str, None, false ldap_group_type = int, None, false ldap_force_upper_case_realm = bool, None, false ldap_group_nesting_level = int, None, false ldap_netgroup_search_base = str, None, false ipa_netgroup_object_class = str, None, false ipa_netgroup_name = str, None, false ipa_netgroup_member = str, None, false ipa_netgroup_member_of = str, None, false ipa_netgroup_member_user = str, None, false ipa_netgroup_member_host = str, None, false ipa_netgroup_member_ext_host = str, None, false ipa_netgroup_domain = str, None, false ipa_netgroup_uuid = str, None, false ldap_service_object_class = str, None, false ldap_service_name = str, None, false ldap_service_port = str, None, false ldap_service_proto = str, None, false ldap_service_search_base = str, None, false ldap_service_entry_usn = str, None, false ipa_host_object_class = str, None, false ipa_host_fqdn = str, None, false ipa_host_ssh_public_key = str, None, false ldap_idmap_range_min = int, None, false ldap_idmap_range_max = int, None, false ldap_idmap_range_size = int, None, false ldap_idmap_autorid_compat = bool, None, false ldap_idmap_default_domain = str, None, false ldap_idmap_default_domain_sid = str, None, false ldap_groups_use_matching_rule_in_chain = bool, None, false ldap_initgroups_use_matching_rule_in_chain = bool, None, false ldap_rfc2307_fallback_to_local_users = bool, None, false ipa_server_mode = bool, None, false [provider/ipa/auth] krb5_ccachedir = str, None, false krb5_ccname_template = str, None, false krb5_keytab = str, None, false krb5_validate = bool, None, false ldap_pwd_policy = str, None, false krb5_store_password_if_offline = bool, None, false krb5_renewable_lifetime = str, None, false krb5_lifetime = str, None, false krb5_renew_interval = str, None, false krb5_use_fast = str, None, false krb5_fast_principal = str, None, false krb5_use_enterprise_principal = bool, None, false [provider/ipa/access] ipa_hbac_refresh = int, None, false ipa_selinux_refresh = int, None, false ipa_hbac_treat_deny_as = str, None, false ipa_hbac_support_srchost = bool, None, false ipa_host_object_class = str, None, false ipa_host_name = str, None, false ipa_host_fqdn = str, None, false ipa_host_serverhostname = str, None, false ipa_host_member_of = str, None, false ipa_host_ssh_public_key = str, None, false ipa_host_uuid = str, None, false ipa_hostgroup_objectclass = str, None, false ipa_hostgroup_name = str, None, false ipa_hostgroup_member = str, None, false ipa_hostgroup_memberof = str, None, false ipa_hostgroup_uuid = str, None, false [provider/ipa/autofs] ipa_automount_location = str, None, false ldap_autofs_map_object_class = str, None, false ldap_autofs_map_name = str, None, false ldap_autofs_entry_object_class = str, None, false ldap_autofs_entry_key = str, None, false ldap_autofs_entry_value = str, None, false ldap_autofs_search_base = str, None, false [provider/ipa/chpass] [provider/ipa/session] ipa_host_object_class = str, None, false ipa_host_name = str, None, false ipa_host_fqdn = str, None, false ipa_host_serverhostname = str, None, false ipa_host_member_of = str, None, false ipa_host_ssh_public_key = str, None, false ipa_host_uuid = str, None, false ipa_selinux_usermap_object_class = str, None, false ipa_selinux_usermap_name = str, None, false ipa_selinux_usermap_member_user = str, None, false ipa_selinux_usermap_member_host = str, None, false ipa_selinux_usermap_see_also = str, None, false ipa_selinux_usermap_selinux_user = str, None, false ipa_selinux_usermap_enabled = str, None, false ipa_selinux_usermap_user_category = str, None, false ipa_selinux_usermap_host_category = str, None, false ipa_selinux_usermap_uuid = str, None, false [provider/ipa/hostid] [provider/ipa/subdomains] ipa_subdomains_search_base = str, None, false [provider/ipa/sudo] ldap_sudo_search_base = str, None, false ldap_sudo_full_refresh_interval = int, None, false ldap_sudo_smart_refresh_interval = int, None, false ldap_sudo_use_host_filter = bool, None, false ldap_sudo_hostnames = str, None, false ldap_sudo_ip = str, None, false ldap_sudo_include_netgroups = bool, None, false ldap_sudo_include_regexp = bool, None, false ldap_sudorule_object_class = str, None, false ldap_sudorule_name = str, None, false ldap_sudorule_command = str, None, false ldap_sudorule_host = str, None, false ldap_sudorule_user = str, None, false ldap_sudorule_option = str, None, false ldap_sudorule_runasuser = str, None, false ldap_sudorule_runasgroup = str, None, false ldap_sudorule_notbefore = str, None, false ldap_sudorule_notafter = str, None, false ldap_sudorule_order = str, None, false ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/PaxHeaders.13173/sssd-local.conf������������������������������0000644�0000000�0000000�00000000073�12320753107�023242� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.252891441 29 ctime=1396954961.41187513 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/sssd-local.conf�����������������������������������������������0000664�0024127�0024127�00000000530�12320753107�023463� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[provider/local] create_homedir = bool, None, false remove_homedir = bool, None, false homedir_umask = int, None, false skel_dir = str, None, false mail_dir = str, None, false userdel_cmd = str, None, false [provider/local/id] default_shell = str, None, false base_directory = str, None, false [provider/local/auth] [provider/local/chpass] ������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/PaxHeaders.13173/sssd-simple.conf�����������������������������0000644�0000000�0000000�00000000073�12320753107�023441� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954939.25389144 30 ctime=1396954961.413875129 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/sssd-simple.conf����������������������������������������������0000664�0024127�0024127�00000000304�12320753107�023661� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[provider/simple] [provider/simple/access] simple_allow_users = str, None, false simple_deny_users = str, None, false simple_allow_groups = str, None, false simple_deny_groups = str, None, false ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/PaxHeaders.13173/sssd-ldap.conf�������������������������������0000644�0000000�0000000�00000000074�12320753107�023071� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.252891441 30 ctime=1396954961.410875131 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/sssd-ldap.conf������������������������������������������������0000664�0024127�0024127�00000014453�12320753107�023322� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[provider/ldap] ldap_uri = str, None, false ldap_backup_uri = str, None, false ldap_search_base = str, None, false ldap_schema = str, None, false ldap_default_bind_dn = str, None, false ldap_default_authtok_type = str, None, false ldap_default_authtok = str, None, false ldap_network_timeout = int, None, false ldap_opt_timeout = int, None, false ldap_offline_timeout = int, None, false ldap_tls_cacert = str, None, false ldap_tls_cacertdir = str, None, false ldap_tls_cert = str, None, false ldap_tls_key = str, None, false ldap_tls_cipher_suite = str, None, false ldap_tls_reqcert = str, None, false ldap_sasl_mech = str, None, false ldap_sasl_authid = str, None, false krb5_kdcip = str, None, false krb5_server = str, None, false krb5_realm = str, None, false krb5_canonicalize = bool, None, false krb5_use_kdcinfo = bool, None, false ldap_krb5_keytab = str, None, false ldap_krb5_init_creds = bool, None, false ldap_entry_usn = str, None, false ldap_rootdse_last_usn = str, None, false ldap_referrals = bool, None, false ldap_krb5_ticket_lifetime = int, None, false ldap_dns_service_name = str, None, false ldap_deref = str, None, false ldap_page_size = int, None, false ldap_deref_threshold = int, None, false ldap_sasl_canonicalize = bool, None, false ldap_sasl_minssf = int, None, false ldap_connection_expire_timeout = int, None, false ldap_disable_paging = bool, None, false ldap_disable_range_retrieval = bool, None, false [provider/ldap/id] ldap_search_timeout = int, None, false ldap_enumeration_search_timeout = int, None, false ldap_enumeration_refresh_timeout = int, None, false ldap_purge_cache_timeout = int, None, false ldap_id_use_start_tls = bool, None, false ldap_id_mapping = bool, None, false ldap_user_search_base = str, None, false ldap_user_search_scope = str, None, false ldap_user_search_filter = str, None, false ldap_user_object_class = str, None, false ldap_user_name = str, None, false ldap_user_uid_number = str, None, false ldap_user_gid_number = str, None, false ldap_user_gecos = str, None, false ldap_user_home_directory = str, None, false ldap_user_shell = str, None, false ldap_user_uuid = str, None, false ldap_user_objectsid = str, None, false ldap_user_primary_group = str, None, false ldap_user_principal = str, None, false ldap_user_fullname = str, None, false ldap_user_member_of = str, None, false ldap_user_modify_timestamp = str, None, false ldap_user_entry_usn = str, None, false ldap_user_shadow_last_change = str, None, false ldap_user_shadow_min = str, None, false ldap_user_shadow_max = str, None, false ldap_user_shadow_warning = str, None, false ldap_user_shadow_inactive = str, None, false ldap_user_shadow_expire = str, None, false ldap_user_shadow_flag = str, None, false ldap_user_krb_last_pwd_change = str, None, false ldap_user_krb_password_expiration = str, None, false ldap_user_authorized_service = str, None, false ldap_user_authorized_host = str, None, false ldap_pwd_attribute = str, None, false ldap_user_ad_account_expires = str, None, false ldap_user_ad_user_account_control = str, None, false ldap_ns_account_lock = str, None, false ldap_user_nds_login_disabled = str, None, false ldap_user_nds_login_expiration_time = str, None, false ldap_user_nds_login_allowed_time_map = str, None, false ldap_user_ssh_public_key = str, None, false ldap_group_search_base = str, None, false ldap_group_search_scope = str, None, false ldap_group_search_filter = str, None, false ldap_group_object_class = str, None, false ldap_group_name = str, None, false ldap_group_gid_number = str, None, false ldap_group_member = str, None, false ldap_group_uuid = str, None, false ldap_group_objectsid = str, None, false ldap_group_modify_timestamp = str, None, false ldap_group_entry_usn = str, None, false ldap_group_type = int, None, false ldap_group_nesting_level = int, None, false ldap_force_upper_case_realm = bool, None, false ldap_netgroup_search_base = str, None, false ldap_netgroup_object_class = str, None, false ldap_netgroup_name = str, None, false ldap_netgroup_member = str, None, false ldap_netgroup_triple = str, None, false ldap_netgroup_uuid = str, None, false ldap_netgroup_modify_timestamp = str, None, false ldap_service_object_class = str, None, false ldap_service_name = str, None, false ldap_service_port = str, None, false ldap_service_proto = str, None, false ldap_service_search_base = str, None, false ldap_service_entry_usn = str, None, false ldap_idmap_range_min = int, None, false ldap_idmap_range_max = int, None, false ldap_idmap_range_size = int, None, false ldap_idmap_autorid_compat = bool, None, false ldap_idmap_default_domain = str, None, false ldap_idmap_default_domain_sid = str, None, false ldap_groups_use_matching_rule_in_chain = bool, None, false ldap_initgroups_use_matching_rule_in_chain = bool, None, false ldap_rfc2307_fallback_to_local_users = bool, None, false ldap_min_id = int, None, false ldap_max_id = int, None, false [provider/ldap/auth] ldap_pwd_policy = str, None, false [provider/ldap/access] ldap_access_filter = str, None, false ldap_account_expire_policy = str, None, false ldap_access_order = str, None, false [provider/ldap/chpass] ldap_chpass_uri = str, None, false ldap_chpass_backup_uri = str, None, false ldap_chpass_dns_service_name = str, None, false ldap_chpass_update_last_change = bool, None, false [provider/ldap/sudo] ldap_sudo_search_base = str, None, false ldap_sudo_full_refresh_interval = int, None, false ldap_sudo_smart_refresh_interval = int, None, false ldap_sudo_use_host_filter = bool, None, false ldap_sudo_hostnames = str, None, false ldap_sudo_ip = str, None, false ldap_sudo_include_netgroups = bool, None, false ldap_sudo_include_regexp = bool, None, false ldap_sudorule_object_class = str, None, false ldap_sudorule_name = str, None, false ldap_sudorule_command = str, None, false ldap_sudorule_host = str, None, false ldap_sudorule_user = str, None, false ldap_sudorule_option = str, None, false ldap_sudorule_runasuser = str, None, false ldap_sudorule_runasgroup = str, None, false ldap_sudorule_notbefore = str, None, false ldap_sudorule_notafter = str, None, false ldap_sudorule_order = str, None, false [provider/ldap/autofs] ldap_autofs_map_object_class = str, None, false ldap_autofs_map_name = str, None, false ldap_autofs_entry_object_class = str, None, false ldap_autofs_entry_key = str, None, false ldap_autofs_entry_value = str, None, false ldap_autofs_search_base = str, None, false ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/PaxHeaders.13173/sssd-proxy.conf������������������������������0000644�0000000�0000000�00000000074�12320753107�023332� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.252891441 30 ctime=1396954961.412875129 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/sssd-proxy.conf�����������������������������������������������0000664�0024127�0024127�00000000277�12320753107�023562� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[provider/proxy] [provider/proxy/id] proxy_lib_name = str, None, true proxy_fast_alias = bool, None, true [provider/proxy/auth] proxy_pam_target = str, None, true [provider/proxy/chpass] ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/PaxHeaders.13173/sssd-ad.conf���������������������������������0000644�0000000�0000000�00000000074�12320753107�022535� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.252891441 30 ctime=1396954961.409875132 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/sssd-ad.conf��������������������������������������������������0000664�0024127�0024127�00000013304�12320753107�022760� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[provider/ad] ad_domain = str, None, false ad_server = str, None, false ad_backup_server = str, None, false ad_hostname = str, None, false ad_enable_dns_sites = bool, None, false ad_access_filter = str, None, false ad_enable_gc = bool, None, false ldap_uri = str, None, false ldap_backup_uri = str, None, false ldap_search_base = str, None, false ldap_schema = str, None, false ldap_default_bind_dn = str, None, false ldap_default_authtok_type = str, None, false ldap_default_authtok = str, None, false ldap_network_timeout = int, None, false ldap_opt_timeout = int, None, false ldap_offline_timeout = int, None, false ldap_tls_cacert = str, None, false ldap_tls_cacertdir = str, None, false ldap_tls_cert = str, None, false ldap_tls_key = str, None, false ldap_tls_cipher_suite = str, None, false ldap_tls_reqcert = str, None, false ldap_sasl_mech = str, None, false ldap_sasl_authid = str, None, false ldap_sasl_minssf = int, None, false krb5_kdcip = str, None, false krb5_server = str, None, false krb5_backup_server = str, None, false krb5_realm = str, None, false krb5_auth_timeout = int, None, false krb5_canonicalize = bool, None, false krb5_use_kdcinfo = bool, None, false ldap_krb5_keytab = str, None, false ldap_krb5_init_creds = bool, None, false ldap_entry_usn = str, None, false ldap_rootdse_last_usn = str, None, false ldap_referrals = bool, None, false ldap_krb5_ticket_lifetime = int, None, false ldap_dns_service_name = str, None, false ldap_deref = str, None, false ldap_page_size = int, None, false ldap_deref_threshold = int, None, false ldap_connection_expire_timeout = int, None, false ldap_disable_paging = bool, None, false [provider/ad/id] ldap_search_timeout = int, None, false ldap_enumeration_refresh_timeout = int, None, false ldap_purge_cache_timeout = int, None, false ldap_id_use_start_tls = bool, None, false ldap_id_mapping = bool, None, false ldap_user_search_base = str, None, false ldap_user_search_scope = str, None, false ldap_user_search_filter = str, None, false ldap_user_object_class = str, None, false ldap_user_name = str, None, false ldap_user_uid_number = str, None, false ldap_user_gid_number = str, None, false ldap_user_gecos = str, None, false ldap_user_home_directory = str, None, false ldap_user_shell = str, None, false ldap_user_uuid = str, None, false ldap_user_objectsid = str, None, false ldap_user_primary_group = str, None, false ldap_user_principal = str, None, false ldap_user_fullname = str, None, false ldap_user_member_of = str, None, false ldap_user_modify_timestamp = str, None, false ldap_user_entry_usn = str, None, false ldap_user_shadow_last_change = str, None, false ldap_user_shadow_min = str, None, false ldap_user_shadow_max = str, None, false ldap_user_shadow_warning = str, None, false ldap_user_shadow_inactive = str, None, false ldap_user_shadow_expire = str, None, false ldap_user_shadow_flag = str, None, false ldap_user_krb_last_pwd_change = str, None, false ldap_user_krb_password_expiration = str, None, false ldap_pwd_attribute = str, None, false ldap_user_ssh_public_key = str, None, false ldap_group_search_base = str, None, false ldap_group_search_scope = str, None, false ldap_group_search_filter = str, None, false ldap_group_object_class = str, None, false ldap_group_name = str, None, false ldap_group_gid_number = str, None, false ldap_group_member = str, None, false ldap_group_uuid = str, None, false ldap_group_objectsid = str, None, false ldap_group_modify_timestamp = str, None, false ldap_group_entry_usn = str, None, false ldap_group_type = int, None, false ldap_force_upper_case_realm = bool, None, false ldap_group_nesting_level = int, None, false ldap_netgroup_search_base = str, None, false ldap_service_object_class = str, None, false ldap_service_name = str, None, false ldap_service_port = str, None, false ldap_service_proto = str, None, false ldap_service_search_base = str, None, false ldap_service_entry_usn = str, None, false ldap_idmap_range_min = int, None, false ldap_idmap_range_max = int, None, false ldap_idmap_range_size = int, None, false ldap_idmap_autorid_compat = bool, None, false ldap_idmap_default_domain = str, None, false ldap_idmap_default_domain_sid = str, None, false ldap_groups_use_matching_rule_in_chain = bool, None, false ldap_initgroups_use_matching_rule_in_chain = bool, None, false ldap_rfc2307_fallback_to_local_users = bool, None, false [provider/ad/auth] krb5_ccachedir = str, None, false krb5_ccname_template = str, None, false krb5_keytab = str, None, false krb5_validate = bool, None, false ldap_pwd_policy = str, None, false krb5_store_password_if_offline = bool, None, false krb5_renewable_lifetime = str, None, false krb5_lifetime = str, None, false krb5_renew_interval = str, None, false krb5_use_fast = str, None, false krb5_fast_principal = str, None, false krb5_use_enterprise_principal = bool, None, false [provider/ad/access] [provider/ad/chpass] krb5_kpasswd = str, None, false krb5_backup_kpasswd = str, None, false [provider/ad/subdomains] [provider/ad/sudo] ldap_sudo_search_base = str, None, false ldap_sudo_full_refresh_interval = int, None, false ldap_sudo_smart_refresh_interval = int, None, false ldap_sudo_use_host_filter = bool, None, false ldap_sudo_hostnames = str, None, false ldap_sudo_ip = str, None, false ldap_sudo_include_netgroups = bool, None, false ldap_sudo_include_regexp = bool, None, false ldap_sudorule_object_class = str, None, false ldap_sudorule_name = str, None, false ldap_sudorule_command = str, None, false ldap_sudorule_host = str, None, false ldap_sudorule_user = str, None, false ldap_sudorule_option = str, None, false ldap_sudorule_runasuser = str, None, false ldap_sudorule_runasgroup = str, None, false ldap_sudorule_notbefore = str, None, false ldap_sudorule_notafter = str, None, false ldap_sudorule_order = str, None, false ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/PaxHeaders.13173/sssd-krb5.conf�������������������������������0000644�0000000�0000000�00000000074�12320753107�023014� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.252891441 30 ctime=1396954961.410875131 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/etc/sssd.api.d/sssd-krb5.conf������������������������������������������������0000664�0024127�0024127�00000001471�12320753107�023241� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[provider/krb5] krb5_kdcip = str, None, false krb5_server = str, None, false krb5_backup_server = str, None, false krb5_realm = str, None, true krb5_auth_timeout = int, None, false krb5_use_kdcinfo = bool, None, false krb5_kpasswd = str, None, false krb5_backup_kpasswd = str, None, false [provider/krb5/auth] krb5_ccachedir = str, None, false krb5_ccname_template = str, None, false krb5_keytab = str, None, false krb5_validate = bool, None, false krb5_store_password_if_offline = bool, None, false krb5_renewable_lifetime = str, None, false krb5_lifetime = str, None, false krb5_renew_interval = str, None, false krb5_use_fast = str, None, false krb5_fast_principal = str, None, false krb5_canonicalize = bool, None, false krb5_use_enterprise_principal = bool, None, false [provider/krb5/access] [provider/krb5/chpass] �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/PaxHeaders.13173/testconfigs�������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�020055� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.386875149 30 atime=1396955003.535843846 30 ctime=1396954961.386875149 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/�����������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�020361� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/PaxHeaders.13173/noparse.api.conf��������������������������������0000644�0000000�0000000�00000000073�12320753107�023224� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954939.25389144 30 ctime=1396954961.383875151 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/noparse.api.conf�������������������������������������������������0000664�0024127�0024127�00000000177�12320753107�023454� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Format: # option = type, subtype[, default] [service] # Options available to all services debug_level = int, None, 0 command�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/PaxHeaders.13173/sssd-invalid-badbool.conf�����������������������0000644�0000000�0000000�00000000073�12320753107�025005� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954939.25389144 30 ctime=1396954961.386875149 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/sssd-invalid-badbool.conf����������������������������������������0000664�0024127�0024127�00000001270�12320753107�025230� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[nss] nss_filter_groups = root nss_entry_negative_timeout = 15 debug_level = 0 nss_filter_users_in_groups = true nss_filter_users = root nss_entry_cache_no_wait_timeout = 60 nss_entry_cache_timeout = 600 nss_enum_cache_timeout = 120 [sssd] services = nss, pam reconnection_retries = 3 domains = LOCAL, IPA config_file_version = 2 [domain/PROXY] id_provider = proxy auth_provider = proxy debug_level = 0 [domain/IPA] id_provider = ldap ldap_id_use_start_tls = Fal auth_provider = krb5 debug_level = 0 [domain/LOCAL] id_provider = local auth_provider = local debug_level = 0 [domain/LDAP] id_provider = ldap auth_provider=ldap debug_level = 0 [pam] debug_level = 0 [dp] debug_level = 0 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/PaxHeaders.13173/sssd-invalid.conf�������������������������������0000644�0000000�0000000�00000000073�12320753107�023405� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954939.25389144 30 ctime=1396954961.385875149 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/sssd-invalid.conf������������������������������������������������0000664�0024127�0024127�00000000050�12320753107�023623� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[sssd] services config_file_version = 2 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/PaxHeaders.13173/sssd-noversion.conf�����������������������������0000644�0000000�0000000�00000000072�12320753107�024000� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954939.25389144 29 ctime=1396954961.38487515 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/sssd-noversion.conf����������������������������������������������0000664�0024127�0024127�00000001202�12320753107�024217� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[nss] nss_filter_groups = root nss_entry_negative_timeout = 15 debug_level = 0 nss_filter_users_in_groups = true nss_filter_users = root nss_entry_cache_no_wait_timeout = 60 nss_entry_cache_timeout = 600 nss_enum_cache_timeout = 120 [sssd] services = nss, pam reconnection_retries = 3 domains = LOCAL, IPA [domain/PROXY] id_provider = proxy auth_provider = proxy debug_level = 0 [domain/IPA] id_provider = ldap auth_provider = krb5 debug_level = 0 [domain/LOCAL] id_provider = local auth_provider = local debug_level = 0 [domain/LDAP] id_provider = ldap auth_provider = ldap debug_level = 0 [pam] debug_level = 0 [dp] debug_level = 0 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/PaxHeaders.13173/sssd-badversion.conf����������������������������0000644�0000000�0000000�00000000073�12320753107�024113� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954939.25389144 30 ctime=1396954961.385875149 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/sssd-badversion.conf���������������������������������������������0000664�0024127�0024127�00000001232�12320753107�024334� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[nss] nss_filter_groups = root nss_entry_negative_timeout = 15 debug_level = 0 nss_filter_users_in_groups = true nss_filter_users = root nss_entry_cache_no_wait_timeout = 60 nss_entry_cache_timeout = 600 nss_enum_cache_timeout = 120 [sssd] services = nss, pam reconnection_retries = 3 domains = LOCAL, IPA config_file_version = 1 [domain/PROXY] id_provider = proxy auth_provider = proxy debug_level = 0 [domain/IPA] id_provider = ldap auth_provider = krb5 debug_level = 0 [domain/LOCAL] id_provider = local auth_provider = local debug_level = 0 [domain/LDAP] id_provider = ldap auth_provider = ldap debug_level = 0 [pam] debug_level = 0 [dp] debug_level = 0 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/PaxHeaders.13173/sssd-valid.conf���������������������������������0000644�0000000�0000000�00000000073�12320753107�023056� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954939.25389144 30 ctime=1396954961.382875151 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/testconfigs/sssd-valid.conf��������������������������������������������������0000664�0024127�0024127�00000002106�12320753107�023300� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[nss] nss_filter_groups = root nss_entry_negative_timeout = 15 debug_level = 0 nss_filter_users_in_groups = true nss_filter_users = root nss_entry_cache_no_wait_timeout = 60 nss_entry_cache_timeout = 600 nss_enum_cache_timeout = 120 [sssd] services = nss, pam reconnection_retries = 3 domains = LOCAL, IPA config_file_version = 2 debug_timestamps = False [domain/PROXY] id_provider = proxy auth_provider = proxy debug_level = 0 [domain/IPA] id_provider = ldap auth_provider = krb5 debug_level = 0xFF0 [domain/LOCAL] id_provider = local auth_provider = local debug_level = 0 [domain/LDAP] ldap_id_use_start_tls = true id_provider = ldap auth_provider=ldap debug_level = 0 # Domain containing an invalid provider [domain/INVALIDPROVIDER] ldap_id_use_start_tls = true id_provider = ldap auth_provider=ldap debug_level = 0 chpass_provider = chpass # Domain containing an invalid option [domain/INVALIDOPTION] ldap_id_use_start_tls = true id_provider = ldap auth_provider=ldap debug_level = 0 nosuchoption = True [pam] debug_level = 0 nosuchoption = True [sudo] debug_level = 0 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/PaxHeaders.13173/SSSDConfigTest.py�������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020723� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.252891441 30 ctime=1396954961.374875157 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/config/SSSDConfigTest.py������������������������������������������������������������0000775�0024127�0024127�00000213447�12320753107�021163� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/usr/bin/python ''' Created on Sep 18, 2009 @author: sgallagh ''' import unittest import os from stat import * import sys srcdir = os.getenv('srcdir') if srcdir: sys.path.append("./src/config") srcdir = srcdir + "/src/config" else: srcdir = "." import SSSDConfig class SSSDConfigTestValid(unittest.TestCase): def setUp(self): pass def tearDown(self): pass def testServices(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") sssdconfig.import_config(srcdir + "/testconfigs/sssd-valid.conf") # Validate services services = sssdconfig.list_services() self.assertTrue('sssd' in services) self.assertTrue('nss' in services) self.assertTrue('pam' in services) #Verify service attributes sssd_service = sssdconfig.get_service('sssd') service_opts = sssd_service.list_options() self.assertTrue('services' in service_opts.keys()) service_list = sssd_service.get_option('services') self.assertTrue('nss' in service_list) self.assertTrue('pam' in service_list) self.assertTrue('domains' in service_opts) self.assertTrue('reconnection_retries' in service_opts) del sssdconfig sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") sssdconfig.new_config() sssdconfig.delete_service('sssd') new_sssd_service = sssdconfig.new_service('sssd'); new_options = new_sssd_service.list_options(); self.assertTrue('debug_level' in new_options) self.assertEquals(new_options['debug_level'][0], int) self.assertTrue('command' in new_options) self.assertEquals(new_options['command'][0], str) self.assertTrue('reconnection_retries' in new_options) self.assertEquals(new_options['reconnection_retries'][0], int) self.assertTrue('services' in new_options) self.assertEquals(new_options['debug_level'][0], int) self.assertTrue('domains' in new_options) self.assertEquals(new_options['domains'][0], list) self.assertEquals(new_options['domains'][1], str) self.assertTrue('sbus_timeout' in new_options) self.assertEquals(new_options['sbus_timeout'][0], int) self.assertTrue('re_expression' in new_options) self.assertEquals(new_options['re_expression'][0], str) self.assertTrue('full_name_format' in new_options) self.assertEquals(new_options['full_name_format'][0], str) self.assertTrue('default_domain_suffix' in new_options) self.assertEquals(new_options['default_domain_suffix'][0], str) del sssdconfig def testDomains(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") sssdconfig.import_config(srcdir + "/testconfigs/sssd-valid.conf") #Validate domain list domains = sssdconfig.list_domains() self.assertTrue('LOCAL' in domains) self.assertTrue('LDAP' in domains) self.assertTrue('PROXY' in domains) self.assertTrue('IPA' in domains) #Verify domain attributes ipa_domain = sssdconfig.get_domain('IPA') domain_opts = ipa_domain.list_options() self.assertTrue('debug_level' in domain_opts.keys()) self.assertTrue('id_provider' in domain_opts.keys()) self.assertTrue('auth_provider' in domain_opts.keys()) del sssdconfig def testListProviders(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") sssdconfig.new_config() junk_domain = sssdconfig.new_domain('junk') providers = junk_domain.list_providers() self.assertTrue('ldap' in providers.keys()) def testCreateNewLocalConfig(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") sssdconfig.new_config() local_domain = sssdconfig.new_domain('LOCAL') local_domain.add_provider('local', 'id') local_domain.set_option('debug_level', 1) local_domain.set_option('default_shell', '/bin/tcsh') local_domain.set_active(True) sssdconfig.save_domain(local_domain) of = '/tmp/testCreateNewLocalConfig.conf' #Ensure the output file doesn't exist try: os.unlink(of) except: pass #Write out the file sssdconfig.write(of) #Verify that the output file has the correct permissions mode = os.stat(of)[ST_MODE] #Output files should not be readable or writable by #non-owners, and should not be executable by anyone self.assertFalse(S_IMODE(mode) & 0177) #Remove the output file os.unlink(of) def testCreateNewLDAPConfig(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") sssdconfig.new_config() ldap_domain = sssdconfig.new_domain('LDAP') ldap_domain.add_provider('ldap', 'id') ldap_domain.set_option('debug_level', 1) ldap_domain.set_active(True) sssdconfig.save_domain(ldap_domain) of = '/tmp/testCreateNewLDAPConfig.conf' #Ensure the output file doesn't exist try: os.unlink(of) except: pass #Write out the file sssdconfig.write(of) #Verify that the output file has the correct permissions mode = os.stat(of)[ST_MODE] #Output files should not be readable or writable by #non-owners, and should not be executable by anyone self.assertFalse(S_IMODE(mode) & 0177) #Remove the output file os.unlink(of) def testModifyExistingConfig(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") sssdconfig.import_config(srcdir + "/testconfigs/sssd-valid.conf") ldap_domain = sssdconfig.get_domain('LDAP') ldap_domain.set_option('debug_level', 3) ldap_domain.remove_provider('auth') ldap_domain.add_provider('krb5', 'auth') ldap_domain.set_active(True) sssdconfig.save_domain(ldap_domain) of = '/tmp/testModifyExistingConfig.conf' #Ensure the output file doesn't exist try: os.unlink(of) except: pass #Write out the file sssdconfig.write(of) #Verify that the output file has the correct permissions mode = os.stat(of)[ST_MODE] #Output files should not be readable or writable by #non-owners, and should not be executable by anyone self.assertFalse(S_IMODE(mode) & 0177) #Remove the output file os.unlink(of) def testSpaces(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") sssdconfig.import_config(srcdir + "/testconfigs/sssd-valid.conf") ldap_domain = sssdconfig.get_domain('LDAP') self.assertEqual(ldap_domain.get_option('auth_provider'), 'ldap') self.assertEqual(ldap_domain.get_option('id_provider'), 'ldap') class SSSDConfigTestInvalid(unittest.TestCase): def setUp(self): pass def tearDown(self): pass def testBadBool(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") sssdconfig.import_config(srcdir + "/testconfigs/sssd-invalid-badbool.conf") self.assertRaises(TypeError, sssdconfig.get_domain,'IPA') class SSSDConfigTestSSSDService(unittest.TestCase): def setUp(self): self.schema = SSSDConfig.SSSDConfigSchema(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") def tearDown(self): pass def testInit(self): # Positive test service = SSSDConfig.SSSDService('sssd', self.schema) # Type Error test # Name is not a string self.assertRaises(TypeError, SSSDConfig.SSSDService, 3, self.schema) # TypeError test # schema is not an SSSDSchema self.assertRaises(TypeError, SSSDConfig.SSSDService, '3', self) # ServiceNotRecognizedError test self.assertRaises(SSSDConfig.ServiceNotRecognizedError, SSSDConfig.SSSDService, 'ssd', self.schema) def testListOptions(self): service = SSSDConfig.SSSDService('sssd', self.schema) options = service.list_options() control_list = [ 'services', 'domains', 'timeout', 'force_timeout', 'sbus_timeout', 're_expression', 'full_name_format', 'krb5_rcache_dir', 'default_domain_suffix', 'debug_level', 'debug_timestamps', 'debug_microseconds', 'debug_to_files', 'command', 'reconnection_retries', 'fd_limit', 'client_idle_timeout', 'description'] self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) self.assertTrue(type(options['reconnection_retries']) == tuple, "Option values should be a tuple") self.assertTrue(options['reconnection_retries'][0] == int, "reconnection_retries should require an int. " + "list_options is requiring a %s" % options['reconnection_retries'][0]) self.assertTrue(options['reconnection_retries'][1] == None, "reconnection_retries should not require a subtype. " + "list_options is requiring a %s" % options['reconnection_retries'][1]) self.assertTrue(options['reconnection_retries'][3] == None, "reconnection_retries should have no default") self.assertTrue(type(options['services']) == tuple, "Option values should be a tuple") self.assertTrue(options['services'][0] == list, "services should require an list. " + "list_options is requiring a %s" % options['services'][0]) self.assertTrue(options['services'][1] == str, "services should require a subtype of str. " + "list_options is requiring a %s" % options['services'][1]) def testListMandatoryOptions(self): service = SSSDConfig.SSSDService('sssd', self.schema) options = service.list_mandatory_options() control_list = [ 'services', 'domains'] self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) self.assertTrue(type(options['services']) == tuple, "Option values should be a tuple") self.assertTrue(options['services'][0] == list, "services should require an list. " + "list_options is requiring a %s" % options['services'][0]) self.assertTrue(options['services'][1] == str, "services should require a subtype of str. " + "list_options is requiring a %s" % options['services'][1]) def testSetOption(self): service = SSSDConfig.SSSDService('sssd', self.schema) # Positive test - Exactly right service.set_option('debug_level', 2) self.assertEqual(service.get_option('debug_level'), 2) # Positive test - Allow converting "safe" values service.set_option('debug_level', '2') self.assertEqual(service.get_option('debug_level'), 2) # Positive test - Remove option if value is None service.set_option('debug_level', None) self.assertTrue('debug_level' not in service.options.keys()) # Negative test - Nonexistent Option self.assertRaises(SSSDConfig.NoOptionError, service.set_option, 'nosuchoption', 1) # Negative test - Incorrect type self.assertRaises(TypeError, service.set_option, 'debug_level', 'two') def testGetOption(self): service = SSSDConfig.SSSDService('sssd', self.schema) # Positive test - Single-valued self.assertEqual(service.get_option('config_file_version'), 2) # Positive test - List of values self.assertEqual(service.get_option('services'), ['nss', 'pam']) # Negative Test - Bad Option self.assertRaises(SSSDConfig.NoOptionError, service.get_option, 'nosuchoption') def testGetAllOptions(self): service = SSSDConfig.SSSDService('sssd', self.schema) #Positive test options = service.get_all_options() control_list = [ 'config_file_version', 'services'] self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) def testRemoveOption(self): service = SSSDConfig.SSSDService('sssd', self.schema) # Positive test - Remove an option that exists self.assertEqual(service.get_option('services'), ['nss', 'pam']) service.remove_option('services') self.assertRaises(SSSDConfig.NoOptionError, service.get_option, 'debug_level') # Positive test - Remove an option that doesn't exist self.assertRaises(SSSDConfig.NoOptionError, service.get_option, 'nosuchentry') service.remove_option('nosuchentry') class SSSDConfigTestSSSDDomain(unittest.TestCase): def setUp(self): self.schema = SSSDConfig.SSSDConfigSchema(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") def tearDown(self): pass def testInit(self): # Positive Test domain = SSSDConfig.SSSDDomain('mydomain', self.schema) # Negative Test - Name not a string self.assertRaises(TypeError, SSSDConfig.SSSDDomain, 2, self.schema) # Negative Test - Schema is not an SSSDSchema self.assertRaises(TypeError, SSSDConfig.SSSDDomain, 'mydomain', self) def testGetName(self): # Positive Test domain = SSSDConfig.SSSDDomain('mydomain', self.schema) self.assertEqual(domain.get_name(), 'mydomain') def testSetActive(self): #Positive Test domain = SSSDConfig.SSSDDomain('mydomain', self.schema) # Should default to inactive self.assertFalse(domain.active) domain.set_active(True) self.assertTrue(domain.active) domain.set_active(False) self.assertFalse(domain.active) def testListOptions(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) # First test default options options = domain.list_options() control_list = [ 'description', 'debug_level', 'debug_timestamps', 'min_id', 'max_id', 'timeout', 'force_timeout', 'try_inotify', 'command', 'enumerate', 'cache_credentials', 'store_legacy_passwords', 'use_fully_qualified_names', 'ignore_group_members', 'filter_users', 'filter_groups', 'entry_cache_timeout', 'entry_cache_user_timeout', 'entry_cache_group_timeout', 'entry_cache_netgroup_timeout', 'entry_cache_service_timeout', 'entry_cache_autofs_timeout', 'entry_cache_sudo_timeout', 'refresh_expired_interval', 'lookup_family_order', 'account_cache_expiration', 'dns_resolver_timeout', 'dns_discovery_domain', 'dyndns_update', 'dyndns_ttl', 'dyndns_iface', 'dyndns_refresh_interval', 'dyndns_update_ptr', 'dyndns_force_tcp', 'dyndns_auth', 'subdomain_enumerate', 'override_gid', 'case_sensitive', 'override_homedir', 'fallback_homedir', 'override_shell', 'default_shell', 'pwd_expiration_warning', 'id_provider', 'auth_provider', 'access_provider', 'chpass_provider', 'sudo_provider', 'autofs_provider', 'session_provider', 'hostid_provider', 'subdomains_provider', 'realmd_tags', 'subdomain_refresh_interval'] self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) self.assertTrue(type(options['max_id']) == tuple, "Option values should be a tuple") self.assertTrue(options['max_id'][0] == int, "max_id should require an int. " + "list_options is requiring a %s" % options['max_id'][0]) self.assertTrue(options['max_id'][1] == None, "max_id should not require a subtype. " + "list_options is requiring a %s" % options['max_id'][1]) # Add a provider and verify that the new options appear domain.add_provider('local', 'id') control_list.extend( ['default_shell', 'base_directory', 'create_homedir', 'remove_homedir', 'homedir_umask', 'skel_dir', 'mail_dir', 'userdel_cmd']) options = domain.list_options() self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) # Add a provider that has global options and verify that # The new options appear. domain.add_provider('krb5', 'auth') backup_list = control_list[:] control_list.extend( ['krb5_server', 'krb5_backup_server', 'krb5_realm', 'krb5_kpasswd', 'krb5_backup_kpasswd', 'krb5_ccachedir', 'krb5_ccname_template', 'krb5_keytab', 'krb5_validate', 'krb5_store_password_if_offline', 'krb5_auth_timeout', 'krb5_renewable_lifetime', 'krb5_lifetime', 'krb5_renew_interval', 'krb5_use_fast', 'krb5_fast_principal', 'krb5_canonicalize', 'krb5_use_enterprise_principal', 'krb5_use_kdcinfo']) options = domain.list_options() self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) control_list.extend(['krb5_kdcip']) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) # Remove the auth domain and verify that the options # revert to the backup_list domain.remove_provider('auth') options = domain.list_options() self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in backup_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in backup_list, 'Option [%s] unexpectedly found' % option) def testListMandatoryOptions(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) # First test default options options = domain.list_mandatory_options() control_list = ['id_provider'] self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) # Add a provider that has global options and verify that # The new options appear. domain.add_provider('krb5', 'auth') backup_list = control_list[:] control_list.extend(['krb5_realm']) options = domain.list_mandatory_options() self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) # Remove the auth domain and verify that the options # revert to the backup_list domain.remove_provider('auth') options = domain.list_mandatory_options() self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in backup_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in backup_list, 'Option [%s] unexpectedly found' % option) def testListProviders(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) control_provider_dict = { 'ipa': ['id', 'auth', 'access', 'chpass', 'sudo', 'autofs', 'session', 'hostid', 'subdomains'], 'ad': ['id', 'auth', 'access', 'chpass', 'sudo', 'subdomains'], 'local': ['id', 'auth', 'chpass'], 'ldap': ['id', 'auth', 'access', 'chpass', 'sudo', 'autofs'], 'krb5': ['auth', 'access', 'chpass'], 'proxy': ['id', 'auth', 'chpass'], 'simple': ['access'], 'permit': ['access'], 'deny': ['access']} providers = domain.list_providers() # Ensure that all of the expected defaults are there for provider in control_provider_dict.keys(): for ptype in control_provider_dict[provider]: self.assertTrue(providers.has_key(provider)) self.assertTrue(ptype in providers[provider]) for provider in providers.keys(): for ptype in providers[provider]: self.assertTrue(control_provider_dict.has_key(provider)) self.assertTrue(ptype in control_provider_dict[provider]) def testListProviderOptions(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) # Test looking up a specific provider type options = domain.list_provider_options('krb5', 'auth') control_list = [ 'krb5_server', 'krb5_backup_server', 'krb5_kdcip', 'krb5_realm', 'krb5_kpasswd', 'krb5_backup_kpasswd', 'krb5_ccachedir', 'krb5_ccname_template', 'krb5_keytab', 'krb5_validate', 'krb5_store_password_if_offline', 'krb5_auth_timeout', 'krb5_renewable_lifetime', 'krb5_lifetime', 'krb5_renew_interval', 'krb5_use_fast', 'krb5_fast_principal', 'krb5_canonicalize', 'krb5_use_enterprise_principal', 'krb5_use_kdcinfo'] self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) #Test looking up all provider values options = domain.list_provider_options('krb5') control_list.extend(['krb5_kpasswd']) self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) def testAddProvider(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) # Positive Test domain.add_provider('local', 'id') # Negative Test - No such backend type self.assertRaises(SSSDConfig.NoSuchProviderError, domain.add_provider, 'nosuchbackend', 'auth') # Negative Test - No such backend subtype self.assertRaises(SSSDConfig.NoSuchProviderSubtypeError, domain.add_provider, 'ldap', 'nosuchsubtype') # Negative Test - Try to add a second provider of the same type self.assertRaises(SSSDConfig.ProviderSubtypeInUse, domain.add_provider, 'ldap', 'id') def testRemoveProvider(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) # First test default options options = domain.list_options() control_list = [ 'description', 'debug_level', 'debug_timestamps', 'min_id', 'max_id', 'timeout', 'force_timeout', 'try_inotify', 'command', 'enumerate', 'cache_credentials', 'store_legacy_passwords', 'use_fully_qualified_names', 'ignore_group_members', 'filter_users', 'filter_groups', 'entry_cache_timeout', 'entry_cache_user_timeout', 'entry_cache_group_timeout', 'entry_cache_netgroup_timeout', 'entry_cache_service_timeout', 'entry_cache_autofs_timeout', 'entry_cache_sudo_timeout', 'refresh_expired_interval', 'account_cache_expiration', 'lookup_family_order', 'dns_resolver_timeout', 'dns_discovery_domain', 'dyndns_update', 'dyndns_ttl', 'dyndns_iface', 'dyndns_refresh_interval', 'dyndns_update_ptr', 'dyndns_force_tcp', 'dyndns_auth', 'subdomain_enumerate', 'override_gid', 'case_sensitive', 'override_homedir', 'fallback_homedir', 'override_shell', 'default_shell', 'pwd_expiration_warning', 'id_provider', 'auth_provider', 'access_provider', 'chpass_provider', 'sudo_provider', 'autofs_provider', 'session_provider', 'hostid_provider', 'subdomains_provider', 'realmd_tags', 'subdomain_refresh_interval'] self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) self.assertTrue(type(options['max_id']) == tuple, "Option values should be a tuple") self.assertTrue(options['max_id'][0] == int, "config_file_version should require an int. " + "list_options is requiring a %s" % options['max_id'][0]) self.assertTrue(options['max_id'][1] == None, "config_file_version should not require a subtype. " + "list_options is requiring a %s" % options['max_id'][1]) # Add a provider and verify that the new options appear domain.add_provider('local', 'id') control_list.extend( ['default_shell', 'base_directory', 'create_homedir', 'remove_homedir', 'homedir_umask', 'skel_dir', 'mail_dir', 'userdel_cmd']) options = domain.list_options() self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) # Add a provider that has global options and verify that # The new options appear. domain.add_provider('krb5', 'auth') backup_list = control_list[:] control_list.extend( ['krb5_server', 'krb5_backup_server', 'krb5_kdcip', 'krb5_realm', 'krb5_kpasswd', 'krb5_backup_kpasswd', 'krb5_ccachedir', 'krb5_ccname_template', 'krb5_keytab', 'krb5_validate', 'krb5_store_password_if_offline', 'krb5_auth_timeout', 'krb5_renewable_lifetime', 'krb5_lifetime', 'krb5_renew_interval', 'krb5_use_fast', 'krb5_fast_principal', 'krb5_canonicalize', 'krb5_use_enterprise_principal', 'krb5_use_kdcinfo']) options = domain.list_options() self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in control_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in control_list, 'Option [%s] unexpectedly found' % option) # Remove the local ID provider and add an LDAP one # LDAP ID providers can also use the krb5_realm domain.remove_provider('id') self.assertFalse(domain.options.has_key('id_provider')) domain.add_provider('ldap', 'id') # Set the krb5_realm option and the ldap_uri option domain.set_option('krb5_realm', 'EXAMPLE.COM') domain.set_option('ldap_uri', 'ldap://ldap.example.com') self.assertEquals(domain.get_option('krb5_realm'), 'EXAMPLE.COM') self.assertEquals(domain.get_option('ldap_uri'), 'ldap://ldap.example.com') # Remove the LDAP provider and verify that krb5_realm remains domain.remove_provider('id') self.assertEquals(domain.get_option('krb5_realm'), 'EXAMPLE.COM') self.assertFalse(domain.options.has_key('ldap_uri')) # Put the LOCAL provider back domain.add_provider('local', 'id') # Remove the auth domain and verify that the options # revert to the backup_list domain.remove_provider('auth') self.assertFalse(domain.options.has_key('auth_provider')) options = domain.list_options() self.assertTrue(type(options) == dict, "Options should be a dictionary") # Ensure that all of the expected defaults are there for option in backup_list: self.assertTrue(option in options.keys(), "Option [%s] missing" % option) # Ensure that there aren't any unexpected options listed for option in options.keys(): self.assertTrue(option in backup_list, 'Option [%s] unexpectedly found' % option) # Ensure that the krb5_realm option is now gone self.assertFalse(domain.options.has_key('krb5_realm')) # Test removing nonexistent provider - Real domain.remove_provider('id') self.assertFalse(domain.options.has_key('id_provider')) # Test removing nonexistent provider - Bad backend type # Should pass without complaint domain.remove_provider('id') self.assertFalse(domain.options.has_key('id_provider')) # Test removing nonexistent provider - Bad provider type # Should pass without complaint domain.remove_provider('nosuchprovider') self.assertFalse(domain.options.has_key('nosuchprovider_provider')) def testGetOption(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) # Negative Test - Try to get valid option that is not set self.assertRaises(SSSDConfig.NoOptionError, domain.get_option, 'max_id') # Positive Test - Set the above option and get it domain.set_option('max_id', 10000) self.assertEqual(domain.get_option('max_id'), 10000) # Negative Test - Try yo get invalid option self.assertRaises(SSSDConfig.NoOptionError, domain.get_option, 'nosuchoption') def testSetOption(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) # Positive Test domain.set_option('max_id', 10000) self.assertEqual(domain.get_option('max_id'), 10000) # Positive Test - Remove option if value is None domain.set_option('max_id', None) self.assertTrue('max_id' not in domain.get_all_options().keys()) # Negative Test - invalid option self.assertRaises(SSSDConfig.NoOptionError, domain.set_option, 'nosuchoption', 1) # Negative Test - incorrect type self.assertRaises(TypeError, domain.set_option, 'max_id', 'a string') # Positive Test - Coax options to appropriate type domain.set_option('max_id', '10000') self.assertEqual(domain.get_option('max_id'), 10000) domain.set_option('max_id', 30.2) self.assertEqual(domain.get_option('max_id'), 30) def testRemoveOption(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) # Positive test - Remove unset but valid option self.assertFalse('max_id' in domain.get_all_options().keys()) domain.remove_option('max_id') self.assertFalse('max_id' in domain.get_all_options().keys()) # Positive test - Remove unset and unknown option self.assertFalse('nosuchoption' in domain.get_all_options().keys()) domain.remove_option('nosuchoption') self.assertFalse('nosuchoption' in domain.get_all_options().keys()) def testSetName(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) # Positive test - Change the name once domain.set_name('sssd2'); self.assertEqual(domain.get_name(), 'sssd2') self.assertEqual(domain.oldname, 'sssd') # Positive test - Change the name a second time domain.set_name('sssd3') self.assertEqual(domain.get_name(), 'sssd3') self.assertEqual(domain.oldname, 'sssd') # Negative test - try setting the name to a non-string self.assertRaises(TypeError, domain.set_name, 4) class SSSDConfigTestSSSDConfig(unittest.TestCase): def setUp(self): pass def tearDown(self): pass def testInit(self): # Positive test sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - No Such File self.assertRaises(IOError, SSSDConfig.SSSDConfig, "nosuchfile.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Schema is not parsable self.assertRaises(SSSDConfig.ParsingError, SSSDConfig.SSSDConfig, srcdir + "/testconfigs/noparse.api.conf", srcdir + "/etc/sssd.api.d") def testImportConfig(self): # Positive Test sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") sssdconfig.import_config(srcdir + "/testconfigs/sssd-valid.conf") # Verify that all sections were imported control_list = [ 'sssd', 'nss', 'pam', 'sudo', 'domain/PROXY', 'domain/IPA', 'domain/LOCAL', 'domain/LDAP', 'domain/INVALIDPROVIDER', 'domain/INVALIDOPTION', ] for section in control_list: self.assertTrue(sssdconfig.has_section(section), "Section [%s] missing" % section) for section in sssdconfig.sections(): self.assertTrue(section['name'] in control_list) # Verify that all options were imported for a section control_list = [ 'services', 'reconnection_retries', 'domains', 'debug_timestamps', 'config_file_version'] for option in control_list: self.assertTrue(sssdconfig.has_option('sssd', option), "Option [%s] missing from [sssd]" % option) for option in sssdconfig.options('sssd'): if option['type'] in ('empty', 'comment'): continue self.assertTrue(option['name'] in control_list, "Option [%s] unexpectedly found" % option) #TODO: Check the types and values of the settings # Negative Test - Missing config file sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") self.assertRaises(IOError, sssdconfig.import_config, "nosuchfile.conf") # Negative Test - Invalid config file sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") self.assertRaises(SSSDConfig.ParsingError, sssdconfig.import_config, srcdir + "/testconfigs/sssd-invalid.conf") # Negative Test - Invalid config file version sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") self.assertRaises(SSSDConfig.ParsingError, sssdconfig.import_config, srcdir + "/testconfigs/sssd-badversion.conf") # Negative Test - No config file version sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") self.assertRaises(SSSDConfig.ParsingError, sssdconfig.import_config, srcdir + "/testconfigs/sssd-noversion.conf") # Negative Test - Already initialized sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") sssdconfig.import_config(srcdir + "/testconfigs/sssd-valid.conf") self.assertRaises(SSSDConfig.AlreadyInitializedError, sssdconfig.import_config, srcdir + "/testconfigs/sssd-valid.conf") def testNewConfig(self): # Positive Test sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") sssdconfig.new_config() # Check that the defaults were set control_list = [ 'sssd', 'nss', 'pam', 'sudo', 'autofs', 'ssh', 'pac'] for section in control_list: self.assertTrue(sssdconfig.has_section(section), "Section [%s] missing" % section) for section in sssdconfig.sections(): self.assertTrue(section['name'] in control_list) control_list = [ 'config_file_version', 'services'] for option in control_list: self.assertTrue(sssdconfig.has_option('sssd', option), "Option [%s] missing from [sssd]" % option) for option in sssdconfig.options('sssd'): if option['type'] in ('empty', 'comment'): continue self.assertTrue(option['name'] in control_list, "Option [%s] unexpectedly found" % option) # Negative Test - Already Initialized self.assertRaises(SSSDConfig.AlreadyInitializedError, sssdconfig.new_config) def testWrite(self): #TODO Write tests to compare output files pass def testListActiveServices(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Not Initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.list_active_services) # Positive Test sssdconfig.import_config(srcdir + '/testconfigs/sssd-valid.conf') control_list = [ 'nss', 'pam'] active_services = sssdconfig.list_active_services() for service in control_list: self.assertTrue(service in active_services, "Service [%s] missing" % service) for service in active_services: self.assertTrue(service in control_list, "Service [%s] unexpectedly found" % service) def testListInactiveServices(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Not Initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.list_inactive_services) # Positive Test sssdconfig.import_config(srcdir + '/testconfigs/sssd-valid.conf') control_list = [ 'sssd', 'sudo'] inactive_services = sssdconfig.list_inactive_services() for service in control_list: self.assertTrue(service in inactive_services, "Service [%s] missing" % service) for service in inactive_services: self.assertTrue(service in control_list, "Service [%s] unexpectedly found" % service) def testListServices(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - sssdconfig not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.list_services) sssdconfig.new_config() control_list = [ 'sssd', 'pam', 'nss', 'sudo', 'autofs', 'ssh', 'pac'] service_list = sssdconfig.list_services() for service in control_list: self.assertTrue(service in service_list, "Service [%s] missing" % service) for service in service_list: self.assertTrue(service in control_list, "Service [%s] unexpectedly found" % service) def testGetService(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.get_service, 'sssd') sssdconfig.import_config(srcdir + '/testconfigs/sssd-valid.conf') service = sssdconfig.get_service('sssd') self.assertTrue(isinstance(service, SSSDConfig.SSSDService)) # Verify the contents of this service self.assertEqual(type(service.get_option('debug_timestamps')), bool) self.assertFalse(service.get_option('debug_timestamps')) # Negative Test - No such service self.assertRaises(SSSDConfig.NoServiceError, sssdconfig.get_service, 'nosuchservice') # Positive test - Service with invalid option loads # but ignores the invalid option service = sssdconfig.get_service('pam') self.assertFalse(service.options.has_key('nosuchoption')) def testNewService(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.new_service, 'sssd') sssdconfig.new_config() # Positive Test # First need to remove the existing service sssdconfig.delete_service('sssd') service = sssdconfig.new_service('sssd') self.failUnless(service.get_name() in sssdconfig.list_services()) # TODO: check that the values of this new service # are set to the defaults from the schema def testDeleteService(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.delete_service, 'sssd') sssdconfig.new_config() # Positive Test service = sssdconfig.delete_service('sssd') def testSaveService(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") new_service = SSSDConfig.SSSDService('sssd', sssdconfig.schema) # Negative Test - Not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.save_service, new_service) # Positive Test sssdconfig.new_config() sssdconfig.save_service(new_service) # TODO: check that all entries were saved correctly (change a few) # Negative Test - Type Error self.assertRaises(TypeError, sssdconfig.save_service, self) def testActivateService(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") service_name = 'sudo' # Negative test - Not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.activate_service, service_name) sssdconfig.import_config(srcdir + "/testconfigs/sssd-valid.conf") # Positive test - Activate an inactive service self.assertTrue(service_name in sssdconfig.list_services()) self.assertFalse(service_name in sssdconfig.list_active_services()) self.assertTrue(service_name in sssdconfig.list_inactive_services()) sssdconfig.activate_service(service_name) self.assertTrue(service_name in sssdconfig.list_services()) self.assertTrue(service_name in sssdconfig.list_active_services()) self.assertFalse(service_name in sssdconfig.list_inactive_services()) # Positive test - Activate an active service # This should succeed sssdconfig.activate_service(service_name) self.assertTrue(service_name in sssdconfig.list_services()) self.assertTrue(service_name in sssdconfig.list_active_services()) self.assertFalse(service_name in sssdconfig.list_inactive_services()) # Negative test - Invalid service name self.assertRaises(SSSDConfig.NoServiceError, sssdconfig.activate_service, 'nosuchservice') # Negative test - Invalid service name type self.assertRaises(SSSDConfig.NoServiceError, sssdconfig.activate_service, self) def testDeactivateService(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") service_name = 'pam' # Negative test - Not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.activate_service, service_name) sssdconfig.import_config(srcdir + "/testconfigs/sssd-valid.conf") # Positive test -Deactivate an active service self.assertTrue(service_name in sssdconfig.list_services()) self.assertTrue(service_name in sssdconfig.list_active_services()) self.assertFalse(service_name in sssdconfig.list_inactive_services()) sssdconfig.deactivate_service(service_name) self.assertTrue(service_name in sssdconfig.list_services()) self.assertFalse(service_name in sssdconfig.list_active_services()) self.assertTrue(service_name in sssdconfig.list_inactive_services()) # Positive test - Deactivate an inactive service # This should succeed sssdconfig.deactivate_service(service_name) self.assertTrue(service_name in sssdconfig.list_services()) self.assertFalse(service_name in sssdconfig.list_active_services()) self.assertTrue(service_name in sssdconfig.list_inactive_services()) # Negative test - Invalid service name self.assertRaises(SSSDConfig.NoServiceError, sssdconfig.activate_service, 'nosuchservice') # Negative test - Invalid service name type self.assertRaises(SSSDConfig.NoServiceError, sssdconfig.activate_service, self) def testListActiveDomains(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Not Initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.list_active_domains) # Positive Test sssdconfig.import_config(srcdir + '/testconfigs/sssd-valid.conf') control_list = [ 'IPA', 'LOCAL'] active_domains = sssdconfig.list_active_domains() for domain in control_list: self.assertTrue(domain in active_domains, "Domain [%s] missing" % domain) for domain in active_domains: self.assertTrue(domain in control_list, "Domain [%s] unexpectedly found" % domain) def testListInactiveDomains(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Not Initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.list_inactive_domains) # Positive Test sssdconfig.import_config(srcdir + '/testconfigs/sssd-valid.conf') control_list = [ 'PROXY', 'LDAP', 'INVALIDPROVIDER', 'INVALIDOPTION', ] inactive_domains = sssdconfig.list_inactive_domains() for domain in control_list: self.assertTrue(domain in inactive_domains, "Domain [%s] missing" % domain) for domain in inactive_domains: self.assertTrue(domain in control_list, "Domain [%s] unexpectedly found" % domain) def testListDomains(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Not Initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.list_domains) # Positive Test sssdconfig.import_config(srcdir + '/testconfigs/sssd-valid.conf') control_list = [ 'IPA', 'LOCAL', 'PROXY', 'LDAP', 'INVALIDPROVIDER', 'INVALIDOPTION', ] domains = sssdconfig.list_domains() for domain in control_list: self.assertTrue(domain in domains, "Domain [%s] missing" % domain) for domain in domains: self.assertTrue(domain in control_list, "Domain [%s] unexpectedly found" % domain) def testGetDomain(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.get_domain, 'sssd') sssdconfig.import_config(srcdir + '/testconfigs/sssd-valid.conf') domain = sssdconfig.get_domain('IPA') self.assertTrue(isinstance(domain, SSSDConfig.SSSDDomain)) self.assertTrue(domain.active) domain = sssdconfig.get_domain('LDAP') self.assertTrue(isinstance(domain, SSSDConfig.SSSDDomain)) self.assertFalse(domain.active) # TODO verify the contents of this domain self.assertTrue(domain.get_option('ldap_id_use_start_tls')) # Negative Test - No such domain self.assertRaises(SSSDConfig.NoDomainError, sssdconfig.get_domain, 'nosuchdomain') # Positive Test - Domain with unknown provider # Expected result: Domain is imported, but does not contain the # unknown provider entry domain = sssdconfig.get_domain('INVALIDPROVIDER') self.assertFalse(domain.options.has_key('chpass_provider')) # Positive Test - Domain with unknown option # Expected result: Domain is imported, but does not contain the # unknown option entry domain = sssdconfig.get_domain('INVALIDOPTION') self.assertFalse(domain.options.has_key('nosuchoption')) def testNewDomain(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.new_domain, 'example.com') sssdconfig.new_config() # Positive Test domain = sssdconfig.new_domain('example.com') self.assertTrue(isinstance(domain, SSSDConfig.SSSDDomain)) self.failUnless(domain.get_name() in sssdconfig.list_domains()) self.failUnless(domain.get_name() in sssdconfig.list_inactive_domains()) # TODO: check that the values of this new domain # are set to the defaults from the schema def testDeleteDomain(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.delete_domain, 'IPA') # Positive Test sssdconfig.import_config(srcdir + '/testconfigs/sssd-valid.conf') self.assertTrue('IPA' in sssdconfig.list_domains()) self.assertTrue('IPA' in sssdconfig.list_active_domains()) self.assertTrue(sssdconfig.has_section('domain/IPA')) sssdconfig.delete_domain('IPA') self.assertFalse('IPA' in sssdconfig.list_domains()) self.assertFalse('IPA' in sssdconfig.list_active_domains()) self.assertFalse(sssdconfig.has_section('domain/IPA')) def testSaveDomain(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") # Negative Test - Not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.save_domain, 'IPA') # Positive Test sssdconfig.new_config() domain = sssdconfig.new_domain('example.com') domain.add_provider('ldap', 'id') domain.set_option('ldap_uri', 'ldap://ldap.example.com') domain.set_active(True) sssdconfig.save_domain(domain) self.assertTrue('example.com' in sssdconfig.list_domains()) self.assertTrue('example.com' in sssdconfig.list_active_domains()) self.assertEqual(sssdconfig.get('domain/example.com', 'ldap_uri'), 'ldap://ldap.example.com') # Negative Test - Type Error self.assertRaises(TypeError, sssdconfig.save_domain, self) # Positive test - Change the domain name and save it domain.set_name('example.com2') self.assertEqual(domain.name,'example.com2') self.assertEqual(domain.oldname,'example.com') sssdconfig.save_domain(domain) self.assertTrue('example.com2' in sssdconfig.list_domains()) self.assertTrue('example.com2' in sssdconfig.list_active_domains()) self.assertTrue(sssdconfig.has_section('domain/example.com2')) self.assertEqual(sssdconfig.get('domain/example.com2', 'ldap_uri'), 'ldap://ldap.example.com') self.assertFalse('example.com' in sssdconfig.list_domains()) self.assertFalse('example.com' in sssdconfig.list_active_domains()) self.assertFalse('example.com' in sssdconfig.list_inactive_domains()) self.assertFalse(sssdconfig.has_section('domain/example.com')) self.assertEquals(domain.oldname, None) # Positive test - Set the domain inactive and save it activelist = sssdconfig.list_active_domains() inactivelist = sssdconfig.list_inactive_domains() domain.set_active(False) sssdconfig.save_domain(domain) self.assertFalse('example.com2' in sssdconfig.list_active_domains()) self.assertTrue('example.com2' in sssdconfig.list_inactive_domains()) self.assertEquals(len(sssdconfig.list_active_domains()), len(activelist)-1) self.assertEquals(len(sssdconfig.list_inactive_domains()), len(inactivelist)+1) # Positive test - Set the domain active and save it activelist = sssdconfig.list_active_domains() inactivelist = sssdconfig.list_inactive_domains() domain.set_active(True) sssdconfig.save_domain(domain) self.assertTrue('example.com2' in sssdconfig.list_active_domains()) self.assertFalse('example.com2' in sssdconfig.list_inactive_domains()) self.assertEquals(len(sssdconfig.list_active_domains()), len(activelist)+1) self.assertEquals(len(sssdconfig.list_inactive_domains()), len(inactivelist)-1) # Positive test - Set the domain inactive and save it activelist = sssdconfig.list_active_domains() inactivelist = sssdconfig.list_inactive_domains() sssdconfig.deactivate_domain(domain.get_name()) self.assertFalse('example.com2' in sssdconfig.list_active_domains()) self.assertTrue('example.com2' in sssdconfig.list_inactive_domains()) self.assertEquals(len(sssdconfig.list_active_domains()), len(activelist)-1) self.assertEquals(len(sssdconfig.list_inactive_domains()), len(inactivelist)+1) # Positive test - Set the domain active and save it activelist = sssdconfig.list_active_domains() inactivelist = sssdconfig.list_inactive_domains() sssdconfig.activate_domain(domain.get_name()) self.assertTrue('example.com2' in sssdconfig.list_active_domains()) self.assertFalse('example.com2' in sssdconfig.list_inactive_domains()) self.assertEquals(len(sssdconfig.list_active_domains()), len(activelist)+1) self.assertEquals(len(sssdconfig.list_inactive_domains()), len(inactivelist)-1) # Positive test - Ensure that saved domains retain values domain.set_option('ldap_krb5_init_creds', True) domain.set_option('ldap_id_use_start_tls', False) domain.set_option('ldap_user_search_base', 'cn=accounts, dc=example, dc=com') self.assertTrue(domain.get_option('ldap_krb5_init_creds')) self.assertFalse(domain.get_option('ldap_id_use_start_tls')) self.assertEqual(domain.get_option('ldap_user_search_base'), 'cn=accounts, dc=example, dc=com') sssdconfig.save_domain(domain) of = '/tmp/testSaveDomain.out' #Ensure the output file doesn't exist try: os.unlink(of) except: pass #Write out the file sssdconfig.write(of) #Verify that the output file has the correct permissions mode = os.stat(of)[ST_MODE] #Output files should not be readable or writable by #non-owners, and should not be executable by anyone self.assertFalse(S_IMODE(mode) & 0177) #Remove the output file os.unlink(of) domain2 = sssdconfig.get_domain('example.com2') self.assertTrue(domain2.get_option('ldap_krb5_init_creds')) self.assertFalse(domain2.get_option('ldap_id_use_start_tls')) def testActivateDomain(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") domain_name = 'PROXY' # Negative test - Not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.activate_domain, domain_name) sssdconfig.import_config(srcdir + "/testconfigs/sssd-valid.conf") # Positive test - Activate an inactive domain self.assertTrue(domain_name in sssdconfig.list_domains()) self.assertFalse(domain_name in sssdconfig.list_active_domains()) self.assertTrue(domain_name in sssdconfig.list_inactive_domains()) sssdconfig.activate_domain('PROXY') self.assertTrue(domain_name in sssdconfig.list_domains()) self.assertTrue(domain_name in sssdconfig.list_active_domains()) self.assertFalse(domain_name in sssdconfig.list_inactive_domains()) # Positive test - Activate an active domain # This should succeed sssdconfig.activate_domain('PROXY') self.assertTrue(domain_name in sssdconfig.list_domains()) self.assertTrue(domain_name in sssdconfig.list_active_domains()) self.assertFalse(domain_name in sssdconfig.list_inactive_domains()) # Negative test - Invalid domain name self.assertRaises(SSSDConfig.NoDomainError, sssdconfig.activate_domain, 'nosuchdomain') # Negative test - Invalid domain name type self.assertRaises(SSSDConfig.NoDomainError, sssdconfig.activate_domain, self) def testDeactivateDomain(self): sssdconfig = SSSDConfig.SSSDConfig(srcdir + "/etc/sssd.api.conf", srcdir + "/etc/sssd.api.d") domain_name = 'IPA' # Negative test - Not initialized self.assertRaises(SSSDConfig.NotInitializedError, sssdconfig.activate_domain, domain_name) sssdconfig.import_config(srcdir + "/testconfigs/sssd-valid.conf") # Positive test -Deactivate an active domain self.assertTrue(domain_name in sssdconfig.list_domains()) self.assertTrue(domain_name in sssdconfig.list_active_domains()) self.assertFalse(domain_name in sssdconfig.list_inactive_domains()) sssdconfig.deactivate_domain(domain_name) self.assertTrue(domain_name in sssdconfig.list_domains()) self.assertFalse(domain_name in sssdconfig.list_active_domains()) self.assertTrue(domain_name in sssdconfig.list_inactive_domains()) # Positive test - Deactivate an inactive domain # This should succeed sssdconfig.deactivate_domain(domain_name) self.assertTrue(domain_name in sssdconfig.list_domains()) self.assertFalse(domain_name in sssdconfig.list_active_domains()) self.assertTrue(domain_name in sssdconfig.list_inactive_domains()) # Negative test - Invalid domain name self.assertRaises(SSSDConfig.NoDomainError, sssdconfig.activate_domain, 'nosuchdomain') # Negative test - Invalid domain name type self.assertRaises(SSSDConfig.NoDomainError, sssdconfig.activate_domain, self) if __name__ == "__main__": error = 0 suite = unittest.TestLoader().loadTestsFromTestCase(SSSDConfigTestSSSDService) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x1 suite = unittest.TestLoader().loadTestsFromTestCase(SSSDConfigTestSSSDDomain) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x2 suite = unittest.TestLoader().loadTestsFromTestCase(SSSDConfigTestSSSDConfig) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x4 suite = unittest.TestLoader().loadTestsFromTestCase(SSSDConfigTestValid) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x8 suite = unittest.TestLoader().loadTestsFromTestCase(SSSDConfigTestInvalid) res = unittest.TextTestRunner().run(suite) if not res.wasSuccessful(): error |= 0x10 sys.exit(error) �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/PaxHeaders.13173/sss_client���������������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�016426� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.734874891 30 atime=1396955003.535843846 30 ctime=1396954961.734874891 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/�������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�016732� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/ssh�����������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�017223� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.752874878 30 atime=1396955003.535843846 30 ctime=1396954961.752874878 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/ssh/���������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�017527� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/ssh/PaxHeaders.13173/sss_ssh_knownhostsproxy.c���������������������������0000644�0000000�0000000�00000000074�12320753107�024535� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 30 ctime=1396954961.752874878 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/ssh/sss_ssh_knownhostsproxy.c��������������������������������������������0000664�0024127�0024127�00000021157�12320753107�024765� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Jan Cholasta <jcholast@redhat.com> Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <stdio.h> #include <talloc.h> #include <unistd.h> #include <fcntl.h> #include <poll.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <netinet/tcp.h> #include <netdb.h> #include <popt.h> #include "util/util.h" #include "util/crypto/sss_crypto.h" #include "util/sss_ssh.h" #include "sss_client/sss_cli.h" #include "sss_client/ssh/sss_ssh_client.h" #define BUFFER_SIZE 8192 /* connect to server using socket */ static int connect_socket(int family, struct sockaddr *addr, size_t addr_len) { int flags; int sock = -1; struct pollfd fds[2]; char buffer[BUFFER_SIZE]; int i; ssize_t res; int ret; /* set O_NONBLOCK on standard input */ flags = fcntl(0, F_GETFL); if (flags == -1) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("fcntl() failed (%d): %s\n", ret, strerror(ret))); goto done; } ret = fcntl(0, F_SETFL, flags | O_NONBLOCK); if (ret == -1) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("fcntl() failed (%d): %s\n", ret, strerror(ret))); goto done; } /* create socket */ sock = socket(family, SOCK_STREAM, IPPROTO_TCP); if (sock == -1) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("socket() failed (%d): %s\n", ret, strerror(ret))); goto done; } /* connect to the server */ ret = connect(sock, addr, addr_len); if (ret == -1) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("connect() failed (%d): %s\n", ret, strerror(ret))); goto done; } /* set O_NONBLOCK on the socket */ flags = fcntl(sock, F_GETFL); if (flags == -1) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("fcntl() failed (%d): %s\n", ret, strerror(ret))); goto done; } ret = fcntl(sock, F_SETFL, flags | O_NONBLOCK); if (ret == -1) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("fcntl() failed (%d): %s\n", ret, strerror(ret))); goto done; } fds[0].fd = 0; fds[0].events = POLLIN; fds[1].fd = sock; fds[1].events = POLLIN; while (1) { ret = poll(fds, 2, -1); if (ret == -1) { ret = errno; if (ret == EINTR || ret == EAGAIN) { continue; } DEBUG(SSSDBG_OP_FAILURE, ("poll() failed (%d): %s\n", ret, strerror(ret))); goto done; } /* read from standard input & write to socket */ /* read from socket & write to standard output */ for (i = 0; i < 2; i++) { if (fds[i].revents & POLLIN) { res = read(fds[i].fd, buffer, BUFFER_SIZE); if (res == -1) { ret = errno; if (ret == EAGAIN || ret == EINTR || ret == EWOULDBLOCK) { continue; } DEBUG(SSSDBG_OP_FAILURE, ("read() failed (%d): %s\n", ret, strerror(ret))); goto done; } else if (res == 0) { ret = EOK; goto done; } errno = 0; res = sss_atomic_write_s(i == 0 ? sock : 1, buffer, res); ret = errno; if (res == -1) { DEBUG(SSSDBG_OP_FAILURE, ("sss_atomic_write_s() failed (%d): %s\n", ret, strerror(ret))); goto done; } else if (ret == EPIPE) { ret = EOK; goto done; } } if (fds[i].revents & POLLHUP) { ret = EOK; goto done; } } } done: if (sock >= 0) close(sock); return ret; } /* connect to server using proxy command */ static int connect_proxy_command(char **args) { int ret; execv(args[0], (char * const *)args); ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("execv() failed (%d): %s\n", ret, strerror(ret))); return ret; } int main(int argc, const char **argv) { TALLOC_CTX *mem_ctx = NULL; int pc_debug = SSSDBG_DEFAULT; int pc_port = 22; const char *pc_domain = NULL; const char *pc_host = NULL; const char **pc_args = NULL; struct poptOption long_options[] = { POPT_AUTOHELP { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, _("The debug level to run with"), NULL }, { "port", 'p', POPT_ARG_INT, &pc_port, 0, _("The port to use to connect to the host"), NULL }, { "domain", 'd', POPT_ARG_STRING, &pc_domain, 0, _("The SSSD domain to use"), NULL }, POPT_TABLEEND }; poptContext pc = NULL; char strport[6]; struct addrinfo ai_hint; struct addrinfo *ai = NULL; char canonhost[NI_MAXHOST]; const char *host = NULL; struct sss_ssh_ent *ent; int ret; debug_prg_name = argv[0]; ret = set_locale(); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("set_locale() failed (%d): %s\n", ret, strerror(ret))); ret = EXIT_FAILURE; goto fini; } mem_ctx = talloc_new(NULL); if (!mem_ctx) { DEBUG(SSSDBG_CRIT_FAILURE, ("Not enough memory\n")); ret = EXIT_FAILURE; goto fini; } /* parse parameters */ pc = poptGetContext(NULL, argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "HOST [PROXY_COMMAND]"); while ((ret = poptGetNextOpt(pc)) > 0) ; DEBUG_INIT(pc_debug); if (ret != -1) { BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini); } if (pc_port < 1 || pc_port > 65535) { BAD_POPT_PARAMS(pc, _("Invalid port\n"), ret, fini); } pc_host = poptGetArg(pc); if (pc_host == NULL) { BAD_POPT_PARAMS(pc, _("Host not specified\n"), ret, fini); } pc_args = poptGetArgs(pc); if (pc_args && pc_args[0] && pc_args[0][0] != '/') { BAD_POPT_PARAMS(pc, _("The path to the proxy command must be absolute\n"), ret, fini); } /* canonicalize hostname */ snprintf(strport, 6, "%d", pc_port); memset(&ai_hint, 0, sizeof(struct addrinfo)); ai_hint.ai_family = AF_UNSPEC; ai_hint.ai_socktype = SOCK_STREAM; ai_hint.ai_protocol = IPPROTO_TCP; ai_hint.ai_flags = AI_ADDRCONFIG | AI_NUMERICHOST | AI_NUMERICSERV; ret = getaddrinfo(pc_host, strport, &ai_hint, &ai); if (ret) { ai_hint.ai_flags = AI_ADDRCONFIG | AI_CANONNAME | AI_NUMERICSERV; ret = getaddrinfo(pc_host, strport, &ai_hint, &ai); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("getaddrinfo() failed (%d): %s\n", ret, gai_strerror(ret))); } else { host = ai[0].ai_canonname; } } else { ret = getnameinfo(ai[0].ai_addr, ai[0].ai_addrlen, canonhost, NI_MAXHOST, NULL, 0, NI_NAMEREQD); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("getnameinfo() failed (%d): %s\n", ret, gai_strerror(ret))); } else { host = canonhost; } } if (host) { /* look up public keys */ ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS, host, pc_domain, pc_host, &ent); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret))); } } /* connect to server */ if (pc_args) { ret = connect_proxy_command(discard_const(pc_args)); } else if (ai) { ret = connect_socket(ai[0].ai_family, ai[0].ai_addr, ai[0].ai_addrlen); } else { ret = EFAULT; } ret = (ret == EOK) ? EXIT_SUCCESS : EXIT_FAILURE; fini: poptFreeContext(pc); if (ai) freeaddrinfo(ai); talloc_free(mem_ctx); return ret; } �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/ssh/PaxHeaders.13173/sss_ssh_client.h������������������������������������0000644�0000000�0000000�00000000074�12320753107�022501� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 30 ctime=1396954961.505875061 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/ssh/sss_ssh_client.h�����������������������������������������������������0000664�0024127�0024127�00000002530�12320753107�022723� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Jan Cholasta <jcholast@redhat.com> Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifndef _SSS_SSH_CLIENT_H_ #define _SSS_SSH_CLIENT_H_ void usage(poptContext pc, const char *error); int set_locale(void); #define BAD_POPT_PARAMS(pc, msg, val, label) do { \ usage(pc, msg); \ val = EXIT_FAILURE; \ goto label; \ } while(0) errno_t sss_ssh_get_ent(TALLOC_CTX *mem_ctx, enum sss_cli_command command, const char *name, const char *domain, const char *alias, struct sss_ssh_ent **result); #endif /* _SSS_SSH_CLIENT_H_ */ ������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/ssh/PaxHeaders.13173/sss_ssh_authorizedkeys.c����������������������������0000644�0000000�0000000�00000000074�12320753107�024270� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.751874879 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/ssh/sss_ssh_authorizedkeys.c���������������������������������������������0000664�0024127�0024127�00000006325�12320753107�024520� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Jan Cholasta <jcholast@redhat.com> Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <stdio.h> #include <talloc.h> #include <popt.h> #include "util/util.h" #include "util/crypto/sss_crypto.h" #include "util/sss_ssh.h" #include "sss_client/sss_cli.h" #include "sss_client/ssh/sss_ssh_client.h" int main(int argc, const char **argv) { TALLOC_CTX *mem_ctx = NULL; int pc_debug = SSSDBG_DEFAULT; const char *pc_domain = NULL; const char *pc_user = NULL; struct poptOption long_options[] = { POPT_AUTOHELP { "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0, _("The debug level to run with"), NULL }, { "domain", 'd', POPT_ARG_STRING, &pc_domain, 0, _("The SSSD domain to use"), NULL }, POPT_TABLEEND }; poptContext pc = NULL; struct sss_ssh_ent *ent; size_t i; char *repr; int ret; debug_prg_name = argv[0]; ret = set_locale(); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("set_locale() failed (%d): %s\n", ret, strerror(ret))); ERROR("Error setting the locale\n"); ret = EXIT_FAILURE; goto fini; } mem_ctx = talloc_new(NULL); if (!mem_ctx) { ERROR("Not enough memory\n"); ret = EXIT_FAILURE; goto fini; } /* parse parameters */ pc = poptGetContext(NULL, argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "USER"); while ((ret = poptGetNextOpt(pc)) > 0) ; DEBUG_INIT(pc_debug); if (ret != -1) { BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini); } pc_user = poptGetArg(pc); if (pc_user == NULL) { BAD_POPT_PARAMS(pc, _("User not specified\n"), ret, fini); } /* look up public keys */ ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_USER_PUBKEYS, pc_user, pc_domain, NULL, &ent); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret))); ERROR("Error looking up public keys\n"); ret = EXIT_FAILURE; goto fini; } /* print results */ for (i = 0; i < ent->num_pubkeys; i++) { ret = sss_ssh_format_pubkey(mem_ctx, &ent->pubkeys[i], &repr); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sss_ssh_format_pubkey() failed (%d): %s\n", ret, strerror(ret))); continue; } printf("%s\n", repr); } ret = EXIT_SUCCESS; fini: poptFreeContext(pc); talloc_free(mem_ctx); return ret; } �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/ssh/PaxHeaders.13173/sss_ssh_client.c������������������������������������0000644�0000000�0000000�00000000073�12320753107�022473� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 29 ctime=1396954961.75087488 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/ssh/sss_ssh_client.c�����������������������������������������������������0000664�0024127�0024127�00000014622�12320753107�022723� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Jan Cholasta <jcholast@redhat.com> Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "config.h" #include <errno.h> #include <stdlib.h> #include <stdio.h> #include <talloc.h> #include <popt.h> #include <locale.h> #include <libintl.h> #include <string.h> #include "util/util.h" #include "util/crypto/sss_crypto.h" #include "util/sss_ssh.h" #include "sss_client/sss_cli.h" #include "sss_client/ssh/sss_ssh_client.h" /* FIXME - split from tools_util to create a common function */ void usage(poptContext pc, const char *error) { poptPrintUsage(pc, stderr, 0); if (error) fprintf(stderr, "%s", error); } /* FIXME - split from tools_util to create a common function */ int set_locale(void) { char *c; c = setlocale(LC_ALL, ""); if (c == NULL) { return EIO; } errno = 0; c = bindtextdomain(PACKAGE, LOCALEDIR); if (c == NULL) { return errno; } errno = 0; c = textdomain(PACKAGE); if (c == NULL) { return errno; } return EOK; } /* SSH public key request: * * header: * 0..3: flags (unsigned int, must be combination of SSS_SSH_REQ_* flags) * 4..7: name length (unsigned int) * 8..X: name (null-terminated UTF-8 string) * alias (only included if flags & SSS_SSH_REQ_ALIAS): * 0..3: alias length (unsigned int) * 4..X: alias (null-terminated UTF-8 string) * domain (ony included if flags & SSS_SSH_REQ_DOMAIN): * 0..3: domain length (unsigned int, 0 means default domain) * 4..X: domain (null-terminated UTF-8 string) * * SSH public key reply: * * header: * 0..3: number of results (unsigned int) * 4..7: reserved (unsigned int, must be 0) * results (repeated for each result): * 0..3: flags (unsigned int, must be 0) * 4..7: name length (unsigned int) * 8..(X-1): name (null-terminated UTF-8 string) * X..(X+3): key length (unsigned int) * (X+4)..Y: key (public key data) */ errno_t sss_ssh_get_ent(TALLOC_CTX *mem_ctx, enum sss_cli_command command, const char *name, const char *domain, const char *alias, struct sss_ssh_ent **result) { TALLOC_CTX *tmp_ctx; struct sss_ssh_ent *res = NULL; errno_t ret; uint32_t flags; uint32_t name_len; uint32_t alias_len = 0; uint32_t domain_len; size_t req_len; uint8_t *req = NULL; size_t c = 0; struct sss_cli_req_data rd; int req_ret, req_errno; uint8_t *rep = NULL; size_t rep_len; uint32_t count, reserved, len, i; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } /* build request */ flags = 0; name_len = strlen(name)+1; req_len = 2*sizeof(uint32_t) + name_len; if (alias) { flags |= SSS_SSH_REQ_ALIAS; alias_len = strlen(alias)+1; req_len += sizeof(uint32_t) + alias_len; } flags |= SSS_SSH_REQ_DOMAIN; domain_len = domain ? (strlen(domain)+1) : 0; req_len += sizeof(uint32_t) + domain_len; req = talloc_array(tmp_ctx, uint8_t, req_len); if (!req) { ret = ENOMEM; goto done; } SAFEALIGN_SET_UINT32(req+c, flags, &c); SAFEALIGN_SET_UINT32(req+c, name_len, &c); safealign_memcpy(req+c, name, name_len, &c); if (alias) { SAFEALIGN_SET_UINT32(req+c, alias_len, &c); safealign_memcpy(req+c, alias, alias_len, &c); } SAFEALIGN_SET_UINT32(req+c, domain_len, &c); if (domain_len > 0) { safealign_memcpy(req+c, domain, domain_len, &c); } /* send request */ rd.data = req; rd.len = req_len; req_ret = sss_ssh_make_request(command, &rd, &rep, &rep_len, &req_errno); if (req_errno != EOK) { ret = req_errno; goto done; } if (req_ret != SSS_STATUS_SUCCESS) { ret = EFAULT; goto done; } /* parse reply */ c = 0; if (rep_len-c < 2*sizeof(uint32_t)) { ret = EINVAL; goto done; } SAFEALIGN_COPY_UINT32(&count, rep+c, &c); SAFEALIGN_COPY_UINT32(&reserved, rep+c, &c); if (reserved != 0) { ret = EINVAL; goto done; } res = talloc_zero(tmp_ctx, struct sss_ssh_ent); if (!res) { ret = ENOMEM; goto done; } if (count > 0) { res->pubkeys = talloc_zero_array(res, struct sss_ssh_pubkey, count); if (!res->pubkeys) { ret = ENOMEM; goto done; } res->num_pubkeys = count; } for (i = 0; i < count; i++) { if (rep_len-c < 2*sizeof(uint32_t)) { ret = EINVAL; goto done; } SAFEALIGN_COPY_UINT32(&flags, rep+c, &c); if (flags != 0) { ret = EINVAL; goto done; } SAFEALIGN_COPY_UINT32(&len, rep+c, &c); if (rep_len-c < len + sizeof(uint32_t)) { ret = EINVAL; goto done; } if (!res->name) { res->name = talloc_array(res, char, len); if (!res->name) { ret = ENOMEM; goto done; } safealign_memcpy(res->name, rep+c, len, &c); if (strnlen(res->name, len) != len-1) { ret = EINVAL; goto done; } } else { c += len; } SAFEALIGN_COPY_UINT32(&len, rep+c, &c); if (rep_len-c < len) { ret = EINVAL; goto done; } res->pubkeys[i].data = talloc_array(res, uint8_t, len); if (!res->pubkeys[i].data) { ret = ENOMEM; goto done; } safealign_memcpy(res->pubkeys[i].data, rep+c, len, &c); res->pubkeys[i].data_len = len; } *result = talloc_steal(mem_ctx, res); ret = EOK; done: talloc_free(tmp_ctx); free(rep); return ret; } ��������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/sssd_pac.c����������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020453� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 30 ctime=1396954961.703874914 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sssd_pac.c���������������������������������������������������������������0000664�0024127�0024127�00000020074�12320753107�020700� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Sumit Bose <sbose@redhat.com> Copyright (C) 2011, 2012, 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ /* A short documentation about authdata plugins can be found in * http://http://k5wiki.kerberos.org/wiki/Projects/VerifyAuthData */ #include <krb5/krb5.h> #include <errno.h> #include "krb5_authdata_int.h" #include "sss_cli.h" struct sssd_context { krb5_data data; }; static krb5_error_code sssdpac_init(krb5_context kcontext, void **plugin_context) { *plugin_context = NULL; return 0; } static void sssdpac_flags(krb5_context kcontext, void *plugin_context, krb5_authdatatype ad_type, krb5_flags *flags) { *flags = AD_USAGE_KDC_ISSUED | AD_USAGE_TGS_REQ; } static void sssdpac_fini(krb5_context kcontext, void *plugin_context) { return; } static krb5_error_code sssdpac_request_init(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void **request_context) { struct sssd_context *sssdctx; sssdctx = (struct sssd_context *)calloc(1, sizeof(*sssdctx)); if (sssdctx == NULL) { return ENOMEM; } *request_context = sssdctx; return 0; } static krb5_error_code sssdpac_import_authdata(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, krb5_authdata **authdata, krb5_boolean kdc_issued, krb5_const_principal kdc_issuer) { char *data = NULL; struct sssd_context *sssdctx = (struct sssd_context *)request_context; if (authdata[0] == NULL) { return EINVAL; } if (authdata[0]->length > 0) { data = malloc(sizeof(char) * authdata[0]->length); if (data == NULL) { return ENOMEM; } memcpy(data, authdata[0]->contents, authdata[0]->length); } if (sssdctx->data.data != NULL) { krb5_free_data_contents(kcontext, &sssdctx->data); } sssdctx->data.length = authdata[0]->length; sssdctx->data.data = data; return 0; } static void sssdpac_request_fini(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context) { struct sssd_context *sssdctx = (struct sssd_context *)request_context; if (sssdctx != NULL) { if (sssdctx->data.data != NULL) { krb5_free_data_contents(kcontext, &sssdctx->data); } free(sssdctx); } } static krb5_error_code sssdpac_verify(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, const krb5_auth_context *auth_context, const krb5_keyblock *key, const krb5_ap_req *req) { krb5_error_code kerr; int ret; krb5_pac pac; struct sssd_context *sssdctx = (struct sssd_context *)request_context; struct sss_cli_req_data sss_data; int errnop; if (sssdctx == NULL || sssdctx->data.data == NULL) { return EINVAL; } kerr = krb5_pac_parse(kcontext, sssdctx->data.data, sssdctx->data.length, &pac); if (kerr != 0) { return EINVAL; } kerr = krb5_pac_verify(kcontext, pac, req->ticket->enc_part2->times.authtime, req->ticket->enc_part2->client, key, NULL); if (kerr != 0) { return EINVAL; } sss_data.len = sssdctx->data.length; sss_data.data = sssdctx->data.data; ret = sss_pac_make_request(SSS_PAC_ADD_PAC_USER, &sss_data, NULL, NULL, &errnop); if (ret != 0) { /* Ignore the error */ } return 0; } static krb5_error_code sssdpac_size(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, size_t *sizep) { struct sssd_context *sssdctx = (struct sssd_context *)request_context; *sizep += sizeof(krb5_int32); *sizep += sssdctx->data.length; *sizep += sizeof(krb5_int32); return 0; } static krb5_error_code sssdpac_externalize(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, krb5_octet **buffer, size_t *lenremain) { krb5_error_code code = 0; struct sssd_context *sssdctx = (struct sssd_context *)request_context; size_t required = 0; krb5_octet *bp; size_t remain; bp = *buffer; remain = *lenremain; if (sssdctx->data.data != NULL) { sssdpac_size(kcontext, context, plugin_context, request_context, &required); if (required <= remain) { krb5_ser_pack_int32((krb5_int32)sssdctx->data.length, &bp, &remain); krb5_ser_pack_bytes((krb5_octet *)sssdctx->data.data, (size_t)sssdctx->data.length, &bp, &remain); krb5_ser_pack_int32(0, &bp, &remain); } else { code = ENOMEM; } } else { krb5_ser_pack_int32(0, &bp, &remain); /* length */ krb5_ser_pack_int32(0, &bp, &remain); /* verified */ } *buffer = bp; *lenremain = remain; return code; } static krb5_error_code sssdpac_internalize(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, krb5_octet **buffer, size_t *lenremain) { struct sssd_context *sssdctx = (struct sssd_context *)request_context; krb5_error_code code; krb5_int32 ibuf; krb5_octet *bp; size_t remain; krb5_data data; bp = *buffer; remain = *lenremain; /* length */ code = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (code != 0) { return code; } if (ibuf != 0) { data.length = ibuf; data.data = malloc(sizeof(char) * ibuf); if (data.data == NULL) { return ENOMEM; } memcpy(data.data, bp, ibuf); bp += ibuf; remain -= ibuf; } else { data.length = 0; data.data = NULL; } /* verified */ code = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (code != 0) { return code; } if (sssdctx->data.data != NULL) { krb5_free_data_contents(kcontext, &sssdctx->data); } sssdctx->data.length = data.length; sssdctx->data.data = data.data; *buffer = bp; *lenremain = remain; return 0; } static krb5_authdatatype sssdpac_ad_types[] = { KRB5_AUTHDATA_WIN2K_PAC, 0 }; krb5plugin_authdata_client_ftable_v0 authdata_client_0 = { ((void *)((uintptr_t)("sssd_sssdpac"))), sssdpac_ad_types, sssdpac_init, sssdpac_fini, sssdpac_flags, sssdpac_request_init, sssdpac_request_fini, NULL, NULL, NULL, NULL, NULL, sssdpac_import_authdata, NULL, NULL, sssdpac_verify, sssdpac_size, sssdpac_externalize, sssdpac_internalize, NULL }; ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/autofs��������������������������������������������������0000644�0000000�0000000�00000000130�12320753521�017725� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 mtime=1396954961.70987491 30 atime=1396955003.535843846 29 ctime=1396954961.70987491 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/autofs/������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�020233� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/autofs/PaxHeaders.13173/sss_autofs.c�������������������������������������0000644�0000000�0000000�00000000074�12320753107�022346� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.562875019 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/autofs/sss_autofs.c������������������������������������������������������0000664�0024127�0024127�00000025354�12320753107�022601� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Jakub Hrozek <jhrozek@redhat.com> Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <errno.h> #include <stdlib.h> #include "sss_client/autofs/sss_autofs_private.h" #include "sss_client/sss_cli.h" /* Historically, autofs map names were just file names. Direct key names * may be full directory paths */ #define MAX_AUTOMNTMAPNAME_LEN NAME_MAX #define MAX_AUTOMNTKEYNAME_LEN PATH_MAX /* How many entries shall _sss_getautomntent_r retreive at once */ #define GETAUTOMNTENT_MAX_ENTRIES 512 struct automtent { char *mapname; size_t cursor; }; static struct sss_getautomntent_data { char *mapname; size_t len; size_t ptr; uint8_t *data; } sss_getautomntent_data; static void sss_getautomntent_data_clean(void) { free(sss_getautomntent_data.data); free(sss_getautomntent_data.mapname); memset(&sss_getautomntent_data, 0, sizeof(struct sss_getautomntent_data)); } errno_t _sss_setautomntent(const char *mapname, void **context) { errno_t ret; int errnop; struct automtent *ctx; char *name; size_t name_len; struct sss_cli_req_data rd; uint8_t *repbuf = NULL; size_t replen; if (!mapname) return EINVAL; sss_nss_lock(); /* Make sure there are no leftovers from previous runs */ sss_getautomntent_data_clean(); ret = sss_strnlen(mapname, MAX_AUTOMNTMAPNAME_LEN, &name_len); if (ret != 0) { ret = EINVAL; goto out; } name = malloc(sizeof(char)*name_len + 1); if (name == NULL) { ret = ENOMEM; goto out; } strncpy(name, mapname, name_len + 1); rd.data = name; rd.len = name_len + 1; sss_autofs_make_request(SSS_AUTOFS_SETAUTOMNTENT, &rd, &repbuf, &replen, &errnop); if (errnop != 0) { free(name); ret = errnop; goto out; } /* no results if not found */ if (((uint32_t *)repbuf)[0] == 0) { free(name); free(repbuf); ret = ENOENT; goto out; } free(repbuf); ctx = malloc(sizeof(struct automtent)); if (!ctx) { free(name); ret = ENOMEM; goto out; } ctx->mapname = strdup(name); if (!ctx->mapname) { free(name); free(ctx); ret = ENOMEM; goto out; } ctx->cursor = 0; free(name); *context = ctx; ret = 0; out: sss_nss_unlock(); return ret; } static errno_t sss_getautomntent_data_return(const char *mapname, char **_key, char **_value) { size_t dp; uint32_t len = 0; char *key = NULL; uint32_t keylen; char *value = NULL; uint32_t vallen; errno_t ret; if (sss_getautomntent_data.mapname == NULL || sss_getautomntent_data.data == NULL || sss_getautomntent_data.ptr >= sss_getautomntent_data.len) { /* We're done with this buffer */ ret = ENOENT; goto done; } ret = strcmp(mapname, sss_getautomntent_data.mapname); if (ret != EOK) { /* The map we're looking for is not cached. Let responder * do an implicit setautomntent */ ret = ENOENT; goto done; } dp = sss_getautomntent_data.ptr; SAFEALIGN_COPY_UINT32(&len, sss_getautomntent_data.data+dp, &dp); if (len + sss_getautomntent_data.ptr > sss_getautomntent_data.len) { /* len is bigger than the buffer */ ret = EIO; goto done; } if (len == 0) { /* There are no more records. */ *_key = NULL; *_value = NULL; ret = ENOENT; goto done; } SAFEALIGN_COPY_UINT32(&keylen, sss_getautomntent_data.data+dp, &dp); if (keylen + dp > sss_getautomntent_data.len) { ret = EIO; goto done; } key = malloc(keylen); if (!key) { ret = ENOMEM; goto done; } safealign_memcpy(key, sss_getautomntent_data.data+dp, keylen, &dp); SAFEALIGN_COPY_UINT32(&vallen, sss_getautomntent_data.data+dp, &dp); if (vallen + dp > sss_getautomntent_data.len) { ret = EIO; goto done; } value = malloc(vallen); if (!value) { ret = ENOMEM; goto done; } safealign_memcpy(value, sss_getautomntent_data.data+dp, vallen, &dp); sss_getautomntent_data.ptr = dp; *_key = key; *_value = value; return EOK; done: free(key); free(value); sss_getautomntent_data_clean(); return ret; } /* The repbuf is owned by the sss_getautomntent_data once this * function is called */ static errno_t sss_getautomntent_data_save(const char *mapname, uint8_t **repbuf, size_t replen) { size_t rp; uint32_t num; rp = 0; SAFEALIGN_COPY_UINT32(&num, *repbuf+rp, &rp); if (num == 0) { free(*repbuf); return ENOENT; } sss_getautomntent_data.mapname = strdup(mapname); if (sss_getautomntent_data.mapname == NULL) { free(*repbuf); return ENOENT; } sss_getautomntent_data.data = *repbuf; sss_getautomntent_data.len = replen; sss_getautomntent_data.ptr = rp; *repbuf = NULL; return EOK; } errno_t _sss_getautomntent_r(char **key, char **value, void *context) { int errnop; errno_t ret; size_t name_len; struct sss_cli_req_data rd; uint8_t *repbuf = NULL; size_t replen; struct automtent *ctx; size_t ctr = 0; size_t data_len = 0; uint8_t *data; sss_nss_lock(); ctx = (struct automtent *) context; if (!ctx) { ret = EINVAL; goto out; } /* Be paranoid in case someone tries to smuggle in a huge map name */ ret = sss_strnlen(ctx->mapname, MAX_AUTOMNTMAPNAME_LEN, &name_len); if (ret != 0) { ret = EINVAL; goto out; } ret = sss_getautomntent_data_return(ctx->mapname, key, value); if (ret == EOK) { /* The results are available from cache. Just advance the * cursor and return. */ ctx->cursor++; ret = 0; goto out; } /* Don't try to handle any error codes, just go to the responder again */ data_len = sizeof(uint32_t) + /* mapname len */ name_len + 1 + /* mapname\0 */ sizeof(uint32_t) + /* index into the map */ sizeof(uint32_t); /* num entries to retreive */ data = malloc(data_len); if (!data) { ret = ENOMEM; goto out; } SAFEALIGN_SET_UINT32(data, name_len, &ctr); safealign_memcpy(data+ctr, ctx->mapname, name_len + 1, &ctr); SAFEALIGN_SET_UINT32(data+ctr, ctx->cursor, &ctr); SAFEALIGN_SET_UINT32(data+ctr, GETAUTOMNTENT_MAX_ENTRIES, &ctr); rd.data = data; rd.len = data_len; sss_autofs_make_request(SSS_AUTOFS_GETAUTOMNTENT, &rd, &repbuf, &replen, &errnop); free(data); if (errnop != 0) { ret = errnop; goto out; } /* Got reply, let's save it and return from "cache" */ ret = sss_getautomntent_data_save(ctx->mapname, &repbuf, replen); if (ret == ENOENT) { /* No results */ *key = NULL; *value = NULL; goto out; } else if (ret != EOK) { /* Unexpected error */ goto out; } ret = sss_getautomntent_data_return(ctx->mapname, key, value); if (ret != EOK) { goto out; } /* Advance the cursor so that we'll fetch the next map * next time getautomntent is called */ ctx->cursor++; ret = 0; out: sss_nss_unlock(); return ret; } errno_t _sss_getautomntbyname_r(const char *key, char **value, void *context) { int errnop; errno_t ret; struct automtent *ctx; size_t key_len; size_t name_len; size_t data_len = 0; uint8_t *data; size_t ctr = 0; struct sss_cli_req_data rd; uint8_t *repbuf = NULL; size_t replen; char *buf; uint32_t len; uint32_t vallen; size_t rp; sss_nss_lock(); ctx = (struct automtent *) context; if (!ctx || !key) { ret = EINVAL; goto out; } /* Be paranoid in case someone tries to smuggle in a huge map name */ ret = sss_strnlen(ctx->mapname, MAX_AUTOMNTMAPNAME_LEN, &name_len); if (ret != 0) { ret = EINVAL; goto out; } ret = sss_strnlen(key, MAX_AUTOMNTKEYNAME_LEN, &key_len); if (ret != 0) { ret = EINVAL; goto out; } data_len = sizeof(uint32_t) + /* mapname len */ name_len + 1 + /* mapname\0 */ sizeof(uint32_t) + /* keyname len */ key_len + 1; /* keyname\0 */ data = malloc(data_len); if (!data) { ret = ENOMEM; goto out; } SAFEALIGN_SET_UINT32(data, name_len, &ctr); safealign_memcpy(data+ctr, ctx->mapname, name_len + 1, &ctr); SAFEALIGN_SET_UINT32(data+ctr, key_len, &ctr); safealign_memcpy(data+ctr, key, key_len + 1, &ctr); rd.data = data; rd.len = data_len; sss_autofs_make_request(SSS_AUTOFS_GETAUTOMNTBYNAME, &rd, &repbuf, &replen, &errnop); free(data); if (errnop != 0) { ret = errnop; goto out; } /* Got reply, let's parse it */ rp = 0; SAFEALIGN_COPY_UINT32(&len, repbuf+rp, &rp); if (len == 0) { /* No data */ *value = NULL; ret = ENOENT; goto out; } SAFEALIGN_COPY_UINT32(&vallen, repbuf+rp, &rp); if (vallen > len-rp) { ret = EIO; goto out; } buf = malloc(vallen); if (!buf) { ret = ENOMEM; goto out; } safealign_memcpy(buf, repbuf+rp, vallen, &rp); *value = buf; ret = 0; out: free(repbuf); sss_nss_unlock(); return ret; } errno_t _sss_endautomntent(void **context) { struct automtent *fctx; errno_t ret; int errnop; if (!context) return 0; sss_nss_lock(); sss_getautomntent_data_clean(); fctx = (struct automtent *) *context; free(fctx->mapname); free(fctx); sss_autofs_make_request(SSS_AUTOFS_ENDAUTOMNTENT, NULL, NULL, NULL, &errnop); if (errnop != 0) { ret = errnop; goto out; } ret = 0; out: sss_nss_unlock(); return ret; } ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/autofs/PaxHeaders.13173/autofs_test_client.c�����������������������������0000644�0000000�0000000�00000000073�12320753107�024052� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 29 ctime=1396954961.70987491 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/autofs/autofs_test_client.c����������������������������������������������0000664�0024127�0024127�00000007140�12320753107�024277� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Jakub Hrozek <jhrozek@redhat.com> Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> #include <stdlib.h> #include <dlfcn.h> #include <errno.h> #include <popt.h> #include "util/util.h" #include "sss_client/autofs/sss_autofs_private.h" struct automtent { const char *mapname; size_t cursor; }; int main(int argc, const char *argv[]) { void *ctx; errno_t ret; const char *mapname; char *key = NULL; char *value = NULL; char *pc_key = NULL; struct poptOption long_options[] = { POPT_AUTOHELP { "by-name", 'n', POPT_ARG_STRING, &pc_key, 0, "Request map by name", NULL }, POPT_TABLEEND }; poptContext pc = NULL; pc = poptGetContext(NULL, argc, argv, long_options, 0); poptSetOtherOptionHelp(pc, "MAPNAME"); while ((ret = poptGetNextOpt(pc)) > 0) ; mapname = poptGetArg(pc); if (mapname == NULL) { poptPrintUsage(pc, stderr, 0); fprintf(stderr, "Please specify the automounter map name\n"); poptFreeContext(pc); exit(EXIT_FAILURE); } poptFreeContext(pc); ret = _sss_setautomntent(mapname, &ctx); if (ret) { fprintf(stderr, "setautomntent failed [%d]: %s\n", ret, strerror(ret)); exit(EXIT_FAILURE); } printf("setautomntent done for %s\n", mapname); if (!pc_key) { do { ret = _sss_getautomntent_r(&key, &value, ctx); if (ret == 0) { if (!key || !value) { fprintf(stderr, "getautomntent returned success but no data?\n"); goto end; } printf("key: %s\t\tvalue: %s\n", key, value); free(key); key = NULL; free(value); value = NULL; } } while(ret == 0); if (ret != 0 && ret != ENOENT) { fprintf(stderr, "getautomntent_r failed [%d]: %s\n", ret, strerror(ret)); goto end; } } else { ret = _sss_getautomntbyname_r(pc_key, &value, ctx); if (ret == ENOENT) { fprintf(stderr, "no such entry in map\n"); } else if (ret != 0) { fprintf(stderr, "getautomntent_r failed [%d]: %s\n", ret, strerror(ret)); goto end; } else { if (!value) { fprintf(stderr, "_sss_getautomntbyname_r " "returned success but no data?\n"); goto end; } printf("key: %s\t\tvalue: %s\n", pc_key, value); free(value); } } end: ret = _sss_endautomntent(&ctx); if (ret) { fprintf(stderr, "endautomntent failed [%d]: %s\n", ret, strerror(ret)); exit(EXIT_FAILURE); } printf("endautomntent done for %s\n", mapname); return 0; } ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/autofs/PaxHeaders.13173/sss_autofs.exports�������������������������������0000644�0000000�0000000�00000000073�12320753107�023627� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 29 ctime=1396954961.39787514 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/autofs/sss_autofs.exports������������������������������������������������0000664�0024127�0024127�00000000400�12320753107�024044� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������EXPORTED { # public functions global: _sss_setautomntent; _sss_getautomntent_r; _sss_getautomntbyname_r; _sss_endautomntent; # everything else is local local: *; }; ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/autofs/PaxHeaders.13173/sss_autofs_private.h�����������������������������0000644�0000000�0000000�00000000074�12320753107�024105� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.563875018 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/autofs/sss_autofs_private.h����������������������������������������������0000664�0024127�0024127�00000002470�12320753107�024332� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Jakub Hrozek <jhrozek@redhat.com> Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <errno.h> #include "util/util.h" /** * Selects a map for processing. */ errno_t _sss_setautomntent(const char *mapname, void **context); /** * Iterates through key/value pairs in the selected map. The key is usually * the mount point, the value is mount information (server:/export) */ errno_t _sss_getautomntent_r(char **key, char **value, void *context); /** * Returns value for a specific key */ errno_t _sss_getautomntbyname_r(const char *key, char **value, void *context); /** * Deselect a map, end the processing */ errno_t _sss_endautomntent(void **context); ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/COPYING.LESSER������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020537� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.392875144 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/COPYING.LESSER�����������������������������������������������������������0000664�0024127�0024127�00000016733�12320753107�020773� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������ GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 0. Additional Definitions. As used herein, "this License" refers to version 3 of the GNU Lesser General Public License, and the "GNU GPL" refers to version 3 of the GNU General Public License. "The Library" refers to a covered work governed by this License, other than an Application or a Combined Work as defined below. An "Application" is any work that makes use of an interface provided by the Library, but which is not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library. A "Combined Work" is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the "Linked Version". The "Minimal Corresponding Source" for a Combined Work means the Corresponding Source for the Combined Work, excluding any source code for portions of the Combined Work that, considered in isolation, are based on the Application, and not on the Linked Version. The "Corresponding Application Code" for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work. 1. Exception to Section 3 of the GNU GPL. You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL. 2. Conveying Modified Versions. If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: a) under this License, provided that you make a good faith effort to ensure that, in the event an Application does not supply the function or data, the facility still operates, and performs whatever part of its purpose remains meaningful, or b) under the GNU GPL, with none of the additional permissions of this License applicable to that copy. 3. Object Code Incorporating Material from Library Header Files. The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following: a) Give prominent notice with each copy of the object code that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the object code with a copy of the GNU GPL and this license document. 4. Combined Works. You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the Combined Work with a copy of the GNU GPL and this license document. c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document. d) Do one of the following: 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source. 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version. e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.) 5. Combined Libraries. You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities, conveyed under the terms of this License. b) Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 6. Revised Versions of the GNU Lesser General Public License. The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library as you received it specifies that a certain numbered version of the GNU Lesser General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that published version or of any later version published by the Free Software Foundation. If the Library as you received it does not specify a version number of the GNU Lesser General Public License, you may choose any version of the GNU Lesser General Public License ever published by the Free Software Foundation. If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library. �������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/nss_compat.h��������������������������������������������0000644�0000000�0000000�00000000074�12320753107�021027� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.541875034 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/nss_compat.h�������������������������������������������������������������0000664�0024127�0024127�00000003654�12320753107�021261� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD nss_compat.h Authors: Stephen Gallagher <sgallagh@redhat.com> Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. Portions of this source file were copied from nss-pam-ldapd version 0.7.8, licensed under LGPLv2.1+ */ #ifndef NSS_COMPAT_H_ #define NSS_COMPAT_H_ /* We also define struct __netgrent because it's definition is not publically available. This is taken from inet/netgroup.h of the glibc (2.3.6) source tarball. The first part of the struct is the only part that is modified by our getnetgrent() function, all the other fields are not touched at all. */ struct __netgrent { enum { triple_val, group_val } type; union { struct { const char *host; const char *user; const char *domain; } triple; const char *group; } val; /* the following stuff is used by some NSS services but not by ours (it's not completely clear how these are shared between different services) or is used by our caller */ char *data; size_t data_size; union { char *cursor; unsigned long int position; } idx; /* added name to union to avoid warning */ int first; struct name_list *known_groups; struct name_list *needed_groups; void *nip; /* changed from `service_user *nip' */ }; #endif /* NSS_COMPAT_H_ */ ������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/nss_mc.h������������������������������������������������0000644�0000000�0000000�00000000073�12320753107�020142� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 29 ctime=1396954961.54687503 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/nss_mc.h�����������������������������������������������������������������0000664�0024127�0024127�00000005214�12320753107�020367� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * System Security Services Daemon. NSS client interface * * Copyright (C) Simo Sorce 2011 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ /* NSS interfaces to mmap cache */ #ifndef _NSS_MC_H_ #define _NSS_MC_H_ #include <stdint.h> #include <stdbool.h> #include <pwd.h> #include <grp.h> #include "util/mmap_cache.h" #ifndef HAVE_ERRNO_T #define HAVE_ERRNO_T typedef int errno_t; #endif /* common stuff */ struct sss_cli_mc_ctx { bool initialized; int fd; uint32_t seed; /* seed from the tables header */ void *mmap_base; /* base address of mmap */ size_t mmap_size; /* total size of mmap */ uint8_t *data_table; /* data table address (in mmap) */ uint32_t dt_size; /* size of data table */ uint32_t *hash_table; /* hash table address (in mmap) */ uint32_t ht_size; /* size of hash table */ }; errno_t sss_nss_mc_get_ctx(const char *name, struct sss_cli_mc_ctx *ctx); errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx); uint32_t sss_nss_mc_hash(struct sss_cli_mc_ctx *ctx, const char *key, size_t len); errno_t sss_nss_mc_get_record(struct sss_cli_mc_ctx *ctx, uint32_t slot, struct sss_mc_rec **_rec); errno_t sss_nss_str_ptr_from_buffer(char **str, void **cookie, char *buf, size_t len); /* passwd db */ errno_t sss_nss_mc_getpwnam(const char *name, size_t name_len, struct passwd *result, char *buffer, size_t buflen); errno_t sss_nss_mc_getpwuid(uid_t uid, struct passwd *result, char *buffer, size_t buflen); /* group db */ errno_t sss_nss_mc_getgrnam(const char *name, size_t name_len, struct group *result, char *buffer, size_t buflen); errno_t sss_nss_mc_getgrgid(gid_t gid, struct group *result, char *buffer, size_t buflen); #endif /* _NSS_MC_H_ */ ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/sudo_testcli��������������������������������������������0000644�0000000�0000000�00000000132�12320753521�021127� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.753874878 30 atime=1396955003.535843846 30 ctime=1396954961.753874878 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo_testcli/������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�021433� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo_testcli/PaxHeaders.13173/sudo_testcli.c�����������������������������0000644�0000000�0000000�00000000074�12320753107�024056� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 30 ctime=1396954961.753874878 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo_testcli/sudo_testcli.c����������������������������������������������0000664�0024127�0024127�00000007277�12320753107�024315� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Pavel Březina <pbrezina@redhat.com> Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <stdlib.h> #include <stdio.h> #include <errno.h> #include <string.h> #include <talloc.h> #include <sys/types.h> #include <pwd.h> #include "sss_client/sss_cli.h" #include "sss_client/sudo/sss_sudo.h" #include "sss_client/sudo/sss_sudo_private.h" #ifndef EOK #define EOK 0 #endif void print_sss_result(struct sss_sudo_result *result); int main(int argc, char **argv) { int ret = 0; struct sss_sudo_result *result = NULL; struct passwd *passwd = NULL; const char *username = NULL; char *domainname = NULL; uid_t uid = 0; uint32_t error = 0; if (argc != 2 && argc != 3) { fprintf(stderr, "Usage: sss_sudo_cli username [uid]\n"); goto fail; } username = argv[1]; if (argc == 3) { uid = atoi(argv[2]); } else { passwd = getpwnam(username); if (passwd == NULL) { fprintf(stderr, "Unknown user\n"); goto fail; } uid = passwd->pw_uid; } /* get sss_result - it will send new query to responder */ /* get default options */ ret = sss_sudo_send_recv_defaults(uid, username, &error, &domainname, &result); if (ret != EOK) { fprintf(stderr, "sss_sudo_send_recv_defaults() failed: %s\n", strerror(ret)); goto fail; } printf("User [%s:%llu] found in domain: %s\n\n", username, (unsigned long long)uid, domainname != NULL ? domainname : "<NULL>"); printf("=== Printing response data [default options] ===\n"); printf("Response code: %d\n\n", error); if (error == SSS_SUDO_ERROR_OK) { print_sss_result(result); } sss_sudo_free_result(result); result = NULL; /* get rules */ ret = sss_sudo_send_recv(uid, username, domainname, &error, &result); if (ret != EOK) { fprintf(stderr, "sss_sudo_send_recv() failed: %s\n", strerror(ret)); goto fail; } printf("\n=== Printing response data [rules] ===\n"); printf("Response code: %d\n\n", error); if (error == SSS_SUDO_ERROR_OK) { print_sss_result(result); } free(domainname); sss_sudo_free_result(result); return 0; fail: free(domainname); sss_sudo_free_result(result); return 1; } void print_sss_result(struct sss_sudo_result *result) { struct sss_sudo_rule *rule = NULL; struct sss_sudo_attr *attr = NULL; int i = 0; int j = 0; int k = 0; printf("Number of rules: %d\n", result->num_rules); for (i = 0; i < result->num_rules; i++) { rule = &result->rules[i]; printf("=== Rule %d has %d attributes\n", i, rule->num_attrs); for (j = 0; j < rule->num_attrs; j++) { attr = &rule->attrs[j]; printf(" === Attribute named %s has %d values:\n", attr->name, attr->num_values); for (k = 0; k < attr->num_values; k++) { printf(" %s\n", attr->values[k]); } } } } ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/sss_pam.exports�����������������������������������������0000644�0000000�0000000�00000000074�12320753107�021603� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 30 ctime=1396954961.396875141 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sss_pam.exports����������������������������������������������������������0000664�0024127�0024127�00000000030�12320753107�022016� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������{ global: *; }; ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/sss_pam_macros.h����������������������������������������0000644�0000000�0000000�00000000074�12320753107�021672� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 30 ctime=1396954961.692874923 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sss_pam_macros.h���������������������������������������������������������0000664�0024127�0024127�00000002614�12320753107�022117� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD Client Interface for NSS and PAM. Authors: Stephen Gallagher <sgallagh@redhat.com> Copyright (C) Red Hat, Inc 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifndef _SSS_PAM_MACROS_H #define _SSS_PAM_MACROS_H /* Older versions of the pam development headers do not include the * _pam_overwrite_n(n,x) macro. This implementation is copied from * the Fedora 11 _pam_macros.h. */ #include <security/_pam_macros.h> #ifndef _pam_overwrite_n #define _pam_overwrite_n(x,n) \ do { \ register char *__xx__; \ register unsigned int __i__ = 0; \ if ((__xx__=(x))) \ for (;__i__<n; __i__++) \ __xx__[__i__] = 0; \ } while (0) #endif /* _pam_overwrite_n */ #endif /* _SSS_PAM_MACROS_H */ ��������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/pam_sss.c�����������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020321� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.691874923 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/pam_sss.c����������������������������������������������������������������0000664�0024127�0024127�00000142071�12320753107�020550� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Sumit Bose <sbose@redhat.com> Copyright (C) 2009 Red Hat Copyright (C) 2010, rhafer@suse.de, Novell Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_SESSION #define PAM_SM_PASSWORD #include "config.h" #include <sys/types.h> #include <unistd.h> #include <stdlib.h> #include <stdint.h> #include <stdio.h> #include <syslog.h> #include <time.h> #include <sys/stat.h> #include <fcntl.h> #include <errno.h> #include <locale.h> #include <stdbool.h> #include <security/pam_modules.h> #include <security/pam_ext.h> #include <security/pam_modutil.h> #include "sss_pam_macros.h" #include "sss_cli.h" #include "util/atomic_io.h" #include <libintl.h> #define _(STRING) dgettext (PACKAGE, STRING) #define FLAGS_USE_FIRST_PASS (1 << 0) #define FLAGS_FORWARD_PASS (1 << 1) #define FLAGS_USE_AUTHTOK (1 << 2) #define FLAGS_IGNORE_UNKNOWN_USER (1 << 3) #define PWEXP_FLAG "pam_sss:password_expired_flag" #define FD_DESTRUCTOR "pam_sss:fd_destructor" #define PW_RESET_MSG_FILENAME_TEMPLATE SSSD_CONF_DIR"/customize/%s/pam_sss_pw_reset_message.%s" #define PW_RESET_MSG_MAX_SIZE 4096 #define OPT_RETRY_KEY "retry=" struct pam_items { const char* pam_service; const char* pam_user; const char* pam_tty; const char* pam_ruser; const char* pam_rhost; char* pam_authtok; char* pam_newauthtok; const char* pamstack_authtok; const char* pamstack_oldauthtok; size_t pam_service_size; size_t pam_user_size; size_t pam_tty_size; size_t pam_ruser_size; size_t pam_rhost_size; int pam_authtok_type; size_t pam_authtok_size; int pam_newauthtok_type; size_t pam_newauthtok_size; pid_t cli_pid; const char *login_name; char *domain_name; }; #define DEBUG_MGS_LEN 1024 #define MAX_AUTHTOK_SIZE (1024*1024) #define CHECK_AND_RETURN_PI_STRING(s) ((s != NULL && *s != '\0')? s : "(not available)") static void logger(pam_handle_t *pamh, int level, const char *fmt, ...) { va_list ap; va_start(ap, fmt); #ifdef DEBUG va_list apd; char debug_msg[DEBUG_MGS_LEN]; int ret; va_copy(apd, ap); ret = vsnprintf(debug_msg, DEBUG_MGS_LEN, fmt, apd); if (ret >= DEBUG_MGS_LEN) { D(("the following message is truncated: %s", debug_msg)); } else if (ret < 0) { D(("vsnprintf failed to format debug message!")); } else { D((debug_msg)); } va_end(apd); #endif pam_vsyslog(pamh, LOG_AUTHPRIV|level, fmt, ap); va_end(ap); } static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) { free(ptr); ptr = NULL; } static void close_fd(pam_handle_t *pamh, void *ptr, int err) { if (err & PAM_DATA_REPLACE) { /* Nothing to do */ return; } D(("Closing the fd")); sss_pam_close_fd(); } static size_t add_authtok_item(enum pam_item_type type, enum sss_authtok_type authtok_type, const char *tok, const size_t size, uint8_t *buf) { size_t rp=0; uint32_t c; if (tok == NULL) return 0; c = type; memcpy(&buf[rp], &c, sizeof(uint32_t)); rp += sizeof(uint32_t); c = size + sizeof(uint32_t); memcpy(&buf[rp], &c, sizeof(uint32_t)); rp += sizeof(uint32_t); c = authtok_type; memcpy(&buf[rp], &c, sizeof(uint32_t)); rp += sizeof(uint32_t); memcpy(&buf[rp], tok, size); rp += size; return rp; } static size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val, uint8_t *buf) { size_t rp=0; uint32_t c; c = type; memcpy(&buf[rp], &c, sizeof(uint32_t)); rp += sizeof(uint32_t); c = sizeof(uint32_t); memcpy(&buf[rp], &c, sizeof(uint32_t)); rp += sizeof(uint32_t); c = val; memcpy(&buf[rp], &c, sizeof(uint32_t)); rp += sizeof(uint32_t); return rp; } static size_t add_string_item(enum pam_item_type type, const char *str, const size_t size, uint8_t *buf) { size_t rp=0; uint32_t c; if (str == NULL || *str == '\0') return 0; c = type; memcpy(&buf[rp], &c, sizeof(uint32_t)); rp += sizeof(uint32_t); c = size; memcpy(&buf[rp], &c, sizeof(uint32_t)); rp += sizeof(uint32_t); memcpy(&buf[rp], str, size); rp += size; return rp; } static void overwrite_and_free_pam_items(struct pam_items *pi) { if (pi->pam_authtok != NULL) { _pam_overwrite_n((void *)pi->pam_authtok, pi->pam_authtok_size); free((void *)pi->pam_authtok); pi->pam_authtok = NULL; } if (pi->pam_newauthtok != NULL) { _pam_overwrite_n((void *)pi->pam_newauthtok, pi->pam_newauthtok_size); free((void *)pi->pam_newauthtok); pi->pam_newauthtok = NULL; } pi->pamstack_authtok = NULL; pi->pamstack_oldauthtok = NULL; free(pi->domain_name); pi->domain_name = NULL; } static int pack_message_v3(struct pam_items *pi, size_t *size, uint8_t **buffer) { int len; uint8_t *buf; int rp; uint32_t terminator = SSS_END_OF_PAM_REQUEST; len = sizeof(uint32_t) + 2*sizeof(uint32_t) + pi->pam_user_size + sizeof(uint32_t); len += *pi->pam_service != '\0' ? 2*sizeof(uint32_t) + pi->pam_service_size : 0; len += *pi->pam_tty != '\0' ? 2*sizeof(uint32_t) + pi->pam_tty_size : 0; len += *pi->pam_ruser != '\0' ? 2*sizeof(uint32_t) + pi->pam_ruser_size : 0; len += *pi->pam_rhost != '\0' ? 2*sizeof(uint32_t) + pi->pam_rhost_size : 0; len += pi->pam_authtok != NULL ? 3*sizeof(uint32_t) + pi->pam_authtok_size : 0; len += pi->pam_newauthtok != NULL ? 3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0; len += 3*sizeof(uint32_t); /* cli_pid */ buf = malloc(len); if (buf == NULL) { D(("malloc failed.")); return PAM_BUF_ERR; } rp = 0; ((uint32_t *)(&buf[rp]))[0] = SSS_START_OF_PAM_REQUEST; rp += sizeof(uint32_t); rp += add_string_item(SSS_PAM_ITEM_USER, pi->pam_user, pi->pam_user_size, &buf[rp]); rp += add_string_item(SSS_PAM_ITEM_SERVICE, pi->pam_service, pi->pam_service_size, &buf[rp]); rp += add_string_item(SSS_PAM_ITEM_TTY, pi->pam_tty, pi->pam_tty_size, &buf[rp]); rp += add_string_item(SSS_PAM_ITEM_RUSER, pi->pam_ruser, pi->pam_ruser_size, &buf[rp]); rp += add_string_item(SSS_PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size, &buf[rp]); rp += add_uint32_t_item(SSS_PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid, &buf[rp]); rp += add_authtok_item(SSS_PAM_ITEM_AUTHTOK, pi->pam_authtok_type, pi->pam_authtok, pi->pam_authtok_size, &buf[rp]); rp += add_authtok_item(SSS_PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type, pi->pam_newauthtok, pi->pam_newauthtok_size, &buf[rp]); memcpy(&buf[rp], &terminator, sizeof(uint32_t)); rp += sizeof(uint32_t); if (rp != len) { D(("error during packet creation.")); free(buf); return PAM_BUF_ERR; } *size = len; *buffer = buf; return 0; } static int null_strcmp(const char *s1, const char *s2) { if (s1 == NULL && s2 == NULL) return 0; if (s1 == NULL && s2 != NULL) return -1; if (s1 != NULL && s2 == NULL) return 1; return strcmp(s1, s2); } enum { SSS_PAM_CONV_DONE = 0, SSS_PAM_CONV_STD, SSS_PAM_CONV_REENTER, }; static int do_pam_conversation(pam_handle_t *pamh, const int msg_style, const char *msg, const char *reenter_msg, char **_answer) { int ret; int state = SSS_PAM_CONV_STD; struct pam_conv *conv; const struct pam_message *mesg[1]; struct pam_message *pam_msg; struct pam_response *resp=NULL; char *answer = NULL; if ((msg_style == PAM_TEXT_INFO || msg_style == PAM_ERROR_MSG) && msg == NULL) return PAM_SYSTEM_ERR; if ((msg_style == PAM_PROMPT_ECHO_OFF || msg_style == PAM_PROMPT_ECHO_ON) && (msg == NULL || _answer == NULL)) return PAM_SYSTEM_ERR; if (msg_style == PAM_TEXT_INFO || msg_style == PAM_ERROR_MSG) { logger(pamh, LOG_INFO, "User %s message: %s", msg_style == PAM_TEXT_INFO ? "info" : "error", msg); } ret=pam_get_item(pamh, PAM_CONV, (const void **) &conv); if (ret != PAM_SUCCESS) return ret; do { pam_msg = malloc(sizeof(struct pam_message)); if (pam_msg == NULL) { D(("Malloc failed.")); ret = PAM_SYSTEM_ERR; goto failed; } pam_msg->msg_style = msg_style; if (state == SSS_PAM_CONV_REENTER) { pam_msg->msg = reenter_msg; } else { pam_msg->msg = msg; } mesg[0] = (const struct pam_message *) pam_msg; ret=conv->conv(1, mesg, &resp, conv->appdata_ptr); free(pam_msg); if (ret != PAM_SUCCESS) { D(("Conversation failure: %s.", pam_strerror(pamh,ret))); goto failed; } if (msg_style == PAM_PROMPT_ECHO_OFF || msg_style == PAM_PROMPT_ECHO_ON) { if (resp == NULL) { D(("response expected, but resp==NULL")); ret = PAM_SYSTEM_ERR; goto failed; } if (state == SSS_PAM_CONV_REENTER) { if (null_strcmp(answer, resp[0].resp) != 0) { logger(pamh, LOG_NOTICE, "Passwords do not match."); _pam_overwrite((void *)resp[0].resp); free(resp[0].resp); if (answer != NULL) { _pam_overwrite((void *) answer); free(answer); answer = NULL; } ret = do_pam_conversation(pamh, PAM_ERROR_MSG, _("Passwords do not match"), NULL, NULL); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); ret = PAM_SYSTEM_ERR; goto failed; } ret = PAM_CRED_ERR; goto failed; } _pam_overwrite((void *)resp[0].resp); free(resp[0].resp); } else { if (resp[0].resp == NULL) { D(("Empty password")); answer = NULL; } else { answer = strndup(resp[0].resp, MAX_AUTHTOK_SIZE); _pam_overwrite((void *)resp[0].resp); free(resp[0].resp); if(answer == NULL) { D(("strndup failed")); ret = PAM_BUF_ERR; goto failed; } } } free(resp); resp = NULL; } if (reenter_msg != NULL && state == SSS_PAM_CONV_STD) { state = SSS_PAM_CONV_REENTER; } else { state = SSS_PAM_CONV_DONE; } } while (state != SSS_PAM_CONV_DONE); if (_answer) *_answer = answer; return PAM_SUCCESS; failed: free(answer); return ret; } static errno_t display_pw_reset_message(pam_handle_t *pamh, const char *domain_name, const char *suffix) { int ret; struct stat stat_buf; char *msg_buf = NULL; int fd = -1; size_t size; size_t total_len; char *filename = NULL; if (strchr(suffix, '/') != NULL || strchr(domain_name, '/') != NULL) { D(("Suffix [%s] or domain name [%s] contain illegal character.", suffix, domain_name)); return EINVAL; } size = sizeof(PW_RESET_MSG_FILENAME_TEMPLATE) + strlen(domain_name) + strlen(suffix); filename = malloc(size); if (filename == NULL) { D(("malloc failed.")); ret = ENOMEM; goto done; } ret = snprintf(filename, size, PW_RESET_MSG_FILENAME_TEMPLATE, domain_name, suffix); if (ret < 0 || ret >= size) { D(("snprintf failed.")); ret = EFAULT; goto done; } fd = open(filename, O_RDONLY); if (fd == -1) { ret = errno; D(("open failed [%d][%s].\n", ret, strerror(ret))); goto done; } ret = fstat(fd, &stat_buf); if (ret == -1) { ret = errno; D(("fstat failed [%d][%s].", ret, strerror(ret))); goto done; } if (!S_ISREG(stat_buf.st_mode)) { logger(pamh, LOG_ERR, "Password reset message file is not a regular file."); ret = EINVAL; goto done; } if (stat_buf.st_uid != 0 || stat_buf.st_gid != 0 || (stat_buf.st_mode & ~S_IFMT) != 0644) { logger(pamh, LOG_ERR,"Permission error, " "file [%s] must be owned by root with permissions 0644.", filename); ret = EPERM; goto done; } if (stat_buf.st_size > PW_RESET_MSG_MAX_SIZE) { logger(pamh, LOG_ERR, "Password reset message file is too large."); ret = EFBIG; goto done; } msg_buf = malloc(stat_buf.st_size + 1); if (msg_buf == NULL) { D(("malloc failed.")); ret = ENOMEM; goto done; } errno = 0; total_len = sss_atomic_read_s(fd, msg_buf, stat_buf.st_size); if (ret == -1) { ret = errno; D(("read failed [%d][%s].", ret, strerror(ret))); goto done; } ret = close(fd); fd = -1; if (ret == -1) { ret = errno; D(("close failed [%d][%s].", ret, strerror(ret))); } if (total_len != stat_buf.st_size) { D(("read fewer bytes [%d] than expected [%d].", total_len, stat_buf.st_size)); ret = EIO; goto done; } msg_buf[stat_buf.st_size] = '\0'; ret = do_pam_conversation(pamh, PAM_TEXT_INFO, msg_buf, NULL, NULL); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); } done: if (fd != -1) { close(fd); } free(msg_buf); free(filename); return ret; } static errno_t select_pw_reset_message(pam_handle_t *pamh, struct pam_items *pi) { int ret; char *locale; const char *domain_name; domain_name = pi->domain_name; if (domain_name == NULL || *domain_name == '\0') { D(("Domain name is unknown.")); return EINVAL; } locale = setlocale(LC_MESSAGES, NULL); ret = -1; if (locale != NULL) { ret = display_pw_reset_message(pamh, domain_name, locale); } if (ret != 0) { ret = display_pw_reset_message(pamh, domain_name, "txt"); } if (ret != 0) { ret = do_pam_conversation(pamh, PAM_TEXT_INFO, _("Password reset by root is not supported."), NULL, NULL); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); } } return ret; } static int user_info_offline_auth(pam_handle_t *pamh, size_t buflen, uint8_t *buf) { int ret; int64_t expire_date; struct tm tm; char expire_str[128]; char user_msg[256]; expire_str[0] = '\0'; if (buflen != sizeof(uint32_t) + sizeof(int64_t)) { D(("User info response data has the wrong size")); return PAM_BUF_ERR; } memcpy(&expire_date, buf + sizeof(uint32_t), sizeof(int64_t)); if (expire_date > 0) { if (localtime_r((time_t *) &expire_date, &tm) != NULL) { ret = strftime(expire_str, sizeof(expire_str), "%c", &tm); if (ret == 0) { D(("strftime failed.")); expire_str[0] = '\0'; } } else { D(("localtime_r failed")); } } ret = snprintf(user_msg, sizeof(user_msg), "%s%s%s.", _("Authenticated with cached credentials"), expire_str[0] ? _(", your cached password will expire at: ") : "", expire_str[0] ? expire_str : ""); if (ret < 0 || ret >= sizeof(user_msg)) { D(("snprintf failed.")); return PAM_SYSTEM_ERR; } ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); return PAM_SYSTEM_ERR; } return PAM_SUCCESS; } static int user_info_grace_login(pam_handle_t *pamh, size_t buflen, uint8_t *buf) { int ret; uint32_t grace; char user_msg[256]; if (buflen != 2* sizeof(uint32_t)) { D(("User info response data has the wrong size")); return PAM_BUF_ERR; } memcpy(&grace, buf + sizeof(uint32_t), sizeof(uint32_t)); ret = snprintf(user_msg, sizeof(user_msg), _("Your password has expired. " "You have %1$d grace login(s) remaining."), grace); if (ret < 0 || ret >= sizeof(user_msg)) { D(("snprintf failed.")); return PAM_SYSTEM_ERR; } ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); return PAM_SYSTEM_ERR; } return PAM_SUCCESS; } #define MINSEC 60 #define HOURSEC (60*MINSEC) #define DAYSEC (24*HOURSEC) static int user_info_expire_warn(pam_handle_t *pamh, size_t buflen, uint8_t *buf) { int ret; uint32_t expire; char user_msg[256]; const char* unit="second(s)"; if (buflen != 2* sizeof(uint32_t)) { D(("User info response data has the wrong size")); return PAM_BUF_ERR; } memcpy(&expire, buf + sizeof(uint32_t), sizeof(uint32_t)); if (expire >= DAYSEC) { expire /= DAYSEC; unit = "day(s)"; } else if (expire >= HOURSEC) { expire /= HOURSEC; unit = "hour(s)"; } else if (expire >= MINSEC) { expire /= MINSEC; unit = "minute(s)"; } ret = snprintf(user_msg, sizeof(user_msg), _("Your password will expire in %1$d %2$s."), expire, unit); if (ret < 0 || ret >= sizeof(user_msg)) { D(("snprintf failed.")); return PAM_SYSTEM_ERR; } ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); return PAM_SYSTEM_ERR; } return PAM_SUCCESS; } static int user_info_offline_auth_delayed(pam_handle_t *pamh, size_t buflen, uint8_t *buf) { int ret; int64_t delayed_until; struct tm tm; char delay_str[128]; char user_msg[256]; delay_str[0] = '\0'; if (buflen != sizeof(uint32_t) + sizeof(int64_t)) { D(("User info response data has the wrong size")); return PAM_BUF_ERR; } memcpy(&delayed_until, buf + sizeof(uint32_t), sizeof(int64_t)); if (delayed_until <= 0) { D(("User info response data has an invalid value")); return PAM_BUF_ERR; } if (localtime_r((time_t *) &delayed_until, &tm) != NULL) { ret = strftime(delay_str, sizeof(delay_str), "%c", &tm); if (ret == 0) { D(("strftime failed.")); delay_str[0] = '\0'; } } else { D(("localtime_r failed")); } ret = snprintf(user_msg, sizeof(user_msg), "%s%s.", _("Authentication is denied until: "), delay_str); if (ret < 0 || ret >= sizeof(user_msg)) { D(("snprintf failed.")); return PAM_SYSTEM_ERR; } ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); return PAM_SYSTEM_ERR; } return PAM_SUCCESS; } static int user_info_offline_chpass(pam_handle_t *pamh) { int ret; ret = do_pam_conversation(pamh, PAM_TEXT_INFO, _("System is offline, password change not possible"), NULL, NULL); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); return PAM_SYSTEM_ERR; } return PAM_SUCCESS; } static int user_info_otp_chpass(pam_handle_t *pamh) { int ret; ret = do_pam_conversation(pamh, PAM_TEXT_INFO, _("After changing the OTP password, you need to " "log out and back in order to acquire a ticket"), NULL, NULL); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); return PAM_SYSTEM_ERR; } return PAM_SUCCESS; } static int user_info_chpass_error(pam_handle_t *pamh, size_t buflen, uint8_t *buf) { int ret; uint32_t msg_len; char *user_msg; size_t bufsize = 0; if (buflen < 2* sizeof(uint32_t)) { D(("User info response data is too short")); return PAM_BUF_ERR; } memcpy(&msg_len, buf + sizeof(uint32_t), sizeof(uint32_t)); if (buflen != 2* sizeof(uint32_t) + msg_len) { D(("User info response data has the wrong size")); return PAM_BUF_ERR; } bufsize = strlen(_("Password change failed. ")) + 1; if (msg_len > 0) { bufsize += strlen(_("Server message: ")) + msg_len; } user_msg = (char *)malloc(sizeof(char) * bufsize); if (!user_msg) { D(("Out of memory.")); return PAM_SYSTEM_ERR; } ret = snprintf(user_msg, bufsize, "%s%s%.*s", _("Password change failed. "), msg_len > 0 ? _("Server message: ") : "", msg_len, msg_len > 0 ? (char *)(buf + 2 * sizeof(uint32_t)) : "" ); if (ret < 0 || ret > bufsize) { D(("snprintf failed.")); free(user_msg); return PAM_SYSTEM_ERR; } ret = do_pam_conversation(pamh, PAM_TEXT_INFO, user_msg, NULL, NULL); free(user_msg); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); return PAM_SYSTEM_ERR; } return PAM_SUCCESS; } static int eval_user_info_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf) { int ret; uint32_t type; if (buflen < sizeof(uint32_t)) { D(("User info response data is too short")); return PAM_BUF_ERR; } memcpy(&type, buf, sizeof(uint32_t)); switch(type) { case SSS_PAM_USER_INFO_OFFLINE_AUTH: ret = user_info_offline_auth(pamh, buflen, buf); break; case SSS_PAM_USER_INFO_GRACE_LOGIN: ret = user_info_grace_login(pamh, buflen, buf); break; case SSS_PAM_USER_INFO_EXPIRE_WARN: ret = user_info_expire_warn(pamh, buflen, buf); break; case SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED: ret = user_info_offline_auth_delayed(pamh, buflen, buf); break; case SSS_PAM_USER_INFO_OFFLINE_CHPASS: ret = user_info_offline_chpass(pamh); break; case SSS_PAM_USER_INFO_OTP_CHPASS: ret = user_info_otp_chpass(pamh); break; case SSS_PAM_USER_INFO_CHPASS_ERROR: ret = user_info_chpass_error(pamh, buflen, buf); break; default: D(("Unknown user info type [%d]", type)); ret = PAM_SYSTEM_ERR; } return ret; } static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf, struct pam_items *pi) { int ret; size_t p=0; char *env_item; int32_t c; int32_t type; int32_t len; int32_t pam_status; if (buflen < (2*sizeof(int32_t))) { D(("response buffer is too small")); return PAM_BUF_ERR; } memcpy(&pam_status, buf+p, sizeof(int32_t)); p += sizeof(int32_t); memcpy(&c, buf+p, sizeof(int32_t)); p += sizeof(int32_t); while(c>0) { if (buflen < (p+2*sizeof(int32_t))) { D(("response buffer is too small")); return PAM_BUF_ERR; } memcpy(&type, buf+p, sizeof(int32_t)); p += sizeof(int32_t); memcpy(&len, buf+p, sizeof(int32_t)); p += sizeof(int32_t); if (buflen < (p + len)) { D(("response buffer is too small")); return PAM_BUF_ERR; } switch(type) { case SSS_PAM_SYSTEM_INFO: if (buf[p + (len -1)] != '\0') { D(("system info does not end with \\0.")); break; } logger(pamh, LOG_INFO, "system info: [%s]", &buf[p]); break; case SSS_PAM_DOMAIN_NAME: if (buf[p + (len -1)] != '\0') { D(("domain name does not end with \\0.")); break; } D(("domain name: [%s]", &buf[p])); pi->domain_name = strdup((char *) &buf[p]); if (pi->domain_name == NULL) { D(("strdup failed")); } break; case SSS_ENV_ITEM: case SSS_PAM_ENV_ITEM: case SSS_ALL_ENV_ITEM: if (buf[p + (len -1)] != '\0') { D(("env item does not end with \\0.")); break; } D(("env item: [%s]", &buf[p])); if (type == SSS_PAM_ENV_ITEM || type == SSS_ALL_ENV_ITEM) { ret = pam_putenv(pamh, (char *)&buf[p]); if (ret != PAM_SUCCESS) { D(("pam_putenv failed.")); break; } } if (type == SSS_ENV_ITEM || type == SSS_ALL_ENV_ITEM) { env_item = strdup((char *)&buf[p]); if (env_item == NULL) { D(("strdup failed")); break; } ret = putenv(env_item); if (ret == -1) { D(("putenv failed.")); break; } } break; case SSS_PAM_USER_INFO: ret = eval_user_info_response(pamh, len, &buf[p]); if (ret != PAM_SUCCESS) { D(("eval_user_info_response failed")); } break; case SSS_PAM_TEXT_MSG: if (buf[p + (len -1)] != '\0') { D(("system info does not end with \\0.")); break; } ret = do_pam_conversation(pamh, PAM_TEXT_INFO, (char *) &buf[p], NULL, NULL); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); } break; default: D(("Unknown response type [%d]", type)); } p += len; --c; } return PAM_SUCCESS; } static int get_pam_items(pam_handle_t *pamh, struct pam_items *pi) { int ret; pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; pi->pam_authtok = NULL; pi->pam_authtok_size = 0; pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY; pi->pam_newauthtok = NULL; pi->pam_newauthtok_size = 0; ret = pam_get_item(pamh, PAM_SERVICE, (const void **) &(pi->pam_service)); if (ret != PAM_SUCCESS) return ret; if (pi->pam_service == NULL) pi->pam_service=""; pi->pam_service_size=strlen(pi->pam_service)+1; ret = pam_get_item(pamh, PAM_USER, (const void **) &(pi->pam_user)); if (ret != PAM_SUCCESS) return ret; if (pi->pam_user == NULL) { D(("No user found, aborting.")); return PAM_BAD_ITEM; } if (strcmp(pi->pam_user, "root") == 0) { D(("pam_sss will not handle root.")); return PAM_USER_UNKNOWN; } pi->pam_user_size=strlen(pi->pam_user)+1; ret = pam_get_item(pamh, PAM_TTY, (const void **) &(pi->pam_tty)); if (ret != PAM_SUCCESS) return ret; if (pi->pam_tty == NULL) pi->pam_tty=""; pi->pam_tty_size=strlen(pi->pam_tty)+1; ret = pam_get_item(pamh, PAM_RUSER, (const void **) &(pi->pam_ruser)); if (ret != PAM_SUCCESS) return ret; if (pi->pam_ruser == NULL) pi->pam_ruser=""; pi->pam_ruser_size=strlen(pi->pam_ruser)+1; ret = pam_get_item(pamh, PAM_RHOST, (const void **) &(pi->pam_rhost)); if (ret != PAM_SUCCESS) return ret; if (pi->pam_rhost == NULL) pi->pam_rhost=""; pi->pam_rhost_size=strlen(pi->pam_rhost)+1; ret = pam_get_item(pamh, PAM_AUTHTOK, (const void **) &(pi->pamstack_authtok)); if (ret != PAM_SUCCESS) return ret; if (pi->pamstack_authtok == NULL) pi->pamstack_authtok=""; ret = pam_get_item(pamh, PAM_OLDAUTHTOK, (const void **) &(pi->pamstack_oldauthtok)); if (ret != PAM_SUCCESS) return ret; if (pi->pamstack_oldauthtok == NULL) pi->pamstack_oldauthtok=""; pi->cli_pid = getpid(); pi->login_name = pam_modutil_getlogin(pamh); if (pi->login_name == NULL) pi->login_name=""; pi->domain_name = NULL; return PAM_SUCCESS; } static void print_pam_items(struct pam_items *pi) { if (pi == NULL) return; D(("Service: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_service))); D(("User: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_user))); D(("Tty: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_tty))); D(("Ruser: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_ruser))); D(("Rhost: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_rhost))); D(("Pamstack_Authtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pamstack_authtok))); D(("Pamstack_Oldauthtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pamstack_oldauthtok))); D(("Authtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_authtok))); D(("Newauthtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_newauthtok))); D(("Cli_PID: %d", pi->cli_pid)); } static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi, enum sss_cli_command task, bool quiet_mode) { int ret; int sret; int errnop; struct sss_cli_req_data rd; uint8_t *buf = NULL; uint8_t *repbuf = NULL; size_t replen; int pam_status = PAM_SYSTEM_ERR; print_pam_items(pi); ret = pack_message_v3(pi, &rd.len, &buf); if (ret != 0) { D(("pack_message failed.")); pam_status = PAM_SYSTEM_ERR; goto done; } rd.data = buf; errnop = 0; ret = sss_pam_make_request(task, &rd, &repbuf, &replen, &errnop); sret = pam_set_data(pamh, FD_DESTRUCTOR, NULL, close_fd); if (sret != PAM_SUCCESS) { D(("pam_set_data failed, client might leaks fds")); } if (ret != PAM_SUCCESS) { if (errnop != 0) { logger(pamh, LOG_ERR, "Request to sssd failed. %s", ssscli_err2string(errnop)); } pam_status = PAM_AUTHINFO_UNAVAIL; goto done; } /* FIXME: add an end signature */ if (replen < (2*sizeof(int32_t))) { D(("response not in expected format.")); pam_status = PAM_SYSTEM_ERR; goto done; } pam_status = ((int32_t *)repbuf)[0]; ret = eval_response(pamh, replen, repbuf, pi); if (ret != PAM_SUCCESS) { D(("eval_response failed.")); pam_status = ret; goto done; } switch (task) { case SSS_PAM_AUTHENTICATE: logger(pamh, (pam_status == PAM_SUCCESS ? LOG_INFO : LOG_NOTICE), "authentication %s; logname=%s uid=%lu euid=%d tty=%s " "ruser=%s rhost=%s user=%s", pam_status == PAM_SUCCESS ? "success" : "failure", pi->login_name, getuid(), (unsigned long) geteuid(), pi->pam_tty, pi->pam_ruser, pi->pam_rhost, pi->pam_user); if (pam_status != PAM_SUCCESS) { /* don't log if quiet_mode is on and pam_status is * User not known to the underlying authentication module */ if (!quiet_mode || pam_status != 10) { logger(pamh, LOG_NOTICE, "received for user %s: %d (%s)", pi->pam_user, pam_status, pam_strerror(pamh,pam_status)); } } break; case SSS_PAM_CHAUTHTOK_PRELIM: if (pam_status != PAM_SUCCESS) { /* don't log if quiet_mode is on and pam_status is * User not known to the underlying authentication module */ if (!quiet_mode || pam_status != 10) { logger(pamh, LOG_NOTICE, "Authentication failed for user %s: %d (%s)", pi->pam_user, pam_status, pam_strerror(pamh,pam_status)); } } break; case SSS_PAM_CHAUTHTOK: if (pam_status != PAM_SUCCESS) { logger(pamh, LOG_NOTICE, "Password change failed for user %s: %d (%s)", pi->pam_user, pam_status, pam_strerror(pamh,pam_status)); } break; case SSS_PAM_ACCT_MGMT: if (pam_status != PAM_SUCCESS) { /* don't log if quiet_mode is on and pam_status is * User not known to the underlying authentication module */ if (!quiet_mode || pam_status != 10) { logger(pamh, LOG_NOTICE, "Access denied for user %s: %d (%s)", pi->pam_user, pam_status, pam_strerror(pamh,pam_status)); } } break; case SSS_PAM_OPEN_SESSION: case SSS_PAM_SETCRED: case SSS_PAM_CLOSE_SESSION: break; default: D(("Illegal task [%d]", task)); return PAM_SYSTEM_ERR; } done: if (buf != NULL ) { _pam_overwrite_n((void *)buf, rd.len); free(buf); } free(repbuf); return pam_status; } static int prompt_password(pam_handle_t *pamh, struct pam_items *pi, const char *prompt) { int ret; char *answer = NULL; ret = do_pam_conversation(pamh, PAM_PROMPT_ECHO_OFF, prompt, NULL, &answer); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); return ret; } if (answer == NULL) { pi->pam_authtok = NULL; pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; pi->pam_authtok_size=0; } else { pi->pam_authtok = strdup(answer); _pam_overwrite((void *)answer); free(answer); answer=NULL; if (pi->pam_authtok == NULL) { return PAM_BUF_ERR; } pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; pi->pam_authtok_size=strlen(pi->pam_authtok); } return PAM_SUCCESS; } static int prompt_new_password(pam_handle_t *pamh, struct pam_items *pi) { int ret; char *answer = NULL; ret = do_pam_conversation(pamh, PAM_PROMPT_ECHO_OFF, _("New Password: "), _("Reenter new Password: "), &answer); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); return ret; } if (answer == NULL) { pi->pam_newauthtok = NULL; pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY; pi->pam_newauthtok_size=0; } else { pi->pam_newauthtok = strdup(answer); _pam_overwrite((void *)answer); free(answer); answer=NULL; if (pi->pam_newauthtok == NULL) { return PAM_BUF_ERR; } pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD; pi->pam_newauthtok_size=strlen(pi->pam_newauthtok); } return PAM_SUCCESS; } static void eval_argv(pam_handle_t *pamh, int argc, const char **argv, uint32_t *flags, int *retries, bool *quiet_mode) { char *ep; *quiet_mode = false; for (; argc-- > 0; ++argv) { if (strcmp(*argv, "forward_pass") == 0) { *flags |= FLAGS_FORWARD_PASS; } else if (strcmp(*argv, "use_first_pass") == 0) { *flags |= FLAGS_USE_FIRST_PASS; } else if (strcmp(*argv, "use_authtok") == 0) { *flags |= FLAGS_USE_AUTHTOK; } else if (strncmp(*argv, OPT_RETRY_KEY, strlen(OPT_RETRY_KEY)) == 0) { if (*(*argv+6) == '\0') { logger(pamh, LOG_ERR, "Missing argument to option retry."); *retries = 0; } else { errno = 0; *retries = strtol(*argv+6, &ep, 10); if (errno != 0) { D(("strtol failed [%d][%s]", errno, strerror(errno))); *retries = 0; } if (*ep != '\0') { logger(pamh, LOG_ERR, "Argument to option retry contains " "extra characters."); *retries = 0; } if (*retries < 0) { logger(pamh, LOG_ERR, "Argument to option retry must not " "be negative."); *retries = 0; } } } else if (strcmp(*argv, "quiet") == 0) { *quiet_mode = true; } else if (strcmp(*argv, "ignore_unknown_user") == 0) { *flags |= FLAGS_IGNORE_UNKNOWN_USER; } else { logger(pamh, LOG_WARNING, "unknown option: %s", *argv); } } return; } static int get_authtok_for_authentication(pam_handle_t *pamh, struct pam_items *pi, uint32_t flags) { int ret; if (flags & FLAGS_USE_FIRST_PASS) { pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; pi->pam_authtok = strdup(pi->pamstack_authtok); if (pi->pam_authtok == NULL) { D(("option use_first_pass set, but no password found")); return PAM_BUF_ERR; } pi->pam_authtok_size = strlen(pi->pam_authtok); } else { ret = prompt_password(pamh, pi, _("Password: ")); if (ret != PAM_SUCCESS) { D(("failed to get password from user")); return ret; } if (flags & FLAGS_FORWARD_PASS) { ret = pam_set_item(pamh, PAM_AUTHTOK, pi->pam_authtok); if (ret != PAM_SUCCESS) { D(("Failed to set PAM_AUTHTOK [%s], " "authtok may not be available for other modules", pam_strerror(pamh,ret))); } } } return PAM_SUCCESS; } static int get_authtok_for_password_change(pam_handle_t *pamh, struct pam_items *pi, uint32_t flags, int pam_flags) { int ret; int *exp_data = NULL; pam_get_data(pamh, PWEXP_FLAG, (const void **) &exp_data); /* we query for the old password during PAM_PRELIM_CHECK to make * pam_sss work e.g. with pam_cracklib */ if (pam_flags & PAM_PRELIM_CHECK) { if ( (getuid() != 0 || exp_data ) && !(flags & FLAGS_USE_FIRST_PASS)) { ret = prompt_password(pamh, pi, _("Current Password: ")); if (ret != PAM_SUCCESS) { D(("failed to get password from user")); return ret; } ret = pam_set_item(pamh, PAM_OLDAUTHTOK, pi->pam_authtok); if (ret != PAM_SUCCESS) { D(("Failed to set PAM_OLDAUTHTOK [%s], " "oldauthtok may not be available", pam_strerror(pamh,ret))); return ret; } } return PAM_SUCCESS; } if (pi->pamstack_oldauthtok == NULL) { if (getuid() != 0) { D(("no password found for chauthtok")); return PAM_BUF_ERR; } else { pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; pi->pam_authtok = NULL; pi->pam_authtok_size = 0; } } else { pi->pam_authtok = strdup(pi->pamstack_oldauthtok); pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; pi->pam_authtok_size = strlen(pi->pam_authtok); } if (flags & FLAGS_USE_AUTHTOK) { pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD; pi->pam_newauthtok = strdup(pi->pamstack_authtok); if (pi->pam_newauthtok == NULL) { D(("option use_authtok set, but no new password found")); return PAM_BUF_ERR; } pi->pam_newauthtok_size = strlen(pi->pam_newauthtok); } else { ret = prompt_new_password(pamh, pi); if (ret != PAM_SUCCESS) { D(("failed to get new password from user")); return ret; } if (flags & FLAGS_FORWARD_PASS) { ret = pam_set_item(pamh, PAM_AUTHTOK, pi->pam_newauthtok); if (ret != PAM_SUCCESS) { D(("Failed to set PAM_AUTHTOK [%s], " "oldauthtok may not be available", pam_strerror(pamh,ret))); } } } return PAM_SUCCESS; } static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, int pam_flags, int argc, const char **argv) { int ret; int pam_status; struct pam_items pi; uint32_t flags = 0; int *exp_data; bool retry = false; bool quiet_mode = false; int retries = 0; bindtextdomain(PACKAGE, LOCALEDIR); D(("Hello pam_sssd: %d", task)); eval_argv(pamh, argc, argv, &flags, &retries, &quiet_mode); ret = get_pam_items(pamh, &pi); if (ret != PAM_SUCCESS) { D(("get items returned error: %s", pam_strerror(pamh,ret))); if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) { ret = PAM_IGNORE; } return ret; } do { retry = false; switch(task) { case SSS_PAM_AUTHENTICATE: ret = get_authtok_for_authentication(pamh, &pi, flags); if (ret != PAM_SUCCESS) { D(("failed to get authentication token: %s", pam_strerror(pamh, ret))); return ret; } break; case SSS_PAM_CHAUTHTOK: ret = get_authtok_for_password_change(pamh, &pi, flags, pam_flags); if (ret != PAM_SUCCESS) { D(("failed to get tokens for password change: %s", pam_strerror(pamh, ret))); return ret; } if (pam_flags & PAM_PRELIM_CHECK) { task = SSS_PAM_CHAUTHTOK_PRELIM; } break; case SSS_PAM_ACCT_MGMT: case SSS_PAM_SETCRED: case SSS_PAM_OPEN_SESSION: case SSS_PAM_CLOSE_SESSION: break; default: D(("Illegal task [%d]", task)); return PAM_SYSTEM_ERR; } pam_status = send_and_receive(pamh, &pi, task, quiet_mode); if (flags & FLAGS_IGNORE_UNKNOWN_USER && pam_status == PAM_USER_UNKNOWN) { pam_status = PAM_IGNORE; } switch (task) { case SSS_PAM_AUTHENTICATE: /* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during * authentication, see sss_cli.h for details */ if (pam_status == PAM_NEW_AUTHTOK_REQD) { D(("Authtoken expired, trying to change it")); exp_data = malloc(sizeof(int)); if (exp_data == NULL) { D(("malloc failed.")); pam_status = PAM_BUF_ERR; break; } *exp_data = 1; pam_status = pam_set_data(pamh, PWEXP_FLAG, exp_data, free_exp_data); if (pam_status != PAM_SUCCESS) { D(("pam_set_data failed.")); } } break; case SSS_PAM_ACCT_MGMT: if (pam_status == PAM_SUCCESS && pam_get_data(pamh, PWEXP_FLAG, (const void **) &exp_data) == PAM_SUCCESS) { ret = do_pam_conversation(pamh, PAM_TEXT_INFO, _("Password expired. Change your password now."), NULL, NULL); if (ret != PAM_SUCCESS) { D(("do_pam_conversation failed.")); } pam_status = PAM_NEW_AUTHTOK_REQD; } break; case SSS_PAM_CHAUTHTOK: if (pam_status != PAM_SUCCESS && pam_status != PAM_USER_UNKNOWN) { ret = pam_set_item(pamh, PAM_AUTHTOK, NULL); if (ret != PAM_SUCCESS) { D(("Failed to unset PAM_AUTHTOK [%s]", pam_strerror(pamh,ret))); } ret = pam_set_item(pamh, PAM_OLDAUTHTOK, NULL); if (ret != PAM_SUCCESS) { D(("Failed to unset PAM_OLDAUTHTOK [%s]", pam_strerror(pamh,ret))); } } break; case SSS_PAM_CHAUTHTOK_PRELIM: if (pam_status == PAM_PERM_DENIED && pi.pam_authtok_size == 0 && getuid() == 0 && pam_get_data(pamh, PWEXP_FLAG, (const void **) &exp_data) != PAM_SUCCESS) { ret = select_pw_reset_message(pamh, &pi); if (ret != 0) { D(("select_pw_reset_message failed.\n")); } } default: /* nothing to do */ break; } overwrite_and_free_pam_items(&pi); D(("retries [%d].", retries)); if (pam_status != PAM_SUCCESS && (task == SSS_PAM_AUTHENTICATE || task == SSS_PAM_CHAUTHTOK_PRELIM) && retries > 0) { retry = true; retries--; flags &= ~FLAGS_USE_FIRST_PASS; ret = pam_set_item(pamh, PAM_AUTHTOK, NULL); if (ret != PAM_SUCCESS) { D(("Failed to unset PAM_AUTHTOK [%s]", pam_strerror(pamh,ret))); } ret = pam_set_item(pamh, PAM_OLDAUTHTOK, NULL); if (ret != PAM_SUCCESS) { D(("Failed to unset PAM_OLDAUTHTOK [%s]", pam_strerror(pamh,ret))); } } } while(retry); return pam_status; } PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv ) { return pam_sss(SSS_PAM_AUTHENTICATE, pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv ) { return pam_sss(SSS_PAM_SETCRED, pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv ) { return pam_sss(SSS_PAM_ACCT_MGMT, pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv ) { return pam_sss(SSS_PAM_CHAUTHTOK, pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv ) { return pam_sss(SSS_PAM_OPEN_SESSION, pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv ) { return pam_sss(SSS_PAM_CLOSE_SESSION, pamh, flags, argc, argv); } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_sssd_modstruct ={ "pam_sssd", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }; #endif �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/nss_mc_group.c������������������������������������������0000644�0000000�0000000�00000000074�12320753107�021352� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.545875031 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/nss_mc_group.c�����������������������������������������������������������0000664�0024127�0024127�00000014455�12320753107�021605� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * System Security Services Daemon. NSS client interface * * Copyright (C) Simo Sorce 2011 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ /* GROUP database NSS interface using mmap cache */ #include <errno.h> #include <stdio.h> #include <string.h> #include <stdlib.h> #include <stddef.h> #include <sys/mman.h> #include <time.h> #include "nss_mc.h" struct sss_cli_mc_ctx gr_mc_ctx = { false, -1, 0, NULL, 0, NULL, 0, NULL, 0 }; static errno_t sss_nss_mc_parse_result(struct sss_mc_rec *rec, struct group *result, char *buffer, size_t buflen) { struct sss_mc_grp_data *data; time_t expire; void *cookie; char *membuf; size_t memsize; int ret; int i; /* additional checks before filling result*/ expire = rec->expire; if (expire < time(NULL)) { /* entry is now invalid */ return EINVAL; } data = (struct sss_mc_grp_data *)rec->data; memsize = (data->members + 1) * sizeof(char *); if (data->strs_len + memsize > buflen) { return ERANGE; } /* fill in glibc provided structs */ /* copy in buffer */ membuf = buffer + memsize; memcpy(membuf, data->strs, data->strs_len); /* fill in group */ result->gr_gid = data->gid; result->gr_mem = (char **)buffer; result->gr_mem[data->members] = NULL; cookie = NULL; ret = sss_nss_str_ptr_from_buffer(&result->gr_name, &cookie, membuf, data->strs_len); if (ret) { return ret; } ret = sss_nss_str_ptr_from_buffer(&result->gr_passwd, &cookie, membuf, data->strs_len); if (ret) { return ret; } for (i = 0; i < data->members; i++) { ret = sss_nss_str_ptr_from_buffer(&result->gr_mem[i], &cookie, membuf, data->strs_len); if (ret) { return ret; } } if (cookie != NULL) { return EINVAL; } return 0; } errno_t sss_nss_mc_getgrnam(const char *name, size_t name_len, struct group *result, char *buffer, size_t buflen) { struct sss_mc_rec *rec = NULL; struct sss_mc_grp_data *data; char *rec_name; uint32_t hash; uint32_t slot; int ret; size_t strs_offset; uint8_t *max_addr; ret = sss_nss_mc_get_ctx("group", &gr_mc_ctx); if (ret) { return ret; } /* Get max address of data table. */ max_addr = gr_mc_ctx.data_table + gr_mc_ctx.dt_size; /* hashes are calculated including the NULL terminator */ hash = sss_nss_mc_hash(&gr_mc_ctx, name, name_len + 1); slot = gr_mc_ctx.hash_table[hash]; /* If slot is not within the bounds of mmaped region and * it's value is not MC_INVALID_VAL, then the cache is * probbably corrupted. */ while (MC_SLOT_WITHIN_BOUNDS(slot, gr_mc_ctx.dt_size)) { ret = sss_nss_mc_get_record(&gr_mc_ctx, slot, &rec); if (ret) { goto done; } /* check record matches what we are searching for */ if (hash != rec->hash1) { /* if name hash does not match we can skip this immediately */ slot = rec->next; continue; } strs_offset = offsetof(struct sss_mc_grp_data, strs); data = (struct sss_mc_grp_data *)rec->data; /* Integrity check * - name_len cannot be longer than all strings * - data->name cannot point outside strings * - all strings must be within data_table */ if (name_len > data->strs_len || (data->name + name_len) > (strs_offset + data->strs_len) || (uint8_t *)data->strs + data->strs_len > max_addr) { ret = ENOENT; goto done; } rec_name = (char *)data + data->name; if (strcmp(name, rec_name) == 0) { break; } slot = rec->next; } if (!MC_SLOT_WITHIN_BOUNDS(slot, gr_mc_ctx.dt_size)) { ret = ENOENT; goto done; } ret = sss_nss_mc_parse_result(rec, result, buffer, buflen); done: free(rec); return ret; } errno_t sss_nss_mc_getgrgid(gid_t gid, struct group *result, char *buffer, size_t buflen) { struct sss_mc_rec *rec = NULL; struct sss_mc_grp_data *data; char gidstr[11]; uint32_t hash; uint32_t slot; int len; int ret; ret = sss_nss_mc_get_ctx("group", &gr_mc_ctx); if (ret) { return ret; } len = snprintf(gidstr, 11, "%ld", (long)gid); if (len > 10) { return EINVAL; } /* hashes are calculated including the NULL terminator */ hash = sss_nss_mc_hash(&gr_mc_ctx, gidstr, len+1); slot = gr_mc_ctx.hash_table[hash]; /* If slot is not within the bounds of mmaped region and * it's value is not MC_INVALID_VAL, then the cache is * probbably corrupted. */ while (MC_SLOT_WITHIN_BOUNDS(slot, gr_mc_ctx.dt_size)) { ret = sss_nss_mc_get_record(&gr_mc_ctx, slot, &rec); if (ret) { goto done; } /* check record matches what we are searching for */ if (hash != rec->hash2) { /* if uid hash does not match we can skip this immediately */ slot = rec->next; continue; } data = (struct sss_mc_grp_data *)rec->data; if (gid == data->gid) { break; } slot = rec->next; } if (!MC_SLOT_WITHIN_BOUNDS(slot, gr_mc_ctx.dt_size)) { ret = ENOENT; goto done; } ret = sss_nss_mc_parse_result(rec, result, buffer, buflen); done: free(rec); return ret; } �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/krb5_authdata_int.h�������������������������������������0000644�0000000�0000000�00000000074�12320753107�022251� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.704874914 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/krb5_authdata_int.h������������������������������������������������������0000664�0024127�0024127�00000020366�12320753107�022502� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD - MIT Kerberos authdata plugin This file contains definitions and declarations to build authdata plugins for MIT Kerberos outside of the MIT Kerberos source tree. */ #ifndef _KRB5_AUTHDATA_INT_H #define _KRB5_AUTHDATA_INT_H krb5_error_code KRB5_CALLCONV krb5_ser_pack_int32(krb5_int32, krb5_octet **, size_t *); krb5_error_code KRB5_CALLCONV krb5_ser_unpack_int32(krb5_int32 *, krb5_octet **, size_t *); krb5_error_code KRB5_CALLCONV krb5_ser_pack_bytes(krb5_octet *, size_t, krb5_octet **, size_t *); #define AD_USAGE_AS_REQ 0x01 #define AD_USAGE_TGS_REQ 0x02 #define AD_USAGE_AP_REQ 0x04 #define AD_USAGE_KDC_ISSUED 0x08 #define AD_USAGE_MASK 0x0F #define AD_INFORMATIONAL 0x10 struct _krb5_authdata_context; typedef struct _krb5_authdata_context *krb5_authdata_context; typedef void (*authdata_client_plugin_flags_proc)(krb5_context kcontext, void *plugin_context, krb5_authdatatype ad_type, krb5_flags *flags); typedef krb5_error_code (*authdata_client_plugin_init_proc)(krb5_context context, void **plugin_context); typedef void (*authdata_client_plugin_fini_proc)(krb5_context kcontext, void *plugin_context); typedef krb5_error_code (*authdata_client_request_init_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void **request_context); typedef void (*authdata_client_request_fini_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context); typedef krb5_error_code (*authdata_client_import_authdata_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_authdata **authdata, krb5_boolean kdc_issued_flag, krb5_const_principal issuer); typedef krb5_error_code (*authdata_client_export_authdata_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_flags usage, krb5_authdata ***authdata); typedef krb5_error_code (*authdata_client_get_attribute_types_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_data **attrs); typedef krb5_error_code (*authdata_client_get_attribute_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, const krb5_data *attribute, krb5_boolean *authenticated, krb5_boolean *complete, krb5_data *value, krb5_data *display_value, int *more); typedef krb5_error_code (*authdata_client_set_attribute_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_boolean complete, const krb5_data *attribute, const krb5_data *value); typedef krb5_error_code (*authdata_client_delete_attribute_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, const krb5_data *attribute); typedef krb5_error_code (*authdata_client_export_internal_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_boolean restrict_authenticated, void **ptr); typedef void (*authdata_client_free_internal_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, void *ptr); typedef krb5_error_code (*authdata_client_verify_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, const krb5_auth_context *auth_context, const krb5_keyblock *key, const krb5_ap_req *req); typedef krb5_error_code (*authdata_client_size_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, size_t *sizep); typedef krb5_error_code (*authdata_client_externalize_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_octet **buffer, size_t *lenremain); typedef krb5_error_code (*authdata_client_internalize_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_octet **buffer, size_t *lenremain); typedef krb5_error_code (*authdata_client_copy_proc)(krb5_context kcontext, struct _krb5_authdata_context *context, void *plugin_context, void *request_context, void *dst_plugin_context, void *dst_request_context); typedef struct krb5plugin_authdata_client_ftable_v0 { char *name; krb5_authdatatype *ad_type_list; authdata_client_plugin_init_proc init; authdata_client_plugin_fini_proc fini; authdata_client_plugin_flags_proc flags; authdata_client_request_init_proc request_init; authdata_client_request_fini_proc request_fini; authdata_client_get_attribute_types_proc get_attribute_types; authdata_client_get_attribute_proc get_attribute; authdata_client_set_attribute_proc set_attribute; authdata_client_delete_attribute_proc delete_attribute; authdata_client_export_authdata_proc export_authdata; authdata_client_import_authdata_proc import_authdata; authdata_client_export_internal_proc export_internal; authdata_client_free_internal_proc free_internal; authdata_client_verify_proc verify; authdata_client_size_proc size; authdata_client_externalize_proc externalize; authdata_client_internalize_proc internalize; authdata_client_copy_proc copy; /* optional */ } krb5plugin_authdata_client_ftable_v0; #endif /* _KRB5_AUTHDATA_INT_H */ ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/nss_netgroup.c������������������������������������������0000644�0000000�0000000�00000000074�12320753107�021402� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.538875036 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/nss_netgroup.c�����������������������������������������������������������0000664�0024127�0024127�00000020545�12320753107�021632� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD nss_netgroup.c Authors: Stephen Gallagher <sgallagh@redhat.com> Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <nss.h> #include <errno.h> #include <sys/types.h> #include <unistd.h> #include <stdlib.h> #include <stdint.h> #include <stdio.h> #include <string.h> #include "sss_cli.h" #include "nss_compat.h" #define CLEAR_NETGRENT_DATA(netgrent) do { \ free(netgrent->data); \ netgrent->data = NULL; \ netgrent->idx.position = 0; \ netgrent->data_size = 0; \ } while (0); /* * Replies: * * 0-3: 32bit unsigned number of results N * 4-7: 32bit unsigned (reserved/padding) * For each result: * 8-11: 32bit unsigned type of result * 12-X: \0 terminated string representing a tuple * (host, user, domain) * or a netgroup, depending on the type indicator * ... repeated N times */ #define NETGR_METADATA_COUNT 2 * sizeof(uint32_t) struct sss_nss_netgr_rep { struct __netgrent *result; char *buffer; size_t buflen; }; static int sss_nss_getnetgr_readrep(struct sss_nss_netgr_rep *pr, uint8_t *buf, size_t *len) { errno_t ret; char *sbuf; char *temp; size_t i, slen, dlen, size; uint32_t type; if (*len < 6) { /* Not enough space for data, bad packet */ return EBADMSG; } sbuf = (char *)(buf + sizeof(uint32_t)); slen = *len - sizeof(uint32_t); dlen = pr->buflen; i = 0; SAFEALIGN_COPY_UINT32(&type, buf, NULL); switch (type) { case SSS_NETGR_REP_TRIPLE: pr->result->type = triple_val; /* Host value */ temp = &(pr->buffer[i]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &temp, &size); if (ret != EOK) return ret; /* libc expects NULL instead of empty string */ if (size == 0) { pr->result->val.triple.host = NULL; } else { pr->result->val.triple.host = temp; } /* User value */ temp = &(pr->buffer[i]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &temp, &size); if (ret != EOK) return ret; /* libc expects NULL instead of empty string */ if (size == 0) { pr->result->val.triple.user = NULL; } else { pr->result->val.triple.user = temp; } /* Domain value */ temp = &(pr->buffer[i]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &temp, &size); if (ret != EOK) return ret; /* libc expects NULL instead of empty string */ if (size == 0) { pr->result->val.triple.domain = NULL; } else { pr->result->val.triple.domain = temp; } break; case SSS_NETGR_REP_GROUP: pr->result->type = group_val; temp = &(pr->buffer[i]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &temp, NULL); if (ret != EOK) return ret; pr->result->val.group = temp; break; default: return EBADMSG; } *len = slen -i; return 0; } enum nss_status _nss_sss_setnetgrent(const char *netgroup, struct __netgrent *result) { uint8_t *repbuf = NULL; size_t replen; enum nss_status nret; struct sss_cli_req_data rd; int errnop; char *name; size_t name_len; errno_t ret; if (!netgroup) return NSS_STATUS_NOTFOUND; sss_nss_lock(); /* make sure we do not have leftovers, and release memory */ CLEAR_NETGRENT_DATA(result); ret = sss_strnlen(netgroup, SSS_NAME_MAX, &name_len); if (ret != 0) { nret = NSS_STATUS_NOTFOUND; goto out; } name = malloc(sizeof(char)*name_len + 1); if (name == NULL) { nret = NSS_STATUS_TRYAGAIN; goto out; } strncpy(name, netgroup, name_len + 1); rd.data = name; rd.len = name_len + 1; nret = sss_nss_make_request(SSS_NSS_SETNETGRENT, &rd, &repbuf, &replen, &errnop); free(name); if (nret != NSS_STATUS_SUCCESS) { errno = errnop; goto out; } /* no results if not found */ if ((((uint32_t *)repbuf)[0] == 0) || (replen < NETGR_METADATA_COUNT)) { free(repbuf); nret = NSS_STATUS_NOTFOUND; goto out; } free(repbuf); nret = NSS_STATUS_SUCCESS; out: sss_nss_unlock(); return nret; } static enum nss_status internal_getnetgrent_r(struct __netgrent *result, char *buffer, size_t buflen, int *errnop) { struct sss_cli_req_data rd; struct sss_nss_netgr_rep netgrrep; uint8_t *repbuf; size_t replen; enum nss_status nret; uint32_t num_entries; int ret; /* Caught once glibc passing in buffer == 0x0 */ if (!buffer || !buflen) return ERANGE; /* If we're already processing result data, continue to * return it. */ if (result->data != NULL && result->idx.position < result->data_size) { repbuf = (uint8_t *) result->data + result->idx.position; replen = result->data_size - result->idx.position; netgrrep.result = result; netgrrep.buffer = buffer; netgrrep.buflen = buflen; ret = sss_nss_getnetgr_readrep(&netgrrep, repbuf, &replen); if (ret != 0) { *errnop = ret; return NSS_STATUS_TRYAGAIN; } result->idx.position = result->data_size - replen; return NSS_STATUS_SUCCESS; } /* Release memory, if any */ CLEAR_NETGRENT_DATA(result); /* retrieve no more than SSS_NSS_MAX_ENTRIES at a time */ num_entries = SSS_NSS_MAX_ENTRIES; rd.len = sizeof(uint32_t); rd.data = &num_entries; nret = sss_nss_make_request(SSS_NSS_GETNETGRENT, &rd, &repbuf, &replen, errnop); if (nret != NSS_STATUS_SUCCESS) { return nret; } /* no results if not found */ if ((((uint32_t *)repbuf)[0] == 0) || (replen <= NETGR_METADATA_COUNT)) { free(repbuf); return NSS_STATUS_RETURN; } result->data = (char *) repbuf; result->data_size = replen; /* skip metadata fields */ result->idx.position = NETGR_METADATA_COUNT; /* call again ourselves, this will return the first result */ return internal_getnetgrent_r(result, buffer, buflen, errnop); } enum nss_status _nss_sss_getnetgrent_r(struct __netgrent *result, char *buffer, size_t buflen, int *errnop) { enum nss_status nret; sss_nss_lock(); nret = internal_getnetgrent_r(result, buffer, buflen, errnop); sss_nss_unlock(); return nret; } enum nss_status _nss_sss_endnetgrent(struct __netgrent *result) { enum nss_status nret; int errnop; sss_nss_lock(); /* make sure we do not have leftovers, and release memory */ CLEAR_NETGRENT_DATA(result); nret = sss_nss_make_request(SSS_NSS_ENDNETGRENT, NULL, NULL, NULL, &errnop); if (nret != NSS_STATUS_SUCCESS) { errno = errnop; } sss_nss_unlock(); return nret; } �����������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/idmap���������������������������������������������������0000644�0000000�0000000�00000000130�12320753521�017516� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 mtime=1396954961.64187496 30 atime=1396955003.535843846 29 ctime=1396954961.64187496 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/idmap/�������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�020024� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/idmap/PaxHeaders.13173/sss_nss_idmap.pc����������������������������������0000644�0000000�0000000�00000000132�12320753520�022765� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954960.438875848 30 atime=1396954961.047875399 30 ctime=1396954961.407875133 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/idmap/sss_nss_idmap.pc���������������������������������������������������0000664�0024127�0024127�00000000405�12320753520�023213� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������prefix=/usr/local exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include Name: sss_nss_idmap Description: NSS Responder ID-SID mapping interface Version: 1.11.5 Libs: -L${libdir} -lsss_nss_idmap Cflags: URL: http://fedorahosted.org/sssd/ �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/idmap/PaxHeaders.13173/sss_nss_idmap.doxy.in�����������������������������0000644�0000000�0000000�00000000074�12320753107�023761� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954960.446875843 30 ctime=1396954961.367875162 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/idmap/sss_nss_idmap.doxy.in����������������������������������������������0000664�0024127�0024127�00000175520�12320753107�024215� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Doxyfile 1.6.1 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project # # All text after a hash (#) is considered a comment and will be ignored # The format is: # TAG = value [value, ...] # For lists items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (" ") #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all # text before the first occurrence of this tag. Doxygen uses libiconv (or the # iconv built into libc) for the transcoding. See # http://www.gnu.org/software/libiconv for the list of possible encodings. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or a sequence of words surrounded # by quotes) that should identify the project. PROJECT_NAME = sss_nss_idmap # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or # if some version control system is used. PROJECT_NUMBER = @PACKAGE_VERSION@ # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. # If a relative path is entered, it will be relative to the location # where doxygen was started. If left blank the current directory will be used. OUTPUT_DIRECTORY = nss_idmap_doc # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create # 4096 sub-directories (in 2 levels) under the output directory of each output # format and will distribute the generated files over these directories. # Enabling this option can be useful when feeding doxygen a huge amount of # source files, where putting all generated files in the same directory would # otherwise cause performance problems for the file system. CREATE_SUBDIRS = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # The default language is English, other supported languages are: # Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, # Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, # Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English # messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, # Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrilic, Slovak, # Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will # include brief member descriptions after the members that are listed in # the file and class documentation (similar to JavaDoc). # Set to NO to disable this. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend # the brief description of a member or function before the detailed description. # Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator # that is used to form the text in various listings. Each string # in this list, if found as the leading text of the brief description, will be # stripped from the text and the result after processing the whole list, is # used as the annotated text. Otherwise, the brief description is used as-is. # If left blank, the following values are used ("$name" is automatically # replaced with the name of the entity): "The $name class" "The $name widget" # "The $name file" "is" "provides" "specifies" "contains" # "represents" "a" "an" "the" ABBREVIATE_BRIEF = "The $name class" \ "The $name widget" \ "The $name file" \ is \ provides \ specifies \ contains \ represents \ a \ an \ the # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # Doxygen will generate a detailed section even if there is only a brief # description. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full # path before files name in the file list and in the header files. If set # to NO the shortest path that makes the file name unique will be used. FULL_PATH_NAMES = YES # If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag # can be used to strip a user-defined part of the path. Stripping is # only done if one of the specified strings matches the left-hand part of # the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the # path to strip. STRIP_FROM_PATH = # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of # the path mentioned in the documentation of a class, which tells # the reader which header file to include in order to use a class. # If left blank only the name of the header file containing the class # definition is used. Otherwise one should specify the include paths that # are normally passed to the compiler using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter # (but less readable) file names. This can be useful is your file systems # doesn't support long names like on DOS, Mac, or CD-ROM. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen # will interpret the first line (until the first dot) of a JavaDoc-style # comment as the brief description. If set to NO, the JavaDoc # comments will behave just like regular Qt-style comments # (thus requiring an explicit @brief command for a brief description.) JAVADOC_AUTOBRIEF = YES # If the QT_AUTOBRIEF tag is set to YES then Doxygen will # interpret the first line (until the first dot) of a Qt-style # comment as the brief description. If set to NO, the comments # will behave just like regular Qt-style comments (thus requiring # an explicit \brief command for a brief description.) QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen # treat a multi-line C++ special comment block (i.e. a block of //! or /// # comments) as a brief description. This used to be the default behaviour. # The new default is to treat a multi-line C++ comment block as a detailed # description. Set this tag to YES if you prefer the old behaviour instead. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES (the default) then an undocumented # member inherits the documentation from any documented member that it # re-implements. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce # a new page for each member. If set to NO, the documentation of a member will # be part of the file/class/namespace that contains it. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. # Doxygen uses this value to replace tabs by spaces in code fragments. TAB_SIZE = 8 # This tag can be used to specify a number of aliases that acts # as commands in the documentation. An alias has the form "name=value". # For example adding "sideeffect=\par Side Effects:\n" will allow you to # put the command \sideeffect (or @sideeffect) in the documentation, which # will result in a user-defined paragraph with heading "Side Effects:". # You can put \n's in the value part of an alias to insert newlines. ALIASES = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C # sources only. Doxygen will then generate output that is more tailored for C. # For instance, some of the names that are used will be different. The list # of all members will be omitted, etc. OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java # sources only. Doxygen will then generate output that is more tailored for # Java. For instance, namespaces will be presented as packages, qualified # scopes will look different, etc. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources only. Doxygen will then generate output that is more tailored for # Fortran. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for # VHDL. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it parses. # With this tag you can assign which parser to use for a given extension. # Doxygen has a built-in mapping, but you can override or extend it using this tag. # The format is ext=language, where ext is a file extension, and language is one of # the parsers supported by doxygen: IDL, Java, Javascript, C#, C, C++, D, PHP, # Objective-C, Python, Fortran, VHDL, C, C++. For instance to make doxygen treat # .inc files as Fortran files (default is PHP), and .f files as C (default is Fortran), # use: inc=Fortran f=C. Note that for custom extensions you also need to set FILE_PATTERNS otherwise the files are not read by doxygen. EXTENSION_MAPPING = # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should # set this tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); v.s. # func(std::string) {}). This also make the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. # Doxygen will parse them like normal C++ but will assume all classes use public # instead of private inheritance when no explicit protection keyword is present. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate getter # and setter methods for a property. Setting this option to YES (the default) # will make doxygen to replace the get and set methods by a property in the # documentation. This will only work if the methods are indeed getting or # setting a simple type. If this is not the case, or you want to show the # methods anyway, you should set this option to NO. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES, then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. DISTRIBUTE_GROUP_DOC = NO # Set the SUBGROUPING tag to YES (the default) to allow class member groups of # the same type (for instance a group of public functions) to be put as a # subgroup of that type (e.g. under the Public Functions section). Set it to # NO to prevent subgrouping. Alternatively, this can be done per class using # the \nosubgrouping command. SUBGROUPING = YES # When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum # is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically # be useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. TYPEDEF_HIDES_STRUCT = NO # The SYMBOL_CACHE_SIZE determines the size of the internal cache use to # determine which symbols to keep in memory and which to flush to disk. # When the cache is full, less often used symbols will be written to disk. # For small to medium size projects (<1000 input files) the default value is # probably good enough. For larger projects a too small cache size can cause # doxygen to be busy swapping symbols to and from disk most of the time # causing a significant performance penality. # If the system has enough physical memory increasing the cache will improve the # performance by keeping more symbols in memory. Note that the value works on # a logarithmic scale so increasing the size by one will rougly double the # memory usage. The cache size is given by this formula: # 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, # corresponding to a cache size of 2^16 = 65536 symbols SYMBOL_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in # documentation are documented, even if no documentation was available. # Private class members and static file members will be hidden unless # the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES EXTRACT_ALL = NO # If the EXTRACT_PRIVATE tag is set to YES all private members of a class # will be included in the documentation. EXTRACT_PRIVATE = NO # If the EXTRACT_STATIC tag is set to YES all static members of a file # will be included in the documentation. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) # defined locally in source files will be included in the documentation. # If set to NO only classes defined in header files are included. EXTRACT_LOCAL_CLASSES = NO # This flag is only useful for Objective-C code. When set to YES local # methods, which are defined in the implementation section but not in # the interface are included in the documentation. # If set to NO (the default) only methods in the interface are included. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base # name of the file that contains the anonymous namespace. By default # anonymous namespace are hidden. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all # undocumented members of documented classes, files or namespaces. # If set to NO (the default) these members will be included in the # various overviews, but no documentation section is generated. # This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_MEMBERS = YES # If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. # If set to NO (the default) these classes will be included in the various # overviews. This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_CLASSES = YES # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all # friend (class|struct|union) declarations. # If set to NO (the default) these declarations will be included in the # documentation. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any # documentation blocks found inside the body of a function. # If set to NO (the default) these blocks will be appended to the # function's detailed documentation block. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation # that is typed after a \internal command is included. If the tag is set # to NO (the default) then the documentation will be excluded. # Set it to YES to include the internal documentation. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate # file names in lower-case letters. If set to YES upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen # will show members with their full class and namespace scopes in the # documentation. If set to YES the scope will be hidden. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen # will put a list of the files that are included by a file in the documentation # of that file. SHOW_INCLUDE_FILES = YES # If the INLINE_INFO tag is set to YES (the default) then a tag [inline] # is inserted in the documentation for inline members. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen # will sort the (detailed) documentation of file and class members # alphabetically by member name. If set to NO the members will appear in # declaration order. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the # brief documentation of file, namespace and class members alphabetically # by member name. If set to NO (the default) the members will appear in # declaration order. SORT_BRIEF_DOCS = NO # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the (brief and detailed) documentation of class members so that constructors and destructors are listed first. If set to NO (the default) the constructors will appear in the respective orders defined by SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the # hierarchy of group names into alphabetical order. If set to NO (the default) # the group names will appear in their defined order. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be # sorted by fully-qualified names, including namespaces. If set to # NO (the default), the class list will be sorted only by class name, # not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the # alphabetical list. SORT_BY_SCOPE_NAME = NO # The GENERATE_TODOLIST tag can be used to enable (YES) or # disable (NO) the todo list. This list is created by putting \todo # commands in the documentation. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or # disable (NO) the test list. This list is created by putting \test # commands in the documentation. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or # disable (NO) the bug list. This list is created by putting \bug # commands in the documentation. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or # disable (NO) the deprecated list. This list is created by putting # \deprecated commands in the documentation. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional # documentation sections, marked by \if sectionname ... \endif. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines # the initial value of a variable or define consists of for it to appear in # the documentation. If the initializer consists of more lines than specified # here it will be hidden. Use a value of 0 to hide initializers completely. # The appearance of the initializer of individual variables and defines in the # documentation can be controlled using \showinitializer or \hideinitializer # command in the documentation regardless of this setting. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated # at the bottom of the documentation of classes and structs. If set to YES the # list will mention the files that were used to generate the documentation. SHOW_USED_FILES = YES # If the sources in your project are distributed over multiple directories # then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy # in the documentation. The default is NO. SHOW_DIRECTORIES = NO # Set the SHOW_FILES tag to NO to disable the generation of the Files page. # This will remove the Files entry from the Quick Index and from the # Folder Tree View (if specified). The default is YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the # Namespaces page. # This will remove the Namespaces entry from the Quick Index # and from the Folder Tree View (if specified). The default is YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command <command> <input-file>, where <command> is the value of # the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file # provided by doxygen. Whatever the program writes to standard output # is used as the file version. See the manual for examples. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed by # doxygen. The layout file controls the global structure of the generated output files # in an output format independent way. The create the layout file that represents # doxygen's defaults, run doxygen with the -l option. You can optionally specify a # file name after the option, if omitted DoxygenLayout.xml will be used as the name # of the layout file. LAYOUT_FILE = #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated # by doxygen. Possible values are YES and NO. If left blank NO is used. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated by doxygen. Possible values are YES and NO. If left blank # NO is used. WARNINGS = YES # If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings # for undocumented members. If EXTRACT_ALL is set to YES then this flag will # automatically be disabled. WARN_IF_UNDOCUMENTED = YES # If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some # parameters in a documented function, or documenting parameters that # don't exist or using markup commands wrongly. WARN_IF_DOC_ERROR = YES # This WARN_NO_PARAMDOC option can be abled to get warnings for # functions that are documented, but have no documentation for their parameters # or return value. If set to NO (the default) doxygen will only warn about # wrong or incomplete parameter documentation, but not about the absence of # documentation. WARN_NO_PARAMDOC = NO # The WARN_FORMAT tag determines the format of the warning messages that # doxygen can produce. The string should contain the $file, $line, and $text # tags, which will be replaced by the file and line number from which the # warning originated and the warning text. Optionally the format may contain # $version, which will be replaced by the version of the file (if it could # be obtained via FILE_VERSION_FILTER) WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning # and error messages should be written. If left blank the output is written # to stderr. WARN_LOGFILE = #--------------------------------------------------------------------------- # configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag can be used to specify the files and/or directories that contain # documented source files. You may enter file names like "myfile.cpp" or # directories like "/usr/src/myproject". Separate the files or directories # with spaces. INPUT = @abs_top_srcdir@/src/sss_client/idmap/sss_nss_idmap.h # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is # also the default input encoding. Doxygen uses libiconv (or the iconv built # into libc) for the transcoding. See http://www.gnu.org/software/libiconv for # the list of possible encodings. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank the following patterns are tested: # *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx # *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 FILE_PATTERNS = *.cpp \ *.cc \ *.c \ *.h \ *.hh \ *.hpp \ *.dox # The RECURSIVE tag can be used to turn specify whether or not subdirectories # should be searched for input files as well. Possible values are YES and NO. # If left blank NO is used. RECURSIVE = NO # The EXCLUDE tag can be used to specify files and/or directories that should # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used select whether or not files or # directories that are symbolic links (a Unix filesystem feature) are excluded # from the input. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. Note that the wildcards are matched # against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* EXCLUDE_PATTERNS = */.git/* \ */.svn/* \ */cmake/* \ */build/* # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or # directories that contain example code fragments that are included (see # the \include command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank all files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude # commands irrespective of the value of the RECURSIVE tag. # Possible values are YES and NO. If left blank NO is used. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or # directories that contain image that are included in the documentation (see # the \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command <filter> <input-file>, where <filter> # is the value of the INPUT_FILTER tag, and <input-file> is the name of an # input file. Doxygen will then use the output that the filter program writes # to standard output. # If FILTER_PATTERNS is specified, this tag will be # ignored. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. # Doxygen will compare the file name with each pattern and apply the # filter if there is a match. # The filters are a list of the form: # pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further # info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER # is applied to all files. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will be used to filter the input files when producing source # files to browse (i.e. when SOURCE_BROWSER is set to YES). FILTER_SOURCE_FILES = NO #--------------------------------------------------------------------------- # configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will # be generated. Documented entities will be cross-referenced with these sources. # Note: To get rid of all source code in the generated output, make sure also # VERBATIM_HEADERS is set to NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body # of functions and classes directly in the documentation. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct # doxygen to hide any special comment blocks from generated source code # fragments. Normal C and C++ comments will always remain visible. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES # then for each documented function all documented # functions referencing it will be listed. REFERENCED_BY_RELATION = NO # If the REFERENCES_RELATION tag is set to YES # then for each documented function all documented entities # called/used by that function will be listed. REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES (the default) # and SOURCE_BROWSER tag is set to YES, then the hyperlinks from # functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will # link to the source code. # Otherwise they will link to the documentation. REFERENCES_LINK_SOURCE = YES # If the USE_HTAGS tag is set to YES then the references to source code # will point to the HTML generated by the htags(1) tool instead of doxygen # built-in source browser. The htags tool is part of GNU's global source # tagging system (see http://www.gnu.org/software/global/global.html). You # will need version 4.8.6 or higher. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen # will generate a verbatim copy of the header file for each class for # which an include is specified. Set to NO to disable this. VERBATIM_HEADERS = YES #--------------------------------------------------------------------------- # configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index # of all compounds will be generated. Enable this if the project # contains a lot of classes, structs, unions or interfaces. ALPHABETICAL_INDEX = NO # If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then # the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns # in which this list will be split (can be a number in the range [1..20]) COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all # classes will be put under the same header in the alphabetical index. # The IGNORE_PREFIX tag can be used to specify one or more prefixes that # should be ignored while generating the index headers. IGNORE_PREFIX = #--------------------------------------------------------------------------- # configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES (the default) Doxygen will # generate HTML output. GENERATE_HTML = YES # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated # HTML page will contain the date and time when the page was generated. Setting # this to NO can help when comparing the output of multiple runs. HTML_TIMESTAMP = NO # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `html' will be used as the default path. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for # each generated HTML page (for example: .htm,.php,.asp). If it is left blank # doxygen will generate files with .html extension. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a personal HTML header for # each generated HTML page. If it is left blank doxygen will generate a # standard header. HTML_HEADER = # The HTML_FOOTER tag can be used to specify a personal HTML footer for # each generated HTML page. If it is left blank doxygen will generate a # standard footer. HTML_FOOTER = # The HTML_STYLESHEET tag can be used to specify a user-defined cascading # style sheet that is used by each HTML page. It can be used to # fine-tune the look of the HTML output. If the tag is left blank doxygen # will generate a default style sheet. Note that doxygen will try to copy # the style sheet file to the HTML output directory, so don't put your own # stylesheet in the HTML output directory as well, or it will be erased! HTML_STYLESHEET = # If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, # files or namespaces will be aligned in HTML using tables. If set to # NO a bullet list will be used. HTML_ALIGN_MEMBERS = YES # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. For this to work a browser that supports # JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox # Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). HTML_DYNAMIC_SECTIONS = NO # If the GENERATE_DOCSET tag is set to YES, additional index files # will be generated that can be used as input for Apple's Xcode 3 # integrated development environment, introduced with OSX 10.5 (Leopard). # To create a documentation set, doxygen will generate a Makefile in the # HTML output directory. Running make will produce the docset in that # directory and running "make install" will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find # it at startup. # See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html for more information. GENERATE_DOCSET = NO # When GENERATE_DOCSET tag is set to YES, this tag determines the name of the # feed. A documentation feed provides an umbrella under which multiple # documentation sets from a single provider (such as a company or product suite) # can be grouped. DOCSET_FEEDNAME = "Doxygen generated docs" # When GENERATE_DOCSET tag is set to YES, this tag specifies a string that # should uniquely identify the documentation set bundle. This should be a # reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen # will append .docset to the name. DOCSET_BUNDLE_ID = org.doxygen.Project # If the GENERATE_HTMLHELP tag is set to YES, additional index files # will be generated that can be used as input for tools like the # Microsoft HTML help workshop to generate a compiled HTML help file (.chm) # of the generated HTML documentation. GENERATE_HTMLHELP = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can # be used to specify the file name of the resulting .chm file. You # can add a path in front of the file if the result should not be # written to the html output directory. CHM_FILE = # If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can # be used to specify the location (absolute path including file name) of # the HTML help compiler (hhc.exe). If non-empty doxygen will try to run # the HTML help compiler on the generated index.hhp. HHC_LOCATION = # If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag # controls if a separate .chi index file is generated (YES) or that # it should be included in the master .chm file (NO). GENERATE_CHI = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING # is used to encode HtmlHelp index (hhk), content (hhc) and project file # content. CHM_INDEX_ENCODING = # If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag # controls whether a binary table of contents is generated (YES) or a # normal table of contents (NO) in the .chm file. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members # to the contents of the HTML help documentation and to the tree view. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and QHP_VIRTUAL_FOLDER # are set, an additional index file will be generated that can be used as input for # Qt's qhelpgenerator to generate a Qt Compressed Help (.qch) of the generated # HTML documentation. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can # be used to specify the file name of the resulting .qch file. # The path specified is relative to the HTML output folder. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#namespace QHP_NAMESPACE = # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#virtual-folders QHP_VIRTUAL_FOLDER = doc # If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to add. # For more information please see # http://doc.trolltech.com/qthelpproject.html#custom-filters QHP_CUST_FILTER_NAME = # The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the custom filter to add.For more information please see # <a href="http://doc.trolltech.com/qthelpproject.html#custom-filters">Qt Help Project / Custom Filters</a>. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this project's # filter section matches. # <a href="http://doc.trolltech.com/qthelpproject.html#filter-attributes">Qt Help Project / Filter Attributes</a>. QHP_SECT_FILTER_ATTRS = # If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can # be used to specify the location of Qt's qhelpgenerator. # If non-empty doxygen will try to run qhelpgenerator on the generated # .qhp file. QHG_LOCATION = # The DISABLE_INDEX tag can be used to turn on/off the condensed index at # top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. DISABLE_INDEX = NO # This tag can be used to set the number of enum values (range [1..20]) # that doxygen will group on one line in the generated HTML documentation. ENUM_VALUES_PER_LINE = 4 # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. # If the tag value is set to YES, a side panel will be generated # containing a tree-like index structure (just like the one that # is generated for HTML Help). For this to work a browser that supports # JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). # Windows users are probably better off using the HTML help feature. GENERATE_TREEVIEW = NONE # By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories, # and Class Hierarchy pages using a tree view instead of an ordered list. USE_INLINE_TREES = NO # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be # used to set the initial width (in pixels) of the frame in which the tree # is shown. TREEVIEW_WIDTH = 250 # Use this tag to change the font size of Latex formulas included # as images in the HTML documentation. The default is 10. Note that # when you change the font size after a successful doxygen run you need # to manually remove any form_*.png images from the HTML output directory # to force them to be regenerated. FORMULA_FONTSIZE = 10 # When the SEARCHENGINE tag is enable doxygen will generate a search box for the HTML output. The underlying search engine uses javascript # and DHTML and should work on any modern browser. Note that when using HTML help (GENERATE_HTMLHELP) or Qt help (GENERATE_QHP) # there is already a search function so this one should typically # be disabled. SEARCHENGINE = NO #--------------------------------------------------------------------------- # configuration options related to the LaTeX output #--------------------------------------------------------------------------- # If the GENERATE_LATEX tag is set to YES (the default) Doxygen will # generate Latex output. GENERATE_LATEX = NO # The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `latex' will be used as the default path. LATEX_OUTPUT = latex # The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. If left blank `latex' will be used as the default command name. LATEX_CMD_NAME = latex # The MAKEINDEX_CMD_NAME tag can be used to specify the command name to # generate index for LaTeX. If left blank `makeindex' will be used as the # default command name. MAKEINDEX_CMD_NAME = makeindex # If the COMPACT_LATEX tag is set to YES Doxygen generates more compact # LaTeX documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_LATEX = NO # The PAPER_TYPE tag can be used to set the paper type that is used # by the printer. Possible values are: a4, a4wide, letter, legal and # executive. If left blank a4wide will be used. PAPER_TYPE = a4wide # The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX # packages that should be included in the LaTeX output. EXTRA_PACKAGES = # The LATEX_HEADER tag can be used to specify a personal LaTeX header for # the generated latex document. The header should contain everything until # the first chapter. If it is left blank doxygen will generate a # standard header. Notice: only use this tag if you know what you are doing! LATEX_HEADER = # If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated # is prepared for conversion to pdf (using ps2pdf). The pdf file will # contain links (just like the HTML output) instead of page references # This makes the output suitable for online browsing using a pdf viewer. PDF_HYPERLINKS = YES # If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of # plain latex in the generated Makefile. Set this option to YES to get a # higher quality PDF documentation. USE_PDFLATEX = YES # If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. # command to the generated LaTeX files. This will instruct LaTeX to keep # running if errors occur, instead of asking the user for help. # This option is also used when generating formulas in HTML. LATEX_BATCHMODE = NO # If LATEX_HIDE_INDICES is set to YES then doxygen will not # include the index chapters (such as File Index, Compound Index, etc.) # in the output. LATEX_HIDE_INDICES = NO # If LATEX_SOURCE_CODE is set to YES then doxygen will include source code with syntax highlighting in the LaTeX output. Note that which sources are shown also depends on other settings such as SOURCE_BROWSER. LATEX_SOURCE_CODE = NO #--------------------------------------------------------------------------- # configuration options related to the RTF output #--------------------------------------------------------------------------- # If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output # The RTF output is optimized for Word 97 and may not look very pretty with # other RTF readers or editors. GENERATE_RTF = NO # The RTF_OUTPUT tag is used to specify where the RTF docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `rtf' will be used as the default path. RTF_OUTPUT = rtf # If the COMPACT_RTF tag is set to YES Doxygen generates more compact # RTF documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_RTF = NO # If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated # will contain hyperlink fields. The RTF file will # contain links (just like the HTML output) instead of page references. # This makes the output suitable for online browsing using WORD or other # programs which support those fields. # Note: wordpad (write) and others do not support links. RTF_HYPERLINKS = NO # Load stylesheet definitions from file. Syntax is similar to doxygen's # config file, i.e. a series of assignments. You only have to provide # replacements, missing definitions are set to their default value. RTF_STYLESHEET_FILE = # Set optional variables used in the generation of an rtf document. # Syntax is similar to doxygen's config file. RTF_EXTENSIONS_FILE = #--------------------------------------------------------------------------- # configuration options related to the man page output #--------------------------------------------------------------------------- # If the GENERATE_MAN tag is set to YES (the default) Doxygen will # generate man pages GENERATE_MAN = NO # The MAN_OUTPUT tag is used to specify where the man pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `man' will be used as the default path. MAN_OUTPUT = man # The MAN_EXTENSION tag determines the extension that is added to # the generated man pages (default is the subroutine's section .3) MAN_EXTENSION = .3 # If the MAN_LINKS tag is set to YES and Doxygen generates man output, # then it will generate one additional man file for each entity # documented in the real man page(s). These additional files # only source the real man page, but without them the man command # would be unable to find the correct page. The default is NO. MAN_LINKS = NO #--------------------------------------------------------------------------- # configuration options related to the XML output #--------------------------------------------------------------------------- # If the GENERATE_XML tag is set to YES Doxygen will # generate an XML file that captures the structure of # the code including all documentation. GENERATE_XML = NO # The XML_OUTPUT tag is used to specify where the XML pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `xml' will be used as the default path. XML_OUTPUT = xml # The XML_SCHEMA tag can be used to specify an XML schema, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_SCHEMA = # The XML_DTD tag can be used to specify an XML DTD, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_DTD = # If the XML_PROGRAMLISTING tag is set to YES Doxygen will # dump the program listings (including syntax highlighting # and cross-referencing information) to the XML output. Note that # enabling this will significantly increase the size of the XML output. XML_PROGRAMLISTING = YES #--------------------------------------------------------------------------- # configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- # If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will # generate an AutoGen Definitions (see autogen.sf.net) file # that captures the structure of the code including all # documentation. Note that this feature is still experimental # and incomplete at the moment. GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- # configuration options related to the Perl module output #--------------------------------------------------------------------------- # If the GENERATE_PERLMOD tag is set to YES Doxygen will # generate a Perl module file that captures the structure of # the code including all documentation. Note that this # feature is still experimental and incomplete at the # moment. GENERATE_PERLMOD = NO # If the PERLMOD_LATEX tag is set to YES Doxygen will generate # the necessary Makefile rules, Perl scripts and LaTeX code to be able # to generate PDF and DVI output from the Perl module output. PERLMOD_LATEX = NO # If the PERLMOD_PRETTY tag is set to YES the Perl module output will be # nicely formatted so it can be parsed by a human reader. # This is useful # if you want to understand what is going on. # On the other hand, if this # tag is set to NO the size of the Perl module output will be much smaller # and Perl will parse it just the same. PERLMOD_PRETTY = YES # The names of the make variables in the generated doxyrules.make file # are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. # This is useful so different doxyrules.make files included by the same # Makefile don't overwrite each other's variables. PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- # If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will # evaluate all C-preprocessor directives found in the sources and include # files. ENABLE_PREPROCESSING = YES # If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro # names in the source code. If set to NO (the default) only conditional # compilation will be performed. Macro expansion can be done in a controlled # way by setting EXPAND_ONLY_PREDEF to YES. MACRO_EXPANSION = NO # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES # then the macro expansion is limited to the macros specified with the # PREDEFINED and EXPAND_AS_DEFINED tags. EXPAND_ONLY_PREDEF = NO # If the SEARCH_INCLUDES tag is set to YES (the default) the includes files # in the INCLUDE_PATH (see below) will be search if a #include is found. SEARCH_INCLUDES = YES # The INCLUDE_PATH tag can be used to specify one or more directories that # contain include files that are not input files but should be processed by # the preprocessor. INCLUDE_PATH = # You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard # patterns (like *.h and *.hpp) to filter out the header-files in the # directories. If left blank, the patterns specified with FILE_PATTERNS will # be used. INCLUDE_FILE_PATTERNS = # The PREDEFINED tag can be used to specify one or more macro names that # are defined before the preprocessor is started (similar to the -D option of # gcc). The argument of the tag is a list of macros of the form: name # or name=definition (no spaces). If the definition and the = are # omitted =1 is assumed. To prevent a macro definition from being # undefined via #undef or recursively expanded use the := operator # instead of the = operator. PREDEFINED = DOXYGEN # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # this tag can be used to specify a list of macro names that should be expanded. # The macro definition that is found in the sources will be used. # Use the PREDEFINED tag if you want to use a different macro definition. EXPAND_AS_DEFINED = # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then # doxygen's preprocessor will remove all function-like macros that are alone # on a line, have an all uppercase name, and do not end with a semicolon. Such # function macros are typically used for boiler-plate code, and will confuse # the parser if not removed. SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- # Configuration::additions related to external references #--------------------------------------------------------------------------- # The TAGFILES option can be used to specify one or more tagfiles. # Optionally an initial location of the external documentation # can be added for each tagfile. The format of a tag file without # this location is as follows: # # TAGFILES = file1 file2 ... # Adding location for the tag files is done as follows: # # TAGFILES = file1=loc1 "file2 = loc2" ... # where "loc1" and "loc2" can be relative or absolute paths or # URLs. If a location is present for each tag, the installdox tool # does not have to be run to correct the links. # Note that each tag file must have a unique name # (where the name does NOT include the path) # If a tag file is not located in the directory in which doxygen # is run, you must also specify the path to the tagfile here. TAGFILES = # When a file name is specified after GENERATE_TAGFILE, doxygen will create # a tag file that is based on the input files it reads. GENERATE_TAGFILE = # If the ALLEXTERNALS tag is set to YES all external classes will be listed # in the class index. If set to NO only the inherited external classes # will be listed. ALLEXTERNALS = NO # If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed # in the modules index. If set to NO, only the current project's groups will # be listed. EXTERNAL_GROUPS = YES # The PERL_PATH should be the absolute path and name of the perl script # interpreter (i.e. the result of `which perl'). PERL_PATH = /usr/bin/perl #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- # If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will # generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base # or super classes. Setting the tag to NO turns the diagrams off. Note that # this option is superseded by the HAVE_DOT option below. This is only a # fallback. It is recommended to install and use dot, since it yields more # powerful graphs. CLASS_DIAGRAMS = YES # You can define message sequence charts within doxygen comments using the \msc # command. Doxygen will then run the mscgen tool (see # http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the # documentation. The MSCGEN_PATH tag allows you to specify the directory where # the mscgen tool resides. If left empty the tool is assumed to be found in the # default search path. MSCGEN_PATH = # If set to YES, the inheritance and collaboration graphs will hide # inheritance and usage relations if the target is undocumented # or is not a class. HIDE_UNDOC_RELATIONS = YES # If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is # available from the path. This tool is part of Graphviz, a graph visualization # toolkit from AT&T and Lucent Bell Labs. The other options in this section # have no effect if this option is set to NO (the default) HAVE_DOT = NO # By default doxygen will write a font called FreeSans.ttf to the output # directory and reference it in all dot files that doxygen generates. This # font does not include all possible unicode characters however, so when you need # these (or just want a differently looking font) you can specify the font name # using DOT_FONTNAME. You need need to make sure dot is able to find the font, # which can be done by putting it in a standard location or by setting the # DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory # containing the font. DOT_FONTNAME = FreeSans # The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. # The default size is 10pt. DOT_FONTSIZE = 10 # By default doxygen will tell dot to use the output directory to look for the # FreeSans.ttf font (which doxygen will put there itself). If you specify a # different font using DOT_FONTNAME you can set the path where dot # can find it using this tag. DOT_FONTPATH = # If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect inheritance relations. Setting this tag to YES will force the # the CLASS_DIAGRAMS tag to NO. CLASS_GRAPH = YES # If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect implementation dependencies (inheritance, containment, and # class references variables) of the class with other documented classes. COLLABORATION_GRAPH = YES # If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen # will generate a graph for groups, showing the direct groups dependencies GROUP_GRAPHS = YES # If the UML_LOOK tag is set to YES doxygen will generate inheritance and # collaboration diagrams in a style similar to the OMG's Unified Modeling # Language. UML_LOOK = NO # If set to YES, the inheritance and collaboration graphs will show the # relations between templates and their instances. TEMPLATE_RELATIONS = NO # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT # tags are set to YES then doxygen will generate a graph for each documented # file showing the direct and indirect include dependencies of the file with # other documented files. INCLUDE_GRAPH = YES # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and # HAVE_DOT tags are set to YES then doxygen will generate a graph for each # documented header file showing the documented files that directly or # indirectly include this file. INCLUDED_BY_GRAPH = YES # If the CALL_GRAPH and HAVE_DOT options are set to YES then # doxygen will generate a call dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable call graphs # for selected functions only using the \callgraph command. CALL_GRAPH = NO # If the CALLER_GRAPH and HAVE_DOT tags are set to YES then # doxygen will generate a caller dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable caller # graphs for selected functions only using the \callergraph command. CALLER_GRAPH = NO # If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen # will graphical hierarchy of all classes instead of a textual one. GRAPHICAL_HIERARCHY = YES # If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES # then doxygen will show the dependencies a directory has on other directories # in a graphical way. The dependency relations are determined by the #include # relations between the files in the directories. DIRECTORY_GRAPH = YES # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images # generated by dot. Possible values are png, jpg, or gif # If left blank png will be used. DOT_IMAGE_FORMAT = png # The tag DOT_PATH can be used to specify the path where the dot tool can be # found. If left blank, it is assumed the dot tool can be found in the path. DOT_PATH = # The DOTFILE_DIRS tag can be used to specify one or more directories that # contain dot files that are included in the documentation (see the # \dotfile command). DOTFILE_DIRS = # The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of # nodes that will be shown in the graph. If the number of nodes in a graph # becomes larger than this value, doxygen will truncate the graph, which is # visualized by representing a node as a red box. Note that doxygen if the # number of direct children of the root node in a graph is already larger than # DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note # that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. DOT_GRAPH_MAX_NODES = 50 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the # graphs generated by dot. A depth value of 3 means that only nodes reachable # from the root by following a path via at most 3 edges will be shown. Nodes # that lay further from the root node will be omitted. Note that setting this # option to 1 or 2 may greatly reduce the computation time needed for large # code bases. Also note that the size of a graph can be further restricted by # DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. MAX_DOT_GRAPH_DEPTH = 0 # Set the DOT_TRANSPARENT tag to YES to generate images with a transparent # background. This is disabled by default, because dot on Windows does not # seem to support this out of the box. Warning: Depending on the platform used, # enabling this option may lead to badly anti-aliased labels on the edges of # a graph (i.e. they become hard to read). DOT_TRANSPARENT = YES # Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output # files in one run (i.e. multiple -o and -T options on the command line). This # makes dot run faster, but since only newer versions of dot (>1.8.10) # support this, this feature is disabled by default. DOT_MULTI_TARGETS = NO # If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will # generate a legend page explaining the meaning of the various boxes and # arrows in the dot generated graphs. GENERATE_LEGEND = YES # If the DOT_CLEANUP tag is set to YES (the default) Doxygen will # remove the intermediate dot files that are used to generate # the various graphs. DOT_CLEANUP = YES ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/idmap/PaxHeaders.13173/sss_nss_idmap.pc.in�������������������������������0000644�0000000�0000000�00000000073�12320753107�023377� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954960.43687585 30 ctime=1396954961.366875163 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/idmap/sss_nss_idmap.pc.in������������������������������������������������0000664�0024127�0024127�00000000373�12320753107�023625� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ includedir=@includedir@ Name: sss_nss_idmap Description: NSS Responder ID-SID mapping interface Version: @VERSION@ Libs: -L${libdir} -lsss_nss_idmap Cflags: URL: http://fedorahosted.org/sssd/ ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/idmap/PaxHeaders.13173/sss_nss_idmap.c�����������������������������������0000644�0000000�0000000�00000000073�12320753107�022612� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 29 ctime=1396954961.64187496 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/idmap/sss_nss_idmap.c����������������������������������������������������0000664�0024127�0024127�00000012374�12320753107�023044� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD NSS Responder Interface for ID-SID mappings Authors: Sumit Bose <sbose@redhat.com> Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <stdlib.h> #include <errno.h> #include <nss.h> #include "sss_client/sss_cli.h" #include "sss_client/idmap/sss_nss_idmap.h" #include "util/strtonum.h" #define DATA_START (3 * sizeof(uint32_t)) union input { const char *str; uint32_t id; }; struct output { enum sss_id_type type; union { char *str; uint32_t id; } d; }; int nss_status_to_errno(enum nss_status nret) { switch (nret) { case NSS_STATUS_TRYAGAIN: return EAGAIN; case NSS_STATUS_SUCCESS: return EOK; case NSS_STATUS_UNAVAIL: default: return ENOENT; } return EINVAL; } static int sss_nss_getyyybyxxx(union input inp, enum sss_cli_command cmd , struct output *out) { int ret; size_t inp_len; struct sss_cli_req_data rd; uint8_t *repbuf = NULL; size_t replen; int errnop; enum nss_status nret; uint32_t num_results; char *str = NULL; size_t data_len; uint32_t c; switch (cmd) { case SSS_NSS_GETSIDBYNAME: case SSS_NSS_GETNAMEBYSID: case SSS_NSS_GETIDBYSID: ret = sss_strnlen(inp.str, SSS_NAME_MAX, &inp_len); if (ret != EOK) { return EINVAL; } rd.len = inp_len + 1; rd.data = inp.str; break; case SSS_NSS_GETSIDBYID: rd.len = sizeof(uint32_t); rd.data = &inp.id; break; default: return EINVAL; } sss_nss_lock(); nret = sss_nss_make_request(cmd, &rd, &repbuf, &replen, &errnop); if (nret != NSS_STATUS_SUCCESS) { ret = nss_status_to_errno(nret); goto done; } if (replen < 8) { ret = EBADMSG; goto done; } num_results = ((uint32_t *)repbuf)[0]; if (num_results == 0) { ret = ENOENT; goto done; } else if (num_results > 1) { ret = EBADMSG; goto done; } out->type = ((uint32_t *)repbuf)[2]; data_len = replen - DATA_START; switch(cmd) { case SSS_NSS_GETSIDBYID: case SSS_NSS_GETSIDBYNAME: case SSS_NSS_GETNAMEBYSID: if (data_len <= 1 || repbuf[replen - 1] != '\0') { ret = EBADMSG; goto done; } str = malloc(sizeof(char) * data_len); if (str == NULL) { ret = ENOMEM; goto done; } strncpy(str, (char *) repbuf + DATA_START, data_len); out->d.str = str; break; case SSS_NSS_GETIDBYSID: if (data_len != sizeof(uint32_t)) { ret = EBADMSG; goto done; } SAFEALIGN_COPY_UINT32(&c, repbuf + DATA_START, NULL); out->d.id = c; break; default: ret = EINVAL; goto done; } ret = EOK; done: sss_nss_unlock(); free(repbuf); if (ret != EOK) { free(str); } return ret; } int sss_nss_getsidbyname(const char *fq_name, char **sid, enum sss_id_type *type) { int ret; union input inp; struct output out; if (sid == NULL || fq_name == NULL || *fq_name == '\0') { return EINVAL; } inp.str = fq_name; ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETSIDBYNAME, &out); if (ret == EOK) { *sid = out.d.str; *type = out.type; } return ret; } int sss_nss_getsidbyid(uint32_t id, char **sid, enum sss_id_type *type) { int ret; union input inp; struct output out; if (sid == NULL) { return EINVAL; } inp.id = id; ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETSIDBYID, &out); if (ret == EOK) { *sid = out.d.str; *type = out.type; } return ret; } int sss_nss_getnamebysid(const char *sid, char **fq_name, enum sss_id_type *type) { int ret; union input inp; struct output out; if (fq_name == NULL || sid == NULL || *sid == '\0') { return EINVAL; } inp.str = sid; ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETNAMEBYSID, &out); if (ret == EOK) { *fq_name = out.d.str; *type = out.type; } return ret; } int sss_nss_getidbysid(const char *sid, uint32_t *id, enum sss_id_type *id_type) { int ret; union input inp; struct output out; if (id == NULL || id_type == NULL || sid == NULL || *sid == '\0') { return EINVAL; } inp.str = sid; ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETIDBYSID, &out); if (ret == EOK) { *id = out.d.id; *id_type = out.type; } return ret; } ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/idmap/PaxHeaders.13173/sss_nss_idmap.h�����������������������������������0000644�0000000�0000000�00000000074�12320753107�022620� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.511875056 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/idmap/sss_nss_idmap.h����������������������������������������������������0000664�0024127�0024127�00000006206�12320753107�023046� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD NSS Responder ID-mapping interface Authors: Sumit Bose <sbose@redhat.com> Copyright (C) 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifndef SSS_NSS_IDMAP_H_ #define SSS_NSS_IDMAP_H_ #include <stdint.h> /** * Object types */ enum sss_id_type { SSS_ID_TYPE_NOT_SPECIFIED = 0, SSS_ID_TYPE_UID, SSS_ID_TYPE_GID, SSS_ID_TYPE_BOTH /* used for user or magic private groups */ }; /** * @brief Find SID by fully qualified name * * @param[in] fq_name Fully qualified name of a user or a group * @param[out] sid String representation of the SID of the requested user * or group, must be freed by the caller * @param[out] type Type of the object related to the given name * * @return * - 0 (EOK): success, sid contains the requested SID * - ENOENT: requested object was not found in the domain extracted from the given name * - ENETUNREACH: SSSD does not know how to handle the domain extracted from the given name * - ENOSYS: this call is not supported by the configured provider * - EINVAL: input cannot be parsed * - EIO: remote servers cannot be reached * - EFAULT: any other error */ int sss_nss_getsidbyname(const char *fq_name, char **sid, enum sss_id_type *type); /** * @brief Find SID by a POSIX UID or GID * * @param[in] id POSIX UID or GID * @param[out] sid String representation of the SID of the requested user * or group, must be freed by the caller * @param[out] type Type of the object related to the given ID * * @return * - see #sss_nss_getsidbyname */ int sss_nss_getsidbyid(uint32_t id, char **sid, enum sss_id_type *type); /** * @brief Return the fully qualified name for the given SID * * @param[in] sid String representation of the SID * @param[out] fq_name Fully qualified name of a user or a group, * must be freed by the caller * @param[out] type Type of the object related to the SID * * @return * - see #sss_nss_getsidbyname */ int sss_nss_getnamebysid(const char *sid, char **fq_name, enum sss_id_type *type); /** * @brief Return the POSIX ID for the given SID * * @param[in] sid String representation of the SID * @param[out] id POSIX ID related to the SID * @param[out] id_type Type of the object related to the SID * * @return * - see #sss_nss_getsidbyname */ int sss_nss_getidbysid(const char *sid, uint32_t *id, enum sss_id_type *id_type); #endif /* SSS_NSS_IDMAP_H_ */ ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/sss_nss.exports�����������������������������������������0000644�0000000�0000000�00000000074�12320753107�021631� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 30 ctime=1396954961.395875142 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sss_nss.exports����������������������������������������������������������0000664�0024127�0024127�00000002630�12320753107�022054� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������EXPORTED { # public functions global: _nss_sss_getpwnam_r; _nss_sss_getpwuid_r; _nss_sss_setpwent; _nss_sss_getpwent_r; _nss_sss_endpwent; _nss_sss_getgrnam_r; _nss_sss_getgrgid_r; _nss_sss_setgrent; _nss_sss_getgrent_r; _nss_sss_endgrent; _nss_sss_initgroups_dyn; #_nss_sss_getaliasbyname_r; #_nss_sss_setaliasent; #_nss_sss_getaliasent_r; #_nss_sss_endaliasent; #_nss_sss_gethostton_r; #_nss_sss_getntohost_r; #_nss_sss_setetherent; #_nss_sss_getetherent_r; #_nss_sss_endetherent; #_nss_sss_gethostbyname_r; #_nss_sss_gethostbyname2_r; #_nss_sss_gethostbyaddr_r; #_nss_sss_sethostent; #_nss_sss_gethostent_r; #_nss_sss_endhostent; _nss_sss_setnetgrent; _nss_sss_getnetgrent_r; _nss_sss_endnetgrent; #_nss_sss_getnetbyname_r; #_nss_sss_getnetbyaddr_r; #_nss_sss_setnetent; #_nss_sss_getnetent_r; #_nss_sss_endnetent; #_nss_sss_getprotobyname_r; #_nss_sss_getprotobynumber_r; #_nss_sss_setprotoent; #_nss_sss_getprotoent_r; #_nss_sss_endprotoent; #_nss_sss_getrpcbyname_r; #_nss_sss_getrpcbynumber_r; #_nss_sss_setrpcent; #_nss_sss_getrpcent_r; #_nss_sss_endrpcent; _nss_sss_getservbyname_r; _nss_sss_getservbyport_r; _nss_sss_setservent; _nss_sss_getservent_r; _nss_sss_endservent; #_nss_sss_getspnam_r; #_nss_sss_setspent; #_nss_sss_getspent_r; #_nss_sss_endspent; # everything else is local local: *; }; ��������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/sss_sudo.exports����������������������������������������0000644�0000000�0000000�00000000073�12320753107�021777� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 29 ctime=1396954961.39787514 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sss_sudo.exports���������������������������������������������������������0000664�0024127�0024127�00000000324�12320753107�022221� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������EXPORTED { # public functions global: sss_sudo_send_recv; sss_sudo_send_recv_defaults; sss_sudo_free_result; sss_sudo_get_values; sss_sudo_free_values; # everything else is local local: *; }; ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/sss_cli.h�����������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020320� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 30 ctime=1396954961.540875035 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sss_cli.h����������������������������������������������������������������0000664�0024127�0024127�00000051563�12320753107�020554� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD Client Interface for NSS and PAM. Authors: Simo Sorce <ssorce@redhat.com> Copyright (C) Red Hat, Inc 2007 This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifndef _SSSCLI_H #define _SSSCLI_H #include <nss.h> #include <pwd.h> #include <grp.h> #include <string.h> #include <stdint.h> #include <limits.h> #include "util/util_safealign.h" #ifndef HAVE_ERRNO_T #define HAVE_ERRNO_T typedef int errno_t; #endif #ifndef EOK #define EOK 0 #endif #define SSS_NSS_PROTOCOL_VERSION 1 #define SSS_PAM_PROTOCOL_VERSION 3 #define SSS_SUDO_PROTOCOL_VERSION 1 #define SSS_AUTOFS_PROTOCOL_VERSION 1 #define SSS_SSH_PROTOCOL_VERSION 0 #define SSS_PAC_PROTOCOL_VERSION 1 #ifdef LOGIN_NAME_MAX #define SSS_NAME_MAX LOGIN_NAME_MAX #else #define SSS_NAME_MAX 256 #endif /** * @defgroup sss_cli_command SSS client commands * @{ */ /** The allowed commands a SSS client can send to the SSSD */ enum sss_cli_command { /* null */ SSS_CLI_NULL = 0x0000, /* version */ SSS_GET_VERSION = 0x0001, /* passwd */ SSS_NSS_GETPWNAM = 0x0011, SSS_NSS_GETPWUID = 0x0012, SSS_NSS_SETPWENT = 0x0013, SSS_NSS_GETPWENT = 0x0014, SSS_NSS_ENDPWENT = 0x0015, /* group */ SSS_NSS_GETGRNAM = 0x0021, SSS_NSS_GETGRGID = 0x0022, SSS_NSS_SETGRENT = 0x0023, SSS_NSS_GETGRENT = 0x0024, SSS_NSS_ENDGRENT = 0x0025, SSS_NSS_INITGR = 0x0026, #if 0 /* aliases */ SSS_NSS_GETALIASBYNAME = 0x0031, SSS_NSS_GETALIASBYPORT = 0x0032, SSS_NSS_SETALIASENT = 0x0033, SSS_NSS_GETALIASENT = 0x0034, SSS_NSS_ENDALIASENT = 0x0035, /* ethers */ SSS_NSS_GETHOSTTON = 0x0041, SSS_NSS_GETNTOHOST = 0x0042, SSS_NSS_SETETHERENT = 0x0043, SSS_NSS_GETETHERENT = 0x0044, SSS_NSS_ENDETHERENT = 0x0045, /* hosts */ SSS_NSS_GETHOSTBYNAME = 0x0051, SSS_NSS_GETHOSTBYNAME2 = 0x0052, SSS_NSS_GETHOSTBYADDR = 0x0053, SSS_NSS_SETHOSTENT = 0x0054, SSS_NSS_GETHOSTENT = 0x0055, SSS_NSS_ENDHOSTENT = 0x0056, #endif /* netgroup */ SSS_NSS_SETNETGRENT = 0x0061, SSS_NSS_GETNETGRENT = 0x0062, SSS_NSS_ENDNETGRENT = 0x0063, /* SSS_NSS_INNETGR = 0x0064, */ #if 0 /* networks */ SSS_NSS_GETNETBYNAME = 0x0071, SSS_NSS_GETNETBYADDR = 0x0072, SSS_NSS_SETNETENT = 0x0073, SSS_NSS_GETNETENT = 0x0074, SSS_NSS_ENDNETENT = 0x0075, /* protocols */ SSS_NSS_GETPROTOBYNAME = 0x0081, SSS_NSS_GETPROTOBYNUM = 0x0082, SSS_NSS_SETPROTOENT = 0x0083, SSS_NSS_GETPROTOENT = 0x0084, SSS_NSS_ENDPROTOENT = 0x0085, /* rpc */ SSS_NSS_GETRPCBYNAME = 0x0091, SSS_NSS_GETRPCBYNUM = 0x0092, SSS_NSS_SETRPCENT = 0x0093, SSS_NSS_GETRPCENT = 0x0094, SSS_NSS_ENDRPCENT = 0x0095, #endif /* services */ SSS_NSS_GETSERVBYNAME = 0x00A1, SSS_NSS_GETSERVBYPORT = 0x00A2, SSS_NSS_SETSERVENT = 0x00A3, SSS_NSS_GETSERVENT = 0x00A4, SSS_NSS_ENDSERVENT = 0x00A5, #if 0 /* shadow */ SSS_NSS_GETSPNAM = 0x00B1, SSS_NSS_GETSPUID = 0x00B2, SSS_NSS_SETSPENT = 0x00B3, SSS_NSS_GETSPENT = 0x00B4, SSS_NSS_ENDSPENT = 0x00B5, #endif /* SUDO */ SSS_SUDO_GET_SUDORULES = 0x00C1, SSS_SUDO_GET_DEFAULTS = 0x00C2, /* autofs */ SSS_AUTOFS_SETAUTOMNTENT = 0x00D1, SSS_AUTOFS_GETAUTOMNTENT = 0x00D2, SSS_AUTOFS_GETAUTOMNTBYNAME = 0x00D3, SSS_AUTOFS_ENDAUTOMNTENT = 0x00D4, /* SSH */ SSS_SSH_GET_USER_PUBKEYS = 0x00E1, SSS_SSH_GET_HOST_PUBKEYS = 0x00E2, /* PAM related calls */ SSS_PAM_AUTHENTICATE = 0x00F1, /**< see pam_sm_authenticate(3) for * details. * * Additionally we allow sssd to send * the return code PAM_NEW_AUTHTOK_REQD * during authentication if the * authentication was successful but * the authentication token is expired. * To meet the standards of libpam we * return PAM_SUCCESS for * authentication and set a flag so * that the account management module * can return PAM_NEW_AUTHTOK_REQD if * sssd return success for account * management. We do this to reduce the * communication with external servers, * because there are cases, e.g. * Kerberos authentication, where the * information that the password is * expired is already available during * authentication. */ SSS_PAM_SETCRED = 0x00F2, /**< see pam_sm_setcred(3) for * details */ SSS_PAM_ACCT_MGMT = 0x00F3, /**< see pam_sm_acct_mgmt(3) for * details */ SSS_PAM_OPEN_SESSION = 0x00F4, /**< see pam_sm_open_session(3) for * details */ SSS_PAM_CLOSE_SESSION = 0x00F5, /**< see pam_sm_close_session(3) for *details */ SSS_PAM_CHAUTHTOK = 0x00F6, /**< second run of the password change * operation where the PAM_UPDATE_AUTHTOK * flag is set and the real change may * happen, see pam_sm_chauthtok(3) for * details */ SSS_PAM_CHAUTHTOK_PRELIM = 0x00F7, /**< first run of the password change * operation where the PAM_PRELIM_CHECK * flag is set, see pam_sm_chauthtok(3) * for details */ SSS_CMD_RENEW = 0x00F8, /**< Renew a credential with a limited * lifetime, e.g. a Kerberos Ticket * Granting Ticket (TGT) */ /* PAC responder calls */ SSS_PAC_ADD_PAC_USER = 0x0101, /* ID-SID mapping calls */ SSS_NSS_GETSIDBYNAME = 0x0111, /**< Takes a zero terminated fully qualified name and returns the zero terminated string representation of the SID of the object with the given name. */ SSS_NSS_GETSIDBYID = 0x0112, /**< Takes an unsigned 32bit integer (POSIX ID) and returns the zero terminated string representation of the SID of the object with the given ID. */ SSS_NSS_GETNAMEBYSID = 0x0113, /**< Takes the zero terminated string representation of a SID and returns the zero terminated fully qualified name of the related object. */ SSS_NSS_GETIDBYSID = 0x0114, /**< Takes the zero terminated string representation of a SID and returns and returns the POSIX ID of the related object as unsigned 32bit integer value and another unsigned 32bit integer value indicating the type (unknown, user, group, both) of the object. */ }; /** * @} */ /* end of group sss_cli_command */ /** * @defgroup sss_pam SSSD and PAM * * SSSD offers authentication and authorization via PAM * * The SSSD provides a PAM client modules pam_sss which can be called from the * PAM stack of the operation system. pam_sss will collect all the data about * the user from the PAM stack and sends them via a socket to the PAM * responder of the SSSD. The PAM responder selects the appropriate backend * and forwards the data via DBUS to the backend. The backend preforms the * requested operation and sends the result expressed by a PAM return value * and optional additional information back to the PAM responder. Finally the * PAM responder forwards the response back to the client. * * @{ */ /** * @} */ /* end of group sss_pam */ /** * @defgroup sss_authtok_type Authentication Tokens * @ingroup sss_pam * * To indicate to the components of the SSSD how to handle the authentication * token the client sends the type of the authentication token to the SSSD. * * @{ */ /** The different types of authentication tokens */ enum sss_authtok_type { SSS_AUTHTOK_TYPE_EMPTY = 0x0000, /**< No authentication token * available */ SSS_AUTHTOK_TYPE_PASSWORD = 0x0001, /**< Authentication token is a * password, it may or may no contain * a trailing \\0 */ SSS_AUTHTOK_TYPE_CCFILE = 0x0002, /**< Authentication token is a path to * a Kerberos credential cache file, * it may or may no contain * a trailing \\0 */ }; /** * @} */ /* end of group sss_authtok_type */ #define SSS_START_OF_PAM_REQUEST 0x4d415049 #define SSS_END_OF_PAM_REQUEST 0x4950414d enum pam_item_type { SSS_PAM_ITEM_EMPTY = 0x0000, SSS_PAM_ITEM_USER, SSS_PAM_ITEM_SERVICE, SSS_PAM_ITEM_TTY, SSS_PAM_ITEM_RUSER, SSS_PAM_ITEM_RHOST, SSS_PAM_ITEM_AUTHTOK, SSS_PAM_ITEM_NEWAUTHTOK, SSS_PAM_ITEM_CLI_LOCALE, SSS_PAM_ITEM_CLI_PID, }; #define SSS_NSS_MAX_ENTRIES 256 #define SSS_NSS_HEADER_SIZE (sizeof(uint32_t) * 4) struct sss_cli_req_data { size_t len; const void *data; }; /* this is in milliseconds, wait up to 300 seconds */ #define SSS_CLI_SOCKET_TIMEOUT 300000 enum sss_status { SSS_STATUS_TRYAGAIN, SSS_STATUS_UNAVAIL, SSS_STATUS_SUCCESS }; /** * @defgroup sss_pam_cli Responses to the PAM client * @ingroup sss_pam * @{ */ /** * @defgroup response_type Messages from the server * @ingroup sss_pam_cli * * SSSD can send different kind of information back to the client. * A response from the SSSD can contain 0 or more messages. Each message * contains a type tag and the size of the message data, both are unsigned * 32-bit integer values, followed be the message specific data. * * If the message is generated by a backend it is send back to the PAM * responder via a D-BUS message in an array of D-BUS structs. The struct * consists of a DBUS_TYPE_UINT32 for the tag and a DBUS_TYPE_ARRAY to hold * the message. * * Examples: * - #SSS_PAM_ENV_ITEM, * <pre> * ------------------------------------ * | uint32_t | uint32_t | uint8_t[4] | * | 0x03 | 0x04 | a=b\\0 | * ------------------------------------ * </pre> * @{ */ /** Types of different messages */ enum response_type { SSS_PAM_SYSTEM_INFO = 0x01, /**< Message for the system log. * @param String, zero terminated. */ SSS_PAM_DOMAIN_NAME, /**< Name of the domain the user belongs too. * This messages is generated by the PAM responder. * @param String, zero terminated, with the domain * name. */ SSS_PAM_ENV_ITEM, /**< Set and environment variable with pam_putenv(3). * @param String, zero terminated, of the form * name=value. See pam_putenv(3) for details. */ SSS_ENV_ITEM, /**< Set and environment variable with putenv(3). * @param String, zero terminated, of the form * name=value. See putenv(3) for details. */ SSS_ALL_ENV_ITEM, /**< Set and environment variable with putenv(3) and * pam_putenv(3). * @param String, zero terminated, of the form * name=value. See putenv(3) and pam_putenv(3) for * details. */ SSS_PAM_USER_INFO, /**< A message which should be displayed to the user. * @param User info message, see #user_info_type * for details. */ SSS_PAM_TEXT_MSG, /**< A plain text message which should be displayed to * the user.This should only be used in the case where * it is not possile to use SSS_PAM_USER_INFO. * @param A zero terminated string. */ SSS_OTP, /**< Indicates that the autotok was a OTP, so don't * cache it. There is no message. * @param None. */ }; /** * @defgroup user_info_type User info messages * @ingroup response_type * * To achieve a consistent user experience and to facilitate * internationalization all messages show to the user are generate by the PAM * client and not by the SSSD server components. To indicate what message the * client should display to the user SSSD can send a #SSS_PAM_USER_INFO message * where the data part contains one of the following tags as an unsigned * 32-bit integer value and optional data. * * Examples: * - #SSS_PAM_USER_INFO_OFFLINE_CHPASS * <pre> * ---------------------------------- * | uint32_t | uint32_t | uint32_t | * | 0x06 | 0x01 | 0x03 | * ---------------------------------- * </pre> * - #SSS_PAM_USER_INFO_CHPASS_ERROR * <pre> * ---------------------------------------------------------- * | uint32_t | uint32_t | uint32_t | uint32_t | uint8_t[3] | * | 0x06 | 0x05 | 0x04 | 0x03 | abc | * ---------------------------------------------------------- * </pre> * @{ */ /** Different types of user messages */ enum user_info_type { SSS_PAM_USER_INFO_OFFLINE_AUTH = 0x01, /**< Inform the user that the * authentication happened offline. * This message is generated by the * PAM responder. * @param Time when the cached * password will expire in seconds * since the UNIX Epoch as returned * by time(2) as int64_t. A value * of zero indicates that the * cached password will never * expire. */ SSS_PAM_USER_INFO_OFFLINE_AUTH_DELAYED, /**< Tell the user how low a new * authentication is delayed. This * message is generated by the PAM * responder. * @param Time when an * authentication is allowed again * in seconds since the UNIX Epoch * as returned by time(2) as * int64_t. */ SSS_PAM_USER_INFO_OFFLINE_CHPASS, /**< * Tell the user that it is not * possible to change the password while * the system is offline. This message * is generated by the PAM responder. */ SSS_PAM_USER_INFO_OTP_CHPASS, /**< Tell the user that he needs to kinit * or login and logout to get a TGT after * an OTP password change */ SSS_PAM_USER_INFO_CHPASS_ERROR, /**< Tell the user that a password change * failed and optionally give a reason. * @param Size of the message as unsigned * 32-bit integer value. A value of 0 * indicates that no message is following. * @param String with the specified * length. */ SSS_PAM_USER_INFO_GRACE_LOGIN, /**< Warn the user that the password is * expired and inform about the remaining * number of grace logins. * @param The number of remaining grace * logins as uint32_t */ SSS_PAM_USER_INFO_EXPIRE_WARN /**< Warn the user that the password will * expire soon. * @param Number of seconds before the user's * password will expire. */ }; /** * @} */ /* end of group user_info_type */ /** * @} */ /* end of group response_type */ /** * @} */ /* end of group sss_pam_cli */ enum sss_netgr_rep_type { SSS_NETGR_REP_TRIPLE = 1, SSS_NETGR_REP_GROUP }; enum sss_cli_error_codes { ESSS_SSS_CLI_ERROR_START = 0x1000, ESSS_BAD_PRIV_SOCKET, ESSS_BAD_PUB_SOCKET, ESSS_BAD_CRED_MSG, ESSS_SERVER_NOT_TRUSTED, ESS_SSS_CLI_ERROR_MAX }; const char *ssscli_err2string(int err); enum nss_status sss_nss_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop); int sss_pam_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop); void sss_pam_close_fd(void); int sss_pac_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop); int sss_sudo_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop); int sss_autofs_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop); int sss_ssh_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop); #if 0 /* GETSPNAM Request: * * 0-X: string with name * * Replies: * * 0-3: 32bit unsigned number of results * 4-7: 32bit unsigned (reserved/padding) * For each result: * 0-7: 64bit unsigned with Date of last change * 8-15: 64bit unsigned with Min #days between changes * 16-23: 64bit unsigned with Max #days between changes * 24-31: 64bit unsigned with #days before pwd expires * 32-39: 64bit unsigned with #days after pwd expires until account is disabled * 40-47: 64bit unsigned with expiration date in days since 1970-01-01 * 48-55: 64bit unsigned (flags/reserved) * 56-X: sequence of 2, 0 terminated, strings (name, pwd) 64bit padded */ #endif /* Return strlen(str) or maxlen, whichever is shorter * Returns EINVAL if str is NULL, EFBIG if str is longer than maxlen * _len will return the result */ errno_t sss_strnlen(const char *str, size_t maxlen, size_t *len); void sss_nss_lock(void); void sss_nss_unlock(void); void sss_pam_lock(void); void sss_pam_unlock(void); errno_t sss_readrep_copy_string(const char *in, size_t *offset, size_t *slen, size_t *dlen, char **out, size_t *size); #endif /* _SSSCLI_H */ ���������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/nss_passwd.c��������������������������������������������0000644�0000000�0000000�00000000074�12320753107�021040� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.537875037 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/nss_passwd.c�������������������������������������������������������������0000664�0024127�0024127�00000025230�12320753107�021264� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * System Security Services Daemon. NSS client interface * * Copyright (C) Simo Sorce 2007 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ /* PASSWD database NSS interface */ #include <nss.h> #include <errno.h> #include <sys/types.h> #include <unistd.h> #include <stdlib.h> #include <stdint.h> #include <string.h> #include "sss_cli.h" #include "nss_mc.h" static struct sss_nss_getpwent_data { size_t len; size_t ptr; uint8_t *data; } sss_nss_getpwent_data; static void sss_nss_getpwent_data_clean(void) { if (sss_nss_getpwent_data.data != NULL) { free(sss_nss_getpwent_data.data); sss_nss_getpwent_data.data = NULL; } sss_nss_getpwent_data.len = 0; sss_nss_getpwent_data.ptr = 0; } /* GETPWNAM Request: * * 0-X: string with name * * GERTPWUID Request: * * 0-3: 32bit number with uid * * Replies: * * 0-3: 32bit unsigned number of results * 4-7: 32bit unsigned (reserved/padding) * For each result: * 0-3: 32bit number uid * 4-7: 32bit number gid * 8-X: sequence of 5, 0 terminated, strings (name, passwd, gecos, dir, shell) */ struct sss_nss_pw_rep { struct passwd *result; char *buffer; size_t buflen; }; static int sss_nss_getpw_readrep(struct sss_nss_pw_rep *pr, uint8_t *buf, size_t *len) { errno_t ret; size_t i, slen, dlen; char *sbuf; uint32_t c; if (*len < 13) { /* not enough space for data, bad packet */ return EBADMSG; } SAFEALIGN_COPY_UINT32(&c, buf, NULL); pr->result->pw_uid = c; SAFEALIGN_COPY_UINT32(&c, buf+sizeof(uint32_t), NULL); pr->result->pw_gid = c; sbuf = (char *)&buf[8]; slen = *len - 8; dlen = pr->buflen; i = 0; pr->result->pw_name = &(pr->buffer[i]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &pr->result->pw_name, NULL); if (ret != EOK) return ret; pr->result->pw_passwd = &(pr->buffer[i]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &pr->result->pw_passwd, NULL); if (ret != EOK) return ret; pr->result->pw_gecos = &(pr->buffer[i]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &pr->result->pw_gecos, NULL); if (ret != EOK) return ret; pr->result->pw_dir = &(pr->buffer[i]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &pr->result->pw_dir, NULL); if (ret != EOK) return ret; pr->result->pw_shell = &(pr->buffer[i]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &pr->result->pw_shell, NULL); if (ret != EOK) return ret; *len = slen - i; return 0; } enum nss_status _nss_sss_getpwnam_r(const char *name, struct passwd *result, char *buffer, size_t buflen, int *errnop) { struct sss_cli_req_data rd; struct sss_nss_pw_rep pwrep; uint8_t *repbuf; size_t replen, len, name_len; enum nss_status nret; int ret; /* Caught once glibc passing in buffer == 0x0 */ if (!buffer || !buflen) { *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } ret = sss_strnlen(name, SSS_NAME_MAX, &name_len); if (ret != 0) { *errnop = EINVAL; return NSS_STATUS_NOTFOUND; } ret = sss_nss_mc_getpwnam(name, name_len, result, buffer, buflen); switch (ret) { case 0: *errnop = 0; return NSS_STATUS_SUCCESS; case ERANGE: *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; case ENOENT: /* fall through, we need to actively ask the parent * if no entry is found */ break; default: /* if using the mmaped cache failed, * fall back to socket based comms */ break; } rd.len = name_len + 1; rd.data = name; sss_nss_lock(); nret = sss_nss_make_request(SSS_NSS_GETPWNAM, &rd, &repbuf, &replen, errnop); if (nret != NSS_STATUS_SUCCESS) { goto out; } pwrep.result = result; pwrep.buffer = buffer; pwrep.buflen = buflen; /* no results if not found */ if (((uint32_t *)repbuf)[0] == 0) { free(repbuf); nret = NSS_STATUS_NOTFOUND; goto out; } /* only 1 result is accepted for this function */ if (((uint32_t *)repbuf)[0] != 1) { *errnop = EBADMSG; free(repbuf); nret = NSS_STATUS_TRYAGAIN; goto out; } len = replen - 8; ret = sss_nss_getpw_readrep(&pwrep, repbuf+8, &len); free(repbuf); if (ret) { *errnop = ret; nret = NSS_STATUS_TRYAGAIN; goto out; } nret = NSS_STATUS_SUCCESS; out: sss_nss_unlock(); return nret; } enum nss_status _nss_sss_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, size_t buflen, int *errnop) { struct sss_cli_req_data rd; struct sss_nss_pw_rep pwrep; uint8_t *repbuf; size_t replen, len; enum nss_status nret; uint32_t user_uid; int ret; /* Caught once glibc passing in buffer == 0x0 */ if (!buffer || !buflen) return ERANGE; ret = sss_nss_mc_getpwuid(uid, result, buffer, buflen); switch (ret) { case 0: *errnop = 0; return NSS_STATUS_SUCCESS; case ERANGE: *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; case ENOENT: /* fall through, we need to actively ask the parent * if no entry is found */ break; default: /* if using the mmaped cache failed, * fall back to socket based comms */ break; } user_uid = uid; rd.len = sizeof(uint32_t); rd.data = &user_uid; sss_nss_lock(); nret = sss_nss_make_request(SSS_NSS_GETPWUID, &rd, &repbuf, &replen, errnop); if (nret != NSS_STATUS_SUCCESS) { goto out; } pwrep.result = result; pwrep.buffer = buffer; pwrep.buflen = buflen; /* no results if not found */ if (((uint32_t *)repbuf)[0] == 0) { free(repbuf); nret = NSS_STATUS_NOTFOUND; goto out; } /* only 1 result is accepted for this function */ if (((uint32_t *)repbuf)[0] != 1) { *errnop = EBADMSG; free(repbuf); nret = NSS_STATUS_TRYAGAIN; goto out; } len = replen - 8; ret = sss_nss_getpw_readrep(&pwrep, repbuf+8, &len); free(repbuf); if (ret) { *errnop = ret; nret = NSS_STATUS_TRYAGAIN; goto out; } nret = NSS_STATUS_SUCCESS; out: sss_nss_unlock(); return nret; } enum nss_status _nss_sss_setpwent(void) { enum nss_status nret; int errnop; sss_nss_lock(); /* make sure we do not have leftovers, and release memory */ sss_nss_getpwent_data_clean(); nret = sss_nss_make_request(SSS_NSS_SETPWENT, NULL, NULL, NULL, &errnop); if (nret != NSS_STATUS_SUCCESS) { errno = errnop; } sss_nss_unlock(); return nret; } static enum nss_status internal_getpwent_r(struct passwd *result, char *buffer, size_t buflen, int *errnop) { struct sss_cli_req_data rd; struct sss_nss_pw_rep pwrep; uint8_t *repbuf; size_t replen; enum nss_status nret; uint32_t num_entries; int ret; /* Caught once glibc passing in buffer == 0x0 */ if (!buffer || !buflen) return ERANGE; /* if there are leftovers return the next one */ if (sss_nss_getpwent_data.data != NULL && sss_nss_getpwent_data.ptr < sss_nss_getpwent_data.len) { repbuf = sss_nss_getpwent_data.data + sss_nss_getpwent_data.ptr; replen = sss_nss_getpwent_data.len - sss_nss_getpwent_data.ptr; pwrep.result = result; pwrep.buffer = buffer; pwrep.buflen = buflen; ret = sss_nss_getpw_readrep(&pwrep, repbuf, &replen); if (ret) { *errnop = ret; return NSS_STATUS_TRYAGAIN; } /* advance buffer pointer */ sss_nss_getpwent_data.ptr = sss_nss_getpwent_data.len - replen; return NSS_STATUS_SUCCESS; } /* release memory if any */ sss_nss_getpwent_data_clean(); /* retrieve no more than SSS_NSS_MAX_ENTRIES at a time */ num_entries = SSS_NSS_MAX_ENTRIES; rd.len = sizeof(uint32_t); rd.data = &num_entries; nret = sss_nss_make_request(SSS_NSS_GETPWENT, &rd, &repbuf, &replen, errnop); if (nret != NSS_STATUS_SUCCESS) { return nret; } /* no results if not found */ if ((((uint32_t *)repbuf)[0] == 0) || (replen - 8 == 0)) { free(repbuf); return NSS_STATUS_NOTFOUND; } sss_nss_getpwent_data.data = repbuf; sss_nss_getpwent_data.len = replen; sss_nss_getpwent_data.ptr = 8; /* skip metadata fields */ /* call again ourselves, this will return the first result */ return internal_getpwent_r(result, buffer, buflen, errnop); } enum nss_status _nss_sss_getpwent_r(struct passwd *result, char *buffer, size_t buflen, int *errnop) { enum nss_status nret; sss_nss_lock(); nret = internal_getpwent_r(result, buffer, buflen, errnop); sss_nss_unlock(); return nret; } enum nss_status _nss_sss_endpwent(void) { enum nss_status nret; int errnop; sss_nss_lock(); /* make sure we do not have leftovers, and release memory */ sss_nss_getpwent_data_clean(); nret = sss_nss_make_request(SSS_NSS_ENDPWENT, NULL, NULL, NULL, &errnop); if (nret != NSS_STATUS_SUCCESS) { errno = errnop; } sss_nss_unlock(); return nret; } ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/sudo����������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�017400� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.651874953 30 atime=1396955003.535843846 30 ctime=1396954961.651874953 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo/��������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�017704� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo/PaxHeaders.13173/sss_sudo_private.h���������������������������������0000644�0000000�0000000�00000000074�12320753107�023227� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 30 ctime=1396954961.651874953 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo/sss_sudo_private.h��������������������������������������������������0000664�0024127�0024127�00000002202�12320753107�023445� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Pavel Březina <pbrezina@redhat.com> Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifndef SSS_SUDO_PRIVATE_H_ #define SSS_SUDO_PRIVATE_H_ #include <stdint.h> #include "sss_client/sudo/sss_sudo.h" int sss_sudo_parse_response(const char *message, size_t message_len, char **_domainname, struct sss_sudo_result **_result, uint32_t *_error); #endif /* SSS_SUDO_PRIVATE_H_ */ ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo/PaxHeaders.13173/sss_sudo_response.c��������������������������������0000644�0000000�0000000�00000000074�12320753107�023406� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 30 ctime=1396954961.649874954 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo/sss_sudo_response.c�������������������������������������������������0000664�0024127�0024127�00000015177�12320753107�023643� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Pavel Březina <pbrezina@redhat.com> Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "config.h" #include <stdlib.h> #include <errno.h> #include <string.h> #include <stdint.h> #include "sss_client/sss_cli.h" #include "sss_client/sudo/sss_sudo.h" #include "sss_client/sudo/sss_sudo_private.h" static int sss_sudo_parse_rule(const char *message, size_t message_len, size_t *_cursor, struct sss_sudo_rule *_rule); static int sss_sudo_parse_attr(const char *message, size_t message_len, size_t *_cursor, struct sss_sudo_attr *_attr); static int sss_sudo_parse_uint32(const char *message, size_t message_len, size_t *_cursor, uint32_t *_number); static int sss_sudo_parse_string(const char *message, size_t message_len, size_t *_cursor, char **_str); int sss_sudo_parse_response(const char *message, size_t message_len, char **_domainname, struct sss_sudo_result **_result, uint32_t *_error) { struct sss_sudo_result *result = NULL; char *domainname = NULL; size_t cursor = 0; int ret = EOK; int i = 0; /* error code */ ret = sss_sudo_parse_uint32(message, message_len, &cursor, _error); if (ret != EOK || *_error != SSS_SUDO_ERROR_OK) { return ret; } /* domain name - deprecated * it won't be used, but we will read it anyway to ease parsing * TODO: when possible change the protocol */ ret = sss_sudo_parse_string(message, message_len, &cursor, &domainname); if (ret != EOK) { return ret; } free(domainname); if (_domainname != NULL) { *_domainname = NULL; } /* result */ result = malloc(sizeof(struct sss_sudo_result)); if (result == NULL) { return ENOMEM; } memset(result, 0, sizeof(struct sss_sudo_result)); /* rules_num */ ret = sss_sudo_parse_uint32(message, message_len, &cursor, &result->num_rules); if (ret != EOK) { goto fail; } /* rules */ result->rules = calloc(result->num_rules, sizeof(struct sss_sudo_rule)); if (result->rules == NULL) { ret = ENOMEM; goto fail; } for (i = 0; i < result->num_rules; i++) { ret = sss_sudo_parse_rule(message, message_len, &cursor, &result->rules[i]); if (ret != EOK) { goto fail; } } *_result = result; return EOK; fail: sss_sudo_free_result(result); return ret; } int sss_sudo_parse_rule(const char *message, size_t message_len, size_t *_cursor, struct sss_sudo_rule *_rule) { int ret = EOK; int i = 0; /* attrs_num */ ret = sss_sudo_parse_uint32(message, message_len, _cursor, &_rule->num_attrs); if (ret != EOK) { return ret; } /* attrs */ _rule->attrs = calloc(_rule->num_attrs, sizeof(struct sss_sudo_attr)); if (_rule->attrs == NULL) { return ENOMEM; } for (i = 0; i < _rule->num_attrs; i++) { ret = sss_sudo_parse_attr(message, message_len, _cursor, &_rule->attrs[i]); if (ret != EOK) { return ret; } } return EOK; } int sss_sudo_parse_attr(const char *message, size_t message_len, size_t *_cursor, struct sss_sudo_attr *_attr) { char *str = NULL; int ret = EOK; int i = 0; /* name */ ret = sss_sudo_parse_string(message, message_len, _cursor, &str); if (ret != EOK) { return ret; } _attr->name = str; /* values_num */ ret = sss_sudo_parse_uint32(message, message_len, _cursor, &_attr->num_values); if (ret != EOK) { return ret; } /* values */ _attr->values = calloc(_attr->num_values, sizeof(const char*)); if (_attr->values == NULL) { return ENOMEM; } for (i = 0; i < _attr->num_values; i++) { ret = sss_sudo_parse_string(message, message_len, _cursor, &str); if (ret != EOK) { return ret; } _attr->values[i] = str; } return EOK; } int sss_sudo_parse_uint32(const char *message, size_t message_len, size_t *_cursor, uint32_t *_number) { size_t start_pos = 0; if (_cursor == NULL) { return EINVAL; } start_pos = *_cursor; if (start_pos + sizeof(uint32_t) > message_len) { return EINVAL; } /* expanded SAFEALIGN_COPY_UINT32 macro from util.h */ memcpy(_number, message + start_pos, sizeof(uint32_t)); *_cursor = start_pos + sizeof(uint32_t); return EOK; } int sss_sudo_parse_string(const char *message, size_t message_len, size_t *_cursor, char **_str) { const char *current = NULL; char *str = NULL; size_t start_pos = 0; size_t len = 0; size_t maxlen = 0; if (_cursor == NULL) { return EINVAL; } start_pos = *_cursor; maxlen = message_len - start_pos; if (start_pos >= message_len ) { return EINVAL; } current = message + start_pos; len = strnlen(current, maxlen); if (len == maxlen) { /* the string exceeds message length */ return EINVAL; } str = strndup(current, len); if (str == NULL) { return ENOMEM; } /* go after \0 */ *_cursor = start_pos + len + 1; *_str = str; return EOK; } �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo/PaxHeaders.13173/sss_sudo.h�����������������������������������������0000644�0000000�0000000�00000000073�12320753107�021474� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 29 ctime=1396954961.50687506 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo/sss_sudo.h����������������������������������������������������������0000664�0024127�0024127�00000016107�12320753107�021724� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Pavel Březina <pbrezina@redhat.com> Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifndef SSS_SUDO_H_ #define SSS_SUDO_H_ /** * @defgroup libsss_sudo A library for communication between SUDO and SSSD * libsss_sudo provides a mechanism to for a SUDO plugin * to communicate with the sudo responder of SSSD. * * @{ */ #include <stdint.h> #include <sys/types.h> /** The value returned when the communication with SUDO is successful and * the user was found in one of the domains */ #define SSS_SUDO_ERROR_OK 0 /** * Component of a sss_rule structure. The component * has exactly one name and one or more values. * */ struct sss_sudo_attr { /** The attribute name */ char *name; /** A string array that contains all the attribute values */ char **values; /** The number of values the attribute contains. * * Attributes are multivalued in general. */ unsigned int num_values; }; /** * One sudo rule. The rule consists of one or more * attributes of sss_attr type */ struct sss_sudo_rule { /** The number of attributes in the rule */ unsigned int num_attrs; /** List of rule attributes */ struct sss_sudo_attr *attrs; }; /** * A result object returned from SSSD. * * The result consists of zero or more sss_rule elements. */ struct sss_sudo_result { /** * The number of rules for the user * * In case the user exists in one of SSSD domains * but no rules match for him, the num_rules element * is 0. */ unsigned int num_rules; /** List of rules found */ struct sss_sudo_rule *rules; }; /** * @brief Send a request to SSSD to retreive all SUDO rules for a given * user. * * @param[in] uid The uid of the user to retreive the rules for. * @param[in] username The username to retreive the rules for * @param[in] domainname The domain name the user is a member of. * @param[out] _error The result of the search in SSSD's domains. If the * user was present in the domain, the _error code is * SSS_SUDO_ERROR_OK and the _result structure is * returned even if it was empty (in other words * _result->num_rules == 0). Other problems are returned * as errno codes. Most prominently these are ENOENT * (the user was not found with SSSD), EIO (SSSD * encountered an internal problem) and EINVAL * (malformed query). * @param[out] _result Newly allocated structure sss_result that contains * the rules for the user. If no rules were found but * the user was valid, this structure is "empty", which * means that the num_rules member is 0. * * @return 0 on success and other errno values on failure. The return value * denotes whether communication with SSSD was successful. It does not * tell whether the result contains any rules or whether SSSD knew the * user at all. That information is transferred in the _error parameter. */ int sss_sudo_send_recv(uid_t uid, const char *username, const char *domainname, uint32_t *_error, struct sss_sudo_result **_result); /** * @brief Send a request to SSSD to retrieve the default options, commonly * stored in the "cn=defaults" record, * * @param[in] uid The uid of the user to retreive the rules for. * * @param[in] username The username to retreive the rules for. * * @param[out] _error The result of the search in SSSD's domains. If the * options were present in the domain, the _error code * is SSS_SUDO_ERROR_OK and the _result structure is * returned even if it was empty (in other words * _result->num_rules == 0). Other problems are returned * as errno codes. * * @param[out] _domainname The domain name the user is a member of. * * @param[out] _result Newly allocated structure sss_result that contains * the options. If no options were found this structure * is "empty", which means that the num_rules member * is 0. * * @return 0 on success and other errno values on failure. The return value * denotes whether communication with SSSD was successful. It does not * tell whether the result contains any rules or whether SSSD knew the * user at all. That information is transferred in the _error parameter. * * @note The _domainname should be freed using free(). */ int sss_sudo_send_recv_defaults(uid_t uid, const char *username, uint32_t *_error, char **_domainname, struct sss_sudo_result **_result); /** * @brief Free the sss_result structure returned by sss_sudo_send_recv * * @param[in] result The sss_result structure to free. The structure was * previously returned by sss_sudo_get_values(). */ void sss_sudo_free_result(struct sss_sudo_result *result); /** * @brief Get all values for a given attribute in a sss_rule * * @param[in] e The sss_rule to get values from * @param[in] attrname The name of the attribute to query from the rule * @param[out] values A newly allocated list of values the attribute has in * rule. On success, this parameter is an array of * NULL-terminated strings, the last element is a NULL * pointer. On failure (including when the attribute is * not found), the pointer address is not changed. * * @return 0 on success, ENOENT in case the attribute is not found and other * errno values on failure. * * @note the returned values should be freed using sss_sudo_free_values() */ int sss_sudo_get_values(struct sss_sudo_rule *e, const char *attrname, char ***values); /** * @brief Free the values returned by sss_sudo_get_values * * @param[in] values The list of values to free. The values were previously * returned by sss_sudo_get_values() */ void sss_sudo_free_values(char **values); /** * @} */ #endif /* SSS_SUDO_H_ */ ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo/PaxHeaders.13173/sss_sudo.doxy.in�����������������������������������0000644�0000000�0000000�00000000074�12320753107�022636� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954960.421875861 30 ctime=1396954961.365875164 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo/sss_sudo.doxy.in����������������������������������������������������0000664�0024127�0024127�00000235034�12320753107�023067� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Doxyfile 1.8.3 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (" "). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all # text before the first occurrence of this tag. Doxygen uses libiconv (or the # iconv built into libc) for the transcoding. See # http://www.gnu.org/software/libiconv for the list of possible encodings. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or sequence of words) that should # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. PROJECT_NAME = libsss_sudo # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or # if some version control system is used. PROJECT_NUMBER = @PACKAGE_VERSION@ # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer # a quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = # With the PROJECT_LOGO tag one can specify an logo or icon that is # included in the documentation. The maximum height of the logo should not # exceed 55 pixels and the maximum width should not exceed 200 pixels. # Doxygen will copy the logo to the output directory. PROJECT_LOGO = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. # If a relative path is entered, it will be relative to the location # where doxygen was started. If left blank the current directory will be used. OUTPUT_DIRECTORY = libsss_sudo_doc # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create # 4096 sub-directories (in 2 levels) under the output directory of each output # format and will distribute the generated files over these directories. # Enabling this option can be useful when feeding doxygen a huge amount of # source files, where putting all generated files in the same directory would # otherwise cause performance problems for the file system. CREATE_SUBDIRS = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # The default language is English, other supported languages are: # Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, # Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, # Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English # messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, # Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrillic, Slovak, # Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will # include brief member descriptions after the members that are listed in # the file and class documentation (similar to JavaDoc). # Set to NO to disable this. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend # the brief description of a member or function before the detailed description. # Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator # that is used to form the text in various listings. Each string # in this list, if found as the leading text of the brief description, will be # stripped from the text and the result after processing the whole list, is # used as the annotated text. Otherwise, the brief description is used as-is. # If left blank, the following values are used ("$name" is automatically # replaced with the name of the entity): "The $name class" "The $name widget" # "The $name file" "is" "provides" "specifies" "contains" # "represents" "a" "an" "the" ABBREVIATE_BRIEF = "The $name class" \ "The $name widget" \ "The $name file" \ is \ provides \ specifies \ contains \ represents \ a \ an \ the # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # Doxygen will generate a detailed section even if there is only a brief # description. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full # path before files name in the file list and in the header files. If set # to NO the shortest path that makes the file name unique will be used. FULL_PATH_NAMES = YES # If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag # can be used to strip a user-defined part of the path. Stripping is # only done if one of the specified strings matches the left-hand part of # the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the # path to strip. Note that you specify absolute paths here, but also # relative paths, which will be relative from the directory where doxygen is # started. STRIP_FROM_PATH = # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of # the path mentioned in the documentation of a class, which tells # the reader which header file to include in order to use a class. # If left blank only the name of the header file containing the class # definition is used. Otherwise one should specify the include paths that # are normally passed to the compiler using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter # (but less readable) file names. This can be useful if your file system # doesn't support long names like on DOS, Mac, or CD-ROM. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen # will interpret the first line (until the first dot) of a JavaDoc-style # comment as the brief description. If set to NO, the JavaDoc # comments will behave just like regular Qt-style comments # (thus requiring an explicit @brief command for a brief description.) JAVADOC_AUTOBRIEF = YES # If the QT_AUTOBRIEF tag is set to YES then Doxygen will # interpret the first line (until the first dot) of a Qt-style # comment as the brief description. If set to NO, the comments # will behave just like regular Qt-style comments (thus requiring # an explicit \brief command for a brief description.) QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen # treat a multi-line C++ special comment block (i.e. a block of //! or /// # comments) as a brief description. This used to be the default behaviour. # The new default is to treat a multi-line C++ comment block as a detailed # description. Set this tag to YES if you prefer the old behaviour instead. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES (the default) then an undocumented # member inherits the documentation from any documented member that it # re-implements. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce # a new page for each member. If set to NO, the documentation of a member will # be part of the file/class/namespace that contains it. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. # Doxygen uses this value to replace tabs by spaces in code fragments. TAB_SIZE = 8 # This tag can be used to specify a number of aliases that acts # as commands in the documentation. An alias has the form "name=value". # For example adding "sideeffect=\par Side Effects:\n" will allow you to # put the command \sideeffect (or @sideeffect) in the documentation, which # will result in a user-defined paragraph with heading "Side Effects:". # You can put \n's in the value part of an alias to insert newlines. ALIASES = # This tag can be used to specify a number of word-keyword mappings (TCL only). # A mapping has the form "name=value". For example adding # "class=itcl::class" will allow you to use the command class in the # itcl::class meaning. TCL_SUBST = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C # sources only. Doxygen will then generate output that is more tailored for C. # For instance, some of the names that are used will be different. The list # of all members will be omitted, etc. OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java # sources only. Doxygen will then generate output that is more tailored for # Java. For instance, namespaces will be presented as packages, qualified # scopes will look different, etc. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources only. Doxygen will then generate output that is more tailored for # Fortran. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for # VHDL. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, # and language is one of the parsers supported by doxygen: IDL, Java, # Javascript, CSharp, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, # C++. For instance to make doxygen treat .inc files as Fortran files (default # is PHP), and .f files as C (default is Fortran), use: inc=Fortran f=C. Note # that for custom extensions you also need to set FILE_PATTERNS otherwise the # files are not read by doxygen. EXTENSION_MAPPING = # If MARKDOWN_SUPPORT is enabled (the default) then doxygen pre-processes all # comments according to the Markdown format, which allows for more readable # documentation. See http://daringfireball.net/projects/markdown/ for details. # The output of markdown processing is further processed by doxygen, so you # can mix doxygen, HTML, and XML commands with Markdown formatting. # Disable only in case of backward compatibilities issues. MARKDOWN_SUPPORT = YES # When enabled doxygen tries to link words that correspond to documented classes, # or namespaces to their corresponding documentation. Such a link can be # prevented in individual cases by by putting a % sign in front of the word or # globally by setting AUTOLINK_SUPPORT to NO. AUTOLINK_SUPPORT = YES # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should # set this tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); v.s. # func(std::string) {}). This also makes the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. # Doxygen will parse them like normal C++ but will assume all classes use public # instead of private inheritance when no explicit protection keyword is present. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate # getter and setter methods for a property. Setting this option to YES (the # default) will make doxygen replace the get and set methods by a property in # the documentation. This will only work if the methods are indeed getting or # setting a simple type. If this is not the case, or you want to show the # methods anyway, you should set this option to NO. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES, then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. DISTRIBUTE_GROUP_DOC = NO # Set the SUBGROUPING tag to YES (the default) to allow class member groups of # the same type (for instance a group of public functions) to be put as a # subgroup of that type (e.g. under the Public Functions section). Set it to # NO to prevent subgrouping. Alternatively, this can be done per class using # the \nosubgrouping command. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and # unions are shown inside the group in which they are included (e.g. using # @ingroup) instead of on a separate page (for HTML and Man pages) or # section (for LaTeX and RTF). INLINE_GROUPED_CLASSES = NO # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and # unions with only public data fields will be shown inline in the documentation # of the scope in which they are defined (i.e. file, namespace, or group # documentation), provided this scope is documented. If set to NO (the default), # structs, classes, and unions are shown on a separate page (for HTML and Man # pages) or section (for LaTeX and RTF). INLINE_SIMPLE_STRUCTS = NO # When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum # is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically # be useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. TYPEDEF_HIDES_STRUCT = NO # The SYMBOL_CACHE_SIZE determines the size of the internal cache use to # determine which symbols to keep in memory and which to flush to disk. # When the cache is full, less often used symbols will be written to disk. # For small to medium size projects (<1000 input files) the default value is # probably good enough. For larger projects a too small cache size can cause # doxygen to be busy swapping symbols to and from disk most of the time # causing a significant performance penalty. # If the system has enough physical memory increasing the cache will improve the # performance by keeping more symbols in memory. Note that the value works on # a logarithmic scale so increasing the size by one will roughly double the # memory usage. The cache size is given by this formula: # 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, # corresponding to a cache size of 2^16 = 65536 symbols. SYMBOL_CACHE_SIZE = 0 # Similar to the SYMBOL_CACHE_SIZE the size of the symbol lookup cache can be # set using LOOKUP_CACHE_SIZE. This cache is used to resolve symbols given # their name and scope. Since this can be an expensive process and often the # same symbol appear multiple times in the code, doxygen keeps a cache of # pre-resolved symbols. If the cache is too small doxygen will become slower. # If the cache is too large, memory is wasted. The cache size is given by this # formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range is 0..9, the default is 0, # corresponding to a cache size of 2^16 = 65536 symbols. LOOKUP_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in # documentation are documented, even if no documentation was available. # Private class members and static file members will be hidden unless # the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES EXTRACT_ALL = NO # If the EXTRACT_PRIVATE tag is set to YES all private members of a class # will be included in the documentation. EXTRACT_PRIVATE = NO # If the EXTRACT_PACKAGE tag is set to YES all members with package or internal # scope will be included in the documentation. EXTRACT_PACKAGE = NO # If the EXTRACT_STATIC tag is set to YES all static members of a file # will be included in the documentation. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) # defined locally in source files will be included in the documentation. # If set to NO only classes defined in header files are included. EXTRACT_LOCAL_CLASSES = NO # This flag is only useful for Objective-C code. When set to YES local # methods, which are defined in the implementation section but not in # the interface are included in the documentation. # If set to NO (the default) only methods in the interface are included. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base # name of the file that contains the anonymous namespace. By default # anonymous namespaces are hidden. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all # undocumented members of documented classes, files or namespaces. # If set to NO (the default) these members will be included in the # various overviews, but no documentation section is generated. # This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_MEMBERS = YES # If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. # If set to NO (the default) these classes will be included in the various # overviews. This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_CLASSES = YES # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all # friend (class|struct|union) declarations. # If set to NO (the default) these declarations will be included in the # documentation. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any # documentation blocks found inside the body of a function. # If set to NO (the default) these blocks will be appended to the # function's detailed documentation block. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation # that is typed after a \internal command is included. If the tag is set # to NO (the default) then the documentation will be excluded. # Set it to YES to include the internal documentation. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate # file names in lower-case letters. If set to YES upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen # will show members with their full class and namespace scopes in the # documentation. If set to YES the scope will be hidden. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen # will put a list of the files that are included by a file in the documentation # of that file. SHOW_INCLUDE_FILES = YES # If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen # will list include files with double quotes in the documentation # rather than with sharp brackets. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES (the default) then a tag [inline] # is inserted in the documentation for inline members. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen # will sort the (detailed) documentation of file and class members # alphabetically by member name. If set to NO the members will appear in # declaration order. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the # brief documentation of file, namespace and class members alphabetically # by member name. If set to NO (the default) the members will appear in # declaration order. SORT_BRIEF_DOCS = NO # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen # will sort the (brief and detailed) documentation of class members so that # constructors and destructors are listed first. If set to NO (the default) # the constructors will appear in the respective orders defined by # SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. # This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO # and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the # hierarchy of group names into alphabetical order. If set to NO (the default) # the group names will appear in their defined order. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be # sorted by fully-qualified names, including namespaces. If set to # NO (the default), the class list will be sorted only by class name, # not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the # alphabetical list. SORT_BY_SCOPE_NAME = NO # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to # do proper type resolution of all parameters of a function it will reject a # match between the prototype and the implementation of a member function even # if there is only one candidate or it is obvious which candidate to choose # by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen # will still accept a match between prototype and implementation in such cases. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable (YES) or # disable (NO) the todo list. This list is created by putting \todo # commands in the documentation. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or # disable (NO) the test list. This list is created by putting \test # commands in the documentation. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or # disable (NO) the bug list. This list is created by putting \bug # commands in the documentation. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or # disable (NO) the deprecated list. This list is created by putting # \deprecated commands in the documentation. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional # documentation sections, marked by \if section-label ... \endif # and \cond section-label ... \endcond blocks. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines # the initial value of a variable or macro consists of for it to appear in # the documentation. If the initializer consists of more lines than specified # here it will be hidden. Use a value of 0 to hide initializers completely. # The appearance of the initializer of individual variables and macros in the # documentation can be controlled using \showinitializer or \hideinitializer # command in the documentation regardless of this setting. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated # at the bottom of the documentation of classes and structs. If set to YES the # list will mention the files that were used to generate the documentation. SHOW_USED_FILES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. # This will remove the Files entry from the Quick Index and from the # Folder Tree View (if specified). The default is YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the # Namespaces page. # This will remove the Namespaces entry from the Quick Index # and from the Folder Tree View (if specified). The default is YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command <command> <input-file>, where <command> is the value of # the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file # provided by doxygen. Whatever the program writes to standard output # is used as the file version. See the manual for examples. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. # You can optionally specify a file name after the option, if omitted # DoxygenLayout.xml will be used as the name of the layout file. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files # containing the references data. This must be a list of .bib files. The # .bib extension is automatically appended if omitted. Using this command # requires the bibtex tool to be installed. See also # http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style # of the bibliography can be controlled using LATEX_BIB_STYLE. To use this # feature you need bibtex and perl available in the search path. Do not use # file names with spaces, bibtex cannot handle them. CITE_BIB_FILES = #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated # by doxygen. Possible values are YES and NO. If left blank NO is used. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated by doxygen. Possible values are YES and NO. If left blank # NO is used. WARNINGS = YES # If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings # for undocumented members. If EXTRACT_ALL is set to YES then this flag will # automatically be disabled. WARN_IF_UNDOCUMENTED = YES # If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some # parameters in a documented function, or documenting parameters that # don't exist or using markup commands wrongly. WARN_IF_DOC_ERROR = YES # The WARN_NO_PARAMDOC option can be enabled to get warnings for # functions that are documented, but have no documentation for their parameters # or return value. If set to NO (the default) doxygen will only warn about # wrong or incomplete parameter documentation, but not about the absence of # documentation. WARN_NO_PARAMDOC = NO # The WARN_FORMAT tag determines the format of the warning messages that # doxygen can produce. The string should contain the $file, $line, and $text # tags, which will be replaced by the file and line number from which the # warning originated and the warning text. Optionally the format may contain # $version, which will be replaced by the version of the file (if it could # be obtained via FILE_VERSION_FILTER) WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning # and error messages should be written. If left blank the output is written # to stderr. WARN_LOGFILE = #--------------------------------------------------------------------------- # configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag can be used to specify the files and/or directories that contain # documented source files. You may enter file names like "myfile.cpp" or # directories like "/usr/src/myproject". Separate the files or directories # with spaces. INPUT = @abs_top_srcdir@/src/sss_client/sudo/sss_sudo.h # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is # also the default input encoding. Doxygen uses libiconv (or the iconv built # into libc) for the transcoding. See http://www.gnu.org/software/libiconv for # the list of possible encodings. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank the following patterns are tested: # *.c *.cc *.cxx *.cpp *.c++ *.d *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh # *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py # *.f90 *.f *.for *.vhd *.vhdl FILE_PATTERNS = *.cpp \ *.cc \ *.c \ *.h \ *.hh \ *.hpp \ *.dox # The RECURSIVE tag can be used to turn specify whether or not subdirectories # should be searched for input files as well. Possible values are YES and NO. # If left blank NO is used. RECURSIVE = NO # The EXCLUDE tag can be used to specify files and/or directories that should be # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # Note that relative paths are relative to the directory from which doxygen is # run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. Note that the wildcards are matched # against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* EXCLUDE_PATTERNS = */.git/* \ */.svn/* \ */cmake/* \ */build/* # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or # directories that contain example code fragments that are included (see # the \include command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank all files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude # commands irrespective of the value of the RECURSIVE tag. # Possible values are YES and NO. If left blank NO is used. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or # directories that contain image that are included in the documentation (see # the \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command <filter> <input-file>, where <filter> # is the value of the INPUT_FILTER tag, and <input-file> is the name of an # input file. Doxygen will then use the output that the filter program writes # to standard output. # If FILTER_PATTERNS is specified, this tag will be # ignored. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. # Doxygen will compare the file name with each pattern and apply the # filter if there is a match. # The filters are a list of the form: # pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further # info on how filters are used. If FILTER_PATTERNS is empty or if # non of the patterns match the file name, INPUT_FILTER is applied. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will be used to filter the input files when producing source # files to browse (i.e. when SOURCE_BROWSER is set to YES). FILTER_SOURCE_FILES = NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) # and it is also possible to disable source filtering for a specific pattern # using *.ext= (so without naming a filter). This option only has effect when # FILTER_SOURCE_FILES is enabled. FILTER_SOURCE_PATTERNS = # If the USE_MD_FILE_AS_MAINPAGE tag refers to the name of a markdown file that # is part of the input, its contents will be placed on the main page (index.html). # This can be useful if you have a project on for instance GitHub and want reuse # the introduction page also for the doxygen output. USE_MDFILE_AS_MAINPAGE = #--------------------------------------------------------------------------- # configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will # be generated. Documented entities will be cross-referenced with these sources. # Note: To get rid of all source code in the generated output, make sure also # VERBATIM_HEADERS is set to NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body # of functions and classes directly in the documentation. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct # doxygen to hide any special comment blocks from generated source code # fragments. Normal C, C++ and Fortran comments will always remain visible. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES # then for each documented function all documented # functions referencing it will be listed. REFERENCED_BY_RELATION = NO # If the REFERENCES_RELATION tag is set to YES # then for each documented function all documented entities # called/used by that function will be listed. REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES (the default) # and SOURCE_BROWSER tag is set to YES, then the hyperlinks from # functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will # link to the source code. # Otherwise they will link to the documentation. REFERENCES_LINK_SOURCE = YES # If the USE_HTAGS tag is set to YES then the references to source code # will point to the HTML generated by the htags(1) tool instead of doxygen # built-in source browser. The htags tool is part of GNU's global source # tagging system (see http://www.gnu.org/software/global/global.html). You # will need version 4.8.6 or higher. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen # will generate a verbatim copy of the header file for each class for # which an include is specified. Set to NO to disable this. VERBATIM_HEADERS = YES #--------------------------------------------------------------------------- # configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index # of all compounds will be generated. Enable this if the project # contains a lot of classes, structs, unions or interfaces. ALPHABETICAL_INDEX = NO # If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then # the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns # in which this list will be split (can be a number in the range [1..20]) COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all # classes will be put under the same header in the alphabetical index. # The IGNORE_PREFIX tag can be used to specify one or more prefixes that # should be ignored while generating the index headers. IGNORE_PREFIX = #--------------------------------------------------------------------------- # configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES (the default) Doxygen will # generate HTML output. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `html' will be used as the default path. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for # each generated HTML page (for example: .htm,.php,.asp). If it is left blank # doxygen will generate files with .html extension. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a personal HTML header for # each generated HTML page. If it is left blank doxygen will generate a # standard header. Note that when using a custom header you are responsible # for the proper inclusion of any scripts and style sheets that doxygen # needs, which is dependent on the configuration options used. # It is advised to generate a default header using "doxygen -w html # header.html footer.html stylesheet.css YourConfigFile" and then modify # that header. Note that the header is subject to change so you typically # have to redo this when upgrading to a newer version of doxygen or when # changing the value of configuration settings such as GENERATE_TREEVIEW! HTML_HEADER = # The HTML_FOOTER tag can be used to specify a personal HTML footer for # each generated HTML page. If it is left blank doxygen will generate a # standard footer. HTML_FOOTER = # The HTML_STYLESHEET tag can be used to specify a user-defined cascading # style sheet that is used by each HTML page. It can be used to # fine-tune the look of the HTML output. If left blank doxygen will # generate a default style sheet. Note that it is recommended to use # HTML_EXTRA_STYLESHEET instead of this one, as it is more robust and this # tag will in the future become obsolete. HTML_STYLESHEET = # The HTML_EXTRA_STYLESHEET tag can be used to specify an additional # user-defined cascading style sheet that is included after the standard # style sheets created by doxygen. Using this option one can overrule # certain style aspects. This is preferred over using HTML_STYLESHEET # since it does not replace the standard style sheet and is therefor more # robust against future updates. Doxygen will copy the style sheet file to # the output directory. HTML_EXTRA_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath$ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that # the files will be copied as-is; there are no commands or markers available. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. # Doxygen will adjust the colors in the style sheet and background images # according to this color. Hue is specified as an angle on a colorwheel, # see http://en.wikipedia.org/wiki/Hue for more information. # For instance the value 0 represents red, 60 is yellow, 120 is green, # 180 is cyan, 240 is blue, 300 purple, and 360 is red again. # The allowed range is 0 to 359. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of # the colors in the HTML output. For a value of 0 the output will use # grayscales only. A value of 255 will produce the most vivid colors. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to # the luminance component of the colors in the HTML output. Values below # 100 gradually make the output lighter, whereas values above 100 make # the output darker. The value divided by 100 is the actual gamma applied, # so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2, # and 100 does not change the gamma. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting # this to NO can help when comparing the output of multiple runs. HTML_TIMESTAMP = NO # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. HTML_DYNAMIC_SECTIONS = NO # With HTML_INDEX_NUM_ENTRIES one can control the preferred number of # entries shown in the various tree structured indices initially; the user # can expand and collapse entries dynamically later on. Doxygen will expand # the tree to such a level that at most the specified number of entries are # visible (unless a fully collapsed tree already exceeds this amount). # So setting the number of entries 1 will produce a full collapsed tree by # default. 0 is a special value representing an infinite number of entries # and will result in a full expanded tree by default. HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files # will be generated that can be used as input for Apple's Xcode 3 # integrated development environment, introduced with OSX 10.5 (Leopard). # To create a documentation set, doxygen will generate a Makefile in the # HTML output directory. Running make will produce the docset in that # directory and running "make install" will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find # it at startup. # See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. GENERATE_DOCSET = NO # When GENERATE_DOCSET tag is set to YES, this tag determines the name of the # feed. A documentation feed provides an umbrella under which multiple # documentation sets from a single provider (such as a company or product suite) # can be grouped. DOCSET_FEEDNAME = "Doxygen generated docs" # When GENERATE_DOCSET tag is set to YES, this tag specifies a string that # should uniquely identify the documentation set bundle. This should be a # reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen # will append .docset to the name. DOCSET_BUNDLE_ID = org.doxygen.Project # When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely # identify the documentation publisher. This should be a reverse domain-name # style string, e.g. com.mycompany.MyDocSet.documentation. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES, additional index files # will be generated that can be used as input for tools like the # Microsoft HTML help workshop to generate a compiled HTML help file (.chm) # of the generated HTML documentation. GENERATE_HTMLHELP = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can # be used to specify the file name of the resulting .chm file. You # can add a path in front of the file if the result should not be # written to the html output directory. CHM_FILE = # If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can # be used to specify the location (absolute path including file name) of # the HTML help compiler (hhc.exe). If non-empty doxygen will try to run # the HTML help compiler on the generated index.hhp. HHC_LOCATION = # If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag # controls if a separate .chi index file is generated (YES) or that # it should be included in the master .chm file (NO). GENERATE_CHI = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING # is used to encode HtmlHelp index (hhk), content (hhc) and project file # content. CHM_INDEX_ENCODING = # If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag # controls whether a binary table of contents is generated (YES) or a # normal table of contents (NO) in the .chm file. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members # to the contents of the HTML help documentation and to the tree view. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated # that can be used as input for Qt's qhelpgenerator to generate a # Qt Compressed Help (.qch) of the generated HTML documentation. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can # be used to specify the file name of the resulting .qch file. # The path specified is relative to the HTML output folder. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#namespace QHP_NAMESPACE = # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#virtual-folders QHP_VIRTUAL_FOLDER = doc # If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to # add. For more information please see # http://doc.trolltech.com/qthelpproject.html#custom-filters QHP_CUST_FILTER_NAME = # The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see # <a href="http://doc.trolltech.com/qthelpproject.html#custom-filters"> # Qt Help Project / Custom Filters</a>. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's # filter section matches. # <a href="http://doc.trolltech.com/qthelpproject.html#filter-attributes"> # Qt Help Project / Filter Attributes</a>. QHP_SECT_FILTER_ATTRS = # If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can # be used to specify the location of Qt's qhelpgenerator. # If non-empty doxygen will try to run qhelpgenerator on the generated # .qhp file. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files # will be generated, which together with the HTML files, form an Eclipse help # plugin. To install this plugin and make it available under the help contents # menu in Eclipse, the contents of the directory containing the HTML and XML # files needs to be copied into the plugins directory of eclipse. The name of # the directory within the plugins directory should be the same as # the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before # the help appears. GENERATE_ECLIPSEHELP = NO # A unique identifier for the eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have # this name. ECLIPSE_DOC_ID = org.doxygen.Project # The DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) # at top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. Since the tabs have the same information as the # navigation tree you can set this option to NO if you already set # GENERATE_TREEVIEW to YES. DISABLE_INDEX = NO # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. # If the tag value is set to YES, a side panel will be generated # containing a tree-like index structure (just like the one that # is generated for HTML Help). For this to work a browser that supports # JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). # Windows users are probably better off using the HTML help feature. # Since the tree basically has the same information as the tab index you # could consider to set DISABLE_INDEX to NO when enabling this option. GENERATE_TREEVIEW = NONE # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values # (range [0,1..20]) that doxygen will group on one line in the generated HTML # documentation. Note that a value of 0 will completely suppress the enum # values from appearing in the overview section. ENUM_VALUES_PER_LINE = 4 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be # used to set the initial width (in pixels) of the frame in which the tree # is shown. TREEVIEW_WIDTH = 250 # When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open # links to external symbols imported via tag files in a separate window. EXT_LINKS_IN_WINDOW = NO # Use this tag to change the font size of Latex formulas included # as images in the HTML documentation. The default is 10. Note that # when you change the font size after a successful doxygen run you need # to manually remove any form_*.png images from the HTML output directory # to force them to be regenerated. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are # not supported properly for IE 6.0, but are supported on all modern browsers. # Note that when changing this option you need to delete any form_*.png files # in the HTML output before the changes have effect. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax # (see http://www.mathjax.org) which uses client side Javascript for the # rendering instead of using prerendered bitmaps. Use this if you do not # have LaTeX installed or if you want to formulas look prettier in the HTML # output. When enabled you may also need to install MathJax separately and # configure the path to it using the MATHJAX_RELPATH option. USE_MATHJAX = NO # When MathJax is enabled you can set the default output format to be used for # thA MathJax output. Supported types are HTML-CSS, NativeMML (i.e. MathML) and # SVG. The default value is HTML-CSS, which is slower, but has the best # compatibility. MATHJAX_FORMAT = HTML-CSS # When MathJax is enabled you need to specify the location relative to the # HTML output directory using the MATHJAX_RELPATH option. The destination # directory should contain the MathJax.js script. For instance, if the mathjax # directory is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to # the MathJax Content Delivery Network so you can quickly see the result without # installing MathJax. # However, it is strongly recommended to install a local # copy of MathJax from http://www.mathjax.org before deployment. MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest # The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension # names that should be enabled during MathJax rendering. MATHJAX_EXTENSIONS = # When the SEARCHENGINE tag is enabled doxygen will generate a search box # for the HTML output. The underlying search engine uses javascript # and DHTML and should work on any modern browser. Note that when using # HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets # (GENERATE_DOCSET) there is already a search function so this one should # typically be disabled. For large projects the javascript based search engine # can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution. SEARCHENGINE = NO # When the SERVER_BASED_SEARCH tag is enabled the search engine will be # implemented using a web server instead of a web client using Javascript. # There are two flavours of web server based search depending on the # EXTERNAL_SEARCH setting. When disabled, doxygen will generate a PHP script for # searching and an index file used by the script. When EXTERNAL_SEARCH is # enabled the indexing and searching needs to be provided by external tools. # See the manual for details. SERVER_BASED_SEARCH = NO # When EXTERNAL_SEARCH is enabled doxygen will no longer generate the PHP # script for searching. Instead the search results are written to an XML file # which needs to be processed by an external indexer. Doxygen will invoke an # external search engine pointed to by the SEARCHENGINE_URL option to obtain # the search results. Doxygen ships with an example indexer (doxyindexer) and # search engine (doxysearch.cgi) which are based on the open source search engine # library Xapian. See the manual for configuration details. EXTERNAL_SEARCH = NO # The SEARCHENGINE_URL should point to a search engine hosted by a web server # which will returned the search results when EXTERNAL_SEARCH is enabled. # Doxygen ships with an example search engine (doxysearch) which is based on # the open source search engine library Xapian. See the manual for configuration # details. SEARCHENGINE_URL = # When SERVER_BASED_SEARCH and EXTERNAL_SEARCH are both enabled the unindexed # search data is written to a file for indexing by an external tool. With the # SEARCHDATA_FILE tag the name of this file can be specified. SEARCHDATA_FILE = searchdata.xml # The EXTRA_SEARCH_MAPPINGS tag can be used to enable searching through other # doxygen projects that are not otherwise connected via tags files, but are # all added to the same search index. Each project needs to have a tag file set # via GENERATE_TAGFILE. The search mapping then maps the name of the tag file # to a relative location where the documentation can be found, # similar to the # TAGFILES option but without actually processing the tag file. # The format is: EXTRA_SEARCH_MAPPINGS = tagname1=loc1 tagname2=loc2 ... EXTRA_SEARCH_MAPPINGS = #--------------------------------------------------------------------------- # configuration options related to the LaTeX output #--------------------------------------------------------------------------- # If the GENERATE_LATEX tag is set to YES (the default) Doxygen will # generate Latex output. GENERATE_LATEX = NO # The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `latex' will be used as the default path. LATEX_OUTPUT = latex # The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. If left blank `latex' will be used as the default command name. # Note that when enabling USE_PDFLATEX this option is only used for # generating bitmaps for formulas in the HTML output, but not in the # Makefile that is written to the output directory. LATEX_CMD_NAME = latex # The MAKEINDEX_CMD_NAME tag can be used to specify the command name to # generate index for LaTeX. If left blank `makeindex' will be used as the # default command name. MAKEINDEX_CMD_NAME = makeindex # If the COMPACT_LATEX tag is set to YES Doxygen generates more compact # LaTeX documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_LATEX = NO # The PAPER_TYPE tag can be used to set the paper type that is used # by the printer. Possible values are: a4, letter, legal and # executive. If left blank a4wide will be used. PAPER_TYPE = a4wide # The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX # packages that should be included in the LaTeX output. EXTRA_PACKAGES = # The LATEX_HEADER tag can be used to specify a personal LaTeX header for # the generated latex document. The header should contain everything until # the first chapter. If it is left blank doxygen will generate a # standard header. Notice: only use this tag if you know what you are doing! LATEX_HEADER = # The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for # the generated latex document. The footer should contain everything after # the last chapter. If it is left blank doxygen will generate a # standard footer. Notice: only use this tag if you know what you are doing! LATEX_FOOTER = # If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated # is prepared for conversion to pdf (using ps2pdf). The pdf file will # contain links (just like the HTML output) instead of page references # This makes the output suitable for online browsing using a pdf viewer. PDF_HYPERLINKS = YES # If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of # plain latex in the generated Makefile. Set this option to YES to get a # higher quality PDF documentation. USE_PDFLATEX = YES # If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. # command to the generated LaTeX files. This will instruct LaTeX to keep # running if errors occur, instead of asking the user for help. # This option is also used when generating formulas in HTML. LATEX_BATCHMODE = NO # If LATEX_HIDE_INDICES is set to YES then doxygen will not # include the index chapters (such as File Index, Compound Index, etc.) # in the output. LATEX_HIDE_INDICES = NO # If LATEX_SOURCE_CODE is set to YES then doxygen will include # source code with syntax highlighting in the LaTeX output. # Note that which sources are shown also depends on other settings # such as SOURCE_BROWSER. LATEX_SOURCE_CODE = NO # The LATEX_BIB_STYLE tag can be used to specify the style to use for the # bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See # http://en.wikipedia.org/wiki/BibTeX for more info. LATEX_BIB_STYLE = plain #--------------------------------------------------------------------------- # configuration options related to the RTF output #--------------------------------------------------------------------------- # If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output # The RTF output is optimized for Word 97 and may not look very pretty with # other RTF readers or editors. GENERATE_RTF = NO # The RTF_OUTPUT tag is used to specify where the RTF docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `rtf' will be used as the default path. RTF_OUTPUT = rtf # If the COMPACT_RTF tag is set to YES Doxygen generates more compact # RTF documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_RTF = NO # If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated # will contain hyperlink fields. The RTF file will # contain links (just like the HTML output) instead of page references. # This makes the output suitable for online browsing using WORD or other # programs which support those fields. # Note: wordpad (write) and others do not support links. RTF_HYPERLINKS = NO # Load style sheet definitions from file. Syntax is similar to doxygen's # config file, i.e. a series of assignments. You only have to provide # replacements, missing definitions are set to their default value. RTF_STYLESHEET_FILE = # Set optional variables used in the generation of an rtf document. # Syntax is similar to doxygen's config file. RTF_EXTENSIONS_FILE = #--------------------------------------------------------------------------- # configuration options related to the man page output #--------------------------------------------------------------------------- # If the GENERATE_MAN tag is set to YES (the default) Doxygen will # generate man pages GENERATE_MAN = NO # The MAN_OUTPUT tag is used to specify where the man pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `man' will be used as the default path. MAN_OUTPUT = man # The MAN_EXTENSION tag determines the extension that is added to # the generated man pages (default is the subroutine's section .3) MAN_EXTENSION = .3 # If the MAN_LINKS tag is set to YES and Doxygen generates man output, # then it will generate one additional man file for each entity # documented in the real man page(s). These additional files # only source the real man page, but without them the man command # would be unable to find the correct page. The default is NO. MAN_LINKS = NO #--------------------------------------------------------------------------- # configuration options related to the XML output #--------------------------------------------------------------------------- # If the GENERATE_XML tag is set to YES Doxygen will # generate an XML file that captures the structure of # the code including all documentation. GENERATE_XML = NO # The XML_OUTPUT tag is used to specify where the XML pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `xml' will be used as the default path. XML_OUTPUT = xml # The XML_SCHEMA tag can be used to specify an XML schema, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_SCHEMA = # The XML_DTD tag can be used to specify an XML DTD, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_DTD = # If the XML_PROGRAMLISTING tag is set to YES Doxygen will # dump the program listings (including syntax highlighting # and cross-referencing information) to the XML output. Note that # enabling this will significantly increase the size of the XML output. XML_PROGRAMLISTING = YES #--------------------------------------------------------------------------- # configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- # If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will # generate an AutoGen Definitions (see autogen.sf.net) file # that captures the structure of the code including all # documentation. Note that this feature is still experimental # and incomplete at the moment. GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- # configuration options related to the Perl module output #--------------------------------------------------------------------------- # If the GENERATE_PERLMOD tag is set to YES Doxygen will # generate a Perl module file that captures the structure of # the code including all documentation. Note that this # feature is still experimental and incomplete at the # moment. GENERATE_PERLMOD = NO # If the PERLMOD_LATEX tag is set to YES Doxygen will generate # the necessary Makefile rules, Perl scripts and LaTeX code to be able # to generate PDF and DVI output from the Perl module output. PERLMOD_LATEX = NO # If the PERLMOD_PRETTY tag is set to YES the Perl module output will be # nicely formatted so it can be parsed by a human reader. # This is useful # if you want to understand what is going on. # On the other hand, if this # tag is set to NO the size of the Perl module output will be much smaller # and Perl will parse it just the same. PERLMOD_PRETTY = YES # The names of the make variables in the generated doxyrules.make file # are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. # This is useful so different doxyrules.make files included by the same # Makefile don't overwrite each other's variables. PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- # If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will # evaluate all C-preprocessor directives found in the sources and include # files. ENABLE_PREPROCESSING = YES # If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro # names in the source code. If set to NO (the default) only conditional # compilation will be performed. Macro expansion can be done in a controlled # way by setting EXPAND_ONLY_PREDEF to YES. MACRO_EXPANSION = NO # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES # then the macro expansion is limited to the macros specified with the # PREDEFINED and EXPAND_AS_DEFINED tags. EXPAND_ONLY_PREDEF = NO # If the SEARCH_INCLUDES tag is set to YES (the default) the includes files # pointed to by INCLUDE_PATH will be searched when a #include is found. SEARCH_INCLUDES = YES # The INCLUDE_PATH tag can be used to specify one or more directories that # contain include files that are not input files but should be processed by # the preprocessor. INCLUDE_PATH = # You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard # patterns (like *.h and *.hpp) to filter out the header-files in the # directories. If left blank, the patterns specified with FILE_PATTERNS will # be used. INCLUDE_FILE_PATTERNS = # The PREDEFINED tag can be used to specify one or more macro names that # are defined before the preprocessor is started (similar to the -D option of # gcc). The argument of the tag is a list of macros of the form: name # or name=definition (no spaces). If the definition and the = are # omitted =1 is assumed. To prevent a macro definition from being # undefined via #undef or recursively expanded use the := operator # instead of the = operator. PREDEFINED = DOXYGEN # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # this tag can be used to specify a list of macro names that should be expanded. # The macro definition that is found in the sources will be used. # Use the PREDEFINED tag if you want to use a different macro definition that # overrules the definition found in the source code. EXPAND_AS_DEFINED = # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then # doxygen's preprocessor will remove all references to function-like macros # that are alone on a line, have an all uppercase name, and do not end with a # semicolon, because these will confuse the parser if not removed. SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- # Configuration::additions related to external references #--------------------------------------------------------------------------- # The TAGFILES option can be used to specify one or more tagfiles. For each # tag file the location of the external documentation should be added. The # format of a tag file without this location is as follows: # # TAGFILES = file1 file2 ... # Adding location for the tag files is done as follows: # # TAGFILES = file1=loc1 "file2 = loc2" ... # where "loc1" and "loc2" can be relative or absolute paths # or URLs. Note that each tag file must have a unique name (where the name does # NOT include the path). If a tag file is not located in the directory in which # doxygen is run, you must also specify the path to the tagfile here. TAGFILES = # When a file name is specified after GENERATE_TAGFILE, doxygen will create # a tag file that is based on the input files it reads. GENERATE_TAGFILE = # If the ALLEXTERNALS tag is set to YES all external classes will be listed # in the class index. If set to NO only the inherited external classes # will be listed. ALLEXTERNALS = NO # If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed # in the modules index. If set to NO, only the current project's groups will # be listed. EXTERNAL_GROUPS = YES # The PERL_PATH should be the absolute path and name of the perl script # interpreter (i.e. the result of `which perl'). PERL_PATH = /usr/bin/perl #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- # If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will # generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base # or super classes. Setting the tag to NO turns the diagrams off. Note that # this option also works with HAVE_DOT disabled, but it is recommended to # install and use dot, since it yields more powerful graphs. CLASS_DIAGRAMS = YES # You can define message sequence charts within doxygen comments using the \msc # command. Doxygen will then run the mscgen tool (see # http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the # documentation. The MSCGEN_PATH tag allows you to specify the directory where # the mscgen tool resides. If left empty the tool is assumed to be found in the # default search path. MSCGEN_PATH = # If set to YES, the inheritance and collaboration graphs will hide # inheritance and usage relations if the target is undocumented # or is not a class. HIDE_UNDOC_RELATIONS = YES # If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is # available from the path. This tool is part of Graphviz, a graph visualization # toolkit from AT&T and Lucent Bell Labs. The other options in this section # have no effect if this option is set to NO (the default) HAVE_DOT = NO # The DOT_NUM_THREADS specifies the number of dot invocations doxygen is # allowed to run in parallel. When set to 0 (the default) doxygen will # base this on the number of processors available in the system. You can set it # explicitly to a value larger than 0 to get control over the balance # between CPU load and processing speed. DOT_NUM_THREADS = 0 # By default doxygen will use the Helvetica font for all dot files that # doxygen generates. When you want a differently looking font you can specify # the font name using DOT_FONTNAME. You need to make sure dot is able to find # the font, which can be done by putting it in a standard location or by setting # the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the # directory containing the font. DOT_FONTNAME = FreeSans # The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. # The default size is 10pt. DOT_FONTSIZE = 10 # By default doxygen will tell dot to use the Helvetica font. # If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to # set the path where dot can find it. DOT_FONTPATH = # If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect inheritance relations. Setting this tag to YES will force the # CLASS_DIAGRAMS tag to NO. CLASS_GRAPH = YES # If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect implementation dependencies (inheritance, containment, and # class references variables) of the class with other documented classes. COLLABORATION_GRAPH = YES # If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen # will generate a graph for groups, showing the direct groups dependencies GROUP_GRAPHS = YES # If the UML_LOOK tag is set to YES doxygen will generate inheritance and # collaboration diagrams in a style similar to the OMG's Unified Modeling # Language. UML_LOOK = NO # If the UML_LOOK tag is enabled, the fields and methods are shown inside # the class node. If there are many fields or methods and many nodes the # graph may become too big to be useful. The UML_LIMIT_NUM_FIELDS # threshold limits the number of items for each type to make the size more # managable. Set this to 0 for no limit. Note that the threshold may be # exceeded by 50% before the limit is enforced. UML_LIMIT_NUM_FIELDS = 10 # If set to YES, the inheritance and collaboration graphs will show the # relations between templates and their instances. TEMPLATE_RELATIONS = NO # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT # tags are set to YES then doxygen will generate a graph for each documented # file showing the direct and indirect include dependencies of the file with # other documented files. INCLUDE_GRAPH = YES # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and # HAVE_DOT tags are set to YES then doxygen will generate a graph for each # documented header file showing the documented files that directly or # indirectly include this file. INCLUDED_BY_GRAPH = YES # If the CALL_GRAPH and HAVE_DOT options are set to YES then # doxygen will generate a call dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable call graphs # for selected functions only using the \callgraph command. CALL_GRAPH = NO # If the CALLER_GRAPH and HAVE_DOT tags are set to YES then # doxygen will generate a caller dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable caller # graphs for selected functions only using the \callergraph command. CALLER_GRAPH = NO # If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen # will generate a graphical hierarchy of all classes instead of a textual one. GRAPHICAL_HIERARCHY = YES # If the DIRECTORY_GRAPH and HAVE_DOT tags are set to YES # then doxygen will show the dependencies a directory has on other directories # in a graphical way. The dependency relations are determined by the #include # relations between the files in the directories. DIRECTORY_GRAPH = YES # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images # generated by dot. Possible values are svg, png, jpg, or gif. # If left blank png will be used. If you choose svg you need to set # HTML_FILE_EXTENSION to xhtml in order to make the SVG files # visible in IE 9+ (other browsers do not have this requirement). DOT_IMAGE_FORMAT = png # If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to # enable generation of interactive SVG images that allow zooming and panning. # Note that this requires a modern browser other than Internet Explorer. # Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you # need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files # visible. Older versions of IE do not have SVG support. INTERACTIVE_SVG = NO # The tag DOT_PATH can be used to specify the path where the dot tool can be # found. If left blank, it is assumed the dot tool can be found in the path. DOT_PATH = # The DOTFILE_DIRS tag can be used to specify one or more directories that # contain dot files that are included in the documentation (see the # \dotfile command). DOTFILE_DIRS = # The MSCFILE_DIRS tag can be used to specify one or more directories that # contain msc files that are included in the documentation (see the # \mscfile command). MSCFILE_DIRS = # The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of # nodes that will be shown in the graph. If the number of nodes in a graph # becomes larger than this value, doxygen will truncate the graph, which is # visualized by representing a node as a red box. Note that doxygen if the # number of direct children of the root node in a graph is already larger than # DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note # that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. DOT_GRAPH_MAX_NODES = 50 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the # graphs generated by dot. A depth value of 3 means that only nodes reachable # from the root by following a path via at most 3 edges will be shown. Nodes # that lay further from the root node will be omitted. Note that setting this # option to 1 or 2 may greatly reduce the computation time needed for large # code bases. Also note that the size of a graph can be further restricted by # DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. MAX_DOT_GRAPH_DEPTH = 0 # Set the DOT_TRANSPARENT tag to YES to generate images with a transparent # background. This is disabled by default, because dot on Windows does not # seem to support this out of the box. Warning: Depending on the platform used, # enabling this option may lead to badly anti-aliased labels on the edges of # a graph (i.e. they become hard to read). DOT_TRANSPARENT = YES # Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output # files in one run (i.e. multiple -o and -T options on the command line). This # makes dot run faster, but since only newer versions of dot (>1.8.10) # support this, this feature is disabled by default. DOT_MULTI_TARGETS = NO # If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will # generate a legend page explaining the meaning of the various boxes and # arrows in the dot generated graphs. GENERATE_LEGEND = YES # If the DOT_CLEANUP tag is set to YES (the default) Doxygen will # remove the intermediate dot files that are used to generate # the various graphs. DOT_CLEANUP = YES ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo/PaxHeaders.13173/sss_sudo.c�����������������������������������������0000644�0000000�0000000�00000000074�12320753107�021470� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.273891426 30 ctime=1396954961.650874954 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/sudo/sss_sudo.c����������������������������������������������������������0000664�0024127�0024127�00000014426�12320753107�021721� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Pavel Březina <pbrezina@redhat.com> Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "config.h" #include <stdlib.h> #include <stdio.h> #include <string.h> #include <errno.h> #include "util/util.h" #include "sss_client/sss_cli.h" #include "sss_client/sudo/sss_sudo.h" #include "sss_client/sudo/sss_sudo_private.h" int sss_sudo_create_query(uid_t uid, const char *username, uint8_t **_query, size_t *_query_len); static void sss_sudo_free_rules(unsigned int num_rules, struct sss_sudo_rule *rules); static void sss_sudo_free_attrs(unsigned int num_attrs, struct sss_sudo_attr *attrs); static int sss_sudo_send_recv_generic(enum sss_cli_command command, uid_t uid, const char *username, uint32_t *_error, char **_domainname, struct sss_sudo_result **_result) { struct sss_cli_req_data request; uint8_t *query_buf = NULL; size_t query_len = 0; uint8_t *reply_buf = NULL; size_t reply_len = 0; int errnop = 0; int ret = 0; /* create query */ ret = sss_sudo_create_query(uid, username, &query_buf, &query_len); if (ret != EOK) { goto done; } request.len = query_len; request.data = (const void*)query_buf; /* send query and receive response */ errnop = 0; ret = sss_sudo_make_request(command, &request, &reply_buf, &reply_len, &errnop); if (ret != SSS_STATUS_SUCCESS) { ret = errnop; goto done; } /* parse structure */ ret = sss_sudo_parse_response((const char*)reply_buf, reply_len, _domainname, _result, _error); done: free(query_buf); free(reply_buf); return ret; } int sss_sudo_send_recv(uid_t uid, const char *username, const char *domainname, uint32_t *_error, struct sss_sudo_result **_result) { int ret; if (username == NULL || strlen(username) == 0) { return EINVAL; } /* send query and receive response */ ret = sss_sudo_send_recv_generic(SSS_SUDO_GET_SUDORULES, uid, username, _error, NULL, _result); return ret; } int sss_sudo_send_recv_defaults(uid_t uid, const char *username, uint32_t *_error, char **_domainname, struct sss_sudo_result **_result) { if (username == NULL || strlen(username) == 0) { return EINVAL; } return sss_sudo_send_recv_generic(SSS_SUDO_GET_DEFAULTS, uid, username, _error, _domainname, _result); } int sss_sudo_create_query(uid_t uid, const char *username, uint8_t **_query, size_t *_query_len) { uint8_t *data = NULL; size_t username_len = strlen(username) * sizeof(char) + 1; size_t data_len = sizeof(uid_t) + username_len; size_t offset = 0; data = (uint8_t*)malloc(data_len * sizeof(uint8_t)); if (data == NULL) { return ENOMEM; } SAFEALIGN_SET_VALUE(data, uid, uid_t, &offset); memcpy(data + offset, username, username_len); *_query = data; *_query_len = data_len; return EOK; } int sss_sudo_get_values(struct sss_sudo_rule *e, const char *attrname, char ***_values) { struct sss_sudo_attr *attr = NULL; char **values = NULL; int i, j; for (i = 0; i < e->num_attrs; i++) { attr = e->attrs + i; if (strcasecmp(attr->name, attrname) == 0) { values = calloc(attr->num_values + 1, sizeof(char*)); if (values == NULL) { return ENOMEM; } for (j = 0; j < attr->num_values; j++) { values[j] = strdup(attr->values[j]); if (values[j] == NULL) { sss_sudo_free_values(values); return ENOMEM; } } values[attr->num_values] = NULL; break; } } if (values == NULL) { return ENOENT; } *_values = values; return EOK; } void sss_sudo_free_values(char **values) { char **value = NULL; if (values == NULL) { return; } for (value = values; *value != NULL; value++) { free(*value); } free(values); } void sss_sudo_free_result(struct sss_sudo_result *result) { if (result == NULL) { return; } sss_sudo_free_rules(result->num_rules, result->rules); free(result); } void sss_sudo_free_rules(unsigned int num_rules, struct sss_sudo_rule *rules) { struct sss_sudo_rule *rule = NULL; int i; if (rules == NULL) { return; } for (i = 0; i < num_rules; i++) { rule = rules + i; sss_sudo_free_attrs(rule->num_attrs, rule->attrs); rule->attrs = NULL; } free(rules); } void sss_sudo_free_attrs(unsigned int num_attrs, struct sss_sudo_attr *attrs) { struct sss_sudo_attr *attr = NULL;; int i, j; if (attrs == NULL) { return; } for (i = 0; i < num_attrs; i++) { attr = attrs + i; free(attr->name); attr->name = NULL; for (j = 0; j < attr->num_values; j++) { free(attr->values[j]); attr->values[j] = NULL; } free(attr->values); } free(attrs); } ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/nss_group.c���������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020673� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.538875036 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/nss_group.c��������������������������������������������������������������0000664�0024127�0024127�00000040260�12320753107�021117� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * System Security Services Daemon. NSS client interface * * Copyright (C) Simo Sorce 2007 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ /* GROUP database NSS interface */ #include <nss.h> #include <errno.h> #include <sys/types.h> #include <unistd.h> #include <stdlib.h> #include <stdint.h> #include <string.h> #include <stdbool.h> #include "sss_cli.h" #include "nss_mc.h" static struct sss_nss_getgrent_data { size_t len; size_t ptr; uint8_t *data; } sss_nss_getgrent_data; static void sss_nss_getgrent_data_clean(void) { if (sss_nss_getgrent_data.data != NULL) { free(sss_nss_getgrent_data.data); sss_nss_getgrent_data.data = NULL; } sss_nss_getgrent_data.len = 0; sss_nss_getgrent_data.ptr = 0; } enum sss_nss_gr_type { GETGR_NONE, GETGR_NAME, GETGR_GID }; static struct sss_nss_getgr_data { enum sss_nss_gr_type type; union { char *grname; gid_t gid; } id; uint8_t *repbuf; size_t replen; } sss_nss_getgr_data; static void sss_nss_getgr_data_clean(bool freebuf) { if (sss_nss_getgr_data.type == GETGR_NAME) { free(sss_nss_getgr_data.id.grname); } if (freebuf) { free(sss_nss_getgr_data.repbuf); } memset(&sss_nss_getgr_data, 0, sizeof(struct sss_nss_getgr_data)); } static enum nss_status sss_nss_get_getgr_cache(const char *name, gid_t gid, enum sss_nss_gr_type type, uint8_t **repbuf, size_t *replen, int *errnop) { bool freebuf = true; enum nss_status status; int ret = 0; if (sss_nss_getgr_data.type != type) { status = NSS_STATUS_NOTFOUND; goto done; } switch (type) { case GETGR_NAME: ret = strcmp(name, sss_nss_getgr_data.id.grname); if (ret != 0) { status = NSS_STATUS_NOTFOUND; goto done; } break; case GETGR_GID: if (sss_nss_getgr_data.id.gid != gid) { status = NSS_STATUS_NOTFOUND; goto done; } break; default: status = NSS_STATUS_TRYAGAIN; ret = EINVAL; goto done; } /* ok we have it, remove from cache and pass back to the caller */ *repbuf = sss_nss_getgr_data.repbuf; *replen = sss_nss_getgr_data.replen; /* prevent _clean() from freeing the buffer */ freebuf = false; status = NSS_STATUS_SUCCESS; done: sss_nss_getgr_data_clean(freebuf); *errnop = ret; return status; } /* this function always takes ownership of repbuf and NULLs it before * returning */ static void sss_nss_save_getgr_cache(const char *name, gid_t gid, enum sss_nss_gr_type type, uint8_t **repbuf, size_t replen) { int ret = 0; sss_nss_getgr_data.type = type; sss_nss_getgr_data.repbuf = *repbuf; sss_nss_getgr_data.replen = replen; switch (type) { case GETGR_NAME: if (name == NULL) { ret = EINVAL; goto done; } sss_nss_getgr_data.id.grname = strdup(name); if (!sss_nss_getgr_data.id.grname) { ret = ENOMEM; goto done; } break; case GETGR_GID: if (gid == 0) { ret = EINVAL; goto done; } sss_nss_getgr_data.id.gid = gid; break; default: ret = EINVAL; goto done; } done: if (ret) { sss_nss_getgr_data_clean(true); } *repbuf = NULL; } /* GETGRNAM Request: * * 0-X: string with name * * GERTGRGID Request: * * 0-7: 32bit number with gid * * INITGROUPS Request: * * 0-3: 32bit number with gid * 4-7: 32bit unsigned with max num of entries * * Replies: * * 0-3: 32bit unsigned number of results * 4-7: 32bit unsigned (reserved/padding) * For each result (64bit padded ?): * 0-3: 32bit number gid * 4-7: 32bit unsigned number of members * 8-X: sequence of 0 terminated strings (name, passwd, mem..) * * FIXME: do we need to pad so that each result is 32 bit aligned ? */ struct sss_nss_gr_rep { struct group *result; char *buffer; size_t buflen; }; static int sss_nss_getgr_readrep(struct sss_nss_gr_rep *pr, uint8_t *buf, size_t *len) { errno_t ret; size_t i, l, slen, ptmem, pad, dlen, glen; char *sbuf; uint32_t mem_num; uint32_t c; if (*len < 11) { /* not enough space for data, bad packet */ return EBADMSG; } SAFEALIGN_COPY_UINT32(&c, buf, NULL); pr->result->gr_gid = c; SAFEALIGN_COPY_UINT32(&mem_num, buf+sizeof(uint32_t), NULL); sbuf = (char *)&buf[8]; slen = *len - 8; dlen = pr->buflen; pr->result->gr_name = &(pr->buffer[0]); i = 0; ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &pr->result->gr_name, NULL); if (ret != EOK) return ret; pr->result->gr_passwd = &(pr->buffer[i]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &pr->result->gr_passwd, NULL); if (ret != EOK) return ret; /* Make sure pr->buffer[i+pad] is 32 bit aligned */ pad = 0; while((i + pad) % 4) { pad++; } /* now members */ pr->result->gr_mem = (char **)&(pr->buffer[i+pad]); ptmem = (sizeof(char *) * (mem_num + 1)) + pad; if (ptmem > dlen) { return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ } dlen -= ptmem; ptmem += i; pr->result->gr_mem[mem_num] = NULL; /* terminate array */ for (l = 0; l < mem_num; l++) { pr->result->gr_mem[l] = &(pr->buffer[ptmem]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &pr->result->gr_mem[l], &glen); if (ret != EOK) return ret; ptmem += glen + 1; } *len = slen -i; return 0; } /* INITGROUP Reply: * * 0-3: 32bit unsigned number of results * 4-7: 32bit unsigned (reserved/padding) * For each result: * 0-4: 32bit number with gid */ enum nss_status _nss_sss_initgroups_dyn(const char *user, gid_t group, long int *start, long int *size, gid_t **groups, long int limit, int *errnop) { struct sss_cli_req_data rd; uint8_t *repbuf; size_t replen; enum nss_status nret; uint32_t *rbuf; uint32_t num_ret; long int l, max_ret; rd.len = strlen(user) +1; rd.data = user; sss_nss_lock(); nret = sss_nss_make_request(SSS_NSS_INITGR, &rd, &repbuf, &replen, errnop); if (nret != NSS_STATUS_SUCCESS) { goto out; } /* no results if not found */ num_ret = ((uint32_t *)repbuf)[0]; if (num_ret == 0) { free(repbuf); nret = NSS_STATUS_NOTFOUND; goto out; } max_ret = num_ret; /* check we have enough space in the buffer */ if ((*size - *start) < num_ret) { long int newsize; gid_t *newgroups; newsize = *size + num_ret; if ((limit > 0) && (newsize > limit)) { newsize = limit; max_ret = newsize - *start; } newgroups = (gid_t *)realloc((*groups), newsize * sizeof(**groups)); if (!newgroups) { *errnop = ENOMEM; free(repbuf); nret = NSS_STATUS_TRYAGAIN; goto out; } *groups = newgroups; *size = newsize; } rbuf = &((uint32_t *)repbuf)[2]; for (l = 0; l < max_ret; l++) { (*groups)[*start] = rbuf[l]; *start += 1; } free(repbuf); nret = NSS_STATUS_SUCCESS; out: sss_nss_unlock(); return nret; } enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, char *buffer, size_t buflen, int *errnop) { struct sss_cli_req_data rd; struct sss_nss_gr_rep grrep; uint8_t *repbuf; size_t replen, len, name_len; enum nss_status nret; int ret; /* Caught once glibc passing in buffer == 0x0 */ if (!buffer || !buflen) { *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; } ret = sss_strnlen(name, SSS_NAME_MAX, &name_len); if (ret != 0) { *errnop = EINVAL; return NSS_STATUS_NOTFOUND; } ret = sss_nss_mc_getgrnam(name, name_len, result, buffer, buflen); switch (ret) { case 0: *errnop = 0; return NSS_STATUS_SUCCESS; case ERANGE: *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; case ENOENT: /* fall through, we need to actively ask the parent * if no entry is found */ break; default: /* if using the mmaped cache failed, * fall back to socket based comms */ break; } rd.len = name_len + 1; rd.data = name; sss_nss_lock(); nret = sss_nss_get_getgr_cache(name, 0, GETGR_NAME, &repbuf, &replen, errnop); if (nret == NSS_STATUS_NOTFOUND) { nret = sss_nss_make_request(SSS_NSS_GETGRNAM, &rd, &repbuf, &replen, errnop); } if (nret != NSS_STATUS_SUCCESS) { goto out; } grrep.result = result; grrep.buffer = buffer; grrep.buflen = buflen; /* no results if not found */ if (((uint32_t *)repbuf)[0] == 0) { free(repbuf); nret = NSS_STATUS_NOTFOUND; goto out; } /* only 1 result is accepted for this function */ if (((uint32_t *)repbuf)[0] != 1) { *errnop = EBADMSG; free(repbuf); nret = NSS_STATUS_TRYAGAIN; goto out; } len = replen - 8; ret = sss_nss_getgr_readrep(&grrep, repbuf+8, &len); if (ret == ERANGE) { sss_nss_save_getgr_cache(name, 0, GETGR_NAME, &repbuf, replen); } else { free(repbuf); } if (ret) { *errnop = ret; nret = NSS_STATUS_TRYAGAIN; goto out; } nret = NSS_STATUS_SUCCESS; out: sss_nss_unlock(); return nret; } enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *result, char *buffer, size_t buflen, int *errnop) { struct sss_cli_req_data rd; struct sss_nss_gr_rep grrep; uint8_t *repbuf; size_t replen, len; enum nss_status nret; uint32_t group_gid; int ret; /* Caught once glibc passing in buffer == 0x0 */ if (!buffer || !buflen) return ERANGE; ret = sss_nss_mc_getgrgid(gid, result, buffer, buflen); switch (ret) { case 0: *errnop = 0; return NSS_STATUS_SUCCESS; case ERANGE: *errnop = ERANGE; return NSS_STATUS_TRYAGAIN; case ENOENT: /* fall through, we need to actively ask the parent * if no entry is found */ break; default: /* if using the mmaped cache failed, * fall back to socket based comms */ break; } group_gid = gid; rd.len = sizeof(uint32_t); rd.data = &group_gid; sss_nss_lock(); nret = sss_nss_get_getgr_cache(NULL, gid, GETGR_GID, &repbuf, &replen, errnop); if (nret == NSS_STATUS_NOTFOUND) { nret = sss_nss_make_request(SSS_NSS_GETGRGID, &rd, &repbuf, &replen, errnop); } if (nret != NSS_STATUS_SUCCESS) { goto out; } grrep.result = result; grrep.buffer = buffer; grrep.buflen = buflen; /* no results if not found */ if (((uint32_t *)repbuf)[0] == 0) { free(repbuf); nret = NSS_STATUS_NOTFOUND; goto out; } /* only 1 result is accepted for this function */ if (((uint32_t *)repbuf)[0] != 1) { *errnop = EBADMSG; free(repbuf); nret = NSS_STATUS_TRYAGAIN; goto out; } len = replen - 8; ret = sss_nss_getgr_readrep(&grrep, repbuf+8, &len); if (ret == ERANGE) { sss_nss_save_getgr_cache(NULL, gid, GETGR_GID, &repbuf, replen); } else { free(repbuf); } if (ret) { *errnop = ret; nret = NSS_STATUS_TRYAGAIN; goto out; } nret = NSS_STATUS_SUCCESS; out: sss_nss_unlock(); return nret; } enum nss_status _nss_sss_setgrent(void) { enum nss_status nret; int errnop; sss_nss_lock(); /* make sure we do not have leftovers, and release memory */ sss_nss_getgrent_data_clean(); nret = sss_nss_make_request(SSS_NSS_SETGRENT, NULL, NULL, NULL, &errnop); if (nret != NSS_STATUS_SUCCESS) { errno = errnop; } sss_nss_unlock(); return nret; } static enum nss_status internal_getgrent_r(struct group *result, char *buffer, size_t buflen, int *errnop) { struct sss_cli_req_data rd; struct sss_nss_gr_rep grrep; uint8_t *repbuf; size_t replen; enum nss_status nret; uint32_t num_entries; int ret; /* Caught once glibc passing in buffer == 0x0 */ if (!buffer || !buflen) return ERANGE; /* if there are leftovers return the next one */ if (sss_nss_getgrent_data.data != NULL && sss_nss_getgrent_data.ptr < sss_nss_getgrent_data.len) { repbuf = (uint8_t *)sss_nss_getgrent_data.data + sss_nss_getgrent_data.ptr; replen = sss_nss_getgrent_data.len - sss_nss_getgrent_data.ptr; grrep.result = result; grrep.buffer = buffer; grrep.buflen = buflen; ret = sss_nss_getgr_readrep(&grrep, repbuf, &replen); if (ret) { *errnop = ret; return NSS_STATUS_TRYAGAIN; } /* advance buffer pointer */ sss_nss_getgrent_data.ptr = sss_nss_getgrent_data.len - replen; return NSS_STATUS_SUCCESS; } /* release memory if any */ sss_nss_getgrent_data_clean(); /* retrieve no more than SSS_NSS_MAX_ENTRIES at a time */ num_entries = SSS_NSS_MAX_ENTRIES; rd.len = sizeof(uint32_t); rd.data = &num_entries; nret = sss_nss_make_request(SSS_NSS_GETGRENT, &rd, &repbuf, &replen, errnop); if (nret != NSS_STATUS_SUCCESS) { return nret; } /* no results if not found */ if ((((uint32_t *)repbuf)[0] == 0) || (replen - 8 == 0)) { free(repbuf); return NSS_STATUS_NOTFOUND; } sss_nss_getgrent_data.data = repbuf; sss_nss_getgrent_data.len = replen; sss_nss_getgrent_data.ptr = 8; /* skip metadata fields */ /* call again ourselves, this will return the first result */ return internal_getgrent_r(result, buffer, buflen, errnop); } enum nss_status _nss_sss_getgrent_r(struct group *result, char *buffer, size_t buflen, int *errnop) { enum nss_status nret; sss_nss_lock(); nret = internal_getgrent_r(result, buffer, buflen, errnop); sss_nss_unlock(); return nret; } enum nss_status _nss_sss_endgrent(void) { enum nss_status nret; int errnop; sss_nss_lock(); /* make sure we do not have leftovers, and release memory */ sss_nss_getgrent_data_clean(); nret = sss_nss_make_request(SSS_NSS_ENDGRENT, NULL, NULL, NULL, &errnop); if (nret != NSS_STATUS_SUCCESS) { errno = errnop; } sss_nss_unlock(); return nret; } ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/nss_services.c������������������������������������������0000644�0000000�0000000�00000000074�12320753107�021362� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.539875035 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/nss_services.c�����������������������������������������������������������0000664�0024127�0024127�00000030630�12320753107�021606� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD Authors: Stephen Gallagher <sgallagh@redhat.com> Copyright (C) 2012 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <nss.h> #include <netdb.h> #include <errno.h> #include <sys/types.h> #include <unistd.h> #include <stdlib.h> #include <stdint.h> #include <stdio.h> #include <string.h> #include "sss_cli.h" static struct sss_nss_getservent_data { size_t len; size_t ptr; uint8_t *data; } sss_nss_getservent_data; static void sss_nss_getservent_data_clean(void) { if (sss_nss_getservent_data.data != NULL) { free(sss_nss_getservent_data.data); sss_nss_getservent_data.data = NULL; } sss_nss_getservent_data.len = 0; sss_nss_getservent_data.ptr = 0; } /* GETSERVBYNAME Request * * 0-X: Sequence of two, zero-terminated strings (name, protocol). * Protocol may be zero-length to imply "any" * * GETSERVBYPORT Request: * 0-3: 16-bit port number in network byte order * 4-15: Reserved/padding * 16-X: Zero-terminated string (protocol) * Protocol may be zero-length to imply "any" * * Replies: * 0-3: 32-bit unsigned number of results * 4-7: 32-bit unsigned (reserved/padding) * 7-X: Result data (blocks equal to number of results) * * Result data: * 0-3: 32-bit unsigned port number in network byte order * 4-7: 32-bit unsigned number of aliases * 8-X: sequence of zero-terminated strings * (name, protocol, zero or more aliases) */ struct sss_nss_svc_rep { struct servent *result; char *buffer; size_t buflen; }; #define SVC_METADATA_COUNT 8 static errno_t sss_nss_getsvc_readrep(struct sss_nss_svc_rep *sr, uint8_t *buf, size_t *len) { errno_t ret; uint32_t c; uint32_t num_aliases; size_t i, l, slen, dlen, pad, ptaliases, alen; char *sbuf; /* Buffer must contain two 32-bit integers, * at least one character and null-terminator * for the name, and at least a null- * terminator for the protocol. */ if (*len < 11) { /* not enough space for data, bad packet */ return EBADMSG; } /* Get the port */ SAFEALIGN_COPY_UINT32(&c, buf, NULL); sr->result->s_port = (uint16_t)c; /* Get the number of aliases */ SAFEALIGN_COPY_UINT32(&num_aliases, buf + sizeof(uint32_t), NULL); sbuf = (char *)&buf[2 * sizeof(uint32_t)]; slen = *len - (2 * sizeof(uint32_t)); dlen = sr->buflen; /* Copy in the name */ i = 0; sr->result->s_name = &(sr->buffer[i]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &sr->result->s_name, NULL); if (ret != EOK) return ret; /* Copy in the protocol */ sr->result->s_proto = &(sr->buffer[i]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &sr->result->s_proto, NULL); if (ret != EOK) return ret; /* Make sure sr->buffer[i+pad] is 32-bit aligned */ pad = 0; while((i + pad) % 4) { pad++; } /* Copy in the aliases */ sr->result->s_aliases = (char **) &(sr->buffer[i+pad]); ptaliases = (sizeof(char *) * (num_aliases + 1)) + pad; if (ptaliases > dlen) { return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ } dlen -= ptaliases; ptaliases += i; sr->result->s_aliases[num_aliases] = NULL; /* terminate array */ for (l = 0; l < num_aliases; l++) { sr->result->s_aliases[l] = &(sr->buffer[ptaliases]); ret = sss_readrep_copy_string(sbuf, &i, &slen, &dlen, &sr->result->s_aliases[l], &alen); if (ret != EOK) return ret; ptaliases += alen + 1; } *len = slen - i; return EOK; } enum nss_status _nss_sss_getservbyname_r(const char *name, const char *protocol, struct servent *result, char *buffer, size_t buflen, int *errnop) { struct sss_cli_req_data rd; struct sss_nss_svc_rep svcrep; size_t name_len; size_t proto_len = 0; uint8_t *repbuf; uint8_t *data; size_t replen, len; enum nss_status nret; int ret; /* Caught once glibc passing in buffer == 0x0 */ if (!buffer || !buflen) return ERANGE; ret = sss_strnlen(name, SSS_NAME_MAX, &name_len); if (ret != 0) { *errnop = EINVAL; return NSS_STATUS_NOTFOUND; } if (protocol) { ret = sss_strnlen(protocol, SSS_NAME_MAX, &proto_len); if (ret != 0) { *errnop = EINVAL; return NSS_STATUS_NOTFOUND; } } rd.len = name_len + proto_len + 2; data = malloc(sizeof(uint8_t)*rd.len); if (data == NULL) { nret = NSS_STATUS_TRYAGAIN; goto out; } memcpy(data, name, name_len + 1); if (protocol) { memcpy(data + name_len + 1, protocol, proto_len + 1); } else { /* No protocol specified, pass empty string */ data[name_len + 1] = '\0'; } rd.data = data; sss_nss_lock(); nret = sss_nss_make_request(SSS_NSS_GETSERVBYNAME, &rd, &repbuf, &replen, errnop); free(data); if (nret != NSS_STATUS_SUCCESS) { goto out; } svcrep.result = result; svcrep.buffer = buffer; svcrep.buflen = buflen; /* no results if not found */ if (((uint32_t *)repbuf)[0] == 0) { free(repbuf); nret = NSS_STATUS_NOTFOUND; goto out; } /* only 1 result is accepted for this function */ if (((uint32_t *)repbuf)[0] != 1) { *errnop = EBADMSG; free(repbuf); nret = NSS_STATUS_TRYAGAIN; goto out; } len = replen - SVC_METADATA_COUNT; ret = sss_nss_getsvc_readrep(&svcrep, repbuf + SVC_METADATA_COUNT, &len); free(repbuf); if (ret) { *errnop = ret; nret = NSS_STATUS_TRYAGAIN; goto out; } nret = NSS_STATUS_SUCCESS; out: sss_nss_unlock(); return nret; } enum nss_status _nss_sss_getservbyport_r(int port, const char *protocol, struct servent *result, char *buffer, size_t buflen, int *errnop) { struct sss_cli_req_data rd; struct sss_nss_svc_rep svcrep; size_t proto_len = 0; uint8_t *repbuf; uint8_t *data; size_t p = 0; size_t replen, len; enum nss_status nret; int ret; /* Caught once glibc passing in buffer == 0x0 */ if (!buffer || !buflen) return ERANGE; if (protocol) { ret = sss_strnlen(protocol, SSS_NAME_MAX, &proto_len); if (ret != 0) { *errnop = EINVAL; return NSS_STATUS_NOTFOUND; } } rd.len = sizeof(uint32_t)*2 + proto_len + 1; data = malloc(sizeof(uint8_t)*rd.len); if (data == NULL) { nret = NSS_STATUS_TRYAGAIN; goto out; } SAFEALIGN_SET_UINT16(data, port, &p); /* Padding */ SAFEALIGN_SET_UINT16(data + p, 0, &p); SAFEALIGN_SET_UINT32(data + p, 0, &p); if (protocol) { memcpy(data + p, protocol, proto_len + 1); } else { /* No protocol specified, pass empty string */ data[p] = '\0'; } rd.data = data; sss_nss_lock(); nret = sss_nss_make_request(SSS_NSS_GETSERVBYPORT, &rd, &repbuf, &replen, errnop); free(data); if (nret != NSS_STATUS_SUCCESS) { goto out; } svcrep.result = result; svcrep.buffer = buffer; svcrep.buflen = buflen; /* no results if not found */ if (((uint32_t *)repbuf)[0] == 0) { free(repbuf); nret = NSS_STATUS_NOTFOUND; goto out; } /* only 1 result is accepted for this function */ if (((uint32_t *)repbuf)[0] != 1) { *errnop = EBADMSG; free(repbuf); nret = NSS_STATUS_TRYAGAIN; goto out; } len = replen - SVC_METADATA_COUNT; ret = sss_nss_getsvc_readrep(&svcrep, repbuf + SVC_METADATA_COUNT, &len); free(repbuf); if (ret) { *errnop = ret; nret = NSS_STATUS_TRYAGAIN; goto out; } nret = NSS_STATUS_SUCCESS; out: sss_nss_unlock(); return nret; } enum nss_status _nss_sss_setservent(void) { enum nss_status nret; int errnop; sss_nss_lock(); /* make sure we do not have leftovers, and release memory */ sss_nss_getservent_data_clean(); nret = sss_nss_make_request(SSS_NSS_SETSERVENT, NULL, NULL, NULL, &errnop); if (nret != NSS_STATUS_SUCCESS) { errno = errnop; } sss_nss_unlock(); return nret; } static enum nss_status internal_getservent_r(struct servent *result, char *buffer, size_t buflen, int *errnop); enum nss_status _nss_sss_getservent_r(struct servent *result, char *buffer, size_t buflen, int *errnop) { enum nss_status nret; sss_nss_lock(); nret = internal_getservent_r(result, buffer, buflen, errnop); sss_nss_unlock(); return nret; } static enum nss_status internal_getservent_r(struct servent *result, char *buffer, size_t buflen, int *errnop) { struct sss_cli_req_data rd; struct sss_nss_svc_rep pwrep; uint8_t *repbuf; size_t replen; enum nss_status nret; uint32_t num_entries; int ret; /* Caught once glibc passing in buffer == 0x0 */ if (!buffer || !buflen) return ERANGE; /* if there are leftovers return the next one */ if (sss_nss_getservent_data.data != NULL && sss_nss_getservent_data.ptr < sss_nss_getservent_data.len) { repbuf = sss_nss_getservent_data.data + sss_nss_getservent_data.ptr; replen = sss_nss_getservent_data.len - sss_nss_getservent_data.ptr; pwrep.result = result; pwrep.buffer = buffer; pwrep.buflen = buflen; ret = sss_nss_getsvc_readrep(&pwrep, repbuf, &replen); if (ret) { *errnop = ret; return NSS_STATUS_TRYAGAIN; } /* advance buffer pointer */ sss_nss_getservent_data.ptr = sss_nss_getservent_data.len - replen; return NSS_STATUS_SUCCESS; } /* release memory if any */ sss_nss_getservent_data_clean(); /* retrieve no more than SSS_NSS_MAX_ENTRIES at a time */ num_entries = SSS_NSS_MAX_ENTRIES; rd.len = sizeof(uint32_t); rd.data = &num_entries; nret = sss_nss_make_request(SSS_NSS_GETSERVENT, &rd, &repbuf, &replen, errnop); if (nret != NSS_STATUS_SUCCESS) { return nret; } /* no results if not found */ if ((((uint32_t *)repbuf)[0] == 0) || (replen - SVC_METADATA_COUNT == 0)) { free(repbuf); return NSS_STATUS_NOTFOUND; } sss_nss_getservent_data.data = repbuf; sss_nss_getservent_data.len = replen; /* skip metadata fields */ sss_nss_getservent_data.ptr = SVC_METADATA_COUNT; /* call again ourselves, this will return the first result */ return internal_getservent_r(result, buffer, buflen, errnop); } enum nss_status _nss_sss_endservent(void) { enum nss_status nret; int errnop; sss_nss_lock(); /* make sure we do not have leftovers, and release memory */ sss_nss_getservent_data_clean(); nret = sss_nss_make_request(SSS_NSS_ENDSERVENT, NULL, NULL, NULL, &errnop); if (nret != NSS_STATUS_SUCCESS) { errno = errnop; } sss_nss_unlock(); return nret; } ��������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/common.c������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020144� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.536875038 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/common.c�����������������������������������������������������������������0000664�0024127�0024127�00000071751�12320753107�020401� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * System Security Services Daemon. NSS client interface * * Copyright (C) Simo Sorce 2007 * * Winbind derived code: * Copyright (C) Tim Potter 2000 * Copyright (C) Andrew Tridgell 2000 * Copyright (C) Andrew Bartlett 2002 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "config.h" #include <nss.h> #include <security/pam_modules.h> #include <errno.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/un.h> #include <sys/stat.h> #include <unistd.h> #include <stdlib.h> #include <stdbool.h> #include <stdint.h> #include <string.h> #include <fcntl.h> #include <poll.h> #include <time.h> #include <libintl.h> #define _(STRING) dgettext (PACKAGE, STRING) #include "sss_cli.h" #if HAVE_PTHREAD #include <pthread.h> #endif /* * Note we set MSG_NOSIGNAL to avoid * having to fiddle with signal masks * but also do not want to die in case * SIGPIPE gets raised and the application * does not handle it. */ #ifdef MSG_NOSIGNAL #define SSS_DEFAULT_WRITE_FLAGS MSG_NOSIGNAL #else #define SSS_DEFAULT_WRITE_FLAGS 0 #endif /* common functions */ int sss_cli_sd = -1; /* the sss client socket descriptor */ struct stat sss_cli_sb; /* the sss client stat buffer */ #if HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR __attribute__((destructor)) #endif static void sss_cli_close_socket(void) { if (sss_cli_sd != -1) { close(sss_cli_sd); sss_cli_sd = -1; } } /* Requests: * * byte 0-3: 32bit unsigned with length (the complete packet length: 0 to X) * byte 4-7: 32bit unsigned with command code * byte 8-11: 32bit unsigned (reserved) * byte 12-15: 32bit unsigned (reserved) * byte 16-X: (optional) request structure associated to the command code used */ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, struct sss_cli_req_data *rd, int *errnop) { uint32_t header[4]; size_t datasent; header[0] = SSS_NSS_HEADER_SIZE + (rd?rd->len:0); header[1] = cmd; header[2] = 0; header[3] = 0; datasent = 0; while (datasent < header[0]) { struct pollfd pfd; int rdsent; int res, error; *errnop = 0; pfd.fd = sss_cli_sd; pfd.events = POLLOUT; do { errno = 0; res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT); error = errno; /* If error is EINTR here, we'll try again * If it's any other error, we'll catch it * below. */ } while (error == EINTR); switch (res) { case -1: *errnop = error; break; case 0: *errnop = ETIME; break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { *errnop = EPIPE; } if (!(pfd.revents & POLLOUT)) { *errnop = EBUSY; } break; default: /* more than one avail ?? */ *errnop = EBADF; break; } if (*errnop) { sss_cli_close_socket(); return SSS_STATUS_UNAVAIL; } errno = 0; if (datasent < SSS_NSS_HEADER_SIZE) { res = send(sss_cli_sd, (char *)header + datasent, SSS_NSS_HEADER_SIZE - datasent, SSS_DEFAULT_WRITE_FLAGS); } else { rdsent = datasent - SSS_NSS_HEADER_SIZE; res = send(sss_cli_sd, (const char *)rd->data + rdsent, rd->len - rdsent, SSS_DEFAULT_WRITE_FLAGS); } error = errno; if ((res == -1) || (res == 0)) { if ((error == EINTR) || error == EAGAIN) { /* If the write was interrupted, go back through * the loop and try again */ continue; } /* Write failed */ sss_cli_close_socket(); *errnop = error; return SSS_STATUS_UNAVAIL; } datasent += res; } return SSS_STATUS_SUCCESS; } /* Replies: * * byte 0-3: 32bit unsigned with length (the complete packet length: 0 to X) * byte 4-7: 32bit unsigned with command code * byte 8-11: 32bit unsigned with the request status (server errno) * byte 12-15: 32bit unsigned (reserved) * byte 16-X: (optional) reply structure associated to the command code used */ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, uint8_t **_buf, int *_len, int *errnop) { uint32_t header[4]; size_t datarecv; uint8_t *buf = NULL; bool pollhup = false; int len; int ret; header[0] = SSS_NSS_HEADER_SIZE; /* unitl we know the real lenght */ header[1] = 0; header[2] = 0; header[3] = 0; datarecv = 0; buf = NULL; len = 0; *errnop = 0; while (datarecv < header[0]) { struct pollfd pfd; int bufrecv; int res, error; pfd.fd = sss_cli_sd; pfd.events = POLLIN; do { errno = 0; res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT); error = errno; /* If error is EINTR here, we'll try again * If it's any other error, we'll catch it * below. */ } while (error == EINTR); switch (res) { case -1: *errnop = error; break; case 0: *errnop = ETIME; break; case 1: if (pfd.revents & (POLLHUP)) { pollhup = true; } if (pfd.revents & (POLLERR | POLLNVAL)) { *errnop = EPIPE; } if (!(pfd.revents & POLLIN)) { *errnop = EBUSY; } break; default: /* more than one avail ?? */ *errnop = EBADF; break; } if (*errnop) { sss_cli_close_socket(); ret = SSS_STATUS_UNAVAIL; goto failed; } errno = 0; if (datarecv < SSS_NSS_HEADER_SIZE) { res = read(sss_cli_sd, (char *)header + datarecv, SSS_NSS_HEADER_SIZE - datarecv); } else { bufrecv = datarecv - SSS_NSS_HEADER_SIZE; res = read(sss_cli_sd, (char *) buf + bufrecv, header[0] - datarecv); } error = errno; if ((res == -1) || (res == 0)) { if ((error == EINTR) || error == EAGAIN) { /* If the read was interrupted, go back through * the loop and try again */ continue; } /* Read failed. I think the only useful thing * we can do here is just return -1 and fail * since the transaction has failed half way * through. */ sss_cli_close_socket(); *errnop = error; ret = SSS_STATUS_UNAVAIL; goto failed; } datarecv += res; if (datarecv == SSS_NSS_HEADER_SIZE && len == 0) { /* at this point recv buf is not yet * allocated and the header has just * been read, do checks and proceed */ if (header[2] != 0) { /* server side error */ sss_cli_close_socket(); *errnop = header[2]; if (*errnop == EAGAIN) { ret = SSS_STATUS_TRYAGAIN; goto failed; } else { ret = SSS_STATUS_UNAVAIL; goto failed; } } if (header[1] != cmd) { /* wrong command id */ sss_cli_close_socket(); *errnop = EBADMSG; ret = SSS_STATUS_UNAVAIL; goto failed; } if (header[0] > SSS_NSS_HEADER_SIZE) { len = header[0] - SSS_NSS_HEADER_SIZE; buf = malloc(len); if (!buf) { sss_cli_close_socket(); *errnop = ENOMEM; ret = SSS_STATUS_UNAVAIL; goto failed; } } } } if (pollhup) { sss_cli_close_socket(); } *_len = len; *_buf = buf; return SSS_STATUS_SUCCESS; failed: free(buf); return ret; } /* this function will check command codes match and returned length is ok */ /* repbuf and replen report only the data section not the header */ static enum sss_status sss_cli_make_request_nochecks( enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop) { enum sss_status ret; uint8_t *buf = NULL; int len = 0; /* send data */ ret = sss_cli_send_req(cmd, rd, errnop); if (ret != SSS_STATUS_SUCCESS) { return ret; } /* data sent, now get reply */ ret = sss_cli_recv_rep(cmd, &buf, &len, errnop); if (ret != SSS_STATUS_SUCCESS) { return ret; } /* we got through, now we have the custom data in buf if any, * return it if requested */ if (repbuf && buf) { *repbuf = buf; if (replen) { *replen = len; } } else { free(buf); if (replen) { *replen = 0; } } return SSS_STATUS_SUCCESS; } /* GET_VERSION Reply: * 0-3: 32bit unsigned version number */ static bool sss_cli_check_version(const char *socket_name) { uint8_t *repbuf = NULL; size_t replen; enum sss_status nret; int errnop; uint32_t expected_version; uint32_t obtained_version; struct sss_cli_req_data req; if (strcmp(socket_name, SSS_NSS_SOCKET_NAME) == 0) { expected_version = SSS_NSS_PROTOCOL_VERSION; } else if (strcmp(socket_name, SSS_PAM_SOCKET_NAME) == 0 || strcmp(socket_name, SSS_PAM_PRIV_SOCKET_NAME) == 0) { expected_version = SSS_PAM_PROTOCOL_VERSION; } else if (strcmp(socket_name, SSS_SUDO_SOCKET_NAME) == 0) { expected_version = SSS_SUDO_PROTOCOL_VERSION; } else if (strcmp(socket_name, SSS_AUTOFS_SOCKET_NAME) == 0) { expected_version = SSS_AUTOFS_PROTOCOL_VERSION; } else if (strcmp(socket_name, SSS_SSH_SOCKET_NAME) == 0) { expected_version = SSS_SSH_PROTOCOL_VERSION; } else if (strcmp(socket_name, SSS_PAC_SOCKET_NAME) == 0) { expected_version = SSS_PAC_PROTOCOL_VERSION; } else { return false; } req.len = sizeof(expected_version); req.data = &expected_version; nret = sss_cli_make_request_nochecks(SSS_GET_VERSION, &req, &repbuf, &replen, &errnop); if (nret != SSS_STATUS_SUCCESS) { return false; } if (!repbuf) { return false; } obtained_version = ((uint32_t *)repbuf)[0]; free(repbuf); return (obtained_version == expected_version); } /* this 2 functions are adapted from samba3 winbinbd's wb_common.c */ /* Make sure socket handle isn't stdin (0), stdout(1) or stderr(2) by setting * the limit to 3 */ #define RECURSION_LIMIT 3 static int make_nonstd_fd_internals(int fd, int limit) { int new_fd; if (fd >= 0 && fd <= 2) { #ifdef F_DUPFD if ((new_fd = fcntl(fd, F_DUPFD, 3)) == -1) { return -1; } /* Paranoia */ if (new_fd < 3) { close(new_fd); return -1; } close(fd); return new_fd; #else if (limit <= 0) return -1; new_fd = dup(fd); if (new_fd == -1) return -1; /* use the program stack to hold our list of FDs to close */ new_fd = make_nonstd_fd_internals(new_fd, limit - 1); close(fd); return new_fd; #endif } return fd; } /**************************************************************************** Set a fd into blocking/nonblocking mode. Uses POSIX O_NONBLOCK if available, else if SYSV use O_NDELAY if BSD use FNDELAY Set close on exec also. ****************************************************************************/ static int make_safe_fd(int fd) { int result, flags; int new_fd = make_nonstd_fd_internals(fd, RECURSION_LIMIT); if (new_fd == -1) { close(fd); return -1; } /* Socket should be nonblocking. */ #ifdef O_NONBLOCK #define FLAG_TO_SET O_NONBLOCK #else #ifdef SYSV #define FLAG_TO_SET O_NDELAY #else /* BSD */ #define FLAG_TO_SET FNDELAY #endif #endif if ((flags = fcntl(new_fd, F_GETFL)) == -1) { close(new_fd); return -1; } flags |= FLAG_TO_SET; if (fcntl(new_fd, F_SETFL, flags) == -1) { close(new_fd); return -1; } #undef FLAG_TO_SET /* Socket should be closed on exec() */ #ifdef FD_CLOEXEC result = flags = fcntl(new_fd, F_GETFD, 0); if (flags >= 0) { flags |= FD_CLOEXEC; result = fcntl( new_fd, F_SETFD, flags ); } if (result < 0) { close(new_fd); return -1; } #endif return new_fd; } static int sss_cli_open_socket(int *errnop, const char *socket_name) { struct sockaddr_un nssaddr; bool inprogress = true; bool connected = false; unsigned int wait_time; unsigned int sleep_time; time_t start_time = time(NULL); int ret; int sd; memset(&nssaddr, 0, sizeof(struct sockaddr_un)); nssaddr.sun_family = AF_UNIX; strncpy(nssaddr.sun_path, socket_name, strlen(socket_name) + 1); sd = socket(AF_UNIX, SOCK_STREAM, 0); if (sd == -1) { *errnop = errno; return -1; } /* set as non-blocking, close on exec, and make sure standard * descriptors are not used */ sd = make_safe_fd(sd); if (sd == -1) { *errnop = errno; return -1; } /* this piece is adapted from winbind client code */ wait_time = 0; sleep_time = 0; while (inprogress) { int connect_errno = 0; socklen_t errnosize; struct pollfd pfd; wait_time += sleep_time; ret = connect(sd, (struct sockaddr *)&nssaddr, sizeof(nssaddr)); if (ret == 0) { connected = true; break; } switch(errno) { case EINPROGRESS: pfd.fd = sd; pfd.events = POLLOUT; ret = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT - wait_time); if (ret > 0) { errnosize = sizeof(connect_errno); ret = getsockopt(sd, SOL_SOCKET, SO_ERROR, &connect_errno, &errnosize); if (ret >= 0 && connect_errno == 0) { connected = true; break; } } wait_time = time(NULL) - start_time; break; case EAGAIN: if (wait_time < SSS_CLI_SOCKET_TIMEOUT) { sleep_time = rand() % 2 + 1; sleep(sleep_time); } break; default: *errnop = errno; inprogress = false; break; } if (wait_time >= SSS_CLI_SOCKET_TIMEOUT) { inprogress = false; } if (connected) { inprogress = false; } } if (!connected) { close(sd); return -1; } ret = fstat(sd, &sss_cli_sb); if (ret != 0) { close(sd); return -1; } return sd; } static enum sss_status sss_cli_check_socket(int *errnop, const char *socket_name) { static pid_t mypid; struct stat mysb; int mysd; int ret; if (getpid() != mypid) { ret = fstat(sss_cli_sd, &mysb); if (ret == 0) { if (S_ISSOCK(mysb.st_mode) && mysb.st_dev == sss_cli_sb.st_dev && mysb.st_ino == sss_cli_sb.st_ino) { sss_cli_close_socket(); } } sss_cli_sd = -1; mypid = getpid(); } /* check if the socket has been closed on the other side */ if (sss_cli_sd != -1) { struct pollfd pfd; int res, error; *errnop = 0; pfd.fd = sss_cli_sd; pfd.events = POLLIN | POLLOUT; do { errno = 0; res = poll(&pfd, 1, SSS_CLI_SOCKET_TIMEOUT); error = errno; /* If error is EINTR here, we'll try again * If it's any other error, we'll catch it * below. */ } while (error == EINTR); switch (res) { case -1: *errnop = error; break; case 0: *errnop = ETIME; break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { *errnop = EPIPE; } if (!(pfd.revents & (POLLIN | POLLOUT))) { *errnop = EBUSY; } break; default: /* more than one avail ?? */ *errnop = EBADF; break; } if (*errnop == 0) { return SSS_STATUS_SUCCESS; } sss_cli_close_socket(); } mysd = sss_cli_open_socket(errnop, socket_name); if (mysd == -1) { return SSS_STATUS_UNAVAIL; } sss_cli_sd = mysd; if (sss_cli_check_version(socket_name)) { return SSS_STATUS_SUCCESS; } sss_cli_close_socket(); *errnop = EFAULT; return SSS_STATUS_UNAVAIL; } /* this function will check command codes match and returned length is ok */ /* repbuf and replen report only the data section not the header */ enum nss_status sss_nss_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop) { enum sss_status ret; char *envval; /* avoid looping in the nss daemon */ envval = getenv("_SSS_LOOPS"); if (envval && strcmp(envval, "NO") == 0) { return NSS_STATUS_NOTFOUND; } ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME); if (ret != SSS_STATUS_SUCCESS) { return NSS_STATUS_UNAVAIL; } ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); switch (ret) { case SSS_STATUS_TRYAGAIN: return NSS_STATUS_TRYAGAIN; case SSS_STATUS_SUCCESS: return NSS_STATUS_SUCCESS; case SSS_STATUS_UNAVAIL: default: return NSS_STATUS_UNAVAIL; } } int sss_pac_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop) { enum sss_status ret; char *envval; /* avoid looping in the nss daemon */ envval = getenv("_SSS_LOOPS"); if (envval && strcmp(envval, "NO") == 0) { return NSS_STATUS_NOTFOUND; } ret = sss_cli_check_socket(errnop, SSS_PAC_SOCKET_NAME); if (ret != SSS_STATUS_SUCCESS) { return NSS_STATUS_UNAVAIL; } ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); switch (ret) { case SSS_STATUS_TRYAGAIN: return NSS_STATUS_TRYAGAIN; case SSS_STATUS_SUCCESS: return NSS_STATUS_SUCCESS; case SSS_STATUS_UNAVAIL: default: return NSS_STATUS_UNAVAIL; } } errno_t check_server_cred(int sockfd) { #ifdef HAVE_UCRED int ret; struct ucred server_cred; socklen_t server_cred_len = sizeof(server_cred); ret = getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &server_cred, &server_cred_len); if (ret != 0) { return errno; } if (server_cred_len != sizeof(struct ucred)) { return ESSS_BAD_CRED_MSG; } if (server_cred.uid != 0 || server_cred.gid != 0) { return ESSS_SERVER_NOT_TRUSTED; } #endif return 0; } int sss_pam_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop) { int ret, statret; errno_t error; enum sss_status status; char *envval; struct stat stat_buf; sss_pam_lock(); /* avoid looping in the pam daemon */ envval = getenv("_SSS_LOOPS"); if (envval && strcmp(envval, "NO") == 0) { ret = PAM_SERVICE_ERR; goto out; } /* only root shall use the privileged pipe */ if (getuid() == 0 && getgid() == 0) { statret = stat(SSS_PAM_PRIV_SOCKET_NAME, &stat_buf); if (statret != 0) { ret = PAM_SERVICE_ERR; goto out; } if ( ! (stat_buf.st_uid == 0 && stat_buf.st_gid == 0 && S_ISSOCK(stat_buf.st_mode) && (stat_buf.st_mode & ~S_IFMT) == 0600 )) { *errnop = ESSS_BAD_PRIV_SOCKET; ret = PAM_SERVICE_ERR; goto out; } status = sss_cli_check_socket(errnop, SSS_PAM_PRIV_SOCKET_NAME); } else { statret = stat(SSS_PAM_SOCKET_NAME, &stat_buf); if (statret != 0) { ret = PAM_SERVICE_ERR; goto out; } if ( ! (stat_buf.st_uid == 0 && stat_buf.st_gid == 0 && S_ISSOCK(stat_buf.st_mode) && (stat_buf.st_mode & ~S_IFMT) == 0666 )) { *errnop = ESSS_BAD_PUB_SOCKET; ret = PAM_SERVICE_ERR; goto out; } status = sss_cli_check_socket(errnop, SSS_PAM_SOCKET_NAME); } if (status != SSS_STATUS_SUCCESS) { ret = PAM_SERVICE_ERR; goto out; } error = check_server_cred(sss_cli_sd); if (error != 0) { sss_cli_close_socket(); *errnop = error; ret = PAM_SERVICE_ERR; goto out; } status = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); if (status == SSS_STATUS_SUCCESS) { ret = PAM_SUCCESS; } else { ret = PAM_SERVICE_ERR; } out: sss_pam_unlock(); return ret; } void sss_pam_close_fd(void) { sss_pam_lock(); if (sss_cli_sd != -1) { close(sss_cli_sd); sss_cli_sd = -1; } sss_pam_unlock(); } int sss_sudo_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop) { enum sss_status ret = SSS_STATUS_UNAVAIL; ret = sss_cli_check_socket(errnop, SSS_SUDO_SOCKET_NAME); if (ret != SSS_STATUS_SUCCESS) { return SSS_STATUS_UNAVAIL; } ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); return ret; } int sss_autofs_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop) { enum sss_status ret = SSS_STATUS_UNAVAIL; ret = sss_cli_check_socket(errnop, SSS_AUTOFS_SOCKET_NAME); if (ret != SSS_STATUS_SUCCESS) { return SSS_STATUS_UNAVAIL; } ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); return ret; } int sss_ssh_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop) { enum sss_status ret = SSS_STATUS_UNAVAIL; ret = sss_cli_check_socket(errnop, SSS_SSH_SOCKET_NAME); if (ret != SSS_STATUS_SUCCESS) { return SSS_STATUS_UNAVAIL; } ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); return ret; } const char *ssscli_err2string(int err) { const char *m; switch(err) { case ESSS_BAD_PRIV_SOCKET: return _("Privileged socket has wrong ownership or permissions."); break; case ESSS_BAD_PUB_SOCKET: return _("Public socket has wrong ownership or permissions."); break; case ESSS_BAD_CRED_MSG: return _("Unexpected format of the server credential message."); break; case ESSS_SERVER_NOT_TRUSTED: return _("SSSD is not run by root."); break; default: m = strerror(err); if (m == NULL) { return _("An error occurred, but no description can be found."); } return m; break; } return _("Unexpected error while looking for an error description"); } /* Return strlen(str) or maxlen, whichever is shorter * Returns EINVAL if str is NULL, EFBIG if str is longer than maxlen * _len will return the result * * This function is useful for preventing buffer overflow attacks. */ errno_t sss_strnlen(const char *str, size_t maxlen, size_t *len) { if (!str) { return EINVAL; } #if defined __USE_GNU *len = strnlen(str, maxlen); #else *len = 0; while (*len < maxlen) { if (str[*len] == '\0') break; (*len)++; } #endif if (*len == maxlen && str[*len] != '\0') { return EFBIG; } return 0; } #if HAVE_PTHREAD typedef void (*sss_mutex_init)(void); struct sss_mutex { pthread_mutex_t mtx; pthread_once_t once; sss_mutex_init init; }; static void sss_nss_mt_init(void); static void sss_pam_mt_init(void); static struct sss_mutex sss_nss_mtx = { .mtx = PTHREAD_MUTEX_INITIALIZER, .once = PTHREAD_ONCE_INIT, .init = sss_nss_mt_init }; static struct sss_mutex sss_pam_mtx = { .mtx = PTHREAD_MUTEX_INITIALIZER, .once = PTHREAD_ONCE_INIT, .init = sss_pam_mt_init }; /* Wrappers for robust mutex support */ static int sss_mutexattr_setrobust (pthread_mutexattr_t *attr) { #ifdef HAVE_PTHREAD_MUTEXATTR_SETROBUST return pthread_mutexattr_setrobust(attr, PTHREAD_MUTEX_ROBUST); #elif HAVE_PTHREAD_MUTEXATTR_SETROBUST_NP return pthread_mutexattr_setrobust_np(attr, PTHREAD_MUTEX_ROBUST_NP); #else #warning Robust mutexes are not supported on this platform. return 0; #endif } static int sss_mutex_consistent(pthread_mutex_t *mtx) { #ifdef HAVE_PTHREAD_MUTEX_CONSISTENT return pthread_mutex_consistent(mtx); #elif HAVE_PTHREAD_MUTEX_CONSISTENT_NP return pthread_mutex_consistent_np(mtx); #else #warning Robust mutexes are not supported on this platform. return 0; #endif } /* Generic mutex init, lock, unlock functions */ static void sss_mt_init(struct sss_mutex *m) { pthread_mutexattr_t attr; if (pthread_mutexattr_init(&attr) != 0) { return; } if (sss_mutexattr_setrobust(&attr) != 0) { return; } pthread_mutex_init(&m->mtx, &attr); pthread_mutexattr_destroy(&attr); } static void sss_mt_lock(struct sss_mutex *m) { pthread_once(&m->once, m->init); if (pthread_mutex_lock(&m->mtx) == EOWNERDEAD) { sss_cli_close_socket(); sss_mutex_consistent(&m->mtx); } } static void sss_mt_unlock(struct sss_mutex *m) { pthread_mutex_unlock(&m->mtx); } /* NSS mutex wrappers */ static void sss_nss_mt_init(void) { sss_mt_init(&sss_nss_mtx); } void sss_nss_lock(void) { sss_mt_lock(&sss_nss_mtx); } void sss_nss_unlock(void) { sss_mt_unlock(&sss_nss_mtx); } /* NSS mutex wrappers */ static void sss_pam_mt_init(void) { sss_mt_init(&sss_pam_mtx); } void sss_pam_lock(void) { sss_mt_lock(&sss_pam_mtx); } void sss_pam_unlock(void) { sss_mt_unlock(&sss_pam_mtx); } #else /* sorry no mutexes available */ void sss_nss_lock(void) { return; } void sss_nss_unlock(void) { return; } void sss_pam_lock(void) { return; } void sss_pam_unlock(void) { return; } #endif errno_t sss_readrep_copy_string(const char *in, size_t *offset, size_t *slen, size_t *dlen, char **out, size_t *size) { size_t i = 0; while (*slen > *offset && *dlen > 0) { (*out)[i] = in[*offset]; if ((*out)[i] == '\0') break; i++; (*offset)++; (*dlen)--; } if (*slen <= *offset) { /* premature end of buf */ return EBADMSG; } if (*dlen == 0) { /* not enough memory */ return ERANGE; /* not ENOMEM, ERANGE is what glibc looks for */ } (*offset)++; (*dlen)--; if (size) { *size = i; } return EOK; } �����������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/nss_mc_passwd.c�����������������������������������������0000644�0000000�0000000�00000000074�12320753107�021517� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.544875032 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/nss_mc_passwd.c����������������������������������������������������������0000664�0024127�0024127�00000014603�12320753107�021745� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * System Security Services Daemon. NSS client interface * * Copyright (C) Simo Sorce 2011 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ /* PASSWD database NSS interface using mmap cache */ #include <errno.h> #include <stdio.h> #include <string.h> #include <stdlib.h> #include <stddef.h> #include <sys/mman.h> #include <time.h> #include "nss_mc.h" struct sss_cli_mc_ctx pw_mc_ctx = { false, -1, 0, NULL, 0, NULL, 0, NULL, 0 }; static errno_t sss_nss_mc_parse_result(struct sss_mc_rec *rec, struct passwd *result, char *buffer, size_t buflen) { struct sss_mc_pwd_data *data; time_t expire; void *cookie; int ret; /* additional checks before filling result*/ expire = rec->expire; if (expire < time(NULL)) { /* entry is now invalid */ return EINVAL; } data = (struct sss_mc_pwd_data *)rec->data; if (data->strs_len > buflen) { return ERANGE; } /* fill in glibc provided structs */ /* copy in buffer */ memcpy(buffer, data->strs, data->strs_len); /* fill in passwd */ result->pw_uid = data->uid; result->pw_gid = data->gid; cookie = NULL; ret = sss_nss_str_ptr_from_buffer(&result->pw_name, &cookie, buffer, data->strs_len); if (ret) { return ret; } ret = sss_nss_str_ptr_from_buffer(&result->pw_passwd, &cookie, buffer, data->strs_len); if (ret) { return ret; } ret = sss_nss_str_ptr_from_buffer(&result->pw_gecos, &cookie, buffer, data->strs_len); if (ret) { return ret; } ret = sss_nss_str_ptr_from_buffer(&result->pw_dir, &cookie, buffer, data->strs_len); if (ret) { return ret; } ret = sss_nss_str_ptr_from_buffer(&result->pw_shell, &cookie, buffer, data->strs_len); if (ret) { return ret; } if (cookie != NULL) { return EINVAL; } return 0; } errno_t sss_nss_mc_getpwnam(const char *name, size_t name_len, struct passwd *result, char *buffer, size_t buflen) { struct sss_mc_rec *rec = NULL; struct sss_mc_pwd_data *data; char *rec_name; uint32_t hash; uint32_t slot; int ret; size_t strs_offset; uint8_t *max_addr; ret = sss_nss_mc_get_ctx("passwd", &pw_mc_ctx); if (ret) { return ret; } /* Get max address of data table. */ max_addr = pw_mc_ctx.data_table + pw_mc_ctx.dt_size; /* hashes are calculated including the NULL terminator */ hash = sss_nss_mc_hash(&pw_mc_ctx, name, name_len + 1); slot = pw_mc_ctx.hash_table[hash]; /* If slot is not within the bounds of mmaped region and * it's value is not MC_INVALID_VAL, then the cache is * probbably corrupted. */ while (MC_SLOT_WITHIN_BOUNDS(slot, pw_mc_ctx.dt_size)) { ret = sss_nss_mc_get_record(&pw_mc_ctx, slot, &rec); if (ret) { goto done; } /* check record matches what we are searching for */ if (hash != rec->hash1) { /* if name hash does not match we can skip this immediately */ slot = rec->next; continue; } strs_offset = offsetof(struct sss_mc_pwd_data, strs); data = (struct sss_mc_pwd_data *)rec->data; /* Integrity check * - name_len cannot be longer than all strings * - data->name cannot point outside strings * - all strings must be within data_table */ if (name_len > data->strs_len || (data->name + name_len) > (strs_offset + data->strs_len) || (uint8_t *)data->strs + data->strs_len > max_addr) { ret = ENOENT; goto done; } rec_name = (char *)data + data->name; if (strcmp(name, rec_name) == 0) { break; } slot = rec->next; } if (!MC_SLOT_WITHIN_BOUNDS(slot, pw_mc_ctx.dt_size)) { ret = ENOENT; goto done; } ret = sss_nss_mc_parse_result(rec, result, buffer, buflen); done: free(rec); return ret; } errno_t sss_nss_mc_getpwuid(uid_t uid, struct passwd *result, char *buffer, size_t buflen) { struct sss_mc_rec *rec = NULL; struct sss_mc_pwd_data *data; char uidstr[11]; uint32_t hash; uint32_t slot; int len; int ret; ret = sss_nss_mc_get_ctx("passwd", &pw_mc_ctx); if (ret) { return ret; } len = snprintf(uidstr, 11, "%ld", (long)uid); if (len > 10) { return EINVAL; } /* hashes are calculated including the NULL terminator */ hash = sss_nss_mc_hash(&pw_mc_ctx, uidstr, len+1); slot = pw_mc_ctx.hash_table[hash]; /* If slot is not within the bounds of mmaped region and * it's value is not MC_INVALID_VAL, then the cache is * probbably corrupted. */ while (MC_SLOT_WITHIN_BOUNDS(slot, pw_mc_ctx.dt_size)) { ret = sss_nss_mc_get_record(&pw_mc_ctx, slot, &rec); if (ret) { goto done; } /* check record matches what we are searching for */ if (hash != rec->hash2) { /* if uid hash does not match we can skip this immediately */ slot = rec->next; continue; } data = (struct sss_mc_pwd_data *)rec->data; if (uid == data->uid) { break; } slot = rec->next; } if (!MC_SLOT_WITHIN_BOUNDS(slot, pw_mc_ctx.dt_size)) { ret = ENOENT; goto done; } ret = sss_nss_mc_parse_result(rec, result, buffer, buflen); done: free(rec); return ret; } �����������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/nss_mc_common.c�����������������������������������������0000644�0000000�0000000�00000000074�12320753107�021506� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.542875033 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/nss_mc_common.c����������������������������������������������������������0000664�0024127�0024127�00000016624�12320753107�021741� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * System Security Services Daemon. NSS client interface * * Copyright (C) Simo Sorce 2011 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ /* NSS interfaces to mmap cache */ #include "config.h" #include <stdio.h> #include <errno.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <unistd.h> #include <sys/mman.h> #include <string.h> #include <stdlib.h> #include "nss_mc.h" #include "util/io.h" /* FIXME: hook up to library destructor to avoid leaks */ /* FIXME: temporarily open passwd file on our own, later we will probably * use socket passing from the main process */ /* FIXME: handle name upper/lower casing ? Maybe a flag passed down by * sssd or a flag in sss_mc_header ? per domain ? */ #define MEMCPY_WITH_BARRIERS(res, dest, src, len) \ do { \ uint32_t _b1; \ res = false; \ _b1 = (src)->b1; \ if (MC_VALID_BARRIER(_b1)) { \ __sync_synchronize(); \ memcpy(dest, src, len); \ __sync_synchronize(); \ if ((src)->b2 == _b1) { \ res = true; \ } \ } \ } while(0) errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx) { struct sss_mc_header h; bool copy_ok; int count; /* retry barrier protected reading max 5 times then give up */ for (count = 5; count > 0; count--) { MEMCPY_WITH_BARRIERS(copy_ok, &h, (struct sss_mc_header *)ctx->mmap_base, sizeof(struct sss_mc_header)); if (copy_ok) { /* record is consistent so we can proceed */ break; } } if (count == 0) { /* couldn't successfully read header we have to give up */ return EIO; } if (h.major_vno != SSS_MC_MAJOR_VNO || h.minor_vno != SSS_MC_MINOR_VNO || h.status == SSS_MC_HEADER_RECYCLED) { return EINVAL; } /* first time we check the header, let's fill our own struct */ if (ctx->data_table == NULL) { ctx->seed = h.seed; ctx->data_table = MC_PTR_ADD(ctx->mmap_base, h.data_table); ctx->hash_table = MC_PTR_ADD(ctx->mmap_base, h.hash_table); ctx->dt_size = h.dt_size; ctx->ht_size = h.ht_size; } else { if (ctx->seed != h.seed || ctx->data_table != MC_PTR_ADD(ctx->mmap_base, h.data_table) || ctx->hash_table != MC_PTR_ADD(ctx->mmap_base, h.hash_table) || ctx->dt_size != h.dt_size || ctx->ht_size != h.ht_size) { return EINVAL; } } return 0; } errno_t sss_nss_mc_get_ctx(const char *name, struct sss_cli_mc_ctx *ctx) { struct stat fdstat; char *file = NULL; char *envval; int ret; envval = getenv("SSS_NSS_USE_MEMCACHE"); if (envval && strcasecmp(envval, "NO") == 0) { return EPERM; } if (ctx->initialized) { ret = sss_nss_check_header(ctx); goto done; } ret = asprintf(&file, "%s/%s", SSS_NSS_MCACHE_DIR, name); if (ret == -1) { ret = ENOMEM; goto done; } ctx->fd = sss_open_cloexec(file, O_RDONLY, &ret); if (ctx->fd == -1) { goto done; } ret = fstat(ctx->fd, &fdstat); if (ret == -1) { ret = EIO; goto done; } if (fdstat.st_size < MC_HEADER_SIZE) { ret = ENOMEM; goto done; } ctx->mmap_size = fdstat.st_size; ctx->mmap_base = mmap(NULL, ctx->mmap_size, PROT_READ, MAP_SHARED, ctx->fd, 0); if (ctx->mmap_base == MAP_FAILED) { ret = ENOMEM; goto done; } ret = sss_nss_check_header(ctx); if (ret != 0) { goto done; } ctx->initialized = true; ret = 0; done: if (ret) { if ((ctx->mmap_base != NULL) && (ctx->mmap_size != 0)) { munmap(ctx->mmap_base, ctx->mmap_size); } if (ctx->fd != -1) { close(ctx->fd); } memset(ctx, 0, sizeof(struct sss_cli_mc_ctx)); } free(file); return ret; } uint32_t sss_nss_mc_hash(struct sss_cli_mc_ctx *ctx, const char *key, size_t len) { return murmurhash3(key, len, ctx->seed) % MC_HT_ELEMS(ctx->ht_size); } errno_t sss_nss_mc_get_record(struct sss_cli_mc_ctx *ctx, uint32_t slot, struct sss_mc_rec **_rec) { struct sss_mc_rec *rec; struct sss_mc_rec *copy_rec = NULL; size_t buf_size = 0; size_t rec_len; uint32_t b1; uint32_t b2; bool copy_ok; int count; int ret; if (!MC_SLOT_WITHIN_BOUNDS(slot, ctx->dt_size)) { return EINVAL; } /* try max 5 times */ for (count = 5; count > 0; count--) { rec = MC_SLOT_TO_PTR(ctx->data_table, slot, struct sss_mc_rec); /* fetch record length */ b1 = rec->b1; __sync_synchronize(); rec_len = rec->len; __sync_synchronize(); b2 = rec->b2; if (!MC_VALID_BARRIER(b1) || b1 != b2) { /* record is inconsistent, retry */ continue; } if (!MC_CHECK_RECORD_LENGTH(ctx, rec)) { /* record has invalid length */ free(copy_rec); return EINVAL; } if (rec_len > buf_size) { free(copy_rec); copy_rec = malloc(rec_len); if (!copy_rec) { ret = ENOMEM; goto done; } buf_size = rec_len; } /* we cannot access data directly, we must copy data and then * access the copy */ MEMCPY_WITH_BARRIERS(copy_ok, copy_rec, rec, rec_len); /* we must check data is consistent again after the copy */ if (copy_ok && b1 == copy_rec->b2) { /* record is consistent, use it */ break; } } if (count == 0) { /* couldn't successfully read header we have to give up */ ret = EIO; goto done; } *_rec = copy_rec; ret = 0; done: if (ret) { free(copy_rec); *_rec = NULL; } return ret; } /* * returns strings froma a buffer. * * Call first time with *cookie set to null, then call again * with the returned cookie. * On the last string the cookie will be reset to null and * all strings will have been returned. * In case the last string is not zero terminated EINVAL is returned. */ errno_t sss_nss_str_ptr_from_buffer(char **str, void **cookie, char *buf, size_t len) { char *max = buf + len; char *ret; char *p; if (*cookie == NULL) { p = buf; } else { p = *((char **)cookie); } ret = p; while (p < max) { if (*p == '\0') { break; } p++; } if (p >= max) { return EINVAL; } p++; if (p == max) { *cookie = NULL; } else { *cookie = p; } *str = ret; return 0; } ������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/COPYING�������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�017543� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.391875145 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/COPYING������������������������������������������������������������������0000664�0024127�0024127�00000104513�12320753107�017771� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������ GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. <one line to give the program's name and a brief idea of what it does.> Copyright (C) <year> <name of author> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: <program> Copyright (C) <year> <name of author> This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see <http://www.gnu.org/licenses/>. The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read <http://www.gnu.org/philosophy/why-not-lgpl.html>. �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/PaxHeaders.13173/pam_test_client.c���������������������������������������0000644�0000000�0000000�00000000074�12320753107�022026� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.272891426 30 ctime=1396954961.734874891 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sss_client/pam_test_client.c��������������������������������������������������������0000664�0024127�0024127�00000006140�12320753107�022251� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Sumit Bose <sbose@redhat.com> Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> #include <unistd.h> #include <security/pam_appl.h> #include <security/pam_misc.h> static struct pam_conv conv = { misc_conv, NULL }; int main(int argc, char *argv[]) { pam_handle_t *pamh; char *user; char *action; int ret; if (argc == 1) { fprintf(stderr, "missing action and user name, using default\n"); action = strdup("auth"); user = strdup("dummy"); } else if (argc == 2) { fprintf(stdout, "using first argument as action and default user name\n"); action = strdup(argv[1]); user = strdup("dummy"); } else { action = strdup(argv[1]); user = strdup(argv[2]); } fprintf(stdout, "action: %s\nuser: %s\n", action,user); ret = pam_start("sss_test", user, &conv, &pamh); if (ret != PAM_SUCCESS) { fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret)); return 1; } if ( strncmp(action, "auth", 4)== 0 ) { fprintf(stdout, "testing pam_authenticate\n"); ret = pam_authenticate(pamh, 0); fprintf(stderr, "pam_authenticate: %s\n", pam_strerror(pamh, ret)); } else if ( strncmp(action, "chau", 4)== 0 ) { fprintf(stdout, "testing pam_chauthtok\n"); ret = pam_chauthtok(pamh, 0); fprintf(stderr, "pam_chauthtok: %s\n", pam_strerror(pamh, ret)); } else if ( strncmp(action, "acct", 4)== 0 ) { fprintf(stdout, "testing pam_acct_mgmt\n"); ret = pam_acct_mgmt(pamh, 0); fprintf(stderr, "pam_acct_mgmt: %s\n", pam_strerror(pamh, ret)); } else if ( strncmp(action, "setc", 4)== 0 ) { fprintf(stdout, "testing pam_setcred\n"); ret = pam_setcred(pamh, 0); fprintf(stderr, "pam_setcred: %d[%s]\n", ret, pam_strerror(pamh, ret)); } else if ( strncmp(action, "open", 4)== 0 ) { fprintf(stdout, "testing pam_open_session\n"); ret = pam_open_session(pamh, 0); fprintf(stderr, "pam_open_session: %s\n", pam_strerror(pamh, ret)); } else if ( strncmp(action, "clos", 4)== 0 ) { fprintf(stdout, "testing pam_close_session\n"); ret = pam_close_session(pamh, 0); fprintf(stderr, "pam_close_session: %s\n", pam_strerror(pamh, ret)); } else { fprintf(stderr, "unknown action\n"); } pam_end(pamh, ret); return 0; } ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/PaxHeaders.13173/sbus���������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�015234� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.671874938 30 atime=1396955003.535843846 30 ctime=1396954961.671874938 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/�������������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�015540� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/PaxHeaders.13173/sssd_dbus_connection.c����������������������������������������0000644�0000000�0000000�00000000074�12320753107�021672� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.271891427 30 ctime=1396954961.670874939 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/sssd_dbus_connection.c���������������������������������������������������������0000664�0024127�0024127�00000056053�12320753107�022125� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Simo Sorce <ssorce@redhat.com> Stephen Gallagher <sgallagh@redhat.com> Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <sys/time.h> #include "util/util.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "sbus/sssd_dbus_private.h" /* Types */ struct dbus_ctx_list; struct sbus_interface_p { struct sbus_interface_p *prev, *next; struct sbus_connection *conn; struct sbus_interface *intf; }; static bool path_in_interface_list(struct sbus_interface_p *list, const char *path); static void sbus_unreg_object_paths(struct sbus_connection *conn); static int sbus_auto_reconnect(struct sbus_connection *conn); static void sbus_dispatch(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *data) { struct tevent_timer *new_event; struct sbus_connection *conn; DBusConnection *dbus_conn; int ret; if (data == NULL) return; conn = talloc_get_type(data, struct sbus_connection); dbus_conn = conn->dbus.conn; DEBUG(SSSDBG_TRACE_ALL, ("dbus conn: %p\n", dbus_conn)); if (conn->retries > 0) { DEBUG(6, ("SBUS is reconnecting. Deferring.\n")); /* Currently trying to reconnect, defer dispatch for 30ms */ tv = tevent_timeval_current_ofs(0, 30); new_event = tevent_add_timer(ev, conn, tv, sbus_dispatch, conn); if (new_event == NULL) { DEBUG(0,("Could not defer dispatch!\n")); } return; } if ((!dbus_connection_get_is_connected(dbus_conn)) && (conn->max_retries != 0)) { /* Attempt to reconnect automatically */ ret = sbus_auto_reconnect(conn); if (ret == EOK) { DEBUG(1, ("Performing auto-reconnect\n")); return; } DEBUG(0, ("Cannot start auto-reconnection.\n")); conn->reconnect_callback(conn, SBUS_RECONNECT_ERROR, conn->reconnect_pvt); return; } if ((conn->disconnect) || (!dbus_connection_get_is_connected(dbus_conn))) { DEBUG(3,("Connection is not open for dispatching.\n")); /* * Free the connection object. * This will invoke the destructor for the connection */ talloc_free(conn); conn = NULL; return; } /* Dispatch only once each time through the mainloop to avoid * starving other features */ ret = dbus_connection_get_dispatch_status(dbus_conn); if (ret != DBUS_DISPATCH_COMPLETE) { DEBUG(9,("Dispatching.\n")); dbus_connection_dispatch(dbus_conn); } /* If other dispatches are waiting, queue up the dispatch function * for the next loop. */ ret = dbus_connection_get_dispatch_status(dbus_conn); if (ret != DBUS_DISPATCH_COMPLETE) { new_event = tevent_add_timer(ev, conn, tv, sbus_dispatch, conn); if (new_event == NULL) { DEBUG(2,("Could not add dispatch event!\n")); /* TODO: Calling exit here is bad */ exit(1); } } } /* dbus_connection_wakeup_main * D-BUS makes a callback to the wakeup_main function when * it has data available for dispatching. * In order to avoid blocking, this function will create a now() * timed event to perform the dispatch during the next iteration * through the mainloop */ static void sbus_conn_wakeup_main(void *data) { struct sbus_connection *conn; struct timeval tv; struct tevent_timer *te; conn = talloc_get_type(data, struct sbus_connection); tv = tevent_timeval_current(); /* D-BUS calls this function when it is time to do a dispatch */ te = tevent_add_timer(conn->ev, conn, tv, sbus_dispatch, conn); if (te == NULL) { DEBUG(2,("Could not add dispatch event!\n")); /* TODO: Calling exit here is bad */ exit(1); } } static int sbus_conn_set_fns(struct sbus_connection *conn); /* * integrate_connection_with_event_loop * Set up a D-BUS connection to use the libevents mainloop * for handling file descriptor and timed events */ int sbus_init_connection(TALLOC_CTX *ctx, struct tevent_context *ev, DBusConnection *dbus_conn, struct sbus_interface *intf, int connection_type, struct sbus_connection **_conn) { struct sbus_connection *conn; int ret; DEBUG(SSSDBG_TRACE_FUNC,("Adding connection %p\n", dbus_conn)); conn = talloc_zero(ctx, struct sbus_connection); conn->ev = ev; conn->type = SBUS_CONNECTION; conn->dbus.conn = dbus_conn; conn->connection_type = connection_type; ret = sbus_conn_add_interface(conn, intf); if (ret != EOK) { talloc_free(conn); return ret; } ret = sbus_conn_set_fns(conn); if (ret != EOK) { talloc_free(conn); return ret; } *_conn = conn; return ret; } static int sbus_conn_set_fns(struct sbus_connection *conn) { dbus_bool_t dbret; /* * Set the default destructor * Connections can override this with * sbus_conn_set_destructor */ sbus_conn_set_destructor(conn, NULL); /* Set up DBusWatch functions */ dbret = dbus_connection_set_watch_functions(conn->dbus.conn, sbus_add_watch, sbus_remove_watch, sbus_toggle_watch, conn, NULL); if (!dbret) { DEBUG(2,("Error setting up D-BUS connection watch functions\n")); return EIO; } /* Set up DBusTimeout functions */ dbret = dbus_connection_set_timeout_functions(conn->dbus.conn, sbus_add_timeout, sbus_remove_timeout, sbus_toggle_timeout, conn, NULL); if (!dbret) { DEBUG(2,("Error setting up D-BUS server timeout functions\n")); /* FIXME: free resources ? */ return EIO; } /* Set up dispatch handler */ dbus_connection_set_wakeup_main_function(conn->dbus.conn, sbus_conn_wakeup_main, conn, NULL); /* Set up any method_contexts passed in */ /* Attempt to dispatch immediately in case of opportunistic * services connecting before the handlers were all up. * If there are no messages to be dispatched, this will do * nothing. */ sbus_conn_wakeup_main(conn); return EOK; } int sbus_new_connection(TALLOC_CTX *ctx, struct tevent_context *ev, const char *address, struct sbus_interface *intf, struct sbus_connection **_conn) { struct sbus_connection *conn; DBusConnection *dbus_conn; DBusError dbus_error; int ret; dbus_error_init(&dbus_error); /* Open a shared D-BUS connection to the address */ dbus_conn = dbus_connection_open(address, &dbus_error); if (!dbus_conn) { DEBUG(1, ("Failed to open connection: name=%s, message=%s\n", dbus_error.name, dbus_error.message)); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); return EIO; } ret = sbus_init_connection(ctx, ev, dbus_conn, intf, SBUS_CONN_TYPE_SHARED, &conn); if (ret != EOK) { /* FIXME: release resources */ } /* Store the address for later reconnection */ conn->address = talloc_strdup(conn, address); dbus_connection_set_exit_on_disconnect(conn->dbus.conn, FALSE); *_conn = conn; return ret; } /* * sbus_conn_set_destructor * Configures a callback to clean up this connection when it * is finalized. * @param conn The sbus_connection created * when this connection was established * @param destructor The destructor function that should be * called when the connection is finalized. If passed NULL, * this will reset the connection to the default destructor. */ void sbus_conn_set_destructor(struct sbus_connection *conn, sbus_conn_destructor_fn destructor) { if (!conn) return; conn->destructor = destructor; /* TODO: Should we try to handle the talloc_destructor too? */ } int sbus_default_connection_destructor(void *ctx) { struct sbus_connection *conn; conn = talloc_get_type(ctx, struct sbus_connection); DEBUG(SSSDBG_TRACE_FUNC, ("Invoking default destructor on connection %p\n", conn->dbus.conn)); if (conn->connection_type == SBUS_CONN_TYPE_PRIVATE) { /* Private connections must be closed explicitly */ dbus_connection_close(conn->dbus.conn); } else if (conn->connection_type == SBUS_CONN_TYPE_SHARED) { /* Shared connections are destroyed when their last reference is removed */ } else { /* Critical Error! */ DEBUG(1,("Critical Error, connection_type is neither shared nor private!\n")); return -1; } /* Remove object path */ /* TODO: Remove object paths */ dbus_connection_unref(conn->dbus.conn); return 0; } /* * sbus_get_connection * Utility function to retreive the DBusConnection object * from a sbus_connection */ DBusConnection *sbus_get_connection(struct sbus_connection *conn) { return conn->dbus.conn; } void sbus_disconnect (struct sbus_connection *conn) { if (conn == NULL) { return; } DEBUG(SSSDBG_TRACE_FUNC, ("Disconnecting %p\n", conn->dbus.conn)); /******************************* * Referencing conn->dbus.conn */ dbus_connection_ref(conn->dbus.conn); conn->disconnect = 1; /* Invoke the custom destructor, if it exists */ if (conn->destructor) { conn->destructor(conn); } /* Unregister object paths */ sbus_unreg_object_paths(conn); /* Disable watch functions */ dbus_connection_set_watch_functions(conn->dbus.conn, NULL, NULL, NULL, NULL, NULL); /* Disable timeout functions */ dbus_connection_set_timeout_functions(conn->dbus.conn, NULL, NULL, NULL, NULL, NULL); /* Disable dispatch status function */ dbus_connection_set_dispatch_status_function(conn->dbus.conn, NULL, NULL, NULL); /* Disable wakeup main function */ dbus_connection_set_wakeup_main_function(conn->dbus.conn, NULL, NULL, NULL); /* Finalize the connection */ sbus_default_connection_destructor(conn); dbus_connection_unref(conn->dbus.conn); /* Unreferenced conn->dbus_conn * ******************************/ DEBUG(SSSDBG_TRACE_FUNC ,("Disconnected %p\n", conn->dbus.conn)); } static int sbus_reply_internal_error(DBusMessage *message, struct sbus_connection *conn) { DBusMessage *reply = dbus_message_new_error(message, DBUS_ERROR_IO_ERROR, "Internal Error"); if (reply) { sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); return DBUS_HANDLER_RESULT_HANDLED; } return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } /* messsage_handler * Receive messages and process them */ DBusHandlerResult sbus_message_handler(DBusConnection *dbus_conn, DBusMessage *message, void *user_data) { struct sbus_interface_p *intf_p; const char *method; const char *path; const char *msg_interface; DBusMessage *reply = NULL; int i, ret; int found; if (!user_data) { return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } intf_p = talloc_get_type(user_data, struct sbus_interface_p); method = dbus_message_get_member(message); DEBUG(9, ("Received SBUS method [%s]\n", method)); path = dbus_message_get_path(message); msg_interface = dbus_message_get_interface(message); if (!method || !path || !msg_interface) return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; /* Validate the D-BUS path */ if (strcmp(path, intf_p->intf->path) != 0) return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; /* Validate the method interface */ if (strcmp(msg_interface, intf_p->intf->interface) == 0) { found = 0; for (i = 0; intf_p->intf->methods[i].method != NULL; i++) { if (strcmp(method, intf_p->intf->methods[i].method) == 0) { found = 1; ret = intf_p->intf->methods[i].fn(message, intf_p->conn); if (ret != EOK) { return sbus_reply_internal_error(message, intf_p->conn); } break; } } if (!found) { /* Reply DBUS_ERROR_UNKNOWN_METHOD */ DEBUG(1, ("No matching method found for %s.\n", method)); reply = dbus_message_new_error(message, DBUS_ERROR_UNKNOWN_METHOD, NULL); sbus_conn_send_reply(intf_p->conn, reply); dbus_message_unref(reply); } } else { /* Special case: check for Introspection request * This is usually only useful for system bus connections */ if (strcmp(msg_interface, DBUS_INTROSPECT_INTERFACE) == 0 && strcmp(method, DBUS_INTROSPECT_METHOD) == 0) { if (intf_p->intf->introspect_fn) { /* If we have been asked for introspection data and we have * an introspection function registered, user that. */ ret = intf_p->intf->introspect_fn(message, intf_p->conn); if (ret != EOK) { return sbus_reply_internal_error(message, intf_p->conn); } } } else return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; } return DBUS_HANDLER_RESULT_HANDLED; } /* Adds a new D-BUS path message handler to the connection * Note: this must be a unique path. */ int sbus_conn_add_interface(struct sbus_connection *conn, struct sbus_interface *intf) { struct sbus_interface_p *intf_p; dbus_bool_t dbret; const char *path; if (!conn || !intf || !intf->vtable.message_function) { return EINVAL; } path = intf->path; if (path_in_interface_list(conn->intf_list, path)) { DEBUG(0, ("Cannot add method context with identical path.\n")); return EINVAL; } intf_p = talloc_zero(conn, struct sbus_interface_p); if (!intf_p) { return ENOMEM; } intf_p->conn = conn; intf_p->intf = intf; DLIST_ADD(conn->intf_list, intf_p); dbret = dbus_connection_register_object_path(conn->dbus.conn, path, &intf->vtable, intf_p); if (!dbret) { DEBUG(0, ("Could not register object path to the connection.\n")); return ENOMEM; } return EOK; } static bool path_in_interface_list(struct sbus_interface_p *list, const char *path) { struct sbus_interface_p *iter; if (!list || !path) { return false; } iter = list; while (iter != NULL) { if (strcmp(iter->intf->path, path) == 0) { return true; } iter = iter->next; } return false; } static void sbus_unreg_object_paths(struct sbus_connection *conn) { struct sbus_interface_p *iter = conn->intf_list; while (iter != NULL) { dbus_connection_unregister_object_path(conn->dbus.conn, iter->intf->path); iter = iter->next; } } void sbus_conn_set_private_data(struct sbus_connection *conn, void *pvt_data) { conn->pvt_data = pvt_data; } void *sbus_conn_get_private_data(struct sbus_connection *conn) { return conn->pvt_data; } static void sbus_reconnect(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *data) { struct sbus_connection *conn; struct sbus_interface_p *iter; DBusError dbus_error; dbus_bool_t dbret; int ret; conn = talloc_get_type(data, struct sbus_connection); dbus_error_init(&dbus_error); DEBUG(3, ("Making reconnection attempt %d to [%s]\n", conn->retries, conn->address)); conn->dbus.conn = dbus_connection_open(conn->address, &dbus_error); if (conn->dbus.conn) { /* We successfully reconnected. Set up mainloop integration. */ DEBUG(3, ("Reconnected to [%s]\n", conn->address)); ret = sbus_conn_set_fns(conn); if (ret != EOK) { dbus_connection_unref(conn->dbus.conn); goto failed; } /* Re-register object paths */ iter = conn->intf_list; while (iter) { dbret = dbus_connection_register_object_path(conn->dbus.conn, iter->intf->path, &iter->intf->vtable, iter); if (!dbret) { DEBUG(0, ("Could not register object path.\n")); dbus_connection_unref(conn->dbus.conn); goto failed; } iter = iter->next; } /* Reset retries to 0 to resume dispatch processing */ conn->retries = 0; /* Notify the owner of this connection that the * reconnection was successful */ conn->reconnect_callback(conn, SBUS_RECONNECT_SUCCESS, conn->reconnect_pvt); return; } failed: /* Reconnection failed, try again in a few seconds */ DEBUG(1, ("Failed to open connection: name=%s, message=%s\n", dbus_error.name, dbus_error.message)); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); conn->retries++; /* Check if we've passed our last chance or if we've lost track of * our retry count somehow */ if ((conn->retries > conn->max_retries) || (conn->retries <= 0)) { conn->reconnect_callback(conn, SBUS_RECONNECT_EXCEEDED_RETRIES, conn->reconnect_pvt); } if (conn->retries == 2) { /* Wait 3 seconds before the second reconnect attempt */ tv.tv_sec += 3; } else if (conn->retries == 3) { /* Wait 10 seconds before the third reconnect attempt */ tv.tv_sec += 10; } else { /* Wait 30 seconds before all subsequent reconnect attempts */ tv.tv_sec += 30; } te = tevent_add_timer(conn->ev, conn, tv, sbus_reconnect, conn); if (!te) { conn->reconnect_callback(conn, SBUS_RECONNECT_ERROR, conn->reconnect_pvt); } } /* This function will free and recreate the sbus_connection, * calling functions need to be aware of this (and whether * they have attached a talloc destructor to the * sbus_connection. */ static int sbus_auto_reconnect(struct sbus_connection *conn) { struct tevent_timer *te = NULL; struct timeval tv; conn->retries++; if (conn->retries >= conn->max_retries) { /* Return EIO (to tell the calling process it * needs to create a new connection from scratch */ return EIO; } gettimeofday(&tv, NULL); tv.tv_sec += 1; /* Wait 1 second before the first reconnect attempt */ te = tevent_add_timer(conn->ev, conn, tv, sbus_reconnect, conn); if (!te) { return EIO; } return EOK; } /* Max retries */ void sbus_reconnect_init(struct sbus_connection *conn, int max_retries, sbus_conn_reconn_callback_fn callback, void *pvt) { if (max_retries < 0 || callback == NULL) return; conn->retries = 0; conn->max_retries = max_retries; conn->reconnect_callback = callback; conn->reconnect_pvt = pvt; } bool sbus_conn_disconnecting(struct sbus_connection *conn) { if (conn->disconnect == 1) return true; return false; } /* * Send a message across the SBUS * If requested, the DBusPendingCall object will * be returned to the caller. * * This function will return EAGAIN in the event * that the connection is not open for * communication. */ int sbus_conn_send(struct sbus_connection *conn, DBusMessage *msg, int timeout_ms, DBusPendingCallNotifyFunction reply_handler, void *pvt, DBusPendingCall **pending) { DBusPendingCall *pending_reply; DBusConnection *dbus_conn; dbus_bool_t dbret; dbus_conn = sbus_get_connection(conn); if (!dbus_conn) { DEBUG(SSSDBG_CRIT_FAILURE, ("D-BUS not connected\n")); return ENOTCONN; } dbret = dbus_connection_send_with_reply(dbus_conn, msg, &pending_reply, timeout_ms); if (!dbret) { /* * Critical Failure * Insufficient memory to send message */ DEBUG(0, ("D-BUS send failed.\n")); return ENOMEM; } if (pending_reply) { /* Set up the reply handler */ dbret = dbus_pending_call_set_notify(pending_reply, reply_handler, pvt, NULL); if (!dbret) { /* * Critical Failure * Insufficient memory to create pending call notify */ DEBUG(0, ("D-BUS send failed.\n")); dbus_pending_call_cancel(pending_reply); dbus_pending_call_unref(pending_reply); return ENOMEM; } if(pending) { *pending = pending_reply; } return EOK; } /* If pending_reply is NULL, the connection was not * open for sending. */ /* TODO: Create a callback into the reconnection logic so this * request is invoked when the connection is re-established */ return EAGAIN; } void sbus_conn_send_reply(struct sbus_connection *conn, DBusMessage *reply) { dbus_connection_send(conn->dbus.conn, reply, NULL); } �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/PaxHeaders.13173/sbus_client.c�������������������������������������������������0000644�0000000�0000000�00000000073�12320753107�017773� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.271891427 29 ctime=1396954961.66887494 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/sbus_client.c������������������������������������������������������������������0000664�0024127�0024127�00000003760�12320753107�020224� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD Data Provider Helpers Copyright (C) Stephen Gallagher <sgallagh@redhat.com> 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "util/util.h" #include "talloc.h" #include "sbus_client.h" int sbus_client_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *server_address, struct sbus_interface *intf, struct sbus_connection **_conn, sbus_conn_destructor_fn destructor, void *conn_pvt_data) { struct sbus_connection *conn = NULL; int ret; char *filename; /* Validate input */ if (server_address == NULL) { return EINVAL; } filename = strchr(server_address, '/'); if (filename == NULL) { DEBUG(1, ("Unexpected dbus address [%s].\n", server_address)); return EIO; } ret = check_file(filename, 0, 0, 0600, CHECK_SOCK, NULL, true); if (ret != EOK) { DEBUG(1, ("check_file failed for [%s].\n", filename)); return EIO; } ret = sbus_new_connection(mem_ctx, ev, server_address, intf, &conn); if (ret != EOK) { goto fail; } /* Set connection destructor and private data */ sbus_conn_set_destructor(conn, destructor); sbus_conn_set_private_data(conn, conn_pvt_data); *_conn = conn; return EOK; fail: talloc_free(conn); return ret; } ����������������sssd-1.11.5/src/sbus/PaxHeaders.13173/sssd_dbus_common.c��������������������������������������������0000644�0000000�0000000�00000000073�12320753107�021022� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.271891427 29 ctime=1396954961.66987494 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/sssd_dbus_common.c�������������������������������������������������������������0000664�0024127�0024127�00000024365�12320753107�021257� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Simo Sorce <ssorce@redhat.com> Stephen Gallagher <sgallagh@redhat.com> Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <sys/time.h> #include "tevent.h" #include "dbus/dbus.h" #include "util/util.h" #include "sbus/sssd_dbus.h" #include "sbus/sssd_dbus_private.h" /* =Watches=============================================================== */ /* DBUS may ask us to add a watch to a file descriptor that already had a watch * associated. Need to check if that's the case */ static struct sbus_watch_ctx *fd_to_watch(struct sbus_watch_ctx *list, int fd) { struct sbus_watch_ctx *watch_iter; watch_iter = list; while (watch_iter != NULL) { if (watch_iter->fd == fd) { return watch_iter; } watch_iter = watch_iter->next; } return NULL; } static int watch_destructor(void *mem) { struct sbus_watch_ctx *watch; watch = talloc_get_type(mem, struct sbus_watch_ctx); DLIST_REMOVE(watch->conn->watch_list, watch); return 0; } /* * watch_handler * Callback for D-BUS to handle messages on a file-descriptor */ static void sbus_watch_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *data) { struct sbus_watch_ctx *watch = talloc_get_type(data, struct sbus_watch_ctx); enum dbus_conn_type type; union dbus_conn_pointer dbus_p; /* conn may get freed inside a handle, save the data we need for later */ type = watch->conn->type; dbus_p = watch->conn->dbus; /* Take a reference while handling watch */ if (type == SBUS_SERVER) { dbus_server_ref(dbus_p.server); } else { dbus_connection_ref(dbus_p.conn); } /* Fire if readable */ if (flags & TEVENT_FD_READ) { if (watch->dbus_read_watch) { dbus_watch_handle(watch->dbus_read_watch, DBUS_WATCH_READABLE); } } /* Fire if writeable */ if (flags & TEVENT_FD_WRITE) { if (watch->dbus_write_watch) { dbus_watch_handle(watch->dbus_write_watch, DBUS_WATCH_WRITABLE); } } /* Release reference once done */ if (type == SBUS_SERVER) { dbus_server_unref(dbus_p.server); } else { dbus_connection_unref(dbus_p.conn); } } /* * add_watch * Set up hooks into the libevents mainloop for * D-BUS to add file descriptor-based events */ dbus_bool_t sbus_add_watch(DBusWatch *dbus_watch, void *data) { unsigned int flags; uint16_t event_flags; struct sbus_connection *conn; struct sbus_watch_ctx *watch; dbus_bool_t enabled; int fd; conn = talloc_get_type(data, struct sbus_connection); #ifdef HAVE_DBUS_WATCH_GET_UNIX_FD fd = dbus_watch_get_unix_fd(dbus_watch); #else fd = dbus_watch_get_fd(dbus_watch); #endif watch = fd_to_watch(conn->watch_list, fd); if (!watch) { /* does not exist, allocate new one */ watch = talloc_zero(conn, struct sbus_watch_ctx); if (!watch) { DEBUG(0, ("Out of Memory!\n")); return FALSE; } watch->conn = conn; watch->fd = fd; } enabled = dbus_watch_get_enabled(dbus_watch); flags = dbus_watch_get_flags(dbus_watch); /* Save the event to the watch object so it can be found later */ if (flags & DBUS_WATCH_READABLE) { watch->dbus_read_watch = dbus_watch; } if (flags & DBUS_WATCH_WRITABLE) { watch->dbus_write_watch = dbus_watch; } dbus_watch_set_data(dbus_watch, watch, NULL); if (watch->fde) { /* pre-existing event, just toggle flags */ sbus_toggle_watch(dbus_watch, data); return TRUE; } event_flags = 0; if (enabled) { if (flags & DBUS_WATCH_READABLE) { event_flags |= TEVENT_FD_READ; } if (flags & DBUS_WATCH_WRITABLE) { event_flags |= TEVENT_FD_WRITE; } } /* Add the file descriptor to the event loop */ watch->fde = tevent_add_fd(conn->ev, watch, fd, event_flags, sbus_watch_handler, watch); if (!watch->fde) { DEBUG(0, ("Failed to set up fd event!\n")); talloc_zfree(watch); return FALSE; } DLIST_ADD(conn->watch_list, watch); talloc_set_destructor((TALLOC_CTX *)watch, watch_destructor); DEBUG(8, ("%p/%p (%d), %s/%s (%s)\n", watch, dbus_watch, fd, ((flags & DBUS_WATCH_READABLE)?"R":"-"), ((flags & DBUS_WATCH_WRITABLE)?"W":"-"), enabled?"enabled":"disabled")); return TRUE; } /* * toggle_watch * Hook for D-BUS to toggle the enabled/disabled state of * an event in the mainloop */ void sbus_toggle_watch(DBusWatch *dbus_watch, void *data) { struct sbus_watch_ctx *watch; unsigned int flags; dbus_bool_t enabled; void *watch_data; int fd = -1; enabled = dbus_watch_get_enabled(dbus_watch); flags = dbus_watch_get_flags(dbus_watch); watch_data = dbus_watch_get_data(dbus_watch); watch = talloc_get_type(watch_data, struct sbus_watch_ctx); if (!watch) { DEBUG(2, ("[%p] does not carry watch context?!\n", dbus_watch)); /* abort ? */ return; } if (enabled) { if (flags & DBUS_WATCH_READABLE) { TEVENT_FD_READABLE(watch->fde); } if (flags & DBUS_WATCH_WRITABLE) { TEVENT_FD_WRITEABLE(watch->fde); } } else { if (flags & DBUS_WATCH_READABLE) { TEVENT_FD_NOT_READABLE(watch->fde); } if (flags & DBUS_WATCH_WRITABLE) { TEVENT_FD_NOT_WRITEABLE(watch->fde); } } if (DEBUG_IS_SET(SSSDBG_TRACE_ALL)) { #ifdef HAVE_DBUS_WATCH_GET_UNIX_FD fd = dbus_watch_get_unix_fd(dbus_watch); #else fd = dbus_watch_get_fd(dbus_watch); #endif } DEBUG(SSSDBG_TRACE_ALL, ("%p/%p (%d), %s/%s (%s)\n", watch, dbus_watch, fd, ((flags & DBUS_WATCH_READABLE)?"R":"-"), ((flags & DBUS_WATCH_WRITABLE)?"W":"-"), enabled?"enabled":"disabled")); } /* * sbus_remove_watch * Hook for D-BUS to remove file descriptor-based events * from the libevents mainloop */ void sbus_remove_watch(DBusWatch *dbus_watch, void *data) { struct sbus_watch_ctx *watch; void *watch_data; watch_data = dbus_watch_get_data(dbus_watch); watch = talloc_get_type(watch_data, struct sbus_watch_ctx); DEBUG(8, ("%p/%p\n", watch, dbus_watch)); if (!watch) { DEBUG(2, ("DBUS trying to remove unknown watch!\n")); return; } /* remove dbus watch data */ dbus_watch_set_data(dbus_watch, NULL, NULL); /* check which watch to remove, or free if none left */ if (watch->dbus_read_watch == dbus_watch) { watch->dbus_read_watch = NULL; } if (watch->dbus_write_watch == dbus_watch) { watch->dbus_write_watch = NULL; } if (!watch->dbus_read_watch && !watch->dbus_write_watch) { talloc_free(watch); } } /* =Timeouts============================================================== */ static struct timeval _get_interval_tv(int interval) { struct timeval tv; struct timeval rightnow; gettimeofday(&rightnow,NULL); tv.tv_sec = interval / 1000 + rightnow.tv_sec; tv.tv_usec = (interval % 1000) * 1000 + rightnow.tv_usec; return tv; } /* * timeout_handler * Callback for D-BUS to handle timed events */ static void sbus_timeout_handler(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *data) { struct sbus_timeout_ctx *timeout; timeout = talloc_get_type(data, struct sbus_timeout_ctx); dbus_timeout_handle(timeout->dbus_timeout); } /* * add_timeout * Hook for D-BUS to add time-based events to the mainloop */ dbus_bool_t sbus_add_timeout(DBusTimeout *dbus_timeout, void *data) { struct sbus_connection *conn; struct sbus_timeout_ctx *timeout; struct timeval tv; DEBUG(8, ("%p\n", dbus_timeout)); if (!dbus_timeout_get_enabled(dbus_timeout)) { return TRUE; } conn = talloc_get_type(data, struct sbus_connection); timeout = talloc_zero(conn, struct sbus_timeout_ctx); if (!timeout) { DEBUG(0, ("Out of Memory!\n")); return FALSE; } timeout->dbus_timeout = dbus_timeout; tv = _get_interval_tv(dbus_timeout_get_interval(dbus_timeout)); timeout->te = tevent_add_timer(conn->ev, timeout, tv, sbus_timeout_handler, timeout); if (!timeout->te) { DEBUG(0, ("Failed to set up timeout event!\n")); return FALSE; } /* Save the event to the watch object so it can be removed later */ dbus_timeout_set_data(timeout->dbus_timeout, timeout, NULL); return TRUE; } /* * sbus_toggle_timeout * Hook for D-BUS to toggle the enabled/disabled state of a mainloop * event */ void sbus_toggle_timeout(DBusTimeout *dbus_timeout, void *data) { DEBUG(8, ("%p\n", dbus_timeout)); if (dbus_timeout_get_enabled(dbus_timeout)) { sbus_add_timeout(dbus_timeout, data); } else { sbus_remove_timeout(dbus_timeout, data); } } /* * sbus_remove_timeout * Hook for D-BUS to remove time-based events from the mainloop */ void sbus_remove_timeout(DBusTimeout *dbus_timeout, void *data) { void *timeout; DEBUG(8, ("%p\n", dbus_timeout)); timeout = dbus_timeout_get_data(dbus_timeout); /* remove dbus timeout data */ dbus_timeout_set_data(dbus_timeout, NULL, NULL); /* Freeing the event object will remove it from the event loop */ talloc_free(timeout); } ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/PaxHeaders.13173/sssd_dbus_private.h�������������������������������������������0000644�0000000�0000000�00000000074�12320753107�021212� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.271891427 30 ctime=1396954961.453875099 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/sssd_dbus_private.h������������������������������������������������������������0000664�0024127�0024127�00000005207�12320753107�021440� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* Authors: Simo Sorce <ssorce@redhat.com> Stephen Gallagher <sgallagh@redhat.com> Copyright (C) 2009 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifndef _SSSD_DBUS_PRIVATE_H_ #define _SSSD_DBUS_PRIVATE_H_ union dbus_conn_pointer { DBusServer *server; DBusConnection *conn; }; enum dbus_conn_type { SBUS_SERVER, SBUS_CONNECTION }; struct sbus_interface_p; struct sbus_watch_ctx; struct sbus_connection { struct tevent_context *ev; enum dbus_conn_type type; union dbus_conn_pointer dbus; char *address; int connection_type; int disconnect; sbus_conn_destructor_fn destructor; void *pvt_data; /* Private data for this connection */ /* dbus tables and handlers */ struct sbus_interface_p *intf_list; /* reconnect settings */ int retries; int max_retries; sbus_conn_reconn_callback_fn reconnect_callback; /* Private data needed to reinit after reconnection */ void *reconnect_pvt; /* server related stuff */ char *symlink; struct sbus_interface *server_intf; sbus_server_conn_init_fn srv_init_fn; void *srv_init_data; /* watches list */ struct sbus_watch_ctx *watch_list; }; /* =Watches=============================================================== */ struct sbus_watch_ctx { struct sbus_watch_ctx *prev, *next; struct sbus_connection *conn; struct tevent_fd *fde; int fd; DBusWatch *dbus_read_watch; DBusWatch *dbus_write_watch; }; dbus_bool_t sbus_add_watch(DBusWatch *watch, void *data); void sbus_toggle_watch(DBusWatch *watch, void *data); void sbus_remove_watch(DBusWatch *watch, void *data); /* =Timeouts============================================================== */ struct sbus_timeout_ctx { DBusTimeout *dbus_timeout; struct tevent_timer *te; }; dbus_bool_t sbus_add_timeout(DBusTimeout *dbus_timeout, void *data); void sbus_toggle_timeout(DBusTimeout *dbus_timeout, void *data); void sbus_remove_timeout(DBusTimeout *dbus_timeout, void *data); #endif /* _SSSD_DBUS_PRIVATE_H_ */ �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/PaxHeaders.13173/sssd_dbus.h���������������������������������������������������0000644�0000000�0000000�00000000072�12320753107�017456� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.271891427 28 ctime=1396954961.4528751 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/sssd_dbus.h��������������������������������������������������������������������0000664�0024127�0024127�00000012656�12320753107�017714� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD SSSD - D-BUS interface Copyright (C) Stephen Gallagher 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifndef _SSSD_DBUS_H_ #define _SSSD_DBUS_H_ struct sbus_connection; #include "dbus/dbus.h" typedef int (*sbus_msg_handler_fn)(DBusMessage *, struct sbus_connection *); /* * sbus_conn_destructor_fn * Function to be called when a connection is finalized */ typedef int (*sbus_conn_destructor_fn)(void *); typedef void (*sbus_conn_reconn_callback_fn)(struct sbus_connection *, int, void *); /* * sbus_server_conn_init_fn * Set up function for connection-specific activities * This function should define the sbus_conn_destructor_fn * for this connection at a minimum */ typedef int (*sbus_server_conn_init_fn)(struct sbus_connection *, void *); enum { SBUS_CONN_TYPE_PRIVATE = 1, SBUS_CONN_TYPE_SHARED }; enum { SBUS_RECONNECT_SUCCESS = 1, SBUS_RECONNECT_EXCEEDED_RETRIES, SBUS_RECONNECT_ERROR }; /* Special interface and method for D-BUS introspection */ #define DBUS_INTROSPECT_INTERFACE "org.freedesktop.DBus.Introspectable" #define DBUS_INTROSPECT_METHOD "Introspect" #define SBUS_DEFAULT_VTABLE { NULL, sbus_message_handler, NULL, NULL, NULL, NULL } struct sbus_method { const char *method; sbus_msg_handler_fn fn; }; struct sbus_interface { const char *interface; const char *path; DBusObjectPathVTable vtable; struct sbus_method *methods; sbus_msg_handler_fn introspect_fn; }; /* Server Functions */ int sbus_new_server(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *address, struct sbus_interface *intf, bool use_symlink, struct sbus_connection **server, sbus_server_conn_init_fn init_fn, void *init_pvt_data); /* Connection Functions */ /* sbus_new_connection * Use this function when connecting a new process to * the standard SSSD interface. * This will connect to the address specified and then * call sbus_add_connection to integrate with the main * loop. */ int sbus_new_connection(TALLOC_CTX *ctx, struct tevent_context *ev, const char *address, struct sbus_interface *intf, struct sbus_connection **conn); /* sbus_add_connection * Integrates a D-BUS connection with the TEvent main * loop. Use this function when you already have a * DBusConnection object (for example from dbus_bus_get) * Connection type can be either: * SBUS_CONN_TYPE_PRIVATE: Used only from within a D-BUS * server such as the Monitor in the * new_connection_callback * SBUS_CONN_TYPE_SHARED: Used for all D-BUS client * connections, including those retrieved from * dbus_bus_get */ int sbus_init_connection(TALLOC_CTX *ctx, struct tevent_context *ev, DBusConnection *dbus_conn, struct sbus_interface *intf, int connection_type, struct sbus_connection **_conn); void sbus_conn_set_destructor(struct sbus_connection *conn, sbus_conn_destructor_fn destructor); int sbus_default_connection_destructor(void *ctx); DBusConnection *sbus_get_connection(struct sbus_connection *conn); void sbus_disconnect(struct sbus_connection *conn); void sbus_conn_set_private_data(struct sbus_connection *conn, void *pvt_data); void *sbus_conn_get_private_data(struct sbus_connection *conn); int sbus_conn_add_interface(struct sbus_connection *conn, struct sbus_interface *intf); bool sbus_conn_disconnecting(struct sbus_connection *conn); /* max_retries < 0: retry forever * max_retries = 0: never retry (why are you calling this function?) * max_retries > 0: obvious */ void sbus_reconnect_init(struct sbus_connection *conn, int max_retries, sbus_conn_reconn_callback_fn callback, void *pvt); /* Default message handler * Should be usable for most cases */ DBusHandlerResult sbus_message_handler(DBusConnection *conn, DBusMessage *message, void *user_data); /* * Send a message across the SBUS * If requested, the DBusPendingCall object will * be returned to the caller. * * This function will return EAGAIN in the event * that the connection is not open for * communication. */ int sbus_conn_send(struct sbus_connection *conn, DBusMessage *msg, int timeout_ms, DBusPendingCallNotifyFunction reply_handler, void *pvt, DBusPendingCall **pending); void sbus_conn_send_reply(struct sbus_connection *conn, DBusMessage *reply); #endif /* _SSSD_DBUS_H_*/ ����������������������������������������������������������������������������������sssd-1.11.5/src/sbus/PaxHeaders.13173/sssd_dbus_server.c��������������������������������������������0000644�0000000�0000000�00000000074�12320753107�021041� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.271891427 30 ctime=1396954961.671874938 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/sssd_dbus_server.c�������������������������������������������������������������0000664�0024127�0024127�00000024465�12320753107�021276� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD Service monitor - D-BUS features Copyright (C) Stephen Gallagher 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <sys/time.h> #include <sys/types.h> #include <sys/stat.h> #include "tevent.h" #include "util/util.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "sbus/sssd_dbus_private.h" static int sbus_server_destructor(void *ctx); /* * new_connection_callback * Actions to be run upon each new client connection * Must either perform dbus_connection_ref() on the * new connection or else close the connection with * dbus_connection_close() */ static void sbus_server_init_new_connection(DBusServer *dbus_server, DBusConnection *dbus_conn, void *data) { struct sbus_connection *server; struct sbus_connection *conn; int ret; DEBUG(5,("Entering.\n")); server = talloc_get_type(data, struct sbus_connection); if (!server) { return; } DEBUG(5,("Adding connection %p.\n", dbus_conn)); ret = sbus_init_connection(server, server->ev, dbus_conn, server->server_intf, SBUS_CONN_TYPE_PRIVATE, &conn); if (ret != 0) { dbus_connection_close(dbus_conn); DEBUG(5,("Closing connection (failed setup)")); return; } dbus_connection_ref(dbus_conn); DEBUG(5,("Got a connection\n")); /* * Initialize connection-specific features * This may set a more detailed destructor, but * the default destructor will always be chained * to handle connection cleanup. * This function (or its callbacks) should also * set up connection-specific methods. */ ret = server->srv_init_fn(conn, server->srv_init_data); if (ret != EOK) { DEBUG(1,("Initialization failed!\n")); dbus_connection_close(dbus_conn); talloc_zfree(conn); } } const char * get_socket_address(TALLOC_CTX *mem_ctx, const char *address, bool use_symlink) { if (!use_symlink) { return talloc_strdup(mem_ctx, address); } return talloc_asprintf(mem_ctx, "%s.%lu", address, (unsigned long) getpid()); } static errno_t create_socket_symlink(const char *filename, const char *symlink_filename) { errno_t ret; DEBUG(7, ("Symlinking the dbus path %s to a link %s\n", filename, symlink_filename)); errno = 0; ret = symlink(filename, symlink_filename); if (ret != 0 && errno == EEXIST) { /* Perhaps cruft after a previous server? */ errno = 0; ret = unlink(symlink_filename); if (ret != 0) { ret = errno; DEBUG(1, ("Cannot remove old symlink: [%d][%s].\n", ret, strerror(ret))); return EIO; } errno = 0; ret = symlink(filename, symlink_filename); } if (ret != 0) { ret = errno; DEBUG(1, ("symlink() failed on file '%s': [%d][%s].\n", filename, ret, strerror(ret))); return EIO; } return EOK; } static errno_t remove_socket_symlink(const char *symlink_name) { errno_t ret; char target[PATH_MAX]; char pidpath[PATH_MAX]; ssize_t numread = 0; errno = 0; numread = readlink(symlink_name, target, PATH_MAX-1); if (numread < 0) { ret = errno; DEBUG(2, ("readlink failed [%d]: %s\n", ret, strerror(ret))); return ret; } target[numread] = '\0'; DEBUG(9, ("The symlink points to [%s]\n", target)); /* We can only remove the symlink if it points to a socket with * the same PID */ ret = snprintf(pidpath, PATH_MAX, "%s.%lu", symlink_name, (unsigned long) getpid()); if (ret < 0) { DEBUG(2, ("snprintf failed")); return EIO; } else if (ret >= PATH_MAX) { DEBUG(2, ("path too long?!?!\n")); return EIO; } DEBUG(9, ("The path including our pid is [%s]\n", pidpath)); if (strcmp(pidpath, target) != 0) { DEBUG(4, ("Will not remove symlink, seems to be owned by " "another process\n")); return EOK; } ret = unlink(symlink_name); if (ret != 0) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("unlink failed to remove [%s] [%d]: %s\n", symlink_name, ret, strerror(ret))); return ret; } DEBUG(9, ("Removed the symlink\n")); return EOK; } /* * dbus_new_server * Set up a D-BUS server, integrate with the event loop * for handling file descriptor and timed events */ int sbus_new_server(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *address, struct sbus_interface *intf, bool use_symlink, struct sbus_connection **_server, sbus_server_conn_init_fn init_fn, void *init_pvt_data) { struct sbus_connection *server; DBusServer *dbus_server; DBusError dbus_error; dbus_bool_t dbret; char *tmp; int ret; char *filename; char *symlink_filename = NULL; const char *socket_address; struct stat stat_buf; TALLOC_CTX *tmp_ctx; *_server = NULL; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; socket_address = get_socket_address(tmp_ctx, address, use_symlink); if (!socket_address) { ret = ENOMEM; goto done; } /* Set up D-BUS server */ dbus_error_init(&dbus_error); dbus_server = dbus_server_listen(socket_address, &dbus_error); if (!dbus_server) { DEBUG(1,("dbus_server_listen failed! (name=%s, message=%s)\n", dbus_error.name, dbus_error.message)); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); ret = EIO; goto done; } filename = strchr(socket_address, '/'); if (filename == NULL) { DEBUG(1, ("Unexpected dbus address [%s].\n", socket_address)); ret = EIO; goto done; } if (use_symlink) { symlink_filename = strchr(address, '/'); if (symlink_filename == NULL) { DEBUG(1, ("Unexpected dbus address [%s].\n", address)); ret = EIO; goto done; } ret = create_socket_symlink(filename, symlink_filename); if (ret != EOK) { DEBUG(1, ("Could not create symlink [%d]: %s\n", ret, strerror(ret))); ret = EIO; goto done; } } /* Both check_file and chmod can handle both the symlink and * the socket */ ret = check_file(filename, 0, 0, -1, CHECK_SOCK, &stat_buf, true); if (ret != EOK) { DEBUG(1, ("check_file failed for [%s].\n", filename)); ret = EIO; goto done; } if ((stat_buf.st_mode & ~S_IFMT) != 0600) { ret = chmod(filename, 0600); if (ret != EOK) { DEBUG(1, ("chmod failed for [%s]: [%d][%s].\n", filename, errno, strerror(errno))); ret = EIO; goto done; } } tmp = dbus_server_get_address(dbus_server); DEBUG(SSSDBG_TRACE_FUNC, ("D-BUS Server listening on %s\n", tmp)); free(tmp); server = talloc_zero(tmp_ctx, struct sbus_connection); if (!server) { ret = ENOMEM; goto done; } server->ev = ev; server->type = SBUS_SERVER; server->dbus.server = dbus_server; server->server_intf = intf; server->srv_init_fn = init_fn; server->srv_init_data = init_pvt_data; talloc_set_destructor((TALLOC_CTX *)server, sbus_server_destructor); if (use_symlink) { server->symlink = talloc_strdup(server, symlink_filename); if (!server->symlink) { ret = ENOMEM; goto done; } } /* Set up D-BUS new connection handler */ dbus_server_set_new_connection_function(server->dbus.server, sbus_server_init_new_connection, server, NULL); /* Set up DBusWatch functions */ dbret = dbus_server_set_watch_functions(server->dbus.server, sbus_add_watch, sbus_remove_watch, sbus_toggle_watch, server, NULL); if (!dbret) { DEBUG(4, ("Error setting up D-BUS server watch functions\n")); ret = EIO; goto done; } /* Set up DBusTimeout functions */ dbret = dbus_server_set_timeout_functions(server->dbus.server, sbus_add_timeout, sbus_remove_timeout, sbus_toggle_timeout, server, NULL); if (!dbret) { DEBUG(4,("Error setting up D-BUS server timeout functions\n")); dbus_server_set_watch_functions(server->dbus.server, NULL, NULL, NULL, NULL, NULL); ret = EIO; goto done; } *_server = talloc_steal(mem_ctx, server); ret = EOK; done: if (ret != EOK && symlink_filename) { unlink(symlink_filename); } talloc_free(tmp_ctx); return ret; } static int sbus_server_destructor(void *ctx) { struct sbus_connection *server; errno_t ret; server = talloc_get_type(ctx, struct sbus_connection); dbus_server_disconnect(server->dbus.server); if (server->symlink) { ret = remove_socket_symlink(server->symlink); if (ret != EOK) { DEBUG(3, ("Could not remove the server symlink\n")); } } return 0; } �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/PaxHeaders.13173/sbus_client.h�������������������������������������������������0000644�0000000�0000000�00000000072�12320753107�017777� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.271891427 28 ctime=1396954961.4518751 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/sbus/sbus_client.h������������������������������������������������������������������0000664�0024127�0024127�00000002276�12320753107�020232� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD Data Provider Helpers Copyright (C) Stephen Gallagher <sgallagh@redhat.com> 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifndef SBUS_CLIENT_H_ #define SBUS_CLIENT_H_ #include "tevent.h" #include "sbus/sssd_dbus.h" int sbus_client_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *server_address, struct sbus_interface *intf, struct sbus_connection **_conn, sbus_conn_destructor_fn destructor, void *conn_pvt_data); #endif /* SBUS_CLIENT_H_ */ ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/PaxHeaders.13173/examples�����������������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�016076� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.389875146 30 atime=1396955003.535843846 30 ctime=1396954961.389875146 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/examples/���������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�016402� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/examples/PaxHeaders.13173/logrotate�������������������������������������������������0000644�0000000�0000000�00000000073�12320753107�020102� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954939.25489144 30 ctime=1396954961.389875146 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/examples/logrotate������������������������������������������������������������������0000664�0024127�0024127�00000000333�12320753107�020324� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/var/log/sssd/*.log { weekly missingok notifempty sharedscripts rotate 2 compress postrotate /bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true endscript } �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/examples/PaxHeaders.13173/sudo������������������������������������������������������0000644�0000000�0000000�00000000073�12320753107�017054� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954939.25489144 30 ctime=1396954961.389875146 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/examples/sudo�����������������������������������������������������������������������0000664�0024127�0024127�00000000265�12320753107�017302� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#%PAM-1.0 auth required pam_sss.so account required pam_sss.so password required pam_sss.so session optional pam_keyinit.so revoke session required pam_limits.so �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/examples/PaxHeaders.13173/sssd-example.conf�����������������������������������������0000644�0000000�0000000�00000000073�12320753107�021433� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954939.25489144 30 ctime=1396954961.387875148 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/examples/sssd-example.conf����������������������������������������������������������0000664�0024127�0024127�00000003565�12320753107�021667� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������[sssd] config_file_version = 2 services = nss, pam # SSSD will not start if you do not configure any domains. # Add new domain configurations as [domain/<NAME>] sections, and # then add the list of domains (in the order you want them to be # queried) to the "domains" attribute below and uncomment it. ; domains = LDAP [nss] [pam] # Example LDAP domain ; [domain/LDAP] ; id_provider = ldap ; auth_provider = ldap # ldap_schema can be set to "rfc2307", which stores group member names in the # "memberuid" attribute, or to "rfc2307bis", which stores group member DNs in # the "member" attribute. If you do not know this value, ask your LDAP # administrator. ; ldap_schema = rfc2307 ; ldap_uri = ldap://ldap.mydomain.org ; ldap_search_base = dc=mydomain,dc=org # Note that enabling enumeration will have a moderate performance impact. # Consequently, the default value for enumeration is FALSE. # Refer to the sssd.conf man page for full details. ; enumerate = false # Allow offline logins by locally storing password hashes (default: false). ; cache_credentials = true # An example Active Directory domain. Please note that this configuration # works for AD 2003R2 and AD 2008, because they use pretty much RFC2307bis # compliant attribute names. To support UNIX clients with AD 2003 or older, # you must install Microsoft Services For Unix and map LDAP attributes onto # msSFU30* attribute names. ; [domain/AD] ; id_provider = ldap ; auth_provider = krb5 ; chpass_provider = krb5 ; ; ldap_uri = ldap://your.ad.example.com ; ldap_search_base = dc=example,dc=com ; ldap_schema = rfc2307bis ; ldap_sasl_mech = GSSAPI ; ldap_user_object_class = user ; ldap_group_object_class = group ; ldap_user_home_directory = unixHomeDirectory ; ldap_user_principal = userPrincipalName ; ldap_account_expire_policy = ad ; ldap_force_upper_case_realm = true ; ; krb5_server = your.ad.example.com ; krb5_realm = EXAMPLE.COM �������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/examples/PaxHeaders.13173/rwtab.in��������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�017627� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954960.278875967 30 ctime=1396954961.358875169 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/examples/rwtab.in�������������������������������������������������������������������0000664�0024127�0024127�00000000032�12320753107�020044� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������dirs @sharedstatedir@/sss ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/examples/PaxHeaders.13173/sssdproxytest���������������������������������������������0000644�0000000�0000000�00000000073�12320753107�021060� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954939.25489144 30 ctime=1396954961.388875147 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/examples/sssdproxytest��������������������������������������������������������������0000664�0024127�0024127�00000000130�12320753107�021275� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#%PAM-1.0 auth irequired pam_ldap.so account required pam_ldap.so ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/PaxHeaders.13173/monitor������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�015747� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.757874875 30 atime=1396955003.535843846 30 ctime=1396954961.757874875 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/monitor/����������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�016253� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/monitor/PaxHeaders.13173/monitor.c��������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�017664� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.262891434 30 ctime=1396954961.757874875 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/monitor/monitor.c�������������������������������������������������������������������0000664�0024127�0024127�00000241623�12320753107�020116� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD Service monitor Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "util/util.h" #include "util/child_common.h" #include <sys/types.h> #include <sys/wait.h> #include <sys/time.h> #include <sys/param.h> #include <time.h> #include <string.h> #ifdef HAVE_SYS_INOTIFY_H #include <sys/inotify.h> #endif #include <sys/types.h> #include <sys/stat.h> #include <unistd.h> #include <fcntl.h> /* Needed for res_init() */ #include <netinet/in.h> #include <arpa/nameser.h> #include <resolv.h> #include "popt.h" #include "tevent.h" #include "confdb/confdb.h" #include "confdb/confdb_setup.h" #include "db/sysdb.h" #include "monitor/monitor.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "monitor/monitor_interfaces.h" #include "responder/common/responder_sbus.h" #ifdef USE_KEYRING #include <keyutils.h> #endif /* ping time cannot be less then once every few seconds or the * monitor will get crazy hammering children with messages */ #define MONITOR_DEF_PING_TIME 10 /* terminate the child after this interval by default if it * doesn't shutdown on receiving SIGTERM */ #define MONITOR_DEF_FORCE_TIME 60 /* TODO: get the restart related values from config */ #define MONITOR_RESTART_CNT_INTERVAL_RESET 30 /* maximum allowed number of service restarts if the restarts * were less than MONITOR_RESTART_CNT_INTERVAL_RESET apart, which would * indicate a crash after startup or after every request */ #define MONITOR_MAX_SVC_RESTARTS 2 /* The services are restarted with a delay in case the restart was * hitting a race condition where the DP is not ready yet either. * The MONITOR_MAX_RESTART_DELAY defines the maximum delay between * restarts. */ #define MONITOR_MAX_RESTART_DELAY 4 /* name of the monitor server instance */ #define MONITOR_NAME "sssd" #define SSSD_PIDFILE_PATH PID_PATH"/"MONITOR_NAME".pid" /* Special value to leave the Kerberos Replay Cache set to use * the libkrb5 defaults */ #define KRB5_RCACHE_DIR_DISABLE "__LIBKRB5_DEFAULTS__" /* Warning messages */ #define CONF_FILE_PERM_ERROR_MSG "Cannot read config file %s. Please check "\ "if permissions are 0600 and the file is "\ "owned by root.root." int cmdline_debug_level; int cmdline_debug_timestamps; int cmdline_debug_microseconds; struct svc_spy; enum mt_svc_type { MT_SVC_SERVICE, MT_SVC_PROVIDER }; struct mt_svc { struct mt_svc *prev; struct mt_svc *next; enum mt_svc_type type; struct sbus_connection *conn; struct svc_spy *conn_spy; struct mt_ctx *mt_ctx; char *provider; char *command; char *name; char *identity; pid_t pid; int ping_time; int kill_time; bool svc_started; int restarts; time_t last_restart; int failed_pongs; DBusPendingCall *pending; int debug_level; struct tevent_timer *ping_ev; struct sss_child_ctx *child_ctx; struct tevent_timer *sigkill_ev; }; struct config_file_callback { int wd; int retries; monitor_reconf_fn fn; char *filename; time_t modified; struct config_file_callback *next; struct config_file_callback *prev; }; struct config_file_ctx { TALLOC_CTX *parent_ctx; struct tevent_timer *timer; bool needs_update; struct mt_ctx *mt_ctx; struct config_file_callback *callbacks; }; struct mt_ctx { struct tevent_context *ev; struct confdb_ctx *cdb; TALLOC_CTX *domain_ctx; /* Memory context for domain list */ struct sss_domain_info *domains; TALLOC_CTX *service_ctx; /* Memory context for services */ char **services; int num_services; int started_services; struct mt_svc *svc_list; struct sbus_connection *sbus_srv; struct config_file_ctx *file_ctx; int inotify_fd; int service_id_timeout; bool check_children; bool services_started; struct netlink_ctx *nlctx; const char *conf_path; struct sss_sigchild_ctx *sigchld_ctx; bool is_daemon; pid_t parent_pid; }; static int start_service(struct mt_svc *mt_svc); static int monitor_service_init(struct sbus_connection *conn, void *data); static int service_send_ping(struct mt_svc *svc); static int service_signal_reset_offline(struct mt_svc *svc); static void ping_check(DBusPendingCall *pending, void *data); static void set_tasks_checker(struct mt_svc *srv); static int monitor_kill_service (struct mt_svc *svc); static int get_service_config(struct mt_ctx *ctx, const char *name, struct mt_svc **svc_cfg); static int get_provider_config(struct mt_ctx *ctx, const char *name, struct mt_svc **svc_cfg); static int add_new_service(struct mt_ctx *ctx, const char *name, int restarts); static int add_new_provider(struct mt_ctx *ctx, const char *name, int restarts); static int mark_service_as_started(struct mt_svc *svc); static int monitor_cleanup(void); static void network_status_change_cb(void *cb_data) { struct mt_svc *iter; struct mt_ctx *ctx = (struct mt_ctx *) cb_data; DEBUG(SSSDBG_TRACE_INTERNAL, ("A networking status change detected " "signaling providers to reset offline status\n")); for (iter = ctx->svc_list; iter; iter = iter->next) { /* Don't signal services, only providers */ if (iter->provider) { service_signal_reset_offline(iter); } } } /* dbus_get_monitor_version * Return the monitor version over D-BUS */ static int get_monitor_version(DBusMessage *message, struct sbus_connection *conn) { dbus_uint16_t version = MONITOR_VERSION; DBusMessage *reply; dbus_bool_t ret; reply = dbus_message_new_method_return(message); if (!reply) return ENOMEM; ret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &version, DBUS_TYPE_INVALID); if (!ret) { dbus_message_unref(reply); return EIO; } /* send reply back */ sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); return EOK; } struct mon_init_conn { struct mt_ctx *ctx; struct sbus_connection *conn; struct tevent_timer *timeout; }; static int add_svc_conn_spy(struct mt_svc *svc); /* registers a new client. * if operation is successful also sends back the Monitor version */ static int client_registration(DBusMessage *message, struct sbus_connection *conn) { dbus_uint16_t version = MONITOR_VERSION; struct mon_init_conn *mini; struct mt_svc *svc; void *data; DBusMessage *reply; DBusError dbus_error; dbus_uint16_t svc_ver; char *svc_name; dbus_bool_t dbret; int ret; data = sbus_conn_get_private_data(conn); mini = talloc_get_type(data, struct mon_init_conn); if (!mini) { DEBUG(0, ("Connection holds no valid init data\n")); return EINVAL; } /* First thing, cancel the timeout */ talloc_zfree(mini->timeout); dbus_error_init(&dbus_error); dbret = dbus_message_get_args(message, &dbus_error, DBUS_TYPE_STRING, &svc_name, DBUS_TYPE_UINT16, &svc_ver, DBUS_TYPE_INVALID); if (!dbret) { DEBUG(1, ("Failed to parse message, killing connection\n")); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); sbus_disconnect(conn); /* FIXME: should we just talloc_zfree(conn) ? */ goto done; } DEBUG(4, ("Received ID registration: (%s,%d)\n", svc_name, svc_ver)); /* search this service in the list */ svc = mini->ctx->svc_list; while (svc) { ret = strcasecmp(svc->identity, svc_name); if (ret == 0) { break; } svc = svc->next; } if (!svc) { DEBUG(0, ("Unable to find peer [%s] in list of services," " killing connection!\n", svc_name)); sbus_disconnect(conn); /* FIXME: should we just talloc_zfree(conn) ? */ goto done; } /* Fill in svc structure with connection data */ svc->conn = mini->conn; ret = mark_service_as_started(svc); if (ret) { DEBUG(1, ("Failed to mark service [%s]!\n", svc_name)); goto done; } /* reply that all is ok */ reply = dbus_message_new_method_return(message); if (!reply) return ENOMEM; dbret = dbus_message_append_args(reply, DBUS_TYPE_UINT16, &version, DBUS_TYPE_INVALID); if (!dbret) { dbus_message_unref(reply); return EIO; } /* send reply back */ sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); done: /* init complete, get rid of temp init context */ talloc_zfree(mini); return EOK; } struct svc_spy { struct mt_svc *svc; }; static int svc_destructor(void *mem) { struct mt_svc *svc = talloc_get_type(mem, struct mt_svc); if (!svc) { /* ?!?!? */ return 0; } /* try to delist service */ if (svc->mt_ctx) { DLIST_REMOVE(svc->mt_ctx->svc_list, svc); } /* Cancel any pending pings */ if (svc->pending) { dbus_pending_call_cancel(svc->pending); } /* svc is beeing freed, neutralize the spy */ if (svc->conn_spy) { talloc_set_destructor((TALLOC_CTX *)svc->conn_spy, NULL); talloc_zfree(svc->conn_spy); } if (svc->type == MT_SVC_SERVICE && svc->svc_started && svc->mt_ctx != NULL && svc->mt_ctx->started_services > 0) { svc->mt_ctx->started_services--; } return 0; } static int svc_spy_destructor(void *mem) { struct svc_spy *spy = talloc_get_type(mem, struct svc_spy); if (!spy) { /* ?!?!? */ return 0; } /* svc->conn has been freed, NULL the pointer in svc */ spy->svc->conn_spy = NULL; spy->svc->conn = NULL; return 0; } static int add_svc_conn_spy(struct mt_svc *svc) { struct svc_spy *spy; spy = talloc(svc->conn, struct svc_spy); if (!spy) return ENOMEM; spy->svc = svc; talloc_set_destructor((TALLOC_CTX *)spy, svc_spy_destructor); svc->conn_spy = spy; return EOK; } static int mark_service_as_started(struct mt_svc *svc) { struct mt_ctx *ctx = svc->mt_ctx; struct mt_svc *iter; int ret; int i; DEBUG(5, ("Marking %s as started.\n", svc->name)); svc->svc_started = true; /* we need to attach a spy to the connection structure so that if some code * frees it we can zero it out in the service structure. Otherwise we may * try to access or even free, freed memory. */ ret = add_svc_conn_spy(svc); if (ret) { DEBUG(0, ("Failed to attch spy\n")); goto done; } if (!ctx->services_started) { /* check if all providers are up */ for (iter = ctx->svc_list; iter; iter = iter->next) { if (iter->provider && !iter->svc_started) { DEBUG(5, ("Still waiting on %s provider.\n", iter->name)); break; } } if (iter) { /* there are still unstarted providers */ goto done; } ctx->services_started = true; DEBUG(4, ("Now starting services!\n")); /* then start all services */ for (i = 0; ctx->services[i]; i++) { add_new_service(ctx, ctx->services[i], 0); } } if (svc->type == MT_SVC_SERVICE) { ctx->started_services++; } if (ctx->started_services == ctx->num_services) { /* Initialization is complete, terminate parent process if in daemon * mode. Make sure we send the signal to the right process */ if (ctx->is_daemon) { if (ctx->parent_pid <= 1 || ctx->parent_pid != getppid()) { /* the parent process was already terminated */ DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid parent pid: %d\n", ctx->parent_pid)); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("SSSD is initialized, " "terminating parent process\n")); errno = 0; ret = kill(ctx->parent_pid, SIGTERM); if (ret != 0) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to terminate parent " "process [%d]: %s\n", ret, strerror(ret))); } } } done: return ret; } static void services_startup_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { struct mt_ctx *ctx = talloc_get_type(ptr, struct mt_ctx); int i; DEBUG(6, ("Handling timeout\n")); if (!ctx->services_started) { DEBUG(1, ("Providers did not start in time, " "forcing services startup!\n")); ctx->services_started = true; DEBUG(4, ("Now starting services!\n")); /* then start all services */ for (i = 0; ctx->services[i]; i++) { add_new_service(ctx, ctx->services[i], 0); } } } static int add_services_startup_timeout(struct mt_ctx *ctx) { struct tevent_timer *to; struct timeval tv; /* 5 seconds should be plenty */ tv = tevent_timeval_current_ofs(5, 0); to = tevent_add_timer(ctx->ev, ctx, tv, services_startup_timeout, ctx); if (!to) { DEBUG(0,("Out of memory?!\n")); return ENOMEM; } return EOK; } struct sbus_method monitor_methods[] = { { MON_SRV_METHOD_VERSION, get_monitor_version }, { MON_SRV_METHOD_REGISTER, client_registration }, { NULL, NULL } }; struct sbus_interface monitor_server_interface = { MON_SRV_INTERFACE, MON_SRV_PATH, SBUS_DEFAULT_VTABLE, monitor_methods, NULL }; /* monitor_dbus_init * Set up the monitor service as a D-BUS Server */ static int monitor_dbus_init(struct mt_ctx *ctx) { char *monitor_address; int ret; ret = monitor_get_sbus_address(ctx, &monitor_address); if (ret != EOK) { return ret; } ret = sbus_new_server(ctx, ctx->ev, monitor_address, &monitor_server_interface, false, &ctx->sbus_srv, monitor_service_init, ctx); talloc_free(monitor_address); return ret; } static void tasks_check_handler(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { struct mt_svc *svc = talloc_get_type(ptr, struct mt_svc); int ret; ret = service_send_ping(svc); switch (ret) { case EOK: /* all fine */ break; case ENXIO: DEBUG(1,("Child (%s) not responding! (yet)\n", svc->name)); break; default: /* TODO: should we tear it down ? */ DEBUG(1,("Sending a message to service (%s) failed!!\n", svc->name)); break; } if (svc->failed_pongs >= 3) { /* too long since we last heard of this process */ DEBUG(SSSDBG_CRIT_FAILURE, ("Killing service [%s], not responding to pings!\n", svc->name)); /* Kill the service. The SIGCHLD handler will restart it */ monitor_kill_service(svc); return; } /* all fine, set up the task checker again */ set_tasks_checker(svc); } static void set_tasks_checker(struct mt_svc *svc) { struct tevent_timer *te = NULL; struct timeval tv; gettimeofday(&tv, NULL); tv.tv_sec += svc->ping_time; tv.tv_usec = 0; te = tevent_add_timer(svc->mt_ctx->ev, svc, tv, tasks_check_handler, svc); if (te == NULL) { DEBUG(0, ("failed to add event, monitor offline for [%s]!\n", svc->name)); /* FIXME: shutdown ? */ } svc->ping_ev = te; } static void mt_svc_sigkill(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr); static int monitor_kill_service (struct mt_svc *svc) { int ret; struct timeval tv; ret = kill(svc->pid, SIGTERM); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Sending signal to child (%s:%d) failed! " "Ignore and pretend child is dead.\n", svc->name, svc->pid)); talloc_free(svc); } /* Set up a timer to send SIGKILL if this process * doesn't exit within sixty seconds */ tv = tevent_timeval_current_ofs(svc->kill_time, 0); svc->sigkill_ev = tevent_add_timer(svc->mt_ctx->ev, svc, tv, mt_svc_sigkill, svc); return ret; } static void mt_svc_sigkill(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { int ret; struct mt_svc *svc = talloc_get_type(ptr, struct mt_svc); DEBUG(SSSDBG_FATAL_FAILURE, ("[%s][%d] is not responding to SIGTERM. Sending SIGKILL.\n", svc->name, svc->pid)); ret = kill(svc->pid, SIGKILL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Sending signal to child (%s:%d) failed! " "Ignore and pretend child is dead.\n", svc->name, svc->pid)); talloc_free(svc); } } static void reload_reply(DBusPendingCall *pending, void *data) { DBusMessage *reply; struct mt_svc *svc = talloc_get_type(data, struct mt_svc); reply = dbus_pending_call_steal_reply(pending); if (!reply) { /* reply should never be null. This function shouldn't be called * until reply is valid or timeout has occurred. If reply is NULL * here, something is seriously wrong and we should bail out. */ DEBUG(0, ("A reply callback was called but no reply was received" " and no timeout occurred\n")); /* Destroy this connection */ sbus_disconnect(svc->conn); dbus_pending_call_unref(pending); return; } /* TODO: Handle cases where the call has timed out or returned * with an error. */ dbus_pending_call_unref(pending); dbus_message_unref(reply); } static int service_signal_dns_reload(struct mt_svc *svc); static int monitor_update_resolv(struct config_file_ctx *file_ctx, const char *filename) { int ret; struct mt_svc *cur_svc; DEBUG(2, ("Resolv.conf has been updated. Reloading.\n")); ret = res_init(); if(ret != 0) { return EIO; } /* Signal all services to reload their DNS configuration */ for(cur_svc = file_ctx->mt_ctx->svc_list; cur_svc; cur_svc = cur_svc->next) { service_signal_dns_reload(cur_svc); } return EOK; } static int service_signal(struct mt_svc *svc, const char *svc_signal) { DBusMessage *msg; int ret; if (svc->provider && strcasecmp(svc->provider, "local") == 0) { /* The local provider requires no signaling */ return EOK; } if (!svc->conn) { /* Avoid a race condition where we are trying to * order a service to reload that hasn't started * yet. */ DEBUG(1,("Could not signal service [%s].\n", svc->name)); return EIO; } msg = dbus_message_new_method_call(NULL, MONITOR_PATH, MONITOR_INTERFACE, svc_signal); if (!msg) { DEBUG(0,("Out of memory?!\n")); monitor_kill_service(svc); talloc_free(svc); return ENOMEM; } ret = sbus_conn_send(svc->conn, msg, svc->mt_ctx->service_id_timeout, reload_reply, svc, NULL); dbus_message_unref(msg); return ret; } static int service_signal_dns_reload(struct mt_svc *svc) { return service_signal(svc, MON_CLI_METHOD_RES_INIT); } static int service_signal_offline(struct mt_svc *svc) { return service_signal(svc, MON_CLI_METHOD_OFFLINE); } static int service_signal_reset_offline(struct mt_svc *svc) { return service_signal(svc, MON_CLI_METHOD_RESET_OFFLINE); } static int service_signal_rotate(struct mt_svc *svc) { return service_signal(svc, MON_CLI_METHOD_ROTATE); } static int service_signal_clear_memcache(struct mt_svc *svc) { return service_signal(svc, MON_CLI_METHOD_CLEAR_MEMCACHE); } static int service_signal_clear_enum_cache(struct mt_svc *svc) { return service_signal(svc, MON_CLI_METHOD_CLEAR_ENUM_CACHE); } static int check_domain_ranges(struct sss_domain_info *domains) { struct sss_domain_info *dom = domains, *other = NULL; uint32_t id_min, id_max; while (dom) { other = get_next_domain(dom, false); if (dom->id_max && dom->id_min > dom->id_max) { DEBUG(SSSDBG_CRIT_FAILURE, ("Domain '%s' does not have a valid ID range\n", dom->name)); return EINVAL; } while (other) { id_min = MAX(dom->id_min, other->id_min); id_max = MIN((dom->id_max ? dom->id_max : UINT32_MAX), (other->id_max ? other->id_max : UINT32_MAX)); if (id_min <= id_max) { DEBUG(SSSDBG_MINOR_FAILURE, ("Domains '%s' and '%s' overlap in range %u - %u\n", dom->name, other->name, id_min, id_max)); } other = get_next_domain(other, false); } dom = get_next_domain(dom, false); } return EOK; } static int check_local_domain_unique(struct sss_domain_info *domains) { uint8_t count = 0; struct sss_domain_info *dom = domains; while (dom) { if (strcasecmp(dom->provider, "local") == 0) { count++; } if (count > 1) { break; } dom = get_next_domain(dom, false); } if (count > 1) { return EINVAL; } return EOK; } static errno_t add_implicit_services(struct confdb_ctx *cdb, TALLOC_CTX *mem_ctx, char ***_services) { int ret; char **domain_names; TALLOC_CTX *tmp_ctx; size_t c; char *conf_path; char *id_provider; bool add_pac = false; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } ret = confdb_get_string_as_list(cdb, tmp_ctx, CONFDB_MONITOR_CONF_ENTRY, CONFDB_MONITOR_ACTIVE_DOMAINS, &domain_names); if (ret == ENOENT) { DEBUG(SSSDBG_OP_FAILURE, ("No domains configured!\n")); goto done; } for (c = 0; domain_names[c] != NULL; c++) { conf_path = talloc_asprintf(tmp_ctx, CONFDB_DOMAIN_PATH_TMPL, domain_names[c]); if (conf_path == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n")); ret = ENOMEM; goto done; } ret = confdb_get_string(cdb, tmp_ctx, conf_path, CONFDB_DOMAIN_ID_PROVIDER, NULL, &id_provider); if (ret == EOK) { if (id_provider == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("id_provider is not set for " "domain [%s], trying next domain.\n", domain_names[c])); continue; } if (strcasecmp(id_provider, "IPA") == 0) { add_pac = true; } } else { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get id_provider for " \ "domain [%s], trying next domain.\n", domain_names[c])); } } if (BUILD_WITH_PAC_RESPONDER && add_pac && !string_in_list("pac", *_services, false)) { ret = add_string_to_list(mem_ctx, "pac", _services); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("add_string_to_list failed.\n")); goto done; } } ret = EOK; done: talloc_free(tmp_ctx); return ret; } static char *check_services(char **services) { const char *known_services[] = { "nss", "pam", "sudo", "autofs", "ssh", "pac", NULL }; int i; int ii; /* Check if services we are about to start are in the list if known */ for (i = 0; services[i]; i++) { for (ii=0; known_services[ii]; ii++) { if (strcasecmp(services[i], known_services[ii]) == 0) { break; } } if (known_services[ii] == NULL) { return services[i]; } } return NULL; } int get_monitor_config(struct mt_ctx *ctx) { int ret; int timeout_seconds; char *badsrv = NULL; int i; ret = confdb_get_int(ctx->cdb, CONFDB_MONITOR_CONF_ENTRY, CONFDB_MONITOR_SBUS_TIMEOUT, 10, &timeout_seconds); if (ret != EOK) { return ret; } ctx->service_id_timeout = timeout_seconds * 1000; /* service_id_timeout is in ms */ ctx->service_ctx = talloc_new(ctx); if(!ctx->service_ctx) { return ENOMEM; } ret = confdb_get_string_as_list(ctx->cdb, ctx->service_ctx, CONFDB_MONITOR_CONF_ENTRY, CONFDB_MONITOR_ACTIVE_SERVICES, &ctx->services); if (ret != EOK) { DEBUG(0, ("No services configured!\n")); return EINVAL; } ret = add_implicit_services(ctx->cdb, ctx->service_ctx, &ctx->services); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to add implicit configured " \ "services. Some functionality might " \ "be missing")); } badsrv = check_services(ctx->services); if (badsrv != NULL) { DEBUG(0, ("Invalid service %s\n", badsrv)); return EINVAL; } ctx->started_services = 0; ctx->num_services = 0; for (i = 0; ctx->services[i] != NULL; i++) { ctx->num_services++; } ctx->domain_ctx = talloc_new(ctx); if(!ctx->domain_ctx) { return ENOMEM; } ret = confdb_get_domains(ctx->cdb, &ctx->domains); if (ret != EOK) { DEBUG(0, ("No domains configured.\n")); return ret; } ret = check_local_domain_unique(ctx->domains); if (ret != EOK) { DEBUG(0, ("More than one local domain configured.\n")); return ret; } /* Check UID/GID overlaps */ ret = check_domain_ranges(ctx->domains); if (ret != EOK) { return ret; } return EOK; } static errno_t get_ping_config(struct mt_ctx *ctx, const char *path, struct mt_svc *svc) { errno_t ret; ret = confdb_get_int(ctx->cdb, path, CONFDB_DOMAIN_TIMEOUT, MONITOR_DEF_PING_TIME, &svc->ping_time); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to get ping timeout for '%s'\n", svc->name)); return ret; } /* 'timeout = 0' should be translated to the default */ if (svc->ping_time == 0) { svc->ping_time = MONITOR_DEF_PING_TIME; } DEBUG(SSSDBG_CONF_SETTINGS, ("Time between service pings for [%s]: [%d]\n", svc->name, svc->ping_time)); ret = confdb_get_int(ctx->cdb, path, CONFDB_SERVICE_FORCE_TIMEOUT, MONITOR_DEF_FORCE_TIME, &svc->kill_time); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to get kill timeout for %s\n", svc->name)); return ret; } /* 'force_timeout = 0' should be translated to the default */ if (svc->kill_time == 0) { svc->kill_time = MONITOR_DEF_FORCE_TIME; } DEBUG(SSSDBG_CONF_SETTINGS, ("Time between SIGTERM and SIGKILL for [%s]: [%d]\n", svc->name, svc->kill_time)); return EOK; } static int get_service_config(struct mt_ctx *ctx, const char *name, struct mt_svc **svc_cfg) { int ret; char *path; struct mt_svc *svc; time_t now = time(NULL); *svc_cfg = NULL; svc = talloc_zero(ctx, struct mt_svc); if (!svc) { return ENOMEM; } svc->mt_ctx = ctx; svc->type = MT_SVC_SERVICE; talloc_set_destructor((TALLOC_CTX *)svc, svc_destructor); svc->name = talloc_strdup(svc, name); if (!svc->name) { talloc_free(svc); return ENOMEM; } svc->identity = talloc_strdup(svc, name); if (!svc->identity) { talloc_free(svc); return ENOMEM; } path = talloc_asprintf(svc, CONFDB_SERVICE_PATH_TMPL, svc->name); if (!path) { talloc_free(svc); return ENOMEM; } ret = confdb_get_string(ctx->cdb, svc, path, CONFDB_SERVICE_COMMAND, NULL, &svc->command); if (ret != EOK) { DEBUG(0,("Failed to start service '%s'\n", svc->name)); talloc_free(svc); return ret; } if (!svc->command) { svc->command = talloc_asprintf( svc, "%s/sssd_%s", SSSD_LIBEXEC_PATH, svc->name ); if (!svc->command) { talloc_free(svc); return ENOMEM; } if (cmdline_debug_level != SSSDBG_UNRESOLVED) { svc->command = talloc_asprintf_append( svc->command, " -d %#.4x", cmdline_debug_level ); if (!svc->command) { talloc_free(svc); return ENOMEM; } } if (cmdline_debug_timestamps != SSSDBG_TIMESTAMP_UNRESOLVED) { svc->command = talloc_asprintf_append( svc->command, " --debug-timestamps=%d", cmdline_debug_timestamps ); if (!svc->command) { talloc_free(svc); return ENOMEM; } } if (cmdline_debug_microseconds != SSSDBG_MICROSECONDS_UNRESOLVED) { svc->command = talloc_asprintf_append( svc->command, " --debug-microseconds=%d", cmdline_debug_microseconds ); if (!svc->command) { talloc_free(svc); return ENOMEM; } } if (debug_to_file) { svc->command = talloc_strdup_append( svc->command, " --debug-to-files" ); if (!svc->command) { talloc_free(svc); return ENOMEM; } } } ret = get_ping_config(ctx, path, svc); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to get ping timeouts for %s\n", svc->name)); talloc_free(svc); return ret; } svc->last_restart = now; *svc_cfg = svc; talloc_free(path); return EOK; } static int add_new_service(struct mt_ctx *ctx, const char *name, int restarts) { int ret; struct mt_svc *svc; ret = get_service_config(ctx, name, &svc); if (ret != EOK) { return ret; } svc->restarts = restarts; ret = start_service(svc); if (ret != EOK) { DEBUG(0,("Failed to start service '%s'\n", svc->name)); talloc_free(svc); } return ret; } static int get_provider_config(struct mt_ctx *ctx, const char *name, struct mt_svc **svc_cfg) { int ret; char *path; struct mt_svc *svc; time_t now = time(NULL); *svc_cfg = NULL; svc = talloc_zero(ctx, struct mt_svc); if (!svc) { return ENOMEM; } svc->mt_ctx = ctx; svc->type = MT_SVC_PROVIDER; talloc_set_destructor((TALLOC_CTX *)svc, svc_destructor); svc->name = talloc_strdup(svc, name); if (!svc->name) { talloc_free(svc); return ENOMEM; } svc->identity = talloc_asprintf(svc, "%%BE_%s", svc->name); if (!svc->identity) { talloc_free(svc); return ENOMEM; } path = talloc_asprintf(svc, CONFDB_DOMAIN_PATH_TMPL, name); if (!path) { talloc_free(svc); return ENOMEM; } ret = confdb_get_string(ctx->cdb, svc, path, CONFDB_DOMAIN_ID_PROVIDER, NULL, &svc->provider); if (ret != EOK) { DEBUG(0, ("Failed to find ID provider from [%s] configuration\n", name)); talloc_free(svc); return ret; } ret = confdb_get_string(ctx->cdb, svc, path, CONFDB_DOMAIN_COMMAND, NULL, &svc->command); if (ret != EOK) { DEBUG(0, ("Failed to find command from [%s] configuration\n", name)); talloc_free(svc); return ret; } ret = get_ping_config(ctx, path, svc); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to get ping timeouts for %s\n", svc->name)); talloc_free(svc); return ret; } talloc_free(path); /* if no provider is present do not run the domain */ if (!svc->provider) { talloc_free(svc); return EIO; } /* if there are no custom commands, build a default one */ if (!svc->command) { svc->command = talloc_asprintf( svc, "%s/sssd_be --domain %s", SSSD_LIBEXEC_PATH, svc->name ); if (!svc->command) { talloc_free(svc); return ENOMEM; } if (cmdline_debug_level != SSSDBG_UNRESOLVED) { svc->command = talloc_asprintf_append( svc->command, " -d %#.4x", cmdline_debug_level ); if (!svc->command) { talloc_free(svc); return ENOMEM; } } if (cmdline_debug_timestamps != SSSDBG_TIMESTAMP_UNRESOLVED) { svc->command = talloc_asprintf_append( svc->command, " --debug-timestamps=%d", cmdline_debug_timestamps ); if (!svc->command) { talloc_free(svc); return ENOMEM; } } if (cmdline_debug_microseconds != SSSDBG_MICROSECONDS_UNRESOLVED) { svc->command = talloc_asprintf_append( svc->command, " --debug-microseconds=%d", cmdline_debug_microseconds ); if (!svc->command) { talloc_free(svc); return ENOMEM; } } if (debug_to_file) { svc->command = talloc_strdup_append( svc->command, " --debug-to-files" ); if (!svc->command) { talloc_free(svc); return ENOMEM; } } } svc->last_restart = now; *svc_cfg = svc; return EOK; } static int add_new_provider(struct mt_ctx *ctx, const char *name, int restarts) { int ret; struct mt_svc *svc; ret = get_provider_config(ctx, name, &svc); if (ret != EOK) { DEBUG(0, ("Could not get provider configuration for [%s]\n", name)); return ret; } svc->restarts = restarts; if (strcasecmp(svc->provider, "local") == 0) { /* The LOCAL provider requires no back-end currently * We'll add it to the service list, but we don't need * to poll it. */ svc->svc_started = true; DLIST_ADD(ctx->svc_list, svc); return ENOENT; } ret = start_service(svc); if (ret != EOK) { DEBUG(0,("Failed to start service '%s'\n", svc->name)); talloc_free(svc); } return ret; } static void monitor_hup(struct tevent_context *ev, struct tevent_signal *se, int signum, int count, void *siginfo, void *private_data) { struct mt_ctx *ctx = talloc_get_type(private_data, struct mt_ctx); struct mt_svc *cur_svc; DEBUG(1, ("Received SIGHUP.\n")); /* Send D-Bus message to other services to rotate their logs. * NSS service receives also message to clear memory caches. */ for(cur_svc = ctx->svc_list; cur_svc; cur_svc = cur_svc->next) { service_signal_rotate(cur_svc); if (!strcmp(NSS_SBUS_SERVICE_NAME, cur_svc->name)) { service_signal_clear_memcache(cur_svc); service_signal_clear_enum_cache(cur_svc); } if (!strcmp(SSS_AUTOFS_SBUS_SERVICE_NAME, cur_svc->name)) { service_signal_clear_enum_cache(cur_svc); } } } static int monitor_cleanup(void) { int ret; errno = 0; ret = unlink(SSSD_PIDFILE_PATH); if (ret == -1) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, ("Error removing pidfile! (%d [%s])\n", ret, strerror(ret))); return ret; } return EOK; } static void monitor_quit(struct mt_ctx *mt_ctx, int ret) { struct mt_svc *svc; pid_t pid; int status; errno_t error; int kret; bool killed; DEBUG(SSSDBG_IMPORTANT_INFO, ("Returned with: %d\n", ret)); /* Kill all of our known children manually */ DLIST_FOR_EACH(svc, mt_ctx->svc_list) { if (svc->pid == 0) { /* The local provider has no PID */ continue; } killed = false; DEBUG(1, ("Terminating [%s][%d]\n", svc->name, svc->pid)); do { errno = 0; kret = kill(svc->pid, SIGTERM); if (kret < 0) { error = errno; DEBUG(1, ("Couldn't kill [%s][%d]: [%s]\n", svc->name, svc->pid, strerror(error))); } error = 0; do { errno = 0; pid = waitpid(svc->pid, &status, WNOHANG); if (pid == -1) { /* An error occurred while waiting */ error = errno; if (error == ECHILD) { killed = true; } else if (error != EINTR) { DEBUG(0, ("[%d][%s] while waiting for [%s]\n", error, strerror(error), svc->name)); /* Forcibly kill this child */ kill(svc->pid, SIGKILL); break; } } else if (pid != 0) { error = 0; if (WIFEXITED(status)) { DEBUG(1, ("Child [%s] exited gracefully\n", svc->name)); } else if (WIFSIGNALED(status)) { DEBUG(1, ("Child [%s] terminated with a signal\n", svc->name)); } else { DEBUG(0, ("Child [%s] did not exit cleanly\n", svc->name)); /* Forcibly kill this child */ kill(svc->pid, SIGKILL); } killed = true; } } while (error == EINTR); if (!killed) { /* Sleep 10ms and try again */ usleep(10000); } } while (!killed); } #if HAVE_GETPGRP /* Kill any remaining children in our process group, just in case * we have any leftover children we don't expect. For example, if * a krb5_child or ldap_child is running at the same moment. */ error = 0; if (getpgrp() == getpid()) { kill(-getpgrp(), SIGTERM); do { errno = 0; pid = waitpid(0, &status, 0); if (pid == -1) { error = errno; } } while (error == EINTR || pid > 0); } #endif monitor_cleanup(); exit(ret); } static void monitor_quit_signal(struct tevent_context *ev, struct tevent_signal *se, int signum, int count, void *siginfo, void *private_data) { struct mt_ctx *mt_ctx = talloc_get_type(private_data, struct mt_ctx); DEBUG(SSSDBG_TRACE_INTERNAL, ("Received shutdown command\n")); DEBUG(SSSDBG_IMPORTANT_INFO, ("Monitor received %s: terminating " "children\n", strsignal(signum))); monitor_quit(mt_ctx, 0); } static void signal_res_init(struct mt_ctx *monitor) { struct mt_svc *cur_svc; int ret; DEBUG(SSSDBG_OP_FAILURE, ("Reloading Resolv.conf.\n")); ret = res_init(); if (ret == 0) { for(cur_svc = monitor->svc_list; cur_svc; cur_svc = cur_svc->next) { service_signal_dns_reload(cur_svc); } } } static void signal_offline(struct tevent_context *ev, struct tevent_signal *se, int signum, int count, void *siginfo, void *private_data) { struct mt_ctx *monitor; struct mt_svc *cur_svc; monitor = talloc_get_type(private_data, struct mt_ctx); DEBUG(SSSDBG_TRACE_INTERNAL, ("Signaling providers to go offline immediately.\n")); /* Signal all providers to immediately go offline */ for(cur_svc = monitor->svc_list; cur_svc; cur_svc = cur_svc->next) { /* Don't signal services, only providers */ if (cur_svc->provider) { service_signal_offline(cur_svc); } } } static void signal_offline_reset(struct tevent_context *ev, struct tevent_signal *se, int signum, int count, void *siginfo, void *private_data) { struct mt_ctx *monitor; struct mt_svc *cur_svc; monitor = talloc_get_type(private_data, struct mt_ctx); DEBUG(SSSDBG_TRACE_INTERNAL, ("Signaling providers to reset offline immediately.\n")); for(cur_svc = monitor->svc_list; cur_svc; cur_svc = cur_svc->next) { if (cur_svc->provider) { service_signal_reset_offline(cur_svc); } } signal_res_init(monitor); } static int monitor_ctx_destructor(void *mem) { struct mt_ctx *mon = talloc_get_type(mem, struct mt_ctx); struct mt_svc *svc; /* zero out references in svcs so that they don't try * to access the monitor context on process shutdown */ for (svc = mon->svc_list; svc; svc = svc->next) { svc->mt_ctx = NULL; } return 0; } static errno_t load_configuration(TALLOC_CTX *mem_ctx, const char *config_file, struct mt_ctx **monitor) { errno_t ret; struct mt_ctx *ctx; char *cdb_file = NULL; ctx = talloc_zero(mem_ctx, struct mt_ctx); if(!ctx) { return ENOMEM; } talloc_set_destructor((TALLOC_CTX *)ctx, monitor_ctx_destructor); cdb_file = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE); if (cdb_file == NULL) { DEBUG(0,("Out of memory, aborting!\n")); ret = ENOMEM; goto done; } ret = confdb_init(ctx, &ctx->cdb, cdb_file); if (ret != EOK) { DEBUG(0,("The confdb initialization failed\n")); goto done; } /* Initialize the CDB from the configuration file */ ret = confdb_test(ctx->cdb); if (ret == ENOENT) { /* First-time setup */ /* Purge any existing confdb in case an old * misconfiguration gets in the way */ talloc_zfree(ctx->cdb); unlink(cdb_file); ret = confdb_init(ctx, &ctx->cdb, cdb_file); if (ret != EOK) { DEBUG(0,("The confdb initialization failed\n")); goto done; } /* Load special entries */ ret = confdb_create_base(ctx->cdb); if (ret != EOK) { DEBUG(0, ("Unable to load special entries into confdb\n")); goto done; } } else if (ret != EOK) { DEBUG(0, ("Fatal error initializing confdb\n")); goto done; } talloc_zfree(cdb_file); ret = confdb_init_db(config_file, ctx->cdb); if (ret != EOK) { DEBUG(0, ("ConfDB initialization has failed [%s]\n", sss_strerror(ret))); goto done; } /* Validate the configuration in the database */ /* Read in the monitor's configuration */ ret = get_monitor_config(ctx); if (ret != EOK) { goto done; } *monitor = ctx; ret = EOK; done: if (ret != EOK) { talloc_free(ctx); } return ret; } errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx, struct mt_ctx *ctx, const char *file, monitor_reconf_fn fn, bool ignore_missing); #ifdef HAVE_INOTIFY static void process_config_file(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr); static void config_file_changed(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *data) { struct tevent_timer *te = NULL; struct timeval tv; struct config_file_ctx *file_ctx; file_ctx = talloc_get_type(data, struct config_file_ctx); if (file_ctx->needs_update) { /* Skip updating. It's already queued for update. */ return; } /* We will queue the file for update in one second. * This way, if there is a script writing to the file * repeatedly, we won't be attempting to update multiple * times. */ gettimeofday(&tv, NULL); tv.tv_sec += 1; te = tevent_add_timer(ev, ev, tv, process_config_file, file_ctx); if (!te) { DEBUG(0, ("Unable to queue config file update! Exiting.\n")); kill(getpid(), SIGTERM); return; } file_ctx->needs_update = 1; } struct rewatch_ctx { struct config_file_callback *cb; struct config_file_ctx *file_ctx; }; static void rewatch_config_file(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr); static void process_config_file(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { TALLOC_CTX *tmp_ctx; struct inotify_event *in_event; char *buf; char *name; ssize_t len; ssize_t event_size; struct config_file_ctx *file_ctx; struct config_file_callback *cb; struct rewatch_ctx *rw_ctx; errno_t ret; event_size = sizeof(struct inotify_event); file_ctx = talloc_get_type(ptr, struct config_file_ctx); DEBUG(1, ("Processing config file changes\n")); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return; buf = talloc_size(tmp_ctx, event_size); if (!buf) { goto done; } errno = 0; len = sss_atomic_read_s(file_ctx->mt_ctx->inotify_fd, buf, event_size); if (len == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Critical error reading inotify file descriptor [%d]: %s\n", ret, strerror(ret))); goto done; } in_event = (struct inotify_event *)buf; if (in_event->len > 0) { /* Read in the name, even though we don't use it, * so that read ptr is in the right place */ name = talloc_size(tmp_ctx, in_event->len); if (!name) { goto done; } errno = 0; len = sss_atomic_read_s(file_ctx->mt_ctx->inotify_fd, name, in_event->len); if (len == -1) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("Critical error reading inotify file descriptor [%d]: %s\n", ret, strerror(ret))); goto done; } } for (cb = file_ctx->callbacks; cb; cb = cb->next) { if (cb->wd == in_event->wd) { break; } } if (!cb) { DEBUG(0, ("Unknown watch descriptor\n")); goto done; } if (in_event->mask & IN_IGNORED) { /* Some text editors will move a new file on top of the * existing one instead of modifying it. In this case, * the kernel will send us an IN_IGNORE signal. * We will try to open a new watch descriptor on the * new file. */ struct timeval tv; struct tevent_timer *tev; tv.tv_sec = t.tv_sec+5; tv.tv_usec = t.tv_usec; DEBUG(5, ("Restoring inotify watch.\n")); cb->retries = 0; rw_ctx = talloc(file_ctx, struct rewatch_ctx); if(!rw_ctx) { DEBUG(0, ("Could not restore inotify watch. Quitting!\n")); close(file_ctx->mt_ctx->inotify_fd); kill(getpid(), SIGTERM); goto done; } rw_ctx->cb = cb; rw_ctx->file_ctx = file_ctx; tev = tevent_add_timer(ev, rw_ctx, tv, rewatch_config_file, rw_ctx); if (tev == NULL) { DEBUG(0, ("Could not restore inotify watch. Quitting!\n")); close(file_ctx->mt_ctx->inotify_fd); kill(getpid(), SIGTERM); } goto done; } /* Tell the monitor to signal the children */ cb->fn(file_ctx, cb->filename); file_ctx->needs_update = 0; done: talloc_free(tmp_ctx); } static void rewatch_config_file(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { int err; struct tevent_timer *tev = NULL; struct timeval tv; struct config_file_callback *cb; struct rewatch_ctx *rw_ctx; struct config_file_ctx *file_ctx; rw_ctx = talloc_get_type(ptr, struct rewatch_ctx); cb = rw_ctx->cb; file_ctx = rw_ctx->file_ctx; /* Retry six times at five-second intervals before giving up */ cb->retries++; if (cb->retries > 6) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not restore inotify watch. Switching to polling!\n")); close(file_ctx->mt_ctx->inotify_fd); err = monitor_config_file_fallback(file_ctx->parent_ctx, file_ctx->mt_ctx, cb->filename, cb->fn,true); if (err != EOK) kill(getpid(), SIGTERM); cb->fn(file_ctx, cb->filename); talloc_free(rw_ctx); /* A new callback was created in monitor_config_file_fallback()*/ DLIST_REMOVE(file_ctx->callbacks, cb); talloc_free(cb); return; } cb->wd = inotify_add_watch(file_ctx->mt_ctx->inotify_fd, cb->filename, IN_MODIFY); if (cb->wd < 0) { err = errno; tv.tv_sec = t.tv_sec+5; tv.tv_usec = t.tv_usec; DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add inotify watch for file [%s]. Error [%d:%s]\n", cb->filename, err, strerror(err))); tev = tevent_add_timer(ev, ev, tv, rewatch_config_file, rw_ctx); if (tev == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not restore inotify watch. Quitting!\n")); close(file_ctx->mt_ctx->inotify_fd); kill(getpid(), SIGTERM); } return; } cb->retries = 0; /* Tell the monitor to signal the children */ cb->fn(file_ctx, cb->filename); talloc_free(rw_ctx); file_ctx->needs_update = 0; } #endif /* HAVE_INOTIFY */ static void poll_config_file(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { int ret, err; struct stat file_stat; struct timeval tv; struct config_file_ctx *file_ctx; struct config_file_callback *cb; file_ctx = talloc_get_type(ptr,struct config_file_ctx); for (cb = file_ctx->callbacks; cb; cb = cb->next) { ret = stat(cb->filename, &file_stat); if (ret < 0) { err = errno; DEBUG(0, ("Could not stat file [%s]. Error [%d:%s]\n", cb->filename, err, strerror(err))); /* TODO: If the config file is missing, should we shut down? */ return; } if (file_stat.st_mtime != cb->modified) { /* Parse the configuration file and signal the children */ /* Note: this will fire if the modification time changes into the past * as well as the future. */ DEBUG(1, ("Config file changed\n")); cb->modified = file_stat.st_mtime; /* Tell the monitor to signal the children */ cb->fn(file_ctx, cb->filename); } } gettimeofday(&tv, NULL); tv.tv_sec += CONFIG_FILE_POLL_INTERVAL; tv.tv_usec = 0; file_ctx->timer = tevent_add_timer(ev, file_ctx->parent_ctx, tv, poll_config_file, file_ctx); if (!file_ctx->timer) { DEBUG(0, ("Error: Config file no longer monitored for changes!\n")); } } static int try_inotify(struct config_file_ctx *file_ctx, const char *filename, monitor_reconf_fn fn) { #ifdef HAVE_INOTIFY int err, fd_args, ret; struct tevent_fd *tfd; struct config_file_callback *cb; /* Monitoring the file descriptor should be global */ if (!file_ctx->mt_ctx->inotify_fd) { /* Set up inotify to monitor the config file for changes */ file_ctx->mt_ctx->inotify_fd = inotify_init(); if (file_ctx->mt_ctx->inotify_fd < 0) { err = errno; DEBUG(0, ("Could not initialize inotify, error [%d:%s]\n", err, strerror(err))); return err; } fd_args = fcntl(file_ctx->mt_ctx->inotify_fd, F_GETFL, NULL); if (fd_args < 0) { /* Could not set nonblocking */ close(file_ctx->mt_ctx->inotify_fd); return EINVAL; } fd_args |= O_NONBLOCK; ret = fcntl(file_ctx->mt_ctx->inotify_fd, F_SETFL, fd_args); if (ret < 0) { /* Could not set nonblocking */ close(file_ctx->mt_ctx->inotify_fd); return EINVAL; } /* Add the inotify file descriptor to the TEvent context */ tfd = tevent_add_fd(file_ctx->mt_ctx->ev, file_ctx, file_ctx->mt_ctx->inotify_fd, TEVENT_FD_READ, config_file_changed, file_ctx); if (!tfd) { close(file_ctx->mt_ctx->inotify_fd); return EIO; } } cb = talloc_zero(file_ctx, struct config_file_callback); if(!cb) { close(file_ctx->mt_ctx->inotify_fd); return EIO; } cb->filename = talloc_strdup(cb, filename); if (!cb->filename) { close(file_ctx->mt_ctx->inotify_fd); return ENOMEM; } cb->wd = inotify_add_watch(file_ctx->mt_ctx->inotify_fd, cb->filename, IN_MODIFY); if (cb->wd < 0) { err = errno; DEBUG(0, ("Could not add inotify watch for file [%s]. Error [%d:%s]\n", cb->filename, err, strerror(err))); close(file_ctx->mt_ctx->inotify_fd); return err; } cb->fn = fn; DLIST_ADD(file_ctx->callbacks, cb); return EOK; #else return EINVAL; #endif /* HAVE_INOTIFY */ } static int monitor_config_file(TALLOC_CTX *mem_ctx, struct mt_ctx *ctx, const char *file, monitor_reconf_fn fn, bool ignore_missing) { int ret, err; bool use_inotify; struct stat file_stat; ret = stat(file, &file_stat); if (ret < 0) { err = errno; if (err == ENOENT && ignore_missing) { DEBUG(SSSDBG_MINOR_FAILURE, ("file [%s] is missing. Will not update online status " "based on watching the file\n", file)); return EOK; } else { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not stat file [%s]. Error [%d:%s]\n", file, err, strerror(err))); return err; } } if (!ctx->file_ctx) { ctx->file_ctx = talloc_zero(mem_ctx, struct config_file_ctx); if (!ctx->file_ctx) return ENOMEM; ctx->file_ctx->parent_ctx = mem_ctx; ctx->file_ctx->mt_ctx = ctx; } ret = confdb_get_bool(ctx->cdb, CONFDB_MONITOR_CONF_ENTRY, CONFDB_MONITOR_TRY_INOTIFY, true, &use_inotify); if (ret != EOK) { talloc_free(ctx->file_ctx); return ret; } if (use_inotify) { ret = try_inotify(ctx->file_ctx, file, fn); if (ret != EOK) { use_inotify = false; } } if (!use_inotify) { /* Could not monitor file with inotify, fall back to polling */ ret = monitor_config_file_fallback(mem_ctx, ctx, file, fn, true); } return ret; } errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx, struct mt_ctx *ctx, const char *file, monitor_reconf_fn fn, bool ignore_missing) { struct config_file_callback *cb = NULL; struct stat file_stat; int ret, err; struct timeval tv; ret = stat(file, &file_stat); if (ret < 0) { err = errno; if (err == ENOENT && ignore_missing) { DEBUG(SSSDBG_MINOR_FAILURE, ("file [%s] is missing. Will not update online status " "based on watching the file\n", file)); return EOK; } else { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not stat file [%s]. Error [%d:%s]\n", file, err, strerror(err))); return err; } } cb = talloc_zero(ctx->file_ctx, struct config_file_callback); if (!cb) { talloc_free(ctx->file_ctx); return ENOMEM; } cb->filename = talloc_strdup(cb, file); if (!cb->filename) { talloc_free(ctx->file_ctx); return ENOMEM; } cb->fn = fn; cb->modified = file_stat.st_mtime; DLIST_ADD(ctx->file_ctx->callbacks, cb); if(!ctx->file_ctx->timer) { gettimeofday(&tv, NULL); tv.tv_sec += CONFIG_FILE_POLL_INTERVAL; tv.tv_usec = 0; ctx->file_ctx->timer = tevent_add_timer(ctx->ev, mem_ctx, tv, poll_config_file, ctx->file_ctx); if (!ctx->file_ctx->timer) { talloc_free(ctx->file_ctx); return EIO; } } return EOK; } int monitor_process_init(struct mt_ctx *ctx, const char *config_file) { TALLOC_CTX *tmp_ctx; struct tevent_signal *tes; struct sss_domain_info *dom; char *rcachedir; int num_providers; int ret; int error; /* Set up the environment variable for the Kerberos Replay Cache */ ret = confdb_get_string(ctx->cdb, ctx, CONFDB_MONITOR_CONF_ENTRY, CONFDB_MONITOR_KRB5_RCACHEDIR, KRB5_RCACHE_DIR, &rcachedir); if (ret != EOK) { return ret; } if (strcmp(rcachedir, KRB5_RCACHE_DIR_DISABLE) != 0) { errno = 0; ret = setenv("KRB5RCACHEDIR", rcachedir, 1); if (ret < 0) { error = errno; DEBUG(1, ("Unable to set KRB5RCACHEDIR: %s." "Will attempt to use libkrb5 defaults\n", strerror(error))); } talloc_zfree(rcachedir); } /* Set up an event handler for a SIGHUP */ tes = tevent_add_signal(ctx->ev, ctx, SIGHUP, 0, monitor_hup, ctx); if (tes == NULL) { return EIO; } /* Set up an event handler for a SIGINT */ BlockSignals(false, SIGINT); tes = tevent_add_signal(ctx->ev, ctx, SIGINT, 0, monitor_quit_signal, ctx); if (tes == NULL) { return EIO; } /* Set up an event handler for a SIGTERM */ tes = tevent_add_signal(ctx->ev, ctx, SIGTERM, 0, monitor_quit_signal, ctx); if (tes == NULL) { return EIO; } /* Handle SIGUSR1 (tell all providers to go offline) */ BlockSignals(false, SIGUSR1); tes = tevent_add_signal(ctx->ev, ctx, SIGUSR1, 0, signal_offline, ctx); if (tes == NULL) { return EIO; } /* Handle SIGUSR2 (tell all providers to go reset offline) */ BlockSignals(false, SIGUSR2); tes = tevent_add_signal(ctx->ev, ctx, SIGUSR2, 0, signal_offline_reset, ctx); if (tes == NULL) { return EIO; } /* Set up the SIGCHLD handler */ ret = sss_sigchld_init(ctx, ctx->ev, &ctx->sigchld_ctx); if (ret != EOK) return ret; #if 0 This feature is incomplete and can leave the SSSD in a bad state if the config file is changed while the SSSD is running. Uncomment this once the backends are honoring reloadConfig() /* Watch for changes to the confdb config file */ ret = monitor_config_file(ctx, ctx, config_file, monitor_signal_reconf, true); if (ret != EOK) { return ret; } #endif /* Watch for changes to the DNS resolv.conf */ ret = monitor_config_file(ctx, ctx, RESOLV_CONF_PATH, monitor_update_resolv,true); if (ret != EOK) { return ret; } /* Avoid a startup race condition between process. * We need to handle DB upgrades or DB creation only * in one process before all other start. */ tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = sysdb_init(tmp_ctx, ctx->domains, true); if (ret != EOK) { SYSDB_VERSION_ERROR_DAEMON(ret); return ret; } talloc_zfree(tmp_ctx); /* Initialize D-BUS Server * The monitor will act as a D-BUS server for all * SSSD processes */ ret = monitor_dbus_init(ctx); if (ret != EOK) { return ret; } ret = setup_netlink(ctx, ctx->ev, network_status_change_cb, ctx, &ctx->nlctx); if (ret != EOK) { DEBUG(2, ("Cannot set up listening for network notifications\n")); return ret; } /* start providers */ num_providers = 0; for (dom = ctx->domains; dom; dom = get_next_domain(dom, false)) { ret = add_new_provider(ctx, dom->name, 0); if (ret != EOK && ret != ENOENT) { return ret; } if (ret != ENOENT) { num_providers++; } } if (num_providers > 0) { /* now set the services stratup timeout * * (responders will be started automatically when all * providers are up and running or when the tomeout * expires) */ ret = add_services_startup_timeout(ctx); if (ret != EOK) { return ret; } } else { int i; ctx->services_started = true; /* No providers start services immediately * Normally this means only LOCAL is configured */ for (i = 0; ctx->services[i]; i++) { add_new_service(ctx, ctx->services[i], 0); } } return EOK; } static void init_timeout(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { struct mon_init_conn *mini; DEBUG(2, ("Client timed out before Identification!\n")); mini = talloc_get_type(ptr, struct mon_init_conn); sbus_disconnect(mini->conn); talloc_zfree(mini); } /* * monitor_service_init * Set up a timeout function and temporary connection structure. * If the client does not identify before the timeout kicks in, * the client is forcibly disconnected. */ static int monitor_service_init(struct sbus_connection *conn, void *data) { struct mt_ctx *ctx; struct mon_init_conn *mini; struct timeval tv; DEBUG(SSSDBG_TRACE_FUNC, ("Initializing D-BUS Service\n")); ctx = talloc_get_type(data, struct mt_ctx); mini = talloc(conn, struct mon_init_conn); if (!mini) { DEBUG(0,("Out of memory?!\n")); talloc_zfree(conn); return ENOMEM; } mini->ctx = ctx; mini->conn = conn; /* 10 seconds should be plenty */ tv = tevent_timeval_current_ofs(10, 0); mini->timeout = tevent_add_timer(ctx->ev, mini, tv, init_timeout, mini); if (!mini->timeout) { DEBUG(0,("Out of memory?!\n")); talloc_zfree(conn); return ENOMEM; } sbus_conn_set_private_data(conn, mini); return EOK; } /* service_send_ping * this function send a dbus ping to a service. * It returns EOK if all is fine or ENXIO if the connection is * not available (either not yet set up or teared down). * Returns e generic error in other cases. */ static int service_send_ping(struct mt_svc *svc) { DBusMessage *msg; int ret; if (!svc->conn) { DEBUG(8, ("Service not yet initialized\n")); return ENXIO; } DEBUG(4,("Pinging %s\n", svc->name)); /* * Set up identity request * This should be a well-known path and method * for all services */ msg = dbus_message_new_method_call(NULL, MONITOR_PATH, MONITOR_INTERFACE, MON_CLI_METHOD_PING); if (!msg) { DEBUG(0,("Out of memory?!\n")); talloc_zfree(svc->conn); return ENOMEM; } ret = sbus_conn_send(svc->conn, msg, svc->ping_time * 1000, /* milliseconds */ ping_check, svc, &svc->pending); dbus_message_unref(msg); return ret; } static void ping_check(DBusPendingCall *pending, void *data) { struct mt_svc *svc; DBusMessage *reply; const char *dbus_error_name; size_t len; int type; svc = talloc_get_type(data, struct mt_svc); if (!svc) { /* The connection probably went down before the callback fired. * Not much we can do. */ DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid service pointer.\n")); return; } svc->pending = NULL; reply = dbus_pending_call_steal_reply(pending); if (!reply) { /* reply should never be null. This function shouldn't be called * until reply is valid or timeout has occurred. If reply is NULL * here, something is seriously wrong and we should bail out. */ DEBUG(0, ("A reply callback was called but no reply was received" " and no timeout occurred\n")); /* Destroy this connection */ sbus_disconnect(svc->conn); goto done; } type = dbus_message_get_type(reply); switch (type) { case DBUS_MESSAGE_TYPE_METHOD_RETURN: /* ok peer replied, * make sure we reset the failure counter in the service structure */ DEBUG(4,("Service %s replied to ping\n", svc->name)); svc->failed_pongs = 0; break; case DBUS_MESSAGE_TYPE_ERROR: dbus_error_name = dbus_message_get_error_name(reply); if (!dbus_error_name) { dbus_error_name = "<UNKNOWN>"; } len = strlen(DBUS_ERROR_NO_REPLY); /* Increase failed pong count */ if (strnlen(dbus_error_name, len + 1) == len && strncmp(dbus_error_name, DBUS_ERROR_NO_REPLY, len) == 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("A service PING timed out on [%s]. " "Attempt [%d]\n", svc->name, svc->failed_pongs)); svc->failed_pongs++; break; } DEBUG(SSSDBG_FATAL_FAILURE, ("A service PING returned an error [%s], closing connection.\n", dbus_error_name)); /* Falling through to default intentionally*/ default: /* * Timeout or other error occurred or something * unexpected happened. * It doesn't matter which, because either way we * know that this connection isn't trustworthy. * We'll destroy it now. */ sbus_disconnect(svc->conn); } done: dbus_pending_call_unref(pending); dbus_message_unref(reply); } static void service_startup_handler(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr); static int start_service(struct mt_svc *svc) { struct tevent_timer *te; struct timeval tv; DEBUG(4,("Queueing service %s for startup\n", svc->name)); tv = tevent_timeval_current(); /* Add a timed event to start up the service. * We have to do this in order to avoid a race * condition where the service being started forks * and attempts to connect to the SBUS before * the monitor is serving it. */ te = tevent_add_timer(svc->mt_ctx->ev, svc, tv, service_startup_handler, svc); if (te == NULL) { DEBUG(0, ("Unable to queue service %s for startup\n", svc->name)); return ENOMEM; } return EOK; } static void mt_svc_exit_handler(int pid, int wait_status, void *pvt); static void service_startup_handler(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { errno_t ret; struct mt_svc *mt_svc; char **args; mt_svc = talloc_get_type(ptr, struct mt_svc); if (mt_svc == NULL) { return; } mt_svc->pid = fork(); if (mt_svc->pid != 0) { if (mt_svc->pid == -1) { DEBUG(0, ("Could not fork child to start service [%s]. " "Continuing.\n", mt_svc->name)); return; } /* Parent */ mt_svc->mt_ctx->check_children = true; mt_svc->failed_pongs = 0; /* Handle process exit */ ret = sss_child_register(mt_svc, mt_svc->mt_ctx->sigchld_ctx, mt_svc->pid, mt_svc_exit_handler, mt_svc, &mt_svc->child_ctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not register sigchld handler.\n")); /* Should we exit here? For now, we'll hope this * child never dies, because we can't restart it. */ } DLIST_ADD(mt_svc->mt_ctx->svc_list, mt_svc); set_tasks_checker(mt_svc); return; } /* child */ args = parse_args(mt_svc->command); execvp(args[0], args); /* If we are here, exec() has failed * Print errno and abort quickly */ DEBUG(0,("Could not exec %s, reason: %s\n", mt_svc->command, strerror(errno))); /* We have to call _exit() instead of exit() here * because a bug in D-BUS will cause the server to * close its socket at exit() */ _exit(1); } static void mt_svc_restart(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) { struct mt_svc *svc; svc = talloc_get_type(ptr, struct mt_svc); if (svc == NULL) { return; } DEBUG(SSSDBG_TRACE_FUNC, ("Scheduling service %s for restart %d\n", svc->name, svc->restarts+1)); if (svc->type == MT_SVC_SERVICE) { add_new_service(svc->mt_ctx, svc->name, svc->restarts + 1); } else if (svc->type == MT_SVC_PROVIDER) { add_new_provider(svc->mt_ctx, svc->name, svc->restarts + 1); } else { /* Invalid type? */ DEBUG(SSSDBG_CRIT_FAILURE, ("BUG: Invalid child process type [%d]\n", svc->type)); } /* Free the old service (which will also remove it * from the child list) */ talloc_free(svc); } static void mt_svc_exit_handler(int pid, int wait_status, void *pvt) { struct mt_svc *svc = talloc_get_type(pvt, struct mt_svc); struct mt_ctx *mt_ctx = svc->mt_ctx; time_t now = time(NULL); struct tevent_timer *te; struct timeval tv; int restart_delay; if (WIFEXITED(wait_status)) { DEBUG(SSSDBG_OP_FAILURE, ("Child [%s] exited with code [%d]\n", svc->name, WEXITSTATUS(wait_status))); } else if (WIFSIGNALED(wait_status)) { DEBUG(SSSDBG_OP_FAILURE, ("Child [%s] terminated with signal [%d]\n", svc->name, WTERMSIG(wait_status))); } else { DEBUG(0, ("Child [%s] did not exit cleanly\n", svc->name)); /* Forcibly kill this child, just in case */ kill(svc->pid, SIGKILL); /* Return and let us get caught by another * call to the SIGCHLD handler */ return; } if ((now - svc->last_restart) > MONITOR_RESTART_CNT_INTERVAL_RESET) { svc->restarts = 0; } /* Restart the service */ if (svc->restarts > MONITOR_MAX_SVC_RESTARTS) { DEBUG(SSSDBG_FATAL_FAILURE, ("Process [%s], definitely stopped!\n", svc->name)); talloc_free(svc); /* exit with error */ monitor_quit(mt_ctx, 1); return; } /* restarts are schedule after 0, 2, 4 seconds */ restart_delay = svc->restarts << 1; if (restart_delay > MONITOR_MAX_RESTART_DELAY) { restart_delay = MONITOR_MAX_RESTART_DELAY; } tv = tevent_timeval_current_ofs(restart_delay, 0); te = tevent_add_timer(svc->mt_ctx->ev, svc, tv, mt_svc_restart, svc); if (!te) { /* Nothing much we can do */ DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory?!\n")); return; } } int main(int argc, const char *argv[]) { int opt; poptContext pc; int opt_daemon = 0; int opt_interactive = 0; int opt_version = 0; char *opt_config_file = NULL; char *config_file = NULL; int flags = 0; struct main_context *main_ctx; TALLOC_CTX *tmp_ctx; struct mt_ctx *monitor; int ret; uid_t uid; struct poptOption long_options[] = { POPT_AUTOHELP SSSD_MAIN_OPTS {"daemon", 'D', POPT_ARG_NONE, &opt_daemon, 0, \ _("Become a daemon (default)"), NULL }, \ {"interactive", 'i', POPT_ARG_NONE, &opt_interactive, 0, \ _("Run interactive (not a daemon)"), NULL}, \ {"config", 'c', POPT_ARG_STRING, &opt_config_file, 0, \ _("Specify a non-default config file"), NULL}, \ {"version", '\0', POPT_ARG_NONE, &opt_version, 0, \ _("Print version number and exit"), NULL }, \ POPT_TABLEEND }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { switch(opt) { default: fprintf(stderr, "\nInvalid option %s: %s\n\n", poptBadOption(pc, 0), poptStrerror(opt)); poptPrintUsage(pc, stderr, 0); return 1; } } DEBUG_INIT(debug_level); if (opt_version) { puts(VERSION""DISTRO_VERSION""PRERELEASE_VERSION); return EXIT_SUCCESS; } /* If the level or timestamps was passed at the command-line, we want * to save it and pass it to the children later. */ cmdline_debug_level = debug_level; cmdline_debug_timestamps = debug_timestamps; cmdline_debug_microseconds = debug_microseconds; if (opt_daemon && opt_interactive) { fprintf(stderr, "Option -i|--interactive is not allowed together with -D|--daemon\n"); poptPrintUsage(pc, stderr, 0); return 1; } if (!opt_daemon && !opt_interactive) { opt_daemon = 1; } poptFreeContext(pc); uid = getuid(); if (uid != 0) { DEBUG(SSSDBG_FATAL_FAILURE, ("Running under %"SPRIuid", must be root\n", uid)); sss_log(SSS_LOG_ALERT, "sssd must be run as root"); return 8; } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return 7; } if (opt_daemon) flags |= FLAGS_DAEMON; if (opt_interactive) flags |= FLAGS_INTERACTIVE; if (opt_config_file) { config_file = talloc_strdup(tmp_ctx, opt_config_file); } else { config_file = talloc_strdup(tmp_ctx, CONFDB_DEFAULT_CONFIG_FILE); } if (!config_file) { return 6; } /* we want a pid file check */ flags |= FLAGS_PID_FILE; /* Open before server_setup() does to have logging * during configuration checking */ if (debug_to_file) { ret = open_debug_file(); if (ret) { return 7; } } #ifdef USE_KEYRING /* Do this before all the forks, it sets the session key ring so all * keys are private to the daemon and cannot be read by any other process * tree */ /* make a new session */ ret = keyctl_join_session_keyring(NULL); if (ret == -1) { sss_log(SSS_LOG_ALERT, "Could not create private keyring session. " "If you store password there they may be easily accessible " "to the root user. (%d, %s)", errno, strerror(errno)); } ret = keyctl_setperm(KEY_SPEC_SESSION_KEYRING, KEY_POS_ALL); if (ret == -1) { sss_log(SSS_LOG_ALERT, "Could not set permissions on private keyring. " "If you store password there they may be easily accessible " "to the root user. (%d, %s)", errno, strerror(errno)); } #endif /* Warn if nscd seems to be running */ ret = check_file(NSCD_SOCKET_PATH, -1, -1, -1, CHECK_SOCK, NULL, false); if (ret == EOK) { ret = sss_nscd_parse_conf(NSCD_CONF_PATH); switch (ret) { case ENOENT: sss_log(SSS_LOG_NOTICE, "NSCD socket was detected. NSCD caching capabilities " "may conflict with SSSD for users and groups. It is " "recommended not to run NSCD in parallel with SSSD, " "unless NSCD is configured not to cache the passwd, " "group, netgroup and services nsswitch maps."); break; case EEXIST: sss_log(SSS_LOG_NOTICE, "NSCD socket was detected and seems to be configured " "to cache some of the databases controlled by " "SSSD [passwd,group,netgroup,services]. It is " "recommended not to run NSCD in parallel with SSSD, " "unless NSCD is configured not to cache these."); break; case EOK: DEBUG(SSSDBG_TRACE_FUNC, ("NSCD socket was detected and it " "seems to be configured not to interfere with " "SSSD's caching capabilities\n")); } } /* Parse config file, fail if cannot be done */ ret = load_configuration(tmp_ctx, config_file, &monitor); if (ret != EOK) { switch (ret) { case ERR_MISSING_CONF: DEBUG(SSSDBG_CRIT_FAILURE, ("Configuration file: %s does not exist.\n", config_file)); sss_log(SSS_LOG_ALERT, "Configuration file: %s does not exist.\n", config_file); break; case EPERM: case EACCES: DEBUG(SSSDBG_CRIT_FAILURE, (CONF_FILE_PERM_ERROR_MSG, config_file)); sss_log(SSS_LOG_ALERT, CONF_FILE_PERM_ERROR_MSG, config_file); break; default: DEBUG(SSSDBG_CRIT_FAILURE, ("SSSD couldn't load the configuration database.\n")); sss_log(SSS_LOG_ALERT, "SSSD couldn't load the configuration database [%d]: %s.\n", ret, strerror(ret)); break; } return 4; } /* set up things like debug , signals, daemonization, etc... */ monitor->conf_path = CONFDB_MONITOR_CONF_ENTRY; ret = server_setup(MONITOR_NAME, flags, monitor->conf_path, &main_ctx); if (ret != EOK) return 2; monitor->is_daemon = !opt_interactive; monitor->parent_pid = main_ctx->parent_pid; monitor->ev = main_ctx->event_ctx; talloc_steal(main_ctx, monitor); ret = monitor_process_init(monitor, config_file); if (ret != EOK) return 3; talloc_free(tmp_ctx); /* loop on main */ server_loop(main_ctx); ret = monitor_cleanup(); if (ret != EOK) return 5; return 0; } �������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/monitor/PaxHeaders.13173/monitor_interfaces.h���������������������������������������0000644�0000000�0000000�00000000073�12320753107�022073� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.262891434 29 ctime=1396954961.43887511 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/monitor/monitor_interfaces.h��������������������������������������������������������0000664�0024127�0024127�00000005073�12320753107�022323� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD Sbus Interfaces Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "sbus/sssd_dbus.h" /*** Monitor ***/ #define MONITOR_VERSION 0x0001 /*** Monitor SRV Interface ***/ #define MON_SRV_PATH "/org/freedesktop/sssd/monitor" #define MON_SRV_INTERFACE "org.freedesktop.sssd.monitor" /* Monitor SRV Methods */ #define MON_SRV_METHOD_VERSION "getVersion" #define MON_SRV_METHOD_REGISTER "RegisterService" /*** Monitor CLI Interface ***/ #define MONITOR_PATH "/org/freedesktop/sssd/service" #define MONITOR_INTERFACE "org.freedesktop.sssd.service" /* Monitor CLI Methods */ #define MON_CLI_METHOD_IDENTITY "getIdentity" #define MON_CLI_METHOD_PING "ping" #define MON_CLI_METHOD_SHUTDOWN "shutDown" #define MON_CLI_METHOD_RES_INIT "resInit" #define MON_CLI_METHOD_OFFLINE "goOffline" /* Applicable only to providers */ #define MON_CLI_METHOD_RESET_OFFLINE "resetOffline" /* Applicable only to providers */ #define MON_CLI_METHOD_ROTATE "rotateLogs" #define MON_CLI_METHOD_CLEAR_MEMCACHE "clearMemcache" #define MON_CLI_METHOD_CLEAR_ENUM_CACHE "clearEnumCache" #define SSSD_SERVICE_PIPE "private/sbus-monitor" int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, char **address); int monitor_common_send_id(struct sbus_connection *conn, const char *name, uint16_t version); int monitor_common_pong(DBusMessage *message, struct sbus_connection *conn); int monitor_common_res_init(DBusMessage *message, struct sbus_connection *conn); int monitor_common_rotate_logs(struct confdb_ctx *confdb, const char *conf_entry); errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sbus_interface *intf, const char *svc_name, uint16_t svc_version, void *pvt, struct sbus_connection **mon_conn); ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/monitor/PaxHeaders.13173/monitor_netlink.c������������������������������������������0000644�0000000�0000000�00000000074�12320753107�021410� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.262891434 30 ctime=1396954961.757874875 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/monitor/monitor_netlink.c�����������������������������������������������������������0000664�0024127�0024127�00000053774�12320753107�021652� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD - Service monitor - netlink support Authors: Jakub Hrozek <jhrozek@redhat.com> Parts of this code were borrowed from NetworkManager Copyright (C) 2010 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <talloc.h> #include <tevent.h> #include <sys/types.h> #include <sys/ioctl.h> #define __USE_GNU /* needed for struct ucred */ #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <unistd.h> #include <fcntl.h> #include "monitor/monitor.h" #include "util/util.h" #ifdef HAVE_LIBNL #include <linux/if.h> #include <linux/socket.h> #include <linux/rtnetlink.h> #include <linux/wireless.h> #include <netlink/netlink.h> #include <netlink/utils.h> #include <netlink/route/addr.h> #include <netlink/route/link.h> #include <netlink/route/rtnl.h> #include <netlink/route/route.h> #include <netlink/handlers.h> #include <netlink/socket.h> #endif /* Linux header file confusion causes this to be undefined. */ #ifndef SOL_NETLINK #define SOL_NETLINK 270 #endif #define SYSFS_IFACE_TEMPLATE "/sys/class/net/%s" #define SYSFS_IFACE_PATH_MAX (16+IFNAMSIZ) #define PHY_80211_SUBDIR "phy80211" /* 9 = strlen(PHY_80211_SUBDIR)+1, 1 = path delimeter */ #define SYSFS_SUBDIR_PATH_MAX (SYSFS_IFACE_PATH_MAX+9+1) #define TYPE_FILE "type" /* 5 = strlen(TYPE_FILE)+1, 1 = path delimeter */ #define SYSFS_TYPE_PATH_MAX (SYSFS_IFACE_PATH_MAX+5+1) #define BUFSIZE 8 #ifdef HAVE_LIBNL /* Wrappers determining use of libnl version 1 or 3 */ #ifdef HAVE_LIBNL3 #define nlw_destroy_handle nl_socket_free #define nlw_alloc nl_socket_alloc #define nlw_disable_seq_check nl_socket_disable_seq_check #define nlw_geterror(error) nl_geterror(error) #define nlw_handle nl_sock #elif HAVE_LIBNL1 #define nlw_destroy_handle nl_handle_destroy #define nlw_alloc nl_handle_alloc #define nlw_disable_seq_check nl_disable_sequence_check #define nlw_geterror(error) nl_geterror() #define nlw_handle nl_handle #endif /* HAVE_LIBNL3 */ #endif /* HAVE_LIBNL */ enum nlw_msg_type { NLW_LINK, NLW_ROUTE, NLW_ADDR, NLW_OTHER }; struct netlink_ctx { #ifdef HAVE_LIBNL struct nlw_handle *nlp; #endif struct tevent_fd *tefd; network_change_cb change_cb; void *cb_data; }; #ifdef HAVE_LIBNL static int netlink_ctx_destructor(void *ptr) { struct netlink_ctx *nlctx; nlctx = talloc_get_type(ptr, struct netlink_ctx); nlw_destroy_handle(nlctx->nlp); return 0; } /******************************************************************* * Utility functions *******************************************************************/ /* rtnl_route_get_oif removed from libnl3 */ int rtnlw_route_get_oif(struct rtnl_route * route) { #ifndef HAVE_RTNL_ROUTE_GET_OIF struct rtnl_nexthop * nh; int hops; hops = rtnl_route_get_nnexthops(route); if (hops <= 0) { return 0; } nh = rtnl_route_nexthop_n(route, 0); return rtnl_route_nh_get_ifindex(nh); #else return rtnl_route_get_oif(route); #endif } static bool has_wireless_extension(const char *ifname) { int s; errno_t ret; struct iwreq iwr; s = socket(PF_INET, SOCK_DGRAM, 0); if (s == -1) { ret = errno; DEBUG(2, ("Could not open socket: [%d] %s\n", ret, strerror(ret))); return false; } strncpy(iwr.ifr_ifrn.ifrn_name, ifname, IFNAMSIZ-1); iwr.ifr_ifrn.ifrn_name[IFNAMSIZ-1] = '\0'; /* Does the interface support a wireless extension? */ ret = ioctl(s, SIOCGIWNAME, &iwr); close(s); return ret == 0; } static bool has_ethernet_encapsulation(const char *sysfs_path) { char type_path[SYSFS_TYPE_PATH_MAX]; errno_t ret; int fd = -1; char buf[BUFSIZE]; ret = snprintf(type_path, SYSFS_TYPE_PATH_MAX, "%s/%s", sysfs_path, TYPE_FILE); if (ret < 0) { DEBUG(SSSDBG_OP_FAILURE, ("snprintf failed\n")); return false; } else if (ret >= SYSFS_TYPE_PATH_MAX) { DEBUG(SSSDBG_OP_FAILURE, ("path too long?!?!\n")); return false; } errno = 0; fd = open(type_path, O_RDONLY); if (fd == -1) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("Could not open sysfs file %s: [%d] %s\n", type_path, ret, strerror(ret))); return false; } memset(buf, 0, BUFSIZE); errno = 0; ret = sss_atomic_read_s(fd, buf, BUFSIZE); if (ret == -1) { ret = errno; DEBUG(SSSDBG_OP_FAILURE, ("read failed [%d][%s].\n", ret, strerror(ret))); close(fd); return false; } close(fd); buf[BUFSIZE-1] = '\0'; return strncmp(buf, "1\n", BUFSIZE) == 0; } static bool has_phy_80211_subdir(const char *sysfs_path) { char phy80211_path[SYSFS_SUBDIR_PATH_MAX]; struct stat statbuf; errno_t ret; ret = snprintf(phy80211_path, SYSFS_SUBDIR_PATH_MAX, "%s/%s", sysfs_path, PHY_80211_SUBDIR); if (ret < 0) { DEBUG(SSSDBG_OP_FAILURE, ("snprintf failed")); return false; } else if (ret >= SYSFS_SUBDIR_PATH_MAX) { DEBUG(SSSDBG_OP_FAILURE, ("path too long?!?!\n")); return false; } errno = 0; ret = stat(phy80211_path, &statbuf); if (ret == -1) { ret = errno; if (ret == ENOENT || ret == ENOTDIR) { DEBUG(SSSDBG_TRACE_LIBS, ("No %s directory in sysfs, probably " "not a wireless interface\n", PHY_80211_SUBDIR)); } else { DEBUG(SSSDBG_OP_FAILURE, ("stat failed: [%d] %s\n", ret, strerror(ret))); } return false; } if (statbuf.st_mode & S_IFDIR) { DEBUG(SSSDBG_TRACE_LIBS, ("Directory %s found in sysfs, looks like " "a wireless iface\n", PHY_80211_SUBDIR)); return true; } return false; } static bool discard_iff_up(const char *ifname) { char path[SYSFS_IFACE_PATH_MAX]; errno_t ret; /* This catches most of the new 80211 drivers */ if (has_wireless_extension(ifname)) { DEBUG(SSSDBG_TRACE_FUNC, ("%s has a wireless extension\n", ifname)); return true; } ret = snprintf(path, SYSFS_IFACE_PATH_MAX, SYSFS_IFACE_TEMPLATE, ifname); if (ret < 0) { DEBUG(SSSDBG_OP_FAILURE, ("snprintf failed")); return false; } else if (ret >= SYSFS_IFACE_PATH_MAX) { DEBUG(SSSDBG_OP_FAILURE, ("path too long?!?!\n")); return false; } /* This will filter PPP and such. Both wired and wireless * interfaces have the encapsulation. */ if (!has_ethernet_encapsulation(path)) { DEBUG(SSSDBG_TRACE_FUNC, ("%s does not have ethernet encapsulation, " "filtering out\n", ifname)); return true; } /* This captures old WEXT drivers, the new mac8011 would * be caught by the ioctl check */ if (has_phy_80211_subdir(path)) { DEBUG(SSSDBG_TRACE_FUNC, ("%s has a 802_11 subdir, filtering out\n", ifname)); return true; } return false; } static void nladdr_to_string(struct nl_addr *nl, char *buf, size_t bufsize) { int addr_family; void *addr; addr_family = nl_addr_get_family(nl); if (addr_family != AF_INET && addr_family != AF_INET6) { strncpy(buf, "unknown", bufsize); return; } addr = nl_addr_get_binary_addr(nl); if (!addr) return; if (inet_ntop(addr_family, addr, buf, bufsize) == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("inet_ntop failed\n")); snprintf(buf, bufsize, "unknown"); } } /******************************************************************* * Wrappers for different capabilities of different libnl versions *******************************************************************/ static bool nlw_accept_message(struct nlw_handle *nlp, const struct sockaddr_nl *snl, struct nlmsghdr *hdr) { bool accept_msg = false; uint32_t local_port; if (snl == NULL) { DEBUG(3, ("Malformed message, skipping\n")); return false; } /* Accept any messages from the kernel */ if (hdr->nlmsg_pid == 0 || snl->nl_pid == 0) { accept_msg = true; } /* And any multicast message directed to our netlink PID, since multicast * currently requires CAP_ADMIN to use. */ local_port = nl_socket_get_local_port(nlp); if ((hdr->nlmsg_pid == local_port) && snl->nl_groups) { accept_msg = true; } if (accept_msg == false) { DEBUG(9, ("ignoring netlink message from PID %d", hdr->nlmsg_pid)); } return accept_msg; } static bool nlw_is_addr_object(struct nl_object *obj) { bool is_addr_object = true; struct rtnl_addr *filter; filter = rtnl_addr_alloc(); if (!filter) { DEBUG(SSSDBG_CRIT_FAILURE, ("Allocation error!\n")); is_addr_object = false; } /* Ensure it's an addr object */ if (!nl_object_match_filter(obj, OBJ_CAST(filter))) { DEBUG(SSSDBG_MINOR_FAILURE, ("Not an addr object\n")); is_addr_object = false; } rtnl_addr_put(filter); return is_addr_object; } static bool nlw_is_route_object(struct nl_object *obj) { bool is_route_object = true; struct rtnl_route *filter; filter = rtnl_route_alloc(); if (!filter) { DEBUG(SSSDBG_CRIT_FAILURE, ("Allocation error!\n")); is_route_object = false; } /* Ensure it's a route object */ if (!nl_object_match_filter(obj, OBJ_CAST(filter))) { DEBUG(SSSDBG_MINOR_FAILURE, ("Not a route object\n")); is_route_object = false; } rtnl_route_put(filter); return is_route_object; } static bool nlw_is_link_object(struct nl_object *obj) { bool is_link_object = true; struct rtnl_link *filter; filter = rtnl_link_alloc(); if (!filter) { DEBUG(0, ("Allocation error!\n")); is_link_object = false; } /* Ensure it's a link object */ if (!nl_object_match_filter(obj, OBJ_CAST(filter))) { DEBUG(2, ("Not a link object\n")); is_link_object = false; } rtnl_link_put(filter); return is_link_object; } static int nlw_enable_passcred(struct nlw_handle *nlp) { #ifdef HAVE_NL_SET_PASSCRED return nl_set_passcred(nlp, 1); /* 1 = enabled */ #elif HAVE_NL_SOCKET_SET_PASSCRED return nl_socket_set_passcred(nlp, 1); #else return EOK; /* not available in this version */ #endif } static int nlw_group_subscribe(struct nlw_handle *nlp, int group) { int ret; #ifdef HAVE_NL_SOCKET_ADD_MEMBERSHIP ret = nl_socket_add_membership(nlp, group); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to add membership: %s\n", nlw_geterror(ret))); return ret; } #else int nlfd = nl_socket_get_fd(nlp); errno = 0; ret = setsockopt(nlfd, SOL_NETLINK, NETLINK_ADD_MEMBERSHIP, &group, sizeof(group)); if (ret < 0) { ret = errno; DEBUG(1, ("setsockopt failed (%d): %s\n", ret, strerror(ret))); return ret; } #endif return 0; } static int nlw_groups_subscribe(struct nlw_handle *nlp, int *groups) { int ret; int i; for (i=0; groups[i]; i++) { ret = nlw_group_subscribe(nlp, groups[i]); if (ret != EOK) return ret; } return EOK; } /******************************************************************* * Callbacks for validating and receiving messages *******************************************************************/ static int event_msg_recv(struct nl_msg *msg, void *arg) { struct netlink_ctx *ctx = (struct netlink_ctx *) arg; struct nlmsghdr *hdr; const struct sockaddr_nl *snl; struct ucred *creds; creds = nlmsg_get_creds(msg); if (!creds || creds->uid != 0) { DEBUG(SSSDBG_TRACE_ALL, ("Ignoring netlink message from UID %"SPRIuid, creds ? creds->uid : (uid_t)-1)); return NL_SKIP; } hdr = nlmsg_hdr(msg); snl = nlmsg_get_src(msg); if (!nlw_accept_message(ctx->nlp, snl, hdr)) { return NL_SKIP; } return NL_OK; } static void link_msg_handler(struct nl_object *obj, void *arg); static void route_msg_handler(struct nl_object *obj, void *arg); static void addr_msg_handler(struct nl_object *obj, void *arg); static enum nlw_msg_type message_type(struct nlmsghdr *hdr) { DEBUG(SSSDBG_FUNC_DATA, ("netlink Message type: %d\n", hdr->nlmsg_type)); switch (hdr->nlmsg_type) { /* network interface added */ case RTM_NEWLINK: return NLW_LINK; /* routing table changed */ case RTM_NEWROUTE: case RTM_DELROUTE: return NLW_ROUTE; /* IP address added or deleted */ case RTM_NEWADDR: case RTM_DELADDR: return NLW_ADDR; /* Something else happened, but we don't care (typically RTM_GET* ) */ default: return NLW_OTHER; } return NLW_OTHER; } static int event_msg_ready(struct nl_msg *msg, void *arg) { struct nlmsghdr *hdr = nlmsg_hdr(msg); switch (message_type(hdr)) { case NLW_LINK: nl_msg_parse(msg, &link_msg_handler, arg); break; case NLW_ROUTE: nl_msg_parse(msg, &route_msg_handler, arg); break; case NLW_ADDR: nl_msg_parse(msg, &addr_msg_handler, arg); break; default: return EOK; /* Don't care */ } return NL_OK; } static int nlw_set_callbacks(struct nlw_handle *nlp, void *data) { int ret = EIO; #ifdef HAVE_NL_SOCKET_MODIFY_CB ret = nl_socket_modify_cb(nlp, NL_CB_MSG_IN, NL_CB_CUSTOM, event_msg_recv, data); #else struct nl_cb *cb = nl_handle_get_cb(nlp); ret = nl_cb_set(cb, NL_CB_MSG_IN, NL_CB_CUSTOM, event_msg_recv, data); #endif if (ret != 0) { DEBUG(1, ("Unable to set validation callback\n")); return ret; } #ifdef HAVE_NL_SOCKET_MODIFY_CB ret = nl_socket_modify_cb(nlp, NL_CB_VALID, NL_CB_CUSTOM, event_msg_ready, data); #else ret = nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, event_msg_ready, data); #endif if (ret != 0) { DEBUG(1, ("Unable to set receive callback\n")); return ret; } return ret; } static void route_msg_debug_print(struct rtnl_route *route_obj) { int prefixlen; char buf[INET6_ADDRSTRLEN]; struct nl_addr *nl; nl = rtnl_route_get_dst(route_obj); if (nl) { nladdr_to_string(nl, buf, INET6_ADDRSTRLEN); prefixlen = nl_addr_get_prefixlen(nl); } else { strncpy(buf, "unknown", INET6_ADDRSTRLEN); prefixlen = 0; } DEBUG(SSSDBG_TRACE_LIBS, ("route idx %d flags %#X family %d addr %s/%d\n", rtnlw_route_get_oif(route_obj), rtnl_route_get_flags(route_obj), rtnl_route_get_family(route_obj), buf, prefixlen)); } /* * If a bridge interface is configured it sets up a timer to requery for * multicast group memberships periodically. We need to discard such * messages. */ static bool route_is_multicast(struct rtnl_route *route_obj) { struct nl_addr *nl; struct in6_addr *addr6 = NULL; struct in_addr *addr4 = NULL; nl = rtnl_route_get_dst(route_obj); if (!nl) { DEBUG(SSSDBG_MINOR_FAILURE, ("A route with no destination?\n")); return false; } if (nl_addr_get_family(nl) == AF_INET) { addr4 = nl_addr_get_binary_addr(nl); if (!addr4) { return false; } return IN_MULTICAST(ntohl(addr4->s_addr)); } else if (nl_addr_get_family(nl) == AF_INET6) { addr6 = nl_addr_get_binary_addr(nl); if (!addr6) { return false; } return IN6_IS_ADDR_MULTICAST(addr6); } DEBUG(SSSDBG_MINOR_FAILURE, ("Unknown route address family\n")); return false; } static void route_msg_handler(struct nl_object *obj, void *arg) { struct rtnl_route *route_obj; struct netlink_ctx *ctx = (struct netlink_ctx *) arg; if (!nlw_is_route_object(obj)) return; route_obj = (struct rtnl_route *) obj; if (route_is_multicast(route_obj)) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Discarding multicast route message\n")); return; } if (debug_level & SSSDBG_TRACE_LIBS) { route_msg_debug_print(route_obj); } ctx->change_cb(ctx->cb_data); } static void addr_msg_debug_print(struct rtnl_addr *addr_obj) { unsigned int flags; char str_flags[512]; int ifidx; struct nl_addr *local_addr; char buf[INET6_ADDRSTRLEN]; flags = rtnl_addr_get_flags(addr_obj); ifidx = rtnl_addr_get_ifindex(addr_obj); local_addr = rtnl_addr_get_local(addr_obj); rtnl_addr_flags2str(flags, str_flags, 512); nladdr_to_string(local_addr, buf, INET6_ADDRSTRLEN); DEBUG(SSSDBG_TRACE_LIBS, ("netlink addr message: iface idx %u " "addr %s flags 0x%X (%s)\n", ifidx, buf, flags, str_flags)); } static void addr_msg_handler(struct nl_object *obj, void *arg) { struct netlink_ctx *ctx = (struct netlink_ctx *) arg; struct rtnl_addr *addr_obj; if (!nlw_is_addr_object(obj)) return; addr_obj = (struct rtnl_addr *) obj; if (debug_level & SSSDBG_TRACE_LIBS) { addr_msg_debug_print(addr_obj); } ctx->change_cb(ctx->cb_data); } static void link_msg_handler(struct nl_object *obj, void *arg) { struct netlink_ctx *ctx = (struct netlink_ctx *) arg; struct rtnl_link *link_obj; unsigned int flags; char str_flags[512]; int ifidx; const char *ifname; if (!nlw_is_link_object(obj)) return; link_obj = (struct rtnl_link *) obj; flags = rtnl_link_get_flags(link_obj); ifidx = rtnl_link_get_ifindex(link_obj); rtnl_link_flags2str(flags, str_flags, 512); ifname = rtnl_link_get_name(link_obj); DEBUG(SSSDBG_TRACE_LIBS, ("netlink link message: iface idx %u (%s) " "flags 0x%X (%s)\n", ifidx, ifname, flags, str_flags)); /* IFF_LOWER_UP is the indicator of carrier status */ if ((flags & IFF_RUNNING) && (flags & IFF_LOWER_UP) && !discard_iff_up(ifname)) { ctx->change_cb(ctx->cb_data); } } static void netlink_fd_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *data) { struct netlink_ctx *nlctx = talloc_get_type(data, struct netlink_ctx); int ret; if (!nlctx || !nlctx->nlp) { DEBUG(1, ("Invalid netlink handle, this is most likely a bug!\n")); return; } ret = nl_recvmsgs_default(nlctx->nlp); if (ret != EOK) { DEBUG(1, ("Error while reading from netlink fd\n")); return; } } /******************************************************************* * Set up the netlink library *******************************************************************/ int setup_netlink(TALLOC_CTX *mem_ctx, struct tevent_context *ev, network_change_cb change_cb, void *cb_data, struct netlink_ctx **_nlctx) { struct netlink_ctx *nlctx; int ret; int nlfd; unsigned flags; int groups[] = { RTNLGRP_LINK, RTNLGRP_IPV4_ROUTE, RTNLGRP_IPV6_ROUTE, RTNLGRP_IPV4_IFADDR, RTNLGRP_IPV6_IFADDR, 0 }; nlctx = talloc_zero(mem_ctx, struct netlink_ctx); if (!nlctx) return ENOMEM; talloc_set_destructor((TALLOC_CTX *) nlctx, netlink_ctx_destructor); nlctx->change_cb = change_cb; nlctx->cb_data = cb_data; /* allocate the libnl handle/socket and register the default filter set */ nlctx->nlp = nlw_alloc(); if (!nlctx->nlp) { DEBUG(SSSDBG_CRIT_FAILURE, (("unable to allocate netlink handle: %s"), nlw_geterror(ENOMEM))); ret = ENOMEM; goto fail; } /* Register our custom message validation filter */ ret = nlw_set_callbacks(nlctx->nlp, nlctx); if (ret != 0) { DEBUG(1, ("Unable to set callbacks\n")); ret = EIO; goto fail; } /* Try to start talking to netlink */ ret = nl_connect(nlctx->nlp, NETLINK_ROUTE); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to connect to netlink: %s\n", nlw_geterror(ret))); ret = EIO; goto fail; } ret = nlw_enable_passcred(nlctx->nlp); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot enable credential passing: %s\n", nlw_geterror(ret))); ret = EIO; goto fail; } /* Subscribe to the LINK group for internal carrier signals */ ret = nlw_groups_subscribe(nlctx->nlp, groups); if (ret != 0) { DEBUG(1, ("Unable to subscribe to netlink monitor\n")); ret = EIO; goto fail; } nlw_disable_seq_check(nlctx->nlp); nlfd = nl_socket_get_fd(nlctx->nlp); flags = fcntl(nlfd, F_GETFL, 0); errno = 0; ret = fcntl(nlfd, F_SETFL, flags | O_NONBLOCK); if (ret < 0) { ret = errno; DEBUG(1, ("Cannot set the netlink fd to nonblocking\n")); goto fail; } nlctx->tefd = tevent_add_fd(ev, nlctx, nlfd, TEVENT_FD_READ, netlink_fd_handler, nlctx); if (nlctx->tefd == NULL) { DEBUG(1, ("tevent_add_fd() failed\n")); ret = EIO; goto fail; } *_nlctx = nlctx; return EOK; fail: talloc_free(nlctx); return ret; } #else /* HAVE_LIBNL not defined */ int setup_netlink(TALLOC_CTX *mem_ctx, struct tevent_context *ev, network_change_cb change_cb, void *cb_data, struct netlink_ctx **_nlctx) { if (_nlctx) *_nlctx = NULL; return EOK; } #endif ����sssd-1.11.5/src/monitor/PaxHeaders.13173/monitor.h��������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�017671� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.262891434 30 ctime=1396954961.415875127 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/monitor/monitor.h�������������������������������������������������������������������0000664�0024127�0024127�00000002771�12320753107�020122� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD Service monitor Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifndef _MONITOR_H_ #define _MONITOR_H_ #define RESOLV_CONF_PATH "/etc/resolv.conf" #define CONFIG_FILE_POLL_INTERVAL 5 /* seconds */ /* for detecting if NSCD is running */ #ifndef NSCD_SOCKET_PATH #define NSCD_SOCKET_PATH "/var/run/nscd/socket" #endif struct config_file_ctx; typedef int (*monitor_reconf_fn) (struct config_file_ctx *file_ctx, const char *filename); struct mt_ctx; int monitor_process_init(struct mt_ctx *ctx, const char *config_file); /* from monitor_netlink.c */ struct netlink_ctx; typedef void (*network_change_cb)(void *); int setup_netlink(TALLOC_CTX *mem_ctx, struct tevent_context *ev, network_change_cb change_cb, void *cb_data, struct netlink_ctx **_nlctx); #endif /* _MONITOR_H */ �������sssd-1.11.5/src/monitor/PaxHeaders.13173/monitor_sbus.c���������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020720� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.262891434 30 ctime=1396954961.665874943 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/src/monitor/monitor_sbus.c��������������������������������������������������������������0000664�0024127�0024127�00000016327�12320753107�021153� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* SSSD Data Provider Helpers Copyright (C) Stephen Gallagher <sgallagh@redhat.com> 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ /* Needed for res_init() */ #include <netinet/in.h> #include <arpa/nameser.h> #include <resolv.h> #include "util/util.h" #include "confdb/confdb.h" #include "sbus/sssd_dbus.h" #include "sbus/sbus_client.h" #include "monitor/monitor_interfaces.h" int monitor_get_sbus_address(TALLOC_CTX *mem_ctx, char **address) { char *default_address; *address = NULL; default_address = talloc_asprintf(mem_ctx, "unix:path=%s/%s", PIPE_PATH, SSSD_SERVICE_PIPE); if (default_address == NULL) { return ENOMEM; } *address = default_address; return EOK; } static void id_callback(DBusPendingCall *pending, void *ptr) { DBusMessage *reply; DBusError dbus_error; dbus_bool_t ret; dbus_uint16_t mon_ver; int type; dbus_error_init(&dbus_error); reply = dbus_pending_call_steal_reply(pending); if (!reply) { /* reply should never be null. This function shouldn't be called * until reply is valid or timeout has occurred. If reply is NULL * here, something is seriously wrong and we should bail out. */ DEBUG(0, ("Severe error. A reply callback was called but no" " reply was received and no timeout occurred\n")); /* FIXME: Destroy this connection ? */ goto done; } type = dbus_message_get_type(reply); switch (type) { case DBUS_MESSAGE_TYPE_METHOD_RETURN: ret = dbus_message_get_args(reply, &dbus_error, DBUS_TYPE_UINT16, &mon_ver, DBUS_TYPE_INVALID); if (!ret) { DEBUG(1, ("Failed to parse message\n")); if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error); /* FIXME: Destroy this connection ? */ goto done; } DEBUG(4, ("Got id ack and version (%d) from Monitor\n", mon_ver)); break; case DBUS_MESSAGE_TYPE_ERROR: DEBUG(0,("The Monitor returned an error [%s]\n", dbus_message_get_error_name(reply))); /* Falling through to default intentionally*/ default: /* * Timeout or other error occurred or something * unexpected happened. * It doesn't matter which, because either way we * know that this connection isn't trustworthy. * We'll destroy it now. */ /* FIXME: Destroy this connection ? */ break; } done: dbus_pending_call_unref(pending); dbus_message_unref(reply); } int monitor_common_send_id(struct sbus_connection *conn, const char *name, uint16_t version) { DBusMessage *msg; dbus_bool_t ret; int retval; /* create the message */ msg = dbus_message_new_method_call(NULL, MON_SRV_PATH, MON_SRV_INTERFACE, MON_SRV_METHOD_REGISTER); if (msg == NULL) { DEBUG(0, ("Out of memory?!\n")); return ENOMEM; } DEBUG(4, ("Sending ID: (%s,%d)\n", name, version)); ret = dbus_message_append_args(msg, DBUS_TYPE_STRING, &name, DBUS_TYPE_UINT16, &version, DBUS_TYPE_INVALID); if (!ret) { DEBUG(1, ("Failed to build message\n")); return EIO; } retval = sbus_conn_send(conn, msg, 3000, id_callback, NULL, NULL); dbus_message_unref(msg); return retval; } int monitor_common_pong(DBusMessage *message, struct sbus_connection *conn) { DBusMessage *reply; dbus_bool_t ret; reply = dbus_message_new_method_return(message); if (!reply) return ENOMEM; ret = dbus_message_append_args(reply, DBUS_TYPE_INVALID); if (!ret) { dbus_message_unref(reply); return EIO; } /* send reply back */ sbus_conn_send_reply(conn, reply); dbus_message_unref(reply); return EOK; } int monitor_common_res_init(DBusMessage *message, struct sbus_connection *conn) { int ret; ret = res_init(); if(ret != 0) { return EIO; } /* Send an empty reply to acknowledge receipt */ return monitor_common_pong(message, conn); } errno_t monitor_common_rotate_logs(struct confdb_ctx *confdb, const char *conf_path) { errno_t ret; int old_debug_level = debug_level; ret = rotate_debug_files(); if (ret) { sss_log(SSS_LOG_ALERT, "Could not rotate debug files! [%d][%s]\n", ret, strerror(ret)); return ret; } /* Get new debug level from the confdb */ ret = confdb_get_int(confdb, conf_path, CONFDB_SERVICE_DEBUG_LEVEL, old_debug_level, &debug_level); if (ret != EOK) { DEBUG(0, ("Error reading from confdb (%d) [%s]\n", ret, strerror(ret))); /* Try to proceed with the old value */ debug_level = old_debug_level; } if (debug_level != old_debug_level) { DEBUG(0, ("Debug level changed to %#.4x\n", debug_level)); debug_level = debug_convert_old_level(debug_level); } return EOK; } errno_t sss_monitor_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sbus_interface *intf, const char *svc_name, uint16_t svc_version, void *pvt, struct sbus_connection **mon_conn) { errno_t ret; char *sbus_address; struct sbus_connection *conn; /* Set up SBUS connection to the monitor */ ret = monitor_get_sbus_address(NULL, &sbus_address); if (ret != EOK) { DEBUG(0, ("Could not locate monitor address.\n")); return ret; } ret = sbus_client_init(mem_ctx, ev, sbus_address, intf, &conn, NULL, pvt); if (ret != EOK) { DEBUG(0, ("Failed to connect to monitor services.\n")); talloc_free(sbus_address); return ret; } talloc_free(sbus_address); /* Identify ourselves to the monitor */ ret = monitor_common_send_id(conn, svc_name, svc_version); if (ret != EOK) { DEBUG(0, ("Failed to identify to the monitor!\n")); return ret; } *mon_conn = conn; return EOK; } ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/PaxHeaders.13173/configure.ac�����������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�016041� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.480891274 30 ctime=1396954961.354875172 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/configure.ac����������������������������������������������������������������������������0000664�0024127�0024127�00000023634�12320753107�016273� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������AC_PREREQ(2.59) m4_include([version.m4]) AC_INIT([sssd], VERSION_NUMBER, [sssd-devel@lists.fedorahosted.org]) m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], [AC_USE_SYSTEM_EXTENSIONS], [AC_GNU_SOURCE]) CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" AC_CONFIG_SRCDIR([BUILD.txt]) AC_CONFIG_AUX_DIR([build]) AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax]) AM_PROG_CC_C_O m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) AC_DISABLE_STATIC AC_PROG_INSTALL AC_PROG_LIBTOOL LT_LIB_DLLOAD AC_CONFIG_MACRO_DIR([m4]) AM_GNU_GETTEXT([external]) AM_GNU_GETTEXT_VERSION([0.14]) AC_SUBST([PRERELEASE_VERSION], PRERELEASE_VERSION_NUMBER) AC_DEFINE([PRERELEASE_VERSION], "PRERELEASE_VERSION_NUMBER", [Prerelease version number of package]) AM_CONDITIONAL([GIT_CHECKOUT], [git log -1 >/dev/null 2>&1]) m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES]) AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes]) AC_CHECK_HEADERS(stdint.h dlfcn.h) AC_CONFIG_HEADER(config.h) AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]]) m4_include([src/build_macros.m4]) BUILD_WITH_SHARED_BUILD_DIR AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([[#include <pthread.h>]], [[pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER;]])], [AC_DEFINE([HAVE_PTHREAD], [1], [Pthread mutexes available.]) HAVE_PTHREAD=1 ], [AC_MSG_WARN([Pthread library not found! Clients will not be thread safe...])]) AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"]) SAVE_LIBS=$LIBS LIBS="$LIBS -lpthread" AC_CHECK_FUNCS([ pthread_mutexattr_setrobust \ pthread_mutex_consistent \ pthread_mutexattr_setrobust_np \ pthread_mutex_consistent_np ]) LIBS=$SAVE_LIBS # Check for presence of modern functions for setting file timestamps AC_CHECK_FUNCS([ utimensat \ futimens ]) #Check for PAM headers AC_CHECK_HEADERS([security/pam_appl.h security/pam_misc.h security/pam_modules.h], [AC_CHECK_LIB(pam, pam_get_item, [ PAM_LIBS="-lpam" ], [AC_MSG_ERROR([PAM must support pam_get_item])])], [AC_MSG_ERROR([PAM development libraries not installed])] ) #Check for endian headers AC_CHECK_HEADERS([endian.h sys/endian.h byteswap.h]) #Set the NSS library install path AC_ARG_ENABLE([nsslibdir], [AS_HELP_STRING([--enable-nsslibdir], [Where to install nss libraries ($libdir)])], [nsslibdir=$enableval], [nsslibdir=$libdir]) AC_SUBST(nsslibdir) #Set the PAM module install path AC_ARG_ENABLE([pammoddir], [AS_HELP_STRING([--enable-pammoddir], [Where to install pam modules ($libdir/security)])], [pammoddir=$enableval], [pammoddir=$libdir/security]) AC_SUBST(pammoddir) #Include here cause WITH_INIT_DIR requires $osname set in platform.m4 m4_include([src/external/platform.m4]) m4_include(src/conf_macros.m4) WITH_DISTRO_VERSION WITH_DB_PATH WITH_PLUGIN_PATH WITH_PID_PATH WITH_LOG_PATH WITH_PUBCONF_PATH WITH_PIPE_PATH WITH_MCACHE_PATH WITH_DEFAULT_CCACHE_DIR WITH_DEFAULT_CCNAME_TEMPLATE WITH_ENVIRONMENT_FILE WITH_INIT_DIR WITH_TEST_DIR WITH_MANPAGES WITH_XML_CATALOG WITH_KRB5_PLUGIN_PATH WITH_KRB5_RCACHE_DIR WITH_KRB5AUTHDATA_PLUGIN_PATH WITH_KRB5_CONF WITH_PYTHON_BINDINGS WITH_SELINUX WITH_NSCD WITH_SEMANAGE WITH_NOLOGIN_SHELL WITH_APP_LIBS WITH_SUDO WITH_SUDO_LIB_PATH WITH_AUTOFS WITH_SSH WITH_CRYPTO m4_include([src/external/pkg.m4]) m4_include([src/external/libpopt.m4]) m4_include([src/external/libtalloc.m4]) m4_include([src/external/libtdb.m4]) m4_include([src/external/libtevent.m4]) m4_include([src/external/libldb.m4]) m4_include([src/external/libdhash.m4]) m4_include([src/external/libcollection.m4]) m4_include([src/external/libini_config.m4]) m4_include([src/external/pam.m4]) m4_include([src/external/ldap.m4]) m4_include([src/external/libpcre.m4]) m4_include([src/external/krb5.m4]) m4_include([src/external/libcares.m4]) m4_include([src/external/libcmocka.m4]) m4_include([src/external/docbook.m4]) m4_include([src/external/sizes.m4]) m4_include([src/external/python.m4]) m4_include([src/external/selinux.m4]) m4_include([src/external/crypto.m4]) m4_include([src/external/nscd.m4]) m4_include([src/external/nsupdate.m4]) m4_include([src/external/libkeyutils.m4]) m4_include([src/external/libnl.m4]) m4_include([src/external/systemd.m4]) m4_include([src/external/pac_responder.m4]) m4_include([src/external/signal.m4]) m4_include([src/external/inotify.m4]) m4_include([src/external/libndr_nbt.m4]) WITH_UNICODE_LIB if test x$unicode_lib = xlibunistring; then m4_include([src/external/libunistring.m4]) AC_DEFINE_UNQUOTED(HAVE_LIBUNISTRING, 1, [Using libunistring for unicode]) UNICODE_LIBS=$UNISTRING_LIBS else m4_include([src/external/glib.m4]) AC_DEFINE_UNQUOTED(HAVE_GLIB2, 1, [Using glib2 for unicode]) UNICODE_LIBS=$GLIB2_LIBS fi AC_SUBST(UNICODE_LIBS) WITH_LIBNL if test x$HAVE_NSCD; then WITH_NSCD_CONF fi WITH_INITSCRIPT if test x$initscript = xsystemd; then WITH_SYSTEMD_UNIT_DIR fi PKG_CHECK_MODULES([DBUS],[dbus-1]) dnl if test -n "`$PKG_CONFIG --modversion dbus-1 | grep '^0\.'`" ; then if ! $PKG_CONFIG --atleast-version 1.0.0 dbus-1; then DBUS_CFLAGS="$DBUS_CFLAGS -DDBUS_API_SUBJECT_TO_CHANGE" AC_MSG_RESULT([setting -DDBUS_API_SUBJECT_TO_CHANGE]) fi if test x$has_dbus != xno; then SAFE_LIBS="$LIBS" LIBS="$DBUS_LIBS" AC_CHECK_FUNC([dbus_watch_get_unix_fd], AC_DEFINE([HAVE_DBUS_WATCH_GET_UNIX_FD], [1], [Define if dbus_watch_get_unix_fd exists])) LIBS="$SAFE_LIBS" fi # work around a bug in cov-build from Coverity test -n "$XML_CATALOG_FILES" || unset XML_CATALOG_FILES if test x$HAVE_MANPAGES != x; then CHECK_XML_TOOLS DOCBOOK_XSLT=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl CHECK_STYLESHEET([$SGML_CATALOG_FILES], [$DOCBOOK_XSLT], [Docbook XSL profiling templates], [HAVE_PROFILE_CATALOGS=1], [AC_MSG_WARN([Man pages might contain documentation for experimental features])]) if test x$HAVE_PROFILE_CATALOGS == x; then DOCBOOK_XSLT=http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl CHECK_STYLESHEET([$SGML_CATALOG_FILES], [$DOCBOOK_XSLT], [Docbook XSL templates], [], [AC_MSG_ERROR([could not find the docbook xsl catalog])]) fi AC_CHECK_PROG([PO4A],[po4a],[po4a],[no]) AC_SUBST(DOCBOOK_XSLT) fi AM_CONDITIONAL([HAVE_PROFILE_CATALOGS], [test "x$HAVE_PROFILE_CATALOGS" != "x"]) AM_CONDITIONAL([HAVE_MANPAGES], [test "x$HAVE_MANPAGES" != "x"]) AM_CONDITIONAL([HAVE_PO4A], [test "x$PO4A" != "xno"]) if test x$HAVE_PYTHON_BINDINGS != x; then AM_PATH_PYTHON([2.4]) AM_CHECK_PYTHON_HEADERS([], AC_MSG_ERROR([Could not find python headers])) AM_PYTHON_CONFIG AM_CHECK_PYTHON_COMPAT fi if test x$HAVE_SELINUX != x; then AM_CHECK_SELINUX AM_CHECK_SELINUX_LOGIN_DIR fi if test x$HAVE_SEMANAGE != x -a x$HAVE_SELINUX != x; then AM_CHECK_SEMANAGE fi if test x$HAVE_SYSTEMD_UNIT != x; then AM_CHECK_SYSTEMD fi if test x$cryptolib = xnss; then AM_CHECK_NSS fi if test x$cryptolib = xlibcrypto; then AM_CHECK_LIBCRYPTO fi AM_CHECK_INOTIFY AC_CHECK_HEADERS([sasl/sasl.h],,AC_MSG_ERROR([Could not find SASL headers])) AC_CACHE_CHECK([whether compiler supports __attribute__((destructor))], sss_client_cv_attribute_destructor, [AC_COMPILE_IFELSE( [AC_LANG_SOURCE([__attribute__((destructor)) static void cleanup(void) { }])], sss_client_cv_attribute_destructor=yes) ]) if test x"$sss_client_cv_attribute_destructor" = xyes ; then AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR, 1, [whether compiler supports __attribute__((destructor))]) fi AC_CACHE_CHECK([whether compiler supports __attribute__((format))], sss_cv_attribute_format, [AC_COMPILE_IFELSE( [AC_LANG_SOURCE( [void debug_fn(const char *format, ...) __attribute__ ((format (printf, 1, 2)));] )], [sss_cv_attribute_format=yes], [ AC_MSG_RESULT([no]) AC_MSG_WARN([compiler does NOT support __attribute__((format))]) ]) ]) if test x"$sss_cv_attribute_format" = xyes ; then AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_FORMAT, 1, [whether compiler supports __attribute__((format))]) fi PKG_CHECK_MODULES([CHECK], [check >= 0.9.5], [have_check=1], [have_check=]) if test x$have_check = x; then AC_MSG_WARN([Without the 'CHECK' libraries, you will be unable to run all tests in the 'make check' suite]) else AC_CHECK_HEADERS([check.h],,AC_MSG_ERROR([Could not find CHECK headers])) fi AC_PATH_PROG([DOXYGEN], [doxygen], [false]) AM_CONDITIONAL([HAVE_DOXYGEN], [test x$DOXYGEN != xfalse ]) AM_CONDITIONAL([HAVE_CHECK], [test x$have_check != x]) AM_CHECK_CMOCKA AM_CONDITIONAL([HAVE_DEVSHM], [test -d /dev/shm]) abs_build_dir=`pwd` AC_DEFINE_UNQUOTED([ABS_BUILD_DIR], ["$abs_build_dir"], [Absolute path to the build directory]) AC_SUBST([abs_builddir], $abs_build_dir) AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config src/sysv/sssd src/sysv/gentoo/sssd src/sysv/SUSE/sssd po/Makefile.in src/man/Makefile src/providers/ipa/ipa_hbac.pc src/providers/ipa/ipa_hbac.doxy src/lib/idmap/sss_idmap.pc src/lib/idmap/sss_idmap.doxy src/sss_client/sudo/sss_sudo.doxy src/sss_client/idmap/sss_nss_idmap.pc src/sss_client/idmap/sss_nss_idmap.doxy src/config/setup.py src/config/SSSDConfig/__init__.py]) AC_OUTPUT ����������������������������������������������������������������������������������������������������sssd-1.11.5/PaxHeaders.13173/BUILD.txt��������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015153� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.249891443 30 ctime=1396954961.404875135 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/BUILD.txt�������������������������������������������������������������������������������0000664�0024127�0024127�00000000415�12320753107�015375� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������The instructions on how to build the SSSD and contribute to the project can be found here: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://fedorahosted.org/sssd/wiki/DevelTutorials ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/PaxHeaders.13173/version.m4�������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015502� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.551891222 30 ctime=1396954961.326875193 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/version.m4������������������������������������������������������������������������������0000664�0024127�0024127�00000000657�12320753107�015734� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Primary version number m4_define([VERSION_NUMBER], [1.11.5]) # If the PRERELEASE_VERSION_NUMBER is set, we'll append # it to the release tag when creating an RPM or SRPM # This is intended for build systems to create snapshot # RPMs. The format should be something like: # .20090915gitf1bcde7 # and would result in an SRPM looking like: # sssd-0.5.0-0.20090915gitf1bcde7.fc11.src.rpm m4_define([PRERELEASE_VERSION_NUMBER], []) ���������������������������������������������������������������������������������sssd-1.11.5/PaxHeaders.13173/README�����������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�014433� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.249891443 30 ctime=1396954961.513875055 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/README����������������������������������������������������������������������������������0000664�0024127�0024127�00000002463�12320753107�014662� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������ SSSD - System Security Services Daemon -------------------------------------- Introduction ------------ SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. More information about SSSD can be found on its project page - <http://fedorahosted.org/sssd/> Building and installation ------------------------- Please see the file BUILD.txt for details Documentation ------------- The most up-to-date documentation can be found at <http://fedorahosted.org/sssd/wiki/HOWTO_Configure> Licensing --------- Please see the file called COPYING. Contacts -------- There are several ways to contact us: * the sssd-devel mailing list: Development of the System Security Services Daemon <https://fedorahosted.org/mailman/listinfo/sssd-devel> * the sssd-users mailing list: End-user discussions about the System Security Services Daemon <https://fedorahosted.org/mailman/listinfo/sssd-users> * the #sssd and #freeipa IRC channels on freenode: irc://irc.freenode.net/sssd irc://irc.freenode.net/freeipa �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/PaxHeaders.13173/COPYING����������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�014606� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.249891443 30 ctime=1396954961.405875134 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/COPYING���������������������������������������������������������������������������������0000664�0024127�0024127�00000104513�12320753107�015034� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������ GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. <one line to give the program's name and a brief idea of what it does.> Copyright (C) <year> <name of author> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: <program> Copyright (C) <year> <name of author> This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see <http://www.gnu.org/licenses/>. The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read <http://www.gnu.org/philosophy/why-not-lgpl.html>. �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/PaxHeaders.13173/contrib����������������������������������������������������������������0000644�0000000�0000000�00000000130�12320753521�015127� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 mtime=1396954961.35787517 30 atime=1396955003.535843846 29 ctime=1396954961.35787517 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/��������������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�015435� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/PaxHeaders.13173/rhel�����������������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�016063� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.376875156 30 atime=1396955003.535843846 30 ctime=1396954961.376875156 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/rhel/���������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�016367� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/rhel/PaxHeaders.13173/update_debug_levels.py������������������������������������0000644�0000000�0000000�00000000074�12320753107�022521� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.250891442 30 ctime=1396954961.376875156 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/rhel/update_debug_levels.py�����������������������������������������������������0000664�0024127�0024127�00000006336�12320753107�022753� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������import os import sys import shutil import traceback from optparse import OptionParser import SSSDConfig # Older versions of SSSD (1.5 and earlier) would take a debug_level # value set in the [sssd] section as authoritative for all other # sections where not explicitly overridden. We changed this so that # all sections need to set it if they want debug logs set. # This script can be run to make the new version continue to produce # the same logs as the old versions did, by explicitly adding # debug_level to all domains and services that did not have it set # already. def parse_options(): parser = OptionParser() parser.add_option("", "--no-backup", action="store_false", dest="backup", default=True, help="""Do not provide backup file after conversion. The script copies the original file with the suffix .bak.<timestamp> by default""") parser.add_option("-v", "--verbose", action="store_true", dest="verbose", default=False, help="Be verbose") (options, args) = parser.parse_args() if len(args) > 0: print >>sys.stderr, "Stray arguments: %s" % ' '.join([a for a in args]) return None return options def verbose(msg, verbosity): if verbosity: print msg def main(): options = parse_options() if not options: print >> sys.stderr, "Cannot parse options" return 1 # Import the current config file try: sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.import_config() except Exception, e: print "Error: %s" % e verbose(traceback.format_exc(), options.verbose) return 2 # Check the [sssd] section for debug_level sssd_service = sssdconfig.get_service('sssd') if not 'debug_level' in sssd_service.options.keys(): # Nothing to do, just return success verbose("No changes required, no backup necessary", options.verbose) return 0 debug_level = sssd_service.options['debug_level'] verbose("Setting all sections to debug_level = %d" % debug_level, options.verbose) # Loop through services for service in sssdconfig.list_services(): svc = sssdconfig.get_service(service) if not 'debug_level' in svc.options.keys(): # Not explicitly set, so add it svc.set_option('debug_level', debug_level) sssdconfig.save_service(svc) # Loop through domains (active AND inactive) for domain in sssdconfig.list_domains(): dom = sssdconfig.get_domain(domain) if not 'debug_level' in dom.options.keys(): # Not explicitly set, so add it dom.set_option('debug_level', debug_level) sssdconfig.save_domain(dom) # Save the original file if options.backup: import datetime currenttime = datetime.datetime.utcnow() newfile = "/etc/sssd/sssd.conf.bak.%s" % currenttime.isoformat() verbose("Backing up existing configuration to %s" % newfile, options.verbose) shutil.copy2("/etc/sssd/sssd.conf", newfile) # Save the changes sssdconfig.write() if __name__ == "__main__": ret = main() sys.exit(ret) else: raise ImportError ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/PaxHeaders.13173/fedora���������������������������������������������������������0000644�0000000�0000000�00000000132�12320753521�016371� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954961.378875154 30 atime=1396955003.535843846 30 ctime=1396954961.378875154 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/fedora/�������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753521�016675� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/fedora/PaxHeaders.13173/make_srpm.sh��������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020765� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.250891442 30 ctime=1396954961.378875154 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/fedora/make_srpm.sh�������������������������������������������������������������0000775�0024127�0024127�00000006022�12320753107�021212� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh # Authors: # Lukas Slebodnik <lslebodn@redhat.com> # # Copyright (C) 2013 Red Hat # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. PACKAGE_NAME="sssd" usage(){ echo "$(basename $0) [OPTIONS]" echo "\t-p, --prerelease Create prerelease SRPM" echo "\t-d, --debug Enable debugging." echo "\t-c, --clean Remove directory rpmbuild and exit." echo "\t-h, --help Print this help and exit." echo "\t-?, --usage" exit 1 } for i in "$@" do case $i in -p|--prerelease) PRERELEASE=1 ;; -d|--debug) set -x ;; -c|--clean) CLEAN=1 ;; -h|--help|-\?|--usage) usage ;; *) # unknown option ;; esac done RPMBUILD="$(pwd)/rpmbuild" if [ -n "$CLEAN" ]; then rm -rfv "$RPMBUILD" exit 0 fi SRC_DIR=$(git rev-parse --show-toplevel) rc=$? if [ $rc != 0 ]; then echo "This script must be run from the $PACKAGE_NAME git repository!" exit 1; fi if [ "x$SRC_DIR" = x ]; then echo "Fatal: Could not find source directory!" exit 1; fi VERSION_FILE="$SRC_DIR/version.m4" SPEC_TEMPLATE="$SRC_DIR/contrib/$PACKAGE_NAME.spec.in" if [ ! -f "$VERSION_FILE" ]; then echo "Fatal: Could not find file version.m4 in source directory!" exit 1; fi if [ ! -f "$SPEC_TEMPLATE" ]; then echo "Fatal: Could not find $PACKAGE_NAME.spec.in in contrib subdirectory!" exit 1; fi PACKAGE_VERSION=$(grep "\[VERSION_NUMBER\]" $VERSION_FILE \ | sed -e 's/.*\[//' -e 's/\]).*$//') if [ "x$PACKAGE_VERSION" = x ]; then echo "Fatal: Could parse version from file:$VERSION_FILE!" exit 1; fi PRERELEASE_VERSION="" if [ -n "$PRERELEASE" ]; then PRERELEASE_VERSION=.$(date +%Y%m%d.%H%M).git$(git log -1 --pretty=format:%h) fi mkdir -p $RPMBUILD/BUILD mkdir -p $RPMBUILD/RPMS mkdir -p $RPMBUILD/SOURCES mkdir -p $RPMBUILD/SPECS mkdir -p $RPMBUILD/SRPMS sed -e "s/@PACKAGE_NAME@/$PACKAGE_NAME/" \ -e "s/@PACKAGE_VERSION@/$PACKAGE_VERSION/" \ -e "s/@PRERELEASE_VERSION@/$PRERELEASE_VERSION/" \ < "$SPEC_TEMPLATE" \ > "$RPMBUILD/SPECS/$PACKAGE_NAME.spec" NAME="$PACKAGE_NAME-$PACKAGE_VERSION" git archive --format=tar.gz --prefix="$NAME"/ \ --output "$RPMBUILD/SOURCES/$NAME.tar.gz" \ --remote="file://$SRC_DIR" \ HEAD cp "$SRC_DIR"/contrib/*.patch "$RPMBUILD/SOURCES" cd $RPMBUILD rpmbuild --define "_topdir $RPMBUILD" \ -bs SPECS/$PACKAGE_NAME.spec ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/fedora/PaxHeaders.13173/bashrc_sssd���������������������������������������������0000644�0000000�0000000�00000000074�12320753107�020674� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954939.250891442 30 ctime=1396954961.377875155 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/fedora/bashrc_sssd��������������������������������������������������������������0000664�0024127�0024127�00000010177�12320753107�021124� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# For best results, add the following lines to ~/.bashrc: # if [ -f /path/to/sssd-source/contrib/fedora/bashrc_sssd ]; then # . /path/to/sssd-source/contrib/fedora/bashrc_sssd # fi # Determine the architecture of the platform we're running on SSS_ARCH=$(uname -p) # Determine the lib and libdir locations SSS_LIB=$(rpm --eval %{_lib}) SSS_LIBDIR=$(rpm --eval %{_libdir}) # Add the following line to your .bashrc if you want SSSD to throw errors on # compiler warnings (recommended) # SSS_WERROR=-Werror # Determine the number of available processors on the system for parallel make # invocation. PROCESSORS=$(/usr/bin/getconf _NPROCESSORS_ONLN) # Configure invocation for use on Fedora systems, based on the %configure RPM # macro from the redhat-rpm-config package. This macro assumes you are building # in a parallel build directory beneath the source directory. All other macros # in this script will assume that the location is # /path/to/sssd-source/$SSS_ARCH alias fedconfig='../configure \ --build=$SSS_ARCH-unknown-linux-gnu \ --host=$SSS_ARCH-unknown-linux-gnu \ --program-prefix= \ --prefix=/usr \ --exec-prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --sysconfdir=/etc \ --datadir=/usr/share \ --includedir=/usr/include \ --libdir=$SSS_LIBDIR \ --libexecdir=/usr/libexec \ --localstatedir=/var \ --sharedstatedir=/var/lib \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ --enable-nsslibdir=/$SSS_LIB \ --enable-pammoddir=/$SSS_LIB/security \ --with-krb5-rcache-dir=/var/cache/krb5rcache \ --with-initscript=systemd \ --with-test-dir=/dev/shm \ --enable-all-experimental-features \ --cache-file=/tmp/fedconfig.cache \ $SSSD_NO_MANPAGES' # Quick alias to completely purge the current working directory, then recreate # and reconfigure it. This is best used when you are making changes to the m4 # macros or the configure scripts. alias reconfig='autoreconf -if \ && rm -Rf $SSS_ARCH/ \ && mkdir $SSS_ARCH/ \ && cd $SSS_ARCH/ \ && fedconfig' # Set the list of warnings that you want to detect (and in the case of remake # and chmake want to treat as errors) SSS_WARNINGS='-Wall \ -Wextra \ -Wno-unused-parameter \ -Wno-sign-compare \ -Wformat-security' # Build (or finish building) all objects and then run the build-tests against # them. This builds with optimizations turned off and GDB debugging symbols. alias chmake='make V=0 CFLAGS+="-ggdb3 -O0 $SSS_WARNINGS $SSS_WERROR" \ -j$PROCESSORS check' # Clean the build directory and rebuild all objects, then run the build-tests # against them. This builds with optimizations turned off and GDB debugging # symbols. alias remake='make clean > /dev/null && chmake' # Clean the build directory and rebuild all objects, hiding most of the build # output except for warnings and errors. This builds with standard CFLAGS. alias warn='make clean >/dev/null \ && make CFLAGS+="$SSS_WARNINGS" -j$PROCESSORS tests > /dev/null' # Install the built sources to the current system, cleaning up the LDB modules # and making sure that the NSS and PAM modules have the right SELinux context. alias sssinstall='sudo make -j$PROCESSORS install \ && sudo rm -f $SSS_LIBDIR/ldb/modules/ldb/memberof.la \ && sudo restorecon -v /$SSS_LIB/libnss_sss.so.2 \ /$SSS_LIB/security/pam_sss.so' # Alias to generate a patch or series of patches that meet SSSD submission # guidelines. # Usage: # genpatch -N (where N is the number of patches to submit) alias genpatch='git format-patch -M -C --patience --full-index' �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/PaxHeaders.13173/sssd.spec.in���������������������������������������������������0000644�0000000�0000000�00000000073�12320753107�017447� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954960.265875976 29 ctime=1396954961.35787517 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/contrib/sssd.spec.in��������������������������������������������������������������������0000664�0024127�0024127�00000053253�12320753107�017702� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������%if ! (0%{?fedora} > 12 || 0%{?rhel} > 5) %{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} %endif %global is_rhel5 %(%{__grep} -c "release 5" /etc/redhat-release) %global rhel5_minor %(%{__grep} -o "5.[0-9]*" /etc/redhat-release |%{__sed} -s 's/5.//') %if 0%{?is_rhel5} > 0 # we don't want to provide private python extension libs %{?filter_setup: %filter_provides_in %{python_sitearch}/.*\.so$ %filter_setup } %else # Fedora and RHEL 6+ # we don't want to provide private python extension libs %define __provides_exclude_from %{python_sitearch}/.*\.so$ %endif %if (0%{?fedora} >= 16 || 0%{?rhel} >= 7) %global use_systemd 1 %endif %if (0%{?use_systemd} == 1) %global with_initscript --with-initscript=systemd --with-systemdunitdir=%{_unitdir} %else %global with_initscript --with-initscript=sysv %endif %global enable_experimental 1 %if (0%{?enable_experimental} == 1) %global experimental --enable-all-experimental-features %endif # Determine the location of the LDB modules directory %global ldb_modulesdir %(pkg-config --variable=modulesdir ldb) %if (0%{?fedora} > 15 || 0%{?rhel} >= 7) %define _hardened_build 1 %endif Name: @PACKAGE_NAME@ Version: @PACKAGE_VERSION@ Release: 0@PRERELEASE_VERSION@%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ URL: http://fedorahosted.org/sssd/ Source0: %{name}-%{version}.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### ### Dependencies ### Requires: sssd-common = %{version}-%{release} Requires: sssd-ldap = %{version}-%{release} Requires: sssd-krb5 = %{version}-%{release} Requires: sssd-ipa = %{version}-%{release} Requires: sssd-common-pac = %{version}-%{release} Requires: sssd-ad = %{version}-%{release} Requires: sssd-proxy = %{version}-%{release} Requires: python-sssdconfig = %{version}-%{release} %global servicename sssd %global sssdstatedir %{_localstatedir}/lib/sss %global dbpath %{sssdstatedir}/db %global pipepath %{sssdstatedir}/pipes %global mcpath %{sssdstatedir}/mc %global pubconfpath %{sssdstatedir}/pubconf ### Build Dependencies ### BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: m4 %{?fedora:BuildRequires: popt-devel} %if 0%{?is_rhel5} > 0 BuildRequires: popt %endif %if 0%{?rhel} >= 6 BuildRequires: popt-devel %endif BuildRequires: libtalloc-devel BuildRequires: libtevent-devel BuildRequires: libtdb-devel BuildRequires: libldb-devel BuildRequires: libdhash-devel >= 0.4.2 BuildRequires: libcollection-devel BuildRequires: libini_config-devel BuildRequires: dbus-devel BuildRequires: dbus-libs %if 0%{?rhel5_minor} >= 7 BuildRequires: openldap24-libs-devel %else BuildRequires: openldap-devel %endif BuildRequires: pam-devel BuildRequires: nss-devel BuildRequires: nspr-devel BuildRequires: pcre-devel BuildRequires: libxslt BuildRequires: libxml2 BuildRequires: docbook-style-xsl BuildRequires: krb5-devel BuildRequires: c-ares-devel BuildRequires: python-devel BuildRequires: check-devel BuildRequires: doxygen BuildRequires: libselinux-devel BuildRequires: libsemanage-devel BuildRequires: bind-utils BuildRequires: keyutils-libs-devel BuildRequires: gettext-devel BuildRequires: pkgconfig BuildRequires: findutils BuildRequires: glib2-devel BuildRequires: selinux-policy-targeted %if (0%{?fedora} >= 18) BuildRequires: libcmocka-devel BuildRequires: libnl3-devel %else BuildRequires: libnl-devel %endif # RHEL 5 is too old to support samba4 and the PAC responder %if !0%{?is_rhel5} BuildRequires: samba4-devel %endif %description Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. The sssd subpackage is a meta-package that contains the deamon as well as all the existing back ends. %package common Summary: Common files for the SSSD Group: Applications/System License: GPLv3+ Requires: libldb >= 0.9.3 Requires: libtdb >= 1.1.3 Requires: sssd-client%{?_isa} = %{version}-%{release} Requires: libsss_idmap = %{version}-%{release} Conflicts: sssd < %{version}-%{release} %if (0%{?use_systemd} == 1) Requires(post): systemd-units systemd-sysv Requires(preun): systemd-units Requires(postun): systemd-units %else Requires(post): initscripts chkconfig Requires(preun): initscripts chkconfig Requires(postun): initscripts chkconfig %endif ### Provides ### Provides: libsss_sudo = %{version}-%{release} Obsoletes: libsss_sudo <= 1.9.93 Provides: libsss_sudo-devel = %{version}-%{release} Obsoletes: libsss_sudo-devel <= 1.9.93 Provides: libsss_autofs = %{version}-%{release} Obsoletes: libsss_autofs <= 1.9.93 %description common Common files for the SSSD. The common package includes all the files needed to run a particular back end, however, the back ends are packaged in separate subpackages such as sssd-ldap. %package client Summary: SSSD Client libraries for NSS and PAM Group: Applications/System License: LGPLv3+ Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig %description client Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD service. %package tools Summary: Userspace tools for use with the SSSD Group: Applications/System License: GPLv3+ Requires: sssd-common = %{version}-%{release} %description tools Provides userspace tools for manipulating users, groups, and nested groups in SSSD when using id_provider = local in /etc/sssd/sssd.conf. Also provides several other administrative tools: * sss_debuglevel to change the debug level on the fly * sss_seed which pre-creates a user entry for use in kickstarts * sss_obfuscate for generating an obfuscated LDAP password %package -n python-sssdconfig Summary: SSSD and IPA configuration file manipulation classes and functions Group: Applications/System License: GPLv3+ BuildArch: noarch %description -n python-sssdconfig Provides python files for manipulation SSSD and IPA configuration files. %package ldap Summary: The LDAP back end of the SSSD Group: Applications/System License: GPLv3+ Conflicts: sssd < %{version}-%{release} Requires: sssd-common = %{version}-%{release} Requires: sssd-krb5-common = %{version}-%{release} %description ldap Provides the LDAP back end that the SSSD can utilize to fetch identity data from and authenticate against an LDAP server. %package krb5-common Summary: SSSD helpers needed for Kerberos and GSSAPI authentication Group: Applications/System License: GPLv3+ Conflicts: sssd < %{version}-%{release} Requires: cyrus-sasl-gssapi Requires: sssd-common = %{version}-%{release} %description krb5-common Provides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication. %package krb5 Summary: The Kerberos authentication back end for the SSSD Group: Applications/System License: GPLv3+ Conflicts: sssd < %{version}-%{release} Requires: sssd-common = %{version}-%{release} Requires: sssd-krb5-common = %{version}-%{release} %description krb5 Provides the Kerberos back end that the SSSD can utilize authenticate against a Kerberos server. # RHEL 5 is too old to support the PAC responder %if !0%{?is_rhel5} %package common-pac Summary: Common files needed for supporting PAC processing Group: Applications/System License: GPLv3+ Requires: sssd-common = %{version}-%{release} %description common-pac Provides common files needed by SSSD providers such as IPA and Active Directory for handling Kerberos PACs. %endif #is_rhel5 %package ipa Summary: The IPA back end of the SSSD Group: Applications/System License: GPLv3+ Conflicts: sssd < %{version}-%{release} Requires: sssd-common = %{version}-%{release} Requires: sssd-krb5-common = %{version}-%{release} Requires: libipa_hbac = %{version}-%{release} Requires: bind-utils # RHEL 5 is too old to support the PAC responder %if !0%{?is_rhel5} Requires: sssd-common-pac = %{version}-%{release} %endif %description ipa Provides the IPA back end that the SSSD can utilize to fetch identity data from and authenticate against an IPA server. %package ad Summary: The AD back end of the SSSD Group: Applications/System License: GPLv3+ Conflicts: sssd < %{version}-%{release} Requires: sssd-common = %{version}-%{release} Requires: sssd-krb5-common = %{version}-%{release} Requires: bind-utils # RHEL 5 is too old to support the PAC responder %if !0%{?is_rhel5} Requires: sssd-common-pac = %{version}-%{release} %endif %description ad Provides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server. %package proxy Summary: The proxy back end of the SSSD Group: Applications/System License: GPLv3+ Conflicts: sssd < %{version}-%{release} Requires: sssd-common = %{version}-%{release} %description proxy Provides the proxy back end which can be used to wrap an existing NSS and/or PAM modules to leverage SSSD caching. %package -n libsss_idmap Summary: FreeIPA Idmap library Group: Development/Libraries License: LGPLv3+ Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig %description -n libsss_idmap Utility library to convert SIDs to Unix uids and gids %package -n libsss_idmap-devel Summary: FreeIPA Idmap library Group: Development/Libraries License: LGPLv3+ Requires: libsss_idmap = %{version}-%{release} %description -n libsss_idmap-devel Utility library to SIDs to Unix uids and gids %package -n libipa_hbac Summary: FreeIPA HBAC Evaluator library Group: Development/Libraries License: LGPLv3+ Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig %description -n libipa_hbac Utility library to validate FreeIPA HBAC rules for authorization requests %package -n libipa_hbac-devel Summary: FreeIPA HBAC Evaluator library Group: Development/Libraries License: LGPLv3+ Requires: libipa_hbac = %{version}-%{release} %description -n libipa_hbac-devel Utility library to validate FreeIPA HBAC rules for authorization requests %package -n libipa_hbac-python Summary: Python bindings for the FreeIPA HBAC Evaluator library Group: Development/Libraries License: LGPLv3+ Requires: libipa_hbac = %{version}-%{release} %description -n libipa_hbac-python The libipa_hbac-python contains the bindings so that libipa_hbac can be used by Python applications. %package -n libsss_nss_idmap Summary: Library for SID based lookups Group: Development/Libraries License: LGPLv3+ Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig %description -n libsss_nss_idmap Utility library for SID based lookups %package -n libsss_nss_idmap-devel Summary: Library for SID based lookups Group: Development/Libraries License: LGPLv3+ Requires: libsss_nss_idmap = %{version}-%{release} %description -n libsss_nss_idmap-devel Utility library for SID based lookups %package -n libsss_nss_idmap-python Summary: Python bindings for libsss_nss_idmap Group: Development/Libraries License: LGPLv3+ Requires: libsss_nss_idmap = %{version}-%{release} %description -n libsss_nss_idmap-python The libsss_nss_idmap-python contains the bindings so that libsss_nss_idmap can be used by Python applications. %prep %setup -q -n %{name}-%{version} %build # RHEL 5 uses an old libtool, so we need to force it to reconfigure # This is safe to do on newer packages too, as it will just # gather the appropriate m4 files from the libtool package for i in libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 do find . -name $i -exec rm -f {} \; done autoreconf -ivf %configure \ --with-test-dir=/dev/shm \ --with-db-path=%{dbpath} \ --with-mcache-path=%{mcpath} \ --with-pipe-path=%{pipepath} \ --with-pubconf-path=%{pubconfpath} \ --with-init-dir=%{_initrddir} \ --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \ --enable-nsslibdir=/%{_lib} \ --enable-pammoddir=/%{_lib}/security \ --disable-static \ --disable-rpath \ %{?with_ccache} \ %{with_initscript} \ %{?experimental} make %{?_smp_mflags} all # Only build docs on recent distros %if 0%{?fedora} make %{?_smp_mflags} docs %endif %if 0%{?rhel} >= 6 make %{?_smp_mflags} docs %endif %check export CK_TIMEOUT_MULTIPLIER=10 make %{?_smp_mflags} check unset CK_TIMEOUT_MULTIPLIER %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT # Prepare language files /usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd # Prepare empty config file (needed for RHEL 5) mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd touch $RPM_BUILD_ROOT/%{_sysconfdir}/sssd/sssd.conf # Copy default logrotate file mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd # Make sure SSSD is able to run on read-only root mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd # Remove .la files created by libtool find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \; # Suppress developer-only documentation rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name} # Older versions of rpmbuild can only handle one -f option # So we need to append to the sssd*.lang file for file in `ls $RPM_BUILD_ROOT/%{python_sitelib}/*.egg-info 2> /dev/null` do echo %{python_sitelib}/`basename $file` >> python_sssdconfig.lang done touch sssd.lang touch sssd_tools.lang touch sssd_client.lang for provider in ldap krb5 ipa ad proxy do touch sssd_$provider.lang done for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"` do lang=`echo $man | cut -c 1-2` case `basename $man` in sss_cache*) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang ;; sss_*) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang ;; sssd_krb5_*) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang ;; pam_sss*) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang ;; sssd-ldap*) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang ;; sssd-krb5*) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang ;; sssd-ipa*) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang ;; sssd-ad*) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang ;; sssd-proxy*) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang ;; *) echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang ;; esac done # Old versions of rpmbuild require ghost files to be present in the buildroot mkdir -p $RPM_BUILD_ROOT/%{mcpath} touch $RPM_BUILD_ROOT/%{mcpath}/passwd touch $RPM_BUILD_ROOT/%{mcpath}/group %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %doc COPYING %files common -f sssd.lang %defattr(-,root,root,-) %doc COPYING %doc src/examples/sssd-example.conf %{_sbindir}/sssd %if (0%{?use_systemd} == 1) %{_unitdir}/sssd.service %else %{_initrddir}/%{name} %endif %dir %{_libexecdir}/%{servicename} %{_libexecdir}/%{servicename}/sssd_be %{_libexecdir}/%{servicename}/sssd_nss %{_libexecdir}/%{servicename}/sssd_pam %{_libexecdir}/%{servicename}/sssd_autofs %{_libexecdir}/%{servicename}/sssd_ssh %{_libexecdir}/%{servicename}/sssd_sudo %dir %{_libdir}/%{name} %{_libdir}/%{name}/libsss_simple.so #Internal shared libraries %{_libdir}/%{name}/libsss_child.so %{_libdir}/%{name}/libsss_crypt.so %{_libdir}/%{name}/libsss_debug.so %{_libdir}/%{name}/libsss_ldap_common.so %{_libdir}/%{name}/libsss_util.so # 3rd party application libraries %{_libdir}/sssd/modules/libsss_autofs.so %{_libdir}/libsss_sudo.so %{ldb_modulesdir}/memberof.so %{_bindir}/sss_ssh_authorizedkeys %{_bindir}/sss_ssh_knownhostsproxy %{_sbindir}/sss_cache %dir %{sssdstatedir} %dir %{_localstatedir}/cache/krb5rcache %attr(700,root,root) %dir %{dbpath} %attr(755,root,root) %dir %{mcpath} %ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/passwd %ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/group %attr(755,root,root) %dir %{pipepath} %attr(755,root,root) %dir %{pubconfpath} %attr(700,root,root) %dir %{pipepath}/private %attr(750,root,root) %dir %{_var}/log/%{name} %attr(711,root,root) %dir %{_sysconfdir}/sssd %ghost %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf %config(noreplace) %{_sysconfdir}/logrotate.d/sssd %config(noreplace) %{_sysconfdir}/rwtab.d/sssd %dir %{_datadir}/sssd %{_datadir}/sssd/sssd.api.conf %{_datadir}/sssd/sssd.api.d %{_mandir}/man5/sssd.conf.5* %{_mandir}/man5/sssd-simple.5* %{_mandir}/man5/sssd-sudo.5* %{_mandir}/man8/sssd.8* %{_mandir}/man8/sss_cache.8* %{_mandir}/man1/sss_ssh_authorizedkeys.1* %{_mandir}/man1/sss_ssh_knownhostsproxy.1* %{python_sitearch}/pysss.so %{python_sitearch}/pysss_murmur.so %files ldap -f sssd_ldap.lang %defattr(-,root,root,-) %doc COPYING %{_libdir}/%{name}/libsss_ldap.so %{_mandir}/man5/sssd-ldap.5* %files krb5-common %defattr(-,root,root,-) %doc COPYING %{_libdir}/%{name}/libsss_krb5_common.so %{_libexecdir}/%{servicename}/ldap_child %{_libexecdir}/%{servicename}/krb5_child %files krb5 -f sssd_krb5.lang %defattr(-,root,root,-) %doc COPYING %{_libdir}/%{name}/libsss_krb5.so %{_mandir}/man5/sssd-krb5.5* # RHEL 5 is too old to support the PAC responder %if !0%{?is_rhel5} %files common-pac %defattr(-,root,root,-) %doc COPYING %{_libexecdir}/%{servicename}/sssd_pac %endif %files ipa -f sssd_ipa.lang %defattr(-,root,root,-) %doc COPYING %attr(755,root,root) %dir %{pubconfpath}/krb5.include.d %{_libdir}/%{name}/libsss_ipa.so %{_mandir}/man5/sssd-ipa.5* %files ad -f sssd_ad.lang %defattr(-,root,root,-) %doc COPYING %{_libdir}/%{name}/libsss_ad.so %{_mandir}/man5/sssd-ad.5* %files proxy %defattr(-,root,root,-) %doc COPYING %{_libexecdir}/%{servicename}/proxy_child %{_libdir}/%{name}/libsss_proxy.so %files client -f sssd_client.lang %defattr(-,root,root,-) %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER /%{_lib}/libnss_sss.so.2 /%{_lib}/security/pam_sss.so %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so %if !0%{?is_rhel5} %{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so %endif %{_mandir}/man8/pam_sss.8* %{_mandir}/man8/sssd_krb5_locator_plugin.8* %files tools -f sssd_tools.lang %defattr(-,root,root,-) %doc COPYING %{_sbindir}/sss_useradd %{_sbindir}/sss_userdel %{_sbindir}/sss_usermod %{_sbindir}/sss_groupadd %{_sbindir}/sss_groupdel %{_sbindir}/sss_groupmod %{_sbindir}/sss_groupshow %{_sbindir}/sss_obfuscate %{_sbindir}/sss_debuglevel %{_sbindir}/sss_seed %{_mandir}/man8/sss_groupadd.8* %{_mandir}/man8/sss_groupdel.8* %{_mandir}/man8/sss_groupmod.8* %{_mandir}/man8/sss_groupshow.8* %{_mandir}/man8/sss_useradd.8* %{_mandir}/man8/sss_userdel.8* %{_mandir}/man8/sss_usermod.8* %{_mandir}/man8/sss_obfuscate.8* %{_mandir}/man8/sss_debuglevel.8* %{_mandir}/man8/sss_seed.8* %files -n python-sssdconfig -f python_sssdconfig.lang %defattr(-,root,root,-) %dir %{python_sitelib}/SSSDConfig %{python_sitelib}/SSSDConfig/*.py* %files -n libsss_idmap %defattr(-,root,root,-) %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER %{_libdir}/libsss_idmap.so.* %files -n libsss_idmap-devel %defattr(-,root,root,-) %if 0%{?fedora} %doc idmap_doc/html %endif %if 0%{?rhel} >= 6 %doc idmap_doc/html %endif %{_includedir}/sss_idmap.h %{_libdir}/libsss_idmap.so %{_libdir}/pkgconfig/sss_idmap.pc %files -n libipa_hbac %defattr(-,root,root,-) %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER %{_libdir}/libipa_hbac.so.* %files -n libipa_hbac-devel %defattr(-,root,root,-) %if 0%{?fedora} %doc hbac_doc/html %endif %if 0%{?rhel} >= 6 %doc hbac_doc/html %endif %{_includedir}/ipa_hbac.h %{_libdir}/libipa_hbac.so %{_libdir}/pkgconfig/ipa_hbac.pc %files -n libsss_nss_idmap %defattr(-,root,root,-) %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER %{_libdir}/libsss_nss_idmap.so.* %files -n libsss_nss_idmap-devel %defattr(-,root,root,-) %if 0%{?fedora} %doc nss_idmap_doc/html %endif %if 0%{?rhel} >= 6 %doc nss_idmap_doc/html %endif %{_includedir}/sss_nss_idmap.h %{_libdir}/libsss_nss_idmap.so %{_libdir}/pkgconfig/sss_nss_idmap.pc %files -n libsss_nss_idmap-python %defattr(-,root,root,-) %{python_sitearch}/pysss_nss_idmap.so %files -n libipa_hbac-python %defattr(-,root,root,-) %{python_sitearch}/pyhbac.so %if (0%{?use_systemd} == 1) # systemd %post common if [ $1 -eq 1 ] ; then # Initial installation /bin/systemctl daemon-reload >/dev/null 2>&1 || : fi %preun common if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable sssd.service > /dev/null 2>&1 || : /bin/systemctl stop sssd.service > /dev/null 2>&1 || : fi %postun common /bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall /bin/systemctl try-restart sssd.service >/dev/null 2>&1 || : fi %else # sysv %post common /sbin/chkconfig --add %{servicename} if [ $1 -ge 1 ] ; then /sbin/service %{servicename} condrestart 2>&1 > /dev/null fi %preun common if [ $1 = 0 ]; then /sbin/service %{servicename} stop 2>&1 > /dev/null /sbin/chkconfig --del %{servicename} fi %endif %post client -p /sbin/ldconfig %postun client -p /sbin/ldconfig %post -n libipa_hbac -p /sbin/ldconfig %postun -n libipa_hbac -p /sbin/ldconfig %post -n libsss_idmap -p /sbin/ldconfig %postun -n libsss_idmap -p /sbin/ldconfig %post -n libsss_nss_idmap -p /sbin/ldconfig %postun -n libsss_nss_idmap -p /sbin/ldconfig %changelog * Mon Mar 15 2010 Stephen Gallagher <sgallagh@redhat.com> - @PACKAGE_VERSION@-0@PRERELEASE_VERSION@ - Automated build of the SSSD �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/PaxHeaders.13173/po���������������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�014110� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.565874278 30 atime=1396955003.535843846 30 ctime=1396954962.565874278 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/�������������������������������������������������������������������������������������0000775�0024127�0024127�00000000000�12320753522�014414� 5����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/fr.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015300� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.347874439 30 atime=1396954962.347874439 30 ctime=1396954962.552874287 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/fr.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000131362�12320753522�015535� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ����\������!�����!�����!�����!�����!�����"�����-"�����C"��'���V"��1���~"��8���"�����"��&���#�� ���(#�����I#��7���a#�����#�����#�����#��3���#��*���$��B���J$��)���$��)���$��%���$�� ���%�����(%�����@%�����W%�����g%�����%��#���%��%���%�����%��#��� &�����1&�����K&�����h&�����&�����&�����&�����&��#���&��*���'��&���?'��;���f'��'���'��P���'��T���(��R���p(�����(�����(��#����)��!���$)�����F)��%���a)��(���)�����)��3���)��2���)��7���0*��A���h*��9���*��7���*��!���+�����>+�����+�����+��,���+�����),��0���<,�� ���m,�����y,��P���,��$���,��(���-�����1-��,���Q-��+���~-��.���-��2���-��,��� .��3���9.�����m.��#���.�� ���.�����.��"���.��6���.��$���3/��*���X/�����/��/���/�����/�����/��/��� 0��"���90��)���\0��!���0�����0�����0��,���0�� ���1����� 1�� ���1��6���+1�����b1�����w1�� ���1�����1�����1��*���1��)���1�����2����� 2�� ���;2�����\2�����|2�����2�����2�����2��R���2��U���"3��<���x3��B���3��G���3��F���@4��.���4��F���4��8���4��Z���65��E���5��;���5��7���6�����K6�����f6�� ���z6�����6��F���6�����6��4���6��4���&7��V���[7��;���7��0���7�� ���8��(���@8��'���i8��(���8��'���8��!���8�� ���9�����9�����-9�����C9�����\9�����t9�� ���9�����9�����9�����9�����:�����:�����=:�����L:�����d:��)���|:��*���:��:���:��%��� ;��*���2;��$���];��5���;��0���;��+���;��#���<�����9<��>���M<�����<��.���<��'���<�����=�� ���=����� =�����;=��&���J=�����q=��9���=�����=�����=��&���=��)���>��?���8>��<���x>��)���>��'���>�����?�� ���?�����-?�����G?��/���c?�����?��-���?��M���?��M���@��K���l@�����@��*���@��,���@��7���#A��(���[A��!���A�����A�����A�����A�����A����� B��0���"B�����SB�����oB��=���~B��A���B��?���B�����>C�����OC�����hC��+���C��(���C�� ���C�����C�� ���C��&���D��0���@D��*���qD�����D��(���D�����D��=���D��5���7E��1���mE�����E��"���E��$���E�����E��$���F�����AF��H���\F�����F��(���F�����F�����G�����G�����3G�� ���LG�����ZG��$���pG��7���G��7���G��%���H��0���+H�����\H��E���mH�����H��$���H�����H�����I�����!I��7���:I��&���rI��7���I�����I��.���I��&���J��!���7J��!���YJ��)���{J��$���J�����J�����J�����J�����K�����+K�����IK��3���`K��(���K��+���K��!���K����� L����� L�����8L�����PL��9���fL��I���L�����L�����M�����M�����.M�����KM�����iM�����M�����M�����M�����M��/���M�����$N�����9N��!���MN�����oN��2���N��<���N�����N��K��� O��X���VO��/���O��1���O�����P�����$P�����@P�����TP��.���hP��=���P��L���P��3���"Q��"���VQ��C���yQ��B���Q��8����R��/���9R��&���iR��%���R��.���R��.���R��;���S��>���PS��#���S��I���S��'���S��(���%T��'���NT��+���vT��*���T��!���T�� ���T��>���T��8���<U�����uU��7���U��3���U�����U�����V��2���V��%���QV��1���wV��5���V��/���V��'���W��5���7W�����mW��'���W��D���W�����W��(���X��@���*X��D���kX��E���X��i���X��8���`Y��D���Y��6���Y��A���Z�����WZ��;���wZ��=���Z��@���Z��A���2[��K���t[��>���[��T���[��C���T\��5���\�� ���\��B���\��'���2]�����Z]�����y]�����]�����]�����]��+���]��$���^��$���*^�����O^��$���n^�����^�����^�����^�����^�����^�����^�����_�����2_�����F_�����Z_��"���r_����_�����La�����Na�����ea��(���a�����a�����a�����a��+���a��1���#b��H���Ub��!���b��.���b��*���b�����c��<���3c��#���pc��!���c��!���c��?���c��?���d��J���Xd��,���d��2���d��+���e��(���/e�����Xe��-���we�����e��'���e��-���e��?���f��7���Nf��1���f��:���f��)���f��*���g��:���Hg��?���g��+���g��&���g�����h��:���6h��<���qh��h���h��K���i��;���ci��o���i��~���j�����j��9���k��:���Pk��>���k��8���k��/���l��<���3l��;���pl��"���l��?���l��K���m��N���[m��\���m��V���n��S���^n��3���n�����n�����o�� ���o��2���o�����o��E���p�����Xp��1���lp��`���p��/���p��8���/q��'���hq��H���q��A���q��3���r��=���Or��F���r��G���r��"���s��8���?s�� ���xs��"���s��#���s��U���s��7���!t��7���Yt��&���t��<���t��0���t��)���&u��7���Pu��(���u��&���u��#���u��)���u�����&v��E���Bv�� ���v�����v�� ���v��Q���v�����w�����w�� ���6w�����Dw�����[w��B���cw��+���w��'���w��(���w��'���#x��(���Kx�����tx��#���x��"���x�����x��a���x��d���Ky��r���y��[���#z��P���z��W���z��7���({��l���`{��4���{��x���|��n���{|��G���|��A���2}��!���t}�����}�� ���}�����}��P���}�����(~��B���@~��G���~��~���~��C���J��J�����3�����1��� ��1���?��3���q��7�����'���݀�������(��������=��"���X��!���{�������-����������'��� ��%���3��$���Y��&���~������������%���҂��9�����7���2��D���j��$�����/���ԃ��>�����F���C��2�����/�����+����������M���.��)���|��8�����1���߅�������'���'��.���O�� ���~��1����������O���ކ�����.�� ���N��1���o��6�����S���؇��T���,��6�����0�����!�������� ��"���!��(���D��H���m�������A���ω��g�����j���y��u��������Z��[���q��3���͋��F�����A���H��1�����"��������ߌ��'��������'��$���F��5���k������������F���ҍ��`�����I���z�����Ď��%���َ��)�����<���)��H���f�������&�����0�����<�����6���U��8��������Ő��7���ސ��(�����F���?��N�����H���Ց��#�����E���B��<�����!���Œ��,�����1�����H���F��&�����6������������� �����$��"���?�����b��#���s��&�����Z�����V�����7���p��R����������U��������g��&���������� ���Ŗ��$�����M��� ��8���Y��M�����%�����6�����B���=��&�����D�����-�����,��������G��!���f��"����������$���˙�������6�����7���G��6�����)�����%�����$�����%���+��1���Q��V�����S���ڛ��#���.�� ���R�����s�� �����$�����!���̜�������%�����$���4��&���Y��N��������ϝ�������9��������2��8���N��B��������ʞ��>�����@��� ��:���a��L����������$��������$�����;��>���Z��[�����P�����O���F��'�����Q�����X�����H���i��7�����0�����/�����4���K��9�����B�����D�����7���B��Z���z��=���դ��7�����;���K��9�����<�����8����� ���7��W���D��H����� �����D�����8���8�����q��.�����S�����;��� ��C���I��T�����J�����6���-��U���d�������0���֩��j��������r��0�����V�����T�����R���m��w�����=���8��\���v��A���Ӭ��N�����-���d��I�����@���ܭ��I�����K���g��Z�����?�����e���N��@�����<�����3���2��L���f��+��������߰���������� �����&�����E��&���V��#���}�� ��������±�� ���ݱ���������������'�����:�����P�����d�����|��������������������Ӳ�����Q����L���������'���t������������������������������q�����������������R���w���]������;��=���������"���������������������������A��� �����O���>������������������������g��%���(���5��s���h�����������,�������K�������������������P��B�����-��H���������*��������������������f��v�����%���������T���������y������|������������7��B���������������+�������������X����S������������������������������������`���1������D������U�����������"�����������������������9����������d��������Y����� ��w���������������]�����Y���J������m���x���v���z�����y���*������������o��N�������u���6���p���k������������������ �����������^����������������������<����-���4��l���P�����������M������/�������������G��K���������G���>��:������g���6������?�������{������$������}��������������N������������?�������!���������q����������������������������T���������n��������������������#������$���������}��d���U��������������������D��������������3���F����I���������������c���F���f���~���������{�����Q����������\�������������������c��2�������#�����������_��S������+�� �������������(������m����������.����o���@���������� ���J��s�����e������Z�������������:�����������E�������~������������������������ ����������)���.����������������E�������4������V������������������=����� �����������'��������k����� ���������Z�����;�������2����������z��V����������&���9�������������������@�����`���������������������������������<���i��I���������������C�������������������������������L���[���8���u������������X���������,��|����������������������!���j���������n��l�����������������������&��W������������������������������ ����������������b��A�����H��C��)��e������r��\����������������8����^���������0���M���5��� ���a���W���������������t��b������R������_���h����a��������� �����������/�������0��O��x�����i������p��������� ���7�������r������������j���[��������������������3��1������������� � %1$sIs a member of: � %1$sMember groups: �%1$s must be run as root �%1$s%2$sGroup: %3$s �%1$sGID number: %2$d �%1$sMember users: �, your cached password will expire at: �A group with the same name or GID already exists �A user or group with the same name or ID already exists �Access control provider�Active Directory backup server address�Active Directory client hostname�Active Directory domain�Active Directory primary group attribute for ID-mapping�Active Directory server address�Add debug timestamps�Address of backup IPA server�An error occurred, but no description can be found.�An open file descriptor for the debug logs�Attribute indicating that server side password policies are active�Attribute listing authorized PAM services�Attribute listing authorized server hosts�Authenticated with cached credentials�Authentication is denied until: �Authentication provider�Authentication timeout�Autofs provider�Automatic full refresh period�Automatic smart refresh period�Automounter map entry key attribute�Automounter map entry value attribute�Automounter map name attribute�Base DN for automounter map lookups�Base DN for group lookups�Base DN for netgroup lookups�Base DN for service lookups�Base DN for sudo rules lookups�Base DN for user lookups�Base for home directories�Become a daemon (default)�Cache credentials for offline login�Cannot create user's home directory: %1$s �Cannot create user's mail spool: %1$s �Cannot determine if the user was logged in on this platform�Cannot find group %1$s in local domain �Cannot find group %1$s in local domain, only groups in local domain are allowed �Cannot find group in local domain, modifying groups is allowed only in local domain �Cannot find user in local domain, modifying users is allowed only in local domain �Cannot get info about the user �Cannot remove homedir: %1$s �Cannot reset SELinux login context �Cannot set SELinux login context �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the group - domain full? �Could not allocate ID for the user - domain full? �Could not modify group - check if groupname is correct �Could not modify group - check if member group names are correct �Could not modify user - check if group names are correct �Could not modify user - user already member of groups? �Could not open available domains �Could not open domain %1$s. If the domain is a subdomain (trusted domain), use fully qualified name instead of --domain/-d parameter. �Couldn't invalidate %1$s�Couldn't invalidate %1$s %2$s�Create user's directory if it does not exist�Current Password: �DNS service name for LDAP password change server�Debug level�Default shell, /bin/bash�Directory on the filesystem where SSSD should store Kerberos replay cache files.�Directory to store credential caches�Disable Active Directory range retrieval�Disable the LDAP paging control�Display users/groups in fully-qualified form�Do not remove home directory and mail spool�Domain of the information provider (mandatory)�Domain to add to names without a domain component.�Don't include group members in group lookups�Enable DNS sites - location based service discovery�Enable credential validation�Enable enumerating all users/groups�Enables FAST�Enables enterprise principals�Enables principal canonicalization�Entry cache background update timeout length (seconds)�Entry cache timeout length (seconds)�Enumeration cache timeout length (seconds)�Error initializing the tools �Error initializing the tools - no local domain �Error looking up public keys �Error setting the locale �Error while checking if the user was logged in �File that contains CA certificates�File that contains the client certificate�File that contains the client key�Filter for user lookups�Follow LDAP referrals�Force removal of files not owned by the user�Full Name�GECOS attribute�GID attribute�Group %1$s is outside the defined ID range for domain �Group UUID attribute�Group member attribute�Group name�Group password�Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Groups to add this group to�Groups to add this user to�Groups to remove this group from�Groups to remove this user from�Home directory�Home directory attribute�Host identity provider�Host not specified �Hostnames and/or fully qualified domain names of this machine to filter sudo rules�How long (minutes) to deny login after offline_failed_login_attempts has been reached�How long to allow cached logins between online logins (days)�How long to keep cached entries after last successful login (days)�How long to retain a connection to the LDAP server before disconnecting�How long to wait for replies from DNS when resolving servers (seconds)�How long will be in-memory cache records valid�How many days before password expiration a warning should be displayed�How many failed logins attempts are allowed when offline�How many seconds to keep a host in the known_hosts file after its host keys were requested�How many seconds to keep identity information cached for PAM requests�How often should expired entries be refreshed in background�How often to periodically update the client's DNS entry�How to dereference aliases�IPA client hostname�IPA domain�IPA server address�IPv4 or IPv6 addresses or network of this machine to filter sudo rules�Identity provider�Idle time before automatic disconnection of a client�If DENY rules are present, either DENY_ALL or IGNORE�If a shell stored in central directory is allowed but not available, use this fallback�If set to false, host argument given by PAM will be ignored�Include microseconds in timestamps in debug logs�Include timestamps in debug logs�Internal error while parsing parameters �Internal error. Could not print group. �Internal error. Could not remove group. �Internal error. Could not remove user. �Invalid domain specified in FQDN �Invalid port �Invalidate all autofs maps�Invalidate all groups�Invalidate all netgroups�Invalidate all services�Invalidate all users�Invalidate particular autofs map�Invalidate particular group�Invalidate particular netgroup�Invalidate particular service�Invalidate particular user�Kerberos backup server address�Kerberos realm�Kerberos server address�Kerberos service keytab�Kill users' processes before removing him�LDAP filter to determine access privileges�Length of time between attempts to reconnect while offline�Length of time between cache cleanups�Length of time between enumeration updates�Length of time to attempt connection�Length of time to attempt synchronous LDAP operations�Length of time to wait for a enumeration request�Length of time to wait for a search request�Lifetime of TGT for LDAP connection�Lifetime of the TGT�List of UIDs or user names allowed to access the PAC responder�List of possible ciphers suites�Location of the keytab to validate credentials�Location of the user's credential cache�Lock the account�Login shell�Lower bound for ID-mapping�Magic Private �Maximum nesting level SSSd will follow�Maximum user ID�Member groups must be in the same domain as parent group �Minimum user ID�Modification time attribute�Modification time attribute for groups�Modification time attribute for netgroups�NSS request failed (%1$d). Entry might remain in memory cache. �Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set) �Name of the default domain for ID-mapping�Negative cache timeout length (seconds)�Netgroup UUID attribute�Netgroup name�Netgroup triple attribute�Netgroups members attribute�Never create user's directory, overrides config�New Password: �No cache object matched the specified search �No such group in local domain. Printing groups only allowed in local domain. �No such group in local domain. Removing groups only allowed in local domain. �No such user in local domain. Removing users only allowed in local domain. �Not enough memory �Not removing home dir - not owned by user �Number of IDs for each slice when ID-mapping�Number of times to attempt connection to Data Providers�Object class for automounter map entries�Object class for automounter maps�Object class for sudo rules�Objectclass for groups�Objectclass for netgroups�Objectclass for services�Objectclass for users�Only invalidate entries from a particular domain�Only one argument expected �Out of memory �Override GID value from the identity provider with this value�Override homedir value from the identity provider with this value�Override shell value from the identity provider with this value�PAM stack to use�Password change failed. �Password change provider�Password expired. Change your password now.�Password reset by root is not supported.�Password: �Passwords do not match�Path to CA certificate directory�Ping timeout before restarting service�Please select at least one object to invalidate �Policy to evaluate the password expiration�Primary GID attribute�Print indirect group members recursively�Print version number and exit�Printf-compatible format for displaying fully-qualified names�Privileged socket has wrong ownership or permissions.�Public socket has wrong ownership or permissions.�Reenter new Password: �Regex to parse username and domain�Remove home directory and mail spool�Renewable lifetime of the TGT�Require TLS certificate verification�Require TLS for ID lookups�Restrict or prefer a specific address family when performing DNS lookups�Run interactive (not a daemon)�SID of the default domain for ID-mapping�SSH public key attribute�SSSD Domains to start�SSSD Services to start�SSSD is not run by root.�SUDO provider�Scope of user lookups�Search base for HBAC related objects�Search base for object containing info about IPA domain�Search base for objects containing info about ID ranges�Selects the principal to use for FAST�Send the debug output to files instead of stderr�Server message: �Server where the change password service is running if not on the KDC�Service name attribute�Service name for DNS service lookups�Service port attribute�Service protocol attribute�Session-loading provider�Set lower boundary for allowed IDs from the LDAP server�Set the verbosity of the debug logging�Set upper boundary for allowed IDs from the LDAP server�Shell attribute�Shell to use if the provider does not list one�Should filtered users appear in groups�Show timestamps with microseconds�Specify a non-default config file�Specify an alternative skeleton directory�Specify debug level you want to set �Specify group to add �Specify group to add to �Specify group to delete �Specify group to modify �Specify group to remove from �Specify group to show �Specify the minimal SSF for LDAP sasl authorization�Specify the sasl authorization id to use�Specify the sasl authorization realm to use�Specify the sasl mechanism to use�Specify user to add �Specify user to delete �Specify user to modify �Store password hashes�Store password if offline for later online authentication�Substitute empty homedir value from the identity provider with this value�Sudo rule command attribute�Sudo rule host attribute�Sudo rule name�Sudo rule notafter attribute�Sudo rule notbefore attribute�Sudo rule option attribute�Sudo rule order attribute�Sudo rule runasgroup attribute�Sudo rule runasuser attribute�Sudo rule user attribute�System is offline, password change not possible�The GID of the group�The GID of the user�The SELinux user for user's login�The SSSD domain to use�The Schema Type in use on the LDAP server, rfc2307�The TTL to apply to the client's DNS entry after updating it�The UID of the user�The amount of time between lookups of the HBAC rules against the IPA server�The amount of time in seconds between lookups of the SELinux maps against the IPA server�The authentication token of the default bind DN�The automounter location this IPA client is using�The comment string�The debug level to run with�The default base DN�The default bind DN�The domain part of service discovery DNS query�The interface whose IP should be used for dynamic DNS updates�The list of shells that will be vetoed, and replaced with the fallback shell�The list of shells users are allowed to log in with�The name of the NSS library to use�The number of file descriptors that may be opened by this responder�The number of members that must be missing to trigger a full deref�The number of records to retrieve in a single LDAP query�The path to the proxy command must be absolute �The port to use to connect to the host�The post-delete command failed: %1$s �The selected GID is outside the allowed range �The selected UID is outside the allowed range �The type of the authentication token of the default bind DN�The value of the password field the NSS provider should return�Time between two checks for renewal�Timeout between three failed ping checks and forcibly killing the service�Timeout for messages sent over the SBUS�Transaction error. Could not add group. �Transaction error. Could not add user. �Transaction error. Could not modify group. �Transaction error. Could not modify user. �Treat usernames as case sensitive�UID attribute�URI of a backup LDAP server where password changes are allowed�URI of an LDAP server where password changes are allowed�UUID attribute�Unexpected error while looking for an error description�Unexpected format of the server credential message.�Unlock the account�Upper bound for ID-mapping�Use ID-mapping of objectSID instead of pre-set IDs�Use Kerberos auth for LDAP connection�Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups�Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups�Use autorid-compatible algorithm for ID-mapping�Use only the upper case for realm names�User %1$s is outside the defined ID range for domain �User not specified �User principal attribute (for Kerberos)�User's home directory already exists, not copying data from skeldir �Username attribute�Users that SSSD should explicitly ignore�WARNING: The user (uid %1$lu) was still logged in when deleted. �What kind of authentication should be used to perform the DNS update�What kind of messages are displayed to the user during authentication�Whether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bind�Whether the nsupdate utility should default to using TCP�Whether the provider should explicitly update the PTR record as well�Whether to automatically update the client's DNS entry�Whether to automatically update the client's DNS entry in FreeIPA�Whether to create kdcinfo files�Whether to evaluate the time-based attributes in sudo rules�Whether to filter rules by hostname, IP addresses and network�Whether to hash host names and addresses in the known_hosts file�Whether to include rules that contains netgroup in host attribute�Whether to include rules that contains regular expression in host attribute�Whether to look up canonical group name from cache if possible�Whether to update the ldap_user_shadow_last_change attribute after a password change�Which attributes shall be used to evaluate if an account is expired�Which rules should be used to evaluate access control�Write debug messages to logfiles�Your password has expired. You have %1$d grace login(s) remaining.�Your password will expire in %1$d %2$s.�accountExpires attribute of AD�entryUSN attribute�krbLastPwdChange attribute�krbPasswordExpiration attribute�lastUSN attribute�ldap_backup_uri, The URI of the LDAP server�ldap_uri, The URI of the LDAP server�loginAllowedTimeMap attribute of NDS�loginDisabled attribute of NDS�loginExpirationTime attribute of NDS�memberOf attribute�nsAccountLock attribute�objectSID attribute�shadowExpire attribute�shadowFlag attribute�shadowInactive attribute�shadowLastChange attribute�shadowMax attribute�shadowMin attribute�shadowWarning attribute�userAccountControl attribute of AD�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: Jérôme Fenal <jfenal@gmail.com> Language-Team: French (http://www.transifex.com/projects/p/fedora/language/fr/) Language: fr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n > 1); � � %1$s est membre de : � Groupes membres de %1$s : �%1$s doit être lancé en tant que root �%1$s%2$sGroup: %3$s �%1$s GID numéro : %2$d �Utilisateurs membres de %1$s :�, votre mot de passe en cache expirera à :�Un groupe avec le même nom ou GID existe déjà �Un utilisateur ou groupe avec le même nom ou identifiant existe déjà �Fournisseur de contrôle d'accès�Adresse du serveur Active Directory de secours�Nom de système du client Active Directory�Domaine Active Directory�Groupe primaire Active Directory pour la correspondance d'ID�Adresse du serveur Active Directory�Ajouter l'horodatage au débogage�Adresse du serveur IPA de secours�Une erreur est survenue mais aucune description n'est trouvée.�Un descripteur de fichier ouvert pour les journaux de débogage�Attribut indiquant que la stratégie de mot de passe du serveur est active�Attribut listant les services PAM autorisés�Attribut listant les systèmes serveurs autorisés�Authentifié avec les crédits mis en cache�L'authentification est refusée jusque :�Fournisseur d'authentification�Délai avant expiration de l'authentification�Fournisseur autofs�Périodicité de rafraichissement total�Périodicité de rafraichissement intelligent�Attribut de clé d'entrée pour la carte de montage automatique�Attribut de valeur pour la carte de montage automatique�Nom de l'attribut de carte de montage automatique�Base DN pour les requêtes de carte de montage automatique�DN de base pour les recherches de groupes�DN de base pour les recherches de netgroup�Nom de domaine (DN) de base pour les recherches de service�Nom de domaine (DN) de base pour les recherches de règles sudo�Base DN pour les recherches d'utilisateurs�Base pour les répertoires utilisateur�Devenir un démon (par défaut)�Mettre en cache les crédits pour une connexion hors-ligne�Impossible de créer le répertoire de l'utilisateur : %1$s �Impossible de créer le répertoire de réception des messages électroniques pour l'utilisateur : %1$s �Impossible de savoir si l'utilisateur était connecté sur cette plateforme�Impossible de trouver le groupe %1$s dans le domaine local �Impossible de trouver le groupe %1$s dans le domaine local, seuls les groupes du domaine local sont autorisés �Impossible de trouver le groupe dans le domaine local, la modification des groupes n'est autorisée que dans le domaine local �Impossible de trouver l'utilisateur dans le domaine local, la modification des utilisateurs n'est autorisée que dans le domaine local �Impossible de trouver les informations sur l'utilisateur �Impossible de supprimer le répertoire utilisateur : %1$s �Impossible de réinitialiser le contexte de connexion SELinux �Impossible de définir le contexte de connexion SELinux �Impossible de définir les valeurs par défaut �Liste, séparée par des virgules, d'utilisateurs autorisés�Liste, séparée par des virgules, d'utilisateurs interdits�Commande pour démarrer le service�Impossible d'allouer l'identifiant du groupe - domaine plein ? �L'identifiant de l'utilisateur ne peut pas être alloué - domaine plein ? �Impossible de modifier le groupe - vérifier que le nom du groupe est correct �Impossible de modifier le groupe - vérifier que les noms des groupes membres sont corrects �Impossible de modifier l'utilisateur - vérifiez que les noms de groupe sont corrects �Impossible de modifier l'utilisateur - l'utilisateur est déjà membre du groupe ? �Impossible d'ouvrir aucun des domaines disponibles �Impossible d'ouvrir le domaine %1$s. Si le domaine est un sous-domaine (domaine approuvé), utiliser le nom pleinement qualifié au lieu du paramètre --domain/-d. �Impossible d'invalider %1$s�Impossible d'invalider %1$s %2$s�Créer le repertoire utilisateur s'il n'existe pas�Mot de passe actuel : �Nom du service DNS pour le serveur de changement de mot de passe LDAP�Niveau de débogage�Interpréteur de commande par défaut : /bin/bash�Répertoire du système de fichiers où SSSD doit stocker les fichiers de relecture de Kerberos.�Répertoire pour stocker les caches de crédits�Désactiver la récupération de plage Active Directory.�Désactiver le contrôle des pages LDAP�Afficher les utilisateurs/groupes dans un format complétement qualifié�Ne pas supprimer le répertoire personnel et de gestion des mails�Domaine du fournisseur d'informations (obligatoire)�Domaine à ajouter aux noms sans composant de nom de domaine.�Ne pas inclure les membres des groupes dans les recherches de groupes.�Activer les sites DNS - découverte de service basée sur l'emplacement�Activer la validation des crédits�Activer l'énumération de tous les utilisateurs/groupes�Active FAST�Active les principals d'entreprise�Active la canonisation du principal�Délai d'attente de mise à jour en arrière-plan de l'entrée de cache (en secondes)�Durée de validité des entrées en cache (en secondes)�Délai d'attente du cache d'énumération (en secondes)�Erreur à l'initialisation des outils �Erreur à l'initialisation des outils - aucun domaine local �Erreur lors de la recherche des clés publiques �Erreur lors du paramétrage de la locale �Erreur en vérifiant si l'utilisateur était connecté �Fichier contenant les certificats des CA�Fichier contenant le certificat client�Fichier contenant la clé du client�Filtre pour les recherches d'utilisateurs�Suivre les référents LDAP�Forcer la suppression des fichiers n'appartenant pas à l'utilisateur�Nom complet�Attribut GECOS�Attribut GID�Le groupe %1$s est en dehors de la plage d'identifiants définie pour le domaine �Attribut d'UUID du groupe�Attribut membre du groupe�Nom du groupe�Mot de passe du groupe�Groupes�Les groupes doivent être dans le même domaine que l'utilisateur �Groupes que SSSD doit explicitement ignorer�Groupes auxquels ce groupe sera ajouté�Groupes auxquels ajouter cet utilisateur�Groupes desquels ce groupe sera retiré�Groupes auxquels enlever cet utilisateur�Répertoire utilisateur�Attribut de répertoire utilisateur�Fournisseur d'identité de l'hôte�Hôte non spécifié �Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour filtrer les règles sudo�Durée d'interdiction de connexion après que offline_failed_login_attempts est atteint (en minutes)�Délai pendant lequel les connexions utilisant le cache sont autorisées entre deux connexions en ligne (en jours)�Durée de validité des entrées en cache après la dernière connexion réussie (en jours)�Combien de temps conserver la connexion au serveur LDAP avant de se déconnecter�Délai d'attente des réponses du DNS lors de la résolution des serveurs (en secondes)�Durée de maintien en cache des enregistrements valides�Nombre de jours précédent l'expiration du mot de passe avant lesquels un avertissement doit être affiché�Nombre d'échecs de connexions hors-ligne autorisés�Le nombre de secondes pour garder un hôte dans le fichier known_hosts après que ses clés d'hôte ont été demandées�Durée en secondes pendant laquelle les informations d'identité sont gardées en cache pour les requêtes PAM�Fréquence de rafraîchissement en arrière plan des entrées expirées�Fréquence de mise à jour automatique de l'entrée DNS du client�Comment déréférencer les alias�Nom de système du client IPA�Domaine IPA�Adresse du serveur IPA�Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles sudo�Fournisseur d'identité�durée d'inactivité avant la déconnexion automatique d'un client�Si les règles DENY sont présentes, utiliser soit DENY_ALL soit IGNORE�Si un interpréteur de commandes stocké dans l'annuaire central est autorisé mais indisponible, utiliser à défaut celui-ci�Si mit à false, l’argument de l'hôte donné par PAM est ignoré�Ajouter les microsecondes pour l'horodatage dans les journaux de débogage�Ajouter l'horodatage dans les fichiers de débogage�Erreur interne lors de l'analyse des paramètres �Erreur interne. Impossible d'afficher le groupe. �Erreur interne. Impossible de supprimer le groupe. �Erreur interne. Impossible de supprimer l'utilisateur. �Domaine invalide définit dans le FQDN �Port invalide �Invalidation de toutes les cartes autofs�Invalider tous les groupes�Invalider tous les groupes réseau�Invalidation de tous les services�Invalider tous les utilisateurs�Invalidation d'une carte autofs particulière�Invalider un groupe particulier�Invalider un groupe réseau particulier�Invalidation d'un service particulier�Invalider un utilisateur spécifique�Adresse du serveur Kerberos de secours�Domaine Kerberos�Adresse du serveur Kerberos�Service du fichier keytab de Kerberos�Tuer les processus de l'utilisateur avant de le supprimer�Filtre LDAP pour déterminer les autorisations d'accès�Durée d'attente entre deux essais de reconnexion en mode hors-ligne�Durée entre les nettoyages de cache�Durée entre deux mises à jour d'énumération�Durée pendant laquelle il sera tenté d'établir la connexion�Durée pendant laquelle il sera tenté des opérations LDAP synchrones�Durée d'attente pour une requête d'énumération�Durée d'attente pour une requête de recherche�Durée de vie du TGT pour la connexion LDAP�Durée de vie du TGT�Listes des UID ou nom d'utilisateurs autorisés à accéder le répondeur PAC�Liste des suites de chiffrement possibles�Emplacement du fichier keytab de validation des crédits�Emplacement du cache de crédits de l'utilisateur�Verrouiller le compte�Interpréteur de commandes de connexion�Limite inférieure pour la correspondance d'ID�Magie privée�Niveau de récursion maximum que SSSd doit suivre�Identifiant utilisateur maximum�Les membres du groupe doivent être dans le même domaine que le groupe parent �Identifiant utilisateur minimum�Attribut de date de modification�Attribut de date de modification pour les groupes�Attribut date de modification pour les groupes réseau�Échec de requête NSS (%1$d). L'entrée peut persister dans le cache en mémoire. �Le nom « %1$s » ne semble pas être un FQDN (« %2$s = TRUE » est configuré) �Nom du domaine par défaut pour la correspondance d'ID�Délai d'attente du cache négatif (en secondes)�Attribut d'UUID du groupe réseau�Nom du groupe réseau�Attribut triplet du groupe réseau�Attribut des membres des groupes réseau�Ne jamais créer de répertoire utilisateur, outrepasse la configuration�Nouveau mot de passe : �Aucun object trouvé dans le cache pour la recherche spécifiée �Aucun groupe dans le domaine local. L'affichage des groupes n'est autorisé que dans le domaine local. �Aucun groupe dans le domaine local. La suppression de groupes n'est autorisée que dans le domaine local. �Aucun utilisateur dans le domaine local. La suppression des utilisateurs n'est autorisée que dans le domaine local. �Mémoire insuffisante �Le répertoire personnel n'est pas supprimé - l'utilisateur n'en est pas le propriétaire �Nombre d'ID par tranche pour la correspondance d'ID�Nombre d'essais pour tenter de se connecter au fournisseur de données�Classe objet pour l'entrée de référence de montage automatique�Classe objet pour la carte de montage automatique�Classe objet pour les règles sudo�Classe d'objet pour les groupes�Classe d'objet pour les groupes réseau�Classe objet pour les services�Classe d'objet pour les utilisateurs�N'invalider des entrées que d'un domaine spécifique�Un seul argument est attendu �Mémoire saturée �Écraser la valeur du GID du fournisseur d'identité avec cette valeur�Remplacer par cette valeur celle du répertoire personnel obtenu avec le fournisseur d'identité�Écraser le shell donné par le fournisseur d'identité avec cette valeur�Pile PAM à utiliser�Échec du changement de mot de passe.�Fournisseur de changement de mot de passe�Mot de passe expiré. Changez votre mot de passe maintenant.�La réinitialisation du mot de passe par root n'est pas prise en charge.�Mot de passe : �Les mots de passe ne correspondent pas�Chemin vers le répertoire de certificats des CA�Délai d'attente de réponse avant de redémarrer le service�Merci de sélectionner au moins un objet à invalider �Stratégie d'évaluation de l'expiration du mot de passe�Attribut de GID primaire�Afficher les membres du groupe indirects récursivement�Afficher le numéro de version et quitte�Format compatible printf d'affichage des noms complétement qualifiés�Le socket privilégié a de mauvaises permissions ou un mauvais propriétaire.�Le socket public a de mauvaises permissions ou un mauvais propriétaire.�Retaper le nouveau mot de passe : �Expression rationnelle d'analyse des noms d'utilisateur et de domaine�Suppression du répertoire personnel et de gestion des mails�Durée de vie renouvelable du TGT�Requiert une vérification de certificat TLS�TLS est requis pour les recherches d'identifiants�Restreindre ou préférer une famille d'adresses lors des recherches DNS�Fonctionner en interactif (non démon)�SID du domaine par défaut pour la correspondance d'ID�Attribut de clé public SSH�Domaines SSSD à démarrer�Services SSSD à démarrer�SSSD n'est pas démarré par root.�Fournisseur SUDO�Scope des recherches d'utilisateurs�Base de recherche pour les objets HBAC�Base de recherche pour l'objet contenant les informations de base à propos du domaine IPA�Base de recherche pour les objets contenant les informations à propos des plages d'ID�Sélectionne le principal pour être utilisé avec FAST�Envoyer la sortie de débogage vers un fichier plutôt que vers la sortie standard�Message du serveur : �Serveur où tourne le service de changement de mot de passe s'il n'est pas sur le KDC�Attribut de nom de service�Nom du service pour les recherches DNS�Attribut de port du service�Attribut de service du protocole�Fournisseur de chargement de session�Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP�Définir le niveau de détails de la sortie de débogage�Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP�Attribut d'interpréteur de commandes�Shell à utiliser si le fournisseur n'en propose aucun�Les utilisateurs filtrés doivent-ils apparaître dans les groupes�Afficher l'horodatage en microsecondes�Définir un fichier de configuration différent de celui par défaut�Spécifie un répertoire squelette alternatif�Définir le niveau de débogage à utiliser �Définir le groupe à ajouter �Définir le groupe à ajouter à �Spécifier le groupe à supprimer �Définir le groupe à modifier �Définir le groupe duquel supprimer �Définir le groupe à afficher �Spécifie le minimum SSF pour l'autorisation sasl LDAP�Spécifier l'identité d'authorisation SASL à utiliser�Spécifier le domaine d'authorisation SASL à utiliser�Spécifier le mécanisme SASL à utiliser�Définir l'utilisateur à ajouter à �Définir l'utilisateur à supprimer �Spécifier l'utilisateur à modifier �Stocker les sommes de contrôle des mots de passe�Stocker le mot de passe, si hors-ligne, pour une authentification ultérieure en ligne�Substitution de la valeur homedir vide du fournisseur d'identité avec cette valeur�Attribut de commande de règle sudo�Attribut hôte de la règle sudo�Règle de nom sudo�Attribut notafter de règle sudo�Attribut notbefore de la règle sudo�Attribut option de la règle sudo�Attribut d'ordre de règle sudo�Attribut runasgroup de la règle sudo�Attribut runasuser de la règle sudo�Attribut utilisateur de la règle sudo�Le système est hors-ligne, les modifications du mot de passe sont impossibles�Le GID du groupe�Le GID de l'utilisateur�L'utilisateur SELinux pour l'identifiant de l'utilisateur�Le domaine SSSD à utiliser�Le type de schéma utilisé sur le serveur LDAP, rfc2307�Le TTL à appliquer à l'entrée DNS du client après modification�L'UID de l'utilisateur�Délai entre les recherches de règles HBAC sur le serveur IPA�Délai entre les recherches de cartes SELinux sur le serveur IPA�Le jeton d'authentification du DN de connexion par défaut�L'emplacement de la carte de montage automatique utilisée par le client IPA�Phrase de commentaire�Le niveau de débogage utilisé avec�La base DN par défaut�Le DN de connexion par défaut�La partie domaine de la requête de découverte de service DNS�L'interface dont l'adresse IP doit être utilisée pour les mises à jour dynamiques du DNS�Liste des interpréteurs de commandes bannis et remplacés par celui par défaut�Liste des interpréteurs de commandes utilisateurs autorisés pour se connecter�Nom de la bibliothèque NSS à utiliser�Le nombre de descripteurs de fichiers qui peuvent être ouverts par ce répondeur�Nombre de membres qui doivent être manquants pour activer un déréférencement complet�Le nombre d'enregistrements à récupérer dans une requête LDAP unique�Le chemin vers la commande de proxy doit être absolue �Le port à utiliser pour se connecter à l'hôte�La commande post-suppression a échoué : %1$s �Le GID choisit est en dehors de la plage autorisée �L'UID sélectionné est en dehors de la plage autorisée �Le type de jeton d'authentification du DN de connexion par défaut�Valeur du champ de mot de passe que le fournisseur NSS doit renvoyer�Durée entre deux vérifications pour le renouvellement�Délai entre une série de trois ping en échec et une mort violente et forcée du service�Délai d'attente pour les messages à envoyer à travers SBUS�Erreur de transaction. Impossible d'ajouter le groupe. �Erreur de transaction. Impossible d'ajouter l'utilisateur. �Erreur de transaction. Impossible de modifier le groupe. �Erreur de transaction. Impossible de modifier l'utlisateur. �Considère les noms d'utilisateur comme casse dépendant�Attribut UID�URI d'un serveur LDAP de secours où sont autorisées les modifications de mot de passe�URI d'un serveur LDAP où les changements de mot de passe sont acceptés�Attribut UUID�Erreur inattendue lors de la recherche de la description de l'erreur�Le message du serveur de crédits a un format inattendu.�Déverrouiller le compte�Limite supérieure pour la correspondance d'ID�Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-établis�Utiliser l'authentification Kerberos pour la connexion LDAP�Utiliser LDAP_MATCHING_RULE_IN_CHAIN pour les recherches de groupes�Utiliser LDAP_MATCHING_RULE_IN_CHAIN pour les recherches de groupes d'initialisation�Utilisation d'un algorithme compatible autorid pour la correspondance d'ID�N'utiliser que des majuscules pour les noms de domaine�L'utilisateur %1$s est en dehors de la plage d'identifiants définie pour le domaine �Utilisateur non spécifié �Attribut d'utilisateur principal (pour Kerberos)�Le répertoire de l'utilisateur existe déjà, les données du répertoire squelette ne sont pas copiées �Attribut de nom d'utilisateur�Utilisateurs que SSSD doit explicitement ignorer�ATTENTION : l'utilisateur (uid %1$lu) était encore connecté lors de sa suppression. �Quel type d'authentification doit être utilisée pour effectuer la mise à jour DNS�Quels types de messages sont affichés à l'utilisateur pendant l'authentification�Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser le nom d'hôte pendant une connexion SASL ?�Selon que l'utilitaire nsupdate doit utiliser TCP par défaut�Selon que le fournisseur doit aussi ou non mettre à jour explicitement l'enregistrement PTR�Choisir de mettre à jour automatiquement l'entrée DNS du client�Choisir de mettre à jour automatiquement l'entrée DNS du client dans FreeIPA�Choisir de créer ou non les fichiers kdcinfo�Faut-il évaluer les attributs dépendants du temps dans les règles sudo�Filter ou non sur les noms de systèmes, adresses IP et réseaux�Condenser ou non les noms de systèmes et adresses du fichier known_hosts�Inclure ou non les règles qui contiennent un netgroup dans l'attribut host�Inclure ou non les règles qui contiennent une expression rationnelle dans l'attribut host�Rechercher le nom canonique du groupe dans le cache si possible�Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un changement de mot de passe�Quels attributs utiliser pour déterminer si un compte a expiré�Quelles règles utiliser pour évaluer le contrôle d'accès�Écrire les messages de débogage dans les journaux�Votre mot de passe a expiré. Il vous reste %1$d connexion(s) autorisée(s).�Votre mot de passe expirera dans %1$d %2$s.�Attribut AD accountExpires�attribut entryUSN�Attribut krbLastPwdChange�Attribut krbPasswordExpiration�attribut lastUSN�ldap_backup_uri, l'URI du serveur LDAP�ldap_uri, l'adresse du serveur LDAP�Attribut NDS loginAllowedTimeMap�Attribut NDS loginDisabled�Attribut NDS loginExpirationTime�Attribut memberOf�Attribut nsAccountLock�attribut objectSID�Attribut shadowExpire�Attribut shadowFlag�Attribut shadowInactive�Attribut shadowLastChange�Attribut shadowMax�Attribut shadowMin�Attribut shadowWarning�Attribut AD userAccountControl�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/bg.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015121� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954961.850874806 30 ctime=1396954962.529874304 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/bg.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000150146�12320753107�015352� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Valentin Laskov <laskov@festa.bg>, 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Bulgarian (http://www.transifex.com/projects/p/fedora/" "language/bg/)\n" "Language: bg\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "Задава ниво на подробност на debug лог записите" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "Включва час и дата в debug лога" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "Записва debug съобщенията в логфайлове" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "Ping изчакване преди рестарт на услугата" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "Команда за стартиране на услугата" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "Време за опити за връзка с Data Provider-и" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "SSSD услуги за стартиране" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "SSSD домейни за стартиране" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "Изчакване за съобщения, изпратени през SBUS" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "Regex за намиране на потребителско име и домейн" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "Printf-съвместим формат за изобразяване на пълно-квалифицирани имена" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "Потребители, които SSSD изрично трябва да игнорира" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "Групи, които SSSD изрично трябва да игнорира" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "Да се показват ли филтрираните потребители в групи" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "Стойността на полето парола, което NSS доставчикът трябва да върне" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "Колко дни да се позволява кеширано влизане между влизания онлайн" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "Колко неуспешни опита за влизане са разрешени, когато сме офлайн" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" "Колко време (в минути) да е забранено влизането, след достигане броя " "неуспешни опити за влизане, когато сме офлайн" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Доставчик на самоличност" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Доставчик на удостоверяване" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "Доставчик на контрол на достъп" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "Доставчик на смяна на парола" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "Минимално ID на потребител" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "Максимално ID на потребител" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "Кеширай идентификационни данни за офлайн влизане" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "Съхранявай хешове на пароли" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "Показвай потребители/групи в пълно -валифицирана форма" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "Ограничава или предпочита определена фамилия адреси при DNS търсения" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Колко дни да се пазят кешираните записи след последното успешно влизане" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" "Колко време да чакам за отговори от DNS при търсене на сървъри (секунди)" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "Частта Домейн от DNS заявката за откриване на услуга" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "Интерфейсът, чийто IP да се ползва за динамични DNS обновявания" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "IPA домейн" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "Адрес на IPA сървър" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "Име на хост на IPA клиент" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "Дали автоматично да се обновява клиентския DNS запис във FreeIPA" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Адрес на Kerberos сървър" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Kerberos област" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "Директория за съхранение на кеша за данни за удостоверяване" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "Местоположение на кеша за данни за удостоверяване на потребители" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "Местоположение на keytab за валидиране на данните за удостоверяване" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "Разреши проверката на данните за удостоверяване" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "Записва паролата ако е офлайн за по-късно удостоверяване" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "Сървърът, на който работи услугата за смяна на парола ако не е на KDC" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI на LDAP сървъра" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "Базовият DN по подразбиране" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Използваният тип схема на LDAP сървъра, rfc2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "Подразбиращият се bind DN" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "Продължителност на опитите за свързване" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Продължителност на опитите за синхронни LDAP операции" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "Продължителност на времето между опитите за връзка докато е офлайн" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "Файл, съдържащ CA сертификати" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "Път до директорията на CA сертификат" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "Изисква TLS проверка на сертификат" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "Задава за използване механизма sasl" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "Задаване на sasl authorization id за употреба" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "keytab на Kerberos услуга" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "Ползвай Kerberos auth за LDAP връзка" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "Следвай LDAP референциите" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "Продължителност на живот на TGT за LDAP връзка" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "Продължителност на време за изчакване на заявка за търсене" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "Продължителност на време между актуализации на изброяване" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "Изисква TLS за ИД справките" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "атрибут Потребителско име" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "атрибут UID" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "атрибут Първичен GID" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "атрибут GECOS" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "атрибут Домашна директория" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "атрибут Команден интерпретатор" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "атрибут UUID" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "атрибут User principal (за Kerberos)" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Пълно име" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "атрибут членНа" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "атрибут Момент на промяна" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "Политика за определяне срок на валидност на парола" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "LDAP филтър за определяне права на достъп" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "Списък разрешени потребители, разделени със запетая" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "Списък забранени потребители, разделени със запетая" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Подразбиращ се команден интерпретатор, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "Място за домашните директории" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "Продължава като демон (по подразбиране)" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "Интерактивна работа (а не като демон)" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "Задаване на друг (не подразбиращия се) конфиг файл" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "Ниво на debug" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "SSSD не е стартиран като root." #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "Възникнала е грешка, но не може да се намери описание." #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "Неочаквана грешка при търсене на описание на грешка" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "Паролите не съвпадат" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "Промяна на паролата от root не се поддържа." #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "Удостоверен с кеширани идентификационни данни" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr ", кешираната парола ще изтече на: " #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "Удостоверяването е забранено до: " #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "Системата е офлайн, промяна на паролата не е възможна" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "Промяната на паролата не успя." #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "Съобщение от сървъра:" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Нова парола:" #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Отново новата парола:" #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Парола:" #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Текуща парола:" #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "Паролата Ви е остаряла. Сменете я сега." #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "Нивото на debug записи при работа" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "Грешка при задаване локални настр.\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "UID на потребителя" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "Низ за коментар" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Домашна директория" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Команден интерпретатор" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Групи" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Създай, ако не съществува, директория на потребителя" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "Никога не създавай директория на потребителя, въпреки конфиг." #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "Задайте алтернативна skeleton директория" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "SELinux потребителят за влизането на потребителя" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "Задайте група, към която да го добавя\n" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "Задайте потребител за добавяне\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "Грешка при инициализирането на инструментите - няма локален домейн\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "Грешка при инициализирането на инструментите\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "В FQDN е зададен невалиден домейн\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "Вътрешна грешка при разбор на параметри\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "Групите трябва да са в същия домейн като потребителя\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "Не мога да задам стойностите по подразбиране\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "Зададеният UID е извън позволения обхват\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "Не мога да задам SELinux контекст за влизане\n" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "Не мога да получа инфо за потребителя\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "Домашната директория на потребителя вече съществува, няма да копирам данни " "от skeldir\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "Не можах да запазя ID за потребителя - домейнът ли е пълен?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "Потребител или група с такова име или ID вече съществува\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "Грешка в транзакцията. Не можах да добавя потребителя.\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "GID на групата" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "Задайте група за добавяне\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "Зададеният GID е извън позволения обхват\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "Група %1$s е извън дефинирания ID обхват за домейн\n" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "Потребител %1$s е извън дефинирания ID обхват за домейн\n" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "" ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/boldquot.sed��������������������������������������������������������0000644�0000000�0000000�00000000131�12320753476�016522� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954942.049889388 30 atime=1396954942.049889388 29 ctime=1396954962.52187431 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/boldquot.sed�������������������������������������������������������������������������0000644�0024127�0024127�00000000331�12320753476�016745� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������s/"\([^"]*\)"/“\1”/g s/`\([^`']*\)'/‘\1’/g s/ '\([^`']*\)' / ‘\1’ /g s/ '\([^`']*\)'$/ ‘\1’/g s/^'\([^`']*\)' /‘\1’ /g s/“”/""/g s/“/“/g s/”/”/g s/‘/‘/g s/’/’/g �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/stamp-po������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015650� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.516874314 30 atime=1396954962.516874314 30 ctime=1396954962.528874305 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/stamp-po�����������������������������������������������������������������������������0000664�0024127�0024127�00000000012�12320753522�016070� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������timestamp ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/nl.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015142� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954962.073874641 30 ctime=1396954962.538874298 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/nl.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000172715�12320753107�015401� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Geert Warrink <geert.warrink@onsnet.nu>, 2011-2013 # Nienke84, 2013 # Nienke84, 2013 # Richard E. van der Luit <nippur@fedoraproject.org>, 2012 # sgallagh <sgallagh@redhat.com>, 2011 # Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: Geert Warrink <geert.warrink@onsnet.nu>\n" "Language-Team: Dutch (http://www.transifex.com/projects/p/fedora/language/" "nl/)\n" "Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "Stel de verbositeit van de debug statements in" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "Neem tijdstempels op in de debug logs" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "Voeg microseconden aan tijdstempel is debug log" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "Schrijf debug berichten naar logbestanden" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "Ping timeout voordat service herstart is" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" "Time-out tussen drie mislukte ping checks en de service dwingend te stoppen " #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "Commando om service te starten" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "Aantal pogingen naar de Data Providers te verbinden" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" "Het aantal bestand descriptors die door deze beantwoorder geopend mogen " "worden" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "Duur van inactiviteit voor het automatisch loskoppelen van een cliënt" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "SSSD Services die gestart moeten worden" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "SSSD Domeinen die gestart moeten worden" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "Timeout voor berichten die over SBUS worden verzonden" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "Reguliere expressie om gebruikersnamen en domeinen te ontleden" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "Printf-compatibel formaat voor het tonen van namen in volledige vorm" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "Map in het bestandssysteem waarin SSSD Kerberos replay cache bestanden moet " "opslaan." #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "Domein toe te voegen aan namen zonder een domein component." #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "Enumeratie cache timeout duur (in seconden)" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "Entry cache achtergrond update timeout duur (in seconden)" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "Negatieve cache timeout duur (in seconden)" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "Gebruikers die SSSD expliciet dient te negeren" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "Groepen die SSSD expliciet dient te negeren" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "Dienen gefilterde gebruikers zichtbaar te zijn in groepen" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "De waarde van het wachtwoordveld die de NSS aanbieder terug moet geven" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" "Overschrijf homedir waarde van de identiteit aanbieder met deze waarde " #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" "Vervang lege persoonlijke map waarde van de eindentiteitsaanbieder met deze " "waarde" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "Overschrijf shell waarde van identiteit provider met deze waarde" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "De lijst van shells waarmee ingelogd kan worden" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" "De lijst van shells die verboden zijn, en vervangen door de fallback shell" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" "Als een shell opgeslagen in de centrale map toegestaan is, maar niet " "beschikbaar, gebruik dan deze" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "Te gebruiken shell als de aanbieder er geen aangeeft " #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "Hoe lang zullen cache records in het geheugen geldig blijven" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "Hoe lang zijn cached logins toegestaan tussen online logins (in dagen)" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "Hoe veel mislukte inlogpogingen zijn toegestaan in offline-modus" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" "Hoe lang (in minuten) logins weigeren nadat offline_failed_login_attempts is " "bereikt" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" "Welke boodschappen worden aan de gebruiker getoond tijdens authenticatie" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" "Hoeveel seconden moet de identiteit informatie in cache opgeslagen worden " "voor PAN aanvragen" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" "Hoeveel dagen voor het verlopen van het wachtwoord moet een waarschuwing " "getoond worden" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" "Of de tijd-gebaseerde attributen in sudo regels moeten worden geëvalueerd" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" "Moeten host namen en adressen gehashd worden in het known_hosts bestand" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" "Hoeveel seconden moet een host in het known_hosts bestand blijven nadat de " "host sleutels ervan werden aangevraagd" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" "Lijst met UID's of gebruikersnamen waarvoor toegang tot de PAC responder " "toegestaan is" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Identiteitaanbieder" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Authentiecatieaanbieder" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "Toegangscontroleaanbieder" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "Wachtwoordwijzigingsaanbieder" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "SUDO provider" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "Autofs provider" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "Session-loading provider" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "Host identity provider" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "Minimum gebruiker ID" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "Maximum gebruiker ID" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "Schakel enumeratie van alle gebruikers/groepen" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "Cache inloggegevens voor offline gebruik" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "Sla vingerafdrukken van wachtwoorden op" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "Laat gebruikers/groepen in volledige vorm zien" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "Neem groepsleden niet mee in groep zoekacties" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "Entry cache timeout duur (in seconden)" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Beperk of geef de voorkeur aan een specifieke adresfamilie wanneer er DNS-" "lookups uitgevoerd worden" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Hoe lang blijven gegevens opgeslagen na een succesvolle login (in dagen)" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" "Hoe lang te wachten op antwoord van de DSN bij het opzoeken van servers (in " "seconden)" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "Het domeingedeelte van DNS queries die service discovery uitvoeren" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "Overschrijf GID waarde van de identiteit aanbieder met deze waarde" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "Behandel gebruikersnamen als hoofdlettergevoelig" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "Hoe vaak moeten verlopen ingangen op de achtergrond ververst worden" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "Of de DNS ingang van de cliënt automatisch vernieuwd moet worden" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" "De TTL die toegepast moet worden op de DNS ingang van de cliënt na het " "vernieuwen hiervan" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "De adapter wiens IP-adres gebruikt moet worden voor het dynamisch bijwerken " "van de DNS" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "Hoe vaak de DNS ingang van de client periodiek vernieuwd moet worden" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "Of de provider ook de PTR record expliciet moet vernieuwen" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "Of het nsupdate hulpprogramma standaard TCP moet gebruiken" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" "Welke soort authenticatie moet gebruikt worden om de DNS vernieuwing uit te " "voeren" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 #, fuzzy msgid "How often should subdomains list be refreshed" msgstr "Hoe vaak moeten verlopen ingangen op de achtergrond ververst worden" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "IPA-domein" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "IPA-serveradres" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "Adres van back-up IPA server" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "IPA-clienthostname" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Of de DNS-gegevens van de client automatisch bijgewerkt moeten worden in " "FreeIPA" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "Zoek basis voor HBAC gerelateerde objecten" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "De tijdsduur tussen het opzoeken van HBAC regels voor de IPA server" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" "De tijdsduur in seconden tussen zoekopdrachten in de SELinux mappen voor de " "IPA server" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "Als DENY regels aanwezig zijn, dat DENY_ALL of IGNORE" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Als dit op false ingesteld is, wordt het host argument gegeven door PAM " "genegeerd" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "De automounter locatie die door deze IPA client wordt gebruikt" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "Zoek in base voor object die info over IPA domein bevat " #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "Zoek in base voor objecten die info over ID bereiken bevat" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "Zet DNS sites aan - locatie gebaseerde service ontdekking" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "Active Directory domein" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "Active Directory server adres" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "Active Directory back-up server adres" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "Active Directory cliënt hostnaam" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Kerberos-serveradres" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "Kerberos back-up server adres" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Kerberos-rijk" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "Authenticatie timeout" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "Moeten kdcinfo bestanden aangemaakt worden" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "Werkmap waar authenticatiegegevens opgeslagen worden" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "Locatie van de authenticatiecache van de gebruiker" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "Locatie van de keytab om authenticatiegegevens te valideren" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "Schakel authenticatiegegevensvalidatie in" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" "Sla het wachtwoord op indien offline voor later gebruik bij online " "authenticatie" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "Vernieuwbare levensduur van de TGT" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "Levensduur van de TGT" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "Tijd tussen twee checks voor vernieuwing" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "Zet FAST aan" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "Selecteert de hoofdpersoon te gebruiken voor FAST " #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "Zet hoofdpersoon sanctioneren aan" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "Zet enterprise principals aan" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Server waar het wachtwoord wijzigingsservice draait indien niet op de KDC" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, de URI van de LDAP server" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, De URI van de LDAP server" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "De standaard base DN" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Het schema type wat gebruikt wordt op de LDAP server, rfc2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "De standaard bind DN" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "Het type authenticatietoken van de standaard bind DN" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "Het authenticatietoken van de standaard bind DN" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "Hoe lang pogen te verbinden" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Hoe lang proberen synchroon LDAP te benaderen" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Duur tussen pogingen om de verbinding opnieuw tot stand te brengen tijdens " "offline zijn" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "Gebruik alleen hoofdletters voor gebiedsnamen" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "Bestand dat de bekende CA-certificaten bevat" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "Pad naar de CA-certificatenmap" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "Bestand dat het client certificaat bevat" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "Bestand dat de client sleutel bevat" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "Lijst van mogelijke sleutel suites" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "Vereis verificatie van het TLS-certificaat" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "Geef het SASL-mechanisme op wat gebruikt moet worden" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "Geef het SASL-authorisatie-ID op wat gebruikt moet worden" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "Specificeer het te gebruiken sasl autorisatiegebied " #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "Kerberos service keytab" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "Gebruik Kerberos authenticatie voor LDAP-connectie" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "Volg LDAP-doorverwijzingen" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "Levensduur van TGT voor LDAP-connectie" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "Hoe moet de alias referentie verwijderd worden" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "Service naam voor DNS service opzoeken" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" "Het aantal records dat opgehaald moet worden met een enkele LDAP bevraging" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "Het aantal leden van moet ontbreken om een volledige de-referentie te " "veroorzaken" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" "Moet de LDAP bibliotheek omgekeerd opzoeken uitvoeren om de hostnaam te " "autoriseren tijdens een SASL binding" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "entryUSN attribuut" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "lastUSN attribuut" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" "Hoe lang een verbinding met de LDAP server gebouden moet blijven voordat het " "losgekoppeld wordt" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "Het LDAP paging besturingselement uitschakelen" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "Zet Active Directory bereik opvragen uit" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "Tijd om te wachten op een zoekopdracht" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "Tijdsduur te wachten voor een opsommingsverzoek" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "Tijd om te wachten tussen enumeratie-updates" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "Tijdsduur tussen cache opschoningen" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "Vereis TLS voor het opzoeken van ID's" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "Gebruik ID-mapping van objectSID gebruiken in plaats van pre-set ID's" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "Base DN voor het opzoeken van gebruikers" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "Scope voor het opzoeken van gebruikers" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "Filter voor het opzoeken van gebruikers" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "Objectclass voor gebruikers" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "Username-attribuut" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "UID-attribuut" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "Primair GID-attribuut" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "GECOS-attribuut" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "Gebruikersmap-attribuut" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "Shell-attribuut" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "UUID-attribuut" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "objectSID attribuut" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "Active Directory primaire groep attribuut voor ID-mapping" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "Userprincipal-attribuut (voor Kerberos)" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Volledige naam" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "memberOf-attribuut" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "Modification time-attribuut" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "shadowLastChange attribuut" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "shadowMin attribuut" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "shadowMax attribuut" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "shadowWarning attribuut" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "shadowInactive attribuut" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "shadowExpire attribuut" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "shadowFlag attribuut" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "Attribuut voor tonen van geautoriseerde PAM services" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "Attribuut dat geautoriseerde server hosts toont" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange attribuut" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration attribuut" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "Attribuut welke aangeeft dat wachtwoordtactiek op de server actief is" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "accountExpires attribuut van AD" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "userAccountControl attribuut van AD" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "nsAccountLock attribuut" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "loginDisabled attribuut van NDS" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "loginExpirationTime attribuut van NDS" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "loginAllowedTimeMap attribuut van NDS" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "SSH publieke sleutel attribuut" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "Basis DN voor groep opzoeken" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "Objectklasse voor groepen" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "Groepsnaam" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "Groep wachtwoord" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "GID attribuut" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "Groep deelnemer attribuut" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "Groep UUID attribuut" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "Verandertijd attribuut voor groepen" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "Maximale nest niveau dat SSSd zal volgen" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "Basis DN voor netgroep opzoeken" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "Objectklasse voor netgroepen" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "Netgroep naam" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "Netgroep leden attribuut" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "Netgroep triple attibuut" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "Netgroep UUID attibuut" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "Verandertijd attribuut voor netgroepen" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "Basis DN voor service lookups" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "Objectclass voor services" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "Service naam attribuut" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "Service port attribuut" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "Service protocol attribuut" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "Ondergrens voor ID-mapping" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "Bovengrens voor ID-mapping" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "Aantal ID's voor elk segment bij ID-mapping" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "Gebruik autorid-compatibel algoritme voor ID-mapping" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "Naam van het standaard domein voor ID-mapping" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "SID van het standaard domein voor ID-mapping" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "Gebruik LDAP_MATCHING_RULE_IN_CHAIN voor groep opzoeken" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "Gebruik LDAP_MATCHING_RULE_IN_CHAIN voor initgroep opzoeken" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "Laagste grens instellen voor toegestane id's van de LDAP-server" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "Hoogste grens instellen voor toegestane id's van de LDAP-server" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "Policy om wacthwoordverloop mee te evalueren" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "LDAP-filter om toegangsprivileges mee te bepalen" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Welke attributen worden gebruikt voor evaluatie als het account verlopen is" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" "Welke regels moeten gebruikt worden voor de evaluatie van toegangscontrole" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" "URI van een LDAP server waarop wachtwoord veranderingen toegestaan zijn" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" "URI van een back-up LDAP server waar wachtwoord veranderingen toegestaan zijn" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "DNS service naam voor LDAP wachtwoord verander server" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" "Moet het ldap_user_shadow_last_change attribuut vernieuwd worden na een " "wachtwoordwijziging" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "Basis DN voor sudo regels lookups" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "Automatische volledige ververs periode" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "Automatische slimme ververs periode" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "Moeten regels gefilterd worden volgens hostnaam, IP adres en netwerk" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" "Hostnamen en/of volledig gekwalificeerde domeinnamen van deze machine voor " "het filteren van sudo regels" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "IPv4 of IPv6 adressen of netwerk van deze machine voor het filteren van sudo " "regels" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Moeten regels toegevoegd worden die netgroep bevatten in host attribuut " #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Moeten regels toegevoegd worden die regulaire expressie bevatten in host " "attribuut " #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "Objectklasse voor sudo regels" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "Sudo regelnaam" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "Sudo regel opdracht attribuut" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "Sudo regel host attribuut" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "Sudo regel gebruiker attribuut" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "Sudo regel optie attribuut" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "Sudo regel runasuser attribuut" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "Sudo regel runasgroup attribuut" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "Sudo regel notbefore attribuut" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "Sudo regel notafter attribuut" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "Sudo regel volgorde attribuut" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "Object class voor automounter maps" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "Automounter map naam attribuut" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "Objectklasse voor automounter map ingaven" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "Automounter map sleutel ingave attribuut" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "Automounter map ingavewaarde attribuut" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "Basis DN voor automounter kaart opzoeken" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "Kommagescheiden lijst van toegestane gebruikers" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "Kommagescheiden lijst van geweigerde gebruikers" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Standaard shell, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "Basis voor gebruikersmappen" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "De naam van de NSS-bibliotheek die gebruikt wordt" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "Moet indien mogelijk canonieke groepsnaam in cache opgezocht worden " #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "PAM-stack die gebruikt wordt" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "Start in de achtergrond (standaard)" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "Start interactief (standaard)" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "Geef een niet-standaard configuratiebestand op" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "Print versie nummer en sluit af" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "Debug niveau" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "Voeg tijdstempels toe aan debugberichten" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "Toon tijdstempel met microseconden" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "Een geopend bestand voor de debug logs" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "Domein voor de informatie provider (verplicht)" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "Socket met privileges heeft verkeerde rechten of eigendom." #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "Publiek socket heeft verkeerde rechten of eigendom." #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "Onverwacht formaat van het inloggegevensbericht van de server." #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "SSSD wordt niet door root gestart." #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" "Er is een fout opgetreden, maar er kan geen omschrijving gevonden worden." #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "Onverwachtte fout bij het opzoeken van een omschrijving" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "Wachtwoorden komen niet overeen" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "Wachtwoorden als root wijzigen wordt niet ondersteund." #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "Geauthenticeerd met gecachte inloggegevens." #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr ", uw wachtwoord verloopt op:" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" "Je wachtwoord is verlopen. Je hebt nog slechts %1$d login(s) beschikbaar." #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Je wachtwoord zal verlopen in %1$d %2$s." #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "Inloggen wordt geweigerd tot:" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "Systeem is offline, wachtwoord wijzigen niet mogelijk" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "Wijzigen van wachtwoord mislukt." #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "Serverbericht:" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Nieuw Wachtwoord: " #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Voer nieuw wachtwoord nogmaals in: " #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Wachtwoord: " #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Huidig wachtwoord:" #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "Wachtwoord verlopen. Verander nu uw wachtwoord." #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "Het debugniveau waarmee gestart wordt" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "Hrt te gebruiken SSSD domein" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "Fout bij het zetten van de locale\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "Niet genoeg geheugen\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "Gebruiker niet gespecificeerd\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "Fout bij het opzoeken van publieke sleutels\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "De te gebruiken poort voor het verbinden met de host" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "Ongeldige poort\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "Host niet gespecificeerd\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "Het pad naar het proxy commando moet absoluut zijn\n" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "Het UID van de gebruiker" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "Het commentaar" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Gebruikersmap" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Login shell" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Groepen" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Maak gebruikersmap aan als deze niet bestaat" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "Maak nooit gebruikersmappen aan, overschrijft de configuratiewaarde" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "Geef een alternatieve voorbeeldmap" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "De SELinux-gebruiker voor de login van de gebruiker" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "Geef group op om toe te voegen\n" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "Geef gebruiker op om toe te voegen\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "Fout bij de initialisatie van de tools - geen lokaal domein\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "Fout bij de initialisatie van de tools\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "Verkeerd domein gespecificeerd in de FQDN\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "Interne fout bij het verwerken van de parameters\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "" "De groepen moeten zich in het zelfde domein als de gebruiker bevinden\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" "Kan groep %1$s niet in lokale domein vinden\n" "\n" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "Kan de standaardwaarden niet zetten\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "De geselecteerde UID valt buiten het toegestane bereik\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "Kan de SELinux login context niet zetten\n" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "Kan geen informatie ophalen over de gebruiker\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "De gebruikersmap bestaat reeds, voorbeeldmap niet gekopieerd\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "Kan persoonlijk map voor gebruiker niet aanmaken: %1$s\n" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "Kan mail spool voor gebruiker niet aanmaken: %1$s\n" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "Kan geen ID vinden voor de gebruiker - zit het domein vol?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "Een gebruiker of groep met een zelfde naam of ID bestaat reeds\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "Transactiefout. Kan de gebruiker niet toevoegen\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "De GID van de groep" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "Geef groep op om toe te voegen\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "De geselecteerde GID valt buiten het toegestane bereik\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "Kan geen ID vinden voor de groep - zit het domein vol?\n" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "Een groep met een zelfde naam of GID bestaat reeds\n" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "Transactiefout. Kan de groep niet toevoegen\n" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "Geef groep op om te verwijderen\n" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "Groep %1$s ligt buiten het gedefinieerde ID gebied voor domein\n" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" "NSS verzoek mislukte (%1$d). Ingang blijft misschien in de geheugencache.\n" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" "Groep niet gevonden in lokaal domein. Verwijderen van groepen is alleen " "toegestaan in lokaal domein.\n" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "Interne fout. Kan de groep niet verwijden.\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "Groepen waar deze groep aan toe te voegen" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "Groepen om deze groep uit te verwijderen" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "Specificeer de groep waaruit verwijderd moet worden\n" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "Specificeer de groep die aangepast moet worden\n" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" "Groep niet gevonden in lokaal domein, aanpassen van groepen is alleen " "toegestaan in lokaal domein.\n" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" "Lidmaatschappen moeten in het zelfde domein vallen als de daarboven liggende " "groep\n" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" "Kan groep %1$s niet in lokale domein vinden, alleen groepen in lokale domein " "zijn toegestaan\n" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" "Kan de groep niet aanpassen - controleer of de namen van de lidmaatschappen " "correct zijn\n" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" "Kan de groep niet aanpassen - controleer of de naam van de groep correct is\n" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "Transactiefout. Kan de groep niet aanpassen.\n" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "%1$s%2$sGroep: %3$s\n" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "Magic Private " #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "%1$sGID nummer: %2$d\n" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "%1$sLid gebruikers: " #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" "\n" "%1$sIs lid van: " #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" "\n" "%1$sLid groepen: " #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "Geef indirecte groepslidmaatschappen recursief weer" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "Specificeer de te tonen groep\n" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" "Groep bestaat niet in het lokale domein. Weergave van groepen is alleen " "toegestaan in het lokale domein.\n" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "Interne fout. Kan de groep niet weergeven.\n" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "Verwijder gebruikersmap en postbestand" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "Verwijder gebruikersmap en postbestand niet" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "" "Forceer het verwijderen van bestanden die niet aan de gebruiker toebehoren" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" "Kill de processen van de gebruiker voordat de gebruiker verwijderd wordt" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "Specificeer de te verwijderen gebruiker\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "Gebruiker %1$s ligt buiten het gedefinieerde ID bereik voor domein\n" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "Kan de SELinux logincontext niet herstellen\n" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" "WAARSCHUWING: De gebruiker (uid %1$lu) was nog ingelogd bij het " "verwijderen.\n" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "Kan niet bepalen of de gebruiker was ingelogd op dit platform" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "Fout bij het controleren of de gebruiker was ingelogd\n" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "Het post-verwijder commando mislukte: %1$s\n" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" "De gebruikersmap wordt niet verwijderd - de gebruiker is geen eigenaar\n" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "Kan persoonlijke map niet verwijderen: %1$s\n" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" "Gebruiker bestaat niet in het lokale domein. Het verwijderen van gebruikers " "is alleen in het lokale domein toegestaan.\n" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "Interne fout. Kan de gebruiker niet verwijderen.\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "De GID van de gebruiker" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "Groepen waar deze gebruiker aan wordt toegevoegd" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "Groepen waar deze gebruiker uit wordt verwijderd" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Bevries het account" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Heractiveer het account" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "Geef de gebruiker op die aangepast moet worden\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" "Kan de gebruiker niet vinden in het lokale domein, het aanpassen van " "gebruikers is alleen toegestaan in het lokale domein\n" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" "Kan de gebruiker niet aanpassen - controleer of de groepsnamen correct zijn\n" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" "Kan de gebruiker niet aanpassen - is de gebruiker reeds lid van de groepen?\n" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "Transactiefout. Kan de gebruiker niet aanpassen.\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" "Geen enkel cache object komt overeen met de gespecificeerde zoekopdracht\n" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "Kon %1$s niet ongeldig maken" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "Kon %1$s %2$s niet ongeldig maken" #: src/tools/sss_cache.c:542 #, fuzzy msgid "Invalidate all cached entries except for sudo rules" msgstr "Maak in de cache alle ingangen, behalve sudo regels, ongeldig" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "Maak bepaalde gebruiker ongeldig" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "Maak alle gebruikers ongeldig" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "Maak bepaalde groep ongeldig" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "Maak alle groepen ongeldig" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "Maak bepaalde netgroep ongeldig" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "Maak alle netgroepen ongeldig" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "Maak bepaalde service ongeldig " #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "Maak alle services ongeldig" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "Maak bepaalde autofs map ongeldig" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "Maak alle autofs mappen ongeldig" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "Maak alleen ingangen van een bepaald domein ongeldig" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "Selecteer tenminste een object om ongeldig te maken\n" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" "Kon domein %1$s niet openen. Als het domein een subdomein (vertrouwd domein) " "is, gebruik dan de volledig gekwalificeerde naam in plaats van --domain/-d " "parameter.\n" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "Kon beschikbare domeinen niet openen\n" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "\n" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "Specificeer het debug niveau dat je wilt instellen\n" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "Er wordt slechts een argument verwacht\n" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "Naam '%1$s' lijkt geen FQDN ('%2$s = TRUE' is ingesteld) te zijn\n" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "Het geheugen zit vol\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "%1$s moet als root uitgevoerd worden\n" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "Stuur de debuguitvoer naar bestanden in plaats van stderr" ���������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/nb.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015130� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954962.053874656 30 ctime=1396954962.537874299 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/nb.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000126616�12320753107�015366� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Kjartan Maraas <kmaraas@gnome.org>, 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/fedora/" "language/nb/)\n" "Language: nb\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "SSSD-tjenester som skal startes" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "SSSD-domener som skal startes" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "Tidsavbrudd for meldinger som sendes over SBUS" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Identitetstilbyder" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Autentiseringstilbyder" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "Tilgangskontrolltilbyder" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "Passordbyttetilbyder" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "Minste bruker-ID" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "Største bruker-ID" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "IPA-domene" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "IPA-tjeneradresse" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "Vertsnavn for IPA-klient" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Tjeneradresse for Kerberos" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Kerberos-område" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "Tidsavbrudd for autentisering" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "" #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr "" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "" #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "" #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "" #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "" #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "" #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "" ������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/zh_CN.po������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015532� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954962.255874507 30 ctime=1396954962.547874291 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/zh_CN.po�����������������������������������������������������������������������������0000664�0024127�0024127�00000126431�12320753107�015763� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Christopher Meng <cickumqt@gmail.com>, 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/fedora/" "language/zh_CN/)\n" "Language: zh_CN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "设定调试日志记录等级" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "在调试日志中包含时间戳" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "写入调试信息到日志文件" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "启动服务命令" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "保存密码哈希值" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "IPA 服务器地址" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "IPA 备份服务器地址" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Kerberos 服务器地址" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "验证超时" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "" #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr "" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "" #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "" #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "" #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "" #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "" #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "无效端口\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "" ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/tg.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015143� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954962.190874555 30 ctime=1396954962.544874293 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/tg.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000126354�12320753107�015400� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Tajik (http://www.transifex.com/projects/p/fedora/language/" "tg/)\n" "Language: tg\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "Номи гурӯҳ" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "Пароли гурӯҳ" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "Аттрибути GID" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "" #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "Паролҳо номувофиқанд" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr "" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "" #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Пароли нав:" #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "" #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Парол:" #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "" #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Гуруҳҳо" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Ҳисобро қулф кунед" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Ҳисобро кушоед" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "Берун аз хотира\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "" ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/POTFILES.in���������������������������������������������������������0000644�0000000�0000000�00000000073�12320753107�015745� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954961.14087533 30 ctime=1396954962.526874307 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/POTFILES.in��������������������������������������������������������������������������0000664�0024127�0024127�00000001407�12320753107�016172� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# List of source files which contain translatable strings. src/confdb/confdb_setup.c src/config/SSSDConfig/__init__.py.in src/monitor/monitor.c src/providers/krb5/krb5_child.c src/providers/ldap/ldap_child.c src/providers/data_provider_be.c src/sss_client/common.c src/sss_client/nss_group.c src/sss_client/nss_passwd.c src/sss_client/pam_sss.c src/sss_client/pam_test_client.c src/sss_client/ssh/sss_ssh_authorizedkeys.c src/sss_client/ssh/sss_ssh_knownhostsproxy.c src/tools/sss_useradd.c src/tools/sss_groupadd.c src/tools/sss_groupdel.c src/tools/sss_groupmod.c src/tools/sss_groupshow.c src/tools/sss_useradd.c src/tools/sss_userdel.c src/tools/sss_usermod.c src/tools/sss_cache.c src/tools/sss_debuglevel.c src/tools/tools_util.c src/tools/tools_util.h src/util/util.h ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/pt.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015314� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.436874373 30 atime=1396954962.436874373 30 ctime=1396954962.559874282 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/pt.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000043655�12320753522�015560� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ��������'�����1�����8��� �����D�����\��*���q���������������������������#�����;���<��T���x��R�������� ��#���@��!���d�������%�����(����������3��� ��2���=��7���p��A�����9�����7���$��,���\������� ����������$�����,�����+�����.���?�����n��#�����6�����$�����*��� �����6��/���T�������/�����"������������� ��,����� ���L�����V�����f��*���m��)��������������� �������������:�����I��U���b��<�����B�����8���8�����q�� ��������������� �����(�����'�����(���'��'���P��!���x�����������������)�����:�����*���>��$���i��5�����+�����.�����'��������G�� ���X�����d�����s��9���������������'�����/��������A��M���P��M�����K�����*���8��7���c���������������������������+����� ���/�����:�� ���Q��&���r��*����������(�����=��������A��"���X��$���{��$����������H��������) �����H �����^ �����u ��0��� ����� ��E��� ��&���!�����:!��&���J!��!���q!��)���!�����!�����!�����!�����"��(���"��!���E"�����g"�����|"�����"�����"��/���"�����"�����#��!���#��2���=#�����p#��/���#�����#�����#�����#�����#��"��� $��.���.$��.���]$��;���$��>���$��'���%��(���/%��'���X%��+���%��*���%�� ���%�����%�����%��%���&��'���-&��D���U&�����&��(���&�� ���&��$���&�����'����/'��1���(��,���)��9���E)�� ���)�����)��?���)������*��&���*��%���D*��(���j*��!���*��=���*��Q���*��d���E+��o���+��3���,��?���N,��=���,��(���,��9���,��>���/-�����n-��7���-��<���-��J���.��Q���L.��N���.��F���.��8���4/�����m/�����|/�����/��3���/��0���/��-���0��5���D0��"���z0��5���0��?���0�����1��,���01��#���]1��@���1��*���1��5���1��'���#2��&���K2�����r2��@���2�� ���2�����2�����2��?���2��.���03�� ���_3��%���3��!���3��#���3�� ���3�����3��a���4��\���v4��c���4��O���75�����5�� ���5�����5�����5��/���5��&���6��)���>6��(���h6��-���6��(���6�����6�����6��$���7��2���;7��B���n7��7���7��'���7��7���8��)���I8��C���s8��6���8�����8�����8�����9�����9��;���.9�����j9�����9��%���9��H���9�� ���:��_���:��[���:��f���:��:���B;��@���};�����;�����;�����;�����<��"���!<��*���D<�����o<�����w<��,���<��:���<��,���<�����"=��4���9=��@���n=�����=��9���=��(���>��*���->�����X>��W���x>��.���>�����>�����?��#���1?��@���U?�����?��`���?��1���@�����@@��2���R@��7���@��+���@�����@�����A�����!A�����@A��4���`A��%���A�����A��#���A��#���A�����#B��>���;B�����zB�����B��1���B��:���B����� C��1���C�����PC��7���eC�����C��"���C��#���C��5���C��5���1D��9���gD��<���D��2���D��<���E��A���NE��<���E��A���E�� ���F�� ���F�����*F��5���:F��0���pF��I���F�����F��4��� G��:���?G�� ���zG�����G��������Z������!����������5���X���U������\���7���{������f������b����������x���R������p���(�������������������O���]������������������C����������e�����������������������d�������h���������T�������$������6����������������������y���o������%������|���'���:���������L����������H���K����������������� ���+����������� ���"�����������s����������N����������w���������8���G������9�������z���������������^�������<������t���)�������������3���=������~��� �������������V��������������������������;���v���l��� ������*����������n���_������0�����������������������������,�����������A�������&���S�������}���q������������4������1��� ����������-�����������������j���>��������������@�������������������Q���r�������������/����������D���m�������������J���k���a���B���#���E���I�������i���������c���M�������������F�������g�������������Y���.���u������W������� ���?�������P���2���`���[����, your cached password will expire at: �A group with the same name or GID already exists �A user or group with the same name or ID already exists �Access control provider�Add debug timestamps�An open file descriptor for the debug logs�Authentication provider�Authentication timeout�Base DN for user lookups�Base for home directories�Become a daemon (default)�Cache credentials for offline login�Cannot determine if the user was logged in on this platform�Cannot find group in local domain, modifying groups is allowed only in local domain �Cannot find user in local domain, modifying users is allowed only in local domain �Cannot get info about the user �Cannot reset SELinux login context �Cannot set SELinux login context �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the group - domain full? �Could not allocate ID for the user - domain full? �Could not modify group - check if groupname is correct �Could not modify group - check if member group names are correct �Could not modify user - check if group names are correct �Could not modify user - user already member of groups? �Create user's directory if it does not exist�Current Password: �Debug level�Default shell, /bin/bash�Directory to store credential caches�Display users/groups in fully-qualified form�Do not remove home directory and mail spool�Domain of the information provider (mandatory)�Enable credential validation�Enable enumerating all users/groups�Entry cache background update timeout length (seconds)�Entry cache timeout length (seconds)�Enumeration cache timeout length (seconds)�Error initializing the tools �Error initializing the tools - no local domain �Error setting the locale �Error while checking if the user was logged in �File that contains CA certificates�Filter for user lookups�Follow LDAP referrals�Force removal of files not owned by the user�Full Name�GECOS attribute�Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Groups to add this group to�Groups to add this user to�Groups to remove this group from�Groups to remove this user from�Home directory�Home directory attribute�How long (minutes) to deny login after offline_failed_login_attempts has been reached�How long to allow cached logins between online logins (days)�How long to keep cached entries after last successful login (days)�How many failed logins attempts are allowed when offline�IPA client hostname�IPA domain�IPA server address�Identity provider�Include timestamps in debug logs�Internal error while parsing parameters �Internal error. Could not print group. �Internal error. Could not remove group. �Internal error. Could not remove user. �Invalid domain specified in FQDN �Kerberos realm�Kerberos server address�Kerberos service keytab�Kill users' processes before removing him�Length of time between attempts to reconnect while offline�Length of time between enumeration updates�Length of time to attempt connection�Length of time to attempt synchronous LDAP operations�Length of time to wait for a search request�Location of the keytab to validate credentials�Location of the user's credential cache�Lock the account�Login shell�Magic Private �Maximum user ID�Member groups must be in the same domain as parent group �Minimum user ID�Modification time attribute�Negative cache timeout length (seconds)�Never create user's directory, overrides config�New Password: �No such group in local domain. Printing groups only allowed in local domain. �No such group in local domain. Removing groups only allowed in local domain. �No such user in local domain. Removing users only allowed in local domain. �Not removing home dir - not owned by user �Number of times to attempt connection to Data Providers�Objectclass for users�Out of memory �PAM stack to use�Password change failed. �Password change provider�Password expired. Change your password now.�Password: �Passwords do not match�Path to CA certificate directory�Ping timeout before restarting service�Policy to evaluate the password expiration�Primary GID attribute�Print indirect group members recursively�Printf-compatible format for displaying fully-qualified names�Reenter new Password: �Regex to parse username and domain�Remove home directory and mail spool�Require TLS certificate verification�Require TLS for ID lookups�Restrict or prefer a specific address family when performing DNS lookups�Run interactive (not a daemon)�SSSD Domains to start�SSSD Services to start�Scope of user lookups�Send the debug output to files instead of stderr�Server message: �Server where the change password service is running if not on the KDC�Set the verbosity of the debug logging�Shell attribute�Should filtered users appear in groups�Specify a non-default config file�Specify an alternative skeleton directory�Specify group to add �Specify group to delete �Specify group to modify �Specify group to show �Specify the sasl authorization id to use�Specify the sasl mechanism to use�Specify user to add �Specify user to delete �Specify user to modify �Store password hashes�System is offline, password change not possible�The GID of the group�The GID of the user�The SELinux user for user's login�The Schema Type in use on the LDAP server, rfc2307�The UID of the user�The authentication token of the default bind DN�The comment string�The debug level to run with�The default base DN�The default bind DN�The name of the NSS library to use�The selected GID is outside the allowed range �The selected UID is outside the allowed range �The type of the authentication token of the default bind DN�The value of the password field the NSS provider should return�Timeout for messages sent over the SBUS�Transaction error. Could not add group. �Transaction error. Could not add user. �Transaction error. Could not modify group. �Transaction error. Could not modify user. �UID attribute�UUID attribute�Unlock the account�Use Kerberos auth for LDAP connection�User principal attribute (for Kerberos)�User's home directory already exists, not copying data from skeldir �Username attribute�Users that SSSD should explicitly ignore�Write debug messages to logfiles�ldap_uri, The URI of the LDAP server�memberOf attribute�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Portuguese (http://www.transifex.com/projects/p/fedora/language/pt/) Language: pt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); �, a sua senha guardada em cache irá expirar em: �Já existe um grupo com o mesmo nome ou GID �Já existe um utilizador ou grupo com o mesmo nome ou ID �Fornecedor de controle de acesso�Adicionar tempos na depuração�Um descritor de ficheiro aberto para os registos de depuração�Fornecedor de autenticação�Tempo de expiração da autenticação�DN base para pesquisa de utilizadores�Directório base para as pastas pessoais�Tornar-se num serviço (omissão)�Efectuar cache de credenciais para sessões em modo desligado�Não foi possível determinar se o utilizador estava autenticado nesta plataforma�Grupo não foi encontrado no domínio local. Apenas é permitido modificar grupos no domínio local �Utilizador não foi encontrado no domínio local. Apenas é permitido modificar utilizadores no domínio local �Incapaz de obter informação acerca do utilizador �Não foi possível redefinir o contexto SELinux para a sessão �Não foi possível definir o contexto SELinux para a sessão �Incapaz de definir valores por omissão �Lista de utilizadores autorizados separados por vírgulas�Lista de utilizadores não autorizados separados por vírgulas�Comando para iniciar serviço�Incapaz de alocar um ID para o grupo - domínio cheio? �Incapaz de alocar um ID para o utilizador - domínio cheio? �Incapaz de modificar grupo - verifique que o nome do grupo está correcto �Incapaz de modificar grupo - verifique que o nome do grupo membro está correcto �Incapaz de modificar utilizador - verifique se o nome do grupo está correcto �Incapaz de modificar utilizador - utilizador já é membro de grupos? �Criar pasta pessoal do utilizador, se ainda não existir�Senha actual: �Nível de depuração�Shell pré-definida, /bin/bash�Directório para armazenar as caches de credenciais�Apresentar utilizadores/grupos na forma completa�Não remover pasta pessoal e spool de correio�Domínio do fornecedor de informação (obrigatório)�Activar validação de credenciais�Permitir enumeração de todos os utilizadores/grupos�Validade da actualização da cache em segundo plano (segundos)�Validade da cache (segundos)�Validade da cache de enumeração (segundos)�Erro ao inicializar as ferramentas �Erro ao inicializar as ferramentas - não existe domínio local �Erro ao definir a configuração regional �Erro ao verificar se o utilizador estava autenticado �Ficheiro que contêm os certificados CA�Filtro para as pesquisas do utilizador�Seguir os referrals LDAP�Forçar a remoção de ficheiros não pertencentes ao utilizador�Nome Completo�Atributo GECOS�Grupos�Os grupos têm de pertencer ao mesmo domínio que o utilizador �Grupos que o SSSD devem explicitamente ignorar�Grupos para adicionar este grupo�Grupos para adicionar este utilizador�Grupos para remover este projecto�Grupos para remover este utilizador�Pasta pessoal�Atributo da pasta pessoal�Quanto tempo (minutos) para negar a sessão após offline_failed_login_attempts ter sido atingido�Durante quanto tempo devem ser permitidas as caches de sessões entre sessões online (dias)�Durante quanto tempo devem ser permitidas as caches de sessões entre sessões bem sucedidas (dias)�Quantas tentativas falhadas de inicio de sessão são permitidas quando offline�Nome da máquina do cliente IPA�Domínio IPA�Endereço do servidor IPA�Fornecedor de identidade�Incluir data e hora nos registos de depuração�Erro interno ao processar parâmetros �Erro interno. Incapaz de imprimir grupo. �Erro interno. Incapaz de remover grupo. �Erro interno. Incapaz de remover utilizador. �Domínio inválido especificado no FQDN �Reino Kerberos�Endereço do servidor Kerberos�Separador chave do serviço Kerberos�Mate os processos do utilizador antes de o remover�Tempo de espera entre tentativas para re-conectar quando desligado�Período de tempo entre enumeração de actualizações�Período de tempo para tentar ligação�Tempo de espera para tentar operações LDAP síncronas�Tempo de espera por um pedido de pesquisa�Localização da tabela de chaves (keytab) para validar credenciais�Localização da cache de credenciais dos utilizadores�Desactivar Conta�Shell�"Magic" Privada�ID de utilizador máximo�Grupos membro têm de estar no mesmo domínio do grupo pai �ID de utilizador mínimo�Atributo da alteração da data�Validade da cache negativa (segundos)�Nunca criar pasta pessoal do utilizador. Sobrepõem-se à configuração�Nova Senha: �Grupo não existe no domínio local. Grupos de impressão apenas permitidos no domínio local. �Grupo não existe no domínio local. Apenas é permitido remover grupos no domínio local. �Utilizador não existe no domínio local. Apenas é permitido remover utilizadores no domínio local. �Pasta pessoal não removida - não pertence ao utilizador �Número de vezes para tentar ligação aos Fornecedores de Dados�Objectclass para utilizadores�Memória esgotada �Stack PAM a utilizar�Alteração da senha falhou.�Fornecedor de Alteração de Senha�A senha expirou. Altere a sua senha agora.�Senha: �Senhas não coincidem�Caminho para o directório do certificado CA�Foi excedido o tempo do ping antes de reiniciar o serviço�Politica para avaliar a expiração da senha�Atributo GID primário�Imprimir membros de grupos indirectos recursivamente�Formato compatível com o printf para apresentar nomes completos�Digite a senha novamente: �Expressão regular para obter nome do utilizar e domínio�Remover pasta pessoal e spool de correio�Obriga a verificação de certificados TLS�Requer TLS para consultas de ID�Restringir ou preferir famílias de endereços especificas quando efectua consultas DNS�Executar interactivamente (não como serviço)�Domínios SSSD a iniciar�Serviços SSSD a iniciar�Âmbito das pesquisas do utilizador�Enviar o resultado de depuração para ficheiro em vez do stderr�Mensagem do Servidor: �Servidor onde está em execução o serviço de alteração de senha, se não coincide com o KDC�Definir a verbosidade dos registos de depuração�Atributo da Shell�Devem os utilizadores filtrados aparecer em grupos�Especificar um ficheiro de configuração não standard�Indique um directório skeleton alternativo�Indique grupo a adicionar �Especifique grupo a remover �Especifique grupo a modificar �Especifique grupo a apresentar �Especifique o id sasl para utilizar na autorização�Especificar mecanismo sasl a utilizar�Indique utilizador a adicionar �Especificar o utilizador a remover �Especifique utilizador a modificar �Guardar hashes da senha�O sistema está offline, a mudança de senha não é possível�O GID do grupo�O GID do utilizador�O utilizador SELinux para a sessão do utilizador�O tipo de Schema em utilização no servidor LDAP, rfc2307�O UID do utilizador�O token de autenticação do bind DN por omissão�Texto do comentário�O nível de depuração a utilizar durante a execução�A base DN por omissão�O DN por omissão para a ligação�O nome da biblioteca NSS a utilizar�O GID seleccionado está fora do intervalo permitido �O UID seleccionado está fora do intervalo permitido �O tipo de token de autenticação do bind DN por omissão�O valor do campo da senha que o fornecedor NSS deve retornar�Limite de tempo para mensagens enviadas sobre SBUS�Erro de transacção. Não foi possível adicionar o grupo. �Erro na transacção. Não foi possível adicionar o utilizador. �Erro de transacção. Não foi possível modificar o grupo. �Erro na transacção. Não foi possível modificar o utilizador. �Atributo UID�Atributo UUID�Activar a Conta�Utilizar autenticação Kerberos para ligações LDAP�Atributo principal do utilizador (para Kerberos)�A pasta pessoal do utilizador já existe. Conteúdo skeldir não copiado �Atributo do nome do utilizador�Utilizadores que o SSSD devem explicitamente ignorar�Gravar as mensagens de depuração em ficheiros de registo�ldap_uri, O URI do servidor LDAP�Atributo memberOf������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/uk.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000131�12320753522�015307� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.488874335 30 atime=1396954962.488874335 29 ctime=1396954962.56287428 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/uk.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000165552�12320753522�015555� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ����\������!�����!�����!�����!�����!�����"�����-"�����C"��'���V"��1���~"��8���"�����"��&���#�� ���(#�����I#��7���a#�����#�����#�����#��3���#��*���$��B���J$��)���$��)���$��%���$�� ���%�����(%�����@%�����W%�����g%�����%��#���%��%���%�����%��#��� &�����1&�����K&�����h&�����&�����&�����&�����&��#���&��*���'��&���?'��;���f'��'���'��P���'��T���(��R���p(�����(�����(��#����)��!���$)�����F)��%���a)��(���)�����)��3���)��2���)��7���0*��A���h*��9���*��7���*��!���+�����>+�����+�����+��,���+�����),��0���<,�� ���m,�����y,��P���,��$���,��(���-�����1-��,���Q-��+���~-��.���-��2���-��,��� .��3���9.�����m.��#���.�� ���.�����.��"���.��6���.��$���3/��*���X/�����/��/���/�����/�����/��/��� 0��"���90��)���\0��!���0�����0�����0��,���0�� ���1����� 1�� ���1��6���+1�����b1�����w1�� ���1�����1�����1��*���1��)���1�����2����� 2�� ���;2�����\2�����|2�����2�����2�����2��R���2��U���"3��<���x3��B���3��G���3��F���@4��.���4��F���4��8���4��Z���65��E���5��;���5��7���6�����K6�����f6�� ���z6�����6��F���6�����6��4���6��4���&7��V���[7��;���7��0���7�� ���8��(���@8��'���i8��(���8��'���8��!���8�� ���9�����9�����-9�����C9�����\9�����t9�� ���9�����9�����9�����9�����:�����:�����=:�����L:�����d:��)���|:��*���:��:���:��%��� ;��*���2;��$���];��5���;��0���;��+���;��#���<�����9<��>���M<�����<��.���<��'���<�����=�� ���=����� =�����;=��&���J=�����q=��9���=�����=�����=��&���=��)���>��?���8>��<���x>��)���>��'���>�����?�� ���?�����-?�����G?��/���c?�����?��-���?��M���?��M���@��K���l@�����@��*���@��,���@��7���#A��(���[A��!���A�����A�����A�����A�����A����� B��0���"B�����SB�����oB��=���~B��A���B��?���B�����>C�����OC�����hC��+���C��(���C�� ���C�����C�� ���C��&���D��0���@D��*���qD�����D��(���D�����D��=���D��5���7E��1���mE�����E��"���E��$���E�����E��$���F�����AF��H���\F�����F��(���F�����F�����G�����G�����3G�� ���LG�����ZG��$���pG��7���G��7���G��%���H��0���+H�����\H��E���mH�����H��$���H�����H�����I�����!I��7���:I��&���rI��7���I�����I��.���I��&���J��!���7J��!���YJ��)���{J��$���J�����J�����J�����J�����K�����+K�����IK��3���`K��(���K��+���K��!���K����� L����� L�����8L�����PL��9���fL��I���L�����L�����M�����M�����.M�����KM�����iM�����M�����M�����M�����M��/���M�����$N�����9N��!���MN�����oN��2���N��<���N�����N��K��� O��X���VO��/���O��1���O�����P�����$P�����@P�����TP��.���hP��=���P��L���P��3���"Q��"���VQ��C���yQ��B���Q��8����R��/���9R��&���iR��%���R��.���R��.���R��;���S��>���PS��#���S��I���S��'���S��(���%T��'���NT��+���vT��*���T��!���T�� ���T��>���T��8���<U�����uU��7���U��3���U�����U�����V��2���V��%���QV��1���wV��5���V��/���V��'���W��5���7W�����mW��'���W��D���W�����W��(���X��@���*X��D���kX��E���X��i���X��8���`Y��D���Y��6���Y��A���Z�����WZ��;���wZ��=���Z��@���Z��A���2[��K���t[��>���[��T���[��C���T\��5���\�� ���\��B���\��'���2]�����Z]�����y]�����]�����]�����]��+���]��$���^��$���*^�����O^��$���n^�����^�����^�����^�����^�����^�����^�����_�����2_�����F_�����Z_��"���r_����_�����a�����a��"���a��O���a�����,b�����Fb��-���`b��[���b��i���b�����Tc��0���c��A���d��?���[d�����d�����d��,���Ke��G���xe��4���e��W���e��p���Mf�����f��N���Lg��_���g��O���g��6���Kh��'���h��;���h��E���h��T���,i��Z���i��a���i��g���>j��T���j�����j��C���~k��S���k��N���l��L���el��S���l��=���m��R���Dm��[���m��b���m��^���Vn�����n��V���9o�����o�����Kp�����q��X���r��K���^r��`���r��M��� s��G���Ys��b���s��d���t��*���it��v���t����� u�����u�����v�����v�����Mw��C���w�����x��@���y��E���Hy��^���y�����y��L��� z��'���Zz��(���z�����z��`���7{��I���{��:���{��T���|��T���r|��J���|��b���}��N���u}��b���}��K���'~��P���s~�����~��I���~��p��� ��n�����L������v���M��C���Ā��q�����W���z��L���ҁ��f�����7�����I�����=�����2���F��5���y��g�������������*�����?��|���R�����τ��-�������������2�� ���J��m���U��U���Å��?�����Q���Y��A�����S��������A��4���a��*�����������������������&����������Y�����ۊ��<���}��������������� �������z���y�������>���u��(��������ݏ���������� ������������C���D����������T��`�����W���F��T�����[�����_���O��j�����9�����!���T��@���v��9�����L�����;���>��I���z��D���Ė��?��� ��R���I��A�����M���ޗ��9���,�����f��$���~��1�����}���՘��E���S�������D���4��J���y��^���Ě��o���#��^�����Q�����5���D�����z�������\���D��h�����R��� ��4���]�������d����� �����n���4��;��������ߟ��9���c��"�����2�����E��������9��\���ǡ�����$��_�����,�����(���4��4���]��?��������ң�����R��p���l�����ݤ����������<��'�����y���/����������]��i���ި��Z���H��3�����*���ש��:�����,���=��:���j��^�����D�����$���I�����n�������s�����>�����D���@��&�����V�����k��������o��&���~��:�����m��������N��Q���گ��#���,��f���P��I�����J�����t���L��j�����4���,��g���a��O���ɲ��.�����>���H��I��������ѳ��d���l��{���Ѵ��2���M��5�����5�����I��������6��8���H��E�����^���Ƕ�����&��t�����[�����)���{�������&���<��V���c��&�����.�����4�����|���E��q���º��~���4�������r���ӻ��j���F��R�����A�����K���F��f�����8�����4���2��<���g��G�����I�����G���6�����~��{������m���|��V�����S���A��W�����U�����*���C��x���n�������1�����-����������\�����V���q��7�����1������x���2�������9���2��n���l��%�����<�����N���>��A�����M�����}�����1����������d���O��f�����u����������@�����1�����8���"��o���[�������}���N��r�����S���?������������{�����m���/��x�����z�����z�������� ��e�����p�����^���j�������l�����n�����{�����p��������y��N��������Q��o���d��_��������4��Z���H��{�����6�����f���V�������C���|��c�����|���$�������b���H�������+���2��a���^�������0���j��J�������������������������i����������i����������G���s����������Q��b��������F����������j�����������������g�����x�����R���|�� ���������������$���(�����M��1���d��.�����&����� �����&��� �����4�����L�����i�����������������������������������(��$���E�����Q����L���������'���t������������������������������q�����������������R���w���]������;��=���������"���������������������������A��� �����O���>������������������������g��%���(���5��s���h�����������,�������K�������������������P��B�����-��H���������*��������������������f��v�����%���������T���������y������|������������7��B���������������+�������������X����S������������������������������������`���1������D������U�����������"�����������������������9����������d��������Y����� ��w���������������]�����Y���J������m���x���v���z�����y���*������������o��N�������u���6���p���k������������������ �����������^����������������������<����-���4��l���P�����������M������/�������������G��K���������G���>��:������g���6������?�������{������$������}��������������N������������?�������!���������q����������������������������T���������n��������������������#������$���������}��d���U��������������������D��������������3���F����I���������������c���F���f���~���������{�����Q����������\�������������������c��2�������#�����������_��S������+�� �������������(������m����������.����o���@���������� ���J��s�����e������Z�������������:�����������E�������~������������������������ ����������)���.����������������E�������4������V������������������=����� �����������'��������k����� ���������Z�����;�������2����������z��V����������&���9�������������������@�����`���������������������������������<���i��I���������������C�������������������������������L���[���8���u������������X���������,��|����������������������!���j���������n��l�����������������������&��W������������������������������ ����������������b��A�����H��C��)��e������r��\����������������8����^���������0���M���5��� ���a���W���������������t��b������R������_���h����a��������� �����������/�������0��O��x�����i������p��������� ���7�������r������������j���[��������������������3��1������������� � %1$sIs a member of: � %1$sMember groups: �%1$s must be run as root �%1$s%2$sGroup: %3$s �%1$sGID number: %2$d �%1$sMember users: �, your cached password will expire at: �A group with the same name or GID already exists �A user or group with the same name or ID already exists �Access control provider�Active Directory backup server address�Active Directory client hostname�Active Directory domain�Active Directory primary group attribute for ID-mapping�Active Directory server address�Add debug timestamps�Address of backup IPA server�An error occurred, but no description can be found.�An open file descriptor for the debug logs�Attribute indicating that server side password policies are active�Attribute listing authorized PAM services�Attribute listing authorized server hosts�Authenticated with cached credentials�Authentication is denied until: �Authentication provider�Authentication timeout�Autofs provider�Automatic full refresh period�Automatic smart refresh period�Automounter map entry key attribute�Automounter map entry value attribute�Automounter map name attribute�Base DN for automounter map lookups�Base DN for group lookups�Base DN for netgroup lookups�Base DN for service lookups�Base DN for sudo rules lookups�Base DN for user lookups�Base for home directories�Become a daemon (default)�Cache credentials for offline login�Cannot create user's home directory: %1$s �Cannot create user's mail spool: %1$s �Cannot determine if the user was logged in on this platform�Cannot find group %1$s in local domain �Cannot find group %1$s in local domain, only groups in local domain are allowed �Cannot find group in local domain, modifying groups is allowed only in local domain �Cannot find user in local domain, modifying users is allowed only in local domain �Cannot get info about the user �Cannot remove homedir: %1$s �Cannot reset SELinux login context �Cannot set SELinux login context �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the group - domain full? �Could not allocate ID for the user - domain full? �Could not modify group - check if groupname is correct �Could not modify group - check if member group names are correct �Could not modify user - check if group names are correct �Could not modify user - user already member of groups? �Could not open available domains �Could not open domain %1$s. If the domain is a subdomain (trusted domain), use fully qualified name instead of --domain/-d parameter. �Couldn't invalidate %1$s�Couldn't invalidate %1$s %2$s�Create user's directory if it does not exist�Current Password: �DNS service name for LDAP password change server�Debug level�Default shell, /bin/bash�Directory on the filesystem where SSSD should store Kerberos replay cache files.�Directory to store credential caches�Disable Active Directory range retrieval�Disable the LDAP paging control�Display users/groups in fully-qualified form�Do not remove home directory and mail spool�Domain of the information provider (mandatory)�Domain to add to names without a domain component.�Don't include group members in group lookups�Enable DNS sites - location based service discovery�Enable credential validation�Enable enumerating all users/groups�Enables FAST�Enables enterprise principals�Enables principal canonicalization�Entry cache background update timeout length (seconds)�Entry cache timeout length (seconds)�Enumeration cache timeout length (seconds)�Error initializing the tools �Error initializing the tools - no local domain �Error looking up public keys �Error setting the locale �Error while checking if the user was logged in �File that contains CA certificates�File that contains the client certificate�File that contains the client key�Filter for user lookups�Follow LDAP referrals�Force removal of files not owned by the user�Full Name�GECOS attribute�GID attribute�Group %1$s is outside the defined ID range for domain �Group UUID attribute�Group member attribute�Group name�Group password�Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Groups to add this group to�Groups to add this user to�Groups to remove this group from�Groups to remove this user from�Home directory�Home directory attribute�Host identity provider�Host not specified �Hostnames and/or fully qualified domain names of this machine to filter sudo rules�How long (minutes) to deny login after offline_failed_login_attempts has been reached�How long to allow cached logins between online logins (days)�How long to keep cached entries after last successful login (days)�How long to retain a connection to the LDAP server before disconnecting�How long to wait for replies from DNS when resolving servers (seconds)�How long will be in-memory cache records valid�How many days before password expiration a warning should be displayed�How many failed logins attempts are allowed when offline�How many seconds to keep a host in the known_hosts file after its host keys were requested�How many seconds to keep identity information cached for PAM requests�How often should expired entries be refreshed in background�How often to periodically update the client's DNS entry�How to dereference aliases�IPA client hostname�IPA domain�IPA server address�IPv4 or IPv6 addresses or network of this machine to filter sudo rules�Identity provider�Idle time before automatic disconnection of a client�If DENY rules are present, either DENY_ALL or IGNORE�If a shell stored in central directory is allowed but not available, use this fallback�If set to false, host argument given by PAM will be ignored�Include microseconds in timestamps in debug logs�Include timestamps in debug logs�Internal error while parsing parameters �Internal error. Could not print group. �Internal error. Could not remove group. �Internal error. Could not remove user. �Invalid domain specified in FQDN �Invalid port �Invalidate all autofs maps�Invalidate all groups�Invalidate all netgroups�Invalidate all services�Invalidate all users�Invalidate particular autofs map�Invalidate particular group�Invalidate particular netgroup�Invalidate particular service�Invalidate particular user�Kerberos backup server address�Kerberos realm�Kerberos server address�Kerberos service keytab�Kill users' processes before removing him�LDAP filter to determine access privileges�Length of time between attempts to reconnect while offline�Length of time between cache cleanups�Length of time between enumeration updates�Length of time to attempt connection�Length of time to attempt synchronous LDAP operations�Length of time to wait for a enumeration request�Length of time to wait for a search request�Lifetime of TGT for LDAP connection�Lifetime of the TGT�List of UIDs or user names allowed to access the PAC responder�List of possible ciphers suites�Location of the keytab to validate credentials�Location of the user's credential cache�Lock the account�Login shell�Lower bound for ID-mapping�Magic Private �Maximum nesting level SSSd will follow�Maximum user ID�Member groups must be in the same domain as parent group �Minimum user ID�Modification time attribute�Modification time attribute for groups�Modification time attribute for netgroups�NSS request failed (%1$d). Entry might remain in memory cache. �Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set) �Name of the default domain for ID-mapping�Negative cache timeout length (seconds)�Netgroup UUID attribute�Netgroup name�Netgroup triple attribute�Netgroups members attribute�Never create user's directory, overrides config�New Password: �No cache object matched the specified search �No such group in local domain. Printing groups only allowed in local domain. �No such group in local domain. Removing groups only allowed in local domain. �No such user in local domain. Removing users only allowed in local domain. �Not enough memory �Not removing home dir - not owned by user �Number of IDs for each slice when ID-mapping�Number of times to attempt connection to Data Providers�Object class for automounter map entries�Object class for automounter maps�Object class for sudo rules�Objectclass for groups�Objectclass for netgroups�Objectclass for services�Objectclass for users�Only invalidate entries from a particular domain�Only one argument expected �Out of memory �Override GID value from the identity provider with this value�Override homedir value from the identity provider with this value�Override shell value from the identity provider with this value�PAM stack to use�Password change failed. �Password change provider�Password expired. Change your password now.�Password reset by root is not supported.�Password: �Passwords do not match�Path to CA certificate directory�Ping timeout before restarting service�Please select at least one object to invalidate �Policy to evaluate the password expiration�Primary GID attribute�Print indirect group members recursively�Print version number and exit�Printf-compatible format for displaying fully-qualified names�Privileged socket has wrong ownership or permissions.�Public socket has wrong ownership or permissions.�Reenter new Password: �Regex to parse username and domain�Remove home directory and mail spool�Renewable lifetime of the TGT�Require TLS certificate verification�Require TLS for ID lookups�Restrict or prefer a specific address family when performing DNS lookups�Run interactive (not a daemon)�SID of the default domain for ID-mapping�SSH public key attribute�SSSD Domains to start�SSSD Services to start�SSSD is not run by root.�SUDO provider�Scope of user lookups�Search base for HBAC related objects�Search base for object containing info about IPA domain�Search base for objects containing info about ID ranges�Selects the principal to use for FAST�Send the debug output to files instead of stderr�Server message: �Server where the change password service is running if not on the KDC�Service name attribute�Service name for DNS service lookups�Service port attribute�Service protocol attribute�Session-loading provider�Set lower boundary for allowed IDs from the LDAP server�Set the verbosity of the debug logging�Set upper boundary for allowed IDs from the LDAP server�Shell attribute�Shell to use if the provider does not list one�Should filtered users appear in groups�Show timestamps with microseconds�Specify a non-default config file�Specify an alternative skeleton directory�Specify debug level you want to set �Specify group to add �Specify group to add to �Specify group to delete �Specify group to modify �Specify group to remove from �Specify group to show �Specify the minimal SSF for LDAP sasl authorization�Specify the sasl authorization id to use�Specify the sasl authorization realm to use�Specify the sasl mechanism to use�Specify user to add �Specify user to delete �Specify user to modify �Store password hashes�Store password if offline for later online authentication�Substitute empty homedir value from the identity provider with this value�Sudo rule command attribute�Sudo rule host attribute�Sudo rule name�Sudo rule notafter attribute�Sudo rule notbefore attribute�Sudo rule option attribute�Sudo rule order attribute�Sudo rule runasgroup attribute�Sudo rule runasuser attribute�Sudo rule user attribute�System is offline, password change not possible�The GID of the group�The GID of the user�The SELinux user for user's login�The SSSD domain to use�The Schema Type in use on the LDAP server, rfc2307�The TTL to apply to the client's DNS entry after updating it�The UID of the user�The amount of time between lookups of the HBAC rules against the IPA server�The amount of time in seconds between lookups of the SELinux maps against the IPA server�The authentication token of the default bind DN�The automounter location this IPA client is using�The comment string�The debug level to run with�The default base DN�The default bind DN�The domain part of service discovery DNS query�The interface whose IP should be used for dynamic DNS updates�The list of shells that will be vetoed, and replaced with the fallback shell�The list of shells users are allowed to log in with�The name of the NSS library to use�The number of file descriptors that may be opened by this responder�The number of members that must be missing to trigger a full deref�The number of records to retrieve in a single LDAP query�The path to the proxy command must be absolute �The port to use to connect to the host�The post-delete command failed: %1$s �The selected GID is outside the allowed range �The selected UID is outside the allowed range �The type of the authentication token of the default bind DN�The value of the password field the NSS provider should return�Time between two checks for renewal�Timeout between three failed ping checks and forcibly killing the service�Timeout for messages sent over the SBUS�Transaction error. Could not add group. �Transaction error. Could not add user. �Transaction error. Could not modify group. �Transaction error. Could not modify user. �Treat usernames as case sensitive�UID attribute�URI of a backup LDAP server where password changes are allowed�URI of an LDAP server where password changes are allowed�UUID attribute�Unexpected error while looking for an error description�Unexpected format of the server credential message.�Unlock the account�Upper bound for ID-mapping�Use ID-mapping of objectSID instead of pre-set IDs�Use Kerberos auth for LDAP connection�Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups�Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups�Use autorid-compatible algorithm for ID-mapping�Use only the upper case for realm names�User %1$s is outside the defined ID range for domain �User not specified �User principal attribute (for Kerberos)�User's home directory already exists, not copying data from skeldir �Username attribute�Users that SSSD should explicitly ignore�WARNING: The user (uid %1$lu) was still logged in when deleted. �What kind of authentication should be used to perform the DNS update�What kind of messages are displayed to the user during authentication�Whether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bind�Whether the nsupdate utility should default to using TCP�Whether the provider should explicitly update the PTR record as well�Whether to automatically update the client's DNS entry�Whether to automatically update the client's DNS entry in FreeIPA�Whether to create kdcinfo files�Whether to evaluate the time-based attributes in sudo rules�Whether to filter rules by hostname, IP addresses and network�Whether to hash host names and addresses in the known_hosts file�Whether to include rules that contains netgroup in host attribute�Whether to include rules that contains regular expression in host attribute�Whether to look up canonical group name from cache if possible�Whether to update the ldap_user_shadow_last_change attribute after a password change�Which attributes shall be used to evaluate if an account is expired�Which rules should be used to evaluate access control�Write debug messages to logfiles�Your password has expired. You have %1$d grace login(s) remaining.�Your password will expire in %1$d %2$s.�accountExpires attribute of AD�entryUSN attribute�krbLastPwdChange attribute�krbPasswordExpiration attribute�lastUSN attribute�ldap_backup_uri, The URI of the LDAP server�ldap_uri, The URI of the LDAP server�loginAllowedTimeMap attribute of NDS�loginDisabled attribute of NDS�loginExpirationTime attribute of NDS�memberOf attribute�nsAccountLock attribute�objectSID attribute�shadowExpire attribute�shadowFlag attribute�shadowInactive attribute�shadowLastChange attribute�shadowMax attribute�shadowMin attribute�shadowWarning attribute�userAccountControl attribute of AD�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: Yuri Chornoivan <yurchor@ukr.net> Language-Team: Ukrainian (http://www.transifex.com/projects/p/fedora/language/uk/) Language: uk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2); � � %1$sє учасником: � %1$sГрупи-учасники: �%1$s слід запускати від імені користувача root �%1$s%2$sГрупа: %3$s �%1$sНомер GID: %2$d �%1$sКористувачі-учасники: �, строк дії вашого кешованого пароля завершиться: �Вже існує група з такою самою назвою або ідентифікатором �Вже існує користувач або група з таким самим іменем, назвою або ідентифікатором �Служба керування доступом�Адреса резервного сервера Active Directory�Назва клієнтського вузла Active Directory�Домен Active Directory�Атрибут основної групи Active Directory для встановлення відповідності ідентифікатора�Адреса сервера Active Directory�Додавати діагностичні часові позначки�Адреса резервного сервера IPA�Сталася помилка, але не вдалося знайти її опису.�Дескриптор відкритого файла для запису журналів діагностики�Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера�Атрибути зі списком уповноважених служб PAM�Атрибути зі списком уповноважених серверних вузлів�Розпізнано за реєстраційними даними з кешу�Розпізнавання заборонено до: �Служба розпізнавання�Час очікування на розпізнавання�Служба автоматизації файлових систем�Період автоматичного повного оновлення даних�Період автоматичного кмітливого оновлення даних�Атрибут ключа запису карти автоматичного монтування�Атрибут значення запису карти автоматичного монтування�Атрибут назви карти автоматичного монтування�Базовий сервер назв домену для пошуків карти автоматичного монтування�Базова назва домену для пошуків груп�Базова назва домену для пошуків груп у мережі�Базова сервер назв домену для пошуку служб�Базова назва домену для пошуків правил sudo�Базова назва домену для пошуків користувачів�Базова адреса домашніх каталогів�Запуститися фонову службу (типова поведінка)�Кешувати реєстраційні дані для автономного входу�Не вдалося створити домашній каталог користувача: %1$s �Не вдалося створити поштовий буфер користувача: %1$s �Не вдалося визначити, чи увійшов користувач до системи на цій платформі�Не вдалося знайти групу %1$s у локальному домені �Не вдалося знайти групу %1$s у локальному домені, можна використовувати лише групи з локального домену �Не вдалося знайти групу у локальному домені. Зміну записів груп можна виконувати лише у межах локального домену �Не вдалося знайти користувача у локальному домені. Зміну записів користувачів можна виконувати лише у межах локального домену �Не вдалося отримати відомості щодо користувача �Не вдалося вилучити домашній каталог: %1$s �Не вдалося відновити початковий контекст входу SELinux �Не вдалося встановити контекст входу SELinux �Не вдалося встановити типові значення �Відокремлений комами список дозволених користувачів�Відокремлений комами список заборонених користувачів�Команда запуску служби�Не вдалося отримати ідентифікатор для групи. Домен переповнено? �Не вдалося отримати ідентифікатор для користувача. Домен переповнено? �Не вдалося змінити запис групи. Перевірте, чи правильно вказано назву групи �Не вдалося змінити запис групи. Перевірте, чи правильно вказано назви груп-учасників �Не вдалося змінити запис користувача. Перевірте, чи правильно вказано назви груп �Не вдалося змінити запис користувача. Користувач вже є учасником груп? �Не вдалося відкрити доступні домени �Не вдалося відкрити домен %1$s. Якщо цей домен є піддоменом (довіреним доменом), скористайтеся повною назвою замість параметра --domain/-d. �Не вдалося скасувати визначення %1$s�Не вдалося скасувати визначення %1$s %2$s�Створити каталог користувача, якщо його ще не існує�Поточний пароль: �Назва у службі DNS сервера зміни паролів LDAP�Рівень зневаджування�Типова оболонка, /bin/bash�Каталог у файловій системі, де SSSD має зберігати файли кешу відтворення Kerberos.�Каталог, де зберігатиметься кеш реєстраційних даних�Вимкнути отримання діапазонів Active Directory�Вимкнути контроль сторінок у LDAP�Показувати записи користувачів/груп повністю�Не вилучати домашній каталог і поштовий буфер�Домен надання відомостей (обов’язковий)�Домен, який слід додати до назв без компонента домену.�Не включати учасників групи у пошуки групи�Увімкнути сайти DNS — визначення служб на основі адрес�Увімкнути перевірку реєстраційних даних�Увімкнути нумерацію всіх користувачів/груп�Вмикає FAST�Увімкнути промислові реєстраційні дані�Вмикає перетворення реєстраційних записів у канонічну форму�Час очікування на фонове оновлення кешу записів (у секундах)�Тривалість кешування записів (у секундах)�Тривалість часу очікування на дані кешу нумерування (у секундах)�Помилка ініціалізації інструментів �Помилка ініціалізації інструментів: немає локального домену �Помилка під час спроби пошуку відкритих ключів �Помилка під час спроби встановити локаль �Помилка під час перевірки входу користувача до системи �Файл, що містить сертифікати CA�Файл, що містить клієнтський сертифікат�Файл, що містить клієнтський ключ�Фільтр пошуку користувачів�Переходити за посиланнями LDAP�Примусово вилучити файли, які не належать користувачеві�Повне ім'я�Атрибут GECOS�Атрибут GID�Група %1$s не належить визначеному діапазону ідентифікаторів домену �Атрибут UUID групи�Атрибут членства у групі�Назва групи�Пароль групи�Групи�Групи мають належати до того самого домену, що і користувач �Групи користувачів, які SSSD має явно ігнорувати�Групи, до яких слід додати цю групу�Групи, до яких слід додати цього користувача�Групи, з яких слід вилучити цю групу�Групи, з яких слід вилучити цього користувача�Домашній каталог�Атрибут домашнього каталогу�Служба профілів вузлів�Не вказано вузол �Назви вузлів і/або повні назви у домені для цього комп’ютера для фільтрування списку правил sudo�Тривалість (у хвилинах) заборони входу після досягнення значення offline_failed_login_attempts�Тривалість зберігання кешованих реєстраційних даних між входами до системи (у днях)�Тривалість зберігання кешованих записів після останнього успішного входу (у днях)�Тривалість підтримування з’єднання з сервером LDAP перед роз’єднанням�Тривалість очікування на відповідь від DNS під час визначення адрес серверів (у секундах)�Строк дії записів кешу у пам’яті�Визначає кількість днів між днем, коли має бути показано попередження, і днем, коли завершиться строк дії пароля�Макс. дозволена кількість помилкових спроб входу у автономному режимі�Кількість секунд, протягом яких запису вузла зберігатиметься у файлі known_hosts після надсилання запиту щодо ключів вузла�Тривалість (у секундах) зберігання даних щодо розпізнавання у кеші для запитів PAM�Наскільки часто має виконувати оновлення у тлі застарілих записів�Визначає, наскільки часто слід періодично оновлювати запис DNS клієнта�Спосіб розіменування псевдонімів�Назва вузла клієнта IPA�Домен IPA�Адреса сервера IPA�Адреси IPv4 або IPv6 чи мережа цього комп’ютера для фільтрування списку правил sudo�Служба профілів�Проміжок бездіяльності до автоматичного від’єднання клієнтської частини�Якщо вказано правила DENY, DENY_ALL або IGNORE�Якщо оболонка, що зберігається у центральному каталозі дозволена, але недоступна, використовувати цю резервну�Якщо встановлено значення «false», аргумент вузла, наданий PAM, буде проігноровано�Включати мілісекунди до часових позначок у журналах�Додати до діагностичних журналів позначки часу�Внутрішня помилка під час обробки параметрів �Внутрішня помилка. Не вдалося вивести дані групи. �Внутрішня помилка. Не вдалося вилучити запис групи. �Внутрішня помилка Не вдалося вилучити запис користувача. �У FQDN вказано некоректний домен �Некоректний порт. �Скасувати визначення всіх карт autofs�Скасувати визначення всіх груп�Скасувати визначення всіх мережевих груп�Скасувати визначення всіх служб�Скасувати визначення всіх користувачів�Скасувати визначення певну карту autofs�Скасувати визначення певної групи�Скасувати визначення певної мережевої групи�Скасувати визначення певної служби�Скасувати визначення певного користувача�Адреса резервного сервера Kerberos�Область Kerberos�Адреса сервера Kerberos�Таблиця ключів служби Kerberos�Припинити роботу процесів користувача перед вилученням його запису�Фільтр LDAP для визначення прав доступу�Проміжок часу між повторними спробами встановлення з’єднання у автономному режимі�Проміжок часу між спорожненнями кешу�Проміжок часу між оновленнями нумерації�Проміжок часу між спробами встановлення з’єднання�Проміжок часу між спробами виконання синхронних операцій LDAP�Тривалість очікування на дані запиту щодо переліку�Тривалість очікування на дані запиту пошуку�Строк дії TGT для з’єднання LDAP�Строк дії TGT�Список унікальних ідентифікаторів (UID) або імен користувачів, яким надано доступ до відповідача PAC�Показати список можливих інструментів шифрування�Адреса таблиці ключів для перевірки реєстраційних даних�Адреса кешу реєстраційних даних користувача�Заблокувати обліковий запис�Оболонка входу�Нижня межа встановлення відповідності ідентифікатора�Магічна приватна �Максимальний рівень вкладеності, який використовуватиме SSSD�Макс. ідентифікатор користувача�Групи-учасники мають належати до того самого домену, що і основна група �Мін. ідентифікатор користувача�Атрибут часу зміни�Атрибут часу зміни для груп�Атрибут часу зміни для мережевих груп�Спроба запиту NSS зазнала невдачі (%1$d). Запис може залишитися у кеші у пам’яті. �Здається, назва «%1$s» не є FQDN (встановлено «%2$s = TRUE») �Назва типового домену для встановлення відповідності ідентифікаторів�Від’ємний час очікування на дані з кешу (у секундах)�Атрибут UUID груп у мережі�Назва мережевої групи�Атрибут трійки груп у мережі�Атрибут членства у групах у мережі�Ніколи не створювати каталог користувача, перевизначає налаштування�Новий пароль: �Вказаному критерію пошуку не відповідає жоден об’єкт у кеші �У локальному домені немає такої групи. Вивід даних груп можливий лише у межах локального домену. �У локальному домені немає такої групи. Вилучення груп можливе лише у межах локального домену. �У локальному домені немає такого користувача. Вилучення користувачів можливе лише у межах локального домену. �Недостатньо пам’яті �Домашній каталог не буде вилучено. Він не належить користувачеві. �Кількість ідентифікаторів для кожного зрізу під час встановлення відповідності ідентифікаторів�Кількість повторних спроб встановлення з’єднання з надавачами даних�Клас об’єктів для записів карт автоматичного монтування�Клас об’єктів для карт автоматичного монтування�Клас об’єктів для правил sudo�Клас об’єктів для груп�Клас об’єктів для груп у мережі�Клас об’єктів для служб�Клас об’єктів для користувачів�Скасувати визначення лише записів з певного домену�Мало бути вказано лише один аргумент �Не вистачає пам'яті �Замінити значення ідентифікатора групи від надавача профілю цим значенням�Замінити значення назви домашнього каталогу від надавача профілю цим значенням�Замінити значення оболонки від надавача профілю цим значенням�Стек PAM, який слід використовувати�Спроба зміни пароля зазнала невдачі. �Служба зміни паролів�Строк дії пароля вичерпано. Змініть ваш пароль.�Підтримки скидання пароля користувачем root не передбачено.�Пароль: �Паролі не збігаються�Шлях до каталогу сертифікатів CA�Час очікування відповіді на пінг перед перезапуском служби�Будь ласка, виберіть принаймні один об’єкт для скасовування відповідності �Правила оцінки завершення строку дії пароля�Головний атрибут GID�Виводити дані щодо непрямих учасників групи рекурсивно�Вивести номер версії і завершити роботу�Сумісний з printf формат показу повних назв�У привілейованого сокета помилковий власник або права доступу.�У відкритого сокета помилковий власник або права доступу.�Ще раз введіть новий пароль: �Формальний вираз для обробки імені користувача і домену�Вилучити домашній каталог і поштовий буфер�Поновлюваний строк дії TGT�Потрібна перевірка сертифіката TLS�Вимагати TLS для пошуків ідентифікаторів�Обмежити або надавати перевагу певному сімейству адрес під час виконання пошуків DNS�Запустити у інтерактивному режимі (без фонової служби)�SID типового домену для встановлення відповідності ідентифікаторів�Атрибут відкритого ключа SSH�Домени SSSD, які слід запустити�Служби SSSD, які слід запустити�SSSD запущено не від імені користувача root.�Служба SUDO�Діапазон пошуків користувачів�Шукати у базі об’єкти, пов’язані з HBAC�Шукати у базі об’єкт, що містить дані щодо домену IPA�Шукати у базі об’єкти, що містять дані щодо діапазонів ідентифікаторів�Визначає реєстраційний запис, який слід використовувати для FAST�Надіслати діагностичні дані до файлів, а не до stderr�Повідомлення сервера: �Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться виявити у KDC�Атрибут назви служби�Назва служби для пошуків за допомогою служби DNS�Атрибут порту служби�Атрибут протоколу служби�Служба завантаження сеансів�Встановити нижню межу для дозволених ідентифікаторів із сервера LDAP�Встановити рівень докладності діагностичних записів журналу�Встановити верхню межу для дозволених ідентифікаторів із сервера LDAP�Атрибут оболонки�Оболонка, яку слід використовувати, якщо засіб не надає жодної�Чи слід показувати відфільтрованих користувачів у групах�Показувати мікросекунди у часових позначках�Вказати нетиповий файл налаштувань�Вказати альтернативний основний каталог�Вкажіть рівень діагностики, який ви бажаєте встановити �Вкажіть групу, яку слід додати �Вкажіть групу для додавання �Вкажіть групу, яку слід вилучити �Вкажіть групу, запис якої слід змінити �Вкажіть групу, запис якої слід вилучити �Вкажіть групу, дані якої слід показати �Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl�Вкажіть ідентифікатор уповноваження SASL, який слід використовувати�Вкажіть область уповноваження SASL, яку слід використовувати�Вкажіть механізм SASL, який слід використовувати�Вкажіть користувача, запис якого слід додати �Вкажіть користувача, запис якого слід вилучити �Вкажіть користувача, запис якого слід змінити �Зберігати хеші паролів�Зберігати пароль у автономному режимі для розпізнавання у мережі�Замінювати порожні значення домашніх каталогів у засобі надання даних профілів цим значенням�Атрибут команди правила sudo�Атрибут вузла правила sudo�Назва правила sudo�Атрибут граничного часу завершення дії правила sudo�Атрибут граничного часу початку дії правила sudo�Атрибут параметрів правила sudo�Атрибут порядку правила sudo�Атрибут групи, від імені якої виконуватиметься запуск, правила sudo�Атрибут користувача, від імені якого виконуватиметься запуск, правила sudo�Атрибут користувача правила sudo�Система працює у автономному режимі, зміна пароля неможлива�Ідентифікатор групи�Ідентифікатор групи користувача�Ім’я користувача SELinux для входу до системи�Домен SSSD, який слід використовувати�Тип схеми, використаний на сервері LDAP, rfc2307�TTL, який слід застосовувати до запису DNS клієнта після його оновлення�Ідентифікатор користувача�Інтервал часу між послідовними сеансами пошуку правил HBAC на сервері IPA�Час, у секундах, між пошуками у картах SELinux на сервері IPA�Лексема розпізнавання типової назви сервера прив’язки�Адреса автоматичного монтування, яку використовує цей клієнт IPA�Рядок коментаря�Рівень діагностики під час запуску�Типова базова назва домену�Типова назва домену прив’язки�Частина запиту щодо виявлення служби DNS, пов’язана з доменом�Інтерфейс, чию адресу IP має бути використано для динамічних оновлень DNS�Список оболонок, які буде заборонено і замінено резервною оболонкою�Список оболонок, за допомогою яких можуть входити користувачі�Назва бібліотеки NSS, яку слід використовувати�Кількість дескрипторів файлів, які може бути відкрито цим відповідачем�Кількість учасників, яких має не вистачати для вмикання повного скасування посилань�Кількість записів, які слід отримувати у відповідь на один запит LDAP�Має бути вказано абсолютний шлях до команди проксі-сервера �Порт, яким слід користуватися для встановлення з’єднань з вузлом�Помилка команди, яку слід було виконати після вилучення запису: %1$s �Вибраний ідентифікатор групи не належить до діапазону дозволених �Вибраний ідентифікатор користувача не належить до діапазону дозволених �Тип розпізнавання для типової назви сервера прив’язки�Значення поля пароля, яке має повертати постачальник даних NSS�Граничний час між двома перевірками для поновлення�Час очікуванням між трьома послідовними невдалими спробами перевірки луна-імпульсом і примусовим завершенням роботи служби�Час очікування для повідомлень, надісланих за допомогою SBUS�Помилка під час виконання операції Не вдалося додати групу. �Помилка під час виконання операції. Не вдалося додати користувача. �Помилка під час виконання операції Не вдалося змінити групу. �Помилка під час виконання операції. Не вдалося змінити запис користувача. �Враховувати регістр у іменах користувачів�Атрибут UID�Адреса резервного сервера LDAP, для якої можливі зміни паролів�Адреса на сервері LDAP, для якої можливі зміни паролів�Атрибут UUID�Неочікувана помилка під час пошуку опису помилки�Некоректний формат повідомлення щодо реєстраційних даних сервера.�Розблокувати обліковий запис�Верхня межа встановлення відповідності ідентифікатора�Використовувати відповідності ідентифікаторів objectSID замість попередньо встановлених ідентифікаторів�Розпізнавання Kerberos для з’єднання LDAP�Використовувати LDAP_MATCHING_RULE_IN_CHAIN щодо пошуків груп (group)�Використовувати LDAP_MATCHING_RULE_IN_CHAIN щодо пошуків початкових груп (initgroup)�Використовувати для встановлення відповідності ідентифікаторів алгоритм, сумісний з autorid�Використовувати для назв областей лише великі літери�Користувач %1$s не належить визначеному діапазону ідентифікаторів домену �Не вказано користувача �Атрибут реєстраційного запису користувача (для Kerberos)�Домашній каталог користувача вже існує, копіювання даних з каталогу skel не виконуватиметься �Атрибут імені користувача�Користувачі, яких SSSD має явно ігнорувати�ПОПЕРЕДЖЕННЯ: користувач (uid %1$lu) все ще працював у системі на час вилучення його запису. �Визначає тип розпізнавання, який слід використовувати для виконання оновлення DNS�Тип повідомлень, які буде показано користувачеві під час розпізнавання�Визначає, чи має бібліотека LDAP виконувати зворотній пошук з метою переведення назв вузлів у канонічну форму під час прив’язки до SASL�Визначає, чи слід програмі nsupdate типово використовувати TCP�Визначає, чи слід надавачу даних також явним чином оновлювати запис PTR�Визначає, чи слід автоматично оновлювати запис DNS клієнта�Визначає, чи слід автоматично оновлювати запис DNS клієнтського вузла у FreeIPA�Визначає, чи слід створювати файли kdcinfo�Визначає, чи слід обробляти атрибути правил sudo, пов’язані з часовими обмеженнями�Визначає, чи слід фільтрувати правила за назвами вузлів, IP-адресами та мережами�Чи слід хешувати назви та адреси вузлів у файлі known_hosts�Визначає, чи слід включати правила, що містять мережеву групу у атрибуті вузла�Визначає, чи слід включати правила, що містять формальний вираз у атрибуті вузла�Визначає, чи слід виконувати пошук канонічної назви групи у кеші, якщо це можливо�Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change після зміни пароля�Атрибути які слід використовувати для визначення чинності облікового запису�Правила, які має бути використано для визначення достатності прав доступу�Записувати діагностичні повідомлення до файлів журналу�Строк дії вашого пароля вичерпано. Залишилося %1$d резервних входи.�Строк дії вашого пароля завершиться за %1$d %2$s.�Атрибут accountExpires AD�Атрибут entryUSN�Атрибут krbLastPwdChange�Атрибут krbPasswordExpiration�Атрибут lastUSN�ldap_backup_uri, адреса сервера LDAP�ldap_uri, адреса URI сервера LDAP�Атрибут loginAllowedTimeMap NDS�Атрибут loginDisabled NDS�Атрибут loginExpirationTime NDS�Атрибут memberOf�Атрибут nsAccountLock�Атрибут objectSID�Атрибут shadowExpire�Атрибут shadowFlag�Атрибут shadowInactive�Атрибут shadowLastChange�Атрибут shadowMax�Атрибут shadowMin�Атрибут shadowWarning�Атрибут userAccountControl AD�������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/tg.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000130�12320753522�015301� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 mtime=1396954962.46787435 29 atime=1396954962.46787435 30 ctime=1396954962.561874281 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/tg.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000002116�12320753522�015532� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000���������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ������t��������������� ����� ��������*�����9�����@�����Q�����`�� ���o�����z��������������V�����m������������"��������������� �����'��� �����2��������������������������� ������������� ���������������� ����GID attribute�Group name�Group password�Groups�Lock the account�New Password: �Out of memory �Password: �Passwords do not match�Unlock the account�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Tajik (http://www.transifex.com/projects/p/fedora/language/tg/) Language: tg MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); �Аттрибути GID�Номи гурӯҳ�Пароли гурӯҳ�Гуруҳҳо�Ҳисобро қулф кунед�Пароли нав:�Берун аз хотира �Парол:�Паролҳо номувофиқанд�Ҳисобро кушоед���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/pt.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015154� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954962.120874606 30 ctime=1396954962.541874296 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/pt.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000145240�12320753107�015404� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/fedora/" "language/pt/)\n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "Definir a verbosidade dos registos de depuração" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "Incluir data e hora nos registos de depuração" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "Gravar as mensagens de depuração em ficheiros de registo" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "Foi excedido o tempo do ping antes de reiniciar o serviço" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "Comando para iniciar serviço" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "Número de vezes para tentar ligação aos Fornecedores de Dados" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "Serviços SSSD a iniciar" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "Domínios SSSD a iniciar" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "Limite de tempo para mensagens enviadas sobre SBUS" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "Expressão regular para obter nome do utilizar e domínio" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "Formato compatível com o printf para apresentar nomes completos" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "Validade da cache de enumeração (segundos)" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "Validade da actualização da cache em segundo plano (segundos)" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "Validade da cache negativa (segundos)" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "Utilizadores que o SSSD devem explicitamente ignorar" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "Grupos que o SSSD devem explicitamente ignorar" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "Devem os utilizadores filtrados aparecer em grupos" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "O valor do campo da senha que o fornecedor NSS deve retornar" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" "Durante quanto tempo devem ser permitidas as caches de sessões entre sessões " "online (dias)" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "" "Quantas tentativas falhadas de inicio de sessão são permitidas quando offline" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" "Quanto tempo (minutos) para negar a sessão após " "offline_failed_login_attempts ter sido atingido" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Fornecedor de identidade" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Fornecedor de autenticação" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "Fornecedor de controle de acesso" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "Fornecedor de Alteração de Senha" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "ID de utilizador mínimo" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "ID de utilizador máximo" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "Permitir enumeração de todos os utilizadores/grupos" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "Efectuar cache de credenciais para sessões em modo desligado" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "Guardar hashes da senha" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "Apresentar utilizadores/grupos na forma completa" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "Validade da cache (segundos)" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Restringir ou preferir famílias de endereços especificas quando efectua " "consultas DNS" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Durante quanto tempo devem ser permitidas as caches de sessões entre sessões " "bem sucedidas (dias)" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "Domínio IPA" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "Endereço do servidor IPA" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "Nome da máquina do cliente IPA" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Endereço do servidor Kerberos" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Reino Kerberos" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "Tempo de expiração da autenticação" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "Directório para armazenar as caches de credenciais" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "Localização da cache de credenciais dos utilizadores" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "Localização da tabela de chaves (keytab) para validar credenciais" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "Activar validação de credenciais" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Servidor onde está em execução o serviço de alteração de senha, se não " "coincide com o KDC" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, O URI do servidor LDAP" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "A base DN por omissão" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "O DN por omissão para a ligação" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "O tipo de token de autenticação do bind DN por omissão" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "O token de autenticação do bind DN por omissão" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "Período de tempo para tentar ligação" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Tempo de espera para tentar operações LDAP síncronas" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "Tempo de espera entre tentativas para re-conectar quando desligado" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "Ficheiro que contêm os certificados CA" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "Caminho para o directório do certificado CA" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "Obriga a verificação de certificados TLS" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "Especificar mecanismo sasl a utilizar" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "Especifique o id sasl para utilizar na autorização" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "Separador chave do serviço Kerberos" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "Utilizar autenticação Kerberos para ligações LDAP" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "Seguir os referrals LDAP" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "Tempo de espera por um pedido de pesquisa" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "Período de tempo entre enumeração de actualizações" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "Requer TLS para consultas de ID" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "DN base para pesquisa de utilizadores" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "Âmbito das pesquisas do utilizador" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "Filtro para as pesquisas do utilizador" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "Objectclass para utilizadores" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "Atributo do nome do utilizador" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "Atributo UID" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "Atributo GID primário" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "Atributo GECOS" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "Atributo da pasta pessoal" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "Atributo da Shell" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "Atributo UUID" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "Atributo principal do utilizador (para Kerberos)" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Nome Completo" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "Atributo memberOf" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "Atributo da alteração da data" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "Politica para avaliar a expiração da senha" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "Lista de utilizadores autorizados separados por vírgulas" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "Lista de utilizadores não autorizados separados por vírgulas" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Shell pré-definida, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "Directório base para as pastas pessoais" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "O nome da biblioteca NSS a utilizar" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "Stack PAM a utilizar" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "Tornar-se num serviço (omissão)" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "Executar interactivamente (não como serviço)" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "Especificar um ficheiro de configuração não standard" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "Nível de depuração" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "Adicionar tempos na depuração" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "Um descritor de ficheiro aberto para os registos de depuração" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "Domínio do fornecedor de informação (obrigatório)" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "" #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "Senhas não coincidem" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr ", a sua senha guardada em cache irá expirar em: " #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "O sistema está offline, a mudança de senha não é possível" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "Alteração da senha falhou." #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "Mensagem do Servidor: " #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Nova Senha: " #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Digite a senha novamente: " #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Senha: " #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Senha actual: " #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "A senha expirou. Altere a sua senha agora." #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "O nível de depuração a utilizar durante a execução" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "Erro ao definir a configuração regional\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "O UID do utilizador" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "Texto do comentário" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Pasta pessoal" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Shell" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Grupos" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Criar pasta pessoal do utilizador, se ainda não existir" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "Nunca criar pasta pessoal do utilizador. Sobrepõem-se à configuração" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "Indique um directório skeleton alternativo" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "O utilizador SELinux para a sessão do utilizador" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "Indique utilizador a adicionar\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "Erro ao inicializar as ferramentas - não existe domínio local\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "Erro ao inicializar as ferramentas\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "Domínio inválido especificado no FQDN\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "Erro interno ao processar parâmetros\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "Os grupos têm de pertencer ao mesmo domínio que o utilizador\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "Incapaz de definir valores por omissão\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "O UID seleccionado está fora do intervalo permitido\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "Não foi possível definir o contexto SELinux para a sessão\n" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "Incapaz de obter informação acerca do utilizador\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "A pasta pessoal do utilizador já existe. Conteúdo skeldir não copiado\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "Incapaz de alocar um ID para o utilizador - domínio cheio?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "Já existe um utilizador ou grupo com o mesmo nome ou ID\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "Erro na transacção. Não foi possível adicionar o utilizador.\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "O GID do grupo" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "Indique grupo a adicionar\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "O GID seleccionado está fora do intervalo permitido\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "Incapaz de alocar um ID para o grupo - domínio cheio?\n" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "Já existe um grupo com o mesmo nome ou GID\n" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "Erro de transacção. Não foi possível adicionar o grupo.\n" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "Especifique grupo a remover\n" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" "Grupo não existe no domínio local. Apenas é permitido remover grupos no " "domínio local.\n" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "Erro interno. Incapaz de remover grupo.\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "Grupos para adicionar este grupo" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "Grupos para remover este projecto" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "Especifique grupo a modificar\n" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" "Grupo não foi encontrado no domínio local. Apenas é permitido modificar " "grupos no domínio local\n" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "Grupos membro têm de estar no mesmo domínio do grupo pai\n" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" "Incapaz de modificar grupo - verifique que o nome do grupo membro está " "correcto\n" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" "Incapaz de modificar grupo - verifique que o nome do grupo está correcto\n" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "Erro de transacção. Não foi possível modificar o grupo.\n" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "\"Magic\" Privada" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "Imprimir membros de grupos indirectos recursivamente" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "Especifique grupo a apresentar\n" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" "Grupo não existe no domínio local. Grupos de impressão apenas permitidos no " "domínio local.\n" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "Erro interno. Incapaz de imprimir grupo.\n" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "Remover pasta pessoal e spool de correio" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "Não remover pasta pessoal e spool de correio" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "Forçar a remoção de ficheiros não pertencentes ao utilizador" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "Mate os processos do utilizador antes de o remover" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "Especificar o utilizador a remover\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "Não foi possível redefinir o contexto SELinux para a sessão\n" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" "Não foi possível determinar se o utilizador estava autenticado nesta " "plataforma" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "Erro ao verificar se o utilizador estava autenticado\n" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "Pasta pessoal não removida - não pertence ao utilizador\n" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" "Utilizador não existe no domínio local. Apenas é permitido remover " "utilizadores no domínio local.\n" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "Erro interno. Incapaz de remover utilizador.\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "O GID do utilizador" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "Grupos para adicionar este utilizador" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "Grupos para remover este utilizador" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Desactivar Conta" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Activar a Conta" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "Especifique utilizador a modificar\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" "Utilizador não foi encontrado no domínio local. Apenas é permitido modificar " "utilizadores no domínio local\n" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" "Incapaz de modificar utilizador - verifique se o nome do grupo está " "correcto\n" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "Incapaz de modificar utilizador - utilizador já é membro de grupos?\n" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "Erro na transacção. Não foi possível modificar o utilizador.\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "Memória esgotada\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "Enviar o resultado de depuração para ficheiro em vez do stderr" ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/quot.sed������������������������������������������������������������0000644�0000000�0000000�00000000131�12320753476�015661� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954942.083889363 30 atime=1396954942.083889363 29 ctime=1396954962.52187431 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/quot.sed�����������������������������������������������������������������������������0000644�0024127�0024127�00000000231�12320753476�016103� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������s/"\([^"]*\)"/“\1”/g s/`\([^`']*\)'/‘\1’/g s/ '\([^`']*\)' / ‘\1’ /g s/ '\([^`']*\)'$/ ‘\1’/g s/^'\([^`']*\)' /‘\1’ /g s/“”/""/g �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/remove-potcdate.sin�������������������������������������������������0000644�0000000�0000000�00000000132�12320753476�020006� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954942.093889355 30 atime=1396954961.809874836 30 ctime=1396954962.520874311 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/remove-potcdate.sin������������������������������������������������������������������0000644�0024127�0024127�00000000660�12320753476�020235� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Sed script that remove the POT-Creation-Date line in the header entry # from a POT file. # # The distinction between the first and the following occurrences of the # pattern is achieved by looking at the hold space. /^"POT-Creation-Date: .*"$/{ x # Test if the hold space is empty. s/P/P/ ta # Yes it was empty. First occurrence. Remove the line. g d bb :a # The hold space was nonempty. Following occurrences. Do nothing. x :b } ��������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/sssd.pot������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015671� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954961.840874813 30 ctime=1396954962.527874306 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/sssd.pot�����������������������������������������������������������������������������0000664�0024127�0024127�00000125710�12320753107�016121� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "" #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr "" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "" #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "" #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "" #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "" #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "" #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "" ��������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/ru.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015317� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.447874365 30 atime=1396954962.447874365 30 ctime=1396954962.559874282 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/ru.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000057542�12320753522�015563� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ��������'�����1�����8���3�����l�������*����������������������� �����&��#���@��T���d��R�������� �����,��%���G��(���m�������3�����2�����7�����A���N��9�����7�����,��������/�� ���B�����N��$���g��,�����+�����.����������#���1��6���U��$�����*����������/�����"���*�����M�����e��,���{�� ���������������*�����)�������������:�� ���U�����v������������U�����<�����B���Q��F�����8���������� ���(�����3�����F�� ���X��(���y��'�����(�����'�����!��������=�����L�����d��*���|��:�����*�����$��� ��5���2��+���h��#�����.�����'���������� ��� �����,�����;��9���K������������'����������M�����M���6��K�����*�����7��������3�����I�����X�����i�������+����� ���������� �����&��� ��*���1�����\��(���r��=�����5�����1��������A��"���X��$���{��$����������H��������) �����H �����^ �����u ��0��� ����� ��E��� ��&���!�����:!��&���J!��!���q!��)���!�����!�����!�����!�����"��(���"��!���E"�����g"�����|"�����"�����"��9���"��/���"�����,#�����A#��2���U#�����#��/���#�����#�����#�����#�����$��.���#$��=���R$��"���$��.���$��.���$��;���%��>���M%��'���%��(���%��'���%��+���&��*���1&�� ���\&�����j&�����y&��%���&��'���&��D���&�����'��(���2'��A���['�� ���'��$���'�����'����'��`���)��T���U*��n���*��F���+��C���`+��W���+��N���+��7���K,�����,��5���,��Q���,��c���'-�����-�����=.��V��� /��R���b/��f���/��f���0��1���0��[���0��h���1��z���z1�����1�����2��x���3��_���}3�����3�����3��3���4��M���L4��W���4��V���4��O���I5��=���5��X���5��r���06��L���6��T���6��A���E7��s���7��7���7�����38��&���M8��n���t8�����8�����8�� ���9��c���9��Q���9��D���9��T���:��D���m:��T���:�����;��2���';�����Z;�����<�����<��y���P=��y���=��"���D>�����g>�����v>��A���>��M���>��^���$?��[���?��T���?��`���4@��1���@��(���@�����@��%���A��G���5A�����}A��`���B��N���wB��j���B��z���1C��:���C��^���C��X���FD��6���D��!���D�� ���D��4���E�����;E��2���E��0���E��V���#F�����zF�����F�����3G�����G�����H��a���'I��-���I��&���I��%���I��0���J��;���5J��z���qJ�� ���J��$���J��=���K��=���]K��a���K�����K��X���L��`���uL�����L�����hM��5���M��q���(N��Q���N��>���N��1���+O�����]O��E���P��(���HP��(���qP�����P��]���P��"���Q��p���7Q��I���Q�����Q��p���R��0���R��M���R��8���S��4���;S��6���pS�����S��E���S��$��� T��A���/T��@���qT��B���T��&���T�����U��x���U�����V�����/V��M���LV�����V��[���V��#���W��3���7W�����kW�����W��F���W��q���W��8���dX��]���X��j���X��d���fY��i���Y��S���5Z��Y���Z��f���Z��Y���J[��e���[����� \�����!\��8���9\��j���r\��L���\�����*]�����]��]���^��]���o^��Y���^��"���'_�����J_��������4������e���k���������2���&���L��������������y���%������/���3���x���^��� ����������m���;��� ����������� ���,�������0���=������b������� ���+���7����������d����������������h�������~�������l���N�������A��������������M����������(����������K�������������H���p���g���_��������������������������������t���o���*�������f����������������������������j��� ��������������q���J����������������������.���'���?�������O�������[������r���i���\���F���Q���6���8��������������>���`���!������c����������������������D������W����������������5������E������B���#�������������C���z�������|���a�������:������v���I������n���G��������������������������������$���9�����������������-�����������)�������S����������<���1���u������V���������T����������������"������ ������P����������������������@���Z���s�����������R���X�����������������U���������]���}�������Y���{���w�������������������������������������������, your cached password will expire at: �A group with the same name or GID already exists �A user or group with the same name or ID already exists �Access control provider�Add debug timestamps�An open file descriptor for the debug logs�Authentication provider�Authentication timeout�Base DN for user lookups�Base for home directories�Become a daemon (default)�Cache credentials for offline login�Cannot find group in local domain, modifying groups is allowed only in local domain �Cannot find user in local domain, modifying users is allowed only in local domain �Cannot get info about the user �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the group - domain full? �Could not allocate ID for the user - domain full? �Could not modify group - check if groupname is correct �Could not modify group - check if member group names are correct �Could not modify user - check if group names are correct �Could not modify user - user already member of groups? �Create user's directory if it does not exist�Current Password: �Debug level�Default shell, /bin/bash�Directory to store credential caches�Display users/groups in fully-qualified form�Do not remove home directory and mail spool�Domain of the information provider (mandatory)�Enable credential validation�Enable enumerating all users/groups�Entry cache background update timeout length (seconds)�Entry cache timeout length (seconds)�Enumeration cache timeout length (seconds)�Error initializing the tools �Error initializing the tools - no local domain �File that contains CA certificates�Filter for user lookups�Follow LDAP referrals�Force removal of files not owned by the user�Full Name�GECOS attribute�Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Groups to add this group to�Groups to add this user to�Groups to remove this group from�Groups to remove this user from�Home directory�Home directory attribute�How long (minutes) to deny login after offline_failed_login_attempts has been reached�How long to allow cached logins between online logins (days)�How long to keep cached entries after last successful login (days)�How long to wait for replies from DNS when resolving servers (seconds)�How many failed logins attempts are allowed when offline�IPA client hostname�IPA domain�IPA server address�Identity provider�Include timestamps in debug logs�Internal error while parsing parameters �Internal error. Could not print group. �Internal error. Could not remove group. �Internal error. Could not remove user. �Invalid domain specified in FQDN �Kerberos realm�Kerberos server address�Kerberos service keytab�LDAP filter to determine access privileges�Length of time between attempts to reconnect while offline�Length of time between enumeration updates�Length of time to attempt connection�Length of time to attempt synchronous LDAP operations�Length of time to wait for a search request�Lifetime of TGT for LDAP connection�Location of the keytab to validate credentials�Location of the user's credential cache�Lock the account�Login shell�Magic Private �Maximum user ID�Member groups must be in the same domain as parent group �Minimum user ID�Modification time attribute�Negative cache timeout length (seconds)�New Password: �No such group in local domain. Printing groups only allowed in local domain. �No such group in local domain. Removing groups only allowed in local domain. �No such user in local domain. Removing users only allowed in local domain. �Not removing home dir - not owned by user �Number of times to attempt connection to Data Providers�Objectclass for users�Out of memory �PAM stack to use�Password change failed. �Password change provider�Password expired. Change your password now.�Password: �Passwords do not match�Path to CA certificate directory�Ping timeout before restarting service�Policy to evaluate the password expiration�Primary GID attribute�Print indirect group members recursively�Printf-compatible format for displaying fully-qualified names�Privileged socket has wrong ownership or permissions.�Public socket has wrong ownership or permissions.�Reenter new Password: �Regex to parse username and domain�Remove home directory and mail spool�Require TLS certificate verification�Require TLS for ID lookups�Restrict or prefer a specific address family when performing DNS lookups�Run interactive (not a daemon)�SSSD Domains to start�SSSD Services to start�Scope of user lookups�Send the debug output to files instead of stderr�Server message: �Server where the change password service is running if not on the KDC�Set the verbosity of the debug logging�Shell attribute�Should filtered users appear in groups�Specify a non-default config file�Specify an alternative skeleton directory�Specify group to add �Specify group to delete �Specify group to modify �Specify group to show �Specify the sasl authorization id to use�Specify the sasl mechanism to use�Specify user to add �Specify user to delete �Specify user to modify �Store password hashes�Store password if offline for later online authentication�System is offline, password change not possible�The GID of the group�The GID of the user�The Schema Type in use on the LDAP server, rfc2307�The UID of the user�The authentication token of the default bind DN�The comment string�The debug level to run with�The default base DN�The default bind DN�The domain part of service discovery DNS query�The interface whose IP should be used for dynamic DNS updates�The name of the NSS library to use�The selected GID is outside the allowed range �The selected UID is outside the allowed range �The type of the authentication token of the default bind DN�The value of the password field the NSS provider should return�Timeout for messages sent over the SBUS�Transaction error. Could not add group. �Transaction error. Could not add user. �Transaction error. Could not modify group. �Transaction error. Could not modify user. �UID attribute�UUID attribute�Unlock the account�Use Kerberos auth for LDAP connection�User principal attribute (for Kerberos)�User's home directory already exists, not copying data from skeldir �Username attribute�Users that SSSD should explicitly ignore�Whether to automatically update the client's DNS entry in FreeIPA�Write debug messages to logfiles�ldap_uri, The URI of the LDAP server�memberOf attribute�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Russian (http://www.transifex.com/projects/p/fedora/language/ru/) Language: ru MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2); �, срок действия вашего кэшированного пароль истечёт:�Группа с таким же именем или GID уже существует �Пользователь или группа с таким именем или ID уже существует �Поставщик данных для контроля доступа�Добавить отладочные отметки времени�Открытый дескриптор файла для журналов отладки�Поставщик данных для проверки подлинности�Тайм-аут проверки подлинности�Base DN для поиска�Место для домашних каталогов�Запускаться в качестве службы (по умолчанию)�Кэшировать учётные данные для неинтерактивного входа�Не удалось найти группу в локальном домене, изменение групп разрешено только в локальном домене �Не удалось найти пользователя в локальном домене, изменение пользователей разрешено только в локальном домене �Не удалось получить информацию о пользователе �Не удалось установить значения по умолчанию �Разделённый запятыми список разрешённых пользователей�Разделённый запятыми список запрещённых пользователей�Команда для запуска службы�Не удалось выделить ID для группы - домен заполнен? �Для пользователя не удалось выделить ID - домен заполнен? �Не удалось изменить группу — проверьте правильность имени группы �Не удалось изменить группу — проверьте правильность имён групп-участников �Не удалось изменить пользователя — проверьте правильность имён групп �Не удалось изменить пользователя — он уже является членом групп? �Создать каталог пользователя, если он не существует�Текущий пароль:�Уровень отладки�Оболочка по умолчанию, /bin/bash�Каталог для хранения кэшей учётных данных�Отображать пользователей/группы в полной форме�Не удалять домашний каталог и почтовую очередь�Домен поставщика информации (обязательный)�Включить проверку учётных данных�Включить перечисление всех пользователей/групп�Тайм-аут фонового обновления элемента списка кэша (в секундах)�Тайм-аут элемента списка кэша (в секундах)�Длина тайм-аута кэша перечисления (в секундах)�Ошибка инициализации инструментов �Ошибка инициализации инструментов - не найден локальный домен �Файл содержащий сертификаты CA�Фильтр поиска�Следовать ссылкам LDAP�Принудительно удалять файлы, не принадлежащие пользователю�Полное имя�Атрибут «GECOS»�Группы�Группы должны быть в том же домене, что и пользователь �Группы, которые SSSD должен явно игнорировать �Группы, к которым добавить эту группу�Группы, к которым добавить этого пользователя�Группы, из которых удалить эту группу�Группы, из которых удалить этого пользователя�Домашний каталог�Атрибут домашнего каталога�Временной интервал (в минутах), в течение которого будет запрещён вход после достижения offline_failed_login_attempts�Разрешённый интервал кэшированных входов между интерактивными входами (в днях)�Как долго хранить кэшированные элементы списка после последнего успешного входа (в днях)�Время ожидания ответа DNS при преобразовании имён серверов (секунд)�Разрешённое количество неудачных попыток неинтерактивного входа�имя узла клиента IPA�IPA-домен�адрес сервера IPA�Поставщик данных для идентификации�Добавить отметки времени в журнал отладки�При разборе параметров возникла внутренняя ошибка �Внутренняя ошибка. Невозможно напечатать группу. �Внутренняя ошибка. Не удалось удалить группу. �Внутренняя ошибка. Не удалось удалить пользователя. �В FQDN указан неверный домен �Область действия Kerberos�Имя сервера Kerberos�Keytab-файл службы Kerberos�Фильтр LDAP для определения прав доступа�Временной интервал между попытками возобновления соединения в автономного режиме�Временной интервал между обновлениями перечисления�Временной интервал для попытки соединения�Временной интервал для попытки синхронизации операций LDAP�Временной интервал, в течение которого ожидать поискового запроса�Время жизни TGT для LDAP-соединений�Расположение keytab-файла для проверки учётных данных�Расположения кэша учётных данных пользователей�Заблокировать учётную запись�Исходная оболочка�Magic Private�Максимальный ID пользователя�Группы-участники должны быть в том же домене, что и родительская группа �Минимальный ID пользователя�Атрибут времени изменения�Отрицательная длина тайм-аута кэша (в секундах)�Новый пароль:�В локальном домене нет такой группы. Печать групп разрешена только в локальном домене. �В локальном домене такой группы нет. Удаление групп разрешено только в локальном домене. �В локальном домене нет такого пользователя. Удаление пользователей разрешено только для локального домена. �Домашняя директория не удалена — пользователь не является её владельцем �Количество попыток подключения к поставщикам данных�Objectclass для пользователей�Недостаточно памяти �Используемый стек PAM�Не удалось сменить пароль.�Поставщик операции смены пароля�Срок действия пароля истёк. Необходимо сейчас изменить ваш пароль.�Пароль:�Пароли не совпадают�Путь к каталогу с сертификатами CA�Тайм-аут ping до перезапуска службы�Политика вычисления окончания срока действия пароля�Атрибут «primary GID»�Рекурсивно выводить непрямых участников группы�Отображать полные имена в формате, совместимом с printf�Для привилегированного сокета установлен неверный владелец или права доступа.�Для общедоступного сокета установлен неверный владелец или права доступа.�Введите новый пароль ещё раз:�Регулярное выражение для разбора имени пользователя и домена�Удалить домашний каталог и почтовую очередь�Требуется проверка сертификата TLS�Требовать TLS для запросов ID�Ограничивать или предпочитать определённое семейство адресов при выполнении запросов DNS�Запускаться интерактивно (не службой)�Запускаемые домены SSSD�Запускаемые службы SSSD�Глубина поиска�Отправлять отладочные сообщения в файлы, а не в stderr�Сообщение сервера:�Сервер, на котором запущена служба смены пароля (если не на KDC)�Установить подробность журнала отладки�Атрибут оболочки�Должны ли отфильтрованные пользователи появляться в группах�Указать файл конфигурации�Укажите альтернативный скелетный каталог�Укажите группу для добавления �Укажите группу для удаления �Укажите группу для изменения �Укажите группу �Укажите идентификатор авторизации sasl�Укажите механизм sasl�Укажите добавляемого пользователя �Укажите пользователя для удаления �Укажите пользователя для изменения �Хранить хеши паролей�При отсутствии соединения сохранить пароль и пройти аутентификацию позже�Система находится в автономном режиме, невозможно сменить пароль�GID группы�GID пользователя�Тип схемы, используемой на LDAP-сервере, rfc2307�UID пользователя�Маркер проверки подлинности для bind DN по умолчанию�Строка комментария�Уровень отладки для запуска�Base DN по умолчанию�Bind DN по умолчанию�Доменная часть DNS-запроса поиска служб�Интерфейс, адрес которого будет использован для обновления DNS�Имя используемой библиотеки NSS�Выбранный GID находится вне разрешённого диапазона �Выбранный UID находится за пределами доступного диапазона �Тип маркера проверки подлинности для bind DN по умолчанию�Значение поля пароля, которое должен вернуть поставщик NSS�Тайм-аут для сообщений, отправленных через SBUS�Ошибка в транзакции. Не удалось добавить группу. �Ошибка в транзакции. Невозможно добавить пользователя. �Ошибка в транзакции. Не удалось изменить группу. �Ошибка в транзакции. Не удалось изменить пользователя. �Атрибут «UID»�Атрибут «UUID»�Разблокировать учётную запись�Использовать проверку подлинности Kerberos для LDAP-соединения�Атрибут участника-пользователя (для Kerberos)�Домашний каталог пользователя уже существует, копирования данных из скелетной директории выполнено не будет �Атрибут «username»�Пользователи, которых SSSD должен явно игнорировать �Если требуется автоматическое обновление записи в�Записывать отладочные сообщения в файлы журнала�ldap_uri, URI сервера LDAP �Атрибут memberOf���������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/LINGUAS�������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015216� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954961.143875328 30 ctime=1396954962.565874278 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/LINGUAS������������������������������������������������������������������������������0000664�0024127�0024127�00000000103�12320753107�015432� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/sv.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015161� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954962.164874574 30 ctime=1396954962.543874294 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/sv.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000171113�12320753107�015407� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Göran Uddeborg <goeran@uddeborg.se>, 2013 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" "Language-Team: Swedish (http://www.transifex.com/projects/p/fedora/language/" "sv/)\n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "Ange pratsamhet för felsökningsloggning" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "Inkludera tidsstämplar i felsökningsloggar" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "Inkludera mikrosekunder i tidsstämplar i felsökningsloggar" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "Skriv felmeddelanden till loggfiler" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "Ping-tidsgräns före tjänst startas om" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" "Tidsgräns mellan tre misslyckade ping-kontroller och att framtvingat döda " "tjänsten" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "Kommando för att starta tjänst" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "Antal gånger att försöka ansluta till dataleverantörer" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "Antalet fildeskriptorer som får öppnas av denna svarare" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "Inaktiv tid före en klient automatiskt kopplas ifrån" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "SSSD-tjänster att starta" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "SSSD-domäner att starta" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "Tidsgräns för meddelanden skickade via SBUS" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "Reguljäruttryck för att tolka användarnamn och domän" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "Printf-kompatibla format för att visa fullständigt kvalificerade namn" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "Katalog på filsystemet där SSSD skall lagra sparade återspolningsfiler från " "Kerberos." #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "Domän att lägga till till namn utan en domändel." #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "Tidsgränslängd för uppräkningscache (sekunder)" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "Tidsgränslängd för bakgrundsuppdateringar av postcache (sekunder)" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "Tidsgränslängd för negativ cache (sekunder)" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "Användare som SSSD uttryckligen skall bortse ifrån" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "Grupper som SSSD uttryckligen skall bortse ifrån" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "Skall filtrerade användare förekomma i grupper" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "Värdet på lösenordfältet som NSS-leverantörer skall returnera" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "Åsidosätt hemkatalogvärdet från identitetsleverantören med detta värde" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" "Ersätt ett tomt hemkatalogvärde från identitetsleverantören med detta värde" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "Åsidosätt skalvärdet från identitetsleverantören med detta värde" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "Listan på skal användare får lova att logga in med" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "Listan på skal som kommer förbjudas, och ersättas med standardskalet" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" "Om ett skal lagrat i en central katalog är tillåtet men inte tillgängligt, " "använd detta alternativ" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "Skal att använda om leverantören inte listar något" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "Hur länge sparade poster i minnet är giltiga" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" "Hur länge sparade inloggningar tillåts mellan online-inloggningar (dagar)" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "Hur många misslyckade inloggningsförsök som tillåts i frånkopplat läge" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" "Hur länge (minuter) som inloggning nekas efter att " "frånkopplade_inloggningsförsök har nåtts" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "Vilka slags meddelanden som visas för användaren under autenticering" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "Hur många sekunder identitetsinformationen hålls sparad för PAM-frågor" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "Hur många dagar före ett lösenord går ut en varning skall visas" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "Om tidsbaserade attribut i sudo-regler skall beräknas" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" "Om värdnamn och adresser i known_hosts-filen skall göras till kontrollsummor" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" "Hur många sekunder att behålla en värd i filen known_hosts efter att dess " "värdnycklar begärdes" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "Lista över UID:er eller användarnamn som tillåts komma åt PAC-svararen" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Identifiera leverantör" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Autentiseringsleverantör" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "Leverantör av åtkomstkontroll" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "Leverantör av lösenordsändringar" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "SUDO-leverantör" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "Autofs-leverantör" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "Sessionsinläsningsleverantör" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "Värdidentiftetsleverantör" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "Minsta användar-ID" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "Största användar-ID" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "Aktivera uppräkning av alla användare/grupper" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "Cache-kreditiv för frånkopplad inloggning" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "Lagra lösenords-kontrollsummor" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "Visa användare/grupper i fullständigt kvalificerat format" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "Inkludera inte gruppmedlemmar i gruppuppslagningar" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "Tidsgränslängd för postcache (sekunder)" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "Begränsa eller föredra en specifik adressfamilj vid DNS-uppslagningar" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Hur länge cachade poster skall behållas efter senaste lyckade inloggning " "(dagar)" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "Hur länge man väntar på svar från DNS när servrar slås upp (sekunder)" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "Domändelen av DNS-frågan för tjänstedetektering" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "Åsidosätt GID-värdet från identitetsleverantören med detta värde" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "Behandla användarnamn som skiftlägeskänsliga" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "Hur ofta utgångna poster skall förnyas i bakgrunden" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "Huruvida klienternas DNS-poster uppdateras automatiskt" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "TTL:en att använda för klientens DNS-post efter att ha uppdaterat den" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "Gränssnittet var IP skall användas för dynamiska DNS-uppdateringar" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "Hur ofta klienternas DNS-poster periodiskt skall uppdateras" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "Huruvida leverantören explicit skall uppdatera PTR-posten också" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "Huruvida verktyget nsupdate skall använda TCP som standard" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" "Vilken sorts autenticering som skall användas för att utföra DNS-" "uppdateringen" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 #, fuzzy msgid "How often should subdomains list be refreshed" msgstr "Hur ofta utgångna poster skall förnyas i bakgrunden" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "IPA-domän" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "IPA-serveradress" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "Adress till reserv-IPA-server" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "IPA-klienvärdnamn" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "Om klientens DNS-post i FreeIPA automatiskt skall uppdateras" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "Sökbas för HBAC-relaterade objekt" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "Tidsåtgången mellan uppslagningar av HBAC-reglerna mot IPA-servern" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" "Tiden i sekunder mellan uppslagningar av SELinux-mappningar mot IPA-servern" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "Om det finns DENY-regler, antingen DENY_ALL eller IGNORE" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "Om satt till falskt kommer värdargument givna av PAM ignoreras" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "Platsen för automatmonteraren denna IPA-klient använder" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "Sökbas för objekt som innehåller information om IPA-domänen" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "Sökbas för objekt som innehåller information om ID-intervall" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "Aktivera DNS-sajter - platsbaserad detektering av tjänster" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "Active Directory-domän" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "Adress till Active Directory-server" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "Adress till Active Directory-reservserver" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "Active Directory-klienvärdnamn" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Adress till server för Kerberos" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "Adress till reservserver för Kerberos" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Kerberosrike" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "Autentiseringstidsgräns" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "Huruvida kdcinfo-filer skall skapas" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "Katalog att lagra kreditiv-cachar i" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "Plats för användarens kreditiv-cache" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "Plats för nyckeltabellen för att validera kreditiv" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "Aktivera validering av kreditiv" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "Lagra lösenord när ej ansluten för ansluten autentisering senare" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "Förnybar livstid för TGT:n" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "Livstid för TGT:n" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "Tid mellan två kontroller av förnyelse" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "Aktiverar FAST" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "Väljer huvudman att använda för FAST" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "Aktivera kanonsisk form av huvudman" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "Aktiverar företagshuvudmän" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "Server där ändringstjänsten för lösenord kör om inte på KDC:n" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI:n för LDAP-servern" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, URI:n för LDAP-servern" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "Standard bas-DN" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Schematypen som används i LDAP-servern, rfc2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "Standard bindnings-DN" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "Typen på autenticerings-token för standard bindnings-DN" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "Autenticerings-token för standard bindnings-DN" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "Tidslängd att försöka ansluta" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Tidslängd att försök synkrona LDAP-operationer" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "Tidslängd mellan försök att återansluta vid frånkoppling" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "Använd endast versaler för namn på riken" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "Fil som innehåller CA-certifikat" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "Sökväg till katalogen med CA-certifikat" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "Fil som innehåller klientcertifikatet" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "Fil som innehåller klientnyckeln" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "Lista över möjliga chiffersviter" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "Kräv TLS-certifikatverifiering" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "Ange sasl-mekanismen att använda" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "Ange sasl-auktorisering-id att använda" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "Ange sasl-auktoriseringsrike att använda" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Ange minsta SSF för LDAP-sasl-auktorisering" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "Kerberostjänstens nyckeltabell" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "Avnänd Kerberosautenticering för LDAP-anslutning" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "Följer LDAP-hänvisningar" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "Livslängd på TGT för LDAP-anslutning" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "Hur alias skall derefereras" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "Tjänstenamn för uppslagning av DNS-tjänster" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "Antalet poster som skall hämtas i en enda LDAP-fråga" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "Antalet medlemmar som måste saknas för att orsaka en fullständig dereferering" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" "Huruvida LDAP-biblioteket skall utföra en omvänd uppslagning för att ta fram " "värdnamnets kanoniska form under en SASL-bindning" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "entryUSN-attribut" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "lastUSN-attribut" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" "Hur länge en anslutning till LDAP-servern skall behållas före den kopplas ner" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "Avaktivera flödesstyrningen (paging) av LDAP" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "Avaktivera Active Directorys intervallhämtande" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "Tidslängd att vänta på en sökbegäran" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "Tidslängd att vänta på en uppräkningsbegäran" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "Tidslängd mellan uppräkningsuppdateringar" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "Tidslängd mellan cache-tömningar" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "Kräv TLS för ID-uppslagningar" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "Använd ID-översättning av objectSID istället för pre-set ID:n" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "Bas-DN för användaruppslagningar" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "Omfång av användaruppslagningar" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "Filter för användaruppslagningar" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "Objektklass för användare" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "Användarnamnsattribut" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "UID-attribut" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "Primärt GID-attribut" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "GECOS-attribut" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "Hemkatalogattribut" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "Skalattribut" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "UUID-attribut" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "objectSID-attribut" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "Primärt gruppattribut i Active Directory för ID-mappning" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "Användarens huvudmansattribut (för Kerberos)" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Fullständigt namn" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "medlemAv-attribut" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "Modifieringstidsattribut" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "attributet shadowLastChange" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "shadowMin-attribut" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "shadowMax-attribut" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "shadowWarning-attribut" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "shadowInactive-attribut" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "shadowExpire-attribut" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "shadowFlag-attribut" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "Attribut för listning av auktoriserade PAM-tjänster" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "Attribut för listning av auktoriserade servervärdar" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "attributet krbLastPwdChange" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration-attribut" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "Attribut som indikerar att serversidans lösenordspolicyer är aktiva" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "AD:s attribut accountExpires" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "AD:s attribut userAccountControl" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "attributet nsAccountLock" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "NDS attribut loginDisabled" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "NDS attribut loginExpirationTime" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "NDS attribut loginAllowedTimeMap" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "Attribut för publik SSH-nyckel" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "Bas-DN för gruppuppslagningar" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "Objektklass för grupper" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "Gruppnamn" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "Grupplösenord" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "GID-attribut" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "Gruppmedlemsattribut" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "Grupp-UUID-attribut" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "Modifieringstidsattribut för grupper" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "Maximal nästningsnivå SSSd kommer följa" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "Bas-DN för nätgruppuppslagningar" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "Objektklass för nätgrupper" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "Nätgruppnamn" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "Attribut på nätgruppmedlemmar" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "Attribut på nätgruppstripplar" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "Attribut på nätgrupps-UUID" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "Modifieringstidsattribut för nätgrupper" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "Bas-DN för tjänsteuppslagningar" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "Objektklass för tjänster" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "Tjänstenamnsattribut" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "Tjänsteportsattribut" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "Tjänsteprotokollsattribut" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "Undre gräns för ID-mappning" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "Övre gräns för ID-mappning" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "Antal ID:n till varje skiva vid ID-mappning" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "Använd en autorid-kompatibel algoritm för ID-mappning" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "Standarddomänens namn för ID-mappning" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "Standarddomänens SID för ID-mappning" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "Använd LDAP_MATCHING_RULE_IN_CHAIN för gruppuppslagningar" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "Använd LDAP_MATCHING_RULE_IN_CHAIN för init-gruppuppslagningar" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "Sätt undre gräns för tillåtna ID:n från LDAP-servern" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "Sätt övre gräns för tillåtna ID:n från LDAP-servern" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "Policy för att utvärdera utgång av lösenord" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "LDAP-filter för att bestämma åtkomstprivilegier" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "Vilka attribut skall användas för att avgöra om ett konto gått ut" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "Vilka regler skall användas för att avgöra åtkomstkontroll" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "URI till en LDAP-server där lösenordsändringar är tillåtna" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "URI till en reserv-LDAP-server där lösenordsändringar är tillåtna" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "DNS-tjänstenamn för LDAP-lösenordsändringsservern" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" "Huruvida attributet ldap_user_shadow_last_change skall uppdateras efter en " "ändring av lösenord" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "Bas-DN för regeluppslagningar" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "Intervall mellan automatisk fullständig omläsning" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "Intervall mellan automatisk smart omläsning" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" "Huruvida regler skall filtreras efter värdnamn, IP-adresser och nätverk" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" "Värdnamn och/eller fullständigt kvalificerade domännamn på denna maskin för " "att filtrera sudo-regler" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "IPv4- eller IPv6-adresser eller -nätverk för denna maskin för att filtrera " "sudo-regler" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Huruvida regler som innehåller nätgrupper i värdattribut skall inkluderas" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Huruvida regler som innehåller reguljära uttryck i värdattribut skall " "inkluderas" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "Objektklass för sudo-regler" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "Sudo-regelnamn" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "Attribut för sudo-regelkommandon" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "Attribut för sudo-regelvärd" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "Attribut för sudo-regelanvändare" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "Attribut för sudo-regelflaggor" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "Attribut för sudo-runasuser" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "Attribut på runasgroup i sudo-regel" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "Attribut för sudo-notbefore-regler" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "Attribut för sudo-notafter-regler" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "Attribut för sudo-order-regler" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "Objektklass för automatmonteraravbildningar" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "Attribut för automatmonteraravbildningsnamn" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "Objektklass för poster i automatmonteraravbildningar" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "Attribut för postnycklar i automatmonteraravbildningar" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "Attribut på postvärde i avbildning för automatmonteraren" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "Bas-DN för uppslagningar i automatmonteraravbildningar" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "Kommaseparerad lista över tillåtna användare" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "Kommaseparerad lista över förbjudna användare" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Standardskal, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "Bas för hemkataloger" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "Namnet på NSS-biblioteket att använda" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "Huruvida kanoniska gruppnamn skall slås upp från cachen om möjligt" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "PAM-stack att använda" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "Bli en demon (standard)" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "Kör interaktivt (inte en demon)" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "Ange en konfigurationsfil annan än standard" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "Skriv ut versionsnumret och avsluta" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "Felsökningsnivå" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "Lägg till felsökningstidstämplar" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "Visa tidsstämplar med mikrosekunder" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "Ett öppet filhandtag för felsökningsloggarna" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "Domän för informationsleverantören (obligatoriskt)" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "Priviligierat uttag (socket) har fel ägarskap eller rättigheter." #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "Publikt uttag (socket) har fel ägarskap eller rättigheter." #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "Oväntat format på serverns kreditivmeddelande." #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "SSSD körs inte av root." #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "Ett fel uppstod, men ingen beskrivning kan hittas." #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "Oväntat fel vid sökning efter ett felmeddelande" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "Lösenorden stämmer inte överens" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "Återställning av lösenord av root stöds inte." #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "Autentiserad med cachade kreditiv" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr ", ditt cache-lösenord kommer gå ut: " #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Ditt lösenord har gått ut. Du har en frist på %1$d inloggningar kvar." #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Ditt lösenordet kommer gå ut om %1$d %2$s." #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "Autentisering nekas till: " #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "Systemet är frånkopplat, ändring av lösenord är inte möjligt" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "Lösenordsändringen misslyckades. " #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "Servermeddelande: " #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Nytt lösenord: " #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Skriv det nya lösenordet igen: " #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Lösenord: " #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Nuvarande lösenord: " #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "Lösenordet har gått ut. Ändra ditt lösenord nu." #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "Felsökningsnivån att köra med" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "SSSD-domäner att använda" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "Fel när lokalen sattes\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "Inte tillräckligt med minne\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "Ingen användare angiven\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "Fel vid uppslagning av publika nycklar\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "Porten att använda för att ansluta till värden" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "Felaktig port\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "Värden inte angiven\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "Sökvägen till proxy-kommandot måste vara absolut\n" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "Användarens UID" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "Kommentarsträngen" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Hemkatalogen" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Inloggningsskalet" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Grupper" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Skapa användarens katalog om den inte redan finns" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "Skapa aldrig användarens katalog, åsidosätter konfigurationen" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "Ange en alternativ skelettkatalog" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "SELinux-användaren för användarens inloggning" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "Ange en grupp att lägga till till\n" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "Ange en användare att lägga till\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "Fel vid initiering av verktygen — ingen lokal domän\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "Fel vid initiering av verktygen\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "Ogiltig domän angiven i FQDN\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "Internt fel vid tolkning av parametrar\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "Grupper måste finnas i samma domän som användaren\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "Hittar inte gruppen %1$s i den lokala domänen\n" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "Kan inte sätta standardvärden\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "Den valda UID:n är utanför det tillåtna intervallet\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "Kan inte sätta SELinux-inloggningskontext\n" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "Kan inte få information om användaren\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "Användarens hemkatalog finns redan, kopierar inte data från " "skelettkatalogen\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "Kan inte skapa användarens hemkatalog: %1$s\n" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "Kan inte skapa användarens brevlåda: %1$s\n" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "Det gick inte att allokera ID för användaren - full domän?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "En användare eller grupp med samma namn eller ID finns redan\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "Transaktionsfel. Det gick inte att lägga till användaren.\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "GID:t för gruppen" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "Ange en grupp att lägga till\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "Den valda GID:n är utanför det tillåtna intervallet\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "Det gick inte att allokera ID för gruppen - full domän?\n" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "En grupp med samma namn eller GID finns redan\n" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "Transaktionsfel. Det gick inte att lägga till gruppen.\n" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "Ange grupp att ta bort\n" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "Gruppen %1$s är utanför det definierade ID-intervallet för domänen\n" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" "NSS-begäran misslyckades (%1$d). Posten kan finnas kvar i en minnes-cache.\n" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" "Ingen sådan grupp i den lokala domänen. Att ta bort grupper är endast " "tillåtet i den lokala domänen.\n" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "Internt fel. Det gick inte att ta bort gruppen.\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "Grupper att lägga till denna grupp till" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "Grupper att ta bort denna grupp från" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "Ange grupp att ta bort ifrån\n" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "Ange grupp att ändra\n" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" "Ken inte hitta gruppen i den lokala domänen, att ändra grupper är endast " "tillåtet i den lokala domänen\n" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "Medlemsgrupper måster ligga i samma domän som föräldragrupper\n" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" "Kan inte hitta grupp %1$s i den lokala domänen, endast grupper i den lokala " "domänen är tillåtna\n" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" "Det gick inte att ändra gruppen - kontrollera om medlemsgruppsnamnen är " "riktiga\n" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" "Det gick inte att ändra gruppen - kontrollera om gruppnamnet är riktigt\n" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "Transaktionsfel. Det gick inte att ändra gruppen.\n" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "%1$s%2$sGrupp: %3$s\n" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "Magiskt privat " #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "%1$sGID-nummer: %2$d\n" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "%1$sMedlemsanvändare: " #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" "\n" "%1$sÄr en medlem i: " #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" "\n" "%1$sMedlemsgrupper: " #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "Skriv ut indirekta gruppmedlemmar rekursivt" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "Ange en grupp att visa\n" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" "Ingen sådan grupp i den lokala domänen. Att skriva ut grupper är endast " "tillåtet i den lokala domänen.\n" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "Internt fel. Det gick inte att skriva ut gruppen.\n" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "Ta bort hemkatalog och brevlåda" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "Ta inte bort hemkatalog och brevlåda" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "Framtvinga borttagning av filer som inte ägs av användaren" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "Döda anvädares processer före de tas bort" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "Ange användare att ta bort\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" "Användaren %1$s är utanför det definierade ID-intervallet för domänen\n" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "Kan inte återställa SELinux-inloggningskontext\n" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" "VARNING: Användaren (uid %1$lu) var fortfarande inloggad när han togs bort.\n" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "Det går inte att avgöra om användaren var inloggad på denna plattform" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "Fel vid kontroll om användaren var inloggad\n" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "Kommandot efter borttagandet misslyckades: %1$s\n" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "Tar inte bort hemkatalogen - ägs inte av användaren\n" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "Kan inte ta bort hemkatalogen: %1$s\n" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" "Ingen sådan användare i den lokala domänen. Det går endast att ta bort " "användare i den lokala domänen.\n" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "Internt fel. Det gick inte att ta bort användaren.\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "Användarens GID" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "Grupper att lägga till denna användare till" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "Grupper att ta bort denna användare ifrån" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Lås kontot" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Lås upp kontot" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "Ange användare att ändra\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" "Det gick inte att hitta användaren i den lokala domänen, det går bara att " "ändra användare i den lokala domänen\n" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" "Det gick inte att ändra användaren - kontrollera att gruppnamnen är riktiga\n" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" "Det gick inte att ändra användaren - är användaren redan medlem i grupper?\n" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "Transaktionsfel. Det gick inte att ändra användaren.\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "Inga cache-objekt matchade den angivna sökningen\n" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "Kunde inte invalidera %1$s" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "Kunde inte invalidera %1$s %2$s" #: src/tools/sss_cache.c:542 #, fuzzy msgid "Invalidate all cached entries except for sudo rules" msgstr "Invalidera alla cachade poster utom sudo-regler" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "Invalidera en viss användare" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "Invalidera alla användare" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "Invalidera en viss grupp" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "Invalidera alla grupper" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "Invalidera en viss nätgrupp" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "Invalidera alla nätgrupper" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "Invalidera en viss tjänst" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "Invalidera alla tjänster" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "Invalidera en viss autofs-mapp" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "Invalidera alla autofs-mappar" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "Invalidera endast poster från en viss domän" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "Välj åtminstone ett objekt att invalidera\n" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" "Kunde inte öppna domänen %1$s. Om domänen är en underdomän (betrodd domän), " "använd fullt kvalificerat namn istället för parametrarna --domain/-d.\n" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "Kunde inte öppna tillgängliga domäner\n" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "\n" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "Ange felsökningsnivån du vill ställa in\n" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "Endast ett argument förväntades\n" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" "Namnet ”%1$s” verkar inte vara ett fullt kvalificerad domännamn (”%2$s = " "TRUE” är satt)\n" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "Slut på minne\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "%1$s måste köras som root\n" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "Skicka felutskrifter till filer istället för standard fel" �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/sv.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015321� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.458874357 30 atime=1396954962.457874358 30 ctime=1396954962.560874281 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/sv.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000123600�12320753522�015552� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ����\������!�����!�����!�����!�����!�����"�����-"�����C"��'���V"��1���~"��8���"�����"��&���#�� ���(#�����I#��7���a#�����#�����#�����#��3���#��*���$��B���J$��)���$��)���$��%���$�� ���%�����(%�����@%�����W%�����g%�����%��#���%��%���%�����%��#��� &�����1&�����K&�����h&�����&�����&�����&�����&��#���&��*���'��&���?'��;���f'��'���'��P���'��T���(��R���p(�����(�����(��#����)��!���$)�����F)��%���a)��(���)�����)��3���)��2���)��7���0*��A���h*��9���*��7���*��!���+�����>+�����+�����+��,���+�����),��0���<,�� ���m,�����y,��P���,��$���,��(���-�����1-��,���Q-��+���~-��.���-��2���-��,��� .��3���9.�����m.��#���.�� ���.�����.��"���.��6���.��$���3/��*���X/�����/��/���/�����/�����/��/��� 0��"���90��)���\0��!���0�����0�����0��,���0�� ���1����� 1�� ���1��6���+1�����b1�����w1�� ���1�����1�����1��*���1��)���1�����2����� 2�� ���;2�����\2�����|2�����2�����2�����2��R���2��U���"3��<���x3��B���3��G���3��F���@4��.���4��F���4��8���4��Z���65��E���5��;���5��7���6�����K6�����f6�� ���z6�����6��F���6�����6��4���6��4���&7��V���[7��;���7��0���7�� ���8��(���@8��'���i8��(���8��'���8��!���8�� ���9�����9�����-9�����C9�����\9�����t9�� ���9�����9�����9�����9�����:�����:�����=:�����L:�����d:��)���|:��*���:��:���:��%��� ;��*���2;��$���];��5���;��0���;��+���;��#���<�����9<��>���M<�����<��.���<��'���<�����=�� ���=����� =�����;=��&���J=�����q=��9���=�����=�����=��&���=��)���>��?���8>��<���x>��)���>��'���>�����?�� ���?�����-?�����G?��/���c?�����?��-���?��M���?��M���@��K���l@�����@��*���@��,���@��7���#A��(���[A��!���A�����A�����A�����A�����A����� B��0���"B�����SB�����oB��=���~B��A���B��?���B�����>C�����OC�����hC��+���C��(���C�� ���C�����C�� ���C��&���D��0���@D��*���qD�����D��(���D�����D��=���D��5���7E��1���mE�����E��"���E��$���E�����E��$���F�����AF��H���\F�����F��(���F�����F�����G�����G�����3G�� ���LG�����ZG��$���pG��7���G��7���G��%���H��0���+H�����\H��E���mH�����H��$���H�����H�����I�����!I��7���:I��&���rI��7���I�����I��.���I��&���J��!���7J��!���YJ��)���{J��$���J�����J�����J�����J�����K�����+K�����IK��3���`K��(���K��+���K��!���K����� L����� L�����8L�����PL��9���fL��I���L�����L�����M�����M�����.M�����KM�����iM�����M�����M�����M�����M��/���M�����$N�����9N��!���MN�����oN��2���N��<���N�����N��K��� O��X���VO��/���O��1���O�����P�����$P�����@P�����TP��.���hP��=���P��L���P��3���"Q��"���VQ��C���yQ��B���Q��8����R��/���9R��&���iR��%���R��.���R��.���R��;���S��>���PS��#���S��I���S��'���S��(���%T��'���NT��+���vT��*���T��!���T�� ���T��>���T��8���<U�����uU��7���U��3���U�����U�����V��2���V��%���QV��1���wV��5���V��/���V��'���W��5���7W�����mW��'���W��D���W�����W��(���X��@���*X��D���kX��E���X��i���X��8���`Y��D���Y��6���Y��A���Z�����WZ��;���wZ��=���Z��@���Z��A���2[��K���t[��>���[��T���[��C���T\��5���\�� ���\��B���\��'���2]�����Z]�����y]�����]�����]�����]��+���]��$���^��$���*^�����O^��$���n^�����^�����^�����^�����^�����^�����^�����_�����2_�����F_�����Z_��"���r_����_�����Qa�����Sa�����ja�����a�����a�����a�����a��&���a��.���b��>���6b�����ub��)���b�����b�����b��:���b��#���2c��#���Vc�����zc��2���c��/���c��E���c��5���Ad��5���wd��!���d�����d�����d�����e�����e��3���0e��,���de��7���e��;���e��,���f��7���2f�����jf��"���f��!���f�����f��"���f�����g�����&g��+���>g��-���jg��,���g��I���g��/���h��d���?h��l���h��u���i��(���i��$���i��1���i��+���j�� ���3j��/���Tj��0���j�� ���j��:���j��>���k��J���Pk��R���k��O���k��O���>l��)���l�����l�����Um�����pm��2���m�����m��5���m�����n�����!n��Y���9n��#���n��/���n��-���n��;���o��%���Qo��5���wo��3���o��2���o��;���p�����Pp��/���pp�����p�����p��#���p��D���p��*���5q��2���`q�� ���q��7���q��'���q�����r��-���-r��!���[r��&���}r��!���r��"���r�����r��<���s�����As�����Ts�� ���cs��G���ps�����s�����s�� ���s�����s�����s��5���t��1���8t��(���jt��-���t��%���t��+���t�� ���u����� u�����3u�����Ou��i���eu��`���u��K���0v��R���|v��P���v��K��� w��.���lw��C���w��L���w��c���,x��J���x��5���x��;���y�����My�����iy�� ���|y�����y��Y���y�����y��6��� z��8���Az��f���zz��?���z��<���!{��,���^{��'���{��3���{��1���{��5���|�����O|�����n|�����}|�����|�����|�����|�����|�����}�����#}�����<}�����Y}�����t}��&���}�� ���}�� ���}�����}��,���~��2���4~��=���g~��"���~��+���~�� ���~��1�����1���G��)���y��'����������J�����"���)��4���L��&����� �������������ƀ�������*����������B���5�����x�������%�����)���ˁ��M�����b���C��'�����.���΂������� ��������(�����H��@���h�������2�����m�����k���[��n���DŽ�����6��6���T��+�����:�����5�����,���(�����U�����r���������������Æ��-���߆��"��� �����0��F���@��L�����F���ԇ�������#���2��#���V��4���z��1����� �����"�����)�����(���:��,���c��/����������+���։��#�����G���&��B���n��<����� �����8����� ���H�����i������������G���Ƌ�� �����&���/�����V�����v���������������Œ��!���ӌ��#�����?�����?���Y��'�����;����������D��������U��.���k���������������ˎ��9�����)���$��9���N�� �����5�����0���ˏ��$�����,���!��!���N��+���p�������#��������ߐ���������������-��,���E��'���r��)�����!���đ��#�������� �����'�����C��C���c��P�����!�������������8��"���G��#���j������������$���Γ�������"�����B���3�����v�������0��������˔��0�����G��������_��D���p��K�����/�����9���1�����k�� ���~������������3���Ŗ��E�����G���?��5�����'�����9�����P�����6���p��4�����1���ܘ��0�����7���?��7���w��9�����B�����(���,��U���U��-�����9���ٚ��=�����4���Q��8�����/����� �����F�����?���C�� �����1�����0���Ü������������B���"��2���e��;�����@���ԝ��7�����+���M��K���y�����Ş��.���ߞ��O��������^��4���u��N�����Q�����F���K�������;�����A���Q��6�����<���ʡ��#�����6���+��I���b��N�����L�����S���H��E�����`�����E���C��>�����#���Ȥ��I�����,���6�����c��������������������ͥ��(���ޥ��!����� ���)�����J�� ���e��������������������Ħ�����ڦ���������������"�����5�����H�� ���_�����Q����L���������'���t������������������������������q�����������������R���w���]������;��=���������"���������������������������A��� �����O���>������������������������g��%���(���5��s���h�����������,�������K�������������������P��B�����-��H���������*��������������������f��v�����%���������T���������y������|������������7��B���������������+�������������X����S������������������������������������`���1������D������U�����������"�����������������������9����������d��������Y����� ��w���������������]�����Y���J������m���x���v���z�����y���*������������o��N�������u���6���p���k������������������ �����������^����������������������<����-���4��l���P�����������M������/�������������G��K���������G���>��:������g���6������?�������{������$������}��������������N������������?�������!���������q����������������������������T���������n��������������������#������$���������}��d���U��������������������D��������������3���F����I���������������c���F���f���~���������{�����Q����������\�������������������c��2�������#�����������_��S������+�� �������������(������m����������.����o���@���������� ���J��s�����e������Z�������������:�����������E�������~������������������������ ����������)���.����������������E�������4������V������������������=����� �����������'��������k����� ���������Z�����;�������2����������z��V����������&���9�������������������@�����`���������������������������������<���i��I���������������C�������������������������������L���[���8���u������������X���������,��|����������������������!���j���������n��l�����������������������&��W������������������������������ ����������������b��A�����H��C��)��e������r��\����������������8����^���������0���M���5��� ���a���W���������������t��b������R������_���h����a��������� �����������/�������0��O��x�����i������p��������� ���7�������r������������j���[��������������������3��1������������� � %1$sIs a member of: � %1$sMember groups: �%1$s must be run as root �%1$s%2$sGroup: %3$s �%1$sGID number: %2$d �%1$sMember users: �, your cached password will expire at: �A group with the same name or GID already exists �A user or group with the same name or ID already exists �Access control provider�Active Directory backup server address�Active Directory client hostname�Active Directory domain�Active Directory primary group attribute for ID-mapping�Active Directory server address�Add debug timestamps�Address of backup IPA server�An error occurred, but no description can be found.�An open file descriptor for the debug logs�Attribute indicating that server side password policies are active�Attribute listing authorized PAM services�Attribute listing authorized server hosts�Authenticated with cached credentials�Authentication is denied until: �Authentication provider�Authentication timeout�Autofs provider�Automatic full refresh period�Automatic smart refresh period�Automounter map entry key attribute�Automounter map entry value attribute�Automounter map name attribute�Base DN for automounter map lookups�Base DN for group lookups�Base DN for netgroup lookups�Base DN for service lookups�Base DN for sudo rules lookups�Base DN for user lookups�Base for home directories�Become a daemon (default)�Cache credentials for offline login�Cannot create user's home directory: %1$s �Cannot create user's mail spool: %1$s �Cannot determine if the user was logged in on this platform�Cannot find group %1$s in local domain �Cannot find group %1$s in local domain, only groups in local domain are allowed �Cannot find group in local domain, modifying groups is allowed only in local domain �Cannot find user in local domain, modifying users is allowed only in local domain �Cannot get info about the user �Cannot remove homedir: %1$s �Cannot reset SELinux login context �Cannot set SELinux login context �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the group - domain full? �Could not allocate ID for the user - domain full? �Could not modify group - check if groupname is correct �Could not modify group - check if member group names are correct �Could not modify user - check if group names are correct �Could not modify user - user already member of groups? �Could not open available domains �Could not open domain %1$s. If the domain is a subdomain (trusted domain), use fully qualified name instead of --domain/-d parameter. �Couldn't invalidate %1$s�Couldn't invalidate %1$s %2$s�Create user's directory if it does not exist�Current Password: �DNS service name for LDAP password change server�Debug level�Default shell, /bin/bash�Directory on the filesystem where SSSD should store Kerberos replay cache files.�Directory to store credential caches�Disable Active Directory range retrieval�Disable the LDAP paging control�Display users/groups in fully-qualified form�Do not remove home directory and mail spool�Domain of the information provider (mandatory)�Domain to add to names without a domain component.�Don't include group members in group lookups�Enable DNS sites - location based service discovery�Enable credential validation�Enable enumerating all users/groups�Enables FAST�Enables enterprise principals�Enables principal canonicalization�Entry cache background update timeout length (seconds)�Entry cache timeout length (seconds)�Enumeration cache timeout length (seconds)�Error initializing the tools �Error initializing the tools - no local domain �Error looking up public keys �Error setting the locale �Error while checking if the user was logged in �File that contains CA certificates�File that contains the client certificate�File that contains the client key�Filter for user lookups�Follow LDAP referrals�Force removal of files not owned by the user�Full Name�GECOS attribute�GID attribute�Group %1$s is outside the defined ID range for domain �Group UUID attribute�Group member attribute�Group name�Group password�Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Groups to add this group to�Groups to add this user to�Groups to remove this group from�Groups to remove this user from�Home directory�Home directory attribute�Host identity provider�Host not specified �Hostnames and/or fully qualified domain names of this machine to filter sudo rules�How long (minutes) to deny login after offline_failed_login_attempts has been reached�How long to allow cached logins between online logins (days)�How long to keep cached entries after last successful login (days)�How long to retain a connection to the LDAP server before disconnecting�How long to wait for replies from DNS when resolving servers (seconds)�How long will be in-memory cache records valid�How many days before password expiration a warning should be displayed�How many failed logins attempts are allowed when offline�How many seconds to keep a host in the known_hosts file after its host keys were requested�How many seconds to keep identity information cached for PAM requests�How often should expired entries be refreshed in background�How often to periodically update the client's DNS entry�How to dereference aliases�IPA client hostname�IPA domain�IPA server address�IPv4 or IPv6 addresses or network of this machine to filter sudo rules�Identity provider�Idle time before automatic disconnection of a client�If DENY rules are present, either DENY_ALL or IGNORE�If a shell stored in central directory is allowed but not available, use this fallback�If set to false, host argument given by PAM will be ignored�Include microseconds in timestamps in debug logs�Include timestamps in debug logs�Internal error while parsing parameters �Internal error. Could not print group. �Internal error. Could not remove group. �Internal error. Could not remove user. �Invalid domain specified in FQDN �Invalid port �Invalidate all autofs maps�Invalidate all groups�Invalidate all netgroups�Invalidate all services�Invalidate all users�Invalidate particular autofs map�Invalidate particular group�Invalidate particular netgroup�Invalidate particular service�Invalidate particular user�Kerberos backup server address�Kerberos realm�Kerberos server address�Kerberos service keytab�Kill users' processes before removing him�LDAP filter to determine access privileges�Length of time between attempts to reconnect while offline�Length of time between cache cleanups�Length of time between enumeration updates�Length of time to attempt connection�Length of time to attempt synchronous LDAP operations�Length of time to wait for a enumeration request�Length of time to wait for a search request�Lifetime of TGT for LDAP connection�Lifetime of the TGT�List of UIDs or user names allowed to access the PAC responder�List of possible ciphers suites�Location of the keytab to validate credentials�Location of the user's credential cache�Lock the account�Login shell�Lower bound for ID-mapping�Magic Private �Maximum nesting level SSSd will follow�Maximum user ID�Member groups must be in the same domain as parent group �Minimum user ID�Modification time attribute�Modification time attribute for groups�Modification time attribute for netgroups�NSS request failed (%1$d). Entry might remain in memory cache. �Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set) �Name of the default domain for ID-mapping�Negative cache timeout length (seconds)�Netgroup UUID attribute�Netgroup name�Netgroup triple attribute�Netgroups members attribute�Never create user's directory, overrides config�New Password: �No cache object matched the specified search �No such group in local domain. Printing groups only allowed in local domain. �No such group in local domain. Removing groups only allowed in local domain. �No such user in local domain. Removing users only allowed in local domain. �Not enough memory �Not removing home dir - not owned by user �Number of IDs for each slice when ID-mapping�Number of times to attempt connection to Data Providers�Object class for automounter map entries�Object class for automounter maps�Object class for sudo rules�Objectclass for groups�Objectclass for netgroups�Objectclass for services�Objectclass for users�Only invalidate entries from a particular domain�Only one argument expected �Out of memory �Override GID value from the identity provider with this value�Override homedir value from the identity provider with this value�Override shell value from the identity provider with this value�PAM stack to use�Password change failed. �Password change provider�Password expired. Change your password now.�Password reset by root is not supported.�Password: �Passwords do not match�Path to CA certificate directory�Ping timeout before restarting service�Please select at least one object to invalidate �Policy to evaluate the password expiration�Primary GID attribute�Print indirect group members recursively�Print version number and exit�Printf-compatible format for displaying fully-qualified names�Privileged socket has wrong ownership or permissions.�Public socket has wrong ownership or permissions.�Reenter new Password: �Regex to parse username and domain�Remove home directory and mail spool�Renewable lifetime of the TGT�Require TLS certificate verification�Require TLS for ID lookups�Restrict or prefer a specific address family when performing DNS lookups�Run interactive (not a daemon)�SID of the default domain for ID-mapping�SSH public key attribute�SSSD Domains to start�SSSD Services to start�SSSD is not run by root.�SUDO provider�Scope of user lookups�Search base for HBAC related objects�Search base for object containing info about IPA domain�Search base for objects containing info about ID ranges�Selects the principal to use for FAST�Send the debug output to files instead of stderr�Server message: �Server where the change password service is running if not on the KDC�Service name attribute�Service name for DNS service lookups�Service port attribute�Service protocol attribute�Session-loading provider�Set lower boundary for allowed IDs from the LDAP server�Set the verbosity of the debug logging�Set upper boundary for allowed IDs from the LDAP server�Shell attribute�Shell to use if the provider does not list one�Should filtered users appear in groups�Show timestamps with microseconds�Specify a non-default config file�Specify an alternative skeleton directory�Specify debug level you want to set �Specify group to add �Specify group to add to �Specify group to delete �Specify group to modify �Specify group to remove from �Specify group to show �Specify the minimal SSF for LDAP sasl authorization�Specify the sasl authorization id to use�Specify the sasl authorization realm to use�Specify the sasl mechanism to use�Specify user to add �Specify user to delete �Specify user to modify �Store password hashes�Store password if offline for later online authentication�Substitute empty homedir value from the identity provider with this value�Sudo rule command attribute�Sudo rule host attribute�Sudo rule name�Sudo rule notafter attribute�Sudo rule notbefore attribute�Sudo rule option attribute�Sudo rule order attribute�Sudo rule runasgroup attribute�Sudo rule runasuser attribute�Sudo rule user attribute�System is offline, password change not possible�The GID of the group�The GID of the user�The SELinux user for user's login�The SSSD domain to use�The Schema Type in use on the LDAP server, rfc2307�The TTL to apply to the client's DNS entry after updating it�The UID of the user�The amount of time between lookups of the HBAC rules against the IPA server�The amount of time in seconds between lookups of the SELinux maps against the IPA server�The authentication token of the default bind DN�The automounter location this IPA client is using�The comment string�The debug level to run with�The default base DN�The default bind DN�The domain part of service discovery DNS query�The interface whose IP should be used for dynamic DNS updates�The list of shells that will be vetoed, and replaced with the fallback shell�The list of shells users are allowed to log in with�The name of the NSS library to use�The number of file descriptors that may be opened by this responder�The number of members that must be missing to trigger a full deref�The number of records to retrieve in a single LDAP query�The path to the proxy command must be absolute �The port to use to connect to the host�The post-delete command failed: %1$s �The selected GID is outside the allowed range �The selected UID is outside the allowed range �The type of the authentication token of the default bind DN�The value of the password field the NSS provider should return�Time between two checks for renewal�Timeout between three failed ping checks and forcibly killing the service�Timeout for messages sent over the SBUS�Transaction error. Could not add group. �Transaction error. Could not add user. �Transaction error. Could not modify group. �Transaction error. Could not modify user. �Treat usernames as case sensitive�UID attribute�URI of a backup LDAP server where password changes are allowed�URI of an LDAP server where password changes are allowed�UUID attribute�Unexpected error while looking for an error description�Unexpected format of the server credential message.�Unlock the account�Upper bound for ID-mapping�Use ID-mapping of objectSID instead of pre-set IDs�Use Kerberos auth for LDAP connection�Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups�Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups�Use autorid-compatible algorithm for ID-mapping�Use only the upper case for realm names�User %1$s is outside the defined ID range for domain �User not specified �User principal attribute (for Kerberos)�User's home directory already exists, not copying data from skeldir �Username attribute�Users that SSSD should explicitly ignore�WARNING: The user (uid %1$lu) was still logged in when deleted. �What kind of authentication should be used to perform the DNS update�What kind of messages are displayed to the user during authentication�Whether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bind�Whether the nsupdate utility should default to using TCP�Whether the provider should explicitly update the PTR record as well�Whether to automatically update the client's DNS entry�Whether to automatically update the client's DNS entry in FreeIPA�Whether to create kdcinfo files�Whether to evaluate the time-based attributes in sudo rules�Whether to filter rules by hostname, IP addresses and network�Whether to hash host names and addresses in the known_hosts file�Whether to include rules that contains netgroup in host attribute�Whether to include rules that contains regular expression in host attribute�Whether to look up canonical group name from cache if possible�Whether to update the ldap_user_shadow_last_change attribute after a password change�Which attributes shall be used to evaluate if an account is expired�Which rules should be used to evaluate access control�Write debug messages to logfiles�Your password has expired. You have %1$d grace login(s) remaining.�Your password will expire in %1$d %2$s.�accountExpires attribute of AD�entryUSN attribute�krbLastPwdChange attribute�krbPasswordExpiration attribute�lastUSN attribute�ldap_backup_uri, The URI of the LDAP server�ldap_uri, The URI of the LDAP server�loginAllowedTimeMap attribute of NDS�loginDisabled attribute of NDS�loginExpirationTime attribute of NDS�memberOf attribute�nsAccountLock attribute�objectSID attribute�shadowExpire attribute�shadowFlag attribute�shadowInactive attribute�shadowLastChange attribute�shadowMax attribute�shadowMin attribute�shadowWarning attribute�userAccountControl attribute of AD�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: Göran Uddeborg <goeran@uddeborg.se> Language-Team: Swedish (http://www.transifex.com/projects/p/fedora/language/sv/) Language: sv MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); � � %1$sÄr en medlem i: � %1$sMedlemsgrupper: �%1$s måste köras som root �%1$s%2$sGrupp: %3$s �%1$sGID-nummer: %2$d �%1$sMedlemsanvändare: �, ditt cache-lösenord kommer gå ut: �En grupp med samma namn eller GID finns redan �En användare eller grupp med samma namn eller ID finns redan �Leverantör av åtkomstkontroll�Adress till Active Directory-reservserver�Active Directory-klienvärdnamn�Active Directory-domän�Primärt gruppattribut i Active Directory för ID-mappning�Adress till Active Directory-server�Lägg till felsökningstidstämplar�Adress till reserv-IPA-server�Ett fel uppstod, men ingen beskrivning kan hittas.�Ett öppet filhandtag för felsökningsloggarna�Attribut som indikerar att serversidans lösenordspolicyer är aktiva�Attribut för listning av auktoriserade PAM-tjänster�Attribut för listning av auktoriserade servervärdar�Autentiserad med cachade kreditiv�Autentisering nekas till: �Autentiseringsleverantör�Autentiseringstidsgräns�Autofs-leverantör�Intervall mellan automatisk fullständig omläsning�Intervall mellan automatisk smart omläsning�Attribut för postnycklar i automatmonteraravbildningar�Attribut på postvärde i avbildning för automatmonteraren�Attribut för automatmonteraravbildningsnamn�Bas-DN för uppslagningar i automatmonteraravbildningar�Bas-DN för gruppuppslagningar�Bas-DN för nätgruppuppslagningar�Bas-DN för tjänsteuppslagningar�Bas-DN för regeluppslagningar�Bas-DN för användaruppslagningar�Bas för hemkataloger�Bli en demon (standard)�Cache-kreditiv för frånkopplad inloggning�Kan inte skapa användarens hemkatalog: %1$s �Kan inte skapa användarens brevlåda: %1$s �Det går inte att avgöra om användaren var inloggad på denna plattform�Hittar inte gruppen %1$s i den lokala domänen �Kan inte hitta grupp %1$s i den lokala domänen, endast grupper i den lokala domänen är tillåtna �Ken inte hitta gruppen i den lokala domänen, att ändra grupper är endast tillåtet i den lokala domänen �Det gick inte att hitta användaren i den lokala domänen, det går bara att ändra användare i den lokala domänen �Kan inte få information om användaren �Kan inte ta bort hemkatalogen: %1$s �Kan inte återställa SELinux-inloggningskontext �Kan inte sätta SELinux-inloggningskontext �Kan inte sätta standardvärden �Kommaseparerad lista över tillåtna användare�Kommaseparerad lista över förbjudna användare�Kommando för att starta tjänst�Det gick inte att allokera ID för gruppen - full domän? �Det gick inte att allokera ID för användaren - full domän? �Det gick inte att ändra gruppen - kontrollera om gruppnamnet är riktigt �Det gick inte att ändra gruppen - kontrollera om medlemsgruppsnamnen är riktiga �Det gick inte att ändra användaren - kontrollera att gruppnamnen är riktiga �Det gick inte att ändra användaren - är användaren redan medlem i grupper? �Kunde inte öppna tillgängliga domäner �Kunde inte öppna domänen %1$s. Om domänen är en underdomän (betrodd domän), använd fullt kvalificerat namn istället för parametrarna --domain/-d. �Kunde inte invalidera %1$s�Kunde inte invalidera %1$s %2$s�Skapa användarens katalog om den inte redan finns�Nuvarande lösenord: �DNS-tjänstenamn för LDAP-lösenordsändringsservern�Felsökningsnivå�Standardskal, /bin/bash�Katalog på filsystemet där SSSD skall lagra sparade återspolningsfiler från Kerberos.�Katalog att lagra kreditiv-cachar i�Avaktivera Active Directorys intervallhämtande�Avaktivera flödesstyrningen (paging) av LDAP�Visa användare/grupper i fullständigt kvalificerat format�Ta inte bort hemkatalog och brevlåda�Domän för informationsleverantören (obligatoriskt)�Domän att lägga till till namn utan en domändel.�Inkludera inte gruppmedlemmar i gruppuppslagningar�Aktivera DNS-sajter - platsbaserad detektering av tjänster�Aktivera validering av kreditiv�Aktivera uppräkning av alla användare/grupper�Aktiverar FAST�Aktiverar företagshuvudmän�Aktivera kanonsisk form av huvudman�Tidsgränslängd för bakgrundsuppdateringar av postcache (sekunder)�Tidsgränslängd för postcache (sekunder)�Tidsgränslängd för uppräkningscache (sekunder)�Fel vid initiering av verktygen �Fel vid initiering av verktygen — ingen lokal domän �Fel vid uppslagning av publika nycklar �Fel när lokalen sattes �Fel vid kontroll om användaren var inloggad �Fil som innehåller CA-certifikat�Fil som innehåller klientcertifikatet�Fil som innehåller klientnyckeln�Filter för användaruppslagningar�Följer LDAP-hänvisningar�Framtvinga borttagning av filer som inte ägs av användaren�Fullständigt namn�GECOS-attribut�GID-attribut�Gruppen %1$s är utanför det definierade ID-intervallet för domänen �Grupp-UUID-attribut�Gruppmedlemsattribut�Gruppnamn�Grupplösenord�Grupper�Grupper måste finnas i samma domän som användaren �Grupper som SSSD uttryckligen skall bortse ifrån�Grupper att lägga till denna grupp till�Grupper att lägga till denna användare till�Grupper att ta bort denna grupp från�Grupper att ta bort denna användare ifrån�Hemkatalogen�Hemkatalogattribut�Värdidentiftetsleverantör�Värden inte angiven �Värdnamn och/eller fullständigt kvalificerade domännamn på denna maskin för att filtrera sudo-regler�Hur länge (minuter) som inloggning nekas efter att frånkopplade_inloggningsförsök har nåtts�Hur länge sparade inloggningar tillåts mellan online-inloggningar (dagar)�Hur länge cachade poster skall behållas efter senaste lyckade inloggning (dagar)�Hur länge en anslutning till LDAP-servern skall behållas före den kopplas ner�Hur länge man väntar på svar från DNS när servrar slås upp (sekunder)�Hur länge sparade poster i minnet är giltiga�Hur många dagar före ett lösenord går ut en varning skall visas�Hur många misslyckade inloggningsförsök som tillåts i frånkopplat läge�Hur många sekunder att behålla en värd i filen known_hosts efter att dess värdnycklar begärdes�Hur många sekunder identitetsinformationen hålls sparad för PAM-frågor�Hur ofta utgångna poster skall förnyas i bakgrunden�Hur ofta klienternas DNS-poster periodiskt skall uppdateras�Hur alias skall derefereras�IPA-klienvärdnamn�IPA-domän�IPA-serveradress�IPv4- eller IPv6-adresser eller -nätverk för denna maskin för att filtrera sudo-regler�Identifiera leverantör�Inaktiv tid före en klient automatiskt kopplas ifrån�Om det finns DENY-regler, antingen DENY_ALL eller IGNORE�Om ett skal lagrat i en central katalog är tillåtet men inte tillgängligt, använd detta alternativ�Om satt till falskt kommer värdargument givna av PAM ignoreras�Inkludera mikrosekunder i tidsstämplar i felsökningsloggar�Inkludera tidsstämplar i felsökningsloggar�Internt fel vid tolkning av parametrar �Internt fel. Det gick inte att skriva ut gruppen. �Internt fel. Det gick inte att ta bort gruppen. �Internt fel. Det gick inte att ta bort användaren. �Ogiltig domän angiven i FQDN �Felaktig port �Invalidera alla autofs-mappar�Invalidera alla grupper�Invalidera alla nätgrupper�Invalidera alla tjänster�Invalidera alla användare�Invalidera en viss autofs-mapp�Invalidera en viss grupp�Invalidera en viss nätgrupp�Invalidera en viss tjänst�Invalidera en viss användare�Adress till reservserver för Kerberos�Kerberosrike�Adress till server för Kerberos�Kerberostjänstens nyckeltabell�Döda anvädares processer före de tas bort�LDAP-filter för att bestämma åtkomstprivilegier�Tidslängd mellan försök att återansluta vid frånkoppling�Tidslängd mellan cache-tömningar�Tidslängd mellan uppräkningsuppdateringar�Tidslängd att försöka ansluta�Tidslängd att försök synkrona LDAP-operationer�Tidslängd att vänta på en uppräkningsbegäran�Tidslängd att vänta på en sökbegäran�Livslängd på TGT för LDAP-anslutning�Livstid för TGT:n�Lista över UID:er eller användarnamn som tillåts komma åt PAC-svararen�Lista över möjliga chiffersviter�Plats för nyckeltabellen för att validera kreditiv�Plats för användarens kreditiv-cache�Lås kontot�Inloggningsskalet�Undre gräns för ID-mappning�Magiskt privat �Maximal nästningsnivå SSSd kommer följa�Största användar-ID�Medlemsgrupper måster ligga i samma domän som föräldragrupper �Minsta användar-ID�Modifieringstidsattribut�Modifieringstidsattribut för grupper�Modifieringstidsattribut för nätgrupper�NSS-begäran misslyckades (%1$d). Posten kan finnas kvar i en minnes-cache. �Namnet ”%1$s” verkar inte vara ett fullt kvalificerad domännamn (”%2$s = TRUE” är satt) �Standarddomänens namn för ID-mappning�Tidsgränslängd för negativ cache (sekunder)�Attribut på nätgrupps-UUID�Nätgruppnamn�Attribut på nätgruppstripplar�Attribut på nätgruppmedlemmar�Skapa aldrig användarens katalog, åsidosätter konfigurationen�Nytt lösenord: �Inga cache-objekt matchade den angivna sökningen �Ingen sådan grupp i den lokala domänen. Att skriva ut grupper är endast tillåtet i den lokala domänen. �Ingen sådan grupp i den lokala domänen. Att ta bort grupper är endast tillåtet i den lokala domänen. �Ingen sådan användare i den lokala domänen. Det går endast att ta bort användare i den lokala domänen. �Inte tillräckligt med minne �Tar inte bort hemkatalogen - ägs inte av användaren �Antal ID:n till varje skiva vid ID-mappning�Antal gånger att försöka ansluta till dataleverantörer�Objektklass för poster i automatmonteraravbildningar�Objektklass för automatmonteraravbildningar�Objektklass för sudo-regler�Objektklass för grupper�Objektklass för nätgrupper�Objektklass för tjänster�Objektklass för användare�Invalidera endast poster från en viss domän�Endast ett argument förväntades �Slut på minne �Åsidosätt GID-värdet från identitetsleverantören med detta värde�Åsidosätt hemkatalogvärdet från identitetsleverantören med detta värde�Åsidosätt skalvärdet från identitetsleverantören med detta värde�PAM-stack att använda�Lösenordsändringen misslyckades. �Leverantör av lösenordsändringar�Lösenordet har gått ut. Ändra ditt lösenord nu.�Återställning av lösenord av root stöds inte.�Lösenord: �Lösenorden stämmer inte överens�Sökväg till katalogen med CA-certifikat�Ping-tidsgräns före tjänst startas om�Välj åtminstone ett objekt att invalidera �Policy för att utvärdera utgång av lösenord�Primärt GID-attribut�Skriv ut indirekta gruppmedlemmar rekursivt�Skriv ut versionsnumret och avsluta�Printf-kompatibla format för att visa fullständigt kvalificerade namn�Priviligierat uttag (socket) har fel ägarskap eller rättigheter.�Publikt uttag (socket) har fel ägarskap eller rättigheter.�Skriv det nya lösenordet igen: �Reguljäruttryck för att tolka användarnamn och domän�Ta bort hemkatalog och brevlåda�Förnybar livstid för TGT:n�Kräv TLS-certifikatverifiering�Kräv TLS för ID-uppslagningar�Begränsa eller föredra en specifik adressfamilj vid DNS-uppslagningar�Kör interaktivt (inte en demon)�Standarddomänens SID för ID-mappning�Attribut för publik SSH-nyckel�SSSD-domäner att starta�SSSD-tjänster att starta�SSSD körs inte av root.�SUDO-leverantör�Omfång av användaruppslagningar�Sökbas för HBAC-relaterade objekt�Sökbas för objekt som innehåller information om IPA-domänen�Sökbas för objekt som innehåller information om ID-intervall�Väljer huvudman att använda för FAST�Skicka felutskrifter till filer istället för standard fel�Servermeddelande: �Server där ändringstjänsten för lösenord kör om inte på KDC:n�Tjänstenamnsattribut�Tjänstenamn för uppslagning av DNS-tjänster�Tjänsteportsattribut�Tjänsteprotokollsattribut�Sessionsinläsningsleverantör�Sätt undre gräns för tillåtna ID:n från LDAP-servern�Ange pratsamhet för felsökningsloggning�Sätt övre gräns för tillåtna ID:n från LDAP-servern�Skalattribut�Skal att använda om leverantören inte listar något�Skall filtrerade användare förekomma i grupper�Visa tidsstämplar med mikrosekunder�Ange en konfigurationsfil annan än standard�Ange en alternativ skelettkatalog�Ange felsökningsnivån du vill ställa in �Ange en grupp att lägga till �Ange en grupp att lägga till till �Ange grupp att ta bort �Ange grupp att ändra �Ange grupp att ta bort ifrån �Ange en grupp att visa �Ange minsta SSF för LDAP-sasl-auktorisering�Ange sasl-auktorisering-id att använda�Ange sasl-auktoriseringsrike att använda�Ange sasl-mekanismen att använda�Ange en användare att lägga till �Ange användare att ta bort �Ange användare att ändra �Lagra lösenords-kontrollsummor�Lagra lösenord när ej ansluten för ansluten autentisering senare�Ersätt ett tomt hemkatalogvärde från identitetsleverantören med detta värde�Attribut för sudo-regelkommandon�Attribut för sudo-regelvärd�Sudo-regelnamn�Attribut för sudo-notafter-regler�Attribut för sudo-notbefore-regler�Attribut för sudo-regelflaggor�Attribut för sudo-order-regler�Attribut på runasgroup i sudo-regel�Attribut för sudo-runasuser�Attribut för sudo-regelanvändare�Systemet är frånkopplat, ändring av lösenord är inte möjligt�GID:t för gruppen�Användarens GID�SELinux-användaren för användarens inloggning�SSSD-domäner att använda�Schematypen som används i LDAP-servern, rfc2307�TTL:en att använda för klientens DNS-post efter att ha uppdaterat den�Användarens UID�Tidsåtgången mellan uppslagningar av HBAC-reglerna mot IPA-servern�Tiden i sekunder mellan uppslagningar av SELinux-mappningar mot IPA-servern�Autenticerings-token för standard bindnings-DN�Platsen för automatmonteraren denna IPA-klient använder�Kommentarsträngen�Felsökningsnivån att köra med�Standard bas-DN�Standard bindnings-DN�Domändelen av DNS-frågan för tjänstedetektering�Gränssnittet var IP skall användas för dynamiska DNS-uppdateringar�Listan på skal som kommer förbjudas, och ersättas med standardskalet�Listan på skal användare får lova att logga in med�Namnet på NSS-biblioteket att använda�Antalet fildeskriptorer som får öppnas av denna svarare�Antalet medlemmar som måste saknas för att orsaka en fullständig dereferering�Antalet poster som skall hämtas i en enda LDAP-fråga�Sökvägen till proxy-kommandot måste vara absolut �Porten att använda för att ansluta till värden�Kommandot efter borttagandet misslyckades: %1$s �Den valda GID:n är utanför det tillåtna intervallet �Den valda UID:n är utanför det tillåtna intervallet �Typen på autenticerings-token för standard bindnings-DN�Värdet på lösenordfältet som NSS-leverantörer skall returnera�Tid mellan två kontroller av förnyelse�Tidsgräns mellan tre misslyckade ping-kontroller och att framtvingat döda tjänsten�Tidsgräns för meddelanden skickade via SBUS�Transaktionsfel. Det gick inte att lägga till gruppen. �Transaktionsfel. Det gick inte att lägga till användaren. �Transaktionsfel. Det gick inte att ändra gruppen. �Transaktionsfel. Det gick inte att ändra användaren. �Behandla användarnamn som skiftlägeskänsliga�UID-attribut�URI till en reserv-LDAP-server där lösenordsändringar är tillåtna�URI till en LDAP-server där lösenordsändringar är tillåtna�UUID-attribut�Oväntat fel vid sökning efter ett felmeddelande�Oväntat format på serverns kreditivmeddelande.�Lås upp kontot�Övre gräns för ID-mappning�Använd ID-översättning av objectSID istället för pre-set ID:n�Avnänd Kerberosautenticering för LDAP-anslutning�Använd LDAP_MATCHING_RULE_IN_CHAIN för gruppuppslagningar�Använd LDAP_MATCHING_RULE_IN_CHAIN för init-gruppuppslagningar�Använd en autorid-kompatibel algoritm för ID-mappning�Använd endast versaler för namn på riken�Användaren %1$s är utanför det definierade ID-intervallet för domänen �Ingen användare angiven �Användarens huvudmansattribut (för Kerberos)�Användarens hemkatalog finns redan, kopierar inte data från skelettkatalogen �Användarnamnsattribut�Användare som SSSD uttryckligen skall bortse ifrån�VARNING: Användaren (uid %1$lu) var fortfarande inloggad när han togs bort. �Vilken sorts autenticering som skall användas för att utföra DNS-uppdateringen�Vilka slags meddelanden som visas för användaren under autenticering�Huruvida LDAP-biblioteket skall utföra en omvänd uppslagning för att ta fram värdnamnets kanoniska form under en SASL-bindning�Huruvida verktyget nsupdate skall använda TCP som standard�Huruvida leverantören explicit skall uppdatera PTR-posten också�Huruvida klienternas DNS-poster uppdateras automatiskt�Om klientens DNS-post i FreeIPA automatiskt skall uppdateras�Huruvida kdcinfo-filer skall skapas�Om tidsbaserade attribut i sudo-regler skall beräknas�Huruvida regler skall filtreras efter värdnamn, IP-adresser och nätverk�Om värdnamn och adresser i known_hosts-filen skall göras till kontrollsummor�Huruvida regler som innehåller nätgrupper i värdattribut skall inkluderas�Huruvida regler som innehåller reguljära uttryck i värdattribut skall inkluderas�Huruvida kanoniska gruppnamn skall slås upp från cachen om möjligt�Huruvida attributet ldap_user_shadow_last_change skall uppdateras efter en ändring av lösenord�Vilka attribut skall användas för att avgöra om ett konto gått ut�Vilka regler skall användas för att avgöra åtkomstkontroll�Skriv felmeddelanden till loggfiler�Ditt lösenord har gått ut. Du har en frist på %1$d inloggningar kvar.�Ditt lösenordet kommer gå ut om %1$d %2$s.�AD:s attribut accountExpires�entryUSN-attribut�attributet krbLastPwdChange�krbPasswordExpiration-attribut�lastUSN-attribut�ldap_backup_uri, URI:n för LDAP-servern�ldap_uri, URI:n för LDAP-servern�NDS attribut loginAllowedTimeMap�NDS attribut loginDisabled�NDS attribut loginExpirationTime�medlemAv-attribut�attributet nsAccountLock�objectSID-attribut�shadowExpire-attribut�shadowFlag-attribut�shadowInactive-attribut�attributet shadowLastChange�shadowMax-attribut�shadowMin-attribut�shadowWarning-attribut�AD:s attribut userAccountControl���������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/ja.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015263� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.391874406 30 atime=1396954962.391874406 30 ctime=1396954962.555874285 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/ja.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000135746�12320753522�015532� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ����\������!�����!�����!�����!�����!�����"�����-"�����C"��'���V"��1���~"��8���"�����"��&���#�� ���(#�����I#��7���a#�����#�����#�����#��3���#��*���$��B���J$��)���$��)���$��%���$�� ���%�����(%�����@%�����W%�����g%�����%��#���%��%���%�����%��#��� &�����1&�����K&�����h&�����&�����&�����&�����&��#���&��*���'��&���?'��;���f'��'���'��P���'��T���(��R���p(�����(�����(��#����)��!���$)�����F)��%���a)��(���)�����)��3���)��2���)��7���0*��A���h*��9���*��7���*��!���+�����>+�����+�����+��,���+�����),��0���<,�� ���m,�����y,��P���,��$���,��(���-�����1-��,���Q-��+���~-��.���-��2���-��,��� .��3���9.�����m.��#���.�� ���.�����.��"���.��6���.��$���3/��*���X/�����/��/���/�����/�����/��/��� 0��"���90��)���\0��!���0�����0�����0��,���0�� ���1����� 1�� ���1��6���+1�����b1�����w1�� ���1�����1�����1��*���1��)���1�����2����� 2�� ���;2�����\2�����|2�����2�����2�����2��R���2��U���"3��<���x3��B���3��G���3��F���@4��.���4��F���4��8���4��Z���65��E���5��;���5��7���6�����K6�����f6�� ���z6�����6��F���6�����6��4���6��4���&7��V���[7��;���7��0���7�� ���8��(���@8��'���i8��(���8��'���8��!���8�� ���9�����9�����-9�����C9�����\9�����t9�� ���9�����9�����9�����9�����:�����:�����=:�����L:�����d:��)���|:��*���:��:���:��%��� ;��*���2;��$���];��5���;��0���;��+���;��#���<�����9<��>���M<�����<��.���<��'���<�����=�� ���=����� =�����;=��&���J=�����q=��9���=�����=�����=��&���=��)���>��?���8>��<���x>��)���>��'���>�����?�� ���?�����-?�����G?��/���c?�����?��-���?��M���?��M���@��K���l@�����@��*���@��,���@��7���#A��(���[A��!���A�����A�����A�����A�����A����� B��0���"B�����SB�����oB��=���~B��A���B��?���B�����>C�����OC�����hC��+���C��(���C�� ���C�����C�� ���C��&���D��0���@D��*���qD�����D��(���D�����D��=���D��5���7E��1���mE�����E��"���E��$���E�����E��$���F�����AF��H���\F�����F��(���F�����F�����G�����G�����3G�� ���LG�����ZG��$���pG��7���G��7���G��%���H��0���+H�����\H��E���mH�����H��$���H�����H�����I�����!I��7���:I��&���rI��7���I�����I��.���I��&���J��!���7J��!���YJ��)���{J��$���J�����J�����J�����J�����K�����+K�����IK��3���`K��(���K��+���K��!���K����� L����� L�����8L�����PL��9���fL��I���L�����L�����M�����M�����.M�����KM�����iM�����M�����M�����M�����M��/���M�����$N�����9N��!���MN�����oN��2���N��<���N�����N��K��� O��X���VO��/���O��1���O�����P�����$P�����@P�����TP��.���hP��=���P��L���P��3���"Q��"���VQ��C���yQ��B���Q��8����R��/���9R��&���iR��%���R��.���R��.���R��;���S��>���PS��#���S��I���S��'���S��(���%T��'���NT��+���vT��*���T��!���T�� ���T��>���T��8���<U�����uU��7���U��3���U�����U�����V��2���V��%���QV��1���wV��5���V��/���V��'���W��5���7W�����mW��'���W��D���W�����W��(���X��@���*X��D���kX��E���X��i���X��8���`Y��D���Y��6���Y��A���Z�����WZ��;���wZ��=���Z��@���Z��A���2[��K���t[��>���[��T���[��C���T\��5���\�� ���\��B���\��'���2]�����Z]�����y]�����]�����]�����]��+���]��$���^��$���*^�����O^��$���n^�����^�����^�����^�����^�����^�����^�����_�����2_�����F_�����Z_��"���r_����_�����Ma�����Oa�� ���ma��9���a�����a�����a�����a��>���b��K���[b��_���b��$���c��>���,c��/���kc�����c��K���c��)���d��3���/d��2���cd��H���d��E���d��W���%e��8���}e��<���e��W���e��&���Kf�����rf�����f�����f�����f��$���f��3���g��0���9g��-���jg��,���g��!���g��*���g��!���h��#���4h��!���Xh��*���zh��0���h��W���h��L���.i��C���{i��l���i��I���,j�����vj�����k�����k��7���Gl��=���l��E���l��?���m��+���Cm��-���om��-���m��!���m��c���m��c���Qn��j���n��v��� o��j���o��n���p��7���qp�����p��)���q��.���q��H���q�����#r��@���>r�����r��&���r��~���r��N���;s��,���s��,���s��?���s��H���$t��0���mt��:���t��<���t��7���u��3���Nu��B���u�����u��9���u��-���v��c���Ev��?���v��3���v��:���w��g���Xw��7���w��:���w��X���3x��!���x��0���x��-���x��$��� y��#���2y��H���Vy�����y�����y�� ���y��_���y�����!z�����:z�����Yz�����iz�� ���z��O���z��,���z��-���{��-���@{��0���n{��-���{�����{��$���{��!���|��(���3|��r���\|��Z���|��i���*}��T���}��A���}��S���+~��?���~��9���~��H���~��[���B��O�����Q�����V���@��*�����%���€������������t�����*�����<�����C��������:��e���΂��H���4��6���}��F�����C�����C���?��C�����3���DŽ�������)�����*���9��<���d��$�����*���ƅ��&�����'�����9���@��!���z��'�����6���Ć�������$�����*���3��W���^��<�����6�����3���*�����^�����t��&�������������ֈ��"����������`���)�������B�����?�����!���,�����N�����d�������,��������͊��^��������B�����X��$���n��-�����l�����_���.��B�����<���ь��$��������3��*���L��*���w��Q����������X��������h����� �������(���Q��m���z��F�����9���/��B���i��3�����,�����*��� ��3���8��*���l��*�����B���’��(��������.��G���B��c�����`��������O��1���m��'�����f���ǔ��M���.�����|��$�����-�����3�����R�����-���h�� �����9�����0�����>���"��T���a��T�����&��� ��?���2��E���r��#�����%���ܘ�� �����g���#��0�����@������������������3��/���R������������/�����X�����Q���?��5�����N���Ǜ�� �����[���7�������(��������՜��$�����-�����<���G��6�����<����������K��� ��B���W��6�����'���ў��<�����4���6��4���k��4�����4���՟��4��� ��4���?��4���t��-�����+���נ��0�����0���4��4���e��(�����4���á��*�����i���#��x�����&�����#���-�����Q��$���c��%�����)�����!���أ��&�����%���!��&���G��N���n����������Ѥ��<��������"��D���A��?��������ƥ��R���ڥ��X���-��7�����H����������!��������?��!���^��8�����K�����W�����?���]��,�����K���ʨ��`�����E���w��U�����-�����:���A��B���|��B�����@�����:���C�����~��Z�����8�����U���.��U�����U���ڬ��U���0��E����� ���̭��U���ڭ��C���0�����t��N�����W���Ү��'���*�����R��X���n��6���ǯ��M�����V���L��Q�����6�����_���,��+�����9���������������,�����d���в��@���5��B���v��}�����J���7��k�����P�����a���?��/�����J���ѵ��u�����c�����Z�����H���Q��`�����W�����`���S��N�����?�����Z���C��D������������������������(�����E��)���T��"���~��"��������ĺ��"������������������)�����:�����N�����`�����v����������������� ���Ż�����Q����L���������'���t������������������������������q�����������������R���w���]������;��=���������"���������������������������A��� �����O���>������������������������g��%���(���5��s���h�����������,�������K�������������������P��B�����-��H���������*��������������������f��v�����%���������T���������y������|������������7��B���������������+�������������X����S������������������������������������`���1������D������U�����������"�����������������������9����������d��������Y����� ��w���������������]�����Y���J������m���x���v���z�����y���*������������o��N�������u���6���p���k������������������ �����������^����������������������<����-���4��l���P�����������M������/�������������G��K���������G���>��:������g���6������?�������{������$������}��������������N������������?�������!���������q����������������������������T���������n��������������������#������$���������}��d���U��������������������D��������������3���F����I���������������c���F���f���~���������{�����Q����������\�������������������c��2�������#�����������_��S������+�� �������������(������m����������.����o���@���������� ���J��s�����e������Z�������������:�����������E�������~������������������������ ����������)���.����������������E�������4������V������������������=����� �����������'��������k����� ���������Z�����;�������2����������z��V����������&���9�������������������@�����`���������������������������������<���i��I���������������C�������������������������������L���[���8���u������������X���������,��|����������������������!���j���������n��l�����������������������&��W������������������������������ ����������������b��A�����H��C��)��e������r��\����������������8����^���������0���M���5��� ���a���W���������������t��b������R������_���h����a��������� �����������/�������0��O��x�����i������p��������� ���7�������r������������j���[��������������������3��1������������� � %1$sIs a member of: � %1$sMember groups: �%1$s must be run as root �%1$s%2$sGroup: %3$s �%1$sGID number: %2$d �%1$sMember users: �, your cached password will expire at: �A group with the same name or GID already exists �A user or group with the same name or ID already exists �Access control provider�Active Directory backup server address�Active Directory client hostname�Active Directory domain�Active Directory primary group attribute for ID-mapping�Active Directory server address�Add debug timestamps�Address of backup IPA server�An error occurred, but no description can be found.�An open file descriptor for the debug logs�Attribute indicating that server side password policies are active�Attribute listing authorized PAM services�Attribute listing authorized server hosts�Authenticated with cached credentials�Authentication is denied until: �Authentication provider�Authentication timeout�Autofs provider�Automatic full refresh period�Automatic smart refresh period�Automounter map entry key attribute�Automounter map entry value attribute�Automounter map name attribute�Base DN for automounter map lookups�Base DN for group lookups�Base DN for netgroup lookups�Base DN for service lookups�Base DN for sudo rules lookups�Base DN for user lookups�Base for home directories�Become a daemon (default)�Cache credentials for offline login�Cannot create user's home directory: %1$s �Cannot create user's mail spool: %1$s �Cannot determine if the user was logged in on this platform�Cannot find group %1$s in local domain �Cannot find group %1$s in local domain, only groups in local domain are allowed �Cannot find group in local domain, modifying groups is allowed only in local domain �Cannot find user in local domain, modifying users is allowed only in local domain �Cannot get info about the user �Cannot remove homedir: %1$s �Cannot reset SELinux login context �Cannot set SELinux login context �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the group - domain full? �Could not allocate ID for the user - domain full? �Could not modify group - check if groupname is correct �Could not modify group - check if member group names are correct �Could not modify user - check if group names are correct �Could not modify user - user already member of groups? �Could not open available domains �Could not open domain %1$s. If the domain is a subdomain (trusted domain), use fully qualified name instead of --domain/-d parameter. �Couldn't invalidate %1$s�Couldn't invalidate %1$s %2$s�Create user's directory if it does not exist�Current Password: �DNS service name for LDAP password change server�Debug level�Default shell, /bin/bash�Directory on the filesystem where SSSD should store Kerberos replay cache files.�Directory to store credential caches�Disable Active Directory range retrieval�Disable the LDAP paging control�Display users/groups in fully-qualified form�Do not remove home directory and mail spool�Domain of the information provider (mandatory)�Domain to add to names without a domain component.�Don't include group members in group lookups�Enable DNS sites - location based service discovery�Enable credential validation�Enable enumerating all users/groups�Enables FAST�Enables enterprise principals�Enables principal canonicalization�Entry cache background update timeout length (seconds)�Entry cache timeout length (seconds)�Enumeration cache timeout length (seconds)�Error initializing the tools �Error initializing the tools - no local domain �Error looking up public keys �Error setting the locale �Error while checking if the user was logged in �File that contains CA certificates�File that contains the client certificate�File that contains the client key�Filter for user lookups�Follow LDAP referrals�Force removal of files not owned by the user�Full Name�GECOS attribute�GID attribute�Group %1$s is outside the defined ID range for domain �Group UUID attribute�Group member attribute�Group name�Group password�Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Groups to add this group to�Groups to add this user to�Groups to remove this group from�Groups to remove this user from�Home directory�Home directory attribute�Host identity provider�Host not specified �Hostnames and/or fully qualified domain names of this machine to filter sudo rules�How long (minutes) to deny login after offline_failed_login_attempts has been reached�How long to allow cached logins between online logins (days)�How long to keep cached entries after last successful login (days)�How long to retain a connection to the LDAP server before disconnecting�How long to wait for replies from DNS when resolving servers (seconds)�How long will be in-memory cache records valid�How many days before password expiration a warning should be displayed�How many failed logins attempts are allowed when offline�How many seconds to keep a host in the known_hosts file after its host keys were requested�How many seconds to keep identity information cached for PAM requests�How often should expired entries be refreshed in background�How often to periodically update the client's DNS entry�How to dereference aliases�IPA client hostname�IPA domain�IPA server address�IPv4 or IPv6 addresses or network of this machine to filter sudo rules�Identity provider�Idle time before automatic disconnection of a client�If DENY rules are present, either DENY_ALL or IGNORE�If a shell stored in central directory is allowed but not available, use this fallback�If set to false, host argument given by PAM will be ignored�Include microseconds in timestamps in debug logs�Include timestamps in debug logs�Internal error while parsing parameters �Internal error. Could not print group. �Internal error. Could not remove group. �Internal error. Could not remove user. �Invalid domain specified in FQDN �Invalid port �Invalidate all autofs maps�Invalidate all groups�Invalidate all netgroups�Invalidate all services�Invalidate all users�Invalidate particular autofs map�Invalidate particular group�Invalidate particular netgroup�Invalidate particular service�Invalidate particular user�Kerberos backup server address�Kerberos realm�Kerberos server address�Kerberos service keytab�Kill users' processes before removing him�LDAP filter to determine access privileges�Length of time between attempts to reconnect while offline�Length of time between cache cleanups�Length of time between enumeration updates�Length of time to attempt connection�Length of time to attempt synchronous LDAP operations�Length of time to wait for a enumeration request�Length of time to wait for a search request�Lifetime of TGT for LDAP connection�Lifetime of the TGT�List of UIDs or user names allowed to access the PAC responder�List of possible ciphers suites�Location of the keytab to validate credentials�Location of the user's credential cache�Lock the account�Login shell�Lower bound for ID-mapping�Magic Private �Maximum nesting level SSSd will follow�Maximum user ID�Member groups must be in the same domain as parent group �Minimum user ID�Modification time attribute�Modification time attribute for groups�Modification time attribute for netgroups�NSS request failed (%1$d). Entry might remain in memory cache. �Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set) �Name of the default domain for ID-mapping�Negative cache timeout length (seconds)�Netgroup UUID attribute�Netgroup name�Netgroup triple attribute�Netgroups members attribute�Never create user's directory, overrides config�New Password: �No cache object matched the specified search �No such group in local domain. Printing groups only allowed in local domain. �No such group in local domain. Removing groups only allowed in local domain. �No such user in local domain. Removing users only allowed in local domain. �Not enough memory �Not removing home dir - not owned by user �Number of IDs for each slice when ID-mapping�Number of times to attempt connection to Data Providers�Object class for automounter map entries�Object class for automounter maps�Object class for sudo rules�Objectclass for groups�Objectclass for netgroups�Objectclass for services�Objectclass for users�Only invalidate entries from a particular domain�Only one argument expected �Out of memory �Override GID value from the identity provider with this value�Override homedir value from the identity provider with this value�Override shell value from the identity provider with this value�PAM stack to use�Password change failed. �Password change provider�Password expired. Change your password now.�Password reset by root is not supported.�Password: �Passwords do not match�Path to CA certificate directory�Ping timeout before restarting service�Please select at least one object to invalidate �Policy to evaluate the password expiration�Primary GID attribute�Print indirect group members recursively�Print version number and exit�Printf-compatible format for displaying fully-qualified names�Privileged socket has wrong ownership or permissions.�Public socket has wrong ownership or permissions.�Reenter new Password: �Regex to parse username and domain�Remove home directory and mail spool�Renewable lifetime of the TGT�Require TLS certificate verification�Require TLS for ID lookups�Restrict or prefer a specific address family when performing DNS lookups�Run interactive (not a daemon)�SID of the default domain for ID-mapping�SSH public key attribute�SSSD Domains to start�SSSD Services to start�SSSD is not run by root.�SUDO provider�Scope of user lookups�Search base for HBAC related objects�Search base for object containing info about IPA domain�Search base for objects containing info about ID ranges�Selects the principal to use for FAST�Send the debug output to files instead of stderr�Server message: �Server where the change password service is running if not on the KDC�Service name attribute�Service name for DNS service lookups�Service port attribute�Service protocol attribute�Session-loading provider�Set lower boundary for allowed IDs from the LDAP server�Set the verbosity of the debug logging�Set upper boundary for allowed IDs from the LDAP server�Shell attribute�Shell to use if the provider does not list one�Should filtered users appear in groups�Show timestamps with microseconds�Specify a non-default config file�Specify an alternative skeleton directory�Specify debug level you want to set �Specify group to add �Specify group to add to �Specify group to delete �Specify group to modify �Specify group to remove from �Specify group to show �Specify the minimal SSF for LDAP sasl authorization�Specify the sasl authorization id to use�Specify the sasl authorization realm to use�Specify the sasl mechanism to use�Specify user to add �Specify user to delete �Specify user to modify �Store password hashes�Store password if offline for later online authentication�Substitute empty homedir value from the identity provider with this value�Sudo rule command attribute�Sudo rule host attribute�Sudo rule name�Sudo rule notafter attribute�Sudo rule notbefore attribute�Sudo rule option attribute�Sudo rule order attribute�Sudo rule runasgroup attribute�Sudo rule runasuser attribute�Sudo rule user attribute�System is offline, password change not possible�The GID of the group�The GID of the user�The SELinux user for user's login�The SSSD domain to use�The Schema Type in use on the LDAP server, rfc2307�The TTL to apply to the client's DNS entry after updating it�The UID of the user�The amount of time between lookups of the HBAC rules against the IPA server�The amount of time in seconds between lookups of the SELinux maps against the IPA server�The authentication token of the default bind DN�The automounter location this IPA client is using�The comment string�The debug level to run with�The default base DN�The default bind DN�The domain part of service discovery DNS query�The interface whose IP should be used for dynamic DNS updates�The list of shells that will be vetoed, and replaced with the fallback shell�The list of shells users are allowed to log in with�The name of the NSS library to use�The number of file descriptors that may be opened by this responder�The number of members that must be missing to trigger a full deref�The number of records to retrieve in a single LDAP query�The path to the proxy command must be absolute �The port to use to connect to the host�The post-delete command failed: %1$s �The selected GID is outside the allowed range �The selected UID is outside the allowed range �The type of the authentication token of the default bind DN�The value of the password field the NSS provider should return�Time between two checks for renewal�Timeout between three failed ping checks and forcibly killing the service�Timeout for messages sent over the SBUS�Transaction error. Could not add group. �Transaction error. Could not add user. �Transaction error. Could not modify group. �Transaction error. Could not modify user. �Treat usernames as case sensitive�UID attribute�URI of a backup LDAP server where password changes are allowed�URI of an LDAP server where password changes are allowed�UUID attribute�Unexpected error while looking for an error description�Unexpected format of the server credential message.�Unlock the account�Upper bound for ID-mapping�Use ID-mapping of objectSID instead of pre-set IDs�Use Kerberos auth for LDAP connection�Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups�Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups�Use autorid-compatible algorithm for ID-mapping�Use only the upper case for realm names�User %1$s is outside the defined ID range for domain �User not specified �User principal attribute (for Kerberos)�User's home directory already exists, not copying data from skeldir �Username attribute�Users that SSSD should explicitly ignore�WARNING: The user (uid %1$lu) was still logged in when deleted. �What kind of authentication should be used to perform the DNS update�What kind of messages are displayed to the user during authentication�Whether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bind�Whether the nsupdate utility should default to using TCP�Whether the provider should explicitly update the PTR record as well�Whether to automatically update the client's DNS entry�Whether to automatically update the client's DNS entry in FreeIPA�Whether to create kdcinfo files�Whether to evaluate the time-based attributes in sudo rules�Whether to filter rules by hostname, IP addresses and network�Whether to hash host names and addresses in the known_hosts file�Whether to include rules that contains netgroup in host attribute�Whether to include rules that contains regular expression in host attribute�Whether to look up canonical group name from cache if possible�Whether to update the ldap_user_shadow_last_change attribute after a password change�Which attributes shall be used to evaluate if an account is expired�Which rules should be used to evaluate access control�Write debug messages to logfiles�Your password has expired. You have %1$d grace login(s) remaining.�Your password will expire in %1$d %2$s.�accountExpires attribute of AD�entryUSN attribute�krbLastPwdChange attribute�krbPasswordExpiration attribute�lastUSN attribute�ldap_backup_uri, The URI of the LDAP server�ldap_uri, The URI of the LDAP server�loginAllowedTimeMap attribute of NDS�loginDisabled attribute of NDS�loginExpirationTime attribute of NDS�memberOf attribute�nsAccountLock attribute�objectSID attribute�shadowExpire attribute�shadowFlag attribute�shadowInactive attribute�shadowLastChange attribute�shadowMax attribute�shadowMin attribute�shadowWarning attribute�userAccountControl attribute of AD�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: Tomoyuki KATO <tomo@dream.daynight.jp> Language-Team: Japanese (http://www.transifex.com/projects/p/fedora/language/ja/) Language: ja MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; � � %1$s は次のメンバー: � %1$s メンバーグループ: �%1$s は root として実行する必要があります �%1$s%2$s グループ: %3$s �%1$s GID 番号: %2$d �%1$s メンバーユーザー: �、キャッシュされたパスワードが失効します: �同じ名前または GID を持つグループがすでに存在します �同じ名前または ID を持つユーザーまたはグループがすでに存在します �アクセス制御プロバイダー�Active Directory バックアップサーバーのアドレス�Active Directory クライアントホスト名�Active Directory ドメイン�ID マッピングの Active Directory プライマリーグループ属性�Active Directory サーバーアドレス�デバッグのタイムスタンプを追加する�バックアップ IPA サーバーのアドレス�エラーが発生しましたが、説明がありませんでした。�デバッグログのオープンファイルディスクリプター�サーバー側パスワードポリシーが有効であることを意味する属性�認可された PAM サービスを一覧化する属性�認可されたサーバーホストを一覧化する属性�キャッシュされているクレディンシャルを用いて認証されました�次まで認証が拒否されます: �認証プロバイダー�認証のタイムアウト�Autofs プロバイダー�自動的な完全更新間隔�自動的なスマート更新間隔�automounter マップエントリーのキー属性�automounter マップエントリーの値属性�オートマウントのマップ名の属性�automonter のマップ検索のベース DN�グループ検索のベース DN�ネットグループ検索のベース DN�サービス検索のベース DN�sudo ルール検索のベース DN�ユーザー検索のベース DN�ホームディレクトリーのベース�デーモンとして実行(デフォルト)�オフラインログインのためにクレディンシャルをキャッシュする�ユーザーのホームディレクトリーを作成できません: %1$s �ユーザーのメールスプールを作成できません: %1$s �ユーザーがこのプラットフォームにログインしていたかを確認できませんでした�ローカルドメインにグループ %1$s を見つけられません �ローカルドメインにグループ %1$s が見つかりません。ローカルドメインにあるグループのみが許可されます �ローカルドメインにグループが見つかりませんでした。グループの変更はローカルドメインにおいてのみ許可されます �ローカルドメインにユーザーを見つけられません。ユーザーの変更はローカルドメインにおいてのみ許可されます。 �ユーザーに関する情報を取得できません �ホームディレクトリーを削除できません: %1$s �SELinux ログインコンテキストをリセットできません �SELinux ログインコンテキストを設定できません �デフォルト値を設定できません �許可ユーザーのカンマ区切り一覧�禁止ユーザーのカンマ区切り一覧�サービス開始のコマンド�グループに ID を割り当てられませんでした - ドメインがいっぱいですか? �ユーザーに ID を割り当てられませんでした - ドメインがいっぱいですか? �グループを変更できませんでした - グループ名が正しいかを確認してください �グループを変更できませんでした - メンバーグループ名が正しいかを確認してください �ユーザーを変更できませんでした - グループ名が正しいかを確認してください �ユーザーを変更できませんでした - ユーザーはすでにグループのメンバーですか? �利用可能なドメインを開けませんでした �ドメイン %1$s を開けませんでした。ドメインがサブドメイン (信頼済みドメイン) であれば、--domain/-d パラメーターの代わりに完全修飾名を使用してください。 �%1$s を無効化できませんでした�%1$s %2$s を無効化できませんでした�ユーザーのディレクトリーが存在しなければ作成する�現在のパスワード: �LDAP パスワードの変更サーバーの DNS サービス名�デバッグレベル�デフォルトのシェル, /bin/bash�SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレクトリです。�クレディンシャルのキャッシュを保存するディレクトリー�Active Directory 範囲の取得の無効化�LDAP ページング制御を無効化する�ユーザー・グループを完全修飾形式で表示する�ホームディレクトリーとメールスプールを削除しない�情報プロバイダーのドメイン (必須)�domain 要素なしで追加するドメインの名前。�グループ検索にグループメンバーを含めない�DNS サイトの有効化 - 位置にサービス探索�クレディンシャルの検証を有効にする�すべてのユーザー・グループの列挙を有効にする�FAST を有効にする�エンタープライズ・プリンシパルの有効化�プリンシパル正規化を有効にする�エントリーキャッシュのバックグラウンド更新のタイムアウト時間(秒)�エントリーキャッシュのタイムアウト長(秒)�列挙キャッシュのタイムアウト(秒)�ツールを初期化中にエラーが発生しました �ツールを初期化中にエラーが発生しました - ローカルドメインがありません �公開鍵の検索中にエラーが発生しました �ロケールの設定中にエラーが発生しました �ユーザーがログインしていたかを確認中にエラーが発生しました �CA 証明書を含むファイル�クライアント証明書を含むファイル�クライアントの鍵を含むファイル�ユーザー検索のフィルター�LDAP リフェラルにしたがう�ユーザーにより所有されていないファイルの強制削除�氏名�GECOS の属性�GID 属性�グループ %1$s はドメインに対して定義された ID の範囲を越えています �グループ UUID 属性�グループメンバー属性�グループ名�グループのパスワード�グループ�グループがユーザーと同じドメインになければいけません �SSSD が明示的に無視するグループ�このグループに追加するグループ�このユーザーを追加するグループ�このグループから削除するグループ�このユーザーを削除するグループ�ホームディレクトリー�ホームディレクトリの属性�ホスト識別プロバイダー�ホストが指定されていません �sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイン名�offline_failed_login_attempts に達した後にログインを拒否する時間(分)�オンラインログイン中にキャッシュによるログインが許容される期間(日数)�最終ログイン成功時からキャッシュエントリーを保持する日数�LDAP サーバーを切断する前に接続を保持する時間�サーバーを名前解決するときに DNS から応答を待つ時間(秒)�メモリー内のキャッシュレコードが有効な期間�警告が表示されるパスワード失効前の日数�オフラインのときに許容されるログイン試行失敗回数�ホスト鍵が要求された後 known_hosts ファイルにホストを保持する秒数�PAM 要求に対してキャッシュされた認証情報を保持する秒数�期限切れのエントリーがバックグラウンドで更新される頻度�どのくらい定期的にクライアントの DNS エントリーを更新するか�エイリアスを参照解決する方法�IPA クライアントのホスト名�IPA ドメイン�IPA サーバーのアドレス�sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたはネットワーク�アイデンティティプロバイダー�クライアントの自動切断までのアイドル時間�DENY ルールが存在すると、DENY_ALL または IGNORE です�中央ディレクトリーに保存されたシェルが許可されるが、利用できない場合、このフォールバックを使用する�もし偽に設定されていると、 PAM により渡されたホスト引数は無視されます�デバッグログにミリ秒単位のタイムスタンプを含める�デバッグログにタイムスタンプを含める�パラメーターを解析中に内部エラーが発生しました �内部エラー。グループを表示できませんでした。 �内部エラー。グループを削除できませんでした。 �内部エラー。ユーザーを削除できませんでした。 �FQDN で指定されたドメインが無効です �無効なポート �すべての autofs マップの無効化�すべてのグループを無効にする�すべてのネットワークグループを無効にする�すべてのサービスの無効化�すべてのユーザーを無効にする�特定の autofs マップの無効化�特定のグループを無効にする�特定のネットワークグループを無効にする�特定のサービスの無効化�特定のユーザーを無効にする�Kerberos バックアップサーバーのアドレス�Kerberos レルム�Kerberos サーバーのアドレス�Kerberos サービスのキーテーブル�ユーザーを削除する前にそのユーザーのプロセスを強制停止する�アクセス権限を決めるための LDAP フィルター�オフラインの間に再接続を試行する時間�キャッシュをクリーンアップする間隔�列挙の更新間隔�接続を試行する時間�LDAP 同期操作を試行する時間�列挙の要求を待つ時間�検索要求を待つ時間�LDAP 接続の TGT の有効期間�TGT の有効期間�PAC レスポンダーへのアクセスが許可された UID またはユーザー名の一覧�利用可能な暗号の一覧�クレディンシャルを検証するキーテーブルの場所�ユーザーのクレディンシャルキャッシュの位置�アカウントをロックする�ログインシェル�ID マッピングの下限�マジックプライベート �SSSd がしたがう最大入れ子レベル�最大ユーザー ID�メンバーグループが親グループと同じドメインにある必要があります �最小ユーザー ID�変更日時の属性�グループの変更日時の属性�ネットグループの変更日時の属性�NSS リクエストに失敗しました (%1$d)。項目はメモリーキャッシュに残されます。 �名前 '%1$s' が FQDN であるように見えません ('%2$s = TRUE' が設定されます) �ID マッピングに対するデフォルトドメインの名前�ネガティブキャッシュのタイムアウト(秒)�ネットグループ UUID の属性�ネットグループ名�ネットグループの三つ組の属性�ネットグループメンバーの属性�ユーザーのディレクトリーを作成しない、設定を上書きする�新しいパスワード: �指定された検索に一致するキャッシュオブジェクトがありません �そのようなグループはローカルドメインにありません。グループの表示はローカルドメインにおいてのみ許可されます。 �そのようなグループはローカルドメインにありません。グループの削除はローカルドメインにおいてのみ許可されます。 �そのようなユーザーはローカルドメインにいません。ユーザーの削除はローカルドメインにおいてのみ許可されます。 �十分なメモリーがありません �ホームディレクトリーを削除していません - ユーザーにより所有されていません �ID マッピングするとき、各スライスに対する ID の数�データプロバイダーの接続を試行する回数�automounter マップエントリーのオブジェクトクラス�automounter マップのオブジェクトクラス�sudo ルールのオブジェクトクラス�グループのオブジェクトクラス�ネットグループのオブジェクトクラス�サービスのオブジェクトクラス�ユーザーのオブジェクトクラス�特定のドメインのみからエントリーを無効にする�引数が一つのみ期待されます �メモリー不足 �識別プロバイダーからの GID 値をこの値で上書きする�識別プロバイダーからのホームディレクトリーの値をこの値で上書きする�アイデンティティプロバイダーからのシェル値をこの値で上書きします�使用する PAM スタック�パスワードの変更に失敗しました。 �パスワード変更プロバイダー�パスワードの期限が切れました。いますぐパスワードを変更してください。�root によるパスワードのリセットはサポートされません。�パスワード: �パスワードが一致しません�CA 証明書のディレクトリーのパス�サービス再起動前の Ping タイムアウト�無効化するオブジェクトを少なくとも一つ選択してください �パスワード失効の評価のポリシー�プライマリー GID の属性�間接グループメンバーを再帰的に表示する�バージョン番号を表示して終了する�完全修飾名を表示するための printf 互換の形式�特権ソケットの所有者またはパーミッションが誤っています。�公開ソケットの所有者またはパーミッションが誤っています。�新しいパスワードの再入力: �ユーザー名とドメインを構文解析する正規表現�ホームディレクトリーとメールスプールを削除する�更新可能な TGT の有効期間�TLS 証明書の検証を要求する�ID 検索に TLS を要求する�DNS 検索を実行するときに特定のアドレスファミリーを制限または優先します�対話的に実行(デーモンではない)�ID マッピングに対するデフォルトドメインの SID�SSH 公開鍵の属性�開始する SSSD ドメイン�開始する SSSD サービス�SSSD は root により実行されません。�SUDO プロバイダー�ユーザー検索の範囲�HBAC 関連オブジェクトの検索ベース�IPA ドメインに関する情報を含むオブジェクトに対する検索ベース�ID 範囲に関する情報を含むオブジェクトに対する検索ベース�FAST に使用するプリンシパルを選択する�デバッグ出力を標準エラーの代わりにファイルに送信する�サーバーのメッセージ: �KDC になければ、パスワード変更サービスが実行されているサーバー�サービス名の属性�DNS サービス検索のサービス名�サービスポートの属性�サービスプロトコルの属性�セッション読み込みプロバイダー�LDAP サーバーから許可される ID の下限の設定�デバッグのロギングの冗長性を設定する�LDAP サーバーから許可される ID の上限の設定�シェルの属性�プロバイダーが一覧に持っていないとき使用するシェル�フィルターされたユーザーをグループに表示する�タイムスタンプをミリ秒単位で表示する�非標準の設定ファイルの指定�代替のスケルトンディレクトリーを指定する�設定したいデバッグレベルを指定する �追加するグループを指定してください �追加するグループを指定してください �削除するグループを指定してください �変更するグループを指定してください �削除するグループを指定してください �表示するグループを指定してください �LDAP SASL 認可の最小 SSF を指定する�使用する SASL 認可 ID を指定する�使用する SASL 認可レルムを指定する�使用する SASL メカニズムを指定する�追加するユーザーを指定してください �削除するユーザーを指定する �変更するユーザーを指定してください �パスワードハッシュを保存する�後からオンライン認証するためにオフラインの場合にパスワードを保存します�アイデンティティプロバイダーからの空のホームディレクトリーをこの値で置き換えます�sudo ルールのコマンドの属性�sudo ルールのホストの属性�sudo ルール名�sudo ルールの notafter の属性�sudo ルールの notbefore の属性�sudo ルールのオプションの属性�sudo ルールの order の属性�sudo ルールの runasgroup の属性�sudo ルールの runasuser の属性�sudo ルールのユーザーの属性�システムがオフラインです、パスワード変更ができません�グループの GID�ユーザーの GID�ユーザーのログインに対する SELinux ユーザー�使用する SSSD ドメイン�LDAP サーバーにおいて使用中のスキーマ形式, rfc2307�クライアントの DNS 項目を更新後、適用する TTL�ユーザーの UID�IPA サーバーに対する HBAC ルールを検索している間の合計時間�IPA サーバーに対する SELinux マップの検索の間の秒単位の合計時間�デフォルトのバインド DN の認証トークン�この IPA クライアントが使用している automounter の場所�コメント文字列�実行するデバッグレベル�デフォルトのベース DN�デフォルトのバインド DN�サービス検索 DNS クエリーのドメイン部分�動的 DNS 更新のために使用される IP のインターフェース�拒否されてフォールバックシェルで置き換えられるシェルの一覧�ユーザーがログインを許可されるシェルの一覧�使用する NSS ライブラリーの名前�このレスポンダーににより開かれるファイル記述子の数�完全な参照解決を引き起こすために欠けている必要があるメンバーの数�単一の LDAP 問い合わせにおいて取得するレコード数�プロキシーコマンドへのパスは絶対パスにする必要があります �ホストへの接続に使用するポート�削除後コマンドの実行に失敗しました: %1$s �選択された GID は許容される範囲を越えています �選択された UID は許容される範囲を越えています �デフォルトのバインド DN の認証トークンの種類�NSS プロバイダーが返すパスワード項目の値�更新を確認する間隔�3 回 の ping チェック失敗とサービスの強制停止のタイムアウト間隔�SBUS 経由のメッセージ送信のタイムアウト�トランザクションエラー。グループを追加できませんでした。 �トランザクションエラー。ユーザーを追加できませんでした。 �トランザクションエラー。グループを変更できませんでした。 �トランザクションエラー。ユーザーを変更できませんでした。 �ユーザー名が大文字小文字を区別するよう取り扱う�UID の属性�パスワードの変更が許可されるバックアップ LDAP サーバーの URI�パスワードの変更が許可される LDAP サーバーの URI�UUID の属性�エラーの説明を検索中に予期しないエラーが発生しました�サーバーのクレディンシャルメッセージの予期しない形式です。�アカウントをロック解除する�ID マッピングの上限�事前設定済み ID の代わりに objectSID の ID マッピングを使用します�LDAP 接続に対して Kerberos 認証を使用する�グループ検索のために LDAP_MATCHING_RULE_IN_CHAIN を使用します�初期グループの検索のために LDAP_MATCHING_RULE_IN_CHAIN を使用します�ID マッピングに対する autorid 互換アルゴリズムを使用します�レルム名に対して大文字のみを使用する�ユーザー %1$s はドメインに対して定義された ID の範囲を超えています �ユーザーが指定されていません �ユーザープリンシパルの属性(Kerberos 用)�ユーザーのホームディレクトリーがすでに存在します、スケルトンディレクトリーからデータをコピーしません �ユーザー名の属性�SSSD が明示的に無視するユーザー�警告: ユーザー (uid %1$lu) が削除されたときにまだログインしていました。 �DNS 更新を実行するために使用すべき認証の種類�認証中にユーザーに表示されるメッセージの種類�LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実行するかどうか�nsupdate ユーティリティが標準で TCP を使用するかどうか�プロバイダーが同じように PTR レコードを明示的に更新する必要があるかどうか�自動的にクライアントの DNS エントリーを更新するかどうか�FreeIPA にあるクライアントの DNS エントリーを自動的に更新するかどうか�kdcinfo ファイルを作成するかどうか�sudo ルールにおいて時間による属性を評価するかどうか�ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するかどうか�known_hosts ファイルにおいてホスト名とアドレスをハッシュ化するかどうか�ホスト属性にネットワークグループを含むルールを含めるかどうか�ホスト属性に正規表現を含むルールを含めるかどうか�可能ならばキャッシュから正規化されたグループ名を検索するかどうか�パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか�どの属性がアカウントが失効しているかを評価するために使用されるか�どのルールがアクセス制御を評価するために使用されるか�デバッグメッセージをログファイルに書き込む�パスワードの期限が切れています。あと %1$d 回ログインできます。�あなたのパスワードは %1$d %2$s に危険が切れます。�AD の accountExpires 属性�entryUSN 属性�krbLastPwdChange 属性�krbPasswordExpiration 属性�lastUSN 属性�ldap_backup_uri, LDAP サーバーの URI�ldap_uri, LDAP サーバーの URI�NDS の loginAllowedTimeMap 属性�NDS の loginDisabled 属性�NDS の loginExpirationTime 属性�memberOf 属性�nsAccountLock 属性�objectSID 属性�shadowExpire 属性�shadowFlag 属性�shadowInactive 属性�shadowLastChange 属性�shadowMax 属性�shadowMin 属性�shadowWarning 属性�AD の userAccountControl 属性���������������������������sssd-1.11.5/po/PaxHeaders.13173/fr.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015140� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954961.935874743 30 ctime=1396954962.532874302 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/fr.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000177463�12320753107�015404� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # MarbolanGos Fabien <marbolangos@gmail.com>, 2012 # Jérôme Fenal <jfenal@gmail.com>, 2012-2013 # MarbolanGos Fabien <marbolangos@gmail.com>, 2012 # Mariko Vincent <dweu60@gmail.com>, 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n" "Language-Team: French (http://www.transifex.com/projects/p/fedora/language/" "fr/)\n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "Définir le niveau de détails de la sortie de débogage" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "Ajouter l'horodatage dans les fichiers de débogage" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" "Ajouter les microsecondes pour l'horodatage dans les journaux de débogage" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "Écrire les messages de débogage dans les journaux" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "Délai d'attente de réponse avant de redémarrer le service" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" "Délai entre une série de trois ping en échec et une mort violente et forcée " "du service" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "Commande pour démarrer le service" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "Nombre d'essais pour tenter de se connecter au fournisseur de données" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" "Le nombre de descripteurs de fichiers qui peuvent être ouverts par ce " "répondeur" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "durée d'inactivité avant la déconnexion automatique d'un client" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "Services SSSD à démarrer" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "Domaines SSSD à démarrer" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "Délai d'attente pour les messages à envoyer à travers SBUS" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "Expression rationnelle d'analyse des noms d'utilisateur et de domaine" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "Format compatible printf d'affichage des noms complétement qualifiés" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "Répertoire du système de fichiers où SSSD doit stocker les fichiers de " "relecture de Kerberos." #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "Domaine à ajouter aux noms sans composant de nom de domaine." #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "Délai d'attente du cache d'énumération (en secondes)" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" "Délai d'attente de mise à jour en arrière-plan de l'entrée de cache (en " "secondes)" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "Délai d'attente du cache négatif (en secondes)" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "Utilisateurs que SSSD doit explicitement ignorer" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "Groupes que SSSD doit explicitement ignorer" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "Les utilisateurs filtrés doivent-ils apparaître dans les groupes" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "Valeur du champ de mot de passe que le fournisseur NSS doit renvoyer" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" "Remplacer par cette valeur celle du répertoire personnel obtenu avec le " "fournisseur d'identité" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" "Substitution de la valeur homedir vide du fournisseur d'identité avec cette " "valeur" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "Écraser le shell donné par le fournisseur d'identité avec cette valeur" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" "Liste des interpréteurs de commandes utilisateurs autorisés pour se connecter" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" "Liste des interpréteurs de commandes bannis et remplacés par celui par défaut" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" "Si un interpréteur de commandes stocké dans l'annuaire central est autorisé " "mais indisponible, utiliser à défaut celui-ci" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "Shell à utiliser si le fournisseur n'en propose aucun" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "Durée de maintien en cache des enregistrements valides" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" "Délai pendant lequel les connexions utilisant le cache sont autorisées entre " "deux connexions en ligne (en jours)" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "Nombre d'échecs de connexions hors-ligne autorisés" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" "Durée d'interdiction de connexion après que offline_failed_login_attempts " "est atteint (en minutes)" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" "Quels types de messages sont affichés à l'utilisateur pendant " "l'authentification" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" "Durée en secondes pendant laquelle les informations d'identité sont gardées " "en cache pour les requêtes PAM" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" "Nombre de jours précédent l'expiration du mot de passe avant lesquels un " "avertissement doit être affiché" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "Faut-il évaluer les attributs dépendants du temps dans les règles sudo" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" "Condenser ou non les noms de systèmes et adresses du fichier known_hosts" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" "Le nombre de secondes pour garder un hôte dans le fichier known_hosts après " "que ses clés d'hôte ont été demandées" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" "Listes des UID ou nom d'utilisateurs autorisés à accéder le répondeur PAC" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Fournisseur d'identité" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Fournisseur d'authentification" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "Fournisseur de contrôle d'accès" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "Fournisseur de changement de mot de passe" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "Fournisseur SUDO" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "Fournisseur autofs" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "Fournisseur de chargement de session" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "Fournisseur d'identité de l'hôte" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "Identifiant utilisateur minimum" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "Identifiant utilisateur maximum" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "Activer l'énumération de tous les utilisateurs/groupes" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "Mettre en cache les crédits pour une connexion hors-ligne" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "Stocker les sommes de contrôle des mots de passe" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "Afficher les utilisateurs/groupes dans un format complétement qualifié" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "Ne pas inclure les membres des groupes dans les recherches de groupes." #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "Durée de validité des entrées en cache (en secondes)" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "Restreindre ou préférer une famille d'adresses lors des recherches DNS" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Durée de validité des entrées en cache après la dernière connexion réussie " "(en jours)" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" "Délai d'attente des réponses du DNS lors de la résolution des serveurs (en " "secondes)" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "La partie domaine de la requête de découverte de service DNS" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "Écraser la valeur du GID du fournisseur d'identité avec cette valeur" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "Considère les noms d'utilisateur comme casse dépendant" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "Fréquence de rafraîchissement en arrière plan des entrées expirées" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "Choisir de mettre à jour automatiquement l'entrée DNS du client" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "Le TTL à appliquer à l'entrée DNS du client après modification" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "L'interface dont l'adresse IP doit être utilisée pour les mises à jour " "dynamiques du DNS" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "Fréquence de mise à jour automatique de l'entrée DNS du client" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" "Selon que le fournisseur doit aussi ou non mettre à jour explicitement " "l'enregistrement PTR" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "Selon que l'utilitaire nsupdate doit utiliser TCP par défaut" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" "Quel type d'authentification doit être utilisée pour effectuer la mise à " "jour DNS" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 #, fuzzy msgid "How often should subdomains list be refreshed" msgstr "Fréquence de rafraîchissement en arrière plan des entrées expirées" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "Domaine IPA" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "Adresse du serveur IPA" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "Adresse du serveur IPA de secours" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "Nom de système du client IPA" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Choisir de mettre à jour automatiquement l'entrée DNS du client dans FreeIPA" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "Base de recherche pour les objets HBAC" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "Délai entre les recherches de règles HBAC sur le serveur IPA" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "Délai entre les recherches de cartes SELinux sur le serveur IPA" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "Si les règles DENY sont présentes, utiliser soit DENY_ALL soit IGNORE" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "Si mit à false, l’argument de l'hôte donné par PAM est ignoré" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" "L'emplacement de la carte de montage automatique utilisée par le client IPA" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" "Base de recherche pour l'objet contenant les informations de base à propos " "du domaine IPA" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" "Base de recherche pour les objets contenant les informations à propos des " "plages d'ID" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "Activer les sites DNS - découverte de service basée sur l'emplacement" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "Domaine Active Directory" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "Adresse du serveur Active Directory" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "Adresse du serveur Active Directory de secours" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "Nom de système du client Active Directory" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Adresse du serveur Kerberos" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "Adresse du serveur Kerberos de secours" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Domaine Kerberos" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "Délai avant expiration de l'authentification" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "Choisir de créer ou non les fichiers kdcinfo" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "Répertoire pour stocker les caches de crédits" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "Emplacement du cache de crédits de l'utilisateur" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "Emplacement du fichier keytab de validation des crédits" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "Activer la validation des crédits" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" "Stocker le mot de passe, si hors-ligne, pour une authentification ultérieure " "en ligne" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "Durée de vie renouvelable du TGT" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "Durée de vie du TGT" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "Durée entre deux vérifications pour le renouvellement" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "Active FAST" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "Sélectionne le principal pour être utilisé avec FAST" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "Active la canonisation du principal" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "Active les principals d'entreprise" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Serveur où tourne le service de changement de mot de passe s'il n'est pas " "sur le KDC" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, l'adresse du serveur LDAP" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, l'URI du serveur LDAP" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "La base DN par défaut" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "Le DN de connexion par défaut" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "Le type de jeton d'authentification du DN de connexion par défaut" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "Le jeton d'authentification du DN de connexion par défaut" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "Durée pendant laquelle il sera tenté d'établir la connexion" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "N'utiliser que des majuscules pour les noms de domaine" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "Fichier contenant les certificats des CA" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "Chemin vers le répertoire de certificats des CA" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "Fichier contenant le certificat client" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "Fichier contenant la clé du client" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "Liste des suites de chiffrement possibles" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "Requiert une vérification de certificat TLS" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "Spécifier le mécanisme SASL à utiliser" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "Spécifier l'identité d'authorisation SASL à utiliser" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "Spécifier le domaine d'authorisation SASL à utiliser" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "Service du fichier keytab de Kerberos" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "Suivre les référents LDAP" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "Durée de vie du TGT pour la connexion LDAP" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "Comment déréférencer les alias" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "Nom du service pour les recherches DNS" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "Le nombre d'enregistrements à récupérer dans une requête LDAP unique" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "Nombre de membres qui doivent être manquants pour activer un déréférencement " "complet" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" "Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser le " "nom d'hôte pendant une connexion SASL ?" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "attribut entryUSN" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "attribut lastUSN" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" "Combien de temps conserver la connexion au serveur LDAP avant de se " "déconnecter" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "Désactiver le contrôle des pages LDAP" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "Désactiver la récupération de plage Active Directory." #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "Durée d'attente pour une requête de recherche" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "Durée d'attente pour une requête d'énumération" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "Durée entre deux mises à jour d'énumération" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "Durée entre les nettoyages de cache" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "TLS est requis pour les recherches d'identifiants" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" "Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-" "établis" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "Base DN pour les recherches d'utilisateurs" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "Scope des recherches d'utilisateurs" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "Filtre pour les recherches d'utilisateurs" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "Classe d'objet pour les utilisateurs" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "Attribut de nom d'utilisateur" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "Attribut UID" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "Attribut de GID primaire" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "Attribut GECOS" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "Attribut de répertoire utilisateur" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "Attribut d'interpréteur de commandes" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "Attribut UUID" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "attribut objectSID" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "Groupe primaire Active Directory pour la correspondance d'ID" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "Attribut d'utilisateur principal (pour Kerberos)" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Nom complet" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "Attribut memberOf" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "Attribut de date de modification" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "Attribut shadowLastChange" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "Attribut shadowMin" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "Attribut shadowMax" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "Attribut shadowWarning" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "Attribut shadowInactive" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "Attribut shadowExpire" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "Attribut shadowFlag" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "Attribut listant les services PAM autorisés" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "Attribut listant les systèmes serveurs autorisés" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "Attribut krbLastPwdChange" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "Attribut krbPasswordExpiration" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" "Attribut indiquant que la stratégie de mot de passe du serveur est active" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "Attribut AD accountExpires" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "Attribut AD userAccountControl" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "Attribut nsAccountLock" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "Attribut NDS loginDisabled" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "Attribut NDS loginExpirationTime" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "Attribut NDS loginAllowedTimeMap" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "Attribut de clé public SSH" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "DN de base pour les recherches de groupes" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "Classe d'objet pour les groupes" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "Nom du groupe" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "Mot de passe du groupe" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "Attribut GID" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "Attribut membre du groupe" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "Attribut d'UUID du groupe" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "Attribut de date de modification pour les groupes" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "Niveau de récursion maximum que SSSd doit suivre" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "DN de base pour les recherches de netgroup" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "Classe d'objet pour les groupes réseau" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "Nom du groupe réseau" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "Attribut des membres des groupes réseau" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "Attribut triplet du groupe réseau" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "Attribut d'UUID du groupe réseau" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "Attribut date de modification pour les groupes réseau" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "Nom de domaine (DN) de base pour les recherches de service" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "Classe objet pour les services" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "Attribut de nom de service" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "Attribut de port du service" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "Attribut de service du protocole" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "Limite inférieure pour la correspondance d'ID" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "Limite supérieure pour la correspondance d'ID" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "Nombre d'ID par tranche pour la correspondance d'ID" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" "Utilisation d'un algorithme compatible autorid pour la correspondance d'ID" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "Nom du domaine par défaut pour la correspondance d'ID" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "SID du domaine par défaut pour la correspondance d'ID" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "Utiliser LDAP_MATCHING_RULE_IN_CHAIN pour les recherches de groupes" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" "Utiliser LDAP_MATCHING_RULE_IN_CHAIN pour les recherches de groupes " "d'initialisation" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" "Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" "Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "Stratégie d'évaluation de l'expiration du mot de passe" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "Filtre LDAP pour déterminer les autorisations d'accès" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "Quels attributs utiliser pour déterminer si un compte a expiré" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "URI d'un serveur LDAP où les changements de mot de passe sont acceptés" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" "URI d'un serveur LDAP de secours où sont autorisées les modifications de mot " "de passe" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "Nom du service DNS pour le serveur de changement de mot de passe LDAP" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" "Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un " "changement de mot de passe" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "Périodicité de rafraichissement total" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "Périodicité de rafraichissement intelligent" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "Filter ou non sur les noms de systèmes, adresses IP et réseaux" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" "Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour " "filtrer les règles sudo" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles " "sudo" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Inclure ou non les règles qui contiennent un netgroup dans l'attribut host" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Inclure ou non les règles qui contiennent une expression rationnelle dans " "l'attribut host" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "Classe objet pour les règles sudo" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "Règle de nom sudo" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "Attribut de commande de règle sudo" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "Attribut hôte de la règle sudo" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "Attribut utilisateur de la règle sudo" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "Attribut option de la règle sudo" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "Attribut runasuser de la règle sudo" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "Attribut runasgroup de la règle sudo" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "Attribut notbefore de la règle sudo" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "Attribut notafter de règle sudo" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "Attribut d'ordre de règle sudo" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "Classe objet pour la carte de montage automatique" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "Nom de l'attribut de carte de montage automatique" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "Classe objet pour l'entrée de référence de montage automatique" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "Attribut de clé d'entrée pour la carte de montage automatique" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "Attribut de valeur pour la carte de montage automatique" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "Base DN pour les requêtes de carte de montage automatique" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "Liste, séparée par des virgules, d'utilisateurs interdits" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Interpréteur de commande par défaut : /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "Base pour les répertoires utilisateur" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "Nom de la bibliothèque NSS à utiliser" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "Rechercher le nom canonique du groupe dans le cache si possible" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "Pile PAM à utiliser" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "Devenir un démon (par défaut)" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "Fonctionner en interactif (non démon)" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "Définir un fichier de configuration différent de celui par défaut" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "Afficher le numéro de version et quitte" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "Niveau de débogage" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "Ajouter l'horodatage au débogage" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "Afficher l'horodatage en microsecondes" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "Un descripteur de fichier ouvert pour les journaux de débogage" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "Domaine du fournisseur d'informations (obligatoire)" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" "Le socket privilégié a de mauvaises permissions ou un mauvais propriétaire." #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" "Le socket public a de mauvaises permissions ou un mauvais propriétaire." #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "Le message du serveur de crédits a un format inattendu." #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "SSSD n'est pas démarré par root." #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "Une erreur est survenue mais aucune description n'est trouvée." #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "Erreur inattendue lors de la recherche de la description de l'erreur" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "Les mots de passe ne correspondent pas" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" "La réinitialisation du mot de passe par root n'est pas prise en charge." #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "Authentifié avec les crédits mis en cache" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr ", votre mot de passe en cache expirera à :" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" "Votre mot de passe a expiré. Il vous reste %1$d connexion(s) autorisée(s)." #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Votre mot de passe expirera dans %1$d %2$s." #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "L'authentification est refusée jusque :" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "" "Le système est hors-ligne, les modifications du mot de passe sont impossibles" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "Échec du changement de mot de passe." #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "Message du serveur : " #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Nouveau mot de passe : " #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Retaper le nouveau mot de passe : " #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Mot de passe : " #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Mot de passe actuel : " #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "Mot de passe expiré. Changez votre mot de passe maintenant." #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "Le niveau de débogage utilisé avec" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "Le domaine SSSD à utiliser" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "Erreur lors du paramétrage de la locale\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "Mémoire insuffisante\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "Utilisateur non spécifié\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "Erreur lors de la recherche des clés publiques\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "Le port à utiliser pour se connecter à l'hôte" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "Port invalide\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "Hôte non spécifié\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "Le chemin vers la commande de proxy doit être absolue\n" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "L'UID de l'utilisateur" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "Phrase de commentaire" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Répertoire utilisateur" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Interpréteur de commandes de connexion" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Groupes" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Créer le repertoire utilisateur s'il n'existe pas" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "Ne jamais créer de répertoire utilisateur, outrepasse la configuration" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "Spécifie un répertoire squelette alternatif" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "L'utilisateur SELinux pour l'identifiant de l'utilisateur" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "Définir le groupe à ajouter à\n" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "Définir l'utilisateur à ajouter à\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "Erreur à l'initialisation des outils - aucun domaine local\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "Erreur à l'initialisation des outils\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "Domaine invalide définit dans le FQDN\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "Erreur interne lors de l'analyse des paramètres\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "Les groupes doivent être dans le même domaine que l'utilisateur\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "Impossible de trouver le groupe %1$s dans le domaine local\n" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "Impossible de définir les valeurs par défaut\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "L'UID sélectionné est en dehors de la plage autorisée\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "Impossible de définir le contexte de connexion SELinux\n" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "Impossible de trouver les informations sur l'utilisateur\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "Le répertoire de l'utilisateur existe déjà, les données du répertoire " "squelette ne sont pas copiées\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "Impossible de créer le répertoire de l'utilisateur : %1$s\n" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" "Impossible de créer le répertoire de réception des messages électroniques " "pour l'utilisateur : %1$s\n" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" "L'identifiant de l'utilisateur ne peut pas être alloué - domaine plein ?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "Un utilisateur ou groupe avec le même nom ou identifiant existe déjà\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "Erreur de transaction. Impossible d'ajouter l'utilisateur.\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "Le GID du groupe" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "Définir le groupe à ajouter\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "Le GID choisit est en dehors de la plage autorisée\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "Impossible d'allouer l'identifiant du groupe - domaine plein ?\n" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "Un groupe avec le même nom ou GID existe déjà\n" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "Erreur de transaction. Impossible d'ajouter le groupe.\n" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "Spécifier le groupe à supprimer\n" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" "Le groupe %1$s est en dehors de la plage d'identifiants définie pour le " "domaine\n" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" "Échec de requête NSS (%1$d). L'entrée peut persister dans le cache en " "mémoire.\n" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" "Aucun groupe dans le domaine local. La suppression de groupes n'est " "autorisée que dans le domaine local.\n" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "Erreur interne. Impossible de supprimer le groupe.\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "Groupes auxquels ce groupe sera ajouté" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "Groupes desquels ce groupe sera retiré" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "Définir le groupe duquel supprimer\n" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "Définir le groupe à modifier\n" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" "Impossible de trouver le groupe dans le domaine local, la modification des " "groupes n'est autorisée que dans le domaine local\n" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" "Les membres du groupe doivent être dans le même domaine que le groupe " "parent\n" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" "Impossible de trouver le groupe %1$s dans le domaine local, seuls les " "groupes du domaine local sont autorisés\n" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" "Impossible de modifier le groupe - vérifier que les noms des groupes membres " "sont corrects\n" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" "Impossible de modifier le groupe - vérifier que le nom du groupe est " "correct\n" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "Erreur de transaction. Impossible de modifier le groupe.\n" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "%1$s%2$sGroup: %3$s\n" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "Magie privée" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "%1$s GID numéro : %2$d\n" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "Utilisateurs membres de %1$s :" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" "\n" "%1$s est membre de : " #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" "\n" "Groupes membres de %1$s : " #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "Afficher les membres du groupe indirects récursivement" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "Définir le groupe à afficher\n" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" "Aucun groupe dans le domaine local. L'affichage des groupes n'est autorisé " "que dans le domaine local.\n" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "Erreur interne. Impossible d'afficher le groupe.\n" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "Suppression du répertoire personnel et de gestion des mails" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "Ne pas supprimer le répertoire personnel et de gestion des mails" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "Forcer la suppression des fichiers n'appartenant pas à l'utilisateur" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "Tuer les processus de l'utilisateur avant de le supprimer" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "Définir l'utilisateur à supprimer\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" "L'utilisateur %1$s est en dehors de la plage d'identifiants définie pour le " "domaine\n" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "Impossible de réinitialiser le contexte de connexion SELinux\n" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" "ATTENTION : l'utilisateur (uid %1$lu) était encore connecté lors de sa " "suppression.\n" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" "Impossible de savoir si l'utilisateur était connecté sur cette plateforme" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "Erreur en vérifiant si l'utilisateur était connecté\n" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "La commande post-suppression a échoué : %1$s\n" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" "Le répertoire personnel n'est pas supprimé - l'utilisateur n'en est pas le " "propriétaire\n" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "Impossible de supprimer le répertoire utilisateur : %1$s\n" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" "Aucun utilisateur dans le domaine local. La suppression des utilisateurs " "n'est autorisée que dans le domaine local.\n" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "Erreur interne. Impossible de supprimer l'utilisateur.\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "Le GID de l'utilisateur" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "Groupes auxquels ajouter cet utilisateur" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "Groupes auxquels enlever cet utilisateur" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Verrouiller le compte" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Déverrouiller le compte" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "Spécifier l'utilisateur à modifier\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" "Impossible de trouver l'utilisateur dans le domaine local, la modification " "des utilisateurs n'est autorisée que dans le domaine local\n" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" "Impossible de modifier l'utilisateur - vérifiez que les noms de groupe sont " "corrects\n" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" "Impossible de modifier l'utilisateur - l'utilisateur est déjà membre du " "groupe ?\n" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "Erreur de transaction. Impossible de modifier l'utlisateur.\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "Aucun object trouvé dans le cache pour la recherche spécifiée\n" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "Impossible d'invalider %1$s" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "Impossible d'invalider %1$s %2$s" #: src/tools/sss_cache.c:542 #, fuzzy msgid "Invalidate all cached entries except for sudo rules" msgstr "Invalider toutes les entrées en cache hors règles sudo" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "Invalider un utilisateur spécifique" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "Invalider tous les utilisateurs" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "Invalider un groupe particulier" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "Invalider tous les groupes" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "Invalider un groupe réseau particulier" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "Invalider tous les groupes réseau" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "Invalidation d'un service particulier" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "Invalidation de tous les services" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "Invalidation d'une carte autofs particulière" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "Invalidation de toutes les cartes autofs" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "N'invalider des entrées que d'un domaine spécifique" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "Merci de sélectionner au moins un objet à invalider\n" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" "Impossible d'ouvrir le domaine %1$s. Si le domaine est un sous-domaine " "(domaine approuvé), utiliser le nom pleinement qualifié au lieu du paramètre " "--domain/-d.\n" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "Impossible d'ouvrir aucun des domaines disponibles\n" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "\n" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "Définir le niveau de débogage à utiliser\n" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "Un seul argument est attendu\n" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" "Le nom « %1$s » ne semble pas être un FQDN (« %2$s = TRUE » est configuré)\n" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "Mémoire saturée\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "%1$s doit être lancé en tant que root\n" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "" "Envoyer la sortie de débogage vers un fichier plutôt que vers la sortie " "standard" �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/de.po���������������������������������������������������������������0000644�0000000�0000000�00000000073�12320753107�015120� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954961.87187479 30 ctime=1396954962.530874304 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/de.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000126624�12320753107�015356� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Fabian Affolter <fab@fedoraproject.org>, 2011 # sgallagh <sgallagh@redhat.com>, 2011 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: German (http://www.transifex.com/projects/p/fedora/language/" "de/)\n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "SSSD-Dienste zum Starten" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "SSSD-Domains zum Starten" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Identity Provider" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "IPA-Domain" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "IPA-Serveradresse" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "IPA-Client-Rechnername" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Kerberos-Serveradresse" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Kerberos Realm" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "Benutzername-Attribut" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "UID-Attribut" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "GECOS-Attribut" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "Shell-Attribut" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "UUID-Attribut" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Vollständiger Name" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "" #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr "" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "" #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "" #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "" #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "" #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "" #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Bneutzerverzeichnis" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Anmelde-Shell" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Gruppen" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Das Konto sperren" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Das Konto entsperren" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "" ������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/nl.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015302� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.412874391 30 atime=1396954962.412874391 30 ctime=1396954962.557874284 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/nl.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000124634�12320753522�015543� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ����\������!�����!�����!�����!�����!�����"�����-"�����C"��'���V"��1���~"��8���"�����"��&���#�� ���(#�����I#��7���a#�����#�����#�����#��3���#��*���$��B���J$��)���$��)���$��%���$�� ���%�����(%�����@%�����W%�����g%�����%��#���%��%���%�����%��#��� &�����1&�����K&�����h&�����&�����&�����&�����&��#���&��*���'��&���?'��;���f'��'���'��P���'��T���(��R���p(�����(�����(��#����)��!���$)�����F)��%���a)��(���)�����)��3���)��2���)��7���0*��A���h*��9���*��7���*��!���+�����>+�����+�����+��,���+�����),��0���<,�� ���m,�����y,��P���,��$���,��(���-�����1-��,���Q-��+���~-��.���-��2���-��,��� .��3���9.�����m.��#���.�� ���.�����.��"���.��6���.��$���3/��*���X/�����/��/���/�����/�����/��/��� 0��"���90��)���\0��!���0�����0�����0��,���0�� ���1����� 1�� ���1��6���+1�����b1�����w1�� ���1�����1�����1��*���1��)���1�����2����� 2�� ���;2�����\2�����|2�����2�����2�����2��R���2��U���"3��<���x3��B���3��G���3��F���@4��.���4��F���4��8���4��Z���65��E���5��;���5��7���6�����K6�����f6�� ���z6�����6��F���6�����6��4���6��4���&7��V���[7��;���7��0���7�� ���8��(���@8��'���i8��(���8��'���8��!���8�� ���9�����9�����-9�����C9�����\9�����t9�� ���9�����9�����9�����9�����:�����:�����=:�����L:�����d:��)���|:��*���:��:���:��%��� ;��*���2;��$���];��5���;��0���;��+���;��#���<�����9<��>���M<�����<��.���<��'���<�����=�� ���=����� =�����;=��&���J=�����q=��9���=�����=�����=��&���=��)���>��?���8>��<���x>��)���>��'���>�����?�� ���?�����-?�����G?��/���c?�����?��-���?��M���?��M���@��K���l@�����@��*���@��,���@��7���#A��(���[A��!���A�����A�����A�����A�����A����� B��0���"B�����SB�����oB��=���~B��A���B��?���B�����>C�����OC�����hC��+���C��(���C�� ���C�����C�� ���C��&���D��0���@D��*���qD�����D��(���D�����D��=���D��5���7E��1���mE�����E��"���E��$���E�����E��$���F�����AF��H���\F�����F��(���F�����F�����G�����G�����3G�� ���LG�����ZG��$���pG��7���G��7���G��%���H��0���+H�����\H��E���mH�����H��$���H�����H�����I�����!I��7���:I��&���rI��7���I�����I��.���I��&���J��!���7J��!���YJ��)���{J��$���J�����J�����J�����J�����K�����+K�����IK��3���`K��(���K��+���K��!���K����� L����� L�����8L�����PL��9���fL��I���L�����L�����M�����M�����.M�����KM�����iM�����M�����M�����M�����M��/���M�����$N�����9N��!���MN�����oN��2���N��<���N�����N��K��� O��X���VO��/���O��1���O�����P�����$P�����@P�����TP��.���hP��=���P��L���P��3���"Q��"���VQ��C���yQ��B���Q��8����R��/���9R��&���iR��%���R��.���R��.���R��;���S��>���PS��#���S��I���S��'���S��(���%T��'���NT��+���vT��*���T��!���T�� ���T��>���T��8���<U�����uU��7���U��3���U�����U�����V��2���V��%���QV��1���wV��5���V��/���V��'���W��5���7W�����mW��'���W��D���W�����W��(���X��@���*X��D���kX��E���X��i���X��8���`Y��D���Y��6���Y��A���Z�����WZ��;���wZ��=���Z��@���Z��A���2[��K���t[��>���[��T���[��C���T\��5���\�� ���\��B���\��'���2]�����Z]�����y]�����]�����]�����]��+���]��$���^��$���*^�����O^��$���n^�����^�����^�����^�����^�����^�����^�����_�����2_�����F_�����Z_��"���r_����_�����Ra�����Ta�����fa��%���ya�����a�����a�����a�����a��3���a��?���0b�����pb��%���b��!���b�����b��9���b�����$c��(���Bc�����kc��I���c��&���c��E���c��4���?d��/���td��+���d�����d�����d�����e�����e��&���,e��#���Se��(���we��&���e�����e��(���e�����f�����,f�����Lf��!���jf��(���f�����f��#���f��(���f��7���g��2���Vg��=���g��-���g��]���g��c���Sh��z���h��.���2i��,���ai��,���i��)���i��$���i��/��� j��/���:j�����jj��7���j��;���j��L���j��Y���Jk��L���k��L���k��%���>l�����dl�����m��!���%m��,���Gm�����tm��5���m�� ���m�����m��T���m��4���:n��(���on��.���n��.���n��+���n��.���"o��;���Qo��-���o��9���o��)���o��.���p�� ���Np�����[p��!���yp��9���p��&���p��+���p��'���(q��<���Pq��,���q��"���q��6���q��,���r��(���Ar��#���jr��'���r�����r��J���r�����s�����+s�� ���;s��?���Is�����s�����s�� ���s�����s�����s��F���s��+���#t��)���Ot��0���yt��(���t��0���t�� ���u�����u�����*u�����Au��g���[u��T���u��F���v��H���_v��_���v��U���w��<���^w��W���w��@���w��q���4x��\���x��C���y��D���Gy��.���y�����y�� ���y�����y��S���y�����=z��F���Qz��5���z��b���z��Q���1{��/���{��%���{��1���{��+��� |��+���7|��1���c|��*���|�����|�� ���|�����|����� }�����+}�����G}��!���e}�����}�����}�����}�� ���}�����~�� ���#~�����1~�����F~��H���^~��0���~��W���~��#���0��,���T�������-�����/�����&�����&���"�����I��V���_��"�����;���ـ��2��������H�� ���\�����h�������)����������S���с�����%�����:��#���V��&���z��J�����A�����-���.��*���\������� �������������Ń��C���ރ�����"��I���5��i�����e�����w���O�����Dž��G���݅��+���%��3���Q��)�����"��������҆���������� �����'�����A��4���]��'����������B���Ї��G�����@���[������� ��������ڈ��/�����6���(�� ���_�����l�������(�����4���ԉ��,��� �����6��3���L�������D�����:�����3��� ��#���T��>���x��&�����"���ދ��*�����%���,��c���R�������,���Ԍ�������'��� ��'���H��"���p�� �����&�����*���ȍ��9�����:���-��2���h��9��������Վ��I��������.��&���E�����l������������?�����.�����?���&�����f��5���v��9�����"�����.��� ��"���8��3���[������������ ���ϑ��/�����4��� �����U��6���t��9�����5�����4�����#���P��(���t��/�����'���͓��P�����R���F���������������є��������������������8�����V�����v�������5���������������3��������J��=���g��Z�����������C�����V���]��/�����>��������#��%���2�����X�����m��B�����V���Ř��J�����/���g��1�����N���ə��Q�����J���j��3�����4�����+�����7���J��7�����4�����F�����(���6��L���_��5�����,�����0�����-���@��1���n��0����� ���ѝ��M���ߝ��G���-�����u��7�����>���������������E���.��2���t��7�����;���ߟ��4�����-���P��C���~����� ��'�����=��� �����G��.���Z��M�����R���ס��H���*��l���s��:�����:�����A���V��P�����*�����J�����D���_��G�����H�����S���5��D�����[���Υ��K���*��J���v��)�����I�����(���5�����^�����~���������������̧��*���ާ��#��� ��%���-�����S��%���s���������������Ĩ�����ب��������������������8�����L�����`��#���x�����Q����L���������'���t������������������������������q�����������������R���w���]������;��=���������"���������������������������A��� �����O���>������������������������g��%���(���5��s���h�����������,�������K�������������������P��B�����-��H���������*��������������������f��v�����%���������T���������y������|������������7��B���������������+�������������X����S������������������������������������`���1������D������U�����������"�����������������������9����������d��������Y����� ��w���������������]�����Y���J������m���x���v���z�����y���*������������o��N�������u���6���p���k������������������ �����������^����������������������<����-���4��l���P�����������M������/�������������G��K���������G���>��:������g���6������?�������{������$������}��������������N������������?�������!���������q����������������������������T���������n��������������������#������$���������}��d���U��������������������D��������������3���F����I���������������c���F���f���~���������{�����Q����������\�������������������c��2�������#�����������_��S������+�� �������������(������m����������.����o���@���������� ���J��s�����e������Z�������������:�����������E�������~������������������������ ����������)���.����������������E�������4������V������������������=����� �����������'��������k����� ���������Z�����;�������2����������z��V����������&���9�������������������@�����`���������������������������������<���i��I���������������C�������������������������������L���[���8���u������������X���������,��|����������������������!���j���������n��l�����������������������&��W������������������������������ ����������������b��A�����H��C��)��e������r��\����������������8����^���������0���M���5��� ���a���W���������������t��b������R������_���h����a��������� �����������/�������0��O��x�����i������p��������� ���7�������r������������j���[��������������������3��1������������� � %1$sIs a member of: � %1$sMember groups: �%1$s must be run as root �%1$s%2$sGroup: %3$s �%1$sGID number: %2$d �%1$sMember users: �, your cached password will expire at: �A group with the same name or GID already exists �A user or group with the same name or ID already exists �Access control provider�Active Directory backup server address�Active Directory client hostname�Active Directory domain�Active Directory primary group attribute for ID-mapping�Active Directory server address�Add debug timestamps�Address of backup IPA server�An error occurred, but no description can be found.�An open file descriptor for the debug logs�Attribute indicating that server side password policies are active�Attribute listing authorized PAM services�Attribute listing authorized server hosts�Authenticated with cached credentials�Authentication is denied until: �Authentication provider�Authentication timeout�Autofs provider�Automatic full refresh period�Automatic smart refresh period�Automounter map entry key attribute�Automounter map entry value attribute�Automounter map name attribute�Base DN for automounter map lookups�Base DN for group lookups�Base DN for netgroup lookups�Base DN for service lookups�Base DN for sudo rules lookups�Base DN for user lookups�Base for home directories�Become a daemon (default)�Cache credentials for offline login�Cannot create user's home directory: %1$s �Cannot create user's mail spool: %1$s �Cannot determine if the user was logged in on this platform�Cannot find group %1$s in local domain �Cannot find group %1$s in local domain, only groups in local domain are allowed �Cannot find group in local domain, modifying groups is allowed only in local domain �Cannot find user in local domain, modifying users is allowed only in local domain �Cannot get info about the user �Cannot remove homedir: %1$s �Cannot reset SELinux login context �Cannot set SELinux login context �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the group - domain full? �Could not allocate ID for the user - domain full? �Could not modify group - check if groupname is correct �Could not modify group - check if member group names are correct �Could not modify user - check if group names are correct �Could not modify user - user already member of groups? �Could not open available domains �Could not open domain %1$s. If the domain is a subdomain (trusted domain), use fully qualified name instead of --domain/-d parameter. �Couldn't invalidate %1$s�Couldn't invalidate %1$s %2$s�Create user's directory if it does not exist�Current Password: �DNS service name for LDAP password change server�Debug level�Default shell, /bin/bash�Directory on the filesystem where SSSD should store Kerberos replay cache files.�Directory to store credential caches�Disable Active Directory range retrieval�Disable the LDAP paging control�Display users/groups in fully-qualified form�Do not remove home directory and mail spool�Domain of the information provider (mandatory)�Domain to add to names without a domain component.�Don't include group members in group lookups�Enable DNS sites - location based service discovery�Enable credential validation�Enable enumerating all users/groups�Enables FAST�Enables enterprise principals�Enables principal canonicalization�Entry cache background update timeout length (seconds)�Entry cache timeout length (seconds)�Enumeration cache timeout length (seconds)�Error initializing the tools �Error initializing the tools - no local domain �Error looking up public keys �Error setting the locale �Error while checking if the user was logged in �File that contains CA certificates�File that contains the client certificate�File that contains the client key�Filter for user lookups�Follow LDAP referrals�Force removal of files not owned by the user�Full Name�GECOS attribute�GID attribute�Group %1$s is outside the defined ID range for domain �Group UUID attribute�Group member attribute�Group name�Group password�Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Groups to add this group to�Groups to add this user to�Groups to remove this group from�Groups to remove this user from�Home directory�Home directory attribute�Host identity provider�Host not specified �Hostnames and/or fully qualified domain names of this machine to filter sudo rules�How long (minutes) to deny login after offline_failed_login_attempts has been reached�How long to allow cached logins between online logins (days)�How long to keep cached entries after last successful login (days)�How long to retain a connection to the LDAP server before disconnecting�How long to wait for replies from DNS when resolving servers (seconds)�How long will be in-memory cache records valid�How many days before password expiration a warning should be displayed�How many failed logins attempts are allowed when offline�How many seconds to keep a host in the known_hosts file after its host keys were requested�How many seconds to keep identity information cached for PAM requests�How often should expired entries be refreshed in background�How often to periodically update the client's DNS entry�How to dereference aliases�IPA client hostname�IPA domain�IPA server address�IPv4 or IPv6 addresses or network of this machine to filter sudo rules�Identity provider�Idle time before automatic disconnection of a client�If DENY rules are present, either DENY_ALL or IGNORE�If a shell stored in central directory is allowed but not available, use this fallback�If set to false, host argument given by PAM will be ignored�Include microseconds in timestamps in debug logs�Include timestamps in debug logs�Internal error while parsing parameters �Internal error. Could not print group. �Internal error. Could not remove group. �Internal error. Could not remove user. �Invalid domain specified in FQDN �Invalid port �Invalidate all autofs maps�Invalidate all groups�Invalidate all netgroups�Invalidate all services�Invalidate all users�Invalidate particular autofs map�Invalidate particular group�Invalidate particular netgroup�Invalidate particular service�Invalidate particular user�Kerberos backup server address�Kerberos realm�Kerberos server address�Kerberos service keytab�Kill users' processes before removing him�LDAP filter to determine access privileges�Length of time between attempts to reconnect while offline�Length of time between cache cleanups�Length of time between enumeration updates�Length of time to attempt connection�Length of time to attempt synchronous LDAP operations�Length of time to wait for a enumeration request�Length of time to wait for a search request�Lifetime of TGT for LDAP connection�Lifetime of the TGT�List of UIDs or user names allowed to access the PAC responder�List of possible ciphers suites�Location of the keytab to validate credentials�Location of the user's credential cache�Lock the account�Login shell�Lower bound for ID-mapping�Magic Private �Maximum nesting level SSSd will follow�Maximum user ID�Member groups must be in the same domain as parent group �Minimum user ID�Modification time attribute�Modification time attribute for groups�Modification time attribute for netgroups�NSS request failed (%1$d). Entry might remain in memory cache. �Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set) �Name of the default domain for ID-mapping�Negative cache timeout length (seconds)�Netgroup UUID attribute�Netgroup name�Netgroup triple attribute�Netgroups members attribute�Never create user's directory, overrides config�New Password: �No cache object matched the specified search �No such group in local domain. Printing groups only allowed in local domain. �No such group in local domain. Removing groups only allowed in local domain. �No such user in local domain. Removing users only allowed in local domain. �Not enough memory �Not removing home dir - not owned by user �Number of IDs for each slice when ID-mapping�Number of times to attempt connection to Data Providers�Object class for automounter map entries�Object class for automounter maps�Object class for sudo rules�Objectclass for groups�Objectclass for netgroups�Objectclass for services�Objectclass for users�Only invalidate entries from a particular domain�Only one argument expected �Out of memory �Override GID value from the identity provider with this value�Override homedir value from the identity provider with this value�Override shell value from the identity provider with this value�PAM stack to use�Password change failed. �Password change provider�Password expired. Change your password now.�Password reset by root is not supported.�Password: �Passwords do not match�Path to CA certificate directory�Ping timeout before restarting service�Please select at least one object to invalidate �Policy to evaluate the password expiration�Primary GID attribute�Print indirect group members recursively�Print version number and exit�Printf-compatible format for displaying fully-qualified names�Privileged socket has wrong ownership or permissions.�Public socket has wrong ownership or permissions.�Reenter new Password: �Regex to parse username and domain�Remove home directory and mail spool�Renewable lifetime of the TGT�Require TLS certificate verification�Require TLS for ID lookups�Restrict or prefer a specific address family when performing DNS lookups�Run interactive (not a daemon)�SID of the default domain for ID-mapping�SSH public key attribute�SSSD Domains to start�SSSD Services to start�SSSD is not run by root.�SUDO provider�Scope of user lookups�Search base for HBAC related objects�Search base for object containing info about IPA domain�Search base for objects containing info about ID ranges�Selects the principal to use for FAST�Send the debug output to files instead of stderr�Server message: �Server where the change password service is running if not on the KDC�Service name attribute�Service name for DNS service lookups�Service port attribute�Service protocol attribute�Session-loading provider�Set lower boundary for allowed IDs from the LDAP server�Set the verbosity of the debug logging�Set upper boundary for allowed IDs from the LDAP server�Shell attribute�Shell to use if the provider does not list one�Should filtered users appear in groups�Show timestamps with microseconds�Specify a non-default config file�Specify an alternative skeleton directory�Specify debug level you want to set �Specify group to add �Specify group to add to �Specify group to delete �Specify group to modify �Specify group to remove from �Specify group to show �Specify the minimal SSF for LDAP sasl authorization�Specify the sasl authorization id to use�Specify the sasl authorization realm to use�Specify the sasl mechanism to use�Specify user to add �Specify user to delete �Specify user to modify �Store password hashes�Store password if offline for later online authentication�Substitute empty homedir value from the identity provider with this value�Sudo rule command attribute�Sudo rule host attribute�Sudo rule name�Sudo rule notafter attribute�Sudo rule notbefore attribute�Sudo rule option attribute�Sudo rule order attribute�Sudo rule runasgroup attribute�Sudo rule runasuser attribute�Sudo rule user attribute�System is offline, password change not possible�The GID of the group�The GID of the user�The SELinux user for user's login�The SSSD domain to use�The Schema Type in use on the LDAP server, rfc2307�The TTL to apply to the client's DNS entry after updating it�The UID of the user�The amount of time between lookups of the HBAC rules against the IPA server�The amount of time in seconds between lookups of the SELinux maps against the IPA server�The authentication token of the default bind DN�The automounter location this IPA client is using�The comment string�The debug level to run with�The default base DN�The default bind DN�The domain part of service discovery DNS query�The interface whose IP should be used for dynamic DNS updates�The list of shells that will be vetoed, and replaced with the fallback shell�The list of shells users are allowed to log in with�The name of the NSS library to use�The number of file descriptors that may be opened by this responder�The number of members that must be missing to trigger a full deref�The number of records to retrieve in a single LDAP query�The path to the proxy command must be absolute �The port to use to connect to the host�The post-delete command failed: %1$s �The selected GID is outside the allowed range �The selected UID is outside the allowed range �The type of the authentication token of the default bind DN�The value of the password field the NSS provider should return�Time between two checks for renewal�Timeout between three failed ping checks and forcibly killing the service�Timeout for messages sent over the SBUS�Transaction error. Could not add group. �Transaction error. Could not add user. �Transaction error. Could not modify group. �Transaction error. Could not modify user. �Treat usernames as case sensitive�UID attribute�URI of a backup LDAP server where password changes are allowed�URI of an LDAP server where password changes are allowed�UUID attribute�Unexpected error while looking for an error description�Unexpected format of the server credential message.�Unlock the account�Upper bound for ID-mapping�Use ID-mapping of objectSID instead of pre-set IDs�Use Kerberos auth for LDAP connection�Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups�Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups�Use autorid-compatible algorithm for ID-mapping�Use only the upper case for realm names�User %1$s is outside the defined ID range for domain �User not specified �User principal attribute (for Kerberos)�User's home directory already exists, not copying data from skeldir �Username attribute�Users that SSSD should explicitly ignore�WARNING: The user (uid %1$lu) was still logged in when deleted. �What kind of authentication should be used to perform the DNS update�What kind of messages are displayed to the user during authentication�Whether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bind�Whether the nsupdate utility should default to using TCP�Whether the provider should explicitly update the PTR record as well�Whether to automatically update the client's DNS entry�Whether to automatically update the client's DNS entry in FreeIPA�Whether to create kdcinfo files�Whether to evaluate the time-based attributes in sudo rules�Whether to filter rules by hostname, IP addresses and network�Whether to hash host names and addresses in the known_hosts file�Whether to include rules that contains netgroup in host attribute�Whether to include rules that contains regular expression in host attribute�Whether to look up canonical group name from cache if possible�Whether to update the ldap_user_shadow_last_change attribute after a password change�Which attributes shall be used to evaluate if an account is expired�Which rules should be used to evaluate access control�Write debug messages to logfiles�Your password has expired. You have %1$d grace login(s) remaining.�Your password will expire in %1$d %2$s.�accountExpires attribute of AD�entryUSN attribute�krbLastPwdChange attribute�krbPasswordExpiration attribute�lastUSN attribute�ldap_backup_uri, The URI of the LDAP server�ldap_uri, The URI of the LDAP server�loginAllowedTimeMap attribute of NDS�loginDisabled attribute of NDS�loginExpirationTime attribute of NDS�memberOf attribute�nsAccountLock attribute�objectSID attribute�shadowExpire attribute�shadowFlag attribute�shadowInactive attribute�shadowLastChange attribute�shadowMax attribute�shadowMin attribute�shadowWarning attribute�userAccountControl attribute of AD�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: Geert Warrink <geert.warrink@onsnet.nu> Language-Team: Dutch (http://www.transifex.com/projects/p/fedora/language/nl/) Language: nl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); � � %1$sIs lid van: � %1$sLid groepen: �%1$s moet als root uitgevoerd worden �%1$s%2$sGroep: %3$s �%1$sGID nummer: %2$d �%1$sLid gebruikers: �, uw wachtwoord verloopt op:�Een groep met een zelfde naam of GID bestaat reeds �Een gebruiker of groep met een zelfde naam of ID bestaat reeds �Toegangscontroleaanbieder�Active Directory back-up server adres�Active Directory cliënt hostnaam�Active Directory domein�Active Directory primaire groep attribuut voor ID-mapping�Active Directory server adres�Voeg tijdstempels toe aan debugberichten�Adres van back-up IPA server�Er is een fout opgetreden, maar er kan geen omschrijving gevonden worden.�Een geopend bestand voor de debug logs�Attribuut welke aangeeft dat wachtwoordtactiek op de server actief is�Attribuut voor tonen van geautoriseerde PAM services�Attribuut dat geautoriseerde server hosts toont�Geauthenticeerd met gecachte inloggegevens.�Inloggen wordt geweigerd tot:�Authentiecatieaanbieder�Authenticatie timeout�Autofs provider�Automatische volledige ververs periode�Automatische slimme ververs periode�Automounter map sleutel ingave attribuut�Automounter map ingavewaarde attribuut�Automounter map naam attribuut�Basis DN voor automounter kaart opzoeken�Basis DN voor groep opzoeken�Basis DN voor netgroep opzoeken�Basis DN voor service lookups�Basis DN voor sudo regels lookups�Base DN voor het opzoeken van gebruikers�Basis voor gebruikersmappen�Start in de achtergrond (standaard)�Cache inloggegevens voor offline gebruik�Kan persoonlijk map voor gebruiker niet aanmaken: %1$s �Kan mail spool voor gebruiker niet aanmaken: %1$s �Kan niet bepalen of de gebruiker was ingelogd op dit platform�Kan groep %1$s niet in lokale domein vinden �Kan groep %1$s niet in lokale domein vinden, alleen groepen in lokale domein zijn toegestaan �Groep niet gevonden in lokaal domein, aanpassen van groepen is alleen toegestaan in lokaal domein. �Kan de gebruiker niet vinden in het lokale domein, het aanpassen van gebruikers is alleen toegestaan in het lokale domein �Kan geen informatie ophalen over de gebruiker �Kan persoonlijke map niet verwijderen: %1$s �Kan de SELinux logincontext niet herstellen �Kan de SELinux login context niet zetten �Kan de standaardwaarden niet zetten �Kommagescheiden lijst van toegestane gebruikers�Kommagescheiden lijst van geweigerde gebruikers�Commando om service te starten�Kan geen ID vinden voor de groep - zit het domein vol? �Kan geen ID vinden voor de gebruiker - zit het domein vol? �Kan de groep niet aanpassen - controleer of de naam van de groep correct is �Kan de groep niet aanpassen - controleer of de namen van de lidmaatschappen correct zijn �Kan de gebruiker niet aanpassen - controleer of de groepsnamen correct zijn �Kan de gebruiker niet aanpassen - is de gebruiker reeds lid van de groepen? �Kon beschikbare domeinen niet openen �Kon domein %1$s niet openen. Als het domein een subdomein (vertrouwd domein) is, gebruik dan de volledig gekwalificeerde naam in plaats van --domain/-d parameter. �Kon %1$s niet ongeldig maken�Kon %1$s %2$s niet ongeldig maken�Maak gebruikersmap aan als deze niet bestaat�Huidig wachtwoord:�DNS service naam voor LDAP wachtwoord verander server�Debug niveau�Standaard shell, /bin/bash�Map in het bestandssysteem waarin SSSD Kerberos replay cache bestanden moet opslaan.�Werkmap waar authenticatiegegevens opgeslagen worden�Zet Active Directory bereik opvragen uit�Het LDAP paging besturingselement uitschakelen�Laat gebruikers/groepen in volledige vorm zien�Verwijder gebruikersmap en postbestand niet�Domein voor de informatie provider (verplicht)�Domein toe te voegen aan namen zonder een domein component.�Neem groepsleden niet mee in groep zoekacties�Zet DNS sites aan - locatie gebaseerde service ontdekking�Schakel authenticatiegegevensvalidatie in�Schakel enumeratie van alle gebruikers/groepen�Zet FAST aan�Zet enterprise principals aan�Zet hoofdpersoon sanctioneren aan�Entry cache achtergrond update timeout duur (in seconden)�Entry cache timeout duur (in seconden)�Enumeratie cache timeout duur (in seconden)�Fout bij de initialisatie van de tools �Fout bij de initialisatie van de tools - geen lokaal domein �Fout bij het opzoeken van publieke sleutels �Fout bij het zetten van de locale �Fout bij het controleren of de gebruiker was ingelogd �Bestand dat de bekende CA-certificaten bevat�Bestand dat het client certificaat bevat�Bestand dat de client sleutel bevat�Filter voor het opzoeken van gebruikers�Volg LDAP-doorverwijzingen�Forceer het verwijderen van bestanden die niet aan de gebruiker toebehoren�Volledige naam�GECOS-attribuut�GID attribuut�Groep %1$s ligt buiten het gedefinieerde ID gebied voor domein �Groep UUID attribuut�Groep deelnemer attribuut�Groepsnaam�Groep wachtwoord�Groepen�De groepen moeten zich in het zelfde domein als de gebruiker bevinden �Groepen die SSSD expliciet dient te negeren�Groepen waar deze groep aan toe te voegen�Groepen waar deze gebruiker aan wordt toegevoegd�Groepen om deze groep uit te verwijderen�Groepen waar deze gebruiker uit wordt verwijderd�Gebruikersmap�Gebruikersmap-attribuut�Host identity provider�Host niet gespecificeerd �Hostnamen en/of volledig gekwalificeerde domeinnamen van deze machine voor het filteren van sudo regels�Hoe lang (in minuten) logins weigeren nadat offline_failed_login_attempts is bereikt�Hoe lang zijn cached logins toegestaan tussen online logins (in dagen)�Hoe lang blijven gegevens opgeslagen na een succesvolle login (in dagen)�Hoe lang een verbinding met de LDAP server gebouden moet blijven voordat het losgekoppeld wordt�Hoe lang te wachten op antwoord van de DSN bij het opzoeken van servers (in seconden)�Hoe lang zullen cache records in het geheugen geldig blijven�Hoeveel dagen voor het verlopen van het wachtwoord moet een waarschuwing getoond worden�Hoe veel mislukte inlogpogingen zijn toegestaan in offline-modus�Hoeveel seconden moet een host in het known_hosts bestand blijven nadat de host sleutels ervan werden aangevraagd�Hoeveel seconden moet de identiteit informatie in cache opgeslagen worden voor PAN aanvragen�Hoe vaak moeten verlopen ingangen op de achtergrond ververst worden�Hoe vaak de DNS ingang van de client periodiek vernieuwd moet worden�Hoe moet de alias referentie verwijderd worden�IPA-clienthostname�IPA-domein�IPA-serveradres�IPv4 of IPv6 adressen of netwerk van deze machine voor het filteren van sudo regels�Identiteitaanbieder�Duur van inactiviteit voor het automatisch loskoppelen van een cliënt�Als DENY regels aanwezig zijn, dat DENY_ALL of IGNORE�Als een shell opgeslagen in de centrale map toegestaan is, maar niet beschikbaar, gebruik dan deze�Als dit op false ingesteld is, wordt het host argument gegeven door PAM genegeerd�Voeg microseconden aan tijdstempel is debug log�Neem tijdstempels op in de debug logs�Interne fout bij het verwerken van de parameters �Interne fout. Kan de groep niet weergeven. �Interne fout. Kan de groep niet verwijden. �Interne fout. Kan de gebruiker niet verwijderen. �Verkeerd domein gespecificeerd in de FQDN �Ongeldige poort �Maak alle autofs mappen ongeldig�Maak alle groepen ongeldig�Maak alle netgroepen ongeldig�Maak alle services ongeldig�Maak alle gebruikers ongeldig�Maak bepaalde autofs map ongeldig�Maak bepaalde groep ongeldig�Maak bepaalde netgroep ongeldig�Maak bepaalde service ongeldig �Maak bepaalde gebruiker ongeldig�Kerberos back-up server adres�Kerberos-rijk�Kerberos-serveradres�Kerberos service keytab�Kill de processen van de gebruiker voordat de gebruiker verwijderd wordt�LDAP-filter om toegangsprivileges mee te bepalen�Duur tussen pogingen om de verbinding opnieuw tot stand te brengen tijdens offline zijn�Tijdsduur tussen cache opschoningen�Tijd om te wachten tussen enumeratie-updates�Hoe lang pogen te verbinden�Hoe lang proberen synchroon LDAP te benaderen�Tijdsduur te wachten voor een opsommingsverzoek�Tijd om te wachten op een zoekopdracht�Levensduur van TGT voor LDAP-connectie�Levensduur van de TGT�Lijst met UID's of gebruikersnamen waarvoor toegang tot de PAC responder toegestaan is�Lijst van mogelijke sleutel suites�Locatie van de keytab om authenticatiegegevens te valideren�Locatie van de authenticatiecache van de gebruiker�Bevries het account�Login shell�Ondergrens voor ID-mapping�Magic Private �Maximale nest niveau dat SSSd zal volgen�Maximum gebruiker ID�Lidmaatschappen moeten in het zelfde domein vallen als de daarboven liggende groep �Minimum gebruiker ID�Modification time-attribuut�Verandertijd attribuut voor groepen�Verandertijd attribuut voor netgroepen�NSS verzoek mislukte (%1$d). Ingang blijft misschien in de geheugencache. �Naam '%1$s' lijkt geen FQDN ('%2$s = TRUE' is ingesteld) te zijn �Naam van het standaard domein voor ID-mapping�Negatieve cache timeout duur (in seconden)�Netgroep UUID attibuut�Netgroep naam�Netgroep triple attibuut�Netgroep leden attribuut�Maak nooit gebruikersmappen aan, overschrijft de configuratiewaarde�Nieuw Wachtwoord: �Geen enkel cache object komt overeen met de gespecificeerde zoekopdracht �Groep bestaat niet in het lokale domein. Weergave van groepen is alleen toegestaan in het lokale domein. �Groep niet gevonden in lokaal domein. Verwijderen van groepen is alleen toegestaan in lokaal domein. �Gebruiker bestaat niet in het lokale domein. Het verwijderen van gebruikers is alleen in het lokale domein toegestaan. �Niet genoeg geheugen �De gebruikersmap wordt niet verwijderd - de gebruiker is geen eigenaar �Aantal ID's voor elk segment bij ID-mapping�Aantal pogingen naar de Data Providers te verbinden�Objectklasse voor automounter map ingaven�Object class voor automounter maps�Objectklasse voor sudo regels�Objectklasse voor groepen�Objectklasse voor netgroepen�Objectclass voor services�Objectclass voor gebruikers�Maak alleen ingangen van een bepaald domein ongeldig�Er wordt slechts een argument verwacht �Het geheugen zit vol �Overschrijf GID waarde van de identiteit aanbieder met deze waarde�Overschrijf homedir waarde van de identiteit aanbieder met deze waarde �Overschrijf shell waarde van identiteit provider met deze waarde�PAM-stack die gebruikt wordt�Wijzigen van wachtwoord mislukt.�Wachtwoordwijzigingsaanbieder�Wachtwoord verlopen. Verander nu uw wachtwoord.�Wachtwoorden als root wijzigen wordt niet ondersteund.�Wachtwoord: �Wachtwoorden komen niet overeen�Pad naar de CA-certificatenmap�Ping timeout voordat service herstart is�Selecteer tenminste een object om ongeldig te maken �Policy om wacthwoordverloop mee te evalueren�Primair GID-attribuut�Geef indirecte groepslidmaatschappen recursief weer�Print versie nummer en sluit af�Printf-compatibel formaat voor het tonen van namen in volledige vorm�Socket met privileges heeft verkeerde rechten of eigendom.�Publiek socket heeft verkeerde rechten of eigendom.�Voer nieuw wachtwoord nogmaals in: �Reguliere expressie om gebruikersnamen en domeinen te ontleden�Verwijder gebruikersmap en postbestand�Vernieuwbare levensduur van de TGT�Vereis verificatie van het TLS-certificaat�Vereis TLS voor het opzoeken van ID's�Beperk of geef de voorkeur aan een specifieke adresfamilie wanneer er DNS-lookups uitgevoerd worden�Start interactief (standaard)�SID van het standaard domein voor ID-mapping�SSH publieke sleutel attribuut�SSSD Domeinen die gestart moeten worden�SSSD Services die gestart moeten worden�SSSD wordt niet door root gestart.�SUDO provider�Scope voor het opzoeken van gebruikers�Zoek basis voor HBAC gerelateerde objecten�Zoek in base voor object die info over IPA domein bevat �Zoek in base voor objecten die info over ID bereiken bevat�Selecteert de hoofdpersoon te gebruiken voor FAST �Stuur de debuguitvoer naar bestanden in plaats van stderr�Serverbericht:�Server waar het wachtwoord wijzigingsservice draait indien niet op de KDC�Service naam attribuut�Service naam voor DNS service opzoeken�Service port attribuut�Service protocol attribuut�Session-loading provider�Laagste grens instellen voor toegestane id's van de LDAP-server�Stel de verbositeit van de debug statements in�Hoogste grens instellen voor toegestane id's van de LDAP-server�Shell-attribuut�Te gebruiken shell als de aanbieder er geen aangeeft �Dienen gefilterde gebruikers zichtbaar te zijn in groepen�Toon tijdstempel met microseconden�Geef een niet-standaard configuratiebestand op�Geef een alternatieve voorbeeldmap�Specificeer het debug niveau dat je wilt instellen �Geef groep op om toe te voegen �Geef group op om toe te voegen �Geef groep op om te verwijderen �Specificeer de groep die aangepast moet worden �Specificeer de groep waaruit verwijderd moet worden �Specificeer de te tonen groep �Specificeer de minimale SSF voor LDAP sasl autorisatie�Geef het SASL-authorisatie-ID op wat gebruikt moet worden�Specificeer het te gebruiken sasl autorisatiegebied �Geef het SASL-mechanisme op wat gebruikt moet worden�Geef gebruiker op om toe te voegen �Specificeer de te verwijderen gebruiker �Geef de gebruiker op die aangepast moet worden �Sla vingerafdrukken van wachtwoorden op�Sla het wachtwoord op indien offline voor later gebruik bij online authenticatie�Vervang lege persoonlijke map waarde van de eindentiteitsaanbieder met deze waarde�Sudo regel opdracht attribuut�Sudo regel host attribuut�Sudo regelnaam�Sudo regel notafter attribuut�Sudo regel notbefore attribuut�Sudo regel optie attribuut�Sudo regel volgorde attribuut�Sudo regel runasgroup attribuut�Sudo regel runasuser attribuut�Sudo regel gebruiker attribuut�Systeem is offline, wachtwoord wijzigen niet mogelijk�De GID van de groep�De GID van de gebruiker�De SELinux-gebruiker voor de login van de gebruiker�Hrt te gebruiken SSSD domein�Het schema type wat gebruikt wordt op de LDAP server, rfc2307�De TTL die toegepast moet worden op de DNS ingang van de cliënt na het vernieuwen hiervan�Het UID van de gebruiker�De tijdsduur tussen het opzoeken van HBAC regels voor de IPA server�De tijdsduur in seconden tussen zoekopdrachten in de SELinux mappen voor de IPA server�Het authenticatietoken van de standaard bind DN�De automounter locatie die door deze IPA client wordt gebruikt�Het commentaar�Het debugniveau waarmee gestart wordt�De standaard base DN�De standaard bind DN�Het domeingedeelte van DNS queries die service discovery uitvoeren�De adapter wiens IP-adres gebruikt moet worden voor het dynamisch bijwerken van de DNS�De lijst van shells die verboden zijn, en vervangen door de fallback shell�De lijst van shells waarmee ingelogd kan worden�De naam van de NSS-bibliotheek die gebruikt wordt�Het aantal bestand descriptors die door deze beantwoorder geopend mogen worden�Het aantal leden van moet ontbreken om een volledige de-referentie te veroorzaken�Het aantal records dat opgehaald moet worden met een enkele LDAP bevraging�Het pad naar het proxy commando moet absoluut zijn �De te gebruiken poort voor het verbinden met de host�Het post-verwijder commando mislukte: %1$s �De geselecteerde GID valt buiten het toegestane bereik �De geselecteerde UID valt buiten het toegestane bereik �Het type authenticatietoken van de standaard bind DN�De waarde van het wachtwoordveld die de NSS aanbieder terug moet geven�Tijd tussen twee checks voor vernieuwing�Time-out tussen drie mislukte ping checks en de service dwingend te stoppen �Timeout voor berichten die over SBUS worden verzonden�Transactiefout. Kan de groep niet toevoegen �Transactiefout. Kan de gebruiker niet toevoegen �Transactiefout. Kan de groep niet aanpassen. �Transactiefout. Kan de gebruiker niet aanpassen. �Behandel gebruikersnamen als hoofdlettergevoelig�UID-attribuut�URI van een back-up LDAP server waar wachtwoord veranderingen toegestaan zijn�URI van een LDAP server waarop wachtwoord veranderingen toegestaan zijn�UUID-attribuut�Onverwachtte fout bij het opzoeken van een omschrijving�Onverwacht formaat van het inloggegevensbericht van de server.�Heractiveer het account�Bovengrens voor ID-mapping�Gebruik ID-mapping van objectSID gebruiken in plaats van pre-set ID's�Gebruik Kerberos authenticatie voor LDAP-connectie�Gebruik LDAP_MATCHING_RULE_IN_CHAIN voor groep opzoeken�Gebruik LDAP_MATCHING_RULE_IN_CHAIN voor initgroep opzoeken�Gebruik autorid-compatibel algoritme voor ID-mapping�Gebruik alleen hoofdletters voor gebiedsnamen�Gebruiker %1$s ligt buiten het gedefinieerde ID bereik voor domein �Gebruiker niet gespecificeerd �Userprincipal-attribuut (voor Kerberos)�De gebruikersmap bestaat reeds, voorbeeldmap niet gekopieerd �Username-attribuut�Gebruikers die SSSD expliciet dient te negeren�WAARSCHUWING: De gebruiker (uid %1$lu) was nog ingelogd bij het verwijderen. �Welke soort authenticatie moet gebruikt worden om de DNS vernieuwing uit te voeren�Welke boodschappen worden aan de gebruiker getoond tijdens authenticatie�Moet de LDAP bibliotheek omgekeerd opzoeken uitvoeren om de hostnaam te autoriseren tijdens een SASL binding�Of het nsupdate hulpprogramma standaard TCP moet gebruiken�Of de provider ook de PTR record expliciet moet vernieuwen�Of de DNS ingang van de cliënt automatisch vernieuwd moet worden�Of de DNS-gegevens van de client automatisch bijgewerkt moeten worden in FreeIPA�Moeten kdcinfo bestanden aangemaakt worden�Of de tijd-gebaseerde attributen in sudo regels moeten worden geëvalueerd�Moeten regels gefilterd worden volgens hostnaam, IP adres en netwerk�Moeten host namen en adressen gehashd worden in het known_hosts bestand�Moeten regels toegevoegd worden die netgroep bevatten in host attribuut �Moeten regels toegevoegd worden die regulaire expressie bevatten in host attribuut �Moet indien mogelijk canonieke groepsnaam in cache opgezocht worden �Moet het ldap_user_shadow_last_change attribuut vernieuwd worden na een wachtwoordwijziging�Welke attributen worden gebruikt voor evaluatie als het account verlopen is�Welke regels moeten gebruikt worden voor de evaluatie van toegangscontrole�Schrijf debug berichten naar logbestanden�Je wachtwoord is verlopen. Je hebt nog slechts %1$d login(s) beschikbaar.�Je wachtwoord zal verlopen in %1$d %2$s.�accountExpires attribuut van AD�entryUSN attribuut�krbLastPwdChange attribuut�krbPasswordExpiration attribuut�lastUSN attribuut�ldap_backup_uri, De URI van de LDAP server�ldap_uri, de URI van de LDAP server�loginAllowedTimeMap attribuut van NDS�loginDisabled attribuut van NDS�loginExpirationTime attribuut van NDS�memberOf-attribuut�nsAccountLock attribuut�objectSID attribuut�shadowExpire attribuut�shadowFlag attribuut�shadowInactive attribuut�shadowLastChange attribuut�shadowMax attribuut�shadowMin attribuut�shadowWarning attribuut�userAccountControl attribuut van AD�����������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/en@boldquot.header��������������������������������������������������0000644�0000000�0000000�00000000130�12320753476�017621� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 mtime=1396954942.05988938 29 atime=1396954942.05988938 30 ctime=1396954962.523874309 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/en@boldquot.header�������������������������������������������������������������������0000644�0024127�0024127�00000002471�12320753476�020054� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# All this catalog "translates" are quotation characters. # The msgids must be ASCII and therefore cannot contain real quotation # characters, only substitutes like grave accent (0x60), apostrophe (0x27) # and double quote (0x22). These substitutes look strange; see # http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html # # This catalog translates grave accent (0x60) and apostrophe (0x27) to # left single quotation mark (U+2018) and right single quotation mark (U+2019). # It also translates pairs of apostrophe (0x27) to # left single quotation mark (U+2018) and right single quotation mark (U+2019) # and pairs of quotation mark (0x22) to # left double quotation mark (U+201C) and right double quotation mark (U+201D). # # When output to an UTF-8 terminal, the quotation characters appear perfectly. # When output to an ISO-8859-1 terminal, the single quotation marks are # transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to # grave/acute accent (by libiconv), and the double quotation marks are # transliterated to 0x22. # When output to an ASCII terminal, the single quotation marks are # transliterated to apostrophes, and the double quotation marks are # transliterated to 0x22. # # This catalog furthermore displays the text between the quotation marks in # bold face, assuming the VT100/XTerm escape sequences. # �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/de.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015261� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.314874463 30 atime=1396954962.314874463 30 ctime=1396954962.550874289 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/de.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000003016�12320753522�015510� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������\�������� ������������������������� �������� �����3�����E�����T�����l�� ���}����������������� ���������������������� ��������������������������� �������������/�����A�����P�����g�� ���y����������������� ����� �������������������������������� ������ ��� ���������������������� ���������� ���������������������������������������Full Name�GECOS attribute�Groups�Home directory�IPA client hostname�IPA domain�IPA server address�Identity provider�Kerberos realm�Kerberos server address�Lock the account�Login shell�SSSD Domains to start�SSSD Services to start�Shell attribute�UID attribute�UUID attribute�Unlock the account�Username attribute�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: German (http://www.transifex.com/projects/p/fedora/language/de/) Language: de MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); �Vollständiger Name�GECOS-Attribut�Gruppen�Bneutzerverzeichnis�IPA-Client-Rechnername�IPA-Domain�IPA-Serveradresse�Identity Provider�Kerberos Realm�Kerberos-Serveradresse�Das Konto sperren�Anmelde-Shell�SSSD-Domains zum Starten�SSSD-Dienste zum Starten�Shell-Attribut�UID-Attribut�UUID-Attribut�Das Konto entsperren�Benutzername-Attribut�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/it.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015305� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.378874416 30 atime=1396954962.378874416 30 ctime=1396954962.554874286 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/it.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000045074�12320753522�015546� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ��������'�����1�����8��������,�����D��*���Y��%����� ����������������������������-��#���G��T���k��R�������������3��%���N��(���t�������3�����2�����7�����A���U��9�����7�����,��� �����6�� ���I�����U��$���n��,�����+�����.����������#���8�� ���\��6���i��$�����*����������/��������>��"���X��)���{��!���������������,����� ���"�����,�����<��*���C��)���n������������ ��������������������U���8��<�����B�����F�����8���U������������ ��������������� �����(�����'���7��(���_��'�����!��������������������*�����:���<��%���w��*�����$�����5�����+���#�����O��.���o��'���������� ���������������9��������<�����L��'���h��/����������M�����M�����K���k��*�����7�������������0�����?�����P�����i��+����� ���������� �����&�����*��� �����C ��(���Y ��=��� ��5��� ��1��� �����(!��"���?!��$���b!��$���!�����!��H���!�����"�����/"�����E"�����\"�����u"��0���"�����"��E���"��&���#�����:#��&���J#��!���q#��)���#�����#�����#�����#�����$��(���$��!���E$�����g$�����|$�����$�����$��/���$�����$�����%��2���%�����N%��/���b%�����%�����%�����%�����%��=���%��"���'&��.���J&��.���y&��;���&��>���&��#���#'��'���G'��(���o'��'���'��+���'��*���'�� ���(�����%(�����4(��%���G(��'���m(��'���(��D���(�����)��(���)�� ���>)��$���_)�����)����)��#���K+��/���o+��6���+�����+�����+��3��� ,��*���@,��(���k,�����,�����,�����,�����,�����,��1���-��d���N-��f���-��4���.��+���O.��0���{.��4���.�����.��9���/��2���;/��S���n/��T���/��S���0��@���k0��(���0�����0�� ���0�����0��'���1��1���<1��2���n1��3���1��(���1��4���1�� ���32��:���@2��*���{2��1���2��2���2��C��� 3��"���O3�� ���r3��%���3�� ���3�����3�����3��9��� 4�� ���G4�����U4�����e4��8���l4��0���4��%���4��%���4��%���"5��%���H5�����n5�����}5��n���5��C��� 6��Z���O6��1���6��3���6��%���7�����67�� ���N7�����Z7�����s7�����7��)���7��0���7��1����8��0���28��.���c8�����8�����8�����8��2���8��4���9��(���D9��-���m9��#���9��>���9��)���9��"���(:��8���K:��-���:�����:�����:�����:�����:��I���:�����?;�����P;��'���k;��;���;�����;��b���;��f���C<��i���<��9���=��4���N=�����=�����=�����=�����=�����=��+���=�� ���$>�����/>��/���J>��+���z>��3���>�����>��3���>��F���)?��<���p?��8���?�����?��-����@��(���.@��*���W@�� ���@��Z���@��)���@�����(A�����>A�����UA��(���sA��4���A�����A��I���A��5���1B�����gB��4���}B��/���B��.���B��$���C��#���6C��$���ZC��"���C��0���C��'���C��$���C��#��� D��#���DD�����hD��E���D�����D�����D��2���D�����&E��2���8E�����kE��!���E�����E�����E��W���E��#���*F��-���NF��1���|F��:���F��G���F��0���1G��%���bG��<���G��:���G��<����H��;���=H�� ���yH�����H�����H��5���H��)���H��'��� I��X���2I�����I��0���I��,���I��%���J�����)J�����Z��� ����������)��������������������������I���T���r���}���.�������X���b���M���3������C���8�������������4������/��������������U���������� ���&���j���p���������z����������O���g�����������������������������;�������������������7���B�����������������������V���Q������1�������-�������%�������S�������J������W���2������G���e�������H���#�����������������:�������<���E���!���Y���i�������m�������'���y������������|��������������������������\���������������^�����������>���[���������������������0�������D������N���L���K����������v���?������9�������+������c������$������d����������~������ ���,�������w�������a������������������������*���������������������������� �����������������k���q������A���R������� ���=���(�����������h������ ���������P���F���������6������������������l���������@���������o����������"����������`���t���s�����������u������������������������������������_���{���5���n������������������x���������]����������f����, your cached password will expire at: �A group with the same name or GID already exists �A user or group with the same name or ID already exists �Access control provider�Add debug timestamps�An open file descriptor for the debug logs�Authenticated with cached credentials�Authentication is denied until: �Authentication provider�Authentication timeout�Base DN for user lookups�Base for home directories�Become a daemon (default)�Cache credentials for offline login�Cannot find group in local domain, modifying groups is allowed only in local domain �Cannot find user in local domain, modifying users is allowed only in local domain �Cannot get info about the user �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the group - domain full? �Could not allocate ID for the user - domain full? �Could not modify group - check if groupname is correct �Could not modify group - check if member group names are correct �Could not modify user - check if group names are correct �Could not modify user - user already member of groups? �Create user's directory if it does not exist�Current Password: �Debug level�Default shell, /bin/bash�Directory to store credential caches�Display users/groups in fully-qualified form�Do not remove home directory and mail spool�Domain of the information provider (mandatory)�Enable credential validation�Enable enumerating all users/groups�Enables FAST�Entry cache background update timeout length (seconds)�Entry cache timeout length (seconds)�Enumeration cache timeout length (seconds)�Error initializing the tools �Error initializing the tools - no local domain �Error setting the locale �File that contains CA certificates�File that contains the client certificate�File that contains the client key�Filter for user lookups�Follow LDAP referrals�Force removal of files not owned by the user�Full Name�GECOS attribute�Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Groups to add this group to�Groups to add this user to�Groups to remove this group from�Groups to remove this user from�Home directory�Home directory attribute�How long (minutes) to deny login after offline_failed_login_attempts has been reached�How long to allow cached logins between online logins (days)�How long to keep cached entries after last successful login (days)�How long to wait for replies from DNS when resolving servers (seconds)�How many failed logins attempts are allowed when offline�How to dereference aliases�IPA client hostname�IPA domain�IPA server address�Identity provider�Include timestamps in debug logs�Internal error while parsing parameters �Internal error. Could not print group. �Internal error. Could not remove group. �Internal error. Could not remove user. �Invalid domain specified in FQDN �Kerberos realm�Kerberos server address�Kerberos service keytab�LDAP filter to determine access privileges�Length of time between attempts to reconnect while offline�Length of time between cache cleanups�Length of time between enumeration updates�Length of time to attempt connection�Length of time to attempt synchronous LDAP operations�Length of time to wait for a search request�List of possible ciphers suites�Location of the keytab to validate credentials�Location of the user's credential cache�Lock the account�Login shell�Magic Private �Maximum user ID�Member groups must be in the same domain as parent group �Minimum user ID�Modification time attribute�Negative cache timeout length (seconds)�Never create user's directory, overrides config�New Password: �No such group in local domain. Printing groups only allowed in local domain. �No such group in local domain. Removing groups only allowed in local domain. �No such user in local domain. Removing users only allowed in local domain. �Not removing home dir - not owned by user �Number of times to attempt connection to Data Providers�Objectclass for users�Out of memory �PAM stack to use�Password change failed. �Password change provider�Password expired. Change your password now.�Password: �Passwords do not match�Path to CA certificate directory�Ping timeout before restarting service�Policy to evaluate the password expiration�Primary GID attribute�Print indirect group members recursively�Printf-compatible format for displaying fully-qualified names�Privileged socket has wrong ownership or permissions.�Public socket has wrong ownership or permissions.�Reenter new Password: �Regex to parse username and domain�Remove home directory and mail spool�Require TLS certificate verification�Require TLS for ID lookups�Restrict or prefer a specific address family when performing DNS lookups�Run interactive (not a daemon)�SSSD Domains to start�SSSD Services to start�SSSD is not run by root.�Scope of user lookups�Send the debug output to files instead of stderr�Server message: �Server where the change password service is running if not on the KDC�Set the verbosity of the debug logging�Shell attribute�Should filtered users appear in groups�Specify a non-default config file�Specify an alternative skeleton directory�Specify group to add �Specify group to delete �Specify group to modify �Specify group to show �Specify the sasl authorization id to use�Specify the sasl mechanism to use�Specify user to add �Specify user to delete �Specify user to modify �Store password hashes�System is offline, password change not possible�The GID of the group�The GID of the user�The Schema Type in use on the LDAP server, rfc2307�The UID of the user�The authentication token of the default bind DN�The comment string�The debug level to run with�The default base DN�The default bind DN�The interface whose IP should be used for dynamic DNS updates�The name of the NSS library to use�The selected GID is outside the allowed range �The selected UID is outside the allowed range �The type of the authentication token of the default bind DN�The value of the password field the NSS provider should return�Time between two checks for renewal�Timeout for messages sent over the SBUS�Transaction error. Could not add group. �Transaction error. Could not add user. �Transaction error. Could not modify group. �Transaction error. Could not modify user. �UID attribute�UUID attribute�Unlock the account�Use Kerberos auth for LDAP connection�Use only the upper case for realm names�User principal attribute (for Kerberos)�User's home directory already exists, not copying data from skeldir �Username attribute�Users that SSSD should explicitly ignore�Write debug messages to logfiles�ldap_uri, The URI of the LDAP server�memberOf attribute�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Italian (http://www.transifex.com/projects/p/fedora/language/it/) Language: it MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); �, la password in cache scadrà il: �Gruppo con lo stesso nome o GID già esistente �Utente o gruppo con lo stesso nome o ID già presente �Provider di access control�Includi timestamp di debug�Un descrittore di file aperto per l'output di debug�Autenticato con le credenziali nella cache�L'autenticazione verrà negata fino al: �Provider di autenticazione�Timeout di autenticazione�Base DN per i lookup utente�Base delle home directory�Esegui come demone (default)�Salvare in cache le credenziali per login offline�Gruppo non presente nel dominio locale. La modifica dei gruppi è permessa solo nel dominio locale. �Utente non presente nel dominio locale. La modifica degli utenti è permessa solo nel dominio locale. �Impossibile determinare le informazioni dell'utente �Impossibile impostare i valori predefiniti �Lista separata da virgola degli utenti abilitati�Lista separata da virgola degli utenti non abilitati�Comando per avviare il servizio�Impossibile allocare l'ID per il gruppo - dominio pieno? �Impossibile allocare l'ID utente - dominio pieno? �Impossibile modificare il gruppo - controllare che il nome del gruppo sia corretto �Impossibile modificare il gruppo - controllare che i nomi dei gruppi siano corretti �Impossibile modificare l'utente - controllare che i nomi dei gruppi siano corretti �Impossibile modificare l'utente - utente già membro di gruppi? �Creare la directory utente se non esiste�Password corrente: �Livello debug�Shell predefinita, /bin/bash�Directory in cui salvare le credenziali�Mostrare utenti/gruppi in formato fully-qualified�Non eliminare la home directory e lo spool di mail�Dominio del provider di informazioni (obbligatorio)�Abilita la validazione delle credenziali�Consentire l'enumerazione di tutti gli utenti/gruppi�Abilita FAST�Durata timeout aggiornamento cache in background (secondi)�Durata timeout elementi in cache (secondi)�Durata timeout per la cache enumeration (secondi)�Errore durante l'inizializzazione degli strumenti �Errore durante l'inizializzazione degli strumenti - nessun dominio �Errore di impostazione del locale �File contenente i certificati CA�File contenente il certificato client�File contenente la chiave client�Filtro per i lookup utente�Seguire i referral LDAP�Forza la rimozione dei file non di proprietà dell'utente�Nome completo�Attributo GECOS�Gruppi�I gruppi devono essere nello stesso dominio dell'utente �Gruppi che SSSD dovrebbe ignorare esplicitamente�Gruppi a cui aggiungere questo gruppo�Gruppi a cui aggiungere questo utente�Gruppi da cui eliminare questo gruppo�Gruppi da cui rimuovere questo utente�Home directory�Attributo della home directory�Per quanto tempo (minuti) negare i tentativi di login dopo che offline_failed_login_attemps è stato raggiunto�Per quanto tempo accettare login in cache tra login online (giorni)�Per quanto tempo tenere in cache gli elementi dopo un login che ha avuto successo (giorni)�Il tempo di attesa per le richieste DNS (secondi)�Numero di tentativi di login falliti quando offline�Metodo di deferenziazione degli alias�Hostname del client IPA�Dominio IPA�Indirizzo del server IPA�Provider di identità�Includi i timestamp nei log�Errore interno nel parsing dei parametri �Errore interno. Impossibile stampare il gruppo. �Errore interno. Impossibile rimuovere il gruppo. �Errore interno. Impossibile rimuovere l'utente. �Il dominio specificato nel FQDN non è valido �Realm Kerberos�Indirizzo del server Kerberos�Keytab del servizio Kerberos�Filtro LDAP per determinare i privilegi di accesso�Durata tra tentativi di riconnessione quando offline�Intervallo di tempo per la pulizia cache�Durata tra gli aggiornamenti alle enumeration�Durata del tentativo di connessione�Durata del tentativo di esecuzione di operazioni LDAP sincrone�Durata attesa per le richieste di ricerca�Lista delle possibili cipher suite�Percorso del keytab per la validazione delle credenziali�Percorso della cache delle credenziali utente�Bloccare l'account�Shell di login�Magic Private �ID utente massimo�I gruppi membri devono appartenere allo stesso dominio del gruppo radice �ID utente minimo�Attributo data di modifica�Durata timeout negative cache (secondi)�Non creare mai le directory utente, forza la configurazione�Nuova password: �Gruppo non presente nel dominio locale. La stampa dei gruppi è permessa solo nel dominio locale. �Gruppo non presente nel dominio locale. L'eliminazione di gruppi è permessa solo nel dominio locale. �Utente non presente nel dominio locale. L'eliminazione degli utenti è permessa solo nel dominio locale. �Home directory non eliminata - non appartiene all'utente �Numero di tentativi di connessione ai data providers�Objectclass per gli utenti�Memoria esaurita �Stack PAM da usare�Cambio password fallito.�Provider di cambio password�Password scaduta. Cambiare la password ora.�Password: �Le password non coincidono�Percorso della directory dei cerficati della CA�Timeout di ping per il riavvio del servizio�Politica per controllare la scadenza della password�Attributo del GID primario�Mostra ricorsivamente i membri indiretti del gruppo�Formato compatibile con printf per la visualizzazione di nomi completi�Il socket privilegiato ha permessi o propritario non validi.�Il socket pubblico ha permessi o propritario non validi.�Conferma nuova password: �Regex per il parsing di nome utente e dominio�Eliminare home directory e spool di mail�Richiedere la verifica del certificato TLS�Richiedere TLS per gli ID lookup�Restringere o preferire una specifica famiglia di indirizzi per l'esecuzione di lookup DNS�Esegui interattivamente (non come demone)�Avvio dei domini SSSD�Avvio dei servizi SSSD�SSSD non è eseguito da root.�Ambito di applicazione dei lookup utente�Redirigere l'output di debug su file anzichè stderr�Messaggio del server:�Server dove viene eseguito il servizio di cambio password, se non nel KDC�Imposta il livello di dettaglio dei messaggi di debug�Attributo della shell�Specifica se mostrare gli utenti filtrati nei gruppi�Specificare un file di configurazione specifico�Specificare una directory skeleton alternativa�Specificare un gruppo da aggiungere �Specificare il gruppo da eliminare �Specificare il gruppo da modificare �Specificare il gruppo da mostrate �Specificare l'id di autorizzazione sasl da usare�Specificare il meccanismo sasl da usare�Specificare un utente da aggiungere �Specificare l'utente da cancellare �Specificare l'utente da modificare �Salvare gli hash delle password�Il sistema è offline, non è possibile richiedere un cambio password�Il GID del gruppo�Il GID dell'utente�Lo Schema Type utilizzato dal server LDAP, rfc2307�L'UID dell'utente�Il token di autenticazione del bind DN predefinito�La stringa di commento�Il livello di debug da utilizzare�Il base DN predefinito�Il bind DN predefinito�L'interfaccia il cui indirizzo IP dovrebbe essere usato per aggiornamenti DNS dinamici.�Il nome della libreria NSS da usare�Il GID specificato non è nel range permesso �L'UID specificato non rientra nel range permesso �Il tipo di token di autenticazione del bind DN predefinito�Il valore del campo password che deve essere ritornato dal provider NSS�Intervallo di tempo tra due controlli di rinnovo�Timeout dei messaggi inviati sul SBUS�Errore della transazione. Impossibile aggiungere il gruppo. �Errore nella transazione. L'utente non è stato aggiunto. �Errore della transazione. Impossibile modificare il gruppo. �Errore nella transazione. Impossibile modificare l'utente. �Attributo UID�Attributo UUID�Sbloccare l'account�Usare autorizzazione Kerberos per la connessione LDAP�Usare solo maiuscole per i nomi dei realm�Attributo user principal (per Kerberos)�La directory home dell'utente esiste, non vengono copiati dati dalla directory skeleton �Attributo del nome utente�Utenti che SSSD dovrebbe ignorare esplicitamente�Scrivere i messaggi di debug nei file di log�ldap_uri, l'indirizzo del server LDAP�Attributo memberOf���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/tr.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000131�12320753522�015315� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.476874344 30 atime=1396954962.476874344 29 ctime=1396954962.56287428 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/tr.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000001445�12320753522�015551� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������L��� ���|���������������� ��������������������������������� ������������������ �����������������������������������������Command to start service�IPA domain�Kerberos server address�Maximum user ID�Minimum user ID�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Turkish (http://www.transifex.com/projects/p/fedora/language/tr/) Language: tr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n > 1); �Servis başlatma komutu�IPA alanı�Kerberos sunucu adresi�En fazla kullanıcı ID'si�En az kullanıcı ID'si����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/it.po���������������������������������������������������������������0000644�0000000�0000000�00000000072�12320753107�015143� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954962.003874693 28 ctime=1396954962.5358743 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/it.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000145352�12320753107�015401� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Guido Grazioli <guido.grazioli@gmail.com>, 2011 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Italian (http://www.transifex.com/projects/p/fedora/language/" "it/)\n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "Imposta il livello di dettaglio dei messaggi di debug" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "Includi i timestamp nei log" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "Scrivere i messaggi di debug nei file di log" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "Timeout di ping per il riavvio del servizio" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "Comando per avviare il servizio" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "Numero di tentativi di connessione ai data providers" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "Avvio dei servizi SSSD" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "Avvio dei domini SSSD" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "Timeout dei messaggi inviati sul SBUS" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "Regex per il parsing di nome utente e dominio" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "Formato compatibile con printf per la visualizzazione di nomi completi" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "Durata timeout per la cache enumeration (secondi)" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "Durata timeout aggiornamento cache in background (secondi)" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "Durata timeout negative cache (secondi)" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "Utenti che SSSD dovrebbe ignorare esplicitamente" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "Gruppi che SSSD dovrebbe ignorare esplicitamente" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "Specifica se mostrare gli utenti filtrati nei gruppi" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "" "Il valore del campo password che deve essere ritornato dal provider NSS" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "Per quanto tempo accettare login in cache tra login online (giorni)" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "Numero di tentativi di login falliti quando offline" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" "Per quanto tempo (minuti) negare i tentativi di login dopo che " "offline_failed_login_attemps è stato raggiunto" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Provider di identità" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Provider di autenticazione" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "Provider di access control" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "Provider di cambio password" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "ID utente minimo" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "ID utente massimo" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "Consentire l'enumerazione di tutti gli utenti/gruppi" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "Salvare in cache le credenziali per login offline" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "Salvare gli hash delle password" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "Mostrare utenti/gruppi in formato fully-qualified" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "Durata timeout elementi in cache (secondi)" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Restringere o preferire una specifica famiglia di indirizzi per l'esecuzione " "di lookup DNS" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Per quanto tempo tenere in cache gli elementi dopo un login che ha avuto " "successo (giorni)" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "Il tempo di attesa per le richieste DNS (secondi)" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "L'interfaccia il cui indirizzo IP dovrebbe essere usato per aggiornamenti " "DNS dinamici." #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "Dominio IPA" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "Indirizzo del server IPA" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "Hostname del client IPA" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Indirizzo del server Kerberos" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Realm Kerberos" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "Timeout di autenticazione" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "Directory in cui salvare le credenziali" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "Percorso della cache delle credenziali utente" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "Percorso del keytab per la validazione delle credenziali" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "Abilita la validazione delle credenziali" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "Intervallo di tempo tra due controlli di rinnovo" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "Abilita FAST" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Server dove viene eseguito il servizio di cambio password, se non nel KDC" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, l'indirizzo del server LDAP" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "Il base DN predefinito" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "Il bind DN predefinito" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "Il tipo di token di autenticazione del bind DN predefinito" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "Il token di autenticazione del bind DN predefinito" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "Durata del tentativo di connessione" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "Durata tra tentativi di riconnessione quando offline" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "Usare solo maiuscole per i nomi dei realm" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "File contenente i certificati CA" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "Percorso della directory dei cerficati della CA" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "File contenente il certificato client" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "File contenente la chiave client" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "Lista delle possibili cipher suite" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "Richiedere la verifica del certificato TLS" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "Specificare il meccanismo sasl da usare" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "Specificare l'id di autorizzazione sasl da usare" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "Keytab del servizio Kerberos" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "Usare autorizzazione Kerberos per la connessione LDAP" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "Seguire i referral LDAP" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "Metodo di deferenziazione degli alias" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "Durata attesa per le richieste di ricerca" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "Durata tra gli aggiornamenti alle enumeration" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "Intervallo di tempo per la pulizia cache" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "Richiedere TLS per gli ID lookup" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "Base DN per i lookup utente" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "Ambito di applicazione dei lookup utente" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "Filtro per i lookup utente" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "Objectclass per gli utenti" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "Attributo del nome utente" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "Attributo UID" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "Attributo del GID primario" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "Attributo GECOS" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "Attributo della home directory" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "Attributo della shell" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "Attributo UUID" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "Attributo user principal (per Kerberos)" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Nome completo" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "Attributo memberOf" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "Attributo data di modifica" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "Politica per controllare la scadenza della password" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "Filtro LDAP per determinare i privilegi di accesso" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "Lista separata da virgola degli utenti abilitati" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "Lista separata da virgola degli utenti non abilitati" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Shell predefinita, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "Base delle home directory" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "Il nome della libreria NSS da usare" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "Stack PAM da usare" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "Esegui come demone (default)" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "Esegui interattivamente (non come demone)" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "Specificare un file di configurazione specifico" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "Livello debug" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "Includi timestamp di debug" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "Un descrittore di file aperto per l'output di debug" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "Dominio del provider di informazioni (obbligatorio)" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "Il socket privilegiato ha permessi o propritario non validi." #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "Il socket pubblico ha permessi o propritario non validi." #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "SSSD non è eseguito da root." #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "Le password non coincidono" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "Autenticato con le credenziali nella cache" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr ", la password in cache scadrà il: " #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "L'autenticazione verrà negata fino al: " #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "Il sistema è offline, non è possibile richiedere un cambio password" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "Cambio password fallito." #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "Messaggio del server:" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Nuova password: " #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Conferma nuova password: " #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Password: " #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Password corrente: " #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "Password scaduta. Cambiare la password ora." #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "Il livello di debug da utilizzare" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "Errore di impostazione del locale\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "L'UID dell'utente" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "La stringa di commento" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Home directory" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Shell di login" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Gruppi" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Creare la directory utente se non esiste" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "Non creare mai le directory utente, forza la configurazione" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "Specificare una directory skeleton alternativa" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "Specificare un utente da aggiungere\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "Errore durante l'inizializzazione degli strumenti - nessun dominio\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "Errore durante l'inizializzazione degli strumenti\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "Il dominio specificato nel FQDN non è valido\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "Errore interno nel parsing dei parametri\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "I gruppi devono essere nello stesso dominio dell'utente\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "Impossibile impostare i valori predefiniti\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "L'UID specificato non rientra nel range permesso\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "Impossibile determinare le informazioni dell'utente\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "La directory home dell'utente esiste, non vengono copiati dati dalla " "directory skeleton\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "Impossibile allocare l'ID utente - dominio pieno?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "Utente o gruppo con lo stesso nome o ID già presente\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "Errore nella transazione. L'utente non è stato aggiunto.\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "Il GID del gruppo" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "Specificare un gruppo da aggiungere\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "Il GID specificato non è nel range permesso\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "Impossibile allocare l'ID per il gruppo - dominio pieno?\n" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "Gruppo con lo stesso nome o GID già esistente\n" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "Errore della transazione. Impossibile aggiungere il gruppo.\n" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "Specificare il gruppo da eliminare\n" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" "Gruppo non presente nel dominio locale. L'eliminazione di gruppi è permessa " "solo nel dominio locale.\n" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "Errore interno. Impossibile rimuovere il gruppo.\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "Gruppi a cui aggiungere questo gruppo" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "Gruppi da cui eliminare questo gruppo" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "Specificare il gruppo da modificare\n" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" "Gruppo non presente nel dominio locale. La modifica dei gruppi è permessa " "solo nel dominio locale.\n" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" "I gruppi membri devono appartenere allo stesso dominio del gruppo radice\n" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" "Impossibile modificare il gruppo - controllare che i nomi dei gruppi siano " "corretti\n" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" "Impossibile modificare il gruppo - controllare che il nome del gruppo sia " "corretto\n" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "Errore della transazione. Impossibile modificare il gruppo.\n" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "Magic Private " #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "Mostra ricorsivamente i membri indiretti del gruppo" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "Specificare il gruppo da mostrate\n" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" "Gruppo non presente nel dominio locale. La stampa dei gruppi è permessa solo " "nel dominio locale.\n" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "Errore interno. Impossibile stampare il gruppo.\n" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "Eliminare home directory e spool di mail" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "Non eliminare la home directory e lo spool di mail" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "Forza la rimozione dei file non di proprietà dell'utente" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "Specificare l'utente da cancellare\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "Home directory non eliminata - non appartiene all'utente\n" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" "Utente non presente nel dominio locale. L'eliminazione degli utenti è " "permessa solo nel dominio locale.\n" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "Errore interno. Impossibile rimuovere l'utente.\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "Il GID dell'utente" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "Gruppi a cui aggiungere questo utente" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "Gruppi da cui rimuovere questo utente" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Bloccare l'account" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Sbloccare l'account" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "Specificare l'utente da modificare\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" "Utente non presente nel dominio locale. La modifica degli utenti è permessa " "solo nel dominio locale.\n" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" "Impossibile modificare l'utente - controllare che i nomi dei gruppi siano " "corretti\n" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "Impossibile modificare l'utente - utente già membro di gruppi?\n" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "Errore nella transazione. Impossibile modificare l'utente.\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "Memoria esaurita\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "Redirigere l'output di debug su file anzichè stderr" ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/es.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015300� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.337874446 30 atime=1396954962.336874447 30 ctime=1396954962.551874288 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/es.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000100617�12320753522�015534� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000����������������������������������������������������������������������������������������������������������������������������������������������������������������������������6����� ����|��������'��� ��1���1��8���c������������3�����*�����B���(��)���k��)�����%����� ������������������5��#���E��%���i�������#������������������ �����%�����D�����]�����w��#�����;�����T�����R���F�������#�����!����������%�����(���@�����i��3�����2�����7�����A���! ��9���c ��7��� ��,��� �����!��0���!�� ���F!�����R!��P���k!��$���!�����!��,���"��+���."��.���Z"�����"��#���"�� ���"��"���"��6���"��$���1#��*���V#�����#��/���#�����#�����#��/���$��"���7$��)���Z$��!���$�����$�����$��,���$�� ���%����� %�� ���%�����)%�����>%�� ���U%�����`%�����o%��*���v%��)���%�����%�����%�� ���&�����#&�����C&�����R&�����k&�����&��U���&��<���&��B���)'��G���l'��F���'��F���'��8���B(��E���{(�����(�����(�� ���(�����(�����)��4��� )��V���U)��;���)��0���)�� ���*��(���:*��'���c*��(���*��'���*��!���*�����*�����+�����.+�����=+�����U+��)���m+��*���+��:���+��%���+��*���#,��$���N,��5���s,��0���,��+���,��#���-�����*-�����>-��.���^-��'���-�����-�� ���-�����-��&���-�����.��9���.�����R.�����b.��&���~.��)���.��'���.�����.�� ���/�����/�����7/��/���S/�����/��M���/��M���/��K���.0�����z0��*���0��7���0��(���0��!���1�����;1�����W1�����n1�����1�����1�����1��=���1��A���2�����F2�����W2�����p2��+���2��(���2�� ���2�����2�� ����3��&���!3��*���H3�����s3��(���3�����3��=���3��5���4��1���D4�����v4��"���4��$���4�����4��$���4�����5��H���35�����|5�����5�����5�����5�����5�� ���5�����6��$���6��%���C6��0���i6�����6��E���6�����6��$���7�����-7�����D7�����_7��&���x7�����7��&���7��!���7��!���7��)���8�����D8�����Z8�����s8�����8�����8�����8��3���8��(���9��+���79��!���c9�����9�����9�����9�����9��9���9�����:�����6:�����O:�����^:�����{:�����:�����:�����:�����:����� ;��/���$;�����T;�����i;��!���};�����;��2���;�����;��K���;��/���I<��1���y<�����<�����<�����<�����<��.���=��=���1=��L���o=��3���=��"���=��B���>��8���V>��/���>��&���>��.���>��.���?��;���D?��>���?��#���?��'���?��(��� @��'���4@��+���\@��*���@��!���@�� ���@��8���@�����A��7���+A��3���cA�����A��%���A��'���A�����A��'��� B��D���4B�����yB��(���B��E���B��i���B��A���eC��;���C��C���C��5���'D�� ���]D�����~D�����D�����D�����D�����D��$���D��$���"E�����GE��$���fE�����E�����E�����E�����E�����E�����E�����F�����*F�����>F��"���VF����yF��&���-H��-���TH��6���H�����H��'���H��F����I��A���GI��Y���I��1���I��6���J��*���LJ��)���wJ�����J�� ���J�����J��6���J��6���)K��*���`K��/���K�����K��(���K��#���L��&���(L��"���OL��!���rL��'���L��>���L��K���L��s���GM�����M��,���;N��8���hN��6���N��6���N��0���O��/���@O�� ���pO��E���O��G���O��L���P��[���lP��R���P��H���Q��,���dQ�����Q��N���Q�����Q����� R��o���)R��5���R��*���R��B���R��;���=S��3���yS��(���S��6���S�� ��� T��$���T��O���@T��3���T��4���T��&���T��>��� U�� ���_U�����U��D���U��(���U��.��� V��(���8V��&���aV�����V��C���V�����V�����V�� ���W�����W�����+W�����IW�����ZW�����pW��:���wW��7���W��+���W��-���X��0���DX��2���uX�����X�����X��"���X�����X�����Y��O���Y��H���Y��b���/Z��g���Z��C���Z��J���>[��]���[�����[�� ���[�� ���\�����*\�����F\��j���]\��x���\��R���A]��K���]��:���]��<���^��-���X^��-���^��/���^��'���^����� _�����+_�����I_�� ���Z_��$���{_��5���_��1���_��A���`��-���J`��<���x`��0���`��A���`��0���(a��/���Ya��/���a�����a��#���a��>���a��1���2b�����db�����wb�� ���b��.���b�����b��F���b�����"c�����8c��3���Wc��6���c��,���c�����c�����d�����&d��%���Fd��I���ld�����d��n���d��j���9e��g���e����� f��@���(f��L���if��2���f��$���f�����g�����,g��$���>g�����cg�����g�����g��@���g��V���g�����Fh�� ���Vh��"���wh��A���h��G���h�� ���$i�����2i��'���Pi��5���xi��7���i�����i��6���i��)���3j��L���]j��A���j��=���j�����*k��P���Jk��8���k�����k��,���k��"���!l��_���Dl��/���l�����l�����l����� m��3���$m�����Xm��$���jm�� ���m��-���m��F���m�����%n��m���;n�����n��2���n�����n��!���o��!���<o��9���^o�����o��3���o��*���o��@���p��4���Gp�����|p��#���p�����p��!���p��'���q�����)q��=���Hq��.���q��;���q��$���q��!���r�� ���8r��#���Yr��$���}r��i���r��!��� s��!���.s�����Ps��!���es��#���s��$���s�����s��$���s��#���t��$���9t��D���^t�����t�����t��2���t�����t��6���u�����Hu��I���[u��5���u��I���u�����%v��,���>v�����kv�����v��C���v��P���v��N���1w��=���w��"���w��M���w��D���/x��+���tx��&���x��/���x��4���x��>���,y��A���ky��1���y��;���y��7���z��9���Sz��6���z��8���z��8���z�� ���6{��I���C{�� ���{��N���{��>���{�����)|��)���?|��-���i|�����|��/���|��R���|�����3}��9���E}��F���}��z���}��M���A~��E���~��P���~��F���&��3���m������������������������� ��"�����#���@�����d��#������������������Ѐ��������������������.�����A�����U��!���m��������U���f���N���d���@���������������������������������*�������������b�������*�������������������������M����������u�������I���������)��3�����$����������9����������������L���&��3��������������������������������������o�����������B��������������������������������-�����������n���������������e��� ������������������)������������Z���5������������������������������ ���Y����������������Q�������������G�����������#���������y�����m�������0���������������������<���a���������~���T����������������_���w������j������z�����.��� ����������������������������\���>��� �����������������������������.��6������!������4������������������� ���4�����c������������������������������:������������E������&��������6����������J���i����������"������������������������������������������������������������k�������������O����������������0��V�������������������������������-�������������������������������������������������%��K���S���1���+�������������������� ��������#������/�������������������������r���������D�������R����������W������`������������������� �������������������g��� �����$��'���������A�������������������������2��x�������%���8���(������h������������������������^����������������������2������?�������;������s����������l������P���p������7�������������� ����������v������"����� ��t���}����������������|�������H����������,���������� ���'�������������[������{����������,�������������q���X��������!�����(��5���/��]�������1��F���������������� ��=���C���+��������, your cached password will expire at: �A group with the same name or GID already exists �A user or group with the same name or ID already exists �Access control provider�Add debug timestamps�An error occurred, but no description can be found.�An open file descriptor for the debug logs�Attribute indicating that server side password policies are active�Attribute listing authorized PAM services�Attribute listing authorized server hosts�Authenticated with cached credentials�Authentication is denied until: �Authentication provider�Authentication timeout�Autofs provider�Automounter map entry key attribute�Automounter map entry value attribute�Automounter map name attribute�Base DN for automounter map lookups�Base DN for group lookups�Base DN for netgroup lookups�Base DN for service lookups�Base DN for sudo rules lookups�Base DN for user lookups�Base for home directories�Become a daemon (default)�Cache credentials for offline login�Cannot determine if the user was logged in on this platform�Cannot find group in local domain, modifying groups is allowed only in local domain �Cannot find user in local domain, modifying users is allowed only in local domain �Cannot get info about the user �Cannot reset SELinux login context �Cannot set SELinux login context �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the group - domain full? �Could not allocate ID for the user - domain full? �Could not modify group - check if groupname is correct �Could not modify group - check if member group names are correct �Could not modify user - check if group names are correct �Could not modify user - user already member of groups? �Create user's directory if it does not exist�Current Password: �DNS service name for LDAP password change server�Debug level�Default shell, /bin/bash�Directory on the filesystem where SSSD should store Kerberos replay cache files.�Directory to store credential caches�Disable the LDAP paging control�Display users/groups in fully-qualified form�Do not remove home directory and mail spool�Domain of the information provider (mandatory)�Enable credential validation�Enable enumerating all users/groups�Enables FAST�Enables principal canonicalization�Entry cache background update timeout length (seconds)�Entry cache timeout length (seconds)�Enumeration cache timeout length (seconds)�Error initializing the tools �Error initializing the tools - no local domain �Error looking up public keys �Error setting the locale �Error while checking if the user was logged in �File that contains CA certificates�File that contains the client certificate�File that contains the client key�Filter for user lookups�Follow LDAP referrals�Force removal of files not owned by the user�Full Name�GECOS attribute�GID attribute�Group UUID attribute�Group member attribute�Group name�Group password�Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Groups to add this group to�Groups to add this user to�Groups to remove this group from�Groups to remove this user from�Home directory�Home directory attribute�Host identity provider�Host not specified �How long (minutes) to deny login after offline_failed_login_attempts has been reached�How long to allow cached logins between online logins (days)�How long to keep cached entries after last successful login (days)�How long to retain a connection to the LDAP server before disconnecting�How long to wait for replies from DNS when resolving servers (seconds)�How many days before password expiration a warning should be displayed�How many failed logins attempts are allowed when offline�How many seconds to keep identity information cached for PAM requests�How to dereference aliases�IPA client hostname�IPA domain�IPA server address�Identity provider�If DENY rules are present, either DENY_ALL or IGNORE�If a shell stored in central directory is allowed but not available, use this fallback�If set to false, host argument given by PAM will be ignored�Include microseconds in timestamps in debug logs�Include timestamps in debug logs�Internal error while parsing parameters �Internal error. Could not print group. �Internal error. Could not remove group. �Internal error. Could not remove user. �Invalid domain specified in FQDN �Invalidate all users�Invalidate particular user�Kerberos realm�Kerberos server address�Kerberos service keytab�Kill users' processes before removing him�LDAP filter to determine access privileges�Length of time between attempts to reconnect while offline�Length of time between cache cleanups�Length of time between enumeration updates�Length of time to attempt connection�Length of time to attempt synchronous LDAP operations�Length of time to wait for a enumeration request�Length of time to wait for a search request�Lifetime of TGT for LDAP connection�Lifetime of the TGT�List of possible ciphers suites�Location of the keytab to validate credentials�Location of the user's credential cache�Lock the account�Login shell�Magic Private �Maximum nesting level SSSd will follow�Maximum user ID�Member groups must be in the same domain as parent group �Minimum user ID�Modification time attribute�Modification time attribute for groups�Modification time attribute for netgroups�Negative cache timeout length (seconds)�Netgroup UUID attribute�Netgroup name�Netgroup triple attribute�Netgroups members attribute�Never create user's directory, overrides config�New Password: �No such group in local domain. Printing groups only allowed in local domain. �No such group in local domain. Removing groups only allowed in local domain. �No such user in local domain. Removing users only allowed in local domain. �Not enough memory �Not removing home dir - not owned by user �Number of times to attempt connection to Data Providers�Object class for automounter map entries�Object class for automounter maps�Object class for sudo rules�Objectclass for groups�Objectclass for netgroups�Objectclass for services�Objectclass for users�Out of memory �Override GID value from the identity provider with this value�Override homedir value from the identity provider with this value�PAM stack to use�Password change failed. �Password change provider�Password expired. Change your password now.�Password reset by root is not supported.�Password: �Passwords do not match�Path to CA certificate directory�Ping timeout before restarting service�Policy to evaluate the password expiration�Primary GID attribute�Print indirect group members recursively�Print version number and exit�Printf-compatible format for displaying fully-qualified names�Privileged socket has wrong ownership or permissions.�Public socket has wrong ownership or permissions.�Reenter new Password: �Regex to parse username and domain�Remove home directory and mail spool�Renewable lifetime of the TGT�Require TLS certificate verification�Require TLS for ID lookups�Restrict or prefer a specific address family when performing DNS lookups�Run interactive (not a daemon)�SSH public key attribute�SSSD Domains to start�SSSD Services to start�SSSD is not run by root.�SUDO provider�Scope of user lookups�Search base for HBAC related objects�Selects the principal to use for FAST�Send the debug output to files instead of stderr�Server message: �Server where the change password service is running if not on the KDC�Service name attribute�Service name for DNS service lookups�Service port attribute�Service protocol attribute�Session-loading provider�Set the verbosity of the debug logging�Shell attribute�Should filtered users appear in groups�Show timestamps with microseconds�Specify a non-default config file�Specify an alternative skeleton directory�Specify group to add �Specify group to add to �Specify group to delete �Specify group to modify �Specify group to remove from �Specify group to show �Specify the minimal SSF for LDAP sasl authorization�Specify the sasl authorization id to use�Specify the sasl authorization realm to use�Specify the sasl mechanism to use�Specify user to add �Specify user to delete �Specify user to modify �Store password hashes�Store password if offline for later online authentication�Sudo rule command attribute�Sudo rule host attribute�Sudo rule name�Sudo rule notafter attribute�Sudo rule notbefore attribute�Sudo rule option attribute�Sudo rule order attribute�Sudo rule runasgroup attribute�Sudo rule runasuser attribute�Sudo rule user attribute�System is offline, password change not possible�The GID of the group�The GID of the user�The SELinux user for user's login�The SSSD domain to use�The Schema Type in use on the LDAP server, rfc2307�The UID of the user�The amount of time between lookups of the HBAC rules against the IPA server�The authentication token of the default bind DN�The automounter location this IPA client is using�The comment string�The debug level to run with�The default base DN�The default bind DN�The domain part of service discovery DNS query�The interface whose IP should be used for dynamic DNS updates�The list of shells that will be vetoed, and replaced with the fallback shell�The list of shells users are allowed to log in with�The name of the NSS library to use�The number of members that must be missing to trigger a full deref�The number of records to retrieve in a single LDAP query�The path to the proxy command must be absolute �The port to use to connect to the host�The selected GID is outside the allowed range �The selected UID is outside the allowed range �The type of the authentication token of the default bind DN�The value of the password field the NSS provider should return�Time between two checks for renewal�Timeout for messages sent over the SBUS�Transaction error. Could not add group. �Transaction error. Could not add user. �Transaction error. Could not modify group. �Transaction error. Could not modify user. �Treat usernames as case sensitive�UID attribute�URI of an LDAP server where password changes are allowed�UUID attribute�Unexpected error while looking for an error description�Unexpected format of the server credential message.�Unlock the account�Use Kerberos auth for LDAP connection�Use only the upper case for realm names�User not specified �User principal attribute (for Kerberos)�User's home directory already exists, not copying data from skeldir �Username attribute�Users that SSSD should explicitly ignore�What kind of messages are displayed to the user during authentication�Whether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bind�Whether to automatically update the client's DNS entry in FreeIPA�Whether to evaluate the time-based attributes in sudo rules�Which attributes shall be used to evaluate if an account is expired�Which rules should be used to evaluate access control�Write debug messages to logfiles�accountExpires attribute of AD�entryUSN attribute�krbLastPwdChange attribute�krbPasswordExpiration attribute�lastUSN attribute�ldap_uri, The URI of the LDAP server�loginAllowedTimeMap attribute of NDS�loginDisabled attribute of NDS�loginExpirationTime attribute of NDS�memberOf attribute�nsAccountLock attribute�shadowExpire attribute�shadowFlag attribute�shadowInactive attribute�shadowLastChange attribute�shadowMax attribute�shadowMin attribute�shadowWarning attribute�userAccountControl attribute of AD�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Spanish (http://www.transifex.com/projects/p/fedora/language/es/) Language: es MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); �, su contraseña cacheada vencerá el:�Ya existe un grupo con el mismo nombre o GID �Ya existe un usuario o grupo con el mismo nombre o ID �Proveedor de control de acceso�Agregar marcas de tiempo de depuración�Ha ocurrido un error, pero no se ha podido encontrar una descripción.�Un arhivo abierto de descriptor para los registros de depuración�atributo indicando que las políticas de contraseña del lado del servidor están activas�listado de atributos de servicios PAM autorizados�Atributo de listado de equipos de servidor autorizados�Autenticado mediante credenciales cacheada�La autenticación ha sido denegada hasta:�Proveedor de Autenticación�Expiración de la autenticación�Proveedor de Autofs�Atributo de clave de entrada para mapa de automontador�Atributo de valor de entrada para mapa de automontador�Atributo de nombre de mapa de automontador�Base DN para búsquedas de mapa de automontador�DN base para busqueda de grupos�DN base para búsquedas de grupos de red�Base DN para servicio de búsquedas�Base DN para búsquedas de reglas sudo�DN base para búsquedas de usuario�Base de los directorios de inicio�Convertirse en demonio (predeterminado)�Hacer caché de las credenciales para ingresos fuera de línea�No es posible determinar si el usuario estaba registrado en esta plataforma�No se pudo encontrar el grupo en el dominio local, la modificación de grupos se permite sólo en el dominio local �No se pudo encontrar el usuario en el dominio local, la modificación de los usuarios se permite solamente en el dominio local �No se pudo obtener información del usuario �No es posible reiniciar contexto de registro de SELinux �No es posible definir contexto de registro de SELinux �No se pudieron establecer los valores predeterminados �Lista separada por comas de usuarios autorizados�Lista separada por comas de usuarios prohibidos�Comando para iniciar el servicio�No se pudo asignar el ID para el grupo - ¿el dominio estará lleno? �No se pudo asignar el ID para el usuario - ¿el dominio estará lleno? �No se pudo modificar el grupo - verifique si el nombre de grupo es correcto �No se pudo modificar el grupo - verifique si los nombre de grupo miembro son los correctos �No se pudo modificar el usuario - verifique si los nombres de grupo son correctos �No se pudo modificar el usuario - ¿no será ya miembro de esos grupos? �Crear el directorio del usuario si no existe�Contraseña actual: �Nombre del servicio DNS para el servidor de modificación de contraseñas LDAP�Nive de depuración�Shell predeterminado, /bin/bash�Directorio en el sistema de archivos donde SSSD debería guardar fichero de reproducción de cache de Kerberos.�Directorio donde almacenar las credenciales cacheadas�Deshabilita el control de paginación LDAP�Mostrar los usuarios/grupos en un formato completamente calificado�No eliminar el directorio de inicio y el receptor de correo�Dominio del proveedor de información (obligatorio)�Habilitar la validación de credenciales�Habilitar la enumeración de todos los usuarios/grupos�Habilita FAST�Habilita canonicalización principal�Tiempo máximo (segundos) de la entrada de caché a actualizar en segundo plano�Tiempo máximo de una entrada del caché (segundos)�Tiempo máximo (segundos) del caché de enumeración�Error al inicializar las herramientas �Error al inicializar las herramientas - no hay dominio local �Error buscando claves públicas �Error al poner la región �Error mientras se verificaba si el usuario se encontraba registrado �Archivo que contiene los certificados CA�Fichero que contiene el certificado de cliente�Fichero que contiene la llave de cliente�Filtro para las búsquedas del usuario�Seguir referencias LDAP�Forzar la eliminación de los archivos que no pertenecen al usuario�Nombre completo�Atributo GECOS�Atributo GID�Atributo de UUID del grupo�Atributo de miembro del grupo�Nombre del grupo�Contraseña del grupo�Grupos�Los grupos deben estar en el mismo dominio que el usuario �Grupos que deben ser explícitamente ignorados por SSSD�Grupos a los que se debe agregar este grupo�Grupos a los que se debe agregar este usuario�Grupos desde los que se debe eliminar este grupo�Grupos desde los que hay que eliminar este usuario�Directorio de inicio�Atributo Directorio de inicio�Suministrador de identidad de host�Host no especificado �Cuántos minutos se denegará el ingreso después de que se alcance el máximo de ingresos fallidos offline_failed_login_attempts�Por cuánto tiempo permitir ingresos cacheados entre ingresos en línea (días)�Por cuánto tiempo permitir ingresos cacheados luego del último (días)�El período de tiempo máximo para retener una conexión con el servidor LDAP antes de desconectar�Cantidad de tiempo (en segundos) a esperar respuestas desde DNS cuando se estén resolviendo servidores�Cuanto días se debe mostrar un aviso de expiración de contraseña�Cuantos intentos de ingreso fallidos se permiten cuando está desconectado�Cuanto segundos se mantendrá la información de identidad almacenada para solicitudes de PAM�Como eliminar aliases�Nombre de equipo del cliente IPA�Dominio IPA�Dirección del servidor IPA�Proveedor de identidad�Si se encuentran presentes reglas de negación (DENY) o bien se niega todo (DENY_ALL) o se ignora (IGNORE)�Si una consola almacenada en el directorio central es permitida pero no se encuentra disponible, utilice esta de reserva�Si se lo define en 'false', será ignorado el argumento de equipo ofrecido por PAM�Incluir microsegundos en la marca de tiempo en los registros de depuración�Incluir la marca de tiempo en los registros de depuración�Error interno al analizar sintácticamente los parámetros. �Error interno. No se pudo imprimir el grupo. �Error interno. No se pudo eliminar el grupo. �Error interno. No se pudo eliminar el usuario. �Dominio inválido especificado en FQDN �Todos los usuarios invalidados�Usuario particular invalidado�Reinado Kerberos�Dirección del servidor Kerberos�Tabla de clave del servicio Kerberos�Finaliza los procesos del usuario antes de eliminarlo�Filtro LDAP para determinar privilegios de acceso�Tiempo entre intentos de reconexión cuando esté fuera de línea�periodo de tiempo entre borrados de la caché�Tiempo en segundos entre las actualizaciones de enumeración�Tiempo durante el que se intentará la conexión�Tiempo durante el que se intentará operaciones LDAP sincrónicas�periodo de espera para solicitud de enumeración�Tiempo máximo a esperar un pedido de búsqueda�Período de vida del TGT para la conexión LDAP�ciclo de vida del TGT�Lista de posibles suites de cifrado�Ubicación de la tabla de claves para validar las credenciales�Ubicación del caché de credenciales del usuario�Bloquear la cuenta�Shell de ingreso�Magia privada�A continuación, nivel SSSD de anidado máximo�ID máximo de usuario�Los grupos miembro deben estar en el mismo dominio que el grupo padre �ID mínimo de usuario�Atributo hora de modificación�Atributo de modificación de tiempo para los grupos�Atributo de modificación de tiempo para grupos de red�Tiempo máximo negativo del cache (segundos)�Atributo UUID de miembro de red�Nombre de grupo de red�Atributo triple de grupo de red�Atributo de miembros de grupos de red�La opción de nunca crear el directorio del usuario, anula la configurada�Nueva contraseña: �No existe tal grupo en el dominio local. Imprimir los grupos está permitido únicamente en el dominio local. �No existe tal grupo en el dominio local. Eliminando los grupos que sólo se permiten en el dominio local. �No existe ese usuario en el dominio local. La eliminación de usuarios se permite en el dominio local. �Nos hay suficiente memoria �No eliminando el directorio de inicio - no pertenece al usuario �Número de veces que debe intentar la conexión con los Proveedores de Datos�Objeto clase para entradas de mapa de automontador�Objeto clase para mapas automontador�Objeto clase para reglas sudo�clase objeto para�Clases de objetos para grupos de red�Clase de objeto para servicio�Objectclass para los usuarios�Falta memoria �Sustituye valor GID del proveedor de la identidad con este valor�Sustituye valores del directorio personal del proveedor de la identidad con este valor�Pila PAM a usar�Falló el cambio de contraseña.�Proveedor de cambio de contraseña�La contraseña ha expirado. Modifíquela en este preciso momento.�No existe soporte para reseteado de la contraseña por el usuario root.�Contraseña: �Las contraseñas no coinciden�Ruta hacia un directorio certificado CA�Tiempo máximo de ping antes de reiniciar el servicio�Política para evaluar el vencimiento de la contraseña�Atributo GID primario�Imprime miembros de grupo indirecto en forma recursiva�Muestra el número de versión y finaliza�Formato compatible con printf para mostrar nombres completamente calificados�El zócalo privilegiado posee permisos o pertenencia equivocados.�El zócalo público posee permisos o pertenencia equivocados.�Reingrese la contraseña nueva:�Expresión regular para analizar sintácticamente el nombre de usuario y dominio�Eliminar el directorio de inicio y el receptor de correo�ciclo de vida renovable del TGT�Requiere la verificación de certificado TLS�Requiere TLS para búsquedas de ID�Restringir o preferir una familia de direcciones específica, cuando se realicen búsquedas DNS�Ejecutarse en forma interactiva (no un demonio)�Atributo de clave pública SSH�Dominios SSSD a iniciar�Servicios SSSD a iniciar�SSSD no está siendo ejecutado por el usuario root.�Proveedor de SUDO�Ambito de las búsquedas del usuario�Búsqueda base para objetos HBAC�Selecciona el principal para su uso por FAST�Envia el resultado de la depuración hacia archivos en lugar de stderr�Mensaje del servidor:�El servidor en donde está ejecutándose el servicio de modificación de contraseña, en caso de no ser KDC. �Atributo de nombre de servicio�Nombre de servicio para busquedas de servicios DNS�Atributo de puerto de servicio�Atributo de protocolo de servidor�Suministrador de carga de sesión�Establece el nivel de detalle del registro de depuración�Atributo shell�Deben aparecer los usuarios filtrados en los grupos�Mostrar marcas de tiempo con microsegundos�Indicar un archivo de configuración diferente al predeterminado�Debe especificar un directorio esqueleto alternativo�Especifique el grupo a agregar �Especifica el grupo a ser añadido �Especifique el grupo a borrar �Especifique el grupo a modificar �Especifica el grupo a ser eliminado de �Especifica el grupo a mostrar �Especificar los SSF mínimos para autorizaciones sasl de LDAP�Especifique el id de autorización sasl a usar�Especifica el reinado de autorización sasl a ser utilizado�Especificar el mecanismo sasl a usar�Especifique el usuario a agregar �Especifique el usuario a borrar �Especifique el usuario a modificar �Guardar los hashes de la contraseña�Si se encuentra desconectado, almacena contraseñas para más tarde realizar una autenticación en línea�Atributo de regla de comando sudo�Atributo de la regla host de sudo�Nombre de regla sudo�Atributo de regla noafter de sudo�Atributo de regla notbefore de sudo�Atributo de la regla opción de sudo�Atributo de regla orden de sudo�Atributo de regla runasgroup de sudo�Atributo de la regla suda runasuser�Atributo de la regla usuario de sudo�El sistema está fuera de línea, no se puede cambiar la contraseña�El GID del grupo�El GID del Usuario�El usuario de SELinux para el registro del usuario�El dominio SSSD a usar�El Tipo de Esquema a usar en el servidor LDAP, rfc2307�El UID del usuario�Cantidad de tiempo entre búsquedas de reglas HBAC contra el servidor IPA�El token de autenticación del DN bind predeterminado�La ubicación de montaje automático que este cliente de IPA está usando�La cadena de comentarios�Nivel de depuración en que se debe ejecutar�DN base predeterminado�El DN Bind predeterminado�La sección del dominio de la consulta para descubrir servicios DNS�La interfaz cuya IP debería ser utilizada para actualizaciones DNS automáticas�Lista de consolas que serán vetadas, y reemplazadas por la consola de reserva�Lista de los usuarios de consola habilitados para registrarse�Nombre de la biblioteca NSS a usar�La cantidad de miembros que deben faltar para desencadenar una deref completa�La cantidad de registros a ser obtenidos en una única consulta LDAP�La ruta al comando proxy debe ser absoluta �El puerto a usar para conectar al host�El GID elegido está fuera del rango permitido �El UID seleccionado está fuera del rango permitido �El tipo del token de autenticación del DN bind predeterminado�El valor del campo contraseña que el proveedor NSS debe devolver�tiempo entre dos comprobaciones para renovación �Tiempo máximo para los mensajes enviados a través de SBUS�Error en la transacción. No se pudo agregar el grupo. �Error en la transacción. No se pudo agregar el usuario. �Error de transacción. No se pudo modificar el grupo. �Error de transacción. No se pudo modificar el usuario. �Trate al nombre de usuario con mayúsculas y minúsculas�Atributo UID�URI de un servidor LDAP donde se permite la modificación de contraseñas�Atributo UUID�Ha ocurrido un error no esperado mientras se buscaba la descripción del error�Formato no esperado del mensaje de la credencial del servidor.�Desbloquear la cuenta�Usar auth Kerberos para la conexión LDAP�Use solo el caso superior para nombres reales�Usuario no especificado �Atributo principal del usuario (para Kerberos) �El directorio de inicio del usuario ya existe, no copiar datos desde el esqueleto �Atributo Username�Usuarios que deben ser explícitamente ignorados por SSSD�Que clase de mensajes se muestran al usuario durante la autenticación�Si la Biblioteca LDAP debería realizar una búsqueda inversa para canonicalizar el nombre del host durante un enlace SASL�Si actualizar o no en forma automática la entrada DNS del cliente en FreeIPA�Ya sea para evaluar los atributos basados en el tiempo en reglas sudo�Los atributos que deberán ser utilizados para evaluar si una cuenta ha expirado�Las reglas que deberían ser utilizadas para evaluar control de acceso�Escribir los mensajes de depuración a archivos log�atributo accountExpires de AD�atributo entryUSN�atributo krbLastPwdChange �atributo krbPasswordExpiration �atributo lastUSN�ldap_uri, El URI del servidor LDAP�loginAllowedTimeMap atributo de NDS�loginDisabled atributo de NDS�loginExpirationTime atributo de NDS�Atributo memberOf�atributo nsAccountLock �atributo shadowExpire�atributo shadowFlag �atributo shadowInactive �atributo shadowLastChange�atributo shadowMax�atributo shadowMin �atributo shadowWarning �atributo userAccountControl de AD������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/en@quot.header������������������������������������������������������0000644�0000000�0000000�00000000131�12320753476�016761� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954942.067889374 30 atime=1396954942.067889374 29 ctime=1396954962.52287431 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/en@quot.header�����������������������������������������������������������������������0000644�0024127�0024127�00000002263�12320753476�017212� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# All this catalog "translates" are quotation characters. # The msgids must be ASCII and therefore cannot contain real quotation # characters, only substitutes like grave accent (0x60), apostrophe (0x27) # and double quote (0x22). These substitutes look strange; see # http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html # # This catalog translates grave accent (0x60) and apostrophe (0x27) to # left single quotation mark (U+2018) and right single quotation mark (U+2019). # It also translates pairs of apostrophe (0x27) to # left single quotation mark (U+2018) and right single quotation mark (U+2019) # and pairs of quotation mark (0x22) to # left double quotation mark (U+201C) and right double quotation mark (U+201D). # # When output to an UTF-8 terminal, the quotation characters appear perfectly. # When output to an ISO-8859-1 terminal, the single quotation marks are # transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to # grave/acute accent (by libiconv), and the double quotation marks are # transliterated to 0x22. # When output to an ASCII terminal, the single quotation marks are # transliterated to apostrophes, and the double quotation marks are # transliterated to 0x22. # ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/Makefile.in.in������������������������������������������������������0000644�0000000�0000000�00000000132�12320753476�016647� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954942.025889405 30 atime=1396954960.342875919 30 ctime=1396954962.519874312 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/Makefile.in.in�����������������������������������������������������������������������0000644�0024127�0024127�00000030205�12320753476�017074� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Makefile for PO directory in any package using GNU gettext. # Copyright (C) 1995-1997, 2000-2004 by Ulrich Drepper <drepper@gnu.ai.mit.edu> # # This file can be copied and used freely without restrictions. It can # be used in projects which are not available under the GNU General Public # License but which still want to provide support for the GNU gettext # functionality. # Please note that the actual code of GNU gettext is covered by the GNU # General Public License and is *not* in the public domain. # # Origin: gettext-0.14 PACKAGE = @PACKAGE@ VERSION = @VERSION@ SHELL = /bin/sh @SET_MAKE@ srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ prefix = @prefix@ exec_prefix = @exec_prefix@ datadir = @datadir@ localedir = $(datadir)/locale gettextsrcdir = $(datadir)/gettext/po INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ MKINSTALLDIRS = @MKINSTALLDIRS@ mkinstalldirs = $(SHELL) $(MKINSTALLDIRS) GMSGFMT = @GMSGFMT@ MSGFMT = @MSGFMT@ XGETTEXT = @XGETTEXT@ MSGMERGE = msgmerge MSGMERGE_UPDATE = @MSGMERGE@ --update MSGINIT = msginit MSGCONV = msgconv MSGFILTER = msgfilter POFILES = @POFILES@ GMOFILES = @GMOFILES@ UPDATEPOFILES = @UPDATEPOFILES@ DUMMYPOFILES = @DUMMYPOFILES@ DISTFILES.common = Makefile.in.in remove-potcdate.sin \ $(DISTFILES.common.extra1) $(DISTFILES.common.extra2) $(DISTFILES.common.extra3) DISTFILES = $(DISTFILES.common) Makevars POTFILES.in $(DOMAIN).pot stamp-po \ $(POFILES) $(GMOFILES) \ $(DISTFILES.extra1) $(DISTFILES.extra2) $(DISTFILES.extra3) POTFILES = \ CATALOGS = @CATALOGS@ # Makevars gets inserted here. (Don't remove this line!) .SUFFIXES: .SUFFIXES: .po .gmo .mo .sed .sin .nop .po-create .po-update .po.mo: @echo "$(MSGFMT) -c -o $@ $<"; \ $(MSGFMT) -c -o t-$@ $< && mv t-$@ $@ .po.gmo: @lang=`echo $* | sed -e 's,.*/,,'`; \ test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \ echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics -o $${lang}.gmo $${lang}.po"; \ cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo .sin.sed: sed -e '/^#/d' $< > t-$@ mv t-$@ $@ all: all-@USE_NLS@ all-yes: stamp-po all-no: # stamp-po is a timestamp denoting the last time at which the CATALOGS have # been loosely updated. Its purpose is that when a developer or translator # checks out the package via CVS, and the $(DOMAIN).pot file is not in CVS, # "make" will update the $(DOMAIN).pot and the $(CATALOGS), but subsequent # invocations of "make" will do nothing. This timestamp would not be necessary # if updating the $(CATALOGS) would always touch them; however, the rule for # $(POFILES) has been designed to not touch files that don't need to be # changed. stamp-po: $(srcdir)/$(DOMAIN).pot test -z "$(GMOFILES)" || $(MAKE) $(GMOFILES) @echo "touch stamp-po" @echo timestamp > stamp-poT @mv stamp-poT stamp-po # Note: Target 'all' must not depend on target '$(DOMAIN).pot-update', # otherwise packages like GCC can not be built if only parts of the source # have been downloaded. # This target rebuilds $(DOMAIN).pot; it is an expensive operation. # Note that $(DOMAIN).pot is not touched if it doesn't need to be changed. $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ --add-comments=TRANSLATORS: $(XGETTEXT_OPTIONS) \ --files-from=$(srcdir)/POTFILES.in \ --copyright-holder='$(COPYRIGHT_HOLDER)' \ --msgid-bugs-address='$(MSGID_BUGS_ADDRESS)' test ! -f $(DOMAIN).po || { \ if test -f $(srcdir)/$(DOMAIN).pot; then \ sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \ sed -f remove-potcdate.sed < $(DOMAIN).po > $(DOMAIN).2po && \ if cmp $(DOMAIN).1po $(DOMAIN).2po >/dev/null 2>&1; then \ rm -f $(DOMAIN).1po $(DOMAIN).2po $(DOMAIN).po; \ else \ rm -f $(DOMAIN).1po $(DOMAIN).2po $(srcdir)/$(DOMAIN).pot && \ mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \ fi; \ else \ mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \ fi; \ } # This rule has no dependencies: we don't need to update $(DOMAIN).pot at # every "make" invocation, only create it when it is missing. # Only "make $(DOMAIN).pot-update" or "make dist" will force an update. $(srcdir)/$(DOMAIN).pot: $(MAKE) $(DOMAIN).pot-update # This target rebuilds a PO file if $(DOMAIN).pot has changed. # Note that a PO file is not touched if it doesn't need to be changed. $(POFILES): $(srcdir)/$(DOMAIN).pot @lang=`echo $@ | sed -e 's,.*/,,' -e 's/\.po$$//'`; \ if test -f "$(srcdir)/$${lang}.po"; then \ test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \ echo "$${cdcmd}$(MSGMERGE_UPDATE) $${lang}.po $(DOMAIN).pot"; \ cd $(srcdir) && $(MSGMERGE_UPDATE) $${lang}.po $(DOMAIN).pot; \ else \ $(MAKE) $${lang}.po-create; \ fi install: install-exec install-data install-exec: install-data: install-data-@USE_NLS@ if test "$(PACKAGE)" = "gettext-tools"; then \ $(mkinstalldirs) $(DESTDIR)$(gettextsrcdir); \ for file in $(DISTFILES.common) Makevars.template; do \ $(INSTALL_DATA) $(srcdir)/$$file \ $(DESTDIR)$(gettextsrcdir)/$$file; \ done; \ for file in Makevars; do \ rm -f $(DESTDIR)$(gettextsrcdir)/$$file; \ done; \ else \ : ; \ fi install-data-no: all install-data-yes: all $(mkinstalldirs) $(DESTDIR)$(datadir) @catalogs='$(CATALOGS)'; \ for cat in $$catalogs; do \ cat=`basename $$cat`; \ lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \ dir=$(localedir)/$$lang/LC_MESSAGES; \ $(mkinstalldirs) $(DESTDIR)$$dir; \ if test -r $$cat; then realcat=$$cat; else realcat=$(srcdir)/$$cat; fi; \ $(INSTALL_DATA) $$realcat $(DESTDIR)$$dir/$(DOMAIN).mo; \ echo "installing $$realcat as $(DESTDIR)$$dir/$(DOMAIN).mo"; \ for lc in '' $(EXTRA_LOCALE_CATEGORIES); do \ if test -n "$$lc"; then \ if (cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc 2>/dev/null) | grep ' -> ' >/dev/null; then \ link=`cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc | sed -e 's/^.* -> //'`; \ mv $(DESTDIR)$(localedir)/$$lang/$$lc $(DESTDIR)$(localedir)/$$lang/$$lc.old; \ mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \ (cd $(DESTDIR)$(localedir)/$$lang/$$lc.old && \ for file in *; do \ if test -f $$file; then \ ln -s ../$$link/$$file $(DESTDIR)$(localedir)/$$lang/$$lc/$$file; \ fi; \ done); \ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc.old; \ else \ if test -d $(DESTDIR)$(localedir)/$$lang/$$lc; then \ :; \ else \ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc; \ mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \ fi; \ fi; \ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \ ln -s ../LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo 2>/dev/null || \ ln $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo 2>/dev/null || \ cp -p $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \ echo "installing $$realcat link as $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo"; \ fi; \ done; \ done install-strip: install installdirs: installdirs-exec installdirs-data installdirs-exec: installdirs-data: installdirs-data-@USE_NLS@ if test "$(PACKAGE)" = "gettext-tools"; then \ $(mkinstalldirs) $(DESTDIR)$(gettextsrcdir); \ else \ : ; \ fi installdirs-data-no: installdirs-data-yes: $(mkinstalldirs) $(DESTDIR)$(datadir) @catalogs='$(CATALOGS)'; \ for cat in $$catalogs; do \ cat=`basename $$cat`; \ lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \ dir=$(localedir)/$$lang/LC_MESSAGES; \ $(mkinstalldirs) $(DESTDIR)$$dir; \ for lc in '' $(EXTRA_LOCALE_CATEGORIES); do \ if test -n "$$lc"; then \ if (cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc 2>/dev/null) | grep ' -> ' >/dev/null; then \ link=`cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc | sed -e 's/^.* -> //'`; \ mv $(DESTDIR)$(localedir)/$$lang/$$lc $(DESTDIR)$(localedir)/$$lang/$$lc.old; \ mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \ (cd $(DESTDIR)$(localedir)/$$lang/$$lc.old && \ for file in *; do \ if test -f $$file; then \ ln -s ../$$link/$$file $(DESTDIR)$(localedir)/$$lang/$$lc/$$file; \ fi; \ done); \ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc.old; \ else \ if test -d $(DESTDIR)$(localedir)/$$lang/$$lc; then \ :; \ else \ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc; \ mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \ fi; \ fi; \ fi; \ done; \ done # Define this as empty until I found a useful application. installcheck: uninstall: uninstall-exec uninstall-data uninstall-exec: uninstall-data: uninstall-data-@USE_NLS@ if test "$(PACKAGE)" = "gettext-tools"; then \ for file in $(DISTFILES.common) Makevars.template; do \ rm -f $(DESTDIR)$(gettextsrcdir)/$$file; \ done; \ else \ : ; \ fi uninstall-data-no: uninstall-data-yes: catalogs='$(CATALOGS)'; \ for cat in $$catalogs; do \ cat=`basename $$cat`; \ lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \ for lc in LC_MESSAGES $(EXTRA_LOCALE_CATEGORIES); do \ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \ done; \ done check: all info dvi ps pdf html tags TAGS ctags CTAGS ID: mostlyclean: rm -f remove-potcdate.sed rm -f stamp-poT rm -f core core.* $(DOMAIN).po $(DOMAIN).1po $(DOMAIN).2po *.new.po rm -fr *.o clean: mostlyclean distclean: clean rm -f Makefile Makefile.in POTFILES *.mo maintainer-clean: distclean @echo "This command is intended for maintainers to use;" @echo "it deletes files that may require special tools to rebuild." rm -f stamp-po $(GMOFILES) distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) dist distdir: $(MAKE) update-po @$(MAKE) dist2 # This is a separate target because 'update-po' must be executed before. dist2: $(DISTFILES) dists="$(DISTFILES)"; \ if test "$(PACKAGE)" = "gettext-tools"; then \ dists="$$dists Makevars.template"; \ fi; \ if test -f $(srcdir)/ChangeLog; then \ dists="$$dists ChangeLog"; \ fi; \ for i in 0 1 2 3 4 5 6 7 8 9; do \ if test -f $(srcdir)/ChangeLog.$$i; then \ dists="$$dists ChangeLog.$$i"; \ fi; \ done; \ if test -f $(srcdir)/LINGUAS; then dists="$$dists LINGUAS"; fi; \ for file in $$dists; do \ if test -f $$file; then \ cp -p $$file $(distdir); \ else \ cp -p $(srcdir)/$$file $(distdir); \ fi; \ done update-po: Makefile $(MAKE) $(DOMAIN).pot-update test -z "$(UPDATEPOFILES)" || $(MAKE) $(UPDATEPOFILES) $(MAKE) update-gmo # General rule for creating PO files. .nop.po-create: @lang=`echo $@ | sed -e 's/\.po-create$$//'`; \ echo "File $$lang.po does not exist. If you are a translator, you can create it through 'msginit'." 1>&2; \ exit 1 # General rule for updating PO files. .nop.po-update: @lang=`echo $@ | sed -e 's/\.po-update$$//'`; \ if test "$(PACKAGE)" = "gettext-tools"; then PATH=`pwd`/../src:$$PATH; fi; \ tmpdir=`pwd`; \ echo "$$lang:"; \ test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \ echo "$${cdcmd}$(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$lang.new.po"; \ cd $(srcdir); \ if $(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$tmpdir/$$lang.new.po; then \ if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \ rm -f $$tmpdir/$$lang.new.po; \ else \ if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \ :; \ else \ echo "msgmerge for $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \ exit 1; \ fi; \ fi; \ else \ echo "msgmerge for $$lang.po failed!" 1>&2; \ rm -f $$tmpdir/$$lang.new.po; \ fi $(DUMMYPOFILES): update-gmo: Makefile $(GMOFILES) @: Makefile: Makefile.in.in $(top_builddir)/config.status @POMAKEFILEDEPS@ cd $(top_builddir) \ && CONFIG_FILES=$(subdir)/$@.in CONFIG_HEADERS= \ $(SHELL) ./config.status force: # Tell versions [3.59,3.63) of GNU make not to export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/es.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015140� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954961.911874761 30 ctime=1396954962.531874303 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/es.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000163313�12320753107�015371� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Adolfo Jayme Barrientos <fitoschido@ubuntu.com>, 2012 # Adolfo Jayme Barrientos <fitoschido@ubuntu.com>, 2012 # Daniel Cabrera <logan@fedoraproject.org>, 2011 # vareli <ehespinosa@ya.com>, 2013 # Daniel Cabrera <logan@fedoraproject.org>, 2011 # Hugo Jiménez Hernández <hjimenezhdez@gmail.com>, 2011 # sgallagh <sgallagh@redhat.com>, 2011 # sgallagh <sgallagh@redhat.com>, 2011 # vareli <ehespinosa@ya.com>, 2013 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Spanish (http://www.transifex.com/projects/p/fedora/language/" "es/)\n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "Establece el nivel de detalle del registro de depuración" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "Incluir la marca de tiempo en los registros de depuración" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" "Incluir microsegundos en la marca de tiempo en los registros de depuración" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "Escribir los mensajes de depuración a archivos log" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "Tiempo máximo de ping antes de reiniciar el servicio" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "Comando para iniciar el servicio" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "" "Número de veces que debe intentar la conexión con los Proveedores de Datos" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "Servicios SSSD a iniciar" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "Dominios SSSD a iniciar" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "Tiempo máximo para los mensajes enviados a través de SBUS" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "" "Expresión regular para analizar sintácticamente el nombre de usuario y " "dominio" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "" "Formato compatible con printf para mostrar nombres completamente calificados" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "Directorio en el sistema de archivos donde SSSD debería guardar fichero de " "reproducción de cache de Kerberos." #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "Tiempo máximo (segundos) del caché de enumeración" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" "Tiempo máximo (segundos) de la entrada de caché a actualizar en segundo plano" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "Tiempo máximo negativo del cache (segundos)" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "Usuarios que deben ser explícitamente ignorados por SSSD" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "Grupos que deben ser explícitamente ignorados por SSSD" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "Deben aparecer los usuarios filtrados en los grupos" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "El valor del campo contraseña que el proveedor NSS debe devolver" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" "Sustituye valores del directorio personal del proveedor de la identidad con " "este valor" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "Lista de los usuarios de consola habilitados para registrarse" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" "Lista de consolas que serán vetadas, y reemplazadas por la consola de reserva" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" "Si una consola almacenada en el directorio central es permitida pero no se " "encuentra disponible, utilice esta de reserva" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" "Por cuánto tiempo permitir ingresos cacheados entre ingresos en línea (días)" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "" "Cuantos intentos de ingreso fallidos se permiten cuando está desconectado" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" "Cuántos minutos se denegará el ingreso después de que se alcance el máximo " "de ingresos fallidos offline_failed_login_attempts" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "Que clase de mensajes se muestran al usuario durante la autenticación" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" "Cuanto segundos se mantendrá la información de identidad almacenada para " "solicitudes de PAM" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "Cuanto días se debe mostrar un aviso de expiración de contraseña" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "Ya sea para evaluar los atributos basados en el tiempo en reglas sudo" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Proveedor de identidad" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Proveedor de Autenticación" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "Proveedor de control de acceso" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "Proveedor de cambio de contraseña" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "Proveedor de SUDO" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "Proveedor de Autofs" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "Suministrador de carga de sesión" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "Suministrador de identidad de host" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "ID mínimo de usuario" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "ID máximo de usuario" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "Habilitar la enumeración de todos los usuarios/grupos" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "Hacer caché de las credenciales para ingresos fuera de línea" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "Guardar los hashes de la contraseña" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "Mostrar los usuarios/grupos en un formato completamente calificado" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "Tiempo máximo de una entrada del caché (segundos)" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Restringir o preferir una familia de direcciones específica, cuando se " "realicen búsquedas DNS" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "Por cuánto tiempo permitir ingresos cacheados luego del último (días)" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" "Cantidad de tiempo (en segundos) a esperar respuestas desde DNS cuando se " "estén resolviendo servidores" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "La sección del dominio de la consulta para descubrir servicios DNS" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "Sustituye valor GID del proveedor de la identidad con este valor" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "Trate al nombre de usuario con mayúsculas y minúsculas" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "La interfaz cuya IP debería ser utilizada para actualizaciones DNS " "automáticas" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "Dominio IPA" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "Dirección del servidor IPA" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "Nombre de equipo del cliente IPA" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Si actualizar o no en forma automática la entrada DNS del cliente en FreeIPA" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "Búsqueda base para objetos HBAC" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" "Cantidad de tiempo entre búsquedas de reglas HBAC contra el servidor IPA" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" "Si se encuentran presentes reglas de negación (DENY) o bien se niega todo " "(DENY_ALL) o se ignora (IGNORE)" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Si se lo define en 'false', será ignorado el argumento de equipo ofrecido " "por PAM" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "La ubicación de montaje automático que este cliente de IPA está usando" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Dirección del servidor Kerberos" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Reinado Kerberos" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "Expiración de la autenticación" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "Directorio donde almacenar las credenciales cacheadas" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "Ubicación del caché de credenciales del usuario" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "Ubicación de la tabla de claves para validar las credenciales" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "Habilitar la validación de credenciales" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" "Si se encuentra desconectado, almacena contraseñas para más tarde realizar " "una autenticación en línea" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "ciclo de vida renovable del TGT" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "ciclo de vida del TGT" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "tiempo entre dos comprobaciones para renovación " #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "Habilita FAST" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "Selecciona el principal para su uso por FAST" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "Habilita canonicalización principal" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" "El servidor en donde está ejecutándose el servicio de modificación de " "contraseña, en caso de no ser KDC. " #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, El URI del servidor LDAP" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "DN base predeterminado" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "El DN Bind predeterminado" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "El tipo del token de autenticación del DN bind predeterminado" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "El token de autenticación del DN bind predeterminado" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "Tiempo durante el que se intentará la conexión" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "Use solo el caso superior para nombres reales" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "Archivo que contiene los certificados CA" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "Ruta hacia un directorio certificado CA" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "Fichero que contiene el certificado de cliente" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "Fichero que contiene la llave de cliente" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "Lista de posibles suites de cifrado" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "Requiere la verificación de certificado TLS" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "Especificar el mecanismo sasl a usar" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "Especifique el id de autorización sasl a usar" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "Especifica el reinado de autorización sasl a ser utilizado" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Especificar los SSF mínimos para autorizaciones sasl de LDAP" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "Tabla de clave del servicio Kerberos" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "Usar auth Kerberos para la conexión LDAP" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "Seguir referencias LDAP" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "Período de vida del TGT para la conexión LDAP" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "Como eliminar aliases" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "Nombre de servicio para busquedas de servicios DNS" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "La cantidad de registros a ser obtenidos en una única consulta LDAP" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "La cantidad de miembros que deben faltar para desencadenar una deref completa" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" "Si la Biblioteca LDAP debería realizar una búsqueda inversa para " "canonicalizar el nombre del host durante un enlace SASL" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "atributo entryUSN" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "atributo lastUSN" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" "El período de tiempo máximo para retener una conexión con el servidor LDAP " "antes de desconectar" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "Deshabilita el control de paginación LDAP" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "Tiempo máximo a esperar un pedido de búsqueda" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "periodo de espera para solicitud de enumeración" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "Tiempo en segundos entre las actualizaciones de enumeración" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "periodo de tiempo entre borrados de la caché" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "Requiere TLS para búsquedas de ID" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "DN base para búsquedas de usuario" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "Ambito de las búsquedas del usuario" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "Filtro para las búsquedas del usuario" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "Objectclass para los usuarios" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "Atributo Username" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "Atributo UID" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "Atributo GID primario" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "Atributo GECOS" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "Atributo Directorio de inicio" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "Atributo shell" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "Atributo UUID" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "Atributo principal del usuario (para Kerberos) " #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Nombre completo" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "Atributo memberOf" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "Atributo hora de modificación" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "atributo shadowLastChange" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "atributo shadowMin " #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "atributo shadowMax" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "atributo shadowWarning " #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "atributo shadowInactive " #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "atributo shadowExpire" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "atributo shadowFlag " #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "listado de atributos de servicios PAM autorizados" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "Atributo de listado de equipos de servidor autorizados" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "atributo krbLastPwdChange " #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "atributo krbPasswordExpiration " #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" "atributo indicando que las políticas de contraseña del lado del servidor " "están activas" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "atributo accountExpires de AD" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "atributo userAccountControl de AD" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "atributo nsAccountLock " #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "loginDisabled atributo de NDS" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "loginExpirationTime atributo de NDS" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "loginAllowedTimeMap atributo de NDS" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "Atributo de clave pública SSH" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "DN base para busqueda de grupos" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "clase objeto para" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "Nombre del grupo" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "Contraseña del grupo" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "Atributo GID" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "Atributo de miembro del grupo" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "Atributo de UUID del grupo" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "Atributo de modificación de tiempo para los grupos" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "A continuación, nivel SSSD de anidado máximo" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "DN base para búsquedas de grupos de red" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "Clases de objetos para grupos de red" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "Nombre de grupo de red" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "Atributo de miembros de grupos de red" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "Atributo triple de grupo de red" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "Atributo UUID de miembro de red" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "Atributo de modificación de tiempo para grupos de red" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "Base DN para servicio de búsquedas" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "Clase de objeto para servicio" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "Atributo de nombre de servicio" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "Atributo de puerto de servicio" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "Atributo de protocolo de servidor" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "Política para evaluar el vencimiento de la contraseña" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "Filtro LDAP para determinar privilegios de acceso" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Los atributos que deberán ser utilizados para evaluar si una cuenta ha " "expirado" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "Las reglas que deberían ser utilizadas para evaluar control de acceso" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" "URI de un servidor LDAP donde se permite la modificación de contraseñas" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" "Nombre del servicio DNS para el servidor de modificación de contraseñas LDAP" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "Base DN para búsquedas de reglas sudo" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "Objeto clase para reglas sudo" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "Nombre de regla sudo" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "Atributo de regla de comando sudo" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "Atributo de la regla host de sudo" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "Atributo de la regla usuario de sudo" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "Atributo de la regla opción de sudo" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "Atributo de la regla suda runasuser" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "Atributo de regla runasgroup de sudo" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "Atributo de regla notbefore de sudo" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "Atributo de regla noafter de sudo" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "Atributo de regla orden de sudo" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "Objeto clase para mapas automontador" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "Atributo de nombre de mapa de automontador" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "Objeto clase para entradas de mapa de automontador" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "Atributo de clave de entrada para mapa de automontador" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "Atributo de valor de entrada para mapa de automontador" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "Base DN para búsquedas de mapa de automontador" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "Lista separada por comas de usuarios autorizados" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "Lista separada por comas de usuarios prohibidos" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Shell predeterminado, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "Base de los directorios de inicio" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "Nombre de la biblioteca NSS a usar" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "Pila PAM a usar" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "Convertirse en demonio (predeterminado)" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "Ejecutarse en forma interactiva (no un demonio)" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "Indicar un archivo de configuración diferente al predeterminado" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "Muestra el número de versión y finaliza" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "Nive de depuración" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "Agregar marcas de tiempo de depuración" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "Mostrar marcas de tiempo con microsegundos" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "Un arhivo abierto de descriptor para los registros de depuración" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "Dominio del proveedor de información (obligatorio)" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "El zócalo privilegiado posee permisos o pertenencia equivocados." #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "El zócalo público posee permisos o pertenencia equivocados." #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "Formato no esperado del mensaje de la credencial del servidor." #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "SSSD no está siendo ejecutado por el usuario root." #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "Ha ocurrido un error, pero no se ha podido encontrar una descripción." #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" "Ha ocurrido un error no esperado mientras se buscaba la descripción del error" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "Las contraseñas no coinciden" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "No existe soporte para reseteado de la contraseña por el usuario root." #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "Autenticado mediante credenciales cacheada" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr ", su contraseña cacheada vencerá el:" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "La autenticación ha sido denegada hasta:" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "El sistema está fuera de línea, no se puede cambiar la contraseña" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "Falló el cambio de contraseña." #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "Mensaje del servidor:" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Nueva contraseña: " #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Reingrese la contraseña nueva:" #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Contraseña: " #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Contraseña actual: " #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "La contraseña ha expirado. Modifíquela en este preciso momento." #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "Nivel de depuración en que se debe ejecutar" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "El dominio SSSD a usar" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "Error al poner la región\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "Nos hay suficiente memoria\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "Usuario no especificado\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "Error buscando claves públicas\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "El puerto a usar para conectar al host" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "Host no especificado\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "La ruta al comando proxy debe ser absoluta\n" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "El UID del usuario" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "La cadena de comentarios" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Directorio de inicio" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Shell de ingreso" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Grupos" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Crear el directorio del usuario si no existe" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "" "La opción de nunca crear el directorio del usuario, anula la configurada" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "Debe especificar un directorio esqueleto alternativo" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "El usuario de SELinux para el registro del usuario" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "Especifica el grupo a ser añadido\n" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "Especifique el usuario a agregar\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "Error al inicializar las herramientas - no hay dominio local\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "Error al inicializar las herramientas\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "Dominio inválido especificado en FQDN\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "Error interno al analizar sintácticamente los parámetros.\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "Los grupos deben estar en el mismo dominio que el usuario\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "No se pudieron establecer los valores predeterminados\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "El UID seleccionado está fuera del rango permitido\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "No es posible definir contexto de registro de SELinux\n" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "No se pudo obtener información del usuario\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "El directorio de inicio del usuario ya existe, no copiar datos desde el " "esqueleto\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "No se pudo asignar el ID para el usuario - ¿el dominio estará lleno?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "Ya existe un usuario o grupo con el mismo nombre o ID\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "Error en la transacción. No se pudo agregar el usuario.\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "El GID del grupo" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "Especifique el grupo a agregar\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "El GID elegido está fuera del rango permitido\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "No se pudo asignar el ID para el grupo - ¿el dominio estará lleno?\n" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "Ya existe un grupo con el mismo nombre o GID\n" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "Error en la transacción. No se pudo agregar el grupo.\n" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "Especifique el grupo a borrar\n" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" "No existe tal grupo en el dominio local. Eliminando los grupos que sólo se " "permiten en el dominio local.\n" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "Error interno. No se pudo eliminar el grupo.\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "Grupos a los que se debe agregar este grupo" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "Grupos desde los que se debe eliminar este grupo" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "Especifica el grupo a ser eliminado de\n" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "Especifique el grupo a modificar\n" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" "No se pudo encontrar el grupo en el dominio local, la modificación de grupos " "se permite sólo en el dominio local\n" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" "Los grupos miembro deben estar en el mismo dominio que el grupo padre\n" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" "No se pudo modificar el grupo - verifique si los nombre de grupo miembro son " "los correctos\n" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" "No se pudo modificar el grupo - verifique si el nombre de grupo es correcto\n" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "Error de transacción. No se pudo modificar el grupo.\n" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "Magia privada" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "Imprime miembros de grupo indirecto en forma recursiva" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "Especifica el grupo a mostrar\n" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" "No existe tal grupo en el dominio local. Imprimir los grupos está permitido " "únicamente en el dominio local.\n" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "Error interno. No se pudo imprimir el grupo.\n" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "Eliminar el directorio de inicio y el receptor de correo" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "No eliminar el directorio de inicio y el receptor de correo" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "Forzar la eliminación de los archivos que no pertenecen al usuario" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "Finaliza los procesos del usuario antes de eliminarlo" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "Especifique el usuario a borrar\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "No es posible reiniciar contexto de registro de SELinux\n" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" "No es posible determinar si el usuario estaba registrado en esta plataforma" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "Error mientras se verificaba si el usuario se encontraba registrado\n" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "No eliminando el directorio de inicio - no pertenece al usuario\n" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" "No existe ese usuario en el dominio local. La eliminación de usuarios se " "permite en el dominio local.\n" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "Error interno. No se pudo eliminar el usuario.\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "El GID del Usuario" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "Grupos a los que se debe agregar este usuario" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "Grupos desde los que hay que eliminar este usuario" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Bloquear la cuenta" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Desbloquear la cuenta" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "Especifique el usuario a modificar\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" "No se pudo encontrar el usuario en el dominio local, la modificación de los " "usuarios se permite solamente en el dominio local\n" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" "No se pudo modificar el usuario - verifique si los nombres de grupo son " "correctos\n" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" "No se pudo modificar el usuario - ¿no será ya miembro de esos grupos?\n" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "Error de transacción. No se pudo modificar el usuario.\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "Usuario particular invalidado" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "Todos los usuarios invalidados" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "Falta memoria\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "Envia el resultado de la depuración hacia archivos en lugar de stderr" ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/tr.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015156� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954962.208874541 30 ctime=1396954962.546874292 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/tr.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000126224�12320753107�015407� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Necdet Yücel <necdetyucel@gmail.com>, 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Turkish (http://www.transifex.com/projects/p/fedora/language/" "tr/)\n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "Servis başlatma komutu" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "En az kullanıcı ID'si" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "En fazla kullanıcı ID'si" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "IPA alanı" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Kerberos sunucu adresi" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "" #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr "" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "" #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "" #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "" #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "" #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "" #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "" ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/hu.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015145� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954961.961874724 30 ctime=1396954962.533874301 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/hu.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000133217�12320753107�015376� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # ptr <ptr@ulx.hu>, 2013 # ptr <ptr@ulx.hu>, 2011,2013 # ptr <ptr@ulx.hu>, 2011 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Hungarian (http://www.transifex.com/projects/p/fedora/" "language/hu/)\n" "Language: hu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "Elindítandó SSSD szolgáltatások" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "SSSD által figyelmen kívül hagyott felhasználók" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "SSSD által figyelmen kívül hagyott csoportok" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "Hány sikertelen bejelentkezés engedélyezett offline állapotban" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Azonosító-kiszolgáló" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "Legkisebb felhasználói azonosító" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "Legnagyobb felhasználói azonosító" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "Azonosítók gyorsítótárazása offline használathoz" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "Jelszó hash-ek tárolása" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "Bejegyzés-gyorsítótár érvényessége (másodperc)" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "IPA-tartomány" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "IPA kiszolgáló címe" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "IPA kliens hosztneve" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Kerberos-kiszolgáló címe" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Kerberos-tartomány" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "Időtúllépés azonosításkor" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, az LDAP szerver URI-ja" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "Alapértelmezett LDAP alap-DN-je" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Az LDAP szerveren használt séma-típus, rfc2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "Az alapértelmezett bind DN" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "A kapcsolódási próbálkozás időtartama" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "A CA tanusítványokat tartalmazó fájl" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "TLS tanusítvány ellenőrzése" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "TLS megkövetelése ID keresésekor" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "GECOS attribútum" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "Shell attribútum" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "UUID attribútum" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Teljes név" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "memberOf attribútum" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "Csoport neve" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "Csoport jelszava" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Alapértelmezett shell, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "Időbélyegek a hibakeresési kimenetben" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "Mikroszekundum pontosságú időbélyegek" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "Az SSSD nem root-ként fut." #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "Hiba lépett fel, de nem érhetőek el részletek." #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "A jelszavak nem egyeznek" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "A jelszó root általi visszaállítása nem támogatott." #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "Azonosítva gyorsítótárazott adatbázisból" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr ", a gyorsítótárazott jelszó lejár ekkor: " #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "A bejelentkezés tiltott eddig:" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "A rendszer nem érhető el, a jelszó megváltoztatása nem lehetséges" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "A jelszó megváltoztatása nem sikerült." #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "Szerver üzenete:" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Új jelszó:" #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Jelszó mégegyszer: " #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Jelszó: " #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Jelenlegi jelszó:" #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "A jelszava lejárt, változtass meg most." #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "A felhasználó UID-je" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Saját könyvtár" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Bejelentkező shell" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Csoportok" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Felhasználó könyvtárának létrehozása, ha nem létezik" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "Ne hozza létre a felhasználó könyvtárát" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "Nem lehet beállítani az alapértékeket\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "A megadott UID kívül esik a megengedett tartományon\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "Nem áll rendelkezésre információ a felhasználóról\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "A felhasználó könyvtára már létezik, a skel könyvtár tartalmát nem másolom " "bele\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "Tranzakcióhiba történt, nem lehetett létrehozni a felhasználót.\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "A csoport GID-je" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "Ne törölje a saját könyvtárat és a helyi levelezést" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "Nem a felhasználó tulajdonában lévő fájlok törlése" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "Felhasználó programjainak kilövése az eltávolítás előtt" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "Adja meg a törlendő felhasználót\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "Belső hiba történt, nem lehetett eltávolítani a felhasználót.\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "Felhasználó GID-je" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "Felhasználó hozzáadása a következő csoportokhoz" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Fiók zárolása" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Fiók feloldása" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "Adja meg a módosítandó felhasználót\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "Tranzakcióhiba történt, a felhasználó nem módosítható.\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "Elfogyott a memória\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "" ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/id.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015125� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954961.981874709 30 ctime=1396954962.534874301 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/id.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000136273�12320753107�015363� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Indonesian (http://www.transifex.com/projects/p/fedora/" "language/id/)\n" "Language: id\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "Mengatur verbosity dari pencatatan debug" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "Sertakan cap waktu di pencatatan debug" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "Menulis pesan debug ke berkas log" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "Perintah untuk memulai layanan" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "Jumlah usaha yang dilakukan untuk mencoba koneksi ke Penyedia Data" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "Layanan SSSD akan dijalankan" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "Domain SSSD akan dijalankan" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "Pengguna yang diabaikan secara eksplisit oleh SSSD" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "Grup yang diabaikan secara eksplisit oleh SSSD" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "Haruskah pengguna yang disaring muncul dalam grup" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "Nilai kolom kata sandi yang harus dikembalikan oleh penyedia NSS" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Penyedia identitas" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Penyedia otentikasi" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "Penyedia kontrol akses" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "Penyedia pengubah kata sandi" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "ID pengguna minimum" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "ID pengguna maksimum" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "Domain IPA" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "Alamat server IPA" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "Nama host klien IPA" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Alamat server Kerberos" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Realm Kerberos" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI server LDAP" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "Lamanya waktu untuk mencoba koneksi" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "Membutuhkan verifikasi sertifikat TLS" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "Tentukan mekanisme sasl yang digunakan" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "Tentukan id otorisasi sasl yang digunakan" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "Keytab layanan Kerberos" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "Lingkup pencarian pengguna" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "Filter pencarian pengguna" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "Objectclass untuk pengguna" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "Atribut Nama pengguna" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "Atribut UID" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "Atribut GID Primer" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "Atribut GECOS" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "Atribut direktori Home" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "Atribut Shell" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "Atribut UUID" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "Atribut utama pengguna (untuk Kerberos)" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Nama Lengkap" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "Atribut memberOf" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "Atribut waktu modifikasi" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Shell default, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "" #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "Kata sandi tidak cocok" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr "" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "Sistem sedang luring, perubahan kata sandi tidak dimungkinkan" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "Perubahan kata sandi gagal." #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "Pesan server:" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Kata Sandi Baru: " #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Masukkan lagi kata sandi baru:" #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Kata sandi:" #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Kata sandi saat ini:" #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "UID dari pengguna" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "String komentar" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Direktori Home" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Shell login" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Grup" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Buat direktori pengguna jika tidak ada" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "Jangan pernah buat direktori pengguna, timpa konfigurasi" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "Tentukan direktori kerangka alternatif" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "Tentukan pengguna untuk ditambahkan\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "Gagal saat menginisialisasi perkakas\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "Domain yang ditentukan dalam FQDN tidak valid\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "Terjadi kesalahan internal ketika mengurai parameter\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "Grup harus berada dalam domain yang sama dengan pengguna\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "Tidak dapat menetapkan nilai default\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "UID yang dipilih berada di luar rentang yang diizinkan\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "Tidak bisa mendapatkan info tentang pengguna\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "Direktori home milik pengguna sudah ada, tidak menyalin data dari skeldir\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "Tidak dapat mengalokasikan ID untuk pengguna - domain penuh?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "Pengguna atau grup dengan nama atau ID yang sama sudah ada\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "Kesalahan transaksi. Tidak dapat menambahkan pengguna.\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "GID grup" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "Tentukan grup untuk ditambahkan\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "GID yang dipilih berada di luar rentang yang diizinkan\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "Tidak dapat mengalokasikan ID untuk grup - domain penuh?\n" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "Grup dengan nama atau GID yang sama sudah ada\n" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "Kesalahan transaksi. Tidak dapat menambahkan grup.\n" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" "Tidak ada grup seperti itu di domain lokal. Menghapus grup hanya " "diperbolehkan dalam domain lokal.\n" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "Kesalahan internal. Tidak dapat menghapus grup.\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "Tentukan grup untuk dimodifikasi\n" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" "Tidak dapat menemukan grup di domain lokal, memodifikasi grup hanya " "diperbolehkan dalam domain lokal\n" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" "Anggota kelompok harus berada dalam domain yang sama sebagaimana kelompok " "induknya\n" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" "Tidak bisa memodifikasi grup - periksa apakah nama grup anggota sudah benar\n" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "Tidak bisa memodifikasi grup - periksa apakah groupname sudah benar\n" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "Kesalahan transaksi. Tidak bisa memodifikasi grup.\n" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "Hapus direktori home, dan spool mail" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "Jangan hapus direktori home dan spool mail" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "Paksa penghapusan berkas yang tidak dimiliki oleh pengguna" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "Tentukan pengguna yang akan dihapus\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "Tidak menghapus home dir - tidak dimiliki oleh pengguna\n" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" "Tidak ada pengguna seperti itu di domain lokal. Menghapus pengguna hanya " "diperbolehkan dalam domain lokal.\n" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "Kesalahan internal. Tidak dapat menghapus pengguna.\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "GID pengguna" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "Pengguna ini akan ditambahkan ke grup" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "Pengguna ini akan dihapus dari grup" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Kunci akun" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Buka kunci akun" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "Tentukan pengguna untuk dimodifikasi\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" "Tidak dapat menemukan pengguna dalam domain lokal, memodifikasi pengguna " "hanya diperbolehkan dalam domain lokal\n" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" "Tidak bisa memodifikasi pengguna - periksa apakah nama grup sudah benar\n" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" "Tidak bisa memodifikasi pengguna - pengguna sudah menjadi anggota kelompok?\n" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "Kesalahan transaksi. Pengguna tidak dapat dimodifikasi.\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "Kehabisan memori\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "" �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/ja.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015123� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954962.026874676 30 ctime=1396954962.536874299 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/ja.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000203260�12320753107�015350� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: Tomoyuki KATO <tomo@dream.daynight.jp>\n" "Language-Team: Japanese (http://www.transifex.com/projects/p/fedora/language/" "ja/)\n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "デバッグのロギングの冗長性を設定する" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "デバッグログにタイムスタンプを含める" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "デバッグログにミリ秒単位のタイムスタンプを含める" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "デバッグメッセージをログファイルに書き込む" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "サービス再起動前の Ping タイムアウト" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "3 回 の ping チェック失敗とサービスの強制停止のタイムアウト間隔" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "サービス開始のコマンド" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "データプロバイダーの接続を試行する回数" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "このレスポンダーににより開かれるファイル記述子の数" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "クライアントの自動切断までのアイドル時間" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "開始する SSSD サービス" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "開始する SSSD ドメイン" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "SBUS 経由のメッセージ送信のタイムアウト" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "ユーザー名とドメインを構文解析する正規表現" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "完全修飾名を表示するための printf 互換の形式" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ" "クトリです。" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "domain 要素なしで追加するドメインの名前。" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "列挙キャッシュのタイムアウト(秒)" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "エントリーキャッシュのバックグラウンド更新のタイムアウト時間(秒)" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "ネガティブキャッシュのタイムアウト(秒)" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "SSSD が明示的に無視するユーザー" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "SSSD が明示的に無視するグループ" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "フィルターされたユーザーをグループに表示する" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "NSS プロバイダーが返すパスワード項目の値" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "識別プロバイダーからのホームディレクトリーの値をこの値で上書きする" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" "アイデンティティプロバイダーからの空のホームディレクトリーをこの値で置き換え" "ます" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "アイデンティティプロバイダーからのシェル値をこの値で上書きします" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "ユーザーがログインを許可されるシェルの一覧" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "拒否されてフォールバックシェルで置き換えられるシェルの一覧" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" "中央ディレクトリーに保存されたシェルが許可されるが、利用できない場合、この" "フォールバックを使用する" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "プロバイダーが一覧に持っていないとき使用するシェル" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "メモリー内のキャッシュレコードが有効な期間" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "オンラインログイン中にキャッシュによるログインが許容される期間(日数)" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "オフラインのときに許容されるログイン試行失敗回数" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "offline_failed_login_attempts に達した後にログインを拒否する時間(分)" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "認証中にユーザーに表示されるメッセージの種類" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "PAM 要求に対してキャッシュされた認証情報を保持する秒数" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "警告が表示されるパスワード失効前の日数" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "sudo ルールにおいて時間による属性を評価するかどうか" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "known_hosts ファイルにおいてホスト名とアドレスをハッシュ化するかどうか" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "ホスト鍵が要求された後 known_hosts ファイルにホストを保持する秒数" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "PAC レスポンダーへのアクセスが許可された UID またはユーザー名の一覧" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "アイデンティティプロバイダー" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "認証プロバイダー" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "アクセス制御プロバイダー" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "パスワード変更プロバイダー" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "SUDO プロバイダー" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "Autofs プロバイダー" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "セッション読み込みプロバイダー" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "ホスト識別プロバイダー" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "最小ユーザー ID" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "最大ユーザー ID" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "すべてのユーザー・グループの列挙を有効にする" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "オフラインログインのためにクレディンシャルをキャッシュする" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "パスワードハッシュを保存する" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "ユーザー・グループを完全修飾形式で表示する" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "グループ検索にグループメンバーを含めない" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "エントリーキャッシュのタイムアウト長(秒)" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "DNS 検索を実行するときに特定のアドレスファミリーを制限または優先します" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "最終ログイン成功時からキャッシュエントリーを保持する日数" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "サーバーを名前解決するときに DNS から応答を待つ時間(秒)" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "サービス検索 DNS クエリーのドメイン部分" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "識別プロバイダーからの GID 値をこの値で上書きする" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "ユーザー名が大文字小文字を区別するよう取り扱う" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "期限切れのエントリーがバックグラウンドで更新される頻度" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "自動的にクライアントの DNS エントリーを更新するかどうか" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "クライアントの DNS 項目を更新後、適用する TTL" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "動的 DNS 更新のために使用される IP のインターフェース" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "どのくらい定期的にクライアントの DNS エントリーを更新するか" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" "プロバイダーが同じように PTR レコードを明示的に更新する必要があるかどうか" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "nsupdate ユーティリティが標準で TCP を使用するかどうか" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "DNS 更新を実行するために使用すべき認証の種類" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 #, fuzzy msgid "How often should subdomains list be refreshed" msgstr "期限切れのエントリーがバックグラウンドで更新される頻度" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "IPA ドメイン" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "IPA サーバーのアドレス" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "バックアップ IPA サーバーのアドレス" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "IPA クライアントのホスト名" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "FreeIPA にあるクライアントの DNS エントリーを自動的に更新するかどうか" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "HBAC 関連オブジェクトの検索ベース" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "IPA サーバーに対する HBAC ルールを検索している間の合計時間" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単位の合計時間" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "DENY ルールが存在すると、DENY_ALL または IGNORE です" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "もし偽に設定されていると、 PAM により渡されたホスト引数は無視されます" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "この IPA クライアントが使用している automounter の場所" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "IPA ドメインに関する情報を含むオブジェクトに対する検索ベース" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "ID 範囲に関する情報を含むオブジェクトに対する検索ベース" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "DNS サイトの有効化 - 位置にサービス探索" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "Active Directory ドメイン" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "Active Directory サーバーアドレス" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "Active Directory バックアップサーバーのアドレス" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "Active Directory クライアントホスト名" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Kerberos サーバーのアドレス" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "Kerberos バックアップサーバーのアドレス" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Kerberos レルム" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "認証のタイムアウト" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "kdcinfo ファイルを作成するかどうか" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "クレディンシャルのキャッシュを保存するディレクトリー" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "ユーザーのクレディンシャルキャッシュの位置" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "クレディンシャルを検証するキーテーブルの場所" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "クレディンシャルの検証を有効にする" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "後からオンライン認証するためにオフラインの場合にパスワードを保存します" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "更新可能な TGT の有効期間" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "TGT の有効期間" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "更新を確認する間隔" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "FAST を有効にする" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "FAST に使用するプリンシパルを選択する" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "プリンシパル正規化を有効にする" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "エンタープライズ・プリンシパルの有効化" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, LDAP サーバーの URI" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, LDAP サーバーの URI" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "デフォルトのベース DN" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "LDAP サーバーにおいて使用中のスキーマ形式, rfc2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "デフォルトのバインド DN" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "デフォルトのバインド DN の認証トークンの種類" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "デフォルトのバインド DN の認証トークン" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "接続を試行する時間" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "LDAP 同期操作を試行する時間" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "オフラインの間に再接続を試行する時間" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "レルム名に対して大文字のみを使用する" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "CA 証明書を含むファイル" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "CA 証明書のディレクトリーのパス" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "クライアント証明書を含むファイル" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "クライアントの鍵を含むファイル" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "利用可能な暗号の一覧" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "TLS 証明書の検証を要求する" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "使用する SASL メカニズムを指定する" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "使用する SASL 認可 ID を指定する" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "使用する SASL 認可レルムを指定する" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "LDAP SASL 認可の最小 SSF を指定する" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "Kerberos サービスのキーテーブル" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "LDAP 接続に対して Kerberos 認証を使用する" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "LDAP リフェラルにしたがう" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "LDAP 接続の TGT の有効期間" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "エイリアスを参照解決する方法" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "DNS サービス検索のサービス名" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "単一の LDAP 問い合わせにおいて取得するレコード数" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" "LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実行す" "るかどうか" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "entryUSN 属性" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "lastUSN 属性" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "LDAP サーバーを切断する前に接続を保持する時間" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "LDAP ページング制御を無効化する" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "Active Directory 範囲の取得の無効化" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "検索要求を待つ時間" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "列挙の要求を待つ時間" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "列挙の更新間隔" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "キャッシュをクリーンアップする間隔" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "ID 検索に TLS を要求する" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "事前設定済み ID の代わりに objectSID の ID マッピングを使用します" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "ユーザー検索のベース DN" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "ユーザー検索の範囲" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "ユーザー検索のフィルター" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "ユーザーのオブジェクトクラス" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "ユーザー名の属性" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "UID の属性" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "プライマリー GID の属性" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "GECOS の属性" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "ホームディレクトリの属性" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "シェルの属性" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "UUID の属性" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "objectSID 属性" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "ID マッピングの Active Directory プライマリーグループ属性" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "ユーザープリンシパルの属性(Kerberos 用)" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "氏名" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "memberOf 属性" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "変更日時の属性" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "shadowLastChange 属性" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "shadowMin 属性" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "shadowMax 属性" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "shadowWarning 属性" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "shadowInactive 属性" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "shadowExpire 属性" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "shadowFlag 属性" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "認可された PAM サービスを一覧化する属性" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "認可されたサーバーホストを一覧化する属性" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange 属性" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration 属性" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "サーバー側パスワードポリシーが有効であることを意味する属性" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "AD の accountExpires 属性" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "AD の userAccountControl 属性" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "nsAccountLock 属性" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "NDS の loginDisabled 属性" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "NDS の loginExpirationTime 属性" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "NDS の loginAllowedTimeMap 属性" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "SSH 公開鍵の属性" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "グループ検索のベース DN" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "グループのオブジェクトクラス" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "グループ名" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "グループのパスワード" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "GID 属性" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "グループメンバー属性" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "グループ UUID 属性" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "グループの変更日時の属性" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "SSSd がしたがう最大入れ子レベル" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "ネットグループ検索のベース DN" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "ネットグループのオブジェクトクラス" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "ネットグループ名" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "ネットグループメンバーの属性" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "ネットグループの三つ組の属性" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "ネットグループ UUID の属性" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "ネットグループの変更日時の属性" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "サービス検索のベース DN" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "サービスのオブジェクトクラス" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "サービス名の属性" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "サービスポートの属性" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "サービスプロトコルの属性" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "ID マッピングの下限" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "ID マッピングの上限" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "ID マッピングするとき、各スライスに対する ID の数" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "ID マッピングに対する autorid 互換アルゴリズムを使用します" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "ID マッピングに対するデフォルトドメインの名前" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "ID マッピングに対するデフォルトドメインの SID" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "グループ検索のために LDAP_MATCHING_RULE_IN_CHAIN を使用します" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "初期グループの検索のために LDAP_MATCHING_RULE_IN_CHAIN を使用します" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "LDAP サーバーから許可される ID の下限の設定" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "LDAP サーバーから許可される ID の上限の設定" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "パスワード失効の評価のポリシー" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "アクセス権限を決めるための LDAP フィルター" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "どのルールがアクセス制御を評価するために使用されるか" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "パスワードの変更が許可される LDAP サーバーの URI" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "パスワードの変更が許可されるバックアップ LDAP サーバーの URI" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "LDAP パスワードの変更サーバーの DNS サービス名" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "sudo ルール検索のベース DN" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "自動的な完全更新間隔" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "自動的なスマート更新間隔" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" "ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するかどう" "か" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" "sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイン" "名" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたはネット" "ワーク" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "ホスト属性にネットワークグループを含むルールを含めるかどうか" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "ホスト属性に正規表現を含むルールを含めるかどうか" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "sudo ルールのオブジェクトクラス" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "sudo ルール名" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "sudo ルールのコマンドの属性" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "sudo ルールのホストの属性" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "sudo ルールのユーザーの属性" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "sudo ルールのオプションの属性" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "sudo ルールの runasuser の属性" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "sudo ルールの runasgroup の属性" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "sudo ルールの notbefore の属性" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "sudo ルールの notafter の属性" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "sudo ルールの order の属性" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "automounter マップのオブジェクトクラス" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "オートマウントのマップ名の属性" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "automounter マップエントリーのオブジェクトクラス" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "automounter マップエントリーのキー属性" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "automounter マップエントリーの値属性" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "automonter のマップ検索のベース DN" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "許可ユーザーのカンマ区切り一覧" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "禁止ユーザーのカンマ区切り一覧" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "デフォルトのシェル, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "ホームディレクトリーのベース" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "使用する NSS ライブラリーの名前" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "使用する PAM スタック" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "デーモンとして実行(デフォルト)" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "対話的に実行(デーモンではない)" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "非標準の設定ファイルの指定" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "バージョン番号を表示して終了する" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "デバッグレベル" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "デバッグのタイムスタンプを追加する" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "タイムスタンプをミリ秒単位で表示する" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "デバッグログのオープンファイルディスクリプター" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "情報プロバイダーのドメイン (必須)" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "特権ソケットの所有者またはパーミッションが誤っています。" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "公開ソケットの所有者またはパーミッションが誤っています。" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "サーバーのクレディンシャルメッセージの予期しない形式です。" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "SSSD は root により実行されません。" #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "エラーが発生しましたが、説明がありませんでした。" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "エラーの説明を検索中に予期しないエラーが発生しました" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "パスワードが一致しません" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "root によるパスワードのリセットはサポートされません。" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "キャッシュされているクレディンシャルを用いて認証されました" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr "、キャッシュされたパスワードが失効します: " #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "パスワードの期限が切れています。あと %1$d 回ログインできます。" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "あなたのパスワードは %1$d %2$s に危険が切れます。" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "次まで認証が拒否されます: " #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "システムがオフラインです、パスワード変更ができません" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "パスワードの変更に失敗しました。 " #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "サーバーのメッセージ: " #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "新しいパスワード: " #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "新しいパスワードの再入力: " #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "パスワード: " #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "現在のパスワード: " #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "パスワードの期限が切れました。いますぐパスワードを変更してください。" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "実行するデバッグレベル" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "使用する SSSD ドメイン" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "ロケールの設定中にエラーが発生しました\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "十分なメモリーがありません\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "ユーザーが指定されていません\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "公開鍵の検索中にエラーが発生しました\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "ホストへの接続に使用するポート" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "無効なポート\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "ホストが指定されていません\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "プロキシーコマンドへのパスは絶対パスにする必要があります\n" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "ユーザーの UID" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "コメント文字列" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "ホームディレクトリー" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "ログインシェル" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "グループ" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "ユーザーのディレクトリーが存在しなければ作成する" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "ユーザーのディレクトリーを作成しない、設定を上書きする" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "代替のスケルトンディレクトリーを指定する" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "ユーザーのログインに対する SELinux ユーザー" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "追加するグループを指定してください\n" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "追加するユーザーを指定してください\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "" "ツールを初期化中にエラーが発生しました - ローカルドメインがありません\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "ツールを初期化中にエラーが発生しました\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "FQDN で指定されたドメインが無効です\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "パラメーターを解析中に内部エラーが発生しました\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "グループがユーザーと同じドメインになければいけません\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "ローカルドメインにグループ %1$s を見つけられません\n" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "デフォルト値を設定できません\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "選択された UID は許容される範囲を越えています\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "SELinux ログインコンテキストを設定できません\n" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "ユーザーに関する情報を取得できません\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "ユーザーのホームディレクトリーがすでに存在します、スケルトンディレクトリーか" "らデータをコピーしません\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "ユーザーのホームディレクトリーを作成できません: %1$s\n" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "ユーザーのメールスプールを作成できません: %1$s\n" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "ユーザーに ID を割り当てられませんでした - ドメインがいっぱいですか?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "同じ名前または ID を持つユーザーまたはグループがすでに存在します\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "トランザクションエラー。ユーザーを追加できませんでした。\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "グループの GID" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "追加するグループを指定してください\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "選択された GID は許容される範囲を越えています\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "グループに ID を割り当てられませんでした - ドメインがいっぱいですか?\n" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "同じ名前または GID を持つグループがすでに存在します\n" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "トランザクションエラー。グループを追加できませんでした。\n" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "削除するグループを指定してください\n" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "グループ %1$s はドメインに対して定義された ID の範囲を越えています\n" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" "NSS リクエストに失敗しました (%1$d)。項目はメモリーキャッシュに残されます。\n" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" "そのようなグループはローカルドメインにありません。グループの削除はローカルド" "メインにおいてのみ許可されます。\n" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "内部エラー。グループを削除できませんでした。\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "このグループに追加するグループ" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "このグループから削除するグループ" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "削除するグループを指定してください\n" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "変更するグループを指定してください\n" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" "ローカルドメインにグループが見つかりませんでした。グループの変更はローカルド" "メインにおいてのみ許可されます\n" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "メンバーグループが親グループと同じドメインにある必要があります\n" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" "ローカルドメインにグループ %1$s が見つかりません。ローカルドメインにあるグ" "ループのみが許可されます\n" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" "グループを変更できませんでした - メンバーグループ名が正しいかを確認してくださ" "い\n" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" "グループを変更できませんでした - グループ名が正しいかを確認してください\n" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "トランザクションエラー。グループを変更できませんでした。\n" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "%1$s%2$s グループ: %3$s\n" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "マジックプライベート " #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "%1$s GID 番号: %2$d\n" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "%1$s メンバーユーザー: " #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" "\n" "%1$s は次のメンバー: " #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" "\n" "%1$s メンバーグループ: " #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "間接グループメンバーを再帰的に表示する" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "表示するグループを指定してください\n" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" "そのようなグループはローカルドメインにありません。グループの表示はローカルド" "メインにおいてのみ許可されます。\n" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "内部エラー。グループを表示できませんでした。\n" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "ホームディレクトリーとメールスプールを削除する" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "ホームディレクトリーとメールスプールを削除しない" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "ユーザーにより所有されていないファイルの強制削除" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "ユーザーを削除する前にそのユーザーのプロセスを強制停止する" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "削除するユーザーを指定する\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "ユーザー %1$s はドメインに対して定義された ID の範囲を超えています\n" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "SELinux ログインコンテキストをリセットできません\n" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" "警告: ユーザー (uid %1$lu) が削除されたときにまだログインしていました。\n" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" "ユーザーがこのプラットフォームにログインしていたかを確認できませんでした" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "ユーザーがログインしていたかを確認中にエラーが発生しました\n" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "削除後コマンドの実行に失敗しました: %1$s\n" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" "ホームディレクトリーを削除していません - ユーザーにより所有されていません\n" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "ホームディレクトリーを削除できません: %1$s\n" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" "そのようなユーザーはローカルドメインにいません。ユーザーの削除はローカルドメ" "インにおいてのみ許可されます。\n" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "内部エラー。ユーザーを削除できませんでした。\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "ユーザーの GID" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "このユーザーを追加するグループ" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "このユーザーを削除するグループ" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "アカウントをロックする" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "アカウントをロック解除する" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "変更するユーザーを指定してください\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" "ローカルドメインにユーザーを見つけられません。ユーザーの変更はローカルドメイ" "ンにおいてのみ許可されます。\n" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" "ユーザーを変更できませんでした - グループ名が正しいかを確認してください\n" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" "ユーザーを変更できませんでした - ユーザーはすでにグループのメンバーですか?\n" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "トランザクションエラー。ユーザーを変更できませんでした。\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "指定された検索に一致するキャッシュオブジェクトがありません\n" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "%1$s を無効化できませんでした" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "%1$s %2$s を無効化できませんでした" #: src/tools/sss_cache.c:542 #, fuzzy msgid "Invalidate all cached entries except for sudo rules" msgstr "sudo ルール以外の全キャッシュ項目の無効化" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "特定のユーザーを無効にする" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "すべてのユーザーを無効にする" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "特定のグループを無効にする" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "すべてのグループを無効にする" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "特定のネットワークグループを無効にする" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "すべてのネットワークグループを無効にする" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "特定のサービスの無効化" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "すべてのサービスの無効化" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "特定の autofs マップの無効化" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "すべての autofs マップの無効化" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "特定のドメインのみからエントリーを無効にする" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "無効化するオブジェクトを少なくとも一つ選択してください\n" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" "ドメイン %1$s を開けませんでした。ドメインがサブドメイン (信頼済みドメイン) " "であれば、--domain/-d パラメーターの代わりに完全修飾名を使用してください。\n" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "利用可能なドメインを開けませんでした\n" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "\n" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "設定したいデバッグレベルを指定する\n" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "引数が一つのみ期待されます\n" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" "名前 '%1$s' が FQDN であるように見えません ('%2$s = TRUE' が設定されます)\n" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "メモリー不足\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "%1$s は root として実行する必要があります\n" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "デバッグ出力を標準エラーの代わりにファイルに送信する" ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/Rules-quot����������������������������������������������������������0000644�0000000�0000000�00000000132�12320753476�016200� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954942.042889393 30 atime=1396954961.147875325 30 ctime=1396954962.525874307 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/Rules-quot���������������������������������������������������������������������������0000644�0024127�0024127�00000003376�12320753476�016436� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Special Makefile rules for English message catalogs with quotation marks. DISTFILES.common.extra1 = quot.sed boldquot.sed en@quot.header en@boldquot.header insert-header.sin Rules-quot .SUFFIXES: .insert-header .po-update-en en@quot.po-create: $(MAKE) en@quot.po-update en@boldquot.po-create: $(MAKE) en@boldquot.po-update en@quot.po-update: en@quot.po-update-en en@boldquot.po-update: en@boldquot.po-update-en .insert-header.po-update-en: @lang=`echo $@ | sed -e 's/\.po-update-en$$//'`; \ if test "$(PACKAGE)" = "gettext"; then PATH=`pwd`/../src:$$PATH; GETTEXTLIBDIR=`cd $(top_srcdir)/src && pwd`; export GETTEXTLIBDIR; fi; \ tmpdir=`pwd`; \ echo "$$lang:"; \ ll=`echo $$lang | sed -e 's/@.*//'`; \ LC_ALL=C; export LC_ALL; \ cd $(srcdir); \ if $(MSGINIT) -i $(DOMAIN).pot --no-translator -l $$ll -o - 2>/dev/null | sed -f $$tmpdir/$$lang.insert-header | $(MSGCONV) -t UTF-8 | $(MSGFILTER) sed -f `echo $$lang | sed -e 's/.*@//'`.sed 2>/dev/null > $$tmpdir/$$lang.new.po; then \ if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \ rm -f $$tmpdir/$$lang.new.po; \ else \ if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \ :; \ else \ echo "creation of $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \ exit 1; \ fi; \ fi; \ else \ echo "creation of $$lang.po failed!" 1>&2; \ rm -f $$tmpdir/$$lang.new.po; \ fi en@quot.insert-header: insert-header.sin sed -e '/^#/d' -e 's/HEADER/en@quot.header/g' $(srcdir)/insert-header.sin > en@quot.insert-header en@boldquot.insert-header: insert-header.sin sed -e '/^#/d' -e 's/HEADER/en@boldquot.header/g' $(srcdir)/insert-header.sin > en@boldquot.insert-header mostlyclean: mostlyclean-quot mostlyclean-quot: rm -f *.insert-header ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/zh_CN.gmo�����������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015672� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.497874328 30 atime=1396954962.497874328 30 ctime=1396954962.563874279 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/zh_CN.gmo����������������������������������������������������������������������������0000664�0024127�0024127�00000002277�12320753522�016131� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000���������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ������t�����������������������.�����E�����^�� ���q�� ����������&���������� �������������� ������������� ��!����� ���A�����O�����h�������!������������������� ����������������� ���������������� �����������Address of backup IPA server�Authentication timeout�Command to start service�IPA server address�Include timestamps in debug logs�Invalid port �Kerberos server address�Set the verbosity of the debug logging�Store password hashes�Write debug messages to logfiles�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Chinese (China) (http://www.transifex.com/projects/p/fedora/language/zh_CN/) Language: zh_CN MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; �IPA 备份服务器地址�验证超时�启动服务命令�IPA 服务器地址�在调试日志中包含时间戳�无效端口 �Kerberos 服务器地址�设定调试日志记录等级�保存密码哈希值�写入调试信息到日志文件����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/zh_TW.po������������������������������������������������������������0000644�0000000�0000000�00000000072�12320753107�015562� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������29 atime=1396954962.27887449 29 ctime=1396954962.54887429 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/zh_TW.po�����������������������������������������������������������������������������0000664�0024127�0024127�00000135216�12320753107�016016� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/fedora/" "language/zh_TW/)\n" "Language: zh_TW\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "在除錯日誌內加入時間戳記" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "將除錯訊息寫入日誌檔" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "啟動服務的指令" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "要啟動的 SSSD 服務" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "要啟動的 SSSD 網域" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "用來解析使用者名稱與網域的正規表示式" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "SSSD 應該明確忽略的使用者" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "SSSD 應該明確忽略的群組" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "過濾的使用者是否應該顯現在群組內" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "身分提供者" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "認證提供者" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "存取控制提供者" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "密碼變更提供者" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "最小的使用者 ID" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "最大的使用者 ID" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "啟用所有使用者或群組的列舉" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "供離線登入使用的快取憑證" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "IPA 網域" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "IPA 伺服器位址" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "IPA 客戶端主機名稱" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Kerberos 伺服器位址" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "認證逾時" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "儲存憑證快取的目錄" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "使用者憑證快取的位置" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "驗證憑證用的金鑰表格位置" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "啟用憑證驗證" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "需要 TLS 憑證驗證" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "指定要使用的 sasl 機制" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "指定要使用的 sasl 認證 id" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "搜尋請求的等候時間長度" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "全名" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "評估密碼過期時效的策略" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "許可的使用者清單,請使用半形逗號作為分隔" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "被禁止的使用者清單,請使用半形逗號作為分隔" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "預設 shell,/bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "要使用的 NSS 函式庫名稱" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "要使用的 PAM 堆疊" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "作為幕後程式 (預設)" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "以互動方式執行 (非幕後程式)" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "指定非預設的配置檔" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "除錯層級" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "加入除錯時間戳記" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "" #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "密碼不相符" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr ",您快取的密碼將在此刻過期:" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "系統已離線,不可能作密碼變更" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "密碼變更失敗。" #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "伺服器訊息:" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "新密碼:" #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "再次輸入新密碼:" #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "密碼:" #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "目前的密碼:" #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "密碼已過期。請立刻變更您的密碼。" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "設定區域設置時發生錯誤\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "使用者的 UID" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "註解字串" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "家目錄" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "登入用 shell" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "群組" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "如果使用者的目錄不存在便將它建立" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "永遠不建立使用者的目錄,凌駕配置" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "指定替代的骨幹目錄" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "指定要加入的使用者\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "初始化工具時發生錯誤 - 沒有本機網域\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "初始化工具時發生錯誤\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "在 FQDN 內指定了無效的網域\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "當解析參數時發生內部錯誤\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "群組必須位於與使用者相同的網域內\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "無法設定預設值\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "所選的 UID 位於許可的範圍外\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "無法取得關於這位使用者的資訊\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "使用者的家目錄已經存在,不會從骨幹目錄複製資料\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "無法為使用者分配 ID - 網域已滿?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "已經存在相同名稱的使用者或群組\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "處理事項發生錯誤。無法加入使用者。\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "群組的 GID" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "指定要加入的群組\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "所選的 GID 位於許可的範圍外\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "無法為群組分配 ID - 網域已滿?\n" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "已經存在相同名稱的群組或 GID\n" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "處理事項發生錯誤。無法加入群組。\n" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "指定要刪除的群組\n" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "在本機網域內沒有這樣的群組。只許可在本機網域內移除群組。\n" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "內部錯誤。無法移除群組。\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "指定要修改的群組\n" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "在本機網域內找不到群組,只許可在本機網域內修改群組\n" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "成員群組必須位於與親代群組相同的網域內\n" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "無法修改群組 - 請檢查群組名稱是否正確\n" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "處理事項發生錯誤。無法修改群組。\n" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "魔法隱私" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "遞迴地列出間接的群組成員" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "指定要顯示的群組\n" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "本機網域內沒有這樣的群組。只許可在本機網域內列出群組。\n" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "內部錯誤。無法列出群組。\n" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "強制檔案的移除並非由使用者所擁有" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "指定要刪除的使用者\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "不會移除家目錄 - 並非由使用者所擁有\n" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "在本機網域內沒有這樣的使用者。只許可在本機網域內移除使用者。\n" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "內部錯誤。無法移除使用者。\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "使用者的 GID" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "鎖住這個帳號" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "解除這個帳號的鎖" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "指定要修改的使用者\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "在本機網域內找不到使用者,只許可在本機網域內修改使用者\n" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "無法修改使用者 - 請檢查群組名稱是否正確\n" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "無法修改使用者 - 使用者是否已經是群組的成員?\n" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "處理事項發生錯誤。無法修改使用者。\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "記憶體耗盡\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "傳送除錯輸出到檔案而不是標準輸出" ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/bg.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000131�12320753522�015260� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.304874471 30 atime=1396954962.304874471 29 ctime=1396954962.54987429 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/bg.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000041600�12320753522�015511� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<�����\������( ��'���) ��8���Q ����� ��3��� ��%��� �� ��� ����� �����5 �����O ��#���i ����� ��!��� ����� ��%��� ��(��� �����9 ��2���R ��,��� ����� �� ��� ����� ��$��� ��,��������<�����Y��/���w�������"���������� ����������6��������K��*���R��)���}������������U�����<���%��B���b��F�����8��������%�� ���9�����D�����W�� ���i��(�����!��������������������*�����:���?��*���z��$�����5�����+������#���,��.���P��'����� ��������������������/����������7���.�����f�������+�����(����� ���������� �����&���0��*���W�������=����������"�����$��������5��H���P���������������������������E�����&���U�����|��&�����!�����)���������������(���.��!���W�����y�������9�����/����������!���#��2���E�����x����������������������.�����=�����.���P��.�����>�����'�����'����� ���=�����K��7���Z��%�����5�����'�����D��������[��(���n��A����� �����$������������2��<�����f���%��8�����a�����V���' ��=���~ ��4��� ��7��� ��H���)!��[���r!��E���!��K���"��S���`"��`���"��`���#��>���v#��h���#��`���$�����$�����$��R���$��n���%��e���p%��Y���%��U���0&��|���&��@���'��4���D'��,���y'�����'�����'��W���'�� ���%(��a���0(��M���(��#���(��2���)�����7)��w���*�����*�����+��v���+��*���+�����&,�� ���7,��.���X,��3���,��J���,��:���-�����A-��%���W-��!���}-��H���-��{���-��l���d.��J���.��`���/��l���}/��N���/��x���90��x���0��+���+1��1���W1��/���1��/���1��q���1�����[2��@���r2��7���2��4���2��F��� 3��J���g3�� ���3��&���3��A���3��G���)4��]���q4��#���4��z���4��'���n5��R���5��=���5��/���'6��}���W6��C���6��-���7��+���G7��.���s7��'���7��y���7��R���D8��:���8��]���8��[���09��E���9��0���9��D���:��A���H:��>���:��:���:��3���;��h���8;��a���;�����<��T���<��L���p<�����<�����<��8���<��1���3=��)���e=��]���=��o���=��I���]>��I���>��w���>��L���i?��d���?�����@�����.@��_���B@��3���@��a���@��-���8A�����fA��1���A��Y���1B��m���B��C���B��&���=C�����dC����� ���L���n���(��� ���������������A���u���b���H���w�������s�����������N������O������� ����������������#������9���M������_�����������R���D�������x�������C���l�������=�������!������{�����������B���r���+���6���m���X������4���f�������~�������;���0�������7���q���8����������a���)����������K���o�������p����������e���������W���]������G�������������������������� ������P���`���@���y���:������Q�������-���\���5��� ��������������c���g������Z�������F������"�������,���3���$���*���T������?���^������d���E���V����������U������%���S���1�������j������ ��������������'���I���/�����������&���v�������[�����������h���2���J������t���}����������>�������Y������k���<��������������z����������.���i���|����, your cached password will expire at: �A user or group with the same name or ID already exists �Access control provider�An error occurred, but no description can be found.�Authenticated with cached credentials�Authentication is denied until: �Authentication provider�Base for home directories�Become a daemon (default)�Cache credentials for offline login�Cannot get info about the user �Cannot set SELinux login context �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the user - domain full? �Create user's directory if it does not exist�Current Password: �Debug level�Default shell, /bin/bash�Directory to store credential caches�Display users/groups in fully-qualified form�Enable credential validation�Error initializing the tools �Error initializing the tools - no local domain �Error setting the locale �File that contains CA certificates�Follow LDAP referrals�Full Name�GECOS attribute�Group %1$s is outside the defined ID range for domain �Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Home directory�Home directory attribute�How long (minutes) to deny login after offline_failed_login_attempts has been reached�How long to allow cached logins between online logins (days)�How long to keep cached entries after last successful login (days)�How long to wait for replies from DNS when resolving servers (seconds)�How many failed logins attempts are allowed when offline�IPA client hostname�IPA domain�IPA server address�Identity provider�Include timestamps in debug logs�Internal error while parsing parameters �Invalid domain specified in FQDN �Kerberos realm�Kerberos server address�Kerberos service keytab�LDAP filter to determine access privileges�Length of time between attempts to reconnect while offline�Length of time between enumeration updates�Length of time to attempt connection�Length of time to attempt synchronous LDAP operations�Length of time to wait for a search request�Lifetime of TGT for LDAP connection�Location of the keytab to validate credentials�Location of the user's credential cache�Login shell�Maximum user ID�Minimum user ID�Modification time attribute�Never create user's directory, overrides config�New Password: �Number of times to attempt connection to Data Providers�Password change failed. �Password change provider�Password expired. Change your password now.�Password reset by root is not supported.�Password: �Passwords do not match�Path to CA certificate directory�Ping timeout before restarting service�Policy to evaluate the password expiration�Primary GID attribute�Printf-compatible format for displaying fully-qualified names�Reenter new Password: �Regex to parse username and domain�Require TLS certificate verification�Require TLS for ID lookups�Restrict or prefer a specific address family when performing DNS lookups�Run interactive (not a daemon)�SSSD Domains to start�SSSD Services to start�SSSD is not run by root.�Server message: �Server where the change password service is running if not on the KDC�Set the verbosity of the debug logging�Shell attribute�Should filtered users appear in groups�Specify a non-default config file�Specify an alternative skeleton directory�Specify group to add �Specify group to add to �Specify the sasl authorization id to use�Specify the sasl mechanism to use�Specify user to add �Store password hashes�Store password if offline for later online authentication�System is offline, password change not possible�The GID of the group�The SELinux user for user's login�The Schema Type in use on the LDAP server, rfc2307�The UID of the user�The comment string�The debug level to run with�The default base DN�The default bind DN�The domain part of service discovery DNS query�The interface whose IP should be used for dynamic DNS updates�The selected GID is outside the allowed range �The selected UID is outside the allowed range �The value of the password field the NSS provider should return�Timeout for messages sent over the SBUS�Transaction error. Could not add user. �UID attribute�UUID attribute�Unexpected error while looking for an error description�Use Kerberos auth for LDAP connection�User %1$s is outside the defined ID range for domain �User principal attribute (for Kerberos)�User's home directory already exists, not copying data from skeldir �Username attribute�Users that SSSD should explicitly ignore�Whether to automatically update the client's DNS entry in FreeIPA�Write debug messages to logfiles�ldap_uri, The URI of the LDAP server�memberOf attribute�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Bulgarian (http://www.transifex.com/projects/p/fedora/language/bg/) Language: bg MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); �, кешираната парола ще изтече на: �Потребител или група с такова име или ID вече съществува �Доставчик на контрол на достъп�Възникнала е грешка, но не може да се намери описание.�Удостоверен с кеширани идентификационни данни�Удостоверяването е забранено до: �Доставчик на удостоверяване�Място за домашните директории�Продължава като демон (по подразбиране)�Кеширай идентификационни данни за офлайн влизане�Не мога да получа инфо за потребителя �Не мога да задам SELinux контекст за влизане �Не мога да задам стойностите по подразбиране �Списък разрешени потребители, разделени със запетая�Списък забранени потребители, разделени със запетая�Команда за стартиране на услугата�Не можах да запазя ID за потребителя - домейнът ли е пълен? �Създай, ако не съществува, директория на потребителя�Текуща парола:�Ниво на debug�Подразбиращ се команден интерпретатор, /bin/bash�Директория за съхранение на кеша за данни за удостоверяване�Показвай потребители/групи в пълно -валифицирана форма�Разреши проверката на данните за удостоверяване�Грешка при инициализирането на инструментите �Грешка при инициализирането на инструментите - няма локален домейн �Грешка при задаване локални настр. �Файл, съдържащ CA сертификати�Следвай LDAP референциите�Пълно име�атрибут GECOS�Група %1$s е извън дефинирания ID обхват за домейн �Групи�Групите трябва да са в същия домейн като потребителя �Групи, които SSSD изрично трябва да игнорира�Домашна директория�атрибут Домашна директория�Колко време (в минути) да е забранено влизането, след достигане броя неуспешни опити за влизане, когато сме офлайн�Колко дни да се позволява кеширано влизане между влизания онлайн�Колко дни да се пазят кешираните записи след последното успешно влизане�Колко време да чакам за отговори от DNS при търсене на сървъри (секунди)�Колко неуспешни опита за влизане са разрешени, когато сме офлайн�Име на хост на IPA клиент�IPA домейн�Адрес на IPA сървър�Доставчик на самоличност�Включва час и дата в debug лога�Вътрешна грешка при разбор на параметри �В FQDN е зададен невалиден домейн �Kerberos област�Адрес на Kerberos сървър�keytab на Kerberos услуга�LDAP филтър за определяне права на достъп�Продължителност на времето между опитите за връзка докато е офлайн�Продължителност на време между актуализации на изброяване�Продължителност на опитите за свързване�Продължителност на опитите за синхронни LDAP операции�Продължителност на време за изчакване на заявка за търсене�Продължителност на живот на TGT за LDAP връзка�Местоположение на keytab за валидиране на данните за удостоверяване�Местоположение на кеша за данни за удостоверяване на потребители�Команден интерпретатор�Максимално ID на потребител�Минимално ID на потребител�атрибут Момент на промяна�Никога не създавай директория на потребителя, въпреки конфиг.�Нова парола:�Време за опити за връзка с Data Provider-и�Промяната на паролата не успя.�Доставчик на смяна на парола�Паролата Ви е остаряла. Сменете я сега.�Промяна на паролата от root не се поддържа.�Парола:�Паролите не съвпадат�Път до директорията на CA сертификат�Ping изчакване преди рестарт на услугата�Политика за определяне срок на валидност на парола�атрибут Първичен GID�Printf-съвместим формат за изобразяване на пълно-квалифицирани имена�Отново новата парола:�Regex за намиране на потребителско име и домейн�Изисква TLS проверка на сертификат�Изисква TLS за ИД справките�Ограничава или предпочита определена фамилия адреси при DNS търсения�Интерактивна работа (а не като демон)�SSSD домейни за стартиране�SSSD услуги за стартиране�SSSD не е стартиран като root.�Съобщение от сървъра:�Сървърът, на който работи услугата за смяна на парола ако не е на KDC�Задава ниво на подробност на debug лог записите�атрибут Команден интерпретатор�Да се показват ли филтрираните потребители в групи�Задаване на друг (не подразбиращия се) конфиг файл�Задайте алтернативна skeleton директория�Задайте група за добавяне �Задайте група, към която да го добавя �Задаване на sasl authorization id за употреба�Задава за използване механизма sasl�Задайте потребител за добавяне �Съхранявай хешове на пароли�Записва паролата ако е офлайн за по-късно удостоверяване�Системата е офлайн, промяна на паролата не е възможна�GID на групата�SELinux потребителят за влизането на потребителя�Използваният тип схема на LDAP сървъра, rfc2307�UID на потребителя�Низ за коментар�Нивото на debug записи при работа�Базовият DN по подразбиране�Подразбиращият се bind DN�Частта Домейн от DNS заявката за откриване на услуга�Интерфейсът, чийто IP да се ползва за динамични DNS обновявания�Зададеният GID е извън позволения обхват �Зададеният UID е извън позволения обхват �Стойността на полето парола, което NSS доставчикът трябва да върне�Изчакване за съобщения, изпратени през SBUS�Грешка в транзакцията. Не можах да добавя потребителя. �атрибут UID�атрибут UUID�Неочаквана грешка при търсене на описание на грешка�Ползвай Kerberos auth за LDAP връзка�Потребител %1$s е извън дефинирания ID обхват за домейн �атрибут User principal (за Kerberos)�Домашната директория на потребителя вече съществува, няма да копирам данни от skeldir �атрибут Потребителско име�Потребители, които SSSD изрично трябва да игнорира�Дали автоматично да се обновява клиентския DNS запис във FreeIPA�Записва debug съобщенията в логфайлове�ldap_uri, URI на LDAP сървъра�атрибут членНа���������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/pl.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015304� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.425874381 30 atime=1396954962.425874381 30 ctime=1396954962.558874283 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/pl.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000126223�12320753522�015541� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ����\������!�����!�����!�����!�����!�����"�����-"�����C"��'���V"��1���~"��8���"�����"��&���#�� ���(#�����I#��7���a#�����#�����#�����#��3���#��*���$��B���J$��)���$��)���$��%���$�� ���%�����(%�����@%�����W%�����g%�����%��#���%��%���%�����%��#��� &�����1&�����K&�����h&�����&�����&�����&�����&��#���&��*���'��&���?'��;���f'��'���'��P���'��T���(��R���p(�����(�����(��#����)��!���$)�����F)��%���a)��(���)�����)��3���)��2���)��7���0*��A���h*��9���*��7���*��!���+�����>+�����+�����+��,���+�����),��0���<,�� ���m,�����y,��P���,��$���,��(���-�����1-��,���Q-��+���~-��.���-��2���-��,��� .��3���9.�����m.��#���.�� ���.�����.��"���.��6���.��$���3/��*���X/�����/��/���/�����/�����/��/��� 0��"���90��)���\0��!���0�����0�����0��,���0�� ���1����� 1�� ���1��6���+1�����b1�����w1�� ���1�����1�����1��*���1��)���1�����2����� 2�� ���;2�����\2�����|2�����2�����2�����2��R���2��U���"3��<���x3��B���3��G���3��F���@4��.���4��F���4��8���4��Z���65��E���5��;���5��7���6�����K6�����f6�� ���z6�����6��F���6�����6��4���6��4���&7��V���[7��;���7��0���7�� ���8��(���@8��'���i8��(���8��'���8��!���8�� ���9�����9�����-9�����C9�����\9�����t9�� ���9�����9�����9�����9�����:�����:�����=:�����L:�����d:��)���|:��*���:��:���:��%��� ;��*���2;��$���];��5���;��0���;��+���;��#���<�����9<��>���M<�����<��.���<��'���<�����=�� ���=����� =�����;=��&���J=�����q=��9���=�����=�����=��&���=��)���>��?���8>��<���x>��)���>��'���>�����?�� ���?�����-?�����G?��/���c?�����?��-���?��M���?��M���@��K���l@�����@��*���@��,���@��7���#A��(���[A��!���A�����A�����A�����A�����A����� B��0���"B�����SB�����oB��=���~B��A���B��?���B�����>C�����OC�����hC��+���C��(���C�� ���C�����C�� ���C��&���D��0���@D��*���qD�����D��(���D�����D��=���D��5���7E��1���mE�����E��"���E��$���E�����E��$���F�����AF��H���\F�����F��(���F�����F�����G�����G�����3G�� ���LG�����ZG��$���pG��7���G��7���G��%���H��0���+H�����\H��E���mH�����H��$���H�����H�����I�����!I��7���:I��&���rI��7���I�����I��.���I��&���J��!���7J��!���YJ��)���{J��$���J�����J�����J�����J�����K�����+K�����IK��3���`K��(���K��+���K��!���K����� L����� L�����8L�����PL��9���fL��I���L�����L�����M�����M�����.M�����KM�����iM�����M�����M�����M�����M��/���M�����$N�����9N��!���MN�����oN��2���N��<���N�����N��K��� O��X���VO��/���O��1���O�����P�����$P�����@P�����TP��.���hP��=���P��L���P��3���"Q��"���VQ��C���yQ��B���Q��8����R��/���9R��&���iR��%���R��.���R��.���R��;���S��>���PS��#���S��I���S��'���S��(���%T��'���NT��+���vT��*���T��!���T�� ���T��>���T��8���<U�����uU��7���U��3���U�����U�����V��2���V��%���QV��1���wV��5���V��/���V��'���W��5���7W�����mW��'���W��D���W�����W��(���X��@���*X��D���kX��E���X��i���X��8���`Y��D���Y��6���Y��A���Z�����WZ��;���wZ��=���Z��@���Z��A���2[��K���t[��>���[��T���[��C���T\��5���\�� ���\��B���\��'���2]�����Z]�����y]�����]�����]�����]��+���]��$���^��$���*^�����O^��$���n^�����^�����^�����^�����^�����^�����^�����_�����2_�����F_�����Z_��"���r_����_�����a�����a�� ���a��(���a�����a�����a��&���b��.���;b��/���jb��K���b�����b��)���c��(���+c�����Tc��G���lc�����c�����c�����c��2��� d��4���<d��G���qd��5���d��B���d��8���2e��%���ke�����e��$���e�����e��5���e��;���f��&���Rf��)���yf�����f��.���f��#���f��.���g��$���Eg��)���jg��-���g�����g��!���g��J���h��:���Lh��6���h��H���h��4���i��b���<i��k���i��|��� j��.���j��,���j��3���j��/���k��*���Hk��9���sk��:���k��!���k��H��� l��P���Sl��S���l��]���l��X���Vm��S���m��'���n�����+n�����n��!���n��1��� o�����=o��,���Po�����}o�����o��r���o��K���!p��-���mp��&���p��0���p��+���p��%���q��0���Eq��6���vq��@���q��0���q��2���r�� ���Rr�� ���`r��!���r��I���r��7���r��:���%s��%���`s��<���s��/���s��&���s��<���t�� ���Wt��$���xt�����t��$���t�����t��H����u�����Iu�� ���Zu�� ���hu��F���tu�����u�����u�� ���u�� ���u�����u��5���v��>���:v��$���yv��+���v��%���v��,���v�����w�����,w�����Fw�����fw��b���|w��]���w��b���=x��b���x��H���y��Z���Ly��?���y��=���y��B���%z��P���hz��W���z��-���{��3���?{�����s{�����{�� ���{�����{��H���{����� |��=���!|��9���_|�����|��W���}��;���w}��(���}��5���}��2���~��/���E~��6���u~��&���~�����~��!���~����� ��$���&�����K��%���i�� ����������$����������!��� ��!���/�����Q�����a�����x��1�����-���ʀ��=�����.���6��&���e�������-�����(���ց��*�����&���*�����Q��T���b��#�����E���ۂ��I���!�����k�����~��.����������F���Ѓ��%�����F���=��$�������������Ä��)�����T��� ��:���a��6�����6���Ӆ����� �����'��!���=��"���_��@����� ���Æ��G���ц��a�����_���{��q���ۇ�����M��L���\��P�����.�����,���)��$���V�����{�������#��������؉��"�����(�����#���?�����c��@���r��N�����F��������I��"���[�����~��+�����C���������������&���(��=���O��;�����)���Ɍ�������6�����,���?��5���l��D�����B�����%���*��A���P��#����������"���Ҏ��,�����U���"��(���x��4��������֏������������-���.�� ���\��"���j��=�����K���ː��Z�����&���r��T����������X��������[��(���q���������������˒��G�����2���.��H���a�������:�����<�����"���3��%���V��-���|��(�����!���Ӕ��)�����$�����(���D��*���m��'�����0�����0�����+���"�����N��'���m��*�����.����������^��� ��U���k�������������������������0�����O�� ���j������������!���ʘ��=����� ���*�����4��-���E�����s��/�����@����������6��� ��D���C��1�����8����������&��������+�����C��0���\��T�����M�����C���0�����t��X�����A�����2���.��:���a��,�����1���ɝ��+�����+���'��6���S��<�����'���Ǟ��U�����3���E��,���y��3�����3���ڟ��:�����8���I�� �����D�����9���Ӡ�� ��� ��7�����=���R�������.�����Z���ҡ��6���-��8���d��F�����A�����1���&��L���X�������.�����]��������K��F���f��O�����V�����M���T�������G���#��=���k��0�����I���ڦ��$���$��B���I��M�����E���ڧ��Q��� ��W���r��]���ʨ��S���(��H���|��E���ũ��4��� ��5���@�����v��������������������٪�������'����� ���/�����P�����p��������������������ѫ��������������� �����"�����;�����M�����_�����u�����Q����L���������'���t������������������������������q�����������������R���w���]������;��=���������"���������������������������A��� �����O���>������������������������g��%���(���5��s���h�����������,�������K�������������������P��B�����-��H���������*��������������������f��v�����%���������T���������y������|������������7��B���������������+�������������X����S������������������������������������`���1������D������U�����������"�����������������������9����������d��������Y����� ��w���������������]�����Y���J������m���x���v���z�����y���*������������o��N�������u���6���p���k������������������ �����������^����������������������<����-���4��l���P�����������M������/�������������G��K���������G���>��:������g���6������?�������{������$������}��������������N������������?�������!���������q����������������������������T���������n��������������������#������$���������}��d���U��������������������D��������������3���F����I���������������c���F���f���~���������{�����Q����������\�������������������c��2�������#�����������_��S������+�� �������������(������m����������.����o���@���������� ���J��s�����e������Z�������������:�����������E�������~������������������������ ����������)���.����������������E�������4������V������������������=����� �����������'��������k����� ���������Z�����;�������2����������z��V����������&���9�������������������@�����`���������������������������������<���i��I���������������C�������������������������������L���[���8���u������������X���������,��|����������������������!���j���������n��l�����������������������&��W������������������������������ ����������������b��A�����H��C��)��e������r��\����������������8����^���������0���M���5��� ���a���W���������������t��b������R������_���h����a��������� �����������/�������0��O��x�����i������p��������� ���7�������r������������j���[��������������������3��1������������� � %1$sIs a member of: � %1$sMember groups: �%1$s must be run as root �%1$s%2$sGroup: %3$s �%1$sGID number: %2$d �%1$sMember users: �, your cached password will expire at: �A group with the same name or GID already exists �A user or group with the same name or ID already exists �Access control provider�Active Directory backup server address�Active Directory client hostname�Active Directory domain�Active Directory primary group attribute for ID-mapping�Active Directory server address�Add debug timestamps�Address of backup IPA server�An error occurred, but no description can be found.�An open file descriptor for the debug logs�Attribute indicating that server side password policies are active�Attribute listing authorized PAM services�Attribute listing authorized server hosts�Authenticated with cached credentials�Authentication is denied until: �Authentication provider�Authentication timeout�Autofs provider�Automatic full refresh period�Automatic smart refresh period�Automounter map entry key attribute�Automounter map entry value attribute�Automounter map name attribute�Base DN for automounter map lookups�Base DN for group lookups�Base DN for netgroup lookups�Base DN for service lookups�Base DN for sudo rules lookups�Base DN for user lookups�Base for home directories�Become a daemon (default)�Cache credentials for offline login�Cannot create user's home directory: %1$s �Cannot create user's mail spool: %1$s �Cannot determine if the user was logged in on this platform�Cannot find group %1$s in local domain �Cannot find group %1$s in local domain, only groups in local domain are allowed �Cannot find group in local domain, modifying groups is allowed only in local domain �Cannot find user in local domain, modifying users is allowed only in local domain �Cannot get info about the user �Cannot remove homedir: %1$s �Cannot reset SELinux login context �Cannot set SELinux login context �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the group - domain full? �Could not allocate ID for the user - domain full? �Could not modify group - check if groupname is correct �Could not modify group - check if member group names are correct �Could not modify user - check if group names are correct �Could not modify user - user already member of groups? �Could not open available domains �Could not open domain %1$s. If the domain is a subdomain (trusted domain), use fully qualified name instead of --domain/-d parameter. �Couldn't invalidate %1$s�Couldn't invalidate %1$s %2$s�Create user's directory if it does not exist�Current Password: �DNS service name for LDAP password change server�Debug level�Default shell, /bin/bash�Directory on the filesystem where SSSD should store Kerberos replay cache files.�Directory to store credential caches�Disable Active Directory range retrieval�Disable the LDAP paging control�Display users/groups in fully-qualified form�Do not remove home directory and mail spool�Domain of the information provider (mandatory)�Domain to add to names without a domain component.�Don't include group members in group lookups�Enable DNS sites - location based service discovery�Enable credential validation�Enable enumerating all users/groups�Enables FAST�Enables enterprise principals�Enables principal canonicalization�Entry cache background update timeout length (seconds)�Entry cache timeout length (seconds)�Enumeration cache timeout length (seconds)�Error initializing the tools �Error initializing the tools - no local domain �Error looking up public keys �Error setting the locale �Error while checking if the user was logged in �File that contains CA certificates�File that contains the client certificate�File that contains the client key�Filter for user lookups�Follow LDAP referrals�Force removal of files not owned by the user�Full Name�GECOS attribute�GID attribute�Group %1$s is outside the defined ID range for domain �Group UUID attribute�Group member attribute�Group name�Group password�Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Groups to add this group to�Groups to add this user to�Groups to remove this group from�Groups to remove this user from�Home directory�Home directory attribute�Host identity provider�Host not specified �Hostnames and/or fully qualified domain names of this machine to filter sudo rules�How long (minutes) to deny login after offline_failed_login_attempts has been reached�How long to allow cached logins between online logins (days)�How long to keep cached entries after last successful login (days)�How long to retain a connection to the LDAP server before disconnecting�How long to wait for replies from DNS when resolving servers (seconds)�How long will be in-memory cache records valid�How many days before password expiration a warning should be displayed�How many failed logins attempts are allowed when offline�How many seconds to keep a host in the known_hosts file after its host keys were requested�How many seconds to keep identity information cached for PAM requests�How often should expired entries be refreshed in background�How often to periodically update the client's DNS entry�How to dereference aliases�IPA client hostname�IPA domain�IPA server address�IPv4 or IPv6 addresses or network of this machine to filter sudo rules�Identity provider�Idle time before automatic disconnection of a client�If DENY rules are present, either DENY_ALL or IGNORE�If a shell stored in central directory is allowed but not available, use this fallback�If set to false, host argument given by PAM will be ignored�Include microseconds in timestamps in debug logs�Include timestamps in debug logs�Internal error while parsing parameters �Internal error. Could not print group. �Internal error. Could not remove group. �Internal error. Could not remove user. �Invalid domain specified in FQDN �Invalid port �Invalidate all autofs maps�Invalidate all groups�Invalidate all netgroups�Invalidate all services�Invalidate all users�Invalidate particular autofs map�Invalidate particular group�Invalidate particular netgroup�Invalidate particular service�Invalidate particular user�Kerberos backup server address�Kerberos realm�Kerberos server address�Kerberos service keytab�Kill users' processes before removing him�LDAP filter to determine access privileges�Length of time between attempts to reconnect while offline�Length of time between cache cleanups�Length of time between enumeration updates�Length of time to attempt connection�Length of time to attempt synchronous LDAP operations�Length of time to wait for a enumeration request�Length of time to wait for a search request�Lifetime of TGT for LDAP connection�Lifetime of the TGT�List of UIDs or user names allowed to access the PAC responder�List of possible ciphers suites�Location of the keytab to validate credentials�Location of the user's credential cache�Lock the account�Login shell�Lower bound for ID-mapping�Magic Private �Maximum nesting level SSSd will follow�Maximum user ID�Member groups must be in the same domain as parent group �Minimum user ID�Modification time attribute�Modification time attribute for groups�Modification time attribute for netgroups�NSS request failed (%1$d). Entry might remain in memory cache. �Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set) �Name of the default domain for ID-mapping�Negative cache timeout length (seconds)�Netgroup UUID attribute�Netgroup name�Netgroup triple attribute�Netgroups members attribute�Never create user's directory, overrides config�New Password: �No cache object matched the specified search �No such group in local domain. Printing groups only allowed in local domain. �No such group in local domain. Removing groups only allowed in local domain. �No such user in local domain. Removing users only allowed in local domain. �Not enough memory �Not removing home dir - not owned by user �Number of IDs for each slice when ID-mapping�Number of times to attempt connection to Data Providers�Object class for automounter map entries�Object class for automounter maps�Object class for sudo rules�Objectclass for groups�Objectclass for netgroups�Objectclass for services�Objectclass for users�Only invalidate entries from a particular domain�Only one argument expected �Out of memory �Override GID value from the identity provider with this value�Override homedir value from the identity provider with this value�Override shell value from the identity provider with this value�PAM stack to use�Password change failed. �Password change provider�Password expired. Change your password now.�Password reset by root is not supported.�Password: �Passwords do not match�Path to CA certificate directory�Ping timeout before restarting service�Please select at least one object to invalidate �Policy to evaluate the password expiration�Primary GID attribute�Print indirect group members recursively�Print version number and exit�Printf-compatible format for displaying fully-qualified names�Privileged socket has wrong ownership or permissions.�Public socket has wrong ownership or permissions.�Reenter new Password: �Regex to parse username and domain�Remove home directory and mail spool�Renewable lifetime of the TGT�Require TLS certificate verification�Require TLS for ID lookups�Restrict or prefer a specific address family when performing DNS lookups�Run interactive (not a daemon)�SID of the default domain for ID-mapping�SSH public key attribute�SSSD Domains to start�SSSD Services to start�SSSD is not run by root.�SUDO provider�Scope of user lookups�Search base for HBAC related objects�Search base for object containing info about IPA domain�Search base for objects containing info about ID ranges�Selects the principal to use for FAST�Send the debug output to files instead of stderr�Server message: �Server where the change password service is running if not on the KDC�Service name attribute�Service name for DNS service lookups�Service port attribute�Service protocol attribute�Session-loading provider�Set lower boundary for allowed IDs from the LDAP server�Set the verbosity of the debug logging�Set upper boundary for allowed IDs from the LDAP server�Shell attribute�Shell to use if the provider does not list one�Should filtered users appear in groups�Show timestamps with microseconds�Specify a non-default config file�Specify an alternative skeleton directory�Specify debug level you want to set �Specify group to add �Specify group to add to �Specify group to delete �Specify group to modify �Specify group to remove from �Specify group to show �Specify the minimal SSF for LDAP sasl authorization�Specify the sasl authorization id to use�Specify the sasl authorization realm to use�Specify the sasl mechanism to use�Specify user to add �Specify user to delete �Specify user to modify �Store password hashes�Store password if offline for later online authentication�Substitute empty homedir value from the identity provider with this value�Sudo rule command attribute�Sudo rule host attribute�Sudo rule name�Sudo rule notafter attribute�Sudo rule notbefore attribute�Sudo rule option attribute�Sudo rule order attribute�Sudo rule runasgroup attribute�Sudo rule runasuser attribute�Sudo rule user attribute�System is offline, password change not possible�The GID of the group�The GID of the user�The SELinux user for user's login�The SSSD domain to use�The Schema Type in use on the LDAP server, rfc2307�The TTL to apply to the client's DNS entry after updating it�The UID of the user�The amount of time between lookups of the HBAC rules against the IPA server�The amount of time in seconds between lookups of the SELinux maps against the IPA server�The authentication token of the default bind DN�The automounter location this IPA client is using�The comment string�The debug level to run with�The default base DN�The default bind DN�The domain part of service discovery DNS query�The interface whose IP should be used for dynamic DNS updates�The list of shells that will be vetoed, and replaced with the fallback shell�The list of shells users are allowed to log in with�The name of the NSS library to use�The number of file descriptors that may be opened by this responder�The number of members that must be missing to trigger a full deref�The number of records to retrieve in a single LDAP query�The path to the proxy command must be absolute �The port to use to connect to the host�The post-delete command failed: %1$s �The selected GID is outside the allowed range �The selected UID is outside the allowed range �The type of the authentication token of the default bind DN�The value of the password field the NSS provider should return�Time between two checks for renewal�Timeout between three failed ping checks and forcibly killing the service�Timeout for messages sent over the SBUS�Transaction error. Could not add group. �Transaction error. Could not add user. �Transaction error. Could not modify group. �Transaction error. Could not modify user. �Treat usernames as case sensitive�UID attribute�URI of a backup LDAP server where password changes are allowed�URI of an LDAP server where password changes are allowed�UUID attribute�Unexpected error while looking for an error description�Unexpected format of the server credential message.�Unlock the account�Upper bound for ID-mapping�Use ID-mapping of objectSID instead of pre-set IDs�Use Kerberos auth for LDAP connection�Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups�Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups�Use autorid-compatible algorithm for ID-mapping�Use only the upper case for realm names�User %1$s is outside the defined ID range for domain �User not specified �User principal attribute (for Kerberos)�User's home directory already exists, not copying data from skeldir �Username attribute�Users that SSSD should explicitly ignore�WARNING: The user (uid %1$lu) was still logged in when deleted. �What kind of authentication should be used to perform the DNS update�What kind of messages are displayed to the user during authentication�Whether the LDAP library should perform a reverse lookup to canonicalize the host name during a SASL bind�Whether the nsupdate utility should default to using TCP�Whether the provider should explicitly update the PTR record as well�Whether to automatically update the client's DNS entry�Whether to automatically update the client's DNS entry in FreeIPA�Whether to create kdcinfo files�Whether to evaluate the time-based attributes in sudo rules�Whether to filter rules by hostname, IP addresses and network�Whether to hash host names and addresses in the known_hosts file�Whether to include rules that contains netgroup in host attribute�Whether to include rules that contains regular expression in host attribute�Whether to look up canonical group name from cache if possible�Whether to update the ldap_user_shadow_last_change attribute after a password change�Which attributes shall be used to evaluate if an account is expired�Which rules should be used to evaluate access control�Write debug messages to logfiles�Your password has expired. You have %1$d grace login(s) remaining.�Your password will expire in %1$d %2$s.�accountExpires attribute of AD�entryUSN attribute�krbLastPwdChange attribute�krbPasswordExpiration attribute�lastUSN attribute�ldap_backup_uri, The URI of the LDAP server�ldap_uri, The URI of the LDAP server�loginAllowedTimeMap attribute of NDS�loginDisabled attribute of NDS�loginExpirationTime attribute of NDS�memberOf attribute�nsAccountLock attribute�objectSID attribute�shadowExpire attribute�shadowFlag attribute�shadowInactive attribute�shadowLastChange attribute�shadowMax attribute�shadowMin attribute�shadowWarning attribute�userAccountControl attribute of AD�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: Piotr Drąg <piotrdrag@gmail.com> Language-Team: Polish (http://www.transifex.com/projects/p/fedora/language/pl/) Language: pl MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2); � � %1$sJest członkiem: � %1$sGrupy będące członkami: �%1$s musi zostać uruchomione jako root �%1$s%2$sGrupa: %3$s �%1$sNumer GID: %2$d �%1$sUżytkownicy będący członkami: �, hasło w pamięci podręcznej wygaśnie za: �Grupa o tej samej nazwie lub GID już istnieje �Użytkownik lub grupa o tej samej nazwie lub identyfikatorze już istnieje �Dostawca kontroli dostępu�Adres zapasowego serwera Active Directory�Nazwa komputera klienta Active Directory�Domena Active Directory�Atrybut głównej grupy Active Directory dla mapowania identyfikatorów�Adres serwera Active Directory�Dodaje czasy debugowania�Adres zapasowego serwera IPA�Wystąpił błąd, ale nie odnaleziono jego opisu.�Otwiera deskryptor pliku dla dzienników debugowania�Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne�Atrybut zawierający listę upoważnionych usług PAM�Atrybut zawierający listę upoważnionych komputerów serwerowych�Uwierzytelniono za pomocą danych z pamięci podręcznej�Uwierzytelnianie jest zabronione do: �Dostawca uwierzytelniania�Czas oczekiwania na uwierzytelnienie�Dostawca Autofs�Okres między automatycznymi pełnymi odświeżeniami�Okres między automatycznymi inteligentnymi odświeżeniami�Atrybut klucza wpisu mapy automountera�Atrybut wartości wpisu mapy automountera�Atrybut nazwy mapy automountera�Podstawowe DN dla wyszukiwań map automountera�Podstawowe DN dla wyszukiwania grup�Podstawowe DN dla wyszukiwania grupy sieciowej�Podstawowe DN do wyszukiwania usług�Podstawowe DN dla wyszukiwań reguł sudo�Podstawowe DN dla wyszukiwania użytkowników�Podstawa katalogów domowych�Uruchamia jako demon (domyślnie)�Dane uwierzytelniające pamięci podręcznej dla logowań w trybie offline�Nie można utworzyć katalogu domowego użytkownika: %1$s �Nie można utworzyć buforu poczty użytkownika: %1$s �Nie można określić, czy użytkownik był zalogowany na tej platformie�Nie można odnaleźć grupy %1$s w lokalnej domenie �Nie można odnaleźć grupy %1$s w lokalnej domenie, tylko grupy w lokalnej domenie są dozwolone �Nie można odnaleźć grupy w lokalnej domenie, modyfikowanie grup jest dozwolone tylko w lokalnej domenie �Nie można odnaleźć użytkownika w lokalnej domenie, modyfikowanie użytkowników jest dozwolone tylko w lokalnej domenie �Nie można uzyskać informacji o użytkowniku �Nie można usunąć katalogu domowego: %1$s �Nie można przywrócić kontekstu loginu SELinuksa �Nie można ustawić kontekstu loginu SELinuksa �Nie można ustawić domyślnych wartości �Lista dozwolonych użytkowników oddzielonych przecinkami�Lista zabronionych użytkowników oddzielonych przecinkami�Polecenie do uruchomienia usługi�Nie można przydzielić identyfikatora grupie - czy domena jest pełna? �Nie można przydzielić identyfikatora użytkownikowi - czy domena jest pełna? �Nie można zmodyfikować grupy - proszę sprawdzić, czy nazwa grupy jest poprawna �Nie można zmodyfikować grupy - proszę sprawdzić, czy nazwy członków grupy są poprawne �Nie można zmodyfikować użytkownika - proszę sprawdzić, czy nazwy grup są poprawne �Nie można zmodyfikować użytkownika - czy użytkownik jest już członkiem grup? �Nie można otworzyć dostępnych domen �Nie można otworzyć domeny %1$s. Jeśli domena jest poddomeną (zaufaną domeną), należy użyć w pełni kwalifikowanej nazwy zamiast parametru --domain/-d. �Nie można unieważnić %1$s�Nie można unieważnić %1$s %2$s�Utworzy katalog użytkownika, jeśli nie istnieje�Bieżące hasło: �Nazwa usługi DNS serwera zmiany hasła LDAP�Poziom debugowania�Domyślna powłoka, /bin/bash�Katalog w systemie plików, w którym SSSD powinno przechowywać pliki pamięci podręcznej odtwarzania Kerberosa.�Katalog do przechowywania pamięci podręcznych danych uwierzytelniających�Wyłącza pobieranie zakresu Active Directory�Wyłącza kontrolę stronicowania LDAP�Wyświetla użytkowników/grupy w pełnej formie�Nie usuwa katalogu domowego i bufora poczty�Domena dostawcy informacji (wymagane)�Domeny do dodania do nazw bez składnika domeny.�Bez dołączania członków grup w wyszukiwaniach grup�Włącza witryny DNS - wykrywanie usług w oparciu o położenie�Włącza sprawdzanie danych uwierzytelniających�Włącza wyliczanie wszystkich użytkowników/grup�Włącza FAST�Włącza naczelników enterprise�Włącza ujednolicanie naczelnika�Czas oczekiwania aktualizacji tła pamięci podręcznej wpisów (sekundy)�Czas oczekiwania pamięci podręcznej wpisów (sekundy)�Czas oczekiwania pamięci podręcznej wyliczania (sekundy)�Błąd podczas inicjowania narzędzi �Błąd podczas inicjowania narzędzi - brak lokalnej domeny �Błąd podczas wyszukiwania kluczy publicznych �Błąd podczas ustawiania lokalizacji �Błąd podczas sprawdzania, czy użytkownik był zalogowany �Plik zawierający certyfikaty CA�Plik zawierający certyfikat klienta�Plik zawierający klucz klienta�Filtruje wyszukiwania użytkowników�Podąża za odsyłaniami LDAP�Wymusza usunięcie plików, których właścicielem nie jest użytkownik�Imię i nazwisko�Atrybut GECOS�Atrybut GID�Grupa %1$s jest poza określonym zakresem identyfikatorów dla domeny �Atrybut UUID grupy�Atrybut elementu grupy�Nazwa grupy�Hasło grupy�Grupy�Grupy muszą być w tej samej domenie co użytkownik �Grupy, które powinny być bezpośrednio ignorowane przez SSSD�Grupy, do których dodać tę grupę�Grupy, do których dodać tego użytkownika�Grupy, z których usunąć tę grupę�Grupy, z których usunąć tego użytkownika�Katalog domowy�Atrybut katalogu domowego�Dostawca tożsamości komputera�Nie podano komputera �Nazwy komputerów i/lub pełne kwalifikowane nazwy domen tego komputera do filtrowania reguł sudo�Ile czasu (minut) nie pozwalać na zalogowanie po osiągnięciu offline_failed_login_attempts�Jak długo umożliwiać logowania w pamięci podręcznej między logowaniami w trybie online (dni)�Jak długo utrzymywać wpisy logowania w pamięci podręcznej po ostatnim udanym zalogowaniu (dni)�Jak długo utrzymywać połączenie z serwerem LDAP przed rozłączeniem�Jak długo czekać na odpowiedzi od serwera DNS podczas rozwiązywania serwerów (sekundy)�Jak długo wpisy pamięci podręcznej in-memory są prawidłowe�Ile dni przed wygaśnięciem hasła wyświetlić ostrzeżenie�Ile nieudanych prób zalogowania jest dozwolonych w trybie offline�Ile sekund przechowywać komputer w pliku known_hosts po zażądaniu jego kluczy�Ile sekund zatrzymać informacje o tożsamości w pamięci podręcznej dla żądań PAM�Jak często odświeżać w tle wygasłe wpisy�Jak często okresowo aktualizować wpis DNS klienta�Jak wskazywać aliasy�Nazwa komputera klienta IPA�Domena IPA�Adres serwera IPA�Adresy lub sieci IPv4 lub IPv6 tego komputera do filtrowania reguł sudo�Dostawca tożsamości�Czas bezczynności przed automatycznym rozłączeniem klienta�Jeśli reguły DENY są dostępne, to DENY_ALL lub IGNORE�Jeśli powłoka przechowywana w katalogu centralnym jest dozwolona, ale nie jest dostępna, to zostanie użyta ta powłoka zastępcza�Jeśli ustawiono na fałsz, to parametr komputera podany przez PAM zostanie zignorowany�Dołączanie mikrosekund w datach w dziennikach debugowania�Dołącza daty w dziennikach debugowania�Wewnętrzny błąd podczas przetwarzania parametrów �Wewnętrzny błąd. Nie można wydrukować grupy. �Wewnętrzny błąd. Nie można usunąć grupy. �Wewnętrzny błąd. Nie można usunąć użytkownika. �Podano nieprawidłową domenę w FQDN �Nieprawidłowy port �Unieważnia wszystkie mapy autofs�Unieważnia wszystkie grupy�Unieważnia wszystkie grupy sieciowe�Unieważnia wszystkie usługi�Unieważnia wszystkich użytkowników�Unieważnia podaną mapę autofs�Unieważnia podaną grupę�Unieważnia podaną grupę sieciową�Unieważnia podaną usługę�Unieważnia podanego użytkownika�Adres zapasowego serwera Kerberos�Obszar Kerberos�Adres serwera Kerberos�Tablica kluczy usługi Kerberos�Usuwa procesy użytkownika przed jego usunięciem�Filtr LDAP do określenia uprawnień dostępu�Czas między próbami ponownego połączenia w trybie offline�Czas między czyszczeniem pamięci podręcznej�Czas między aktualizacjami wyliczania�Czas do próby połączenia�Czas do próby synchronicznych działań LDAP�Czas oczekiwania na żądanie wyliczenia�Czas oczekiwania na żądanie wyszukiwania�Czas trwania TGT dla połączenia LDAP�Czas trwania TGT�Lista UID lub nazw użytkowników mających dostęp do programu odpowiadającego PAC�Lista możliwych zestawów szyfrów�Położenie tablicy kluczy do sprawdzania danych uwierzytelniających�Położenie pamięci podręcznej danych uwierzytelniających użytkownika�Zablokowanie konta�Powłoka logowania�Niższa granica dla mapowania identyfikatorów�Prywatne magic �Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała�Maksymalny identyfikator użytkownika�Członkowie grupy muszą być w tej samej domenie co grupa nadrzędna �Minimalny identyfikator użytkownika�Atrybut czasu modyfikacji�Atrybut czasu modyfikacji grup�Atrybut czasu modyfikacji grup sieciowych�Żądanie NSS się nie powiodło (%1$d). Wpis może zostać w pamięci podręcznej. �Nazwa "%1$s" nie jest FQDN (ustawione jest "%2$s = TRUE") �Nazwa domyślnej domeny dla mapowania identyfikatorów�Ujemny czas oczekiwania pamięci podręcznej (sekundy)�Atrybut UUID grupy sieciowej�Nazwa grupy sieciowej�Potrójny atrybut grupy sieciowej�Atrybut elementów grupy sieciowej�Nigdy nie tworzy katalogu użytkownika, zastępuje konfigurację�Nowe hasło: �Żaden obiekt pamięci podręcznej nie pasuje do podanego wyszukiwania �Nie ma takiej grupy w lokalnej domenie. Drukowanie grup jest dozwolone tylko w lokalnej domenie. �Nie ma takiej grupy w lokalnej domenie. Usuwanie grup jest dozwolone tylko w lokalnej domenie. �Nie ma takiego użytkownika w lokalnej domenie. Usuwanie użytkowników jest dozwolone tylko w lokalnej domenie. �Brak pamięci �Katalog domowy nie zostanie usunięty - użytkownik nie jest właścicielem �Liczba identyfikatorów dla każdego kawałka podczas mapowania identyfikatorów�Liczba prób połączenia do dostawców danych�Klasa obiektów dla wpisów map automountera�Klasa obiektów dla map automountera�Klasa obiektów dla reguł sudo�Klasa obiektów dla grup�Klasa obiektów dla grup sieciowych�Klasa obiektów dla usług�Klasa obiektów dla użytkowników�Unieważnia wpisy tylko z podanej domeny�Oczekiwano tylko jednego parametru �Brak pamięci �Zastępuje wartość GID z dostawcy tożsamości tą wartością�Zastępuje wartość katalogu domowego z dostawcy tożsamości tą wartością�Zastępuje wartość powłoki od dostawcy tożsamości tą wartością�Używany stos PAM�Zmiana hasła nie powiodła się. �Dostawca zmiany hasła�Hasło wygasło. Proszę je zmienić teraz.�Przywrócenie hasła przez użytkownika root nie jest obsługiwane.�Hasło: �Hasła nie zgadzają się�Ścieżka do katalogu certyfikatów CA�Czas oczekiwania na ping przed ponownym uruchomieniem usługi�Proszę wybrać co najmniej jeden obiekt do unieważnienia �Polityka do oszacowania wygaszenia hasła�Pierwszy atrybut GID�Rekursywnie drukuje niebezpośrednich członków grupy�Wyświetla numer wersji i kończy działanie�Format zgodny z printf do wyświetlania pełnych nazw�Uprawnione gniazdo posiada błędnego właściciela lub uprawnienia.�Publiczne gniazdo posiada błędnego właściciela lub uprawnienia�Proszę ponownie podać nowe hasło: �Wyrażenie regularne do przetworzenia nazwy użytkownika i domeny�Usuwa katalog domowy i bufor poczty�Odnawialny czas trwania TGT�Wymaga sprawdzenia certyfikatu TLS�Wymaga TLS dla wyszukiwania identyfikatorów�Ogranicza lub preferuje podaną rodzinę adresów podczas wykonywania wyszukiwań DNS�Uruchamia interaktywnie (nie jako demon)�SID domyślnej domeny dla mapowania identyfikatorów�Atrybut klucza publicznego SSH�Domeny SSSD do uruchomienia�Usługi SSSD do uruchomienia�SSSD nie zostało uruchomione w trybie roota.�Dostawca SUDO�Zakres wyszukiwania użytkowników�Wyszukiwanie podstawy pod kątem obiektów związanych z HBAC�Podstawa wyszukiwania dla obiektów zawierających informacje o domenie IPA�Podstawa wyszukiwania dla obiektów zawierających informacje o zakresach identyfikatorów�Wybiera naczelnika do użycia dla FAST�Wysyła wyjście debugowania do plików, zamiast do standardowego wyjścia błędów�Komunikat serwera: �Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje się w KDC�Atrybut nazwy usługi�Nazwa usługi do wyszukiwań usługi DNS�Atrybut portu usługi�Atrybut protokołu usługi�Dostawca wczytywania sesji�Ustawia dolną granicę dla dozwolonych identyfikatorów z serwera LDAP�Ustawia liczbę komunikatów dziennika debugowania�Ustawia górną granicę dla dozwolonych identyfikatorów z serwera LDAP�Atrybut powłoki�Powłoka do użycia, jeśli dostawca nie dostarcza żadnej�Czy filtrowani użytkownicy powinni pojawiać się w grupach�Wyświetlanie dat z mikrosekundami�Podaje niedomyślny plik konfiguracji�Proszę podać alternatywny katalog szkieletu�Podaje poziom debugowania do ustawienia �Proszę podać grupę do dodania �Proszę podać grupę, do której dodać �Proszę podać grupę do usunięcia �Proszę podać grupę do zmodyfikowania �Proszę podać grupę, z której usunąć �Proszę podać grupę do wyświetlenia �Podaje minimalne SSF dla upoważnienia sasl LDAP�Podaje używany identyfikator upoważnienia SASL�Podaje obszar upoważnienia SASL do użycia�Podaje używany mechanizm SASL�Proszę podać użytkownika do dodania �Proszę podać użytkownika do usunięcia �Proszę podać użytkownika do zmodyfikowania �Przechowuje mieszanie haseł�Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia w trybie online�Zastępuje pustą wartość katalogu domowego z dostawcy tożsamości tą wartością�Atrybut polecenia reguły sudo�Atrybut komputera reguły sudo�Nazwa reguły sudo�Atrybut notafter reguły sudo�Atrybut notbefore reguły sudo�Atrybut opcji reguły sudo�Atrybut kolejności reguły sudo�Atrybut runasgroup reguły sudo�Atrybut runasuser reguły sudo�Atrybut użytkownika reguły sudo�System jest w trybie offline, zmiana hasła nie jest możliwa�GID grupy�GID użytkownika�Użytkownik SELinuksa dla loginu użytkownika�Domena SSSD do użycia�Typ Schema do użycia na serwerze LDAP, RFC2307�TTL do zastosowania do wpisu DNS klienta po jego zaktualizowaniu�UID użytkownika�Czas między wyszukiwaniami reguł HBAC w serwerze IPA�Czas w sekundach między wyszukiwaniami map SELinuksa w serwerze IPA�Token uwierzytelniania domyślnego DN dowiązania�Położenie automountera, którego używa ten klient IPA�Ciąg komentarza�Poziom debugowania, z jakim uruchomić�Domyślna podstawowa DN�Domyślne DN dowiązania�Część domeny zapytania DNS wykrywania usługi�Interfejs, którego adres IP powinien być używany do dynamicznych aktualizacji DNS�Lista powłok, które zostaną zawetowane i zastąpione powłoką zastępczą�Lista powłok, za pomocą których użytkownicy mogą się logować�Nazwa używanej biblioteki NSS�Liczba deskryptorów plików, które mogą być otwarte przez ten program odpowiadający�Suma liczb, których musi brakować, aby wywołać pełne "deref"�Liczba wpisów do pobrania w jednym zapytaniu LDAP�Ścieżka do polecenia pośrednika musi być bezwzględna �Port do użycia do połączenia z komputerem�Polecenie po usunięciu nie powiodło się: %1$s �Wybrany GID jest spoza dozwolonego zakresu �Wybrany UID jest spoza dozwolonego zakresu �Typ tokenu uwierzytelniania domyślnego DN dowiązania�Wartość pola hasła, jaką dostawca NSS powinien zwrócić�Czas między dwoma sprawdzaniami odnowy�Czas oczekiwania między trzema sprawdzeniami ping i wymuszeniem zakończenia usługi�Czas oczekiwania na komunikaty wysyłane przez SBUS�Błąd transakcji. Nie można dodać grupy. �Błąd transakcji. Nie można dodać użytkownika. �Błąd transakcji. Nie można zmodyfikować grupy. �Błąd transakcji. Nie można zmodyfikować użytkownika. �Rozróżnianie wielkości liter w nazwach użytkowników�Atrybut UID�Adres URI zapasowego serwera LDAP, gdzie zmiany hasła są dozwolone�Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone�Atrybut UUID�Nieoczekiwany błąd podczas wyszukiwania opisu błędu�Nieoczekiwany format komunikatu uwierzytelniającego serwera.�Odblokowanie konta�Wyższa granica dla mapowania identyfikatorów�Używa mapowania identyfikatorów objectSID zamiast uprzednio ustawionych identyfikatorów�Używa uwierzytelniania Kerberos dla połączenia LDAP�Użycie LDAP_MATCHING_RULE_IN_CHAIN do wyszukiwania grup�Użycie LDAP_MATCHING_RULE_IN_CHAIN do wyszukiwania grup inicjacyjnych�Używa algorytmu zgodnego z autorid do mapowania identyfikatorów�Użycie tylko małych znaków w nazwach obszarów�Użytkownik %1$s jest poza określonym zakresem identyfikatorów dla domeny �Nie podano użytkownika �Atrybut głównego użytkownika (dla Kerberos)�Katalog domowy użytkownika już istnieje, dane z katalogu szkieletu nie zostaną skopiowane �Atrybut nazwy użytkownika�Użytkownicy, którzy powinni być bezpośrednio ignorowani przez SSSD�OSTRZEŻENIE: użytkownik (UID %1$lu) był zalogowany podczas jego usunięcia. �Jakiego rodzaju uwierzytelnianie powinno być używane do wykonywania aktualizacji DNS�Jaki rodzaj komunikatów wyświetlać użytkownikowi podczas uwierzytelniania�Określa, czy biblioteka LDAP powinna wykonywać odwrotne wyszukanie, aby ujednolicić nazwę komputera podczas dowiązania SASL�Określa, czy narzędzie nsupdate powinno domyślnie używać portu TCP�Określa, czy dostawca powinien aktualizować także wpis PTR�Czy automatycznie aktualizować wpis DNS klienta�Czy automatycznie aktualizować wpis DNS klienta w oprogramowaniu FreeIPA�Określa, czy tworzyć pliki kdcinfo�Określa, czy szacować atrybuty oparte na czasie w regułach sudo�Określa, czy filtrować reguły według nazwy komputera, adresów IP i sieci�Określa, czy mieszać nazwy komputerów i adresy w pliku known_hosts�Określa, czy zawierać reguły zawierające grupy sieciowe w atrybucie komputera�Określa, czy zawierać reguły zawierające wyrażenia regularne w atrybucie komputera�Określa, czy wyszukiwać kanoniczną nazwę grupy w pamięci podręcznej, jeśli to możliwe�Określa, czy zaktualizować atrybut ldap_user_shadow_last_change po zmianie hasła�Które atrybuty powinny być używane do sprawdzenia, czy konto wygasło�Które reguły powinny być używane do sprawdzania kontroli dostępu�Zapisuje komunikaty debugowania do plików dziennika�Hasło wygasło. Pozostało %1$d możliwych logowań.�Hasło wygaśnie za %1$d %2$s.�Atrybut accountExpires AD�Atrybut entryUSN�Atrybut krbLastPwdChange�Atrybut krbPasswordExpiration�Atrybut lastUSN�ldap_backup_uri, adres URI serwera LDAP�ldap_uri, adres URI serwera LDAP�Atrybut loginAllowedTimeMap NDS�Atrybut loginDisabled NDS�Atrybut loginExpirationTime NDS�Atrybut memberOf�Atrybut nsAccountLock�Atrybut objectSID�Atrybut shadowExpire�Atrybut shadowFlag�Atrybut shadowInactive�Atrybut shadowLastChange�Atrybut shadowMax�Atrybut shadowMin�Atrybut shadowWarning�Atrybut userAccountControl AD������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/pl.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015144� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954962.097874623 30 ctime=1396954962.540874296 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/pl.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000173771�12320753107�015406� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Piotr Drąg <piotrdrag@gmail.com>, 2011-2013 # sgallagh <sgallagh@redhat.com>, 2011 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n" "Language-Team: Polish (http://www.transifex.com/projects/p/fedora/language/" "pl/)\n" "Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "Ustawia liczbę komunikatów dziennika debugowania" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "Dołącza daty w dziennikach debugowania" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "Dołączanie mikrosekund w datach w dziennikach debugowania" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "Zapisuje komunikaty debugowania do plików dziennika" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "Czas oczekiwania na ping przed ponownym uruchomieniem usługi" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" "Czas oczekiwania między trzema sprawdzeniami ping i wymuszeniem zakończenia " "usługi" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "Polecenie do uruchomienia usługi" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "Liczba prób połączenia do dostawców danych" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" "Liczba deskryptorów plików, które mogą być otwarte przez ten program " "odpowiadający" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "Czas bezczynności przed automatycznym rozłączeniem klienta" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "Usługi SSSD do uruchomienia" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "Domeny SSSD do uruchomienia" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "Czas oczekiwania na komunikaty wysyłane przez SBUS" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "Wyrażenie regularne do przetworzenia nazwy użytkownika i domeny" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "Format zgodny z printf do wyświetlania pełnych nazw" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "Katalog w systemie plików, w którym SSSD powinno przechowywać pliki pamięci " "podręcznej odtwarzania Kerberosa." #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "Domeny do dodania do nazw bez składnika domeny." #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "Czas oczekiwania pamięci podręcznej wyliczania (sekundy)" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "Czas oczekiwania aktualizacji tła pamięci podręcznej wpisów (sekundy)" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "Ujemny czas oczekiwania pamięci podręcznej (sekundy)" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "Użytkownicy, którzy powinni być bezpośrednio ignorowani przez SSSD" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "Grupy, które powinny być bezpośrednio ignorowane przez SSSD" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "Czy filtrowani użytkownicy powinni pojawiać się w grupach" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "Wartość pola hasła, jaką dostawca NSS powinien zwrócić" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "Zastępuje wartość katalogu domowego z dostawcy tożsamości tą wartością" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" "Zastępuje pustą wartość katalogu domowego z dostawcy tożsamości tą wartością" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "Zastępuje wartość powłoki od dostawcy tożsamości tą wartością" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "Lista powłok, za pomocą których użytkownicy mogą się logować" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "Lista powłok, które zostaną zawetowane i zastąpione powłoką zastępczą" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" "Jeśli powłoka przechowywana w katalogu centralnym jest dozwolona, ale nie " "jest dostępna, to zostanie użyta ta powłoka zastępcza" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "Powłoka do użycia, jeśli dostawca nie dostarcza żadnej" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "Jak długo wpisy pamięci podręcznej in-memory są prawidłowe" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" "Jak długo umożliwiać logowania w pamięci podręcznej między logowaniami w " "trybie online (dni)" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "Ile nieudanych prób zalogowania jest dozwolonych w trybie offline" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" "Ile czasu (minut) nie pozwalać na zalogowanie po osiągnięciu " "offline_failed_login_attempts" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" "Jaki rodzaj komunikatów wyświetlać użytkownikowi podczas uwierzytelniania" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" "Ile sekund zatrzymać informacje o tożsamości w pamięci podręcznej dla żądań " "PAM" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "Ile dni przed wygaśnięciem hasła wyświetlić ostrzeżenie" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "Określa, czy szacować atrybuty oparte na czasie w regułach sudo" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "Określa, czy mieszać nazwy komputerów i adresy w pliku known_hosts" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" "Ile sekund przechowywać komputer w pliku known_hosts po zażądaniu jego kluczy" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" "Lista UID lub nazw użytkowników mających dostęp do programu odpowiadającego " "PAC" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Dostawca tożsamości" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Dostawca uwierzytelniania" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "Dostawca kontroli dostępu" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "Dostawca zmiany hasła" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "Dostawca SUDO" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "Dostawca Autofs" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "Dostawca wczytywania sesji" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "Dostawca tożsamości komputera" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "Minimalny identyfikator użytkownika" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "Maksymalny identyfikator użytkownika" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "Włącza wyliczanie wszystkich użytkowników/grup" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "Dane uwierzytelniające pamięci podręcznej dla logowań w trybie offline" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "Przechowuje mieszanie haseł" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "Wyświetla użytkowników/grupy w pełnej formie" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "Bez dołączania członków grup w wyszukiwaniach grup" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "Czas oczekiwania pamięci podręcznej wpisów (sekundy)" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Ogranicza lub preferuje podaną rodzinę adresów podczas wykonywania " "wyszukiwań DNS" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Jak długo utrzymywać wpisy logowania w pamięci podręcznej po ostatnim udanym " "zalogowaniu (dni)" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" "Jak długo czekać na odpowiedzi od serwera DNS podczas rozwiązywania serwerów " "(sekundy)" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "Część domeny zapytania DNS wykrywania usługi" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "Zastępuje wartość GID z dostawcy tożsamości tą wartością" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "Rozróżnianie wielkości liter w nazwach użytkowników" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "Jak często odświeżać w tle wygasłe wpisy" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "Czy automatycznie aktualizować wpis DNS klienta" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "TTL do zastosowania do wpisu DNS klienta po jego zaktualizowaniu" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "Interfejs, którego adres IP powinien być używany do dynamicznych " "aktualizacji DNS" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "Jak często okresowo aktualizować wpis DNS klienta" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "Określa, czy dostawca powinien aktualizować także wpis PTR" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "Określa, czy narzędzie nsupdate powinno domyślnie używać portu TCP" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" "Jakiego rodzaju uwierzytelnianie powinno być używane do wykonywania " "aktualizacji DNS" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 #, fuzzy msgid "How often should subdomains list be refreshed" msgstr "Jak często odświeżać w tle wygasłe wpisy" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "Domena IPA" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "Adres serwera IPA" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "Adres zapasowego serwera IPA" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "Nazwa komputera klienta IPA" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Czy automatycznie aktualizować wpis DNS klienta w oprogramowaniu FreeIPA" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "Wyszukiwanie podstawy pod kątem obiektów związanych z HBAC" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "Czas między wyszukiwaniami reguł HBAC w serwerze IPA" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "Czas w sekundach między wyszukiwaniami map SELinuksa w serwerze IPA" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "Jeśli reguły DENY są dostępne, to DENY_ALL lub IGNORE" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Jeśli ustawiono na fałsz, to parametr komputera podany przez PAM zostanie " "zignorowany" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "Położenie automountera, którego używa ten klient IPA" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" "Podstawa wyszukiwania dla obiektów zawierających informacje o domenie IPA" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" "Podstawa wyszukiwania dla obiektów zawierających informacje o zakresach " "identyfikatorów" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "Włącza witryny DNS - wykrywanie usług w oparciu o położenie" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "Domena Active Directory" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "Adres serwera Active Directory" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "Adres zapasowego serwera Active Directory" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "Nazwa komputera klienta Active Directory" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Adres serwera Kerberos" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "Adres zapasowego serwera Kerberos" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Obszar Kerberos" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "Czas oczekiwania na uwierzytelnienie" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "Określa, czy tworzyć pliki kdcinfo" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "" "Katalog do przechowywania pamięci podręcznych danych uwierzytelniających" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "Włącza sprawdzanie danych uwierzytelniających" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" "Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia w " "trybie online" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "Odnawialny czas trwania TGT" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "Czas trwania TGT" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "Czas między dwoma sprawdzaniami odnowy" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "Włącza FAST" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "Wybiera naczelnika do użycia dla FAST" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "Włącza ujednolicanie naczelnika" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "Włącza naczelników enterprise" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje " "się w KDC" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, adres URI serwera LDAP" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, adres URI serwera LDAP" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "Domyślna podstawowa DN" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "Domyślne DN dowiązania" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "Token uwierzytelniania domyślnego DN dowiązania" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "Czas do próby połączenia" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Czas do próby synchronicznych działań LDAP" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "Czas między próbami ponownego połączenia w trybie offline" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "Użycie tylko małych znaków w nazwach obszarów" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "Plik zawierający certyfikaty CA" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "Ścieżka do katalogu certyfikatów CA" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "Plik zawierający certyfikat klienta" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "Plik zawierający klucz klienta" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "Lista możliwych zestawów szyfrów" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "Wymaga sprawdzenia certyfikatu TLS" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "Podaje używany mechanizm SASL" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "Podaje używany identyfikator upoważnienia SASL" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "Podaje obszar upoważnienia SASL do użycia" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "Tablica kluczy usługi Kerberos" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "Podąża za odsyłaniami LDAP" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "Czas trwania TGT dla połączenia LDAP" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "Jak wskazywać aliasy" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "Nazwa usługi do wyszukiwań usługi DNS" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "Liczba wpisów do pobrania w jednym zapytaniu LDAP" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "Suma liczb, których musi brakować, aby wywołać pełne \"deref\"" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" "Określa, czy biblioteka LDAP powinna wykonywać odwrotne wyszukanie, aby " "ujednolicić nazwę komputera podczas dowiązania SASL" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "Atrybut entryUSN" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "Atrybut lastUSN" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "Jak długo utrzymywać połączenie z serwerem LDAP przed rozłączeniem" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "Wyłącza kontrolę stronicowania LDAP" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "Wyłącza pobieranie zakresu Active Directory" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "Czas oczekiwania na żądanie wyszukiwania" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "Czas oczekiwania na żądanie wyliczenia" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "Czas między aktualizacjami wyliczania" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "Czas między czyszczeniem pamięci podręcznej" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "Wymaga TLS dla wyszukiwania identyfikatorów" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" "Używa mapowania identyfikatorów objectSID zamiast uprzednio ustawionych " "identyfikatorów" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "Podstawowe DN dla wyszukiwania użytkowników" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "Zakres wyszukiwania użytkowników" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "Filtruje wyszukiwania użytkowników" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "Klasa obiektów dla użytkowników" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "Atrybut nazwy użytkownika" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "Atrybut UID" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "Pierwszy atrybut GID" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "Atrybut GECOS" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "Atrybut katalogu domowego" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "Atrybut powłoki" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "Atrybut UUID" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "Atrybut objectSID" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "Atrybut głównej grupy Active Directory dla mapowania identyfikatorów" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "Atrybut głównego użytkownika (dla Kerberos)" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Imię i nazwisko" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "Atrybut memberOf" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "Atrybut czasu modyfikacji" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "Atrybut shadowLastChange" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "Atrybut shadowMin" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "Atrybut shadowMax" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "Atrybut shadowWarning" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "Atrybut shadowInactive" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "Atrybut shadowExpire" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "Atrybut shadowFlag" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "Atrybut zawierający listę upoważnionych usług PAM" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "Atrybut zawierający listę upoważnionych komputerów serwerowych" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "Atrybut krbLastPwdChange" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "Atrybut krbPasswordExpiration" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "Atrybut accountExpires AD" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "Atrybut userAccountControl AD" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "Atrybut nsAccountLock" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "Atrybut loginDisabled NDS" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "Atrybut loginExpirationTime NDS" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "Atrybut loginAllowedTimeMap NDS" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "Atrybut klucza publicznego SSH" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "Podstawowe DN dla wyszukiwania grup" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "Klasa obiektów dla grup" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "Nazwa grupy" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "Hasło grupy" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "Atrybut GID" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "Atrybut elementu grupy" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "Atrybut UUID grupy" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "Atrybut czasu modyfikacji grup" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "Klasa obiektów dla grup sieciowych" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "Nazwa grupy sieciowej" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "Atrybut elementów grupy sieciowej" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "Potrójny atrybut grupy sieciowej" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "Atrybut UUID grupy sieciowej" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "Atrybut czasu modyfikacji grup sieciowych" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "Podstawowe DN do wyszukiwania usług" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "Klasa obiektów dla usług" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "Atrybut nazwy usługi" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "Atrybut portu usługi" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "Atrybut protokołu usługi" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "Niższa granica dla mapowania identyfikatorów" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "Wyższa granica dla mapowania identyfikatorów" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" "Liczba identyfikatorów dla każdego kawałka podczas mapowania identyfikatorów" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "Używa algorytmu zgodnego z autorid do mapowania identyfikatorów" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "Nazwa domyślnej domeny dla mapowania identyfikatorów" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "SID domyślnej domeny dla mapowania identyfikatorów" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "Użycie LDAP_MATCHING_RULE_IN_CHAIN do wyszukiwania grup" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "Użycie LDAP_MATCHING_RULE_IN_CHAIN do wyszukiwania grup inicjacyjnych" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "Ustawia dolną granicę dla dozwolonych identyfikatorów z serwera LDAP" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "Ustawia górną granicę dla dozwolonych identyfikatorów z serwera LDAP" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "Polityka do oszacowania wygaszenia hasła" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "Filtr LDAP do określenia uprawnień dostępu" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "Które atrybuty powinny być używane do sprawdzenia, czy konto wygasło" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "Które reguły powinny być używane do sprawdzania kontroli dostępu" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "Adres URI zapasowego serwera LDAP, gdzie zmiany hasła są dozwolone" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" "Określa, czy zaktualizować atrybut ldap_user_shadow_last_change po zmianie " "hasła" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "Podstawowe DN dla wyszukiwań reguł sudo" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "Okres między automatycznymi pełnymi odświeżeniami" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "Okres między automatycznymi inteligentnymi odświeżeniami" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" "Określa, czy filtrować reguły według nazwy komputera, adresów IP i sieci" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" "Nazwy komputerów i/lub pełne kwalifikowane nazwy domen tego komputera do " "filtrowania reguł sudo" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "Adresy lub sieci IPv4 lub IPv6 tego komputera do filtrowania reguł sudo" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Określa, czy zawierać reguły zawierające grupy sieciowe w atrybucie komputera" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Określa, czy zawierać reguły zawierające wyrażenia regularne w atrybucie " "komputera" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "Klasa obiektów dla reguł sudo" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "Nazwa reguły sudo" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "Atrybut polecenia reguły sudo" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "Atrybut komputera reguły sudo" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "Atrybut użytkownika reguły sudo" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "Atrybut opcji reguły sudo" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "Atrybut runasuser reguły sudo" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "Atrybut runasgroup reguły sudo" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "Atrybut notbefore reguły sudo" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "Atrybut notafter reguły sudo" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "Atrybut kolejności reguły sudo" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "Klasa obiektów dla map automountera" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "Atrybut nazwy mapy automountera" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "Klasa obiektów dla wpisów map automountera" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "Atrybut klucza wpisu mapy automountera" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "Atrybut wartości wpisu mapy automountera" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "Podstawowe DN dla wyszukiwań map automountera" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "Lista zabronionych użytkowników oddzielonych przecinkami" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Domyślna powłoka, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "Podstawa katalogów domowych" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "Nazwa używanej biblioteki NSS" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" "Określa, czy wyszukiwać kanoniczną nazwę grupy w pamięci podręcznej, jeśli " "to możliwe" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "Używany stos PAM" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "Uruchamia jako demon (domyślnie)" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "Uruchamia interaktywnie (nie jako demon)" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "Podaje niedomyślny plik konfiguracji" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "Wyświetla numer wersji i kończy działanie" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "Poziom debugowania" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "Dodaje czasy debugowania" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "Wyświetlanie dat z mikrosekundami" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "Otwiera deskryptor pliku dla dzienników debugowania" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "Domena dostawcy informacji (wymagane)" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "Uprawnione gniazdo posiada błędnego właściciela lub uprawnienia." #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "Publiczne gniazdo posiada błędnego właściciela lub uprawnienia" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "Nieoczekiwany format komunikatu uwierzytelniającego serwera." #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "SSSD nie zostało uruchomione w trybie roota." #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "Wystąpił błąd, ale nie odnaleziono jego opisu." #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "Hasła nie zgadzają się" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "Przywrócenie hasła przez użytkownika root nie jest obsługiwane." #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "Uwierzytelniono za pomocą danych z pamięci podręcznej" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr ", hasło w pamięci podręcznej wygaśnie za: " #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Hasło wygasło. Pozostało %1$d możliwych logowań." #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Hasło wygaśnie za %1$d %2$s." #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "Uwierzytelnianie jest zabronione do: " #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "System jest w trybie offline, zmiana hasła nie jest możliwa" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "Zmiana hasła nie powiodła się. " #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "Komunikat serwera: " #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Nowe hasło: " #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Proszę ponownie podać nowe hasło: " #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Hasło: " #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Bieżące hasło: " #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "Hasło wygasło. Proszę je zmienić teraz." #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "Poziom debugowania, z jakim uruchomić" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "Domena SSSD do użycia" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "Błąd podczas ustawiania lokalizacji\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "Brak pamięci\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "Nie podano użytkownika\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "Błąd podczas wyszukiwania kluczy publicznych\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "Port do użycia do połączenia z komputerem" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "Nieprawidłowy port\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "Nie podano komputera\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "Ścieżka do polecenia pośrednika musi być bezwzględna\n" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "UID użytkownika" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "Ciąg komentarza" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Katalog domowy" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Powłoka logowania" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Grupy" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Utworzy katalog użytkownika, jeśli nie istnieje" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "Nigdy nie tworzy katalogu użytkownika, zastępuje konfigurację" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "Proszę podać alternatywny katalog szkieletu" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "Użytkownik SELinuksa dla loginu użytkownika" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "Proszę podać grupę, do której dodać\n" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "Proszę podać użytkownika do dodania\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "Błąd podczas inicjowania narzędzi - brak lokalnej domeny\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "Błąd podczas inicjowania narzędzi\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "Podano nieprawidłową domenę w FQDN\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "Wewnętrzny błąd podczas przetwarzania parametrów\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "Grupy muszą być w tej samej domenie co użytkownik\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "Nie można odnaleźć grupy %1$s w lokalnej domenie\n" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "Nie można ustawić domyślnych wartości\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "Wybrany UID jest spoza dozwolonego zakresu\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "Nie można ustawić kontekstu loginu SELinuksa\n" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "Nie można uzyskać informacji o użytkowniku\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "Katalog domowy użytkownika już istnieje, dane z katalogu szkieletu nie " "zostaną skopiowane\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "Nie można utworzyć katalogu domowego użytkownika: %1$s\n" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "Nie można utworzyć buforu poczty użytkownika: %1$s\n" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" "Nie można przydzielić identyfikatora użytkownikowi - czy domena jest pełna?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "" "Użytkownik lub grupa o tej samej nazwie lub identyfikatorze już istnieje\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "Błąd transakcji. Nie można dodać użytkownika.\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "GID grupy" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "Proszę podać grupę do dodania\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "Wybrany GID jest spoza dozwolonego zakresu\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "Nie można przydzielić identyfikatora grupie - czy domena jest pełna?\n" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "Grupa o tej samej nazwie lub GID już istnieje\n" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "Błąd transakcji. Nie można dodać grupy.\n" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "Proszę podać grupę do usunięcia\n" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "Grupa %1$s jest poza określonym zakresem identyfikatorów dla domeny\n" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" "Żądanie NSS się nie powiodło (%1$d). Wpis może zostać w pamięci podręcznej.\n" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" "Nie ma takiej grupy w lokalnej domenie. Usuwanie grup jest dozwolone tylko w " "lokalnej domenie.\n" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "Wewnętrzny błąd. Nie można usunąć grupy.\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "Grupy, do których dodać tę grupę" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "Grupy, z których usunąć tę grupę" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "Proszę podać grupę, z której usunąć\n" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "Proszę podać grupę do zmodyfikowania\n" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" "Nie można odnaleźć grupy w lokalnej domenie, modyfikowanie grup jest " "dozwolone tylko w lokalnej domenie\n" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "Członkowie grupy muszą być w tej samej domenie co grupa nadrzędna\n" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" "Nie można odnaleźć grupy %1$s w lokalnej domenie, tylko grupy w lokalnej " "domenie są dozwolone\n" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" "Nie można zmodyfikować grupy - proszę sprawdzić, czy nazwy członków grupy są " "poprawne\n" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" "Nie można zmodyfikować grupy - proszę sprawdzić, czy nazwa grupy jest " "poprawna\n" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "Błąd transakcji. Nie można zmodyfikować grupy.\n" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "%1$s%2$sGrupa: %3$s\n" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "Prywatne magic " #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "%1$sNumer GID: %2$d\n" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "%1$sUżytkownicy będący członkami: " #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" "\n" "%1$sJest członkiem: " #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" "\n" "%1$sGrupy będące członkami: " #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "Rekursywnie drukuje niebezpośrednich członków grupy" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "Proszę podać grupę do wyświetlenia\n" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" "Nie ma takiej grupy w lokalnej domenie. Drukowanie grup jest dozwolone tylko " "w lokalnej domenie.\n" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "Wewnętrzny błąd. Nie można wydrukować grupy.\n" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "Usuwa katalog domowy i bufor poczty" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "Nie usuwa katalogu domowego i bufora poczty" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "Wymusza usunięcie plików, których właścicielem nie jest użytkownik" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "Usuwa procesy użytkownika przed jego usunięciem" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "Proszę podać użytkownika do usunięcia\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" "Użytkownik %1$s jest poza określonym zakresem identyfikatorów dla domeny\n" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "Nie można przywrócić kontekstu loginu SELinuksa\n" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" "OSTRZEŻENIE: użytkownik (UID %1$lu) był zalogowany podczas jego usunięcia.\n" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "Nie można określić, czy użytkownik był zalogowany na tej platformie" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "Błąd podczas sprawdzania, czy użytkownik był zalogowany\n" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "Polecenie po usunięciu nie powiodło się: %1$s\n" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" "Katalog domowy nie zostanie usunięty - użytkownik nie jest właścicielem\n" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "Nie można usunąć katalogu domowego: %1$s\n" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" "Nie ma takiego użytkownika w lokalnej domenie. Usuwanie użytkowników jest " "dozwolone tylko w lokalnej domenie.\n" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "Wewnętrzny błąd. Nie można usunąć użytkownika.\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "GID użytkownika" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "Grupy, do których dodać tego użytkownika" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "Grupy, z których usunąć tego użytkownika" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Zablokowanie konta" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Odblokowanie konta" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "Proszę podać użytkownika do zmodyfikowania\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" "Nie można odnaleźć użytkownika w lokalnej domenie, modyfikowanie " "użytkowników jest dozwolone tylko w lokalnej domenie\n" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" "Nie można zmodyfikować użytkownika - proszę sprawdzić, czy nazwy grup są " "poprawne\n" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" "Nie można zmodyfikować użytkownika - czy użytkownik jest już członkiem " "grup?\n" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "Błąd transakcji. Nie można zmodyfikować użytkownika.\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "Żaden obiekt pamięci podręcznej nie pasuje do podanego wyszukiwania\n" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "Nie można unieważnić %1$s" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "Nie można unieważnić %1$s %2$s" #: src/tools/sss_cache.c:542 #, fuzzy msgid "Invalidate all cached entries except for sudo rules" msgstr "Unieważnia wszystkie wpisy w pamięci podręcznej oprócz reguł sudo" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "Unieważnia podanego użytkownika" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "Unieważnia wszystkich użytkowników" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "Unieważnia podaną grupę" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "Unieważnia wszystkie grupy" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "Unieważnia podaną grupę sieciową" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "Unieważnia wszystkie grupy sieciowe" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "Unieważnia podaną usługę" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "Unieważnia wszystkie usługi" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "Unieważnia podaną mapę autofs" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "Unieważnia wszystkie mapy autofs" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "Unieważnia wpisy tylko z podanej domeny" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "Proszę wybrać co najmniej jeden obiekt do unieważnienia\n" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" "Nie można otworzyć domeny %1$s. Jeśli domena jest poddomeną (zaufaną " "domeną), należy użyć w pełni kwalifikowanej nazwy zamiast parametru --" "domain/-d.\n" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "Nie można otworzyć dostępnych domen\n" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "\n" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "Podaje poziom debugowania do ustawienia\n" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "Oczekiwano tylko jednego parametru\n" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "Nazwa \"%1$s\" nie jest FQDN (ustawione jest \"%2$s = TRUE\")\n" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "Brak pamięci\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "%1$s musi zostać uruchomione jako root\n" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "" "Wysyła wyjście debugowania do plików, zamiast do standardowego wyjścia błędów" �������sssd-1.11.5/po/PaxHeaders.13173/eu.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015142� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954961.891874776 30 ctime=1396954962.531874303 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/eu.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000131426�12320753107�015373� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Asier Iturralde Sarasola <asier.iturralde@gmail.com>, 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Basque (http://www.transifex.com/projects/p/fedora/language/" "eu/)\n" "Language: eu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "Gutxienezko erabiltzaile IDa" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "Gehienezko erabiltzaile IDa" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "IPA domeinua" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "IPA zerbitzariaren helbidea" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "IPA bezeroaren ostalari-izena" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "FAST gaitzen du" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "entryUSN atributua" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "lastUSN atributua" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "UID atributua" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "UUID atributua" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "objectSID atributua" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Izen osoa" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "shadowLastChange atributua" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "shadowMin atributua" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "shadowMax atributua" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "shadowWarning atributua" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "shadowInactive atributua" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "shadowExpire atributua" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "shadowFlag atributua" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange atributua" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration atributua" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "ADren accountExpires atributua" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "ADren userAccountControl atributua" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "nsAccountLock atributua" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "Talde-izena" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "Taldearen pasahitza" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "GID atributua" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "Taldearen UUID atributua" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Shell lehenetsia, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "Inprimatu bertsio zenbakia eta irten" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "Arazketa maila" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "Gehitu arazketako data-zigiluak" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "" #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr "" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "Huts egin du pasahitza aldatzeak. " #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Pasahitz berria: " #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Berriz sartu pasahitz berria: " #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Pasahitza: " #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Uneko pasahitza: " #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "Pasahitza iraungita. Aldatu zure pasahitza orain." #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "Errorea gako publikoak bilatzean\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "Ostalarira konektatzeko erabiliko den ataka" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "Erabiltzailearen UIDa" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "Iruzkin katea" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Direktorio nagusia" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Taldeak" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Sortu erabiltzailearen direktorioa ez bada existitzen" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "Zehaztu gehitu beharreko erabiltzailea\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "Errorea tresnak hasieratzean - domeinu lokalik ez\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "Errorea tresnak hasieratzean\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "Baliogabeko domeinua zehaztu da FQDN-n\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "Barne errorea parametroak analizatzean\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "Taldeek erabiltzailearen domeinu berean egon behar dute\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "Ezin dira balio lehenetsiak ezarri\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "Hautatutako UIDa baimendutako bitartetik kanpo dago\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "Taldearen GIDa" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "Hautatutako UIDa baimendutako bitartetik kanpo dago\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "Zehaztu taldea ezabatzeko\n" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "Barne errorea. Ezin izan da taldea kendu.\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "%1$s%2$sTaldea: %3$s\n" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "%1$sGID zenbakia: %2$d\n" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Desblokeatu kontua" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "Baliogabetu erabiltzaile bat" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "Baliogabetu erabiltzaile guztiak" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "Baliogabetu talde bat" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "Baliogabetu talde guztiak" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "Baliogabetu zerbitzu bat" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "Baliogabetu zerbitzu guztiak" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "\n" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "" ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/ru.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015157� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954962.141874591 30 ctime=1396954962.542874295 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/ru.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000160672�12320753107�015415� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # Stanislav Hanzhin <hanzhin.stas@gmail.com>, 2012 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: jhrozek <jhrozek@redhat.com>\n" "Language-Team: Russian (http://www.transifex.com/projects/p/fedora/language/" "ru/)\n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "Установить подробность журнала отладки" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "Добавить отметки времени в журнал отладки" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "Записывать отладочные сообщения в файлы журнала" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "Тайм-аут ping до перезапуска службы" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "Команда для запуска службы" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "Количество попыток подключения к поставщикам данных" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "Запускаемые службы SSSD" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "Запускаемые домены SSSD" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "Тайм-аут для сообщений, отправленных через SBUS" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "Регулярное выражение для разбора имени пользователя и домена" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "Отображать полные имена в формате, совместимом с printf" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "" #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "Длина тайм-аута кэша перечисления (в секундах)" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "Тайм-аут фонового обновления элемента списка кэша (в секундах)" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "Отрицательная длина тайм-аута кэша (в секундах)" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "Пользователи, которых SSSD должен явно игнорировать " #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "Группы, которые SSSD должен явно игнорировать " #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "Должны ли отфильтрованные пользователи появляться в группах" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "Значение поля пароля, которое должен вернуть поставщик NSS" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" "Разрешённый интервал кэшированных входов между интерактивными входами (в " "днях)" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "Разрешённое количество неудачных попыток неинтерактивного входа" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" "Временной интервал (в минутах), в течение которого будет запрещён вход после " "достижения offline_failed_login_attempts" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Поставщик данных для идентификации" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Поставщик данных для проверки подлинности" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "Поставщик данных для контроля доступа" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "Поставщик операции смены пароля" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "Минимальный ID пользователя" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "Максимальный ID пользователя" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "Включить перечисление всех пользователей/групп" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "Кэшировать учётные данные для неинтерактивного входа" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "Хранить хеши паролей" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "Отображать пользователей/группы в полной форме" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "Тайм-аут элемента списка кэша (в секундах)" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Ограничивать или предпочитать определённое семейство адресов при выполнении " "запросов DNS" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Как долго хранить кэшированные элементы списка после последнего успешного " "входа (в днях)" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "Время ожидания ответа DNS при преобразовании имён серверов (секунд)" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "Доменная часть DNS-запроса поиска служб" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "Интерфейс, адрес которого будет использован для обновления DNS" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 msgid "How often should subdomains list be refreshed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "IPA-домен" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "адрес сервера IPA" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "имя узла клиента IPA" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "Если требуется автоматическое обновление записи в" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Имя сервера Kerberos" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Область действия Kerberos" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "Тайм-аут проверки подлинности" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "Каталог для хранения кэшей учётных данных" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "Расположения кэша учётных данных пользователей" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "Расположение keytab-файла для проверки учётных данных" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "Включить проверку учётных данных" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "" "При отсутствии соединения сохранить пароль и пройти аутентификацию позже" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI сервера LDAP " #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "Base DN по умолчанию" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "Bind DN по умолчанию" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "Тип маркера проверки подлинности для bind DN по умолчанию" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "Маркер проверки подлинности для bind DN по умолчанию" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "Временной интервал для попытки соединения" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Временной интервал для попытки синхронизации операций LDAP" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Временной интервал между попытками возобновления соединения в автономного " "режиме" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "Файл содержащий сертификаты CA" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "Путь к каталогу с сертификатами CA" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "Требуется проверка сертификата TLS" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "Укажите механизм sasl" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "Укажите идентификатор авторизации sasl" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "Keytab-файл службы Kerberos" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "Следовать ссылкам LDAP" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "Время жизни TGT для LDAP-соединений" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "Временной интервал, в течение которого ожидать поискового запроса" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "Временной интервал между обновлениями перечисления" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "Требовать TLS для запросов ID" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "Base DN для поиска" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "Глубина поиска" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "Фильтр поиска" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "Objectclass для пользователей" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "Атрибут «username»" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "Атрибут «UID»" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "Атрибут «primary GID»" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "Атрибут «GECOS»" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "Атрибут домашнего каталога" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "Атрибут оболочки" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "Атрибут «UUID»" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "Атрибут участника-пользователя (для Kerberos)" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Полное имя" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "Атрибут memberOf" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "Атрибут времени изменения" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "Политика вычисления окончания срока действия пароля" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "Фильтр LDAP для определения прав доступа" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "Разделённый запятыми список разрешённых пользователей" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "Разделённый запятыми список запрещённых пользователей" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Оболочка по умолчанию, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "Место для домашних каталогов" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "Имя используемой библиотеки NSS" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "Используемый стек PAM" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "Запускаться в качестве службы (по умолчанию)" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "Запускаться интерактивно (не службой)" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "Указать файл конфигурации" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "Уровень отладки" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "Добавить отладочные отметки времени" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "Открытый дескриптор файла для журналов отладки" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "Домен поставщика информации (обязательный)" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "" "Для привилегированного сокета установлен неверный владелец или права доступа." #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "" "Для общедоступного сокета установлен неверный владелец или права доступа." #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "" #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "" #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "" #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "Пароли не совпадают" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "" #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr ", срок действия вашего кэшированного пароль истечёт:" #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "" #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "Система находится в автономном режиме, невозможно сменить пароль" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "Не удалось сменить пароль." #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "Сообщение сервера:" #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Новый пароль:" #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Введите новый пароль ещё раз:" #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Пароль:" #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Текущий пароль:" #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "Срок действия пароля истёк. Необходимо сейчас изменить ваш пароль." #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "Уровень отладки для запуска" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "UID пользователя" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "Строка комментария" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Домашний каталог" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Исходная оболочка" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Группы" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Создать каталог пользователя, если он не существует" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "Укажите альтернативный скелетный каталог" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "Укажите добавляемого пользователя\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "Ошибка инициализации инструментов - не найден локальный домен\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "Ошибка инициализации инструментов\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "В FQDN указан неверный домен\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "При разборе параметров возникла внутренняя ошибка\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "Группы должны быть в том же домене, что и пользователь\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "Не удалось установить значения по умолчанию\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "Выбранный UID находится за пределами доступного диапазона\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "Не удалось получить информацию о пользователе\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "Домашний каталог пользователя уже существует, копирования данных из " "скелетной директории выполнено не будет\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "Для пользователя не удалось выделить ID - домен заполнен?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "Пользователь или группа с таким именем или ID уже существует\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "Ошибка в транзакции. Невозможно добавить пользователя.\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "GID группы" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "Укажите группу для добавления\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "Выбранный GID находится вне разрешённого диапазона\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "Не удалось выделить ID для группы - домен заполнен?\n" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "Группа с таким же именем или GID уже существует\n" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "Ошибка в транзакции. Не удалось добавить группу.\n" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "Укажите группу для удаления\n" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" "В локальном домене такой группы нет. Удаление групп разрешено только в " "локальном домене.\n" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "Внутренняя ошибка. Не удалось удалить группу.\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "Группы, к которым добавить эту группу" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "Группы, из которых удалить эту группу" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "Укажите группу для изменения\n" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" "Не удалось найти группу в локальном домене, изменение групп разрешено только " "в локальном домене\n" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" "Группы-участники должны быть в том же домене, что и родительская группа\n" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" "Не удалось изменить группу — проверьте правильность имён групп-участников\n" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "Не удалось изменить группу — проверьте правильность имени группы\n" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "Ошибка в транзакции. Не удалось изменить группу.\n" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "Magic Private" #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "" #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "Рекурсивно выводить непрямых участников группы" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "Укажите группу\n" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" "В локальном домене нет такой группы. Печать групп разрешена только в " "локальном домене.\n" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "Внутренняя ошибка. Невозможно напечатать группу.\n" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "Удалить домашний каталог и почтовую очередь" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "Не удалять домашний каталог и почтовую очередь" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "Принудительно удалять файлы, не принадлежащие пользователю" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "Укажите пользователя для удаления\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "" "Домашняя директория не удалена — пользователь не является её владельцем\n" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" "В локальном домене нет такого пользователя. Удаление пользователей разрешено " "только для локального домена.\n" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "Внутренняя ошибка. Не удалось удалить пользователя.\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "GID пользователя" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "Группы, к которым добавить этого пользователя" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "Группы, из которых удалить этого пользователя" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Заблокировать учётную запись" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Разблокировать учётную запись" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "Укажите пользователя для изменения\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" "Не удалось найти пользователя в локальном домене, изменение пользователей " "разрешено только в локальном домене\n" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "Не удалось изменить пользователя — проверьте правильность имён групп\n" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "Не удалось изменить пользователя — он уже является членом групп?\n" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "Ошибка в транзакции. Не удалось изменить пользователя.\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "" #: src/tools/sss_cache.c:542 msgid "Invalidate all cached entries except for sudo rules" msgstr "" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "Недостаточно памяти\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "Отправлять отладочные сообщения в файлы, а не в stderr" ����������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/insert-header.sin���������������������������������������������������0000644�0000000�0000000�00000000132�12320753476�017442� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954942.075889369 30 atime=1396954942.075889369 30 ctime=1396954962.524874308 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/insert-header.sin��������������������������������������������������������������������0000644�0024127�0024127�00000001240�12320753476�017664� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Sed script that inserts the file called HEADER before the header entry. # # At each occurrence of a line starting with "msgid ", we execute the following # commands. At the first occurrence, insert the file. At the following # occurrences, do nothing. The distinction between the first and the following # occurrences is achieved by looking at the hold space. /^msgid /{ x # Test if the hold space is empty. s/m/m/ ta # Yes it was empty. First occurrence. Read the file. r HEADER # Output the file's contents by reading the next line. But don't lose the # current line while doing this. g N bb :a # The hold space was nonempty. Following occurrences. Do nothing. x :b } ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/hu.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015305� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.358874431 30 atime=1396954962.358874431 30 ctime=1396954962.553874287 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/hu.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000015223�12320753522�015537� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000����������������������������������������������������������������������������������������������������������������������������������������������������������������������������J������l��e���������P��'���Q�����y��3�����%����� �������� �����!��#���8�����\�����|��,���������������+�����$�����"���A��,���d�� ���������� ���������������)������������� ��8��� �����Y �� ���m �����x ��'��� ����� ����� ��)��� ��$��� �����) �� ���: �����F �����V ��/���f ����� ����� ����� ��+��� ��(��� �� ���" �����- �����D ��$���[ ����� ����� ����� ����� ����� ��!��� ����� �����& �����> ��/���T ����� ����� ��2��� ����� ����� ����� ��.��� ��'���K ��*���s ����� ����� ��D��� ��(�����$���.�����S����f��.�����(���K��2���t��.��������������������7���/��9���g��*�����<�������� ��!�����:���>��6���y��(�����:����� �������� �� ���2�����?�� ���P��/���Z��5����������B�������������*�����9��E���P������������?�����+��������2�����C��%���W��$���}��-����� ����������*�����)�����9���H�� ��������������������#�����#��������#�����?�����Q��)���c��%�����)����������G��������@�����Q��1���f������� ����������7�����F���$��?���k������������Z�����4���(�� ���]�����~�����.���/���E��������������'���$������D��� �����������I��� ���?������G�������������� ��������������8���(�������4���A������#���<���%�������>���1���C�������5���:��� ���,���*������������������-������B���7�������=���6���H���@���������;������!���+�������9������"��������������� �������2��� ���)���J�������������F�����������������������3���0���������������������������������&�����������, your cached password will expire at: �Add debug timestamps�An error occurred, but no description can be found.�Authenticated with cached credentials�Authentication is denied until: �Authentication provider�Authentication timeout�Cache credentials for offline login�Cannot get info about the user �Cannot set default values �Create user's directory if it does not exist�Current Password: �Default shell, /bin/bash�Do not remove home directory and mail spool�Entry cache timeout length (seconds)�File that contains CA certificates�Force removal of files not owned by the user�Full Name�GECOS attribute�Group name�Group password�Groups�Groups that SSSD should explicitly ignore�Groups to add this user to�Home directory�How many failed logins attempts are allowed when offline�IPA client hostname�IPA domain�IPA server address�Internal error. Could not remove user. �Kerberos realm�Kerberos server address�Kill users' processes before removing him�Length of time to attempt connection�Lock the account�Login shell�Maximum user ID�Minimum user ID�Never create user's directory, overrides config�New Password: �Out of memory �Password change failed. �Password expired. Change your password now.�Password reset by root is not supported.�Password: �Passwords do not match�Reenter new Password: �Require TLS certificate verification�Require TLS for ID lookups�SSSD Services to start�SSSD is not run by root.�Server message: �Shell attribute�Show timestamps with microseconds�Specify user to delete �Specify user to modify �Store password hashes�System is offline, password change not possible�The GID of the group�The GID of the user�The Schema Type in use on the LDAP server, rfc2307�The UID of the user�The default base DN�The default bind DN�The selected UID is outside the allowed range �Transaction error. Could not add user. �Transaction error. Could not modify user. �UUID attribute�Unlock the account�User's home directory already exists, not copying data from skeldir �Users that SSSD should explicitly ignore�ldap_uri, The URI of the LDAP server�memberOf attribute�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Hungarian (http://www.transifex.com/projects/p/fedora/language/hu/) Language: hu MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); �, a gyorsítótárazott jelszó lejár ekkor: �Időbélyegek a hibakeresési kimenetben�Hiba lépett fel, de nem érhetőek el részletek.�Azonosítva gyorsítótárazott adatbázisból�A bejelentkezés tiltott eddig:�Azonosító-kiszolgáló�Időtúllépés azonosításkor�Azonosítók gyorsítótárazása offline használathoz�Nem áll rendelkezésre információ a felhasználóról �Nem lehet beállítani az alapértékeket �Felhasználó könyvtárának létrehozása, ha nem létezik�Jelenlegi jelszó:�Alapértelmezett shell, /bin/bash�Ne törölje a saját könyvtárat és a helyi levelezést�Bejegyzés-gyorsítótár érvényessége (másodperc)�A CA tanusítványokat tartalmazó fájl�Nem a felhasználó tulajdonában lévő fájlok törlése�Teljes név�GECOS attribútum�Csoport neve�Csoport jelszava�Csoportok�SSSD által figyelmen kívül hagyott csoportok�Felhasználó hozzáadása a következő csoportokhoz�Saját könyvtár�Hány sikertelen bejelentkezés engedélyezett offline állapotban�IPA kliens hosztneve�IPA-tartomány�IPA kiszolgáló címe�Belső hiba történt, nem lehetett eltávolítani a felhasználót. �Kerberos-tartomány�Kerberos-kiszolgáló címe�Felhasználó programjainak kilövése az eltávolítás előtt�A kapcsolódási próbálkozás időtartama�Fiók zárolása�Bejelentkező shell�Legnagyobb felhasználói azonosító�Legkisebb felhasználói azonosító�Ne hozza létre a felhasználó könyvtárát�Új jelszó:�Elfogyott a memória �A jelszó megváltoztatása nem sikerült.�A jelszava lejárt, változtass meg most.�A jelszó root általi visszaállítása nem támogatott.�Jelszó: �A jelszavak nem egyeznek�Jelszó mégegyszer: �TLS tanusítvány ellenőrzése�TLS megkövetelése ID keresésekor�Elindítandó SSSD szolgáltatások�Az SSSD nem root-ként fut.�Szerver üzenete:�Shell attribútum�Mikroszekundum pontosságú időbélyegek�Adja meg a törlendő felhasználót �Adja meg a módosítandó felhasználót �Jelszó hash-ek tárolása�A rendszer nem érhető el, a jelszó megváltoztatása nem lehetséges�A csoport GID-je�Felhasználó GID-je�Az LDAP szerveren használt séma-típus, rfc2307�A felhasználó UID-je�Alapértelmezett LDAP alap-DN-je�Az alapértelmezett bind DN�A megadott UID kívül esik a megengedett tartományon �Tranzakcióhiba történt, nem lehetett létrehozni a felhasználót. �Tranzakcióhiba történt, a felhasználó nem módosítható. �UUID attribútum�Fiók feloldása�A felhasználó könyvtára már létezik, a skel könyvtár tartalmát nem másolom bele �SSSD által figyelmen kívül hagyott felhasználók�ldap_uri, az LDAP szerver URI-ja�memberOf attribútum������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/id.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015265� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.369874423 30 atime=1396954962.368874423 30 ctime=1396954962.554874286 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/id.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000025133�12320753522�015520� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000����������������������������������������������������������������������������������������������������������������������������������������������������������������������������n�����������������P ��1���Q ��8��� ����� ����� ��T��� ��R���A ����� ����� ��%��� ��(��� ����� ��3���7 ��2���k ��7��� ��A��� ��9��� ��7���R ��,��� ����� ����� ��+��� ����� �����- ��,���E �� ���r �����| ����� ��*��� ��)��� ����� ����������#�����2�����K�� ���_�����j�����}�� �����(�����(�����'�����!���*�����L�����[�����s��:�����$�����5��������!�� ���2�����>��9���N������������/����������M�����K���A��*�����7�����������������������.�� ���G�����R�����i�������$�����$������������������ �����#��&���4�����[��&���k��)���������������(�����!��������6�����K�����c��/���{������������2���������������.���.��.���]��>�����(�����'�����+�����*���H�� ���s������������%�����'�����D��������6��(���I�� ���r��$��������������.���{��;���������������e�����p���w��-�����%�����@���<��F���}�������9�����=�����D���[��L�����H�����L���6��&���������������*�����%��������)��:���C�� ���~�� ����������9�����.�����%�����#���-�����Q�����`�����w�� ���������������&�����5�����0��� ��4���I ��.���~ ����� ����� ����� ��?��� ��#���+!��5���O!�� ���!�� ���!�����!��S���!�����"�����"��8���2"�����k"��c���}"��k���"��8���M#��B���#�����#�����#�����#�����$�� ���/$�����;$�����R$�����e$��$���$��%���$�����$�����$�����%�� ���#%��(���1%�� ���Z%��1���h%��&���%�� ���%��!���%��)���&��&���.&��$���U&��$���z&��%���&��=���&�����'�� ��� '��4���'�����N'�����`'��7���p'��7���'��@���'��3���!(��7���U(��3���(��8���(�� ���(�� ���)�����)��.���#)��'���R)��J���z)�����)��2���)��!���*�����0*�����J*�����m���=����������c�������V���"�������������:�������E���T������2����������`���P���b������C���N���6���@�������������� ���l���i���3����������%���W���K�����������.�������Z���)�������������<���M���������������B���F������d�������]�������+���1���Q���j�����������^������ ���?����������O�����������_���k���$�������!����������� �������h������5�������;���,���\���*���/���U���A��� ������� ������S���[�����������4������� ���������������>���R���Y���I������(������-�������7���a������G����������L���0���9������f���g���#���J���e���&���X���D������H������8����������n���'������������������A group with the same name or GID already exists �A user or group with the same name or ID already exists �Access control provider�Authentication provider�Cannot find group in local domain, modifying groups is allowed only in local domain �Cannot find user in local domain, modifying users is allowed only in local domain �Cannot get info about the user �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the group - domain full? �Could not allocate ID for the user - domain full? �Could not modify group - check if groupname is correct �Could not modify group - check if member group names are correct �Could not modify user - check if group names are correct �Could not modify user - user already member of groups? �Create user's directory if it does not exist�Current Password: �Default shell, /bin/bash�Do not remove home directory and mail spool�Error initializing the tools �Filter for user lookups�Force removal of files not owned by the user�Full Name�GECOS attribute�Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Groups to add this user to�Groups to remove this user from�Home directory�Home directory attribute�IPA client hostname�IPA domain�IPA server address�Identity provider�Include timestamps in debug logs�Internal error while parsing parameters �Internal error. Could not remove group. �Internal error. Could not remove user. �Invalid domain specified in FQDN �Kerberos realm�Kerberos server address�Kerberos service keytab�Length of time between attempts to reconnect while offline�Length of time to attempt connection�Length of time to attempt synchronous LDAP operations�Lock the account�Login shell�Maximum user ID�Member groups must be in the same domain as parent group �Minimum user ID�Modification time attribute�Never create user's directory, overrides config�New Password: �No such group in local domain. Removing groups only allowed in local domain. �No such user in local domain. Removing users only allowed in local domain. �Not removing home dir - not owned by user �Number of times to attempt connection to Data Providers�Objectclass for users�Out of memory �Password change failed. �Password change provider�Password: �Passwords do not match�Primary GID attribute�Reenter new Password: �Remove home directory and mail spool�Require TLS certificate verification�SSSD Domains to start�SSSD Services to start�Scope of user lookups�Server message: �Set the verbosity of the debug logging�Shell attribute�Should filtered users appear in groups�Specify an alternative skeleton directory�Specify group to add �Specify group to modify �Specify the sasl authorization id to use�Specify the sasl mechanism to use�Specify user to add �Specify user to delete �Specify user to modify �System is offline, password change not possible�The GID of the group�The GID of the user�The Schema Type in use on the LDAP server, rfc2307�The UID of the user�The comment string�The selected GID is outside the allowed range �The selected UID is outside the allowed range �The value of the password field the NSS provider should return�Transaction error. Could not add group. �Transaction error. Could not add user. �Transaction error. Could not modify group. �Transaction error. Could not modify user. �UID attribute�UUID attribute�Unlock the account�Use Kerberos auth for LDAP connection�User principal attribute (for Kerberos)�User's home directory already exists, not copying data from skeldir �Username attribute�Users that SSSD should explicitly ignore�Write debug messages to logfiles�ldap_uri, The URI of the LDAP server�memberOf attribute�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Indonesian (http://www.transifex.com/projects/p/fedora/language/id/) Language: id MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; �Grup dengan nama atau GID yang sama sudah ada �Pengguna atau grup dengan nama atau ID yang sama sudah ada �Penyedia kontrol akses�Penyedia otentikasi�Tidak dapat menemukan grup di domain lokal, memodifikasi grup hanya diperbolehkan dalam domain lokal �Tidak dapat menemukan pengguna dalam domain lokal, memodifikasi pengguna hanya diperbolehkan dalam domain lokal �Tidak bisa mendapatkan info tentang pengguna �Tidak dapat menetapkan nilai default �Daftar pengguna yang diijinkan dalam format yang dipisahkan koma�Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma�Perintah untuk memulai layanan�Tidak dapat mengalokasikan ID untuk grup - domain penuh? �Tidak dapat mengalokasikan ID untuk pengguna - domain penuh? �Tidak bisa memodifikasi grup - periksa apakah groupname sudah benar �Tidak bisa memodifikasi grup - periksa apakah nama grup anggota sudah benar �Tidak bisa memodifikasi pengguna - periksa apakah nama grup sudah benar �Tidak bisa memodifikasi pengguna - pengguna sudah menjadi anggota kelompok? �Buat direktori pengguna jika tidak ada�Kata sandi saat ini:�Shell default, /bin/bash�Jangan hapus direktori home dan spool mail�Gagal saat menginisialisasi perkakas �Filter pencarian pengguna�Paksa penghapusan berkas yang tidak dimiliki oleh pengguna�Nama Lengkap�Atribut GECOS�Grup�Grup harus berada dalam domain yang sama dengan pengguna �Grup yang diabaikan secara eksplisit oleh SSSD�Pengguna ini akan ditambahkan ke grup�Pengguna ini akan dihapus dari grup�Direktori Home�Atribut direktori Home�Nama host klien IPA�Domain IPA�Alamat server IPA�Penyedia identitas�Sertakan cap waktu di pencatatan debug�Terjadi kesalahan internal ketika mengurai parameter �Kesalahan internal. Tidak dapat menghapus grup. �Kesalahan internal. Tidak dapat menghapus pengguna. �Domain yang ditentukan dalam FQDN tidak valid �Realm Kerberos�Alamat server Kerberos�Keytab layanan Kerberos�Lamanya waktu antara upaya untuk menyambung kembali saat luring�Lamanya waktu untuk mencoba koneksi�Lamanya waktu untuk mencoba operasi LDAP yang sinkron�Kunci akun�Shell login�ID pengguna maksimum�Anggota kelompok harus berada dalam domain yang sama sebagaimana kelompok induknya �ID pengguna minimum�Atribut waktu modifikasi�Jangan pernah buat direktori pengguna, timpa konfigurasi�Kata Sandi Baru: �Tidak ada grup seperti itu di domain lokal. Menghapus grup hanya diperbolehkan dalam domain lokal. �Tidak ada pengguna seperti itu di domain lokal. Menghapus pengguna hanya diperbolehkan dalam domain lokal. �Tidak menghapus home dir - tidak dimiliki oleh pengguna �Jumlah usaha yang dilakukan untuk mencoba koneksi ke Penyedia Data�Objectclass untuk pengguna�Kehabisan memori �Perubahan kata sandi gagal.�Penyedia pengubah kata sandi�Kata sandi:�Kata sandi tidak cocok�Atribut GID Primer�Masukkan lagi kata sandi baru:�Hapus direktori home, dan spool mail�Membutuhkan verifikasi sertifikat TLS�Domain SSSD akan dijalankan�Layanan SSSD akan dijalankan�Lingkup pencarian pengguna�Pesan server:�Mengatur verbosity dari pencatatan debug�Atribut Shell�Haruskah pengguna yang disaring muncul dalam grup�Tentukan direktori kerangka alternatif�Tentukan grup untuk ditambahkan �Tentukan grup untuk dimodifikasi �Tentukan id otorisasi sasl yang digunakan�Tentukan mekanisme sasl yang digunakan�Tentukan pengguna untuk ditambahkan �Tentukan pengguna yang akan dihapus �Tentukan pengguna untuk dimodifikasi �Sistem sedang luring, perubahan kata sandi tidak dimungkinkan�GID grup�GID pengguna�Jenis Skema yang digunakan pada server LDAP, rfc2307�UID dari pengguna�String komentar�GID yang dipilih berada di luar rentang yang diizinkan �UID yang dipilih berada di luar rentang yang diizinkan �Nilai kolom kata sandi yang harus dikembalikan oleh penyedia NSS�Kesalahan transaksi. Tidak dapat menambahkan grup. �Kesalahan transaksi. Tidak dapat menambahkan pengguna. �Kesalahan transaksi. Tidak bisa memodifikasi grup. �Kesalahan transaksi. Pengguna tidak dapat dimodifikasi. �Atribut UID�Atribut UUID�Buka kunci akun�Gunakan otentikasi Kerberos untuk koneksi LDAP�Atribut utama pengguna (untuk Kerberos)�Direktori home milik pengguna sudah ada, tidak menyalin data dari skeldir �Atribut Nama pengguna�Pengguna yang diabaikan secara eksplisit oleh SSSD�Menulis pesan debug ke berkas log�ldap_uri, URI server LDAP�Atribut memberOf��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/eu.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015302� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.324874456 30 atime=1396954962.323874457 30 ctime=1396954962.551874288 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/eu.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000012345�12320753522�015536� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000����������������������������������������������������������������������������������������������������������������������������������������������������������������������������D������<��a���\�������������������������������#��,���>�����k�� ���~������� ����������/���������� ����� ���&�����4�� ���I�����T�����c��*���j������������ ����������(�����(�����!���(�����J�����`�����x������������������������������ ����� ��+���* �� ���V �����a ����� ����� ����� ����� ����� ����� ��&���� ��.���' ��.���V �� ��� ����� ����� ����� ����� ����� ����� �����" �����4 �����L �����` �����w ����� ����� ����� ����� ����� ��"���� ����# ����� ����� ����� �������#���&��5���J���������������������������2�����!����� ���@�� ���J�����X�� ���q�����}�������8��������������� ����������'���,��*���T��'��������������� ������������������.�����K�����g�������"�����1����� �����$�������������;��'���V�����~������� �����+�����4�����4����� ���G�����U�����d�����w�����������������������������������"�����9�����N�����g�����������������"������������.��� ���$�����������������"����������D�������4������ ������B���,���7���A��� ����������5�����������3���������)���/������%���-���������2������C�����������1������������������+�������&������6�����������������*�������;������:�������?�����������!���<��� ����������@���(���8�������0�����������������#�����������������'�������=�������>������9��� ��������� �������� �%1$s%2$sGroup: %3$s �%1$sGID number: %2$d �Add debug timestamps�Cannot set default values �Create user's directory if it does not exist�Current Password: �Debug level�Default shell, /bin/bash�Enables FAST�Error initializing the tools �Error initializing the tools - no local domain �Error looking up public keys �Full Name�GID attribute�Group UUID attribute�Group name�Group password�Groups�Groups must be in the same domain as user �Home directory�IPA client hostname�IPA domain�IPA server address�Internal error while parsing parameters �Internal error. Could not remove group. �Invalid domain specified in FQDN �Invalidate all groups�Invalidate all services�Invalidate all users�Invalidate particular group�Invalidate particular service�Invalidate particular user�Maximum user ID�Minimum user ID�New Password: �Password change failed. �Password expired. Change your password now.�Password: �Print version number and exit�Reenter new Password: �Specify group to delete �Specify user to add �The GID of the group�The UID of the user�The comment string�The port to use to connect to the host�The selected GID is outside the allowed range �The selected UID is outside the allowed range �UID attribute�UUID attribute�Unlock the account�accountExpires attribute of AD�entryUSN attribute�krbLastPwdChange attribute�krbPasswordExpiration attribute�lastUSN attribute�nsAccountLock attribute�objectSID attribute�shadowExpire attribute�shadowFlag attribute�shadowInactive attribute�shadowLastChange attribute�shadowMax attribute�shadowMin attribute�shadowWarning attribute�userAccountControl attribute of AD�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Basque (http://www.transifex.com/projects/p/fedora/language/eu/) Language: eu MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); � �%1$s%2$sTaldea: %3$s �%1$sGID zenbakia: %2$d �Gehitu arazketako data-zigiluak�Ezin dira balio lehenetsiak ezarri �Sortu erabiltzailearen direktorioa ez bada existitzen�Uneko pasahitza: �Arazketa maila�Shell lehenetsia, /bin/bash�FAST gaitzen du�Errorea tresnak hasieratzean �Errorea tresnak hasieratzean - domeinu lokalik ez �Errorea gako publikoak bilatzean �Izen osoa�GID atributua�Taldearen UUID atributua�Talde-izena�Taldearen pasahitza�Taldeak�Taldeek erabiltzailearen domeinu berean egon behar dute �Direktorio nagusia�IPA bezeroaren ostalari-izena�IPA domeinua�IPA zerbitzariaren helbidea�Barne errorea parametroak analizatzean �Barne errorea. Ezin izan da taldea kendu. �Baliogabeko domeinua zehaztu da FQDN-n �Baliogabetu talde guztiak�Baliogabetu zerbitzu guztiak�Baliogabetu erabiltzaile guztiak�Baliogabetu talde bat�Baliogabetu zerbitzu bat�Baliogabetu erabiltzaile bat�Gehienezko erabiltzaile IDa�Gutxienezko erabiltzaile IDa�Pasahitz berria: �Huts egin du pasahitza aldatzeak. �Pasahitza iraungita. Aldatu zure pasahitza orain.�Pasahitza: �Inprimatu bertsio zenbakia eta irten�Berriz sartu pasahitz berria: �Zehaztu taldea ezabatzeko �Zehaztu gehitu beharreko erabiltzailea �Taldearen GIDa�Erabiltzailearen UIDa�Iruzkin katea�Ostalarira konektatzeko erabiliko den ataka�Hautatutako UIDa baimendutako bitartetik kanpo dago �Hautatutako UIDa baimendutako bitartetik kanpo dago �UID atributua�UUID atributua�Desblokeatu kontua�ADren accountExpires atributua�entryUSN atributua�krbLastPwdChange atributua�krbPasswordExpiration atributua�lastUSN atributua�nsAccountLock atributua�objectSID atributua�shadowExpire atributua�shadowFlag atributua�shadowInactive atributua�shadowLastChange atributua�shadowMax atributua�shadowMin atributua�shadowWarning atributua�ADren userAccountControl atributua��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/zh_TW.gmo�����������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015724� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.507874321 30 atime=1396954962.506874321 30 ctime=1396954962.564874279 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/zh_TW.gmo����������������������������������������������������������������������������0000664�0024127�0024127�00000024120�12320753522�016152� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000����������������������������������������������������������������������������������������������������������������������������������������������������������������������������m�����������������@ ��'���A ��1���i ��8��� ����� ����� ����� ����� �����0 ��#���J ��T���n ��R��� ����� �����6 ��%���Q ��(���w ����� ��3��� ��2��� ��7��� ��9���X ��7��� ��,��� ����� �� ��� ����� ��$���/ �����T ��#���q ����� ��/��� ����� ��,��� �� ���*�����4��*���;��)���f������������ ��������������� �����(�����'���-��(���U��'���~��!����������+�����.��� ��'���;�����c�� ���t������������9����������/����������M���(��M���v��K�����*��������;�����J�����[�����t��+����� ����������*�����(��������/��"���F��$���i�����������������0�������� ��&�����!���C��)���e����������������������(�����!��������9�����N�����f��/���~����������������������"�����.���!��.���P��(�����'�����+�����*��������'��D���:��(����� ���������*�����)�����.�������� ����������8�� ���H�����U��$���q��L�����R�����+���6�����b��<���y��?����������+��� ��.���8��7���g��:�����C�����0��������O�� ���b�����o������������'����������4�����"���4��0���W������������1����� ����� ���������� ��� ����������,��$���<��%���a��%�����%�����(�����%��������" ��!���; ��$���] ����� ����� ����� �� ��� ����� ��:��� �����"!��0���8!�� ���i!��R���v!��U���!��[���"��4���{"�����"�����"�����"�����"��0���#�� ���6#�����@#��!���P#��$���r#�����#��6���#�����#��'���#�����'$�����@$��0���Y$�����$��0���$�����$�����$�����%����� %�����:%�����T%��!���n%�����%�����%�����%�����%��*���&�� ���1&�����?&�����P&�� ���a&�� ���n&��'���&��'���&��1���&��4���'��1���F'��4���x'�����'��F���'��#��� (�����1(������������P��� ���i�������]���b�������������>�������J���[��� ���5������m���f���U���-��� ������R���:���W���"���+����������M���k���6��� �������)���^���2�������=���G���F�������.����������!���@�������B�������������������������V���d���X���0�������������������4������g������A�������������� ���\�������H���(�������&���c���������������������9�������?�������3���/���C������D������j����������I���a�����������8���h������l���E�������S���Y���`���Z������,���%���1���K�����������O��� ���$�������T���_���<���#���7�������'����������*���L����������N������;���e���Q�������������������������, your cached password will expire at: �A group with the same name or GID already exists �A user or group with the same name or ID already exists �Access control provider�Add debug timestamps�Authentication provider�Authentication timeout�Become a daemon (default)�Cache credentials for offline login�Cannot find group in local domain, modifying groups is allowed only in local domain �Cannot find user in local domain, modifying users is allowed only in local domain �Cannot get info about the user �Cannot set default values �Comma separated list of allowed users�Comma separated list of prohibited users�Command to start service�Could not allocate ID for the group - domain full? �Could not allocate ID for the user - domain full? �Could not modify group - check if groupname is correct �Could not modify user - check if group names are correct �Could not modify user - user already member of groups? �Create user's directory if it does not exist�Current Password: �Debug level�Default shell, /bin/bash�Directory to store credential caches�Enable credential validation�Enable enumerating all users/groups�Error initializing the tools �Error initializing the tools - no local domain �Error setting the locale �Force removal of files not owned by the user�Full Name�Groups�Groups must be in the same domain as user �Groups that SSSD should explicitly ignore�Home directory�IPA client hostname�IPA domain�IPA server address�Identity provider�Include timestamps in debug logs�Internal error while parsing parameters �Internal error. Could not print group. �Internal error. Could not remove group. �Internal error. Could not remove user. �Invalid domain specified in FQDN �Kerberos server address�Length of time to wait for a search request�Location of the keytab to validate credentials�Location of the user's credential cache�Lock the account�Login shell�Magic Private �Maximum user ID�Member groups must be in the same domain as parent group �Minimum user ID�Never create user's directory, overrides config�New Password: �No such group in local domain. Printing groups only allowed in local domain. �No such group in local domain. Removing groups only allowed in local domain. �No such user in local domain. Removing users only allowed in local domain. �Not removing home dir - not owned by user �Out of memory �PAM stack to use�Password change failed. �Password change provider�Password expired. Change your password now.�Password: �Passwords do not match�Policy to evaluate the password expiration�Print indirect group members recursively�Reenter new Password: �Regex to parse username and domain�Require TLS certificate verification�Run interactive (not a daemon)�SSSD Domains to start�SSSD Services to start�Send the debug output to files instead of stderr�Server message: �Should filtered users appear in groups�Specify a non-default config file�Specify an alternative skeleton directory�Specify group to add �Specify group to delete �Specify group to modify �Specify group to show �Specify the sasl authorization id to use�Specify the sasl mechanism to use�Specify user to add �Specify user to delete �Specify user to modify �System is offline, password change not possible�The GID of the group�The GID of the user�The UID of the user�The comment string�The name of the NSS library to use�The selected GID is outside the allowed range �The selected UID is outside the allowed range �Transaction error. Could not add group. �Transaction error. Could not add user. �Transaction error. Could not modify group. �Transaction error. Could not modify user. �Unlock the account�User's home directory already exists, not copying data from skeldir �Users that SSSD should explicitly ignore�Write debug messages to logfiles�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/fedora/language/zh_TW/) Language: zh_TW MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; �,您快取的密碼將在此刻過期:�已經存在相同名稱的群組或 GID �已經存在相同名稱的使用者或群組 �存取控制提供者�加入除錯時間戳記�認證提供者�認證逾時�作為幕後程式 (預設)�供離線登入使用的快取憑證�在本機網域內找不到群組,只許可在本機網域內修改群組 �在本機網域內找不到使用者,只許可在本機網域內修改使用者 �無法取得關於這位使用者的資訊 �無法設定預設值 �許可的使用者清單,請使用半形逗號作為分隔�被禁止的使用者清單,請使用半形逗號作為分隔�啟動服務的指令�無法為群組分配 ID - 網域已滿? �無法為使用者分配 ID - 網域已滿? �無法修改群組 - 請檢查群組名稱是否正確 �無法修改使用者 - 請檢查群組名稱是否正確 �無法修改使用者 - 使用者是否已經是群組的成員? �如果使用者的目錄不存在便將它建立�目前的密碼:�除錯層級�預設 shell,/bin/bash�儲存憑證快取的目錄�啟用憑證驗證�啟用所有使用者或群組的列舉�初始化工具時發生錯誤 �初始化工具時發生錯誤 - 沒有本機網域 �設定區域設置時發生錯誤 �強制檔案的移除並非由使用者所擁有�全名�群組�群組必須位於與使用者相同的網域內 �SSSD 應該明確忽略的群組�家目錄�IPA 客戶端主機名稱�IPA 網域�IPA 伺服器位址�身分提供者�在除錯日誌內加入時間戳記�當解析參數時發生內部錯誤 �內部錯誤。無法列出群組。 �內部錯誤。無法移除群組。 �內部錯誤。無法移除使用者。 �在 FQDN 內指定了無效的網域 �Kerberos 伺服器位址�搜尋請求的等候時間長度�驗證憑證用的金鑰表格位置�使用者憑證快取的位置�鎖住這個帳號�登入用 shell�魔法隱私�最大的使用者 ID�成員群組必須位於與親代群組相同的網域內 �最小的使用者 ID�永遠不建立使用者的目錄,凌駕配置�新密碼:�本機網域內沒有這樣的群組。只許可在本機網域內列出群組。 �在本機網域內沒有這樣的群組。只許可在本機網域內移除群組。 �在本機網域內沒有這樣的使用者。只許可在本機網域內移除使用者。 �不會移除家目錄 - 並非由使用者所擁有 �記憶體耗盡 �要使用的 PAM 堆疊�密碼變更失敗。�密碼變更提供者�密碼已過期。請立刻變更您的密碼。�密碼:�密碼不相符�評估密碼過期時效的策略�遞迴地列出間接的群組成員�再次輸入新密碼:�用來解析使用者名稱與網域的正規表示式�需要 TLS 憑證驗證�以互動方式執行 (非幕後程式)�要啟動的 SSSD 網域�要啟動的 SSSD 服務�傳送除錯輸出到檔案而不是標準輸出�伺服器訊息:�過濾的使用者是否應該顯現在群組內�指定非預設的配置檔�指定替代的骨幹目錄�指定要加入的群組 �指定要刪除的群組 �指定要修改的群組 �指定要顯示的群組 �指定要使用的 sasl 認證 id�指定要使用的 sasl 機制�指定要加入的使用者 �指定要刪除的使用者 �指定要修改的使用者 �系統已離線,不可能作密碼變更�群組的 GID�使用者的 GID�使用者的 UID�註解字串�要使用的 NSS 函式庫名稱�所選的 GID 位於許可的範圍外 �所選的 UID 位於許可的範圍外 �處理事項發生錯誤。無法加入群組。 �處理事項發生錯誤。無法加入使用者。 �處理事項發生錯誤。無法修改群組。 �處理事項發生錯誤。無法修改使用者。 �解除這個帳號的鎖�使用者的家目錄已經存在,不會從骨幹目錄複製資料 �SSSD 應該明確忽略的使用者�將除錯訊息寫入日誌檔�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/uk.po���������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015150� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954962.228874527 30 ctime=1396954962.547874291 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/uk.po��������������������������������������������������������������������������������0000664�0024127�0024127�00000233665�12320753107�015411� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR Red Hat, Inc. # This file is distributed under the same license as the PACKAGE package. # # Translators: # sgallagh <sgallagh@redhat.com>, 2011 # Yuri Chornoivan <yurchor@ukr.net>, 2011-2013 # Yuri Chornoivan <yurchor@ukr.net>, 2013 msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2014-04-08 12:56+0200\n" "PO-Revision-Date: 2013-11-20 12:56+0000\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian (http://www.transifex.com/projects/p/fedora/" "language/uk/)\n" "Language: uk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #: src/config/SSSDConfig/__init__.py.in:39 msgid "Set the verbosity of the debug logging" msgstr "Встановити рівень докладності діагностичних записів журналу" #: src/config/SSSDConfig/__init__.py.in:40 msgid "Include timestamps in debug logs" msgstr "Додати до діагностичних журналів позначки часу" #: src/config/SSSDConfig/__init__.py.in:41 msgid "Include microseconds in timestamps in debug logs" msgstr "Включати мілісекунди до часових позначок у журналах" #: src/config/SSSDConfig/__init__.py.in:42 msgid "Write debug messages to logfiles" msgstr "Записувати діагностичні повідомлення до файлів журналу" #: src/config/SSSDConfig/__init__.py.in:43 msgid "Ping timeout before restarting service" msgstr "Час очікування відповіді на пінг перед перезапуском служби" #: src/config/SSSDConfig/__init__.py.in:44 msgid "" "Timeout between three failed ping checks and forcibly killing the service" msgstr "" "Час очікуванням між трьома послідовними невдалими спробами перевірки луна-" "імпульсом і примусовим завершенням роботи служби" #: src/config/SSSDConfig/__init__.py.in:45 msgid "Command to start service" msgstr "Команда запуску служби" #: src/config/SSSDConfig/__init__.py.in:46 msgid "Number of times to attempt connection to Data Providers" msgstr "Кількість повторних спроб встановлення з’єднання з надавачами даних" #: src/config/SSSDConfig/__init__.py.in:47 msgid "The number of file descriptors that may be opened by this responder" msgstr "Кількість дескрипторів файлів, які може бути відкрито цим відповідачем" #: src/config/SSSDConfig/__init__.py.in:48 msgid "Idle time before automatic disconnection of a client" msgstr "" "Проміжок бездіяльності до автоматичного від’єднання клієнтської частини" #: src/config/SSSDConfig/__init__.py.in:51 msgid "SSSD Services to start" msgstr "Служби SSSD, які слід запустити" #: src/config/SSSDConfig/__init__.py.in:52 msgid "SSSD Domains to start" msgstr "Домени SSSD, які слід запустити" #: src/config/SSSDConfig/__init__.py.in:53 msgid "Timeout for messages sent over the SBUS" msgstr "Час очікування для повідомлень, надісланих за допомогою SBUS" #: src/config/SSSDConfig/__init__.py.in:54 msgid "Regex to parse username and domain" msgstr "Формальний вираз для обробки імені користувача і домену" #: src/config/SSSDConfig/__init__.py.in:55 msgid "Printf-compatible format for displaying fully-qualified names" msgstr "Сумісний з printf формат показу повних назв" #: src/config/SSSDConfig/__init__.py.in:56 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" "Каталог у файловій системі, де SSSD має зберігати файли кешу відтворення " "Kerberos." #: src/config/SSSDConfig/__init__.py.in:57 msgid "Domain to add to names without a domain component." msgstr "Домен, який слід додати до назв без компонента домену." #: src/config/SSSDConfig/__init__.py.in:60 msgid "Enumeration cache timeout length (seconds)" msgstr "Тривалість часу очікування на дані кешу нумерування (у секундах)" #: src/config/SSSDConfig/__init__.py.in:61 msgid "Entry cache background update timeout length (seconds)" msgstr "Час очікування на фонове оновлення кешу записів (у секундах)" #: src/config/SSSDConfig/__init__.py.in:62 #: src/config/SSSDConfig/__init__.py.in:88 msgid "Negative cache timeout length (seconds)" msgstr "Від’ємний час очікування на дані з кешу (у секундах)" #: src/config/SSSDConfig/__init__.py.in:63 msgid "Users that SSSD should explicitly ignore" msgstr "Користувачі, яких SSSD має явно ігнорувати" #: src/config/SSSDConfig/__init__.py.in:64 msgid "Groups that SSSD should explicitly ignore" msgstr "Групи користувачів, які SSSD має явно ігнорувати" #: src/config/SSSDConfig/__init__.py.in:65 msgid "Should filtered users appear in groups" msgstr "Чи слід показувати відфільтрованих користувачів у групах" #: src/config/SSSDConfig/__init__.py.in:66 msgid "The value of the password field the NSS provider should return" msgstr "Значення поля пароля, яке має повертати постачальник даних NSS" #: src/config/SSSDConfig/__init__.py.in:67 msgid "Override homedir value from the identity provider with this value" msgstr "" "Замінити значення назви домашнього каталогу від надавача профілю цим " "значенням" #: src/config/SSSDConfig/__init__.py.in:68 msgid "" "Substitute empty homedir value from the identity provider with this value" msgstr "" "Замінювати порожні значення домашніх каталогів у засобі надання даних " "профілів цим значенням" #: src/config/SSSDConfig/__init__.py.in:69 msgid "Override shell value from the identity provider with this value" msgstr "Замінити значення оболонки від надавача профілю цим значенням" #: src/config/SSSDConfig/__init__.py.in:70 msgid "The list of shells users are allowed to log in with" msgstr "Список оболонок, за допомогою яких можуть входити користувачі" #: src/config/SSSDConfig/__init__.py.in:71 msgid "" "The list of shells that will be vetoed, and replaced with the fallback shell" msgstr "Список оболонок, які буде заборонено і замінено резервною оболонкою" #: src/config/SSSDConfig/__init__.py.in:72 msgid "" "If a shell stored in central directory is allowed but not available, use " "this fallback" msgstr "" "Якщо оболонка, що зберігається у центральному каталозі дозволена, але " "недоступна, використовувати цю резервну" #: src/config/SSSDConfig/__init__.py.in:73 msgid "Shell to use if the provider does not list one" msgstr "Оболонка, яку слід використовувати, якщо засіб не надає жодної" #: src/config/SSSDConfig/__init__.py.in:74 msgid "How long will be in-memory cache records valid" msgstr "Строк дії записів кешу у пам’яті" #: src/config/SSSDConfig/__init__.py.in:77 msgid "How long to allow cached logins between online logins (days)" msgstr "" "Тривалість зберігання кешованих реєстраційних даних між входами до системи " "(у днях)" #: src/config/SSSDConfig/__init__.py.in:78 msgid "How many failed logins attempts are allowed when offline" msgstr "Макс. дозволена кількість помилкових спроб входу у автономному режимі" #: src/config/SSSDConfig/__init__.py.in:79 msgid "" "How long (minutes) to deny login after offline_failed_login_attempts has " "been reached" msgstr "" "Тривалість (у хвилинах) заборони входу після досягнення значення " "offline_failed_login_attempts" #: src/config/SSSDConfig/__init__.py.in:80 msgid "What kind of messages are displayed to the user during authentication" msgstr "Тип повідомлень, які буде показано користувачеві під час розпізнавання" #: src/config/SSSDConfig/__init__.py.in:81 msgid "How many seconds to keep identity information cached for PAM requests" msgstr "" "Тривалість (у секундах) зберігання даних щодо розпізнавання у кеші для " "запитів PAM" #: src/config/SSSDConfig/__init__.py.in:82 msgid "How many days before password expiration a warning should be displayed" msgstr "" "Визначає кількість днів між днем, коли має бути показано попередження, і " "днем, коли завершиться строк дії пароля" #: src/config/SSSDConfig/__init__.py.in:85 msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" "Визначає, чи слід обробляти атрибути правил sudo, пов’язані з часовими " "обмеженнями" #: src/config/SSSDConfig/__init__.py.in:91 msgid "Whether to hash host names and addresses in the known_hosts file" msgstr "Чи слід хешувати назви та адреси вузлів у файлі known_hosts" #: src/config/SSSDConfig/__init__.py.in:92 msgid "" "How many seconds to keep a host in the known_hosts file after its host keys " "were requested" msgstr "" "Кількість секунд, протягом яких запису вузла зберігатиметься у файлі " "known_hosts після надсилання запиту щодо ключів вузла" #: src/config/SSSDConfig/__init__.py.in:95 msgid "List of UIDs or user names allowed to access the PAC responder" msgstr "" "Список унікальних ідентифікаторів (UID) або імен користувачів, яким надано " "доступ до відповідача PAC" #: src/config/SSSDConfig/__init__.py.in:98 msgid "Identity provider" msgstr "Служба профілів" #: src/config/SSSDConfig/__init__.py.in:99 msgid "Authentication provider" msgstr "Служба розпізнавання" #: src/config/SSSDConfig/__init__.py.in:100 msgid "Access control provider" msgstr "Служба керування доступом" #: src/config/SSSDConfig/__init__.py.in:101 msgid "Password change provider" msgstr "Служба зміни паролів" #: src/config/SSSDConfig/__init__.py.in:102 msgid "SUDO provider" msgstr "Служба SUDO" #: src/config/SSSDConfig/__init__.py.in:103 msgid "Autofs provider" msgstr "Служба автоматизації файлових систем" #: src/config/SSSDConfig/__init__.py.in:104 msgid "Session-loading provider" msgstr "Служба завантаження сеансів" #: src/config/SSSDConfig/__init__.py.in:105 msgid "Host identity provider" msgstr "Служба профілів вузлів" #: src/config/SSSDConfig/__init__.py.in:108 msgid "Minimum user ID" msgstr "Мін. ідентифікатор користувача" #: src/config/SSSDConfig/__init__.py.in:109 msgid "Maximum user ID" msgstr "Макс. ідентифікатор користувача" #: src/config/SSSDConfig/__init__.py.in:110 msgid "Enable enumerating all users/groups" msgstr "Увімкнути нумерацію всіх користувачів/груп" #: src/config/SSSDConfig/__init__.py.in:111 msgid "Cache credentials for offline login" msgstr "Кешувати реєстраційні дані для автономного входу" #: src/config/SSSDConfig/__init__.py.in:112 msgid "Store password hashes" msgstr "Зберігати хеші паролів" #: src/config/SSSDConfig/__init__.py.in:113 msgid "Display users/groups in fully-qualified form" msgstr "Показувати записи користувачів/груп повністю" #: src/config/SSSDConfig/__init__.py.in:114 msgid "Don't include group members in group lookups" msgstr "Не включати учасників групи у пошуки групи" #: src/config/SSSDConfig/__init__.py.in:115 #: src/config/SSSDConfig/__init__.py.in:122 #: src/config/SSSDConfig/__init__.py.in:123 #: src/config/SSSDConfig/__init__.py.in:124 #: src/config/SSSDConfig/__init__.py.in:125 #: src/config/SSSDConfig/__init__.py.in:126 #: src/config/SSSDConfig/__init__.py.in:127 msgid "Entry cache timeout length (seconds)" msgstr "Тривалість кешування записів (у секундах)" #: src/config/SSSDConfig/__init__.py.in:116 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Обмежити або надавати перевагу певному сімейству адрес під час виконання " "пошуків DNS" #: src/config/SSSDConfig/__init__.py.in:117 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Тривалість зберігання кешованих записів після останнього успішного входу (у " "днях)" #: src/config/SSSDConfig/__init__.py.in:118 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" "Тривалість очікування на відповідь від DNS під час визначення адрес серверів " "(у секундах)" #: src/config/SSSDConfig/__init__.py.in:119 msgid "The domain part of service discovery DNS query" msgstr "Частина запиту щодо виявлення служби DNS, пов’язана з доменом" #: src/config/SSSDConfig/__init__.py.in:120 msgid "Override GID value from the identity provider with this value" msgstr "" "Замінити значення ідентифікатора групи від надавача профілю цим значенням" #: src/config/SSSDConfig/__init__.py.in:121 msgid "Treat usernames as case sensitive" msgstr "Враховувати регістр у іменах користувачів" #: src/config/SSSDConfig/__init__.py.in:128 msgid "How often should expired entries be refreshed in background" msgstr "Наскільки часто має виконувати оновлення у тлі застарілих записів" #: src/config/SSSDConfig/__init__.py.in:129 msgid "Whether to automatically update the client's DNS entry" msgstr "Визначає, чи слід автоматично оновлювати запис DNS клієнта" #: src/config/SSSDConfig/__init__.py.in:130 #: src/config/SSSDConfig/__init__.py.in:145 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" "TTL, який слід застосовувати до запису DNS клієнта після його оновлення" #: src/config/SSSDConfig/__init__.py.in:131 #: src/config/SSSDConfig/__init__.py.in:146 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "Інтерфейс, чию адресу IP має бути використано для динамічних оновлень DNS" #: src/config/SSSDConfig/__init__.py.in:132 msgid "How often to periodically update the client's DNS entry" msgstr "Визначає, наскільки часто слід періодично оновлювати запис DNS клієнта" #: src/config/SSSDConfig/__init__.py.in:133 msgid "Whether the provider should explicitly update the PTR record as well" msgstr "" "Визначає, чи слід надавачу даних також явним чином оновлювати запис PTR" #: src/config/SSSDConfig/__init__.py.in:134 msgid "Whether the nsupdate utility should default to using TCP" msgstr "Визначає, чи слід програмі nsupdate типово використовувати TCP" #: src/config/SSSDConfig/__init__.py.in:135 msgid "What kind of authentication should be used to perform the DNS update" msgstr "" "Визначає тип розпізнавання, який слід використовувати для виконання " "оновлення DNS" #: src/config/SSSDConfig/__init__.py.in:136 msgid "Control enumeration of trusted domains" msgstr "" #: src/config/SSSDConfig/__init__.py.in:137 #, fuzzy msgid "How often should subdomains list be refreshed" msgstr "Наскільки часто має виконувати оновлення у тлі застарілих записів" #: src/config/SSSDConfig/__init__.py.in:140 msgid "IPA domain" msgstr "Домен IPA" #: src/config/SSSDConfig/__init__.py.in:141 msgid "IPA server address" msgstr "Адреса сервера IPA" #: src/config/SSSDConfig/__init__.py.in:142 msgid "Address of backup IPA server" msgstr "Адреса резервного сервера IPA" #: src/config/SSSDConfig/__init__.py.in:143 msgid "IPA client hostname" msgstr "Назва вузла клієнта IPA" #: src/config/SSSDConfig/__init__.py.in:144 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Визначає, чи слід автоматично оновлювати запис DNS клієнтського вузла у " "FreeIPA" #: src/config/SSSDConfig/__init__.py.in:147 msgid "Search base for HBAC related objects" msgstr "Шукати у базі об’єкти, пов’язані з HBAC" #: src/config/SSSDConfig/__init__.py.in:148 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" "Інтервал часу між послідовними сеансами пошуку правил HBAC на сервері IPA" #: src/config/SSSDConfig/__init__.py.in:149 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "Час, у секундах, між пошуками у картах SELinux на сервері IPA" #: src/config/SSSDConfig/__init__.py.in:150 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "Якщо вказано правила DENY, DENY_ALL або IGNORE" #: src/config/SSSDConfig/__init__.py.in:151 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Якщо встановлено значення «false», аргумент вузла, наданий PAM, буде " "проігноровано" #: src/config/SSSDConfig/__init__.py.in:152 msgid "The automounter location this IPA client is using" msgstr "Адреса автоматичного монтування, яку використовує цей клієнт IPA" #: src/config/SSSDConfig/__init__.py.in:153 msgid "Search base for object containing info about IPA domain" msgstr "Шукати у базі об’єкт, що містить дані щодо домену IPA" #: src/config/SSSDConfig/__init__.py.in:154 msgid "Search base for objects containing info about ID ranges" msgstr "Шукати у базі об’єкти, що містять дані щодо діапазонів ідентифікаторів" #: src/config/SSSDConfig/__init__.py.in:155 #: src/config/SSSDConfig/__init__.py.in:162 msgid "Enable DNS sites - location based service discovery" msgstr "Увімкнути сайти DNS — визначення служб на основі адрес" #: src/config/SSSDConfig/__init__.py.in:158 msgid "Active Directory domain" msgstr "Домен Active Directory" #: src/config/SSSDConfig/__init__.py.in:159 msgid "Active Directory server address" msgstr "Адреса сервера Active Directory" #: src/config/SSSDConfig/__init__.py.in:160 msgid "Active Directory backup server address" msgstr "Адреса резервного сервера Active Directory" #: src/config/SSSDConfig/__init__.py.in:161 msgid "Active Directory client hostname" msgstr "Назва клієнтського вузла Active Directory" #: src/config/SSSDConfig/__init__.py.in:165 #: src/config/SSSDConfig/__init__.py.in:166 msgid "Kerberos server address" msgstr "Адреса сервера Kerberos" #: src/config/SSSDConfig/__init__.py.in:167 msgid "Kerberos backup server address" msgstr "Адреса резервного сервера Kerberos" #: src/config/SSSDConfig/__init__.py.in:168 msgid "Kerberos realm" msgstr "Область Kerberos" #: src/config/SSSDConfig/__init__.py.in:169 msgid "Authentication timeout" msgstr "Час очікування на розпізнавання" #: src/config/SSSDConfig/__init__.py.in:170 msgid "Whether to create kdcinfo files" msgstr "Визначає, чи слід створювати файли kdcinfo" #: src/config/SSSDConfig/__init__.py.in:173 msgid "Directory to store credential caches" msgstr "Каталог, де зберігатиметься кеш реєстраційних даних" #: src/config/SSSDConfig/__init__.py.in:174 msgid "Location of the user's credential cache" msgstr "Адреса кешу реєстраційних даних користувача" #: src/config/SSSDConfig/__init__.py.in:175 msgid "Location of the keytab to validate credentials" msgstr "Адреса таблиці ключів для перевірки реєстраційних даних" #: src/config/SSSDConfig/__init__.py.in:176 msgid "Enable credential validation" msgstr "Увімкнути перевірку реєстраційних даних" #: src/config/SSSDConfig/__init__.py.in:177 msgid "Store password if offline for later online authentication" msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі" #: src/config/SSSDConfig/__init__.py.in:178 msgid "Renewable lifetime of the TGT" msgstr "Поновлюваний строк дії TGT" #: src/config/SSSDConfig/__init__.py.in:179 msgid "Lifetime of the TGT" msgstr "Строк дії TGT" #: src/config/SSSDConfig/__init__.py.in:180 msgid "Time between two checks for renewal" msgstr "Граничний час між двома перевірками для поновлення" #: src/config/SSSDConfig/__init__.py.in:181 msgid "Enables FAST" msgstr "Вмикає FAST" #: src/config/SSSDConfig/__init__.py.in:182 msgid "Selects the principal to use for FAST" msgstr "Визначає реєстраційний запис, який слід використовувати для FAST" #: src/config/SSSDConfig/__init__.py.in:183 msgid "Enables principal canonicalization" msgstr "Вмикає перетворення реєстраційних записів у канонічну форму" #: src/config/SSSDConfig/__init__.py.in:184 msgid "Enables enterprise principals" msgstr "Увімкнути промислові реєстраційні дані" #: src/config/SSSDConfig/__init__.py.in:187 #: src/config/SSSDConfig/__init__.py.in:188 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться " "виявити у KDC" #: src/config/SSSDConfig/__init__.py.in:191 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, адреса URI сервера LDAP" #: src/config/SSSDConfig/__init__.py.in:192 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, адреса сервера LDAP" #: src/config/SSSDConfig/__init__.py.in:193 msgid "The default base DN" msgstr "Типова базова назва домену" #: src/config/SSSDConfig/__init__.py.in:194 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Тип схеми, використаний на сервері LDAP, rfc2307" #: src/config/SSSDConfig/__init__.py.in:195 msgid "The default bind DN" msgstr "Типова назва домену прив’язки" #: src/config/SSSDConfig/__init__.py.in:196 msgid "The type of the authentication token of the default bind DN" msgstr "Тип розпізнавання для типової назви сервера прив’язки" #: src/config/SSSDConfig/__init__.py.in:197 msgid "The authentication token of the default bind DN" msgstr "Лексема розпізнавання типової назви сервера прив’язки" #: src/config/SSSDConfig/__init__.py.in:198 msgid "Length of time to attempt connection" msgstr "Проміжок часу між спробами встановлення з’єднання" #: src/config/SSSDConfig/__init__.py.in:199 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP" #: src/config/SSSDConfig/__init__.py.in:200 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Проміжок часу між повторними спробами встановлення з’єднання у автономному " "режимі" #: src/config/SSSDConfig/__init__.py.in:201 msgid "Use only the upper case for realm names" msgstr "Використовувати для назв областей лише великі літери" #: src/config/SSSDConfig/__init__.py.in:202 msgid "File that contains CA certificates" msgstr "Файл, що містить сертифікати CA" #: src/config/SSSDConfig/__init__.py.in:203 msgid "Path to CA certificate directory" msgstr "Шлях до каталогу сертифікатів CA" #: src/config/SSSDConfig/__init__.py.in:204 msgid "File that contains the client certificate" msgstr "Файл, що містить клієнтський сертифікат" #: src/config/SSSDConfig/__init__.py.in:205 msgid "File that contains the client key" msgstr "Файл, що містить клієнтський ключ" #: src/config/SSSDConfig/__init__.py.in:206 msgid "List of possible ciphers suites" msgstr "Показати список можливих інструментів шифрування" #: src/config/SSSDConfig/__init__.py.in:207 msgid "Require TLS certificate verification" msgstr "Потрібна перевірка сертифіката TLS" #: src/config/SSSDConfig/__init__.py.in:208 msgid "Specify the sasl mechanism to use" msgstr "Вкажіть механізм SASL, який слід використовувати" #: src/config/SSSDConfig/__init__.py.in:209 msgid "Specify the sasl authorization id to use" msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати" #: src/config/SSSDConfig/__init__.py.in:210 msgid "Specify the sasl authorization realm to use" msgstr "Вкажіть область уповноваження SASL, яку слід використовувати" #: src/config/SSSDConfig/__init__.py.in:211 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" "Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl" #: src/config/SSSDConfig/__init__.py.in:212 msgid "Kerberos service keytab" msgstr "Таблиця ключів служби Kerberos" #: src/config/SSSDConfig/__init__.py.in:213 msgid "Use Kerberos auth for LDAP connection" msgstr "Розпізнавання Kerberos для з’єднання LDAP" #: src/config/SSSDConfig/__init__.py.in:214 msgid "Follow LDAP referrals" msgstr "Переходити за посиланнями LDAP" #: src/config/SSSDConfig/__init__.py.in:215 msgid "Lifetime of TGT for LDAP connection" msgstr "Строк дії TGT для з’єднання LDAP" #: src/config/SSSDConfig/__init__.py.in:216 msgid "How to dereference aliases" msgstr "Спосіб розіменування псевдонімів" #: src/config/SSSDConfig/__init__.py.in:217 msgid "Service name for DNS service lookups" msgstr "Назва служби для пошуків за допомогою служби DNS" #: src/config/SSSDConfig/__init__.py.in:218 msgid "The number of records to retrieve in a single LDAP query" msgstr "Кількість записів, які слід отримувати у відповідь на один запит LDAP" #: src/config/SSSDConfig/__init__.py.in:219 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "Кількість учасників, яких має не вистачати для вмикання повного скасування " "посилань" #: src/config/SSSDConfig/__init__.py.in:220 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" "Визначає, чи має бібліотека LDAP виконувати зворотній пошук з метою " "переведення назв вузлів у канонічну форму під час прив’язки до SASL" #: src/config/SSSDConfig/__init__.py.in:222 msgid "entryUSN attribute" msgstr "Атрибут entryUSN" #: src/config/SSSDConfig/__init__.py.in:223 msgid "lastUSN attribute" msgstr "Атрибут lastUSN" #: src/config/SSSDConfig/__init__.py.in:225 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "Тривалість підтримування з’єднання з сервером LDAP перед роз’єднанням" #: src/config/SSSDConfig/__init__.py.in:227 msgid "Disable the LDAP paging control" msgstr "Вимкнути контроль сторінок у LDAP" #: src/config/SSSDConfig/__init__.py.in:228 msgid "Disable Active Directory range retrieval" msgstr "Вимкнути отримання діапазонів Active Directory" #: src/config/SSSDConfig/__init__.py.in:231 msgid "Length of time to wait for a search request" msgstr "Тривалість очікування на дані запиту пошуку" #: src/config/SSSDConfig/__init__.py.in:232 msgid "Length of time to wait for a enumeration request" msgstr "Тривалість очікування на дані запиту щодо переліку" #: src/config/SSSDConfig/__init__.py.in:233 msgid "Length of time between enumeration updates" msgstr "Проміжок часу між оновленнями нумерації" #: src/config/SSSDConfig/__init__.py.in:234 msgid "Length of time between cache cleanups" msgstr "Проміжок часу між спорожненнями кешу" #: src/config/SSSDConfig/__init__.py.in:235 msgid "Require TLS for ID lookups" msgstr "Вимагати TLS для пошуків ідентифікаторів" #: src/config/SSSDConfig/__init__.py.in:236 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" "Використовувати відповідності ідентифікаторів objectSID замість попередньо " "встановлених ідентифікаторів" #: src/config/SSSDConfig/__init__.py.in:237 msgid "Base DN for user lookups" msgstr "Базова назва домену для пошуків користувачів" #: src/config/SSSDConfig/__init__.py.in:238 msgid "Scope of user lookups" msgstr "Діапазон пошуків користувачів" #: src/config/SSSDConfig/__init__.py.in:239 msgid "Filter for user lookups" msgstr "Фільтр пошуку користувачів" #: src/config/SSSDConfig/__init__.py.in:240 msgid "Objectclass for users" msgstr "Клас об’єктів для користувачів" #: src/config/SSSDConfig/__init__.py.in:241 msgid "Username attribute" msgstr "Атрибут імені користувача" #: src/config/SSSDConfig/__init__.py.in:243 msgid "UID attribute" msgstr "Атрибут UID" #: src/config/SSSDConfig/__init__.py.in:244 msgid "Primary GID attribute" msgstr "Головний атрибут GID" #: src/config/SSSDConfig/__init__.py.in:245 msgid "GECOS attribute" msgstr "Атрибут GECOS" #: src/config/SSSDConfig/__init__.py.in:246 msgid "Home directory attribute" msgstr "Атрибут домашнього каталогу" #: src/config/SSSDConfig/__init__.py.in:247 msgid "Shell attribute" msgstr "Атрибут оболонки" #: src/config/SSSDConfig/__init__.py.in:248 msgid "UUID attribute" msgstr "Атрибут UUID" #: src/config/SSSDConfig/__init__.py.in:249 #: src/config/SSSDConfig/__init__.py.in:285 msgid "objectSID attribute" msgstr "Атрибут objectSID" #: src/config/SSSDConfig/__init__.py.in:250 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" "Атрибут основної групи Active Directory для встановлення відповідності " "ідентифікатора" #: src/config/SSSDConfig/__init__.py.in:251 msgid "User principal attribute (for Kerberos)" msgstr "Атрибут реєстраційного запису користувача (для Kerberos)" #: src/config/SSSDConfig/__init__.py.in:252 msgid "Full Name" msgstr "Повне ім'я" #: src/config/SSSDConfig/__init__.py.in:253 msgid "memberOf attribute" msgstr "Атрибут memberOf" #: src/config/SSSDConfig/__init__.py.in:254 msgid "Modification time attribute" msgstr "Атрибут часу зміни" #: src/config/SSSDConfig/__init__.py.in:256 msgid "shadowLastChange attribute" msgstr "Атрибут shadowLastChange" #: src/config/SSSDConfig/__init__.py.in:257 msgid "shadowMin attribute" msgstr "Атрибут shadowMin" #: src/config/SSSDConfig/__init__.py.in:258 msgid "shadowMax attribute" msgstr "Атрибут shadowMax" #: src/config/SSSDConfig/__init__.py.in:259 msgid "shadowWarning attribute" msgstr "Атрибут shadowWarning" #: src/config/SSSDConfig/__init__.py.in:260 msgid "shadowInactive attribute" msgstr "Атрибут shadowInactive" #: src/config/SSSDConfig/__init__.py.in:261 msgid "shadowExpire attribute" msgstr "Атрибут shadowExpire" #: src/config/SSSDConfig/__init__.py.in:262 msgid "shadowFlag attribute" msgstr "Атрибут shadowFlag" #: src/config/SSSDConfig/__init__.py.in:263 msgid "Attribute listing authorized PAM services" msgstr "Атрибути зі списком уповноважених служб PAM" #: src/config/SSSDConfig/__init__.py.in:264 msgid "Attribute listing authorized server hosts" msgstr "Атрибути зі списком уповноважених серверних вузлів" #: src/config/SSSDConfig/__init__.py.in:265 msgid "krbLastPwdChange attribute" msgstr "Атрибут krbLastPwdChange" #: src/config/SSSDConfig/__init__.py.in:266 msgid "krbPasswordExpiration attribute" msgstr "Атрибут krbPasswordExpiration" #: src/config/SSSDConfig/__init__.py.in:267 msgid "Attribute indicating that server side password policies are active" msgstr "" "Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера" #: src/config/SSSDConfig/__init__.py.in:268 msgid "accountExpires attribute of AD" msgstr "Атрибут accountExpires AD" #: src/config/SSSDConfig/__init__.py.in:269 msgid "userAccountControl attribute of AD" msgstr "Атрибут userAccountControl AD" #: src/config/SSSDConfig/__init__.py.in:270 msgid "nsAccountLock attribute" msgstr "Атрибут nsAccountLock" #: src/config/SSSDConfig/__init__.py.in:271 msgid "loginDisabled attribute of NDS" msgstr "Атрибут loginDisabled NDS" #: src/config/SSSDConfig/__init__.py.in:272 msgid "loginExpirationTime attribute of NDS" msgstr "Атрибут loginExpirationTime NDS" #: src/config/SSSDConfig/__init__.py.in:273 msgid "loginAllowedTimeMap attribute of NDS" msgstr "Атрибут loginAllowedTimeMap NDS" #: src/config/SSSDConfig/__init__.py.in:274 msgid "SSH public key attribute" msgstr "Атрибут відкритого ключа SSH" #: src/config/SSSDConfig/__init__.py.in:276 msgid "Base DN for group lookups" msgstr "Базова назва домену для пошуків груп" #: src/config/SSSDConfig/__init__.py.in:279 msgid "Objectclass for groups" msgstr "Клас об’єктів для груп" #: src/config/SSSDConfig/__init__.py.in:280 msgid "Group name" msgstr "Назва групи" #: src/config/SSSDConfig/__init__.py.in:281 msgid "Group password" msgstr "Пароль групи" #: src/config/SSSDConfig/__init__.py.in:282 msgid "GID attribute" msgstr "Атрибут GID" #: src/config/SSSDConfig/__init__.py.in:283 msgid "Group member attribute" msgstr "Атрибут членства у групі" #: src/config/SSSDConfig/__init__.py.in:284 msgid "Group UUID attribute" msgstr "Атрибут UUID групи" #: src/config/SSSDConfig/__init__.py.in:286 msgid "Modification time attribute for groups" msgstr "Атрибут часу зміни для груп" #: src/config/SSSDConfig/__init__.py.in:287 msgid "Type of the group and other flags" msgstr "" #: src/config/SSSDConfig/__init__.py.in:289 msgid "Maximum nesting level SSSd will follow" msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD" #: src/config/SSSDConfig/__init__.py.in:291 msgid "Base DN for netgroup lookups" msgstr "Базова назва домену для пошуків груп у мережі" #: src/config/SSSDConfig/__init__.py.in:292 msgid "Objectclass for netgroups" msgstr "Клас об’єктів для груп у мережі" #: src/config/SSSDConfig/__init__.py.in:293 msgid "Netgroup name" msgstr "Назва мережевої групи" #: src/config/SSSDConfig/__init__.py.in:294 msgid "Netgroups members attribute" msgstr "Атрибут членства у групах у мережі" #: src/config/SSSDConfig/__init__.py.in:295 msgid "Netgroup triple attribute" msgstr "Атрибут трійки груп у мережі" #: src/config/SSSDConfig/__init__.py.in:296 msgid "Netgroup UUID attribute" msgstr "Атрибут UUID груп у мережі" #: src/config/SSSDConfig/__init__.py.in:297 msgid "Modification time attribute for netgroups" msgstr "Атрибут часу зміни для мережевих груп" #: src/config/SSSDConfig/__init__.py.in:299 msgid "Base DN for service lookups" msgstr "Базова сервер назв домену для пошуку служб" #: src/config/SSSDConfig/__init__.py.in:300 msgid "Objectclass for services" msgstr "Клас об’єктів для служб" #: src/config/SSSDConfig/__init__.py.in:301 msgid "Service name attribute" msgstr "Атрибут назви служби" #: src/config/SSSDConfig/__init__.py.in:302 msgid "Service port attribute" msgstr "Атрибут порту служби" #: src/config/SSSDConfig/__init__.py.in:303 msgid "Service protocol attribute" msgstr "Атрибут протоколу служби" #: src/config/SSSDConfig/__init__.py.in:306 msgid "Lower bound for ID-mapping" msgstr "Нижня межа встановлення відповідності ідентифікатора" #: src/config/SSSDConfig/__init__.py.in:307 msgid "Upper bound for ID-mapping" msgstr "Верхня межа встановлення відповідності ідентифікатора" #: src/config/SSSDConfig/__init__.py.in:308 msgid "Number of IDs for each slice when ID-mapping" msgstr "" "Кількість ідентифікаторів для кожного зрізу під час встановлення " "відповідності ідентифікаторів" #: src/config/SSSDConfig/__init__.py.in:309 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" "Використовувати для встановлення відповідності ідентифікаторів алгоритм, " "сумісний з autorid" #: src/config/SSSDConfig/__init__.py.in:310 msgid "Name of the default domain for ID-mapping" msgstr "Назва типового домену для встановлення відповідності ідентифікаторів" #: src/config/SSSDConfig/__init__.py.in:311 msgid "SID of the default domain for ID-mapping" msgstr "SID типового домену для встановлення відповідності ідентифікаторів" #: src/config/SSSDConfig/__init__.py.in:313 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" msgstr "Використовувати LDAP_MATCHING_RULE_IN_CHAIN щодо пошуків груп (group)" #: src/config/SSSDConfig/__init__.py.in:314 msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" msgstr "" "Використовувати LDAP_MATCHING_RULE_IN_CHAIN щодо пошуків початкових груп " "(initgroup)" #: src/config/SSSDConfig/__init__.py.in:315 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "Встановити нижню межу для дозволених ідентифікаторів із сервера LDAP" #: src/config/SSSDConfig/__init__.py.in:316 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "Встановити верхню межу для дозволених ідентифікаторів із сервера LDAP" #: src/config/SSSDConfig/__init__.py.in:319 msgid "Policy to evaluate the password expiration" msgstr "Правила оцінки завершення строку дії пароля" #: src/config/SSSDConfig/__init__.py.in:322 msgid "LDAP filter to determine access privileges" msgstr "Фільтр LDAP для визначення прав доступу" #: src/config/SSSDConfig/__init__.py.in:323 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Атрибути які слід використовувати для визначення чинності облікового запису" #: src/config/SSSDConfig/__init__.py.in:324 msgid "Which rules should be used to evaluate access control" msgstr "" "Правила, які має бути використано для визначення достатності прав доступу" #: src/config/SSSDConfig/__init__.py.in:327 msgid "URI of an LDAP server where password changes are allowed" msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів" #: src/config/SSSDConfig/__init__.py.in:328 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "Адреса резервного сервера LDAP, для якої можливі зміни паролів" #: src/config/SSSDConfig/__init__.py.in:329 msgid "DNS service name for LDAP password change server" msgstr "Назва у службі DNS сервера зміни паролів LDAP" #: src/config/SSSDConfig/__init__.py.in:330 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" "Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change після " "зміни пароля" #: src/config/SSSDConfig/__init__.py.in:333 msgid "Base DN for sudo rules lookups" msgstr "Базова назва домену для пошуків правил sudo" #: src/config/SSSDConfig/__init__.py.in:334 msgid "Automatic full refresh period" msgstr "Період автоматичного повного оновлення даних" #: src/config/SSSDConfig/__init__.py.in:335 msgid "Automatic smart refresh period" msgstr "Період автоматичного кмітливого оновлення даних" #: src/config/SSSDConfig/__init__.py.in:336 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" "Визначає, чи слід фільтрувати правила за назвами вузлів, IP-адресами та " "мережами" #: src/config/SSSDConfig/__init__.py.in:337 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" "Назви вузлів і/або повні назви у домені для цього комп’ютера для " "фільтрування списку правил sudo" #: src/config/SSSDConfig/__init__.py.in:338 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "Адреси IPv4 або IPv6 чи мережа цього комп’ютера для фільтрування списку " "правил sudo" #: src/config/SSSDConfig/__init__.py.in:339 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Визначає, чи слід включати правила, що містять мережеву групу у атрибуті " "вузла" #: src/config/SSSDConfig/__init__.py.in:340 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Визначає, чи слід включати правила, що містять формальний вираз у атрибуті " "вузла" #: src/config/SSSDConfig/__init__.py.in:341 msgid "Object class for sudo rules" msgstr "Клас об’єктів для правил sudo" #: src/config/SSSDConfig/__init__.py.in:342 msgid "Sudo rule name" msgstr "Назва правила sudo" #: src/config/SSSDConfig/__init__.py.in:343 msgid "Sudo rule command attribute" msgstr "Атрибут команди правила sudo" #: src/config/SSSDConfig/__init__.py.in:344 msgid "Sudo rule host attribute" msgstr "Атрибут вузла правила sudo" #: src/config/SSSDConfig/__init__.py.in:345 msgid "Sudo rule user attribute" msgstr "Атрибут користувача правила sudo" #: src/config/SSSDConfig/__init__.py.in:346 msgid "Sudo rule option attribute" msgstr "Атрибут параметрів правила sudo" #: src/config/SSSDConfig/__init__.py.in:347 msgid "Sudo rule runasuser attribute" msgstr "" "Атрибут користувача, від імені якого виконуватиметься запуск, правила sudo" #: src/config/SSSDConfig/__init__.py.in:348 msgid "Sudo rule runasgroup attribute" msgstr "Атрибут групи, від імені якої виконуватиметься запуск, правила sudo" #: src/config/SSSDConfig/__init__.py.in:349 msgid "Sudo rule notbefore attribute" msgstr "Атрибут граничного часу початку дії правила sudo" #: src/config/SSSDConfig/__init__.py.in:350 msgid "Sudo rule notafter attribute" msgstr "Атрибут граничного часу завершення дії правила sudo" #: src/config/SSSDConfig/__init__.py.in:351 msgid "Sudo rule order attribute" msgstr "Атрибут порядку правила sudo" #: src/config/SSSDConfig/__init__.py.in:354 msgid "Object class for automounter maps" msgstr "Клас об’єктів для карт автоматичного монтування" #: src/config/SSSDConfig/__init__.py.in:355 msgid "Automounter map name attribute" msgstr "Атрибут назви карти автоматичного монтування" #: src/config/SSSDConfig/__init__.py.in:356 msgid "Object class for automounter map entries" msgstr "Клас об’єктів для записів карт автоматичного монтування" #: src/config/SSSDConfig/__init__.py.in:357 msgid "Automounter map entry key attribute" msgstr "Атрибут ключа запису карти автоматичного монтування" #: src/config/SSSDConfig/__init__.py.in:358 msgid "Automounter map entry value attribute" msgstr "Атрибут значення запису карти автоматичного монтування" #: src/config/SSSDConfig/__init__.py.in:359 msgid "Base DN for automounter map lookups" msgstr "Базовий сервер назв домену для пошуків карти автоматичного монтування" #: src/config/SSSDConfig/__init__.py.in:362 msgid "Comma separated list of allowed users" msgstr "Відокремлений комами список дозволених користувачів" #: src/config/SSSDConfig/__init__.py.in:363 msgid "Comma separated list of prohibited users" msgstr "Відокремлений комами список заборонених користувачів" #: src/config/SSSDConfig/__init__.py.in:366 msgid "Default shell, /bin/bash" msgstr "Типова оболонка, /bin/bash" #: src/config/SSSDConfig/__init__.py.in:367 msgid "Base for home directories" msgstr "Базова адреса домашніх каталогів" #: src/config/SSSDConfig/__init__.py.in:370 msgid "The name of the NSS library to use" msgstr "Назва бібліотеки NSS, яку слід використовувати" #: src/config/SSSDConfig/__init__.py.in:371 msgid "Whether to look up canonical group name from cache if possible" msgstr "" "Визначає, чи слід виконувати пошук канонічної назви групи у кеші, якщо це " "можливо" #: src/config/SSSDConfig/__init__.py.in:374 msgid "PAM stack to use" msgstr "Стек PAM, який слід використовувати" #: src/monitor/monitor.c:2651 msgid "Become a daemon (default)" msgstr "Запуститися фонову службу (типова поведінка)" #: src/monitor/monitor.c:2653 msgid "Run interactive (not a daemon)" msgstr "Запустити у інтерактивному режимі (без фонової служби)" #: src/monitor/monitor.c:2655 src/tools/sss_debuglevel.c:71 msgid "Specify a non-default config file" msgstr "Вказати нетиповий файл налаштувань" #: src/monitor/monitor.c:2657 msgid "Print version number and exit" msgstr "Вивести номер версії і завершити роботу" #: src/providers/krb5/krb5_child.c:1962 src/providers/ldap/ldap_child.c:435 #: src/util/util.h:100 msgid "Debug level" msgstr "Рівень зневаджування" #: src/providers/krb5/krb5_child.c:1964 src/providers/ldap/ldap_child.c:437 #: src/util/util.h:104 msgid "Add debug timestamps" msgstr "Додавати діагностичні часові позначки" #: src/providers/krb5/krb5_child.c:1966 src/providers/ldap/ldap_child.c:439 #: src/util/util.h:106 msgid "Show timestamps with microseconds" msgstr "Показувати мікросекунди у часових позначках" #: src/providers/krb5/krb5_child.c:1968 src/providers/ldap/ldap_child.c:441 msgid "An open file descriptor for the debug logs" msgstr "Дескриптор відкритого файла для запису журналів діагностики" #: src/providers/data_provider_be.c:2932 msgid "Domain of the information provider (mandatory)" msgstr "Домен надання відомостей (обов’язковий)" #: src/sss_client/common.c:946 msgid "Privileged socket has wrong ownership or permissions." msgstr "У привілейованого сокета помилковий власник або права доступу." #: src/sss_client/common.c:949 msgid "Public socket has wrong ownership or permissions." msgstr "У відкритого сокета помилковий власник або права доступу." #: src/sss_client/common.c:952 msgid "Unexpected format of the server credential message." msgstr "Некоректний формат повідомлення щодо реєстраційних даних сервера." #: src/sss_client/common.c:955 msgid "SSSD is not run by root." msgstr "SSSD запущено не від імені користувача root." #: src/sss_client/common.c:960 msgid "An error occurred, but no description can be found." msgstr "Сталася помилка, але не вдалося знайти її опису." #: src/sss_client/common.c:966 msgid "Unexpected error while looking for an error description" msgstr "Неочікувана помилка під час пошуку опису помилки" #: src/sss_client/pam_sss.c:388 msgid "Passwords do not match" msgstr "Паролі не збігаються" #: src/sss_client/pam_sss.c:576 msgid "Password reset by root is not supported." msgstr "Підтримки скидання пароля користувачем root не передбачено." #: src/sss_client/pam_sss.c:617 msgid "Authenticated with cached credentials" msgstr "Розпізнано за реєстраційними даними з кешу" #: src/sss_client/pam_sss.c:618 msgid ", your cached password will expire at: " msgstr ", строк дії вашого кешованого пароля завершиться: " #: src/sss_client/pam_sss.c:648 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Строк дії вашого пароля вичерпано. Залишилося %1$d резервних входи." #: src/sss_client/pam_sss.c:694 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Строк дії вашого пароля завершиться за %1$d %2$s." #: src/sss_client/pam_sss.c:743 msgid "Authentication is denied until: " msgstr "Розпізнавання заборонено до: " #: src/sss_client/pam_sss.c:764 msgid "System is offline, password change not possible" msgstr "Система працює у автономному режимі, зміна пароля неможлива" #: src/sss_client/pam_sss.c:779 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" #: src/sss_client/pam_sss.c:810 src/sss_client/pam_sss.c:823 msgid "Password change failed. " msgstr "Спроба зміни пароля зазнала невдачі. " #: src/sss_client/pam_sss.c:813 src/sss_client/pam_sss.c:824 msgid "Server message: " msgstr "Повідомлення сервера: " #: src/sss_client/pam_sss.c:1251 msgid "New Password: " msgstr "Новий пароль: " #: src/sss_client/pam_sss.c:1252 msgid "Reenter new Password: " msgstr "Ще раз введіть новий пароль: " #: src/sss_client/pam_sss.c:1340 msgid "Password: " msgstr "Пароль: " #: src/sss_client/pam_sss.c:1372 msgid "Current Password: " msgstr "Поточний пароль: " #: src/sss_client/pam_sss.c:1527 msgid "Password expired. Change your password now." msgstr "Строк дії пароля вичерпано. Змініть ваш пароль." #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 #: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44 #: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652 #: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47 #: src/tools/sss_cache.c:540 src/tools/sss_debuglevel.c:69 msgid "The debug level to run with" msgstr "Рівень діагностики під час запуску" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 msgid "The SSSD domain to use" msgstr "Домен SSSD, який слід використовувати" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73 #: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53 #: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663 #: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74 #: src/tools/sss_cache.c:573 msgid "Error setting the locale\n" msgstr "Помилка під час спроби встановити локаль\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" msgstr "Недостатньо пам’яті\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" msgstr "Не вказано користувача\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:92 msgid "Error looking up public keys\n" msgstr "Помилка під час спроби пошуку відкритих ключів\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 msgid "The port to use to connect to the host" msgstr "Порт, яким слід користуватися для встановлення з’єднань з вузлом" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 msgid "Invalid port\n" msgstr "Некоректний порт.\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 msgid "Host not specified\n" msgstr "Не вказано вузол\n" #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 msgid "The path to the proxy command must be absolute\n" msgstr "Має бути вказано абсолютний шлях до команди проксі-сервера\n" #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 msgid "The UID of the user" msgstr "Ідентифікатор користувача" #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 msgid "The comment string" msgstr "Рядок коментаря" #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 msgid "Home directory" msgstr "Домашній каталог" #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 msgid "Login shell" msgstr "Оболонка входу" #: src/tools/sss_useradd.c:53 msgid "Groups" msgstr "Групи" #: src/tools/sss_useradd.c:54 msgid "Create user's directory if it does not exist" msgstr "Створити каталог користувача, якщо його ще не існує" #: src/tools/sss_useradd.c:55 msgid "Never create user's directory, overrides config" msgstr "Ніколи не створювати каталог користувача, перевизначає налаштування" #: src/tools/sss_useradd.c:56 msgid "Specify an alternative skeleton directory" msgstr "Вказати альтернативний основний каталог" #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 msgid "The SELinux user for user's login" msgstr "Ім’я користувача SELinux для входу до системи" #: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78 #: src/tools/sss_usermod.c:87 msgid "Specify group to add to\n" msgstr "Вкажіть групу для додавання\n" #: src/tools/sss_useradd.c:110 msgid "Specify user to add\n" msgstr "Вкажіть користувача, запис якого слід додати\n" #: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 #: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111 #: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196 #: src/tools/sss_usermod.c:128 msgid "Error initializing the tools - no local domain\n" msgstr "Помилка ініціалізації інструментів: немає локального домену\n" #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86 #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113 #: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198 #: src/tools/sss_usermod.c:130 msgid "Error initializing the tools\n" msgstr "Помилка ініціалізації інструментів\n" #: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95 #: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121 #: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207 #: src/tools/sss_usermod.c:139 msgid "Invalid domain specified in FQDN\n" msgstr "У FQDN вказано некоректний домен\n" #: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141 #: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162 #: src/tools/sss_usermod.c:189 msgid "Internal error while parsing parameters\n" msgstr "Внутрішня помилка під час обробки параметрів\n" #: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170 #: src/tools/sss_usermod.c:197 msgid "Groups must be in the same domain as user\n" msgstr "Групи мають належати до того самого домену, що і користувач\n" #: src/tools/sss_useradd.c:155 #, c-format msgid "Cannot find group %1$s in local domain\n" msgstr "Не вдалося знайти групу %1$s у локальному домені\n" #: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217 msgid "Cannot set default values\n" msgstr "Не вдалося встановити типові значення\n" #: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153 msgid "The selected UID is outside the allowed range\n" msgstr "" "Вибраний ідентифікатор користувача не належить до діапазону дозволених\n" #: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264 msgid "Cannot set SELinux login context\n" msgstr "Не вдалося встановити контекст входу SELinux\n" #: src/tools/sss_useradd.c:221 msgid "Cannot get info about the user\n" msgstr "Не вдалося отримати відомості щодо користувача\n" #: src/tools/sss_useradd.c:233 msgid "User's home directory already exists, not copying data from skeldir\n" msgstr "" "Домашній каталог користувача вже існує, копіювання даних з каталогу skel не " "виконуватиметься\n" #: src/tools/sss_useradd.c:236 #, c-format msgid "Cannot create user's home directory: %1$s\n" msgstr "Не вдалося створити домашній каталог користувача: %1$s\n" #: src/tools/sss_useradd.c:247 #, c-format msgid "Cannot create user's mail spool: %1$s\n" msgstr "Не вдалося створити поштовий буфер користувача: %1$s\n" #: src/tools/sss_useradd.c:266 msgid "Could not allocate ID for the user - domain full?\n" msgstr "" "Не вдалося отримати ідентифікатор для користувача. Домен переповнено?\n" #: src/tools/sss_useradd.c:270 msgid "A user or group with the same name or ID already exists\n" msgstr "" "Вже існує користувач або група з таким самим іменем, назвою або " "ідентифікатором\n" #: src/tools/sss_useradd.c:276 msgid "Transaction error. Could not add user.\n" msgstr "Помилка під час виконання операції. Не вдалося додати користувача.\n" #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 msgid "The GID of the group" msgstr "Ідентифікатор групи" #: src/tools/sss_groupadd.c:75 msgid "Specify group to add\n" msgstr "Вкажіть групу, яку слід додати\n" #: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192 msgid "The selected GID is outside the allowed range\n" msgstr "Вибраний ідентифікатор групи не належить до діапазону дозволених\n" #: src/tools/sss_groupadd.c:141 msgid "Could not allocate ID for the group - domain full?\n" msgstr "Не вдалося отримати ідентифікатор для групи. Домен переповнено?\n" #: src/tools/sss_groupadd.c:145 msgid "A group with the same name or GID already exists\n" msgstr "Вже існує група з такою самою назвою або ідентифікатором\n" #: src/tools/sss_groupadd.c:150 msgid "Transaction error. Could not add group.\n" msgstr "Помилка під час виконання операції Не вдалося додати групу.\n" #: src/tools/sss_groupdel.c:69 msgid "Specify group to delete\n" msgstr "Вкажіть групу, яку слід вилучити\n" #: src/tools/sss_groupdel.c:102 #, c-format msgid "Group %1$s is outside the defined ID range for domain\n" msgstr "Група %1$s не належить визначеному діапазону ідентифікаторів домену\n" #: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219 #: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233 #: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241 #: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255 #, c-format msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n" msgstr "" "Спроба запиту NSS зазнала невдачі (%1$d). Запис може залишитися у кеші у " "пам’яті.\n" #: src/tools/sss_groupdel.c:129 msgid "" "No such group in local domain. Removing groups only allowed in local " "domain.\n" msgstr "" "У локальному домені немає такої групи. Вилучення груп можливе лише у межах " "локального домену.\n" #: src/tools/sss_groupdel.c:134 msgid "Internal error. Could not remove group.\n" msgstr "Внутрішня помилка. Не вдалося вилучити запис групи.\n" #: src/tools/sss_groupmod.c:44 msgid "Groups to add this group to" msgstr "Групи, до яких слід додати цю групу" #: src/tools/sss_groupmod.c:46 msgid "Groups to remove this group from" msgstr "Групи, з яких слід вилучити цю групу" #: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95 msgid "Specify group to remove from\n" msgstr "Вкажіть групу, запис якої слід вилучити\n" #: src/tools/sss_groupmod.c:100 msgid "Specify group to modify\n" msgstr "Вкажіть групу, запис якої слід змінити\n" #: src/tools/sss_groupmod.c:128 msgid "" "Cannot find group in local domain, modifying groups is allowed only in local " "domain\n" msgstr "" "Не вдалося знайти групу у локальному домені. Зміну записів груп можна " "виконувати лише у межах локального домену\n" #: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176 msgid "Member groups must be in the same domain as parent group\n" msgstr "" "Групи-учасники мають належати до того самого домену, що і основна група\n" #: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184 #: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205 #, c-format msgid "" "Cannot find group %1$s in local domain, only groups in local domain are " "allowed\n" msgstr "" "Не вдалося знайти групу %1$s у локальному домені, можна використовувати лише " "групи з локального домену\n" #: src/tools/sss_groupmod.c:250 msgid "Could not modify group - check if member group names are correct\n" msgstr "" "Не вдалося змінити запис групи. Перевірте, чи правильно вказано назви груп-" "учасників\n" #: src/tools/sss_groupmod.c:254 msgid "Could not modify group - check if groupname is correct\n" msgstr "" "Не вдалося змінити запис групи. Перевірте, чи правильно вказано назву групи\n" #: src/tools/sss_groupmod.c:258 msgid "Transaction error. Could not modify group.\n" msgstr "Помилка під час виконання операції Не вдалося змінити групу.\n" #: src/tools/sss_groupshow.c:599 #, c-format msgid "%1$s%2$sGroup: %3$s\n" msgstr "%1$s%2$sГрупа: %3$s\n" #: src/tools/sss_groupshow.c:600 msgid "Magic Private " msgstr "Магічна приватна " #: src/tools/sss_groupshow.c:602 #, c-format msgid "%1$sGID number: %2$d\n" msgstr "%1$sНомер GID: %2$d\n" #: src/tools/sss_groupshow.c:604 #, c-format msgid "%1$sMember users: " msgstr "%1$sКористувачі-учасники: " #: src/tools/sss_groupshow.c:611 #, c-format msgid "" "\n" "%1$sIs a member of: " msgstr "" "\n" "%1$sє учасником: " #: src/tools/sss_groupshow.c:618 #, c-format msgid "" "\n" "%1$sMember groups: " msgstr "" "\n" "%1$sГрупи-учасники: " #: src/tools/sss_groupshow.c:654 msgid "Print indirect group members recursively" msgstr "Виводити дані щодо непрямих учасників групи рекурсивно" #: src/tools/sss_groupshow.c:687 msgid "Specify group to show\n" msgstr "Вкажіть групу, дані якої слід показати\n" #: src/tools/sss_groupshow.c:726 msgid "" "No such group in local domain. Printing groups only allowed in local " "domain.\n" msgstr "" "У локальному домені немає такої групи. Вивід даних груп можливий лише у " "межах локального домену.\n" #: src/tools/sss_groupshow.c:731 msgid "Internal error. Could not print group.\n" msgstr "Внутрішня помилка. Не вдалося вивести дані групи.\n" #: src/tools/sss_userdel.c:136 msgid "Remove home directory and mail spool" msgstr "Вилучити домашній каталог і поштовий буфер" #: src/tools/sss_userdel.c:138 msgid "Do not remove home directory and mail spool" msgstr "Не вилучати домашній каталог і поштовий буфер" #: src/tools/sss_userdel.c:140 msgid "Force removal of files not owned by the user" msgstr "Примусово вилучити файли, які не належать користувачеві" #: src/tools/sss_userdel.c:142 msgid "Kill users' processes before removing him" msgstr "Припинити роботу процесів користувача перед вилученням його запису" #: src/tools/sss_userdel.c:187 msgid "Specify user to delete\n" msgstr "Вкажіть користувача, запис якого слід вилучити\n" #: src/tools/sss_userdel.c:233 #, c-format msgid "User %1$s is outside the defined ID range for domain\n" msgstr "" "Користувач %1$s не належить визначеному діапазону ідентифікаторів домену\n" #: src/tools/sss_userdel.c:258 msgid "Cannot reset SELinux login context\n" msgstr "Не вдалося відновити початковий контекст входу SELinux\n" #: src/tools/sss_userdel.c:270 #, c-format msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" msgstr "" "ПОПЕРЕДЖЕННЯ: користувач (uid %1$lu) все ще працював у системі на час " "вилучення його запису.\n" #: src/tools/sss_userdel.c:275 msgid "Cannot determine if the user was logged in on this platform" msgstr "" "Не вдалося визначити, чи увійшов користувач до системи на цій платформі" #: src/tools/sss_userdel.c:280 msgid "Error while checking if the user was logged in\n" msgstr "Помилка під час перевірки входу користувача до системи\n" #: src/tools/sss_userdel.c:287 #, c-format msgid "The post-delete command failed: %1$s\n" msgstr "Помилка команди, яку слід було виконати після вилучення запису: %1$s\n" #: src/tools/sss_userdel.c:307 msgid "Not removing home dir - not owned by user\n" msgstr "Домашній каталог не буде вилучено. Він не належить користувачеві.\n" #: src/tools/sss_userdel.c:309 #, c-format msgid "Cannot remove homedir: %1$s\n" msgstr "Не вдалося вилучити домашній каталог: %1$s\n" #: src/tools/sss_userdel.c:322 msgid "" "No such user in local domain. Removing users only allowed in local domain.\n" msgstr "" "У локальному домені немає такого користувача. Вилучення користувачів можливе " "лише у межах локального домену.\n" #: src/tools/sss_userdel.c:327 msgid "Internal error. Could not remove user.\n" msgstr "Внутрішня помилка Не вдалося вилучити запис користувача.\n" #: src/tools/sss_usermod.c:49 msgid "The GID of the user" msgstr "Ідентифікатор групи користувача" #: src/tools/sss_usermod.c:53 msgid "Groups to add this user to" msgstr "Групи, до яких слід додати цього користувача" #: src/tools/sss_usermod.c:54 msgid "Groups to remove this user from" msgstr "Групи, з яких слід вилучити цього користувача" #: src/tools/sss_usermod.c:55 msgid "Lock the account" msgstr "Заблокувати обліковий запис" #: src/tools/sss_usermod.c:56 msgid "Unlock the account" msgstr "Розблокувати обліковий запис" #: src/tools/sss_usermod.c:119 msgid "Specify user to modify\n" msgstr "Вкажіть користувача, запис якого слід змінити\n" #: src/tools/sss_usermod.c:146 msgid "" "Cannot find user in local domain, modifying users is allowed only in local " "domain\n" msgstr "" "Не вдалося знайти користувача у локальному домені. Зміну записів " "користувачів можна виконувати лише у межах локального домену\n" #: src/tools/sss_usermod.c:281 msgid "Could not modify user - check if group names are correct\n" msgstr "" "Не вдалося змінити запис користувача. Перевірте, чи правильно вказано назви " "груп\n" #: src/tools/sss_usermod.c:285 msgid "Could not modify user - user already member of groups?\n" msgstr "" "Не вдалося змінити запис користувача. Користувач вже є учасником груп?\n" #: src/tools/sss_usermod.c:289 msgid "Transaction error. Could not modify user.\n" msgstr "" "Помилка під час виконання операції. Не вдалося змінити запис користувача.\n" #: src/tools/sss_cache.c:170 msgid "No cache object matched the specified search\n" msgstr "Вказаному критерію пошуку не відповідає жоден об’єкт у кеші\n" #: src/tools/sss_cache.c:397 #, c-format msgid "Couldn't invalidate %1$s" msgstr "Не вдалося скасувати визначення %1$s" #: src/tools/sss_cache.c:404 #, c-format msgid "Couldn't invalidate %1$s %2$s" msgstr "Не вдалося скасувати визначення %1$s %2$s" #: src/tools/sss_cache.c:542 #, fuzzy msgid "Invalidate all cached entries except for sudo rules" msgstr "Скасувати чинність усіх кешованих записів, окрім правил sudo" #: src/tools/sss_cache.c:544 msgid "Invalidate particular user" msgstr "Скасувати визначення певного користувача" #: src/tools/sss_cache.c:546 msgid "Invalidate all users" msgstr "Скасувати визначення всіх користувачів" #: src/tools/sss_cache.c:548 msgid "Invalidate particular group" msgstr "Скасувати визначення певної групи" #: src/tools/sss_cache.c:550 msgid "Invalidate all groups" msgstr "Скасувати визначення всіх груп" #: src/tools/sss_cache.c:552 msgid "Invalidate particular netgroup" msgstr "Скасувати визначення певної мережевої групи" #: src/tools/sss_cache.c:554 msgid "Invalidate all netgroups" msgstr "Скасувати визначення всіх мережевих груп" #: src/tools/sss_cache.c:556 msgid "Invalidate particular service" msgstr "Скасувати визначення певної служби" #: src/tools/sss_cache.c:558 msgid "Invalidate all services" msgstr "Скасувати визначення всіх служб" #: src/tools/sss_cache.c:561 msgid "Invalidate particular autofs map" msgstr "Скасувати визначення певну карту autofs" #: src/tools/sss_cache.c:563 msgid "Invalidate all autofs maps" msgstr "Скасувати визначення всіх карт autofs" #: src/tools/sss_cache.c:566 msgid "Only invalidate entries from a particular domain" msgstr "Скасувати визначення лише записів з певного домену" #: src/tools/sss_cache.c:611 msgid "Please select at least one object to invalidate\n" msgstr "" "Будь ласка, виберіть принаймні один об’єкт для скасовування відповідності\n" #: src/tools/sss_cache.c:681 #, c-format msgid "" "Could not open domain %1$s. If the domain is a subdomain (trusted domain), " "use fully qualified name instead of --domain/-d parameter.\n" msgstr "" "Не вдалося відкрити домен %1$s. Якщо цей домен є піддоменом (довіреним " "доменом), скористайтеся повною назвою замість параметра --domain/-d.\n" #: src/tools/sss_cache.c:685 msgid "Could not open available domains\n" msgstr "Не вдалося відкрити доступні домени\n" #: src/tools/sss_debuglevel.c:40 msgid "\n" msgstr "\n" #: src/tools/sss_debuglevel.c:96 msgid "Specify debug level you want to set\n" msgstr "Вкажіть рівень діагностики, який ви бажаєте встановити\n" #: src/tools/sss_debuglevel.c:102 msgid "Only one argument expected\n" msgstr "Мало бути вказано лише один аргумент\n" #: src/tools/tools_util.c:200 #, c-format msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n" msgstr "Здається, назва «%1$s» не є FQDN (встановлено «%2$s = TRUE»)\n" #: src/tools/tools_util.c:303 msgid "Out of memory\n" msgstr "Не вистачає пам'яті\n" #: src/tools/tools_util.h:43 #, c-format msgid "%1$s must be run as root\n" msgstr "%1$s слід запускати від імені користувача root\n" #: src/util/util.h:102 msgid "Send the debug output to files instead of stderr" msgstr "Надіслати діагностичні дані до файлів, а не до stderr" ���������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/Makevars������������������������������������������������������������0000644�0000000�0000000�00000000074�12320753107�015665� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 atime=1396954961.146875326 30 ctime=1396954962.526874307 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/Makevars�����������������������������������������������������������������������������0000664�0024127�0024127�00000003477�12320753107�016122� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Makefile variables for PO directory in any package using GNU gettext. # Usually the message domain is the same as the package name. DOMAIN = $(PACKAGE) # These two variables depend on the location of this directory. subdir = po top_builddir = .. # These options get passed to xgettext. XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ --keyword=ERROR --keyword=PRINT # This is the copyright holder that gets inserted into the header of the # $(DOMAIN).pot file. Set this to the copyright holder of the surrounding # package. (Note that the msgstr strings, extracted from the package's # sources, belong to the copyright holder of the package.) Translators are # expected to transfer the copyright for their translations to this person # or entity, or to disclaim their copyright. The empty string stands for # the public domain; in this case the translators are expected to disclaim # their copyright. COPYRIGHT_HOLDER = Red Hat, Inc. # This is the email address or URL to which the translators shall report # bugs in the untranslated strings: # - Strings which are not entire sentences, see the maintainer guidelines # in the GNU gettext documentation, section 'Preparing Strings'. # - Strings which use unclear terms or require additional context to be # understood. # - Strings which make invalid assumptions about notation of date, time or # money. # - Pluralisation problems. # - Incorrect English spelling. # - Incorrect formatting. # It can be your email address, or a mailing list address where translators # can write to without being subscribed, or the URL of a web page through # which the translators can contact you. MSGID_BUGS_ADDRESS = sssd-devel@lists.fedorahosted.org # This is the list of locale categories, beyond LC_MESSAGES, for which the # message catalogs shall be used. It is usually empty. EXTRA_LOCALE_CATEGORIES = �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/PaxHeaders.13173/nb.gmo��������������������������������������������������������������0000644�0000000�0000000�00000000132�12320753522�015270� x����������������������������������������������������������������������������������������������������ustar�00����������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������30 mtime=1396954962.402874398 30 atime=1396954962.402874398 30 ctime=1396954962.556874284 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������sssd-1.11.5/po/nb.gmo�������������������������������������������������������������������������������0000664�0024127�0024127�00000002740�12320753522�015522� 0����������������������������������������������������������������������������������������������������ustar�00jhrozek�������������������������jhrozek�������������������������0000000�0000000����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������x�����y����������������� ����������������������������+�����;�����K�����d�����z��'������������w����������������� ����������������������������:�����M�����^�����s�������.�������� ���������������� ���������� ���������������� ������������� �������������������Access control provider�Authentication provider�Authentication timeout�IPA client hostname�IPA domain�IPA server address�Identity provider�Kerberos realm�Kerberos server address�Maximum user ID�Minimum user ID�Password change provider�SSSD Domains to start�SSSD Services to start�Timeout for messages sent over the SBUS�Project-Id-Version: SSSD Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org POT-Creation-Date: 2014-04-08 12:56+0200 PO-Revision-Date: 2013-11-20 12:56+0000 Last-Translator: jhrozek <jhrozek@redhat.com> Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/fedora/language/nb/) Language: nb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); �Tilgangskontrolltilbyder�Autentiseringstilbyder�Tidsavbrudd for autentisering�Vertsnavn for IPA-klient�IPA-domene�IPA-tjeneradresse�Identitetstilbyder�Kerberos-område�Tjeneradresse for Kerberos�Største bruker-ID�Minste bruker-ID�Passordbyttetilbyder�SSSD-domener som skal startes�SSSD-tjenester som skal startes�Tidsavbrudd for meldinger som sendes over SBUS���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������